typescript-virtual-container 1.0.8 → 1.1.1-b

package/src/{SSHMimic/users.ts → VirtualUserManager/index.ts}

@@ -1,4 +1,5 @@
 import { randomBytes, randomUUID, scryptSync } from "node:crypto";
+import * as path from "node:path";
 import type VirtualFileSystem from "../VirtualFileSystem";
 
 /** Persisted virtual user credential record. */
@@ -26,22 +27,27 @@ export interface VirtualActiveSession {
 }
 
 /**
- * User, sudoers, and active session manager for SSH mimic runtime.
+ * Persistent user, sudoers, and active-session manager for the shell runtime.
+ *
+ * Passwords are hashed with scrypt and stored in the backing virtual filesystem.
  */
 export class VirtualUserManager {
 	private readonly usersPath = "/virtual-env-js/.auth/htpasswd";
 	private readonly sudoersPath = "/virtual-env-js/.auth/sudoers";
+	private readonly quotasPath = "/virtual-env-js/.auth/quotas";
 	private readonly authDirPath = "/virtual-env-js/.auth";
 	private readonly users = new Map<string, VirtualUserRecord>();
 	private readonly sudoers = new Set<string>();
+	private readonly quotas = new Map<string, number>();
 	private readonly activeSessions = new Map<string, VirtualActiveSession>();
 	private nextTty = 0;
 
 	/**
-	 * Creates user manager instance.
+	 * Creates a user manager instance backed by a virtual filesystem.
 	 *
 	 * @param vfs Backing virtual filesystem used for persistence.
-	 * @param defaultRootPassword Initial root password used when root missing.
+	 * @param defaultRootPassword Initial root password used when root is created.
+	 * @param autoSudoForNewUsers Whether newly created users are added to sudoers.
 	 */
 	constructor(
 		private readonly vfs: VirtualFileSystem,
@@ -55,6 +61,7 @@ export class VirtualUserManager {
 	public async initialize(): Promise<void> {
 		this.loadFromVfs();
 		this.loadSudoersFromVfs();
+		this.loadQuotasFromVfs();
 
 		this.users.set("root", this.createRecord("root", this.defaultRootPassword));
 
@@ -63,6 +70,113 @@ export class VirtualUserManager {
 		await this.persist();
 	}
 
+	/**
+	 * Sets max allowed bytes under /home/<username>.
+	 *
+	 * @param username Target username.
+	 * @param maxBytes Quota ceiling in bytes.
+	 */
+	public async setQuotaBytes(
+		username: string,
+		maxBytes: number,
+	): Promise<void> {
+		this.validateUsername(username);
+		if (!this.users.has(username)) {
+			throw new Error(`quota: user '${username}' does not exist`);
+		}
+
+		if (!Number.isFinite(maxBytes) || maxBytes < 0) {
+			throw new Error("quota: maxBytes must be a non-negative number");
+		}
+
+		this.quotas.set(username, Math.floor(maxBytes));
+		await this.persist();
+	}
+
+	/**
+	 * Removes quota for a user.
+	 *
+	 * @param username Target username.
+	 */
+	public async clearQuota(username: string): Promise<void> {
+		this.validateUsername(username);
+		this.quotas.delete(username);
+		await this.persist();
+	}
+
+	/**
+	 * Gets configured quota in bytes for a user.
+	 *
+	 * @param username Target username.
+	 * @returns Quota in bytes, or null when unlimited.
+	 */
+	public getQuotaBytes(username: string): number | null {
+		return this.quotas.get(username) ?? null;
+	}
+
+	/**
+	 * Computes current usage under /home/<username>.
+	 *
+	 * @param username Target username.
+	 * @returns Current usage in bytes.
+	 */
+	public getUsageBytes(username: string): number {
+		const homePath = `/home/${username}`;
+		if (!this.vfs.exists(homePath)) {
+			return 0;
+		}
+
+		return this.vfs.getUsageBytes(homePath);
+	}
+
+	/**
+	 * Validates that writing file content would not exceed user quota.
+	 *
+	 * Quotas are enforced only for writes inside /home/<username>.
+	 *
+	 * @param username Authenticated user.
+	 * @param targetPath Target file path.
+	 * @param nextContent New file content.
+	 */
+	public assertWriteWithinQuota(
+		username: string,
+		targetPath: string,
+		nextContent: string | Buffer,
+	): void {
+		const quota = this.quotas.get(username);
+		if (quota === undefined) {
+			return;
+		}
+
+		const normalizedPath = normalizeVfsPath(targetPath);
+		const homePath = normalizeVfsPath(`/home/${username}`);
+		const inUserHome =
+			normalizedPath === homePath || normalizedPath.startsWith(`${homePath}/`);
+		if (!inUserHome) {
+			return;
+		}
+
+		const currentUsage = this.getUsageBytes(username);
+		let existingSize = 0;
+		if (this.vfs.exists(normalizedPath)) {
+			const existing = this.vfs.stat(normalizedPath);
+			if (existing.type === "file") {
+				existingSize = existing.size;
+			}
+		}
+
+		const incomingSize = Buffer.isBuffer(nextContent)
+			? nextContent.length
+			: Buffer.byteLength(nextContent, "utf8");
+		const projectedUsage = currentUsage - existingSize + incomingSize;
+
+		if (projectedUsage > quota) {
+			throw new Error(
+				`quota exceeded for '${username}': ${projectedUsage}/${quota} bytes`,
+			);
+		}
+	}
+
 	/**
 	 * Verifies plaintext password against stored record.
 	 *
@@ -288,6 +402,30 @@ export class VirtualUserManager {
 		}
 	}
 
+	private loadQuotasFromVfs(): void {
+		this.quotas.clear();
+
+		if (!this.vfs.exists(this.quotasPath)) {
+			return;
+		}
+
+		const raw = this.vfs.readFile(this.quotasPath);
+		for (const line of raw.split("\n")) {
+			const trimmed = line.trim();
+			if (trimmed.length === 0) {
+				continue;
+			}
+
+			const [username, value] = trimmed.split(":");
+			const bytes = Number.parseInt(value ?? "", 10);
+			if (!username || !Number.isFinite(bytes) || bytes < 0) {
+				continue;
+			}
+
+			this.quotas.set(username, bytes);
+		}
+	}
+
 	private async persist(): Promise<void> {
 		if (!this.vfs.exists(this.authDirPath)) {
 			this.vfs.mkdir(this.authDirPath, 0o700);
@@ -311,6 +449,15 @@ export class VirtualUserManager {
 			sudoersContent.length > 0 ? `${sudoersContent}\n` : "",
 			{ mode: 0o600 },
 		);
+		const quotasContent = Array.from(this.quotas.entries())
+			.sort(([left], [right]) => left.localeCompare(right))
+			.map(([username, maxBytes]) => `${username}:${maxBytes}`)
+			.join("\n");
+		this.vfs.writeFile(
+			this.quotasPath,
+			quotasContent.length > 0 ? `${quotasContent}\n` : "",
+			{ mode: 0o600 },
+		);
 		await this.vfs.flushMirror();
 	}
 
@@ -343,3 +490,8 @@ export class VirtualUserManager {
 		}
 	}
 }
+
+function normalizeVfsPath(targetPath: string): string {
+	const normalized = path.posix.normalize(targetPath);
+	return normalized.startsWith("/") ? normalized : `/${normalized}`;
+}

package/src/{VirtualShell/commands → commands}/adduser.ts

@@ -1,9 +1,9 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 
 export const adduserCommand: ShellModule = {
 	name: "adduser",
 	params: ["<username> <password>"],
-	run: async ({ authUser, users, args }) => {
+	run: async ({ authUser, shell, args }) => {
 		if (authUser !== "root") {
 			return { stderr: "adduser: permission denied", exitCode: 1 };
 		}
@@ -16,7 +16,7 @@ export const adduserCommand: ShellModule = {
 			};
 		}
 
-		await users.addUser(username, password);
+		await shell.users.addUser(username, password);
 		return { stdout: `adduser: user '${username}' created`, exitCode: 0 };
 	},
 };

package/src/{VirtualShell/commands → commands}/cat.ts

@@ -1,18 +1,18 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 import { getArg } from "./command-helpers";
 import { assertPathAccess, resolveReadablePath } from "./helpers";
 
 export const catCommand: ShellModule = {
 	name: "cat",
 	params: ["<file>"],
-	run: ({ authUser, vfs, cwd, args }) => {
+	run: ({ authUser, shell, cwd, args }) => {
 		const fileArg = getArg(args, 0);
 		if (!fileArg) {
 			return { stderr: "cat: missing file operand", exitCode: 1 };
 		}
 
-		const target = resolveReadablePath(vfs, cwd, fileArg);
+		const target = resolveReadablePath(shell.vfs, cwd, fileArg);
 		assertPathAccess(authUser, target, "cat");
-		return { stdout: vfs.readFile(target), exitCode: 0 };
+		return { stdout: shell.vfs.readFile(target), exitCode: 0 };
 	},
 };

package/src/{VirtualShell/commands → commands}/cd.ts

@@ -1,13 +1,13 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 import { assertPathAccess, resolvePath } from "./helpers";
 
 export const cdCommand: ShellModule = {
 	name: "cd",
 	params: ["[path]"],
-	run: ({ authUser, vfs, cwd, args, mode }) => {
+	run: ({ authUser, shell, cwd, args, mode }) => {
 		const target = resolvePath(cwd, args[0] ?? "/virtual-env-js");
 		assertPathAccess(authUser, target, "cd");
-		const stats = vfs.stat(target);
+		const stats = shell.vfs.stat(target);
 		if (stats.type !== "directory") {
 			return { stderr: `cd: not a directory: ${target}`, exitCode: 1 };
 		}

package/src/{VirtualShell/commands → commands}/clear.ts

@@ -1,4 +1,4 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 
 export const clearCommand: ShellModule = {
 	name: "clear",

package/src/{VirtualShell/commands → commands}/curl.ts

@@ -1,4 +1,4 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 import { parseArgs } from "./command-helpers";
 import {
 	assertPathAccess,
@@ -10,7 +10,7 @@ import {
 export const curlCommand: ShellModule = {
 	name: "curl",
 	params: ["[-o file] <url>"],
-	run: async ({ authUser, vfs, cwd, args }) => {
+	run: async ({ authUser, cwd, args, shell }) => {
 		const { flagsWithValues, positionals } = parseArgs(args, {
 			flagsWithValue: ["-o", "--output"],
 		});
@@ -39,7 +39,7 @@ export const curlCommand: ShellModule = {
 		if (outputPath) {
 			const target = resolvePath(cwd, outputPath);
 			assertPathAccess(authUser, target, "curl");
-			vfs.writeFile(target, result.stdout);
+			shell.writeFileAsUser(authUser, target, result.stdout);
 			return {
 				stderr: result.stderr
 					? normalizeTerminalOutput(result.stderr)

package/src/{VirtualShell/commands → commands}/deluser.ts

@@ -1,9 +1,9 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 
 export const deluserCommand: ShellModule = {
 	name: "deluser",
 	params: ["<username>"],
-	run: async ({ authUser, users, args }) => {
+	run: async ({ authUser, args, shell }) => {
 		if (authUser !== "root") {
 			return { stderr: "deluser: permission denied", exitCode: 1 };
 		}
@@ -13,7 +13,7 @@ export const deluserCommand: ShellModule = {
 			return { stderr: "deluser: usage: deluser <username>", exitCode: 1 };
 		}
 
-		await users.deleteUser(username);
+		await shell.users.deleteUser(username);
 		return { stdout: `deluser: user '${username}' deleted`, exitCode: 0 };
 	},
 };

package/src/{VirtualShell/commands → commands}/echo.ts

@@ -1,4 +1,4 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 import { parseArgs } from "./command-helpers";
 import { getAllEnvVars } from "./set";
 

package/src/{VirtualShell/commands → commands}/env.ts

@@ -1,4 +1,4 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 import { getAllEnvVars } from "./set";
 
 export const envCommand: ShellModule = {

package/src/{VirtualShell/commands → commands}/exit.ts

@@ -1,4 +1,4 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 
 export const exitCommand: ShellModule = {
 	name: "exit",

package/src/{VirtualShell/commands → commands}/export.ts

@@ -1,4 +1,4 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 import { getArg } from "./command-helpers";
 import { getEnvVar, setEnvVar } from "./set";
 

package/src/{VirtualShell/commands → commands}/grep.ts

@@ -1,11 +1,11 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 import { parseArgs } from "./command-helpers";
 import { assertPathAccess, resolvePath } from "./helpers";
 
 export const grepCommand: ShellModule = {
 	name: "grep",
 	params: ["[-i] [-v] <pattern> [file...]"],
-	run: ({ authUser, vfs, cwd, args, stdin }) => {
+	run: ({ authUser, shell, cwd, args, stdin }) => {
 		const { flags, positionals } = parseArgs(args, { flags: ["-i", "-v"] });
 		const caseInsensitive = flags.has("-i");
 		const invertMatch = flags.has("-v");
@@ -52,7 +52,7 @@ export const grepCommand: ShellModule = {
 			const target = resolvePath(cwd, file);
 			try {
 				assertPathAccess(authUser, target, "grep");
-				const content = vfs.readFile(target);
+				const content = shell.vfs.readFile(target);
 				const lines = content.split("\n");
 
 				for (const line of lines) {

package/src/{VirtualShell/commands → commands}/help.ts

@@ -1,4 +1,4 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 
 export function createHelpCommand(getNames: () => string[]): ShellModule {
 	return {

package/src/{VirtualShell/commands → commands}/helpers.ts

@@ -1,6 +1,6 @@
 import { spawn } from "node:child_process";
 import * as path from "node:path";
-import type VirtualFileSystem from "../../VirtualFileSystem";
+import type VirtualFileSystem from "../VirtualFileSystem";
 
 const PROTECTED_PREFIXES = ["/virtual-env-js/.auth"] as const;
 

package/src/{VirtualShell/commands → commands}/hostname.ts

@@ -1,4 +1,4 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 
 export const hostnameCommand: ShellModule = {
 	name: "hostname",

package/src/{VirtualShell/commands → commands}/htop.ts

@@ -1,4 +1,4 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 
 export const htopCommand: ShellModule = {
 	name: "htop",

package/src/{VirtualShell/commands → commands}/index.ts

@@ -1,12 +1,10 @@
-import type { ShellProperties } from "..";
-import type { VirtualUserManager } from "../../SSHMimic/users";
+import type { VirtualShell } from "../VirtualShell";
 import type {
 	CommandContext,
 	CommandMode,
 	CommandResult,
 	ShellModule,
-} from "../../types/commands";
-import type VirtualFileSystem from "../../VirtualFileSystem";
+} from "../types/commands";
 import { adduserCommand } from "./adduser";
 import { catCommand } from "./cat";
 import { cdCommand } from "./cd";
@@ -79,12 +77,7 @@ const helpCommand = createHelpCommand(() =>
 const commandRegistry = new Map<string, ShellModule>();
 let cachedCommandNames: string[] | null = null;
 
-function invalidateCache(): void {
-	cachedCommandNames = null;
-}
-
 function buildCache(): void {
-	commandRegistry.clear();
 	for (const mod of getCommandModules()) {
 		commandRegistry.set(mod.name, mod);
 		for (const alias of mod.aliases ?? []) {
@@ -95,20 +88,16 @@ function buildCache(): void {
 }
 
 function getCommandModules(): ShellModule[] {
+	// console.log("Loading command modules...");
+	// console.log(
+	// 	`Base commands: ${BASE_COMMANDS.map((cmd) => cmd.name).join(", ")}`,
+	// );
+	// console.log(
+	// 	`Custom commands: ${customCommands.map((cmd) => cmd.name).join(", ")}`,
+	// );
 	return [...BASE_COMMANDS, ...customCommands, helpCommand];
 }
 
-function _getTakenCommandNames(modules: ShellModule[]): Set<string> {
-	const taken = new Set<string>();
-	for (const mod of modules) {
-		taken.add(mod.name);
-		for (const alias of mod.aliases ?? []) {
-			taken.add(alias);
-		}
-	}
-	return taken;
-}
-
 export function registerCommand(module: ShellModule): void {
 	const normalized: ShellModule = {
 		...module,
@@ -130,7 +119,7 @@ export function registerCommand(module: ShellModule): void {
 		commandRegistry.set(name, normalized);
 	}
 
-	invalidateCache();
+	buildCache();
 }
 
 export function createCustomCommand(
@@ -153,6 +142,9 @@ export function getCommandNames(): string[] {
 }
 
 export function resolveModule(name: string): ShellModule | undefined {
+	if (!cachedCommandNames) {
+		buildCache();
+	}
 	return commandRegistry.get(name.toLowerCase());
 }
 
@@ -207,94 +199,14 @@ function parseInput(rawInput: string): { commandName: string; args: string[] } {
 }
 
 // Internal async function for pipeline execution
-async function _runCommandInternal(
-	rawInput: string,
-	authUser: string,
-	hostname: string,
-	users: VirtualUserManager,
-	mode: CommandMode,
-	cwd: string,
-	shellProps: ShellProperties,
-	vfs: VirtualFileSystem,
-	stdin?: string,
-): Promise<CommandResult> {
-	// Check if input contains pipes or redirections
-	if (
-		rawInput.includes("|") ||
-		rawInput.includes(">") ||
-		rawInput.includes("<")
-	) {
-		// Use pipeline executor
-		const { parseShellPipeline } = await import("../shellParser");
-		const { executePipeline } = await import("../../SSHMimic/executor");
-
-		const pipeline = parseShellPipeline(rawInput);
-		if (!pipeline.isValid) {
-			return {
-				stderr: pipeline.error || "Syntax error",
-				exitCode: 1,
-			};
-		}
-
-		try {
-			return await executePipeline(
-				pipeline,
-				authUser,
-				hostname,
-				users,
-				mode,
-				cwd,
-				vfs,
-			);
-		} catch (error: unknown) {
-			const message =
-				error instanceof Error ? error.message : "Pipeline execution failed";
-			return { stderr: message, exitCode: 1 };
-		}
-	}
-
-	// Regular command execution
-	const { commandName, args } = parseInput(rawInput);
-	const mod = resolveModule(commandName);
-
-	if (!mod) {
-		return {
-			stderr: `Command '${rawInput}' not found`,
-			exitCode: 127,
-		};
-	}
-
-	try {
-		const result = mod.run({
-			authUser,
-			hostname,
-			users,
-			activeSessions: users.listActiveSessions(),
-			rawInput,
-			mode,
-			args,
-			shellProps,
-			stdin,
-			cwd,
-			vfs,
-		});
-
-		return await Promise.resolve(result);
-	} catch (error: unknown) {
-		const message = error instanceof Error ? error.message : "Command failed";
-		return { stderr: message, exitCode: 1 };
-	}
-}
 
 export async function runCommand(
 	rawInput: string,
 	authUser: string,
 	hostname: string,
-	users: VirtualUserManager,
 	mode: CommandMode,
 	cwd: string,
-	shellProps: ShellProperties,
-	vfs: VirtualFileSystem,
+	shell: VirtualShell,
 	stdin?: string,
 ): Promise<CommandResult> {
 	const trimmed = rawInput.trim();
@@ -304,8 +216,8 @@ export async function runCommand(
 	}
 
 	if (trimmed.includes("|") || trimmed.includes(">") || trimmed.includes("<")) {
-		const { parseShellPipeline } = await import("../shellParser");
-		const { executePipeline } = await import("../../SSHMimic/executor");
+		const { parseShellPipeline } = await import("../VirtualShell/shellParser");
+		const { executePipeline } = await import("../SSHMimic/executor");
 
 		const pipeline = parseShellPipeline(trimmed);
 		if (!pipeline.isValid) {
@@ -320,10 +232,9 @@ export async function runCommand(
 				pipeline,
 				authUser,
 				hostname,
-				users,
 				mode,
 				cwd,
-				vfs,
+				shell,
 			);
 		} catch (error: unknown) {
 			const message =
@@ -346,15 +257,13 @@ export async function runCommand(
 		return await mod.run({
 			authUser,
 			hostname,
-			users,
-			activeSessions: users.listActiveSessions(),
+			activeSessions: shell.users.listActiveSessions(),
 			rawInput: trimmed,
 			mode,
 			args,
 			stdin,
 			cwd,
-			vfs,
-			shellProps,
+			shell,
 		});
 	} catch (error: unknown) {
 		const message = error instanceof Error ? error.message : "Command failed";

package/src/{VirtualShell/commands → commands}/ls.ts

@@ -1,4 +1,4 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 import { getArg, ifFlag } from "./command-helpers";
 import { assertPathAccess, joinListWithType, resolvePath } from "./helpers";
 
@@ -29,22 +29,24 @@ function formatDate(date: Date): string {
 export const lsCommand: ShellModule = {
 	name: "ls",
 	params: ["[path]"],
-	run: ({ authUser, vfs, cwd, args }) => {
+	run: ({ authUser, shell, cwd, args }) => {
 		const longFormat = ifFlag(args, ["-l", "--long"]);
 		const targetArg = getArg(args, 0, { flags: ["-l", "--long"] });
 		const target = resolvePath(cwd, targetArg ?? cwd);
 		assertPathAccess(authUser, target, "ls");
-		const items = vfs.list(target).filter((name) => !name.startsWith("."));
+		const items = shell.vfs
+			.list(target)
+			.filter((name) => !name.startsWith("."));
 		const rendered = longFormat
 			? items
 					.map((name) => {
 						const childPath = resolvePath(target, name);
-						const stat = vfs.stat(childPath);
+						const stat = shell.vfs.stat(childPath);
 						const size = stat.type === "file" ? stat.size : stat.childrenCount;
 						return `${formatPermissions(stat.mode, stat.type === "directory")} 1 ${size} ${formatDate(stat.updatedAt)} ${name}${stat.type === "directory" ? "/" : ""}`;
 					})
 					.join("\n")
-			: joinListWithType(target, items, (p) => vfs.stat(p));
+			: joinListWithType(target, items, (p) => shell.vfs.stat(p));
 		return { stdout: rendered, exitCode: 0 };
 	},
 };

package/src/{VirtualShell/commands → commands}/mkdir.ts

@@ -1,11 +1,11 @@
-import type { ShellModule } from "../../types/commands";
+import type { ShellModule } from "../types/commands";
 import { getArg } from "./command-helpers";
 import { assertPathAccess, resolvePath } from "./helpers";
 
 export const mkdirCommand: ShellModule = {
 	name: "mkdir",
 	params: ["<dir>"],
-	run: ({ authUser, vfs, cwd, args }) => {
+	run: ({ authUser, shell, cwd, args }) => {
 		if (args.length === 0) {
 			return { stderr: "mkdir: missing operand", exitCode: 1 };
 		}
@@ -17,7 +17,7 @@ export const mkdirCommand: ShellModule = {
 			}
 			const target = resolvePath(cwd, dir);
 			assertPathAccess(authUser, target, "mkdir");
-			vfs.mkdir(target);
+			shell.vfs.mkdir(target);
 		}
 		return { exitCode: 0 };
 	},