@secure-exec/core 0.2.0-rc.1 → 0.2.0

package/dist/isolate-runtime/setup-dynamic-import.js

@@ -31,6 +31,7 @@
   var __dynamicImportConfig = globalThis.__runtimeDynamicImportConfig ?? {};
   var __fallbackReferrer = typeof __dynamicImportConfig.referrerPath === "string" && __dynamicImportConfig.referrerPath.length > 0 ? __dynamicImportConfig.referrerPath : "/";
   var __dynamicImportCache = /* @__PURE__ */ new Map();
+  var __pathToFileURL = typeof globalThis.require === "function" ? globalThis.require("node:url").pathToFileURL ?? null : null;
   var __resolveDynamicImportPath = function(request, referrer) {
     if (!request.startsWith("./") && !request.startsWith("../") && !request.startsWith("/")) {
       return request;
@@ -88,5 +89,35 @@
     __dynamicImportCache.set(cacheKey, namespaceFallback);
     return Promise.resolve(namespaceFallback);
   };
+  var __importMetaResolveHandler = function(specifier, fromPath) {
+    const request = String(specifier);
+    const referrer = typeof fromPath === "string" && fromPath.length > 0 ? fromPath : __fallbackReferrer;
+    let resolved = null;
+    if (typeof globalThis._resolveModuleSync !== "undefined") {
+      resolved = globalThis._resolveModuleSync.applySync(
+        void 0,
+        [request, referrer, "import"]
+      );
+    }
+    if (resolved === null || resolved === void 0) {
+      resolved = globalThis._resolveModule.applySyncPromise(
+        void 0,
+        [request, referrer, "import"]
+      );
+    }
+    if (resolved === null) {
+      const err = new Error("Cannot find module '" + request + "'");
+      err.code = "MODULE_NOT_FOUND";
+      throw err;
+    }
+    if (resolved.startsWith("node:")) {
+      return resolved;
+    }
+    if (__pathToFileURL && resolved.startsWith("/")) {
+      return __pathToFileURL(resolved).href;
+    }
+    return resolved;
+  };
   __runtimeExposeCustomGlobal("__dynamicImport", __dynamicImportHandler);
+  __runtimeExposeCustomGlobal("__importMetaResolve", __importMetaResolveHandler);
 })();

package/dist/kernel/device-backend.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Device backend.
+ *
+ * Standalone VirtualFileSystem that handles device nodes.
+ * Receives relative paths (e.g. "null" not "/dev/null").
+ * Designed to be mounted at /dev via MountTable.
+ */
+import type { VirtualFileSystem } from "./vfs.js";
+/**
+ * Create a standalone device backend VFS.
+ * All paths are relative to /dev (e.g. "null", "zero", "pts/0").
+ * Mount at /dev via MountTable.
+ */
+export declare function createDeviceBackend(): VirtualFileSystem;

package/dist/kernel/device-backend.js

@@ -0,0 +1,251 @@
+/**
+ * Device backend.
+ *
+ * Standalone VirtualFileSystem that handles device nodes.
+ * Receives relative paths (e.g. "null" not "/dev/null").
+ * Designed to be mounted at /dev via MountTable.
+ */
+import { KernelError } from "./types.js";
+const DEVICE_NAMES = new Set([
+    "null",
+    "zero",
+    "stdin",
+    "stdout",
+    "stderr",
+    "urandom",
+    "random",
+    "tty",
+    "console",
+    "full",
+    "ptmx",
+]);
+const DEVICE_INO = {
+    null: 0xffff_0001,
+    zero: 0xffff_0002,
+    stdin: 0xffff_0003,
+    stdout: 0xffff_0004,
+    stderr: 0xffff_0005,
+    urandom: 0xffff_0006,
+    random: 0xffff_0007,
+    tty: 0xffff_0008,
+    console: 0xffff_0009,
+    full: 0xffff_000a,
+    ptmx: 0xffff_000b,
+};
+/** Device pseudo-directories that contain dynamic entries. */
+const DEVICE_DIRS = new Set(["fd", "pts", "shm"]);
+function isDeviceName(path) {
+    return (DEVICE_NAMES.has(path) || path.startsWith("fd/") || path.startsWith("pts/"));
+}
+function isDeviceDir(path) {
+    return path === "" || DEVICE_DIRS.has(path);
+}
+function deviceStat(path) {
+    const now = Date.now();
+    return {
+        mode: 0o666,
+        size: 0,
+        isDirectory: false,
+        isSymbolicLink: false,
+        atimeMs: now,
+        mtimeMs: now,
+        ctimeMs: now,
+        birthtimeMs: now,
+        ino: DEVICE_INO[path] ?? 0xffff_0000,
+        nlink: 1,
+        uid: 0,
+        gid: 0,
+    };
+}
+function dirStat(path) {
+    const now = Date.now();
+    return {
+        mode: 0o755,
+        size: 0,
+        isDirectory: true,
+        isSymbolicLink: false,
+        atimeMs: now,
+        mtimeMs: now,
+        ctimeMs: now,
+        birthtimeMs: now,
+        ino: DEVICE_INO[path] ?? 0xffff_0000,
+        nlink: 2,
+        uid: 0,
+        gid: 0,
+    };
+}
+const DEV_DIR_ENTRIES = [
+    { name: "null", isDirectory: false },
+    { name: "zero", isDirectory: false },
+    { name: "stdin", isDirectory: false },
+    { name: "stdout", isDirectory: false },
+    { name: "stderr", isDirectory: false },
+    { name: "urandom", isDirectory: false },
+    { name: "random", isDirectory: false },
+    { name: "tty", isDirectory: false },
+    { name: "console", isDirectory: false },
+    { name: "full", isDirectory: false },
+    { name: "ptmx", isDirectory: false },
+    { name: "fd", isDirectory: true },
+    { name: "pts", isDirectory: true },
+    { name: "shm", isDirectory: true },
+];
+function randomBytes(length) {
+    const buf = new Uint8Array(length);
+    if (typeof globalThis.crypto?.getRandomValues === "function") {
+        globalThis.crypto.getRandomValues(buf);
+    }
+    else {
+        for (let i = 0; i < buf.length; i++) {
+            buf[i] = (Math.random() * 256) | 0;
+        }
+    }
+    return buf;
+}
+function notFound(path) {
+    throw new KernelError("ENOENT", `no such device: ${path}`);
+}
+/**
+ * Create a standalone device backend VFS.
+ * All paths are relative to /dev (e.g. "null", "zero", "pts/0").
+ * Mount at /dev via MountTable.
+ */
+export function createDeviceBackend() {
+    const backend = {
+        async readFile(path) {
+            if (path === "null" || path === "full")
+                return new Uint8Array(0);
+            if (path === "zero")
+                return new Uint8Array(4096);
+            if (path === "urandom" || path === "random")
+                return randomBytes(4096);
+            if (path === "tty" || path === "console" || path === "ptmx")
+                return new Uint8Array(0);
+            if (path === "stdin" || path === "stdout" || path === "stderr")
+                return new Uint8Array(0);
+            notFound(path);
+        },
+        async pread(path, _offset, length) {
+            if (path === "null" || path === "full")
+                return new Uint8Array(0);
+            if (path === "zero")
+                return new Uint8Array(length);
+            if (path === "urandom" || path === "random")
+                return randomBytes(length);
+            if (path === "tty" || path === "console" || path === "ptmx")
+                return new Uint8Array(0);
+            if (path === "stdin" || path === "stdout" || path === "stderr")
+                return new Uint8Array(0);
+            notFound(path);
+        },
+        async readTextFile(path) {
+            const bytes = await this.readFile(path);
+            return new TextDecoder().decode(bytes);
+        },
+        async readDir(path) {
+            if (path === "")
+                return DEV_DIR_ENTRIES.map((e) => e.name);
+            if (DEVICE_DIRS.has(path))
+                return [];
+            notFound(path);
+        },
+        async readDirWithTypes(path) {
+            if (path === "")
+                return DEV_DIR_ENTRIES;
+            if (DEVICE_DIRS.has(path))
+                return [];
+            notFound(path);
+        },
+        async writeFile(path, _content) {
+            if (path === "full")
+                throw new KernelError("ENOSPC", "No space left on device");
+            if (DEVICE_NAMES.has(path) ||
+                path.startsWith("fd/") ||
+                path.startsWith("pts/")) {
+                return;
+            }
+            notFound(path);
+        },
+        async pwrite(path, _offset, _data) {
+            if (path === "full")
+                throw new KernelError("ENOSPC", "No space left on device");
+            if (DEVICE_NAMES.has(path) ||
+                path.startsWith("fd/") ||
+                path.startsWith("pts/")) {
+                return;
+            }
+            notFound(path);
+        },
+        async createDir(path) {
+            if (isDeviceDir(path))
+                return;
+            throw new KernelError("EPERM", "cannot create directory in /dev");
+        },
+        async mkdir(path, _options) {
+            if (isDeviceDir(path))
+                return;
+            throw new KernelError("EPERM", "cannot create directory in /dev");
+        },
+        async exists(path) {
+            return isDeviceName(path) || isDeviceDir(path);
+        },
+        async stat(path) {
+            if (isDeviceName(path))
+                return deviceStat(path);
+            if (isDeviceDir(path))
+                return dirStat(path);
+            notFound(path);
+        },
+        async removeFile(path) {
+            if (isDeviceName(path))
+                throw new KernelError("EPERM", "cannot remove device");
+            notFound(path);
+        },
+        async removeDir(path) {
+            if (isDeviceDir(path))
+                throw new KernelError("EPERM", "cannot remove device directory");
+            notFound(path);
+        },
+        async rename(_oldPath, _newPath) {
+            throw new KernelError("EPERM", "cannot rename device");
+        },
+        async realpath(path) {
+            if (isDeviceName(path) || isDeviceDir(path))
+                return path;
+            notFound(path);
+        },
+        async symlink(_target, _linkPath) {
+            throw new KernelError("EPERM", "cannot create symlink in /dev");
+        },
+        async readlink(path) {
+            notFound(path);
+        },
+        async lstat(path) {
+            return this.stat(path);
+        },
+        async link(_oldPath, _newPath) {
+            throw new KernelError("EPERM", "cannot link device");
+        },
+        async chmod(path, _mode) {
+            if (isDeviceName(path) || isDeviceDir(path))
+                return;
+            notFound(path);
+        },
+        async chown(path, _uid, _gid) {
+            if (isDeviceName(path) || isDeviceDir(path))
+                return;
+            notFound(path);
+        },
+        async utimes(path, _atime, _mtime) {
+            if (isDeviceName(path) || isDeviceDir(path))
+                return;
+            notFound(path);
+        },
+        async truncate(path, _length) {
+            if (isDeviceName(path) || isDeviceDir(path))
+                return;
+            notFound(path);
+        },
+    };
+    return backend;
+}

package/dist/kernel/device-layer.js

@@ -160,6 +160,15 @@ export function createDeviceLayer(vfs) {
                 return;
             return vfs.writeFile(path, content);
         },
+        async pwrite(path, offset, data) {
+            if (path === "/dev/full")
+                throw new KernelError("ENOSPC", "No space left on device");
+            if (path === "/dev/null" || path === "/dev/zero" || path === "/dev/urandom"
+                || path === "/dev/random" || path === "/dev/tty" || path === "/dev/console"
+                || path === "/dev/ptmx")
+                return;
+            return vfs.pwrite(path, offset, data);
+        },
         async createDir(path) {
             if (isDeviceDir(path))
                 return;

package/dist/kernel/file-lock.js

@@ -12,7 +12,6 @@ export const LOCK_SH = 1;
 export const LOCK_EX = 2;
 export const LOCK_UN = 8;
 export const LOCK_NB = 4;
-const FLOCK_WAIT_TIMEOUT_MS = 30_000;
 export class FileLockManager {
     /** path -> lock state */
     locks = new Map();
@@ -40,8 +39,8 @@ export class FileLockManager {
             if (nonBlocking) {
                 throw new KernelError("EAGAIN", "resource temporarily unavailable");
             }
-            // Bound each wait so callers can re-check lock state without hanging forever.
-            const handle = state.waiters.enqueue(FLOCK_WAIT_TIMEOUT_MS);
+            // Wait indefinitely until an unlock wakes this waiter.
+            const handle = state.waiters.enqueue();
             try {
                 await handle.wait();
             }

package/dist/kernel/index.d.ts

@@ -6,21 +6,21 @@
  * same kernel instance.
  */
 export { createKernel } from "./kernel.js";
-export type { Kernel, KernelOptions, KernelInterface, ExecOptions, ExecResult, SpawnOptions, ManagedProcess, RuntimeDriver, ProcessContext, DriverProcess, ProcessEntry, ProcessInfo, FDStat, FileDescription, FDEntry, Pipe, Permissions, PermissionDecision, PermissionCheck, FsAccessRequest, NetworkAccessRequest, ChildProcessAccessRequest, EnvAccessRequest, KernelErrorCode, SignalDisposition, SignalHandler, ProcessSignalState, Termios, TermiosCC, OpenShellOptions, ShellHandle, ConnectTerminalOptions, } from "./types.js";
-export { KernelError, defaultTermios } from "./types.js";
+export type { FsMount, Kernel, KernelOptions, KernelInterface, KernelLogger, ExecOptions, ExecResult, SpawnOptions, ManagedProcess, RuntimeDriver, ProcessContext, DriverProcess, ProcessEntry, ProcessInfo, FDStat, FileDescription, FDEntry, Pipe, Permissions, PermissionDecision, PermissionCheck, FsAccessRequest, NetworkAccessRequest, ChildProcessAccessRequest, EnvAccessRequest, KernelErrorCode, SignalDisposition, SignalHandler, ProcessSignalState, Termios, TermiosCC, OpenShellOptions, ShellHandle, ConnectTerminalOptions, } from "./types.js";
+export { KernelError, defaultTermios, noopKernelLogger } from "./types.js";
 export type { VirtualFileSystem, VirtualDirEntry, VirtualStat, } from "./vfs.js";
 export { FDTableManager, ProcessFDTable } from "./fd-table.js";
 export { ProcessTable } from "./process-table.js";
 export { createDeviceLayer } from "./device-layer.js";
 export { createProcLayer, createProcessScopedFileSystem, resolveProcSelfPath, } from "./proc-layer.js";
+export { createProcBackend } from "./proc-backend.js";
+export type { ProcBackendOptions } from "./proc-backend.js";
 export { PipeManager } from "./pipe-manager.js";
 export { PtyManager } from "./pty.js";
 export type { LineDisciplineConfig } from "./pty.js";
 export { CommandRegistry } from "./command-registry.js";
 export { FileLockManager, LOCK_SH, LOCK_EX, LOCK_UN, LOCK_NB } from "./file-lock.js";
 export { WaitHandle, WaitQueue } from "./wait.js";
-export { InodeTable } from "./inode-table.js";
-export type { Inode } from "./inode-table.js";
 export { TimerTable } from "./timer-table.js";
 export type { KernelTimer, TimerTableOptions } from "./timer-table.js";
 export { DnsCache } from "./dns-cache.js";

package/dist/kernel/index.js

@@ -7,19 +7,19 @@
  */
 // Kernel factory
 export { createKernel } from "./kernel.js";
-// Structured kernel error and termios defaults
-export { KernelError, defaultTermios } from "./types.js";
+// Structured kernel error, termios defaults, and no-op logger
+export { KernelError, defaultTermios, noopKernelLogger } from "./types.js";
 // Kernel components (for direct use / testing)
 export { FDTableManager, ProcessFDTable } from "./fd-table.js";
 export { ProcessTable } from "./process-table.js";
 export { createDeviceLayer } from "./device-layer.js";
 export { createProcLayer, createProcessScopedFileSystem, resolveProcSelfPath, } from "./proc-layer.js";
+export { createProcBackend } from "./proc-backend.js";
 export { PipeManager } from "./pipe-manager.js";
 export { PtyManager } from "./pty.js";
 export { CommandRegistry } from "./command-registry.js";
 export { FileLockManager, LOCK_SH, LOCK_EX, LOCK_UN, LOCK_NB } from "./file-lock.js";
 export { WaitHandle, WaitQueue } from "./wait.js";
-export { InodeTable } from "./inode-table.js";
 export { TimerTable } from "./timer-table.js";
 export { DnsCache } from "./dns-cache.js";
 export { UserManager } from "./user.js";