merge ralph/kernel-hardening into main

Author: NathanFlurry

docs/nodejs-compatibility.mdx

@@ -1,6 +1,7 @@
 ---
 title: Node.js Compatibility
 description: Target Node.js version and standard-library compatibility matrix for secure-exec.
+icon: "list-check"
 ---
 
 ## Target Node Version
@@ -9,116 +10,109 @@ description: Target Node.js version and standard-library compatibility matrix fo
 
 ## Support Tiers
 
-| Icon | Meaning |
-| --- | --- |
-| 🟢 | **Supported**: native or full implementation. |
-| 🔵 | **Planned**: not yet implemented; on the roadmap. |
-| 🟡 | **Partial**: functional with behavioral gaps or missing APIs. |
-| ⚪ | **TBD**: under consideration; not yet committed. |
-| 🔴 | **Stub**: requireable but most APIs throw on call. |
-| ⛔ | **Unsupported**: not available; `require()` throws immediately. |
-
----
-
-## Module Compatibility Matrix
-
-### Core I/O and Networking
-
-| Module | Status | Notes |
-| --- | --- | --- |
-| **`fs`** | 🟡 | Core I/O implemented: `readFile`, `writeFile`, `appendFile`, `open`, `read`, `write`, `close`, `readdir`, `mkdir`, `rmdir`, `rm`, `unlink`, `stat`, `lstat`, `rename`, `copyFile`, `exists`, `createReadStream`, `createWriteStream`, `writev`, `access`, `realpath`. Deferred: `watch`, `watchFile`, `chmod`, `chown`, `link`, `symlink`, `readlink`, `truncate`, `utimes`. |
-| **`http`** | 🟡 | `request`, `get`, `createServer` with bridged request/response classes. Fetch-based, fully buffered. No connection pooling, keep-alive tuning, WebSocket upgrade, or trailer headers. `Agent` is stub-only. |
-| **`https`** | 🟡 | Same contract and limitations as `http`. |
-| **`http2`** | 🔴 | Compatibility classes only (`Http2ServerRequest`, `Http2ServerResponse`); `createServer`/`createSecureServer` throw. |
-| **`net`** | 🔵 | Planned. |
-| **`tls`** | 🔵 | Planned. |
-| **`dns`** | 🟢 | `lookup`, `resolve`, `resolve4`, `resolve6`, plus `dns.promises`. Permission-gated. |
-| **`dgram`** | ⛔ | |
-| **Fetch globals** | 🟢 | `fetch`, `Headers`, `Request`, `Response`. |
-
-### Process and Runtime
-
-| Module | Status | Notes |
+| Tier | Label | Meaning |
 | --- | --- | --- |
-| **`process`** | 🟢 | `env` (permission-gated), `cwd`/`chdir`, `exit`, timers, stdio, `hrtime`, `platform`, `arch`, `version`, `argv`, `pid`, `ppid`, `uid`, `gid`. |
-| **`child_process`** | 🟢 | `spawn`, `spawnSync`, `exec`, `execSync`, `execFile`, `execFileSync`. `fork` unsupported. |
-| **`os`** | 🟢 | `platform`, `arch`, `type`, `release`, `version`, `homedir`, `tmpdir`, `hostname`, `userInfo`, `os.constants`. |
-| **`timers`** | 🟢 | `setTimeout`, `clearTimeout`, `setInterval`, `clearInterval`, `setImmediate`, `clearImmediate`. |
-| **`module`** | 🟢 | `createRequire`, `Module` basics, builtin resolution. |
-| **`worker_threads`** | 🔴 | Requireable; APIs throw on call. |
-| **`cluster`** | ⛔ | |
-| **`vm`** | 🔴 | Polyfill via `Function()`/`eval()`. No real context isolation; shares global scope. |
-| **`v8`** | 🔴 | Mock heap stats; `serialize`/`deserialize` use JSON instead of V8 binary format. |
-
-### Crypto and Security
-
-| Module | Status | Notes |
-| --- | --- | --- |
-| **`crypto`** | 🔵 | `getRandomValues()` and `randomUUID()` use host secure randomness. `subtle.*` throws. Full crypto planned. |
-| **Web Crypto** | 🔵 | Planned. |
-
-### Data and Encoding
+| 1 | Bridge | Runtime implementation in secure-exec bridge modules. |
+| 2 | Polyfill | Browser-compatible polyfill package implementation. |
+| 3 | Stub | Minimal compatibility surface for lightweight usage and type/instance checks. |
+| 4 | Deferred | `require()` succeeds, but APIs throw deterministic unsupported errors on call. |
+| 5 | Unsupported | Not implemented by design; `require()` throws immediately. |
 
-| Module | Status | Notes |
-| --- | --- | --- |
-| **`buffer`** | 🟢 | |
-| **`stream`** | 🟢 | |
-| **`string_decoder`** | 🟢 | |
-| **`zlib`** | 🟢 | |
-| **`querystring`** | 🟢 | |
+Unsupported API errors follow this format: `"<module>.<api> is not supported in sandbox"`.
+Unsupported modules use: `"<module> is not supported in sandbox"`.
 
-### Utilities and Diagnostics
+## Compatibility Matrix
 
-| Module | Status | Notes |
+| Module | Tier | Status |
 | --- | --- | --- |
-| **`path`** | 🟢 | |
-| **`url`** | 🟢 | |
-| **`util`** | 🟢 | |
-| **`assert`** | 🟢 | |
-| **`events`** | 🟢 | |
-| **`console`** | 🟢 | Circular-safe bounded formatting. Drop-by-default; use `onStdio` hook for streaming. |
-| **`constants`** | 🟢 | |
-| **`tty`** | 🔴 | `isatty()` returns `false`; `ReadStream`/`WriteStream` are compatibility constructors. |
-| **`async_hooks`** | ⚪ | |
-| **`perf_hooks`** | ⚪ | |
-| **`diagnostics_channel`** | ⚪ | |
-| **`readline`** | ⚪ | |
-
-### Unsupported
-
-| Module | Status |
-| --- | --- |
-| **`dgram`** | ⛔ |
-| **`wasi`** | ⛔ |
-| **`inspector`** | ⛔ |
-| **`repl`** | ⛔ |
-| **`trace_events`** | ⛔ |
-| **`domain`** | ⛔ |
-
----
-
-## Error Format
-
-Unsupported API calls follow this format:
-
-```
-<module>.<api> is not supported in sandbox
-```
-
-Unsupported modules use:
-
-```
-<module> is not supported in sandbox
-```
-
----
-
-## Additional Notes
-
-### Node-Modules Overlay
-
-The Node runtime composes a read-only `/app/node_modules` overlay from `<cwd>/node_modules` (default `cwd` is host `process.cwd()`, configurable via `moduleAccess.cwd`). Writes under `/app/node_modules/**` are denied with `EACCES`. Native addons (`.node`) are rejected.
-
-### Permission Model
-
-Runtime permissions are deny-by-default for `fs`, `network`, `childProcess`, and `env`. If a domain checker is not configured, operations fail with `EACCES`. Embedders opt in via explicit permission policies (`allowAll`, `allowAllFs`, `allowAllNetwork`, `allowAllChildProcess`, `allowAllEnv`).
+| `fs` | 1 (Bridge) + 4 (Deferred APIs) | Implemented: `readFile`, `writeFile`, `appendFile`, `open`, `read`, `write`, `close`, `readdir`, `mkdir`, `rmdir`, `rm`, `unlink`, `stat`, `lstat`, `rename`, `copyFile`, `exists`, `createReadStream`, `createWriteStream`, `writev`, `access`, `realpath`, `chmod`, `chown`, `link`, `symlink`, `readlink`, `truncate`, `utimes`, `cp`, `mkdtemp`, `opendir`, `glob`, `statfs`, `readv`, `fdatasync`, `fsync`. Metadata-sensitive operations (`stat`, `exists`, `readdir` with `withFileTypes`) use metadata-native driver paths instead of content probing. `rename` delegates to driver semantics (atomic where supported; explicit limitation errors where not). Deferred: `watch`, `watchFile`. |
+| `process` | 1 (Bridge) | Env access (permission-gated), cwd/chdir, exit semantics, timers, stdio, eventing, and basic usage/system metadata APIs. |
+| `os` | 1 (Bridge) | Platform/arch/version, user/system info, and `os.constants`. |
+| `child_process` | 1 (Bridge) + 5 (`fork`) | Implemented: `spawn`, `spawnSync`, `exec`, `execSync`, `execFile`, `execFileSync`; `fork` is intentionally unsupported. |
+| `http` | 1 (Bridge) | Implemented: `request`, `get`, `createServer`; bridged request/response/server classes and constants. Includes `Agent` with connection pooling (`maxSockets`, `keepAlive`), HTTP upgrade (101 Switching Protocols) handling, and trailer headers support. |
+| `https` | 1 (Bridge) | Implemented: `request`, `get`, `createServer` with the same contract as `http`, including `Agent` pooling, upgrade handling, and trailer headers. |
+| `http2` | 3 (Stub) + 5 (Full support) | Provides compatibility classes (`Http2ServerRequest`, `Http2ServerResponse`); `createServer` and `createSecureServer` are unsupported. |
+| `dns` | 1 (Bridge) | Implemented: `lookup`, `resolve`, `resolve4`, `resolve6`, plus `dns.promises` variants. |
+| `module` | 1 (Bridge) | Implements `createRequire`, `Module` basics, and builtin resolution (`require.resolve("fs")` returns builtin identifiers). |
+| `timers` | 1 (Bridge) | `setTimeout`, `clearTimeout`, `setInterval`, `clearInterval`, `setImmediate`, `clearImmediate`. |
+| `path` | 2 (Polyfill) | `path-browserify`; supports default and named ESM imports. |
+| `buffer` | 2 (Polyfill) | Polyfill via `buffer`. |
+| `url` | 2 (Polyfill) | Polyfill via `whatwg-url` and node-stdlib-browser shims. |
+| `events` | 2 (Polyfill) | Polyfill via `events`. |
+| `stream` | 2 (Polyfill) | Polyfill via `readable-stream`. |
+| `util` | 2 (Polyfill) | Polyfill via node-stdlib-browser. |
+| `assert` | 2 (Polyfill) | Polyfill via node-stdlib-browser. |
+| `querystring` | 2 (Polyfill) | Polyfill via node-stdlib-browser. |
+| `string_decoder` | 2 (Polyfill) | Polyfill via node-stdlib-browser. |
+| `zlib` | 2 (Polyfill) | Polyfill via node-stdlib-browser. |
+| `vm` | 2 (Polyfill) | Polyfill via node-stdlib-browser. |
+| `punycode` | 2 (Polyfill) | Polyfill via node-stdlib-browser. |
+| `crypto` | 3 (Stub) | Limited bridge/polyfill blend; `getRandomValues()` and `randomUUID()` use host `node:crypto` secure randomness, or throw deterministic unsupported errors if host entropy is unavailable; `subtle.*` methods throw deterministic unsupported errors. |
+| `tty` | 2 (Polyfill) | `tty-browserify`; `isatty()` returns `false`; `ReadStream`/`WriteStream` are compatibility constructors. |
+| `v8` | 3 (Stub) | Pre-registered stub with mock heap stats and JSON-based `serialize`/`deserialize`. |
+| `constants` | 2 (Polyfill) | `constants-browserify`; `os.constants` remains available via `os`. |
+| Fetch globals (`fetch`, `Headers`, `Request`, `Response`) | 1 (Bridge) | Bridged via network bridge implementation. |
+| `async_hooks` | 3 (Stub) | `AsyncLocalStorage` (with `run`, `enterWith`, `getStore`, `disable`, `exit`), `AsyncResource` (with `runInAsyncScope`, `emitDestroy`), `createHook` (returns enable/disable no-ops), `executionAsyncId`, `triggerAsyncId`. |
+| `diagnostics_channel` | 3 (Stub) | No-op `channel()` and `tracingChannel()` stubs; channels always report `hasSubscribers: false`; `publish`, `subscribe`, `unsubscribe` are no-ops. Provides Fastify compatibility. |
+| Deferred modules (`net`, `tls`, `readline`, `perf_hooks`, `worker_threads`) | 4 (Deferred) | `require()` returns stubs; APIs throw deterministic unsupported errors when called. |
+| Unsupported modules (`dgram`, `cluster`, `wasi`, `inspector`, `repl`, `trace_events`, `domain`) | 5 (Unsupported) | `require()` fails immediately with deterministic unsupported-module errors. |
+
+## Tested Packages
+
+The [project-matrix test suite](https://github.com/rivet-dev/secure-exec/tree/main/packages/secure-exec/tests/projects) validates that real-world npm packages produce identical output in secure-exec and host Node.js. Each fixture is a black-box Node project with no sandbox-specific code.
+
+| Package | Category | What It Tests |
+| --- | --- | --- |
+| [express](https://npmjs.com/package/express) | Web Framework | HTTP server, middleware, routing |
+| [fastify](https://npmjs.com/package/fastify) | Web Framework | Async middleware, schema validation, plugins |
+| [next](https://npmjs.com/package/next) | Web Framework | React SSR, module resolution, build tooling |
+| [vite](https://npmjs.com/package/vite) | Build Tool | ESM, HMR server, plugin system |
+| [astro](https://npmjs.com/package/astro) | Web Framework | Island architecture, SSR, multi-framework |
+| [hono](https://npmjs.com/package/hono) | Web Framework | ESM imports, lightweight HTTP |
+| [dotenv](https://npmjs.com/package/dotenv) | Configuration | Environment variable loading, fs reads |
+| [semver](https://npmjs.com/package/semver) | Utility | Version parsing and comparison |
+| [rivetkit](https://npmjs.com/package/rivetkit) | SDK | Local vendor package resolution |
+| crypto (builtin) | Crypto | `crypto.randomBytes`, `randomUUID`, `getRandomValues` |
+| fs-metadata-rename | Filesystem | `stat` metadata, `rename` semantics |
+| module-access | Module Resolution | Node modules overlay access |
+| conditional-exports | Module Resolution | Package `exports` field resolution |
+| optional-deps | Module Resolution | Optional dependency handling |
+| peer-deps | Module Resolution | Peer dependency resolution |
+| transitive-deps | Module Resolution | Transitive dependency chains |
+| pnpm-layout | Package Manager | pnpm `node_modules` structure |
+| npm-layout | Package Manager | npm flat `node_modules` layout |
+| yarn-classic-layout | Package Manager | Yarn v1 `node_modules` layout |
+| yarn-berry-layout | Package Manager | Yarn Berry PnP/node_modules layout |
+| bun-layout | Package Manager | Bun `node_modules` layout |
+| workspace-layout | Package Manager | npm workspace `node_modules` layout |
+| net-unsupported (fail) | Error Handling | `net.createServer` correctly errors |
+
+To request a new package be added to the test suite, [open an issue](https://github.com/rivet-dev/secure-exec/issues/new?labels=package-request&title=Package+request:+%5Bpackage-name%5D).
+
+## Logging Behavior
+
+- `console.log`/`warn`/`error` are supported and serialize arguments with circular-safe bounded formatting.
+- `exec()`/`run()` results do not expose buffered `stdout`/`stderr` fields.
+- By default, secure-exec drops console emissions instead of buffering runtime-managed output.
+- Consumers that need logs should use the explicit `onStdio` hook to stream `stdout`/`stderr` events in emission order.
+
+## TypeScript Workflows
+
+- Core `secure-exec` runtimes execute JavaScript only.
+- Sandboxed TypeScript type checking and compilation belong in the separate `@secure-exec/typescript` package.
+
+## Node-Modules Overlay Behavior
+
+- Node runtime composes a read-only `/app/node_modules` overlay from `<cwd>/node_modules` (default `cwd` is host `process.cwd()`, configurable via `moduleAccess.cwd`).
+- Overlay reads are constrained to canonical paths under `<cwd>/node_modules` and fail closed on out-of-scope symlink/canonical escapes.
+- Writes and mutations under `/app/node_modules/**` are denied with `EACCES`.
+- Native addons (`.node`) are rejected in overlay-backed module loading.
+
+## Permission Model (Runtime/Bridge Scope)
+
+- This section describes the core runtime/bridge contract only.
+- Runtime permissions are deny-by-default for `fs`, `network`, `childProcess`, and `env`.
+- If a domain checker is not configured, operations fail with `EACCES`.
+- `filterEnv` strips environment variables unless `permissions.env` explicitly allows them.
+- Embedders can opt in via explicit permission policies such as `allowAll`, `allowAllFs`, `allowAllNetwork`, `allowAllChildProcess`, and `allowAllEnv`.
+- Driver-specific convenience defaults (for example, direct `createNodeDriver(...)` usage when adapters are provided without an explicit `permissions` policy) are implementation details and are not the canonical runtime/bridge security contract.

packages/kernel/src/kernel.ts

@@ -36,9 +36,11 @@ import {
 	FILETYPE_REGULAR_FILE,
 	FILETYPE_DIRECTORY,
 	FILETYPE_PIPE,
+	FILETYPE_CHARACTER_DEVICE,
 	SEEK_SET,
 	SEEK_CUR,
 	SEEK_END,
+	O_APPEND,
 	SIGTERM,
 	SIGWINCH,
 	KernelError,
@@ -1015,7 +1017,11 @@ class KernelImpl implements Kernel {
 		} catch {
 			content = new Uint8Array(0);
 		}
-		const cursor = Number(entry.description.cursor);
+
+		// O_APPEND: every write seeks to end of file first (POSIX)
+		const cursor = (entry.description.flags & O_APPEND)
+			? content.length
+			: Number(entry.description.cursor);
 		const endPos = cursor + data.length;
 		const newContent = new Uint8Array(Math.max(content.length, endPos));
 		newContent.set(content);

packages/kernel/src/pty.ts

@@ -296,6 +296,7 @@ export class PtyManager {
 		const state = this.ptys.get(ptyId);
 		if (!state) throw new KernelError("EBADF", "PTY not found");
 		return {
+			icrnl: state.termios.icrnl,
 			opost: state.termios.opost,
 			onlcr: state.termios.onlcr,
 			icanon: state.termios.icanon,
@@ -311,6 +312,7 @@ export class PtyManager {
 		const state = this.ptys.get(ptyId);
 		if (!state) throw new KernelError("EBADF", "PTY not found");
 
+		if (termios.icrnl !== undefined) state.termios.icrnl = termios.icrnl;
 		if (termios.opost !== undefined) state.termios.opost = termios.opost;
 		if (termios.onlcr !== undefined) state.termios.onlcr = termios.onlcr;
 		if (termios.icanon !== undefined) state.termios.icanon = termios.icanon;
@@ -378,13 +380,15 @@ export class PtyManager {
 		const { termios } = state;
 
 		// Fast path: no discipline processing (raw pass-through)
-		if (!termios.icanon && !termios.echo && !termios.isig) {
+		if (!termios.icanon && !termios.echo && !termios.isig && !termios.icrnl) {
 			this.deliverInput(state, data);
 			return data.length;
 		}
 
 		// Process byte by byte through discipline
-		for (const byte of data) {
+		for (let byte of data) {
+			// ICRNL: convert CR (0x0d) to NL (0x0a) before all other processing
+			if (termios.icrnl && byte === 0x0d) byte = 0x0a;
 			// Signal character handling (requires isig)
 			if (termios.isig) {
 				const signal = this.signalForByte(state, byte);

packages/kernel/src/types.ts

@@ -428,6 +428,8 @@ export class KernelError extends Error {
 
 /** Terminal attributes — controls line discipline behavior on a PTY. */
 export interface Termios {
+	/** Map CR (0x0d) to NL (0x0a) on input (POSIX ICRNL). */
+	icrnl: boolean;
 	/** Post-process output (master for ONLCR, etc.). */
 	opost: boolean;
 	/** Map NL to CR-NL on output (requires opost). */
@@ -453,6 +455,7 @@ export interface TermiosCC {
 /** Returns the POSIX-standard default termios: canonical on, echo on, isig on, opost+onlcr on. */
 export function defaultTermios(): Termios {
 	return {
+		icrnl: true,
 		opost: true,
 		onlcr: true,
 		icanon: true,

packages/kernel/test/kernel-integration.test.ts

@@ -2832,6 +2832,77 @@ describe("kernel + MockRuntimeDriver integration", () => {
 
 			proc.kill();
 		});
+
+		it("ICRNL — CR (0x0d) converted to NL (0x0a) in canonical mode, delivered as newline", async () => {
+			const driver = new MockRuntimeDriver(["proc"], {
+				proc: { neverExit: true },
+			});
+			({ kernel } = await createTestKernel({ drivers: [driver] }));
+
+			const ki = driver.kernelInterface!;
+			const proc = kernel.spawn("proc", []);
+			const { masterFd, slaveFd } = ki.openpty(proc.pid);
+
+			ki.ptySetDiscipline(proc.pid, masterFd, { canonical: true, echo: false });
+
+			// Write 'hello' + CR (0x0d) — ICRNL converts CR to LF, flushes line
+			const input = new Uint8Array([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x0d]); // 'hello\r'
+			ki.fdWrite(proc.pid, masterFd, input);
+
+			const data = await ki.fdRead(proc.pid, slaveFd, 1024);
+			expect(new TextDecoder().decode(data)).toBe("hello\n");
+
+			proc.kill();
+		});
+
+		it("ICRNL — CR input echoes as CR+LF", async () => {
+			const driver = new MockRuntimeDriver(["proc"], {
+				proc: { neverExit: true },
+			});
+			({ kernel } = await createTestKernel({ drivers: [driver] }));
+
+			const ki = driver.kernelInterface!;
+			const proc = kernel.spawn("proc", []);
+			const { masterFd, slaveFd } = ki.openpty(proc.pid);
+
+			ki.ptySetDiscipline(proc.pid, masterFd, { canonical: true, echo: true });
+
+			// Write 'A' + CR — ICRNL converts to LF, echo should produce 'A' then CR+LF
+			ki.fdWrite(proc.pid, masterFd, new Uint8Array([0x41, 0x0d])); // 'A\r'
+
+			// Slave reads the flushed line
+			const slaveData = await ki.fdRead(proc.pid, slaveFd, 1024);
+			expect(new TextDecoder().decode(slaveData)).toBe("A\n");
+
+			// Master reads echoed: 'A' + CR+LF (newline echo)
+			const echoData = await ki.fdRead(proc.pid, masterFd, 1024);
+			expect(new TextDecoder().decode(echoData)).toBe("A\r\n");
+
+			proc.kill();
+		});
+
+		it("ICRNL disabled — CR passes through as-is", async () => {
+			const driver = new MockRuntimeDriver(["proc"], {
+				proc: { neverExit: true },
+			});
+			({ kernel } = await createTestKernel({ drivers: [driver] }));
+
+			const ki = driver.kernelInterface!;
+			const proc = kernel.spawn("proc", []);
+			const { masterFd, slaveFd } = ki.openpty(proc.pid);
+
+			// Disable ICRNL via tcsetattr
+			ki.tcsetattr(proc.pid, masterFd, { icrnl: false });
+			ki.ptySetDiscipline(proc.pid, masterFd, { canonical: false, echo: false, isig: false });
+
+			// Write CR — should pass through as 0x0d, not converted to 0x0a
+			ki.fdWrite(proc.pid, masterFd, new Uint8Array([0x0d]));
+
+			const data = await ki.fdRead(proc.pid, slaveFd, 1024);
+			expect(data[0]).toBe(0x0d);
+
+			proc.kill();
+		});
 	});
 
 	// -------------------------------------------------------------------