Update simple-sandbox-manager.js

simple-sandbox-manager.js

@@ -11,12 +11,12 @@ class SimpleSandboxManager extends EventEmitter {
     this.basePath = '/tmp/sandboxes';
     this.portCounter = 3000;
     this.streamClients = new Map();
-    this.commandData = new Map(); // Store stdout/stderr for later retrieval
+    this.commandData = new Map();
   }
 
   async initialize() {
     await fs.mkdir(this.basePath, { recursive: true });
-    console.log('✅ Vercel-Compatible Sandbox Manager initialized');
+    console.log('✅ Namespace-Isolated Sandbox Manager initialized');
   }
 
   async createSandbox(sandboxId, options = {}) {
@@ -35,7 +35,7 @@ class SimpleSandboxManager extends EventEmitter {
       workspacePath,
       port,
       exposedPorts: ports,
-      timeout, // Store timeout for auto-cleanup
+      timeout,
       createdAt: Date.now(),
       lastActivity: Date.now(),
       status: 'ready'
@@ -88,25 +88,25 @@ class SimpleSandboxManager extends EventEmitter {
     sandbox.lastActivity = Date.now();
     
     const { background = false, timeout = 300000 } = options;
-    
-    // Security whitelist
-    const allowedCommands = [
-      'node', 'npm', 'npx', 'python3', 'python', 'pip', 
-      'go', 'cat', 'ls', 'mkdir', 'echo', 'touch', 
-      'rm', 'cp', 'mv', 'pwd', 'which', 'sh', 'bash', 'chmod'
-    ];
-    
-    const baseCommand = command.split(' ')[0];
-    if (!allowedCommands.includes(baseCommand)) {
-      throw new Error(`Command not allowed: ${baseCommand}`);
-    }
-    
     const fullCommand = `${command} ${args.join(' ')}`;
     
+    // ✅ NO WHITELIST - Uses Linux namespaces for isolation
+    // unshare creates isolated namespace environment:
+    // --net: Network namespace (isolated network stack)
+    // --pid: PID namespace (can't see/kill external processes)
+    // --mount: Mount namespace (isolated filesystem view)
+    // --fork: Fork into namespace before executing
+    const isolatedCommand = `
+      unshare --net --pid --mount --fork sh -c "
+        cd ${sandbox.workspacePath}
+        ${fullCommand}
+      "
+    `;
+    
     if (background) {
-      return this.startBackgroundProcess(sandboxId, fullCommand, sandbox.workspacePath, sandbox.port);
+      return this.startBackgroundProcess(sandboxId, isolatedCommand, sandbox.path, sandbox.port);
     } else {
-      return this.startStreamingCommand(sandboxId, fullCommand, sandbox.workspacePath, timeout);
+      return this.startStreamingCommand(sandboxId, isolatedCommand, sandbox.path, timeout);
     }
   }
 
@@ -115,7 +115,6 @@ class SimpleSandboxManager extends EventEmitter {
       const cmdId = `cmd-${Date.now()}`;
       const dataKey = `${sandboxId}:${cmdId}`;
       
-      // Initialize data storage
       this.commandData.set(dataKey, {
         stdout: '',
         stderr: '',
@@ -145,7 +144,7 @@ class SimpleSandboxManager extends EventEmitter {
       proc.stdout.on('data', (data) => {
         const output = data.toString();
         const cmdData = this.commandData.get(dataKey);
-        cmdData.stdout += output;
+        if (cmdData) cmdData.stdout += output;
         
         console.log(`[${sandboxId}][stdout]: ${output.trim()}`);
         this.sendToStreamClients(sandboxId, cmdId, 'stdout', output);
@@ -154,7 +153,7 @@ class SimpleSandboxManager extends EventEmitter {
       proc.stderr.on('data', (data) => {
         const output = data.toString();
         const cmdData = this.commandData.get(dataKey);
-        cmdData.stderr += output;
+        if (cmdData) cmdData.stderr += output;
         
         console.log(`[${sandboxId}][stderr]: ${output.trim()}`);
         this.sendToStreamClients(sandboxId, cmdId, 'stderr', output);
@@ -165,25 +164,24 @@ class SimpleSandboxManager extends EventEmitter {
         clearTimeout(timeoutId);
         
         const cmdData = this.commandData.get(dataKey);
-        cmdData.exitCode = code;
+        if (cmdData) cmdData.exitCode = code;
         
         console.log(`[${sandboxId}] Command exited with code: ${code}`);
         
         this.sendToStreamClients(sandboxId, cmdId, 'complete', {
           exitCode: code,
-          stdout: cmdData.stdout,
-          stderr: cmdData.stderr
+          stdout: cmdData?.stdout || '',
+          stderr: cmdData?.stderr || ''
         });
         
         resolve({
           commandId: cmdId,
           exitCode: code,
-          stdout: cmdData.stdout,
-          stderr: cmdData.stderr,
+          stdout: cmdData?.stdout || '',
+          stderr: cmdData?.stderr || '',
           streaming: true
         });
         
-        // Cleanup after 5 minutes
         setTimeout(() => this.commandData.delete(dataKey), 5 * 60 * 1000);
       });
       
@@ -267,13 +265,26 @@ class SimpleSandboxManager extends EventEmitter {
     sandbox.lastActivity = Date.now();
     
     for (const file of files) {
-      const fullPath = path.join(sandbox.workspacePath, file.path);
+      const filePath = file.path;
+      let fileContent = file.content;
+      
+      // Handle object content (JSON files)
+      if (typeof fileContent === 'object' && fileContent !== null) {
+        fileContent = JSON.stringify(fileContent, null, 2);
+      }
+      
+      // Ensure string
+      if (typeof fileContent !== 'string') {
+        fileContent = String(fileContent);
+      }
+      
+      const fullPath = path.join(sandbox.workspacePath, filePath);
       const dir = path.dirname(fullPath);
       
       await fs.mkdir(dir, { recursive: true });
-      await fs.writeFile(fullPath, file.content, 'utf-8');
+      await fs.writeFile(fullPath, fileContent, 'utf-8');
       
-      console.log(`📝 File written: ${file.path}`);
+      console.log(`📝 File written: ${filePath}`);
     }
   }
 
@@ -325,7 +336,6 @@ class SimpleSandboxManager extends EventEmitter {
     const now = Date.now();
     
     for (const [id, sandbox] of this.sandboxes.entries()) {
-      // Check both inactivity AND timeout
       const inactive = (now - sandbox.lastActivity) > (15 * 60 * 1000);
       const timedOut = (now - sandbox.createdAt) > sandbox.timeout;