veryfront 0.1.74 → 0.1.76

package/esm/src/routing/api/route-executor.js

@@ -1,5 +1,5 @@
 import * as dntShim from "../../../_dnt.shims.js";
-import { createContext, normalizeParams } from "./context-builder.js";
+import { createContext, normalizeParams, parseCookies } from "./context-builder.js";
 import { createError, toError } from "../../errors/veryfront-error.js";
 import { createAppRouteMethodNotAllowed, createPagesRouteMethodNotAllowed, } from "./method-validator.js";
 import { isAbsolute, join } from "../../platform/compat/path/index.js";
@@ -7,6 +7,9 @@ import { withSpan } from "../../observability/tracing/otlp-setup.js";
 import { errorToRFC9457Response } from "../../errors/middleware/http-error-boundary.js";
 import { serverLogger as logger } from "../../utils/index.js";
 import { isDevelopment as isDevelopmentEnv } from "../../build/config/environment.js";
+import { getWorkerPool, isWorkerIsolationEnabled, } from "../../security/sandbox/worker-pool.js";
+import { MAX_WORKER_BODY_BYTES, } from "../../security/sandbox/worker-types.js";
+import { getProjectEnvSnapshot } from "../../server/project-env/storage.js";
 function isDevelopment(adapter) {
     const env = adapter.env.get("MODE") ??
         adapter.env.get("NODE_ENV") ??
@@ -80,7 +83,152 @@ function validateResponse(response) {
 function toHeadResponse(response) {
     return new dntShim.Response(null, { status: response.status, headers: response.headers });
 }
-export function executeAppRoute(handler, request, match, pathname, adapter) {
+// ---------------------------------------------------------------------------
+// Worker Isolation Helpers
+// ---------------------------------------------------------------------------
+function checkContentLengthLimit(request) {
+    const contentLength = request.headers.get("content-length");
+    if (!contentLength)
+        return;
+    const bytes = parseInt(contentLength, 10);
+    if (bytes > MAX_WORKER_BODY_BYTES) {
+        throw createError({
+            type: "api",
+            message: `Request body too large for isolated execution (${(bytes / 1024 / 1024).toFixed(1)} MB, limit ${MAX_WORKER_BODY_BYTES / 1024 / 1024} MB)`,
+        });
+    }
+}
+async function readBodyWithSizeGuard(request) {
+    if (!request.body)
+        return null;
+    // Fast path: reject before buffering if Content-Length is known
+    checkContentLengthLimit(request);
+    const body = new Uint8Array(await request.arrayBuffer());
+    // Fallback: check actual size for chunked/streaming bodies
+    if (body.byteLength > MAX_WORKER_BODY_BYTES) {
+        throw createError({
+            type: "api",
+            message: `Request body too large for isolated execution (${(body.byteLength / 1024 / 1024).toFixed(1)} MB, limit ${MAX_WORKER_BODY_BYTES / 1024 / 1024} MB)`,
+        });
+    }
+    return body;
+}
+async function serializeRequest(request) {
+    return {
+        url: request.url,
+        method: request.method,
+        headers: [...request.headers.entries()],
+        body: await readBodyWithSizeGuard(request),
+    };
+}
+function deserializeResponse(s) {
+    return new dntShim.Response(s.body, {
+        status: s.status,
+        statusText: s.statusText,
+        headers: s.headers,
+    });
+}
+function workerResponseToResponse(workerResponse, pathname, adapter) {
+    if (workerResponse.type === "error") {
+        const { error } = workerResponse;
+        logger.error(`API route error in ${pathname} (worker):`, error.message);
+        // If the worker serialized RFC 9457 fields, return them directly
+        // to preserve the original status code, type, and detail.
+        if (error.status && error.type) {
+            return dntShim.Response.json({
+                type: error.type,
+                title: error.name,
+                status: error.status,
+                detail: error.detail ?? error.message,
+                instance: pathname,
+            }, { status: error.status });
+        }
+        const ctx = { isLocalProject: isDevelopment(adapter) };
+        const req = new dntShim.Request(`http://localhost${pathname}`);
+        const err = new Error(error.message);
+        err.name = error.name;
+        return errorToRFC9457Response(err, ctx, req);
+    }
+    if (workerResponse.type === "result") {
+        return deserializeResponse(workerResponse.response);
+    }
+    // data-result type is not expected in API route execution
+    throw new Error(`Unexpected worker response type: ${workerResponse.type}`);
+}
+// ---------------------------------------------------------------------------
+// Isolated Execution (Worker Path)
+// ---------------------------------------------------------------------------
+function executeAppRouteIsolated(modulePath, request, match, pathname, adapter, projectDir) {
+    const method = request.method.toUpperCase();
+    return withSpan("api.executeAppRoute.isolated", async () => {
+        try {
+            const pool = getWorkerPool();
+            const serialized = await serializeRequest(request);
+            const workerResponse = await pool.execute(projectDir, [projectDir], {
+                type: "execute-app-route",
+                id: dntShim.crypto.randomUUID(),
+                modulePath,
+                method,
+                request: serialized,
+                params: match.params,
+                projectDir,
+                projectEnv: getProjectEnvSnapshot(),
+            });
+            const response = workerResponseToResponse(workerResponse, pathname, adapter);
+            return method === "HEAD" ? toHeadResponse(response) : response;
+        }
+        catch (error) {
+            return handleAPIError(error, pathname, adapter);
+        }
+    }, {
+        "http.method": method,
+        "http.path": pathname,
+        "api.route.pattern": match.route.pattern,
+        "api.isolated": true,
+    });
+}
+function executePagesRouteIsolated(modulePath, request, match, pathname, adapter, projectDir) {
+    const method = request.method;
+    return withSpan("api.executePagesRoute.isolated", async () => {
+        try {
+            const pool = getWorkerPool();
+            const body = await readBodyWithSizeGuard(request);
+            const workerResponse = await pool.execute(projectDir, [projectDir], {
+                type: "execute-pages-route",
+                id: dntShim.crypto.randomUUID(),
+                modulePath,
+                method,
+                context: {
+                    url: request.url,
+                    method: request.method,
+                    headers: [...request.headers.entries()],
+                    body,
+                    params: match.params,
+                    cookies: parseCookies(request.headers.get("cookie") ?? ""),
+                },
+                projectDir,
+                projectEnv: getProjectEnvSnapshot(),
+            });
+            return workerResponseToResponse(workerResponse, pathname, adapter);
+        }
+        catch (error) {
+            return handleAPIError(error, pathname, adapter);
+        }
+    }, {
+        "http.method": method,
+        "http.path": pathname,
+        "api.route.pattern": match.route.pattern,
+        "api.isolated": true,
+    });
+}
+export function executeAppRoute(handler, request, match, pathname, adapter, options) {
+    // Isolated path: execute in per-project Worker, fall back to main process on error
+    if (isWorkerIsolationEnabled() &&
+        options?.modulePath &&
+        options?.projectDir) {
+        return executeAppRouteIsolated(options.modulePath, request, match, pathname, adapter, options.projectDir);
+    }
+    // Default path: execute in main process (existing behavior)
     const method = request.method.toUpperCase();
     return withSpan("api.executeAppRoute", async () => {
         const handlerModule = handler;
@@ -102,7 +250,14 @@ export function executeAppRoute(handler, request, match, pathname, adapter) {
         }
     }, { "http.method": method, "http.path": pathname, "api.route.pattern": match.route.pattern });
 }
-export function executePagesRoute(handler, request, match, pathname, adapter, projectDir) {
+export function executePagesRoute(handler, request, match, pathname, adapter, projectDir, options) {
+    // Isolated path: execute in per-project Worker, fall back to main process on error
+    if (isWorkerIsolationEnabled() &&
+        options?.modulePath &&
+        (options?.projectDir ?? projectDir)) {
+        return executePagesRouteIsolated(options.modulePath, request, match, pathname, adapter, options.projectDir ?? projectDir);
+    }
+    // Default path: execute in main process (existing behavior)
     const method = request.method;
     return withSpan("api.executePagesRoute", async () => {
         const methodHandler = handler[method] ?? handler.default;

package/esm/src/security/deno-permissions.d.ts

@@ -10,7 +10,7 @@
  * SERVER — CLI server (dev, production, proxy, MCP, split-mode).
  * Also used by build and test tasks that need equivalent access.
  */
-export declare const SERVER_PERMISSIONS: readonly ["--allow-read", "--allow-write", "--allow-net", "--allow-env", "--allow-run", "--allow-ffi", "--allow-sys"];
+export declare const SERVER_PERMISSIONS: readonly ["--allow-read", "--allow-write", "--allow-net", "--allow-env", "--allow-run", "--allow-sys", "--unstable-worker-options", "--unstable-net"];
 /**
  * WORKFLOW_JOB — `ProcessJobExecutor` (RESTRICTED).
  * Runs user-authored code — no `--allow-run`, `--allow-ffi`, or `--allow-sys`.
@@ -21,4 +21,10 @@ export declare const WORKFLOW_JOB_PERMISSIONS: readonly ["--allow-read", "--allo
  * Only needs filesystem + env access.
  */
 export declare const BUILD_HELPER_PERMISSIONS: readonly ["--allow-read", "--allow-write", "--allow-env"];
+/**
+ * RENDER_WORKER — Per-project Worker for isolated code execution.
+ * Read-only filesystem (transformed modules), network (data fetchers),
+ * env (API keys and config). No subprocess/ffi/sys.
+ */
+export declare const RENDER_WORKER_PERMISSIONS: readonly ["--allow-read", "--allow-net", "--allow-env"];
 //# sourceMappingURL=deno-permissions.d.ts.map

package/esm/src/security/deno-permissions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"deno-permissions.d.ts","sourceRoot":"","sources":["../../../src/src/security/deno-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;GAGG;AACH,eAAO,MAAM,kBAAkB,uHAQrB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,wBAAwB,0EAK3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,wBAAwB,2DAI3B,CAAC"}
+{"version":3,"file":"deno-permissions.d.ts","sourceRoot":"","sources":["../../../src/src/security/deno-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;GAGG;AACH,eAAO,MAAM,kBAAkB,uJASrB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,wBAAwB,0EAK3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,wBAAwB,2DAI3B,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,yDAI5B,CAAC"}

package/esm/src/security/deno-permissions.js

@@ -16,8 +16,9 @@ export const SERVER_PERMISSIONS = [
     "--allow-net",
     "--allow-env",
     "--allow-run",
-    "--allow-ffi",
     "--allow-sys",
+    "--unstable-worker-options",
+    "--unstable-net",
 ];
 /**
  * WORKFLOW_JOB — `ProcessJobExecutor` (RESTRICTED).
@@ -38,3 +39,13 @@ export const BUILD_HELPER_PERMISSIONS = [
     "--allow-write",
     "--allow-env",
 ];
+/**
+ * RENDER_WORKER — Per-project Worker for isolated code execution.
+ * Read-only filesystem (transformed modules), network (data fetchers),
+ * env (API keys and config). No subprocess/ffi/sys.
+ */
+export const RENDER_WORKER_PERMISSIONS = [
+    "--allow-read",
+    "--allow-net",
+    "--allow-env",
+];

package/esm/src/security/sandbox/project-worker.d.ts

@@ -0,0 +1,61 @@
+import type { WorkerPermissions } from "./worker-permissions.js";
+import type { WorkerRequest, WorkerResponse } from "./worker-types.js";
+export interface ProjectWorkerOptions {
+    projectId: string;
+    permissions: WorkerPermissions;
+    requestTimeoutMs: number;
+}
+/**
+ * Status of a project worker.
+ */
+export type WorkerStatus = "idle" | "busy" | "crashed" | "terminated";
+export declare class ProjectWorker {
+    readonly projectId: string;
+    private worker;
+    private pending;
+    private streamHandlers;
+    private requestTimeoutMs;
+    private permissions;
+    private _requestCount;
+    private _lastActivityAt;
+    private _status;
+    constructor(options: ProjectWorkerOptions);
+    get status(): WorkerStatus;
+    get requestCount(): number;
+    get lastActivityAt(): number;
+    get hasPendingRequests(): boolean;
+    /**
+     * Start the worker. Idempotent — safe to call if already running.
+     */
+    start(): void;
+    /**
+     * Execute a request in this worker. Returns a typed response.
+     */
+    execute(request: WorkerRequest): Promise<WorkerResponse>;
+    /**
+     * Execute a streaming request. Returns a ReadableStream that yields
+     * chunks as they arrive from the Worker via postMessage.
+     *
+     * Used for streaming SSR where the Worker sends chunks progressively.
+     * Falls back to a single-chunk stream if the Worker returns a non-streaming
+     * response (ssr-result with full HTML).
+     */
+    executeStream(request: WorkerRequest): ReadableStream<Uint8Array>;
+    /**
+     * Health check — send a ping and wait for pong.
+     */
+    isHealthy(timeoutMs?: number): Promise<boolean>;
+    /**
+     * Clear the worker's module cache. Used for dev mode hot reload.
+     */
+    clearModuleCache(): void;
+    /**
+     * Terminate the worker. Rejects all pending requests.
+     */
+    terminate(): void;
+    private getWorkerScriptUrl;
+    private handleMessage;
+    private updateIdleStatus;
+    private rejectAllPending;
+}
+//# sourceMappingURL=project-worker.d.ts.map

package/esm/src/security/sandbox/project-worker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"project-worker.d.ts","sourceRoot":"","sources":["../../../../src/src/security/sandbox/project-worker.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AACjE,OAAO,KAAK,EACV,aAAa,EACb,cAAc,EAGf,MAAM,mBAAmB,CAAC;AAW3B,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,iBAAiB,CAAC;IAC/B,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAcD;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,GAAG,SAAS,GAAG,YAAY,CAAC;AAEtE,qBAAa,aAAa;IACxB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAE3B,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,OAAO,CAAqC;IACpD,OAAO,CAAC,cAAc,CAAoC;IAC1D,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,aAAa,CAAK;IAC1B,OAAO,CAAC,eAAe,CAAc;IACrC,OAAO,CAAC,OAAO,CAAwB;gBAE3B,OAAO,EAAE,oBAAoB;IAMzC,IAAI,MAAM,IAAI,YAAY,CAEzB;IAED,IAAI,YAAY,IAAI,MAAM,CAEzB;IAED,IAAI,cAAc,IAAI,MAAM,CAE3B;IAED,IAAI,kBAAkB,IAAI,OAAO,CAEhC;IAED;;OAEG;IACH,KAAK,IAAI,IAAI;IA+Bb;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAqCxD;;;;;;;OAOG;IACH,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CAAC,UAAU,CAAC;IA+FjE;;OAEG;IACG,SAAS,CAAC,SAAS,SAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;IA+BpD;;OAEG;IACH,gBAAgB,IAAI,IAAI;IAKxB;;OAEG;IACH,SAAS,IAAI,IAAI;IAuBjB,OAAO,CAAC,kBAAkB;IAc1B,OAAO,CAAC,aAAa;IA+CrB,OAAO,CAAC,gBAAgB;IAMxB,OAAO,CAAC,gBAAgB;CAazB"}

package/esm/src/security/sandbox/project-worker.js

@@ -0,0 +1,318 @@
+/**
+ * Project Worker
+ *
+ * Wraps a single Deno Worker for one project. Manages the Worker lifecycle,
+ * sends/receives structured messages, enforces per-request timeouts,
+ * and serializes errors across the Worker boundary.
+ *
+ * @module security/sandbox/project-worker
+ */
+import * as dntShim from "../../../_dnt.shims.js";
+import { serverLogger } from "../../utils/index.js";
+import { isCompiledBinary } from "../../utils/index.js";
+import { withSpan } from "../../observability/tracing/otlp-setup.js";
+import { TIMEOUT_ERROR, UNKNOWN_ERROR } from "../../errors/index.js";
+const logger = serverLogger.component("project-worker");
+const textEncoder = new TextEncoder();
+export class ProjectWorker {
+    projectId;
+    worker = null;
+    pending = new Map();
+    streamHandlers = new Map();
+    requestTimeoutMs;
+    permissions;
+    _requestCount = 0;
+    _lastActivityAt = Date.now();
+    _status = "idle";
+    constructor(options) {
+        this.projectId = options.projectId;
+        this.permissions = options.permissions;
+        this.requestTimeoutMs = options.requestTimeoutMs;
+    }
+    get status() {
+        return this._status;
+    }
+    get requestCount() {
+        return this._requestCount;
+    }
+    get lastActivityAt() {
+        return this._lastActivityAt;
+    }
+    get hasPendingRequests() {
+        return this.pending.size > 0;
+    }
+    /**
+     * Start the worker. Idempotent — safe to call if already running.
+     */
+    start() {
+        if (this.worker)
+            return;
+        const workerUrl = this.getWorkerScriptUrl();
+        const workerOptions = {
+            type: "module",
+            name: `project-worker-${this.projectId}`,
+            deno: { permissions: this.permissions },
+        };
+        // @ts-ignore - Deno Worker accepts extended options
+        this.worker = new Worker(workerUrl, workerOptions);
+        this._status = "idle";
+        this.worker.onmessage = (event) => {
+            this.handleMessage(event.data);
+        };
+        this.worker.onerror = (event) => {
+            logger.error("Worker error", {
+                projectId: this.projectId,
+                error: event.message ?? String(event),
+            });
+            this._status = "crashed";
+            this.rejectAllPending("Worker crashed");
+        };
+        logger.debug("Worker started", { projectId: this.projectId });
+    }
+    /**
+     * Execute a request in this worker. Returns a typed response.
+     */
+    execute(request) {
+        return withSpan("worker.execute", () => {
+            if (!this.worker || this._status === "crashed" || this._status === "terminated") {
+                return Promise.reject(UNKNOWN_ERROR.create({ detail: `Worker not available (status: ${this._status})` }));
+            }
+            this._requestCount++;
+            this._lastActivityAt = Date.now();
+            this._status = "busy";
+            return new Promise((resolve, reject) => {
+                const timer = dntShim.setTimeout(() => {
+                    this.pending.delete(request.id);
+                    this.updateIdleStatus();
+                    reject(TIMEOUT_ERROR.create({
+                        detail: `Worker request timed out after ${this.requestTimeoutMs}ms`,
+                    }));
+                }, this.requestTimeoutMs);
+                this.pending.set(request.id, { resolve, reject, timer });
+                this.worker.postMessage(request);
+            });
+        }, {
+            "worker.projectId": this.projectId,
+            "worker.requestType": request.type,
+            "worker.requestId": request.id,
+        });
+    }
+    /**
+     * Execute a streaming request. Returns a ReadableStream that yields
+     * chunks as they arrive from the Worker via postMessage.
+     *
+     * Used for streaming SSR where the Worker sends chunks progressively.
+     * Falls back to a single-chunk stream if the Worker returns a non-streaming
+     * response (ssr-result with full HTML).
+     */
+    executeStream(request) {
+        if (!this.worker || this._status === "crashed" || this._status === "terminated") {
+            throw UNKNOWN_ERROR.create({ detail: `Worker not available (status: ${this._status})` });
+        }
+        this._requestCount++;
+        this._lastActivityAt = Date.now();
+        this._status = "busy";
+        const requestId = request.id;
+        return new ReadableStream({
+            start: (controller) => {
+                let timer = dntShim.setTimeout(() => {
+                    this.streamHandlers.delete(requestId);
+                    this.pending.delete(requestId);
+                    this.updateIdleStatus();
+                    controller.error(TIMEOUT_ERROR.create({
+                        detail: `Worker stream timed out after ${this.requestTimeoutMs}ms`,
+                    }));
+                }, this.requestTimeoutMs);
+                const resetTimer = () => {
+                    clearTimeout(timer);
+                    timer = dntShim.setTimeout(() => {
+                        this.streamHandlers.delete(requestId);
+                        this.pending.delete(requestId);
+                        this.updateIdleStatus();
+                        controller.error(TIMEOUT_ERROR.create({
+                            detail: `Worker stream timed out after ${this.requestTimeoutMs}ms`,
+                        }));
+                    }, this.requestTimeoutMs);
+                };
+                // Register a stream handler for this request
+                this.streamHandlers.set(requestId, {
+                    onChunk: (chunk) => {
+                        resetTimer();
+                        controller.enqueue(chunk);
+                    },
+                    onEnd: () => {
+                        clearTimeout(timer);
+                        this.streamHandlers.delete(requestId);
+                        this.pending.delete(requestId);
+                        this.updateIdleStatus();
+                        controller.close();
+                    },
+                    onError: (error) => {
+                        clearTimeout(timer);
+                        this.streamHandlers.delete(requestId);
+                        this.pending.delete(requestId);
+                        this.updateIdleStatus();
+                        controller.error(error);
+                    },
+                });
+                // Also register in pending for non-streaming responses (fallback)
+                this.pending.set(requestId, {
+                    resolve: (response) => {
+                        clearTimeout(timer);
+                        this.streamHandlers.delete(requestId);
+                        this.pending.delete(requestId);
+                        this.updateIdleStatus();
+                        // If we get an ssr-result, emit it as a single chunk
+                        if (response.type === "ssr-result") {
+                            controller.enqueue(textEncoder.encode(response.html));
+                            controller.close();
+                        }
+                        else if (response.type === "error") {
+                            const err = new Error(response.error.message);
+                            err.name = response.error.name;
+                            controller.error(err);
+                        }
+                        else {
+                            controller.close();
+                        }
+                    },
+                    reject: (error) => {
+                        clearTimeout(timer);
+                        this.streamHandlers.delete(requestId);
+                        this.pending.delete(requestId);
+                        this.updateIdleStatus();
+                        controller.error(error);
+                    },
+                    timer,
+                });
+                this.worker.postMessage(request);
+            },
+        });
+    }
+    /**
+     * Health check — send a ping and wait for pong.
+     */
+    async isHealthy(timeoutMs = 5_000) {
+        if (!this.worker || this._status === "crashed" || this._status === "terminated") {
+            return false;
+        }
+        const id = dntShim.crypto.randomUUID();
+        return new Promise((resolve) => {
+            const timer = dntShim.setTimeout(() => {
+                this.pending.delete(id);
+                resolve(false);
+            }, timeoutMs);
+            this.pending.set(id, {
+                resolve: () => {
+                    clearTimeout(timer);
+                    this.pending.delete(id);
+                    resolve(true);
+                },
+                reject: () => {
+                    clearTimeout(timer);
+                    this.pending.delete(id);
+                    resolve(false);
+                },
+                timer,
+            });
+            this.worker.postMessage({ type: "ping", id });
+        });
+    }
+    /**
+     * Clear the worker's module cache. Used for dev mode hot reload.
+     */
+    clearModuleCache() {
+        if (!this.worker || this._status === "crashed" || this._status === "terminated")
+            return;
+        this.worker.postMessage({ type: "clear-cache" });
+    }
+    /**
+     * Terminate the worker. Rejects all pending requests.
+     */
+    terminate() {
+        if (!this.worker)
+            return;
+        this._status = "terminated";
+        this.rejectAllPending("Worker terminated");
+        try {
+            this.worker.terminate();
+        }
+        catch (error) {
+            logger.debug("Worker terminate failed", {
+                projectId: this.projectId,
+                error,
+            });
+        }
+        this.worker = null;
+        logger.debug("Worker terminated", { projectId: this.projectId });
+    }
+    // -----------------------------------------------------------------------
+    // Private
+    // -----------------------------------------------------------------------
+    getWorkerScriptUrl() {
+        // In compiled binary mode, use a data URL because blob URLs don't work
+        // See: deno-sandbox.ts for the same pattern
+        if (isCompiledBinary()) {
+            // For compiled binaries, we'd need to inline the worker script.
+            // For now, fall through to the import.meta.resolve path which works
+            // in development and standard Deno execution.
+        }
+        // Use import.meta.resolve to get the absolute URL of the worker script.
+        // This works in both `deno run` and `deno compile` contexts.
+        return globalThis[Symbol.for("import-meta-ponyfill-esmodule")](import.meta).resolve("./worker-script.ts");
+    }
+    handleMessage(data) {
+        if (data.type === "pong") {
+            const pending = this.pending.get(data.id);
+            if (pending) {
+                clearTimeout(pending.timer);
+                pending.resolve(data);
+                this.pending.delete(data.id);
+            }
+            return;
+        }
+        // Handle streaming SSR chunks
+        if (data.type === "stream-chunk") {
+            const handler = this.streamHandlers.get(data.id);
+            if (handler)
+                handler.onChunk(data.chunk);
+            return;
+        }
+        if (data.type === "stream-end") {
+            const handler = this.streamHandlers.get(data.id);
+            if (handler)
+                handler.onEnd();
+            return;
+        }
+        const response = data;
+        const pending = this.pending.get(response.id);
+        if (!pending) {
+            logger.warn("Received response for unknown request", {
+                projectId: this.projectId,
+                id: response.id,
+            });
+            return;
+        }
+        clearTimeout(pending.timer);
+        this.pending.delete(response.id);
+        this.updateIdleStatus();
+        pending.resolve(response);
+    }
+    updateIdleStatus() {
+        if (this.pending.size === 0 && this._status === "busy") {
+            this._status = "idle";
+        }
+    }
+    rejectAllPending(reason) {
+        for (const [id, pending] of this.pending) {
+            clearTimeout(pending.timer);
+            pending.reject(UNKNOWN_ERROR.create({ detail: reason }));
+            this.pending.delete(id);
+        }
+        // Clean up stream handlers
+        for (const [id, handler] of this.streamHandlers) {
+            handler.onError(UNKNOWN_ERROR.create({ detail: reason }));
+            this.streamHandlers.delete(id);
+        }
+    }
+}

package/esm/src/security/sandbox/worker-permissions.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Worker Permission Builder
+ *
+ * Builds scoped Deno Worker permissions for per-project isolation.
+ * Each project worker gets the minimum required permissions.
+ *
+ * @module security/sandbox/worker-permissions
+ */
+export interface WorkerPermissions {
+    read: string[] | boolean;
+    write: boolean;
+    net: boolean;
+    env: boolean;
+    run: boolean;
+    ffi: boolean;
+    sys: boolean;
+}
+/**
+ * Build scoped permissions for a project worker.
+ *
+ * - read: restricted to the project temp dir (transformed modules) and cache dirs
+ * - write: denied (workers produce output via postMessage, not filesystem)
+ * - net: allowed (data fetchers and API routes may call external APIs)
+ * - env: allowed (user code reads API keys and config from environment)
+ * - run: denied (no subprocess spawning from user code)
+ * - ffi: denied (no native code from user code)
+ * - sys: denied (no system info access from user code)
+ */
+export declare function buildWorkerPermissions(readPaths: string[]): WorkerPermissions;
+//# sourceMappingURL=worker-permissions.d.ts.map

package/esm/src/security/sandbox/worker-permissions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"worker-permissions.d.ts","sourceRoot":"","sources":["../../../../src/src/security/sandbox/worker-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IACzB,KAAK,EAAE,OAAO,CAAC;IACf,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;CACd;AAcD;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CACpC,SAAS,EAAE,MAAM,EAAE,GAClB,iBAAiB,CA0BnB"}