Skip to content

feat(secure-exec): add Python runtime with Pyodide driver#1

Merged
NathanFlurry merged 2 commits into
mainfrom
check-python-support
Mar 10, 2026
Merged

feat(secure-exec): add Python runtime with Pyodide driver#1
NathanFlurry merged 2 commits into
mainfrom
check-python-support

Conversation

@NathanFlurry

@NathanFlurry NathanFlurry commented Mar 10, 2026

Copy link
Copy Markdown
Member

Summary

  • Add PythonRuntime and PyodideRuntimeDriver — a sandboxed Python execution environment backed by Pyodide, with warm interpreter state across consecutive executions
  • Route Python capability access (fs, network, env, childProcess) through existing SystemDriver adapters and permission gates with deny-by-default behavior
  • Align Python env permission filtering with Node runtime behavior
  • Reorganize test suites by language (test-suite/{node,python}/, runtime-driver/{node,python,browser}/) for clarity across runtimes
  • Add comprehensive Python test coverage: parity suite, runtime behavior, network adapters, permission enforcement, and abuse-path regressions

Test plan

  • pnpm --filter secure-exec vitest --run tests/test-suite/python.test.ts — 21 tests covering exec parity, warm state, hooks, filesystem, env, timeout, recovery, and networking
  • pnpm --filter secure-exec vitest --run tests/runtime-driver/python/runtime.test.ts — Python driver-specific permission and env variable tests
  • pnpm --filter secure-exec vitest --run tests/test-suite/node.test.ts — existing Node suite still passes
  • pnpm --filter secure-exec tsc -p tsconfig.json --noEmit — typechecks clean

@NathanFlurry NathanFlurry changed the title refactor: reorganize test suites by language and move runtime-driver tests to subdirectories feat(secure-exec): add Python runtime with Pyodide driver Mar 10, 2026
@NathanFlurry NathanFlurry merged commit fa34016 into main Mar 10, 2026
1 check passed
NathanFlurry added a commit that referenced this pull request Jul 1, 2026
… render diagnosis

Tool #2 (X11 wire tap + xdecode.py) and tool #3 (wasm-frame symbolizer for livelocked guests) are
committed and cracked the render diagnosis: both guests spin in net_poll, data delivery is complete,
the X server sits idle in WaitForSomething without replying to a delivered first-draw RENDER request.
The earlier prediction that C names survive the build was wrong (fpcast-emu + -Oz strip them) — which
is exactly why tool #3 was needed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
NathanFlurry added a commit that referenced this pull request Jul 1, 2026
…es not catch -- wasi-libc converts ""->".")

Added an empty-path -> ENOENT guard in crates/execution/src/wasm.rs _resolveDescriptorPath (the
shared resolver for _pathOpen/_pathFilestatGet/etc.). Rebuilt secure-exec-execution + sidecar +
wasm-gui-host (touch wasm.rs to defeat a shared-target fingerprint race; confirmed execution
recompiled).

Result: STILL open("")=fd6 -- the guard did not fire, so target is NOT "" at the runtime.
Conclusion: wasi-libc converts open("") -> path_open(cwd_fd, ".") (empty relative path resolved
against the cwd), so the runtime sees "." (a legit cwd open) and cannot distinguish it from the
POSIX-invalid open(""). POSIX requires the libc to reject an empty path with ENOENT before the
syscall; wasi-libc does not. So the fix moves to the toolchain wasi-libc layer (reject empty path
in open/stat/lstat before find_relpath), not the runtime. The runtime guard is kept (harmless).

Next: a diagnostic to confirm target=="." then the wasi-libc empty-path->ENOENT check. XU0-XU4 DONE.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
NathanFlurry added a commit that referenced this pull request Jul 1, 2026
…de; added handler diagnostic

Re-ran after building pty_open -- still EFAULT. Found root cause #1: the materialized WASM runner asset
(/tmp/agent-os-node-import-cache-*/wasm-runner.mjs) still had the OLD FAULT stub; the
NODE_IMPORT_CACHE_ASSET_VERSION bump did NOT invalidate it -- must rm -rf the cache manually. After clearing,
the new callSyncRpc(__pty_open) import IS materialized but STILL returns FAULT. Binary has my code; service.rs
falls through to execution.rs dispatch so __pty_open should reach the handler. PTY budget fine (128). So the
FAULT is inside the RPC (likely kernel.open_pty failing). Added a temporary eprintln PTY_OPEN_RPC diagnostic
to the handler; rebuild+clear-cache+re-run in progress.

Next: read PTY_OPEN_RPC -> fix the kernel path or the dispatch. Lesson: always rm node-import-cache after a
node_import_cache.rs change. XU6; not 100% (XU7 = sidecar sign-off).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
NathanFlurry added a commit that referenced this pull request Jul 1, 2026
…ration research + ROOT2 trace forward

XUBUNTU-SPEC.md: added the living LINUX-SUPPORT-LEDGER.md constraint (catalog every native/platform-layer fix that
makes unmodified Linux software run; append on each fix; treat as a required progress artifact).

GOBJECT-FPCAST-INTEGRATION.md (research subagent): the GObject wasm fpcast cost is binaryen --fpcast-emu uniform
arity padding (taxes the correctly-typed vfunc majority too). Ranked fix: #1 NOW (hours, low-risk) drop
max-func-params @64 -> ~@32 toward measured true-max @25 (too-low fails at BUILD time, safe); #2 (weeks, the
structural fix) a vendored binaryen selective-fpcast pass using wasm-gc ref.test (V8 130 has it) to keep
correctly-typed call_indirect native via call_ref and adapt only mismatched sites (= emscripten#23952 / Pyodide
ref.test). Rejected: Pyodide 0.19 JS trampolines (needs finite patchable sites; breaks sync-import V8 model),
clang thunk-gen (custom clang), typed marshallers (signal emission not construction).

host/src/main.rs: forward SECURE_EXEC_ROOT2_TRACE to the sidecar (built earlier with native CC).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
NathanFlurry added a commit that referenced this pull request Jul 1, 2026
…is perf/scaling, not functional

Re-run with adequate settle PASSED: a real WM-decorated Mousepad window rendered (screenshot proof). The earlier
800x600 blank was the fb-write base64 throughput wall (encodeSyncRpcValue base64s ~1.2MB/write), not a functional
break. Full 5-client run (xfwm4+mousepad+panel+xfdesktop+thunar) launched all but only mousepad painted -> the perf
scaling wall blocks criterion #1. Designed the targeted fb-write SAB fix (node_import_cache.rs:7832 encode +
javascript.rs:1099 decode via the dataBuffer SAB) in T1-SAB-RING-SECURITY-DESIGN.md. Proof artifacts in
~/tmp/gui-progress/2026-06-27T02/.
NathanFlurry added a commit that referenced this pull request Jul 1, 2026
…and the only hot method NOT inlined — its fast path is the next lever
NathanFlurry added a commit that referenced this pull request Jul 1, 2026
NathanFlurry added a commit that referenced this pull request Jul 2, 2026
… (audit's kernel-resolve edge incomplete — guest-file fds split kernel-backed vs host-fs preopen; test-first)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant