runframe 1.0.0

package/dist/benchmark.js

@@ -0,0 +1,216 @@
+/**
+ * Before & After: Real-world comparison
+ * Shows exact performance improvements with numbers
+ */
+import { createSandbox } from "./sandbox.js";
+import { createOptimizedSandbox } from "./optimized-sandbox.js";
+/**
+ * OLD WAY: Create new sandbox each time (unoptimized)
+ */
+async function oldWay_100Requests() {
+    console.log("🐢 OLD WAY: Spawning new worker for each request");
+    const startMem = process.memoryUsage().heapUsed;
+    const startTime = Date.now();
+    const promises = [];
+    // Each creates a new worker
+    for (let i = 0; i < 100; i++) {
+        const sandbox = createSandbox({
+            cpuMs: 5000,
+            memoryMb: 128
+        });
+        promises.push(sandbox.run(`
+        const data = [${Array(10).fill(i).join(",")}];
+        data.map(x => x * Math.PI).reduce((a, b) => a + b, 0);
+      `));
+    }
+    await Promise.allSettled(promises);
+    const duration = Date.now() - startTime;
+    const endMem = process.memoryUsage().heapUsed;
+    console.log(`⏱️  Time: ${duration}ms`);
+    console.log(`💾 Memory: ${((endMem - startMem) / 1024 / 1024).toFixed(2)}MB`);
+    console.log(`📊 Avg time per request: ${(duration / 100).toFixed(2)}ms\n`);
+    return { duration, memory: endMem - startMem };
+}
+/**
+ * NEW WAY: Use optimized sandbox with pooling
+ */
+async function newWay_100Requests() {
+    console.log("🚀 NEW WAY: Optimized with worker pool + caching");
+    const sandbox = createOptimizedSandbox({
+        cpuMs: 5000,
+        memoryMb: 128,
+        poolConfig: {
+            minWorkers: 4,
+            maxWorkers: 16,
+            idleTimeout: 30000,
+            memoryMb: 128
+        },
+        cacheScripts: true
+    });
+    const startMem = process.memoryUsage().heapUsed;
+    const startTime = Date.now();
+    const promises = [];
+    // All reuse the same pool
+    for (let i = 0; i < 100; i++) {
+        promises.push(sandbox.run(`
+        const data = [${Array(10).fill(i).join(",")}];
+        data.map(x => x * Math.PI).reduce((a, b) => a + b, 0);
+      `));
+    }
+    await Promise.allSettled(promises);
+    const duration = Date.now() - startTime;
+    const endMem = process.memoryUsage().heapUsed;
+    console.log(`⏱️  Time: ${duration}ms`);
+    console.log(`💾 Memory: ${((endMem - startMem) / 1024 / 1024).toFixed(2)}MB`);
+    console.log(`📊 Avg time per request: ${(duration / 100).toFixed(2)}ms`);
+    console.log(`📈 Pool stats:`, sandbox.stats().pool);
+    console.log(`🔄 Cache stats:`, sandbox.stats().cache);
+    await sandbox.destroy();
+    return { duration, memory: endMem - startMem };
+}
+/**
+ * Repeated code example
+ */
+async function repeatedCodeBenefit() {
+    console.log("\n\n🔄 SCENARIO: Running same formula 50 times\n");
+    const formula = `
+    const arr = Array(1000).fill(0).map((_, i) => i);
+    arr.filter(x => x % 2 === 0)
+      .map(x => x * Math.PI)
+      .reduce((a, b) => a + b, 0);
+  `;
+    // Old way - recompile each time
+    console.log("📝 Without cache (recompile each time):");
+    const noCacheStart = Date.now();
+    const noCacheSandbox = createOptimizedSandbox({
+        cpuMs: 3000,
+        memoryMb: 64,
+        cacheScripts: false // Disable cache
+    });
+    for (let i = 0; i < 50; i++) {
+        await noCacheSandbox.run(formula);
+    }
+    const noCacheDuration = Date.now() - noCacheStart;
+    console.log(`⏱️  50 runs: ${noCacheDuration}ms (avg: ${(noCacheDuration / 50).toFixed(2)}ms)`);
+    // New way - cache hits
+    console.log("\n📝 With cache (compile once, reuse):");
+    const withCacheStart = Date.now();
+    const withCacheSandbox = createOptimizedSandbox({
+        cpuMs: 3000,
+        memoryMb: 64,
+        cacheScripts: true // Enable cache
+    });
+    for (let i = 0; i < 50; i++) {
+        await withCacheSandbox.run(formula);
+    }
+    const withCacheDuration = Date.now() - withCacheStart;
+    console.log(`⏱️  50 runs: ${withCacheDuration}ms (avg: ${(withCacheDuration / 50).toFixed(2)}ms)`);
+    console.log(`🔄 Cache stats:`, withCacheSandbox.stats().cache);
+    const speedup = noCacheDuration / withCacheDuration;
+    console.log(`\n✨ Speedup: ${speedup.toFixed(1)}x faster with cache!`);
+    await noCacheSandbox.destroy();
+    await withCacheSandbox.destroy();
+}
+/**
+ * Batch vs sequential
+ */
+async function batchVsSequential() {
+    console.log("\n\n📦 SCENARIO: Processing 50 items\n");
+    const items = Array.from({ length: 50 }, (_, i) => ({
+        code: `Array(${10 + i}).fill(0).reduce((a, b) => a + b, 0)`
+    }));
+    // Sequential
+    console.log("🐢 Sequential (1 at a time):");
+    const seqStart = Date.now();
+    const seqSandbox = createOptimizedSandbox({
+        cpuMs: 3000,
+        memoryMb: 64
+    });
+    for (const item of items) {
+        await seqSandbox.run(item.code);
+    }
+    const seqDuration = Date.now() - seqStart;
+    console.log(`⏱️  Time: ${seqDuration}ms (avg: ${(seqDuration / 50).toFixed(2)}ms)`);
+    // Batch with concurrency
+    console.log("\n🚀 Batch (4 concurrent):");
+    const batchStart = Date.now();
+    const batchSandbox = createOptimizedSandbox({
+        cpuMs: 3000,
+        memoryMb: 64,
+        poolConfig: { minWorkers: 2, maxWorkers: 4, idleTimeout: 30000, memoryMb: 64 }
+    });
+    await batchSandbox.batch(items, { concurrency: 4 });
+    const batchDuration = Date.now() - batchStart;
+    console.log(`⏱️  Time: ${batchDuration}ms (avg: ${(batchDuration / 50).toFixed(2)}ms)`);
+    const speedup = seqDuration / batchDuration;
+    console.log(`\n✨ Speedup: ${speedup.toFixed(1)}x faster with batching!`);
+    await seqSandbox.destroy();
+    await batchSandbox.destroy();
+}
+/**
+ * Memory comparison
+ */
+async function memoryComparison() {
+    console.log("\n\n💾 SCENARIO: High-concurrency (100 parallel requests)\n");
+    console.log("Memory usage tracking...");
+    // Unoptimized
+    console.log("\n🐢 WITHOUT optimization:");
+    const unoptStart = process.memoryUsage().heapUsed;
+    const unoptSandbox = createSandbox({
+        cpuMs: 5000,
+        memoryMb: 128
+    });
+    const unoptPromises = Array.from({ length: 100 }, (_, i) => unoptSandbox.run(`Array(${100 + i}).fill(0).reduce((a,b) => a+b, 0)`));
+    await Promise.allSettled(unoptPromises);
+    const unoptEnd = process.memoryUsage().heapUsed;
+    console.log(`💾 Memory delta: ${((unoptEnd - unoptStart) / 1024 / 1024).toFixed(2)}MB`);
+    // Optimized
+    console.log("\n🚀 WITH optimization:");
+    const optStart = process.memoryUsage().heapUsed;
+    const optSandbox = createOptimizedSandbox({
+        cpuMs: 5000,
+        memoryMb: 128,
+        poolConfig: {
+            minWorkers: 4,
+            maxWorkers: 16,
+            idleTimeout: 30000,
+            memoryMb: 128
+        }
+    });
+    const optPromises = Array.from({ length: 100 }, (_, i) => optSandbox.run(`Array(${100 + i}).fill(0).reduce((a,b) => a+b, 0)`));
+    await Promise.allSettled(optPromises);
+    const optEnd = process.memoryUsage().heapUsed;
+    console.log(`💾 Memory delta: ${((optEnd - optStart) / 1024 / 1024).toFixed(2)}MB`);
+    const savings = ((unoptEnd - unoptStart) - (optEnd - optStart)) / (unoptEnd - unoptStart) * 100;
+    console.log(`\n✨ Memory savings: ${savings.toFixed(0)}%`);
+    await optSandbox.destroy();
+}
+/**
+ * Run all comparisons
+ */
+export async function runComparisons() {
+    console.log("═══════════════════════════════════════════════════════════");
+    console.log("🔬 OPTIMIZATION BENCHMARKS");
+    console.log("═══════════════════════════════════════════════════════════\n");
+    console.log("BENCHMARK 1: 100 Concurrent Requests");
+    console.log("───────────────────────────────────────────────────────────");
+    const oldResult = await oldWay_100Requests();
+    const newResult = await newWay_100Requests();
+    const speedup = oldResult.duration / newResult.duration;
+    const memSavings = oldResult.memory - newResult.memory;
+    console.log(`\n📊 IMPROVEMENT:`);
+    console.log(`  ⏱️  Speed: ${speedup.toFixed(1)}x faster`);
+    console.log(`  💾 Memory: ${(memSavings / 1024 / 1024).toFixed(2)}MB saved (${(memSavings / oldResult.memory * 100).toFixed(0)}%)`);
+    // Run other scenarios
+    await repeatedCodeBenefit();
+    await batchVsSequential();
+    await memoryComparison();
+    console.log("\n═══════════════════════════════════════════════════════════");
+    console.log("✅ All benchmarks completed!");
+    console.log("═══════════════════════════════════════════════════════════");
+}
+// Run if executed
+if (import.meta.url === `file://${process.argv[1]}`) {
+    runComparisons().catch(console.error);
+}
+//# sourceMappingURL=benchmark.js.map

package/dist/benchmark.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"benchmark.js","sourceRoot":"","sources":["../src/benchmark.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEhE;;GAEG;AACH,KAAK,UAAU,kBAAkB;IAC/B,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;IAEhE,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC;IAChD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,MAAM,QAAQ,GAAG,EAAE,CAAC;IAEpB,4BAA4B;IAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,aAAa,CAAC;YAC5B,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,GAAG;SACd,CAAC,CAAC;QAEH,QAAQ,CAAC,IAAI,CACX,OAAO,CAAC,GAAG,CAAC;wBACM,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;;OAE5C,CAAC,CACH,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAEnC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IACxC,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC;IAE9C,OAAO,CAAC,GAAG,CAAC,aAAa,QAAQ,IAAI,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,MAAM,GAAG,QAAQ,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,QAAQ,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAE3E,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,GAAG,QAAQ,EAAE,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB;IAC/B,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;IAEhE,MAAM,OAAO,GAAG,sBAAsB,CAAC;QACrC,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE;YACV,UAAU,EAAE,CAAC;YACb,UAAU,EAAE,EAAE;YACd,WAAW,EAAE,KAAK;YAClB,QAAQ,EAAE,GAAG;SACd;QACD,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC;IAChD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,MAAM,QAAQ,GAAG,EAAE,CAAC;IAEpB,0BAA0B;IAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CACX,OAAO,CAAC,GAAG,CAAC;wBACM,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;;OAE5C,CAAC,CACH,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAEnC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IACxC,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC;IAE9C,OAAO,CAAC,GAAG,CAAC,aAAa,QAAQ,IAAI,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,MAAM,GAAG,QAAQ,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,QAAQ,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACzE,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC;IAEtD,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;IAExB,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,GAAG,QAAQ,EAAE,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB;IAChC,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;IAEhE,MAAM,OAAO,GAAG;;;;;GAKf,CAAC;IAEF,gCAAgC;IAChC,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAChC,MAAM,cAAc,GAAG,sBAAsB,CAAC;QAC5C,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,EAAE;QACZ,YAAY,EAAE,KAAK,CAAE,gBAAgB;KACtC,CAAC,CAAC;IAEH,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,MAAM,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,gBAAgB,eAAe,YAAY,CAAC,eAAe,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAE/F,uBAAuB;IACvB,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;IACtD,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAClC,MAAM,gBAAgB,GAAG,sBAAsB,CAAC;QAC9C,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,EAAE;QACZ,YAAY,EAAE,IAAI,CAAE,eAAe;KACpC,CAAC,CAAC;IAEH,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,MAAM,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IACD,MAAM,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,gBAAgB,iBAAiB,YAAY,CAAC,iBAAiB,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACnG,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC;IAE/D,MAAM,OAAO,GAAG,eAAe,GAAG,iBAAiB,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;IAEtE,MAAM,cAAc,CAAC,OAAO,EAAE,CAAC;IAC/B,MAAM,gBAAgB,CAAC,OAAO,EAAE,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB;IAC9B,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;IAEtD,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QAClD,IAAI,EAAE,SAAS,EAAE,GAAG,CAAC,sCAAsC;KAC5D,CAAC,CAAC,CAAC;IAEJ,aAAa;IACb,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC5B,MAAM,UAAU,GAAG,sBAAsB,CAAC;QACxC,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,EAAE;KACb,CAAC,CAAC;IAEH,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,aAAa,WAAW,YAAY,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAEpF,yBAAyB;IACzB,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC9B,MAAM,YAAY,GAAG,sBAAsB,CAAC;QAC1C,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,EAAE;QACZ,UAAU,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE;KAC/E,CAAC,CAAC;IAEH,MAAM,YAAY,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC;IACpD,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,aAAa,aAAa,YAAY,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAExF,MAAM,OAAO,GAAG,WAAW,GAAG,aAAa,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC;IAEzE,MAAM,UAAU,CAAC,OAAO,EAAE,CAAC;IAC3B,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB;IAC7B,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;IAE3E,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAExC,cAAc;IACd,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC;IAClD,MAAM,YAAY,GAAG,aAAa,CAAC;QACjC,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,GAAG;KACd,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACzD,YAAY,CAAC,GAAG,CAAC,SAAS,GAAG,GAAG,CAAC,mCAAmC,CAAC,CACtE,CAAC;IAEF,MAAM,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,QAAQ,GAAG,UAAU,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAExF,YAAY;IACZ,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC;IAChD,MAAM,UAAU,GAAG,sBAAsB,CAAC;QACxC,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE;YACV,UAAU,EAAE,CAAC;YACb,UAAU,EAAE,EAAE;YACd,WAAW,EAAE,KAAK;YAClB,QAAQ,EAAE,GAAG;SACd;KACF,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACvD,UAAU,CAAC,GAAG,CAAC,SAAS,GAAG,GAAG,CAAC,mCAAmC,CAAC,CACpE,CAAC;IAEF,MAAM,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,MAAM,GAAG,QAAQ,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAEpF,MAAM,OAAO,GAAG,CAAC,CAAC,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,QAAQ,CAAC,CAAC,GAAG,CAAC,QAAQ,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC;IAChG,OAAO,CAAC,GAAG,CAAC,uBAAuB,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAE1D,MAAM,UAAU,CAAC,OAAO,EAAE,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;IAE7E,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;IAE3E,MAAM,SAAS,GAAG,MAAM,kBAAkB,EAAE,CAAC;IAC7C,MAAM,SAAS,GAAG,MAAM,kBAAkB,EAAE,CAAC;IAE7C,MAAM,OAAO,GAAG,SAAS,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;IACxD,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;IAEvD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,UAAU,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,GAAG,SAAS,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAEpI,sBAAsB;IACtB,MAAM,mBAAmB,EAAE,CAAC;IAC5B,MAAM,iBAAiB,EAAE,CAAC;IAC1B,MAAM,gBAAgB,EAAE,CAAC;IAEzB,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;AAC7E,CAAC;AAED,kBAAkB;AAClB,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,UAAU,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IACpD,cAAc,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AACxC,CAAC"}

package/dist/capabilities.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Capability membranes: Proxy-based controlled access to APIs
+ * Allows fine-grained restrictions on what sandboxed code can access
+ */
+export type CapabilityName = "console" | "math" | "date" | "json" | "crypto" | "timers";
+export type CapabilityGrant = Record<CapabilityName, boolean>;
+/**
+ * Default: Minimal capabilities
+ * Only safe, read-only, deterministic operations
+ */
+export declare const DEFAULT_CAPABILITIES: CapabilityGrant;
+/**
+ * Strict mode: absolute minimum
+ */
+export declare const STRICT_CAPABILITIES: CapabilityGrant;
+/**
+ * Create a capability grant from user input
+ * Always defaults to denied, must explicitly allow
+ */
+export declare function createCapabilityGrant(requested?: Partial<CapabilityGrant>): CapabilityGrant;
+/**
+ * Create a proxy membrane that guards access to a capability
+ * Throws if capability is not granted
+ */
+export declare function createCapabilityMembrane<T extends object>(target: T, capability: CapabilityName, granted: boolean): T;
+//# sourceMappingURL=capabilities.d.ts.map

package/dist/capabilities.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capabilities.d.ts","sourceRoot":"","sources":["../src/capabilities.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,cAAc,GACtB,SAAS,GACT,MAAM,GACN,MAAM,GACN,MAAM,GACN,QAAQ,GACR,QAAQ,CAAC;AAEb,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;AAE9D;;;GAGG;AACH,eAAO,MAAM,oBAAoB,EAAE,eAOlC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,eAOjC,CAAC;AAEF;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,SAAS,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,GACnC,eAAe,CASjB;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,CAAC,SAAS,MAAM,EACvD,MAAM,EAAE,CAAC,EACT,UAAU,EAAE,cAAc,EAC1B,OAAO,EAAE,OAAO,GACf,CAAC,CAgEH"}

package/dist/capabilities.js

@@ -0,0 +1,110 @@
+/**
+ * Capability membranes: Proxy-based controlled access to APIs
+ * Allows fine-grained restrictions on what sandboxed code can access
+ */
+/**
+ * Default: Minimal capabilities
+ * Only safe, read-only, deterministic operations
+ */
+export const DEFAULT_CAPABILITIES = {
+    console: true, // no-op console (doesn't actually log)
+    math: true, // deterministic Math (no random)
+    date: true, // frozen/deterministic Date
+    json: true, // JSON.parse/stringify
+    crypto: false, // NO crypto by default (expensive, leaks timing)
+    timers: false // NO timers (no setTimeout/setInterval)
+};
+/**
+ * Strict mode: absolute minimum
+ */
+export const STRICT_CAPABILITIES = {
+    console: false,
+    math: true,
+    date: false,
+    json: false,
+    crypto: false,
+    timers: false
+};
+/**
+ * Create a capability grant from user input
+ * Always defaults to denied, must explicitly allow
+ */
+export function createCapabilityGrant(requested) {
+    return {
+        console: requested?.console ?? DEFAULT_CAPABILITIES.console,
+        math: requested?.math ?? DEFAULT_CAPABILITIES.math,
+        date: requested?.date ?? DEFAULT_CAPABILITIES.date,
+        json: requested?.json ?? DEFAULT_CAPABILITIES.json,
+        crypto: requested?.crypto ?? DEFAULT_CAPABILITIES.crypto,
+        timers: requested?.timers ?? DEFAULT_CAPABILITIES.timers
+    };
+}
+/**
+ * Create a proxy membrane that guards access to a capability
+ * Throws if capability is not granted
+ */
+export function createCapabilityMembrane(target, capability, granted) {
+    if (!granted) {
+        return new Proxy(target, {
+            get() {
+                throw new Error(`Capability '${capability}' is not granted`);
+            },
+            set() {
+                throw new Error(`Capability '${capability}' is not granted`);
+            },
+            has() {
+                throw new Error(`Capability '${capability}' is not granted`);
+            },
+            ownKeys() {
+                throw new Error(`Capability '${capability}' is not granted`);
+            },
+            getOwnPropertyDescriptor() {
+                throw new Error(`Capability '${capability}' is not granted`);
+            },
+            defineProperty() {
+                throw new Error(`Capability '${capability}' is not granted`);
+            },
+            deleteProperty() {
+                throw new Error(`Capability '${capability}' is not granted`);
+            },
+            getPrototypeOf() {
+                throw new Error(`Capability '${capability}' is not granted`);
+            },
+            setPrototypeOf() {
+                throw new Error(`Capability '${capability}' is not granted`);
+            },
+            isExtensible() {
+                throw new Error(`Capability '${capability}' is not granted`);
+            },
+            preventExtensions() {
+                throw new Error(`Capability '${capability}' is not granted`);
+            },
+            apply() {
+                throw new Error(`Capability '${capability}' is not granted`);
+            },
+            construct() {
+                throw new Error(`Capability '${capability}' is not granted`);
+            }
+        });
+    }
+    // If granted, return a safer proxy that prevents dangerous mutations
+    return new Proxy(target, {
+        set: () => {
+            // Prevent reassignment
+            return false;
+        },
+        deleteProperty: () => {
+            return false;
+        },
+        setPrototypeOf: () => {
+            return false;
+        },
+        defineProperty: () => {
+            return false;
+        },
+        preventExtensions: () => {
+            return false;
+        }
+    });
+}
+//# sourceMappingURL=capabilities.js.map

package/dist/capabilities.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"capabilities.js","sourceRoot":"","sources":["../src/capabilities.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAYH;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAoB;IACnD,OAAO,EAAE,IAAI,EAAI,uCAAuC;IACxD,IAAI,EAAE,IAAI,EAAO,iCAAiC;IAClD,IAAI,EAAE,IAAI,EAAO,4BAA4B;IAC7C,IAAI,EAAE,IAAI,EAAO,uBAAuB;IACxC,MAAM,EAAE,KAAK,EAAI,iDAAiD;IAClE,MAAM,EAAE,KAAK,CAAI,wCAAwC;CAC1D,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAoB;IAClD,OAAO,EAAE,KAAK;IACd,IAAI,EAAE,IAAI;IACV,IAAI,EAAE,KAAK;IACX,IAAI,EAAE,KAAK;IACX,MAAM,EAAE,KAAK;IACb,MAAM,EAAE,KAAK;CACd,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,SAAoC;IAEpC,OAAO;QACL,OAAO,EAAE,SAAS,EAAE,OAAO,IAAI,oBAAoB,CAAC,OAAO;QAC3D,IAAI,EAAE,SAAS,EAAE,IAAI,IAAI,oBAAoB,CAAC,IAAI;QAClD,IAAI,EAAE,SAAS,EAAE,IAAI,IAAI,oBAAoB,CAAC,IAAI;QAClD,IAAI,EAAE,SAAS,EAAE,IAAI,IAAI,oBAAoB,CAAC,IAAI;QAClD,MAAM,EAAE,SAAS,EAAE,MAAM,IAAI,oBAAoB,CAAC,MAAM;QACxD,MAAM,EAAE,SAAS,EAAE,MAAM,IAAI,oBAAoB,CAAC,MAAM;KACzD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CACtC,MAAS,EACT,UAA0B,EAC1B,OAAgB;IAEhB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE;YACvB,GAAG;gBACD,MAAM,IAAI,KAAK,CAAC,eAAe,UAAU,kBAAkB,CAAC,CAAC;YAC/D,CAAC;YACD,GAAG;gBACD,MAAM,IAAI,KAAK,CAAC,eAAe,UAAU,kBAAkB,CAAC,CAAC;YAC/D,CAAC;YACD,GAAG;gBACD,MAAM,IAAI,KAAK,CAAC,eAAe,UAAU,kBAAkB,CAAC,CAAC;YAC/D,CAAC;YACD,OAAO;gBACL,MAAM,IAAI,KAAK,CAAC,eAAe,UAAU,kBAAkB,CAAC,CAAC;YAC/D,CAAC;YACD,wBAAwB;gBACtB,MAAM,IAAI,KAAK,CAAC,eAAe,UAAU,kBAAkB,CAAC,CAAC;YAC/D,CAAC;YACD,cAAc;gBACZ,MAAM,IAAI,KAAK,CAAC,eAAe,UAAU,kBAAkB,CAAC,CAAC;YAC/D,CAAC;YACD,cAAc;gBACZ,MAAM,IAAI,KAAK,CAAC,eAAe,UAAU,kBAAkB,CAAC,CAAC;YAC/D,CAAC;YACD,cAAc;gBACZ,MAAM,IAAI,KAAK,CAAC,eAAe,UAAU,kBAAkB,CAAC,CAAC;YAC/D,CAAC;YACD,cAAc;gBACZ,MAAM,IAAI,KAAK,CAAC,eAAe,UAAU,kBAAkB,CAAC,CAAC;YAC/D,CAAC;YACD,YAAY;gBACV,MAAM,IAAI,KAAK,CAAC,eAAe,UAAU,kBAAkB,CAAC,CAAC;YAC/D,CAAC;YACD,iBAAiB;gBACf,MAAM,IAAI,KAAK,CAAC,eAAe,UAAU,kBAAkB,CAAC,CAAC;YAC/D,CAAC;YACD,KAAK;gBACH,MAAM,IAAI,KAAK,CAAC,eAAe,UAAU,kBAAkB,CAAC,CAAC;YAC/D,CAAC;YACD,SAAS;gBACP,MAAM,IAAI,KAAK,CAAC,eAAe,UAAU,kBAAkB,CAAC,CAAC;YAC/D,CAAC;SACF,CAAM,CAAC;IACV,CAAC;IAED,qEAAqE;IACrE,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE;QACvB,GAAG,EAAE,GAAG,EAAE;YACR,uBAAuB;YACvB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,cAAc,EAAE,GAAG,EAAE;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,cAAc,EAAE,GAAG,EAAE;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,cAAc,EAAE,GAAG,EAAE;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,iBAAiB,EAAE,GAAG,EAAE;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAM,CAAC;AACV,CAAC"}

package/dist/deterministic.d.ts

@@ -0,0 +1,81 @@
+/**
+ * Deterministic globals for sandboxed code
+ * - Date: Always returns fixed timestamp
+ * - Math: Safe, no random (unless explicitly seeded)
+ * - JSON: Safe parse/stringify
+ */
+/**
+ * Deterministic date: frozen to a specific moment
+ * Prevents timing attacks and makes execution reproducible
+ */
+export declare class DeterministicDate {
+    private static FIXED_TIMESTAMP;
+    static now(): number;
+    constructor(dateString?: string);
+    constructor(year: number, month: number, date?: number, ...rest: number[]);
+    getTime(): number;
+    valueOf(): number;
+    toString(): string;
+    toISOString(): string;
+    toJSON(): string;
+    [Symbol.toPrimitive](hint: string): string | number;
+}
+/**
+ * Seeded pseudo-random number generator
+ * For reproducible, deterministic randomness
+ */
+export declare class SeededRandom {
+    private seed;
+    constructor(seed?: number);
+    /**
+     * Xorshift32 algorithm - fast, deterministic
+     */
+    next(): number;
+    /**
+     * Reset the seed
+     */
+    setSeed(seed: number): void;
+}
+/**
+ * Deterministic Math object (no true random)
+ */
+export declare const DeterministicMath: {
+    abs: (x: number) => number;
+    acos: (x: number) => number;
+    asin: (x: number) => number;
+    atan: (x: number) => number;
+    atan2: (y: number, x: number) => number;
+    ceil: (x: number) => number;
+    cos: (x: number) => number;
+    exp: (x: number) => number;
+    floor: (x: number) => number;
+    log: (x: number) => number;
+    max: (...values: number[]) => number;
+    min: (...values: number[]) => number;
+    pow: (x: number, y: number) => number;
+    round: (x: number) => number;
+    sin: (x: number) => number;
+    sqrt: (x: number) => number;
+    tan: (x: number) => number;
+    E: number;
+    LN2: number;
+    LN10: number;
+    LOG2E: number;
+    LOG10E: number;
+    PI: number;
+    SQRT1_2: number;
+    SQRT2: number;
+    random: () => number;
+};
+/**
+ * Safe JSON with circular reference protection
+ */
+export declare const SafeJSON: {
+    parse(text: string, reviver?: (key: string, value: unknown) => unknown): unknown;
+    stringify(value: unknown, replacer?: (key: string, value: unknown) => unknown | (string | number)[] | null, space?: string | number): string;
+};
+/**
+ * Create a deterministic global scope with safe APIs
+ */
+export declare function createDeterministicGlobals(seed?: number): Record<string, unknown>;
+//# sourceMappingURL=deterministic.d.ts.map

package/dist/deterministic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deterministic.d.ts","sourceRoot":"","sources":["../src/deterministic.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAC,eAAe,CAAiB;IAE/C,MAAM,CAAC,GAAG,IAAI,MAAM;gBAIR,UAAU,CAAC,EAAE,MAAM;gBACnB,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE;IAQzE,OAAO,IAAI,MAAM;IAIjB,OAAO,IAAI,MAAM;IAIjB,QAAQ,IAAI,MAAM;IAIlB,WAAW,IAAI,MAAM;IAIrB,MAAM,IAAI,MAAM;IAKhB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM;CAKpD;AAED;;;GAGG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,IAAI,CAAS;gBAET,IAAI,GAAE,MAAc;IAIhC;;OAEG;IACH,IAAI,IAAI,MAAM;IAOd;;OAEG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;CAG5B;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;YA2BI,MAAM,MAAM;CAC7C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,QAAQ;gBACP,MAAM,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,KAAK,OAAO,GAAG,OAAO;qBASvE,OAAO,aACH,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,KAAK,OAAO,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,GAAG,IAAI,UACxE,MAAM,GAAG,MAAM,GACtB,MAAM;CAOV,CAAC;AAEF;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CASjF"}

package/dist/deterministic.js

@@ -0,0 +1,135 @@
+/**
+ * Deterministic globals for sandboxed code
+ * - Date: Always returns fixed timestamp
+ * - Math: Safe, no random (unless explicitly seeded)
+ * - JSON: Safe parse/stringify
+ */
+/**
+ * Deterministic date: frozen to a specific moment
+ * Prevents timing attacks and makes execution reproducible
+ */
+export class DeterministicDate {
+    static now() {
+        return DeterministicDate.FIXED_TIMESTAMP;
+    }
+    constructor(...args) {
+        // Stub - just prevent actual Date operations
+        if (args.length === 0) {
+            // new Date() -> fixed time
+        }
+    }
+    getTime() {
+        return DeterministicDate.FIXED_TIMESTAMP;
+    }
+    valueOf() {
+        return DeterministicDate.FIXED_TIMESTAMP;
+    }
+    toString() {
+        return new Date(DeterministicDate.FIXED_TIMESTAMP).toString();
+    }
+    toISOString() {
+        return new Date(DeterministicDate.FIXED_TIMESTAMP).toISOString();
+    }
+    toJSON() {
+        return new Date(DeterministicDate.FIXED_TIMESTAMP).toJSON();
+    }
+    // Stub the rest to prevent side effects
+    [Symbol.toPrimitive](hint) {
+        if (hint === "number")
+            return DeterministicDate.FIXED_TIMESTAMP;
+        if (hint === "string")
+            return this.toString();
+        return DeterministicDate.FIXED_TIMESTAMP;
+    }
+}
+DeterministicDate.FIXED_TIMESTAMP = 1609459200000; // 2021-01-01T00:00:00Z
+/**
+ * Seeded pseudo-random number generator
+ * For reproducible, deterministic randomness
+ */
+export class SeededRandom {
+    constructor(seed = 12345) {
+        this.seed = seed >>> 0; // Ensure 32-bit unsigned
+    }
+    /**
+     * Xorshift32 algorithm - fast, deterministic
+     */
+    next() {
+        this.seed ^= this.seed << 13;
+        this.seed ^= this.seed >> 17;
+        this.seed ^= this.seed << 5;
+        return (this.seed >>> 0) / 4294967296; // Normalize to [0, 1)
+    }
+    /**
+     * Reset the seed
+     */
+    setSeed(seed) {
+        this.seed = seed >>> 0;
+    }
+}
+/**
+ * Deterministic Math object (no true random)
+ */
+export const DeterministicMath = {
+    abs: Math.abs,
+    acos: Math.acos,
+    asin: Math.asin,
+    atan: Math.atan,
+    atan2: Math.atan2,
+    ceil: Math.ceil,
+    cos: Math.cos,
+    exp: Math.exp,
+    floor: Math.floor,
+    log: Math.log,
+    max: Math.max,
+    min: Math.min,
+    pow: Math.pow,
+    round: Math.round,
+    sin: Math.sin,
+    sqrt: Math.sqrt,
+    tan: Math.tan,
+    E: Math.E,
+    LN2: Math.LN2,
+    LN10: Math.LN10,
+    LOG2E: Math.LOG2E,
+    LOG10E: Math.LOG10E,
+    PI: Math.PI,
+    SQRT1_2: Math.SQRT1_2,
+    SQRT2: Math.SQRT2,
+    // NO Math.random! Prevents timing leaks and non-determinism
+    random: undefined
+};
+/**
+ * Safe JSON with circular reference protection
+ */
+export const SafeJSON = {
+    parse(text, reviver) {
+        try {
+            return JSON.parse(text, reviver);
+        }
+        catch (err) {
+            throw new SyntaxError(`Invalid JSON: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    },
+    stringify(value, replacer, space) {
+        try {
+            return JSON.stringify(value, replacer, space);
+        }
+        catch (err) {
+            throw new TypeError(`Cannot stringify: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+};
+/**
+ * Create a deterministic global scope with safe APIs
+ */
+export function createDeterministicGlobals(seed) {
+    const random = new SeededRandom(seed);
+    return {
+        Date: DeterministicDate,
+        Math: DeterministicMath,
+        JSON: SafeJSON,
+        Math_random: () => random.next() // If seed is provided, code can use Math_random
+    };
+}
+//# sourceMappingURL=deterministic.js.map

package/dist/deterministic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deterministic.js","sourceRoot":"","sources":["../src/deterministic.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AACH,MAAM,OAAO,iBAAiB;IAG5B,MAAM,CAAC,GAAG;QACR,OAAO,iBAAiB,CAAC,eAAe,CAAC;IAC3C,CAAC;IAID,YAAY,GAAG,IAAW;QACxB,6CAA6C;QAC7C,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,2BAA2B;QAC7B,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,iBAAiB,CAAC,eAAe,CAAC;IAC3C,CAAC;IAED,OAAO;QACL,OAAO,iBAAiB,CAAC,eAAe,CAAC;IAC3C,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC,QAAQ,EAAE,CAAC;IAChE,CAAC;IAED,WAAW;QACT,OAAO,IAAI,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;IACnE,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,CAAC;IAC9D,CAAC;IAED,wCAAwC;IACxC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAY;QAC/B,IAAI,IAAI,KAAK,QAAQ;YAAE,OAAO,iBAAiB,CAAC,eAAe,CAAC;QAChE,IAAI,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC9C,OAAO,iBAAiB,CAAC,eAAe,CAAC;IAC3C,CAAC;;AAxCc,iCAAe,GAAG,aAAa,CAAC,CAAC,uBAAuB;AA2CzE;;;GAGG;AACH,MAAM,OAAO,YAAY;IAGvB,YAAY,OAAe,KAAK;QAC9B,IAAI,CAAC,IAAI,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,yBAAyB;IACnD,CAAC;IAED;;OAEG;IACH,IAAI;QACF,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,sBAAsB;IAC/D,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,IAAY;QAClB,IAAI,CAAC,IAAI,GAAG,IAAI,KAAK,CAAC,CAAC;IACzB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,GAAG,EAAE,IAAI,CAAC,GAAG;IACb,IAAI,EAAE,IAAI,CAAC,IAAI;IACf,IAAI,EAAE,IAAI,CAAC,IAAI;IACf,IAAI,EAAE,IAAI,CAAC,IAAI;IACf,KAAK,EAAE,IAAI,CAAC,KAAK;IACjB,IAAI,EAAE,IAAI,CAAC,IAAI;IACf,GAAG,EAAE,IAAI,CAAC,GAAG;IACb,GAAG,EAAE,IAAI,CAAC,GAAG;IACb,KAAK,EAAE,IAAI,CAAC,KAAK;IACjB,GAAG,EAAE,IAAI,CAAC,GAAG;IACb,GAAG,EAAE,IAAI,CAAC,GAAG;IACb,GAAG,EAAE,IAAI,CAAC,GAAG;IACb,GAAG,EAAE,IAAI,CAAC,GAAG;IACb,KAAK,EAAE,IAAI,CAAC,KAAK;IACjB,GAAG,EAAE,IAAI,CAAC,GAAG;IACb,IAAI,EAAE,IAAI,CAAC,IAAI;IACf,GAAG,EAAE,IAAI,CAAC,GAAG;IACb,CAAC,EAAE,IAAI,CAAC,CAAC;IACT,GAAG,EAAE,IAAI,CAAC,GAAG;IACb,IAAI,EAAE,IAAI,CAAC,IAAI;IACf,KAAK,EAAE,IAAI,CAAC,KAAK;IACjB,MAAM,EAAE,IAAI,CAAC,MAAM;IACnB,EAAE,EAAE,IAAI,CAAC,EAAE;IACX,OAAO,EAAE,IAAI,CAAC,OAAO;IACrB,KAAK,EAAE,IAAI,CAAC,KAAK;IACjB,4DAA4D;IAC5D,MAAM,EAAE,SAAoC;CAC7C,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAG;IACtB,KAAK,CAAC,IAAY,EAAE,OAAkD;QACpE,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,iBAAiB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC7F,CAAC;IACH,CAAC;IAED,SAAS,CACP,KAAc,EACd,QAAgF,EAChF,KAAuB;QAEvB,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,QAAgD,EAAE,KAAK,CAAC,CAAC;QACxF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,SAAS,CAAC,qBAAqB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,0BAA0B,CAAC,IAAa;IACtD,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC;IAEtC,OAAO;QACL,IAAI,EAAE,iBAAiB;QACvB,IAAI,EAAE,iBAAiB;QACvB,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,gDAAgD;KAClF,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,17 @@
+/**
+ * nodebox - High-performance JavaScript sandbox
+ * @module nodebox
+ */
+export { createSandbox } from './sandbox.js';
+export type { SandboxOptions, SandboxMessage } from './sandbox.js';
+export { freezeIntrinsics, createSandboxScope, runInSandbox } from './vm-runtime.js';
+export type { SandboxRuntimeOptions } from './vm-runtime.js';
+export { STRICT_LIMITS, DEFAULT_LIMITS, RELAXED_LIMITS } from './limits.js';
+export type { ResourceLimits } from './limits.js';
+export { createCapabilityMembrane, DEFAULT_CAPABILITIES, STRICT_CAPABILITIES } from './capabilities.js';
+export type { CapabilityGrant } from './capabilities.js';
+export { DeterministicDate, DeterministicMath, SeededRandom, SafeJSON } from './deterministic.js';
+export { StatsCollector } from './stats.js';
+export type { ExecutionStats } from './stats.js';
+export { PromiseTracker, createPromiseInterceptor } from './async.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAEnE,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACb,MAAM,iBAAiB,CAAC;AACzB,YAAY,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAE7D,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC5E,YAAY,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEzD,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAElG,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,YAAY,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD,OAAO,EAAE,cAAc,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,12 @@
+/**
+ * nodebox - High-performance JavaScript sandbox
+ * @module nodebox
+ */
+export { createSandbox } from './sandbox.js';
+export { freezeIntrinsics, createSandboxScope, runInSandbox } from './vm-runtime.js';
+export { STRICT_LIMITS, DEFAULT_LIMITS, RELAXED_LIMITS } from './limits.js';
+export { createCapabilityMembrane, DEFAULT_CAPABILITIES, STRICT_CAPABILITIES } from './capabilities.js';
+export { DeterministicDate, DeterministicMath, SeededRandom, SafeJSON } from './deterministic.js';
+export { StatsCollector } from './stats.js';
+export { PromiseTracker, createPromiseInterceptor } from './async.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAG7C,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACb,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG5E,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAElG,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAG5C,OAAO,EAAE,cAAc,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC"}