@secure-exec/core 0.2.1 → 0.3.0-rc.2

package/dist/kernel/fd-table.js

@@ -1,278 +0,0 @@
-/**
- * Per-PID file descriptor table.
- *
- * Each process gets its own FD number space. Multiple FDs can share the
- * same FileDescription (via dup/dup2), which shares the cursor position.
- * Standard FDs 0-2 are pre-allocated per process.
- */
-import { FILETYPE_REGULAR_FILE, FILETYPE_CHARACTER_DEVICE, O_RDONLY, O_WRONLY, O_CLOEXEC, KernelError, } from "./types.js";
-/** Maximum open FDs per process before allocations are rejected (EMFILE). */
-export const MAX_FDS_PER_PROCESS = 256;
-/**
- * FD table for a single process.
- *
- * Manages FD allocation, dup/dup2, and shared cursor via FileDescription.
- */
-export class ProcessFDTable {
-    entries = new Map();
-    nextFd = 3; // 0, 1, 2 reserved
-    allocDesc;
-    constructor(allocDesc) {
-        this.allocDesc = allocDesc;
-    }
-    /** Pre-allocate stdin, stdout, stderr */
-    initStdio(stdinDesc, stdoutDesc, stderrDesc) {
-        this.entries.set(0, {
-            fd: 0,
-            description: stdinDesc,
-            rights: 0n,
-            filetype: FILETYPE_CHARACTER_DEVICE,
-            cloexec: false,
-        });
-        this.entries.set(1, {
-            fd: 1,
-            description: stdoutDesc,
-            rights: 0n,
-            filetype: FILETYPE_CHARACTER_DEVICE,
-            cloexec: false,
-        });
-        this.entries.set(2, {
-            fd: 2,
-            description: stderrDesc,
-            rights: 0n,
-            filetype: FILETYPE_CHARACTER_DEVICE,
-            cloexec: false,
-        });
-    }
-    /** Pre-allocate stdin, stdout, stderr with custom filetypes (for pipe wiring). */
-    initStdioWithTypes(stdinDesc, stdinType, stdoutDesc, stdoutType, stderrDesc, stderrType) {
-        // Shared descriptions (from pipes) get refCount bumped
-        stdinDesc.refCount++;
-        stdoutDesc.refCount++;
-        stderrDesc.refCount++;
-        this.entries.set(0, { fd: 0, description: stdinDesc, rights: 0n, filetype: stdinType, cloexec: false });
-        this.entries.set(1, { fd: 1, description: stdoutDesc, rights: 0n, filetype: stdoutType, cloexec: false });
-        this.entries.set(2, { fd: 2, description: stderrDesc, rights: 0n, filetype: stderrType, cloexec: false });
-    }
-    /** Open a new FD for the given path and flags */
-    open(path, flags, filetype) {
-        const fd = this.allocateFd();
-        const cloexec = (flags & O_CLOEXEC) !== 0;
-        const storedFlags = flags & ~O_CLOEXEC;
-        const description = this.allocDesc(path, storedFlags);
-        this.entries.set(fd, {
-            fd,
-            description,
-            rights: 0n,
-            filetype: filetype ?? FILETYPE_REGULAR_FILE,
-            cloexec,
-        });
-        return fd;
-    }
-    /** Open a new FD pointing to an existing FileDescription (for pipes, inherited FDs) */
-    openWith(description, filetype, targetFd) {
-        const fd = targetFd ?? this.allocateFd();
-        description.refCount++;
-        this.entries.set(fd, {
-            fd,
-            description,
-            rights: 0n,
-            filetype,
-            cloexec: false,
-        });
-        return fd;
-    }
-    get(fd) {
-        return this.entries.get(fd);
-    }
-    /** Close an FD. Decrements the refcount on the shared FileDescription. */
-    close(fd) {
-        const entry = this.entries.get(fd);
-        if (!entry)
-            return false;
-        entry.description.refCount--;
-        this.entries.delete(fd);
-        return true;
-    }
-    /** Duplicate an FD — new FD shares the same FileDescription (cursor). cloexec cleared on new FD (POSIX). */
-    dup(fd) {
-        const entry = this.entries.get(fd);
-        if (!entry)
-            throw new KernelError("EBADF", `bad file descriptor ${fd}`);
-        const newFd = this.allocateFd();
-        entry.description.refCount++;
-        this.entries.set(newFd, {
-            fd: newFd,
-            description: entry.description,
-            rights: entry.rights,
-            filetype: entry.filetype,
-            cloexec: false,
-        });
-        return newFd;
-    }
-    /** Duplicate FD to lowest available >= minFd (F_DUPFD). cloexec cleared on new FD. */
-    dupMinFd(fd, minFd) {
-        const entry = this.entries.get(fd);
-        if (!entry)
-            throw new KernelError("EBADF", `bad file descriptor ${fd}`);
-        if (this.entries.size >= MAX_FDS_PER_PROCESS) {
-            throw new KernelError("EMFILE", "too many open files");
-        }
-        let newFd = minFd;
-        while (this.entries.has(newFd))
-            newFd++;
-        entry.description.refCount++;
-        this.entries.set(newFd, {
-            fd: newFd,
-            description: entry.description,
-            rights: entry.rights,
-            filetype: entry.filetype,
-            cloexec: false,
-        });
-        return newFd;
-    }
-    /** Duplicate oldFd to newFd. Closes newFd first if open. cloexec cleared on new FD (POSIX). */
-    dup2(oldFd, newFd) {
-        const entry = this.entries.get(oldFd);
-        if (!entry)
-            throw new KernelError("EBADF", `bad file descriptor ${oldFd}`);
-        if (oldFd === newFd)
-            return;
-        // Close newFd if already open
-        if (this.entries.has(newFd)) {
-            this.close(newFd);
-        }
-        entry.description.refCount++;
-        this.entries.set(newFd, {
-            fd: newFd,
-            description: entry.description,
-            rights: entry.rights,
-            filetype: entry.filetype,
-            cloexec: false,
-        });
-    }
-    stat(fd) {
-        const entry = this.entries.get(fd);
-        if (!entry)
-            throw new KernelError("EBADF", `bad file descriptor ${fd}`);
-        return {
-            filetype: entry.filetype,
-            flags: entry.description.flags,
-            rights: entry.rights,
-        };
-    }
-    /** Create a copy of this table for a child process (FD inheritance). Skips cloexec FDs. */
-    fork() {
-        const child = new ProcessFDTable(this.allocDesc);
-        child.nextFd = this.nextFd;
-        for (const [fd, entry] of this.entries) {
-            if (entry.cloexec)
-                continue;
-            entry.description.refCount++;
-            child.entries.set(fd, {
-                fd,
-                description: entry.description,
-                rights: entry.rights,
-                filetype: entry.filetype,
-                cloexec: false,
-            });
-        }
-        return child;
-    }
-    /** Close all FDs, decrementing all refcounts. */
-    closeAll() {
-        for (const [fd] of this.entries) {
-            this.close(fd);
-        }
-    }
-    /** Iterate all FD entries (for cleanup inspection). */
-    *[Symbol.iterator]() {
-        yield* this.entries.values();
-    }
-    allocateFd() {
-        // Enforce per-process FD limit
-        if (this.entries.size >= MAX_FDS_PER_PROCESS) {
-            throw new KernelError("EMFILE", "too many open files");
-        }
-        // Find lowest available FD >= nextFd hint
-        while (this.entries.has(this.nextFd)) {
-            this.nextFd++;
-        }
-        return this.nextFd++;
-    }
-}
-/**
- * Kernel-level FD table manager.
- * Owns per-PID FD tables and coordinates shared FileDescriptions.
- */
-export class FDTableManager {
-    tables = new Map();
-    nextDescriptionId = 1;
-    /** Per-instance allocator bound to this manager's ID counter. */
-    allocDesc = (path, flags) => ({
-        id: this.nextDescriptionId++,
-        path,
-        cursor: 0n,
-        flags,
-        refCount: 1,
-    });
-    /** Create a new FD table for a process with standard FDs. */
-    create(pid) {
-        const table = new ProcessFDTable(this.allocDesc);
-        table.initStdio(this.allocDesc("/dev/stdin", O_RDONLY), this.allocDesc("/dev/stdout", O_WRONLY), this.allocDesc("/dev/stderr", O_WRONLY));
-        this.tables.set(pid, table);
-        return table;
-    }
-    /**
-     * Create a new FD table with custom stdio FileDescriptions.
-     * Used for pipe wiring: pass a pipe read/write end as stdin/stdout/stderr.
-     * Null entries fall back to default device nodes.
-     */
-    createWithStdio(pid, stdinOverride, stdoutOverride, stderrOverride) {
-        const table = new ProcessFDTable(this.allocDesc);
-        const stdinDesc = stdinOverride
-            ? stdinOverride.description
-            : this.allocDesc("/dev/stdin", O_RDONLY);
-        const stdinType = stdinOverride?.filetype ?? FILETYPE_CHARACTER_DEVICE;
-        const stdoutDesc = stdoutOverride
-            ? stdoutOverride.description
-            : this.allocDesc("/dev/stdout", O_WRONLY);
-        const stdoutType = stdoutOverride?.filetype ?? FILETYPE_CHARACTER_DEVICE;
-        const stderrDesc = stderrOverride
-            ? stderrOverride.description
-            : this.allocDesc("/dev/stderr", O_WRONLY);
-        const stderrType = stderrOverride?.filetype ?? FILETYPE_CHARACTER_DEVICE;
-        table.initStdioWithTypes(stdinDesc, stdinType, stdoutDesc, stdoutType, stderrDesc, stderrType);
-        this.tables.set(pid, table);
-        return table;
-    }
-    /** Create a child FD table by forking the parent's. */
-    fork(parentPid, childPid) {
-        const parentTable = this.tables.get(parentPid);
-        if (!parentTable) {
-            return this.create(childPid);
-        }
-        const childTable = parentTable.fork();
-        this.tables.set(childPid, childTable);
-        return childTable;
-    }
-    get(pid) {
-        return this.tables.get(pid);
-    }
-    /** Check whether a PID has an FD table. */
-    has(pid) {
-        return this.tables.has(pid);
-    }
-    /** Number of active FD tables. */
-    get size() {
-        return this.tables.size;
-    }
-    /** Remove and close all FDs for a process. */
-    remove(pid) {
-        const table = this.tables.get(pid);
-        if (table) {
-            table.closeAll();
-            this.tables.delete(pid);
-        }
-    }
-}

package/dist/kernel/file-lock.d.ts

@@ -1,34 +0,0 @@
-/**
- * Advisory file lock manager (flock semantics).
- *
- * Locks are per-path (inode proxy). Multiple FDs sharing the same
- * FileDescription (via dup) share the same lock. Locks are released
- * when the description's refCount drops to zero (all FDs closed).
- */
-export declare const LOCK_SH = 1;
-export declare const LOCK_EX = 2;
-export declare const LOCK_UN = 8;
-export declare const LOCK_NB = 4;
-export declare class FileLockManager {
-    /** path -> lock state */
-    private locks;
-    /** descriptionId -> path (for cleanup) */
-    private descToPath;
-    /**
-     * Acquire, upgrade/downgrade, or release a lock.
-     *
-     * @param path      Resolved file path (inode proxy)
-     * @param descId    FileDescription id (shared across dup'd FDs)
-     * @param operation LOCK_SH | LOCK_EX | LOCK_UN, optionally | LOCK_NB
-     */
-    flock(path: string, descId: number, operation: number): Promise<void>;
-    /** Release the lock held by a specific description on a path. */
-    private unlock;
-    /** Release all locks held by a specific description (called on FD close when refCount drops to 0). */
-    releaseByDescription(descId: number): void;
-    /** Check if a description holds any lock. */
-    hasLock(descId: number): boolean;
-    private getOrCreate;
-    private tryAcquire;
-    private cleanupState;
-}

package/dist/kernel/file-lock.js

@@ -1,122 +0,0 @@
-/**
- * Advisory file lock manager (flock semantics).
- *
- * Locks are per-path (inode proxy). Multiple FDs sharing the same
- * FileDescription (via dup) share the same lock. Locks are released
- * when the description's refCount drops to zero (all FDs closed).
- */
-import { KernelError } from "./types.js";
-import { WaitQueue } from "./wait.js";
-// flock operation flags (POSIX)
-export const LOCK_SH = 1;
-export const LOCK_EX = 2;
-export const LOCK_UN = 8;
-export const LOCK_NB = 4;
-export class FileLockManager {
-    /** path -> lock state */
-    locks = new Map();
-    /** descriptionId -> path (for cleanup) */
-    descToPath = new Map();
-    /**
-     * Acquire, upgrade/downgrade, or release a lock.
-     *
-     * @param path      Resolved file path (inode proxy)
-     * @param descId    FileDescription id (shared across dup'd FDs)
-     * @param operation LOCK_SH | LOCK_EX | LOCK_UN, optionally | LOCK_NB
-     */
-    async flock(path, descId, operation) {
-        const op = operation & ~LOCK_NB;
-        const nonBlocking = (operation & LOCK_NB) !== 0;
-        if (op === LOCK_UN) {
-            this.unlock(path, descId);
-            return;
-        }
-        while (true) {
-            const state = this.getOrCreate(path);
-            if (this.tryAcquire(path, state, descId, op)) {
-                return;
-            }
-            if (nonBlocking) {
-                throw new KernelError("EAGAIN", "resource temporarily unavailable");
-            }
-            // Wait indefinitely until an unlock wakes this waiter.
-            const handle = state.waiters.enqueue();
-            try {
-                await handle.wait();
-            }
-            finally {
-                state.waiters.remove(handle);
-                this.cleanupState(path, state);
-            }
-        }
-    }
-    /** Release the lock held by a specific description on a path. */
-    unlock(path, descId) {
-        const state = this.locks.get(path);
-        if (!state)
-            return;
-        const idx = state.holders.findIndex(h => h.descriptionId === descId);
-        if (idx >= 0) {
-            state.holders.splice(idx, 1);
-            this.descToPath.delete(descId);
-            state.waiters.wakeOne();
-        }
-        this.cleanupState(path, state);
-    }
-    /** Release all locks held by a specific description (called on FD close when refCount drops to 0). */
-    releaseByDescription(descId) {
-        const path = this.descToPath.get(descId);
-        if (path === undefined)
-            return;
-        this.unlock(path, descId);
-    }
-    /** Check if a description holds any lock. */
-    hasLock(descId) {
-        return this.descToPath.has(descId);
-    }
-    getOrCreate(path) {
-        let state = this.locks.get(path);
-        if (!state) {
-            state = { holders: [], waiters: new WaitQueue() };
-            this.locks.set(path, state);
-        }
-        return state;
-    }
-    tryAcquire(path, state, descId, op) {
-        const existingIdx = state.holders.findIndex(h => h.descriptionId === descId);
-        if (op === LOCK_SH) {
-            const conflict = state.holders.some(h => h.type === "ex" && h.descriptionId !== descId);
-            if (conflict) {
-                return false;
-            }
-            if (existingIdx >= 0) {
-                state.holders[existingIdx].type = "sh";
-            }
-            else {
-                state.holders.push({ descriptionId: descId, type: "sh" });
-                this.descToPath.set(descId, path);
-            }
-            return true;
-        }
-        if (op === LOCK_EX) {
-            const conflict = state.holders.some(h => h.descriptionId !== descId);
-            if (conflict) {
-                return false;
-            }
-            if (existingIdx >= 0) {
-                state.holders[existingIdx].type = "ex";
-            }
-            else {
-                state.holders.push({ descriptionId: descId, type: "ex" });
-                this.descToPath.set(descId, path);
-            }
-            return true;
-        }
-        throw new KernelError("EINVAL", `unsupported flock operation ${op}`);
-    }
-    cleanupState(path, state) {
-        if (state.holders.length === 0 && state.waiters.pending === 0) {
-            this.locks.delete(path);
-        }
-    }
-}

package/dist/kernel/host-adapter.d.ts

@@ -1,50 +0,0 @@
-/**
- * Host adapter interfaces for kernel network delegation.
- *
- * The kernel uses these interfaces to delegate external I/O to the host
- * without knowing the host implementation. Node.js driver implements
- * using node:net / node:dgram; browser driver may use WebSocket proxy.
- */
-/** A connected TCP socket on the host. */
-export interface HostSocket {
-    write(data: Uint8Array): Promise<void>;
-    /** Returns data or null for EOF. */
-    read(): Promise<Uint8Array | null>;
-    close(): Promise<void>;
-    /** Forward kernel socket options to host socket. */
-    setOption(level: number, optname: number, optval: number): void;
-    /** TCP half-close / full shutdown. */
-    shutdown(how: "read" | "write" | "both"): void;
-}
-/** A TCP listener on the host. */
-export interface HostListener {
-    /** Accept the next incoming connection. */
-    accept(): Promise<HostSocket>;
-    close(): Promise<void>;
-    /** Actual bound port (useful when binding port 0 for ephemeral ports). */
-    readonly port: number;
-}
-/** A UDP socket on the host. */
-export interface HostUdpSocket {
-    recv(): Promise<{
-        data: Uint8Array;
-        remoteAddr: {
-            host: string;
-            port: number;
-        };
-    }>;
-    close(): Promise<void>;
-}
-/** DNS lookup result. */
-export interface DnsResult {
-    address: string;
-    family: 4 | 6;
-}
-/** Host adapter that the kernel delegates external network I/O to. */
-export interface HostNetworkAdapter {
-    tcpConnect(host: string, port: number): Promise<HostSocket>;
-    tcpListen(host: string, port: number): Promise<HostListener>;
-    udpBind(host: string, port: number): Promise<HostUdpSocket>;
-    udpSend(socket: HostUdpSocket, data: Uint8Array, host: string, port: number): Promise<void>;
-    dnsLookup(hostname: string, rrtype: string): Promise<DnsResult>;
-}

package/dist/kernel/host-adapter.js

@@ -1,8 +0,0 @@
-/**
- * Host adapter interfaces for kernel network delegation.
- *
- * The kernel uses these interfaces to delegate external I/O to the host
- * without knowing the host implementation. Node.js driver implements
- * using node:net / node:dgram; browser driver may use WebSocket proxy.
- */
-export {};

package/dist/kernel/index.d.ts

@@ -1,36 +0,0 @@
-/**
- * @secure-exec/kernel
- *
- * OS kernel providing VFS, FD table, process table, device layer,
- * pipes, command registry, and permissions. All runtimes share the
- * same kernel instance.
- */
-export { createKernel } from "./kernel.js";
-export type { FsMount, Kernel, KernelOptions, KernelInterface, KernelLogger, ExecOptions, ExecResult, SpawnOptions, ManagedProcess, RuntimeDriver, ProcessContext, DriverProcess, ProcessEntry, ProcessInfo, FDStat, FileDescription, FDEntry, Pipe, Permissions, PermissionDecision, PermissionCheck, FsAccessRequest, NetworkAccessRequest, ChildProcessAccessRequest, EnvAccessRequest, KernelErrorCode, SignalDisposition, SignalHandler, ProcessSignalState, Termios, TermiosCC, OpenShellOptions, ShellHandle, ConnectTerminalOptions, } from "./types.js";
-export { KernelError, defaultTermios, noopKernelLogger } from "./types.js";
-export type { VirtualFileSystem, VirtualDirEntry, VirtualStat, } from "./vfs.js";
-export { FDTableManager, ProcessFDTable } from "./fd-table.js";
-export { ProcessTable } from "./process-table.js";
-export { createDeviceLayer } from "./device-layer.js";
-export { createProcLayer, createProcessScopedFileSystem, resolveProcSelfPath, } from "./proc-layer.js";
-export { createProcBackend } from "./proc-backend.js";
-export type { ProcBackendOptions } from "./proc-backend.js";
-export { PipeManager } from "./pipe-manager.js";
-export { PtyManager } from "./pty.js";
-export type { LineDisciplineConfig } from "./pty.js";
-export { CommandRegistry } from "./command-registry.js";
-export { FileLockManager, LOCK_SH, LOCK_EX, LOCK_UN, LOCK_NB } from "./file-lock.js";
-export { WaitHandle, WaitQueue } from "./wait.js";
-export { TimerTable } from "./timer-table.js";
-export type { KernelTimer, TimerTableOptions } from "./timer-table.js";
-export { DnsCache } from "./dns-cache.js";
-export type { DnsCacheOptions } from "./dns-cache.js";
-export { UserManager } from "./user.js";
-export type { UserConfig } from "./user.js";
-export { SocketTable } from "./socket-table.js";
-export type { KernelSocket, SocketState, SockAddr, InetAddr, UnixAddr, UdpDatagram, } from "./socket-table.js";
-export { AF_INET, AF_INET6, AF_UNIX, SOCK_STREAM, SOCK_DGRAM, SOL_SOCKET, IPPROTO_TCP, SO_REUSEADDR, SO_KEEPALIVE, SO_RCVBUF, SO_SNDBUF, TCP_NODELAY, MSG_PEEK, MSG_DONTWAIT, MSG_NOSIGNAL, MAX_DATAGRAM_SIZE, MAX_UDP_QUEUE_DEPTH, S_IFSOCK, isInetAddr, isUnixAddr, addrKey, optKey, } from "./socket-table.js";
-export type { HostNetworkAdapter, HostSocket, HostListener, HostUdpSocket, DnsResult, } from "./host-adapter.js";
-export { wrapFileSystem, filterEnv, checkChildProcess, allowAll, allowAllFs, allowAllNetwork, allowAllChildProcess, allowAllEnv, } from "./permissions.js";
-export { O_RDONLY, O_WRONLY, O_RDWR, O_CREAT, O_EXCL, O_TRUNC, O_APPEND, O_CLOEXEC, F_DUPFD, F_GETFD, F_SETFD, F_GETFL, F_DUPFD_CLOEXEC, FD_CLOEXEC, SEEK_SET, SEEK_CUR, SEEK_END, FILETYPE_UNKNOWN, FILETYPE_CHARACTER_DEVICE, FILETYPE_DIRECTORY, FILETYPE_REGULAR_FILE, FILETYPE_SYMBOLIC_LINK, FILETYPE_PIPE, SIGHUP, SIGINT, SIGQUIT, SIGKILL, SIGPIPE, SIGALRM, SIGTERM, SIGCHLD, SIGCONT, SIGSTOP, SIGTSTP, SIGWINCH, SA_RESTART, SA_RESETHAND, SA_NOCLDSTOP, SIG_BLOCK, SIG_UNBLOCK, SIG_SETMASK, WNOHANG, } from "./types.js";
-export { encodeExitStatus, encodeSignalStatus, WIFEXITED, WEXITSTATUS, WIFSIGNALED, WTERMSIG, } from "./wstatus.js";

package/dist/kernel/index.js

@@ -1,34 +0,0 @@
-/**
- * @secure-exec/kernel
- *
- * OS kernel providing VFS, FD table, process table, device layer,
- * pipes, command registry, and permissions. All runtimes share the
- * same kernel instance.
- */
-// Kernel factory
-export { createKernel } from "./kernel.js";
-// Structured kernel error, termios defaults, and no-op logger
-export { KernelError, defaultTermios, noopKernelLogger } from "./types.js";
-// Kernel components (for direct use / testing)
-export { FDTableManager, ProcessFDTable } from "./fd-table.js";
-export { ProcessTable } from "./process-table.js";
-export { createDeviceLayer } from "./device-layer.js";
-export { createProcLayer, createProcessScopedFileSystem, resolveProcSelfPath, } from "./proc-layer.js";
-export { createProcBackend } from "./proc-backend.js";
-export { PipeManager } from "./pipe-manager.js";
-export { PtyManager } from "./pty.js";
-export { CommandRegistry } from "./command-registry.js";
-export { FileLockManager, LOCK_SH, LOCK_EX, LOCK_UN, LOCK_NB } from "./file-lock.js";
-export { WaitHandle, WaitQueue } from "./wait.js";
-export { TimerTable } from "./timer-table.js";
-export { DnsCache } from "./dns-cache.js";
-export { UserManager } from "./user.js";
-// Socket table
-export { SocketTable } from "./socket-table.js";
-export { AF_INET, AF_INET6, AF_UNIX, SOCK_STREAM, SOCK_DGRAM, SOL_SOCKET, IPPROTO_TCP, SO_REUSEADDR, SO_KEEPALIVE, SO_RCVBUF, SO_SNDBUF, TCP_NODELAY, MSG_PEEK, MSG_DONTWAIT, MSG_NOSIGNAL, MAX_DATAGRAM_SIZE, MAX_UDP_QUEUE_DEPTH, S_IFSOCK, isInetAddr, isUnixAddr, addrKey, optKey, } from "./socket-table.js";
-// Permissions
-export { wrapFileSystem, filterEnv, checkChildProcess, allowAll, allowAllFs, allowAllNetwork, allowAllChildProcess, allowAllEnv, } from "./permissions.js";
-// Constants
-export { O_RDONLY, O_WRONLY, O_RDWR, O_CREAT, O_EXCL, O_TRUNC, O_APPEND, O_CLOEXEC, F_DUPFD, F_GETFD, F_SETFD, F_GETFL, F_DUPFD_CLOEXEC, FD_CLOEXEC, SEEK_SET, SEEK_CUR, SEEK_END, FILETYPE_UNKNOWN, FILETYPE_CHARACTER_DEVICE, FILETYPE_DIRECTORY, FILETYPE_REGULAR_FILE, FILETYPE_SYMBOLIC_LINK, FILETYPE_PIPE, SIGHUP, SIGINT, SIGQUIT, SIGKILL, SIGPIPE, SIGALRM, SIGTERM, SIGCHLD, SIGCONT, SIGSTOP, SIGTSTP, SIGWINCH, SA_RESTART, SA_RESETHAND, SA_NOCLDSTOP, SIG_BLOCK, SIG_UNBLOCK, SIG_SETMASK, WNOHANG, } from "./types.js";
-// POSIX wstatus encoding/decoding
-export { encodeExitStatus, encodeSignalStatus, WIFEXITED, WEXITSTATUS, WIFSIGNALED, WTERMSIG, } from "./wstatus.js";

package/dist/kernel/kernel.d.ts

@@ -1,9 +0,0 @@
-/**
- * Kernel implementation.
- *
- * The kernel is the OS. It owns VFS, FD table, process table, device layer,
- * pipe manager, command registry, and permissions. Runtimes are execution
- * engines that make "syscalls" to the kernel.
- */
-import type { Kernel, KernelOptions } from "./types.js";
-export declare function createKernel(options: KernelOptions): Kernel;