feat: US-063 - Make Pi PTY mode pass end-to-end with real-provider tokens

Author: NathanFlurry

.agent/contracts/node-bridge.md

@@ -134,6 +134,19 @@ Bridge/runtime bootstrap SHALL expose the modern Web API and worker-thread compa
 - **AND** compatibility helpers like `worker_threads.markAsUncloneable` and `stream.Readable.fromWeb()` MUST be reachable during that same bootstrap path
 - **AND** the runtime MUST satisfy that dependency chain through generic runtime/bootstrap behavior rather than a package-specific redirect or mock
 
+### Requirement: Bridged `process.kill()` Preserves Self-Signal Semantics
+The process bridge SHALL preserve Node-compatible self-signal behavior for `process.kill(process.pid, signal)` so interactive TUIs and signal handlers can refresh state without spuriously terminating the sandbox.
+
+#### Scenario: Unhandled self `SIGWINCH` is ignored
+- **WHEN** sandboxed code calls `process.kill(process.pid, 'SIGWINCH')` without a registered `SIGWINCH` listener
+- **THEN** the runtime MUST return `true`
+- **AND** execution MUST continue instead of exiting with `128 + 28`
+
+#### Scenario: Registered self signal handlers run in-process
+- **WHEN** sandboxed code registers `process.on('SIGTERM', handler)` or another signal listener and then calls `process.kill(process.pid, signal)`
+- **THEN** the bridge MUST emit that signal event to the registered handlers
+- **AND** the process MUST remain alive unless user code exits explicitly from the handler
+
 ### Requirement: Cryptographic Randomness Bridge Uses Host CSPRNG
 Bridge-provided randomness for global `crypto` APIs MUST delegate to host `node:crypto` primitives and MUST NOT use isolate-local pseudo-random fallbacks such as `Math.random()`.
 

.agent/contracts/node-runtime.md

@@ -173,6 +173,18 @@ The `__dynamicImport` bridge function SHALL return a Promise that resolves to th
 - **WHEN** user code calls `await import("./nonexistent")`
 - **THEN** the returned Promise MUST reject with an error indicating the module cannot be resolved
 
+### Requirement: JavaScript Module Loading Preserves Node Shebang Semantics
+JavaScript entrypoints and dependency files that begin with a Node-style shebang (`#!...`) SHALL load through both CommonJS and ESM sandbox paths without surfacing a syntax error from the host-side wrapper or transform stages.
+
+#### Scenario: CommonJS wrapper loads a shebang-bearing ESM CLI entrypoint
+- **WHEN** sandboxed code reaches `await import("/pkg/dist/cli.js")` from an exec-mode CommonJS entrypoint and `/pkg/dist/cli.js` begins with `#!/usr/bin/env node`
+- **THEN** the runtime MUST normalize the shebang before any CommonJS wrapper compilation step
+- **AND** the module MUST continue loading through the normal transform/evaluation path instead of failing with `SyntaxError: Invalid or unexpected token`
+
+#### Scenario: ESM loader reads a BOM-prefixed shebang-bearing module
+- **WHEN** the sandbox loads a JavaScript module whose first bytes are UTF-8 BOM followed by a Node-style shebang and ESM syntax
+- **THEN** module-syntax detection and ESM evaluation MUST still succeed without the shebang line being treated as executable JavaScript
+
 ### Requirement: ESM Top-Level Await Completes Before Execution Finalization
 When sandboxed ESM execution uses top-level `await`, the runtime SHALL keep the entry-module evaluation promise alive until it settles instead of finalizing execution early.
 
@@ -188,6 +200,22 @@ When sandboxed ESM execution uses top-level `await`, the runtime SHALL keep the
 - **WHEN** sandboxed code executes `await import("./mod.mjs")` and `./mod.mjs` contains top-level `await`
 - **THEN** the import Promise MUST not resolve until the imported module's async evaluation has completed and its namespace is ready
 
+### Requirement: Intl Segmentation APIs Stay Operational In The Sandbox
+The Node runtime SHALL initialize the underlying V8/ICU internationalization data needed for `Intl` segmentation APIs so Unicode-aware third-party code can execute without tearing down the runtime.
+
+#### Scenario: Intl.Segmenter segments ASCII and non-ASCII graphemes
+- **WHEN** sandboxed code constructs `new Intl.Segmenter(undefined, { granularity: "grapheme" })` and iterates `segment()` results for strings such as `"abc thinking off"` and `"abc • thinking off"`
+- **THEN** the runtime MUST return the expected grapheme segments
+- **AND** execution MUST remain alive instead of failing with a runtime-process crash or IPC disconnect
+
+### Requirement: PTY Raw Mode Preserves Carriage Return Input
+When sandboxed code enables PTY raw mode through `process.stdin.setRawMode(true)`, the runtime SHALL disable canonical translations such as `ICRNL` so interactive TUIs receive the original carriage-return byte for Enter.
+
+#### Scenario: Raw-mode stdin receives CR without newline translation
+- **WHEN** sandboxed PTY-backed code calls `process.stdin.setRawMode(true)` and the PTY master writes `\r`
+- **THEN** `process.stdin` listeners MUST receive byte `13` / `"\r"` rather than translated newline input
+- **AND** restoring cooked mode with `process.stdin.setRawMode(false)` MUST restore the default translated line discipline
+
 ### Requirement: Configurable CPU Time Limit for Node Runtime Execution
 The Node runtime MUST support an optional `cpuTimeLimitMs` execution budget for sandboxed code and MUST enforce it as a shared per-execution deadline across runtime calls that execute user-controlled code.
 

native/v8-runtime/build.rs

@@ -0,0 +1,87 @@
+use std::env;
+use std::fs;
+use std::path::{Path, PathBuf};
+
+fn cargo_home() -> PathBuf {
+    if let Some(home) = env::var_os("CARGO_HOME") {
+        return PathBuf::from(home);
+    }
+
+    let home = env::var_os("HOME").expect("HOME must be set when CARGO_HOME is unset");
+    PathBuf::from(home).join(".cargo")
+}
+
+fn read_v8_version(lock_path: &Path) -> String {
+    let lock = fs::read_to_string(lock_path)
+        .unwrap_or_else(|error| panic!("failed to read {}: {}", lock_path.display(), error));
+
+    let mut in_v8_package = false;
+    for line in lock.lines() {
+        match line.trim() {
+            "[[package]]" => in_v8_package = false,
+            "name = \"v8\"" => in_v8_package = true,
+            _ if in_v8_package && line.trim_start().starts_with("version = \"") => {
+                let version = line
+                    .trim()
+                    .trim_start_matches("version = \"")
+                    .trim_end_matches('"');
+                return version.to_owned();
+            }
+            _ => {}
+        }
+    }
+
+    panic!("failed to locate v8 version in {}", lock_path.display());
+}
+
+fn find_v8_icu_data(v8_version: &str) -> PathBuf {
+    let registry_src = cargo_home().join("registry").join("src");
+    let candidates = [
+        Path::new("third_party/icu/common/icudtl.dat"),
+        Path::new("third_party/icu/flutter_desktop/icudtl.dat"),
+        Path::new("third_party/icu/chromecast_video/icudtl.dat"),
+    ];
+
+    let entries = fs::read_dir(&registry_src).unwrap_or_else(|error| {
+        panic!("failed to read cargo registry src {}: {}", registry_src.display(), error)
+    });
+
+    for entry in entries {
+        let entry = entry.unwrap_or_else(|error| panic!("failed to inspect cargo registry entry: {}", error));
+        let crate_root = entry.path().join(format!("v8-{}", v8_version));
+        for relative in candidates {
+            let candidate = crate_root.join(relative);
+            if candidate.exists() {
+                return candidate;
+            }
+        }
+    }
+
+    panic!(
+        "failed to locate ICU data for v8-{} under {}",
+        v8_version,
+        registry_src.display(),
+    );
+}
+
+fn main() {
+    let manifest_dir = PathBuf::from(env::var_os("CARGO_MANIFEST_DIR").expect("CARGO_MANIFEST_DIR must be set"));
+    let lock_path = manifest_dir.join("Cargo.lock");
+    let out_dir = PathBuf::from(env::var_os("OUT_DIR").expect("OUT_DIR must be set"));
+
+    println!("cargo:rerun-if-changed={}", lock_path.display());
+    println!("cargo:rerun-if-changed=build.rs");
+
+    let v8_version = read_v8_version(&lock_path);
+    let icu_data = find_v8_icu_data(&v8_version);
+    let dest_path = out_dir.join("icudtl.dat");
+
+    fs::copy(&icu_data, &dest_path).unwrap_or_else(|error| {
+        panic!(
+            "failed to copy ICU data from {} to {}: {}",
+            icu_data.display(),
+            dest_path.display(),
+            error,
+        )
+    });
+}

native/v8-runtime/src/execution.rs

@@ -356,22 +356,26 @@ pub fn execute_script(
             }
         };
 
+        // Flush microtasks once after every exec()-style script so process.nextTick()
+        // and zero-delay bridge callbacks run before we decide whether more event-loop
+        // work is pending.
+        tc.perform_microtask_checkpoint();
+
+        if let Some(exception) = tc.exception() {
+            let (c, err) = exception_to_result(tc, exception);
+            return (c, Some(err));
+        }
+
+        if let Some(state) = tc.get_slot_mut::<crate::isolate::PromiseRejectState>() {
+            if let Some((_, err)) = state.unhandled.drain().next() {
+                return (1, Some(err));
+            }
+        }
+
         // Surface rejected async completions for exec()-style scripts that
         // return a Promise (for example an async IIFE ending in await import()).
         if completion.is_promise() {
             let promise = v8::Local::<v8::Promise>::try_from(completion).unwrap();
-            tc.perform_microtask_checkpoint();
-
-            if let Some(exception) = tc.exception() {
-                let (c, err) = exception_to_result(tc, exception);
-                return (c, Some(err));
-            }
-
-            if let Some(state) = tc.get_slot_mut::<crate::isolate::PromiseRejectState>() {
-                if let Some((_, err)) = state.unhandled.drain().next() {
-                    return (1, Some(err));
-                }
-            }
 
             if promise.state() == v8::PromiseState::Rejected {
                 let rejection = promise.result(tc);
@@ -415,7 +419,7 @@ pub fn extract_process_exit_code(
 /// Extract error info and exit code from a V8 exception.
 /// For ProcessExitError (detected via _isProcessExit sentinel), returns the error's exit code.
 /// For other errors, returns exit code 1.
-fn exception_to_result(
+pub(crate) fn exception_to_result(
     scope: &mut v8::HandleScope,
     exception: v8::Local<v8::Value>,
 ) -> (i32, ExecutionError) {
@@ -640,7 +644,9 @@ fn set_pending_module_evaluation(
     });
 }
 
-fn take_unhandled_promise_rejection(scope: &mut v8::HandleScope) -> Option<ExecutionError> {
+pub(crate) fn take_unhandled_promise_rejection(
+    scope: &mut v8::HandleScope,
+) -> Option<ExecutionError> {
     scope
         .get_slot_mut::<crate::isolate::PromiseRejectState>()
         .and_then(|state| state.unhandled.drain().next().map(|(_, err)| err))

native/v8-runtime/src/isolate.rs

@@ -7,6 +7,12 @@ use crate::ipc::ExecutionError;
 
 static V8_INIT: Once = Once::new();
 
+#[repr(align(16))]
+struct AlignedBytes<const N: usize>([u8; N]);
+
+static ICU_COMMON_DATA: AlignedBytes<{ include_bytes!(concat!(env!("OUT_DIR"), "/icudtl.dat")).len() }> =
+    AlignedBytes(*include_bytes!(concat!(env!("OUT_DIR"), "/icudtl.dat")));
+
 #[derive(Default)]
 pub struct PromiseRejectState {
     pub unhandled: HashMap<i32, ExecutionError>,
@@ -46,6 +52,8 @@ pub fn configure_isolate(isolate: &mut v8::OwnedIsolate) {
 /// Safe to call multiple times; only the first call takes effect.
 pub fn init_v8_platform() {
     V8_INIT.call_once(|| {
+        v8::icu::set_common_data_74(&ICU_COMMON_DATA.0)
+            .expect("failed to initialize V8 ICU common data");
         let platform = v8::new_default_platform(0, false).make_shared();
         v8::V8::initialize_platform(platform);
         v8::V8::initialize();