stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
110cb43e4d8fb135b1a2a9f690a5c9477f1d96a9
git.stella-ops.org/docs/features/unchecked/releaseorchestrator/multi-language-script-engine.md

2.4 KiB
Raw Blame History

Multi-Language Script Engine (6 Languages with Monaco Editor, Sandbox, Library Management, and Policy Evaluation)

Module

ReleaseOrchestrator

Status

IMPLEMENTED

Description

Polyglot script execution engine supporting C#, Python, Java, Go, Bash, and TypeScript with containerized isolation, resource limits, timeout enforcement, Monaco-based editor with language server protocol IntelliSense, security sandbox with network/filesystem/resource policies, dependency resolution with version pinning, policy-based script approval and signing, and runtime image management per language.

Implementation Details

  • Modules: src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Scripts/
  • Key Classes:
    • ScriptExecutor (src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Scripts/Execution/ScriptExecutor.cs) - executes scripts in containerized sandboxes with resource limits and timeout enforcement
    • ScriptLibraryManager (src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Scripts/Library/ScriptLibraryManager.cs) - manages script libraries with dependency resolution and version pinning
    • RuntimeImageManager (src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Scripts/Runtime/RuntimeImageManager.cs) - manages per-language runtime container images
    • ScriptPolicyEvaluator (src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Scripts/Policies/ScriptPolicyEvaluator.cs) - evaluates policy-based script approval and signing rules
  • Interfaces: IScriptExecutor, IScriptLibraryManager, IRuntimeImageManager, IScriptPolicyEvaluator
  • Source: SPRINT_20260117_040_ReleaseOrchestrator_multi_language_scripts.md

E2E Test Plan

  • Execute a script in each supported language (C#, Python, Java, Go, Bash, TypeScript) via ScriptExecutor and verify output
  • Verify containerized isolation: run a script that attempts filesystem access and verify it is blocked by the sandbox
  • Verify resource limits: run a script that exceeds memory/CPU limits and verify it is terminated
  • Verify timeout enforcement: run a long-running script and verify it is killed after timeout
  • Add a library dependency via ScriptLibraryManager and verify version pinning in execution
  • Verify ScriptPolicyEvaluator rejects an unapproved/unsigned script
  • Verify RuntimeImageManager manages and pulls per-language container images