@secure-exec/core 0.1.1-rc.2 → 0.1.1-rc.3

package/dist/bridge/process.js

@@ -40,8 +40,8 @@ function getNowMs() {
         ? performance.now()
         : Date.now();
 }
-// Start time for uptime calculation (mutable for snapshot restore)
-let _processStartTime = getNowMs();
+// Start time for uptime calculation
+const _processStartTime = getNowMs();
 const BUFFER_MAX_LENGTH = typeof BufferPolyfill.kMaxLength ===
     "number"
     ? BufferPolyfill.kMaxLength
@@ -71,18 +71,6 @@ if (typeof bufferPolyfillMutable.constants !== "object" ||
 // Exit code tracking
 let _exitCode = 0;
 let _exited = false;
-// Expose reset function for snapshot restore — resets mutable state
-// captured in this closure so each restored context starts fresh.
-globalThis.__runtimeResetProcessState =
-    function () {
-        _processStartTime =
-            typeof performance !== "undefined" && performance.now
-                ? performance.now()
-                : Date.now();
-        _exitCode = 0;
-        _exited = false;
-        delete globalThis.__runtimeResetProcessState;
-    };
 /**
  * Thrown by `process.exit()` to unwind the sandbox call stack. The host
  * catches this to extract the exit code without killing the isolate.
@@ -134,7 +122,7 @@ function _addListener(event, listener, once = false) {
             const warning = `MaxListenersExceededWarning: Possible EventEmitter memory leak detected. ${total} ${event} listeners added to [process]. MaxListeners is ${_processMaxListeners}. Use emitter.setMaxListeners() to increase limit`;
             // Use console.error to emit warning without recursion risk
             if (typeof _error !== "undefined") {
-                _error(warning);
+                _error.applySync(undefined, [warning]);
             }
         }
     }
@@ -181,7 +169,7 @@ const _stderrIsTTY = (typeof _processConfig !== "undefined" && _processConfig.st
 const _stdout = {
     write(data) {
         if (typeof _log !== "undefined") {
-            _log(String(data).replace(/\n$/, ""));
+            _log.applySync(undefined, [String(data).replace(/\n$/, "")]);
         }
         return true;
     },
@@ -206,7 +194,7 @@ const _stdout = {
 const _stderr = {
     write(data) {
         if (typeof _error !== "undefined") {
-            _error(String(data).replace(/\n$/, ""));
+            _error.applySync(undefined, [String(data).replace(/\n$/, "")]);
         }
         return true;
     },
@@ -340,7 +328,7 @@ const _stdin = {
             throw new Error("setRawMode is not supported when stdin is not a TTY");
         }
         if (typeof _ptySetRawMode !== "undefined") {
-            _ptySetRawMode(mode);
+            _ptySetRawMode.applySync(undefined, [mode]);
         }
         return this;
     },
@@ -444,9 +432,9 @@ const process = {
     },
     chdir(dir) {
         // Validate directory exists in VFS before setting cwd
-        let stat;
+        let statJson;
         try {
-            stat = _fs.stat(dir);
+            statJson = _fs.stat.applySyncPromise(undefined, [dir]);
         }
         catch {
             const err = new Error(`ENOENT: no such file or directory, chdir '${dir}'`);
@@ -456,7 +444,8 @@ const process = {
             err.path = dir;
             throw err;
         }
-        if (!stat.isDirectory) {
+        const parsed = JSON.parse(statJson);
+        if (!parsed.isDirectory) {
             const err = new Error(`ENOTDIR: not a directory, chdir '${dir}'`);
             err.code = "ENOTDIR";
             err.errno = -20;
@@ -714,6 +703,13 @@ process.memoryUsage.rss =
     function () {
         return 50 * 1024 * 1024;
     };
+// Match Node.js Object.prototype.toString.call(process) === '[object process]'
+Object.defineProperty(process, Symbol.toStringTag, {
+    value: "process",
+    writable: false,
+    configurable: true,
+    enumerable: false,
+});
 export default process;
 // ============================================================================
 // Global polyfills
@@ -770,7 +766,11 @@ export function setTimeout(callback, delay, ...args) {
     const actualDelay = delay ?? 0;
     // Use host timer for actual delays if available and delay > 0
     if (typeof _scheduleTimer !== "undefined" && actualDelay > 0) {
-        _scheduleTimer(actualDelay)
+        // _scheduleTimer.apply() returns a Promise that resolves after the delay
+        // Using { result: { promise: true } } tells isolated-vm to wait for the
+        // host Promise to resolve before resolving the apply() Promise
+        _scheduleTimer
+            .apply(undefined, [actualDelay], { result: { promise: true } })
             .then(() => {
             if (_timers.has(id)) {
                 _timers.delete(id);
@@ -818,7 +818,8 @@ export function setInterval(callback, delay, ...args) {
             return; // Interval was cleared
         if (typeof _scheduleTimer !== "undefined" && actualDelay > 0) {
             // Use host timer for actual delays
-            _scheduleTimer(actualDelay)
+            _scheduleTimer
+                .apply(undefined, [actualDelay], { result: { promise: true } })
                 .then(() => {
                 if (_intervals.has(id)) {
                     try {
@@ -871,6 +872,25 @@ export const URLSearchParams = WhatwgURLSearchParams;
 export { TextEncoder, TextDecoder };
 // Buffer - use buffer package polyfill
 export const Buffer = BufferPolyfill;
+// Patch internal V8 Buffer slice/write methods used by native-protocol libraries
+// (ssh2, msgpack, protobuf, etc.). The polyfill supports these encodings through
+// toString()/write() but doesn't expose the fast-path internal methods.
+const bp = BufferPolyfill.prototype;
+const sliceEncodings = ["utf8", "ascii", "latin1", "binary", "hex", "base64", "ucs2", "utf16le"];
+for (const enc of sliceEncodings) {
+    const sliceKey = `${enc}Slice`;
+    if (typeof bp[sliceKey] !== "function") {
+        bp[sliceKey] = function (start, end) {
+            return this.toString(enc, start, end);
+        };
+    }
+    const writeKey = `${enc}Write`;
+    if (typeof bp[writeKey] !== "function") {
+        bp[writeKey] = function (str, offset, length) {
+            return this.write(str, offset, length, enc);
+        };
+    }
+}
 function throwUnsupportedCryptoApi(api) {
     throw new Error(`crypto.${api} is not supported in sandbox`);
 }
@@ -890,7 +910,8 @@ export const cryptoPolyfill = {
         }
         const bytes = new Uint8Array(array.buffer, array.byteOffset, array.byteLength);
         try {
-            const hostBytes = _cryptoRandomFill(bytes.byteLength);
+            const base64 = _cryptoRandomFill.applySync(undefined, [bytes.byteLength]);
+            const hostBytes = BufferPolyfill.from(base64, "base64");
             if (hostBytes.byteLength !== bytes.byteLength) {
                 throw new Error("invalid host entropy size");
             }
@@ -906,7 +927,7 @@ export const cryptoPolyfill = {
             throwUnsupportedCryptoApi("randomUUID");
         }
         try {
-            const uuid = _cryptoRandomUUID();
+            const uuid = _cryptoRandomUUID.applySync(undefined, []);
             if (typeof uuid !== "string") {
                 throw new Error("invalid host uuid");
             }