isol8 0.5.1 → 0.6.1

package/README.md

@@ -135,12 +135,19 @@ isol8 cleanup --force
 
 ### `isol8 serve`
 
-Start the isol8 remote HTTP server. **Requires Bun runtime.**
+Start the isol8 remote HTTP server. Downloads a pre-compiled standalone binary the first time you run this command (no Bun runtime required).
 
 ```bash
 isol8 serve --port 3000 --key my-secret-key
+isol8 serve --update  # Force re-download the server binary
 ```
 
+| Flag | Description | Default |
+|------|-------------|---------|
+| `-p, --port <port>` | Port to listen on | `3000` |
+| `-k, --key <key>` | API key for Bearer token auth | `$ISOL8_API_KEY` |
+| `--update` | Force re-download the server binary | `false` |
+
 ### `isol8 config`
 
 Display the resolved configuration (merged defaults + config file). Shows the source file, defaults, network rules, cleanup policy, and dependencies.
@@ -408,6 +415,10 @@ bunx tsc --noEmit
 # Lint
 bun run lint
 
+# Build
+bun run build              # Bundle CLI for Node.js distribution
+bun run build:server       # Compile standalone server binary
+
 # Benchmarks
 bun run bench            # Cold start
 bun run bench:pool       # Warm pool

package/dist/cli.js

@@ -6929,6 +6929,11 @@ var require_utils2 = __commonJS((exports, module) => {
   };
 });
 
+// node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node
+var require_sshcrypto = __commonJS((exports, module) => {
+  module.exports = __require("./sshcrypto-0209sx47.node");
+});
+
 // node_modules/ssh2/lib/protocol/crypto/poly1305.js
 var require_poly1305 = __commonJS((exports, module) => {
   var __dirname = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib/protocol/crypto", __filename = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib/protocol/crypto/poly1305.js";
@@ -7415,7 +7420,7 @@ var require_crypto = __commonJS((exports, module) => {
   var ChaChaPolyDecipher;
   var GenericDecipher;
   try {
-    binding = (()=>{throw new Error("Cannot require module "+"./crypto/build/Release/sshcrypto.node");})();
+    binding = require_sshcrypto();
     ({
       AESGCMCipher,
       ChaChaPolyCipher,
@@ -54955,6 +54960,15 @@ var init_python = __esm(() => {
 });
 
 // src/runtime/index.ts
+var exports_runtime = {};
+__export(exports_runtime, {
+  bashAdapter: () => bashAdapter,
+  RuntimeRegistry: () => RuntimeRegistry,
+  PythonAdapter: () => PythonAdapter,
+  NodeAdapter: () => NodeAdapter,
+  DenoAdapter: () => DenoAdapter,
+  BunAdapter: () => BunAdapter
+});
 var init_runtime = __esm(() => {
   init_adapter();
   init_bash();
@@ -55250,6 +55264,10 @@ function extractFromTar(tarBuffer, targetPath) {
 }
 
 // src/engine/docker.ts
+var exports_docker = {};
+__export(exports_docker, {
+  DockerIsol8: () => DockerIsol8
+});
 import { randomUUID } from "node:crypto";
 import { PassThrough } from "node:stream";
 async function writeFileViaExec(container, filePath, content) {
@@ -55945,6 +55963,125 @@ var init_docker = __esm(() => {
   MAX_OUTPUT_BYTES = 1024 * 1024;
 });
 
+// package.json
+var package_default;
+var init_package = __esm(() => {
+  package_default = {
+    name: "isol8",
+    version: "0.6.0",
+    description: "Secure code execution engine for AI agents",
+    author: "Illusion47586",
+    license: "MIT",
+    repository: {
+      type: "git",
+      url: "https://github.com/Illusion47586/isol8.git"
+    },
+    homepage: "https://github.com/Illusion47586/isol8",
+    bugs: {
+      url: "https://github.com/Illusion47586/isol8/issues"
+    },
+    keywords: [
+      "sandbox",
+      "docker",
+      "code-execution",
+      "isolation",
+      "security",
+      "ai-agents",
+      "container",
+      "runtime"
+    ],
+    type: "module",
+    main: "./dist/index.js",
+    types: "./dist/index.d.ts",
+    exports: {
+      ".": {
+        import: "./dist/index.js",
+        types: "./dist/index.d.ts"
+      },
+      "./schema": "./schema/isol8.config.schema.json"
+    },
+    bin: {
+      isol8: "./dist/cli.js"
+    },
+    scripts: {
+      dev: "bun run src/cli.ts",
+      build: "bun run scripts/build.ts",
+      "build:server": "bun run scripts/build-server.ts",
+      "build:server:all": "bun run scripts/build-server.ts --all",
+      test: "bun test",
+      "lint:check": "ultracite check",
+      "lint:fix": "ultracite fix",
+      bench: "bunx tsx benchmarks/spawn.ts",
+      "bench:pool": "bunx tsx benchmarks/spawn-pool.ts",
+      "bench:detailed": "bunx tsx benchmarks/spawn-detailed.ts",
+      "docs:dev": "cd docs && mint dev",
+      "docs:validate": "cd docs && mint validate",
+      "docs:broken-links": "cd docs && mint broken-links",
+      schema: "ts-json-schema-generator --path src/types.ts --type Isol8UserConfig --tsconfig tsconfig.json -o schema/isol8.config.schema.json && ultracite fix schema/isol8.config.schema.json",
+      "publish:alpha": "bun run build && bun publish --tag alpha --access public --ignore-scripts",
+      prepare: "simple-git-hooks"
+    },
+    dependencies: {
+      commander: "^14.0.3",
+      dockerode: "^4.0.9",
+      hono: "^4.11.9",
+      ora: "^9.3.0"
+    },
+    devDependencies: {
+      "@biomejs/biome": "^2.3.15",
+      "@semantic-release/changelog": "^6.0.3",
+      "@semantic-release/git": "^10.0.1",
+      "@semantic-release/github": "^12.0.6",
+      "@semantic-release/npm": "^13.1.4",
+      "@types/bun": "latest",
+      "@types/dockerode": "^4.0.1",
+      "@types/node": "^25.2.3",
+      "lint-staged": "^16.2.7",
+      mint: "^4.2.348",
+      "semantic-release": "^25.0.3",
+      "simple-git-hooks": "^2.13.1",
+      "ts-json-schema-generator": "^2.5.0",
+      typescript: "^5.9.3",
+      ultracite: "^7.2.0"
+    },
+    files: [
+      "dist/cli.js",
+      "dist/index.js",
+      "dist/src",
+      "dist/docker",
+      "schema",
+      "README.md",
+      "LICENSE"
+    ],
+    jsonValidation: [
+      {
+        fileMatch: "isol8.config.json",
+        url: "./schema/isol8.config.schema.json"
+      }
+    ],
+    "simple-git-hooks": {
+      "pre-commit": "bun run lint-staged"
+    },
+    "lint-staged": {
+      "*.{ts,tsx}": [
+        "ultracite fix",
+        "bash -c 'bunx tsc --noEmit -p tsconfig.json'"
+      ],
+      "src/types.ts": [
+        "bash -c 'bun run schema'",
+        "git add schema/isol8.config.schema.json"
+      ]
+    }
+  };
+});
+
+// src/version.ts
+var VERSION;
+var init_version = __esm(() => {
+  init_package();
+  VERSION = package_default.version;
+});
+
 // node_modules/hono/dist/compose.js
 var compose = (middleware, onError, onNotFound) => {
   return (context, next) => {
@@ -57556,12 +57693,14 @@ var exports_server = {};
 __export(exports_server, {
   createServer: () => createServer
 });
-function createServer(options) {
+async function createServer(options) {
+  const { DockerIsol8: DockerIsol82 } = await Promise.resolve().then(() => (init_docker(), exports_docker));
+  await Promise.resolve().then(() => (init_runtime(), exports_runtime));
   const config = loadConfig();
   const app = new Hono2;
   const globalSemaphore = new Semaphore(config.maxConcurrent);
   app.use("*", authMiddleware(options.apiKey));
-  app.get("/health", (c) => c.json({ status: "ok", version: "0.1.0" }));
+  app.get("/health", (c) => c.json({ status: "ok", version: VERSION }));
   app.post("/execute", async (c) => {
     const body = await c.req.json();
     const engineOptions = {
@@ -57581,12 +57720,12 @@ function createServer(options) {
         engine = session.engine;
         session.lastAccessedAt = Date.now();
       } else {
-        engine = new DockerIsol8(engineOptions, config.maxConcurrent);
+        engine = new DockerIsol82(engineOptions, config.maxConcurrent);
         await engine.start();
         sessions.set(body.sessionId, { engine, lastAccessedAt: Date.now() });
       }
     } else {
-      engine = new DockerIsol8(engineOptions, config.maxConcurrent);
+      engine = new DockerIsol82(engineOptions, config.maxConcurrent);
       await engine.start();
     }
     try {
@@ -57618,7 +57757,7 @@ function createServer(options) {
       ...body.options,
       mode: "ephemeral"
     };
-    const engine = new DockerIsol8(engineOptions, config.maxConcurrent);
+    const engine = new DockerIsol82(engineOptions, config.maxConcurrent);
     await engine.start();
     const encoder = new TextEncoder;
     const stream = new ReadableStream({
@@ -57711,14 +57850,21 @@ var sessions;
 var init_server = __esm(() => {
   init_dist();
   init_config();
-  init_docker();
-  init_runtime();
+  init_version();
   sessions = new Map;
 });
 
 // src/cli.ts
-import { existsSync as existsSync3, readFileSync as readFileSync2, writeFileSync } from "node:fs";
-import { homedir as homedir2 } from "node:os";
+import {
+  chmodSync,
+  existsSync as existsSync3,
+  mkdirSync,
+  readFileSync as readFileSync2,
+  renameSync,
+  unlinkSync,
+  writeFileSync
+} from "node:fs";
+import { arch, homedir as homedir2, platform } from "node:os";
 import { join as join2, resolve as resolve2 } from "node:path";
 
 // node_modules/commander/esm.mjs
@@ -61216,8 +61362,9 @@ ${installCmd}
 
 // src/cli.ts
 init_runtime();
+init_version();
 var program2 = new Command;
-program2.name("isol8").description("Secure code execution engine").version("0.1.0");
+program2.name("isol8").description("Secure code execution engine").version(VERSION);
 program2.command("setup").description("Check Docker and build isol8 images").option("--python <packages>", "Additional Python packages (comma-separated)").option("--node <packages>", "Additional Node.js packages (comma-separated)").option("--bun <packages>", "Additional Bun packages (comma-separated)").option("--deno <packages>", "Additional Deno packages (comma-separated)").option("--bash <packages>", "Additional Bash packages (comma-separated)").action(async (opts) => {
   const docker = new import_dockerode2.default;
   const spinner = ora("Checking Docker...").start();
@@ -61361,29 +61508,141 @@ program2.command("run").description("Execute code in isol8").argument("[file]",
     process.exit(exitCode);
   }
 });
-program2.command("serve").description("Start the isol8 remote server").option("-p, --port <port>", "Port to listen on", "3000").option("-k, --key <key>", "API key for authentication").action(async (opts) => {
-  const isBun = typeof globalThis.Bun !== "undefined";
-  if (!isBun) {
-    console.error("[ERR] The serve command requires Bun runtime.");
-    console.error("      Install Bun: https://bun.sh");
-    console.error("      Then run: bun run src/cli.ts serve");
-    process.exit(1);
-  }
+program2.command("serve").description("Start the isol8 remote server").option("-p, --port <port>", "Port to listen on", "3000").option("-k, --key <key>", "API key for authentication").option("--update", "Force re-download the server binary").action(async (opts) => {
   const apiKey = opts.key ?? process.env.ISOL8_API_KEY;
   if (!apiKey) {
     console.error("[ERR] API key required. Use --key or ISOL8_API_KEY env var.");
     process.exit(1);
   }
   const port = Number.parseInt(opts.port, 10);
-  const { createServer: createServer2 } = await Promise.resolve().then(() => (init_server(), exports_server));
-  const server = createServer2({ port, apiKey });
-  console.log(`[INFO] isol8 server listening on http://localhost:${port}`);
-  console.log("   Auth: Bearer token required");
-  Bun.serve({
-    fetch: server.app.fetch,
-    port
+  if (typeof globalThis.Bun !== "undefined") {
+    const { createServer: createServer2 } = await Promise.resolve().then(() => (init_server(), exports_server));
+    const server = await createServer2({ port, apiKey });
+    console.log(`[INFO] isol8 server v${VERSION} listening on http://localhost:${port}`);
+    console.log("       Auth: Bearer token required");
+    Bun.serve({ fetch: server.app.fetch, port });
+    return;
+  }
+  const binaryPath = await ensureServerBinary(opts.update ?? false);
+  const { spawn: spawnChild } = await import("node:child_process");
+  const child = spawnChild(binaryPath, ["--port", String(port), "--key", apiKey], {
+    stdio: "inherit"
+  });
+  const forwardSignal = (signal) => {
+    child.kill(signal);
+  };
+  process.on("SIGINT", () => forwardSignal("SIGINT"));
+  process.on("SIGTERM", () => forwardSignal("SIGTERM"));
+  child.on("exit", (code) => {
+    process.exit(code ?? 0);
   });
 });
+function getServerBinaryName() {
+  const os2 = platform();
+  const cpu = arch();
+  const osMap = {
+    darwin: "darwin",
+    linux: "linux",
+    win32: "windows"
+  };
+  const archMap = {
+    arm64: "arm64",
+    aarch64: "arm64",
+    x64: "x64",
+    x86_64: "x64"
+  };
+  const resolvedOs = osMap[os2];
+  const resolvedArch = archMap[cpu];
+  if (!(resolvedOs && resolvedArch)) {
+    console.error(`[ERR] Unsupported platform: ${os2}-${cpu}`);
+    process.exit(1);
+  }
+  return `isol8-server-${resolvedOs}-${resolvedArch}`;
+}
+async function getServerBinaryVersion(binaryPath) {
+  if (!existsSync3(binaryPath)) {
+    return null;
+  }
+  try {
+    const { execFileSync } = await import("node:child_process");
+    const output = execFileSync(binaryPath, ["--version"], {
+      encoding: "utf-8",
+      timeout: 5000
+    });
+    return output.trim();
+  } catch {
+    return null;
+  }
+}
+async function downloadServerBinary(binaryPath) {
+  const binaryName = getServerBinaryName();
+  const url = `https://github.com/Illusion47586/isol8/releases/download/v${VERSION}/${binaryName}`;
+  const spinner = ora(`Downloading isol8 server v${VERSION}...`).start();
+  try {
+    const response = await fetch(url, { redirect: "follow" });
+    if (!response.ok) {
+      spinner.fail(`Failed to download server binary (HTTP ${response.status})`);
+      if (response.status === 404) {
+        console.error(`[ERR] No server binary found for v${VERSION} (${binaryName}).`);
+        console.error("      Server binaries may not be available for this version yet.");
+        console.error(`      URL: ${url}`);
+      }
+      process.exit(1);
+    }
+    const binDir = join2(homedir2(), ".isol8", "bin");
+    mkdirSync(binDir, { recursive: true });
+    const tmpPath = `${binaryPath}.tmp`;
+    const buffer = Buffer.from(await response.arrayBuffer());
+    writeFileSync(tmpPath, buffer);
+    chmodSync(tmpPath, 493);
+    renameSync(tmpPath, binaryPath);
+    spinner.succeed(`Downloaded isol8 server v${VERSION}`);
+  } catch (err) {
+    spinner.fail("Failed to download server binary");
+    const tmpPath = `${binaryPath}.tmp`;
+    if (existsSync3(tmpPath)) {
+      unlinkSync(tmpPath);
+    }
+    throw err;
+  }
+}
+async function promptYesNo(question) {
+  const readline = await import("node:readline");
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  const answer = await new Promise((resolve3) => {
+    rl.question(question, resolve3);
+  });
+  rl.close();
+  const normalized = answer.trim().toLowerCase();
+  return normalized === "" || normalized === "y" || normalized === "yes";
+}
+async function ensureServerBinary(forceUpdate) {
+  const binDir = join2(homedir2(), ".isol8", "bin");
+  const binaryPath = join2(binDir, "isol8-server");
+  if (forceUpdate) {
+    await downloadServerBinary(binaryPath);
+    return binaryPath;
+  }
+  const existingVersion = await getServerBinaryVersion(binaryPath);
+  if (existingVersion === null) {
+    await downloadServerBinary(binaryPath);
+    return binaryPath;
+  }
+  if (existingVersion === VERSION) {
+    return binaryPath;
+  }
+  console.log(`Server binary v${existingVersion} found, but CLI is v${VERSION}.`);
+  const shouldUpdate = await promptYesNo("Download updated binary? [Y/n] ");
+  if (shouldUpdate) {
+    await downloadServerBinary(binaryPath);
+  } else {
+    console.warn(`[WARN] Running server v${existingVersion} (CLI is v${VERSION})`);
+  }
+  return binaryPath;
+}
 program2.command("config").description("Show the resolved isol8 configuration").option("--json", "Output as raw JSON").action((opts) => {
   const config = loadConfig();
   const searchPaths = [
@@ -61600,4 +61859,4 @@ if (!process.argv.slice(2).length) {
 }
 program2.parse();
 
-//# debugId=E350C5AB2EA12EB364756E2164756E21
+//# debugId=05A7CFDAF922346964756E2164756E21