OKiv7SrSSKJr SSKrSSKrSSKrSSKrSSKrSSKrSSK r SSK J r J r SSK JrJr SSKJr SSKrSrS rSS jr\ R.(aSSK J r J r SSKJr \"S S \R055r\"S S\55r\"SS\55r\"SS\55r/SQrg!\a SrNf=f)z7Execution policies for the persistent shell middleware.) annotationsN)MappingSequence) dataclassfield)PathTFzlangchain-shell-c[R"[U5[R[R[RUSSSSUUUS9 $)NTzutf-8replace) stdinstdoutstderrcwdtextencodingerrorsbufsizeenv preexec_fnstart_new_session) subprocessPopenlistPIPE)commandrrrrs h/var/www/html/dynamic-report/venv/lib/python3.13/site-packages/langchain/agents/middleware/_execution.py_launch_subprocessrsK    W oo   +  c\rSrSr%SrSrS\S'SrS\S'SrS\S'S r S \S 'S r S \S'SSjr \ RSSj5rSrg )BaseExecutionPolicy8aConfiguration contract for persistent shell sessions. Concrete subclasses encapsulate how a shell process is launched and constrained. Each policy documents its security guarantees and the operating environments in which it is appropriate. Use `HostExecutionPolicy` for trusted, same-host execution; `CodexSandboxExecutionPolicy` when the Codex CLI sandbox is available and you want additional syscall restrictions; and `DockerExecutionPolicy` for container-level isolation using Docker. g>@floatcommand_timeoutstartup_timeoutg$@termination_timeoutdintmax_output_linesN int | Nonemax_output_bytesc>URS::a Sn[U5eg)Nrz"max_output_lines must be positive.)r( ValueErrorselfmsgs r __post_init__!BaseExecutionPolicy.__post_init__Ks$  A %6CS/ ! &rcg)z$Launch the persistent shell process.N)r. workspacerrs rspawnBaseExecutionPolicy.spawnPsrr3returnNoner4rrMapping[str, str]r Sequence[str]r8subprocess.Popen[str])__name__ __module__ __qualname____firstlineno____doc__r#__annotations__r$r%r(r*r0abcabstractmethodr5__static_attributes__r3rrr r 8s "OU!!OU!!%%c#'j'"  33 3  3  33rr c^\rSrSr%SrSrS\S'SrS\S'SrS\S '\ "S S S S 9r S\S 'SU4S jjr SSjr SSjr SSjr\SSj5rSrU=r$)HostExecutionPolicy[aRun the shell directly on the host process. This policy is best suited for trusted or single-tenant environments (CI jobs, developer workstations, pre-sandboxed containers) where the agent must access the host filesystem and tooling without additional isolation. Enforces optional CPU and memory limits to prevent runaway commands but offers **no** filesystem or network sandboxing; commands can modify anything the process user can reach. On Linux platforms resource limits are applied with `resource.prlimit` after the shell starts. On macOS, where `prlimit` is unavailable, limits are set in a `preexec_fn` before `exec`. In both cases the shell runs in its own process group so timeouts can terminate the full subtree. Nr)cpu_time_seconds memory_bytesTboolcreate_process_groupF)initreprdefault_limits_requestedcx>[TU]5 URbURS::a Sn[U5eURbURS::a Sn[U5e[ SURUR455UlUR (a[(d Sn[U5egg)Nrz.cpu_time_seconds must be positive if provided.*memory_bytes must be positive if provided.c3(# UHoSLv M g7fNr3).0values r 4HostExecutionPolicy.__post_init__..ys% +U% +UszHostExecutionPolicy cpu/memory limits require the Python 'resource' module. Either remove the limits or run on a POSIX platform.) superr0rJr,rKanyrQ _HAS_RESOURCE RuntimeErrorr.r/ __class__s rr0!HostExecutionPolicy.__post_init__qs   ,1F1F!1KBCS/ !    (T->->!-C>CS/ !!$% ,0,A,A4CTCT+U% "   ! !--G s# # +8 !rc[[U5UUUR5URS9nUR U5 U$)Nrrrr)rr_create_preexec_fnrM_apply_post_spawn_limits)r.r4rrprocesss rr5HostExecutionPolicy.spawnsE% M..0"77   %%g.rcf^TR(aTR5(agSU4SjjnU$)Nc>TRb=TRTR4n[R"[RU5 TRbTRTR4n[ [S5(a&[R"[R U5 g[ [S5(a&[R"[RU5 ggg)N RLIMIT_AS RLIMIT_DATA)rJresource setrlimit RLIMIT_CPUrKhasattrrirj)limitr.s r _configure:HostExecutionPolicy._create_preexec_fn.._configures$$0..0E0EF""8#6#6>  ,**D,=,=>8[11&&x'9'95AX}55&&x';';UC6 -rr7)rQ_can_use_prlimit)r.rps` rrc&HostExecutionPolicy._create_preexec_fns+%%)>)>)@)@ DrcUR(aUR5(dg[(dgURn[R "S[ 5RnURb.U"U[ RURUR45 URbuURUR4n[[ S5(aU"U[ RU5 g[[ S5(aU"U[ RU5 ggg![anSn[U5UeSnAff=f)N typing.Anyrirjz,Failed to apply resource limits via prlimit.)rQrrr\pidtypingcastrkprlimitrJrmrKrnrirjOSErrorr])r.rervryroexcr/s rrd,HostExecutionPolicy._apply_post_spawn_limitss%%T-B-B-D-D } kk -kk,9AAG$$0X0043H3H$J_J_2`a  ,**D,=,=>8[11C!3!3U;X}55C!5!5u=6 -  -@Cs# , -sB2D$4-D$$ E.D<<Ec[=(a6 [[S5=(a [RR S5$)Nrylinux)r\rnrksysplatform startswithr3rrrr$HostExecutionPolicy._can_use_prlimits)b9!=b#,,BYBYZaBbbr)rQr7r:)r8 typing.Callable[[], None] | None)rer=r8r9)r8rL)r>r?r@rArBrJrCrKrMrrQr0r5rcrd staticmethodrrrF __classcell__r_s@rrHrH[s $(j'#L*#!%$%#UEJtJ$$     ""-(ccrrHc\rSrSr%SrSrS\S'SrS\S'\"\ S 9r S \S 'SS jr SS jr SSjr SSjr\SSj5rSrg)CodexSandboxExecutionPolicyaLaunch the shell through the Codex CLI sandbox. Ideal when you have the Codex CLI installed and want the additional syscall and filesystem restrictions provided by Anthropic's Seatbelt (macOS) or Landlock/seccomp (Linux) profiles. Commands still run on the host, but within the sandbox requested by the CLI. If the Codex binary is unavailable or the runtime lacks the required kernel features (e.g., Landlock inside some containers), process startup fails with a `RuntimeError`. Configure sandbox behavior via `config_overrides` to align with your Codex CLI profile. This policy does not add its own resource limits; combine it with host-level guards (cgroups, container resource limits) as needed. codexstrbinaryautoz(typing.Literal['auto', 'macos', 'linux']r)default_factoryzMapping[str, typing.Any]config_overridesc>URU5n[UUUSSS9$NFrb)_build_commandr)r.r4rr full_commands rr5!CodexSandboxExecutionPolicy.spawns0**73 ! #   rc LUR5nUR5nUSU/n[[UR5R 55H,upVUR SUSURU53/5 M. URS5 UR U5 U$)Nsandboxz-c=z--) _resolve_binary_determine_platformsorteddictritemsextend_format_overrideappend)r.rr platform_argrkeyrWs rr*CodexSandboxExecutionPolicy._build_commands%%'//1 #)9l"C  d&;&;!r?r@rArBrrCrrrrr5rrrrrrFr3rrrrs FC9?H6?16t1L.L          rrc^\rSrSr%SrSrS\S'SrS\S'SrS \S 'S r S \S 'S r S\S'S r S\S'S r S\S'S r S\S'S rS \S'S rS\S'SU4SjjrSSjrS Sjr\S!Sj5rS"SjrSrU=r$)#DockerExecutionPolicyi a>Run the shell inside a dedicated Docker container. Choose this policy when commands originate from untrusted users or you require strong isolation between sessions. By default the workspace is bind-mounted only when it refers to an existing non-temporary directory; ephemeral sessions run without a mount to minimise host exposure. The container's network namespace is disabled by default (`--network none`) and you can enable further hardening via `read_only_rootfs` and `user`. The security guarantees depend on your Docker daemon configuration. Run the agent on a host where Docker is locked down (rootless mode, AppArmor/SELinux, etc.) and review any additional volumes or capabilities passed through ``extra_run_args``. The default image is `python:3.12-alpine3.19`; supply a custom image if you need preinstalled tooling. dockerrrzpython:3.12-alpine3.19imageTrLremove_container_on_exitFnetwork_enabledNzSequence[str] | Noneextra_run_argsr)rKztyping.Any | NonerJz str | Nonecpusread_only_rootfsuserc>[TU]5 URbURS::a Sn[U5eURb Sn[ U5eUR b,UR R5(d Sn[U5eURb,URR5(d Sn[U5e[UR=(d S5Ul g)NrrSzxDockerExecutionPolicy does not support cpu_time_seconds; configure CPU limits using Docker run options such as '--cpus'.z.cpus must be a non-empty string when provided.z.user must be a non-empty string when provided.r3) rZr0rKr,rJr]rstriprtuplerr^s rr0#DockerExecutionPolicy.__post_init__'s     (T->->!-C>CS/ !  ,= s# # 99 ):):BCS/ ! 99 ):):BCS/ !#D$7$7$=2>rc|URXU5n[RR5n[ UUUSSS9$r)rosenvironcopyr)r.r4rrrhost_envs rr5DockerExecutionPolicy.spawn:sB**97C ::??$! #   rcUR5nUSS/nUR(aURS5 UR(dUR SS/5 UR b&UR S[ UR 5/5 URU5(a7[ U5nUR SUSU3/5 UR S U/5 OUR S S /5 UR(aURS 5 UR5HupxUR S US U3/5 M URbUR SUR/5 URbUR SUR/5 UR(aUR UR5 URUR5 UR U5 U$)Nrunz-iz--rmz --networknonez--memoryz-v:z-w/z --read-onlyz-erz--cpusz--user)rrrrrrKr_should_mount_workspacerrrrrr) r.r4rrrr host_pathrrWs rr$DockerExecutionPolicy._build_commandKs %%'#)5$"7  ( (    '##   f 5 6    (   S1B1B-C D E  ' ' 2 2II   )Ai['A B C   y 1 2   s ,     .))+JC   #aw'7 8 9& 99   499 5 6 99   499 5 6       3 3 4DJJ'G$rcJURR[5(+$rU)namerSHELL_TEMP_PREFIX)r4s rr-DockerExecutionPolicy._should_mount_workspacems>>,,->???rc~[R"UR5nUcSn[X R-5eU$)NzTDocker execution policy requires the '%s' CLI to be installed and available on PATH.rrs rr%DockerExecutionPolicy._resolve_binaryqs<||DKK( <* s[[01 1 r)rr7r:)r4rrr;rr<r8r)r4rr8rLr)r>r?r@rArBrrCrrrrrKrJrrrr0r5rrrrrFrrs@rrr s FC)E3)%)d)!OT!+/N(/#L*#*.'.D*"d"D*?&        "      D@@rr)r rrrH) rr<rr;rrrrrrLr8r=)rB __future__rrDrrrrrrwcollections.abcrr dataclassesrrpathlibrrkr\ ImportErrorrr TYPE_CHECKINGABCr rHrr__all__r3rrrs/="  -(M '     1   0 1 3#''3 3D _c-_c _cD H"5H HV n/n nb Q MsCC C