npm - isol8 - Versions diffs - 0.1.0-alpha.2 → 0.3.0 - Mend

isol8 0.1.0-alpha.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/README.md +39 -2
package/dist/cli.js +255 -33
package/dist/cli.js.map +8 -6
package/dist/index.js +157 -12
package/dist/index.js.map +7 -6
package/dist/src/cli.d.ts.map +1 -0
package/dist/src/client/remote.d.ts.map +1 -0
package/dist/src/config.d.ts.map +1 -0
package/dist/src/engine/concurrency.d.ts.map +1 -0
package/dist/{engine → src/engine}/docker.d.ts +26 -0
package/dist/src/engine/docker.d.ts.map +1 -0
package/dist/src/engine/image-builder.d.ts.map +1 -0
package/dist/src/engine/pool.d.ts.map +1 -0
package/dist/src/engine/utils.d.ts.map +1 -0
package/dist/{index.d.ts → src/index.d.ts} +1 -0
package/dist/src/index.d.ts.map +1 -0
package/dist/src/runtime/adapter.d.ts.map +1 -0
package/dist/src/runtime/adapters/bash.d.ts.map +1 -0
package/dist/src/runtime/adapters/bun.d.ts.map +1 -0
package/dist/src/runtime/adapters/deno.d.ts.map +1 -0
package/dist/src/runtime/adapters/node.d.ts.map +1 -0
package/dist/src/runtime/adapters/python.d.ts.map +1 -0
package/dist/src/runtime/index.d.ts.map +1 -0
package/dist/src/server/auth.d.ts.map +1 -0
package/dist/src/server/index.d.ts.map +1 -0
package/dist/{types.d.ts → src/types.d.ts} +4 -4
package/dist/src/types.d.ts.map +1 -0
package/dist/src/version.d.ts +15 -0
package/dist/src/version.d.ts.map +1 -0
package/package.json +11 -5
package/schema/isol8.config.schema.json +10 -0
package/dist/cli.d.ts.map +0 -1
package/dist/client/remote.d.ts.map +0 -1
package/dist/config.d.ts.map +0 -1
package/dist/engine/concurrency.d.ts.map +0 -1
package/dist/engine/docker.d.ts.map +0 -1
package/dist/engine/image-builder.d.ts.map +0 -1
package/dist/engine/pool.d.ts.map +0 -1
package/dist/engine/utils.d.ts.map +0 -1
package/dist/index.d.ts.map +0 -1
package/dist/runtime/adapter.d.ts.map +0 -1
package/dist/runtime/adapters/bash.d.ts.map +0 -1
package/dist/runtime/adapters/bun.d.ts.map +0 -1
package/dist/runtime/adapters/deno.d.ts.map +0 -1
package/dist/runtime/adapters/node.d.ts.map +0 -1
package/dist/runtime/adapters/python.d.ts.map +0 -1
package/dist/runtime/index.d.ts.map +0 -1
package/dist/server/auth.d.ts.map +0 -1
package/dist/server/index.d.ts.map +0 -1
package/dist/types.d.ts.map +0 -1
/package/dist/{cli.d.ts → src/cli.d.ts} +0 -0
/package/dist/{client → src/client}/remote.d.ts +0 -0
/package/dist/{config.d.ts → src/config.d.ts} +0 -0
/package/dist/{engine → src/engine}/concurrency.d.ts +0 -0
/package/dist/{engine → src/engine}/image-builder.d.ts +0 -0
/package/dist/{engine → src/engine}/pool.d.ts +0 -0
/package/dist/{engine → src/engine}/utils.d.ts +0 -0
/package/dist/{runtime → src/runtime}/adapter.d.ts +0 -0
/package/dist/{runtime → src/runtime}/adapters/bash.d.ts +0 -0
/package/dist/{runtime → src/runtime}/adapters/bun.d.ts +0 -0
/package/dist/{runtime → src/runtime}/adapters/deno.d.ts +0 -0
/package/dist/{runtime → src/runtime}/adapters/node.d.ts +0 -0
/package/dist/{runtime → src/runtime}/adapters/python.d.ts +0 -0
/package/dist/{runtime → src/runtime}/index.d.ts +0 -0
/package/dist/{server → src/server}/auth.d.ts +0 -0
/package/dist/{server → src/server}/index.d.ts +0 -0

package/dist/index.js CHANGED Viewed

@@ -135,8 +135,8 @@ var DEFAULT_CONFIG = {
     memoryLimit: "512m",
     cpuLimit: 1,
     network: "none",
-    sandboxSize: "64m",
-    tmpSize: "64m"
+    sandboxSize: "512m",
+    tmpSize: "256m"
   },
   network: {
     whitelist: [],
@@ -619,11 +619,11 @@ function wrapWithTimeout(cmd, timeoutSec) {
 function getInstallCommand(runtime, packages) {
   switch (runtime) {
     case "python":
-      return ["pip", "install", "--no-cache-dir", "--break-system-packages", ...packages];
+      return ["pip", "install", "--user", "--no-cache-dir", "--break-system-packages", ...packages];
     case "node":
-      return ["npm", "install", "-g", ...packages];
+      return ["npm", "install", "-g", "--prefix=/sandbox/.npm-global", ...packages];
     case "bun":
-      return ["bun", "install", "-g", ...packages];
+      return ["bun", "install", "-g", "--global-dir=/sandbox/.bun-global", ...packages];
     case "deno":
       return ["sh", "-c", packages.map((p) => `deno cache ${p}`).join(" && ")];
     case "bash":
@@ -635,10 +635,23 @@ function getInstallCommand(runtime, packages) {
 async function installPackages(container, runtime, packages) {
   const cmd = getInstallCommand(runtime, packages);
   console.error(`[DEBUG] Installing packages: ${JSON.stringify(cmd)}`);
+  const env = [
+    "PATH=/sandbox/.local/bin:/sandbox/.npm-global/bin:/sandbox/.bun-global/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"
+  ];
+  if (runtime === "python") {
+    env.push("PYTHONUSERBASE=/sandbox/.local");
+  } else if (runtime === "node") {
+    env.push("NPM_CONFIG_PREFIX=/sandbox/.npm-global");
+    env.push("NPM_CONFIG_CACHE=/sandbox/.npm-cache");
+    env.push("npm_config_cache=/sandbox/.npm-cache");
+  } else if (runtime === "deno") {
+    env.push("DENO_DIR=/sandbox/.deno");
+  }
   const exec = await container.exec({
     Cmd: cmd,
     AttachStdout: true,
-    AttachStderr: true
+    AttachStderr: true,
+    Env: env
   });
   const stream = await exec.start({ Detach: false, Tty: false });
   return new Promise((resolve2, reject) => {
@@ -698,8 +711,8 @@ class DockerIsol8 {
     this.defaultTimeoutMs = options.timeoutMs ?? 30000;
     this.overrideImage = options.image;
     this.semaphore = new Semaphore(maxConcurrent);
-    this.sandboxSize = options.sandboxSize ?? "64m";
-    this.tmpSize = options.tmpSize ?? "64m";
+    this.sandboxSize = options.sandboxSize ?? "512m";
+    this.tmpSize = options.tmpSize ?? "256m";
   }
   async start() {}
   async stop() {
@@ -1012,8 +1025,8 @@ class DockerIsol8 {
       PidsLimit: this.pidsLimit,
       ReadonlyRootfs: this.readonlyRootFs,
       Tmpfs: {
-        "/tmp": `rw,noexec,nosuid,size=${this.tmpSize}`,
-        [SANDBOX_WORKDIR]: `rw,size=${this.sandboxSize}`
+        "/tmp": `rw,noexec,nosuid,nodev,size=${this.tmpSize}`,
+        [SANDBOX_WORKDIR]: `rw,exec,nosuid,nodev,size=${this.sandboxSize}`
       },
       SecurityOpt: ["no-new-privileges"]
     };
@@ -1027,7 +1040,11 @@ class DockerIsol8 {
   buildEnv(extra) {
     const env = [
       "PYTHONUNBUFFERED=1",
-      "NODE_PATH=/usr/local/lib/node_modules:/sandbox/node_modules"
+      "PYTHONUSERBASE=/sandbox/.local",
+      "NPM_CONFIG_PREFIX=/sandbox/.npm-global",
+      "DENO_DIR=/sandbox/.deno",
+      "PATH=/sandbox/.local/bin:/sandbox/.npm-global/bin:/sandbox/.bun-global/bin:/usr/local/bin:/usr/bin:/bin",
+      "NODE_PATH=/usr/local/lib/node_modules:/sandbox/.npm-global/lib/node_modules:/sandbox/node_modules"
     ];
     for (const [key, value] of Object.entries(this.secrets)) {
       env.push(`${key}=${value}`);
@@ -1166,6 +1183,26 @@ class DockerIsol8 {
     }
     return result.trimEnd();
   }
+  static async cleanup(docker) {
+    const dockerInstance = docker ?? new Docker;
+    const containers = await dockerInstance.listContainers({ all: true });
+    const isol8Containers = containers.filter((c) => c.Image.startsWith("isol8:") || c.Image.startsWith("isol8-custom:"));
+    let removed = 0;
+    let failed = 0;
+    const errors = [];
+    for (const containerInfo of isol8Containers) {
+      try {
+        const container = dockerInstance.getContainer(containerInfo.Id);
+        await container.remove({ force: true });
+        removed++;
+      } catch (err) {
+        failed++;
+        const errorMsg = err instanceof Error ? err.message : String(err);
+        errors.push(`${containerInfo.Id.slice(0, 12)}: ${errorMsg}`);
+      }
+    }
+    return { removed, failed, errors };
+  }
 }
 // src/server/index.ts
 import { Hono } from "hono";
@@ -1341,10 +1378,118 @@ function createServer(options) {
     port: options.port
   };
 }
+// package.json
+var package_default = {
+  name: "isol8",
+  version: "0.2.0",
+  description: "Secure code execution engine for AI agents",
+  author: "Illusion47586",
+  license: "MIT",
+  repository: {
+    type: "git",
+    url: "https://github.com/Illusion47586/isol8.git"
+  },
+  homepage: "https://github.com/Illusion47586/isol8",
+  bugs: {
+    url: "https://github.com/Illusion47586/isol8/issues"
+  },
+  keywords: [
+    "sandbox",
+    "docker",
+    "code-execution",
+    "isolation",
+    "security",
+    "ai-agents",
+    "container",
+    "runtime"
+  ],
+  type: "module",
+  main: "./dist/index.js",
+  types: "./dist/index.d.ts",
+  exports: {
+    ".": {
+      import: "./dist/index.js",
+      types: "./dist/index.d.ts"
+    },
+    "./schema": "./schema/isol8.config.schema.json"
+  },
+  bin: {
+    isol8: "./dist/cli.js"
+  },
+  scripts: {
+    dev: "bun run src/cli.ts",
+    build: "bun run scripts/build.ts",
+    test: "bun test",
+    "lint:check": "ultracite check",
+    "lint:fix": "ultracite fix",
+    bench: "bunx tsx benchmarks/spawn.ts",
+    "bench:pool": "bunx tsx benchmarks/spawn-pool.ts",
+    "bench:detailed": "bunx tsx benchmarks/spawn-detailed.ts",
+    "docs:dev": "cd docs && mint dev",
+    "docs:validate": "cd docs && mint validate",
+    "docs:broken-links": "cd docs && mint broken-links",
+    schema: "ts-json-schema-generator --path src/types.ts --type Isol8UserConfig --tsconfig tsconfig.json -o schema/isol8.config.schema.json && ultracite fix schema/isol8.config.schema.json",
+    "publish:alpha": "bun run build && bun publish --tag alpha --access public --ignore-scripts",
+    prepare: "simple-git-hooks"
+  },
+  dependencies: {
+    commander: "^14.0.3",
+    dockerode: "^4.0.9",
+    hono: "^4.11.9",
+    ora: "^9.3.0"
+  },
+  devDependencies: {
+    "@biomejs/biome": "^2.3.15",
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/git": "^10.0.1",
+    "@semantic-release/github": "^12.0.6",
+    "@semantic-release/npm": "^13.1.4",
+    "@types/bun": "latest",
+    "@types/dockerode": "^4.0.1",
+    "@types/node": "^25.2.3",
+    "lint-staged": "^16.2.7",
+    mint: "^4.2.348",
+    "semantic-release": "^25.0.3",
+    "simple-git-hooks": "^2.13.1",
+    "ts-json-schema-generator": "^2.5.0",
+    typescript: "^5.9.3",
+    ultracite: "^7.2.0"
+  },
+  files: [
+    "dist",
+    "schema",
+    "docker",
+    "README.md",
+    "LICENSE"
+  ],
+  jsonValidation: [
+    {
+      fileMatch: "isol8.config.json",
+      url: "./schema/isol8.config.schema.json"
+    }
+  ],
+  "simple-git-hooks": {
+    "pre-commit": "bun run lint-staged"
+  },
+  "lint-staged": {
+    "*.{ts,tsx}": [
+      "ultracite fix",
+      "bash -c 'bunx tsc --noEmit -p tsconfig.json'"
+    ],
+    "src/types.ts": [
+      "bash -c 'bun run schema'",
+      "git add schema/isol8.config.schema.json"
+    ]
+  }
+};
+// src/version.ts
+var VERSION = package_default.version;
 export {
   loadConfig,
   createServer,
   bashAdapter,
+  VERSION,
   RuntimeRegistry,
   RemoteIsol8,
   PythonAdapter,
@@ -1354,4 +1499,4 @@ export {
   BunAdapter
 };
-//# debugId=56FC4587DCE2E9EC64756E2164756E21
+//# debugId=50BAE19553D7B16164756E2164756E21