@isol8/core 0.13.0-alpha.0

package/docker/Dockerfile

@@ -0,0 +1,42 @@
+# ── Base ──────────────────────────────────────────────────────────────
+FROM alpine:3.21 AS base
+RUN apk add --no-cache tini curl ca-certificates iptables bash \
+    && addgroup -S sandbox && adduser -S sandbox -G sandbox -h /sandbox
+COPY proxy.sh /usr/local/bin/proxy.sh
+COPY proxy-handler.sh /usr/local/bin/proxy-handler.sh
+RUN chmod +x /usr/local/bin/proxy.sh /usr/local/bin/proxy-handler.sh
+WORKDIR /sandbox
+ENTRYPOINT ["/sbin/tini", "--"]
+
+# ── Python ────────────────────────────────────────────────────────────
+FROM base AS python
+RUN apk add --no-cache python3 py3-pip
+CMD ["python3"]
+
+# ── Node ──────────────────────────────────────────────────────────────
+FROM base AS node
+RUN apk add --no-cache nodejs npm
+CMD ["node"]
+
+# ── Bun ───────────────────────────────────────────────────────────────
+FROM base AS bun
+RUN apk add --no-cache unzip libstdc++ libgcc \
+    && curl -fsSL https://bun.sh/install | bash \
+    && mv /root/.bun/bin/bun /usr/local/bin/bun \
+    && ln -s /usr/local/bin/bun /usr/local/bin/bunx
+CMD ["bun"]
+
+# ── Deno ──────────────────────────────────────────────────────────────
+FROM denoland/deno:alpine AS deno
+RUN apk add --no-cache tini curl ca-certificates iptables bash \
+    && addgroup -S sandbox && adduser -S sandbox -G sandbox -h /sandbox
+COPY proxy.sh /usr/local/bin/proxy.sh
+COPY proxy-handler.sh /usr/local/bin/proxy-handler.sh
+RUN chmod +x /usr/local/bin/proxy.sh /usr/local/bin/proxy-handler.sh
+WORKDIR /sandbox
+ENTRYPOINT ["/sbin/tini", "--"]
+CMD ["deno"]
+
+# ── Bash ──────────────────────────────────────────────────────────────
+FROM base AS bash
+CMD ["bash"]

package/docker/proxy-handler.sh

@@ -0,0 +1,180 @@
+#!/bin/bash
+# isol8 proxy handler — handles a single proxied connection.
+#
+# Invoked by: nc -lk -e proxy-handler.sh
+# stdin/stdout are wired to the client socket by nc.
+#
+# Env vars (inherited from proxy.sh launcher):
+#   ISOL8_WHITELIST_FILE - Path to file with whitelist regex patterns
+#   ISOL8_BLACKLIST_FILE - Path to file with blacklist regex patterns
+#
+# Supports:
+#   - HTTPS CONNECT tunneling (bidirectional relay via exec nc)
+#   - HTTP forwarding (GET/POST/etc via bash /dev/tcp)
+
+WL="${ISOL8_WHITELIST_FILE:-}"
+BL="${ISOL8_BLACKLIST_FILE:-}"
+
+log_network() {
+  local method="$1"
+  local host="$2"
+  local path="$3"
+  local action="$4"
+  local duration_ms="$5"
+
+  if [ -d "/tmp/isol8-proxy" ]; then
+    # Handle path: output proper JSON null if path is "null", otherwise quote it
+    if [ "$path" = "null" ] || [ -z "$path" ]; then
+      printf '{"timestamp":"%s","method":"%s","host":"%s","path":null,"action":"%s","durationMs":%d}\n' \
+        "$(date -Iseconds)" "$method" "$host" "$action" "$duration_ms" >> /tmp/isol8-proxy/network.jsonl
+    else
+      printf '{"timestamp":"%s","method":"%s","host":"%s","path":"%s","action":"%s","durationMs":%d}\n' \
+        "$(date -Iseconds)" "$method" "$host" "$path" "$action" "$duration_ms" >> /tmp/isol8-proxy/network.jsonl
+    fi
+  fi
+}
+
+is_allowed() {
+  local host="$1"
+
+  # Check blacklist first
+  if [ -n "$BL" ] && [ -s "$BL" ]; then
+    if echo "$host" | grep -qEf "$BL" 2>/dev/null; then
+      return 1
+    fi
+  fi
+
+  # If whitelist is empty or missing, allow all
+  if [ -z "$WL" ] || [ ! -s "$WL" ]; then
+    return 0
+  fi
+
+  # Must match at least one whitelist pattern
+  if echo "$host" | grep -qEf "$WL" 2>/dev/null; then
+    return 0
+  fi
+
+  return 1
+}
+
+# Read the request line
+# e.g. "CONNECT host:443 HTTP/1.1" or "GET http://host/path HTTP/1.1"
+read -r request_line || exit 0
+request_line="${request_line%%$'\r'}"
+
+method="${request_line%% *}"
+rest="${request_line#* }"
+target="${rest%% *}"
+
+# Read and store all headers until blank line
+headers=""
+content_length=0
+while IFS= read -r hline; do
+  hline="${hline%%$'\r'}"
+  [ -z "$hline" ] && break
+  headers="${headers}${hline}"$'\n'
+  # Extract Content-Length
+  case "$hline" in
+    [Cc]ontent-[Ll]ength:*)
+      content_length="${hline#*: }"
+      content_length="${content_length// /}"
+      ;;
+  esac
+done
+
+# ── CONNECT (HTTPS tunneling) ──────────────────────────────────────────
+if [ "$method" = "CONNECT" ]; then
+  host="${target%%:*}"
+  port="${target##*:}"
+  [ "$port" = "$host" ] && port=443
+
+  if ! is_allowed "$host"; then
+    msg="isol8: CONNECT to ${host} blocked by network filter"
+    # Log security event
+    if [ -d "/tmp/isol8-proxy" ]; then
+      printf '{"type":"network_blocked","timestamp":"%s","details":{"method":"CONNECT","host":"%s","reason":"filter_mismatch"}}\n' "$(date -Iseconds)" "$host" >> /tmp/isol8-proxy/security-events.jsonl
+    fi
+    # Log network event
+    log_network "CONNECT" "$host" "null" "BLOCK" 0
+    printf "HTTP/1.1 403 Forbidden\r\nContent-Type: text/plain\r\nContent-Length: %d\r\n\r\n%s" \
+      "${#msg}" "$msg"
+    exit 0
+  fi
+
+  # Log allowed CONNECT (duration will be 0 since we can't measure after exec)
+  log_network "CONNECT" "$host" "null" "ALLOW" 0
+
+  # Send 200 then replace this process with nc for bidirectional relay.
+  # nc inherits the client socket on stdin/stdout from the nc -lk -e parent.
+  printf "HTTP/1.1 200 Connection Established\r\n\r\n"
+  exec nc "$host" "$port"
+fi
+
+# ── HTTP forwarding ────────────────────────────────────────────────────
+# Proxy HTTP requests use absolute URLs: GET http://host:port/path HTTP/1.1
+url_rest="${target#*://}"
+hostport="${url_rest%%/*}"
+path="/${url_rest#*/}"
+# Handle URLs with no path component
+[ "$path" = "/${url_rest}" ] && path="/"
+
+host="${hostport%%:*}"
+port="${hostport##*:}"
+[ "$port" = "$host" ] && port=80
+
+if ! is_allowed "$host"; then
+  msg="isol8: request to ${host} blocked by network filter"
+  # Log security event
+  if [ -d "/tmp/isol8-proxy" ]; then
+    printf '{"type":"network_blocked","timestamp":"%s","details":{"method":"%s","host":"%s","reason":"filter_mismatch"}}\n' "$(date -Iseconds)" "$method" "$host" >> /tmp/isol8-proxy/security-events.jsonl
+  fi
+  # Log network event
+  log_network "$method" "$host" "$path" "BLOCK" 0
+  printf "HTTP/1.1 403 Forbidden\r\nContent-Type: text/plain\r\nContent-Length: %d\r\n\r\n%s" \
+    "${#msg}" "$msg"
+  exit 0
+fi
+
+# Record start time for duration measurement
+if [ -d "/tmp/isol8-proxy" ]; then
+  start_time=$(date +%s%3N)
+fi
+
+# Open TCP connection via bash /dev/tcp
+if ! exec 3<>/dev/tcp/"$host"/"$port" 2>/dev/null; then
+  msg="isol8: proxy error: connection to ${host}:${port} failed"
+  printf "HTTP/1.1 502 Bad Gateway\r\nContent-Type: text/plain\r\nContent-Length: %d\r\n\r\n%s" \
+    "${#msg}" "$msg"
+  exit 0
+fi
+
+# Send request line with relative path (not absolute URL)
+printf "%s %s HTTP/1.1\r\n" "$method" "$path" >&3
+
+# Forward headers, skipping Proxy-* headers
+while IFS= read -r h; do
+  [ -z "$h" ] && continue
+  case "$h" in
+    Proxy-*|proxy-*) continue ;;
+  esac
+  printf "%s\r\n" "$h" >&3
+done <<< "$headers"
+printf "\r\n" >&3
+
+# Forward request body if present
+if [ "$content_length" -gt 0 ] 2>/dev/null; then
+  head -c "$content_length" >&3
+fi
+
+# Relay response back to client
+cat <&3
+
+# Calculate duration and log the network event
+if [ -n "$start_time" ] && [ -d "/tmp/isol8-proxy" ]; then
+  end_time=$(date +%s%3N)
+  duration=$((end_time - start_time))
+  log_network "$method" "$host" "$path" "ALLOW" "$duration"
+fi
+
+exec 3>&-
+exit 0

package/docker/proxy.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+# isol8 proxy launcher — parses env vars and starts the proxy listener.
+#
+# Env vars:
+#   ISOL8_WHITELIST  - JSON array of regex strings (allow these)
+#   ISOL8_BLACKLIST  - JSON array of regex strings (block these)
+#   ISOL8_PROXY_PORT - Port to listen on (default: 8118)
+#
+# This script:
+#   1. Parses ISOL8_WHITELIST/BLACKLIST JSON arrays into grep-compatible pattern files
+#   2. Starts nc -lk -e /usr/local/bin/proxy-handler.sh on the specified port
+#
+# The pattern files are stored in /tmp/isol8-proxy/ and exported as env vars
+# so the handler (forked by nc -e) can access them via inherited environment.
+
+PORT="${ISOL8_PROXY_PORT:-8118}"
+PROXY_DIR="/tmp/isol8-proxy"
+mkdir -p "$PROXY_DIR"
+
+# Create log files
+touch "$PROXY_DIR/security-events.jsonl"
+touch "$PROXY_DIR/network.jsonl"
+
+WL_FILE="$PROXY_DIR/whitelist"
+BL_FILE="$PROXY_DIR/blacklist"
+
+# Parse JSON array of regex strings into a file with one ERE pattern per line.
+# Input: JSON like '["^example\\.com$","^api\\."]'
+# Output: file with one grep -E compatible pattern per line
+parse_patterns() {
+  local json="$1" outfile="$2"
+  : > "$outfile"
+  if [ -z "$json" ] || [ "$json" = "[]" ]; then
+    return
+  fi
+  # Strip brackets, split on ","  → one quoted pattern per line
+  # Then strip quotes and unescape doubled backslashes from JSON encoding
+  echo "$json" \
+    | sed 's/^\[//; s/\]$//' \
+    | sed 's/","/"\n"/g' \
+    | sed 's/^"//; s/"$//' \
+    | sed 's/\\\\/\\/g' \
+    > "$outfile"
+}
+
+parse_patterns "${ISOL8_WHITELIST:-}" "$WL_FILE"
+parse_patterns "${ISOL8_BLACKLIST:-}" "$BL_FILE"
+
+# Export paths so the handler (forked by nc -e) can find them
+export ISOL8_WHITELIST_FILE="$WL_FILE"
+export ISOL8_BLACKLIST_FILE="$BL_FILE"
+
+echo "isol8 proxy listening on 127.0.0.1:${PORT}"
+
+# Start listening — nc -lk provides a persistent server that forks
+# a handler for each connection with stdin/stdout wired to the socket
+exec nc -lk -s 127.0.0.1 -p "$PORT" -e /usr/local/bin/proxy-handler.sh

package/docker/seccomp-profile.json

@@ -0,0 +1,67 @@
+{
+  "defaultAction": "SCMP_ACT_ALLOW",
+  "architectures": [
+    "SCMP_ARCH_X86_64",
+    "SCMP_ARCH_X86",
+    "SCMP_ARCH_X32",
+    "SCMP_ARCH_AARCH64"
+  ],
+  "syscalls": [
+    {
+      "names": [
+        "acct",
+        "add_key",
+        "bpf",
+        "clock_adjtime",
+        "clock_settime",
+        "create_module",
+        "delete_module",
+        "finit_module",
+        "get_mempolicy",
+        "init_module",
+        "ioperm",
+        "iopl",
+        "kcmp",
+        "kexec_file_load",
+        "kexec_load",
+        "keyctl",
+        "lookup_dcookie",
+        "mbind",
+        "mount",
+        "move_pages",
+        "name_to_handle_at",
+        "open_by_handle_at",
+        "perf_event_open",
+        "pivot_root",
+        "process_vm_readv",
+        "process_vm_writev",
+        "ptrace",
+        "query_module",
+        "quotactl",
+        "reboot",
+        "request_key",
+        "set_mempolicy",
+        "setns",
+        "settimeofday",
+        "stime",
+        "swapon",
+        "swapoff",
+        "sysfs",
+        "syslog",
+        "umount",
+        "umount2",
+        "unshare",
+        "uselib",
+        "userfaultfd",
+        "ustat",
+        "vm86",
+        "vm86old"
+      ],
+      "action": "SCMP_ACT_ERRNO",
+      "args": [],
+      "comment": "",
+      "includes": {},
+      "excludes": {}
+    }
+  ]
+}

package/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "@isol8/core",
+  "version": "0.13.0-alpha.0",
+  "description": "Core engine for isol8 secure code execution",
+  "author": "Illusion47586",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./schema": "./schema/isol8.config.schema.json"
+  },
+  "scripts": {
+    "build": "bun run scripts/build.ts",
+    "test": "bun test tests/unit/",
+    "test:prod": "echo 'No production tests in core package'",
+    "lint:check": "ultracite check",
+    "lint:fix": "ultracite fix",
+    "schema": "ts-json-schema-generator --path src/types.ts --type Isol8UserConfig --tsconfig tsconfig.json -o schema/isol8.config.schema.json && ultracite fix schema/isol8.config.schema.json"
+  },
+  "dependencies": {
+    "dockerode": "^4.0.9",
+    "hono": "^4.11.9"
+  },
+  "devDependencies": {
+    "@types/bun": "latest",
+    "@types/dockerode": "^4.0.1",
+    "@types/node": "^25.2.3",
+    "ts-json-schema-generator": "^2.5.0",
+    "typescript": "^5.9.3",
+    "ultracite": "^7.2.0"
+  },
+  "files": [
+    "dist",
+    "schema",
+    "docker"
+  ],
+  "jsonValidation": [
+    {
+      "fileMatch": "isol8.config.json",
+      "url": "./schema/isol8.config.schema.json"
+    }
+  ]
+}