isol8 0.6.2 → 0.8.0

package/README.md

@@ -1,5 +1,10 @@
 # isol8
 
+[![CI](https://github.com/Illusion47586/isol8/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/Illusion47586/isol8/actions/workflows/ci.yml)
+[![Coverage](https://raw.githubusercontent.com/Illusion47586/isol8/main/coverage/coverage-badge.svg)](https://github.com/Illusion47586/isol8/actions)
+[![npm](https://img.shields.io/npm/v/isol8)](https://www.npmjs.com/package/isol8)
+[![license](https://img.shields.io/npm/l/isol8)](./LICENSE)
+
 Secure code execution engine for AI agents. Run untrusted Python, Node.js, Bun, Deno, and Bash code inside locked-down Docker containers with network filtering, resource limits, and output controls.
 
 ## Features
@@ -177,7 +182,7 @@ const result = await isol8.execute({
 
 console.log(result.stdout);  // "Hello from isol8!"
 console.log(result.exitCode); // 0
-console.log(result.durationMs); // ~55-95ms (warm pool)
+console.log(result.durationMs); // ~38-69ms (warm pool)
 
 await isol8.stop();
 ```
@@ -304,9 +309,14 @@ Add the `$schema` property to get autocompletion, validation, and inline documen
     "autoPrune": true,
     "maxContainerAgeMs": 3600000
   },
+  "dependencies": {
+    "python": ["numpy", "pandas"],
   "dependencies": {
     "python": ["numpy", "pandas"],
     "node": ["lodash"]
+  },
+  "security": {
+    "seccomp": "safety"
   }
 }
 ```
@@ -323,11 +333,11 @@ Each run creates a new `DockerIsol8` instance, executes, and tears down.
 
 | Runtime | Min | Median | Max | Avg |
 |---------|-----|--------|-----|-----|
-| Python | 148ms | 155ms | 414ms | 239ms |
-| Node.js | 152ms | 155ms | 186ms | 165ms |
-| Bun | 124ms | 145ms | 260ms | 176ms |
-| Deno | 339ms | 372ms | 626ms | 446ms |
-| Bash | 115ms | 123ms | 148ms | 128ms |
+| Python | 111ms | 120ms | 188ms | 140ms |
+| Node.js | 114ms | 126ms | 178ms | 130ms |
+| Bun | 104ms | 121ms | 196ms | 139ms |
+| Deno | 112ms | 122ms | 199ms | 139ms |
+| Bash | 104ms | 114ms | 152ms | 121ms |
 
 ### Warm Pool (reused engine)
 
@@ -335,11 +345,11 @@ A single `DockerIsol8` instance reused across 5 runs. The first run is cold (poo
 
 | Runtime | Cold | Warm Avg | Warm Min | Speedup |
 |---------|------|----------|----------|---------|
-| Python | 285ms | 95ms | 89ms | 3.2x |
-| Node.js | 177ms | 91ms | 76ms | 2.3x |
-| Bun | 157ms | 72ms | 66ms | 2.4x |
-| Deno | 330ms | 264ms | 231ms | 1.4x |
-| Bash | 222ms | 68ms | 55ms | 4.0x |
+| Python | 198ms | 56ms | 49ms | 4.1x |
+| Node.js | 145ms | 69ms | 60ms | 2.4x |
+| Bun | 152ms | 51ms | 45ms | 3.4x |
+| Deno | 128ms | 62ms | 54ms | 2.4x |
+| Bash | 124ms | 43ms | 38ms | 3.3x |
 
 ### Execution Phase Breakdown
 
@@ -347,10 +357,10 @@ Where time is spent in the container lifecycle (raw Docker API, no pool):
 
 | Runtime | Create | Start | Write | Exec Setup | Run | Cleanup | Total |
 |---------|--------|-------|-------|------------|-----|---------|-------|
-| Python | 41ms | 49ms | 17ms | 1ms | 40ms | 43ms | 190ms |
-| Node.js | 32ms | 63ms | 34ms | 1ms | 39ms | 43ms | 212ms |
-| Bun | 32ms | 56ms | 26ms | 1ms | 27ms | 44ms | 186ms |
-| Bash | 35ms | 69ms | 23ms | 1ms | 20ms | 48ms | 196ms |
+| Python | 69ms | 52ms | 19ms | 1ms | 22ms | 51ms | 213ms |
+| Node.js | 47ms | 41ms | 15ms | 1ms | 30ms | 36ms | 169ms |
+| Bun | 55ms | 42ms | 15ms | 1ms | 18ms | 37ms | 166ms |
+| Bash | 50ms | 50ms | 14ms | 1ms | 13ms | 43ms | 172ms |
 
 Run benchmarks yourself:
 
@@ -365,11 +375,12 @@ bun run bench:detailed   # Phase breakdown
 | Layer | Protection |
 |-------|-----------|
 | **Filesystem** | Read-only root, writable `/sandbox` (tmpfs, 512MB, exec allowed), writable `/tmp` (tmpfs, 256MB, noexec) |
-| **Processes** | PID limit (default 64), `no-new-privileges` |
+| **Processes** | PID limit (default 64), `no-new-privileges`, non-root `sandbox` user, all user processes killed between pool reuses |
 | **Resources** | CPU (1 core), memory (512MB), execution timeout (30s) |
 | **Network** | Disabled by default; optional proxy-based filtering |
 | **Output** | Truncated at 1MB; secrets masked from stdout/stderr |
 | **Isolation** | Each execution in its own container (ephemeral) or exec (persistent) |
+| **Seccomp** | Default "safety" profile blocks dangerous syscalls (mount, swap, ptrace) but allows others for compatibility; configurable via `security.seccomp` |
 
 ### Container Filesystem
 

package/dist/cli.js

@@ -6929,6 +6929,11 @@ var require_utils2 = __commonJS((exports, module) => {
   };
 });
 
+// node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node
+var require_sshcrypto = __commonJS((exports, module) => {
+  module.exports = __require("./sshcrypto-0209sx47.node");
+});
+
 // node_modules/ssh2/lib/protocol/crypto/poly1305.js
 var require_poly1305 = __commonJS((exports, module) => {
   var __dirname = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib/protocol/crypto", __filename = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib/protocol/crypto/poly1305.js";
@@ -7415,7 +7420,7 @@ var require_crypto = __commonJS((exports, module) => {
   var ChaChaPolyDecipher;
   var GenericDecipher;
   try {
-    binding = (()=>{throw new Error("Cannot require module "+"./crypto/build/Release/sshcrypto.node");})();
+    binding = require_sshcrypto();
     ({
       AESGCMCipher,
       ChaChaPolyCipher,
@@ -54794,6 +54799,10 @@ function mergeConfig(defaults, overrides) {
       ...defaults.dependencies,
       ...overrides.dependencies
     },
+    security: {
+      seccomp: overrides.security?.seccomp ?? defaults.security.seccomp,
+      customProfilePath: overrides.security?.customProfilePath ?? defaults.security.customProfilePath
+    },
     debug: overrides.debug ?? defaults.debug
   };
 }
@@ -54818,6 +54827,9 @@ var init_config = __esm(() => {
       maxContainerAgeMs: 3600000
     },
     dependencies: {},
+    security: {
+      seccomp: "strict"
+    },
     debug: false
   };
 });
@@ -55075,6 +55087,15 @@ class ContainerPool {
       return;
     }
     try {
+      const killExec = await container.exec({
+        Cmd: ["sh", "-c", "pkill -9 -u sandbox 2>/dev/null; true"]
+      });
+      await killExec.start({ Detach: true });
+      let killInfo = await killExec.inspect();
+      while (killInfo.Running) {
+        await new Promise((r) => setTimeout(r, 5));
+        killInfo = await killExec.inspect();
+      }
       const cleanExec = await container.exec({
         Cmd: ["sh", "-c", "rm -rf /sandbox/* /sandbox/.[!.]* 2>/dev/null; true"]
       });
@@ -55259,12 +55280,14 @@ __export(exports_docker, {
   DockerIsol8: () => DockerIsol8
 });
 import { randomUUID } from "node:crypto";
+import { existsSync as existsSync2, readFileSync as readFileSync2 } from "node:fs";
 import { PassThrough } from "node:stream";
 async function writeFileViaExec(container, filePath, content) {
   const data = typeof content === "string" ? Buffer.from(content, "utf-8") : content;
   const b64 = data.toString("base64");
   const exec = await container.exec({
-    Cmd: ["sh", "-c", `printf '%s' '${b64}' | base64 -d > ${filePath}`]
+    Cmd: ["sh", "-c", `printf '%s' '${b64}' | base64 -d > ${filePath}`],
+    User: "sandbox"
   });
   await exec.start({ Detach: true });
   let info2 = await exec.inspect();
@@ -55280,7 +55303,8 @@ async function readFileViaExec(container, filePath) {
   const exec = await container.exec({
     Cmd: ["base64", filePath],
     AttachStdout: true,
-    AttachStderr: true
+    AttachStderr: true,
+    User: "sandbox"
   });
   const stream = await exec.start({ Tty: false });
   const chunks = [];
@@ -55375,7 +55399,8 @@ async function installPackages(container, runtime, packages) {
     Cmd: cmd,
     AttachStdout: true,
     AttachStderr: true,
-    Env: env2
+    Env: env2,
+    User: runtime === "bash" ? "root" : "sandbox"
   });
   const stream = await exec.start({ Detach: false, Tty: false });
   return new Promise((resolve2, reject) => {
@@ -55418,6 +55443,7 @@ class DockerIsol8 {
   semaphore;
   sandboxSize;
   tmpSize;
+  security;
   persist;
   container = null;
   persistentRuntime = null;
@@ -55439,6 +55465,7 @@ class DockerIsol8 {
     this.sandboxSize = options.sandboxSize ?? "512m";
     this.tmpSize = options.tmpSize ?? "256m";
     this.persist = options.persist ?? false;
+    this.security = options.security ?? { seccomp: "strict" };
     if (options.debug) {
       logger.setDebug(true);
     }
@@ -55544,7 +55571,8 @@ class DockerIsol8 {
           Env: this.buildEnv(req.env),
           AttachStdout: true,
           AttachStderr: true,
-          WorkingDir: SANDBOX_WORKDIR
+          WorkingDir: SANDBOX_WORKDIR,
+          User: "sandbox"
         });
         const execStream = await exec.start({ Tty: false });
         yield* this.streamExecOutput(execStream, exec, container, timeoutMs);
@@ -55623,7 +55651,8 @@ class DockerIsol8 {
         Env: this.buildEnv(req.env),
         AttachStdout: true,
         AttachStderr: true,
-        WorkingDir: SANDBOX_WORKDIR
+        WorkingDir: SANDBOX_WORKDIR,
+        User: "sandbox"
       });
       const start = performance.now();
       const execStream = await exec.start({ Tty: false });
@@ -55696,7 +55725,8 @@ class DockerIsol8 {
       Env: execEnv,
       AttachStdout: true,
       AttachStderr: true,
-      WorkingDir: SANDBOX_WORKDIR
+      WorkingDir: SANDBOX_WORKDIR,
+      User: "sandbox"
     });
     const start = performance.now();
     const execStream = await exec.start({ Tty: false });
@@ -55766,9 +55796,9 @@ class DockerIsol8 {
       ReadonlyRootfs: this.readonlyRootFs,
       Tmpfs: {
         "/tmp": `rw,noexec,nosuid,nodev,size=${this.tmpSize}`,
-        [SANDBOX_WORKDIR]: `rw,exec,nosuid,nodev,size=${this.sandboxSize}`
+        [SANDBOX_WORKDIR]: `rw,exec,nosuid,nodev,size=${this.sandboxSize},uid=100,gid=101`
       },
-      SecurityOpt: ["no-new-privileges"]
+      SecurityOpt: this.buildSecurityOpts()
     };
     if (this.network === "filtered") {
       config.NetworkMode = "bridge";
@@ -55777,6 +55807,43 @@ class DockerIsol8 {
     }
     return config;
   }
+  buildSecurityOpts() {
+    const opts = ["no-new-privileges"];
+    if (this.security.seccomp === "unconfined") {
+      opts.push("seccomp=unconfined");
+      return opts;
+    }
+    if (this.security.seccomp === "custom" && this.security.customProfilePath) {
+      try {
+        const profile = readFileSync2(this.security.customProfilePath, "utf-8");
+        opts.push(`seccomp=${profile}`);
+      } catch (e) {
+        logger.error(`Failed to load custom seccomp profile: ${e}`);
+      }
+      return opts;
+    }
+    try {
+      const profile = this.loadDefaultSeccompProfile();
+      if (profile) {
+        opts.push(`seccomp=${profile}`);
+      }
+    } catch (e) {
+      logger.error(`Failed to load default seccomp profile: ${e}`);
+    }
+    return opts;
+  }
+  loadDefaultSeccompProfile() {
+    const devPath = new URL("../../docker/seccomp-profile.json", import.meta.url);
+    if (existsSync2(devPath)) {
+      return readFileSync2(devPath, "utf-8");
+    }
+    const prodPath = new URL("./docker/seccomp-profile.json", import.meta.url);
+    if (existsSync2(prodPath)) {
+      return readFileSync2(prodPath, "utf-8");
+    }
+    logger.warn("Could not locate default seccomp profile. Running without seccomp filter.");
+    return null;
+  }
   buildEnv(extra) {
     const env2 = [
       "PYTHONUNBUFFERED=1",
@@ -55958,7 +56025,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "isol8",
-    version: "0.6.1",
+    version: "0.7.0",
     description: "Secure code execution engine for AI agents",
     author: "Illusion47586",
     license: "MIT",
@@ -56019,6 +56086,8 @@ var init_package = __esm(() => {
     },
     devDependencies: {
       "@biomejs/biome": "^2.3.15",
+      "@commitlint/cli": "^20.4.1",
+      "@commitlint/config-conventional": "^20.4.1",
       "@semantic-release/changelog": "^6.0.3",
       "@semantic-release/exec": "^7.1.0",
       "@semantic-release/git": "^10.0.1",
@@ -56051,7 +56120,8 @@ var init_package = __esm(() => {
       }
     ],
     "simple-git-hooks": {
-      "pre-commit": "bun run lint-staged"
+      "pre-commit": "bun run lint-staged",
+      "commit-msg": "bunx commitlint --edit $1"
     },
     "lint-staged": {
       "*.{ts,tsx}": [
@@ -56061,6 +56131,9 @@ var init_package = __esm(() => {
       "src/types.ts": [
         "bash -c 'bun run schema'",
         "git add schema/isol8.config.schema.json"
+      ],
+      "*.{yaml,yml,json}": [
+        "ultracite fix"
       ]
     }
   };
@@ -57881,9 +57954,9 @@ var init_server = __esm(() => {
 // src/cli.ts
 import {
   chmodSync,
-  existsSync as existsSync3,
+  existsSync as existsSync4,
   mkdirSync,
-  readFileSync as readFileSync2,
+  readFileSync as readFileSync3,
   renameSync,
   unlinkSync,
   writeFileSync
@@ -61283,10 +61356,10 @@ init_docker();
 
 // src/engine/image-builder.ts
 init_runtime();
-import { existsSync as existsSync2 } from "node:fs";
+import { existsSync as existsSync3 } from "node:fs";
 function resolveDockerDir() {
   const fromBundled = new URL("../docker", import.meta.url).pathname;
-  if (existsSync2(fromBundled)) {
+  if (existsSync3(fromBundled)) {
     return fromBundled;
   }
   return new URL("../../docker", import.meta.url).pathname;
@@ -61638,7 +61711,7 @@ function getServerBinaryName() {
   return `isol8-server-${resolvedOs}-${resolvedArch}`;
 }
 async function getServerBinaryVersion(binaryPath) {
-  if (!existsSync3(binaryPath)) {
+  if (!existsSync4(binaryPath)) {
     logger.debug(`[Serve] No binary found at ${binaryPath}`);
     return null;
   }
@@ -61683,7 +61756,7 @@ async function downloadServerBinary(binaryPath) {
   } catch (err) {
     spinner.fail("Failed to download server binary");
     const tmpPath = `${binaryPath}.tmp`;
-    if (existsSync3(tmpPath)) {
+    if (existsSync4(tmpPath)) {
       unlinkSync(tmpPath);
     }
     throw err;
@@ -61737,7 +61810,7 @@ program2.command("config").description("Show the resolved isol8 configuration").
     join2(resolve2(process.cwd()), "isol8.config.json"),
     join2(homedir2(), ".isol8", "config.json")
   ];
-  const loadedFrom = searchPaths.find((p) => existsSync3(p));
+  const loadedFrom = searchPaths.find((p) => existsSync4(p));
   logger.debug(`[Config] Config source: ${loadedFrom ?? "defaults"}`);
   logger.debug(`[Config] Resolved config: ${JSON.stringify(config)}`);
   if (opts.json) {
@@ -61872,11 +61945,11 @@ async function resolveRunInput(file, opts) {
   } else if (file) {
     const filePath = resolve2(file);
     logger.debug(`[Run] Reading file: ${filePath}`);
-    if (!existsSync3(filePath)) {
+    if (!existsSync4(filePath)) {
       console.error(`[ERR] File not found: ${file}`);
       process.exit(1);
     }
-    code = readFileSync2(filePath, "utf-8");
+    code = readFileSync3(filePath, "utf-8");
     if (opts.runtime) {
       runtime = opts.runtime;
       logger.debug(`[Run] Runtime specified: ${runtime}`);
@@ -61959,4 +62032,4 @@ if (!process.argv.slice(2).length) {
 }
 program2.parse();
 
-//# debugId=21709D38E9A7C3B264756E2164756E21
+//# debugId=BD6BAC9840A8A53E64756E2164756E21

package/dist/docker/Dockerfile

@@ -1,6 +1,7 @@
 # ── Base ──────────────────────────────────────────────────────────────
 FROM alpine:3.21 AS base
-RUN apk add --no-cache tini curl ca-certificates
+RUN apk add --no-cache tini curl ca-certificates \
+    && addgroup -S sandbox && adduser -S sandbox -G sandbox -h /sandbox
 COPY proxy.mjs /usr/local/bin/proxy.mjs
 RUN chmod +x /usr/local/bin/proxy.mjs
 WORKDIR /sandbox
@@ -26,7 +27,8 @@ CMD ["bun"]
 
 # ── Deno ──────────────────────────────────────────────────────────────
 FROM denoland/deno:alpine AS deno
-RUN apk add --no-cache tini curl ca-certificates
+RUN apk add --no-cache tini curl ca-certificates \
+    && addgroup -S sandbox && adduser -S sandbox -G sandbox -h /sandbox
 COPY proxy.mjs /usr/local/bin/proxy.mjs
 RUN chmod +x /usr/local/bin/proxy.mjs
 WORKDIR /sandbox

package/dist/docker/seccomp-profile.json

@@ -0,0 +1,67 @@
+{
+  "defaultAction": "SCMP_ACT_ALLOW",
+  "architectures": [
+    "SCMP_ARCH_X86_64",
+    "SCMP_ARCH_X86",
+    "SCMP_ARCH_X32",
+    "SCMP_ARCH_AARCH64"
+  ],
+  "syscalls": [
+    {
+      "names": [
+        "acct",
+        "add_key",
+        "bpf",
+        "clock_adjtime",
+        "clock_settime",
+        "create_module",
+        "delete_module",
+        "finit_module",
+        "get_mempolicy",
+        "init_module",
+        "ioperm",
+        "iopl",
+        "kcmp",
+        "kexec_file_load",
+        "kexec_load",
+        "keyctl",
+        "lookup_dcookie",
+        "mbind",
+        "mount",
+        "move_pages",
+        "name_to_handle_at",
+        "open_by_handle_at",
+        "perf_event_open",
+        "pivot_root",
+        "process_vm_readv",
+        "process_vm_writev",
+        "ptrace",
+        "query_module",
+        "quotactl",
+        "reboot",
+        "request_key",
+        "set_mempolicy",
+        "setns",
+        "settimeofday",
+        "stime",
+        "swapon",
+        "swapoff",
+        "sysfs",
+        "syslog",
+        "umount",
+        "umount2",
+        "unshare",
+        "uselib",
+        "userfaultfd",
+        "ustat",
+        "vm86",
+        "vm86old"
+      ],
+      "action": "SCMP_ACT_ERRNO",
+      "args": [],
+      "comment": "",
+      "includes": {},
+      "excludes": {}
+    }
+  ]
+}

package/dist/index.js

@@ -263,6 +263,15 @@ class ContainerPool {
       return;
     }
     try {
+      const killExec = await container.exec({
+        Cmd: ["sh", "-c", "pkill -9 -u sandbox 2>/dev/null; true"]
+      });
+      await killExec.start({ Detach: true });
+      let killInfo = await killExec.inspect();
+      while (killInfo.Running) {
+        await new Promise((r) => setTimeout(r, 5));
+        killInfo = await killExec.inspect();
+      }
       const cleanExec = await container.exec({
         Cmd: ["sh", "-c", "rm -rf /sandbox/* /sandbox/.[!.]* 2>/dev/null; true"]
       });
@@ -439,13 +448,15 @@ __export(exports_docker, {
   DockerIsol8: () => DockerIsol8
 });
 import { randomUUID } from "node:crypto";
+import { existsSync as existsSync2, readFileSync as readFileSync2 } from "node:fs";
 import { PassThrough } from "node:stream";
 import Docker from "dockerode";
 async function writeFileViaExec(container, filePath, content) {
   const data = typeof content === "string" ? Buffer.from(content, "utf-8") : content;
   const b64 = data.toString("base64");
   const exec = await container.exec({
-    Cmd: ["sh", "-c", `printf '%s' '${b64}' | base64 -d > ${filePath}`]
+    Cmd: ["sh", "-c", `printf '%s' '${b64}' | base64 -d > ${filePath}`],
+    User: "sandbox"
   });
   await exec.start({ Detach: true });
   let info = await exec.inspect();
@@ -461,7 +472,8 @@ async function readFileViaExec(container, filePath) {
   const exec = await container.exec({
     Cmd: ["base64", filePath],
     AttachStdout: true,
-    AttachStderr: true
+    AttachStderr: true,
+    User: "sandbox"
   });
   const stream = await exec.start({ Tty: false });
   const chunks = [];
@@ -556,7 +568,8 @@ async function installPackages(container, runtime, packages) {
     Cmd: cmd,
     AttachStdout: true,
     AttachStderr: true,
-    Env: env
+    Env: env,
+    User: runtime === "bash" ? "root" : "sandbox"
   });
   const stream = await exec.start({ Detach: false, Tty: false });
   return new Promise((resolve2, reject) => {
@@ -599,6 +612,7 @@ class DockerIsol8 {
   semaphore;
   sandboxSize;
   tmpSize;
+  security;
   persist;
   container = null;
   persistentRuntime = null;
@@ -620,6 +634,7 @@ class DockerIsol8 {
     this.sandboxSize = options.sandboxSize ?? "512m";
     this.tmpSize = options.tmpSize ?? "256m";
     this.persist = options.persist ?? false;
+    this.security = options.security ?? { seccomp: "strict" };
     if (options.debug) {
       logger.setDebug(true);
     }
@@ -725,7 +740,8 @@ class DockerIsol8 {
           Env: this.buildEnv(req.env),
           AttachStdout: true,
           AttachStderr: true,
-          WorkingDir: SANDBOX_WORKDIR
+          WorkingDir: SANDBOX_WORKDIR,
+          User: "sandbox"
         });
         const execStream = await exec.start({ Tty: false });
         yield* this.streamExecOutput(execStream, exec, container, timeoutMs);
@@ -804,7 +820,8 @@ class DockerIsol8 {
         Env: this.buildEnv(req.env),
         AttachStdout: true,
         AttachStderr: true,
-        WorkingDir: SANDBOX_WORKDIR
+        WorkingDir: SANDBOX_WORKDIR,
+        User: "sandbox"
       });
       const start = performance.now();
       const execStream = await exec.start({ Tty: false });
@@ -877,7 +894,8 @@ class DockerIsol8 {
       Env: execEnv,
       AttachStdout: true,
       AttachStderr: true,
-      WorkingDir: SANDBOX_WORKDIR
+      WorkingDir: SANDBOX_WORKDIR,
+      User: "sandbox"
     });
     const start = performance.now();
     const execStream = await exec.start({ Tty: false });
@@ -947,9 +965,9 @@ class DockerIsol8 {
       ReadonlyRootfs: this.readonlyRootFs,
       Tmpfs: {
         "/tmp": `rw,noexec,nosuid,nodev,size=${this.tmpSize}`,
-        [SANDBOX_WORKDIR]: `rw,exec,nosuid,nodev,size=${this.sandboxSize}`
+        [SANDBOX_WORKDIR]: `rw,exec,nosuid,nodev,size=${this.sandboxSize},uid=100,gid=101`
       },
-      SecurityOpt: ["no-new-privileges"]
+      SecurityOpt: this.buildSecurityOpts()
     };
     if (this.network === "filtered") {
       config.NetworkMode = "bridge";
@@ -958,6 +976,43 @@ class DockerIsol8 {
     }
     return config;
   }
+  buildSecurityOpts() {
+    const opts = ["no-new-privileges"];
+    if (this.security.seccomp === "unconfined") {
+      opts.push("seccomp=unconfined");
+      return opts;
+    }
+    if (this.security.seccomp === "custom" && this.security.customProfilePath) {
+      try {
+        const profile = readFileSync2(this.security.customProfilePath, "utf-8");
+        opts.push(`seccomp=${profile}`);
+      } catch (e) {
+        logger.error(`Failed to load custom seccomp profile: ${e}`);
+      }
+      return opts;
+    }
+    try {
+      const profile = this.loadDefaultSeccompProfile();
+      if (profile) {
+        opts.push(`seccomp=${profile}`);
+      }
+    } catch (e) {
+      logger.error(`Failed to load default seccomp profile: ${e}`);
+    }
+    return opts;
+  }
+  loadDefaultSeccompProfile() {
+    const devPath = new URL("../../docker/seccomp-profile.json", import.meta.url);
+    if (existsSync2(devPath)) {
+      return readFileSync2(devPath, "utf-8");
+    }
+    const prodPath = new URL("./docker/seccomp-profile.json", import.meta.url);
+    if (existsSync2(prodPath)) {
+      return readFileSync2(prodPath, "utf-8");
+    }
+    logger.warn("Could not locate default seccomp profile. Running without seccomp filter.");
+    return null;
+  }
   buildEnv(extra) {
     const env = [
       "PYTHONUNBUFFERED=1",
@@ -1282,6 +1337,9 @@ var DEFAULT_CONFIG = {
     maxContainerAgeMs: 3600000
   },
   dependencies: {},
+  security: {
+    seccomp: "strict"
+  },
   debug: false
 };
 function loadConfig(cwd) {
@@ -1317,6 +1375,10 @@ function mergeConfig(defaults, overrides) {
       ...defaults.dependencies,
       ...overrides.dependencies
     },
+    security: {
+      seccomp: overrides.security?.seccomp ?? defaults.security.seccomp,
+      customProfilePath: overrides.security?.customProfilePath ?? defaults.security.customProfilePath
+    },
     debug: overrides.debug ?? defaults.debug
   };
 }
@@ -1331,7 +1393,7 @@ init_logger();
 // package.json
 var package_default = {
   name: "isol8",
-  version: "0.6.1",
+  version: "0.7.0",
   description: "Secure code execution engine for AI agents",
   author: "Illusion47586",
   license: "MIT",
@@ -1392,6 +1454,8 @@ var package_default = {
   },
   devDependencies: {
     "@biomejs/biome": "^2.3.15",
+    "@commitlint/cli": "^20.4.1",
+    "@commitlint/config-conventional": "^20.4.1",
     "@semantic-release/changelog": "^6.0.3",
     "@semantic-release/exec": "^7.1.0",
     "@semantic-release/git": "^10.0.1",
@@ -1424,7 +1488,8 @@ var package_default = {
     }
   ],
   "simple-git-hooks": {
-    "pre-commit": "bun run lint-staged"
+    "pre-commit": "bun run lint-staged",
+    "commit-msg": "bunx commitlint --edit $1"
   },
   "lint-staged": {
     "*.{ts,tsx}": [
@@ -1434,6 +1499,9 @@ var package_default = {
     "src/types.ts": [
       "bash -c 'bun run schema'",
       "git add schema/isol8.config.schema.json"
+    ],
+    "*.{yaml,yml,json}": [
+      "ultracite fix"
     ]
   }
 };
@@ -1660,4 +1728,4 @@ export {
   BunAdapter
 };
 
-//# debugId=042AB36FB522926664756E2164756E21
+//# debugId=94A90BFCC4E9D3A764756E2164756E21

package/dist/src/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C;;;GAGG;AACH,QAAA,MAAM,cAAc,EAAE,WAoBrB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,UAAU,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,WAAW,CAepD;AA8BD,OAAO,EAAE,cAAc,EAAE,CAAC"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C;;;GAGG;AACH,QAAA,MAAM,cAAc,EAAE,WAuBrB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,UAAU,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,WAAW,CAepD;AAmCD,OAAO,EAAE,cAAc,EAAE,CAAC"}

package/dist/src/engine/docker.d.ts

@@ -43,6 +43,7 @@ export declare class DockerIsol8 implements Isol8Engine {
     private readonly semaphore;
     private readonly sandboxSize;
     private readonly tmpSize;
+    private readonly security;
     private readonly persist;
     private container;
     private persistentRuntime;
@@ -96,6 +97,8 @@ export declare class DockerIsol8 implements Isol8Engine {
     private startPersistentContainer;
     private getAdapter;
     private buildHostConfig;
+    private buildSecurityOpts;
+    private loadDefaultSeccompProfile;
     private buildEnv;
     private streamExecOutput;
     private collectExecOutput;

package/dist/src/engine/docker.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/engine/docker.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,MAAM,MAAM,WAAW,CAAC;AAG/B,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,WAAW,EAEX,YAAY,EAGZ,WAAW,EACZ,MAAM,UAAU,CAAC;AAgPlB,2HAA2H;AAC3H,MAAM,WAAW,kBAAmB,SAAQ,YAAY;IACtD,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAsB;IACrD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAElC,OAAO,CAAC,SAAS,CAAiC;IAClD,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,IAAI,CAA8B;IAE1C;;;OAGG;gBACS,OAAO,GAAE,kBAAuB,EAAE,aAAa,SAAK;IAuBhE;;;OAGG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAK5B,kFAAkF;IAC5E,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB3B;;;OAGG;IACG,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAW9D;;;;;;;OAOG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAYpE;;;;;;OAMG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAmB5C,6GAA6G;IAC7G,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED;;;OAGG;IACI,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC;YAoFzD,YAAY;YAcZ,gBAAgB;YAwGhB,iBAAiB;YA6FjB,aAAa;YAkBb,oBAAoB;YASpB,wBAAwB;IA2BtC,OAAO,CAAC,UAAU;IAIlB,OAAO,CAAC,eAAe;IAsBvB,OAAO,CAAC,QAAQ;YAmCD,gBAAgB;YA8EjB,iBAAiB;IA8D/B,OAAO,CAAC,iBAAiB;IAYzB;;;;;;;;;;;;;;;;;;;;OAoBG;WACU,OAAO,CAClB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CA2BlE"}
+{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/engine/docker.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,MAAM,MAAM,WAAW,CAAC;AAG/B,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,WAAW,EAEX,YAAY,EAIZ,WAAW,EACZ,MAAM,UAAU,CAAC;AAoPlB,2HAA2H;AAC3H,MAAM,WAAW,kBAAmB,SAAQ,YAAY;IACtD,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAsB;IACrD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IAEjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAElC,OAAO,CAAC,SAAS,CAAiC;IAClD,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,IAAI,CAA8B;IAE1C;;;OAGG;gBACS,OAAO,GAAE,kBAAuB,EAAE,aAAa,SAAK;IAwBhE;;;OAGG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAK5B,kFAAkF;IAC5E,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB3B;;;OAGG;IACG,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAW9D;;;;;;;OAOG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAYpE;;;;;;OAMG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAmB5C,6GAA6G;IAC7G,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED;;;OAGG;IACI,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC;YAqFzD,YAAY;YAcZ,gBAAgB;YAyGhB,iBAAiB;YA8FjB,aAAa;YAkBb,oBAAoB;YASpB,wBAAwB;IA2BtC,OAAO,CAAC,UAAU;IAIlB,OAAO,CAAC,eAAe;IAsBvB,OAAO,CAAC,iBAAiB;IA+BzB,OAAO,CAAC,yBAAyB;IAyBjC,OAAO,CAAC,QAAQ;YAmCD,gBAAgB;YA8EjB,iBAAiB;IA8D/B,OAAO,CAAC,iBAAiB;IAYzB;;;;;;;;;;;;;;;;;;;;OAoBG;WACU,OAAO,CAClB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CA2BlE"}

package/dist/src/engine/pool.d.ts

@@ -37,8 +37,9 @@ export declare class ContainerPool {
      */
     acquire(image: string): Promise<Docker.Container>;
     /**
-     * Return a container to the pool after use. The container's /sandbox
-     * tmpfs is wiped clean so it's ready for the next execution.
+     * Return a container to the pool after use. All processes owned by the
+     * `sandbox` user are killed, and the `/sandbox` tmpfs is wiped clean
+     * so the container is ready for the next execution.
      * If the pool is full, the container is destroyed instead.
      */
     release(container: Docker.Container, image: string): Promise<void>;

package/dist/src/engine/pool.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pool.d.ts","sourceRoot":"","sources":["../../../src/engine/pool.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AAGpC,4CAA4C;AAC5C,MAAM,WAAW,WAAW;IAC1B,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yDAAyD;IACzD,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE,OAAO,CAAC,CAAC;CAC7D;AAOD;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA+C;IAC7E,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAkC;IACxD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAqB;IAClD,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAA4B;gBAEtD,OAAO,EAAE,WAAW;IAMhC;;;;OAIG;IACG,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC;IAcvD;;;;OAIG;IACG,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA+BxE;;;OAGG;IACG,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBxC;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;YAgBd,eAAe;IAW7B,2DAA2D;IAC3D,OAAO,CAAC,SAAS;CAuClB"}
+{"version":3,"file":"pool.d.ts","sourceRoot":"","sources":["../../../src/engine/pool.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AAGpC,4CAA4C;AAC5C,MAAM,WAAW,WAAW;IAC1B,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yDAAyD;IACzD,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE,OAAO,CAAC,CAAC;CAC7D;AAOD;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA+C;IAC7E,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAkC;IACxD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAqB;IAClD,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAA4B;gBAEtD,OAAO,EAAE,WAAW;IAMhC;;;;OAIG;IACG,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC;IAcvD;;;;;OAKG;IACG,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA8CxE;;;OAGG;IACG,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBxC;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;YAgBd,eAAe;IAW7B,2DAA2D;IAC3D,OAAO,CAAC,SAAS;CAuClB"}

package/dist/src/types.d.ts

@@ -156,6 +156,8 @@ export interface Isol8Options {
      * @default false
      */
     persist?: boolean;
+    /** Security settings. */
+    security?: SecurityConfig;
 }
 /**
  * The core isol8 engine abstraction. Both {@link DockerIsol8} and {@link RemoteIsol8}
@@ -245,6 +247,20 @@ export interface Isol8Dependencies {
     /** Bash packages to install via apk (Alpine). */
     bash?: string[];
 }
+/**
+ * Security configuration for the execution environment.
+ */
+export interface SecurityConfig {
+    /**
+     * Seccomp profile mode.
+     * - "strict": Use the default strict profile (default).
+     * - "unconfined": Do not apply any seccomp profile.
+     * - "custom": Use the profile at `customProfilePath`.
+     */
+    seccomp?: "strict" | "unconfined" | "custom";
+    /** Path to a custom seccomp profile JSON file. Required if seccomp is "custom". */
+    customProfilePath?: string;
+}
 /**
  * Top-level configuration schema for isol8.
  *
@@ -265,6 +281,8 @@ export interface Isol8Config {
     cleanup: Isol8Cleanup;
     /** Runtime-specific packages to bake into custom Docker images. */
     dependencies: Isol8Dependencies;
+    /** Security settings. */
+    security: SecurityConfig;
     /** Enable debug logging. @default false */
     debug: boolean;
 }
@@ -287,5 +305,7 @@ export interface Isol8UserConfig {
     cleanup?: Partial<Isol8Cleanup>;
     /** Runtime-specific packages to bake into custom Docker images. */
     dependencies?: Isol8Dependencies;
+    /** Security settings. */
+    security?: SecurityConfig;
 }
 //# sourceMappingURL=types.d.ts.map

package/dist/src/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;;GAQG;AACH,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,CAAC;AAElE;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAC;IAEb,sEAAsE;IACtE,OAAO,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IAExC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;IAEf,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IAEf,gDAAgD;IAChD,QAAQ,EAAE,MAAM,CAAC;IAEjB,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IAEnB,0FAA0F;IAC1F,SAAS,EAAE,OAAO,CAAC;IAEnB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IAEjB,oDAAoD;IACpD,SAAS,EAAE,MAAM,CAAC;IAElB,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC;AAED;;;;GAIG;AACH,MAAM,WAAW,WAAW;IAC1B,wDAAwD;IACxD,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C,0FAA0F;IAC1F,IAAI,EAAE,MAAM,CAAC;CACd;AAID;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,GAAG,WAAW,GAAG,YAAY,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,2CAA2C;IAC3C,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB,yFAAyF;IACzF,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC,mFAAmF;IACnF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,4EAA4E;IAC5E,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,4DAA4D;IAC5D,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,6EAA6E;IAC7E,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,iEAAiE;IACjE,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,wIAAwI;IACxI,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,+EAA+E;IAC/E,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,gEAAgE;IAChE,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB,kEAAkE;IAClE,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtB,0CAA0C;IAC1C,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAEzD;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/D;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvC;;;;;OAKG;IACH,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;CAClE;AAID;;;;;;;;GAQG;AACH,MAAM,WAAW,mBAAmB;IAClC,2FAA2F;IAC3F,SAAS,EAAE,MAAM,EAAE,CAAC;IAEpB,mGAAmG;IACnG,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAID,oDAAoD;AACpD,MAAM,WAAW,aAAa;IAC5B,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;IAClB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,OAAO,EAAE,WAAW,CAAC;IACrB,kEAAkE;IAClE,WAAW,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,yDAAyD;AACzD,MAAM,WAAW,YAAY;IAC3B,oEAAoE;IACpE,SAAS,EAAE,OAAO,CAAC;IACnB,kFAAkF;IAClF,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,oDAAoD;IACpD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,wCAAwC;IACxC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,iDAAiD;IACjD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,WAAW;IAC1B,0EAA0E;IAC1E,aAAa,EAAE,MAAM,CAAC;IAEtB,sDAAsD;IACtD,QAAQ,EAAE,aAAa,CAAC;IAExB,4DAA4D;IAC5D,OAAO,EAAE,mBAAmB,CAAC;IAE7B,gDAAgD;IAChD,OAAO,EAAE,YAAY,CAAC;IAEtB,mEAAmE;IACnE,YAAY,EAAE,iBAAiB,CAAC;IAEhC,2CAA2C;IAC3C,KAAK,EAAE,OAAO,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,wDAAwD;IACxD,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,0EAA0E;IAC1E,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,kFAAkF;IAClF,QAAQ,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAElC,4DAA4D;IAC5D,OAAO,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEvC,4EAA4E;IAC5E,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAEhC,mEAAmE;IACnE,YAAY,CAAC,EAAE,iBAAiB,CAAC;CAClC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;;GAQG;AACH,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,CAAC;AAElE;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAC;IAEb,sEAAsE;IACtE,OAAO,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IAExC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;IAEf,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IAEf,gDAAgD;IAChD,QAAQ,EAAE,MAAM,CAAC;IAEjB,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IAEnB,0FAA0F;IAC1F,SAAS,EAAE,OAAO,CAAC;IAEnB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IAEjB,oDAAoD;IACpD,SAAS,EAAE,MAAM,CAAC;IAElB,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC;AAED;;;;GAIG;AACH,MAAM,WAAW,WAAW;IAC1B,wDAAwD;IACxD,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C,0FAA0F;IAC1F,IAAI,EAAE,MAAM,CAAC;CACd;AAID;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,GAAG,WAAW,GAAG,YAAY,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,2CAA2C;IAC3C,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB,yFAAyF;IACzF,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC,mFAAmF;IACnF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,4EAA4E;IAC5E,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,4DAA4D;IAC5D,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,6EAA6E;IAC7E,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,iEAAiE;IACjE,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,wIAAwI;IACxI,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,+EAA+E;IAC/E,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,yBAAyB;IACzB,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,gEAAgE;IAChE,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB,kEAAkE;IAClE,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtB,0CAA0C;IAC1C,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAEzD;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/D;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvC;;;;;OAKG;IACH,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;CAClE;AAID;;;;;;;;GAQG;AACH,MAAM,WAAW,mBAAmB;IAClC,2FAA2F;IAC3F,SAAS,EAAE,MAAM,EAAE,CAAC;IAEpB,mGAAmG;IACnG,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAID,oDAAoD;AACpD,MAAM,WAAW,aAAa;IAC5B,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;IAClB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,OAAO,EAAE,WAAW,CAAC;IACrB,kEAAkE;IAClE,WAAW,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,yDAAyD;AACzD,MAAM,WAAW,YAAY;IAC3B,oEAAoE;IACpE,SAAS,EAAE,OAAO,CAAC;IACnB,kFAAkF;IAClF,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,oDAAoD;IACpD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,wCAAwC;IACxC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,iDAAiD;IACjD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,OAAO,CAAC,EAAE,QAAQ,GAAG,YAAY,GAAG,QAAQ,CAAC;IAC7C,mFAAmF;IACnF,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,WAAW;IAC1B,0EAA0E;IAC1E,aAAa,EAAE,MAAM,CAAC;IAEtB,sDAAsD;IACtD,QAAQ,EAAE,aAAa,CAAC;IAExB,4DAA4D;IAC5D,OAAO,EAAE,mBAAmB,CAAC;IAE7B,gDAAgD;IAChD,OAAO,EAAE,YAAY,CAAC;IAEtB,mEAAmE;IACnE,YAAY,EAAE,iBAAiB,CAAC;IAEhC,yBAAyB;IACzB,QAAQ,EAAE,cAAc,CAAC;IAEzB,2CAA2C;IAC3C,KAAK,EAAE,OAAO,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,wDAAwD;IACxD,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,0EAA0E;IAC1E,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,kFAAkF;IAClF,QAAQ,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAElC,4DAA4D;IAC5D,OAAO,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEvC,4EAA4E;IAC5E,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAEhC,mEAAmE;IACnE,YAAY,CAAC,EAAE,iBAAiB,CAAC;IAEjC,yBAAyB;IACzB,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "isol8",
-  "version": "0.6.2",
+  "version": "0.8.0",
   "description": "Secure code execution engine for AI agents",
   "author": "Illusion47586",
   "license": "MIT",
@@ -61,6 +61,8 @@
   },
   "devDependencies": {
     "@biomejs/biome": "^2.3.15",
+    "@commitlint/cli": "^20.4.1",
+    "@commitlint/config-conventional": "^20.4.1",
     "@semantic-release/changelog": "^6.0.3",
     "@semantic-release/exec": "^7.1.0",
     "@semantic-release/git": "^10.0.1",
@@ -93,7 +95,8 @@
     }
   ],
   "simple-git-hooks": {
-    "pre-commit": "bun run lint-staged"
+    "pre-commit": "bun run lint-staged",
+    "commit-msg": "bunx commitlint --edit $1"
   },
   "lint-staged": {
     "*.{ts,tsx}": [
@@ -103,6 +106,9 @@
     "src/types.ts": [
       "bash -c 'bun run schema'",
       "git add schema/isol8.config.schema.json"
+    ],
+    "*.{yaml,yml,json}": [
+      "ultracite fix"
     ]
   }
 }

package/schema/isol8.config.schema.json

@@ -140,6 +140,10 @@
             }
           },
           "type": "object"
+        },
+        "security": {
+          "$ref": "#/definitions/SecurityConfig",
+          "description": "Security settings."
         }
       },
       "type": "object"
@@ -148,6 +152,22 @@
       "description": "Network access mode for isol8 containers.\n\n- `\"none\"` — All network access blocked (default, most secure).\n- `\"host\"` — Full host network access (use with caution).\n- `\"filtered\"` — HTTP/HTTPS traffic routed through a proxy that enforces   whitelist/blacklist regex rules on hostnames.",
       "enum": ["none", "host", "filtered"],
       "type": "string"
+    },
+    "SecurityConfig": {
+      "additionalProperties": false,
+      "description": "Security configuration for the execution environment.",
+      "properties": {
+        "customProfilePath": {
+          "description": "Path to a custom seccomp profile JSON file. Required if seccomp is \"custom\".",
+          "type": "string"
+        },
+        "seccomp": {
+          "description": "Seccomp profile mode.\n- \"strict\": Use the default strict profile (default).\n- \"unconfined\": Do not apply any seccomp profile.\n- \"custom\": Use the profile at `customProfilePath`.",
+          "enum": ["strict", "unconfined", "custom"],
+          "type": "string"
+        }
+      },
+      "type": "object"
     }
   }
 }