@secure-exec/core 0.1.1-rc.1 → 0.1.1-rc.3

package/dist/isolate-runtime/setup-dynamic-import.js

@@ -34,7 +34,11 @@
     const request = String(specifier);
     const referrer = typeof fromPath === "string" && fromPath.length > 0 ? fromPath : __fallbackReferrer;
     const allowRequireFallback = request.endsWith(".cjs") || request.endsWith(".json");
-    const namespace = await globalThis._dynamicImport(request, referrer);
+    const namespace = await globalThis._dynamicImport.apply(
+      void 0,
+      [request, referrer],
+      { result: { promise: true } }
+    );
     if (namespace !== null) {
       return namespace;
     }

package/dist/isolate-runtime/setup-fs-facade.js

@@ -23,65 +23,26 @@
 
   // isolate-runtime/src/inject/setup-fs-facade.ts
   var __runtimeExposeCustomGlobal = getRuntimeExposeCustomGlobal();
-  var __fsFacade = {};
-  Object.defineProperties(__fsFacade, {
-    readFile: { get() {
-      return globalThis._fsReadFile;
-    }, enumerable: true },
-    writeFile: { get() {
-      return globalThis._fsWriteFile;
-    }, enumerable: true },
-    readFileBinary: { get() {
-      return globalThis._fsReadFileBinary;
-    }, enumerable: true },
-    writeFileBinary: { get() {
-      return globalThis._fsWriteFileBinary;
-    }, enumerable: true },
-    readDir: { get() {
-      return globalThis._fsReadDir;
-    }, enumerable: true },
-    mkdir: { get() {
-      return globalThis._fsMkdir;
-    }, enumerable: true },
-    rmdir: { get() {
-      return globalThis._fsRmdir;
-    }, enumerable: true },
-    exists: { get() {
-      return globalThis._fsExists;
-    }, enumerable: true },
-    stat: { get() {
-      return globalThis._fsStat;
-    }, enumerable: true },
-    unlink: { get() {
-      return globalThis._fsUnlink;
-    }, enumerable: true },
-    rename: { get() {
-      return globalThis._fsRename;
-    }, enumerable: true },
-    chmod: { get() {
-      return globalThis._fsChmod;
-    }, enumerable: true },
-    chown: { get() {
-      return globalThis._fsChown;
-    }, enumerable: true },
-    link: { get() {
-      return globalThis._fsLink;
-    }, enumerable: true },
-    symlink: { get() {
-      return globalThis._fsSymlink;
-    }, enumerable: true },
-    readlink: { get() {
-      return globalThis._fsReadlink;
-    }, enumerable: true },
-    lstat: { get() {
-      return globalThis._fsLstat;
-    }, enumerable: true },
-    truncate: { get() {
-      return globalThis._fsTruncate;
-    }, enumerable: true },
-    utimes: { get() {
-      return globalThis._fsUtimes;
-    }, enumerable: true }
-  });
+  var __fsFacade = {
+    readFile: globalThis._fsReadFile,
+    writeFile: globalThis._fsWriteFile,
+    readFileBinary: globalThis._fsReadFileBinary,
+    writeFileBinary: globalThis._fsWriteFileBinary,
+    readDir: globalThis._fsReadDir,
+    mkdir: globalThis._fsMkdir,
+    rmdir: globalThis._fsRmdir,
+    exists: globalThis._fsExists,
+    stat: globalThis._fsStat,
+    unlink: globalThis._fsUnlink,
+    rename: globalThis._fsRename,
+    chmod: globalThis._fsChmod,
+    chown: globalThis._fsChown,
+    link: globalThis._fsLink,
+    symlink: globalThis._fsSymlink,
+    readlink: globalThis._fsReadlink,
+    lstat: globalThis._fsLstat,
+    truncate: globalThis._fsTruncate,
+    utimes: globalThis._fsUtimes
+  };
   __runtimeExposeCustomGlobal("_fs", __fsFacade);
 })();

package/dist/shared/bridge-contract.d.ts

@@ -3,11 +3,10 @@
  * host (Node.js) and the isolate (sandbox V8 context).
  *
  * Two categories:
- * - Host bridge globals: set by the host before bridge code runs (fs fns, timers, etc.)
+ * - Host bridge globals: set by the host before bridge code runs (fs refs, timers, etc.)
  * - Runtime bridge globals: installed by the bridge bundle itself (active handles, modules, etc.)
  *
- * Each type alias is a plain function signature. The Rust V8 runtime registers
- * these as real JS functions on the global; bridge code calls them directly.
+ * The typed `Ref` aliases describe the isolated-vm calling convention for each global.
  */
 export type ValueOf<T> = T[keyof T];
 /** Globals injected by the host before the bridge bundle executes. */
@@ -15,10 +14,25 @@ export declare const HOST_BRIDGE_GLOBAL_KEYS: {
     readonly dynamicImport: "_dynamicImport";
     readonly loadPolyfill: "_loadPolyfill";
     readonly resolveModule: "_resolveModule";
+    readonly resolveModuleSync: "_resolveModuleSync";
     readonly loadFile: "_loadFile";
+    readonly loadFileSync: "_loadFileSync";
     readonly scheduleTimer: "_scheduleTimer";
     readonly cryptoRandomFill: "_cryptoRandomFill";
     readonly cryptoRandomUuid: "_cryptoRandomUUID";
+    readonly cryptoHashDigest: "_cryptoHashDigest";
+    readonly cryptoHmacDigest: "_cryptoHmacDigest";
+    readonly cryptoPbkdf2: "_cryptoPbkdf2";
+    readonly cryptoScrypt: "_cryptoScrypt";
+    readonly cryptoCipheriv: "_cryptoCipheriv";
+    readonly cryptoDecipheriv: "_cryptoDecipheriv";
+    readonly cryptoCipherivCreate: "_cryptoCipherivCreate";
+    readonly cryptoCipherivUpdate: "_cryptoCipherivUpdate";
+    readonly cryptoCipherivFinal: "_cryptoCipherivFinal";
+    readonly cryptoSign: "_cryptoSign";
+    readonly cryptoVerify: "_cryptoVerify";
+    readonly cryptoGenerateKeyPairSync: "_cryptoGenerateKeyPairSync";
+    readonly cryptoSubtle: "_cryptoSubtle";
     readonly fsReadFile: "_fsReadFile";
     readonly fsWriteFile: "_fsWriteFile";
     readonly fsReadFileBinary: "_fsReadFileBinary";
@@ -48,6 +62,14 @@ export declare const HOST_BRIDGE_GLOBAL_KEYS: {
     readonly networkHttpRequestRaw: "_networkHttpRequestRaw";
     readonly networkHttpServerListenRaw: "_networkHttpServerListenRaw";
     readonly networkHttpServerCloseRaw: "_networkHttpServerCloseRaw";
+    readonly upgradeSocketWriteRaw: "_upgradeSocketWriteRaw";
+    readonly upgradeSocketEndRaw: "_upgradeSocketEndRaw";
+    readonly upgradeSocketDestroyRaw: "_upgradeSocketDestroyRaw";
+    readonly netSocketConnectRaw: "_netSocketConnectRaw";
+    readonly netSocketWriteRaw: "_netSocketWriteRaw";
+    readonly netSocketEndRaw: "_netSocketEndRaw";
+    readonly netSocketDestroyRaw: "_netSocketDestroyRaw";
+    readonly netSocketUpgradeTlsRaw: "_netSocketUpgradeTlsRaw";
     readonly ptySetRawMode: "_ptySetRawMode";
     readonly processConfig: "_processConfig";
     readonly osConfig: "_osConfig";
@@ -69,6 +91,12 @@ export declare const RUNTIME_BRIDGE_GLOBAL_KEYS: {
     readonly http2Module: "_http2Module";
     readonly dnsModule: "_dnsModule";
     readonly httpServerDispatch: "_httpServerDispatch";
+    readonly httpServerUpgradeDispatch: "_httpServerUpgradeDispatch";
+    readonly upgradeSocketData: "_upgradeSocketData";
+    readonly upgradeSocketEnd: "_upgradeSocketEnd";
+    readonly netModule: "_netModule";
+    readonly tlsModule: "_tlsModule";
+    readonly netSocketDispatch: "_netSocketDispatch";
     readonly fsFacade: "_fs";
     readonly requireFrom: "_requireFrom";
     readonly moduleCache: "_moduleCache";
@@ -81,10 +109,25 @@ export declare const HOST_BRIDGE_GLOBAL_KEY_LIST: ValueOf<{
     readonly dynamicImport: "_dynamicImport";
     readonly loadPolyfill: "_loadPolyfill";
     readonly resolveModule: "_resolveModule";
+    readonly resolveModuleSync: "_resolveModuleSync";
     readonly loadFile: "_loadFile";
+    readonly loadFileSync: "_loadFileSync";
     readonly scheduleTimer: "_scheduleTimer";
     readonly cryptoRandomFill: "_cryptoRandomFill";
     readonly cryptoRandomUuid: "_cryptoRandomUUID";
+    readonly cryptoHashDigest: "_cryptoHashDigest";
+    readonly cryptoHmacDigest: "_cryptoHmacDigest";
+    readonly cryptoPbkdf2: "_cryptoPbkdf2";
+    readonly cryptoScrypt: "_cryptoScrypt";
+    readonly cryptoCipheriv: "_cryptoCipheriv";
+    readonly cryptoDecipheriv: "_cryptoDecipheriv";
+    readonly cryptoCipherivCreate: "_cryptoCipherivCreate";
+    readonly cryptoCipherivUpdate: "_cryptoCipherivUpdate";
+    readonly cryptoCipherivFinal: "_cryptoCipherivFinal";
+    readonly cryptoSign: "_cryptoSign";
+    readonly cryptoVerify: "_cryptoVerify";
+    readonly cryptoGenerateKeyPairSync: "_cryptoGenerateKeyPairSync";
+    readonly cryptoSubtle: "_cryptoSubtle";
     readonly fsReadFile: "_fsReadFile";
     readonly fsWriteFile: "_fsWriteFile";
     readonly fsReadFileBinary: "_fsReadFileBinary";
@@ -114,6 +157,14 @@ export declare const HOST_BRIDGE_GLOBAL_KEY_LIST: ValueOf<{
     readonly networkHttpRequestRaw: "_networkHttpRequestRaw";
     readonly networkHttpServerListenRaw: "_networkHttpServerListenRaw";
     readonly networkHttpServerCloseRaw: "_networkHttpServerCloseRaw";
+    readonly upgradeSocketWriteRaw: "_upgradeSocketWriteRaw";
+    readonly upgradeSocketEndRaw: "_upgradeSocketEndRaw";
+    readonly upgradeSocketDestroyRaw: "_upgradeSocketDestroyRaw";
+    readonly netSocketConnectRaw: "_netSocketConnectRaw";
+    readonly netSocketWriteRaw: "_netSocketWriteRaw";
+    readonly netSocketEndRaw: "_netSocketEndRaw";
+    readonly netSocketDestroyRaw: "_netSocketDestroyRaw";
+    readonly netSocketUpgradeTlsRaw: "_netSocketUpgradeTlsRaw";
     readonly ptySetRawMode: "_ptySetRawMode";
     readonly processConfig: "_processConfig";
     readonly osConfig: "_osConfig";
@@ -134,6 +185,12 @@ export declare const RUNTIME_BRIDGE_GLOBAL_KEY_LIST: ValueOf<{
     readonly http2Module: "_http2Module";
     readonly dnsModule: "_dnsModule";
     readonly httpServerDispatch: "_httpServerDispatch";
+    readonly httpServerUpgradeDispatch: "_httpServerUpgradeDispatch";
+    readonly upgradeSocketData: "_upgradeSocketData";
+    readonly upgradeSocketEnd: "_upgradeSocketEnd";
+    readonly netModule: "_netModule";
+    readonly tlsModule: "_tlsModule";
+    readonly netSocketDispatch: "_netSocketDispatch";
     readonly fsFacade: "_fs";
     readonly requireFrom: "_requireFrom";
     readonly moduleCache: "_moduleCache";
@@ -143,10 +200,25 @@ export declare const BRIDGE_GLOBAL_KEY_LIST: readonly (ValueOf<{
     readonly dynamicImport: "_dynamicImport";
     readonly loadPolyfill: "_loadPolyfill";
     readonly resolveModule: "_resolveModule";
+    readonly resolveModuleSync: "_resolveModuleSync";
     readonly loadFile: "_loadFile";
+    readonly loadFileSync: "_loadFileSync";
     readonly scheduleTimer: "_scheduleTimer";
     readonly cryptoRandomFill: "_cryptoRandomFill";
     readonly cryptoRandomUuid: "_cryptoRandomUUID";
+    readonly cryptoHashDigest: "_cryptoHashDigest";
+    readonly cryptoHmacDigest: "_cryptoHmacDigest";
+    readonly cryptoPbkdf2: "_cryptoPbkdf2";
+    readonly cryptoScrypt: "_cryptoScrypt";
+    readonly cryptoCipheriv: "_cryptoCipheriv";
+    readonly cryptoDecipheriv: "_cryptoDecipheriv";
+    readonly cryptoCipherivCreate: "_cryptoCipherivCreate";
+    readonly cryptoCipherivUpdate: "_cryptoCipherivUpdate";
+    readonly cryptoCipherivFinal: "_cryptoCipherivFinal";
+    readonly cryptoSign: "_cryptoSign";
+    readonly cryptoVerify: "_cryptoVerify";
+    readonly cryptoGenerateKeyPairSync: "_cryptoGenerateKeyPairSync";
+    readonly cryptoSubtle: "_cryptoSubtle";
     readonly fsReadFile: "_fsReadFile";
     readonly fsWriteFile: "_fsWriteFile";
     readonly fsReadFileBinary: "_fsReadFileBinary";
@@ -176,6 +248,14 @@ export declare const BRIDGE_GLOBAL_KEY_LIST: readonly (ValueOf<{
     readonly networkHttpRequestRaw: "_networkHttpRequestRaw";
     readonly networkHttpServerListenRaw: "_networkHttpServerListenRaw";
     readonly networkHttpServerCloseRaw: "_networkHttpServerCloseRaw";
+    readonly upgradeSocketWriteRaw: "_upgradeSocketWriteRaw";
+    readonly upgradeSocketEndRaw: "_upgradeSocketEndRaw";
+    readonly upgradeSocketDestroyRaw: "_upgradeSocketDestroyRaw";
+    readonly netSocketConnectRaw: "_netSocketConnectRaw";
+    readonly netSocketWriteRaw: "_netSocketWriteRaw";
+    readonly netSocketEndRaw: "_netSocketEndRaw";
+    readonly netSocketDestroyRaw: "_netSocketDestroyRaw";
+    readonly netSocketUpgradeTlsRaw: "_netSocketUpgradeTlsRaw";
     readonly ptySetRawMode: "_ptySetRawMode";
     readonly processConfig: "_processConfig";
     readonly osConfig: "_osConfig";
@@ -195,57 +275,120 @@ export declare const BRIDGE_GLOBAL_KEY_LIST: readonly (ValueOf<{
     readonly http2Module: "_http2Module";
     readonly dnsModule: "_dnsModule";
     readonly httpServerDispatch: "_httpServerDispatch";
+    readonly httpServerUpgradeDispatch: "_httpServerUpgradeDispatch";
+    readonly upgradeSocketData: "_upgradeSocketData";
+    readonly upgradeSocketEnd: "_upgradeSocketEnd";
+    readonly netModule: "_netModule";
+    readonly tlsModule: "_tlsModule";
+    readonly netSocketDispatch: "_netSocketDispatch";
     readonly fsFacade: "_fs";
     readonly requireFrom: "_requireFrom";
     readonly moduleCache: "_moduleCache";
     readonly processExitError: "ProcessExitError";
 }>)[];
-export type DynamicImportBridgeRef = (specifier: string, fromPath: string) => Promise<Record<string, unknown> | null>;
-export type LoadPolyfillBridgeRef = (moduleName: string) => string | null;
-export type ResolveModuleBridgeRef = (request: string, fromDir: string) => string | null;
-export type LoadFileBridgeRef = (path: string) => string | null;
+/** An isolated-vm Reference that resolves async via `{ result: { promise: true } }`. */
+export interface BridgeApplyRef<TArgs extends unknown[], TResult> {
+    apply(ctx: undefined, args: TArgs, options: {
+        result: {
+            promise: true;
+        };
+    }): Promise<TResult>;
+}
+/** An isolated-vm Reference called synchronously (blocks the isolate). */
+export interface BridgeApplySyncRef<TArgs extends unknown[], TResult> {
+    applySync(ctx: undefined, args: TArgs): TResult;
+}
+/**
+ * An isolated-vm Reference that blocks the isolate while the host resolves
+ * a Promise. Used for sync-looking APIs (require, readFileSync) that need
+ * async host operations.
+ */
+export interface BridgeApplySyncPromiseRef<TArgs extends unknown[], TResult> {
+    applySyncPromise(ctx: undefined, args: TArgs): TResult;
+}
+export type DynamicImportBridgeRef = BridgeApplyRef<[
+    string,
+    string
+], Record<string, unknown> | null>;
+export type LoadPolyfillBridgeRef = BridgeApplyRef<[string], string | null>;
+export type ResolveModuleBridgeRef = BridgeApplySyncPromiseRef<[
+    string,
+    string
+], string | null>;
+export type LoadFileBridgeRef = BridgeApplySyncPromiseRef<[string], string | null>;
 export type RequireFromBridgeFn = (request: string, dirname: string) => unknown;
 export type ModuleCacheBridgeRecord = Record<string, unknown>;
-export type ProcessLogBridgeRef = (msg: string) => void;
-export type ProcessErrorBridgeRef = (msg: string) => void;
-export type ScheduleTimerBridgeRef = (delayMs: number) => Promise<void>;
-export type CryptoRandomFillBridgeRef = (byteLength: number) => Uint8Array;
-export type CryptoRandomUuidBridgeRef = () => string;
-export type FsReadFileBridgeRef = (path: string) => string;
-export type FsWriteFileBridgeRef = (path: string, content: string) => void;
-export type FsReadFileBinaryBridgeRef = (path: string) => Uint8Array;
-export type FsWriteFileBinaryBridgeRef = (path: string, content: Uint8Array) => void;
-export type FsReadDirEntry = {
-    name: string;
-    isDirectory: boolean;
-};
-export type FsReadDirBridgeRef = (path: string) => FsReadDirEntry[];
-export type FsMkdirBridgeRef = (path: string, recursive: boolean) => void;
-export type FsRmdirBridgeRef = (path: string) => void;
-export type FsExistsBridgeRef = (path: string) => boolean;
-export type FsStatResult = {
-    mode: number;
-    size: number;
-    isDirectory: boolean;
-    atimeMs: number;
-    mtimeMs: number;
-    ctimeMs: number;
-    birthtimeMs: number;
-};
-export type FsStatBridgeRef = (path: string) => FsStatResult;
-export type FsUnlinkBridgeRef = (path: string) => void;
-export type FsRenameBridgeRef = (oldPath: string, newPath: string) => void;
-export type FsChmodBridgeRef = (path: string, mode: number) => void;
-export type FsChownBridgeRef = (path: string, uid: number, gid: number) => void;
-export type FsLinkBridgeRef = (existingPath: string, newPath: string) => void;
-export type FsSymlinkBridgeRef = (target: string, path: string) => void;
-export type FsReadlinkBridgeRef = (path: string) => string;
-export type FsLstatResult = FsStatResult & {
-    isSymbolicLink: boolean;
-};
-export type FsLstatBridgeRef = (path: string) => FsLstatResult;
-export type FsTruncateBridgeRef = (path: string, length: number) => void;
-export type FsUtimesBridgeRef = (path: string, atime: number, mtime: number) => void;
+export type ProcessLogBridgeRef = BridgeApplySyncRef<[string], void>;
+export type ProcessErrorBridgeRef = BridgeApplySyncRef<[string], void>;
+export type ScheduleTimerBridgeRef = BridgeApplyRef<[number], void>;
+export type CryptoRandomFillBridgeRef = BridgeApplySyncRef<[number], string>;
+export type CryptoRandomUuidBridgeRef = BridgeApplySyncRef<[], string>;
+export type CryptoHashDigestBridgeRef = BridgeApplySyncRef<[string, string], string>;
+export type CryptoHmacDigestBridgeRef = BridgeApplySyncRef<[string, string, string], string>;
+export type CryptoPbkdf2BridgeRef = BridgeApplySyncRef<[
+    string,
+    string,
+    number,
+    number,
+    string
+], string>;
+export type CryptoScryptBridgeRef = BridgeApplySyncRef<[
+    string,
+    string,
+    number,
+    string
+], string>;
+export type CryptoCipherivBridgeRef = BridgeApplySyncRef<[
+    string,
+    string,
+    string,
+    string
+], string>;
+export type CryptoDecipherivBridgeRef = BridgeApplySyncRef<[
+    string,
+    string,
+    string,
+    string,
+    string
+], string>;
+export type CryptoSignBridgeRef = BridgeApplySyncRef<[
+    string,
+    string,
+    string
+], string>;
+export type CryptoVerifyBridgeRef = BridgeApplySyncRef<[
+    string,
+    string,
+    string,
+    string
+], boolean>;
+export type CryptoGenerateKeyPairSyncBridgeRef = BridgeApplySyncRef<[
+    string,
+    string
+], string>;
+export type CryptoSubtleBridgeRef = BridgeApplySyncRef<[string], string>;
+export type FsReadFileBridgeRef = BridgeApplySyncPromiseRef<[string], string>;
+export type FsWriteFileBridgeRef = BridgeApplySyncPromiseRef<[string, string], void>;
+export type FsReadFileBinaryBridgeRef = BridgeApplySyncPromiseRef<[string], string>;
+export type FsWriteFileBinaryBridgeRef = BridgeApplySyncPromiseRef<[
+    string,
+    string
+], void>;
+export type FsReadDirBridgeRef = BridgeApplySyncPromiseRef<[string], string>;
+export type FsMkdirBridgeRef = BridgeApplySyncPromiseRef<[string, boolean], void>;
+export type FsRmdirBridgeRef = BridgeApplySyncPromiseRef<[string], void>;
+export type FsExistsBridgeRef = BridgeApplySyncPromiseRef<[string], boolean>;
+export type FsStatBridgeRef = BridgeApplySyncPromiseRef<[string], string>;
+export type FsUnlinkBridgeRef = BridgeApplySyncPromiseRef<[string], void>;
+export type FsRenameBridgeRef = BridgeApplySyncPromiseRef<[string, string], void>;
+export type FsChmodBridgeRef = BridgeApplySyncPromiseRef<[string, number], void>;
+export type FsChownBridgeRef = BridgeApplySyncPromiseRef<[string, number, number], void>;
+export type FsLinkBridgeRef = BridgeApplySyncPromiseRef<[string, string], void>;
+export type FsSymlinkBridgeRef = BridgeApplySyncPromiseRef<[string, string], void>;
+export type FsReadlinkBridgeRef = BridgeApplySyncPromiseRef<[string], string>;
+export type FsLstatBridgeRef = BridgeApplySyncPromiseRef<[string], string>;
+export type FsTruncateBridgeRef = BridgeApplySyncPromiseRef<[string, number], void>;
+export type FsUtimesBridgeRef = BridgeApplySyncPromiseRef<[string, number, number], void>;
 /** Combined filesystem bridge facade installed as `globalThis._fs` in the isolate. */
 export interface FsFacadeBridge {
     readFile: FsReadFileBridgeRef;
@@ -268,52 +411,35 @@ export interface FsFacadeBridge {
     truncate: FsTruncateBridgeRef;
     utimes: FsUtimesBridgeRef;
 }
-export type ChildProcessSpawnStartBridgeRef = (command: string, argsJson: string, optionsJson: string) => number;
-export type ChildProcessStdinWriteBridgeRef = (sessionId: number, data: Uint8Array) => void;
-export type ChildProcessStdinCloseBridgeRef = (sessionId: number) => void;
-export type ChildProcessKillBridgeRef = (sessionId: number, signal: number) => void;
-export type SpawnSyncBridgeResult = {
-    stdout: string;
-    stderr: string;
-    code: number;
-    maxBufferExceeded?: boolean;
-};
-export type ChildProcessSpawnSyncBridgeRef = (command: string, argsJson: string, optionsJson: string) => SpawnSyncBridgeResult;
-export type NetworkFetchResult = {
-    ok: boolean;
-    status: number;
-    statusText: string;
-    headers?: Record<string, string>;
-    url?: string;
-    redirected?: boolean;
-    body?: string;
-};
-export type NetworkFetchRawBridgeRef = (url: string, optionsJson: string) => Promise<NetworkFetchResult>;
-export type NetworkDnsLookupResult = {
-    error?: string;
-    code?: string;
-    address?: string;
-    family?: number;
-};
-export type NetworkDnsLookupRawBridgeRef = (hostname: string) => Promise<NetworkDnsLookupResult>;
-export type NetworkHttpRequestResult = {
-    headers?: Record<string, string>;
-    url?: string;
-    status?: number;
-    statusText?: string;
-    body?: string;
-    trailers?: Record<string, string>;
-};
-export type NetworkHttpRequestRawBridgeRef = (url: string, optionsJson: string) => Promise<NetworkHttpRequestResult>;
-export type NetworkHttpServerListenResult = {
-    address: {
-        address: string;
-        family: string;
-        port: number;
-    } | null;
-};
-export type NetworkHttpServerListenRawBridgeRef = (optionsJson: string) => Promise<NetworkHttpServerListenResult>;
-export type NetworkHttpServerCloseRawBridgeRef = (serverId: number) => Promise<void>;
-export type PtySetRawModeBridgeRef = (mode: boolean) => void;
+export type ChildProcessSpawnStartBridgeRef = BridgeApplySyncRef<[
+    string,
+    string,
+    string
+], number>;
+export type ChildProcessStdinWriteBridgeRef = BridgeApplySyncRef<[
+    number,
+    Uint8Array
+], void>;
+export type ChildProcessStdinCloseBridgeRef = BridgeApplySyncRef<[number], void>;
+export type ChildProcessKillBridgeRef = BridgeApplySyncRef<[number, number], void>;
+export type ChildProcessSpawnSyncBridgeRef = BridgeApplySyncPromiseRef<[
+    string,
+    string,
+    string
+], string>;
+export type NetworkFetchRawBridgeRef = BridgeApplyRef<[string, string], string>;
+export type NetworkDnsLookupRawBridgeRef = BridgeApplyRef<[string], string>;
+export type NetworkHttpRequestRawBridgeRef = BridgeApplyRef<[string, string], string>;
+export type NetworkHttpServerListenRawBridgeRef = BridgeApplyRef<[string], string>;
+export type NetworkHttpServerCloseRawBridgeRef = BridgeApplyRef<[number], void>;
+export type UpgradeSocketWriteRawBridgeRef = BridgeApplySyncRef<[number, string], void>;
+export type UpgradeSocketEndRawBridgeRef = BridgeApplySyncRef<[number], void>;
+export type UpgradeSocketDestroyRawBridgeRef = BridgeApplySyncRef<[number], void>;
+export type NetSocketConnectRawBridgeRef = BridgeApplySyncRef<[string, number], number>;
+export type NetSocketWriteRawBridgeRef = BridgeApplySyncRef<[number, string], void>;
+export type NetSocketEndRawBridgeRef = BridgeApplySyncRef<[number], void>;
+export type NetSocketDestroyRawBridgeRef = BridgeApplySyncRef<[number], void>;
+export type NetSocketUpgradeTlsRawBridgeRef = BridgeApplySyncRef<[number, string], void>;
+export type PtySetRawModeBridgeRef = BridgeApplySyncRef<[boolean], void>;
 export type RegisterHandleBridgeFn = (id: string, description: string) => void;
 export type UnregisterHandleBridgeFn = (id: string) => void;

package/dist/shared/bridge-contract.js

@@ -3,11 +3,10 @@
  * host (Node.js) and the isolate (sandbox V8 context).
  *
  * Two categories:
- * - Host bridge globals: set by the host before bridge code runs (fs fns, timers, etc.)
+ * - Host bridge globals: set by the host before bridge code runs (fs refs, timers, etc.)
  * - Runtime bridge globals: installed by the bridge bundle itself (active handles, modules, etc.)
  *
- * Each type alias is a plain function signature. The Rust V8 runtime registers
- * these as real JS functions on the global; bridge code calls them directly.
+ * The typed `Ref` aliases describe the isolated-vm calling convention for each global.
  */
 function valuesOf(object) {
     return Object.values(object);
@@ -17,10 +16,25 @@ export const HOST_BRIDGE_GLOBAL_KEYS = {
     dynamicImport: "_dynamicImport",
     loadPolyfill: "_loadPolyfill",
     resolveModule: "_resolveModule",
+    resolveModuleSync: "_resolveModuleSync",
     loadFile: "_loadFile",
+    loadFileSync: "_loadFileSync",
     scheduleTimer: "_scheduleTimer",
     cryptoRandomFill: "_cryptoRandomFill",
     cryptoRandomUuid: "_cryptoRandomUUID",
+    cryptoHashDigest: "_cryptoHashDigest",
+    cryptoHmacDigest: "_cryptoHmacDigest",
+    cryptoPbkdf2: "_cryptoPbkdf2",
+    cryptoScrypt: "_cryptoScrypt",
+    cryptoCipheriv: "_cryptoCipheriv",
+    cryptoDecipheriv: "_cryptoDecipheriv",
+    cryptoCipherivCreate: "_cryptoCipherivCreate",
+    cryptoCipherivUpdate: "_cryptoCipherivUpdate",
+    cryptoCipherivFinal: "_cryptoCipherivFinal",
+    cryptoSign: "_cryptoSign",
+    cryptoVerify: "_cryptoVerify",
+    cryptoGenerateKeyPairSync: "_cryptoGenerateKeyPairSync",
+    cryptoSubtle: "_cryptoSubtle",
     fsReadFile: "_fsReadFile",
     fsWriteFile: "_fsWriteFile",
     fsReadFileBinary: "_fsReadFileBinary",
@@ -50,6 +64,14 @@ export const HOST_BRIDGE_GLOBAL_KEYS = {
     networkHttpRequestRaw: "_networkHttpRequestRaw",
     networkHttpServerListenRaw: "_networkHttpServerListenRaw",
     networkHttpServerCloseRaw: "_networkHttpServerCloseRaw",
+    upgradeSocketWriteRaw: "_upgradeSocketWriteRaw",
+    upgradeSocketEndRaw: "_upgradeSocketEndRaw",
+    upgradeSocketDestroyRaw: "_upgradeSocketDestroyRaw",
+    netSocketConnectRaw: "_netSocketConnectRaw",
+    netSocketWriteRaw: "_netSocketWriteRaw",
+    netSocketEndRaw: "_netSocketEndRaw",
+    netSocketDestroyRaw: "_netSocketDestroyRaw",
+    netSocketUpgradeTlsRaw: "_netSocketUpgradeTlsRaw",
     ptySetRawMode: "_ptySetRawMode",
     processConfig: "_processConfig",
     osConfig: "_osConfig",
@@ -71,6 +93,12 @@ export const RUNTIME_BRIDGE_GLOBAL_KEYS = {
     http2Module: "_http2Module",
     dnsModule: "_dnsModule",
     httpServerDispatch: "_httpServerDispatch",
+    httpServerUpgradeDispatch: "_httpServerUpgradeDispatch",
+    upgradeSocketData: "_upgradeSocketData",
+    upgradeSocketEnd: "_upgradeSocketEnd",
+    netModule: "_netModule",
+    tlsModule: "_tlsModule",
+    netSocketDispatch: "_netSocketDispatch",
     fsFacade: "_fs",
     requireFrom: "_requireFrom",
     moduleCache: "_moduleCache",

package/dist/shared/console-formatter.js

@@ -148,10 +148,10 @@ export function getConsoleSetupCode(budget = DEFAULT_CONSOLE_SERIALIZATION_BUDGE
       const formatConsoleArgs = ${formatConsoleArgs.toString()};
 
       globalThis.console = {
-        log: (...args) => _log(formatConsoleArgs(args, __consoleBudget)),
-        error: (...args) => _error(formatConsoleArgs(args, __consoleBudget)),
-        warn: (...args) => _error(formatConsoleArgs(args, __consoleBudget)),
-        info: (...args) => _log(formatConsoleArgs(args, __consoleBudget)),
+        log: (...args) => _log.applySync(undefined, [formatConsoleArgs(args, __consoleBudget)]),
+        error: (...args) => _error.applySync(undefined, [formatConsoleArgs(args, __consoleBudget)]),
+        warn: (...args) => _error.applySync(undefined, [formatConsoleArgs(args, __consoleBudget)]),
+        info: (...args) => _log.applySync(undefined, [formatConsoleArgs(args, __consoleBudget)]),
       };
     `;
 }