secure-exec 0.1.1-rc.2 → 0.2.0-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bridge-loader.d.ts +1 -1
- package/dist/bridge-loader.js +2 -2
- package/dist/bridge-setup.js +1 -1
- package/dist/esm-compiler.js +1 -1
- package/dist/index.d.ts +7 -3
- package/dist/index.js +5 -18
- package/dist/module-resolver.js +1 -1
- package/dist/node/bridge-setup.d.ts +1 -1
- package/dist/node/bridge-setup.js +2 -2
- package/dist/node/driver.d.ts +2 -2
- package/dist/node/driver.js +2 -2
- package/dist/node/execution-driver.d.ts +2 -2
- package/dist/node/execution-driver.js +2 -2
- package/dist/node/isolate-bootstrap.d.ts +2 -2
- package/dist/node/isolate-bootstrap.js +1 -1
- package/dist/node/module-access.d.ts +2 -2
- package/dist/node/module-access.js +2 -2
- package/dist/node/module-resolver.d.ts +1 -1
- package/dist/node/module-resolver.js +2 -2
- package/dist/polyfills.d.ts +1 -1
- package/dist/polyfills.js +2 -2
- package/dist/runtime.d.ts +31 -2
- package/dist/runtime.js +69 -2
- package/dist/shared/bridge-contract.d.ts +1 -1
- package/dist/types.d.ts +2 -1
- package/package.json +8 -16
- package/dist/browser-runtime.d.ts +0 -6
- package/dist/browser-runtime.js +0 -4
- package/dist/execution.d.ts +0 -1
- package/dist/execution.js +0 -2
- package/dist/isolate.d.ts +0 -1
- package/dist/isolate.js +0 -2
- package/dist/node/esm-compiler.d.ts +0 -1
- package/dist/node/esm-compiler.js +0 -2
- package/dist/node/execution-lifecycle.d.ts +0 -1
- package/dist/node/execution-lifecycle.js +0 -2
- package/dist/python-runtime.d.ts +0 -5
- package/dist/python-runtime.js +0 -4
package/dist/bridge-loader.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export { getRawBridgeCode, getBridgeAttachCode } from "@secure-exec/
|
|
1
|
+
export { getRawBridgeCode, getBridgeAttachCode } from "@secure-exec/nodejs/internal/bridge-loader";
|
package/dist/bridge-loader.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
// Re-exported from @secure-exec/
|
|
2
|
-
export { getRawBridgeCode, getBridgeAttachCode } from "@secure-exec/
|
|
1
|
+
// Re-exported from @secure-exec/nodejs — canonical source is packages/nodejs/src/bridge-loader.ts
|
|
2
|
+
export { getRawBridgeCode, getBridgeAttachCode } from "@secure-exec/nodejs/internal/bridge-loader";
|
package/dist/bridge-setup.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
// Re-exported from @secure-exec/core — canonical source is packages/
|
|
1
|
+
// Re-exported from @secure-exec/core — canonical source is packages/core/src/bridge-setup.ts
|
|
2
2
|
export { getInitialBridgeGlobalsSetupCode } from "@secure-exec/core";
|
package/dist/esm-compiler.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
// Re-exported from @secure-exec/core — canonical source
|
|
1
|
+
// Re-exported from @secure-exec/core — canonical source moved to packages/nodejs/src/esm-compiler.ts (US-003)
|
|
2
2
|
export { getStaticBuiltinWrapperSource, createBuiltinESMWrapper, getEmptyBuiltinESMWrapper, } from "@secure-exec/core";
|
package/dist/index.d.ts
CHANGED
|
@@ -1,10 +1,14 @@
|
|
|
1
1
|
export { NodeRuntime } from "./runtime.js";
|
|
2
2
|
export type { NodeRuntimeOptions } from "./runtime.js";
|
|
3
3
|
export type { ResourceBudgets } from "./runtime-driver.js";
|
|
4
|
-
export type {
|
|
4
|
+
export type { NodeRuntimeDriver, NodeRuntimeDriverFactory, NetworkAdapter, Permissions, VirtualFileSystem, } from "./types.js";
|
|
5
5
|
export type { DirEntry, StatInfo } from "./fs-helpers.js";
|
|
6
6
|
export type { StdioChannel, StdioEvent, StdioHook, ExecOptions, ExecResult, OSConfig, ProcessConfig, RunResult, TimingMitigation, } from "./shared/api-types.js";
|
|
7
|
-
export { createDefaultNetworkAdapter, createNodeDriver, createNodeRuntimeDriverFactory, NodeExecutionDriver, NodeFileSystem, } from "@secure-exec/
|
|
8
|
-
export type { ModuleAccessOptions, NodeRuntimeDriverFactoryOptions, } from "@secure-exec/
|
|
7
|
+
export { createDefaultNetworkAdapter, createNodeDriver, createNodeRuntimeDriverFactory, NodeExecutionDriver, NodeFileSystem, } from "@secure-exec/nodejs";
|
|
8
|
+
export type { ModuleAccessOptions, NodeRuntimeDriverFactoryOptions, } from "@secure-exec/nodejs";
|
|
9
|
+
export { createKernel } from "@secure-exec/core";
|
|
10
|
+
export type { Kernel, KernelInterface } from "@secure-exec/core";
|
|
11
|
+
export { createNodeRuntime } from "@secure-exec/nodejs";
|
|
12
|
+
export type { BindingTree, BindingFunction } from "@secure-exec/nodejs";
|
|
9
13
|
export { createInMemoryFileSystem } from "./shared/in-memory-fs.js";
|
|
10
14
|
export { allowAll, allowAllChildProcess, allowAllEnv, allowAllFs, allowAllNetwork, } from "./shared/permissions.js";
|
package/dist/index.js
CHANGED
|
@@ -1,23 +1,10 @@
|
|
|
1
1
|
// Re-export core runtime surface.
|
|
2
2
|
export { NodeRuntime } from "./runtime.js";
|
|
3
3
|
// Re-export Node driver factories.
|
|
4
|
-
export { createDefaultNetworkAdapter, createNodeDriver, createNodeRuntimeDriverFactory, NodeExecutionDriver, NodeFileSystem, } from "@secure-exec/
|
|
5
|
-
//
|
|
6
|
-
|
|
7
|
-
//
|
|
8
|
-
|
|
9
|
-
// } from "@secure-exec/python";
|
|
10
|
-
// TODO: Re-enable once @secure-exec/browser is a reliable optional dependency
|
|
11
|
-
// export {
|
|
12
|
-
// createBrowserDriver,
|
|
13
|
-
// createBrowserNetworkAdapter,
|
|
14
|
-
// createBrowserRuntimeDriverFactory,
|
|
15
|
-
// createOpfsFileSystem,
|
|
16
|
-
// } from "@secure-exec/browser";
|
|
17
|
-
// export type {
|
|
18
|
-
// BrowserDriverOptions,
|
|
19
|
-
// BrowserRuntimeDriverFactoryOptions,
|
|
20
|
-
// BrowserRuntimeSystemOptions,
|
|
21
|
-
// } from "@secure-exec/browser";
|
|
4
|
+
export { createDefaultNetworkAdapter, createNodeDriver, createNodeRuntimeDriverFactory, NodeExecutionDriver, NodeFileSystem, } from "@secure-exec/nodejs";
|
|
5
|
+
// Re-export kernel API.
|
|
6
|
+
export { createKernel } from "@secure-exec/core";
|
|
7
|
+
// Re-export kernel Node runtime factory.
|
|
8
|
+
export { createNodeRuntime } from "@secure-exec/nodejs";
|
|
22
9
|
export { createInMemoryFileSystem } from "./shared/in-memory-fs.js";
|
|
23
10
|
export { allowAll, allowAllChildProcess, allowAllEnv, allowAllFs, allowAllNetwork, } from "./shared/permissions.js";
|
package/dist/module-resolver.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
// Re-exported from @secure-exec/core — canonical source
|
|
1
|
+
// Re-exported from @secure-exec/core — canonical source moved to packages/nodejs/src/builtin-modules.ts (US-003)
|
|
2
2
|
export { BUILTIN_NAMED_EXPORTS, normalizeBuiltinSpecifier, getPathDir, } from "@secure-exec/core";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
export { emitConsoleEvent,
|
|
1
|
+
export { emitConsoleEvent, stripDangerousEnv, createProcessConfigForExecution, } from "@secure-exec/nodejs";
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
// Re-exported from @secure-exec/
|
|
2
|
-
export { emitConsoleEvent,
|
|
1
|
+
// Re-exported from @secure-exec/nodejs
|
|
2
|
+
export { emitConsoleEvent, stripDangerousEnv, createProcessConfigForExecution, } from "@secure-exec/nodejs";
|
package/dist/node/driver.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export { createDefaultNetworkAdapter, createNodeDriver, createNodeRuntimeDriverFactory, NodeFileSystem, NodeExecutionDriver, filterEnv, isPrivateIp, } from "@secure-exec/
|
|
2
|
-
export type { NodeDriverOptions, NodeRuntimeDriverFactoryOptions, ModuleAccessOptions, } from "@secure-exec/
|
|
1
|
+
export { createDefaultNetworkAdapter, createNodeDriver, createNodeRuntimeDriverFactory, NodeFileSystem, NodeExecutionDriver, filterEnv, isPrivateIp, } from "@secure-exec/nodejs";
|
|
2
|
+
export type { NodeDriverOptions, NodeRuntimeDriverFactoryOptions, ModuleAccessOptions, } from "@secure-exec/nodejs";
|
package/dist/node/driver.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
// Re-exported from @secure-exec/
|
|
2
|
-
export { createDefaultNetworkAdapter, createNodeDriver, createNodeRuntimeDriverFactory, NodeFileSystem, NodeExecutionDriver, filterEnv, isPrivateIp, } from "@secure-exec/
|
|
1
|
+
// Re-exported from @secure-exec/nodejs — canonical source is packages/nodejs/src/driver.ts
|
|
2
|
+
export { createDefaultNetworkAdapter, createNodeDriver, createNodeRuntimeDriverFactory, NodeFileSystem, NodeExecutionDriver, filterEnv, isPrivateIp, } from "@secure-exec/nodejs";
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export { NodeExecutionDriver } from "@secure-exec/
|
|
2
|
-
export type { NodeExecutionDriverOptions } from "@secure-exec/
|
|
1
|
+
export { NodeExecutionDriver } from "@secure-exec/nodejs/internal/execution-driver";
|
|
2
|
+
export type { NodeExecutionDriverOptions } from "@secure-exec/nodejs/internal/isolate-bootstrap";
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
// Re-exported from @secure-exec/
|
|
2
|
-
export { NodeExecutionDriver } from "@secure-exec/
|
|
1
|
+
// Re-exported from @secure-exec/nodejs
|
|
2
|
+
export { NodeExecutionDriver } from "@secure-exec/nodejs/internal/execution-driver";
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export type { NodeExecutionDriverOptions, BudgetState, DriverDeps, } from "@secure-exec/
|
|
2
|
-
export { DEFAULT_BRIDGE_BASE64_TRANSFER_BYTES, DEFAULT_ISOLATE_JSON_PAYLOAD_BYTES, MIN_CONFIGURED_PAYLOAD_BYTES, MAX_CONFIGURED_PAYLOAD_BYTES, PAYLOAD_LIMIT_ERROR_CODE, RESOURCE_BUDGET_ERROR_CODE, DEFAULT_SANDBOX_CWD, DEFAULT_SANDBOX_HOME, DEFAULT_SANDBOX_TMPDIR, PayloadLimitError, normalizePayloadLimit, getUtf8ByteLength, getBase64EncodedByteLength, assertPayloadByteLength, assertTextPayloadSize, createBudgetState, checkBridgeBudget, parseJsonWithLimit, getExecutionTimeoutMs, getTimingMitigation, polyfillCodeCache, polyfillNamedExportsCache, hostBuiltinNamedExportsCache, hostRequire, isValidExportName, getHostBuiltinNamedExports, } from "@secure-exec/
|
|
1
|
+
export type { NodeExecutionDriverOptions, BudgetState, DriverDeps, } from "@secure-exec/nodejs/internal/isolate-bootstrap";
|
|
2
|
+
export { DEFAULT_BRIDGE_BASE64_TRANSFER_BYTES, DEFAULT_ISOLATE_JSON_PAYLOAD_BYTES, MIN_CONFIGURED_PAYLOAD_BYTES, MAX_CONFIGURED_PAYLOAD_BYTES, PAYLOAD_LIMIT_ERROR_CODE, RESOURCE_BUDGET_ERROR_CODE, DEFAULT_SANDBOX_CWD, DEFAULT_SANDBOX_HOME, DEFAULT_SANDBOX_TMPDIR, PayloadLimitError, normalizePayloadLimit, getUtf8ByteLength, getBase64EncodedByteLength, assertPayloadByteLength, assertTextPayloadSize, createBudgetState, checkBridgeBudget, parseJsonWithLimit, getExecutionTimeoutMs, getTimingMitigation, polyfillCodeCache, polyfillNamedExportsCache, hostBuiltinNamedExportsCache, hostRequire, isValidExportName, getHostBuiltinNamedExports, } from "@secure-exec/nodejs/internal/isolate-bootstrap";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
export { DEFAULT_BRIDGE_BASE64_TRANSFER_BYTES, DEFAULT_ISOLATE_JSON_PAYLOAD_BYTES, MIN_CONFIGURED_PAYLOAD_BYTES, MAX_CONFIGURED_PAYLOAD_BYTES, PAYLOAD_LIMIT_ERROR_CODE, RESOURCE_BUDGET_ERROR_CODE, DEFAULT_SANDBOX_CWD, DEFAULT_SANDBOX_HOME, DEFAULT_SANDBOX_TMPDIR, PayloadLimitError, normalizePayloadLimit, getUtf8ByteLength, getBase64EncodedByteLength, assertPayloadByteLength, assertTextPayloadSize, createBudgetState, checkBridgeBudget, parseJsonWithLimit, getExecutionTimeoutMs, getTimingMitigation, polyfillCodeCache, polyfillNamedExportsCache, hostBuiltinNamedExportsCache, hostRequire, isValidExportName, getHostBuiltinNamedExports, } from "@secure-exec/
|
|
1
|
+
export { DEFAULT_BRIDGE_BASE64_TRANSFER_BYTES, DEFAULT_ISOLATE_JSON_PAYLOAD_BYTES, MIN_CONFIGURED_PAYLOAD_BYTES, MAX_CONFIGURED_PAYLOAD_BYTES, PAYLOAD_LIMIT_ERROR_CODE, RESOURCE_BUDGET_ERROR_CODE, DEFAULT_SANDBOX_CWD, DEFAULT_SANDBOX_HOME, DEFAULT_SANDBOX_TMPDIR, PayloadLimitError, normalizePayloadLimit, getUtf8ByteLength, getBase64EncodedByteLength, assertPayloadByteLength, assertTextPayloadSize, createBudgetState, checkBridgeBudget, parseJsonWithLimit, getExecutionTimeoutMs, getTimingMitigation, polyfillCodeCache, polyfillNamedExportsCache, hostBuiltinNamedExportsCache, hostRequire, isValidExportName, getHostBuiltinNamedExports, } from "@secure-exec/nodejs/internal/isolate-bootstrap";
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export { ModuleAccessFileSystem } from "@secure-exec/
|
|
2
|
-
export type { ModuleAccessOptions } from "@secure-exec/
|
|
1
|
+
export { ModuleAccessFileSystem } from "@secure-exec/nodejs/internal/module-access";
|
|
2
|
+
export type { ModuleAccessOptions } from "@secure-exec/nodejs/internal/module-access";
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
// Re-exported from @secure-exec/
|
|
2
|
-
export { ModuleAccessFileSystem } from "@secure-exec/
|
|
1
|
+
// Re-exported from @secure-exec/nodejs — canonical source is packages/nodejs/src/module-access.ts
|
|
2
|
+
export { ModuleAccessFileSystem } from "@secure-exec/nodejs/internal/module-access";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
export { getNearestPackageType, getModuleFormat, shouldRunAsESM, resolveReferrerDirectory, resolveESMPath, } from "@secure-exec/
|
|
1
|
+
export { getNearestPackageType, getModuleFormat, shouldRunAsESM, resolveReferrerDirectory, resolveESMPath, } from "@secure-exec/nodejs/internal/module-resolver";
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
// Re-exported from @secure-exec/
|
|
2
|
-
export { getNearestPackageType, getModuleFormat, shouldRunAsESM, resolveReferrerDirectory, resolveESMPath, } from "@secure-exec/
|
|
1
|
+
// Re-exported from @secure-exec/nodejs — canonical source is packages/nodejs/src/module-resolver.ts
|
|
2
|
+
export { getNearestPackageType, getModuleFormat, shouldRunAsESM, resolveReferrerDirectory, resolveESMPath, } from "@secure-exec/nodejs/internal/module-resolver";
|
package/dist/polyfills.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export { bundlePolyfill, getAvailableStdlib, hasPolyfill, prebundleAllPolyfills, } from "@secure-exec/
|
|
1
|
+
export { bundlePolyfill, getAvailableStdlib, hasPolyfill, prebundleAllPolyfills, } from "@secure-exec/nodejs/internal/polyfills";
|
package/dist/polyfills.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
// Re-exported from @secure-exec/
|
|
2
|
-
export { bundlePolyfill, getAvailableStdlib, hasPolyfill, prebundleAllPolyfills, } from "@secure-exec/
|
|
1
|
+
// Re-exported from @secure-exec/nodejs — canonical source is packages/nodejs/src/polyfills.ts
|
|
2
|
+
export { bundlePolyfill, getAvailableStdlib, hasPolyfill, prebundleAllPolyfills, } from "@secure-exec/nodejs/internal/polyfills";
|
package/dist/runtime.d.ts
CHANGED
|
@@ -1,2 +1,31 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
import type { NetworkAdapter, NodeRuntimeDriverFactory, SystemDriver } from "@secure-exec/core";
|
|
2
|
+
import type { StdioHook, ExecOptions, ExecResult, RunResult, TimingMitigation } from "@secure-exec/core";
|
|
3
|
+
import type { ResourceBudgets } from "@secure-exec/core";
|
|
4
|
+
export interface NodeRuntimeOptions {
|
|
5
|
+
systemDriver: SystemDriver;
|
|
6
|
+
runtimeDriverFactory: NodeRuntimeDriverFactory;
|
|
7
|
+
memoryLimit?: number;
|
|
8
|
+
cpuTimeLimitMs?: number;
|
|
9
|
+
timingMitigation?: TimingMitigation;
|
|
10
|
+
onStdio?: StdioHook;
|
|
11
|
+
payloadLimits?: {
|
|
12
|
+
base64TransferBytes?: number;
|
|
13
|
+
jsonPayloadBytes?: number;
|
|
14
|
+
};
|
|
15
|
+
resourceBudgets?: ResourceBudgets;
|
|
16
|
+
}
|
|
17
|
+
export declare class NodeRuntime {
|
|
18
|
+
private readonly runtimeDriver;
|
|
19
|
+
constructor(options: NodeRuntimeOptions);
|
|
20
|
+
get network(): Pick<NetworkAdapter, "fetch" | "dnsLookup" | "httpRequest">;
|
|
21
|
+
get __unsafeIsoalte(): unknown;
|
|
22
|
+
__unsafeCreateContext(options?: {
|
|
23
|
+
env?: Record<string, string>;
|
|
24
|
+
cwd?: string;
|
|
25
|
+
filePath?: string;
|
|
26
|
+
}): Promise<unknown>;
|
|
27
|
+
run<T = unknown>(code: string, filePath?: string): Promise<RunResult<T>>;
|
|
28
|
+
exec(code: string, options?: ExecOptions): Promise<ExecResult>;
|
|
29
|
+
dispose(): void;
|
|
30
|
+
terminate(): Promise<void>;
|
|
31
|
+
}
|
package/dist/runtime.js
CHANGED
|
@@ -1,2 +1,69 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
import { createNetworkStub, filterEnv } from "@secure-exec/core";
|
|
2
|
+
const DEFAULT_SANDBOX_CWD = "/root";
|
|
3
|
+
const DEFAULT_SANDBOX_HOME = "/root";
|
|
4
|
+
const DEFAULT_SANDBOX_TMPDIR = "/tmp";
|
|
5
|
+
export class NodeRuntime {
|
|
6
|
+
runtimeDriver;
|
|
7
|
+
constructor(options) {
|
|
8
|
+
const { systemDriver, runtimeDriverFactory } = options;
|
|
9
|
+
const processConfig = {
|
|
10
|
+
...(systemDriver.runtime.process ?? {}),
|
|
11
|
+
};
|
|
12
|
+
processConfig.cwd ??= DEFAULT_SANDBOX_CWD;
|
|
13
|
+
processConfig.env = filterEnv(processConfig.env, systemDriver.permissions);
|
|
14
|
+
const osConfig = {
|
|
15
|
+
...(systemDriver.runtime.os ?? {}),
|
|
16
|
+
};
|
|
17
|
+
osConfig.homedir ??= DEFAULT_SANDBOX_HOME;
|
|
18
|
+
osConfig.tmpdir ??= DEFAULT_SANDBOX_TMPDIR;
|
|
19
|
+
this.runtimeDriver = runtimeDriverFactory.createRuntimeDriver({
|
|
20
|
+
system: systemDriver,
|
|
21
|
+
runtime: {
|
|
22
|
+
process: processConfig,
|
|
23
|
+
os: osConfig,
|
|
24
|
+
},
|
|
25
|
+
memoryLimit: options.memoryLimit,
|
|
26
|
+
cpuTimeLimitMs: options.cpuTimeLimitMs,
|
|
27
|
+
timingMitigation: options.timingMitigation,
|
|
28
|
+
onStdio: options.onStdio,
|
|
29
|
+
payloadLimits: options.payloadLimits,
|
|
30
|
+
resourceBudgets: options.resourceBudgets,
|
|
31
|
+
});
|
|
32
|
+
}
|
|
33
|
+
get network() {
|
|
34
|
+
const adapter = this.runtimeDriver.network ?? createNetworkStub();
|
|
35
|
+
return {
|
|
36
|
+
fetch: (url, options) => adapter.fetch(url, options),
|
|
37
|
+
dnsLookup: (hostname) => adapter.dnsLookup(hostname),
|
|
38
|
+
httpRequest: (url, options) => adapter.httpRequest(url, options),
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
get __unsafeIsoalte() {
|
|
42
|
+
if (this.runtimeDriver.unsafeIsolate === undefined) {
|
|
43
|
+
throw new Error("Driver runtime does not expose unsafe isolate access");
|
|
44
|
+
}
|
|
45
|
+
return this.runtimeDriver.unsafeIsolate;
|
|
46
|
+
}
|
|
47
|
+
async __unsafeCreateContext(options = {}) {
|
|
48
|
+
if (!this.runtimeDriver.createUnsafeContext) {
|
|
49
|
+
throw new Error("Driver runtime does not expose unsafe context creation");
|
|
50
|
+
}
|
|
51
|
+
return this.runtimeDriver.createUnsafeContext(options);
|
|
52
|
+
}
|
|
53
|
+
async run(code, filePath) {
|
|
54
|
+
return this.runtimeDriver.run(code, filePath);
|
|
55
|
+
}
|
|
56
|
+
async exec(code, options) {
|
|
57
|
+
return this.runtimeDriver.exec(code, options);
|
|
58
|
+
}
|
|
59
|
+
dispose() {
|
|
60
|
+
this.runtimeDriver.dispose();
|
|
61
|
+
}
|
|
62
|
+
async terminate() {
|
|
63
|
+
if (this.runtimeDriver.terminate) {
|
|
64
|
+
await this.runtimeDriver.terminate();
|
|
65
|
+
return;
|
|
66
|
+
}
|
|
67
|
+
this.runtimeDriver.dispose();
|
|
68
|
+
}
|
|
69
|
+
}
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export type { BridgeGlobalKey, ChildProcessKillBridgeRef, ChildProcessSpawnStartBridgeRef, ChildProcessSpawnSyncBridgeRef, ChildProcessStdinCloseBridgeRef, ChildProcessStdinWriteBridgeRef, CryptoRandomFillBridgeRef, CryptoRandomUuidBridgeRef, DynamicImportBridgeRef, FsChmodBridgeRef, FsChownBridgeRef, FsExistsBridgeRef, FsFacadeBridge, FsLinkBridgeRef, FsLstatBridgeRef, FsMkdirBridgeRef, FsReadDirBridgeRef, FsReadFileBinaryBridgeRef, FsReadFileBridgeRef, FsReadlinkBridgeRef, FsRenameBridgeRef, FsRmdirBridgeRef, FsStatBridgeRef, FsSymlinkBridgeRef, FsTruncateBridgeRef, FsUnlinkBridgeRef, FsUtimesBridgeRef, FsWriteFileBinaryBridgeRef, FsWriteFileBridgeRef, HostBridgeGlobalKey, LoadFileBridgeRef, LoadPolyfillBridgeRef, ModuleCacheBridgeRecord, NetworkDnsLookupRawBridgeRef, NetworkFetchRawBridgeRef, NetworkHttpRequestRawBridgeRef, NetworkHttpServerCloseRawBridgeRef, NetworkHttpServerListenRawBridgeRef, ProcessErrorBridgeRef, ProcessLogBridgeRef, RegisterHandleBridgeFn, RequireFromBridgeFn, ResolveModuleBridgeRef, RuntimeBridgeGlobalKey, ScheduleTimerBridgeRef, UnregisterHandleBridgeFn, ValueOf, } from "@secure-exec/core";
|
|
1
|
+
export type { BridgeApplyRef, BridgeApplySyncPromiseRef, BridgeApplySyncRef, BridgeGlobalKey, ChildProcessKillBridgeRef, ChildProcessSpawnStartBridgeRef, ChildProcessSpawnSyncBridgeRef, ChildProcessStdinCloseBridgeRef, ChildProcessStdinWriteBridgeRef, CryptoRandomFillBridgeRef, CryptoRandomUuidBridgeRef, DynamicImportBridgeRef, FsChmodBridgeRef, FsChownBridgeRef, FsExistsBridgeRef, FsFacadeBridge, FsLinkBridgeRef, FsLstatBridgeRef, FsMkdirBridgeRef, FsReadDirBridgeRef, FsReadFileBinaryBridgeRef, FsReadFileBridgeRef, FsReadlinkBridgeRef, FsRenameBridgeRef, FsRmdirBridgeRef, FsStatBridgeRef, FsSymlinkBridgeRef, FsTruncateBridgeRef, FsUnlinkBridgeRef, FsUtimesBridgeRef, FsWriteFileBinaryBridgeRef, FsWriteFileBridgeRef, HostBridgeGlobalKey, LoadFileBridgeRef, LoadPolyfillBridgeRef, ModuleCacheBridgeRecord, NetworkDnsLookupRawBridgeRef, NetworkFetchRawBridgeRef, NetworkHttpRequestRawBridgeRef, NetworkHttpServerCloseRawBridgeRef, NetworkHttpServerListenRawBridgeRef, UpgradeSocketWriteRawBridgeRef, UpgradeSocketEndRawBridgeRef, UpgradeSocketDestroyRawBridgeRef, ProcessErrorBridgeRef, ProcessLogBridgeRef, RegisterHandleBridgeFn, RequireFromBridgeFn, ResolveModuleBridgeRef, RuntimeBridgeGlobalKey, ScheduleTimerBridgeRef, UnregisterHandleBridgeFn, ValueOf, } from "@secure-exec/core";
|
|
2
2
|
export { BRIDGE_GLOBAL_KEY_LIST, HOST_BRIDGE_GLOBAL_KEY_LIST, HOST_BRIDGE_GLOBAL_KEYS, RUNTIME_BRIDGE_GLOBAL_KEY_LIST, RUNTIME_BRIDGE_GLOBAL_KEYS, } from "@secure-exec/core";
|
package/dist/types.d.ts
CHANGED
|
@@ -1,2 +1,3 @@
|
|
|
1
|
-
export type { ChildProcessAccessRequest,
|
|
1
|
+
export type { ChildProcessAccessRequest, EnvAccessRequest, FsAccessRequest, NetworkAccessRequest, PermissionCheck, PermissionDecision, Permissions, VirtualDirEntry, VirtualFileSystem, VirtualStat, } from "@secure-exec/core";
|
|
2
|
+
export type { CommandExecutor, NetworkAdapter, NetworkServerAddress, NetworkServerListenOptions, NetworkServerRequest, NetworkServerResponse, SpawnedProcess, } from "@secure-exec/core";
|
|
2
3
|
export type { DriverRuntimeConfig, NodeRuntimeDriver, NodeRuntimeDriverFactory, PythonRuntimeDriver, PythonRuntimeDriverFactory, RuntimeDriver, RuntimeDriverFactory, RuntimeDriverOptions, SharedRuntimeDriver, SystemDriver, } from "@secure-exec/core";
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "secure-exec",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.2.0-rc.1",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -19,25 +19,15 @@
|
|
|
19
19
|
"types": "./dist/index.d.ts",
|
|
20
20
|
"import": "./dist/index.js",
|
|
21
21
|
"default": "./dist/index.js"
|
|
22
|
-
},
|
|
23
|
-
"./browser": {
|
|
24
|
-
"types": "./dist/browser-runtime.d.ts",
|
|
25
|
-
"import": "./dist/browser-runtime.js",
|
|
26
|
-
"default": "./dist/browser-runtime.js"
|
|
27
|
-
},
|
|
28
|
-
"./python": {
|
|
29
|
-
"types": "./dist/python-runtime.d.ts",
|
|
30
|
-
"import": "./dist/python-runtime.js",
|
|
31
|
-
"default": "./dist/python-runtime.js"
|
|
32
22
|
}
|
|
33
23
|
},
|
|
34
24
|
"dependencies": {
|
|
35
|
-
"@secure-exec/
|
|
36
|
-
"@secure-exec/
|
|
25
|
+
"@secure-exec/nodejs": "0.2.0-rc.1",
|
|
26
|
+
"@secure-exec/core": "0.2.0-rc.1"
|
|
37
27
|
},
|
|
38
28
|
"optionalDependencies": {
|
|
39
|
-
"@secure-exec/
|
|
40
|
-
"@secure-exec/
|
|
29
|
+
"@secure-exec/browser": "0.2.0-rc.1",
|
|
30
|
+
"@secure-exec/python": "0.2.0-rc.1"
|
|
41
31
|
},
|
|
42
32
|
"devDependencies": {
|
|
43
33
|
"@mariozechner/pi-coding-agent": "^0.60.0",
|
|
@@ -45,11 +35,12 @@
|
|
|
45
35
|
"@types/node": "^22.10.2",
|
|
46
36
|
"@vitest/browser": "^2.1.8",
|
|
47
37
|
"@xterm/headless": "^6.0.0",
|
|
38
|
+
"minimatch": "^10.2.4",
|
|
48
39
|
"playwright": "^1.52.0",
|
|
49
40
|
"tsx": "^4.19.2",
|
|
50
41
|
"typescript": "^5.7.2",
|
|
51
42
|
"vitest": "^2.1.8",
|
|
52
|
-
"@secure-exec/v8": "0.
|
|
43
|
+
"@secure-exec/v8": "0.2.0-rc.1"
|
|
53
44
|
},
|
|
54
45
|
"scripts": {
|
|
55
46
|
"check-types": "tsc --noEmit",
|
|
@@ -60,6 +51,7 @@
|
|
|
60
51
|
"test:integration:node": "pnpm run test:test-suite && pnpm run test:runtime-driver",
|
|
61
52
|
"test:integration:browser": "vitest run --config vitest.browser.config.ts tests/test-suite/node.test.ts tests/runtime-driver/browser/runtime.test.ts",
|
|
62
53
|
"test:project-matrix": "vitest run tests/project-matrix.test.ts",
|
|
54
|
+
"test:e2e-docker": "vitest run tests/e2e-docker.test.ts",
|
|
63
55
|
"test": "vitest run",
|
|
64
56
|
"test:watch": "vitest"
|
|
65
57
|
}
|
|
@@ -1,6 +0,0 @@
|
|
|
1
|
-
export { NodeRuntime } from "@secure-exec/core";
|
|
2
|
-
export type { NodeRuntimeOptions } from "@secure-exec/core";
|
|
3
|
-
export { createBrowserDriver, createBrowserNetworkAdapter, createBrowserRuntimeDriverFactory, createOpfsFileSystem, } from "@secure-exec/browser";
|
|
4
|
-
export type { BrowserDriverOptions, BrowserRuntimeDriverFactoryOptions, BrowserRuntimeSystemOptions, } from "@secure-exec/browser";
|
|
5
|
-
export type { StdioChannel, StdioEvent, StdioHook, ExecOptions, ExecResult, OSConfig, PythonRunResult, ProcessConfig, RunResult, TimingMitigation, } from "@secure-exec/core";
|
|
6
|
-
export { allowAll, allowAllChildProcess, allowAllEnv, allowAllFs, allowAllNetwork, } from "@secure-exec/core";
|
package/dist/browser-runtime.js
DELETED
|
@@ -1,4 +0,0 @@
|
|
|
1
|
-
// Browser-safe entrypoint for NodeRuntime + browser driver factories.
|
|
2
|
-
export { NodeRuntime } from "@secure-exec/core";
|
|
3
|
-
export { createBrowserDriver, createBrowserNetworkAdapter, createBrowserRuntimeDriverFactory, createOpfsFileSystem, } from "@secure-exec/browser";
|
|
4
|
-
export { allowAll, allowAllChildProcess, allowAllEnv, allowAllFs, allowAllNetwork, } from "@secure-exec/core";
|
package/dist/execution.d.ts
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export { executeWithRuntime } from "@secure-exec/node/internal/execution";
|
package/dist/execution.js
DELETED
package/dist/isolate.d.ts
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export { DEFAULT_TIMING_MITIGATION, TIMEOUT_EXIT_CODE, TIMEOUT_ERROR_MESSAGE, ExecutionTimeoutError, createIsolate, getExecutionDeadlineMs, getExecutionRunOptions, runWithExecutionDeadline, isExecutionTimeoutError, } from "@secure-exec/node/internal/isolate";
|
package/dist/isolate.js
DELETED
|
@@ -1,2 +0,0 @@
|
|
|
1
|
-
// Re-exported from @secure-exec/node — canonical source is packages/secure-exec-node/src/isolate.ts
|
|
2
|
-
export { DEFAULT_TIMING_MITIGATION, TIMEOUT_EXIT_CODE, TIMEOUT_ERROR_MESSAGE, ExecutionTimeoutError, createIsolate, getExecutionDeadlineMs, getExecutionRunOptions, runWithExecutionDeadline, isExecutionTimeoutError, } from "@secure-exec/node/internal/isolate";
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export { compileESMModule, createESMResolver, runESM, isAlreadyInstantiatedModuleError, resolveDynamicImportNamespace, precompileDynamicImports, setupDynamicImport, } from "@secure-exec/node/internal/esm-compiler";
|
|
@@ -1,2 +0,0 @@
|
|
|
1
|
-
// Re-exported from @secure-exec/node — canonical source is packages/secure-exec-node/src/esm-compiler.ts
|
|
2
|
-
export { compileESMModule, createESMResolver, runESM, isAlreadyInstantiatedModuleError, resolveDynamicImportNamespace, precompileDynamicImports, setupDynamicImport, } from "@secure-exec/node/internal/esm-compiler";
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export { applyExecutionOverrides, initCommonJsModuleGlobals, setCommonJsFileGlobals, applyCustomGlobalExposurePolicy, awaitScriptResult, overrideProcessConfig, setStdinData, } from "@secure-exec/node/internal/execution-lifecycle";
|
|
@@ -1,2 +0,0 @@
|
|
|
1
|
-
// Re-exported from @secure-exec/node — canonical source is packages/secure-exec-node/src/execution-lifecycle.ts
|
|
2
|
-
export { applyExecutionOverrides, initCommonJsModuleGlobals, setCommonJsFileGlobals, applyCustomGlobalExposurePolicy, awaitScriptResult, overrideProcessConfig, setStdinData, } from "@secure-exec/node/internal/execution-lifecycle";
|
package/dist/python-runtime.d.ts
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
export { PythonRuntime } from "@secure-exec/core";
|
|
2
|
-
export type { PythonRuntimeOptions } from "@secure-exec/core";
|
|
3
|
-
export { createPyodideRuntimeDriverFactory, PyodideRuntimeDriver, } from "@secure-exec/python";
|
|
4
|
-
export type { StdioChannel, StdioEvent, StdioHook, ExecOptions, ExecResult, OSConfig, PythonRunOptions, PythonRunResult, ProcessConfig, RunResult, TimingMitigation, } from "@secure-exec/core";
|
|
5
|
-
export { allowAll, allowAllChildProcess, allowAllEnv, allowAllFs, allowAllNetwork, } from "@secure-exec/core";
|
package/dist/python-runtime.js
DELETED
|
@@ -1,4 +0,0 @@
|
|
|
1
|
-
// Python-only entrypoint: import from "secure-exec/python".
|
|
2
|
-
export { PythonRuntime } from "@secure-exec/core";
|
|
3
|
-
export { createPyodideRuntimeDriverFactory, PyodideRuntimeDriver, } from "@secure-exec/python";
|
|
4
|
-
export { allowAll, allowAllChildProcess, allowAllEnv, allowAllFs, allowAllNetwork, } from "@secure-exec/core";
|