verybot 0.1.8

package/dist/scheduler/store.js

@@ -0,0 +1,205 @@
+import { mkdirSync } from "fs";
+import { dirname } from "path";
+import Database from "better-sqlite3";
+import { Cron } from "croner";
+import { logger } from "../logger.js";
+/** Map a DB row to a Schedule object. */
+function rowToSchedule(row) {
+    return {
+        id: row.id,
+        teamId: row.team_id,
+        prompt: row.prompt,
+        type: row.type,
+        cron: row.cron,
+        runAt: row.run_at,
+        timezone: row.timezone,
+        integrations: row.integrations,
+        conditional: row.conditional === 1,
+        status: row.status,
+        nextRun: row.next_run,
+        lastRun: row.last_run,
+        failCount: row.fail_count,
+        createdAt: row.created_at,
+        updatedAt: row.updated_at,
+    };
+}
+export class ScheduleStore {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    /** Async factory — mirrors MemoryStore.create pattern. */
+    static async create(dbPath) {
+        mkdirSync(dirname(dbPath), { recursive: true });
+        const db = new Database(dbPath);
+        db.pragma("journal_mode = WAL");
+        const store = new ScheduleStore(db);
+        store.createSchema();
+        return store;
+    }
+    createSchema() {
+        this.db.exec(`
+      CREATE TABLE IF NOT EXISTS schedules (
+        id TEXT PRIMARY KEY,
+        team_id TEXT NOT NULL,
+        prompt TEXT NOT NULL,
+        type TEXT NOT NULL,
+        cron TEXT,
+        run_at TEXT,
+        timezone TEXT NOT NULL DEFAULT 'UTC',
+        integrations TEXT NOT NULL DEFAULT '',
+        conditional INTEGER NOT NULL DEFAULT 0,
+        status TEXT NOT NULL DEFAULT 'active',
+        next_run TEXT,
+        last_run TEXT,
+        fail_count INTEGER NOT NULL DEFAULT 0,
+        created_at TEXT NOT NULL,
+        updated_at TEXT NOT NULL
+      );
+      CREATE INDEX IF NOT EXISTS idx_schedules_next_run ON schedules(next_run);
+      CREATE INDEX IF NOT EXISTS idx_schedules_status ON schedules(status);
+      CREATE INDEX IF NOT EXISTS idx_schedules_team ON schedules(team_id);
+
+      CREATE TABLE IF NOT EXISTS scheduler_settings (
+        team_id TEXT PRIMARY KEY,
+        timezone TEXT NOT NULL DEFAULT 'UTC'
+      );
+    `);
+    }
+    // --- CRUD ---
+    create(schedule) {
+        this.db
+            .prepare(`INSERT INTO schedules (
+          id, team_id, prompt, type, cron, run_at, timezone,
+          integrations, conditional,
+          status, next_run, last_run, fail_count, created_at, updated_at
+        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`)
+            .run(schedule.id, schedule.teamId, schedule.prompt, schedule.type, schedule.cron, schedule.runAt, schedule.timezone, schedule.integrations, schedule.conditional ? 1 : 0, schedule.status, schedule.nextRun, schedule.lastRun, schedule.failCount, schedule.createdAt, schedule.updatedAt);
+    }
+    getById(id) {
+        const row = this.db
+            .prepare("SELECT * FROM schedules WHERE id = ?")
+            .get(id);
+        return row ? rowToSchedule(row) : null;
+    }
+    listByTeam(teamId, status) {
+        if (status) {
+            const rows = this.db
+                .prepare("SELECT * FROM schedules WHERE team_id = ? AND status = ? ORDER BY created_at DESC")
+                .all(teamId, status);
+            return rows.map(rowToSchedule);
+        }
+        const rows = this.db
+            .prepare("SELECT * FROM schedules WHERE team_id = ? ORDER BY created_at DESC")
+            .all(teamId);
+        return rows.map(rowToSchedule);
+    }
+    /** Get all schedules that are due (next_run <= now and status = 'active'). */
+    getDueSchedules(now) {
+        const rows = this.db
+            .prepare("SELECT * FROM schedules WHERE status = 'active' AND next_run IS NOT NULL AND next_run <= ?")
+            .all(now.toISOString());
+        return rows.map(rowToSchedule);
+    }
+    /** Get all schedules with a specific status. */
+    getByStatus(status) {
+        const rows = this.db
+            .prepare("SELECT * FROM schedules WHERE status = ?")
+            .all(status);
+        return rows.map(rowToSchedule);
+    }
+    /** Update specific fields on a schedule. */
+    update(id, fields) {
+        const sets = [];
+        const values = [];
+        if (fields.status !== undefined) {
+            sets.push("status = ?");
+            values.push(fields.status);
+        }
+        if (fields.nextRun !== undefined) {
+            sets.push("next_run = ?");
+            values.push(fields.nextRun);
+        }
+        if (fields.lastRun !== undefined) {
+            sets.push("last_run = ?");
+            values.push(fields.lastRun);
+        }
+        if (fields.failCount !== undefined) {
+            sets.push("fail_count = ?");
+            values.push(fields.failCount);
+        }
+        if (sets.length === 0)
+            return;
+        sets.push("updated_at = ?");
+        values.push(new Date().toISOString());
+        values.push(id);
+        this.db.prepare(`UPDATE schedules SET ${sets.join(", ")} WHERE id = ?`).run(...values);
+    }
+    delete(id) {
+        const info = this.db.prepare("DELETE FROM schedules WHERE id = ?").run(id);
+        return info.changes > 0;
+    }
+    /** Mark a schedule as completed for this run and advance to the next. */
+    markCompleted(id, nextRun) {
+        const now = new Date().toISOString();
+        if (nextRun) {
+            // Recurring — advance to next run
+            this.db
+                .prepare("UPDATE schedules SET last_run = ?, next_run = ?, fail_count = 0, updated_at = ? WHERE id = ?")
+                .run(now, nextRun, now, id);
+        }
+        else {
+            // One-shot — mark completed
+            this.db
+                .prepare("UPDATE schedules SET last_run = ?, next_run = NULL, status = 'completed', fail_count = 0, updated_at = ? WHERE id = ?")
+                .run(now, now, id);
+        }
+    }
+    /** Increment fail count and optionally advance the schedule. */
+    markFailed(id, nextRun) {
+        const now = new Date().toISOString();
+        if (nextRun) {
+            // Recurring — advance despite failure
+            this.db
+                .prepare("UPDATE schedules SET last_run = ?, next_run = ?, fail_count = fail_count + 1, updated_at = ? WHERE id = ?")
+                .run(now, nextRun, now, id);
+        }
+        else {
+            // One-shot — mark failed
+            this.db
+                .prepare("UPDATE schedules SET last_run = ?, next_run = NULL, status = 'failed', fail_count = fail_count + 1, updated_at = ? WHERE id = ?")
+                .run(now, now, id);
+        }
+    }
+    // --- Next run computation ---
+    /** Compute the next run time for a recurring schedule using croner. */
+    computeNextRun(schedule) {
+        if (schedule.type !== "recurring" || !schedule.cron)
+            return null;
+        try {
+            const job = new Cron(schedule.cron, { timezone: schedule.timezone });
+            const next = job.nextRun();
+            return next ? next.toISOString() : null;
+        }
+        catch (err) {
+            logger.warn(`Failed to compute next run for schedule ${schedule.id}: ${err instanceof Error ? err.message : err}`);
+            return null;
+        }
+    }
+    // --- Team Settings ---
+    setTimezone(teamId, timezone) {
+        this.db
+            .prepare("INSERT INTO scheduler_settings (team_id, timezone) VALUES (?, ?) ON CONFLICT(team_id) DO UPDATE SET timezone = ?")
+            .run(teamId, timezone, timezone);
+    }
+    getTimezone(teamId) {
+        const row = this.db
+            .prepare("SELECT timezone FROM scheduler_settings WHERE team_id = ?")
+            .get(teamId);
+        return row?.timezone ?? null;
+    }
+    close() {
+        this.db.close();
+        logger.info("Schedule store closed");
+    }
+}

package/dist/scheduler/types.d.ts

@@ -0,0 +1,29 @@
+export type ScheduleType = "one_shot" | "recurring";
+export type ScheduleStatus = "active" | "paused" | "completed" | "failed";
+export interface Schedule {
+    id: string;
+    /** Team that owns this schedule */
+    teamId: string;
+    /** The user's instruction / prompt for the LLM */
+    prompt: string;
+    type: ScheduleType;
+    /** Cron expression (recurring only) */
+    cron: string | null;
+    /** ISO timestamp (one-shot only) */
+    runAt: string | null;
+    /** IANA timezone, e.g. "America/New_York" */
+    timezone: string;
+    /** Comma-separated integration names to enable for this task */
+    integrations: string;
+    /** Whether the LLM can skip delivery with [SKIP] */
+    conditional: boolean;
+    status: ScheduleStatus;
+    /** ISO timestamp of next scheduled run */
+    nextRun: string | null;
+    /** ISO timestamp of last completed run */
+    lastRun: string | null;
+    /** Number of consecutive failures */
+    failCount: number;
+    createdAt: string;
+    updatedAt: string;
+}

package/dist/scheduler/types.js

@@ -0,0 +1 @@
+export {};

package/dist/security/command-validator.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Command validation for bash tool security.
+ *
+ * Blocks dangerous shell syntax (quote-aware) and checks executables
+ * against safe-bin and allowlist rules.
+ */
+/** Default read-only commands that always pass in allowlist mode. */
+export declare const DEFAULT_SAFE_BINS: Set<string>;
+interface ValidationResult {
+    ok: boolean;
+    reason?: string;
+}
+/**
+ * Check for dangerous shell syntax (quote-aware).
+ *
+ * Blocks backticks, command substitution `$(...)`, redirects `> <`,
+ * and subshells `( )` when they appear outside of quotes.
+ */
+export declare function validateCommand(command: string): ValidationResult;
+/** Check if ALL segments of a command match the allowlist. */
+export declare function isAllowed(command: string, safeBins: Set<string>, allowlist: string[]): boolean;
+export {};

package/dist/security/command-validator.js

@@ -0,0 +1,160 @@
+/**
+ * Command validation for bash tool security.
+ *
+ * Blocks dangerous shell syntax (quote-aware) and checks executables
+ * against safe-bin and allowlist rules.
+ */
+/** Shell tokens blocked outside of quotes. */
+const BLOCKED_CHARS = new Set(["`", ">", "<", "(", ")"]);
+/** Default read-only commands that always pass in allowlist mode. */
+export const DEFAULT_SAFE_BINS = new Set([
+    "ls",
+    "cat",
+    "head",
+    "tail",
+    "grep",
+    "rg",
+    "find",
+    "wc",
+    "sort",
+    "uniq",
+    "cut",
+    "tr",
+    "jq",
+    "date",
+    "whoami",
+    "pwd",
+    "echo",
+    "which",
+    "file",
+    "stat",
+    "du",
+    "df",
+    "uname",
+    "env",
+    "printenv",
+    "ps",
+    "curl",
+    "wget",
+]);
+/**
+ * Check for dangerous shell syntax (quote-aware).
+ *
+ * Blocks backticks, command substitution `$(...)`, redirects `> <`,
+ * and subshells `( )` when they appear outside of quotes.
+ */
+export function validateCommand(command) {
+    let inSingle = false;
+    let inDouble = false;
+    for (let i = 0; i < command.length; i++) {
+        const ch = command[i];
+        // Track quote state
+        if (ch === "'" && !inDouble) {
+            inSingle = !inSingle;
+            continue;
+        }
+        if (ch === '"' && !inSingle) {
+            inDouble = !inDouble;
+            continue;
+        }
+        // Skip chars inside quotes
+        if (inSingle || inDouble)
+            continue;
+        // Check for $( command substitution
+        if (ch === "$" && i + 1 < command.length && command[i + 1] === "(") {
+            return { ok: false, reason: "command substitution $(...) is not allowed" };
+        }
+        if (BLOCKED_CHARS.has(ch)) {
+            const names = {
+                "`": "backtick execution",
+                ">": "output redirect",
+                "<": "input redirect",
+                "(": "subshell",
+                ")": "subshell",
+            };
+            return { ok: false, reason: `${names[ch] ?? ch} is not allowed` };
+        }
+    }
+    return { ok: true };
+}
+/**
+ * Extract the executable name from a command string.
+ * Handles env-prefix patterns like `VAR=val cmd` and paths like `/usr/bin/python3`.
+ */
+function extractExecutable(segment) {
+    const trimmed = segment.trim();
+    const tokens = trimmed.split(/\s+/);
+    // Skip leading env assignments (KEY=VALUE)
+    let idx = 0;
+    while (idx < tokens.length && /^[A-Za-z_]\w*=/.test(tokens[idx])) {
+        idx++;
+    }
+    const raw = tokens[idx] ?? "";
+    // Strip path: /usr/bin/python3 -> python3
+    const slashIdx = raw.lastIndexOf("/");
+    return slashIdx >= 0 ? raw.slice(slashIdx + 1) : raw;
+}
+/** Split a command into segments on `&&`, `||`, `;`, and `|`. */
+function splitSegments(command) {
+    // Split on && || ; | while respecting quotes
+    const segments = [];
+    let current = "";
+    let inSingle = false;
+    let inDouble = false;
+    for (let i = 0; i < command.length; i++) {
+        const ch = command[i];
+        if (ch === "'" && !inDouble) {
+            inSingle = !inSingle;
+            current += ch;
+            continue;
+        }
+        if (ch === '"' && !inSingle) {
+            inDouble = !inDouble;
+            current += ch;
+            continue;
+        }
+        if (inSingle || inDouble) {
+            current += ch;
+            continue;
+        }
+        // Check for && or ||
+        if ((ch === "&" || ch === "|") && i + 1 < command.length && command[i + 1] === ch) {
+            segments.push(current);
+            current = "";
+            i++; // skip second char
+            continue;
+        }
+        // Check for ; or single |
+        if (ch === ";" || ch === "|") {
+            segments.push(current);
+            current = "";
+            continue;
+        }
+        current += ch;
+    }
+    if (current.trim())
+        segments.push(current);
+    return segments.filter((s) => s.trim().length > 0);
+}
+/** Check if ALL segments of a command use only safe bins. */
+function isSafeBin(command, safeBins) {
+    const segments = splitSegments(command);
+    return segments.every((seg) => safeBins.has(extractExecutable(seg)));
+}
+/** Convert a simple glob pattern to a RegExp (`*` -> `.*`). */
+function globToRegExp(pattern) {
+    const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+    return new RegExp(`^${escaped}$`);
+}
+/** Check if an executable matches any allowlist glob pattern. */
+function matchesAllowlist(executable, patterns) {
+    return patterns.some((pat) => globToRegExp(pat).test(executable));
+}
+/** Check if ALL segments of a command match the allowlist. */
+export function isAllowed(command, safeBins, allowlist) {
+    const segments = splitSegments(command);
+    return segments.every((seg) => {
+        const exe = extractExecutable(seg);
+        return safeBins.has(exe) || matchesAllowlist(exe, allowlist);
+    });
+}

package/dist/security/docker-sandbox.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Docker sandbox for bash tool execution.
+ *
+ * Commands run inside isolated Docker containers with:
+ * - Read-only root filesystem
+ * - No network access
+ * - All capabilities dropped
+ * - Resource limits (memory, pids)
+ * - Workspace mounted at /workspace (read-write)
+ *
+ * Containers are created lazily per session and reused for subsequent commands.
+ * Idle containers are pruned after a configurable timeout.
+ *
+ * If Docker is not available at startup, the sandbox polls in the background
+ * and returns an error to the user until Docker comes online.
+ */
+export interface SandboxConfig {
+    image: string;
+    memoryLimit: string;
+    pidsLimit: number;
+    idleTimeoutMs: number;
+}
+export declare class DockerSandbox {
+    private containers;
+    private config;
+    private ready;
+    constructor(config: SandboxConfig);
+    /**
+     * Execute a command in the sandbox container for the given session.
+     * Checks Docker availability on first use (and after losing connection).
+     */
+    exec(sessionKey: string, command: string): string;
+    /** Remove container for a session. */
+    cleanup(sessionKey: string): void;
+    /** Remove all containers (call on shutdown). */
+    cleanupAll(): void;
+    private getOrCreateContainer;
+    private resetIdleTimer;
+    private onIdle;
+    private removeContainer;
+    private containerName;
+    /**
+     * Distinguish Docker daemon errors (connection lost, daemon stopped) from
+     * normal command failures inside the container (non-zero exit code).
+     */
+    private isDockerError;
+    private pruneOrphans;
+}

package/dist/security/docker-sandbox.js

@@ -0,0 +1,218 @@
+/**
+ * Docker sandbox for bash tool execution.
+ *
+ * Commands run inside isolated Docker containers with:
+ * - Read-only root filesystem
+ * - No network access
+ * - All capabilities dropped
+ * - Resource limits (memory, pids)
+ * - Workspace mounted at /workspace (read-write)
+ *
+ * Containers are created lazily per session and reused for subsequent commands.
+ * Idle containers are pruned after a configurable timeout.
+ *
+ * If Docker is not available at startup, the sandbox polls in the background
+ * and returns an error to the user until Docker comes online.
+ */
+import { execFileSync } from "child_process";
+import { createHash } from "crypto";
+import { mkdirSync } from "fs";
+import { resolve } from "path";
+import { logger } from "../logger.js";
+import { SANDBOX_WORKSPACE } from "../paths.js";
+const CONTAINER_PREFIX = "verybot-sandbox";
+const LABEL = "verybot-sandbox=1";
+const EXEC_TIMEOUT = 30_000;
+const MAX_OUTPUT = 10_000;
+const MAX_ERROR = 5_000;
+/** Check if Docker is available by running `docker info`. */
+function checkDocker() {
+    try {
+        execFileSync("docker", ["info"], { stdio: "ignore", timeout: 5_000 });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export class DockerSandbox {
+    containers = new Map();
+    config;
+    ready = false;
+    constructor(config) {
+        this.config = config;
+        mkdirSync(resolve(SANDBOX_WORKSPACE), { recursive: true });
+        logger.info(`Docker sandbox: configured (image=${config.image}, memory=${config.memoryLimit}, ` +
+            `pids=${config.pidsLimit}, workspace=${SANDBOX_WORKSPACE}, idle=${config.idleTimeoutMs}ms)`);
+    }
+    /**
+     * Execute a command in the sandbox container for the given session.
+     * Checks Docker availability on first use (and after losing connection).
+     */
+    exec(sessionKey, command) {
+        if (!this.ready) {
+            if (!checkDocker()) {
+                return "Docker is not available. Please start Docker and try again.";
+            }
+            this.ready = true;
+            this.pruneOrphans();
+            logger.info("Docker sandbox: Docker is available, ready to execute");
+        }
+        const handle = this.getOrCreateContainer(sessionKey);
+        this.resetIdleTimer(sessionKey, handle);
+        try {
+            const output = execFileSync("docker", ["exec", handle.id, "sh", "-c", command], {
+                encoding: "utf-8",
+                timeout: EXEC_TIMEOUT,
+                maxBuffer: 1024 * 1024,
+            });
+            return output.slice(0, MAX_OUTPUT);
+        }
+        catch (err) {
+            // If docker exec itself failed (not the command inside), reset ready flag
+            // so next call re-checks Docker availability
+            if (this.isDockerError(err)) {
+                logger.warn("Docker sandbox: Docker connection lost, will re-check on next exec");
+                this.ready = false;
+                this.containers.delete(sessionKey);
+            }
+            const msg = err instanceof Error ? err.message : String(err);
+            const stderr = err.stderr ?? "";
+            return `Error: ${msg}\n${stderr}`.slice(0, MAX_ERROR);
+        }
+    }
+    /** Remove container for a session. */
+    cleanup(sessionKey) {
+        const handle = this.containers.get(sessionKey);
+        if (!handle)
+            return;
+        clearTimeout(handle.timer);
+        this.removeContainer(handle);
+        this.containers.delete(sessionKey);
+    }
+    /** Remove all containers (call on shutdown). */
+    cleanupAll() {
+        for (const [key, handle] of this.containers) {
+            clearTimeout(handle.timer);
+            this.removeContainer(handle);
+            this.containers.delete(key);
+        }
+        logger.info("Docker sandbox: all containers cleaned up");
+    }
+    getOrCreateContainer(sessionKey) {
+        const existing = this.containers.get(sessionKey);
+        if (existing)
+            return existing;
+        const name = this.containerName(sessionKey);
+        const workspaceAbs = resolve(SANDBOX_WORKSPACE);
+        // Create container
+        const createArgs = [
+            "create",
+            "--name",
+            name,
+            "--label",
+            LABEL,
+            "--read-only",
+            "--tmpfs",
+            "/tmp:rw,noexec,nosuid,size=64m",
+            "--network",
+            "none",
+            "--cap-drop",
+            "ALL",
+            "--security-opt",
+            "no-new-privileges",
+            "--memory",
+            this.config.memoryLimit,
+            "--pids-limit",
+            String(this.config.pidsLimit),
+            "-v",
+            `${workspaceAbs}:/workspace:rw`,
+            "-w",
+            "/workspace",
+            this.config.image,
+            "sleep",
+            "infinity",
+        ];
+        const id = execFileSync("docker", createArgs, {
+            encoding: "utf-8",
+            timeout: 30_000,
+        }).trim();
+        // Start container
+        execFileSync("docker", ["start", id], {
+            stdio: "ignore",
+            timeout: 10_000,
+        });
+        logger.info(`Docker sandbox: created container ${name} (${id.slice(0, 12)}) for ${sessionKey}`);
+        const handle = {
+            id,
+            name,
+            timer: setTimeout(() => this.onIdle(sessionKey), this.config.idleTimeoutMs),
+        };
+        handle.timer.unref();
+        this.containers.set(sessionKey, handle);
+        return handle;
+    }
+    resetIdleTimer(sessionKey, handle) {
+        clearTimeout(handle.timer);
+        handle.timer = setTimeout(() => this.onIdle(sessionKey), this.config.idleTimeoutMs);
+        handle.timer.unref();
+    }
+    onIdle(sessionKey) {
+        const handle = this.containers.get(sessionKey);
+        if (!handle)
+            return;
+        logger.info(`Docker sandbox: pruning idle container ${handle.name} for ${sessionKey}`);
+        this.removeContainer(handle);
+        this.containers.delete(sessionKey);
+    }
+    removeContainer(handle) {
+        try {
+            execFileSync("docker", ["rm", "-f", handle.id], {
+                stdio: "ignore",
+                timeout: 10_000,
+            });
+        }
+        catch (err) {
+            logger.warn(`Docker sandbox: failed to remove ${handle.name}: ${err instanceof Error ? err.message : err}`);
+        }
+    }
+    containerName(sessionKey) {
+        const hash = createHash("sha256").update(sessionKey).digest("hex").slice(0, 12);
+        return `${CONTAINER_PREFIX}-${hash}`;
+    }
+    /**
+     * Distinguish Docker daemon errors (connection lost, daemon stopped) from
+     * normal command failures inside the container (non-zero exit code).
+     */
+    isDockerError(err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        const stderr = err.stderr ?? "";
+        const combined = `${msg}\n${stderr}`.toLowerCase();
+        // These indicate Docker itself is unavailable, not a command failure
+        return (combined.includes("cannot connect to the docker daemon") ||
+            combined.includes("connection refused") ||
+            combined.includes("is the docker daemon running") ||
+            combined.includes("no such container") ||
+            combined.includes("is not running"));
+    }
+    pruneOrphans() {
+        try {
+            const ids = execFileSync("docker", ["ps", "-aq", "--filter", `label=${LABEL}`], { encoding: "utf-8", timeout: 5_000 }).trim();
+            if (!ids)
+                return;
+            const idList = ids.split("\n").filter(Boolean);
+            for (const id of idList) {
+                try {
+                    execFileSync("docker", ["rm", "-f", id], { stdio: "ignore", timeout: 5_000 });
+                }
+                catch {
+                    // ignore individual failures
+                }
+            }
+            logger.info(`Docker sandbox: pruned ${idList.length} orphan container(s)`);
+        }
+        catch {
+            // docker ps failed, ignore
+        }
+    }
+}

package/dist/security/env-filter.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Environment variable filtering for bash tool security.
+ *
+ * Strips dangerous env vars that could be used for code injection
+ * (LD_PRELOAD, DYLD_*, NODE_OPTIONS, etc.) before passing to child processes.
+ */
+/** Returns a copy of process.env with dangerous variables removed. */
+export declare function sanitizeEnv(): Record<string, string>;