@secure-exec/core 0.1.0-rc.1

package/dist/isolate-runtime/setup-dynamic-import.js

@@ -0,0 +1,64 @@
+"use strict";
+(() => {
+  // isolate-runtime/src/common/global-access.ts
+  function isObjectLike(value) {
+    return value !== null && (typeof value === "object" || typeof value === "function");
+  }
+
+  // isolate-runtime/src/common/global-exposure.ts
+  function defineRuntimeGlobalBinding(name, value, mutable) {
+    Object.defineProperty(globalThis, name, {
+      value,
+      writable: mutable,
+      configurable: mutable,
+      enumerable: true
+    });
+  }
+  function createRuntimeGlobalExposer(mutable) {
+    return (name, value) => {
+      defineRuntimeGlobalBinding(name, value, mutable);
+    };
+  }
+  function getRuntimeExposeCustomGlobal() {
+    if (typeof globalThis.__runtimeExposeCustomGlobal === "function") {
+      return globalThis.__runtimeExposeCustomGlobal;
+    }
+    return createRuntimeGlobalExposer(false);
+  }
+
+  // isolate-runtime/src/inject/setup-dynamic-import.ts
+  var __runtimeExposeCustomGlobal = getRuntimeExposeCustomGlobal();
+  var __dynamicImportConfig = globalThis.__runtimeDynamicImportConfig ?? {};
+  var __fallbackReferrer = typeof __dynamicImportConfig.referrerPath === "string" && __dynamicImportConfig.referrerPath.length > 0 ? __dynamicImportConfig.referrerPath : "/";
+  var __dynamicImportHandler = async function(specifier, fromPath) {
+    const request = String(specifier);
+    const referrer = typeof fromPath === "string" && fromPath.length > 0 ? fromPath : __fallbackReferrer;
+    const allowRequireFallback = request.endsWith(".cjs") || request.endsWith(".json");
+    const namespace = await globalThis._dynamicImport.apply(
+      void 0,
+      [request, referrer],
+      { result: { promise: true } }
+    );
+    if (namespace !== null) {
+      return namespace;
+    }
+    if (!allowRequireFallback) {
+      throw new Error("Cannot find module '" + request + "'");
+    }
+    const runtimeRequire = globalThis.require;
+    if (typeof runtimeRequire !== "function") {
+      throw new Error("Cannot find module '" + request + "'");
+    }
+    const mod = runtimeRequire(request);
+    const namespaceFallback = { default: mod };
+    if (isObjectLike(mod)) {
+      for (const key of Object.keys(mod)) {
+        if (!(key in namespaceFallback)) {
+          namespaceFallback[key] = mod[key];
+        }
+      }
+    }
+    return namespaceFallback;
+  };
+  __runtimeExposeCustomGlobal("__dynamicImport", __dynamicImportHandler);
+})();

package/dist/isolate-runtime/setup-fs-facade.js

@@ -0,0 +1,48 @@
+"use strict";
+(() => {
+  // isolate-runtime/src/common/global-exposure.ts
+  function defineRuntimeGlobalBinding(name, value, mutable) {
+    Object.defineProperty(globalThis, name, {
+      value,
+      writable: mutable,
+      configurable: mutable,
+      enumerable: true
+    });
+  }
+  function createRuntimeGlobalExposer(mutable) {
+    return (name, value) => {
+      defineRuntimeGlobalBinding(name, value, mutable);
+    };
+  }
+  function getRuntimeExposeCustomGlobal() {
+    if (typeof globalThis.__runtimeExposeCustomGlobal === "function") {
+      return globalThis.__runtimeExposeCustomGlobal;
+    }
+    return createRuntimeGlobalExposer(false);
+  }
+
+  // isolate-runtime/src/inject/setup-fs-facade.ts
+  var __runtimeExposeCustomGlobal = getRuntimeExposeCustomGlobal();
+  var __fsFacade = {
+    readFile: globalThis._fsReadFile,
+    writeFile: globalThis._fsWriteFile,
+    readFileBinary: globalThis._fsReadFileBinary,
+    writeFileBinary: globalThis._fsWriteFileBinary,
+    readDir: globalThis._fsReadDir,
+    mkdir: globalThis._fsMkdir,
+    rmdir: globalThis._fsRmdir,
+    exists: globalThis._fsExists,
+    stat: globalThis._fsStat,
+    unlink: globalThis._fsUnlink,
+    rename: globalThis._fsRename,
+    chmod: globalThis._fsChmod,
+    chown: globalThis._fsChown,
+    link: globalThis._fsLink,
+    symlink: globalThis._fsSymlink,
+    readlink: globalThis._fsReadlink,
+    lstat: globalThis._fsLstat,
+    truncate: globalThis._fsTruncate,
+    utimes: globalThis._fsUtimes
+  };
+  __runtimeExposeCustomGlobal("_fs", __fsFacade);
+})();

package/dist/module-resolver.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Module classification and resolution helpers.
+ *
+ * Node built-ins are split into three tiers:
+ * - Bridge modules: fully polyfilled by the bridge (fs, process, http, etc.)
+ * - Deferred core modules: known but not yet bridge-supported; surfaced via
+ *   deferred stubs in require paths and polyfills/wrappers in ESM paths
+ * - Unsupported core modules: known but intentionally unimplemented
+ *
+ * Everything else falls through to node-stdlib-browser polyfills or node_modules.
+ */
+/**
+ * Known named exports for each built-in module. Used by the ESM wrapper
+ * generator to create `export const X = _builtin.X;` re-exports so that
+ * `import { readFile } from 'fs'` works inside the isolate.
+ */
+export declare const BUILTIN_NAMED_EXPORTS: Record<string, string[]>;
+/**
+ * Normalize a module specifier to its canonical form if it's a known built-in.
+ * Returns null for non-builtin specifiers.
+ * Preserves the `node:` prefix when present, strips it otherwise.
+ */
+export declare function normalizeBuiltinSpecifier(request: string): string | null;
+/** Extract the directory portion of a path (lightweight dirname without node:path). */
+export declare function getPathDir(path: string): string;

package/dist/module-resolver.js

@@ -0,0 +1,264 @@
+/**
+ * Module classification and resolution helpers.
+ *
+ * Node built-ins are split into three tiers:
+ * - Bridge modules: fully polyfilled by the bridge (fs, process, http, etc.)
+ * - Deferred core modules: known but not yet bridge-supported; surfaced via
+ *   deferred stubs in require paths and polyfills/wrappers in ESM paths
+ * - Unsupported core modules: known but intentionally unimplemented
+ *
+ * Everything else falls through to node-stdlib-browser polyfills or node_modules.
+ */
+import stdLibBrowser from "node-stdlib-browser";
+/** Check if a module has a polyfill available via node-stdlib-browser. */
+function hasPolyfill(moduleName) {
+    const name = moduleName.replace(/^node:/, "");
+    const polyfill = stdLibBrowser[name];
+    return polyfill !== undefined && polyfill !== null;
+}
+/** Modules with full bridge implementations injected into the isolate. */
+const BRIDGE_MODULES = [
+    "fs",
+    "fs/promises",
+    "module",
+    "os",
+    "http",
+    "https",
+    "http2",
+    "dns",
+    "child_process",
+    "process",
+    "v8",
+];
+/**
+ * Recognized built-ins that lack bridge support.
+ * Runtime handling differs by path (require stubs vs ESM/polyfill handling).
+ */
+const DEFERRED_CORE_MODULES = [
+    "net",
+    "tls",
+    "readline",
+    "perf_hooks",
+    "async_hooks",
+    "worker_threads",
+    "diagnostics_channel",
+];
+/** Built-ins that are intentionally unimplemented (throw on use). */
+const UNSUPPORTED_CORE_MODULES = [
+    "dgram",
+    "cluster",
+    "wasi",
+    "inspector",
+    "repl",
+    "trace_events",
+    "domain",
+];
+const KNOWN_BUILTIN_MODULES = new Set([
+    ...BRIDGE_MODULES,
+    ...DEFERRED_CORE_MODULES,
+    ...UNSUPPORTED_CORE_MODULES,
+    "assert",
+    "buffer",
+    "constants",
+    "crypto",
+    "events",
+    "path",
+    "querystring",
+    "stream",
+    "stream/web",
+    "string_decoder",
+    "timers",
+    "tty",
+    "url",
+    "util",
+    "vm",
+    "zlib",
+]);
+/**
+ * Known named exports for each built-in module. Used by the ESM wrapper
+ * generator to create `export const X = _builtin.X;` re-exports so that
+ * `import { readFile } from 'fs'` works inside the isolate.
+ */
+export const BUILTIN_NAMED_EXPORTS = {
+    fs: [
+        "promises",
+        "readFileSync",
+        "writeFileSync",
+        "appendFileSync",
+        "existsSync",
+        "statSync",
+        "mkdirSync",
+        "readdirSync",
+        "createReadStream",
+        "createWriteStream",
+    ],
+    "fs/promises": [
+        "access",
+        "readFile",
+        "writeFile",
+        "appendFile",
+        "copyFile",
+        "cp",
+        "open",
+        "opendir",
+        "mkdir",
+        "mkdtemp",
+        "readdir",
+        "rename",
+        "stat",
+        "lstat",
+        "chmod",
+        "chown",
+        "utimes",
+        "truncate",
+        "unlink",
+        "rm",
+        "rmdir",
+        "realpath",
+        "readlink",
+        "symlink",
+        "link",
+    ],
+    module: [
+        "createRequire",
+        "Module",
+        "isBuiltin",
+        "builtinModules",
+        "SourceMap",
+        "syncBuiltinESMExports",
+    ],
+    os: [
+        "arch",
+        "platform",
+        "tmpdir",
+        "homedir",
+        "hostname",
+        "type",
+        "release",
+        "constants",
+    ],
+    http: [
+        "request",
+        "get",
+        "createServer",
+        "Server",
+        "IncomingMessage",
+        "ServerResponse",
+        "Agent",
+        "METHODS",
+        "STATUS_CODES",
+    ],
+    https: ["request", "get", "createServer", "Agent", "globalAgent"],
+    dns: ["lookup", "resolve", "resolve4", "resolve6", "promises"],
+    child_process: [
+        "spawn",
+        "spawnSync",
+        "exec",
+        "execSync",
+        "execFile",
+        "execFileSync",
+        "fork",
+    ],
+    process: [
+        "argv",
+        "env",
+        "cwd",
+        "chdir",
+        "exit",
+        "pid",
+        "platform",
+        "version",
+        "versions",
+        "stdout",
+        "stderr",
+        "stdin",
+        "nextTick",
+    ],
+    path: [
+        "sep",
+        "delimiter",
+        "basename",
+        "dirname",
+        "extname",
+        "format",
+        "isAbsolute",
+        "join",
+        "normalize",
+        "parse",
+        "relative",
+        "resolve",
+    ],
+    async_hooks: [
+        "AsyncLocalStorage",
+        "AsyncResource",
+        "createHook",
+        "executionAsyncId",
+        "triggerAsyncId",
+    ],
+    perf_hooks: [
+        "performance",
+        "PerformanceObserver",
+        "PerformanceEntry",
+        "monitorEventLoopDelay",
+        "createHistogram",
+        "constants",
+    ],
+    diagnostics_channel: [
+        "channel",
+        "hasSubscribers",
+        "tracingChannel",
+        "Channel",
+    ],
+    stream: [
+        "Readable",
+        "Writable",
+        "Duplex",
+        "Transform",
+        "PassThrough",
+        "Stream",
+        "pipeline",
+        "finished",
+        "promises",
+        "addAbortSignal",
+        "compose",
+    ],
+    "stream/web": [
+        "ReadableStream",
+        "ReadableStreamDefaultReader",
+        "ReadableStreamBYOBReader",
+        "ReadableStreamBYOBRequest",
+        "ReadableByteStreamController",
+        "ReadableStreamDefaultController",
+        "TransformStream",
+        "TransformStreamDefaultController",
+        "WritableStream",
+        "WritableStreamDefaultWriter",
+        "WritableStreamDefaultController",
+        "ByteLengthQueuingStrategy",
+        "CountQueuingStrategy",
+        "TextEncoderStream",
+        "TextDecoderStream",
+        "CompressionStream",
+        "DecompressionStream",
+    ],
+};
+/**
+ * Normalize a module specifier to its canonical form if it's a known built-in.
+ * Returns null for non-builtin specifiers.
+ * Preserves the `node:` prefix when present, strips it otherwise.
+ */
+export function normalizeBuiltinSpecifier(request) {
+    const moduleName = request.replace(/^node:/, "");
+    if (KNOWN_BUILTIN_MODULES.has(moduleName) || hasPolyfill(moduleName)) {
+        return request.startsWith("node:") ? `node:${moduleName}` : moduleName;
+    }
+    return null;
+}
+/** Extract the directory portion of a path (lightweight dirname without node:path). */
+export function getPathDir(path) {
+    const normalizedPath = path.replace(/\\/g, "/");
+    const lastSlash = normalizedPath.lastIndexOf("/");
+    if (lastSlash <= 0)
+        return "/";
+    return normalizedPath.slice(0, lastSlash);
+}

package/dist/package-bundler.d.ts

@@ -0,0 +1,36 @@
+import type { VirtualFileSystem } from "./types.js";
+type ResolveMode = "require" | "import";
+interface PackageJson {
+    main?: string;
+    type?: "module" | "commonjs";
+    exports?: unknown;
+    imports?: unknown;
+}
+/** Caches for module resolution to avoid redundant VFS probes. */
+export interface ResolutionCache {
+    /** Top-level resolution results keyed by `request\0fromDir\0mode` */
+    resolveResults: Map<string, string | null>;
+    /** Parsed package.json content by path */
+    packageJsonResults: Map<string, PackageJson | null>;
+    /** File existence by path */
+    existsResults: Map<string, boolean>;
+    /** Stat results by path (null = ENOENT) */
+    statResults: Map<string, {
+        isDirectory: boolean;
+    } | null>;
+}
+export declare function createResolutionCache(): ResolutionCache;
+/**
+ * Resolve a module request to an absolute path in the virtual filesystem
+ */
+export declare function resolveModule(request: string, fromDir: string, fs: VirtualFileSystem, mode?: ResolveMode, cache?: ResolutionCache): Promise<string | null>;
+/**
+ * Load a file's content from the virtual filesystem
+ */
+export declare function loadFile(path: string, fs: VirtualFileSystem): Promise<string | null>;
+/**
+ * Legacy function - bundle a package from node_modules (simple approach)
+ * This is kept for backwards compatibility but the new dynamic resolution is preferred
+ */
+export declare function bundlePackage(packageName: string, fs: VirtualFileSystem): Promise<string | null>;
+export {};