@dura-run/cli 0.3.2 → 0.3.3

package/README.md

@@ -45,12 +45,12 @@ All project-scoped commands pick up `projectId` from `dura.json` — you only ne
 
 ### `dura dev` runs your handlers in-process (GH #118)
 
-Until we wire isolated-vm into the local runner, `dura dev` loads your
-automation code via native `import(...)` in the CLI's Node process. That
-process has full access to your filesystem — including `~/.dura/config`
-(where the CLI stores your API key), `~/.ssh`, `~/.aws`, and environment
-variables. A malicious npm dependency anywhere in your handler's import
-graph could read those files and exfiltrate them on the first request.
+`dura dev` loads your automation code via native `import(...)` in the
+CLI's Node process. That process has full access to your filesystem —
+including `~/.dura/config` (where the CLI stores your API key), `~/.ssh`,
+`~/.aws`, and environment variables. A malicious npm dependency anywhere
+in your handler's import graph could read those files and exfiltrate
+them on the first request.
 
 To make this risk explicit, `dura dev` refuses to start whenever you
 have credentials stored locally unless you opt in per project:
@@ -77,9 +77,15 @@ Treat `dura dev` with the same trust you'd give `node -e ...` in a
 project that imports every one of your dependencies — audit your
 `package.json` (and lockfile) before trusting a new project.
 
-We're tracking a full isolated-vm migration for local dev in
-[GH #147](https://github.com/dura-run/dura-run/issues/147) — once
-that ships, the trust gate will be removed.
+The trust gate is the permanent mitigation. We evaluated a full
+isolated-vm migration for local dev in
+[GH #147](https://github.com/dura-run/dura-run/issues/147) and declined
+it: the threat window is narrow (malicious deps mostly fire at install
+or require-time, which sandboxing `dura dev` wouldn't help with), and
+the engineering cost is high relative to the mitigation. Production
+handlers run in a real V8 isolate via the executor service. See
+[docs/internal/architecture.md](../../docs/internal/architecture.md) for
+the threat-model decision.
 
 ## Documentation
 

package/dist/dura.js

@@ -14019,6 +14019,62 @@ function generateDeploymentManifest(_projectDir, manifest) {
 }
 var init_manifest_generator = () => {};
 
+// src/lib/parity-check.ts
+import { builtinModules } from "node:module";
+import * as esbuild from "esbuild";
+function isNodeBuiltinSpecifier(specifier) {
+  if (specifier.startsWith("node:"))
+    return true;
+  return BARE_BUILTIN_SET.has(specifier);
+}
+async function analyzeNodeBuiltinImports(entryPath) {
+  const externalList = [
+    "node:*",
+    ...builtinModules,
+    ...builtinModules.map((m) => `node:${m}`)
+  ];
+  let result;
+  try {
+    result = await esbuild.build({
+      entryPoints: [entryPath],
+      bundle: true,
+      metafile: true,
+      write: false,
+      platform: "neutral",
+      format: "esm",
+      logLevel: "silent",
+      external: externalList
+    });
+  } catch {
+    return [];
+  }
+  const seen = new Set;
+  const hits = [];
+  for (const [importerPath, info] of Object.entries(result.metafile.inputs)) {
+    for (const imp of info.imports) {
+      if (!imp.external)
+        continue;
+      if (!isNodeBuiltinSpecifier(imp.path))
+        continue;
+      const key = `${imp.path}\x00${importerPath}`;
+      if (seen.has(key))
+        continue;
+      seen.add(key);
+      hits.push({ specifier: imp.path, importer: importerPath });
+    }
+  }
+  hits.sort((a, b2) => {
+    if (a.specifier !== b2.specifier)
+      return a.specifier < b2.specifier ? -1 : 1;
+    return a.importer < b2.importer ? -1 : a.importer > b2.importer ? 1 : 0;
+  });
+  return hits;
+}
+var BARE_BUILTIN_SET;
+var init_parity_check = __esm(() => {
+  BARE_BUILTIN_SET = new Set(builtinModules);
+});
+
 // src/lib/bundler.ts
 import { join as join6, resolve as resolve2 } from "node:path";
 import {
@@ -14031,7 +14087,7 @@ import {
 } from "node:fs";
 import { createGzip } from "node:zlib";
 import { Readable } from "node:stream";
-import * as esbuild from "esbuild";
+import * as esbuild2 from "esbuild";
 async function createBundle(projectDir, options) {
   const maxSize = options?.maxBundleSize ?? MAX_BUNDLE_SIZE_BYTES;
   let duraManifest;
@@ -14048,6 +14104,7 @@ async function createBundle(projectDir, options) {
     rmSync(buildDir, { recursive: true });
   }
   mkdirSync3(buildDir, { recursive: true });
+  const parityWarnings = [];
   for (const auto of duraManifest.automations) {
     const entryPath = resolve2(projectDir, auto.entrypoint);
     if (!existsSync5(entryPath)) {
@@ -14060,7 +14117,7 @@ async function createBundle(projectDir, options) {
     const outFile = join6(buildDir, `${auto.name}.js`);
     try {
       const source = readFileSync5(entryPath, "utf-8");
-      const xformed = await esbuild.transform(source, {
+      const xformed = await esbuild2.transform(source, {
         loader: "ts",
         target: "es2022",
         sourcemap: false
@@ -14073,6 +14130,12 @@ async function createBundle(projectDir, options) {
         error: `Failed to bundle ${auto.name}: ${err instanceof Error ? err.message : String(err)}`
       };
     }
+    try {
+      const hits = await analyzeNodeBuiltinImports(entryPath);
+      if (hits.length > 0) {
+        parityWarnings.push({ automation: auto.name, hits });
+      }
+    } catch {}
   }
   const deployManifest = generateDeploymentManifest(projectDir, duraManifest);
   writeFileSync5(join6(buildDir, "manifest.json"), JSON.stringify(deployManifest, null, 2));
@@ -14089,7 +14152,8 @@ async function createBundle(projectDir, options) {
     success: true,
     archiveBuffer,
     manifest: deployManifest,
-    sizeBytes: archiveBuffer.length
+    sizeBytes: archiveBuffer.length,
+    parityWarnings
   };
 }
 async function createTarGz(dir) {
@@ -14181,6 +14245,7 @@ var init_bundler = __esm(() => {
   init_src2();
   init_manifest2();
   init_manifest_generator();
+  init_parity_check();
 });
 
 // src/commands/deploy.ts
@@ -14220,6 +14285,18 @@ function registerDeployCommand(program2) {
       return;
     }
     output.info(`Bundle created: ${bundle.sizeBytes} bytes`);
+    if (bundle.parityWarnings && bundle.parityWarnings.length > 0) {
+      for (const w of bundle.parityWarnings) {
+        const lines = [
+          `"${w.automation}" imports Node built-ins that are not available in the dura.run runtime:`,
+          ...w.hits.map((h) => `  ${h.specifier.padEnd(22)} (imported by ${h.importer})`),
+          `Your handler may fail when invoked in production.`,
+          `See https://dura.run/docs/runtime for the available runtime surface.`
+        ];
+        output.warn(lines.join(`
+`));
+      }
+    }
     output.info("Deploying...");
     try {
       const result = await client.deployBundle(projectId, bundle.archiveBuffer, bundle.manifest);
@@ -14239,7 +14316,8 @@ function registerDeployCommand(program2) {
         activatedAt: result.deployment.activatedAt,
         bundleSize: bundle.sizeBytes,
         automations: bundle.manifest.automations.length,
-        urls: result.urls ?? []
+        urls: result.urls ?? [],
+        parityWarnings: bundle.parityWarnings ?? []
       });
       if (result.urls && result.urls.length > 0) {
         output.info(`
@@ -14816,9 +14894,10 @@ function renderTrustRefusal() {
   return [
     `${bold}${yellow}dura dev refuses to start.${reset2}`,
     "",
-    "Your local machine has stored dura credentials, and `dura dev` currently",
-    "loads your handler code with full filesystem access. Until we ship an",
-    "isolated-vm sandbox for local dev, you must explicitly accept this risk.",
+    "Your local machine has stored dura credentials, and `dura dev` loads",
+    "your handler code with full filesystem access. Production isolation",
+    "lives in @dura/executor; dura dev intentionally does not sandbox (see",
+    "#147). You must explicitly accept this risk to start the dev server.",
     "",
     "To proceed, pick ONE of:",
     "",
@@ -19513,7 +19592,7 @@ async function registerAllCommands(program2) {
   registerOpenApiCommand2(program2);
   return program2;
 }
-var CLI_VERSION = "0.3.2";
+var CLI_VERSION = "0.3.3";
 var init_src3 = __esm(() => {
   init_esm();
   if (import.meta.url === `file://${realpathSync(process.argv[1] ?? "").replace(/\\/g, "/")}`) {
@@ -19530,4 +19609,4 @@ export {
   CLI_VERSION
 };
 
-//# debugId=BE2D824A7368E16F64756E2164756E21
+//# debugId=865D5FDBF88E91E164756E2164756E21

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dura-run/cli",
-  "version": "0.3.2",
+  "version": "0.3.3",
   "description": "CLI for the dura.run managed automation platform",
   "license": "Apache-2.0",
   "type": "module",

package/skills/dura-develop.md

@@ -2,6 +2,37 @@
 
 > This skill teaches an AI agent how to scaffold projects, write automation handlers, use SDK globals, and run locally with `dura dev`.
 
+## Runtime constraints
+
+Handlers run in a V8 isolate on dura.run. **No Node built-ins, no filesystem, no child processes, no native addons.** If you reach for `node:fs`, `Buffer`, `child_process`, or `require('some-native-lib')`, the deploy will warn and the handler will fail at runtime.
+
+**What IS available:**
+
+- Standard JavaScript globals (`Date`, `Math`, `JSON`, `Promise`, `Uint8Array`, etc.)
+- `crypto.randomUUID()` and `crypto.getRandomValues(typedArray)` (WebCrypto-spec random)
+- `TextEncoder` and `TextDecoder` (UTF-8 only)
+- The fetch API (via `dura.fetch`)
+- The `dura.*` SDK surface: `fetch`, `log`, `env`, `kv`, `trigger`, `triggerAndWait`
+
+**What is NOT available yet:**
+
+- `crypto.subtle.*` (hashing, signing, key derivation). For these, call a trusted external service via `dura.fetch`.
+
+**Use these replacements for common Node-isms:**
+
+| Don't use             | Use instead                                                                                |
+| --------------------- | ------------------------------------------------------------------------------------------ |
+| `node:fs`             | `dura.kv` or the artifact APIs                                                             |
+| `node:crypto` for IDs | `crypto.randomUUID()`                                                                      |
+| `node:crypto` for random bytes | `crypto.getRandomValues(new Uint8Array(n))`                                       |
+| `node:crypto` for hashing/signing | Not yet supported — call an external service via `dura.fetch`                  |
+| `Buffer`              | `Uint8Array` with `TextEncoder` / `TextDecoder`                                            |
+| `node:child_process`  | Not supported — there is no process boundary to use                                        |
+| `node:http` / `https` | `dura.fetch`                                                                               |
+| `process.env.X`       | `dura.env.get("X")`                                                                        |
+
+If `dura deploy` warns about Node built-ins in your bundle, swap to the equivalent above before shipping.
+
 ## Scaffolding a New Project
 
 ### `dura new <name>` — Create a New Project