fix(secure-exec): normalize probe errors and remove stale logging test

Author: NathanFlurry

CLAUDE.md

@@ -38,6 +38,7 @@ Follow the style in `packages/secure-exec/src/index.ts`.
 - explain intent/why, not obvious mechanics
 - keep comments concise and consistent (`Set up`, `Transform`, `Wait for`, `Get`)
 - comment tricky ordering/invariants; skip noise
+- add inline comments and doc comments when behavior is non-obvious, especially where runtime/bridge/driver pieces depend on each other
 
 ## Skills
 

docs-internal/todo/secure-exec.md

@@ -126,6 +126,10 @@
 - [ ] Add resolver memoization (positive + negative) to avoid repeated miss probes across `require()`/`import()`.
   - `packages/secure-exec/src/package-bundler.ts`, `packages/secure-exec/src/shared/require-setup.ts`, `packages/secure-exec/src/index.ts`
 
+- [ ] Document and verify package manager support for `node_modules` loading behavior.
+  - Cover expected resolver behavior and known caveats for npm, pnpm, yarn, and bun installs.
+  - Add/maintain compatibility fixtures that exercise transitive dependency loading across supported package manager layouts.
+
 - [ ] Cap and cache `package.json` parsing in resolver paths.
   - `packages/secure-exec/src/package-bundler.ts`
 

packages/secure-exec/src/bridge/process.ts

@@ -62,7 +62,7 @@ const config = {
   version:
     (typeof _processConfig !== "undefined" && _processConfig.version) ||
     "v22.0.0",
-  cwd: (typeof _processConfig !== "undefined" && _processConfig.cwd) || "/",
+  cwd: (typeof _processConfig !== "undefined" && _processConfig.cwd) || "/root",
   env: (typeof _processConfig !== "undefined" && _processConfig.env) || {},
   argv:
     (typeof _processConfig !== "undefined" && _processConfig.argv) || [

packages/secure-exec/src/index.ts

@@ -172,6 +172,9 @@ const DEFAULT_ISOLATE_JSON_PAYLOAD_BYTES = 4 * 1024 * 1024;
 const MIN_CONFIGURED_PAYLOAD_BYTES = 1024;
 const MAX_CONFIGURED_PAYLOAD_BYTES = 64 * 1024 * 1024;
 const PAYLOAD_LIMIT_ERROR_CODE = "ERR_SANDBOX_PAYLOAD_TOO_LARGE";
+const DEFAULT_SANDBOX_CWD = "/root";
+const DEFAULT_SANDBOX_HOME = "/root";
+const DEFAULT_SANDBOX_TMPDIR = "/tmp";
 
 class PayloadLimitError extends Error {
 	constructor(payloadLabel: string, maxBytes: number, actualBytes: number) {
@@ -228,10 +231,18 @@ export class NodeProcess {
 		this.networkAdapter = driver.network
 			? wrapNetworkAdapter(driver.network, permissions)
 			: createNetworkStub();
-		const processConfig = options.processConfig ?? {};
+		const processConfig = {
+			...(options.processConfig ?? {}),
+		};
+		processConfig.cwd ??= DEFAULT_SANDBOX_CWD;
 		processConfig.env = filterEnv(processConfig.env, permissions);
 		this.processConfig = processConfig;
-		this.osConfig = options.osConfig ?? {};
+		const osConfig = {
+			...(options.osConfig ?? {}),
+		};
+		osConfig.homedir ??= DEFAULT_SANDBOX_HOME;
+		osConfig.tmpdir ??= DEFAULT_SANDBOX_TMPDIR;
+		this.osConfig = osConfig;
 		this.cpuTimeLimitMs = options.cpuTimeLimitMs;
 		this.timingMitigation =
 			options.timingMitigation ?? DEFAULT_TIMING_MITIGATION;

packages/secure-exec/src/node/module-access.ts

@@ -17,7 +17,7 @@ const MODULE_ACCESS_INVALID_CONFIG = "ERR_MODULE_ACCESS_INVALID_CONFIG";
 const MODULE_ACCESS_OUT_OF_SCOPE = "ERR_MODULE_ACCESS_OUT_OF_SCOPE";
 const MODULE_ACCESS_NATIVE_ADDON = "ERR_MODULE_ACCESS_NATIVE_ADDON";
 
-const SANDBOX_APP_ROOT = "/app";
+const SANDBOX_APP_ROOT = "/root";
 const SANDBOX_NODE_MODULES_ROOT = `${SANDBOX_APP_ROOT}/node_modules`;
 
 const VIRTUAL_DIR_MODE = 0o040755;
@@ -80,9 +80,59 @@ function isNativeAddonPath(pathValue: string): boolean {
 	return pathValue.endsWith(".node");
 }
 
+function collectOverlayAllowedRoots(hostNodeModulesRoot: string): string[] {
+	const roots = new Set<string>([hostNodeModulesRoot]);
+	const symlinkScanRoots = [hostNodeModulesRoot, path.join(hostNodeModulesRoot, ".pnpm", "node_modules")];
+
+	const addSymlinkTarget = (entryPath: string): void => {
+		try {
+			const target = fsSync.realpathSync(entryPath);
+			roots.add(target);
+		} catch {
+			// Ignore broken symlinks.
+		}
+	};
+
+	const scanDirForSymlinks = (scanRoot: string): void => {
+		let entries: fsSync.Dirent[] = [];
+		try {
+			entries = fsSync.readdirSync(scanRoot, { withFileTypes: true });
+		} catch {
+			return;
+		}
+
+		for (const entry of entries) {
+			const entryPath = path.join(scanRoot, entry.name);
+			if (entry.isSymbolicLink()) {
+				addSymlinkTarget(entryPath);
+				continue;
+			}
+			if (entry.isDirectory() && entry.name.startsWith("@")) {
+				let scopedEntries: fsSync.Dirent[] = [];
+				try {
+					scopedEntries = fsSync.readdirSync(entryPath, { withFileTypes: true });
+				} catch {
+					continue;
+				}
+				for (const scopedEntry of scopedEntries) {
+					if (!scopedEntry.isSymbolicLink()) continue;
+					addSymlinkTarget(path.join(entryPath, scopedEntry.name));
+				}
+			}
+		}
+	};
+
+	for (const scanRoot of symlinkScanRoots) {
+		scanDirForSymlinks(scanRoot);
+	}
+
+	return [...roots];
+}
+
 export class ModuleAccessFileSystem implements VirtualFileSystem {
 	private readonly baseFileSystem?: VirtualFileSystem;
 	private readonly hostNodeModulesRoot: string | null;
+	private readonly overlayAllowedRoots: string[];
 
 	constructor(baseFileSystem: VirtualFileSystem | undefined, options: ModuleAccessOptions) {
 		this.baseFileSystem = baseFileSystem;
@@ -99,11 +149,17 @@ export class ModuleAccessFileSystem implements VirtualFileSystem {
 		const nodeModulesPath = path.join(cwd, "node_modules");
 		try {
 			this.hostNodeModulesRoot = fsSync.realpathSync(nodeModulesPath);
+			this.overlayAllowedRoots = collectOverlayAllowedRoots(this.hostNodeModulesRoot);
 		} catch {
 			this.hostNodeModulesRoot = null;
+			this.overlayAllowedRoots = [];
 		}
 	}
 
+	private isWithinAllowedOverlayRoots(canonicalPath: string): boolean {
+		return this.overlayAllowedRoots.some((root) => isWithinPath(canonicalPath, root));
+	}
+
 	private isSyntheticPath(virtualPath: string): boolean {
 		if (virtualPath === "/" || virtualPath === SANDBOX_APP_ROOT) {
 			return true;
@@ -174,10 +230,13 @@ export class ModuleAccessFileSystem implements VirtualFileSystem {
 
 		try {
 			const canonical = await fs.realpath(hostPath);
-			if (!this.hostNodeModulesRoot || !isWithinPath(canonical, this.hostNodeModulesRoot)) {
+			if (
+				!this.hostNodeModulesRoot ||
+				!this.isWithinAllowedOverlayRoots(canonical)
+			) {
 				throw createModuleAccessError(
 					MODULE_ACCESS_OUT_OF_SCOPE,
-					`resolved path '${canonical}' escapes '${this.hostNodeModulesRoot}'`,
+					`resolved path '${canonical}' escapes overlay roots rooted at '${this.hostNodeModulesRoot}'`,
 				);
 			}
 			if (isNativeAddonPath(canonical)) {

packages/secure-exec/src/package-bundler.ts

@@ -218,6 +218,9 @@ function getNodeModulesCandidatePackageDirs(
 ): string[] {
 	const candidates = new Set<string>();
 	candidates.add(join(dir, "node_modules", packageName));
+	candidates.add(
+		join(dir, "node_modules", ".pnpm", "node_modules", packageName),
+	);
 
 	// Match Node's "parent node_modules" lookup when the current directory is
 	// already a node_modules folder.