@isol8/core 0.13.0-alpha.0

package/README.md

@@ -0,0 +1,39 @@
+# @isol8/core
+
+Core engine for isol8 secure code execution.
+
+> **Note**: The `isol8` package is deprecated. Use `@isol8/core` instead.
+
+For full documentation, usage examples, and contribution guidelines, see the main [isol8 README](../README.md).
+
+## Installation
+
+```bash
+npm install @isol8/core
+```
+
+## Quick Start
+
+```typescript
+import { DockerIsol8 } from "@isol8/core";
+
+const engine = new DockerIsol8();
+await engine.start();
+
+const result = await engine.execute({
+  code: "print('Hello from isol8!')",
+  runtime: "python",
+});
+
+console.log(result.stdout); // "Hello from isol8!\n"
+
+await engine.stop();
+```
+
+## API
+
+See [API Documentation](https://isol8.dev/docs/api) for full API reference.
+
+## License
+
+MIT - See [../LICENSE](../LICENSE)

package/dist/client/remote.d.ts

@@ -0,0 +1,64 @@
+/**
+ * @module client/remote
+ *
+ * HTTP client for communicating with a remote isol8 server. Implements the
+ * {@link Isol8Engine} interface, so it can be used interchangeably with
+ * {@link DockerIsol8} for local-vs-remote execution.
+ */
+import type { ExecutionRequest, ExecutionResult, Isol8Engine, Isol8Options, StartOptions, StreamEvent } from "../types";
+/** Connection options for the remote isol8 client. */
+export interface RemoteIsol8Options {
+    /** Base URL of the isol8 server (e.g. `"http://localhost:3000"`). */
+    host: string;
+    /** API key for Bearer token authentication. */
+    apiKey: string;
+    /** Optional session ID for persistent mode. If set, the server maintains container state across calls. */
+    sessionId?: string;
+}
+/**
+ * Remote isol8 client that communicates with an isol8 server over HTTP.
+ * Implements the {@link Isol8Engine} interface for seamless local/remote switching.
+ *
+ * @example
+ * ```typescript
+ * const isol8 = new RemoteIsol8(
+ *   { host: "http://localhost:3000", apiKey: "secret" },
+ *   { network: "none" }
+ * );
+ * await isol8.start();
+ * const result = await isol8.execute({ code: "print(1)", runtime: "python" });
+ * await isol8.stop();
+ * ```
+ */
+export declare class RemoteIsol8 implements Isol8Engine {
+    private readonly host;
+    private readonly apiKey;
+    private readonly sessionId?;
+    private readonly isol8Options?;
+    /**
+     * @param options - Connection options (host, API key, session ID).
+     * @param isol8Options - Isol8 configuration to send to the server.
+     */
+    constructor(options: RemoteIsol8Options, isol8Options?: Isol8Options);
+    /** Verify the remote server is reachable by hitting the `/health` endpoint. */
+    start(_options?: StartOptions): Promise<void>;
+    /** Destroy the remote session (if persistent). No-op for ephemeral mode. */
+    stop(): Promise<void>;
+    /** Execute code on the remote server and return the result. */
+    execute(req: ExecutionRequest): Promise<ExecutionResult>;
+    /**
+     * Execute code on the remote server and stream output chunks via SSE.
+     * Yields {@link StreamEvent} objects as they arrive from the server.
+     */
+    executeStream(req: ExecutionRequest): AsyncIterable<StreamEvent>;
+    /**
+     * Upload a file to the remote container (persistent mode only).
+     * Content is Base64-encoded for transport.
+     */
+    putFile(path: string, content: Buffer | string): Promise<void>;
+    /** Download a file from the remote container (persistent mode only). */
+    getFile(path: string): Promise<Buffer>;
+    /** Internal fetch wrapper that attaches auth and content-type headers. */
+    private fetch;
+}
+//# sourceMappingURL=remote.d.ts.map

package/dist/client/remote.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"remote.d.ts","sourceRoot":"","sources":["../../src/client/remote.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,WAAW,EACZ,MAAM,UAAU,CAAC;AAElB,sDAAsD;AACtD,MAAM,WAAW,kBAAkB;IACjC,qEAAqE;IACrE,IAAI,EAAE,MAAM,CAAC;IACb,+CAA+C;IAC/C,MAAM,EAAE,MAAM,CAAC;IACf,0GAA0G;IAC1G,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAe;IAE7C;;;OAGG;gBACS,OAAO,EAAE,kBAAkB,EAAE,YAAY,CAAC,EAAE,YAAY;IAOpE,+EAA+E;IACzE,KAAK,CAAC,QAAQ,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAQnD,4EAA4E;IACtE,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAM3B,+DAA+D;IACzD,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAkB9D;;;OAGG;IACI,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC;IA0DvE;;;OAGG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAwBpE,wEAAwE;IAClE,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgB5C,0EAA0E;YAC5D,KAAK;CAUpB"}

package/dist/config.d.ts

@@ -0,0 +1,36 @@
+/**
+ * @module config
+ *
+ * Configuration discovery and loading for isol8. Searches for `isol8.config.json`
+ * in the working directory and then in `~/.isol8/config.json`, merging any found
+ * config with built-in defaults.
+ */
+import type { Isol8Config } from "./types";
+/**
+ * Built-in default configuration. Used as the base for all config merges.
+ * All values here are the "safe defaults" — network disabled, conservative limits.
+ */
+declare const DEFAULT_CONFIG: Isol8Config;
+/**
+ * Discovers and loads the isol8 configuration file.
+ *
+ * Search order (first match wins):
+ * 1. `isol8.config.json` in CWD (or the provided `cwd` argument)
+ * 2. `~/.isol8/config.json`
+ *
+ * If no config file is found, returns a copy of {@link DEFAULT_CONFIG}.
+ * Partial configs are deep-merged with defaults — you only need to specify
+ * the fields you want to override.
+ *
+ * @param cwd - Optional working directory to search from (defaults to `process.cwd()`).
+ * @returns The resolved configuration.
+ *
+ * @example
+ * ```typescript
+ * const config = loadConfig();
+ * console.log(config.defaults.timeoutMs); // 30000
+ * ```
+ */
+export declare function loadConfig(cwd?: string): Isol8Config;
+export { DEFAULT_CONFIG };
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C;;;GAGG;AACH,QAAA,MAAM,cAAc,EAAE,WA0DrB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,UAAU,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,WAAW,CAepD;AAiDD,OAAO,EAAE,cAAc,EAAE,CAAC"}

package/dist/docker/Dockerfile

@@ -0,0 +1,42 @@
+# ── Base ──────────────────────────────────────────────────────────────
+FROM alpine:3.21 AS base
+RUN apk add --no-cache tini curl ca-certificates iptables bash \
+    && addgroup -S sandbox && adduser -S sandbox -G sandbox -h /sandbox
+COPY proxy.sh /usr/local/bin/proxy.sh
+COPY proxy-handler.sh /usr/local/bin/proxy-handler.sh
+RUN chmod +x /usr/local/bin/proxy.sh /usr/local/bin/proxy-handler.sh
+WORKDIR /sandbox
+ENTRYPOINT ["/sbin/tini", "--"]
+
+# ── Python ────────────────────────────────────────────────────────────
+FROM base AS python
+RUN apk add --no-cache python3 py3-pip
+CMD ["python3"]
+
+# ── Node ──────────────────────────────────────────────────────────────
+FROM base AS node
+RUN apk add --no-cache nodejs npm
+CMD ["node"]
+
+# ── Bun ───────────────────────────────────────────────────────────────
+FROM base AS bun
+RUN apk add --no-cache unzip libstdc++ libgcc \
+    && curl -fsSL https://bun.sh/install | bash \
+    && mv /root/.bun/bin/bun /usr/local/bin/bun \
+    && ln -s /usr/local/bin/bun /usr/local/bin/bunx
+CMD ["bun"]
+
+# ── Deno ──────────────────────────────────────────────────────────────
+FROM denoland/deno:alpine AS deno
+RUN apk add --no-cache tini curl ca-certificates iptables bash \
+    && addgroup -S sandbox && adduser -S sandbox -G sandbox -h /sandbox
+COPY proxy.sh /usr/local/bin/proxy.sh
+COPY proxy-handler.sh /usr/local/bin/proxy-handler.sh
+RUN chmod +x /usr/local/bin/proxy.sh /usr/local/bin/proxy-handler.sh
+WORKDIR /sandbox
+ENTRYPOINT ["/sbin/tini", "--"]
+CMD ["deno"]
+
+# ── Bash ──────────────────────────────────────────────────────────────
+FROM base AS bash
+CMD ["bash"]

package/dist/docker/proxy-handler.sh

@@ -0,0 +1,180 @@
+#!/bin/bash
+# isol8 proxy handler — handles a single proxied connection.
+#
+# Invoked by: nc -lk -e proxy-handler.sh
+# stdin/stdout are wired to the client socket by nc.
+#
+# Env vars (inherited from proxy.sh launcher):
+#   ISOL8_WHITELIST_FILE - Path to file with whitelist regex patterns
+#   ISOL8_BLACKLIST_FILE - Path to file with blacklist regex patterns
+#
+# Supports:
+#   - HTTPS CONNECT tunneling (bidirectional relay via exec nc)
+#   - HTTP forwarding (GET/POST/etc via bash /dev/tcp)
+
+WL="${ISOL8_WHITELIST_FILE:-}"
+BL="${ISOL8_BLACKLIST_FILE:-}"
+
+log_network() {
+  local method="$1"
+  local host="$2"
+  local path="$3"
+  local action="$4"
+  local duration_ms="$5"
+
+  if [ -d "/tmp/isol8-proxy" ]; then
+    # Handle path: output proper JSON null if path is "null", otherwise quote it
+    if [ "$path" = "null" ] || [ -z "$path" ]; then
+      printf '{"timestamp":"%s","method":"%s","host":"%s","path":null,"action":"%s","durationMs":%d}\n' \
+        "$(date -Iseconds)" "$method" "$host" "$action" "$duration_ms" >> /tmp/isol8-proxy/network.jsonl
+    else
+      printf '{"timestamp":"%s","method":"%s","host":"%s","path":"%s","action":"%s","durationMs":%d}\n' \
+        "$(date -Iseconds)" "$method" "$host" "$path" "$action" "$duration_ms" >> /tmp/isol8-proxy/network.jsonl
+    fi
+  fi
+}
+
+is_allowed() {
+  local host="$1"
+
+  # Check blacklist first
+  if [ -n "$BL" ] && [ -s "$BL" ]; then
+    if echo "$host" | grep -qEf "$BL" 2>/dev/null; then
+      return 1
+    fi
+  fi
+
+  # If whitelist is empty or missing, allow all
+  if [ -z "$WL" ] || [ ! -s "$WL" ]; then
+    return 0
+  fi
+
+  # Must match at least one whitelist pattern
+  if echo "$host" | grep -qEf "$WL" 2>/dev/null; then
+    return 0
+  fi
+
+  return 1
+}
+
+# Read the request line
+# e.g. "CONNECT host:443 HTTP/1.1" or "GET http://host/path HTTP/1.1"
+read -r request_line || exit 0
+request_line="${request_line%%$'\r'}"
+
+method="${request_line%% *}"
+rest="${request_line#* }"
+target="${rest%% *}"
+
+# Read and store all headers until blank line
+headers=""
+content_length=0
+while IFS= read -r hline; do
+  hline="${hline%%$'\r'}"
+  [ -z "$hline" ] && break
+  headers="${headers}${hline}"$'\n'
+  # Extract Content-Length
+  case "$hline" in
+    [Cc]ontent-[Ll]ength:*)
+      content_length="${hline#*: }"
+      content_length="${content_length// /}"
+      ;;
+  esac
+done
+
+# ── CONNECT (HTTPS tunneling) ──────────────────────────────────────────
+if [ "$method" = "CONNECT" ]; then
+  host="${target%%:*}"
+  port="${target##*:}"
+  [ "$port" = "$host" ] && port=443
+
+  if ! is_allowed "$host"; then
+    msg="isol8: CONNECT to ${host} blocked by network filter"
+    # Log security event
+    if [ -d "/tmp/isol8-proxy" ]; then
+      printf '{"type":"network_blocked","timestamp":"%s","details":{"method":"CONNECT","host":"%s","reason":"filter_mismatch"}}\n' "$(date -Iseconds)" "$host" >> /tmp/isol8-proxy/security-events.jsonl
+    fi
+    # Log network event
+    log_network "CONNECT" "$host" "null" "BLOCK" 0
+    printf "HTTP/1.1 403 Forbidden\r\nContent-Type: text/plain\r\nContent-Length: %d\r\n\r\n%s" \
+      "${#msg}" "$msg"
+    exit 0
+  fi
+
+  # Log allowed CONNECT (duration will be 0 since we can't measure after exec)
+  log_network "CONNECT" "$host" "null" "ALLOW" 0
+
+  # Send 200 then replace this process with nc for bidirectional relay.
+  # nc inherits the client socket on stdin/stdout from the nc -lk -e parent.
+  printf "HTTP/1.1 200 Connection Established\r\n\r\n"
+  exec nc "$host" "$port"
+fi
+
+# ── HTTP forwarding ────────────────────────────────────────────────────
+# Proxy HTTP requests use absolute URLs: GET http://host:port/path HTTP/1.1
+url_rest="${target#*://}"
+hostport="${url_rest%%/*}"
+path="/${url_rest#*/}"
+# Handle URLs with no path component
+[ "$path" = "/${url_rest}" ] && path="/"
+
+host="${hostport%%:*}"
+port="${hostport##*:}"
+[ "$port" = "$host" ] && port=80
+
+if ! is_allowed "$host"; then
+  msg="isol8: request to ${host} blocked by network filter"
+  # Log security event
+  if [ -d "/tmp/isol8-proxy" ]; then
+    printf '{"type":"network_blocked","timestamp":"%s","details":{"method":"%s","host":"%s","reason":"filter_mismatch"}}\n' "$(date -Iseconds)" "$method" "$host" >> /tmp/isol8-proxy/security-events.jsonl
+  fi
+  # Log network event
+  log_network "$method" "$host" "$path" "BLOCK" 0
+  printf "HTTP/1.1 403 Forbidden\r\nContent-Type: text/plain\r\nContent-Length: %d\r\n\r\n%s" \
+    "${#msg}" "$msg"
+  exit 0
+fi
+
+# Record start time for duration measurement
+if [ -d "/tmp/isol8-proxy" ]; then
+  start_time=$(date +%s%3N)
+fi
+
+# Open TCP connection via bash /dev/tcp
+if ! exec 3<>/dev/tcp/"$host"/"$port" 2>/dev/null; then
+  msg="isol8: proxy error: connection to ${host}:${port} failed"
+  printf "HTTP/1.1 502 Bad Gateway\r\nContent-Type: text/plain\r\nContent-Length: %d\r\n\r\n%s" \
+    "${#msg}" "$msg"
+  exit 0
+fi
+
+# Send request line with relative path (not absolute URL)
+printf "%s %s HTTP/1.1\r\n" "$method" "$path" >&3
+
+# Forward headers, skipping Proxy-* headers
+while IFS= read -r h; do
+  [ -z "$h" ] && continue
+  case "$h" in
+    Proxy-*|proxy-*) continue ;;
+  esac
+  printf "%s\r\n" "$h" >&3
+done <<< "$headers"
+printf "\r\n" >&3
+
+# Forward request body if present
+if [ "$content_length" -gt 0 ] 2>/dev/null; then
+  head -c "$content_length" >&3
+fi
+
+# Relay response back to client
+cat <&3
+
+# Calculate duration and log the network event
+if [ -n "$start_time" ] && [ -d "/tmp/isol8-proxy" ]; then
+  end_time=$(date +%s%3N)
+  duration=$((end_time - start_time))
+  log_network "$method" "$host" "$path" "ALLOW" "$duration"
+fi
+
+exec 3>&-
+exit 0

package/dist/docker/proxy.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+# isol8 proxy launcher — parses env vars and starts the proxy listener.
+#
+# Env vars:
+#   ISOL8_WHITELIST  - JSON array of regex strings (allow these)
+#   ISOL8_BLACKLIST  - JSON array of regex strings (block these)
+#   ISOL8_PROXY_PORT - Port to listen on (default: 8118)
+#
+# This script:
+#   1. Parses ISOL8_WHITELIST/BLACKLIST JSON arrays into grep-compatible pattern files
+#   2. Starts nc -lk -e /usr/local/bin/proxy-handler.sh on the specified port
+#
+# The pattern files are stored in /tmp/isol8-proxy/ and exported as env vars
+# so the handler (forked by nc -e) can access them via inherited environment.
+
+PORT="${ISOL8_PROXY_PORT:-8118}"
+PROXY_DIR="/tmp/isol8-proxy"
+mkdir -p "$PROXY_DIR"
+
+# Create log files
+touch "$PROXY_DIR/security-events.jsonl"
+touch "$PROXY_DIR/network.jsonl"
+
+WL_FILE="$PROXY_DIR/whitelist"
+BL_FILE="$PROXY_DIR/blacklist"
+
+# Parse JSON array of regex strings into a file with one ERE pattern per line.
+# Input: JSON like '["^example\\.com$","^api\\."]'
+# Output: file with one grep -E compatible pattern per line
+parse_patterns() {
+  local json="$1" outfile="$2"
+  : > "$outfile"
+  if [ -z "$json" ] || [ "$json" = "[]" ]; then
+    return
+  fi
+  # Strip brackets, split on ","  → one quoted pattern per line
+  # Then strip quotes and unescape doubled backslashes from JSON encoding
+  echo "$json" \
+    | sed 's/^\[//; s/\]$//' \
+    | sed 's/","/"\n"/g' \
+    | sed 's/^"//; s/"$//' \
+    | sed 's/\\\\/\\/g' \
+    > "$outfile"
+}
+
+parse_patterns "${ISOL8_WHITELIST:-}" "$WL_FILE"
+parse_patterns "${ISOL8_BLACKLIST:-}" "$BL_FILE"
+
+# Export paths so the handler (forked by nc -e) can find them
+export ISOL8_WHITELIST_FILE="$WL_FILE"
+export ISOL8_BLACKLIST_FILE="$BL_FILE"
+
+echo "isol8 proxy listening on 127.0.0.1:${PORT}"
+
+# Start listening — nc -lk provides a persistent server that forks
+# a handler for each connection with stdin/stdout wired to the socket
+exec nc -lk -s 127.0.0.1 -p "$PORT" -e /usr/local/bin/proxy-handler.sh

package/dist/docker/seccomp-profile.json

@@ -0,0 +1,67 @@
+{
+  "defaultAction": "SCMP_ACT_ALLOW",
+  "architectures": [
+    "SCMP_ARCH_X86_64",
+    "SCMP_ARCH_X86",
+    "SCMP_ARCH_X32",
+    "SCMP_ARCH_AARCH64"
+  ],
+  "syscalls": [
+    {
+      "names": [
+        "acct",
+        "add_key",
+        "bpf",
+        "clock_adjtime",
+        "clock_settime",
+        "create_module",
+        "delete_module",
+        "finit_module",
+        "get_mempolicy",
+        "init_module",
+        "ioperm",
+        "iopl",
+        "kcmp",
+        "kexec_file_load",
+        "kexec_load",
+        "keyctl",
+        "lookup_dcookie",
+        "mbind",
+        "mount",
+        "move_pages",
+        "name_to_handle_at",
+        "open_by_handle_at",
+        "perf_event_open",
+        "pivot_root",
+        "process_vm_readv",
+        "process_vm_writev",
+        "ptrace",
+        "query_module",
+        "quotactl",
+        "reboot",
+        "request_key",
+        "set_mempolicy",
+        "setns",
+        "settimeofday",
+        "stime",
+        "swapon",
+        "swapoff",
+        "sysfs",
+        "syslog",
+        "umount",
+        "umount2",
+        "unshare",
+        "uselib",
+        "userfaultfd",
+        "ustat",
+        "vm86",
+        "vm86old"
+      ],
+      "action": "SCMP_ACT_ERRNO",
+      "args": [],
+      "comment": "",
+      "includes": {},
+      "excludes": {}
+    }
+  ]
+}

package/dist/engine/audit.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Pluggable audit logger for execution provenance.
+ *
+ * Records ExecutionAudit objects to various destinations based on configuration.
+ * Supports filesystem and stdout logging, with extensibility for cloud services.
+ */
+import type { AuditConfig, ExecutionAudit } from "../types";
+export declare class AuditLogger {
+    private readonly config;
+    private readonly auditFile;
+    constructor(config: AuditConfig);
+    /**
+     * Clean up audit log files older than retentionDays.
+     * Checks both the main executions.log and any rotated/archived logs.
+     */
+    private cleanupOldLogs;
+    /**
+     * Record an audit entry based on the current configuration.
+     */
+    record(audit: ExecutionAudit): void;
+    /**
+     * Run the configured post-log script.
+     * The script receives the audit file path as its first argument.
+     */
+    private runPostLogScript;
+    /**
+     * Apply privacy filtering to audit data based on configuration.
+     */
+    private filterAuditData;
+}
+//# sourceMappingURL=audit.d.ts.map

package/dist/engine/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/engine/audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAG5D,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEvB,MAAM,EAAE,WAAW;IAqB/B;;;OAGG;IACH,OAAO,CAAC,cAAc;IAwCtB;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,cAAc,GAAG,IAAI;IAoCnC;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAuBxB;;OAEG;IACH,OAAO,CAAC,eAAe;CAuCxB"}

package/dist/engine/code-fetcher.d.ts

@@ -0,0 +1,21 @@
+import type { RemoteCodePolicy } from "../types";
+export interface FetchCodeRequest {
+    codeUrl: string;
+    codeHash?: string;
+    allowInsecureCodeUrl?: boolean;
+}
+export interface FetchCodeResult {
+    code: string;
+    url: string;
+    hash: string;
+}
+interface CodeFetcherDeps {
+    fetchFn?: (input: string, init?: RequestInit) => Promise<Response>;
+    lookupFn?: (hostname: string) => Promise<Array<{
+        address: string;
+        family: number;
+    }>>;
+}
+export declare function fetchRemoteCode(request: FetchCodeRequest, policy: RemoteCodePolicy, deps?: CodeFetcherDeps): Promise<FetchCodeResult>;
+export {};
+//# sourceMappingURL=code-fetcher.d.ts.map

package/dist/engine/code-fetcher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"code-fetcher.d.ts","sourceRoot":"","sources":["../../src/engine/code-fetcher.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAEjD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;CACd;AAED,UAAU,eAAe;IACvB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnE,QAAQ,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC,CAAC;CACtF;AA2GD,wBAAsB,eAAe,CACnC,OAAO,EAAE,gBAAgB,EACzB,MAAM,EAAE,gBAAgB,EACxB,IAAI,GAAE,eAAoB,GACzB,OAAO,CAAC,eAAe,CAAC,CAkH1B"}

package/dist/engine/concurrency.d.ts

@@ -0,0 +1,46 @@
+/**
+ * @module engine/concurrency
+ *
+ * Async semaphore for limiting the number of concurrent container executions.
+ * Used by {@link DockerIsol8} to prevent resource exhaustion.
+ */
+/**
+ * A counting semaphore for limiting concurrent async operations.
+ *
+ * @example
+ * ```typescript
+ * const sem = new Semaphore(3); // allow 3 concurrent operations
+ *
+ * await sem.acquire();
+ * try {
+ *   await doWork();
+ * } finally {
+ *   sem.release();
+ * }
+ * ```
+ */
+export declare class Semaphore {
+    private readonly max;
+    private current;
+    private readonly queue;
+    /**
+     * @param max - Maximum number of concurrent acquisitions. Must be ≥ 1.
+     * @throws {Error} If `max` is less than 1.
+     */
+    constructor(max: number);
+    /** The number of permits currently available. */
+    get available(): number;
+    /** The number of callers waiting to acquire a permit. */
+    get pending(): number;
+    /**
+     * Acquire a permit. Resolves immediately if one is available,
+     * otherwise queues the caller until a permit is released.
+     */
+    acquire(): Promise<void>;
+    /**
+     * Release a permit. If callers are queued, the next one is resolved.
+     * Must be called exactly once for each successful `acquire()`.
+     */
+    release(): void;
+}
+//# sourceMappingURL=concurrency.d.ts.map

package/dist/engine/concurrency.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"concurrency.d.ts","sourceRoot":"","sources":["../../src/engine/concurrency.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;;;;;;;GAcG;AACH,qBAAa,SAAS;IAQR,OAAO,CAAC,QAAQ,CAAC,GAAG;IAPhC,OAAO,CAAC,OAAO,CAAK;IACpB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAsB;IAE5C;;;OAGG;gBAC0B,GAAG,EAAE,MAAM;IAMxC,iDAAiD;IACjD,IAAI,SAAS,IAAI,MAAM,CAEtB;IAED,yDAAyD;IACzD,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED;;;OAGG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAW9B;;;OAGG;IACH,OAAO,IAAI,IAAI;CAQhB"}

package/dist/engine/default-seccomp-profile.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Embedded default seccomp profile.
+ *
+ * This keeps strict seccomp available in standalone compiled binaries where
+ * docker/seccomp-profile.json may not be present on disk.
+ */
+export declare const EMBEDDED_DEFAULT_SECCOMP_PROFILE: string;
+//# sourceMappingURL=default-seccomp-profile.d.ts.map

package/dist/engine/default-seccomp-profile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"default-seccomp-profile.d.ts","sourceRoot":"","sources":["../../src/engine/default-seccomp-profile.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,eAAO,MAAM,gCAAgC,QA6D3C,CAAC"}