@isol8/core 0.17.0 → 0.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config.d.ts.map +1 -1
- package/dist/docker/Dockerfile +14 -2
- package/dist/engine/docker.d.ts +12 -2
- package/dist/engine/docker.d.ts.map +1 -1
- package/dist/engine/image-builder.d.ts +10 -22
- package/dist/engine/image-builder.d.ts.map +1 -1
- package/dist/engine/managers/execution-manager.d.ts +2 -0
- package/dist/engine/managers/execution-manager.d.ts.map +1 -1
- package/dist/engine/utils.d.ts +21 -1
- package/dist/engine/utils.d.ts.map +1 -1
- package/dist/index.d.ts +4 -4
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +319 -133
- package/dist/index.js.map +12 -11
- package/dist/runtime/adapter.d.ts +20 -0
- package/dist/runtime/adapter.d.ts.map +1 -1
- package/dist/runtime/adapters/agent.d.ts +19 -0
- package/dist/runtime/adapters/agent.d.ts.map +1 -0
- package/dist/runtime/index.d.ts +3 -2
- package/dist/runtime/index.d.ts.map +1 -1
- package/dist/types.d.ts +55 -27
- package/dist/types.d.ts.map +1 -1
- package/docker/Dockerfile +14 -2
- package/package.json +1 -1
- package/schema/isol8.config.schema.json +39 -46
package/dist/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C;;;GAGG;AACH,QAAA,MAAM,cAAc,EAAE,
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C;;;GAGG;AACH,QAAA,MAAM,cAAc,EAAE,WAgErB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,UAAU,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,WAAW,CAepD;AAkDD,OAAO,EAAE,cAAc,EAAE,CAAC"}
|
package/dist/docker/Dockerfile
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# ── Base ──────────────────────────────────────────────────────────────
|
|
2
2
|
FROM alpine:3.21 AS base
|
|
3
|
-
RUN apk add --no-cache tini curl ca-certificates iptables bash \
|
|
3
|
+
RUN apk add --no-cache tini curl ca-certificates iptables bash git \
|
|
4
4
|
&& addgroup -S sandbox && adduser -S sandbox -G sandbox -h /sandbox
|
|
5
5
|
COPY proxy.sh /usr/local/bin/proxy.sh
|
|
6
6
|
COPY proxy-handler.sh /usr/local/bin/proxy-handler.sh
|
|
@@ -28,7 +28,7 @@ CMD ["bun"]
|
|
|
28
28
|
|
|
29
29
|
# ── Deno ──────────────────────────────────────────────────────────────
|
|
30
30
|
FROM denoland/deno:alpine AS deno
|
|
31
|
-
RUN apk add --no-cache tini curl ca-certificates iptables bash \
|
|
31
|
+
RUN apk add --no-cache tini curl ca-certificates iptables bash git \
|
|
32
32
|
&& addgroup -S sandbox && adduser -S sandbox -G sandbox -h /sandbox
|
|
33
33
|
COPY proxy.sh /usr/local/bin/proxy.sh
|
|
34
34
|
COPY proxy-handler.sh /usr/local/bin/proxy-handler.sh
|
|
@@ -40,3 +40,15 @@ CMD ["deno"]
|
|
|
40
40
|
# ── Bash ──────────────────────────────────────────────────────────────
|
|
41
41
|
FROM base AS bash
|
|
42
42
|
CMD ["bash"]
|
|
43
|
+
|
|
44
|
+
# ── Agent ─────────────────────────────────────────────────────────────
|
|
45
|
+
FROM base AS agent
|
|
46
|
+
RUN apk add --no-cache unzip libstdc++ libgcc \
|
|
47
|
+
&& curl -fsSL https://bun.sh/install | bash \
|
|
48
|
+
&& mv /root/.bun/bin/bun /usr/local/bin/bun \
|
|
49
|
+
&& ln -s /usr/local/bin/bun /usr/local/bin/bunx \
|
|
50
|
+
&& bun install -g @mariozechner/pi-coding-agent \
|
|
51
|
+
&& cp -r /root/.bun/install /usr/local/share/bun-global \
|
|
52
|
+
&& printf '#!/bin/sh\nexec bun /usr/local/share/bun-global/global/node_modules/@mariozechner/pi-coding-agent/dist/cli.js "$@"\n' > /usr/local/bin/pi \
|
|
53
|
+
&& chmod +x /usr/local/bin/pi
|
|
54
|
+
CMD ["bash"]
|
package/dist/engine/docker.d.ts
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
* output sanitization.
|
|
7
7
|
*/
|
|
8
8
|
import Docker from "dockerode";
|
|
9
|
-
import type { ExecutionRequest, ExecutionResult, Isol8Engine, Isol8Options, StartOptions, StreamEvent } from "../types";
|
|
9
|
+
import type { ExecutionRequest, ExecutionResult, Isol8Engine, Isol8Options, StartOptions, StreamEvent } from "../types.js";
|
|
10
10
|
/** Options for constructing a {@link DockerIsol8} instance. Extends {@link Isol8Options} with Docker-specific settings. */
|
|
11
11
|
export interface DockerIsol8Options extends Isol8Options {
|
|
12
12
|
/** Custom dockerode instance. Defaults to connecting to the local Docker socket. */
|
|
@@ -48,7 +48,6 @@ export declare class DockerIsol8 implements Isol8Engine {
|
|
|
48
48
|
private readonly logNetwork;
|
|
49
49
|
private readonly poolStrategy;
|
|
50
50
|
private readonly poolSize;
|
|
51
|
-
private readonly dependencies;
|
|
52
51
|
private readonly auditLogger?;
|
|
53
52
|
private readonly remoteCodePolicy;
|
|
54
53
|
private readonly networkManager;
|
|
@@ -121,6 +120,17 @@ export declare class DockerIsol8 implements Isol8Engine {
|
|
|
121
120
|
private retrieveFiles;
|
|
122
121
|
private startPersistentContainer;
|
|
123
122
|
private getAdapter;
|
|
123
|
+
/**
|
|
124
|
+
* Validate agent runtime requirements. The agent runtime requires
|
|
125
|
+
* filtered network mode with at least one whitelist entry so that
|
|
126
|
+
* the AI coding agent can reach its LLM provider API.
|
|
127
|
+
*/
|
|
128
|
+
private validateAgentRuntime;
|
|
129
|
+
/**
|
|
130
|
+
* Build the execution command from the adapter. Prefers `getCommandWithOptions`
|
|
131
|
+
* when the adapter implements it, otherwise falls back to `getCommand`.
|
|
132
|
+
*/
|
|
133
|
+
private buildAdapterCommand;
|
|
124
134
|
private buildHostConfig;
|
|
125
135
|
private buildSecurityOpts;
|
|
126
136
|
private loadDefaultSeccompProfile;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../src/engine/docker.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,MAAM,MAAM,WAAW,CAAC;AAG/B,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,
|
|
1
|
+
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../src/engine/docker.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,MAAM,MAAM,WAAW,CAAC;AAG/B,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,WAAW,EAEX,YAAY,EAKZ,YAAY,EACZ,WAAW,EACZ,MAAM,aAAa,CAAC;AAcrB,2HAA2H;AAC3H,MAAM,WAAW,kBAAmB,SAAQ,YAAY;IACtD,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAsB;IACrD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAU;IACrC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAoB;IACjD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA4C;IACrE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmB;IAEpD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAChD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmB;IACpD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgB;IAE9C,OAAO,CAAC,SAAS,CAAiC;IAClD,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,IAAI,CAA8B;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA6B;YAE1C,uBAAuB;IA6BrC;;;OAGG;gBACS,OAAO,GAAE,kBAAuB,EAAE,aAAa,SAAK;IA2DhE;;;;;OAKG;IACG,KAAK,CAAC,OAAO,GAAE,YAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAuCtD,kFAAkF;IAC5E,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB3B;;;OAGG;IACG,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAiB9D;;OAEG;YACW,WAAW;IAoDzB;;OAEG;YACW,qBAAqB;IA8CnC;;OAEG;YACW,kBAAkB;IA+DhC;;;;;;;OAOG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOpE;;;;;;OAMG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAQ5C,6GAA6G;IAC7G,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED;;;OAGG;IACI,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC;YA8HzD,YAAY;IAuH1B,OAAO,CAAC,UAAU;YA2BJ,gBAAgB;YAmMhB,iBAAiB;YAqKjB,aAAa;YAOb,wBAAwB;IAsCtC,OAAO,CAAC,UAAU;IAIlB;;;;OAIG;IACH,OAAO,CAAC,oBAAoB;IAuB5B;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAc3B,OAAO,CAAC,eAAe;IA2BvB,OAAO,CAAC,iBAAiB;IA+BzB,OAAO,CAAC,yBAAyB;IA6BjC;;;;;;;;;;;;;;;;;;;;OAoBG;WACU,OAAO,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAC7C,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,EAAE,CAAC;KAClB,CAAC;IA0BF;;;;;OAKG;WACU,aAAa,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QACnD,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,EAAE,CAAC;KAClB,CAAC;CA2BH"}
|
|
@@ -6,7 +6,15 @@
|
|
|
6
6
|
* packages on top of the base images.
|
|
7
7
|
*/
|
|
8
8
|
import type Docker from "dockerode";
|
|
9
|
-
|
|
9
|
+
/** Label keys for image metadata */
|
|
10
|
+
export declare const LABELS: {
|
|
11
|
+
readonly dockerHash: "org.isol8.build.hash";
|
|
12
|
+
readonly depsHash: "org.isol8.deps.hash";
|
|
13
|
+
readonly runtime: "org.isol8.runtime";
|
|
14
|
+
readonly dependencies: "org.isol8.dependencies";
|
|
15
|
+
/** Shell script that runs before every execution when using this image. */
|
|
16
|
+
readonly setupScript: "org.isol8.setup";
|
|
17
|
+
};
|
|
10
18
|
/**
|
|
11
19
|
* Normalize package lists for stable tags/cache hits.
|
|
12
20
|
* - trims whitespace
|
|
@@ -15,12 +23,6 @@ import type { Isol8Config } from "../types";
|
|
|
15
23
|
* - sorts lexicographically
|
|
16
24
|
*/
|
|
17
25
|
export declare function normalizePackages(packages: string[]): string[];
|
|
18
|
-
/**
|
|
19
|
-
* Returns deterministic custom image tag for a runtime + package set.
|
|
20
|
-
* Uses a short deps hash suffix to avoid tag collisions across different
|
|
21
|
-
* dependency sets for the same runtime.
|
|
22
|
-
*/
|
|
23
|
-
export declare function getCustomImageTag(runtime: string, packages: string[]): string;
|
|
24
26
|
/** Progress update emitted during image builds. */
|
|
25
27
|
interface BuildProgress {
|
|
26
28
|
/** Runtime being built (e.g. `"python"`). */
|
|
@@ -44,21 +46,7 @@ type ProgressCallback = (progress: BuildProgress) => void;
|
|
|
44
46
|
* @param force - If true, always rebuild even if image is up to date.
|
|
45
47
|
*/
|
|
46
48
|
export declare function buildBaseImages(docker: Docker, onProgress?: ProgressCallback, force?: boolean, onlyRuntimes?: string[]): Promise<void>;
|
|
47
|
-
|
|
48
|
-
* Builds custom images with user-specified dependencies layered on top of
|
|
49
|
-
* the base images. Reads package lists from the config's `dependencies` field.
|
|
50
|
-
*
|
|
51
|
-
* Uses smart build logic: computes a hash of the dependency list and
|
|
52
|
-
* skips builds if the image already exists with matching hash.
|
|
53
|
-
* Cleans up dangling images after rebuilding.
|
|
54
|
-
*
|
|
55
|
-
* @param docker - Dockerode instance.
|
|
56
|
-
* @param config - Resolved isol8 configuration.
|
|
57
|
-
* @param onProgress - Optional callback for build progress updates.
|
|
58
|
-
* @param force - If true, always rebuild even if image is up to date.
|
|
59
|
-
*/
|
|
60
|
-
export declare function buildCustomImages(docker: Docker, config: Isol8Config, onProgress?: ProgressCallback, force?: boolean): Promise<void>;
|
|
61
|
-
export declare function buildCustomImage(docker: Docker, runtime: import("../types").Runtime | string, packages: string[], onProgress?: ProgressCallback, force?: boolean): Promise<void>;
|
|
49
|
+
export declare function buildCustomImage(docker: Docker, runtime: import("../types").Runtime | string, packages: string[], tag: string, onProgress?: ProgressCallback, force?: boolean, setupScript?: string): Promise<void>;
|
|
62
50
|
/**
|
|
63
51
|
* Checks if an image exists locally.
|
|
64
52
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"image-builder.d.ts","sourceRoot":"","sources":["../../src/engine/image-builder.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"image-builder.d.ts","sourceRoot":"","sources":["../../src/engine/image-builder.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AAkDpC,oCAAoC;AACpC,eAAO,MAAM,MAAM;;;;;IAKjB,2EAA2E;;CAEnE,CAAC;AA6CX;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAE9D;AAkCD,mDAAmD;AACnD,UAAU,aAAa;IACrB,6CAA6C;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC;IACtC,+DAA+D;IAC/D,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,KAAK,gBAAgB,GAAG,CAAC,QAAQ,EAAE,aAAa,KAAK,IAAI,CAAC;AAE1D;;;;;;;;;;;GAWG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,EACd,UAAU,CAAC,EAAE,gBAAgB,EAC7B,KAAK,UAAQ,EACb,YAAY,CAAC,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,IAAI,CAAC,CAuEf;AAED,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,UAAU,EAAE,OAAO,GAAG,MAAM,EAC5C,QAAQ,EAAE,MAAM,EAAE,EAClB,GAAG,EAAE,MAAM,EACX,UAAU,CAAC,EAAE,gBAAgB,EAC7B,KAAK,UAAQ,EACb,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,IAAI,CAAC,CA2Hf;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAOrF;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAa/F"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import type Docker from "dockerode";
|
|
2
2
|
import type { NetworkFilterConfig, Runtime, StreamEvent } from "../../types";
|
|
3
|
+
import type { VolumeManager } from "./volume-manager";
|
|
3
4
|
export interface ExecutionManagerOptions {
|
|
4
5
|
secrets: Record<string, string>;
|
|
5
6
|
maxOutputSize: number;
|
|
@@ -11,6 +12,7 @@ export declare class ExecutionManager {
|
|
|
11
12
|
wrapWithTimeout(cmd: string[], timeoutSec: number): string[];
|
|
12
13
|
getInstallCommand(runtime: Runtime, packages: string[]): string[];
|
|
13
14
|
installPackages(container: Docker.Container, runtime: Runtime, packages: string[], timeoutMs: number): Promise<void>;
|
|
15
|
+
runSetupScript(container: Docker.Container, script: string, timeoutMs: number, volumeManager: VolumeManager): Promise<void>;
|
|
14
16
|
streamExecOutput(stream: NodeJS.ReadableStream, exec: Docker.Exec, container: Docker.Container, timeoutMs: number): AsyncGenerator<StreamEvent>;
|
|
15
17
|
collectExecOutput(stream: NodeJS.ReadableStream, container: Docker.Container, timeoutMs: number): Promise<{
|
|
16
18
|
stdout: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"execution-manager.d.ts","sourceRoot":"","sources":["../../../src/engine/managers/execution-manager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,EAAE,mBAAmB,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"execution-manager.d.ts","sourceRoot":"","sources":["../../../src/engine/managers/execution-manager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,EAAE,mBAAmB,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG7E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;gBAE3B,OAAO,EAAE,uBAAuB;IAK5C,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE;IAI5D,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE;IA+B3D,eAAe,CACnB,SAAS,EAAE,MAAM,CAAC,SAAS,EAC3B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,MAAM,EAAE,EAClB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC;IA0EV,cAAc,CAClB,SAAS,EAAE,MAAM,CAAC,SAAS,EAC3B,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,aAAa,EAAE,aAAa,GAC3B,OAAO,CAAC,IAAI,CAAC;IAsET,gBAAgB,CACrB,MAAM,EAAE,MAAM,CAAC,cAAc,EAC7B,IAAI,EAAE,MAAM,CAAC,IAAI,EACjB,SAAS,EAAE,MAAM,CAAC,SAAS,EAC3B,SAAS,EAAE,MAAM,GAChB,cAAc,CAAC,WAAW,CAAC;IAuExB,iBAAiB,CACrB,MAAM,EAAE,MAAM,CAAC,cAAc,EAC7B,SAAS,EAAE,MAAM,CAAC,SAAS,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,OAAO,CAAA;KAAE,CAAC;IAwFlE,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,GAAG,MAAM;IAQ9D,QAAQ,CACN,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC9B,SAAS,CAAC,EAAE,MAAM,EAClB,WAAW,CAAC,EAAE,MAAM,EACpB,aAAa,CAAC,EAAE,mBAAmB,GAClC,MAAM,EAAE;CAmCZ"}
|
package/dist/engine/utils.d.ts
CHANGED
|
@@ -2,7 +2,8 @@
|
|
|
2
2
|
* @module engine/utils
|
|
3
3
|
*
|
|
4
4
|
* Low-level utility functions used by the Docker engine: memory parsing,
|
|
5
|
-
* output truncation, secret masking,
|
|
5
|
+
* output truncation, secret masking, POSIX tar archive creation/extraction,
|
|
6
|
+
* and sandbox path validation.
|
|
6
7
|
*/
|
|
7
8
|
/**
|
|
8
9
|
* Parses a human-readable memory limit string into bytes.
|
|
@@ -68,4 +69,23 @@ export declare function extractFromTar(tarBuffer: Buffer, targetPath: string): B
|
|
|
68
69
|
* @throws {Error} If the name contains invalid characters.
|
|
69
70
|
*/
|
|
70
71
|
export declare function validatePackageName(name: string): string;
|
|
72
|
+
/**
|
|
73
|
+
* Resolves and validates a working directory path to ensure it stays inside `/sandbox`.
|
|
74
|
+
*
|
|
75
|
+
* Accepts absolute paths under `/sandbox` or relative paths resolved from `/sandbox`.
|
|
76
|
+
* Rejects paths that resolve outside the sandbox boundary.
|
|
77
|
+
*
|
|
78
|
+
* @param workdir - The raw workdir value from the request (absolute or relative).
|
|
79
|
+
* @param sandboxRoot - The sandbox root path. @default "/sandbox"
|
|
80
|
+
* @returns The resolved absolute path inside `/sandbox`.
|
|
81
|
+
* @throws {Error} If the resolved path escapes `/sandbox`.
|
|
82
|
+
*
|
|
83
|
+
* @example
|
|
84
|
+
* ```typescript
|
|
85
|
+
* resolveWorkdir("subdir"); // "/sandbox/subdir"
|
|
86
|
+
* resolveWorkdir("/sandbox/a/b"); // "/sandbox/a/b"
|
|
87
|
+
* resolveWorkdir("../../etc"); // throws Error
|
|
88
|
+
* ```
|
|
89
|
+
*/
|
|
90
|
+
export declare function resolveWorkdir(workdir: string, sandboxRoot?: string): string;
|
|
71
91
|
//# sourceMappingURL=utils.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/engine/utils.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/engine/utils.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;;;;;;;;;;;GAYG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAiBtD;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,OAAO,CAAA;CAAE,CAetC;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAQjF;AAED;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CA8ClF;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAoC5E;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAQxD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,SAAa,GAAG,MAAM,CAMhF"}
|
package/dist/index.d.ts
CHANGED
|
@@ -10,10 +10,10 @@ export { loadConfig } from "./config";
|
|
|
10
10
|
export { Semaphore } from "./engine/concurrency";
|
|
11
11
|
export type { DockerIsol8Options } from "./engine/docker";
|
|
12
12
|
export { DockerIsol8 } from "./engine/docker";
|
|
13
|
-
export { buildBaseImages, buildCustomImage,
|
|
14
|
-
export { BunAdapter, bashAdapter, DenoAdapter, NodeAdapter, PythonAdapter, RuntimeRegistry, } from "./runtime";
|
|
15
|
-
export type { RuntimeAdapter } from "./runtime/adapter";
|
|
16
|
-
export type { AuthConfig, ExecutionRequest, ExecutionResult, Isol8Config, Isol8Engine, Isol8Mode, Isol8Options, NetworkFilterConfig, NetworkMode, RemoteCodePolicy, Runtime, SessionInfo, StreamEvent, WsClientMessage, WsServerMessage, } from "./types";
|
|
13
|
+
export { buildBaseImages, buildCustomImage, imageExists, LABELS, } from "./engine/image-builder";
|
|
14
|
+
export { AgentAdapter, BunAdapter, bashAdapter, DenoAdapter, NodeAdapter, PythonAdapter, RuntimeRegistry, } from "./runtime";
|
|
15
|
+
export type { RuntimeAdapter, RuntimeCommandOptions } from "./runtime/adapter";
|
|
16
|
+
export type { AuthConfig, ExecutionRequest, ExecutionResult, Isol8Config, Isol8Engine, Isol8Mode, Isol8Options, NetworkFilterConfig, NetworkMode, PrebuiltImageConfig, RemoteCodePolicy, Runtime, SessionInfo, StreamEvent, WsClientMessage, WsServerMessage, } from "./types";
|
|
17
17
|
export { logger } from "./utils/logger";
|
|
18
18
|
export { VERSION } from "./version";
|
|
19
19
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,MAAM,GACP,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,YAAY,EACZ,UAAU,EACV,WAAW,EACX,WAAW,EACX,WAAW,EACX,aAAa,EACb,eAAe,GAChB,MAAM,WAAW,CAAC;AACnB,YAAY,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAE/E,YAAY,EACV,UAAU,EACV,gBAAgB,EAChB,eAAe,EACf,WAAW,EACX,WAAW,EACX,SAAS,EACT,YAAY,EACZ,mBAAmB,EACnB,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,OAAO,EACP,WAAW,EACX,WAAW,EACX,eAAe,EACf,eAAe,GAChB,MAAM,SAAS,CAAC;AAEjB,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAExC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC"}
|