svamp-cli 0.1.29 → 0.1.30

package/dist/{run-DZmxHj-e.mjs → run-CtCTd6if.mjs}

@@ -10,12 +10,12 @@ import { existsSync, readFileSync, mkdirSync, appendFileSync, writeFileSync } fr
 import { join } from 'node:path';
 import { spawn, execSync, execFile } from 'node:child_process';
 import { ndJsonStream, ClientSideConnection } from '@agentclientprotocol/sdk';
+import { homedir, tmpdir } from 'node:os';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
 import { ElicitRequestSchema } from '@modelcontextprotocol/sdk/types.js';
 import { z } from 'zod';
 import { mkdir, access, mkdtemp, rm, writeFile } from 'node:fs/promises';
-import { homedir } from 'node:os';
 import { promisify } from 'node:util';
 
 let connectToServerFn = null;
@@ -153,6 +153,12 @@ async function registerMachineService(server, machineId, metadata, daemonState,
       // Spawn a new session
       spawnSession: async (options, context) => {
         authorizeRequest(context, currentMetadata.sharing, "interact");
+        if (options.sharing?.enabled && !options.sharing.owner && context?.user?.email) {
+          options = {
+            ...options,
+            sharing: { ...options.sharing, owner: context.user.email }
+          };
+        }
         const result = await handlers.spawnSession({
           ...options,
           machineId
@@ -419,6 +425,8 @@ async function registerSessionService(server, sessionId, initialMetadata, initia
         data.uuid = randomUUID();
       }
       wrappedContent = { role: "agent", content: { type: "output", data } };
+    } else if (role === "event") {
+      wrappedContent = { role: "agent", content: { type: "event", data: content } };
     } else if (role === "session") {
       wrappedContent = { role: "session", content: { type: "session", data: content } };
     } else {
@@ -661,6 +669,9 @@ async function registerSessionService(server, sessionId, initialMetadata, initia
         if (metadata.sharing && context?.user?.email && context.user.email !== metadata.sharing.owner) {
           throw new Error("Only the session owner can update sharing settings");
         }
+        if (newSharing.enabled && !newSharing.owner && context?.user?.email) {
+          newSharing = { ...newSharing, owner: context.user.email };
+        }
         metadata = { ...metadata, sharing: newSharing };
         metadataVersion++;
         notifyListeners({
@@ -1188,6 +1199,106 @@ var DefaultTransport$1 = /*#__PURE__*/Object.freeze({
     DefaultTransport: DefaultTransport
 });
 
+const SVAMP_TOOLS_DIR$1 = join(homedir(), ".svamp", "tools");
+const SVAMP_TOOLS_BIN$1 = join(SVAMP_TOOLS_DIR$1, "node_modules", ".bin");
+const SVAMP_TOOLS_RG_BIN$1 = join(SVAMP_TOOLS_DIR$1, "node_modules", "@vscode", "ripgrep", "bin");
+function wrapWithIsolation(originalCommand, originalArgs, config) {
+  switch (config.method) {
+    case "srt":
+      return wrapWithSrt(originalCommand, originalArgs, config);
+    case "bwrap":
+      return wrapWithBwrap(originalCommand, originalArgs, config);
+    case "docker":
+      return wrapWithContainer("docker", originalCommand, originalArgs, config);
+    case "podman":
+      return wrapWithContainer("podman", originalCommand, originalArgs, config);
+  }
+}
+function wrapWithSrt(command, args, config) {
+  const settings = {
+    filesystem: {
+      denyRead: config.srtConfig?.filesystem?.denyRead ?? [],
+      allowWrite: config.srtConfig?.filesystem?.allowWrite ?? [config.workspacePath],
+      denyWrite: config.srtConfig?.filesystem?.denyWrite ?? []
+    },
+    network: {
+      allowedDomains: config.srtConfig?.network?.allowedDomains ?? [],
+      deniedDomains: config.srtConfig?.network?.deniedDomains ?? []
+    }
+  };
+  const settingsPath = join(tmpdir(), `srt-settings-${process.pid}-${Date.now()}.json`);
+  writeFileSync(settingsPath, JSON.stringify(settings));
+  const pathParts = [SVAMP_TOOLS_BIN$1, SVAMP_TOOLS_RG_BIN$1];
+  if (process.env.PATH) pathParts.push(process.env.PATH);
+  return {
+    command: config.binaryPath,
+    args: ["--settings", settingsPath, command, ...args],
+    env: { PATH: pathParts.join(":") },
+    cleanupFiles: [settingsPath]
+  };
+}
+function wrapWithBwrap(command, args, config) {
+  const bwrapArgs = [
+    // Mount root filesystem read-only
+    "--ro-bind",
+    "/",
+    "/",
+    // Mount workspace read-write
+    "--bind",
+    config.workspacePath,
+    config.workspacePath,
+    // Mount /tmp read-write (many tools need it)
+    "--bind",
+    "/tmp",
+    "/tmp",
+    // Mount /dev read-write
+    "--dev",
+    "/dev",
+    // Mount /proc
+    "--proc",
+    "/proc",
+    // Unshare network — no network access inside sandbox
+    "--unshare-net",
+    // Unshare PID namespace
+    "--unshare-pid",
+    // Die when parent dies
+    "--die-with-parent",
+    // The actual command
+    "--",
+    command,
+    ...args
+  ];
+  return {
+    command: config.binaryPath,
+    args: bwrapArgs
+  };
+}
+function wrapWithContainer(runtime, command, args, config) {
+  const image = config.containerConfig?.image || "node:lts-slim";
+  const networkMode = config.containerConfig?.networkMode || "none";
+  const containerArgs = [
+    "run",
+    "--rm",
+    "-i",
+    // interactive (for stdin/stdout piping)
+    `--network=${networkMode}`,
+    "-v",
+    `${config.workspacePath}:${config.workspacePath}`,
+    "-w",
+    config.workspacePath
+  ];
+  if (config.containerConfig?.extraMounts) {
+    for (const mount of config.containerConfig.extraMounts) {
+      containerArgs.push("-v", mount);
+    }
+  }
+  containerArgs.push(image, command, ...args);
+  return {
+    command: config.binaryPath,
+    args: containerArgs
+  };
+}
+
 const DEFAULT_IDLE_TIMEOUT_MS = 500;
 const DEFAULT_TOOL_CALL_TIMEOUT_MS = 12e4;
 function parseArgsFromContent(content) {
@@ -1506,21 +1617,41 @@ class AcpBackend {
     let startupStatusErrorEmitted = false;
     try {
       const args = this.options.args || [];
+      let spawnCommand = this.options.command;
+      let spawnArgs = args;
+      let isoEnv = {};
+      let isoCleanupFiles = [];
+      if (this.options.isolationConfig) {
+        const wrapped = wrapWithIsolation(spawnCommand, spawnArgs, this.options.isolationConfig);
+        spawnCommand = wrapped.command;
+        spawnArgs = wrapped.args;
+        if (wrapped.env) isoEnv = wrapped.env;
+        if (wrapped.cleanupFiles) isoCleanupFiles = wrapped.cleanupFiles;
+        this.log(`[ACP] Isolation: ${this.options.isolationConfig.method}`);
+      }
+      const spawnEnv = { ...process.env, ...this.options.env, ...isoEnv };
       if (process.platform === "win32") {
-        const fullCommand = [this.options.command, ...args].join(" ");
+        const fullCommand = [spawnCommand, ...spawnArgs].join(" ");
         this.process = spawn("cmd.exe", ["/c", fullCommand], {
           cwd: this.options.cwd,
-          env: { ...process.env, ...this.options.env },
+          env: spawnEnv,
           stdio: ["pipe", "pipe", "pipe"],
           windowsHide: true
         });
       } else {
-        this.process = spawn(this.options.command, args, {
+        this.process = spawn(spawnCommand, spawnArgs, {
           cwd: this.options.cwd,
-          env: { ...process.env, ...this.options.env },
+          env: spawnEnv,
           stdio: ["pipe", "pipe", "pipe"]
         });
       }
+      if (isoCleanupFiles.length > 0) {
+        this.process.on("exit", async () => {
+          const { rm } = await import('node:fs/promises');
+          for (const f of isoCleanupFiles) rm(f, { force: true }).catch(() => {
+          });
+        });
+      }
       if (!this.process.stdin || !this.process.stdout || !this.process.stderr) {
         throw new Error("Failed to create stdio pipes");
       }
@@ -2133,15 +2264,15 @@ function bridgeAcpToSession(backend, sessionService, getMetadata, setMetadata, l
           setMetadata((m) => ({ ...m, lifecycleState: "running" }));
         } else if (msg.status === "error") {
           flushText();
-          sessionService.pushMessage({
-            type: "assistant",
-            content: [{ type: "text", text: `Error: ${msg.detail || "Unknown error"}` }]
-          }, "agent");
-          sessionService.sendKeepAlive(false);
+          sessionService.pushMessage(
+            { type: "message", message: `Agent process exited unexpectedly: ${msg.detail || "Unknown error"}` },
+            "event"
+          );
+          sessionService.sendSessionEnd();
           setMetadata((m) => ({ ...m, lifecycleState: "error" }));
         } else if (msg.status === "stopped") {
           flushText();
-          sessionService.sendKeepAlive(false);
+          sessionService.sendSessionEnd();
           setMetadata((m) => ({ ...m, lifecycleState: "stopped" }));
         }
         break;
@@ -2296,6 +2427,8 @@ class CodexMcpBackend {
   connected = false;
   // Pending elicitation approvals
   pendingApprovals = /* @__PURE__ */ new Map();
+  // Temp files from isolation wrapping (cleaned up on disconnect)
+  _isolationCleanupFiles = [];
   constructor(options) {
     this.options = options;
     this.log = options.log || (() => {
@@ -2438,9 +2571,21 @@ class CodexMcpBackend {
     } else if (!existingRustLog.includes("codex_core::rollout::list=")) {
       env.RUST_LOG = `${existingRustLog},${rolloutFilter}`;
     }
+    let transportCommand = "codex";
+    let transportArgs = [mcpCommand];
+    if (this.options.isolationConfig) {
+      const wrapped = wrapWithIsolation(transportCommand, transportArgs, this.options.isolationConfig);
+      transportCommand = wrapped.command;
+      transportArgs = wrapped.args;
+      if (wrapped.env) Object.assign(env, wrapped.env);
+      if (wrapped.cleanupFiles) {
+        this._isolationCleanupFiles = wrapped.cleanupFiles;
+      }
+      this.log(`[Codex] Isolation: ${this.options.isolationConfig.method}`);
+    }
     this.transport = new StdioClientTransport({
-      command: "codex",
-      args: [mcpCommand],
+      command: transportCommand,
+      args: transportArgs,
       env
     });
     this.registerPermissionHandlers();
@@ -2477,6 +2622,12 @@ class CodexMcpBackend {
     }
     this.transport = null;
     this.connected = false;
+    if (this._isolationCleanupFiles.length > 0) {
+      const { rm } = await import('node:fs/promises');
+      for (const f of this._isolationCleanupFiles) rm(f, { force: true }).catch(() => {
+      });
+      this._isolationCleanupFiles = [];
+    }
   }
   // ── Permission handling ────────────────────────────────────────────
   registerPermissionHandlers() {
@@ -3536,8 +3687,19 @@ async function startDaemon() {
               proc.kill(signal);
             }
           });
+        }, buildIsolationConfig2 = function(dir) {
+          if (!sessionMetadata.sharing?.enabled) return null;
+          const method = isolationCapabilities.preferred;
+          if (!method) return null;
+          const detail = isolationCapabilities.details[method];
+          if (!detail.found || detail.verified === false) return null;
+          return {
+            method,
+            binaryPath: detail.path || method,
+            workspacePath: dir
+          };
         };
-        var parseBashPermission = parseBashPermission2, shouldAutoAllow = shouldAutoAllow2, killAndWaitForExit = killAndWaitForExit2;
+        var parseBashPermission = parseBashPermission2, shouldAutoAllow = shouldAutoAllow2, killAndWaitForExit = killAndWaitForExit2, buildIsolationConfig = buildIsolationConfig2;
         let sessionMetadata = {
           path: directory,
           host: os.hostname(),
@@ -3590,6 +3752,7 @@ async function startDaemon() {
           "auto-approve-all": "bypassPermissions"
         };
         const toClaudePermissionMode = (mode) => CLAUDE_PERMISSION_MODE_MAP[mode] || mode;
+        let isolationCleanupFiles = [];
         const spawnClaude = (initialMessage, meta) => {
           const rawPermissionMode = meta?.permissionMode || agentConfig.default_permission_mode || currentPermissionMode;
           const permissionMode = toClaudePermissionMode(rawPermissionMode);
@@ -3610,10 +3773,26 @@ async function startDaemon() {
           if (model) args.push("--model", model);
           if (appendSystemPrompt) args.push("--append-system-prompt", appendSystemPrompt);
           if (claudeResumeId) args.push("--resume", claudeResumeId);
-          logger.log(`[Session ${sessionId}] Spawning Claude: claude ${args.join(" ")} (cwd: ${directory})`);
-          const spawnEnv = { ...process.env };
+          let spawnCommand = "claude";
+          let spawnArgs = args;
+          let extraEnv = {};
+          isolationCleanupFiles = [];
+          const isoConfig = buildIsolationConfig2(directory);
+          if (isoConfig) {
+            const wrapped = wrapWithIsolation(spawnCommand, spawnArgs, isoConfig);
+            spawnCommand = wrapped.command;
+            spawnArgs = wrapped.args;
+            if (wrapped.env) extraEnv = wrapped.env;
+            if (wrapped.cleanupFiles) isolationCleanupFiles = wrapped.cleanupFiles;
+            sessionMetadata = { ...sessionMetadata, isolationMethod: isoConfig.method };
+            logger.log(`[Session ${sessionId}] Isolation: ${isoConfig.method} (binary: ${isoConfig.binaryPath})`);
+          } else {
+            sessionMetadata = { ...sessionMetadata, isolationMethod: void 0 };
+          }
+          logger.log(`[Session ${sessionId}] Spawning Claude: ${spawnCommand} ${spawnArgs.join(" ")} (cwd: ${directory})`);
+          const spawnEnv = { ...process.env, ...extraEnv };
           delete spawnEnv.CLAUDECODE;
-          const child = spawn$1("claude", args, {
+          const child = spawn$1(spawnCommand, spawnArgs, {
             cwd: directory,
             stdio: ["pipe", "pipe", "pipe"],
             env: spawnEnv,
@@ -3623,17 +3802,11 @@ async function startDaemon() {
           logger.log(`[Session ${sessionId}] Claude PID: ${child.pid}, stdin: ${!!child.stdin}, stdout: ${!!child.stdout}, stderr: ${!!child.stderr}`);
           child.on("error", (err) => {
             logger.log(`[Session ${sessionId}] Claude process error: ${err.message}`);
-            sessionService.pushMessage({
-              type: "assistant",
-              content: [{
-                type: "text",
-                text: `Error: Failed to start Claude Code CLI: ${err.message}
-
-Please ensure Claude Code CLI is installed on this machine. You can install it with:
-\`npm install -g @anthropic-ai/claude-code\``
-              }]
-            }, "agent");
-            sessionService.sendKeepAlive(false);
+            sessionService.pushMessage(
+              { type: "message", message: `Agent process exited unexpectedly: ${err.message}. Please ensure Claude Code CLI is installed.` },
+              "event"
+            );
+            sessionService.sendSessionEnd();
           });
           let stdoutBuffer = "";
           let lastErrorMessagePushed = false;
@@ -3827,25 +4000,25 @@ Please ensure Claude Code CLI is installed on this machine. You can install it w
           child.on("exit", (code, signal) => {
             logger.log(`[Session ${sessionId}] Claude exited: code=${code}, signal=${signal}`);
             claudeProcess = null;
+            for (const f of isolationCleanupFiles) {
+              fs.rm(f, { force: true }).catch(() => {
+              });
+            }
+            isolationCleanupFiles = [];
             for (const [id, pending] of pendingPermissions) {
               pending.resolve({ behavior: "deny", message: "Claude process exited" });
             }
             pendingPermissions.clear();
             if (code !== 0 && code !== null && !lastErrorMessagePushed) {
-              sessionService.pushMessage({
-                type: "assistant",
-                content: [{
-                  type: "text",
-                  text: `Error: Claude process exited with code ${code}${signal ? ` (signal: ${signal})` : ""}.
-
-This may indicate that Claude Code CLI is not properly installed or configured.`
-                }]
-              }, "agent");
+              sessionService.pushMessage(
+                { type: "message", message: `Agent process exited unexpectedly (code ${code}${signal ? `, signal: ${signal}` : ""})` },
+                "event"
+              );
             }
             lastErrorMessagePushed = false;
             sessionMetadata = { ...sessionMetadata, lifecycleState: claudeResumeId ? "idle" : "stopped" };
             sessionService.updateMetadata(sessionMetadata);
-            sessionService.sendKeepAlive(false);
+            sessionService.sendSessionEnd();
             if (claudeResumeId && !trackedSession.stopped) {
               saveSession({
                 sessionId,
@@ -4337,12 +4510,27 @@ This may indicate that Claude Code CLI is not properly installed or configured.`
           logger
         );
         const permissionHandler = new HyphaPermissionHandler(shouldAutoAllow2, logger.log);
+        let agentIsoConfig;
+        if (sessionMetadata.sharing?.enabled && isolationCapabilities.preferred) {
+          const method = isolationCapabilities.preferred;
+          const detail = isolationCapabilities.details[method];
+          if (detail.found && detail.verified !== false) {
+            agentIsoConfig = {
+              method,
+              binaryPath: detail.path || method,
+              workspacePath: directory
+            };
+            sessionMetadata = { ...sessionMetadata, isolationMethod: method };
+            logger.log(`[Agent Session ${sessionId}] Isolation: ${method}`);
+          }
+        }
         let agentBackend;
         if (KNOWN_MCP_AGENTS[agentName]) {
           agentBackend = new CodexMcpBackend({
             cwd: directory,
             env: options.environmentVariables,
-            log: logger.log
+            log: logger.log,
+            isolationConfig: agentIsoConfig
           });
         } else {
           const transportHandler = agentName === "gemini" ? new GeminiTransport() : new DefaultTransport(agentName);
@@ -4355,7 +4543,8 @@ This may indicate that Claude Code CLI is not properly installed or configured.`
             env: options.environmentVariables,
             permissionHandler,
             transportHandler,
-            log: logger.log
+            log: logger.log,
+            isolationConfig: agentIsoConfig
           });
         }
         bridgeAcpToSession(
@@ -4387,16 +4576,11 @@ This may indicate that Claude Code CLI is not properly installed or configured.`
           logger.log(`[Agent Session ${sessionId}] ${agentName} backend started, waiting for first message`);
         }).catch((err) => {
           logger.error(`[Agent Session ${sessionId}] Failed to start ${agentName}:`, err);
-          sessionService.pushMessage({
-            type: "assistant",
-            content: [{
-              type: "text",
-              text: `Error: Failed to start ${agentName} agent: ${err.message}
-
-Please ensure the ${agentName} CLI is installed.`
-            }]
-          }, "agent");
-          sessionService.sendKeepAlive(false);
+          sessionService.pushMessage(
+            { type: "message", message: `Agent process exited unexpectedly: ${err.message}. Please ensure the ${agentName} CLI is installed.` },
+            "event"
+          );
+          sessionService.sendSessionEnd();
         });
         return {
           type: "success",