beddel 0.1.0

package/src/runtime/schemaCompiler.ts

@@ -0,0 +1,228 @@
+import { createHash } from "node:crypto";
+import { z, type ZodIssue, type ZodLiteral, type ZodTypeAny } from "zod";
+
+export type DeclarativeSchemaDefinition = {
+  type?: string;
+  properties?: Record<string, DeclarativeSchemaDefinition>;
+  items?: DeclarativeSchemaDefinition;
+  required?: string[];
+  enum?: Array<string | number | boolean>;
+  minLength?: number;
+  maxLength?: number;
+  minItems?: number;
+  maxItems?: number;
+  additionalProperties?: boolean;
+};
+
+export type DeclarativeSchemaPhase = "input" | "output";
+
+export class SchemaCompilationError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = "SchemaCompilationError";
+  }
+}
+
+export class DeclarativeSchemaValidationError extends Error {
+  constructor(
+    message: string,
+    public readonly phase: DeclarativeSchemaPhase,
+    public readonly issues: ZodIssue[]
+  ) {
+    super(message);
+    this.name = "DeclarativeSchemaValidationError";
+  }
+}
+
+export class DeclarativeSchemaCompiler {
+  private readonly cache = new Map<string, ZodTypeAny>();
+
+  public compile(definition: unknown, path: string): ZodTypeAny {
+    const cacheKey = this.createCacheKey(definition, path);
+    const cached = this.cache.get(cacheKey);
+    if (cached) {
+      return cached;
+    }
+
+    const schema = this.buildSchema(definition, path);
+    this.cache.set(cacheKey, schema);
+    return schema;
+  }
+
+  public clear(): void {
+    this.cache.clear();
+  }
+
+  public get size(): number {
+    return this.cache.size;
+  }
+
+  private createCacheKey(definition: unknown, path: string): string {
+    const serialized = JSON.stringify(definition) ?? "undefined";
+    const signature = createHash("sha256").update(serialized).digest("hex");
+    return `${path}:${signature}`;
+  }
+
+  private buildSchema(
+    definition: unknown,
+    path: string
+  ): ZodTypeAny {
+    if (
+      !definition ||
+      typeof definition !== "object" ||
+      Array.isArray(definition)
+    ) {
+      throw new SchemaCompilationError(
+        `Invalid schema at ${path}: expected object definition`
+      );
+    }
+
+    const typedDefinition = definition as DeclarativeSchemaDefinition;
+    if (!typedDefinition.type || typeof typedDefinition.type !== "string") {
+      throw new SchemaCompilationError(
+        `Schema at ${path} must declare a string 'type'`
+      );
+    }
+
+    switch (typedDefinition.type) {
+      case "object":
+        return this.buildObjectSchema(typedDefinition, path);
+      case "array":
+        return this.buildArraySchema(typedDefinition, path);
+      case "string":
+        return this.buildStringSchema(typedDefinition, path);
+      case "number":
+        return z.number();
+      case "integer":
+        return z.number().int();
+      case "boolean":
+        return z.boolean();
+      case "any":
+        return z.any();
+      case "unknown":
+        return z.unknown();
+      default:
+        if (typedDefinition.enum) {
+          return this.buildEnumSchema(typedDefinition.enum, path);
+        }
+        throw new SchemaCompilationError(
+          `Unsupported schema type '${typedDefinition.type}' at ${path}`
+        );
+    }
+  }
+
+  private buildObjectSchema(
+    definition: DeclarativeSchemaDefinition,
+    path: string
+  ): ZodTypeAny {
+    const properties = definition.properties || {};
+    if (typeof properties !== "object") {
+      throw new SchemaCompilationError(
+        `Object schema at ${path} must define 'properties' as an object`
+      );
+    }
+
+    const requiredFields = new Set(definition.required || []);
+    const shape: Record<string, ZodTypeAny> = {};
+
+    for (const [key, childDefinition] of Object.entries(properties)) {
+      const childPath = `${path}.properties.${key}`;
+      const childSchema = this.buildSchema(childDefinition, childPath);
+      shape[key] = requiredFields.has(key)
+        ? childSchema
+        : childSchema.optional();
+    }
+
+    let objectSchema = z.object(shape);
+    if (definition.additionalProperties) {
+      objectSchema = objectSchema.catchall(z.any());
+    } else {
+      objectSchema = objectSchema.strict();
+    }
+
+    return objectSchema;
+  }
+
+  private buildArraySchema(
+    definition: DeclarativeSchemaDefinition,
+    path: string
+  ): ZodTypeAny {
+    if (!definition.items) {
+      throw new SchemaCompilationError(
+        `Array schema at ${path} must define 'items'`
+      );
+    }
+
+    const itemSchema = this.buildSchema(definition.items, `${path}.items`);
+    let arraySchema = z.array(itemSchema);
+
+    if (typeof definition.minItems === "number") {
+      arraySchema = arraySchema.min(definition.minItems);
+    }
+
+    if (typeof definition.maxItems === "number") {
+      arraySchema = arraySchema.max(definition.maxItems);
+    }
+
+    return arraySchema;
+  }
+
+  private buildStringSchema(
+    definition: DeclarativeSchemaDefinition,
+    path: string
+  ): ZodTypeAny {
+    let stringSchema = z.string();
+
+    if (typeof definition.minLength === "number") {
+      stringSchema = stringSchema.min(definition.minLength);
+    }
+
+    if (typeof definition.maxLength === "number") {
+      stringSchema = stringSchema.max(definition.maxLength);
+    }
+
+    if (definition.enum) {
+      return this.buildEnumSchema(definition.enum, path);
+    }
+
+    return stringSchema;
+  }
+
+  private buildEnumSchema(
+    values: Array<string | number | boolean>,
+    path: string
+  ): ZodTypeAny {
+    if (!Array.isArray(values) || values.length === 0) {
+      throw new SchemaCompilationError(
+        `Enum at ${path} must be a non-empty array`
+      );
+    }
+
+    const literals = values.map((value) => {
+      if (
+        typeof value === "string" ||
+        typeof value === "number" ||
+        typeof value === "boolean"
+      ) {
+        return z.literal(value);
+      }
+
+      throw new SchemaCompilationError(
+        `Enum at ${path} only supports string, number, or boolean values`
+      );
+    });
+
+    if (literals.length === 1) {
+      return literals[0];
+    }
+
+    const [first, second, ...rest] = literals;
+    return z.union(
+      [first, second, ...rest] as [
+        ZodLiteral<string | number | boolean>,
+        ZodLiteral<string | number | boolean>,
+        ...ZodLiteral<string | number | boolean>[]
+      ]
+    );
+  }
+}

package/src/runtime/simpleRuntime.ts

@@ -0,0 +1,201 @@
+/**
+ * Simple Isolated Runtime - Isolated VM v5 Implementation
+ * Provides ultra-secure isolated execution environment with zero-trust architecture
+ * Simplified version with core functionality
+ */
+import * as ivm from "isolated-vm";
+import { runtimeConfig, securityProfiles, RuntimeConfig } from "../config";
+
+export interface ExecutionResult<T = any> {
+  success: boolean;
+  result?: T;
+  error?: string;
+  executionTime: number;
+  memoryUsed: number;
+  timestamp: Date;
+}
+
+export interface ExecutionOptions {
+  code: string;
+  context?: Record<string, any>;
+  securityProfile?: string;
+  timeout?: number;
+  memoryLimit?: number;
+  tenantId?: string;
+}
+
+export class IsolatedRuntimeError extends Error {
+  constructor(message: string, public readonly code: string) {
+    super(message);
+    this.name = "IsolatedRuntimeError";
+  }
+}
+
+/**
+ * Simple Isolated Runtime Manager
+ * Provides basic isolated execution functionality
+ */
+export class SimpleIsolatedRuntimeManager {
+  private metrics: Map<string, number[]> = new Map();
+
+  constructor(private config: RuntimeConfig = runtimeConfig) {}
+
+  /**
+   * Execute code in isolated environment
+   */
+  public async execute<T = any>(
+    options: ExecutionOptions
+  ): Promise<ExecutionResult<T>> {
+    const startTime = Date.now();
+
+    try {
+      // Validate input
+      this.validateExecutionOptions(options);
+
+      // Get security profile
+      const profileName =
+        options.securityProfile || this.config.defaultSecurityProfile;
+      const securityProfile = securityProfiles[profileName];
+
+      // Create isolated environment
+      const result = await this.executeInIsolate<T>(options, securityProfile);
+
+      const executionTime = Date.now() - startTime;
+      result.executionTime = executionTime;
+
+      this.updateMetrics("executionTime", executionTime);
+      this.updateMetrics("successRate", result.success ? 1 : 0);
+
+      return result;
+    } catch (error) {
+      const executionTime = Date.now() - startTime;
+
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : String(error),
+        executionTime,
+        memoryUsed: 0,
+        timestamp: new Date(),
+      };
+    }
+  }
+
+  /**
+   * Execute code in isolated context
+   */
+  private async executeInIsolate<T>(
+    options: ExecutionOptions,
+    securityProfile: any
+  ): Promise<ExecutionResult<T>> {
+    const startTime = Date.now();
+
+    try {
+      // Create isolate with memory limit
+      const isolate = new ivm.Isolate({
+        memoryLimit: securityProfile.memoryLimit,
+      });
+
+      // Create context
+      const context = await isolate.createContext();
+
+      try {
+        // Setup execution
+        const script = await isolate.compileScript(options.code);
+
+        // Execute script
+        const result = await script.run(context, {
+          timeout: options.timeout || securityProfile.timeout,
+        });
+
+        // Get memory usage
+        const memoryUsed = await this.getMemoryUsage(isolate);
+
+        return {
+          success: true,
+          result: result as T,
+          executionTime: Date.now() - startTime,
+          memoryUsed,
+          timestamp: new Date(),
+        };
+      } finally {
+        // Always dispose isolate
+        isolate.dispose();
+      }
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : String(error),
+        executionTime: Date.now() - startTime,
+        memoryUsed: 0,
+        timestamp: new Date(),
+      };
+    }
+  }
+
+  /**
+   * Get memory usage for isolate
+   */
+  private async getMemoryUsage(isolate: ivm.Isolate): Promise<number> {
+    try {
+      const stats = await isolate.getHeapStatistics();
+      return (stats.used_heap_size || 0) / (1024 * 1024); // MB
+    } catch (error) {
+      return 0;
+    }
+  }
+
+  /**
+   * Validate execution options
+   */
+  private validateExecutionOptions(options: ExecutionOptions): void {
+    if (!options.code || typeof options.code !== "string") {
+      throw new IsolatedRuntimeError(
+        "Code must be a non-empty string",
+        "INVALID_CODE"
+      );
+    }
+
+    if (options.code.length > 1024 * 1024) {
+      throw new IsolatedRuntimeError(
+        "Code exceeds maximum size limit (1MB)",
+        "CODE_TOO_LARGE"
+      );
+    }
+
+    const memoryLimit = options.memoryLimit || this.config.memoryLimit;
+    if (memoryLimit > 8) {
+      throw new IsolatedRuntimeError(
+        "Memory limit exceeds maximum allowed (8MB)",
+        "MEMORY_LIMIT_EXCEEDED"
+      );
+    }
+  }
+
+  /**
+   * Update metrics tracking
+   */
+  private updateMetrics(metric: string, value: number): void {
+    if (!this.metrics.has(metric)) {
+      this.metrics.set(metric, []);
+    }
+
+    const values = this.metrics.get(metric)!;
+    values.push(value);
+
+    // Keep only last 100 values
+    if (values.length > 100) {
+      values.shift();
+    }
+  }
+
+  /**
+   * Get current metrics
+   */
+  public getMetrics(): Record<string, number[]> {
+    return Object.fromEntries(this.metrics);
+  }
+}
+
+// Singleton instance
+export const runtimeManager = new SimpleIsolatedRuntimeManager();
+export default SimpleIsolatedRuntimeManager;