@dcyfr/ai 2.1.3 → 3.0.1

package/dist/ai/src/plugins/runtime/gvisor-plugin-runner.js

@@ -0,0 +1,158 @@
+/**
+ * gVisor Plugin Runner
+ *
+ * Extends DockerPluginRunner with gVisor (runsc) runtime support.
+ * Enforces TLP-based runtime selection:
+ *   - TLP:CLEAR / TLP:GREEN → standard Docker (no gVisor required)
+ *   - TLP:AMBER            → gVisor preferred; gracefully falls back to Docker
+ *   - TLP:RED              → gVisor required; throws if unavailable
+ *
+ * gVisor (runsc) provides an additional kernel isolation layer on top of
+ * Docker by intercepting all guest system calls via a user-space kernel.
+ * This significantly reduces the attack surface for privilege escalation
+ * exploits in high-sensitivity (AMBER/RED) plugin workloads.
+ *
+ * Specification: Plugin Marketplace Security — Phase 15 (gVisor Integration)
+ *
+ * @see https://gvisor.dev/docs/
+ * @module plugins/runtime/gvisor-plugin-runner
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { DockerPluginRunner } from './docker-plugin-runner.js';
+const execFileAsync = promisify(execFile);
+// ---------------------------------------------------------------------------
+// Error classes
+// ---------------------------------------------------------------------------
+/**
+ * Thrown when a TLP:RED plugin cannot be executed because the gVisor
+ * runtime (runsc) is not available on the host machine.
+ *
+ * TLP:RED plugins are blocked unconditionally if gVisor is absent —
+ * unlike TLP:AMBER which falls back to standard Docker with a warning.
+ */
+export class GVisorRequiredError extends Error {
+    code = 'GVISOR_REQUIRED';
+    constructor(message) {
+        super(message);
+        this.name = 'GVisorRequiredError';
+        // Maintain proper prototype chain in compiled JS
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+// ---------------------------------------------------------------------------
+// GVisorPluginRunner
+// ---------------------------------------------------------------------------
+/**
+ * Plugin runner with gVisor (runsc) isolation support and TLP enforcement.
+ *
+ * Inherits all standard Docker sandbox behaviour from DockerPluginRunner and
+ * adds:
+ * 1. Lightweight PATH-based gVisor detection (no Docker daemon required).
+ * 2. `runWithTlp()` — TLP-aware `run()` wrapper that automatically selects
+ *    `--runtime=runsc` for AMBER/RED plugins and enforces blocking for RED
+ *    when gVisor is absent.
+ *
+ * @example
+ * ```ts
+ * const runner = new GVisorPluginRunner();
+ * const result = await runner.runWithTlp(
+ *   { image: 'dcyfr-plugin-sandbox:latest', command: ['node', 'dist/index.js'] },
+ *   'TLP:AMBER',
+ * );
+ * console.log(result.runtimeUsed); // 'gvisor' | 'docker'
+ * console.log(result.tlpLevel);    // 'TLP:AMBER'
+ * ```
+ */
+export class GVisorPluginRunner extends DockerPluginRunner {
+    // --------------------------------------------------------------------------
+    // Public API
+    // --------------------------------------------------------------------------
+    /**
+     * Probe whether the gVisor `runsc` binary is present on this machine.
+     *
+     * Uses a two-stage lightweight check — no Docker daemon required:
+     * 1. `which runsc`     — succeeds on most Linux/macOS installations.
+     * 2. `runsc --version` — fallback for non-standard PATH configurations.
+     *
+     * This is faster than DockerPluginRunner.isGVisorAvailable() which spins
+     * up a full container and pulls `hello-world`. Use this method for all
+     * availability checks before scheduling plugin workloads.
+     */
+    async isGVisorAvailable() {
+        // Stage 1: which runsc
+        try {
+            await execFileAsync('which', ['runsc']);
+            return { available: true };
+        }
+        catch {
+            // Fall through to stage 2
+        }
+        // Stage 2: runsc --version (handles non-standard PATH setups)
+        try {
+            await execFileAsync('runsc', ['--version']);
+            return { available: true };
+        }
+        catch (error_) {
+            const msg = error_ instanceof Error ? error_.message : String(error_);
+            return {
+                available: false,
+                error: `runsc not found in PATH: ${msg}`,
+            };
+        }
+    }
+    /**
+     * Execute a plugin with TLP-level-aware runtime selection.
+     *
+     * Runtime selection table:
+     *
+     * | TLP Level   | gVisor Available | Behaviour                                  |
+     * |-------------|------------------|--------------------------------------------|
+     * | CLEAR/GREEN | any              | Standard Docker (--runtime flag omitted)   |
+     * | AMBER       | yes              | gVisor (--runtime=runsc)                   |
+     * | AMBER       | no               | Docker fallback; warning prepended to stderr |
+     * | RED         | yes              | gVisor (--runtime=runsc)                   |
+     * | RED         | no               | Throws GVisorRequiredError — BLOCKED       |
+     *
+     * @param config   Standard SandboxConfig. The `useGVisor` field is managed
+     *                 automatically and should be omitted by callers.
+     * @param tlpLevel Plugin data classification. Defaults to 'TLP:CLEAR'.
+     * @returns SandboxResult enriched with `runtimeUsed` and `tlpLevel`.
+     * @throws {GVisorRequiredError} When tlpLevel is 'TLP:RED' and gVisor is unavailable.
+     */
+    async runWithTlp(config, tlpLevel = 'TLP:CLEAR') {
+        const requiresGVisor = tlpLevel === 'TLP:AMBER' || tlpLevel === 'TLP:RED';
+        if (!requiresGVisor) {
+            // TLP:CLEAR or TLP:GREEN — standard Docker, gVisor not needed
+            const result = await this.run({ ...config, useGVisor: false });
+            return { ...result, runtimeUsed: 'docker', tlpLevel };
+        }
+        const probe = await this.isGVisorAvailable();
+        if (probe.available) {
+            // gVisor present — enable --runtime=runsc
+            const result = await this.run({ ...config, useGVisor: true });
+            return { ...result, runtimeUsed: 'gvisor', tlpLevel };
+        }
+        // gVisor unavailable -------------------------------------------------------
+        if (tlpLevel === 'TLP:RED') {
+            throw new GVisorRequiredError(`TLP:RED plugin requires gVisor isolation but runsc is not available: ` +
+                `${probe.error ?? 'unknown reason'}. ` +
+                `Install gVisor on your host: https://gvisor.dev/docs/user_guide/install/`);
+        }
+        // TLP:AMBER fallback — run with standard Docker but prepend a clear warning
+        const fallbackResult = await this.run({ ...config, useGVisor: false });
+        const warning = `[DCYFR WARNING] gVisor unavailable (${probe.error ?? 'runsc not in PATH'}). ` +
+            `TLP:AMBER plugin running in standard Docker — isolation reduced. ` +
+            `Install gVisor for full isolation: https://gvisor.dev/docs/user_guide/install/\n`;
+        return {
+            ...fallbackResult,
+            runtimeUsed: 'docker',
+            tlpLevel,
+            stderr: warning + fallbackResult.stderr,
+        };
+    }
+}
+//# sourceMappingURL=gvisor-plugin-runner.js.map

package/dist/ai/src/plugins/runtime/gvisor-plugin-runner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gvisor-plugin-runner.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/runtime/gvisor-plugin-runner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAI/D,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IACnC,IAAI,GAAG,iBAAiB,CAAC;IAElC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;QAClC,iDAAiD;QACjD,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAcD,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,OAAO,kBAAmB,SAAQ,kBAAkB;IACxD,6EAA6E;IAC7E,aAAa;IACb,6EAA6E;IAE7E;;;;;;;;;;OAUG;IACM,KAAK,CAAC,iBAAiB;QAC9B,uBAAuB;QACvB,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;YACxC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;QAED,8DAA8D;QAC9D,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,OAAO,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;YAC5C,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QAC7B,CAAC;QAAC,OAAO,MAAM,EAAE,CAAC;YAChB,MAAM,GAAG,GAAG,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACtE,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,KAAK,EAAE,4BAA4B,GAAG,EAAE;aACzC,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,KAAK,CAAC,UAAU,CACd,MAAqB,EACrB,WAAqB,WAAW;QAEhC,MAAM,cAAc,GAAG,QAAQ,KAAK,WAAW,IAAI,QAAQ,KAAK,SAAS,CAAC;QAE1E,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,8DAA8D;YAC9D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/D,OAAO,EAAE,GAAG,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;QACxD,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE7C,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACpB,0CAA0C;YAC1C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9D,OAAO,EAAE,GAAG,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;QACxD,CAAC;QAED,6EAA6E;QAE7E,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,MAAM,IAAI,mBAAmB,CAC3B,uEAAuE;gBACrE,GAAG,KAAK,CAAC,KAAK,IAAI,gBAAgB,IAAI;gBACtC,0EAA0E,CAC7E,CAAC;QACJ,CAAC;QAED,4EAA4E;QAC5E,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QACvE,MAAM,OAAO,GACX,uCAAuC,KAAK,CAAC,KAAK,IAAI,mBAAmB,KAAK;YAC9E,mEAAmE;YACnE,kFAAkF,CAAC;QAErF,OAAO;YACL,GAAG,cAAc;YACjB,WAAW,EAAE,QAAQ;YACrB,QAAQ;YACR,MAAM,EAAE,OAAO,GAAG,cAAc,CAAC,MAAM;SACxC,CAAC;IACJ,CAAC;CACF"}

package/dist/ai/src/plugins/runtime/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Plugin Runtime System
+ *
+ * Exports the Docker sandbox runner and all associated types.
+ *
+ * @module plugins/runtime
+ */
+export { DEFAULT_RESOURCE_LIMITS } from './types.js';
+export type { SandboxResourceLimits, SandboxConfig, SandboxResult, DockerProbeResult, GVisorProbeResult, } from './types.js';
+export { DockerPluginRunner, parseDurationMs, normalizeMemory } from './docker-plugin-runner.js';
+export { GVisorPluginRunner, GVisorRequiredError } from './gvisor-plugin-runner.js';
+export type { GVisorSandboxResult } from './gvisor-plugin-runner.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/ai/src/plugins/runtime/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/runtime/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AACrD,YAAY,EACV,qBAAqB,EACrB,aAAa,EACb,aAAa,EACb,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AACjG,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACpF,YAAY,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC"}

package/dist/ai/src/plugins/runtime/index.js

@@ -0,0 +1,11 @@
+/**
+ * Plugin Runtime System
+ *
+ * Exports the Docker sandbox runner and all associated types.
+ *
+ * @module plugins/runtime
+ */
+export { DEFAULT_RESOURCE_LIMITS } from './types.js';
+export { DockerPluginRunner, parseDurationMs, normalizeMemory } from './docker-plugin-runner.js';
+export { GVisorPluginRunner, GVisorRequiredError } from './gvisor-plugin-runner.js';
+//# sourceMappingURL=index.js.map

package/dist/ai/src/plugins/runtime/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/runtime/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAQrD,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AACjG,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC"}

package/dist/ai/src/plugins/runtime/types.d.ts

@@ -0,0 +1,143 @@
+/**
+ * Docker Sandbox Runner — Types
+ *
+ * Type definitions for the plugin runtime isolation layer.
+ * Matches the Plugin Runtime Isolation Specification.
+ *
+ * @module plugins/runtime/types
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+/** Resource constraints declared by a plugin (or applied as defaults). */
+export interface SandboxResourceLimits {
+    /**
+     * Maximum memory allocation. Docker `--memory` format.
+     * Examples: "512MB", "1GB", "256m"
+     * @default "512MB"
+     */
+    maxMemory: string;
+    /**
+     * Maximum CPU share as a fraction of a single core (0.0–∞).
+     * Mapped to Docker `--cpus`.
+     * @default 0.5
+     */
+    maxCpu: number;
+    /**
+     * Wall-clock execution time limit. Supports "5m", "30s", "1h".
+     * Plugin receives SIGTERM at this limit; SIGKILL after 10 seconds more.
+     * @default "5m"
+     */
+    maxExecutionTime: string;
+    /**
+     * Maximum temporary disk space for the writable `/tmp` tmpfs mount.
+     * Examples: "64MB", "1GB"
+     * @default "1GB"
+     */
+    maxDiskSpace: string;
+}
+/** Defaults applied when a plugin omits `resourceLimits` fields. */
+export declare const DEFAULT_RESOURCE_LIMITS: Readonly<SandboxResourceLimits>;
+/** Configuration for a single plugin sandbox execution. */
+export interface SandboxConfig {
+    /**
+     * Docker image to use. Must exist locally or be pullable.
+     * Typically `dcyfr-plugin-sandbox:latest` for untrusted plugins.
+     */
+    image: string;
+    /**
+     * Command + arguments to run inside the container.
+     * E.g. `["node", "dist/index.js"]`
+     */
+    command: string[];
+    /**
+     * Environment variables injected into the container.
+     * Keys/values must not contain secrets unless the plugin
+     * has been granted `data.allowSecretAccess`.
+     */
+    env?: Record<string, string>;
+    /**
+     * Whether to permit outbound network access.
+     * When false (default), runs with `--network=none`.
+     */
+    networkPermitted?: boolean;
+    /**
+     * Whether to permit writes to the plugin work directory.
+     * When false (default), runs with `--read-only`.
+     * A writable `/tmp` tmpfs is always provided.
+     */
+    writePermitted?: boolean;
+    /**
+     * Host paths to bind-mount as writable volumes inside the container.
+     * Only meaningful when `writePermitted` is true.
+     * Format: `["/host/path:/container/path"]`
+     */
+    writableMounts?: string[];
+    /** Resource limits merged over `DEFAULT_RESOURCE_LIMITS`. */
+    resourceLimits?: Partial<SandboxResourceLimits>;
+    /** Working directory inside the container. Defaults to `/plugin`. */
+    workDir?: string;
+    /**
+     * Use gVisor (runsc) runtime for enhanced isolation.
+     * Required for TLP:AMBER/RED plugins. Falls back to standard Docker
+     * if gVisor is unavailable.
+     */
+    useGVisor?: boolean;
+}
+/** Result returned once a sandboxed plugin finishes (or is killed). */
+export interface SandboxResult {
+    /** Process exit code. null if killed before exit. */
+    exitCode: number | null;
+    /** Captured stdout (UTF-8). */
+    stdout: string;
+    /** Captured stderr (UTF-8). */
+    stderr: string;
+    /** True if the container was killed due to the execution time limit. */
+    timedOut: boolean;
+    /** Auto-generated name used for this container run. */
+    containerName: string;
+    /** Wall-clock milliseconds from `docker run` spawn to process exit. */
+    executionTimeMs: number;
+}
+/** Result of a Docker availability probe. */
+export interface DockerProbeResult {
+    available: boolean;
+    /** Docker version string, e.g. "Docker version 27.x.y" */
+    version?: string;
+    /** Human-readable error if Docker is unavailable. */
+    error?: string;
+}
+/** Result of a gVisor availability probe. */
+export interface GVisorProbeResult {
+    available: boolean;
+    error?: string;
+}
+/** Result of a WebAssembly availability probe. */
+export interface WasmProbeResult {
+    available: boolean;
+    /** Node.js version with WASI support info */
+    version?: string;
+    /** Human-readable error if WASM/WASI is unavailable */
+    error?: string;
+}
+/**
+ * WebAssembly-specific sandbox configuration
+ * Extends base SandboxConfig with WASM linear memory and preopen settings
+ */
+export interface WasmSandboxConfig {
+    /** Path to the compiled .wasm file */
+    wasmPath: string;
+    /** Initial linear memory pages (64KB per page). Default: 256 (16MB) */
+    initialMemoryPages?: number;
+    /** Maximum linear memory pages (64KB per page). Default: 1024 (64MB) */
+    maxMemoryPages?: number;
+    /** Filesystem directories to preopen (grant read/write access) */
+    preopens?: Record<string, string>;
+    /** Arguments passed to the WASM module's main function */
+    args?: string[];
+    /** Environment variables injected into WASI */
+    env?: Record<string, string>;
+    /** Resource limits (memory/CPU/time) */
+    resourceLimits?: Partial<SandboxResourceLimits>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/ai/src/plugins/runtime/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/runtime/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,0EAA0E;AAC1E,MAAM,WAAW,qBAAqB;IACpC;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;OAIG;IACH,gBAAgB,EAAE,MAAM,CAAC;IAEzB;;;;OAIG;IACH,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,oEAAoE;AACpE,eAAO,MAAM,uBAAuB,EAAE,QAAQ,CAAC,qBAAqB,CAKnE,CAAC;AAMF,2DAA2D;AAC3D,MAAM,WAAW,aAAa;IAC5B;;;OAGG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,OAAO,EAAE,MAAM,EAAE,CAAC;IAElB;;;;OAIG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7B;;;OAGG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B;;;;OAIG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAE1B,6DAA6D;IAC7D,cAAc,CAAC,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAEhD,qEAAqE;IACrE,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAMD,uEAAuE;AACvE,MAAM,WAAW,aAAa;IAC5B,qDAAqD;IACrD,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,wEAAwE;IACxE,QAAQ,EAAE,OAAO,CAAC;IAClB,uDAAuD;IACvD,aAAa,EAAE,MAAM,CAAC;IACtB,uEAAuE;IACvE,eAAe,EAAE,MAAM,CAAC;CACzB;AAMD,6CAA6C;AAC7C,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,OAAO,CAAC;IACnB,0DAA0D;IAC1D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qDAAqD;IACrD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,6CAA6C;AAC7C,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAKD,kDAAkD;AAClD,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,OAAO,CAAC;IACnB,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,sCAAsC;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,uEAAuE;IACvE,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,wEAAwE;IACxE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,0DAA0D;IAC1D,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,+CAA+C;IAC/C,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,wCAAwC;IACxC,cAAc,CAAC,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAC;CACjD"}

package/dist/ai/src/plugins/runtime/types.js

@@ -0,0 +1,19 @@
+/**
+ * Docker Sandbox Runner — Types
+ *
+ * Type definitions for the plugin runtime isolation layer.
+ * Matches the Plugin Runtime Isolation Specification.
+ *
+ * @module plugins/runtime/types
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+/** Defaults applied when a plugin omits `resourceLimits` fields. */
+export const DEFAULT_RESOURCE_LIMITS = {
+    maxMemory: '512MB',
+    maxCpu: 0.5,
+    maxExecutionTime: '5m',
+    maxDiskSpace: '1GB',
+};
+//# sourceMappingURL=types.js.map

package/dist/ai/src/plugins/runtime/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/runtime/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAqCH,oEAAoE;AACpE,MAAM,CAAC,MAAM,uBAAuB,GAAoC;IACtE,SAAS,EAAE,OAAO;IAClB,MAAM,EAAE,GAAG;IACX,gBAAgB,EAAE,IAAI;IACtB,YAAY,EAAE,KAAK;CACpB,CAAC"}

package/dist/ai/src/plugins/runtime/wasm-plugin-runner.d.ts

@@ -0,0 +1,104 @@
+/**
+ * WebAssembly Plugin Runner
+ *
+ * Executes plugins compiled to WebAssembly using WASI (WebAssembly System Interface).
+ * Provides near-native performance with configurable linear memory limits,
+ * filesystem preopening, and environment variable injection.
+ *
+ * Specification: Plugin Runtime Isolation Specification (plugin-runtime-isolation)
+ *
+ * @module plugins/runtime/wasm-plugin-runner
+ * @version 1.0.0
+ * @date 2026-03-01
+ * @license MIT
+ */
+declare namespace WebAssembly {
+    type BufferSrc = ArrayBufferLike | ArrayBufferView;
+    class Module {
+        constructor(bytes: BufferSrc);
+    }
+    class Instance {
+        constructor(module: Module, importObject?: Record<string, Record<string, unknown>>);
+        readonly exports: Record<string, unknown>;
+    }
+    class Memory {
+        constructor(descriptor: {
+            initial: number;
+            maximum?: number;
+            shared?: boolean;
+        });
+        readonly buffer: ArrayBuffer;
+    }
+    function compile(bytes: BufferSrc): Promise<Module>;
+    function instantiate(module: Module, importObject?: Record<string, Record<string, unknown>>): Promise<Instance>;
+}
+import { WASI } from 'node:wasi';
+import type { SandboxConfig, SandboxResult, WasmProbeResult } from './types.js';
+export interface WasmModuleInstance {
+    /** Compiled WebAssembly module */
+    module: WebAssembly.Module;
+    /** Instantiated WASM instance with WASI imports */
+    instance: WebAssembly.Instance;
+    /** WASI interface for system calls */
+    wasi: WASI;
+}
+/**
+ * Configuration for WebAssembly plugin execution
+ * Extends the base SandboxConfig with WASM-specific settings
+ */
+export interface WasmExecutionConfig extends Omit<SandboxConfig, 'image' | 'command'> {
+    /** Path to the compiled .wasm file */
+    wasmPath: string;
+    /** Initial linear memory pages (64KB per page). Default: 256 (16MB) */
+    initialMemoryPages?: number;
+    /** Maximum linear memory pages (64KB per page). Default: 1024 (64MB) */
+    maxMemoryPages?: number;
+    /** Filesystem directories to preopen (grant read/write access) */
+    preopens?: Record<string, string>;
+    /** Arguments passed to the WASM module's main function */
+    args?: string[];
+}
+/**
+ * WebAssembly Plugin Runner
+ *
+ * Executes plugins compiled to WebAssembly with WASI support.
+ * Provides:
+ * - Linear memory limits (configurable initial/max pages)
+ * - Filesystem access control via preopens
+ * - Environment variable injection
+ * - Execution time limits with timeout
+ * - Isolated execution (no network access by default)
+ *
+ * Performance Target: <5% overhead vs native execution
+ */
+export declare class WasmPluginRunner {
+    /** Check if WebAssembly support is available in the current Node.js version */
+    static probe(): Promise<WasmProbeResult>;
+    /**
+     * Load and compile a WebAssembly module from disk
+     *
+     * @param config - WASM execution configuration
+     * @returns Compiled module instance with WASI
+     */
+    private static loadModule;
+    /**
+     * Execute a WebAssembly plugin with resource limits and timeout
+     *
+     * @param config - WASM execution configuration
+     * @returns Execution result with stdout, stderr, exit code, and timing
+     */
+    static run(config: WasmExecutionConfig): Promise<SandboxResult>;
+    /**
+     * Create a WASM execution config from a standard SandboxConfig
+     *
+     * This adapter allows using WasmPluginRunner with the same config
+     * interface as DockerPluginRunner.
+     *
+     * @param config - Standard sandbox config
+     * @param wasmPath - Path to the compiled .wasm file
+     * @returns WASM-specific execution config
+     */
+    static fromSandboxConfig(config: SandboxConfig, wasmPath: string): WasmExecutionConfig;
+}
+export type { WasmProbeResult, WasmSandboxConfig } from './types.js';
+//# sourceMappingURL=wasm-plugin-runner.d.ts.map

package/dist/ai/src/plugins/runtime/wasm-plugin-runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wasm-plugin-runner.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/runtime/wasm-plugin-runner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAQH,OAAO,WAAW,WAAW,CAAC;IAC5B,KAAK,SAAS,GAAG,eAAe,GAAG,eAAe,CAAC;IAEnD,MAAM,MAAM;oBACE,KAAK,EAAE,SAAS;KAC7B;IACD,MAAM,QAAQ;oBAEV,MAAM,EAAE,MAAM,EACd,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAExD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAC3C;IACD,MAAM,MAAM;oBACE,UAAU,EAAE;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,OAAO,CAAC,EAAE,MAAM,CAAC;YAAC,MAAM,CAAC,EAAE,OAAO,CAAA;SAAE;QAC/E,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;KAC9B;IACD,SAAS,OAAO,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACpD,SAAS,WAAW,CAClB,MAAM,EAAE,MAAM,EACd,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GACrD,OAAO,CAAC,QAAQ,CAAC,CAAC;CACtB;AAED,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC,OAAO,KAAK,EACV,aAAa,EACb,aAAa,EACb,eAAe,EAChB,MAAM,YAAY,CAAC;AAMpB,MAAM,WAAW,kBAAkB;IACjC,kCAAkC;IAClC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC;IAC3B,mDAAmD;IACnD,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC;IAC/B,sCAAsC;IACtC,IAAI,EAAE,IAAI,CAAC;CACZ;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAoB,SAAQ,IAAI,CAAC,aAAa,EAAE,OAAO,GAAG,SAAS,CAAC;IACnF,sCAAsC;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,uEAAuE;IACvE,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,wEAAwE;IACxE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,0DAA0D;IAC1D,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AA2ED;;;;;;;;;;;;GAYG;AACH,qBAAa,gBAAgB;IAC3B,+EAA+E;WAClE,KAAK,IAAI,OAAO,CAAC,eAAe,CAAC;IAyC9C;;;;;OAKG;mBACkB,UAAU;IAsC/B;;;;;OAKG;WACU,GAAG,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;IA4GrE;;;;;;;;;OASG;IACH,MAAM,CAAC,iBAAiB,CACtB,MAAM,EAAE,aAAa,EACrB,QAAQ,EAAE,MAAM,GACf,mBAAmB;CAmBvB;AAOD,YAAY,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC"}