@isol8/core 0.18.0 → 0.20.0

package/dist/index.js

@@ -48,6 +48,37 @@ var init_adapter = __esm(() => {
   };
 });
 
+// src/runtime/adapters/agent.ts
+function shellQuote(s) {
+  return `'${s.replace(/'/g, "'\\''")}'`;
+}
+var SANDBOX_SYSTEM_PROMPT, AgentAdapter;
+var init_agent = __esm(() => {
+  SANDBOX_SYSTEM_PROMPT = "You are running inside an isol8 sandbox — a Docker container with strict " + "resource limits and controlled network access. isol8 exists to execute " + "untrusted code safely: outbound network is filtered to a whitelist, the " + "filesystem is ephemeral, and some system calls are restricted. Work within " + "these constraints: do not assume open internet access, do not rely on " + "persistent state across runs, and do not attempt to escape the sandbox.";
+  AgentAdapter = {
+    name: "agent",
+    image: "isol8:agent",
+    getCommand(code) {
+      return [
+        "bash",
+        "-c",
+        `pi --no-session --append-system-prompt ${shellQuote(SANDBOX_SYSTEM_PROMPT)} -p ${shellQuote(code)}`
+      ];
+    },
+    getCommandWithOptions(code, options) {
+      const flags = options.agentFlags ? `${options.agentFlags} ` : "";
+      return [
+        "bash",
+        "-c",
+        `pi --no-session --append-system-prompt ${shellQuote(SANDBOX_SYSTEM_PROMPT)} ${flags}-p ${shellQuote(code)}`
+      ];
+    },
+    getFileExtension() {
+      return ".txt";
+    }
+  };
+});
+
 // src/runtime/adapters/bash.ts
 var bashAdapter;
 var init_bash = __esm(() => {
@@ -149,12 +180,14 @@ var init_python = __esm(() => {
 // src/runtime/index.ts
 var init_runtime = __esm(() => {
   init_adapter();
+  init_agent();
   init_bash();
   init_bun();
   init_deno();
   init_node();
   init_python();
   init_adapter();
+  init_agent();
   init_bash();
   init_bun();
   init_deno();
@@ -165,6 +198,7 @@ var init_runtime = __esm(() => {
   RuntimeRegistry.register(BunAdapter);
   RuntimeRegistry.register(bashAdapter);
   RuntimeRegistry.register(DenoAdapter);
+  RuntimeRegistry.register(AgentAdapter);
 });
 
 // src/utils/logger.ts
@@ -530,9 +564,9 @@ ${setupLines}
       }
     }, (event) => {
       if (event.stream) {
-        process.stdout.write(event.stream);
+        onProgress?.({ runtime: String(runtime), status: "building", message: event.stream });
       } else if (event.error) {
-        console.error(event.error);
+        onProgress?.({ runtime: String(runtime), status: "error", message: event.error });
       }
     });
   });
@@ -1384,6 +1418,8 @@ class ExecutionManager {
         return ["npm", "install", "--prefix", "/sandbox", ...packages];
       case "bun":
         return ["bun", "install", "-g", "--global-dir=/sandbox/.bun-global", ...packages];
+      case "agent":
+        return ["bun", "install", "-g", "--global-dir=/sandbox/.bun-global", ...packages];
       case "deno":
         return ["sh", "-c", packages.map((p) => `deno cache ${p}`).join(" && ")];
       case "bash":
@@ -1411,7 +1447,7 @@ class ExecutionManager {
       env.push("npm_config_fetch_retry_mintimeout=1000");
       env.push("NPM_CONFIG_FETCH_RETRY_MAXTIMEOUT=2000");
       env.push("npm_config_fetch_retry_maxtimeout=2000");
-    } else if (runtime === "bun") {
+    } else if (runtime === "bun" || runtime === "agent") {
       env.push("BUN_INSTALL_GLOBAL_DIR=/sandbox/.bun-global");
       env.push("BUN_INSTALL_CACHE_DIR=/sandbox/.bun-cache");
       env.push("BUN_INSTALL_BIN=/sandbox/.bun-global/bin");
@@ -1455,7 +1491,7 @@ class ExecutionManager {
       stream.on("error", reject);
     });
   }
-  async runSetupScript(container, script, timeoutMs, volumeManager) {
+  async* runSetupScript(container, script, timeoutMs, volumeManager) {
     const scriptPath = "/sandbox/.isol8-setup.sh";
     await volumeManager.writeFileViaExec(container, scriptPath, script);
     const chmodExec = await container.exec({
@@ -1483,34 +1519,67 @@ class ExecutionManager {
       User: "sandbox"
     });
     const stream = await exec.start({ Detach: false, Tty: false });
-    return new Promise((resolve2, reject) => {
-      let stderr = "";
-      const stdoutStream = new PassThrough;
-      const stderrStream = new PassThrough;
-      container.modem.demuxStream(stream, stdoutStream, stderrStream);
-      stderrStream.on("data", (chunk) => {
-        const text = chunk.toString();
-        stderr += text;
-        logger.debug(`[setup:stderr] ${text.trimEnd()}`);
-      });
-      stdoutStream.on("data", (chunk) => {
-        const text = chunk.toString();
-        logger.debug(`[setup:stdout] ${text.trimEnd()}`);
-      });
-      stream.on("end", async () => {
-        try {
-          const info = await exec.inspect();
-          if (info.ExitCode !== 0) {
-            reject(new Error(`Setup script failed (exit code ${info.ExitCode}): ${stderr}`));
-          } else {
-            resolve2();
-          }
-        } catch (err) {
-          reject(err);
+    const queue = [];
+    let notify = null;
+    let done = false;
+    const push = (event) => {
+      queue.push(event);
+      if (notify) {
+        notify();
+        notify = null;
+      }
+    };
+    const timer = setTimeout(() => {
+      push({ type: "error", data: "SETUP SCRIPT TIMED OUT", phase: "setup" });
+      push({ type: "exit", data: "137", phase: "setup" });
+      done = true;
+    }, timeoutMs);
+    const stdoutStream = new PassThrough;
+    const stderrStream = new PassThrough;
+    container.modem.demuxStream(stream, stdoutStream, stderrStream);
+    stdoutStream.on("data", (chunk) => {
+      const text = chunk.toString("utf-8");
+      logger.debug(`[setup:stdout] ${text.trimEnd()}`);
+      push({ type: "stdout", data: text, phase: "setup" });
+    });
+    stderrStream.on("data", (chunk) => {
+      const text = chunk.toString("utf-8");
+      logger.debug(`[setup:stderr] ${text.trimEnd()}`);
+      push({ type: "stderr", data: text, phase: "setup" });
+    });
+    stream.on("end", async () => {
+      clearTimeout(timer);
+      try {
+        const info = await exec.inspect();
+        const exitCode = info.ExitCode ?? 0;
+        if (exitCode !== 0) {
+          push({
+            type: "error",
+            data: `Setup script failed (exit code ${exitCode})`,
+            phase: "setup"
+          });
         }
-      });
-      stream.on("error", reject);
+        push({ type: "exit", data: exitCode.toString(), phase: "setup" });
+      } catch {
+        push({ type: "exit", data: "1", phase: "setup" });
+      }
+      done = true;
+    });
+    stream.on("error", (err) => {
+      clearTimeout(timer);
+      push({ type: "error", data: err.message, phase: "setup" });
+      push({ type: "exit", data: "1", phase: "setup" });
+      done = true;
     });
+    while (!done || queue.length > 0) {
+      if (queue.length > 0) {
+        yield queue.shift();
+      } else {
+        await new Promise((r) => {
+          notify = r;
+        });
+      }
+    }
   }
   async* streamExecOutput(stream, exec, container, timeoutMs) {
     const queue = [];
@@ -1524,8 +1593,8 @@ class ExecutionManager {
       }
     };
     const timer = setTimeout(() => {
-      push({ type: "error", data: "EXECUTION TIMED OUT" });
-      push({ type: "exit", data: "137" });
+      push({ type: "error", data: "EXECUTION TIMED OUT", phase: "code" });
+      push({ type: "exit", data: "137", phase: "code" });
       done = true;
     }, timeoutMs);
     const stdoutStream = new PassThrough;
@@ -1536,29 +1605,29 @@ class ExecutionManager {
       if (Object.keys(this.secrets).length > 0) {
         text = maskSecrets(text, this.secrets);
       }
-      push({ type: "stdout", data: text });
+      push({ type: "stdout", data: text, phase: "code" });
     });
     stderrStream.on("data", (chunk) => {
       let text = chunk.toString("utf-8");
       if (Object.keys(this.secrets).length > 0) {
         text = maskSecrets(text, this.secrets);
       }
-      push({ type: "stderr", data: text });
+      push({ type: "stderr", data: text, phase: "code" });
     });
     stream.on("end", async () => {
       clearTimeout(timer);
       try {
         const info = await exec.inspect();
-        push({ type: "exit", data: (info.ExitCode ?? 0).toString() });
+        push({ type: "exit", data: (info.ExitCode ?? 0).toString(), phase: "code" });
       } catch {
-        push({ type: "exit", data: "1" });
+        push({ type: "exit", data: "1", phase: "code" });
       }
       done = true;
     });
     stream.on("error", (err) => {
       clearTimeout(timer);
-      push({ type: "error", data: err.message });
-      push({ type: "exit", data: "1" });
+      push({ type: "error", data: err.message, phase: "code" });
+      push({ type: "exit", data: "1", phase: "code" });
       done = true;
     });
     while (!done || queue.length > 0) {
@@ -2196,11 +2265,16 @@ class DockerIsol8 {
   async resolveExecutionRequest(req) {
     const inlineCode = req.code?.trim();
     const codeUrl = req.codeUrl?.trim();
-    if (inlineCode && codeUrl) {
-      throw new Error("ExecutionRequest.code and ExecutionRequest.codeUrl are mutually exclusive.");
+    const cmd = req.cmd?.trim();
+    const sourceCount = [inlineCode, codeUrl, cmd].filter(Boolean).length;
+    if (sourceCount > 1) {
+      throw new Error("ExecutionRequest.code, ExecutionRequest.codeUrl, and ExecutionRequest.cmd are mutually exclusive — provide exactly one.");
     }
-    if (!(inlineCode || codeUrl)) {
-      throw new Error("ExecutionRequest must include either code or codeUrl.");
+    if (sourceCount === 0) {
+      throw new Error("ExecutionRequest must include exactly one of: code, codeUrl, or cmd.");
+    }
+    if (cmd) {
+      return { ...req, cmd: req.cmd };
     }
     if (inlineCode) {
       return { ...req, code: req.code };
@@ -2311,6 +2385,7 @@ class DockerIsol8 {
     await this.semaphore.acquire();
     const startTime = Date.now();
     try {
+      this.validateAgentRuntime(req);
       const request = await this.resolveExecutionRequest(req);
       const result = this.mode === "persistent" ? await this.executePersistent(request, startTime) : await this.executeEphemeral(request, startTime);
       return result;
@@ -2321,7 +2396,7 @@ class DockerIsol8 {
   async recordAudit(req, result, startTime, container) {
     try {
       const enc = new TextEncoder;
-      const data = enc.encode(req.code);
+      const data = enc.encode(req.code ?? req.cmd ?? "");
       const digest = await crypto.subtle.digest("SHA-256", data);
       const codeHash = Array.from(new Uint8Array(digest)).map((b) => b.toString(16).padStart(2, "0")).join("");
       let securityEvents;
@@ -2452,74 +2527,173 @@ class DockerIsol8 {
   async* executeStream(req) {
     await this.semaphore.acquire();
     try {
+      this.validateAgentRuntime(req);
       const request = await this.resolveExecutionRequest(req);
-      const adapter = this.getAdapter(request.runtime);
-      const timeoutMs = request.timeoutMs ?? this.defaultTimeoutMs;
-      const resolved = await this.resolveImage(adapter, request.installPackages);
-      const image = resolved.image;
-      const execWorkdir = request.workdir ? resolveWorkdir(request.workdir) : SANDBOX_WORKDIR;
-      const container = await this.docker.createContainer({
-        Image: image,
-        Cmd: ["sleep", "infinity"],
-        WorkingDir: SANDBOX_WORKDIR,
-        Env: this.executionManager.buildEnv(undefined, this.networkManager.proxyPort, this.network, this.networkFilter),
-        NetworkDisabled: this.network === "none",
-        HostConfig: this.buildHostConfig(),
-        StopTimeout: 2
-      });
-      try {
-        await container.start();
-        await this.networkManager.startProxy(container);
-        await this.networkManager.setupIptables(container);
-        const ext = request.fileExtension ?? adapter.getFileExtension();
-        const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
-        await this.volumeManager.writeFileViaExec(container, filePath, request.code);
-        if (resolved.remainingPackages.length > 0) {
-          await this.executionManager.installPackages(container, request.runtime, resolved.remainingPackages, timeoutMs);
+      if (this.mode === "persistent") {
+        yield* this.executeStreamPersistent(request);
+      } else {
+        yield* this.executeStreamEphemeral(request);
+      }
+    } finally {
+      this.semaphore.release();
+    }
+  }
+  async* executeStreamPersistent(request) {
+    const adapter = this.getAdapter(request.runtime);
+    const timeoutMs = request.timeoutMs ?? this.defaultTimeoutMs;
+    const execWorkdir = request.workdir ? resolveWorkdir(request.workdir) : SANDBOX_WORKDIR;
+    let remainingPackages = request.installPackages ?? [];
+    let imageSetupScript;
+    if (!this.container) {
+      const started = await this.startPersistentContainer(adapter, request.installPackages);
+      remainingPackages = started.remainingPackages;
+      imageSetupScript = started.imageSetupScript;
+    } else if (this.persistentRuntime?.name !== adapter.name) {
+      throw new Error(`Cannot switch runtime from "${this.persistentRuntime?.name}" to "${adapter.name}". Each persistent container supports a single runtime. Create a new Isol8 instance for a different runtime.`);
+    }
+    let rawCmd;
+    if (request.cmd) {
+      rawCmd = ["bash", "-c", request.cmd];
+    } else {
+      const ext = request.fileExtension ?? adapter.getFileExtension();
+      const filePath = `${SANDBOX_WORKDIR}/exec_${Date.now()}${ext}`;
+      await this.volumeManager.putFile(this.container, filePath, request.code);
+      rawCmd = this.buildAdapterCommand(adapter, request, filePath);
+    }
+    if (request.files) {
+      for (const [fPath, fContent] of Object.entries(request.files)) {
+        await this.volumeManager.putFile(this.container, fPath, fContent);
+      }
+    }
+    if (remainingPackages.length > 0) {
+      await this.executionManager.installPackages(this.container, request.runtime, remainingPackages, timeoutMs);
+    }
+    if (imageSetupScript) {
+      let setupExitCode = 0;
+      for await (const event of this.executionManager.runSetupScript(this.container, imageSetupScript, timeoutMs, this.volumeManager)) {
+        yield event;
+        if (event.type === "exit") {
+          setupExitCode = Number(event.data);
+        }
+      }
+      if (setupExitCode !== 0) {
+        return;
+      }
+    }
+    if (request.setupScript) {
+      let setupExitCode = 0;
+      for await (const event of this.executionManager.runSetupScript(this.container, request.setupScript, timeoutMs, this.volumeManager)) {
+        yield event;
+        if (event.type === "exit") {
+          setupExitCode = Number(event.data);
         }
-        if (resolved.imageSetupScript) {
-          await this.executionManager.runSetupScript(container, resolved.imageSetupScript, timeoutMs, this.volumeManager);
+      }
+      if (setupExitCode !== 0) {
+        return;
+      }
+    }
+    const timeoutSec = Math.ceil(timeoutMs / 1000);
+    let cmd;
+    if (request.stdin) {
+      const stdinPath = `${SANDBOX_WORKDIR}/_stdin_${Date.now()}`;
+      await this.volumeManager.writeFileViaExec(this.container, stdinPath, request.stdin);
+      const cmdStr = rawCmd.map((a) => `'${a.replace(/'/g, "'\\''")}'`).join(" ");
+      cmd = this.executionManager.wrapWithTimeout(["sh", "-c", `cat ${stdinPath} | ${cmdStr}`], timeoutSec);
+    } else {
+      cmd = this.executionManager.wrapWithTimeout(rawCmd, timeoutSec);
+    }
+    const exec = await this.container.exec({
+      Cmd: cmd,
+      Env: this.executionManager.buildEnv(request.env, this.networkManager.proxyPort, this.network, this.networkFilter),
+      AttachStdout: true,
+      AttachStderr: true,
+      WorkingDir: execWorkdir,
+      User: "sandbox"
+    });
+    const execStream = await exec.start({ Tty: false });
+    yield* this.executionManager.streamExecOutput(execStream, exec, this.container, timeoutMs);
+  }
+  async* executeStreamEphemeral(request) {
+    const adapter = this.getAdapter(request.runtime);
+    const timeoutMs = request.timeoutMs ?? this.defaultTimeoutMs;
+    const resolved = await this.resolveImage(adapter, request.installPackages);
+    const image = resolved.image;
+    const execWorkdir = request.workdir ? resolveWorkdir(request.workdir) : SANDBOX_WORKDIR;
+    const pool = this.ensurePool();
+    const container = await pool.acquire(image);
+    try {
+      await this.networkManager.startProxy(container);
+      await this.networkManager.setupIptables(container);
+      if (resolved.remainingPackages.length > 0) {
+        await this.executionManager.installPackages(container, request.runtime, resolved.remainingPackages, timeoutMs);
+      }
+      if (resolved.imageSetupScript) {
+        let setupExitCode = 0;
+        for await (const event of this.executionManager.runSetupScript(container, resolved.imageSetupScript, timeoutMs, this.volumeManager)) {
+          yield event;
+          if (event.type === "exit") {
+            setupExitCode = Number(event.data);
+          }
         }
-        if (request.setupScript) {
-          await this.executionManager.runSetupScript(container, request.setupScript, timeoutMs, this.volumeManager);
+        if (setupExitCode !== 0) {
+          return;
         }
-        if (request.files) {
-          for (const [fPath, fContent] of Object.entries(request.files)) {
-            await this.volumeManager.writeFileViaExec(container, fPath, fContent);
+      }
+      if (request.setupScript) {
+        let setupExitCode = 0;
+        for await (const event of this.executionManager.runSetupScript(container, request.setupScript, timeoutMs, this.volumeManager)) {
+          yield event;
+          if (event.type === "exit") {
+            setupExitCode = Number(event.data);
           }
         }
-        const rawCmd = adapter.getCommand(request.code, filePath);
-        const timeoutSec = Math.ceil(timeoutMs / 1000);
-        let cmd;
-        if (request.stdin) {
-          const stdinPath = `${SANDBOX_WORKDIR}/_stdin`;
-          await this.volumeManager.writeFileViaExec(container, stdinPath, request.stdin);
-          const cmdStr = rawCmd.map((a) => `'${a.replace(/'/g, "'\\''")}'`).join(" ");
-          cmd = this.executionManager.wrapWithTimeout(["sh", "-c", `cat ${stdinPath} | ${cmdStr}`], timeoutSec);
-        } else {
-          cmd = this.executionManager.wrapWithTimeout(rawCmd, timeoutSec);
+        if (setupExitCode !== 0) {
+          return;
         }
-        const exec = await container.exec({
-          Cmd: cmd,
-          Env: this.executionManager.buildEnv(request.env, this.networkManager.proxyPort, this.network, this.networkFilter),
-          AttachStdout: true,
-          AttachStderr: true,
-          WorkingDir: execWorkdir,
-          User: "sandbox"
-        });
-        const execStream = await exec.start({ Tty: false });
-        yield* this.executionManager.streamExecOutput(execStream, exec, container, timeoutMs);
-      } finally {
-        if (this.persist) {
-          logger.debug(`[Persist] Leaving container running for inspection: ${container.id}`);
-        } else {
-          try {
-            await container.remove({ force: true });
-          } catch {}
+      }
+      if (request.files) {
+        for (const [fPath, fContent] of Object.entries(request.files)) {
+          await this.volumeManager.writeFileViaExec(container, fPath, fContent);
         }
       }
+      let rawCmd;
+      if (request.cmd) {
+        rawCmd = ["bash", "-c", request.cmd];
+      } else {
+        const ext = request.fileExtension ?? adapter.getFileExtension();
+        const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
+        await this.volumeManager.writeFileViaExec(container, filePath, request.code);
+        rawCmd = this.buildAdapterCommand(adapter, request, filePath);
+      }
+      const timeoutSec = Math.ceil(timeoutMs / 1000);
+      let cmd;
+      if (request.stdin) {
+        const stdinPath = `${SANDBOX_WORKDIR}/_stdin`;
+        await this.volumeManager.writeFileViaExec(container, stdinPath, request.stdin);
+        const cmdStr = rawCmd.map((a) => `'${a.replace(/'/g, "'\\''")}'`).join(" ");
+        cmd = this.executionManager.wrapWithTimeout(["sh", "-c", `cat ${stdinPath} | ${cmdStr}`], timeoutSec);
+      } else {
+        cmd = this.executionManager.wrapWithTimeout(rawCmd, timeoutSec);
+      }
+      const exec = await container.exec({
+        Cmd: cmd,
+        Env: this.executionManager.buildEnv(request.env, this.networkManager.proxyPort, this.network, this.networkFilter),
+        AttachStdout: true,
+        AttachStderr: true,
+        WorkingDir: execWorkdir,
+        User: "sandbox"
+      });
+      const execStream = await exec.start({ Tty: false });
+      yield* this.executionManager.streamExecOutput(execStream, exec, container, timeoutMs);
     } finally {
-      this.semaphore.release();
+      if (this.persist) {
+        logger.debug(`[Persist] Leaving container running for inspection: ${container.id}`);
+      } else {
+        pool.release(container, image).catch((err) => {
+          logger.debug(`[Pool] release failed: ${err}`);
+          container.remove({ force: true }).catch(() => {});
+        });
+      }
     }
   }
   async resolveImage(adapter, requestedPackages) {
@@ -2646,31 +2820,59 @@ class DockerIsol8 {
     try {
       await this.networkManager.startProxy(container);
       await this.networkManager.setupIptables(container);
-      const canUseInline = !(req.stdin || req.files || req.outputPaths) && (!req.installPackages || req.installPackages.length === 0);
       let rawCmd;
-      if (canUseInline) {
-        try {
-          rawCmd = adapter.getCommand(req.code);
-        } catch {
+      if (req.cmd) {
+        rawCmd = ["bash", "-c", req.cmd];
+      } else {
+        const canUseInline = !(req.stdin || req.files || req.outputPaths) && (!req.installPackages || req.installPackages.length === 0);
+        if (canUseInline) {
+          try {
+            rawCmd = this.buildAdapterCommand(adapter, req);
+          } catch {
+            const ext = req.fileExtension ?? adapter.getFileExtension();
+            const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
+            await this.volumeManager.writeFileViaExec(container, filePath, req.code);
+            rawCmd = this.buildAdapterCommand(adapter, req, filePath);
+          }
+        } else {
           const ext = req.fileExtension ?? adapter.getFileExtension();
           const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
           await this.volumeManager.writeFileViaExec(container, filePath, req.code);
-          rawCmd = adapter.getCommand(req.code, filePath);
+          rawCmd = this.buildAdapterCommand(adapter, req, filePath);
         }
-      } else {
-        const ext = req.fileExtension ?? adapter.getFileExtension();
-        const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
-        await this.volumeManager.writeFileViaExec(container, filePath, req.code);
-        rawCmd = adapter.getCommand(req.code, filePath);
       }
       if (resolved.remainingPackages.length > 0) {
         await this.executionManager.installPackages(container, req.runtime, resolved.remainingPackages, timeoutMs);
       }
       if (resolved.imageSetupScript) {
-        await this.executionManager.runSetupScript(container, resolved.imageSetupScript, timeoutMs, this.volumeManager);
+        let stderr2 = "";
+        let exitCode = 0;
+        for await (const event of this.executionManager.runSetupScript(container, resolved.imageSetupScript, timeoutMs, this.volumeManager)) {
+          if (event.type === "stderr") {
+            stderr2 += event.data;
+          }
+          if (event.type === "exit") {
+            exitCode = Number(event.data);
+          }
+        }
+        if (exitCode !== 0) {
+          throw new Error(`Setup script failed (exit code ${exitCode}): ${stderr2}`);
+        }
       }
       if (req.setupScript) {
-        await this.executionManager.runSetupScript(container, req.setupScript, timeoutMs, this.volumeManager);
+        let stderr2 = "";
+        let exitCode = 0;
+        for await (const event of this.executionManager.runSetupScript(container, req.setupScript, timeoutMs, this.volumeManager)) {
+          if (event.type === "stderr") {
+            stderr2 += event.data;
+          }
+          if (event.type === "exit") {
+            exitCode = Number(event.data);
+          }
+        }
+        if (exitCode !== 0) {
+          throw new Error(`Setup script failed (exit code ${exitCode}): ${stderr2}`);
+        }
       }
       const timeoutSec = Math.ceil(timeoutMs / 1000);
       let cmd;
@@ -2762,24 +2964,53 @@ class DockerIsol8 {
     } else if (this.persistentRuntime?.name !== adapter.name) {
       throw new Error(`Cannot switch runtime from "${this.persistentRuntime?.name}" to "${adapter.name}". Each persistent container supports a single runtime. Create a new Isol8 instance for a different runtime.`);
     }
-    const ext = req.fileExtension ?? adapter.getFileExtension();
-    const filePath = `${SANDBOX_WORKDIR}/exec_${Date.now()}${ext}`;
-    await this.volumeManager.putFile(this.container, filePath, req.code);
+    let rawCmd;
+    if (req.cmd) {
+      rawCmd = ["bash", "-c", req.cmd];
+    } else {
+      const ext = req.fileExtension ?? adapter.getFileExtension();
+      const filePath = `${SANDBOX_WORKDIR}/exec_${Date.now()}${ext}`;
+      await this.volumeManager.putFile(this.container, filePath, req.code);
+      rawCmd = this.buildAdapterCommand(adapter, req, filePath);
+    }
     if (req.files) {
       for (const [fPath, fContent] of Object.entries(req.files)) {
         await this.volumeManager.putFile(this.container, fPath, fContent);
       }
     }
-    const rawCmd = adapter.getCommand(req.code, filePath);
     const timeoutSec = Math.ceil(timeoutMs / 1000);
     if (remainingPackages.length > 0) {
       await this.executionManager.installPackages(this.container, req.runtime, remainingPackages, timeoutMs);
     }
     if (imageSetupScript) {
-      await this.executionManager.runSetupScript(this.container, imageSetupScript, timeoutMs, this.volumeManager);
+      let stderr2 = "";
+      let exitCode = 0;
+      for await (const event of this.executionManager.runSetupScript(this.container, imageSetupScript, timeoutMs, this.volumeManager)) {
+        if (event.type === "stderr") {
+          stderr2 += event.data;
+        }
+        if (event.type === "exit") {
+          exitCode = Number(event.data);
+        }
+      }
+      if (exitCode !== 0) {
+        throw new Error(`Setup script failed (exit code ${exitCode}): ${stderr2}`);
+      }
     }
     if (req.setupScript) {
-      await this.executionManager.runSetupScript(this.container, req.setupScript, timeoutMs, this.volumeManager);
+      let stderr2 = "";
+      let exitCode = 0;
+      for await (const event of this.executionManager.runSetupScript(this.container, req.setupScript, timeoutMs, this.volumeManager)) {
+        if (event.type === "stderr") {
+          stderr2 += event.data;
+        }
+        if (event.type === "exit") {
+          exitCode = Number(event.data);
+        }
+      }
+      if (exitCode !== 0) {
+        throw new Error(`Setup script failed (exit code ${exitCode}): ${stderr2}`);
+      }
     }
     let cmd;
     if (req.stdin) {
@@ -2878,6 +3109,30 @@ class DockerIsol8 {
   getAdapter(runtime) {
     return RuntimeRegistry.get(runtime);
   }
+  validateAgentRuntime(req) {
+    if (req.runtime !== "agent") {
+      return;
+    }
+    if (this.network === "none") {
+      throw new Error(`Agent runtime requires network access. The AI coding agent needs to reach its LLM provider API. Use --net host, or --net filtered --allow "api.anthropic.com" (or your provider's domain).`);
+    }
+    if (this.network === "filtered") {
+      const whitelist = this.networkFilter?.whitelist ?? [];
+      if (whitelist.length === 0) {
+        throw new Error(`Agent runtime requires at least one network whitelist entry. The AI coding agent needs to reach its LLM provider API. Use --allow "api.anthropic.com" (or your provider's domain).`);
+      }
+    }
+  }
+  buildAdapterCommand(adapter, req, filePath) {
+    const code = req.code ?? "";
+    if (adapter.getCommandWithOptions) {
+      return adapter.getCommandWithOptions(code, {
+        filePath,
+        agentFlags: req.agentFlags
+      });
+    }
+    return adapter.getCommand(code, filePath);
+  }
   buildHostConfig() {
     const config = {
       Memory: parseMemoryLimit(this.memoryLimit),
@@ -2986,7 +3241,7 @@ init_logger();
 // package.json
 var package_default = {
   name: "@isol8/core",
-  version: "0.18.0",
+  version: "0.20.0",
   description: "Sandboxed code execution engine for AI agents and apps (Docker, runtime and network controls)",
   author: "Illusion47586",
   license: "MIT",
@@ -3067,7 +3322,8 @@ export {
   LABELS,
   DockerIsol8,
   DenoAdapter,
-  BunAdapter
+  BunAdapter,
+  AgentAdapter
 };
 
-//# debugId=014F8E5DF8C3A76364756E2164756E21
+//# debugId=767B2279906CCA3764756E2164756E21