isol8 0.1.0-alpha.2 → 0.3.0

package/README.md

@@ -44,6 +44,14 @@ npm install isol8
 - [Docker](https://docs.docker.com/get-docker/) running locally
 - [Bun](https://bun.sh) (recommended) or Node.js 20+
 
+### Agent Skill
+
+AI agents can install isol8 as a skill for automatic discovery and usage:
+
+```bash
+npx skills add Illusion47586/isol8/skill/isol8
+```
+
 ## CLI
 
 ### `isol8 setup`
@@ -93,6 +101,7 @@ isol8 run script.py --host http://server:3000 --key my-api-key
 | `--allow <regex>` | Whitelist regex (repeatable, for `filtered`) | — |
 | `--deny <regex>` | Blacklist regex (repeatable, for `filtered`) | — |
 | `--out <file>` | Write stdout to file | — |
+| `--stream` | Stream output in real-time | `false` |
 | `--persistent` | Keep container alive between runs | `false` |
 | `--timeout <ms>` | Execution timeout in milliseconds | `30000` |
 | `--memory <limit>` | Memory limit (e.g. `512m`, `1g`) | `512m` |
@@ -102,12 +111,25 @@ isol8 run script.py --host http://server:3000 --key my-api-key
 | `--writable` | Disable read-only root filesystem | `false` |
 | `--max-output <bytes>` | Maximum output size in bytes | `1048576` |
 | `--secret <KEY=VALUE>` | Secret env var (repeatable, values masked) | — |
-| `--sandbox-size <size>` | Sandbox tmpfs size (e.g. `128m`) | `64m` |
+| `--sandbox-size <size>` | Sandbox tmpfs size (e.g. `512m`, `1g`) | `512m` |
+| `--tmp-size <size>` | Tmp tmpfs size (e.g. `256m`, `512m`) | `256m` |
 | `--stdin <data>` | Data to pipe to stdin | — |
 | `--install <pkg>` | Install package for runtime (repeatable) | — |
 | `--host <url>` | Remote server URL | — |
 | `--key <key>` | API key for remote server | `$ISOL8_API_KEY` |
 
+### `isol8 cleanup`
+
+Remove orphaned isol8 containers.
+
+```bash
+# Interactive (prompts for confirmation)
+isol8 cleanup
+
+# Force (skip confirmation)
+isol8 cleanup --force
+```
+
 ### `isol8 serve`
 
 Start the isol8 remote HTTP server. **Requires Bun runtime.**
@@ -331,13 +353,28 @@ bun run bench:detailed   # Phase breakdown
 
 | Layer | Protection |
 |-------|-----------|
-| **Filesystem** | Read-only root, writable `/sandbox` (tmpfs, 64MB), writable `/tmp` (tmpfs, noexec, 64MB) |
+| **Filesystem** | Read-only root, writable `/sandbox` (tmpfs, 512MB, exec allowed), writable `/tmp` (tmpfs, 256MB, noexec) |
 | **Processes** | PID limit (default 64), `no-new-privileges` |
 | **Resources** | CPU (1 core), memory (512MB), execution timeout (30s) |
 | **Network** | Disabled by default; optional proxy-based filtering |
 | **Output** | Truncated at 1MB; secrets masked from stdout/stderr |
 | **Isolation** | Each execution in its own container (ephemeral) or exec (persistent) |
 
+### Container Filesystem
+
+Containers use two tmpfs mounts:
+
+1. **`/sandbox`** (default: 512MB, configurable via `--sandbox-size` or config)
+   - Working directory for code execution
+   - Package installations stored here (`.local`, `.npm-global`, etc.)
+   - Allows execution (`exec` flag) for shared libraries like numpy's `.so` files
+   - User files and outputs
+
+2. **`/tmp`** (default: 256MB, configurable via `--tmp-size` or config)
+   - Temporary files and caches
+   - No execution allowed (`noexec` flag) for security
+   - Used during package installation
+
 ## REST API
 
 When running `isol8 serve`, these endpoints are available:

package/dist/cli.js

@@ -24360,6 +24360,115 @@ var require_browser = __commonJS((exports, module) => {
   };
 });
 
+// node_modules/has-flag/index.js
+var require_has_flag = __commonJS((exports, module) => {
+  module.exports = (flag, argv = process.argv) => {
+    const prefix = flag.startsWith("-") ? "" : flag.length === 1 ? "-" : "--";
+    const position = argv.indexOf(prefix + flag);
+    const terminatorPosition = argv.indexOf("--");
+    return position !== -1 && (terminatorPosition === -1 || position < terminatorPosition);
+  };
+});
+
+// node_modules/supports-color/index.js
+var require_supports_color = __commonJS((exports, module) => {
+  var os = __require("os");
+  var tty = __require("tty");
+  var hasFlag = require_has_flag();
+  var { env } = process;
+  var forceColor;
+  if (hasFlag("no-color") || hasFlag("no-colors") || hasFlag("color=false") || hasFlag("color=never")) {
+    forceColor = 0;
+  } else if (hasFlag("color") || hasFlag("colors") || hasFlag("color=true") || hasFlag("color=always")) {
+    forceColor = 1;
+  }
+  if ("FORCE_COLOR" in env) {
+    if (env.FORCE_COLOR === "true") {
+      forceColor = 1;
+    } else if (env.FORCE_COLOR === "false") {
+      forceColor = 0;
+    } else {
+      forceColor = env.FORCE_COLOR.length === 0 ? 1 : Math.min(parseInt(env.FORCE_COLOR, 10), 3);
+    }
+  }
+  function translateLevel(level) {
+    if (level === 0) {
+      return false;
+    }
+    return {
+      level,
+      hasBasic: true,
+      has256: level >= 2,
+      has16m: level >= 3
+    };
+  }
+  function supportsColor(haveStream, streamIsTTY) {
+    if (forceColor === 0) {
+      return 0;
+    }
+    if (hasFlag("color=16m") || hasFlag("color=full") || hasFlag("color=truecolor")) {
+      return 3;
+    }
+    if (hasFlag("color=256")) {
+      return 2;
+    }
+    if (haveStream && !streamIsTTY && forceColor === undefined) {
+      return 0;
+    }
+    const min = forceColor || 0;
+    if (env.TERM === "dumb") {
+      return min;
+    }
+    if (process.platform === "win32") {
+      const osRelease = os.release().split(".");
+      if (Number(osRelease[0]) >= 10 && Number(osRelease[2]) >= 10586) {
+        return Number(osRelease[2]) >= 14931 ? 3 : 2;
+      }
+      return 1;
+    }
+    if ("CI" in env) {
+      if (["TRAVIS", "CIRCLECI", "APPVEYOR", "GITLAB_CI", "GITHUB_ACTIONS", "BUILDKITE"].some((sign) => (sign in env)) || env.CI_NAME === "codeship") {
+        return 1;
+      }
+      return min;
+    }
+    if ("TEAMCITY_VERSION" in env) {
+      return /^(9\.(0*[1-9]\d*)\.|\d{2,}\.)/.test(env.TEAMCITY_VERSION) ? 1 : 0;
+    }
+    if (env.COLORTERM === "truecolor") {
+      return 3;
+    }
+    if ("TERM_PROGRAM" in env) {
+      const version = parseInt((env.TERM_PROGRAM_VERSION || "").split(".")[0], 10);
+      switch (env.TERM_PROGRAM) {
+        case "iTerm.app":
+          return version >= 3 ? 3 : 2;
+        case "Apple_Terminal":
+          return 2;
+      }
+    }
+    if (/-256(color)?$/i.test(env.TERM)) {
+      return 2;
+    }
+    if (/^screen|^xterm|^vt100|^vt220|^rxvt|color|ansi|cygwin|linux/i.test(env.TERM)) {
+      return 1;
+    }
+    if ("COLORTERM" in env) {
+      return 1;
+    }
+    return min;
+  }
+  function getSupportLevel(stream) {
+    const level = supportsColor(stream, stream && stream.isTTY);
+    return translateLevel(level);
+  }
+  module.exports = {
+    supportsColor: getSupportLevel,
+    stdout: translateLevel(supportsColor(true, tty.isatty(1))),
+    stderr: translateLevel(supportsColor(true, tty.isatty(2)))
+  };
+});
+
 // node_modules/debug/src/node.js
 var require_node2 = __commonJS((exports, module) => {
   var tty = __require("tty");
@@ -24373,7 +24482,7 @@ var require_node2 = __commonJS((exports, module) => {
   exports.destroy = util.deprecate(() => {}, "Instance method `debug.destroy()` is deprecated and no longer does anything. It will be removed in the next major version of `debug`.");
   exports.colors = [6, 2, 3, 4, 5, 1];
   try {
-    const supportsColor = (()=>{throw new Error("Cannot require module "+"supports-color");})();
+    const supportsColor = require_supports_color();
     if (supportsColor && (supportsColor.stderr || supportsColor).level >= 2) {
       exports.colors = [
         20,
@@ -54701,8 +54810,8 @@ var init_config = __esm(() => {
       memoryLimit: "512m",
       cpuLimit: 1,
       network: "none",
-      sandboxSize: "64m",
-      tmpSize: "64m"
+      sandboxSize: "512m",
+      tmpSize: "256m"
     },
     network: {
       whitelist: [],
@@ -55184,11 +55293,11 @@ function wrapWithTimeout(cmd, timeoutSec) {
 function getInstallCommand(runtime, packages) {
   switch (runtime) {
     case "python":
-      return ["pip", "install", "--no-cache-dir", "--break-system-packages", ...packages];
+      return ["pip", "install", "--user", "--no-cache-dir", "--break-system-packages", ...packages];
     case "node":
-      return ["npm", "install", "-g", ...packages];
+      return ["npm", "install", "-g", "--prefix=/sandbox/.npm-global", ...packages];
     case "bun":
-      return ["bun", "install", "-g", ...packages];
+      return ["bun", "install", "-g", "--global-dir=/sandbox/.bun-global", ...packages];
     case "deno":
       return ["sh", "-c", packages.map((p) => `deno cache ${p}`).join(" && ")];
     case "bash":
@@ -55200,10 +55309,23 @@ function getInstallCommand(runtime, packages) {
 async function installPackages(container, runtime, packages) {
   const cmd = getInstallCommand(runtime, packages);
   console.error(`[DEBUG] Installing packages: ${JSON.stringify(cmd)}`);
+  const env2 = [
+    "PATH=/sandbox/.local/bin:/sandbox/.npm-global/bin:/sandbox/.bun-global/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"
+  ];
+  if (runtime === "python") {
+    env2.push("PYTHONUSERBASE=/sandbox/.local");
+  } else if (runtime === "node") {
+    env2.push("NPM_CONFIG_PREFIX=/sandbox/.npm-global");
+    env2.push("NPM_CONFIG_CACHE=/sandbox/.npm-cache");
+    env2.push("npm_config_cache=/sandbox/.npm-cache");
+  } else if (runtime === "deno") {
+    env2.push("DENO_DIR=/sandbox/.deno");
+  }
   const exec = await container.exec({
     Cmd: cmd,
     AttachStdout: true,
-    AttachStderr: true
+    AttachStderr: true,
+    Env: env2
   });
   const stream = await exec.start({ Detach: false, Tty: false });
   return new Promise((resolve2, reject) => {
@@ -55263,8 +55385,8 @@ class DockerIsol8 {
     this.defaultTimeoutMs = options.timeoutMs ?? 30000;
     this.overrideImage = options.image;
     this.semaphore = new Semaphore(maxConcurrent);
-    this.sandboxSize = options.sandboxSize ?? "64m";
-    this.tmpSize = options.tmpSize ?? "64m";
+    this.sandboxSize = options.sandboxSize ?? "512m";
+    this.tmpSize = options.tmpSize ?? "256m";
   }
   async start() {}
   async stop() {
@@ -55577,8 +55699,8 @@ class DockerIsol8 {
       PidsLimit: this.pidsLimit,
       ReadonlyRootfs: this.readonlyRootFs,
       Tmpfs: {
-        "/tmp": `rw,noexec,nosuid,size=${this.tmpSize}`,
-        [SANDBOX_WORKDIR]: `rw,size=${this.sandboxSize}`
+        "/tmp": `rw,noexec,nosuid,nodev,size=${this.tmpSize}`,
+        [SANDBOX_WORKDIR]: `rw,exec,nosuid,nodev,size=${this.sandboxSize}`
       },
       SecurityOpt: ["no-new-privileges"]
     };
@@ -55592,7 +55714,11 @@ class DockerIsol8 {
   buildEnv(extra) {
     const env2 = [
       "PYTHONUNBUFFERED=1",
-      "NODE_PATH=/usr/local/lib/node_modules:/sandbox/node_modules"
+      "PYTHONUSERBASE=/sandbox/.local",
+      "NPM_CONFIG_PREFIX=/sandbox/.npm-global",
+      "DENO_DIR=/sandbox/.deno",
+      "PATH=/sandbox/.local/bin:/sandbox/.npm-global/bin:/sandbox/.bun-global/bin:/usr/local/bin:/usr/bin:/bin",
+      "NODE_PATH=/usr/local/lib/node_modules:/sandbox/.npm-global/lib/node_modules:/sandbox/node_modules"
     ];
     for (const [key, value] of Object.entries(this.secrets)) {
       env2.push(`${key}=${value}`);
@@ -55731,6 +55857,26 @@ class DockerIsol8 {
     }
     return result.trimEnd();
   }
+  static async cleanup(docker) {
+    const dockerInstance = docker ?? new import_dockerode.default;
+    const containers = await dockerInstance.listContainers({ all: true });
+    const isol8Containers = containers.filter((c) => c.Image.startsWith("isol8:") || c.Image.startsWith("isol8-custom:"));
+    let removed = 0;
+    let failed = 0;
+    const errors = [];
+    for (const containerInfo of isol8Containers) {
+      try {
+        const container = dockerInstance.getContainer(containerInfo.Id);
+        await container.remove({ force: true });
+        removed++;
+      } catch (err) {
+        failed++;
+        const errorMsg = err instanceof Error ? err.message : String(err);
+        errors.push(`${containerInfo.Id.slice(0, 12)}: ${errorMsg}`);
+      }
+    }
+    return { removed, failed, errors };
+  }
 }
 var import_dockerode, SANDBOX_WORKDIR = "/sandbox", MAX_OUTPUT_BYTES, PROXY_PORT = 8118, PROXY_STARTUP_TIMEOUT_MS = 5000, PROXY_POLL_INTERVAL_MS = 100;
 var init_docker = __esm(() => {
@@ -58079,7 +58225,7 @@ function mimicFunction(to, from, { ignoreNonConfigurable = false } = {}) {
   return to;
 }
 
-// node_modules/onetime/index.js
+// node_modules/restore-cursor/node_modules/onetime/index.js
 var calledFunctions = new WeakMap;
 var onetime = (function_, options = {}) => {
   if (typeof function_ !== "function") {
@@ -61077,7 +61223,7 @@ program2.command("setup").description("Check Docker and build isol8 images").opt
   console.log(`
 [DONE] Setup complete!`);
 });
-program2.command("run").description("Execute code in isol8").argument("[file]", "Script file to execute").option("-e, --eval <code>", "Execute inline code string").option("-r, --runtime <name>", "Force runtime (python, node, bun, deno, bash)").option("--net <mode>", "Network mode: none, host, filtered", "none").option("--allow <regex>", "Whitelist regex for filtered mode (repeatable)", collect, []).option("--deny <regex>", "Blacklist regex for filtered mode (repeatable)", collect, []).option("--out <file>", "Write output to file").option("--persistent", "Use persistent container").option("--timeout <ms>", "Execution timeout in milliseconds").option("--memory <limit>", "Memory limit (e.g. 512m, 1g)").option("--cpu <limit>", "CPU limit as fraction (e.g. 0.5, 2.0)").option("--image <name>", "Override Docker image").option("--pids-limit <n>", "Maximum number of processes").option("--writable", "Disable read-only root filesystem").option("--max-output <bytes>", "Maximum output size in bytes").option("--secret <KEY=VALUE>", "Secret env var (repeatable, values masked)", collect, []).option("--sandbox-size <size>", "Sandbox tmpfs size (e.g. 128m)").option("--stdin <data>", "Data to pipe to stdin").option("--install <package>", "Install package for runtime (repeatable)", collect, []).option("--host <url>", "Execute on remote server").option("--key <key>", "API key for remote server").action(async (file, opts) => {
+program2.command("run").description("Execute code in isol8").argument("[file]", "Script file to execute").option("-e, --eval <code>", "Execute inline code string").option("-r, --runtime <name>", "Force runtime (python, node, bun, deno, bash)").option("--net <mode>", "Network mode: none, host, filtered", "none").option("--allow <regex>", "Whitelist regex for filtered mode (repeatable)", collect, []).option("--deny <regex>", "Blacklist regex for filtered mode (repeatable)", collect, []).option("--out <file>", "Write output to file").option("--persistent", "Use persistent container").option("--timeout <ms>", "Execution timeout in milliseconds").option("--memory <limit>", "Memory limit (e.g. 512m, 1g)").option("--cpu <limit>", "CPU limit as fraction (e.g. 0.5, 2.0)").option("--image <name>", "Override Docker image").option("--pids-limit <n>", "Maximum number of processes").option("--writable", "Disable read-only root filesystem").option("--max-output <bytes>", "Maximum output size in bytes").option("--secret <KEY=VALUE>", "Secret env var (repeatable, values masked)", collect, []).option("--sandbox-size <size>", "Sandbox tmpfs size (e.g. 128m)").option("--tmp-size <size>", "Tmp tmpfs size (e.g. 256m, 512m)").option("--stdin <data>", "Data to pipe to stdin").option("--install <package>", "Install package for runtime (repeatable)", collect, []).option("--host <url>", "Execute on remote server").option("--key <key>", "API key for remote server").option("--stream", "Stream output in real-time").action(async (file, opts) => {
   const { code, runtime, engineOptions, engine, stdinData } = await resolveRunInput(file, opts);
   const spinner = ora("Starting execution...").start();
   try {
@@ -61090,23 +61236,42 @@ program2.command("run").description("Execute code in isol8").argument("[file]",
       ...stdinData ? { stdin: stdinData } : {},
       ...opts.install.length > 0 ? { installPackages: opts.install } : {}
     };
-    const result = await engine.execute(req);
-    spinner.stop();
-    if (result.stdout) {
-      console.log(result.stdout);
-    }
-    if (result.stderr) {
-      console.error(result.stderr);
-    }
-    if (result.truncated) {
-      console.error("[WARN] Output was truncated");
-    }
-    if (opts.out && result.stdout) {
-      writeFileSync(opts.out, result.stdout, "utf-8");
-      console.error(`[INFO] Output written to ${opts.out}`);
-    }
-    if (result.exitCode !== 0) {
-      process.exit(result.exitCode);
+    if (opts.stream) {
+      spinner.stop();
+      const stream = engine.executeStream(req);
+      for await (const event of stream) {
+        if (event.type === "stdout") {
+          process.stdout.write(event.data);
+        } else if (event.type === "stderr") {
+          process.stderr.write(event.data);
+        } else if (event.type === "exit") {
+          if (event.data !== "0") {
+            process.exit(Number.parseInt(event.data, 10));
+          }
+        } else if (event.type === "error") {
+          console.error(`[ERR] ${event.data}`);
+          process.exit(1);
+        }
+      }
+    } else {
+      const result = await engine.execute(req);
+      spinner.stop();
+      if (result.stdout) {
+        console.log(result.stdout);
+      }
+      if (result.stderr) {
+        console.error(result.stderr);
+      }
+      if (result.truncated) {
+        console.error("[WARN] Output was truncated");
+      }
+      if (opts.out && result.stdout) {
+        writeFileSync(opts.out, result.stdout, "utf-8");
+        console.error(`[INFO] Output written to ${opts.out}`);
+      }
+      if (result.exitCode !== 0) {
+        process.exit(result.exitCode);
+      }
     }
   } catch (err) {
     spinner.stop();
@@ -61166,6 +61331,8 @@ Isol8 Configuration
   console.log(`  Memory limit:    ${config.defaults.memoryLimit}`);
   console.log(`  CPU limit:       ${config.defaults.cpuLimit}`);
   console.log(`  Network:         ${config.defaults.network}`);
+  console.log(`  Sandbox size:    ${config.defaults.sandboxSize}`);
+  console.log(`  Tmp size:        ${config.defaults.tmpSize}`);
   console.log("");
   console.log("  ── Network Filter ──");
   if (config.network.whitelist.length > 0) {
@@ -61204,6 +61371,60 @@ Isol8 Configuration
   }
   console.log("");
 });
+program2.command("cleanup").description("Remove orphaned isol8 containers").option("--force", "Skip confirmation prompt").action(async (opts) => {
+  const docker = new import_dockerode2.default;
+  const spinner = ora("Checking Docker...").start();
+  try {
+    await docker.ping();
+    spinner.succeed("Docker is running");
+  } catch {
+    spinner.fail("Docker is not running or not installed.");
+    process.exit(1);
+  }
+  spinner.start("Finding isol8 containers...");
+  const containers = await docker.listContainers({ all: true });
+  const isol8Containers = containers.filter((c) => c.Image.startsWith("isol8:") || c.Image.startsWith("isol8-custom:"));
+  if (isol8Containers.length === 0) {
+    spinner.info("No isol8 containers found");
+    return;
+  }
+  spinner.succeed(`Found ${isol8Containers.length} isol8 container(s)`);
+  console.log("");
+  for (const c of isol8Containers) {
+    const status = c.State === "running" ? "\uD83D\uDFE2 running" : "⚪ stopped";
+    const created = new Date(c.Created * 1000).toLocaleString();
+    console.log(`  ${status} ${c.Id.slice(0, 12)} | ${c.Image} | created ${created}`);
+  }
+  console.log("");
+  if (!opts.force) {
+    const readline = await import("node:readline");
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout
+    });
+    const answer = await new Promise((resolve3) => {
+      rl.question("Remove all these containers? [y/N] ", resolve3);
+    });
+    rl.close();
+    if (answer.toLowerCase() !== "y" && answer.toLowerCase() !== "yes") {
+      console.log("Cleanup cancelled");
+      return;
+    }
+  }
+  spinner.start("Removing containers...");
+  const result = await DockerIsol8.cleanup(docker);
+  if (result.errors.length > 0) {
+    console.log("");
+    for (const err of result.errors) {
+      console.error(`  Failed to remove ${err}`);
+    }
+  }
+  if (result.failed === 0) {
+    spinner.succeed(`Removed ${result.removed} container(s)`);
+  } else {
+    spinner.warn(`Removed ${result.removed} container(s), ${result.failed} failed`);
+  }
+});
 async function resolveRunInput(file, opts) {
   const config = loadConfig();
   let code;
@@ -61250,7 +61471,8 @@ async function resolveRunInput(file, opts) {
     ...opts.pidsLimit ? { pidsLimit: Number.parseInt(opts.pidsLimit, 10) } : {},
     ...opts.writable ? { readonlyRootFs: false } : {},
     ...opts.maxOutput ? { maxOutputSize: Number.parseInt(opts.maxOutput, 10) } : {},
-    ...opts.sandboxSize ? { sandboxSize: opts.sandboxSize } : {}
+    ...opts.sandboxSize ? { sandboxSize: opts.sandboxSize } : {},
+    ...opts.tmpSize ? { tmpSize: opts.tmpSize } : {}
   };
   const secrets = {};
   for (const s of opts.secret ?? []) {
@@ -61285,4 +61507,4 @@ if (!process.argv.slice(2).length) {
 }
 program2.parse();
 
-//# debugId=2D92B31A50EB774E64756E2164756E21
+//# debugId=1EC5CA4C4BAF17C964756E2164756E21