@elsium-ai/cli 0.11.0 → 0.12.1

package/dist/cli.js

@@ -5814,71 +5814,344 @@ init_src();
 
 // ../tools/src/define.ts
 init_src();
+
+// ../tools/src/sandbox/runner.ts
+init_src();
+import { Worker } from "node:worker_threads";
+var WORKER_SCRIPT = `
+const { parentPort, workerData } = require('node:worker_threads')
+
+if (!parentPort) throw new Error('worker-runner must be run as a worker thread')
+
+const { handlerPath } = workerData
+let handlerPromise = null
+
+async function loadHandler() {
+	if (!handlerPromise) {
+		handlerPromise = (async () => {
+			const mod = await import(handlerPath)
+			const fn = (mod && (mod.default || mod.handler)) || null
+			if (typeof fn !== 'function') {
+				throw new Error(
+					'Sandbox handler module must export a default function or a named "handler" function: ' + handlerPath,
+				)
+			}
+			return fn
+		})().catch((err) => {
+			handlerPromise = null
+			throw err
+		})
+	}
+	return handlerPromise
+}
+
+parentPort.on('message', async (msg) => {
+	if (!msg || msg.type !== 'invoke') return
+	try {
+		const handler = await loadHandler()
+		const result = await handler(msg.input)
+		parentPort.postMessage({
+			type: 'result',
+			invocationId: msg.invocationId,
+			success: true,
+			data: result,
+		})
+	} catch (err) {
+		parentPort.postMessage({
+			type: 'result',
+			invocationId: msg.invocationId,
+			success: false,
+			error: {
+				name: (err && err.name) || 'Error',
+				message: (err && err.message) || String(err),
+				stack: err && err.stack,
+			},
+		})
+	}
+})
+`;
+function rejectPending(state, error) {
+  if (!state.pending)
+    return;
+  const pending = state.pending;
+  state.pending = null;
+  pending.reject(error);
+}
+function attachWorkerListeners(worker, state) {
+  worker.on("message", (msg) => {
+    if (msg?.type !== "result")
+      return;
+    const pending = state.pending;
+    if (!pending || pending.id !== msg.invocationId)
+      return;
+    state.pending = null;
+    if (msg.success) {
+      pending.resolve(msg.data);
+    } else {
+      const error = new Error(msg.error?.message ?? "Sandbox handler failed");
+      if (msg.error?.name)
+        error.name = msg.error.name;
+      if (msg.error?.stack)
+        error.stack = msg.error.stack;
+      pending.reject(error);
+    }
+  });
+  worker.on("error", (err2) => {
+    state.worker = null;
+    rejectPending(state, err2);
+  });
+  worker.on("exit", (code) => {
+    if (state.worker === worker)
+      state.worker = null;
+    if (code !== 0) {
+      rejectPending(state, new Error(`Sandbox worker exited with code ${code}`));
+    }
+  });
+}
+function ensureWorker(state, handlerPath) {
+  if (state.worker)
+    return state.worker;
+  const w = new Worker(WORKER_SCRIPT, {
+    eval: true,
+    workerData: { handlerPath }
+  });
+  attachWorkerListeners(w, state);
+  w.unref();
+  state.worker = w;
+  return w;
+}
+function killWorker(state) {
+  const dying = state.worker;
+  state.worker = null;
+  if (dying) {
+    dying.terminate().catch(() => {});
+  }
+}
+function postInvocation(state, worker, invocationId, input, timeoutMs, handlerPath, signal) {
+  return new Promise((resolve2, reject) => {
+    let timer = null;
+    let abortHandler = null;
+    const cleanup = () => {
+      if (timer)
+        clearTimeout(timer);
+      if (signal && abortHandler)
+        signal.removeEventListener("abort", abortHandler);
+    };
+    state.pending = {
+      id: invocationId,
+      resolve: (v) => {
+        cleanup();
+        resolve2(v);
+      },
+      reject: (e) => {
+        cleanup();
+        reject(e);
+      }
+    };
+    timer = setTimeout(() => {
+      if (state.pending?.id !== invocationId)
+        return;
+      const pending = state.pending;
+      state.pending = null;
+      killWorker(state);
+      pending.reject(ElsiumError.timeout(`sandbox(${handlerPath})`, timeoutMs));
+    }, timeoutMs);
+    if (signal) {
+      abortHandler = () => {
+        if (state.pending?.id !== invocationId)
+          return;
+        const pending = state.pending;
+        state.pending = null;
+        killWorker(state);
+        pending.reject(new Error("Sandbox invocation aborted"));
+      };
+      signal.addEventListener("abort", abortHandler, { once: true });
+    }
+    try {
+      worker.postMessage({ type: "invoke", invocationId, input });
+    } catch (err2) {
+      if (state.pending?.id === invocationId)
+        state.pending = null;
+      cleanup();
+      reject(err2 instanceof Error ? err2 : new Error(String(err2)));
+    }
+  });
+}
+function createWorkerSandboxRunner(config, defaultTimeoutMs) {
+  const handlerPath = typeof config.handler === "string" ? config.handler : config.handler.href;
+  const timeoutMs = config.timeoutMs ?? defaultTimeoutMs;
+  const state = {
+    worker: null,
+    pending: null,
+    chain: Promise.resolve(),
+    disposed: false
+  };
+  async function runOnce(input, signal) {
+    if (state.disposed) {
+      throw new Error("Sandbox runner has been disposed");
+    }
+    if (signal?.aborted) {
+      throw new Error("Sandbox invocation aborted");
+    }
+    const worker = ensureWorker(state, handlerPath);
+    const invocationId = generateId("si");
+    return postInvocation(state, worker, invocationId, input, timeoutMs, handlerPath, signal);
+  }
+  return {
+    async invoke(input, signal) {
+      const previous = state.chain.catch(() => {
+        return;
+      });
+      const next = previous.then(() => runOnce(input, signal));
+      state.chain = next.catch(() => {
+        return;
+      });
+      return next;
+    },
+    async dispose() {
+      state.disposed = true;
+      const w = state.worker;
+      state.worker = null;
+      rejectPending(state, new Error("Sandbox runner disposed"));
+      if (w) {
+        try {
+          await w.terminate();
+        } catch {}
+      }
+    }
+  };
+}
+
+// ../tools/src/define.ts
+var log7 = createLogger();
+var IS_BUN = typeof globalThis.Bun !== "undefined" || typeof process !== "undefined" && Boolean(process.versions.bun);
+var bunSandboxWarningShown = false;
+function warnBunSandboxOnce(toolName) {
+  if (bunSandboxWarningShown)
+    return;
+  bunSandboxWarningShown = true;
+  log7.warn(`Tool "${toolName}" uses sandbox.mode="worker" under Bun. Crash isolation is incomplete on Bun: process.exit() inside the handler does NOT terminate the worker (it does on Node). Other guarantees (process, memory, closure-state, timeout, abort) hold. Track: https://github.com/elsium-ai/elsium-ai/issues — search for "Bun crash isolation".`);
+}
+function formatZodErrors(error) {
+  return error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(", ");
+}
+function buildExecutionFailure(toolCallId, startTime, error) {
+  return {
+    success: false,
+    error,
+    toolCallId,
+    durationMs: Math.round(performance.now() - startTime)
+  };
+}
+function buildExecutionSuccess(toolCallId, startTime, data) {
+  return {
+    success: true,
+    data,
+    toolCallId,
+    durationMs: Math.round(performance.now() - startTime)
+  };
+}
+function wireUserSignalToController(controller, userSignal) {
+  if (!userSignal)
+    return;
+  if (userSignal.aborted) {
+    controller.abort();
+    return;
+  }
+  userSignal.addEventListener("abort", () => controller.abort(), { once: true });
+}
+function createAbortRejection(signal, isTimeout, name, timeoutMs) {
+  return new Promise((_, reject) => {
+    signal.addEventListener("abort", () => {
+      if (isTimeout()) {
+        reject(ElsiumError.timeout(name, timeoutMs));
+      } else {
+        reject(new ElsiumError({
+          code: "TOOL_ERROR",
+          message: `Tool "${name}" was aborted`,
+          retryable: false
+        }));
+      }
+    }, { once: true });
+  });
+}
 function defineTool(config) {
   const input = config.input ?? config.parameters;
   if (!input) {
     throw ElsiumError.validation(`Tool "${config.name}" requires an input schema (use "input" or "parameters" key)`);
   }
-  const { name, description, output, handler, timeoutMs = 30000 } = config;
-  return {
+  if (!config.handler && !config.sandbox) {
+    throw ElsiumError.validation(`Tool "${config.name}" requires either an inline "handler" or a "sandbox" config`);
+  }
+  if (config.sandbox && config.sandbox.mode !== "worker") {
+    throw ElsiumError.validation(`Tool "${config.name}" sandbox.mode must be "worker" (received "${config.sandbox.mode}")`);
+  }
+  if (config.sandbox && IS_BUN) {
+    warnBunSandboxOnce(config.name);
+  }
+  const { name, description, output, sandbox, timeoutMs = 30000 } = config;
+  const handler = config.handler;
+  let sandboxRunner = null;
+  function getSandboxRunner() {
+    if (!sandboxRunner) {
+      if (!sandbox) {
+        throw ElsiumError.validation(`Tool "${name}" has no sandbox config`);
+      }
+      sandboxRunner = createWorkerSandboxRunner(sandbox, timeoutMs);
+    }
+    return sandboxRunner;
+  }
+  async function runHandler(parsedInput, context) {
+    if (sandbox) {
+      const result = await getSandboxRunner().invoke(parsedInput, context.signal);
+      return result;
+    }
+    if (!handler) {
+      throw ElsiumError.validation(`Tool "${name}" has no handler`);
+    }
+    return handler(parsedInput, context);
+  }
+  const tool = {
     name,
     description,
     inputSchema: input,
     outputSchema: output,
     timeoutMs,
+    sandbox,
     async execute(rawInput, partialCtx) {
       const toolCallId = partialCtx?.toolCallId ?? generateId("tc");
       const startTime = performance.now();
       const parsed = input.safeParse(rawInput);
       if (!parsed.success) {
-        return {
-          success: false,
-          error: `Invalid input: ${parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(", ")}`,
-          toolCallId,
-          durationMs: Math.round(performance.now() - startTime)
-        };
+        return buildExecutionFailure(toolCallId, startTime, `Invalid input: ${formatZodErrors(parsed.error)}`);
       }
       const controller = new AbortController;
-      const timer = setTimeout(() => controller.abort(), timeoutMs);
+      let timedOut = false;
+      const timer = setTimeout(() => {
+        timedOut = true;
+        controller.abort();
+      }, timeoutMs);
+      wireUserSignalToController(controller, partialCtx?.signal);
       const context = {
         toolCallId,
         traceId: partialCtx?.traceId,
-        signal: partialCtx?.signal ?? controller.signal
+        signal: controller.signal
       };
       try {
         const result = await Promise.race([
-          handler(parsed.data, context),
-          new Promise((_, reject) => {
-            controller.signal.addEventListener("abort", () => {
-              reject(ElsiumError.timeout(name, timeoutMs));
-            });
-          })
+          runHandler(parsed.data, context),
+          createAbortRejection(controller.signal, () => timedOut, name, timeoutMs)
         ]);
         if (output) {
           const validated = output.safeParse(result);
           if (!validated.success) {
-            return {
-              success: false,
-              error: `Invalid output: ${validated.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(", ")}`,
-              toolCallId,
-              durationMs: Math.round(performance.now() - startTime)
-            };
+            return buildExecutionFailure(toolCallId, startTime, `Invalid output: ${formatZodErrors(validated.error)}`);
           }
         }
-        return {
-          success: true,
-          data: result,
-          toolCallId,
-          durationMs: Math.round(performance.now() - startTime)
-        };
+        return buildExecutionSuccess(toolCallId, startTime, result);
       } catch (error) {
         const message = error instanceof Error ? error.message : String(error);
-        return {
-          success: false,
-          error: message,
-          toolCallId,
-          durationMs: Math.round(performance.now() - startTime)
-        };
+        return buildExecutionFailure(toolCallId, startTime, message);
       } finally {
         clearTimeout(timer);
       }
@@ -5889,8 +6162,16 @@ function defineTool(config) {
         description,
         inputSchema: zodToJsonSchema(input)
       };
+    },
+    async dispose() {
+      if (sandboxRunner) {
+        const r = sandboxRunner;
+        sandboxRunner = null;
+        await r.dispose();
+      }
     }
   };
+  return tool;
 }
 // ../tools/src/toolkit.ts
 init_src();
@@ -10218,7 +10499,7 @@ init_src();
 init_src();
 import { createRequire } from "node:module";
 var require2 = createRequire(import.meta.url);
-var log7 = createLogger();
+var log8 = createLogger();
 var BLOCKED_KEYS2 = new Set(["__proto__", "constructor", "prototype"]);
 // ../agents/src/stores/integrity.ts
 var ZERO_HASH = "0".repeat(64);
@@ -10228,7 +10509,7 @@ init_src();
 init_src();
 // ../agents/src/async-agent.ts
 init_src();
-var log8 = createLogger();
+var log9 = createLogger();
 // ../agents/src/session.ts
 init_src();
 // ../agents/src/react.ts
@@ -10251,7 +10532,7 @@ var vectorStoreRegistry = createRegistry("vectorStore");
 init_src();
 import { createRequire as createRequire2 } from "node:module";
 var require3 = createRequire2(import.meta.url);
-var log9 = createLogger();
+var log10 = createLogger();
 var BLOCKED_KEYS3 = new Set(["__proto__", "constructor", "prototype"]);
 // ../rag/src/stores/qdrant.ts
 init_src();
@@ -10466,13 +10747,13 @@ init_src();
 init_src();
 // ../observe/src/tracer.ts
 init_src();
-var log10 = createLogger();
+var log11 = createLogger();
 // ../observe/src/audit.ts
 import { createHash as createHash5 } from "node:crypto";
 
 // ../observe/src/audit-sink.ts
 init_src();
-var log11 = createLogger();
+var log12 = createLogger();
 function getRetryDelay2(attempt, baseDelayMs, maxDelayMs) {
   const delay = Math.min(baseDelayMs * 2 ** attempt, maxDelayMs);
   return delay * (0.5 + Math.random() * 0.5);
@@ -10500,14 +10781,14 @@ async function deliverToSink(sink, events, retryConfig, deadLetterSink, onError)
   try {
     await sendWithRetry(sink, filtered, retryConfig);
   } catch (error) {
-    log11.error("Audit sink delivery failed", { sink: sink.name });
+    log12.error("Audit sink delivery failed", { sink: sink.name });
     onError?.(sink.name, error);
     if (!deadLetterSink)
       return;
     try {
       await deadLetterSink.send(filtered);
     } catch (dlqError) {
-      log11.error("Dead letter sink delivery failed", { sink: deadLetterSink.name });
+      log12.error("Dead letter sink delivery failed", { sink: deadLetterSink.name });
       onError?.(deadLetterSink.name, dlqError);
     }
   }
@@ -10551,7 +10832,7 @@ function createSinkManager(config) {
     dispatch(event) {
       if (buffer.length >= maxBufferSize) {
         buffer.shift();
-        log11.warn("Audit sink buffer full, dropping oldest event");
+        log12.warn("Audit sink buffer full, dropping oldest event");
       }
       buffer.push(event);
       if (buffer.length >= batchSize)
@@ -10862,16 +11143,16 @@ function auditMiddleware(auditTrail) {
 }
 // ../observe/src/audit-sink-jsonl.ts
 init_src();
-var log12 = createLogger();
+var log13 = createLogger();
 // ../observe/src/experiment.ts
 init_src();
-var log13 = createLogger();
+var log14 = createLogger();
 // ../observe/src/studio-exporter.ts
 init_src();
-var log14 = createLogger();
+var log15 = createLogger();
 // ../observe/src/otel.ts
 init_src();
-var log15 = createLogger();
+var log16 = createLogger();
 // ../app/src/app.ts
 init_src();
 
@@ -12632,19 +12913,19 @@ init_src();
 init_src();
 
 // ../app/src/app.ts
-var log16 = createLogger();
+var log17 = createLogger();
 // ../app/src/rbac.ts
 init_src();
-var log17 = createLogger();
+var log18 = createLogger();
 // ../app/src/tenant.ts
 init_src();
-var log18 = createLogger();
+var log19 = createLogger();
 var tenantUsage = new Map;
 // ../mcp/src/client.ts
 init_src();
 // ../mcp/src/server.ts
 init_src();
-var log19 = createLogger();
+var log20 = createLogger();
 // ../mcp/src/trust.ts
 init_src();
 var MAX_TOOL_OUTPUT_SIZE = 1024 * 1024;

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@elsium-ai/cli",
-	"version": "0.11.0",
+	"version": "0.12.1",
 	"description": "CLI tool for ElsiumAI projects",
 	"license": "MIT",
 	"author": "Eric Utrera <ebutrera9103@gmail.com>",
@@ -24,9 +24,9 @@
 		"dev": "bun --watch src/cli.ts"
 	},
 	"dependencies": {
-		"@elsium-ai/core": "^0.11.0",
-		"@elsium-ai/observe": "^0.11.0",
-		"elsium-ai": "^0.11.0"
+		"@elsium-ai/core": "^0.12.1",
+		"@elsium-ai/observe": "^0.12.1",
+		"elsium-ai": "^0.12.1"
 	},
 	"devDependencies": {
 		"typescript": "^5.7.0"