diff --git a/package-lock.json b/package-lock.json index 63990b9..5bcec55 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@anthropic-ai/sandbox-runtime", - "version": "0.0.7", + "version": "0.0.8", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@anthropic-ai/sandbox-runtime", - "version": "0.0.7", + "version": "0.0.8", "license": "Apache-2.0", "dependencies": { "@pondwader/socks5-server": "^1.0.10", diff --git a/package.json b/package.json index ad4a86f..5cef7b5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@anthropic-ai/sandbox-runtime", - "version": "0.0.7", + "version": "0.0.8", "description": "Anthropic Sandbox Runtime (ASRT) - A general-purpose tool for wrapping security boundaries around arbitrary processes", "type": "module", "main": "./dist/index.js", diff --git a/src/sandbox/sandbox-manager.ts b/src/sandbox/sandbox-manager.ts index 58c050f..b418188 100644 --- a/src/sandbox/sandbox-manager.ts +++ b/src/sandbox/sandbox-manager.ts @@ -29,6 +29,7 @@ import { import { hasRipgrepSync } from '../utils/ripgrep.js' import { SandboxViolationStore } from './sandbox-violation-store.js' import { EOL } from 'node:os' +import _ from 'lodash' interface HostNetworkManagerContext { httpProxyPort: number @@ -304,11 +305,15 @@ function isSandboxingEnabled(): boolean { /** * Check if all sandbox dependencies are available for the current platform + * @param ripgrepConfig - Optional ripgrep configuration to check. If not provided, uses config from initialization or defaults to 'rg' * @returns true if all dependencies are available, false otherwise */ -function checkDependencies(): boolean { - // Return cached result if available - if (dependenciesCheckCache !== undefined) { +function checkDependencies(ripgrepConfig?: { + command: string + args?: string[] +}): boolean { + // Return cached result if available and no ripgrep config is provided + if (dependenciesCheckCache !== undefined && !ripgrepConfig) { return dependenciesCheckCache } @@ -320,9 +325,15 @@ function checkDependencies(): boolean { return false } + // Determine which ripgrep to check: + // 1. Parameter takes precedence + // 2. Then config from initialization + // 3. Finally default to 'rg' + const rgToCheck = ripgrepConfig ?? config?.ripgrep + // Check ripgrep - only check 'rg' if no custom command is configured // If custom command is provided, we trust it exists (will fail naturally if not) - const hasCustomRipgrep = config?.ripgrep?.command !== undefined + const hasCustomRipgrep = rgToCheck?.command !== undefined if (!hasCustomRipgrep) { // Only check for default 'rg' command if (!hasRipgrepSync()) { @@ -340,8 +351,14 @@ function checkDependencies(): boolean { return true } - dependenciesCheckCache = computeDependencies() - return dependenciesCheckCache + const result = computeDependencies() + + // Only cache if no explicit ripgrep config was provided + if (!ripgrepConfig) { + dependenciesCheckCache = result + } + + return result } function getFsReadConfig(): FsReadRestrictionConfig { @@ -530,6 +547,24 @@ async function wrapWithSandbox( } } +/** + * Get the current sandbox configuration + * @returns The current configuration, or undefined if not initialized + */ +function getConfig(): SandboxRuntimeConfig | undefined { + return config +} + +/** + * Update the sandbox configuration + * @param newConfig - The new configuration to use + */ +function updateConfig(newConfig: SandboxRuntimeConfig): void { + // Update the config in place + config = _.cloneDeep(newConfig) + logForDebugging('Sandbox configuration updated') +} + async function reset(): Promise { // Stop log monitor if (logMonitorShutdown) { @@ -771,7 +806,10 @@ export interface ISandboxManager { ): Promise isSupportedPlatform(platform: Platform): boolean isSandboxingEnabled(): boolean - checkDependencies(): boolean + checkDependencies(ripgrepConfig?: { + command: string + args?: string[] + }): boolean getFsReadConfig(): FsReadRestrictionConfig getFsWriteConfig(): FsWriteRestrictionConfig getNetworkRestrictionConfig(): NetworkRestrictionConfig @@ -787,6 +825,8 @@ export interface ISandboxManager { getSandboxViolationStore(): SandboxViolationStore annotateStderrWithSandboxFailures(command: string, stderr: string): string getLinuxGlobPatternWarnings(): string[] + getConfig(): SandboxRuntimeConfig | undefined + updateConfig(newConfig: SandboxRuntimeConfig): void reset(): Promise } @@ -819,4 +859,6 @@ export const SandboxManager: ISandboxManager = { getSandboxViolationStore, annotateStderrWithSandboxFailures, getLinuxGlobPatternWarnings, + getConfig, + updateConfig, } as const