chore: US-027 bridge improvements for Pi in-VM execution

Major sandbox bridge fixes enabling in-VM ESM execution of complex Node.js
apps:
- Fix _resolveModule to use ESM export conditions (import mode) for V8 module
  system
- Fix polyfill double-wrapping in _loadFile (bundlePolyfill returns IIFE)
- Add esbuild __export() pattern to CJS named export extraction
- Fix CJS wrapper const→let for exports reassignment (ajv compat)
- Add url module static wrapper with correct fileURLToPath/pathToFileURL
- Add global = globalThis alias for CJS compat
- Add tty, net, path (posix/win32) to BUILTIN_NAMED_EXPORTS
- Fix stdin end event for non-TTY (empty stdin emits end on resume)
- Add AbortSignal.addEventListener/removeEventListener no-op stubs
- Augment crypto polyfill with bridge-backed randomUUID
- Add stdout/stderr write callback support and writableLength
- Add Response.body ReadableStream to bridge fetch
- Add SSRF bypass for localhost in test network adapter
- Test uses ANTHROPIC_BASE_URL + allowAll permissions for in-VM Pi

Author: NathanFlurry

packages/core/src/shared/esm-utils.ts

@@ -76,8 +76,9 @@ export function wrapCJSForESMWithModulePath(
 	    const __filename = ${JSON.stringify(modulePath)};
 	    const __dirname = ${JSON.stringify(moduleDir)};
 	    const require = (name) => globalThis._requireFrom(name, __dirname);
+	    const global = globalThis;
 	    const module = { exports: {} };
-	    const exports = module.exports;
+	    let exports = module.exports;
 	    ${code}
 	    const __cjs = module.exports;
 	    export default __cjs;
@@ -87,9 +88,11 @@ export function wrapCJSForESMWithModulePath(
 }
 
 /**
- * Scan CJS code for `module.exports.X =`, `exports.X =`, and
- * `Object.defineProperty(exports, 'X', ...)` patterns to discover named exports
- * that can be re-exported from the ESM wrapper.
+ * Scan CJS code for named export patterns:
+ * - `module.exports.X =`
+ * - `exports.X =`
+ * - `Object.defineProperty(exports, 'X', ...)`
+ * - esbuild `__export(obj, { X: () => ... })` pattern
  */
 function extractCjsNamedExports(code: string): string[] {
 	const names = new Set<string>();
@@ -109,6 +112,12 @@ function extractCjsNamedExports(code: string): string[] {
 	for (const match of code.matchAll(/\bObject\.defineProperty\(\s*(?:module\.)?exports\s*,\s*["']([^"']+)["']/g)) {
 		add(match[1]);
 	}
+	// esbuild __export() pattern: __export(obj, { key: () => value, ... })
+	for (const block of code.matchAll(/__export\(\s*\w+\s*,\s*\{([^}]+)\}/g)) {
+		for (const entry of block[1].matchAll(/([A-Za-z_$][\w$]*)\s*:/g)) {
+			add(entry[1]);
+		}
+	}
 
 	return Array.from(names).sort();
 }

packages/nodejs/src/bridge-handlers.ts

@@ -1332,7 +1332,9 @@ export function buildModuleLoadingBridgeHandlers(
 			const lastSlash = dir.lastIndexOf("/");
 			if (lastSlash > 0) dir = dir.slice(0, lastSlash);
 		}
-		const vfsResult = await resolveModule(req, dir, deps.filesystem, "require", deps.resolutionCache);
+		// Use "import" mode so ESM export conditions are preferred — this handler
+		// is called by V8's native module system for import statements/expressions.
+		const vfsResult = await resolveModule(req, dir, deps.filesystem, "import", deps.resolutionCache);
 		if (vfsResult) return vfsResult;
 		// Fallback: resolve through real host paths for pnpm symlink compatibility.
 		const hostDir = deps.sandboxToHostPath?.(dir) ?? dir;
@@ -1367,13 +1369,20 @@ export function buildModuleLoadingBridgeHandlers(
 		const builtin = getStaticBuiltinWrapperSource(bare);
 		if (builtin) return builtin;
 		// Polyfill-backed builtins (crypto, zlib, etc.)
+		// bundlePolyfill returns an IIFE that evaluates to module.exports — use directly
 		if (hasPolyfill(bare)) {
 			const code = await bundlePolyfill(bare);
 			const namedExports = BUILTIN_NAMED_EXPORTS[bare] ?? [];
 			const namedLines = namedExports
 				.map(name => `export const ${name} = _p.${name};`)
 				.join("\n");
-			return `const _p = (function(){var module={exports:{}};var exports=module.exports;${code};return module.exports})();\nexport default _p;\n${namedLines}\n`;
+			// Augment crypto polyfill with bridge-backed functions missing from browserify
+			const augment = bare === "crypto"
+				? "if(typeof _cryptoRandomUUID!=='undefined'&&!_p.randomUUID){_p.randomUUID=function(){return _cryptoRandomUUID.applySync(undefined,[]);};};\n" +
+				  "if(typeof _cryptoRandomFill!=='undefined'&&!_p.randomFillSync){_p.randomFillSync=function(b){var a=new Uint8Array(b.buffer||b,b.byteOffset||0,b.byteLength||b.length);var d=_cryptoRandomFill.applySync(undefined,[a.length]);for(var i=0;i<a.length;i++)a[i]=d.charCodeAt(i);return b;};};\n" +
+				  "if(typeof _cryptoRandomFill!=='undefined'&&!_p.randomBytes){_p.randomBytes=function(n){var b=new Uint8Array(n);var d=_cryptoRandomFill.applySync(undefined,[n]);for(var i=0;i<n;i++)b[i]=d.charCodeAt(i);return b;};};\n"
+				: "";
+			return `const _p = ${code};\n${augment}export default _p;\n${namedLines}\n`;
 		}
 		// Recognized builtin without a static wrapper or polyfill — return empty stub with named exports
 		if (normalizeBuiltinSpecifier(bare)) {

packages/nodejs/src/bridge/network.ts

@@ -93,6 +93,15 @@ interface FetchOptions {
   integrity?: string;
 }
 
+interface FetchResponseBody {
+  getReader(): { read(): Promise<{ value: Uint8Array | undefined; done: boolean }>; releaseLock(): void };
+  locked: boolean;
+  cancel(): Promise<void>;
+  pipeTo(): Promise<void>;
+  pipeThrough<T>(transform: { readable: T }): T;
+  tee(): [FetchResponseBody, FetchResponseBody];
+}
+
 interface FetchResponse {
   ok: boolean;
   status: number;
@@ -101,6 +110,7 @@ interface FetchResponse {
   url: string;
   redirected: boolean;
   type: string;
+  body: FetchResponseBody;
   text(): Promise<string>;
   json(): Promise<unknown>;
   arrayBuffer(): Promise<ArrayBuffer>;
@@ -148,6 +158,32 @@ export async function fetch(input: string | URL | Request, options: FetchOptions
     body?: string;
   };
 
+  // Build a ReadableStream-like body from the complete response text
+  const bodyText = response.body || "";
+  const bodyBytes = new TextEncoder().encode(bodyText);
+  let bodyRead = false;
+
+  // Minimal ReadableStream that yields the complete response in one chunk
+  const body: FetchResponseBody = {
+    getReader() {
+      let readerDone = bodyRead;
+      return {
+        async read() {
+          if (readerDone) return { value: undefined as Uint8Array | undefined, done: true };
+          readerDone = true;
+          bodyRead = true;
+          return { value: bodyBytes, done: false };
+        },
+        releaseLock() {},
+      };
+    },
+    locked: false,
+    cancel() { return Promise.resolve(); },
+    pipeTo() { return Promise.resolve(); },
+    pipeThrough<T>(transform: { readable: T }): T { return transform.readable; },
+    tee(): [FetchResponseBody, FetchResponseBody] { return [body, body]; },
+  };
+
   // Create Response-like object
   return {
     ok: response.ok,
@@ -157,16 +193,16 @@ export async function fetch(input: string | URL | Request, options: FetchOptions
     url: response.url || resolvedUrl,
     redirected: response.redirected || false,
     type: "basic",
+    body,
 
     async text(): Promise<string> {
-      return response.body || "";
+      return bodyText;
     },
     async json(): Promise<unknown> {
-      return JSON.parse(response.body || "{}");
+      return JSON.parse(bodyText || "{}");
     },
     async arrayBuffer(): Promise<ArrayBuffer> {
-      // Not fully supported - return empty buffer
-      return new ArrayBuffer(0);
+      return bodyBytes.buffer.slice(bodyBytes.byteOffset, bodyBytes.byteOffset + bodyBytes.byteLength);
     },
     async blob(): Promise<never> {
       throw new Error("Blob not supported in sandbox");

packages/nodejs/src/bridge/process.ts

@@ -288,12 +288,13 @@ function _emit(event: string, ...args: unknown[]): boolean {
 
 // Stdio stream shape shared by stdout and stderr
 interface StdioWriteStream {
-  write(data: unknown): boolean;
+  write(data: unknown, ...rest: unknown[]): boolean;
   end(): StdioWriteStream;
   on(): StdioWriteStream;
   once(): StdioWriteStream;
   emit(): boolean;
   writable: boolean;
+  writableLength: number;
   isTTY: boolean;
   columns: number;
   rows: number;
@@ -314,10 +315,13 @@ function _getStderrIsTTY(): boolean {
 
 // Stdout stream
 const _stdout: StdioWriteStream = {
-  write(data: unknown): boolean {
-    if (typeof _log !== "undefined") {
+  write(data: unknown, ...rest: unknown[]): boolean {
+    if (typeof _log !== "undefined" && data !== "" && data != null) {
       _log.applySync(undefined, [String(data).replace(/\n$/, "")]);
     }
+    // Support write(data, callback) and write(data, encoding, callback)
+    const cb = typeof rest[rest.length - 1] === "function" ? rest[rest.length - 1] as () => void : null;
+    if (cb) cb();
     return true;
   },
   end(): StdioWriteStream {
@@ -333,17 +337,21 @@ const _stdout: StdioWriteStream = {
     return false;
   },
   writable: true,
+  writableLength: 0,
   get isTTY(): boolean { return _getStdoutIsTTY(); },
   columns: 80,
   rows: 24,
 };
 
 // Stderr stream
 const _stderr: StdioWriteStream = {
-  write(data: unknown): boolean {
-    if (typeof _error !== "undefined") {
+  write(data: unknown, ...rest: unknown[]): boolean {
+    if (typeof _error !== "undefined" && data !== "" && data != null) {
       _error.applySync(undefined, [String(data).replace(/\n$/, "")]);
     }
+    // Support write(data, callback) and write(data, encoding, callback)
+    const cb = typeof rest[rest.length - 1] === "function" ? rest[rest.length - 1] as () => void : null;
+    if (cb) cb();
     return true;
   },
   end(): StdioWriteStream {
@@ -359,6 +367,7 @@ const _stderr: StdioWriteStream = {
     return false;
   },
   writable: true,
+  writableLength: 0,
   get isTTY(): boolean { return _getStderrIsTTY(); },
   columns: 80,
   rows: 24,
@@ -393,33 +402,37 @@ function getStdinFlowMode(): boolean { return (globalThis as Record<string, unkn
 function setStdinFlowMode(v: boolean): void { (globalThis as Record<string, unknown>)._stdinFlowMode = v; }
 
 function _emitStdinData(): void {
-  if (getStdinEnded() || !getStdinData()) return;
-
-  // In flowing mode, emit all remaining data
-  if (getStdinFlowMode() && getStdinPosition() < getStdinData().length) {
-    const chunk = getStdinData().slice(getStdinPosition());
-    setStdinPosition(getStdinData().length);
-
-    // Emit data event
-    const dataListeners = [...(_stdinListeners["data"] || []), ...(_stdinOnceListeners["data"] || [])];
-    _stdinOnceListeners["data"] = [];
-    for (const listener of dataListeners) {
-      listener(chunk);
-    }
-
-    // Emit end after all data
-    setStdinEnded(true);
-    const endListeners = [...(_stdinListeners["end"] || []), ...(_stdinOnceListeners["end"] || [])];
-    _stdinOnceListeners["end"] = [];
-    for (const listener of endListeners) {
-      listener();
+  if (getStdinEnded()) return;
+
+  // In flowing mode, emit remaining data then end
+  if (getStdinFlowMode()) {
+    const data = getStdinData();
+    if (data && getStdinPosition() < data.length) {
+      const chunk = data.slice(getStdinPosition());
+      setStdinPosition(data.length);
+
+      // Emit data event
+      const dataListeners = [...(_stdinListeners["data"] || []), ...(_stdinOnceListeners["data"] || [])];
+      _stdinOnceListeners["data"] = [];
+      for (const listener of dataListeners) {
+        listener(chunk);
+      }
     }
 
-    // Emit close
-    const closeListeners = [...(_stdinListeners["close"] || []), ...(_stdinOnceListeners["close"] || [])];
-    _stdinOnceListeners["close"] = [];
-    for (const listener of closeListeners) {
-      listener();
+    // Non-TTY stdin: emit end after all data (or immediately if empty).
+    // TTY stdin uses the streaming _stdinRead read loop for end detection.
+    if (!_getStdinIsTTY()) {
+      setStdinEnded(true);
+      const endListeners = [...(_stdinListeners["end"] || []), ...(_stdinOnceListeners["end"] || [])];
+      _stdinOnceListeners["end"] = [];
+      for (const listener of endListeners) {
+        listener();
+      }
+      const closeListeners = [...(_stdinListeners["close"] || []), ...(_stdinOnceListeners["close"] || [])];
+      _stdinOnceListeners["close"] = [];
+      for (const listener of closeListeners) {
+        listener();
+      }
     }
   }
 }

packages/nodejs/src/builtin-modules.ts

@@ -336,8 +336,11 @@ export const BUILTIN_NAMED_EXPORTS: Record<string, string[]> = {
 		"join",
 		"normalize",
 		"parse",
+		"posix",
 		"relative",
 		"resolve",
+		"toNamespacedPath",
+		"win32",
 	],
 	async_hooks: [
 		"AsyncLocalStorage",
@@ -515,6 +518,21 @@ export const BUILTIN_NAMED_EXPORTS: Record<string, string[]> = {
 		"stringify",
 		"unescape",
 	],
+	tty: [
+		"isatty",
+		"ReadStream",
+		"WriteStream",
+	],
+	net: [
+		"Socket",
+		"Server",
+		"createServer",
+		"createConnection",
+		"connect",
+		"isIP",
+		"isIPv4",
+		"isIPv6",
+	],
 	"stream/web": [
 		"ReadableStream",
 		"ReadableStreamDefaultReader",

packages/nodejs/src/esm-compiler.ts

@@ -90,6 +90,29 @@ const STATIC_BUILTIN_WRAPPER_SOURCES: Readonly<Record<string, string>> = {
 		"return{pipeline:promisePipeline,finished:promiseFinished}})()",
 		BUILTIN_NAMED_EXPORTS["stream/promises"],
 	),
+	url: (() => {
+		// Custom url wrapper with Node.js-compatible fileURLToPath/pathToFileURL.
+		// The node-stdlib-browser url polyfill's fileURLToPath rejects valid file:// URLs,
+		// so we provide correct implementations alongside the standard URL/URLSearchParams.
+		const binding = "(function(){" +
+			"var u=globalThis.URL?{URL:globalThis.URL,URLSearchParams:globalThis.URLSearchParams}:{};" +
+			"u.fileURLToPath=function(input){" +
+			"var s=typeof input==='string'?input:input&&input.href||String(input);" +
+			"if(s.startsWith('file:///'))return decodeURIComponent(s.slice(7));" +
+			"if(s.startsWith('file://'))return decodeURIComponent(s.slice(7));" +
+			"if(s.startsWith('/'))return s;" +
+			"throw new TypeError('The URL must be of scheme file');};" +
+			"u.pathToFileURL=function(p){return new URL('file://'+encodeURI(p));};" +
+			"u.format=function(u,o){if(typeof u==='string')return u;if(u instanceof URL)return u.toString();return '';};" +
+			"u.parse=function(s){try{var p=new URL(s);return{protocol:p.protocol,hostname:p.hostname,port:p.port,pathname:p.pathname,search:p.search,hash:p.hash,href:p.href};}catch{return null;}};" +
+			"u.resolve=function(from,to){return new URL(to,from).toString();};" +
+			"u.domainToASCII=function(d){return d;};" +
+			"u.domainToUnicode=function(d){return d;};" +
+			"u.Url=function(){};" +
+			"u.resolveObject=function(){return{};};" +
+			"return u;})()";
+		return buildWrapperSource(binding, BUILTIN_NAMED_EXPORTS.url);
+	})(),
 	v8: buildWrapperSource("globalThis._moduleCache?.v8 || {}", []),
 };
 

packages/nodejs/src/execution-driver.ts

@@ -768,6 +768,19 @@ function buildPostRestoreScript(
 	parts.push(getIsolateRuntimeSource("setupFsFacade"));
 	parts.push(getIsolateRuntimeSource("setupDynamicImport"));
 
+	// Node.js CJS compat: `global` is an alias for `globalThis`
+	parts.push(`if(typeof global==='undefined')globalThis.global=globalThis;`);
+
+	// AbortSignal EventTarget compat: V8's AbortSignal may lack addEventListener/removeEventListener.
+	// Provide no-op stubs so callers don't throw, but don't create persistent listener
+	// references that would prevent the V8 session from exiting.
+	parts.push(`(function(){` +
+		`if(typeof AbortSignal!=='undefined'&&!AbortSignal.prototype.addEventListener){` +
+		`AbortSignal.prototype.addEventListener=function(){};` +
+		`AbortSignal.prototype.removeEventListener=function(){};` +
+		`AbortSignal.prototype.dispatchEvent=function(){return true;};` +
+		`}})();`);
+
 	// Inject bridge setup config
 	parts.push(`globalThis.__runtimeBridgeSetupConfig = ${JSON.stringify({
 		initialCwd: bridgeConfig.initialCwd,