isol8 0.8.2 → 0.9.0-alpha.0

package/dist/cli.js

@@ -5038,23 +5038,23 @@ var require_nacl_fast = __commonJS((exports, module) => {
       randombytes = fn;
     };
     (function() {
-      var crypto = typeof self !== "undefined" ? self.crypto || self.msCrypto : null;
-      if (crypto && crypto.getRandomValues) {
+      var crypto2 = typeof self !== "undefined" ? self.crypto || self.msCrypto : null;
+      if (crypto2 && crypto2.getRandomValues) {
         var QUOTA = 65536;
         nacl.setPRNG(function(x, n) {
           var i, v = new Uint8Array(n);
           for (i = 0;i < n; i += QUOTA) {
-            crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));
+            crypto2.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA)));
           }
           for (i = 0;i < n; i++)
             x[i] = v[i];
           cleanup(v);
         });
       } else if (true) {
-        crypto = __require("crypto");
-        if (crypto && crypto.randomBytes) {
+        crypto2 = __require("crypto");
+        if (crypto2 && crypto2.randomBytes) {
           nacl.setPRNG(function(x, n) {
-            var i, v = crypto.randomBytes(n);
+            var i, v = crypto2.randomBytes(n);
             for (i = 0;i < n; i++)
               x[i] = v[i];
             cleanup(v);
@@ -6318,7 +6318,7 @@ var require_bcrypt_pbkdf = __commonJS((exports, module) => {
 
 // node_modules/cpu-features/build/Release/cpufeatures.node
 var require_cpufeatures = __commonJS((exports, module) => {
-  module.exports = __require("./cpufeatures-tjjrgpt7.node");
+  module.exports = __require("./cpufeatures-8g73ch7n.node");
 });
 
 // node_modules/cpu-features/lib/index.js
@@ -6329,14 +6329,14 @@ var require_lib2 = __commonJS((exports, module) => {
 
 // node_modules/ssh2/lib/protocol/constants.js
 var require_constants = __commonJS((exports, module) => {
-  var crypto = __require("crypto");
+  var crypto2 = __require("crypto");
   var cpuInfo;
   try {
     cpuInfo = require_lib2()();
   } catch {}
   var { bindingAvailable, CIPHER_INFO, MAC_INFO } = require_crypto();
   var eddsaSupported = (() => {
-    if (typeof crypto.sign === "function" && typeof crypto.verify === "function") {
+    if (typeof crypto2.sign === "function" && typeof crypto2.verify === "function") {
       const key = `-----BEGIN PRIVATE KEY-----\r
 MC4CAQAwBQYDK2VwBCIEIHKj+sVa9WcD` + `/q2DJUJaf43Kptc8xYuUQA4bOFj9vC8T\r
 -----END PRIVATE KEY-----`;
@@ -6344,14 +6344,14 @@ MC4CAQAwBQYDK2VwBCIEIHKj+sVa9WcD` + `/q2DJUJaf43Kptc8xYuUQA4bOFj9vC8T\r
       let sig;
       let verified;
       try {
-        sig = crypto.sign(null, data, key);
-        verified = crypto.verify(null, data, key, sig);
+        sig = crypto2.sign(null, data, key);
+        verified = crypto2.verify(null, data, key, sig);
       } catch {}
       return Buffer.isBuffer(sig) && sig.length === 64 && verified === true;
     }
     return false;
   })();
-  var curve25519Supported = typeof crypto.diffieHellman === "function" && typeof crypto.generateKeyPairSync === "function" && typeof crypto.createPublicKey === "function";
+  var curve25519Supported = typeof crypto2.diffieHellman === "function" && typeof crypto2.generateKeyPairSync === "function" && typeof crypto2.createPublicKey === "function";
   var DEFAULT_KEX = [
     "ecdh-sha2-nistp256",
     "ecdh-sha2-nistp384",
@@ -6386,7 +6386,7 @@ MC4CAQAwBQYDK2VwBCIEIHKj+sVa9WcD` + `/q2DJUJaf43Kptc8xYuUQA4bOFj9vC8T\r
     "ssh-dss"
   ]);
   var canUseCipher = (() => {
-    const ciphers = crypto.getCiphers();
+    const ciphers = crypto2.getCiphers();
     return (name) => ciphers.includes(CIPHER_INFO[name].sslName);
   })();
   var DEFAULT_CIPHER = [
@@ -6421,7 +6421,7 @@ MC4CAQAwBQYDK2VwBCIEIHKj+sVa9WcD` + `/q2DJUJaf43Kptc8xYuUQA4bOFj9vC8T\r
     "arcfour"
   ].filter(canUseCipher));
   var canUseMAC = (() => {
-    const hashes = crypto.getHashes();
+    const hashes = crypto2.getHashes();
     return (name) => hashes.includes(MAC_INFO[name].sslName);
   })();
   var DEFAULT_MAC = [
@@ -6931,12 +6931,12 @@ var require_utils2 = __commonJS((exports, module) => {
 
 // node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node
 var require_sshcrypto = __commonJS((exports, module) => {
-  module.exports = __require("./sshcrypto-0209sx47.node");
+  module.exports = __require("./sshcrypto-f6atjna1.node");
 });
 
 // node_modules/ssh2/lib/protocol/crypto/poly1305.js
 var require_poly1305 = __commonJS((exports, module) => {
-  var __dirname = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib/protocol/crypto", __filename = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib/protocol/crypto/poly1305.js";
+  var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/ssh2/lib/protocol/crypto", __filename = "/Users/dhruv/Developer/Projects/isol8/node_modules/ssh2/lib/protocol/crypto/poly1305.js";
   var createPoly1305 = function() {
     var _scriptDir = typeof document !== "undefined" && document.currentScript ? document.currentScript.src : undefined;
     if (typeof __filename !== "undefined")
@@ -8681,7 +8681,7 @@ ${formatted}-----END ${type} KEY-----`;
       }
       return Buffer.from(hex, "hex");
     }
-    return function genOpenSSLRSAPriv2(n, e, d, iqmp, p, q) {
+    return function genOpenSSLRSAPriv(n, e, d, iqmp, p, q) {
       const bn_d = bigIntFromBuffer(d);
       const dmp1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(p) - 1n));
       const dmq1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(q) - 1n));
@@ -9709,7 +9709,7 @@ ${formatted}-----END ${type} KEY-----`;
 
 // node_modules/ssh2/lib/agent.js
 var require_agent = __commonJS((exports, module) => {
-  var __dirname = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib";
+  var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/ssh2/lib";
   var { Socket } = __require("net");
   var { Duplex } = __require("stream");
   var { resolve } = __require("path");
@@ -21682,7 +21682,7 @@ var require__stream_writable = __commonJS((exports, module) => {
       }
     });
   } else {
-    realHasInstance = function realHasInstance2(object) {
+    realHasInstance = function realHasInstance(object) {
       return object instanceof this;
     };
   }
@@ -22480,28 +22480,28 @@ var require_end_of_stream = __commonJS((exports, module) => {
     callback = once(callback || noop);
     var readable = opts.readable || opts.readable !== false && stream.readable;
     var writable = opts.writable || opts.writable !== false && stream.writable;
-    var onlegacyfinish = function onlegacyfinish2() {
+    var onlegacyfinish = function onlegacyfinish() {
       if (!stream.writable)
         onfinish();
     };
     var writableEnded = stream._writableState && stream._writableState.finished;
-    var onfinish = function onfinish2() {
+    var onfinish = function onfinish() {
       writable = false;
       writableEnded = true;
       if (!readable)
         callback.call(stream);
     };
     var readableEnded = stream._readableState && stream._readableState.endEmitted;
-    var onend = function onend2() {
+    var onend = function onend() {
       readable = false;
       readableEnded = true;
       if (!writable)
         callback.call(stream);
     };
-    var onerror = function onerror2(err) {
+    var onerror = function onerror(err) {
       callback.call(stream, err);
     };
-    var onclose = function onclose2() {
+    var onclose = function onclose() {
       var err;
       if (readable && !readableEnded) {
         if (!stream._readableState || !stream._readableState.ended)
@@ -22514,7 +22514,7 @@ var require_end_of_stream = __commonJS((exports, module) => {
         return callback.call(stream, err);
       }
     };
-    var onrequest = function onrequest2() {
+    var onrequest = function onrequest() {
       stream.req.on("finish", onfinish);
     };
     if (isRequest(stream)) {
@@ -22671,7 +22671,7 @@ var require_async_iterator = __commonJS((exports, module) => {
       });
     });
   }), _Object$setPrototypeO), AsyncIteratorPrototype);
-  var createReadableStreamAsyncIterator = function createReadableStreamAsyncIterator2(stream) {
+  var createReadableStreamAsyncIterator = function createReadableStreamAsyncIterator(stream) {
     var _Object$create;
     var iterator = Object.create(ReadableStreamAsyncIteratorPrototype, (_Object$create = {}, _defineProperty(_Object$create, kStream, {
       value: stream,
@@ -22860,7 +22860,7 @@ var require__stream_readable = __commonJS((exports, module) => {
   var Duplex;
   Readable.ReadableState = ReadableState;
   var EE = __require("events").EventEmitter;
-  var EElistenerCount = function EElistenerCount2(emitter, type) {
+  var EElistenerCount = function EElistenerCount(emitter, type) {
     return emitter.listeners(type).length;
   };
   var Stream = __require("stream");
@@ -22877,7 +22877,7 @@ var require__stream_readable = __commonJS((exports, module) => {
   if (debugUtil && debugUtil.debuglog) {
     debug = debugUtil.debuglog("stream");
   } else {
-    debug = function debug2() {};
+    debug = function debug() {};
   }
   var BufferList = require_buffer_list();
   var destroyImpl = require_destroy();
@@ -25535,14 +25535,14 @@ var require_BufferList = __commonJS((exports, module) => {
     if (srcEnd <= 0) {
       return dst || Buffer2.alloc(0);
     }
-    const copy2 = !!dst;
+    const copy = !!dst;
     const off = this._offset(srcStart);
     const len = srcEnd - srcStart;
     let bytes = len;
-    let bufoff = copy2 && dstStart || 0;
+    let bufoff = copy && dstStart || 0;
     let start = off[1];
     if (srcStart === 0 && srcEnd === this.length) {
-      if (!copy2) {
+      if (!copy) {
         return this._bufs.length === 1 ? this._bufs[0] : Buffer2.concat(this._bufs, this.length);
       }
       for (let i = 0;i < this._bufs.length; i++) {
@@ -25552,9 +25552,9 @@ var require_BufferList = __commonJS((exports, module) => {
       return dst;
     }
     if (bytes <= this._bufs[off[0]].length - start) {
-      return copy2 ? this._bufs[off[0]].copy(dst, dstStart, start, start + bytes) : this._bufs[off[0]].slice(start, start + bytes);
+      return copy ? this._bufs[off[0]].copy(dst, dstStart, start, start + bytes) : this._bufs[off[0]].slice(start, start + bytes);
     }
-    if (!copy2) {
+    if (!copy) {
       dst = Buffer2.allocUnsafe(len);
     }
     for (let i = off[0];i < this._bufs.length; i++) {
@@ -25776,7 +25776,7 @@ var require_bl = __commonJS((exports, module) => {
     }
     if (typeof callback === "function") {
       this._callback = callback;
-      const piper = function piper2(err) {
+      const piper = function piper(err) {
         if (this._callback) {
           this._callback(err);
           this._callback = null;
@@ -34839,7 +34839,7 @@ var require_writer2 = __commonJS((exports, module) => {
     this.tail = this.head;
     this.states = null;
   }
-  var create = function create2() {
+  var create = function create() {
     return util.Buffer ? function create_buffer_setup() {
       return (Writer.create = function create_buffer() {
         return new BufferWriter;
@@ -35063,12 +35063,12 @@ var require_reader2 = __commonJS((exports, module) => {
     if (buffer instanceof Uint8Array || Array.isArray(buffer))
       return new Reader(buffer);
     throw Error("illegal buffer");
-  } : function create_array2(buffer) {
+  } : function create_array(buffer) {
     if (Array.isArray(buffer))
       return new Reader(buffer);
     throw Error("illegal buffer");
   };
-  var create = function create2() {
+  var create = function create() {
     return util.Buffer ? function create_buffer_setup(buffer) {
       return (Reader.create = function create_buffer(buffer2) {
         return util.Buffer.isBuffer(buffer2) ? new BufferReader(buffer2) : create_array(buffer2);
@@ -35494,10 +35494,10 @@ var require_fetch = __commonJS((exports, module) => {
 // node_modules/@protobufjs/path/index.js
 var require_path = __commonJS((exports) => {
   var path = exports;
-  var isAbsolute = path.isAbsolute = function isAbsolute2(path2) {
+  var isAbsolute = path.isAbsolute = function isAbsolute(path2) {
     return /^(?:\/|\w+:)/.test(path2);
   };
-  var normalize = path.normalize = function normalize2(path2) {
+  var normalize = path.normalize = function normalize(path2) {
     path2 = path2.replace(/\\/g, "/").replace(/\/{2,}/g, "/");
     var parts = path2.split("/"), absolute = isAbsolute(path2), prefix = "";
     if (absolute)
@@ -35662,7 +35662,7 @@ var require_namespace = __commonJS((exports, module) => {
     object.onRemove(this);
     return clearCache(this);
   };
-  Namespace.prototype.define = function define2(path, json) {
+  Namespace.prototype.define = function define(path, json) {
     if (util.isString(path))
       path = path.split(".");
     else if (!Array.isArray(path))
@@ -42478,7 +42478,7 @@ var require_src3 = __commonJS((exports) => {
 
 // node_modules/@grpc/grpc-js/build/src/channelz.js
 var require_channelz = __commonJS((exports) => {
-  var __dirname = "/home/runner/work/isol8/isol8/node_modules/@grpc/grpc-js/build/src";
+  var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/@grpc/grpc-js/build/src";
   Object.defineProperty(exports, "__esModule", { value: true });
   exports.registerChannelzSocket = exports.registerChannelzServer = exports.registerChannelzSubchannel = exports.registerChannelzChannel = exports.ChannelzCallTrackerStub = exports.ChannelzCallTracker = exports.ChannelzChildrenTrackerStub = exports.ChannelzChildrenTracker = exports.ChannelzTrace = exports.ChannelzTraceStub = undefined;
   exports.unregisterChannelzRef = unregisterChannelzRef;
@@ -47881,7 +47881,7 @@ var require_duration = __commonJS((exports) => {
 
 // node_modules/@grpc/grpc-js/build/src/orca.js
 var require_orca = __commonJS((exports) => {
-  var __dirname = "/home/runner/work/isol8/isol8/node_modules/@grpc/grpc-js/build/src";
+  var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/@grpc/grpc-js/build/src";
   Object.defineProperty(exports, "__esModule", { value: true });
   exports.OrcaOobMetricsSubchannelWrapper = exports.GRPC_METRICS_HEADER = exports.ServerMetricRecorder = exports.PerRequestMetricRecorder = undefined;
   exports.createOrcaClient = createOrcaClient;
@@ -53270,7 +53270,7 @@ var require_dist = __commonJS((exports) => {
 
 // node_modules/dockerode/lib/session.js
 var require_session = __commonJS((exports, module) => {
-  var __dirname = "/home/runner/work/isol8/isol8/node_modules/dockerode/lib";
+  var __dirname = "/Users/dhruv/Developer/Projects/isol8/node_modules/dockerode/lib";
   var grpc = require_src4();
   var protoLoader = require_src5();
   var path = __require("path");
@@ -54496,7 +54496,7 @@ var require_docker = __commonJS((exports, module) => {
         stream: true,
         stdout: true,
         stderr: true
-      }, function handler2(err2, stream) {
+      }, function handler(err2, stream) {
         if (err2)
           return callback(err2, null, container);
         hub.emit("stream", stream);
@@ -54803,6 +54803,10 @@ function mergeConfig(defaults, overrides) {
       seccomp: overrides.security?.seccomp ?? defaults.security.seccomp,
       customProfilePath: overrides.security?.customProfilePath ?? defaults.security.customProfilePath
     },
+    audit: {
+      ...defaults.audit,
+      ...overrides.audit
+    },
     debug: overrides.debug ?? defaults.debug
   };
 }
@@ -54830,6 +54834,16 @@ var init_config = __esm(() => {
     security: {
       seccomp: "strict"
     },
+    audit: {
+      enabled: false,
+      destination: "filesystem",
+      logDir: undefined,
+      postLogScript: undefined,
+      trackResources: true,
+      retentionDays: 90,
+      includeCode: false,
+      includeOutput: false
+    },
     debug: false
   };
 });
@@ -55022,6 +55036,144 @@ var init_logger = __esm(() => {
   logger = new Logger;
 });
 
+// src/engine/audit.ts
+import { spawn } from "node:child_process";
+import { appendFileSync, existsSync as existsSync2, mkdirSync, readdirSync, statSync, unlinkSync } from "node:fs";
+import { join as join2 } from "node:path";
+
+class AuditLogger {
+  config;
+  auditFile;
+  constructor(config) {
+    this.config = config;
+    const auditDir = config.logDir ?? process.env.ISOL8_AUDIT_DIR ?? join2(process.cwd(), "./.isol8_audit");
+    this.auditFile = join2(auditDir, "executions.log");
+    if (!existsSync2(auditDir)) {
+      try {
+        mkdirSync(auditDir, { recursive: true });
+      } catch (err) {
+        logger.error("Failed to create audit dir:", err);
+      }
+    }
+    this.cleanupOldLogs();
+  }
+  cleanupOldLogs() {
+    if (!this.config.enabled || this.config.retentionDays <= 0) {
+      return;
+    }
+    try {
+      const auditDir = join2(this.auditFile, "..");
+      if (!existsSync2(auditDir)) {
+        return;
+      }
+      const cutoffTime = Date.now() - this.config.retentionDays * 24 * 60 * 60 * 1000;
+      const files = readdirSync(auditDir);
+      let cleanedCount = 0;
+      for (const file of files) {
+        if (file.endsWith(".log") || file.endsWith(".jsonl")) {
+          const filePath = join2(auditDir, file);
+          try {
+            const stats = statSync(filePath);
+            if (stats.mtimeMs < cutoffTime) {
+              unlinkSync(filePath);
+              cleanedCount++;
+              logger.debug(`Cleaned up old audit log: ${file}`);
+            }
+          } catch (err) {
+            logger.debug(`Failed to check/remove old log file ${file}:`, err);
+          }
+        }
+      }
+      if (cleanedCount > 0) {
+        logger.info(`Audit log cleanup: removed ${cleanedCount} old log files`);
+      }
+    } catch (err) {
+      logger.error("Failed to cleanup old audit logs:", err);
+    }
+  }
+  record(audit) {
+    if (!this.config.enabled) {
+      return;
+    }
+    try {
+      const filteredAudit = this.filterAuditData(audit);
+      const line = `${JSON.stringify(filteredAudit)}
+`;
+      switch (this.config.destination) {
+        case "file":
+        case "filesystem":
+          appendFileSync(this.auditFile, line, { encoding: "utf-8" });
+          break;
+        case "stdout":
+          console.log("AUDIT_LOG:", filteredAudit);
+          break;
+        default:
+          logger.error(`Unsupported audit destination: ${this.config.destination}`);
+          return;
+      }
+      logger.debug("Audit record written:", audit.executionId);
+      if (this.config.postLogScript) {
+        this.runPostLogScript();
+      }
+    } catch (err) {
+      logger.error("Failed to write audit record:", err);
+    }
+  }
+  runPostLogScript() {
+    if (!this.config.postLogScript) {
+      return;
+    }
+    try {
+      const child = spawn(this.config.postLogScript, [this.auditFile], {
+        detached: true,
+        stdio: "ignore"
+      });
+      child.on("error", (err) => {
+        logger.error("Failed to run post-log script:", err);
+      });
+      child.unref();
+    } catch (err) {
+      logger.error("Failed to spawn post-log script:", err);
+    }
+  }
+  filterAuditData(audit) {
+    const result = {
+      executionId: audit.executionId,
+      userId: audit.userId,
+      timestamp: audit.timestamp,
+      runtime: audit.runtime,
+      codeHash: audit.codeHash,
+      containerId: audit.containerId,
+      exitCode: audit.exitCode,
+      durationMs: audit.durationMs
+    };
+    if (audit.resourceUsage !== undefined) {
+      result.resourceUsage = audit.resourceUsage;
+    }
+    if (audit.securityEvents !== undefined) {
+      result.securityEvents = audit.securityEvents;
+    }
+    if (audit.metadata !== undefined) {
+      result.metadata = audit.metadata;
+    }
+    if (this.config.includeCode && audit.code !== undefined) {
+      result.code = audit.code;
+    }
+    if (this.config.includeOutput) {
+      if (audit.stdout !== undefined) {
+        result.stdout = audit.stdout;
+      }
+      if (audit.stderr !== undefined) {
+        result.stderr = audit.stderr;
+      }
+    }
+    return result;
+  }
+}
+var init_audit = __esm(() => {
+  init_logger();
+});
+
 // src/engine/concurrency.ts
 class Semaphore {
   max;
@@ -55180,9 +55332,55 @@ var init_pool = __esm(() => {
   init_logger();
 });
 
+// src/engine/stats.ts
+function calculateCPUPercent(stats) {
+  const cpuDelta = stats.cpu_stats.cpu_usage.total_usage - stats.precpu_stats.cpu_usage.total_usage;
+  const systemDelta = stats.cpu_stats.system_cpu_usage - stats.precpu_stats.system_cpu_usage;
+  if (systemDelta === 0 || cpuDelta === 0) {
+    return 0;
+  }
+  const numCores = stats.cpu_stats.online_cpus ?? stats.cpu_stats.cpu_usage.percpu_usage?.length ?? 1;
+  return cpuDelta / systemDelta * numCores * 100;
+}
+function calculateNetworkStats(stats) {
+  if (!stats.networks) {
+    return { in: 0, out: 0 };
+  }
+  let rxBytes = 0;
+  let txBytes = 0;
+  for (const iface of Object.values(stats.networks)) {
+    rxBytes += iface.rx_bytes;
+    txBytes += iface.tx_bytes;
+  }
+  return { in: rxBytes, out: txBytes };
+}
+async function getContainerStats(container) {
+  const stats = await container.stats({
+    stream: false
+  });
+  const cpuPercent = calculateCPUPercent(stats);
+  const memoryBytes = stats.memory_stats.usage;
+  const network = calculateNetworkStats(stats);
+  return {
+    cpuPercent: Math.round(cpuPercent * 100) / 100,
+    memoryMB: Math.round(memoryBytes / (1024 * 1024)),
+    networkBytesIn: network.in,
+    networkBytesOut: network.out
+  };
+}
+function calculateResourceDelta(before, after) {
+  return {
+    cpuPercent: after.cpuPercent,
+    memoryMB: after.memoryMB,
+    networkBytesIn: after.networkBytesIn - before.networkBytesIn,
+    networkBytesOut: after.networkBytesOut - before.networkBytesOut
+  };
+}
+
 // src/engine/utils.ts
 var exports_utils = {};
 __export(exports_utils, {
+  validatePackageName: () => validatePackageName,
   truncateOutput: () => truncateOutput,
   parseMemoryLimit: () => parseMemoryLimit,
   maskSecrets: () => maskSecrets,
@@ -55277,20 +55475,26 @@ function extractFromTar(tarBuffer, targetPath) {
   }
   throw new Error(`File "${targetPath}" not found in tar archive`);
 }
+function validatePackageName(name) {
+  if (!/^[@a-zA-Z0-9_./\-=]+$/.test(name)) {
+    throw new Error(`Invalid package name: "${name}". Only alphanumeric, -, _, ., /, @, and = are allowed.`);
+  }
+  return name;
+}
 
 // src/engine/docker.ts
 var exports_docker = {};
 __export(exports_docker, {
   DockerIsol8: () => DockerIsol8
 });
-import { spawn } from "node:child_process";
+import { spawn as spawn2 } from "node:child_process";
 import { randomUUID } from "node:crypto";
-import { existsSync as existsSync2, readFileSync as readFileSync2 } from "node:fs";
+import { existsSync as existsSync3, readFileSync as readFileSync2 } from "node:fs";
 import { PassThrough } from "node:stream";
 async function writeFileViaExec(container, filePath, content) {
   const data = typeof content === "string" ? Buffer.from(content, "utf-8") : content;
   return new Promise((resolve2, reject) => {
-    const child = spawn("docker", ["exec", "-i", "-u", "sandbox", container.id, "sh", "-c", `cat > ${filePath}`], {
+    const child = spawn2("docker", ["exec", "-i", "-u", "sandbox", container.id, "sh", "-c", `cat > ${filePath}`], {
       stdio: ["pipe", "ignore", "pipe"]
     });
     child.on("error", (err) => {
@@ -55476,6 +55680,7 @@ class DockerIsol8 {
   tmpSize;
   security;
   persist;
+  auditLogger;
   container = null;
   persistentRuntime = null;
   pool = null;
@@ -55497,6 +55702,9 @@ class DockerIsol8 {
     this.tmpSize = options.tmpSize ?? "256m";
     this.persist = options.persist ?? false;
     this.security = options.security ?? { seccomp: "strict" };
+    if (options.audit) {
+      this.auditLogger = new AuditLogger(options.audit);
+    }
     if (options.debug) {
       logger.setDebug(true);
     }
@@ -55520,12 +55728,79 @@ class DockerIsol8 {
   }
   async execute(req) {
     await this.semaphore.acquire();
+    const startTime = Date.now();
     try {
-      return this.mode === "persistent" ? await this.executePersistent(req) : await this.executeEphemeral(req);
+      const result = this.mode === "persistent" ? await this.executePersistent(req, startTime) : await this.executeEphemeral(req, startTime);
+      return result;
     } finally {
       this.semaphore.release();
     }
   }
+  async recordAudit(req, result, startTime, container) {
+    try {
+      const enc = new TextEncoder;
+      const data = enc.encode(req.code);
+      const digest = await crypto.subtle.digest("SHA-256", data);
+      const codeHash = Array.from(new Uint8Array(digest)).map((b) => b.toString(16).padStart(2, "0")).join("");
+      let securityEvents;
+      if (container && this.network === "filtered") {
+        securityEvents = await this.collectSecurityEvents(container);
+        if (securityEvents.length === 0) {
+          securityEvents = undefined;
+        }
+      }
+      const audit = {
+        executionId: result.executionId,
+        userId: req.metadata?.userId || "",
+        timestamp: new Date(startTime).toISOString(),
+        runtime: result.runtime,
+        codeHash,
+        containerId: result.containerId || "",
+        exitCode: result.exitCode,
+        durationMs: result.durationMs,
+        resourceUsage: result.resourceUsage,
+        securityEvents,
+        metadata: req.metadata
+      };
+      this.auditLogger.record(audit);
+    } catch (err) {
+      logger.error("Failed to record audit log:", err);
+    }
+  }
+  async collectSecurityEvents(container) {
+    const events = [];
+    try {
+      const exec = await container.exec({
+        Cmd: ["cat", "/tmp/isol8-proxy/security-events.jsonl"],
+        AttachStdout: true,
+        AttachStderr: false,
+        User: "root"
+      });
+      const stream = await exec.start({ Tty: false });
+      const chunks = [];
+      for await (const chunk of stream) {
+        chunks.push(chunk);
+      }
+      const output = Buffer.concat(chunks).toString("utf-8").trim();
+      if (output) {
+        for (const line of output.split(`
+`)) {
+          if (line.trim()) {
+            try {
+              const event = JSON.parse(line);
+              events.push({
+                type: event.type || "unknown",
+                message: `Security event: ${event.type}`,
+                details: event.details || {},
+                timestamp: event.timestamp || new Date().toISOString()
+              });
+            } catch {}
+          }
+        }
+      }
+    } catch {}
+    return events;
+  }
   async putFile(path, content) {
     if (!this.container) {
       throw new Error("No active container. Call execute() first in persistent mode.");
@@ -55633,7 +55908,7 @@ class DockerIsol8 {
       return adapter.image;
     }
   }
-  async executeEphemeral(req) {
+  async executeEphemeral(req, startTime) {
     const adapter = this.getAdapter(req.runtime);
     const timeoutMs = req.timeoutMs ?? this.defaultTimeoutMs;
     const image = await this.resolveImage(adapter);
@@ -55652,6 +55927,14 @@ class DockerIsol8 {
       });
     }
     const container = await this.pool.acquire(image);
+    let startStats;
+    if (this.auditLogger) {
+      try {
+        startStats = await getContainerStats(container);
+      } catch (err) {
+        logger.debug("Failed to collect baseline stats:", err);
+      }
+    }
     try {
       if (this.network === "filtered") {
         await startProxy(container, this.networkFilter);
@@ -55692,7 +55975,16 @@ class DockerIsol8 {
       const { stdout, stderr, truncated } = await this.collectExecOutput(execStream, container, timeoutMs);
       const durationMs = Math.round(performance.now() - start);
       const inspectResult = await exec.inspect();
-      return {
+      let resourceUsage;
+      if (startStats) {
+        try {
+          const endStats = await getContainerStats(container);
+          resourceUsage = calculateResourceDelta(startStats, endStats);
+        } catch (err) {
+          logger.debug("Failed to collect final stats:", err);
+        }
+      }
+      const result = {
         stdout: this.postProcessOutput(stdout, truncated),
         stderr: this.postProcessOutput(stderr, false),
         exitCode: inspectResult.ExitCode ?? 1,
@@ -55702,8 +55994,13 @@ class DockerIsol8 {
         runtime: req.runtime,
         timestamp: new Date().toISOString(),
         containerId: container.id,
+        ...resourceUsage ? { resourceUsage } : {},
         ...req.outputPaths ? { files: await this.retrieveFiles(container, req.outputPaths) } : {}
       };
+      if (this.auditLogger) {
+        await this.recordAudit(req, result, startTime, container);
+      }
+      return result;
     } finally {
       if (this.persist) {
         logger.debug(`[Persist] Leaving container running for inspection: ${container.id}`);
@@ -55712,7 +56009,7 @@ class DockerIsol8 {
       }
     }
   }
-  async executePersistent(req) {
+  async executePersistent(req, startTime) {
     const adapter = this.getAdapter(req.runtime);
     const timeoutMs = req.timeoutMs ?? this.defaultTimeoutMs;
     if (!this.container) {
@@ -55766,7 +56063,21 @@ class DockerIsol8 {
     const { stdout, stderr, truncated } = await this.collectExecOutput(execStream, this.container, timeoutMs);
     const durationMs = Math.round(performance.now() - start);
     const inspectResult = await exec.inspect();
-    return {
+    let resourceUsage;
+    if (this.auditLogger) {
+      try {
+        const endStats = await getContainerStats(this.container);
+        resourceUsage = {
+          cpuPercent: endStats.cpuPercent,
+          memoryMB: endStats.memoryMB,
+          networkBytesIn: endStats.networkBytesIn,
+          networkBytesOut: endStats.networkBytesOut
+        };
+      } catch (err) {
+        logger.debug("Failed to collect resource stats:", err);
+      }
+    }
+    const result = {
       stdout: this.postProcessOutput(stdout, truncated),
       stderr: this.postProcessOutput(stderr, false),
       exitCode: inspectResult.ExitCode ?? 1,
@@ -55776,8 +56087,13 @@ class DockerIsol8 {
       runtime: req.runtime,
       timestamp: new Date().toISOString(),
       containerId: this.container?.id,
+      ...resourceUsage ? { resourceUsage } : {},
       ...req.outputPaths ? { files: await this.retrieveFiles(this.container, req.outputPaths) } : {}
     };
+    if (this.auditLogger) {
+      await this.recordAudit(req, result, startTime, this.container);
+    }
+    return result;
   }
   async retrieveFiles(container, paths) {
     const files = {};
@@ -55869,11 +56185,11 @@ class DockerIsol8 {
   }
   loadDefaultSeccompProfile() {
     const devPath = new URL("../../docker/seccomp-profile.json", import.meta.url);
-    if (existsSync2(devPath)) {
+    if (existsSync3(devPath)) {
       return readFileSync2(devPath, "utf-8");
     }
     const prodPath = new URL("./docker/seccomp-profile.json", import.meta.url);
-    if (existsSync2(prodPath)) {
+    if (existsSync3(prodPath)) {
       return readFileSync2(prodPath, "utf-8");
     }
     logger.warn("Could not locate default seccomp profile. Running without seccomp filter.");
@@ -56077,10 +56393,11 @@ class DockerIsol8 {
 }
 var import_dockerode, SANDBOX_WORKDIR = "/sandbox", MAX_OUTPUT_BYTES, PROXY_PORT = 8118, PROXY_STARTUP_TIMEOUT_MS = 5000, PROXY_POLL_INTERVAL_MS = 100;
 var init_docker = __esm(() => {
+  import_dockerode = __toESM(require_docker(), 1);
   init_runtime();
   init_logger();
+  init_audit();
   init_pool();
-  import_dockerode = __toESM(require_docker(), 1);
   MAX_OUTPUT_BYTES = 1024 * 1024;
 });
 
@@ -56089,7 +56406,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "isol8",
-    version: "0.8.1",
+    version: "0.9.0",
     description: "Secure code execution engine for AI agents",
     author: "Illusion47586",
     license: "MIT",
@@ -56130,6 +56447,7 @@ var init_package = __esm(() => {
       "build:server": "bun run scripts/build-server.ts",
       "build:server:all": "bun run scripts/build-server.ts --all",
       test: "bun test",
+      "test:prod": "bun test tests/production/",
       "lint:check": "ultracite check",
       "lint:fix": "ultracite fix",
       bench: "bunx tsx benchmarks/spawn.ts",
@@ -57847,7 +58165,8 @@ async function createServer(options) {
       sandboxSize: config.defaults.sandboxSize,
       tmpSize: config.defaults.tmpSize,
       ...body.options,
-      mode: body.sessionId ? "persistent" : "ephemeral"
+      mode: body.sessionId ? "persistent" : "ephemeral",
+      audit: config.audit
     };
     let engine;
     if (body.sessionId) {
@@ -58018,15 +58337,15 @@ var init_server = __esm(() => {
 // src/cli.ts
 import {
   chmodSync,
-  existsSync as existsSync4,
-  mkdirSync,
+  existsSync as existsSync5,
+  mkdirSync as mkdirSync2,
   readFileSync as readFileSync3,
   renameSync,
-  unlinkSync,
+  unlinkSync as unlinkSync2,
   writeFileSync
 } from "node:fs";
 import { arch, homedir as homedir2, platform } from "node:os";
-import { join as join2, resolve as resolve2 } from "node:path";
+import { join as join3, resolve as resolve2 } from "node:path";
 
 // node_modules/commander/esm.mjs
 var import__ = __toESM(require_commander(), 1);
@@ -58623,7 +58942,7 @@ onetime.callCount = (function_) => {
 };
 var onetime_default = onetime;
 
-// node_modules/signal-exit/dist/mjs/signals.js
+// node_modules/restore-cursor/node_modules/signal-exit/dist/mjs/signals.js
 var signals = [];
 signals.push("SIGHUP", "SIGINT", "SIGTERM");
 if (process.platform !== "win32") {
@@ -58633,7 +58952,7 @@ if (process.platform === "linux") {
   signals.push("SIGIO", "SIGPOLL", "SIGPWR", "SIGSTKFLT");
 }
 
-// node_modules/signal-exit/dist/mjs/index.js
+// node_modules/restore-cursor/node_modules/signal-exit/dist/mjs/index.js
 var processOk = (process3) => !!process3 && typeof process3 === "object" && typeof process3.removeListener === "function" && typeof process3.emit === "function" && typeof process3.reallyExit === "function" && typeof process3.listeners === "function" && typeof process3.kill === "function" && typeof process3.pid === "number" && typeof process3.on === "function";
 var kExitEmitter = Symbol.for("signal-exit emitter");
 var global2 = globalThis;
@@ -61420,10 +61739,10 @@ init_docker();
 
 // src/engine/image-builder.ts
 init_runtime();
-import { existsSync as existsSync3 } from "node:fs";
+import { existsSync as existsSync4 } from "node:fs";
 function resolveDockerDir() {
-  const fromBundled = new URL("../docker", import.meta.url).pathname;
-  if (existsSync3(fromBundled)) {
+  const fromBundled = new URL("./docker", import.meta.url).pathname;
+  if (existsSync4(fromBundled)) {
     return fromBundled;
   }
   return new URL("../../docker", import.meta.url).pathname;
@@ -61502,8 +61821,9 @@ async function buildCustomImage(docker, runtime, packages, onProgress) {
   const dockerfileContent = `FROM isol8:${runtime}
 ${installCmd}
 `;
-  const { createTarBuffer: createTarBuffer2 } = await Promise.resolve().then(() => exports_utils);
+  const { createTarBuffer: createTarBuffer2, validatePackageName: validatePackageName2 } = await Promise.resolve().then(() => exports_utils);
   const { Readable } = await import("node:stream");
+  packages.forEach(validatePackageName2);
   const tarBuffer = createTarBuffer2("Dockerfile", dockerfileContent);
   const stream = await docker.buildImage(Readable.from(tarBuffer), {
     t: tag,
@@ -61775,7 +62095,7 @@ function getServerBinaryName() {
   return `isol8-server-${resolvedOs}-${resolvedArch}`;
 }
 async function getServerBinaryVersion(binaryPath) {
-  if (!existsSync4(binaryPath)) {
+  if (!existsSync5(binaryPath)) {
     logger.debug(`[Serve] No binary found at ${binaryPath}`);
     return null;
   }
@@ -61808,8 +62128,8 @@ async function downloadServerBinary(binaryPath) {
       }
       process.exit(1);
     }
-    const binDir = join2(homedir2(), ".isol8", "bin");
-    mkdirSync(binDir, { recursive: true });
+    const binDir = join3(homedir2(), ".isol8", "bin");
+    mkdirSync2(binDir, { recursive: true });
     const tmpPath = `${binaryPath}.tmp`;
     const buffer = Buffer.from(await response.arrayBuffer());
     writeFileSync(tmpPath, buffer);
@@ -61820,8 +62140,8 @@ async function downloadServerBinary(binaryPath) {
   } catch (err) {
     spinner.fail("Failed to download server binary");
     const tmpPath = `${binaryPath}.tmp`;
-    if (existsSync4(tmpPath)) {
-      unlinkSync(tmpPath);
+    if (existsSync5(tmpPath)) {
+      unlinkSync2(tmpPath);
     }
     throw err;
   }
@@ -61840,8 +62160,8 @@ async function promptYesNo(question) {
   return normalized === "" || normalized === "y" || normalized === "yes";
 }
 async function ensureServerBinary(forceUpdate) {
-  const binDir = join2(homedir2(), ".isol8", "bin");
-  const binaryPath = join2(binDir, "isol8-server");
+  const binDir = join3(homedir2(), ".isol8", "bin");
+  const binaryPath = join3(binDir, "isol8-server");
   logger.debug(`[Serve] Binary path: ${binaryPath}, forceUpdate: ${forceUpdate}`);
   if (forceUpdate) {
     logger.debug("[Serve] Force update requested");
@@ -61871,10 +62191,10 @@ async function ensureServerBinary(forceUpdate) {
 program2.command("config").description("Show the resolved isol8 configuration").option("--json", "Output as raw JSON").action((opts) => {
   const config = loadConfig();
   const searchPaths = [
-    join2(resolve2(process.cwd()), "isol8.config.json"),
-    join2(homedir2(), ".isol8", "config.json")
+    join3(resolve2(process.cwd()), "isol8.config.json"),
+    join3(homedir2(), ".isol8", "config.json")
   ];
-  const loadedFrom = searchPaths.find((p) => existsSync4(p));
+  const loadedFrom = searchPaths.find((p) => existsSync5(p));
   logger.debug(`[Config] Config source: ${loadedFrom ?? "defaults"}`);
   logger.debug(`[Config] Resolved config: ${JSON.stringify(config)}`);
   if (opts.json) {
@@ -62009,7 +62329,7 @@ async function resolveRunInput(file, opts) {
   } else if (file) {
     const filePath = resolve2(file);
     logger.debug(`[Run] Reading file: ${filePath}`);
-    if (!existsSync4(filePath)) {
+    if (!existsSync5(filePath)) {
       console.error(`[ERR] File not found: ${file}`);
       process.exit(1);
     }
@@ -62096,4 +62416,4 @@ if (!process.argv.slice(2).length) {
 }
 program2.parse();
 
-//# debugId=2B71A68DA2ABDB9664756E2164756E21
+//# debugId=A0037469D709994964756E2164756E21