squashme poc

Author: naugtur

packages/compartment-mapper/demo/policy/index.mjs

@@ -7,10 +7,6 @@ lockdown({
 });
 
 import fs from 'fs';
-import os from 'os';
-import assert from 'assert';
-import zlib from 'zlib';
-import path from 'path';
 
 import { importLocation, makeArchive, parseArchive } from '../../index.js';
 
@@ -98,13 +94,17 @@ const options = {
     console,
     process,
   },
+  exitModuleImportHook: async specifier => {
+    const module = await import(specifier);
+    return module;
+  },
   modules: {
-    path: await addToCompartment('path', path),
-    assert: await addToCompartment('assert', assert),
+    // path: await addToCompartment('path', path),
+    // assert: await addToCompartment('assert', assert),
     buffer: await addToCompartment('buffer', Object.create(null)), // imported but unused
-    zlib: await addToCompartment('zlib', zlib),
-    fs: await addToCompartment('fs', fs),
-    os: await addToCompartment('os', os),
+    // zlib: await addToCompartment('zlib', zlib),
+    // fs: await addToCompartment('fs', fs),
+    // os: await addToCompartment('os', os),
   },
 };
 
@@ -124,6 +124,7 @@ console.log('\n\n________________________________________________ Archive\n');
   const archive = await makeArchive(readPower, entrypointPath, {
     modules: options.modules,
     policy: options.policy,
+    exitModuleImportHook: options.exitModuleImportHook,
   });
   console.log('>----------makeArchive -> parseArchive');
   const application = await parseArchive(archive, '<unknown>', {
@@ -133,6 +134,7 @@ console.log('\n\n________________________________________________ Archive\n');
   const { namespace } = await application.import({
     globals: options.globals,
     modules: options.modules,
+    exitModuleImportHook: options.exitModuleImportHook,
   });
   console.log('>----------import -> end');
   console.log(2, namespace.poem);

packages/compartment-mapper/src/archive.js

@@ -259,6 +259,7 @@ const digestLocation = async (powers, moduleLocation, options) => {
     searchSuffixes = undefined,
     commonDependencies = undefined,
     policy = undefined,
+    exitModuleImportHook = undefined,
   } = options || {};
   const { read, computeSha512 } = unpackReadPowers(powers);
   const {
@@ -299,6 +300,7 @@ const digestLocation = async (powers, moduleLocation, options) => {
     sources,
     compartments,
     exitModules,
+    exitModuleImportHook, // should it get the archiveOnly hint somehow?
     computeSha512,
     searchSuffixes,
   );

packages/compartment-mapper/src/bundle.js

@@ -207,6 +207,7 @@ export const makeBundle = async (read, moduleLocation, options) => {
     sources,
     compartments,
     undefined,
+    undefined, // TODO: support exitModuleImportHook
     undefined,
     searchSuffixes,
   );

packages/compartment-mapper/src/import-archive.js

@@ -14,6 +14,7 @@
 /** @typedef {import('./types.js').ComputeSourceLocationHook} ComputeSourceLocationHook */
 /** @typedef {import('./types.js').LoadArchiveOptions} LoadArchiveOptions */
 /** @typedef {import('./types.js').ExecuteOptions} ExecuteOptions */
+/** @typedef {import('./types.js').ExitModuleImportHook} ExitModuleImportHook */
 
 import { ZipReader } from '@endo/zip';
 import { link } from './link.js';
@@ -78,6 +79,7 @@ const postponeErrorToExecute = errorMessage => {
  * @param {string} archiveLocation
  * @param {HashFn} [computeSha512]
  * @param {ComputeSourceLocationHook} [computeSourceLocation]
+ * @param {ExitModuleImportHook} [exitModuleImportHook]
  * @returns {ArchiveImportHookMaker}
  */
 const makeArchiveImportHookMaker = (
@@ -86,6 +88,7 @@ const makeArchiveImportHookMaker = (
   archiveLocation,
   computeSha512 = undefined,
   computeSourceLocation = undefined,
+  exitModuleImportHook = undefined,
 ) => {
   // per-assembly:
   /** @type {ArchiveImportHookMaker} */
@@ -97,6 +100,23 @@ const makeArchiveImportHookMaker = (
       // per-module:
       const module = modules[moduleSpecifier];
       if (module === undefined) {
+        if (exitModuleImportHook) {
+          console.error('#################x');
+          const ns = await exitModuleImportHook(moduleSpecifier);
+          if (ns) {
+            return {
+              record: freeze({
+                imports: [],
+                exports: Object.keys(ns),
+                execute: moduleExports => {
+                  moduleExports.default = ns;
+                  Object.assign(moduleExports, ns);
+                },
+              }),
+              specifier: moduleSpecifier,
+            };
+          }
+        }
         throw new Error(
           `Cannot find module ${q(moduleSpecifier)} in package ${q(
             packageLocation,
@@ -190,6 +210,7 @@ const makeFeauxModuleExportsNamespace = Compartment => {
  * @param {string} [options.expectedSha512]
  * @param {HashFn} [options.computeSha512]
  * @param {Record<string, unknown>} [options.modules]
+ * @param {ExitModuleImportHook} [options.exitModuleImportHook]
  * @param {Compartment} [options.Compartment]
  * @param {ComputeSourceLocationHook} [options.computeSourceLocation]
  * @returns {Promise<Application>}
@@ -205,6 +226,7 @@ export const parseArchive = async (
     computeSourceLocation = undefined,
     Compartment = DefaultCompartment,
     modules = undefined,
+    exitModuleImportHook = undefined,
   } = options;
 
   const archive = new ZipReader(archiveBytes, { name: archiveLocation });
@@ -264,6 +286,7 @@ export const parseArchive = async (
       archiveLocation,
       computeSha512,
       computeSourceLocation,
+      exitModuleImportHook,
     );
     // A weakness of the current Compartment design is that the `modules` map
     // must be given a module namespace object that passes a brand check.
@@ -291,14 +314,21 @@ export const parseArchive = async (
 
   /** @type {ExecuteFn} */
   const execute = async options => {
-    const { globals, modules, transforms, __shimTransforms__, Compartment } =
-      options || {};
+    const {
+      globals,
+      modules,
+      transforms,
+      __shimTransforms__,
+      Compartment,
+      exitModuleImportHook,
+    } = options || {};
     const makeImportHook = makeArchiveImportHookMaker(
       get,
       compartments,
       archiveLocation,
       computeSha512,
       computeSourceLocation,
+      exitModuleImportHook,
     );
     const { compartment, pendingJobsPromise } = link(compartmentMap, {
       makeImportHook,

packages/compartment-mapper/src/import-hook.js

@@ -65,6 +65,7 @@ const nodejsConventionSearchSuffixes = [
  * @param {Sources} sources
  * @param {Record<string, CompartmentDescriptor>} compartmentDescriptors
  * @param {Record<string, any>} exitModules
+ * @param {ImportHook=} exitModuleImportHook
  * @param {HashFn=} computeSha512
  * @param {Array<string>} searchSuffixes - Suffixes to search if the unmodified specifier is not found.
  * Pass [] to emulate Node.js’s strict behavior.
@@ -80,6 +81,7 @@ export const makeImportHookMaker = (
   sources = Object.create(null),
   compartmentDescriptors = Object.create(null),
   exitModules = Object.create(null),
+  exitModuleImportHook = undefined,
   computeSha512 = undefined,
   searchSuffixes = nodejsConventionSearchSuffixes,
 ) => {
@@ -156,6 +158,20 @@ export const makeImportHookMaker = (
           // Archived compartments are not executed.
           return freeze({ imports: [], exports: [], execute() {} });
         }
+        if (exitModuleImportHook) {
+          console.error('#################i');
+          const ns = await exitModuleImportHook(moduleSpecifier);
+          if (ns) {
+            return freeze({
+              imports: [],
+              exports: Object.keys(ns),
+              execute: moduleExports => {
+                moduleExports.default = ns; // Why is typescript complaining about this?
+                Object.assign(moduleExports, ns);
+              },
+            });
+          }
+        }
         return deferError(
           moduleSpecifier,
           new Error(

packages/compartment-mapper/src/import.js

@@ -70,14 +70,21 @@ export const loadLocation = async (readPowers, moduleLocation, options) => {
 
   /** @type {ExecuteFn} */
   const execute = async (options = {}) => {
-    const { globals, modules, transforms, __shimTransforms__, Compartment } =
-      options;
+    const {
+      globals,
+      modules,
+      transforms,
+      __shimTransforms__,
+      Compartment,
+      exitModuleImportHook,
+    } = options;
     const makeImportHook = makeImportHookMaker(
       readPowers,
       packageLocation,
       undefined,
       compartmentMap.compartments,
-      undefined,
+      modules,
+      exitModuleImportHook,
       undefined,
       searchSuffixes,
     );

packages/compartment-mapper/src/types.js

@@ -225,6 +225,12 @@ export {};
  * @returns {string|undefined} sourceLocation
  */
 
+/**
+ * @callback ExitModuleImportHook
+ * @param {string} specifier
+ * @returns {Promise<object>} module namespace
+ */
+
 /**
  * @typedef {object} LoadArchiveOptions
  * @property {string} [expectedSha512]
@@ -239,6 +245,7 @@ export {};
  * @property {Array<Transform>} [transforms]
  * @property {Array<Transform>} [__shimTransforms__]
  * @property {Record<string, object>} [modules]
+ * @property {ExitModuleImportHook} [exitModuleImportHook]
  * @property {Record<string, object>} [attenuations]
  * @property {Compartment} [Compartment]
  */
@@ -310,6 +317,7 @@ export {};
  * @typedef {object} ArchiveOptions
  * @property {ModuleTransforms} [moduleTransforms]
  * @property {Record<string, any>} [modules]
+ * @property {ExitModuleImportHook} [exitModuleImportHook]
  * @property {boolean} [dev]
  * @property {object} [policy]
  * @property {Set<string>} [tags]