@ebowwa/sandbox 0.1.1

package/src/core/runtime.ts

@@ -0,0 +1,499 @@
+/**
+ * Runtime Primitive
+ *
+ * Executes compiled code (WASM) with resource limits and permissions.
+ * Composable: different runtimes for different isolation levels.
+ */
+
+import type {
+  ExecutionResult,
+  ExecutionMetrics,
+  Permissions,
+  Limits,
+  DisplayOutput,
+} from "./types.js";
+import type { CompileResult } from "./compiler.js";
+
+/** Runtime options */
+export interface RuntimeOptions {
+  permissions: Permissions;
+  limits: Limits;
+  /** Environment variables */
+  env?: Record<string, string>;
+  /** Working directory */
+  cwd?: string;
+  /** Abort signal */
+  signal?: AbortSignal;
+}
+
+/** Execution request */
+export interface ExecutionRequest {
+  /** Compiled WASM */
+  wasm: CompileResult;
+  /** Entrypoint function */
+  entrypoint?: string;
+  /** Arguments to pass */
+  args?: unknown[];
+  /** Input data */
+  input?: unknown;
+  /** Previous state */
+  state?: Map<string, unknown>;
+}
+
+/** Base runtime interface */
+export interface IRuntime {
+  /** Runtime name */
+  readonly name: string;
+
+  /** Runtime capabilities */
+  readonly capabilities: RuntimeCapabilities;
+
+  /** Initialize runtime */
+  init(): Promise<void>;
+
+  /** Check if runtime is available */
+  isAvailable(): Promise<boolean>;
+
+  /** Execute compiled code */
+  execute(request: ExecutionRequest, options: RuntimeOptions): Promise<ExecutionResult>;
+
+  /** Terminate runtime and cleanup resources */
+  terminate(): Promise<void>;
+
+  /** Check if currently executing */
+  isExecuting(): boolean;
+}
+
+/** Runtime capabilities */
+export interface RuntimeCapabilities {
+  /** Isolation level */
+  isolation: "none" | "process" | "vm" | "wasm" | "container";
+  /** Supports state persistence */
+  stateful: boolean;
+  /** Supports async execution */
+  async: boolean;
+  /** Can access filesystem */
+  filesystem: boolean;
+  /** Can access network */
+  network: boolean;
+  /** Max memory (bytes) */
+  maxMemory: number;
+  /** Supports WASI */
+  wasi: boolean;
+}
+
+/**
+ * WASM-in-WASM Runtime
+ *
+ * Uses @ebowwa/wasm2wasm for maximum isolation.
+ * Runs WASM bytecode inside a WASM interpreter.
+ */
+export class Wasm2WasmRuntime implements IRuntime {
+  readonly name = "wasm2wasm";
+  readonly capabilities: RuntimeCapabilities = {
+    isolation: "wasm",
+    stateful: false,
+    async: true,
+    filesystem: false,
+    network: false,
+    maxMemory: 256 * 1024 * 1024, // 256MB
+    wasi: false,
+  };
+
+  private executing = false;
+
+  async init(): Promise<void> {
+    // Will initialize wasm2wasm when needed
+  }
+
+  async isAvailable(): Promise<boolean> {
+    try {
+      // Check if @ebowwa/wasm2wasm is available
+      const module = await import("@ebowwa/wasm2wasm");
+      return typeof module.execute === "function";
+    } catch {
+      return false;
+    }
+  }
+
+  async execute(
+    request: ExecutionRequest,
+    options: RuntimeOptions
+  ): Promise<ExecutionResult> {
+    const startTime = Date.now();
+    this.executing = true;
+
+    try {
+      // Dynamic import to avoid bundling issues
+      const { execute, validate } = await import("@ebowwa/wasm2wasm");
+
+      // Validate WASM first
+      const validation = validate(request.wasm.wasmBytes);
+      if (!validation.valid) {
+        return this.createErrorResult(
+          `Invalid WASM: ${validation.error}`,
+          "compile",
+          startTime
+        );
+      }
+
+      // Configure runtime with limits
+      const maxMemory = this.parseMemory(options.limits.memory);
+      const timeout = this.parseTimeout(options.limits.timeout);
+
+      // Set up timeout
+      const controller = new AbortController();
+      const timeoutId = setTimeout(
+        () => controller.abort(),
+        timeout
+      );
+
+      // Combine signals
+      const combinedSignal = options.signal
+        ? this.combineSignals(options.signal, controller.signal)
+        : controller.signal;
+
+      try {
+        // Execute using the main execute function
+        const result = await execute(request.wasm.wasmBytes, {
+          maxMemoryPages: Math.floor(maxMemory / 65536),
+        });
+
+        clearTimeout(timeoutId);
+
+        return {
+          success: result.success,
+          value: result.output,
+          metrics: {
+            duration: Date.now() - startTime,
+            memoryUsed: result.memoryUsed ?? 0,
+          },
+          output: {
+            stdout: [],
+            stderr: result.error ? [result.error] : [],
+            displays: [],
+          },
+        };
+      } catch (error) {
+        clearTimeout(timeoutId);
+
+        if (combinedSignal.aborted) {
+          return this.createErrorResult(
+            "Execution timed out",
+            "timeout",
+            startTime
+          );
+        }
+
+        throw error;
+      }
+    } catch (error) {
+      return this.createErrorResult(
+        error instanceof Error ? error.message : String(error),
+        "runtime",
+        startTime
+      );
+    } finally {
+      this.executing = false;
+    }
+  }
+
+  async terminate(): Promise<void> {
+    this.executing = false;
+  }
+
+  isExecuting(): boolean {
+    return this.executing;
+  }
+
+  private createErrorResult(
+    message: string,
+    type: "compile" | "runtime" | "permission" | "limit" | "timeout" | "cancel",
+    startTime: number
+  ): ExecutionResult {
+    return {
+      success: false,
+      error: { message, type },
+      metrics: {
+        duration: Date.now() - startTime,
+        memoryUsed: 0,
+      },
+      output: { stdout: [], stderr: [], displays: [] },
+    };
+  }
+
+  private parseMemory(memory: string | number | undefined): number {
+    if (!memory) return 16 * 1024 * 1024; // 16MB default
+    if (typeof memory === "number") return memory;
+    const match = memory.match(/^(\d+(?:\.\d+)?)\s*(b|kb|mb|gb)?$/i);
+    if (!match) return 16 * 1024 * 1024;
+    const [, num, unit] = match;
+    const multipliers: Record<string, number> = {
+      b: 1, kb: 1024, mb: 1024 ** 2, gb: 1024 ** 3,
+    };
+    return Math.floor(parseFloat(num) * (multipliers[unit?.toLowerCase() ?? "b"] ?? 1));
+  }
+
+  private parseTimeout(timeout: string | number | undefined): number {
+    if (!timeout) return 30000; // 30s default
+    if (typeof timeout === "number") return timeout;
+    const match = timeout.match(/^(\d+(?:\.\d+)?)\s*(ms|s|m)?$/i);
+    if (!match) return 30000;
+    const [, num, unit] = match;
+    const multipliers: Record<string, number> = {
+      ms: 1, s: 1000, m: 60000,
+    };
+    return Math.floor(parseFloat(num) * (multipliers[unit?.toLowerCase() ?? "ms"] ?? 1));
+  }
+
+  private combineSignals(sig1: AbortSignal, sig2: AbortSignal): AbortSignal {
+    const controller = new AbortController();
+
+    const handler = () => {
+      controller.abort();
+      sig1.removeEventListener("abort", handler);
+      sig2.removeEventListener("abort", handler);
+    };
+
+    sig1.addEventListener("abort", handler);
+    sig2.addEventListener("abort", handler);
+
+    return controller.signal;
+  }
+}
+
+/**
+ * Native WASM Runtime
+ *
+ * Uses browser/Node WebAssembly API directly.
+ * Less isolated but faster.
+ */
+export class NativeWasmRuntime implements IRuntime {
+  readonly name = "native-wasm";
+  readonly capabilities: RuntimeCapabilities = {
+    isolation: "process",
+    stateful: true,
+    async: true,
+    filesystem: true,
+    network: true,
+    maxMemory: 4 * 1024 * 1024 * 1024, // 4GB
+    wasi: true,
+  };
+
+  private executing = false;
+
+  async init(): Promise<void> {
+    // No init needed
+  }
+
+  async isAvailable(): Promise<boolean> {
+    return typeof WebAssembly === "object";
+  }
+
+  async execute(
+    request: ExecutionRequest,
+    options: RuntimeOptions
+  ): Promise<ExecutionResult> {
+    const startTime = Date.now();
+    this.executing = true;
+
+    const stdout: string[] = [];
+    const stderr: string[] = [];
+    const displays: DisplayOutput[] = [];
+
+    try {
+      // Compile WASM
+      const module = await WebAssembly.compile(request.wasm.wasmBytes);
+
+      // Build imports based on permissions
+      const imports = this.buildImports(options.permissions, stdout, stderr, displays);
+
+      // Instantiate
+      const instance = await WebAssembly.instantiate(module, imports);
+
+      // Get entrypoint
+      const entrypoint = request.entrypoint || "_start";
+      const exports = instance.exports as Record<string, unknown>;
+
+      if (!(entrypoint in exports)) {
+        return this.createErrorResult(
+          `Entrypoint '${entrypoint}' not found in exports`,
+          "runtime",
+          startTime,
+          stdout,
+          stderr
+        );
+      }
+
+      const fn = exports[entrypoint];
+      if (typeof fn !== "function") {
+        return this.createErrorResult(
+          `Export '${entrypoint}' is not a function`,
+          "runtime",
+          startTime,
+          stdout,
+          stderr
+        );
+      }
+
+      // Execute with timeout
+      const timeout = this.parseTimeout(options.limits?.timeout);
+      const result = await Promise.race([
+        (fn as (...args: unknown[]) => unknown)(...(request.args ?? [])),
+        new Promise((_, reject) =>
+          setTimeout(() => reject(new Error("Timeout")), timeout)
+        ),
+      ]);
+
+      return {
+        success: true,
+        value: result,
+        metrics: {
+          duration: Date.now() - startTime,
+          memoryUsed: 0, // Not available in native
+        },
+        output: { stdout, stderr, displays },
+      };
+    } catch (error) {
+      return this.createErrorResult(
+        error instanceof Error ? error.message : String(error),
+        "runtime",
+        startTime,
+        stdout,
+        stderr
+      );
+    } finally {
+      this.executing = false;
+    }
+  }
+
+  async terminate(): Promise<void> {
+    this.executing = false;
+  }
+
+  isExecuting(): boolean {
+    return this.executing;
+  }
+
+  private buildImports(
+    permissions: Permissions,
+    stdout: string[],
+    stderr: string[],
+    displays: DisplayOutput[]
+  ): WebAssembly.Imports {
+    const imports: WebAssembly.Imports = {};
+
+    // Console import (always available)
+    imports.env = {
+      ...imports.env,
+      console_log: (msg: number, len: number) => {
+        // Simplified - would need memory access
+        stdout.push(`[log] message at offset ${msg}`);
+      },
+      console_error: (msg: number, len: number) => {
+        stderr.push(`[error] message at offset ${msg}`);
+      },
+    };
+
+    // Add memory if needed
+    if (permissions.fs?.read || permissions.fs?.write) {
+      imports.env = {
+        ...imports.env,
+        fs_read: () => { /* TODO: implement */ },
+        fs_write: () => { /* TODO: implement */ },
+      };
+    }
+
+    return imports;
+  }
+
+  private createErrorResult(
+    message: string,
+    type: "compile" | "runtime" | "permission" | "limit" | "timeout" | "cancel",
+    startTime: number,
+    stdout: string[] = [],
+    stderr: string[] = []
+  ): ExecutionResult {
+    return {
+      success: false,
+      error: { message, type },
+      metrics: {
+        duration: Date.now() - startTime,
+        memoryUsed: 0,
+      },
+      output: { stdout, stderr, displays: [] },
+    };
+  }
+
+  private parseTimeout(timeout: string | number | undefined): number {
+    if (!timeout) return 30000;
+    if (typeof timeout === "number") return timeout;
+    const match = timeout.match(/^(\d+(?:\.\d+)?)\s*(ms|s|m)?$/i);
+    if (!match) return 30000;
+    const [, num, unit] = match;
+    const multipliers: Record<string, number> = {
+      ms: 1, s: 1000, m: 60000,
+    };
+    return Math.floor(parseFloat(num) * (multipliers[unit?.toLowerCase() ?? "ms"] ?? 1));
+  }
+}
+
+/**
+ * Runtime Registry
+ *
+ * Manages available runtimes and selects appropriate one.
+ */
+export class RuntimeRegistry {
+  private runtimes = new Map<string, IRuntime>();
+
+  register(runtime: IRuntime): void {
+    this.runtimes.set(runtime.name, runtime);
+  }
+
+  get(name: string): IRuntime | undefined {
+    return this.runtimes.get(name);
+  }
+
+  has(name: string): boolean {
+    return this.runtimes.has(name);
+  }
+
+  async getAvailable(): Promise<string[]> {
+    const available: string[] = [];
+    for (const [name, runtime] of this.runtimes) {
+      if (await runtime.isAvailable()) {
+        available.push(name);
+      }
+    }
+    return available;
+  }
+
+  /**
+   * Select best runtime for given requirements
+   */
+  selectBest(requirements: {
+    isolation?: RuntimeCapabilities["isolation"];
+    filesystem?: boolean;
+    network?: boolean;
+  }): IRuntime | undefined {
+    for (const runtime of this.runtimes.values()) {
+      const caps = runtime.capabilities;
+      if (requirements.isolation && caps.isolation !== requirements.isolation) {
+        continue;
+      }
+      if (requirements.filesystem && !caps.filesystem) {
+        continue;
+      }
+      if (requirements.network && !caps.network) {
+        continue;
+      }
+      return runtime;
+    }
+    return undefined;
+  }
+}
+
+// Default registry with built-in runtimes
+export const defaultRuntimeRegistry = new RuntimeRegistry();
+defaultRuntimeRegistry.register(new Wasm2WasmRuntime());
+defaultRuntimeRegistry.register(new NativeWasmRuntime());