feat(ai-autopilot): WebContainerRunner (in-browser sandboxed runner)#223
Merged
Merged
Conversation
…runner Third real Runner adapter after LocalRunner and DockerRunner, wrapping StackBlitz's @webcontainer/api. Runs untrusted agent code inside a browser tab: in-browser Node runtime, isolated fs, instant preview() URL, nothing touches the host. Browser-only by construction (needs SharedArrayBuffer + cross-origin isolation), so @webcontainer/api is an optional peer imported lazily; loading the package in Node never pulls it in. New webContainerAvailable() guards it. WebContainer cannot boot in Node, so boot-and-serve is proven by a headless Chromium harness under harness/webcontainer/ that drives the compiled adapter end to end (boot, fs, exec incl. timeout kill, start, real preview URL, in-container serve check, dispose, reboot). Node-only guards covered by the default suite. Part of #109.
3 tasks
This was referenced Jul 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Third real
Runneradapter after Local and Docker, wrapping@webcontainer/api. Untrusted agent code runs entirely in a browser tab (in-browser Node, isolated fs, instantpreview()URL), nothing touches the host.The honest-verification part. WebContainer only boots in a cross-origin-isolated browser, so it can't be tested from
node --testlike Docker. I checked whether a real boot proof was even feasible before writing the adapter: yes. There's a headless-Chromium harness underharness/webcontainer/that drives the compiled adapter end to end and it passes 15/15 locally (boot, fs, exec incl. timeout kill, start, a real*.webcontainer-api.iopreview URL, an in-container serve check, dispose, reboot). So this ships verified, not on faith.Shape
@webcontainer/apiis an optional peer, imported lazily (dynamicimport), so loading the package in Node never pulls it in.webContainerAvailable()guard;boot()throws a clear error in Node. Both covered by the default suite (288 pass).pnpm test. README explains how to run it.Part of #109. Flue stays gated on a live Flue env.