@secure-exec/core 0.2.0-rc.1 → 0.2.0

package/dist/shared/bridge-contract.d.ts

@@ -91,6 +91,7 @@ export declare const HOST_BRIDGE_GLOBAL_KEYS: {
     readonly networkHttp2StreamPushStreamRaw: "_networkHttp2StreamPushStreamRaw";
     readonly networkHttp2StreamWriteRaw: "_networkHttp2StreamWriteRaw";
     readonly networkHttp2StreamEndRaw: "_networkHttp2StreamEndRaw";
+    readonly networkHttp2StreamCloseRaw: "_networkHttp2StreamCloseRaw";
     readonly networkHttp2StreamPauseRaw: "_networkHttp2StreamPauseRaw";
     readonly networkHttp2StreamResumeRaw: "_networkHttp2StreamResumeRaw";
     readonly networkHttp2StreamRespondWithFileRaw: "_networkHttp2StreamRespondWithFileRaw";
@@ -124,6 +125,7 @@ export declare const HOST_BRIDGE_GLOBAL_KEYS: {
     readonly resolveModuleSync: "_resolveModuleSync";
     readonly loadFileSync: "_loadFileSync";
     readonly ptySetRawMode: "_ptySetRawMode";
+    readonly kernelStdinRead: "_kernelStdinRead";
     readonly processConfig: "_processConfig";
     readonly osConfig: "_osConfig";
     readonly log: "_log";
@@ -237,6 +239,7 @@ export declare const HOST_BRIDGE_GLOBAL_KEY_LIST: ValueOf<{
     readonly networkHttp2StreamPushStreamRaw: "_networkHttp2StreamPushStreamRaw";
     readonly networkHttp2StreamWriteRaw: "_networkHttp2StreamWriteRaw";
     readonly networkHttp2StreamEndRaw: "_networkHttp2StreamEndRaw";
+    readonly networkHttp2StreamCloseRaw: "_networkHttp2StreamCloseRaw";
     readonly networkHttp2StreamPauseRaw: "_networkHttp2StreamPauseRaw";
     readonly networkHttp2StreamResumeRaw: "_networkHttp2StreamResumeRaw";
     readonly networkHttp2StreamRespondWithFileRaw: "_networkHttp2StreamRespondWithFileRaw";
@@ -270,6 +273,7 @@ export declare const HOST_BRIDGE_GLOBAL_KEY_LIST: ValueOf<{
     readonly resolveModuleSync: "_resolveModuleSync";
     readonly loadFileSync: "_loadFileSync";
     readonly ptySetRawMode: "_ptySetRawMode";
+    readonly kernelStdinRead: "_kernelStdinRead";
     readonly processConfig: "_processConfig";
     readonly osConfig: "_osConfig";
     readonly log: "_log";
@@ -379,6 +383,7 @@ export declare const BRIDGE_GLOBAL_KEY_LIST: readonly (ValueOf<{
     readonly networkHttp2StreamPushStreamRaw: "_networkHttp2StreamPushStreamRaw";
     readonly networkHttp2StreamWriteRaw: "_networkHttp2StreamWriteRaw";
     readonly networkHttp2StreamEndRaw: "_networkHttp2StreamEndRaw";
+    readonly networkHttp2StreamCloseRaw: "_networkHttp2StreamCloseRaw";
     readonly networkHttp2StreamPauseRaw: "_networkHttp2StreamPauseRaw";
     readonly networkHttp2StreamResumeRaw: "_networkHttp2StreamResumeRaw";
     readonly networkHttp2StreamRespondWithFileRaw: "_networkHttp2StreamRespondWithFileRaw";
@@ -412,6 +417,7 @@ export declare const BRIDGE_GLOBAL_KEY_LIST: readonly (ValueOf<{
     readonly resolveModuleSync: "_resolveModuleSync";
     readonly loadFileSync: "_loadFileSync";
     readonly ptySetRawMode: "_ptySetRawMode";
+    readonly kernelStdinRead: "_kernelStdinRead";
     readonly processConfig: "_processConfig";
     readonly osConfig: "_osConfig";
     readonly log: "_log";
@@ -463,6 +469,7 @@ export interface BridgeApplySyncRef<TArgs extends unknown[], TResult> {
 export interface BridgeApplySyncPromiseRef<TArgs extends unknown[], TResult> {
     applySyncPromise(ctx: undefined, args: TArgs): TResult;
 }
+export type ModuleLoadMode = "require" | "import";
 export type DynamicImportBridgeRef = BridgeApplyRef<[
     string,
     string
@@ -471,13 +478,20 @@ export type LoadPolyfillBridgeRef = BridgeApplyRef<[string], string | null>;
 export type ResolveModuleBridgeRef = BridgeApplySyncPromiseRef<[
     string,
     string
-], string | null>;
-export type LoadFileBridgeRef = BridgeApplySyncPromiseRef<[string], string | null>;
+] | [string, string, ModuleLoadMode], string | null>;
+export type LoadFileBridgeRef = BridgeApplySyncPromiseRef<[
+    string
+] | [string, ModuleLoadMode], string | null>;
 export type RequireFromBridgeFn = (request: string, dirname: string) => unknown;
 export type ModuleCacheBridgeRecord = Record<string, unknown>;
 export type ProcessLogBridgeRef = BridgeApplySyncRef<[string], void>;
 export type ProcessErrorBridgeRef = BridgeApplySyncRef<[string], void>;
 export type ScheduleTimerBridgeRef = BridgeApplyRef<[number], void>;
+export type KernelStdinReadBridgeRef = BridgeApplyRef<[
+], {
+    done: boolean;
+    dataBase64?: string;
+}>;
 export type CryptoRandomFillBridgeRef = BridgeApplySyncRef<[number], string>;
 export type CryptoRandomUuidBridgeRef = BridgeApplySyncRef<[], string>;
 export type CryptoHashDigestBridgeRef = BridgeApplySyncRef<[string, string], string>;
@@ -678,7 +692,7 @@ export type NetworkHttp2StreamRespondRawBridgeRef = BridgeApplySyncRef<[
     number,
     string
 ], void>;
-export type NetworkHttp2StreamPushStreamRawBridgeRef = BridgeApplySyncPromiseRef<[
+export type NetworkHttp2StreamPushStreamRawBridgeRef = BridgeApplySyncRef<[
     number,
     string,
     string
@@ -691,6 +705,10 @@ export type NetworkHttp2StreamEndRawBridgeRef = BridgeApplySyncRef<[
     number,
     string | null
 ], void>;
+export type NetworkHttp2StreamCloseRawBridgeRef = BridgeApplySyncRef<[
+    number,
+    number | null
+], void>;
 export type NetworkHttp2StreamPauseRawBridgeRef = BridgeApplySyncRef<[number], void>;
 export type NetworkHttp2StreamResumeRawBridgeRef = BridgeApplySyncRef<[number], void>;
 export type NetworkHttp2StreamRespondWithFileRawBridgeRef = BridgeApplySyncRef<[

package/dist/shared/bridge-contract.js

@@ -93,6 +93,7 @@ export const HOST_BRIDGE_GLOBAL_KEYS = {
     networkHttp2StreamPushStreamRaw: "_networkHttp2StreamPushStreamRaw",
     networkHttp2StreamWriteRaw: "_networkHttp2StreamWriteRaw",
     networkHttp2StreamEndRaw: "_networkHttp2StreamEndRaw",
+    networkHttp2StreamCloseRaw: "_networkHttp2StreamCloseRaw",
     networkHttp2StreamPauseRaw: "_networkHttp2StreamPauseRaw",
     networkHttp2StreamResumeRaw: "_networkHttp2StreamResumeRaw",
     networkHttp2StreamRespondWithFileRaw: "_networkHttp2StreamRespondWithFileRaw",
@@ -126,6 +127,7 @@ export const HOST_BRIDGE_GLOBAL_KEYS = {
     resolveModuleSync: "_resolveModuleSync",
     loadFileSync: "_loadFileSync",
     ptySetRawMode: "_ptySetRawMode",
+    kernelStdinRead: "_kernelStdinRead",
     processConfig: "_processConfig",
     osConfig: "_osConfig",
     log: "_log",

package/dist/shared/console-formatter.js

@@ -148,14 +148,14 @@ export function getConsoleSetupCode(budget = DEFAULT_CONSOLE_SERIALIZATION_BUDGE
       const formatConsoleArgs = ${formatConsoleArgs.toString()};
 
       globalThis.console = {
-        log: (...args) => _log(formatConsoleArgs(args, __consoleBudget)),
-        error: (...args) => _error(formatConsoleArgs(args, __consoleBudget)),
-        warn: (...args) => _error(formatConsoleArgs(args, __consoleBudget)),
-        info: (...args) => _log(formatConsoleArgs(args, __consoleBudget)),
-        debug: (...args) => _log(formatConsoleArgs(args, __consoleBudget)),
-        trace: (...args) => _error(formatConsoleArgs(args, __consoleBudget)),
-        dir: (...args) => _log(formatConsoleArgs(args, __consoleBudget)),
-        table: (...args) => _log(formatConsoleArgs(args, __consoleBudget)),
+        log: (...args) => _log(formatConsoleArgs(args, __consoleBudget) + "\\n"),
+        error: (...args) => _error(formatConsoleArgs(args, __consoleBudget) + "\\n"),
+        warn: (...args) => _error(formatConsoleArgs(args, __consoleBudget) + "\\n"),
+        info: (...args) => _log(formatConsoleArgs(args, __consoleBudget) + "\\n"),
+        debug: (...args) => _log(formatConsoleArgs(args, __consoleBudget) + "\\n"),
+        trace: (...args) => _error(formatConsoleArgs(args, __consoleBudget) + "\\n"),
+        dir: (...args) => _log(formatConsoleArgs(args, __consoleBudget) + "\\n"),
+        table: (...args) => _log(formatConsoleArgs(args, __consoleBudget) + "\\n"),
       };
     `;
 }

package/dist/shared/global-exposure.js

@@ -480,6 +480,11 @@ export const NODE_CUSTOM_GLOBAL_INVENTORY = [
         classification: "hardened",
         rationale: "Host HTTP/2 session settings bridge reference.",
     },
+    {
+        name: "_networkHttp2SessionSetLocalWindowSizeRaw",
+        classification: "hardened",
+        rationale: "Host HTTP/2 session local-window bridge reference.",
+    },
     {
         name: "_networkHttp2SessionGoawayRaw",
         classification: "hardened",
@@ -500,6 +505,16 @@ export const NODE_CUSTOM_GLOBAL_INVENTORY = [
         classification: "hardened",
         rationale: "Host HTTP/2 session lifetime bridge reference.",
     },
+    {
+        name: "_networkHttp2ServerPollRaw",
+        classification: "hardened",
+        rationale: "Host HTTP/2 server event-poll bridge reference.",
+    },
+    {
+        name: "_networkHttp2SessionPollRaw",
+        classification: "hardened",
+        rationale: "Host HTTP/2 session event-poll bridge reference.",
+    },
     {
         name: "_networkHttp2StreamRespondRaw",
         classification: "hardened",
@@ -520,6 +535,31 @@ export const NODE_CUSTOM_GLOBAL_INVENTORY = [
         classification: "hardened",
         rationale: "Host HTTP/2 stream end bridge reference.",
     },
+    {
+        name: "_networkHttp2StreamCloseRaw",
+        classification: "hardened",
+        rationale: "Host HTTP/2 stream close bridge reference.",
+    },
+    {
+        name: "_networkHttp2StreamPauseRaw",
+        classification: "hardened",
+        rationale: "Host HTTP/2 stream pause bridge reference.",
+    },
+    {
+        name: "_networkHttp2StreamResumeRaw",
+        classification: "hardened",
+        rationale: "Host HTTP/2 stream resume bridge reference.",
+    },
+    {
+        name: "_networkHttp2StreamRespondWithFileRaw",
+        classification: "hardened",
+        rationale: "Host HTTP/2 stream respondWithFile bridge reference.",
+    },
+    {
+        name: "_networkHttp2ServerRespondRaw",
+        classification: "hardened",
+        rationale: "Host HTTP/2 server-response bridge reference.",
+    },
     {
         name: "_upgradeSocketWriteRaw",
         classification: "hardened",
@@ -610,6 +650,46 @@ export const NODE_CUSTOM_GLOBAL_INVENTORY = [
         classification: "hardened",
         rationale: "Host net server close bridge reference.",
     },
+    {
+        name: "_dgramSocketCreateRaw",
+        classification: "hardened",
+        rationale: "Host dgram socket create bridge reference.",
+    },
+    {
+        name: "_dgramSocketBindRaw",
+        classification: "hardened",
+        rationale: "Host dgram socket bind bridge reference.",
+    },
+    {
+        name: "_dgramSocketRecvRaw",
+        classification: "hardened",
+        rationale: "Host dgram socket receive bridge reference.",
+    },
+    {
+        name: "_dgramSocketSendRaw",
+        classification: "hardened",
+        rationale: "Host dgram socket send bridge reference.",
+    },
+    {
+        name: "_dgramSocketCloseRaw",
+        classification: "hardened",
+        rationale: "Host dgram socket close bridge reference.",
+    },
+    {
+        name: "_dgramSocketAddressRaw",
+        classification: "hardened",
+        rationale: "Host dgram socket address bridge reference.",
+    },
+    {
+        name: "_dgramSocketSetBufferSizeRaw",
+        classification: "hardened",
+        rationale: "Host dgram socket buffer-size setter bridge reference.",
+    },
+    {
+        name: "_dgramSocketGetBufferSizeRaw",
+        classification: "hardened",
+        rationale: "Host dgram socket buffer-size getter bridge reference.",
+    },
     {
         name: "_batchResolveModules",
         classification: "hardened",
@@ -715,11 +795,26 @@ export const NODE_CUSTOM_GLOBAL_INVENTORY = [
         classification: "hardened",
         rationale: "Network Response API global — must not be replaceable by sandbox code.",
     },
+    {
+        name: "DOMException",
+        classification: "hardened",
+        rationale: "DOMException global stub for undici/bootstrap compatibility.",
+    },
+    {
+        name: "__importMetaResolve",
+        classification: "hardened",
+        rationale: "Internal import.meta.resolve helper for transformed ESM modules.",
+    },
     {
         name: "Blob",
         classification: "hardened",
         rationale: "Blob API global stub — must not be replaceable by sandbox code.",
     },
+    {
+        name: "File",
+        classification: "hardened",
+        rationale: "File API global stub — must not be replaceable by sandbox code.",
+    },
     {
         name: "FormData",
         classification: "hardened",

package/dist/shared/in-memory-fs.d.ts

@@ -1,61 +1,16 @@
-import { InodeTable } from "../kernel/inode-table.js";
-import type { VirtualDirEntry, VirtualFileSystem, VirtualStat } from "../kernel/vfs.js";
 /**
- * A fully in-memory VirtualFileSystem backed by inode-aware Maps.
- * Used as the default filesystem for the browser sandbox and for tests.
- * Paths are always POSIX-style (forward slashes, rooted at "/").
+ * Factory for creating an in-memory VirtualFileSystem backed by ChunkedVFS.
+ *
+ * Replaces the old monolithic InMemoryFileSystem with
+ * ChunkedVFS(InMemoryMetadataStore + InMemoryBlockStore).
  */
-export declare class InMemoryFileSystem implements VirtualFileSystem {
-    private inodeTable;
-    private files;
-    private fileContents;
-    private dirs;
-    private symlinks;
-    constructor(inodeTable?: InodeTable);
-    setInodeTable(inodeTable: InodeTable): void;
-    getInodeForPath(path: string): number | null;
-    readFileByInode(ino: number): Uint8Array;
-    writeFileByInode(ino: number, content: Uint8Array): void;
-    preadByInode(ino: number, offset: number, length: number): Uint8Array;
-    statByInode(ino: number): VirtualStat;
-    deleteInodeData(ino: number): void;
-    private listDirEntries;
-    readFile(path: string): Promise<Uint8Array>;
-    readTextFile(path: string): Promise<string>;
-    readDir(path: string): Promise<string[]>;
-    readDirWithTypes(path: string): Promise<VirtualDirEntry[]>;
-    writeFile(path: string, content: string | Uint8Array): Promise<void>;
-    prepareOpenSync(path: string, flags: number): boolean;
-    createDir(path: string): Promise<void>;
-    mkdir(path: string, _options?: {
-        recursive?: boolean;
-    }): Promise<void>;
-    private resolveIfSymlink;
-    private resolveSymlink;
-    private statForInode;
-    private statEntry;
-    exists(path: string): Promise<boolean>;
-    stat(path: string): Promise<VirtualStat>;
-    removeFile(path: string): Promise<void>;
-    removeDir(path: string): Promise<void>;
-    rename(oldPath: string, newPath: string): Promise<void>;
-    symlink(target: string, linkPath: string): Promise<void>;
-    readlink(path: string): Promise<string>;
-    lstat(path: string): Promise<VirtualStat>;
-    link(oldPath: string, newPath: string): Promise<void>;
-    chmod(path: string, mode: number): Promise<void>;
-    chown(path: string, uid: number, gid: number): Promise<void>;
-    utimes(path: string, atime: number, mtime: number): Promise<void>;
-    realpath(path: string): Promise<string>;
-    pread(path: string, offset: number, length: number): Promise<Uint8Array>;
-    truncate(path: string, length: number): Promise<void>;
-    private reindexInodes;
-    private cloneInode;
-    private allocateFileInode;
-    private allocateDirectoryInode;
-    private updateFileMetadata;
-    private requirePathInode;
-    private requireFileInode;
-    private requireInode;
-}
-export declare function createInMemoryFileSystem(): InMemoryFileSystem;
+import type { VirtualFileSystem } from "../kernel/vfs.js";
+/**
+ * Create an in-memory VirtualFileSystem using the chunked storage architecture.
+ *
+ * The returned VFS stores all data in memory via InMemoryMetadataStore and
+ * InMemoryBlockStore, composed through ChunkedVFS. It also includes a
+ * synchronous `prepareOpenSync` method used by the kernel for O_CREAT/O_EXCL/O_TRUNC
+ * handling during fdOpen.
+ */
+export declare function createInMemoryFileSystem(): VirtualFileSystem;