zidane 5.10.13 → 5.11.1

package/dist/contexts/docker.js

@@ -1,5 +1,14 @@
+import { t as alwaysQuote } from "../shell-quote-BmnhZmdM.js";
 //#region src/contexts/docker.ts
 const SINGLE_QUOTE_RE = /'/g;
+/**
+* dockerode surfaces HTTP errors with a `statusCode`. 304 = container
+* already stopped, 404 = already gone — both are fine during teardown.
+*/
+function isGoneOrAlreadyStopped(err) {
+	const code = err?.statusCode;
+	return code === 304 || code === 404;
+}
 function createDockerContext(config) {
 	let counter = 0;
 	const containers = /* @__PURE__ */ new Map();
@@ -51,6 +60,14 @@ function createDockerContext(config) {
 			const hostConfig = {};
 			if (limits?.memory) hostConfig.Memory = limits.memory * 1024 * 1024;
 			if (limits?.cpu) hostConfig.NanoCpus = Number.parseFloat(limits.cpu) * 1e9;
+			const hardening = {
+				...config?.hardening,
+				...overrides?.hardening
+			};
+			if (hardening.dropAllCapabilities) hostConfig.CapDrop = ["ALL"];
+			if (hardening.noNewPrivileges) hostConfig.SecurityOpt = ["no-new-privileges"];
+			if (hardening.readonlyRootfs) hostConfig.ReadonlyRootfs = true;
+			if (hardening.pidsLimit != null) hostConfig.PidsLimit = hardening.pidsLimit;
 			const env = {
 				...defaultEnv,
 				...overrides?.env
@@ -86,7 +103,12 @@ function createDockerContext(config) {
 				...user ? { User: user } : {},
 				...Object.keys(labels).length ? { Labels: labels } : {}
 			});
-			await container.start();
+			try {
+				await container.start();
+			} catch (err) {
+				await container.remove({ force: true }).catch(() => {});
+				throw err;
+			}
 			const handle = {
 				id,
 				type: "docker",
@@ -104,8 +126,11 @@ function createDockerContext(config) {
 			if (!ref) throw new Error(`Container ${handle.id} not found`);
 			const execCwd = options?.cwd ?? handle.cwd;
 			const env = options?.env ? Object.entries(options.env).map(([k, v]) => `${k}=${v}`) : [];
+			const timeout = options?.timeout ?? defaultLimits?.timeout ?? 30;
 			const exec = await ref.container.exec({
 				Cmd: [
+					"timeout",
+					String(timeout),
 					"sh",
 					"-c",
 					command
@@ -151,7 +176,6 @@ function createDockerContext(config) {
 						stdout += chunk.toString("utf-8");
 					});
 				}
-				const timeout = options?.timeout ?? defaultLimits?.timeout ?? 30;
 				const timer = setTimeout(() => {
 					if (resolved) return;
 					resolved = true;
@@ -163,18 +187,26 @@ function createDockerContext(config) {
 						stderr: stderr ? `${stderr}\n[timeout]` : "[timeout]",
 						exitCode: 124
 					});
-				}, timeout * 1e3);
+				}, timeout * 1e3 + 1e3);
 				stream.on("end", async () => {
 					if (resolved) return;
 					resolved = true;
 					clearTimeout(timer);
-					let exitCode = 0;
+					let exitCode;
+					let inspectNote = "";
 					try {
-						exitCode = (await exec.inspect()).ExitCode ?? 0;
-					} catch {}
+						const inspect = await exec.inspect();
+						if (inspect.ExitCode == null) {
+							exitCode = -1;
+							inspectNote = "[exit code unavailable: exec still marked running by daemon]";
+						} else exitCode = inspect.ExitCode;
+					} catch (err) {
+						exitCode = -1;
+						inspectNote = `[exit code unavailable: exec inspect failed: ${err?.message ?? String(err)}]`;
+					}
 					resolve({
 						stdout,
-						stderr,
+						stderr: inspectNote ? stderr ? `${stderr}\n${inspectNote}` : inspectNote : stderr,
 						exitCode
 					});
 				});
@@ -191,17 +223,17 @@ function createDockerContext(config) {
 			});
 		},
 		async readFile(handle, path) {
-			const result = await ctx.exec(handle, `cat ${JSON.stringify(path)}`);
+			const result = await ctx.exec(handle, `cat ${alwaysQuote(path)}`);
 			if (result.exitCode !== 0) throw new Error(`Failed to read file: ${result.stderr}`);
 			return result.stdout;
 		},
 		async writeFile(handle, path, content) {
 			const escaped = content.replace(SINGLE_QUOTE_RE, String.raw`'\''`);
-			const result = await ctx.exec(handle, `mkdir -p "$(dirname ${JSON.stringify(path)})" && printf '%s' '${escaped}' > ${JSON.stringify(path)}`);
+			const result = await ctx.exec(handle, `mkdir -p "$(dirname ${alwaysQuote(path)})" && printf '%s' '${escaped}' > ${alwaysQuote(path)}`);
 			if (result.exitCode !== 0) throw new Error(`Failed to write file: ${result.stderr}`);
 		},
 		async listFiles(handle, path) {
-			const result = await ctx.exec(handle, `ls -1 ${JSON.stringify(path)}`);
+			const result = await ctx.exec(handle, `ls -1 ${alwaysQuote(path)}`);
 			if (result.exitCode !== 0) return [];
 			return result.stdout.trim().split("\n").filter(Boolean);
 		},
@@ -219,10 +251,17 @@ function createDockerContext(config) {
 			const ref = containers.get(handle.id);
 			if (!ref) return;
 			try {
-				await ref.container.stop({ t: 5 });
-				await ref.container.remove({ force: true });
-			} catch {}
-			containers.delete(handle.id);
+				try {
+					await ref.container.stop({ t: 5 });
+				} catch {}
+				try {
+					await ref.container.remove({ force: true });
+				} catch (err) {
+					if (!isGoneOrAlreadyStopped(err)) throw err;
+				}
+			} finally {
+				containers.delete(handle.id);
+			}
 		}
 	};
 	return ctx;

package/dist/contexts/docker.js.map

@@ -1 +1 @@
-{"version":3,"file":"docker.js","names":[],"sources":["../../src/contexts/docker.ts"],"sourcesContent":["/**\n * Docker execution context.\n *\n * Runs tools inside a Docker container via dockerode.\n * Full isolation with configurable resource limits.\n *\n * Requires `dockerode` as an optional peer dependency.\n */\n\nimport type { Buffer } from 'node:buffer'\nimport type { ContextCapabilities, ExecResult, ExecutionContext, ExecutionHandle, SpawnConfig } from './types'\n\nconst SINGLE_QUOTE_RE = /'/g\n\ninterface ContainerRef {\n  handle: ExecutionHandle\n  container: any\n  docker: any\n}\n\nexport function createDockerContext(config?: SpawnConfig): ExecutionContext {\n  let counter = 0\n  const containers = new Map<string, ContainerRef>()\n  const defaultImage = config?.image ?? 'oven/bun:latest'\n  const defaultCwd = config?.cwd ?? '/workspace'\n  const defaultEnv = config?.env\n  const defaultLimits = config?.limits\n  const defaultMounts = config?.mounts ?? []\n  const defaultName = config?.name\n\n  async function getDockerode() {\n    try {\n      const Dockerode = (await import('dockerode')).default\n      return new Dockerode()\n    }\n    catch {\n      throw new Error('dockerode is required for Docker execution context. Install it with: bun add dockerode')\n    }\n  }\n\n  const ctx: ExecutionContext = {\n    type: 'docker',\n\n    capabilities: {\n      shell: true,\n      filesystem: true,\n      network: true,\n      gpu: false,\n    } satisfies ContextCapabilities,\n\n    async spawn(overrides?: SpawnConfig): Promise<ExecutionHandle> {\n      const docker = await getDockerode()\n      const id = `docker-${++counter}`\n      const image = overrides?.image ?? defaultImage\n      const cwd = overrides?.cwd ?? defaultCwd\n      const mounts = [...defaultMounts, ...(overrides?.mounts ?? [])]\n      const name = overrides?.name ?? defaultName\n\n      // Pull image if not available\n      try {\n        await docker.getImage(image).inspect()\n      }\n      catch {\n        await new Promise<void>((resolve, reject) => {\n          docker.pull(image, (err: Error | null, stream: NodeJS.ReadableStream) => {\n            if (err)\n              return reject(err)\n            docker.modem.followProgress(stream, (err2: Error | null) => {\n              err2 ? reject(err2) : resolve()\n            })\n          })\n        })\n      }\n\n      const limits = { ...defaultLimits, ...overrides?.limits }\n      const hostConfig: Record<string, unknown> = {}\n\n      if (limits?.memory) {\n        hostConfig.Memory = limits.memory * 1024 * 1024\n      }\n      if (limits?.cpu) {\n        hostConfig.NanoCpus = Number.parseFloat(limits.cpu) * 1e9\n      }\n\n      const env = { ...defaultEnv, ...overrides?.env }\n\n      const bindSpecs = buildBindSpecs(mounts)\n      if (bindSpecs.length > 0) {\n        hostConfig.Binds = bindSpecs\n      }\n\n      const portSpec = overrides?.ports ?? config?.ports\n      const exposedPorts: Record<string, Record<string, never>> = {}\n      const portBindings: Record<string, Array<{ HostPort: string }>> = {}\n\n      if (portSpec?.length) {\n        for (const p of portSpec) {\n          const key = `${p.container}/${p.proto ?? 'tcp'}`\n          exposedPorts[key] = {}\n          portBindings[key] = [{ HostPort: p.host == null ? '' : String(p.host) }]\n        }\n        hostConfig.PortBindings = portBindings\n      }\n\n      const user = overrides?.user ?? config?.user\n      const network = overrides?.network ?? config?.network\n      if (network) {\n        hostConfig.NetworkMode = network\n      }\n\n      const labels = { ...config?.labels, ...overrides?.labels }\n\n      const container = await docker.createContainer({\n        // Suffix with a short random token so a crashed run's leftover container\n        // (same prefix) never blocks a fresh one with HTTP 409 name conflict.\n        ...(name ? { name: `${name}-${counter}-${Math.random().toString(36).slice(2, 8)}` } : {}),\n        Image: image,\n        Cmd: ['sleep', 'infinity'],\n        WorkingDir: cwd,\n        Env: Object.entries(env).map(([k, v]) => `${k}=${v}`),\n        HostConfig: hostConfig,\n        ...(Object.keys(exposedPorts).length ? { ExposedPorts: exposedPorts } : {}),\n        ...(user ? { User: user } : {}),\n        ...(Object.keys(labels).length ? { Labels: labels } : {}),\n      })\n\n      await container.start()\n\n      const handle: ExecutionHandle = { id, type: 'docker', cwd }\n      containers.set(id, { handle, container, docker })\n\n      return handle\n    },\n\n    async exec(handle: ExecutionHandle, command: string, options?: { cwd?: string, env?: Record<string, string>, timeout?: number }): Promise<ExecResult> {\n      const ref = containers.get(handle.id)\n      if (!ref)\n        throw new Error(`Container ${handle.id} not found`)\n\n      const execCwd = options?.cwd ?? handle.cwd\n      const env = options?.env\n        ? Object.entries(options.env).map(([k, v]) => `${k}=${v}`)\n        : []\n\n      const exec = await ref.container.exec({\n        Cmd: ['sh', '-c', command],\n        WorkingDir: execCwd,\n        Env: env,\n        AttachStdout: true,\n        AttachStderr: true,\n      })\n\n      const stream = await exec.start({ Detach: false })\n\n      return new Promise<ExecResult>((resolve) => {\n        let stdout = ''\n        let stderr = ''\n        let resolved = false\n\n        // Docker's exec stream is a multiplexed protocol — a single byte\n        // stream that interleaves stdout/stderr frames. `demuxStream`\n        // splits the two onto separate writable sinks. Without it, every\n        // byte landed on `stdout` and `stderr` was permanently empty.\n        const stdoutSink = {\n          write(chunk: Buffer | string) {\n            stdout += typeof chunk === 'string' ? chunk : chunk.toString('utf-8')\n            return true\n          },\n          end() {},\n          on() {},\n          once() {},\n          emit() { return true },\n        }\n        const stderrSink = {\n          write(chunk: Buffer | string) {\n            stderr += typeof chunk === 'string' ? chunk : chunk.toString('utf-8')\n            return true\n          },\n          end() {},\n          on() {},\n          once() {},\n          emit() { return true },\n        }\n        try {\n          ref.docker.modem.demuxStream(stream, stdoutSink, stderrSink)\n        }\n        catch {\n          // Older / different transports may not be multiplexed (TTY mode);\n          // fall back to a raw stdout reader so we don't lose output entirely.\n          stream.on('data', (chunk: Buffer) => {\n            stdout += chunk.toString('utf-8')\n          })\n        }\n\n        const timeout = options?.timeout ?? defaultLimits?.timeout ?? 30\n        const timer = setTimeout(() => {\n          if (resolved)\n            return\n          resolved = true\n          // Best-effort: detach the stream so we stop accumulating bytes\n          // from a runaway exec. The exec itself can't be killed cleanly\n          // through the dockerode exec API; the container's destroy() path\n          // (or a manual `docker exec kill`) is the real cleanup.\n          try { stream.destroy?.() }\n          catch { /* swallow */ }\n          resolve({ stdout, stderr: stderr ? `${stderr}\\n[timeout]` : '[timeout]', exitCode: 124 })\n        }, timeout * 1000)\n\n        stream.on('end', async () => {\n          if (resolved)\n            return\n          resolved = true\n          clearTimeout(timer)\n          let exitCode = 0\n          try {\n            const inspect = await exec.inspect()\n            exitCode = inspect.ExitCode ?? 0\n          }\n          catch {\n            // If inspect fails after a clean stream end, treat as success\n            // — we already received the full output stream.\n          }\n          resolve({ stdout, stderr, exitCode })\n        })\n\n        stream.on('error', (err: Error) => {\n          if (resolved)\n            return\n          resolved = true\n          clearTimeout(timer)\n          resolve({ stdout, stderr: stderr ? `${stderr}\\n${err.message}` : err.message, exitCode: 1 })\n        })\n      })\n    },\n\n    async readFile(handle: ExecutionHandle, path: string): Promise<string> {\n      const result = await ctx.exec(handle, `cat ${JSON.stringify(path)}`)\n      if (result.exitCode !== 0)\n        throw new Error(`Failed to read file: ${result.stderr}`)\n      return result.stdout\n    },\n\n    async writeFile(handle: ExecutionHandle, path: string, content: string): Promise<void> {\n      const escaped = content.replace(SINGLE_QUOTE_RE, String.raw`'\\''`)\n      const result = await ctx.exec(handle, `mkdir -p \"$(dirname ${JSON.stringify(path)})\" && printf '%s' '${escaped}' > ${JSON.stringify(path)}`)\n      if (result.exitCode !== 0)\n        throw new Error(`Failed to write file: ${result.stderr}`)\n    },\n\n    async listFiles(handle: ExecutionHandle, path: string): Promise<string[]> {\n      const result = await ctx.exec(handle, `ls -1 ${JSON.stringify(path)}`)\n      if (result.exitCode !== 0)\n        return []\n      return result.stdout.trim().split('\\n').filter(Boolean)\n    },\n\n    async getMappedPort(handle: ExecutionHandle, containerPort: number): Promise<number | null> {\n      const ref = containers.get(handle.id)\n      if (!ref)\n        return null\n\n      const info = await ref.container.inspect()\n      const bindings = info?.NetworkSettings?.Ports ?? {}\n\n      for (const proto of ['tcp', 'udp']) {\n        const list = bindings[`${containerPort}/${proto}`]\n        if (Array.isArray(list) && list.length > 0 && list[0]?.HostPort) {\n          return Number.parseInt(list[0].HostPort, 10)\n        }\n      }\n\n      return null\n    },\n\n    async destroy(handle: ExecutionHandle): Promise<void> {\n      const ref = containers.get(handle.id)\n      if (!ref)\n        return\n\n      try {\n        await ref.container.stop({ t: 5 })\n        await ref.container.remove({ force: true })\n      }\n      catch {\n        // Container may already be stopped\n      }\n\n      containers.delete(handle.id)\n    },\n  }\n\n  return ctx\n}\n\n/**\n * Format one {@link ContextMount} as a dockerode `HostConfig.Binds` entry.\n * Supports read-only (`:ro`) and SELinux shared-label (`:z`) options; the two\n * are mutually exclusive (a read-only mount can't also be a shared rw mount).\n */\nfunction formatBindMount(mount: NonNullable<SpawnConfig['mounts']>[number]): string {\n  if (!mount.source)\n    throw new Error('Docker mount source is required')\n  if (!mount.target || !mount.target.startsWith('/'))\n    throw new Error(`Docker mount target must be an absolute path: ${mount.target}`)\n  if (mount.readonly && mount.shared)\n    throw new Error(`Docker mount cannot be both readonly and shared: ${mount.target}`)\n  const opts = mount.readonly ? ':ro' : mount.shared ? ':z' : ''\n  return `${mount.source}:${mount.target}${opts}`\n}\n\n/** Assemble dockerode `HostConfig.Binds` from the context's `mounts`. */\nexport function buildBindSpecs(mounts: NonNullable<SpawnConfig['mounts']>): string[] {\n  return mounts.map(formatBindMount)\n}\n"],"mappings":";AAYA,MAAM,kBAAkB;AAQxB,SAAgB,oBAAoB,QAAwC;CAC1E,IAAI,UAAU;CACd,MAAM,6BAAa,IAAI,IAA0B;CACjD,MAAM,eAAe,QAAQ,SAAS;CACtC,MAAM,aAAa,QAAQ,OAAO;CAClC,MAAM,aAAa,QAAQ;CAC3B,MAAM,gBAAgB,QAAQ;CAC9B,MAAM,gBAAgB,QAAQ,UAAU,CAAC;CACzC,MAAM,cAAc,QAAQ;CAE5B,eAAe,eAAe;EAC5B,IAAI;GACF,MAAM,aAAa,MAAM,OAAO,cAAc;GAC9C,OAAO,IAAI,UAAU;EACvB,QACM;GACJ,MAAM,IAAI,MAAM,wFAAwF;EAC1G;CACF;CAEA,MAAM,MAAwB;EAC5B,MAAM;EAEN,cAAc;GACZ,OAAO;GACP,YAAY;GACZ,SAAS;GACT,KAAK;EACP;EAEA,MAAM,MAAM,WAAmD;GAC7D,MAAM,SAAS,MAAM,aAAa;GAClC,MAAM,KAAK,UAAU,EAAE;GACvB,MAAM,QAAQ,WAAW,SAAS;GAClC,MAAM,MAAM,WAAW,OAAO;GAC9B,MAAM,SAAS,CAAC,GAAG,eAAe,GAAI,WAAW,UAAU,CAAC,CAAE;GAC9D,MAAM,OAAO,WAAW,QAAQ;GAGhC,IAAI;IACF,MAAM,OAAO,SAAS,KAAK,EAAE,QAAQ;GACvC,QACM;IACJ,MAAM,IAAI,SAAe,SAAS,WAAW;KAC3C,OAAO,KAAK,QAAQ,KAAmB,WAAkC;MACvE,IAAI,KACF,OAAO,OAAO,GAAG;MACnB,OAAO,MAAM,eAAe,SAAS,SAAuB;OAC1D,OAAO,OAAO,IAAI,IAAI,QAAQ;MAChC,CAAC;KACH,CAAC;IACH,CAAC;GACH;GAEA,MAAM,SAAS;IAAE,GAAG;IAAe,GAAG,WAAW;GAAO;GACxD,MAAM,aAAsC,CAAC;GAE7C,IAAI,QAAQ,QACV,WAAW,SAAS,OAAO,SAAS,OAAO;GAE7C,IAAI,QAAQ,KACV,WAAW,WAAW,OAAO,WAAW,OAAO,GAAG,IAAI;GAGxD,MAAM,MAAM;IAAE,GAAG;IAAY,GAAG,WAAW;GAAI;GAE/C,MAAM,YAAY,eAAe,MAAM;GACvC,IAAI,UAAU,SAAS,GACrB,WAAW,QAAQ;GAGrB,MAAM,WAAW,WAAW,SAAS,QAAQ;GAC7C,MAAM,eAAsD,CAAC;GAC7D,MAAM,eAA4D,CAAC;GAEnE,IAAI,UAAU,QAAQ;IACpB,KAAK,MAAM,KAAK,UAAU;KACxB,MAAM,MAAM,GAAG,EAAE,UAAU,GAAG,EAAE,SAAS;KACzC,aAAa,OAAO,CAAC;KACrB,aAAa,OAAO,CAAC,EAAE,UAAU,EAAE,QAAQ,OAAO,KAAK,OAAO,EAAE,IAAI,EAAE,CAAC;IACzE;IACA,WAAW,eAAe;GAC5B;GAEA,MAAM,OAAO,WAAW,QAAQ,QAAQ;GACxC,MAAM,UAAU,WAAW,WAAW,QAAQ;GAC9C,IAAI,SACF,WAAW,cAAc;GAG3B,MAAM,SAAS;IAAE,GAAG,QAAQ;IAAQ,GAAG,WAAW;GAAO;GAEzD,MAAM,YAAY,MAAM,OAAO,gBAAgB;IAG7C,GAAI,OAAO,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC;IACvF,OAAO;IACP,KAAK,CAAC,SAAS,UAAU;IACzB,YAAY;IACZ,KAAK,OAAO,QAAQ,GAAG,EAAE,KAAK,CAAC,GAAG,OAAO,GAAG,EAAE,GAAG,GAAG;IACpD,YAAY;IACZ,GAAI,OAAO,KAAK,YAAY,EAAE,SAAS,EAAE,cAAc,aAAa,IAAI,CAAC;IACzE,GAAI,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,GAAI,OAAO,KAAK,MAAM,EAAE,SAAS,EAAE,QAAQ,OAAO,IAAI,CAAC;GACzD,CAAC;GAED,MAAM,UAAU,MAAM;GAEtB,MAAM,SAA0B;IAAE;IAAI,MAAM;IAAU;GAAI;GAC1D,WAAW,IAAI,IAAI;IAAE;IAAQ;IAAW;GAAO,CAAC;GAEhD,OAAO;EACT;EAEA,MAAM,KAAK,QAAyB,SAAiB,SAAiG;GACpJ,MAAM,MAAM,WAAW,IAAI,OAAO,EAAE;GACpC,IAAI,CAAC,KACH,MAAM,IAAI,MAAM,aAAa,OAAO,GAAG,WAAW;GAEpD,MAAM,UAAU,SAAS,OAAO,OAAO;GACvC,MAAM,MAAM,SAAS,MACjB,OAAO,QAAQ,QAAQ,GAAG,EAAE,KAAK,CAAC,GAAG,OAAO,GAAG,EAAE,GAAG,GAAG,IACvD,CAAC;GAEL,MAAM,OAAO,MAAM,IAAI,UAAU,KAAK;IACpC,KAAK;KAAC;KAAM;KAAM;IAAO;IACzB,YAAY;IACZ,KAAK;IACL,cAAc;IACd,cAAc;GAChB,CAAC;GAED,MAAM,SAAS,MAAM,KAAK,MAAM,EAAE,QAAQ,MAAM,CAAC;GAEjD,OAAO,IAAI,SAAqB,YAAY;IAC1C,IAAI,SAAS;IACb,IAAI,SAAS;IACb,IAAI,WAAW;IAMf,MAAM,aAAa;KACjB,MAAM,OAAwB;MAC5B,UAAU,OAAO,UAAU,WAAW,QAAQ,MAAM,SAAS,OAAO;MACpE,OAAO;KACT;KACA,MAAM,CAAC;KACP,KAAK,CAAC;KACN,OAAO,CAAC;KACR,OAAO;MAAE,OAAO;KAAK;IACvB;IACA,MAAM,aAAa;KACjB,MAAM,OAAwB;MAC5B,UAAU,OAAO,UAAU,WAAW,QAAQ,MAAM,SAAS,OAAO;MACpE,OAAO;KACT;KACA,MAAM,CAAC;KACP,KAAK,CAAC;KACN,OAAO,CAAC;KACR,OAAO;MAAE,OAAO;KAAK;IACvB;IACA,IAAI;KACF,IAAI,OAAO,MAAM,YAAY,QAAQ,YAAY,UAAU;IAC7D,QACM;KAGJ,OAAO,GAAG,SAAS,UAAkB;MACnC,UAAU,MAAM,SAAS,OAAO;KAClC,CAAC;IACH;IAEA,MAAM,UAAU,SAAS,WAAW,eAAe,WAAW;IAC9D,MAAM,QAAQ,iBAAiB;KAC7B,IAAI,UACF;KACF,WAAW;KAKX,IAAI;MAAE,OAAO,UAAU;KAAE,QACnB,CAAgB;KACtB,QAAQ;MAAE;MAAQ,QAAQ,SAAS,GAAG,OAAO,eAAe;MAAa,UAAU;KAAI,CAAC;IAC1F,GAAG,UAAU,GAAI;IAEjB,OAAO,GAAG,OAAO,YAAY;KAC3B,IAAI,UACF;KACF,WAAW;KACX,aAAa,KAAK;KAClB,IAAI,WAAW;KACf,IAAI;MAEF,YAAW,MADW,KAAK,QAAQ,GAChB,YAAY;KACjC,QACM,CAGN;KACA,QAAQ;MAAE;MAAQ;MAAQ;KAAS,CAAC;IACtC,CAAC;IAED,OAAO,GAAG,UAAU,QAAe;KACjC,IAAI,UACF;KACF,WAAW;KACX,aAAa,KAAK;KAClB,QAAQ;MAAE;MAAQ,QAAQ,SAAS,GAAG,OAAO,IAAI,IAAI,YAAY,IAAI;MAAS,UAAU;KAAE,CAAC;IAC7F,CAAC;GACH,CAAC;EACH;EAEA,MAAM,SAAS,QAAyB,MAA+B;GACrE,MAAM,SAAS,MAAM,IAAI,KAAK,QAAQ,OAAO,KAAK,UAAU,IAAI,GAAG;GACnE,IAAI,OAAO,aAAa,GACtB,MAAM,IAAI,MAAM,wBAAwB,OAAO,QAAQ;GACzD,OAAO,OAAO;EAChB;EAEA,MAAM,UAAU,QAAyB,MAAc,SAAgC;GACrF,MAAM,UAAU,QAAQ,QAAQ,iBAAiB,OAAO,GAAG,MAAM;GACjE,MAAM,SAAS,MAAM,IAAI,KAAK,QAAQ,uBAAuB,KAAK,UAAU,IAAI,EAAE,qBAAqB,QAAQ,MAAM,KAAK,UAAU,IAAI,GAAG;GAC3I,IAAI,OAAO,aAAa,GACtB,MAAM,IAAI,MAAM,yBAAyB,OAAO,QAAQ;EAC5D;EAEA,MAAM,UAAU,QAAyB,MAAiC;GACxE,MAAM,SAAS,MAAM,IAAI,KAAK,QAAQ,SAAS,KAAK,UAAU,IAAI,GAAG;GACrE,IAAI,OAAO,aAAa,GACtB,OAAO,CAAC;GACV,OAAO,OAAO,OAAO,KAAK,EAAE,MAAM,IAAI,EAAE,OAAO,OAAO;EACxD;EAEA,MAAM,cAAc,QAAyB,eAA+C;GAC1F,MAAM,MAAM,WAAW,IAAI,OAAO,EAAE;GACpC,IAAI,CAAC,KACH,OAAO;GAGT,MAAM,YAAW,MADE,IAAI,UAAU,QAAQ,IAClB,iBAAiB,SAAS,CAAC;GAElD,KAAK,MAAM,SAAS,CAAC,OAAO,KAAK,GAAG;IAClC,MAAM,OAAO,SAAS,GAAG,cAAc,GAAG;IAC1C,IAAI,MAAM,QAAQ,IAAI,KAAK,KAAK,SAAS,KAAK,KAAK,IAAI,UACrD,OAAO,OAAO,SAAS,KAAK,GAAG,UAAU,EAAE;GAE/C;GAEA,OAAO;EACT;EAEA,MAAM,QAAQ,QAAwC;GACpD,MAAM,MAAM,WAAW,IAAI,OAAO,EAAE;GACpC,IAAI,CAAC,KACH;GAEF,IAAI;IACF,MAAM,IAAI,UAAU,KAAK,EAAE,GAAG,EAAE,CAAC;IACjC,MAAM,IAAI,UAAU,OAAO,EAAE,OAAO,KAAK,CAAC;GAC5C,QACM,CAEN;GAEA,WAAW,OAAO,OAAO,EAAE;EAC7B;CACF;CAEA,OAAO;AACT;;;;;;AAOA,SAAS,gBAAgB,OAA2D;CAClF,IAAI,CAAC,MAAM,QACT,MAAM,IAAI,MAAM,iCAAiC;CACnD,IAAI,CAAC,MAAM,UAAU,CAAC,MAAM,OAAO,WAAW,GAAG,GAC/C,MAAM,IAAI,MAAM,iDAAiD,MAAM,QAAQ;CACjF,IAAI,MAAM,YAAY,MAAM,QAC1B,MAAM,IAAI,MAAM,oDAAoD,MAAM,QAAQ;CACpF,MAAM,OAAO,MAAM,WAAW,QAAQ,MAAM,SAAS,OAAO;CAC5D,OAAO,GAAG,MAAM,OAAO,GAAG,MAAM,SAAS;AAC3C;;AAGA,SAAgB,eAAe,QAAsD;CACnF,OAAO,OAAO,IAAI,eAAe;AACnC"}
+{"version":3,"file":"docker.js","names":[],"sources":["../../src/contexts/docker.ts"],"sourcesContent":["/**\n * Docker execution context.\n *\n * Runs tools inside a Docker container via dockerode.\n * Full isolation with configurable resource limits.\n *\n * Requires `dockerode` as an optional peer dependency.\n */\n\nimport type { Buffer } from 'node:buffer'\nimport type { ContextCapabilities, ExecResult, ExecutionContext, ExecutionHandle, SpawnConfig } from './types'\nimport { alwaysQuote } from '../tools/shell-quote'\n\nconst SINGLE_QUOTE_RE = /'/g\n\n/**\n * dockerode surfaces HTTP errors with a `statusCode`. 304 = container\n * already stopped, 404 = already gone — both are fine during teardown.\n */\nfunction isGoneOrAlreadyStopped(err: unknown): boolean {\n  const code = (err as { statusCode?: number } | null)?.statusCode\n  return code === 304 || code === 404\n}\n\ninterface ContainerRef {\n  handle: ExecutionHandle\n  container: any\n  docker: any\n}\n\nexport function createDockerContext(config?: SpawnConfig): ExecutionContext {\n  let counter = 0\n  const containers = new Map<string, ContainerRef>()\n  const defaultImage = config?.image ?? 'oven/bun:latest'\n  const defaultCwd = config?.cwd ?? '/workspace'\n  const defaultEnv = config?.env\n  const defaultLimits = config?.limits\n  const defaultMounts = config?.mounts ?? []\n  const defaultName = config?.name\n\n  async function getDockerode() {\n    try {\n      const Dockerode = (await import('dockerode')).default\n      return new Dockerode()\n    }\n    catch {\n      throw new Error('dockerode is required for Docker execution context. Install it with: bun add dockerode')\n    }\n  }\n\n  const ctx: ExecutionContext = {\n    type: 'docker',\n\n    capabilities: {\n      shell: true,\n      filesystem: true,\n      network: true,\n      gpu: false,\n    } satisfies ContextCapabilities,\n\n    async spawn(overrides?: SpawnConfig): Promise<ExecutionHandle> {\n      const docker = await getDockerode()\n      const id = `docker-${++counter}`\n      const image = overrides?.image ?? defaultImage\n      const cwd = overrides?.cwd ?? defaultCwd\n      const mounts = [...defaultMounts, ...(overrides?.mounts ?? [])]\n      const name = overrides?.name ?? defaultName\n\n      // Pull image if not available\n      try {\n        await docker.getImage(image).inspect()\n      }\n      catch {\n        await new Promise<void>((resolve, reject) => {\n          docker.pull(image, (err: Error | null, stream: NodeJS.ReadableStream) => {\n            if (err)\n              return reject(err)\n            docker.modem.followProgress(stream, (err2: Error | null) => {\n              err2 ? reject(err2) : resolve()\n            })\n          })\n        })\n      }\n\n      const limits = { ...defaultLimits, ...overrides?.limits }\n      const hostConfig: Record<string, unknown> = {}\n\n      if (limits?.memory) {\n        hostConfig.Memory = limits.memory * 1024 * 1024\n      }\n      if (limits?.cpu) {\n        hostConfig.NanoCpus = Number.parseFloat(limits.cpu) * 1e9\n      }\n\n      // Opt-in hardening (all OFF by default — see ContextHardening).\n      const hardening = { ...config?.hardening, ...overrides?.hardening }\n      if (hardening.dropAllCapabilities)\n        hostConfig.CapDrop = ['ALL']\n      if (hardening.noNewPrivileges)\n        hostConfig.SecurityOpt = ['no-new-privileges']\n      if (hardening.readonlyRootfs)\n        hostConfig.ReadonlyRootfs = true\n      if (hardening.pidsLimit != null)\n        hostConfig.PidsLimit = hardening.pidsLimit\n\n      const env = { ...defaultEnv, ...overrides?.env }\n\n      const bindSpecs = buildBindSpecs(mounts)\n      if (bindSpecs.length > 0) {\n        hostConfig.Binds = bindSpecs\n      }\n\n      const portSpec = overrides?.ports ?? config?.ports\n      const exposedPorts: Record<string, Record<string, never>> = {}\n      const portBindings: Record<string, Array<{ HostPort: string }>> = {}\n\n      if (portSpec?.length) {\n        for (const p of portSpec) {\n          const key = `${p.container}/${p.proto ?? 'tcp'}`\n          exposedPorts[key] = {}\n          portBindings[key] = [{ HostPort: p.host == null ? '' : String(p.host) }]\n        }\n        hostConfig.PortBindings = portBindings\n      }\n\n      const user = overrides?.user ?? config?.user\n      const network = overrides?.network ?? config?.network\n      if (network) {\n        hostConfig.NetworkMode = network\n      }\n\n      const labels = { ...config?.labels, ...overrides?.labels }\n\n      const container = await docker.createContainer({\n        // Suffix with a short random token so a crashed run's leftover container\n        // (same prefix) never blocks a fresh one with HTTP 409 name conflict.\n        ...(name ? { name: `${name}-${counter}-${Math.random().toString(36).slice(2, 8)}` } : {}),\n        Image: image,\n        Cmd: ['sleep', 'infinity'],\n        WorkingDir: cwd,\n        Env: Object.entries(env).map(([k, v]) => `${k}=${v}`),\n        HostConfig: hostConfig,\n        ...(Object.keys(exposedPorts).length ? { ExposedPorts: exposedPorts } : {}),\n        ...(user ? { User: user } : {}),\n        ...(Object.keys(labels).length ? { Labels: labels } : {}),\n      })\n\n      try {\n        await container.start()\n      }\n      catch (err) {\n        // The container was created but never started — remove it so a\n        // failed spawn doesn't leak a stopped container on the daemon.\n        await container.remove({ force: true }).catch(() => {})\n        throw err\n      }\n\n      const handle: ExecutionHandle = { id, type: 'docker', cwd }\n      containers.set(id, { handle, container, docker })\n\n      return handle\n    },\n\n    async exec(handle: ExecutionHandle, command: string, options?: { cwd?: string, env?: Record<string, string>, timeout?: number }): Promise<ExecResult> {\n      const ref = containers.get(handle.id)\n      if (!ref)\n        throw new Error(`Container ${handle.id} not found`)\n\n      const execCwd = options?.cwd ?? handle.cwd\n      const env = options?.env\n        ? Object.entries(options.env).map(([k, v]) => `${k}=${v}`)\n        : []\n\n      const timeout = options?.timeout ?? defaultLimits?.timeout ?? 30\n\n      const exec = await ref.container.exec({\n        // Wrap with coreutils `timeout` so a runaway command is killed\n        // server-side too — the host-side timer below only detaches the\n        // stream; without this the process would keep running in the\n        // container until destroy(). Exec-array form avoids re-quoting the\n        // command. `timeout` exits 124 on expiry, matching the host\n        // sentinel. (Default image oven/bun is Debian-based → coreutils.)\n        Cmd: ['timeout', String(timeout), 'sh', '-c', command],\n        WorkingDir: execCwd,\n        Env: env,\n        AttachStdout: true,\n        AttachStderr: true,\n      })\n\n      const stream = await exec.start({ Detach: false })\n\n      return new Promise<ExecResult>((resolve) => {\n        let stdout = ''\n        let stderr = ''\n        let resolved = false\n\n        // Docker's exec stream is a multiplexed protocol — a single byte\n        // stream that interleaves stdout/stderr frames. `demuxStream`\n        // splits the two onto separate writable sinks. Without it, every\n        // byte landed on `stdout` and `stderr` was permanently empty.\n        const stdoutSink = {\n          write(chunk: Buffer | string) {\n            stdout += typeof chunk === 'string' ? chunk : chunk.toString('utf-8')\n            return true\n          },\n          end() {},\n          on() {},\n          once() {},\n          emit() { return true },\n        }\n        const stderrSink = {\n          write(chunk: Buffer | string) {\n            stderr += typeof chunk === 'string' ? chunk : chunk.toString('utf-8')\n            return true\n          },\n          end() {},\n          on() {},\n          once() {},\n          emit() { return true },\n        }\n        try {\n          ref.docker.modem.demuxStream(stream, stdoutSink, stderrSink)\n        }\n        catch {\n          // Older / different transports may not be multiplexed (TTY mode);\n          // fall back to a raw stdout reader so we don't lose output entirely.\n          stream.on('data', (chunk: Buffer) => {\n            stdout += chunk.toString('utf-8')\n          })\n        }\n\n        // Host-side fallback timer. The server-side `timeout` wrapper is\n        // the primary kill mechanism; give it a grace second so the\n        // stream-end path (which carries the real exit code) usually wins.\n        const timer = setTimeout(() => {\n          if (resolved)\n            return\n          resolved = true\n          // Best-effort: detach the stream so we stop accumulating bytes.\n          // The server-side `timeout` wrapper kills the process itself.\n          try { stream.destroy?.() }\n          catch { /* swallow */ }\n          resolve({ stdout, stderr: stderr ? `${stderr}\\n[timeout]` : '[timeout]', exitCode: 124 })\n        }, timeout * 1000 + 1000)\n\n        stream.on('end', async () => {\n          if (resolved)\n            return\n          resolved = true\n          clearTimeout(timer)\n          let exitCode: number\n          let inspectNote = ''\n          try {\n            const inspect = await exec.inspect()\n            // `ExitCode: null` means Docker hasn't recorded an exit yet —\n            // the outcome is unknown, not success. Use a sentinel so\n            // callers don't mistake it for a clean exit.\n            if (inspect.ExitCode == null) {\n              exitCode = -1\n              inspectNote = '[exit code unavailable: exec still marked running by daemon]'\n            }\n            else {\n              exitCode = inspect.ExitCode\n            }\n          }\n          catch (err) {\n            exitCode = -1\n            inspectNote = `[exit code unavailable: exec inspect failed: ${(err as Error)?.message ?? String(err)}]`\n          }\n          resolve({\n            stdout,\n            stderr: inspectNote ? (stderr ? `${stderr}\\n${inspectNote}` : inspectNote) : stderr,\n            exitCode,\n          })\n        })\n\n        stream.on('error', (err: Error) => {\n          if (resolved)\n            return\n          resolved = true\n          clearTimeout(timer)\n          resolve({ stdout, stderr: stderr ? `${stderr}\\n${err.message}` : err.message, exitCode: 1 })\n        })\n      })\n    },\n\n    // Paths are model-supplied — single-quote them (`alwaysQuote`) rather\n    // than JSON.stringify: `$(…)` and backticks still expand inside the\n    // double quotes JSON produces, which was a command-injection vector.\n    async readFile(handle: ExecutionHandle, path: string): Promise<string> {\n      const result = await ctx.exec(handle, `cat ${alwaysQuote(path)}`)\n      if (result.exitCode !== 0)\n        throw new Error(`Failed to read file: ${result.stderr}`)\n      return result.stdout\n    },\n\n    async writeFile(handle: ExecutionHandle, path: string, content: string): Promise<void> {\n      const escaped = content.replace(SINGLE_QUOTE_RE, String.raw`'\\''`)\n      const result = await ctx.exec(handle, `mkdir -p \"$(dirname ${alwaysQuote(path)})\" && printf '%s' '${escaped}' > ${alwaysQuote(path)}`)\n      if (result.exitCode !== 0)\n        throw new Error(`Failed to write file: ${result.stderr}`)\n    },\n\n    async listFiles(handle: ExecutionHandle, path: string): Promise<string[]> {\n      const result = await ctx.exec(handle, `ls -1 ${alwaysQuote(path)}`)\n      if (result.exitCode !== 0)\n        return []\n      return result.stdout.trim().split('\\n').filter(Boolean)\n    },\n\n    async getMappedPort(handle: ExecutionHandle, containerPort: number): Promise<number | null> {\n      const ref = containers.get(handle.id)\n      if (!ref)\n        return null\n\n      const info = await ref.container.inspect()\n      const bindings = info?.NetworkSettings?.Ports ?? {}\n\n      for (const proto of ['tcp', 'udp']) {\n        const list = bindings[`${containerPort}/${proto}`]\n        if (Array.isArray(list) && list.length > 0 && list[0]?.HostPort) {\n          return Number.parseInt(list[0].HostPort, 10)\n        }\n      }\n\n      return null\n    },\n\n    async destroy(handle: ExecutionHandle): Promise<void> {\n      const ref = containers.get(handle.id)\n      if (!ref)\n        return\n\n      try {\n        try {\n          await ref.container.stop({ t: 5 })\n        }\n        catch {\n          // 304 (already stopped) / 404 (already gone) are expected here.\n          // Any other stop failure must not prevent the remove({force})\n          // below — force removal also works on running containers.\n        }\n        try {\n          await ref.container.remove({ force: true })\n        }\n        catch (err) {\n          if (!isGoneOrAlreadyStopped(err))\n            throw err\n        }\n      }\n      finally {\n        containers.delete(handle.id)\n      }\n    },\n  }\n\n  return ctx\n}\n\n/**\n * Format one {@link ContextMount} as a dockerode `HostConfig.Binds` entry.\n * Supports read-only (`:ro`) and SELinux shared-label (`:z`) options; the two\n * are mutually exclusive (a read-only mount can't also be a shared rw mount).\n */\nfunction formatBindMount(mount: NonNullable<SpawnConfig['mounts']>[number]): string {\n  if (!mount.source)\n    throw new Error('Docker mount source is required')\n  if (!mount.target || !mount.target.startsWith('/'))\n    throw new Error(`Docker mount target must be an absolute path: ${mount.target}`)\n  if (mount.readonly && mount.shared)\n    throw new Error(`Docker mount cannot be both readonly and shared: ${mount.target}`)\n  const opts = mount.readonly ? ':ro' : mount.shared ? ':z' : ''\n  return `${mount.source}:${mount.target}${opts}`\n}\n\n/** Assemble dockerode `HostConfig.Binds` from the context's `mounts`. */\nexport function buildBindSpecs(mounts: NonNullable<SpawnConfig['mounts']>): string[] {\n  return mounts.map(formatBindMount)\n}\n"],"mappings":";;AAaA,MAAM,kBAAkB;;;;;AAMxB,SAAS,uBAAuB,KAAuB;CACrD,MAAM,OAAQ,KAAwC;CACtD,OAAO,SAAS,OAAO,SAAS;AAClC;AAQA,SAAgB,oBAAoB,QAAwC;CAC1E,IAAI,UAAU;CACd,MAAM,6BAAa,IAAI,IAA0B;CACjD,MAAM,eAAe,QAAQ,SAAS;CACtC,MAAM,aAAa,QAAQ,OAAO;CAClC,MAAM,aAAa,QAAQ;CAC3B,MAAM,gBAAgB,QAAQ;CAC9B,MAAM,gBAAgB,QAAQ,UAAU,CAAC;CACzC,MAAM,cAAc,QAAQ;CAE5B,eAAe,eAAe;EAC5B,IAAI;GACF,MAAM,aAAa,MAAM,OAAO,cAAc;GAC9C,OAAO,IAAI,UAAU;EACvB,QACM;GACJ,MAAM,IAAI,MAAM,wFAAwF;EAC1G;CACF;CAEA,MAAM,MAAwB;EAC5B,MAAM;EAEN,cAAc;GACZ,OAAO;GACP,YAAY;GACZ,SAAS;GACT,KAAK;EACP;EAEA,MAAM,MAAM,WAAmD;GAC7D,MAAM,SAAS,MAAM,aAAa;GAClC,MAAM,KAAK,UAAU,EAAE;GACvB,MAAM,QAAQ,WAAW,SAAS;GAClC,MAAM,MAAM,WAAW,OAAO;GAC9B,MAAM,SAAS,CAAC,GAAG,eAAe,GAAI,WAAW,UAAU,CAAC,CAAE;GAC9D,MAAM,OAAO,WAAW,QAAQ;GAGhC,IAAI;IACF,MAAM,OAAO,SAAS,KAAK,EAAE,QAAQ;GACvC,QACM;IACJ,MAAM,IAAI,SAAe,SAAS,WAAW;KAC3C,OAAO,KAAK,QAAQ,KAAmB,WAAkC;MACvE,IAAI,KACF,OAAO,OAAO,GAAG;MACnB,OAAO,MAAM,eAAe,SAAS,SAAuB;OAC1D,OAAO,OAAO,IAAI,IAAI,QAAQ;MAChC,CAAC;KACH,CAAC;IACH,CAAC;GACH;GAEA,MAAM,SAAS;IAAE,GAAG;IAAe,GAAG,WAAW;GAAO;GACxD,MAAM,aAAsC,CAAC;GAE7C,IAAI,QAAQ,QACV,WAAW,SAAS,OAAO,SAAS,OAAO;GAE7C,IAAI,QAAQ,KACV,WAAW,WAAW,OAAO,WAAW,OAAO,GAAG,IAAI;GAIxD,MAAM,YAAY;IAAE,GAAG,QAAQ;IAAW,GAAG,WAAW;GAAU;GAClE,IAAI,UAAU,qBACZ,WAAW,UAAU,CAAC,KAAK;GAC7B,IAAI,UAAU,iBACZ,WAAW,cAAc,CAAC,mBAAmB;GAC/C,IAAI,UAAU,gBACZ,WAAW,iBAAiB;GAC9B,IAAI,UAAU,aAAa,MACzB,WAAW,YAAY,UAAU;GAEnC,MAAM,MAAM;IAAE,GAAG;IAAY,GAAG,WAAW;GAAI;GAE/C,MAAM,YAAY,eAAe,MAAM;GACvC,IAAI,UAAU,SAAS,GACrB,WAAW,QAAQ;GAGrB,MAAM,WAAW,WAAW,SAAS,QAAQ;GAC7C,MAAM,eAAsD,CAAC;GAC7D,MAAM,eAA4D,CAAC;GAEnE,IAAI,UAAU,QAAQ;IACpB,KAAK,MAAM,KAAK,UAAU;KACxB,MAAM,MAAM,GAAG,EAAE,UAAU,GAAG,EAAE,SAAS;KACzC,aAAa,OAAO,CAAC;KACrB,aAAa,OAAO,CAAC,EAAE,UAAU,EAAE,QAAQ,OAAO,KAAK,OAAO,EAAE,IAAI,EAAE,CAAC;IACzE;IACA,WAAW,eAAe;GAC5B;GAEA,MAAM,OAAO,WAAW,QAAQ,QAAQ;GACxC,MAAM,UAAU,WAAW,WAAW,QAAQ;GAC9C,IAAI,SACF,WAAW,cAAc;GAG3B,MAAM,SAAS;IAAE,GAAG,QAAQ;IAAQ,GAAG,WAAW;GAAO;GAEzD,MAAM,YAAY,MAAM,OAAO,gBAAgB;IAG7C,GAAI,OAAO,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC;IACvF,OAAO;IACP,KAAK,CAAC,SAAS,UAAU;IACzB,YAAY;IACZ,KAAK,OAAO,QAAQ,GAAG,EAAE,KAAK,CAAC,GAAG,OAAO,GAAG,EAAE,GAAG,GAAG;IACpD,YAAY;IACZ,GAAI,OAAO,KAAK,YAAY,EAAE,SAAS,EAAE,cAAc,aAAa,IAAI,CAAC;IACzE,GAAI,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,GAAI,OAAO,KAAK,MAAM,EAAE,SAAS,EAAE,QAAQ,OAAO,IAAI,CAAC;GACzD,CAAC;GAED,IAAI;IACF,MAAM,UAAU,MAAM;GACxB,SACO,KAAK;IAGV,MAAM,UAAU,OAAO,EAAE,OAAO,KAAK,CAAC,EAAE,YAAY,CAAC,CAAC;IACtD,MAAM;GACR;GAEA,MAAM,SAA0B;IAAE;IAAI,MAAM;IAAU;GAAI;GAC1D,WAAW,IAAI,IAAI;IAAE;IAAQ;IAAW;GAAO,CAAC;GAEhD,OAAO;EACT;EAEA,MAAM,KAAK,QAAyB,SAAiB,SAAiG;GACpJ,MAAM,MAAM,WAAW,IAAI,OAAO,EAAE;GACpC,IAAI,CAAC,KACH,MAAM,IAAI,MAAM,aAAa,OAAO,GAAG,WAAW;GAEpD,MAAM,UAAU,SAAS,OAAO,OAAO;GACvC,MAAM,MAAM,SAAS,MACjB,OAAO,QAAQ,QAAQ,GAAG,EAAE,KAAK,CAAC,GAAG,OAAO,GAAG,EAAE,GAAG,GAAG,IACvD,CAAC;GAEL,MAAM,UAAU,SAAS,WAAW,eAAe,WAAW;GAE9D,MAAM,OAAO,MAAM,IAAI,UAAU,KAAK;IAOpC,KAAK;KAAC;KAAW,OAAO,OAAO;KAAG;KAAM;KAAM;IAAO;IACrD,YAAY;IACZ,KAAK;IACL,cAAc;IACd,cAAc;GAChB,CAAC;GAED,MAAM,SAAS,MAAM,KAAK,MAAM,EAAE,QAAQ,MAAM,CAAC;GAEjD,OAAO,IAAI,SAAqB,YAAY;IAC1C,IAAI,SAAS;IACb,IAAI,SAAS;IACb,IAAI,WAAW;IAMf,MAAM,aAAa;KACjB,MAAM,OAAwB;MAC5B,UAAU,OAAO,UAAU,WAAW,QAAQ,MAAM,SAAS,OAAO;MACpE,OAAO;KACT;KACA,MAAM,CAAC;KACP,KAAK,CAAC;KACN,OAAO,CAAC;KACR,OAAO;MAAE,OAAO;KAAK;IACvB;IACA,MAAM,aAAa;KACjB,MAAM,OAAwB;MAC5B,UAAU,OAAO,UAAU,WAAW,QAAQ,MAAM,SAAS,OAAO;MACpE,OAAO;KACT;KACA,MAAM,CAAC;KACP,KAAK,CAAC;KACN,OAAO,CAAC;KACR,OAAO;MAAE,OAAO;KAAK;IACvB;IACA,IAAI;KACF,IAAI,OAAO,MAAM,YAAY,QAAQ,YAAY,UAAU;IAC7D,QACM;KAGJ,OAAO,GAAG,SAAS,UAAkB;MACnC,UAAU,MAAM,SAAS,OAAO;KAClC,CAAC;IACH;IAKA,MAAM,QAAQ,iBAAiB;KAC7B,IAAI,UACF;KACF,WAAW;KAGX,IAAI;MAAE,OAAO,UAAU;KAAE,QACnB,CAAgB;KACtB,QAAQ;MAAE;MAAQ,QAAQ,SAAS,GAAG,OAAO,eAAe;MAAa,UAAU;KAAI,CAAC;IAC1F,GAAG,UAAU,MAAO,GAAI;IAExB,OAAO,GAAG,OAAO,YAAY;KAC3B,IAAI,UACF;KACF,WAAW;KACX,aAAa,KAAK;KAClB,IAAI;KACJ,IAAI,cAAc;KAClB,IAAI;MACF,MAAM,UAAU,MAAM,KAAK,QAAQ;MAInC,IAAI,QAAQ,YAAY,MAAM;OAC5B,WAAW;OACX,cAAc;MAChB,OAEE,WAAW,QAAQ;KAEvB,SACO,KAAK;MACV,WAAW;MACX,cAAc,gDAAiD,KAAe,WAAW,OAAO,GAAG,EAAE;KACvG;KACA,QAAQ;MACN;MACA,QAAQ,cAAe,SAAS,GAAG,OAAO,IAAI,gBAAgB,cAAe;MAC7E;KACF,CAAC;IACH,CAAC;IAED,OAAO,GAAG,UAAU,QAAe;KACjC,IAAI,UACF;KACF,WAAW;KACX,aAAa,KAAK;KAClB,QAAQ;MAAE;MAAQ,QAAQ,SAAS,GAAG,OAAO,IAAI,IAAI,YAAY,IAAI;MAAS,UAAU;KAAE,CAAC;IAC7F,CAAC;GACH,CAAC;EACH;EAKA,MAAM,SAAS,QAAyB,MAA+B;GACrE,MAAM,SAAS,MAAM,IAAI,KAAK,QAAQ,OAAO,YAAY,IAAI,GAAG;GAChE,IAAI,OAAO,aAAa,GACtB,MAAM,IAAI,MAAM,wBAAwB,OAAO,QAAQ;GACzD,OAAO,OAAO;EAChB;EAEA,MAAM,UAAU,QAAyB,MAAc,SAAgC;GACrF,MAAM,UAAU,QAAQ,QAAQ,iBAAiB,OAAO,GAAG,MAAM;GACjE,MAAM,SAAS,MAAM,IAAI,KAAK,QAAQ,uBAAuB,YAAY,IAAI,EAAE,qBAAqB,QAAQ,MAAM,YAAY,IAAI,GAAG;GACrI,IAAI,OAAO,aAAa,GACtB,MAAM,IAAI,MAAM,yBAAyB,OAAO,QAAQ;EAC5D;EAEA,MAAM,UAAU,QAAyB,MAAiC;GACxE,MAAM,SAAS,MAAM,IAAI,KAAK,QAAQ,SAAS,YAAY,IAAI,GAAG;GAClE,IAAI,OAAO,aAAa,GACtB,OAAO,CAAC;GACV,OAAO,OAAO,OAAO,KAAK,EAAE,MAAM,IAAI,EAAE,OAAO,OAAO;EACxD;EAEA,MAAM,cAAc,QAAyB,eAA+C;GAC1F,MAAM,MAAM,WAAW,IAAI,OAAO,EAAE;GACpC,IAAI,CAAC,KACH,OAAO;GAGT,MAAM,YAAW,MADE,IAAI,UAAU,QAAQ,IAClB,iBAAiB,SAAS,CAAC;GAElD,KAAK,MAAM,SAAS,CAAC,OAAO,KAAK,GAAG;IAClC,MAAM,OAAO,SAAS,GAAG,cAAc,GAAG;IAC1C,IAAI,MAAM,QAAQ,IAAI,KAAK,KAAK,SAAS,KAAK,KAAK,IAAI,UACrD,OAAO,OAAO,SAAS,KAAK,GAAG,UAAU,EAAE;GAE/C;GAEA,OAAO;EACT;EAEA,MAAM,QAAQ,QAAwC;GACpD,MAAM,MAAM,WAAW,IAAI,OAAO,EAAE;GACpC,IAAI,CAAC,KACH;GAEF,IAAI;IACF,IAAI;KACF,MAAM,IAAI,UAAU,KAAK,EAAE,GAAG,EAAE,CAAC;IACnC,QACM,CAIN;IACA,IAAI;KACF,MAAM,IAAI,UAAU,OAAO,EAAE,OAAO,KAAK,CAAC;IAC5C,SACO,KAAK;KACV,IAAI,CAAC,uBAAuB,GAAG,GAC7B,MAAM;IACV;GACF,UACQ;IACN,WAAW,OAAO,OAAO,EAAE;GAC7B;EACF;CACF;CAEA,OAAO;AACT;;;;;;AAOA,SAAS,gBAAgB,OAA2D;CAClF,IAAI,CAAC,MAAM,QACT,MAAM,IAAI,MAAM,iCAAiC;CACnD,IAAI,CAAC,MAAM,UAAU,CAAC,MAAM,OAAO,WAAW,GAAG,GAC/C,MAAM,IAAI,MAAM,iDAAiD,MAAM,QAAQ;CACjF,IAAI,MAAM,YAAY,MAAM,QAC1B,MAAM,IAAI,MAAM,oDAAoD,MAAM,QAAQ;CACpF,MAAM,OAAO,MAAM,WAAW,QAAQ,MAAM,SAAS,OAAO;CAC5D,OAAO,GAAG,MAAM,OAAO,GAAG,MAAM,SAAS;AAC3C;;AAGA,SAAgB,eAAe,QAAsD;CACnF,OAAO,OAAO,IAAI,eAAe;AACnC"}

package/dist/contexts/e2b.d.ts

@@ -0,0 +1,168 @@
+import { t as SandboxProvider } from "../index-CrMb8jCE.js";
+import { a as Logger } from "../logger-n4LsLISE.js";
+
+//#region src/contexts/e2b.d.ts
+interface E2BCommandResult {
+  stdout: string;
+  stderr: string;
+  exitCode: number;
+}
+interface E2BEntry {
+  name: string;
+}
+interface E2BSandbox {
+  sandboxId: string;
+  commands: {
+    run: (cmd: string, opts?: {
+      cwd?: string;
+      envs?: Record<string, string>;
+      timeoutMs?: number;
+    }) => Promise<E2BCommandResult>;
+  };
+  files: {
+    read: (path: string) => Promise<string>;
+    write: (path: string, data: string) => Promise<unknown>;
+    list: (path: string) => Promise<E2BEntry[]>;
+  };
+  kill: () => Promise<unknown>;
+}
+interface E2BProviderOptions {
+  /** E2B API key. Falls back to the `E2B_API_KEY` env var when omitted. */
+  apiKey?: string;
+  /**
+   * E2B API domain. Set this to point at a self-hosted / on-prem cluster
+   * (e.g. `e2b.my-company.internal`). Falls back to the `E2B_DOMAIN` env var,
+   * then to E2B's hosted default.
+   */
+  domain?: string;
+  /**
+   * Sandbox template id / name to launch. Falls back to the `E2B_TEMPLATE`
+   * env var, then to E2B's hosted `base` template. Note that `base` does not
+   * exist on self-hosted clusters — supply a template that does.
+   */
+  template?: string;
+  /**
+   * Connect to a pre-existing sandbox by id instead of creating a fresh one
+   * (E2B's `Sandbox.connect`). When set, `template` is ignored — you're
+   * attaching to a sandbox that already exists. The provider treats such a
+   * sandbox as externally owned: it is NOT killed on `destroy`, nor torn down
+   * if the readiness probe / pregame fails, since the caller manages its
+   * lifecycle. Per-spawn `SpawnConfig.sandbox.sandboxId` overrides this.
+   */
+  sandboxId?: string;
+  /**
+   * Default working directory, applied when a spawn doesn't set its own
+   * `SpawnConfig.cwd`. Created on spawn. Defaults to E2B's `/home/user`.
+   */
+  cwd?: string;
+  /**
+   * Sandbox lifetime in seconds before E2B auto-kills it. Defaults to the
+   * SDK default (300s). Per-spawn `SpawnConfig.limits.timeout` overrides this.
+   */
+  timeoutSeconds?: number;
+  /**
+   * Environment variables baked into every sandbox at create time (passed to
+   * E2B's `Sandbox.create({ envs })`), so every command run in the sandbox
+   * sees them. Per-spawn `SpawnConfig.env` is merged over these.
+   */
+  env?: Record<string, string>;
+  /**
+   * Logger for provider-level lifecycle lines (notably the readiness wait).
+   * Defaults to a {@link consoleSink}-backed logger so the messages reach
+   * stderr without the caller wiring one up.
+   */
+  logger?: Logger;
+  /**
+   * Total deadline, in seconds, for the post-create readiness probe (see
+   * {@link waitForE2BReady}). A freshly-created sandbox can return its id
+   * before `envd` accepts commands; `spawn` blocks until a trivial probe
+   * succeeds so the first real command never absorbs the cold start. Defaults
+   * to `60`. Set to `0` to disable the gate.
+   */
+  readinessTimeoutSeconds?: number;
+  /**
+   * A setup script to upload and run once the sandbox is ready, before any
+   * prompting begins (see {@link runE2BPregame}). `name` is the basename used
+   * for the uploaded file; `content` is the script body. The script is run
+   * directly so its shebang selects the interpreter. A non-zero exit aborts
+   * `spawn` (and tears the sandbox down) — a broken setup must not silently
+   * hand back a half-provisioned sandbox.
+   */
+  pregame?: {
+    name: string;
+    content: string;
+  };
+}
+/**
+ * Upload a setup ("pregame") script into a ready sandbox and execute it.
+ *
+ * Writes the script to `/tmp/<name>`, then `chmod +x`'s and runs it directly
+ * (so a `#!/bin/bash` / `#!/usr/bin/env python3` shebang chooses the
+ * interpreter) in `cwd` with `envs` applied — the same env the sandbox was
+ * created with, so the script sees the run's `--env` / `--pass-env`. A
+ * generous {@link PREGAME_TIMEOUT_MS} ceiling is used so long `apt`/`pip`
+ * installs aren't killed by E2B's 60s command default. A non-zero exit
+ * (whether E2B returns it or raises on it) throws, so the caller can tear the
+ * sandbox down rather than prompt against a broken environment.
+ */
+declare function runE2BPregame(sandbox: E2BSandbox, logger: Logger, opts: {
+  name: string;
+  content: string;
+  cwd?: string;
+  envs?: Record<string, string>;
+}): Promise<void>;
+interface E2BReadinessOptions {
+  /** Total deadline in seconds. `<= 0` disables the probe entirely. */
+  timeoutSeconds: number;
+  /**
+   * Whether to kill the sandbox if it never becomes ready. Defaults to `true`
+   * (we created it, so a dead sandbox is ours to clean up). Pass `false` when
+   * attaching to an externally-owned sandbox — failing the probe shouldn't tear
+   * down a sandbox the caller is managing.
+   */
+  killOnTimeout?: boolean;
+  /** Clock source — injectable so tests can drive the deadline deterministically. */
+  now?: () => number;
+  /** Sleep between probes — injectable so tests can advance the clock without waiting. */
+  sleep?: (ms: number) => Promise<void>;
+}
+/**
+ * Block until an E2B sandbox is ready to run commands, or throw if it never
+ * becomes ready within the deadline.
+ *
+ * The E2B control plane can hand back a sandbox id before the sandbox's `envd`
+ * is accepting commands; the first real command then absorbs that cold start
+ * and may time out. This polls a trivial `true` command on a short backoff,
+ * logging a `waiting…` line up front and a `ready` line (with `elapsedMs`) on
+ * success. On deadline exhaustion it best-effort kills the sandbox and throws.
+ *
+ * `now`/`sleep` are injectable purely for deterministic tests; in production
+ * they default to `Date.now` and a real timer.
+ */
+declare function waitForE2BReady(sandbox: E2BSandbox, logger: Logger, opts: E2BReadinessOptions): Promise<void>;
+/**
+ * Resolve the effective E2B template, highest precedence first: the per-spawn
+ * `SpawnConfig.sandbox.template`, then the factory `template` option, then the
+ * `E2B_TEMPLATE` env var. Returns `undefined` (→ SDK's `base` default) when
+ * none is set. The E2B SDK reads `E2B_API_KEY`/`E2B_DOMAIN` from the env but
+ * NOT `E2B_TEMPLATE`, so this provider has to honor it itself.
+ */
+declare function resolveE2BTemplate(perSpawnTemplate: string | undefined, optionTemplate: string | undefined, env?: Record<string, string | undefined>): string | undefined;
+/**
+ * Merge the factory-level {@link E2BProviderOptions.env} with the per-spawn
+ * `SpawnConfig.env`, per-spawn winning on key conflicts. Returns `undefined`
+ * when the merge is empty so callers can skip setting `envs` on the create
+ * options entirely (rather than handing the SDK an empty object).
+ */
+declare function resolveE2BEnv(optionEnv: Record<string, string> | undefined, perSpawnEnv: Record<string, string> | undefined): Record<string, string> | undefined;
+/**
+ * Build a {@link SandboxProvider} backed by E2B.
+ *
+ * The provider owns a registry of live {@link E2BSandbox} instances keyed by
+ * sandbox id, so the per-call `exec`/`readFile`/… hooks reuse the same warm
+ * connection rather than reconnecting each time.
+ */
+declare function createE2BProvider(options?: E2BProviderOptions): SandboxProvider;
+//#endregion
+export { E2BProviderOptions, E2BReadinessOptions, createE2BProvider, resolveE2BEnv, resolveE2BTemplate, runE2BPregame, waitForE2BReady };
+//# sourceMappingURL=e2b.d.ts.map

package/dist/contexts/e2b.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"e2b.d.ts","names":[],"sources":["../../src/contexts/e2b.ts"],"mappings":";;;;UAmDU,gBAAA;EACR,MAAA;EACA,MAAA;EACA,QAAA;AAAA;AAAA,UAGQ,QAAA;EACR,IAAI;AAAA;AAAA,UAGI,UAAA;EACR,SAAA;EACA,QAAA;IACE,GAAA,GAAM,GAAA,UAAa,IAAA;MAAS,GAAA;MAAc,IAAA,GAAO,MAAA;MAAwB,SAAA;IAAA,MAAyB,OAAA,CAAQ,gBAAA;EAAA;EAE5G,KAAA;IACE,IAAA,GAAO,IAAA,aAAiB,OAAA;IACxB,KAAA,GAAQ,IAAA,UAAc,IAAA,aAAiB,OAAA;IACvC,IAAA,GAAO,IAAA,aAAiB,OAAA,CAAQ,QAAA;EAAA;EAElC,IAAA,QAAY,OAAA;AAAA;AAAA,UA0BG,kBAAA;EAEf;EAAA,MAAA;EAYA;;;;;EANA,MAAA;EAqCA;;;;;EA/BA,QAAA;EAgDiC;AAAA;AA4BnC;;;;;;EAnEE,SAAA;EAuEQ;;;;EAlER,GAAA;EAgEA;;;;EA3DA,cAAA;EA4D4D;;;;AACpD;EAvDR,GAAA,GAAM,MAAA;EAqF4B;;;;;EA/ElC,MAAA,GAAS,MAAM;EA4Ff;;;;AAA+B;AAgBjC;;EApGE,uBAAA;EAqGS;;;;;;;;EA5FT,OAAA;IAAY,IAAA;IAAc,OAAA;EAAA;AAAA;;AA+FlB;AAmCV;;;;;;;;;AAGuD;iBAzGjC,aAAA,CACpB,OAAA,EAAS,UAAA,EACT,MAAA,EAAQ,MAAA,EACR,IAAA;EAAQ,IAAA;EAAc,OAAA;EAAiB,GAAA;EAAc,IAAA,GAAO,MAAA;AAAA,IAC3D,OAAA;AAAA,UA8Bc,mBAAA;EAqFR;EAnFP,cAAA;EAiFA;;;;;AAEO;EA5EP,aAAA;EA4F+B;EA1F/B,GAAA;EA0FkF;EAxFlF,KAAA,IAAS,EAAA,aAAe,OAAO;AAAA;;;AAwFmD;;;;;;;;;;;iBAxE9D,eAAA,CACpB,OAAA,EAAS,UAAA,EACT,MAAA,EAAQ,MAAA,EACR,IAAA,EAAM,mBAAA,GACL,OAAA;;;;;;;;iBAmCa,kBAAA,CACd,gBAAA,sBACA,cAAA,sBACA,GAAA,GAAK,MAAM;;;;;;;iBAWG,aAAA,CACd,SAAA,EAAW,MAAA,8BACX,WAAA,EAAa,MAAA,+BACZ,MAAA;;;;;;;;iBAgBa,iBAAA,CAAkB,OAAA,GAAS,kBAAA,GAA0B,eAAe"}

package/dist/contexts/e2b.js

@@ -0,0 +1,261 @@
+import { n as createLogger, t as consoleSink } from "../logger-Ktm-lj1s.js";
+//#region src/contexts/e2b.ts
+/** Per-probe timeout for the readiness `true` command. */
+const READINESS_PROBE_TIMEOUT_MS = 5e3;
+/** Pause between readiness probes while the sandbox is still warming up. */
+const READINESS_BACKOFF_MS = 250;
+/**
+* Command timeout for the pregame setup script. E2B's `commands.run` defaults
+* to 60s and offers no true "unlimited" — a `timeoutMs` of 0 is a 0ms deadline
+* (instant timeout), not "off". Setup scripts (`apt`/`pip` installs, builds)
+* routinely exceed 60s, so we pass a deliberately generous 30-minute ceiling.
+* The sandbox's own lifetime independently bounds anything longer.
+*/
+const PREGAME_TIMEOUT_MS = 1800 * 1e3;
+/**
+* Upload a setup ("pregame") script into a ready sandbox and execute it.
+*
+* Writes the script to `/tmp/<name>`, then `chmod +x`'s and runs it directly
+* (so a `#!/bin/bash` / `#!/usr/bin/env python3` shebang chooses the
+* interpreter) in `cwd` with `envs` applied — the same env the sandbox was
+* created with, so the script sees the run's `--env` / `--pass-env`. A
+* generous {@link PREGAME_TIMEOUT_MS} ceiling is used so long `apt`/`pip`
+* installs aren't killed by E2B's 60s command default. A non-zero exit
+* (whether E2B returns it or raises on it) throws, so the caller can tear the
+* sandbox down rather than prompt against a broken environment.
+*/
+async function runE2BPregame(sandbox, logger, opts) {
+	const path = `/tmp/${opts.name}`;
+	logger.info("running E2B pregame script", {
+		sandboxId: sandbox.sandboxId,
+		path
+	});
+	await sandbox.files.write(path, opts.content);
+	const quoted = JSON.stringify(path);
+	let result;
+	try {
+		result = await sandbox.commands.run(`chmod +x ${quoted} && ${quoted}`, {
+			cwd: opts.cwd,
+			envs: opts.envs,
+			timeoutMs: PREGAME_TIMEOUT_MS
+		});
+	} catch (err) {
+		const exitCode = typeof err?.exitCode === "number" ? err.exitCode : 124;
+		logger.error("E2B pregame script failed", {
+			sandboxId: sandbox.sandboxId,
+			exitCode,
+			stdout: err?.stdout ?? "",
+			stderr: err?.stderr ?? err?.message ?? ""
+		});
+		throw new Error(`E2B pregame script ${opts.name} failed with exit code ${exitCode}`);
+	}
+	if (result.exitCode !== 0) {
+		logger.error("E2B pregame script failed", {
+			sandboxId: sandbox.sandboxId,
+			exitCode: result.exitCode,
+			stdout: result.stdout,
+			stderr: result.stderr
+		});
+		throw new Error(`E2B pregame script ${opts.name} failed with exit code ${result.exitCode}`);
+	}
+	logger.info("E2B pregame ready", {
+		sandboxId: sandbox.sandboxId,
+		stdout: result.stdout,
+		stderr: result.stderr
+	});
+}
+/**
+* Block until an E2B sandbox is ready to run commands, or throw if it never
+* becomes ready within the deadline.
+*
+* The E2B control plane can hand back a sandbox id before the sandbox's `envd`
+* is accepting commands; the first real command then absorbs that cold start
+* and may time out. This polls a trivial `true` command on a short backoff,
+* logging a `waiting…` line up front and a `ready` line (with `elapsedMs`) on
+* success. On deadline exhaustion it best-effort kills the sandbox and throws.
+*
+* `now`/`sleep` are injectable purely for deterministic tests; in production
+* they default to `Date.now` and a real timer.
+*/
+async function waitForE2BReady(sandbox, logger, opts) {
+	if (opts.timeoutSeconds <= 0) return;
+	const now = opts.now ?? Date.now;
+	const sleep = opts.sleep ?? ((ms) => new Promise((resolve) => setTimeout(resolve, ms)));
+	const start = now();
+	const deadline = start + opts.timeoutSeconds * 1e3;
+	logger.info("waiting for E2B sandbox to initialize", { sandboxId: sandbox.sandboxId });
+	while (true) try {
+		await sandbox.commands.run("true", { timeoutMs: READINESS_PROBE_TIMEOUT_MS });
+		logger.info("E2B sandbox ready", {
+			sandboxId: sandbox.sandboxId,
+			elapsedMs: now() - start
+		});
+		return;
+	} catch {
+		if (now() >= deadline) {
+			if (opts.killOnTimeout !== false) await sandbox.kill().catch(() => {});
+			throw new Error(`E2B sandbox ${sandbox.sandboxId} did not become ready within ${opts.timeoutSeconds}s`);
+		}
+		await sleep(READINESS_BACKOFF_MS);
+	}
+}
+/**
+* Resolve the effective E2B template, highest precedence first: the per-spawn
+* `SpawnConfig.sandbox.template`, then the factory `template` option, then the
+* `E2B_TEMPLATE` env var. Returns `undefined` (→ SDK's `base` default) when
+* none is set. The E2B SDK reads `E2B_API_KEY`/`E2B_DOMAIN` from the env but
+* NOT `E2B_TEMPLATE`, so this provider has to honor it itself.
+*/
+function resolveE2BTemplate(perSpawnTemplate, optionTemplate, env = process.env) {
+	return perSpawnTemplate || optionTemplate || env.E2B_TEMPLATE || void 0;
+}
+/**
+* Merge the factory-level {@link E2BProviderOptions.env} with the per-spawn
+* `SpawnConfig.env`, per-spawn winning on key conflicts. Returns `undefined`
+* when the merge is empty so callers can skip setting `envs` on the create
+* options entirely (rather than handing the SDK an empty object).
+*/
+function resolveE2BEnv(optionEnv, perSpawnEnv) {
+	const merged = {
+		...optionEnv,
+		...perSpawnEnv
+	};
+	return Object.keys(merged).length > 0 ? merged : void 0;
+}
+/**
+* Build a {@link SandboxProvider} backed by E2B.
+*
+* The provider owns a registry of live {@link E2BSandbox} instances keyed by
+* sandbox id, so the per-call `exec`/`readFile`/… hooks reuse the same warm
+* connection rather than reconnecting each time.
+*/
+function createE2BProvider(options = {}) {
+	const live = /* @__PURE__ */ new Map();
+	const logger = options.logger ?? createLogger(consoleSink());
+	const readinessTimeoutSeconds = options.readinessTimeoutSeconds ?? 60;
+	async function loadSdk() {
+		try {
+			return (await import("e2b")).Sandbox;
+		} catch {
+			throw new Error("e2b is required for the E2B sandbox provider. Install it with: bun add e2b");
+		}
+	}
+	function get(sandboxId) {
+		const entry = live.get(sandboxId);
+		if (!entry) throw new Error(`E2B sandbox ${sandboxId} is not tracked by this provider`);
+		return entry;
+	}
+	return {
+		name: "e2b",
+		async spawn(config) {
+			const Sandbox = await loadSdk();
+			const sb = config.sandbox ?? {};
+			const apiKey = sb.apiKey ?? options.apiKey;
+			const domain = sb.domain ?? options.domain;
+			const template = resolveE2BTemplate(sb.template, options.template);
+			const timeoutSeconds = config.limits?.timeout ?? options.timeoutSeconds;
+			const connectId = sb.sandboxId ?? options.sandboxId;
+			const envs = resolveE2BEnv(options.env, config.env);
+			let sandbox;
+			const owned = connectId === void 0;
+			if (connectId !== void 0) {
+				const connectOpts = {};
+				if (apiKey !== void 0) connectOpts.apiKey = apiKey;
+				if (domain !== void 0) connectOpts.domain = domain;
+				if (timeoutSeconds !== void 0) connectOpts.timeoutMs = timeoutSeconds * 1e3;
+				sandbox = await Sandbox.connect(connectId, connectOpts);
+			} else {
+				const createOpts = {};
+				if (apiKey !== void 0) createOpts.apiKey = apiKey;
+				if (domain !== void 0) createOpts.domain = domain;
+				if (envs) createOpts.envs = envs;
+				if (timeoutSeconds !== void 0) createOpts.timeoutMs = timeoutSeconds * 1e3;
+				sandbox = template !== void 0 ? await Sandbox.create(template, createOpts) : await Sandbox.create(createOpts);
+			}
+			live.set(sandbox.sandboxId, {
+				sandbox,
+				env: envs,
+				owned
+			});
+			try {
+				await waitForE2BReady(sandbox, logger, {
+					timeoutSeconds: readinessTimeoutSeconds,
+					killOnTimeout: owned
+				});
+			} catch (err) {
+				live.delete(sandbox.sandboxId);
+				throw err;
+			}
+			const requestedCwd = config.cwd ?? options.cwd;
+			let cwd;
+			if (requestedCwd) {
+				cwd = requestedCwd;
+				await sandbox.commands.run(`mkdir -p ${JSON.stringify(cwd)}`).catch(() => {});
+			} else cwd = await sandbox.commands.run("pwd").then((r) => r.stdout.trim()).catch(() => "") || "/home/user";
+			if (options.pregame) try {
+				await runE2BPregame(sandbox, logger, {
+					name: options.pregame.name,
+					content: options.pregame.content,
+					cwd,
+					envs
+				});
+			} catch (err) {
+				if (owned) await sandbox.kill().catch(() => {});
+				live.delete(sandbox.sandboxId);
+				throw err;
+			}
+			return {
+				id: sandbox.sandboxId,
+				cwd
+			};
+		},
+		async exec(sandboxId, command, opts) {
+			const { sandbox, env } = get(sandboxId);
+			const timeoutMs = (opts?.timeout ?? 30) * 1e3;
+			try {
+				const result = await sandbox.commands.run(command, {
+					cwd: opts?.cwd,
+					envs: resolveE2BEnv(env, opts?.env),
+					timeoutMs: timeoutMs > 0 ? timeoutMs : void 0
+				});
+				return {
+					stdout: result.stdout,
+					stderr: result.stderr,
+					exitCode: result.exitCode
+				};
+			} catch (err) {
+				if (typeof err?.exitCode === "number") return {
+					stdout: err.stdout ?? "",
+					stderr: err.stderr ?? err.message ?? "",
+					exitCode: err.exitCode
+				};
+				return {
+					stdout: "",
+					stderr: err?.message ?? String(err),
+					exitCode: 124
+				};
+			}
+		},
+		async readFile(sandboxId, path) {
+			return get(sandboxId).sandbox.files.read(path);
+		},
+		async writeFile(sandboxId, path, content) {
+			await get(sandboxId).sandbox.files.write(path, content);
+		},
+		async listFiles(sandboxId, path) {
+			return (await get(sandboxId).sandbox.files.list(path)).map((e) => e.name);
+		},
+		async destroy(sandboxId) {
+			const entry = live.get(sandboxId);
+			if (!entry) return;
+			if (entry.owned) try {
+				await entry.sandbox.kill();
+			} catch {}
+			live.delete(sandboxId);
+		}
+	};
+}
+//#endregion
+export { createE2BProvider, resolveE2BEnv, resolveE2BTemplate, runE2BPregame, waitForE2BReady };
+
+//# sourceMappingURL=e2b.js.map