isol8 0.9.0-alpha.0 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +123 -37
- package/dist/docker/proxy-handler.sh +38 -0
- package/dist/docker/proxy.sh +2 -1
- package/dist/index.js +79 -1
- package/dist/src/engine/docker.d.ts +5 -0
- package/dist/src/engine/docker.d.ts.map +1 -1
- package/dist/src/types.d.ts +30 -2
- package/dist/src/types.d.ts.map +1 -1
- package/package.json +2 -1
package/dist/cli.js
CHANGED
|
@@ -6318,7 +6318,7 @@ var require_bcrypt_pbkdf = __commonJS((exports, module) => {
|
|
|
6318
6318
|
|
|
6319
6319
|
// node_modules/cpu-features/build/Release/cpufeatures.node
|
|
6320
6320
|
var require_cpufeatures = __commonJS((exports, module) => {
|
|
6321
|
-
module.exports = __require("./cpufeatures-
|
|
6321
|
+
module.exports = __require("./cpufeatures-tjjrgpt7.node");
|
|
6322
6322
|
});
|
|
6323
6323
|
|
|
6324
6324
|
// node_modules/cpu-features/lib/index.js
|
|
@@ -6931,12 +6931,12 @@ var require_utils2 = __commonJS((exports, module) => {
|
|
|
6931
6931
|
|
|
6932
6932
|
// node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node
|
|
6933
6933
|
var require_sshcrypto = __commonJS((exports, module) => {
|
|
6934
|
-
module.exports = __require("./sshcrypto-
|
|
6934
|
+
module.exports = __require("./sshcrypto-0209sx47.node");
|
|
6935
6935
|
});
|
|
6936
6936
|
|
|
6937
6937
|
// node_modules/ssh2/lib/protocol/crypto/poly1305.js
|
|
6938
6938
|
var require_poly1305 = __commonJS((exports, module) => {
|
|
6939
|
-
var __dirname = "/
|
|
6939
|
+
var __dirname = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib/protocol/crypto", __filename = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib/protocol/crypto/poly1305.js";
|
|
6940
6940
|
var createPoly1305 = function() {
|
|
6941
6941
|
var _scriptDir = typeof document !== "undefined" && document.currentScript ? document.currentScript.src : undefined;
|
|
6942
6942
|
if (typeof __filename !== "undefined")
|
|
@@ -8681,7 +8681,7 @@ ${formatted}-----END ${type} KEY-----`;
|
|
|
8681
8681
|
}
|
|
8682
8682
|
return Buffer.from(hex, "hex");
|
|
8683
8683
|
}
|
|
8684
|
-
return function
|
|
8684
|
+
return function genOpenSSLRSAPriv2(n, e, d, iqmp, p, q) {
|
|
8685
8685
|
const bn_d = bigIntFromBuffer(d);
|
|
8686
8686
|
const dmp1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(p) - 1n));
|
|
8687
8687
|
const dmq1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(q) - 1n));
|
|
@@ -9709,7 +9709,7 @@ ${formatted}-----END ${type} KEY-----`;
|
|
|
9709
9709
|
|
|
9710
9710
|
// node_modules/ssh2/lib/agent.js
|
|
9711
9711
|
var require_agent = __commonJS((exports, module) => {
|
|
9712
|
-
var __dirname = "/
|
|
9712
|
+
var __dirname = "/home/runner/work/isol8/isol8/node_modules/ssh2/lib";
|
|
9713
9713
|
var { Socket } = __require("net");
|
|
9714
9714
|
var { Duplex } = __require("stream");
|
|
9715
9715
|
var { resolve } = __require("path");
|
|
@@ -21682,7 +21682,7 @@ var require__stream_writable = __commonJS((exports, module) => {
|
|
|
21682
21682
|
}
|
|
21683
21683
|
});
|
|
21684
21684
|
} else {
|
|
21685
|
-
realHasInstance = function
|
|
21685
|
+
realHasInstance = function realHasInstance2(object) {
|
|
21686
21686
|
return object instanceof this;
|
|
21687
21687
|
};
|
|
21688
21688
|
}
|
|
@@ -22480,28 +22480,28 @@ var require_end_of_stream = __commonJS((exports, module) => {
|
|
|
22480
22480
|
callback = once(callback || noop);
|
|
22481
22481
|
var readable = opts.readable || opts.readable !== false && stream.readable;
|
|
22482
22482
|
var writable = opts.writable || opts.writable !== false && stream.writable;
|
|
22483
|
-
var onlegacyfinish = function
|
|
22483
|
+
var onlegacyfinish = function onlegacyfinish2() {
|
|
22484
22484
|
if (!stream.writable)
|
|
22485
22485
|
onfinish();
|
|
22486
22486
|
};
|
|
22487
22487
|
var writableEnded = stream._writableState && stream._writableState.finished;
|
|
22488
|
-
var onfinish = function
|
|
22488
|
+
var onfinish = function onfinish2() {
|
|
22489
22489
|
writable = false;
|
|
22490
22490
|
writableEnded = true;
|
|
22491
22491
|
if (!readable)
|
|
22492
22492
|
callback.call(stream);
|
|
22493
22493
|
};
|
|
22494
22494
|
var readableEnded = stream._readableState && stream._readableState.endEmitted;
|
|
22495
|
-
var onend = function
|
|
22495
|
+
var onend = function onend2() {
|
|
22496
22496
|
readable = false;
|
|
22497
22497
|
readableEnded = true;
|
|
22498
22498
|
if (!writable)
|
|
22499
22499
|
callback.call(stream);
|
|
22500
22500
|
};
|
|
22501
|
-
var onerror = function
|
|
22501
|
+
var onerror = function onerror2(err) {
|
|
22502
22502
|
callback.call(stream, err);
|
|
22503
22503
|
};
|
|
22504
|
-
var onclose = function
|
|
22504
|
+
var onclose = function onclose2() {
|
|
22505
22505
|
var err;
|
|
22506
22506
|
if (readable && !readableEnded) {
|
|
22507
22507
|
if (!stream._readableState || !stream._readableState.ended)
|
|
@@ -22514,7 +22514,7 @@ var require_end_of_stream = __commonJS((exports, module) => {
|
|
|
22514
22514
|
return callback.call(stream, err);
|
|
22515
22515
|
}
|
|
22516
22516
|
};
|
|
22517
|
-
var onrequest = function
|
|
22517
|
+
var onrequest = function onrequest2() {
|
|
22518
22518
|
stream.req.on("finish", onfinish);
|
|
22519
22519
|
};
|
|
22520
22520
|
if (isRequest(stream)) {
|
|
@@ -22671,7 +22671,7 @@ var require_async_iterator = __commonJS((exports, module) => {
|
|
|
22671
22671
|
});
|
|
22672
22672
|
});
|
|
22673
22673
|
}), _Object$setPrototypeO), AsyncIteratorPrototype);
|
|
22674
|
-
var createReadableStreamAsyncIterator = function
|
|
22674
|
+
var createReadableStreamAsyncIterator = function createReadableStreamAsyncIterator2(stream) {
|
|
22675
22675
|
var _Object$create;
|
|
22676
22676
|
var iterator = Object.create(ReadableStreamAsyncIteratorPrototype, (_Object$create = {}, _defineProperty(_Object$create, kStream, {
|
|
22677
22677
|
value: stream,
|
|
@@ -22860,7 +22860,7 @@ var require__stream_readable = __commonJS((exports, module) => {
|
|
|
22860
22860
|
var Duplex;
|
|
22861
22861
|
Readable.ReadableState = ReadableState;
|
|
22862
22862
|
var EE = __require("events").EventEmitter;
|
|
22863
|
-
var EElistenerCount = function
|
|
22863
|
+
var EElistenerCount = function EElistenerCount2(emitter, type) {
|
|
22864
22864
|
return emitter.listeners(type).length;
|
|
22865
22865
|
};
|
|
22866
22866
|
var Stream = __require("stream");
|
|
@@ -22877,7 +22877,7 @@ var require__stream_readable = __commonJS((exports, module) => {
|
|
|
22877
22877
|
if (debugUtil && debugUtil.debuglog) {
|
|
22878
22878
|
debug = debugUtil.debuglog("stream");
|
|
22879
22879
|
} else {
|
|
22880
|
-
debug = function
|
|
22880
|
+
debug = function debug2() {};
|
|
22881
22881
|
}
|
|
22882
22882
|
var BufferList = require_buffer_list();
|
|
22883
22883
|
var destroyImpl = require_destroy();
|
|
@@ -25535,14 +25535,14 @@ var require_BufferList = __commonJS((exports, module) => {
|
|
|
25535
25535
|
if (srcEnd <= 0) {
|
|
25536
25536
|
return dst || Buffer2.alloc(0);
|
|
25537
25537
|
}
|
|
25538
|
-
const
|
|
25538
|
+
const copy2 = !!dst;
|
|
25539
25539
|
const off = this._offset(srcStart);
|
|
25540
25540
|
const len = srcEnd - srcStart;
|
|
25541
25541
|
let bytes = len;
|
|
25542
|
-
let bufoff =
|
|
25542
|
+
let bufoff = copy2 && dstStart || 0;
|
|
25543
25543
|
let start = off[1];
|
|
25544
25544
|
if (srcStart === 0 && srcEnd === this.length) {
|
|
25545
|
-
if (!
|
|
25545
|
+
if (!copy2) {
|
|
25546
25546
|
return this._bufs.length === 1 ? this._bufs[0] : Buffer2.concat(this._bufs, this.length);
|
|
25547
25547
|
}
|
|
25548
25548
|
for (let i = 0;i < this._bufs.length; i++) {
|
|
@@ -25552,9 +25552,9 @@ var require_BufferList = __commonJS((exports, module) => {
|
|
|
25552
25552
|
return dst;
|
|
25553
25553
|
}
|
|
25554
25554
|
if (bytes <= this._bufs[off[0]].length - start) {
|
|
25555
|
-
return
|
|
25555
|
+
return copy2 ? this._bufs[off[0]].copy(dst, dstStart, start, start + bytes) : this._bufs[off[0]].slice(start, start + bytes);
|
|
25556
25556
|
}
|
|
25557
|
-
if (!
|
|
25557
|
+
if (!copy2) {
|
|
25558
25558
|
dst = Buffer2.allocUnsafe(len);
|
|
25559
25559
|
}
|
|
25560
25560
|
for (let i = off[0];i < this._bufs.length; i++) {
|
|
@@ -25776,7 +25776,7 @@ var require_bl = __commonJS((exports, module) => {
|
|
|
25776
25776
|
}
|
|
25777
25777
|
if (typeof callback === "function") {
|
|
25778
25778
|
this._callback = callback;
|
|
25779
|
-
const piper = function
|
|
25779
|
+
const piper = function piper2(err) {
|
|
25780
25780
|
if (this._callback) {
|
|
25781
25781
|
this._callback(err);
|
|
25782
25782
|
this._callback = null;
|
|
@@ -34839,7 +34839,7 @@ var require_writer2 = __commonJS((exports, module) => {
|
|
|
34839
34839
|
this.tail = this.head;
|
|
34840
34840
|
this.states = null;
|
|
34841
34841
|
}
|
|
34842
|
-
var create = function
|
|
34842
|
+
var create = function create2() {
|
|
34843
34843
|
return util.Buffer ? function create_buffer_setup() {
|
|
34844
34844
|
return (Writer.create = function create_buffer() {
|
|
34845
34845
|
return new BufferWriter;
|
|
@@ -35063,12 +35063,12 @@ var require_reader2 = __commonJS((exports, module) => {
|
|
|
35063
35063
|
if (buffer instanceof Uint8Array || Array.isArray(buffer))
|
|
35064
35064
|
return new Reader(buffer);
|
|
35065
35065
|
throw Error("illegal buffer");
|
|
35066
|
-
} : function
|
|
35066
|
+
} : function create_array2(buffer) {
|
|
35067
35067
|
if (Array.isArray(buffer))
|
|
35068
35068
|
return new Reader(buffer);
|
|
35069
35069
|
throw Error("illegal buffer");
|
|
35070
35070
|
};
|
|
35071
|
-
var create = function
|
|
35071
|
+
var create = function create2() {
|
|
35072
35072
|
return util.Buffer ? function create_buffer_setup(buffer) {
|
|
35073
35073
|
return (Reader.create = function create_buffer(buffer2) {
|
|
35074
35074
|
return util.Buffer.isBuffer(buffer2) ? new BufferReader(buffer2) : create_array(buffer2);
|
|
@@ -35494,10 +35494,10 @@ var require_fetch = __commonJS((exports, module) => {
|
|
|
35494
35494
|
// node_modules/@protobufjs/path/index.js
|
|
35495
35495
|
var require_path = __commonJS((exports) => {
|
|
35496
35496
|
var path = exports;
|
|
35497
|
-
var isAbsolute = path.isAbsolute = function
|
|
35497
|
+
var isAbsolute = path.isAbsolute = function isAbsolute2(path2) {
|
|
35498
35498
|
return /^(?:\/|\w+:)/.test(path2);
|
|
35499
35499
|
};
|
|
35500
|
-
var normalize = path.normalize = function
|
|
35500
|
+
var normalize = path.normalize = function normalize2(path2) {
|
|
35501
35501
|
path2 = path2.replace(/\\/g, "/").replace(/\/{2,}/g, "/");
|
|
35502
35502
|
var parts = path2.split("/"), absolute = isAbsolute(path2), prefix = "";
|
|
35503
35503
|
if (absolute)
|
|
@@ -35662,7 +35662,7 @@ var require_namespace = __commonJS((exports, module) => {
|
|
|
35662
35662
|
object.onRemove(this);
|
|
35663
35663
|
return clearCache(this);
|
|
35664
35664
|
};
|
|
35665
|
-
Namespace.prototype.define = function
|
|
35665
|
+
Namespace.prototype.define = function define2(path, json) {
|
|
35666
35666
|
if (util.isString(path))
|
|
35667
35667
|
path = path.split(".");
|
|
35668
35668
|
else if (!Array.isArray(path))
|
|
@@ -42478,7 +42478,7 @@ var require_src3 = __commonJS((exports) => {
|
|
|
42478
42478
|
|
|
42479
42479
|
// node_modules/@grpc/grpc-js/build/src/channelz.js
|
|
42480
42480
|
var require_channelz = __commonJS((exports) => {
|
|
42481
|
-
var __dirname = "/
|
|
42481
|
+
var __dirname = "/home/runner/work/isol8/isol8/node_modules/@grpc/grpc-js/build/src";
|
|
42482
42482
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
42483
42483
|
exports.registerChannelzSocket = exports.registerChannelzServer = exports.registerChannelzSubchannel = exports.registerChannelzChannel = exports.ChannelzCallTrackerStub = exports.ChannelzCallTracker = exports.ChannelzChildrenTrackerStub = exports.ChannelzChildrenTracker = exports.ChannelzTrace = exports.ChannelzTraceStub = undefined;
|
|
42484
42484
|
exports.unregisterChannelzRef = unregisterChannelzRef;
|
|
@@ -47881,7 +47881,7 @@ var require_duration = __commonJS((exports) => {
|
|
|
47881
47881
|
|
|
47882
47882
|
// node_modules/@grpc/grpc-js/build/src/orca.js
|
|
47883
47883
|
var require_orca = __commonJS((exports) => {
|
|
47884
|
-
var __dirname = "/
|
|
47884
|
+
var __dirname = "/home/runner/work/isol8/isol8/node_modules/@grpc/grpc-js/build/src";
|
|
47885
47885
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
47886
47886
|
exports.OrcaOobMetricsSubchannelWrapper = exports.GRPC_METRICS_HEADER = exports.ServerMetricRecorder = exports.PerRequestMetricRecorder = undefined;
|
|
47887
47887
|
exports.createOrcaClient = createOrcaClient;
|
|
@@ -53270,7 +53270,7 @@ var require_dist = __commonJS((exports) => {
|
|
|
53270
53270
|
|
|
53271
53271
|
// node_modules/dockerode/lib/session.js
|
|
53272
53272
|
var require_session = __commonJS((exports, module) => {
|
|
53273
|
-
var __dirname = "/
|
|
53273
|
+
var __dirname = "/home/runner/work/isol8/isol8/node_modules/dockerode/lib";
|
|
53274
53274
|
var grpc = require_src4();
|
|
53275
53275
|
var protoLoader = require_src5();
|
|
53276
53276
|
var path = __require("path");
|
|
@@ -54496,7 +54496,7 @@ var require_docker = __commonJS((exports, module) => {
|
|
|
54496
54496
|
stream: true,
|
|
54497
54497
|
stdout: true,
|
|
54498
54498
|
stderr: true
|
|
54499
|
-
}, function
|
|
54499
|
+
}, function handler2(err2, stream) {
|
|
54500
54500
|
if (err2)
|
|
54501
54501
|
return callback(err2, null, container);
|
|
54502
54502
|
hub.emit("stream", stream);
|
|
@@ -55680,6 +55680,7 @@ class DockerIsol8 {
|
|
|
55680
55680
|
tmpSize;
|
|
55681
55681
|
security;
|
|
55682
55682
|
persist;
|
|
55683
|
+
logNetwork;
|
|
55683
55684
|
auditLogger;
|
|
55684
55685
|
container = null;
|
|
55685
55686
|
persistentRuntime = null;
|
|
@@ -55702,6 +55703,7 @@ class DockerIsol8 {
|
|
|
55702
55703
|
this.tmpSize = options.tmpSize ?? "256m";
|
|
55703
55704
|
this.persist = options.persist ?? false;
|
|
55704
55705
|
this.security = options.security ?? { seccomp: "strict" };
|
|
55706
|
+
this.logNetwork = options.logNetwork ?? false;
|
|
55705
55707
|
if (options.audit) {
|
|
55706
55708
|
this.auditLogger = new AuditLogger(options.audit);
|
|
55707
55709
|
}
|
|
@@ -55749,6 +55751,10 @@ class DockerIsol8 {
|
|
|
55749
55751
|
securityEvents = undefined;
|
|
55750
55752
|
}
|
|
55751
55753
|
}
|
|
55754
|
+
let networkLogs;
|
|
55755
|
+
if (this.logNetwork && result.networkLogs) {
|
|
55756
|
+
networkLogs = result.networkLogs;
|
|
55757
|
+
}
|
|
55752
55758
|
const audit = {
|
|
55753
55759
|
executionId: result.executionId,
|
|
55754
55760
|
userId: req.metadata?.userId || "",
|
|
@@ -55760,6 +55766,7 @@ class DockerIsol8 {
|
|
|
55760
55766
|
durationMs: result.durationMs,
|
|
55761
55767
|
resourceUsage: result.resourceUsage,
|
|
55762
55768
|
securityEvents,
|
|
55769
|
+
networkLogs,
|
|
55763
55770
|
metadata: req.metadata
|
|
55764
55771
|
};
|
|
55765
55772
|
this.auditLogger.record(audit);
|
|
@@ -55801,6 +55808,52 @@ class DockerIsol8 {
|
|
|
55801
55808
|
} catch {}
|
|
55802
55809
|
return events;
|
|
55803
55810
|
}
|
|
55811
|
+
async collectNetworkLogs(container) {
|
|
55812
|
+
const logs = [];
|
|
55813
|
+
try {
|
|
55814
|
+
const exec = await container.exec({
|
|
55815
|
+
Cmd: ["cat", "/tmp/isol8-proxy/network.jsonl"],
|
|
55816
|
+
AttachStdout: true,
|
|
55817
|
+
AttachStderr: false,
|
|
55818
|
+
User: "root"
|
|
55819
|
+
});
|
|
55820
|
+
const stream = await exec.start({ Tty: false });
|
|
55821
|
+
const chunks = [];
|
|
55822
|
+
for await (const chunk of stream) {
|
|
55823
|
+
chunks.push(chunk);
|
|
55824
|
+
}
|
|
55825
|
+
const output = Buffer.concat(chunks).toString("utf-8").trim();
|
|
55826
|
+
logger.debug(`[NetworkLogs] Raw output length: ${output.length}, first 100 chars: ${output.substring(0, 100).replace(/\\n/g, "\\n")}`);
|
|
55827
|
+
const jsonLines = output.split(`
|
|
55828
|
+
`).filter((line) => line.includes("timestamp"));
|
|
55829
|
+
logger.debug(`[NetworkLogs] Found ${jsonLines.length} JSON lines out of ${output.split(`
|
|
55830
|
+
`).length} total lines`);
|
|
55831
|
+
for (const line of jsonLines) {
|
|
55832
|
+
const startIdx = line.indexOf("{");
|
|
55833
|
+
const endIdx = line.lastIndexOf("}");
|
|
55834
|
+
if (startIdx === -1 || endIdx === -1) {
|
|
55835
|
+
continue;
|
|
55836
|
+
}
|
|
55837
|
+
const jsonStr = line.substring(startIdx, endIdx + 1);
|
|
55838
|
+
try {
|
|
55839
|
+
const entry = JSON.parse(jsonStr);
|
|
55840
|
+
logs.push({
|
|
55841
|
+
timestamp: entry.timestamp || new Date().toISOString(),
|
|
55842
|
+
method: entry.method || "UNKNOWN",
|
|
55843
|
+
host: entry.host || "",
|
|
55844
|
+
path: entry.path,
|
|
55845
|
+
action: entry.action || "ALLOW",
|
|
55846
|
+
durationMs: entry.durationMs || 0
|
|
55847
|
+
});
|
|
55848
|
+
logger.debug(`[NetworkLogs] Successfully parsed line: ${JSON.stringify(entry)}`);
|
|
55849
|
+
} catch (e) {
|
|
55850
|
+
logger.debug(`[NetworkLogs] Failed to parse line: ${line.substring(0, 50)}..., error: ${e}`);
|
|
55851
|
+
}
|
|
55852
|
+
}
|
|
55853
|
+
logger.debug(`[NetworkLogs] Total parsed logs: ${logs.length}`);
|
|
55854
|
+
} catch {}
|
|
55855
|
+
return logs;
|
|
55856
|
+
}
|
|
55804
55857
|
async putFile(path, content) {
|
|
55805
55858
|
if (!this.container) {
|
|
55806
55859
|
throw new Error("No active container. Call execute() first in persistent mode.");
|
|
@@ -55984,6 +56037,17 @@ class DockerIsol8 {
|
|
|
55984
56037
|
logger.debug("Failed to collect final stats:", err);
|
|
55985
56038
|
}
|
|
55986
56039
|
}
|
|
56040
|
+
let networkLogs;
|
|
56041
|
+
if (this.logNetwork && this.network === "filtered") {
|
|
56042
|
+
try {
|
|
56043
|
+
networkLogs = await this.collectNetworkLogs(container);
|
|
56044
|
+
if (networkLogs.length === 0) {
|
|
56045
|
+
networkLogs = undefined;
|
|
56046
|
+
}
|
|
56047
|
+
} catch (err) {
|
|
56048
|
+
logger.debug("Failed to collect network logs:", err);
|
|
56049
|
+
}
|
|
56050
|
+
}
|
|
55987
56051
|
const result = {
|
|
55988
56052
|
stdout: this.postProcessOutput(stdout, truncated),
|
|
55989
56053
|
stderr: this.postProcessOutput(stderr, false),
|
|
@@ -55995,6 +56059,7 @@ class DockerIsol8 {
|
|
|
55995
56059
|
timestamp: new Date().toISOString(),
|
|
55996
56060
|
containerId: container.id,
|
|
55997
56061
|
...resourceUsage ? { resourceUsage } : {},
|
|
56062
|
+
...networkLogs ? { networkLogs } : {},
|
|
55998
56063
|
...req.outputPaths ? { files: await this.retrieveFiles(container, req.outputPaths) } : {}
|
|
55999
56064
|
};
|
|
56000
56065
|
if (this.auditLogger) {
|
|
@@ -56077,6 +56142,17 @@ class DockerIsol8 {
|
|
|
56077
56142
|
logger.debug("Failed to collect resource stats:", err);
|
|
56078
56143
|
}
|
|
56079
56144
|
}
|
|
56145
|
+
let networkLogs;
|
|
56146
|
+
if (this.logNetwork && this.network === "filtered") {
|
|
56147
|
+
try {
|
|
56148
|
+
networkLogs = await this.collectNetworkLogs(this.container);
|
|
56149
|
+
if (networkLogs.length === 0) {
|
|
56150
|
+
networkLogs = undefined;
|
|
56151
|
+
}
|
|
56152
|
+
} catch (err) {
|
|
56153
|
+
logger.debug("Failed to collect network logs:", err);
|
|
56154
|
+
}
|
|
56155
|
+
}
|
|
56080
56156
|
const result = {
|
|
56081
56157
|
stdout: this.postProcessOutput(stdout, truncated),
|
|
56082
56158
|
stderr: this.postProcessOutput(stderr, false),
|
|
@@ -56088,6 +56164,7 @@ class DockerIsol8 {
|
|
|
56088
56164
|
timestamp: new Date().toISOString(),
|
|
56089
56165
|
containerId: this.container?.id,
|
|
56090
56166
|
...resourceUsage ? { resourceUsage } : {},
|
|
56167
|
+
...networkLogs ? { networkLogs } : {},
|
|
56091
56168
|
...req.outputPaths ? { files: await this.retrieveFiles(this.container, req.outputPaths) } : {}
|
|
56092
56169
|
};
|
|
56093
56170
|
if (this.auditLogger) {
|
|
@@ -56393,11 +56470,11 @@ class DockerIsol8 {
|
|
|
56393
56470
|
}
|
|
56394
56471
|
var import_dockerode, SANDBOX_WORKDIR = "/sandbox", MAX_OUTPUT_BYTES, PROXY_PORT = 8118, PROXY_STARTUP_TIMEOUT_MS = 5000, PROXY_POLL_INTERVAL_MS = 100;
|
|
56395
56472
|
var init_docker = __esm(() => {
|
|
56396
|
-
import_dockerode = __toESM(require_docker(), 1);
|
|
56397
56473
|
init_runtime();
|
|
56398
56474
|
init_logger();
|
|
56399
56475
|
init_audit();
|
|
56400
56476
|
init_pool();
|
|
56477
|
+
import_dockerode = __toESM(require_docker(), 1);
|
|
56401
56478
|
MAX_OUTPUT_BYTES = 1024 * 1024;
|
|
56402
56479
|
});
|
|
56403
56480
|
|
|
@@ -56453,6 +56530,7 @@ var init_package = __esm(() => {
|
|
|
56453
56530
|
bench: "bunx tsx benchmarks/spawn.ts",
|
|
56454
56531
|
"bench:pool": "bunx tsx benchmarks/spawn-pool.ts",
|
|
56455
56532
|
"bench:detailed": "bunx tsx benchmarks/spawn-detailed.ts",
|
|
56533
|
+
"bench:cli": "bun run tests/production/bench-cli.ts",
|
|
56456
56534
|
"docs:dev": "cd docs && mint dev",
|
|
56457
56535
|
"docs:validate": "cd docs && mint validate",
|
|
56458
56536
|
"docs:broken-links": "cd docs && mint broken-links",
|
|
@@ -58942,7 +59020,7 @@ onetime.callCount = (function_) => {
|
|
|
58942
59020
|
};
|
|
58943
59021
|
var onetime_default = onetime;
|
|
58944
59022
|
|
|
58945
|
-
// node_modules/
|
|
59023
|
+
// node_modules/signal-exit/dist/mjs/signals.js
|
|
58946
59024
|
var signals = [];
|
|
58947
59025
|
signals.push("SIGHUP", "SIGINT", "SIGTERM");
|
|
58948
59026
|
if (process.platform !== "win32") {
|
|
@@ -58952,7 +59030,7 @@ if (process.platform === "linux") {
|
|
|
58952
59030
|
signals.push("SIGIO", "SIGPOLL", "SIGPWR", "SIGSTKFLT");
|
|
58953
59031
|
}
|
|
58954
59032
|
|
|
58955
|
-
// node_modules/
|
|
59033
|
+
// node_modules/signal-exit/dist/mjs/index.js
|
|
58956
59034
|
var processOk = (process3) => !!process3 && typeof process3 === "object" && typeof process3.removeListener === "function" && typeof process3.emit === "function" && typeof process3.reallyExit === "function" && typeof process3.listeners === "function" && typeof process3.kill === "function" && typeof process3.pid === "number" && typeof process3.on === "function";
|
|
58957
59035
|
var kExitEmitter = Symbol.for("signal-exit emitter");
|
|
58958
59036
|
var global2 = globalThis;
|
|
@@ -61942,7 +62020,7 @@ program2.command("setup").description("Check Docker and build isol8 images").opt
|
|
|
61942
62020
|
console.log(`
|
|
61943
62021
|
[DONE] Setup complete!`);
|
|
61944
62022
|
});
|
|
61945
|
-
program2.command("run").description("Execute code in isol8").argument("[file]", "Script file to execute").option("-e, --eval <code>", "Execute inline code string").option("-r, --runtime <name>", "Force runtime (python, node, bun, deno, bash)").option("--net <mode>", "Network mode: none, host, filtered", "none").option("--allow <regex>", "Whitelist regex for filtered mode (repeatable)", collect, []).option("--deny <regex>", "Blacklist regex for filtered mode (repeatable)", collect, []).option("--out <file>", "Write output to file").option("--persistent", "Use persistent container").option("--timeout <ms>", "Execution timeout in milliseconds").option("--memory <limit>", "Memory limit (e.g. 512m, 1g)").option("--cpu <limit>", "CPU limit as fraction (e.g. 0.5, 2.0)").option("--image <name>", "Override Docker image").option("--pids-limit <n>", "Maximum number of processes").option("--writable", "Disable read-only root filesystem").option("--max-output <bytes>", "Maximum output size in bytes").option("--secret <KEY=VALUE>", "Secret env var (repeatable, values masked)", collect, []).option("--sandbox-size <size>", "Sandbox tmpfs size (e.g. 128m)").option("--tmp-size <size>", "Tmp tmpfs size (e.g. 256m, 512m)").option("--stdin <data>", "Data to pipe to stdin").option("--install <package>", "Install package for runtime (repeatable)", collect, []).option("--host <url>", "Execute on remote server").option("--key <key>", "API key for remote server").option("--no-stream", "Disable real-time output streaming").option("--debug", "Enable debug logging").option("--persist", "Keep container running after execution for inspection").action(async (file, opts) => {
|
|
62023
|
+
program2.command("run").description("Execute code in isol8").argument("[file]", "Script file to execute").option("-e, --eval <code>", "Execute inline code string").option("-r, --runtime <name>", "Force runtime (python, node, bun, deno, bash)").option("--net <mode>", "Network mode: none, host, filtered", "none").option("--allow <regex>", "Whitelist regex for filtered mode (repeatable)", collect, []).option("--deny <regex>", "Blacklist regex for filtered mode (repeatable)", collect, []).option("--out <file>", "Write output to file").option("--persistent", "Use persistent container").option("--timeout <ms>", "Execution timeout in milliseconds").option("--memory <limit>", "Memory limit (e.g. 512m, 1g)").option("--cpu <limit>", "CPU limit as fraction (e.g. 0.5, 2.0)").option("--image <name>", "Override Docker image").option("--pids-limit <n>", "Maximum number of processes").option("--writable", "Disable read-only root filesystem").option("--max-output <bytes>", "Maximum output size in bytes").option("--secret <KEY=VALUE>", "Secret env var (repeatable, values masked)", collect, []).option("--sandbox-size <size>", "Sandbox tmpfs size (e.g. 128m)").option("--tmp-size <size>", "Tmp tmpfs size (e.g. 256m, 512m)").option("--stdin <data>", "Data to pipe to stdin").option("--install <package>", "Install package for runtime (repeatable)", collect, []).option("--host <url>", "Execute on remote server").option("--key <key>", "API key for remote server").option("--no-stream", "Disable real-time output streaming").option("--debug", "Enable debug logging").option("--persist", "Keep container running after execution for inspection").option("--log-network", "Log all network requests (requires --net filtered)").action(async (file, opts) => {
|
|
61946
62024
|
const { code, runtime, engineOptions, engine, stdinData, fileExtension } = await resolveRunInput(file, opts);
|
|
61947
62025
|
logger.debug(`[Run] Runtime: ${runtime}, mode: ${engineOptions.mode}`);
|
|
61948
62026
|
logger.debug(`[Run] Network: ${engineOptions.network}, timeout: ${engineOptions.timeoutMs}ms`);
|
|
@@ -62012,6 +62090,13 @@ program2.command("run").description("Execute code in isol8").argument("[file]",
|
|
|
62012
62090
|
if (result.truncated) {
|
|
62013
62091
|
console.error("[WARN] Output was truncated");
|
|
62014
62092
|
}
|
|
62093
|
+
if (result.networkLogs && result.networkLogs.length > 0) {
|
|
62094
|
+
console.error(`
|
|
62095
|
+
--- Network Logs ---`);
|
|
62096
|
+
for (const log of result.networkLogs) {
|
|
62097
|
+
console.error(JSON.stringify(log));
|
|
62098
|
+
}
|
|
62099
|
+
}
|
|
62015
62100
|
if (opts.out && result.stdout) {
|
|
62016
62101
|
writeFileSync(opts.out, result.stdout, "utf-8");
|
|
62017
62102
|
console.error(`[INFO] Output written to ${opts.out}`);
|
|
@@ -62371,7 +62456,8 @@ async function resolveRunInput(file, opts) {
|
|
|
62371
62456
|
...opts.maxOutput ? { maxOutputSize: Number.parseInt(opts.maxOutput, 10) } : {},
|
|
62372
62457
|
...opts.tmpSize ? { tmpSize: opts.tmpSize } : {},
|
|
62373
62458
|
debug: opts.debug ?? config.debug,
|
|
62374
|
-
persist: opts.persist ?? false
|
|
62459
|
+
persist: opts.persist ?? false,
|
|
62460
|
+
...opts.logNetwork ? { logNetwork: true } : {}
|
|
62375
62461
|
};
|
|
62376
62462
|
logger.debug(`[Run] Engine options: mode=${engineOptions.mode}, network=${engineOptions.network}`);
|
|
62377
62463
|
let fileExtension;
|
|
@@ -62416,4 +62502,4 @@ if (!process.argv.slice(2).length) {
|
|
|
62416
62502
|
}
|
|
62417
62503
|
program2.parse();
|
|
62418
62504
|
|
|
62419
|
-
//# debugId=
|
|
62505
|
+
//# debugId=6CABAE4F2846DBE164756E2164756E21
|
|
@@ -15,6 +15,25 @@
|
|
|
15
15
|
WL="${ISOL8_WHITELIST_FILE:-}"
|
|
16
16
|
BL="${ISOL8_BLACKLIST_FILE:-}"
|
|
17
17
|
|
|
18
|
+
log_network() {
|
|
19
|
+
local method="$1"
|
|
20
|
+
local host="$2"
|
|
21
|
+
local path="$3"
|
|
22
|
+
local action="$4"
|
|
23
|
+
local duration_ms="$5"
|
|
24
|
+
|
|
25
|
+
if [ -d "/tmp/isol8-proxy" ]; then
|
|
26
|
+
# Handle path: output proper JSON null if path is "null", otherwise quote it
|
|
27
|
+
if [ "$path" = "null" ] || [ -z "$path" ]; then
|
|
28
|
+
printf '{"timestamp":"%s","method":"%s","host":"%s","path":null,"action":"%s","durationMs":%d}\n' \
|
|
29
|
+
"$(date -Iseconds)" "$method" "$host" "$action" "$duration_ms" >> /tmp/isol8-proxy/network.jsonl
|
|
30
|
+
else
|
|
31
|
+
printf '{"timestamp":"%s","method":"%s","host":"%s","path":"%s","action":"%s","durationMs":%d}\n' \
|
|
32
|
+
"$(date -Iseconds)" "$method" "$host" "$path" "$action" "$duration_ms" >> /tmp/isol8-proxy/network.jsonl
|
|
33
|
+
fi
|
|
34
|
+
fi
|
|
35
|
+
}
|
|
36
|
+
|
|
18
37
|
is_allowed() {
|
|
19
38
|
local host="$1"
|
|
20
39
|
|
|
@@ -75,11 +94,16 @@ if [ "$method" = "CONNECT" ]; then
|
|
|
75
94
|
if [ -d "/tmp/isol8-proxy" ]; then
|
|
76
95
|
printf '{"type":"network_blocked","timestamp":"%s","details":{"method":"CONNECT","host":"%s","reason":"filter_mismatch"}}\n' "$(date -Iseconds)" "$host" >> /tmp/isol8-proxy/security-events.jsonl
|
|
77
96
|
fi
|
|
97
|
+
# Log network event
|
|
98
|
+
log_network "CONNECT" "$host" "null" "BLOCK" 0
|
|
78
99
|
printf "HTTP/1.1 403 Forbidden\r\nContent-Type: text/plain\r\nContent-Length: %d\r\n\r\n%s" \
|
|
79
100
|
"${#msg}" "$msg"
|
|
80
101
|
exit 0
|
|
81
102
|
fi
|
|
82
103
|
|
|
104
|
+
# Log allowed CONNECT (duration will be 0 since we can't measure after exec)
|
|
105
|
+
log_network "CONNECT" "$host" "null" "ALLOW" 0
|
|
106
|
+
|
|
83
107
|
# Send 200 then replace this process with nc for bidirectional relay.
|
|
84
108
|
# nc inherits the client socket on stdin/stdout from the nc -lk -e parent.
|
|
85
109
|
printf "HTTP/1.1 200 Connection Established\r\n\r\n"
|
|
@@ -104,11 +128,18 @@ if ! is_allowed "$host"; then
|
|
|
104
128
|
if [ -d "/tmp/isol8-proxy" ]; then
|
|
105
129
|
printf '{"type":"network_blocked","timestamp":"%s","details":{"method":"%s","host":"%s","reason":"filter_mismatch"}}\n' "$(date -Iseconds)" "$method" "$host" >> /tmp/isol8-proxy/security-events.jsonl
|
|
106
130
|
fi
|
|
131
|
+
# Log network event
|
|
132
|
+
log_network "$method" "$host" "$path" "BLOCK" 0
|
|
107
133
|
printf "HTTP/1.1 403 Forbidden\r\nContent-Type: text/plain\r\nContent-Length: %d\r\n\r\n%s" \
|
|
108
134
|
"${#msg}" "$msg"
|
|
109
135
|
exit 0
|
|
110
136
|
fi
|
|
111
137
|
|
|
138
|
+
# Record start time for duration measurement
|
|
139
|
+
if [ -d "/tmp/isol8-proxy" ]; then
|
|
140
|
+
start_time=$(date +%s%3N)
|
|
141
|
+
fi
|
|
142
|
+
|
|
112
143
|
# Open TCP connection via bash /dev/tcp
|
|
113
144
|
if ! exec 3<>/dev/tcp/"$host"/"$port" 2>/dev/null; then
|
|
114
145
|
msg="isol8: proxy error: connection to ${host}:${port} failed"
|
|
@@ -138,5 +169,12 @@ fi
|
|
|
138
169
|
# Relay response back to client
|
|
139
170
|
cat <&3
|
|
140
171
|
|
|
172
|
+
# Calculate duration and log the network event
|
|
173
|
+
if [ -n "$start_time" ] && [ -d "/tmp/isol8-proxy" ]; then
|
|
174
|
+
end_time=$(date +%s%3N)
|
|
175
|
+
duration=$((end_time - start_time))
|
|
176
|
+
log_network "$method" "$host" "$path" "ALLOW" "$duration"
|
|
177
|
+
fi
|
|
178
|
+
|
|
141
179
|
exec 3>&-
|
|
142
180
|
exit 0
|
package/dist/docker/proxy.sh
CHANGED
|
@@ -17,8 +17,9 @@ PORT="${ISOL8_PROXY_PORT:-8118}"
|
|
|
17
17
|
PROXY_DIR="/tmp/isol8-proxy"
|
|
18
18
|
mkdir -p "$PROXY_DIR"
|
|
19
19
|
|
|
20
|
-
# Create
|
|
20
|
+
# Create log files
|
|
21
21
|
touch "$PROXY_DIR/security-events.jsonl"
|
|
22
|
+
touch "$PROXY_DIR/network.jsonl"
|
|
22
23
|
|
|
23
24
|
WL_FILE="$PROXY_DIR/whitelist"
|
|
24
25
|
BL_FILE="$PROXY_DIR/blacklist"
|
package/dist/index.js
CHANGED
|
@@ -828,6 +828,7 @@ class DockerIsol8 {
|
|
|
828
828
|
tmpSize;
|
|
829
829
|
security;
|
|
830
830
|
persist;
|
|
831
|
+
logNetwork;
|
|
831
832
|
auditLogger;
|
|
832
833
|
container = null;
|
|
833
834
|
persistentRuntime = null;
|
|
@@ -850,6 +851,7 @@ class DockerIsol8 {
|
|
|
850
851
|
this.tmpSize = options.tmpSize ?? "256m";
|
|
851
852
|
this.persist = options.persist ?? false;
|
|
852
853
|
this.security = options.security ?? { seccomp: "strict" };
|
|
854
|
+
this.logNetwork = options.logNetwork ?? false;
|
|
853
855
|
if (options.audit) {
|
|
854
856
|
this.auditLogger = new AuditLogger(options.audit);
|
|
855
857
|
}
|
|
@@ -897,6 +899,10 @@ class DockerIsol8 {
|
|
|
897
899
|
securityEvents = undefined;
|
|
898
900
|
}
|
|
899
901
|
}
|
|
902
|
+
let networkLogs;
|
|
903
|
+
if (this.logNetwork && result.networkLogs) {
|
|
904
|
+
networkLogs = result.networkLogs;
|
|
905
|
+
}
|
|
900
906
|
const audit = {
|
|
901
907
|
executionId: result.executionId,
|
|
902
908
|
userId: req.metadata?.userId || "",
|
|
@@ -908,6 +914,7 @@ class DockerIsol8 {
|
|
|
908
914
|
durationMs: result.durationMs,
|
|
909
915
|
resourceUsage: result.resourceUsage,
|
|
910
916
|
securityEvents,
|
|
917
|
+
networkLogs,
|
|
911
918
|
metadata: req.metadata
|
|
912
919
|
};
|
|
913
920
|
this.auditLogger.record(audit);
|
|
@@ -949,6 +956,52 @@ class DockerIsol8 {
|
|
|
949
956
|
} catch {}
|
|
950
957
|
return events;
|
|
951
958
|
}
|
|
959
|
+
async collectNetworkLogs(container) {
|
|
960
|
+
const logs = [];
|
|
961
|
+
try {
|
|
962
|
+
const exec = await container.exec({
|
|
963
|
+
Cmd: ["cat", "/tmp/isol8-proxy/network.jsonl"],
|
|
964
|
+
AttachStdout: true,
|
|
965
|
+
AttachStderr: false,
|
|
966
|
+
User: "root"
|
|
967
|
+
});
|
|
968
|
+
const stream = await exec.start({ Tty: false });
|
|
969
|
+
const chunks = [];
|
|
970
|
+
for await (const chunk of stream) {
|
|
971
|
+
chunks.push(chunk);
|
|
972
|
+
}
|
|
973
|
+
const output = Buffer.concat(chunks).toString("utf-8").trim();
|
|
974
|
+
logger.debug(`[NetworkLogs] Raw output length: ${output.length}, first 100 chars: ${output.substring(0, 100).replace(/\\n/g, "\\n")}`);
|
|
975
|
+
const jsonLines = output.split(`
|
|
976
|
+
`).filter((line) => line.includes("timestamp"));
|
|
977
|
+
logger.debug(`[NetworkLogs] Found ${jsonLines.length} JSON lines out of ${output.split(`
|
|
978
|
+
`).length} total lines`);
|
|
979
|
+
for (const line of jsonLines) {
|
|
980
|
+
const startIdx = line.indexOf("{");
|
|
981
|
+
const endIdx = line.lastIndexOf("}");
|
|
982
|
+
if (startIdx === -1 || endIdx === -1) {
|
|
983
|
+
continue;
|
|
984
|
+
}
|
|
985
|
+
const jsonStr = line.substring(startIdx, endIdx + 1);
|
|
986
|
+
try {
|
|
987
|
+
const entry = JSON.parse(jsonStr);
|
|
988
|
+
logs.push({
|
|
989
|
+
timestamp: entry.timestamp || new Date().toISOString(),
|
|
990
|
+
method: entry.method || "UNKNOWN",
|
|
991
|
+
host: entry.host || "",
|
|
992
|
+
path: entry.path,
|
|
993
|
+
action: entry.action || "ALLOW",
|
|
994
|
+
durationMs: entry.durationMs || 0
|
|
995
|
+
});
|
|
996
|
+
logger.debug(`[NetworkLogs] Successfully parsed line: ${JSON.stringify(entry)}`);
|
|
997
|
+
} catch (e) {
|
|
998
|
+
logger.debug(`[NetworkLogs] Failed to parse line: ${line.substring(0, 50)}..., error: ${e}`);
|
|
999
|
+
}
|
|
1000
|
+
}
|
|
1001
|
+
logger.debug(`[NetworkLogs] Total parsed logs: ${logs.length}`);
|
|
1002
|
+
} catch {}
|
|
1003
|
+
return logs;
|
|
1004
|
+
}
|
|
952
1005
|
async putFile(path, content) {
|
|
953
1006
|
if (!this.container) {
|
|
954
1007
|
throw new Error("No active container. Call execute() first in persistent mode.");
|
|
@@ -1132,6 +1185,17 @@ class DockerIsol8 {
|
|
|
1132
1185
|
logger.debug("Failed to collect final stats:", err);
|
|
1133
1186
|
}
|
|
1134
1187
|
}
|
|
1188
|
+
let networkLogs;
|
|
1189
|
+
if (this.logNetwork && this.network === "filtered") {
|
|
1190
|
+
try {
|
|
1191
|
+
networkLogs = await this.collectNetworkLogs(container);
|
|
1192
|
+
if (networkLogs.length === 0) {
|
|
1193
|
+
networkLogs = undefined;
|
|
1194
|
+
}
|
|
1195
|
+
} catch (err) {
|
|
1196
|
+
logger.debug("Failed to collect network logs:", err);
|
|
1197
|
+
}
|
|
1198
|
+
}
|
|
1135
1199
|
const result = {
|
|
1136
1200
|
stdout: this.postProcessOutput(stdout, truncated),
|
|
1137
1201
|
stderr: this.postProcessOutput(stderr, false),
|
|
@@ -1143,6 +1207,7 @@ class DockerIsol8 {
|
|
|
1143
1207
|
timestamp: new Date().toISOString(),
|
|
1144
1208
|
containerId: container.id,
|
|
1145
1209
|
...resourceUsage ? { resourceUsage } : {},
|
|
1210
|
+
...networkLogs ? { networkLogs } : {},
|
|
1146
1211
|
...req.outputPaths ? { files: await this.retrieveFiles(container, req.outputPaths) } : {}
|
|
1147
1212
|
};
|
|
1148
1213
|
if (this.auditLogger) {
|
|
@@ -1225,6 +1290,17 @@ class DockerIsol8 {
|
|
|
1225
1290
|
logger.debug("Failed to collect resource stats:", err);
|
|
1226
1291
|
}
|
|
1227
1292
|
}
|
|
1293
|
+
let networkLogs;
|
|
1294
|
+
if (this.logNetwork && this.network === "filtered") {
|
|
1295
|
+
try {
|
|
1296
|
+
networkLogs = await this.collectNetworkLogs(this.container);
|
|
1297
|
+
if (networkLogs.length === 0) {
|
|
1298
|
+
networkLogs = undefined;
|
|
1299
|
+
}
|
|
1300
|
+
} catch (err) {
|
|
1301
|
+
logger.debug("Failed to collect network logs:", err);
|
|
1302
|
+
}
|
|
1303
|
+
}
|
|
1228
1304
|
const result = {
|
|
1229
1305
|
stdout: this.postProcessOutput(stdout, truncated),
|
|
1230
1306
|
stderr: this.postProcessOutput(stderr, false),
|
|
@@ -1236,6 +1312,7 @@ class DockerIsol8 {
|
|
|
1236
1312
|
timestamp: new Date().toISOString(),
|
|
1237
1313
|
containerId: this.container?.id,
|
|
1238
1314
|
...resourceUsage ? { resourceUsage } : {},
|
|
1315
|
+
...networkLogs ? { networkLogs } : {},
|
|
1239
1316
|
...req.outputPaths ? { files: await this.retrieveFiles(this.container, req.outputPaths) } : {}
|
|
1240
1317
|
};
|
|
1241
1318
|
if (this.auditLogger) {
|
|
@@ -1814,6 +1891,7 @@ var package_default = {
|
|
|
1814
1891
|
bench: "bunx tsx benchmarks/spawn.ts",
|
|
1815
1892
|
"bench:pool": "bunx tsx benchmarks/spawn-pool.ts",
|
|
1816
1893
|
"bench:detailed": "bunx tsx benchmarks/spawn-detailed.ts",
|
|
1894
|
+
"bench:cli": "bun run tests/production/bench-cli.ts",
|
|
1817
1895
|
"docs:dev": "cd docs && mint dev",
|
|
1818
1896
|
"docs:validate": "cd docs && mint validate",
|
|
1819
1897
|
"docs:broken-links": "cd docs && mint broken-links",
|
|
@@ -2104,4 +2182,4 @@ export {
|
|
|
2104
2182
|
BunAdapter
|
|
2105
2183
|
};
|
|
2106
2184
|
|
|
2107
|
-
//# debugId=
|
|
2185
|
+
//# debugId=574E3E633A3FDBE864756E2164756E21
|
|
@@ -45,6 +45,7 @@ export declare class DockerIsol8 implements Isol8Engine {
|
|
|
45
45
|
private readonly tmpSize;
|
|
46
46
|
private readonly security;
|
|
47
47
|
private readonly persist;
|
|
48
|
+
private readonly logNetwork;
|
|
48
49
|
private readonly auditLogger?;
|
|
49
50
|
private container;
|
|
50
51
|
private persistentRuntime;
|
|
@@ -74,6 +75,10 @@ export declare class DockerIsol8 implements Isol8Engine {
|
|
|
74
75
|
* Collect security events from the container (e.g., network filter blocks).
|
|
75
76
|
*/
|
|
76
77
|
private collectSecurityEvents;
|
|
78
|
+
/**
|
|
79
|
+
* Collect network logs from the container (requests made through the proxy).
|
|
80
|
+
*/
|
|
81
|
+
private collectNetworkLogs;
|
|
77
82
|
/**
|
|
78
83
|
* Upload a file into the running container via a tar archive.
|
|
79
84
|
* Only available in persistent mode after at least one `execute()` call.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/engine/docker.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,MAAM,MAAM,WAAW,CAAC;AAG/B,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,WAAW,EAEX,YAAY,EAIZ,WAAW,EACZ,MAAM,UAAU,CAAC;AAmTlB,2HAA2H;AAC3H,MAAM,WAAW,kBAAmB,SAAQ,YAAY;IACtD,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAsB;IACrD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAc;IAE3C,OAAO,CAAC,SAAS,CAAiC;IAClD,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,IAAI,CAA8B;IAE1C;;;OAGG;gBACS,OAAO,GAAE,kBAAuB,EAAE,aAAa,SAAK;
|
|
1
|
+
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/engine/docker.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,MAAM,MAAM,WAAW,CAAC;AAG/B,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,WAAW,EAEX,YAAY,EAIZ,WAAW,EACZ,MAAM,UAAU,CAAC;AAmTlB,2HAA2H;AAC3H,MAAM,WAAW,kBAAmB,SAAQ,YAAY;IACtD,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAsB;IACrD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAU;IACrC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAc;IAE3C,OAAO,CAAC,SAAS,CAAiC;IAClD,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,IAAI,CAA8B;IAE1C;;;OAGG;gBACS,OAAO,GAAE,kBAAuB,EAAE,aAAa,SAAK;IA8BhE;;;OAGG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAK5B,kFAAkF;IAC5E,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB3B;;;OAGG;IACG,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAe9D;;OAEG;YACW,WAAW;IAoDzB;;OAEG;YACW,qBAAqB;IA8CnC;;OAEG;YACW,kBAAkB;IA+DhC;;;;;;;OAOG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAYpE;;;;;;OAMG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAmB5C,6GAA6G;IAC7G,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED;;;OAGG;IACI,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC;YAsFzD,YAAY;YAcZ,gBAAgB;YAwJhB,iBAAiB;YAwIjB,aAAa;YAkBb,oBAAoB;YASpB,wBAAwB;IA4BtC,OAAO,CAAC,UAAU;IAIlB,OAAO,CAAC,eAAe;IA2BvB,OAAO,CAAC,iBAAiB;IA+BzB,OAAO,CAAC,yBAAyB;IAyBjC,OAAO,CAAC,QAAQ;YAwCD,gBAAgB;YA8EjB,iBAAiB;IAiG/B,OAAO,CAAC,iBAAiB;IAYzB;;;;;;;;;;;;;;;;;;;;OAoBG;WACU,OAAO,CAClB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CA2BlE"}
|
package/dist/src/types.d.ts
CHANGED
|
@@ -116,8 +116,12 @@ export interface ExecutionResult {
|
|
|
116
116
|
/** Bytes sent during execution */
|
|
117
117
|
networkBytesOut: number;
|
|
118
118
|
};
|
|
119
|
-
|
|
120
|
-
|
|
119
|
+
/**
|
|
120
|
+
* Network request logs collected during execution.
|
|
121
|
+
* Only populated when `logNetwork` is enabled and network mode is "filtered".
|
|
122
|
+
*/
|
|
123
|
+
networkLogs?: NetworkLogEntry[];
|
|
124
|
+
} /**
|
|
121
125
|
* A chunk of streaming output from an execution.
|
|
122
126
|
*
|
|
123
127
|
* Yielded by {@link Isol8Engine.executeStream} as output arrives in real-time.
|
|
@@ -137,6 +141,23 @@ export interface SecurityEvent {
|
|
|
137
141
|
details?: Record<string, unknown>;
|
|
138
142
|
timestamp: string;
|
|
139
143
|
}
|
|
144
|
+
/**
|
|
145
|
+
* A network request logged by the proxy in filtered network mode.
|
|
146
|
+
*/
|
|
147
|
+
export interface NetworkLogEntry {
|
|
148
|
+
/** ISO 8601 timestamp of when the request was made. */
|
|
149
|
+
timestamp: string;
|
|
150
|
+
/** HTTP method (GET, POST, CONNECT, etc.). */
|
|
151
|
+
method: string;
|
|
152
|
+
/** Target hostname. */
|
|
153
|
+
host: string;
|
|
154
|
+
/** Request path for HTTP requests, null for HTTPS CONNECT tunnels. */
|
|
155
|
+
path: string | null;
|
|
156
|
+
/** Whether the request was allowed through or blocked by the filter. */
|
|
157
|
+
action: "ALLOW" | "BLOCK";
|
|
158
|
+
/** Time taken to handle the request in milliseconds. */
|
|
159
|
+
durationMs: number;
|
|
160
|
+
}
|
|
140
161
|
/**
|
|
141
162
|
* Audit record for an execution. Stored in immutable append-only logs.
|
|
142
163
|
*/
|
|
@@ -162,6 +183,7 @@ export interface ExecutionAudit {
|
|
|
162
183
|
networkBytesOut: number;
|
|
163
184
|
};
|
|
164
185
|
securityEvents?: SecurityEvent[];
|
|
186
|
+
networkLogs?: NetworkLogEntry[];
|
|
165
187
|
code?: string;
|
|
166
188
|
stdout?: string;
|
|
167
189
|
stderr?: string;
|
|
@@ -216,6 +238,12 @@ export interface Isol8Options {
|
|
|
216
238
|
* @default false
|
|
217
239
|
*/
|
|
218
240
|
persist?: boolean;
|
|
241
|
+
/**
|
|
242
|
+
* Enable network request logging. Only works when network mode is "filtered".
|
|
243
|
+
* Logs are collected from the proxy and included in ExecutionResult.
|
|
244
|
+
* @default false
|
|
245
|
+
*/
|
|
246
|
+
logNetwork?: boolean;
|
|
219
247
|
/** Security settings. */
|
|
220
248
|
security?: SecurityConfig;
|
|
221
249
|
/** Audit logging configuration. */
|
package/dist/src/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;;GAQG;AACH,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,CAAC;AAElE;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAC;IAEb,sEAAsE;IACtE,OAAO,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IAExC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAE3B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;IAEf,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IAEf,gDAAgD;IAChD,QAAQ,EAAE,MAAM,CAAC;IAEjB,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IAEnB,0FAA0F;IAC1F,SAAS,EAAE,OAAO,CAAC;IAEnB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IAEjB,oDAAoD;IACpD,SAAS,EAAE,MAAM,CAAC;IAElB,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B;;;OAGG;IACH,aAAa,CAAC,EAAE;QACd,kDAAkD;QAClD,UAAU,EAAE,MAAM,CAAC;QACnB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,CAAC;QACjB,kDAAkD;QAClD,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sCAAsC;QACtC,cAAc,EAAE,MAAM,CAAC;QACvB,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;;GAQG;AACH,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,CAAC;AAElE;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAC;IAEb,sEAAsE;IACtE,OAAO,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IAExC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAE3B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;IAEf,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IAEf,gDAAgD;IAChD,QAAQ,EAAE,MAAM,CAAC;IAEjB,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IAEnB,0FAA0F;IAC1F,SAAS,EAAE,OAAO,CAAC;IAEnB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IAEjB,oDAAoD;IACpD,SAAS,EAAE,MAAM,CAAC;IAElB,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B;;;OAGG;IACH,aAAa,CAAC,EAAE;QACd,kDAAkD;QAClD,UAAU,EAAE,MAAM,CAAC;QACnB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,CAAC;QACjB,kDAAkD;QAClD,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sCAAsC;QACtC,cAAc,EAAE,MAAM,CAAC;QACvB,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IAEF;;;OAGG;IACH,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;CACjC,CAAC;;;;GAIC;AACH,MAAM,WAAW,WAAW;IAC1B,wDAAwD;IACxD,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C,0FAA0F;IAC1F,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uDAAuD;IACvD,SAAS,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,wEAAwE;IACxE,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC;IAC1B,wDAAwD;IACxD,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE;QACd,kDAAkD;QAClD,UAAU,EAAE,MAAM,CAAC;QACnB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,CAAC;QACjB,kDAAkD;QAClD,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sCAAsC;QACtC,cAAc,EAAE,MAAM,CAAC;QACvB,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,cAAc,CAAC,EAAE,aAAa,EAAE,CAAC;IACjC,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;IAEhC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAID;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,GAAG,WAAW,GAAG,YAAY,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,2CAA2C;IAC3C,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB,yFAAyF;IACzF,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC,mFAAmF;IACnF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,4EAA4E;IAC5E,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,4DAA4D;IAC5D,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,6EAA6E;IAC7E,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,iEAAiE;IACjE,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,wIAAwI;IACxI,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,+EAA+E;IAC/E,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB,yBAAyB;IACzB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B,mCAAmC;IACnC,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,gEAAgE;IAChE,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB,kEAAkE;IAClE,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtB,0CAA0C;IAC1C,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAEzD;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/D;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvC;;;;;OAKG;IACH,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;CAClE;AAID;;;;;;;;GAQG;AACH,MAAM,WAAW,mBAAmB;IAClC,2FAA2F;IAC3F,SAAS,EAAE,MAAM,EAAE,CAAC;IAEpB,mGAAmG;IACnG,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAID,oDAAoD;AACpD,MAAM,WAAW,aAAa;IAC5B,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;IAClB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,OAAO,EAAE,WAAW,CAAC;IACrB,kEAAkE;IAClE,WAAW,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,yDAAyD;AACzD,MAAM,WAAW,YAAY;IAC3B,oEAAoE;IACpE,SAAS,EAAE,OAAO,CAAC;IACnB,kFAAkF;IAClF,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,oDAAoD;IACpD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,wCAAwC;IACxC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,iDAAiD;IACjD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,OAAO,CAAC,EAAE,QAAQ,GAAG,YAAY,GAAG,QAAQ,CAAC;IAC7C,mFAAmF;IACnF,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,uCAAuC;AACvC,MAAM,WAAW,WAAW;IAC1B,2CAA2C;IAC3C,OAAO,EAAE,OAAO,CAAC;IACjB,4EAA4E;IAC5E,WAAW,EAAE,YAAY,GAAG,QAAQ,GAAG,MAAM,CAAC;IAC9C,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,6FAA6F;IAC7F,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gEAAgE;IAChE,cAAc,EAAE,OAAO,CAAC;IACxB,0DAA0D;IAC1D,aAAa,EAAE,MAAM,CAAC;IACtB,sEAAsE;IACtE,WAAW,EAAE,OAAO,CAAC;IACrB,6EAA6E;IAC7E,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,WAAW;IAC1B,0EAA0E;IAC1E,aAAa,EAAE,MAAM,CAAC;IAEtB,sDAAsD;IACtD,QAAQ,EAAE,aAAa,CAAC;IAExB,4DAA4D;IAC5D,OAAO,EAAE,mBAAmB,CAAC;IAE7B,gDAAgD;IAChD,OAAO,EAAE,YAAY,CAAC;IAEtB,mEAAmE;IACnE,YAAY,EAAE,iBAAiB,CAAC;IAEhC,yBAAyB;IACzB,QAAQ,EAAE,cAAc,CAAC;IAEzB,mCAAmC;IACnC,KAAK,EAAE,WAAW,CAAC;IAEnB,2CAA2C;IAC3C,KAAK,EAAE,OAAO,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,wDAAwD;IACxD,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,0EAA0E;IAC1E,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,kFAAkF;IAClF,QAAQ,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAElC,4DAA4D;IAC5D,OAAO,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEvC,4EAA4E;IAC5E,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAEhC,mEAAmE;IACnE,YAAY,CAAC,EAAE,iBAAiB,CAAC;IAEjC,yBAAyB;IACzB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B,mCAAmC;IACnC,KAAK,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;CAC9B"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "isol8",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.10.0",
|
|
4
4
|
"description": "Secure code execution engine for AI agents",
|
|
5
5
|
"author": "Illusion47586",
|
|
6
6
|
"license": "MIT",
|
|
@@ -47,6 +47,7 @@
|
|
|
47
47
|
"bench": "bunx tsx benchmarks/spawn.ts",
|
|
48
48
|
"bench:pool": "bunx tsx benchmarks/spawn-pool.ts",
|
|
49
49
|
"bench:detailed": "bunx tsx benchmarks/spawn-detailed.ts",
|
|
50
|
+
"bench:cli": "bun run tests/production/bench-cli.ts",
|
|
50
51
|
"docs:dev": "cd docs && mint dev",
|
|
51
52
|
"docs:validate": "cd docs && mint validate",
|
|
52
53
|
"docs:broken-links": "cd docs && mint broken-links",
|