feat(python): outbound raw TCP + UDP sockets in the Pyodide bridge#140
Closed
NathanFlurry wants to merge 1 commit into
Closed
feat(python): outbound raw TCP + UDP sockets in the Pyodide bridge#140NathanFlurry wants to merge 1 commit into
NathanFlurry wants to merge 1 commit into
Conversation
Back Python's socket module with host sockets (outbound TCP connect/send/recv, UDP sendto/recvfrom), governed by the network policy + DNS egress guard like the HTTP bridge: - python.rs: SocketConnect/Send/Recv/Close + UdpCreate/Sendto/Recvfrom RPC methods, port/socketId wire fields, and Socket*/Udp* response payloads - execution.rs: handle_python_socket_rpc_request opens host TcpStream/UdpSocket per process (require_network_access + filter_dns_safe_ip_addrs), short read timeout so a recv RPC never stalls the shared event loop - state.rs: per-process PythonHostSocket registry - runner: socket bridge methods + a socket.socket shim that polls recv/recvfrom to emulate blocking semantics Listeners (bind/listen/accept) are out of scope — outbound only. Test: python_runtime_supports_raw_tcp_and_udp_sockets drives TCP + UDP echo servers through Python's stdlib socket module. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
railway-app
Bot
temporarily deployed
to
secure-exec / secure-exec-pr-140
railway-app
Bot
temporarily deployed
to
rivet-frontend / secure-exec-pr-140
|
🚅 Deployed to the secure-exec-pr-140 environment in rivet-frontend
🚅 Deployed to the secure-exec-pr-140 environment in secure-exec
|
Member
Author
|
Superseded by #142 (combined with the FS-hooks work). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds outbound raw TCP and UDP sockets to guest Python by backing the stdlib
socketmodule with host sockets — the same synchronous-bridge + network-policy model as the existing HTTP/DNS bridge.What works
socket.socket(AF_INET, SOCK_STREAM)→connect/send/sendall/recv/closesocket.socket(AF_INET, SOCK_DGRAM)→sendto/recvfrom/closesettimeout/setblocking(blocking emulated by polling)require_network_access+ the DNS egress guard (filter_dns_safe_ip_addrs), identical to the HTTP bridge — a hostname is resolved once and pinned, restricted non-loopback ranges are refused.How
PythonVfsRpcMethods (SocketConnect/Send/Recv/Close,UdpCreate/Sendto/Recvfrom),port/socketIdwire fields, andSocket*/Udp*response payloads.handle_python_socket_rpc_requestopens a hostTcpStream/UdpSocketper request, stored in a per-process registry. Reads use a short (100 ms) socket read timeout so arecvRPC returns promptly (data, or atimed_outflag) and never stalls the shared sidecar event loop.PythonHostSocketregistry (separate from the JS runtime's event-driven sockets).socket.socketshim whoserecv/recvfromre-poll the host to emulate blocking semantics.Scope
Outbound only — listeners (
bind/listen/accept) are not implemented (they need host-side accept plumbing). Documented as such.Test
python_runtime_supports_raw_tcp_and_udp_socketsdrives a host TCP echo server and a host UDP echo server through Python's stdlibsocketmodule (under the loopback-exempt + allow-all policy). Fullpython_suitestays green.Companion docs PR: rivet-dev/agentos#1553.
🤖 Generated with Claude Code