feat(cli): simplify CLI script execution

WARNING: Drops support for running remote scripts from the Default
Servient Thing. This feature was rarely used and controversial due to
security implications. Users wanting to run remote scripts can easily
implement this feature in their own Servient by extending the CLI
Servient.

Author: relu91

packages/binding-mqtt/src/mqtt-broker-server.ts

@@ -445,8 +445,6 @@ export default class MqttBrokerServer implements ProtocolServer {
 
     private async startBroker() {
         return new Promise<void>((resolve, reject) => {
-            console.log("here mf");
-
             if (this.brokerURI == null) {
                 throw new Error("Unexpected configuration state broker was started even if brokerURI is null");
             }

packages/cli/import-json.js

@@ -1,9 +1,15 @@
 const { readFileSync, writeFileSync } = require("fs");
+const { existsSync, mkdirSync } = require("fs");
 
 const schema = readFileSync("./src/wot-servient-schema.conf.json", "utf8");
 const package = readFileSync("./package.json", "utf8");
 const { version } = JSON.parse(package);
 
+const generatedDir = "./src/generated";
+if (!existsSync(generatedDir)) {
+    mkdirSync(generatedDir, { recursive: true });
+}
+
 writeFileSync(
     "./src/generated/wot-servient-schema.conf.ts",
     `const schema = ${schema.trimEnd()} as const \nexport default schema;`

packages/cli/src/cli-default-servient.ts

@@ -24,22 +24,13 @@ import { HttpServer, HttpClientFactory, HttpsClientFactory } from "@node-wot/bin
 import { CoapServer, CoapClientFactory, CoapsClientFactory } from "@node-wot/binding-coap";
 import { MqttBrokerServer, MqttClientFactory } from "@node-wot/binding-mqtt";
 import { FileClientFactory } from "@node-wot/binding-file";
-import { ThingModelHelpers } from "@thingweb/thing-model";
-import { createContext, Script } from "vm";
-import { CompilerFunction } from "./compiler-function";
-import { LogLevel, setLogLevel } from "./utils/set-log-level";
+import { LogLevel, setLogLevel } from "./utils";
 import { ConfigurationAfterDefaults } from "./configuration";
 
-const { debug, error, info } = createLoggers("cli", "cli-default-servient");
+const { debug, info } = createLoggers("cli", "cli-default-servient");
 
-export interface ScriptOptions {
-    argv?: Array<string>;
-    compiler?: CompilerFunction;
-    env?: Record<string, string>;
-}
 export default class DefaultServient extends Servient {
     private uncaughtListeners: Array<NodeJS.UncaughtExceptionListener> = [];
-    private runtime: typeof WoT | undefined;
     public readonly config: ConfigurationAfterDefaults;
     // current log level
     public logLevel = "info";
@@ -99,78 +90,11 @@ export default class DefaultServient extends Servient {
         this.addClientFactory(new MqttClientFactory());
     }
 
-    /**
-     * Runs the script in privileged context (dangerous). In practice, this means that the script can
-     * require system modules.
-     * @param {string} code - the script to run
-     * @param {string} filename - the filename of the script
-     * @param {object} options - pass cli variables or envs to the script
-     */
-    public runScript(code: string, filename = "script", options: ScriptOptions = {}): unknown {
-        if (!this.runtime) {
-            throw new Error("WoT runtime not loaded; have you called start()?");
-        }
-        const helpers = new Helpers(this);
-
-        options.compiler ??= (code) => code;
-
-        const compiledCode = options.compiler(code, filename);
-        const script = new Script(compiledCode, filename);
-        process.argv = options.argv ?? [];
-        process.env = options.env ?? process.env;
-        const context = createContext({
-            ...globalThis,
-            process,
-            require,
-            console,
-            exports: {},
-            WoT: this.runtime,
-            WoTHelpers: helpers,
-            ModelHelpers: new ThingModelHelpers(helpers),
-        });
-
-        const listener = (err: Error) => {
-            this.logScriptError(`Asynchronous script error '${filename}'`, err);
-            // TODO: clean up script resources
-            process.exit(1);
-        };
-
-        process.prependListener("uncaughtException", listener);
-        this.uncaughtListeners.push(listener);
-
-        try {
-            return script.runInContext(context, { displayErrors: true });
-        } catch (err) {
-            if (err instanceof Error) {
-                this.logScriptError(`Servient found error in privileged script '${filename}'`, err);
-            } else {
-                error(`Servient found error in privileged script '${filename}' ${err}`);
-            }
-            return undefined;
-        }
-    }
-
-    private logScriptError(description: string, err: Error): void {
-        let message: string;
-        if (typeof err === "object" && err.stack != null) {
-            const match = err.stack.match(/evalmachine\.<anonymous>:([0-9]+:[0-9]+)/);
-            if (Array.isArray(match)) {
-                message = `and halted at line ${match[1]}\n    ${err}`;
-            } else {
-                message = `and halted with ${err.stack}`;
-            }
-        } else {
-            message = `that threw ${typeof err} instead of Error\n    ${err}`;
-        }
-        error(`Servient caught ${description} ${message}`);
-    }
-
     /**
      * start
      */
     public async start(): Promise<typeof WoT> {
         const superWoT = await super.start();
-        this.runtime = superWoT;
 
         info("DefaultServient started");
 
@@ -198,15 +122,6 @@ export default class DefaultServient extends Servient {
                     description: "Stop servient",
                     output: { type: "string" },
                 },
-                ...(this.config.servient.scriptAction === true
-                    ? {
-                          runScript: {
-                              description: "Run script",
-                              input: { type: "string" },
-                              output: { type: "string" },
-                          },
-                      }
-                    : {}),
             },
         });
 
@@ -221,14 +136,6 @@ export default class DefaultServient extends Servient {
             await this.shutdown();
             return undefined;
         });
-        if (this.config.servient.scriptAction === true) {
-            servientProducedThing.setActionHandler("runScript", async (script) => {
-                const scriptv = await Helpers.parseInteractionOutput(script);
-                debug("running script", scriptv);
-                this.runScript(scriptv as string);
-                return undefined;
-            });
-        }
         servientProducedThing.setPropertyReadHandler("things", async () => {
             debug("returning things");
             return this.getThings();

packages/cli/src/cli.ts

@@ -14,16 +14,16 @@
  ********************************************************************************/
 
 // default implementation of W3C WoT Servient (http(s) and file bindings)
-import DefaultServient, { ScriptOptions } from "./cli-default-servient";
+import DefaultServient from "./cli-default-servient";
 
 // tools
 import * as path from "path";
 import { Command, Argument, Option } from "commander";
 import Ajv, { ValidateFunction } from "ajv";
 import ConfigSchema from "./generated/wot-servient-schema.conf";
 import version from "./generated/version";
-import { createLoggers } from "@node-wot/core";
-import { loadCompiler, loadEnvVariables } from "./utils";
+import { createLoggers, Helpers } from "@node-wot/core";
+import { loadEnvVariables } from "./utils";
 import { runScripts } from "./script-runner";
 import { readdir } from "fs/promises";
 import { parseConfigFile, parseConfigParams, parseIp } from "./parsers";
@@ -180,24 +180,19 @@ program.action(async function (_, options, cmd) {
         servient = new DefaultServient(config);
     }
 
-    await servient.start();
-
-    const scriptOptions: ScriptOptions = {
-        env,
-        argv: args,
-        compiler: loadCompiler(options.compiler),
-    };
+    const runtime = await servient.start();
+    const helpers = new Helpers(servient);
 
     if (args.length > 0) {
-        return runScripts(servient, args, scriptOptions, options.inspect ?? options.inspectBrk);
+        return runScripts({ runtime, helpers }, args, options.inspect ?? options.inspectBrk);
     }
 
     const files = await readdir(baseDir);
     const scripts = files.filter((file) => !file.startsWith(".") && file.slice(-3) === ".js");
 
     info(`WoT-Servient using current directory with %d script${scripts.length > 1 ? "s" : ""}`, scripts.length);
 
-    return runScripts(servient, args, scriptOptions, options.inspect ?? options.inspectBrk);
+    return runScripts({ runtime, helpers }, scripts, options.inspect ?? options.inspectBrk);
 });
 
 program.parse(process.argv);

packages/cli/src/executor.ts

@@ -0,0 +1,50 @@
+/********************************************************************************
+ * Copyright (c) 2025 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0, or the W3C Software Notice and
+ * Document License (2015-05-13) which is available at
+ * https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR W3C-20150513
+ ********************************************************************************/
+
+import { createLoggers, Helpers } from "@node-wot/core";
+const { debug } = createLoggers("cli", "executor");
+
+export interface WoTContext {
+    runtime: typeof WoT;
+    helpers: Helpers;
+}
+
+export class Executor {
+    public async exec(file: string, wotContext: WoTContext): Promise<unknown> {
+        debug(`Executing WoT script from file: ${file}`);
+        const userScriptPathArg = file;
+        const isTypeScriptScript =
+            userScriptPathArg && (userScriptPathArg.endsWith(".ts") || userScriptPathArg.endsWith(".tsx"));
+        global.WoT = wotContext.runtime;
+
+        if (isTypeScriptScript === true) {
+            require("ts-node/register");
+        }
+
+        try {
+            // Execute the user's script
+            // Node.js will now handle .ts files automatically if ts-node is registered
+            // TODO: For ESM modules a more complex check might be needed.
+            if (file.endsWith(".mjs")) {
+                return await import(`file:///${file}`);
+            } else {
+                return require(file);
+            }
+        } catch (error) {
+            console.error("Error running WoT script:", error);
+            process.exit(1);
+        }
+    }
+}

packages/cli/src/script-runner.ts

@@ -13,10 +13,10 @@
  * SPDX-License-Identifier: EPL-2.0 OR W3C-20150513
  ********************************************************************************/
 import { createLoggers } from "@node-wot/core";
-import DefaultServient, { ScriptOptions } from "./cli-default-servient";
 import inspector from "inspector";
 import path from "path";
 import { readFile } from "fs/promises";
+import { Executor, WoTContext } from "./executor";
 
 const { error, info, warn } = createLoggers("cli", "cli", "script-runner");
 
@@ -25,12 +25,8 @@ export interface DebugParams {
     host: string;
     port: number;
 }
-export async function runScripts(
-    servient: DefaultServient,
-    scripts: string[],
-    options: ScriptOptions,
-    debug?: DebugParams
-) {
+export async function runScripts(context: WoTContext, scripts: string[], debug?: DebugParams) {
+    const executor = new Executor();
     const launchScripts = (scripts: Array<string>) => {
         scripts.forEach(async (fname: string) => {
             info(`WoT-Servient reading script ${fname}`);
@@ -44,9 +40,9 @@ export async function runScripts(
                 );
 
                 fname = path.resolve(fname);
-                servient.runScript(data, fname, options);
+                await executor.exec(fname, context);
             } catch (err) {
-                error(`WoT-Servient experienced error while reading script. ${err}`);
+                error(`WoT-Servient experienced error while reading script. %O`, err);
             }
         });
     };

packages/cli/src/utils/index.ts

@@ -13,4 +13,4 @@
  * SPDX-License-Identifier: EPL-2.0 OR W3C-20150513
  ********************************************************************************/
 export * from "./load-env-variables";
-export * from "./load-compiler";
+export * from "./set-log-level";

packages/examples/src/scripts/counter.ts

@@ -23,7 +23,6 @@
 // * multi-language
 // * image contentTypes for properties (Note: the contentType applies to all forms of the property)
 // * links with entry containing rel and sizes
-
 let count: number;
 let lastChange: string;
 

packages/examples/tsconfig.json

@@ -8,6 +8,6 @@
         "sourceMap": false,
         "removeComments": false
     },
-    "include": ["src/**/*"],
+    "include": ["src/**/*", "../../node_modules/wot-typescript-definitions/**/*.d.ts"],
     "references": []
 }

packages/cli/src/compiler-function.ts test/relative.tspackages/cli/src/compiler-function.ts renamed to test/relative.ts

@@ -12,4 +12,7 @@
  *
  * SPDX-License-Identifier: EPL-2.0 OR W3C-20150513
  ********************************************************************************/
-export type CompilerFunction = (code: string, filename: string) => string;
+
+export function hello() {
+    throw new Error("This is an error");
+}