typescript-virtual-container 1.2.9 → 1.3.1

package/tests/sftp.test.ts

@@ -8,12 +8,18 @@ import { VirtualUserManager } from "../src/VirtualUserManager";
 
 // VirtualFileSystem is now pure in-memory — no temp dir or cleanup needed.
 
-function connectSftp(port: number): Promise<{ client: Client; sftp: SFTPWrapper }> {
+function connectSftp(
+	port: number,
+): Promise<{ client: Client; sftp: SFTPWrapper }> {
 	return new Promise((resolve, reject) => {
 		const client = new Client();
 		client.on("ready", () => {
 			client.sftp((err, sftp) => {
-				if (err) { client.end(); reject(err); return; }
+				if (err) {
+					client.end();
+					reject(err);
+					return;
+				}
 				resolve({ client, sftp });
 			});
 		});
@@ -22,7 +28,7 @@ function connectSftp(port: number): Promise<{ client: Client; sftp: SFTPWrapper
 			host: "127.0.0.1",
 			port,
 			username: "root",
-			password: "",           // root has no password — any value or empty is accepted
+			password: "", // root has no password — any value or empty is accepted
 			hostVerifier: () => true,
 		});
 	});
@@ -37,7 +43,11 @@ function connectSftpWithUser(
 		const client = new Client();
 		client.on("ready", () => {
 			client.sftp((err, sftp) => {
-				if (err) { client.end(); reject(err); return; }
+				if (err) {
+					client.end();
+					reject(err);
+					return;
+				}
 				resolve({ client, sftp });
 			});
 		});
@@ -54,7 +64,7 @@ function connectSftpWithUser(
 
 describe("SftpMimic", () => {
 	test("authenticates with VirtualUserManager and serves files from the VirtualFileSystem", async () => {
-		const vfs   = new VirtualFileSystem();
+		const vfs = new VirtualFileSystem();
 		const users = new VirtualUserManager(vfs);
 
 		await users.initialize();
@@ -65,26 +75,46 @@ describe("SftpMimic", () => {
 		}
 		vfs.writeFile(`${rootPath}/TEST.txt`, "hello world");
 
-		const server = new SftpMimic({ port: 0, hostname: "test-sftp", vfs, users });
+		const server = new SftpMimic({
+			port: 0,
+			hostname: "test-sftp",
+			vfs,
+			users,
+		});
 		const port = await server.start();
 
 		try {
 			const { client, sftp } = await connectSftp(port);
 
-			const list = await new Promise<FileEntryWithStats[]>((resolve, reject) => {
-				sftp.readdir("/home/root", (err?: Error | null, list?: FileEntryWithStats[]) => {
-					if (err) { reject(err); return; }
-					resolve(list || []);
-				});
-			});
+			const list = await new Promise<FileEntryWithStats[]>(
+				(resolve, reject) => {
+					sftp.readdir(
+						"/home/root",
+						(err?: Error | null, list?: FileEntryWithStats[]) => {
+							if (err) {
+								reject(err);
+								return;
+							}
+							resolve(list || []);
+						},
+					);
+				},
+			);
 
 			expect(list.map((entry) => entry.filename)).toContain("TEST.txt");
 
 			const content = await new Promise<string>((resolve, reject) => {
-				sftp.readFile("/home/root/TEST.txt", "utf8", (err?: Error | null, data?: Buffer) => {
-					if (err) { reject(err); return; }
-					resolve((data || Buffer.alloc(0)).toString("utf8"));
-				});
+				sftp.readFile(
+					"/home/root/TEST.txt",
+					"utf8",
+					(err?: Error | null, data?: Buffer) => {
+						if (err) {
+							reject(err);
+							return;
+						}
+						resolve((data || Buffer.alloc(0)).toString("utf8"));
+					},
+				);
 			});
 
 			expect(content).toBe("hello world");
@@ -95,7 +125,7 @@ describe("SftpMimic", () => {
 	});
 
 	test("blocks path traversal attempts outside home directory", async () => {
-		const vfs   = new VirtualFileSystem();
+		const vfs = new VirtualFileSystem();
 		const users = new VirtualUserManager(vfs);
 
 		await users.initialize();
@@ -105,7 +135,12 @@ describe("SftpMimic", () => {
 			vfs.mkdir(rootPath, 0o755);
 		}
 
-		const server = new SftpMimic({ port: 0, hostname: "test-sftp", vfs, users });
+		const server = new SftpMimic({
+			port: 0,
+			hostname: "test-sftp",
+			vfs,
+			users,
+		});
 		const port = await server.start();
 
 		try {
@@ -113,24 +148,36 @@ describe("SftpMimic", () => {
 
 			// /etc/passwd is outside /home/root — should be rejected
 			const traversalAttempt = await new Promise<Error | null>((resolve) => {
-				sftp.stat("/etc/passwd", (err?: Error | null) => { resolve(err ?? null); });
+				sftp.stat("/etc/passwd", (err?: Error | null) => {
+					resolve(err ?? null);
+				});
 			});
 
 			expect(traversalAttempt).not.toBeNull();
 			expect(traversalAttempt?.message).toContain("Permission denied");
 
 			// /home/root itself should work
-			const homeAccess = await new Promise<FileEntryWithStats[]>((resolve, reject) => {
-				sftp.readdir("/home/root", (err?: Error | null, list?: FileEntryWithStats[]) => {
-					if (err) { reject(err); return; }
-					resolve(list || []);
-				});
-			});
+			const homeAccess = await new Promise<FileEntryWithStats[]>(
+				(resolve, reject) => {
+					sftp.readdir(
+						"/home/root",
+						(err?: Error | null, list?: FileEntryWithStats[]) => {
+							if (err) {
+								reject(err);
+								return;
+							}
+							resolve(list || []);
+						},
+					);
+				},
+			);
 			expect(homeAccess).toBeDefined();
 
 			// Path traversal via ../.. should also be rejected
 			const upTraversalAttempt = await new Promise<Error | null>((resolve) => {
-				sftp.readdir("/home/root/../../etc", (err?: Error | null) => { resolve(err ?? null); });
+				sftp.readdir("/home/root/../../etc", (err?: Error | null) => {
+					resolve(err ?? null);
+				});
 			});
 			expect(upTraversalAttempt).not.toBeNull();
 
@@ -141,7 +188,7 @@ describe("SftpMimic", () => {
 	});
 
 	test("allows a user with a password to authenticate", async () => {
-		const vfs   = new VirtualFileSystem();
+		const vfs = new VirtualFileSystem();
 		const users = new VirtualUserManager(vfs);
 
 		await users.initialize();
@@ -153,18 +200,35 @@ describe("SftpMimic", () => {
 		}
 		vfs.writeFile("/home/alice/hello.txt", "hi alice");
 
-		const server = new SftpMimic({ port: 0, hostname: "test-sftp", vfs, users });
+		const server = new SftpMimic({
+			port: 0,
+			hostname: "test-sftp",
+			vfs,
+			users,
+		});
 		const port = await server.start();
 
 		try {
-			const { client, sftp } = await connectSftpWithUser(port, "alice", "alice-pass");
-
-			const list = await new Promise<FileEntryWithStats[]>((resolve, reject) => {
-				sftp.readdir("/home/alice", (err?: Error | null, list?: FileEntryWithStats[]) => {
-					if (err) { reject(err); return; }
-					resolve(list || []);
-				});
-			});
+			const { client, sftp } = await connectSftpWithUser(
+				port,
+				"alice",
+				"alice-pass",
+			);
+
+			const list = await new Promise<FileEntryWithStats[]>(
+				(resolve, reject) => {
+					sftp.readdir(
+						"/home/alice",
+						(err?: Error | null, list?: FileEntryWithStats[]) => {
+							if (err) {
+								reject(err);
+								return;
+							}
+							resolve(list || []);
+						},
+					);
+				},
+			);
 
 			expect(list.map((e) => e.filename)).toContain("hello.txt");
 
@@ -175,13 +239,18 @@ describe("SftpMimic", () => {
 	});
 
 	test("rejects a user with a wrong password", async () => {
-		const vfs   = new VirtualFileSystem();
+		const vfs = new VirtualFileSystem();
 		const users = new VirtualUserManager(vfs);
 
 		await users.initialize();
 		await users.addUser("bob", "correct-pass");
 
-		const server = new SftpMimic({ port: 0, hostname: "test-sftp", vfs, users });
+		const server = new SftpMimic({
+			port: 0,
+			hostname: "test-sftp",
+			vfs,
+			users,
+		});
 		const port = await server.start();
 
 		try {
@@ -193,7 +262,7 @@ describe("SftpMimic", () => {
 	});
 
 	test("allows writing and reading back a file over SFTP", async () => {
-		const vfs   = new VirtualFileSystem();
+		const vfs = new VirtualFileSystem();
 		const users = new VirtualUserManager(vfs);
 
 		await users.initialize();
@@ -202,7 +271,12 @@ describe("SftpMimic", () => {
 			vfs.mkdir("/home/root", 0o755);
 		}
 
-		const server = new SftpMimic({ port: 0, hostname: "test-sftp", vfs, users });
+		const server = new SftpMimic({
+			port: 0,
+			hostname: "test-sftp",
+			vfs,
+			users,
+		});
 		const port = await server.start();
 
 		try {
@@ -213,7 +287,10 @@ describe("SftpMimic", () => {
 					"/home/root/written.txt",
 					Buffer.from("written via sftp"),
 					(err?: Error | null) => {
-						if (err) { reject(err); return; }
+						if (err) {
+							reject(err);
+							return;
+						}
 						resolve();
 					},
 				);
@@ -224,7 +301,10 @@ describe("SftpMimic", () => {
 					"/home/root/written.txt",
 					"utf8",
 					(err?: Error | null, data?: Buffer) => {
-						if (err) { reject(err); return; }
+						if (err) {
+							reject(err);
+							return;
+						}
 						resolve((data || Buffer.alloc(0)).toString("utf8"));
 					},
 				);

package/tests/users.test.ts

@@ -2,7 +2,9 @@ import { describe, expect, test } from "bun:test";
 import VirtualFileSystem from "../src/VirtualFileSystem";
 import { VirtualUserManager } from "../src/VirtualUserManager";
 
-function makeVfs() { return new VirtualFileSystem(); }
+function makeVfs() {
+	return new VirtualFileSystem();
+}
 
 describe("VirtualUserManager auto sudo", () => {
 	test("adds new users to sudoers by default", async () => {
@@ -40,9 +42,17 @@ describe("VirtualUserManager quotas", () => {
 		await users.addUser("alice", "alice-pass");
 		const startingUsage = users.getUsageBytes("alice");
 		await users.setQuotaBytes("alice", startingUsage + 5);
-		expect(() => { users.assertWriteWithinQuota("alice", "/home/alice/note.txt", "hello"); }).not.toThrow();
+		expect(() => {
+			users.assertWriteWithinQuota("alice", "/home/alice/note.txt", "hello");
+		}).not.toThrow();
 		vfs.writeFile("/home/alice/note.txt", "hello");
-		expect(() => { users.assertWriteWithinQuota("alice", "/home/alice/note.txt", "this exceeds the configured quota"); }).toThrow("quota exceeded for 'alice'");
+		expect(() => {
+			users.assertWriteWithinQuota(
+				"alice",
+				"/home/alice/note.txt",
+				"this exceeds the configured quota",
+			);
+		}).toThrow("quota exceeded for 'alice'");
 	});
 
 	test("does not enforce home quota outside user home", async () => {
@@ -51,7 +61,9 @@ describe("VirtualUserManager quotas", () => {
 		await users.initialize();
 		await users.addUser("bob", "bob-pass");
 		await users.setQuotaBytes("bob", 1);
-		expect(() => { users.assertWriteWithinQuota("bob", "/tmp/shared.txt", "large-content"); }).not.toThrow();
+		expect(() => {
+			users.assertWriteWithinQuota("bob", "/tmp/shared.txt", "large-content");
+		}).not.toThrow();
 	});
 
 	test("clearQuota removes enforced limit", async () => {
@@ -63,6 +75,12 @@ describe("VirtualUserManager quotas", () => {
 		expect(users.getQuotaBytes("charlie")).toBe(2);
 		await users.clearQuota("charlie");
 		expect(users.getQuotaBytes("charlie")).toBeNull();
-		expect(() => { users.assertWriteWithinQuota("charlie", "/home/charlie/file.txt", "long-content"); }).not.toThrow();
+		expect(() => {
+			users.assertWriteWithinQuota(
+				"charlie",
+				"/home/charlie/file.txt",
+				"long-content",
+			);
+		}).not.toThrow();
 	});
 });

package/CHANGELOG.md

@@ -1,150 +0,0 @@
-# Changelog
-
-All notable changes to this project are documented in this file.
-
-The format is based on Keep a Changelog.
-
-## [Unreleased]
-
-## [1.1.5] - 2026-04-16
-
-### Added
-
-- `HoneyPot` auditing utility for tracking and auditing SSH/SFTP activity across virtual shell, filesystem, user manager, and server components.
-- HoneyPot attaches event listeners to `VirtualShell`, `VirtualFileSystem`, `VirtualUserManager`, `SshMimic`, and `SftpMimic` for holistic activity capture.
-- HoneyPot event tracking, statistics, anomaly detection, and audit log export support.
-- Comprehensive HoneyPot documentation in `README.md` and dedicated example files.
-- Added `examples/honeypot-quickstart.ts`, `examples/honeypot-audit.ts`, `examples/honeypot-export.ts`, and `examples/README.md`.
-- Added `HONEYPOT.md` implementation guide for HoneyPot usage patterns and integrations.
-
-## [1.1.4] - 2026-04-16
-
-### Added
-
-- New SFTP server implementation (`SftpMimic`), exported as `VirtualSftpServer`.
-- SFTP handlers for file/directory operations: `OPEN`, `READ`, `WRITE`, `FSTAT`, `CLOSE`, `OPENDIR`, `READDIR`, `STAT`, `LSTAT`, `SETSTAT`, `FSETSTAT`, `REALPATH`, `MKDIR`, `RMDIR`, `REMOVE`, `RENAME`.
-- Home-directory confinement for SFTP sessions (`/home/<user>`) with path traversal blocking.
-- Keyboard-interactive authentication support in SFTP in addition to password auth.
-- Standalone runtime now starts both SSH and SFTP servers with a shared `VirtualShell`.
-- New SFTP test suite covering authentication, read/write flows, system-user login, and traversal protection.
-- **Event-Driven Integration**: Core classes now extend `EventEmitter` for full lifecycle visibility:
-  - `VirtualShell`: `initialized`, `command`, `session:start` events
-  - `VirtualFileSystem`: `file:read`, `file:write`, `dir:create`, `mirror:flush` events
-  - `VirtualUserManager`: `initialized`, `user:add`, `user:delete`, `session:register`, `session:unregister` events
-  - `SshMimic` & `SftpMimic`: `start`, `stop`, `auth:success`, `auth:failure`, `client:connect`, `client:disconnect` events
-- New `HoneyPot` utility for tracking and auditing server activity via event listeners.
-
-### Changed
-
-- `VirtualFileSystem` mirror strategy now uses `.vfs/mirror` directory storage as the persistence boundary.
-- SSH and SFTP startup now explicitly wait for full shell/user initialization before accepting connections.
-- SFTP `start()` returns the actual bound port (including when configured with port `0`).
-- Relative SFTP request paths are resolved from the authenticated user home.
-- `VirtualUserManager.initialize()` auto-creates the current system user (`$USER` / `$USERNAME`) for easier local auth flows.
-
-### Fixed
-
-- Added stronger error handling/logging for SFTP client/session/stream lifecycle events.
-- Fixed flaky SFTP tests by isolating each test run with temporary VFS base paths and deterministic cleanup.
-- Fixed `ssh-exec` test timeout by resolving the mocked exec stream completion correctly.
-
-## [1.0.6...1.0.8] - 2026-04-15
-
-Too much refactor to list.
-
-## [1.0.5] - 2026-04-15
-
-### Changed
-
-- Refactored commands to use shared argument/flag parsing helpers.
-- Improved maintainability and consistency of argument parsing across commands.
-
-### Fixed
-
-- Verified all refactored commands pass existing test cases without regressions.
-
-## [1.0.4] - 2026-04-15
-
-### Added
-
-- Shell pipeline parser and executor with support for:
-  - Pipes (`|`)
-  - Input redirection (`<`)
-  - Output redirection (`>`)
-  - Append redirection (`>>`)
-- New built-in commands:
-  - `echo`
-  - `grep`
-  - `set`
-  - `env`
-  - `export`
-  - `unset`
-  - `sh` (with `bash` alias)
-- Command stdin support in runtime context so commands can consume piped input.
-
-### Changed
-
-- Argument parsing now respects quoted strings, including for commands like `sh -c "echo hi"`.
-- `echo` now expands environment variables (`$VAR`) and can read from stdin when no explicit text argument is provided.
-- `grep` now supports stdin input (e.g. `ls | grep ".txt"`) in addition to file operands.
-
-### Fixed
-
-- Relative file paths in redirections are now resolved from current working directory during pipeline execution.
-  - Example fixed behavior: `echo hi > cat.txt` writes to `./cat.txt` in current virtual directory.
-- Pipeline chaining now correctly passes command stdout as stdin to next command.
-
-## [1.0.2] - 2026-04-14
-
-### Added
-
-- Governance and community files:
-  - LICENSE
-  - CONTRIBUTING.md
-  - SECURITY.md
-  - CODE_OF_CONDUCT.md
-  - GitHub issue and PR templates
-- Security hardening for virtual auth storage and shell access:
-  - Non-root commands now block access to `/virtual-env-js/.auth/**`.
-  - Auth files are persisted with restrictive modes (`0700` for `.auth`, `0600` for `htpasswd` and `sudoers`).
-  - Root password no longer falls back to a fixed default when `SSH_MIMIC_ROOT_PASSWORD` is unset; startup generates an ephemeral password instead.
-- New environment toggle `SSH_MIMIC_AUTO_SUDO_NEW_USERS` to control whether newly created users are added to sudoers by default.
-- README and security docs now describe the new auth hardening and configuration flags.
-- Added tests covering `.auth` path protection and auto-sudo behavior.
-
-## [1.0.1] - 2026-04-14
-
-### Added
-
-- `ls -l` / `ls --long` support with long listing format (permissions, size, updated time).
-- Host-command mirroring for network tools:
-  - `curl` now runs through host `curl` via `child_process`.
-  - `wget` now runs through host `wget` via `child_process`.
-- Temporary host download flow for `wget` using `/tmp` before import into VFS.
-- Terminal line normalization utility for command help and diagnostics rendering.
-
-### Changed
-
-- `curl` behavior is now aligned with the host binary output and exit codes.
-- `curl -o` writes host command output to the virtual filesystem target path.
-- `wget` writes downloaded payloads to VFS after host-side transfer, preserving command semantics.
-- URL fetch helper now accepts host-only inputs by normalizing missing protocol to `http://`.
-- Auto pull-request GitHub workflow now targets any non-`main` branch instead of only `dev`.
-- Auto PR metadata now uses the dynamic source branch name in PR head/title/body.
-- Test workflow trigger scope was generalized by removing hardcoded branch filters.
-
-### Fixed
-
-- Resolved large horizontal spacing artifacts in SSH terminal output by normalizing TTY line endings (`\r\n`) in both interactive shell and exec paths.
-- Reduced excessive whitespace in help output rendering (`curl --help`, `wget --help`) by normalizing tabs and over-padded spacing.
-
-## [1.0.0] - 2026-04-14
-
-### Added
-
-- In-memory SSH server with password authentication.
-- Virtual filesystem with optional compression and tar.gz persistence.
-- Virtual user management with sudoers and session tracking.
-- Programmatic SshClient API.
-- 20+ built-in shell commands.
-- TypeScript-first API with exported types and JSDoc.