Merge pull request #1 from rivet-dev/check-python-support

feat(secure-exec): add Python runtime with Pyodide driver

Author: NathanFlurry

CLAUDE.md

@@ -37,6 +37,13 @@
 - the matrix runs each fixture in host Node and secure-exec and compares normalized `code`, `stdout`, and `stderr`
 - no known-mismatch classification is allowed; parity mismatches stay failing until runtime/bridge behavior is fixed
 
+## Test Structure
+
+- `tests/test-suite/{node,python}.test.ts` are integration suite drivers; `tests/test-suite/{node,python}/` hold the shared suite definitions
+- test suites test generic runtime functionality with any pluggable SystemDriver (exec, run, stdio, env, filesystem, network, timeouts, log buffering); prefer adding tests here because they run against all environments (node, browser, python)
+- `tests/runtime-driver/` tests behavior specific to a single runtime driver (e.g. Node-only `memoryLimit`/`timingMitigation`, Python-only warm state or `secure_exec` hooks) that cannot be expressed through the shared suite context
+- within `test-suite/{node,python}/`, files are named by domain (e.g. `runtime.ts`, `network.ts`)
+
 ## Comment Pattern
 
 Follow the style in `packages/secure-exec/src/index.ts`.

docs-internal/friction.md

@@ -1,5 +1,12 @@
 # Sandboxed Node Friction Log
 
+## 2026-03-09
+
+1. **[resolved]** Python `exec()` env overrides bypassed `permissions.env`.
+   - Symptom: `PyodideRuntimeDriver` filtered constructor-level runtime env, but per-execution `exec(..., { env })` overrides were forwarded into the worker without permission filtering.
+   - Fix: Python `exec()` now filters override keys through the shared `filterEnv(...)` path before applying them in the worker, matching Node runtime behavior.
+   - Follow-up: keep future Python capability additions on the same host-side permission boundary so worker-facing APIs never receive unapproved capability input.
+
 ## 2026-03-03
 
 1. **[resolved]** Python runtime contract split needed explicit cross-runtime `exec()` parity and warm-state guardrails.

docs-internal/todo.md

@@ -64,6 +64,10 @@
 
 ## Security & Hardening
 
+- [x] Filter Python `exec(..., { env })` overrides through `permissions.env`.
+  - Fix: `PyodideRuntimeDriver.exec()` now applies the shared `filterEnv(...)` gate before env overrides reach the worker, and runtime-driver tests cover both denied-by-default and explicitly-allowed cases.
+  - `packages/secure-exec/src/python/driver.ts`, `packages/secure-exec/tests/runtime-driver/python.test.ts`
+
 - [x] Bridge `crypto.getRandomValues` / `randomUUID` to host `node:crypto` instead of `Math.random()`.
   - Fix: runtime now wires host `node:crypto` references from `packages/secure-exec/src/index.ts` into the isolate and uses them in `packages/secure-exec/src/bridge/process.ts`.
   - Fail-closed contract: bridge throws deterministic `crypto.getRandomValues is not supported in sandbox` / `crypto.randomUUID is not supported in sandbox` errors when host entropy hooks are unavailable.