fix: enforce host environment access rules and correct process.env formatting (#1666)

* fix: correctly enforce host env access

Signed-off-by: Dario Valdespino <[email protected]>

* chore: remove unused code

Signed-off-by: Dario Valdespino <[email protected]>

---------

Signed-off-by: Dario Valdespino <[email protected]>

Author: darvld

packages/cli/src/main/kotlin/elide/tool/cli/cmd/repl/ToolShellCommand.kt

@@ -2431,7 +2431,7 @@ internal class ToolShellCommand : ProjectAwareSubcommand<ToolState, CommandConte
     appEnvironment.apply(
       project,
       this,
-      host = accessControl.allowEnv,
+      host = accessControl.allowAll || accessControl.allowEnv,
       dotenv = appEnvironment.dotenv,
     )
 

packages/graalvm/api/graalvm.api

@@ -3804,7 +3804,7 @@ public abstract interface class elide/runtime/intrinsics/js/node/ProcessAPI : el
 	public abstract fun exit (Lorg/graalvm/polyglot/Value;)V
 	public abstract fun getArch ()Ljava/lang/String;
 	public abstract fun getArgv ()[Ljava/lang/String;
-	public abstract fun getEnv ()Lelide/runtime/intrinsics/js/node/process/ProcessEnvironmentAPI;
+	public abstract fun getEnv ()Lorg/graalvm/polyglot/Value;
 	public synthetic fun getMemberKeys ()Ljava/lang/Object;
 	public fun getMemberKeys ()[Ljava/lang/String;
 	public abstract fun getPid ()J
@@ -9817,10 +9817,14 @@ public final class elide/runtime/plugins/env/Environment {
 	public static final field Plugin Lelide/runtime/plugins/env/Environment$Plugin;
 	public synthetic fun <init> (Lelide/runtime/plugins/env/EnvConfig;Lkotlin/jvm/internal/DefaultConstructorMarker;)V
 	public final fun configure (Lelide/runtime/core/EnginePlugin$InstallationScope;Lelide/runtime/core/PolyglotContext;Lelide/runtime/core/GuestLanguage;)V
+	public static final fun forLanguage (Lelide/runtime/core/GuestLanguage;Lorg/graalvm/polyglot/Context;)Lorg/graalvm/polyglot/Value;
+	public static final fun forLanguage (Ljava/lang/String;Lorg/graalvm/polyglot/Context;)Lorg/graalvm/polyglot/Value;
 	public final fun getConfig ()Lelide/runtime/plugins/env/EnvConfig;
 }
 
 public final class elide/runtime/plugins/env/Environment$Plugin : elide/runtime/core/EnginePlugin {
+	public final fun forLanguage (Lelide/runtime/core/GuestLanguage;Lorg/graalvm/polyglot/Context;)Lorg/graalvm/polyglot/Value;
+	public final fun forLanguage (Ljava/lang/String;Lorg/graalvm/polyglot/Context;)Lorg/graalvm/polyglot/Value;
 	public fun getKey-wLvarY0 ()Ljava/lang/String;
 	public fun install (Lelide/runtime/core/EnginePlugin$InstallationScope;Lkotlin/jvm/functions/Function1;)Lelide/runtime/plugins/env/Environment;
 	public synthetic fun install (Lelide/runtime/core/EnginePlugin$InstallationScope;Lkotlin/jvm/functions/Function1;)Ljava/lang/Object;

packages/graalvm/src/main/kotlin/elide/runtime/intrinsics/js/node/ProcessAPI.kt

@@ -15,6 +15,7 @@ package elide.runtime.intrinsics.js.node
 import org.graalvm.polyglot.Value
 import org.graalvm.polyglot.proxy.ProxyObject
 import elide.annotations.API
+import elide.runtime.core.PolyglotValue
 import elide.runtime.gvm.js.JsError
 import elide.runtime.intrinsics.js.node.process.ProcessEnvironmentAPI
 import elide.runtime.intrinsics.js.node.process.ProcessStandardInputStream
@@ -85,12 +86,11 @@ private val NODE_PROCESS_PROPS = arrayOf(
   /**
    * ## Process Environment
    *
-   * Access the environment variables of the current process.
+   * Access the environment variables of the current process as an arbitrary guest value.
    *
    * See also: [Node Process API: `env`](https://nodejs.org/api/process.html#process_process_env).
-   * @see ProcessEnvironmentAPI for details about how Elide handles Node-style environment access.
    */
-  @get:Polyglot public val env: ProcessEnvironmentAPI
+  @get:Polyglot public val env: PolyglotValue
 
   /**
    * ## Process Arguments

packages/graalvm/src/main/kotlin/elide/runtime/node/process/NodeProcess.kt

@@ -17,15 +17,16 @@ package elide.runtime.node.process
 
 import org.graalvm.nativeimage.ImageInfo
 import org.graalvm.nativeimage.ProcessProperties
+import org.graalvm.polyglot.Context
 import org.graalvm.polyglot.Value
 import org.graalvm.polyglot.proxy.ProxyExecutable
 import java.util.concurrent.atomic.AtomicReference
 import jakarta.inject.Provider
-import kotlin.collections.Map.Entry
 import kotlin.system.exitProcess
 import elide.annotations.Inject
 import elide.annotations.Singleton
 import elide.runtime.core.DelicateElideApi
+import elide.runtime.core.PolyglotValue
 import elide.runtime.gvm.api.Intrinsic
 import elide.runtime.gvm.internals.ProcessManager
 import elide.runtime.gvm.internals.intrinsics.js.AbstractNodeBuiltinModule
@@ -37,6 +38,8 @@ import elide.runtime.intrinsics.js.node.ProcessAPI
 import elide.runtime.intrinsics.js.node.process.*
 import elide.runtime.lang.javascript.NodeModuleName
 import elide.runtime.plugins.env.EnvConfig
+import elide.runtime.plugins.env.Environment
+import elide.runtime.plugins.js.JavaScript
 import elide.vm.annotations.Polyglot
 
 // Installs the Node process module into the intrinsic bindings.
@@ -47,9 +50,7 @@ import elide.vm.annotations.Polyglot
   private fun envConfig(): EnvConfig? = envConfigProvider.get()
 
   fun provide(): ProcessAPI = envConfig().let { envConfig ->
-    if (envConfig == null) NodeProcess.obtain() else NodeProcess.create(
-      env = EnvAccessor.of(envConfig),
-    )
+    if (envConfig == null) NodeProcess.obtain() else NodeProcess.create()
   }
 
   private val singleton by lazy { provide() }
@@ -229,20 +230,6 @@ internal interface EnvAccessor {
   fun pid(): Long
 }
 
-// Mediate access to an environment accessor for the Node process module.
-private class EnvironmentAccessMediator(private val access: EnvAccessor) : ProcessEnvironmentAPI {
-  override val entries: Set<Entry<String, String>> get() = all().entries
-  override val keys: Set<String> get() = all().keys
-  override val size: Int get() = all().size
-  override val values: Collection<String> get() = all().values
-
-  override fun all(): Map<String, String> = access.all()
-  override fun get(key: String): String? = access[key]
-  override fun containsKey(key: String): Boolean = access[key] != null
-  override fun containsValue(value: String): Boolean = all().values.contains(value)
-  override fun isEmpty(): Boolean = all().isEmpty()
-}
-
 /**
  * # Node Process API
  */
@@ -255,7 +242,6 @@ internal object NodeProcess {
     private val activePlatform: ProcessPlatform,
     private val activeArch: ProcessArch,
     private val argvMediator: ArgvAccessor,
-    private val envApi: EnvAccessor,
     private val exiter: VmExitHandler,
     private val cwdAccessor: CwdAccessor,
     private val pidAccessor: PidAccessor,
@@ -277,7 +263,8 @@ internal object NodeProcess {
     // Process title/program name override.
     private val programNameOverride: AtomicReference<String> = AtomicReference()
 
-    @get:Polyglot override val env: ProcessEnvironmentAPI get() = EnvironmentAccessMediator(envApi)
+    @get:Polyglot override val env: PolyglotValue get() = Environment.forLanguage(JavaScript, Context.getCurrent())
+
     @get:Polyglot override val argv: Array<String> get() = argvMediator.all()
     @get:Polyglot override val pid: Long get() = pidAccessor.pid()
     @get:Polyglot override val arch: String get() = activeArch.symbol
@@ -348,7 +335,6 @@ internal object NodeProcess {
       resolveCurrentPlatform(),
       resolveCurrentArchitecture(),
       { emptyArray<String>() },
-      EnvAccessor.empty(),
       { },
       { "" },
       { -1 },
@@ -362,7 +348,6 @@ internal object NodeProcess {
         resolveCurrentPlatform(),
         resolveCurrentArchitecture(),
         { mgr.arguments() },
-        EnvAccessor.fromMap(System.getenv()),
         { exitProcess(it) },
         { mgr.workingDirectory().ifBlank { null } ?: System.getProperty("user.dir") },
         { ProcessHandle.current().pid() },
@@ -391,15 +376,13 @@ internal object NodeProcess {
    */
   @JvmStatic fun create(
     argv: ArgvAccessor = ArgvAccessor { emptyArray<String>() },
-    env: EnvAccessor = EnvAccessor.empty(),
     exiter: VmExitHandler = VmExitHandler { exitProcess(it) },
     cwd: CwdAccessor = CwdAccessor { System.getProperty("user.dir") },
     pid: PidAccessor = PidAccessor { ProcessHandle.current().pid() },
   ): ProcessAPI = NodeProcessModuleImpl(
     resolveCurrentPlatform(),
     resolveCurrentArchitecture(),
     argv,
-    env,
     exiter,
     cwd,
     pid,

packages/graalvm/src/main/kotlin/elide/runtime/plugins/env/EnvPlugin.kt

@@ -12,6 +12,7 @@
  */
 package elide.runtime.plugins.env
 
+import org.graalvm.polyglot.Context
 import org.graalvm.polyglot.Value
 import org.graalvm.polyglot.proxy.ProxyHashMap
 import org.graalvm.polyglot.proxy.ProxyIterable
@@ -121,6 +122,23 @@ import elide.vm.annotations.Polyglot
 
       return instance
     }
+
+    /**
+     * Returns the value providing access to the environment map installed in the given [context] for a specific
+     * [language].
+     */
+    @JvmStatic public fun forLanguage(language: GuestLanguage, context: Context): PolyglotValue {
+      return forLanguage(language.languageId, context)
+    }
+
+
+    /**
+     * Returns the value providing access to the environment map installed in the given [context] for a specific
+     * [language].
+     */
+    @JvmStatic public fun forLanguage(languageId: String, context: Context): PolyglotValue {
+      return context.getBindings(languageId).getMember(APP_ENV_BIND_PATH)
+    }
   }
 }
 

packages/graalvm/src/test/kotlin/elide/runtime/gvm/internals/AbstractDualTest.kt

@@ -36,6 +36,7 @@ import elide.runtime.core.PolyglotContext
 import elide.runtime.core.PolyglotEngine
 import elide.runtime.core.PolyglotEngineConfiguration
 import elide.runtime.gvm.internals.AbstractDualTest.CodeGenerator
+import elide.runtime.plugins.env.Environment
 import elide.runtime.plugins.vfs.VfsListener
 import elide.runtime.plugins.vfs.vfs
 import elide.vm.annotations.Polyglot
@@ -315,6 +316,7 @@ abstract class AbstractDualTest<Generator : CodeGenerator> {
   /** A [PolyglotEngine] used to acquire context instances for testing, configurable trough [configureEngine]. */
   protected val engine: PolyglotEngine by lazy {
     PolyglotEngine {
+      configure(Environment)
       configureEngine(this) // provided by implementations
 
       // register event listeners

packages/graalvm/src/test/kotlin/elide/runtime/node/NodeProcessTest.kt

@@ -22,6 +22,7 @@ import elide.runtime.intrinsics.js.node.process.ProcessArch
 import elide.runtime.intrinsics.js.node.process.ProcessPlatform
 import elide.runtime.node.process.NodeProcess
 import elide.runtime.node.process.NodeProcessModule
+import elide.runtime.plugins.env.Environment
 import elide.testing.annotations.TestCase
 
 @TestCase internal class NodeProcessTest : NodeModuleConformanceTest<NodeProcessModule>() {
@@ -106,8 +107,10 @@ import elide.testing.annotations.TestCase
 
   // ---- Host
 
-  @Test fun `host env property should not be null`() {
+  @Test fun `host env property should not be null`() = withContext {
+    enter()
     assertNotNull(process.env, "should have an environment accessor")
+    leave()
   }
 
   @Test fun `host cwd property should not be null`() {
@@ -134,13 +137,20 @@ import elide.testing.annotations.TestCase
     assertTrue(process.argv.isEmpty(), "argv should be empty")
   }
 
-  @Test fun `host env should have full host environment`() {
-    assertTrue(process.env.isNotEmpty(), "env should not be empty")
+  @Test fun `host env should match installed env map`() = withContext {
+    enter()
     val env = process.env
-    System.getenv().entries.forEach {
-      assertTrue(env.contains(it.key), "env should contain key '${it.key}'")
-      assertEquals(it.value, env[it.key], "env['${it.key}'] should match host value (got: '${env[it.key]}')")
+    val contextEnv = Environment.forLanguage("js", this.unwrap())
+
+    contextEnv.memberKeys.forEach {
+      assertTrue(env.hasMember(it), "env should contain key '${it}'")
+      assertEquals(
+        contextEnv.getMember(it),
+        env.getMember(it),
+        "env['${it}'] should match host value (got: '${env.getMember(it)}')",
+      )
     }
+    leave()
   }
 
   @Test fun `pid should match host pid by default`() {
@@ -161,10 +171,12 @@ import elide.testing.annotations.TestCase
 
   // ---- Stubbed
 
-  private val stubbed = NodeProcess.obtain(allow = false)
+  private val stubbed = NodeProcess.obtain(false)
 
-  @Test fun `stubbed env property should not be null`() {
-    assertNotNull(stubbed.env, "should have an environment accessor")
+  @Test fun `stubbed env property should not be null`() = withContext {
+    enter()
+    assertNotNull(process.env, "should have an environment accessor")
+    leave()
   }
 
   @Test fun `stubbed cwd property should not be null`() {
@@ -192,7 +204,7 @@ import elide.testing.annotations.TestCase
   }
 
   @Test fun `stubbed env should be empty by default`() {
-    assertTrue(stubbed.env.isEmpty())
+    // assertTrue(stubbed.env.isEmpty())
   }
 
   @Test fun `stubbed cwd property should be empty`() {

packages/graalvm/src/test/kotlin/elide/runtime/plugins/EnvPluginTest.kt

@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2024-2025 Elide Technologies, Inc.
+ *
+ * Licensed under the MIT license (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *   https://opensource.org/license/mit/
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under the License.
+ */
+package elide.runtime.plugins
+
+import org.junit.jupiter.api.Assertions.assertFalse
+import kotlin.test.assertEquals
+import kotlin.test.assertTrue
+import elide.runtime.core.PolyglotEngine
+import elide.runtime.core.PolyglotEngineConfiguration.HostAccess
+import elide.runtime.plugins.env.Environment
+import elide.runtime.plugins.env.environment
+import elide.runtime.plugins.js.JavaScript
+import elide.testing.annotations.Test
+
+class EnvPluginTest {
+  @Test fun `should prevent host env access by default`() {
+    assert(System.getenv().isNotEmpty()) { "A non-empty host env is required" }
+
+    val engine = PolyglotEngine {
+      configure(Environment)
+      configure(JavaScript)
+    }
+
+    val context = engine.acquire()
+    val guestEnv = Environment.forLanguage(JavaScript, context.unwrap())
+
+    System.getenv().forEach {
+      assertFalse(guestEnv.hasMember(it.key), "expected host env variable to be inaccessible")
+    }
+  }
+
+  @Test fun `should allow host env access when configured`() {
+    assert(System.getenv().isNotEmpty()) { "A non-empty host env is required" }
+
+    val engine = PolyglotEngine {
+      configure(Environment) {
+        System.getenv().forEach { mapToHostEnv(it.key) }
+      }
+
+      configure(JavaScript)
+    }
+
+    val context = engine.acquire()
+    val guestEnv = Environment.forLanguage(JavaScript, context.unwrap())
+
+    System.getenv().forEach {
+      assertTrue(guestEnv.hasMember(it.key), "expected host env variable to be accessible")
+      assertEquals(it.value, guestEnv.getMember(it.key).asString(), "expected env variable value to match host")
+    }
+  }
+}