@nekzus/liop 2.0.0-alpha.1 → 2.0.0-alpha.2

package/dist/sandbox/wasi.d.ts

@@ -1,36 +0,0 @@
-export interface SandboxConfig {
-    allowEnv?: boolean;
-    allowedDirectories?: Record<string, string>;
-    memoryLimitMb?: number;
-}
-/**
- * LIOP WasiSandbox (Industrial Grade)
- *
- * Provides a production-grade isolated environment for executing untrusted logic.
- * Primarily uses WebAssembly (WASI) for byte-code isolation, with a hardened
- * V8 Isolate fallback for dynamic JS-to-WASM logic injection.
- */
-export declare class WasiSandbox {
-    private wasi;
-    private sandboxId;
-    private workingDir;
-    private config;
-    private stdoutHandle;
-    private stderrHandle;
-    constructor(config?: SandboxConfig);
-    /**
-     * Initializes the physical sandbox environment with strict directory lockdown.
-     */
-    init(): Promise<void>;
-    /**
-     * Executes logic (WASM or JS-Wrapped) with hard resource limits.
-     */
-    execute(compiledLogic: Buffer | string, records?: Record<string, unknown>[], inputs?: Record<string, unknown>): Promise<{
-        output: unknown;
-        fuelConsumed: number;
-    }>;
-    /**
-     * Physically cleans up the sandbox and releases resources.
-     */
-    teardown(): Promise<void>;
-}

package/dist/sandbox/wasi.js

@@ -1,233 +0,0 @@
-import crypto from "node:crypto";
-import * as fs from "node:fs/promises";
-import * as os from "node:os";
-import * as path from "node:path";
-import vm from "node:vm";
-import { WASI } from "node:wasi";
-import { ASTGuardian } from "./guardian.js";
-// Silence Node.js ExperimentalWarning for WASI (Industrial console parity)
-const originalEmit = process.emit;
-// @ts-expect-error
-process.emit = (name, data, ...args) => {
-    if ((name === "warning" &&
-        typeof data === "object" &&
-        data.name === "ExperimentalWarning" &&
-        String(data.message).includes("WASI")) ||
-        String(data.message).includes("importing WASI")) {
-        return false;
-    }
-    return originalEmit.call(process, name, data, ...args);
-};
-/**
- * LIOP WasiSandbox (Industrial Grade)
- *
- * Provides a production-grade isolated environment for executing untrusted logic.
- * Primarily uses WebAssembly (WASI) for byte-code isolation, with a hardened
- * V8 Isolate fallback for dynamic JS-to-WASM logic injection.
- */
-export class WasiSandbox {
-    wasi;
-    sandboxId;
-    workingDir;
-    config;
-    stdoutHandle = null;
-    stderrHandle = null;
-    constructor(config = {}) {
-        this.sandboxId = crypto.randomUUID();
-        // Use a dedicated LIOP directory in the OS temp folder
-        this.workingDir = path.join(os.tmpdir(), "liop-mesh", "sandboxes", this.sandboxId);
-        this.config = config;
-    }
-    /**
-     * Initializes the physical sandbox environment with strict directory lockdown.
-     */
-    async init() {
-        try {
-            await fs.mkdir(this.workingDir, { recursive: true });
-            // Initialize WASI with explicit limits
-            this.stdoutHandle = await fs.open(path.join(this.workingDir, "stdout.log"), "w+");
-            this.stderrHandle = await fs.open(path.join(this.workingDir, "stderr.log"), "w+");
-            this.wasi = new WASI({
-                version: "preview1",
-                args: ["liop_runtime"],
-                env: this.config.allowEnv
-                    ? process.env
-                    : {
-                        NODE_ENV: "production",
-                        LIOP_NODE: "true",
-                        RUNTIME_ID: this.sandboxId,
-                    },
-                preopens: {
-                    "/sandbox": this.workingDir,
-                    ...this.config.allowedDirectories,
-                },
-                stdout: this.stdoutHandle.fd,
-                stderr: this.stderrHandle.fd,
-            });
-        }
-        catch (error) {
-            throw new Error(`Sandbox Initialization Failed: ${error instanceof Error ? error.message : "FS Error"}`);
-        }
-    }
-    /**
-     * Executes logic (WASM or JS-Wrapped) with hard resource limits.
-     */
-    async execute(compiledLogic, records = [], inputs = {}) {
-        const startTime = performance.now();
-        if (compiledLogic instanceof Buffer) {
-            // Path A: Native WebAssembly Isolation
-            try {
-                const module = await WebAssembly.compile(new Uint8Array(compiledLogic));
-                // Tier-0 Guardian: Static analysis to prevent sandbox escapes
-                ASTGuardian.analyze(module);
-                const instance = await WebAssembly.instantiate(module, this.wasi.getImportObject());
-                // Standard entry point
-                this.wasi.start(instance);
-                // Capture output from the sandbox
-                const stdoutPath = path.join(this.workingDir, "stdout.log");
-                const stderrPath = path.join(this.workingDir, "stderr.log");
-                const stdout = await fs.readFile(stdoutPath, "utf-8");
-                const stderr = await fs.readFile(stderrPath, "utf-8");
-                const duration = performance.now() - startTime;
-                return {
-                    output: stdout || (stderr ? `Error: ${stderr}` : "WASM_EXECUTION_SUCCESS"),
-                    fuelConsumed: Math.floor(duration * 1000),
-                };
-            }
-            catch (error) {
-                throw new Error(`WASM Runtime Error: ${error instanceof Error ? error.message : String(error)}`);
-            }
-        }
-        else {
-            // Path B: Hardened V8 Isolate Fallback
-            // Uses node:vm with zero-prototype objects to prevent prototype pollution escapes.
-            // biome-ignore lint/suspicious/noExplicitAny: Required for Sandbox global poisoning
-            const sandboxEnv = Object.create(null); // Isolated global object
-            const env = { records, ...inputs };
-            // Explicitly poison Node.js escape vectors in the context
-            sandboxEnv.require = undefined;
-            sandboxEnv.process = undefined;
-            sandboxEnv.global = undefined;
-            sandboxEnv.globalThis = undefined;
-            sandboxEnv.Buffer = undefined;
-            sandboxEnv.setTimeout = undefined;
-            sandboxEnv.setInterval = undefined;
-            sandboxEnv.setImmediate = undefined;
-            sandboxEnv.queueMicrotask = undefined;
-            sandboxEnv.eval = undefined;
-            sandboxEnv.Function = undefined;
-            sandboxEnv.SharedArrayBuffer = undefined;
-            sandboxEnv.Date = undefined;
-            // [DoS Defense] Block off-heap memory allocation vectors.
-            // Logic-on-Origin operates on JSON data (env.records) — binary buffers
-            // serve no legitimate purpose and enable memory exhaustion DoS.
-            // (Uint8Array(2GB) bypassed Piscina's maxOldGenerationSizeMb limit)
-            sandboxEnv.ArrayBuffer = undefined;
-            sandboxEnv.Uint8Array = undefined;
-            sandboxEnv.Int8Array = undefined;
-            sandboxEnv.Uint16Array = undefined;
-            sandboxEnv.Int16Array = undefined;
-            sandboxEnv.Uint32Array = undefined;
-            sandboxEnv.Int32Array = undefined;
-            sandboxEnv.Float32Array = undefined;
-            sandboxEnv.Float64Array = undefined;
-            sandboxEnv.BigInt64Array = undefined;
-            sandboxEnv.BigUint64Array = undefined;
-            sandboxEnv.DataView = undefined;
-            // Inject strictly monitored globals
-            sandboxEnv.records = JSON.parse(JSON.stringify(records)); // Deep copy safety
-            sandboxEnv.env = JSON.parse(JSON.stringify(env));
-            for (const [key, value] of Object.entries(inputs)) {
-                sandboxEnv[key] = JSON.parse(JSON.stringify(value));
-            }
-            // Freeze the sandbox context to prevent mutation (SEC-GAP-1)
-            // biome-ignore lint/suspicious/noExplicitAny: Required for recursive deep freeze of unknown data
-            const deepFreeze = (obj) => {
-                if (obj && typeof obj === "object" && !Object.isFrozen(obj)) {
-                    Object.freeze(obj);
-                    for (const key of Object.keys(obj)) {
-                        deepFreeze(obj[key]);
-                    }
-                }
-                return obj;
-            };
-            deepFreeze(sandboxEnv.records);
-            deepFreeze(sandboxEnv.env);
-            // Prevent property addition/modification on global scope
-            for (const key of Object.keys(sandboxEnv)) {
-                Object.defineProperty(sandboxEnv, key, {
-                    writable: false,
-                    configurable: false,
-                });
-            }
-            // LIOP Execution Wrapper
-            // Host-side logic transformation to avoid 'new Function' in sandbox
-            let processedLogic = String(compiledLogic);
-            if (/^\s*return\s/m.test(processedLogic) ||
-                !processedLogic.includes("function liop_main")) {
-                if (!processedLogic.includes("function liop_main")) {
-                    processedLogic = `function liop_main(env) {\n${processedLogic}\n}`;
-                }
-            }
-            const scriptCode = `
-				(function() {
-					try {
-						Object.freeze(Object.prototype);
-						Object.freeze(Array.prototype);
-						Object.freeze(String.prototype);
-						Object.freeze(Number.prototype);
-						Object.freeze(Boolean.prototype);
-						Object.freeze(Object.getPrototypeOf(function(){}));
-
-						${processedLogic}
-						if (typeof liop_main === 'function') {
-							return liop_main(env);
-						}
-						return "ERR_NO_ENTRY_POINT";
-					} catch(e) {
-						return "LogicError: " + e.message;
-					}
-				})();
-			`;
-            try {
-                const script = new vm.Script(scriptCode, {
-                    filename: `liop-sandbox-${this.sandboxId.slice(0, 8)}.js`,
-                });
-                const context = vm.createContext(sandboxEnv, {
-                    name: "LIOP Isolate",
-                    origin: "liop://sandbox",
-                });
-                // Execution with hard CPU and Memory limits (Fuel)
-                const output = script.runInContext(context, {
-                    timeout: 5000,
-                    breakOnSigint: true,
-                    displayErrors: true,
-                });
-                const duration = performance.now() - startTime;
-                const fuelUsed = Math.floor(duration * 1500 + 100);
-                if (fuelUsed > 1000000) {
-                    throw new Error("LIOP_RESOURCE_EXHAUSTED: Execution fuel limit exceeded.");
-                }
-                return { output, fuelConsumed: fuelUsed };
-            }
-            catch (error) {
-                throw new Error(`V8 Isolate Fault: ${error instanceof Error ? error.message : "Execution Timeout"}`);
-            }
-        }
-    }
-    /**
-     * Physically cleans up the sandbox and releases resources.
-     */
-    async teardown() {
-        try {
-            if (this.stdoutHandle)
-                await this.stdoutHandle.close();
-            if (this.stderrHandle)
-                await this.stderrHandle.close();
-            await fs.rm(this.workingDir, { recursive: true, force: true });
-        }
-        catch (_e) {
-            // Silent fail on teardown to prevent process crashes
-        }
-    }
-}

package/dist/security/guardian.d.ts

@@ -1,22 +0,0 @@
-/**
- * Represents a violation of the LIOP Zero-Trust Sandbox policy.
- */
-export declare class GuardianViolationError extends Error {
-    constructor(message: string);
-}
-/**
- * LIOP Guardian-TS (TypeScript Validator)
- * Emulates the zero-time AST inspection done by `wasmparser` in Rust.
- * Scans the WebAssembly module imports before instantiation to prevent
- * sandbox escapes and limits execution strictly to WASI and LIOP APIs.
- */
-export declare const GuardianTS: {
-    /**
-     * Scans raw WASM bytes to ensure 100% compliance with LIOP Logic-on-Origin boundaries.
-     *
-     * @param wasmBytes The raw compiled `.wasm` buffer to inspect
-     * @returns A parsed WebAssembly.Module proven safe for sandboxed execution
-     * @throws {GuardianViolationError} If forbidden host imports are detected
-     */
-    analyzeAst(wasmBytes: Uint8Array | Buffer): Promise<WebAssembly.Module>;
-};

package/dist/security/guardian.js

@@ -1,52 +0,0 @@
-import { log } from "../utils/logger.js";
-/**
- * Represents a violation of the LIOP Zero-Trust Sandbox policy.
- */
-export class GuardianViolationError extends Error {
-    constructor(message) {
-        super(`[AST Security Violation]: ${message}`);
-        this.name = "GuardianViolationError";
-    }
-}
-/**
- * LIOP Guardian-TS (TypeScript Validator)
- * Emulates the zero-time AST inspection done by `wasmparser` in Rust.
- * Scans the WebAssembly module imports before instantiation to prevent
- * sandbox escapes and limits execution strictly to WASI and LIOP APIs.
- */
-export const GuardianTS = {
-    /**
-     * Scans raw WASM bytes to ensure 100% compliance with LIOP Logic-on-Origin boundaries.
-     *
-     * @param wasmBytes The raw compiled `.wasm` buffer to inspect
-     * @returns A parsed WebAssembly.Module proven safe for sandboxed execution
-     * @throws {GuardianViolationError} If forbidden host imports are detected
-     */
-    async analyzeAst(wasmBytes) {
-        log.info("[Guardian-TS] Starting Zero-Time AST heuristic inspection...");
-        // This throws if the WASM is structurally invalid or a decompression bomb
-        let module;
-        try {
-            // Convert Node Buffer to a raw Uint8Array pure BufferSource
-            const bufferSource = new Uint8Array(wasmBytes);
-            module = await WebAssembly.compile(bufferSource);
-        }
-        catch (e) {
-            throw new GuardianViolationError(`Payload structurally invalid or potential bomb: ${e.message}`);
-        }
-        // Heuristic Import Scanning
-        // Extract all imported functions/memories from the AST
-        const imports = WebAssembly.Module.imports(module);
-        let importCount = 0;
-        for (const imp of imports) {
-            // Strict Sandbox Validation: Only allow WASI preview 1 and native LIOP functions.
-            // Reject any custom or unexpected host imports (e.g. `env.shell_exec`, `fs.open`).
-            if (imp.module !== "wasi_snapshot_preview1" && imp.module !== "LIOP") {
-                throw new GuardianViolationError(`Banned Host Import Detected: ${imp.module}/${imp.name}`);
-            }
-            importCount++;
-        }
-        log.info(`[Guardian-TS] OK: AST clean. Validated ${importCount} WASI/LIOP imports.`);
-        return module;
-    },
-};

package/dist/security/zk.d.ts

@@ -1,37 +0,0 @@
-export interface ZkReceipt {
-    /** Cryptographic proof generated by a zero-knowledge VM (e.g., RISC Zero, SP1) */
-    proof: Buffer;
-    /** The public inputs/outputs of the execution (the "Journal" in RISC Zero terminology) */
-    journal: Buffer;
-    /** The expected image ID / verification key of the WASM binary that was executed */
-    imageId: Buffer;
-}
-export declare class ZkVerificationError extends Error {
-    constructor(message: string);
-}
-/**
- * ZK-Proofs Verifier for Logic-Injection-on-Origin Protocol (LIOP)
- *
- * Validates that an executed Logic (WASM) actually produced the reported output,
- * verifying the Zero-Knowledge receipt generated by the remote host's Trusted Execution
- * Environment (TEE) or zkVM (Zero-Knowledge Virtual Machine).
- */
-export declare const ZkVerifier: {
-    /**
-     * Validates a ZK receipt using structural Binary Receipt verification.
-     * Parses the HMAC-SHA256 commitment format (v1) and verifies journal integrity.
-     *
-     * @param receipt - Complete ZkReceipt to verify
-     * @param expectedImageId - Hash or ImageID of the WASM file dispatched to the host
-     * @throws ZkVerificationError if the proof is invalid or image IDs mismatch
-     * @returns true if the proof mathematically verifies the execution
-     */
-    verify(receipt: ZkReceipt, expectedImageId: Buffer, sessionSecret?: Buffer): boolean;
-    /**
-     * Derives a predictable ImageID (usually a Hash) from a raw WASM binary.
-     *
-     * @param wasmBytes - The raw bytes of the WASM logic file
-     * @returns The SHA-256 ImageID of the logic
-     */
-    deriveImageId(wasmBytes: Buffer): Buffer;
-};

package/dist/security/zk.js

@@ -1,76 +0,0 @@
-import crypto from "node:crypto";
-export class ZkVerificationError extends Error {
-    constructor(message) {
-        super(`ZK Verification Failed: ${message}`);
-        this.name = "ZkVerificationError";
-    }
-}
-/**
- * ZK-Proofs Verifier for Logic-Injection-on-Origin Protocol (LIOP)
- *
- * Validates that an executed Logic (WASM) actually produced the reported output,
- * verifying the Zero-Knowledge receipt generated by the remote host's Trusted Execution
- * Environment (TEE) or zkVM (Zero-Knowledge Virtual Machine).
- */
-export const ZkVerifier = {
-    /**
-     * Validates a ZK receipt using structural Binary Receipt verification.
-     * Parses the HMAC-SHA256 commitment format (v1) and verifies journal integrity.
-     *
-     * @param receipt - Complete ZkReceipt to verify
-     * @param expectedImageId - Hash or ImageID of the WASM file dispatched to the host
-     * @throws ZkVerificationError if the proof is invalid or image IDs mismatch
-     * @returns true if the proof mathematically verifies the execution
-     */
-    verify(receipt, expectedImageId, sessionSecret) {
-        // 1. Verify Image ID (Ensures the host executed the exact logic we sent, not a malicious one)
-        if (!receipt.imageId.equals(expectedImageId)) {
-            throw new ZkVerificationError("ImageID mismatch. The remote origin executed a different WASM payload.");
-        }
-        // 2. Validate Proof Structure
-        if (receipt.proof.length === 0) {
-            throw new ZkVerificationError("Empty or malformed zero-knowledge proof array.");
-        }
-        // 3. Cryptographic Validation (Binary Receipt)
-        const proofBuf = Buffer.from(receipt.proof);
-        if (proofBuf.length < 35 || proofBuf[0] !== 0x01) {
-            throw new ZkVerificationError("Malformed receipt: invalid header or length.");
-        }
-        const journalLen = proofBuf.readUInt16BE(1);
-        const journal = proofBuf.subarray(3, 3 + journalLen);
-        const seal = proofBuf.subarray(3 + journalLen);
-        if (seal.length !== 32) {
-            throw new ZkVerificationError("Invalid seal: expected 32-byte HMAC-SHA256.");
-        }
-        // Verify journal contains matching imageId
-        try {
-            const journalData = JSON.parse(journal.toString());
-            if (journalData.image_id !== receipt.imageId.toString("hex")) {
-                throw new ZkVerificationError("Journal imageId does not match receipt header.");
-            }
-        }
-        catch (_e) {
-            throw new ZkVerificationError("Failed to parse journal data.");
-        }
-        // 4. Mathematical Verification (HMAC-SHA256)
-        if (sessionSecret && sessionSecret.length > 0) {
-            const expectedSeal = crypto
-                .createHmac("sha256", sessionSecret)
-                .update(journal)
-                .digest();
-            if (!crypto.timingSafeEqual(seal, expectedSeal)) {
-                throw new ZkVerificationError("Invalid seal: HMAC verification failed.");
-            }
-        }
-        return true;
-    },
-    /**
-     * Derives a predictable ImageID (usually a Hash) from a raw WASM binary.
-     *
-     * @param wasmBytes - The raw bytes of the WASM logic file
-     * @returns The SHA-256 ImageID of the logic
-     */
-    deriveImageId(wasmBytes) {
-        return crypto.createHash("sha256").update(wasmBytes).digest();
-    },
-};