mustardscript 0.1.0 → 0.1.2

package/README.md

@@ -67,9 +67,9 @@ The current implementation already supports:
 
 ## Reference Docs
 
-- [Security Threat Model](SECURITY_THREAT_MODEL.md)
+- [Security Threat Model](docs/SECURITY_THREAT_MODEL.md)
 - [Security Model](docs/SECURITY_MODEL.md)
-- [Use Case Gaps](USE_CASE_GAPS.md)
+- [Use Case Gaps](docs/USE_CASE_GAPS.md)
 - [Language Contract](docs/LANGUAGE.md)
 - [Host API](docs/HOST_API.md)
 - [Serialization](docs/SERIALIZATION.md)
@@ -79,30 +79,36 @@ The current implementation already supports:
 - [Runtime Value Model](docs/RUNTIME_MODEL.md)
 - [Sidecar Protocol](docs/SIDECAR_PROTOCOL.md)
 - [Benchmarking Notes and Comparison Plan](benchmarks/README.md)
+- [PTC Benchmark Coverage](docs/PTC_BENCHMARK_COVERAGE.md)
 - [Release Guide](docs/RELEASE.md)
 - [Architecture ADRs](docs/ADRs/0001-core-architecture.md)
 
 ## Installation
 
-The release package name is `mustardscript`. The default and fully verified
-path is still source-build installation from a clean checkout or packed source
-tarball, where `npm install` compiles the native addon locally. Optional
-prebuilt binaries now have a separate release flow for the documented target
-matrix, but the loader now only accepts validated `.node` artifacts from the
-expected optional package layout. Source-build fallback remains the baseline
-path, now ships `Cargo.lock`, and builds the addon in release mode. It still
-requires a Rust toolchain plus Node.js on the target machine.
+The release package name is `mustardscript`. The published npm package is now
+prebuilt-only: `npm install mustardscript` succeeds only when npm can install a
+matching optional native binding package for the current platform. The loader
+accepts only the documented binding package layout and fails closed when no
+matching prebuilt is present.
+
+Current prebuilt target matrix:
+
+- `@mustardscript/binding-darwin-arm64`
+- `@mustardscript/binding-darwin-x64`
+- `@mustardscript/binding-linux-x64-gnu`
+- `@mustardscript/binding-win32-x64-msvc`
 
 From a clean checkout:
 
 ```sh
 npm install
+npm run build
 npm test
 ```
 
-That flow builds the Rust addon locally and then runs the Node and packaging
-smoke tests. Prebuilt binaries are intentionally deferred until the package
-shape is stable.
+That maintainer flow installs dependencies, builds the local addon in the
+checkout, and then runs the Node and packaging smoke tests. End-user npm
+installs no longer compile the addon from Rust sources.
 
 Release verification and publish guidance live in
 [docs/RELEASE.md](docs/RELEASE.md).
@@ -116,6 +122,27 @@ Maintainers can run `npm run ralph-loop -- <plan.md>` to repeatedly invoke
 marks itself with `[PLAN HAS BEEN COMPLETED]` or `[BLOCKED]`. Use
 `--max-iterations <n>` to cap the loop when needed.
 
+## Website Playground
+
+The repository now includes an experimental website playground in
+[`website/`](website) that compares:
+
+- `MustardScript` guest code running in the browser via a dedicated
+  `wasm32-unknown-unknown` build of the Rust core
+- vanilla JavaScript running client-side inside a sandboxed iframe
+
+The website build copies a raw `.wasm` artifact into
+`website/public/mustard-playground.wasm` through
+`website/scripts/build-playground-wasm.mjs`. The iframe path is a demo-only
+comparison surface, not a hardened sandbox. It intentionally has no ambient
+host authority beyond the fixed scenario helper set, but a synchronous infinite
+loop in browser JavaScript can still block the page event loop before the
+cooperative timeout/reset logic runs.
+
+The current release-mode `.wasm` artifact is also large, roughly 71 MB before
+HTTP compression, so the browser playground should be treated as an
+experimental demo target until bundle-size work lands.
+
 ## Agent-Style Example
 
 See [examples/agent-style.ts](examples/agent-style.ts) for a minimal host loop
@@ -459,8 +486,9 @@ Current built-in helper support is intentionally conservative:
 - `Date.now()`, `new Date(value).getTime()`, `Date.prototype.toISOString()`,
   `Date.prototype.toJSON()`, and the documented UTC field accessors are
   supported
-- `Number.parseInt`, `Number.parseFloat`, `Number.isNaN`, and
-  `Number.isFinite` are supported
+- `Number.parseInt`, `Number.parseFloat`, `Number.isNaN`,
+  `Number.isFinite`, and the documented number formatting helpers are
+  supported
 - `Intl.DateTimeFormat` and `Intl.NumberFormat` are available in a narrow
   `en-US` / `UTC` subset with explicit fail-closed behavior for unsupported
   locales and options
@@ -711,6 +739,8 @@ The public Node API should stay small.
 Illustrative shape:
 
 ```ts
+import { ExecutionContext, Mustard } from 'mustardscript'
+
 type HostValue =
   | undefined
   | null
@@ -726,8 +756,7 @@ const program = new Mustard(source, {
   inputs: ['x'],
 })
 
-const result = await program.run({
-  inputs: { x: 1 },
+const context = new ExecutionContext({
   capabilities: {
     fetch_data: async (url) => '...',
   },
@@ -736,12 +765,23 @@ const result = await program.run({
     heapLimitBytes: 8 << 20,
     callDepthLimit: 256,
   },
+  snapshotKey: 'host-chosen-snapshot-key',
+})
+
+const result = await program.run({
+  context,
+  inputs: { x: 1 },
 })
 ```
 
+`ExecutionContext` is optional, but it is the intended steady-state path when a
+host will reuse the same capabilities, limits, and snapshot key across many
+`run()` / `start()` / `Progress.load()` calls.
+
 Lower-level control should exist for advanced hosts:
 
 - `new Mustard(...)`
+- `new ExecutionContext(...)`
 - `Mustard.validateProgram(...)`
 - `run(...)`
 - `start(...)`
@@ -756,7 +796,7 @@ For hosts managing a large backlog of resumable jobs, the Node wrapper also
 exports `MustardExecutor` plus `InMemoryMustardExecutorStore` as a thin
 queue-oriented layer over `start()` / `Progress.dump()` / `Progress.load()`.
 The design and invariants for that layer are documented in
-[MUSTARD_EXECUTOR.md](MUSTARD_EXECUTOR.md).
+[docs/MUSTARD_EXECUTOR.md](docs/MUSTARD_EXECUTOR.md).
 
 Native failures are surfaced in Node as typed JavaScript errors:
 `MustardParseError`, `MustardValidationError`, `MustardRuntimeError`,
@@ -768,10 +808,13 @@ program. It does not prove that a later `run()` or `start()` call will succeed
 with a particular host policy, input set, capability map, or runtime limit.
 
 `Progress.load(...)` always requires explicit restore authority: the host must
-pass `capabilities` or `console`, explicit `limits` as an object (use `{}` for
-default runtime limits), and the original `snapshotKey`. The dumped token
-authenticates the snapshot bytes before any loaded capability metadata is
-trusted, and same-process dumps stay single-use.
+pass either a reusable `ExecutionContext` or explicit `capabilities` /
+`console`, explicit `limits` as an object (use `{}` for default runtime
+limits), and the original `snapshotKey`. The dumped token authenticates the
+snapshot bytes before any loaded capability metadata is trusted, current dumps
+also carry authenticated suspended metadata so `Progress.load(...)` usually
+avoids native re-inspection, legacy dumps still fall back to inspection, and
+same-process dumps stay single-use.
 
 The common path should be easy. The advanced path should remain explicit.
 

package/SECURITY.md

@@ -18,7 +18,7 @@ Security issues include:
 
 Report vulnerabilities through GitHub Security Advisories:
 
-- https://github.com/keppoai/mustardscript/security/advisories/new
+- https://github.com/mustardscript/mustardscript/security/advisories/new
 
 Do not open public GitHub issues for unpatched security reports.
 

package/dist/index.js

@@ -3,6 +3,7 @@
 const { loadNative } = require('./native-loader.js');
 const { createExecutorApi } = require('./lib/executor.js');
 const { MustardError } = require('./lib/errors.js');
+const { ExecutionContext } = require('./lib/policy.js');
 const { createProgressApi } = require('./lib/progress.js');
 const { createMustardClass } = require('./lib/runtime.js');
 
@@ -12,6 +13,7 @@ const Mustard = createMustardClass({ native, materializeStep, parseStep });
 const { InMemoryMustardExecutorStore, MustardExecutor } = createExecutorApi({ Mustard, Progress });
 
 module.exports = {
+  ExecutionContext,
   InMemoryMustardExecutorStore,
   MustardError,
   Mustard,

package/dist/lib/executor.js

@@ -28,14 +28,29 @@ function cloneJobRecord(record) {
 }
 
 function clonePersistedProgress(progress) {
-  return {
+  const cloned = {
     capability: progress.capability,
     args: structuredClone(progress.args),
     snapshot: Buffer.from(progress.snapshot),
     snapshot_id: progress.snapshot_id,
     snapshot_key_digest: progress.snapshot_key_digest,
     token: progress.token,
+    suspended_manifest:
+      typeof progress.suspended_manifest === 'string'
+        ? progress.suspended_manifest
+        : undefined,
+    suspended_manifest_token:
+      typeof progress.suspended_manifest_token === 'string'
+        ? progress.suspended_manifest_token
+        : undefined,
   };
+  if (Buffer.isBuffer(progress.program) || progress.program instanceof Uint8Array) {
+    cloned.program = Buffer.from(progress.program);
+  }
+  if (typeof progress.program_id === 'string') {
+    cloned.program_id = progress.program_id;
+  }
+  return cloned;
 }
 
 function sanitizeFailure(error) {

package/dist/lib/policy.js

@@ -5,7 +5,13 @@ const { types } = require('node:util');
 const { loadNative } = require('../native-loader.js');
 
 const { MustardError, callNative } = require('./errors.js');
-const { defineEnumerableProperty, hasOwnProperty, isAccessorDescriptor } = require('./structured.js');
+const {
+  decodeStructured,
+  defineEnumerableProperty,
+  encodeStructured,
+  hasOwnProperty,
+  isAccessorDescriptor,
+} = require('./structured.js');
 
 const CONSOLE_CAPABILITY_NAMES = {
   log: 'console.log',
@@ -13,7 +19,18 @@ const CONSOLE_CAPABILITY_NAMES = {
   error: 'console.error',
 };
 const DEFAULT_SNAPSHOT_KEY = crypto.randomBytes(32);
+const encodedSnapshotPolicyPrefixCache = new WeakMap();
 let nativeSnapshotHelpers;
+const executionContextHandleRegistry =
+  typeof FinalizationRegistry === 'function'
+    ? new FinalizationRegistry((contextHandle) => {
+        try {
+          callNative(snapshotNative().releaseExecutionContext, contextHandle);
+        } catch {
+          // Best-effort cleanup only; process shutdown can race native teardown.
+        }
+      })
+    : null;
 
 function snapshotNative() {
   nativeSnapshotHelpers ??= loadNative();
@@ -126,20 +143,165 @@ function cloneSnapshotKey(snapshotKey) {
   return Buffer.from(snapshotKey);
 }
 
+function freezePolicy(policy) {
+  return Object.freeze({
+    capabilities: Object.freeze(policy.capabilities.slice()),
+    limits: Object.freeze({ ...policy.limits }),
+  });
+}
+
+function getEncodedSnapshotPolicyPrefix(policy) {
+  let cached = encodedSnapshotPolicyPrefixCache.get(policy);
+  if (cached !== undefined) {
+    return cached;
+  }
+  cached =
+    `{"capabilities":${JSON.stringify(policy.capabilities)}` +
+    `,"limits":${JSON.stringify(policy.limits)}`;
+  encodedSnapshotPolicyPrefixCache.set(policy, cached);
+  return cached;
+}
+
+function resolveSnapshotKeyEncoding(options) {
+  if (
+    typeof options?.snapshotKeyBase64 === 'string' &&
+    options.snapshotKeyBase64.length > 0 &&
+    typeof options?.snapshotKeyDigest === 'string' &&
+    options.snapshotKeyDigest.length > 0
+  ) {
+    return {
+      snapshotKeyBase64: options.snapshotKeyBase64,
+      snapshotKeyDigest: options.snapshotKeyDigest,
+    };
+  }
+  if (options?.snapshotKey === undefined) {
+    return null;
+  }
+  const snapshotKey = cloneSnapshotKey(options.snapshotKey);
+  return {
+    snapshotKeyBase64: snapshotKey.toString('base64'),
+    snapshotKeyDigest: snapshotKeyDigest(snapshotKey),
+  };
+}
+
+function assertNoContextOverrides(options, label) {
+  if (
+    hasOwnProperty(options, 'capabilities') ||
+    hasOwnProperty(options, 'console') ||
+    hasOwnProperty(options, 'limits') ||
+    hasOwnProperty(options, 'snapshotKey')
+  ) {
+    throw new TypeError(
+      `${label}.context cannot be combined with capabilities, console, limits, or snapshotKey`,
+    );
+  }
+}
+
+class ExecutionContext {
+  #hostHandlers;
+  #policy;
+  #policyJson;
+  #snapshotKey;
+  #snapshotKeyBase64;
+  #snapshotKeyDigest;
+  #nativeHandle;
+  #nativeHandleToken;
+
+  constructor(options = {}) {
+    const {
+      hostHandlers,
+      policy,
+      snapshotKey,
+      snapshotKeyBase64,
+      snapshotKeyDigest: snapshotKeyDigestValue,
+    } = createExecutionPolicy(options);
+    this.#hostHandlers = hostHandlers;
+    this.#policy = freezePolicy(policy);
+    this.#policyJson = null;
+    this.#snapshotKey = cloneSnapshotKey(snapshotKey);
+    this.#snapshotKeyBase64 = snapshotKeyBase64;
+    this.#snapshotKeyDigest = snapshotKeyDigestValue;
+    this.#nativeHandle = null;
+    this.#nativeHandleToken = null;
+  }
+
+  hostHandlers() {
+    return this.#hostHandlers;
+  }
+
+  policy() {
+    return this.#policy;
+  }
+
+  snapshotKey() {
+    return cloneSnapshotKey(this.#snapshotKey);
+  }
+
+  snapshotKeyMetadata() {
+    return {
+      snapshotKey: cloneSnapshotKey(this.#snapshotKey),
+      snapshotKeyBase64: this.#snapshotKeyBase64,
+      snapshotKeyDigest: this.#snapshotKeyDigest,
+    };
+  }
+
+  policyJson() {
+    this.#policyJson ??= JSON.stringify(this.#policy);
+    return this.#policyJson;
+  }
+
+  nativeHandle() {
+    if (this.#nativeHandle !== null) {
+      return this.#nativeHandle;
+    }
+    const nativeHandle = callNative(
+      snapshotNative().createExecutionContext,
+      this.policyJson(),
+    );
+    this.#nativeHandle = nativeHandle;
+    this.#nativeHandleToken = {};
+    executionContextHandleRegistry?.register(this, nativeHandle, this.#nativeHandleToken);
+    return nativeHandle;
+  }
+}
+
+function resolveExecutionContext(options = {}, label = 'options') {
+  const context = options?.context;
+  if (context === undefined) {
+    return createExecutionPolicy(options);
+  }
+  if (!(context instanceof ExecutionContext)) {
+    throw new TypeError(`${label}.context must be an ExecutionContext`);
+  }
+  assertNoContextOverrides(options, label);
+  const snapshotKeyMetadata = context.snapshotKeyMetadata();
+  return {
+    hostHandlers: context.hostHandlers(),
+    policy: context.policy(),
+    nativeContextHandle: context.nativeHandle(),
+    ...snapshotKeyMetadata,
+  };
+}
+
 function encodeSnapshotPolicy(policy, options = undefined) {
-  const encoded = cloneSnapshotPolicy(policy);
+  const chunks = [getEncodedSnapshotPolicyPrefix(policy)];
   if (typeof options?.snapshotId === 'string' && options.snapshotId.length > 0) {
-    encoded.snapshot_id = options.snapshotId;
+    chunks.push(',"snapshot_id":', JSON.stringify(options.snapshotId));
   }
-  if (options?.snapshotKey !== undefined) {
-    const snapshotKey = cloneSnapshotKey(options.snapshotKey);
-    encoded.snapshot_key_base64 = snapshotKey.toString('base64');
-    encoded.snapshot_key_digest = snapshotKeyDigest(snapshotKey);
+  const snapshotKeyEncoding = resolveSnapshotKeyEncoding(options);
+  if (snapshotKeyEncoding !== null) {
+    chunks.push(
+      ',"snapshot_key_base64":',
+      JSON.stringify(snapshotKeyEncoding.snapshotKeyBase64),
+      ',"snapshot_key_digest":',
+      JSON.stringify(snapshotKeyEncoding.snapshotKeyDigest),
+    );
   }
   if (typeof options?.snapshotToken === 'string' && options.snapshotToken.length > 0) {
-    encoded.snapshot_token = options.snapshotToken;
+    chunks.push(',"snapshot_token":', JSON.stringify(options.snapshotToken));
   }
-  return JSON.stringify(encoded);
+  chunks.push('}');
+  return chunks.join('');
 }
 
 function normalizeSnapshotKey(snapshotKey, label) {
@@ -164,22 +326,108 @@ function snapshotIdentity(snapshot) {
   return callNative(snapshotNative().snapshotIdentity, Buffer.from(snapshot));
 }
 
+function programIdentity(program) {
+  return crypto.createHash('sha256').update(Buffer.from(program)).digest('hex');
+}
+
 function snapshotKeyDigest(snapshotKey) {
   return crypto.createHash('sha256').update(snapshotKey).digest('hex');
 }
 
+function suspendedManifestError() {
+  return new MustardError(
+    'Serialization',
+    'Progress.load() rejected tampered or unauthenticated suspended metadata',
+  );
+}
+
+function createSuspendedManifest(capability, args) {
+  if (typeof capability !== 'string' || capability.length === 0) {
+    throw new TypeError('Progress.dump() requires a suspended capability name');
+  }
+  if (!Array.isArray(args)) {
+    throw new TypeError('Progress.dump() requires suspended args as an array');
+  }
+  return JSON.stringify({
+    capability,
+    args: args.map((value) => encodeStructured(value)),
+  });
+}
+
+function parseSuspendedManifest(suspendedManifest) {
+  try {
+    const manifest = JSON.parse(suspendedManifest);
+    if (manifest === null || typeof manifest !== 'object' || Array.isArray(manifest)) {
+      throw suspendedManifestError();
+    }
+    if (typeof manifest.capability !== 'string' || manifest.capability.length === 0) {
+      throw suspendedManifestError();
+    }
+    if (!Array.isArray(manifest.args)) {
+      throw suspendedManifestError();
+    }
+    return {
+      capability: manifest.capability,
+      args: manifest.args.map((value) => decodeStructured(value)),
+    };
+  } catch (error) {
+    if (error instanceof MustardError) {
+      throw error;
+    }
+    throw suspendedManifestError();
+  }
+}
+
+function suspendedManifestToken(snapshotId, suspendedManifest, snapshotKey) {
+  return crypto
+    .createHmac('sha256', snapshotKey)
+    .update(snapshotId, 'utf8')
+    .update('\0', 'utf8')
+    .update(suspendedManifest, 'utf8')
+    .digest('hex');
+}
+
+function assertSuspendedManifest(state, snapshotKey, expectedSnapshotId) {
+  const suspendedManifest = state.suspended_manifest;
+  const token = state.suspended_manifest_token;
+  if (suspendedManifest === undefined && token === undefined) {
+    return null;
+  }
+  if (
+    typeof suspendedManifest !== 'string' ||
+    suspendedManifest.length === 0 ||
+    typeof token !== 'string' ||
+    token.length === 0
+  ) {
+    throw suspendedManifestError();
+  }
+  const expected = suspendedManifestToken(
+    expectedSnapshotId,
+    suspendedManifest,
+    snapshotKey,
+  );
+  if (
+    token.length !== expected.length ||
+    !crypto.timingSafeEqual(Buffer.from(token, 'utf8'), Buffer.from(expected, 'utf8'))
+  ) {
+    throw suspendedManifestError();
+  }
+  return parseSuspendedManifest(suspendedManifest);
+}
+
 function assertSnapshotToken(
   snapshot,
   token,
   snapshotKey,
   expectedSnapshotId = undefined,
   expectedSnapshotKeyDigest = undefined,
+  actualSnapshotId = undefined,
 ) {
   if (typeof token !== 'string' || token.length === 0) {
     throw new TypeError('Progress.load() requires a dumped progress token');
   }
-  const actualSnapshotId = snapshotIdentity(snapshot);
-  if (expectedSnapshotId !== undefined && actualSnapshotId !== expectedSnapshotId) {
+  const resolvedSnapshotId = actualSnapshotId ?? snapshotIdentity(snapshot);
+  if (expectedSnapshotId !== undefined && resolvedSnapshotId !== expectedSnapshotId) {
     throw new MustardError(
       'Serialization',
       'Progress.load() rejected a tampered or unauthenticated snapshot',
@@ -194,7 +442,7 @@ function assertSnapshotToken(
       'Progress.load() rejected a mismatched snapshot key digest',
     );
   }
-  const expected = snapshotToken(snapshot, snapshotKey, actualSnapshotId);
+  const expected = snapshotToken(snapshot, snapshotKey, resolvedSnapshotId);
   if (
     token.length !== expected.length ||
     !crypto.timingSafeEqual(Buffer.from(token, 'utf8'), Buffer.from(expected, 'utf8'))
@@ -208,17 +456,20 @@ function assertSnapshotToken(
 
 function createExecutionPolicy({ limits = {}, snapshotKey, ...handlers } = {}) {
   const hostHandlers = collectHostHandlers(handlers);
+  const normalizedSnapshotKey = normalizeSnapshotKey(snapshotKey, 'options.snapshotKey');
   return {
     hostHandlers,
     policy: {
       capabilities: Object.keys(hostHandlers),
       limits: encodeRuntimeLimits(limits),
     },
-    snapshotKey: normalizeSnapshotKey(snapshotKey, 'options.snapshotKey'),
+    snapshotKey: normalizedSnapshotKey,
+    snapshotKeyBase64: normalizedSnapshotKey.toString('base64'),
+    snapshotKeyDigest: snapshotKeyDigest(normalizedSnapshotKey),
   };
 }
 
-function resolveProgressLoadContext(state, snapshot, options) {
+function resolveProgressLoadContext(state, snapshot, options, actualSnapshotId = undefined) {
   const expectedSnapshotId =
     typeof state.snapshot_id === 'string' && state.snapshot_id.length > 0
       ? state.snapshot_id
@@ -235,9 +486,30 @@ function resolveProgressLoadContext(state, snapshot, options) {
   }
   if (options === undefined || options === null || typeof options !== 'object') {
     throw new TypeError(
-      'Progress.load() requires explicit capabilities, limits, and snapshotKey',
+      'Progress.load() requires an ExecutionContext or explicit capabilities, limits, and snapshotKey',
     );
   }
+  if (hasOwnProperty(options, 'context')) {
+    const context = options.context;
+    if (!(context instanceof ExecutionContext)) {
+      throw new TypeError('Progress.load() options.context must be an ExecutionContext');
+    }
+    assertNoContextOverrides(options, 'Progress.load() options');
+    const snapshotKeyMetadata = context.snapshotKeyMetadata();
+    assertSnapshotToken(
+      snapshot,
+      state.token,
+      snapshotKeyMetadata.snapshotKey,
+      expectedSnapshotId,
+      expectedSnapshotKeyDigest,
+      actualSnapshotId,
+    );
+    return {
+      policy: context.policy(),
+      nativeContextHandle: context.nativeHandle(),
+      ...snapshotKeyMetadata,
+    };
+  }
   if (
     !hasOwnProperty(options, 'capabilities') &&
     !hasOwnProperty(options, 'console')
@@ -260,33 +532,40 @@ function resolveProgressLoadContext(state, snapshot, options) {
       'Progress.load() requires explicit snapshotKey when restoring progress',
     );
   }
-  const snapshotKey = normalizeSnapshotKey(
-    options.snapshotKey,
-    'Progress.load() options.snapshotKey',
-  );
+  const executionPolicy = createExecutionPolicy({ ...options, limits });
   assertSnapshotToken(
     snapshot,
     state.token,
-    snapshotKey,
+    executionPolicy.snapshotKey,
     expectedSnapshotId,
     expectedSnapshotKeyDigest,
+    actualSnapshotId,
   );
   return {
-    policy: createExecutionPolicy({ ...options, limits }).policy,
-    snapshotKey: cloneSnapshotKey(snapshotKey),
+    policy: executionPolicy.policy,
+    snapshotKey: cloneSnapshotKey(executionPolicy.snapshotKey),
+    snapshotKeyBase64: executionPolicy.snapshotKeyBase64,
+    snapshotKeyDigest: executionPolicy.snapshotKeyDigest,
   };
 }
 
 module.exports = {
+  ExecutionContext,
+  assertSuspendedManifest,
   cloneSnapshotPolicy,
   cloneSnapshotKey,
   collectHostHandlers,
+  createSuspendedManifest,
   createExecutionPolicy,
   encodeRuntimeLimits,
   encodeSnapshotPolicy,
   normalizeSnapshotKey,
+  parseSuspendedManifest,
+  resolveExecutionContext,
   resolveProgressLoadContext,
+  programIdentity,
   snapshotIdentity,
   snapshotKeyDigest,
   snapshotToken,
+  suspendedManifestToken,
 };