@isol8/core 0.14.7 → 0.16.0

package/dist/index.js

@@ -1,12 +1,16 @@
 import { createRequire } from "node:module";
 var __defProp = Object.defineProperty;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, {
       get: all[name],
       enumerable: true,
       configurable: true,
-      set: (newValue) => all[name] = () => newValue
+      set: __exportSetter.bind(all, name)
     });
 };
 var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
@@ -571,6 +575,7 @@ class RemoteIsol8 {
   apiKey;
   sessionId;
   isol8Options;
+  wsAvailable = null;
   constructor(options, isol8Options) {
     this.host = options.host.replace(/\/$/, "");
     this.apiKey = options.apiKey;
@@ -604,6 +609,97 @@ class RemoteIsol8 {
     return res.json();
   }
   async* executeStream(req) {
+    if (this.wsAvailable !== false) {
+      try {
+        yield* this.executeStreamWs(req);
+        return;
+      } catch (err) {
+        if (this.wsAvailable === null) {
+          this.wsAvailable = false;
+        } else {
+          throw err;
+        }
+      }
+    }
+    yield* this.executeStreamSse(req);
+  }
+  async* executeStreamWs(req) {
+    const wsUrl = `${this.host.replace(/^http/, "ws")}/execute/ws`;
+    const events = [];
+    let resolve = null;
+    let done = false;
+    let wsError = null;
+    const ws = new WebSocket(wsUrl, {
+      headers: {
+        Authorization: `Bearer ${this.apiKey}`
+      }
+    });
+    const waitForEvent = () => new Promise((r) => {
+      if (events.length > 0 || done) {
+        r();
+      } else {
+        resolve = r;
+      }
+    });
+    ws.onopen = () => {
+      this.wsAvailable = true;
+      const msg = {
+        type: "execute",
+        request: req,
+        ...this.isol8Options ? { options: this.isol8Options } : {}
+      };
+      ws.send(JSON.stringify(msg));
+    };
+    ws.onmessage = (evt) => {
+      try {
+        const event = JSON.parse(typeof evt.data === "string" ? evt.data : String(evt.data));
+        events.push(event);
+        if (resolve) {
+          const r = resolve;
+          resolve = null;
+          r();
+        }
+      } catch {}
+    };
+    ws.onerror = () => {
+      if (!done) {
+        wsError = new Error("WebSocket connection failed");
+        done = true;
+        if (resolve) {
+          const r = resolve;
+          resolve = null;
+          r();
+        }
+      }
+    };
+    ws.onclose = () => {
+      done = true;
+      if (resolve) {
+        const r = resolve;
+        resolve = null;
+        r();
+      }
+    };
+    try {
+      while (true) {
+        await waitForEvent();
+        if (wsError) {
+          throw wsError;
+        }
+        while (events.length > 0) {
+          yield events.shift();
+        }
+        if (done) {
+          break;
+        }
+      }
+    } finally {
+      if (ws.readyState === WebSocket.OPEN || ws.readyState === WebSocket.CONNECTING) {
+        ws.close();
+      }
+    }
+  }
+  async* executeStreamSse(req) {
     const res = await this.fetch("/execute/stream", {
       method: "POST",
       body: JSON.stringify({
@@ -752,6 +848,11 @@ var DEFAULT_CONFIG = {
     includeCode: false,
     includeOutput: false
   },
+  auth: {
+    enabled: false,
+    defaultTtlMs: 86400000,
+    cleanupIntervalMs: 3600000
+  },
   debug: false
 };
 function loadConfig(cwd) {
@@ -805,6 +906,10 @@ function mergeConfig(defaults, overrides) {
       ...defaults.audit,
       ...overrides.audit
     },
+    auth: {
+      ...defaults.auth,
+      ...overrides.auth
+    },
     debug: overrides.debug ?? defaults.debug
   };
 }
@@ -848,7 +953,6 @@ init_runtime();
 init_logger();
 import { randomUUID } from "node:crypto";
 import { existsSync as existsSync4, readFileSync as readFileSync3 } from "node:fs";
-import { PassThrough } from "node:stream";
 import Docker from "dockerode";
 
 // src/engine/audit.ts
@@ -1228,137 +1332,609 @@ var EMBEDDED_DEFAULT_SECCOMP_PROFILE = JSON.stringify({
 // src/engine/docker.ts
 init_image_builder();
 
-// src/engine/pool.ts
+// src/engine/managers/execution-manager.ts
 init_logger();
+import { PassThrough } from "node:stream";
 
-class ContainerPool {
-  docker;
-  poolStrategy;
-  cleanPoolSize;
-  dirtyPoolSize;
-  createOptions;
-  networkMode;
-  securityMode;
-  pools = new Map;
-  replenishing = new Set;
-  pendingReplenishments = new Set;
-  cleaningInterval = null;
+class ExecutionManager {
+  secrets;
+  maxOutputSize;
   constructor(options) {
-    this.docker = options.docker;
-    this.poolStrategy = options.poolStrategy ?? "fast";
-    this.createOptions = options.createOptions;
-    this.networkMode = options.networkMode;
-    this.securityMode = options.securityMode;
-    if (typeof options.poolSize === "number") {
-      this.cleanPoolSize = options.poolSize;
-      this.dirtyPoolSize = options.poolSize;
-    } else if (options.poolSize) {
-      this.cleanPoolSize = options.poolSize.clean ?? 1;
-      this.dirtyPoolSize = options.poolSize.dirty ?? 1;
-    } else {
-      this.cleanPoolSize = 1;
-      this.dirtyPoolSize = 1;
-    }
-    if (this.poolStrategy === "fast") {
-      this.startBackgroundCleaning();
+    this.secrets = options.secrets;
+    this.maxOutputSize = options.maxOutputSize;
+  }
+  wrapWithTimeout(cmd, timeoutSec) {
+    return ["timeout", "-s", "KILL", String(timeoutSec), ...cmd];
+  }
+  getInstallCommand(runtime, packages) {
+    switch (runtime) {
+      case "python":
+        return [
+          "pip",
+          "install",
+          "--user",
+          "--no-cache-dir",
+          "--break-system-packages",
+          "--disable-pip-version-check",
+          "--retries",
+          "0",
+          "--timeout",
+          "15",
+          ...packages
+        ];
+      case "node":
+        return ["npm", "install", "--prefix", "/sandbox", ...packages];
+      case "bun":
+        return ["bun", "install", "-g", "--global-dir=/sandbox/.bun-global", ...packages];
+      case "deno":
+        return ["sh", "-c", packages.map((p) => `deno cache ${p}`).join(" && ")];
+      case "bash":
+        return ["apk", "add", "--no-cache", ...packages];
+      default:
+        throw new Error(`Unknown runtime for package install: ${runtime}`);
+    }
+  }
+  async installPackages(container, runtime, packages, timeoutMs) {
+    const timeoutSec = Math.max(1, Math.ceil(timeoutMs / 1000));
+    const cmd = this.wrapWithTimeout(this.getInstallCommand(runtime, packages), timeoutSec);
+    logger.debug(`Installing packages: ${JSON.stringify(cmd)}`);
+    const env = [
+      "PATH=/sandbox/.local/bin:/sandbox/.npm-global/bin:/sandbox/.bun-global/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"
+    ];
+    if (runtime === "python") {
+      env.push("PYTHONUSERBASE=/sandbox/.local");
+    } else if (runtime === "node") {
+      env.push("NPM_CONFIG_PREFIX=/sandbox/.npm-global");
+      env.push("NPM_CONFIG_CACHE=/sandbox/.npm-cache");
+      env.push("npm_config_cache=/sandbox/.npm-cache");
+      env.push("NPM_CONFIG_FETCH_RETRIES=0");
+      env.push("npm_config_fetch_retries=0");
+      env.push("NPM_CONFIG_FETCH_RETRY_MINTIMEOUT=1000");
+      env.push("npm_config_fetch_retry_mintimeout=1000");
+      env.push("NPM_CONFIG_FETCH_RETRY_MAXTIMEOUT=2000");
+      env.push("npm_config_fetch_retry_maxtimeout=2000");
+    } else if (runtime === "bun") {
+      env.push("BUN_INSTALL_GLOBAL_DIR=/sandbox/.bun-global");
+      env.push("BUN_INSTALL_CACHE_DIR=/sandbox/.bun-cache");
+      env.push("BUN_INSTALL_BIN=/sandbox/.bun-global/bin");
+    } else if (runtime === "deno") {
+      env.push("DENO_DIR=/sandbox/.deno");
     }
+    const exec = await container.exec({
+      Cmd: cmd,
+      AttachStdout: true,
+      AttachStderr: true,
+      Env: env,
+      User: runtime === "bash" ? "root" : "sandbox"
+    });
+    const stream = await exec.start({ Detach: false, Tty: false });
+    return new Promise((resolve2, reject) => {
+      let stderr = "";
+      const stdoutStream = new PassThrough;
+      const stderrStream = new PassThrough;
+      container.modem.demuxStream(stream, stdoutStream, stderrStream);
+      stderrStream.on("data", (chunk) => {
+        const text = chunk.toString();
+        stderr += text;
+        logger.debug(`[install:${runtime}:stderr] ${text.trimEnd()}`);
+      });
+      stdoutStream.on("data", (chunk) => {
+        const text = chunk.toString();
+        logger.debug(`[install:${runtime}:stdout] ${text.trimEnd()}`);
+      });
+      stream.on("end", async () => {
+        try {
+          const info = await exec.inspect();
+          if (info.ExitCode !== 0) {
+            reject(new Error(`Package install failed (exit code ${info.ExitCode}): ${stderr}`));
+          } else {
+            resolve2();
+          }
+        } catch (err) {
+          reject(err);
+        }
+      });
+      stream.on("error", reject);
+    });
   }
-  async acquire(image) {
-    const pool = this.pools.get(image) ?? { clean: [], dirty: [] };
-    if (this.poolStrategy === "fast") {
-      if (pool.clean.length > 0) {
-        const entry = pool.clean.shift();
-        this.pools.set(image, pool);
-        this.replenish(image);
-        return entry.container;
+  async* streamExecOutput(stream, exec, container, timeoutMs) {
+    const queue = [];
+    let resolve2 = null;
+    let done = false;
+    const push = (event) => {
+      queue.push(event);
+      if (resolve2) {
+        resolve2();
+        resolve2 = null;
       }
-      if (pool.dirty.length > 0 && pool.clean.length < this.cleanPoolSize) {
-        await this.cleanDirtyImmediate(image);
-        const updatedPool = this.pools.get(image);
-        if (updatedPool && updatedPool.clean.length > 0) {
-          const entry = updatedPool.clean.shift();
-          this.pools.set(image, updatedPool);
-          this.replenish(image);
-          return entry.container;
-        }
+    };
+    const timer = setTimeout(() => {
+      push({ type: "error", data: "EXECUTION TIMED OUT" });
+      push({ type: "exit", data: "137" });
+      done = true;
+    }, timeoutMs);
+    const stdoutStream = new PassThrough;
+    const stderrStream = new PassThrough;
+    container.modem.demuxStream(stream, stdoutStream, stderrStream);
+    stdoutStream.on("data", (chunk) => {
+      let text = chunk.toString("utf-8");
+      if (Object.keys(this.secrets).length > 0) {
+        text = maskSecrets(text, this.secrets);
       }
-      return this.createContainer(image);
-    }
-    if (pool.clean && pool.clean.length > 0) {
-      const entry = pool.clean.shift();
-      this.pools.set(image, { clean: pool.clean, dirty: [] });
-      await this.cleanupContainer(entry.container);
-      this.replenish(image);
-      return entry.container;
-    }
-    return this.createContainer(image);
-  }
-  async release(container, image) {
-    let pool = this.pools.get(image);
-    if (!pool) {
-      pool = { clean: [], dirty: [] };
-      this.pools.set(image, pool);
-    }
-    if (this.poolStrategy === "fast") {
-      if (pool.dirty.length >= this.dirtyPoolSize) {
-        await container.remove({ force: true }).catch(() => {});
-        return;
+      push({ type: "stdout", data: text });
+    });
+    stderrStream.on("data", (chunk) => {
+      let text = chunk.toString("utf-8");
+      if (Object.keys(this.secrets).length > 0) {
+        text = maskSecrets(text, this.secrets);
       }
-      pool.dirty.push({ container, createdAt: Date.now() });
-    } else {
-      if (pool.clean.length >= this.cleanPoolSize) {
-        await container.remove({ force: true }).catch(() => {});
-        return;
+      push({ type: "stderr", data: text });
+    });
+    stream.on("end", async () => {
+      clearTimeout(timer);
+      try {
+        const info = await exec.inspect();
+        push({ type: "exit", data: (info.ExitCode ?? 0).toString() });
+      } catch {
+        push({ type: "exit", data: "1" });
       }
-      if (!pool.clean) {
-        pool.clean = [];
+      done = true;
+    });
+    stream.on("error", (err) => {
+      clearTimeout(timer);
+      push({ type: "error", data: err.message });
+      push({ type: "exit", data: "1" });
+      done = true;
+    });
+    while (!done || queue.length > 0) {
+      if (queue.length > 0) {
+        yield queue.shift();
+      } else if (resolve2) {
+        await new Promise((r) => {
+          resolve2 = r;
+        });
+      } else {
+        await new Promise((r) => setTimeout(r, 10));
       }
-      pool.clean.push({ container, createdAt: Date.now() });
     }
   }
-  startBackgroundCleaning() {
-    this.cleaningInterval = setInterval(async () => {
-      for (const [_image, pool] of this.pools) {
-        for (let i = 0;i < this.dirtyPoolSize; i++) {
-          if (pool.dirty.length > 0 && pool.clean.length < this.cleanPoolSize) {
-            const entry = pool.dirty.shift();
-            try {
-              await this.cleanupContainer(entry.container);
-              pool.clean.push(entry);
-            } catch {
-              entry.container.remove({ force: true }).catch(() => {});
-            }
-          }
+  async collectExecOutput(stream, container, timeoutMs) {
+    return new Promise((resolve2, reject) => {
+      let stdout = "";
+      let stderr = "";
+      let truncated = false;
+      let settled = false;
+      let stdoutEnded = false;
+      let stderrEnded = false;
+      const timer = setTimeout(() => {
+        if (settled) {
+          return;
         }
-      }
-    }, 5000);
-  }
-  async cleanDirtyImmediate(image) {
-    const pool = this.pools.get(image);
-    if (!pool || pool.dirty.length === 0 || pool.clean.length >= this.cleanPoolSize) {
-      return;
-    }
-    const entry = pool.dirty.shift();
-    try {
-      await this.cleanupContainer(entry.container);
-      pool.clean.push(entry);
-    } catch {
-      entry.container.remove({ force: true }).catch(() => {});
-    }
-  }
-  async cleanupContainer(container) {
-    const needsCleanup = this.securityMode === "strict";
-    const needsIptables = this.networkMode === "filtered" && needsCleanup;
-    if (!needsCleanup) {
-      return;
-    }
-    try {
-      const cleanupCmd = needsIptables ? "pkill -9 -u sandbox 2>/dev/null; /usr/sbin/iptables -F OUTPUT 2>/dev/null; rm -rf /sandbox/* /sandbox/.[!.]* 2>/dev/null; true" : "pkill -9 -u sandbox 2>/dev/null; rm -rf /sandbox/* /sandbox/.[!.]* 2>/dev/null; true";
-      const cleanExec = await container.exec({
-        Cmd: ["sh", "-c", cleanupCmd]
-      });
-      await cleanExec.start({ Detach: true });
-      let info = await cleanExec.inspect();
+        settled = true;
+        if (stream.destroy) {
+          stream.destroy();
+        }
+        resolve2({ stdout, stderr: `${stderr}
+--- EXECUTION TIMED OUT ---`, truncated });
+      }, timeoutMs);
+      const stdoutStream = new PassThrough;
+      const stderrStream = new PassThrough;
+      container.modem.demuxStream(stream, stdoutStream, stderrStream);
+      stdoutStream.on("data", (chunk) => {
+        stdout += chunk.toString("utf-8");
+        if (stdout.length > this.maxOutputSize) {
+          const result = truncateOutput(stdout, this.maxOutputSize);
+          stdout = result.text;
+          truncated = true;
+        }
+      });
+      stderrStream.on("data", (chunk) => {
+        stderr += chunk.toString("utf-8");
+        if (stderr.length > this.maxOutputSize) {
+          const result = truncateOutput(stderr, this.maxOutputSize);
+          stderr = result.text;
+          truncated = true;
+        }
+      });
+      const checkDone = () => {
+        if (settled) {
+          return;
+        }
+        if (stdoutEnded && stderrEnded) {
+          settled = true;
+          clearTimeout(timer);
+          resolve2({ stdout, stderr, truncated });
+        }
+      };
+      stdoutStream.on("end", () => {
+        stdoutEnded = true;
+        checkDone();
+      });
+      stderrStream.on("end", () => {
+        stderrEnded = true;
+        checkDone();
+      });
+      stream.on("error", (err) => {
+        if (settled) {
+          return;
+        }
+        settled = true;
+        clearTimeout(timer);
+        reject(err);
+      });
+      stream.on("end", () => {
+        if (settled) {
+          return;
+        }
+        setTimeout(() => {
+          if (!settled) {
+            stdoutEnded = true;
+            stderrEnded = true;
+            checkDone();
+          }
+        }, 100);
+      });
+    });
+  }
+  postProcessOutput(output, _truncated) {
+    let result = output;
+    if (Object.keys(this.secrets).length > 0) {
+      result = maskSecrets(result, this.secrets);
+    }
+    return result.trimEnd();
+  }
+  buildEnv(extra, proxyPort, networkMode, networkFilter) {
+    const env = [
+      "PYTHONUNBUFFERED=1",
+      "PYTHONUSERBASE=/sandbox/.local",
+      "NPM_CONFIG_PREFIX=/sandbox/.npm-global",
+      "DENO_DIR=/sandbox/.deno",
+      "PATH=/sandbox/.local/bin:/sandbox/.npm-global/bin:/sandbox/.bun-global/bin:/usr/local/bin:/usr/bin:/bin",
+      "NODE_PATH=/usr/local/lib/node_modules:/sandbox/.npm-global/lib/node_modules:/sandbox/node_modules"
+    ];
+    for (const [key, value] of Object.entries(this.secrets)) {
+      env.push(`${key}=${value}`);
+    }
+    if (extra) {
+      for (const [key, value] of Object.entries(extra)) {
+        env.push(`${key}=${value}`);
+      }
+    }
+    if (networkMode === "filtered") {
+      if (networkFilter) {
+        env.push(`ISOL8_WHITELIST=${JSON.stringify(networkFilter.whitelist)}`);
+        env.push(`ISOL8_BLACKLIST=${JSON.stringify(networkFilter.blacklist)}`);
+      }
+      if (proxyPort) {
+        env.push(`HTTP_PROXY=http://127.0.0.1:${proxyPort}`);
+        env.push(`HTTPS_PROXY=http://127.0.0.1:${proxyPort}`);
+        env.push(`http_proxy=http://127.0.0.1:${proxyPort}`);
+        env.push(`https_proxy=http://127.0.0.1:${proxyPort}`);
+      }
+    }
+    return env;
+  }
+}
+// src/engine/managers/network-manager.ts
+init_logger();
+var PROXY_PORT = 8118;
+var PROXY_STARTUP_TIMEOUT_MS = 5000;
+var PROXY_POLL_INTERVAL_MS = 100;
+
+class NetworkManager {
+  network;
+  networkFilter;
+  constructor(options) {
+    this.network = options.network;
+    this.networkFilter = options.networkFilter;
+  }
+  async startProxy(container) {
+    if (this.network !== "filtered") {
+      return;
+    }
+    const envParts = [];
+    if (this.networkFilter) {
+      envParts.push(`ISOL8_WHITELIST='${JSON.stringify(this.networkFilter.whitelist)}'`);
+      envParts.push(`ISOL8_BLACKLIST='${JSON.stringify(this.networkFilter.blacklist)}'`);
+    }
+    const envPrefix = envParts.length > 0 ? `${envParts.join(" ")} ` : "";
+    const startExec = await container.exec({
+      Cmd: ["sh", "-c", `${envPrefix}bash /usr/local/bin/proxy.sh &`]
+    });
+    await startExec.start({ Detach: true });
+    const deadline = Date.now() + PROXY_STARTUP_TIMEOUT_MS;
+    while (Date.now() < deadline) {
+      try {
+        const checkExec = await container.exec({
+          Cmd: ["sh", "-c", `nc -z 127.0.0.1 ${PROXY_PORT} 2>/dev/null`]
+        });
+        await checkExec.start({ Detach: true });
+        let info = await checkExec.inspect();
+        while (info.Running) {
+          await new Promise((r) => setTimeout(r, 50));
+          info = await checkExec.inspect();
+        }
+        if (info.ExitCode === 0) {
+          return;
+        }
+      } catch {}
+      await new Promise((r) => setTimeout(r, PROXY_POLL_INTERVAL_MS));
+    }
+    throw new Error("Proxy failed to start within timeout");
+  }
+  async setupIptables(container) {
+    if (this.network !== "filtered") {
+      return;
+    }
+    const rules = [
+      "/usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT",
+      "/usr/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT",
+      `/usr/sbin/iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport ${PROXY_PORT} -m owner --uid-owner 100 -j ACCEPT`,
+      "/usr/sbin/iptables -A OUTPUT -m owner --uid-owner 100 -j DROP"
+    ].join(" && ");
+    const exec = await container.exec({
+      Cmd: ["sh", "-c", rules]
+    });
+    await exec.start({ Detach: true });
+    let info = await exec.inspect();
+    while (info.Running) {
+      await new Promise((r) => setTimeout(r, 50));
+      info = await exec.inspect();
+    }
+    if (info.ExitCode !== 0) {
+      throw new Error(`Failed to set up iptables rules (exit code ${info.ExitCode})`);
+    }
+    logger.debug("[Filtered] iptables rules applied — sandbox user restricted to proxy only");
+  }
+  get proxyPort() {
+    return PROXY_PORT;
+  }
+}
+// src/engine/managers/volume-manager.ts
+import { PassThrough as PassThrough2 } from "node:stream";
+
+class VolumeManager {
+  readonlyRootFs;
+  sandboxWorkdir;
+  constructor(options) {
+    this.readonlyRootFs = options.readonlyRootFs;
+    this.sandboxWorkdir = options.sandboxWorkdir ?? "/sandbox";
+  }
+  async writeFileViaExec(container, filePath, content) {
+    const data = typeof content === "string" ? Buffer.from(content, "utf-8") : content;
+    const b64 = data.toString("base64");
+    if (b64.length < 20000) {
+      const exec = await container.exec({
+        Cmd: ["sh", "-c", `printf '%s' '${b64}' | base64 -d > ${filePath}`],
+        User: "sandbox"
+      });
+      await exec.start({ Detach: true });
+      let info2 = await exec.inspect();
+      while (info2.Running) {
+        await new Promise((r) => setTimeout(r, 5));
+        info2 = await exec.inspect();
+      }
+      if (info2.ExitCode !== 0) {
+        throw new Error(`Failed to write file ${filePath} in container (exit code ${info2.ExitCode})`);
+      }
+      return;
+    }
+    const tempPath = `/tmp/b64_${Date.now()}.tmp`;
+    const chunkSize = 8000;
+    for (let i = 0;i < b64.length; i += chunkSize) {
+      const chunk = b64.slice(i, i + chunkSize);
+      const exec = await container.exec({
+        Cmd: ["sh", "-c", `printf '%s' '${chunk}' >> ${tempPath}`],
+        User: "sandbox"
+      });
+      await exec.start({ Detach: true });
+      await exec.inspect();
+    }
+    const decodeExec = await container.exec({
+      Cmd: ["sh", "-c", `base64 -d ${tempPath} > ${filePath} && rm ${tempPath}`],
+      User: "sandbox"
+    });
+    await decodeExec.start({ Detach: true });
+    let info = await decodeExec.inspect();
+    while (info.Running) {
+      await new Promise((r) => setTimeout(r, 5));
+      info = await decodeExec.inspect();
+    }
+    if (info.ExitCode !== 0) {
+      throw new Error(`Failed to write file ${filePath} in container (exit code ${info.ExitCode})`);
+    }
+  }
+  async readFileViaExec(container, filePath) {
+    const exec = await container.exec({
+      Cmd: ["base64", filePath],
+      AttachStdout: true,
+      AttachStderr: true,
+      User: "sandbox"
+    });
+    const stream = await exec.start({ Tty: false });
+    const chunks = [];
+    const stderrChunks = [];
+    const stdoutStream = new PassThrough2;
+    const stderrStream = new PassThrough2;
+    container.modem.demuxStream(stream, stdoutStream, stderrStream);
+    stdoutStream.on("data", (chunk) => chunks.push(chunk));
+    stderrStream.on("data", (chunk) => stderrChunks.push(chunk));
+    await new Promise((resolve2, reject) => {
+      stream.on("end", resolve2);
+      stream.on("error", reject);
+    });
+    const inspectResult = await exec.inspect();
+    if (inspectResult.ExitCode !== 0) {
+      const stderr = Buffer.concat(stderrChunks).toString("utf-8").trim();
+      throw new Error(`Failed to read file ${filePath} in container: ${stderr} (exit code ${inspectResult.ExitCode})`);
+    }
+    const b64Output = Buffer.concat(chunks).toString("utf-8").trim();
+    return Buffer.from(b64Output, "base64");
+  }
+  async getFileFromContainer(container, path) {
+    const stream = await container.getArchive({ path });
+    const chunks = [];
+    for await (const chunk of stream) {
+      chunks.push(chunk);
+    }
+    return extractFromTar(Buffer.concat(chunks), path);
+  }
+  async retrieveFiles(container, paths) {
+    const files = {};
+    for (const p of paths) {
+      try {
+        const buf = this.readonlyRootFs ? await this.readFileViaExec(container, p) : await this.getFileFromContainer(container, p);
+        files[p] = buf.toString("base64");
+      } catch {}
+    }
+    return files;
+  }
+  async putFile(container, path, content) {
+    if (this.readonlyRootFs) {
+      await this.writeFileViaExec(container, path, content);
+    } else {
+      const tar = createTarBuffer(path, content);
+      await container.putArchive(tar, { path: "/" });
+    }
+  }
+  async getFile(container, path) {
+    if (this.readonlyRootFs) {
+      return this.readFileViaExec(container, path);
+    }
+    return this.getFileFromContainer(container, path);
+  }
+}
+// src/engine/pool.ts
+init_logger();
+
+class ContainerPool {
+  docker;
+  poolStrategy;
+  cleanPoolSize;
+  dirtyPoolSize;
+  createOptions;
+  networkMode;
+  securityMode;
+  pools = new Map;
+  replenishing = new Set;
+  pendingReplenishments = new Set;
+  cleaningInterval = null;
+  constructor(options) {
+    this.docker = options.docker;
+    this.poolStrategy = options.poolStrategy ?? "fast";
+    this.createOptions = options.createOptions;
+    this.networkMode = options.networkMode;
+    this.securityMode = options.securityMode;
+    if (typeof options.poolSize === "number") {
+      this.cleanPoolSize = options.poolSize;
+      this.dirtyPoolSize = options.poolSize;
+    } else if (options.poolSize) {
+      this.cleanPoolSize = options.poolSize.clean ?? 1;
+      this.dirtyPoolSize = options.poolSize.dirty ?? 1;
+    } else {
+      this.cleanPoolSize = 1;
+      this.dirtyPoolSize = 1;
+    }
+    if (this.poolStrategy === "fast") {
+      this.startBackgroundCleaning();
+    }
+  }
+  async acquire(image) {
+    const pool = this.pools.get(image) ?? { clean: [], dirty: [] };
+    if (this.poolStrategy === "fast") {
+      if (pool.clean.length > 0) {
+        const entry = pool.clean.shift();
+        this.pools.set(image, pool);
+        this.replenish(image);
+        return entry.container;
+      }
+      if (pool.dirty.length > 0 && pool.clean.length < this.cleanPoolSize) {
+        await this.cleanDirtyImmediate(image);
+        const updatedPool = this.pools.get(image);
+        if (updatedPool && updatedPool.clean.length > 0) {
+          const entry = updatedPool.clean.shift();
+          this.pools.set(image, updatedPool);
+          this.replenish(image);
+          return entry.container;
+        }
+      }
+      return this.createContainer(image);
+    }
+    if (pool.clean && pool.clean.length > 0) {
+      const entry = pool.clean.shift();
+      this.pools.set(image, { clean: pool.clean, dirty: [] });
+      await this.cleanupContainer(entry.container);
+      this.replenish(image);
+      return entry.container;
+    }
+    return this.createContainer(image);
+  }
+  async release(container, image) {
+    let pool = this.pools.get(image);
+    if (!pool) {
+      pool = { clean: [], dirty: [] };
+      this.pools.set(image, pool);
+    }
+    if (this.poolStrategy === "fast") {
+      if (pool.dirty.length >= this.dirtyPoolSize) {
+        await container.remove({ force: true }).catch(() => {});
+        return;
+      }
+      pool.dirty.push({ container, createdAt: Date.now() });
+    } else {
+      if (pool.clean.length >= this.cleanPoolSize) {
+        await container.remove({ force: true }).catch(() => {});
+        return;
+      }
+      if (!pool.clean) {
+        pool.clean = [];
+      }
+      pool.clean.push({ container, createdAt: Date.now() });
+    }
+  }
+  startBackgroundCleaning() {
+    this.cleaningInterval = setInterval(async () => {
+      for (const [_image, pool] of this.pools) {
+        for (let i = 0;i < this.dirtyPoolSize; i++) {
+          if (pool.dirty.length > 0 && pool.clean.length < this.cleanPoolSize) {
+            const entry = pool.dirty.shift();
+            try {
+              await this.cleanupContainer(entry.container);
+              pool.clean.push(entry);
+            } catch {
+              entry.container.remove({ force: true }).catch(() => {});
+            }
+          }
+        }
+      }
+    }, 5000);
+  }
+  async cleanDirtyImmediate(image) {
+    const pool = this.pools.get(image);
+    if (!pool || pool.dirty.length === 0 || pool.clean.length >= this.cleanPoolSize) {
+      return;
+    }
+    const entry = pool.dirty.shift();
+    try {
+      await this.cleanupContainer(entry.container);
+      pool.clean.push(entry);
+    } catch {
+      entry.container.remove({ force: true }).catch(() => {});
+    }
+  }
+  async cleanupContainer(container) {
+    const needsCleanup = this.securityMode === "strict";
+    const needsIptables = this.networkMode === "filtered" && needsCleanup;
+    if (!needsCleanup) {
+      return;
+    }
+    try {
+      const cleanupCmd = needsIptables ? "pkill -9 -u sandbox 2>/dev/null; /usr/sbin/iptables -F OUTPUT 2>/dev/null; rm -rf /sandbox/* /sandbox/.[!.]* 2>/dev/null; true" : "pkill -9 -u sandbox 2>/dev/null; rm -rf /sandbox/* /sandbox/.[!.]* 2>/dev/null; true";
+      const cleanExec = await container.exec({
+        Cmd: ["sh", "-c", cleanupCmd]
+      });
+      await cleanExec.start({ Detach: true });
+      let info = await cleanExec.inspect();
       while (info.Running) {
         await new Promise((r) => setTimeout(r, 5));
         info = await cleanExec.inspect();
@@ -1471,265 +2047,45 @@ function calculateCPUPercent(stats) {
   const numCores = stats.cpu_stats.online_cpus ?? stats.cpu_stats.cpu_usage.percpu_usage?.length ?? 1;
   return cpuDelta / systemDelta * numCores * 100;
 }
-function calculateNetworkStats(stats) {
-  if (!stats.networks) {
-    return { in: 0, out: 0 };
-  }
-  let rxBytes = 0;
-  let txBytes = 0;
-  for (const iface of Object.values(stats.networks)) {
-    rxBytes += iface.rx_bytes;
-    txBytes += iface.tx_bytes;
-  }
-  return { in: rxBytes, out: txBytes };
-}
-async function getContainerStats(container) {
-  const stats = await container.stats({
-    stream: false
-  });
-  const cpuPercent = calculateCPUPercent(stats);
-  const memoryBytes = stats.memory_stats.usage;
-  const network = calculateNetworkStats(stats);
-  return {
-    cpuPercent: Math.round(cpuPercent * 100) / 100,
-    memoryMB: Math.round(memoryBytes / (1024 * 1024)),
-    networkBytesIn: network.in,
-    networkBytesOut: network.out
-  };
-}
-function calculateResourceDelta(before, after) {
-  return {
-    cpuPercent: after.cpuPercent,
-    memoryMB: after.memoryMB,
-    networkBytesIn: after.networkBytesIn - before.networkBytesIn,
-    networkBytesOut: after.networkBytesOut - before.networkBytesOut
-  };
-}
-
-// src/engine/docker.ts
-async function writeFileViaExec(container, filePath, content) {
-  const data = typeof content === "string" ? Buffer.from(content, "utf-8") : content;
-  const b64 = data.toString("base64");
-  if (b64.length < 20000) {
-    const exec = await container.exec({
-      Cmd: ["sh", "-c", `printf '%s' '${b64}' | base64 -d > ${filePath}`],
-      User: "sandbox"
-    });
-    await exec.start({ Detach: true });
-    let info2 = await exec.inspect();
-    while (info2.Running) {
-      await new Promise((r) => setTimeout(r, 5));
-      info2 = await exec.inspect();
-    }
-    if (info2.ExitCode !== 0) {
-      throw new Error(`Failed to write file ${filePath} in container (exit code ${info2.ExitCode})`);
-    }
-    return;
-  }
-  const tempPath = `/tmp/b64_${Date.now()}.tmp`;
-  const chunkSize = 8000;
-  for (let i = 0;i < b64.length; i += chunkSize) {
-    const chunk = b64.slice(i, i + chunkSize);
-    const exec = await container.exec({
-      Cmd: ["sh", "-c", `printf '%s' '${chunk}' >> ${tempPath}`],
-      User: "sandbox"
-    });
-    await exec.start({ Detach: true });
-    await exec.inspect();
-  }
-  const decodeExec = await container.exec({
-    Cmd: ["sh", "-c", `base64 -d ${tempPath} > ${filePath} && rm ${tempPath}`],
-    User: "sandbox"
-  });
-  await decodeExec.start({ Detach: true });
-  let info = await decodeExec.inspect();
-  while (info.Running) {
-    await new Promise((r) => setTimeout(r, 5));
-    info = await decodeExec.inspect();
-  }
-  if (info.ExitCode !== 0) {
-    throw new Error(`Failed to write file ${filePath} in container (exit code ${info.ExitCode})`);
-  }
-}
-async function readFileViaExec(container, filePath) {
-  const exec = await container.exec({
-    Cmd: ["base64", filePath],
-    AttachStdout: true,
-    AttachStderr: true,
-    User: "sandbox"
-  });
-  const stream = await exec.start({ Tty: false });
-  const chunks = [];
-  const stderrChunks = [];
-  const stdoutStream = new PassThrough;
-  const stderrStream = new PassThrough;
-  container.modem.demuxStream(stream, stdoutStream, stderrStream);
-  stdoutStream.on("data", (chunk) => chunks.push(chunk));
-  stderrStream.on("data", (chunk) => stderrChunks.push(chunk));
-  await new Promise((resolve2, reject) => {
-    stream.on("end", resolve2);
-    stream.on("error", reject);
-  });
-  const inspectResult = await exec.inspect();
-  if (inspectResult.ExitCode !== 0) {
-    const stderr = Buffer.concat(stderrChunks).toString("utf-8").trim();
-    throw new Error(`Failed to read file ${filePath} in container: ${stderr} (exit code ${inspectResult.ExitCode})`);
-  }
-  const b64Output = Buffer.concat(chunks).toString("utf-8").trim();
-  return Buffer.from(b64Output, "base64");
-}
-var SANDBOX_WORKDIR = "/sandbox";
-var MAX_OUTPUT_BYTES = 1024 * 1024;
-var PROXY_PORT = 8118;
-var PROXY_STARTUP_TIMEOUT_MS = 5000;
-var PROXY_POLL_INTERVAL_MS = 100;
-async function startProxy(container, networkFilter) {
-  const envParts = [];
-  if (networkFilter) {
-    envParts.push(`ISOL8_WHITELIST='${JSON.stringify(networkFilter.whitelist)}'`);
-    envParts.push(`ISOL8_BLACKLIST='${JSON.stringify(networkFilter.blacklist)}'`);
-  }
-  const envPrefix = envParts.length > 0 ? `${envParts.join(" ")} ` : "";
-  const startExec = await container.exec({
-    Cmd: ["sh", "-c", `${envPrefix}bash /usr/local/bin/proxy.sh &`]
-  });
-  await startExec.start({ Detach: true });
-  const deadline = Date.now() + PROXY_STARTUP_TIMEOUT_MS;
-  while (Date.now() < deadline) {
-    try {
-      const checkExec = await container.exec({
-        Cmd: ["sh", "-c", `nc -z 127.0.0.1 ${PROXY_PORT} 2>/dev/null`]
-      });
-      await checkExec.start({ Detach: true });
-      let info = await checkExec.inspect();
-      while (info.Running) {
-        await new Promise((r) => setTimeout(r, 50));
-        info = await checkExec.inspect();
-      }
-      if (info.ExitCode === 0) {
-        return;
-      }
-    } catch {}
-    await new Promise((r) => setTimeout(r, PROXY_POLL_INTERVAL_MS));
-  }
-  throw new Error("Proxy failed to start within timeout");
-}
-async function setupIptables(container) {
-  const rules = [
-    "/usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT",
-    "/usr/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT",
-    `/usr/sbin/iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport ${PROXY_PORT} -m owner --uid-owner 100 -j ACCEPT`,
-    "/usr/sbin/iptables -A OUTPUT -m owner --uid-owner 100 -j DROP"
-  ].join(" && ");
-  const exec = await container.exec({
-    Cmd: ["sh", "-c", rules]
-  });
-  await exec.start({ Detach: true });
-  let info = await exec.inspect();
-  while (info.Running) {
-    await new Promise((r) => setTimeout(r, 50));
-    info = await exec.inspect();
-  }
-  if (info.ExitCode !== 0) {
-    throw new Error(`Failed to set up iptables rules (exit code ${info.ExitCode})`);
-  }
-  logger.debug("[Filtered] iptables rules applied — sandbox user restricted to proxy only");
-}
-function wrapWithTimeout(cmd, timeoutSec) {
-  return ["timeout", "-s", "KILL", String(timeoutSec), ...cmd];
-}
-function getInstallCommand(runtime, packages) {
-  switch (runtime) {
-    case "python":
-      return [
-        "pip",
-        "install",
-        "--user",
-        "--no-cache-dir",
-        "--break-system-packages",
-        "--disable-pip-version-check",
-        "--retries",
-        "0",
-        "--timeout",
-        "15",
-        ...packages
-      ];
-    case "node":
-      return ["npm", "install", "--prefix", "/sandbox", ...packages];
-    case "bun":
-      return ["bun", "install", "-g", "--global-dir=/sandbox/.bun-global", ...packages];
-    case "deno":
-      return ["sh", "-c", packages.map((p) => `deno cache ${p}`).join(" && ")];
-    case "bash":
-      return ["apk", "add", "--no-cache", ...packages];
-    default:
-      throw new Error(`Unknown runtime for package install: ${runtime}`);
+function calculateNetworkStats(stats) {
+  if (!stats.networks) {
+    return { in: 0, out: 0 };
+  }
+  let rxBytes = 0;
+  let txBytes = 0;
+  for (const iface of Object.values(stats.networks)) {
+    rxBytes += iface.rx_bytes;
+    txBytes += iface.tx_bytes;
   }
+  return { in: rxBytes, out: txBytes };
 }
-async function installPackages(container, runtime, packages, timeoutMs) {
-  const timeoutSec = Math.max(1, Math.ceil(timeoutMs / 1000));
-  const cmd = wrapWithTimeout(getInstallCommand(runtime, packages), timeoutSec);
-  logger.debug(`Installing packages: ${JSON.stringify(cmd)}`);
-  const env = [
-    "PATH=/sandbox/.local/bin:/sandbox/.npm-global/bin:/sandbox/.bun-global/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"
-  ];
-  if (runtime === "python") {
-    env.push("PYTHONUSERBASE=/sandbox/.local");
-  } else if (runtime === "node") {
-    env.push("NPM_CONFIG_PREFIX=/sandbox/.npm-global");
-    env.push("NPM_CONFIG_CACHE=/sandbox/.npm-cache");
-    env.push("npm_config_cache=/sandbox/.npm-cache");
-    env.push("NPM_CONFIG_FETCH_RETRIES=0");
-    env.push("npm_config_fetch_retries=0");
-    env.push("NPM_CONFIG_FETCH_RETRY_MINTIMEOUT=1000");
-    env.push("npm_config_fetch_retry_mintimeout=1000");
-    env.push("NPM_CONFIG_FETCH_RETRY_MAXTIMEOUT=2000");
-    env.push("npm_config_fetch_retry_maxtimeout=2000");
-  } else if (runtime === "bun") {
-    env.push("BUN_INSTALL_GLOBAL_DIR=/sandbox/.bun-global");
-    env.push("BUN_INSTALL_CACHE_DIR=/sandbox/.bun-cache");
-    env.push("BUN_INSTALL_BIN=/sandbox/.bun-global/bin");
-  } else if (runtime === "deno") {
-    env.push("DENO_DIR=/sandbox/.deno");
-  }
-  const exec = await container.exec({
-    Cmd: cmd,
-    AttachStdout: true,
-    AttachStderr: true,
-    Env: env,
-    User: runtime === "bash" ? "root" : "sandbox"
-  });
-  const stream = await exec.start({ Detach: false, Tty: false });
-  return new Promise((resolve2, reject) => {
-    let stderr = "";
-    const stdoutStream = new PassThrough;
-    const stderrStream = new PassThrough;
-    container.modem.demuxStream(stream, stdoutStream, stderrStream);
-    stderrStream.on("data", (chunk) => {
-      const text = chunk.toString();
-      stderr += text;
-      logger.debug(`[install:${runtime}:stderr] ${text.trimEnd()}`);
-    });
-    stdoutStream.on("data", (chunk) => {
-      const text = chunk.toString();
-      logger.debug(`[install:${runtime}:stdout] ${text.trimEnd()}`);
-    });
-    stream.on("end", async () => {
-      try {
-        const info = await exec.inspect();
-        if (info.ExitCode !== 0) {
-          reject(new Error(`Package install failed (exit code ${info.ExitCode}): ${stderr}`));
-        } else {
-          resolve2();
-        }
-      } catch (err) {
-        reject(err);
-      }
-    });
-    stream.on("error", reject);
+async function getContainerStats(container) {
+  const stats = await container.stats({
+    stream: false
   });
+  const cpuPercent = calculateCPUPercent(stats);
+  const memoryBytes = stats.memory_stats.usage;
+  const network = calculateNetworkStats(stats);
+  return {
+    cpuPercent: Math.round(cpuPercent * 100) / 100,
+    memoryMB: Math.round(memoryBytes / (1024 * 1024)),
+    networkBytesIn: network.in,
+    networkBytesOut: network.out
+  };
+}
+function calculateResourceDelta(before, after) {
+  return {
+    cpuPercent: after.cpuPercent,
+    memoryMB: after.memoryMB,
+    networkBytesIn: after.networkBytesIn - before.networkBytesIn,
+    networkBytesOut: after.networkBytesOut - before.networkBytesOut
+  };
 }
 
+// src/engine/docker.ts
+var SANDBOX_WORKDIR = "/sandbox";
+var MAX_OUTPUT_BYTES = 1024 * 1024;
+
 class DockerIsol8 {
   docker;
   mode;
@@ -1754,6 +2110,9 @@ class DockerIsol8 {
   dependencies;
   auditLogger;
   remoteCodePolicy;
+  networkManager;
+  executionManager;
+  volumeManager;
   container = null;
   persistentRuntime = null;
   pool = null;
@@ -1813,6 +2172,18 @@ class DockerIsol8 {
     if (options.audit) {
       this.auditLogger = new AuditLogger(options.audit);
     }
+    this.networkManager = new NetworkManager({
+      network: this.network,
+      networkFilter: this.networkFilter
+    });
+    this.executionManager = new ExecutionManager({
+      secrets: this.secrets,
+      maxOutputSize: this.maxOutputSize
+    });
+    this.volumeManager = new VolumeManager({
+      readonlyRootFs: this.readonlyRootFs,
+      sandboxWorkdir: SANDBOX_WORKDIR
+    });
     if (options.debug) {
       logger.setDebug(true);
     }
@@ -1991,27 +2362,13 @@ class DockerIsol8 {
     if (!this.container) {
       throw new Error("No active container. Call execute() first in persistent mode.");
     }
-    if (this.readonlyRootFs) {
-      await writeFileViaExec(this.container, path, content);
-    } else {
-      const tar = createTarBuffer(path, content);
-      await this.container.putArchive(tar, { path: "/" });
-    }
+    await this.volumeManager.putFile(this.container, path, content);
   }
   async getFile(path) {
     if (!this.container) {
       throw new Error("No active container. Call execute() first in persistent mode.");
     }
-    if (this.readonlyRootFs) {
-      return readFileViaExec(this.container, path);
-    }
-    const stream = await this.container.getArchive({ path });
-    const chunks = [];
-    for await (const chunk of stream) {
-      chunks.push(chunk);
-    }
-    const tarBuffer = Buffer.concat(chunks);
-    return extractFromTar(tarBuffer, path);
+    return this.volumeManager.getFile(this.container, path);
   }
   get containerId() {
     return this.container?.id ?? null;
@@ -2027,26 +2384,24 @@ class DockerIsol8 {
         Image: image,
         Cmd: ["sleep", "infinity"],
         WorkingDir: SANDBOX_WORKDIR,
-        Env: this.buildEnv(),
+        Env: this.executionManager.buildEnv(undefined, this.networkManager.proxyPort, this.network, this.networkFilter),
         NetworkDisabled: this.network === "none",
         HostConfig: this.buildHostConfig(),
         StopTimeout: 2
       });
       try {
         await container.start();
-        if (this.network === "filtered") {
-          await startProxy(container, this.networkFilter);
-          await setupIptables(container);
-        }
+        await this.networkManager.startProxy(container);
+        await this.networkManager.setupIptables(container);
         const ext = request.fileExtension ?? adapter.getFileExtension();
         const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
-        await writeFileViaExec(container, filePath, request.code);
+        await this.volumeManager.writeFileViaExec(container, filePath, request.code);
         if (request.installPackages?.length) {
-          await installPackages(container, request.runtime, request.installPackages, timeoutMs);
+          await this.executionManager.installPackages(container, request.runtime, request.installPackages, timeoutMs);
         }
         if (request.files) {
           for (const [fPath, fContent] of Object.entries(request.files)) {
-            await writeFileViaExec(container, fPath, fContent);
+            await this.volumeManager.writeFileViaExec(container, fPath, fContent);
           }
         }
         const rawCmd = adapter.getCommand(request.code, filePath);
@@ -2054,22 +2409,22 @@ class DockerIsol8 {
         let cmd;
         if (request.stdin) {
           const stdinPath = `${SANDBOX_WORKDIR}/_stdin`;
-          await writeFileViaExec(container, stdinPath, request.stdin);
+          await this.volumeManager.writeFileViaExec(container, stdinPath, request.stdin);
           const cmdStr = rawCmd.map((a) => `'${a.replace(/'/g, "'\\''")}'`).join(" ");
-          cmd = wrapWithTimeout(["sh", "-c", `cat ${stdinPath} | ${cmdStr}`], timeoutSec);
+          cmd = this.executionManager.wrapWithTimeout(["sh", "-c", `cat ${stdinPath} | ${cmdStr}`], timeoutSec);
         } else {
-          cmd = wrapWithTimeout(rawCmd, timeoutSec);
+          cmd = this.executionManager.wrapWithTimeout(rawCmd, timeoutSec);
         }
         const exec = await container.exec({
           Cmd: cmd,
-          Env: this.buildEnv(request.env),
+          Env: this.executionManager.buildEnv(request.env, this.networkManager.proxyPort, this.network, this.networkFilter),
           AttachStdout: true,
           AttachStderr: true,
           WorkingDir: SANDBOX_WORKDIR,
           User: "sandbox"
         });
         const execStream = await exec.start({ Tty: false });
-        yield* this.streamExecOutput(execStream, exec, container, timeoutMs);
+        yield* this.executionManager.streamExecOutput(execStream, exec, container, timeoutMs);
       } finally {
         if (this.persist) {
           logger.debug(`[Persist] Leaving container running for inspection: ${container.id}`);
@@ -2144,7 +2499,7 @@ class DockerIsol8 {
         createOptions: {
           Cmd: ["sleep", "infinity"],
           WorkingDir: SANDBOX_WORKDIR,
-          Env: this.buildEnv(),
+          Env: this.executionManager.buildEnv(undefined, this.networkManager.proxyPort, this.network, this.networkFilter),
           NetworkDisabled: this.network === "none",
           HostConfig: this.buildHostConfig(),
           StopTimeout: 2
@@ -2168,10 +2523,8 @@ class DockerIsol8 {
       }
     }
     try {
-      if (this.network === "filtered") {
-        await startProxy(container, this.networkFilter);
-        await setupIptables(container);
-      }
+      await this.networkManager.startProxy(container);
+      await this.networkManager.setupIptables(container);
       const canUseInline = !(req.stdin || req.files || req.outputPaths) && (!req.installPackages || req.installPackages.length === 0);
       let rawCmd;
       if (canUseInline) {
@@ -2180,36 +2533,36 @@ class DockerIsol8 {
         } catch {
           const ext = req.fileExtension ?? adapter.getFileExtension();
           const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
-          await writeFileViaExec(container, filePath, req.code);
+          await this.volumeManager.writeFileViaExec(container, filePath, req.code);
           rawCmd = adapter.getCommand(req.code, filePath);
         }
       } else {
         const ext = req.fileExtension ?? adapter.getFileExtension();
         const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
-        await writeFileViaExec(container, filePath, req.code);
+        await this.volumeManager.writeFileViaExec(container, filePath, req.code);
         rawCmd = adapter.getCommand(req.code, filePath);
       }
       if (req.installPackages?.length) {
-        await installPackages(container, req.runtime, req.installPackages, timeoutMs);
+        await this.executionManager.installPackages(container, req.runtime, req.installPackages, timeoutMs);
       }
       const timeoutSec = Math.ceil(timeoutMs / 1000);
       let cmd;
       if (req.stdin) {
         const stdinPath = `${SANDBOX_WORKDIR}/_stdin`;
-        await writeFileViaExec(container, stdinPath, req.stdin);
+        await this.volumeManager.writeFileViaExec(container, stdinPath, req.stdin);
         const cmdStr = rawCmd.map((a) => `'${a.replace(/'/g, "'\\''")}' `).join("");
-        cmd = wrapWithTimeout(["sh", "-c", `cat ${stdinPath} | ${cmdStr}`], timeoutSec);
+        cmd = this.executionManager.wrapWithTimeout(["sh", "-c", `cat ${stdinPath} | ${cmdStr}`], timeoutSec);
       } else {
-        cmd = wrapWithTimeout(rawCmd, timeoutSec);
+        cmd = this.executionManager.wrapWithTimeout(rawCmd, timeoutSec);
       }
       if (req.files) {
         for (const [fPath, fContent] of Object.entries(req.files)) {
-          await writeFileViaExec(container, fPath, fContent);
+          await this.volumeManager.writeFileViaExec(container, fPath, fContent);
         }
       }
       const exec = await container.exec({
         Cmd: cmd,
-        Env: this.buildEnv(req.env),
+        Env: this.executionManager.buildEnv(req.env, this.networkManager.proxyPort, this.network, this.networkFilter),
         AttachStdout: true,
         AttachStderr: true,
         WorkingDir: SANDBOX_WORKDIR,
@@ -2217,7 +2570,7 @@ class DockerIsol8 {
       });
       const start = performance.now();
       const execStream = await exec.start({ Tty: false });
-      const { stdout, stderr, truncated } = await this.collectExecOutput(execStream, container, timeoutMs);
+      const { stdout, stderr, truncated } = await this.executionManager.collectExecOutput(execStream, container, timeoutMs);
       const durationMs = Math.round(performance.now() - start);
       const inspectResult = await exec.inspect();
       let resourceUsage;
@@ -2241,8 +2594,8 @@ class DockerIsol8 {
         }
       }
       const result = {
-        stdout: this.postProcessOutput(stdout, truncated),
-        stderr: this.postProcessOutput(stderr, false),
+        stdout: this.executionManager.postProcessOutput(stdout, truncated),
+        stderr: this.executionManager.postProcessOutput(stderr, false),
         exitCode: inspectResult.ExitCode ?? 1,
         durationMs,
         truncated,
@@ -2252,7 +2605,7 @@ class DockerIsol8 {
         containerId: container.id,
         ...resourceUsage ? { resourceUsage } : {},
         ...networkLogs ? { networkLogs } : {},
-        ...req.outputPaths ? { files: await this.retrieveFiles(container, req.outputPaths) } : {}
+        ...req.outputPaths ? { files: await this.volumeManager.retrieveFiles(container, req.outputPaths) } : {}
       };
       if (this.auditLogger) {
         await this.recordAudit(req, result, startTime, container);
@@ -2279,37 +2632,27 @@ class DockerIsol8 {
     }
     const ext = req.fileExtension ?? adapter.getFileExtension();
     const filePath = `${SANDBOX_WORKDIR}/exec_${Date.now()}${ext}`;
-    if (this.readonlyRootFs) {
-      await writeFileViaExec(this.container, filePath, req.code);
-    } else {
-      const tar = createTarBuffer(filePath, req.code);
-      await this.container.putArchive(tar, { path: "/" });
-    }
+    await this.volumeManager.putFile(this.container, filePath, req.code);
     if (req.files) {
       for (const [fPath, fContent] of Object.entries(req.files)) {
-        if (this.readonlyRootFs) {
-          await writeFileViaExec(this.container, fPath, fContent);
-        } else {
-          const tar = createTarBuffer(fPath, fContent);
-          await this.container.putArchive(tar, { path: "/" });
-        }
+        await this.volumeManager.putFile(this.container, fPath, fContent);
       }
     }
     const rawCmd = adapter.getCommand(req.code, filePath);
     const timeoutSec = Math.ceil(timeoutMs / 1000);
     if (req.installPackages?.length) {
-      await installPackages(this.container, req.runtime, req.installPackages, timeoutMs);
+      await this.executionManager.installPackages(this.container, req.runtime, req.installPackages, timeoutMs);
     }
     let cmd;
     if (req.stdin) {
       const stdinPath = `${SANDBOX_WORKDIR}/_stdin_${Date.now()}`;
-      await writeFileViaExec(this.container, stdinPath, req.stdin);
+      await this.volumeManager.writeFileViaExec(this.container, stdinPath, req.stdin);
       const cmdStr = rawCmd.map((a) => `'${a.replace(/'/g, "'\\''")}' `).join("");
-      cmd = wrapWithTimeout(["sh", "-c", `cat ${stdinPath} | ${cmdStr}`], timeoutSec);
+      cmd = this.executionManager.wrapWithTimeout(["sh", "-c", `cat ${stdinPath} | ${cmdStr}`], timeoutSec);
     } else {
-      cmd = wrapWithTimeout(rawCmd, timeoutSec);
+      cmd = this.executionManager.wrapWithTimeout(rawCmd, timeoutSec);
     }
-    const execEnv = this.buildEnv(req.env);
+    const execEnv = this.executionManager.buildEnv(req.env, this.networkManager.proxyPort, this.network, this.networkFilter);
     const exec = await this.container.exec({
       Cmd: cmd,
       Env: execEnv,
@@ -2320,7 +2663,7 @@ class DockerIsol8 {
     });
     const start = performance.now();
     const execStream = await exec.start({ Tty: false });
-    const { stdout, stderr, truncated } = await this.collectExecOutput(execStream, this.container, timeoutMs);
+    const { stdout, stderr, truncated } = await this.executionManager.collectExecOutput(execStream, this.container, timeoutMs);
     const durationMs = Math.round(performance.now() - start);
     const inspectResult = await exec.inspect();
     let resourceUsage;
@@ -2349,8 +2692,8 @@ class DockerIsol8 {
       }
     }
     const result = {
-      stdout: this.postProcessOutput(stdout, truncated),
-      stderr: this.postProcessOutput(stderr, false),
+      stdout: this.executionManager.postProcessOutput(stdout, truncated),
+      stderr: this.executionManager.postProcessOutput(stderr, false),
       exitCode: inspectResult.ExitCode ?? 1,
       durationMs,
       truncated,
@@ -2368,22 +2711,7 @@ class DockerIsol8 {
     return result;
   }
   async retrieveFiles(container, paths) {
-    const files = {};
-    for (const p of paths) {
-      try {
-        const buf = this.readonlyRootFs ? await readFileViaExec(container, p) : await this.getFileFromContainer(container, p);
-        files[p] = buf.toString("base64");
-      } catch {}
-    }
-    return files;
-  }
-  async getFileFromContainer(container, path) {
-    const stream = await container.getArchive({ path });
-    const chunks = [];
-    for await (const chunk of stream) {
-      chunks.push(chunk);
-    }
-    return extractFromTar(Buffer.concat(chunks), path);
+    return this.volumeManager.retrieveFiles(container, paths);
   }
   async startPersistentContainer(adapter) {
     const image = await this.resolveImage(adapter);
@@ -2391,7 +2719,7 @@ class DockerIsol8 {
       Image: image,
       Cmd: ["sleep", "infinity"],
       WorkingDir: SANDBOX_WORKDIR,
-      Env: this.buildEnv(),
+      Env: this.executionManager.buildEnv(undefined, this.networkManager.proxyPort, this.network, this.networkFilter),
       NetworkDisabled: this.network === "none",
       HostConfig: this.buildHostConfig(),
       StopTimeout: 2,
@@ -2401,10 +2729,8 @@ class DockerIsol8 {
       }
     });
     await this.container.start();
-    if (this.network === "filtered") {
-      await startProxy(this.container, this.networkFilter);
-      await setupIptables(this.container);
-    }
+    await this.networkManager.startProxy(this.container);
+    await this.networkManager.setupIptables(this.container);
     this.persistentRuntime = adapter;
   }
   getAdapter(runtime) {
@@ -2468,181 +2794,6 @@ class DockerIsol8 {
     }
     throw new Error("Embedded default seccomp profile is unavailable");
   }
-  buildEnv(extra) {
-    const env = [
-      "PYTHONUNBUFFERED=1",
-      "PYTHONUSERBASE=/sandbox/.local",
-      "NPM_CONFIG_PREFIX=/sandbox/.npm-global",
-      "DENO_DIR=/sandbox/.deno",
-      "PATH=/sandbox/.local/bin:/sandbox/.npm-global/bin:/sandbox/.bun-global/bin:/usr/local/bin:/usr/bin:/bin",
-      "NODE_PATH=/usr/local/lib/node_modules:/sandbox/.npm-global/lib/node_modules:/sandbox/node_modules"
-    ];
-    for (const [key, value] of Object.entries(this.secrets)) {
-      env.push(`${key}=${value}`);
-    }
-    if (extra) {
-      for (const [key, value] of Object.entries(extra)) {
-        env.push(`${key}=${value}`);
-      }
-    }
-    if (this.network === "filtered") {
-      if (this.networkFilter) {
-        env.push(`ISOL8_WHITELIST=${JSON.stringify(this.networkFilter.whitelist)}`);
-        env.push(`ISOL8_BLACKLIST=${JSON.stringify(this.networkFilter.blacklist)}`);
-      }
-      env.push(`HTTP_PROXY=http://127.0.0.1:${PROXY_PORT}`);
-      env.push(`HTTPS_PROXY=http://127.0.0.1:${PROXY_PORT}`);
-      env.push(`http_proxy=http://127.0.0.1:${PROXY_PORT}`);
-      env.push(`https_proxy=http://127.0.0.1:${PROXY_PORT}`);
-    }
-    return env;
-  }
-  async* streamExecOutput(stream, exec, container, timeoutMs) {
-    const queue = [];
-    let resolve2 = null;
-    let done = false;
-    const push = (event) => {
-      queue.push(event);
-      if (resolve2) {
-        resolve2();
-        resolve2 = null;
-      }
-    };
-    const timer = setTimeout(() => {
-      push({ type: "error", data: "EXECUTION TIMED OUT" });
-      push({ type: "exit", data: "137" });
-      done = true;
-    }, timeoutMs);
-    const stdoutStream = new PassThrough;
-    const stderrStream = new PassThrough;
-    container.modem.demuxStream(stream, stdoutStream, stderrStream);
-    stdoutStream.on("data", (chunk) => {
-      let text = chunk.toString("utf-8");
-      if (Object.keys(this.secrets).length > 0) {
-        text = maskSecrets(text, this.secrets);
-      }
-      push({ type: "stdout", data: text });
-    });
-    stderrStream.on("data", (chunk) => {
-      let text = chunk.toString("utf-8");
-      if (Object.keys(this.secrets).length > 0) {
-        text = maskSecrets(text, this.secrets);
-      }
-      push({ type: "stderr", data: text });
-    });
-    stream.on("end", async () => {
-      clearTimeout(timer);
-      try {
-        const info = await exec.inspect();
-        push({ type: "exit", data: (info.ExitCode ?? 0).toString() });
-      } catch {
-        push({ type: "exit", data: "1" });
-      }
-      done = true;
-    });
-    stream.on("error", (err) => {
-      clearTimeout(timer);
-      push({ type: "error", data: err.message });
-      push({ type: "exit", data: "1" });
-      done = true;
-    });
-    while (!done || queue.length > 0) {
-      if (queue.length > 0) {
-        yield queue.shift();
-      } else if (resolve2) {
-        await new Promise((r) => {
-          resolve2 = r;
-        });
-      } else {
-        await new Promise((r) => setTimeout(r, 10));
-      }
-    }
-  }
-  async collectExecOutput(stream, container, timeoutMs) {
-    return new Promise((resolve2, reject) => {
-      let stdout = "";
-      let stderr = "";
-      let truncated = false;
-      let settled = false;
-      let stdoutEnded = false;
-      let stderrEnded = false;
-      const timer = setTimeout(() => {
-        if (settled) {
-          return;
-        }
-        settled = true;
-        if (stream.destroy) {
-          stream.destroy();
-        }
-        resolve2({ stdout, stderr: `${stderr}
---- EXECUTION TIMED OUT ---`, truncated });
-      }, timeoutMs);
-      const stdoutStream = new PassThrough;
-      const stderrStream = new PassThrough;
-      container.modem.demuxStream(stream, stdoutStream, stderrStream);
-      stdoutStream.on("data", (chunk) => {
-        stdout += chunk.toString("utf-8");
-        if (stdout.length > this.maxOutputSize) {
-          const result = truncateOutput(stdout, this.maxOutputSize);
-          stdout = result.text;
-          truncated = true;
-        }
-      });
-      stderrStream.on("data", (chunk) => {
-        stderr += chunk.toString("utf-8");
-        if (stderr.length > this.maxOutputSize) {
-          const result = truncateOutput(stderr, this.maxOutputSize);
-          stderr = result.text;
-          truncated = true;
-        }
-      });
-      const checkDone = () => {
-        if (settled) {
-          return;
-        }
-        if (stdoutEnded && stderrEnded) {
-          settled = true;
-          clearTimeout(timer);
-          resolve2({ stdout, stderr, truncated });
-        }
-      };
-      stdoutStream.on("end", () => {
-        stdoutEnded = true;
-        checkDone();
-      });
-      stderrStream.on("end", () => {
-        stderrEnded = true;
-        checkDone();
-      });
-      stream.on("error", (err) => {
-        if (settled) {
-          return;
-        }
-        settled = true;
-        clearTimeout(timer);
-        reject(err);
-      });
-      stream.on("end", () => {
-        if (settled) {
-          return;
-        }
-        setTimeout(() => {
-          if (!settled) {
-            stdoutEnded = true;
-            stderrEnded = true;
-            checkDone();
-          }
-        }, 100);
-      });
-    });
-  }
-  postProcessOutput(output, _truncated) {
-    let result = output;
-    if (Object.keys(this.secrets).length > 0) {
-      result = maskSecrets(result, this.secrets);
-    }
-    return result.trimEnd();
-  }
   static async cleanup(docker) {
     const dockerInstance = docker ?? new Docker;
     const containers = await dockerInstance.listContainers({ all: true });
@@ -2693,7 +2844,7 @@ init_logger();
 // package.json
 var package_default = {
   name: "@isol8/core",
-  version: "0.14.7",
+  version: "0.16.0",
   description: "Sandboxed code execution engine for AI agents and apps (Docker, runtime and network controls)",
   author: "Illusion47586",
   license: "MIT",
@@ -2721,7 +2872,7 @@ var package_default = {
     "test:prod": "echo 'No production tests in core package'",
     "lint:check": "ultracite check",
     "lint:fix": "ultracite fix",
-    schema: "ts-json-schema-generator --path src/types.ts --type Isol8UserConfig --tsconfig tsconfig.json -o schema/isol8.config.schema.json && ultracite fix schema/isol8.config.schema.json"
+    schema: "ts-json-schema-generator --path src/types.ts --type Isol8UserConfig --tsconfig tsconfig.json --no-type-check -o schema/isol8.config.schema.json && ultracite fix schema/isol8.config.schema.json"
   },
   dependencies: {
     dockerode: "^4.0.9",
@@ -2777,4 +2928,4 @@ export {
   BunAdapter
 };
 
-//# debugId=07DD5AE18A61308A64756E2164756E21
+//# debugId=A775CBFF7103831D64756E2164756E21