eryx 0.4.8

A Python sandbox with async callbacks powered by WebAssembly
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323

//! Integration tests for execution cancellation.
//!
//! These tests verify that execute_cancellable and ExecutionHandle work correctly,
//! including cancellation, waiting for results, and error handling.
#![allow(clippy::unwrap_used, clippy::expect_used)]

#[cfg(not(feature = "embedded"))]
use std::path::PathBuf;
use std::time::Duration;

use eryx::{Error, ResourceLimits, Sandbox};

// =============================================================================
// Helper Functions
// =============================================================================

#[cfg(not(feature = "embedded"))]
fn runtime_wasm_path() -> PathBuf {
    let manifest_dir = std::env::var("CARGO_MANIFEST_DIR").unwrap_or_else(|_| ".".to_string());
    PathBuf::from(manifest_dir)
        .parent()
        .unwrap_or_else(|| std::path::Path::new("."))
        .join("eryx-runtime")
        .join("runtime.wasm")
}

#[cfg(not(feature = "embedded"))]
fn python_stdlib_path() -> PathBuf {
    // Check ERYX_PYTHON_STDLIB env var first (used in CI)
    if let Ok(path) = std::env::var("ERYX_PYTHON_STDLIB") {
        let path = PathBuf::from(path);
        if path.exists() {
            return path;
        }
    }

    // Fall back to relative path from crate directory
    let manifest_dir = std::env::var("CARGO_MANIFEST_DIR").unwrap_or_else(|_| ".".to_string());
    PathBuf::from(manifest_dir)
        .parent()
        .unwrap_or_else(|| std::path::Path::new("."))
        .join("eryx-wasm-runtime")
        .join("tests")
        .join("python-stdlib")
}

/// Create a sandbox builder with the appropriate WASM source.
fn sandbox_builder() -> eryx::SandboxBuilder<eryx::state::Has, eryx::state::Has> {
    // When embedded feature is available, use it (more reliable)
    #[cfg(feature = "embedded")]
    {
        Sandbox::embedded()
    }

    // Fallback to explicit paths for testing without embedded feature
    #[cfg(not(feature = "embedded"))]
    {
        let stdlib_path = python_stdlib_path();
        Sandbox::builder()
            .with_wasm_file(runtime_wasm_path())
            .with_python_stdlib(&stdlib_path)
    }
}

/// Create a sandbox builder with a short execution timeout for cancellation tests.
/// This ensures tests don't hang for 30s if cancellation fails.
fn sandbox_builder_with_short_timeout() -> eryx::SandboxBuilder<eryx::state::Has, eryx::state::Has>
{
    sandbox_builder().with_resource_limits(ResourceLimits {
        execution_timeout: Some(Duration::from_secs(3)),
        ..Default::default()
    })
}

// =============================================================================
// Basic Cancellation Tests
// =============================================================================

#[tokio::test]
async fn test_execute_cancellable_completes_normally() {
    let sandbox = sandbox_builder().build().expect("Failed to build sandbox");

    let handle = sandbox.execute_cancellable("print('Hello from cancellable!')");

    let result = handle.wait().await;
    assert!(result.is_ok(), "Should complete normally: {:?}", result);
    let output = result.unwrap();
    assert!(output.stdout.contains("Hello from cancellable!"));
}

#[tokio::test]
async fn test_execute_cancellable_cancel_infinite_loop() {
    let sandbox = sandbox_builder_with_short_timeout()
        .build()
        .expect("Failed to build sandbox");

    let handle = sandbox.execute_cancellable("while True: pass");

    // Cancel after a short delay
    let cancel_handle = handle.cancellation_token();
    tokio::spawn(async move {
        tokio::time::sleep(Duration::from_millis(100)).await;
        cancel_handle.cancel();
    });

    let result = handle.wait().await;
    assert!(result.is_err(), "Should be cancelled");
    match result {
        Err(Error::Cancelled) => {} // Expected
        Err(e) => panic!("Expected Cancelled error, got: {:?}", e),
        Ok(_) => panic!("Expected error, got success"),
    }
}

#[tokio::test]
async fn test_execute_cancellable_cancel_immediately() {
    let sandbox = sandbox_builder_with_short_timeout()
        .build()
        .expect("Failed to build sandbox");

    let handle = sandbox.execute_cancellable(
        r#"
import time
for i in range(1000):
    time.sleep(0.01)
    print(f"Iteration {i}")
"#,
    );

    // Cancel immediately
    handle.cancel();

    let result = handle.wait().await;
    assert!(result.is_err(), "Should be cancelled");
    match result {
        Err(Error::Cancelled) => {} // Expected
        Err(e) => panic!("Expected Cancelled error, got: {:?}", e),
        Ok(_) => panic!("Expected error, got success"),
    }
}

#[tokio::test]
async fn test_is_running_before_and_after_completion() {
    let sandbox = sandbox_builder().build().expect("Failed to build sandbox");

    let handle = sandbox.execute_cancellable("x = 1 + 1");

    // Should be running initially (or might complete very quickly)
    // This is a bit racy, so we just check that is_running doesn't panic
    let _ = handle.is_running();

    // Wait for completion
    let result = handle.wait().await;
    assert!(result.is_ok());
}

#[tokio::test]
async fn test_is_running_after_cancel() {
    let sandbox = sandbox_builder_with_short_timeout()
        .build()
        .expect("Failed to build sandbox");

    let handle = sandbox.execute_cancellable("while True: pass");

    // Cancel
    handle.cancel();

    // After cancellation, is_running should return false
    // (because the token is cancelled, even if execution hasn't stopped yet)
    assert!(!handle.is_running(), "Should not be running after cancel");

    // Wait for the result
    let _ = handle.wait().await;
}

#[tokio::test]
async fn test_cancel_multiple_times_is_idempotent() {
    let sandbox = sandbox_builder_with_short_timeout()
        .build()
        .expect("Failed to build sandbox");

    let handle = sandbox.execute_cancellable("while True: pass");

    // Cancel multiple times
    handle.cancel();
    handle.cancel();
    handle.cancel();

    let result = handle.wait().await;
    assert!(result.is_err(), "Should be cancelled");
    match result {
        Err(Error::Cancelled) => {} // Expected
        Err(e) => panic!("Expected Cancelled error, got: {:?}", e),
        Ok(_) => panic!("Expected error, got success"),
    }
}

#[tokio::test]
async fn test_cancellation_token_can_be_shared() {
    let sandbox = sandbox_builder_with_short_timeout()
        .build()
        .expect("Failed to build sandbox");

    let handle = sandbox.execute_cancellable("while True: pass");

    // Get the cancellation token and use it from another task
    let token = handle.cancellation_token();

    tokio::spawn(async move {
        tokio::time::sleep(Duration::from_millis(50)).await;
        token.cancel();
    });

    let result = handle.wait().await;
    assert!(result.is_err(), "Should be cancelled via shared token");
    match result {
        Err(Error::Cancelled) => {} // Expected
        Err(e) => panic!("Expected Cancelled error, got: {:?}", e),
        Ok(_) => panic!("Expected error, got success"),
    }
}

// =============================================================================
// Cancellation with Python Execution States
// =============================================================================

#[tokio::test]
async fn test_cancel_during_python_computation() {
    let sandbox = sandbox_builder_with_short_timeout()
        .build()
        .expect("Failed to build sandbox");

    // Heavy computation that should be interruptible
    let handle = sandbox.execute_cancellable(
        r#"
result = 0
for i in range(10_000_000):
    result += i
print(result)
"#,
    );

    // Cancel after a short delay
    let token = handle.cancellation_token();
    tokio::spawn(async move {
        tokio::time::sleep(Duration::from_millis(50)).await;
        token.cancel();
    });

    let result = handle.wait().await;
    // Should either complete or be cancelled
    match result {
        Ok(_) => {}                 // Completed before cancellation
        Err(Error::Cancelled) => {} // Cancelled as expected
        Err(e) => panic!("Unexpected error: {:?}", e),
    }
}

#[tokio::test]
async fn test_fast_execution_completes_before_cancel() {
    let sandbox = sandbox_builder().build().expect("Failed to build sandbox");

    let handle = sandbox.execute_cancellable("print('fast')");

    // Schedule cancellation far in the future - execution should complete first
    // Use a long delay (10s) because CI can be slow with sandbox creation
    let token = handle.cancellation_token();
    tokio::spawn(async move {
        tokio::time::sleep(Duration::from_secs(10)).await;
        token.cancel();
    });

    let result = handle.wait().await;
    assert!(
        result.is_ok(),
        "Fast execution should complete: {:?}",
        result
    );
    let output = result.unwrap();
    assert!(output.stdout.contains("fast"));
}

// =============================================================================
// Error Cases
// =============================================================================

#[tokio::test]
async fn test_python_error_not_confused_with_cancellation() {
    let sandbox = sandbox_builder().build().expect("Failed to build sandbox");

    let handle = sandbox.execute_cancellable("raise ValueError('test error')");

    let result = handle.wait().await;
    assert!(result.is_err(), "Should fail with Python error");
    match result {
        Err(Error::Cancelled) => panic!("Should not be Cancelled error"),
        Err(Error::Execution(msg)) => {
            assert!(
                msg.contains("ValueError") || msg.contains("test error"),
                "Error should mention ValueError: {}",
                msg
            );
        }
        Err(e) => panic!("Unexpected error type: {:?}", e),
        Ok(_) => panic!("Expected error, got success"),
    }
}

#[tokio::test]
async fn test_syntax_error_not_confused_with_cancellation() {
    let sandbox = sandbox_builder().build().expect("Failed to build sandbox");

    let handle = sandbox.execute_cancellable("def broken(");

    let result = handle.wait().await;
    assert!(result.is_err(), "Should fail with syntax error");
    match result {
        Err(Error::Cancelled) => panic!("Should not be Cancelled error"),
        Err(Error::Execution(_)) => {} // Expected
        Err(e) => panic!("Unexpected error type: {:?}", e),
        Ok(_) => panic!("Expected error, got success"),
    }
}