secure-exec 0.0.1 → 0.1.0-rc.1

package/dist/index.d.ts

@@ -0,0 +1,15 @@
+export { NodeRuntime } from "./runtime.js";
+export type { NodeRuntimeOptions } from "./runtime.js";
+export type { ResourceBudgets } from "./runtime-driver.js";
+export { PythonRuntime } from "./python-runtime.js";
+export type { PythonRuntimeOptions } from "./python-runtime.js";
+export type { CommandExecutor, NodeRuntimeDriver, NodeRuntimeDriverFactory, NetworkAdapter, Permissions, PythonRuntimeDriver, PythonRuntimeDriverFactory, RuntimeDriver, RuntimeDriverFactory, SharedRuntimeDriver, SystemDriver, VirtualFileSystem, } from "./types.js";
+export type { DirEntry, StatInfo } from "./fs-helpers.js";
+export type { StdioChannel, StdioEvent, StdioHook, ExecOptions, ExecResult, OSConfig, PythonRunOptions, PythonRunResult, ProcessConfig, RunResult, TimingMitigation, } from "./shared/api-types.js";
+export { createDefaultNetworkAdapter, createNodeDriver, createNodeRuntimeDriverFactory, NodeExecutionDriver, NodeFileSystem, } from "@secure-exec/node";
+export type { ModuleAccessOptions, NodeRuntimeDriverFactoryOptions, } from "@secure-exec/node";
+export { createPyodideRuntimeDriverFactory, PyodideRuntimeDriver, } from "@secure-exec/python";
+export { createBrowserDriver, createBrowserNetworkAdapter, createBrowserRuntimeDriverFactory, createOpfsFileSystem, } from "@secure-exec/browser";
+export type { BrowserDriverOptions, BrowserRuntimeDriverFactoryOptions, BrowserRuntimeSystemOptions, } from "@secure-exec/browser";
+export { createInMemoryFileSystem } from "./shared/in-memory-fs.js";
+export { allowAll, allowAllChildProcess, allowAllEnv, allowAllFs, allowAllNetwork, } from "./shared/permissions.js";

package/dist/index.js

@@ -0,0 +1,11 @@
+// Re-export core runtime surface.
+export { NodeRuntime } from "./runtime.js";
+export { PythonRuntime } from "./python-runtime.js";
+// Re-export Node driver factories.
+export { createDefaultNetworkAdapter, createNodeDriver, createNodeRuntimeDriverFactory, NodeExecutionDriver, NodeFileSystem, } from "@secure-exec/node";
+// Re-export Python runtime-driver factories.
+export { createPyodideRuntimeDriverFactory, PyodideRuntimeDriver, } from "@secure-exec/python";
+// Re-export browser driver factories.
+export { createBrowserDriver, createBrowserNetworkAdapter, createBrowserRuntimeDriverFactory, createOpfsFileSystem, } from "@secure-exec/browser";
+export { createInMemoryFileSystem } from "./shared/in-memory-fs.js";
+export { allowAll, allowAllChildProcess, allowAllEnv, allowAllFs, allowAllNetwork, } from "./shared/permissions.js";

package/dist/isolate-runtime/apply-custom-global-policy.js

@@ -0,0 +1,54 @@
+"use strict";
+(() => {
+  // isolate-runtime/src/common/global-access.ts
+  function hasOwnGlobal(name) {
+    return Object.prototype.hasOwnProperty.call(globalThis, name);
+  }
+  function getGlobalValue(name) {
+    return Reflect.get(globalThis, name);
+  }
+
+  // isolate-runtime/src/common/global-exposure.ts
+  function defineRuntimeGlobalBinding(name, value, mutable) {
+    Object.defineProperty(globalThis, name, {
+      value,
+      writable: mutable,
+      configurable: mutable,
+      enumerable: true
+    });
+  }
+  function createRuntimeGlobalExposer(mutable) {
+    return (name, value) => {
+      defineRuntimeGlobalBinding(name, value, mutable);
+    };
+  }
+  function getRuntimeExposeCustomGlobal() {
+    if (typeof globalThis.__runtimeExposeCustomGlobal === "function") {
+      return globalThis.__runtimeExposeCustomGlobal;
+    }
+    return createRuntimeGlobalExposer(false);
+  }
+  function getRuntimeExposeMutableGlobal() {
+    if (typeof globalThis.__runtimeExposeMutableGlobal === "function") {
+      return globalThis.__runtimeExposeMutableGlobal;
+    }
+    return createRuntimeGlobalExposer(true);
+  }
+
+  // isolate-runtime/src/inject/apply-custom-global-policy.ts
+  var __runtimeExposeCustomGlobal = getRuntimeExposeCustomGlobal();
+  var __runtimeExposeMutableGlobal = getRuntimeExposeMutableGlobal();
+  var __globalPolicy = globalThis.__runtimeCustomGlobalPolicy ?? {};
+  var __hardenedGlobals = Array.isArray(__globalPolicy.hardenedGlobals) ? __globalPolicy.hardenedGlobals : [];
+  var __mutableGlobals = Array.isArray(__globalPolicy.mutableGlobals) ? __globalPolicy.mutableGlobals : [];
+  for (const globalName of __hardenedGlobals) {
+    if (hasOwnGlobal(globalName)) {
+      __runtimeExposeCustomGlobal(globalName, getGlobalValue(globalName));
+    }
+  }
+  for (const globalName of __mutableGlobals) {
+    if (hasOwnGlobal(globalName)) {
+      __runtimeExposeMutableGlobal(globalName, getGlobalValue(globalName));
+    }
+  }
+})();

package/dist/isolate-runtime/apply-timing-mitigation-freeze.js

@@ -0,0 +1,44 @@
+"use strict";
+(() => {
+  // isolate-runtime/src/common/global-access.ts
+  function setGlobalValue(name, value) {
+    Reflect.set(globalThis, name, value);
+  }
+
+  // isolate-runtime/src/inject/apply-timing-mitigation-freeze.ts
+  var __timingConfig = globalThis.__runtimeTimingMitigationConfig ?? {};
+  var __frozenTimeMs = typeof __timingConfig.frozenTimeMs === "number" && Number.isFinite(__timingConfig.frozenTimeMs) ? __timingConfig.frozenTimeMs : Date.now();
+  var __frozenDateNow = () => __frozenTimeMs;
+  try {
+    Object.defineProperty(Date, "now", {
+      value: __frozenDateNow,
+      configurable: true,
+      writable: true
+    });
+  } catch {
+    Date.now = __frozenDateNow;
+  }
+  var __frozenPerformanceNow = () => 0;
+  var __performance = globalThis.performance;
+  if (typeof __performance !== "undefined" && __performance !== null) {
+    try {
+      Object.defineProperty(__performance, "now", {
+        value: __frozenPerformanceNow,
+        configurable: true,
+        writable: true
+      });
+    } catch {
+      try {
+        Object.assign(__performance, { now: __frozenPerformanceNow });
+      } catch {
+      }
+    }
+  } else {
+    setGlobalValue("performance", {
+      now: __frozenPerformanceNow
+    });
+  }
+  if (!Reflect.deleteProperty(globalThis, "SharedArrayBuffer")) {
+    setGlobalValue("SharedArrayBuffer", void 0);
+  }
+})();

package/dist/isolate-runtime/apply-timing-mitigation-off.js

@@ -0,0 +1,14 @@
+"use strict";
+(() => {
+  // isolate-runtime/src/common/global-access.ts
+  function setGlobalValue(name, value) {
+    Reflect.set(globalThis, name, value);
+  }
+
+  // isolate-runtime/src/inject/apply-timing-mitigation-off.ts
+  if (typeof globalThis.performance === "undefined" || globalThis.performance === null) {
+    setGlobalValue("performance", {
+      now: () => Date.now()
+    });
+  }
+})();

package/dist/isolate-runtime/bridge-attach.js

@@ -0,0 +1,29 @@
+"use strict";
+(() => {
+  // isolate-runtime/src/common/global-exposure.ts
+  function defineRuntimeGlobalBinding(name, value, mutable) {
+    Object.defineProperty(globalThis, name, {
+      value,
+      writable: mutable,
+      configurable: mutable,
+      enumerable: true
+    });
+  }
+  function createRuntimeGlobalExposer(mutable) {
+    return (name, value) => {
+      defineRuntimeGlobalBinding(name, value, mutable);
+    };
+  }
+  function getRuntimeExposeCustomGlobal() {
+    if (typeof globalThis.__runtimeExposeCustomGlobal === "function") {
+      return globalThis.__runtimeExposeCustomGlobal;
+    }
+    return createRuntimeGlobalExposer(false);
+  }
+
+  // isolate-runtime/src/inject/bridge-attach.ts
+  var __runtimeExposeCustomGlobal = getRuntimeExposeCustomGlobal();
+  if (typeof globalThis.bridge !== "undefined") {
+    __runtimeExposeCustomGlobal("bridge", globalThis.bridge);
+  }
+})();

package/dist/isolate-runtime/bridge-initial-globals.js

@@ -0,0 +1,78 @@
+"use strict";
+(() => {
+  // isolate-runtime/src/common/global-exposure.ts
+  function defineRuntimeGlobalBinding(name, value, mutable) {
+    Object.defineProperty(globalThis, name, {
+      value,
+      writable: mutable,
+      configurable: mutable,
+      enumerable: true
+    });
+  }
+  function createRuntimeGlobalExposer(mutable) {
+    return (name, value) => {
+      defineRuntimeGlobalBinding(name, value, mutable);
+    };
+  }
+  function getRuntimeExposeMutableGlobal() {
+    if (typeof globalThis.__runtimeExposeMutableGlobal === "function") {
+      return globalThis.__runtimeExposeMutableGlobal;
+    }
+    return createRuntimeGlobalExposer(true);
+  }
+
+  // isolate-runtime/src/inject/bridge-initial-globals.ts
+  var __runtimeExposeMutableGlobal = getRuntimeExposeMutableGlobal();
+  var __bridgeSetupConfig = globalThis.__runtimeBridgeSetupConfig ?? {};
+  var __initialCwd = typeof __bridgeSetupConfig.initialCwd === "string" ? __bridgeSetupConfig.initialCwd : "/";
+  var __jsonPayloadLimitBytes = typeof __bridgeSetupConfig.jsonPayloadLimitBytes === "number" && Number.isFinite(__bridgeSetupConfig.jsonPayloadLimitBytes) ? Math.max(0, Math.floor(__bridgeSetupConfig.jsonPayloadLimitBytes)) : 4 * 1024 * 1024;
+  var __payloadLimitErrorCode = typeof __bridgeSetupConfig.payloadLimitErrorCode === "string" && __bridgeSetupConfig.payloadLimitErrorCode.length > 0 ? __bridgeSetupConfig.payloadLimitErrorCode : "ERR_SANDBOX_PAYLOAD_TOO_LARGE";
+  __runtimeExposeMutableGlobal("_moduleCache", {});
+  globalThis._moduleCache = globalThis._moduleCache ?? {};
+  var __moduleCache = globalThis._moduleCache;
+  if (__moduleCache) {
+    __moduleCache["v8"] = {
+      getHeapStatistics: function() {
+        return {
+          total_heap_size: 67108864,
+          total_heap_size_executable: 1048576,
+          total_physical_size: 67108864,
+          total_available_size: 67108864,
+          used_heap_size: 52428800,
+          heap_size_limit: 134217728,
+          malloced_memory: 8192,
+          peak_malloced_memory: 16384,
+          does_zap_garbage: 0,
+          number_of_native_contexts: 1,
+          number_of_detached_contexts: 0,
+          external_memory: 0
+        };
+      },
+      getHeapSpaceStatistics: function() {
+        return [];
+      },
+      getHeapCodeStatistics: function() {
+        return {};
+      },
+      setFlagsFromString: function() {
+      },
+      serialize: function(value) {
+        return Buffer.from(JSON.stringify(value));
+      },
+      deserialize: function(buffer) {
+        const text = buffer.toString();
+        if (Buffer.byteLength(text, "utf8") > __jsonPayloadLimitBytes) {
+          throw new Error(
+            __payloadLimitErrorCode + ": v8.deserialize exceeds " + String(__jsonPayloadLimitBytes) + " bytes"
+          );
+        }
+        return JSON.parse(text);
+      },
+      cachedDataVersionTag: function() {
+        return 0;
+      }
+    };
+  }
+  __runtimeExposeMutableGlobal("_pendingModules", {});
+  __runtimeExposeMutableGlobal("_currentModule", { dirname: __initialCwd });
+})();

package/dist/isolate-runtime/eval-script-result.js

@@ -0,0 +1,8 @@
+"use strict";
+(() => {
+  // isolate-runtime/src/inject/eval-script-result.ts
+  var __runtimeIndirectEval = globalThis.eval;
+  globalThis.__scriptResult__ = __runtimeIndirectEval(
+    String(globalThis.__runtimeExecCode)
+  );
+})();

package/dist/isolate-runtime/global-exposure-helpers.js

@@ -0,0 +1,36 @@
+"use strict";
+(() => {
+  // isolate-runtime/src/common/global-exposure.ts
+  function defineRuntimeGlobalBinding(name, value, mutable) {
+    Object.defineProperty(globalThis, name, {
+      value,
+      writable: mutable,
+      configurable: mutable,
+      enumerable: true
+    });
+  }
+  function createRuntimeGlobalExposer(mutable) {
+    return (name, value) => {
+      defineRuntimeGlobalBinding(name, value, mutable);
+    };
+  }
+  function ensureRuntimeExposureHelpers() {
+    if (typeof globalThis.__runtimeExposeCustomGlobal !== "function") {
+      defineRuntimeGlobalBinding(
+        "__runtimeExposeCustomGlobal",
+        createRuntimeGlobalExposer(false),
+        false
+      );
+    }
+    if (typeof globalThis.__runtimeExposeMutableGlobal !== "function") {
+      defineRuntimeGlobalBinding(
+        "__runtimeExposeMutableGlobal",
+        createRuntimeGlobalExposer(true),
+        false
+      );
+    }
+  }
+
+  // isolate-runtime/src/inject/global-exposure-helpers.ts
+  ensureRuntimeExposureHelpers();
+})();

package/dist/isolate-runtime/init-commonjs-module-globals.js

@@ -0,0 +1,28 @@
+"use strict";
+(() => {
+  // isolate-runtime/src/common/global-exposure.ts
+  function defineRuntimeGlobalBinding(name, value, mutable) {
+    Object.defineProperty(globalThis, name, {
+      value,
+      writable: mutable,
+      configurable: mutable,
+      enumerable: true
+    });
+  }
+  function createRuntimeGlobalExposer(mutable) {
+    return (name, value) => {
+      defineRuntimeGlobalBinding(name, value, mutable);
+    };
+  }
+  function getRuntimeExposeMutableGlobal() {
+    if (typeof globalThis.__runtimeExposeMutableGlobal === "function") {
+      return globalThis.__runtimeExposeMutableGlobal;
+    }
+    return createRuntimeGlobalExposer(true);
+  }
+
+  // isolate-runtime/src/inject/init-commonjs-module-globals.ts
+  var __runtimeExposeMutableGlobal = getRuntimeExposeMutableGlobal();
+  __runtimeExposeMutableGlobal("module", { exports: {} });
+  __runtimeExposeMutableGlobal("exports", globalThis.module.exports);
+})();

package/dist/isolate-runtime/override-process-cwd.js

@@ -0,0 +1,8 @@
+"use strict";
+(() => {
+  // isolate-runtime/src/inject/override-process-cwd.ts
+  var __cwd = globalThis.__runtimeProcessCwdOverride;
+  if (typeof __cwd === "string") {
+    process.cwd = () => __cwd;
+  }
+})();

package/dist/isolate-runtime/override-process-env.js

@@ -0,0 +1,8 @@
+"use strict";
+(() => {
+  // isolate-runtime/src/inject/override-process-env.ts
+  var __envPatch = globalThis.__runtimeProcessEnvOverride;
+  if (__envPatch && typeof __envPatch === "object") {
+    Object.assign(process.env, __envPatch);
+  }
+})();