Merge pull request #5 from rivet-dev/node-ts-typecheck

Extract TypeScript compiler to companion @secure-exec/typescript package

Author: NathanFlurry

docs-internal/arch/overview.md

@@ -1,9 +1,9 @@
 # Architecture Overview
 
 ```
-NodeRuntime | PythonRuntime
-  → SystemDriver + NodeRuntimeDriverFactory | PythonRuntimeDriverFactory
-  → NodeExecutionDriver (node target) | BrowserRuntimeDriver + Worker runtime (browser target) | PyodideRuntimeDriver + Worker runtime (python target)
+NodeRuntime | PythonRuntime | createTypeScriptTools
+  → SystemDriver + NodeRuntimeDriverFactory | PythonRuntimeDriverFactory | compiler SystemDriver + NodeRuntimeDriverFactory
+  → NodeExecutionDriver (node target) | BrowserRuntimeDriver + Worker runtime (browser target) | PyodideRuntimeDriver + Worker runtime (python target) | compiler NodeRuntime sandbox
 ```
 
 ## NodeRuntime / PythonRuntime
@@ -20,6 +20,16 @@ Public APIs. Thin facades that delegate orchestration to runtime drivers.
   - `systemDriver` for runtime capabilities/config
   - runtime-driver factory for runtime-driver construction
 
+## TypeScript Tools
+
+`packages/secure-exec-typescript/src/index.ts`
+
+Optional companion package for sandboxed TypeScript compiler work (`@secure-exec/typescript`).
+
+- `createTypeScriptTools(...)` — build project/source compile and typecheck helpers
+- Uses a dedicated `NodeRuntime` compiler sandbox per request
+- Keeps TypeScript compiler execution out of the core runtime path
+
 ## SystemDriver
 
 `src/runtime-driver.ts` (re-exported from `src/types.ts`)

docs-internal/friction.md

@@ -1,5 +1,12 @@
 # Sandboxed Node Friction Log
 
+## 2026-03-10
+
+1. **[resolved]** TypeScript compilation needed sandboxing without baking compiler behavior into the core runtime.
+   - Symptom: keeping TypeScript handling inside `NodeRuntime` blurred the runtime contract, risked host-memory pressure during compilation, and forced browser/runtime surfaces to inherit TypeScript-specific policy.
+   - Fix: core `secure-exec` now stays JavaScript-only, while sandboxed TypeScript typecheck/compile flows move to the separate `@secure-exec/typescript` package.
+   - Compatibility trade-off: callers that want TypeScript must perform an explicit compile/typecheck step before executing emitted JavaScript in the runtime.
+
 ## 2026-03-09
 
 1. **[resolved]** Python `exec()` env overrides bypassed `permissions.env`.

docs/api-reference.mdx

@@ -30,13 +30,44 @@ new NodeRuntime(options: NodeRuntimeOptions)
 | Method | Returns | Description |
 |---|---|---|
 | `exec(code, options?)` | `Promise<ExecResult>` | Execute code without a return value. |
-| `run<T>(code, filePath?)` | `Promise<RunResult<T>>` | Execute code and return the default export. |
+| `run<T>(code, filePath?)` | `Promise<RunResult<T>>` | Execute code and return the module namespace/default export object. |
 | `network` | `{ fetch, dnsLookup, httpRequest }` | Network access from the host side. |
 | `dispose()` | `void` | Release resources synchronously. |
 | `terminate()` | `Promise<void>` | Terminate the runtime. |
 
 ---
 
+## TypeScript Tools (`@secure-exec/typescript`)
+
+### `createTypeScriptTools(options)`
+
+Creates sandboxed TypeScript project/source helpers backed by a dedicated compiler runtime.
+
+```ts
+createTypeScriptTools(options: TypeScriptToolsOptions)
+```
+
+**`TypeScriptToolsOptions`**
+
+| Option | Type | Description |
+|---|---|---|
+| `systemDriver` | `SystemDriver` | Compiler runtime capabilities and filesystem view. |
+| `runtimeDriverFactory` | `NodeRuntimeDriverFactory` | Creates the compiler sandbox runtime. |
+| `memoryLimit` | `number` | Compiler sandbox isolate memory cap in MB. Default `512`. |
+| `cpuTimeLimitMs` | `number` | Compiler sandbox CPU time budget in ms. |
+| `compilerSpecifier` | `string` | Module specifier used to load the TypeScript compiler. Default `"typescript"`. |
+
+**Methods**
+
+| Method | Returns | Description |
+|---|---|---|
+| `typecheckProject(options?)` | `Promise<TypeCheckResult>` | Type-check a filesystem-backed TypeScript project using `tsconfig` discovery or `configFilePath`. |
+| `compileProject(options?)` | `Promise<ProjectCompileResult>` | Compile a filesystem-backed project and write emitted files through the configured filesystem like `tsc`. |
+| `typecheckSource(options)` | `Promise<TypeCheckResult>` | Type-check one TypeScript source string without mutating the filesystem. |
+| `compileSource(options)` | `Promise<SourceCompileResult>` | Compile one TypeScript source string and return JavaScript text. |
+
+---
+
 ### `PythonRuntime`
 
 Sandboxed Python runtime using Pyodide in a Worker thread.
@@ -286,6 +317,71 @@ Extends `ExecOptions` with:
 type StdioHook = (event: { channel: "stdout" | "stderr"; message: string }) => void;
 ```
 
+### `ProjectCompilerOptions`
+
+```ts
+{
+  cwd?: string;
+  configFilePath?: string;
+}
+```
+
+### `SourceCompilerOptions`
+
+```ts
+{
+  sourceText: string;
+  filePath?: string;
+  cwd?: string;
+  configFilePath?: string;
+  compilerOptions?: Record<string, unknown>;
+}
+```
+
+### `TypeCheckResult`
+
+```ts
+{
+  success: boolean;
+  diagnostics: TypeScriptDiagnostic[];
+}
+```
+
+### `ProjectCompileResult`
+
+```ts
+{
+  success: boolean;
+  diagnostics: TypeScriptDiagnostic[];
+  emitSkipped: boolean;
+  emittedFiles: string[];
+}
+```
+
+### `SourceCompileResult`
+
+```ts
+{
+  success: boolean;
+  diagnostics: TypeScriptDiagnostic[];
+  outputText?: string;
+  sourceMapText?: string;
+}
+```
+
+### `TypeScriptDiagnostic`
+
+```ts
+{
+  code: number;
+  category: "error" | "warning" | "suggestion" | "message";
+  message: string;
+  filePath?: string;
+  line?: number;
+  column?: number;
+}
+```
+
 ---
 
 ## Configuration Types

docs/node-compatability.mdx

@@ -60,6 +60,11 @@ Unsupported modules use: `"<module> is not supported in sandbox"`.
 - By default, secure-exec drops console emissions instead of buffering runtime-managed output.
 - Consumers that need logs should use the explicit `onStdio` hook to stream `stdout`/`stderr` events in emission order.
 
+## TypeScript Workflows
+
+- Core `secure-exec` runtimes execute JavaScript only.
+- Sandboxed TypeScript type checking and compilation belong in the separate `@secure-exec/typescript` package.
+
 ## Node-Modules Overlay Behavior
 
 - Node runtime composes a read-only `/app/node_modules` overlay from `<cwd>/node_modules` (default `cwd` is host `process.cwd()`, configurable via `moduleAccess.cwd`).

docs/quickstart.mdx

@@ -9,6 +9,12 @@ description: Get secure-exec running in a few minutes.
 pnpm add secure-exec
 ```
 
+Optional TypeScript tooling:
+
+```bash
+pnpm add @secure-exec/typescript
+```
+
 ## Create a runtime
 
 A runtime needs two things: a **system driver** that provides host capabilities (filesystem, network, permissions) and a **runtime driver** that manages the sandboxed execution environment.
@@ -51,7 +57,7 @@ Use `exec()` to run code in the sandbox. Console output is streamed through the
 ```ts
 const logs: string[] = [];
 
-const result = await runtime.exec("console.log('hello from secure-exec')", {
+const result = await runtime.exec("const value = 'hello from secure-exec'; console.log(value)", {
   onStdio: (event) => logs.push(`[${event.channel}] ${event.message}`),
 });
 
@@ -64,10 +70,12 @@ console.log(logs.join("\n"));
 Use `run()` to execute code and get an exported value back.
 
 ```ts
-const result = await runtime.run<number>("export default 2 + 2");
-console.log(result.exports); // 4
+const result = await runtime.run<{ default: number }>("export default 2 + 2");
+console.log(result.exports?.default); // 4
 ```
 
+If you want sandboxed TypeScript type checking or compilation before execution, use the separate `@secure-exec/typescript` package and pass its emitted JavaScript into `secure-exec`.
+
 ## Clean up
 
 Dispose the runtime when you're done to free resources.

docs/runtimes/node.mdx

@@ -3,7 +3,7 @@ title: Node Runtime
 description: Sandboxed JavaScript execution in a V8 isolate.
 ---
 
-`NodeRuntime` runs JavaScript in an isolated V8 isolate. It supports memory limits, CPU time budgets, and timing side-channel mitigation. The sandbox provides Node.js-compatible APIs through a bridge layer.
+`NodeRuntime` runs JavaScript code in an isolated V8 isolate. The sandbox supports memory limits, CPU time budgets, and timing side-channel mitigation.
 
 ## Creating a runtime
 
@@ -27,15 +27,15 @@ const runtime = new NodeRuntime({
 Use `exec()` when you care about side effects (logging, file writes) but don't need a return value.
 
 ```ts
-const result = await runtime.exec("console.log('done')");
+const result = await runtime.exec("const label = 'done'; console.log(label)");
 console.log(result.code); // 0
 ```
 
 Use `run()` when you need a value back. The sandboxed code should use `export default`.
 
 ```ts
-const result = await runtime.run<number>("export default 40 + 2");
-console.log(result.exports); // 42
+const result = await runtime.run<{ default: number }>("export default 40 + 2");
+console.log(result.exports?.default); // 42
 ```
 
 ## Capturing output
@@ -50,6 +50,10 @@ await runtime.exec("console.log('hello'); console.error('oops')", {
 // logs: ["[stdout] hello", "[stderr] oops"]
 ```
 
+## TypeScript workflows
+
+`NodeRuntime` executes JavaScript only. For sandboxed TypeScript type checking or compilation, use the separate `@secure-exec/typescript` package. See [TypeScript support](#typescript-support).
+
 ## Resource limits
 
 You can cap memory and CPU time to prevent runaway code from exhausting host resources.
@@ -67,3 +71,141 @@ const runtime = new NodeRuntime({
 ## Module loading
 
 The sandbox provides a read-only overlay of the host's `node_modules` at `/app/node_modules`. Sandboxed code can `import` or `require()` packages installed on the host without any additional configuration.
+
+## TypeScript support
+
+TypeScript support lives in the companion `@secure-exec/typescript` package. It runs the TypeScript compiler inside a dedicated sandbox so untrusted inputs cannot consume host CPU or memory during type checking or compilation.
+
+Shared setup:
+
+```ts
+import {
+  createInMemoryFileSystem,
+  createNodeDriver,
+  createNodeRuntimeDriverFactory,
+} from "secure-exec";
+import { createTypeScriptTools } from "@secure-exec/typescript";
+
+const filesystem = createInMemoryFileSystem();
+const systemDriver = createNodeDriver({ filesystem });
+const runtimeDriverFactory = createNodeRuntimeDriverFactory();
+const ts = createTypeScriptTools({
+  systemDriver,
+  runtimeDriverFactory,
+});
+```
+
+### Type check source
+
+Use `typecheckSource(...)` when you want to quickly validate AI-generated code before running it:
+
+```ts
+const result = await ts.typecheckSource({
+  filePath: "/root/snippet.ts",
+  sourceText: `
+    export function greet(name: string) {
+      return "hello " + missingValue;
+    }
+  `,
+});
+
+console.log(result.success); // false
+console.log(result.diagnostics[0]?.message);
+```
+
+### Type check project
+
+Use `typecheckProject(...)` when you want to validate a full TypeScript project from the filesystem exposed by the system driver. That means `tsconfig.json`, source files, and any other project inputs are read from that sandbox filesystem view.
+
+```ts
+await filesystem.mkdir("/root/src");
+await filesystem.writeFile(
+  "/root/tsconfig.json",
+  JSON.stringify({
+    compilerOptions: {
+      module: "nodenext",
+      moduleResolution: "nodenext",
+      target: "es2022",
+    },
+    include: ["src/**/*.ts"],
+  }),
+);
+await filesystem.writeFile(
+  "/root/src/index.ts",
+  "export const value: string = 123;\n",
+);
+
+const result = await ts.typecheckProject({ cwd: "/root" });
+
+console.log(result.success); // false
+console.log(result.diagnostics[0]?.message);
+```
+
+### Compile source
+
+Use `compileSource(...)` when you want to transpile one TypeScript source string and then hand the emitted JavaScript to `NodeRuntime`:
+
+```ts
+import { NodeRuntime } from "secure-exec";
+
+const compiled = await ts.compileSource({
+  filePath: "/root/example.ts",
+  sourceText: "export default 40 + 2;",
+  compilerOptions: {
+    module: "esnext",
+    target: "es2022",
+  },
+});
+
+const runtime = new NodeRuntime({
+  systemDriver,
+  runtimeDriverFactory,
+});
+
+const execution = await runtime.run<{ default: number }>(
+  compiled.outputText ?? "",
+  "/root/example.js",
+);
+
+console.log(execution.exports?.default); // 42
+```
+
+### Compile project
+
+Use `compileProject(...)` when you want TypeScript to read a real project from the filesystem exposed by the system driver and write emitted files back into that same sandbox filesystem view.
+
+```ts
+import {
+  NodeRuntime,
+} from "secure-exec";
+await filesystem.mkdir("/root/src");
+await filesystem.writeFile(
+  "/root/tsconfig.json",
+  JSON.stringify({
+    compilerOptions: {
+      module: "commonjs",
+      target: "es2022",
+      outDir: "/root/dist",
+    },
+    include: ["src/**/*.ts"],
+  }),
+);
+await filesystem.writeFile(
+  "/root/src/index.ts",
+  "export const answer: number = 42;\n",
+);
+
+await ts.compileProject({ cwd: "/root" });
+
+const runtime = new NodeRuntime({
+  systemDriver,
+  runtimeDriverFactory,
+});
+
+const execution = await runtime.run<{ answer: number }>(
+  "module.exports = require('./dist/index.js');",
+  "/root/entry.js",
+);
+
+console.log(execution.exports); // { answer: 42 }
+```

openspec/changes/extract-typescript-tools-package/.openspec.yaml

@@ -0,0 +1,2 @@
+schema: spec-driven
+created: 2026-03-10