Skip to content

feat(sandbox): forward just-bash SandboxOptions through justbash(), enable python/js-exec#607

Open
arimxyer wants to merge 1 commit into
vercel:mainfrom
arimxyer:feat/justbash-forward-sandbox-options
Open

feat(sandbox): forward just-bash SandboxOptions through justbash(), enable python/js-exec#607
arimxyer wants to merge 1 commit into
vercel:mainfrom
arimxyer:feat/justbash-forward-sandbox-options

Conversation

@arimxyer

@arimxyer arimxyer commented Jul 8, 2026

Copy link
Copy Markdown

What

Forward just-bash's SandboxOptions through the justbash() backend (via JustBashSandboxCreateOptionsSandbox.create(...)), and enable its bundled interpreters:

  • Execution controls the backend previously hardcoded or omitted: timeoutMs, maxCallDepth, maxCommandCount, maxLoopIterations, defenseInDepth.
  • Bundled-interpreter capability flags python (stdlib-only CPython via WebAssembly) and javascript (js-exec via QuickJS), both off by default.

justbash({ python: true }) now runs python3 inside the sandbox. Closes #431.

Why

justbash() built its interpreter with Sandbox.create({ cwd, env, fs, network }) and exposed only autoInstall, so an author couldn't set execution limits, an overall timeout, defense-in-depth, or — the driver behind #431 — enable python3 / js-exec. The capability flags live on just-bash's BashOptions, and just-bash's Sandbox.create (the call eve uses) didn't forward them; that upstream gap was fixed in vercel-labs/just-bash#284, shipped in just-bash 3.1.0.

Requires just-bash@^3.1.0 (peer floor raised from ^3.0.0)

This is load-bearing, not housekeeping: python/javascript only reach the interpreter through Sandbox.create as of 3.1.0. On older just-bash they are silently droppedpython: true would no-op rather than error — so the version floor is the only guard against that silent failure.

just-bash is added to minimumReleaseAgeExclude so the 3.1.0 bump resolves without waiting out the 2-day quarantine (it's a first-party vercel-labs package; the lockfile change is scoped to just-bash's own subtree). Happy to drop that and let 3.1.0 age out instead if you'd prefer.

Scope: why not commands / customCommands / fetch

#431 asks for python3 + js-exec, which this delivers. The other three just-bash capability flags are intentionally not surfaced: their just-bash types (CommandName[], CustomCommand, SecureFetch) can't be honestly restated as primitives, and exposing them would put just-bash's types on eve's public API — the same reason defenseInDepth is narrowed to a plain boolean here. They can follow later if there's demand.

Backward compatibility

No behavior change when the new fields are omitted — each forwards as undefined, i.e. just-bash's existing default (network still defaults to full internet access exactly as before).

Tests

  • just-bash-capability-options.integration.test.ts (mock): forwarding assertions extended to python/javascript, plus the default-undefined case.
  • just-bash.scenario.test.ts (real just-bash): two-sided e2e for each interpreter — justbash({ python: true }) runs python3 -c 'print(1 + 1)' and justbash({ javascript: true }) runs js-exec -c 'console.log(1 + 1)', both → exit 0, stdout 2; without the flag each command is not-found (exit 127).

Validation

turbo run typecheck --filter=eve, oxlint, the mock integration test, and the full just-bash scenario suite (21/21) all pass locally against just-bash 3.1.0. A minor changeset is included.

Supersedes #446

#446 forwarded only the already-supported limits/timeout fields and deferred the capability flags until just-bash#284 shipped. Now that 3.1.0 is out, this PR does the whole thing (limits + python/js-exec) off fresh main; I'll close #446 in favor of it.

🤖 Generated with Claude Code

@vercel

vercel Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

@arimxyer is attempting to deploy a commit to the Vercel Team on Vercel.

A member of the Team first needs to authorize it.

@socket-security

socket-security Bot commented Jul 8, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addednpm/​just-bash@​3.1.0831009996100

View full report

…nable python/js-exec

Surface just-bash's `SandboxOptions` on `JustBashSandboxCreateOptions` and
forward them into the `Sandbox.create(...)` the backend builds:

- Execution controls the backend previously hardcoded or omitted:
  `timeoutMs`, `maxCallDepth`, `maxCommandCount`, `maxLoopIterations`,
  `defenseInDepth`.
- Bundled-interpreter flags `python` (stdlib-only CPython via WASM) and
  `javascript` (js-exec via QuickJS), both off by default. These only reach
  the interpreter through `Sandbox.create` as of just-bash 3.1.0
  (vercel-labs/just-bash#284), so the peer floor is raised to `^3.1.0`; on
  older just-bash they silently no-op. Closes vercel#431.

The remaining just-bash capability flags (`commands`, `customCommands`,
`fetch`) are intentionally not surfaced: their just-bash types cannot be
honestly restated as primitives, and exposing them would put just-bash's
types on eve's public API (the same reason `defenseInDepth` is a plain
boolean here).

Each field is optional and falls back to just-bash's own default when
omitted, so existing apps are unaffected. just-bash is added to
`minimumReleaseAgeExclude` so the 3.1.0 bump resolves without waiting out
the 2-day supply-chain quarantine.

Tests: mock-based forwarding assertions extend to `python`/`javascript`;
a real scenario test proves `justbash({ python: true })` runs `python3`
(exit 0) while it is command-not-found (exit 127) by default.

Signed-off-by: Ari Mayer <ari111097@gmail.com>
@arimxyer arimxyer force-pushed the feat/justbash-forward-sandbox-options branch from 55b5dca to 7001c17 Compare July 8, 2026 15:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

justbash() backend can't enable just-bash's bundled Python (capability passthrough)

1 participant