Class: IsolatedVmSandbox
Defined in: src/plugins/sandbox/isolated-vm-sandbox.ts:123
Isolated-vm sandbox implementation.
Remarks
Provides security isolation for plugin code execution using isolated-vm, which creates separate V8 isolates with enforced memory limits, CPU time limits, no access to Node.js APIs, and no access to global scope.
Plugins receive only the IPluginContext interface, with all methods wrapped through permission-checking proxies.
Example
const sandbox = container.resolve(IsolatedVmSandbox);
// Create isolate for plugin
const isolate = await sandbox.createIsolate(manifest);
// Execute code in sandbox
const result = await sandbox.executeInSandbox(isolate, code, context);
// Dispose when done
sandbox.dispose(isolate);
Implements
Constructors
new IsolatedVmSandbox()
new IsolatedVmSandbox(
logger):IsolatedVmSandbox
Defined in: src/plugins/sandbox/isolated-vm-sandbox.ts:144
Creates a new IsolatedVmSandbox.
Parameters
logger
Logger instance
Returns
Methods
createIsolate()
createIsolate(
manifest):Promise<SandboxIsolate>
Defined in: src/plugins/sandbox/isolated-vm-sandbox.ts:162
Creates a new V8 isolate for a plugin.
Parameters
manifest
Plugin manifest (used for resource limits)
Returns
Promise<SandboxIsolate>
Sandbox isolate handle
Example
const isolate = await sandbox.createIsolate(manifest);
console.log('Created isolate:', isolate.id);
Implementation of
dispose()
dispose(
isolate):void
Defined in: src/plugins/sandbox/isolated-vm-sandbox.ts:278
Disposes a single isolate.
Parameters
isolate
Isolate to dispose
Returns
void
Implementation of
disposeAll()
disposeAll():
void
Defined in: src/plugins/sandbox/isolated-vm-sandbox.ts:299
Disposes all isolates.
Returns
void
Remarks
Called during shutdown to clean up all sandbox resources.
Implementation of
executeInSandbox()
executeInSandbox<
T>(isolate,code,context):Promise<T>
Defined in: src/plugins/sandbox/isolated-vm-sandbox.ts:210
Executes code in a sandbox isolate.
Type Parameters
• T
Parameters
isolate
Sandbox isolate handle
code
string
JavaScript code to execute
context
Execution context with services
Returns
Promise<T>
Execution result
Throws
If resource limits exceeded
Remarks
This is a simplified implementation. In production with actual isolated-vm, the code would be compiled and run in the V8 isolate with proper timeout and memory enforcement.
Implementation of
IPluginSandbox.executeInSandbox
getActiveIsolateCount()
getActiveIsolateCount():
number
Defined in: src/plugins/sandbox/isolated-vm-sandbox.ts:356
Gets the number of active isolates.
Returns
number
Number of active isolates
getActiveIsolates()
getActiveIsolates(): readonly
SandboxIsolate[]
Defined in: src/plugins/sandbox/isolated-vm-sandbox.ts:367
Gets info about all active isolates.
Returns
readonly SandboxIsolate[]
Array of isolate info
getMemoryUsage()
getMemoryUsage(
isolate):number
Defined in: src/plugins/sandbox/isolated-vm-sandbox.ts:321
Gets current memory usage for an isolate.
Parameters
isolate
Sandbox isolate handle
Returns
number
Memory usage in bytes
Implementation of
updateMemoryUsage()
updateMemoryUsage(
isolateId,memoryMB):void
Defined in: src/plugins/sandbox/isolated-vm-sandbox.ts:342
Internal
Updates the estimated memory usage for an isolate.
Parameters
isolateId
string
Isolate ID
memoryMB
number
Estimated memory in MB
Returns
void