(cwd: string, command: string, settings: SandboxSettings = {})
| 448 | } |
| 449 | |
| 450 | export function wrapCommandForShuru(cwd: string, command: string, settings: SandboxSettings = {}): string { |
| 451 | const parts: string[] = ["shuru", "run"]; |
| 452 | |
| 453 | if (settings.cpus) parts.push("--cpus", String(settings.cpus)); |
| 454 | if (settings.memory) parts.push("--memory", String(settings.memory)); |
| 455 | if (settings.diskSize) parts.push("--disk-size", String(settings.diskSize)); |
| 456 | if (settings.allowNet) parts.push("--allow-net"); |
| 457 | if (settings.allowedHosts) { |
| 458 | for (const host of settings.allowedHosts) parts.push("--allow-host", host); |
| 459 | } |
| 460 | if (settings.ports) { |
| 461 | for (const port of settings.ports) parts.push("-p", port); |
| 462 | } |
| 463 | if (settings.secrets) { |
| 464 | for (const s of settings.secrets) { |
| 465 | parts.push("--secret", `${s.name}=${s.fromEnv}@${s.hosts.join(",")}`); |
| 466 | } |
| 467 | } |
| 468 | if (settings.from) parts.push("--from", settings.from); |
| 469 | |
| 470 | const mountArg = `${cwd}:/workspace`; |
| 471 | parts.push("--mount", shellQuote(mountArg)); |
| 472 | const shellInit = buildShellInitScript(settings); |
| 473 | const guestPrelude = buildGuestWorkspacePrelude(settings); |
| 474 | const guestSteps = [ |
| 475 | shellInit, |
| 476 | guestPrelude, |
| 477 | `cd ${shellPathForScript(settings.guestWorkdir || "/workspace")}`, |
| 478 | command, |
| 479 | ].filter(Boolean); |
| 480 | const guestCommand = guestSteps.join(" && "); |
| 481 | parts.push("--", "sh", "-lc", shellQuote(guestCommand)); |
| 482 | return parts.join(" "); |
| 483 | } |
| 484 | |
| 485 | const HOST_SAFE_SEGMENT_RE = |
| 486 | /^\s*(?:(?:npx(?:\s+-y)?|bunx)\s+)?agent-browser\b|^\s*mkdir\s|^\s*sleep\s|^\s*echo\s|^\s*true\s*$|^\s*$/; |
no test coverage detected