@cloudflare/sandbox 0.0.0-598205f → 0.0.0-5d101e6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (90) hide show
  1. package/CHANGELOG.md +210 -0
  2. package/Dockerfile +118 -54
  3. package/README.md +90 -490
  4. package/dist/chunk-BFVUNTP4.js +104 -0
  5. package/dist/chunk-BFVUNTP4.js.map +1 -0
  6. package/dist/chunk-E3RB3JOS.js +7 -0
  7. package/dist/chunk-E3RB3JOS.js.map +1 -0
  8. package/dist/chunk-EKSWCBCA.js +86 -0
  9. package/dist/chunk-EKSWCBCA.js.map +1 -0
  10. package/dist/chunk-I6PJN47O.js +2456 -0
  11. package/dist/chunk-I6PJN47O.js.map +1 -0
  12. package/dist/chunk-JXZMAU2C.js +559 -0
  13. package/dist/chunk-JXZMAU2C.js.map +1 -0
  14. package/dist/chunk-Z532A7QC.js +78 -0
  15. package/dist/chunk-Z532A7QC.js.map +1 -0
  16. package/dist/file-stream.d.ts +43 -0
  17. package/dist/file-stream.js +9 -0
  18. package/dist/file-stream.js.map +1 -0
  19. package/dist/index.d.ts +9 -0
  20. package/dist/index.js +67 -0
  21. package/dist/index.js.map +1 -0
  22. package/dist/interpreter.d.ts +33 -0
  23. package/dist/interpreter.js +8 -0
  24. package/dist/interpreter.js.map +1 -0
  25. package/dist/request-handler.d.ts +18 -0
  26. package/dist/request-handler.js +13 -0
  27. package/dist/request-handler.js.map +1 -0
  28. package/dist/sandbox-DWQVgVTY.d.ts +603 -0
  29. package/dist/sandbox.d.ts +4 -0
  30. package/dist/sandbox.js +13 -0
  31. package/dist/sandbox.js.map +1 -0
  32. package/dist/security.d.ts +31 -0
  33. package/dist/security.js +13 -0
  34. package/dist/security.js.map +1 -0
  35. package/dist/sse-parser.d.ts +28 -0
  36. package/dist/sse-parser.js +11 -0
  37. package/dist/sse-parser.js.map +1 -0
  38. package/dist/version.d.ts +8 -0
  39. package/dist/version.js +7 -0
  40. package/dist/version.js.map +1 -0
  41. package/package.json +13 -5
  42. package/src/clients/base-client.ts +280 -0
  43. package/src/clients/command-client.ts +115 -0
  44. package/src/clients/file-client.ts +295 -0
  45. package/src/clients/git-client.ts +92 -0
  46. package/src/clients/index.ts +64 -0
  47. package/src/clients/interpreter-client.ts +329 -0
  48. package/src/clients/port-client.ts +105 -0
  49. package/src/clients/process-client.ts +177 -0
  50. package/src/clients/sandbox-client.ts +41 -0
  51. package/src/clients/types.ts +84 -0
  52. package/src/clients/utility-client.ts +119 -0
  53. package/src/errors/adapter.ts +180 -0
  54. package/src/errors/classes.ts +469 -0
  55. package/src/errors/index.ts +105 -0
  56. package/src/file-stream.ts +164 -0
  57. package/src/index.ts +85 -12
  58. package/src/interpreter.ts +159 -0
  59. package/src/request-handler.ts +80 -44
  60. package/src/sandbox.ts +657 -290
  61. package/src/security.ts +14 -23
  62. package/src/sse-parser.ts +4 -8
  63. package/src/version.ts +6 -0
  64. package/startup.sh +3 -0
  65. package/tests/base-client.test.ts +328 -0
  66. package/tests/command-client.test.ts +407 -0
  67. package/tests/file-client.test.ts +719 -0
  68. package/tests/file-stream.test.ts +306 -0
  69. package/tests/get-sandbox.test.ts +110 -0
  70. package/tests/git-client.test.ts +328 -0
  71. package/tests/port-client.test.ts +301 -0
  72. package/tests/process-client.test.ts +658 -0
  73. package/tests/request-handler.test.ts +240 -0
  74. package/tests/sandbox.test.ts +554 -0
  75. package/tests/sse-parser.test.ts +290 -0
  76. package/tests/utility-client.test.ts +332 -0
  77. package/tests/version.test.ts +16 -0
  78. package/tests/wrangler.jsonc +35 -0
  79. package/tsconfig.json +9 -1
  80. package/vitest.config.ts +31 -0
  81. package/container_src/handler/exec.ts +0 -337
  82. package/container_src/handler/file.ts +0 -844
  83. package/container_src/handler/git.ts +0 -182
  84. package/container_src/handler/ports.ts +0 -314
  85. package/container_src/handler/process.ts +0 -640
  86. package/container_src/index.ts +0 -361
  87. package/container_src/package.json +0 -9
  88. package/container_src/types.ts +0 -103
  89. package/src/client.ts +0 -1038
  90. package/src/types.ts +0 -386
package/src/sandbox.ts CHANGED
@@ -1,67 +1,108 @@
1
+ import type { DurableObject } from 'cloudflare:workers';
1
2
  import { Container, getContainer } from "@cloudflare/containers";
2
- import { HttpClient } from "./client";
3
- import { isLocalhostPattern } from "./request-handler";
4
- import {
5
- logSecurityEvent,
6
- SecurityError,
7
- sanitizeSandboxId,
8
- validatePort
9
- } from "./security";
10
3
  import type {
4
+ CodeContext,
5
+ CreateContextOptions,
6
+ ExecEvent,
11
7
  ExecOptions,
12
8
  ExecResult,
9
+ ExecutionResult,
10
+ ExecutionSession,
13
11
  ISandbox,
14
12
  Process,
15
13
  ProcessOptions,
16
14
  ProcessStatus,
15
+ RunCodeOptions,
16
+ SandboxOptions,
17
+ SessionOptions,
17
18
  StreamOptions
18
- } from "./types";
19
+ } from "@repo/shared";
20
+ import { createLogger, runWithLogger, TraceContext } from "@repo/shared";
21
+ import { type ExecuteResponse, SandboxClient } from "./clients";
22
+ import type { ErrorResponse } from './errors';
23
+ import { CustomDomainRequiredError, ErrorCode } from './errors';
24
+ import { CodeInterpreter } from "./interpreter";
25
+ import { isLocalhostPattern } from "./request-handler";
19
26
  import {
20
- ProcessNotFoundError,
21
- SandboxError
22
- } from "./types";
23
-
24
- export function getSandbox(ns: DurableObjectNamespace<Sandbox>, id: string) {
27
+ SecurityError,
28
+ sanitizeSandboxId,
29
+ validatePort
30
+ } from "./security";
31
+ import { parseSSEStream } from "./sse-parser";
32
+ import { SDK_VERSION } from "./version";
33
+
34
+ export function getSandbox(
35
+ ns: DurableObjectNamespace<Sandbox>,
36
+ id: string,
37
+ options?: SandboxOptions
38
+ ) {
25
39
  const stub = getContainer(ns, id);
26
40
 
27
41
  // Store the name on first access
28
42
  stub.setSandboxName?.(id);
29
43
 
44
+ if (options?.baseUrl) {
45
+ stub.setBaseUrl(options.baseUrl);
46
+ }
47
+
48
+ if (options?.sleepAfter !== undefined) {
49
+ stub.setSleepAfter(options.sleepAfter);
50
+ }
51
+
30
52
  return stub;
31
53
  }
32
54
 
33
55
  export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
34
56
  defaultPort = 3000; // Default port for the container's Bun server
35
- sleepAfter = "3m"; // Sleep the sandbox if no requests are made in this timeframe
36
- client: HttpClient;
57
+ sleepAfter: string | number = "10m"; // Sleep the sandbox if no requests are made in this timeframe
58
+
59
+ client: SandboxClient;
60
+ private codeInterpreter: CodeInterpreter;
37
61
  private sandboxName: string | null = null;
62
+ private baseUrl: string | null = null;
63
+ private portTokens: Map<number, string> = new Map();
64
+ private defaultSession: string | null = null;
65
+ envVars: Record<string, string> = {};
66
+ private logger: ReturnType<typeof createLogger>;
38
67
 
39
- constructor(ctx: DurableObjectState, env: Env) {
68
+ constructor(ctx: DurableObject['ctx'], env: Env) {
40
69
  super(ctx, env);
41
- this.client = new HttpClient({
42
- onCommandComplete: (success, exitCode, _stdout, _stderr, command) => {
43
- console.log(
44
- `[Container] Command completed: ${command}, Success: ${success}, Exit code: ${exitCode}`
45
- );
46
- },
47
- onCommandStart: (command) => {
48
- console.log(
49
- `[Container] Command started: ${command}`
50
- );
51
- },
52
- onError: (error, _command) => {
53
- console.error(`[Container] Command error: ${error}`);
54
- },
55
- onOutput: (stream, data, _command) => {
56
- console.log(`[Container] [${stream}] ${data}`);
57
- },
70
+
71
+ const envObj = env as any;
72
+ // Set sandbox environment variables from env object
73
+ const sandboxEnvKeys = ['SANDBOX_LOG_LEVEL', 'SANDBOX_LOG_FORMAT'] as const;
74
+ sandboxEnvKeys.forEach(key => {
75
+ if (envObj?.[key]) {
76
+ this.envVars[key] = envObj[key];
77
+ }
78
+ });
79
+
80
+ this.logger = createLogger({
81
+ component: 'sandbox-do',
82
+ sandboxId: this.ctx.id.toString()
83
+ });
84
+
85
+ this.client = new SandboxClient({
86
+ logger: this.logger,
58
87
  port: 3000, // Control plane port
59
88
  stub: this,
60
89
  });
61
90
 
62
- // Load the sandbox name from storage on initialization
91
+ // Initialize code interpreter - pass 'this' after client is ready
92
+ // The CodeInterpreter extracts client.interpreter from the sandbox
93
+ this.codeInterpreter = new CodeInterpreter(this);
94
+
95
+ // Load the sandbox name, port tokens, and default session from storage on initialization
63
96
  this.ctx.blockConcurrencyWhile(async () => {
64
97
  this.sandboxName = await this.ctx.storage.get<string>('sandboxName') || null;
98
+ this.defaultSession = await this.ctx.storage.get<string>('defaultSession') || null;
99
+ const storedTokens = await this.ctx.storage.get<Record<string, string>>('portTokens') || {};
100
+
101
+ // Convert stored tokens back to Map
102
+ this.portTokens = new Map();
103
+ for (const [portStr, token] of Object.entries(storedTokens)) {
104
+ this.portTokens.set(parseInt(portStr, 10), token);
105
+ }
65
106
  });
66
107
  }
67
108
 
@@ -70,55 +111,156 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
70
111
  if (!this.sandboxName) {
71
112
  this.sandboxName = name;
72
113
  await this.ctx.storage.put('sandboxName', name);
73
- console.log(`[Sandbox] Stored sandbox name via RPC: ${name}`);
74
114
  }
75
115
  }
76
116
 
117
+ // RPC method to set the base URL
118
+ async setBaseUrl(baseUrl: string): Promise<void> {
119
+ if (!this.baseUrl) {
120
+ this.baseUrl = baseUrl;
121
+ await this.ctx.storage.put('baseUrl', baseUrl);
122
+ } else {
123
+ if(this.baseUrl !== baseUrl) {
124
+ throw new Error('Base URL already set and different from one previously provided');
125
+ }
126
+ }
127
+ }
128
+
129
+ // RPC method to set the sleep timeout
130
+ async setSleepAfter(sleepAfter: string | number): Promise<void> {
131
+ this.sleepAfter = sleepAfter;
132
+ }
133
+
77
134
  // RPC method to set environment variables
78
135
  async setEnvVars(envVars: Record<string, string>): Promise<void> {
136
+ // Update local state for new sessions
79
137
  this.envVars = { ...this.envVars, ...envVars };
80
- console.log(`[Sandbox] Updated environment variables`);
138
+
139
+ // If default session already exists, update it directly
140
+ if (this.defaultSession) {
141
+ // Set environment variables by executing export commands in the existing session
142
+ for (const [key, value] of Object.entries(envVars)) {
143
+ const escapedValue = value.replace(/'/g, "'\\''");
144
+ const exportCommand = `export ${key}='${escapedValue}'`;
145
+
146
+ const result = await this.client.commands.execute(exportCommand, this.defaultSession);
147
+
148
+ if (result.exitCode !== 0) {
149
+ throw new Error(`Failed to set ${key}: ${result.stderr || 'Unknown error'}`);
150
+ }
151
+ }
152
+ }
153
+ }
154
+
155
+ /**
156
+ * Cleanup and destroy the sandbox container
157
+ */
158
+ override async destroy(): Promise<void> {
159
+ this.logger.info('Destroying sandbox container');
160
+ await super.destroy();
81
161
  }
82
162
 
83
163
  override onStart() {
84
- console.log("Sandbox successfully started");
164
+ this.logger.debug('Sandbox started');
165
+
166
+ // Check version compatibility asynchronously (don't block startup)
167
+ this.checkVersionCompatibility().catch(error => {
168
+ this.logger.error('Version compatibility check failed', error instanceof Error ? error : new Error(String(error)));
169
+ });
85
170
  }
86
171
 
87
- override onStop() {
88
- console.log("Sandbox successfully shut down");
89
- if (this.client) {
90
- this.client.clearSession();
172
+ /**
173
+ * Check if the container version matches the SDK version
174
+ * Logs a warning if there's a mismatch
175
+ */
176
+ private async checkVersionCompatibility(): Promise<void> {
177
+ try {
178
+ // Get the SDK version (imported from version.ts)
179
+ const sdkVersion = SDK_VERSION;
180
+
181
+ // Get container version
182
+ const containerVersion = await this.client.utils.getVersion();
183
+
184
+ // If container version is unknown, it's likely an old container without the endpoint
185
+ if (containerVersion === 'unknown') {
186
+ this.logger.warn(
187
+ 'Container version check: Container version could not be determined. ' +
188
+ 'This may indicate an outdated container image. ' +
189
+ 'Please update your container to match SDK version ' + sdkVersion
190
+ );
191
+ return;
192
+ }
193
+
194
+ // Check if versions match
195
+ if (containerVersion !== sdkVersion) {
196
+ const message =
197
+ `Version mismatch detected! SDK version (${sdkVersion}) does not match ` +
198
+ `container version (${containerVersion}). This may cause compatibility issues. ` +
199
+ `Please update your container image to version ${sdkVersion}`;
200
+
201
+ // Log warning - we can't reliably detect dev vs prod environment in Durable Objects
202
+ // so we always use warning level as requested by the user
203
+ this.logger.warn(message);
204
+ } else {
205
+ this.logger.debug('Version check passed', { sdkVersion, containerVersion });
206
+ }
207
+ } catch (error) {
208
+ // Don't fail the sandbox initialization if version check fails
209
+ this.logger.debug('Version compatibility check encountered an error', {
210
+ error: error instanceof Error ? error.message : String(error)
211
+ });
91
212
  }
92
213
  }
93
214
 
215
+ override onStop() {
216
+ this.logger.debug('Sandbox stopped');
217
+ }
218
+
94
219
  override onError(error: unknown) {
95
- console.log("Sandbox error:", error);
220
+ this.logger.error('Sandbox error', error instanceof Error ? error : new Error(String(error)));
96
221
  }
97
222
 
98
223
  // Override fetch to route internal container requests to appropriate ports
99
224
  override async fetch(request: Request): Promise<Response> {
100
- const url = new URL(request.url);
225
+ // Extract or generate trace ID from request
226
+ const traceId = TraceContext.fromHeaders(request.headers) || TraceContext.generate();
101
227
 
102
- // Capture and store the sandbox name from the header if present
103
- if (!this.sandboxName && request.headers.has('X-Sandbox-Name')) {
104
- const name = request.headers.get('X-Sandbox-Name')!;
105
- this.sandboxName = name;
106
- await this.ctx.storage.put('sandboxName', name);
107
- console.log(`[Sandbox] Stored sandbox name: ${this.sandboxName}`);
108
- }
228
+ // Create request-specific logger with trace ID
229
+ const requestLogger = this.logger.child({ traceId, operation: 'fetch' });
230
+
231
+ return await runWithLogger(requestLogger, async () => {
232
+ const url = new URL(request.url);
233
+
234
+ // Capture and store the sandbox name from the header if present
235
+ if (!this.sandboxName && request.headers.has('X-Sandbox-Name')) {
236
+ const name = request.headers.get('X-Sandbox-Name')!;
237
+ this.sandboxName = name;
238
+ await this.ctx.storage.put('sandboxName', name);
239
+ }
109
240
 
110
- // Determine which port to route to
111
- const port = this.determinePort(url);
241
+ // Detect WebSocket upgrade request
242
+ const upgradeHeader = request.headers.get('Upgrade');
243
+ const isWebSocket = upgradeHeader?.toLowerCase() === 'websocket';
112
244
 
113
- // Route to the appropriate port
114
- return await this.containerFetch(request, port);
245
+ if (isWebSocket) {
246
+ // WebSocket path: Let parent Container class handle WebSocket proxying
247
+ // This bypasses containerFetch() which uses JSRPC and cannot handle WebSocket upgrades
248
+ return await super.fetch(request);
249
+ }
250
+
251
+ // Non-WebSocket: Use existing port determination and HTTP routing logic
252
+ const port = this.determinePort(url);
253
+
254
+ // Route to the appropriate port
255
+ return await this.containerFetch(request, port);
256
+ });
115
257
  }
116
258
 
117
259
  private determinePort(url: URL): number {
118
260
  // Extract port from proxy requests (e.g., /proxy/8080/*)
119
261
  const proxyMatch = url.pathname.match(/^\/proxy\/(\d+)/);
120
262
  if (proxyMatch) {
121
- return parseInt(proxyMatch[1]);
263
+ return parseInt(proxyMatch[1], 10);
122
264
  }
123
265
 
124
266
  // All other requests go to control plane on port 3000
@@ -126,9 +268,62 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
126
268
  return 3000;
127
269
  }
128
270
 
271
+ /**
272
+ * Ensure default session exists - lazy initialization
273
+ * This is called automatically by all public methods that need a session
274
+ *
275
+ * The session is persisted to Durable Object storage to survive hot reloads
276
+ * during development. If a session already exists in the container after reload,
277
+ * we reuse it instead of trying to create a new one.
278
+ */
279
+ private async ensureDefaultSession(): Promise<string> {
280
+ if (!this.defaultSession) {
281
+ const sessionId = `sandbox-${this.sandboxName || 'default'}`;
282
+
283
+ try {
284
+ // Try to create session in container
285
+ await this.client.utils.createSession({
286
+ id: sessionId,
287
+ env: this.envVars || {},
288
+ cwd: '/workspace',
289
+ });
290
+
291
+ this.defaultSession = sessionId;
292
+ // Persist to storage so it survives hot reloads
293
+ await this.ctx.storage.put('defaultSession', sessionId);
294
+ this.logger.debug('Default session initialized', { sessionId });
295
+ } catch (error: any) {
296
+ // If session already exists (e.g., after hot reload), reuse it
297
+ if (error?.message?.includes('already exists')) {
298
+ this.logger.debug('Reusing existing session after reload', { sessionId });
299
+ this.defaultSession = sessionId;
300
+ // Persist to storage in case it wasn't saved before
301
+ await this.ctx.storage.put('defaultSession', sessionId);
302
+ } else {
303
+ // Re-throw other errors
304
+ throw error;
305
+ }
306
+ }
307
+ }
308
+ return this.defaultSession;
309
+ }
310
+
129
311
  // Enhanced exec method - always returns ExecResult with optional streaming
130
312
  // This replaces the old exec method to match ISandbox interface
131
313
  async exec(command: string, options?: ExecOptions): Promise<ExecResult> {
314
+ const session = await this.ensureDefaultSession();
315
+ return this.execWithSession(command, session, options);
316
+ }
317
+
318
+ /**
319
+ * Internal session-aware exec implementation
320
+ * Used by both public exec() and session wrappers
321
+ */
322
+ private async execWithSession(
323
+ command: string,
324
+ sessionId: string,
325
+ options?: ExecOptions
326
+ ): Promise<ExecResult> {
132
327
  const startTime = Date.now();
133
328
  const timestamp = new Date().toISOString();
134
329
 
@@ -145,16 +340,13 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
145
340
 
146
341
  if (options?.stream && options?.onOutput) {
147
342
  // Streaming with callbacks - we need to collect the final result
148
- result = await this.executeWithStreaming(command, options, startTime, timestamp);
343
+ result = await this.executeWithStreaming(command, sessionId, options, startTime, timestamp);
149
344
  } else {
150
- // Regular execution
151
- const response = await this.client.execute(
152
- command,
153
- options?.sessionId
154
- );
345
+ // Regular execution with session
346
+ const response = await this.client.commands.execute(command, sessionId);
155
347
 
156
348
  const duration = Date.now() - startTime;
157
- result = this.mapExecuteResponseToExecResult(response, duration, options?.sessionId);
349
+ result = this.mapExecuteResponseToExecResult(response, duration, sessionId);
158
350
  }
159
351
 
160
352
  // Call completion callback if provided
@@ -177,6 +369,7 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
177
369
 
178
370
  private async executeWithStreaming(
179
371
  command: string,
372
+ sessionId: string,
180
373
  options: ExecOptions,
181
374
  startTime: number,
182
375
  timestamp: string
@@ -185,10 +378,9 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
185
378
  let stderr = '';
186
379
 
187
380
  try {
188
- const stream = await this.client.executeCommandStream(command, options.sessionId);
189
- const { parseSSEStream } = await import('./sse-parser');
381
+ const stream = await this.client.commands.executeStream(command, sessionId);
190
382
 
191
- for await (const event of parseSSEStream<import('./types').ExecEvent>(stream)) {
383
+ for await (const event of parseSSEStream<ExecEvent>(stream)) {
192
384
  // Check for cancellation
193
385
  if (options.signal?.aborted) {
194
386
  throw new Error('Operation was aborted');
@@ -212,20 +404,20 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
212
404
  case 'complete': {
213
405
  // Use result from complete event if available
214
406
  const duration = Date.now() - startTime;
215
- return event.result || {
216
- success: event.exitCode === 0,
217
- exitCode: event.exitCode || 0,
407
+ return {
408
+ success: (event.exitCode ?? 0) === 0,
409
+ exitCode: event.exitCode ?? 0,
218
410
  stdout,
219
411
  stderr,
220
412
  command,
221
413
  duration,
222
414
  timestamp,
223
- sessionId: options.sessionId
415
+ sessionId
224
416
  };
225
417
  }
226
418
 
227
419
  case 'error':
228
- throw new Error(event.error || 'Command execution failed');
420
+ throw new Error(event.data || 'Command execution failed');
229
421
  }
230
422
  }
231
423
 
@@ -241,7 +433,7 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
241
433
  }
242
434
 
243
435
  private mapExecuteResponseToExecResult(
244
- response: import('./client').ExecuteResponse,
436
+ response: ExecuteResponse,
245
437
  duration: number,
246
438
  sessionId?: string
247
439
  ): ExecResult {
@@ -257,57 +449,68 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
257
449
  };
258
450
  }
259
451
 
452
+ /**
453
+ * Create a Process domain object from HTTP client DTO
454
+ * Centralizes process object creation with bound methods
455
+ * This eliminates duplication across startProcess, listProcesses, getProcess, and session wrappers
456
+ */
457
+ private createProcessFromDTO(
458
+ data: {
459
+ id: string;
460
+ pid?: number;
461
+ command: string;
462
+ status: ProcessStatus;
463
+ startTime: string | Date;
464
+ endTime?: string | Date;
465
+ exitCode?: number;
466
+ },
467
+ sessionId: string
468
+ ): Process {
469
+ return {
470
+ id: data.id,
471
+ pid: data.pid,
472
+ command: data.command,
473
+ status: data.status,
474
+ startTime: typeof data.startTime === 'string' ? new Date(data.startTime) : data.startTime,
475
+ endTime: data.endTime ? (typeof data.endTime === 'string' ? new Date(data.endTime) : data.endTime) : undefined,
476
+ exitCode: data.exitCode,
477
+ sessionId,
478
+
479
+ kill: async (signal?: string) => {
480
+ await this.killProcess(data.id, signal);
481
+ },
482
+
483
+ getStatus: async () => {
484
+ const current = await this.getProcess(data.id);
485
+ return current?.status || 'error';
486
+ },
487
+
488
+ getLogs: async () => {
489
+ const logs = await this.getProcessLogs(data.id);
490
+ return { stdout: logs.stdout, stderr: logs.stderr };
491
+ }
492
+ };
493
+ }
494
+
260
495
 
261
496
  // Background process management
262
- async startProcess(command: string, options?: ProcessOptions): Promise<Process> {
497
+ async startProcess(command: string, options?: ProcessOptions, sessionId?: string): Promise<Process> {
263
498
  // Use the new HttpClient method to start the process
264
499
  try {
265
- const response = await this.client.startProcess(command, {
266
- processId: options?.processId,
267
- sessionId: options?.sessionId,
268
- timeout: options?.timeout,
269
- env: options?.env,
270
- cwd: options?.cwd,
271
- encoding: options?.encoding,
272
- autoCleanup: options?.autoCleanup
500
+ const session = sessionId ?? await this.ensureDefaultSession();
501
+ const response = await this.client.processes.startProcess(command, session, {
502
+ processId: options?.processId
273
503
  });
274
504
 
275
- const process = response.process;
276
- const processObj: Process = {
277
- id: process.id,
278
- pid: process.pid,
279
- command: process.command,
280
- status: process.status as ProcessStatus,
281
- startTime: new Date(process.startTime),
505
+ const processObj = this.createProcessFromDTO({
506
+ id: response.processId,
507
+ pid: response.pid,
508
+ command: response.command,
509
+ status: 'running' as ProcessStatus,
510
+ startTime: new Date(),
282
511
  endTime: undefined,
283
- exitCode: undefined,
284
- sessionId: process.sessionId,
285
-
286
- async kill(): Promise<void> {
287
- throw new Error('Method will be replaced');
288
- },
289
- async getStatus(): Promise<ProcessStatus> {
290
- throw new Error('Method will be replaced');
291
- },
292
- async getLogs(): Promise<{ stdout: string; stderr: string }> {
293
- throw new Error('Method will be replaced');
294
- }
295
- };
296
-
297
- // Bind context properly
298
- processObj.kill = async (signal?: string) => {
299
- await this.killProcess(process.id, signal);
300
- };
301
-
302
- processObj.getStatus = async () => {
303
- const current = await this.getProcess(process.id);
304
- return current?.status || 'error';
305
- };
306
-
307
- processObj.getLogs = async () => {
308
- const logs = await this.getProcessLogs(process.id);
309
- return { stdout: logs.stdout, stderr: logs.stderr };
310
- };
512
+ exitCode: undefined
513
+ }, session);
311
514
 
312
515
  // Call onStart callback if provided
313
516
  if (options?.onStart) {
@@ -325,108 +528,68 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
325
528
  }
326
529
  }
327
530
 
328
- async listProcesses(): Promise<Process[]> {
329
- const response = await this.client.listProcesses();
330
-
331
- return response.processes.map(processData => ({
332
- id: processData.id,
333
- pid: processData.pid,
334
- command: processData.command,
335
- status: processData.status,
336
- startTime: new Date(processData.startTime),
337
- endTime: processData.endTime ? new Date(processData.endTime) : undefined,
338
- exitCode: processData.exitCode,
339
- sessionId: processData.sessionId,
340
-
341
- kill: async (signal?: string) => {
342
- await this.killProcess(processData.id, signal);
343
- },
344
-
345
- getStatus: async () => {
346
- const current = await this.getProcess(processData.id);
347
- return current?.status || 'error';
348
- },
349
-
350
- getLogs: async () => {
351
- const logs = await this.getProcessLogs(processData.id);
352
- return { stdout: logs.stdout, stderr: logs.stderr };
353
- }
354
- }));
531
+ async listProcesses(sessionId?: string): Promise<Process[]> {
532
+ const session = sessionId ?? await this.ensureDefaultSession();
533
+ const response = await this.client.processes.listProcesses();
534
+
535
+ return response.processes.map(processData =>
536
+ this.createProcessFromDTO({
537
+ id: processData.id,
538
+ pid: processData.pid,
539
+ command: processData.command,
540
+ status: processData.status,
541
+ startTime: processData.startTime,
542
+ endTime: processData.endTime,
543
+ exitCode: processData.exitCode
544
+ }, session)
545
+ );
355
546
  }
356
547
 
357
- async getProcess(id: string): Promise<Process | null> {
358
- const response = await this.client.getProcess(id);
548
+ async getProcess(id: string, sessionId?: string): Promise<Process | null> {
549
+ const session = sessionId ?? await this.ensureDefaultSession();
550
+ const response = await this.client.processes.getProcess(id);
359
551
  if (!response.process) {
360
552
  return null;
361
553
  }
362
554
 
363
555
  const processData = response.process;
364
- return {
556
+ return this.createProcessFromDTO({
365
557
  id: processData.id,
366
558
  pid: processData.pid,
367
559
  command: processData.command,
368
560
  status: processData.status,
369
- startTime: new Date(processData.startTime),
370
- endTime: processData.endTime ? new Date(processData.endTime) : undefined,
371
- exitCode: processData.exitCode,
372
- sessionId: processData.sessionId,
373
-
374
- kill: async (signal?: string) => {
375
- await this.killProcess(processData.id, signal);
376
- },
377
-
378
- getStatus: async () => {
379
- const current = await this.getProcess(processData.id);
380
- return current?.status || 'error';
381
- },
382
-
383
- getLogs: async () => {
384
- const logs = await this.getProcessLogs(processData.id);
385
- return { stdout: logs.stdout, stderr: logs.stderr };
386
- }
387
- };
561
+ startTime: processData.startTime,
562
+ endTime: processData.endTime,
563
+ exitCode: processData.exitCode
564
+ }, session);
388
565
  }
389
566
 
390
- async killProcess(id: string, _signal?: string): Promise<void> {
391
- try {
392
- // Note: signal parameter is not currently supported by the HttpClient implementation
393
- await this.client.killProcess(id);
394
- } catch (error) {
395
- if (error instanceof Error && error.message.includes('Process not found')) {
396
- throw new ProcessNotFoundError(id);
397
- }
398
- throw new SandboxError(
399
- `Failed to kill process ${id}: ${error instanceof Error ? error.message : 'Unknown error'}`,
400
- 'KILL_PROCESS_FAILED'
401
- );
402
- }
567
+ async killProcess(id: string, signal?: string, sessionId?: string): Promise<void> {
568
+ // Note: signal parameter is not currently supported by the HttpClient implementation
569
+ // The HTTP client already throws properly typed errors, so we just let them propagate
570
+ await this.client.processes.killProcess(id);
403
571
  }
404
572
 
405
- async killAllProcesses(): Promise<number> {
406
- const response = await this.client.killAllProcesses();
407
- return response.killedCount;
573
+ async killAllProcesses(sessionId?: string): Promise<number> {
574
+ const response = await this.client.processes.killAllProcesses();
575
+ return response.cleanedCount;
408
576
  }
409
577
 
410
- async cleanupCompletedProcesses(): Promise<number> {
578
+ async cleanupCompletedProcesses(sessionId?: string): Promise<number> {
411
579
  // For now, this would need to be implemented as a container endpoint
412
580
  // as we no longer maintain local process storage
413
581
  // We'll return 0 as a placeholder until the container endpoint is added
414
582
  return 0;
415
583
  }
416
584
 
417
- async getProcessLogs(id: string): Promise<{ stdout: string; stderr: string }> {
418
- try {
419
- const response = await this.client.getProcessLogs(id);
420
- return {
421
- stdout: response.stdout,
422
- stderr: response.stderr
423
- };
424
- } catch (error) {
425
- if (error instanceof Error && error.message.includes('Process not found')) {
426
- throw new ProcessNotFoundError(id);
427
- }
428
- throw error;
429
- }
585
+ async getProcessLogs(id: string, sessionId?: string): Promise<{ stdout: string; stderr: string; processId: string }> {
586
+ // The HTTP client already throws properly typed errors, so we just let them propagate
587
+ const response = await this.client.processes.getProcessLogs(id);
588
+ return {
589
+ stdout: response.stdout,
590
+ stderr: response.stderr,
591
+ processId: response.processId
592
+ };
430
593
  }
431
594
 
432
595
 
@@ -437,11 +600,21 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
437
600
  throw new Error('Operation was aborted');
438
601
  }
439
602
 
440
- // Get the stream from HttpClient (need to add this method)
441
- const stream = await this.client.executeCommandStream(command, options?.sessionId);
603
+ const session = await this.ensureDefaultSession();
604
+ // Get the stream from CommandClient
605
+ return this.client.commands.executeStream(command, session);
606
+ }
442
607
 
443
- // Return the ReadableStream directly - can be converted to AsyncIterable by consumers
444
- return stream;
608
+ /**
609
+ * Internal session-aware execStream implementation
610
+ */
611
+ private async execStreamWithSession(command: string, sessionId: string, options?: StreamOptions): Promise<ReadableStream<Uint8Array>> {
612
+ // Check for cancellation
613
+ if (options?.signal?.aborted) {
614
+ throw new Error('Operation was aborted');
615
+ }
616
+
617
+ return this.client.commands.executeStream(command, sessionId);
445
618
  }
446
619
 
447
620
  async streamProcessLogs(processId: string, options?: { signal?: AbortSignal }): Promise<ReadableStream<Uint8Array>> {
@@ -450,69 +623,122 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
450
623
  throw new Error('Operation was aborted');
451
624
  }
452
625
 
453
- // Get the stream from HttpClient
454
- const stream = await this.client.streamProcessLogs(processId);
455
-
456
- // Return the ReadableStream directly - can be converted to AsyncIterable by consumers
457
- return stream;
626
+ return this.client.processes.streamProcessLogs(processId);
458
627
  }
459
628
 
460
629
  async gitCheckout(
461
630
  repoUrl: string,
462
- options: { branch?: string; targetDir?: string }
631
+ options: { branch?: string; targetDir?: string; sessionId?: string }
463
632
  ) {
464
- return this.client.gitCheckout(repoUrl, options.branch, options.targetDir);
633
+ const session = options.sessionId ?? await this.ensureDefaultSession();
634
+ return this.client.git.checkout(repoUrl, session, {
635
+ branch: options.branch,
636
+ targetDir: options.targetDir
637
+ });
465
638
  }
466
639
 
467
640
  async mkdir(
468
641
  path: string,
469
- options: { recursive?: boolean } = {}
642
+ options: { recursive?: boolean; sessionId?: string } = {}
470
643
  ) {
471
- return this.client.mkdir(path, options.recursive);
644
+ const session = options.sessionId ?? await this.ensureDefaultSession();
645
+ return this.client.files.mkdir(path, session, { recursive: options.recursive });
472
646
  }
473
647
 
474
648
  async writeFile(
475
649
  path: string,
476
650
  content: string,
477
- options: { encoding?: string } = {}
651
+ options: { encoding?: string; sessionId?: string } = {}
478
652
  ) {
479
- return this.client.writeFile(path, content, options.encoding);
653
+ const session = options.sessionId ?? await this.ensureDefaultSession();
654
+ return this.client.files.writeFile(path, content, session, { encoding: options.encoding });
480
655
  }
481
656
 
482
- async deleteFile(path: string) {
483
- return this.client.deleteFile(path);
657
+ async deleteFile(path: string, sessionId?: string) {
658
+ const session = sessionId ?? await this.ensureDefaultSession();
659
+ return this.client.files.deleteFile(path, session);
484
660
  }
485
661
 
486
662
  async renameFile(
487
663
  oldPath: string,
488
- newPath: string
664
+ newPath: string,
665
+ sessionId?: string
489
666
  ) {
490
- return this.client.renameFile(oldPath, newPath);
667
+ const session = sessionId ?? await this.ensureDefaultSession();
668
+ return this.client.files.renameFile(oldPath, newPath, session);
491
669
  }
492
670
 
493
671
  async moveFile(
494
672
  sourcePath: string,
495
- destinationPath: string
673
+ destinationPath: string,
674
+ sessionId?: string
496
675
  ) {
497
- return this.client.moveFile(sourcePath, destinationPath);
676
+ const session = sessionId ?? await this.ensureDefaultSession();
677
+ return this.client.files.moveFile(sourcePath, destinationPath, session);
498
678
  }
499
679
 
500
680
  async readFile(
501
681
  path: string,
502
- options: { encoding?: string } = {}
682
+ options: { encoding?: string; sessionId?: string } = {}
683
+ ) {
684
+ const session = options.sessionId ?? await this.ensureDefaultSession();
685
+ return this.client.files.readFile(path, session, { encoding: options.encoding });
686
+ }
687
+
688
+ /**
689
+ * Stream a file from the sandbox using Server-Sent Events
690
+ * Returns a ReadableStream that can be consumed with streamFile() or collectFile() utilities
691
+ * @param path - Path to the file to stream
692
+ * @param options - Optional session ID
693
+ */
694
+ async readFileStream(
695
+ path: string,
696
+ options: { sessionId?: string } = {}
697
+ ): Promise<ReadableStream<Uint8Array>> {
698
+ const session = options.sessionId ?? await this.ensureDefaultSession();
699
+ return this.client.files.readFileStream(path, session);
700
+ }
701
+
702
+ async listFiles(
703
+ path: string,
704
+ options?: { recursive?: boolean; includeHidden?: boolean }
503
705
  ) {
504
- return this.client.readFile(path, options.encoding);
706
+ const session = await this.ensureDefaultSession();
707
+ return this.client.files.listFiles(path, session, options);
708
+ }
709
+
710
+ async exists(path: string, sessionId?: string) {
711
+ const session = sessionId ?? await this.ensureDefaultSession();
712
+ return this.client.files.exists(path, session);
505
713
  }
506
714
 
507
715
  async exposePort(port: number, options: { name?: string; hostname: string }) {
508
- await this.client.exposePort(port, options?.name);
716
+ // Check if hostname is workers.dev domain (doesn't support wildcard subdomains)
717
+ if (options.hostname.endsWith('.workers.dev')) {
718
+ const errorResponse: ErrorResponse = {
719
+ code: ErrorCode.CUSTOM_DOMAIN_REQUIRED,
720
+ message: `Port exposure requires a custom domain. .workers.dev domains do not support wildcard subdomains required for port proxying.`,
721
+ context: { originalError: options.hostname },
722
+ httpStatus: 400,
723
+ timestamp: new Date().toISOString()
724
+ };
725
+ throw new CustomDomainRequiredError(errorResponse);
726
+ }
727
+
728
+ const sessionId = await this.ensureDefaultSession();
729
+ await this.client.ports.exposePort(port, sessionId, options?.name);
509
730
 
510
731
  // We need the sandbox name to construct preview URLs
511
732
  if (!this.sandboxName) {
512
733
  throw new Error('Sandbox name not available. Ensure sandbox is accessed through getSandbox()');
513
734
  }
514
735
 
515
- const url = this.constructPreviewUrl(port, this.sandboxName, options.hostname);
736
+ // Generate and store token for this port
737
+ const token = this.generatePortToken();
738
+ this.portTokens.set(port, token);
739
+ await this.persistPortTokens();
740
+
741
+ const url = this.constructPreviewUrl(port, this.sandboxName, options.hostname, token);
516
742
 
517
743
  return {
518
744
  url,
@@ -523,58 +749,101 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
523
749
 
524
750
  async unexposePort(port: number) {
525
751
  if (!validatePort(port)) {
526
- logSecurityEvent('INVALID_PORT_UNEXPOSE', {
527
- port
528
- }, 'high');
529
752
  throw new SecurityError(`Invalid port number: ${port}. Must be between 1024-65535 and not reserved.`);
530
753
  }
531
754
 
532
- await this.client.unexposePort(port);
755
+ const sessionId = await this.ensureDefaultSession();
756
+ await this.client.ports.unexposePort(port, sessionId);
533
757
 
534
- logSecurityEvent('PORT_UNEXPOSED', {
535
- port
536
- }, 'low');
758
+ // Clean up token for this port
759
+ if (this.portTokens.has(port)) {
760
+ this.portTokens.delete(port);
761
+ await this.persistPortTokens();
762
+ }
537
763
  }
538
764
 
539
765
  async getExposedPorts(hostname: string) {
540
- const response = await this.client.getExposedPorts();
766
+ const sessionId = await this.ensureDefaultSession();
767
+ const response = await this.client.ports.getExposedPorts(sessionId);
541
768
 
542
769
  // We need the sandbox name to construct preview URLs
543
770
  if (!this.sandboxName) {
544
771
  throw new Error('Sandbox name not available. Ensure sandbox is accessed through getSandbox()');
545
772
  }
546
773
 
547
- return response.ports.map(port => ({
548
- url: this.constructPreviewUrl(port.port, this.sandboxName!, hostname),
549
- port: port.port,
550
- name: port.name,
551
- exposedAt: port.exposedAt,
552
- }));
774
+ return response.ports.map(port => {
775
+ // Get token for this port - must exist for all exposed ports
776
+ const token = this.portTokens.get(port.port);
777
+ if (!token) {
778
+ throw new Error(`Port ${port.port} is exposed but has no token. This should not happen.`);
779
+ }
780
+
781
+ return {
782
+ url: this.constructPreviewUrl(port.port, this.sandboxName!, hostname, token),
783
+ port: port.port,
784
+ status: port.status,
785
+ };
786
+ });
553
787
  }
554
788
 
555
789
 
556
- private constructPreviewUrl(port: number, sandboxId: string, hostname: string): string {
790
+ async isPortExposed(port: number): Promise<boolean> {
791
+ try {
792
+ const sessionId = await this.ensureDefaultSession();
793
+ const response = await this.client.ports.getExposedPorts(sessionId);
794
+ return response.ports.some(exposedPort => exposedPort.port === port);
795
+ } catch (error) {
796
+ this.logger.error('Error checking if port is exposed', error instanceof Error ? error : new Error(String(error)), { port });
797
+ return false;
798
+ }
799
+ }
800
+
801
+ async validatePortToken(port: number, token: string): Promise<boolean> {
802
+ // First check if port is exposed
803
+ const isExposed = await this.isPortExposed(port);
804
+ if (!isExposed) {
805
+ return false;
806
+ }
807
+
808
+ // Get stored token for this port - must exist for all exposed ports
809
+ const storedToken = this.portTokens.get(port);
810
+ if (!storedToken) {
811
+ // This should not happen - all exposed ports must have tokens
812
+ this.logger.error('Port is exposed but has no token - bug detected', undefined, { port });
813
+ return false;
814
+ }
815
+
816
+ // Constant-time comparison to prevent timing attacks
817
+ return storedToken === token;
818
+ }
819
+
820
+ private generatePortToken(): string {
821
+ // Generate cryptographically secure 16-character token using Web Crypto API
822
+ // Available in Cloudflare Workers runtime
823
+ const array = new Uint8Array(12); // 12 bytes = 16 base64url chars (after padding removal)
824
+ crypto.getRandomValues(array);
825
+
826
+ // Convert to base64url format (URL-safe, no padding, lowercase)
827
+ const base64 = btoa(String.fromCharCode(...array));
828
+ return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '').toLowerCase();
829
+ }
830
+
831
+ private async persistPortTokens(): Promise<void> {
832
+ // Convert Map to plain object for storage
833
+ const tokensObj: Record<string, string> = {};
834
+ for (const [port, token] of this.portTokens.entries()) {
835
+ tokensObj[port.toString()] = token;
836
+ }
837
+ await this.ctx.storage.put('portTokens', tokensObj);
838
+ }
839
+
840
+ private constructPreviewUrl(port: number, sandboxId: string, hostname: string, token: string): string {
557
841
  if (!validatePort(port)) {
558
- logSecurityEvent('INVALID_PORT_REJECTED', {
559
- port,
560
- sandboxId,
561
- hostname
562
- }, 'high');
563
842
  throw new SecurityError(`Invalid port number: ${port}. Must be between 1024-65535 and not reserved.`);
564
843
  }
565
844
 
566
- let sanitizedSandboxId: string;
567
- try {
568
- sanitizedSandboxId = sanitizeSandboxId(sandboxId);
569
- } catch (error) {
570
- logSecurityEvent('INVALID_SANDBOX_ID_REJECTED', {
571
- sandboxId,
572
- port,
573
- hostname,
574
- error: error instanceof Error ? error.message : 'Unknown error'
575
- }, 'high');
576
- throw error;
577
- }
845
+ // Validate sandbox ID (will throw SecurityError if invalid)
846
+ const sanitizedSandboxId = sanitizeSandboxId(sandboxId);
578
847
 
579
848
  const isLocalhost = isLocalhostPattern(hostname);
580
849
 
@@ -586,28 +855,12 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
586
855
  // Use URL constructor for safe URL building
587
856
  try {
588
857
  const baseUrl = new URL(`http://${host}:${mainPort}`);
589
- // Construct subdomain safely
590
- const subdomainHost = `${port}-${sanitizedSandboxId}.${host}`;
858
+ // Construct subdomain safely with mandatory token
859
+ const subdomainHost = `${port}-${sanitizedSandboxId}-${token}.${host}`;
591
860
  baseUrl.hostname = subdomainHost;
592
861
 
593
- const finalUrl = baseUrl.toString();
594
-
595
- logSecurityEvent('PREVIEW_URL_CONSTRUCTED', {
596
- port,
597
- sandboxId: sanitizedSandboxId,
598
- hostname,
599
- resultUrl: finalUrl,
600
- environment: 'localhost'
601
- }, 'low');
602
-
603
- return finalUrl;
862
+ return baseUrl.toString();
604
863
  } catch (error) {
605
- logSecurityEvent('URL_CONSTRUCTION_FAILED', {
606
- port,
607
- sandboxId: sanitizedSandboxId,
608
- hostname,
609
- error: error instanceof Error ? error.message : 'Unknown error'
610
- }, 'high');
611
864
  throw new SecurityError(`Failed to construct preview URL: ${error instanceof Error ? error.message : 'Unknown error'}`);
612
865
  }
613
866
  }
@@ -618,29 +871,143 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
618
871
  const protocol = "https";
619
872
  const baseUrl = new URL(`${protocol}://${hostname}`);
620
873
 
621
- // Construct subdomain safely
622
- const subdomainHost = `${port}-${sanitizedSandboxId}.${hostname}`;
874
+ // Construct subdomain safely with mandatory token
875
+ const subdomainHost = `${port}-${sanitizedSandboxId}-${token}.${hostname}`;
623
876
  baseUrl.hostname = subdomainHost;
624
877
 
625
- const finalUrl = baseUrl.toString();
626
-
627
- logSecurityEvent('PREVIEW_URL_CONSTRUCTED', {
628
- port,
629
- sandboxId: sanitizedSandboxId,
630
- hostname,
631
- resultUrl: finalUrl,
632
- environment: 'production'
633
- }, 'low');
634
-
635
- return finalUrl;
878
+ return baseUrl.toString();
636
879
  } catch (error) {
637
- logSecurityEvent('URL_CONSTRUCTION_FAILED', {
638
- port,
639
- sandboxId: sanitizedSandboxId,
640
- hostname,
641
- error: error instanceof Error ? error.message : 'Unknown error'
642
- }, 'high');
643
880
  throw new SecurityError(`Failed to construct preview URL: ${error instanceof Error ? error.message : 'Unknown error'}`);
644
881
  }
645
882
  }
883
+
884
+ // ============================================================================
885
+ // Session Management - Advanced Use Cases
886
+ // ============================================================================
887
+
888
+ /**
889
+ * Create isolated execution session for advanced use cases
890
+ * Returns ExecutionSession with full sandbox API bound to specific session
891
+ */
892
+ async createSession(options?: SessionOptions): Promise<ExecutionSession> {
893
+ const sessionId = options?.id || `session-${Date.now()}`;
894
+
895
+ // Create session in container
896
+ await this.client.utils.createSession({
897
+ id: sessionId,
898
+ env: options?.env,
899
+ cwd: options?.cwd,
900
+ });
901
+
902
+ // Return wrapper that binds sessionId to all operations
903
+ return this.getSessionWrapper(sessionId);
904
+ }
905
+
906
+ /**
907
+ * Get an existing session by ID
908
+ * Returns ExecutionSession wrapper bound to the specified session
909
+ *
910
+ * This is useful for retrieving sessions across different requests/contexts
911
+ * without storing the ExecutionSession object (which has RPC lifecycle limitations)
912
+ *
913
+ * @param sessionId - The ID of an existing session
914
+ * @returns ExecutionSession wrapper bound to the session
915
+ */
916
+ async getSession(sessionId: string): Promise<ExecutionSession> {
917
+ // No need to verify session exists in container - operations will fail naturally if it doesn't
918
+ return this.getSessionWrapper(sessionId);
919
+ }
920
+
921
+ /**
922
+ * Internal helper to create ExecutionSession wrapper for a given sessionId
923
+ * Used by both createSession and getSession
924
+ */
925
+ private getSessionWrapper(sessionId: string): ExecutionSession {
926
+ return {
927
+ id: sessionId,
928
+
929
+ // Command execution - delegate to internal session-aware methods
930
+ exec: (command, options) => this.execWithSession(command, sessionId, options),
931
+ execStream: (command, options) => this.execStreamWithSession(command, sessionId, options),
932
+
933
+ // Process management
934
+ startProcess: (command, options) => this.startProcess(command, options, sessionId),
935
+ listProcesses: () => this.listProcesses(sessionId),
936
+ getProcess: (id) => this.getProcess(id, sessionId),
937
+ killProcess: (id, signal) => this.killProcess(id, signal),
938
+ killAllProcesses: () => this.killAllProcesses(),
939
+ cleanupCompletedProcesses: () => this.cleanupCompletedProcesses(),
940
+ getProcessLogs: (id) => this.getProcessLogs(id),
941
+ streamProcessLogs: (processId, options) => this.streamProcessLogs(processId, options),
942
+
943
+ // File operations - pass sessionId via options or parameter
944
+ writeFile: (path, content, options) => this.writeFile(path, content, { ...options, sessionId }),
945
+ readFile: (path, options) => this.readFile(path, { ...options, sessionId }),
946
+ readFileStream: (path) => this.readFileStream(path, { sessionId }),
947
+ mkdir: (path, options) => this.mkdir(path, { ...options, sessionId }),
948
+ deleteFile: (path) => this.deleteFile(path, sessionId),
949
+ renameFile: (oldPath, newPath) => this.renameFile(oldPath, newPath, sessionId),
950
+ moveFile: (sourcePath, destPath) => this.moveFile(sourcePath, destPath, sessionId),
951
+ listFiles: (path, options) => this.client.files.listFiles(path, sessionId, options),
952
+ exists: (path) => this.exists(path, sessionId),
953
+
954
+ // Git operations
955
+ gitCheckout: (repoUrl, options) => this.gitCheckout(repoUrl, { ...options, sessionId }),
956
+
957
+ // Environment management - needs special handling
958
+ setEnvVars: async (envVars: Record<string, string>) => {
959
+ try {
960
+ // Set environment variables by executing export commands
961
+ for (const [key, value] of Object.entries(envVars)) {
962
+ const escapedValue = value.replace(/'/g, "'\\''");
963
+ const exportCommand = `export ${key}='${escapedValue}'`;
964
+
965
+ const result = await this.client.commands.execute(exportCommand, sessionId);
966
+
967
+ if (result.exitCode !== 0) {
968
+ throw new Error(`Failed to set ${key}: ${result.stderr || 'Unknown error'}`);
969
+ }
970
+ }
971
+ } catch (error) {
972
+ this.logger.error('Failed to set environment variables', error instanceof Error ? error : new Error(String(error)), { sessionId });
973
+ throw error;
974
+ }
975
+ },
976
+
977
+ // Code interpreter methods - delegate to sandbox's code interpreter
978
+ createCodeContext: (options) => this.codeInterpreter.createCodeContext(options),
979
+ runCode: async (code, options) => {
980
+ const execution = await this.codeInterpreter.runCode(code, options);
981
+ return execution.toJSON();
982
+ },
983
+ runCodeStream: (code, options) => this.codeInterpreter.runCodeStream(code, options),
984
+ listCodeContexts: () => this.codeInterpreter.listCodeContexts(),
985
+ deleteCodeContext: (contextId) => this.codeInterpreter.deleteCodeContext(contextId),
986
+ };
987
+ }
988
+
989
+ // ============================================================================
990
+ // Code interpreter methods - delegate to CodeInterpreter wrapper
991
+ // ============================================================================
992
+
993
+ async createCodeContext(options?: CreateContextOptions): Promise<CodeContext> {
994
+ return this.codeInterpreter.createCodeContext(options);
995
+ }
996
+
997
+ async runCode(code: string, options?: RunCodeOptions): Promise<ExecutionResult> {
998
+ const execution = await this.codeInterpreter.runCode(code, options);
999
+ return execution.toJSON();
1000
+ }
1001
+
1002
+ async runCodeStream(code: string, options?: RunCodeOptions): Promise<ReadableStream> {
1003
+ return this.codeInterpreter.runCodeStream(code, options);
1004
+ }
1005
+
1006
+ async listCodeContexts(): Promise<CodeContext[]> {
1007
+ return this.codeInterpreter.listCodeContexts();
1008
+ }
1009
+
1010
+ async deleteCodeContext(contextId: string): Promise<void> {
1011
+ return this.codeInterpreter.deleteCodeContext(contextId);
1012
+ }
646
1013
  }