Skip to content

Commit b5edf27

Browse files
committed
docs: refresh package readmes
1 parent b07a353 commit b5edf27

5 files changed

Lines changed: 155 additions & 199 deletions

File tree

package-lock.json

Lines changed: 8 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/core/README.md

Lines changed: 52 additions & 84 deletions
Original file line numberDiff line numberDiff line change
@@ -1,120 +1,88 @@
11
# @execbox/core
22

3-
Executor-agnostic core for guest JavaScript that can call host tools directly or wrap MCP servers and clients into callable namespaces.
3+
Core execution contract for execbox. Use it to resolve host tools into callable guest namespaces, validate tool boundaries, and bridge MCP servers or clients into the same execution model.
44

55
[![npm version](https://img.shields.io/npm/v/%40execbox%2Fcore?style=flat-square)](https://www.npmjs.com/package/@execbox/core)
66
[![License](https://img.shields.io/github/license/aallam/execbox?style=flat-square)](https://github.com/aallam/execbox/blob/main/LICENSE)
7+
[![Docs](https://img.shields.io/badge/docs-site-0ea5e9?style=flat-square)](https://execbox.aallam.com)
78

8-
Docs: https://execbox.aallam.com
9+
## Use `@execbox/core` When
910

10-
## What You Get
11-
12-
- Resolve host tools into deterministic guest namespaces with name sanitization.
13-
- Validate tool inputs and outputs with JSON Schema, full Zod schemas, or MCP SDK-style raw Zod shapes.
14-
- Normalize user code before execution and generate namespace typings from resolved schemas.
15-
- Wrap MCP servers or clients into execbox providers, or expose code-execution tools from an MCP server.
11+
- you want to expose host capabilities to guest code through explicit tool providers
12+
- you want one execution contract across QuickJS, remote, or `isolated-vm` runtimes
13+
- you want to wrap MCP servers or clients into callable namespaces instead of exposing raw tool loops
1614

1715
## Pair It With an Executor
1816

19-
`@execbox/core` does not execute code on its own. Pair it with an executor backend:
20-
21-
| Package | Best for |
22-
| ---------------------------------------------------------------------------- | --------------------------------------------------------------------------- |
23-
| [`@execbox/quickjs`](https://www.npmjs.com/package/@execbox/quickjs) | Easiest setup, no native addon, with inline, worker, and process host modes |
24-
| [`@execbox/remote`](https://www.npmjs.com/package/@execbox/remote) | Same executor API, but with a caller-supplied remote boundary |
25-
| [`@execbox/isolated-vm`](https://www.npmjs.com/package/@execbox/isolated-vm) | Native `isolated-vm` backend when you specifically want that runtime |
26-
27-
## Examples
17+
`@execbox/core` defines the provider and tool boundary, but it does not execute guest code on its own.
2818

29-
- [Basic provider execution](https://github.com/aallam/execbox/blob/main/examples/execbox-basic.ts)
30-
- [Process-backed provider execution](https://github.com/aallam/execbox/blob/main/examples/execbox-process.ts)
31-
- [Remote provider execution](https://github.com/aallam/execbox/blob/main/examples/execbox-remote.ts)
32-
- [Worker-backed provider execution](https://github.com/aallam/execbox/blob/main/examples/execbox-worker.ts)
33-
- [Wrap MCP tools into a provider](https://github.com/aallam/execbox/blob/main/examples/execbox-mcp-provider.ts)
34-
- [Expose MCP code-execution tools from a server](https://github.com/aallam/execbox/blob/main/examples/execbox-mcp-server.ts)
35-
- [Run the same flow on `isolated-vm`](https://github.com/aallam/execbox/blob/main/examples/execbox-isolated-vm-basic.ts)
36-
- [Full examples index](https://github.com/aallam/execbox/tree/main/examples)
19+
| Package | Start here when |
20+
| ---------------------------------------------------------------------------- | ------------------------------------------------------------------------------ |
21+
| [`@execbox/quickjs`](https://www.npmjs.com/package/@execbox/quickjs) | You want the default path with inline, worker, or process-hosted QuickJS. |
22+
| [`@execbox/remote`](https://www.npmjs.com/package/@execbox/remote) | Your runtime already lives behind an application-owned transport boundary. |
23+
| [`@execbox/isolated-vm`](https://www.npmjs.com/package/@execbox/isolated-vm) | You explicitly want the `isolated-vm` runtime and can support its constraints. |
3724

3825
## Install
3926

27+
Most users start with QuickJS:
28+
4029
```bash
4130
npm install @execbox/core @execbox/quickjs
4231
```
4332

44-
Swap in `@execbox/isolated-vm` when you want the native executor instead.
45-
Set `host: "process"` on `QuickJsExecutor` when you want the QuickJS runtime to live in a fresh child process.
46-
Set `host: "worker"` on `QuickJsExecutor` when you want QuickJS off the main thread with pooled worker shells.
47-
Swap in `@execbox/remote` when you want the same API but a caller-managed remote transport boundary.
48-
49-
## Security Posture
50-
51-
- Execbox gives you fresh execution state, JSON-only tool boundaries, schema validation, timeout handling, memory limits, and bounded logs.
52-
- Hard isolation depends on the executor and deployment boundary you pair with `@execbox/core`.
53-
- Providers are explicit capability grants. Every tool you expose is authority you are handing to guest code.
54-
- In the default deployment model, provider and MCP tool definitions are controlled by the application, not by the end user.
55-
- Third-party MCP integrations should be reviewed as dependency-trust decisions, not folded into the primary end-user attacker model.
56-
- If the code source is hostile, prefer stronger isolation such as `QuickJsExecutor` with `host: "process"`, `@execbox/remote`, a container, or a VM.
57-
58-
## Architecture Docs
59-
60-
- [Execbox architecture overview](https://github.com/aallam/execbox/blob/main/docs/architecture/README.md)
61-
- [Execbox core architecture](https://github.com/aallam/execbox/blob/main/docs/architecture/execbox-core.md)
62-
- [Execbox executors](https://github.com/aallam/execbox/blob/main/docs/architecture/execbox-executors.md)
63-
- [Execbox MCP adapters and protocol](https://github.com/aallam/execbox/blob/main/docs/architecture/execbox-mcp-and-protocol.md)
64-
65-
## Exports
66-
67-
- `@execbox/core`
68-
- `ExecutionOptions`
69-
- `resolveProvider`
70-
- `normalizeCode`
71-
- `sanitizeToolName`
72-
- `extractProviderManifests`
73-
- `createToolCallDispatcher`
74-
- JSON Schema type generation and executor/result types
75-
- `@execbox/core/mcp`
76-
- `createMcpToolProvider`
77-
- `openMcpToolProvider`
78-
- `getMcpToolSourceServerInfo`
79-
- `McpToolClientSource`
80-
- `McpToolServerSource`
81-
- `codeMcpServer`
82-
83-
## Basic Usage
33+
Swap in `@execbox/remote` or `@execbox/isolated-vm` when you need a different runtime boundary.
34+
35+
## Smallest Working Usage
8436

8537
```ts
8638
import { resolveProvider } from "@execbox/core";
8739
import { QuickJsExecutor } from "@execbox/quickjs";
88-
import * as z from "zod";
8940

9041
const provider = resolveProvider({
9142
name: "tools",
9243
tools: {
93-
add: {
94-
inputSchema: z.object({
95-
x: z.number(),
96-
y: z.number(),
97-
}),
98-
execute: async (input) => {
99-
const { x, y } = input as { x: number; y: number };
100-
return { sum: x + y };
44+
greet: {
45+
inputSchema: {
46+
type: "object",
47+
required: ["name"],
48+
properties: {
49+
name: { type: "string" },
50+
},
10151
},
52+
execute: async (input) => ({
53+
message: `Hello, ${(input as { name: string }).name}!`,
54+
}),
10255
},
10356
},
10457
});
10558

10659
const executor = new QuickJsExecutor();
107-
const result = await executor.execute(
108-
"await tools.add({ x: 2, y: 5 })",
109-
[provider],
110-
{ timeoutMs: 250 },
111-
);
60+
const result = await executor.execute(`await tools.greet({ name: "World" })`, [
61+
provider,
62+
]);
63+
64+
console.log(result);
11265
```
11366

114-
## MCP Adapters
67+
## MCP Support
68+
69+
Use `@execbox/core/mcp` when you want MCP on either side of the boundary:
70+
71+
- wrap an upstream MCP server or client into a provider with `createMcpToolProvider()` or `openMcpToolProvider()`
72+
- expose execbox code execution back out through an MCP server with `codeMcpServer()`
73+
- preserve raw MCP `CallToolResult` envelopes so guest code can inspect `structuredContent` first and fall back to `content`
74+
75+
## Operational Notes
76+
77+
- Providers are the capability boundary. If guest code can call a tool, it can exercise that authority.
78+
- Execbox gives you JSON-only tool/result boundaries, schema validation, bounded logs, and timeout-aware execution controls.
79+
- Hard isolation depends on the executor and deployment boundary you choose, not on `@execbox/core` by itself.
11580

116-
Use `@execbox/core/mcp` when you want to wrap an MCP server or client into a tool provider, or expose code-execution tools from an MCP server. Wrapped tools preserve raw MCP `CallToolResult` envelopes so guest code can inspect `structuredContent` first and fall back to `content`.
81+
## Read Next
11782

118-
- `createMcpToolProvider({ client })` is the convenience API when the caller already owns the upstream MCP client lifecycle.
119-
- `openMcpToolProvider({ server | client })` returns an `McpToolProviderHandle` and is the required API when execbox owns a local `{ server }` connection.
120-
- `codeMcpServer()` owns any local wrapper connection it opens and releases it when the wrapper server closes.
83+
- [Getting Started](https://execbox.aallam.com/getting-started)
84+
- [Examples](https://execbox.aallam.com/examples)
85+
- [Security & Boundaries](https://execbox.aallam.com/security)
86+
- [Architecture Overview](https://execbox.aallam.com/architecture/)
87+
- [Core Architecture](https://execbox.aallam.com/architecture/execbox-core)
88+
- [MCP And Protocol](https://execbox.aallam.com/architecture/execbox-mcp-and-protocol)

packages/isolated-vm/README.md

Lines changed: 25 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -1,60 +1,39 @@
11
# @execbox/isolated-vm
22

3-
`isolated-vm` executor backend for `@execbox/core`.
3+
`isolated-vm` executor backend for execbox. Use it when you explicitly want the `isolated-vm` runtime instead of QuickJS and can support its native and runtime constraints.
44

55
[![npm version](https://img.shields.io/npm/v/%40execbox%2Fisolated-vm?style=flat-square)](https://www.npmjs.com/package/@execbox/isolated-vm)
66
[![License](https://img.shields.io/github/license/aallam/execbox?style=flat-square)](https://github.com/aallam/execbox/blob/main/LICENSE)
7+
[![Docs](https://img.shields.io/badge/docs-site-0ea5e9?style=flat-square)](https://execbox.aallam.com)
78

8-
Docs: https://execbox.aallam.com
9+
## Use `@execbox/isolated-vm` When
910

10-
## Choose `isolated-vm` When
11-
12-
- you explicitly want the `isolated-vm` runtime instead of QuickJS
13-
- your environment can support the native addon install
11+
- you explicitly want the `isolated-vm` runtime instead of the default QuickJS path
12+
- your environment can install the native addon successfully
1413
- you are prepared to run Node 22+ with `--no-node-snapshot`
1514

16-
If you want the simpler default backend, use [`@execbox/quickjs`](https://www.npmjs.com/package/@execbox/quickjs) instead.
17-
18-
## Examples
19-
20-
- [Basic provider execution on `isolated-vm`](https://github.com/aallam/execbox/blob/main/examples/execbox-isolated-vm-basic.ts)
21-
- [QuickJS-based execbox examples for the shared API surface](https://github.com/aallam/execbox/blob/main/examples/execbox-basic.ts)
22-
- [Worker-hosted QuickJS example for the alternate host mode](https://github.com/aallam/execbox/blob/main/examples/execbox-worker.ts)
23-
- [Full examples index](https://github.com/aallam/execbox/tree/main/examples)
15+
If you want the lowest-friction default backend, use [`@execbox/quickjs`](https://www.npmjs.com/package/@execbox/quickjs) instead.
2416

2517
## Install
2618

2719
```bash
2820
npm install @execbox/core @execbox/isolated-vm
2921
```
3022

31-
## Requirements
23+
## Runtime Requirements
3224

3325
- Node 22+ must run with `--no-node-snapshot`
34-
- the optional `isolated-vm` native dependency must install successfully in the host environment
35-
- native-addon failures are surfaced when `IsolatedVmExecutor` is constructed or used
36-
- advanced consumers can import the reusable runner from `@execbox/isolated-vm/runner`
37-
38-
## Security Notes
39-
40-
- Each execution gets a fresh `isolated-vm` context with JSON-only tool and result boundaries.
41-
- In the default deployment model, provider definitions are controlled by the host application, while hostile users control guest code and tool inputs.
42-
- This package is still in-process execution. It is not a substitute for a separate trust boundary such as a container or VM.
43-
- Providers remain the real capability boundary. If a tool is dangerous, guest code can invoke it.
26+
- the optional `isolated-vm` dependency must install successfully in the host environment
27+
- advanced consumers can also import the reusable runner from `@execbox/isolated-vm/runner`
4428

45-
## Architecture Docs
46-
47-
- [Execbox architecture overview](https://github.com/aallam/execbox/blob/main/docs/architecture/README.md)
48-
- [Execbox executors](https://github.com/aallam/execbox/blob/main/docs/architecture/execbox-executors.md)
49-
- [Execbox MCP adapters and protocol](https://github.com/aallam/execbox/blob/main/docs/architecture/execbox-mcp-and-protocol.md)
50-
51-
## Usage
29+
## Smallest Working Usage
5230

5331
```ts
5432
import { resolveProvider } from "@execbox/core";
5533
import { IsolatedVmExecutor } from "@execbox/isolated-vm";
5634

5735
const provider = resolveProvider({
36+
name: "tools",
5837
tools: {
5938
echo: {
6039
execute: async (input) => input,
@@ -63,19 +42,24 @@ const provider = resolveProvider({
6342
});
6443

6544
const executor = new IsolatedVmExecutor();
66-
const result = await executor.execute("await codemode.echo({ ok: true })", [
45+
const result = await executor.execute(`await tools.echo({ ok: true })`, [
6746
provider,
6847
]);
48+
49+
console.log(result);
6950
```
7051

71-
This package is verified through the workspace security flows:
52+
## Operational Notes
7253

73-
```bash
74-
npm run test:security
75-
npm run test:isolated-vm
76-
npm run verify:isolated-vm
77-
```
54+
- Each execution gets a fresh `isolated-vm` context with JSON-only tool and result boundaries.
55+
- This package is still an in-process runtime choice, not a substitute for a container, VM, or separate trust domain.
56+
- Providers remain the real capability boundary. If a tool is dangerous, guest code can invoke it.
57+
- If you need stronger lifecycle separation than in-process execution, prefer QuickJS with `host: "process"` or a remote transport boundary.
7858

79-
The required CI lane runs the isolated-vm suite on Node 24 with `--no-node-snapshot`, which is the best local environment to match when validating native-runtime changes.
59+
## Read Next
8060

81-
If process stability and trust separation matter more than in-process performance, prefer `@execbox/quickjs` with `host: "process"` or a remote transport boundary.
61+
- [Getting Started](https://execbox.aallam.com/getting-started)
62+
- [Examples](https://execbox.aallam.com/examples)
63+
- [Security & Boundaries](https://execbox.aallam.com/security)
64+
- [Executors](https://execbox.aallam.com/architecture/execbox-executors)
65+
- [MCP And Protocol](https://execbox.aallam.com/architecture/execbox-mcp-and-protocol)

0 commit comments

Comments
 (0)