feat(secure-exec): add Python runtime with Pyodide driver#1
Merged
Conversation
…tests to subdirectories
NathanFlurry
added a commit
that referenced
this pull request
Jul 1, 2026
… render diagnosis Tool #2 (X11 wire tap + xdecode.py) and tool #3 (wasm-frame symbolizer for livelocked guests) are committed and cracked the render diagnosis: both guests spin in net_poll, data delivery is complete, the X server sits idle in WaitForSomething without replying to a delivered first-draw RENDER request. The earlier prediction that C names survive the build was wrong (fpcast-emu + -Oz strip them) — which is exactly why tool #3 was needed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
NathanFlurry
added a commit
that referenced
this pull request
Jul 1, 2026
…es not catch -- wasi-libc converts ""->".")
Added an empty-path -> ENOENT guard in crates/execution/src/wasm.rs _resolveDescriptorPath (the
shared resolver for _pathOpen/_pathFilestatGet/etc.). Rebuilt secure-exec-execution + sidecar +
wasm-gui-host (touch wasm.rs to defeat a shared-target fingerprint race; confirmed execution
recompiled).
Result: STILL open("")=fd6 -- the guard did not fire, so target is NOT "" at the runtime.
Conclusion: wasi-libc converts open("") -> path_open(cwd_fd, ".") (empty relative path resolved
against the cwd), so the runtime sees "." (a legit cwd open) and cannot distinguish it from the
POSIX-invalid open(""). POSIX requires the libc to reject an empty path with ENOENT before the
syscall; wasi-libc does not. So the fix moves to the toolchain wasi-libc layer (reject empty path
in open/stat/lstat before find_relpath), not the runtime. The runtime guard is kept (harmless).
Next: a diagnostic to confirm target=="." then the wasi-libc empty-path->ENOENT check. XU0-XU4 DONE.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
NathanFlurry
added a commit
that referenced
this pull request
Jul 1, 2026
…de; added handler diagnostic Re-ran after building pty_open -- still EFAULT. Found root cause #1: the materialized WASM runner asset (/tmp/agent-os-node-import-cache-*/wasm-runner.mjs) still had the OLD FAULT stub; the NODE_IMPORT_CACHE_ASSET_VERSION bump did NOT invalidate it -- must rm -rf the cache manually. After clearing, the new callSyncRpc(__pty_open) import IS materialized but STILL returns FAULT. Binary has my code; service.rs falls through to execution.rs dispatch so __pty_open should reach the handler. PTY budget fine (128). So the FAULT is inside the RPC (likely kernel.open_pty failing). Added a temporary eprintln PTY_OPEN_RPC diagnostic to the handler; rebuild+clear-cache+re-run in progress. Next: read PTY_OPEN_RPC -> fix the kernel path or the dispatch. Lesson: always rm node-import-cache after a node_import_cache.rs change. XU6; not 100% (XU7 = sidecar sign-off). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
NathanFlurry
added a commit
that referenced
this pull request
Jul 1, 2026
…ration research + ROOT2 trace forward XUBUNTU-SPEC.md: added the living LINUX-SUPPORT-LEDGER.md constraint (catalog every native/platform-layer fix that makes unmodified Linux software run; append on each fix; treat as a required progress artifact). GOBJECT-FPCAST-INTEGRATION.md (research subagent): the GObject wasm fpcast cost is binaryen --fpcast-emu uniform arity padding (taxes the correctly-typed vfunc majority too). Ranked fix: #1 NOW (hours, low-risk) drop max-func-params @64 -> ~@32 toward measured true-max @25 (too-low fails at BUILD time, safe); #2 (weeks, the structural fix) a vendored binaryen selective-fpcast pass using wasm-gc ref.test (V8 130 has it) to keep correctly-typed call_indirect native via call_ref and adapt only mismatched sites (= emscripten#23952 / Pyodide ref.test). Rejected: Pyodide 0.19 JS trampolines (needs finite patchable sites; breaks sync-import V8 model), clang thunk-gen (custom clang), typed marshallers (signal emission not construction). host/src/main.rs: forward SECURE_EXEC_ROOT2_TRACE to the sidecar (built earlier with native CC). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
NathanFlurry
added a commit
that referenced
this pull request
Jul 1, 2026
…is perf/scaling, not functional Re-run with adequate settle PASSED: a real WM-decorated Mousepad window rendered (screenshot proof). The earlier 800x600 blank was the fb-write base64 throughput wall (encodeSyncRpcValue base64s ~1.2MB/write), not a functional break. Full 5-client run (xfwm4+mousepad+panel+xfdesktop+thunar) launched all but only mousepad painted -> the perf scaling wall blocks criterion #1. Designed the targeted fb-write SAB fix (node_import_cache.rs:7832 encode + javascript.rs:1099 decode via the dataBuffer SAB) in T1-SAB-RING-SECURITY-DESIGN.md. Proof artifacts in ~/tmp/gui-progress/2026-06-27T02/.
NathanFlurry
added a commit
that referenced
this pull request
Jul 1, 2026
…and the only hot method NOT inlined — its fast path is the next lever
NathanFlurry
added a commit
that referenced
this pull request
Jul 1, 2026
#1 method) — ~64→~56ms, render green, no hangs
NathanFlurry
added a commit
that referenced
this pull request
Jul 2, 2026
… (audit's kernel-resolve edge incomplete — guest-file fds split kernel-backed vs host-fs preopen; test-first)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
PythonRuntimeandPyodideRuntimeDriver— a sandboxed Python execution environment backed by Pyodide, with warm interpreter state across consecutive executionsSystemDriveradapters and permission gates with deny-by-default behaviortest-suite/{node,python}/,runtime-driver/{node,python,browser}/) for clarity across runtimesTest plan
pnpm --filter secure-exec vitest --run tests/test-suite/python.test.ts— 21 tests covering exec parity, warm state, hooks, filesystem, env, timeout, recovery, and networkingpnpm --filter secure-exec vitest --run tests/runtime-driver/python/runtime.test.ts— Python driver-specific permission and env variable testspnpm --filter secure-exec vitest --run tests/test-suite/node.test.ts— existing Node suite still passespnpm --filter secure-exec tsc -p tsconfig.json --noEmit— typechecks clean