Skip to content

feat: implement Logic Script component with dynamic ports and URL imports #182

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
betterclever merged 7 commits into from
Dec 22, 2025
Merged

feat: implement Logic Script component with dynamic ports and URL imports #182

betterclever merged 7 commits into from
Dec 22, 2025

Conversation

@betterclever
Copy link
Contributor

@betterclever betterclever commented Dec 22, 2025
edited
Loading

This PR introduces the Logic Script component, a powerful new node type that allows users to execute custom TypeScript logic within a secure, high-performance sandbox.

🚀 Key Highlights

  • Dynamic Input/Output System: A flexible variable system where users can define custom input and output variables. These are dynamically resolved into ports on the workflow node, allowing seamless data flow between components.
  • High-Performance Sandboxing: Scripts are executed in isolated `oven/bun:alpine` Docker containers. This ensures security and consistent performance with hard resource limits (256MB RAM / 0.5 CPU) and a 30s execution timeout.
  • Recursive URL Imports: Native support for importing NPM packages directly via URLs (e.g., `import _ from 'https://esm.sh/lodash'\`). A custom Bun plugin handles recursive dependency resolution on-the-fly inside the sandbox.
  • Native TypeScript Support: Zero-config TypeScript execution. Bun runs user code directly without any intermediate transpilation steps.
  • Premium Editor Experience:
    • Integrated Monaco Editor with full TypeScript language support.
    • Auto-generated Typings: Interfaces for `Input` and `Output` are automatically updated based on user-defined variables, providing a first-class developer experience with autocomplete.
    • Built-in documentation and live examples for external package imports.

🛠️ Technical Implementation

  • Port Resolution: Implemented `resolvePorts` to dynamically update the node's visual structure based on configuration.
  • Secure Injection: Uses Base64 encoding to pass the plugin, user code, and harness into the container, avoiding shell escaping issues.
  • Log Streaming: Captures container `stdout`/`stderr` and routes them directly to the workflow execution logger.

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Dec 22, 2025
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

worker/src/components/core/logic-script.ts Outdated
Comment on lines 175 to 176
// 5. Execute
const vmResult = vm.evalCode(userScriptWrapped);
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Enforce an execution limit on sandboxed scripts

The QuickJS context is created and vm.evalCode(...) is called without any time/interrupt limit, so a user script containing an infinite loop (e.g., while(true){}) will block the worker thread indefinitely and stall the workflow runner. Because this component is intended for untrusted user logic, the lack of a timeout or instruction budget is a production-stopping risk; consider wiring a deadline/interrupt handler or running the VM with an execution limit so the worker can recover.

Useful? React with 👍 / 👎.

@betterclever
fix(worker): satisfy typecheck for logic node
ca6f960 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(frontend): custom UI for logic script input/output variables
7dae1b4 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
fix(frontend): improve dnd reliability and add logs
0374ae7 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(frontend): add drag-and-drop variable editor for Logic Script node
06037b6 
- Add @dnd-kit/core, @dnd-kit/sortable, @dnd-kit/utilities dependencies
- Create SimpleVariableListEditor component with DnD reordering
- Add 'list' type support to logic-script component
- Implement dynamic outputs resolution in ConfigPanel
- Add dynamicOutputs to FrontendNodeData interface
- Update WorkflowNode to render dynamic output ports from nodeData

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever
feat(worker): implement robust docker-based logic runner with bun and…
fcd78d0 
… url import support

- Switched logic script execution from QuickJS to high-performance Docker (Bun)\n- Implemented custom Bun HTTP loader plugin for recursive URL imports (Unpkg/esm.sh)\n- Removed sucrase dependency for logic execution (native TS support)\n- Improved sandbox isolation with 256MB RAM and 0.5 CPU limits\n- Added documentation and examples for external packages in the frontend editor

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever betterclever force-pushed the betterclever/25b2026/d1feat2 branch from 6e62e04 to fcd78d0 Compare December 22, 2025 17:02
@betterclever
fix(worker): improve code injection logic and update logic-script tests
360a01c 
- Fixed regex that was causing double 'export' in logic scripts\n- Updated unit tests to match Docker/Bun execution format\n- Fixed mock ExecutionContext in tests to match package-sdk interfaces

Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever betterclever force-pushed the betterclever/25b2026/d1feat2 branch from e9a8839 to 360a01c Compare December 22, 2025 17:06
@betterclever betterclever changed the title feat(worker): Logic Script Node with Sandbox feat(worker/frontend): switch Logic Node to Docker/Bun and enable URL imports Dec 22, 2025
@betterclever betterclever changed the title feat(worker/frontend): switch Logic Node to Docker/Bun and enable URL imports feat: implement Logic Script component with dynamic ports and URL imports Dec 22, 2025
@betterclever betterclever force-pushed the betterclever/25b2026/d1feat2 branch from 4f76dae to 476beaa Compare December 22, 2025 17:11
@betterclever
chore(worker): remove unused quickjs and sucrase dependencies
f36cf6a 
Signed-off-by: betterclever <paliwal.pranjal83@gmail.com>
@betterclever betterclever force-pushed the betterclever/25b2026/d1feat2 branch from 476beaa to f36cf6a Compare December 22, 2025 17:16
@betterclever betterclever merged commit 0fb8a59 into main Dec 22, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@betterclever