npm - isol8 - Versions diffs - 0.4.1 → 0.4.3 - Mend

isol8 0.4.1 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md +3 -2
package/dist/cli.js +32 -15
package/dist/cli.js.map +7 -7
package/dist/index.js +14 -8
package/dist/index.js.map +6 -6
package/dist/src/engine/docker.d.ts.map +1 -1
package/dist/src/runtime/adapter.d.ts +4 -1
package/dist/src/runtime/adapter.d.ts.map +1 -1
package/dist/src/types.d.ts +5 -0
package/dist/src/types.d.ts.map +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -11,8 +11,9 @@ Secure code execution engine for AI agents. Run untrusted Python, Node.js, Bun,
 - **Security first** — read-only rootfs, `no-new-privileges`, PID/memory/CPU limits
 - **Network control** — `none` (default), `host`, or `filtered` (HTTP/HTTPS proxy with regex whitelist/blacklist)
 - **File I/O** — upload files into and download files from sandboxes
-- **Runtime packages** — install pip/npm/bun packages on-the-fly via `installPackages`
-- **Secret masking** — environment variables are scrubbed from output
+-   **Runtime packages** — install pip/npm/bun packages on-the-fly (`--install`)
+-   **Modern Node.js** — defaults to ESM (`.mjs`), supports CommonJS (`.cjs`)
+-   **Secret masking** — environment variables are scrubbed from output
 - **Output truncation** — prevents runaway stdout (default 1MB cap)
 - **Remote mode** — run an HTTP server and execute from anywhere
 - **Embeddable** — use as a TypeScript library in your own project

package/dist/cli.js CHANGED Viewed

@@ -54831,9 +54831,12 @@ var init_adapter = __esm(() => {
   adapters = new Map;
   extensionMap = new Map;
   RuntimeRegistry = {
-    register(adapter) {
+    register(adapter, aliases = []) {
       adapters.set(adapter.name, adapter);
       extensionMap.set(adapter.getFileExtension(), adapter);
+      for (const ext of aliases) {
+        extensionMap.set(ext, adapter);
+      }
     },
     get(name) {
       const adapter = adapters.get(name);
@@ -54931,7 +54934,7 @@ var init_node = __esm(() => {
       return ["node", "-e", code];
     },
     getFileExtension() {
-      return ".js";
+      return ".mjs";
     }
   };
 });
@@ -54969,7 +54972,7 @@ var init_runtime = __esm(() => {
   init_node();
   init_python();
   RuntimeRegistry.register(PythonAdapter);
-  RuntimeRegistry.register(NodeAdapter);
+  RuntimeRegistry.register(NodeAdapter, [".js", ".cjs"]);
   RuntimeRegistry.register(BunAdapter);
   RuntimeRegistry.register(bashAdapter);
   RuntimeRegistry.register(DenoAdapter);
@@ -55464,7 +55467,8 @@ class DockerIsol8 {
         if (this.network === "filtered") {
           await startProxy(container, this.networkFilter);
         }
-        const filePath = `${SANDBOX_WORKDIR}/main${adapter.getFileExtension()}`;
+        const ext = req.fileExtension ?? adapter.getFileExtension();
+        const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
         await writeFileViaExec(container, filePath, req.code);
         if (req.installPackages?.length) {
           await installPackages(container, req.runtime, req.installPackages);
@@ -55538,7 +55542,8 @@ class DockerIsol8 {
       if (this.network === "filtered") {
         await startProxy(container, this.networkFilter);
       }
-      const filePath = `${SANDBOX_WORKDIR}/main${adapter.getFileExtension()}`;
+      const ext = req.fileExtension ?? adapter.getFileExtension();
+      const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
       await writeFileViaExec(container, filePath, req.code);
       if (req.installPackages?.length) {
         await installPackages(container, req.runtime, req.installPackages);
@@ -55595,7 +55600,8 @@ class DockerIsol8 {
     } else if (this.persistentRuntime?.name !== adapter.name) {
       throw new Error(`Cannot switch runtime from "${this.persistentRuntime?.name}" to "${adapter.name}". Each persistent container supports a single runtime. Create a new Isol8 instance for a different runtime.`);
     }
-    const filePath = `${SANDBOX_WORKDIR}/exec_${Date.now()}${adapter.getFileExtension()}`;
+    const ext = req.fileExtension ?? adapter.getFileExtension();
+    const filePath = `${SANDBOX_WORKDIR}/exec_${Date.now()}${ext}`;
     if (this.readonlyRootFs) {
       await writeFileViaExec(this.container, filePath, req.code);
     } else {
@@ -61226,7 +61232,7 @@ program2.command("setup").description("Check Docker and build isol8 images").opt
 [DONE] Setup complete!`);
 });
 program2.command("run").description("Execute code in isol8").argument("[file]", "Script file to execute").option("-e, --eval <code>", "Execute inline code string").option("-r, --runtime <name>", "Force runtime (python, node, bun, deno, bash)").option("--net <mode>", "Network mode: none, host, filtered", "none").option("--allow <regex>", "Whitelist regex for filtered mode (repeatable)", collect, []).option("--deny <regex>", "Blacklist regex for filtered mode (repeatable)", collect, []).option("--out <file>", "Write output to file").option("--persistent", "Use persistent container").option("--timeout <ms>", "Execution timeout in milliseconds").option("--memory <limit>", "Memory limit (e.g. 512m, 1g)").option("--cpu <limit>", "CPU limit as fraction (e.g. 0.5, 2.0)").option("--image <name>", "Override Docker image").option("--pids-limit <n>", "Maximum number of processes").option("--writable", "Disable read-only root filesystem").option("--max-output <bytes>", "Maximum output size in bytes").option("--secret <KEY=VALUE>", "Secret env var (repeatable, values masked)", collect, []).option("--sandbox-size <size>", "Sandbox tmpfs size (e.g. 128m)").option("--tmp-size <size>", "Tmp tmpfs size (e.g. 256m, 512m)").option("--stdin <data>", "Data to pipe to stdin").option("--install <package>", "Install package for runtime (repeatable)", collect, []).option("--host <url>", "Execute on remote server").option("--key <key>", "API key for remote server").option("--no-stream", "Disable real-time output streaming").action(async (file, opts) => {
-  const { code, runtime, engineOptions, engine, stdinData } = await resolveRunInput(file, opts);
+  const { code, runtime, engineOptions, engine, stdinData, fileExtension } = await resolveRunInput(file, opts);
   const cleanup = async () => {
     await engine.stop();
     process.exit(0);
@@ -61234,6 +61240,7 @@ program2.command("run").description("Execute code in isol8").argument("[file]",
   process.on("SIGINT", cleanup);
   process.on("SIGTERM", cleanup);
   const spinner = ora("Starting execution...").start();
+  let exitCode = 0;
   try {
     await engine.start();
     spinner.text = "Running code...";
@@ -61242,7 +61249,8 @@ program2.command("run").description("Execute code in isol8").argument("[file]",
       runtime,
       timeoutMs: engineOptions.timeoutMs,
       ...stdinData ? { stdin: stdinData } : {},
-      ...opts.install.length > 0 ? { installPackages: opts.install } : {}
+      ...opts.install.length > 0 ? { installPackages: opts.install } : {},
+      fileExtension
     };
     if (opts.stream !== false) {
       spinner.stop();
@@ -61254,11 +61262,11 @@ program2.command("run").description("Execute code in isol8").argument("[file]",
           process.stderr.write(event.data);
         } else if (event.type === "exit") {
           if (event.data !== "0") {
-            process.exit(Number.parseInt(event.data, 10));
+            exitCode = Number.parseInt(event.data, 10);
           }
         } else if (event.type === "error") {
           console.error(`[ERR] ${event.data}`);
-          process.exit(1);
+          exitCode = 1;
         }
       }
     } else {
@@ -61278,16 +61286,19 @@ program2.command("run").description("Execute code in isol8").argument("[file]",
         console.error(`[INFO] Output written to ${opts.out}`);
       }
       if (result.exitCode !== 0) {
-        process.exit(result.exitCode);
+        exitCode = result.exitCode;
       }
     }
   } catch (err) {
     spinner.stop();
     throw err;
   } finally {
-    await engine.stop();
+    const cleanupPromise = engine.stop();
+    const timeoutPromise = new Promise((resolve3) => setTimeout(resolve3, 5000));
+    await Promise.race([cleanupPromise, timeoutPromise]);
     process.off("SIGINT", cleanup);
     process.off("SIGTERM", cleanup);
+    process.exit(exitCode);
   }
 });
 program2.command("serve").description("Start the isol8 remote server").option("-p, --port <port>", "Port to listen on", "3000").option("-k, --key <key>", "API key for authentication").action(async (opts) => {
@@ -61481,9 +61492,15 @@ async function resolveRunInput(file, opts) {
     ...opts.pidsLimit ? { pidsLimit: Number.parseInt(opts.pidsLimit, 10) } : {},
     ...opts.writable ? { readonlyRootFs: false } : {},
     ...opts.maxOutput ? { maxOutputSize: Number.parseInt(opts.maxOutput, 10) } : {},
-    ...opts.sandboxSize ? { sandboxSize: opts.sandboxSize } : {},
     ...opts.tmpSize ? { tmpSize: opts.tmpSize } : {}
   };
+  let fileExtension;
+  if (file) {
+    const ext = file.substring(file.lastIndexOf("."));
+    if (ext) {
+      fileExtension = ext;
+    }
+  }
   const secrets = {};
   for (const s of opts.secret ?? []) {
     const idx = s.indexOf("=");
@@ -61506,7 +61523,7 @@ async function resolveRunInput(file, opts) {
   } else {
     engine = new DockerIsol8(engineOptions, config.maxConcurrent);
   }
-  return { code, runtime, engineOptions, engine, stdinData };
+  return { code, runtime, engineOptions, engine, stdinData, fileExtension };
 }
 function collect(value, previous) {
   return previous.concat([value]);
@@ -61517,4 +61534,4 @@ if (!process.argv.slice(2).length) {
 }
 program2.parse();
-//# debugId=AF05A942A56C65F664756E2164756E21
+//# debugId=E455279A70D3A2C764756E2164756E21