centient 3.2.0 → 3.2.2

package/dist/utils/rlvr/python_executor.py

@@ -2,19 +2,22 @@
 """
 RLVR Python Sandbox Executor
 
-Executes Python code in a restricted environment.
-Uses RestrictedPython when available, falls back to restricted builtins.
+Executes Python code in a restricted environment using RestrictedPython.
+RestrictedPython is REQUIRED - no fallback mode for security reasons.
 
 Communication protocol:
 - Reads JSON from stdin: {"code": "...", "input": ...}
 - Writes JSON to stdout: {"status": "success|error|timeout", "returnValue": ..., "stdout": "...", "stderr": "..."}
 
 Security measures:
+- RestrictedPython compiler (required, no fallback)
 - No file system access
 - No network access
 - No subprocess spawning
-- No module imports (except safe builtins)
-- Restricted builtins
+- No dangerous module imports
+- Guarded attribute access (blocks __class__.__bases__ escape)
+
+Install: pip install RestrictedPython
 """
 
 import sys
@@ -24,130 +27,41 @@ import traceback
 from contextlib import redirect_stdout, redirect_stderr
 from typing import Any, Dict
 
-# Try to import RestrictedPython for enhanced security
+# RestrictedPython is REQUIRED - no fallback mode
 try:
     from RestrictedPython import compile_restricted, safe_globals
     from RestrictedPython.Guards import safe_builtins, guarded_iter_unpack_sequence
     from RestrictedPython.Eval import default_guarded_getiter, default_guarded_getitem
-    RESTRICTED_PYTHON_AVAILABLE = True
-except ImportError:
-    RESTRICTED_PYTHON_AVAILABLE = False
-
-
-# Safe builtins for fallback mode
-SAFE_BUILTINS = {
-    # Type constructors
-    'bool': bool,
-    'int': int,
-    'float': float,
-    'str': str,
-    'list': list,
-    'dict': dict,
-    'tuple': tuple,
-    'set': set,
-    'frozenset': frozenset,
-    'bytes': bytes,
-    'bytearray': bytearray,
-
-    # Type checking
-    'type': type,
-    'isinstance': isinstance,
-    'issubclass': issubclass,
-
-    # Math and numeric
-    'abs': abs,
-    'round': round,
-    'min': min,
-    'max': max,
-    'sum': sum,
-    'pow': pow,
-    'divmod': divmod,
-
-    # Iterables
-    'len': len,
-    'range': range,
-    'enumerate': enumerate,
-    'zip': zip,
-    'map': map,
-    'filter': filter,
-    'reversed': reversed,
-    'sorted': sorted,
-    'all': all,
-    'any': any,
-
-    # String/repr
-    'repr': repr,
-    'ascii': ascii,
-    'chr': chr,
-    'ord': ord,
-    'bin': bin,
-    'hex': hex,
-    'oct': oct,
-    'format': format,
-
-    # Object inspection (safe subset)
-    'hasattr': hasattr,
-    'getattr': getattr,
-    'callable': callable,
-    'id': id,
-    'hash': hash,
-
-    # Exceptions
-    'Exception': Exception,
-    'ValueError': ValueError,
-    'TypeError': TypeError,
-    'KeyError': KeyError,
-    'IndexError': IndexError,
-    'AttributeError': AttributeError,
-    'RuntimeError': RuntimeError,
-    'StopIteration': StopIteration,
-    'ZeroDivisionError': ZeroDivisionError,
-
-    # Constants
-    'True': True,
-    'False': False,
-    'None': None,
-
-    # Print (captured)
-    'print': print,
-}
-
-# Explicitly blocked - should NOT be available
-BLOCKED = {
-    'open', 'file', 'input', 'raw_input',
-    'exec', 'eval', 'compile',
-    '__import__', 'import',
-    'globals', 'locals', 'vars', 'dir',
-    'setattr', 'delattr',
-    'exit', 'quit',
-    'help', 'license', 'credits', 'copyright',
-}
+except ImportError as e:
+    # Fatal error - RestrictedPython is required for security
+    print(json.dumps({
+        'status': 'error',
+        'returnValue': None,
+        'stdout': '',
+        'stderr': '',
+        'error': {
+            'type': 'SecurityError',
+            'message': 'RestrictedPython is required but not installed. '
+                       'Install with: pip install RestrictedPython',
+        },
+    }))
+    sys.exit(1)
 
 
 def create_safe_globals(input_value: Any) -> Dict[str, Any]:
-    """Create a restricted global namespace for code execution."""
-    if RESTRICTED_PYTHON_AVAILABLE:
-        # Use RestrictedPython's safe globals
-        restricted_globals = dict(safe_globals)
-        restricted_globals['__builtins__'] = safe_builtins
-        restricted_globals['_getiter_'] = default_guarded_getiter
-        restricted_globals['_getitem_'] = default_guarded_getitem
-        restricted_globals['_iter_unpack_sequence_'] = guarded_iter_unpack_sequence
-        restricted_globals['__INPUT__'] = input_value
-        restricted_globals['print'] = print  # Allow print for output capture
-        return restricted_globals
-    else:
-        # Use our restricted builtins
-        return {
-            '__builtins__': SAFE_BUILTINS,
-            '__name__': '__restricted__',
-            '__doc__': None,
-            '__INPUT__': input_value,
-        }
+    """Create a restricted global namespace for code execution using RestrictedPython."""
+    restricted_globals = dict(safe_globals)
+    restricted_globals['__builtins__'] = safe_builtins
+    restricted_globals['_getiter_'] = default_guarded_getiter
+    restricted_globals['_getitem_'] = default_guarded_getitem
+    restricted_globals['_iter_unpack_sequence_'] = guarded_iter_unpack_sequence
+    restricted_globals['__INPUT__'] = input_value
+    restricted_globals['print'] = print  # Allow print for output capture
+    return restricted_globals
 
 
 def execute_code(code: str, input_value: Any) -> Dict[str, Any]:
-    """Execute code in restricted environment and return results."""
+    """Execute code in restricted environment using RestrictedPython."""
     stdout_capture = io.StringIO()
     stderr_capture = io.StringIO()
 
@@ -157,34 +71,27 @@ def execute_code(code: str, input_value: Any) -> Dict[str, Any]:
         'stdout': '',
         'stderr': '',
         'error': None,
-        'restrictedMode': 'RestrictedPython' if RESTRICTED_PYTHON_AVAILABLE else 'fallback',
+        'restrictedMode': 'RestrictedPython',
     }
 
     try:
         # Create safe globals
         safe_globals_dict = create_safe_globals(input_value)
-        safe_locals = {}
-
-        # Compile code
-        if RESTRICTED_PYTHON_AVAILABLE:
-            # Use RestrictedPython compiler
-            byte_code = compile_restricted(
-                code,
-                filename='<pattern>',
-                mode='exec'
-            )
-            if byte_code.errors:
-                result['status'] = 'error'
-                result['error'] = {
-                    'type': 'CompilationError',
-                    'message': '\n'.join(byte_code.errors),
-                }
-                return result
-            compiled_code = byte_code.code
-        else:
-            # Standard compile with AST validation would go here
-            # For now, just compile normally (relies on restricted builtins)
-            compiled_code = compile(code, '<pattern>', 'exec')
+
+        # Compile code with RestrictedPython
+        byte_code = compile_restricted(
+            code,
+            filename='<pattern>',
+            mode='exec'
+        )
+        if byte_code.errors:
+            result['status'] = 'error'
+            result['error'] = {
+                'type': 'CompilationError',
+                'message': '\n'.join(byte_code.errors),
+            }
+            return result
+        compiled_code = byte_code.code
 
         # Execute with output capture
         # Use same dict for globals and locals to enable recursive functions

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "centient",
-  "version": "3.2.0",
+  "version": "3.2.2",
   "description": "MCP server for context engineering operations with handoff protocol, health monitoring, session branching with visualization, and query-based artifact loading",
   "type": "module",
   "main": "dist/index.js",