isol8 0.11.2 → 0.12.0-alpha.0

package/dist/cli.js

@@ -6318,7 +6318,7 @@ var require_bcrypt_pbkdf = __commonJS((exports, module) => {
 
 // node_modules/cpu-features/build/Release/cpufeatures.node
 var require_cpufeatures = __commonJS((exports, module) => {
-  module.exports = __require("./cpufeatures-tjjrgpt7.node");
+  module.exports = __require("./cpufeatures-8g73ch7n.node");
 });
 
 // node_modules/cpu-features/lib/index.js
@@ -6929,9 +6929,14 @@ var require_utils2 = __commonJS((exports, module) => {
   };
 });
 
+// node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node
+var require_sshcrypto = __commonJS((exports, module) => {
+  module.exports = __require("./sshcrypto-f6atjna1.node");
+});
+
 // node_modules/ssh2/lib/protocol/crypto/poly1305.js
 var require_poly1305 = __commonJS((exports, module) => {
-  var __dirname = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib/protocol/crypto", __filename = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib/protocol/crypto/poly1305.js";
+  var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/ssh2/lib/protocol/crypto", __filename = "/Users/dhruv/Developer/Projects/isol8/node_modules/ssh2/lib/protocol/crypto/poly1305.js";
   var createPoly1305 = function() {
     var _scriptDir = typeof document !== "undefined" && document.currentScript ? document.currentScript.src : undefined;
     if (typeof __filename !== "undefined")
@@ -7415,7 +7420,7 @@ var require_crypto = __commonJS((exports, module) => {
   var ChaChaPolyDecipher;
   var GenericDecipher;
   try {
-    binding = (()=>{throw new Error("Cannot require module "+"./crypto/build/Release/sshcrypto.node");})();
+    binding = require_sshcrypto();
     ({
       AESGCMCipher,
       ChaChaPolyCipher,
@@ -8676,7 +8681,7 @@ ${formatted}-----END ${type} KEY-----`;
       }
       return Buffer.from(hex, "hex");
     }
-    return function genOpenSSLRSAPriv2(n, e, d, iqmp, p, q) {
+    return function genOpenSSLRSAPriv(n, e, d, iqmp, p, q) {
       const bn_d = bigIntFromBuffer(d);
       const dmp1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(p) - 1n));
       const dmq1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(q) - 1n));
@@ -9704,7 +9709,7 @@ ${formatted}-----END ${type} KEY-----`;
 
 // node_modules/ssh2/lib/agent.js
 var require_agent = __commonJS((exports, module) => {
-  var __dirname = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib";
+  var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/ssh2/lib";
   var { Socket } = __require("net");
   var { Duplex } = __require("stream");
   var { resolve } = __require("path");
@@ -21677,7 +21682,7 @@ var require__stream_writable = __commonJS((exports, module) => {
       }
     });
   } else {
-    realHasInstance = function realHasInstance2(object) {
+    realHasInstance = function realHasInstance(object) {
       return object instanceof this;
     };
   }
@@ -22475,28 +22480,28 @@ var require_end_of_stream = __commonJS((exports, module) => {
     callback = once(callback || noop);
     var readable = opts.readable || opts.readable !== false && stream.readable;
     var writable = opts.writable || opts.writable !== false && stream.writable;
-    var onlegacyfinish = function onlegacyfinish2() {
+    var onlegacyfinish = function onlegacyfinish() {
       if (!stream.writable)
         onfinish();
     };
     var writableEnded = stream._writableState && stream._writableState.finished;
-    var onfinish = function onfinish2() {
+    var onfinish = function onfinish() {
       writable = false;
       writableEnded = true;
       if (!readable)
         callback.call(stream);
     };
     var readableEnded = stream._readableState && stream._readableState.endEmitted;
-    var onend = function onend2() {
+    var onend = function onend() {
       readable = false;
       readableEnded = true;
       if (!writable)
         callback.call(stream);
     };
-    var onerror = function onerror2(err) {
+    var onerror = function onerror(err) {
       callback.call(stream, err);
     };
-    var onclose = function onclose2() {
+    var onclose = function onclose() {
       var err;
       if (readable && !readableEnded) {
         if (!stream._readableState || !stream._readableState.ended)
@@ -22509,7 +22514,7 @@ var require_end_of_stream = __commonJS((exports, module) => {
         return callback.call(stream, err);
       }
     };
-    var onrequest = function onrequest2() {
+    var onrequest = function onrequest() {
       stream.req.on("finish", onfinish);
     };
     if (isRequest(stream)) {
@@ -22666,7 +22671,7 @@ var require_async_iterator = __commonJS((exports, module) => {
       });
     });
   }), _Object$setPrototypeO), AsyncIteratorPrototype);
-  var createReadableStreamAsyncIterator = function createReadableStreamAsyncIterator2(stream) {
+  var createReadableStreamAsyncIterator = function createReadableStreamAsyncIterator(stream) {
     var _Object$create;
     var iterator = Object.create(ReadableStreamAsyncIteratorPrototype, (_Object$create = {}, _defineProperty(_Object$create, kStream, {
       value: stream,
@@ -22855,7 +22860,7 @@ var require__stream_readable = __commonJS((exports, module) => {
   var Duplex;
   Readable.ReadableState = ReadableState;
   var EE = __require("events").EventEmitter;
-  var EElistenerCount = function EElistenerCount2(emitter, type) {
+  var EElistenerCount = function EElistenerCount(emitter, type) {
     return emitter.listeners(type).length;
   };
   var Stream = __require("stream");
@@ -22872,7 +22877,7 @@ var require__stream_readable = __commonJS((exports, module) => {
   if (debugUtil && debugUtil.debuglog) {
     debug = debugUtil.debuglog("stream");
   } else {
-    debug = function debug2() {};
+    debug = function debug() {};
   }
   var BufferList = require_buffer_list();
   var destroyImpl = require_destroy();
@@ -25530,14 +25535,14 @@ var require_BufferList = __commonJS((exports, module) => {
     if (srcEnd <= 0) {
       return dst || Buffer2.alloc(0);
     }
-    const copy2 = !!dst;
+    const copy = !!dst;
     const off = this._offset(srcStart);
     const len = srcEnd - srcStart;
     let bytes = len;
-    let bufoff = copy2 && dstStart || 0;
+    let bufoff = copy && dstStart || 0;
     let start = off[1];
     if (srcStart === 0 && srcEnd === this.length) {
-      if (!copy2) {
+      if (!copy) {
         return this._bufs.length === 1 ? this._bufs[0] : Buffer2.concat(this._bufs, this.length);
       }
       for (let i = 0;i < this._bufs.length; i++) {
@@ -25547,9 +25552,9 @@ var require_BufferList = __commonJS((exports, module) => {
       return dst;
     }
     if (bytes <= this._bufs[off[0]].length - start) {
-      return copy2 ? this._bufs[off[0]].copy(dst, dstStart, start, start + bytes) : this._bufs[off[0]].slice(start, start + bytes);
+      return copy ? this._bufs[off[0]].copy(dst, dstStart, start, start + bytes) : this._bufs[off[0]].slice(start, start + bytes);
     }
-    if (!copy2) {
+    if (!copy) {
       dst = Buffer2.allocUnsafe(len);
     }
     for (let i = off[0];i < this._bufs.length; i++) {
@@ -25771,7 +25776,7 @@ var require_bl = __commonJS((exports, module) => {
     }
     if (typeof callback === "function") {
       this._callback = callback;
-      const piper = function piper2(err) {
+      const piper = function piper(err) {
         if (this._callback) {
           this._callback(err);
           this._callback = null;
@@ -34834,7 +34839,7 @@ var require_writer2 = __commonJS((exports, module) => {
     this.tail = this.head;
     this.states = null;
   }
-  var create = function create2() {
+  var create = function create() {
     return util.Buffer ? function create_buffer_setup() {
       return (Writer.create = function create_buffer() {
         return new BufferWriter;
@@ -35058,12 +35063,12 @@ var require_reader2 = __commonJS((exports, module) => {
     if (buffer instanceof Uint8Array || Array.isArray(buffer))
       return new Reader(buffer);
     throw Error("illegal buffer");
-  } : function create_array2(buffer) {
+  } : function create_array(buffer) {
     if (Array.isArray(buffer))
       return new Reader(buffer);
     throw Error("illegal buffer");
   };
-  var create = function create2() {
+  var create = function create() {
     return util.Buffer ? function create_buffer_setup(buffer) {
       return (Reader.create = function create_buffer(buffer2) {
         return util.Buffer.isBuffer(buffer2) ? new BufferReader(buffer2) : create_array(buffer2);
@@ -35489,10 +35494,10 @@ var require_fetch = __commonJS((exports, module) => {
 // node_modules/@protobufjs/path/index.js
 var require_path = __commonJS((exports) => {
   var path = exports;
-  var isAbsolute = path.isAbsolute = function isAbsolute2(path2) {
+  var isAbsolute = path.isAbsolute = function isAbsolute(path2) {
     return /^(?:\/|\w+:)/.test(path2);
   };
-  var normalize = path.normalize = function normalize2(path2) {
+  var normalize = path.normalize = function normalize(path2) {
     path2 = path2.replace(/\\/g, "/").replace(/\/{2,}/g, "/");
     var parts = path2.split("/"), absolute = isAbsolute(path2), prefix = "";
     if (absolute)
@@ -35657,7 +35662,7 @@ var require_namespace = __commonJS((exports, module) => {
     object.onRemove(this);
     return clearCache(this);
   };
-  Namespace.prototype.define = function define2(path, json) {
+  Namespace.prototype.define = function define(path, json) {
     if (util.isString(path))
       path = path.split(".");
     else if (!Array.isArray(path))
@@ -42473,7 +42478,7 @@ var require_src3 = __commonJS((exports) => {
 
 // node_modules/@grpc/grpc-js/build/src/channelz.js
 var require_channelz = __commonJS((exports) => {
-  var __dirname = "/home/runner/work/isol8/isol8/node_modules/@grpc/grpc-js/build/src";
+  var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/@grpc/grpc-js/build/src";
   Object.defineProperty(exports, "__esModule", { value: true });
   exports.registerChannelzSocket = exports.registerChannelzServer = exports.registerChannelzSubchannel = exports.registerChannelzChannel = exports.ChannelzCallTrackerStub = exports.ChannelzCallTracker = exports.ChannelzChildrenTrackerStub = exports.ChannelzChildrenTracker = exports.ChannelzTrace = exports.ChannelzTraceStub = undefined;
   exports.unregisterChannelzRef = unregisterChannelzRef;
@@ -47876,7 +47881,7 @@ var require_duration = __commonJS((exports) => {
 
 // node_modules/@grpc/grpc-js/build/src/orca.js
 var require_orca = __commonJS((exports) => {
-  var __dirname = "/home/runner/work/isol8/isol8/node_modules/@grpc/grpc-js/build/src";
+  var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/@grpc/grpc-js/build/src";
   Object.defineProperty(exports, "__esModule", { value: true });
   exports.OrcaOobMetricsSubchannelWrapper = exports.GRPC_METRICS_HEADER = exports.ServerMetricRecorder = exports.PerRequestMetricRecorder = undefined;
   exports.createOrcaClient = createOrcaClient;
@@ -53265,7 +53270,7 @@ var require_dist = __commonJS((exports) => {
 
 // node_modules/dockerode/lib/session.js
 var require_session = __commonJS((exports, module) => {
-  var __dirname = "/home/runner/work/isol8/isol8/node_modules/dockerode/lib";
+  var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/dockerode/lib";
   var grpc = require_src4();
   var protoLoader = require_src5();
   var path = __require("path");
@@ -54491,7 +54496,7 @@ var require_docker = __commonJS((exports, module) => {
         stream: true,
         stdout: true,
         stderr: true
-      }, function handler2(err2, stream) {
+      }, function handler(err2, stream) {
         if (err2)
           return callback(err2, null, container);
         hub.emit("stream", stream);
@@ -54780,7 +54785,8 @@ function mergeConfig(defaults, overrides) {
     maxConcurrent: overrides.maxConcurrent ?? defaults.maxConcurrent,
     defaults: {
       ...defaults.defaults,
-      ...overrides.defaults
+      ...overrides.defaults,
+      readonlyRootFs: overrides.defaults?.readonlyRootFs ?? defaults.defaults.readonlyRootFs
     },
     network: {
       whitelist: overrides.network?.whitelist ?? defaults.network.whitelist,
@@ -54824,7 +54830,8 @@ var init_config = __esm(() => {
       cpuLimit: 1,
       network: "none",
       sandboxSize: "512m",
-      tmpSize: "256m"
+      tmpSize: "256m",
+      readonlyRootFs: true
     },
     network: {
       whitelist: [],
@@ -55412,6 +55419,73 @@ class Semaphore {
   }
 }
 
+// src/engine/default-seccomp-profile.ts
+var EMBEDDED_DEFAULT_SECCOMP_PROFILE;
+var init_default_seccomp_profile = __esm(() => {
+  EMBEDDED_DEFAULT_SECCOMP_PROFILE = JSON.stringify({
+    defaultAction: "SCMP_ACT_ALLOW",
+    architectures: ["SCMP_ARCH_X86_64", "SCMP_ARCH_X86", "SCMP_ARCH_X32", "SCMP_ARCH_AARCH64"],
+    syscalls: [
+      {
+        names: [
+          "acct",
+          "add_key",
+          "bpf",
+          "clock_adjtime",
+          "clock_settime",
+          "create_module",
+          "delete_module",
+          "finit_module",
+          "get_mempolicy",
+          "init_module",
+          "ioperm",
+          "iopl",
+          "kcmp",
+          "kexec_file_load",
+          "kexec_load",
+          "keyctl",
+          "lookup_dcookie",
+          "mbind",
+          "mount",
+          "move_pages",
+          "name_to_handle_at",
+          "open_by_handle_at",
+          "perf_event_open",
+          "pivot_root",
+          "process_vm_readv",
+          "process_vm_writev",
+          "ptrace",
+          "query_module",
+          "quotactl",
+          "reboot",
+          "request_key",
+          "set_mempolicy",
+          "setns",
+          "settimeofday",
+          "stime",
+          "swapon",
+          "swapoff",
+          "sysfs",
+          "syslog",
+          "umount",
+          "umount2",
+          "unshare",
+          "uselib",
+          "userfaultfd",
+          "ustat",
+          "vm86",
+          "vm86old"
+        ],
+        action: "SCMP_ACT_ERRNO",
+        args: [],
+        comment: "",
+        includes: {},
+        excludes: {}
+      }
+    ]
+  });
+});
+
 // src/engine/utils.ts
 var exports_utils = {};
 __export(exports_utils, {
@@ -55518,6 +55592,15 @@ function validatePackageName(name) {
 }
 
 // src/engine/image-builder.ts
+var exports_image_builder = {};
+__export(exports_image_builder, {
+  normalizePackages: () => normalizePackages,
+  imageExists: () => imageExists,
+  getCustomImageTag: () => getCustomImageTag,
+  ensureImages: () => ensureImages,
+  buildCustomImages: () => buildCustomImages,
+  buildBaseImages: () => buildBaseImages
+});
 import { createHash as createHash2 } from "node:crypto";
 import { existsSync as existsSync3, readFileSync as readFileSync2 } from "node:fs";
 import { join as join3 } from "node:path";
@@ -55576,8 +55659,9 @@ async function removeImage(docker, imageId) {
     logger.debug(`[ImageBuilder] Could not remove image ${imageId.slice(0, 12)}: ${err}`);
   }
 }
-async function buildBaseImages(docker, onProgress, force = false) {
-  const runtimes = RuntimeRegistry.list();
+async function buildBaseImages(docker, onProgress, force = false, onlyRuntimes) {
+  const allRuntimes = RuntimeRegistry.list();
+  const runtimes = onlyRuntimes ? allRuntimes.filter((r) => onlyRuntimes.includes(r.name)) : allRuntimes;
   const dockerHash = computeDockerDirHash();
   logger.debug(`[ImageBuilder] Docker directory hash: ${dockerHash.slice(0, 16)}...`);
   for (const adapter of runtimes) {
@@ -55727,6 +55811,26 @@ ${installCmd}
   }
   onProgress?.({ runtime, status: "done" });
 }
+async function imageExists(docker, imageName) {
+  try {
+    await docker.getImage(imageName).inspect();
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function ensureImages(docker, onProgress) {
+  const runtimes = RuntimeRegistry.list();
+  const missing = [];
+  for (const adapter of runtimes) {
+    if (!await imageExists(docker, adapter.image)) {
+      missing.push(adapter.name);
+    }
+  }
+  if (missing.length > 0) {
+    await buildBaseImages(docker, onProgress, false, missing);
+  }
+}
 var DOCKERFILE_DIR, LABELS, DOCKER_BUILD_FILES;
 var init_image_builder = __esm(() => {
   init_runtime();
@@ -56155,7 +56259,19 @@ function wrapWithTimeout(cmd, timeoutSec) {
 function getInstallCommand(runtime, packages) {
   switch (runtime) {
     case "python":
-      return ["pip", "install", "--user", "--no-cache-dir", "--break-system-packages", ...packages];
+      return [
+        "pip",
+        "install",
+        "--user",
+        "--no-cache-dir",
+        "--break-system-packages",
+        "--disable-pip-version-check",
+        "--retries",
+        "0",
+        "--timeout",
+        "15",
+        ...packages
+      ];
     case "node":
       return ["npm", "install", "--prefix", "/sandbox", ...packages];
     case "bun":
@@ -56168,8 +56284,9 @@ function getInstallCommand(runtime, packages) {
       throw new Error(`Unknown runtime for package install: ${runtime}`);
   }
 }
-async function installPackages(container, runtime, packages) {
-  const cmd = getInstallCommand(runtime, packages);
+async function installPackages(container, runtime, packages, timeoutMs) {
+  const timeoutSec = Math.max(1, Math.ceil(timeoutMs / 1000));
+  const cmd = wrapWithTimeout(getInstallCommand(runtime, packages), timeoutSec);
   logger.debug(`Installing packages: ${JSON.stringify(cmd)}`);
   const env2 = [
     "PATH=/sandbox/.local/bin:/sandbox/.npm-global/bin:/sandbox/.bun-global/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"
@@ -56180,6 +56297,12 @@ async function installPackages(container, runtime, packages) {
     env2.push("NPM_CONFIG_PREFIX=/sandbox/.npm-global");
     env2.push("NPM_CONFIG_CACHE=/sandbox/.npm-cache");
     env2.push("npm_config_cache=/sandbox/.npm-cache");
+    env2.push("NPM_CONFIG_FETCH_RETRIES=0");
+    env2.push("npm_config_fetch_retries=0");
+    env2.push("NPM_CONFIG_FETCH_RETRY_MINTIMEOUT=1000");
+    env2.push("npm_config_fetch_retry_mintimeout=1000");
+    env2.push("NPM_CONFIG_FETCH_RETRY_MAXTIMEOUT=2000");
+    env2.push("npm_config_fetch_retry_maxtimeout=2000");
   } else if (runtime === "bun") {
     env2.push("BUN_INSTALL_GLOBAL_DIR=/sandbox/.bun-global");
     env2.push("BUN_INSTALL_CACHE_DIR=/sandbox/.bun-cache");
@@ -56201,7 +56324,13 @@ async function installPackages(container, runtime, packages) {
     const stderrStream = new PassThrough;
     container.modem.demuxStream(stream, stdoutStream, stderrStream);
     stderrStream.on("data", (chunk) => {
-      stderr += chunk.toString();
+      const text = chunk.toString();
+      stderr += text;
+      logger.debug(`[install:${runtime}:stderr] ${text.trimEnd()}`);
+    });
+    stdoutStream.on("data", (chunk) => {
+      const text = chunk.toString();
+      logger.debug(`[install:${runtime}:stdout] ${text.trimEnd()}`);
     });
     stream.on("end", async () => {
       try {
@@ -56531,7 +56660,7 @@ class DockerIsol8 {
         const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
         await writeFileViaExec(container, filePath, request.code);
         if (request.installPackages?.length) {
-          await installPackages(container, request.runtime, request.installPackages);
+          await installPackages(container, request.runtime, request.installPackages, timeoutMs);
         }
         if (request.files) {
           for (const [fPath, fContent] of Object.entries(request.files)) {
@@ -56600,6 +56729,26 @@ class DockerIsol8 {
         resolvedImage = legacyCustomTag;
       } catch {}
     }
+    try {
+      await this.docker.getImage(resolvedImage).inspect();
+    } catch {
+      logger.debug(`[ImageBuilder] Image ${resolvedImage} not found. Building...`);
+      const { buildBaseImages: buildBaseImages2, buildCustomImages: buildCustomImages2 } = await Promise.resolve().then(() => (init_image_builder(), exports_image_builder));
+      if (resolvedImage !== adapter.image && normalizedDeps.length > 0) {
+        try {
+          await this.docker.getImage(adapter.image).inspect();
+        } catch {
+          logger.debug(`[ImageBuilder] Base image ${adapter.image} missing. Building...`);
+          await buildBaseImages2(this.docker, undefined, false, [adapter.name]);
+        }
+        logger.debug(`[ImageBuilder] Building custom image for ${adapter.name}...`);
+        const dummyConfig = { dependencies: { [adapter.name]: normalizedDeps } };
+        await buildCustomImages2(this.docker, dummyConfig, undefined, false);
+      } else {
+        logger.debug(`[ImageBuilder] Building base image for ${adapter.name}...`);
+        await buildBaseImages2(this.docker, undefined, false, [adapter.name]);
+      }
+    }
     this.imageCache.set(cacheKey, resolvedImage);
     return resolvedImage;
   }
@@ -56660,7 +56809,7 @@ class DockerIsol8 {
         rawCmd = adapter.getCommand(req.code, filePath);
       }
       if (req.installPackages?.length) {
-        await installPackages(container, req.runtime, req.installPackages);
+        await installPackages(container, req.runtime, req.installPackages, timeoutMs);
       }
       const timeoutSec = Math.ceil(timeoutMs / 1000);
       let cmd;
@@ -56768,7 +56917,7 @@ class DockerIsol8 {
     const rawCmd = adapter.getCommand(req.code, filePath);
     const timeoutSec = Math.ceil(timeoutMs / 1000);
     if (req.installPackages?.length) {
-      await installPackages(this.container, req.runtime, req.installPackages);
+      await installPackages(this.container, req.runtime, req.installPackages, timeoutMs);
     }
     let cmd;
     if (req.stdin) {
@@ -56911,17 +57060,15 @@ class DockerIsol8 {
         const profile = readFileSync3(this.security.customProfilePath, "utf-8");
         opts.push(`seccomp=${profile}`);
       } catch (e) {
-        logger.error(`Failed to load custom seccomp profile: ${e}`);
+        throw new Error(`Failed to load custom seccomp profile at ${this.security.customProfilePath}: ${e}`);
       }
       return opts;
     }
     try {
       const profile = this.loadDefaultSeccompProfile();
-      if (profile) {
-        opts.push(`seccomp=${profile}`);
-      }
+      opts.push(`seccomp=${profile}`);
     } catch (e) {
-      logger.error(`Failed to load default seccomp profile: ${e}`);
+      throw new Error(`Failed to load default seccomp profile: ${e}`);
     }
     return opts;
   }
@@ -56934,8 +57081,11 @@ class DockerIsol8 {
     if (existsSync4(prodPath)) {
       return readFileSync3(prodPath, "utf-8");
     }
-    logger.warn("Could not locate default seccomp profile. Running without seccomp filter.");
-    return null;
+    if (EMBEDDED_DEFAULT_SECCOMP_PROFILE.length > 0) {
+      logger.debug(`Default seccomp profile file not found. Using embedded profile. Tried: ${devPath.pathname}, ${prodPath.pathname}`);
+      return EMBEDDED_DEFAULT_SECCOMP_PROFILE;
+    }
+    throw new Error("Embedded default seccomp profile is unavailable");
   }
   buildEnv(extra) {
     const env2 = [
@@ -57156,13 +57306,14 @@ class DockerIsol8 {
 }
 var import_dockerode, SANDBOX_WORKDIR = "/sandbox", MAX_OUTPUT_BYTES, PROXY_PORT = 8118, PROXY_STARTUP_TIMEOUT_MS = 5000, PROXY_POLL_INTERVAL_MS = 100;
 var init_docker = __esm(() => {
+  import_dockerode = __toESM(require_docker(), 1);
   init_runtime();
   init_logger();
   init_audit();
   init_code_fetcher();
+  init_default_seccomp_profile();
   init_image_builder();
   init_pool();
-  import_dockerode = __toESM(require_docker(), 1);
   MAX_OUTPUT_BYTES = 1024 * 1024;
 });
 
@@ -57171,7 +57322,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "isol8",
-    version: "0.11.1",
+    version: "0.12.0-alpha.0",
     description: "Secure code execution engine for AI agents",
     author: "Illusion47586",
     license: "MIT",
@@ -58919,6 +59070,50 @@ async function createServer(options) {
   logger.debug(`[Server] Auto-prune: ${config.cleanup.autoPrune}`);
   const app = new Hono2;
   const globalSemaphore = new Semaphore(config.maxConcurrent);
+  let pruneInterval;
+  let cleanupInFlight = null;
+  const cleanupSessions = async () => {
+    let removed = 0;
+    let failed = 0;
+    const errors = [];
+    for (const [id, session] of sessions) {
+      try {
+        await session.engine.stop();
+        removed++;
+      } catch (err) {
+        failed++;
+        const errorMsg = err instanceof Error ? err.message : String(err);
+        errors.push(`${id}: ${errorMsg}`);
+      } finally {
+        sessions.delete(id);
+      }
+    }
+    return { removed, failed, errors };
+  };
+  const runCleanup = async (includeImages) => {
+    if (cleanupInFlight) {
+      return cleanupInFlight;
+    }
+    cleanupInFlight = (async () => {
+      logger.info(`[Server] Starting cleanup (sessions=true containers=true images=${includeImages})`);
+      const sessionsResult = await cleanupSessions();
+      const containersResult = await DockerIsol82.cleanup();
+      const result = {
+        sessions: sessionsResult,
+        containers: containersResult
+      };
+      if (includeImages) {
+        result.images = await DockerIsol82.cleanupImages();
+      }
+      logger.info(`[Server] Cleanup complete: sessions=${result.sessions.removed}/${result.sessions.failed} containers=${result.containers.removed}/${result.containers.failed}${result.images ? ` images=${result.images.removed}/${result.images.failed}` : ""}`);
+      return result;
+    })();
+    try {
+      return await cleanupInFlight;
+    } finally {
+      cleanupInFlight = null;
+    }
+  };
   app.use("*", authMiddleware(options.apiKey));
   app.get("/health", (c) => c.json({ status: "ok", version: VERSION }));
   app.post("/execute", async (c) => {
@@ -59099,8 +59294,21 @@ async function createServer(options) {
     }
     return c.json({ ok: true });
   });
+  app.post("/cleanup", async (c) => {
+    const body = await c.req.json().catch(() => ({}));
+    const includeImages = body.images ?? true;
+    logger.debug(`[Server] POST /cleanup images=${includeImages}`);
+    try {
+      const result = await runCleanup(includeImages);
+      return c.json({ ok: true, ...result });
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      logger.error(`[Server] Cleanup failed: ${message}`);
+      return c.json({ error: message }, 500);
+    }
+  });
   if (config.cleanup.autoPrune) {
-    setInterval(async () => {
+    pruneInterval = setInterval(async () => {
       const maxAge = config.cleanup.maxContainerAgeMs;
       const now = Date.now();
       for (const [id, session] of sessions) {
@@ -59118,7 +59326,15 @@ async function createServer(options) {
   return {
     app,
     fetch: app.fetch,
-    port: options.port
+    port: options.port,
+    cleanup: async (includeImages = true) => runCleanup(includeImages),
+    shutdown: async (includeImages = true) => {
+      if (pruneInterval) {
+        clearInterval(pruneInterval);
+        pruneInterval = undefined;
+      }
+      await runCleanup(includeImages);
+    }
   };
 }
 var sessions;
@@ -59738,7 +59954,7 @@ onetime.callCount = (function_) => {
 };
 var onetime_default = onetime;
 
-// node_modules/signal-exit/dist/mjs/signals.js
+// node_modules/restore-cursor/node_modules/signal-exit/dist/mjs/signals.js
 var signals = [];
 signals.push("SIGHUP", "SIGINT", "SIGTERM");
 if (process.platform !== "win32") {
@@ -59748,7 +59964,7 @@ if (process.platform === "linux") {
   signals.push("SIGIO", "SIGPOLL", "SIGPWR", "SIGSTKFLT");
 }
 
-// node_modules/signal-exit/dist/mjs/index.js
+// node_modules/restore-cursor/node_modules/signal-exit/dist/mjs/index.js
 var processOk = (process3) => !!process3 && typeof process3 === "object" && typeof process3.removeListener === "function" && typeof process3.emit === "function" && typeof process3.reallyExit === "function" && typeof process3.listeners === "function" && typeof process3.kill === "function" && typeof process3.pid === "number" && typeof process3.on === "function";
 var kExitEmitter = Symbol.for("signal-exit emitter");
 var global2 = globalThis;
@@ -62633,7 +62849,7 @@ program2.command("setup").description("Check Docker and build isol8 images").opt
   console.log(`
 [DONE] Setup complete!`);
 });
-program2.command("run").description("Execute code in isol8").argument("[file]", "Script file to execute").option("-e, --eval <code>", "Execute inline code string").option("-r, --runtime <name>", "Force runtime (python, node, bun, deno, bash)").option("--net <mode>", "Network mode: none, host, filtered", "none").option("--allow <regex>", "Whitelist regex for filtered mode (repeatable)", collect, []).option("--deny <regex>", "Blacklist regex for filtered mode (repeatable)", collect, []).option("--out <file>", "Write output to file").option("--persistent", "Use persistent container").option("--timeout <ms>", "Execution timeout in milliseconds").option("--memory <limit>", "Memory limit (e.g. 512m, 1g)").option("--cpu <limit>", "CPU limit as fraction (e.g. 0.5, 2.0)").option("--image <name>", "Override Docker image").option("--pids-limit <n>", "Maximum number of processes").option("--writable", "Disable read-only root filesystem").option("--max-output <bytes>", "Maximum output size in bytes").option("--secret <KEY=VALUE>", "Secret env var (repeatable, values masked)", collect, []).option("--sandbox-size <size>", "Sandbox tmpfs size (e.g. 128m, 512m)").option("--tmp-size <size>", "Tmp tmpfs size (e.g. 256m, 512m)").option("--stdin <data>", "Data to pipe to stdin").option("--install <package>", "Install package for runtime (repeatable)", collect, []).option("--url <url>", "Fetch code from URL").option("--github <path>", "GitHub shorthand: owner/repo/ref/path/to/file").option("--gist <path>", "Gist shorthand: gistId/file.ext").option("--hash <sha256>", "Expected SHA-256 hash of fetched code").option("--allow-insecure-code-url", "Allow insecure HTTP code URLs").option("--host <url>", "Execute on remote server").option("--key <key>", "API key for remote server").option("--no-stream", "Disable real-time output streaming").option("--debug", "Enable debug logging").option("--persist", "Keep container running after execution for inspection").option("--log-network", "Log all network requests (requires --net filtered)").action(async (file, opts) => {
+program2.command("run").description("Execute code in isol8").argument("[file]", "Script file to execute").option("-e, --eval <code>", "Execute inline code string").option("-r, --runtime <name>", "Force runtime (python, node, bun, deno, bash)").option("--net <mode>", "Network mode: none, host, filtered", "none").option("--allow <regex>", "Whitelist regex for filtered mode (repeatable)", collect, []).option("--deny <regex>", "Blacklist regex for filtered mode (repeatable)", collect, []).option("--out <file>", "Write output to file").option("--persistent", "Use persistent container").option("--timeout <ms>", "Execution timeout in milliseconds").option("--memory <limit>", "Memory limit (e.g. 512m, 1g)").option("--cpu <limit>", "CPU limit as fraction (e.g. 0.5, 2.0)").option("--image <name>", "Override Docker image").option("--pids-limit <n>", "Maximum number of processes").option("--max-output <bytes>", "Maximum output size in bytes").option("--secret <KEY=VALUE>", "Secret env var (repeatable, values masked)", collect, []).option("--sandbox-size <size>", "Sandbox tmpfs size (e.g. 128m, 512m)").option("--tmp-size <size>", "Tmp tmpfs size (e.g. 256m, 512m)").option("--stdin <data>", "Data to pipe to stdin").option("--install <package>", "Install package for runtime (repeatable)", collect, []).option("--url <url>", "Fetch code from URL").option("--github <path>", "GitHub shorthand: owner/repo/ref/path/to/file").option("--gist <path>", "Gist shorthand: gistId/file.ext").option("--hash <sha256>", "Expected SHA-256 hash of fetched code").option("--allow-insecure-code-url", "Allow insecure HTTP code URLs").option("--host <url>", "Execute on remote server").option("--key <key>", "API key for remote server").option("--no-stream", "Disable real-time output streaming").option("--debug", "Enable debug logging").option("--persist", "Keep container running after execution for inspection").option("--log-network", "Log all network requests (requires --net filtered)").action(async (file, opts) => {
   const {
     code,
     codeUrl,
@@ -62762,9 +62978,39 @@ program2.command("serve").description("Start the isol8 remote server").option("-
     logger.debug("[Serve] Running under Bun, starting server in-process");
     const { createServer: createServer2 } = await Promise.resolve().then(() => (init_server(), exports_server));
     const server = await createServer2({ port, apiKey, debug: opts.debug ?? false });
+    let shuttingDown = false;
+    const bunServer = Bun.serve({ fetch: server.app.fetch, port });
+    const shutdown = async () => {
+      if (shuttingDown) {
+        return;
+      }
+      shuttingDown = true;
+      logger.info("[Serve] Shutting down server and cleaning up resources...");
+      bunServer.stop();
+      try {
+        await server.shutdown();
+        logger.info("[Serve] Cleanup complete");
+        process.exit(0);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        logger.error(`[Serve] Cleanup failed: ${message}`);
+        process.exit(1);
+      }
+    };
+    process.on("SIGINT", () => {
+      shutdown().catch((err) => {
+        const message = err instanceof Error ? err.message : String(err);
+        logger.error(`[Serve] Shutdown handler failed: ${message}`);
+      });
+    });
+    process.on("SIGTERM", () => {
+      shutdown().catch((err) => {
+        const message = err instanceof Error ? err.message : String(err);
+        logger.error(`[Serve] Shutdown handler failed: ${message}`);
+      });
+    });
     console.log(`[INFO] isol8 server v${VERSION} listening on http://localhost:${port}`);
     console.log("       Auth: Bearer token required");
-    Bun.serve({ fetch: server.app.fetch, port });
     return;
   }
   logger.debug("[Serve] Running under Node.js, launching standalone binary");
@@ -63185,6 +63431,7 @@ program2.command("cleanup").description("Remove orphaned isol8 containers (and o
 async function resolveRunInput(file, opts) {
   const config = loadConfig();
   logger.debug("[Run] Config loaded");
+  const hasExplicitNetFlag = process.argv.some((arg) => arg === "--net");
   let code;
   let codeUrl;
   let codeHash;
@@ -63249,7 +63496,6 @@ async function resolveRunInput(file, opts) {
     timeoutMs: opts.timeout ? Number.parseInt(opts.timeout, 10) : config.defaults.timeoutMs,
     ...opts.image ? { image: opts.image } : {},
     ...opts.pidsLimit ? { pidsLimit: Number.parseInt(opts.pidsLimit, 10) } : {},
-    ...opts.writable ? { readonlyRootFs: false } : {},
     ...opts.maxOutput ? { maxOutputSize: Number.parseInt(opts.maxOutput, 10) } : {},
     ...opts.tmpSize ? { tmpSize: opts.tmpSize } : {},
     debug: opts.debug ?? config.debug,
@@ -63258,6 +63504,20 @@ async function resolveRunInput(file, opts) {
     dependencies: config.dependencies,
     remoteCode: config.remoteCode
   };
+  if (opts.install.length > 0 && !hasExplicitNetFlag) {
+    engineOptions.network = "filtered";
+    logger.debug("[Run] --install detected without explicit --net; using filtered network mode automatically");
+  }
+  if (opts.install.length > 0 && engineOptions.network === "filtered") {
+    const runtimeRegistryAllowlist = getDefaultRegistryAllowPatterns(runtime);
+    if (runtimeRegistryAllowlist.length > 0) {
+      engineOptions.networkFilter = {
+        whitelist: Array.from(new Set([...engineOptions.networkFilter?.whitelist ?? [], ...runtimeRegistryAllowlist])),
+        blacklist: engineOptions.networkFilter?.blacklist ?? []
+      };
+      logger.debug(`[Run] Added default package registries for ${runtime}: ${runtimeRegistryAllowlist.join(", ")}`);
+    }
+  }
   logger.debug(`[Run] Engine options: mode=${engineOptions.mode}, network=${engineOptions.network}`);
   let fileExtension;
   if (file) {
@@ -63333,6 +63593,19 @@ function detectRuntimeFromPath(pathValue) {
     return;
   }
 }
+function getDefaultRegistryAllowPatterns(runtime) {
+  switch (runtime) {
+    case "python":
+      return ["^pypi\\.org$", "^files\\.pythonhosted\\.org$"];
+    case "node":
+    case "bun":
+      return ["^registry\\.npmjs\\.org$"];
+    case "bash":
+      return ["^dl-cdn\\.alpinelinux\\.org$"];
+    default:
+      return [];
+  }
+}
 function collect(value, previous) {
   return previous.concat([value]);
 }
@@ -63342,4 +63615,4 @@ if (!process.argv.slice(2).length) {
 }
 program2.parse();
 
-//# debugId=33A00A6A263B687D64756E2164756E21
+//# debugId=3F3ACB896496CF6F64756E2164756E21