isol8 0.11.3 → 0.12.0-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +98 -42
- package/dist/index.js +367 -95
- package/dist/src/config.d.ts.map +1 -1
- package/dist/src/engine/docker.d.ts.map +1 -1
- package/dist/src/engine/image-builder.d.ts +1 -1
- package/dist/src/engine/image-builder.d.ts.map +1 -1
- package/dist/src/types.d.ts +2 -0
- package/dist/src/types.d.ts.map +1 -1
- package/package.json +2 -2
- package/schema/isol8.config.schema.json +5 -0
package/dist/cli.js
CHANGED
|
@@ -6318,7 +6318,7 @@ var require_bcrypt_pbkdf = __commonJS((exports, module) => {
|
|
|
6318
6318
|
|
|
6319
6319
|
// node_modules/cpu-features/build/Release/cpufeatures.node
|
|
6320
6320
|
var require_cpufeatures = __commonJS((exports, module) => {
|
|
6321
|
-
module.exports = __require("./cpufeatures-
|
|
6321
|
+
module.exports = __require("./cpufeatures-8g73ch7n.node");
|
|
6322
6322
|
});
|
|
6323
6323
|
|
|
6324
6324
|
// node_modules/cpu-features/lib/index.js
|
|
@@ -6929,9 +6929,14 @@ var require_utils2 = __commonJS((exports, module) => {
|
|
|
6929
6929
|
};
|
|
6930
6930
|
});
|
|
6931
6931
|
|
|
6932
|
+
// node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node
|
|
6933
|
+
var require_sshcrypto = __commonJS((exports, module) => {
|
|
6934
|
+
module.exports = __require("./sshcrypto-f6atjna1.node");
|
|
6935
|
+
});
|
|
6936
|
+
|
|
6932
6937
|
// node_modules/ssh2/lib/protocol/crypto/poly1305.js
|
|
6933
6938
|
var require_poly1305 = __commonJS((exports, module) => {
|
|
6934
|
-
var __dirname = "/
|
|
6939
|
+
var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/ssh2/lib/protocol/crypto", __filename = "/Users/dhruv/Developer/Projects/isol8/node_modules/ssh2/lib/protocol/crypto/poly1305.js";
|
|
6935
6940
|
var createPoly1305 = function() {
|
|
6936
6941
|
var _scriptDir = typeof document !== "undefined" && document.currentScript ? document.currentScript.src : undefined;
|
|
6937
6942
|
if (typeof __filename !== "undefined")
|
|
@@ -7415,7 +7420,7 @@ var require_crypto = __commonJS((exports, module) => {
|
|
|
7415
7420
|
var ChaChaPolyDecipher;
|
|
7416
7421
|
var GenericDecipher;
|
|
7417
7422
|
try {
|
|
7418
|
-
binding = (
|
|
7423
|
+
binding = require_sshcrypto();
|
|
7419
7424
|
({
|
|
7420
7425
|
AESGCMCipher,
|
|
7421
7426
|
ChaChaPolyCipher,
|
|
@@ -8676,7 +8681,7 @@ ${formatted}-----END ${type} KEY-----`;
|
|
|
8676
8681
|
}
|
|
8677
8682
|
return Buffer.from(hex, "hex");
|
|
8678
8683
|
}
|
|
8679
|
-
return function
|
|
8684
|
+
return function genOpenSSLRSAPriv(n, e, d, iqmp, p, q) {
|
|
8680
8685
|
const bn_d = bigIntFromBuffer(d);
|
|
8681
8686
|
const dmp1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(p) - 1n));
|
|
8682
8687
|
const dmq1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(q) - 1n));
|
|
@@ -9704,7 +9709,7 @@ ${formatted}-----END ${type} KEY-----`;
|
|
|
9704
9709
|
|
|
9705
9710
|
// node_modules/ssh2/lib/agent.js
|
|
9706
9711
|
var require_agent = __commonJS((exports, module) => {
|
|
9707
|
-
var __dirname = "/
|
|
9712
|
+
var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/ssh2/lib";
|
|
9708
9713
|
var { Socket } = __require("net");
|
|
9709
9714
|
var { Duplex } = __require("stream");
|
|
9710
9715
|
var { resolve } = __require("path");
|
|
@@ -21677,7 +21682,7 @@ var require__stream_writable = __commonJS((exports, module) => {
|
|
|
21677
21682
|
}
|
|
21678
21683
|
});
|
|
21679
21684
|
} else {
|
|
21680
|
-
realHasInstance = function
|
|
21685
|
+
realHasInstance = function realHasInstance(object) {
|
|
21681
21686
|
return object instanceof this;
|
|
21682
21687
|
};
|
|
21683
21688
|
}
|
|
@@ -22475,28 +22480,28 @@ var require_end_of_stream = __commonJS((exports, module) => {
|
|
|
22475
22480
|
callback = once(callback || noop);
|
|
22476
22481
|
var readable = opts.readable || opts.readable !== false && stream.readable;
|
|
22477
22482
|
var writable = opts.writable || opts.writable !== false && stream.writable;
|
|
22478
|
-
var onlegacyfinish = function
|
|
22483
|
+
var onlegacyfinish = function onlegacyfinish() {
|
|
22479
22484
|
if (!stream.writable)
|
|
22480
22485
|
onfinish();
|
|
22481
22486
|
};
|
|
22482
22487
|
var writableEnded = stream._writableState && stream._writableState.finished;
|
|
22483
|
-
var onfinish = function
|
|
22488
|
+
var onfinish = function onfinish() {
|
|
22484
22489
|
writable = false;
|
|
22485
22490
|
writableEnded = true;
|
|
22486
22491
|
if (!readable)
|
|
22487
22492
|
callback.call(stream);
|
|
22488
22493
|
};
|
|
22489
22494
|
var readableEnded = stream._readableState && stream._readableState.endEmitted;
|
|
22490
|
-
var onend = function
|
|
22495
|
+
var onend = function onend() {
|
|
22491
22496
|
readable = false;
|
|
22492
22497
|
readableEnded = true;
|
|
22493
22498
|
if (!writable)
|
|
22494
22499
|
callback.call(stream);
|
|
22495
22500
|
};
|
|
22496
|
-
var onerror = function
|
|
22501
|
+
var onerror = function onerror(err) {
|
|
22497
22502
|
callback.call(stream, err);
|
|
22498
22503
|
};
|
|
22499
|
-
var onclose = function
|
|
22504
|
+
var onclose = function onclose() {
|
|
22500
22505
|
var err;
|
|
22501
22506
|
if (readable && !readableEnded) {
|
|
22502
22507
|
if (!stream._readableState || !stream._readableState.ended)
|
|
@@ -22509,7 +22514,7 @@ var require_end_of_stream = __commonJS((exports, module) => {
|
|
|
22509
22514
|
return callback.call(stream, err);
|
|
22510
22515
|
}
|
|
22511
22516
|
};
|
|
22512
|
-
var onrequest = function
|
|
22517
|
+
var onrequest = function onrequest() {
|
|
22513
22518
|
stream.req.on("finish", onfinish);
|
|
22514
22519
|
};
|
|
22515
22520
|
if (isRequest(stream)) {
|
|
@@ -22666,7 +22671,7 @@ var require_async_iterator = __commonJS((exports, module) => {
|
|
|
22666
22671
|
});
|
|
22667
22672
|
});
|
|
22668
22673
|
}), _Object$setPrototypeO), AsyncIteratorPrototype);
|
|
22669
|
-
var createReadableStreamAsyncIterator = function
|
|
22674
|
+
var createReadableStreamAsyncIterator = function createReadableStreamAsyncIterator(stream) {
|
|
22670
22675
|
var _Object$create;
|
|
22671
22676
|
var iterator = Object.create(ReadableStreamAsyncIteratorPrototype, (_Object$create = {}, _defineProperty(_Object$create, kStream, {
|
|
22672
22677
|
value: stream,
|
|
@@ -22855,7 +22860,7 @@ var require__stream_readable = __commonJS((exports, module) => {
|
|
|
22855
22860
|
var Duplex;
|
|
22856
22861
|
Readable.ReadableState = ReadableState;
|
|
22857
22862
|
var EE = __require("events").EventEmitter;
|
|
22858
|
-
var EElistenerCount = function
|
|
22863
|
+
var EElistenerCount = function EElistenerCount(emitter, type) {
|
|
22859
22864
|
return emitter.listeners(type).length;
|
|
22860
22865
|
};
|
|
22861
22866
|
var Stream = __require("stream");
|
|
@@ -22872,7 +22877,7 @@ var require__stream_readable = __commonJS((exports, module) => {
|
|
|
22872
22877
|
if (debugUtil && debugUtil.debuglog) {
|
|
22873
22878
|
debug = debugUtil.debuglog("stream");
|
|
22874
22879
|
} else {
|
|
22875
|
-
debug = function
|
|
22880
|
+
debug = function debug() {};
|
|
22876
22881
|
}
|
|
22877
22882
|
var BufferList = require_buffer_list();
|
|
22878
22883
|
var destroyImpl = require_destroy();
|
|
@@ -25530,14 +25535,14 @@ var require_BufferList = __commonJS((exports, module) => {
|
|
|
25530
25535
|
if (srcEnd <= 0) {
|
|
25531
25536
|
return dst || Buffer2.alloc(0);
|
|
25532
25537
|
}
|
|
25533
|
-
const
|
|
25538
|
+
const copy = !!dst;
|
|
25534
25539
|
const off = this._offset(srcStart);
|
|
25535
25540
|
const len = srcEnd - srcStart;
|
|
25536
25541
|
let bytes = len;
|
|
25537
|
-
let bufoff =
|
|
25542
|
+
let bufoff = copy && dstStart || 0;
|
|
25538
25543
|
let start = off[1];
|
|
25539
25544
|
if (srcStart === 0 && srcEnd === this.length) {
|
|
25540
|
-
if (!
|
|
25545
|
+
if (!copy) {
|
|
25541
25546
|
return this._bufs.length === 1 ? this._bufs[0] : Buffer2.concat(this._bufs, this.length);
|
|
25542
25547
|
}
|
|
25543
25548
|
for (let i = 0;i < this._bufs.length; i++) {
|
|
@@ -25547,9 +25552,9 @@ var require_BufferList = __commonJS((exports, module) => {
|
|
|
25547
25552
|
return dst;
|
|
25548
25553
|
}
|
|
25549
25554
|
if (bytes <= this._bufs[off[0]].length - start) {
|
|
25550
|
-
return
|
|
25555
|
+
return copy ? this._bufs[off[0]].copy(dst, dstStart, start, start + bytes) : this._bufs[off[0]].slice(start, start + bytes);
|
|
25551
25556
|
}
|
|
25552
|
-
if (!
|
|
25557
|
+
if (!copy) {
|
|
25553
25558
|
dst = Buffer2.allocUnsafe(len);
|
|
25554
25559
|
}
|
|
25555
25560
|
for (let i = off[0];i < this._bufs.length; i++) {
|
|
@@ -25771,7 +25776,7 @@ var require_bl = __commonJS((exports, module) => {
|
|
|
25771
25776
|
}
|
|
25772
25777
|
if (typeof callback === "function") {
|
|
25773
25778
|
this._callback = callback;
|
|
25774
|
-
const piper = function
|
|
25779
|
+
const piper = function piper(err) {
|
|
25775
25780
|
if (this._callback) {
|
|
25776
25781
|
this._callback(err);
|
|
25777
25782
|
this._callback = null;
|
|
@@ -34834,7 +34839,7 @@ var require_writer2 = __commonJS((exports, module) => {
|
|
|
34834
34839
|
this.tail = this.head;
|
|
34835
34840
|
this.states = null;
|
|
34836
34841
|
}
|
|
34837
|
-
var create = function
|
|
34842
|
+
var create = function create() {
|
|
34838
34843
|
return util.Buffer ? function create_buffer_setup() {
|
|
34839
34844
|
return (Writer.create = function create_buffer() {
|
|
34840
34845
|
return new BufferWriter;
|
|
@@ -35058,12 +35063,12 @@ var require_reader2 = __commonJS((exports, module) => {
|
|
|
35058
35063
|
if (buffer instanceof Uint8Array || Array.isArray(buffer))
|
|
35059
35064
|
return new Reader(buffer);
|
|
35060
35065
|
throw Error("illegal buffer");
|
|
35061
|
-
} : function
|
|
35066
|
+
} : function create_array(buffer) {
|
|
35062
35067
|
if (Array.isArray(buffer))
|
|
35063
35068
|
return new Reader(buffer);
|
|
35064
35069
|
throw Error("illegal buffer");
|
|
35065
35070
|
};
|
|
35066
|
-
var create = function
|
|
35071
|
+
var create = function create() {
|
|
35067
35072
|
return util.Buffer ? function create_buffer_setup(buffer) {
|
|
35068
35073
|
return (Reader.create = function create_buffer(buffer2) {
|
|
35069
35074
|
return util.Buffer.isBuffer(buffer2) ? new BufferReader(buffer2) : create_array(buffer2);
|
|
@@ -35489,10 +35494,10 @@ var require_fetch = __commonJS((exports, module) => {
|
|
|
35489
35494
|
// node_modules/@protobufjs/path/index.js
|
|
35490
35495
|
var require_path = __commonJS((exports) => {
|
|
35491
35496
|
var path = exports;
|
|
35492
|
-
var isAbsolute = path.isAbsolute = function
|
|
35497
|
+
var isAbsolute = path.isAbsolute = function isAbsolute(path2) {
|
|
35493
35498
|
return /^(?:\/|\w+:)/.test(path2);
|
|
35494
35499
|
};
|
|
35495
|
-
var normalize = path.normalize = function
|
|
35500
|
+
var normalize = path.normalize = function normalize(path2) {
|
|
35496
35501
|
path2 = path2.replace(/\\/g, "/").replace(/\/{2,}/g, "/");
|
|
35497
35502
|
var parts = path2.split("/"), absolute = isAbsolute(path2), prefix = "";
|
|
35498
35503
|
if (absolute)
|
|
@@ -35657,7 +35662,7 @@ var require_namespace = __commonJS((exports, module) => {
|
|
|
35657
35662
|
object.onRemove(this);
|
|
35658
35663
|
return clearCache(this);
|
|
35659
35664
|
};
|
|
35660
|
-
Namespace.prototype.define = function
|
|
35665
|
+
Namespace.prototype.define = function define(path, json) {
|
|
35661
35666
|
if (util.isString(path))
|
|
35662
35667
|
path = path.split(".");
|
|
35663
35668
|
else if (!Array.isArray(path))
|
|
@@ -42473,7 +42478,7 @@ var require_src3 = __commonJS((exports) => {
|
|
|
42473
42478
|
|
|
42474
42479
|
// node_modules/@grpc/grpc-js/build/src/channelz.js
|
|
42475
42480
|
var require_channelz = __commonJS((exports) => {
|
|
42476
|
-
var __dirname = "/
|
|
42481
|
+
var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/@grpc/grpc-js/build/src";
|
|
42477
42482
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
42478
42483
|
exports.registerChannelzSocket = exports.registerChannelzServer = exports.registerChannelzSubchannel = exports.registerChannelzChannel = exports.ChannelzCallTrackerStub = exports.ChannelzCallTracker = exports.ChannelzChildrenTrackerStub = exports.ChannelzChildrenTracker = exports.ChannelzTrace = exports.ChannelzTraceStub = undefined;
|
|
42479
42484
|
exports.unregisterChannelzRef = unregisterChannelzRef;
|
|
@@ -47876,7 +47881,7 @@ var require_duration = __commonJS((exports) => {
|
|
|
47876
47881
|
|
|
47877
47882
|
// node_modules/@grpc/grpc-js/build/src/orca.js
|
|
47878
47883
|
var require_orca = __commonJS((exports) => {
|
|
47879
|
-
var __dirname = "/
|
|
47884
|
+
var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/@grpc/grpc-js/build/src";
|
|
47880
47885
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
47881
47886
|
exports.OrcaOobMetricsSubchannelWrapper = exports.GRPC_METRICS_HEADER = exports.ServerMetricRecorder = exports.PerRequestMetricRecorder = undefined;
|
|
47882
47887
|
exports.createOrcaClient = createOrcaClient;
|
|
@@ -53265,7 +53270,7 @@ var require_dist = __commonJS((exports) => {
|
|
|
53265
53270
|
|
|
53266
53271
|
// node_modules/dockerode/lib/session.js
|
|
53267
53272
|
var require_session = __commonJS((exports, module) => {
|
|
53268
|
-
var __dirname = "/
|
|
53273
|
+
var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/dockerode/lib";
|
|
53269
53274
|
var grpc = require_src4();
|
|
53270
53275
|
var protoLoader = require_src5();
|
|
53271
53276
|
var path = __require("path");
|
|
@@ -54491,7 +54496,7 @@ var require_docker = __commonJS((exports, module) => {
|
|
|
54491
54496
|
stream: true,
|
|
54492
54497
|
stdout: true,
|
|
54493
54498
|
stderr: true
|
|
54494
|
-
}, function
|
|
54499
|
+
}, function handler(err2, stream) {
|
|
54495
54500
|
if (err2)
|
|
54496
54501
|
return callback(err2, null, container);
|
|
54497
54502
|
hub.emit("stream", stream);
|
|
@@ -54780,7 +54785,8 @@ function mergeConfig(defaults, overrides) {
|
|
|
54780
54785
|
maxConcurrent: overrides.maxConcurrent ?? defaults.maxConcurrent,
|
|
54781
54786
|
defaults: {
|
|
54782
54787
|
...defaults.defaults,
|
|
54783
|
-
...overrides.defaults
|
|
54788
|
+
...overrides.defaults,
|
|
54789
|
+
readonlyRootFs: overrides.defaults?.readonlyRootFs ?? defaults.defaults.readonlyRootFs
|
|
54784
54790
|
},
|
|
54785
54791
|
network: {
|
|
54786
54792
|
whitelist: overrides.network?.whitelist ?? defaults.network.whitelist,
|
|
@@ -54824,7 +54830,8 @@ var init_config = __esm(() => {
|
|
|
54824
54830
|
cpuLimit: 1,
|
|
54825
54831
|
network: "none",
|
|
54826
54832
|
sandboxSize: "512m",
|
|
54827
|
-
tmpSize: "256m"
|
|
54833
|
+
tmpSize: "256m",
|
|
54834
|
+
readonlyRootFs: true
|
|
54828
54835
|
},
|
|
54829
54836
|
network: {
|
|
54830
54837
|
whitelist: [],
|
|
@@ -55585,6 +55592,15 @@ function validatePackageName(name) {
|
|
|
55585
55592
|
}
|
|
55586
55593
|
|
|
55587
55594
|
// src/engine/image-builder.ts
|
|
55595
|
+
var exports_image_builder = {};
|
|
55596
|
+
__export(exports_image_builder, {
|
|
55597
|
+
normalizePackages: () => normalizePackages,
|
|
55598
|
+
imageExists: () => imageExists,
|
|
55599
|
+
getCustomImageTag: () => getCustomImageTag,
|
|
55600
|
+
ensureImages: () => ensureImages,
|
|
55601
|
+
buildCustomImages: () => buildCustomImages,
|
|
55602
|
+
buildBaseImages: () => buildBaseImages
|
|
55603
|
+
});
|
|
55588
55604
|
import { createHash as createHash2 } from "node:crypto";
|
|
55589
55605
|
import { existsSync as existsSync3, readFileSync as readFileSync2 } from "node:fs";
|
|
55590
55606
|
import { join as join3 } from "node:path";
|
|
@@ -55643,8 +55659,9 @@ async function removeImage(docker, imageId) {
|
|
|
55643
55659
|
logger.debug(`[ImageBuilder] Could not remove image ${imageId.slice(0, 12)}: ${err}`);
|
|
55644
55660
|
}
|
|
55645
55661
|
}
|
|
55646
|
-
async function buildBaseImages(docker, onProgress, force = false) {
|
|
55647
|
-
const
|
|
55662
|
+
async function buildBaseImages(docker, onProgress, force = false, onlyRuntimes) {
|
|
55663
|
+
const allRuntimes = RuntimeRegistry.list();
|
|
55664
|
+
const runtimes = onlyRuntimes ? allRuntimes.filter((r) => onlyRuntimes.includes(r.name)) : allRuntimes;
|
|
55648
55665
|
const dockerHash = computeDockerDirHash();
|
|
55649
55666
|
logger.debug(`[ImageBuilder] Docker directory hash: ${dockerHash.slice(0, 16)}...`);
|
|
55650
55667
|
for (const adapter of runtimes) {
|
|
@@ -55794,6 +55811,26 @@ ${installCmd}
|
|
|
55794
55811
|
}
|
|
55795
55812
|
onProgress?.({ runtime, status: "done" });
|
|
55796
55813
|
}
|
|
55814
|
+
async function imageExists(docker, imageName) {
|
|
55815
|
+
try {
|
|
55816
|
+
await docker.getImage(imageName).inspect();
|
|
55817
|
+
return true;
|
|
55818
|
+
} catch {
|
|
55819
|
+
return false;
|
|
55820
|
+
}
|
|
55821
|
+
}
|
|
55822
|
+
async function ensureImages(docker, onProgress) {
|
|
55823
|
+
const runtimes = RuntimeRegistry.list();
|
|
55824
|
+
const missing = [];
|
|
55825
|
+
for (const adapter of runtimes) {
|
|
55826
|
+
if (!await imageExists(docker, adapter.image)) {
|
|
55827
|
+
missing.push(adapter.name);
|
|
55828
|
+
}
|
|
55829
|
+
}
|
|
55830
|
+
if (missing.length > 0) {
|
|
55831
|
+
await buildBaseImages(docker, onProgress, false, missing);
|
|
55832
|
+
}
|
|
55833
|
+
}
|
|
55797
55834
|
var DOCKERFILE_DIR, LABELS, DOCKER_BUILD_FILES;
|
|
55798
55835
|
var init_image_builder = __esm(() => {
|
|
55799
55836
|
init_runtime();
|
|
@@ -56692,6 +56729,26 @@ class DockerIsol8 {
|
|
|
56692
56729
|
resolvedImage = legacyCustomTag;
|
|
56693
56730
|
} catch {}
|
|
56694
56731
|
}
|
|
56732
|
+
try {
|
|
56733
|
+
await this.docker.getImage(resolvedImage).inspect();
|
|
56734
|
+
} catch {
|
|
56735
|
+
logger.debug(`[ImageBuilder] Image ${resolvedImage} not found. Building...`);
|
|
56736
|
+
const { buildBaseImages: buildBaseImages2, buildCustomImages: buildCustomImages2 } = await Promise.resolve().then(() => (init_image_builder(), exports_image_builder));
|
|
56737
|
+
if (resolvedImage !== adapter.image && normalizedDeps.length > 0) {
|
|
56738
|
+
try {
|
|
56739
|
+
await this.docker.getImage(adapter.image).inspect();
|
|
56740
|
+
} catch {
|
|
56741
|
+
logger.debug(`[ImageBuilder] Base image ${adapter.image} missing. Building...`);
|
|
56742
|
+
await buildBaseImages2(this.docker, undefined, false, [adapter.name]);
|
|
56743
|
+
}
|
|
56744
|
+
logger.debug(`[ImageBuilder] Building custom image for ${adapter.name}...`);
|
|
56745
|
+
const dummyConfig = { dependencies: { [adapter.name]: normalizedDeps } };
|
|
56746
|
+
await buildCustomImages2(this.docker, dummyConfig, undefined, false);
|
|
56747
|
+
} else {
|
|
56748
|
+
logger.debug(`[ImageBuilder] Building base image for ${adapter.name}...`);
|
|
56749
|
+
await buildBaseImages2(this.docker, undefined, false, [adapter.name]);
|
|
56750
|
+
}
|
|
56751
|
+
}
|
|
56695
56752
|
this.imageCache.set(cacheKey, resolvedImage);
|
|
56696
56753
|
return resolvedImage;
|
|
56697
56754
|
}
|
|
@@ -57249,6 +57306,7 @@ class DockerIsol8 {
|
|
|
57249
57306
|
}
|
|
57250
57307
|
var import_dockerode, SANDBOX_WORKDIR = "/sandbox", MAX_OUTPUT_BYTES, PROXY_PORT = 8118, PROXY_STARTUP_TIMEOUT_MS = 5000, PROXY_POLL_INTERVAL_MS = 100;
|
|
57251
57308
|
var init_docker = __esm(() => {
|
|
57309
|
+
import_dockerode = __toESM(require_docker(), 1);
|
|
57252
57310
|
init_runtime();
|
|
57253
57311
|
init_logger();
|
|
57254
57312
|
init_audit();
|
|
@@ -57256,7 +57314,6 @@ var init_docker = __esm(() => {
|
|
|
57256
57314
|
init_default_seccomp_profile();
|
|
57257
57315
|
init_image_builder();
|
|
57258
57316
|
init_pool();
|
|
57259
|
-
import_dockerode = __toESM(require_docker(), 1);
|
|
57260
57317
|
MAX_OUTPUT_BYTES = 1024 * 1024;
|
|
57261
57318
|
});
|
|
57262
57319
|
|
|
@@ -57265,7 +57322,7 @@ var package_default;
|
|
|
57265
57322
|
var init_package = __esm(() => {
|
|
57266
57323
|
package_default = {
|
|
57267
57324
|
name: "isol8",
|
|
57268
|
-
version: "0.
|
|
57325
|
+
version: "0.12.0-alpha.0",
|
|
57269
57326
|
description: "Secure code execution engine for AI agents",
|
|
57270
57327
|
author: "Illusion47586",
|
|
57271
57328
|
license: "MIT",
|
|
@@ -59897,7 +59954,7 @@ onetime.callCount = (function_) => {
|
|
|
59897
59954
|
};
|
|
59898
59955
|
var onetime_default = onetime;
|
|
59899
59956
|
|
|
59900
|
-
// node_modules/signal-exit/dist/mjs/signals.js
|
|
59957
|
+
// node_modules/restore-cursor/node_modules/signal-exit/dist/mjs/signals.js
|
|
59901
59958
|
var signals = [];
|
|
59902
59959
|
signals.push("SIGHUP", "SIGINT", "SIGTERM");
|
|
59903
59960
|
if (process.platform !== "win32") {
|
|
@@ -59907,7 +59964,7 @@ if (process.platform === "linux") {
|
|
|
59907
59964
|
signals.push("SIGIO", "SIGPOLL", "SIGPWR", "SIGSTKFLT");
|
|
59908
59965
|
}
|
|
59909
59966
|
|
|
59910
|
-
// node_modules/signal-exit/dist/mjs/index.js
|
|
59967
|
+
// node_modules/restore-cursor/node_modules/signal-exit/dist/mjs/index.js
|
|
59911
59968
|
var processOk = (process3) => !!process3 && typeof process3 === "object" && typeof process3.removeListener === "function" && typeof process3.emit === "function" && typeof process3.reallyExit === "function" && typeof process3.listeners === "function" && typeof process3.kill === "function" && typeof process3.pid === "number" && typeof process3.on === "function";
|
|
59912
59969
|
var kExitEmitter = Symbol.for("signal-exit emitter");
|
|
59913
59970
|
var global2 = globalThis;
|
|
@@ -62792,7 +62849,7 @@ program2.command("setup").description("Check Docker and build isol8 images").opt
|
|
|
62792
62849
|
console.log(`
|
|
62793
62850
|
[DONE] Setup complete!`);
|
|
62794
62851
|
});
|
|
62795
|
-
program2.command("run").description("Execute code in isol8").argument("[file]", "Script file to execute").option("-e, --eval <code>", "Execute inline code string").option("-r, --runtime <name>", "Force runtime (python, node, bun, deno, bash)").option("--net <mode>", "Network mode: none, host, filtered", "none").option("--allow <regex>", "Whitelist regex for filtered mode (repeatable)", collect, []).option("--deny <regex>", "Blacklist regex for filtered mode (repeatable)", collect, []).option("--out <file>", "Write output to file").option("--persistent", "Use persistent container").option("--timeout <ms>", "Execution timeout in milliseconds").option("--memory <limit>", "Memory limit (e.g. 512m, 1g)").option("--cpu <limit>", "CPU limit as fraction (e.g. 0.5, 2.0)").option("--image <name>", "Override Docker image").option("--pids-limit <n>", "Maximum number of processes").option("--
|
|
62852
|
+
program2.command("run").description("Execute code in isol8").argument("[file]", "Script file to execute").option("-e, --eval <code>", "Execute inline code string").option("-r, --runtime <name>", "Force runtime (python, node, bun, deno, bash)").option("--net <mode>", "Network mode: none, host, filtered", "none").option("--allow <regex>", "Whitelist regex for filtered mode (repeatable)", collect, []).option("--deny <regex>", "Blacklist regex for filtered mode (repeatable)", collect, []).option("--out <file>", "Write output to file").option("--persistent", "Use persistent container").option("--timeout <ms>", "Execution timeout in milliseconds").option("--memory <limit>", "Memory limit (e.g. 512m, 1g)").option("--cpu <limit>", "CPU limit as fraction (e.g. 0.5, 2.0)").option("--image <name>", "Override Docker image").option("--pids-limit <n>", "Maximum number of processes").option("--max-output <bytes>", "Maximum output size in bytes").option("--secret <KEY=VALUE>", "Secret env var (repeatable, values masked)", collect, []).option("--sandbox-size <size>", "Sandbox tmpfs size (e.g. 128m, 512m)").option("--tmp-size <size>", "Tmp tmpfs size (e.g. 256m, 512m)").option("--stdin <data>", "Data to pipe to stdin").option("--install <package>", "Install package for runtime (repeatable)", collect, []).option("--url <url>", "Fetch code from URL").option("--github <path>", "GitHub shorthand: owner/repo/ref/path/to/file").option("--gist <path>", "Gist shorthand: gistId/file.ext").option("--hash <sha256>", "Expected SHA-256 hash of fetched code").option("--allow-insecure-code-url", "Allow insecure HTTP code URLs").option("--host <url>", "Execute on remote server").option("--key <key>", "API key for remote server").option("--no-stream", "Disable real-time output streaming").option("--debug", "Enable debug logging").option("--persist", "Keep container running after execution for inspection").option("--log-network", "Log all network requests (requires --net filtered)").action(async (file, opts) => {
|
|
62796
62853
|
const {
|
|
62797
62854
|
code,
|
|
62798
62855
|
codeUrl,
|
|
@@ -63439,7 +63496,6 @@ async function resolveRunInput(file, opts) {
|
|
|
63439
63496
|
timeoutMs: opts.timeout ? Number.parseInt(opts.timeout, 10) : config.defaults.timeoutMs,
|
|
63440
63497
|
...opts.image ? { image: opts.image } : {},
|
|
63441
63498
|
...opts.pidsLimit ? { pidsLimit: Number.parseInt(opts.pidsLimit, 10) } : {},
|
|
63442
|
-
...opts.writable ? { readonlyRootFs: false } : {},
|
|
63443
63499
|
...opts.maxOutput ? { maxOutputSize: Number.parseInt(opts.maxOutput, 10) } : {},
|
|
63444
63500
|
...opts.tmpSize ? { tmpSize: opts.tmpSize } : {},
|
|
63445
63501
|
debug: opts.debug ?? config.debug,
|
|
@@ -63559,4 +63615,4 @@ if (!process.argv.slice(2).length) {
|
|
|
63559
63615
|
}
|
|
63560
63616
|
program2.parse();
|
|
63561
63617
|
|
|
63562
|
-
//# debugId=
|
|
63618
|
+
//# debugId=3F3ACB896496CF6F64756E2164756E21
|
package/dist/index.js
CHANGED
|
@@ -1,4 +1,20 @@
|
|
|
1
|
+
import { createRequire } from "node:module";
|
|
2
|
+
var __create = Object.create;
|
|
3
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
1
4
|
var __defProp = Object.defineProperty;
|
|
5
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
7
|
+
var __toESM = (mod, isNodeMode, target) => {
|
|
8
|
+
target = mod != null ? __create(__getProtoOf(mod)) : {};
|
|
9
|
+
const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
|
|
10
|
+
for (let key of __getOwnPropNames(mod))
|
|
11
|
+
if (!__hasOwnProp.call(to, key))
|
|
12
|
+
__defProp(to, key, {
|
|
13
|
+
get: () => mod[key],
|
|
14
|
+
enumerable: true
|
|
15
|
+
});
|
|
16
|
+
return to;
|
|
17
|
+
};
|
|
2
18
|
var __export = (target, all) => {
|
|
3
19
|
for (var name in all)
|
|
4
20
|
__defProp(target, name, {
|
|
@@ -9,6 +25,7 @@ var __export = (target, all) => {
|
|
|
9
25
|
});
|
|
10
26
|
};
|
|
11
27
|
var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
|
|
28
|
+
var __require = /* @__PURE__ */ createRequire(import.meta.url);
|
|
12
29
|
|
|
13
30
|
// src/runtime/adapter.ts
|
|
14
31
|
var adapters, extensionMap, RuntimeRegistry;
|
|
@@ -613,9 +630,124 @@ var init_default_seccomp_profile = __esm(() => {
|
|
|
613
630
|
});
|
|
614
631
|
});
|
|
615
632
|
|
|
633
|
+
// src/engine/utils.ts
|
|
634
|
+
var exports_utils = {};
|
|
635
|
+
__export(exports_utils, {
|
|
636
|
+
validatePackageName: () => validatePackageName,
|
|
637
|
+
truncateOutput: () => truncateOutput,
|
|
638
|
+
parseMemoryLimit: () => parseMemoryLimit,
|
|
639
|
+
maskSecrets: () => maskSecrets,
|
|
640
|
+
extractFromTar: () => extractFromTar,
|
|
641
|
+
createTarBuffer: () => createTarBuffer
|
|
642
|
+
});
|
|
643
|
+
function parseMemoryLimit(limit) {
|
|
644
|
+
const match = limit.match(/^(\d+(?:\.\d+)?)\s*([kmgt]?)b?$/i);
|
|
645
|
+
if (!match) {
|
|
646
|
+
throw new Error(`Invalid memory limit format: "${limit}". Use e.g. "512m", "1g".`);
|
|
647
|
+
}
|
|
648
|
+
const value = Number.parseFloat(match[1]);
|
|
649
|
+
const unit = (match[2] || "b").toLowerCase();
|
|
650
|
+
const multipliers = {
|
|
651
|
+
b: 1,
|
|
652
|
+
k: 1024,
|
|
653
|
+
m: 1024 ** 2,
|
|
654
|
+
g: 1024 ** 3,
|
|
655
|
+
t: 1024 ** 4
|
|
656
|
+
};
|
|
657
|
+
return Math.floor(value * (multipliers[unit] ?? 1));
|
|
658
|
+
}
|
|
659
|
+
function truncateOutput(output, maxBytes) {
|
|
660
|
+
const encoder = new TextEncoder;
|
|
661
|
+
const bytes = encoder.encode(output);
|
|
662
|
+
if (bytes.length <= maxBytes) {
|
|
663
|
+
return { text: output, truncated: false };
|
|
664
|
+
}
|
|
665
|
+
const decoder = new TextDecoder("utf-8", { fatal: false });
|
|
666
|
+
const truncated = decoder.decode(bytes.slice(0, maxBytes));
|
|
667
|
+
return {
|
|
668
|
+
text: `${truncated}
|
|
669
|
+
|
|
670
|
+
--- OUTPUT TRUNCATED (${bytes.length} bytes, limit: ${maxBytes}) ---`,
|
|
671
|
+
truncated: true
|
|
672
|
+
};
|
|
673
|
+
}
|
|
674
|
+
function maskSecrets(text, secrets) {
|
|
675
|
+
let result = text;
|
|
676
|
+
for (const value of Object.values(secrets)) {
|
|
677
|
+
if (value.length > 0) {
|
|
678
|
+
result = result.replaceAll(value, "***");
|
|
679
|
+
}
|
|
680
|
+
}
|
|
681
|
+
return result;
|
|
682
|
+
}
|
|
683
|
+
function createTarBuffer(filePath, content) {
|
|
684
|
+
const data = typeof content === "string" ? Buffer.from(content, "utf-8") : content;
|
|
685
|
+
const headerSize = 512;
|
|
686
|
+
const dataBlocks = Math.ceil(data.length / 512);
|
|
687
|
+
const totalSize = headerSize + dataBlocks * 512 + 1024;
|
|
688
|
+
const buf = Buffer.alloc(totalSize);
|
|
689
|
+
buf.write(filePath.replace(/^\//, ""), 0, 100, "utf-8");
|
|
690
|
+
buf.write("0000644\x00", 100, 8, "utf-8");
|
|
691
|
+
buf.write("0000000\x00", 108, 8, "utf-8");
|
|
692
|
+
buf.write("0000000\x00", 116, 8, "utf-8");
|
|
693
|
+
buf.write(`${data.length.toString(8).padStart(11, "0")}\x00`, 124, 12, "utf-8");
|
|
694
|
+
buf.write(`${Math.floor(Date.now() / 1000).toString(8).padStart(11, "0")}\x00`, 136, 12, "utf-8");
|
|
695
|
+
buf.write("0", 156, 1, "utf-8");
|
|
696
|
+
buf.write("ustar\x00", 257, 6, "utf-8");
|
|
697
|
+
buf.write("00", 263, 2, "utf-8");
|
|
698
|
+
buf.write(" ", 148, 8, "utf-8");
|
|
699
|
+
let checksum = 0;
|
|
700
|
+
for (let i = 0;i < headerSize; i++) {
|
|
701
|
+
checksum += buf[i];
|
|
702
|
+
}
|
|
703
|
+
buf.write(`${checksum.toString(8).padStart(6, "0")}\x00 `, 148, 8, "utf-8");
|
|
704
|
+
data.copy(buf, headerSize);
|
|
705
|
+
return buf;
|
|
706
|
+
}
|
|
707
|
+
function extractFromTar(tarBuffer, targetPath) {
|
|
708
|
+
const normalizedTarget = targetPath.replace(/^\//, "");
|
|
709
|
+
const basename = targetPath.split("/").pop() ?? targetPath;
|
|
710
|
+
let offset = 0;
|
|
711
|
+
while (offset < tarBuffer.length - 512) {
|
|
712
|
+
const nameEnd = tarBuffer.indexOf(0, offset);
|
|
713
|
+
const name = tarBuffer.subarray(offset, Math.min(nameEnd, offset + 100)).toString("utf-8");
|
|
714
|
+
if (name.length === 0) {
|
|
715
|
+
break;
|
|
716
|
+
}
|
|
717
|
+
const sizeStr = tarBuffer.subarray(offset + 124, offset + 136).toString("utf-8").trim();
|
|
718
|
+
const size = Number.parseInt(sizeStr, 8);
|
|
719
|
+
if (Number.isNaN(size)) {
|
|
720
|
+
break;
|
|
721
|
+
}
|
|
722
|
+
const dataStart = offset + 512;
|
|
723
|
+
const dataBlocks = Math.ceil(size / 512);
|
|
724
|
+
if (name === normalizedTarget || name.endsWith(`/${normalizedTarget}`) || name === basename) {
|
|
725
|
+
return Buffer.from(tarBuffer.subarray(dataStart, dataStart + size));
|
|
726
|
+
}
|
|
727
|
+
offset = dataStart + dataBlocks * 512;
|
|
728
|
+
}
|
|
729
|
+
throw new Error(`File "${targetPath}" not found in tar archive`);
|
|
730
|
+
}
|
|
731
|
+
function validatePackageName(name) {
|
|
732
|
+
if (!/^[@a-zA-Z0-9_./\-=]+$/.test(name)) {
|
|
733
|
+
throw new Error(`Invalid package name: "${name}". Only alphanumeric, -, _, ., /, @, and = are allowed.`);
|
|
734
|
+
}
|
|
735
|
+
return name;
|
|
736
|
+
}
|
|
737
|
+
|
|
616
738
|
// src/engine/image-builder.ts
|
|
739
|
+
var exports_image_builder = {};
|
|
740
|
+
__export(exports_image_builder, {
|
|
741
|
+
normalizePackages: () => normalizePackages,
|
|
742
|
+
imageExists: () => imageExists,
|
|
743
|
+
getCustomImageTag: () => getCustomImageTag,
|
|
744
|
+
ensureImages: () => ensureImages,
|
|
745
|
+
buildCustomImages: () => buildCustomImages,
|
|
746
|
+
buildBaseImages: () => buildBaseImages
|
|
747
|
+
});
|
|
617
748
|
import { createHash as createHash2 } from "node:crypto";
|
|
618
749
|
import { existsSync as existsSync3, readFileSync as readFileSync2 } from "node:fs";
|
|
750
|
+
import { join as join3 } from "node:path";
|
|
619
751
|
function resolveDockerDir() {
|
|
620
752
|
const fromBundled = new URL("./docker", import.meta.url).pathname;
|
|
621
753
|
if (existsSync3(fromBundled)) {
|
|
@@ -623,6 +755,19 @@ function resolveDockerDir() {
|
|
|
623
755
|
}
|
|
624
756
|
return new URL("../../docker", import.meta.url).pathname;
|
|
625
757
|
}
|
|
758
|
+
function computeDockerDirHash() {
|
|
759
|
+
const hash = createHash2("sha256");
|
|
760
|
+
const files = [...DOCKER_BUILD_FILES].sort();
|
|
761
|
+
for (const file of files) {
|
|
762
|
+
const filePath = join3(DOCKERFILE_DIR, file);
|
|
763
|
+
if (existsSync3(filePath)) {
|
|
764
|
+
const content = readFileSync2(filePath);
|
|
765
|
+
hash.update(file);
|
|
766
|
+
hash.update(content);
|
|
767
|
+
}
|
|
768
|
+
}
|
|
769
|
+
return hash.digest("hex");
|
|
770
|
+
}
|
|
626
771
|
function computeDepsHash(runtime, packages) {
|
|
627
772
|
const hash = createHash2("sha256");
|
|
628
773
|
hash.update(runtime);
|
|
@@ -640,11 +785,206 @@ function getCustomImageTag(runtime, packages) {
|
|
|
640
785
|
const shortHash = depsHash.slice(0, 12);
|
|
641
786
|
return `isol8:${runtime}-custom-${shortHash}`;
|
|
642
787
|
}
|
|
643
|
-
|
|
788
|
+
async function getImageLabels(docker, imageName) {
|
|
789
|
+
try {
|
|
790
|
+
const image = docker.getImage(imageName);
|
|
791
|
+
const inspect = await image.inspect();
|
|
792
|
+
return inspect.Config?.Labels ?? {};
|
|
793
|
+
} catch {
|
|
794
|
+
return null;
|
|
795
|
+
}
|
|
796
|
+
}
|
|
797
|
+
async function removeImage(docker, imageId) {
|
|
798
|
+
try {
|
|
799
|
+
const image = docker.getImage(imageId);
|
|
800
|
+
await image.remove();
|
|
801
|
+
logger.debug(`[ImageBuilder] Removed old image: ${imageId.slice(0, 12)}`);
|
|
802
|
+
} catch (err) {
|
|
803
|
+
logger.debug(`[ImageBuilder] Could not remove image ${imageId.slice(0, 12)}: ${err}`);
|
|
804
|
+
}
|
|
805
|
+
}
|
|
806
|
+
async function buildBaseImages(docker, onProgress, force = false, onlyRuntimes) {
|
|
807
|
+
const allRuntimes = RuntimeRegistry.list();
|
|
808
|
+
const runtimes = onlyRuntimes ? allRuntimes.filter((r) => onlyRuntimes.includes(r.name)) : allRuntimes;
|
|
809
|
+
const dockerHash = computeDockerDirHash();
|
|
810
|
+
logger.debug(`[ImageBuilder] Docker directory hash: ${dockerHash.slice(0, 16)}...`);
|
|
811
|
+
for (const adapter of runtimes) {
|
|
812
|
+
const target = adapter.name;
|
|
813
|
+
const imageName = adapter.image;
|
|
814
|
+
if (!force) {
|
|
815
|
+
const labels = await getImageLabels(docker, imageName);
|
|
816
|
+
if (labels && labels[LABELS.dockerHash] === dockerHash) {
|
|
817
|
+
logger.debug(`[ImageBuilder] Base image ${target} is up to date, skipping build`);
|
|
818
|
+
onProgress?.({ runtime: target, status: "done", message: "Up to date" });
|
|
819
|
+
continue;
|
|
820
|
+
}
|
|
821
|
+
}
|
|
822
|
+
let oldImageId = null;
|
|
823
|
+
try {
|
|
824
|
+
const oldImage = await docker.getImage(imageName).inspect();
|
|
825
|
+
oldImageId = oldImage.Id;
|
|
826
|
+
logger.debug(`[ImageBuilder] Existing image ${target} ID: ${oldImageId.slice(0, 12)}`);
|
|
827
|
+
} catch {
|
|
828
|
+
logger.debug(`[ImageBuilder] No existing image for ${target}`);
|
|
829
|
+
}
|
|
830
|
+
onProgress?.({ runtime: target, status: "building" });
|
|
831
|
+
try {
|
|
832
|
+
const stream = await docker.buildImage({ context: DOCKERFILE_DIR, src: DOCKER_BUILD_FILES }, {
|
|
833
|
+
t: imageName,
|
|
834
|
+
target,
|
|
835
|
+
dockerfile: "Dockerfile",
|
|
836
|
+
labels: {
|
|
837
|
+
[LABELS.dockerHash]: dockerHash
|
|
838
|
+
}
|
|
839
|
+
});
|
|
840
|
+
await new Promise((resolve2, reject) => {
|
|
841
|
+
docker.modem.followProgress(stream, (err) => {
|
|
842
|
+
if (err) {
|
|
843
|
+
reject(err);
|
|
844
|
+
} else {
|
|
845
|
+
resolve2();
|
|
846
|
+
}
|
|
847
|
+
});
|
|
848
|
+
});
|
|
849
|
+
if (oldImageId) {
|
|
850
|
+
await removeImage(docker, oldImageId);
|
|
851
|
+
}
|
|
852
|
+
onProgress?.({ runtime: target, status: "done" });
|
|
853
|
+
} catch (err) {
|
|
854
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
855
|
+
onProgress?.({ runtime: target, status: "error", message });
|
|
856
|
+
throw new Error(`Failed to build image for ${target}: ${message}`);
|
|
857
|
+
}
|
|
858
|
+
}
|
|
859
|
+
}
|
|
860
|
+
async function buildCustomImages(docker, config, onProgress, force = false) {
|
|
861
|
+
const deps = config.dependencies;
|
|
862
|
+
const python = deps.python ? normalizePackages(deps.python) : [];
|
|
863
|
+
const node = deps.node ? normalizePackages(deps.node) : [];
|
|
864
|
+
const bun = deps.bun ? normalizePackages(deps.bun) : [];
|
|
865
|
+
const deno = deps.deno ? normalizePackages(deps.deno) : [];
|
|
866
|
+
const bash = deps.bash ? normalizePackages(deps.bash) : [];
|
|
867
|
+
if (python.length) {
|
|
868
|
+
await buildCustomImage(docker, "python", python, onProgress, force);
|
|
869
|
+
}
|
|
870
|
+
if (node.length) {
|
|
871
|
+
await buildCustomImage(docker, "node", node, onProgress, force);
|
|
872
|
+
}
|
|
873
|
+
if (bun.length) {
|
|
874
|
+
await buildCustomImage(docker, "bun", bun, onProgress, force);
|
|
875
|
+
}
|
|
876
|
+
if (deno.length) {
|
|
877
|
+
await buildCustomImage(docker, "deno", deno, onProgress, force);
|
|
878
|
+
}
|
|
879
|
+
if (bash.length) {
|
|
880
|
+
await buildCustomImage(docker, "bash", bash, onProgress, force);
|
|
881
|
+
}
|
|
882
|
+
}
|
|
883
|
+
async function buildCustomImage(docker, runtime, packages, onProgress, force = false) {
|
|
884
|
+
const normalizedPackages = normalizePackages(packages);
|
|
885
|
+
const tag = getCustomImageTag(runtime, normalizedPackages);
|
|
886
|
+
const depsHash = computeDepsHash(runtime, normalizedPackages);
|
|
887
|
+
logger.debug(`[ImageBuilder] ${runtime} custom deps hash: ${depsHash.slice(0, 16)}...`);
|
|
888
|
+
if (!force) {
|
|
889
|
+
const labels = await getImageLabels(docker, tag);
|
|
890
|
+
if (labels && labels[LABELS.depsHash] === depsHash) {
|
|
891
|
+
logger.debug(`[ImageBuilder] Custom image ${runtime} is up to date, skipping build`);
|
|
892
|
+
onProgress?.({ runtime, status: "done", message: "Up to date" });
|
|
893
|
+
return;
|
|
894
|
+
}
|
|
895
|
+
}
|
|
896
|
+
let oldImageId = null;
|
|
897
|
+
try {
|
|
898
|
+
const oldImage = await docker.getImage(tag).inspect();
|
|
899
|
+
oldImageId = oldImage.Id;
|
|
900
|
+
logger.debug(`[ImageBuilder] Existing custom image ${runtime} ID: ${oldImageId.slice(0, 12)}`);
|
|
901
|
+
} catch {
|
|
902
|
+
logger.debug(`[ImageBuilder] No existing custom image for ${runtime}`);
|
|
903
|
+
}
|
|
904
|
+
onProgress?.({
|
|
905
|
+
runtime,
|
|
906
|
+
status: "building",
|
|
907
|
+
message: `Custom: ${normalizedPackages.join(", ")}`
|
|
908
|
+
});
|
|
909
|
+
let installCmd;
|
|
910
|
+
switch (runtime) {
|
|
911
|
+
case "python":
|
|
912
|
+
installCmd = `RUN pip install --no-cache-dir ${normalizedPackages.join(" ")}`;
|
|
913
|
+
break;
|
|
914
|
+
case "node":
|
|
915
|
+
installCmd = `RUN npm install -g ${normalizedPackages.join(" ")}`;
|
|
916
|
+
break;
|
|
917
|
+
case "bun":
|
|
918
|
+
installCmd = `RUN bun install -g ${normalizedPackages.join(" ")}`;
|
|
919
|
+
break;
|
|
920
|
+
case "deno":
|
|
921
|
+
installCmd = normalizedPackages.map((p) => `RUN deno cache ${p}`).join(`
|
|
922
|
+
`);
|
|
923
|
+
break;
|
|
924
|
+
case "bash":
|
|
925
|
+
installCmd = `RUN apk add --no-cache ${normalizedPackages.join(" ")}`;
|
|
926
|
+
break;
|
|
927
|
+
default:
|
|
928
|
+
throw new Error(`Unknown runtime: ${runtime}`);
|
|
929
|
+
}
|
|
930
|
+
const dockerfileContent = `FROM isol8:${runtime}
|
|
931
|
+
${installCmd}
|
|
932
|
+
`;
|
|
933
|
+
const { createTarBuffer: createTarBuffer2, validatePackageName: validatePackageName2 } = await Promise.resolve().then(() => exports_utils);
|
|
934
|
+
const { Readable } = await import("node:stream");
|
|
935
|
+
normalizedPackages.forEach(validatePackageName2);
|
|
936
|
+
const tarBuffer = createTarBuffer2("Dockerfile", dockerfileContent);
|
|
937
|
+
const stream = await docker.buildImage(Readable.from(tarBuffer), {
|
|
938
|
+
t: tag,
|
|
939
|
+
dockerfile: "Dockerfile",
|
|
940
|
+
labels: {
|
|
941
|
+
[LABELS.depsHash]: depsHash
|
|
942
|
+
}
|
|
943
|
+
});
|
|
944
|
+
await new Promise((resolve2, reject) => {
|
|
945
|
+
docker.modem.followProgress(stream, (err) => {
|
|
946
|
+
if (err) {
|
|
947
|
+
reject(err);
|
|
948
|
+
} else {
|
|
949
|
+
resolve2();
|
|
950
|
+
}
|
|
951
|
+
});
|
|
952
|
+
});
|
|
953
|
+
if (oldImageId) {
|
|
954
|
+
await removeImage(docker, oldImageId);
|
|
955
|
+
}
|
|
956
|
+
onProgress?.({ runtime, status: "done" });
|
|
957
|
+
}
|
|
958
|
+
async function imageExists(docker, imageName) {
|
|
959
|
+
try {
|
|
960
|
+
await docker.getImage(imageName).inspect();
|
|
961
|
+
return true;
|
|
962
|
+
} catch {
|
|
963
|
+
return false;
|
|
964
|
+
}
|
|
965
|
+
}
|
|
966
|
+
async function ensureImages(docker, onProgress) {
|
|
967
|
+
const runtimes = RuntimeRegistry.list();
|
|
968
|
+
const missing = [];
|
|
969
|
+
for (const adapter of runtimes) {
|
|
970
|
+
if (!await imageExists(docker, adapter.image)) {
|
|
971
|
+
missing.push(adapter.name);
|
|
972
|
+
}
|
|
973
|
+
}
|
|
974
|
+
if (missing.length > 0) {
|
|
975
|
+
await buildBaseImages(docker, onProgress, false, missing);
|
|
976
|
+
}
|
|
977
|
+
}
|
|
978
|
+
var DOCKERFILE_DIR, LABELS, DOCKER_BUILD_FILES;
|
|
644
979
|
var init_image_builder = __esm(() => {
|
|
645
980
|
init_runtime();
|
|
646
981
|
init_logger();
|
|
647
982
|
DOCKERFILE_DIR = resolveDockerDir();
|
|
983
|
+
LABELS = {
|
|
984
|
+
dockerHash: "org.isol8.build.hash",
|
|
985
|
+
depsHash: "org.isol8.deps.hash"
|
|
986
|
+
};
|
|
987
|
+
DOCKER_BUILD_FILES = ["Dockerfile", "proxy.sh", "proxy-handler.sh"];
|
|
648
988
|
});
|
|
649
989
|
|
|
650
990
|
// src/engine/pool.ts
|
|
@@ -926,96 +1266,6 @@ function calculateResourceDelta(before, after) {
|
|
|
926
1266
|
};
|
|
927
1267
|
}
|
|
928
1268
|
|
|
929
|
-
// src/engine/utils.ts
|
|
930
|
-
function parseMemoryLimit(limit) {
|
|
931
|
-
const match = limit.match(/^(\d+(?:\.\d+)?)\s*([kmgt]?)b?$/i);
|
|
932
|
-
if (!match) {
|
|
933
|
-
throw new Error(`Invalid memory limit format: "${limit}". Use e.g. "512m", "1g".`);
|
|
934
|
-
}
|
|
935
|
-
const value = Number.parseFloat(match[1]);
|
|
936
|
-
const unit = (match[2] || "b").toLowerCase();
|
|
937
|
-
const multipliers = {
|
|
938
|
-
b: 1,
|
|
939
|
-
k: 1024,
|
|
940
|
-
m: 1024 ** 2,
|
|
941
|
-
g: 1024 ** 3,
|
|
942
|
-
t: 1024 ** 4
|
|
943
|
-
};
|
|
944
|
-
return Math.floor(value * (multipliers[unit] ?? 1));
|
|
945
|
-
}
|
|
946
|
-
function truncateOutput(output, maxBytes) {
|
|
947
|
-
const encoder = new TextEncoder;
|
|
948
|
-
const bytes = encoder.encode(output);
|
|
949
|
-
if (bytes.length <= maxBytes) {
|
|
950
|
-
return { text: output, truncated: false };
|
|
951
|
-
}
|
|
952
|
-
const decoder = new TextDecoder("utf-8", { fatal: false });
|
|
953
|
-
const truncated = decoder.decode(bytes.slice(0, maxBytes));
|
|
954
|
-
return {
|
|
955
|
-
text: `${truncated}
|
|
956
|
-
|
|
957
|
-
--- OUTPUT TRUNCATED (${bytes.length} bytes, limit: ${maxBytes}) ---`,
|
|
958
|
-
truncated: true
|
|
959
|
-
};
|
|
960
|
-
}
|
|
961
|
-
function maskSecrets(text, secrets) {
|
|
962
|
-
let result = text;
|
|
963
|
-
for (const value of Object.values(secrets)) {
|
|
964
|
-
if (value.length > 0) {
|
|
965
|
-
result = result.replaceAll(value, "***");
|
|
966
|
-
}
|
|
967
|
-
}
|
|
968
|
-
return result;
|
|
969
|
-
}
|
|
970
|
-
function createTarBuffer(filePath, content) {
|
|
971
|
-
const data = typeof content === "string" ? Buffer.from(content, "utf-8") : content;
|
|
972
|
-
const headerSize = 512;
|
|
973
|
-
const dataBlocks = Math.ceil(data.length / 512);
|
|
974
|
-
const totalSize = headerSize + dataBlocks * 512 + 1024;
|
|
975
|
-
const buf = Buffer.alloc(totalSize);
|
|
976
|
-
buf.write(filePath.replace(/^\//, ""), 0, 100, "utf-8");
|
|
977
|
-
buf.write("0000644\x00", 100, 8, "utf-8");
|
|
978
|
-
buf.write("0000000\x00", 108, 8, "utf-8");
|
|
979
|
-
buf.write("0000000\x00", 116, 8, "utf-8");
|
|
980
|
-
buf.write(`${data.length.toString(8).padStart(11, "0")}\x00`, 124, 12, "utf-8");
|
|
981
|
-
buf.write(`${Math.floor(Date.now() / 1000).toString(8).padStart(11, "0")}\x00`, 136, 12, "utf-8");
|
|
982
|
-
buf.write("0", 156, 1, "utf-8");
|
|
983
|
-
buf.write("ustar\x00", 257, 6, "utf-8");
|
|
984
|
-
buf.write("00", 263, 2, "utf-8");
|
|
985
|
-
buf.write(" ", 148, 8, "utf-8");
|
|
986
|
-
let checksum = 0;
|
|
987
|
-
for (let i = 0;i < headerSize; i++) {
|
|
988
|
-
checksum += buf[i];
|
|
989
|
-
}
|
|
990
|
-
buf.write(`${checksum.toString(8).padStart(6, "0")}\x00 `, 148, 8, "utf-8");
|
|
991
|
-
data.copy(buf, headerSize);
|
|
992
|
-
return buf;
|
|
993
|
-
}
|
|
994
|
-
function extractFromTar(tarBuffer, targetPath) {
|
|
995
|
-
const normalizedTarget = targetPath.replace(/^\//, "");
|
|
996
|
-
const basename = targetPath.split("/").pop() ?? targetPath;
|
|
997
|
-
let offset = 0;
|
|
998
|
-
while (offset < tarBuffer.length - 512) {
|
|
999
|
-
const nameEnd = tarBuffer.indexOf(0, offset);
|
|
1000
|
-
const name = tarBuffer.subarray(offset, Math.min(nameEnd, offset + 100)).toString("utf-8");
|
|
1001
|
-
if (name.length === 0) {
|
|
1002
|
-
break;
|
|
1003
|
-
}
|
|
1004
|
-
const sizeStr = tarBuffer.subarray(offset + 124, offset + 136).toString("utf-8").trim();
|
|
1005
|
-
const size = Number.parseInt(sizeStr, 8);
|
|
1006
|
-
if (Number.isNaN(size)) {
|
|
1007
|
-
break;
|
|
1008
|
-
}
|
|
1009
|
-
const dataStart = offset + 512;
|
|
1010
|
-
const dataBlocks = Math.ceil(size / 512);
|
|
1011
|
-
if (name === normalizedTarget || name.endsWith(`/${normalizedTarget}`) || name === basename) {
|
|
1012
|
-
return Buffer.from(tarBuffer.subarray(dataStart, dataStart + size));
|
|
1013
|
-
}
|
|
1014
|
-
offset = dataStart + dataBlocks * 512;
|
|
1015
|
-
}
|
|
1016
|
-
throw new Error(`File "${targetPath}" not found in tar archive`);
|
|
1017
|
-
}
|
|
1018
|
-
|
|
1019
1269
|
// src/engine/docker.ts
|
|
1020
1270
|
var exports_docker = {};
|
|
1021
1271
|
__export(exports_docker, {
|
|
@@ -1624,6 +1874,26 @@ class DockerIsol8 {
|
|
|
1624
1874
|
resolvedImage = legacyCustomTag;
|
|
1625
1875
|
} catch {}
|
|
1626
1876
|
}
|
|
1877
|
+
try {
|
|
1878
|
+
await this.docker.getImage(resolvedImage).inspect();
|
|
1879
|
+
} catch {
|
|
1880
|
+
logger.debug(`[ImageBuilder] Image ${resolvedImage} not found. Building...`);
|
|
1881
|
+
const { buildBaseImages: buildBaseImages2, buildCustomImages: buildCustomImages2 } = await Promise.resolve().then(() => (init_image_builder(), exports_image_builder));
|
|
1882
|
+
if (resolvedImage !== adapter.image && normalizedDeps.length > 0) {
|
|
1883
|
+
try {
|
|
1884
|
+
await this.docker.getImage(adapter.image).inspect();
|
|
1885
|
+
} catch {
|
|
1886
|
+
logger.debug(`[ImageBuilder] Base image ${adapter.image} missing. Building...`);
|
|
1887
|
+
await buildBaseImages2(this.docker, undefined, false, [adapter.name]);
|
|
1888
|
+
}
|
|
1889
|
+
logger.debug(`[ImageBuilder] Building custom image for ${adapter.name}...`);
|
|
1890
|
+
const dummyConfig = { dependencies: { [adapter.name]: normalizedDeps } };
|
|
1891
|
+
await buildCustomImages2(this.docker, dummyConfig, undefined, false);
|
|
1892
|
+
} else {
|
|
1893
|
+
logger.debug(`[ImageBuilder] Building base image for ${adapter.name}...`);
|
|
1894
|
+
await buildBaseImages2(this.docker, undefined, false, [adapter.name]);
|
|
1895
|
+
}
|
|
1896
|
+
}
|
|
1627
1897
|
this.imageCache.set(cacheKey, resolvedImage);
|
|
1628
1898
|
return resolvedImage;
|
|
1629
1899
|
}
|
|
@@ -2329,7 +2599,8 @@ var DEFAULT_CONFIG = {
|
|
|
2329
2599
|
cpuLimit: 1,
|
|
2330
2600
|
network: "none",
|
|
2331
2601
|
sandboxSize: "512m",
|
|
2332
|
-
tmpSize: "256m"
|
|
2602
|
+
tmpSize: "256m",
|
|
2603
|
+
readonlyRootFs: true
|
|
2333
2604
|
},
|
|
2334
2605
|
network: {
|
|
2335
2606
|
whitelist: [],
|
|
@@ -2398,7 +2669,8 @@ function mergeConfig(defaults, overrides) {
|
|
|
2398
2669
|
maxConcurrent: overrides.maxConcurrent ?? defaults.maxConcurrent,
|
|
2399
2670
|
defaults: {
|
|
2400
2671
|
...defaults.defaults,
|
|
2401
|
-
...overrides.defaults
|
|
2672
|
+
...overrides.defaults,
|
|
2673
|
+
readonlyRootFs: overrides.defaults?.readonlyRootFs ?? defaults.defaults.readonlyRootFs
|
|
2402
2674
|
},
|
|
2403
2675
|
network: {
|
|
2404
2676
|
whitelist: overrides.network?.whitelist ?? defaults.network.whitelist,
|
|
@@ -2443,7 +2715,7 @@ init_logger();
|
|
|
2443
2715
|
// package.json
|
|
2444
2716
|
var package_default = {
|
|
2445
2717
|
name: "isol8",
|
|
2446
|
-
version: "0.
|
|
2718
|
+
version: "0.12.0-alpha.0",
|
|
2447
2719
|
description: "Secure code execution engine for AI agents",
|
|
2448
2720
|
author: "Illusion47586",
|
|
2449
2721
|
license: "MIT",
|
|
@@ -2876,4 +3148,4 @@ export {
|
|
|
2876
3148
|
BunAdapter
|
|
2877
3149
|
};
|
|
2878
3150
|
|
|
2879
|
-
//# debugId=
|
|
3151
|
+
//# debugId=8EC327761CD2C45664756E2164756E21
|
package/dist/src/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C;;;GAGG;AACH,QAAA,MAAM,cAAc,EAAE,
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C;;;GAGG;AACH,QAAA,MAAM,cAAc,EAAE,WA0DrB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,UAAU,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,WAAW,CAepD;AAiDD,OAAO,EAAE,cAAc,EAAE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/engine/docker.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,MAAM,MAAM,WAAW,CAAC;AAG/B,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EAEf,WAAW,EAEX,YAAY,EAKZ,YAAY,EACZ,WAAW,EACZ,MAAM,UAAU,CAAC;AAuWlB,2HAA2H;AAC3H,MAAM,WAAW,kBAAmB,SAAQ,YAAY;IACtD,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAsB;IACrD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAU;IACrC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAoB;IACjD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA4C;IACrE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAoB;IACjD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmB;IAEpD,OAAO,CAAC,SAAS,CAAiC;IAClD,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,IAAI,CAA8B;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA6B;YAE1C,uBAAuB;IA6BrC;;;OAGG;gBACS,OAAO,GAAE,kBAAuB,EAAE,aAAa,SAAK;IA4ChE;;;;;OAKG;IACG,KAAK,CAAC,OAAO,GAAE,YAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAsCtD,kFAAkF;IAC5E,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB3B;;;OAGG;IACG,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAgB9D;;OAEG;YACW,WAAW;IAoDzB;;OAEG;YACW,qBAAqB;IA8CnC;;OAEG;YACW,kBAAkB;IA+DhC;;;;;;;OAOG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAYpE;;;;;;OAMG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAmB5C,6GAA6G;IAC7G,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED;;;OAGG;IACI,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC;YAuFzD,YAAY;
|
|
1
|
+
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/engine/docker.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,MAAM,MAAM,WAAW,CAAC;AAG/B,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EAEf,WAAW,EAEX,YAAY,EAKZ,YAAY,EACZ,WAAW,EACZ,MAAM,UAAU,CAAC;AAuWlB,2HAA2H;AAC3H,MAAM,WAAW,kBAAmB,SAAQ,YAAY;IACtD,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAsB;IACrD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAU;IACrC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAoB;IACjD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA4C;IACrE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAoB;IACjD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmB;IAEpD,OAAO,CAAC,SAAS,CAAiC;IAClD,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,IAAI,CAA8B;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA6B;YAE1C,uBAAuB;IA6BrC;;;OAGG;gBACS,OAAO,GAAE,kBAAuB,EAAE,aAAa,SAAK;IA4ChE;;;;;OAKG;IACG,KAAK,CAAC,OAAO,GAAE,YAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAsCtD,kFAAkF;IAC5E,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB3B;;;OAGG;IACG,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAgB9D;;OAEG;YACW,WAAW;IAoDzB;;OAEG;YACW,qBAAqB;IA8CnC;;OAEG;YACW,kBAAkB;IA+DhC;;;;;;;OAOG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAYpE;;;;;;OAMG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAmB5C,6GAA6G;IAC7G,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED;;;OAGG;IACI,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC;YAuFzD,YAAY;IAmE1B,OAAO,CAAC,UAAU;YAsBJ,gBAAgB;YAgKhB,iBAAiB;YAwIjB,aAAa;YAkBb,oBAAoB;YASpB,wBAAwB;IA4BtC,OAAO,CAAC,UAAU;IAIlB,OAAO,CAAC,eAAe;IA2BvB,OAAO,CAAC,iBAAiB;IA+BzB,OAAO,CAAC,yBAAyB;IA6BjC,OAAO,CAAC,QAAQ;YAwCD,gBAAgB;YA8EjB,iBAAiB;IAiG/B,OAAO,CAAC,iBAAiB;IAYzB;;;;;;;;;;;;;;;;;;;;OAoBG;WACU,OAAO,CAClB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IA0BjE;;;;;OAKG;WACU,aAAa,CACxB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CA2BlE"}
|
|
@@ -43,7 +43,7 @@ type ProgressCallback = (progress: BuildProgress) => void;
|
|
|
43
43
|
* @param onProgress - Optional callback for build progress updates.
|
|
44
44
|
* @param force - If true, always rebuild even if image is up to date.
|
|
45
45
|
*/
|
|
46
|
-
export declare function buildBaseImages(docker: Docker, onProgress?: ProgressCallback, force?: boolean): Promise<void>;
|
|
46
|
+
export declare function buildBaseImages(docker: Docker, onProgress?: ProgressCallback, force?: boolean, onlyRuntimes?: string[]): Promise<void>;
|
|
47
47
|
/**
|
|
48
48
|
* Builds custom images with user-specified dependencies layered on top of
|
|
49
49
|
* the base images. Reads package lists from the config's `dependencies` field.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"image-builder.d.ts","sourceRoot":"","sources":["../../../src/engine/image-builder.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AAEpC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAmE5C;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAE9D;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,CAK7E;AAkCD,mDAAmD;AACnD,UAAU,aAAa;IACrB,6CAA6C;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC;IACtC,+DAA+D;IAC/D,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,KAAK,gBAAgB,GAAG,CAAC,QAAQ,EAAE,aAAa,KAAK,IAAI,CAAC;AAE1D;;;;;;;;;;;GAWG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,EACd,UAAU,CAAC,EAAE,gBAAgB,EAC7B,KAAK,UAAQ,
|
|
1
|
+
{"version":3,"file":"image-builder.d.ts","sourceRoot":"","sources":["../../../src/engine/image-builder.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AAEpC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAmE5C;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAE9D;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,CAK7E;AAkCD,mDAAmD;AACnD,UAAU,aAAa;IACrB,6CAA6C;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC;IACtC,+DAA+D;IAC/D,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,KAAK,gBAAgB,GAAG,CAAC,QAAQ,EAAE,aAAa,KAAK,IAAI,CAAC;AAE1D;;;;;;;;;;;GAWG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,EACd,UAAU,CAAC,EAAE,gBAAgB,EAC7B,KAAK,UAAQ,EACb,YAAY,CAAC,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,IAAI,CAAC,CAuEf;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,WAAW,EACnB,UAAU,CAAC,EAAE,gBAAgB,EAC7B,KAAK,UAAQ,GACZ,OAAO,CAAC,IAAI,CAAC,CAwBf;AAqGD;;GAEG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAOrF;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAa/F"}
|
package/dist/src/types.d.ts
CHANGED
|
@@ -389,6 +389,8 @@ export interface Isol8Defaults {
|
|
|
389
389
|
sandboxSize: string;
|
|
390
390
|
/** Default size of the `/tmp` tmpfs mount. @default "256m" */
|
|
391
391
|
tmpSize: string;
|
|
392
|
+
/** Whether the root filesystem should be read-only. @default true */
|
|
393
|
+
readonlyRootFs: boolean;
|
|
392
394
|
}
|
|
393
395
|
/** Configuration for container cleanup and lifecycle. */
|
|
394
396
|
export interface Isol8Cleanup {
|
package/dist/src/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;;GAQG;AACH,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,CAAC;AAElE;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,8DAA8D;IAC9D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAE/B,sEAAsE;IACtE,OAAO,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IAExC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAE3B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;IAEf,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IAEf,gDAAgD;IAChD,QAAQ,EAAE,MAAM,CAAC;IAEjB,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IAEnB,0FAA0F;IAC1F,SAAS,EAAE,OAAO,CAAC;IAEnB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IAEjB,oDAAoD;IACpD,SAAS,EAAE,MAAM,CAAC;IAElB,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B;;;OAGG;IACH,aAAa,CAAC,EAAE;QACd,kDAAkD;QAClD,UAAU,EAAE,MAAM,CAAC;QACnB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,CAAC;QACjB,kDAAkD;QAClD,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sCAAsC;QACtC,cAAc,EAAE,MAAM,CAAC;QACvB,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IAEF;;;OAGG;IACH,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;CACjC,CAAC;;;;GAIC;AACH,MAAM,WAAW,WAAW;IAC1B,wDAAwD;IACxD,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C,0FAA0F;IAC1F,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uDAAuD;IACvD,SAAS,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,wEAAwE;IACxE,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC;IAC1B,wDAAwD;IACxD,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE;QACd,kDAAkD;QAClD,UAAU,EAAE,MAAM,CAAC;QACnB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,CAAC;QACjB,kDAAkD;QAClD,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sCAAsC;QACtC,cAAc,EAAE,MAAM,CAAC;QACvB,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,cAAc,CAAC,EAAE,aAAa,EAAE,CAAC;IACjC,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;IAEhC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAID;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,GAAG,WAAW,GAAG,YAAY,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,2CAA2C;IAC3C,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB,yFAAyF;IACzF,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC,mFAAmF;IACnF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,4EAA4E;IAC5E,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,4DAA4D;IAC5D,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,6EAA6E;IAC7E,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,iEAAiE;IACjE,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,wIAAwI;IACxI,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,+EAA+E;IAC/E,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB,yBAAyB;IACzB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B,mCAAmC;IACnC,KAAK,CAAC,EAAE,WAAW,CAAC;IAEpB,mCAAmC;IACnC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAE9B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,QAAQ,GAAG,MAAM,CAAC;IAEjC;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAErD;;;;OAIG;IACH,YAAY,CAAC,EAAE,iBAAiB,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;;;OAMG;IACH,OAAO,CAAC,EAAE,OAAO,GAAG;QAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,CAAA;KAAE,CAAC;CAC9C;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,gEAAgE;IAChE,KAAK,CAAC,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7C,kEAAkE;IAClE,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtB,0CAA0C;IAC1C,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAEzD;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/D;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvC;;;;;OAKG;IACH,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;CAClE;AAID;;;;;;;;GAQG;AACH,MAAM,WAAW,mBAAmB;IAClC,2FAA2F;IAC3F,SAAS,EAAE,MAAM,EAAE,CAAC;IAEpB,mGAAmG;IACnG,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAC/B,uDAAuD;IACvD,OAAO,EAAE,OAAO,CAAC;IACjB,8CAA8C;IAC9C,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,qFAAqF;IACrF,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,uCAAuC;IACvC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,iEAAiE;IACjE,WAAW,EAAE,MAAM,CAAC;IACpB,oDAAoD;IACpD,cAAc,EAAE,MAAM,CAAC;IACvB,kFAAkF;IAClF,WAAW,EAAE,OAAO,CAAC;IACrB,yDAAyD;IACzD,WAAW,EAAE,OAAO,CAAC;IACrB,yDAAyD;IACzD,QAAQ,EAAE,MAAM,CAAC;CAClB;AAID,oDAAoD;AACpD,MAAM,WAAW,aAAa;IAC5B,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;IAClB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,OAAO,EAAE,WAAW,CAAC;IACrB,kEAAkE;IAClE,WAAW,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;;GAQG;AACH,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,CAAC;AAElE;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,8DAA8D;IAC9D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAE/B,sEAAsE;IACtE,OAAO,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IAExC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAE3B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;IAEf,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IAEf,gDAAgD;IAChD,QAAQ,EAAE,MAAM,CAAC;IAEjB,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IAEnB,0FAA0F;IAC1F,SAAS,EAAE,OAAO,CAAC;IAEnB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IAEjB,oDAAoD;IACpD,SAAS,EAAE,MAAM,CAAC;IAElB,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B;;;OAGG;IACH,aAAa,CAAC,EAAE;QACd,kDAAkD;QAClD,UAAU,EAAE,MAAM,CAAC;QACnB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,CAAC;QACjB,kDAAkD;QAClD,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sCAAsC;QACtC,cAAc,EAAE,MAAM,CAAC;QACvB,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IAEF;;;OAGG;IACH,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;CACjC,CAAC;;;;GAIC;AACH,MAAM,WAAW,WAAW;IAC1B,wDAAwD;IACxD,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C,0FAA0F;IAC1F,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uDAAuD;IACvD,SAAS,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,wEAAwE;IACxE,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC;IAC1B,wDAAwD;IACxD,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE;QACd,kDAAkD;QAClD,UAAU,EAAE,MAAM,CAAC;QACnB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,CAAC;QACjB,kDAAkD;QAClD,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sCAAsC;QACtC,cAAc,EAAE,MAAM,CAAC;QACvB,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,cAAc,CAAC,EAAE,aAAa,EAAE,CAAC;IACjC,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;IAEhC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAID;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,GAAG,WAAW,GAAG,YAAY,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,2CAA2C;IAC3C,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB,yFAAyF;IACzF,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC,mFAAmF;IACnF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,4EAA4E;IAC5E,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,4DAA4D;IAC5D,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,6EAA6E;IAC7E,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,iEAAiE;IACjE,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,wIAAwI;IACxI,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,+EAA+E;IAC/E,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB,yBAAyB;IACzB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B,mCAAmC;IACnC,KAAK,CAAC,EAAE,WAAW,CAAC;IAEpB,mCAAmC;IACnC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAE9B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,QAAQ,GAAG,MAAM,CAAC;IAEjC;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAErD;;;;OAIG;IACH,YAAY,CAAC,EAAE,iBAAiB,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;;;OAMG;IACH,OAAO,CAAC,EAAE,OAAO,GAAG;QAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,CAAA;KAAE,CAAC;CAC9C;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,gEAAgE;IAChE,KAAK,CAAC,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7C,kEAAkE;IAClE,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtB,0CAA0C;IAC1C,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAEzD;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/D;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvC;;;;;OAKG;IACH,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;CAClE;AAID;;;;;;;;GAQG;AACH,MAAM,WAAW,mBAAmB;IAClC,2FAA2F;IAC3F,SAAS,EAAE,MAAM,EAAE,CAAC;IAEpB,mGAAmG;IACnG,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAC/B,uDAAuD;IACvD,OAAO,EAAE,OAAO,CAAC;IACjB,8CAA8C;IAC9C,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,qFAAqF;IACrF,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,uCAAuC;IACvC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,iEAAiE;IACjE,WAAW,EAAE,MAAM,CAAC;IACpB,oDAAoD;IACpD,cAAc,EAAE,MAAM,CAAC;IACvB,kFAAkF;IAClF,WAAW,EAAE,OAAO,CAAC;IACrB,yDAAyD;IACzD,WAAW,EAAE,OAAO,CAAC;IACrB,yDAAyD;IACzD,QAAQ,EAAE,MAAM,CAAC;CAClB;AAID,oDAAoD;AACpD,MAAM,WAAW,aAAa;IAC5B,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;IAClB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,OAAO,EAAE,WAAW,CAAC;IACrB,kEAAkE;IAClE,WAAW,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAC;IAChB,qEAAqE;IACrE,cAAc,EAAE,OAAO,CAAC;CACzB;AAED,yDAAyD;AACzD,MAAM,WAAW,YAAY;IAC3B,oEAAoE;IACpE,SAAS,EAAE,OAAO,CAAC;IACnB,kFAAkF;IAClF,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,oDAAoD;IACpD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,wCAAwC;IACxC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,iDAAiD;IACjD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,OAAO,CAAC,EAAE,QAAQ,GAAG,YAAY,GAAG,QAAQ,CAAC;IAC7C,mFAAmF;IACnF,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,uCAAuC;AACvC,MAAM,WAAW,WAAW;IAC1B,2CAA2C;IAC3C,OAAO,EAAE,OAAO,CAAC;IACjB,4EAA4E;IAC5E,WAAW,EAAE,YAAY,GAAG,QAAQ,GAAG,MAAM,CAAC;IAC9C,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,6FAA6F;IAC7F,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gEAAgE;IAChE,cAAc,EAAE,OAAO,CAAC;IACxB,0DAA0D;IAC1D,aAAa,EAAE,MAAM,CAAC;IACtB,sEAAsE;IACtE,WAAW,EAAE,OAAO,CAAC;IACrB,6EAA6E;IAC7E,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,WAAW;IAC1B,0EAA0E;IAC1E,aAAa,EAAE,MAAM,CAAC;IAEtB,sDAAsD;IACtD,QAAQ,EAAE,aAAa,CAAC;IAExB,4DAA4D;IAC5D,OAAO,EAAE,mBAAmB,CAAC;IAE7B,gDAAgD;IAChD,OAAO,EAAE,YAAY,CAAC;IAEtB;;;OAGG;IACH,YAAY,EAAE,QAAQ,GAAG,MAAM,CAAC;IAEhC;;;OAGG;IACH,QAAQ,EAAE,MAAM,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAEpD,mEAAmE;IACnE,YAAY,EAAE,iBAAiB,CAAC;IAEhC,yBAAyB;IACzB,QAAQ,EAAE,cAAc,CAAC;IAEzB,mCAAmC;IACnC,UAAU,EAAE,gBAAgB,CAAC;IAE7B,mCAAmC;IACnC,KAAK,EAAE,WAAW,CAAC;IAEnB,2CAA2C;IAC3C,KAAK,EAAE,OAAO,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,wDAAwD;IACxD,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,0EAA0E;IAC1E,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,kFAAkF;IAClF,QAAQ,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAElC,4DAA4D;IAC5D,OAAO,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEvC,4EAA4E;IAC5E,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAEhC;;;OAGG;IACH,YAAY,CAAC,EAAE,QAAQ,GAAG,MAAM,CAAC;IAEjC;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAErD,mEAAmE;IACnE,YAAY,CAAC,EAAE,iBAAiB,CAAC;IAEjC,yBAAyB;IACzB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B,+DAA+D;IAC/D,UAAU,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAEvC,mCAAmC;IACnC,KAAK,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;CAC9B"}
|
package/package.json
CHANGED
|
@@ -140,6 +140,11 @@
|
|
|
140
140
|
"default": "none",
|
|
141
141
|
"description": "Default network mode."
|
|
142
142
|
},
|
|
143
|
+
"readonlyRootFs": {
|
|
144
|
+
"default": true,
|
|
145
|
+
"description": "Whether the root filesystem should be read-only.",
|
|
146
|
+
"type": "boolean"
|
|
147
|
+
},
|
|
143
148
|
"sandboxSize": {
|
|
144
149
|
"default": "512m",
|
|
145
150
|
"description": "Default size of the `/sandbox` tmpfs mount.",
|