just-bash 2.12.8 → 2.13.0

package/dist/bin/chunks/js-exec-worker.js

@@ -0,0 +1,4368 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/commands/js-exec/worker.ts
+import { stripTypeScriptTypes } from "node:module";
+import { parentPort } from "node:worker_threads";
+import {
+  getQuickJS
+} from "quickjs-emscripten";
+
+// src/security/blocked-globals.ts
+function getBlockedGlobals() {
+  const globals = [
+    // Direct code execution vectors
+    {
+      prop: "Function",
+      target: globalThis,
+      violationType: "function_constructor",
+      strategy: "throw",
+      reason: "Function constructor allows arbitrary code execution"
+    },
+    {
+      prop: "eval",
+      target: globalThis,
+      violationType: "eval",
+      strategy: "throw",
+      reason: "eval() allows arbitrary code execution"
+    },
+    // Timer functions with string argument allow code execution
+    {
+      prop: "setTimeout",
+      target: globalThis,
+      violationType: "setTimeout",
+      strategy: "throw",
+      reason: "setTimeout with string argument allows code execution"
+    },
+    {
+      prop: "setInterval",
+      target: globalThis,
+      violationType: "setInterval",
+      strategy: "throw",
+      reason: "setInterval with string argument allows code execution"
+    },
+    {
+      prop: "setImmediate",
+      target: globalThis,
+      violationType: "setImmediate",
+      strategy: "throw",
+      reason: "setImmediate could be used to escape sandbox context"
+    },
+    // Note: We intentionally do NOT block `process` entirely because:
+    // 1. Node.js internals (Promise resolution, etc.) use process.nextTick
+    // 2. Blocking process entirely breaks normal async operation
+    // 3. The primary code execution vectors (Function, eval) are already blocked
+    // However, we DO block specific dangerous process properties.
+    {
+      prop: "env",
+      target: process,
+      violationType: "process_env",
+      strategy: "throw",
+      reason: "process.env could leak sensitive environment variables",
+      // Node.js internals and bundled dependencies read these env vars
+      // during module loading, file watching, and I/O within the
+      // AsyncLocalStorage context. None are user secrets.
+      allowedKeys: /* @__PURE__ */ new Set([
+        // Node.js core
+        "NODE_V8_COVERAGE",
+        "NODE_DEBUG",
+        "NODE_DEBUG_NATIVE",
+        "NODE_COMPILE_CACHE",
+        "WATCH_REPORT_DEPENDENCIES",
+        // Dependencies
+        "FORCE_COLOR",
+        // chalk/supports-color
+        "DEBUG",
+        // debug package
+        "UNDICI_NO_FG",
+        // undici (Node.js fetch)
+        "JEST_WORKER_ID",
+        // jest/vitest worker detection
+        "__MINIMATCH_TESTING_PLATFORM__",
+        // minimatch
+        "LOG_TOKENS",
+        // query engine debug logging
+        "LOG_STREAM"
+        // query engine debug logging
+      ])
+    },
+    {
+      prop: "binding",
+      target: process,
+      violationType: "process_binding",
+      strategy: "throw",
+      reason: "process.binding provides access to native Node.js modules"
+    },
+    {
+      prop: "_linkedBinding",
+      target: process,
+      violationType: "process_binding",
+      strategy: "throw",
+      reason: "process._linkedBinding provides access to native Node.js modules"
+    },
+    {
+      prop: "dlopen",
+      target: process,
+      violationType: "process_dlopen",
+      strategy: "throw",
+      reason: "process.dlopen allows loading native addons"
+    },
+    {
+      prop: "getBuiltinModule",
+      target: process,
+      violationType: "process_get_builtin_module",
+      strategy: "throw",
+      reason: "process.getBuiltinModule allows loading native Node.js modules (fs, child_process, vm)"
+    },
+    // Note: process.mainModule is handled specially in defense-in-depth-box.ts
+    // and worker-defense-in-depth.ts because it may be undefined in ESM contexts
+    // but we still want to block both reading and setting it.
+    // Process control vectors
+    {
+      prop: "exit",
+      target: process,
+      violationType: "process_exit",
+      strategy: "throw",
+      reason: "process.exit could terminate the interpreter"
+    },
+    {
+      prop: "abort",
+      target: process,
+      violationType: "process_exit",
+      strategy: "throw",
+      reason: "process.abort could crash the interpreter"
+    },
+    {
+      prop: "kill",
+      target: process,
+      violationType: "process_kill",
+      strategy: "throw",
+      reason: "process.kill could signal other processes"
+    },
+    // Privilege escalation vectors
+    {
+      prop: "setuid",
+      target: process,
+      violationType: "process_setuid",
+      strategy: "throw",
+      reason: "process.setuid could escalate privileges"
+    },
+    {
+      prop: "setgid",
+      target: process,
+      violationType: "process_setuid",
+      strategy: "throw",
+      reason: "process.setgid could escalate privileges"
+    },
+    {
+      prop: "seteuid",
+      target: process,
+      violationType: "process_setuid",
+      strategy: "throw",
+      reason: "process.seteuid could escalate effective user privileges"
+    },
+    {
+      prop: "setegid",
+      target: process,
+      violationType: "process_setuid",
+      strategy: "throw",
+      reason: "process.setegid could escalate effective group privileges"
+    },
+    {
+      prop: "initgroups",
+      target: process,
+      violationType: "process_setuid",
+      strategy: "throw",
+      reason: "process.initgroups could modify supplementary group IDs"
+    },
+    {
+      prop: "setgroups",
+      target: process,
+      violationType: "process_setuid",
+      strategy: "throw",
+      reason: "process.setgroups could modify supplementary group IDs"
+    },
+    // File permission manipulation
+    {
+      prop: "umask",
+      target: process,
+      violationType: "process_umask",
+      strategy: "throw",
+      reason: "process.umask could modify file creation permissions"
+    },
+    // Information disclosure vectors
+    // Note: process.argv is an array (object) so gets an object proxy
+    {
+      prop: "argv",
+      target: process,
+      violationType: "process_argv",
+      strategy: "throw",
+      reason: "process.argv may contain secrets in CLI arguments"
+    },
+    // Note: process.execPath is a string primitive, handled specially
+    // in defense-in-depth-box.ts and worker-defense-in-depth.ts
+    // Note: process.connected is a boolean primitive, handled specially
+    // in defense-in-depth-box.ts and worker-defense-in-depth.ts
+    // Working directory access/manipulation
+    {
+      prop: "cwd",
+      target: process,
+      violationType: "process_chdir",
+      strategy: "throw",
+      reason: "process.cwd could disclose real host working directory path"
+    },
+    {
+      prop: "chdir",
+      target: process,
+      violationType: "process_chdir",
+      strategy: "throw",
+      reason: "process.chdir could confuse the interpreter's CWD tracking"
+    },
+    // Diagnostic report (leaks full environment, host paths, system info)
+    {
+      prop: "report",
+      target: process,
+      violationType: "process_report",
+      strategy: "throw",
+      reason: "process.report could disclose full environment, host paths, and system info"
+    },
+    // Environment file loading (Node 21.7+)
+    {
+      prop: "loadEnvFile",
+      target: process,
+      violationType: "process_env",
+      strategy: "throw",
+      reason: "process.loadEnvFile could load env files bypassing env proxy"
+    },
+    // Exception handler manipulation
+    {
+      prop: "setUncaughtExceptionCaptureCallback",
+      target: process,
+      violationType: "process_exception_handler",
+      strategy: "throw",
+      reason: "setUncaughtExceptionCaptureCallback could intercept security errors"
+    },
+    // IPC communication vectors (may be undefined in non-IPC contexts)
+    {
+      prop: "send",
+      target: process,
+      violationType: "process_send",
+      strategy: "throw",
+      reason: "process.send could communicate with parent process in IPC contexts"
+    },
+    {
+      prop: "channel",
+      target: process,
+      violationType: "process_channel",
+      strategy: "throw",
+      reason: "process.channel could access IPC channel to parent process"
+    },
+    // Timing side-channel vectors
+    {
+      prop: "cpuUsage",
+      target: process,
+      violationType: "process_timing",
+      strategy: "throw",
+      reason: "process.cpuUsage could enable timing side-channel attacks"
+    },
+    {
+      prop: "memoryUsage",
+      target: process,
+      violationType: "process_timing",
+      strategy: "throw",
+      reason: "process.memoryUsage could enable timing side-channel attacks"
+    },
+    {
+      prop: "hrtime",
+      target: process,
+      violationType: "process_timing",
+      strategy: "throw",
+      reason: "process.hrtime could enable timing side-channel attacks"
+    },
+    // We also don't block `require` because:
+    // 1. It may not exist in all environments (ESM)
+    // 2. import() is the modern escape vector and can't be blocked this way
+    // Reference leak vectors
+    {
+      prop: "WeakRef",
+      target: globalThis,
+      violationType: "weak_ref",
+      strategy: "throw",
+      reason: "WeakRef could be used to leak references outside sandbox"
+    },
+    {
+      prop: "FinalizationRegistry",
+      target: globalThis,
+      violationType: "finalization_registry",
+      strategy: "throw",
+      reason: "FinalizationRegistry could be used to leak references outside sandbox"
+    },
+    // Introspection/interception vectors (freeze instead of throw)
+    // SECURITY RATIONALE: Reflect is frozen (not blocked) because:
+    // 1. Defense infrastructure uses Reflect.apply/get/set/construct internally
+    // 2. Frozen Reflect cannot be mutated but remains fully functional
+    // 3. Reflect.construct(Function, ['code']) IS safe because globalThis.Function
+    //    is replaced with a blocking proxy — Reflect.construct receives the proxy
+    // 4. Security depends on NEVER leaking original Function/eval references.
+    //    If an unpatched Function ref leaked, Reflect.construct would bypass defense.
+    {
+      prop: "Reflect",
+      target: globalThis,
+      violationType: "reflect",
+      strategy: "freeze",
+      reason: "Reflect provides introspection capabilities"
+    },
+    {
+      prop: "Proxy",
+      target: globalThis,
+      violationType: "proxy",
+      strategy: "throw",
+      reason: "Proxy allows intercepting and modifying object behavior"
+    },
+    // WebAssembly allows arbitrary code execution
+    {
+      prop: "WebAssembly",
+      target: globalThis,
+      violationType: "webassembly",
+      strategy: "throw",
+      reason: "WebAssembly allows executing arbitrary compiled code"
+    },
+    // SharedArrayBuffer and Atomics can enable side-channel attacks
+    {
+      prop: "SharedArrayBuffer",
+      target: globalThis,
+      violationType: "shared_array_buffer",
+      strategy: "throw",
+      reason: "SharedArrayBuffer could enable side-channel communication or timing attacks"
+    },
+    {
+      prop: "Atomics",
+      target: globalThis,
+      violationType: "atomics",
+      strategy: "throw",
+      reason: "Atomics could enable side-channel communication or timing attacks"
+    },
+    // Note: Error.prepareStackTrace is handled specially in defense-in-depth-box.ts
+    // because we only want to block SETTING it, not reading (V8 reads it internally)
+    // Timing side-channel: performance.now() provides sub-millisecond resolution
+    // Note: Date.now() is intentionally NOT blocked — it's used for $SECONDS,
+    // date command, and has only ~1ms resolution (vs process.hrtime at ns).
+    {
+      prop: "performance",
+      target: globalThis,
+      violationType: "performance_timing",
+      strategy: "throw",
+      reason: "performance.now() provides sub-millisecond timing for side-channel attacks"
+    },
+    // Block direct access to process.stdout and process.stderr to prevent
+    // writing to the host's actual stdout/stderr, bypassing the interpreter's
+    // output accumulation.
+    {
+      prop: "stdout",
+      target: process,
+      violationType: "process_stdout",
+      strategy: "throw",
+      reason: "process.stdout could bypass interpreter output to write to host stdout"
+    },
+    {
+      prop: "stderr",
+      target: process,
+      violationType: "process_stderr",
+      strategy: "throw",
+      reason: "process.stderr could bypass interpreter output to write to host stderr"
+    },
+    // Prototype pollution vectors
+    {
+      prop: "__defineGetter__",
+      target: Object.prototype,
+      violationType: "prototype_mutation",
+      strategy: "throw",
+      reason: "__defineGetter__ allows prototype pollution via getter injection"
+    },
+    {
+      prop: "__defineSetter__",
+      target: Object.prototype,
+      violationType: "prototype_mutation",
+      strategy: "throw",
+      reason: "__defineSetter__ allows prototype pollution via setter injection"
+    },
+    {
+      prop: "__lookupGetter__",
+      target: Object.prototype,
+      violationType: "prototype_mutation",
+      strategy: "throw",
+      reason: "__lookupGetter__ enables introspection for prototype pollution attacks"
+    },
+    {
+      prop: "__lookupSetter__",
+      target: Object.prototype,
+      violationType: "prototype_mutation",
+      strategy: "throw",
+      reason: "__lookupSetter__ enables introspection for prototype pollution attacks"
+    },
+    // Freeze JSON and Math to prevent mutation of built-in utility objects
+    {
+      prop: "JSON",
+      target: globalThis,
+      violationType: "json_mutation",
+      strategy: "freeze",
+      reason: "Freeze JSON to prevent mutation of parsing/serialization"
+    },
+    {
+      prop: "Math",
+      target: globalThis,
+      violationType: "math_mutation",
+      strategy: "freeze",
+      reason: "Freeze Math to prevent mutation of math utilities"
+    }
+  ];
+  try {
+    const AsyncFunction = Object.getPrototypeOf(async () => {
+    }).constructor;
+    if (AsyncFunction && AsyncFunction !== Function) {
+      globals.push({
+        prop: "constructor",
+        target: Object.getPrototypeOf(async () => {
+        }),
+        violationType: "async_function_constructor",
+        strategy: "throw",
+        reason: "AsyncFunction constructor allows arbitrary async code execution"
+      });
+    }
+  } catch {
+  }
+  try {
+    const GeneratorFunction = Object.getPrototypeOf(
+      function* () {
+      }
+    ).constructor;
+    if (GeneratorFunction && GeneratorFunction !== Function) {
+      globals.push({
+        prop: "constructor",
+        target: Object.getPrototypeOf(function* () {
+        }),
+        violationType: "generator_function_constructor",
+        strategy: "throw",
+        reason: "GeneratorFunction constructor allows arbitrary generator code execution"
+      });
+    }
+  } catch {
+  }
+  try {
+    const AsyncGeneratorFunction = Object.getPrototypeOf(
+      async function* () {
+      }
+    ).constructor;
+    if (AsyncGeneratorFunction && AsyncGeneratorFunction !== Function && AsyncGeneratorFunction !== Object.getPrototypeOf(async () => {
+    }).constructor) {
+      globals.push({
+        prop: "constructor",
+        target: Object.getPrototypeOf(async function* () {
+        }),
+        violationType: "async_generator_function_constructor",
+        strategy: "throw",
+        reason: "AsyncGeneratorFunction constructor allows arbitrary async generator code execution"
+      });
+    }
+  } catch {
+  }
+  return globals.filter((g) => {
+    try {
+      return g.target[g.prop] !== void 0;
+    } catch {
+      return false;
+    }
+  });
+}
+
+// src/security/defense-in-depth-box.ts
+var IS_BROWSER = typeof __BROWSER__ !== "undefined" && __BROWSER__;
+var AsyncLocalStorageClass = null;
+if (!IS_BROWSER) {
+  try {
+    const { AsyncLocalStorage } = __require("node:async_hooks");
+    AsyncLocalStorageClass = AsyncLocalStorage;
+  } catch {
+  }
+}
+var executionContext = !IS_BROWSER && AsyncLocalStorageClass ? new AsyncLocalStorageClass() : null;
+
+// src/security/worker-defense-in-depth.ts
+var DEFENSE_IN_DEPTH_NOTICE = "\n\nThis is a defense-in-depth measure and indicates a bug in just-bash. Please report this at security@vercel.com";
+var WorkerSecurityViolationError = class extends Error {
+  constructor(message, violation) {
+    super(message + DEFENSE_IN_DEPTH_NOTICE);
+    this.violation = violation;
+    this.name = "WorkerSecurityViolationError";
+  }
+};
+var MAX_STORED_VIOLATIONS = 1e3;
+function generateExecutionId() {
+  if (typeof crypto !== "undefined" && crypto.randomUUID) {
+    return crypto.randomUUID();
+  }
+  return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
+    const r = Math.random() * 16 | 0;
+    const v = c === "x" ? r : r & 3 | 8;
+    return v.toString(16);
+  });
+}
+var WorkerDefenseInDepth = class {
+  config;
+  isActivated = false;
+  originalDescriptors = [];
+  violations = [];
+  executionId;
+  /**
+   * Original Proxy constructor, captured before patching.
+   * This is captured at instance creation time to ensure we get the unpatched version.
+   */
+  originalProxy;
+  /**
+   * Recursion guard to prevent infinite loops when proxy traps trigger
+   * code that accesses the same proxied object (e.g., process.env).
+   */
+  inTrap = false;
+  /**
+   * Create and activate the worker defense layer.
+   *
+   * @param config - Configuration for the defense layer
+   */
+  constructor(config) {
+    this.originalProxy = Proxy;
+    this.config = config;
+    this.executionId = generateExecutionId();
+    if (config.enabled !== false) {
+      this.activate();
+    }
+  }
+  /**
+   * Get statistics about the defense layer.
+   */
+  getStats() {
+    return {
+      violationsBlocked: this.violations.length,
+      violations: [...this.violations],
+      isActive: this.isActivated
+    };
+  }
+  /**
+   * Clear stored violations. Useful for testing.
+   */
+  clearViolations() {
+    this.violations = [];
+  }
+  /**
+   * Get the execution ID for this worker.
+   */
+  getExecutionId() {
+    return this.executionId;
+  }
+  /**
+   * Deactivate the defense layer and restore original globals.
+   * Typically only needed for testing.
+   */
+  deactivate() {
+    if (!this.isActivated) {
+      return;
+    }
+    this.restorePatches();
+    this.isActivated = false;
+  }
+  /**
+   * Activate the defense layer by applying patches.
+   */
+  activate() {
+    if (this.isActivated) {
+      return;
+    }
+    this.applyPatches();
+    this.isActivated = true;
+  }
+  /**
+   * Get a human-readable path for a target object and property.
+   */
+  getPathForTarget(target, prop) {
+    if (target === globalThis) {
+      return `globalThis.${prop}`;
+    }
+    if (typeof process !== "undefined" && target === process) {
+      return `process.${prop}`;
+    }
+    if (target === Error) {
+      return `Error.${prop}`;
+    }
+    if (target === Function.prototype) {
+      return `Function.prototype.${prop}`;
+    }
+    if (target === Object.prototype) {
+      return `Object.prototype.${prop}`;
+    }
+    return `<object>.${prop}`;
+  }
+  /**
+   * Record a violation and invoke the callback.
+   * In worker context, blocking always happens (no audit mode context check).
+   */
+  recordViolation(type, path, message) {
+    const violation = {
+      timestamp: Date.now(),
+      type,
+      message,
+      path,
+      stack: new Error().stack,
+      executionId: this.executionId
+    };
+    if (this.violations.length < MAX_STORED_VIOLATIONS) {
+      this.violations.push(violation);
+    }
+    if (this.config.onViolation) {
+      try {
+        this.config.onViolation(violation);
+      } catch (e) {
+        console.debug(
+          "[WorkerDefenseInDepth] onViolation callback threw:",
+          e instanceof Error ? e.message : e
+        );
+      }
+    }
+    return violation;
+  }
+  /**
+   * Create a blocking proxy for a function.
+   * In worker context, always blocks (no context check needed).
+   */
+  createBlockingProxy(original, path, violationType) {
+    const self = this;
+    const auditMode = this.config.auditMode;
+    return new this.originalProxy(original, {
+      apply(target, thisArg, args) {
+        const message = `${path} is blocked in worker context`;
+        const violation = self.recordViolation(violationType, path, message);
+        if (!auditMode) {
+          throw new WorkerSecurityViolationError(message, violation);
+        }
+        return Reflect.apply(target, thisArg, args);
+      },
+      construct(target, args, newTarget) {
+        const message = `${path} constructor is blocked in worker context`;
+        const violation = self.recordViolation(violationType, path, message);
+        if (!auditMode) {
+          throw new WorkerSecurityViolationError(message, violation);
+        }
+        return Reflect.construct(target, args, newTarget);
+      }
+    });
+  }
+  /**
+   * Create a blocking proxy for an object (blocks all property access).
+   */
+  createBlockingObjectProxy(original, path, violationType, allowedKeys) {
+    const self = this;
+    const auditMode = this.config.auditMode;
+    return new this.originalProxy(original, {
+      get(target, prop, receiver) {
+        if (self.inTrap) {
+          return Reflect.get(target, prop, receiver);
+        }
+        if (allowedKeys && typeof prop === "string" && allowedKeys.has(prop)) {
+          return Reflect.get(target, prop, receiver);
+        }
+        self.inTrap = true;
+        try {
+          const fullPath = `${path}.${String(prop)}`;
+          const message = `${fullPath} is blocked in worker context`;
+          const violation = self.recordViolation(
+            violationType,
+            fullPath,
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return Reflect.get(target, prop, receiver);
+        } finally {
+          self.inTrap = false;
+        }
+      },
+      set(target, prop, value, receiver) {
+        if (self.inTrap) {
+          return Reflect.set(target, prop, value, receiver);
+        }
+        self.inTrap = true;
+        try {
+          const fullPath = `${path}.${String(prop)}`;
+          const message = `${fullPath} modification is blocked in worker context`;
+          const violation = self.recordViolation(
+            violationType,
+            fullPath,
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return Reflect.set(target, prop, value, receiver);
+        } finally {
+          self.inTrap = false;
+        }
+      },
+      ownKeys(target) {
+        if (self.inTrap) {
+          return Reflect.ownKeys(target);
+        }
+        self.inTrap = true;
+        try {
+          const message = `${path} enumeration is blocked in worker context`;
+          const violation = self.recordViolation(violationType, path, message);
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return Reflect.ownKeys(target);
+        } finally {
+          self.inTrap = false;
+        }
+      },
+      getOwnPropertyDescriptor(target, prop) {
+        if (self.inTrap) {
+          return Reflect.getOwnPropertyDescriptor(target, prop);
+        }
+        self.inTrap = true;
+        try {
+          const fullPath = `${path}.${String(prop)}`;
+          const message = `${fullPath} descriptor access is blocked in worker context`;
+          const violation = self.recordViolation(
+            violationType,
+            fullPath,
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return Reflect.getOwnPropertyDescriptor(target, prop);
+        } finally {
+          self.inTrap = false;
+        }
+      },
+      has(target, prop) {
+        if (self.inTrap) {
+          return Reflect.has(target, prop);
+        }
+        self.inTrap = true;
+        try {
+          const fullPath = `${path}.${String(prop)}`;
+          const message = `${fullPath} existence check is blocked in worker context`;
+          const violation = self.recordViolation(
+            violationType,
+            fullPath,
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return Reflect.has(target, prop);
+        } finally {
+          self.inTrap = false;
+        }
+      },
+      deleteProperty(target, prop) {
+        if (self.inTrap) {
+          return Reflect.deleteProperty(target, prop);
+        }
+        self.inTrap = true;
+        try {
+          const fullPath = `${path}.${String(prop)}`;
+          const message = `${fullPath} deletion is blocked in worker context`;
+          const violation = self.recordViolation(
+            violationType,
+            fullPath,
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return Reflect.deleteProperty(target, prop);
+        } finally {
+          self.inTrap = false;
+        }
+      },
+      setPrototypeOf(target, proto) {
+        if (self.inTrap) {
+          return Reflect.setPrototypeOf(target, proto);
+        }
+        self.inTrap = true;
+        try {
+          const message = `${path} setPrototypeOf is blocked in worker context`;
+          const violation = self.recordViolation(violationType, path, message);
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return Reflect.setPrototypeOf(target, proto);
+        } finally {
+          self.inTrap = false;
+        }
+      },
+      defineProperty(target, prop, descriptor) {
+        if (self.inTrap) {
+          return Reflect.defineProperty(target, prop, descriptor);
+        }
+        self.inTrap = true;
+        try {
+          const fullPath = `${path}.${String(prop)}`;
+          const message = `${fullPath} defineProperty is blocked in worker context`;
+          const violation = self.recordViolation(
+            violationType,
+            fullPath,
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return Reflect.defineProperty(target, prop, descriptor);
+        } finally {
+          self.inTrap = false;
+        }
+      }
+    });
+  }
+  /**
+   * Apply security patches to dangerous globals.
+   */
+  applyPatches() {
+    const blockedGlobals = getBlockedGlobals();
+    const excludeTypes = new Set(this.config.excludeViolationTypes ?? []);
+    for (const blocked of blockedGlobals) {
+      if (excludeTypes.has(blocked.violationType)) {
+        continue;
+      }
+      this.applyPatch(blocked);
+    }
+    if (!excludeTypes.has("function_constructor")) {
+      this.protectConstructorChain(excludeTypes);
+    }
+    if (!excludeTypes.has("error_prepare_stack_trace")) {
+      this.protectErrorPrepareStackTrace();
+    }
+    if (!excludeTypes.has("module_load")) {
+      this.protectModuleLoad();
+    }
+    if (!excludeTypes.has("module_resolve_filename")) {
+      this.protectModuleResolveFilename();
+    }
+    if (!excludeTypes.has("process_main_module")) {
+      this.protectProcessMainModule();
+    }
+    if (!excludeTypes.has("process_exec_path")) {
+      this.protectProcessExecPath();
+    }
+    if (!excludeTypes.has("process_connected")) {
+      this.protectProcessConnected();
+    }
+    this.lockWellKnownSymbols();
+    if (!excludeTypes.has("proxy")) {
+      this.protectProxyRevocable();
+    }
+  }
+  /**
+   * Lock well-known Symbol properties on built-in constructors/prototypes.
+   */
+  lockWellKnownSymbols() {
+    const lock = (obj, sym) => {
+      try {
+        const desc = Object.getOwnPropertyDescriptor(obj, sym);
+        if (desc?.configurable) {
+          if ("value" in desc) {
+            Object.defineProperty(obj, sym, {
+              ...desc,
+              configurable: false,
+              writable: false
+            });
+            return;
+          }
+          Object.defineProperty(obj, sym, { ...desc, configurable: false });
+        }
+      } catch {
+      }
+    };
+    for (const ctor of [Array, Map, Set, RegExp, Promise]) {
+      lock(ctor, Symbol.species);
+    }
+    for (const proto of [
+      Array.prototype,
+      String.prototype,
+      Map.prototype,
+      Set.prototype
+    ]) {
+      lock(proto, Symbol.iterator);
+    }
+    lock(Symbol.prototype, Symbol.toPrimitive);
+    lock(Date.prototype, Symbol.toPrimitive);
+    for (const sym of [
+      Symbol.match,
+      Symbol.matchAll,
+      Symbol.replace,
+      Symbol.search,
+      Symbol.split
+    ]) {
+      lock(RegExp.prototype, sym);
+    }
+    lock(Function.prototype, Symbol.hasInstance);
+    lock(Array.prototype, Symbol.unscopables);
+    for (const proto of [
+      Map.prototype,
+      Set.prototype,
+      Promise.prototype,
+      ArrayBuffer.prototype
+    ]) {
+      lock(proto, Symbol.toStringTag);
+    }
+    try {
+      const stackDesc = Object.getOwnPropertyDescriptor(
+        Error,
+        "stackTraceLimit"
+      );
+      this.originalDescriptors.push({
+        target: Error,
+        prop: "stackTraceLimit",
+        descriptor: stackDesc
+      });
+      Object.defineProperty(Error, "stackTraceLimit", {
+        value: Error.stackTraceLimit,
+        writable: false,
+        configurable: true
+      });
+    } catch {
+    }
+  }
+  /**
+   * Block Proxy.revocable to prevent bypassing Proxy constructor blocking.
+   *
+   * Proxy.revocable internally uses the real Proxy constructor, so it bypasses
+   * our blocking proxy on globalThis.Proxy. We replace it with a wrapper that
+   * always blocks in worker context.
+   */
+  protectProxyRevocable() {
+    const self = this;
+    const auditMode = this.config.auditMode;
+    try {
+      const originalRevocable = this.originalProxy.revocable;
+      if (typeof originalRevocable !== "function") return;
+      const descriptor = Object.getOwnPropertyDescriptor(
+        this.originalProxy,
+        "revocable"
+      );
+      this.originalDescriptors.push({
+        target: this.originalProxy,
+        prop: "revocable",
+        descriptor
+      });
+      Object.defineProperty(this.originalProxy, "revocable", {
+        value: function revocable(_target, _handler) {
+          const message = "Proxy.revocable is blocked in worker context";
+          const violation = self.recordViolation(
+            "proxy",
+            "Proxy.revocable",
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return originalRevocable(_target, _handler);
+        },
+        writable: false,
+        configurable: true
+        // Must be configurable for restoration
+      });
+    } catch {
+    }
+  }
+  /**
+   * Protect against .constructor.constructor escape vector.
+   * @param excludeTypes - Set of violation types to skip
+   */
+  protectConstructorChain(excludeTypes) {
+    let AsyncFunction = null;
+    let GeneratorFunction = null;
+    let AsyncGeneratorFunction = null;
+    try {
+      AsyncFunction = Object.getPrototypeOf(async () => {
+      }).constructor;
+    } catch {
+    }
+    try {
+      GeneratorFunction = Object.getPrototypeOf(function* () {
+      }).constructor;
+    } catch {
+    }
+    try {
+      AsyncGeneratorFunction = Object.getPrototypeOf(
+        async function* () {
+        }
+      ).constructor;
+    } catch {
+    }
+    this.patchPrototypeConstructor(
+      Function.prototype,
+      "Function.prototype.constructor",
+      "function_constructor"
+    );
+    if (!excludeTypes.has("async_function_constructor") && AsyncFunction && AsyncFunction !== Function) {
+      this.patchPrototypeConstructor(
+        AsyncFunction.prototype,
+        "AsyncFunction.prototype.constructor",
+        "async_function_constructor"
+      );
+    }
+    if (!excludeTypes.has("generator_function_constructor") && GeneratorFunction && GeneratorFunction !== Function) {
+      this.patchPrototypeConstructor(
+        GeneratorFunction.prototype,
+        "GeneratorFunction.prototype.constructor",
+        "generator_function_constructor"
+      );
+    }
+    if (!excludeTypes.has("async_generator_function_constructor") && AsyncGeneratorFunction && AsyncGeneratorFunction !== Function && AsyncGeneratorFunction !== AsyncFunction) {
+      this.patchPrototypeConstructor(
+        AsyncGeneratorFunction.prototype,
+        "AsyncGeneratorFunction.prototype.constructor",
+        "async_generator_function_constructor"
+      );
+    }
+  }
+  /**
+   * Protect Error.prepareStackTrace from being set.
+   */
+  protectErrorPrepareStackTrace() {
+    const self = this;
+    const auditMode = this.config.auditMode;
+    try {
+      const originalDescriptor = Object.getOwnPropertyDescriptor(
+        Error,
+        "prepareStackTrace"
+      );
+      this.originalDescriptors.push({
+        target: Error,
+        prop: "prepareStackTrace",
+        descriptor: originalDescriptor
+      });
+      let currentValue = originalDescriptor?.value;
+      Object.defineProperty(Error, "prepareStackTrace", {
+        get() {
+          return currentValue;
+        },
+        set(value) {
+          const message = "Error.prepareStackTrace modification is blocked in worker context";
+          const violation = self.recordViolation(
+            "error_prepare_stack_trace",
+            "Error.prepareStackTrace",
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          currentValue = value;
+        },
+        configurable: true
+      });
+    } catch {
+    }
+  }
+  /**
+   * Patch a prototype's constructor property.
+   *
+   * Returns a proxy that allows reading properties (like .name) but blocks
+   * calling the constructor as a function (which would allow code execution).
+   */
+  patchPrototypeConstructor(prototype, path, violationType) {
+    const self = this;
+    const auditMode = this.config.auditMode;
+    try {
+      const originalDescriptor = Object.getOwnPropertyDescriptor(
+        prototype,
+        "constructor"
+      );
+      this.originalDescriptors.push({
+        target: prototype,
+        prop: "constructor",
+        descriptor: originalDescriptor
+      });
+      const originalValue = originalDescriptor?.value;
+      const constructorProxy = originalValue && typeof originalValue === "function" ? new this.originalProxy(originalValue, {
+        apply(_target, _thisArg, _args) {
+          const message = `${path} invocation is blocked in worker context`;
+          const violation = self.recordViolation(
+            violationType,
+            path,
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return void 0;
+        },
+        construct(_target, _args, _newTarget) {
+          const message = `${path} construction is blocked in worker context`;
+          const violation = self.recordViolation(
+            violationType,
+            path,
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return {};
+        },
+        // Allow all property access (like .name, .prototype, etc.)
+        get(target, prop, receiver) {
+          return Reflect.get(target, prop, receiver);
+        },
+        getPrototypeOf(target) {
+          return Reflect.getPrototypeOf(target);
+        },
+        has(target, prop) {
+          return Reflect.has(target, prop);
+        },
+        ownKeys(target) {
+          return Reflect.ownKeys(target);
+        },
+        getOwnPropertyDescriptor(target, prop) {
+          return Reflect.getOwnPropertyDescriptor(target, prop);
+        }
+      }) : originalValue;
+      Object.defineProperty(prototype, "constructor", {
+        get() {
+          return constructorProxy;
+        },
+        set(value) {
+          const message = `${path} modification is blocked in worker context`;
+          const violation = self.recordViolation(violationType, path, message);
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          Object.defineProperty(this, "constructor", {
+            value,
+            writable: true,
+            configurable: true
+          });
+        },
+        configurable: true
+      });
+    } catch {
+    }
+  }
+  /**
+   * Protect process.mainModule from being accessed or set.
+   *
+   * The attack vector is:
+   * ```
+   * process.mainModule.require('child_process').execSync('whoami')
+   * process.mainModule.constructor._load('vm')
+   * ```
+   *
+   * process.mainModule may be undefined in ESM contexts but could exist in
+   * CommonJS workers. We block both reading and setting.
+   */
+  protectProcessMainModule() {
+    if (typeof process === "undefined") return;
+    const self = this;
+    const auditMode = this.config.auditMode;
+    try {
+      const originalDescriptor = Object.getOwnPropertyDescriptor(
+        process,
+        "mainModule"
+      );
+      this.originalDescriptors.push({
+        target: process,
+        prop: "mainModule",
+        descriptor: originalDescriptor
+      });
+      const currentValue = originalDescriptor?.value;
+      if (currentValue !== void 0) {
+        Object.defineProperty(process, "mainModule", {
+          get() {
+            const message = "process.mainModule access is blocked in worker context";
+            const violation = self.recordViolation(
+              "process_main_module",
+              "process.mainModule",
+              message
+            );
+            if (!auditMode) {
+              throw new WorkerSecurityViolationError(message, violation);
+            }
+            return currentValue;
+          },
+          set(value) {
+            const message = "process.mainModule modification is blocked in worker context";
+            const violation = self.recordViolation(
+              "process_main_module",
+              "process.mainModule",
+              message
+            );
+            if (!auditMode) {
+              throw new WorkerSecurityViolationError(message, violation);
+            }
+            Object.defineProperty(process, "mainModule", {
+              value,
+              writable: true,
+              configurable: true
+            });
+          },
+          configurable: true
+        });
+      }
+    } catch {
+    }
+  }
+  /**
+   * Protect process.execPath from being read or set in worker context.
+   *
+   * process.execPath is a string primitive (not an object), so it cannot be
+   * proxied via the normal blocked globals mechanism. We use Object.defineProperty
+   * with getter/setter (same pattern as protectProcessMainModule).
+   */
+  protectProcessExecPath() {
+    if (typeof process === "undefined") return;
+    const self = this;
+    const auditMode = this.config.auditMode;
+    try {
+      const originalDescriptor = Object.getOwnPropertyDescriptor(
+        process,
+        "execPath"
+      );
+      this.originalDescriptors.push({
+        target: process,
+        prop: "execPath",
+        descriptor: originalDescriptor
+      });
+      const currentValue = originalDescriptor?.value ?? process.execPath;
+      Object.defineProperty(process, "execPath", {
+        get() {
+          const message = "process.execPath access is blocked in worker context";
+          const violation = self.recordViolation(
+            "process_exec_path",
+            "process.execPath",
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return currentValue;
+        },
+        set(value) {
+          const message = "process.execPath modification is blocked in worker context";
+          const violation = self.recordViolation(
+            "process_exec_path",
+            "process.execPath",
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          Object.defineProperty(process, "execPath", {
+            value,
+            writable: true,
+            configurable: true
+          });
+        },
+        configurable: true
+      });
+    } catch {
+    }
+  }
+  /**
+   * Protect process.connected from being read or set in worker context.
+   *
+   * process.connected is a boolean primitive (not an object), so it cannot be
+   * proxied via the normal blocked globals mechanism. We use Object.defineProperty
+   * with getter/setter (same pattern as protectProcessExecPath).
+   *
+   * Only protects if process.connected exists (IPC contexts).
+   */
+  protectProcessConnected() {
+    if (typeof process === "undefined") return;
+    if (process.connected === void 0) return;
+    const self = this;
+    const auditMode = this.config.auditMode;
+    try {
+      const originalDescriptor = Object.getOwnPropertyDescriptor(
+        process,
+        "connected"
+      );
+      this.originalDescriptors.push({
+        target: process,
+        prop: "connected",
+        descriptor: originalDescriptor
+      });
+      const currentValue = originalDescriptor?.value ?? process.connected;
+      Object.defineProperty(process, "connected", {
+        get() {
+          const message = "process.connected access is blocked in worker context";
+          const violation = self.recordViolation(
+            "process_connected",
+            "process.connected",
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return currentValue;
+        },
+        set(value) {
+          const message = "process.connected modification is blocked in worker context";
+          const violation = self.recordViolation(
+            "process_connected",
+            "process.connected",
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          Object.defineProperty(process, "connected", {
+            value,
+            writable: true,
+            configurable: true
+          });
+        },
+        configurable: true
+      });
+    } catch {
+    }
+  }
+  /**
+   * Protect Module._load from being called.
+   *
+   * The attack vector is:
+   * ```
+   * module.constructor._load('child_process')
+   * require.main.constructor._load('vm')
+   * ```
+   *
+   * We access the Module class and replace _load with a blocking proxy.
+   */
+  protectModuleLoad() {
+    const self = this;
+    const auditMode = this.config.auditMode;
+    try {
+      let ModuleClass = null;
+      if (typeof process !== "undefined") {
+        const mainModule = process.mainModule;
+        if (mainModule && typeof mainModule === "object") {
+          ModuleClass = mainModule.constructor;
+        }
+      }
+      if (!ModuleClass && typeof __require !== "undefined" && typeof __require.main !== "undefined") {
+        ModuleClass = __require.main.constructor;
+      }
+      if (!ModuleClass || typeof ModuleClass._load !== "function") {
+        return;
+      }
+      const original = ModuleClass._load;
+      const descriptor = Object.getOwnPropertyDescriptor(ModuleClass, "_load");
+      this.originalDescriptors.push({
+        target: ModuleClass,
+        prop: "_load",
+        descriptor
+      });
+      const path = "Module._load";
+      const proxy = new this.originalProxy(original, {
+        apply(_target, _thisArg, _args) {
+          const message = `${path} is blocked in worker context`;
+          const violation = self.recordViolation("module_load", path, message);
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return Reflect.apply(_target, _thisArg, _args);
+        }
+      });
+      Object.defineProperty(ModuleClass, "_load", {
+        value: proxy,
+        writable: true,
+        configurable: true
+      });
+    } catch {
+    }
+  }
+  /**
+   * Protect Module._resolveFilename from being called in worker context.
+   *
+   * Module._resolveFilename is called for both require() and import() resolution.
+   * Blocking it catches file-based import() specifiers.
+   *
+   * data: and blob: URLs are handled by ESM loader hooks registered
+   * in the main thread (DefenseInDepthBox.protectDynamicImport).
+   */
+  protectModuleResolveFilename() {
+    const self = this;
+    const auditMode = this.config.auditMode;
+    try {
+      let ModuleClass = null;
+      if (typeof process !== "undefined") {
+        const mainModule = process.mainModule;
+        if (mainModule && typeof mainModule === "object") {
+          ModuleClass = mainModule.constructor;
+        }
+      }
+      if (!ModuleClass && typeof __require !== "undefined" && typeof __require.main !== "undefined") {
+        ModuleClass = __require.main.constructor;
+      }
+      if (!ModuleClass || typeof ModuleClass._resolveFilename !== "function") {
+        return;
+      }
+      const original = ModuleClass._resolveFilename;
+      const descriptor = Object.getOwnPropertyDescriptor(
+        ModuleClass,
+        "_resolveFilename"
+      );
+      this.originalDescriptors.push({
+        target: ModuleClass,
+        prop: "_resolveFilename",
+        descriptor
+      });
+      const path = "Module._resolveFilename";
+      const proxy = new this.originalProxy(original, {
+        apply(_target, _thisArg, _args) {
+          const message = `${path} is blocked in worker context`;
+          const violation = self.recordViolation(
+            "module_resolve_filename",
+            path,
+            message
+          );
+          if (!auditMode) {
+            throw new WorkerSecurityViolationError(message, violation);
+          }
+          return Reflect.apply(_target, _thisArg, _args);
+        }
+      });
+      Object.defineProperty(ModuleClass, "_resolveFilename", {
+        value: proxy,
+        writable: true,
+        configurable: true
+      });
+    } catch {
+    }
+  }
+  /**
+   * Apply a single patch to a blocked global.
+   */
+  applyPatch(blocked) {
+    const { target, prop, violationType, strategy } = blocked;
+    try {
+      const original = target[prop];
+      if (original === void 0) {
+        return;
+      }
+      const descriptor = Object.getOwnPropertyDescriptor(target, prop);
+      this.originalDescriptors.push({ target, prop, descriptor });
+      if (strategy === "freeze") {
+        if (typeof original === "object" && original !== null) {
+          Object.freeze(original);
+        }
+      } else {
+        const path = this.getPathForTarget(target, prop);
+        const proxy = typeof original === "function" ? this.createBlockingProxy(
+          original,
+          path,
+          violationType
+        ) : this.createBlockingObjectProxy(
+          original,
+          path,
+          violationType,
+          blocked.allowedKeys
+        );
+        Object.defineProperty(target, prop, {
+          value: proxy,
+          writable: true,
+          configurable: true
+        });
+      }
+    } catch {
+    }
+  }
+  /**
+   * Restore all original values.
+   */
+  restorePatches() {
+    for (let i = this.originalDescriptors.length - 1; i >= 0; i--) {
+      const { target, prop, descriptor } = this.originalDescriptors[i];
+      try {
+        if (descriptor) {
+          Object.defineProperty(target, prop, descriptor);
+        } else {
+          delete target[prop];
+        }
+      } catch {
+      }
+    }
+    this.originalDescriptors = [];
+  }
+};
+
+// src/security/trusted-globals.ts
+var _SharedArrayBuffer = globalThis.SharedArrayBuffer;
+var _Atomics = globalThis.Atomics;
+var _performanceNow = performance.now.bind(performance);
+
+// src/commands/worker-bridge/protocol.ts
+var OpCode = {
+  NOOP: 0,
+  READ_FILE: 1,
+  WRITE_FILE: 2,
+  STAT: 3,
+  READDIR: 4,
+  MKDIR: 5,
+  RM: 6,
+  EXISTS: 7,
+  APPEND_FILE: 8,
+  SYMLINK: 9,
+  READLINK: 10,
+  LSTAT: 11,
+  CHMOD: 12,
+  REALPATH: 13,
+  RENAME: 14,
+  COPY_FILE: 15,
+  // Special operations for I/O
+  WRITE_STDOUT: 100,
+  WRITE_STDERR: 101,
+  EXIT: 102,
+  // HTTP operations
+  HTTP_REQUEST: 200,
+  // Sub-shell execution
+  EXEC_COMMAND: 300
+};
+var Status = {
+  PENDING: 0,
+  READY: 1,
+  SUCCESS: 2,
+  ERROR: 3
+};
+var ErrorCode = {
+  NONE: 0,
+  NOT_FOUND: 1,
+  IS_DIRECTORY: 2,
+  NOT_DIRECTORY: 3,
+  EXISTS: 4,
+  PERMISSION_DENIED: 5,
+  INVALID_PATH: 6,
+  IO_ERROR: 7,
+  TIMEOUT: 8,
+  NETWORK_ERROR: 9,
+  NETWORK_NOT_CONFIGURED: 10
+};
+var Offset = {
+  OP_CODE: 0,
+  STATUS: 4,
+  PATH_LENGTH: 8,
+  DATA_LENGTH: 12,
+  RESULT_LENGTH: 16,
+  ERROR_CODE: 20,
+  FLAGS: 24,
+  MODE: 28,
+  PATH_BUFFER: 32,
+  DATA_BUFFER: 4128
+  // 32 + 4096
+};
+var Size = {
+  CONTROL_REGION: 32,
+  PATH_BUFFER: 4096,
+  // 1MB limit applies to all FS read/write operations through the bridge.
+  // Files larger than this will be truncated. This is tight — consider
+  // increasing if real workloads hit the cap. Reduced from 16MB for faster tests.
+  DATA_BUFFER: 1048576,
+  TOTAL: 1052704
+  // 32 + 4096 + 1MB
+};
+var Flags = {
+  NONE: 0,
+  RECURSIVE: 1,
+  FORCE: 2,
+  MKDIR_RECURSIVE: 1
+};
+var StatLayout = {
+  IS_FILE: 0,
+  IS_DIRECTORY: 1,
+  IS_SYMLINK: 2,
+  MODE: 4,
+  SIZE: 8,
+  MTIME: 16,
+  TOTAL: 24
+};
+var ProtocolBuffer = class {
+  int32View;
+  uint8View;
+  dataView;
+  constructor(buffer) {
+    this.int32View = new Int32Array(buffer);
+    this.uint8View = new Uint8Array(buffer);
+    this.dataView = new DataView(buffer);
+  }
+  getOpCode() {
+    return _Atomics.load(this.int32View, Offset.OP_CODE / 4);
+  }
+  setOpCode(code) {
+    _Atomics.store(this.int32View, Offset.OP_CODE / 4, code);
+  }
+  getStatus() {
+    return _Atomics.load(this.int32View, Offset.STATUS / 4);
+  }
+  setStatus(status) {
+    _Atomics.store(this.int32View, Offset.STATUS / 4, status);
+  }
+  getPathLength() {
+    return _Atomics.load(this.int32View, Offset.PATH_LENGTH / 4);
+  }
+  setPathLength(length) {
+    _Atomics.store(this.int32View, Offset.PATH_LENGTH / 4, length);
+  }
+  getDataLength() {
+    return _Atomics.load(this.int32View, Offset.DATA_LENGTH / 4);
+  }
+  setDataLength(length) {
+    _Atomics.store(this.int32View, Offset.DATA_LENGTH / 4, length);
+  }
+  getResultLength() {
+    return _Atomics.load(this.int32View, Offset.RESULT_LENGTH / 4);
+  }
+  setResultLength(length) {
+    _Atomics.store(this.int32View, Offset.RESULT_LENGTH / 4, length);
+  }
+  getErrorCode() {
+    return _Atomics.load(
+      this.int32View,
+      Offset.ERROR_CODE / 4
+    );
+  }
+  setErrorCode(code) {
+    _Atomics.store(this.int32View, Offset.ERROR_CODE / 4, code);
+  }
+  getFlags() {
+    return _Atomics.load(this.int32View, Offset.FLAGS / 4);
+  }
+  setFlags(flags) {
+    _Atomics.store(this.int32View, Offset.FLAGS / 4, flags);
+  }
+  getMode() {
+    return _Atomics.load(this.int32View, Offset.MODE / 4);
+  }
+  setMode(mode) {
+    _Atomics.store(this.int32View, Offset.MODE / 4, mode);
+  }
+  getPath() {
+    const length = this.getPathLength();
+    const bytes = this.uint8View.slice(
+      Offset.PATH_BUFFER,
+      Offset.PATH_BUFFER + length
+    );
+    return new TextDecoder().decode(bytes);
+  }
+  setPath(path) {
+    const encoded = new TextEncoder().encode(path);
+    if (encoded.length > Size.PATH_BUFFER) {
+      throw new Error(`Path too long: ${encoded.length} > ${Size.PATH_BUFFER}`);
+    }
+    this.uint8View.set(encoded, Offset.PATH_BUFFER);
+    this.setPathLength(encoded.length);
+  }
+  getData() {
+    const length = this.getDataLength();
+    return this.uint8View.slice(
+      Offset.DATA_BUFFER,
+      Offset.DATA_BUFFER + length
+    );
+  }
+  setData(data) {
+    if (data.length > Size.DATA_BUFFER) {
+      throw new Error(`Data too large: ${data.length} > ${Size.DATA_BUFFER}`);
+    }
+    this.uint8View.set(data, Offset.DATA_BUFFER);
+    this.setDataLength(data.length);
+  }
+  getDataAsString() {
+    const data = this.getData();
+    return new TextDecoder().decode(data);
+  }
+  setDataFromString(str) {
+    const encoded = new TextEncoder().encode(str);
+    this.setData(encoded);
+  }
+  getResult() {
+    const length = this.getResultLength();
+    return this.uint8View.slice(
+      Offset.DATA_BUFFER,
+      Offset.DATA_BUFFER + length
+    );
+  }
+  setResult(data) {
+    if (data.length > Size.DATA_BUFFER) {
+      throw new Error(`Result too large: ${data.length} > ${Size.DATA_BUFFER}`);
+    }
+    this.uint8View.set(data, Offset.DATA_BUFFER);
+    this.setResultLength(data.length);
+  }
+  getResultAsString() {
+    const result = this.getResult();
+    return new TextDecoder().decode(result);
+  }
+  setResultFromString(str) {
+    const encoded = new TextEncoder().encode(str);
+    this.setResult(encoded);
+  }
+  encodeStat(stat) {
+    this.uint8View[Offset.DATA_BUFFER + StatLayout.IS_FILE] = stat.isFile ? 1 : 0;
+    this.uint8View[Offset.DATA_BUFFER + StatLayout.IS_DIRECTORY] = stat.isDirectory ? 1 : 0;
+    this.uint8View[Offset.DATA_BUFFER + StatLayout.IS_SYMLINK] = stat.isSymbolicLink ? 1 : 0;
+    this.dataView.setInt32(
+      Offset.DATA_BUFFER + StatLayout.MODE,
+      stat.mode,
+      true
+    );
+    const size = Math.min(stat.size, Number.MAX_SAFE_INTEGER);
+    this.dataView.setFloat64(Offset.DATA_BUFFER + StatLayout.SIZE, size, true);
+    this.dataView.setFloat64(
+      Offset.DATA_BUFFER + StatLayout.MTIME,
+      stat.mtime.getTime(),
+      true
+    );
+    this.setResultLength(StatLayout.TOTAL);
+  }
+  decodeStat() {
+    return {
+      isFile: this.uint8View[Offset.DATA_BUFFER + StatLayout.IS_FILE] === 1,
+      isDirectory: this.uint8View[Offset.DATA_BUFFER + StatLayout.IS_DIRECTORY] === 1,
+      isSymbolicLink: this.uint8View[Offset.DATA_BUFFER + StatLayout.IS_SYMLINK] === 1,
+      mode: this.dataView.getInt32(Offset.DATA_BUFFER + StatLayout.MODE, true),
+      size: this.dataView.getFloat64(
+        Offset.DATA_BUFFER + StatLayout.SIZE,
+        true
+      ),
+      mtime: new Date(
+        this.dataView.getFloat64(Offset.DATA_BUFFER + StatLayout.MTIME, true)
+      )
+    };
+  }
+  waitForReady(timeout) {
+    return _Atomics.wait(
+      this.int32View,
+      Offset.STATUS / 4,
+      Status.PENDING,
+      timeout
+    );
+  }
+  waitForReadyAsync(timeout) {
+    return _Atomics.waitAsync(
+      this.int32View,
+      Offset.STATUS / 4,
+      Status.PENDING,
+      timeout
+    );
+  }
+  /**
+   * Wait for status to become READY.
+   * Returns immediately if status is already READY, or waits until it changes.
+   */
+  async waitUntilReady(timeout) {
+    const startTime = Date.now();
+    while (true) {
+      const status = this.getStatus();
+      if (status === Status.READY) {
+        return true;
+      }
+      const elapsed = Date.now() - startTime;
+      if (elapsed >= timeout) {
+        return false;
+      }
+      const remainingMs = timeout - elapsed;
+      const result = _Atomics.waitAsync(
+        this.int32View,
+        Offset.STATUS / 4,
+        status,
+        remainingMs
+      );
+      if (result.async) {
+        const waitResult = await result.value;
+        if (waitResult === "timed-out") {
+          return false;
+        }
+      }
+    }
+  }
+  waitForResult(timeout) {
+    return _Atomics.wait(
+      this.int32View,
+      Offset.STATUS / 4,
+      Status.READY,
+      timeout
+    );
+  }
+  notify() {
+    return _Atomics.notify(this.int32View, Offset.STATUS / 4);
+  }
+  reset() {
+    this.setOpCode(OpCode.NOOP);
+    this.setStatus(Status.PENDING);
+    this.setPathLength(0);
+    this.setDataLength(0);
+    this.setResultLength(0);
+    this.setErrorCode(ErrorCode.NONE);
+    this.setFlags(Flags.NONE);
+    this.setMode(0);
+  }
+};
+
+// src/commands/worker-bridge/sync-backend.ts
+var SyncBackend = class {
+  protocol;
+  operationTimeoutMs;
+  constructor(sharedBuffer, operationTimeoutMs = 3e4) {
+    this.protocol = new ProtocolBuffer(sharedBuffer);
+    this.operationTimeoutMs = operationTimeoutMs;
+  }
+  execSync(opCode, path, data, flags = 0, mode = 0) {
+    this.protocol.reset();
+    this.protocol.setOpCode(opCode);
+    this.protocol.setPath(path);
+    this.protocol.setFlags(flags);
+    this.protocol.setMode(mode);
+    if (data) {
+      this.protocol.setData(data);
+    }
+    this.protocol.setStatus(Status.READY);
+    this.protocol.notify();
+    const waitResult = this.protocol.waitForResult(this.operationTimeoutMs);
+    if (waitResult === "timed-out") {
+      return { success: false, error: "Operation timed out" };
+    }
+    const status = this.protocol.getStatus();
+    if (status === Status.SUCCESS) {
+      return { success: true, result: this.protocol.getResult() };
+    }
+    return {
+      success: false,
+      error: this.protocol.getResultAsString() || `Error code: ${this.protocol.getErrorCode()}`
+    };
+  }
+  readFile(path) {
+    const result = this.execSync(OpCode.READ_FILE, path);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to read file");
+    }
+    return result.result ?? new Uint8Array(0);
+  }
+  writeFile(path, data) {
+    const result = this.execSync(OpCode.WRITE_FILE, path, data);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to write file");
+    }
+  }
+  stat(path) {
+    const result = this.execSync(OpCode.STAT, path);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to stat");
+    }
+    return this.protocol.decodeStat();
+  }
+  lstat(path) {
+    const result = this.execSync(OpCode.LSTAT, path);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to lstat");
+    }
+    return this.protocol.decodeStat();
+  }
+  readdir(path) {
+    const result = this.execSync(OpCode.READDIR, path);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to readdir");
+    }
+    return JSON.parse(this.protocol.getResultAsString());
+  }
+  mkdir(path, recursive = false) {
+    const flags = recursive ? Flags.MKDIR_RECURSIVE : 0;
+    const result = this.execSync(OpCode.MKDIR, path, void 0, flags);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to mkdir");
+    }
+  }
+  rm(path, recursive = false, force = false) {
+    let flags = 0;
+    if (recursive) flags |= Flags.RECURSIVE;
+    if (force) flags |= Flags.FORCE;
+    const result = this.execSync(OpCode.RM, path, void 0, flags);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to rm");
+    }
+  }
+  exists(path) {
+    const result = this.execSync(OpCode.EXISTS, path);
+    if (!result.success) {
+      return false;
+    }
+    return result.result?.[0] === 1;
+  }
+  appendFile(path, data) {
+    const result = this.execSync(OpCode.APPEND_FILE, path, data);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to append file");
+    }
+  }
+  symlink(target, linkPath) {
+    const targetData = new TextEncoder().encode(target);
+    const result = this.execSync(OpCode.SYMLINK, linkPath, targetData);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to symlink");
+    }
+  }
+  readlink(path) {
+    const result = this.execSync(OpCode.READLINK, path);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to readlink");
+    }
+    return this.protocol.getResultAsString();
+  }
+  chmod(path, mode) {
+    const result = this.execSync(OpCode.CHMOD, path, void 0, 0, mode);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to chmod");
+    }
+  }
+  realpath(path) {
+    const result = this.execSync(OpCode.REALPATH, path);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to realpath");
+    }
+    return this.protocol.getResultAsString();
+  }
+  rename(oldPath, newPath) {
+    const newPathData = new TextEncoder().encode(newPath);
+    const result = this.execSync(OpCode.RENAME, oldPath, newPathData);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to rename");
+    }
+  }
+  copyFile(src, dest) {
+    const destData = new TextEncoder().encode(dest);
+    const result = this.execSync(OpCode.COPY_FILE, src, destData);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to copyFile");
+    }
+  }
+  writeStdout(data) {
+    const encoded = new TextEncoder().encode(data);
+    const result = this.execSync(OpCode.WRITE_STDOUT, "", encoded);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to write stdout");
+    }
+  }
+  writeStderr(data) {
+    const encoded = new TextEncoder().encode(data);
+    const result = this.execSync(OpCode.WRITE_STDERR, "", encoded);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to write stderr");
+    }
+  }
+  exit(code) {
+    this.execSync(OpCode.EXIT, "", void 0, code);
+  }
+  /**
+   * Make an HTTP request through the main thread's secureFetch.
+   * Returns the response as a parsed object.
+   */
+  httpRequest(url, options) {
+    const requestData = options ? new TextEncoder().encode(JSON.stringify(options)) : void 0;
+    const result = this.execSync(OpCode.HTTP_REQUEST, url, requestData);
+    if (!result.success) {
+      throw new Error(result.error || "HTTP request failed");
+    }
+    const responseJson = new TextDecoder().decode(result.result);
+    return JSON.parse(responseJson);
+  }
+  /**
+   * Execute a shell command through the main thread's exec function.
+   * Returns the result as { stdout, stderr, exitCode }.
+   */
+  execCommand(command, stdin) {
+    const requestData = stdin ? new TextEncoder().encode(JSON.stringify({ stdin })) : void 0;
+    const result = this.execSync(OpCode.EXEC_COMMAND, command, requestData);
+    if (!result.success) {
+      throw new Error(result.error || "Command execution failed");
+    }
+    const responseJson = new TextDecoder().decode(result.result);
+    return JSON.parse(responseJson);
+  }
+  /**
+   * Execute a shell command with structured args (shell-escaped on the main thread).
+   * Prevents command injection from unsanitized args.
+   */
+  execCommandArgs(command, args) {
+    const requestData = new TextEncoder().encode(JSON.stringify({ args }));
+    const result = this.execSync(OpCode.EXEC_COMMAND, command, requestData);
+    if (!result.success) {
+      throw new Error(result.error || "Command execution failed");
+    }
+    const responseJson = new TextDecoder().decode(result.result);
+    return JSON.parse(responseJson);
+  }
+};
+
+// src/commands/js-exec/fetch-polyfill.ts
+var FETCH_POLYFILL_SOURCE = `
+(function() {
+  // --- URLSearchParams ---
+  function URLSearchParams(init) {
+    this._entries = [];
+    if (!init) return;
+    if (typeof init === 'string') {
+      var s = init;
+      if (s.charAt(0) === '?') s = s.slice(1);
+      var pairs = s.split('&');
+      for (var i = 0; i < pairs.length; i++) {
+        var pair = pairs[i];
+        if (pair === '') continue;
+        var eq = pair.indexOf('=');
+        if (eq === -1) {
+          this._entries.push([decodeURIComponent(pair), '']);
+        } else {
+          this._entries.push([
+            decodeURIComponent(pair.slice(0, eq)),
+            decodeURIComponent(pair.slice(eq + 1))
+          ]);
+        }
+      }
+    } else if (typeof init === 'object' && init !== null) {
+      if (init instanceof URLSearchParams) {
+        this._entries = init._entries.slice();
+      } else {
+        var keys = Object.keys(init);
+        for (var i = 0; i < keys.length; i++) {
+          this._entries.push([keys[i], String(init[keys[i]])]);
+        }
+      }
+    }
+  }
+
+  URLSearchParams.prototype.append = function(name, value) {
+    this._entries.push([String(name), String(value)]);
+  };
+
+  URLSearchParams.prototype.delete = function(name) {
+    var n = String(name);
+    this._entries = this._entries.filter(function(e) { return e[0] !== n; });
+  };
+
+  URLSearchParams.prototype.get = function(name) {
+    var n = String(name);
+    for (var i = 0; i < this._entries.length; i++) {
+      if (this._entries[i][0] === n) return this._entries[i][1];
+    }
+    return null;
+  };
+
+  URLSearchParams.prototype.getAll = function(name) {
+    var n = String(name);
+    var result = [];
+    for (var i = 0; i < this._entries.length; i++) {
+      if (this._entries[i][0] === n) result.push(this._entries[i][1]);
+    }
+    return result;
+  };
+
+  URLSearchParams.prototype.has = function(name) {
+    var n = String(name);
+    for (var i = 0; i < this._entries.length; i++) {
+      if (this._entries[i][0] === n) return true;
+    }
+    return false;
+  };
+
+  URLSearchParams.prototype.set = function(name, value) {
+    var n = String(name);
+    var v = String(value);
+    var found = false;
+    var newEntries = [];
+    for (var i = 0; i < this._entries.length; i++) {
+      if (this._entries[i][0] === n) {
+        if (!found) {
+          newEntries.push([n, v]);
+          found = true;
+        }
+      } else {
+        newEntries.push(this._entries[i]);
+      }
+    }
+    if (!found) newEntries.push([n, v]);
+    this._entries = newEntries;
+  };
+
+  URLSearchParams.prototype.sort = function() {
+    this._entries.sort(function(a, b) {
+      if (a[0] < b[0]) return -1;
+      if (a[0] > b[0]) return 1;
+      return 0;
+    });
+  };
+
+  URLSearchParams.prototype.toString = function() {
+    return this._entries.map(function(e) {
+      return encodeURIComponent(e[0]) + '=' + encodeURIComponent(e[1]);
+    }).join('&');
+  };
+
+  URLSearchParams.prototype.forEach = function(callback, thisArg) {
+    for (var i = 0; i < this._entries.length; i++) {
+      callback.call(thisArg, this._entries[i][1], this._entries[i][0], this);
+    }
+  };
+
+  URLSearchParams.prototype.entries = function() {
+    var idx = 0;
+    var entries = this._entries;
+    return {
+      next: function() {
+        if (idx >= entries.length) return { done: true, value: undefined };
+        return { done: false, value: entries[idx++].slice() };
+      },
+      [Symbol.iterator]: function() { return this; }
+    };
+  };
+
+  URLSearchParams.prototype.keys = function() {
+    var idx = 0;
+    var entries = this._entries;
+    return {
+      next: function() {
+        if (idx >= entries.length) return { done: true, value: undefined };
+        return { done: false, value: entries[idx++][0] };
+      },
+      [Symbol.iterator]: function() { return this; }
+    };
+  };
+
+  URLSearchParams.prototype.values = function() {
+    var idx = 0;
+    var entries = this._entries;
+    return {
+      next: function() {
+        if (idx >= entries.length) return { done: true, value: undefined };
+        return { done: false, value: entries[idx++][1] };
+      },
+      [Symbol.iterator]: function() { return this; }
+    };
+  };
+
+  URLSearchParams.prototype[Symbol.iterator] = URLSearchParams.prototype.entries;
+
+  Object.defineProperty(URLSearchParams.prototype, 'size', {
+    get: function() { return this._entries.length; }
+  });
+
+  // --- URL ---
+  var urlRegex = /^([a-zA-Z][a-zA-Z0-9+.-]*):(?:\\/\\/(?:([^:@/?#]*)(?::([^@/?#]*))?@)?([^:/?#]*)(?::([0-9]+))?)?(\\/[^?#]*)?(?:\\?([^#]*))?(?:#(.*))?$/;
+
+  function URL(url, base) {
+    var input = String(url);
+
+    if (base !== undefined) {
+      var baseUrl = (base instanceof URL) ? base : new URL(String(base));
+      // Resolve relative URL against base
+      if (/^[a-zA-Z][a-zA-Z0-9+.-]*:/.test(input)) {
+        // Absolute URL - parse as-is
+      } else if (input.charAt(0) === '/' && input.charAt(1) === '/') {
+        // Protocol-relative
+        input = baseUrl.protocol + input;
+      } else if (input.charAt(0) === '/') {
+        // Absolute path
+        input = baseUrl.origin + input;
+      } else if (input.charAt(0) === '?' || input.charAt(0) === '#') {
+        // Query or hash only
+        var basePath = baseUrl.protocol + '//' + baseUrl.host + baseUrl.pathname;
+        if (input.charAt(0) === '#') {
+          input = basePath + baseUrl.search + input;
+        } else {
+          input = basePath + input;
+        }
+      } else {
+        // Relative path
+        var basePath = baseUrl.protocol + '//' + baseUrl.host;
+        var dirPath = baseUrl.pathname;
+        var lastSlash = dirPath.lastIndexOf('/');
+        if (lastSlash >= 0) dirPath = dirPath.slice(0, lastSlash + 1);
+        else dirPath = '/';
+        input = basePath + dirPath + input;
+      }
+    }
+
+    var m = urlRegex.exec(input);
+    if (!m) throw new TypeError("Invalid URL: " + String(url));
+
+    this.protocol = m[1].toLowerCase() + ':';
+    this.username = m[2] ? decodeURIComponent(m[2]) : '';
+    this.password = m[3] ? decodeURIComponent(m[3]) : '';
+    this.hostname = m[4] || '';
+    this.port = m[5] || '';
+    this.pathname = m[6] || '/';
+    this.hash = m[8] ? '#' + m[8] : '';
+
+    // Normalize pathname (resolve . and ..)
+    var parts = this.pathname.split('/');
+    var resolved = [];
+    for (var i = 0; i < parts.length; i++) {
+      if (parts[i] === '..') { if (resolved.length > 1) resolved.pop(); }
+      else if (parts[i] !== '.') resolved.push(parts[i]);
+    }
+    this.pathname = resolved.join('/') || '/';
+
+    // searchParams is live
+    this._searchParamsStr = m[7] || '';
+    this.searchParams = new URLSearchParams(this._searchParamsStr);
+  }
+
+  Object.defineProperty(URL.prototype, 'search', {
+    get: function() {
+      var s = this.searchParams.toString();
+      return s ? '?' + s : '';
+    },
+    set: function(v) {
+      this.searchParams = new URLSearchParams(String(v));
+    }
+  });
+
+  Object.defineProperty(URL.prototype, 'host', {
+    get: function() {
+      return this.port ? this.hostname + ':' + this.port : this.hostname;
+    }
+  });
+
+  Object.defineProperty(URL.prototype, 'origin', {
+    get: function() {
+      return this.protocol + '//' + this.host;
+    }
+  });
+
+  Object.defineProperty(URL.prototype, 'href', {
+    get: function() {
+      var auth = '';
+      if (this.username) {
+        auth = this.username;
+        if (this.password) auth += ':' + this.password;
+        auth += '@';
+      }
+      return this.protocol + '//' + auth + this.host + this.pathname + this.search + this.hash;
+    },
+    set: function(v) {
+      var parsed = new URL(String(v));
+      this.protocol = parsed.protocol;
+      this.username = parsed.username;
+      this.password = parsed.password;
+      this.hostname = parsed.hostname;
+      this.port = parsed.port;
+      this.pathname = parsed.pathname;
+      this.searchParams = parsed.searchParams;
+      this.hash = parsed.hash;
+    }
+  });
+
+  URL.prototype.toString = function() { return this.href; };
+  URL.prototype.toJSON = function() { return this.href; };
+
+  // --- Headers ---
+  function Headers(init) {
+    this._map = {};
+    if (!init) return;
+    if (init instanceof Headers) {
+      var keys = Object.keys(init._map);
+      for (var i = 0; i < keys.length; i++) {
+        this._map[keys[i]] = init._map[keys[i]].slice();
+      }
+    } else if (typeof init === 'object') {
+      var keys = Object.keys(init);
+      for (var i = 0; i < keys.length; i++) {
+        this._map[keys[i].toLowerCase()] = [String(init[keys[i]])];
+      }
+    }
+  }
+
+  Headers.prototype.append = function(name, value) {
+    var key = String(name).toLowerCase();
+    if (!this._map[key]) this._map[key] = [];
+    this._map[key].push(String(value));
+  };
+
+  Headers.prototype.delete = function(name) {
+    delete this._map[String(name).toLowerCase()];
+  };
+
+  Headers.prototype.get = function(name) {
+    var vals = this._map[String(name).toLowerCase()];
+    return vals ? vals.join(', ') : null;
+  };
+
+  Headers.prototype.has = function(name) {
+    return String(name).toLowerCase() in this._map;
+  };
+
+  Headers.prototype.set = function(name, value) {
+    this._map[String(name).toLowerCase()] = [String(value)];
+  };
+
+  Headers.prototype.forEach = function(callback, thisArg) {
+    var keys = Object.keys(this._map).sort();
+    for (var i = 0; i < keys.length; i++) {
+      callback.call(thisArg, this._map[keys[i]].join(', '), keys[i], this);
+    }
+  };
+
+  Headers.prototype.entries = function() {
+    var keys = Object.keys(this._map).sort();
+    var map = this._map;
+    var idx = 0;
+    return {
+      next: function() {
+        if (idx >= keys.length) return { done: true, value: undefined };
+        var k = keys[idx++];
+        return { done: false, value: [k, map[k].join(', ')] };
+      },
+      [Symbol.iterator]: function() { return this; }
+    };
+  };
+
+  Headers.prototype.keys = function() {
+    var keys = Object.keys(this._map).sort();
+    var idx = 0;
+    return {
+      next: function() {
+        if (idx >= keys.length) return { done: true, value: undefined };
+        return { done: false, value: keys[idx++] };
+      },
+      [Symbol.iterator]: function() { return this; }
+    };
+  };
+
+  Headers.prototype.values = function() {
+    var keys = Object.keys(this._map).sort();
+    var map = this._map;
+    var idx = 0;
+    return {
+      next: function() {
+        if (idx >= keys.length) return { done: true, value: undefined };
+        return { done: false, value: map[keys[idx++]].join(', ') };
+      },
+      [Symbol.iterator]: function() { return this; }
+    };
+  };
+
+  Headers.prototype[Symbol.iterator] = Headers.prototype.entries;
+
+  // --- Response ---
+  function Response(body, init) {
+    if (init === undefined) init = {};
+    this.status = init.status !== undefined ? init.status : 200;
+    this.statusText = init.statusText !== undefined ? init.statusText : '';
+    this.headers = init.headers instanceof Headers ? init.headers : new Headers(init.headers);
+    this.body = body !== undefined && body !== null ? String(body) : '';
+    this.ok = this.status >= 200 && this.status <= 299;
+    this.url = '';
+    this.redirected = false;
+    this.type = 'basic';
+    this.bodyUsed = false;
+  }
+
+  Response.prototype.text = function() {
+    this.bodyUsed = true;
+    return Promise.resolve(this.body);
+  };
+
+  Response.prototype.json = function() {
+    this.bodyUsed = true;
+    try {
+      return Promise.resolve(JSON.parse(this.body));
+    } catch (e) {
+      return Promise.reject(e);
+    }
+  };
+
+  Response.prototype.clone = function() {
+    var r = new Response(this.body, {
+      status: this.status,
+      statusText: this.statusText,
+      headers: new Headers(this.headers)
+    });
+    r.url = this.url;
+    r.redirected = this.redirected;
+    r.type = this.type;
+    return r;
+  };
+
+  Response.json = function(data, init) {
+    if (init === undefined) init = {};
+    var headers = init.headers instanceof Headers ? init.headers : new Headers(init.headers);
+    if (!headers.has('content-type')) {
+      headers.set('content-type', 'application/json');
+    }
+    return new Response(JSON.stringify(data), {
+      status: init.status !== undefined ? init.status : 200,
+      statusText: init.statusText || '',
+      headers: headers
+    });
+  };
+
+  Response.error = function() {
+    var r = new Response(null, { status: 0, statusText: '' });
+    r.type = 'error';
+    r.ok = false;
+    return r;
+  };
+
+  Response.redirect = function(url, status) {
+    if (status === undefined) status = 302;
+    var r = new Response(null, {
+      status: status,
+      statusText: '',
+      headers: new Headers({ location: String(url) })
+    });
+    r.redirected = true;
+    return r;
+  };
+
+  // --- Request ---
+  function Request(input, init) {
+    if (init === undefined) init = {};
+    if (input instanceof Request) {
+      this.url = input.url;
+      this.method = input.method;
+      this.headers = new Headers(input.headers);
+      this.body = input.body;
+    } else {
+      this.url = String(input);
+      this.method = 'GET';
+      this.headers = new Headers();
+      this.body = null;
+    }
+    if (init.method !== undefined) this.method = String(init.method).toUpperCase();
+    if (init.headers !== undefined) this.headers = init.headers instanceof Headers ? init.headers : new Headers(init.headers);
+    if (init.body !== undefined) this.body = init.body !== null ? String(init.body) : null;
+  }
+
+  Request.prototype.clone = function() {
+    return new Request(this);
+  };
+
+  // --- Assign to globalThis ---
+  globalThis.URLSearchParams = URLSearchParams;
+  globalThis.URL = URL;
+  globalThis.Headers = Headers;
+  globalThis.Response = Response;
+  globalThis.Request = Request;
+
+  // --- Wrap native fetch ---
+  var _nativeFetch = globalThis[Symbol.for('jb:fetch')];
+  globalThis.fetch = function fetch(input, init) {
+    try {
+      var url, method, headers, body;
+
+      if (input instanceof Request) {
+        url = input.url;
+        method = input.method;
+        headers = {};
+        input.headers.forEach(function(v, k) { headers[k] = v; });
+        body = input.body;
+      } else {
+        url = String(input);
+        method = undefined;
+        headers = undefined;
+        body = undefined;
+      }
+
+      if (init) {
+        if (init.method !== undefined) method = String(init.method).toUpperCase();
+        if (init.headers !== undefined) {
+          var h = init.headers instanceof Headers ? init.headers : new Headers(init.headers);
+          headers = {};
+          h.forEach(function(v, k) { headers[k] = v; });
+        }
+        if (init.body !== undefined) body = init.body !== null ? String(init.body) : undefined;
+      }
+
+      var opts = Object.create(null);
+      if (method) opts.method = method;
+      if (headers) opts.headers = headers;
+      if (body) opts.body = body;
+
+      var raw = _nativeFetch(url, opts);
+
+      var respHeaders = new Headers(raw.headers || {});
+      var response = new Response(raw.body, {
+        status: raw.status,
+        statusText: raw.statusText || '',
+        headers: respHeaders
+      });
+      response.url = raw.url || url;
+
+      return Promise.resolve(response);
+    } catch (e) {
+      return Promise.reject(new TypeError(e.message || 'fetch failed'));
+    }
+  };
+})();
+`;
+
+// src/commands/js-exec/module-shims.ts
+var EVENTS_MODULE_SOURCE = `
+var EventEmitter = (function() {
+  function EE() {
+    this._events = {};
+    this._maxListeners = 10;
+  }
+  EE.prototype.on = function(event, listener) {
+    if (!this._events[event]) this._events[event] = [];
+    this._events[event].push(listener);
+    return this;
+  };
+  EE.prototype.addListener = EE.prototype.on;
+  EE.prototype.once = function(event, listener) {
+    var self = this;
+    function wrapper() {
+      self.removeListener(event, wrapper);
+      listener.apply(this, arguments);
+    }
+    wrapper._original = listener;
+    return this.on(event, wrapper);
+  };
+  EE.prototype.off = function(event, listener) {
+    return this.removeListener(event, listener);
+  };
+  EE.prototype.removeListener = function(event, listener) {
+    var list = this._events[event];
+    if (list) {
+      this._events[event] = list.filter(function(fn) {
+        return fn !== listener && fn._original !== listener;
+      });
+    }
+    return this;
+  };
+  EE.prototype.removeAllListeners = function(event) {
+    if (event) delete this._events[event];
+    else this._events = {};
+    return this;
+  };
+  EE.prototype.emit = function(event) {
+    var list = this._events[event];
+    if (!list || list.length === 0) return false;
+    var args = Array.prototype.slice.call(arguments, 1);
+    var fns = list.slice();
+    for (var i = 0; i < fns.length; i++) fns[i].apply(this, args);
+    return true;
+  };
+  EE.prototype.listeners = function(event) {
+    return (this._events[event] || []).slice();
+  };
+  EE.prototype.listenerCount = function(event) {
+    return (this._events[event] || []).length;
+  };
+  EE.prototype.setMaxListeners = function(n) {
+    this._maxListeners = n;
+    return this;
+  };
+  EE.prototype.eventNames = function() {
+    return Object.keys(this._events);
+  };
+  EE.prototype.prependListener = function(event, listener) {
+    if (!this._events[event]) this._events[event] = [];
+    this._events[event].unshift(listener);
+    return this;
+  };
+  return EE;
+})();
+globalThis[Symbol.for('jb:events')] = { EventEmitter: EventEmitter };
+`;
+var OS_MODULE_SOURCE = `
+var _os = {
+  platform: function() { return globalThis.process.platform; },
+  arch: function() { return globalThis.process.arch; },
+  homedir: function() { return '/home/user'; },
+  tmpdir: function() { return '/tmp'; },
+  type: function() { return 'Linux'; },
+  hostname: function() { return 'sandbox'; },
+  EOL: '\\n',
+  cpus: function() { return []; },
+  totalmem: function() { return 0; },
+  freemem: function() { return 0; },
+  endianness: function() { return 'LE'; }
+};
+globalThis[Symbol.for('jb:os')] = _os;
+`;
+var URL_MODULE_SOURCE = `
+var _urlMod = {
+  URL: globalThis.URL,
+  URLSearchParams: globalThis.URLSearchParams,
+  parse: function(urlStr) {
+    try {
+      var u = new URL(urlStr);
+      return {
+        protocol: u.protocol, host: u.host, hostname: u.hostname,
+        port: u.port, pathname: u.pathname, search: u.search,
+        hash: u.hash, href: u.href, path: u.pathname + u.search
+      };
+    } catch(e) {
+      return {
+        protocol: null, host: null, hostname: null, port: null,
+        pathname: urlStr, search: '', hash: '', href: urlStr, path: urlStr
+      };
+    }
+  },
+  format: function(obj) {
+    if (typeof obj === 'string') return obj;
+    if (obj instanceof URL) return obj.href;
+    var auth = obj.auth ? obj.auth + '@' : '';
+    var host = obj.host || ((obj.hostname || '') + (obj.port ? ':' + obj.port : ''));
+    return (obj.protocol ? obj.protocol + '//' : '') + auth + host +
+      (obj.pathname || '/') + (obj.search || '') + (obj.hash || '');
+  }
+};
+globalThis[Symbol.for('jb:url')] = _urlMod;
+`;
+var ASSERT_MODULE_SOURCE = `
+var _deepEqual = function(a, b) {
+  if (a === b) return true;
+  if (a === null || b === null || typeof a !== 'object' || typeof b !== 'object') return false;
+  if (Array.isArray(a) !== Array.isArray(b)) return false;
+  var ka = Object.keys(a), kb = Object.keys(b);
+  if (ka.length !== kb.length) return false;
+  for (var i = 0; i < ka.length; i++) {
+    if (!_deepEqual(a[ka[i]], b[ka[i]])) return false;
+  }
+  return true;
+};
+var _assert = function(val, msg) {
+  if (!val) throw new Error(msg || 'AssertionError: expected truthy value');
+};
+_assert.ok = _assert;
+_assert.equal = function(a, b, msg) {
+  if (a != b) throw new Error(msg || 'AssertionError: ' + a + ' != ' + b);
+};
+_assert.notEqual = function(a, b, msg) {
+  if (a == b) throw new Error(msg || 'AssertionError: ' + a + ' == ' + b);
+};
+_assert.strictEqual = function(a, b, msg) {
+  if (a !== b) throw new Error(msg || 'AssertionError: ' + a + ' !== ' + b);
+};
+_assert.notStrictEqual = function(a, b, msg) {
+  if (a === b) throw new Error(msg || 'AssertionError: ' + a + ' === ' + b);
+};
+_assert.deepEqual = function(a, b, msg) {
+  if (!_deepEqual(a, b)) throw new Error(msg || 'AssertionError: objects not deep equal');
+};
+_assert.deepStrictEqual = _assert.deepEqual;
+_assert.notDeepEqual = function(a, b, msg) {
+  if (_deepEqual(a, b)) throw new Error(msg || 'AssertionError: objects are deep equal');
+};
+_assert.throws = function(fn, expected, msg) {
+  var threw = false;
+  try { fn(); } catch(e) {
+    threw = true;
+    if (expected instanceof RegExp && !expected.test(e.message))
+      throw new Error(msg || 'AssertionError: error message did not match');
+  }
+  if (!threw) throw new Error(msg || 'AssertionError: function did not throw');
+};
+_assert.doesNotThrow = function(fn, msg) {
+  // @banned-pattern-ignore: sandbox-internal assertion helper; e.message is from user code inside QuickJS, not host details
+  try { fn(); } catch(e) {
+    throw new Error(msg || 'AssertionError: function threw: ' + e.message);
+  }
+};
+_assert.fail = function(msg) {
+  throw new Error(msg || 'AssertionError: assert.fail()');
+};
+globalThis[Symbol.for('jb:assert')] = _assert;
+`;
+var UTIL_MODULE_SOURCE = `
+var _util = {
+  format: function() {
+    var args = Array.prototype.slice.call(arguments);
+    if (args.length === 0) return '';
+    var fmt = args[0];
+    if (typeof fmt !== 'string') {
+      return args.map(function(a) {
+        return typeof a === 'string' ? a : JSON.stringify(a);
+      }).join(' ');
+    }
+    var i = 1;
+    var str = fmt.replace(/%[sdjifoO%]/g, function(m) {
+      if (m === '%%') return '%';
+      if (i >= args.length) return m;
+      var v = args[i++];
+      if (m === '%s') return String(v);
+      if (m === '%d') return Number(v).toString();
+      if (m === '%i') { var n = Number(v); return (isNaN(n) ? 'NaN' : Math.trunc(n)).toString(); }
+      if (m === '%j') return JSON.stringify(v);
+      if (m === '%f') return parseFloat(v).toString();
+      if (m === '%o' || m === '%O') return JSON.stringify(v);
+      return m;
+    });
+    while (i < args.length) {
+      str += ' ' + (typeof args[i] === 'string' ? args[i] : JSON.stringify(args[i]));
+      i++;
+    }
+    return str;
+  },
+  inspect: function(obj, opts) {
+    if (obj === null) return 'null';
+    if (obj === undefined) return 'undefined';
+    if (typeof obj === 'string') return "'" + obj + "'";
+    if (typeof obj === 'function') return '[Function: ' + (obj.name || 'anonymous') + ']';
+    var seen = [];
+    try {
+      return JSON.stringify(obj, function(key, val) {
+        if (typeof val === 'object' && val !== null) {
+          if (seen.indexOf(val) !== -1) return '[Circular]';
+          seen.push(val);
+        }
+        return val;
+      });
+    } catch(e) { return String(obj); }
+  },
+  promisify: function(fn) {
+    return function() {
+      var args = Array.prototype.slice.call(arguments);
+      return new Promise(function(resolve, reject) {
+        args.push(function(err, val) { if (err) reject(err); else resolve(val); });
+        fn.apply(null, args);
+      });
+    };
+  },
+  types: {
+    isDate: function(v) { return v instanceof Date; },
+    isRegExp: function(v) { return v instanceof RegExp; },
+    isArray: function(v) { return Array.isArray(v); },
+    isMap: function(v) { return typeof Map !== 'undefined' && v instanceof Map; },
+    isSet: function(v) { return typeof Set !== 'undefined' && v instanceof Set; }
+  },
+  inherits: function(ctor, superCtor) {
+    ctor.prototype = Object.create(superCtor.prototype);
+    ctor.prototype.constructor = ctor;
+  }
+};
+globalThis[Symbol.for('jb:util')] = _util;
+`;
+var BUFFER_MODULE_SOURCE = `
+function _utf8Encode(str) {
+  var bytes = [];
+  for (var i = 0; i < str.length; i++) {
+    var c = str.charCodeAt(i);
+    if (c < 0x80) {
+      bytes.push(c);
+    } else if (c < 0x800) {
+      bytes.push(0xC0 | (c >> 6), 0x80 | (c & 0x3F));
+    } else if (c >= 0xD800 && c <= 0xDBFF && i + 1 < str.length) {
+      var lo = str.charCodeAt(++i);
+      var cp = ((c - 0xD800) * 0x400) + (lo - 0xDC00) + 0x10000;
+      bytes.push(0xF0 | (cp >> 18), 0x80 | ((cp >> 12) & 0x3F), 0x80 | ((cp >> 6) & 0x3F), 0x80 | (cp & 0x3F));
+    } else {
+      bytes.push(0xE0 | (c >> 12), 0x80 | ((c >> 6) & 0x3F), 0x80 | (c & 0x3F));
+    }
+  }
+  return bytes;
+}
+function _utf8Decode(bytes) {
+  var str = '';
+  var i = 0;
+  while (i < bytes.length) {
+    var b = bytes[i];
+    if (b < 0x80) { str += String.fromCharCode(b); i++; }
+    else if ((b & 0xE0) === 0xC0) { str += String.fromCharCode(((b & 0x1F) << 6) | (bytes[i+1] & 0x3F)); i += 2; }
+    else if ((b & 0xF0) === 0xE0) { str += String.fromCharCode(((b & 0x0F) << 12) | ((bytes[i+1] & 0x3F) << 6) | (bytes[i+2] & 0x3F)); i += 3; }
+    else if ((b & 0xF8) === 0xF0) { var cp = ((b & 0x07) << 18) | ((bytes[i+1] & 0x3F) << 12) | ((bytes[i+2] & 0x3F) << 6) | (bytes[i+3] & 0x3F); cp -= 0x10000; str += String.fromCharCode((cp >> 10) + 0xD800, (cp & 0x3FF) + 0xDC00); i += 4; }
+    else { i++; }
+  }
+  return str;
+}
+// _utf8Encode/_utf8Decode are IIFE-local vars, available to all module shims
+
+function Buffer(arg) {
+  if (typeof arg === 'number') {
+    this._data = new Uint8Array(arg);
+  } else if (arg instanceof ArrayBuffer) {
+    this._data = new Uint8Array(arg);
+  } else if (arg instanceof Uint8Array) {
+    this._data = new Uint8Array(arg);
+  } else if (Array.isArray(arg)) {
+    this._data = new Uint8Array(arg);
+  } else {
+    this._data = new Uint8Array(0);
+  }
+  this.length = this._data.length;
+}
+Buffer.from = function(data, encoding) {
+  if (typeof data === 'string') {
+    return new Buffer(_utf8Encode(data));
+  }
+  if (data instanceof ArrayBuffer) return new Buffer(data);
+  if (data instanceof Uint8Array) return new Buffer(data);
+  if (Array.isArray(data)) return new Buffer(data);
+  if (data && data._data) return new Buffer(data._data.slice());
+  return new Buffer(0);
+};
+Buffer.alloc = function(size, fill) {
+  var buf = new Buffer(size);
+  if (fill !== undefined) {
+    var fillByte = typeof fill === 'number' ? fill : 0;
+    buf._data.fill(fillByte);
+  }
+  return buf;
+};
+Buffer.allocUnsafe = Buffer.alloc;
+Buffer.isBuffer = function(obj) { return obj instanceof Buffer; };
+Buffer.concat = function(list, totalLength) {
+  if (!totalLength) {
+    totalLength = 0;
+    for (var i = 0; i < list.length; i++) totalLength += list[i].length;
+  }
+  var result = new Uint8Array(totalLength);
+  var offset = 0;
+  for (var i = 0; i < list.length; i++) {
+    result.set(list[i]._data, offset);
+    offset += list[i].length;
+  }
+  return new Buffer(result);
+};
+Buffer.byteLength = function(str) {
+  return _utf8Encode(str).length;
+};
+Buffer.prototype.toString = function(encoding) {
+  return _utf8Decode(this._data);
+};
+Buffer.prototype.toJSON = function() {
+  return { type: 'Buffer', data: Array.from(this._data) };
+};
+Buffer.prototype.slice = function(start, end) {
+  return new Buffer(this._data.slice(start, end));
+};
+Buffer.prototype.copy = function(target, targetStart, sourceStart, sourceEnd) {
+  targetStart = targetStart || 0;
+  sourceStart = sourceStart || 0;
+  sourceEnd = sourceEnd || this.length;
+  var sub = this._data.subarray(sourceStart, sourceEnd);
+  target._data.set(sub, targetStart);
+  return sub.length;
+};
+Buffer.prototype.write = function(str, offset) {
+  var bytes = _utf8Encode(str);
+  offset = offset || 0;
+  this._data.set(bytes, offset);
+  return bytes.length;
+};
+Buffer.prototype.fill = function(val, offset, end) {
+  this._data.fill(typeof val === 'number' ? val : 0, offset, end);
+  return this;
+};
+Buffer.prototype.equals = function(other) {
+  if (this.length !== other.length) return false;
+  for (var i = 0; i < this.length; i++) {
+    if (this._data[i] !== other._data[i]) return false;
+  }
+  return true;
+};
+Buffer.prototype.readUInt8 = function(offset) { return this._data[offset]; };
+Buffer.prototype.writeUInt8 = function(value, offset) { this._data[offset] = value; return offset + 1; };
+globalThis[Symbol.for('jb:buffer')] = { Buffer: Buffer };
+globalThis.Buffer = Buffer;
+`;
+var STREAM_MODULE_SOURCE = `
+var _EE = globalThis[Symbol.for('jb:events')].EventEmitter;
+
+function Stream() { _EE.call(this); }
+Stream.prototype = Object.create(_EE.prototype);
+Stream.prototype.constructor = Stream;
+Stream.prototype.pipe = function(dest) {
+  this.on('data', function(chunk) { dest.write(chunk); });
+  this.on('end', function() { if (dest.end) dest.end(); });
+  return dest;
+};
+
+function Readable(opts) {
+  Stream.call(this);
+  this.readable = true;
+  this._readableState = { ended: false, buffer: [] };
+}
+Readable.prototype = Object.create(Stream.prototype);
+Readable.prototype.constructor = Readable;
+Readable.prototype.read = function() { return null; };
+Readable.prototype.push = function(chunk) {
+  if (chunk === null) { this._readableState.ended = true; this.emit('end'); return false; }
+  this.emit('data', chunk);
+  return true;
+};
+Readable.prototype.destroy = function() { this.emit('close'); return this; };
+
+function Writable(opts) {
+  Stream.call(this);
+  this.writable = true;
+  this._writableState = { ended: false };
+}
+Writable.prototype = Object.create(Stream.prototype);
+Writable.prototype.constructor = Writable;
+Writable.prototype.write = function(chunk) { return true; };
+Writable.prototype.end = function(chunk) {
+  if (chunk) this.write(chunk);
+  this._writableState.ended = true;
+  this.emit('finish');
+  return this;
+};
+Writable.prototype.destroy = function() { this.emit('close'); return this; };
+
+function Duplex(opts) {
+  Readable.call(this, opts);
+  Writable.call(this, opts);
+}
+Duplex.prototype = Object.create(Readable.prototype);
+var _wKeys = Object.keys(Writable.prototype);
+for (var _wi = 0; _wi < _wKeys.length; _wi++) {
+  if (!Duplex.prototype[_wKeys[_wi]]) Duplex.prototype[_wKeys[_wi]] = Writable.prototype[_wKeys[_wi]];
+}
+Duplex.prototype.constructor = Duplex;
+
+function Transform(opts) { Duplex.call(this, opts); }
+Transform.prototype = Object.create(Duplex.prototype);
+Transform.prototype.constructor = Transform;
+Transform.prototype._transform = function(chunk, encoding, cb) { if (cb) cb(null, chunk); };
+
+function PassThrough(opts) { Transform.call(this, opts); }
+PassThrough.prototype = Object.create(Transform.prototype);
+PassThrough.prototype.constructor = PassThrough;
+
+function pipeline() {
+  var streams = Array.prototype.slice.call(arguments);
+  var cb = typeof streams[streams.length - 1] === 'function' ? streams.pop() : null;
+  for (var i = 0; i < streams.length - 1; i++) streams[i].pipe(streams[i + 1]);
+  if (cb) {
+    var last = streams[streams.length - 1];
+    last.on('finish', function() { cb(null); });
+    last.on('error', function(e) { cb(e); });
+  }
+  return streams[streams.length - 1];
+}
+
+globalThis[Symbol.for('jb:stream')] = {
+  Stream: Stream, Readable: Readable, Writable: Writable,
+  Duplex: Duplex, Transform: Transform, PassThrough: PassThrough,
+  pipeline: pipeline
+};
+`;
+var STRING_DECODER_MODULE_SOURCE = `
+function StringDecoder(encoding) {
+  this.encoding = (encoding || 'utf-8').toLowerCase();
+  if (this.encoding === 'utf8') this.encoding = 'utf-8';
+}
+StringDecoder.prototype.write = function(buf) {
+  if (typeof buf === 'string') return buf;
+  var data = buf instanceof Uint8Array ? buf : (buf && buf._data ? buf._data : new Uint8Array(0));
+  return _utf8Decode(data);
+};
+StringDecoder.prototype.end = function(buf) {
+  if (buf) return this.write(buf);
+  return '';
+};
+globalThis[Symbol.for('jb:string_decoder')] = { StringDecoder: StringDecoder };
+`;
+var QUERYSTRING_MODULE_SOURCE = `
+var _qs = {
+  parse: function(str, sep, eq) {
+    sep = sep || '&'; eq = eq || '=';
+    var result = Object.create(null);
+    if (!str || typeof str !== 'string') return result;
+    var pairs = str.split(sep);
+    for (var i = 0; i < pairs.length; i++) {
+      var idx = pairs[i].indexOf(eq);
+      var key, val;
+      if (idx >= 0) {
+        key = decodeURIComponent(pairs[i].slice(0, idx).replace(/\\+/g, ' '));
+        val = decodeURIComponent(pairs[i].slice(idx + 1).replace(/\\+/g, ' '));
+      } else {
+        key = decodeURIComponent(pairs[i].replace(/\\+/g, ' '));
+        val = '';
+      }
+      if (result[key] !== undefined) {
+        if (Array.isArray(result[key])) result[key].push(val);
+        else result[key] = [result[key], val];
+      } else {
+        result[key] = val;
+      }
+    }
+    return result;
+  },
+  stringify: function(obj, sep, eq) {
+    sep = sep || '&'; eq = eq || '=';
+    var pairs = [];
+    var keys = Object.keys(obj);
+    for (var i = 0; i < keys.length; i++) {
+      var key = keys[i];
+      var val = obj[key];
+      if (Array.isArray(val)) {
+        for (var j = 0; j < val.length; j++) {
+          pairs.push(encodeURIComponent(key) + eq + encodeURIComponent(val[j]));
+        }
+      } else {
+        pairs.push(encodeURIComponent(key) + eq + encodeURIComponent(val));
+      }
+    }
+    return pairs.join(sep);
+  },
+  escape: function(str) { return encodeURIComponent(str); },
+  unescape: function(str) { return decodeURIComponent(str); }
+};
+_qs.decode = _qs.parse;
+_qs.encode = _qs.stringify;
+globalThis[Symbol.for('jb:querystring')] = _qs;
+`;
+var UNSUPPORTED_MODULES = Object.assign(
+  /* @__PURE__ */ Object.create(null),
+  {
+    http: "Use fetch() for HTTP requests.",
+    https: "Use fetch() for HTTP requests.",
+    http2: "Use fetch() for HTTP requests.",
+    net: "Network socket APIs are not supported.",
+    tls: "Network socket APIs are not supported.",
+    dgram: "Network socket APIs are not supported.",
+    dns: "DNS APIs are not supported.",
+    cluster: "Cluster APIs are not supported.",
+    worker_threads: "Worker thread APIs are not supported.",
+    vm: "VM APIs are not supported.",
+    v8: "V8 APIs are not supported.",
+    inspector: "Inspector APIs are not supported.",
+    readline: "Readline APIs are not supported.",
+    repl: "REPL APIs are not supported.",
+    module: "Module APIs are not supported.",
+    perf_hooks: "Performance hooks are not supported.",
+    async_hooks: "Async hooks are not supported.",
+    diagnostics_channel: "Diagnostics channel is not supported.",
+    trace_events: "Trace events are not supported.",
+    crypto: "Crypto APIs are not available in this sandbox.",
+    zlib: "Compression APIs are not supported.",
+    tty: "TTY APIs are not supported.",
+    domain: "Domain APIs are not supported."
+  }
+);
+
+// src/commands/js-exec/path-polyfill.ts
+var PATH_MODULE_SOURCE = `
+(function() {
+  var sep = '/';
+  var delimiter = ':';
+
+  function normalize(p) {
+    if (p === '') return '.';
+    var isAbs = p.charCodeAt(0) === 47;
+    var trailingSlash = p.charCodeAt(p.length - 1) === 47;
+    var parts = p.split('/');
+    var out = [];
+    for (var i = 0; i < parts.length; i++) {
+      var seg = parts[i];
+      if (seg === '' || seg === '.') continue;
+      if (seg === '..') {
+        if (out.length > 0 && out[out.length - 1] !== '..') out.pop();
+        else if (!isAbs) out.push('..');
+      } else {
+        out.push(seg);
+      }
+    }
+    var result = out.join('/');
+    if (isAbs) result = '/' + result;
+    if (trailingSlash && result[result.length - 1] !== '/') result += '/';
+    return result || (isAbs ? '/' : '.');
+  }
+
+  function join() {
+    var joined = '';
+    for (var i = 0; i < arguments.length; i++) {
+      var arg = arguments[i];
+      if (typeof arg !== 'string') throw new TypeError('Path must be a string');
+      if (arg.length > 0) {
+        if (joined.length > 0) joined += '/' + arg;
+        else joined = arg;
+      }
+    }
+    if (joined.length === 0) return '.';
+    return normalize(joined);
+  }
+
+  function resolve() {
+    var resolved = '';
+    var resolvedAbsolute = false;
+    for (var i = arguments.length - 1; i >= -1 && !resolvedAbsolute; i--) {
+      var path = i >= 0 ? arguments[i] : globalThis.process.cwd();
+      if (typeof path !== 'string') throw new TypeError('Path must be a string');
+      if (path.length === 0) continue;
+      if (resolved.length > 0) resolved = path + '/' + resolved;
+      else resolved = path;
+      resolvedAbsolute = path.charCodeAt(0) === 47;
+    }
+    resolved = normalize(resolved);
+    if (resolvedAbsolute) return '/' + resolved.replace(/^\\/+/, '');
+    return resolved.length > 0 ? resolved : '.';
+  }
+
+  function isAbsolute(p) {
+    return typeof p === 'string' && p.length > 0 && p.charCodeAt(0) === 47;
+  }
+
+  function dirname(p) {
+    if (p.length === 0) return '.';
+    var hasRoot = p.charCodeAt(0) === 47;
+    var end = -1;
+    for (var i = p.length - 1; i >= 1; i--) {
+      if (p.charCodeAt(i) === 47) { end = i; break; }
+    }
+    if (end === -1) return hasRoot ? '/' : '.';
+    if (hasRoot && end === 0) return '/';
+    return p.slice(0, end);
+  }
+
+  function basename(p, ext) {
+    var start = 0;
+    for (var i = p.length - 1; i >= 0; i--) {
+      if (p.charCodeAt(i) === 47) { start = i + 1; break; }
+    }
+    var base = p.slice(start);
+    if (ext && base.endsWith(ext)) {
+      base = base.slice(0, base.length - ext.length);
+    }
+    return base;
+  }
+
+  function extname(p) {
+    var startDot = -1;
+    var startPart = 0;
+    for (var i = p.length - 1; i >= 0; i--) {
+      var code = p.charCodeAt(i);
+      if (code === 47) { startPart = i + 1; break; }
+      if (code === 46 && startDot === -1) startDot = i;
+    }
+    if (startDot === -1 || startDot === startPart ||
+        (startDot === startPart + 1 && p.charCodeAt(startPart) === 46)) {
+      return '';
+    }
+    return p.slice(startDot);
+  }
+
+  function relative(from, to) {
+    if (from === to) return '';
+    from = resolve(from);
+    to = resolve(to);
+    if (from === to) return '';
+    var fromParts = from.split('/').filter(Boolean);
+    var toParts = to.split('/').filter(Boolean);
+    var common = 0;
+    var length = Math.min(fromParts.length, toParts.length);
+    for (var i = 0; i < length; i++) {
+      if (fromParts[i] !== toParts[i]) break;
+      common++;
+    }
+    var ups = [];
+    for (var i = common; i < fromParts.length; i++) ups.push('..');
+    return ups.concat(toParts.slice(common)).join('/') || '.';
+  }
+
+  function parse(p) {
+    var root = p.charCodeAt(0) === 47 ? '/' : '';
+    var dir = dirname(p);
+    var base = basename(p);
+    var ext = extname(p);
+    var name = ext ? base.slice(0, base.length - ext.length) : base;
+    return { root: root, dir: dir, base: base, ext: ext, name: name };
+  }
+
+  function format(obj) {
+    var dir = obj.dir || obj.root || '';
+    var base = obj.base || ((obj.name || '') + (obj.ext || ''));
+    if (!dir) return base;
+    if (dir === obj.root) return dir + base;
+    return dir + '/' + base;
+  }
+
+  var posix = { sep: sep, delimiter: delimiter, join: join, resolve: resolve, normalize: normalize, isAbsolute: isAbsolute, dirname: dirname, basename: basename, extname: extname, relative: relative, parse: parse, format: format };
+  posix.posix = posix;
+
+  globalThis[Symbol.for('jb:path')] = posix;
+})();
+`;
+
+// src/commands/js-exec/worker.ts
+var quickjsModule = null;
+var quickjsLoading = null;
+async function getQuickJSModule() {
+  if (quickjsModule) {
+    return quickjsModule;
+  }
+  if (quickjsLoading) {
+    return quickjsLoading;
+  }
+  quickjsLoading = getQuickJS();
+  quickjsModule = await quickjsLoading;
+  return quickjsModule;
+}
+var MEMORY_LIMIT = 64 * 1024 * 1024;
+var INTERRUPT_CYCLES = 1e5;
+function formatError(errorVal) {
+  if (typeof errorVal === "object" && errorVal !== null && "message" in errorVal) {
+    const err = errorVal;
+    const msg = err.message;
+    if (err.stack) {
+      const lines = err.stack.split("\n");
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (trimmed.startsWith("at ")) {
+          const cleaned = trimmed.replace(/^at <eval> \((\/.+)\)$/, "at $1");
+          return `${cleaned}: ${msg}`;
+        }
+      }
+    }
+    return msg;
+  }
+  return String(errorVal);
+}
+function throwError(context, message) {
+  return { error: context.newError(message) };
+}
+function jsToHandle(context, value) {
+  if (value === null || value === void 0) {
+    return context.undefined;
+  }
+  if (typeof value === "string") {
+    return context.newString(value);
+  }
+  if (typeof value === "number") {
+    return context.newNumber(value);
+  }
+  if (typeof value === "boolean") {
+    return value ? context.true : context.false;
+  }
+  if (Array.isArray(value)) {
+    const arr = context.newArray();
+    for (let i = 0; i < value.length; i++) {
+      const elemHandle = jsToHandle(context, value[i]);
+      context.setProp(arr, i, elemHandle);
+      elemHandle.dispose();
+    }
+    return arr;
+  }
+  if (typeof value === "object") {
+    const obj = context.newObject();
+    for (const [k, v] of Object.entries(value)) {
+      const valHandle = jsToHandle(context, v);
+      context.setProp(obj, k, valHandle);
+      valHandle.dispose();
+    }
+    return obj;
+  }
+  return context.undefined;
+}
+function resolveModulePath(name, fromFile, cwd) {
+  if (name.startsWith("/")) return name;
+  const base = fromFile ? fromFile.substring(0, fromFile.lastIndexOf("/")) || "/" : cwd;
+  const parts = `${base}/${name}`.split("/").filter(Boolean);
+  const resolved = [];
+  for (const p of parts) {
+    if (p === "..") resolved.pop();
+    else if (p !== ".") resolved.push(p);
+  }
+  return `/${resolved.join("/")}`;
+}
+var VIRTUAL_MODULES = Object.assign(
+  /* @__PURE__ */ Object.create(null),
+  {
+    fs: `
+    const _fs = globalThis.fs;
+    export const readFile = _fs.readFile;
+    export const readFileSync = function(path, opts) { return _fs.readFileSync(path, opts); };
+    export const readFileBuffer = _fs.readFileBuffer;
+    export const writeFile = _fs.writeFile;
+    export const writeFileSync = _fs.writeFileSync;
+    export const stat = _fs.stat;
+    export const statSync = _fs.statSync;
+    export const lstat = _fs.lstat;
+    export const lstatSync = _fs.lstatSync;
+    export const readdir = _fs.readdir;
+    export const readdirSync = _fs.readdirSync;
+    export const mkdir = _fs.mkdir;
+    export const mkdirSync = _fs.mkdirSync;
+    export const rm = _fs.rm;
+    export const rmSync = _fs.rmSync;
+    export const exists = _fs.exists;
+    export const existsSync = _fs.existsSync;
+    export const appendFile = _fs.appendFile;
+    export const appendFileSync = _fs.appendFileSync;
+    export const symlink = _fs.symlink;
+    export const symlinkSync = _fs.symlinkSync;
+    export const readlink = _fs.readlink;
+    export const readlinkSync = _fs.readlinkSync;
+    export const chmod = _fs.chmod;
+    export const chmodSync = _fs.chmodSync;
+    export const realpath = _fs.realpath;
+    export const realpathSync = _fs.realpathSync;
+    export const rename = _fs.rename;
+    export const renameSync = _fs.renameSync;
+    export const copyFile = _fs.copyFile;
+    export const copyFileSync = _fs.copyFileSync;
+    export const unlinkSync = _fs.unlinkSync;
+    export const unlink = _fs.unlink;
+    export const rmdirSync = _fs.rmdirSync;
+    export const rmdir = _fs.rmdir;
+    export const promises = _fs.promises;
+    export default _fs;
+  `,
+    path: `${PATH_MODULE_SOURCE}
+    const _path = globalThis[Symbol.for('jb:path')];
+    export const join = _path.join;
+    export const resolve = _path.resolve;
+    export const normalize = _path.normalize;
+    export const isAbsolute = _path.isAbsolute;
+    export const dirname = _path.dirname;
+    export const basename = _path.basename;
+    export const extname = _path.extname;
+    export const relative = _path.relative;
+    export const parse = _path.parse;
+    export const format = _path.format;
+    export const sep = _path.sep;
+    export const delimiter = _path.delimiter;
+    export const posix = _path.posix;
+    export default _path;
+  `,
+    process: `
+    const _process = globalThis.process;
+    export const argv = _process.argv;
+    export const cwd = _process.cwd;
+    export const exit = _process.exit;
+    export const env = _process.env;
+    export const platform = _process.platform;
+    export const arch = _process.arch;
+    export const versions = _process.versions;
+    export const version = _process.version;
+    export default _process;
+  `,
+    child_process: `
+    const _exec = globalThis[Symbol.for('jb:exec')];
+    const _execArgs = globalThis[Symbol.for('jb:execArgs')];
+    export function execSync(cmd, opts) {
+      var r = _exec(cmd, opts);
+      if (r.exitCode !== 0) {
+        var e = new Error('Command failed: ' + cmd);
+        e.status = r.exitCode;
+        e.stderr = r.stderr;
+        e.stdout = r.stdout;
+        throw e;
+      }
+      return r.stdout;
+    }
+    export function exec(cmd, opts) { return _exec(cmd, opts); }
+    export function spawnSync(cmd, args, opts) {
+      var r = _execArgs(cmd, args || []);
+      return { stdout: r.stdout, stderr: r.stderr, status: r.exitCode };
+    }
+    export default { exec: exec, execSync: execSync, spawnSync: spawnSync };
+  `,
+    os: `
+    const _os = globalThis[Symbol.for('jb:os')];
+    export const platform = _os.platform;
+    export const arch = _os.arch;
+    export const homedir = _os.homedir;
+    export const tmpdir = _os.tmpdir;
+    export const type = _os.type;
+    export const hostname = _os.hostname;
+    export const EOL = _os.EOL;
+    export const cpus = _os.cpus;
+    export const totalmem = _os.totalmem;
+    export const freemem = _os.freemem;
+    export const endianness = _os.endianness;
+    export default _os;
+  `,
+    url: `
+    const _url = globalThis[Symbol.for('jb:url')];
+    export const URL = _url.URL;
+    export const URLSearchParams = _url.URLSearchParams;
+    export const parse = _url.parse;
+    export const format = _url.format;
+    export default _url;
+  `,
+    assert: `
+    const _assert = globalThis[Symbol.for('jb:assert')];
+    export const ok = _assert.ok;
+    export const equal = _assert.equal;
+    export const notEqual = _assert.notEqual;
+    export const strictEqual = _assert.strictEqual;
+    export const notStrictEqual = _assert.notStrictEqual;
+    export const deepEqual = _assert.deepEqual;
+    export const deepStrictEqual = _assert.deepStrictEqual;
+    export const notDeepEqual = _assert.notDeepEqual;
+    export const throws = _assert.throws;
+    export const doesNotThrow = _assert.doesNotThrow;
+    export const fail = _assert.fail;
+    export default _assert;
+  `,
+    util: `
+    const _util = globalThis[Symbol.for('jb:util')];
+    export const format = _util.format;
+    export const inspect = _util.inspect;
+    export const promisify = _util.promisify;
+    export const types = _util.types;
+    export const inherits = _util.inherits;
+    export default _util;
+  `,
+    events: `
+    const _events = globalThis[Symbol.for('jb:events')];
+    export const EventEmitter = _events.EventEmitter;
+    export default _events;
+  `,
+    buffer: `
+    const _buffer = globalThis[Symbol.for('jb:buffer')];
+    export const Buffer = _buffer.Buffer;
+    export default _buffer;
+  `,
+    stream: `
+    const _stream = globalThis[Symbol.for('jb:stream')];
+    export const Stream = _stream.Stream;
+    export const Readable = _stream.Readable;
+    export const Writable = _stream.Writable;
+    export const Duplex = _stream.Duplex;
+    export const Transform = _stream.Transform;
+    export const PassThrough = _stream.PassThrough;
+    export const pipeline = _stream.pipeline;
+    export default _stream;
+  `,
+    string_decoder: `
+    const _sd = globalThis[Symbol.for('jb:string_decoder')];
+    export const StringDecoder = _sd.StringDecoder;
+    export default _sd;
+  `,
+    querystring: `
+    const _qs = globalThis[Symbol.for('jb:querystring')];
+    export const parse = _qs.parse;
+    export const stringify = _qs.stringify;
+    export const escape = _qs.escape;
+    export const unescape = _qs.unescape;
+    export const decode = _qs.decode;
+    export const encode = _qs.encode;
+    export default _qs;
+  `
+  }
+);
+for (const [name, hint] of Object.entries(UNSUPPORTED_MODULES)) {
+  VIRTUAL_MODULES[name] = `throw new Error("Module '${name}' is not available in the js-exec sandbox. ${hint} Run 'js-exec --help' for available modules.");`;
+}
+function setupContext(context, backend, input) {
+  const consoleObj = context.newObject();
+  const logFn = context.newFunction("log", (...args) => {
+    const parts = args.map((a) => {
+      const val = context.dump(a);
+      return typeof val === "string" ? val : JSON.stringify(val);
+    });
+    try {
+      backend.writeStdout(`${parts.join(" ")}
+`);
+    } catch (e) {
+      return throwError(context, e.message || "write failed");
+    }
+    return context.undefined;
+  });
+  context.setProp(consoleObj, "log", logFn);
+  logFn.dispose();
+  const errorFn = context.newFunction("error", (...args) => {
+    const parts = args.map((a) => {
+      const val = context.dump(a);
+      return typeof val === "string" ? val : JSON.stringify(val);
+    });
+    try {
+      backend.writeStderr(`${parts.join(" ")}
+`);
+    } catch (e) {
+      return throwError(context, e.message || "write failed");
+    }
+    return context.undefined;
+  });
+  context.setProp(consoleObj, "error", errorFn);
+  errorFn.dispose();
+  const warnFn = context.newFunction("warn", (...args) => {
+    const parts = args.map((a) => {
+      const val = context.dump(a);
+      return typeof val === "string" ? val : JSON.stringify(val);
+    });
+    try {
+      backend.writeStderr(`${parts.join(" ")}
+`);
+    } catch (e) {
+      return throwError(context, e.message || "write failed");
+    }
+    return context.undefined;
+  });
+  context.setProp(consoleObj, "warn", warnFn);
+  warnFn.dispose();
+  context.setProp(context.global, "console", consoleObj);
+  consoleObj.dispose();
+  const fsObj = context.newObject();
+  const readFileFn = context.newFunction(
+    "readFile",
+    (pathHandle) => {
+      const path = context.getString(pathHandle);
+      try {
+        const data = backend.readFile(path);
+        return context.newString(new TextDecoder().decode(data));
+      } catch (e) {
+        return throwError(context, e.message || "readFile failed");
+      }
+    }
+  );
+  context.setProp(fsObj, "readFile", readFileFn);
+  readFileFn.dispose();
+  const readFileBufferFn = context.newFunction(
+    "readFileBuffer",
+    (pathHandle) => {
+      const path = context.getString(pathHandle);
+      try {
+        const data = backend.readFile(path);
+        return context.newArrayBuffer(
+          data.buffer.slice(data.byteOffset, data.byteOffset + data.byteLength)
+        );
+      } catch (e) {
+        return throwError(
+          context,
+          e.message || "readFileBuffer failed"
+        );
+      }
+    }
+  );
+  context.setProp(fsObj, "readFileBuffer", readFileBufferFn);
+  readFileBufferFn.dispose();
+  const writeFileFn = context.newFunction(
+    "writeFile",
+    (pathHandle, dataHandle) => {
+      const path = context.getString(pathHandle);
+      const data = context.getString(dataHandle);
+      try {
+        backend.writeFile(path, new TextEncoder().encode(data));
+        return context.undefined;
+      } catch (e) {
+        return throwError(context, e.message || "writeFile failed");
+      }
+    }
+  );
+  context.setProp(fsObj, "writeFile", writeFileFn);
+  writeFileFn.dispose();
+  const statFn = context.newFunction("stat", (pathHandle) => {
+    const path = context.getString(pathHandle);
+    try {
+      const stat = backend.stat(path);
+      return jsToHandle(context, {
+        isFile: stat.isFile,
+        isDirectory: stat.isDirectory,
+        isSymbolicLink: stat.isSymbolicLink,
+        mode: stat.mode,
+        size: stat.size,
+        mtime: stat.mtime.toISOString()
+      });
+    } catch (e) {
+      return throwError(context, e.message || "stat failed");
+    }
+  });
+  context.setProp(fsObj, "stat", statFn);
+  statFn.dispose();
+  const readdirFn = context.newFunction(
+    "readdir",
+    (pathHandle) => {
+      const path = context.getString(pathHandle);
+      try {
+        const entries = backend.readdir(path);
+        return jsToHandle(context, entries);
+      } catch (e) {
+        return throwError(context, e.message || "readdir failed");
+      }
+    }
+  );
+  context.setProp(fsObj, "readdir", readdirFn);
+  readdirFn.dispose();
+  const mkdirFn = context.newFunction(
+    "mkdir",
+    (pathHandle, optsHandle) => {
+      const path = context.getString(pathHandle);
+      let recursive = false;
+      if (optsHandle) {
+        const opts = context.dump(optsHandle);
+        if (opts && typeof opts === "object" && "recursive" in opts) {
+          recursive = Boolean(opts.recursive);
+        }
+      }
+      try {
+        backend.mkdir(path, recursive);
+        return context.undefined;
+      } catch (e) {
+        return throwError(context, e.message || "mkdir failed");
+      }
+    }
+  );
+  context.setProp(fsObj, "mkdir", mkdirFn);
+  mkdirFn.dispose();
+  const rmFn = context.newFunction(
+    "rm",
+    (pathHandle, optsHandle) => {
+      const path = context.getString(pathHandle);
+      let recursive = false;
+      let force = false;
+      if (optsHandle) {
+        const opts = context.dump(optsHandle);
+        if (opts && typeof opts === "object") {
+          if ("recursive" in opts) recursive = Boolean(opts.recursive);
+          if ("force" in opts) force = Boolean(opts.force);
+        }
+      }
+      try {
+        backend.rm(path, recursive, force);
+        return context.undefined;
+      } catch (e) {
+        return throwError(context, e.message || "rm failed");
+      }
+    }
+  );
+  context.setProp(fsObj, "rm", rmFn);
+  rmFn.dispose();
+  const existsFn = context.newFunction(
+    "exists",
+    (pathHandle) => {
+      const path = context.getString(pathHandle);
+      return backend.exists(path) ? context.true : context.false;
+    }
+  );
+  context.setProp(fsObj, "exists", existsFn);
+  existsFn.dispose();
+  const appendFileFn = context.newFunction(
+    "appendFile",
+    (pathHandle, dataHandle) => {
+      const path = context.getString(pathHandle);
+      const data = context.getString(dataHandle);
+      try {
+        backend.appendFile(path, new TextEncoder().encode(data));
+        return context.undefined;
+      } catch (e) {
+        return throwError(context, e.message || "appendFile failed");
+      }
+    }
+  );
+  context.setProp(fsObj, "appendFile", appendFileFn);
+  appendFileFn.dispose();
+  const lstatFn = context.newFunction("lstat", (pathHandle) => {
+    const path = context.getString(pathHandle);
+    try {
+      const s = backend.lstat(path);
+      return jsToHandle(context, {
+        isFile: s.isFile,
+        isDirectory: s.isDirectory,
+        isSymbolicLink: s.isSymbolicLink,
+        mode: s.mode,
+        size: s.size,
+        mtime: s.mtime.toISOString()
+      });
+    } catch (e) {
+      return throwError(context, e.message || "lstat failed");
+    }
+  });
+  context.setProp(fsObj, "lstat", lstatFn);
+  lstatFn.dispose();
+  const symlinkFn = context.newFunction(
+    "symlink",
+    (targetHandle, pathHandle) => {
+      const target = context.getString(targetHandle);
+      const linkPath = context.getString(pathHandle);
+      try {
+        backend.symlink(target, linkPath);
+        return context.undefined;
+      } catch (e) {
+        return throwError(context, e.message || "symlink failed");
+      }
+    }
+  );
+  context.setProp(fsObj, "symlink", symlinkFn);
+  symlinkFn.dispose();
+  const readlinkFn = context.newFunction(
+    "readlink",
+    (pathHandle) => {
+      const path = context.getString(pathHandle);
+      try {
+        const target = backend.readlink(path);
+        return context.newString(target);
+      } catch (e) {
+        return throwError(context, e.message || "readlink failed");
+      }
+    }
+  );
+  context.setProp(fsObj, "readlink", readlinkFn);
+  readlinkFn.dispose();
+  const chmodFn = context.newFunction(
+    "chmod",
+    (pathHandle, modeHandle) => {
+      const path = context.getString(pathHandle);
+      const mode = context.dump(modeHandle);
+      try {
+        backend.chmod(path, typeof mode === "number" ? mode : 0);
+        return context.undefined;
+      } catch (e) {
+        return throwError(context, e.message || "chmod failed");
+      }
+    }
+  );
+  context.setProp(fsObj, "chmod", chmodFn);
+  chmodFn.dispose();
+  const realpathFn = context.newFunction(
+    "realpath",
+    (pathHandle) => {
+      const path = context.getString(pathHandle);
+      try {
+        const resolved = backend.realpath(path);
+        return context.newString(resolved);
+      } catch (e) {
+        return throwError(context, e.message || "realpath failed");
+      }
+    }
+  );
+  context.setProp(fsObj, "realpath", realpathFn);
+  realpathFn.dispose();
+  const renameFn = context.newFunction(
+    "rename",
+    (oldHandle, newHandle) => {
+      const oldPath = context.getString(oldHandle);
+      const newPath = context.getString(newHandle);
+      try {
+        backend.rename(oldPath, newPath);
+        return context.undefined;
+      } catch (e) {
+        return throwError(context, e.message || "rename failed");
+      }
+    }
+  );
+  context.setProp(fsObj, "rename", renameFn);
+  renameFn.dispose();
+  const copyFileFn = context.newFunction(
+    "copyFile",
+    (srcHandle, destHandle) => {
+      const src = context.getString(srcHandle);
+      const dest = context.getString(destHandle);
+      try {
+        backend.copyFile(src, dest);
+        return context.undefined;
+      } catch (e) {
+        return throwError(context, e.message || "copyFile failed");
+      }
+    }
+  );
+  context.setProp(fsObj, "copyFile", copyFileFn);
+  copyFileFn.dispose();
+  context.setProp(context.global, "fs", fsObj);
+  fsObj.dispose();
+  const fetchFn = context.newFunction(
+    "fetch",
+    (urlHandle, optsHandle) => {
+      const url = context.getString(urlHandle);
+      let options;
+      if (optsHandle) {
+        options = context.dump(optsHandle);
+      }
+      try {
+        const result = backend.httpRequest(url, {
+          method: options?.method,
+          headers: options?.headers,
+          body: options?.body
+        });
+        return jsToHandle(context, result);
+      } catch (e) {
+        return throwError(context, e.message || "fetch failed");
+      }
+    }
+  );
+  context.setProp(context.global, "__fetch", fetchFn);
+  fetchFn.dispose();
+  const execFn = context.newFunction(
+    "exec",
+    (cmdHandle, optsHandle) => {
+      const command = context.getString(cmdHandle);
+      let stdin;
+      if (optsHandle) {
+        const opts = context.dump(optsHandle);
+        if (opts?.stdin) {
+          stdin = String(opts.stdin);
+        }
+      }
+      try {
+        const result = backend.execCommand(command, stdin);
+        return jsToHandle(context, result);
+      } catch (e) {
+        return throwError(context, e.message || "exec failed");
+      }
+    }
+  );
+  context.setProp(context.global, "__exec", execFn);
+  execFn.dispose();
+  const execArgsFn = context.newFunction(
+    "execArgs",
+    (cmdHandle, argsHandle) => {
+      const command = context.getString(cmdHandle);
+      const args = context.dump(argsHandle);
+      try {
+        const result = backend.execCommandArgs(command, args);
+        return jsToHandle(context, result);
+      } catch (e) {
+        return throwError(context, e.message || "exec failed");
+      }
+    }
+  );
+  context.setProp(context.global, "__execArgs", execArgsFn);
+  execArgsFn.dispose();
+  const envObj = jsToHandle(context, input.env);
+  context.setProp(context.global, "env", envObj);
+  envObj.dispose();
+  const processObj = context.newObject();
+  const argv = [input.scriptPath || "js-exec", ...input.args];
+  const argvHandle = jsToHandle(context, argv);
+  context.setProp(processObj, "argv", argvHandle);
+  argvHandle.dispose();
+  const cwdFn = context.newFunction("cwd", () => {
+    return context.newString(input.cwd);
+  });
+  context.setProp(processObj, "cwd", cwdFn);
+  cwdFn.dispose();
+  const exitFn = context.newFunction("exit", (codeHandle) => {
+    let code = 0;
+    if (codeHandle) {
+      const val = context.dump(codeHandle);
+      code = typeof val === "number" ? val : 0;
+    }
+    backend.exit(code);
+    return throwError(context, "__EXIT__");
+  });
+  context.setProp(processObj, "exit", exitFn);
+  exitFn.dispose();
+  context.setProp(context.global, "process", processObj);
+  processObj.dispose();
+  const compatResult = context.evalCode(
+    `(function() {
+  // Bridge native handles from string keys (set by QuickJS setProp) to symbol keys
+  globalThis[Symbol.for('jb:fetch')] = globalThis.__fetch;
+  globalThis[Symbol.for('jb:exec')] = globalThis.__exec;
+  globalThis[Symbol.for('jb:execArgs')] = globalThis.__execArgs;
+  delete globalThis.__fetch;
+  delete globalThis.__exec;
+  delete globalThis.__execArgs;
+
+  var _fs = globalThis.fs;
+  // Save original native functions
+  var orig = Object.create(null);
+  var allNames = [
+    'readFile', 'readFileBuffer', 'writeFile', 'stat', 'lstat', 'readdir',
+    'mkdir', 'rm', 'exists', 'appendFile', 'symlink', 'readlink',
+    'chmod', 'realpath', 'rename', 'copyFile'
+  ];
+  for (var i = 0; i < allNames.length; i++) {
+    orig[allNames[i]] = _fs[allNames[i]];
+  }
+
+  // Wrap async-style methods to always throw (matching Node.js which requires a callback).
+  // In Node.js, calling fs.readFile() without a callback throws TypeError.
+  // We don't support callbacks, so the async form always errors.
+  function wrapCb(fn, name) {
+    return function() {
+      throw new Error(
+        "fs." + name + "() with callbacks is not supported. " +
+        "Use fs." + name + "Sync() or fs.promises." + name + "() instead."
+      );
+    };
+  }
+  var cbNames = [
+    'readFile', 'writeFile', 'stat', 'lstat', 'readdir', 'mkdir',
+    'rm', 'appendFile', 'symlink', 'readlink', 'chmod', 'realpath',
+    'rename', 'copyFile'
+  ];
+  for (var i = 0; i < cbNames.length; i++) {
+    if (orig[cbNames[i]]) _fs[cbNames[i]] = wrapCb(orig[cbNames[i]], cbNames[i]);
+  }
+  // exists: callback is especially common in legacy Node.js
+  _fs.exists = wrapCb(orig.exists, 'exists');
+
+  // readFileSync: match Node.js behavior
+  // - No encoding: return Buffer
+  // - With encoding (e.g. 'utf8'): return string
+  _fs.readFileSync = function(path, opts) {
+    var encoding = typeof opts === 'string' ? opts : (opts && opts.encoding);
+    if (encoding) return orig.readFile(path);
+    return Buffer.from(orig.readFileBuffer(path));
+  };
+  _fs.writeFileSync = orig.writeFile;
+  _fs.statSync = orig.stat;
+  _fs.lstatSync = orig.lstat;
+  _fs.readdirSync = orig.readdir;
+  _fs.mkdirSync = orig.mkdir;
+  _fs.rmSync = orig.rm;
+  _fs.existsSync = orig.exists;
+  _fs.appendFileSync = orig.appendFile;
+  _fs.symlinkSync = orig.symlink;
+  _fs.readlinkSync = orig.readlink;
+  _fs.chmodSync = orig.chmod;
+  _fs.realpathSync = orig.realpath;
+  _fs.renameSync = orig.rename;
+  _fs.copyFileSync = orig.copyFile;
+  _fs.unlinkSync = orig.rm;
+  _fs.rmdirSync = orig.rm;
+  _fs.unlink = wrapCb(orig.rm, 'unlink');
+  _fs.rmdir = wrapCb(orig.rm, 'rmdir');
+
+  // promises namespace
+  _fs.promises = {};
+  for (var i = 0; i < allNames.length; i++) {
+    var m = allNames[i];
+    (function(fn) {
+      _fs.promises[m] = function() {
+        try { return Promise.resolve(fn.apply(null, arguments)); }
+        catch(e) { return Promise.reject(e); }
+      };
+    })(orig[m]);
+  }
+  // Override promises.readFile to match Node.js behavior (Buffer vs string)
+  _fs.promises.readFile = function(path, opts) {
+    var encoding = typeof opts === 'string' ? opts : (opts && opts.encoding);
+    try {
+      if (encoding) return Promise.resolve(orig.readFile(path));
+      return Promise.resolve(Buffer.from(orig.readFileBuffer(path)));
+    } catch(e) { return Promise.reject(e); }
+  };
+  _fs.promises.unlink = _fs.promises.rm;
+  _fs.promises.rmdir = _fs.promises.rm;
+  _fs.promises.access = function(p) {
+    return orig.exists(p) ? Promise.resolve() : Promise.reject(new Error('ENOENT: no such file or directory: ' + p));
+  };
+
+  // process enhancements
+  var _p = globalThis.process;
+  _p.env = globalThis.env;
+  _p.platform = 'linux';
+  _p.arch = 'x64';
+  _p.versions = { node: '22.0.0', quickjs: '2024' };
+  _p.version = 'v22.0.0';
+
+  // Initialize path module on globalThis so require('path') works
+  ${PATH_MODULE_SOURCE}
+
+  // Initialize fetch polyfill (URL, Headers, Request, Response, fetch)
+  ${FETCH_POLYFILL_SOURCE}
+
+  // Initialize additional module shims
+  ${EVENTS_MODULE_SOURCE}
+  ${OS_MODULE_SOURCE}
+  ${URL_MODULE_SOURCE}
+  ${ASSERT_MODULE_SOURCE}
+  ${UTIL_MODULE_SOURCE}
+  ${BUFFER_MODULE_SOURCE}
+  ${STREAM_MODULE_SOURCE}
+  ${STRING_DECODER_MODULE_SOURCE}
+  ${QUERYSTRING_MODULE_SOURCE}
+
+  // Wrap console methods to auto-stringify Buffer arguments.
+  // In Node.js, console.log(buffer) calls util.inspect \u2192 toString().
+  (function() {
+    var _cl = console.log;
+    var _ce = console.error;
+    var _cw = console.warn;
+    function fix(a) { return a instanceof Buffer ? a.toString() : a; }
+    function wrap(fn) {
+      return function() {
+        var a = [];
+        for (var i = 0; i < arguments.length; i++) a.push(fix(arguments[i]));
+        return fn.apply(console, a);
+      };
+    }
+    console.log = wrap(_cl);
+    console.error = wrap(_ce);
+    console.warn = wrap(_cw);
+  })();
+
+  // require() shim for CommonJS compatibility
+  var _execFn = globalThis[Symbol.for('jb:exec')];
+  var _execArgsFn = globalThis[Symbol.for('jb:execArgs')];
+  var _childProcess = {
+    exec: function(cmd, opts) { return _execFn(cmd, opts); },
+    execSync: function(cmd, opts) {
+      var r = _execFn(cmd, opts);
+      if (r.exitCode !== 0) {
+        var e = new Error('Command failed: ' + cmd);
+        e.status = r.exitCode;
+        e.stderr = r.stderr;
+        e.stdout = r.stdout;
+        throw e;
+      }
+      return r.stdout;
+    },
+    spawnSync: function(cmd, args, opts) {
+      var r = _execArgsFn(cmd, args || []);
+      return { stdout: r.stdout, stderr: r.stderr, status: r.exitCode };
+    }
+  };
+
+  var _modules = Object.create(null);
+  _modules.fs = _fs;
+  _modules.path = globalThis[Symbol.for('jb:path')];
+  _modules.child_process = _childProcess;
+  _modules.process = _p;
+  _modules.console = globalThis.console;
+  _modules.os = globalThis[Symbol.for('jb:os')];
+  _modules.url = globalThis[Symbol.for('jb:url')];
+  _modules.assert = globalThis[Symbol.for('jb:assert')];
+  _modules.util = globalThis[Symbol.for('jb:util')];
+  _modules.events = globalThis[Symbol.for('jb:events')];
+  _modules.buffer = globalThis[Symbol.for('jb:buffer')];
+  _modules.stream = globalThis[Symbol.for('jb:stream')];
+  _modules.string_decoder = globalThis[Symbol.for('jb:string_decoder')];
+  _modules.querystring = globalThis[Symbol.for('jb:querystring')];
+
+  var _unsupported = Object.create(null);
+  var _unsupportedRaw = ${JSON.stringify(UNSUPPORTED_MODULES)};
+  Object.keys(_unsupportedRaw).forEach(function(_key) {
+    _unsupported[_key] = _unsupportedRaw[_key];
+  });
+
+  globalThis.require = function(name) {
+    if (name.startsWith('node:')) name = name.slice(5);
+    if (Object.prototype.hasOwnProperty.call(_modules, name)) {
+      return _modules[name];
+    }
+    if (Object.prototype.hasOwnProperty.call(_unsupported, name)) {
+      var hint = _unsupported[name];
+      throw new Error("Module '" + name + "' is not available in the js-exec sandbox. " + hint + " Run 'js-exec --help' for available modules.");
+    }
+    throw new Error("Cannot find module '" + name + "'. Run 'js-exec --help' for available modules.");
+  };
+  globalThis.require.resolve = function(name) { return name; };
+})();`,
+    "<compat>"
+  );
+  if (compatResult.error) {
+    compatResult.error.dispose();
+  } else {
+    compatResult.value.dispose();
+  }
+}
+var originalProcessExit = process.exit.bind(process);
+process.on("uncaughtException", () => {
+  originalProcessExit(1);
+});
+var defense = null;
+async function initializeWithDefense() {
+  await getQuickJSModule();
+  try {
+    stripTypeScriptTypes("const x = 1;");
+  } catch {
+  }
+  await new Promise((r) => setTimeout(r, 0));
+  defense = new WorkerDefenseInDepth({
+    excludeViolationTypes: [
+      // SharedArrayBuffer/Atomics: Used by sync-backend for synchronous
+      // filesystem communication between the worker and main thread.
+      "shared_array_buffer",
+      "atomics",
+      // process.stdout/stderr: Emscripten (quickjs-emscripten) routes WASM
+      // stdout/stderr through Node.js console which uses process.stdout/stderr.
+      // User code runs inside QuickJS with no access to Node.js process.
+      "process_stdout",
+      "process_stderr"
+    ]
+  });
+}
+async function executeCode(input) {
+  const qjs = await getQuickJSModule();
+  const backend = new SyncBackend(input.sharedBuffer, input.timeoutMs);
+  let runtime;
+  let context;
+  try {
+    runtime = qjs.newRuntime();
+    runtime.setMemoryLimit(MEMORY_LIMIT);
+    let interruptCount = 0;
+    runtime.setInterruptHandler(() => {
+      interruptCount++;
+      return interruptCount > INTERRUPT_CYCLES;
+    });
+    context = runtime.newContext();
+    setupContext(context, backend, input);
+    {
+      const initResult = context.evalCode(
+        `{
+          // --- Block dynamic code compilation ---
+          // @banned-pattern-ignore: intentional sandbox hardening \u2014 removes eval/Function inside QuickJS guest, not the host
+          Object.defineProperty(globalThis, 'eval', {
+            value: undefined,
+            writable: false,
+            configurable: false,
+          });
+          const BlockedFunction = function () {
+            throw new TypeError('Function constructor is not allowed');
+          };
+          const OrigFunction = Function;
+          BlockedFunction.prototype = OrigFunction.prototype;
+
+          // Capture function-type constructors before we patch them
+          const AsyncFunction = (async function(){}).constructor;
+          const GeneratorFunction = (function*(){}).constructor;
+          const AsyncGeneratorFunction = (async function*(){}).constructor;
+
+          // Patch .constructor on all function-type prototypes
+          for (const proto of [
+            OrigFunction.prototype,
+            AsyncFunction.prototype,
+            GeneratorFunction.prototype,
+            AsyncGeneratorFunction.prototype,
+          ]) {
+            Object.defineProperty(proto, 'constructor', {
+              value: BlockedFunction,
+              writable: false,
+              configurable: false,
+            });
+          }
+          // @banned-pattern-ignore: intentional sandbox hardening \u2014 replaces Function constructor inside QuickJS guest
+          Object.defineProperty(globalThis, 'Function', {
+            value: BlockedFunction,
+            writable: false,
+            configurable: false,
+          });
+
+          // --- Freeze all intrinsic prototypes ---
+          // Prevents prototype pollution (e.g. Array.prototype.x = ...).
+          // Only language intrinsics \u2014 not sandbox-injected objects
+          // (process, console, require) which need to stay mutable.
+          // Error prototypes are excluded: freezing them makes the inherited
+          // "message" property non-writable, which prevents new Error instances
+          // from having their own "message" set (JS spec OrdinarySet step 4).
+          const g = globalThis;
+          const toFreeze = [
+            Object, Object.prototype,
+            OrigFunction, OrigFunction.prototype,
+            AsyncFunction, AsyncFunction.prototype,
+            GeneratorFunction, GeneratorFunction.prototype,
+            AsyncGeneratorFunction, AsyncGeneratorFunction.prototype,
+            Array, Array.prototype,
+            String, String.prototype,
+            Number, Number.prototype,
+            Boolean, Boolean.prototype,
+            g.Symbol, g.Symbol && g.Symbol.prototype,
+            RegExp, RegExp.prototype,
+            Date, Date.prototype,
+            Map, Map.prototype,
+            Set, Set.prototype,
+            WeakMap, WeakMap.prototype,
+            WeakSet, WeakSet.prototype,
+            g.WeakRef, g.WeakRef && g.WeakRef.prototype,
+            Promise, Promise.prototype,
+            ArrayBuffer, ArrayBuffer.prototype,
+            g.SharedArrayBuffer, g.SharedArrayBuffer && g.SharedArrayBuffer.prototype,
+            g.DataView, g.DataView && g.DataView.prototype,
+            JSON, Math, g.Reflect, g.Proxy, g.Atomics,
+            g.BigInt, g.BigInt && g.BigInt.prototype,
+            BlockedFunction,
+          ];
+          // TypedArrays (guard against missing globals in QuickJS)
+          for (const name of [
+            'Int8Array','Uint8Array','Uint8ClampedArray',
+            'Int16Array','Uint16Array','Int32Array','Uint32Array',
+            'Float32Array','Float64Array',
+            'BigInt64Array','BigUint64Array',
+          ]) {
+            if (g[name]) {
+              toFreeze.push(g[name], g[name].prototype);
+            }
+          }
+          // %TypedArray% intrinsic (shared base)
+          if (g.Uint8Array) {
+            const taProto = Object.getPrototypeOf(g.Uint8Array.prototype);
+            if (taProto && taProto !== Object.prototype) toFreeze.push(taProto);
+            const taCtor = Object.getPrototypeOf(g.Uint8Array);
+            if (taCtor && taCtor !== OrigFunction.prototype) toFreeze.push(taCtor);
+          }
+          // Iterator prototypes
+          try {
+            const arrIterProto = Object.getPrototypeOf(
+              Object.getPrototypeOf([][Symbol.iterator]())
+            );
+            if (arrIterProto) {
+              toFreeze.push(arrIterProto);
+              const iterProto = Object.getPrototypeOf(arrIterProto);
+              if (iterProto) toFreeze.push(iterProto);
+            }
+          } catch {}
+          try {
+            toFreeze.push(Object.getPrototypeOf(new Map()[Symbol.iterator]()));
+          } catch {}
+          try {
+            toFreeze.push(Object.getPrototypeOf(new Set()[Symbol.iterator]()));
+          } catch {}
+          try {
+            toFreeze.push(Object.getPrototypeOf(''[Symbol.iterator]()));
+          } catch {}
+          try {
+            const genObj = (function*(){})();
+            toFreeze.push(Object.getPrototypeOf(genObj));
+            toFreeze.push(Object.getPrototypeOf(Object.getPrototypeOf(genObj)));
+          } catch {}
+          try {
+            const asyncGenObj = (async function*(){})();
+            toFreeze.push(Object.getPrototypeOf(asyncGenObj));
+            toFreeze.push(Object.getPrototypeOf(Object.getPrototypeOf(asyncGenObj)));
+          } catch {}
+
+          for (const obj of toFreeze) {
+            if (obj != null) {
+              try { Object.freeze(obj); } catch {}
+            }
+          }
+        }`,
+        "<sandbox-init>"
+      );
+      if (initResult.error) {
+        const errVal = context.dump(initResult.error);
+        initResult.error.dispose();
+        const msg = typeof errVal === "object" && errVal !== null && "message" in errVal ? errVal.message : String(errVal);
+        backend.writeStderr(`js-exec: sandbox hardening failed: ${msg}
+`);
+        backend.exit(1);
+        return { success: true };
+      }
+      initResult.value.dispose();
+    }
+    if (input.isModule) {
+      runtime.setModuleLoader(
+        (moduleName) => {
+          if (Object.hasOwn(VIRTUAL_MODULES, moduleName)) {
+            return VIRTUAL_MODULES[moduleName];
+          }
+          try {
+            const data = backend.readFile(moduleName);
+            let source = new TextDecoder().decode(data);
+            if (moduleName.endsWith(".ts") || moduleName.endsWith(".mts")) {
+              source = stripTypeScriptTypes(source);
+            }
+            return source;
+          } catch (e) {
+            return {
+              error: new Error(
+                `Cannot find module '${moduleName}': ${e.message}`
+              )
+            };
+          }
+        },
+        (baseModuleName, requestedName) => {
+          if (requestedName.startsWith("node:")) {
+            requestedName = requestedName.slice(5);
+          }
+          if (!requestedName.startsWith("./") && !requestedName.startsWith("../") && !requestedName.startsWith("/")) {
+            return requestedName;
+          }
+          const fromFile = baseModuleName === "<eval>" ? void 0 : baseModuleName;
+          return resolveModulePath(requestedName, fromFile, input.cwd);
+        }
+      );
+    }
+    if (input.bootstrapCode) {
+      const bootstrapResult = context.evalCode(
+        input.bootstrapCode,
+        "bootstrap.js"
+      );
+      if (bootstrapResult.error) {
+        const errorVal = context.dump(bootstrapResult.error);
+        bootstrapResult.error.dispose();
+        const errorMsg = formatError(errorVal);
+        backend.writeStderr(`js-exec: bootstrap error: ${errorMsg}
+`);
+        backend.exit(1);
+        return { success: true };
+      }
+      bootstrapResult.value.dispose();
+    }
+    const filename = input.scriptPath || "<eval>";
+    let jsCode = input.jsCode;
+    if (input.stripTypes) {
+      jsCode = stripTypeScriptTypes(jsCode);
+    }
+    const result = input.isModule ? context.evalCode(jsCode, filename, { type: "module" }) : context.evalCode(jsCode, filename);
+    if (result.error) {
+      const errorVal = context.dump(result.error);
+      result.error.dispose();
+      const rawMsg = typeof errorVal === "object" && errorVal !== null && "message" in errorVal ? errorVal.message : String(errorVal);
+      if (rawMsg === "__EXIT__") {
+        return { success: true };
+      }
+      const errorMsg = formatError(errorVal);
+      try {
+        backend.writeStderr(`${errorMsg}
+`);
+      } catch {
+      }
+      backend.exit(1);
+      return { success: true };
+    }
+    {
+      const pendingResult = runtime.executePendingJobs();
+      if ("error" in pendingResult && pendingResult.error) {
+        const errorVal = context.dump(pendingResult.error);
+        pendingResult.error.dispose();
+        const rawPendingMsg = typeof errorVal === "object" && errorVal !== null && "message" in errorVal ? errorVal.message : String(errorVal);
+        if (rawPendingMsg !== "__EXIT__") {
+          const errorMsg = formatError(errorVal);
+          try {
+            backend.writeStderr(`${errorMsg}
+`);
+          } catch {
+          }
+          backend.exit(1);
+          return { success: true };
+        }
+        return { success: true };
+      }
+    }
+    result.value.dispose();
+    backend.exit(0);
+    return {
+      success: true,
+      defenseStats: defense?.getStats()
+    };
+  } catch (e) {
+    const message = e instanceof Error ? e.message : String(e);
+    try {
+      backend.writeStderr(`js-exec: ${message}
+`);
+    } catch {
+    }
+    try {
+      backend.exit(1);
+    } catch {
+      return { success: false, error: message };
+    }
+    return { success: true };
+  } finally {
+    context?.dispose();
+    runtime?.dispose();
+  }
+}
+var initPromise = initializeWithDefense().catch((e) => {
+  parentPort?.postMessage({
+    success: false,
+    // @banned-pattern-ignore: worker-internal init error; message stays within worker protocol, sanitized by js-exec.ts before user output
+    error: e.message,
+    defenseStats: defense?.getStats()
+  });
+});
+parentPort?.on("message", async (input) => {
+  try {
+    await initPromise;
+    const result = await executeCode(input);
+    result.defenseStats = defense?.getStats();
+    result.protocolToken = input.protocolToken;
+    parentPort?.postMessage(result);
+  } catch (e) {
+    parentPort?.postMessage({
+      protocolToken: input.protocolToken,
+      success: false,
+      // @banned-pattern-ignore: worker-internal error; message stays within worker protocol, sanitized by js-exec.ts before user output
+      error: e.message,
+      defenseStats: defense?.getStats()
+    });
+  }
+});