@secure-exec/core 0.1.0-rc.1

package/dist/types.d.ts

@@ -0,0 +1,206 @@
+/**
+ * Minimal filesystem interface for secure-exec.
+ *
+ * This interface abstracts filesystem operations needed by the sandbox.
+ */
+export interface VirtualDirEntry {
+    name: string;
+    isDirectory: boolean;
+}
+export interface VirtualStat {
+    mode: number;
+    size: number;
+    isDirectory: boolean;
+    isSymbolicLink?: boolean;
+    atimeMs: number;
+    mtimeMs: number;
+    ctimeMs: number;
+    birthtimeMs: number;
+}
+export interface VirtualFileSystem {
+    /**
+     * Read a file as binary data.
+     * @throws Error if file doesn't exist.
+     */
+    readFile(path: string): Promise<Uint8Array>;
+    /**
+     * Read a file as text (UTF-8).
+     * @throws Error if file doesn't exist.
+     */
+    readTextFile(path: string): Promise<string>;
+    /**
+     * Read directory entries (file/folder names).
+     * @throws Error if directory doesn't exist.
+     */
+    readDir(path: string): Promise<string[]>;
+    /**
+     * Read directory entries with type metadata.
+     * @throws Error if directory doesn't exist.
+     */
+    readDirWithTypes(path: string): Promise<VirtualDirEntry[]>;
+    /**
+     * Write a file (creates parent directories as needed).
+     * @param path - Absolute path to the file.
+     * @param content - String or binary content.
+     */
+    writeFile(path: string, content: string | Uint8Array): Promise<void>;
+    /**
+     * Create a single directory level.
+     * @throws Error if parent doesn't exist.
+     */
+    createDir(path: string): Promise<void>;
+    /**
+     * Create a directory recursively (creates parent directories as needed).
+     * Should not throw if directory already exists.
+     */
+    mkdir(path: string): Promise<void>;
+    /**
+     * Check if a path exists (file or directory).
+     */
+    exists(path: string): Promise<boolean>;
+    /**
+     * Get file or directory metadata.
+     * @throws Error if path doesn't exist.
+     */
+    stat(path: string): Promise<VirtualStat>;
+    /**
+     * Remove a file.
+     * @throws Error if file doesn't exist.
+     */
+    removeFile(path: string): Promise<void>;
+    /**
+     * Remove an empty directory.
+     * @throws Error if directory doesn't exist or is not empty.
+     */
+    removeDir(path: string): Promise<void>;
+    /**
+     * Rename or move a file/directory.
+     * Behavior SHOULD be atomic when supported by the backing store.
+     */
+    rename(oldPath: string, newPath: string): Promise<void>;
+    /** Create a symbolic link at linkPath pointing to target. */
+    symlink(target: string, linkPath: string): Promise<void>;
+    /** Read the target of a symbolic link. */
+    readlink(path: string): Promise<string>;
+    /** Like stat but does not follow symlinks. */
+    lstat(path: string): Promise<VirtualStat>;
+    /** Create a hard link from oldPath to newPath. */
+    link(oldPath: string, newPath: string): Promise<void>;
+    /** Change file mode bits. */
+    chmod(path: string, mode: number): Promise<void>;
+    /** Change file owner and group. */
+    chown(path: string, uid: number, gid: number): Promise<void>;
+    /** Update access and modification timestamps. */
+    utimes(path: string, atime: number, mtime: number): Promise<void>;
+    /** Truncate a file to a specified length. */
+    truncate(path: string, length: number): Promise<void>;
+}
+export interface SpawnedProcess {
+    writeStdin(data: Uint8Array | string): void;
+    closeStdin(): void;
+    kill(signal?: number): void;
+    wait(): Promise<number>;
+}
+export interface CommandExecutor {
+    spawn(command: string, args: string[], options: {
+        cwd?: string;
+        env?: Record<string, string>;
+        onStdout?: (data: Uint8Array) => void;
+        onStderr?: (data: Uint8Array) => void;
+    }): SpawnedProcess;
+}
+export interface NetworkServerAddress {
+    address: string;
+    family: string;
+    port: number;
+}
+export interface NetworkServerRequest {
+    method: string;
+    url: string;
+    headers: Record<string, string>;
+    rawHeaders: string[];
+    bodyBase64?: string;
+}
+export interface NetworkServerResponse {
+    status: number;
+    headers?: Array<[string, string]>;
+    body?: string;
+    bodyEncoding?: "utf8" | "base64";
+}
+export interface NetworkServerListenOptions {
+    serverId: number;
+    port?: number;
+    hostname?: string;
+    onRequest(request: NetworkServerRequest): Promise<NetworkServerResponse> | NetworkServerResponse;
+}
+export interface NetworkAdapter {
+    httpServerListen?(options: NetworkServerListenOptions): Promise<{
+        address: NetworkServerAddress | null;
+    }>;
+    httpServerClose?(serverId: number): Promise<void>;
+    fetch(url: string, options: {
+        method?: string;
+        headers?: Record<string, string>;
+        body?: string | null;
+    }): Promise<{
+        ok: boolean;
+        status: number;
+        statusText: string;
+        headers: Record<string, string>;
+        body: string;
+        url: string;
+        redirected: boolean;
+    }>;
+    dnsLookup(hostname: string): Promise<{
+        address: string;
+        family: number;
+    } | {
+        error: string;
+        code: string;
+    }>;
+    httpRequest(url: string, options: {
+        method?: string;
+        headers?: Record<string, string>;
+        body?: string | null;
+    }): Promise<{
+        status: number;
+        statusText: string;
+        headers: Record<string, string>;
+        body: string;
+        url: string;
+        trailers?: Record<string, string>;
+    }>;
+}
+export interface PermissionDecision {
+    allow: boolean;
+    reason?: string;
+}
+export type PermissionCheck<T> = (request: T) => PermissionDecision;
+export interface FsAccessRequest {
+    op: "read" | "write" | "mkdir" | "createDir" | "readdir" | "stat" | "rm" | "rename" | "exists" | "chmod" | "chown" | "link" | "symlink" | "readlink" | "truncate" | "utimes";
+    path: string;
+}
+export interface NetworkAccessRequest {
+    op: "fetch" | "http" | "dns" | "listen";
+    url?: string;
+    method?: string;
+    hostname?: string;
+}
+export interface ChildProcessAccessRequest {
+    command: string;
+    args: string[];
+    cwd?: string;
+    env?: Record<string, string>;
+}
+export interface EnvAccessRequest {
+    op: "read" | "write";
+    key: string;
+    value?: string;
+}
+export interface Permissions {
+    fs?: PermissionCheck<FsAccessRequest>;
+    network?: PermissionCheck<NetworkAccessRequest>;
+    childProcess?: PermissionCheck<ChildProcessAccessRequest>;
+    env?: PermissionCheck<EnvAccessRequest>;
+}
+export type { DriverRuntimeConfig, NodeRuntimeDriver, NodeRuntimeDriverFactory, PythonRuntimeDriver, PythonRuntimeDriverFactory, RuntimeDriver, RuntimeDriverFactory, RuntimeDriverOptions, SharedRuntimeDriver, SystemDriver, } from "./runtime-driver.js";

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -0,0 +1,107 @@
+{
+  "name": "@secure-exec/core",
+  "version": "0.1.0-rc.1",
+  "type": "module",
+  "license": "Apache-2.0",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "default": "./dist/index.js"
+    },
+    "./internal/bridge-setup": {
+      "types": "./dist/bridge-setup.d.ts",
+      "import": "./dist/bridge-setup.js",
+      "default": "./dist/bridge-setup.js"
+    },
+    "./internal/esm-compiler": {
+      "types": "./dist/esm-compiler.d.ts",
+      "import": "./dist/esm-compiler.js",
+      "default": "./dist/esm-compiler.js"
+    },
+    "./internal/fs-helpers": {
+      "types": "./dist/fs-helpers.d.ts",
+      "import": "./dist/fs-helpers.js",
+      "default": "./dist/fs-helpers.js"
+    },
+    "./internal/module-resolver": {
+      "types": "./dist/module-resolver.d.ts",
+      "import": "./dist/module-resolver.js",
+      "default": "./dist/module-resolver.js"
+    },
+    "./internal/package-bundler": {
+      "types": "./dist/package-bundler.d.ts",
+      "import": "./dist/package-bundler.js",
+      "default": "./dist/package-bundler.js"
+    },
+    "./internal/runtime": {
+      "types": "./dist/runtime.d.ts",
+      "import": "./dist/runtime.js",
+      "default": "./dist/runtime.js"
+    },
+    "./internal/python-runtime": {
+      "types": "./dist/python-runtime.d.ts",
+      "import": "./dist/python-runtime.js",
+      "default": "./dist/python-runtime.js"
+    },
+    "./internal/runtime-driver": {
+      "types": "./dist/runtime-driver.d.ts",
+      "import": "./dist/runtime-driver.js",
+      "default": "./dist/runtime-driver.js"
+    },
+    "./internal/types": {
+      "types": "./dist/types.d.ts",
+      "import": "./dist/types.js",
+      "default": "./dist/types.js"
+    },
+    "./internal/generated/isolate-runtime": {
+      "types": "./dist/generated/isolate-runtime.d.ts",
+      "import": "./dist/generated/isolate-runtime.js",
+      "default": "./dist/generated/isolate-runtime.js"
+    },
+    "./internal/generated/polyfills": {
+      "types": "./dist/generated/polyfills.d.ts",
+      "import": "./dist/generated/polyfills.js",
+      "default": "./dist/generated/polyfills.js"
+    },
+    "./internal/shared/*": {
+      "types": "./dist/shared/*.d.ts",
+      "import": "./dist/shared/*.js",
+      "default": "./dist/shared/*.js"
+    },
+    "./internal/bridge": {
+      "types": "./dist/bridge/index.d.ts",
+      "import": "./dist/bridge/index.js",
+      "default": "./dist/bridge/index.js"
+    }
+  },
+  "dependencies": {
+    "buffer": "^6.0.3",
+    "esbuild": "^0.27.1",
+    "node-stdlib-browser": "^1.3.1",
+    "sucrase": "^3.35.0",
+    "text-encoding-utf-8": "^1.0.2",
+    "whatwg-url": "^15.1.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.10.2",
+    "typescript": "^5.7.2"
+  },
+  "scripts": {
+    "check-types:src": "tsc --noEmit",
+    "check-types:isolate-runtime": "tsc -p tsconfig.isolate-runtime.json --noEmit",
+    "check-types": "pnpm run build:generated && pnpm run check-types:src && pnpm run check-types:isolate-runtime",
+    "build:bridge": "esbuild src/bridge/index.ts --bundle --format=iife --global-name=bridge --outfile=dist/bridge.js",
+    "build:polyfills": "node scripts/build-polyfills.mjs",
+    "build:isolate-runtime": "node scripts/build-isolate-runtime.mjs",
+    "build:generated": "pnpm run build:polyfills && pnpm run build:isolate-runtime",
+    "build": "pnpm run build:bridge && pnpm run build:generated && tsc",
+    "test": "echo 'no tests yet'"
+  }
+}