isol8 0.10.3 → 0.11.1

package/dist/index.js

@@ -336,6 +336,180 @@ var init_audit = __esm(() => {
   init_logger();
 });
 
+// src/engine/code-fetcher.ts
+import { createHash } from "node:crypto";
+import { lookup as dnsLookup } from "node:dns/promises";
+import { isIP } from "node:net";
+function sha256Hex(input) {
+  return createHash("sha256").update(input, "utf-8").digest("hex");
+}
+function normalizeScheme(url) {
+  return url.protocol.replace(/:$/, "").toLowerCase();
+}
+function isBlockedByPattern(host, patterns) {
+  return patterns.some((pattern) => new RegExp(pattern, "i").test(host));
+}
+function isAllowedByPattern(host, patterns) {
+  if (patterns.length === 0) {
+    return true;
+  }
+  return patterns.some((pattern) => new RegExp(pattern, "i").test(host));
+}
+function isPrivateIpv4(ip) {
+  const parts = ip.split(IPV4_SEPARATOR).map((v) => Number.parseInt(v, 10));
+  if (parts.length !== 4 || parts.some((p) => Number.isNaN(p))) {
+    return false;
+  }
+  const a = parts[0];
+  const b = parts[1];
+  if (a === 10 || a === 127 || a === 0) {
+    return true;
+  }
+  if (a === 169 && b === 254) {
+    return true;
+  }
+  if (a === 172 && b >= 16 && b <= 31) {
+    return true;
+  }
+  if (a === 192 && b === 168) {
+    return true;
+  }
+  if (a === 100 && b >= 64 && b <= 127) {
+    return true;
+  }
+  return false;
+}
+function isPrivateIpv6(ip) {
+  const normalized = ip.toLowerCase();
+  if (normalized === IPV6_LOOPBACK) {
+    return true;
+  }
+  return normalized.startsWith("fc") || normalized.startsWith("fd") || normalized.startsWith("fe8") || normalized.startsWith("fe9") || normalized.startsWith("fea") || normalized.startsWith("feb");
+}
+function isPrivateIp(ip) {
+  const family = isIP(ip);
+  if (family === 4) {
+    return isPrivateIpv4(ip);
+  }
+  if (family === 6) {
+    return isPrivateIpv6(ip);
+  }
+  return false;
+}
+async function assertHostResolvesPublic(host, lookupFn) {
+  if (isIP(host) && isPrivateIp(host)) {
+    throw new Error(`Blocked code URL host: ${host}`);
+  }
+  try {
+    const records = await lookupFn(host);
+    for (const record of records) {
+      if (isPrivateIp(record.address)) {
+        throw new Error(`Blocked code URL host: ${host}`);
+      }
+    }
+  } catch (err) {
+    if (err instanceof Error && err.message.startsWith("Blocked code URL host:")) {
+      throw err;
+    }
+    throw new Error(`Failed to resolve code URL host: ${host}`);
+  }
+}
+function decodeUtf8(content) {
+  const decoder = new TextDecoder("utf-8", { fatal: true });
+  const text = decoder.decode(content);
+  if (text.includes("\x00")) {
+    throw new Error("Fetched code appears to be binary content");
+  }
+  return text;
+}
+async function fetchRemoteCode(request, policy, deps = {}) {
+  if (!policy.enabled) {
+    throw new Error("Remote code fetching is disabled. Set remoteCode.enabled=true to allow it.");
+  }
+  const fetchFn = deps.fetchFn ?? globalThis.fetch;
+  const lookupFn = deps.lookupFn ?? (async (hostname) => {
+    const records = await dnsLookup(hostname, { all: true, verbatim: true });
+    return records;
+  });
+  if (!request.codeUrl) {
+    throw new Error("codeUrl is required for remote code fetching");
+  }
+  const url = new URL(request.codeUrl);
+  const scheme = normalizeScheme(url);
+  if (scheme === "http" && !request.allowInsecureCodeUrl) {
+    throw new Error("Insecure code URL blocked. Use allowInsecureCodeUrl=true to allow HTTP.");
+  }
+  if (!policy.allowedSchemes.map((s) => s.toLowerCase()).includes(scheme)) {
+    throw new Error(`URL scheme not allowed: ${scheme}`);
+  }
+  const host = url.hostname.toLowerCase();
+  if (!isAllowedByPattern(host, policy.allowedHosts) || isBlockedByPattern(host, policy.blockedHosts)) {
+    throw new Error(`Blocked code URL host: ${host}`);
+  }
+  await assertHostResolvesPublic(host, lookupFn);
+  if (policy.requireHash && !request.codeHash) {
+    throw new Error("Hash verification required: provide codeHash for remote code execution.");
+  }
+  const controller = new AbortController;
+  const timeout = setTimeout(() => controller.abort(), policy.fetchTimeoutMs);
+  let response;
+  try {
+    response = await fetchFn(url.toString(), {
+      method: "GET",
+      redirect: "follow",
+      signal: controller.signal
+    });
+  } catch (err) {
+    throw new Error(err instanceof Error && err.name === "AbortError" ? `Remote code fetch timed out after ${policy.fetchTimeoutMs}ms` : `Failed to fetch remote code: ${err instanceof Error ? err.message : String(err)}`);
+  } finally {
+    clearTimeout(timeout);
+  }
+  if (!response.ok) {
+    throw new Error(`Failed to fetch remote code: HTTP ${response.status}`);
+  }
+  const contentLengthHeader = response.headers.get("content-length");
+  if (contentLengthHeader) {
+    const parsedLength = Number.parseInt(contentLengthHeader, 10);
+    if (!Number.isNaN(parsedLength) && parsedLength > policy.maxCodeSize) {
+      throw new Error(`Remote code exceeds maxCodeSize (${policy.maxCodeSize} bytes): ${parsedLength} bytes`);
+    }
+  }
+  if (!response.body) {
+    throw new Error("Remote code response body is empty");
+  }
+  const reader = response.body.getReader();
+  const chunks = [];
+  let totalBytes = 0;
+  while (true) {
+    const { done, value } = await reader.read();
+    if (done) {
+      break;
+    }
+    if (!value) {
+      continue;
+    }
+    totalBytes += value.byteLength;
+    if (totalBytes > policy.maxCodeSize) {
+      throw new Error(`Remote code exceeds maxCodeSize (${policy.maxCodeSize} bytes)`);
+    }
+    chunks.push(value);
+  }
+  const buffer = new Uint8Array(totalBytes);
+  let offset = 0;
+  for (const chunk of chunks) {
+    buffer.set(chunk, offset);
+    offset += chunk.byteLength;
+  }
+  const code = decodeUtf8(buffer);
+  const hash = sha256Hex(code);
+  if (request.codeHash && hash.toLowerCase() !== request.codeHash.toLowerCase()) {
+    throw new Error("Remote code hash mismatch");
+  }
+  return { code, url: url.toString(), hash };
+}
+var IPV4_SEPARATOR = ".", IPV6_LOOPBACK = "::1";
+var init_code_fetcher = () => {};
+
 // src/engine/concurrency.ts
 class Semaphore {
   max;
@@ -372,6 +546,40 @@ class Semaphore {
   }
 }
 
+// src/engine/image-builder.ts
+import { createHash as createHash2 } from "node:crypto";
+import { existsSync as existsSync3, readFileSync as readFileSync2 } from "node:fs";
+function resolveDockerDir() {
+  const fromBundled = new URL("./docker", import.meta.url).pathname;
+  if (existsSync3(fromBundled)) {
+    return fromBundled;
+  }
+  return new URL("../../docker", import.meta.url).pathname;
+}
+function computeDepsHash(runtime, packages) {
+  const hash = createHash2("sha256");
+  hash.update(runtime);
+  for (const pkg of [...packages].sort()) {
+    hash.update(pkg);
+  }
+  return hash.digest("hex");
+}
+function normalizePackages(packages) {
+  return [...new Set(packages.map((pkg) => pkg.trim()).filter(Boolean))].sort();
+}
+function getCustomImageTag(runtime, packages) {
+  const normalizedPackages = normalizePackages(packages);
+  const depsHash = computeDepsHash(runtime, normalizedPackages);
+  const shortHash = depsHash.slice(0, 12);
+  return `isol8:${runtime}-custom-${shortHash}`;
+}
+var DOCKERFILE_DIR;
+var init_image_builder = __esm(() => {
+  init_runtime();
+  init_logger();
+  DOCKERFILE_DIR = resolveDockerDir();
+});
+
 // src/engine/pool.ts
 class ContainerPool {
   docker;
@@ -562,46 +770,44 @@ class ContainerPool {
   }
   replenish(image) {
     if (this.replenishing.has(image)) {
-      if (this.replenishing.has(image)) {
-        return;
-      }
-      const pool = this.pools.get(image);
-      const currentSize = pool ? this.poolStrategy === "fast" ? pool.clean.length : pool.clean?.length ?? 0 : 0;
-      const targetSize = this.poolStrategy === "fast" ? this.cleanPoolSize : this.cleanPoolSize;
-      if (currentSize >= targetSize) {
+      return;
+    }
+    const pool = this.pools.get(image);
+    const currentSize = pool ? this.poolStrategy === "fast" ? pool.clean.length : pool.clean?.length ?? 0 : 0;
+    const targetSize = this.cleanPoolSize;
+    if (currentSize >= targetSize) {
+      return;
+    }
+    this.replenishing.add(image);
+    const promise = this.createContainer(image).then((container) => {
+      const p = this.pools.get(image);
+      if (!p) {
+        container.remove({ force: true }).catch(() => {});
         return;
       }
-      this.replenishing.add(image);
-      const promise = this.createContainer(image).then((container) => {
-        const p = this.pools.get(image);
-        if (!p) {
+      if (this.poolStrategy === "fast") {
+        if (p.clean.length < this.cleanPoolSize) {
+          p.clean.push({ container, createdAt: Date.now() });
+        } else {
           container.remove({ force: true }).catch(() => {});
-          return;
         }
-        if (this.poolStrategy === "fast") {
-          if (p.clean.length < this.cleanPoolSize) {
-            p.clean.push({ container, createdAt: Date.now() });
-          } else {
-            container.remove({ force: true }).catch(() => {});
-          }
+      } else {
+        if (!p.clean) {
+          p.clean = [];
+        }
+        if (p.clean.length < this.cleanPoolSize) {
+          p.clean.push({ container, createdAt: Date.now() });
         } else {
-          if (!p.clean) {
-            p.clean = [];
-          }
-          if (p.clean.length < this.cleanPoolSize) {
-            p.clean.push({ container, createdAt: Date.now() });
-          } else {
-            container.remove({ force: true }).catch(() => {});
-          }
+          container.remove({ force: true }).catch(() => {});
         }
-      }).catch((err) => {
-        logger.error(`[Pool] Error during replenishment for ${image}:`, err);
-      }).finally(() => {
-        this.replenishing.delete(image);
-        this.pendingReplenishments.delete(promise);
-      });
-      this.pendingReplenishments.add(promise);
-    }
+      }
+    }).catch((err) => {
+      logger.error(`[Pool] Error during replenishment for ${image}:`, err);
+    }).finally(() => {
+      this.replenishing.delete(image);
+      this.pendingReplenishments.delete(promise);
+    });
+    this.pendingReplenishments.add(promise);
   }
 }
 var init_pool = __esm(() => {
@@ -749,7 +955,7 @@ __export(exports_docker, {
   DockerIsol8: () => DockerIsol8
 });
 import { randomUUID } from "node:crypto";
-import { existsSync as existsSync3, readFileSync as readFileSync2 } from "node:fs";
+import { existsSync as existsSync4, readFileSync as readFileSync3 } from "node:fs";
 import { PassThrough } from "node:stream";
 import Docker from "dockerode";
 async function writeFileViaExec(container, filePath, content) {
@@ -966,11 +1172,32 @@ class DockerIsol8 {
   logNetwork;
   poolStrategy;
   poolSize;
+  dependencies;
   auditLogger;
+  remoteCodePolicy;
   container = null;
   persistentRuntime = null;
   pool = null;
   imageCache = new Map;
+  async resolveExecutionRequest(req) {
+    const inlineCode = req.code?.trim();
+    const codeUrl = req.codeUrl?.trim();
+    if (inlineCode && codeUrl) {
+      throw new Error("ExecutionRequest.code and ExecutionRequest.codeUrl are mutually exclusive.");
+    }
+    if (!(inlineCode || codeUrl)) {
+      throw new Error("ExecutionRequest must include either code or codeUrl.");
+    }
+    if (inlineCode) {
+      return { ...req, code: req.code };
+    }
+    const fetched = await fetchRemoteCode({
+      codeUrl,
+      codeHash: req.codeHash,
+      allowInsecureCodeUrl: req.allowInsecureCodeUrl
+    }, this.remoteCodePolicy);
+    return { ...req, code: fetched.code };
+  }
   constructor(options = {}, maxConcurrent = 10) {
     this.docker = options.docker ?? new Docker;
     this.mode = options.mode ?? "ephemeral";
@@ -992,6 +1219,18 @@ class DockerIsol8 {
     this.logNetwork = options.logNetwork ?? false;
     this.poolStrategy = options.poolStrategy ?? "fast";
     this.poolSize = options.poolSize ?? { clean: 1, dirty: 1 };
+    this.dependencies = options.dependencies ?? {};
+    this.remoteCodePolicy = options.remoteCode ?? {
+      enabled: false,
+      allowedSchemes: ["https"],
+      allowedHosts: [],
+      blockedHosts: [],
+      maxCodeSize: 10 * 1024 * 1024,
+      fetchTimeoutMs: 30000,
+      requireHash: false,
+      enableCache: true,
+      cacheTtl: 3600
+    };
     if (options.audit) {
       this.auditLogger = new AuditLogger(options.audit);
     }
@@ -999,7 +1238,33 @@ class DockerIsol8 {
       logger.setDebug(true);
     }
   }
-  async start() {}
+  async start(options = {}) {
+    if (this.mode !== "ephemeral") {
+      return;
+    }
+    const prewarm = options.prewarm;
+    if (!prewarm) {
+      return;
+    }
+    const pool = this.ensurePool();
+    const images = new Set;
+    const adapters2 = typeof prewarm === "object" && prewarm.runtimes?.length ? prewarm.runtimes.map((runtime) => RuntimeRegistry.get(runtime)) : RuntimeRegistry.list();
+    for (const adapter of adapters2) {
+      try {
+        images.add(await this.resolveImage(adapter));
+      } catch (err) {
+        logger.debug(`[Pool] Pre-warm image resolution failed for ${adapter.name}: ${err}`);
+      }
+    }
+    await Promise.all([...images].map(async (image) => {
+      try {
+        await pool.warm(image);
+        logger.debug(`[Pool] Pre-warmed image: ${image}`);
+      } catch (err) {
+        logger.debug(`[Pool] Pre-warm failed for ${image}: ${err}`);
+      }
+    }));
+  }
   async stop() {
     if (this.container) {
       try {
@@ -1020,7 +1285,8 @@ class DockerIsol8 {
     await this.semaphore.acquire();
     const startTime = Date.now();
     try {
-      const result = this.mode === "persistent" ? await this.executePersistent(req, startTime) : await this.executeEphemeral(req, startTime);
+      const request = await this.resolveExecutionRequest(req);
+      const result = this.mode === "persistent" ? await this.executePersistent(request, startTime) : await this.executeEphemeral(request, startTime);
       return result;
     } finally {
       this.semaphore.release();
@@ -1174,8 +1440,9 @@ class DockerIsol8 {
   async* executeStream(req) {
     await this.semaphore.acquire();
     try {
-      const adapter = this.getAdapter(req.runtime);
-      const timeoutMs = req.timeoutMs ?? this.defaultTimeoutMs;
+      const request = await this.resolveExecutionRequest(req);
+      const adapter = this.getAdapter(request.runtime);
+      const timeoutMs = request.timeoutMs ?? this.defaultTimeoutMs;
       const image = await this.resolveImage(adapter);
       const container = await this.docker.createContainer({
         Image: image,
@@ -1192,23 +1459,23 @@ class DockerIsol8 {
           await startProxy(container, this.networkFilter);
           await setupIptables(container);
         }
-        const ext = req.fileExtension ?? adapter.getFileExtension();
+        const ext = request.fileExtension ?? adapter.getFileExtension();
         const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
-        await writeFileViaExec(container, filePath, req.code);
-        if (req.installPackages?.length) {
-          await installPackages(container, req.runtime, req.installPackages);
+        await writeFileViaExec(container, filePath, request.code);
+        if (request.installPackages?.length) {
+          await installPackages(container, request.runtime, request.installPackages);
         }
-        if (req.files) {
-          for (const [fPath, fContent] of Object.entries(req.files)) {
+        if (request.files) {
+          for (const [fPath, fContent] of Object.entries(request.files)) {
             await writeFileViaExec(container, fPath, fContent);
           }
         }
-        const rawCmd = adapter.getCommand(req.code, filePath);
+        const rawCmd = adapter.getCommand(request.code, filePath);
         const timeoutSec = Math.ceil(timeoutMs / 1000);
         let cmd;
-        if (req.stdin) {
+        if (request.stdin) {
           const stdinPath = `${SANDBOX_WORKDIR}/_stdin`;
-          await writeFileViaExec(container, stdinPath, req.stdin);
+          await writeFileViaExec(container, stdinPath, request.stdin);
           const cmdStr = rawCmd.map((a) => `'${a.replace(/'/g, "'\\''")}'`).join(" ");
           cmd = wrapWithTimeout(["sh", "-c", `cat ${stdinPath} | ${cmdStr}`], timeoutSec);
         } else {
@@ -1216,7 +1483,7 @@ class DockerIsol8 {
         }
         const exec = await container.exec({
           Cmd: cmd,
-          Env: this.buildEnv(req.env),
+          Env: this.buildEnv(request.env),
           AttachStdout: true,
           AttachStderr: true,
           WorkingDir: SANDBOX_WORKDIR,
@@ -1246,21 +1513,29 @@ class DockerIsol8 {
     if (cached) {
       return cached;
     }
-    const customTag = `${adapter.image}-custom`;
-    let resolvedImage;
-    try {
-      await this.docker.getImage(customTag).inspect();
-      resolvedImage = customTag;
-    } catch {
-      resolvedImage = adapter.image;
+    let resolvedImage = adapter.image;
+    const configuredDeps = this.dependencies[adapter.name];
+    const normalizedDeps = configuredDeps ? normalizePackages(configuredDeps) : [];
+    if (normalizedDeps.length > 0) {
+      const hashedCustomTag = getCustomImageTag(adapter.name, normalizedDeps);
+      try {
+        await this.docker.getImage(hashedCustomTag).inspect();
+        resolvedImage = hashedCustomTag;
+      } catch {
+        logger.debug(`[ImageBuilder] Hashed custom image not found for ${adapter.name}: ${hashedCustomTag}`);
+      }
+    }
+    if (resolvedImage === adapter.image) {
+      const legacyCustomTag = `${adapter.image}-custom`;
+      try {
+        await this.docker.getImage(legacyCustomTag).inspect();
+        resolvedImage = legacyCustomTag;
+      } catch {}
     }
     this.imageCache.set(cacheKey, resolvedImage);
     return resolvedImage;
   }
-  async executeEphemeral(req, startTime) {
-    const adapter = this.getAdapter(req.runtime);
-    const timeoutMs = req.timeoutMs ?? this.defaultTimeoutMs;
-    const image = await this.resolveImage(adapter);
+  ensurePool() {
     if (!this.pool) {
       this.pool = new ContainerPool({
         docker: this.docker,
@@ -1278,7 +1553,14 @@ class DockerIsol8 {
         }
       });
     }
-    const container = await this.pool.acquire(image);
+    return this.pool;
+  }
+  async executeEphemeral(req, startTime) {
+    const adapter = this.getAdapter(req.runtime);
+    const timeoutMs = req.timeoutMs ?? this.defaultTimeoutMs;
+    const image = await this.resolveImage(adapter);
+    const pool = this.ensurePool();
+    const container = await pool.acquire(image);
     let startStats;
     if (this.auditLogger) {
       try {
@@ -1292,13 +1574,26 @@ class DockerIsol8 {
         await startProxy(container, this.networkFilter);
         await setupIptables(container);
       }
-      const ext = req.fileExtension ?? adapter.getFileExtension();
-      const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
-      await writeFileViaExec(container, filePath, req.code);
+      const canUseInline = !(req.stdin || req.files || req.outputPaths) && (!req.installPackages || req.installPackages.length === 0);
+      let rawCmd;
+      if (canUseInline) {
+        try {
+          rawCmd = adapter.getCommand(req.code);
+        } catch {
+          const ext = req.fileExtension ?? adapter.getFileExtension();
+          const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
+          await writeFileViaExec(container, filePath, req.code);
+          rawCmd = adapter.getCommand(req.code, filePath);
+        }
+      } else {
+        const ext = req.fileExtension ?? adapter.getFileExtension();
+        const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
+        await writeFileViaExec(container, filePath, req.code);
+        rawCmd = adapter.getCommand(req.code, filePath);
+      }
       if (req.installPackages?.length) {
         await installPackages(container, req.runtime, req.installPackages);
       }
-      const rawCmd = adapter.getCommand(req.code, filePath);
       const timeoutSec = Math.ceil(timeoutMs / 1000);
       let cmd;
       if (req.stdin) {
@@ -1369,7 +1664,7 @@ class DockerIsol8 {
       if (this.persist) {
         logger.debug(`[Persist] Leaving container running for inspection: ${container.id}`);
       } else {
-        this.pool.release(container, image).catch((err) => {
+        pool.release(container, image).catch((err) => {
           logger.debug(`[Pool] release failed: ${err}`);
           container.remove({ force: true }).catch(() => {});
         });
@@ -1545,7 +1840,7 @@ class DockerIsol8 {
     }
     if (this.security.seccomp === "custom" && this.security.customProfilePath) {
       try {
-        const profile = readFileSync2(this.security.customProfilePath, "utf-8");
+        const profile = readFileSync3(this.security.customProfilePath, "utf-8");
         opts.push(`seccomp=${profile}`);
       } catch (e) {
         logger.error(`Failed to load custom seccomp profile: ${e}`);
@@ -1564,12 +1859,12 @@ class DockerIsol8 {
   }
   loadDefaultSeccompProfile() {
     const devPath = new URL("../../docker/seccomp-profile.json", import.meta.url);
-    if (existsSync3(devPath)) {
-      return readFileSync2(devPath, "utf-8");
+    if (existsSync4(devPath)) {
+      return readFileSync3(devPath, "utf-8");
     }
     const prodPath = new URL("./docker/seccomp-profile.json", import.meta.url);
-    if (existsSync3(prodPath)) {
-      return readFileSync2(prodPath, "utf-8");
+    if (existsSync4(prodPath)) {
+      return readFileSync3(prodPath, "utf-8");
     }
     logger.warn("Could not locate default seccomp profile. Running without seccomp filter.");
     return null;
@@ -1752,7 +2047,7 @@ class DockerIsol8 {
   static async cleanup(docker) {
     const dockerInstance = docker ?? new Docker;
     const containers = await dockerInstance.listContainers({ all: true });
-    const isol8Containers = containers.filter((c) => c.Image.startsWith("isol8:") || c.Image.startsWith("isol8-custom:"));
+    const isol8Containers = containers.filter((c) => c.Image.startsWith("isol8:"));
     let removed = 0;
     let failed = 0;
     const errors = [];
@@ -1769,12 +2064,35 @@ class DockerIsol8 {
     }
     return { removed, failed, errors };
   }
+  static async cleanupImages(docker) {
+    const dockerInstance = docker ?? new Docker;
+    const images = await dockerInstance.listImages({ all: true });
+    const isol8Images = images.filter((img) => img.RepoTags?.some((tag) => tag.startsWith("isol8:")));
+    let removed = 0;
+    let failed = 0;
+    const errors = [];
+    for (const imageInfo of isol8Images) {
+      try {
+        const image = dockerInstance.getImage(imageInfo.Id);
+        await image.remove({ force: true });
+        removed++;
+      } catch (err) {
+        failed++;
+        const errorMsg = err instanceof Error ? err.message : String(err);
+        const imageRef = imageInfo.RepoTags?.[0] ?? imageInfo.Id.slice(0, 12);
+        errors.push(`${imageRef}: ${errorMsg}`);
+      }
+    }
+    return { removed, failed, errors };
+  }
 }
 var SANDBOX_WORKDIR = "/sandbox", MAX_OUTPUT_BYTES, PROXY_PORT = 8118, PROXY_STARTUP_TIMEOUT_MS = 5000, PROXY_POLL_INTERVAL_MS = 100;
 var init_docker = __esm(() => {
   init_runtime();
   init_logger();
   init_audit();
+  init_code_fetcher();
+  init_image_builder();
   init_pool();
   MAX_OUTPUT_BYTES = 1024 * 1024;
 });
@@ -1791,7 +2109,7 @@ class RemoteIsol8 {
     this.sessionId = options.sessionId;
     this.isol8Options = isol8Options;
   }
-  async start() {
+  async start(_options) {
     const res = await this.fetch("/health");
     if (!res.ok) {
       throw new Error(`Remote server health check failed: ${res.status}`);
@@ -1927,10 +2245,34 @@ var DEFAULT_CONFIG = {
     autoPrune: true,
     maxContainerAgeMs: 3600000
   },
+  poolStrategy: "fast",
+  poolSize: { clean: 1, dirty: 1 },
   dependencies: {},
   security: {
     seccomp: "strict"
   },
+  remoteCode: {
+    enabled: false,
+    allowedSchemes: ["https"],
+    allowedHosts: [],
+    blockedHosts: [
+      "^localhost$",
+      "^127(?:\\.[0-9]{1,3}){3}$",
+      "^\\[::1\\]$",
+      "^::1$",
+      "^10(?:\\.[0-9]{1,3}){3}$",
+      "^172\\.(?:1[6-9]|2[0-9]|3[0-1])(?:\\.[0-9]{1,3}){2}$",
+      "^192\\.168(?:\\.[0-9]{1,3}){2}$",
+      "^169\\.254(?:\\.[0-9]{1,3}){2}$",
+      "^metadata\\.google\\.internal$",
+      "^169\\.254\\.169\\.254$"
+    ],
+    maxCodeSize: 10 * 1024 * 1024,
+    fetchTimeoutMs: 30000,
+    requireHash: false,
+    enableCache: true,
+    cacheTtl: 3600
+  },
   audit: {
     enabled: false,
     destination: "filesystem",
@@ -1972,6 +2314,8 @@ function mergeConfig(defaults, overrides) {
       ...defaults.cleanup,
       ...overrides.cleanup
     },
+    poolStrategy: overrides.poolStrategy ?? defaults.poolStrategy,
+    poolSize: overrides.poolSize ?? defaults.poolSize,
     dependencies: {
       ...defaults.dependencies,
       ...overrides.dependencies
@@ -1980,6 +2324,13 @@ function mergeConfig(defaults, overrides) {
       seccomp: overrides.security?.seccomp ?? defaults.security.seccomp,
       customProfilePath: overrides.security?.customProfilePath ?? defaults.security.customProfilePath
     },
+    remoteCode: {
+      ...defaults.remoteCode,
+      ...overrides.remoteCode,
+      allowedSchemes: overrides.remoteCode?.allowedSchemes ?? defaults.remoteCode.allowedSchemes,
+      allowedHosts: overrides.remoteCode?.allowedHosts ?? defaults.remoteCode.allowedHosts,
+      blockedHosts: overrides.remoteCode?.blockedHosts ?? defaults.remoteCode.blockedHosts
+    },
     audit: {
       ...defaults.audit,
       ...overrides.audit
@@ -1998,7 +2349,7 @@ init_logger();
 // package.json
 var package_default = {
   name: "isol8",
-  version: "0.10.2",
+  version: "0.11.0",
   description: "Secure code execution engine for AI agents",
   author: "Illusion47586",
   license: "MIT",
@@ -2043,6 +2394,8 @@ var package_default = {
     "lint:check": "ultracite check",
     "lint:fix": "ultracite fix",
     bench: "bunx tsx benchmarks/spawn.ts",
+    "bench:tti": "bunx tsx benchmarks/tti.ts",
+    "bench:tti:pool": "bunx tsx benchmarks/tti.ts --warm-pool --iterations 5",
     "bench:pool": "bunx tsx benchmarks/spawn-pool.ts",
     "bench:detailed": "bunx tsx benchmarks/spawn-detailed.ts",
     "bench:cli": "bun run tests/production/bench-cli.ts",
@@ -2153,7 +2506,12 @@ async function createServer(options) {
   app.post("/execute", async (c) => {
     const body = await c.req.json();
     logger.debug(`[Server] POST /execute runtime=${body.request.runtime} sessionId=${body.sessionId ?? "ephemeral"}`);
-    logger.debug(`[Server] Code length: ${body.request.code.length} chars`);
+    logger.debug(`[Server] Code source: ${body.request.codeUrl ? `url=${body.request.codeUrl}` : `inline (${body.request.code?.length ?? 0} chars)`}`);
+    const {
+      poolStrategy: _ignoredPoolStrategy,
+      poolSize: _ignoredPoolSize,
+      ...requestOptions
+    } = body.options ?? {};
     const engineOptions = {
       network: config.defaults.network,
       memoryLimit: config.defaults.memoryLimit,
@@ -2161,7 +2519,11 @@ async function createServer(options) {
       timeoutMs: config.defaults.timeoutMs,
       sandboxSize: config.defaults.sandboxSize,
       tmpSize: config.defaults.tmpSize,
-      ...body.options,
+      poolStrategy: config.poolStrategy,
+      poolSize: config.poolSize,
+      dependencies: config.dependencies,
+      remoteCode: config.remoteCode,
+      ...requestOptions,
       mode: body.sessionId ? "persistent" : "ephemeral",
       audit: config.audit
     };
@@ -2214,7 +2576,12 @@ async function createServer(options) {
   app.post("/execute/stream", async (c) => {
     const body = await c.req.json();
     logger.debug(`[Server] POST /execute/stream runtime=${body.request.runtime}`);
-    logger.debug(`[Server] Code length: ${body.request.code.length} chars`);
+    logger.debug(`[Server] Code source: ${body.request.codeUrl ? `url=${body.request.codeUrl}` : `inline (${body.request.code?.length ?? 0} chars)`}`);
+    const {
+      poolStrategy: _ignoredPoolStrategy,
+      poolSize: _ignoredPoolSize,
+      ...requestOptions
+    } = body.options ?? {};
     const engineOptions = {
       network: config.defaults.network,
       memoryLimit: config.defaults.memoryLimit,
@@ -2222,7 +2589,11 @@ async function createServer(options) {
       timeoutMs: config.defaults.timeoutMs,
       sandboxSize: config.defaults.sandboxSize,
       tmpSize: config.defaults.tmpSize,
-      ...body.options,
+      poolStrategy: config.poolStrategy,
+      poolSize: config.poolSize,
+      dependencies: config.dependencies,
+      remoteCode: config.remoteCode,
+      ...requestOptions,
       mode: "ephemeral"
     };
     const engine = new DockerIsol82(engineOptions, config.maxConcurrent);
@@ -2346,4 +2717,4 @@ export {
   BunAdapter
 };
 
-//# debugId=B5951587CB2FCE7364756E2164756E21
+//# debugId=C48E982CAC86EB5964756E2164756E21