@blaxel/core 0.2.80-preview.138 → 0.2.80-preview.140

package/dist/cjs/client/interceptors.js

@@ -1,10 +1,39 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.interceptors = void 0;
+const lazyInit_js_1 = require("../common/lazyInit.js");
 const settings_js_1 = require("../common/settings.js");
+// Default baseUrl baked into the generated control-plane client. Requests
+// carrying this prefix came from the module-load client config, before
+// `ensureAutoloaded()` had a chance to resolve the real env from
+// `~/.blaxel/config.yaml`.
+const DEFAULT_CONTROLPLANE_BASE_URL = "https://api.blaxel.ai/v0";
 exports.interceptors = [
     // Authentication interceptor
     async (request, options) => {
+        // Trigger deferred autoload side-effects (lazy credential resolution,
+        // client baseUrl sync, Sentry init, H2 warming) on the first actual SDK
+        // use, rather than at module-import time.
+        (0, lazyInit_js_1.ensureAutoloaded)();
+        // If lazy env resolution just moved the effective baseUrl off the
+        // module-load default (e.g. a user with `env: dev` in config.yaml but
+        // no BL_ENV env var), the very first request was built against the
+        // stale prod URL. Rebase it to the correct environment. Subsequent
+        // requests use the updated `client.setConfig()` applied in
+        // `ensureAutoloaded()`, so this branch only fires once.
+        //
+        // This must happen before the `authenticated === false` early return:
+        // the OAuth token request issued by `ClientCredentials.authenticate()`
+        // itself is unauthenticated, and if the user calls `authenticate()`
+        // before any other SDK call it is the very first request and also
+        // needs to be rebased to the correct environment.
+        const correctBase = settings_js_1.settings.baseUrl;
+        if (correctBase !== DEFAULT_CONTROLPLANE_BASE_URL &&
+            request.url.startsWith(DEFAULT_CONTROLPLANE_BASE_URL)) {
+            const newUrl = correctBase.replace(/\/$/, "") +
+                request.url.slice(DEFAULT_CONTROLPLANE_BASE_URL.length);
+            request = new Request(newUrl, request);
+        }
         if (options.authenticated === false) {
             return request;
         }

package/dist/cjs/common/autoload.js

@@ -33,6 +33,7 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureAutoloaded = void 0;
 exports.initialize = initialize;
 exports.authenticate = authenticate;
 exports.closeConnections = closeConnections;
@@ -40,8 +41,9 @@ const client_gen_js_1 = require("../client/client.gen.js");
 const interceptors_js_1 = require("../client/interceptors.js");
 const responseInterceptor_js_1 = require("../client/responseInterceptor.js");
 const client_gen_js_2 = require("../sandbox/client/client.gen.js");
-const sentry_js_1 = require("./sentry.js");
 const settings_js_1 = require("./settings.js");
+var lazyInit_js_1 = require("./lazyInit.js");
+Object.defineProperty(exports, "ensureAutoloaded", { enumerable: true, get: function () { return lazyInit_js_1.ensureAutoloaded; } });
 client_gen_js_1.client.setConfig({
     baseUrl: settings_js_1.settings.baseUrl,
 });
@@ -57,34 +59,15 @@ for (const interceptor of responseInterceptor_js_1.responseInterceptors) {
     client_gen_js_1.client.interceptors.response.use(interceptor);
     client_gen_js_2.client.interceptors.response.use(interceptor);
 }
-// Initialize Sentry for SDK error tracking immediately when module loads
-(0, sentry_js_1.initSentry)();
-// Background H2 connection warming (Node.js only)
-const isNode = typeof process !== "undefined" && process.versions != null && process.versions.node != null;
-/* eslint-disable */
-const isBrowser = typeof globalThis !== "undefined" && globalThis?.window !== undefined;
-if (isNode && !isBrowser) {
-    try {
-        // Pre-warm edge H2 for the configured region so the first
-        // SandboxInstance.create() gets an instant session via the pool.
-        // The control-plane client (api.blaxel.ai) stays on regular fetch
-        // which already benefits from undici's built-in connection pooling.
-        const region = settings_js_1.settings.region;
-        if (region) {
-            Promise.resolve().then(() => __importStar(require("./h2pool.js"))).then(({ h2Pool }) => {
-                const edgeSuffix = settings_js_1.settings.env === "prod" ? "bl.run" : "runv2.blaxel.dev";
-                h2Pool.warm(`any.${region}.${edgeSuffix}`);
-            }).catch(() => { });
-        }
-    }
-    catch {
-        // Silently ignore warming failures
-    }
-}
 /**
  * Configure the SDK programmatically at runtime, instead of relying on
  * environment variables or config files.
  *
+ * You do not need to call {@link authenticate} yourself: the SDK
+ * transparently authenticates (and refreshes tokens when needed) on every
+ * request. Only call `authenticate()` directly if you want to fail fast on
+ * invalid credentials before making any API call.
+ *
  * @example
  * // With an API key
  * initialize({ workspace: 'my-workspace', apiKey: 'bl_...' });
@@ -95,7 +78,6 @@ if (isNode && !isBrowser) {
  *   workspace: 'my-workspace',
  *   clientCredentials: { clientId: '...', clientSecret: '...' },
  * });
- * await authenticate();
  *
  * @example
  * // With client credentials (pre-encoded Base64 string)
@@ -103,7 +85,6 @@ if (isNode && !isBrowser) {
  *   workspace: 'my-workspace',
  *   clientCredentials: 'base64-encoded-string',
  * });
- * await authenticate();
  */
 function initialize(config) {
     settings_js_1.settings.setConfig(config);

package/dist/cjs/common/h2fetch.js

@@ -3,11 +3,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createH2Fetch = createH2Fetch;
 exports.createPoolBackedH2Fetch = createPoolBackedH2Fetch;
 exports.h2RequestDirect = h2RequestDirect;
-const H2_REQUEST_TIMEOUT_MS = 10_000;
 /**
  * Creates a fetch()-compatible function that sends requests over an existing
- * HTTP/2 session. Falls back to global fetch() if the session is closed,
- * destroyed, or if the H2 request times out.
+ * HTTP/2 session. Falls back to globalThis.fetch() only when the session is
+ * closed/destroyed at call time (pre-flight, nothing sent on the wire).
+ *
+ * Any failure after session.request() succeeds propagates to the caller:
+ * this transport never retries. Retry and timeout policy are caller concerns.
  */
 function createH2Fetch(session) {
     return (input) => {
@@ -78,7 +80,8 @@ function h2RequestDirect(session, url, init) {
         }
         else {
             // FormData, ReadableStream, Blob, etc. can't be serialized to Buffer
-            // for manual H2 framing — fall back to regular fetch.
+            // for manual H2 framing — fall back to regular fetch (pre-flight,
+            // nothing has been sent on the wire yet).
             return globalThis.fetch(url, init);
         }
         if (!h2Headers["content-length"]) {
@@ -116,42 +119,49 @@ async function _h2Request(session, input) {
 }
 function _h2Send(session, h2Headers, body, signal, fallbackUrl, fallbackInit) {
     return new Promise((resolve, reject) => {
+        let settled = false;
+        let responded = false;
+        let streamController = null;
+        let streamClosed = false;
         let req;
         try {
             req = session.request(h2Headers);
         }
         catch {
-            return globalThis.fetch(fallbackUrl, fallbackInit).then(resolve, reject);
+            // Pre-flight fallback: session.request() threw synchronously, so no
+            // H2 frames were sent. Safe to retry over globalThis.fetch.
+            globalThis.fetch(fallbackUrl, fallbackInit).then(resolve, reject);
+            return;
         }
-        const timer = setTimeout(() => {
-            if (settled)
-                return;
-            settled = true;
+        const abort = () => {
             req.close();
-            globalThis.fetch(fallbackUrl, fallbackInit).then(resolve, reject);
-        }, H2_REQUEST_TIMEOUT_MS);
+            const abortError = new DOMException("The operation was aborted.", "AbortError");
+            if (!responded) {
+                if (!settled) {
+                    settled = true;
+                    reject(abortError);
+                }
+                return;
+            }
+            if (!streamClosed) {
+                streamClosed = true;
+                streamController?.error(abortError);
+            }
+        };
         if (signal) {
             if (signal.aborted) {
-                clearTimeout(timer);
                 req.close();
+                settled = true;
                 reject(new DOMException("The operation was aborted.", "AbortError"));
                 return;
             }
-            signal.addEventListener("abort", () => {
-                clearTimeout(timer);
-                req.close();
-                if (!settled) {
-                    settled = true;
-                    reject(new DOMException("The operation was aborted.", "AbortError"));
-                }
-            }, { once: true });
+            signal.addEventListener("abort", abort, { once: true });
         }
-        let settled = false;
         req.on("response", (headers) => {
-            clearTimeout(timer);
             if (settled)
                 return;
             settled = true;
+            responded = true;
             const status = headers[":status"] ?? 200;
             const resHeaders = new Headers();
             for (const [k, v] of Object.entries(headers)) {
@@ -161,9 +171,9 @@ function _h2Send(session, h2Headers, body, signal, fallbackUrl, fallbackInit) {
                     continue;
                 resHeaders.set(k, Array.isArray(v) ? v.join(", ") : String(v));
             }
-            let streamClosed = false;
             const readable = new ReadableStream({
                 start(controller) {
+                    streamController = controller;
                     req.on("data", (chunk) => {
                         if (!streamClosed)
                             controller.enqueue(new Uint8Array(chunk));
@@ -180,23 +190,15 @@ function _h2Send(session, h2Headers, body, signal, fallbackUrl, fallbackInit) {
                             controller.error(err);
                         }
                     });
-                    signal?.addEventListener("abort", () => {
-                        req.close();
-                        if (!streamClosed) {
-                            streamClosed = true;
-                            controller.error(new DOMException("The operation was aborted.", "AbortError"));
-                        }
-                    }, { once: true });
                 },
             });
             resolve(new Response(readable, { status, headers: resHeaders }));
         });
-        req.on("error", () => {
-            clearTimeout(timer);
+        req.on("error", (err) => {
             if (settled)
                 return;
             settled = true;
-            globalThis.fetch(fallbackUrl, fallbackInit).then(resolve, reject);
+            reject(err);
         });
         if (body) {
             req.end(body);

package/dist/cjs/common/h2pool.js

@@ -33,7 +33,7 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.h2Pool = void 0;
+exports.h2Pool = exports.H2Pool = void 0;
 /**
  * Singleton H2 session pool keyed by edge domain.
  *
@@ -49,13 +49,32 @@ class H2Pool {
     /**
      * Lazily resolve the establish function so the http2 / tls / dns modules
      * are only imported in Node.js environments.
+     *
+     * Wires up self-healing eviction: the session is removed from the cache
+     * as soon as it emits `goaway`, `error`, or `close`, so `tryGet()` never
+     * returns a dead session. This replaces the old behavior of papering
+     * over session failures at the fetch layer.
      */
     async establish(domain) {
         if (!this._establish) {
             const { establishH2 } = await Promise.resolve().then(() => __importStar(require("./h2warm.js")));
             this._establish = establishH2;
         }
-        return this._establish(domain);
+        const session = await this._establish(domain);
+        this.attachEvictionListeners(domain, session);
+        return session;
+    }
+    attachEvictionListeners(domain, session) {
+        const evict = () => {
+            // Only evict if this specific session is still the cached one.
+            // A newer session may have taken its place after reconnect.
+            if (this.sessions.get(domain) === session) {
+                this.sessions.delete(domain);
+            }
+        };
+        session.on("goaway", evict);
+        session.on("error", evict);
+        session.on("close", evict);
     }
     /**
      * Fire-and-forget background warming. Safe to call multiple times for
@@ -134,4 +153,5 @@ class H2Pool {
         this.inflight.clear();
     }
 }
+exports.H2Pool = H2Pool;
 exports.h2Pool = new H2Pool();

package/dist/cjs/common/lazyInit.js

@@ -0,0 +1,98 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureAutoloaded = ensureAutoloaded;
+const client_gen_js_1 = require("../client/client.gen.js");
+const client_gen_js_2 = require("../sandbox/client/client.gen.js");
+const sentry_js_1 = require("./sentry.js");
+const settings_js_1 = require("./settings.js");
+let autoloaded = false;
+/**
+ * Perform the observable side-effects that the SDK needs for error
+ * reporting, low-latency sandbox sessions, and correct environment
+ * routing:
+ *
+ *   - Resolve credentials (which reads `~/.blaxel/config.yaml` once and
+ *     populates `BL_ENV` if the user has a dev workspace configured).
+ *   - Re-apply the control-plane and sandbox clients' `baseUrl` so they
+ *     target the now-env-aware endpoint.
+ *   - Initialize the lightweight Sentry client (registers
+ *     `uncaughtExceptionMonitor` and patches `console.error` in Node).
+ *   - Pre-warm the edge H2 connection pool for `settings.region`.
+ *
+ * These used to run at module load, but that meant `import "@blaxel/core"`
+ * alone had observable side-effects. They are now deferred until the SDK
+ * is first actually used — the request interceptor calls this on the
+ * first HTTP request.
+ */
+function ensureAutoloaded() {
+    if (autoloaded)
+        return;
+    autoloaded = true;
+    // Trigger lazy credential resolution. This may read `~/.blaxel/config.yaml`
+    // and set `process.env.BL_ENV` if the user has a dev workspace configured,
+    // which in turn affects `settings.baseUrl`.
+    // eslint-disable-next-line @typescript-eslint/no-unused-expressions
+    settings_js_1.settings.credentials;
+    // Keep the clients' baseUrl in sync with the now-resolved env. Without
+    // this, the module-load `client.setConfig({ baseUrl })` would be stuck on
+    // the prod default for users who rely on `config.yaml` (no env vars).
+    client_gen_js_1.client.setConfig({ baseUrl: settings_js_1.settings.baseUrl });
+    client_gen_js_2.client.setConfig({ baseUrl: settings_js_1.settings.baseUrl });
+    // Initialize Sentry for SDK error tracking.
+    (0, sentry_js_1.initSentry)();
+    // Background H2 connection warming (Node.js only)
+    const isNode = typeof process !== "undefined" && process.versions != null && process.versions.node != null;
+    /* eslint-disable */
+    const isBrowser = typeof globalThis !== "undefined" && globalThis?.window !== undefined;
+    if (isNode && !isBrowser) {
+        try {
+            // Pre-warm edge H2 for the configured region so the first
+            // SandboxInstance.create() gets an instant session via the pool.
+            // The control-plane client (api.blaxel.ai) stays on regular fetch
+            // which already benefits from undici's built-in connection pooling.
+            const region = settings_js_1.settings.region;
+            if (region) {
+                Promise.resolve().then(() => __importStar(require("./h2pool.js"))).then(({ h2Pool }) => {
+                    const edgeSuffix = settings_js_1.settings.env === "prod" ? "bl.run" : "runv2.blaxel.dev";
+                    h2Pool.warm(`any.${region}.${edgeSuffix}`);
+                }).catch(() => { });
+            }
+        }
+        catch {
+            // Silently ignore warming failures
+        }
+    }
+}

package/dist/cjs/common/settings.js

@@ -11,8 +11,8 @@ const index_js_1 = require("../authentication/index.js");
 const env_js_1 = require("../common/env.js");
 const node_js_1 = require("../common/node.js");
 // Build info - these placeholders are replaced at build time by build:replace-imports
-const BUILD_VERSION = "0.2.80-preview.138";
-const BUILD_COMMIT = "a58f8cc475d6ca3147ed31106d71a68e504c55a0";
+const BUILD_VERSION = "0.2.80-preview.140";
+const BUILD_COMMIT = "800934e57ec03de060b909ccb1f5599343cae9e5";
 const BUILD_SENTRY_DSN = "https://fd5e60e1c9820e1eef5ccebb84a07127@o4508714045276160.ingest.us.sentry.io/4510465864564736";
 // Cache for config.yaml tracking value
 let configTrackingValue = null;
@@ -72,20 +72,32 @@ function getOsArch() {
     return "browser/unknown";
 }
 class Settings {
-    credentials;
+    _credentials;
     config;
     constructor() {
-        this.credentials = (0, index_js_1.authentication)();
+        // `credentials` are resolved lazily on first access so that simply
+        // importing `@blaxel/core` does not read `~/.blaxel/config.yaml`
+        // or mutate `process.env.BL_ENV`. See the `credentials` getter.
+        this._credentials = null;
         this.config = {
             proxy: "",
             apikey: "",
             workspace: "",
         };
     }
+    get credentials() {
+        if (this._credentials === null) {
+            this._credentials = (0, index_js_1.authentication)();
+        }
+        return this._credentials;
+    }
+    set credentials(value) {
+        this._credentials = value;
+    }
     setConfig(config) {
         this.config = config;
         if (config.apiKey) {
-            this.credentials = new apikey_js_1.ApiKey({
+            this._credentials = new apikey_js_1.ApiKey({
                 apiKey: config.apiKey,
                 workspace: config.workspace,
             });
@@ -94,7 +106,7 @@ class Settings {
             const encoded = typeof config.clientCredentials === 'string'
                 ? config.clientCredentials
                 : btoa(`${config.clientCredentials.clientId}:${config.clientCredentials.clientSecret}`);
-            this.credentials = new clientcredentials_js_1.ClientCredentials({
+            this._credentials = new clientcredentials_js_1.ClientCredentials({
                 clientCredentials: encoded,
                 workspace: config.workspace,
             });

package/dist/cjs/types/common/autoload.d.ts

@@ -1,8 +1,14 @@
 import { Config } from "./settings.js";
+export { ensureAutoloaded } from "./lazyInit.js";
 /**
  * Configure the SDK programmatically at runtime, instead of relying on
  * environment variables or config files.
  *
+ * You do not need to call {@link authenticate} yourself: the SDK
+ * transparently authenticates (and refreshes tokens when needed) on every
+ * request. Only call `authenticate()` directly if you want to fail fast on
+ * invalid credentials before making any API call.
+ *
  * @example
  * // With an API key
  * initialize({ workspace: 'my-workspace', apiKey: 'bl_...' });
@@ -13,7 +19,6 @@ import { Config } from "./settings.js";
  *   workspace: 'my-workspace',
  *   clientCredentials: { clientId: '...', clientSecret: '...' },
  * });
- * await authenticate();
  *
  * @example
  * // With client credentials (pre-encoded Base64 string)
@@ -21,7 +26,6 @@ import { Config } from "./settings.js";
  *   workspace: 'my-workspace',
  *   clientCredentials: 'base64-encoded-string',
  * });
- * await authenticate();
  */
 export declare function initialize(config: Config): void;
 export declare function authenticate(): Promise<void>;

package/dist/cjs/types/common/h2fetch.d.ts

@@ -2,8 +2,11 @@ import http2 from "http2";
 import type { h2Pool as H2PoolType } from "./h2pool.js";
 /**
  * Creates a fetch()-compatible function that sends requests over an existing
- * HTTP/2 session. Falls back to global fetch() if the session is closed,
- * destroyed, or if the H2 request times out.
+ * HTTP/2 session. Falls back to globalThis.fetch() only when the session is
+ * closed/destroyed at call time (pre-flight, nothing sent on the wire).
+ *
+ * Any failure after session.request() succeeds propagates to the caller:
+ * this transport never retries. Retry and timeout policy are caller concerns.
  */
 export declare function createH2Fetch(session: http2.ClientHttp2Session): (input: Request) => Promise<Response>;
 /**

package/dist/cjs/types/common/h2pool.d.ts

@@ -7,15 +7,21 @@ import type http2 from "http2";
  *   an in-flight warming, or establishes a fresh one.
  * - Closed / destroyed sessions are automatically evicted.
  */
-declare class H2Pool {
+export declare class H2Pool {
     private sessions;
     private inflight;
     private _establish;
     /**
      * Lazily resolve the establish function so the http2 / tls / dns modules
      * are only imported in Node.js environments.
+     *
+     * Wires up self-healing eviction: the session is removed from the cache
+     * as soon as it emits `goaway`, `error`, or `close`, so `tryGet()` never
+     * returns a dead session. This replaces the old behavior of papering
+     * over session failures at the fetch layer.
      */
     private establish;
+    private attachEvictionListeners;
     /**
      * Fire-and-forget background warming. Safe to call multiple times for
      * the same domain — only one connection attempt per domain at a time.
@@ -35,4 +41,3 @@ declare class H2Pool {
     closeAll(): void;
 }
 export declare const h2Pool: H2Pool;
-export {};

package/dist/cjs/types/common/lazyInit.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Perform the observable side-effects that the SDK needs for error
+ * reporting, low-latency sandbox sessions, and correct environment
+ * routing:
+ *
+ *   - Resolve credentials (which reads `~/.blaxel/config.yaml` once and
+ *     populates `BL_ENV` if the user has a dev workspace configured).
+ *   - Re-apply the control-plane and sandbox clients' `baseUrl` so they
+ *     target the now-env-aware endpoint.
+ *   - Initialize the lightweight Sentry client (registers
+ *     `uncaughtExceptionMonitor` and patches `console.error` in Node).
+ *   - Pre-warm the edge H2 connection pool for `settings.region`.
+ *
+ * These used to run at module load, but that meant `import "@blaxel/core"`
+ * alone had observable side-effects. They are now deferred until the SDK
+ * is first actually used — the request interceptor calls this on the
+ * first HTTP request.
+ */
+export declare function ensureAutoloaded(): void;

package/dist/cjs/types/common/settings.d.ts

@@ -23,9 +23,11 @@ export type Config = {
     apiKey?: string;
 };
 declare class Settings {
-    credentials: Credentials;
+    private _credentials;
     config: Config;
     constructor();
+    get credentials(): Credentials;
+    set credentials(value: Credentials | null);
     setConfig(config: Config): void;
     get env(): string;
     get baseUrl(): string;