npm - just-bash - Versions diffs - 2.11.8 → 2.11.10 - Mend

just-bash 2.11.8 → 2.11.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/dist/Bash.d.ts +1 -1
package/dist/bin/chunks/python3-YJ7YGEW7.js +16 -0
package/dist/bin/chunks/worker.js +589 -555
package/dist/bin/just-bash.js +2 -2
package/dist/bin/shell/chunks/python3-YJ7YGEW7.js +16 -0
package/dist/bin/shell/shell.js +41 -41
package/dist/bundle/browser.js +115 -115
package/dist/bundle/chunks/python3-6Y4Z63NZ.js +15 -0
package/dist/bundle/chunks/worker.js +589 -555
package/dist/bundle/index.cjs +709 -707
package/dist/bundle/index.js +32 -32
package/dist/commands/python3/protocol.d.ts +1 -1
package/dist/commands/python3/python3.d.ts +4 -1
package/dist/commands/python3/worker.d.ts +8 -4
package/package.json +10 -9
package/vendor/cpython-emscripten/python.cjs +2 -0
package/vendor/cpython-emscripten/python.wasm +0 -0
package/vendor/cpython-emscripten/python313.zip +0 -0
package/dist/bin/chunks/python3-UK6DVXEU.js +0 -14
package/dist/bin/shell/chunks/python3-UK6DVXEU.js +0 -14
package/dist/bundle/chunks/python3-W2D6SNQF.js +0 -13

package/dist/bin/chunks/worker.js CHANGED Viewed

@@ -9,7 +9,6 @@ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require
 import { createRequire } from "node:module";
 import { dirname } from "node:path";
 import { parentPort, workerData } from "node:worker_threads";
-import { loadPyodide } from "pyodide";
 // src/security/blocked-globals.ts
 function getBlockedGlobals() {
@@ -84,6 +83,13 @@ function getBlockedGlobals() {
       strategy: "throw",
       reason: "process.dlopen allows loading native addons"
     },
+    {
+      prop: "getBuiltinModule",
+      target: process,
+      violationType: "process_get_builtin_module",
+      strategy: "throw",
+      reason: "process.getBuiltinModule allows loading native Node.js modules (fs, child_process, vm)"
+    },
     // Note: process.mainModule is handled specially in defense-in-depth-box.ts
     // and worker-defense-in-depth.ts because it may be undefined in ESM contexts
     // but we still want to block both reading and setting it.
@@ -1529,21 +1535,60 @@ var SyncFsBackend = class {
 };
 // src/commands/python3/worker.ts
-var pyodideInstance = null;
-var pyodideLoading = null;
+import { readFileSync } from "node:fs";
 var require2 = createRequire(import.meta.url);
-var pyodideIndexURL = `${dirname(require2.resolve("pyodide/pyodide.mjs"))}/`;
-async function getPyodide() {
-  if (pyodideInstance) {
-    return pyodideInstance;
-  }
-  if (pyodideLoading) {
-    return pyodideLoading;
+try {
+  const NodeModule = require2("node:module");
+  if (typeof NodeModule._load === "function") {
+    const originalLoad = NodeModule._load;
+    const blockedModules = /* @__PURE__ */ new Set([
+      "child_process",
+      "node:child_process",
+      "cluster",
+      "node:cluster",
+      "dgram",
+      "node:dgram",
+      "dns",
+      "node:dns",
+      "net",
+      "node:net",
+      "tls",
+      "node:tls",
+      "vm",
+      "node:vm",
+      "v8",
+      "node:v8",
+      "inspector",
+      "node:inspector",
+      "inspector/promises",
+      "node:inspector/promises",
+      "trace_events",
+      "node:trace_events",
+      "perf_hooks",
+      "node:perf_hooks",
+      "worker_threads",
+      "node:worker_threads"
+    ]);
+    NodeModule._load = function(request, ...rest) {
+      if (blockedModules.has(request)) {
+        throw new Error(
+          `[Defense-in-depth] require('${request}') is blocked in worker context`
+        );
+      }
+      return originalLoad.apply(this, [request, ...rest]);
+    };
   }
-  pyodideLoading = loadPyodide({ indexURL: pyodideIndexURL });
-  pyodideInstance = await pyodideLoading;
-  return pyodideInstance;
+} catch {
+}
+var cpythonDir;
+try {
+  cpythonDir = dirname(
+    require2.resolve("../../../vendor/cpython-emscripten/python.cjs")
+  );
+} catch (_e) {
+  cpythonDir = dirname(import.meta.url).replace("file://", "") + "/../../../vendor/cpython-emscripten";
 }
+var stdlibZipPath = `${cpythonDir}/python313.zip`;
 function createHOSTFS(backend, FS, PATH) {
   const ERRNO_CODES = {
     EPERM: 63,
@@ -1809,108 +1854,438 @@ function createHOSTFS(backend, FS, PATH) {
   };
   return HOSTFS;
 }
-async function runPython(input) {
-  const backend = new SyncFsBackend(input.sharedBuffer);
-  let pyodide;
-  try {
-    pyodide = await getPyodide();
-  } catch (e) {
-    return {
-      success: false,
-      error: `Failed to load Pyodide: ${e.message}`
-    };
-  }
-  pyodide.setStdout({ batched: () => {
-  } });
-  pyodide.setStderr({ batched: () => {
-  } });
-  try {
-    pyodide.runPython(`
-import sys
-if hasattr(sys.stdout, 'flush'):
-    sys.stdout.flush()
-if hasattr(sys.stderr, 'flush'):
-    sys.stderr.flush()
-`);
-  } catch (_e) {
-  }
-  pyodide.setStdout({
-    batched: (text) => {
-      backend.writeStdout(`${text}
-`);
-    }
-  });
-  pyodide.setStderr({
-    batched: (text) => {
-      backend.writeStderr(`${text}
-`);
-    }
-  });
-  const FS = pyodide.FS;
-  const PATH = pyodide.PATH;
-  const HOSTFS = createHOSTFS(backend, FS, PATH);
-  try {
-    try {
-      pyodide.runPython(`import os; os.chdir('/')`);
-    } catch (_e) {
-    }
-    try {
-      FS.mkdir("/host");
-    } catch (_e) {
-    }
-    try {
-      FS.unmount("/host");
-    } catch (_e) {
-    }
-    FS.mount(HOSTFS, { root: "/" }, "/host");
-  } catch (e) {
-    return {
-      success: false,
-      error: `Failed to mount HOSTFS: ${e.message}`
-    };
-  }
-  try {
-    pyodide.runPython(`
-import sys
-if '_jb_http_bridge' in sys.modules:
-    del sys.modules['_jb_http_bridge']
-if 'jb_http' in sys.modules:
-    del sys.modules['jb_http']
-`);
-  } catch (_e) {
-  }
-  pyodide.registerJsModule("_jb_http_bridge", {
-    request: (url, method, headersJson, body) => {
-      try {
-        const headers = headersJson ? JSON.parse(headersJson) : void 0;
-        const result = backend.httpRequest(url, {
-          method: method || "GET",
-          headers,
-          body: body || void 0
-        });
-        return JSON.stringify(result);
-      } catch (e) {
-        return JSON.stringify({ error: e.message });
-      }
-    }
-  });
+function generateSetupCode(input) {
   const envSetup = Object.entries(input.env).map(([key, value]) => {
     return `os.environ[${JSON.stringify(key)}] = ${JSON.stringify(value)}`;
   }).join("\n");
   const argv0 = input.scriptPath || "python3";
   const argvList = [argv0, ...input.args].map((arg) => JSON.stringify(arg)).join(", ");
-  try {
-    await pyodide.runPythonAsync(`
+  return `
 import os
 import sys
-import builtins
 import json
 ${envSetup}
 sys.argv = [${argvList}]
-# Create jb_http module for HTTP requests
+# Path redirection: redirect /absolute paths to /host mount
+def _should_redirect(path):
+    return (isinstance(path, str) and
+            path.startswith('/') and
+            not path.startswith('/lib') and
+            not path.startswith('/proc') and
+            not path.startswith('/host') and
+            not path.startswith('/_jb_http'))
+# builtins.open
+import builtins
+_orig_open = builtins.open
+def _redir_open(path, mode='r', *args, **kwargs):
+    if _should_redirect(path):
+        path = '/host' + path
+    return _orig_open(path, mode, *args, **kwargs)
+builtins.open = _redir_open
+# os file operations
+_orig_listdir = os.listdir
+def _redir_listdir(path='.'):
+    if _should_redirect(path):
+        path = '/host' + path
+    return _orig_listdir(path)
+os.listdir = _redir_listdir
+_orig_exists = os.path.exists
+def _redir_exists(path):
+    if _should_redirect(path):
+        path = '/host' + path
+    return _orig_exists(path)
+os.path.exists = _redir_exists
+_orig_isfile = os.path.isfile
+def _redir_isfile(path):
+    if _should_redirect(path):
+        path = '/host' + path
+    return _orig_isfile(path)
+os.path.isfile = _redir_isfile
+_orig_isdir = os.path.isdir
+def _redir_isdir(path):
+    if _should_redirect(path):
+        path = '/host' + path
+    return _orig_isdir(path)
+os.path.isdir = _redir_isdir
+_orig_stat = os.stat
+def _redir_stat(path, *args, **kwargs):
+    if _should_redirect(path):
+        path = '/host' + path
+    return _orig_stat(path, *args, **kwargs)
+os.stat = _redir_stat
+_orig_mkdir = os.mkdir
+def _redir_mkdir(path, *args, **kwargs):
+    if _should_redirect(path):
+        path = '/host' + path
+    return _orig_mkdir(path, *args, **kwargs)
+os.mkdir = _redir_mkdir
+_orig_makedirs = os.makedirs
+def _redir_makedirs(path, *args, **kwargs):
+    if _should_redirect(path):
+        path = '/host' + path
+    return _orig_makedirs(path, *args, **kwargs)
+os.makedirs = _redir_makedirs
+_orig_remove = os.remove
+def _redir_remove(path, *args, **kwargs):
+    if _should_redirect(path):
+        path = '/host' + path
+    return _orig_remove(path, *args, **kwargs)
+os.remove = _redir_remove
+_orig_rmdir = os.rmdir
+def _redir_rmdir(path, *args, **kwargs):
+    if _should_redirect(path):
+        path = '/host' + path
+    return _orig_rmdir(path, *args, **kwargs)
+os.rmdir = _redir_rmdir
+_orig_getcwd = os.getcwd
+def _redir_getcwd():
+    cwd = _orig_getcwd()
+    if cwd.startswith('/host'):
+        return cwd[5:]
+    return cwd
+os.getcwd = _redir_getcwd
+_orig_chdir = os.chdir
+def _redir_chdir(path):
+    if _should_redirect(path):
+        path = '/host' + path
+    return _orig_chdir(path)
+os.chdir = _redir_chdir
+# glob
+import glob as _glob_module
+_orig_glob = _glob_module.glob
+def _redir_glob(pathname, *args, **kwargs):
+    if _should_redirect(pathname):
+        pathname = '/host' + pathname
+    return _orig_glob(pathname, *args, **kwargs)
+_glob_module.glob = _redir_glob
+_orig_iglob = _glob_module.iglob
+def _redir_iglob(pathname, *args, **kwargs):
+    if _should_redirect(pathname):
+        pathname = '/host' + pathname
+    return _orig_iglob(pathname, *args, **kwargs)
+_glob_module.iglob = _redir_iglob
+# os.walk
+_orig_walk = os.walk
+def _redir_walk(top, *args, **kwargs):
+    redirected = False
+    if _should_redirect(top):
+        top = '/host' + top
+        redirected = True
+    for dirpath, dirnames, filenames in _orig_walk(top, *args, **kwargs):
+        if redirected and dirpath.startswith('/host'):
+            dirpath = dirpath[5:] if len(dirpath) > 5 else '/'
+        yield dirpath, dirnames, filenames
+os.walk = _redir_walk
+# os.scandir
+_orig_scandir = os.scandir
+def _redir_scandir(path='.'):
+    if _should_redirect(path):
+        path = '/host' + path
+    return _orig_scandir(path)
+os.scandir = _redir_scandir
+# io.open
+import io as _io_module
+_io_module.open = builtins.open
+# shutil
+import shutil as _shutil_module
+_orig_shutil_copy = _shutil_module.copy
+def _redir_shutil_copy(src, dst, *args, **kwargs):
+    if _should_redirect(src): src = '/host' + src
+    if _should_redirect(dst): dst = '/host' + dst
+    return _orig_shutil_copy(src, dst, *args, **kwargs)
+_shutil_module.copy = _redir_shutil_copy
+_orig_shutil_copy2 = _shutil_module.copy2
+def _redir_shutil_copy2(src, dst, *args, **kwargs):
+    if _should_redirect(src): src = '/host' + src
+    if _should_redirect(dst): dst = '/host' + dst
+    return _orig_shutil_copy2(src, dst, *args, **kwargs)
+_shutil_module.copy2 = _redir_shutil_copy2
+_orig_shutil_copyfile = _shutil_module.copyfile
+def _redir_shutil_copyfile(src, dst, *args, **kwargs):
+    if _should_redirect(src): src = '/host' + src
+    if _should_redirect(dst): dst = '/host' + dst
+    return _orig_shutil_copyfile(src, dst, *args, **kwargs)
+_shutil_module.copyfile = _redir_shutil_copyfile
+_orig_shutil_copytree = _shutil_module.copytree
+def _redir_shutil_copytree(src, dst, *args, **kwargs):
+    if _should_redirect(src): src = '/host' + src
+    if _should_redirect(dst): dst = '/host' + dst
+    return _orig_shutil_copytree(src, dst, *args, **kwargs)
+_shutil_module.copytree = _redir_shutil_copytree
+_orig_shutil_move = _shutil_module.move
+def _redir_shutil_move(src, dst, *args, **kwargs):
+    if _should_redirect(src): src = '/host' + src
+    if _should_redirect(dst): dst = '/host' + dst
+    return _orig_shutil_move(src, dst, *args, **kwargs)
+_shutil_module.move = _redir_shutil_move
+_orig_shutil_rmtree = _shutil_module.rmtree
+def _redir_shutil_rmtree(path, *args, **kwargs):
+    if _should_redirect(path): path = '/host' + path
+    return _orig_shutil_rmtree(path, *args, **kwargs)
+_shutil_module.rmtree = _redir_shutil_rmtree
+# pathlib.Path
+from pathlib import Path
+def _redirect_path(p):
+    s = str(p)
+    if _should_redirect(s):
+        return Path('/host' + s)
+    return p
+Path._orig_stat = Path.stat
+def _path_stat(self, *args, **kwargs):
+    return _redirect_path(self)._orig_stat(*args, **kwargs)
+Path.stat = _path_stat
+Path._orig_exists = Path.exists
+def _path_exists(self):
+    return _redirect_path(self)._orig_exists()
+Path.exists = _path_exists
+Path._orig_is_file = Path.is_file
+def _path_is_file(self):
+    return _redirect_path(self)._orig_is_file()
+Path.is_file = _path_is_file
+Path._orig_is_dir = Path.is_dir
+def _path_is_dir(self):
+    return _redirect_path(self)._orig_is_dir()
+Path.is_dir = _path_is_dir
+Path._orig_open = Path.open
+def _path_open(self, *args, **kwargs):
+    return _redirect_path(self)._orig_open(*args, **kwargs)
+Path.open = _path_open
+Path._orig_read_text = Path.read_text
+def _path_read_text(self, *args, **kwargs):
+    return _redirect_path(self)._orig_read_text(*args, **kwargs)
+Path.read_text = _path_read_text
+Path._orig_read_bytes = Path.read_bytes
+def _path_read_bytes(self):
+    return _redirect_path(self)._orig_read_bytes()
+Path.read_bytes = _path_read_bytes
+Path._orig_write_text = Path.write_text
+def _path_write_text(self, *args, **kwargs):
+    return _redirect_path(self)._orig_write_text(*args, **kwargs)
+Path.write_text = _path_write_text
+Path._orig_write_bytes = Path.write_bytes
+def _path_write_bytes(self, data):
+    return _redirect_path(self)._orig_write_bytes(data)
+Path.write_bytes = _path_write_bytes
+Path._orig_mkdir = Path.mkdir
+def _path_mkdir(self, *args, **kwargs):
+    return _redirect_path(self)._orig_mkdir(*args, **kwargs)
+Path.mkdir = _path_mkdir
+Path._orig_rmdir = Path.rmdir
+def _path_rmdir(self):
+    return _redirect_path(self)._orig_rmdir()
+Path.rmdir = _path_rmdir
+Path._orig_unlink = Path.unlink
+def _path_unlink(self, *args, **kwargs):
+    return _redirect_path(self)._orig_unlink(*args, **kwargs)
+Path.unlink = _path_unlink
+Path._orig_iterdir = Path.iterdir
+def _path_iterdir(self):
+    redirected = _redirect_path(self)
+    for p in redirected._orig_iterdir():
+        s = str(p)
+        if s.startswith('/host'):
+            yield Path(s[5:])
+        else:
+            yield p
+Path.iterdir = _path_iterdir
+Path._orig_glob = Path.glob
+def _path_glob(self, pattern):
+    redirected = _redirect_path(self)
+    for p in redirected._orig_glob(pattern):
+        s = str(p)
+        if s.startswith('/host'):
+            yield Path(s[5:])
+        else:
+            yield p
+Path.glob = _path_glob
+Path._orig_rglob = Path.rglob
+def _path_rglob(self, pattern):
+    redirected = _redirect_path(self)
+    for p in redirected._orig_rglob(pattern):
+        s = str(p)
+        if s.startswith('/host'):
+            yield Path(s[5:])
+        else:
+            yield p
+Path.rglob = _path_rglob
+# Set cwd to host mount
+os.chdir('/host' + ${JSON.stringify(input.cwd)})
+`;
+}
+function createHTTPFS(backend, FS) {
+  let lastResponse = null;
+  const encoder = new TextEncoder();
+  const decoder = new TextDecoder();
+  const HTTPFS = {
+    mount(_mount) {
+      return HTTPFS.createNode(null, "/", 16877, 0);
+    },
+    createNode(parent, name, mode, dev) {
+      const node = FS.createNode(parent, name, mode, dev);
+      node.node_ops = HTTPFS.node_ops;
+      node.stream_ops = HTTPFS.stream_ops;
+      return node;
+    },
+    node_ops: {
+      getattr(node) {
+        const isDir = node.name === "/" || node.parent === node;
+        return {
+          dev: 1,
+          ino: node.id,
+          mode: isDir ? 16877 : 33206,
+          nlink: 1,
+          uid: 0,
+          gid: 0,
+          rdev: 0,
+          size: lastResponse ? lastResponse.length : 0,
+          atime: /* @__PURE__ */ new Date(),
+          mtime: /* @__PURE__ */ new Date(),
+          ctime: /* @__PURE__ */ new Date(),
+          blksize: 4096,
+          blocks: 0
+        };
+      },
+      setattr(_node, _attr) {
+      },
+      lookup(parent, name) {
+        return HTTPFS.createNode(parent, name, 33206);
+      },
+      mknod(parent, name, mode, _dev) {
+        return HTTPFS.createNode(parent, name, mode);
+      },
+      rename() {
+      },
+      unlink() {
+      },
+      rmdir() {
+      },
+      readdir(_node) {
+        return ["request"];
+      },
+      symlink() {
+      },
+      readlink(_node) {
+        return "";
+      }
+    },
+    stream_ops: {
+      open(stream) {
+        delete stream.hostContent;
+        stream.hostModified = false;
+        const accessMode = stream.flags & 3;
+        const isRead = accessMode === 0;
+        if (isRead && lastResponse) {
+          stream.hostContent = lastResponse;
+        }
+      },
+      close(stream) {
+        if (stream.hostModified && stream.hostContent) {
+          const reqJson = decoder.decode(stream.hostContent);
+          try {
+            const req = JSON.parse(reqJson);
+            const result = backend.httpRequest(req.url, {
+              method: req.method || "GET",
+              headers: req.headers || void 0,
+              body: req.body || void 0
+            });
+            lastResponse = encoder.encode(JSON.stringify(result));
+          } catch (e) {
+            lastResponse = encoder.encode(
+              JSON.stringify({ error: e.message })
+            );
+          }
+        }
+        delete stream.hostContent;
+        delete stream.hostModified;
+      },
+      read(stream, buffer, offset, length, position) {
+        const content = stream.hostContent;
+        if (!content) return 0;
+        const size = content.length;
+        if (position >= size) return 0;
+        const bytesToRead = Math.min(length, size - position);
+        buffer.set(content.subarray(position, position + bytesToRead), offset);
+        return bytesToRead;
+      },
+      write(stream, buffer, offset, length, position) {
+        let content = stream.hostContent || new Uint8Array(0);
+        const newSize = Math.max(content.length, position + length);
+        if (newSize > content.length) {
+          const newContent = new Uint8Array(newSize);
+          newContent.set(content);
+          content = newContent;
+          stream.hostContent = content;
+        }
+        content.set(buffer.subarray(offset, offset + length), position);
+        stream.hostModified = true;
+        return length;
+      },
+      llseek(stream, offset, whence) {
+        let position = offset;
+        if (whence === 1)
+          position += stream.position;
+        else if (whence === 2) {
+          const content = stream.hostContent;
+          position += content ? content.length : 0;
+        }
+        if (position < 0) throw new FS.ErrnoError(28);
+        return position;
+      }
+    }
+  };
+  return HTTPFS;
+}
+function generateHttpBridgeCode() {
+  return `
+# HTTP bridge: jb_http module
+# Write request JSON to /_jb_http/request (custom FS triggers HTTP via SharedArrayBuffer)
+# Then read response JSON from same path.
 class _JbHttpResponse:
     """HTTP response object similar to requests.Response"""
     def __init__(self, data):
@@ -1936,20 +2311,23 @@ class _JbHttpResponse:
             raise Exception(f"HTTP {self.status_code}: {self.reason}")
 class _JbHttp:
-    """HTTP client that bridges to just-bash's secureFetch"""
+    """HTTP client that bridges to just-bash's secureFetch via custom FS"""
+    def _do_request(self, method, url, headers=None, body=None):
+        import json as _json
+        req = _json.dumps({'url': url, 'method': method, 'headers': headers, 'body': body})
+        # Write request to HTTPFS \u2014 close triggers the HTTP call synchronously
+        with _orig_open('/_jb_http/request', 'w') as f:
+            f.write(req)
+        # Read response (cached by HTTPFS from the HTTP call above)
+        with _orig_open('/_jb_http/request', 'r') as f:
+            return _json.loads(f.read())
     def request(self, method, url, headers=None, data=None, json_data=None):
-        # Import fresh each time to ensure we use the current bridge
-        # (important when worker is reused with different SharedArrayBuffer)
-        import _jb_http_bridge
         if json_data is not None:
             data = json.dumps(json_data)
             headers = headers or {}
             headers['Content-Type'] = 'application/json'
-        # Serialize headers to JSON to avoid PyProxy issues when passing to JS
-        headers_json = json.dumps(headers) if headers else None
-        result_json = _jb_http_bridge.request(url, method, headers_json, data)
-        result = json.loads(result_json)
-        # Check for errors from the bridge (network not configured, URL not allowed, etc.)
+        result = self._do_request(method, url, headers, data)
         if 'error' in result and result.get('status') is None:
             raise Exception(result['error'])
         return _JbHttpResponse(result)
@@ -1972,7 +2350,6 @@ class _JbHttp:
     def patch(self, url, headers=None, data=None, json=None, **kwargs):
         return self.request('PATCH', url, headers=headers, data=data, json_data=json, **kwargs)
-# Register jb_http as an importable module
 import types
 jb_http = types.ModuleType('jb_http')
 jb_http._client = _JbHttp()
@@ -1985,456 +2362,123 @@ jb_http.patch = jb_http._client.patch
 jb_http.request = jb_http._client.request
 jb_http.Response = _JbHttpResponse
 sys.modules['jb_http'] = jb_http
-# ============================================================
-# SANDBOX SECURITY SETUP
-# ============================================================
-# Only apply sandbox restrictions once per Pyodide instance
-if not hasattr(builtins, '_jb_sandbox_initialized'):
-    builtins._jb_sandbox_initialized = True
-    # ------------------------------------------------------------
-    # 1. Block dangerous module imports (js, pyodide, pyodide_js, pyodide.ffi)
-    # These allow sandbox escape via JavaScript execution
-    # ------------------------------------------------------------
-    _BLOCKED_MODULES = frozenset({'js', 'pyodide', 'pyodide_js', 'pyodide.ffi'})
-    _BLOCKED_PREFIXES = ('js.', 'pyodide.', 'pyodide_js.')
-    # Remove pre-loaded dangerous modules from sys.modules
-    for _blocked_mod in list(sys.modules.keys()):
-        if _blocked_mod in _BLOCKED_MODULES or any(_blocked_mod.startswith(p) for p in _BLOCKED_PREFIXES):
-            del sys.modules[_blocked_mod]
-    # Create a secure callable wrapper that hides introspection attributes
-    # This prevents access to __closure__, __kwdefaults__, __globals__, etc.
-    def _make_secure_import(orig_import, blocked, prefixes):
-        """Create import function wrapped to block introspection."""
-        def _inner(name, globals=None, locals=None, fromlist=(), level=0):
-            if name in blocked or any(name.startswith(p) for p in prefixes):
-                raise ImportError(f"Module '{name}' is blocked in this sandbox")
-            return orig_import(name, globals, locals, fromlist, level)
-        class _SecureImport:
-            """Wrapper that hides function internals from introspection."""
-            __slots__ = ()
-            def __call__(self, name, globals=None, locals=None, fromlist=(), level=0):
-                return _inner(name, globals, locals, fromlist, level)
-            def __getattribute__(self, name):
-                if name in ('__call__', '__class__'):
-                    return object.__getattribute__(self, name)
-                raise AttributeError(f"'{type(self).__name__}' object has no attribute '{name}'")
-            def __repr__(self):
-                return '<built-in function __import__>'
-        return _SecureImport()
-    builtins.__import__ = _make_secure_import(builtins.__import__, _BLOCKED_MODULES, _BLOCKED_PREFIXES)
-    del _BLOCKED_MODULES, _BLOCKED_PREFIXES, _make_secure_import
-    # ------------------------------------------------------------
-    # 2. Path redirection helper
-    # ------------------------------------------------------------
-    def _should_redirect(path):
-        """Check if a path should be redirected to /host."""
-        return (isinstance(path, str) and
-                path.startswith('/') and
-                not path.startswith('/lib') and
-                not path.startswith('/proc') and
-                not path.startswith('/host'))
-    # ------------------------------------------------------------
-    # 3. Secure wrapper factory for file operations
-    # ------------------------------------------------------------
-    # This creates callable wrappers that hide __closure__, __globals__, etc.
-    def _make_secure_wrapper(func, name):
-        """Wrap a function to block introspection attributes."""
-        class _SecureWrapper:
-            __slots__ = ()
-            def __call__(self, *args, **kwargs):
-                return func(*args, **kwargs)
-            def __getattribute__(self, attr):
-                if attr in ('__call__', '__class__'):
-                    return object.__getattribute__(self, attr)
-                raise AttributeError(f"'{type(self).__name__}' object has no attribute '{attr}'")
-            def __repr__(self):
-                return f'<built-in function {name}>'
-        return _SecureWrapper()
-    # ------------------------------------------------------------
-    # 4. Redirect file operations to /host (with secure wrappers)
-    # ------------------------------------------------------------
-    # builtins.open
-    _orig_open = builtins.open
-    def _redir_open(path, mode='r', *args, **kwargs):
-        if _should_redirect(path):
-            path = '/host' + path
-        return _orig_open(path, mode, *args, **kwargs)
-    builtins.open = _make_secure_wrapper(_redir_open, 'open')
-    # os.listdir
-    _orig_listdir = os.listdir
-    def _redir_listdir(path='.'):
-        if _should_redirect(path):
-            path = '/host' + path
-        return _orig_listdir(path)
-    os.listdir = _make_secure_wrapper(_redir_listdir, 'listdir')
-    # os.path.exists
-    _orig_exists = os.path.exists
-    def _redir_exists(path):
-        if _should_redirect(path):
-            path = '/host' + path
-        return _orig_exists(path)
-    os.path.exists = _make_secure_wrapper(_redir_exists, 'exists')
-    # os.path.isfile
-    _orig_isfile = os.path.isfile
-    def _redir_isfile(path):
-        if _should_redirect(path):
-            path = '/host' + path
-        return _orig_isfile(path)
-    os.path.isfile = _make_secure_wrapper(_redir_isfile, 'isfile')
-    # os.path.isdir
-    _orig_isdir = os.path.isdir
-    def _redir_isdir(path):
-        if _should_redirect(path):
-            path = '/host' + path
-        return _orig_isdir(path)
-    os.path.isdir = _make_secure_wrapper(_redir_isdir, 'isdir')
-    # os.stat
-    _orig_stat = os.stat
-    def _redir_stat(path, *args, **kwargs):
-        if _should_redirect(path):
-            path = '/host' + path
-        return _orig_stat(path, *args, **kwargs)
-    os.stat = _make_secure_wrapper(_redir_stat, 'stat')
-    # os.mkdir
-    _orig_mkdir = os.mkdir
-    def _redir_mkdir(path, *args, **kwargs):
-        if _should_redirect(path):
-            path = '/host' + path
-        return _orig_mkdir(path, *args, **kwargs)
-    os.mkdir = _make_secure_wrapper(_redir_mkdir, 'mkdir')
-    # os.makedirs
-    _orig_makedirs = os.makedirs
-    def _redir_makedirs(path, *args, **kwargs):
-        if _should_redirect(path):
-            path = '/host' + path
-        return _orig_makedirs(path, *args, **kwargs)
-    os.makedirs = _make_secure_wrapper(_redir_makedirs, 'makedirs')
-    # os.remove
-    _orig_remove = os.remove
-    def _redir_remove(path, *args, **kwargs):
-        if _should_redirect(path):
-            path = '/host' + path
-        return _orig_remove(path, *args, **kwargs)
-    os.remove = _make_secure_wrapper(_redir_remove, 'remove')
-    # os.rmdir
-    _orig_rmdir = os.rmdir
-    def _redir_rmdir(path, *args, **kwargs):
-        if _should_redirect(path):
-            path = '/host' + path
-        return _orig_rmdir(path, *args, **kwargs)
-    os.rmdir = _make_secure_wrapper(_redir_rmdir, 'rmdir')
-    # os.getcwd - strip /host prefix
-    _orig_getcwd = os.getcwd
-    def _redir_getcwd():
-        cwd = _orig_getcwd()
-        if cwd.startswith('/host'):
-            return cwd[5:]  # Strip '/host' prefix
-        return cwd
-    os.getcwd = _make_secure_wrapper(_redir_getcwd, 'getcwd')
-    # os.chdir
-    _orig_chdir = os.chdir
-    def _redir_chdir(path):
-        if _should_redirect(path):
-            path = '/host' + path
-        return _orig_chdir(path)
-    os.chdir = _make_secure_wrapper(_redir_chdir, 'chdir')
-    # ------------------------------------------------------------
-    # 5. Additional file operations (glob, walk, scandir, io.open)
-    # ------------------------------------------------------------
-    import glob as _glob_module
-    _orig_glob = _glob_module.glob
-    def _redir_glob(pathname, *args, **kwargs):
-        if _should_redirect(pathname):
-            pathname = '/host' + pathname
-        return _orig_glob(pathname, *args, **kwargs)
-    _glob_module.glob = _make_secure_wrapper(_redir_glob, 'glob')
-    _orig_iglob = _glob_module.iglob
-    def _redir_iglob(pathname, *args, **kwargs):
-        if _should_redirect(pathname):
-            pathname = '/host' + pathname
-        return _orig_iglob(pathname, *args, **kwargs)
-    _glob_module.iglob = _make_secure_wrapper(_redir_iglob, 'iglob')
-    # os.walk (generator - needs special handling)
-    _orig_walk = os.walk
-    def _redir_walk(top, *args, **kwargs):
-        redirected = False
-        if _should_redirect(top):
-            top = '/host' + top
-            redirected = True
-        for dirpath, dirnames, filenames in _orig_walk(top, *args, **kwargs):
-            if redirected and dirpath.startswith('/host'):
-                dirpath = dirpath[5:] if len(dirpath) > 5 else '/'
-            yield dirpath, dirnames, filenames
-    os.walk = _make_secure_wrapper(_redir_walk, 'walk')
-    # os.scandir
-    _orig_scandir = os.scandir
-    def _redir_scandir(path='.'):
-        if _should_redirect(path):
-            path = '/host' + path
-        return _orig_scandir(path)
-    os.scandir = _make_secure_wrapper(_redir_scandir, 'scandir')
-    # io.open (same secure wrapper as builtins.open)
-    import io as _io_module
-    _io_module.open = builtins.open
-    # ------------------------------------------------------------
-    # 6. shutil file operations
-    # ------------------------------------------------------------
-    import shutil as _shutil_module
-    # shutil.copy(src, dst)
-    _orig_shutil_copy = _shutil_module.copy
-    def _redir_shutil_copy(src, dst, *args, **kwargs):
-        if _should_redirect(src):
-            src = '/host' + src
-        if _should_redirect(dst):
-            dst = '/host' + dst
-        return _orig_shutil_copy(src, dst, *args, **kwargs)
-    _shutil_module.copy = _make_secure_wrapper(_redir_shutil_copy, 'copy')
-    # shutil.copy2(src, dst)
-    _orig_shutil_copy2 = _shutil_module.copy2
-    def _redir_shutil_copy2(src, dst, *args, **kwargs):
-        if _should_redirect(src):
-            src = '/host' + src
-        if _should_redirect(dst):
-            dst = '/host' + dst
-        return _orig_shutil_copy2(src, dst, *args, **kwargs)
-    _shutil_module.copy2 = _make_secure_wrapper(_redir_shutil_copy2, 'copy2')
-    # shutil.copyfile(src, dst)
-    _orig_shutil_copyfile = _shutil_module.copyfile
-    def _redir_shutil_copyfile(src, dst, *args, **kwargs):
-        if _should_redirect(src):
-            src = '/host' + src
-        if _should_redirect(dst):
-            dst = '/host' + dst
-        return _orig_shutil_copyfile(src, dst, *args, **kwargs)
-    _shutil_module.copyfile = _make_secure_wrapper(_redir_shutil_copyfile, 'copyfile')
-    # shutil.copytree(src, dst)
-    _orig_shutil_copytree = _shutil_module.copytree
-    def _redir_shutil_copytree(src, dst, *args, **kwargs):
-        if _should_redirect(src):
-            src = '/host' + src
-        if _should_redirect(dst):
-            dst = '/host' + dst
-        return _orig_shutil_copytree(src, dst, *args, **kwargs)
-    _shutil_module.copytree = _make_secure_wrapper(_redir_shutil_copytree, 'copytree')
-    # shutil.move(src, dst)
-    _orig_shutil_move = _shutil_module.move
-    def _redir_shutil_move(src, dst, *args, **kwargs):
-        if _should_redirect(src):
-            src = '/host' + src
-        if _should_redirect(dst):
-            dst = '/host' + dst
-        return _orig_shutil_move(src, dst, *args, **kwargs)
-    _shutil_module.move = _make_secure_wrapper(_redir_shutil_move, 'move')
-    # shutil.rmtree(path)
-    _orig_shutil_rmtree = _shutil_module.rmtree
-    def _redir_shutil_rmtree(path, *args, **kwargs):
-        if _should_redirect(path):
-            path = '/host' + path
-        return _orig_shutil_rmtree(path, *args, **kwargs)
-    _shutil_module.rmtree = _make_secure_wrapper(_redir_shutil_rmtree, 'rmtree')
-    # ------------------------------------------------------------
-    # 7. pathlib.Path - redirect path resolution
-    # ------------------------------------------------------------
-    from pathlib import Path, PurePosixPath
-    def _redirect_path(p):
-        """Convert a Path to redirect /absolute paths to /host."""
-        s = str(p)
-        if _should_redirect(s):
-            return Path('/host' + s)
-        return p
-    # Helper to create method wrappers for Path
-    def _wrap_path_method(orig_method, name):
-        def wrapper(self, *args, **kwargs):
-            redirected = _redirect_path(self)
-            return getattr(redirected, '_orig_' + name)(*args, **kwargs)
-        return wrapper
-    # Store original methods with _orig_ prefix, then replace with redirecting versions
-    # Path.stat()
-    Path._orig_stat = Path.stat
-    def _path_stat(self, *args, **kwargs):
-        return _redirect_path(self)._orig_stat(*args, **kwargs)
-    Path.stat = _path_stat
-    # Path.exists()
-    Path._orig_exists = Path.exists
-    def _path_exists(self):
-        return _redirect_path(self)._orig_exists()
-    Path.exists = _path_exists
-    # Path.is_file()
-    Path._orig_is_file = Path.is_file
-    def _path_is_file(self):
-        return _redirect_path(self)._orig_is_file()
-    Path.is_file = _path_is_file
-    # Path.is_dir()
-    Path._orig_is_dir = Path.is_dir
-    def _path_is_dir(self):
-        return _redirect_path(self)._orig_is_dir()
-    Path.is_dir = _path_is_dir
-    # Path.open()
-    Path._orig_open = Path.open
-    def _path_open(self, *args, **kwargs):
-        return _redirect_path(self)._orig_open(*args, **kwargs)
-    Path.open = _path_open
-    # Path.read_text()
-    Path._orig_read_text = Path.read_text
-    def _path_read_text(self, *args, **kwargs):
-        return _redirect_path(self)._orig_read_text(*args, **kwargs)
-    Path.read_text = _path_read_text
-    # Path.read_bytes()
-    Path._orig_read_bytes = Path.read_bytes
-    def _path_read_bytes(self):
-        return _redirect_path(self)._orig_read_bytes()
-    Path.read_bytes = _path_read_bytes
-    # Path.write_text()
-    Path._orig_write_text = Path.write_text
-    def _path_write_text(self, *args, **kwargs):
-        return _redirect_path(self)._orig_write_text(*args, **kwargs)
-    Path.write_text = _path_write_text
-    # Path.write_bytes()
-    Path._orig_write_bytes = Path.write_bytes
-    def _path_write_bytes(self, data):
-        return _redirect_path(self)._orig_write_bytes(data)
-    Path.write_bytes = _path_write_bytes
-    # Path.mkdir()
-    Path._orig_mkdir = Path.mkdir
-    def _path_mkdir(self, *args, **kwargs):
-        return _redirect_path(self)._orig_mkdir(*args, **kwargs)
-    Path.mkdir = _path_mkdir
-    # Path.rmdir()
-    Path._orig_rmdir = Path.rmdir
-    def _path_rmdir(self):
-        return _redirect_path(self)._orig_rmdir()
-    Path.rmdir = _path_rmdir
-    # Path.unlink()
-    Path._orig_unlink = Path.unlink
-    def _path_unlink(self, *args, **kwargs):
-        return _redirect_path(self)._orig_unlink(*args, **kwargs)
-    Path.unlink = _path_unlink
-    # Path.iterdir()
-    Path._orig_iterdir = Path.iterdir
-    def _path_iterdir(self):
-        redirected = _redirect_path(self)
-        for p in redirected._orig_iterdir():
-            # Strip /host prefix from results
-            s = str(p)
-            if s.startswith('/host'):
-                yield Path(s[5:])
-            else:
-                yield p
-    Path.iterdir = _path_iterdir
-    # Path.glob()
-    Path._orig_glob = Path.glob
-    def _path_glob(self, pattern):
-        redirected = _redirect_path(self)
-        for p in redirected._orig_glob(pattern):
-            s = str(p)
-            if s.startswith('/host'):
-                yield Path(s[5:])
-            else:
-                yield p
-    Path.glob = _path_glob
-    # Path.rglob()
-    Path._orig_rglob = Path.rglob
-    def _path_rglob(self, pattern):
-        redirected = _redirect_path(self)
-        for p in redirected._orig_rglob(pattern):
-            s = str(p)
-            if s.startswith('/host'):
-                yield Path(s[5:])
-            else:
-                yield p
-    Path.rglob = _path_rglob
-# Set cwd to host mount
-os.chdir('/host' + ${JSON.stringify(input.cwd)})
+`;
+}
+var cachedStdlibZip = new Uint8Array(readFileSync(stdlibZipPath));
+async function runPython(input) {
+  const backend = new SyncFsBackend(input.sharedBuffer);
+  const createPythonModule = require2(`${cpythonDir}/python.cjs`);
+  let moduleReady = false;
+  const pendingStdout = [];
+  const pendingStderr = [];
+  let Module;
+  try {
+    Module = await createPythonModule({
+      noInitialRun: true,
+      preRun: [
+        (mod) => {
+          mod.FS.mkdirTree("/lib");
+          mod.FS.writeFile("/lib/python313.zip", cachedStdlibZip);
+          mod.ENV.PYTHONHOME = "/";
+          mod.ENV.PYTHONPATH = "/lib/python313.zip";
+        }
+      ],
+      print: (text) => {
+        if (moduleReady) {
+          backend.writeStdout(`${text}
+`);
+        } else {
+          pendingStdout.push(`${text}
+`);
+        }
+      },
+      printErr: (text) => {
+        if (typeof text === "string" && (text.includes("Could not find platform") || text.includes("LLVM Profile Error"))) {
+          return;
+        }
+        if (moduleReady) {
+          backend.writeStderr(`${text}
 `);
+        } else {
+          pendingStderr.push(`${text}
+`);
+        }
+      }
+    });
   } catch (e) {
     return {
       success: false,
-      error: `Failed to set up environment: ${e.message}`
+      error: `Failed to load CPython: ${e.message}`
     };
   }
+  activateDefense();
+  moduleReady = true;
+  for (const text of pendingStdout) backend.writeStdout(text);
+  for (const text of pendingStderr) backend.writeStderr(text);
+  const HOSTFS = createHOSTFS(backend, Module.FS, Module.PATH);
   try {
-    const wrappedCode = `
+    Module.FS.mkdir("/host");
+    Module.FS.mount(HOSTFS, { root: "/" }, "/host");
+  } catch (e) {
+    return {
+      success: false,
+      error: `Failed to mount HOSTFS: ${e.message}`
+    };
+  }
+  const HTTPFS = createHTTPFS(backend, Module.FS);
+  try {
+    Module.FS.mkdir("/_jb_http");
+    Module.FS.mount(HTTPFS, { root: "/" }, "/_jb_http");
+  } catch (e) {
+    return {
+      success: false,
+      error: `Failed to mount HTTPFS: ${e.message}`
+    };
+  }
+  const setupCode = generateSetupCode(input);
+  const httpBridgeCode = generateHttpBridgeCode();
+  const wrappedCode = `
 import sys
 _jb_exit_code = 0
 try:
+${setupCode.split("\n").map((line) => `    ${line}`).join("\n")}
+${httpBridgeCode.split("\n").map((line) => `    ${line}`).join("\n")}
 ${input.pythonCode.split("\n").map((line) => `    ${line}`).join("\n")}
 except SystemExit as e:
     _jb_exit_code = e.code if isinstance(e.code, int) else (1 if e.code else 0)
+except Exception as e:
+    import traceback
+    traceback.print_exc()
+    _jb_exit_code = 1
+sys.exit(_jb_exit_code)
 `;
-    await pyodide.runPythonAsync(wrappedCode);
-    const exitCode = pyodide.globals.get("_jb_exit_code");
+  try {
+    Module.FS.mkdir("/tmp");
+  } catch (_e) {
+  }
+  const encoder = new TextEncoder();
+  const scriptPath = "/tmp/_jb_script.py";
+  const scriptData = encoder.encode(wrappedCode);
+  Module.FS.writeFile(scriptPath, scriptData);
+  try {
+    const ret = Module.callMain([scriptPath]);
+    const exitCode = (typeof ret === "number" ? ret : 0) || process.exitCode || 0;
     backend.exit(exitCode);
     return { success: true };
   } catch (e) {
     const error = e;
-    backend.writeStderr(`${error.message}
-`);
-    backend.exit(1);
+    const exitCode = error.status ?? process.exitCode ?? 1;
+    backend.exit(exitCode);
     return { success: true };
   }
 }
 var defense = null;
-async function initializeWithDefense() {
-  await getPyodide();
+function activateDefense() {
+  if (defense) return;
   defense = new WorkerDefenseInDepth({
     excludeViolationTypes: [
-      "proxy",
-      "setImmediate",
-      // 3. SharedArrayBuffer/Atomics: Used by sync-fs-backend.ts for synchronous
-      //    filesystem communication between Pyodide's WASM thread and the main thread.
-      //    Without this, Pyodide cannot perform synchronous file I/O operations.
+      // SharedArrayBuffer/Atomics: Used by sync-fs-backend.ts for synchronous
+      // filesystem communication between the WASM thread and the main thread.
       "shared_array_buffer",
       "atomics"
     ],
@@ -2443,9 +2487,15 @@ async function initializeWithDefense() {
     }
   });
 }
+process.on("uncaughtException", (e) => {
+  parentPort?.postMessage({
+    success: false,
+    error: `Worker uncaught exception: ${e.message}`
+  });
+});
 if (parentPort) {
   if (workerData) {
-    initializeWithDefense().then(() => runPython(workerData)).then((result) => {
+    runPython(workerData).then((result) => {
       result.defenseStats = defense?.getStats();
       parentPort?.postMessage(result);
     }).catch((e) => {
@@ -2456,20 +2506,4 @@ if (parentPort) {
       });
     });
   }
-  parentPort.on("message", async (input) => {
-    try {
-      if (!defense) {
-        await initializeWithDefense();
-      }
-      const result = await runPython(input);
-      result.defenseStats = defense?.getStats();
-      parentPort?.postMessage(result);
-    } catch (e) {
-      parentPort?.postMessage({
-        success: false,
-        error: e.message,
-        defenseStats: defense?.getStats()
-      });
-    }
-  });
 }