/**
* postgres-mcp - Code Mode Worker Script
*
* This script runs in a worker thread to execute user code in isolation.
* It uses Node.js vm module within the worker for additional sandboxing.
*/
import { parentPort, workerData } from 'node:worker_threads';
import vm from 'node:vm';
interface WorkerData {
code: string;
apiBindings: Record<string, string[]>;
timeout: number;
}
interface WorkerResult {
success: boolean;
result?: unknown;
error?: string | undefined;
stack?: string | undefined;
}
/**
* Execute code in a sandboxed vm context within the worker
*/
async function executeCode(): Promise<void> {
const { code, timeout } = workerData as WorkerData;
try {
// Create minimal sandbox context
const logBuffer: string[] = [];
const sandbox = {
console: {
log: (...args: unknown[]) => {
logBuffer.push(args.map(a =>
typeof a === 'object' && a !== null ? JSON.stringify(a) : String(a)
).join(' '));
},
warn: (...args: unknown[]) => logBuffer.push('[WARN] ' + args.map(a => String(a)).join(' ')),
error: (...args: unknown[]) => logBuffer.push('[ERROR] ' + args.map(a => String(a)).join(' ')),
info: (...args: unknown[]) => logBuffer.push('[INFO] ' + args.map(a => String(a)).join(' '))
},
// Block dangerous globals
require: undefined,
process: undefined,
global: undefined,
globalThis: undefined,
__dirname: undefined,
__filename: undefined,
module: undefined,
exports: undefined,
// Safe built-ins
JSON,
Math,
Date,
Array,
Object,
String,
Number,
Boolean,
Map,
Set,
Promise,
Error,
TypeError,
RangeError,
SyntaxError,
// Disabled for security
setTimeout: undefined,
setInterval: undefined,
setImmediate: undefined,
// pg API placeholder (populated by main thread via message passing)
pg: {}
};
const context = vm.createContext(sandbox);
// Wrap code in async IIFE to support await
const wrappedCode = `
(async () => {
${code}
})();
`;
// Compile and run with timeout
const script = new vm.Script(wrappedCode, {
filename: 'worker-codemode-script.js'
});
const result = await (script.runInContext(context, {
timeout,
breakOnSigint: true
}) as Promise<unknown>);
const response: WorkerResult = {
success: true,
result
};
parentPort?.postMessage(response);
} catch (error) {
const errorMessage = error instanceof Error ? error.message : String(error);
const stack = error instanceof Error ? error.stack : undefined;
// Check for timeout
if (errorMessage.includes('Script execution timed out')) {
const response: WorkerResult = {
success: false,
error: `Execution timeout: exceeded ${String(timeout)}ms limit`,
stack
};
parentPort?.postMessage(response);
return;
}
const response: WorkerResult = {
success: false,
error: errorMessage,
stack
};
parentPort?.postMessage(response);
}
}
// Execute immediately
executeCode().catch((error: unknown) => {
const response: WorkerResult = {
success: false,
error: error instanceof Error ? error.message : String(error),
stack: error instanceof Error ? error.stack : undefined
};
parentPort?.postMessage(response);
});
