@isol8/core 0.13.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. package/README.md +39 -0
  2. package/dist/client/remote.d.ts +64 -0
  3. package/dist/client/remote.d.ts.map +1 -0
  4. package/dist/config.d.ts +36 -0
  5. package/dist/config.d.ts.map +1 -0
  6. package/dist/docker/Dockerfile +42 -0
  7. package/dist/docker/proxy-handler.sh +180 -0
  8. package/dist/docker/proxy.sh +57 -0
  9. package/dist/docker/seccomp-profile.json +67 -0
  10. package/dist/engine/audit.d.ts +31 -0
  11. package/dist/engine/audit.d.ts.map +1 -0
  12. package/dist/engine/code-fetcher.d.ts +21 -0
  13. package/dist/engine/code-fetcher.d.ts.map +1 -0
  14. package/dist/engine/concurrency.d.ts +46 -0
  15. package/dist/engine/concurrency.d.ts.map +1 -0
  16. package/dist/engine/default-seccomp-profile.d.ts +8 -0
  17. package/dist/engine/default-seccomp-profile.d.ts.map +1 -0
  18. package/dist/engine/docker.d.ts +167 -0
  19. package/dist/engine/docker.d.ts.map +1 -0
  20. package/dist/engine/image-builder.d.ts +71 -0
  21. package/dist/engine/image-builder.d.ts.map +1 -0
  22. package/dist/engine/pool.d.ts +94 -0
  23. package/dist/engine/pool.d.ts.map +1 -0
  24. package/dist/engine/stats.d.ts +35 -0
  25. package/dist/engine/stats.d.ts.map +1 -0
  26. package/dist/engine/utils.d.ts +71 -0
  27. package/dist/engine/utils.d.ts.map +1 -0
  28. package/dist/index.d.ts +19 -0
  29. package/dist/index.d.ts.map +1 -0
  30. package/dist/index.js +2777 -0
  31. package/dist/index.js.map +30 -0
  32. package/dist/runtime/adapter.d.ts +63 -0
  33. package/dist/runtime/adapter.d.ts.map +1 -0
  34. package/dist/runtime/adapters/bash.d.ts +3 -0
  35. package/dist/runtime/adapters/bash.d.ts.map +1 -0
  36. package/dist/runtime/adapters/bun.d.ts +4 -0
  37. package/dist/runtime/adapters/bun.d.ts.map +1 -0
  38. package/dist/runtime/adapters/deno.d.ts +10 -0
  39. package/dist/runtime/adapters/deno.d.ts.map +1 -0
  40. package/dist/runtime/adapters/node.d.ts +4 -0
  41. package/dist/runtime/adapters/node.d.ts.map +1 -0
  42. package/dist/runtime/adapters/python.d.ts +4 -0
  43. package/dist/runtime/adapters/python.d.ts.map +1 -0
  44. package/dist/runtime/index.d.ts +15 -0
  45. package/dist/runtime/index.d.ts.map +1 -0
  46. package/dist/types.d.ts +532 -0
  47. package/dist/types.d.ts.map +1 -0
  48. package/dist/utils/logger.d.ts +32 -0
  49. package/dist/utils/logger.d.ts.map +1 -0
  50. package/dist/version.d.ts +15 -0
  51. package/dist/version.d.ts.map +1 -0
  52. package/docker/Dockerfile +42 -0
  53. package/docker/proxy-handler.sh +180 -0
  54. package/docker/proxy.sh +57 -0
  55. package/docker/seccomp-profile.json +67 -0
  56. package/package.json +48 -0
  57. package/schema/isol8.config.schema.json +315 -0
package/schema/isol8.config.schema.json ADDED
@@ -0,0 +1,315 @@
1
+ {
2
+ "$ref": "#/definitions/Isol8UserConfig",
3
+ "$schema": "http://json-schema.org/draft-07/schema#",
4
+ "definitions": {
5
+ "Isol8Dependencies": {
6
+ "additionalProperties": false,
7
+ "description": "Runtime-specific packages to bake into custom Docker images. Populated via `isol8.config.json` or CLI flags on `isol8 setup`.",
8
+ "properties": {
9
+ "bash": {
10
+ "description": "Bash packages to install via apk (Alpine).",
11
+ "items": {
12
+ "type": "string"
13
+ },
14
+ "type": "array"
15
+ },
16
+ "bun": {
17
+ "description": "Bun packages to install globally.",
18
+ "items": {
19
+ "type": "string"
20
+ },
21
+ "type": "array"
22
+ },
23
+ "deno": {
24
+ "description": "Deno module URLs to pre-cache.",
25
+ "items": {
26
+ "type": "string"
27
+ },
28
+ "type": "array"
29
+ },
30
+ "node": {
31
+ "description": "Node.js packages to install globally via npm.",
32
+ "items": {
33
+ "type": "string"
34
+ },
35
+ "type": "array"
36
+ },
37
+ "python": {
38
+ "description": "Python packages to install via pip.",
39
+ "items": {
40
+ "type": "string"
41
+ },
42
+ "type": "array"
43
+ }
44
+ },
45
+ "type": "object"
46
+ },
47
+ "Isol8UserConfig": {
48
+ "additionalProperties": false,
49
+ "description": "User configuration file schema (partial/optional version of Isol8Config). Used for generating the JSON Schema.",
50
+ "properties": {
51
+ "$schema": {
52
+ "description": "JSON Schema URI for editor validation/completion.",
53
+ "type": "string"
54
+ },
55
+ "audit": {
56
+ "additionalProperties": false,
57
+ "description": "Audit logging configuration.",
58
+ "properties": {
59
+ "destination": {
60
+ "default": "filesystem",
61
+ "description": "Destination for audit logs (filesystem, stdout)",
62
+ "type": "string"
63
+ },
64
+ "enabled": {
65
+ "default": false,
66
+ "description": "Enable audit logging.",
67
+ "type": "boolean"
68
+ },
69
+ "includeCode": {
70
+ "default": false,
71
+ "description": "Whether to include the source code in audit logs",
72
+ "type": "boolean"
73
+ },
74
+ "includeOutput": {
75
+ "default": false,
76
+ "description": "Whether to include output (stdout/stderr) in audit logs",
77
+ "type": "boolean"
78
+ },
79
+ "logDir": {
80
+ "default": "undefined (uses ./.isol8_audit)",
81
+ "description": "Custom directory for audit log files",
82
+ "type": "string"
83
+ },
84
+ "postLogScript": {
85
+ "default": "undefined",
86
+ "description": "Script to run after each log entry (receives file path as argument)",
87
+ "type": "string"
88
+ },
89
+ "retentionDays": {
90
+ "default": 90,
91
+ "description": "Retention period for audit logs in days",
92
+ "type": "number"
93
+ },
94
+ "trackResources": {
95
+ "default": true,
96
+ "description": "Track resource usage (CPU, memory, network)",
97
+ "type": "boolean"
98
+ }
99
+ },
100
+ "type": "object"
101
+ },
102
+ "cleanup": {
103
+ "additionalProperties": false,
104
+ "description": "Container cleanup and lifecycle settings. (Partial override allowed).",
105
+ "properties": {
106
+ "autoPrune": {
107
+ "default": true,
108
+ "description": "Automatically prune idle persistent containers.",
109
+ "type": "boolean"
110
+ },
111
+ "maxContainerAgeMs": {
112
+ "default": 3600000,
113
+ "description": "Maximum idle time (ms) before pruning. One hour = 3600000.",
114
+ "type": "number"
115
+ }
116
+ },
117
+ "type": "object"
118
+ },
119
+ "debug": {
120
+ "default": false,
121
+ "description": "Enable debug logging.",
122
+ "type": "boolean"
123
+ },
124
+ "defaults": {
125
+ "additionalProperties": false,
126
+ "description": "Default execution settings applied to all runs. (Partial override allowed).",
127
+ "properties": {
128
+ "cpuLimit": {
129
+ "default": 1,
130
+ "description": "Default CPU limit (1.0 = one full core).",
131
+ "type": "number"
132
+ },
133
+ "memoryLimit": {
134
+ "default": "512m",
135
+ "description": "Default memory limit.",
136
+ "type": "string"
137
+ },
138
+ "network": {
139
+ "$ref": "#/definitions/NetworkMode",
140
+ "default": "none",
141
+ "description": "Default network mode."
142
+ },
143
+ "readonlyRootFs": {
144
+ "default": true,
145
+ "description": "Whether the root filesystem should be read-only.",
146
+ "type": "boolean"
147
+ },
148
+ "sandboxSize": {
149
+ "default": "512m",
150
+ "description": "Default size of the `/sandbox` tmpfs mount.",
151
+ "type": "string"
152
+ },
153
+ "timeoutMs": {
154
+ "default": 30000,
155
+ "description": "Default timeout in milliseconds.",
156
+ "type": "number"
157
+ },
158
+ "tmpSize": {
159
+ "default": "256m",
160
+ "description": "Default size of the `/tmp` tmpfs mount.",
161
+ "type": "string"
162
+ }
163
+ },
164
+ "type": "object"
165
+ },
166
+ "dependencies": {
167
+ "$ref": "#/definitions/Isol8Dependencies",
168
+ "description": "Runtime-specific packages to bake into custom Docker images."
169
+ },
170
+ "maxConcurrent": {
171
+ "default": 10,
172
+ "description": "Maximum number of containers that can run concurrently.",
173
+ "type": "number"
174
+ },
175
+ "network": {
176
+ "additionalProperties": false,
177
+ "description": "Global network filtering rules for `\"filtered\"` mode.",
178
+ "properties": {
179
+ "blacklist": {
180
+ "description": "Regex patterns for blocked hostnames. Matching hosts are always denied, even if whitelisted.",
181
+ "items": {
182
+ "type": "string"
183
+ },
184
+ "type": "array"
185
+ },
186
+ "whitelist": {
187
+ "description": "Regex patterns for allowed hostnames. If non-empty, only matching hosts are allowed.",
188
+ "items": {
189
+ "type": "string"
190
+ },
191
+ "type": "array"
192
+ }
193
+ },
194
+ "type": "object"
195
+ },
196
+ "poolSize": {
197
+ "anyOf": [
198
+ {
199
+ "type": "number"
200
+ },
201
+ {
202
+ "additionalProperties": false,
203
+ "properties": {
204
+ "clean": {
205
+ "type": "number"
206
+ },
207
+ "dirty": {
208
+ "type": "number"
209
+ }
210
+ },
211
+ "required": ["clean", "dirty"],
212
+ "type": "object"
213
+ }
214
+ ],
215
+ "default": {
216
+ "clean": 1,
217
+ "dirty": 1
218
+ },
219
+ "description": "Default ephemeral pool size used by `isol8 serve`."
220
+ },
221
+ "poolStrategy": {
222
+ "default": "fast",
223
+ "description": "Default ephemeral pool strategy used by `isol8 serve`.",
224
+ "enum": ["secure", "fast"],
225
+ "type": "string"
226
+ },
227
+ "remoteCode": {
228
+ "additionalProperties": false,
229
+ "description": "Remote code fetching policy. (Partial override allowed).",
230
+ "properties": {
231
+ "allowedHosts": {
232
+ "description": "Allowed hostname regex patterns. Empty means allow all (subject to blocklist).",
233
+ "items": {
234
+ "type": "string"
235
+ },
236
+ "type": "array"
237
+ },
238
+ "allowedSchemes": {
239
+ "default": ["https"],
240
+ "description": "Allowed URL schemes.",
241
+ "items": {
242
+ "type": "string"
243
+ },
244
+ "type": "array"
245
+ },
246
+ "blockedHosts": {
247
+ "description": "Blocked hostname regex patterns.",
248
+ "items": {
249
+ "type": "string"
250
+ },
251
+ "type": "array"
252
+ },
253
+ "cacheTtl": {
254
+ "default": 3600,
255
+ "description": "Cache TTL in seconds for future use.",
256
+ "type": "number"
257
+ },
258
+ "enableCache": {
259
+ "default": true,
260
+ "description": "Cache support toggle for future use.",
261
+ "type": "boolean"
262
+ },
263
+ "enabled": {
264
+ "default": false,
265
+ "description": "Enable URL-based source fetching.",
266
+ "type": "boolean"
267
+ },
268
+ "fetchTimeoutMs": {
269
+ "default": 30000,
270
+ "description": "Fetch timeout in milliseconds.",
271
+ "type": "number"
272
+ },
273
+ "maxCodeSize": {
274
+ "default": "10485760 (10MB)",
275
+ "description": "Max fetched source size in bytes.",
276
+ "type": "number"
277
+ },
278
+ "requireHash": {
279
+ "default": false,
280
+ "description": "Require `ExecutionRequest.codeHash` for URL-based execution.",
281
+ "type": "boolean"
282
+ }
283
+ },
284
+ "type": "object"
285
+ },
286
+ "security": {
287
+ "$ref": "#/definitions/SecurityConfig",
288
+ "description": "Security settings."
289
+ }
290
+ },
291
+ "type": "object"
292
+ },
293
+ "NetworkMode": {
294
+ "description": "Network access mode for isol8 containers.\n\n- `\"none\"` — All network access blocked (default, most secure).\n- `\"host\"` — Full host network access (use with caution).\n- `\"filtered\"` — HTTP/HTTPS traffic routed through a proxy that enforces whitelist/blacklist regex rules on hostnames.",
295
+ "enum": ["none", "host", "filtered"],
296
+ "type": "string"
297
+ },
298
+ "SecurityConfig": {
299
+ "additionalProperties": false,
300
+ "description": "Security configuration for the execution environment.",
301
+ "properties": {
302
+ "customProfilePath": {
303
+ "description": "Path to a custom seccomp profile JSON file. Required if seccomp is \"custom\".",
304
+ "type": "string"
305
+ },
306
+ "seccomp": {
307
+ "description": "Seccomp profile mode.\n- \"strict\": Use the default strict profile (default).\n- \"unconfined\": Do not apply any seccomp profile.\n- \"custom\": Use the profile at `customProfilePath`.",
308
+ "enum": ["strict", "unconfined", "custom"],
309
+ "type": "string"
310
+ }
311
+ },
312
+ "type": "object"
313
+ }
314
+ }
315
+ }