@secure-exec/core 0.1.1-rc.3 → 0.2.0-rc.2

package/dist/bridge/process.js

@@ -1,1015 +0,0 @@
-// Process module polyfill for isolated-vm
-// Provides Node.js process object and global polyfills for sandbox compatibility
-// Re-export TextEncoder/TextDecoder from polyfills (polyfills.ts is imported first in index.ts)
-import { TextEncoder, TextDecoder } from "./polyfills.js";
-// Use whatwg-url for spec-compliant URL implementation
-import { URL as WhatwgURL, URLSearchParams as WhatwgURLSearchParams } from "whatwg-url";
-// Use buffer package for spec-compliant Buffer implementation
-import { Buffer as BufferPolyfill } from "buffer";
-import { exposeCustomGlobal, exposeMutableRuntimeStateGlobal, } from "../shared/global-exposure.js";
-// Get config with defaults
-const config = {
-    platform: (typeof _processConfig !== "undefined" && _processConfig.platform) ||
-        "linux",
-    arch: (typeof _processConfig !== "undefined" && _processConfig.arch) || "x64",
-    version: (typeof _processConfig !== "undefined" && _processConfig.version) ||
-        "v22.0.0",
-    cwd: (typeof _processConfig !== "undefined" && _processConfig.cwd) || "/root",
-    env: (typeof _processConfig !== "undefined" && _processConfig.env) || {},
-    argv: (typeof _processConfig !== "undefined" && _processConfig.argv) || [
-        "node",
-        "script.js",
-    ],
-    execPath: (typeof _processConfig !== "undefined" && _processConfig.execPath) ||
-        "/usr/bin/node",
-    pid: (typeof _processConfig !== "undefined" && _processConfig.pid) || 1,
-    ppid: (typeof _processConfig !== "undefined" && _processConfig.ppid) || 0,
-    uid: (typeof _processConfig !== "undefined" && _processConfig.uid) || 0,
-    gid: (typeof _processConfig !== "undefined" && _processConfig.gid) || 0,
-    timingMitigation: (typeof _processConfig !== "undefined" && _processConfig.timingMitigation) ||
-        "off",
-    frozenTimeMs: typeof _processConfig !== "undefined" ? _processConfig.frozenTimeMs : undefined,
-};
-/** Get the current timestamp, returning a frozen value when timing mitigation is active. */
-function getNowMs() {
-    if (config.timingMitigation === "freeze" &&
-        typeof config.frozenTimeMs === "number") {
-        return config.frozenTimeMs;
-    }
-    return typeof performance !== "undefined" && performance.now
-        ? performance.now()
-        : Date.now();
-}
-// Start time for uptime calculation
-const _processStartTime = getNowMs();
-const BUFFER_MAX_LENGTH = typeof BufferPolyfill.kMaxLength ===
-    "number"
-    ? BufferPolyfill.kMaxLength
-    : 2147483647;
-const BUFFER_MAX_STRING_LENGTH = typeof BufferPolyfill.kStringMaxLength ===
-    "number"
-    ? BufferPolyfill.kStringMaxLength
-    : 536870888;
-const BUFFER_CONSTANTS = Object.freeze({
-    MAX_LENGTH: BUFFER_MAX_LENGTH,
-    MAX_STRING_LENGTH: BUFFER_MAX_STRING_LENGTH,
-});
-const bufferPolyfillMutable = BufferPolyfill;
-if (typeof bufferPolyfillMutable.kMaxLength !== "number") {
-    bufferPolyfillMutable.kMaxLength = BUFFER_MAX_LENGTH;
-}
-if (typeof bufferPolyfillMutable.kStringMaxLength !== "number") {
-    bufferPolyfillMutable.kStringMaxLength = BUFFER_MAX_STRING_LENGTH;
-}
-if (typeof bufferPolyfillMutable.constants !== "object" ||
-    bufferPolyfillMutable.constants === null) {
-    bufferPolyfillMutable.constants = {
-        MAX_LENGTH: BUFFER_MAX_LENGTH,
-        MAX_STRING_LENGTH: BUFFER_MAX_STRING_LENGTH,
-    };
-}
-// Exit code tracking
-let _exitCode = 0;
-let _exited = false;
-/**
- * Thrown by `process.exit()` to unwind the sandbox call stack. The host
- * catches this to extract the exit code without killing the isolate.
- */
-export class ProcessExitError extends Error {
-    code;
-    constructor(code) {
-        super("process.exit(" + code + ")");
-        this.name = "ProcessExitError";
-        this.code = code;
-    }
-}
-// Make available globally
-exposeCustomGlobal("ProcessExitError", ProcessExitError);
-// Signal name → number mapping (POSIX standard)
-const _signalNumbers = {
-    SIGHUP: 1, SIGINT: 2, SIGQUIT: 3, SIGILL: 4, SIGTRAP: 5, SIGABRT: 6,
-    SIGBUS: 7, SIGFPE: 8, SIGKILL: 9, SIGUSR1: 10, SIGSEGV: 11, SIGUSR2: 12,
-    SIGPIPE: 13, SIGALRM: 14, SIGTERM: 15, SIGCHLD: 17, SIGCONT: 18,
-    SIGSTOP: 19, SIGTSTP: 20, SIGTTIN: 21, SIGTTOU: 22, SIGURG: 23,
-    SIGXCPU: 24, SIGXFSZ: 25, SIGVTALRM: 26, SIGPROF: 27, SIGWINCH: 28,
-    SIGIO: 29, SIGPWR: 30, SIGSYS: 31,
-};
-function _resolveSignal(signal) {
-    if (signal === undefined || signal === null)
-        return 15; // default SIGTERM
-    if (typeof signal === "number")
-        return signal;
-    const num = _signalNumbers[signal];
-    if (num !== undefined)
-        return num;
-    throw new Error("Unknown signal: " + signal);
-}
-const _processListeners = {};
-const _processOnceListeners = {};
-let _processMaxListeners = 10;
-const _processMaxListenersWarned = new Set();
-function _addListener(event, listener, once = false) {
-    const target = once ? _processOnceListeners : _processListeners;
-    if (!target[event]) {
-        target[event] = [];
-    }
-    target[event].push(listener);
-    // Warn when exceeding maxListeners (Node.js behavior: warn, don't crash)
-    if (_processMaxListeners > 0 && !_processMaxListenersWarned.has(event)) {
-        const total = (_processListeners[event]?.length ?? 0) + (_processOnceListeners[event]?.length ?? 0);
-        if (total > _processMaxListeners) {
-            _processMaxListenersWarned.add(event);
-            const warning = `MaxListenersExceededWarning: Possible EventEmitter memory leak detected. ${total} ${event} listeners added to [process]. MaxListeners is ${_processMaxListeners}. Use emitter.setMaxListeners() to increase limit`;
-            // Use console.error to emit warning without recursion risk
-            if (typeof _error !== "undefined") {
-                _error.applySync(undefined, [warning]);
-            }
-        }
-    }
-    return process;
-}
-function _removeListener(event, listener) {
-    if (_processListeners[event]) {
-        const idx = _processListeners[event].indexOf(listener);
-        if (idx !== -1)
-            _processListeners[event].splice(idx, 1);
-    }
-    if (_processOnceListeners[event]) {
-        const idx = _processOnceListeners[event].indexOf(listener);
-        if (idx !== -1)
-            _processOnceListeners[event].splice(idx, 1);
-    }
-    return process;
-}
-function _emit(event, ...args) {
-    let handled = false;
-    // Regular listeners
-    if (_processListeners[event]) {
-        for (const listener of _processListeners[event]) {
-            listener(...args);
-            handled = true;
-        }
-    }
-    // Once listeners (remove after calling)
-    if (_processOnceListeners[event]) {
-        const listeners = _processOnceListeners[event].slice();
-        _processOnceListeners[event] = [];
-        for (const listener of listeners) {
-            listener(...args);
-            handled = true;
-        }
-    }
-    return handled;
-}
-// Resolve isTTY flags from config
-const _stdinIsTTY = (typeof _processConfig !== "undefined" && _processConfig.stdinIsTTY) || false;
-const _stdoutIsTTY = (typeof _processConfig !== "undefined" && _processConfig.stdoutIsTTY) || false;
-const _stderrIsTTY = (typeof _processConfig !== "undefined" && _processConfig.stderrIsTTY) || false;
-// Stdout stream
-const _stdout = {
-    write(data) {
-        if (typeof _log !== "undefined") {
-            _log.applySync(undefined, [String(data).replace(/\n$/, "")]);
-        }
-        return true;
-    },
-    end() {
-        return this;
-    },
-    on() {
-        return this;
-    },
-    once() {
-        return this;
-    },
-    emit() {
-        return false;
-    },
-    writable: true,
-    isTTY: _stdoutIsTTY,
-    columns: 80,
-    rows: 24,
-};
-// Stderr stream
-const _stderr = {
-    write(data) {
-        if (typeof _error !== "undefined") {
-            _error.applySync(undefined, [String(data).replace(/\n$/, "")]);
-        }
-        return true;
-    },
-    end() {
-        return this;
-    },
-    on() {
-        return this;
-    },
-    once() {
-        return this;
-    },
-    emit() {
-        return false;
-    },
-    writable: true,
-    isTTY: _stderrIsTTY,
-    columns: 80,
-    rows: 24,
-};
-const _stdinListeners = {};
-const _stdinOnceListeners = {};
-// Initialize stdin state as globals for external access
-exposeMutableRuntimeStateGlobal("_stdinData", (typeof _processConfig !== "undefined" && _processConfig.stdin) || "");
-exposeMutableRuntimeStateGlobal("_stdinPosition", 0);
-exposeMutableRuntimeStateGlobal("_stdinEnded", false);
-exposeMutableRuntimeStateGlobal("_stdinFlowMode", false);
-// Getters for the globals
-function getStdinData() { return globalThis._stdinData; }
-function setStdinDataValue(v) { globalThis._stdinData = v; }
-function getStdinPosition() { return globalThis._stdinPosition; }
-function setStdinPosition(v) { globalThis._stdinPosition = v; }
-function getStdinEnded() { return globalThis._stdinEnded; }
-function setStdinEnded(v) { globalThis._stdinEnded = v; }
-function getStdinFlowMode() { return globalThis._stdinFlowMode; }
-function setStdinFlowMode(v) { globalThis._stdinFlowMode = v; }
-function _emitStdinData() {
-    if (getStdinEnded() || !getStdinData())
-        return;
-    // In flowing mode, emit all remaining data
-    if (getStdinFlowMode() && getStdinPosition() < getStdinData().length) {
-        const chunk = getStdinData().slice(getStdinPosition());
-        setStdinPosition(getStdinData().length);
-        // Emit data event
-        const dataListeners = [...(_stdinListeners["data"] || []), ...(_stdinOnceListeners["data"] || [])];
-        _stdinOnceListeners["data"] = [];
-        for (const listener of dataListeners) {
-            listener(chunk);
-        }
-        // Emit end after all data
-        setStdinEnded(true);
-        const endListeners = [...(_stdinListeners["end"] || []), ...(_stdinOnceListeners["end"] || [])];
-        _stdinOnceListeners["end"] = [];
-        for (const listener of endListeners) {
-            listener();
-        }
-        // Emit close
-        const closeListeners = [...(_stdinListeners["close"] || []), ...(_stdinOnceListeners["close"] || [])];
-        _stdinOnceListeners["close"] = [];
-        for (const listener of closeListeners) {
-            listener();
-        }
-    }
-}
-const _stdin = {
-    readable: true,
-    paused: true,
-    encoding: null,
-    read(size) {
-        if (getStdinPosition() >= getStdinData().length)
-            return null;
-        const chunk = size ? getStdinData().slice(getStdinPosition(), getStdinPosition() + size) : getStdinData().slice(getStdinPosition());
-        setStdinPosition(getStdinPosition() + chunk.length);
-        return chunk;
-    },
-    on(event, listener) {
-        if (!_stdinListeners[event])
-            _stdinListeners[event] = [];
-        _stdinListeners[event].push(listener);
-        // When 'end' listener is added and we have data, emit everything synchronously
-        // This works because typical patterns register 'data' then 'end' listeners
-        if (event === "end" && getStdinData() && !getStdinEnded()) {
-            setStdinFlowMode(true);
-            // Emit synchronously - all listeners should be registered by now
-            _emitStdinData();
-        }
-        return this;
-    },
-    once(event, listener) {
-        if (!_stdinOnceListeners[event])
-            _stdinOnceListeners[event] = [];
-        _stdinOnceListeners[event].push(listener);
-        return this;
-    },
-    off(event, listener) {
-        if (_stdinListeners[event]) {
-            const idx = _stdinListeners[event].indexOf(listener);
-            if (idx !== -1)
-                _stdinListeners[event].splice(idx, 1);
-        }
-        return this;
-    },
-    removeListener(event, listener) {
-        return this.off(event, listener);
-    },
-    emit(event, ...args) {
-        const listeners = [...(_stdinListeners[event] || []), ...(_stdinOnceListeners[event] || [])];
-        _stdinOnceListeners[event] = [];
-        for (const listener of listeners) {
-            listener(args[0]);
-        }
-        return listeners.length > 0;
-    },
-    pause() {
-        this.paused = true;
-        setStdinFlowMode(false);
-        return this;
-    },
-    resume() {
-        this.paused = false;
-        setStdinFlowMode(true);
-        _emitStdinData();
-        return this;
-    },
-    setEncoding(enc) {
-        this.encoding = enc;
-        return this;
-    },
-    setRawMode(mode) {
-        if (!_stdinIsTTY) {
-            throw new Error("setRawMode is not supported when stdin is not a TTY");
-        }
-        if (typeof _ptySetRawMode !== "undefined") {
-            _ptySetRawMode.applySync(undefined, [mode]);
-        }
-        return this;
-    },
-    isTTY: _stdinIsTTY,
-    // For readline compatibility
-    [Symbol.asyncIterator]: async function* () {
-        const lines = getStdinData().split("\n");
-        for (const line of lines) {
-            if (line)
-                yield line;
-        }
-    },
-};
-// hrtime function with bigint method
-function hrtime(prev) {
-    const now = getNowMs();
-    const seconds = Math.floor(now / 1000);
-    const nanoseconds = Math.floor((now % 1000) * 1e6);
-    if (prev) {
-        let diffSec = seconds - prev[0];
-        let diffNano = nanoseconds - prev[1];
-        if (diffNano < 0) {
-            diffSec -= 1;
-            diffNano += 1e9;
-        }
-        return [diffSec, diffNano];
-    }
-    return [seconds, nanoseconds];
-}
-hrtime.bigint = function () {
-    const now = getNowMs();
-    return BigInt(Math.floor(now * 1e6));
-};
-// Internal state
-let _cwd = config.cwd;
-let _umask = 0o022;
-// The process object — typed loosely as a polyfill, cast to typeof nodeProcess on export
-const process = {
-    // Static properties
-    platform: config.platform,
-    arch: config.arch,
-    version: config.version,
-    versions: {
-        node: config.version.replace(/^v/, ""),
-        v8: "11.3.244.8",
-        uv: "1.44.2",
-        zlib: "1.2.13",
-        brotli: "1.0.9",
-        ares: "1.19.0",
-        modules: "108",
-        nghttp2: "1.52.0",
-        napi: "8",
-        llhttp: "8.1.0",
-        openssl: "3.0.8",
-        cldr: "42.0",
-        icu: "72.1",
-        tz: "2022g",
-        unicode: "15.0",
-    },
-    pid: config.pid,
-    ppid: config.ppid,
-    execPath: config.execPath,
-    execArgv: [],
-    argv: config.argv,
-    argv0: config.argv[0] || "node",
-    title: "node",
-    env: config.env,
-    // Config stubs
-    config: {
-        target_defaults: {
-            cflags: [],
-            default_configuration: "Release",
-            defines: [],
-            include_dirs: [],
-            libraries: [],
-        },
-        variables: {
-            node_prefix: "/usr",
-            node_shared_libuv: false,
-        },
-    },
-    release: {
-        name: "node",
-        sourceUrl: "https://nodejs.org/download/release/v20.0.0/node-v20.0.0.tar.gz",
-        headersUrl: "https://nodejs.org/download/release/v20.0.0/node-v20.0.0-headers.tar.gz",
-    },
-    // Feature flags
-    features: {
-        inspector: false,
-        debug: false,
-        uv: true,
-        ipv6: true,
-        tls_alpn: true,
-        tls_sni: true,
-        tls_ocsp: true,
-        tls: true,
-    },
-    // Methods
-    cwd() {
-        return _cwd;
-    },
-    chdir(dir) {
-        // Validate directory exists in VFS before setting cwd
-        let statJson;
-        try {
-            statJson = _fs.stat.applySyncPromise(undefined, [dir]);
-        }
-        catch {
-            const err = new Error(`ENOENT: no such file or directory, chdir '${dir}'`);
-            err.code = "ENOENT";
-            err.errno = -2;
-            err.syscall = "chdir";
-            err.path = dir;
-            throw err;
-        }
-        const parsed = JSON.parse(statJson);
-        if (!parsed.isDirectory) {
-            const err = new Error(`ENOTDIR: not a directory, chdir '${dir}'`);
-            err.code = "ENOTDIR";
-            err.errno = -20;
-            err.syscall = "chdir";
-            err.path = dir;
-            throw err;
-        }
-        _cwd = dir;
-    },
-    get exitCode() {
-        return _exitCode;
-    },
-    set exitCode(code) {
-        _exitCode = code ?? 0;
-    },
-    exit(code) {
-        const exitCode = code !== undefined ? code : _exitCode;
-        _exitCode = exitCode;
-        _exited = true;
-        // Fire exit event
-        try {
-            _emit("exit", exitCode);
-        }
-        catch (_e) {
-            // Ignore errors in exit handlers
-        }
-        // Throw to stop execution
-        throw new ProcessExitError(exitCode);
-    },
-    abort() {
-        return process.exit(1);
-    },
-    nextTick(callback, ...args) {
-        if (typeof queueMicrotask === "function") {
-            queueMicrotask(() => callback(...args));
-        }
-        else {
-            Promise.resolve().then(() => callback(...args));
-        }
-    },
-    hrtime: hrtime,
-    getuid() {
-        return config.uid;
-    },
-    getgid() {
-        return config.gid;
-    },
-    geteuid() {
-        return config.uid;
-    },
-    getegid() {
-        return config.gid;
-    },
-    getgroups() {
-        return [config.gid];
-    },
-    setuid() { },
-    setgid() { },
-    seteuid() { },
-    setegid() { },
-    setgroups() { },
-    umask(mask) {
-        const oldMask = _umask;
-        if (mask !== undefined) {
-            _umask = mask;
-        }
-        return oldMask;
-    },
-    uptime() {
-        return (getNowMs() - _processStartTime) / 1000;
-    },
-    memoryUsage() {
-        return {
-            rss: 50 * 1024 * 1024,
-            heapTotal: 20 * 1024 * 1024,
-            heapUsed: 10 * 1024 * 1024,
-            external: 1 * 1024 * 1024,
-            arrayBuffers: 500 * 1024,
-        };
-    },
-    cpuUsage(prev) {
-        const usage = {
-            user: 1000000,
-            system: 500000,
-        };
-        if (prev) {
-            return {
-                user: usage.user - prev.user,
-                system: usage.system - prev.system,
-            };
-        }
-        return usage;
-    },
-    resourceUsage() {
-        return {
-            userCPUTime: 1000000,
-            systemCPUTime: 500000,
-            maxRSS: 50 * 1024,
-            sharedMemorySize: 0,
-            unsharedDataSize: 0,
-            unsharedStackSize: 0,
-            minorPageFault: 0,
-            majorPageFault: 0,
-            swappedOut: 0,
-            fsRead: 0,
-            fsWrite: 0,
-            ipcSent: 0,
-            ipcReceived: 0,
-            signalsCount: 0,
-            voluntaryContextSwitches: 0,
-            involuntaryContextSwitches: 0,
-        };
-    },
-    kill(pid, signal) {
-        if (pid !== process.pid) {
-            const err = new Error("Operation not permitted");
-            err.code = "EPERM";
-            err.errno = -1;
-            err.syscall = "kill";
-            throw err;
-        }
-        // Resolve signal name to number (default SIGTERM)
-        const sigNum = _resolveSignal(signal);
-        // Self-kill - exit with 128 + signal number (POSIX convention)
-        return process.exit(128 + sigNum);
-    },
-    // EventEmitter methods
-    on(event, listener) {
-        return _addListener(event, listener);
-    },
-    once(event, listener) {
-        return _addListener(event, listener, true);
-    },
-    removeListener(event, listener) {
-        return _removeListener(event, listener);
-    },
-    // off is an alias for removeListener (assigned below to be same reference)
-    off: null,
-    removeAllListeners(event) {
-        if (event) {
-            delete _processListeners[event];
-            delete _processOnceListeners[event];
-        }
-        else {
-            Object.keys(_processListeners).forEach((k) => delete _processListeners[k]);
-            Object.keys(_processOnceListeners).forEach((k) => delete _processOnceListeners[k]);
-        }
-        return process;
-    },
-    addListener(event, listener) {
-        return _addListener(event, listener);
-    },
-    emit(event, ...args) {
-        return _emit(event, ...args);
-    },
-    listeners(event) {
-        return [
-            ...(_processListeners[event] || []),
-            ...(_processOnceListeners[event] || []),
-        ];
-    },
-    listenerCount(event) {
-        return ((_processListeners[event] || []).length +
-            (_processOnceListeners[event] || []).length);
-    },
-    prependListener(event, listener) {
-        if (!_processListeners[event]) {
-            _processListeners[event] = [];
-        }
-        _processListeners[event].unshift(listener);
-        return process;
-    },
-    prependOnceListener(event, listener) {
-        if (!_processOnceListeners[event]) {
-            _processOnceListeners[event] = [];
-        }
-        _processOnceListeners[event].unshift(listener);
-        return process;
-    },
-    eventNames() {
-        return [
-            ...new Set([
-                ...Object.keys(_processListeners),
-                ...Object.keys(_processOnceListeners),
-            ]),
-        ];
-    },
-    setMaxListeners(n) {
-        _processMaxListeners = n;
-        return process;
-    },
-    getMaxListeners() {
-        return _processMaxListeners;
-    },
-    rawListeners(event) {
-        return process.listeners(event);
-    },
-    // Stdio streams
-    stdout: _stdout,
-    stderr: _stderr,
-    stdin: _stdin,
-    // Process state
-    connected: false,
-    // Module info (will be set by createRequire)
-    mainModule: undefined,
-    // No-op methods for compatibility
-    emitWarning(warning) {
-        const msg = typeof warning === "string" ? warning : warning.message;
-        _emit("warning", { message: msg, name: "Warning" });
-    },
-    binding(_name) {
-        throw new Error("process.binding is not supported in sandbox");
-    },
-    _linkedBinding(_name) {
-        throw new Error("process._linkedBinding is not supported in sandbox");
-    },
-    dlopen() {
-        throw new Error("process.dlopen is not supported");
-    },
-    hasUncaughtExceptionCaptureCallback() {
-        return false;
-    },
-    setUncaughtExceptionCaptureCallback() { },
-    // Send for IPC (no-op)
-    send() {
-        return false;
-    },
-    disconnect() { },
-    // Report
-    report: {
-        directory: "",
-        filename: "",
-        compact: false,
-        signal: "SIGUSR2",
-        reportOnFatalError: false,
-        reportOnSignal: false,
-        reportOnUncaughtException: false,
-        getReport() {
-            return {};
-        },
-        writeReport() {
-            return "";
-        },
-    },
-    // Debug port
-    debugPort: 9229,
-    // Internal state
-    _cwd: config.cwd,
-    _umask: 0o022,
-};
-// Make process.off === process.removeListener (same function reference)
-process.off = process.removeListener;
-// Add memoryUsage.rss
-process.memoryUsage.rss =
-    function () {
-        return 50 * 1024 * 1024;
-    };
-// Match Node.js Object.prototype.toString.call(process) === '[object process]'
-Object.defineProperty(process, Symbol.toStringTag, {
-    value: "process",
-    writable: false,
-    configurable: true,
-    enumerable: false,
-});
-export default process;
-// ============================================================================
-// Global polyfills
-// ============================================================================
-// Timer implementation
-let _timerId = 0;
-const _timers = new Map();
-const _intervals = new Map();
-/** Check timer budget. _maxTimers is injected by the host when resourceBudgets.maxTimers is set. */
-function _checkTimerBudget() {
-    if (typeof _maxTimers !== "undefined" && (_timers.size + _intervals.size) >= _maxTimers) {
-        throw new Error("ERR_RESOURCE_BUDGET_EXCEEDED: maximum number of timers exceeded");
-    }
-}
-// queueMicrotask fallback
-const _queueMicrotask = typeof queueMicrotask === "function"
-    ? queueMicrotask
-    : function (fn) {
-        Promise.resolve().then(fn);
-    };
-/**
- * Timer handle that mimics Node.js Timeout (ref/unref/Symbol.toPrimitive).
- * Timers with delay > 0 use the host's `_scheduleTimer` bridge to sleep
- * without blocking the isolate's event loop.
- */
-class TimerHandle {
-    _id;
-    _destroyed;
-    constructor(id) {
-        this._id = id;
-        this._destroyed = false;
-    }
-    ref() {
-        return this;
-    }
-    unref() {
-        return this;
-    }
-    hasRef() {
-        return true;
-    }
-    refresh() {
-        return this;
-    }
-    [Symbol.toPrimitive]() {
-        return this._id;
-    }
-}
-export function setTimeout(callback, delay, ...args) {
-    _checkTimerBudget();
-    const id = ++_timerId;
-    const handle = new TimerHandle(id);
-    _timers.set(id, handle);
-    const actualDelay = delay ?? 0;
-    // Use host timer for actual delays if available and delay > 0
-    if (typeof _scheduleTimer !== "undefined" && actualDelay > 0) {
-        // _scheduleTimer.apply() returns a Promise that resolves after the delay
-        // Using { result: { promise: true } } tells isolated-vm to wait for the
-        // host Promise to resolve before resolving the apply() Promise
-        _scheduleTimer
-            .apply(undefined, [actualDelay], { result: { promise: true } })
-            .then(() => {
-            if (_timers.has(id)) {
-                _timers.delete(id);
-                try {
-                    callback(...args);
-                }
-                catch (_e) {
-                    // Ignore timer callback errors
-                }
-            }
-        });
-    }
-    else {
-        // Use microtask for zero delay or when host timer is unavailable
-        _queueMicrotask(() => {
-            if (_timers.has(id)) {
-                _timers.delete(id);
-                try {
-                    callback(...args);
-                }
-                catch (_e) {
-                    // Ignore timer callback errors
-                }
-            }
-        });
-    }
-    return handle;
-}
-export function clearTimeout(timer) {
-    const id = timer && typeof timer === "object" && timer._id !== undefined
-        ? timer._id
-        : timer;
-    _timers.delete(id);
-}
-export function setInterval(callback, delay, ...args) {
-    _checkTimerBudget();
-    const id = ++_timerId;
-    const handle = new TimerHandle(id);
-    _intervals.set(id, handle);
-    // Enforce minimum 1ms delay to prevent microtask CPU spin
-    const actualDelay = Math.max(1, delay ?? 0);
-    // Schedule interval execution
-    const scheduleNext = () => {
-        if (!_intervals.has(id))
-            return; // Interval was cleared
-        if (typeof _scheduleTimer !== "undefined" && actualDelay > 0) {
-            // Use host timer for actual delays
-            _scheduleTimer
-                .apply(undefined, [actualDelay], { result: { promise: true } })
-                .then(() => {
-                if (_intervals.has(id)) {
-                    try {
-                        callback(...args);
-                    }
-                    catch (_e) {
-                        // Ignore timer callback errors
-                    }
-                    // Schedule next iteration
-                    scheduleNext();
-                }
-            });
-        }
-        else {
-            // Use microtask for zero delay or when host timer unavailable
-            _queueMicrotask(() => {
-                if (_intervals.has(id)) {
-                    try {
-                        callback(...args);
-                    }
-                    catch (_e) {
-                        // Ignore timer callback errors
-                    }
-                    // Schedule next iteration
-                    scheduleNext();
-                }
-            });
-        }
-    };
-    // Start the interval
-    scheduleNext();
-    return handle;
-}
-export function clearInterval(timer) {
-    const id = timer && typeof timer === "object" && timer._id !== undefined
-        ? timer._id
-        : timer;
-    _intervals.delete(id);
-}
-export function setImmediate(callback, ...args) {
-    return setTimeout(callback, 0, ...args);
-}
-export function clearImmediate(id) {
-    clearTimeout(id);
-}
-// URL and URLSearchParams - use whatwg-url for spec-compliant implementation
-export const URL = WhatwgURL;
-export const URLSearchParams = WhatwgURLSearchParams;
-// TextEncoder and TextDecoder - re-export from polyfills
-export { TextEncoder, TextDecoder };
-// Buffer - use buffer package polyfill
-export const Buffer = BufferPolyfill;
-// Patch internal V8 Buffer slice/write methods used by native-protocol libraries
-// (ssh2, msgpack, protobuf, etc.). The polyfill supports these encodings through
-// toString()/write() but doesn't expose the fast-path internal methods.
-const bp = BufferPolyfill.prototype;
-const sliceEncodings = ["utf8", "ascii", "latin1", "binary", "hex", "base64", "ucs2", "utf16le"];
-for (const enc of sliceEncodings) {
-    const sliceKey = `${enc}Slice`;
-    if (typeof bp[sliceKey] !== "function") {
-        bp[sliceKey] = function (start, end) {
-            return this.toString(enc, start, end);
-        };
-    }
-    const writeKey = `${enc}Write`;
-    if (typeof bp[writeKey] !== "function") {
-        bp[writeKey] = function (str, offset, length) {
-            return this.write(str, offset, length, enc);
-        };
-    }
-}
-function throwUnsupportedCryptoApi(api) {
-    throw new Error(`crypto.${api} is not supported in sandbox`);
-}
-/**
- * Crypto polyfill that delegates to the host for entropy. `getRandomValues`
- * calls the host's `_cryptoRandomFill` bridge to get cryptographically secure
- * random bytes. Subtle crypto operations are unsupported.
- */
-export const cryptoPolyfill = {
-    getRandomValues(array) {
-        if (typeof _cryptoRandomFill === "undefined") {
-            throwUnsupportedCryptoApi("getRandomValues");
-        }
-        // Web Crypto API spec caps getRandomValues at 65536 bytes.
-        if (array.byteLength > 65536) {
-            throw new RangeError(`The ArrayBufferView's byte length (${array.byteLength}) exceeds the number of bytes of entropy available via this API (65536)`);
-        }
-        const bytes = new Uint8Array(array.buffer, array.byteOffset, array.byteLength);
-        try {
-            const base64 = _cryptoRandomFill.applySync(undefined, [bytes.byteLength]);
-            const hostBytes = BufferPolyfill.from(base64, "base64");
-            if (hostBytes.byteLength !== bytes.byteLength) {
-                throw new Error("invalid host entropy size");
-            }
-            bytes.set(hostBytes);
-            return array;
-        }
-        catch {
-            throwUnsupportedCryptoApi("getRandomValues");
-        }
-    },
-    randomUUID() {
-        if (typeof _cryptoRandomUUID === "undefined") {
-            throwUnsupportedCryptoApi("randomUUID");
-        }
-        try {
-            const uuid = _cryptoRandomUUID.applySync(undefined, []);
-            if (typeof uuid !== "string") {
-                throw new Error("invalid host uuid");
-            }
-            return uuid;
-        }
-        catch {
-            throwUnsupportedCryptoApi("randomUUID");
-        }
-    },
-    subtle: {
-        digest() {
-            throw new Error("crypto.subtle.digest is not supported in sandbox");
-        },
-        encrypt() {
-            throw new Error("crypto.subtle.encrypt is not supported in sandbox");
-        },
-        decrypt() {
-            throw new Error("crypto.subtle.decrypt is not supported in sandbox");
-        },
-    },
-};
-/**
- * Install all process/timer/URL/Buffer/crypto polyfills onto `globalThis`.
- * Called once during bridge initialization before user code runs.
- */
-export function setupGlobals() {
-    const g = globalThis;
-    // Process - simple assignment is sufficient since we use external: ["process"]
-    // in polyfills.ts, which prevents node-stdlib-browser's process shim from being
-    // bundled and overwriting our process object.
-    g.process = process;
-    // Timers
-    g.setTimeout = setTimeout;
-    g.clearTimeout = clearTimeout;
-    g.setInterval = setInterval;
-    g.clearInterval = clearInterval;
-    g.setImmediate = setImmediate;
-    g.clearImmediate = clearImmediate;
-    // queueMicrotask
-    if (typeof g.queueMicrotask === "undefined") {
-        g.queueMicrotask = _queueMicrotask;
-    }
-    // URL
-    if (typeof g.URL === "undefined") {
-        g.URL = URL;
-    }
-    if (typeof g.URLSearchParams === "undefined") {
-        g.URLSearchParams = URLSearchParams;
-    }
-    // TextEncoder/TextDecoder
-    if (typeof g.TextEncoder === "undefined") {
-        g.TextEncoder = TextEncoder;
-    }
-    if (typeof g.TextDecoder === "undefined") {
-        g.TextDecoder = TextDecoder;
-    }
-    // Buffer
-    if (typeof g.Buffer === "undefined") {
-        g.Buffer = Buffer;
-    }
-    const globalBuffer = g.Buffer;
-    if (typeof globalBuffer.kMaxLength !== "number") {
-        globalBuffer.kMaxLength = BUFFER_MAX_LENGTH;
-    }
-    if (typeof globalBuffer.kStringMaxLength !== "number") {
-        globalBuffer.kStringMaxLength = BUFFER_MAX_STRING_LENGTH;
-    }
-    if (typeof globalBuffer.constants !== "object" ||
-        globalBuffer.constants === null) {
-        globalBuffer.constants = BUFFER_CONSTANTS;
-    }
-    // Crypto
-    if (typeof g.crypto === "undefined") {
-        g.crypto = cryptoPolyfill;
-    }
-    else {
-        const cryptoObj = g.crypto;
-        if (typeof cryptoObj.getRandomValues === "undefined") {
-            cryptoObj.getRandomValues = cryptoPolyfill.getRandomValues;
-        }
-        if (typeof cryptoObj.randomUUID === "undefined") {
-            cryptoObj.randomUUID = cryptoPolyfill.randomUUID;
-        }
-    }
-}