@secure-exec/browser 0.0.0-agentos-dylib-base.edaa4a4

package/dist/runtime-driver.js

@@ -0,0 +1,611 @@
+import { decodeChildProcessInput, encodeChildProcessBytes, parseChildProcessSpawnRequest, } from "./child-process-bridge.js";
+import { getBrowserSystemDriverOptions } from "./driver.js";
+import { toUint8Array } from "./encoding.js";
+import { createNetworkStub, wrapCommandExecutor } from "./runtime.js";
+import { applyProcessSignalStateUpdate, parseProcessSignalStateArgs, } from "./signals.js";
+import { assertBrowserSyncBridgeSupport, createBrowserSyncBridgePayload, isBrowserWorkerSyncOperation, SYNC_BRIDGE_KIND_BINARY, SYNC_BRIDGE_KIND_JSON, SYNC_BRIDGE_KIND_NONE, SYNC_BRIDGE_KIND_TEXT, SYNC_BRIDGE_PAYLOAD_LIMIT_ERROR_CODE, SYNC_BRIDGE_SIGNAL_KIND_INDEX, SYNC_BRIDGE_SIGNAL_LENGTH_INDEX, SYNC_BRIDGE_SIGNAL_STATE_INDEX, SYNC_BRIDGE_SIGNAL_STATE_READY, SYNC_BRIDGE_SIGNAL_STATUS_INDEX, SYNC_BRIDGE_STATUS_ERROR, SYNC_BRIDGE_STATUS_OK, toBrowserSyncBridgeError, } from "./sync-bridge.js";
+const DEFAULT_BROWSER_TIMING_MITIGATION = "freeze";
+const BROWSER_OPTION_VALIDATORS = [
+    {
+        label: "memoryLimit",
+        hasValue: (options) => options.memoryLimit !== undefined,
+    },
+    {
+        label: "cpuTimeLimitMs",
+        hasValue: (options) => options.cpuTimeLimitMs !== undefined,
+    },
+];
+function serializePermissions(permissions) {
+    if (!permissions) {
+        return undefined;
+    }
+    const serialize = (fn) => typeof fn === "function" ? fn.toString() : undefined;
+    return {
+        fs: serialize(permissions.fs),
+        network: serialize(permissions.network),
+        childProcess: serialize(permissions.childProcess),
+        env: serialize(permissions.env),
+    };
+}
+function resolveWorkerUrl(workerUrl) {
+    if (workerUrl instanceof URL) {
+        return workerUrl;
+    }
+    if (workerUrl) {
+        return new URL(workerUrl, import.meta.url);
+    }
+    return new URL("./worker.js", import.meta.url);
+}
+function createWorkerControlToken() {
+    if (typeof globalThis.crypto?.randomUUID === "function") {
+        return globalThis.crypto.randomUUID();
+    }
+    return `browser-runtime-${Date.now()}-${Math.random().toString(16).slice(2)}`;
+}
+function toBrowserWorkerExecOptions(options) {
+    if (!options) {
+        return undefined;
+    }
+    return {
+        filePath: options.filePath,
+        env: options.env,
+        cwd: options.cwd,
+        stdin: options.stdin,
+        timingMitigation: options.timingMitigation,
+    };
+}
+function validateBrowserRuntimeOptions(options) {
+    const unsupported = BROWSER_OPTION_VALIDATORS.filter((validator) => validator.hasValue(options)).map((validator) => validator.label);
+    if (unsupported.length === 0) {
+        return;
+    }
+    throw new Error(`Browser runtime does not support Node-only options: ${unsupported.join(", ")}`);
+}
+function validateBrowserExecOptions(options) {
+    const unsupported = [];
+    if (options?.cpuTimeLimitMs !== undefined) {
+        unsupported.push("cpuTimeLimitMs");
+    }
+    if (unsupported.length === 0) {
+        return;
+    }
+    throw new Error(`Browser runtime does not support Node-only exec options: ${unsupported.join(", ")}`);
+}
+function isStdioMessage(message) {
+    return message.type === "stdio";
+}
+function isResponseMessage(message) {
+    return message.type === "response";
+}
+function isSyncRequestMessage(message) {
+    return message.type === "sync-request";
+}
+function throwBridgePayloadTooLarge(label, actualBytes, maxBytes) {
+    const error = new Error(`[${SYNC_BRIDGE_PAYLOAD_LIMIT_ERROR_CODE}] ${label}: payload is ${actualBytes} bytes, limit is ${maxBytes} bytes`);
+    error.code = SYNC_BRIDGE_PAYLOAD_LIMIT_ERROR_CODE;
+    throw error;
+}
+async function waitForChildProcessEvent(session, waitMs) {
+    const deadline = Date.now() + Math.max(0, waitMs);
+    while (session.events.length === 0 &&
+        !session.exited &&
+        Date.now() < deadline) {
+        await new Promise((resolve) => setTimeout(resolve, 5));
+    }
+    return session.events.shift() ?? null;
+}
+function createSyncBridgeResponseBytes(response, encoder) {
+    switch (response.kind) {
+        case SYNC_BRIDGE_KIND_NONE:
+            return new Uint8Array(0);
+        case SYNC_BRIDGE_KIND_TEXT:
+            return encoder.encode(response.value);
+        case SYNC_BRIDGE_KIND_BINARY:
+            return response.value;
+        case SYNC_BRIDGE_KIND_JSON:
+            return encoder.encode(JSON.stringify(response.value));
+        default:
+            return new Uint8Array(0);
+    }
+}
+async function handleSyncBridgeOperation(host, message) {
+    switch (message.operation) {
+        case "child_process.spawn": {
+            const request = parseChildProcessSpawnRequest(message.args[0], "child_process.spawn request");
+            const { command, args } = request;
+            const options = request.options ?? {};
+            const sessionId = host.allocateChildProcessSessionId();
+            const events = [];
+            const process = host.commandExecutor.spawn(command, args, {
+                cwd: options.cwd,
+                env: options.env,
+                onStdout: (data) => {
+                    events.push({
+                        type: "stdout",
+                        data: encodeChildProcessBytes(data),
+                    });
+                },
+                onStderr: (data) => {
+                    events.push({
+                        type: "stderr",
+                        data: encodeChildProcessBytes(data),
+                    });
+                },
+            });
+            const session = {
+                executionId: message.executionId,
+                process,
+                events,
+                exited: false,
+            };
+            void process
+                .wait()
+                .then((code) => {
+                session.exited = true;
+                session.events.push({ type: "exit", exitCode: code, signal: null });
+            })
+                .catch(() => {
+                session.exited = true;
+                session.events.push({ type: "exit", exitCode: 1, signal: null });
+            });
+            host.childProcessSessions.set(sessionId, session);
+            return { kind: SYNC_BRIDGE_KIND_JSON, value: sessionId };
+        }
+        case "child_process.poll": {
+            const sessionId = Number(message.args[0]);
+            const waitMs = Number(message.args[1] ?? 0);
+            const session = host.childProcessSessions.get(sessionId);
+            if (!session || session.executionId !== message.executionId) {
+                return { kind: SYNC_BRIDGE_KIND_JSON, value: null };
+            }
+            const event = await waitForChildProcessEvent(session, waitMs);
+            if (event?.type === "exit" && session.events.length === 0) {
+                host.childProcessSessions.delete(sessionId);
+            }
+            return { kind: SYNC_BRIDGE_KIND_JSON, value: event };
+        }
+        case "child_process.write_stdin": {
+            const sessionId = Number(message.args[0]);
+            const session = host.childProcessSessions.get(sessionId);
+            if (!session || session.executionId !== message.executionId) {
+                throw new Error(`unknown child_process session ${sessionId}`);
+            }
+            session?.process.writeStdin(toUint8Array(message.args[1]));
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        }
+        case "child_process.close_stdin": {
+            const sessionId = Number(message.args[0]);
+            const session = host.childProcessSessions.get(sessionId);
+            if (!session || session.executionId !== message.executionId) {
+                throw new Error(`unknown child_process session ${sessionId}`);
+            }
+            session.process.closeStdin();
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        }
+        case "child_process.kill": {
+            const sessionId = Number(message.args[0]);
+            const signal = Number(message.args[1]);
+            const session = host.childProcessSessions.get(sessionId);
+            if (!session || session.executionId !== message.executionId) {
+                throw new Error(`unknown child_process session ${sessionId}`);
+            }
+            session.process.kill(signal);
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        }
+        case "child_process.spawn_sync": {
+            const request = parseChildProcessSpawnRequest(message.args[0], "child_process.spawn_sync request");
+            const { command, args } = request;
+            const options = request.options ?? {};
+            const stdoutChunks = [];
+            const stderrChunks = [];
+            const proc = host.commandExecutor.spawn(command, args, {
+                cwd: options.cwd,
+                env: options.env,
+                onStdout: (data) => stdoutChunks.push(data),
+                onStderr: (data) => stderrChunks.push(data),
+            });
+            const input = decodeChildProcessInput(options.input);
+            if (input !== undefined) {
+                proc.writeStdin(input);
+            }
+            proc.closeStdin();
+            const exitCode = await proc.wait();
+            const decoder = new TextDecoder();
+            return {
+                kind: SYNC_BRIDGE_KIND_TEXT,
+                value: JSON.stringify({
+                    stdout: stdoutChunks.map((chunk) => decoder.decode(chunk)).join(""),
+                    stderr: stderrChunks.map((chunk) => decoder.decode(chunk)).join(""),
+                    code: exitCode,
+                }),
+            };
+        }
+        case "process.signal_state": {
+            const { signal, registration } = parseProcessSignalStateArgs(message.args);
+            applyProcessSignalStateUpdate(host.signalStates, message.executionId, signal, registration);
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        }
+        default:
+            throw new Error(`Unsupported browser sync bridge operation: ${String(message.operation)}`);
+    }
+}
+export class BrowserRuntimeDriver {
+    worker;
+    pending = new Map();
+    controlToken = createWorkerControlToken();
+    defaultOnStdio;
+    defaultTimingMitigation;
+    networkAdapter;
+    commandExecutor;
+    syncBridge;
+    childProcessSessions = new Map();
+    signalStates = new Map();
+    ready;
+    encoder = new TextEncoder();
+    nextId = 1;
+    nextExecutionId = 1;
+    nextChildProcessSessionId = 1;
+    disposed = false;
+    networkPermission;
+    convergedServicer;
+    convergedReady;
+    constructor(options, factoryOptions = {}) {
+        if (typeof Worker === "undefined") {
+            throw new Error("Browser runtime requires a global Worker implementation");
+        }
+        assertBrowserSyncBridgeSupport();
+        this.defaultOnStdio = options.onStdio;
+        this.defaultTimingMitigation =
+            options.timingMitigation ??
+                options.runtime.process.timingMitigation ??
+                DEFAULT_BROWSER_TIMING_MITIGATION;
+        this.networkAdapter = options.system.network ?? createNetworkStub();
+        this.networkPermission = options.system.permissions?.network;
+        this.commandExecutor = wrapCommandExecutor(options.system.commandExecutor ?? {
+            spawn() {
+                throw new Error("ENOSYS: child_process.spawn is not supported");
+            },
+        }, options.system.permissions);
+        this.syncBridge = createBrowserSyncBridgePayload(options.payloadLimits);
+        this.worker = new Worker(resolveWorkerUrl(factoryOptions.workerUrl), {
+            type: "module",
+        });
+        this.worker.onmessage = this.handleWorkerMessage;
+        this.worker.onerror = this.handleWorkerError;
+        const browserSystemOptions = getBrowserSystemDriverOptions(options.system);
+        const initPayload = {
+            processConfig: options.runtime.process,
+            osConfig: options.runtime.os,
+            permissions: serializePermissions(options.system.permissions),
+            filesystem: browserSystemOptions.filesystem,
+            networkEnabled: browserSystemOptions.networkEnabled,
+            timingMitigation: this.defaultTimingMitigation,
+            payloadLimits: options.payloadLimits,
+            syncBridge: this.syncBridge,
+        };
+        this.ready = this.callWorker("init", initPayload).then(() => undefined);
+        this.ready.catch(() => undefined);
+        if (factoryOptions.convergedSidecar) {
+            this.convergedReady = this.setupConvergedSidecar(factoryOptions.convergedSidecar);
+            this.convergedReady.catch(() => undefined);
+        }
+    }
+    async setupConvergedSidecar(options) {
+        const [{ createConvergedServicer }, sidecar] = await Promise.all([
+            import("./converged-driver-setup.js"),
+            options.loadSidecar(),
+        ]);
+        this.convergedServicer = createConvergedServicer({
+            pushFrame: sidecar.pushFrame,
+            config: options.config,
+            codec: options.codec,
+            setNextExecutionId: sidecar.setNextExecutionId?.bind(sidecar),
+            onFsReadDenied: options.onFsReadDenied,
+        });
+    }
+    get network() {
+        const adapter = this.networkAdapter;
+        return {
+            fetch: (url, options) => adapter.fetch(url, options),
+            dnsLookup: (hostname) => adapter.dnsLookup(hostname),
+            httpRequest: (url, options) => adapter.httpRequest(url, options),
+        };
+    }
+    handleWorkerError = (event) => {
+        if (this.disposed) {
+            return;
+        }
+        const error = event.error instanceof Error
+            ? event.error
+            : new Error(event.message
+                ? `Browser runtime worker error: ${event.message} (${event.filename}:${event.lineno}:${event.colno})`
+                : "Browser runtime worker error");
+        this.cleanup(error, { terminateWorker: true });
+    };
+    handleWorkerMessage = (event) => {
+        if (this.disposed) {
+            return;
+        }
+        const message = event.data;
+        if (message.controlToken !== this.controlToken) {
+            return;
+        }
+        if (isSyncRequestMessage(message)) {
+            void this.handleSyncRequest(message);
+            return;
+        }
+        if (isStdioMessage(message)) {
+            const pending = this.pending.get(message.requestId);
+            if (pending?.executionId !== message.executionId) {
+                return;
+            }
+            const hook = pending?.hook ?? this.defaultOnStdio;
+            if (!hook) {
+                return;
+            }
+            try {
+                hook({ channel: message.channel, message: message.message });
+            }
+            catch {
+                // Ignore host hook errors so sandbox execution can continue.
+            }
+            return;
+        }
+        if (!isResponseMessage(message)) {
+            return;
+        }
+        const pending = this.pending.get(message.id);
+        if (!pending) {
+            return;
+        }
+        this.pending.delete(message.id);
+        if (pending.executionId) {
+            this.cleanupExecutionState(pending.executionId);
+        }
+        if (message.ok) {
+            pending.resolve(message.result);
+            return;
+        }
+        const error = new Error(message.error.message);
+        if (message.error.stack) {
+            error.stack = message.error.stack;
+        }
+        error.code = message.error.code;
+        pending.reject(error);
+    };
+    async handleSyncRequest(message) {
+        const signal = new Int32Array(this.syncBridge.signalBuffer);
+        const data = new Uint8Array(this.syncBridge.dataBuffer);
+        try {
+            if (!this.hasPendingExecutionRequest(message.processRequestId, message.executionId)) {
+                throw new Error(`Browser runtime sync bridge request for unknown execution ${message.executionId}`);
+            }
+            if (!isBrowserWorkerSyncOperation(message.operation)) {
+                throw new Error(`Unsupported browser sync bridge operation: ${String(message.operation)}`);
+            }
+            const legacyServicer = (operation, args) => handleSyncBridgeOperation({
+                commandExecutor: this.commandExecutor,
+                childProcessSessions: this.childProcessSessions,
+                signalStates: this.signalStates,
+                allocateChildProcessSessionId: () => this.allocateChildProcessSessionId(),
+                networkPermission: this.networkPermission,
+            }, {
+                ...message,
+                operation: operation,
+                args: [...args],
+            });
+            // Converged-only: every guest syscall is serviced by the wasm kernel via
+            // the converged servicer. The legacy in-process TS kernel is gone; the
+            // `legacyServicer` survives ONLY as the converged router's fallback for
+            // host capabilities (child_process.* / process.signal_state), never as a
+            // standalone guest-syscall path.
+            if (this.convergedReady === undefined) {
+                throw new Error("Browser runtime requires a converged wasm sidecar; the legacy in-process kernel has been removed");
+            }
+            await this.convergedReady;
+            if (!this.convergedServicer) {
+                throw new Error("Converged sidecar servicer is unavailable after setup");
+            }
+            const response = await this.convergedServicer.route(message.executionId, message.operation, message.args, legacyServicer);
+            const bytes = createSyncBridgeResponseBytes(response, this.encoder);
+            if (bytes.byteLength > data.byteLength) {
+                const suffix = typeof message.args[0] === "string" ? ` ${message.args[0]}` : "";
+                throwBridgePayloadTooLarge(`${message.operation}${suffix}`, bytes.byteLength, data.byteLength);
+            }
+            data.set(bytes, 0);
+            Atomics.store(signal, SYNC_BRIDGE_SIGNAL_STATUS_INDEX, SYNC_BRIDGE_STATUS_OK);
+            Atomics.store(signal, SYNC_BRIDGE_SIGNAL_KIND_INDEX, response.kind);
+            Atomics.store(signal, SYNC_BRIDGE_SIGNAL_LENGTH_INDEX, bytes.byteLength);
+        }
+        catch (error) {
+            let bytes = this.encoder.encode(JSON.stringify(toBrowserSyncBridgeError(error)));
+            if (bytes.byteLength > data.byteLength) {
+                bytes = this.encoder.encode(JSON.stringify({
+                    message: "Browser runtime sync bridge error exceeded shared buffer capacity",
+                    code: SYNC_BRIDGE_PAYLOAD_LIMIT_ERROR_CODE,
+                }));
+            }
+            data.set(bytes, 0);
+            Atomics.store(signal, SYNC_BRIDGE_SIGNAL_STATUS_INDEX, SYNC_BRIDGE_STATUS_ERROR);
+            Atomics.store(signal, SYNC_BRIDGE_SIGNAL_KIND_INDEX, SYNC_BRIDGE_KIND_JSON);
+            Atomics.store(signal, SYNC_BRIDGE_SIGNAL_LENGTH_INDEX, bytes.byteLength);
+        }
+        Atomics.store(signal, SYNC_BRIDGE_SIGNAL_STATE_INDEX, SYNC_BRIDGE_SIGNAL_STATE_READY);
+        Atomics.notify(signal, SYNC_BRIDGE_SIGNAL_STATE_INDEX, 1);
+    }
+    rejectAllPending(error) {
+        const entries = Array.from(this.pending.values());
+        this.pending.clear();
+        for (const pending of entries) {
+            if (pending.executionId) {
+                this.cleanupExecutionState(pending.executionId);
+            }
+            pending.reject(error);
+        }
+    }
+    clearWorkerHandlers() {
+        try {
+            this.worker.onmessage = null;
+        }
+        catch {
+            // Ignore host Worker implementations with non-writable event hooks.
+        }
+        try {
+            this.worker.onerror = null;
+        }
+        catch {
+            // Ignore host Worker implementations with non-writable event hooks.
+        }
+    }
+    allocateExecutionId() {
+        return `exec-${this.nextExecutionId++}`;
+    }
+    allocateChildProcessSessionId() {
+        return this.nextChildProcessSessionId++;
+    }
+    hasPendingExecutionRequest(requestId, executionId) {
+        const pending = this.pending.get(requestId);
+        return pending?.executionId === executionId;
+    }
+    cleanupExecutionState(executionId) {
+        this.signalStates.delete(executionId);
+        for (const [sessionId, session] of this.childProcessSessions) {
+            if (session.executionId === executionId) {
+                this.childProcessSessions.delete(sessionId);
+            }
+        }
+    }
+    resetSyncBridgeState() {
+        new Int32Array(this.syncBridge.signalBuffer).fill(0);
+        new Uint8Array(this.syncBridge.dataBuffer).fill(0);
+    }
+    cleanup(error, options = {}) {
+        if (this.disposed) {
+            this.rejectAllPending(error);
+            return;
+        }
+        this.disposed = true;
+        this.clearWorkerHandlers();
+        if (options.terminateWorker) {
+            try {
+                this.worker.terminate();
+            }
+            catch {
+                // Ignore termination errors while tearing down a broken worker.
+            }
+        }
+        this.resetSyncBridgeState();
+        this.signalStates.clear();
+        this.rejectAllPending(error);
+    }
+    callWorker(type, payload, hook, executionId) {
+        if (this.disposed) {
+            return Promise.reject(new Error("Browser runtime has been disposed"));
+        }
+        const id = this.nextId++;
+        const message = payload === undefined
+            ? {
+                controlToken: this.controlToken,
+                id,
+                type,
+            }
+            : {
+                controlToken: this.controlToken,
+                id,
+                type,
+                payload,
+            };
+        return new Promise((resolve, reject) => {
+            this.pending.set(id, { resolve, reject, hook, executionId });
+            try {
+                this.worker.postMessage(message);
+            }
+            catch (error) {
+                this.pending.delete(id);
+                if (executionId) {
+                    this.cleanupExecutionState(executionId);
+                }
+                reject(error);
+            }
+        });
+    }
+    async run(code, filePath) {
+        await this.ready;
+        const hook = this.defaultOnStdio;
+        const executionId = this.allocateExecutionId();
+        return this.callWorker("run", {
+            executionId,
+            code,
+            filePath,
+            captureStdio: Boolean(hook),
+        }, hook, executionId);
+    }
+    async exec(code, options) {
+        validateBrowserExecOptions(options);
+        await this.ready;
+        const hook = options?.onStdio ?? this.defaultOnStdio;
+        const executionId = this.allocateExecutionId();
+        return this.callWorker("exec", {
+            executionId,
+            code,
+            options: toBrowserWorkerExecOptions(options),
+            captureStdio: Boolean(hook),
+        }, hook, executionId);
+    }
+    async dispatchExtensionRequest(namespace, payload) {
+        await this.ready;
+        const response = await this.callWorker("extension", { namespace, payload });
+        return response.payload;
+    }
+    dispose() {
+        if (this.disposed) {
+            return;
+        }
+        this.cleanup(new Error("Browser runtime has been disposed"), {
+            terminateWorker: true,
+        });
+    }
+    /**
+     * Snapshot the converged VM root filesystem (writable changes) so callers can
+     * persist them to host storage across runtimes. Returns null in legacy mode.
+     */
+    async snapshotConvergedRootFilesystem() {
+        if (this.convergedReady === undefined) {
+            return null;
+        }
+        await this.convergedReady;
+        return this.convergedServicer?.snapshotRootFilesystem() ?? null;
+    }
+    async terminate() {
+        this.dispose();
+    }
+    signalPendingExecution(signal = 15) {
+        if (this.disposed) {
+            return false;
+        }
+        const pending = Array.from(this.pending.values()).find((entry) => entry.executionId);
+        if (!pending?.executionId) {
+            return false;
+        }
+        const id = this.nextId++;
+        const message = {
+            controlToken: this.controlToken,
+            id,
+            type: "signal",
+            payload: {
+                executionId: pending.executionId,
+                signal,
+            },
+        };
+        this.worker.postMessage(message);
+        return true;
+    }
+}
+export function createBrowserRuntimeDriverFactory(factoryOptions = {}) {
+    return {
+        createRuntimeDriver(options) {
+            validateBrowserRuntimeOptions(options);
+            return new BrowserRuntimeDriver(options, factoryOptions);
+        },
+    };
+}