npm - replicas-engine - Versions diffs - 0.1.261 → 0.1.262 - Mend

replicas-engine 0.1.261 → 0.1.262

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/src/index.js +2 -2
package/package.json +3 -2
package/scripts/engine-watchdog.sh +21 -1
package/scripts/lockmem.c +19 -0

package/dist/src/index.js CHANGED Viewed

@@ -286,7 +286,7 @@ var WORKSPACE_SIZES = ["small", "large"];
 var INVALID_WORKSPACE_SIZE_ERROR = `Invalid size: must be one of ${WORKSPACE_SIZES.join(", ")}`;
 // ../shared/src/e2b.ts
-var E2B_TEMPLATE_NAME = "replicas-sandbox-2026-06-04-v3";
+var E2B_TEMPLATE_NAME = "replicas-sandbox-2026-06-04-v4";
 // ../shared/src/runtime-env.ts
 function parsePosixEnvFile(content) {
@@ -6373,7 +6373,7 @@ var AspClient = class {
 // src/managers/codex-asp/app-server-process.ts
 var DEFAULT_CODEX_BINARY = "codex";
 var DEFAULT_CODEX_ARGS = ["app-server", "--listen", "stdio://"];
-var ENGINE_PACKAGE_VERSION = "0.1.261";
+var ENGINE_PACKAGE_VERSION = "0.1.262";
 var INITIALIZE_METHOD = "initialize";
 var INITIALIZED_NOTIFICATION = "initialized";
 var ACCOUNT_LOGIN_START_METHOD = "account/login/start";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "replicas-engine",
-  "version": "0.1.261",
+  "version": "0.1.262",
   "description": "Lightweight API server for Replicas workspaces",
   "type": "module",
   "main": "dist/src/index.js",
@@ -10,7 +10,8 @@
   },
   "files": [
     "dist",
-    "scripts/engine-watchdog.sh"
+    "scripts/engine-watchdog.sh",
+    "scripts/lockmem.c"
   ],
   "scripts": {
     "dev": "tsx watch src/index.ts",

package/scripts/engine-watchdog.sh CHANGED Viewed

@@ -32,6 +32,22 @@ cleanup() {
 trap cleanup SIGTERM SIGINT
+# Default RLIMIT_MEMLOCK is 8 MB; engine needs ~120 MB. Cap at 512 MB so a
+# runaway can't lock the whole sandbox.
+sudo prlimit --memlock=536870912:536870912 --pid $$ 2>/dev/null || true
+LOCKMEM_SO=/usr/local/lib/replicas-lockmem.so
+if [ -r "$LOCKMEM_SO" ]; then
+  # Prepend (don't replace) so any inherited LD_PRELOAD still loads.
+  if [ -n "${LD_PRELOAD:-}" ]; then
+    ENGINE_LD_PRELOAD="$LOCKMEM_SO:$LD_PRELOAD"
+  else
+    ENGINE_LD_PRELOAD="$LOCKMEM_SO"
+  fi
+else
+  ENGINE_LD_PRELOAD=""
+fi
 while true; do
   if [ "$RESTART_COUNT" -ge "$MAX_RESTARTS" ]; then
     log "Exceeded max restarts ($MAX_RESTARTS). Giving up."
@@ -42,7 +58,11 @@ while true; do
   log "Starting replicas-engine (attempt $((RESTART_COUNT + 1)))${WARMING_FLAG:+ [warming mode]}"
   START_TIME=$(date +%s)
-  replicas-engine $WARMING_FLAG >> "$BOOTSTRAP_LOG" 2>&1 &
+  if [ -n "$ENGINE_LD_PRELOAD" ]; then
+    LD_PRELOAD="$ENGINE_LD_PRELOAD" replicas-engine $WARMING_FLAG >> "$BOOTSTRAP_LOG" 2>&1 &
+  else
+    replicas-engine $WARMING_FLAG >> "$BOOTSTRAP_LOG" 2>&1 &
+  fi
   ENGINE_PID=$!
   echo "$ENGINE_PID" > "$PIDFILE"

package/scripts/lockmem.c ADDED Viewed

@@ -0,0 +1,19 @@
+// MCL_FUTURE is incompatible with V8 (crashes Isolate::Initialize because V8
+// remaps heap regions); MCL_CURRENT is enough since the sandbox has no swap so
+// anonymous heap pages are already pinned.
+#define _GNU_SOURCE
+#include <sys/mman.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+__attribute__((constructor))
+static void replicas_lockmem_init(void) {
+  if (mlockall(MCL_CURRENT) != 0) {
+    fprintf(stderr, "[lockmem] mlockall(MCL_CURRENT) failed: %s (errno=%d); engine running unprotected\n",
+            strerror(errno), errno);
+    return;
+  }
+  fprintf(stderr, "[lockmem] engine pages locked (pid=%d)\n", getpid());
+}