secure_exec_sidecar/
state.rs

1//! Shared state types used across sidecar domain modules.
2//!
3//! Contains VM state, session state, configuration types, active process/socket
4//! types, and other shared data structures extracted from service.rs.
5
6use crate::protocol::{
7    EventFrame, GuestRuntimeKind, MountDescriptor, PermissionsPolicy, ProjectedModuleDescriptor,
8    RegisterHostCallbacksRequest, ResponseFrame, SidecarRequestFrame, SidecarRequestPayload,
9    SidecarResponseFrame, SidecarResponsePayload, SignalHandlerRegistration, SoftwareDescriptor,
10    WasmPermissionTier,
11};
12use crate::wire::DEFAULT_MAX_FRAME_BYTES;
13use rusqlite::Connection;
14use rustls::{ClientConnection, ServerConnection, StreamOwned};
15use secure_exec_bridge::{BridgeTypes, FilesystemSnapshot};
16use secure_exec_execution::{
17    JavascriptExecution, JavascriptSyncRpcRequest, PythonExecution, PythonVfsRpcRequest,
18    WasmExecution,
19};
20use secure_exec_kernel::kernel::{KernelProcessHandle, KernelVm};
21use secure_exec_kernel::mount_table::MountTable;
22use secure_exec_kernel::root_fs::{RootFileSystem, RootFilesystemMode, RootFilesystemSnapshot};
23use secure_exec_kernel::socket_table::SocketId;
24use secure_exec_vm_config as vm_config;
25use serde::{Deserialize, Serialize};
26use serde_json::Value;
27use std::collections::{BTreeMap, BTreeSet, VecDeque};
28use std::error::Error;
29use std::fmt;
30use std::fs::File;
31use std::net::{IpAddr, SocketAddr, TcpListener, TcpStream, UdpSocket};
32use std::os::unix::net::{UnixListener, UnixStream};
33use std::path::PathBuf;
34use std::sync::atomic::{AtomicBool, AtomicI64, Ordering};
35use std::sync::mpsc::{Receiver, Sender};
36use std::sync::{Arc, Condvar, Mutex};
37use std::time::{Duration, Instant};
38use tokio::sync::mpsc::UnboundedSender;
39
40// ---------------------------------------------------------------------------
41// Type aliases
42// ---------------------------------------------------------------------------
43
44pub(crate) type BridgeError<B> = <B as BridgeTypes>::Error;
45pub(crate) type SidecarKernel = KernelVm<MountTable>;
46
47// ---------------------------------------------------------------------------
48// Constants
49// ---------------------------------------------------------------------------
50
51pub(crate) const EXECUTION_DRIVER_NAME: &str = "secure-exec-sidecar-execution";
52pub(crate) const JAVASCRIPT_COMMAND: &str = "node";
53pub(crate) const PYTHON_COMMAND: &str = "python";
54pub(crate) const WASM_COMMAND: &str = "wasm";
55pub(crate) const PYTHON_VFS_RPC_GUEST_ROOT: &str = "/workspace";
56pub(crate) const EXECUTION_SANDBOX_ROOT_ENV: &str = "AGENT_OS_SANDBOX_ROOT";
57pub(crate) const WASM_STDIO_SYNC_RPC_ENV: &str = "AGENT_OS_WASI_STDIO_SYNC_RPC";
58#[cfg(test)]
59#[allow(dead_code)]
60pub(crate) const HOST_REALPATH_MAX_SYMLINK_DEPTH: usize = 40;
61pub(crate) const DISPOSE_VM_SIGTERM_GRACE: std::time::Duration =
62    std::time::Duration::from_millis(100);
63pub(crate) const DISPOSE_VM_SIGKILL_GRACE: std::time::Duration =
64    std::time::Duration::from_millis(100);
65pub(crate) const VM_DNS_SERVERS_METADATA_KEY: &str = "network.dns.servers";
66#[cfg(test)]
67#[allow(dead_code)]
68pub(crate) const VM_LISTEN_PORT_MIN_METADATA_KEY: &str = "network.listen.port_min";
69#[cfg(test)]
70#[allow(dead_code)]
71pub(crate) const VM_LISTEN_PORT_MAX_METADATA_KEY: &str = "network.listen.port_max";
72pub(crate) const VM_LISTEN_ALLOW_PRIVILEGED_METADATA_KEY: &str = "network.listen.allow_privileged";
73pub(crate) const DEFAULT_JAVASCRIPT_NET_BACKLOG: u32 = 511;
74pub(crate) const LOOPBACK_EXEMPT_PORTS_ENV: &str = "AGENT_OS_LOOPBACK_EXEMPT_PORTS";
75pub(crate) const TOOL_DRIVER_NAME: &str = "secure-exec-host-callbacks";
76pub(crate) const MAPPED_HOST_FD_START: u32 = 1_000_000_000;
77
78// ---------------------------------------------------------------------------
79// Public API types
80// ---------------------------------------------------------------------------
81
82#[derive(Debug, Clone)]
83pub struct NativeSidecarConfig {
84    pub sidecar_id: String,
85    pub max_frame_bytes: usize,
86    pub compile_cache_root: Option<PathBuf>,
87    pub expected_auth_token: Option<String>,
88    pub acp_termination_grace: Duration,
89}
90
91impl Default for NativeSidecarConfig {
92    fn default() -> Self {
93        Self {
94            sidecar_id: String::from("secure-exec-sidecar"),
95            max_frame_bytes: DEFAULT_MAX_FRAME_BYTES,
96            compile_cache_root: None,
97            expected_auth_token: None,
98            acp_termination_grace: Duration::from_secs(3),
99        }
100    }
101}
102
103#[derive(Debug, Clone)]
104pub struct DispatchResult {
105    pub response: ResponseFrame,
106    pub events: Vec<EventFrame>,
107}
108
109#[derive(Debug, Clone, PartialEq, Eq)]
110pub enum SidecarError {
111    InvalidState(String),
112    ProtocolVersionMismatch(String),
113    BridgeVersionMismatch(String),
114    Conflict(String),
115    Unauthorized(String),
116    Unsupported(String),
117    FrameTooLarge(String),
118    Kernel(String),
119    Plugin(String),
120    Execution(String),
121    Bridge(String),
122    Io(String),
123}
124
125impl fmt::Display for SidecarError {
126    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
127        match self {
128            Self::InvalidState(message)
129            | Self::ProtocolVersionMismatch(message)
130            | Self::BridgeVersionMismatch(message)
131            | Self::Conflict(message)
132            | Self::Unauthorized(message)
133            | Self::Unsupported(message)
134            | Self::FrameTooLarge(message)
135            | Self::Kernel(message)
136            | Self::Plugin(message)
137            | Self::Execution(message)
138            | Self::Bridge(message)
139            | Self::Io(message) => f.write_str(message),
140        }
141    }
142}
143
144impl Error for SidecarError {}
145
146pub trait SidecarRequestTransport: Send + Sync {
147    fn send_request(
148        &self,
149        request: SidecarRequestFrame,
150        timeout: Duration,
151    ) -> Result<SidecarResponseFrame, SidecarError>;
152}
153
154#[derive(Clone)]
155pub(crate) struct SharedSidecarRequestClient {
156    transport: Option<Arc<dyn SidecarRequestTransport>>,
157    next_request_id: Arc<AtomicI64>,
158}
159
160impl Default for SharedSidecarRequestClient {
161    fn default() -> Self {
162        Self {
163            transport: None,
164            next_request_id: Arc::new(AtomicI64::new(-1)),
165        }
166    }
167}
168
169impl SharedSidecarRequestClient {
170    pub(crate) fn set_transport(&mut self, transport: Arc<dyn SidecarRequestTransport>) {
171        self.transport = Some(transport);
172    }
173
174    pub(crate) fn invoke(
175        &self,
176        ownership: crate::protocol::OwnershipScope,
177        payload: SidecarRequestPayload,
178        timeout: Duration,
179    ) -> Result<SidecarResponsePayload, SidecarError> {
180        let transport = self.transport.as_ref().ok_or_else(|| {
181            SidecarError::Unsupported(String::from("sidecar request transport is not configured"))
182        })?;
183        let request_id = self.next_request_id.fetch_sub(1, Ordering::Relaxed);
184        let request = SidecarRequestFrame::new(request_id, ownership.clone(), payload);
185        let response = transport.send_request(request, timeout)?;
186        if response.request_id != request_id {
187            return Err(SidecarError::InvalidState(format!(
188                "sidecar response {} did not match request {request_id}",
189                response.request_id
190            )));
191        }
192        if response.ownership != ownership {
193            return Err(SidecarError::InvalidState(String::from(
194                "sidecar response ownership did not match request ownership",
195            )));
196        }
197        Ok(response.payload)
198    }
199}
200
201// ---------------------------------------------------------------------------
202// Bridge wrapper
203// ---------------------------------------------------------------------------
204
205pub(crate) struct SharedBridge<B> {
206    pub(crate) inner: Arc<Mutex<B>>,
207    pub(crate) permissions: Arc<Mutex<BTreeMap<String, PermissionsPolicy>>>,
208    #[cfg(test)]
209    pub(crate) set_vm_permissions_outcomes: Arc<Mutex<VecDeque<Option<SidecarError>>>>,
210}
211
212impl<B> Clone for SharedBridge<B> {
213    fn clone(&self) -> Self {
214        Self {
215            inner: Arc::clone(&self.inner),
216            permissions: Arc::clone(&self.permissions),
217            #[cfg(test)]
218            set_vm_permissions_outcomes: Arc::clone(&self.set_vm_permissions_outcomes),
219        }
220    }
221}
222
223// ---------------------------------------------------------------------------
224// Connection / session / VM state
225// ---------------------------------------------------------------------------
226
227#[allow(dead_code)]
228#[derive(Debug)]
229pub(crate) struct ConnectionState {
230    pub(crate) auth_token: String,
231    pub(crate) sessions: BTreeSet<String>,
232}
233
234#[allow(dead_code)]
235#[derive(Debug)]
236pub(crate) struct SessionState {
237    pub(crate) connection_id: String,
238    pub(crate) placement: crate::protocol::SidecarPlacement,
239    pub(crate) metadata: BTreeMap<String, String>,
240    pub(crate) vm_ids: BTreeSet<String>,
241}
242
243#[allow(dead_code)]
244#[derive(Debug, Default, Clone)]
245pub(crate) struct VmConfiguration {
246    pub(crate) mounts: Vec<MountDescriptor>,
247    pub(crate) software: Vec<SoftwareDescriptor>,
248    pub(crate) permissions: PermissionsPolicy,
249    pub(crate) module_access_cwd: Option<String>,
250    pub(crate) instructions: Vec<String>,
251    pub(crate) projected_modules: Vec<ProjectedModuleDescriptor>,
252    pub(crate) command_permissions: BTreeMap<String, WasmPermissionTier>,
253    /// Guest JavaScript host-environment config (platform / module resolution /
254    /// builtin allow-list). Set at `create_vm` from `CreateVmConfig.jsRuntime`
255    /// and preserved across `configure_vm`. `None` => full Node.js emulation.
256    pub(crate) js_runtime: Option<vm_config::JsRuntimeConfig>,
257    pub(crate) loopback_exempt_ports: Vec<u16>,
258}
259
260#[allow(dead_code)]
261pub(crate) struct VmLayerStore {
262    pub(crate) next_layer_id: u64,
263    pub(crate) layers: BTreeMap<String, VmLayer>,
264}
265
266impl Default for VmLayerStore {
267    fn default() -> Self {
268        Self {
269            next_layer_id: 1,
270            layers: BTreeMap::new(),
271        }
272    }
273}
274
275#[allow(dead_code)]
276#[derive(Debug)]
277pub(crate) enum VmLayer {
278    Writable(RootFileSystem),
279    Snapshot(RootFilesystemSnapshot),
280    Overlay(VmOverlayLayer),
281}
282
283#[allow(dead_code)]
284#[derive(Debug, Clone)]
285pub(crate) struct VmOverlayLayer {
286    pub(crate) mode: RootFilesystemMode,
287    pub(crate) upper_layer_id: Option<String>,
288    pub(crate) lower_layer_ids: Vec<String>,
289}
290
291#[allow(dead_code)]
292pub(crate) struct VmState {
293    pub(crate) connection_id: String,
294    pub(crate) session_id: String,
295    /// Operator-tunable VM-scoped runtime limits. Immutable for the VM's lifetime;
296    /// `ConfigureVm` does not mutate limits.
297    pub(crate) limits: crate::limits::VmLimits,
298    pub(crate) dns: VmDnsConfig,
299    pub(crate) listen_policy: VmListenPolicy,
300    pub(crate) create_loopback_exempt_ports: BTreeSet<u16>,
301    pub(crate) guest_env: BTreeMap<String, String>,
302    pub(crate) requested_runtime: GuestRuntimeKind,
303    pub(crate) root_filesystem_mode: RootFilesystemMode,
304    pub(crate) guest_cwd: String,
305    pub(crate) cwd: PathBuf,
306    pub(crate) host_cwd: PathBuf,
307    pub(crate) kernel: SidecarKernel,
308    pub(crate) loaded_snapshot: Option<FilesystemSnapshot>,
309    pub(crate) configuration: VmConfiguration,
310    pub(crate) layers: VmLayerStore,
311    pub(crate) command_guest_paths: BTreeMap<String, String>,
312    pub(crate) command_permissions: BTreeMap<String, WasmPermissionTier>,
313    pub(crate) toolkits: BTreeMap<String, RegisterHostCallbacksRequest>,
314    pub(crate) active_processes: BTreeMap<String, ActiveProcess>,
315    pub(crate) exited_process_snapshots: VecDeque<ExitedProcessSnapshot>,
316    pub(crate) detached_child_processes: BTreeSet<String>,
317    pub(crate) signal_states: BTreeMap<String, BTreeMap<u32, SignalHandlerRegistration>>,
318}
319
320#[derive(Debug, Clone)]
321pub(crate) struct ExitedProcessSnapshot {
322    pub(crate) captured_at: Instant,
323    pub(crate) process: crate::protocol::ProcessSnapshotEntry,
324}
325
326// ---------------------------------------------------------------------------
327// DNS configuration
328// ---------------------------------------------------------------------------
329
330#[derive(Debug, Clone, Default)]
331pub(crate) struct VmDnsConfig {
332    pub(crate) name_servers: Vec<SocketAddr>,
333    pub(crate) overrides: BTreeMap<String, Vec<IpAddr>>,
334}
335
336#[derive(Debug, Clone)]
337pub(crate) struct JavascriptSocketPathContext {
338    pub(crate) sandbox_root: PathBuf,
339    pub(crate) mounts: Vec<MountDescriptor>,
340    pub(crate) listen_policy: VmListenPolicy,
341    pub(crate) loopback_exempt_ports: BTreeSet<u16>,
342    pub(crate) tcp_loopback_guest_to_host_ports: BTreeMap<(JavascriptSocketFamily, u16), u16>,
343    pub(crate) udp_loopback_guest_to_host_ports: BTreeMap<(JavascriptSocketFamily, u16), u16>,
344    pub(crate) udp_loopback_host_to_guest_ports: BTreeMap<(JavascriptSocketFamily, u16), u16>,
345    pub(crate) used_tcp_guest_ports: BTreeMap<JavascriptSocketFamily, BTreeSet<u16>>,
346    pub(crate) used_udp_guest_ports: BTreeMap<JavascriptSocketFamily, BTreeSet<u16>>,
347}
348
349#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)]
350pub(crate) enum JavascriptSocketFamily {
351    Ipv4,
352    Ipv6,
353}
354
355impl JavascriptSocketFamily {
356    pub(crate) fn from_ip(ip: IpAddr) -> Self {
357        match ip {
358            IpAddr::V4(_) => Self::Ipv4,
359            IpAddr::V6(_) => Self::Ipv6,
360        }
361    }
362}
363
364impl From<JavascriptUdpFamily> for JavascriptSocketFamily {
365    fn from(value: JavascriptUdpFamily) -> Self {
366        match value {
367            JavascriptUdpFamily::Ipv4 => Self::Ipv4,
368            JavascriptUdpFamily::Ipv6 => Self::Ipv6,
369        }
370    }
371}
372
373#[derive(Debug, Clone, Copy)]
374pub(crate) struct VmListenPolicy {
375    pub(crate) port_min: u16,
376    pub(crate) port_max: u16,
377    pub(crate) allow_privileged: bool,
378}
379
380impl Default for VmListenPolicy {
381    fn default() -> Self {
382        Self {
383            port_min: 1,
384            port_max: u16::MAX,
385            allow_privileged: false,
386        }
387    }
388}
389
390// ---------------------------------------------------------------------------
391// Active process state
392// ---------------------------------------------------------------------------
393
394#[allow(dead_code)]
395pub(crate) struct ActiveProcess {
396    pub(crate) kernel_pid: u32,
397    pub(crate) kernel_handle: KernelProcessHandle,
398    pub(crate) kernel_stdin_writer_fd: Option<u32>,
399    pub(crate) runtime: GuestRuntimeKind,
400    pub(crate) detached: bool,
401    pub(crate) execution: ActiveExecution,
402    pub(crate) guest_cwd: String,
403    pub(crate) env: BTreeMap<String, String>,
404    pub(crate) host_cwd: PathBuf,
405    pub(crate) mapped_host_fds: BTreeMap<u32, ActiveMappedHostFd>,
406    pub(crate) next_mapped_host_fd: u32,
407    pub(crate) pending_execution_events: VecDeque<ActiveExecutionEvent>,
408    pub(crate) pending_self_signal_exit: Option<i32>,
409    pub(crate) child_processes: BTreeMap<String, ActiveProcess>,
410    pub(crate) next_child_process_id: usize,
411    pub(crate) http_servers: BTreeMap<u64, ActiveHttpServer>,
412    pub(crate) pending_http_requests: BTreeMap<(u64, u64), Option<String>>,
413    pub(crate) http2: ActiveHttp2State,
414    pub(crate) tcp_listeners: BTreeMap<String, ActiveTcpListener>,
415    pub(crate) next_tcp_listener_id: usize,
416    pub(crate) tcp_sockets: BTreeMap<String, ActiveTcpSocket>,
417    pub(crate) next_tcp_socket_id: usize,
418    pub(crate) tcp_port_reservations: BTreeMap<String, (JavascriptSocketFamily, u16)>,
419    pub(crate) next_tcp_port_reservation_id: usize,
420    pub(crate) unix_listeners: BTreeMap<String, ActiveUnixListener>,
421    pub(crate) next_unix_listener_id: usize,
422    pub(crate) unix_sockets: BTreeMap<String, ActiveUnixSocket>,
423    pub(crate) next_unix_socket_id: usize,
424    pub(crate) udp_sockets: BTreeMap<String, ActiveUdpSocket>,
425    pub(crate) next_udp_socket_id: usize,
426    pub(crate) cipher_sessions: BTreeMap<u64, ActiveCipherSession>,
427    pub(crate) next_cipher_session_id: u64,
428    pub(crate) diffie_hellman_sessions: BTreeMap<u64, ActiveDiffieHellmanSession>,
429    pub(crate) next_diffie_hellman_session_id: u64,
430    pub(crate) sqlite_databases: BTreeMap<u64, ActiveSqliteDatabase>,
431    pub(crate) next_sqlite_database_id: u64,
432    pub(crate) sqlite_statements: BTreeMap<u64, ActiveSqliteStatement>,
433    pub(crate) next_sqlite_statement_id: u64,
434    /// Per-process module resolution cache, persisted across module sync-RPCs
435    /// (`__resolve_module` / `__load_file` / `__module_format` /
436    /// `__batch_resolve_modules`) for the lifetime of this process so cold-start
437    /// resolution does not rebuild it on every dispatch. The resolver reads the
438    /// kernel VFS; the node_modules tree is mounted read-only, so cached
439    /// stat/exists/package.json results under it stay valid for the process run.
440    pub(crate) module_resolution_cache: secure_exec_execution::LocalModuleResolutionCache,
441}
442
443pub(crate) struct ActiveMappedHostFd {
444    pub(crate) file: File,
445    pub(crate) path: PathBuf,
446}
447
448pub(crate) struct ActiveCipherSession {
449    pub(crate) algorithm: String,
450    pub(crate) auth_tag_len: usize,
451    pub(crate) context: openssl::symm::Crypter,
452}
453
454pub(crate) struct ActiveSqliteDatabase {
455    pub(crate) connection: Connection,
456    pub(crate) host_path: Option<PathBuf>,
457    pub(crate) vm_path: Option<String>,
458    pub(crate) dirty: bool,
459    pub(crate) transaction_depth: usize,
460    pub(crate) read_only: bool,
461}
462
463#[derive(Clone)]
464pub(crate) struct ActiveSqliteStatement {
465    pub(crate) database_id: u64,
466    pub(crate) sql: String,
467    pub(crate) return_arrays: bool,
468    pub(crate) read_bigints: bool,
469    pub(crate) allow_bare_named_parameters: bool,
470    pub(crate) allow_unknown_named_parameters: bool,
471}
472
473pub(crate) enum ActiveDiffieHellmanSession {
474    Dh(ActiveDhSession),
475    Ecdh(ActiveEcdhSession),
476}
477
478pub(crate) struct ActiveDhSession {
479    pub(crate) params: openssl::dh::Dh<openssl::pkey::Params>,
480    pub(crate) key_pair: Option<openssl::dh::Dh<openssl::pkey::Private>>,
481}
482
483pub(crate) struct ActiveEcdhSession {
484    pub(crate) curve: String,
485    pub(crate) key_pair: Option<openssl::ec::EcKey<openssl::pkey::Private>>,
486}
487
488#[derive(Debug, Clone, Copy, Default)]
489pub(crate) struct NetworkResourceCounts {
490    pub(crate) sockets: usize,
491    pub(crate) connections: usize,
492}
493
494#[derive(Debug)]
495pub(crate) struct ActiveHttpServer {
496    pub(crate) listener: TcpListener,
497    pub(crate) guest_local_addr: SocketAddr,
498    pub(crate) next_request_id: u64,
499}
500
501#[derive(Clone, Default)]
502pub(crate) struct ActiveHttp2State {
503    pub(crate) shared: Arc<Mutex<Http2SharedState>>,
504}
505
506#[derive(Default)]
507pub(crate) struct Http2SharedState {
508    pub(crate) next_session_id: u64,
509    pub(crate) next_stream_id: u64,
510    pub(crate) servers: BTreeMap<u64, ActiveHttp2Server>,
511    pub(crate) sessions: BTreeMap<u64, ActiveHttp2Session>,
512    pub(crate) streams: BTreeMap<u64, ActiveHttp2Stream>,
513    pub(crate) server_events: BTreeMap<u64, VecDeque<Http2BridgeEvent>>,
514    pub(crate) session_events: BTreeMap<u64, VecDeque<Http2BridgeEvent>>,
515}
516
517#[derive(Debug)]
518pub(crate) struct ActiveHttp2Server {
519    pub(crate) actual_local_addr: SocketAddr,
520    pub(crate) guest_local_addr: SocketAddr,
521    pub(crate) secure: bool,
522    pub(crate) tls: Option<JavascriptTlsBridgeOptions>,
523    pub(crate) closed: Arc<AtomicBool>,
524}
525
526#[derive(Debug, Clone)]
527pub(crate) struct ActiveHttp2Session {
528    pub(crate) command_tx: UnboundedSender<Http2SessionCommand>,
529}
530
531#[derive(Debug, Clone)]
532pub(crate) struct ActiveHttp2Stream {
533    pub(crate) session_id: u64,
534    pub(crate) paused: Arc<AtomicBool>,
535}
536
537#[derive(Debug, Clone, Default, Serialize, Deserialize)]
538#[serde(default, rename_all = "camelCase")]
539pub(crate) struct Http2SocketSnapshot {
540    pub(crate) encrypted: bool,
541    pub(crate) allow_half_open: bool,
542    pub(crate) local_address: Option<String>,
543    pub(crate) local_port: Option<u16>,
544    pub(crate) local_family: Option<String>,
545    pub(crate) remote_address: Option<String>,
546    pub(crate) remote_port: Option<u16>,
547    pub(crate) remote_family: Option<String>,
548    pub(crate) servername: Option<String>,
549    pub(crate) alpn_protocol: Option<String>,
550}
551
552#[derive(Debug, Clone, Default, Serialize, Deserialize)]
553#[serde(default, rename_all = "camelCase")]
554pub(crate) struct Http2RuntimeSnapshot {
555    pub(crate) effective_local_window_size: u32,
556    pub(crate) local_window_size: u32,
557    pub(crate) remote_window_size: u32,
558    pub(crate) next_stream_id: u32,
559    pub(crate) outbound_queue_size: u32,
560    pub(crate) deflate_dynamic_table_size: u32,
561    pub(crate) inflate_dynamic_table_size: u32,
562}
563
564#[derive(Debug, Clone, Default, Serialize, Deserialize)]
565#[serde(default, rename_all = "camelCase")]
566pub(crate) struct Http2SessionSnapshot {
567    pub(crate) encrypted: bool,
568    pub(crate) alpn_protocol: Option<String>,
569    pub(crate) origin_set: Vec<String>,
570    pub(crate) local_settings: BTreeMap<String, Value>,
571    pub(crate) remote_settings: BTreeMap<String, Value>,
572    pub(crate) state: Http2RuntimeSnapshot,
573    pub(crate) socket: Http2SocketSnapshot,
574}
575
576#[derive(Debug, Clone, Default, Serialize, Deserialize)]
577#[serde(default, rename_all = "camelCase")]
578pub(crate) struct Http2BridgeEvent {
579    pub(crate) kind: String,
580    pub(crate) id: u64,
581    #[serde(skip_serializing_if = "Option::is_none")]
582    pub(crate) data: Option<String>,
583    #[serde(skip_serializing_if = "Option::is_none")]
584    pub(crate) extra: Option<String>,
585    #[serde(skip_serializing_if = "Option::is_none")]
586    pub(crate) extra_number: Option<u64>,
587    #[serde(skip_serializing_if = "Option::is_none")]
588    pub(crate) extra_headers: Option<String>,
589    #[serde(skip_serializing_if = "Option::is_none")]
590    pub(crate) flags: Option<u64>,
591}
592
593pub(crate) enum Http2SessionCommand {
594    Request {
595        headers_json: String,
596        options_json: String,
597        respond_to: Sender<Result<Value, String>>,
598    },
599    Settings {
600        settings_json: String,
601        respond_to: Sender<Result<Value, String>>,
602    },
603    SetLocalWindowSize {
604        size: u32,
605        respond_to: Sender<Result<Value, String>>,
606    },
607    Goaway {
608        error_code: u32,
609        last_stream_id: u32,
610        opaque_data: Option<Vec<u8>>,
611        respond_to: Sender<Result<Value, String>>,
612    },
613    Close {
614        abrupt: bool,
615        respond_to: Sender<Result<Value, String>>,
616    },
617    StreamRespond {
618        stream_id: u64,
619        headers_json: String,
620        respond_to: Sender<Result<Value, String>>,
621    },
622    StreamPush {
623        stream_id: u64,
624        headers_json: String,
625        respond_to: Sender<Result<Value, String>>,
626    },
627    StreamWrite {
628        stream_id: u64,
629        chunk: Vec<u8>,
630        end_stream: bool,
631        respond_to: Sender<Result<Value, String>>,
632    },
633    StreamClose {
634        stream_id: u64,
635        error_code: Option<u32>,
636        respond_to: Sender<Result<Value, String>>,
637    },
638    StreamRespondWithFile {
639        stream_id: u64,
640        body: Vec<u8>,
641        headers_json: String,
642        options_json: String,
643        respond_to: Sender<Result<Value, String>>,
644    },
645}
646
647// ---------------------------------------------------------------------------
648// TCP types
649// ---------------------------------------------------------------------------
650
651#[derive(Debug)]
652pub(crate) enum JavascriptTcpListenerEvent {
653    Connection(PendingTcpSocket),
654    Error {
655        code: Option<String>,
656        message: String,
657    },
658}
659
660#[derive(Debug)]
661pub(crate) struct PendingTcpSocket {
662    pub(crate) stream: Option<TcpStream>,
663    pub(crate) kernel_socket_id: Option<SocketId>,
664    pub(crate) preallocated: bool,
665    pub(crate) guest_local_addr: SocketAddr,
666    pub(crate) guest_remote_addr: SocketAddr,
667}
668
669#[derive(Debug)]
670pub(crate) enum JavascriptTcpSocketEvent {
671    Data(Vec<u8>),
672    End,
673    Close {
674        had_error: bool,
675    },
676    Error {
677        code: Option<String>,
678        message: String,
679    },
680}
681
682#[derive(Debug)]
683pub(crate) struct ActiveTcpSocket {
684    pub(crate) stream: Option<Arc<Mutex<TcpStream>>>,
685    pub(crate) pending_read_stream: Option<Arc<Mutex<Option<TcpStream>>>>,
686    pub(crate) events: Option<Receiver<JavascriptTcpSocketEvent>>,
687    pub(crate) event_sender: Option<Sender<JavascriptTcpSocketEvent>>,
688    pub(crate) kernel_socket_id: Option<SocketId>,
689    pub(crate) no_delay: bool,
690    pub(crate) keep_alive: bool,
691    pub(crate) keep_alive_initial_delay_secs: Option<u64>,
692    pub(crate) guest_local_addr: SocketAddr,
693    pub(crate) guest_remote_addr: SocketAddr,
694    pub(crate) listener_id: Option<String>,
695    pub(crate) tls_mode: Arc<AtomicBool>,
696    pub(crate) tls_stream: Arc<Mutex<Option<ActiveTlsStream>>>,
697    pub(crate) tls_state: Arc<Mutex<Option<ActiveTlsState>>>,
698    pub(crate) saw_local_shutdown: Arc<AtomicBool>,
699    pub(crate) saw_remote_end: Arc<AtomicBool>,
700    pub(crate) close_notified: Arc<AtomicBool>,
701}
702
703pub(crate) struct LoopbackTlsTransportPair {
704    pub(crate) state: Mutex<LoopbackTlsTransportPairState>,
705    pub(crate) ready: Condvar,
706}
707
708#[derive(Debug, Default)]
709pub(crate) struct LoopbackTlsTransportPairState {
710    pub(crate) lower_to_higher: VecDeque<u8>,
711    pub(crate) higher_to_lower: VecDeque<u8>,
712    pub(crate) lower_write_closed: bool,
713    pub(crate) higher_write_closed: bool,
714    pub(crate) lower_closed: bool,
715    pub(crate) higher_closed: bool,
716}
717
718pub(crate) struct LoopbackTlsEndpoint {
719    pub(crate) pair: Arc<LoopbackTlsTransportPair>,
720    pub(crate) is_lower_socket: bool,
721}
722
723impl fmt::Debug for LoopbackTlsEndpoint {
724    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
725        f.debug_struct("LoopbackTlsEndpoint")
726            .field("is_lower_socket", &self.is_lower_socket)
727            .finish()
728    }
729}
730
731#[derive(Debug)]
732pub(crate) enum ActiveTlsStream {
733    Client(StreamOwned<ClientConnection, TcpStream>),
734    Server(StreamOwned<ServerConnection, TcpStream>),
735    LoopbackClient(StreamOwned<ClientConnection, LoopbackTlsEndpoint>),
736    LoopbackServer(StreamOwned<ServerConnection, LoopbackTlsEndpoint>),
737}
738
739#[derive(Debug, Clone, Default, Serialize, Deserialize)]
740#[serde(default, rename_all = "camelCase")]
741pub(crate) struct JavascriptTlsClientHello {
742    #[serde(skip_serializing_if = "Option::is_none")]
743    pub(crate) servername: Option<String>,
744    #[serde(
745        rename = "ALPNProtocols",
746        alias = "ALPNProtocols",
747        skip_serializing_if = "Option::is_none"
748    )]
749    pub(crate) alpn_protocols: Option<Vec<String>>,
750}
751
752#[derive(Debug, Clone, Default, Deserialize)]
753#[serde(default, rename_all = "camelCase")]
754pub(crate) struct JavascriptTlsBridgeOptions {
755    pub(crate) is_server: bool,
756    pub(crate) servername: Option<String>,
757    pub(crate) reject_unauthorized: Option<bool>,
758    pub(crate) request_cert: Option<bool>,
759    pub(crate) session: Option<String>,
760    pub(crate) key: Option<JavascriptTlsMaterial>,
761    pub(crate) cert: Option<JavascriptTlsMaterial>,
762    pub(crate) ca: Option<JavascriptTlsMaterial>,
763    pub(crate) passphrase: Option<String>,
764    pub(crate) ciphers: Option<String>,
765    #[serde(alias = "ALPNProtocols")]
766    pub(crate) alpn_protocols: Option<Vec<String>>,
767    pub(crate) min_version: Option<String>,
768    pub(crate) max_version: Option<String>,
769}
770
771#[derive(Debug, Clone, Deserialize)]
772#[serde(untagged)]
773pub(crate) enum JavascriptTlsMaterial {
774    Single(JavascriptTlsDataValue),
775    Many(Vec<JavascriptTlsDataValue>),
776}
777
778#[derive(Debug, Clone, Deserialize)]
779#[serde(tag = "kind", rename_all = "camelCase")]
780pub(crate) enum JavascriptTlsDataValue {
781    Buffer { data: String },
782    String { data: String },
783}
784
785#[derive(Debug, Clone, Default)]
786pub(crate) struct ActiveTlsState {
787    pub(crate) client_hello: Option<JavascriptTlsClientHello>,
788    pub(crate) local_certificates: Vec<Vec<u8>>,
789    pub(crate) session_reused: bool,
790}
791
792#[derive(Debug, Clone, Copy)]
793pub(crate) struct ResolvedTcpConnectAddr {
794    pub(crate) actual_addr: SocketAddr,
795    pub(crate) guest_remote_addr: SocketAddr,
796    pub(crate) use_kernel_loopback: bool,
797}
798
799#[derive(Debug)]
800pub(crate) struct ActiveTcpListener {
801    pub(crate) listener: Option<TcpListener>,
802    pub(crate) kernel_socket_id: Option<SocketId>,
803    pub(crate) local_addr: Option<SocketAddr>,
804    pub(crate) guest_local_addr: SocketAddr,
805    pub(crate) backlog: usize,
806    pub(crate) active_connection_ids: BTreeSet<String>,
807}
808
809// ---------------------------------------------------------------------------
810// Unix socket types
811// ---------------------------------------------------------------------------
812
813#[derive(Debug)]
814pub(crate) enum JavascriptUnixListenerEvent {
815    Connection(PendingUnixSocket),
816    Error {
817        code: Option<String>,
818        message: String,
819    },
820}
821
822#[derive(Debug)]
823pub(crate) struct PendingUnixSocket {
824    pub(crate) stream: UnixStream,
825    pub(crate) local_path: Option<String>,
826    pub(crate) remote_path: Option<String>,
827}
828
829#[derive(Debug)]
830pub(crate) struct ActiveUnixSocket {
831    pub(crate) stream: Arc<Mutex<UnixStream>>,
832    pub(crate) events: Receiver<JavascriptTcpSocketEvent>,
833    pub(crate) event_sender: Sender<JavascriptTcpSocketEvent>,
834    pub(crate) listener_id: Option<String>,
835    pub(crate) local_path: Option<String>,
836    pub(crate) remote_path: Option<String>,
837    pub(crate) saw_local_shutdown: Arc<AtomicBool>,
838    pub(crate) saw_remote_end: Arc<AtomicBool>,
839    pub(crate) close_notified: Arc<AtomicBool>,
840}
841
842#[derive(Debug)]
843pub(crate) struct ActiveUnixListener {
844    pub(crate) listener: UnixListener,
845    pub(crate) path: String,
846    pub(crate) backlog: usize,
847    pub(crate) active_connection_ids: BTreeSet<String>,
848}
849
850// ---------------------------------------------------------------------------
851// UDP types
852// ---------------------------------------------------------------------------
853
854#[derive(Debug, Clone, Copy, PartialEq, Eq)]
855pub(crate) enum JavascriptUdpFamily {
856    Ipv4,
857    Ipv6,
858}
859
860impl JavascriptUdpFamily {
861    pub(crate) fn from_socket_type(value: &str) -> Result<Self, SidecarError> {
862        match value {
863            "udp4" => Ok(Self::Ipv4),
864            "udp6" => Ok(Self::Ipv6),
865            other => Err(SidecarError::InvalidState(format!(
866                "unsupported dgram socket type {other}"
867            ))),
868        }
869    }
870
871    pub(crate) fn socket_type(self) -> &'static str {
872        match self {
873            Self::Ipv4 => "udp4",
874            Self::Ipv6 => "udp6",
875        }
876    }
877
878    pub(crate) fn matches_addr(self, addr: &SocketAddr) -> bool {
879        matches!(
880            (self, addr),
881            (Self::Ipv4, SocketAddr::V4(_)) | (Self::Ipv6, SocketAddr::V6(_))
882        )
883    }
884}
885
886#[derive(Debug)]
887pub(crate) enum JavascriptUdpSocketEvent {
888    Message {
889        data: Vec<u8>,
890        remote_addr: SocketAddr,
891    },
892    Error {
893        code: Option<String>,
894        message: String,
895    },
896}
897
898#[derive(Debug)]
899pub(crate) struct ActiveUdpSocket {
900    pub(crate) family: JavascriptUdpFamily,
901    pub(crate) socket: Option<UdpSocket>,
902    pub(crate) kernel_socket_id: Option<SocketId>,
903    pub(crate) guest_local_addr: Option<SocketAddr>,
904    pub(crate) recv_buffer_size: usize,
905    pub(crate) send_buffer_size: usize,
906}
907
908// ---------------------------------------------------------------------------
909// Execution types
910// ---------------------------------------------------------------------------
911
912#[derive(Debug)]
913pub(crate) enum ActiveExecution {
914    Javascript(JavascriptExecution),
915    Python(PythonExecution),
916    Wasm(WasmExecution),
917    Tool(ToolExecution),
918}
919
920#[derive(Debug, Clone)]
921pub(crate) struct ToolExecution {
922    pub(crate) cancelled: Arc<AtomicBool>,
923    pub(crate) pending_events: Arc<Mutex<VecDeque<ActiveExecutionEvent>>>,
924    pub(crate) events_overflowed: Arc<AtomicBool>,
925}
926
927impl Default for ToolExecution {
928    fn default() -> Self {
929        Self {
930            cancelled: Arc::new(AtomicBool::new(false)),
931            pending_events: Arc::new(Mutex::new(VecDeque::new())),
932            events_overflowed: Arc::new(AtomicBool::new(false)),
933        }
934    }
935}
936
937#[derive(Debug)]
938pub(crate) enum ActiveExecutionEvent {
939    Stdout(Vec<u8>),
940    Stderr(Vec<u8>),
941    JavascriptSyncRpcRequest(JavascriptSyncRpcRequest),
942    PythonVfsRpcRequest(Box<PythonVfsRpcRequest>),
943    SignalState {
944        signal: u32,
945        registration: SignalHandlerRegistration,
946    },
947    Exited(i32),
948}
949
950#[derive(Debug)]
951pub(crate) struct ProcessEventEnvelope {
952    pub(crate) connection_id: String,
953    pub(crate) session_id: String,
954    pub(crate) vm_id: String,
955    pub(crate) process_id: String,
956    pub(crate) event: ActiveExecutionEvent,
957}
958
959#[derive(Debug, Clone, Copy, PartialEq, Eq)]
960pub(crate) enum SocketQueryKind {
961    TcpListener,
962    UdpBound,
963}
964
965// ---------------------------------------------------------------------------
966// Command resolution
967// ---------------------------------------------------------------------------
968
969#[derive(Debug)]
970pub(crate) struct ResolvedChildProcessExecution {
971    pub(crate) command: String,
972    pub(crate) process_args: Vec<String>,
973    pub(crate) runtime: GuestRuntimeKind,
974    pub(crate) entrypoint: String,
975    pub(crate) execution_args: Vec<String>,
976    pub(crate) env: BTreeMap<String, String>,
977    pub(crate) guest_cwd: String,
978    pub(crate) host_cwd: PathBuf,
979    pub(crate) wasm_permission_tier: Option<WasmPermissionTier>,
980    pub(crate) tool_command: bool,
981}
982
983// ---------------------------------------------------------------------------
984// Utility types
985// ---------------------------------------------------------------------------
986
987#[derive(Debug)]
988pub(crate) struct ProcNetEntry {
989    pub(crate) local_host: String,
990    pub(crate) local_port: u16,
991    pub(crate) state: String,
992    pub(crate) inode: u64,
993}
secure_exec_sidecar/state.rs

secure_exec_sidecar/
state.rs
