@secure-exec/browser 0.0.0-main.bccb3a2

package/dist/runtime-driver.js

@@ -0,0 +1,459 @@
+import { getBrowserSystemDriverOptions } from "./driver.js";
+import { createFsStub, createNetworkStub, loadFile, mkdir, resolveModule, } from "./runtime.js";
+import { assertBrowserSyncBridgeSupport, createBrowserSyncBridgePayload, SYNC_BRIDGE_KIND_BINARY, SYNC_BRIDGE_KIND_JSON, SYNC_BRIDGE_KIND_NONE, SYNC_BRIDGE_KIND_TEXT, SYNC_BRIDGE_PAYLOAD_LIMIT_ERROR_CODE, SYNC_BRIDGE_SIGNAL_KIND_INDEX, SYNC_BRIDGE_SIGNAL_LENGTH_INDEX, SYNC_BRIDGE_SIGNAL_STATE_INDEX, SYNC_BRIDGE_SIGNAL_STATE_READY, SYNC_BRIDGE_SIGNAL_STATUS_INDEX, SYNC_BRIDGE_STATUS_ERROR, SYNC_BRIDGE_STATUS_OK, toBrowserSyncBridgeError, } from "./sync-bridge.js";
+const DEFAULT_BROWSER_TIMING_MITIGATION = "freeze";
+const BROWSER_OPTION_VALIDATORS = [
+    {
+        label: "memoryLimit",
+        hasValue: (options) => options.memoryLimit !== undefined,
+    },
+    {
+        label: "cpuTimeLimitMs",
+        hasValue: (options) => options.cpuTimeLimitMs !== undefined,
+    },
+];
+function serializePermissions(permissions) {
+    if (!permissions) {
+        return undefined;
+    }
+    const serialize = (fn) => typeof fn === "function" ? fn.toString() : undefined;
+    return {
+        fs: serialize(permissions.fs),
+        network: serialize(permissions.network),
+        childProcess: serialize(permissions.childProcess),
+        env: serialize(permissions.env),
+    };
+}
+function resolveWorkerUrl(workerUrl) {
+    if (workerUrl instanceof URL) {
+        return workerUrl;
+    }
+    if (workerUrl) {
+        return new URL(workerUrl, import.meta.url);
+    }
+    return new URL("./worker.js", import.meta.url);
+}
+function createWorkerControlToken() {
+    if (typeof globalThis.crypto?.randomUUID === "function") {
+        return globalThis.crypto.randomUUID();
+    }
+    return `browser-runtime-${Date.now()}-${Math.random().toString(16).slice(2)}`;
+}
+function toBrowserWorkerExecOptions(options) {
+    if (!options) {
+        return undefined;
+    }
+    return {
+        filePath: options.filePath,
+        env: options.env,
+        cwd: options.cwd,
+        stdin: options.stdin,
+        timingMitigation: options.timingMitigation,
+    };
+}
+function validateBrowserRuntimeOptions(options) {
+    const unsupported = BROWSER_OPTION_VALIDATORS.filter((validator) => validator.hasValue(options)).map((validator) => validator.label);
+    if (unsupported.length === 0) {
+        return;
+    }
+    throw new Error(`Browser runtime does not support Node-only options: ${unsupported.join(", ")}`);
+}
+function validateBrowserExecOptions(options) {
+    const unsupported = [];
+    if (options?.cpuTimeLimitMs !== undefined) {
+        unsupported.push("cpuTimeLimitMs");
+    }
+    if (unsupported.length === 0) {
+        return;
+    }
+    throw new Error(`Browser runtime does not support Node-only exec options: ${unsupported.join(", ")}`);
+}
+function isStdioMessage(message) {
+    return message.type === "stdio";
+}
+function isResponseMessage(message) {
+    return message.type === "response";
+}
+function isSyncRequestMessage(message) {
+    return message.type === "sync-request";
+}
+function createSyncBridgeFilesystem(options) {
+    return options.system.filesystem ?? createFsStub();
+}
+function throwBridgePayloadTooLarge(label, actualBytes, maxBytes) {
+    const error = new Error(`[${SYNC_BRIDGE_PAYLOAD_LIMIT_ERROR_CODE}] ${label}: payload is ${actualBytes} bytes, limit is ${maxBytes} bytes`);
+    error.code = SYNC_BRIDGE_PAYLOAD_LIMIT_ERROR_CODE;
+    throw error;
+}
+function toUint8Array(value) {
+    if (value instanceof Uint8Array) {
+        return value;
+    }
+    if (ArrayBuffer.isView(value)) {
+        return new Uint8Array(value.buffer, value.byteOffset, value.byteLength);
+    }
+    if (value instanceof ArrayBuffer) {
+        return new Uint8Array(value);
+    }
+    return new TextEncoder().encode(String(value));
+}
+function createSyncBridgeResponseBytes(response, encoder) {
+    switch (response.kind) {
+        case SYNC_BRIDGE_KIND_NONE:
+            return new Uint8Array(0);
+        case SYNC_BRIDGE_KIND_TEXT:
+            return encoder.encode(response.value);
+        case SYNC_BRIDGE_KIND_BINARY:
+            return response.value;
+        case SYNC_BRIDGE_KIND_JSON:
+            return encoder.encode(JSON.stringify(response.value));
+        default:
+            return new Uint8Array(0);
+    }
+}
+async function handleSyncBridgeOperation(filesystem, message) {
+    switch (message.operation) {
+        case "fs.readFile":
+            return {
+                kind: SYNC_BRIDGE_KIND_TEXT,
+                value: await filesystem.readTextFile(String(message.args[0])),
+            };
+        case "fs.writeFile":
+            await filesystem.writeFile(String(message.args[0]), String(message.args[1] ?? ""));
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        case "fs.readFileBinary":
+            return {
+                kind: SYNC_BRIDGE_KIND_BINARY,
+                value: await filesystem.readFile(String(message.args[0])),
+            };
+        case "fs.writeFileBinary":
+            await filesystem.writeFile(String(message.args[0]), toUint8Array(message.args[1]));
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        case "fs.readDir":
+            return {
+                kind: SYNC_BRIDGE_KIND_JSON,
+                value: await filesystem.readDirWithTypes(String(message.args[0])),
+            };
+        case "fs.createDir":
+            await filesystem.createDir(String(message.args[0]));
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        case "fs.mkdir":
+            await mkdir(filesystem, String(message.args[0]));
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        case "fs.rmdir":
+            await filesystem.removeDir(String(message.args[0]));
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        case "fs.exists":
+            return {
+                kind: SYNC_BRIDGE_KIND_JSON,
+                value: await filesystem.exists(String(message.args[0])),
+            };
+        case "fs.stat":
+            return {
+                kind: SYNC_BRIDGE_KIND_JSON,
+                value: await filesystem.stat(String(message.args[0])),
+            };
+        case "fs.lstat":
+            return {
+                kind: SYNC_BRIDGE_KIND_JSON,
+                value: await filesystem.lstat(String(message.args[0])),
+            };
+        case "fs.unlink":
+            await filesystem.removeFile(String(message.args[0]));
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        case "fs.rename":
+            await filesystem.rename(String(message.args[0]), String(message.args[1]));
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        case "fs.realpath":
+            return {
+                kind: SYNC_BRIDGE_KIND_TEXT,
+                value: await filesystem.realpath(String(message.args[0])),
+            };
+        case "fs.readlink":
+            return {
+                kind: SYNC_BRIDGE_KIND_TEXT,
+                value: await filesystem.readlink(String(message.args[0])),
+            };
+        case "fs.symlink":
+            await filesystem.symlink(String(message.args[0]), String(message.args[1]));
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        case "fs.link":
+            await filesystem.link(String(message.args[0]), String(message.args[1]));
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        case "fs.chmod":
+            await filesystem.chmod(String(message.args[0]), Number(message.args[1]));
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        case "fs.truncate":
+            await filesystem.truncate(String(message.args[0]), Number(message.args[1]));
+            return { kind: SYNC_BRIDGE_KIND_NONE };
+        case "module.resolve": {
+            const resolved = await resolveModule(String(message.args[0]), String(message.args[1]), filesystem);
+            return resolved === null
+                ? { kind: SYNC_BRIDGE_KIND_NONE }
+                : { kind: SYNC_BRIDGE_KIND_TEXT, value: resolved };
+        }
+        case "module.loadFile": {
+            const source = await loadFile(String(message.args[0]), filesystem);
+            return source === null
+                ? { kind: SYNC_BRIDGE_KIND_NONE }
+                : { kind: SYNC_BRIDGE_KIND_TEXT, value: source };
+        }
+        default:
+            throw new Error(`Unsupported browser sync bridge operation: ${String(message.operation)}`);
+    }
+}
+export class BrowserRuntimeDriver {
+    worker;
+    pending = new Map();
+    controlToken = createWorkerControlToken();
+    defaultOnStdio;
+    defaultTimingMitigation;
+    networkAdapter;
+    syncBridge;
+    syncFilesystem;
+    ready;
+    encoder = new TextEncoder();
+    nextId = 1;
+    disposed = false;
+    constructor(options, factoryOptions = {}) {
+        if (typeof Worker === "undefined") {
+            throw new Error("Browser runtime requires a global Worker implementation");
+        }
+        assertBrowserSyncBridgeSupport();
+        this.defaultOnStdio = options.onStdio;
+        this.defaultTimingMitigation =
+            options.timingMitigation ??
+                options.runtime.process.timingMitigation ??
+                DEFAULT_BROWSER_TIMING_MITIGATION;
+        this.networkAdapter = options.system.network ?? createNetworkStub();
+        this.syncBridge = createBrowserSyncBridgePayload(options.payloadLimits);
+        this.syncFilesystem = createSyncBridgeFilesystem(options);
+        this.worker = new Worker(resolveWorkerUrl(factoryOptions.workerUrl), {
+            type: "module",
+        });
+        this.worker.onmessage = this.handleWorkerMessage;
+        this.worker.onerror = this.handleWorkerError;
+        const browserSystemOptions = getBrowserSystemDriverOptions(options.system);
+        const initPayload = {
+            processConfig: options.runtime.process,
+            osConfig: options.runtime.os,
+            permissions: serializePermissions(options.system.permissions),
+            filesystem: browserSystemOptions.filesystem,
+            networkEnabled: browserSystemOptions.networkEnabled,
+            timingMitigation: this.defaultTimingMitigation,
+            payloadLimits: options.payloadLimits,
+            syncBridge: this.syncBridge,
+        };
+        this.ready = this.callWorker("init", initPayload).then(() => undefined);
+        this.ready.catch(() => undefined);
+    }
+    get network() {
+        const adapter = this.networkAdapter;
+        return {
+            fetch: (url, options) => adapter.fetch(url, options),
+            dnsLookup: (hostname) => adapter.dnsLookup(hostname),
+            httpRequest: (url, options) => adapter.httpRequest(url, options),
+        };
+    }
+    handleWorkerError = (event) => {
+        if (this.disposed) {
+            return;
+        }
+        const error = event.error instanceof Error
+            ? event.error
+            : new Error(event.message
+                ? `Browser runtime worker error: ${event.message} (${event.filename}:${event.lineno}:${event.colno})`
+                : "Browser runtime worker error");
+        this.cleanup(error, { terminateWorker: true });
+    };
+    handleWorkerMessage = (event) => {
+        if (this.disposed) {
+            return;
+        }
+        const message = event.data;
+        if (message.controlToken !== this.controlToken) {
+            return;
+        }
+        if (isSyncRequestMessage(message)) {
+            void this.handleSyncRequest(message);
+            return;
+        }
+        if (isStdioMessage(message)) {
+            const pending = this.pending.get(message.requestId);
+            const hook = pending?.hook ?? this.defaultOnStdio;
+            if (!hook) {
+                return;
+            }
+            try {
+                hook({ channel: message.channel, message: message.message });
+            }
+            catch {
+                // Ignore host hook errors so sandbox execution can continue.
+            }
+            return;
+        }
+        if (!isResponseMessage(message)) {
+            return;
+        }
+        const pending = this.pending.get(message.id);
+        if (!pending) {
+            return;
+        }
+        this.pending.delete(message.id);
+        if (message.ok) {
+            pending.resolve(message.result);
+            return;
+        }
+        const error = new Error(message.error.message);
+        if (message.error.stack) {
+            error.stack = message.error.stack;
+        }
+        error.code = message.error.code;
+        pending.reject(error);
+    };
+    async handleSyncRequest(message) {
+        const signal = new Int32Array(this.syncBridge.signalBuffer);
+        const data = new Uint8Array(this.syncBridge.dataBuffer);
+        try {
+            const response = await handleSyncBridgeOperation(this.syncFilesystem, message);
+            const bytes = createSyncBridgeResponseBytes(response, this.encoder);
+            if (bytes.byteLength > data.byteLength) {
+                const suffix = typeof message.args[0] === "string" ? ` ${message.args[0]}` : "";
+                throwBridgePayloadTooLarge(`${message.operation}${suffix}`, bytes.byteLength, data.byteLength);
+            }
+            data.set(bytes, 0);
+            Atomics.store(signal, SYNC_BRIDGE_SIGNAL_STATUS_INDEX, SYNC_BRIDGE_STATUS_OK);
+            Atomics.store(signal, SYNC_BRIDGE_SIGNAL_KIND_INDEX, response.kind);
+            Atomics.store(signal, SYNC_BRIDGE_SIGNAL_LENGTH_INDEX, bytes.byteLength);
+        }
+        catch (error) {
+            let bytes = this.encoder.encode(JSON.stringify(toBrowserSyncBridgeError(error)));
+            if (bytes.byteLength > data.byteLength) {
+                bytes = this.encoder.encode(JSON.stringify({
+                    message: "Browser runtime sync bridge error exceeded shared buffer capacity",
+                    code: SYNC_BRIDGE_PAYLOAD_LIMIT_ERROR_CODE,
+                }));
+            }
+            data.set(bytes, 0);
+            Atomics.store(signal, SYNC_BRIDGE_SIGNAL_STATUS_INDEX, SYNC_BRIDGE_STATUS_ERROR);
+            Atomics.store(signal, SYNC_BRIDGE_SIGNAL_KIND_INDEX, SYNC_BRIDGE_KIND_JSON);
+            Atomics.store(signal, SYNC_BRIDGE_SIGNAL_LENGTH_INDEX, bytes.byteLength);
+        }
+        Atomics.store(signal, SYNC_BRIDGE_SIGNAL_STATE_INDEX, SYNC_BRIDGE_SIGNAL_STATE_READY);
+        Atomics.notify(signal, SYNC_BRIDGE_SIGNAL_STATE_INDEX, 1);
+    }
+    rejectAllPending(error) {
+        const entries = Array.from(this.pending.values());
+        this.pending.clear();
+        for (const pending of entries) {
+            pending.reject(error);
+        }
+    }
+    clearWorkerHandlers() {
+        try {
+            this.worker.onmessage = null;
+        }
+        catch {
+            // Ignore host Worker implementations with non-writable event hooks.
+        }
+        try {
+            this.worker.onerror = null;
+        }
+        catch {
+            // Ignore host Worker implementations with non-writable event hooks.
+        }
+    }
+    resetSyncBridgeState() {
+        new Int32Array(this.syncBridge.signalBuffer).fill(0);
+        new Uint8Array(this.syncBridge.dataBuffer).fill(0);
+    }
+    cleanup(error, options = {}) {
+        if (this.disposed) {
+            this.rejectAllPending(error);
+            return;
+        }
+        this.disposed = true;
+        this.clearWorkerHandlers();
+        if (options.terminateWorker) {
+            try {
+                this.worker.terminate();
+            }
+            catch {
+                // Ignore termination errors while tearing down a broken worker.
+            }
+        }
+        this.resetSyncBridgeState();
+        this.rejectAllPending(error);
+    }
+    callWorker(type, payload, hook) {
+        if (this.disposed) {
+            return Promise.reject(new Error("Browser runtime has been disposed"));
+        }
+        const id = this.nextId++;
+        const message = payload === undefined
+            ? {
+                controlToken: this.controlToken,
+                id,
+                type,
+            }
+            : {
+                controlToken: this.controlToken,
+                id,
+                type,
+                payload,
+            };
+        return new Promise((resolve, reject) => {
+            this.pending.set(id, { resolve, reject, hook });
+            try {
+                this.worker.postMessage(message);
+            }
+            catch (error) {
+                this.pending.delete(id);
+                reject(error);
+            }
+        });
+    }
+    async run(code, filePath) {
+        await this.ready;
+        const hook = this.defaultOnStdio;
+        return this.callWorker("run", {
+            code,
+            filePath,
+            captureStdio: Boolean(hook),
+        }, hook);
+    }
+    async exec(code, options) {
+        validateBrowserExecOptions(options);
+        await this.ready;
+        const hook = options?.onStdio ?? this.defaultOnStdio;
+        return this.callWorker("exec", {
+            code,
+            options: toBrowserWorkerExecOptions(options),
+            captureStdio: Boolean(hook),
+        }, hook);
+    }
+    async dispatchExtensionRequest(namespace, payload) {
+        await this.ready;
+        const response = await this.callWorker("extension", { namespace, payload });
+        return response.payload;
+    }
+    dispose() {
+        if (this.disposed) {
+            return;
+        }
+        this.cleanup(new Error("Browser runtime has been disposed"), {
+            terminateWorker: true,
+        });
+    }
+    async terminate() {
+        this.dispose();
+    }
+}
+export function createBrowserRuntimeDriverFactory(factoryOptions = {}) {
+    return {
+        createRuntimeDriver(options) {
+            validateBrowserRuntimeOptions(options);
+            return new BrowserRuntimeDriver(options, factoryOptions);
+        },
+    };
+}

package/dist/runtime.d.ts

@@ -0,0 +1,222 @@
+import { createInMemoryFileSystem, InMemoryFileSystem } from "./os-filesystem.js";
+export type StdioChannel = "stdout" | "stderr";
+export type TimingMitigation = "off" | "freeze";
+type BodyLike = unknown;
+export interface VirtualDirEntry {
+    name: string;
+    isDirectory: boolean;
+    isSymbolicLink?: boolean;
+}
+export interface VirtualStat {
+    mode: number;
+    size: number;
+    blocks: number;
+    dev: number;
+    rdev: number;
+    isDirectory: boolean;
+    isSymbolicLink: boolean;
+    atimeMs: number;
+    mtimeMs: number;
+    ctimeMs: number;
+    birthtimeMs: number;
+    ino: number;
+    nlink: number;
+    uid: number;
+    gid: number;
+}
+export interface VirtualFileSystem {
+    readFile(path: string): Promise<Uint8Array>;
+    readTextFile(path: string): Promise<string>;
+    readDir(path: string): Promise<string[]>;
+    readDirWithTypes(path: string): Promise<VirtualDirEntry[]>;
+    writeFile(path: string, content: string | Uint8Array): Promise<void>;
+    createDir(path: string): Promise<void>;
+    mkdir(path: string, options?: {
+        recursive?: boolean;
+    }): Promise<void>;
+    exists(path: string): Promise<boolean>;
+    stat(path: string): Promise<VirtualStat>;
+    removeFile(path: string): Promise<void>;
+    removeDir(path: string): Promise<void>;
+    rename(oldPath: string, newPath: string): Promise<void>;
+    realpath(path: string): Promise<string>;
+    symlink(target: string, linkPath: string): Promise<void>;
+    readlink(path: string): Promise<string>;
+    lstat(path: string): Promise<VirtualStat>;
+    link(oldPath: string, newPath: string): Promise<void>;
+    chmod(path: string, mode: number): Promise<void>;
+    chown(path: string, uid: number, gid: number): Promise<void>;
+    utimes(path: string, atime: number, mtime: number): Promise<void>;
+    truncate(path: string, length: number): Promise<void>;
+    pread(path: string, offset: number, length: number): Promise<Uint8Array>;
+    pwrite(path: string, offset: number, data: Uint8Array): Promise<void>;
+}
+export type PermissionDecision = boolean | {
+    allowed: boolean;
+    reason?: string;
+} | {
+    allow: boolean;
+    reason?: string;
+};
+export type PermissionCheck<T = unknown> = (request: T) => PermissionDecision;
+export interface Permissions {
+    fs?: PermissionCheck<{
+        path: string;
+        operation: string;
+    }>;
+    network?: PermissionCheck<{
+        url?: string;
+        host?: string;
+        port?: number;
+    }>;
+    childProcess?: PermissionCheck<{
+        command: string;
+        args: string[];
+    }>;
+    env?: PermissionCheck<{
+        name: string;
+        value: string;
+    }>;
+}
+export declare const allowAllFs: PermissionCheck;
+export declare const allowAllNetwork: PermissionCheck;
+export declare const allowAllChildProcess: PermissionCheck;
+export declare const allowAllEnv: PermissionCheck;
+export declare const allowAll: Permissions;
+export interface ExecOptions {
+    filePath?: string;
+    env?: Record<string, string>;
+    cwd?: string;
+    stdin?: string;
+    cpuTimeLimitMs?: number;
+    timingMitigation?: TimingMitigation;
+    onStdio?: StdioHook;
+}
+export interface ExecResult {
+    code: number;
+    exitCode?: number;
+    stdout?: string;
+    stderr?: string;
+    errorMessage?: string;
+}
+export interface RunResult<T = unknown> {
+    value?: T;
+    code: number;
+    errorMessage?: string;
+    exports?: T;
+}
+export interface OSConfig {
+    homedir?: string;
+    tmpdir?: string;
+}
+export interface ProcessConfig {
+    cwd?: string;
+    env?: Record<string, string>;
+    argv?: string[];
+    timingMitigation?: TimingMitigation;
+    frozenTimeMs?: number;
+}
+export type StdioEvent = {
+    channel: StdioChannel;
+    message: string;
+};
+export type StdioHook = (event: StdioEvent) => void;
+export interface CommandExecutor {
+    spawn(command: string, args: string[], options?: {
+        cwd?: string;
+        env?: Record<string, string>;
+        onStdout?: (data: Uint8Array) => void;
+        onStderr?: (data: Uint8Array) => void;
+    }): {
+        wait(): Promise<number>;
+        writeStdin(data: Uint8Array | string): void;
+        closeStdin(): void;
+        kill(signal?: number): void;
+    };
+}
+export interface NetworkAdapter {
+    fetch(url: string, options?: {
+        method?: string;
+        headers?: Record<string, string>;
+        body?: BodyLike | null;
+    }): Promise<{
+        ok: boolean;
+        status: number;
+        statusText: string;
+        headers: Record<string, string>;
+        body: string;
+        url: string;
+        redirected: boolean;
+    }>;
+    dnsLookup(hostname: string): Promise<{
+        address?: string;
+        family?: number;
+        error?: string;
+        code?: string;
+    }>;
+    httpRequest(url: string, options?: {
+        method?: string;
+        headers?: Record<string, string>;
+        body?: BodyLike | null;
+    }): Promise<{
+        status: number;
+        statusText: string;
+        headers: Record<string, string>;
+        body: string;
+        url: string;
+    }>;
+}
+export interface SystemDriver {
+    filesystem?: VirtualFileSystem;
+    network?: NetworkAdapter;
+    commandExecutor?: CommandExecutor;
+    permissions?: Permissions;
+    runtime: {
+        process: ProcessConfig;
+        os: OSConfig;
+    };
+}
+export interface RuntimeDriverOptions {
+    system: SystemDriver;
+    runtime: {
+        process: ProcessConfig;
+        os: OSConfig;
+    };
+    memoryLimit?: number;
+    cpuTimeLimitMs?: number;
+    timingMitigation?: TimingMitigation;
+    onStdio?: StdioHook;
+    payloadLimits?: {
+        base64TransferBytes?: number;
+        jsonPayloadBytes?: number;
+    };
+}
+export interface NodeRuntimeDriver {
+    exec(code: string, options?: ExecOptions): Promise<ExecResult>;
+    run<T = unknown>(code: string, filePath?: string): Promise<RunResult<T>>;
+    dispose(): void;
+    terminate?(): Promise<void>;
+}
+export interface NodeRuntimeDriverFactory {
+    createRuntimeDriver(options: RuntimeDriverOptions): NodeRuntimeDriver;
+}
+export declare function filterEnv(env: Record<string, string> | undefined, permissions?: Permissions): Record<string, string>;
+export declare function createEnosysError(operation: string): Error;
+export declare function createFsStub(): VirtualFileSystem;
+export declare function createNetworkStub(): NetworkAdapter;
+export declare function createCommandExecutorStub(): CommandExecutor;
+export declare function wrapFileSystem(filesystem: VirtualFileSystem, permissions?: Permissions): VirtualFileSystem;
+export declare function wrapNetworkAdapter(adapter: NetworkAdapter, permissions?: Permissions): NetworkAdapter;
+export declare function mkdir(filesystem: VirtualFileSystem, path: string, options?: {
+    recursive?: boolean;
+} | boolean): Promise<void>;
+export declare function loadFile(path: string, filesystem: VirtualFileSystem): Promise<string | null>;
+export declare function resolveModule(specifier: string, fromPath: string, filesystem: VirtualFileSystem, _mode?: "require" | "import"): Promise<string | null>;
+export declare function isESM(code: string, filePath?: string): boolean;
+export declare function transformDynamicImport(code: string): string;
+export declare const POLYFILL_CODE_MAP: Record<string, string>;
+export declare function exposeCustomGlobal(name: string, value: unknown): void;
+export declare function exposeMutableRuntimeStateGlobal(name: string, value: unknown): void;
+export declare function getIsolateRuntimeSource(id: string): string;
+export declare function getRequireSetupCode(): string;
+export { createInMemoryFileSystem, InMemoryFileSystem };