isol8 0.9.0 → 0.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +92 -5
- package/dist/docker/proxy-handler.sh +38 -0
- package/dist/docker/proxy.sh +2 -1
- package/dist/index.js +81 -2
- package/dist/src/engine/docker.d.ts +5 -0
- package/dist/src/engine/docker.d.ts.map +1 -1
- package/dist/src/engine/image-builder.d.ts.map +1 -1
- package/dist/src/types.d.ts +30 -2
- package/dist/src/types.d.ts.map +1 -1
- package/package.json +3 -1
package/dist/cli.js
CHANGED
|
@@ -55680,6 +55680,7 @@ class DockerIsol8 {
|
|
|
55680
55680
|
tmpSize;
|
|
55681
55681
|
security;
|
|
55682
55682
|
persist;
|
|
55683
|
+
logNetwork;
|
|
55683
55684
|
auditLogger;
|
|
55684
55685
|
container = null;
|
|
55685
55686
|
persistentRuntime = null;
|
|
@@ -55702,6 +55703,7 @@ class DockerIsol8 {
|
|
|
55702
55703
|
this.tmpSize = options.tmpSize ?? "256m";
|
|
55703
55704
|
this.persist = options.persist ?? false;
|
|
55704
55705
|
this.security = options.security ?? { seccomp: "strict" };
|
|
55706
|
+
this.logNetwork = options.logNetwork ?? false;
|
|
55705
55707
|
if (options.audit) {
|
|
55706
55708
|
this.auditLogger = new AuditLogger(options.audit);
|
|
55707
55709
|
}
|
|
@@ -55749,6 +55751,10 @@ class DockerIsol8 {
|
|
|
55749
55751
|
securityEvents = undefined;
|
|
55750
55752
|
}
|
|
55751
55753
|
}
|
|
55754
|
+
let networkLogs;
|
|
55755
|
+
if (this.logNetwork && result.networkLogs) {
|
|
55756
|
+
networkLogs = result.networkLogs;
|
|
55757
|
+
}
|
|
55752
55758
|
const audit = {
|
|
55753
55759
|
executionId: result.executionId,
|
|
55754
55760
|
userId: req.metadata?.userId || "",
|
|
@@ -55760,6 +55766,7 @@ class DockerIsol8 {
|
|
|
55760
55766
|
durationMs: result.durationMs,
|
|
55761
55767
|
resourceUsage: result.resourceUsage,
|
|
55762
55768
|
securityEvents,
|
|
55769
|
+
networkLogs,
|
|
55763
55770
|
metadata: req.metadata
|
|
55764
55771
|
};
|
|
55765
55772
|
this.auditLogger.record(audit);
|
|
@@ -55801,6 +55808,52 @@ class DockerIsol8 {
|
|
|
55801
55808
|
} catch {}
|
|
55802
55809
|
return events;
|
|
55803
55810
|
}
|
|
55811
|
+
async collectNetworkLogs(container) {
|
|
55812
|
+
const logs = [];
|
|
55813
|
+
try {
|
|
55814
|
+
const exec = await container.exec({
|
|
55815
|
+
Cmd: ["cat", "/tmp/isol8-proxy/network.jsonl"],
|
|
55816
|
+
AttachStdout: true,
|
|
55817
|
+
AttachStderr: false,
|
|
55818
|
+
User: "root"
|
|
55819
|
+
});
|
|
55820
|
+
const stream = await exec.start({ Tty: false });
|
|
55821
|
+
const chunks = [];
|
|
55822
|
+
for await (const chunk of stream) {
|
|
55823
|
+
chunks.push(chunk);
|
|
55824
|
+
}
|
|
55825
|
+
const output = Buffer.concat(chunks).toString("utf-8").trim();
|
|
55826
|
+
logger.debug(`[NetworkLogs] Raw output length: ${output.length}, first 100 chars: ${output.substring(0, 100).replace(/\\n/g, "\\n")}`);
|
|
55827
|
+
const jsonLines = output.split(`
|
|
55828
|
+
`).filter((line) => line.includes("timestamp"));
|
|
55829
|
+
logger.debug(`[NetworkLogs] Found ${jsonLines.length} JSON lines out of ${output.split(`
|
|
55830
|
+
`).length} total lines`);
|
|
55831
|
+
for (const line of jsonLines) {
|
|
55832
|
+
const startIdx = line.indexOf("{");
|
|
55833
|
+
const endIdx = line.lastIndexOf("}");
|
|
55834
|
+
if (startIdx === -1 || endIdx === -1) {
|
|
55835
|
+
continue;
|
|
55836
|
+
}
|
|
55837
|
+
const jsonStr = line.substring(startIdx, endIdx + 1);
|
|
55838
|
+
try {
|
|
55839
|
+
const entry = JSON.parse(jsonStr);
|
|
55840
|
+
logs.push({
|
|
55841
|
+
timestamp: entry.timestamp || new Date().toISOString(),
|
|
55842
|
+
method: entry.method || "UNKNOWN",
|
|
55843
|
+
host: entry.host || "",
|
|
55844
|
+
path: entry.path,
|
|
55845
|
+
action: entry.action || "ALLOW",
|
|
55846
|
+
durationMs: entry.durationMs || 0
|
|
55847
|
+
});
|
|
55848
|
+
logger.debug(`[NetworkLogs] Successfully parsed line: ${JSON.stringify(entry)}`);
|
|
55849
|
+
} catch (e) {
|
|
55850
|
+
logger.debug(`[NetworkLogs] Failed to parse line: ${line.substring(0, 50)}..., error: ${e}`);
|
|
55851
|
+
}
|
|
55852
|
+
}
|
|
55853
|
+
logger.debug(`[NetworkLogs] Total parsed logs: ${logs.length}`);
|
|
55854
|
+
} catch {}
|
|
55855
|
+
return logs;
|
|
55856
|
+
}
|
|
55804
55857
|
async putFile(path, content) {
|
|
55805
55858
|
if (!this.container) {
|
|
55806
55859
|
throw new Error("No active container. Call execute() first in persistent mode.");
|
|
@@ -55984,6 +56037,17 @@ class DockerIsol8 {
|
|
|
55984
56037
|
logger.debug("Failed to collect final stats:", err);
|
|
55985
56038
|
}
|
|
55986
56039
|
}
|
|
56040
|
+
let networkLogs;
|
|
56041
|
+
if (this.logNetwork && this.network === "filtered") {
|
|
56042
|
+
try {
|
|
56043
|
+
networkLogs = await this.collectNetworkLogs(container);
|
|
56044
|
+
if (networkLogs.length === 0) {
|
|
56045
|
+
networkLogs = undefined;
|
|
56046
|
+
}
|
|
56047
|
+
} catch (err) {
|
|
56048
|
+
logger.debug("Failed to collect network logs:", err);
|
|
56049
|
+
}
|
|
56050
|
+
}
|
|
55987
56051
|
const result = {
|
|
55988
56052
|
stdout: this.postProcessOutput(stdout, truncated),
|
|
55989
56053
|
stderr: this.postProcessOutput(stderr, false),
|
|
@@ -55995,6 +56059,7 @@ class DockerIsol8 {
|
|
|
55995
56059
|
timestamp: new Date().toISOString(),
|
|
55996
56060
|
containerId: container.id,
|
|
55997
56061
|
...resourceUsage ? { resourceUsage } : {},
|
|
56062
|
+
...networkLogs ? { networkLogs } : {},
|
|
55998
56063
|
...req.outputPaths ? { files: await this.retrieveFiles(container, req.outputPaths) } : {}
|
|
55999
56064
|
};
|
|
56000
56065
|
if (this.auditLogger) {
|
|
@@ -56077,6 +56142,17 @@ class DockerIsol8 {
|
|
|
56077
56142
|
logger.debug("Failed to collect resource stats:", err);
|
|
56078
56143
|
}
|
|
56079
56144
|
}
|
|
56145
|
+
let networkLogs;
|
|
56146
|
+
if (this.logNetwork && this.network === "filtered") {
|
|
56147
|
+
try {
|
|
56148
|
+
networkLogs = await this.collectNetworkLogs(this.container);
|
|
56149
|
+
if (networkLogs.length === 0) {
|
|
56150
|
+
networkLogs = undefined;
|
|
56151
|
+
}
|
|
56152
|
+
} catch (err) {
|
|
56153
|
+
logger.debug("Failed to collect network logs:", err);
|
|
56154
|
+
}
|
|
56155
|
+
}
|
|
56080
56156
|
const result = {
|
|
56081
56157
|
stdout: this.postProcessOutput(stdout, truncated),
|
|
56082
56158
|
stderr: this.postProcessOutput(stderr, false),
|
|
@@ -56088,6 +56164,7 @@ class DockerIsol8 {
|
|
|
56088
56164
|
timestamp: new Date().toISOString(),
|
|
56089
56165
|
containerId: this.container?.id,
|
|
56090
56166
|
...resourceUsage ? { resourceUsage } : {},
|
|
56167
|
+
...networkLogs ? { networkLogs } : {},
|
|
56091
56168
|
...req.outputPaths ? { files: await this.retrieveFiles(this.container, req.outputPaths) } : {}
|
|
56092
56169
|
};
|
|
56093
56170
|
if (this.auditLogger) {
|
|
@@ -56406,7 +56483,7 @@ var package_default;
|
|
|
56406
56483
|
var init_package = __esm(() => {
|
|
56407
56484
|
package_default = {
|
|
56408
56485
|
name: "isol8",
|
|
56409
|
-
version: "0.
|
|
56486
|
+
version: "0.10.0",
|
|
56410
56487
|
description: "Secure code execution engine for AI agents",
|
|
56411
56488
|
author: "Illusion47586",
|
|
56412
56489
|
license: "MIT",
|
|
@@ -56447,11 +56524,13 @@ var init_package = __esm(() => {
|
|
|
56447
56524
|
"build:server": "bun run scripts/build-server.ts",
|
|
56448
56525
|
"build:server:all": "bun run scripts/build-server.ts --all",
|
|
56449
56526
|
test: "bun test",
|
|
56527
|
+
"test:prod": "bun test tests/production/",
|
|
56450
56528
|
"lint:check": "ultracite check",
|
|
56451
56529
|
"lint:fix": "ultracite fix",
|
|
56452
56530
|
bench: "bunx tsx benchmarks/spawn.ts",
|
|
56453
56531
|
"bench:pool": "bunx tsx benchmarks/spawn-pool.ts",
|
|
56454
56532
|
"bench:detailed": "bunx tsx benchmarks/spawn-detailed.ts",
|
|
56533
|
+
"bench:cli": "bun run tests/production/bench-cli.ts",
|
|
56455
56534
|
"docs:dev": "cd docs && mint dev",
|
|
56456
56535
|
"docs:validate": "cd docs && mint validate",
|
|
56457
56536
|
"docs:broken-links": "cd docs && mint broken-links",
|
|
@@ -61740,7 +61819,7 @@ init_docker();
|
|
|
61740
61819
|
init_runtime();
|
|
61741
61820
|
import { existsSync as existsSync4 } from "node:fs";
|
|
61742
61821
|
function resolveDockerDir() {
|
|
61743
|
-
const fromBundled = new URL("
|
|
61822
|
+
const fromBundled = new URL("./docker", import.meta.url).pathname;
|
|
61744
61823
|
if (existsSync4(fromBundled)) {
|
|
61745
61824
|
return fromBundled;
|
|
61746
61825
|
}
|
|
@@ -61941,7 +62020,7 @@ program2.command("setup").description("Check Docker and build isol8 images").opt
|
|
|
61941
62020
|
console.log(`
|
|
61942
62021
|
[DONE] Setup complete!`);
|
|
61943
62022
|
});
|
|
61944
|
-
program2.command("run").description("Execute code in isol8").argument("[file]", "Script file to execute").option("-e, --eval <code>", "Execute inline code string").option("-r, --runtime <name>", "Force runtime (python, node, bun, deno, bash)").option("--net <mode>", "Network mode: none, host, filtered", "none").option("--allow <regex>", "Whitelist regex for filtered mode (repeatable)", collect, []).option("--deny <regex>", "Blacklist regex for filtered mode (repeatable)", collect, []).option("--out <file>", "Write output to file").option("--persistent", "Use persistent container").option("--timeout <ms>", "Execution timeout in milliseconds").option("--memory <limit>", "Memory limit (e.g. 512m, 1g)").option("--cpu <limit>", "CPU limit as fraction (e.g. 0.5, 2.0)").option("--image <name>", "Override Docker image").option("--pids-limit <n>", "Maximum number of processes").option("--writable", "Disable read-only root filesystem").option("--max-output <bytes>", "Maximum output size in bytes").option("--secret <KEY=VALUE>", "Secret env var (repeatable, values masked)", collect, []).option("--sandbox-size <size>", "Sandbox tmpfs size (e.g. 128m)").option("--tmp-size <size>", "Tmp tmpfs size (e.g. 256m, 512m)").option("--stdin <data>", "Data to pipe to stdin").option("--install <package>", "Install package for runtime (repeatable)", collect, []).option("--host <url>", "Execute on remote server").option("--key <key>", "API key for remote server").option("--no-stream", "Disable real-time output streaming").option("--debug", "Enable debug logging").option("--persist", "Keep container running after execution for inspection").action(async (file, opts) => {
|
|
62023
|
+
program2.command("run").description("Execute code in isol8").argument("[file]", "Script file to execute").option("-e, --eval <code>", "Execute inline code string").option("-r, --runtime <name>", "Force runtime (python, node, bun, deno, bash)").option("--net <mode>", "Network mode: none, host, filtered", "none").option("--allow <regex>", "Whitelist regex for filtered mode (repeatable)", collect, []).option("--deny <regex>", "Blacklist regex for filtered mode (repeatable)", collect, []).option("--out <file>", "Write output to file").option("--persistent", "Use persistent container").option("--timeout <ms>", "Execution timeout in milliseconds").option("--memory <limit>", "Memory limit (e.g. 512m, 1g)").option("--cpu <limit>", "CPU limit as fraction (e.g. 0.5, 2.0)").option("--image <name>", "Override Docker image").option("--pids-limit <n>", "Maximum number of processes").option("--writable", "Disable read-only root filesystem").option("--max-output <bytes>", "Maximum output size in bytes").option("--secret <KEY=VALUE>", "Secret env var (repeatable, values masked)", collect, []).option("--sandbox-size <size>", "Sandbox tmpfs size (e.g. 128m)").option("--tmp-size <size>", "Tmp tmpfs size (e.g. 256m, 512m)").option("--stdin <data>", "Data to pipe to stdin").option("--install <package>", "Install package for runtime (repeatable)", collect, []).option("--host <url>", "Execute on remote server").option("--key <key>", "API key for remote server").option("--no-stream", "Disable real-time output streaming").option("--debug", "Enable debug logging").option("--persist", "Keep container running after execution for inspection").option("--log-network", "Log all network requests (requires --net filtered)").action(async (file, opts) => {
|
|
61945
62024
|
const { code, runtime, engineOptions, engine, stdinData, fileExtension } = await resolveRunInput(file, opts);
|
|
61946
62025
|
logger.debug(`[Run] Runtime: ${runtime}, mode: ${engineOptions.mode}`);
|
|
61947
62026
|
logger.debug(`[Run] Network: ${engineOptions.network}, timeout: ${engineOptions.timeoutMs}ms`);
|
|
@@ -62011,6 +62090,13 @@ program2.command("run").description("Execute code in isol8").argument("[file]",
|
|
|
62011
62090
|
if (result.truncated) {
|
|
62012
62091
|
console.error("[WARN] Output was truncated");
|
|
62013
62092
|
}
|
|
62093
|
+
if (result.networkLogs && result.networkLogs.length > 0) {
|
|
62094
|
+
console.error(`
|
|
62095
|
+
--- Network Logs ---`);
|
|
62096
|
+
for (const log of result.networkLogs) {
|
|
62097
|
+
console.error(JSON.stringify(log));
|
|
62098
|
+
}
|
|
62099
|
+
}
|
|
62014
62100
|
if (opts.out && result.stdout) {
|
|
62015
62101
|
writeFileSync(opts.out, result.stdout, "utf-8");
|
|
62016
62102
|
console.error(`[INFO] Output written to ${opts.out}`);
|
|
@@ -62370,7 +62456,8 @@ async function resolveRunInput(file, opts) {
|
|
|
62370
62456
|
...opts.maxOutput ? { maxOutputSize: Number.parseInt(opts.maxOutput, 10) } : {},
|
|
62371
62457
|
...opts.tmpSize ? { tmpSize: opts.tmpSize } : {},
|
|
62372
62458
|
debug: opts.debug ?? config.debug,
|
|
62373
|
-
persist: opts.persist ?? false
|
|
62459
|
+
persist: opts.persist ?? false,
|
|
62460
|
+
...opts.logNetwork ? { logNetwork: true } : {}
|
|
62374
62461
|
};
|
|
62375
62462
|
logger.debug(`[Run] Engine options: mode=${engineOptions.mode}, network=${engineOptions.network}`);
|
|
62376
62463
|
let fileExtension;
|
|
@@ -62415,4 +62502,4 @@ if (!process.argv.slice(2).length) {
|
|
|
62415
62502
|
}
|
|
62416
62503
|
program2.parse();
|
|
62417
62504
|
|
|
62418
|
-
//# debugId=
|
|
62505
|
+
//# debugId=B68BB6FF7DBA923364756E2164756E21
|
|
@@ -15,6 +15,25 @@
|
|
|
15
15
|
WL="${ISOL8_WHITELIST_FILE:-}"
|
|
16
16
|
BL="${ISOL8_BLACKLIST_FILE:-}"
|
|
17
17
|
|
|
18
|
+
log_network() {
|
|
19
|
+
local method="$1"
|
|
20
|
+
local host="$2"
|
|
21
|
+
local path="$3"
|
|
22
|
+
local action="$4"
|
|
23
|
+
local duration_ms="$5"
|
|
24
|
+
|
|
25
|
+
if [ -d "/tmp/isol8-proxy" ]; then
|
|
26
|
+
# Handle path: output proper JSON null if path is "null", otherwise quote it
|
|
27
|
+
if [ "$path" = "null" ] || [ -z "$path" ]; then
|
|
28
|
+
printf '{"timestamp":"%s","method":"%s","host":"%s","path":null,"action":"%s","durationMs":%d}\n' \
|
|
29
|
+
"$(date -Iseconds)" "$method" "$host" "$action" "$duration_ms" >> /tmp/isol8-proxy/network.jsonl
|
|
30
|
+
else
|
|
31
|
+
printf '{"timestamp":"%s","method":"%s","host":"%s","path":"%s","action":"%s","durationMs":%d}\n' \
|
|
32
|
+
"$(date -Iseconds)" "$method" "$host" "$path" "$action" "$duration_ms" >> /tmp/isol8-proxy/network.jsonl
|
|
33
|
+
fi
|
|
34
|
+
fi
|
|
35
|
+
}
|
|
36
|
+
|
|
18
37
|
is_allowed() {
|
|
19
38
|
local host="$1"
|
|
20
39
|
|
|
@@ -75,11 +94,16 @@ if [ "$method" = "CONNECT" ]; then
|
|
|
75
94
|
if [ -d "/tmp/isol8-proxy" ]; then
|
|
76
95
|
printf '{"type":"network_blocked","timestamp":"%s","details":{"method":"CONNECT","host":"%s","reason":"filter_mismatch"}}\n' "$(date -Iseconds)" "$host" >> /tmp/isol8-proxy/security-events.jsonl
|
|
77
96
|
fi
|
|
97
|
+
# Log network event
|
|
98
|
+
log_network "CONNECT" "$host" "null" "BLOCK" 0
|
|
78
99
|
printf "HTTP/1.1 403 Forbidden\r\nContent-Type: text/plain\r\nContent-Length: %d\r\n\r\n%s" \
|
|
79
100
|
"${#msg}" "$msg"
|
|
80
101
|
exit 0
|
|
81
102
|
fi
|
|
82
103
|
|
|
104
|
+
# Log allowed CONNECT (duration will be 0 since we can't measure after exec)
|
|
105
|
+
log_network "CONNECT" "$host" "null" "ALLOW" 0
|
|
106
|
+
|
|
83
107
|
# Send 200 then replace this process with nc for bidirectional relay.
|
|
84
108
|
# nc inherits the client socket on stdin/stdout from the nc -lk -e parent.
|
|
85
109
|
printf "HTTP/1.1 200 Connection Established\r\n\r\n"
|
|
@@ -104,11 +128,18 @@ if ! is_allowed "$host"; then
|
|
|
104
128
|
if [ -d "/tmp/isol8-proxy" ]; then
|
|
105
129
|
printf '{"type":"network_blocked","timestamp":"%s","details":{"method":"%s","host":"%s","reason":"filter_mismatch"}}\n' "$(date -Iseconds)" "$method" "$host" >> /tmp/isol8-proxy/security-events.jsonl
|
|
106
130
|
fi
|
|
131
|
+
# Log network event
|
|
132
|
+
log_network "$method" "$host" "$path" "BLOCK" 0
|
|
107
133
|
printf "HTTP/1.1 403 Forbidden\r\nContent-Type: text/plain\r\nContent-Length: %d\r\n\r\n%s" \
|
|
108
134
|
"${#msg}" "$msg"
|
|
109
135
|
exit 0
|
|
110
136
|
fi
|
|
111
137
|
|
|
138
|
+
# Record start time for duration measurement
|
|
139
|
+
if [ -d "/tmp/isol8-proxy" ]; then
|
|
140
|
+
start_time=$(date +%s%3N)
|
|
141
|
+
fi
|
|
142
|
+
|
|
112
143
|
# Open TCP connection via bash /dev/tcp
|
|
113
144
|
if ! exec 3<>/dev/tcp/"$host"/"$port" 2>/dev/null; then
|
|
114
145
|
msg="isol8: proxy error: connection to ${host}:${port} failed"
|
|
@@ -138,5 +169,12 @@ fi
|
|
|
138
169
|
# Relay response back to client
|
|
139
170
|
cat <&3
|
|
140
171
|
|
|
172
|
+
# Calculate duration and log the network event
|
|
173
|
+
if [ -n "$start_time" ] && [ -d "/tmp/isol8-proxy" ]; then
|
|
174
|
+
end_time=$(date +%s%3N)
|
|
175
|
+
duration=$((end_time - start_time))
|
|
176
|
+
log_network "$method" "$host" "$path" "ALLOW" "$duration"
|
|
177
|
+
fi
|
|
178
|
+
|
|
141
179
|
exec 3>&-
|
|
142
180
|
exit 0
|
package/dist/docker/proxy.sh
CHANGED
|
@@ -17,8 +17,9 @@ PORT="${ISOL8_PROXY_PORT:-8118}"
|
|
|
17
17
|
PROXY_DIR="/tmp/isol8-proxy"
|
|
18
18
|
mkdir -p "$PROXY_DIR"
|
|
19
19
|
|
|
20
|
-
# Create
|
|
20
|
+
# Create log files
|
|
21
21
|
touch "$PROXY_DIR/security-events.jsonl"
|
|
22
|
+
touch "$PROXY_DIR/network.jsonl"
|
|
22
23
|
|
|
23
24
|
WL_FILE="$PROXY_DIR/whitelist"
|
|
24
25
|
BL_FILE="$PROXY_DIR/blacklist"
|
package/dist/index.js
CHANGED
|
@@ -828,6 +828,7 @@ class DockerIsol8 {
|
|
|
828
828
|
tmpSize;
|
|
829
829
|
security;
|
|
830
830
|
persist;
|
|
831
|
+
logNetwork;
|
|
831
832
|
auditLogger;
|
|
832
833
|
container = null;
|
|
833
834
|
persistentRuntime = null;
|
|
@@ -850,6 +851,7 @@ class DockerIsol8 {
|
|
|
850
851
|
this.tmpSize = options.tmpSize ?? "256m";
|
|
851
852
|
this.persist = options.persist ?? false;
|
|
852
853
|
this.security = options.security ?? { seccomp: "strict" };
|
|
854
|
+
this.logNetwork = options.logNetwork ?? false;
|
|
853
855
|
if (options.audit) {
|
|
854
856
|
this.auditLogger = new AuditLogger(options.audit);
|
|
855
857
|
}
|
|
@@ -897,6 +899,10 @@ class DockerIsol8 {
|
|
|
897
899
|
securityEvents = undefined;
|
|
898
900
|
}
|
|
899
901
|
}
|
|
902
|
+
let networkLogs;
|
|
903
|
+
if (this.logNetwork && result.networkLogs) {
|
|
904
|
+
networkLogs = result.networkLogs;
|
|
905
|
+
}
|
|
900
906
|
const audit = {
|
|
901
907
|
executionId: result.executionId,
|
|
902
908
|
userId: req.metadata?.userId || "",
|
|
@@ -908,6 +914,7 @@ class DockerIsol8 {
|
|
|
908
914
|
durationMs: result.durationMs,
|
|
909
915
|
resourceUsage: result.resourceUsage,
|
|
910
916
|
securityEvents,
|
|
917
|
+
networkLogs,
|
|
911
918
|
metadata: req.metadata
|
|
912
919
|
};
|
|
913
920
|
this.auditLogger.record(audit);
|
|
@@ -949,6 +956,52 @@ class DockerIsol8 {
|
|
|
949
956
|
} catch {}
|
|
950
957
|
return events;
|
|
951
958
|
}
|
|
959
|
+
async collectNetworkLogs(container) {
|
|
960
|
+
const logs = [];
|
|
961
|
+
try {
|
|
962
|
+
const exec = await container.exec({
|
|
963
|
+
Cmd: ["cat", "/tmp/isol8-proxy/network.jsonl"],
|
|
964
|
+
AttachStdout: true,
|
|
965
|
+
AttachStderr: false,
|
|
966
|
+
User: "root"
|
|
967
|
+
});
|
|
968
|
+
const stream = await exec.start({ Tty: false });
|
|
969
|
+
const chunks = [];
|
|
970
|
+
for await (const chunk of stream) {
|
|
971
|
+
chunks.push(chunk);
|
|
972
|
+
}
|
|
973
|
+
const output = Buffer.concat(chunks).toString("utf-8").trim();
|
|
974
|
+
logger.debug(`[NetworkLogs] Raw output length: ${output.length}, first 100 chars: ${output.substring(0, 100).replace(/\\n/g, "\\n")}`);
|
|
975
|
+
const jsonLines = output.split(`
|
|
976
|
+
`).filter((line) => line.includes("timestamp"));
|
|
977
|
+
logger.debug(`[NetworkLogs] Found ${jsonLines.length} JSON lines out of ${output.split(`
|
|
978
|
+
`).length} total lines`);
|
|
979
|
+
for (const line of jsonLines) {
|
|
980
|
+
const startIdx = line.indexOf("{");
|
|
981
|
+
const endIdx = line.lastIndexOf("}");
|
|
982
|
+
if (startIdx === -1 || endIdx === -1) {
|
|
983
|
+
continue;
|
|
984
|
+
}
|
|
985
|
+
const jsonStr = line.substring(startIdx, endIdx + 1);
|
|
986
|
+
try {
|
|
987
|
+
const entry = JSON.parse(jsonStr);
|
|
988
|
+
logs.push({
|
|
989
|
+
timestamp: entry.timestamp || new Date().toISOString(),
|
|
990
|
+
method: entry.method || "UNKNOWN",
|
|
991
|
+
host: entry.host || "",
|
|
992
|
+
path: entry.path,
|
|
993
|
+
action: entry.action || "ALLOW",
|
|
994
|
+
durationMs: entry.durationMs || 0
|
|
995
|
+
});
|
|
996
|
+
logger.debug(`[NetworkLogs] Successfully parsed line: ${JSON.stringify(entry)}`);
|
|
997
|
+
} catch (e) {
|
|
998
|
+
logger.debug(`[NetworkLogs] Failed to parse line: ${line.substring(0, 50)}..., error: ${e}`);
|
|
999
|
+
}
|
|
1000
|
+
}
|
|
1001
|
+
logger.debug(`[NetworkLogs] Total parsed logs: ${logs.length}`);
|
|
1002
|
+
} catch {}
|
|
1003
|
+
return logs;
|
|
1004
|
+
}
|
|
952
1005
|
async putFile(path, content) {
|
|
953
1006
|
if (!this.container) {
|
|
954
1007
|
throw new Error("No active container. Call execute() first in persistent mode.");
|
|
@@ -1132,6 +1185,17 @@ class DockerIsol8 {
|
|
|
1132
1185
|
logger.debug("Failed to collect final stats:", err);
|
|
1133
1186
|
}
|
|
1134
1187
|
}
|
|
1188
|
+
let networkLogs;
|
|
1189
|
+
if (this.logNetwork && this.network === "filtered") {
|
|
1190
|
+
try {
|
|
1191
|
+
networkLogs = await this.collectNetworkLogs(container);
|
|
1192
|
+
if (networkLogs.length === 0) {
|
|
1193
|
+
networkLogs = undefined;
|
|
1194
|
+
}
|
|
1195
|
+
} catch (err) {
|
|
1196
|
+
logger.debug("Failed to collect network logs:", err);
|
|
1197
|
+
}
|
|
1198
|
+
}
|
|
1135
1199
|
const result = {
|
|
1136
1200
|
stdout: this.postProcessOutput(stdout, truncated),
|
|
1137
1201
|
stderr: this.postProcessOutput(stderr, false),
|
|
@@ -1143,6 +1207,7 @@ class DockerIsol8 {
|
|
|
1143
1207
|
timestamp: new Date().toISOString(),
|
|
1144
1208
|
containerId: container.id,
|
|
1145
1209
|
...resourceUsage ? { resourceUsage } : {},
|
|
1210
|
+
...networkLogs ? { networkLogs } : {},
|
|
1146
1211
|
...req.outputPaths ? { files: await this.retrieveFiles(container, req.outputPaths) } : {}
|
|
1147
1212
|
};
|
|
1148
1213
|
if (this.auditLogger) {
|
|
@@ -1225,6 +1290,17 @@ class DockerIsol8 {
|
|
|
1225
1290
|
logger.debug("Failed to collect resource stats:", err);
|
|
1226
1291
|
}
|
|
1227
1292
|
}
|
|
1293
|
+
let networkLogs;
|
|
1294
|
+
if (this.logNetwork && this.network === "filtered") {
|
|
1295
|
+
try {
|
|
1296
|
+
networkLogs = await this.collectNetworkLogs(this.container);
|
|
1297
|
+
if (networkLogs.length === 0) {
|
|
1298
|
+
networkLogs = undefined;
|
|
1299
|
+
}
|
|
1300
|
+
} catch (err) {
|
|
1301
|
+
logger.debug("Failed to collect network logs:", err);
|
|
1302
|
+
}
|
|
1303
|
+
}
|
|
1228
1304
|
const result = {
|
|
1229
1305
|
stdout: this.postProcessOutput(stdout, truncated),
|
|
1230
1306
|
stderr: this.postProcessOutput(stderr, false),
|
|
@@ -1236,6 +1312,7 @@ class DockerIsol8 {
|
|
|
1236
1312
|
timestamp: new Date().toISOString(),
|
|
1237
1313
|
containerId: this.container?.id,
|
|
1238
1314
|
...resourceUsage ? { resourceUsage } : {},
|
|
1315
|
+
...networkLogs ? { networkLogs } : {},
|
|
1239
1316
|
...req.outputPaths ? { files: await this.retrieveFiles(this.container, req.outputPaths) } : {}
|
|
1240
1317
|
};
|
|
1241
1318
|
if (this.auditLogger) {
|
|
@@ -1767,7 +1844,7 @@ init_logger();
|
|
|
1767
1844
|
// package.json
|
|
1768
1845
|
var package_default = {
|
|
1769
1846
|
name: "isol8",
|
|
1770
|
-
version: "0.
|
|
1847
|
+
version: "0.10.0",
|
|
1771
1848
|
description: "Secure code execution engine for AI agents",
|
|
1772
1849
|
author: "Illusion47586",
|
|
1773
1850
|
license: "MIT",
|
|
@@ -1808,11 +1885,13 @@ var package_default = {
|
|
|
1808
1885
|
"build:server": "bun run scripts/build-server.ts",
|
|
1809
1886
|
"build:server:all": "bun run scripts/build-server.ts --all",
|
|
1810
1887
|
test: "bun test",
|
|
1888
|
+
"test:prod": "bun test tests/production/",
|
|
1811
1889
|
"lint:check": "ultracite check",
|
|
1812
1890
|
"lint:fix": "ultracite fix",
|
|
1813
1891
|
bench: "bunx tsx benchmarks/spawn.ts",
|
|
1814
1892
|
"bench:pool": "bunx tsx benchmarks/spawn-pool.ts",
|
|
1815
1893
|
"bench:detailed": "bunx tsx benchmarks/spawn-detailed.ts",
|
|
1894
|
+
"bench:cli": "bun run tests/production/bench-cli.ts",
|
|
1816
1895
|
"docs:dev": "cd docs && mint dev",
|
|
1817
1896
|
"docs:validate": "cd docs && mint validate",
|
|
1818
1897
|
"docs:broken-links": "cd docs && mint broken-links",
|
|
@@ -2103,4 +2182,4 @@ export {
|
|
|
2103
2182
|
BunAdapter
|
|
2104
2183
|
};
|
|
2105
2184
|
|
|
2106
|
-
//# debugId=
|
|
2185
|
+
//# debugId=C11E47C76FBC0D2364756E2164756E21
|
|
@@ -45,6 +45,7 @@ export declare class DockerIsol8 implements Isol8Engine {
|
|
|
45
45
|
private readonly tmpSize;
|
|
46
46
|
private readonly security;
|
|
47
47
|
private readonly persist;
|
|
48
|
+
private readonly logNetwork;
|
|
48
49
|
private readonly auditLogger?;
|
|
49
50
|
private container;
|
|
50
51
|
private persistentRuntime;
|
|
@@ -74,6 +75,10 @@ export declare class DockerIsol8 implements Isol8Engine {
|
|
|
74
75
|
* Collect security events from the container (e.g., network filter blocks).
|
|
75
76
|
*/
|
|
76
77
|
private collectSecurityEvents;
|
|
78
|
+
/**
|
|
79
|
+
* Collect network logs from the container (requests made through the proxy).
|
|
80
|
+
*/
|
|
81
|
+
private collectNetworkLogs;
|
|
77
82
|
/**
|
|
78
83
|
* Upload a file into the running container via a tar archive.
|
|
79
84
|
* Only available in persistent mode after at least one `execute()` call.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/engine/docker.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,MAAM,MAAM,WAAW,CAAC;AAG/B,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,WAAW,EAEX,YAAY,EAIZ,WAAW,EACZ,MAAM,UAAU,CAAC;AAmTlB,2HAA2H;AAC3H,MAAM,WAAW,kBAAmB,SAAQ,YAAY;IACtD,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAsB;IACrD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAc;IAE3C,OAAO,CAAC,SAAS,CAAiC;IAClD,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,IAAI,CAA8B;IAE1C;;;OAGG;gBACS,OAAO,GAAE,kBAAuB,EAAE,aAAa,SAAK;
|
|
1
|
+
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/engine/docker.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,MAAM,MAAM,WAAW,CAAC;AAG/B,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,WAAW,EAEX,YAAY,EAIZ,WAAW,EACZ,MAAM,UAAU,CAAC;AAmTlB,2HAA2H;AAC3H,MAAM,WAAW,kBAAmB,SAAQ,YAAY;IACtD,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAsB;IACrD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAU;IACrC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAc;IAE3C,OAAO,CAAC,SAAS,CAAiC;IAClD,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,IAAI,CAA8B;IAE1C;;;OAGG;gBACS,OAAO,GAAE,kBAAuB,EAAE,aAAa,SAAK;IA8BhE;;;OAGG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAK5B,kFAAkF;IAC5E,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB3B;;;OAGG;IACG,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAe9D;;OAEG;YACW,WAAW;IAoDzB;;OAEG;YACW,qBAAqB;IA8CnC;;OAEG;YACW,kBAAkB;IA+DhC;;;;;;;OAOG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAYpE;;;;;;OAMG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAmB5C,6GAA6G;IAC7G,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED;;;OAGG;IACI,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC;YAsFzD,YAAY;YAcZ,gBAAgB;YAwJhB,iBAAiB;YAwIjB,aAAa;YAkBb,oBAAoB;YASpB,wBAAwB;IA4BtC,OAAO,CAAC,UAAU;IAIlB,OAAO,CAAC,eAAe;IA2BvB,OAAO,CAAC,iBAAiB;IA+BzB,OAAO,CAAC,yBAAyB;IAyBjC,OAAO,CAAC,QAAQ;YAwCD,gBAAgB;YA8EjB,iBAAiB;IAiG/B,OAAO,CAAC,iBAAiB;IAYzB;;;;;;;;;;;;;;;;;;;;OAoBG;WACU,OAAO,CAClB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CA2BlE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"image-builder.d.ts","sourceRoot":"","sources":["../../../src/engine/image-builder.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AAEpC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"image-builder.d.ts","sourceRoot":"","sources":["../../../src/engine/image-builder.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AAEpC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAsB5C,mDAAmD;AACnD,UAAU,aAAa;IACrB,6CAA6C;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC;IACtC,+DAA+D;IAC/D,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,KAAK,gBAAgB,GAAG,CAAC,QAAQ,EAAE,aAAa,KAAK,IAAI,CAAC;AAE1D;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,EACd,UAAU,CAAC,EAAE,gBAAgB,GAC5B,OAAO,CAAC,IAAI,CAAC,CAmCf;AAED;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,WAAW,EACnB,UAAU,CAAC,EAAE,gBAAgB,GAC5B,OAAO,CAAC,IAAI,CAAC,CAkBf;AAgED;;GAEG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAOrF;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAa/F"}
|
package/dist/src/types.d.ts
CHANGED
|
@@ -116,8 +116,12 @@ export interface ExecutionResult {
|
|
|
116
116
|
/** Bytes sent during execution */
|
|
117
117
|
networkBytesOut: number;
|
|
118
118
|
};
|
|
119
|
-
|
|
120
|
-
|
|
119
|
+
/**
|
|
120
|
+
* Network request logs collected during execution.
|
|
121
|
+
* Only populated when `logNetwork` is enabled and network mode is "filtered".
|
|
122
|
+
*/
|
|
123
|
+
networkLogs?: NetworkLogEntry[];
|
|
124
|
+
} /**
|
|
121
125
|
* A chunk of streaming output from an execution.
|
|
122
126
|
*
|
|
123
127
|
* Yielded by {@link Isol8Engine.executeStream} as output arrives in real-time.
|
|
@@ -137,6 +141,23 @@ export interface SecurityEvent {
|
|
|
137
141
|
details?: Record<string, unknown>;
|
|
138
142
|
timestamp: string;
|
|
139
143
|
}
|
|
144
|
+
/**
|
|
145
|
+
* A network request logged by the proxy in filtered network mode.
|
|
146
|
+
*/
|
|
147
|
+
export interface NetworkLogEntry {
|
|
148
|
+
/** ISO 8601 timestamp of when the request was made. */
|
|
149
|
+
timestamp: string;
|
|
150
|
+
/** HTTP method (GET, POST, CONNECT, etc.). */
|
|
151
|
+
method: string;
|
|
152
|
+
/** Target hostname. */
|
|
153
|
+
host: string;
|
|
154
|
+
/** Request path for HTTP requests, null for HTTPS CONNECT tunnels. */
|
|
155
|
+
path: string | null;
|
|
156
|
+
/** Whether the request was allowed through or blocked by the filter. */
|
|
157
|
+
action: "ALLOW" | "BLOCK";
|
|
158
|
+
/** Time taken to handle the request in milliseconds. */
|
|
159
|
+
durationMs: number;
|
|
160
|
+
}
|
|
140
161
|
/**
|
|
141
162
|
* Audit record for an execution. Stored in immutable append-only logs.
|
|
142
163
|
*/
|
|
@@ -162,6 +183,7 @@ export interface ExecutionAudit {
|
|
|
162
183
|
networkBytesOut: number;
|
|
163
184
|
};
|
|
164
185
|
securityEvents?: SecurityEvent[];
|
|
186
|
+
networkLogs?: NetworkLogEntry[];
|
|
165
187
|
code?: string;
|
|
166
188
|
stdout?: string;
|
|
167
189
|
stderr?: string;
|
|
@@ -216,6 +238,12 @@ export interface Isol8Options {
|
|
|
216
238
|
* @default false
|
|
217
239
|
*/
|
|
218
240
|
persist?: boolean;
|
|
241
|
+
/**
|
|
242
|
+
* Enable network request logging. Only works when network mode is "filtered".
|
|
243
|
+
* Logs are collected from the proxy and included in ExecutionResult.
|
|
244
|
+
* @default false
|
|
245
|
+
*/
|
|
246
|
+
logNetwork?: boolean;
|
|
219
247
|
/** Security settings. */
|
|
220
248
|
security?: SecurityConfig;
|
|
221
249
|
/** Audit logging configuration. */
|
package/dist/src/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;;GAQG;AACH,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,CAAC;AAElE;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAC;IAEb,sEAAsE;IACtE,OAAO,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IAExC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAE3B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;IAEf,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IAEf,gDAAgD;IAChD,QAAQ,EAAE,MAAM,CAAC;IAEjB,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IAEnB,0FAA0F;IAC1F,SAAS,EAAE,OAAO,CAAC;IAEnB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IAEjB,oDAAoD;IACpD,SAAS,EAAE,MAAM,CAAC;IAElB,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B;;;OAGG;IACH,aAAa,CAAC,EAAE;QACd,kDAAkD;QAClD,UAAU,EAAE,MAAM,CAAC;QACnB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,CAAC;QACjB,kDAAkD;QAClD,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sCAAsC;QACtC,cAAc,EAAE,MAAM,CAAC;QACvB,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;;GAQG;AACH,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,CAAC;AAElE;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAC;IAEb,sEAAsE;IACtE,OAAO,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IAExC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAE3B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;IAEf,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IAEf,gDAAgD;IAChD,QAAQ,EAAE,MAAM,CAAC;IAEjB,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IAEnB,0FAA0F;IAC1F,SAAS,EAAE,OAAO,CAAC;IAEnB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IAEjB,oDAAoD;IACpD,SAAS,EAAE,MAAM,CAAC;IAElB,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B;;;OAGG;IACH,aAAa,CAAC,EAAE;QACd,kDAAkD;QAClD,UAAU,EAAE,MAAM,CAAC;QACnB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,CAAC;QACjB,kDAAkD;QAClD,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sCAAsC;QACtC,cAAc,EAAE,MAAM,CAAC;QACvB,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IAEF;;;OAGG;IACH,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;CACjC,CAAC;;;;GAIC;AACH,MAAM,WAAW,WAAW;IAC1B,wDAAwD;IACxD,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C,0FAA0F;IAC1F,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uDAAuD;IACvD,SAAS,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,wEAAwE;IACxE,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC;IAC1B,wDAAwD;IACxD,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE;QACd,kDAAkD;QAClD,UAAU,EAAE,MAAM,CAAC;QACnB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,CAAC;QACjB,kDAAkD;QAClD,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sCAAsC;QACtC,cAAc,EAAE,MAAM,CAAC;QACvB,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,cAAc,CAAC,EAAE,aAAa,EAAE,CAAC;IACjC,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;IAEhC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAID;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,GAAG,WAAW,GAAG,YAAY,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,2CAA2C;IAC3C,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB,yFAAyF;IACzF,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC,mFAAmF;IACnF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,4EAA4E;IAC5E,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,4DAA4D;IAC5D,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,6EAA6E;IAC7E,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,iEAAiE;IACjE,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,wIAAwI;IACxI,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,+EAA+E;IAC/E,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB,yBAAyB;IACzB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B,mCAAmC;IACnC,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,gEAAgE;IAChE,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB,kEAAkE;IAClE,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtB,0CAA0C;IAC1C,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAEzD;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/D;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvC;;;;;OAKG;IACH,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;CAClE;AAID;;;;;;;;GAQG;AACH,MAAM,WAAW,mBAAmB;IAClC,2FAA2F;IAC3F,SAAS,EAAE,MAAM,EAAE,CAAC;IAEpB,mGAAmG;IACnG,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAID,oDAAoD;AACpD,MAAM,WAAW,aAAa;IAC5B,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;IAClB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,OAAO,EAAE,WAAW,CAAC;IACrB,kEAAkE;IAClE,WAAW,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,yDAAyD;AACzD,MAAM,WAAW,YAAY;IAC3B,oEAAoE;IACpE,SAAS,EAAE,OAAO,CAAC;IACnB,kFAAkF;IAClF,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,oDAAoD;IACpD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,wCAAwC;IACxC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,iDAAiD;IACjD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,OAAO,CAAC,EAAE,QAAQ,GAAG,YAAY,GAAG,QAAQ,CAAC;IAC7C,mFAAmF;IACnF,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,uCAAuC;AACvC,MAAM,WAAW,WAAW;IAC1B,2CAA2C;IAC3C,OAAO,EAAE,OAAO,CAAC;IACjB,4EAA4E;IAC5E,WAAW,EAAE,YAAY,GAAG,QAAQ,GAAG,MAAM,CAAC;IAC9C,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,6FAA6F;IAC7F,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gEAAgE;IAChE,cAAc,EAAE,OAAO,CAAC;IACxB,0DAA0D;IAC1D,aAAa,EAAE,MAAM,CAAC;IACtB,sEAAsE;IACtE,WAAW,EAAE,OAAO,CAAC;IACrB,6EAA6E;IAC7E,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,WAAW;IAC1B,0EAA0E;IAC1E,aAAa,EAAE,MAAM,CAAC;IAEtB,sDAAsD;IACtD,QAAQ,EAAE,aAAa,CAAC;IAExB,4DAA4D;IAC5D,OAAO,EAAE,mBAAmB,CAAC;IAE7B,gDAAgD;IAChD,OAAO,EAAE,YAAY,CAAC;IAEtB,mEAAmE;IACnE,YAAY,EAAE,iBAAiB,CAAC;IAEhC,yBAAyB;IACzB,QAAQ,EAAE,cAAc,CAAC;IAEzB,mCAAmC;IACnC,KAAK,EAAE,WAAW,CAAC;IAEnB,2CAA2C;IAC3C,KAAK,EAAE,OAAO,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,wDAAwD;IACxD,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,0EAA0E;IAC1E,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,kFAAkF;IAClF,QAAQ,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAElC,4DAA4D;IAC5D,OAAO,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEvC,4EAA4E;IAC5E,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAEhC,mEAAmE;IACnE,YAAY,CAAC,EAAE,iBAAiB,CAAC;IAEjC,yBAAyB;IACzB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B,mCAAmC;IACnC,KAAK,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;CAC9B"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "isol8",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.10.1",
|
|
4
4
|
"description": "Secure code execution engine for AI agents",
|
|
5
5
|
"author": "Illusion47586",
|
|
6
6
|
"license": "MIT",
|
|
@@ -41,11 +41,13 @@
|
|
|
41
41
|
"build:server": "bun run scripts/build-server.ts",
|
|
42
42
|
"build:server:all": "bun run scripts/build-server.ts --all",
|
|
43
43
|
"test": "bun test",
|
|
44
|
+
"test:prod": "bun test tests/production/",
|
|
44
45
|
"lint:check": "ultracite check",
|
|
45
46
|
"lint:fix": "ultracite fix",
|
|
46
47
|
"bench": "bunx tsx benchmarks/spawn.ts",
|
|
47
48
|
"bench:pool": "bunx tsx benchmarks/spawn-pool.ts",
|
|
48
49
|
"bench:detailed": "bunx tsx benchmarks/spawn-detailed.ts",
|
|
50
|
+
"bench:cli": "bun run tests/production/bench-cli.ts",
|
|
49
51
|
"docs:dev": "cd docs && mint dev",
|
|
50
52
|
"docs:validate": "cd docs && mint validate",
|
|
51
53
|
"docs:broken-links": "cd docs && mint broken-links",
|