skimpyclaw 0.1.9 → 0.3.0

package/dist/__tests__/sandbox-mount-security.test.js

@@ -0,0 +1,131 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+vi.mock('fs', async () => {
+    const actual = await vi.importActual('fs');
+    return {
+        ...actual,
+        existsSync: vi.fn(),
+        realpathSync: vi.fn(),
+    };
+});
+import { existsSync, realpathSync } from 'fs';
+import { isBlockedPath, validateMountPaths, translatePath } from '../sandbox/mount-security.js';
+const mockExistsSync = existsSync;
+const mockRealpathSync = realpathSync;
+describe('sandbox/mount-security', () => {
+    beforeEach(() => {
+        vi.clearAllMocks();
+    });
+    describe('isBlockedPath', () => {
+        it('blocks .ssh', () => {
+            expect(isBlockedPath('/home/user/.ssh')).toBe(true);
+            expect(isBlockedPath('/home/user/.ssh/id_rsa')).toBe(true);
+        });
+        it('blocks .gnupg', () => {
+            expect(isBlockedPath('/home/user/.gnupg')).toBe(true);
+        });
+        it('blocks .aws', () => {
+            expect(isBlockedPath('/home/user/.aws')).toBe(true);
+        });
+        it('blocks credentials', () => {
+            expect(isBlockedPath('/some/path/credentials')).toBe(true);
+        });
+        it('blocks .env', () => {
+            expect(isBlockedPath('/project/.env')).toBe(true);
+        });
+        it('blocks .kube', () => {
+            expect(isBlockedPath('/home/user/.kube/config')).toBe(true);
+        });
+        it('blocks .docker/config.json compound pattern', () => {
+            expect(isBlockedPath('/home/user/.docker/config.json')).toBe(true);
+        });
+        it('allows normal paths', () => {
+            expect(isBlockedPath('/home/user/project')).toBe(false);
+            expect(isBlockedPath('/workspace/src/index.ts')).toBe(false);
+            expect(isBlockedPath('/tmp/test')).toBe(false);
+        });
+    });
+    describe('validateMountPaths', () => {
+        beforeEach(() => {
+            mockExistsSync.mockReturnValue(true);
+            mockRealpathSync.mockImplementation((p) => p);
+        });
+        it('maps to /workspace/<basename>', () => {
+            const mounts = validateMountPaths(['/home/user/myproject']);
+            const projectMount = mounts.find((m) => m.host === '/home/user/myproject');
+            expect(projectMount).toBeDefined();
+            expect(projectMount.container).toBe('/workspace/myproject');
+            expect(projectMount.readOnly).toBe(false);
+        });
+        it('deduplicates basenames with suffix', () => {
+            const mounts = validateMountPaths(['/a/project', '/b/project']);
+            const containers = mounts.filter((m) => m.host.endsWith('/project')).map((m) => m.container);
+            expect(containers).toContain('/workspace/project');
+            expect(containers).toContain('/workspace/project_1');
+        });
+        it('adds ~/.skimpyclaw at /workspace/config', () => {
+            const mounts = validateMountPaths(['/home/user/project']);
+            const configMount = mounts.find((m) => m.container === '/workspace/config');
+            expect(configMount).toBeDefined();
+        });
+        it('throws on blocked paths', () => {
+            expect(() => validateMountPaths(['/home/user/.ssh'])).toThrow('Blocked path');
+        });
+        it('skips missing paths', () => {
+            mockExistsSync.mockImplementation((p) => {
+                // Only ~/.skimpyclaw exists for the auto-add
+                return typeof p === 'string' && p.includes('.skimpyclaw');
+            });
+            const mounts = validateMountPaths(['/nonexistent/path']);
+            // Should only have the auto-added config mount
+            const nonConfig = mounts.filter((m) => m.container !== '/workspace/config');
+            expect(nonConfig).toHaveLength(0);
+        });
+        it('does not duplicate ~/.skimpyclaw if already in list', () => {
+            // Simulate ~/.skimpyclaw being passed explicitly
+            const home = process.env.HOME || '/Users/katre';
+            const skDir = `${home}/.skimpyclaw`;
+            mockRealpathSync.mockImplementation((p) => p);
+            // .skimpyclaw is NOT blocked, so it should be mounted
+            // But it should not appear twice
+            const mounts = validateMountPaths([skDir]);
+            const configMounts = mounts.filter((m) => m.host === skDir);
+            expect(configMounts).toHaveLength(1);
+        });
+    });
+    describe('translatePath', () => {
+        const mounts = [
+            { host: '/Users/katre/Sites/skimpyclaw', container: '/workspace/skimpyclaw', readOnly: false },
+            { host: '/Users/katre/.skimpyclaw', container: '/workspace/config', readOnly: false },
+        ];
+        it('translates host path to container path', () => {
+            expect(translatePath('/Users/katre/Sites/skimpyclaw/src/index.ts', mounts))
+                .toBe('/workspace/skimpyclaw/src/index.ts');
+        });
+        it('translates exact mount root', () => {
+            expect(translatePath('/Users/katre/Sites/skimpyclaw', mounts))
+                .toBe('/workspace/skimpyclaw');
+        });
+        it('translates config path', () => {
+            expect(translatePath('/Users/katre/.skimpyclaw/config.json', mounts))
+                .toBe('/workspace/config/config.json');
+        });
+        it('translates /Users path to /System/Volumes/Data mount on macOS', () => {
+            const macMounts = [
+                { host: '/System/Volumes/Data/Users/katre/.skimpyclaw', container: '/workspace/config', readOnly: false },
+            ];
+            expect(translatePath('/Users/katre/.skimpyclaw/state/japan-flight-watch.json', macMounts))
+                .toBe('/workspace/config/state/japan-flight-watch.json');
+        });
+        it('returns original path if no mount matches', () => {
+            expect(translatePath('/tmp/random/file', mounts)).toBe('/tmp/random/file');
+        });
+        it('matches most specific mount first', () => {
+            const nestedMounts = [
+                { host: '/Users/katre', container: '/workspace/home', readOnly: false },
+                { host: '/Users/katre/Sites/skimpyclaw', container: '/workspace/skimpyclaw', readOnly: false },
+            ];
+            expect(translatePath('/Users/katre/Sites/skimpyclaw/src/file.ts', nestedMounts))
+                .toBe('/workspace/skimpyclaw/src/file.ts');
+        });
+    });
+});

package/dist/__tests__/sandbox-runtime.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/__tests__/sandbox-runtime.test.js

@@ -0,0 +1,176 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+const { mockSpawn, mockSpawnSync } = vi.hoisted(() => ({
+    mockSpawn: vi.fn(),
+    mockSpawnSync: vi.fn().mockReturnValue({ status: 0, stdout: '', stderr: '' }),
+}));
+vi.mock('child_process', () => ({ spawn: mockSpawn, spawnSync: mockSpawnSync }));
+import { createContainer, execInContainer, removeContainer, isContainerRunning, cleanupOrphans, setRuntime, resetRuntime, probeRuntime, } from '../sandbox/runtime.js';
+function fakeChild(exitCode, stdout = '', stderr = '', opts) {
+    const stdoutCallbacks = [];
+    const stderrCallbacks = [];
+    const eventCallbacks = {};
+    const child = {
+        stdout: { on: (_e, cb) => stdoutCallbacks.push(cb) },
+        stderr: { on: (_e, cb) => stderrCallbacks.push(cb) },
+        stdin: opts?.stdinNeeded ? { write: vi.fn(), end: vi.fn() } : null,
+        on(event, cb) {
+            if (!eventCallbacks[event])
+                eventCallbacks[event] = [];
+            eventCallbacks[event].push(cb);
+            return child;
+        },
+    };
+    // Emit data and close on next tick (setTimeout ensures listeners are attached first)
+    setTimeout(() => {
+        if (stdout)
+            for (const cb of stdoutCallbacks)
+                cb(Buffer.from(stdout));
+        if (stderr)
+            for (const cb of stderrCallbacks)
+                cb(Buffer.from(stderr));
+        for (const cb of eventCallbacks['close'] ?? [])
+            cb(exitCode);
+    }, 0);
+    return child;
+}
+describe('sandbox/runtime', () => {
+    beforeEach(() => {
+        vi.clearAllMocks();
+        resetRuntime();
+        setRuntime('container'); // skip auto-detection in tests
+    });
+    describe('createContainer', () => {
+        it('builds correct docker args', async () => {
+            mockSpawn.mockReturnValue(fakeChild(0));
+            await createContainer('test-ctr', {
+                image: 'myimg',
+                cpus: 2,
+                memory: '1G',
+                network: 'none',
+                user: '501:20',
+                mounts: [{ host: '/a', container: '/b', readOnly: true }],
+            });
+            const args = mockSpawn.mock.calls[0][1];
+            expect(args).toContain('--name');
+            expect(args).toContain('test-ctr');
+            expect(args).toContain('--cpus');
+            expect(args).toContain('2');
+            expect(args).toContain('--memory');
+            expect(args).toContain('1G');
+            expect(args).toContain('--network');
+            expect(args).toContain('none');
+            expect(args).toContain('--user');
+            expect(args).toContain('501:20');
+            expect(args.some((a) => a.includes('type=bind,src=/a,dst=/b,ro'))).toBe(true);
+            expect(args).toContain('myimg');
+        });
+        it('throws on non-zero exit', async () => {
+            mockSpawn.mockReturnValue(fakeChild(1, '', 'boom'));
+            await expect(createContainer('c1', { image: 'img' })).rejects.toThrow('Failed to create container');
+        });
+    });
+    describe('execInContainer', () => {
+        it('builds sh -c command', async () => {
+            mockSpawn.mockReturnValue(fakeChild(0, 'hello'));
+            const result = await execInContainer('ctr', ['echo hello']);
+            expect(result.stdout).toBe('hello');
+            const args = mockSpawn.mock.calls[0][1];
+            expect(args).toContain('sh');
+            expect(args).toContain('-c');
+        });
+        it('handles stdin', async () => {
+            mockSpawn.mockReturnValue(fakeChild(0, '', '', { stdinNeeded: true }));
+            await execInContainer('ctr', ['cat'], { stdin: 'data' });
+            const args = mockSpawn.mock.calls[0][1];
+            expect(args).toContain('-i');
+        });
+        it('handles env vars', async () => {
+            mockSpawn.mockReturnValue(fakeChild(0));
+            await execInContainer('ctr', ['cmd'], { env: { FOO: 'bar' } });
+            const args = mockSpawn.mock.calls[0][1];
+            expect(args).toContain('-e');
+            expect(args).toContain('FOO=bar');
+        });
+    });
+    describe('removeContainer', () => {
+        it('calls stop then rm', async () => {
+            mockSpawn.mockImplementation((_cmd, args) => {
+                return fakeChild(0);
+            });
+            await removeContainer('ctr');
+            expect(mockSpawn).toHaveBeenCalledTimes(2);
+            expect(mockSpawn.mock.calls[0][1]).toContain('stop');
+            expect(mockSpawn.mock.calls[1][1]).toContain('rm');
+        }, 10_000);
+        it('does not throw on failure', async () => {
+            mockSpawn.mockImplementation(() => fakeChild(1, '', 'fail'));
+            await expect(removeContainer('ctr')).resolves.toBeUndefined();
+        }, 10_000);
+    });
+    describe('isContainerRunning', () => {
+        it('returns true when inspect shows running state', async () => {
+            mockSpawn.mockReturnValue(fakeChild(0, '{"State": {"Status": "running"}}'));
+            expect(await isContainerRunning('ctr')).toBe(true);
+        });
+        it('returns false otherwise', async () => {
+            mockSpawn.mockReturnValue(fakeChild(1));
+            expect(await isContainerRunning('ctr')).toBe(false);
+        });
+    });
+    describe('probeRuntime', () => {
+        it('returns preferred runtime when available', () => {
+            mockSpawnSync.mockReturnValue({ status: 0 });
+            expect(probeRuntime('docker')).toBe('docker');
+            expect(mockSpawnSync).toHaveBeenCalledWith('docker', ['--version'], { stdio: 'ignore' });
+        });
+        it('falls back to auto-detect when preferred is unavailable', () => {
+            mockSpawnSync.mockImplementation((cmd) => {
+                // preferred 'docker' fails, but 'container' succeeds
+                if (cmd === 'docker')
+                    return { status: 1 };
+                if (cmd === 'container')
+                    return { status: 0 };
+                return { status: 1 };
+            });
+            expect(probeRuntime('docker')).toBe('container');
+        });
+        it('returns null when no runtime is available', () => {
+            mockSpawnSync.mockReturnValue({ status: 1 });
+            expect(probeRuntime('docker')).toBeNull();
+        });
+        it('auto-detects without preferred runtime', () => {
+            mockSpawnSync.mockImplementation((cmd) => {
+                if (cmd === 'container')
+                    return { status: 0 };
+                return { status: 1 };
+            });
+            expect(probeRuntime()).toBe('container');
+        });
+        it('prefers container over docker in auto-detect', () => {
+            mockSpawnSync.mockReturnValue({ status: 0 });
+            expect(probeRuntime()).toBe('container');
+            // First call should be to 'container'
+            expect(mockSpawnSync.mock.calls[0][0]).toBe('container');
+        });
+    });
+    describe('cleanupOrphans', () => {
+        it('lists containers, filters by prefix, removes matches', async () => {
+            let callCount = 0;
+            mockSpawn.mockImplementation(() => {
+                callCount++;
+                if (callCount === 1) {
+                    // ps call
+                    return fakeChild(0, 'skimpyclaw-sbx-abc\nother-ctr\nskimpyclaw-sbx-def\n');
+                }
+                // stop/rm calls
+                return fakeChild(0);
+            });
+            const count = await cleanupOrphans();
+            expect(count).toBe(2);
+        });
+        it('returns 0 on ps failure', async () => {
+            mockSpawn.mockImplementation(() => fakeChild(1));
+            expect(await cleanupOrphans()).toBe(0);
+        });
+    });
+});

package/dist/__tests__/setup.test.js

@@ -79,7 +79,7 @@ describe('setup config generation', () => {
             agentName: 'Claw',
             selectedProviders: new Set(['anthropic-api']),
             providerSecrets: { anthropicKey: 'sk-ant-test' },
-            features: { browser: false, voice: false, mcp: false },
+            features: { browser: false, voice: false, mcp: false, sandbox: false },
         });
         expect(config.heartbeat.tools.browser.enabled).toBe(false);
         expect(config.voice).toBeUndefined();
@@ -92,7 +92,7 @@ describe('setup config generation', () => {
             agentName: 'Claw',
             selectedProviders: new Set(['anthropic-api']),
             providerSecrets: { anthropicKey: 'sk-ant-test' },
-            features: { browser: true, voice: true, mcp: false },
+            features: { browser: true, voice: true, mcp: false, sandbox: false },
         });
         expect(config.heartbeat.tools.browser.enabled).toBe(true);
         expect(config.voice).toBeDefined();
@@ -115,4 +115,30 @@ describe('setup config generation', () => {
         // parseInt('not-a-number') is NaN, so || falls through to string
         expect(config.channels.telegram.allowFrom).toEqual(['not-a-number']);
     });
+    it('includes starter cron jobs and skills when requested', () => {
+        const config = buildSetupConfig({
+            workspaceDir: '/tmp/workspace',
+            telegramId: '12345',
+            telegramToken: 'tg-token',
+            agentName: 'Claw',
+            selectedProviders: new Set(['anthropic-api']),
+            providerSecrets: { anthropicKey: 'sk-ant-test' },
+            starters: {
+                cronTechNews: true,
+                cronWeather: true,
+                timezone: 'America/New_York',
+                weatherLocation: 'Austin, TX',
+                skillCodeReview: true,
+                skillDailyNotes: true,
+            },
+        });
+        expect(config.cron.jobs).toHaveLength(2);
+        expect(config.cron.jobs[0].id).toBe('tech-digest');
+        expect(config.cron.jobs[1].id).toBe('weather');
+        expect(config.cron.jobs[1].schedule.tz).toBe('America/New_York');
+        expect(config.cron.jobs[1].payload.message).toContain('Austin, TX');
+        expect(config.skills.enabled).toBe(true);
+        expect(config.skills.entries['code-review']).toBe(true);
+        expect(config.skills.entries['daily-notes']).toBe(true);
+    });
 });

package/dist/__tests__/skills.test.js

@@ -313,21 +313,12 @@ describe('formatSkillsPrompt', () => {
         expect(result).toContain('### a');
         expect(result).toContain('### b');
     });
-    it('respects token budget', () => {
-        // With maxTokens=10 (40 chars), only header + maybe first tiny skill fits
-        const result = formatSkillsPrompt([
-            makeSkill('big', 'x'.repeat(200)),
-        ], 10);
-        // The header alone is ~18 chars, the skill section would be ~210 chars
-        // Total exceeds 40 chars budget, so skill gets skipped
-        expect(result).toBe('');
-    });
-    it('includes skills that fit within budget', () => {
+    it('does not skip skills based on prompt budget argument', () => {
         const result = formatSkillsPrompt([
             makeSkill('small', 'tiny'),
             makeSkill('big', 'x'.repeat(50000)),
         ], 100);
         expect(result).toContain('### small');
-        expect(result).not.toContain('### big');
+        expect(result).toContain('### big');
     });
 });

package/dist/__tests__/tools.test.js

@@ -180,9 +180,14 @@ describe('bash', () => {
         expect(result).toContain('Error: Working directory not in allowed paths');
     });
     it('returns stderr on failure', async () => {
-        const result = await executeTool('Bash', { command: 'cat /nonexistent_file_xyz' }, toolConfig);
+        const nonexistent = join(TEST_DIR, 'nonexistent_file_xyz');
+        const result = await executeTool('Bash', { command: `cat "${nonexistent}"` }, toolConfig);
         expect(result).toContain('No such file');
     });
+    it('blocks commands referencing paths outside allowed dirs', async () => {
+        const result = await executeTool('Bash', { command: 'cat /etc/passwd' }, toolConfig);
+        expect(result).toContain('Error: Command references paths outside allowed directories');
+    });
     it('handles unknown tools', async () => {
         const result = await executeTool('delete_everything', {}, toolConfig);
         expect(result).toContain('Error: Unknown tool');

package/dist/agent.js

@@ -153,6 +153,9 @@ export async function runAgentTurn(agentId, userMessage, config, modelOverride,
         channelTargetId,
         approverUserId: context?.userId,
         approverUsername: context?.metadata?.username,
+        sandboxConfig: config.sandbox,
+        sessionId: context?.sessionId || String(chatIdNum ?? 'default'),
+        isCronJob: context?.metadata?.isCronJob === true,
     };
     const runTurn = async () => {
         if (toolConfig?.enabled) {

package/dist/api.js

@@ -1,5 +1,6 @@
 // Dashboard API endpoints
 import { readFileSync, writeFileSync, existsSync, readdirSync, statSync, mkdirSync, rmSync } from 'fs';
+import { timingSafeEqual } from 'crypto';
 import { join, basename, resolve } from 'path';
 import { homedir } from 'os';
 import { loadConfig, loadRawConfig, saveConfig, getSessionsDir, getLogsDir, getAgentDir, listMemoryFiles, readMemoryFile, } from './config.js';
@@ -102,7 +103,10 @@ export function registerDashboardAPI(fastify, config) {
             return reply.code(401).send({ error: 'Unauthorized: Bearer token required' });
         }
         const providedToken = authHeader.slice(7);
-        if (providedToken !== token) {
+        // Timing-safe comparison to prevent token extraction via timing attacks
+        const tokenBuf = Buffer.from(token, 'utf8');
+        const providedBuf = Buffer.from(providedToken, 'utf8');
+        if (tokenBuf.length !== providedBuf.length || !timingSafeEqual(tokenBuf, providedBuf)) {
             return reply.code(401).send({ error: 'Unauthorized: Invalid token' });
         }
     });

package/dist/channels/telegram/utils.js

@@ -114,8 +114,8 @@ export function getDefaultTelegramToolConfig(cfg) {
     }
     return {
         enabled: true,
-        allowedPaths: [join(homedir(), '.skimpyclaw'), process.cwd()],
-        maxIterations: 100,
+        allowedPaths: [join(homedir(), '.skimpyclaw')],
+        maxIterations: 30,
         bashTimeout: 15000,
     };
 }