feat(website): metal theme with Cinzel font, hero background, red accents

Author: NathanFlurry

docs-internal/todo.md

@@ -1,162 +1,130 @@
-# Sandboxed Node TODOs
+# Secure Exec TODOs
 
-## High level
+This file tracks the active implementation backlog only.
+Resolved work should stay in OpenSpec archives and `docs-internal/friction.md` instead of remaining here as unchecked debt.
 
-- Review the node driver
-- Plan desired minimal driver that we'll use in rivet
-- Add codemode example
-- Add just-bash example
-- Test with
-    - Pi
-    - Express
-    - Hono
-    - ???
+Priority order is:
+1. Security and host-protection gaps
+2. Compatibility bugs and missing platform behavior
+3. Maintainability and performance follow-ups
+4. Examples, validation breadth, and product-shaping work
 
-## Todo
+## Priority 0: Security and Host Protection
 
-- [x] Remove all `@hono/node-server` bridge integration and load it only from sandboxed `node_modules`.
-  - Remove bridge module and exports (`packages/secure-exec/src/bridge/hono-node-server.ts`, `packages/secure-exec/src/bridge/index.ts`).
-  - Remove `@hono/node-server` special-cases in runtime resolution/execution (`packages/secure-exec/src/index.ts`, `packages/secure-exec/src/shared/require-setup.ts`).
-  - Remove `honoServe`/`honoClose` from adapter/types if no longer needed (`packages/secure-exec/src/types.ts`, `packages/secure-exec/src/shared/permissions.ts`, `packages/secure-exec/src/node/driver.ts`).
+- [ ] Finish end-to-end payload guards for remaining browser/bridge paths.
+  - Node isolate execution now enforces JSON/base64 payload limits, but browser worker paths and remaining bridge `JSON.parse(...)` callsites still need equivalent bounds.
+  - Files: `packages/secure-exec/src/browser/worker.ts`, `packages/secure-exec/src/bridge/*.ts`
 
-- [x] Implement Node built-in HTTP server bridging (`http.createServer`) without third-party module bridges.
-  - Add server listen/close/address request-dispatch bridge hooks in runtime setup (`packages/secure-exec/src/index.ts`).
-  - Implement server-side compatibility in network bridge (`packages/secure-exec/src/bridge/network.ts`).
-  - Add Node driver implementation backed by `node:http` (`packages/secure-exec/src/node/driver.ts`, `packages/secure-exec/src/types.ts`, `packages/secure-exec/src/shared/permissions.ts`).
+- [ ] Add global host resource budgets.
+  - Bound output bytes, bridge-call rate, timer count, and child-process count so hostile workloads cannot amplify host CPU or memory usage.
+  - Files: `packages/secure-exec/src/node/execution-driver.ts`, `packages/secure-exec/src/bridge/process.ts`, `packages/secure-exec/src/shared/permissions.ts`
 
-- [x] Expose host-side request path to sandbox servers via `sandbox.network.fetch(...)`.
-  - Provide a NodeRuntime-level network facade and document concurrent run/fetch pattern (`packages/secure-exec/src/index.ts`, `README.md`, `examples/hono/README.md`).
-  - Validate end-to-end from loader to runner (`examples/hono/loader/src/index.ts`, `examples/hono/runner/src/index.ts`).
-
-- [x] Fix `run()` ESM semantics to match docs (return module exports/default instead of evaluation result).
-  - Fix: `runESM` now returns copied entry-module namespace exports (default + named) after evaluation.
-  - `packages/secure-exec/src/index.ts`, `packages/secure-exec/tests/index.test.ts`
-
-- [x] Fix dynamic import execution semantics so imports are not eagerly evaluated before user code.
-  - Fix: precompile step now resolves/compiles only; instantiate/evaluate occur on first `import()` reach.
-  - `packages/secure-exec/src/index.ts`, `packages/secure-exec/tests/index.test.ts`
-
-- [x] Remove brittle require-path hacks/monkeypatches and replace with minimal, explicit compatibility behavior.
-  - Current hacks include `chalk`, `supports-color`, `tty`, `constants`, `v8`, and `util/url/path` patching.
-  - `packages/secure-exec/src/shared/require-setup.ts`
-
-- [x] Decide and enforce sandbox permission default model (allow-by-default vs deny-by-default); tighten if strict mode is desired.
-  - Fixed by flipping permission checks and env filtering to deny-by-default, and by exporting explicit `allowAll*` helpers for opt-in access.
-  - `packages/secure-exec/src/shared/permissions.ts`
-
-- [x] Make console capture robust for circular objects (avoid `JSON.stringify` throw paths in logging).
-  - `packages/secure-exec/src/index.ts`
-
-- [x] Reconcile `docs/node-compatability.mdx` with current runtime behavior.
-  - Fix: completed in `codify-stdlib-support-policy` (remove stale third-party bridge notes, align `http`/`https`/`http2` sections, add support tiers).
-
-- [x] Close or explicitly codify missing `fs` APIs listed in compatibility docs.
-  - Fix: completed in `codify-stdlib-support-policy` (`access`/`realpath` documented as implemented; missing APIs now use deterministic unsupported errors).
-
-- [x] Decide `child_process.fork()` support level.
-  - Fix: completed in `codify-stdlib-support-policy` (`fork` marked unsupported with deterministic `child_process.fork is not supported in sandbox` error).
-
-- [x] Tighten crypto support policy and implementation.
-  - Fix: completed in `codify-stdlib-support-policy` (explicit insecurity warning for `getRandomValues`, deterministic `crypto.subtle.*` unsupported errors, tiered policy documented).
-
-- [x] Track unimplemented core modules from compatibility docs as explicit product decisions.
-  - Fix: completed in `codify-stdlib-support-policy` (Tier 4 Deferred vs Tier 5 Unsupported classifications with rationale and runtime policy).
+- [ ] Cap and hard-fail child-process output buffering in sync APIs.
+  - `spawnSync`/`execSync` paths still need deterministic output caps rather than unbounded accumulation.
+  - Files: `packages/secure-exec/src/node/execution-driver.ts`, `packages/secure-exec/src/bridge/child-process.ts`
 
-## Security & Hardening
+- [ ] Ensure child-process sessions are always cleaned up on timeout, dispose, and error paths.
+  - Session-map leaks will keep host resources alive after sandbox failure paths.
+  - Files: `packages/secure-exec/src/node/execution-driver.ts`
 
-- [x] Filter Python `exec(..., { env })` overrides through `permissions.env`.
-  - Fix: `PyodideRuntimeDriver.exec()` now applies the shared `filterEnv(...)` gate before env overrides reach the worker, and runtime-driver tests cover both denied-by-default and explicitly-allowed cases.
-  - `packages/secure-exec/src/python/driver.ts`, `packages/secure-exec/tests/runtime-driver/python.test.ts`
+- [ ] Add request and response body limits for driver HTTP paths, including decompression.
+  - The Node driver currently buffers request/response bodies and decompresses gzip/deflate without explicit caps.
+  - Files: `packages/secure-exec/src/node/driver.ts`
 
-- [x] Bridge `crypto.getRandomValues` / `randomUUID` to host `node:crypto` instead of `Math.random()`.
-  - Fix: runtime now wires host `node:crypto` references from `packages/secure-exec/src/index.ts` into the isolate and uses them in `packages/secure-exec/src/bridge/process.ts`.
-  - Fail-closed contract: bridge throws deterministic `crypto.getRandomValues is not supported in sandbox` / `crypto.randomUUID is not supported in sandbox` errors when host entropy hooks are unavailable.
+- [ ] Fix HTTP server lifecycle leaks when executions time out or are disposed.
+  - Sandbox-owned servers need deterministic teardown on all execution shutdown paths.
+  - Files: `packages/secure-exec/src/execution.ts`, `packages/secure-exec/src/node/execution-driver.ts`, `packages/secure-exec/src/node/driver.ts`
 
-- [ ] Add transfer size limits on base64 file I/O across the isolate boundary.
-  - `packages/secure-exec/src/index.ts` (~line 1138, `readFileBinaryRef` / `writeFileBinaryRef`)
-  - No cap currently; a large file read can OOM the host process.
+- [ ] Verify timer and event-rate controls under hostile workloads.
+  - Add explicit stress coverage for `setInterval`, `setImmediate`, and high-frequency event emission so abuse resistance is tested instead of assumed.
+  - Files: `tests/test-suite/node/`, `tests/runtime-driver/`
 
-- [ ] Validate size before host-side `JSON.parse` calls.
-  - `packages/secure-exec/src/index.ts` (10 unvalidated `JSON.parse` calls)
-  - Crafted large payloads from sandbox can OOM the host process.
+- [ ] Document extension attack vectors and hardening guidance.
+  - Consolidate memory amplification, CPU amplification, timer/event amplification, and extension host-hook abuse paths in the internal threat model.
+  - Files: `docs-internal/attack-vectors.md`
 
-- [x] Make bridge globals non-writable on `globalThis`.
-  - Fix: active-handle lifecycle globals now install via `Object.defineProperty` with `writable: false` and `configurable: false`, preventing sandbox overwrite of `_registerHandle` / `_unregisterHandle` / `_waitForActiveHandles`.
-  - `packages/secure-exec/src/bridge/active-handles.ts`, `packages/secure-exec/tests/index.test.ts`
+## Priority 1: Compatibility and API Coverage
 
-- [ ] Remove default host-side console buffering; drop logs by default and expose optional streaming hook.
-  - `packages/secure-exec/src/index.ts`, `packages/secure-exec/src/execution.ts`
+- [ ] Fix `v8.serialize` and `v8.deserialize` to use V8 structured serialization semantics.
+  - The current JSON-based behavior is observably wrong for `Map`, `Set`, `RegExp`, circular references, and other structured-clone cases.
+  - Files: `packages/secure-exec/isolate-runtime/src/inject/bridge-initial-globals.ts`
 
-- [ ] Add global host resource budgets (output bytes, bridge-call rate, timer count, child-process count).
-  - `packages/secure-exec/src/index.ts`, `packages/secure-exec/src/bridge/process.ts`, `packages/secure-exec/src/shared/permissions.ts`
+- [ ] Add missing `fs` APIs needed for broader Node parity.
+  - Missing APIs: `cp`, `cpSync`, `glob`, `globSync`, `opendir`, `mkdtemp`, `mkdtempSync`, `statfs`, `statfsSync`, `readv`, `readvSync`, `fdatasync`, `fdatasyncSync`, `fsync`, `fsyncSync`.
+  - Files: `packages/secure-exec/src/bridge/fs.ts`
 
-- [ ] Cap and hard-fail child-process output buffering in sync APIs.
-  - `packages/secure-exec/src/index.ts` (`spawnSyncRef` / `execSyncRef`)
+- [ ] Implement deferred `fs` APIs or explicitly keep them out of scope with stronger compatibility guidance.
+  - Deferred APIs: `chmod`, `chown`, `link`, `symlink`, `readlink`, `truncate`, `utimes`, `watch`, `watchFile`.
+  - Files: `packages/secure-exec/src/bridge/fs.ts`, `docs/node-compatability.mdx`
 
-- [ ] Ensure child-process sessions are always cleaned up on timeout/dispose/error paths.
-  - `packages/secure-exec/src/index.ts` (`sessions` map in child-process bridge)
+- [ ] Add missing lower-level `http` and `https` APIs.
+  - Remaining gaps include `Agent` pooling/keep-alive controls, upgrade handling, trailer headers, and socket-level events.
+  - Files: `packages/secure-exec/src/bridge/network.ts`, `packages/secure-exec/src/node/driver.ts`
 
-- [ ] Add request/response body limits for driver HTTP paths (including decompression).
-  - `packages/secure-exec/src/node/driver.ts` (`httpServerListen`, `fetch`, `httpRequest`)
-
-- [ ] Fix HTTP server lifecycle leaks when executions time out or are disposed.
-  - `packages/secure-exec/src/execution.ts`, `packages/secure-exec/src/index.ts`, `packages/secure-exec/src/node/driver.ts`
+- [ ] Add a dedicated lazy dynamic-import regression test.
+  - Top-level-await plus `import()` ordering still has a tracked edge case and needs explicit coverage.
+  - Files: `packages/secure-exec/tests/`
 
-## API Coverage Gaps
+- [ ] Document and verify package-manager support for `node_modules` loading behavior.
+  - Add compatibility fixtures that exercise npm, pnpm, yarn, and bun layouts without sandbox-aware fixture code.
+  - Files: `packages/secure-exec/tests/projects/`, `docs/node-compatability.mdx`
 
-- [ ] Add missing `fs` APIs: `cp`, `cpSync`, `glob`, `globSync`, `opendir`, `mkdtemp`, `mkdtempSync`, `statfs`, `statfsSync`, `readv`, `readvSync`, `fdatasync`, `fdatasyncSync`, `fsync`, `fsyncSync`.
-  - `packages/secure-exec/src/bridge/fs.ts`
-  - Goal: full `node:fs` coverage for core file operations.
+## Priority 2: Maintainability and Performance
 
-- [ ] Implement deferred `fs` APIs: `chmod`, `chown`, `link`, `symlink`, `readlink`, `truncate`, `utimes`, `watch`, `watchFile`.
-  - `packages/secure-exec/src/bridge/fs.ts`
-  - Currently throw deterministic unsupported errors.
+- [ ] Remove remaining `@ts-nocheck` bypasses in bridge internals.
+  - Current bypasses remain in `bridge/polyfills.ts`, `bridge/os.ts`, `bridge/child-process.ts`, `bridge/process.ts`, and `bridge/network.ts`.
+  - Files: `packages/secure-exec/src/bridge/*.ts`
 
-- [ ] Add missing `http`/`https` APIs: connection pooling (`Agent`), keep-alive tuning, WebSocket upgrade, trailer headers, socket-level events.
-  - `packages/secure-exec/src/bridge/network.ts`
-  - Current implementation is fetch-based and fully buffered with no socket-level control.
+- [ ] Split `NodeExecutionDriver` into focused modules.
+  - The old `index.ts` monolith has moved; the main concentration of complexity is now `packages/secure-exec/src/node/execution-driver.ts`.
+  - Suggested extraction targets: isolate bootstrap, module resolution, ESM compilation, bridge setup, and execution lifecycle.
 
-- [ ] Fix `v8.serialize`/`v8.deserialize` to use V8 structured serialization instead of `JSON.stringify`/`JSON.parse`.
-  - `packages/secure-exec/isolate-runtime/src/inject/bridge-initial-globals.ts` (~line 51)
-  - Bug: current implementation silently produces JSON instead of V8 binary format. Code depending on structured clone semantics (`Map`, `Set`, `RegExp`, circular refs) will get wrong results.
+- [ ] Make ESM module reverse lookup O(1).
+  - Large import graphs still risk quadratic resolver work.
+  - Files: `packages/secure-exec/src/node/execution-driver.ts`
 
-## Performance & Correctness
+- [ ] Add resolver memoization for positive and negative lookups.
+  - Avoid repeated miss probes across `require()` and `import()` paths.
+  - Files: `packages/secure-exec/src/package-bundler.ts`, `packages/secure-exec/src/shared/require-setup.ts`, `packages/secure-exec/src/node/execution-driver.ts`
 
-- [ ] Add `stat` and `exists` methods to `VirtualFileSystem` interface.
-  - `packages/secure-exec/src/types.ts`, `packages/secure-exec/src/fs-helpers.ts`
-  - Current `stat()` and `exists()` read entire file contents; O(file size) when should be O(1). Also a DoS vector via large files.
+- [ ] Cap and cache `package.json` parsing in resolver paths.
+  - Prevent repeated large-file reads and large JSON parse overhead in package resolution.
+  - Files: `packages/secure-exec/src/package-bundler.ts`
 
-- [ ] Split `index.ts` into focused modules.
-  - `packages/secure-exec/src/index.ts` (1,956 lines and growing)
-  - Extract: `isolate.ts`, `module-resolver.ts`, `esm-compiler.ts`, `bridge-setup.ts`, `execution.ts`.
+- [ ] Reduce module-access lookup overhead.
+  - Add prefix indexing and canonicalization memoization in module-access checks.
+  - Files: `packages/secure-exec/src/node/module-access.ts`
 
-- [ ] Replace magic O_* flag numbers with named constants.
-  - `packages/secure-exec/src/bridge/fs.ts` (~line 690)
-  - Hardcoded integers (577, 578, 1089, etc.) are Linux-specific and undocumented.
+- [ ] Replace whole-file fd sync emulation with offset-based host read/write primitives.
+  - The current approach does more work than necessary and increases large-file pressure.
+  - Files: `packages/secure-exec/src/bridge/fs.ts`
 
-- [ ] Fix `readDirWithTypes` N+1 I/O pattern.
-  - `packages/secure-exec/src/fs-helpers.ts` (~line 112)
-  - Calls `readDir` per entry to check if directory; add `readDirWithTypes` or `stat` to `VirtualFileSystem`.
+- [ ] Replace magic `O_*` flag numbers with named constants.
+  - Hardcoded flag values are difficult to audit and easy to misuse.
+  - Files: `packages/secure-exec/src/bridge/fs.ts`
 
-- [ ] Make `rename` atomic or document limitation.
-  - `packages/secure-exec/src/fs-helpers.ts` (lines 90-92)
-  - Currently read + write + delete; crash between steps can duplicate or lose data.
+- [ ] Convert IO handling into a shared abstraction reusable across runtimes.
+  - Shared request/response/stream/error contracts should reduce Node/browser/runtime drift.
+  - Files: `packages/secure-exec/src/`, `tests/test-suite/`
 
-- [ ] Make ESM module reverse-lookup O(1) to avoid O(n^2) resolver work on large import graphs.
-  - `packages/secure-exec/src/index.ts` (ESM resolver / module cache lookup)
+## Priority 3: Examples, Validation Breadth, and Product Direction
 
-- [ ] Add resolver memoization (positive + negative) to avoid repeated miss probes across `require()`/`import()`.
-  - `packages/secure-exec/src/package-bundler.ts`, `packages/secure-exec/src/shared/require-setup.ts`, `packages/secure-exec/src/index.ts`
+- [ ] Review the Node driver against the intended long-term runtime contract.
+  - Use the current architecture docs and glossary terms to decide what stays driver-owned versus runtime-owned.
+  - Files: `docs-internal/arch/overview.md`, `docs-internal/glossary.md`, `packages/secure-exec/src/node/`
 
-- [ ] Document and verify package manager support for `node_modules` loading behavior.
-  - Cover expected resolver behavior and known caveats for npm, pnpm, yarn, and bun installs.
-  - Add/maintain compatibility fixtures that exercise transitive dependency loading across supported package manager layouts.
+- [ ] Define the minimal driver surface needed for Rivet integration.
+  - This should turn the high-level “minimal driver” idea into a concrete API checklist.
+  - Files: `docs-internal/arch/overview.md`, `packages/secure-exec/src/types.ts`
 
-- [ ] Cap and cache `package.json` parsing in resolver paths.
-  - `packages/secure-exec/src/package-bundler.ts`
+- [ ] Add a codemode example.
+  - Provide a focused example that demonstrates secure-exec usage in a realistic tool flow.
+  - Files: `examples/`
 
-- [ ] Reduce module-access lookup overhead (prefix index + canonicalization memoization).
-  - `packages/secure-exec/src/node/module-access.ts`
+- [ ] Add a just-bash example.
+  - Show the smallest useful command-execution integration without broader framework scaffolding.
+  - Files: `examples/`
 
-- [ ] Replace whole-file fd sync emulation with offset-based host read/write primitives.
-  - `packages/secure-exec/src/bridge/fs.ts`
+- [ ] Expand framework and environment validation.
+  - Add or maintain black-box coverage for projects using Pi, Express, Hono, and other representative package stacks.
+  - Files: `packages/secure-exec/tests/projects/`

docs/docs.json

@@ -16,7 +16,7 @@
     "dark": "/logo.svg"
   },
   "colors": {
-    "primary": "#FF0000",
+    "primary": "#CC0000",
     "light": "#FF3333",
     "dark": "#CC0000"
   },

packages/website/public/hero-bg.jpg

@@ -263,7 +263,11 @@ export function Hero() {
   return (
     <>
       <section className="relative flex min-h-screen flex-col overflow-hidden">
-        <div className="absolute inset-0 bg-gradient-to-b from-zinc-900/20 via-transparent to-transparent pointer-events-none" />
+        <div
+          className="absolute inset-0 bg-cover bg-center bg-no-repeat pointer-events-none"
+          style={{ backgroundImage: "url('/hero-bg.jpg')", opacity: 0.15 }}
+        />
+        <div className="absolute inset-0 bg-gradient-to-b from-[#09090b]/60 via-[#09090b]/40 to-[#09090b] pointer-events-none" />
 
         <div
           className="flex flex-1 flex-col justify-start pt-32 lg:justify-center lg:pt-0 px-6"
@@ -288,11 +292,12 @@ export function Hero() {
               initial={{ opacity: 0, y: 30 }}
               animate={{ opacity: 1, y: 0 }}
               transition={{ duration: 0.7, delay: 0.5, ease: [0.16, 1, 0.3, 1] }}
-              className="mb-6 text-3xl font-semibold leading-[1.1] tracking-tight text-white md:text-5xl"
+              className="mb-6 text-2xl font-bold leading-[1.15] uppercase tracking-[0.05em] sm:text-3xl md:text-[2.8rem] lg:text-5xl"
+              style={{ fontFamily: "'Cinzel', serif", color: "#CC0000" }}
             >
-              Secure Node.js execution
+              Secure Node.js Execution
               <br />
-              without a sandbox
+              Without a Sandbox
             </motion.h1>
 
             <motion.p