npm - forgeos - Versions diffs - 0.1.0-alpha.0 → 0.1.0-alpha.2 - Mend

forgeos 0.1.0-alpha.0 → 0.1.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (283) hide show

package/.npmignore +9 -1
package/AGENTS.md +6 -1
package/CHANGELOG.md +30 -0
package/CONTRIBUTING.md +22 -1
package/README.md +30 -3
package/bin/forge.mjs +4 -3
package/package.json +3 -1
package/packages/eslint-plugin-forge/index.ts +15 -15
package/packages/eslint-plugin-forge/package.json +10 -10
package/packages/eslint-plugin-forge/src/check-source.ts +95 -95
package/packages/eslint-plugin-forge/src/load-artifacts.ts +24 -24
package/packages/eslint-plugin-forge/src/rule-no-forge-guard-violation.ts +93 -93
package/src/forge/_generated/actionSubscriptions.json +2 -2
package/src/forge/_generated/actionSubscriptions.ts +3 -3
package/src/forge/_generated/agentAdapterManifest.json +2 -2
package/src/forge/_generated/agentAdapterManifest.ts +3 -3
package/src/forge/_generated/agentContract.json +2 -2
package/src/forge/_generated/agentContract.ts +6786 -2
package/src/forge/_generated/agentQuickstart.md +1 -1
package/src/forge/_generated/aiContext.ts +1 -1
package/src/forge/_generated/aiModels.json +1 -1
package/src/forge/_generated/aiModels.ts +1 -1
package/src/forge/_generated/aiProviders.json +1 -1
package/src/forge/_generated/aiProviders.ts +1 -1
package/src/forge/_generated/aiRegistry.json +2 -2
package/src/forge/_generated/aiRegistry.ts +3 -3
package/src/forge/_generated/api.json +2 -2
package/src/forge/_generated/api.ts +1 -1
package/src/forge/_generated/appGraph.json +2 -2
package/src/forge/_generated/appGraph.ts +1297 -1141
package/src/forge/_generated/appMap.md +1 -1
package/src/forge/_generated/artifactManifest.json +2 -2
package/src/forge/_generated/artifactManifest.ts +2 -2
package/src/forge/_generated/authClaims.json +1 -1
package/src/forge/_generated/authClaims.ts +1 -1
package/src/forge/_generated/authConfig.json +1 -1
package/src/forge/_generated/authConfig.ts +1 -1
package/src/forge/_generated/authContext.ts +1 -1
package/src/forge/_generated/authRegistry.json +1 -1
package/src/forge/_generated/authRegistry.ts +1 -1
package/src/forge/_generated/buildInfo.json +2 -2
package/src/forge/_generated/buildInfo.ts +4 -4
package/src/forge/_generated/capabilityMap.json +2 -2
package/src/forge/_generated/capabilityMap.md +1 -1
package/src/forge/_generated/capabilityMap.ts +2 -2
package/src/forge/_generated/client.ts +1 -1
package/src/forge/_generated/clientApi.ts +1 -1
package/src/forge/_generated/clientManifest.json +2 -2
package/src/forge/_generated/clientManifest.ts +3 -3
package/src/forge/_generated/clientTypes.ts +1 -1
package/src/forge/_generated/configRegistry.json +1 -1
package/src/forge/_generated/configRegistry.ts +1 -1
package/src/forge/_generated/dataGraph.json +2 -2
package/src/forge/_generated/dataGraph.ts +3 -3
package/src/forge/_generated/db.json +1 -1
package/src/forge/_generated/db.ts +1 -1
package/src/forge/_generated/dbSecurityManifest.json +1 -1
package/src/forge/_generated/dbSecurityManifest.ts +1 -1
package/src/forge/_generated/dbSessionContext.json +1 -1
package/src/forge/_generated/dbSessionContext.ts +1 -1
package/src/forge/_generated/deployManifest.json +2 -2
package/src/forge/_generated/deployManifest.ts +7 -7
package/src/forge/_generated/devManifest.json +2 -2
package/src/forge/_generated/devManifest.ts +3 -3
package/src/forge/_generated/envSchema.json +1 -1
package/src/forge/_generated/envSchema.ts +1 -1
package/src/forge/_generated/frontendGraph.json +1 -1
package/src/forge/_generated/frontendGraph.ts +1 -1
package/src/forge/_generated/importGuards.json +2 -2
package/src/forge/_generated/importGuards.ts +35 -1
package/src/forge/_generated/index.ts +1 -1
package/src/forge/_generated/liveProductionManifest.json +1 -1
package/src/forge/_generated/liveProductionManifest.ts +1 -1
package/src/forge/_generated/liveProtocol.json +1 -1
package/src/forge/_generated/liveProtocol.ts +1 -1
package/src/forge/_generated/liveQueryRegistry.json +2 -2
package/src/forge/_generated/liveQueryRegistry.ts +3 -3
package/src/forge/_generated/liveTransportConfig.json +1 -1
package/src/forge/_generated/liveTransportConfig.ts +1 -1
package/src/forge/_generated/makeRegistry.json +2 -2
package/src/forge/_generated/makeRegistry.ts +2 -2
package/src/forge/_generated/makeTemplates.json +1 -1
package/src/forge/_generated/makeTemplates.ts +1 -1
package/src/forge/_generated/mockMap.json +1 -1
package/src/forge/_generated/mockMap.ts +1 -1
package/src/forge/_generated/operationPlaybooks.md +7 -5
package/src/forge/_generated/packageGraph.json +2 -2
package/src/forge/_generated/packageGraph.ts +90964 -14284
package/src/forge/_generated/packageUpgradeRegistry.json +2 -2
package/src/forge/_generated/packageUpgradeRegistry.ts +2 -2
package/src/forge/_generated/permissionMatrix.json +2 -2
package/src/forge/_generated/permissionMatrix.ts +3 -3
package/src/forge/_generated/policyRegistry.json +2 -2
package/src/forge/_generated/policyRegistry.ts +3 -3
package/src/forge/_generated/queryRegistry.json +2 -2
package/src/forge/_generated/queryRegistry.ts +3 -3
package/src/forge/_generated/react.d.ts +1 -1
package/src/forge/_generated/react.ts +1 -1
package/src/forge/_generated/reactManifest.json +2 -2
package/src/forge/_generated/reactManifest.ts +3 -3
package/src/forge/_generated/releaseManifest.json +2 -2
package/src/forge/_generated/releaseManifest.ts +3 -3
package/src/forge/_generated/rlsPolicies.json +1 -1
package/src/forge/_generated/rlsPolicies.sql +1 -1
package/src/forge/_generated/rlsPolicies.ts +1 -1
package/src/forge/_generated/runtimeGraph.json +2 -2
package/src/forge/_generated/runtimeGraph.ts +3 -3
package/src/forge/_generated/runtimeMatrix.json +2 -2
package/src/forge/_generated/runtimeMatrix.ts +106177 -7917
package/src/forge/_generated/runtimeRegistry.ts +1 -1
package/src/forge/_generated/runtimeRules.md +1 -1
package/src/forge/_generated/secretRegistry.json +1 -1
package/src/forge/_generated/secretRegistry.ts +1 -1
package/src/forge/_generated/secretsContext.ts +1 -1
package/src/forge/_generated/serverApi.ts +1 -1
package/src/forge/_generated/sourceMapManifest.json +2 -2
package/src/forge/_generated/sourceMapManifest.ts +2 -2
package/src/forge/_generated/sqlPlan.json +1 -1
package/src/forge/_generated/sqlPlan.ts +1 -1
package/src/forge/_generated/subscriptionManifest.json +2 -2
package/src/forge/_generated/subscriptionManifest.ts +3 -3
package/src/forge/_generated/symbolicationManifest.json +2 -2
package/src/forge/_generated/symbolicationManifest.ts +2 -2
package/src/forge/_generated/telemetryRegistry.json +2 -2
package/src/forge/_generated/telemetryRegistry.ts +3 -3
package/src/forge/_generated/telemetrySinks.json +2 -2
package/src/forge/_generated/telemetrySinks.ts +2 -2
package/src/forge/_generated/tenantScope.json +2 -2
package/src/forge/_generated/tenantScope.ts +3 -3
package/src/forge/_generated/testGraph.json +2 -2
package/src/forge/_generated/testGraph.ts +129 -75
package/src/forge/_generated/testPlanRegistry.json +2 -2
package/src/forge/_generated/testPlanRegistry.ts +2 -2
package/src/forge/_generated/uiRoutes.json +1 -1
package/src/forge/_generated/uiRoutes.ts +1 -1
package/src/forge/_generated/uiScenarios.json +1 -1
package/src/forge/_generated/uiScenarios.ts +1 -1
package/src/forge/_generated/uiTestManifest.json +2 -2
package/src/forge/_generated/uiTestManifest.ts +2 -2
package/src/forge/_generated/workflowRegistry.json +2 -2
package/src/forge/_generated/workflowRegistry.ts +3 -3
package/src/forge/_generated/workflowSubscriptions.json +2 -2
package/src/forge/_generated/workflowSubscriptions.ts +3 -3
package/src/forge/cli/commands.ts +861 -861
package/src/forge/cli/deps.ts +178 -11
package/src/forge/cli/dev.ts +32 -5
package/src/forge/cli/index.ts +7 -7
package/src/forge/cli/main.ts +54 -54
package/src/forge/cli/new.ts +29 -1
package/src/forge/cli/output.ts +97 -97
package/src/forge/cli/parse.ts +679 -673
package/src/forge/cli/version.ts +1 -1
package/src/forge/compiler/agent-contract/build.ts +28 -0
package/src/forge/compiler/agent-contract/types.ts +16 -0
package/src/forge/compiler/app-graph/build.ts +112 -112
package/src/forge/compiler/app-graph/classify.ts +10 -10
package/src/forge/compiler/app-graph/dup-symbol.ts +29 -29
package/src/forge/compiler/app-graph/extract.ts +123 -123
package/src/forge/compiler/app-graph/forge-apis.ts +29 -29
package/src/forge/compiler/app-graph/index.ts +11 -11
package/src/forge/compiler/app-graph/module-graph.ts +316 -316
package/src/forge/compiler/app-graph/parser.ts +119 -119
package/src/forge/compiler/app-graph/symbols.ts +48 -48
package/src/forge/compiler/app-graph/tsconfig-hash.ts +62 -62
package/src/forge/compiler/app-graph/types.ts +43 -43
package/src/forge/compiler/app-graph/versions.ts +14 -14
package/src/forge/compiler/cache/index.ts +17 -17
package/src/forge/compiler/cache/key.ts +46 -46
package/src/forge/compiler/cache/scheduler.ts +72 -72
package/src/forge/compiler/cache/store.ts +78 -78
package/src/forge/compiler/classifier/capabilities.ts +78 -78
package/src/forge/compiler/classifier/classify.ts +113 -113
package/src/forge/compiler/classifier/contexts.ts +188 -188
package/src/forge/compiler/classifier/index.ts +18 -18
package/src/forge/compiler/classifier/runtime-matrix.ts +45 -45
package/src/forge/compiler/classifier/secrets.ts +41 -41
package/src/forge/compiler/classifier/signals.ts +129 -129
package/src/forge/compiler/diagnostics/codes.ts +125 -120
package/src/forge/compiler/diagnostics/create.ts +87 -87
package/src/forge/compiler/diagnostics/index.ts +41 -41
package/src/forge/compiler/emitter/artifact-kind.ts +14 -14
package/src/forge/compiler/emitter/barrel.ts +38 -38
package/src/forge/compiler/emitter/constants.ts +7 -7
package/src/forge/compiler/emitter/emit.ts +234 -237
package/src/forge/compiler/emitter/index.ts +24 -24
package/src/forge/compiler/emitter/lock.ts +61 -61
package/src/forge/compiler/emitter/render.ts +73 -73
package/src/forge/compiler/guards/artifacts.ts +96 -96
package/src/forge/compiler/guards/check-import-guards.ts +106 -106
package/src/forge/compiler/guards/index.ts +11 -11
package/src/forge/compiler/guards/propagate-contexts.ts +57 -57
package/src/forge/compiler/index.ts +17 -17
package/src/forge/compiler/integration/add.ts +493 -493
package/src/forge/compiler/integration/index.ts +17 -17
package/src/forge/compiler/integration/plan.ts +279 -279
package/src/forge/compiler/integration/render.ts +189 -189
package/src/forge/compiler/integration/snapshot.ts +52 -52
package/src/forge/compiler/orchestrator/discover.ts +214 -214
package/src/forge/compiler/orchestrator/guards.ts +5 -5
package/src/forge/compiler/orchestrator/index.ts +27 -27
package/src/forge/compiler/orchestrator/manifest.ts +69 -69
package/src/forge/compiler/orchestrator/orphans.ts +51 -51
package/src/forge/compiler/orchestrator/plan.ts +804 -804
package/src/forge/compiler/orchestrator/run.ts +178 -178
package/src/forge/compiler/orchestrator/serialize.ts +859 -859
package/src/forge/compiler/orchestrator/types.ts +23 -23
package/src/forge/compiler/orchestrator/verify.ts +35 -35
package/src/forge/compiler/package-graph/capabilities-stub.ts +33 -33
package/src/forge/compiler/package-graph/checksum.ts +107 -97
package/src/forge/compiler/package-graph/compiler.ts +444 -363
package/src/forge/compiler/package-graph/constants.ts +4 -4
package/src/forge/compiler/package-graph/exports-discovery.ts +91 -84
package/src/forge/compiler/package-graph/extract-dts.ts +32 -32
package/src/forge/compiler/package-graph/index.ts +24 -24
package/src/forge/compiler/package-graph/jsdoc.ts +50 -50
package/src/forge/compiler/package-graph/oracle.ts +326 -0
package/src/forge/compiler/package-graph/read-file.ts +21 -21
package/src/forge/compiler/package-graph/resolve.ts +131 -127
package/src/forge/compiler/package-manager/adapter.ts +232 -232
package/src/forge/compiler/package-manager/commands.ts +47 -47
package/src/forge/compiler/package-manager/detect.ts +65 -65
package/src/forge/compiler/package-manager/executor.ts +29 -29
package/src/forge/compiler/package-manager/index.ts +22 -22
package/src/forge/compiler/package-manager/parse-spec.ts +16 -16
package/src/forge/compiler/package-manager/version.ts +20 -20
package/src/forge/compiler/primitives/compare.ts +26 -26
package/src/forge/compiler/primitives/hash.ts +42 -33
package/src/forge/compiler/primitives/header.ts +43 -43
package/src/forge/compiler/primitives/index.ts +45 -45
package/src/forge/compiler/primitives/paths.ts +24 -24
package/src/forge/compiler/primitives/serialize.ts +66 -66
package/src/forge/compiler/primitives/sort.ts +87 -87
package/src/forge/compiler/recipes/definitions.ts +269 -269
package/src/forge/compiler/recipes/helpers.ts +37 -37
package/src/forge/compiler/recipes/index.ts +21 -21
package/src/forge/compiler/recipes/registry.ts +87 -87
package/src/forge/compiler/sandbox/artifact-sanitize.ts +26 -26
package/src/forge/compiler/sandbox/backends/child.ts +123 -123
package/src/forge/compiler/sandbox/backends/docker.ts +173 -173
package/src/forge/compiler/sandbox/index.ts +51 -51
package/src/forge/compiler/sandbox/inspect.ts +143 -143
package/src/forge/compiler/sandbox/inspector-entry.ts +115 -115
package/src/forge/compiler/sandbox/limits.ts +31 -31
package/src/forge/compiler/sandbox/scrub-env.ts +60 -60
package/src/forge/compiler/sandbox/secret-scan.ts +54 -54
package/src/forge/compiler/sandbox/serialize.ts +106 -106
package/src/forge/compiler/sandbox/types.ts +7 -7
package/src/forge/compiler/types/app-graph.ts +71 -71
package/src/forge/compiler/types/capability.ts +29 -29
package/src/forge/compiler/types/classification.ts +9 -9
package/src/forge/compiler/types/cli.ts +85 -85
package/src/forge/compiler/types/diagnostic.ts +2 -2
package/src/forge/compiler/types/emit.ts +25 -25
package/src/forge/compiler/types/import-guards.ts +19 -19
package/src/forge/compiler/types/index.ts +98 -98
package/src/forge/compiler/types/integration.ts +25 -25
package/src/forge/compiler/types/json.ts +3 -3
package/src/forge/compiler/types/lock.ts +37 -37
package/src/forge/compiler/types/package-graph.ts +122 -77
package/src/forge/compiler/types/runtime-matrix.ts +16 -16
package/src/forge/compiler/types/runtime.ts +30 -30
package/src/forge/compiler/types/sandbox.ts +24 -24
package/src/forge/dev/server.ts +16 -2
package/src/forge/refactor/index.ts +10 -2
package/src/forge/refactor/runtime-rename.ts +598 -0
package/src/forge/runtime/executor.ts +3 -2
package/src/forge/runtime/live/live-query-runner.ts +2 -1
package/src/forge/runtime/outbox/process.ts +2 -1
package/src/forge/runtime/query/run-query.ts +2 -1
package/src/forge/runtime/runner/run-entry.ts +2 -1
package/src/forge/runtime/telemetry/sinks/posthog.ts +4 -5
package/src/forge/runtime/telemetry/sinks/sentry.ts +4 -5
package/src/forge/runtime/workflows/resolve-step.ts +2 -1
package/src/forge/version.ts +3 -0
package/templates/b2b-support-web/src/actions/captureTicketCreated.ts +7 -2
package/templates/b2b-support-web/src/commands/closeTicket.ts +6 -1
package/templates/b2b-support-web/src/commands/createTicket.ts +8 -2
package/templates/b2b-support-web/src/queries/getTicket.ts +8 -1
package/templates/b2b-support-web/web/components/CreateTicketForm.tsx +1 -2
package/templates/b2b-support-web/web/components/PolicyDeniedDemo.tsx +1 -2
package/templates/b2b-support-web/web/components/TicketList.tsx +1 -2
package/templates/b2b-support-web/web/components/TraceDetails.tsx +1 -1
package/templates/b2b-support-web/web/lib/forge.ts +1 -0

package/src/forge/compiler/sandbox/backends/docker.ts CHANGED Viewed

@@ -1,173 +1,173 @@
-import { spawn } from "node:child_process";
-import { fileURLToPath } from "node:url";
-import type { SandboxLimits } from "../../types/cli.ts";
-import type { Dependency } from "../../types/package-graph.ts";
-import { DEFAULT_SANDBOX_PIDS_LIMIT, SANDBOX_KILL_GRACE_MS } from "../limits.ts";
-export interface DockerRunResult {
-  stdout: string;
-  stderr: string;
-  exitCode: number | null;
-  timedOut: boolean;
-  oomKilled: boolean;
-  startFailed: boolean;
-  dockerUnavailable: boolean;
-}
-export interface DockerRunner {
-  run(
-    dep: Dependency,
-    limits: SandboxLimits,
-    env: Record<string, string>,
-  ): Promise<DockerRunResult>;
-}
-const INSPECTOR_ENTRY = fileURLToPath(
-  new URL("../inspector-entry.ts", import.meta.url),
-);
-const DEFAULT_DOCKER_IMAGE = "oven/bun:1";
-function buildDockerArgs(
-  dep: Dependency,
-  limits: SandboxLimits,
-  env: Record<string, string>,
-): string[] {
-  const args = [
-    "run",
-    "--rm",
-    "--network",
-    "none",
-    "--read-only",
-    "--memory",
-    `${limits.memoryMb}m`,
-    "--pids-limit",
-    String(DEFAULT_SANDBOX_PIDS_LIMIT),
-    "--cap-drop",
-    "ALL",
-    "-v",
-    `${dep.installPath}:/pkg:ro`,
-    "-v",
-    `${INSPECTOR_ENTRY}:/inspector-entry.ts:ro`,
-  ];
-  for (const [key, value] of Object.entries(env)) {
-    args.push("-e", `${key}=${value}`);
-  }
-  args.push(
-    process.env.FORGE_SANDBOX_DOCKER_IMAGE ?? DEFAULT_DOCKER_IMAGE,
-    "bun",
-    "run",
-    "/inspector-entry.ts",
-    "/pkg",
-  );
-  return args;
-}
-export const defaultDockerRunner: DockerRunner = {
-  async run(dep, limits, env) {
-    const args = buildDockerArgs(dep, limits, env);
-    return new Promise<DockerRunResult>((resolve) => {
-      let stdout = "";
-      let stderr = "";
-      let timedOut = false;
-      let oomKilled = false;
-      let startFailed = false;
-      let dockerUnavailable = false;
-      let settled = false;
-      const child = spawn("docker", args, {
-        stdio: ["ignore", "pipe", "pipe"],
-        windowsHide: true,
-      });
-      const killTimer = setTimeout(() => {
-        timedOut = true;
-        child.kill("SIGTERM");
-        setTimeout(() => {
-          if (!child.killed) {
-            child.kill("SIGKILL");
-          }
-        }, SANDBOX_KILL_GRACE_MS);
-      }, limits.timeoutMs);
-      child.stdout.on("data", (chunk: Buffer | string) => {
-        stdout += String(chunk);
-      });
-      child.stderr.on("data", (chunk: Buffer | string) => {
-        stderr += String(chunk);
-      });
-      child.on("error", (error: NodeJS.ErrnoException) => {
-        if (settled) {
-          return;
-        }
-        settled = true;
-        clearTimeout(killTimer);
-        startFailed = true;
-        dockerUnavailable = error.code === "ENOENT";
-        resolve({
-          stdout,
-          stderr,
-          exitCode: null,
-          timedOut,
-          oomKilled,
-          startFailed,
-          dockerUnavailable,
-        });
-      });
-      child.on("close", (code) => {
-        if (settled) {
-          return;
-        }
-        settled = true;
-        clearTimeout(killTimer);
-        if (
-          stderr.includes("OOM") ||
-          stderr.includes("out of memory") ||
-          stderr.includes("Cannot allocate memory")
-        ) {
-          oomKilled = true;
-        }
-        resolve({
-          stdout,
-          stderr,
-          exitCode: code,
-          timedOut,
-          oomKilled,
-          startFailed,
-          dockerUnavailable: false,
-        });
-      });
-    });
-  },
-};
-let dockerRunner: DockerRunner = defaultDockerRunner;
-export function setDockerRunner(runner: DockerRunner | undefined): void {
-  dockerRunner = runner ?? defaultDockerRunner;
-}
-export function getDockerRunner(): DockerRunner {
-  return dockerRunner;
-}
-export function dockerRunFlags(limits: SandboxLimits): string[] {
-  return [
-    "--network",
-    "none",
-    "--read-only",
-    "--memory",
-    `${limits.memoryMb}m`,
-    "--pids-limit",
-    String(DEFAULT_SANDBOX_PIDS_LIMIT),
-    "--cap-drop",
-    "ALL",
-  ];
-}
+import { spawn } from "node:child_process";
+import { fileURLToPath } from "node:url";
+import type { SandboxLimits } from "../../types/cli.ts";
+import type { Dependency } from "../../types/package-graph.ts";
+import { DEFAULT_SANDBOX_PIDS_LIMIT, SANDBOX_KILL_GRACE_MS } from "../limits.ts";
+export interface DockerRunResult {
+  stdout: string;
+  stderr: string;
+  exitCode: number | null;
+  timedOut: boolean;
+  oomKilled: boolean;
+  startFailed: boolean;
+  dockerUnavailable: boolean;
+}
+export interface DockerRunner {
+  run(
+    dep: Dependency,
+    limits: SandboxLimits,
+    env: Record<string, string>,
+  ): Promise<DockerRunResult>;
+}
+const INSPECTOR_ENTRY = fileURLToPath(
+  new URL("../inspector-entry.ts", import.meta.url),
+);
+const DEFAULT_DOCKER_IMAGE = "oven/bun:1";
+function buildDockerArgs(
+  dep: Dependency,
+  limits: SandboxLimits,
+  env: Record<string, string>,
+): string[] {
+  const args = [
+    "run",
+    "--rm",
+    "--network",
+    "none",
+    "--read-only",
+    "--memory",
+    `${limits.memoryMb}m`,
+    "--pids-limit",
+    String(DEFAULT_SANDBOX_PIDS_LIMIT),
+    "--cap-drop",
+    "ALL",
+    "-v",
+    `${dep.installPath}:/pkg:ro`,
+    "-v",
+    `${INSPECTOR_ENTRY}:/inspector-entry.ts:ro`,
+  ];
+  for (const [key, value] of Object.entries(env)) {
+    args.push("-e", `${key}=${value}`);
+  }
+  args.push(
+    process.env.FORGE_SANDBOX_DOCKER_IMAGE ?? DEFAULT_DOCKER_IMAGE,
+    "bun",
+    "run",
+    "/inspector-entry.ts",
+    "/pkg",
+  );
+  return args;
+}
+export const defaultDockerRunner: DockerRunner = {
+  async run(dep, limits, env) {
+    const args = buildDockerArgs(dep, limits, env);
+    return new Promise<DockerRunResult>((resolve) => {
+      let stdout = "";
+      let stderr = "";
+      let timedOut = false;
+      let oomKilled = false;
+      let startFailed = false;
+      let dockerUnavailable = false;
+      let settled = false;
+      const child = spawn("docker", args, {
+        stdio: ["ignore", "pipe", "pipe"],
+        windowsHide: true,
+      });
+      const killTimer = setTimeout(() => {
+        timedOut = true;
+        child.kill("SIGTERM");
+        setTimeout(() => {
+          if (!child.killed) {
+            child.kill("SIGKILL");
+          }
+        }, SANDBOX_KILL_GRACE_MS);
+      }, limits.timeoutMs);
+      child.stdout.on("data", (chunk: Buffer | string) => {
+        stdout += String(chunk);
+      });
+      child.stderr.on("data", (chunk: Buffer | string) => {
+        stderr += String(chunk);
+      });
+      child.on("error", (error: NodeJS.ErrnoException) => {
+        if (settled) {
+          return;
+        }
+        settled = true;
+        clearTimeout(killTimer);
+        startFailed = true;
+        dockerUnavailable = error.code === "ENOENT";
+        resolve({
+          stdout,
+          stderr,
+          exitCode: null,
+          timedOut,
+          oomKilled,
+          startFailed,
+          dockerUnavailable,
+        });
+      });
+      child.on("close", (code) => {
+        if (settled) {
+          return;
+        }
+        settled = true;
+        clearTimeout(killTimer);
+        if (
+          stderr.includes("OOM") ||
+          stderr.includes("out of memory") ||
+          stderr.includes("Cannot allocate memory")
+        ) {
+          oomKilled = true;
+        }
+        resolve({
+          stdout,
+          stderr,
+          exitCode: code,
+          timedOut,
+          oomKilled,
+          startFailed,
+          dockerUnavailable: false,
+        });
+      });
+    });
+  },
+};
+let dockerRunner: DockerRunner = defaultDockerRunner;
+export function setDockerRunner(runner: DockerRunner | undefined): void {
+  dockerRunner = runner ?? defaultDockerRunner;
+}
+export function getDockerRunner(): DockerRunner {
+  return dockerRunner;
+}
+export function dockerRunFlags(limits: SandboxLimits): string[] {
+  return [
+    "--network",
+    "none",
+    "--read-only",
+    "--memory",
+    `${limits.memoryMb}m`,
+    "--pids-limit",
+    String(DEFAULT_SANDBOX_PIDS_LIMIT),
+    "--cap-drop",
+    "ALL",
+  ];
+}

package/src/forge/compiler/sandbox/index.ts CHANGED Viewed

@@ -1,51 +1,51 @@
-export {
-  inspectExports,
-  type SandboxInspectOptions,
-  type SandboxInspectResult,
-} from "./inspect.ts";
-export {
-  DEFAULT_SANDBOX_MEMORY_MB,
-  DEFAULT_SANDBOX_PIDS_LIMIT,
-  DEFAULT_SANDBOX_TIMEOUT_MS,
-  SANDBOX_KILL_GRACE_MS,
-  clampSandboxLimits,
-  defaultSandboxLimits,
-} from "./limits.ts";
-export { scrubEnv, isSecretEnvKey, type ScrubEnvOptions } from "./scrub-env.ts";
-export {
-  secretLeakScan,
-  type SecretScanOptions,
-  type SecretScanResult,
-} from "./secret-scan.ts";
-export {
-  assertJsonSerializable,
-  parseRuntimeExportShape,
-  sanitizeRuntimeExportShape,
-  serializeRuntimeExportShape,
-} from "./serialize.ts";
-export {
-  assertPackageApiSecretSafe,
-  packageApiContainsSecretValues,
-} from "./artifact-sanitize.ts";
-export {
-  emptyRuntimeExportShape,
-  type RuntimeEntrypointShape,
-  type RuntimeExportEntry,
-  type RuntimeExportKind,
-  type RuntimeExportShape,
-} from "./types.ts";
-export {
-  defaultChildRunner,
-  getChildRunner,
-  setChildRunner,
-  type ChildRunner,
-  type ChildRunResult,
-} from "./backends/child.ts";
-export {
-  defaultDockerRunner,
-  dockerRunFlags,
-  getDockerRunner,
-  setDockerRunner,
-  type DockerRunner,
-  type DockerRunResult,
-} from "./backends/docker.ts";
+export {
+  inspectExports,
+  type SandboxInspectOptions,
+  type SandboxInspectResult,
+} from "./inspect.ts";
+export {
+  DEFAULT_SANDBOX_MEMORY_MB,
+  DEFAULT_SANDBOX_PIDS_LIMIT,
+  DEFAULT_SANDBOX_TIMEOUT_MS,
+  SANDBOX_KILL_GRACE_MS,
+  clampSandboxLimits,
+  defaultSandboxLimits,
+} from "./limits.ts";
+export { scrubEnv, isSecretEnvKey, type ScrubEnvOptions } from "./scrub-env.ts";
+export {
+  secretLeakScan,
+  type SecretScanOptions,
+  type SecretScanResult,
+} from "./secret-scan.ts";
+export {
+  assertJsonSerializable,
+  parseRuntimeExportShape,
+  sanitizeRuntimeExportShape,
+  serializeRuntimeExportShape,
+} from "./serialize.ts";
+export {
+  assertPackageApiSecretSafe,
+  packageApiContainsSecretValues,
+} from "./artifact-sanitize.ts";
+export {
+  emptyRuntimeExportShape,
+  type RuntimeEntrypointShape,
+  type RuntimeExportEntry,
+  type RuntimeExportKind,
+  type RuntimeExportShape,
+} from "./types.ts";
+export {
+  defaultChildRunner,
+  getChildRunner,
+  setChildRunner,
+  type ChildRunner,
+  type ChildRunResult,
+} from "./backends/child.ts";
+export {
+  defaultDockerRunner,
+  dockerRunFlags,
+  getDockerRunner,
+  setDockerRunner,
+  type DockerRunner,
+  type DockerRunResult,
+} from "./backends/docker.ts";