Skip to content

feat: V8 migration - port bridges from isolated-vm, remove isolated-vm#24

Merged
NathanFlurry merged 1 commit intomainfrom
ralph/v8-migration
Mar 21, 2026
Merged

feat: V8 migration - port bridges from isolated-vm, remove isolated-vm#24
NathanFlurry merged 1 commit intomainfrom
ralph/v8-migration

Conversation

@NathanFlurry
Copy link
Member

@NathanFlurry NathanFlurry commented Mar 21, 2026

Summary

  • Port all bridge handlers (crypto, net/TLS sockets, sync module resolution, ESM star export deconfliction, polyfill patches) from isolated-vm to V8 bridge-handlers.ts
  • Implement guest-side net/tls modules for TCP socket and TLS upgrade support
  • Replace isolated-vm execution engine with node:vm based execution
  • Remove isolated-vm dependency and delete legacy files (isolate.ts, execution.ts, execution-lifecycle.ts)
  • Add e2e-docker fixtures (pg, mysql2, ioredis, ssh2) and CLI tool tests

Known issues

  • 70/288 runtime-driver tests fail — US-014 replaced isolated-vm with node:vm instead of wiring into @secure-exec/v8. node:vm shares host V8 heap (no memory isolation) and cannot replicate applySyncPromise in ESM mode. This needs rework to use the existing V8 driver on main.
  • 7/17 SSH e2e-docker fixtures fail — ssh2 KEXINIT handshake fails due to polyfilled crypto ECDH/DH incompatibility with OpenSSH
  • pnpm-lock.yaml still has stale isolated-vm entry

What's solid (US-001–US-013)

  • Crypto: hash, HMAC, pbkdf2, scrypt, cipheriv (one-shot + stateful sessions), sign/verify, generateKeyPairSync, subtle (deriveBits PBKDF2/HKDF, deriveKey)
  • Net/TLS: TCP socket connect/write/end/destroy, TLS upgrade, event dispatch
  • Sync module resolution: resolveModuleSync, loadFileSync, sandboxToHostPath
  • ESM: deconflictStarExports for V8's strict star export handling
  • Polyfills: zlib.constants, Buffer proto methods, FormData, Response.body, Headers.append, http2.constants
  • 10/17 e2e-docker fixtures pass (all pg, mysql2, ioredis, ssh2 error paths)
  • 79/79 test-suite tests pass, 215/288 runtime-driver tests pass

Test plan

  • Typecheck passes (26/26 packages)
  • Test suite passes (79/79)
  • Runtime driver tests — 70 failures, needs V8 driver rework
  • Project matrix — needs verification after V8 driver fix
  • e2e-docker — 10/17 pass, 7 SSH fixtures blocked on crypto ECDH

Spec

  • docs-internal/specs/v8-migration.md
  • docs-internal/specs/nodejs-test-suite.md

@NathanFlurry NathanFlurry merged commit c66390b into main Mar 21, 2026
1 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@NathanFlurry