zeitlich 0.2.48 → 0.2.50

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (126) hide show
  1. package/README.md +26 -23
  2. package/dist/{activities-DCaIPQBT.d.ts → activities-IuOIvPHO.d.ts} +6 -6
  3. package/dist/{activities-BlQR5gX4.d.cts → activities-cIlq1y1y.d.cts} +6 -6
  4. package/dist/adapters/sandbox/daytona/index.cjs.map +1 -1
  5. package/dist/adapters/sandbox/daytona/index.d.cts +3 -3
  6. package/dist/adapters/sandbox/daytona/index.d.ts +3 -3
  7. package/dist/adapters/sandbox/daytona/index.js.map +1 -1
  8. package/dist/adapters/sandbox/daytona/workflow.d.cts +2 -2
  9. package/dist/adapters/sandbox/daytona/workflow.d.ts +2 -2
  10. package/dist/adapters/sandbox/e2b/index.cjs.map +1 -1
  11. package/dist/adapters/sandbox/e2b/index.d.cts +1 -1
  12. package/dist/adapters/sandbox/e2b/index.d.ts +1 -1
  13. package/dist/adapters/sandbox/e2b/index.js.map +1 -1
  14. package/dist/adapters/sandbox/e2b/workflow.d.cts +1 -1
  15. package/dist/adapters/sandbox/e2b/workflow.d.ts +1 -1
  16. package/dist/adapters/thread/anthropic/index.cjs +45 -42
  17. package/dist/adapters/thread/anthropic/index.cjs.map +1 -1
  18. package/dist/adapters/thread/anthropic/index.d.cts +10 -10
  19. package/dist/adapters/thread/anthropic/index.d.ts +10 -10
  20. package/dist/adapters/thread/anthropic/index.js +45 -42
  21. package/dist/adapters/thread/anthropic/index.js.map +1 -1
  22. package/dist/adapters/thread/anthropic/workflow.d.cts +7 -7
  23. package/dist/adapters/thread/anthropic/workflow.d.ts +7 -7
  24. package/dist/adapters/thread/google-genai/index.cjs +117 -54
  25. package/dist/adapters/thread/google-genai/index.cjs.map +1 -1
  26. package/dist/adapters/thread/google-genai/index.d.cts +27 -23
  27. package/dist/adapters/thread/google-genai/index.d.ts +27 -23
  28. package/dist/adapters/thread/google-genai/index.js +117 -54
  29. package/dist/adapters/thread/google-genai/index.js.map +1 -1
  30. package/dist/adapters/thread/google-genai/workflow.d.cts +8 -8
  31. package/dist/adapters/thread/google-genai/workflow.d.ts +8 -8
  32. package/dist/adapters/thread/langchain/index.cjs +45 -42
  33. package/dist/adapters/thread/langchain/index.cjs.map +1 -1
  34. package/dist/adapters/thread/langchain/index.d.cts +10 -10
  35. package/dist/adapters/thread/langchain/index.d.ts +10 -10
  36. package/dist/adapters/thread/langchain/index.js +45 -42
  37. package/dist/adapters/thread/langchain/index.js.map +1 -1
  38. package/dist/adapters/thread/langchain/workflow.d.cts +7 -7
  39. package/dist/adapters/thread/langchain/workflow.d.ts +7 -7
  40. package/dist/{cold-store-UL13Sstw.d.cts → cold-store-C0uvYTSi.d.cts} +1 -1
  41. package/dist/{cold-store-aD4TSKlU.d.ts → cold-store-CCnZYWjx.d.ts} +1 -1
  42. package/dist/index.cjs +15063 -405
  43. package/dist/index.cjs.map +1 -1
  44. package/dist/index.d.cts +79 -83
  45. package/dist/index.d.ts +79 -83
  46. package/dist/index.js +15064 -402
  47. package/dist/index.js.map +1 -1
  48. package/dist/{proxy-BAty3CWM.d.cts → proxy-BVznA2_p.d.cts} +1 -1
  49. package/dist/{proxy-mbnwBhHw.d.ts → proxy-C4J1pNUk.d.ts} +1 -1
  50. package/dist/{thread-manager-CICj68PI.d.ts → thread-manager-BqjzWsP7.d.ts} +4 -4
  51. package/dist/{thread-manager-R6c3lnJy.d.cts → thread-manager-CzIs47uG.d.cts} +4 -4
  52. package/dist/{thread-manager-DsXvJ5cJ.d.cts → thread-manager-Dzl1fHhV.d.cts} +4 -4
  53. package/dist/{thread-manager-DtEtbUkp.d.ts → thread-manager-SkSWRPRc.d.ts} +4 -4
  54. package/dist/{types-gVa5XCWD.d.ts → types-BQvXWcft.d.ts} +1 -1
  55. package/dist/{types-DF4wzWQG.d.ts → types-CbPnU4RM.d.ts} +3 -3
  56. package/dist/{types-CJ7tCdl6.d.cts → types-D8W5TnSa.d.cts} +3 -3
  57. package/dist/{types-CJ7tCdl6.d.ts → types-D8W5TnSa.d.ts} +3 -3
  58. package/dist/{types-DwBYd0ij.d.ts → types-DZnUqCAP.d.cts} +709 -686
  59. package/dist/{types-CjY93AWZ.d.cts → types-OEN1xrFg.d.cts} +1 -1
  60. package/dist/{types-DWeyCTYK.d.cts → types-YNesmGKV.d.ts} +709 -686
  61. package/dist/{types-DDLPnxBh.d.cts → types-d2RvEP6v.d.cts} +3 -3
  62. package/dist/{workflow-DdaU7_j4.d.ts → workflow-B3oTe2_D.d.cts} +34 -3
  63. package/dist/{workflow-DVNPR7eX.d.cts → workflow-Bkzg0cjB.d.ts} +34 -3
  64. package/dist/workflow.cjs +15021 -362
  65. package/dist/workflow.cjs.map +1 -1
  66. package/dist/workflow.d.cts +3 -3
  67. package/dist/workflow.d.ts +3 -3
  68. package/dist/workflow.js +15022 -359
  69. package/dist/workflow.js.map +1 -1
  70. package/package.json +10 -37
  71. package/src/adapters/thread/anthropic/activities.ts +1 -1
  72. package/src/adapters/thread/anthropic/fork-transform.test.ts +17 -11
  73. package/src/adapters/thread/anthropic/model-invoker.test.ts +4 -3
  74. package/src/adapters/thread/anthropic/model-invoker.ts +1 -1
  75. package/src/adapters/thread/anthropic/thread-manager.test.ts +2 -2
  76. package/src/adapters/thread/anthropic/thread-manager.ts +1 -1
  77. package/src/adapters/thread/google-genai/activities.ts +1 -1
  78. package/src/adapters/thread/google-genai/fork-transform.test.ts +17 -11
  79. package/src/adapters/thread/google-genai/model-invoker.test.ts +337 -0
  80. package/src/adapters/thread/google-genai/model-invoker.ts +107 -23
  81. package/src/adapters/thread/google-genai/thread-manager.test.ts +2 -2
  82. package/src/adapters/thread/google-genai/thread-manager.ts +1 -1
  83. package/src/adapters/thread/langchain/activities.ts +1 -1
  84. package/src/adapters/thread/langchain/fork-transform.test.ts +17 -11
  85. package/src/adapters/thread/langchain/model-invoker.ts +1 -1
  86. package/src/adapters/thread/langchain/thread-manager.test.ts +2 -2
  87. package/src/adapters/thread/langchain/thread-manager.ts +1 -1
  88. package/src/index.ts +2 -2
  89. package/src/lib/sandbox/capability-types.test.ts +2 -2
  90. package/src/lib/sandbox/manager.ts +2 -6
  91. package/src/lib/sandbox/sandbox.test.ts +1 -1
  92. package/src/lib/sandbox/types.ts +2 -2
  93. package/src/lib/session/session.integration.test.ts +92 -0
  94. package/src/lib/session/session.ts +23 -0
  95. package/src/lib/subagent/handler.ts +23 -0
  96. package/src/lib/subagent/subagent.integration.test.ts +198 -0
  97. package/src/lib/thread/keys.test.ts +9 -9
  98. package/src/lib/thread/keys.ts +1 -1
  99. package/src/lib/thread/manager.test.ts +24 -14
  100. package/src/lib/thread/manager.ts +19 -23
  101. package/src/lib/thread/snapshot.test.ts +51 -43
  102. package/src/lib/thread/snapshot.ts +54 -32
  103. package/src/lib/thread/test-utils.ts +106 -59
  104. package/src/lib/thread/tiered.test.ts +1 -1
  105. package/src/lib/thread/types.ts +2 -2
  106. package/src/lib/tool-router/router.integration.test.ts +44 -0
  107. package/src/lib/tool-router/router.ts +149 -33
  108. package/src/lib/tool-router/types.ts +23 -0
  109. package/src/lib/workflow.ts +49 -0
  110. package/src/{adapters/sandbox/inmemory/proxy.ts → test-utils/in-memory-sandbox-proxy.ts} +5 -16
  111. package/src/{adapters/sandbox/inmemory/index.ts → test-utils/in-memory-sandbox.ts} +11 -3
  112. package/src/tools/bash/bash.test.ts +1 -1
  113. package/src/tools/edit/handler.test.ts +1 -1
  114. package/tsup.config.ts +2 -4
  115. package/dist/adapters/sandbox/inmemory/index.cjs +0 -214
  116. package/dist/adapters/sandbox/inmemory/index.cjs.map +0 -1
  117. package/dist/adapters/sandbox/inmemory/index.d.cts +0 -40
  118. package/dist/adapters/sandbox/inmemory/index.d.ts +0 -40
  119. package/dist/adapters/sandbox/inmemory/index.js +0 -211
  120. package/dist/adapters/sandbox/inmemory/index.js.map +0 -1
  121. package/dist/adapters/sandbox/inmemory/workflow.cjs +0 -36
  122. package/dist/adapters/sandbox/inmemory/workflow.cjs.map +0 -1
  123. package/dist/adapters/sandbox/inmemory/workflow.d.cts +0 -27
  124. package/dist/adapters/sandbox/inmemory/workflow.d.ts +0 -27
  125. package/dist/adapters/sandbox/inmemory/workflow.js +0 -34
  126. package/dist/adapters/sandbox/inmemory/workflow.js.map +0 -1
package/README.md CHANGED
@@ -56,13 +56,12 @@ Vercel AI SDK and other provider-specific adapters can be built by implementing
56
56
 
57
57
  A sandbox adapter provides filesystem access for tools like `Bash`, `Read`, `Write`, and `Edit`:
58
58
 
59
- | Adapter | Import | Use case |
60
- | ---------- | ------------------------------------ | ------------------------------------------------- |
61
- | In-memory | `zeitlich/adapters/sandbox/inmemory` | Tests and lightweight agents |
62
- | Virtual FS | `zeitlich` / `zeitlich/workflow` | Built-in virtual filesystem with custom resolvers |
63
- | Daytona | `zeitlich/adapters/sandbox/daytona` | Remote Daytona workspaces |
64
- | E2B | `zeitlich/adapters/sandbox/e2b` | E2B cloud sandboxes |
65
- | Bedrock | `zeitlich/adapters/sandbox/bedrock` | AWS Bedrock AgentCore Code Interpreter |
59
+ | Adapter | Import | Use case |
60
+ | ---------- | ----------------------------------- | ------------------------------------------------- |
61
+ | Virtual FS | `zeitlich` / `zeitlich/workflow` | Built-in virtual filesystem with custom resolvers |
62
+ | Daytona | `zeitlich/adapters/sandbox/daytona` | Remote Daytona workspaces |
63
+ | E2B | `zeitlich/adapters/sandbox/e2b` | E2B cloud sandboxes |
64
+ | Bedrock | `zeitlich/adapters/sandbox/bedrock` | AWS Bedrock AgentCore Code Interpreter |
66
65
 
67
66
  ### Example: LangChain Adapter
68
67
 
@@ -89,7 +88,7 @@ All adapters follow the same pattern — `createActivities(scope)` for worker re
89
88
  ## Installation
90
89
 
91
90
  ```bash
92
- npm install zeitlich ioredis \
91
+ npm install zeitlich redis \
93
92
  @temporalio/workflow @temporalio/common
94
93
  ```
95
94
 
@@ -99,7 +98,7 @@ npm install zeitlich ioredis \
99
98
  - `@temporalio/common` >=1.16.0 <2.0.0 (required)
100
99
  - `@temporalio/worker` >=1.16.0 <2.0.0 (optional — only when running a worker)
101
100
  - `@temporalio/envconfig` >=1.16.0 <2.0.0 (optional — only when using envconfig)
102
- - `ioredis` >= 5.0.0
101
+ - `redis` >= 4.6.0
103
102
  - `@langchain/core` >= 1.0.0 (optional — only when using the LangChain adapter)
104
103
  - `@google/genai` >= 1.0.0 (optional — only when using the Google GenAI adapter)
105
104
  - `@aws-sdk/client-bedrock-agentcore` >= 3.900.0 (optional — only when using the Bedrock adapter)
@@ -132,7 +131,7 @@ import {
132
131
 
133
132
  // Adapter workflow proxies (auto-scoped to current workflow)
134
133
  import { proxyLangChainThreadOps } from "zeitlich/adapters/thread/langchain/workflow";
135
- import { proxyInMemorySandboxOps } from "zeitlich/adapters/sandbox/inmemory/workflow";
134
+ import { proxyE2bSandboxOps } from "zeitlich/adapters/sandbox/e2b/workflow";
136
135
 
137
136
  // In activity files and worker setup — framework-agnostic core
138
137
  import {
@@ -195,7 +194,7 @@ import type { MyActivities } from "./activities";
195
194
  import type { StoredMessage } from "@langchain/core/messages";
196
195
 
197
196
  import { proxyLangChainThreadOps } from "zeitlich/adapters/thread/langchain/workflow";
198
- import { proxyInMemorySandboxOps } from "zeitlich/adapters/sandbox/inmemory/workflow";
197
+ import { proxyE2bSandboxOps } from "zeitlich/adapters/sandbox/e2b/workflow";
199
198
 
200
199
  const runAgentActivity = proxyRunAgent<StoredMessage>();
201
200
 
@@ -230,7 +229,7 @@ export const myAgentWorkflow = defineWorkflow(
230
229
  maxTurns: 20,
231
230
  thread: { mode: "new", threadId: runId },
232
231
  threadOps: proxyLangChainThreadOps(),
233
- sandboxOps: proxyInMemorySandboxOps(),
232
+ sandboxOps: proxyE2bSandboxOps(),
234
233
  runAgent: runAgentActivity,
235
234
  buildContextMessage: () => [{ type: "text", text: prompt }],
236
235
  tools: {
@@ -266,7 +265,7 @@ export const myAgentWorkflow = defineWorkflow(
266
265
  Activities are factory functions that receive infrastructure dependencies (`redis`, `client`). The thread adapter and sandbox provider are configured here — swap imports to change LLM or sandbox backend.
267
266
 
268
267
  ```typescript
269
- import type Redis from "ioredis";
268
+ import type { RedisClientType as Redis } from "redis";
270
269
  import type { WorkflowClient } from "@temporalio/client";
271
270
  import { ChatAnthropic } from "@langchain/anthropic";
272
271
  import {
@@ -276,11 +275,11 @@ import {
276
275
  createAskUserQuestionHandler,
277
276
  createRunAgentActivity,
278
277
  } from "zeitlich";
279
- import { InMemorySandboxProvider } from "zeitlich/adapters/sandbox/inmemory";
278
+ import { E2bSandboxProvider } from "zeitlich/adapters/sandbox/e2b";
280
279
 
281
280
  import { createLangChainAdapter } from "zeitlich/adapters/thread/langchain";
282
281
 
283
- const sandboxProvider = new InMemorySandboxProvider();
282
+ const sandboxProvider = new E2bSandboxProvider();
284
283
  const sandboxManager = new SandboxManager(sandboxProvider);
285
284
 
286
285
  export const createActivities = ({
@@ -318,7 +317,7 @@ export type MyActivities = ReturnType<typeof createActivities>;
318
317
 
319
318
  ```typescript
320
319
  import { Worker, NativeConnection } from "@temporalio/worker";
321
- import Redis from "ioredis";
320
+ import { createClient } from "redis";
322
321
  import { fileURLToPath } from "node:url";
323
322
  import { createActivities } from "./activities";
324
323
 
@@ -326,7 +325,8 @@ async function run() {
326
325
  const connection = await NativeConnection.connect({
327
326
  address: "localhost:7233",
328
327
  });
329
- const redis = new Redis({ host: "localhost", port: 6379 });
328
+ const redis = createClient({ url: "redis://localhost:6379" });
329
+ await redis.connect();
330
330
 
331
331
  const worker = await Worker.create({
332
332
  connection,
@@ -561,9 +561,9 @@ Use `FileSystemSkillProvider` to load skills from a directory. It accepts any `S
561
561
 
562
562
  ```typescript
563
563
  import { FileSystemSkillProvider } from "zeitlich";
564
- import { InMemorySandboxProvider } from "zeitlich/adapters/sandbox/inmemory";
564
+ import { E2bSandboxProvider } from "zeitlich/adapters/sandbox/e2b";
565
565
 
566
- const provider = new InMemorySandboxProvider();
566
+ const provider = new E2bSandboxProvider();
567
567
  const { sandbox } = await provider.create({});
568
568
 
569
569
  const skillProvider = new FileSystemSkillProvider(sandbox.fs, "/skills");
@@ -922,16 +922,19 @@ export const researcherWorkflow = defineSubagentWorkflow(
922
922
 
923
923
  ### Filesystem Utilities
924
924
 
925
- Built-in support for file operations with in-memory or custom filesystem providers (e.g. from [`just-bash`](https://github.com/nicholasgasior/just-bash)).
925
+ Built-in support for file operations against any sandbox or custom filesystem provider.
926
926
 
927
- `toTree` generates a file tree string from an `IFileSystem` instance:
927
+ `toTree` generates a file tree string from a `SandboxFileSystem` instance:
928
928
 
929
929
  ```typescript
930
930
  import { toTree } from "zeitlich";
931
931
 
932
932
  // In activities - generate a file tree string for agent context
933
933
  export const createActivities = ({ redis, client }) => ({
934
- generateFileTreeActivity: async () => toTree(inMemoryFileSystem),
934
+ generateFileTreeActivity: async (sandboxId: string) => {
935
+ const sandbox = await sandboxManager.getSandbox(sandboxId);
936
+ return toTree(sandbox.fs);
937
+ },
935
938
  // ...
936
939
  });
937
940
  ```
@@ -965,7 +968,7 @@ import {
965
968
  const sandboxManager = new SandboxManager(provider);
966
969
 
967
970
  export const createActivities = ({ redis, client }) => ({
968
- // scope auto-prepends the provider id (e.g. "inMemory", "virtual")
971
+ // scope auto-prepends the provider id (e.g. "e2b", "daytona", "virtual")
969
972
  ...sandboxManager.createActivities("MyAgentWorkflow"),
970
973
  globHandlerActivity: withSandbox(sandboxManager, globHandler),
971
974
  editHandlerActivity: withSandbox(sandboxManager, editHandler),
package/dist/{activities-DCaIPQBT.d.ts → activities-IuOIvPHO.d.ts} RENAMED
@@ -1,8 +1,8 @@
1
- import Redis from 'ioredis';
1
+ import { RedisClientType } from 'redis';
2
2
  import { Part, Content, GoogleGenAI } from '@google/genai';
3
- import { a as ModelInvoker, b as PrefixedThreadOps, S as ScopedPrefix, R as RouterContext, c as ToolHandlerResponse, d as ActivityToolHandler } from './types-DwBYd0ij.js';
4
- import { C as ColdThreadStore } from './cold-store-aD4TSKlU.js';
5
- import { T as ThreadManagerHooks, P as ProviderThreadManager } from './types-DF4wzWQG.js';
3
+ import { a as ModelInvoker, b as PrefixedThreadOps, S as ScopedPrefix, R as RouterContext, c as ToolHandlerResponse, d as ActivityToolHandler } from './types-YNesmGKV.js';
4
+ import { C as ColdThreadStore } from './cold-store-CCnZYWjx.js';
5
+ import { T as ThreadManagerHooks, P as ProviderThreadManager } from './types-CbPnU4RM.js';
6
6
  import { A as ADAPTER_ID } from './adapter-id-BB-mmrts.js';
7
7
 
8
8
  /** SDK-native content type for Google GenAI human messages */
@@ -16,7 +16,7 @@ interface StoredContent {
16
16
  }
17
17
  type GoogleGenAIThreadManagerHooks = ThreadManagerHooks<StoredContent, Content>;
18
18
  interface GoogleGenAIThreadManagerConfig {
19
- redis: Redis;
19
+ redis: RedisClientType;
20
20
  threadId: string;
21
21
  /** Thread key, defaults to 'messages' */
22
22
  key?: string;
@@ -47,7 +47,7 @@ declare function createGoogleGenAIThreadManager(config: GoogleGenAIThreadManager
47
47
 
48
48
  type GoogleGenAIThreadOps<TScope extends string = ""> = PrefixedThreadOps<ScopedPrefix<TScope, typeof ADAPTER_ID>, GoogleGenAIContent>;
49
49
  interface GoogleGenAIAdapterConfig {
50
- redis: Redis;
50
+ redis: RedisClientType;
51
51
  client?: GoogleGenAI;
52
52
  /** Default model name (e.g. 'gemini-2.5-flash'). If omitted, use `createModelInvoker()` */
53
53
  model?: string;
package/dist/{activities-BlQR5gX4.d.cts → activities-cIlq1y1y.d.cts} RENAMED
@@ -1,8 +1,8 @@
1
- import Redis from 'ioredis';
1
+ import { RedisClientType } from 'redis';
2
2
  import { Part, Content, GoogleGenAI } from '@google/genai';
3
- import { a as ModelInvoker, b as PrefixedThreadOps, S as ScopedPrefix, R as RouterContext, c as ToolHandlerResponse, d as ActivityToolHandler } from './types-DWeyCTYK.cjs';
4
- import { C as ColdThreadStore } from './cold-store-UL13Sstw.cjs';
5
- import { T as ThreadManagerHooks, P as ProviderThreadManager } from './types-DDLPnxBh.cjs';
3
+ import { a as ModelInvoker, b as PrefixedThreadOps, S as ScopedPrefix, R as RouterContext, c as ToolHandlerResponse, d as ActivityToolHandler } from './types-DZnUqCAP.cjs';
4
+ import { C as ColdThreadStore } from './cold-store-C0uvYTSi.cjs';
5
+ import { T as ThreadManagerHooks, P as ProviderThreadManager } from './types-d2RvEP6v.cjs';
6
6
  import { A as ADAPTER_ID } from './adapter-id-BB-mmrts.cjs';
7
7
 
8
8
  /** SDK-native content type for Google GenAI human messages */
@@ -16,7 +16,7 @@ interface StoredContent {
16
16
  }
17
17
  type GoogleGenAIThreadManagerHooks = ThreadManagerHooks<StoredContent, Content>;
18
18
  interface GoogleGenAIThreadManagerConfig {
19
- redis: Redis;
19
+ redis: RedisClientType;
20
20
  threadId: string;
21
21
  /** Thread key, defaults to 'messages' */
22
22
  key?: string;
@@ -47,7 +47,7 @@ declare function createGoogleGenAIThreadManager(config: GoogleGenAIThreadManager
47
47
 
48
48
  type GoogleGenAIThreadOps<TScope extends string = ""> = PrefixedThreadOps<ScopedPrefix<TScope, typeof ADAPTER_ID>, GoogleGenAIContent>;
49
49
  interface GoogleGenAIAdapterConfig {
50
- redis: Redis;
50
+ redis: RedisClientType;
51
51
  client?: GoogleGenAI;
52
52
  /** Default model name (e.g. 'gemini-2.5-flash'). If omitted, use `createModelInvoker()` */
53
53
  model?: string;
package/dist/adapters/sandbox/daytona/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/lib/sandbox/types.ts","../../../../src/adapters/sandbox/daytona/filesystem.ts","../../../../src/adapters/sandbox/daytona/index.ts"],"names":["ApplicationFailure","posix","path","Daytona"],"mappings":";;;;;;;AA4XO,IAAM,wBAAA,GAAN,cAAuCA,yBAAA,CAAmB;AAAA,EAC/D,YAAY,SAAA,EAAmB;AAC7B,IAAA,KAAA;AAAA,MACE,6BAA6B,SAAS,CAAA,CAAA;AAAA,MACtC,0BAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACF,CAAA;AAEO,IAAM,oBAAA,GAAN,cAAmCA,yBAAA,CAAmB;AAAA,EAC3D,YAAY,SAAA,EAAmB;AAC7B,IAAA,KAAA,CAAM,CAAA,mBAAA,EAAsB,SAAS,CAAA,CAAA,EAAI,sBAAA,EAAwB,IAAI,CAAA;AAAA,EACvE;AACF,CAAA;AC1XO,IAAM,2BAAN,MAA4D;AAAA,EAGjE,WAAA,CACU,OAAA,EACR,aAAA,GAAgB,eAAA,EAChB;AAFQ,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAGR,IAAA,IAAA,CAAK,aAAA,GAAgBC,UAAA,CAAM,OAAA,CAAQ,GAAA,EAAK,aAAa,CAAA;AAAA,EACvD;AAAA,EAJU,OAAA;AAAA,EAHD,aAAA;AAAA,EASD,cAAcC,MAAA,EAAsB;AAC1C,IAAA,OAAOD,UAAA,CAAM,OAAA,CAAQ,IAAA,CAAK,aAAA,EAAeC,MAAI,CAAA;AAAA,EAC/C;AAAA,EAEA,MAAc,iBAAiB,aAAA,EAAwC;AACrE,IAAA,MAAM,SAAS,IAAA,CAAK,aAAA,KAAkB,MAAM,GAAA,GAAM,CAAA,EAAG,KAAK,aAAa,CAAA,CAAA,CAAA;AACvE,IAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,IAAA,KAAA,MAAW,KAAK,aAAA,EAAe;AAC7B,MAAA,IAAI,GAAA,GAAMD,UAAA,CAAM,OAAA,CAAQ,CAAC,CAAA;AACzB,MAAA,OAAO,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AAC7B,QAAA,IAAA,CAAK,IAAI,GAAG,CAAA;AACZ,QAAA,GAAA,GAAMA,UAAA,CAAM,QAAQ,GAAG,CAAA;AAAA,MACzB;AAAA,IACF;AACA,IAAA,MAAM,MAAA,GAAS,CAAC,GAAG,IAAI,CAAA,CAAE,IAAA;AAAA,MACvB,CAAC,CAAA,EAAG,CAAA,KAAM,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE,MAAA,GAAS,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE;AAAA,KAC/C;AACA,IAAA,KAAA,MAAW,OAAO,MAAA,EAAQ;AACxB,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,YAAA,CAAa,KAAK,KAAK,CAAA;AAAA,MAC/C,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,SAAS,IAAA,EAA+B;AAC5C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,aAAa,IAAI,CAAA;AACnD,IAAA,OAAO,GAAA,CAAI,SAAS,OAAO,CAAA;AAAA,EAC7B;AAAA,EAEA,MAAM,eAAe,IAAA,EAAmC;AACtD,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,aAAa,IAAI,CAAA;AACnD,IAAA,OAAO,IAAI,UAAA,CAAW,GAAA,CAAI,QAAQ,GAAA,CAAI,UAAA,EAAY,IAAI,UAAU,CAAA;AAAA,EAClE;AAAA,EAEA,MAAM,SAAA,CAAU,IAAA,EAAc,OAAA,EAA6C;AACzE,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,GAAA,GACJ,OAAO,OAAA,KAAY,QAAA,GACf,MAAA,CAAO,IAAA,CAAK,OAAA,EAAS,OAAO,CAAA,GAC5B,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AACzB,IAAA,MAAM,IAAA,CAAK,gBAAA,CAAiB,CAAC,IAAI,CAAC,CAAA;AAClC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAA,CAAW,KAAK,IAAI,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WACJ,KAAA,EACe;AACf,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,MAChC,MAAA,EAAQ,MAAA,CAAO,IAAA,CAAK,CAAA,CAAE,OAAO,CAAA;AAAA,MAC7B,WAAA,EAAa,IAAA,CAAK,aAAA,CAAc,CAAA,CAAE,IAAI;AAAA,KACxC,CAAE,CAAA;AACF,IAAA,MAAM,IAAA,CAAK,iBAAiB,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,WAAW,CAAC,CAAA;AAC7D,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,WAAA,CAAY,OAAO,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,UAAA,CAAW,IAAA,EAAc,OAAA,EAA6C;AAC1E,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,aAAa,IAAI,CAAA;AAAA,IACpD,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA,CAAK,SAAA,CAAU,IAAA,EAAM,OAAO,CAAA;AAAA,IACrC;AAEA,IAAA,MAAM,QAAA,GACJ,OAAO,OAAA,KAAY,QAAA,GAAW,OAAO,IAAA,CAAK,OAAA,EAAS,OAAO,CAAA,GAAI,OAAA;AAChE,IAAA,MAAM,MAAA,GAAS,OAAO,MAAA,CAAO,CAAC,UAAU,MAAA,CAAO,IAAA,CAAK,QAAQ,CAAC,CAAC,CAAA;AAC9D,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAA,CAAW,QAAQ,IAAI,CAAA;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAO,IAAA,EAAgC;AAC3C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,cAAA,CAAe,IAAI,CAAA;AACzC,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,KAAK,IAAA,EAAiC;AAC1C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,eAAe,IAAI,CAAA;AACtD,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,CAAC,IAAA,CAAK,KAAA;AAAA,MACd,aAAa,IAAA,CAAK,KAAA;AAAA,MAClB,cAAA,EAAgB,KAAA;AAAA,MAChB,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,KAAA,EAAO,IAAI,IAAA,CAAK,IAAA,CAAK,OAAO;AAAA,KAC9B;AAAA,EACF;AAAA,EAEA,MAAM,KAAA,CAAM,IAAA,EAAc,QAAA,EAAmD;AAC3E,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,YAAA,CAAa,MAAM,KAAK,CAAA;AAAA,EAChD;AAAA,EAEA,MAAM,QAAQ,IAAA,EAAiC;AAC7C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAU,IAAI,CAAA;AACpD,IAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,IAAI,CAAA;AAAA,EAClC;AAAA,EAEA,MAAM,qBAAqB,IAAA,EAAsC;AAC/D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAU,IAAI,CAAA;AACpD,IAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,MACzB,MAAM,CAAA,CAAE,IAAA;AAAA,MACR,MAAA,EAAQ,CAAC,CAAA,CAAE,KAAA;AAAA,MACX,aAAa,CAAA,CAAE,KAAA;AAAA,MACf,cAAA,EAAgB;AAAA,KAClB,CAAE,CAAA;AAAA,EACJ;AAAA,EAEA,MAAM,EAAA,CACJ,IAAA,EACA,OAAA,EACe;AACf,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,IAAI;AACF,MAAA,MAAM,KAAK,OAAA,CAAQ,EAAA,CAAG,UAAA,CAAW,IAAA,EAAM,SAAS,SAAS,CAAA;AAAA,IAC3D,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,CAAC,OAAA,EAAS,KAAA,EAAO,MAAM,GAAA;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,MAAM,EAAA,CACJ,GAAA,EACA,IAAA,EACA,OAAA,EACe;AACf,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,aAAA,CAAc,GAAG,CAAA;AACtC,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACxC,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,eAAe,OAAO,CAAA;AACzD,IAAA,IAAI,KAAK,KAAA,EAAO;AACd,MAAA,IAAI,CAAC,SAAS,SAAA,EAAW;AACvB,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,wCAAA,EAA2C,GAAG,CAAA,CAAE,CAAA;AAAA,MAClE;AACA,MAAA,MAAM,IAAA,CAAK,QAAQ,OAAA,CAAQ,cAAA;AAAA,QACzB,CAAA,OAAA,EAAU,OAAO,CAAA,GAAA,EAAM,QAAQ,CAAA,CAAA;AAAA,OACjC;AAAA,IACF,CAAA,MAAO;AACL,MAAA,MAAM,IAAA,CAAK,QAAQ,OAAA,CAAQ,cAAA;AAAA,QACzB,CAAA,IAAA,EAAO,OAAO,CAAA,GAAA,EAAM,QAAQ,CAAA,CAAA;AAAA,OAC9B;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,EAAA,CAAG,GAAA,EAAa,IAAA,EAA6B;AACjD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,aAAA,CAAc,GAAG,CAAA;AACtC,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACxC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,SAAA,CAAU,SAAS,QAAQ,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,SAAS,KAAA,EAAgC;AAC7C,IAAA,MAAM,IAAI,yBAAyB,UAAU,CAAA;AAAA,EAC/C;AAAA,EAEA,WAAA,CAAY,MAAcC,MAAA,EAAsB;AAC9C,IAAA,OAAOD,WAAM,OAAA,CAAQ,IAAA,CAAK,aAAA,CAAc,IAAI,GAAGC,MAAI,CAAA;AAAA,EACrD;AACF;;;ACzKA,IAAM,qBAAN,MAA4C;AAAA,EAS1C,WAAA,CACW,EAAA,EACD,UAAA,EACR,aAAA,GAAgB,eAAA,EAChB;AAHS,IAAA,IAAA,CAAA,EAAA,GAAA,EAAA;AACD,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAGR,IAAA,IAAA,CAAK,EAAA,GAAK,IAAI,wBAAA,CAAyB,UAAA,EAAY,aAAa,CAAA;AAAA,EAClE;AAAA,EALW,EAAA;AAAA,EACD,UAAA;AAAA,EAVD,YAAA,GAAoC;AAAA,IAC3C,UAAA,EAAY,IAAA;AAAA,IACZ,SAAA,EAAW,IAAA;AAAA,IACX,WAAA,EAAa;AAAA,GACf;AAAA,EAES,EAAA;AAAA,EAUT,MAAM,IAAA,CAAK,OAAA,EAAiB,OAAA,EAA4C;AACtE,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,UAAA,CAAW,OAAA,CAAQ,cAAA;AAAA,MAC7C,OAAA;AAAA,MACA,OAAA,EAAS,GAAA;AAAA,MACT,OAAA,EAAS,GAAA;AAAA,MACT,OAAA,EAAS;AAAA,KACX;AAEA,IAAA,OAAO;AAAA,MACL,QAAA,EAAU,SAAS,QAAA,IAAY,CAAA;AAAA,MAC/B,MAAA,EAAQ,SAAS,MAAA,IAAU,EAAA;AAAA,MAC3B,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAAA,EAEA,MAAM,OAAA,GAAyB;AAC7B,IAAA,MAAM,IAAA,CAAK,UAAA,CAAW,MAAA,CAAO,EAAE,CAAA;AAAA,EACjC;AACF,CAAA;AAYA,IAAM,eAAe,EAAC;AAUf,IAAM,yBAAN,MAGP;AAAA,EACW,EAAA,GAAK,SAAA;AAAA,EACL,YAAA,GAAoC;AAAA,IAC3C,UAAA,EAAY,IAAA;AAAA,IACZ,SAAA,EAAW,IAAA;AAAA,IACX,WAAA,EAAa;AAAA,GACf;AAAA,EACS,wBAAkD,IAAI,GAAA;AAAA,IAC7D;AAAA,GACF;AAAA,EAEQ,MAAA;AAAA,EACS,oBAAA;AAAA,EAEjB,YAAY,MAAA,EAA+B;AACzC,IAAA,IAAA,CAAK,MAAA,GAAS,IAAIC,WAAA,CAAQ,MAAM,CAAA;AAChC,IAAA,IAAA,CAAK,oBAAA,GAAuB,QAAQ,aAAA,IAAiB,eAAA;AAAA,EACvD;AAAA,EAEA,MAAM,OACJ,OAAA,EAC8B;AAC9B,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,MAAA,CAAO,MAAA;AAAA,MACnC;AAAA,QACE,UAAU,OAAA,EAAS,QAAA;AAAA,QACnB,UAAU,OAAA,EAAS,QAAA;AAAA,QACnB,SAAS,OAAA,EAAS,GAAA;AAAA,QAClB,QAAQ,OAAA,EAAS,MAAA;AAAA,QACjB,kBAAkB,OAAA,EAAS,gBAAA;AAAA,QAC3B,qBAAqB,OAAA,EAAS,mBAAA;AAAA,QAC9B,oBAAoB,OAAA,EAAS;AAAA,OAC/B;AAAA,MACA,EAAE,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,EAAA;AAAG,KACpC;AAEA,IAAA,MAAM,aAAA,GAAgB,OAAA,EAAS,aAAA,IAAiB,IAAA,CAAK,oBAAA;AAErD,IAAA,MAAM,UAAU,IAAI,kBAAA;AAAA,MAClB,UAAA,CAAW,EAAA;AAAA,MACX,UAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,IAAI,SAAS,YAAA,EAAc;AACzB,MAAA,MAAM,QAAQ,EAAA,CAAG,UAAA;AAAA,QACf,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAA,CAAE,IAAI,CAAC,CAAC,IAAA,EAAM,OAAO,CAAA,MAAO;AAAA,UAC7D,IAAA;AAAA,UACA;AAAA,SACF,CAAE;AAAA,OACJ;AAAA,IACF;AAEA,IAAA,OAAO,EAAE,OAAA,EAAQ;AAAA,EACnB;AAAA,EAEA,MAAM,IAAI,SAAA,EAA4C;AACpD,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,MAAA,CAAO,IAAI,SAAS,CAAA;AAClD,MAAA,OAAO,IAAI,kBAAA;AAAA,QACT,UAAA,CAAW,EAAA;AAAA,QACX,UAAA;AAAA,QACA,IAAA,CAAK;AAAA,OACP;AAAA,IACF,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAI,qBAAqB,SAAS,CAAA;AAAA,IAC1C;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,SAAA,EAAkC;AAC9C,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,MAAA,CAAO,IAAI,SAAS,CAAA;AAClD,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA;AAAA,IACrC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AACF","file":"index.cjs","sourcesContent":["// ============================================================================\n// Sandbox Filesystem\n// ============================================================================\n\nexport interface DirentEntry {\n name: string;\n isFile: boolean;\n isDirectory: boolean;\n isSymbolicLink: boolean;\n}\n\nexport interface FileStat {\n isFile: boolean;\n isDirectory: boolean;\n isSymbolicLink: boolean;\n size: number;\n mtime: Date;\n}\n\n// ============================================================================\n// Network & lifecycle\n// ============================================================================\n\nexport interface SandboxNetworkConfig {\n allowOut?: string[];\n denyOut?: string[];\n allowPublicTraffic?: boolean;\n}\n\nexport interface SandboxLifecycleConfig {\n onTimeout: \"kill\" | \"pause\";\n autoResume?: boolean;\n}\n\n/**\n * Provider-agnostic filesystem interface.\n *\n * Implementations that don't support a method should throw\n * {@link SandboxNotSupportedError}.\n */\nexport interface SandboxFileSystem {\n /** Base directory used when resolving relative paths. */\n readonly workspaceBase: string;\n readFile(path: string): Promise<string>;\n readFileBuffer(path: string): Promise<Uint8Array>;\n writeFile(path: string, content: string | Uint8Array): Promise<void>;\n appendFile(path: string, content: string | Uint8Array): Promise<void>;\n exists(path: string): Promise<boolean>;\n stat(path: string): Promise<FileStat>;\n mkdir(path: string, options?: { recursive?: boolean }): Promise<void>;\n readdir(path: string): Promise<string[]>;\n readdirWithFileTypes(path: string): Promise<DirentEntry[]>;\n rm(\n path: string,\n options?: { recursive?: boolean; force?: boolean }\n ): Promise<void>;\n cp(\n src: string,\n dest: string,\n options?: { recursive?: boolean }\n ): Promise<void>;\n mv(src: string, dest: string): Promise<void>;\n readlink(path: string): Promise<string>;\n resolvePath(base: string, path: string): string;\n}\n\n// ============================================================================\n// Execution\n// ============================================================================\n\nexport interface ExecOptions {\n timeout?: number;\n cwd?: string;\n env?: Record<string, string>;\n}\n\nexport interface ExecResult {\n exitCode: number;\n stdout: string;\n stderr: string;\n}\n\n// ============================================================================\n// Capabilities\n// ============================================================================\n\n/**\n * Runtime capability flags carried by a {@link Sandbox} instance.\n *\n * These are an orthogonal mechanism to the type-level\n * {@link SandboxCapability} union: this flag bag is for runtime\n * introspection (\"does the sandbox support a filesystem?\") whereas\n * {@link SandboxCapability} narrows the type-level provider/ops contract.\n */\nexport interface SandboxCapabilities {\n /** Sandbox supports filesystem operations */\n filesystem: boolean;\n /** Sandbox supports shell/command execution */\n execution: boolean;\n /** Sandbox state can be persisted and restored */\n persistence: boolean;\n}\n\n/**\n * Type-level capability vocabulary for {@link SandboxProvider} and\n * {@link SandboxOps}. Adapters declare the subset they actually support; the\n * conditional types on each contract gate the corresponding methods so\n * unsupported calls become a compile-time error rather than a runtime\n * {@link SandboxNotSupportedError}.\n *\n * `pause` and `resume` are split because some adapters might support one\n * direction without the other. The `snapshot` cap covers both `snapshot()`\n * and `deleteSnapshot()` since they always travel together in practice.\n */\nexport type SandboxCapability =\n | \"pause\"\n | \"resume\"\n | \"snapshot\"\n | \"restore\"\n | \"fork\";\n\n// ============================================================================\n// Sandbox\n// ============================================================================\n\nexport interface Sandbox {\n readonly id: string;\n readonly capabilities: SandboxCapabilities;\n readonly fs: SandboxFileSystem;\n\n exec(command: string, options?: ExecOptions): Promise<ExecResult>;\n destroy(): Promise<void>;\n}\n\n// ============================================================================\n// Snapshots\n// ============================================================================\n\nexport interface SandboxSnapshot {\n sandboxId: string;\n providerId: string;\n /** Provider-specific serialised state */\n data: unknown;\n createdAt: string;\n}\n\n// ============================================================================\n// Provider\n// ============================================================================\n\nexport interface SandboxCreateOptions {\n /** Preferred sandbox ID (provider may ignore) */\n id?: string;\n /** Seed the filesystem with these files */\n initialFiles?: Record<string, string | Uint8Array>;\n /** Environment variables available inside the sandbox */\n env?: Record<string, string>;\n /** Key-value metadata surfaced via provider list/query APIs */\n metadata?: Record<string, string>;\n /** Sandbox idle timeout in milliseconds */\n timeoutMs?: number;\n /** Enable or disable outbound internet access */\n allowInternetAccess?: boolean;\n /** Outbound network allow/deny rules */\n network?: SandboxNetworkConfig;\n /** Sandbox timeout behaviour */\n lifecycle?: SandboxLifecycleConfig;\n}\n\nexport interface SandboxCreateResult {\n sandbox: Sandbox;\n}\n\n/**\n * Internal helper: drop keys whose value is `never` from an object type.\n *\n * Used by the capability-gated contracts below so that an absent capability\n * removes the corresponding key entirely, instead of leaving a required\n * field with type `never` (which would make implementations impossible).\n */\ntype OmitNever<T> = {\n [K in keyof T as [T[K]] extends [never] ? never : K]: T[K];\n};\n\n/**\n * Capability-gated provider lifecycle methods.\n *\n * Each field becomes `never` when its capability is absent from `TCaps`;\n * the wrapping `OmitNever` removes those keys entirely, so the method\n * isn't part of the type surface for adapters that don't support it.\n */\ntype SandboxProviderCapMethods<\n TOptions extends SandboxCreateOptions,\n TSandbox extends Sandbox,\n TCaps extends SandboxCapability,\n> = OmitNever<{\n pause: \"pause\" extends TCaps\n ? (sandboxId: string, ttlSeconds?: number) => Promise<void>\n : never;\n resume: \"resume\" extends TCaps ? (sandboxId: string) => Promise<void> : never;\n snapshot: \"snapshot\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<SandboxSnapshot>\n : never;\n deleteSnapshot: \"snapshot\" extends TCaps\n ? (snapshot: SandboxSnapshot) => Promise<void>\n : never;\n restore: \"restore\" extends TCaps\n ? (snapshot: SandboxSnapshot, options?: TOptions) => Promise<TSandbox>\n : never;\n fork: \"fork\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<TSandbox>\n : never;\n}>;\n\n/**\n * Always-present provider lifecycle methods. These do not depend on the\n * capability set and are required by every adapter.\n */\ninterface SandboxProviderBase<\n TOptions extends SandboxCreateOptions,\n TSandbox extends Sandbox,\n TCaps extends SandboxCapability,\n> {\n readonly id: string;\n readonly capabilities: SandboxCapabilities;\n /**\n * Runtime-introspectable list of supported capabilities.\n *\n * Constrained to `ReadonlySet<TCaps & SandboxCapability>` so the runtime\n * set cannot include capabilities not declared at the type level — a\n * provider typed as `SandboxProvider<…, never>` cannot ship a runtime\n * set that contains `\"pause\"`, etc.\n *\n * The other direction (type declares a cap, runtime set omits it)\n * cannot be enforced by TypeScript alone; adapters should derive both\n * `TCaps` and the runtime set from the same `as const` array (see\n * `SandboxManager`'s constructor-time consistency check) so the two\n * surfaces cannot drift.\n */\n readonly supportedCapabilities: ReadonlySet<TCaps & SandboxCapability>;\n\n create(options?: TOptions): Promise<SandboxCreateResult>;\n get(sandboxId: string): Promise<TSandbox>;\n destroy(sandboxId: string): Promise<void>;\n}\n\n/**\n * Provider-side sandbox lifecycle contract.\n *\n * Generic over an optional capability set (`TCaps`). Each capability gates\n * a specific method: when the cap is absent the corresponding key is\n * **removed** from the type entirely, so calling it produces a TypeScript\n * error at the call site instead of a runtime\n * {@link SandboxNotSupportedError}.\n *\n * The default `TCaps = SandboxCapability` resolves to the full union, so\n * existing usages that only pass `TOptions` / `TSandbox` continue to see\n * the full method surface (backwards compatible).\n *\n * Adapters that don't support a method should narrow `TCaps` accordingly:\n *\n * - In-memory / E2B: `SandboxCapability` (default — all caps present).\n * - Bedrock Code Interpreter / Daytona: `never` (only base ops).\n * - Bedrock AgentCore Runtime: `\"pause\" | \"resume\"`.\n */\nexport type SandboxProvider<\n TOptions extends SandboxCreateOptions = SandboxCreateOptions,\n TSandbox extends Sandbox = Sandbox,\n TCaps extends SandboxCapability = SandboxCapability,\n> = SandboxProviderBase<TOptions, TSandbox, TCaps> &\n SandboxProviderCapMethods<TOptions, TSandbox, TCaps>;\n\n// ============================================================================\n// SandboxOps — workflow-side activity interface (like ThreadOps)\n// ============================================================================\n\n/**\n * Capability-gated workflow-side methods. Mirrors the provider's gating:\n * keys whose capability is absent from `TCaps` are removed from the type.\n */\ntype SandboxOpsCapMethods<\n TOptions extends SandboxCreateOptions,\n TCaps extends SandboxCapability,\n> = OmitNever<{\n pauseSandbox: \"pause\" extends TCaps\n ? (sandboxId: string) => Promise<void>\n : never;\n resumeSandbox: \"resume\" extends TCaps\n ? (sandboxId: string) => Promise<void>\n : never;\n snapshotSandbox: \"snapshot\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<SandboxSnapshot>\n : never;\n deleteSandboxSnapshot: \"snapshot\" extends TCaps\n ? (snapshot: SandboxSnapshot) => Promise<void>\n : never;\n restoreSandbox: \"restore\" extends TCaps\n ? (snapshot: SandboxSnapshot, options?: TOptions) => Promise<string>\n : never;\n forkSandbox: \"fork\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<string>\n : never;\n}>;\n\n/**\n * Always-present workflow-side lifecycle methods.\n */\ninterface SandboxOpsBase<\n TOptions extends SandboxCreateOptions,\n TCtx,\n> {\n createSandbox(\n options?: TOptions,\n ctx?: TCtx\n ): Promise<{ sandboxId: string } | null>;\n destroySandbox(sandboxId: string): Promise<void>;\n}\n\n/**\n * Workflow-side counterpart to {@link SandboxProvider}. Exposed as a set of\n * Temporal activities and consumed by `createSession`'s `sandboxOps` field\n * and by `defineSubagent`'s `sandbox.proxy`.\n *\n * Generic over a capability set (`TCaps`) — same semantics as the provider:\n * keys whose capability is absent are removed from the type, so calling\n * them is a TypeScript error rather than a runtime throw. The default\n * `TCaps = SandboxCapability` keeps the full method surface for existing\n * consumers.\n */\nexport type SandboxOps<\n TOptions extends SandboxCreateOptions = SandboxCreateOptions,\n TCtx = unknown,\n TCaps extends SandboxCapability = SandboxCapability,\n> = SandboxOpsBase<TOptions, TCtx> & SandboxOpsCapMethods<TOptions, TCaps>;\n\n/**\n * Maps generic {@link SandboxOps} method names to adapter-prefixed names.\n *\n * Inherits the capability gating from {@link SandboxOps}: when `TCaps` omits\n * a capability the prefixed key carries the `never` type so call sites are\n * type-protected.\n *\n * @example\n * ```typescript\n * type InMemOps = PrefixedSandboxOps<\"inMemory\">;\n * // → { inMemoryCreateSandbox, inMemoryDestroySandbox, inMemorySnapshotSandbox, … }\n * ```\n */\nexport type PrefixedSandboxOps<\n TPrefix extends string,\n TOptions extends SandboxCreateOptions = SandboxCreateOptions,\n TCtx = unknown,\n TCaps extends SandboxCapability = SandboxCapability,\n> = {\n [K in keyof SandboxOps<\n TOptions,\n TCtx,\n TCaps\n > as `${TPrefix}${Capitalize<K & string>}`]: SandboxOps<\n TOptions,\n TCtx,\n TCaps\n >[K];\n};\n\n// ============================================================================\n// Errors\n// ============================================================================\n\nimport { ApplicationFailure } from \"@temporalio/common\";\n\n/**\n * Thrown by adapters that still surface an unsupported method at runtime.\n *\n * After the capability-generic refactor most adapters drop their\n * unsupported methods entirely so the type system rejects them at call\n * sites. This symbol is still exported so consumers running against older\n * adapter versions can keep their backwards-compatible error-handling\n * paths until they finish migrating.\n */\nexport class SandboxNotSupportedError extends ApplicationFailure {\n constructor(operation: string) {\n super(\n `Sandbox does not support: ${operation}`,\n \"SandboxNotSupportedError\",\n true\n );\n }\n}\n\nexport class SandboxNotFoundError extends ApplicationFailure {\n constructor(sandboxId: string) {\n super(`Sandbox not found: ${sandboxId}`, \"SandboxNotFoundError\", true);\n }\n}\n","import type { Sandbox as DaytonaSdkSandbox } from \"@daytonaio/sdk\";\nimport type {\n SandboxFileSystem,\n DirentEntry,\n FileStat,\n} from \"../../../lib/sandbox/types\";\nimport { SandboxNotSupportedError } from \"../../../lib/sandbox/types\";\nimport { posix } from \"node:path\";\n\n/**\n * {@link SandboxFileSystem} backed by a Daytona SDK sandbox.\n *\n * Maps zeitlich's filesystem interface to Daytona's `sandbox.fs` and\n * `sandbox.process` APIs. Operations that have no direct Daytona equivalent\n * (e.g. `appendFile`, `cp`) are composed from primitives.\n */\nexport class DaytonaSandboxFileSystem implements SandboxFileSystem {\n readonly workspaceBase: string;\n\n constructor(\n private sandbox: DaytonaSdkSandbox,\n workspaceBase = \"/home/daytona\"\n ) {\n this.workspaceBase = posix.resolve(\"/\", workspaceBase);\n }\n\n private normalisePath(path: string): string {\n return posix.resolve(this.workspaceBase, path);\n }\n\n private async ensureParentDirs(absolutePaths: string[]): Promise<void> {\n const prefix = this.workspaceBase === \"/\" ? \"/\" : `${this.workspaceBase}/`;\n const dirs = new Set<string>();\n for (const p of absolutePaths) {\n let dir = posix.dirname(p);\n while (dir.startsWith(prefix)) {\n dirs.add(dir);\n dir = posix.dirname(dir);\n }\n }\n const sorted = [...dirs].sort(\n (a, b) => a.split(\"/\").length - b.split(\"/\").length\n );\n for (const dir of sorted) {\n try {\n await this.sandbox.fs.createFolder(dir, \"755\");\n } catch {\n // Folder already exists — Daytona's createFolder throws in that case.\n }\n }\n }\n\n async readFile(path: string): Promise<string> {\n const norm = this.normalisePath(path);\n const buf = await this.sandbox.fs.downloadFile(norm);\n return buf.toString(\"utf-8\");\n }\n\n async readFileBuffer(path: string): Promise<Uint8Array> {\n const norm = this.normalisePath(path);\n const buf = await this.sandbox.fs.downloadFile(norm);\n return new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength);\n }\n\n async writeFile(path: string, content: string | Uint8Array): Promise<void> {\n const norm = this.normalisePath(path);\n const buf =\n typeof content === \"string\"\n ? Buffer.from(content, \"utf-8\")\n : Buffer.from(content);\n await this.ensureParentDirs([norm]);\n await this.sandbox.fs.uploadFile(buf, norm);\n }\n\n async writeFiles(\n files: { path: string; content: string | Uint8Array }[]\n ): Promise<void> {\n const uploads = files.map((f) => ({\n source: Buffer.from(f.content),\n destination: this.normalisePath(f.path),\n }));\n await this.ensureParentDirs(uploads.map((u) => u.destination));\n await this.sandbox.fs.uploadFiles(uploads);\n }\n\n async appendFile(path: string, content: string | Uint8Array): Promise<void> {\n const norm = this.normalisePath(path);\n let existing: Buffer;\n try {\n existing = await this.sandbox.fs.downloadFile(norm);\n } catch {\n return this.writeFile(norm, content);\n }\n\n const addition =\n typeof content === \"string\" ? Buffer.from(content, \"utf-8\") : content;\n const merged = Buffer.concat([existing, Buffer.from(addition)]);\n await this.sandbox.fs.uploadFile(merged, norm);\n }\n\n async exists(path: string): Promise<boolean> {\n const norm = this.normalisePath(path);\n try {\n await this.sandbox.fs.getFileDetails(norm);\n return true;\n } catch {\n return false;\n }\n }\n\n async stat(path: string): Promise<FileStat> {\n const norm = this.normalisePath(path);\n const info = await this.sandbox.fs.getFileDetails(norm);\n return {\n isFile: !info.isDir,\n isDirectory: info.isDir,\n isSymbolicLink: false,\n size: info.size,\n mtime: new Date(info.modTime),\n };\n }\n\n async mkdir(path: string, _options?: { recursive?: boolean }): Promise<void> {\n const norm = this.normalisePath(path);\n await this.sandbox.fs.createFolder(norm, \"755\");\n }\n\n async readdir(path: string): Promise<string[]> {\n const norm = this.normalisePath(path);\n const entries = await this.sandbox.fs.listFiles(norm);\n return entries.map((e) => e.name);\n }\n\n async readdirWithFileTypes(path: string): Promise<DirentEntry[]> {\n const norm = this.normalisePath(path);\n const entries = await this.sandbox.fs.listFiles(norm);\n return entries.map((e) => ({\n name: e.name,\n isFile: !e.isDir,\n isDirectory: e.isDir,\n isSymbolicLink: false,\n }));\n }\n\n async rm(\n path: string,\n options?: { recursive?: boolean; force?: boolean }\n ): Promise<void> {\n const norm = this.normalisePath(path);\n try {\n await this.sandbox.fs.deleteFile(norm, options?.recursive);\n } catch (err) {\n if (!options?.force) throw err;\n }\n }\n\n async cp(\n src: string,\n dest: string,\n options?: { recursive?: boolean }\n ): Promise<void> {\n const normSrc = this.normalisePath(src);\n const normDest = this.normalisePath(dest);\n const info = await this.sandbox.fs.getFileDetails(normSrc);\n if (info.isDir) {\n if (!options?.recursive) {\n throw new Error(`EISDIR: is a directory (use recursive): ${src}`);\n }\n await this.sandbox.process.executeCommand(\n `cp -r \"${normSrc}\" \"${normDest}\"`\n );\n } else {\n await this.sandbox.process.executeCommand(\n `cp \"${normSrc}\" \"${normDest}\"`\n );\n }\n }\n\n async mv(src: string, dest: string): Promise<void> {\n const normSrc = this.normalisePath(src);\n const normDest = this.normalisePath(dest);\n await this.sandbox.fs.moveFiles(normSrc, normDest);\n }\n\n async readlink(_path: string): Promise<string> {\n throw new SandboxNotSupportedError(\"readlink\");\n }\n\n resolvePath(base: string, path: string): string {\n return posix.resolve(this.normalisePath(base), path);\n }\n}\n","import { Daytona, type Sandbox as DaytonaSdkSandbox } from \"@daytonaio/sdk\";\nimport type {\n Sandbox,\n SandboxCapabilities,\n SandboxCapability,\n SandboxCreateResult,\n SandboxProvider,\n ExecOptions,\n ExecResult,\n} from \"../../../lib/sandbox/types\";\nimport { SandboxNotFoundError } from \"../../../lib/sandbox/types\";\nimport { DaytonaSandboxFileSystem } from \"./filesystem\";\nimport type {\n DaytonaSandbox,\n DaytonaSandboxConfig,\n DaytonaSandboxCreateOptions,\n} from \"./types\";\n\n// ============================================================================\n// DaytonaSandbox\n// ============================================================================\n\nclass DaytonaSandboxImpl implements Sandbox {\n readonly capabilities: SandboxCapabilities = {\n filesystem: true,\n execution: true,\n persistence: false,\n };\n\n readonly fs: DaytonaSandboxFileSystem;\n\n constructor(\n readonly id: string,\n private sdkSandbox: DaytonaSdkSandbox,\n workspaceBase = \"/home/daytona\"\n ) {\n this.fs = new DaytonaSandboxFileSystem(sdkSandbox, workspaceBase);\n }\n\n async exec(command: string, options?: ExecOptions): Promise<ExecResult> {\n const response = await this.sdkSandbox.process.executeCommand(\n command,\n options?.cwd,\n options?.env,\n options?.timeout\n );\n\n return {\n exitCode: response.exitCode ?? 0,\n stdout: response.result ?? \"\",\n stderr: \"\",\n };\n }\n\n async destroy(): Promise<void> {\n await this.sdkSandbox.delete(60);\n }\n}\n\n// ============================================================================\n// DaytonaSandboxProvider\n// ============================================================================\n\n/**\n * Single source of truth for the Daytona adapter's capability set. Daytona\n * implements only base lifecycle (`create` / `get` / `destroy`); both the\n * type-level `TCaps` (`never`) and the runtime `supportedCapabilities`\n * set fall out of this empty array, so the two surfaces cannot drift.\n */\nconst DAYTONA_CAPS = [] as const satisfies readonly SandboxCapability[];\ntype DaytonaCaps = (typeof DAYTONA_CAPS)[number]; // → never\n\n/**\n * Daytona implements only base sandbox lifecycle (`create` / `get` /\n * `destroy`). Snapshot, restore, fork, pause, and resume are not supported\n * — the type-level capability set is `never`, so calling any of those\n * methods on a Daytona provider, manager, or `SandboxOps` proxy is a\n * compile-time TypeScript error.\n */\nexport class DaytonaSandboxProvider\n implements\n SandboxProvider<DaytonaSandboxCreateOptions, DaytonaSandbox, DaytonaCaps>\n{\n readonly id = \"daytona\";\n readonly capabilities: SandboxCapabilities = {\n filesystem: true,\n execution: true,\n persistence: false,\n };\n readonly supportedCapabilities: ReadonlySet<DaytonaCaps> = new Set(\n DAYTONA_CAPS\n );\n\n private client: Daytona;\n private readonly defaultWorkspaceBase: string;\n\n constructor(config?: DaytonaSandboxConfig) {\n this.client = new Daytona(config);\n this.defaultWorkspaceBase = config?.workspaceBase ?? \"/home/daytona\";\n }\n\n async create(\n options?: DaytonaSandboxCreateOptions\n ): Promise<SandboxCreateResult> {\n const sdkSandbox = await this.client.create(\n {\n language: options?.language,\n snapshot: options?.snapshot,\n envVars: options?.env,\n labels: options?.labels,\n autoStopInterval: options?.autoStopInterval,\n autoArchiveInterval: options?.autoArchiveInterval,\n autoDeleteInterval: options?.autoDeleteInterval,\n },\n { timeout: options?.timeout ?? 60 }\n );\n\n const workspaceBase = options?.workspaceBase ?? this.defaultWorkspaceBase;\n\n const sandbox = new DaytonaSandboxImpl(\n sdkSandbox.id,\n sdkSandbox,\n workspaceBase\n );\n\n if (options?.initialFiles) {\n await sandbox.fs.writeFiles(\n Object.entries(options.initialFiles).map(([path, content]) => ({\n path,\n content,\n }))\n );\n }\n\n return { sandbox };\n }\n\n async get(sandboxId: string): Promise<DaytonaSandbox> {\n try {\n const sdkSandbox = await this.client.get(sandboxId);\n return new DaytonaSandboxImpl(\n sdkSandbox.id,\n sdkSandbox,\n this.defaultWorkspaceBase\n );\n } catch {\n throw new SandboxNotFoundError(sandboxId);\n }\n }\n\n async destroy(sandboxId: string): Promise<void> {\n try {\n const sdkSandbox = await this.client.get(sandboxId);\n await this.client.delete(sdkSandbox);\n } catch {\n // Already gone\n }\n }\n}\n\n// Re-exports\nexport { DaytonaSandboxFileSystem } from \"./filesystem\";\nexport type {\n DaytonaSandbox,\n DaytonaSandboxConfig,\n DaytonaSandboxCreateOptions,\n} from \"./types\";\n"]}
1
+ {"version":3,"sources":["../../../../src/lib/sandbox/types.ts","../../../../src/adapters/sandbox/daytona/filesystem.ts","../../../../src/adapters/sandbox/daytona/index.ts"],"names":["ApplicationFailure","posix","path","Daytona"],"mappings":";;;;;;;AA4XO,IAAM,wBAAA,GAAN,cAAuCA,yBAAA,CAAmB;AAAA,EAC/D,YAAY,SAAA,EAAmB;AAC7B,IAAA,KAAA;AAAA,MACE,6BAA6B,SAAS,CAAA,CAAA;AAAA,MACtC,0BAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACF,CAAA;AAEO,IAAM,oBAAA,GAAN,cAAmCA,yBAAA,CAAmB;AAAA,EAC3D,YAAY,SAAA,EAAmB;AAC7B,IAAA,KAAA,CAAM,CAAA,mBAAA,EAAsB,SAAS,CAAA,CAAA,EAAI,sBAAA,EAAwB,IAAI,CAAA;AAAA,EACvE;AACF,CAAA;AC1XO,IAAM,2BAAN,MAA4D;AAAA,EAGjE,WAAA,CACU,OAAA,EACR,aAAA,GAAgB,eAAA,EAChB;AAFQ,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAGR,IAAA,IAAA,CAAK,aAAA,GAAgBC,UAAA,CAAM,OAAA,CAAQ,GAAA,EAAK,aAAa,CAAA;AAAA,EACvD;AAAA,EAJU,OAAA;AAAA,EAHD,aAAA;AAAA,EASD,cAAcC,MAAA,EAAsB;AAC1C,IAAA,OAAOD,UAAA,CAAM,OAAA,CAAQ,IAAA,CAAK,aAAA,EAAeC,MAAI,CAAA;AAAA,EAC/C;AAAA,EAEA,MAAc,iBAAiB,aAAA,EAAwC;AACrE,IAAA,MAAM,SAAS,IAAA,CAAK,aAAA,KAAkB,MAAM,GAAA,GAAM,CAAA,EAAG,KAAK,aAAa,CAAA,CAAA,CAAA;AACvE,IAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,IAAA,KAAA,MAAW,KAAK,aAAA,EAAe;AAC7B,MAAA,IAAI,GAAA,GAAMD,UAAA,CAAM,OAAA,CAAQ,CAAC,CAAA;AACzB,MAAA,OAAO,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AAC7B,QAAA,IAAA,CAAK,IAAI,GAAG,CAAA;AACZ,QAAA,GAAA,GAAMA,UAAA,CAAM,QAAQ,GAAG,CAAA;AAAA,MACzB;AAAA,IACF;AACA,IAAA,MAAM,MAAA,GAAS,CAAC,GAAG,IAAI,CAAA,CAAE,IAAA;AAAA,MACvB,CAAC,CAAA,EAAG,CAAA,KAAM,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE,MAAA,GAAS,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE;AAAA,KAC/C;AACA,IAAA,KAAA,MAAW,OAAO,MAAA,EAAQ;AACxB,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,YAAA,CAAa,KAAK,KAAK,CAAA;AAAA,MAC/C,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,SAAS,IAAA,EAA+B;AAC5C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,aAAa,IAAI,CAAA;AACnD,IAAA,OAAO,GAAA,CAAI,SAAS,OAAO,CAAA;AAAA,EAC7B;AAAA,EAEA,MAAM,eAAe,IAAA,EAAmC;AACtD,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,aAAa,IAAI,CAAA;AACnD,IAAA,OAAO,IAAI,UAAA,CAAW,GAAA,CAAI,QAAQ,GAAA,CAAI,UAAA,EAAY,IAAI,UAAU,CAAA;AAAA,EAClE;AAAA,EAEA,MAAM,SAAA,CAAU,IAAA,EAAc,OAAA,EAA6C;AACzE,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,GAAA,GACJ,OAAO,OAAA,KAAY,QAAA,GACf,MAAA,CAAO,IAAA,CAAK,OAAA,EAAS,OAAO,CAAA,GAC5B,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AACzB,IAAA,MAAM,IAAA,CAAK,gBAAA,CAAiB,CAAC,IAAI,CAAC,CAAA;AAClC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAA,CAAW,KAAK,IAAI,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WACJ,KAAA,EACe;AACf,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,MAChC,MAAA,EAAQ,MAAA,CAAO,IAAA,CAAK,CAAA,CAAE,OAAO,CAAA;AAAA,MAC7B,WAAA,EAAa,IAAA,CAAK,aAAA,CAAc,CAAA,CAAE,IAAI;AAAA,KACxC,CAAE,CAAA;AACF,IAAA,MAAM,IAAA,CAAK,iBAAiB,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,WAAW,CAAC,CAAA;AAC7D,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,WAAA,CAAY,OAAO,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,UAAA,CAAW,IAAA,EAAc,OAAA,EAA6C;AAC1E,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,aAAa,IAAI,CAAA;AAAA,IACpD,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA,CAAK,SAAA,CAAU,IAAA,EAAM,OAAO,CAAA;AAAA,IACrC;AAEA,IAAA,MAAM,QAAA,GACJ,OAAO,OAAA,KAAY,QAAA,GAAW,OAAO,IAAA,CAAK,OAAA,EAAS,OAAO,CAAA,GAAI,OAAA;AAChE,IAAA,MAAM,MAAA,GAAS,OAAO,MAAA,CAAO,CAAC,UAAU,MAAA,CAAO,IAAA,CAAK,QAAQ,CAAC,CAAC,CAAA;AAC9D,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAA,CAAW,QAAQ,IAAI,CAAA;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAO,IAAA,EAAgC;AAC3C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,cAAA,CAAe,IAAI,CAAA;AACzC,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,KAAK,IAAA,EAAiC;AAC1C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,eAAe,IAAI,CAAA;AACtD,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,CAAC,IAAA,CAAK,KAAA;AAAA,MACd,aAAa,IAAA,CAAK,KAAA;AAAA,MAClB,cAAA,EAAgB,KAAA;AAAA,MAChB,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,KAAA,EAAO,IAAI,IAAA,CAAK,IAAA,CAAK,OAAO;AAAA,KAC9B;AAAA,EACF;AAAA,EAEA,MAAM,KAAA,CAAM,IAAA,EAAc,QAAA,EAAmD;AAC3E,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,YAAA,CAAa,MAAM,KAAK,CAAA;AAAA,EAChD;AAAA,EAEA,MAAM,QAAQ,IAAA,EAAiC;AAC7C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAU,IAAI,CAAA;AACpD,IAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,IAAI,CAAA;AAAA,EAClC;AAAA,EAEA,MAAM,qBAAqB,IAAA,EAAsC;AAC/D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAU,IAAI,CAAA;AACpD,IAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,MACzB,MAAM,CAAA,CAAE,IAAA;AAAA,MACR,MAAA,EAAQ,CAAC,CAAA,CAAE,KAAA;AAAA,MACX,aAAa,CAAA,CAAE,KAAA;AAAA,MACf,cAAA,EAAgB;AAAA,KAClB,CAAE,CAAA;AAAA,EACJ;AAAA,EAEA,MAAM,EAAA,CACJ,IAAA,EACA,OAAA,EACe;AACf,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,IAAI;AACF,MAAA,MAAM,KAAK,OAAA,CAAQ,EAAA,CAAG,UAAA,CAAW,IAAA,EAAM,SAAS,SAAS,CAAA;AAAA,IAC3D,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,CAAC,OAAA,EAAS,KAAA,EAAO,MAAM,GAAA;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,MAAM,EAAA,CACJ,GAAA,EACA,IAAA,EACA,OAAA,EACe;AACf,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,aAAA,CAAc,GAAG,CAAA;AACtC,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACxC,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,eAAe,OAAO,CAAA;AACzD,IAAA,IAAI,KAAK,KAAA,EAAO;AACd,MAAA,IAAI,CAAC,SAAS,SAAA,EAAW;AACvB,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,wCAAA,EAA2C,GAAG,CAAA,CAAE,CAAA;AAAA,MAClE;AACA,MAAA,MAAM,IAAA,CAAK,QAAQ,OAAA,CAAQ,cAAA;AAAA,QACzB,CAAA,OAAA,EAAU,OAAO,CAAA,GAAA,EAAM,QAAQ,CAAA,CAAA;AAAA,OACjC;AAAA,IACF,CAAA,MAAO;AACL,MAAA,MAAM,IAAA,CAAK,QAAQ,OAAA,CAAQ,cAAA;AAAA,QACzB,CAAA,IAAA,EAAO,OAAO,CAAA,GAAA,EAAM,QAAQ,CAAA,CAAA;AAAA,OAC9B;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,EAAA,CAAG,GAAA,EAAa,IAAA,EAA6B;AACjD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,aAAA,CAAc,GAAG,CAAA;AACtC,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACxC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,SAAA,CAAU,SAAS,QAAQ,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,SAAS,KAAA,EAAgC;AAC7C,IAAA,MAAM,IAAI,yBAAyB,UAAU,CAAA;AAAA,EAC/C;AAAA,EAEA,WAAA,CAAY,MAAcC,MAAA,EAAsB;AAC9C,IAAA,OAAOD,WAAM,OAAA,CAAQ,IAAA,CAAK,aAAA,CAAc,IAAI,GAAGC,MAAI,CAAA;AAAA,EACrD;AACF;;;ACzKA,IAAM,qBAAN,MAA4C;AAAA,EAS1C,WAAA,CACW,EAAA,EACD,UAAA,EACR,aAAA,GAAgB,eAAA,EAChB;AAHS,IAAA,IAAA,CAAA,EAAA,GAAA,EAAA;AACD,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAGR,IAAA,IAAA,CAAK,EAAA,GAAK,IAAI,wBAAA,CAAyB,UAAA,EAAY,aAAa,CAAA;AAAA,EAClE;AAAA,EALW,EAAA;AAAA,EACD,UAAA;AAAA,EAVD,YAAA,GAAoC;AAAA,IAC3C,UAAA,EAAY,IAAA;AAAA,IACZ,SAAA,EAAW,IAAA;AAAA,IACX,WAAA,EAAa;AAAA,GACf;AAAA,EAES,EAAA;AAAA,EAUT,MAAM,IAAA,CAAK,OAAA,EAAiB,OAAA,EAA4C;AACtE,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,UAAA,CAAW,OAAA,CAAQ,cAAA;AAAA,MAC7C,OAAA;AAAA,MACA,OAAA,EAAS,GAAA;AAAA,MACT,OAAA,EAAS,GAAA;AAAA,MACT,OAAA,EAAS;AAAA,KACX;AAEA,IAAA,OAAO;AAAA,MACL,QAAA,EAAU,SAAS,QAAA,IAAY,CAAA;AAAA,MAC/B,MAAA,EAAQ,SAAS,MAAA,IAAU,EAAA;AAAA,MAC3B,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAAA,EAEA,MAAM,OAAA,GAAyB;AAC7B,IAAA,MAAM,IAAA,CAAK,UAAA,CAAW,MAAA,CAAO,EAAE,CAAA;AAAA,EACjC;AACF,CAAA;AAYA,IAAM,eAAe,EAAC;AAUf,IAAM,yBAAN,MAGP;AAAA,EACW,EAAA,GAAK,SAAA;AAAA,EACL,YAAA,GAAoC;AAAA,IAC3C,UAAA,EAAY,IAAA;AAAA,IACZ,SAAA,EAAW,IAAA;AAAA,IACX,WAAA,EAAa;AAAA,GACf;AAAA,EACS,wBAAkD,IAAI,GAAA;AAAA,IAC7D;AAAA,GACF;AAAA,EAEQ,MAAA;AAAA,EACS,oBAAA;AAAA,EAEjB,YAAY,MAAA,EAA+B;AACzC,IAAA,IAAA,CAAK,MAAA,GAAS,IAAIC,WAAA,CAAQ,MAAM,CAAA;AAChC,IAAA,IAAA,CAAK,oBAAA,GAAuB,QAAQ,aAAA,IAAiB,eAAA;AAAA,EACvD;AAAA,EAEA,MAAM,OACJ,OAAA,EAC8B;AAC9B,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,MAAA,CAAO,MAAA;AAAA,MACnC;AAAA,QACE,UAAU,OAAA,EAAS,QAAA;AAAA,QACnB,UAAU,OAAA,EAAS,QAAA;AAAA,QACnB,SAAS,OAAA,EAAS,GAAA;AAAA,QAClB,QAAQ,OAAA,EAAS,MAAA;AAAA,QACjB,kBAAkB,OAAA,EAAS,gBAAA;AAAA,QAC3B,qBAAqB,OAAA,EAAS,mBAAA;AAAA,QAC9B,oBAAoB,OAAA,EAAS;AAAA,OAC/B;AAAA,MACA,EAAE,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,EAAA;AAAG,KACpC;AAEA,IAAA,MAAM,aAAA,GAAgB,OAAA,EAAS,aAAA,IAAiB,IAAA,CAAK,oBAAA;AAErD,IAAA,MAAM,UAAU,IAAI,kBAAA;AAAA,MAClB,UAAA,CAAW,EAAA;AAAA,MACX,UAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,IAAI,SAAS,YAAA,EAAc;AACzB,MAAA,MAAM,QAAQ,EAAA,CAAG,UAAA;AAAA,QACf,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAA,CAAE,IAAI,CAAC,CAAC,IAAA,EAAM,OAAO,CAAA,MAAO;AAAA,UAC7D,IAAA;AAAA,UACA;AAAA,SACF,CAAE;AAAA,OACJ;AAAA,IACF;AAEA,IAAA,OAAO,EAAE,OAAA,EAAQ;AAAA,EACnB;AAAA,EAEA,MAAM,IAAI,SAAA,EAA4C;AACpD,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,MAAA,CAAO,IAAI,SAAS,CAAA;AAClD,MAAA,OAAO,IAAI,kBAAA;AAAA,QACT,UAAA,CAAW,EAAA;AAAA,QACX,UAAA;AAAA,QACA,IAAA,CAAK;AAAA,OACP;AAAA,IACF,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAI,qBAAqB,SAAS,CAAA;AAAA,IAC1C;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,SAAA,EAAkC;AAC9C,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,MAAA,CAAO,IAAI,SAAS,CAAA;AAClD,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA;AAAA,IACrC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AACF","file":"index.cjs","sourcesContent":["// ============================================================================\n// Sandbox Filesystem\n// ============================================================================\n\nexport interface DirentEntry {\n name: string;\n isFile: boolean;\n isDirectory: boolean;\n isSymbolicLink: boolean;\n}\n\nexport interface FileStat {\n isFile: boolean;\n isDirectory: boolean;\n isSymbolicLink: boolean;\n size: number;\n mtime: Date;\n}\n\n// ============================================================================\n// Network & lifecycle\n// ============================================================================\n\nexport interface SandboxNetworkConfig {\n allowOut?: string[];\n denyOut?: string[];\n allowPublicTraffic?: boolean;\n}\n\nexport interface SandboxLifecycleConfig {\n onTimeout: \"kill\" | \"pause\";\n autoResume?: boolean;\n}\n\n/**\n * Provider-agnostic filesystem interface.\n *\n * Implementations that don't support a method should throw\n * {@link SandboxNotSupportedError}.\n */\nexport interface SandboxFileSystem {\n /** Base directory used when resolving relative paths. */\n readonly workspaceBase: string;\n readFile(path: string): Promise<string>;\n readFileBuffer(path: string): Promise<Uint8Array>;\n writeFile(path: string, content: string | Uint8Array): Promise<void>;\n appendFile(path: string, content: string | Uint8Array): Promise<void>;\n exists(path: string): Promise<boolean>;\n stat(path: string): Promise<FileStat>;\n mkdir(path: string, options?: { recursive?: boolean }): Promise<void>;\n readdir(path: string): Promise<string[]>;\n readdirWithFileTypes(path: string): Promise<DirentEntry[]>;\n rm(\n path: string,\n options?: { recursive?: boolean; force?: boolean }\n ): Promise<void>;\n cp(\n src: string,\n dest: string,\n options?: { recursive?: boolean }\n ): Promise<void>;\n mv(src: string, dest: string): Promise<void>;\n readlink(path: string): Promise<string>;\n resolvePath(base: string, path: string): string;\n}\n\n// ============================================================================\n// Execution\n// ============================================================================\n\nexport interface ExecOptions {\n timeout?: number;\n cwd?: string;\n env?: Record<string, string>;\n}\n\nexport interface ExecResult {\n exitCode: number;\n stdout: string;\n stderr: string;\n}\n\n// ============================================================================\n// Capabilities\n// ============================================================================\n\n/**\n * Runtime capability flags carried by a {@link Sandbox} instance.\n *\n * These are an orthogonal mechanism to the type-level\n * {@link SandboxCapability} union: this flag bag is for runtime\n * introspection (\"does the sandbox support a filesystem?\") whereas\n * {@link SandboxCapability} narrows the type-level provider/ops contract.\n */\nexport interface SandboxCapabilities {\n /** Sandbox supports filesystem operations */\n filesystem: boolean;\n /** Sandbox supports shell/command execution */\n execution: boolean;\n /** Sandbox state can be persisted and restored */\n persistence: boolean;\n}\n\n/**\n * Type-level capability vocabulary for {@link SandboxProvider} and\n * {@link SandboxOps}. Adapters declare the subset they actually support; the\n * conditional types on each contract gate the corresponding methods so\n * unsupported calls become a compile-time error rather than a runtime\n * {@link SandboxNotSupportedError}.\n *\n * `pause` and `resume` are split because some adapters might support one\n * direction without the other. The `snapshot` cap covers both `snapshot()`\n * and `deleteSnapshot()` since they always travel together in practice.\n */\nexport type SandboxCapability =\n | \"pause\"\n | \"resume\"\n | \"snapshot\"\n | \"restore\"\n | \"fork\";\n\n// ============================================================================\n// Sandbox\n// ============================================================================\n\nexport interface Sandbox {\n readonly id: string;\n readonly capabilities: SandboxCapabilities;\n readonly fs: SandboxFileSystem;\n\n exec(command: string, options?: ExecOptions): Promise<ExecResult>;\n destroy(): Promise<void>;\n}\n\n// ============================================================================\n// Snapshots\n// ============================================================================\n\nexport interface SandboxSnapshot {\n sandboxId: string;\n providerId: string;\n /** Provider-specific serialised state */\n data: unknown;\n createdAt: string;\n}\n\n// ============================================================================\n// Provider\n// ============================================================================\n\nexport interface SandboxCreateOptions {\n /** Preferred sandbox ID (provider may ignore) */\n id?: string;\n /** Seed the filesystem with these files */\n initialFiles?: Record<string, string | Uint8Array>;\n /** Environment variables available inside the sandbox */\n env?: Record<string, string>;\n /** Key-value metadata surfaced via provider list/query APIs */\n metadata?: Record<string, string>;\n /** Sandbox idle timeout in milliseconds */\n timeoutMs?: number;\n /** Enable or disable outbound internet access */\n allowInternetAccess?: boolean;\n /** Outbound network allow/deny rules */\n network?: SandboxNetworkConfig;\n /** Sandbox timeout behaviour */\n lifecycle?: SandboxLifecycleConfig;\n}\n\nexport interface SandboxCreateResult {\n sandbox: Sandbox;\n}\n\n/**\n * Internal helper: drop keys whose value is `never` from an object type.\n *\n * Used by the capability-gated contracts below so that an absent capability\n * removes the corresponding key entirely, instead of leaving a required\n * field with type `never` (which would make implementations impossible).\n */\ntype OmitNever<T> = {\n [K in keyof T as [T[K]] extends [never] ? never : K]: T[K];\n};\n\n/**\n * Capability-gated provider lifecycle methods.\n *\n * Each field becomes `never` when its capability is absent from `TCaps`;\n * the wrapping `OmitNever` removes those keys entirely, so the method\n * isn't part of the type surface for adapters that don't support it.\n */\ntype SandboxProviderCapMethods<\n TOptions extends SandboxCreateOptions,\n TSandbox extends Sandbox,\n TCaps extends SandboxCapability,\n> = OmitNever<{\n pause: \"pause\" extends TCaps\n ? (sandboxId: string, ttlSeconds?: number) => Promise<void>\n : never;\n resume: \"resume\" extends TCaps ? (sandboxId: string) => Promise<void> : never;\n snapshot: \"snapshot\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<SandboxSnapshot>\n : never;\n deleteSnapshot: \"snapshot\" extends TCaps\n ? (snapshot: SandboxSnapshot) => Promise<void>\n : never;\n restore: \"restore\" extends TCaps\n ? (snapshot: SandboxSnapshot, options?: TOptions) => Promise<TSandbox>\n : never;\n fork: \"fork\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<TSandbox>\n : never;\n}>;\n\n/**\n * Always-present provider lifecycle methods. These do not depend on the\n * capability set and are required by every adapter.\n */\ninterface SandboxProviderBase<\n TOptions extends SandboxCreateOptions,\n TSandbox extends Sandbox,\n TCaps extends SandboxCapability,\n> {\n readonly id: string;\n readonly capabilities: SandboxCapabilities;\n /**\n * Runtime-introspectable list of supported capabilities.\n *\n * Constrained to `ReadonlySet<TCaps & SandboxCapability>` so the runtime\n * set cannot include capabilities not declared at the type level — a\n * provider typed as `SandboxProvider<…, never>` cannot ship a runtime\n * set that contains `\"pause\"`, etc.\n *\n * The other direction (type declares a cap, runtime set omits it)\n * cannot be enforced by TypeScript alone; adapters should derive both\n * `TCaps` and the runtime set from the same `as const` array (see\n * `SandboxManager`'s constructor-time consistency check) so the two\n * surfaces cannot drift.\n */\n readonly supportedCapabilities: ReadonlySet<TCaps & SandboxCapability>;\n\n create(options?: TOptions): Promise<SandboxCreateResult>;\n get(sandboxId: string): Promise<TSandbox>;\n destroy(sandboxId: string): Promise<void>;\n}\n\n/**\n * Provider-side sandbox lifecycle contract.\n *\n * Generic over an optional capability set (`TCaps`). Each capability gates\n * a specific method: when the cap is absent the corresponding key is\n * **removed** from the type entirely, so calling it produces a TypeScript\n * error at the call site instead of a runtime\n * {@link SandboxNotSupportedError}.\n *\n * The default `TCaps = SandboxCapability` resolves to the full union, so\n * existing usages that only pass `TOptions` / `TSandbox` continue to see\n * the full method surface (backwards compatible).\n *\n * Adapters that don't support a method should narrow `TCaps` accordingly:\n *\n * - In-memory / E2B: `SandboxCapability` (default — all caps present).\n * - Bedrock Code Interpreter / Daytona: `never` (only base ops).\n * - Bedrock AgentCore Runtime: `\"pause\" | \"resume\"`.\n */\nexport type SandboxProvider<\n TOptions extends SandboxCreateOptions = SandboxCreateOptions,\n TSandbox extends Sandbox = Sandbox,\n TCaps extends SandboxCapability = SandboxCapability,\n> = SandboxProviderBase<TOptions, TSandbox, TCaps> &\n SandboxProviderCapMethods<TOptions, TSandbox, TCaps>;\n\n// ============================================================================\n// SandboxOps — workflow-side activity interface (like ThreadOps)\n// ============================================================================\n\n/**\n * Capability-gated workflow-side methods. Mirrors the provider's gating:\n * keys whose capability is absent from `TCaps` are removed from the type.\n */\ntype SandboxOpsCapMethods<\n TOptions extends SandboxCreateOptions,\n TCaps extends SandboxCapability,\n> = OmitNever<{\n pauseSandbox: \"pause\" extends TCaps\n ? (sandboxId: string) => Promise<void>\n : never;\n resumeSandbox: \"resume\" extends TCaps\n ? (sandboxId: string) => Promise<void>\n : never;\n snapshotSandbox: \"snapshot\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<SandboxSnapshot>\n : never;\n deleteSandboxSnapshot: \"snapshot\" extends TCaps\n ? (snapshot: SandboxSnapshot) => Promise<void>\n : never;\n restoreSandbox: \"restore\" extends TCaps\n ? (snapshot: SandboxSnapshot, options?: TOptions) => Promise<string>\n : never;\n forkSandbox: \"fork\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<string>\n : never;\n}>;\n\n/**\n * Always-present workflow-side lifecycle methods.\n */\ninterface SandboxOpsBase<\n TOptions extends SandboxCreateOptions,\n TCtx,\n> {\n createSandbox(\n options?: TOptions,\n ctx?: TCtx\n ): Promise<{ sandboxId: string } | null>;\n destroySandbox(sandboxId: string): Promise<void>;\n}\n\n/**\n * Workflow-side counterpart to {@link SandboxProvider}. Exposed as a set of\n * Temporal activities and consumed by `createSession`'s `sandboxOps` field\n * and by `defineSubagent`'s `sandbox.proxy`.\n *\n * Generic over a capability set (`TCaps`) — same semantics as the provider:\n * keys whose capability is absent are removed from the type, so calling\n * them is a TypeScript error rather than a runtime throw. The default\n * `TCaps = SandboxCapability` keeps the full method surface for existing\n * consumers.\n */\nexport type SandboxOps<\n TOptions extends SandboxCreateOptions = SandboxCreateOptions,\n TCtx = unknown,\n TCaps extends SandboxCapability = SandboxCapability,\n> = SandboxOpsBase<TOptions, TCtx> & SandboxOpsCapMethods<TOptions, TCaps>;\n\n/**\n * Maps generic {@link SandboxOps} method names to adapter-prefixed names.\n *\n * Inherits the capability gating from {@link SandboxOps}: when `TCaps` omits\n * a capability the prefixed key carries the `never` type so call sites are\n * type-protected.\n *\n * @example\n * ```typescript\n * type E2bOps = PrefixedSandboxOps<\"e2b\">;\n * // → { e2bCreateSandbox, e2bDestroySandbox, e2bSnapshotSandbox, … }\n * ```\n */\nexport type PrefixedSandboxOps<\n TPrefix extends string,\n TOptions extends SandboxCreateOptions = SandboxCreateOptions,\n TCtx = unknown,\n TCaps extends SandboxCapability = SandboxCapability,\n> = {\n [K in keyof SandboxOps<\n TOptions,\n TCtx,\n TCaps\n > as `${TPrefix}${Capitalize<K & string>}`]: SandboxOps<\n TOptions,\n TCtx,\n TCaps\n >[K];\n};\n\n// ============================================================================\n// Errors\n// ============================================================================\n\nimport { ApplicationFailure } from \"@temporalio/common\";\n\n/**\n * Thrown by adapters that still surface an unsupported method at runtime.\n *\n * After the capability-generic refactor most adapters drop their\n * unsupported methods entirely so the type system rejects them at call\n * sites. This symbol is still exported so consumers running against older\n * adapter versions can keep their backwards-compatible error-handling\n * paths until they finish migrating.\n */\nexport class SandboxNotSupportedError extends ApplicationFailure {\n constructor(operation: string) {\n super(\n `Sandbox does not support: ${operation}`,\n \"SandboxNotSupportedError\",\n true\n );\n }\n}\n\nexport class SandboxNotFoundError extends ApplicationFailure {\n constructor(sandboxId: string) {\n super(`Sandbox not found: ${sandboxId}`, \"SandboxNotFoundError\", true);\n }\n}\n","import type { Sandbox as DaytonaSdkSandbox } from \"@daytonaio/sdk\";\nimport type {\n SandboxFileSystem,\n DirentEntry,\n FileStat,\n} from \"../../../lib/sandbox/types\";\nimport { SandboxNotSupportedError } from \"../../../lib/sandbox/types\";\nimport { posix } from \"node:path\";\n\n/**\n * {@link SandboxFileSystem} backed by a Daytona SDK sandbox.\n *\n * Maps zeitlich's filesystem interface to Daytona's `sandbox.fs` and\n * `sandbox.process` APIs. Operations that have no direct Daytona equivalent\n * (e.g. `appendFile`, `cp`) are composed from primitives.\n */\nexport class DaytonaSandboxFileSystem implements SandboxFileSystem {\n readonly workspaceBase: string;\n\n constructor(\n private sandbox: DaytonaSdkSandbox,\n workspaceBase = \"/home/daytona\"\n ) {\n this.workspaceBase = posix.resolve(\"/\", workspaceBase);\n }\n\n private normalisePath(path: string): string {\n return posix.resolve(this.workspaceBase, path);\n }\n\n private async ensureParentDirs(absolutePaths: string[]): Promise<void> {\n const prefix = this.workspaceBase === \"/\" ? \"/\" : `${this.workspaceBase}/`;\n const dirs = new Set<string>();\n for (const p of absolutePaths) {\n let dir = posix.dirname(p);\n while (dir.startsWith(prefix)) {\n dirs.add(dir);\n dir = posix.dirname(dir);\n }\n }\n const sorted = [...dirs].sort(\n (a, b) => a.split(\"/\").length - b.split(\"/\").length\n );\n for (const dir of sorted) {\n try {\n await this.sandbox.fs.createFolder(dir, \"755\");\n } catch {\n // Folder already exists — Daytona's createFolder throws in that case.\n }\n }\n }\n\n async readFile(path: string): Promise<string> {\n const norm = this.normalisePath(path);\n const buf = await this.sandbox.fs.downloadFile(norm);\n return buf.toString(\"utf-8\");\n }\n\n async readFileBuffer(path: string): Promise<Uint8Array> {\n const norm = this.normalisePath(path);\n const buf = await this.sandbox.fs.downloadFile(norm);\n return new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength);\n }\n\n async writeFile(path: string, content: string | Uint8Array): Promise<void> {\n const norm = this.normalisePath(path);\n const buf =\n typeof content === \"string\"\n ? Buffer.from(content, \"utf-8\")\n : Buffer.from(content);\n await this.ensureParentDirs([norm]);\n await this.sandbox.fs.uploadFile(buf, norm);\n }\n\n async writeFiles(\n files: { path: string; content: string | Uint8Array }[]\n ): Promise<void> {\n const uploads = files.map((f) => ({\n source: Buffer.from(f.content),\n destination: this.normalisePath(f.path),\n }));\n await this.ensureParentDirs(uploads.map((u) => u.destination));\n await this.sandbox.fs.uploadFiles(uploads);\n }\n\n async appendFile(path: string, content: string | Uint8Array): Promise<void> {\n const norm = this.normalisePath(path);\n let existing: Buffer;\n try {\n existing = await this.sandbox.fs.downloadFile(norm);\n } catch {\n return this.writeFile(norm, content);\n }\n\n const addition =\n typeof content === \"string\" ? Buffer.from(content, \"utf-8\") : content;\n const merged = Buffer.concat([existing, Buffer.from(addition)]);\n await this.sandbox.fs.uploadFile(merged, norm);\n }\n\n async exists(path: string): Promise<boolean> {\n const norm = this.normalisePath(path);\n try {\n await this.sandbox.fs.getFileDetails(norm);\n return true;\n } catch {\n return false;\n }\n }\n\n async stat(path: string): Promise<FileStat> {\n const norm = this.normalisePath(path);\n const info = await this.sandbox.fs.getFileDetails(norm);\n return {\n isFile: !info.isDir,\n isDirectory: info.isDir,\n isSymbolicLink: false,\n size: info.size,\n mtime: new Date(info.modTime),\n };\n }\n\n async mkdir(path: string, _options?: { recursive?: boolean }): Promise<void> {\n const norm = this.normalisePath(path);\n await this.sandbox.fs.createFolder(norm, \"755\");\n }\n\n async readdir(path: string): Promise<string[]> {\n const norm = this.normalisePath(path);\n const entries = await this.sandbox.fs.listFiles(norm);\n return entries.map((e) => e.name);\n }\n\n async readdirWithFileTypes(path: string): Promise<DirentEntry[]> {\n const norm = this.normalisePath(path);\n const entries = await this.sandbox.fs.listFiles(norm);\n return entries.map((e) => ({\n name: e.name,\n isFile: !e.isDir,\n isDirectory: e.isDir,\n isSymbolicLink: false,\n }));\n }\n\n async rm(\n path: string,\n options?: { recursive?: boolean; force?: boolean }\n ): Promise<void> {\n const norm = this.normalisePath(path);\n try {\n await this.sandbox.fs.deleteFile(norm, options?.recursive);\n } catch (err) {\n if (!options?.force) throw err;\n }\n }\n\n async cp(\n src: string,\n dest: string,\n options?: { recursive?: boolean }\n ): Promise<void> {\n const normSrc = this.normalisePath(src);\n const normDest = this.normalisePath(dest);\n const info = await this.sandbox.fs.getFileDetails(normSrc);\n if (info.isDir) {\n if (!options?.recursive) {\n throw new Error(`EISDIR: is a directory (use recursive): ${src}`);\n }\n await this.sandbox.process.executeCommand(\n `cp -r \"${normSrc}\" \"${normDest}\"`\n );\n } else {\n await this.sandbox.process.executeCommand(\n `cp \"${normSrc}\" \"${normDest}\"`\n );\n }\n }\n\n async mv(src: string, dest: string): Promise<void> {\n const normSrc = this.normalisePath(src);\n const normDest = this.normalisePath(dest);\n await this.sandbox.fs.moveFiles(normSrc, normDest);\n }\n\n async readlink(_path: string): Promise<string> {\n throw new SandboxNotSupportedError(\"readlink\");\n }\n\n resolvePath(base: string, path: string): string {\n return posix.resolve(this.normalisePath(base), path);\n }\n}\n","import { Daytona, type Sandbox as DaytonaSdkSandbox } from \"@daytonaio/sdk\";\nimport type {\n Sandbox,\n SandboxCapabilities,\n SandboxCapability,\n SandboxCreateResult,\n SandboxProvider,\n ExecOptions,\n ExecResult,\n} from \"../../../lib/sandbox/types\";\nimport { SandboxNotFoundError } from \"../../../lib/sandbox/types\";\nimport { DaytonaSandboxFileSystem } from \"./filesystem\";\nimport type {\n DaytonaSandbox,\n DaytonaSandboxConfig,\n DaytonaSandboxCreateOptions,\n} from \"./types\";\n\n// ============================================================================\n// DaytonaSandbox\n// ============================================================================\n\nclass DaytonaSandboxImpl implements Sandbox {\n readonly capabilities: SandboxCapabilities = {\n filesystem: true,\n execution: true,\n persistence: false,\n };\n\n readonly fs: DaytonaSandboxFileSystem;\n\n constructor(\n readonly id: string,\n private sdkSandbox: DaytonaSdkSandbox,\n workspaceBase = \"/home/daytona\"\n ) {\n this.fs = new DaytonaSandboxFileSystem(sdkSandbox, workspaceBase);\n }\n\n async exec(command: string, options?: ExecOptions): Promise<ExecResult> {\n const response = await this.sdkSandbox.process.executeCommand(\n command,\n options?.cwd,\n options?.env,\n options?.timeout\n );\n\n return {\n exitCode: response.exitCode ?? 0,\n stdout: response.result ?? \"\",\n stderr: \"\",\n };\n }\n\n async destroy(): Promise<void> {\n await this.sdkSandbox.delete(60);\n }\n}\n\n// ============================================================================\n// DaytonaSandboxProvider\n// ============================================================================\n\n/**\n * Single source of truth for the Daytona adapter's capability set. Daytona\n * implements only base lifecycle (`create` / `get` / `destroy`); both the\n * type-level `TCaps` (`never`) and the runtime `supportedCapabilities`\n * set fall out of this empty array, so the two surfaces cannot drift.\n */\nconst DAYTONA_CAPS = [] as const satisfies readonly SandboxCapability[];\ntype DaytonaCaps = (typeof DAYTONA_CAPS)[number]; // → never\n\n/**\n * Daytona implements only base sandbox lifecycle (`create` / `get` /\n * `destroy`). Snapshot, restore, fork, pause, and resume are not supported\n * — the type-level capability set is `never`, so calling any of those\n * methods on a Daytona provider, manager, or `SandboxOps` proxy is a\n * compile-time TypeScript error.\n */\nexport class DaytonaSandboxProvider\n implements\n SandboxProvider<DaytonaSandboxCreateOptions, DaytonaSandbox, DaytonaCaps>\n{\n readonly id = \"daytona\";\n readonly capabilities: SandboxCapabilities = {\n filesystem: true,\n execution: true,\n persistence: false,\n };\n readonly supportedCapabilities: ReadonlySet<DaytonaCaps> = new Set(\n DAYTONA_CAPS\n );\n\n private client: Daytona;\n private readonly defaultWorkspaceBase: string;\n\n constructor(config?: DaytonaSandboxConfig) {\n this.client = new Daytona(config);\n this.defaultWorkspaceBase = config?.workspaceBase ?? \"/home/daytona\";\n }\n\n async create(\n options?: DaytonaSandboxCreateOptions\n ): Promise<SandboxCreateResult> {\n const sdkSandbox = await this.client.create(\n {\n language: options?.language,\n snapshot: options?.snapshot,\n envVars: options?.env,\n labels: options?.labels,\n autoStopInterval: options?.autoStopInterval,\n autoArchiveInterval: options?.autoArchiveInterval,\n autoDeleteInterval: options?.autoDeleteInterval,\n },\n { timeout: options?.timeout ?? 60 }\n );\n\n const workspaceBase = options?.workspaceBase ?? this.defaultWorkspaceBase;\n\n const sandbox = new DaytonaSandboxImpl(\n sdkSandbox.id,\n sdkSandbox,\n workspaceBase\n );\n\n if (options?.initialFiles) {\n await sandbox.fs.writeFiles(\n Object.entries(options.initialFiles).map(([path, content]) => ({\n path,\n content,\n }))\n );\n }\n\n return { sandbox };\n }\n\n async get(sandboxId: string): Promise<DaytonaSandbox> {\n try {\n const sdkSandbox = await this.client.get(sandboxId);\n return new DaytonaSandboxImpl(\n sdkSandbox.id,\n sdkSandbox,\n this.defaultWorkspaceBase\n );\n } catch {\n throw new SandboxNotFoundError(sandboxId);\n }\n }\n\n async destroy(sandboxId: string): Promise<void> {\n try {\n const sdkSandbox = await this.client.get(sandboxId);\n await this.client.delete(sdkSandbox);\n } catch {\n // Already gone\n }\n }\n}\n\n// Re-exports\nexport { DaytonaSandboxFileSystem } from \"./filesystem\";\nexport type {\n DaytonaSandbox,\n DaytonaSandboxConfig,\n DaytonaSandboxCreateOptions,\n} from \"./types\";\n"]}
package/dist/adapters/sandbox/daytona/index.d.cts CHANGED
@@ -1,6 +1,6 @@
1
- import { d as SandboxProvider, e as SandboxCapabilities, f as SandboxCreateResult } from '../../../types-CJ7tCdl6.cjs';
2
- import { D as DaytonaSandboxCreateOptions, a as DaytonaSandbox, b as DaytonaSandboxConfig } from '../../../types-CjY93AWZ.cjs';
3
- export { c as DaytonaSandboxFileSystem } from '../../../types-CjY93AWZ.cjs';
1
+ import { S as SandboxProvider, a as SandboxCapabilities, b as SandboxCreateResult } from '../../../types-D8W5TnSa.cjs';
2
+ import { D as DaytonaSandboxCreateOptions, a as DaytonaSandbox, b as DaytonaSandboxConfig } from '../../../types-OEN1xrFg.cjs';
3
+ export { c as DaytonaSandboxFileSystem } from '../../../types-OEN1xrFg.cjs';
4
4
  import '@temporalio/common';
5
5
  import '@daytonaio/sdk';
6
6
 
package/dist/adapters/sandbox/daytona/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
- import { d as SandboxProvider, e as SandboxCapabilities, f as SandboxCreateResult } from '../../../types-CJ7tCdl6.js';
2
- import { D as DaytonaSandboxCreateOptions, a as DaytonaSandbox, b as DaytonaSandboxConfig } from '../../../types-gVa5XCWD.js';
3
- export { c as DaytonaSandboxFileSystem } from '../../../types-gVa5XCWD.js';
1
+ import { S as SandboxProvider, a as SandboxCapabilities, b as SandboxCreateResult } from '../../../types-D8W5TnSa.js';
2
+ import { D as DaytonaSandboxCreateOptions, a as DaytonaSandbox, b as DaytonaSandboxConfig } from '../../../types-BQvXWcft.js';
3
+ export { c as DaytonaSandboxFileSystem } from '../../../types-BQvXWcft.js';
4
4
  import '@temporalio/common';
5
5
  import '@daytonaio/sdk';
6
6
 
package/dist/adapters/sandbox/daytona/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/lib/sandbox/types.ts","../../../../src/adapters/sandbox/daytona/filesystem.ts","../../../../src/adapters/sandbox/daytona/index.ts"],"names":[],"mappings":";;;;;AA4XO,IAAM,wBAAA,GAAN,cAAuC,kBAAA,CAAmB;AAAA,EAC/D,YAAY,SAAA,EAAmB;AAC7B,IAAA,KAAA;AAAA,MACE,6BAA6B,SAAS,CAAA,CAAA;AAAA,MACtC,0BAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACF,CAAA;AAEO,IAAM,oBAAA,GAAN,cAAmC,kBAAA,CAAmB;AAAA,EAC3D,YAAY,SAAA,EAAmB;AAC7B,IAAA,KAAA,CAAM,CAAA,mBAAA,EAAsB,SAAS,CAAA,CAAA,EAAI,sBAAA,EAAwB,IAAI,CAAA;AAAA,EACvE;AACF,CAAA;AC1XO,IAAM,2BAAN,MAA4D;AAAA,EAGjE,WAAA,CACU,OAAA,EACR,aAAA,GAAgB,eAAA,EAChB;AAFQ,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAGR,IAAA,IAAA,CAAK,aAAA,GAAgB,KAAA,CAAM,OAAA,CAAQ,GAAA,EAAK,aAAa,CAAA;AAAA,EACvD;AAAA,EAJU,OAAA;AAAA,EAHD,aAAA;AAAA,EASD,cAAc,IAAA,EAAsB;AAC1C,IAAA,OAAO,KAAA,CAAM,OAAA,CAAQ,IAAA,CAAK,aAAA,EAAe,IAAI,CAAA;AAAA,EAC/C;AAAA,EAEA,MAAc,iBAAiB,aAAA,EAAwC;AACrE,IAAA,MAAM,SAAS,IAAA,CAAK,aAAA,KAAkB,MAAM,GAAA,GAAM,CAAA,EAAG,KAAK,aAAa,CAAA,CAAA,CAAA;AACvE,IAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,IAAA,KAAA,MAAW,KAAK,aAAA,EAAe;AAC7B,MAAA,IAAI,GAAA,GAAM,KAAA,CAAM,OAAA,CAAQ,CAAC,CAAA;AACzB,MAAA,OAAO,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AAC7B,QAAA,IAAA,CAAK,IAAI,GAAG,CAAA;AACZ,QAAA,GAAA,GAAM,KAAA,CAAM,QAAQ,GAAG,CAAA;AAAA,MACzB;AAAA,IACF;AACA,IAAA,MAAM,MAAA,GAAS,CAAC,GAAG,IAAI,CAAA,CAAE,IAAA;AAAA,MACvB,CAAC,CAAA,EAAG,CAAA,KAAM,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE,MAAA,GAAS,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE;AAAA,KAC/C;AACA,IAAA,KAAA,MAAW,OAAO,MAAA,EAAQ;AACxB,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,YAAA,CAAa,KAAK,KAAK,CAAA;AAAA,MAC/C,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,SAAS,IAAA,EAA+B;AAC5C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,aAAa,IAAI,CAAA;AACnD,IAAA,OAAO,GAAA,CAAI,SAAS,OAAO,CAAA;AAAA,EAC7B;AAAA,EAEA,MAAM,eAAe,IAAA,EAAmC;AACtD,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,aAAa,IAAI,CAAA;AACnD,IAAA,OAAO,IAAI,UAAA,CAAW,GAAA,CAAI,QAAQ,GAAA,CAAI,UAAA,EAAY,IAAI,UAAU,CAAA;AAAA,EAClE;AAAA,EAEA,MAAM,SAAA,CAAU,IAAA,EAAc,OAAA,EAA6C;AACzE,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,GAAA,GACJ,OAAO,OAAA,KAAY,QAAA,GACf,MAAA,CAAO,IAAA,CAAK,OAAA,EAAS,OAAO,CAAA,GAC5B,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AACzB,IAAA,MAAM,IAAA,CAAK,gBAAA,CAAiB,CAAC,IAAI,CAAC,CAAA;AAClC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAA,CAAW,KAAK,IAAI,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WACJ,KAAA,EACe;AACf,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,MAChC,MAAA,EAAQ,MAAA,CAAO,IAAA,CAAK,CAAA,CAAE,OAAO,CAAA;AAAA,MAC7B,WAAA,EAAa,IAAA,CAAK,aAAA,CAAc,CAAA,CAAE,IAAI;AAAA,KACxC,CAAE,CAAA;AACF,IAAA,MAAM,IAAA,CAAK,iBAAiB,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,WAAW,CAAC,CAAA;AAC7D,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,WAAA,CAAY,OAAO,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,UAAA,CAAW,IAAA,EAAc,OAAA,EAA6C;AAC1E,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,aAAa,IAAI,CAAA;AAAA,IACpD,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA,CAAK,SAAA,CAAU,IAAA,EAAM,OAAO,CAAA;AAAA,IACrC;AAEA,IAAA,MAAM,QAAA,GACJ,OAAO,OAAA,KAAY,QAAA,GAAW,OAAO,IAAA,CAAK,OAAA,EAAS,OAAO,CAAA,GAAI,OAAA;AAChE,IAAA,MAAM,MAAA,GAAS,OAAO,MAAA,CAAO,CAAC,UAAU,MAAA,CAAO,IAAA,CAAK,QAAQ,CAAC,CAAC,CAAA;AAC9D,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAA,CAAW,QAAQ,IAAI,CAAA;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAO,IAAA,EAAgC;AAC3C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,cAAA,CAAe,IAAI,CAAA;AACzC,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,KAAK,IAAA,EAAiC;AAC1C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,eAAe,IAAI,CAAA;AACtD,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,CAAC,IAAA,CAAK,KAAA;AAAA,MACd,aAAa,IAAA,CAAK,KAAA;AAAA,MAClB,cAAA,EAAgB,KAAA;AAAA,MAChB,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,KAAA,EAAO,IAAI,IAAA,CAAK,IAAA,CAAK,OAAO;AAAA,KAC9B;AAAA,EACF;AAAA,EAEA,MAAM,KAAA,CAAM,IAAA,EAAc,QAAA,EAAmD;AAC3E,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,YAAA,CAAa,MAAM,KAAK,CAAA;AAAA,EAChD;AAAA,EAEA,MAAM,QAAQ,IAAA,EAAiC;AAC7C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAU,IAAI,CAAA;AACpD,IAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,IAAI,CAAA;AAAA,EAClC;AAAA,EAEA,MAAM,qBAAqB,IAAA,EAAsC;AAC/D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAU,IAAI,CAAA;AACpD,IAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,MACzB,MAAM,CAAA,CAAE,IAAA;AAAA,MACR,MAAA,EAAQ,CAAC,CAAA,CAAE,KAAA;AAAA,MACX,aAAa,CAAA,CAAE,KAAA;AAAA,MACf,cAAA,EAAgB;AAAA,KAClB,CAAE,CAAA;AAAA,EACJ;AAAA,EAEA,MAAM,EAAA,CACJ,IAAA,EACA,OAAA,EACe;AACf,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,IAAI;AACF,MAAA,MAAM,KAAK,OAAA,CAAQ,EAAA,CAAG,UAAA,CAAW,IAAA,EAAM,SAAS,SAAS,CAAA;AAAA,IAC3D,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,CAAC,OAAA,EAAS,KAAA,EAAO,MAAM,GAAA;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,MAAM,EAAA,CACJ,GAAA,EACA,IAAA,EACA,OAAA,EACe;AACf,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,aAAA,CAAc,GAAG,CAAA;AACtC,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACxC,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,eAAe,OAAO,CAAA;AACzD,IAAA,IAAI,KAAK,KAAA,EAAO;AACd,MAAA,IAAI,CAAC,SAAS,SAAA,EAAW;AACvB,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,wCAAA,EAA2C,GAAG,CAAA,CAAE,CAAA;AAAA,MAClE;AACA,MAAA,MAAM,IAAA,CAAK,QAAQ,OAAA,CAAQ,cAAA;AAAA,QACzB,CAAA,OAAA,EAAU,OAAO,CAAA,GAAA,EAAM,QAAQ,CAAA,CAAA;AAAA,OACjC;AAAA,IACF,CAAA,MAAO;AACL,MAAA,MAAM,IAAA,CAAK,QAAQ,OAAA,CAAQ,cAAA;AAAA,QACzB,CAAA,IAAA,EAAO,OAAO,CAAA,GAAA,EAAM,QAAQ,CAAA,CAAA;AAAA,OAC9B;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,EAAA,CAAG,GAAA,EAAa,IAAA,EAA6B;AACjD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,aAAA,CAAc,GAAG,CAAA;AACtC,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACxC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,SAAA,CAAU,SAAS,QAAQ,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,SAAS,KAAA,EAAgC;AAC7C,IAAA,MAAM,IAAI,yBAAyB,UAAU,CAAA;AAAA,EAC/C;AAAA,EAEA,WAAA,CAAY,MAAc,IAAA,EAAsB;AAC9C,IAAA,OAAO,MAAM,OAAA,CAAQ,IAAA,CAAK,aAAA,CAAc,IAAI,GAAG,IAAI,CAAA;AAAA,EACrD;AACF;;;ACzKA,IAAM,qBAAN,MAA4C;AAAA,EAS1C,WAAA,CACW,EAAA,EACD,UAAA,EACR,aAAA,GAAgB,eAAA,EAChB;AAHS,IAAA,IAAA,CAAA,EAAA,GAAA,EAAA;AACD,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAGR,IAAA,IAAA,CAAK,EAAA,GAAK,IAAI,wBAAA,CAAyB,UAAA,EAAY,aAAa,CAAA;AAAA,EAClE;AAAA,EALW,EAAA;AAAA,EACD,UAAA;AAAA,EAVD,YAAA,GAAoC;AAAA,IAC3C,UAAA,EAAY,IAAA;AAAA,IACZ,SAAA,EAAW,IAAA;AAAA,IACX,WAAA,EAAa;AAAA,GACf;AAAA,EAES,EAAA;AAAA,EAUT,MAAM,IAAA,CAAK,OAAA,EAAiB,OAAA,EAA4C;AACtE,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,UAAA,CAAW,OAAA,CAAQ,cAAA;AAAA,MAC7C,OAAA;AAAA,MACA,OAAA,EAAS,GAAA;AAAA,MACT,OAAA,EAAS,GAAA;AAAA,MACT,OAAA,EAAS;AAAA,KACX;AAEA,IAAA,OAAO;AAAA,MACL,QAAA,EAAU,SAAS,QAAA,IAAY,CAAA;AAAA,MAC/B,MAAA,EAAQ,SAAS,MAAA,IAAU,EAAA;AAAA,MAC3B,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAAA,EAEA,MAAM,OAAA,GAAyB;AAC7B,IAAA,MAAM,IAAA,CAAK,UAAA,CAAW,MAAA,CAAO,EAAE,CAAA;AAAA,EACjC;AACF,CAAA;AAYA,IAAM,eAAe,EAAC;AAUf,IAAM,yBAAN,MAGP;AAAA,EACW,EAAA,GAAK,SAAA;AAAA,EACL,YAAA,GAAoC;AAAA,IAC3C,UAAA,EAAY,IAAA;AAAA,IACZ,SAAA,EAAW,IAAA;AAAA,IACX,WAAA,EAAa;AAAA,GACf;AAAA,EACS,wBAAkD,IAAI,GAAA;AAAA,IAC7D;AAAA,GACF;AAAA,EAEQ,MAAA;AAAA,EACS,oBAAA;AAAA,EAEjB,YAAY,MAAA,EAA+B;AACzC,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,OAAA,CAAQ,MAAM,CAAA;AAChC,IAAA,IAAA,CAAK,oBAAA,GAAuB,QAAQ,aAAA,IAAiB,eAAA;AAAA,EACvD;AAAA,EAEA,MAAM,OACJ,OAAA,EAC8B;AAC9B,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,MAAA,CAAO,MAAA;AAAA,MACnC;AAAA,QACE,UAAU,OAAA,EAAS,QAAA;AAAA,QACnB,UAAU,OAAA,EAAS,QAAA;AAAA,QACnB,SAAS,OAAA,EAAS,GAAA;AAAA,QAClB,QAAQ,OAAA,EAAS,MAAA;AAAA,QACjB,kBAAkB,OAAA,EAAS,gBAAA;AAAA,QAC3B,qBAAqB,OAAA,EAAS,mBAAA;AAAA,QAC9B,oBAAoB,OAAA,EAAS;AAAA,OAC/B;AAAA,MACA,EAAE,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,EAAA;AAAG,KACpC;AAEA,IAAA,MAAM,aAAA,GAAgB,OAAA,EAAS,aAAA,IAAiB,IAAA,CAAK,oBAAA;AAErD,IAAA,MAAM,UAAU,IAAI,kBAAA;AAAA,MAClB,UAAA,CAAW,EAAA;AAAA,MACX,UAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,IAAI,SAAS,YAAA,EAAc;AACzB,MAAA,MAAM,QAAQ,EAAA,CAAG,UAAA;AAAA,QACf,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAA,CAAE,IAAI,CAAC,CAAC,IAAA,EAAM,OAAO,CAAA,MAAO;AAAA,UAC7D,IAAA;AAAA,UACA;AAAA,SACF,CAAE;AAAA,OACJ;AAAA,IACF;AAEA,IAAA,OAAO,EAAE,OAAA,EAAQ;AAAA,EACnB;AAAA,EAEA,MAAM,IAAI,SAAA,EAA4C;AACpD,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,MAAA,CAAO,IAAI,SAAS,CAAA;AAClD,MAAA,OAAO,IAAI,kBAAA;AAAA,QACT,UAAA,CAAW,EAAA;AAAA,QACX,UAAA;AAAA,QACA,IAAA,CAAK;AAAA,OACP;AAAA,IACF,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAI,qBAAqB,SAAS,CAAA;AAAA,IAC1C;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,SAAA,EAAkC;AAC9C,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,MAAA,CAAO,IAAI,SAAS,CAAA;AAClD,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA;AAAA,IACrC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AACF","file":"index.js","sourcesContent":["// ============================================================================\n// Sandbox Filesystem\n// ============================================================================\n\nexport interface DirentEntry {\n name: string;\n isFile: boolean;\n isDirectory: boolean;\n isSymbolicLink: boolean;\n}\n\nexport interface FileStat {\n isFile: boolean;\n isDirectory: boolean;\n isSymbolicLink: boolean;\n size: number;\n mtime: Date;\n}\n\n// ============================================================================\n// Network & lifecycle\n// ============================================================================\n\nexport interface SandboxNetworkConfig {\n allowOut?: string[];\n denyOut?: string[];\n allowPublicTraffic?: boolean;\n}\n\nexport interface SandboxLifecycleConfig {\n onTimeout: \"kill\" | \"pause\";\n autoResume?: boolean;\n}\n\n/**\n * Provider-agnostic filesystem interface.\n *\n * Implementations that don't support a method should throw\n * {@link SandboxNotSupportedError}.\n */\nexport interface SandboxFileSystem {\n /** Base directory used when resolving relative paths. */\n readonly workspaceBase: string;\n readFile(path: string): Promise<string>;\n readFileBuffer(path: string): Promise<Uint8Array>;\n writeFile(path: string, content: string | Uint8Array): Promise<void>;\n appendFile(path: string, content: string | Uint8Array): Promise<void>;\n exists(path: string): Promise<boolean>;\n stat(path: string): Promise<FileStat>;\n mkdir(path: string, options?: { recursive?: boolean }): Promise<void>;\n readdir(path: string): Promise<string[]>;\n readdirWithFileTypes(path: string): Promise<DirentEntry[]>;\n rm(\n path: string,\n options?: { recursive?: boolean; force?: boolean }\n ): Promise<void>;\n cp(\n src: string,\n dest: string,\n options?: { recursive?: boolean }\n ): Promise<void>;\n mv(src: string, dest: string): Promise<void>;\n readlink(path: string): Promise<string>;\n resolvePath(base: string, path: string): string;\n}\n\n// ============================================================================\n// Execution\n// ============================================================================\n\nexport interface ExecOptions {\n timeout?: number;\n cwd?: string;\n env?: Record<string, string>;\n}\n\nexport interface ExecResult {\n exitCode: number;\n stdout: string;\n stderr: string;\n}\n\n// ============================================================================\n// Capabilities\n// ============================================================================\n\n/**\n * Runtime capability flags carried by a {@link Sandbox} instance.\n *\n * These are an orthogonal mechanism to the type-level\n * {@link SandboxCapability} union: this flag bag is for runtime\n * introspection (\"does the sandbox support a filesystem?\") whereas\n * {@link SandboxCapability} narrows the type-level provider/ops contract.\n */\nexport interface SandboxCapabilities {\n /** Sandbox supports filesystem operations */\n filesystem: boolean;\n /** Sandbox supports shell/command execution */\n execution: boolean;\n /** Sandbox state can be persisted and restored */\n persistence: boolean;\n}\n\n/**\n * Type-level capability vocabulary for {@link SandboxProvider} and\n * {@link SandboxOps}. Adapters declare the subset they actually support; the\n * conditional types on each contract gate the corresponding methods so\n * unsupported calls become a compile-time error rather than a runtime\n * {@link SandboxNotSupportedError}.\n *\n * `pause` and `resume` are split because some adapters might support one\n * direction without the other. The `snapshot` cap covers both `snapshot()`\n * and `deleteSnapshot()` since they always travel together in practice.\n */\nexport type SandboxCapability =\n | \"pause\"\n | \"resume\"\n | \"snapshot\"\n | \"restore\"\n | \"fork\";\n\n// ============================================================================\n// Sandbox\n// ============================================================================\n\nexport interface Sandbox {\n readonly id: string;\n readonly capabilities: SandboxCapabilities;\n readonly fs: SandboxFileSystem;\n\n exec(command: string, options?: ExecOptions): Promise<ExecResult>;\n destroy(): Promise<void>;\n}\n\n// ============================================================================\n// Snapshots\n// ============================================================================\n\nexport interface SandboxSnapshot {\n sandboxId: string;\n providerId: string;\n /** Provider-specific serialised state */\n data: unknown;\n createdAt: string;\n}\n\n// ============================================================================\n// Provider\n// ============================================================================\n\nexport interface SandboxCreateOptions {\n /** Preferred sandbox ID (provider may ignore) */\n id?: string;\n /** Seed the filesystem with these files */\n initialFiles?: Record<string, string | Uint8Array>;\n /** Environment variables available inside the sandbox */\n env?: Record<string, string>;\n /** Key-value metadata surfaced via provider list/query APIs */\n metadata?: Record<string, string>;\n /** Sandbox idle timeout in milliseconds */\n timeoutMs?: number;\n /** Enable or disable outbound internet access */\n allowInternetAccess?: boolean;\n /** Outbound network allow/deny rules */\n network?: SandboxNetworkConfig;\n /** Sandbox timeout behaviour */\n lifecycle?: SandboxLifecycleConfig;\n}\n\nexport interface SandboxCreateResult {\n sandbox: Sandbox;\n}\n\n/**\n * Internal helper: drop keys whose value is `never` from an object type.\n *\n * Used by the capability-gated contracts below so that an absent capability\n * removes the corresponding key entirely, instead of leaving a required\n * field with type `never` (which would make implementations impossible).\n */\ntype OmitNever<T> = {\n [K in keyof T as [T[K]] extends [never] ? never : K]: T[K];\n};\n\n/**\n * Capability-gated provider lifecycle methods.\n *\n * Each field becomes `never` when its capability is absent from `TCaps`;\n * the wrapping `OmitNever` removes those keys entirely, so the method\n * isn't part of the type surface for adapters that don't support it.\n */\ntype SandboxProviderCapMethods<\n TOptions extends SandboxCreateOptions,\n TSandbox extends Sandbox,\n TCaps extends SandboxCapability,\n> = OmitNever<{\n pause: \"pause\" extends TCaps\n ? (sandboxId: string, ttlSeconds?: number) => Promise<void>\n : never;\n resume: \"resume\" extends TCaps ? (sandboxId: string) => Promise<void> : never;\n snapshot: \"snapshot\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<SandboxSnapshot>\n : never;\n deleteSnapshot: \"snapshot\" extends TCaps\n ? (snapshot: SandboxSnapshot) => Promise<void>\n : never;\n restore: \"restore\" extends TCaps\n ? (snapshot: SandboxSnapshot, options?: TOptions) => Promise<TSandbox>\n : never;\n fork: \"fork\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<TSandbox>\n : never;\n}>;\n\n/**\n * Always-present provider lifecycle methods. These do not depend on the\n * capability set and are required by every adapter.\n */\ninterface SandboxProviderBase<\n TOptions extends SandboxCreateOptions,\n TSandbox extends Sandbox,\n TCaps extends SandboxCapability,\n> {\n readonly id: string;\n readonly capabilities: SandboxCapabilities;\n /**\n * Runtime-introspectable list of supported capabilities.\n *\n * Constrained to `ReadonlySet<TCaps & SandboxCapability>` so the runtime\n * set cannot include capabilities not declared at the type level — a\n * provider typed as `SandboxProvider<…, never>` cannot ship a runtime\n * set that contains `\"pause\"`, etc.\n *\n * The other direction (type declares a cap, runtime set omits it)\n * cannot be enforced by TypeScript alone; adapters should derive both\n * `TCaps` and the runtime set from the same `as const` array (see\n * `SandboxManager`'s constructor-time consistency check) so the two\n * surfaces cannot drift.\n */\n readonly supportedCapabilities: ReadonlySet<TCaps & SandboxCapability>;\n\n create(options?: TOptions): Promise<SandboxCreateResult>;\n get(sandboxId: string): Promise<TSandbox>;\n destroy(sandboxId: string): Promise<void>;\n}\n\n/**\n * Provider-side sandbox lifecycle contract.\n *\n * Generic over an optional capability set (`TCaps`). Each capability gates\n * a specific method: when the cap is absent the corresponding key is\n * **removed** from the type entirely, so calling it produces a TypeScript\n * error at the call site instead of a runtime\n * {@link SandboxNotSupportedError}.\n *\n * The default `TCaps = SandboxCapability` resolves to the full union, so\n * existing usages that only pass `TOptions` / `TSandbox` continue to see\n * the full method surface (backwards compatible).\n *\n * Adapters that don't support a method should narrow `TCaps` accordingly:\n *\n * - In-memory / E2B: `SandboxCapability` (default — all caps present).\n * - Bedrock Code Interpreter / Daytona: `never` (only base ops).\n * - Bedrock AgentCore Runtime: `\"pause\" | \"resume\"`.\n */\nexport type SandboxProvider<\n TOptions extends SandboxCreateOptions = SandboxCreateOptions,\n TSandbox extends Sandbox = Sandbox,\n TCaps extends SandboxCapability = SandboxCapability,\n> = SandboxProviderBase<TOptions, TSandbox, TCaps> &\n SandboxProviderCapMethods<TOptions, TSandbox, TCaps>;\n\n// ============================================================================\n// SandboxOps — workflow-side activity interface (like ThreadOps)\n// ============================================================================\n\n/**\n * Capability-gated workflow-side methods. Mirrors the provider's gating:\n * keys whose capability is absent from `TCaps` are removed from the type.\n */\ntype SandboxOpsCapMethods<\n TOptions extends SandboxCreateOptions,\n TCaps extends SandboxCapability,\n> = OmitNever<{\n pauseSandbox: \"pause\" extends TCaps\n ? (sandboxId: string) => Promise<void>\n : never;\n resumeSandbox: \"resume\" extends TCaps\n ? (sandboxId: string) => Promise<void>\n : never;\n snapshotSandbox: \"snapshot\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<SandboxSnapshot>\n : never;\n deleteSandboxSnapshot: \"snapshot\" extends TCaps\n ? (snapshot: SandboxSnapshot) => Promise<void>\n : never;\n restoreSandbox: \"restore\" extends TCaps\n ? (snapshot: SandboxSnapshot, options?: TOptions) => Promise<string>\n : never;\n forkSandbox: \"fork\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<string>\n : never;\n}>;\n\n/**\n * Always-present workflow-side lifecycle methods.\n */\ninterface SandboxOpsBase<\n TOptions extends SandboxCreateOptions,\n TCtx,\n> {\n createSandbox(\n options?: TOptions,\n ctx?: TCtx\n ): Promise<{ sandboxId: string } | null>;\n destroySandbox(sandboxId: string): Promise<void>;\n}\n\n/**\n * Workflow-side counterpart to {@link SandboxProvider}. Exposed as a set of\n * Temporal activities and consumed by `createSession`'s `sandboxOps` field\n * and by `defineSubagent`'s `sandbox.proxy`.\n *\n * Generic over a capability set (`TCaps`) — same semantics as the provider:\n * keys whose capability is absent are removed from the type, so calling\n * them is a TypeScript error rather than a runtime throw. The default\n * `TCaps = SandboxCapability` keeps the full method surface for existing\n * consumers.\n */\nexport type SandboxOps<\n TOptions extends SandboxCreateOptions = SandboxCreateOptions,\n TCtx = unknown,\n TCaps extends SandboxCapability = SandboxCapability,\n> = SandboxOpsBase<TOptions, TCtx> & SandboxOpsCapMethods<TOptions, TCaps>;\n\n/**\n * Maps generic {@link SandboxOps} method names to adapter-prefixed names.\n *\n * Inherits the capability gating from {@link SandboxOps}: when `TCaps` omits\n * a capability the prefixed key carries the `never` type so call sites are\n * type-protected.\n *\n * @example\n * ```typescript\n * type InMemOps = PrefixedSandboxOps<\"inMemory\">;\n * // → { inMemoryCreateSandbox, inMemoryDestroySandbox, inMemorySnapshotSandbox, … }\n * ```\n */\nexport type PrefixedSandboxOps<\n TPrefix extends string,\n TOptions extends SandboxCreateOptions = SandboxCreateOptions,\n TCtx = unknown,\n TCaps extends SandboxCapability = SandboxCapability,\n> = {\n [K in keyof SandboxOps<\n TOptions,\n TCtx,\n TCaps\n > as `${TPrefix}${Capitalize<K & string>}`]: SandboxOps<\n TOptions,\n TCtx,\n TCaps\n >[K];\n};\n\n// ============================================================================\n// Errors\n// ============================================================================\n\nimport { ApplicationFailure } from \"@temporalio/common\";\n\n/**\n * Thrown by adapters that still surface an unsupported method at runtime.\n *\n * After the capability-generic refactor most adapters drop their\n * unsupported methods entirely so the type system rejects them at call\n * sites. This symbol is still exported so consumers running against older\n * adapter versions can keep their backwards-compatible error-handling\n * paths until they finish migrating.\n */\nexport class SandboxNotSupportedError extends ApplicationFailure {\n constructor(operation: string) {\n super(\n `Sandbox does not support: ${operation}`,\n \"SandboxNotSupportedError\",\n true\n );\n }\n}\n\nexport class SandboxNotFoundError extends ApplicationFailure {\n constructor(sandboxId: string) {\n super(`Sandbox not found: ${sandboxId}`, \"SandboxNotFoundError\", true);\n }\n}\n","import type { Sandbox as DaytonaSdkSandbox } from \"@daytonaio/sdk\";\nimport type {\n SandboxFileSystem,\n DirentEntry,\n FileStat,\n} from \"../../../lib/sandbox/types\";\nimport { SandboxNotSupportedError } from \"../../../lib/sandbox/types\";\nimport { posix } from \"node:path\";\n\n/**\n * {@link SandboxFileSystem} backed by a Daytona SDK sandbox.\n *\n * Maps zeitlich's filesystem interface to Daytona's `sandbox.fs` and\n * `sandbox.process` APIs. Operations that have no direct Daytona equivalent\n * (e.g. `appendFile`, `cp`) are composed from primitives.\n */\nexport class DaytonaSandboxFileSystem implements SandboxFileSystem {\n readonly workspaceBase: string;\n\n constructor(\n private sandbox: DaytonaSdkSandbox,\n workspaceBase = \"/home/daytona\"\n ) {\n this.workspaceBase = posix.resolve(\"/\", workspaceBase);\n }\n\n private normalisePath(path: string): string {\n return posix.resolve(this.workspaceBase, path);\n }\n\n private async ensureParentDirs(absolutePaths: string[]): Promise<void> {\n const prefix = this.workspaceBase === \"/\" ? \"/\" : `${this.workspaceBase}/`;\n const dirs = new Set<string>();\n for (const p of absolutePaths) {\n let dir = posix.dirname(p);\n while (dir.startsWith(prefix)) {\n dirs.add(dir);\n dir = posix.dirname(dir);\n }\n }\n const sorted = [...dirs].sort(\n (a, b) => a.split(\"/\").length - b.split(\"/\").length\n );\n for (const dir of sorted) {\n try {\n await this.sandbox.fs.createFolder(dir, \"755\");\n } catch {\n // Folder already exists — Daytona's createFolder throws in that case.\n }\n }\n }\n\n async readFile(path: string): Promise<string> {\n const norm = this.normalisePath(path);\n const buf = await this.sandbox.fs.downloadFile(norm);\n return buf.toString(\"utf-8\");\n }\n\n async readFileBuffer(path: string): Promise<Uint8Array> {\n const norm = this.normalisePath(path);\n const buf = await this.sandbox.fs.downloadFile(norm);\n return new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength);\n }\n\n async writeFile(path: string, content: string | Uint8Array): Promise<void> {\n const norm = this.normalisePath(path);\n const buf =\n typeof content === \"string\"\n ? Buffer.from(content, \"utf-8\")\n : Buffer.from(content);\n await this.ensureParentDirs([norm]);\n await this.sandbox.fs.uploadFile(buf, norm);\n }\n\n async writeFiles(\n files: { path: string; content: string | Uint8Array }[]\n ): Promise<void> {\n const uploads = files.map((f) => ({\n source: Buffer.from(f.content),\n destination: this.normalisePath(f.path),\n }));\n await this.ensureParentDirs(uploads.map((u) => u.destination));\n await this.sandbox.fs.uploadFiles(uploads);\n }\n\n async appendFile(path: string, content: string | Uint8Array): Promise<void> {\n const norm = this.normalisePath(path);\n let existing: Buffer;\n try {\n existing = await this.sandbox.fs.downloadFile(norm);\n } catch {\n return this.writeFile(norm, content);\n }\n\n const addition =\n typeof content === \"string\" ? Buffer.from(content, \"utf-8\") : content;\n const merged = Buffer.concat([existing, Buffer.from(addition)]);\n await this.sandbox.fs.uploadFile(merged, norm);\n }\n\n async exists(path: string): Promise<boolean> {\n const norm = this.normalisePath(path);\n try {\n await this.sandbox.fs.getFileDetails(norm);\n return true;\n } catch {\n return false;\n }\n }\n\n async stat(path: string): Promise<FileStat> {\n const norm = this.normalisePath(path);\n const info = await this.sandbox.fs.getFileDetails(norm);\n return {\n isFile: !info.isDir,\n isDirectory: info.isDir,\n isSymbolicLink: false,\n size: info.size,\n mtime: new Date(info.modTime),\n };\n }\n\n async mkdir(path: string, _options?: { recursive?: boolean }): Promise<void> {\n const norm = this.normalisePath(path);\n await this.sandbox.fs.createFolder(norm, \"755\");\n }\n\n async readdir(path: string): Promise<string[]> {\n const norm = this.normalisePath(path);\n const entries = await this.sandbox.fs.listFiles(norm);\n return entries.map((e) => e.name);\n }\n\n async readdirWithFileTypes(path: string): Promise<DirentEntry[]> {\n const norm = this.normalisePath(path);\n const entries = await this.sandbox.fs.listFiles(norm);\n return entries.map((e) => ({\n name: e.name,\n isFile: !e.isDir,\n isDirectory: e.isDir,\n isSymbolicLink: false,\n }));\n }\n\n async rm(\n path: string,\n options?: { recursive?: boolean; force?: boolean }\n ): Promise<void> {\n const norm = this.normalisePath(path);\n try {\n await this.sandbox.fs.deleteFile(norm, options?.recursive);\n } catch (err) {\n if (!options?.force) throw err;\n }\n }\n\n async cp(\n src: string,\n dest: string,\n options?: { recursive?: boolean }\n ): Promise<void> {\n const normSrc = this.normalisePath(src);\n const normDest = this.normalisePath(dest);\n const info = await this.sandbox.fs.getFileDetails(normSrc);\n if (info.isDir) {\n if (!options?.recursive) {\n throw new Error(`EISDIR: is a directory (use recursive): ${src}`);\n }\n await this.sandbox.process.executeCommand(\n `cp -r \"${normSrc}\" \"${normDest}\"`\n );\n } else {\n await this.sandbox.process.executeCommand(\n `cp \"${normSrc}\" \"${normDest}\"`\n );\n }\n }\n\n async mv(src: string, dest: string): Promise<void> {\n const normSrc = this.normalisePath(src);\n const normDest = this.normalisePath(dest);\n await this.sandbox.fs.moveFiles(normSrc, normDest);\n }\n\n async readlink(_path: string): Promise<string> {\n throw new SandboxNotSupportedError(\"readlink\");\n }\n\n resolvePath(base: string, path: string): string {\n return posix.resolve(this.normalisePath(base), path);\n }\n}\n","import { Daytona, type Sandbox as DaytonaSdkSandbox } from \"@daytonaio/sdk\";\nimport type {\n Sandbox,\n SandboxCapabilities,\n SandboxCapability,\n SandboxCreateResult,\n SandboxProvider,\n ExecOptions,\n ExecResult,\n} from \"../../../lib/sandbox/types\";\nimport { SandboxNotFoundError } from \"../../../lib/sandbox/types\";\nimport { DaytonaSandboxFileSystem } from \"./filesystem\";\nimport type {\n DaytonaSandbox,\n DaytonaSandboxConfig,\n DaytonaSandboxCreateOptions,\n} from \"./types\";\n\n// ============================================================================\n// DaytonaSandbox\n// ============================================================================\n\nclass DaytonaSandboxImpl implements Sandbox {\n readonly capabilities: SandboxCapabilities = {\n filesystem: true,\n execution: true,\n persistence: false,\n };\n\n readonly fs: DaytonaSandboxFileSystem;\n\n constructor(\n readonly id: string,\n private sdkSandbox: DaytonaSdkSandbox,\n workspaceBase = \"/home/daytona\"\n ) {\n this.fs = new DaytonaSandboxFileSystem(sdkSandbox, workspaceBase);\n }\n\n async exec(command: string, options?: ExecOptions): Promise<ExecResult> {\n const response = await this.sdkSandbox.process.executeCommand(\n command,\n options?.cwd,\n options?.env,\n options?.timeout\n );\n\n return {\n exitCode: response.exitCode ?? 0,\n stdout: response.result ?? \"\",\n stderr: \"\",\n };\n }\n\n async destroy(): Promise<void> {\n await this.sdkSandbox.delete(60);\n }\n}\n\n// ============================================================================\n// DaytonaSandboxProvider\n// ============================================================================\n\n/**\n * Single source of truth for the Daytona adapter's capability set. Daytona\n * implements only base lifecycle (`create` / `get` / `destroy`); both the\n * type-level `TCaps` (`never`) and the runtime `supportedCapabilities`\n * set fall out of this empty array, so the two surfaces cannot drift.\n */\nconst DAYTONA_CAPS = [] as const satisfies readonly SandboxCapability[];\ntype DaytonaCaps = (typeof DAYTONA_CAPS)[number]; // → never\n\n/**\n * Daytona implements only base sandbox lifecycle (`create` / `get` /\n * `destroy`). Snapshot, restore, fork, pause, and resume are not supported\n * — the type-level capability set is `never`, so calling any of those\n * methods on a Daytona provider, manager, or `SandboxOps` proxy is a\n * compile-time TypeScript error.\n */\nexport class DaytonaSandboxProvider\n implements\n SandboxProvider<DaytonaSandboxCreateOptions, DaytonaSandbox, DaytonaCaps>\n{\n readonly id = \"daytona\";\n readonly capabilities: SandboxCapabilities = {\n filesystem: true,\n execution: true,\n persistence: false,\n };\n readonly supportedCapabilities: ReadonlySet<DaytonaCaps> = new Set(\n DAYTONA_CAPS\n );\n\n private client: Daytona;\n private readonly defaultWorkspaceBase: string;\n\n constructor(config?: DaytonaSandboxConfig) {\n this.client = new Daytona(config);\n this.defaultWorkspaceBase = config?.workspaceBase ?? \"/home/daytona\";\n }\n\n async create(\n options?: DaytonaSandboxCreateOptions\n ): Promise<SandboxCreateResult> {\n const sdkSandbox = await this.client.create(\n {\n language: options?.language,\n snapshot: options?.snapshot,\n envVars: options?.env,\n labels: options?.labels,\n autoStopInterval: options?.autoStopInterval,\n autoArchiveInterval: options?.autoArchiveInterval,\n autoDeleteInterval: options?.autoDeleteInterval,\n },\n { timeout: options?.timeout ?? 60 }\n );\n\n const workspaceBase = options?.workspaceBase ?? this.defaultWorkspaceBase;\n\n const sandbox = new DaytonaSandboxImpl(\n sdkSandbox.id,\n sdkSandbox,\n workspaceBase\n );\n\n if (options?.initialFiles) {\n await sandbox.fs.writeFiles(\n Object.entries(options.initialFiles).map(([path, content]) => ({\n path,\n content,\n }))\n );\n }\n\n return { sandbox };\n }\n\n async get(sandboxId: string): Promise<DaytonaSandbox> {\n try {\n const sdkSandbox = await this.client.get(sandboxId);\n return new DaytonaSandboxImpl(\n sdkSandbox.id,\n sdkSandbox,\n this.defaultWorkspaceBase\n );\n } catch {\n throw new SandboxNotFoundError(sandboxId);\n }\n }\n\n async destroy(sandboxId: string): Promise<void> {\n try {\n const sdkSandbox = await this.client.get(sandboxId);\n await this.client.delete(sdkSandbox);\n } catch {\n // Already gone\n }\n }\n}\n\n// Re-exports\nexport { DaytonaSandboxFileSystem } from \"./filesystem\";\nexport type {\n DaytonaSandbox,\n DaytonaSandboxConfig,\n DaytonaSandboxCreateOptions,\n} from \"./types\";\n"]}
1
+ {"version":3,"sources":["../../../../src/lib/sandbox/types.ts","../../../../src/adapters/sandbox/daytona/filesystem.ts","../../../../src/adapters/sandbox/daytona/index.ts"],"names":[],"mappings":";;;;;AA4XO,IAAM,wBAAA,GAAN,cAAuC,kBAAA,CAAmB;AAAA,EAC/D,YAAY,SAAA,EAAmB;AAC7B,IAAA,KAAA;AAAA,MACE,6BAA6B,SAAS,CAAA,CAAA;AAAA,MACtC,0BAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACF,CAAA;AAEO,IAAM,oBAAA,GAAN,cAAmC,kBAAA,CAAmB;AAAA,EAC3D,YAAY,SAAA,EAAmB;AAC7B,IAAA,KAAA,CAAM,CAAA,mBAAA,EAAsB,SAAS,CAAA,CAAA,EAAI,sBAAA,EAAwB,IAAI,CAAA;AAAA,EACvE;AACF,CAAA;AC1XO,IAAM,2BAAN,MAA4D;AAAA,EAGjE,WAAA,CACU,OAAA,EACR,aAAA,GAAgB,eAAA,EAChB;AAFQ,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAGR,IAAA,IAAA,CAAK,aAAA,GAAgB,KAAA,CAAM,OAAA,CAAQ,GAAA,EAAK,aAAa,CAAA;AAAA,EACvD;AAAA,EAJU,OAAA;AAAA,EAHD,aAAA;AAAA,EASD,cAAc,IAAA,EAAsB;AAC1C,IAAA,OAAO,KAAA,CAAM,OAAA,CAAQ,IAAA,CAAK,aAAA,EAAe,IAAI,CAAA;AAAA,EAC/C;AAAA,EAEA,MAAc,iBAAiB,aAAA,EAAwC;AACrE,IAAA,MAAM,SAAS,IAAA,CAAK,aAAA,KAAkB,MAAM,GAAA,GAAM,CAAA,EAAG,KAAK,aAAa,CAAA,CAAA,CAAA;AACvE,IAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,IAAA,KAAA,MAAW,KAAK,aAAA,EAAe;AAC7B,MAAA,IAAI,GAAA,GAAM,KAAA,CAAM,OAAA,CAAQ,CAAC,CAAA;AACzB,MAAA,OAAO,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AAC7B,QAAA,IAAA,CAAK,IAAI,GAAG,CAAA;AACZ,QAAA,GAAA,GAAM,KAAA,CAAM,QAAQ,GAAG,CAAA;AAAA,MACzB;AAAA,IACF;AACA,IAAA,MAAM,MAAA,GAAS,CAAC,GAAG,IAAI,CAAA,CAAE,IAAA;AAAA,MACvB,CAAC,CAAA,EAAG,CAAA,KAAM,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE,MAAA,GAAS,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE;AAAA,KAC/C;AACA,IAAA,KAAA,MAAW,OAAO,MAAA,EAAQ;AACxB,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,YAAA,CAAa,KAAK,KAAK,CAAA;AAAA,MAC/C,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,SAAS,IAAA,EAA+B;AAC5C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,aAAa,IAAI,CAAA;AACnD,IAAA,OAAO,GAAA,CAAI,SAAS,OAAO,CAAA;AAAA,EAC7B;AAAA,EAEA,MAAM,eAAe,IAAA,EAAmC;AACtD,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,aAAa,IAAI,CAAA;AACnD,IAAA,OAAO,IAAI,UAAA,CAAW,GAAA,CAAI,QAAQ,GAAA,CAAI,UAAA,EAAY,IAAI,UAAU,CAAA;AAAA,EAClE;AAAA,EAEA,MAAM,SAAA,CAAU,IAAA,EAAc,OAAA,EAA6C;AACzE,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,GAAA,GACJ,OAAO,OAAA,KAAY,QAAA,GACf,MAAA,CAAO,IAAA,CAAK,OAAA,EAAS,OAAO,CAAA,GAC5B,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AACzB,IAAA,MAAM,IAAA,CAAK,gBAAA,CAAiB,CAAC,IAAI,CAAC,CAAA;AAClC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAA,CAAW,KAAK,IAAI,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WACJ,KAAA,EACe;AACf,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,MAChC,MAAA,EAAQ,MAAA,CAAO,IAAA,CAAK,CAAA,CAAE,OAAO,CAAA;AAAA,MAC7B,WAAA,EAAa,IAAA,CAAK,aAAA,CAAc,CAAA,CAAE,IAAI;AAAA,KACxC,CAAE,CAAA;AACF,IAAA,MAAM,IAAA,CAAK,iBAAiB,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,WAAW,CAAC,CAAA;AAC7D,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,WAAA,CAAY,OAAO,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,UAAA,CAAW,IAAA,EAAc,OAAA,EAA6C;AAC1E,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,aAAa,IAAI,CAAA;AAAA,IACpD,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA,CAAK,SAAA,CAAU,IAAA,EAAM,OAAO,CAAA;AAAA,IACrC;AAEA,IAAA,MAAM,QAAA,GACJ,OAAO,OAAA,KAAY,QAAA,GAAW,OAAO,IAAA,CAAK,OAAA,EAAS,OAAO,CAAA,GAAI,OAAA;AAChE,IAAA,MAAM,MAAA,GAAS,OAAO,MAAA,CAAO,CAAC,UAAU,MAAA,CAAO,IAAA,CAAK,QAAQ,CAAC,CAAC,CAAA;AAC9D,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAA,CAAW,QAAQ,IAAI,CAAA;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAO,IAAA,EAAgC;AAC3C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,cAAA,CAAe,IAAI,CAAA;AACzC,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,KAAK,IAAA,EAAiC;AAC1C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,eAAe,IAAI,CAAA;AACtD,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,CAAC,IAAA,CAAK,KAAA;AAAA,MACd,aAAa,IAAA,CAAK,KAAA;AAAA,MAClB,cAAA,EAAgB,KAAA;AAAA,MAChB,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,KAAA,EAAO,IAAI,IAAA,CAAK,IAAA,CAAK,OAAO;AAAA,KAC9B;AAAA,EACF;AAAA,EAEA,MAAM,KAAA,CAAM,IAAA,EAAc,QAAA,EAAmD;AAC3E,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,YAAA,CAAa,MAAM,KAAK,CAAA;AAAA,EAChD;AAAA,EAEA,MAAM,QAAQ,IAAA,EAAiC;AAC7C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAU,IAAI,CAAA;AACpD,IAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,IAAI,CAAA;AAAA,EAClC;AAAA,EAEA,MAAM,qBAAqB,IAAA,EAAsC;AAC/D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,UAAU,IAAI,CAAA;AACpD,IAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,MACzB,MAAM,CAAA,CAAE,IAAA;AAAA,MACR,MAAA,EAAQ,CAAC,CAAA,CAAE,KAAA;AAAA,MACX,aAAa,CAAA,CAAE,KAAA;AAAA,MACf,cAAA,EAAgB;AAAA,KAClB,CAAE,CAAA;AAAA,EACJ;AAAA,EAEA,MAAM,EAAA,CACJ,IAAA,EACA,OAAA,EACe;AACf,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACpC,IAAA,IAAI;AACF,MAAA,MAAM,KAAK,OAAA,CAAQ,EAAA,CAAG,UAAA,CAAW,IAAA,EAAM,SAAS,SAAS,CAAA;AAAA,IAC3D,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,CAAC,OAAA,EAAS,KAAA,EAAO,MAAM,GAAA;AAAA,IAC7B;AAAA,EACF;AAAA,EAEA,MAAM,EAAA,CACJ,GAAA,EACA,IAAA,EACA,OAAA,EACe;AACf,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,aAAA,CAAc,GAAG,CAAA;AACtC,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACxC,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,eAAe,OAAO,CAAA;AACzD,IAAA,IAAI,KAAK,KAAA,EAAO;AACd,MAAA,IAAI,CAAC,SAAS,SAAA,EAAW;AACvB,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,wCAAA,EAA2C,GAAG,CAAA,CAAE,CAAA;AAAA,MAClE;AACA,MAAA,MAAM,IAAA,CAAK,QAAQ,OAAA,CAAQ,cAAA;AAAA,QACzB,CAAA,OAAA,EAAU,OAAO,CAAA,GAAA,EAAM,QAAQ,CAAA,CAAA;AAAA,OACjC;AAAA,IACF,CAAA,MAAO;AACL,MAAA,MAAM,IAAA,CAAK,QAAQ,OAAA,CAAQ,cAAA;AAAA,QACzB,CAAA,IAAA,EAAO,OAAO,CAAA,GAAA,EAAM,QAAQ,CAAA,CAAA;AAAA,OAC9B;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,EAAA,CAAG,GAAA,EAAa,IAAA,EAA6B;AACjD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,aAAA,CAAc,GAAG,CAAA;AACtC,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,aAAA,CAAc,IAAI,CAAA;AACxC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,EAAA,CAAG,SAAA,CAAU,SAAS,QAAQ,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,SAAS,KAAA,EAAgC;AAC7C,IAAA,MAAM,IAAI,yBAAyB,UAAU,CAAA;AAAA,EAC/C;AAAA,EAEA,WAAA,CAAY,MAAc,IAAA,EAAsB;AAC9C,IAAA,OAAO,MAAM,OAAA,CAAQ,IAAA,CAAK,aAAA,CAAc,IAAI,GAAG,IAAI,CAAA;AAAA,EACrD;AACF;;;ACzKA,IAAM,qBAAN,MAA4C;AAAA,EAS1C,WAAA,CACW,EAAA,EACD,UAAA,EACR,aAAA,GAAgB,eAAA,EAChB;AAHS,IAAA,IAAA,CAAA,EAAA,GAAA,EAAA;AACD,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAGR,IAAA,IAAA,CAAK,EAAA,GAAK,IAAI,wBAAA,CAAyB,UAAA,EAAY,aAAa,CAAA;AAAA,EAClE;AAAA,EALW,EAAA;AAAA,EACD,UAAA;AAAA,EAVD,YAAA,GAAoC;AAAA,IAC3C,UAAA,EAAY,IAAA;AAAA,IACZ,SAAA,EAAW,IAAA;AAAA,IACX,WAAA,EAAa;AAAA,GACf;AAAA,EAES,EAAA;AAAA,EAUT,MAAM,IAAA,CAAK,OAAA,EAAiB,OAAA,EAA4C;AACtE,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,UAAA,CAAW,OAAA,CAAQ,cAAA;AAAA,MAC7C,OAAA;AAAA,MACA,OAAA,EAAS,GAAA;AAAA,MACT,OAAA,EAAS,GAAA;AAAA,MACT,OAAA,EAAS;AAAA,KACX;AAEA,IAAA,OAAO;AAAA,MACL,QAAA,EAAU,SAAS,QAAA,IAAY,CAAA;AAAA,MAC/B,MAAA,EAAQ,SAAS,MAAA,IAAU,EAAA;AAAA,MAC3B,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAAA,EAEA,MAAM,OAAA,GAAyB;AAC7B,IAAA,MAAM,IAAA,CAAK,UAAA,CAAW,MAAA,CAAO,EAAE,CAAA;AAAA,EACjC;AACF,CAAA;AAYA,IAAM,eAAe,EAAC;AAUf,IAAM,yBAAN,MAGP;AAAA,EACW,EAAA,GAAK,SAAA;AAAA,EACL,YAAA,GAAoC;AAAA,IAC3C,UAAA,EAAY,IAAA;AAAA,IACZ,SAAA,EAAW,IAAA;AAAA,IACX,WAAA,EAAa;AAAA,GACf;AAAA,EACS,wBAAkD,IAAI,GAAA;AAAA,IAC7D;AAAA,GACF;AAAA,EAEQ,MAAA;AAAA,EACS,oBAAA;AAAA,EAEjB,YAAY,MAAA,EAA+B;AACzC,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,OAAA,CAAQ,MAAM,CAAA;AAChC,IAAA,IAAA,CAAK,oBAAA,GAAuB,QAAQ,aAAA,IAAiB,eAAA;AAAA,EACvD;AAAA,EAEA,MAAM,OACJ,OAAA,EAC8B;AAC9B,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,MAAA,CAAO,MAAA;AAAA,MACnC;AAAA,QACE,UAAU,OAAA,EAAS,QAAA;AAAA,QACnB,UAAU,OAAA,EAAS,QAAA;AAAA,QACnB,SAAS,OAAA,EAAS,GAAA;AAAA,QAClB,QAAQ,OAAA,EAAS,MAAA;AAAA,QACjB,kBAAkB,OAAA,EAAS,gBAAA;AAAA,QAC3B,qBAAqB,OAAA,EAAS,mBAAA;AAAA,QAC9B,oBAAoB,OAAA,EAAS;AAAA,OAC/B;AAAA,MACA,EAAE,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,EAAA;AAAG,KACpC;AAEA,IAAA,MAAM,aAAA,GAAgB,OAAA,EAAS,aAAA,IAAiB,IAAA,CAAK,oBAAA;AAErD,IAAA,MAAM,UAAU,IAAI,kBAAA;AAAA,MAClB,UAAA,CAAW,EAAA;AAAA,MACX,UAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,IAAI,SAAS,YAAA,EAAc;AACzB,MAAA,MAAM,QAAQ,EAAA,CAAG,UAAA;AAAA,QACf,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAA,CAAE,IAAI,CAAC,CAAC,IAAA,EAAM,OAAO,CAAA,MAAO;AAAA,UAC7D,IAAA;AAAA,UACA;AAAA,SACF,CAAE;AAAA,OACJ;AAAA,IACF;AAEA,IAAA,OAAO,EAAE,OAAA,EAAQ;AAAA,EACnB;AAAA,EAEA,MAAM,IAAI,SAAA,EAA4C;AACpD,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,MAAA,CAAO,IAAI,SAAS,CAAA;AAClD,MAAA,OAAO,IAAI,kBAAA;AAAA,QACT,UAAA,CAAW,EAAA;AAAA,QACX,UAAA;AAAA,QACA,IAAA,CAAK;AAAA,OACP;AAAA,IACF,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAI,qBAAqB,SAAS,CAAA;AAAA,IAC1C;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,SAAA,EAAkC;AAC9C,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,MAAA,CAAO,IAAI,SAAS,CAAA;AAClD,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,UAAU,CAAA;AAAA,IACrC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AACF","file":"index.js","sourcesContent":["// ============================================================================\n// Sandbox Filesystem\n// ============================================================================\n\nexport interface DirentEntry {\n name: string;\n isFile: boolean;\n isDirectory: boolean;\n isSymbolicLink: boolean;\n}\n\nexport interface FileStat {\n isFile: boolean;\n isDirectory: boolean;\n isSymbolicLink: boolean;\n size: number;\n mtime: Date;\n}\n\n// ============================================================================\n// Network & lifecycle\n// ============================================================================\n\nexport interface SandboxNetworkConfig {\n allowOut?: string[];\n denyOut?: string[];\n allowPublicTraffic?: boolean;\n}\n\nexport interface SandboxLifecycleConfig {\n onTimeout: \"kill\" | \"pause\";\n autoResume?: boolean;\n}\n\n/**\n * Provider-agnostic filesystem interface.\n *\n * Implementations that don't support a method should throw\n * {@link SandboxNotSupportedError}.\n */\nexport interface SandboxFileSystem {\n /** Base directory used when resolving relative paths. */\n readonly workspaceBase: string;\n readFile(path: string): Promise<string>;\n readFileBuffer(path: string): Promise<Uint8Array>;\n writeFile(path: string, content: string | Uint8Array): Promise<void>;\n appendFile(path: string, content: string | Uint8Array): Promise<void>;\n exists(path: string): Promise<boolean>;\n stat(path: string): Promise<FileStat>;\n mkdir(path: string, options?: { recursive?: boolean }): Promise<void>;\n readdir(path: string): Promise<string[]>;\n readdirWithFileTypes(path: string): Promise<DirentEntry[]>;\n rm(\n path: string,\n options?: { recursive?: boolean; force?: boolean }\n ): Promise<void>;\n cp(\n src: string,\n dest: string,\n options?: { recursive?: boolean }\n ): Promise<void>;\n mv(src: string, dest: string): Promise<void>;\n readlink(path: string): Promise<string>;\n resolvePath(base: string, path: string): string;\n}\n\n// ============================================================================\n// Execution\n// ============================================================================\n\nexport interface ExecOptions {\n timeout?: number;\n cwd?: string;\n env?: Record<string, string>;\n}\n\nexport interface ExecResult {\n exitCode: number;\n stdout: string;\n stderr: string;\n}\n\n// ============================================================================\n// Capabilities\n// ============================================================================\n\n/**\n * Runtime capability flags carried by a {@link Sandbox} instance.\n *\n * These are an orthogonal mechanism to the type-level\n * {@link SandboxCapability} union: this flag bag is for runtime\n * introspection (\"does the sandbox support a filesystem?\") whereas\n * {@link SandboxCapability} narrows the type-level provider/ops contract.\n */\nexport interface SandboxCapabilities {\n /** Sandbox supports filesystem operations */\n filesystem: boolean;\n /** Sandbox supports shell/command execution */\n execution: boolean;\n /** Sandbox state can be persisted and restored */\n persistence: boolean;\n}\n\n/**\n * Type-level capability vocabulary for {@link SandboxProvider} and\n * {@link SandboxOps}. Adapters declare the subset they actually support; the\n * conditional types on each contract gate the corresponding methods so\n * unsupported calls become a compile-time error rather than a runtime\n * {@link SandboxNotSupportedError}.\n *\n * `pause` and `resume` are split because some adapters might support one\n * direction without the other. The `snapshot` cap covers both `snapshot()`\n * and `deleteSnapshot()` since they always travel together in practice.\n */\nexport type SandboxCapability =\n | \"pause\"\n | \"resume\"\n | \"snapshot\"\n | \"restore\"\n | \"fork\";\n\n// ============================================================================\n// Sandbox\n// ============================================================================\n\nexport interface Sandbox {\n readonly id: string;\n readonly capabilities: SandboxCapabilities;\n readonly fs: SandboxFileSystem;\n\n exec(command: string, options?: ExecOptions): Promise<ExecResult>;\n destroy(): Promise<void>;\n}\n\n// ============================================================================\n// Snapshots\n// ============================================================================\n\nexport interface SandboxSnapshot {\n sandboxId: string;\n providerId: string;\n /** Provider-specific serialised state */\n data: unknown;\n createdAt: string;\n}\n\n// ============================================================================\n// Provider\n// ============================================================================\n\nexport interface SandboxCreateOptions {\n /** Preferred sandbox ID (provider may ignore) */\n id?: string;\n /** Seed the filesystem with these files */\n initialFiles?: Record<string, string | Uint8Array>;\n /** Environment variables available inside the sandbox */\n env?: Record<string, string>;\n /** Key-value metadata surfaced via provider list/query APIs */\n metadata?: Record<string, string>;\n /** Sandbox idle timeout in milliseconds */\n timeoutMs?: number;\n /** Enable or disable outbound internet access */\n allowInternetAccess?: boolean;\n /** Outbound network allow/deny rules */\n network?: SandboxNetworkConfig;\n /** Sandbox timeout behaviour */\n lifecycle?: SandboxLifecycleConfig;\n}\n\nexport interface SandboxCreateResult {\n sandbox: Sandbox;\n}\n\n/**\n * Internal helper: drop keys whose value is `never` from an object type.\n *\n * Used by the capability-gated contracts below so that an absent capability\n * removes the corresponding key entirely, instead of leaving a required\n * field with type `never` (which would make implementations impossible).\n */\ntype OmitNever<T> = {\n [K in keyof T as [T[K]] extends [never] ? never : K]: T[K];\n};\n\n/**\n * Capability-gated provider lifecycle methods.\n *\n * Each field becomes `never` when its capability is absent from `TCaps`;\n * the wrapping `OmitNever` removes those keys entirely, so the method\n * isn't part of the type surface for adapters that don't support it.\n */\ntype SandboxProviderCapMethods<\n TOptions extends SandboxCreateOptions,\n TSandbox extends Sandbox,\n TCaps extends SandboxCapability,\n> = OmitNever<{\n pause: \"pause\" extends TCaps\n ? (sandboxId: string, ttlSeconds?: number) => Promise<void>\n : never;\n resume: \"resume\" extends TCaps ? (sandboxId: string) => Promise<void> : never;\n snapshot: \"snapshot\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<SandboxSnapshot>\n : never;\n deleteSnapshot: \"snapshot\" extends TCaps\n ? (snapshot: SandboxSnapshot) => Promise<void>\n : never;\n restore: \"restore\" extends TCaps\n ? (snapshot: SandboxSnapshot, options?: TOptions) => Promise<TSandbox>\n : never;\n fork: \"fork\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<TSandbox>\n : never;\n}>;\n\n/**\n * Always-present provider lifecycle methods. These do not depend on the\n * capability set and are required by every adapter.\n */\ninterface SandboxProviderBase<\n TOptions extends SandboxCreateOptions,\n TSandbox extends Sandbox,\n TCaps extends SandboxCapability,\n> {\n readonly id: string;\n readonly capabilities: SandboxCapabilities;\n /**\n * Runtime-introspectable list of supported capabilities.\n *\n * Constrained to `ReadonlySet<TCaps & SandboxCapability>` so the runtime\n * set cannot include capabilities not declared at the type level — a\n * provider typed as `SandboxProvider<…, never>` cannot ship a runtime\n * set that contains `\"pause\"`, etc.\n *\n * The other direction (type declares a cap, runtime set omits it)\n * cannot be enforced by TypeScript alone; adapters should derive both\n * `TCaps` and the runtime set from the same `as const` array (see\n * `SandboxManager`'s constructor-time consistency check) so the two\n * surfaces cannot drift.\n */\n readonly supportedCapabilities: ReadonlySet<TCaps & SandboxCapability>;\n\n create(options?: TOptions): Promise<SandboxCreateResult>;\n get(sandboxId: string): Promise<TSandbox>;\n destroy(sandboxId: string): Promise<void>;\n}\n\n/**\n * Provider-side sandbox lifecycle contract.\n *\n * Generic over an optional capability set (`TCaps`). Each capability gates\n * a specific method: when the cap is absent the corresponding key is\n * **removed** from the type entirely, so calling it produces a TypeScript\n * error at the call site instead of a runtime\n * {@link SandboxNotSupportedError}.\n *\n * The default `TCaps = SandboxCapability` resolves to the full union, so\n * existing usages that only pass `TOptions` / `TSandbox` continue to see\n * the full method surface (backwards compatible).\n *\n * Adapters that don't support a method should narrow `TCaps` accordingly:\n *\n * - In-memory / E2B: `SandboxCapability` (default — all caps present).\n * - Bedrock Code Interpreter / Daytona: `never` (only base ops).\n * - Bedrock AgentCore Runtime: `\"pause\" | \"resume\"`.\n */\nexport type SandboxProvider<\n TOptions extends SandboxCreateOptions = SandboxCreateOptions,\n TSandbox extends Sandbox = Sandbox,\n TCaps extends SandboxCapability = SandboxCapability,\n> = SandboxProviderBase<TOptions, TSandbox, TCaps> &\n SandboxProviderCapMethods<TOptions, TSandbox, TCaps>;\n\n// ============================================================================\n// SandboxOps — workflow-side activity interface (like ThreadOps)\n// ============================================================================\n\n/**\n * Capability-gated workflow-side methods. Mirrors the provider's gating:\n * keys whose capability is absent from `TCaps` are removed from the type.\n */\ntype SandboxOpsCapMethods<\n TOptions extends SandboxCreateOptions,\n TCaps extends SandboxCapability,\n> = OmitNever<{\n pauseSandbox: \"pause\" extends TCaps\n ? (sandboxId: string) => Promise<void>\n : never;\n resumeSandbox: \"resume\" extends TCaps\n ? (sandboxId: string) => Promise<void>\n : never;\n snapshotSandbox: \"snapshot\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<SandboxSnapshot>\n : never;\n deleteSandboxSnapshot: \"snapshot\" extends TCaps\n ? (snapshot: SandboxSnapshot) => Promise<void>\n : never;\n restoreSandbox: \"restore\" extends TCaps\n ? (snapshot: SandboxSnapshot, options?: TOptions) => Promise<string>\n : never;\n forkSandbox: \"fork\" extends TCaps\n ? (sandboxId: string, options?: TOptions) => Promise<string>\n : never;\n}>;\n\n/**\n * Always-present workflow-side lifecycle methods.\n */\ninterface SandboxOpsBase<\n TOptions extends SandboxCreateOptions,\n TCtx,\n> {\n createSandbox(\n options?: TOptions,\n ctx?: TCtx\n ): Promise<{ sandboxId: string } | null>;\n destroySandbox(sandboxId: string): Promise<void>;\n}\n\n/**\n * Workflow-side counterpart to {@link SandboxProvider}. Exposed as a set of\n * Temporal activities and consumed by `createSession`'s `sandboxOps` field\n * and by `defineSubagent`'s `sandbox.proxy`.\n *\n * Generic over a capability set (`TCaps`) — same semantics as the provider:\n * keys whose capability is absent are removed from the type, so calling\n * them is a TypeScript error rather than a runtime throw. The default\n * `TCaps = SandboxCapability` keeps the full method surface for existing\n * consumers.\n */\nexport type SandboxOps<\n TOptions extends SandboxCreateOptions = SandboxCreateOptions,\n TCtx = unknown,\n TCaps extends SandboxCapability = SandboxCapability,\n> = SandboxOpsBase<TOptions, TCtx> & SandboxOpsCapMethods<TOptions, TCaps>;\n\n/**\n * Maps generic {@link SandboxOps} method names to adapter-prefixed names.\n *\n * Inherits the capability gating from {@link SandboxOps}: when `TCaps` omits\n * a capability the prefixed key carries the `never` type so call sites are\n * type-protected.\n *\n * @example\n * ```typescript\n * type E2bOps = PrefixedSandboxOps<\"e2b\">;\n * // → { e2bCreateSandbox, e2bDestroySandbox, e2bSnapshotSandbox, … }\n * ```\n */\nexport type PrefixedSandboxOps<\n TPrefix extends string,\n TOptions extends SandboxCreateOptions = SandboxCreateOptions,\n TCtx = unknown,\n TCaps extends SandboxCapability = SandboxCapability,\n> = {\n [K in keyof SandboxOps<\n TOptions,\n TCtx,\n TCaps\n > as `${TPrefix}${Capitalize<K & string>}`]: SandboxOps<\n TOptions,\n TCtx,\n TCaps\n >[K];\n};\n\n// ============================================================================\n// Errors\n// ============================================================================\n\nimport { ApplicationFailure } from \"@temporalio/common\";\n\n/**\n * Thrown by adapters that still surface an unsupported method at runtime.\n *\n * After the capability-generic refactor most adapters drop their\n * unsupported methods entirely so the type system rejects them at call\n * sites. This symbol is still exported so consumers running against older\n * adapter versions can keep their backwards-compatible error-handling\n * paths until they finish migrating.\n */\nexport class SandboxNotSupportedError extends ApplicationFailure {\n constructor(operation: string) {\n super(\n `Sandbox does not support: ${operation}`,\n \"SandboxNotSupportedError\",\n true\n );\n }\n}\n\nexport class SandboxNotFoundError extends ApplicationFailure {\n constructor(sandboxId: string) {\n super(`Sandbox not found: ${sandboxId}`, \"SandboxNotFoundError\", true);\n }\n}\n","import type { Sandbox as DaytonaSdkSandbox } from \"@daytonaio/sdk\";\nimport type {\n SandboxFileSystem,\n DirentEntry,\n FileStat,\n} from \"../../../lib/sandbox/types\";\nimport { SandboxNotSupportedError } from \"../../../lib/sandbox/types\";\nimport { posix } from \"node:path\";\n\n/**\n * {@link SandboxFileSystem} backed by a Daytona SDK sandbox.\n *\n * Maps zeitlich's filesystem interface to Daytona's `sandbox.fs` and\n * `sandbox.process` APIs. Operations that have no direct Daytona equivalent\n * (e.g. `appendFile`, `cp`) are composed from primitives.\n */\nexport class DaytonaSandboxFileSystem implements SandboxFileSystem {\n readonly workspaceBase: string;\n\n constructor(\n private sandbox: DaytonaSdkSandbox,\n workspaceBase = \"/home/daytona\"\n ) {\n this.workspaceBase = posix.resolve(\"/\", workspaceBase);\n }\n\n private normalisePath(path: string): string {\n return posix.resolve(this.workspaceBase, path);\n }\n\n private async ensureParentDirs(absolutePaths: string[]): Promise<void> {\n const prefix = this.workspaceBase === \"/\" ? \"/\" : `${this.workspaceBase}/`;\n const dirs = new Set<string>();\n for (const p of absolutePaths) {\n let dir = posix.dirname(p);\n while (dir.startsWith(prefix)) {\n dirs.add(dir);\n dir = posix.dirname(dir);\n }\n }\n const sorted = [...dirs].sort(\n (a, b) => a.split(\"/\").length - b.split(\"/\").length\n );\n for (const dir of sorted) {\n try {\n await this.sandbox.fs.createFolder(dir, \"755\");\n } catch {\n // Folder already exists — Daytona's createFolder throws in that case.\n }\n }\n }\n\n async readFile(path: string): Promise<string> {\n const norm = this.normalisePath(path);\n const buf = await this.sandbox.fs.downloadFile(norm);\n return buf.toString(\"utf-8\");\n }\n\n async readFileBuffer(path: string): Promise<Uint8Array> {\n const norm = this.normalisePath(path);\n const buf = await this.sandbox.fs.downloadFile(norm);\n return new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength);\n }\n\n async writeFile(path: string, content: string | Uint8Array): Promise<void> {\n const norm = this.normalisePath(path);\n const buf =\n typeof content === \"string\"\n ? Buffer.from(content, \"utf-8\")\n : Buffer.from(content);\n await this.ensureParentDirs([norm]);\n await this.sandbox.fs.uploadFile(buf, norm);\n }\n\n async writeFiles(\n files: { path: string; content: string | Uint8Array }[]\n ): Promise<void> {\n const uploads = files.map((f) => ({\n source: Buffer.from(f.content),\n destination: this.normalisePath(f.path),\n }));\n await this.ensureParentDirs(uploads.map((u) => u.destination));\n await this.sandbox.fs.uploadFiles(uploads);\n }\n\n async appendFile(path: string, content: string | Uint8Array): Promise<void> {\n const norm = this.normalisePath(path);\n let existing: Buffer;\n try {\n existing = await this.sandbox.fs.downloadFile(norm);\n } catch {\n return this.writeFile(norm, content);\n }\n\n const addition =\n typeof content === \"string\" ? Buffer.from(content, \"utf-8\") : content;\n const merged = Buffer.concat([existing, Buffer.from(addition)]);\n await this.sandbox.fs.uploadFile(merged, norm);\n }\n\n async exists(path: string): Promise<boolean> {\n const norm = this.normalisePath(path);\n try {\n await this.sandbox.fs.getFileDetails(norm);\n return true;\n } catch {\n return false;\n }\n }\n\n async stat(path: string): Promise<FileStat> {\n const norm = this.normalisePath(path);\n const info = await this.sandbox.fs.getFileDetails(norm);\n return {\n isFile: !info.isDir,\n isDirectory: info.isDir,\n isSymbolicLink: false,\n size: info.size,\n mtime: new Date(info.modTime),\n };\n }\n\n async mkdir(path: string, _options?: { recursive?: boolean }): Promise<void> {\n const norm = this.normalisePath(path);\n await this.sandbox.fs.createFolder(norm, \"755\");\n }\n\n async readdir(path: string): Promise<string[]> {\n const norm = this.normalisePath(path);\n const entries = await this.sandbox.fs.listFiles(norm);\n return entries.map((e) => e.name);\n }\n\n async readdirWithFileTypes(path: string): Promise<DirentEntry[]> {\n const norm = this.normalisePath(path);\n const entries = await this.sandbox.fs.listFiles(norm);\n return entries.map((e) => ({\n name: e.name,\n isFile: !e.isDir,\n isDirectory: e.isDir,\n isSymbolicLink: false,\n }));\n }\n\n async rm(\n path: string,\n options?: { recursive?: boolean; force?: boolean }\n ): Promise<void> {\n const norm = this.normalisePath(path);\n try {\n await this.sandbox.fs.deleteFile(norm, options?.recursive);\n } catch (err) {\n if (!options?.force) throw err;\n }\n }\n\n async cp(\n src: string,\n dest: string,\n options?: { recursive?: boolean }\n ): Promise<void> {\n const normSrc = this.normalisePath(src);\n const normDest = this.normalisePath(dest);\n const info = await this.sandbox.fs.getFileDetails(normSrc);\n if (info.isDir) {\n if (!options?.recursive) {\n throw new Error(`EISDIR: is a directory (use recursive): ${src}`);\n }\n await this.sandbox.process.executeCommand(\n `cp -r \"${normSrc}\" \"${normDest}\"`\n );\n } else {\n await this.sandbox.process.executeCommand(\n `cp \"${normSrc}\" \"${normDest}\"`\n );\n }\n }\n\n async mv(src: string, dest: string): Promise<void> {\n const normSrc = this.normalisePath(src);\n const normDest = this.normalisePath(dest);\n await this.sandbox.fs.moveFiles(normSrc, normDest);\n }\n\n async readlink(_path: string): Promise<string> {\n throw new SandboxNotSupportedError(\"readlink\");\n }\n\n resolvePath(base: string, path: string): string {\n return posix.resolve(this.normalisePath(base), path);\n }\n}\n","import { Daytona, type Sandbox as DaytonaSdkSandbox } from \"@daytonaio/sdk\";\nimport type {\n Sandbox,\n SandboxCapabilities,\n SandboxCapability,\n SandboxCreateResult,\n SandboxProvider,\n ExecOptions,\n ExecResult,\n} from \"../../../lib/sandbox/types\";\nimport { SandboxNotFoundError } from \"../../../lib/sandbox/types\";\nimport { DaytonaSandboxFileSystem } from \"./filesystem\";\nimport type {\n DaytonaSandbox,\n DaytonaSandboxConfig,\n DaytonaSandboxCreateOptions,\n} from \"./types\";\n\n// ============================================================================\n// DaytonaSandbox\n// ============================================================================\n\nclass DaytonaSandboxImpl implements Sandbox {\n readonly capabilities: SandboxCapabilities = {\n filesystem: true,\n execution: true,\n persistence: false,\n };\n\n readonly fs: DaytonaSandboxFileSystem;\n\n constructor(\n readonly id: string,\n private sdkSandbox: DaytonaSdkSandbox,\n workspaceBase = \"/home/daytona\"\n ) {\n this.fs = new DaytonaSandboxFileSystem(sdkSandbox, workspaceBase);\n }\n\n async exec(command: string, options?: ExecOptions): Promise<ExecResult> {\n const response = await this.sdkSandbox.process.executeCommand(\n command,\n options?.cwd,\n options?.env,\n options?.timeout\n );\n\n return {\n exitCode: response.exitCode ?? 0,\n stdout: response.result ?? \"\",\n stderr: \"\",\n };\n }\n\n async destroy(): Promise<void> {\n await this.sdkSandbox.delete(60);\n }\n}\n\n// ============================================================================\n// DaytonaSandboxProvider\n// ============================================================================\n\n/**\n * Single source of truth for the Daytona adapter's capability set. Daytona\n * implements only base lifecycle (`create` / `get` / `destroy`); both the\n * type-level `TCaps` (`never`) and the runtime `supportedCapabilities`\n * set fall out of this empty array, so the two surfaces cannot drift.\n */\nconst DAYTONA_CAPS = [] as const satisfies readonly SandboxCapability[];\ntype DaytonaCaps = (typeof DAYTONA_CAPS)[number]; // → never\n\n/**\n * Daytona implements only base sandbox lifecycle (`create` / `get` /\n * `destroy`). Snapshot, restore, fork, pause, and resume are not supported\n * — the type-level capability set is `never`, so calling any of those\n * methods on a Daytona provider, manager, or `SandboxOps` proxy is a\n * compile-time TypeScript error.\n */\nexport class DaytonaSandboxProvider\n implements\n SandboxProvider<DaytonaSandboxCreateOptions, DaytonaSandbox, DaytonaCaps>\n{\n readonly id = \"daytona\";\n readonly capabilities: SandboxCapabilities = {\n filesystem: true,\n execution: true,\n persistence: false,\n };\n readonly supportedCapabilities: ReadonlySet<DaytonaCaps> = new Set(\n DAYTONA_CAPS\n );\n\n private client: Daytona;\n private readonly defaultWorkspaceBase: string;\n\n constructor(config?: DaytonaSandboxConfig) {\n this.client = new Daytona(config);\n this.defaultWorkspaceBase = config?.workspaceBase ?? \"/home/daytona\";\n }\n\n async create(\n options?: DaytonaSandboxCreateOptions\n ): Promise<SandboxCreateResult> {\n const sdkSandbox = await this.client.create(\n {\n language: options?.language,\n snapshot: options?.snapshot,\n envVars: options?.env,\n labels: options?.labels,\n autoStopInterval: options?.autoStopInterval,\n autoArchiveInterval: options?.autoArchiveInterval,\n autoDeleteInterval: options?.autoDeleteInterval,\n },\n { timeout: options?.timeout ?? 60 }\n );\n\n const workspaceBase = options?.workspaceBase ?? this.defaultWorkspaceBase;\n\n const sandbox = new DaytonaSandboxImpl(\n sdkSandbox.id,\n sdkSandbox,\n workspaceBase\n );\n\n if (options?.initialFiles) {\n await sandbox.fs.writeFiles(\n Object.entries(options.initialFiles).map(([path, content]) => ({\n path,\n content,\n }))\n );\n }\n\n return { sandbox };\n }\n\n async get(sandboxId: string): Promise<DaytonaSandbox> {\n try {\n const sdkSandbox = await this.client.get(sandboxId);\n return new DaytonaSandboxImpl(\n sdkSandbox.id,\n sdkSandbox,\n this.defaultWorkspaceBase\n );\n } catch {\n throw new SandboxNotFoundError(sandboxId);\n }\n }\n\n async destroy(sandboxId: string): Promise<void> {\n try {\n const sdkSandbox = await this.client.get(sandboxId);\n await this.client.delete(sdkSandbox);\n } catch {\n // Already gone\n }\n }\n}\n\n// Re-exports\nexport { DaytonaSandboxFileSystem } from \"./filesystem\";\nexport type {\n DaytonaSandbox,\n DaytonaSandboxConfig,\n DaytonaSandboxCreateOptions,\n} from \"./types\";\n"]}
package/dist/adapters/sandbox/daytona/workflow.d.cts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { proxyActivities } from '@temporalio/workflow';
2
- import { S as SandboxOps } from '../../../types-CJ7tCdl6.cjs';
3
- import { D as DaytonaSandboxCreateOptions } from '../../../types-CjY93AWZ.cjs';
2
+ import { c as SandboxOps } from '../../../types-D8W5TnSa.cjs';
3
+ import { D as DaytonaSandboxCreateOptions } from '../../../types-OEN1xrFg.cjs';
4
4
  import '@temporalio/common';
5
5
  import '@daytonaio/sdk';
6
6
 
package/dist/adapters/sandbox/daytona/workflow.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { proxyActivities } from '@temporalio/workflow';
2
- import { S as SandboxOps } from '../../../types-CJ7tCdl6.js';
3
- import { D as DaytonaSandboxCreateOptions } from '../../../types-gVa5XCWD.js';
2
+ import { c as SandboxOps } from '../../../types-D8W5TnSa.js';
3
+ import { D as DaytonaSandboxCreateOptions } from '../../../types-BQvXWcft.js';
4
4
  import '@temporalio/common';
5
5
  import '@daytonaio/sdk';
6
6