npm - zerobox - Versions diffs - 0.2.5 → 0.3.0 - Mend

zerobox 0.2.5 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md +105 -496
package/dist/platforms.test.js +4 -2
package/dist/platforms.test.js.map +1 -1
package/package.json +7 -7

package/README.md CHANGED Viewed

@@ -1,199 +1,103 @@
-<div align="center">
-  <h1>🫙 Zerobox</h1>
-  <p><strong>Sandbox any command with file, network, and credential controls.</strong></p>
-  <p>
-    <a href="https://www.npmjs.com/package/zerobox" target="_blank">
-      <img src="https://img.shields.io/npm/v/zerobox?style=for-the-badge&labelColor=000000" alt="Zerobox npm version" />
-    </a>
-    <a href="https://github.com/afshinm/zerobox/blob/main/LICENSE" target="_blank">
-      <img src="https://img.shields.io/github/license/afshinm/zerobox?style=for-the-badge&labelColor=000000" alt="Zerobox license" />
-    </a>
-    <a href="https://github.com/afshinm/zerobox/actions/workflows/ci.yml" target="_blank">
-      <img src="https://img.shields.io/github/actions/workflow/status/afshinm/zerobox/ci.yml?style=for-the-badge&labelColor=000000&label=CI" alt="Zerobox CI status" />
-    </a>
-  </p>
-</div>
-Lightweight, cross-platform process sandboxing powered by [OpenAI Codex](https://github.com/openai/codex)'s sandbox runtime.
-- **Deny by default:** Writes, network, and environment variables are blocked unless you allow them
-- **Credential injection:** Pass API keys that the process never sees. Zerobox injects real values only for approved hosts
-- **File access control:** Allow or deny reads and writes to specific paths
-- **Network filtering:** Allow or deny outbound traffic by domain
-- **Clean environment:** Only essential env vars (PATH, HOME, etc.) are inherited by default
-- **Rust SDK:** `use zerobox::Sandbox` with a builder API
-- **TypeScript SDK:** `import { Sandbox } from "zerobox"` with a Deno-style API
-- **Cross-platform:** macOS and Linux. Windows support planned
-- **Single binary:** No Docker, no VMs, ~10ms overhead
-<p align="center">
-  <a href="https://www.youtube.com/watch?v=wZiPm9BOPCg" target="_blank" title="Watch the video">
-    <img alt="Zerobox Sandbox Flow" src="packages/zerobox/assets/flow.svg" alt="Watch the video" style="width: 100%; max-width: 1135px;" />
+# Zerobox TypeScript SDK
+<p>
+  <a href="https://www.npmjs.com/package/zerobox" target="_blank">
+    <img src="https://img.shields.io/npm/v/zerobox?style=for-the-badge&labelColor=000000&label=npm" alt="Zerobox npm version" />
+  </a>
+  <a href="https://github.com/afshinm/zerobox/blob/main/LICENSE" target="_blank">
+    <img src="https://img.shields.io/github/license/afshinm/zerobox?style=for-the-badge&labelColor=000000" alt="Zerobox license" />
   </a>
 </p>
-## Install
-### Shell (macOS / Linux)
-```bash
-curl -fsSL https://raw.githubusercontent.com/afshinm/zerobox/main/install.sh | sh
-```
-### npm
+TypeScript / Node SDK for [zerobox](https://github.com/afshinm/zerobox). Sandbox any command with file, network, and credential controls.
 ```bash
-npm install -g zerobox
+npm install zerobox
 ```
-### From source
+Installing the package drops the `zerobox` CLI into your `node_modules/.bin/` and exposes a TypeScript SDK.
-```bash
-git clone https://github.com/afshinm/zerobox && cd zerobox
-./scripts/sync.sh && cargo build --release -p zerobox
-```
+> For CLI usage, secrets concepts, the full flag reference, performance numbers, and platform support see the [main README](https://github.com/afshinm/zerobox).
 ## Quick start
-Run a command with no writes and no network access:
-```bash
-zerobox -- node -e "console.log('hello')"
-```
-Allow writes to a specific directory:
-```bash
-zerobox --allow-write=. -- node script.js
-```
-Allow network to a specific domain:
-```bash
-zerobox --allow-net=api.openai.com -- node agent.js
-```
-Pass a secret to a specific host and the inner process never sees the real value:
-```bash
-zerobox --secret OPENAI_API_KEY=sk-proj-123 --secret-host OPENAI_API_KEY=api.openai.com -- node agent.js
-```
-Same thing with the Rust SDK:
-```rust
-use zerobox::Sandbox;
-let output = Sandbox::command("node")
-    .arg("agent.js")
-    .secret("OPENAI_API_KEY", "sk-proj-123")
-    .secret_host("OPENAI_API_KEY", "api.openai.com")
-    .run()
-    .await?;
-```
-Or the TypeScript SDK:
 ```ts
 import { Sandbox } from "zerobox";
-const sandbox = Sandbox.create({
-  secrets: {
-    OPENAI_API_KEY: {
-      value: process.env.OPENAI_API_KEY,
-      hosts: ["api.openai.com"],
-    },
-  },
-});
-const output = await sandbox.sh`node agent.js`.text();
+const sandbox = Sandbox.create({ allowWrite: ["/tmp"] });
+const output = await sandbox.sh`echo hello`.text();
 ```
-Record filesystem changes and undo them after execution:
+## Commands
-```bash
-zerobox --restore --allow-write=. -- npm install
-```
+The SDK exposes three ways to run a command. Each returns a `ShellCommand` you terminate with `.text()`, `.json()`, or `.output()`.
-Or record without restoring, then inspect and undo later:
+### Shell (tagged template)
-```bash
-zerobox --snapshot --allow-write=. -- npm install
-zerobox snapshot list
-zerobox snapshot diff <session-id>
-zerobox snapshot restore <session-id>
+```ts
+const name = "world";
+await sandbox.sh`echo hello ${name}`.text();
 ```
-## Architecture
-<p align="center">
-  <img src="https://raw.githubusercontent.com/afshinm/zerobox/refs/heads/main/packages/zerobox/assets/sandbox-flow.png" alt="Zerobox architecture" width="800" />
-</p>
-## Secrets
-Secrets are API keys, tokens, or credentials that should never be visible inside the sandbox. The sandboxed process sees a placeholder in the environment variable and the real value is substituted at the network proxy level only for requested hosts:
+### Inline JavaScript
+```ts
+const data = await sandbox.js`
+  console.log(JSON.stringify({ sum: 1 + 2 }));
+`.json<{ sum: number }>();
 ```
-sandbox process: echo $OPENAI_API_KEY
-  -> ZEROBOX_SECRET_a1b2c3d4e5...  (placeholder)
-sandbox process: curl -H "Authorization: Bearer $OPENAI_API_KEY" https://api.openai.com/...
-  -> proxy intercepts, replaces placeholder with real key
-  -> server receives: Authorization: Bearer sk-proj-123
+### Explicit command + args
+```ts
+await sandbox.exec("node", ["-e", "console.log('hi')"]).text();
 ```
-### Using the CLI
+## Results
-Pass a secret with `--secret` and restrict it to a specific domain with `--secret-host`:
+| Method | On success | On non-zero exit |
+| --- | --- | --- |
+| `.text()` | Returns stdout as a string | Throws `SandboxCommandError` |
+| `.json<T>()` | Parses stdout as JSON (typed) | Throws `SandboxCommandError` |
+| `.output()` | Returns `{ code, stdout, stderr }` | Returns the same shape, never throws |
-```bash
-zerobox --secret OPENAI_API_KEY=sk-proj-123 --secret-host OPENAI_API_KEY=api.openai.com -- node app.js
+```ts
+const data = await sandbox.sh`cat data.json`.json();
+const result = await sandbox.sh`exit 42`.output();
+// { code: 42, stdout: "", stderr: "" }
 ```
-Without `--secret-host`, the secret is passed to all domains:
+## Error handling
-```bash
-zerobox --secret TOKEN=abc123 -- node app.js
-```
+Non-zero exit codes throw `SandboxCommandError`:
-You can also pass multiple secrets with different domains:
+```ts
+import { Sandbox, SandboxCommandError } from "zerobox";
-```bash
-zerobox \
-  --secret OPENAI_API_KEY=sk-proj-123 --secret-host OPENAI_API_KEY=api.openai.com \
-  --secret GITHUB_TOKEN=ghp-456 --secret-host GITHUB_TOKEN=api.github.com \
-  -- node app.js
+const sandbox = Sandbox.create();
+try {
+  await sandbox.sh`exit 1`.text();
+} catch (e) {
+  if (e instanceof SandboxCommandError) {
+    console.log(e.code);
+    console.log(e.stderr);
+  }
+}
 ```
-> Node.js `fetch` does not respect `HTTPS_PROXY` by default. When running Node.js inside a sandbox with secrets, make sure to pass the `--use-env-proxy` argument.
-### Rust SDK
-```rust
-let output = Sandbox::command("node")
-    .arg("agent.js")
-    .secret("OPENAI_API_KEY", "sk-proj-123")
-    .secret_host("OPENAI_API_KEY", "api.openai.com")
-    .secret("GITHUB_TOKEN", "ghp-456")
-    .secret_host("GITHUB_TOKEN", "api.github.com")
-    .run()
-    .await?;
-```
+## Secrets
-### TypeScript SDK
+Pass API keys that the sandboxed process never sees. The proxy substitutes the real value only for approved hosts.
 ```ts
-import { Sandbox } from "zerobox";
 const sandbox = Sandbox.create({
   secrets: {
     OPENAI_API_KEY: {
-      value: process.env.OPENAI_API_KEY,
+      value: process.env.OPENAI_API_KEY!,
       hosts: ["api.openai.com"],
     },
     GITHUB_TOKEN: {
-      value: process.env.GITHUB_TOKEN,
+      value: process.env.GITHUB_TOKEN!,
       hosts: ["api.github.com"],
     },
   },
@@ -202,382 +106,87 @@ const sandbox = Sandbox.create({
 await sandbox.sh`node agent.js`.text();
 ```
-## Environment variables
-By default, only essential variables are passed to the sandbox e.g. `PATH`, `HOME`, `USER`, `SHELL`, `TERM`, `LANG`.
+See the [main README](https://github.com/afshinm/zerobox#secrets) for how placeholder substitution works.
-### Inherit all parent env vars
+## Snapshots
-The `--allow-env` flag allows all parent environment variables to be inherited by the sandboxed process:
-```bash
-zerobox --allow-env -- node app.js
-```
-### Inherit specific env vars only
-```bash
-zerobox --allow-env=PATH,HOME,DATABASE_URL -- node app.js
-```
-### Block specific env vars
-```bash
-zerobox --allow-env --deny-env=AWS_SECRET_ACCESS_KEY -- node app.js
-```
-or set a specific variable:
-```bash
-zerobox --env NODE_ENV=production --env DEBUG=false -- node app.js
-```
-### Rust SDK
-```rust
-let output = Sandbox::command("node")
-    .arg("app.js")
-    .env("NODE_ENV", "production")
-    .allow_env(&["PATH", "HOME"])
-    .deny_env(&["AWS_SECRET_ACCESS_KEY"])
-    .run()
-    .await?;
-```
-### TypeScript SDK
+Record filesystem changes and roll them back automatically:
 ```ts
 const sandbox = Sandbox.create({
-  env: { NODE_ENV: "production" },
-  allowEnv: ["PATH", "HOME"],
-  denyEnv: ["AWS_SECRET_ACCESS_KEY"],
+  allowWrite: ["."],
+  restore: true,
 });
-```
-## Examples
-### Run AI-generated code safely
-Run AI generated code without risking file corruption or data leaks:
-```bash
-zerobox -- python3 /tmp/task.py
-```
-Or allow writes only to an output directory:
-```bash
-zerobox --allow-write=/tmp/output -- python3 /tmp/task.py
-```
-Or via the Rust SDK:
-```rust
-let output = Sandbox::command("python3")
-    .arg("/tmp/task.py")
-    .allow_write("/tmp/output")
-    .allow_net(&["api.openai.com"])
-    .run()
-    .await?;
-println!("{}", String::from_utf8_lossy(&output.stdout));
+await sandbox.sh`npm install`.text();
 ```
-Or the TypeScript SDK:
+Record without rolling back:
 ```ts
-import { Sandbox } from "zerobox";
 const sandbox = Sandbox.create({
-  allowWrite: ["/tmp/output"],
-  allowNet: ["api.openai.com"],
+  allowWrite: ["."],
+  snapshot: true,
+  snapshotExclude: ["node_modules"],
 });
-const result = await sandbox.sh`python3 /tmp/task.py`.output();
-console.log(result.code, result.stdout);
-```
-### Restrict LLM tool calls
-Each AI tool call can also be sandboxed individually. The parent agent process runs normally and only some operations are sandboxed:
-```ts
-import { Sandbox } from "zerobox";
-const reader = Sandbox.create();
-const writer = Sandbox.create({ allowWrite: ["/tmp"] });
-const fetcher = Sandbox.create({ allowNet: ["example.com"] });
-const data = await reader.js`
-  const content = require("fs").readFileSync("/tmp/input.txt", "utf8");
-  console.log(JSON.stringify({ content }));
-`.json();
-await writer.js`
-  require("fs").writeFileSync("/tmp/output.txt", "result");
-  console.log("ok");
-`.text();
-const result = await fetcher.js`
-  const res = await fetch("https://example.com");
-  console.log(JSON.stringify({ status: res.status }));
-`.json();
-```
-Full working examples:
-- [`examples/ai-agent-sandboxed`](examples/ai-agent-sandboxed) - Entire agent process sandboxed with secrets (API key never visible)
-- [`examples/ai-agent`](examples/ai-agent) - Vercel AI SDK with per-tool sandboxing and secrets
-- [`examples/workflow`](examples/workflow) - [Vercel Workflow](https://useworkflow.dev/) with sandboxed durable steps
-### Protect your repo during builds
-Run a build script with network access:
-```bash
-zerobox --allow-write=./dist --allow-net -- npm run build
-```
-Run tests with no network and catch accidental external calls:
-```bash
-zerobox --allow-write=/tmp -- npm test
-```
-## Rust SDK
-```toml
-[dependencies]
-zerobox = "0.1"
-```
-### Run and collect output
-```rust
-use zerobox::Sandbox;
-let output = Sandbox::command("echo")
-    .arg("hello")
-    .allow_write("/tmp")
-    .run()
-    .await?;
-println!("{}", String::from_utf8_lossy(&output.stdout));
-println!("exit: {}", output.status);
-```
-### Stream output
-```rust
-let mut child = Sandbox::command("cargo")
-    .arg("build")
-    .allow_write("/project/target")
-    .allow_net(&["crates.io"])
-    .spawn()
-    .await?;
-let stdout = child.stdout().unwrap();
-// read from stdout while the process runs
-let status = child.wait().await?;
-```
-### Inherit stdio (TTY passthrough)
-```rust
-let status = Sandbox::command("vim")
-    .allow_write("/project")
-    .status()
-    .await?;
-```
-### Profiles
-```rust
-// default profile loads automatically (denies ~/.ssh, ~/.aws, etc.)
-let output = Sandbox::command("npm test").run().await?;
-// use a different profile
-let output = Sandbox::command("npm test")
-    .profile("workspace")
-    .run()
-    .await?;
-// combine multiple profiles (merged left-to-right)
-let output = Sandbox::command("claude")
-    .profiles(&["claude", "git-config"])
-    .run()
-    .await?;
-// opt out of profiles
-let output = Sandbox::command("npm test")
-    .no_profile()
-    .allow_read("/src")
-    .run()
-    .await?;
-```
-### Full access / no sandbox
-```rust
-let output = Sandbox::command("install.sh")
-    .full_access()
-    .run()
-    .await?;
-let output = Sandbox::command("ls")
-    .no_sandbox()
-    .run()
-    .await?;
-```
-## TypeScript SDK
-```bash
-npm install zerobox
-```
-### Shell commands
-```ts
-import { Sandbox } from "zerobox";
-const sandbox = Sandbox.create({ allowWrite: ["/tmp"] });
-const output = await sandbox.sh`echo hello`.text();
-```
-### JSON output
-```ts
-const data = await sandbox.sh`cat data.json`.json();
-```
-### Raw output (doesn't throw on non-zero exit)
-```ts
-const result = await sandbox.sh`exit 42`.output();
-// { code: 42, stdout: "", stderr: "" }
-```
-### Explicit command + args
-```ts
-await sandbox.exec("node", ["-e", "console.log('hi')"]).text();
-```
-### Inline JavaScript
-```ts
-const data = await sandbox.js`
-  console.log(JSON.stringify({ sum: 1 + 2 }));
-`.json();
+await sandbox.sh`npm install`.text();
 ```
-### Error handling
+## Cancellation
-Non-zero exit codes throw `SandboxCommandError`:
+Pass an `AbortSignal` to any terminator:
 ```ts
-import { Sandbox, SandboxCommandError } from "zerobox";
-const sandbox = Sandbox.create();
-try {
-  await sandbox.sh`exit 1`.text();
-} catch (e) {
-  if (e instanceof SandboxCommandError) {
-    console.log(e.code); // 1
-    console.log(e.stderr);
-  }
-}
+const controller = new AbortController();
+setTimeout(() => controller.abort(), 1000);
+await sandbox.sh`sleep 60`.text({ signal: controller.signal });
 ```
-### Snapshots
+## Environment variables
 ```ts
 const sandbox = Sandbox.create({
-  allowWrite: ["."],
-  restore: true,
+  env: { NODE_ENV: "production" },
+  allowEnv: ["PATH", "HOME"],
+  denyEnv: ["AWS_SECRET_ACCESS_KEY"],
 });
-// Changes are automatically undone after execution.
-await sandbox.sh`npm install`.text();
 ```
-Record without restoring:
+See the [main README](https://github.com/afshinm/zerobox#environment-variables) for what's inherited by default and the CLI equivalents.
-```ts
-const sandbox = Sandbox.create({
-  allowWrite: ["."],
-  snapshot: true,
-  snapshotExclude: ["node_modules"],
-});
+## Options
-await sandbox.sh`npm install`.text();
-```
+`Sandbox.create(options)` accepts a `SandboxOptions` object. All fields are optional.
-### Cancellation
+| Field | Type | Description |
+| --- | --- | --- |
+| `profile` | `string \| string[]` | Named profile(s). A list merges left-to-right. Default `"workspace"`. |
+| `allowRead` / `denyRead` | `string[]` | Readable / blocked paths. |
+| `allowWrite` / `denyWrite` | `string[]` | Writable / blocked paths. |
+| `allowNet` | `boolean \| string[]` | `true` allows all. A list restricts to those domains. |
+| `denyNet` | `string[]` | Blocked domains. |
+| `allowAll` | `boolean` | Full filesystem + network access. |
+| `noSandbox` | `boolean` | Disable the sandbox entirely. |
+| `strictSandbox` | `boolean` | Fail instead of falling back to weaker isolation. |
+| `cwd` | `string` | Working directory. |
+| `env` | `Record<string, string>` | Explicit env vars. |
+| `allowEnv` | `boolean \| string[]` | Inherit parent env vars. |
+| `denyEnv` | `string[]` | Blocked env vars. |
+| `snapshot` | `boolean` | Record filesystem changes. |
+| `restore` | `boolean` | Record and roll back after exit. Implies `snapshot`. |
+| `snapshotPaths` / `snapshotExclude` | `string[]` | Tracked paths / excluded patterns. |
+| `secrets` | `Record<string, SecretConfig>` | Secrets with per-host scopes. |
+| `debug` | `boolean` | Print sandbox config to stderr. |
-```ts
-const controller = new AbortController();
-await sandbox.sh`sleep 60`.text({ signal: controller.signal });
-```
+## Caveats
+Node.js `fetch` does not respect `HTTPS_PROXY` by default. When running Node inside a sandbox with secrets, pass `--use-env-proxy` to the sandboxed command.
+## Other SDKs
-## Performance
-Sandbox overhead is minimal, typically ~10ms and ~7MB:
-| Command            | Bare | Sandboxed | Overhead | Bare Mem | Sandbox Mem |
-| ------------------ | ---- | --------- | -------- | -------- | ----------- |
-| `echo hello`       | <1ms | 10ms      | +10ms    | 1.2 MB   | 8.4 MB      |
-| `node -e '...'`    | 10ms | 20ms      | +10ms    | 39.3 MB  | 39.1 MB     |
-| `python3 -c '...'` | 10ms | 20ms      | +10ms    | 12.9 MB  | 13.0 MB     |
-| `cat 10MB file`    | <1ms | 10ms      | +10ms    | 1.9 MB   | 8.4 MB      |
-| `curl https://...` | 50ms | 60ms      | +10ms    | 7.2 MB   | 8.4 MB      |
-<sub>Best of 10 runs with warmup on Apple M5 Pro. Run `./bench/run.sh` to reproduce.</sub>
-## Platform support
-| Platform | Backend                             | Status          |
-| -------- | ----------------------------------- | --------------- |
-| macOS    | Seatbelt (`sandbox-exec`)           | Fully supported |
-| Linux    | Bubblewrap + Seccomp + Namespaces   | Fully supported |
-| Windows  | Restricted Tokens + ACLs + Firewall | Planned         |
-## CLI reference
-| Flag                            | Example                                | Description                                                                                                  |
-| ------------------------------- | -------------------------------------- | ------------------------------------------------------------------------------------------------------------ |
-| `--allow-read <paths>`          | `--allow-read=/tmp,/data`              | Restrict readable user data to listed paths. System libraries remain accessible. Default: all reads allowed. |
-| `--deny-read <paths>`           | `--deny-read=/secret`                  | Block reading from these paths. Takes precedence over `--allow-read`.                                        |
-| `--allow-write [paths]`         | `--allow-write=.`                      | Allow writing to these paths. Without a value, allows writing everywhere. Default: no writes.                |
-| `--deny-write <paths>`          | `--deny-write=./.git`                  | Block writing to these paths. Takes precedence over `--allow-write`.                                         |
-| `--allow-net [domains]`         | `--allow-net=example.com`              | Allow outbound network. Without a value, allows all domains. Default: no network.                            |
-| `--deny-net <domains>`          | `--deny-net=evil.com`                  | Block network to these domains. Takes precedence over `--allow-net`.                                         |
-| `--env <KEY=VALUE>`             | `--env NODE_ENV=prod`                  | Set env var in the sandbox. Can be repeated.                                                                 |
-| `--allow-env [keys]`            | `--allow-env=PATH,HOME`                | Inherit parent env vars. Without a value, inherits all. Default: only PATH, HOME, USER, SHELL, TERM, LANG.   |
-| `--deny-env <keys>`             | `--deny-env=SECRET`                    | Drop these parent env vars. Takes precedence over `--allow-env`.                                             |
-| `--secret <KEY=VALUE>`          | `--secret API_KEY=sk-123`              | Pass a secret. The process sees a placeholder; the real value is injected at the proxy for approved hosts.   |
-| `--secret-host <KEY=HOSTS>`     | `--secret-host API_KEY=api.openai.com` | Restrict a secret to specific hosts. Without this, the secret is substituted for all hosts.                  |
-| `-A`, `--allow-all`             | `-A`                                   | Grant all filesystem and network permissions. Env and secrets still apply.                                   |
-| `--no-sandbox`                  | `--no-sandbox`                         | Disable the sandbox entirely.                                                                                |
-| `--strict-sandbox`              | `--strict-sandbox`                     | Require full sandbox (bubblewrap). Fail instead of falling back to weaker isolation.                         |
-| `--debug`                       | `--debug`                              | Print sandbox config and proxy decisions to stderr.                                                          |
-| `--snapshot`                    | `--snapshot`                           | Record filesystem changes during execution.                                                                  |
-| `--restore`                     | `--restore`                            | Record and restore tracked files to pre-execution state after exit. Implies `--snapshot`.                    |
-| `--snapshot-path <paths>`       | `--snapshot-path=./src`                | Paths to track for snapshots (default: cwd).                                                                 |
-| `--snapshot-exclude <patterns>` | `--snapshot-exclude=build`             | Exclude patterns from snapshots.                                                                             |
-| `-C <dir>`                      | `-C /workspace`                        | Set working directory for the sandboxed command.                                                             |
-| `-V`, `--version`               | `--version`                            | Print version.                                                                                               |
-| `-h`, `--help`                  | `--help`                               | Print help.                                                                                                  |
-### Snapshot subcommands
-| Command                                      | Description                                 |
-| -------------------------------------------- | ------------------------------------------- |
-| `zerobox snapshot list`                      | List recorded sessions.                     |
-| `zerobox snapshot diff <id>`                 | Show changes from a session.                |
-| `zerobox snapshot restore <id>`              | Restore filesystem to a session's baseline. |
-| `zerobox snapshot clean --older-than=<days>` | Remove old snapshot sessions.               |
+- [Python SDK](https://github.com/afshinm/zerobox/tree/main/sdks/python) (PyPI: `zerobox`)
+- [Rust SDK](https://github.com/afshinm/zerobox/tree/main/crates/zerobox) (crates.io: `zerobox`)
 ## License

package/dist/platforms.test.js CHANGED Viewed

@@ -132,8 +132,10 @@ describe("platformPackage", () => {
     it("returns undefined for unsupported arch", () => {
         expect(platformPackage(makeEnv({ platform: "darwin", arch: "s390x" }))).toBeUndefined();
     });
-    it("falls back to glibc when musl package unavailable for arch", () => {
-        // s390x has no musl variant, should fall back to glibc (also undefined for s390x)
+    it("returns undefined when musl is detected but arch is unsupported", () => {
+        // Exercises the musl → glibc fallback (`MUSL_PLATFORMS[key] ?? GLIBC_PLATFORMS[key]`).
+        // With today's dicts the fallback can never produce a value because no linux
+        // arch is glibc-only, but this guards the branch if they ever diverge.
         expect(platformPackage(makeEnv({
             arch: "s390x",
             linkerExists: () => true,

package/dist/platforms.test.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"platforms.test.js","sourceRoot":"","sources":["../src/platforms.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,eAAe,EAAoB,MAAM,gBAAgB,CAAC;AAE/E,SAAS,OAAO,CAAC,YAAkC,EAAE;IACnD,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,GAAG,EAAE,CAAC,KAAK;QACzB,YAAY,EAAE,GAAG,EAAE,CAAC,SAAS;QAC7B,SAAS,EAAE,GAAG,EAAE,CAAC,SAAS;QAC1B,SAAS,EAAE,GAAG,EAAE,CAAC,SAAS;QAC1B,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChE,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,iCAAiC;IAEjC,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,IAAI,EAAE,KAAK;YACX,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,0BAA0B;SACtD,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,IAAI,EAAE,OAAO;YACb,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,2BAA2B;SACvD,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,IAAI,EAAE,OAAO;YACb,YAAY,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,wCAAwC;YAClE,SAAS,EAAE,GAAG,EAAE,CAAC,WAAW;SAC7B,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,kDAAkD;IAElD,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,GAAG,GAAG,OAAO,CAAC,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;QACpD,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,YAAY,EAAE,GAAG,EAAE,CAAC,SAAS;YAC7B,SAAS,EAAE,GAAG,EAAE,CAAC,mCAAmC;SACrD,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,2BAA2B;IAE3B,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,SAAS,EAAE,GAAG,EAAE,CAAC,2DAA2D;SAC7E,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,SAAS,EAAE,GAAG,EAAE,CAAC,kEAAkE;SACpF,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,SAAS,EAAE,GAAG,EAAE,CAAC,qBAAqB;YACtC,SAAS,EAAE,GAAG,EAAE,CAAC,gCAAgC;SAClD,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,gCAAgC;IAEhC,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,SAAS,EAAE,GAAG,EAAE,CAAC,mDAAmD;SACrE,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,SAAS,EAAE,GAAG,EAAE,CAAC,8CAA8C;SAChE,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,uBAAuB;IAEvB,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,IAAI,EAAE,KAAK;YACX,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,0BAA0B;YACrD,SAAS,EAAE,GAAG,EAAE,CAAC,qBAAqB,EAAE,kBAAkB;SAC3D,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,YAAY,EAAE,GAAG,EAAE,CAAC,MAAM;YAC1B,SAAS,EAAE,GAAG,EAAE,CAAC,WAAW,EAAE,cAAc;SAC7C,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAC1E,2BAA2B,CAC5B,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CACxE,yBAAyB,CAC1B,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAC/E,wBAAwB,CACzB,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CACJ,eAAe,CACb,OAAO,CAAC;YACN,IAAI,EAAE,KAAK;YACX,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,0BAA0B;SACtD,CAAC,CACH,CACF,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,CACJ,eAAe,CACb,OAAO,CAAC;YACN,IAAI,EAAE,OAAO;YACb,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,2BAA2B;SACvD,CAAC,CACH,CACF,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;IAC1F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,~~4DAA4D~~,EAAE,GAAG,EAAE;~~QACpE~~,~~kFAAkF~~;~~QAClF~~,MAAM,CACJ,eAAe,CACb,OAAO,CAAC;YACN,IAAI,EAAE,OAAO;YACb,YAAY,EAAE,GAAG,EAAE,CAAC,IAAI;SACzB,CAAC,CACH,CACF,CAAC,aAAa,EAAE,CAAC;IACpB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
1	+ {"version":3,"file":"platforms.test.js","sourceRoot":"","sources":["../src/platforms.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,eAAe,EAAoB,MAAM,gBAAgB,CAAC;AAE/E,SAAS,OAAO,CAAC,YAAkC,EAAE;IACnD,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,GAAG,EAAE,CAAC,KAAK;QACzB,YAAY,EAAE,GAAG,EAAE,CAAC,SAAS;QAC7B,SAAS,EAAE,GAAG,EAAE,CAAC,SAAS;QAC1B,SAAS,EAAE,GAAG,EAAE,CAAC,SAAS;QAC1B,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChE,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,iCAAiC;IAEjC,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,IAAI,EAAE,KAAK;YACX,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,0BAA0B;SACtD,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,IAAI,EAAE,OAAO;YACb,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,2BAA2B;SACvD,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,IAAI,EAAE,OAAO;YACb,YAAY,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,wCAAwC;YAClE,SAAS,EAAE,GAAG,EAAE,CAAC,WAAW;SAC7B,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,kDAAkD;IAElD,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,GAAG,GAAG,OAAO,CAAC,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;QACpD,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,YAAY,EAAE,GAAG,EAAE,CAAC,SAAS;YAC7B,SAAS,EAAE,GAAG,EAAE,CAAC,mCAAmC;SACrD,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,2BAA2B;IAE3B,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,SAAS,EAAE,GAAG,EAAE,CAAC,2DAA2D;SAC7E,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,SAAS,EAAE,GAAG,EAAE,CAAC,kEAAkE;SACpF,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,SAAS,EAAE,GAAG,EAAE,CAAC,qBAAqB;YACtC,SAAS,EAAE,GAAG,EAAE,CAAC,gCAAgC;SAClD,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,gCAAgC;IAEhC,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,SAAS,EAAE,GAAG,EAAE,CAAC,mDAAmD;SACrE,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,SAAS,EAAE,GAAG,EAAE,CAAC,8CAA8C;SAChE,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,uBAAuB;IAEvB,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,IAAI,EAAE,KAAK;YACX,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,0BAA0B;YACrD,SAAS,EAAE,GAAG,EAAE,CAAC,qBAAqB,EAAE,kBAAkB;SAC3D,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,GAAG,GAAG,OAAO,CAAC;YAClB,YAAY,EAAE,GAAG,EAAE,CAAC,MAAM;YAC1B,SAAS,EAAE,GAAG,EAAE,CAAC,WAAW,EAAE,cAAc;SAC7C,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAC1E,2BAA2B,CAC5B,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CACxE,yBAAyB,CAC1B,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAC/E,wBAAwB,CACzB,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CACJ,eAAe,CACb,OAAO,CAAC;YACN,IAAI,EAAE,KAAK;YACX,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,0BAA0B;SACtD,CAAC,CACH,CACF,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,CACJ,eAAe,CACb,OAAO,CAAC;YACN,IAAI,EAAE,OAAO;YACb,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,2BAA2B;SACvD,CAAC,CACH,CACF,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;IAC1F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,uFAAuF;QACvF,6EAA6E;QAC7E,uEAAuE;QACvE,MAAM,CACJ,eAAe,CACb,OAAO,CAAC;YACN,IAAI,EAAE,OAAO;YACb,YAAY,EAAE,GAAG,EAAE,CAAC,IAAI;SACzB,CAAC,CACH,CACF,CAAC,aAAa,EAAE,CAAC;IACpB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "zerobox",
-  "version": "0.2.5",
+  "version": "0.3.0",
   "description": "Sandbox any command with file, network, and credential controls.",
   "license": "Apache-2.0",
   "repository": {
@@ -40,12 +40,12 @@
     "dist/"
   ],
   "optionalDependencies": {
-    "@zerobox/cli-darwin-x64": "0.2.5",
-    "@zerobox/cli-linux-arm64": "0.2.5",
-    "@zerobox/cli-linux-x64": "0.2.5",
-    "@zerobox/cli-linux-arm64-musl": "0.2.5",
-    "@zerobox/cli-darwin-arm64": "0.2.5",
-    "@zerobox/cli-linux-x64-musl": "0.2.5"
+    "@zerobox/cli-darwin-arm64": "0.3.0",
+    "@zerobox/cli-darwin-x64": "0.3.0",
+    "@zerobox/cli-linux-arm64": "0.3.0",
+    "@zerobox/cli-linux-x64": "0.3.0",
+    "@zerobox/cli-linux-arm64-musl": "0.3.0",
+    "@zerobox/cli-linux-x64-musl": "0.3.0"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",