isol8 0.4.2 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/README.md +3 -2
  2. package/dist/cli.js +30 -12
  3. package/dist/cli.js.map +7 -7
  4. package/dist/index.js +14 -8
  5. package/dist/index.js.map +6 -6
  6. package/dist/src/engine/docker.d.ts.map +1 -1
  7. package/dist/src/runtime/adapter.d.ts +4 -1
  8. package/dist/src/runtime/adapter.d.ts.map +1 -1
  9. package/dist/src/types.d.ts +5 -0
  10. package/dist/src/types.d.ts.map +1 -1
  11. package/dist/sshcrypto-0209sx47.node +0 -0
  12. package/package.json +1 -1
package/README.md CHANGED
@@ -11,8 +11,9 @@ Secure code execution engine for AI agents. Run untrusted Python, Node.js, Bun,
11
11
  - **Security first** — read-only rootfs, `no-new-privileges`, PID/memory/CPU limits
12
12
  - **Network control** — `none` (default), `host`, or `filtered` (HTTP/HTTPS proxy with regex whitelist/blacklist)
13
13
  - **File I/O** — upload files into and download files from sandboxes
14
- - **Runtime packages** — install pip/npm/bun packages on-the-fly via `installPackages`
15
- - **Secret masking** — environment variables are scrubbed from output
14
+ - **Runtime packages** — install pip/npm/bun packages on-the-fly (`--install`)
15
+ - **Modern Node.js** — defaults to ESM (`.mjs`), supports CommonJS (`.cjs`)
16
+ - **Secret masking** — environment variables are scrubbed from output
16
17
  - **Output truncation** — prevents runaway stdout (default 1MB cap)
17
18
  - **Remote mode** — run an HTTP server and execute from anywhere
18
19
  - **Embeddable** — use as a TypeScript library in your own project
package/dist/cli.js CHANGED
@@ -6929,6 +6929,11 @@ var require_utils2 = __commonJS((exports, module) => {
6929
6929
  };
6930
6930
  });
6931
6931
 
6932
+ // node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node
6933
+ var require_sshcrypto = __commonJS((exports, module) => {
6934
+ module.exports = __require("./sshcrypto-0209sx47.node");
6935
+ });
6936
+
6932
6937
  // node_modules/ssh2/lib/protocol/crypto/poly1305.js
6933
6938
  var require_poly1305 = __commonJS((exports, module) => {
6934
6939
  var __dirname = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib/protocol/crypto", __filename = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib/protocol/crypto/poly1305.js";
@@ -7415,7 +7420,7 @@ var require_crypto = __commonJS((exports, module) => {
7415
7420
  var ChaChaPolyDecipher;
7416
7421
  var GenericDecipher;
7417
7422
  try {
7418
- binding = (()=>{throw new Error("Cannot require module "+"./crypto/build/Release/sshcrypto.node");})();
7423
+ binding = require_sshcrypto();
7419
7424
  ({
7420
7425
  AESGCMCipher,
7421
7426
  ChaChaPolyCipher,
@@ -54826,9 +54831,12 @@ var init_adapter = __esm(() => {
54826
54831
  adapters = new Map;
54827
54832
  extensionMap = new Map;
54828
54833
  RuntimeRegistry = {
54829
- register(adapter) {
54834
+ register(adapter, aliases = []) {
54830
54835
  adapters.set(adapter.name, adapter);
54831
54836
  extensionMap.set(adapter.getFileExtension(), adapter);
54837
+ for (const ext of aliases) {
54838
+ extensionMap.set(ext, adapter);
54839
+ }
54832
54840
  },
54833
54841
  get(name) {
54834
54842
  const adapter = adapters.get(name);
@@ -54926,7 +54934,7 @@ var init_node = __esm(() => {
54926
54934
  return ["node", "-e", code];
54927
54935
  },
54928
54936
  getFileExtension() {
54929
- return ".js";
54937
+ return ".mjs";
54930
54938
  }
54931
54939
  };
54932
54940
  });
@@ -54964,7 +54972,7 @@ var init_runtime = __esm(() => {
54964
54972
  init_node();
54965
54973
  init_python();
54966
54974
  RuntimeRegistry.register(PythonAdapter);
54967
- RuntimeRegistry.register(NodeAdapter);
54975
+ RuntimeRegistry.register(NodeAdapter, [".js", ".cjs"]);
54968
54976
  RuntimeRegistry.register(BunAdapter);
54969
54977
  RuntimeRegistry.register(bashAdapter);
54970
54978
  RuntimeRegistry.register(DenoAdapter);
@@ -55459,7 +55467,8 @@ class DockerIsol8 {
55459
55467
  if (this.network === "filtered") {
55460
55468
  await startProxy(container, this.networkFilter);
55461
55469
  }
55462
- const filePath = `${SANDBOX_WORKDIR}/main${adapter.getFileExtension()}`;
55470
+ const ext = req.fileExtension ?? adapter.getFileExtension();
55471
+ const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
55463
55472
  await writeFileViaExec(container, filePath, req.code);
55464
55473
  if (req.installPackages?.length) {
55465
55474
  await installPackages(container, req.runtime, req.installPackages);
@@ -55533,7 +55542,8 @@ class DockerIsol8 {
55533
55542
  if (this.network === "filtered") {
55534
55543
  await startProxy(container, this.networkFilter);
55535
55544
  }
55536
- const filePath = `${SANDBOX_WORKDIR}/main${adapter.getFileExtension()}`;
55545
+ const ext = req.fileExtension ?? adapter.getFileExtension();
55546
+ const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
55537
55547
  await writeFileViaExec(container, filePath, req.code);
55538
55548
  if (req.installPackages?.length) {
55539
55549
  await installPackages(container, req.runtime, req.installPackages);
@@ -55590,7 +55600,8 @@ class DockerIsol8 {
55590
55600
  } else if (this.persistentRuntime?.name !== adapter.name) {
55591
55601
  throw new Error(`Cannot switch runtime from "${this.persistentRuntime?.name}" to "${adapter.name}". Each persistent container supports a single runtime. Create a new Isol8 instance for a different runtime.`);
55592
55602
  }
55593
- const filePath = `${SANDBOX_WORKDIR}/exec_${Date.now()}${adapter.getFileExtension()}`;
55603
+ const ext = req.fileExtension ?? adapter.getFileExtension();
55604
+ const filePath = `${SANDBOX_WORKDIR}/exec_${Date.now()}${ext}`;
55594
55605
  if (this.readonlyRootFs) {
55595
55606
  await writeFileViaExec(this.container, filePath, req.code);
55596
55607
  } else {
@@ -61221,7 +61232,7 @@ program2.command("setup").description("Check Docker and build isol8 images").opt
61221
61232
  [DONE] Setup complete!`);
61222
61233
  });
61223
61234
  program2.command("run").description("Execute code in isol8").argument("[file]", "Script file to execute").option("-e, --eval <code>", "Execute inline code string").option("-r, --runtime <name>", "Force runtime (python, node, bun, deno, bash)").option("--net <mode>", "Network mode: none, host, filtered", "none").option("--allow <regex>", "Whitelist regex for filtered mode (repeatable)", collect, []).option("--deny <regex>", "Blacklist regex for filtered mode (repeatable)", collect, []).option("--out <file>", "Write output to file").option("--persistent", "Use persistent container").option("--timeout <ms>", "Execution timeout in milliseconds").option("--memory <limit>", "Memory limit (e.g. 512m, 1g)").option("--cpu <limit>", "CPU limit as fraction (e.g. 0.5, 2.0)").option("--image <name>", "Override Docker image").option("--pids-limit <n>", "Maximum number of processes").option("--writable", "Disable read-only root filesystem").option("--max-output <bytes>", "Maximum output size in bytes").option("--secret <KEY=VALUE>", "Secret env var (repeatable, values masked)", collect, []).option("--sandbox-size <size>", "Sandbox tmpfs size (e.g. 128m)").option("--tmp-size <size>", "Tmp tmpfs size (e.g. 256m, 512m)").option("--stdin <data>", "Data to pipe to stdin").option("--install <package>", "Install package for runtime (repeatable)", collect, []).option("--host <url>", "Execute on remote server").option("--key <key>", "API key for remote server").option("--no-stream", "Disable real-time output streaming").action(async (file, opts) => {
61224
- const { code, runtime, engineOptions, engine, stdinData } = await resolveRunInput(file, opts);
61235
+ const { code, runtime, engineOptions, engine, stdinData, fileExtension } = await resolveRunInput(file, opts);
61225
61236
  const cleanup = async () => {
61226
61237
  await engine.stop();
61227
61238
  process.exit(0);
@@ -61238,7 +61249,8 @@ program2.command("run").description("Execute code in isol8").argument("[file]",
61238
61249
  runtime,
61239
61250
  timeoutMs: engineOptions.timeoutMs,
61240
61251
  ...stdinData ? { stdin: stdinData } : {},
61241
- ...opts.install.length > 0 ? { installPackages: opts.install } : {}
61252
+ ...opts.install.length > 0 ? { installPackages: opts.install } : {},
61253
+ fileExtension
61242
61254
  };
61243
61255
  if (opts.stream !== false) {
61244
61256
  spinner.stop();
@@ -61480,9 +61492,15 @@ async function resolveRunInput(file, opts) {
61480
61492
  ...opts.pidsLimit ? { pidsLimit: Number.parseInt(opts.pidsLimit, 10) } : {},
61481
61493
  ...opts.writable ? { readonlyRootFs: false } : {},
61482
61494
  ...opts.maxOutput ? { maxOutputSize: Number.parseInt(opts.maxOutput, 10) } : {},
61483
- ...opts.sandboxSize ? { sandboxSize: opts.sandboxSize } : {},
61484
61495
  ...opts.tmpSize ? { tmpSize: opts.tmpSize } : {}
61485
61496
  };
61497
+ let fileExtension;
61498
+ if (file) {
61499
+ const ext = file.substring(file.lastIndexOf("."));
61500
+ if (ext) {
61501
+ fileExtension = ext;
61502
+ }
61503
+ }
61486
61504
  const secrets = {};
61487
61505
  for (const s of opts.secret ?? []) {
61488
61506
  const idx = s.indexOf("=");
@@ -61505,7 +61523,7 @@ async function resolveRunInput(file, opts) {
61505
61523
  } else {
61506
61524
  engine = new DockerIsol8(engineOptions, config.maxConcurrent);
61507
61525
  }
61508
- return { code, runtime, engineOptions, engine, stdinData };
61526
+ return { code, runtime, engineOptions, engine, stdinData, fileExtension };
61509
61527
  }
61510
61528
  function collect(value, previous) {
61511
61529
  return previous.concat([value]);
@@ -61516,4 +61534,4 @@ if (!process.argv.slice(2).length) {
61516
61534
  }
61517
61535
  program2.parse();
61518
61536
 
61519
- //# debugId=56782BF23191267E64756E2164756E21
61537
+ //# debugId=E455279A70D3A2C764756E2164756E21