@cloudflare/sandbox 0.0.0-73ac314 → 0.0.0-75de276

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. package/CHANGELOG.md +296 -0
  2. package/Dockerfile +176 -79
  3. package/README.md +154 -50
  4. package/dist/index.d.ts +1953 -0
  5. package/dist/index.d.ts.map +1 -0
  6. package/dist/index.js +3280 -0
  7. package/dist/index.js.map +1 -0
  8. package/package.json +16 -12
  9. package/src/clients/base-client.ts +295 -0
  10. package/src/clients/command-client.ts +115 -0
  11. package/src/clients/file-client.ts +300 -0
  12. package/src/clients/git-client.ts +98 -0
  13. package/src/clients/index.ts +64 -0
  14. package/src/clients/interpreter-client.ts +333 -0
  15. package/src/clients/port-client.ts +105 -0
  16. package/src/clients/process-client.ts +180 -0
  17. package/src/clients/sandbox-client.ts +39 -0
  18. package/src/clients/types.ts +88 -0
  19. package/src/clients/utility-client.ts +156 -0
  20. package/src/errors/adapter.ts +238 -0
  21. package/src/errors/classes.ts +594 -0
  22. package/src/errors/index.ts +109 -0
  23. package/src/file-stream.ts +169 -0
  24. package/src/index.ts +99 -9
  25. package/src/interpreter.ts +168 -0
  26. package/src/request-handler.ts +119 -31
  27. package/src/sandbox.ts +1145 -135
  28. package/src/security.ts +119 -0
  29. package/src/sse-parser.ts +144 -0
  30. package/src/version.ts +6 -0
  31. package/startup.sh +3 -0
  32. package/tests/base-client.test.ts +364 -0
  33. package/tests/command-client.test.ts +444 -0
  34. package/tests/file-client.test.ts +831 -0
  35. package/tests/file-stream.test.ts +310 -0
  36. package/tests/get-sandbox.test.ts +149 -0
  37. package/tests/git-client.test.ts +487 -0
  38. package/tests/port-client.test.ts +293 -0
  39. package/tests/process-client.test.ts +683 -0
  40. package/tests/request-handler.test.ts +292 -0
  41. package/tests/sandbox.test.ts +739 -0
  42. package/tests/sse-parser.test.ts +291 -0
  43. package/tests/utility-client.test.ts +339 -0
  44. package/tests/version.test.ts +16 -0
  45. package/tests/wrangler.jsonc +35 -0
  46. package/tsconfig.json +9 -1
  47. package/tsdown.config.ts +12 -0
  48. package/vitest.config.ts +31 -0
  49. package/container_src/index.ts +0 -3196
  50. package/container_src/package.json +0 -9
  51. package/src/client.ts +0 -2089
  52. package/tests/client.example.ts +0 -308
  53. package/tests/connection-test.ts +0 -81
  54. package/tests/simple-test.ts +0 -81
  55. package/tests/test1.ts +0 -281
  56. package/tests/test2.ts +0 -929
package/src/sandbox.ts CHANGED
@@ -1,48 +1,135 @@
1
- import { Container, getContainer } from "@cloudflare/containers";
2
- import { HttpClient } from "./client";
3
- import { isLocalhostPattern } from "./request-handler";
1
+ import type { DurableObject } from 'cloudflare:workers';
2
+ import { Container, getContainer, switchPort } from '@cloudflare/containers';
3
+ import type {
4
+ CodeContext,
5
+ CreateContextOptions,
6
+ ExecEvent,
7
+ ExecOptions,
8
+ ExecResult,
9
+ ExecutionResult,
10
+ ExecutionSession,
11
+ ISandbox,
12
+ Process,
13
+ ProcessOptions,
14
+ ProcessStatus,
15
+ RunCodeOptions,
16
+ SandboxOptions,
17
+ SessionOptions,
18
+ StreamOptions
19
+ } from '@repo/shared';
20
+ import {
21
+ createLogger,
22
+ runWithLogger,
23
+ type SessionDeleteResult,
24
+ TraceContext
25
+ } from '@repo/shared';
26
+ import { type ExecuteResponse, SandboxClient } from './clients';
27
+ import type { ErrorResponse } from './errors';
28
+ import { CustomDomainRequiredError, ErrorCode } from './errors';
29
+ import { CodeInterpreter } from './interpreter';
30
+ import { isLocalhostPattern } from './request-handler';
31
+ import { SecurityError, sanitizeSandboxId, validatePort } from './security';
32
+ import { parseSSEStream } from './sse-parser';
33
+ import { SDK_VERSION } from './version';
4
34
 
5
- export function getSandbox(ns: DurableObjectNamespace<Sandbox>, id: string) {
6
- const stub = getContainer(ns, id);
35
+ export function getSandbox(
36
+ ns: DurableObjectNamespace<Sandbox>,
37
+ id: string,
38
+ options?: SandboxOptions
39
+ ): Sandbox {
40
+ const stub = getContainer(ns, id) as unknown as Sandbox;
7
41
 
8
42
  // Store the name on first access
9
43
  stub.setSandboxName?.(id);
10
44
 
11
- return stub;
45
+ if (options?.baseUrl) {
46
+ stub.setBaseUrl(options.baseUrl);
47
+ }
48
+
49
+ if (options?.sleepAfter !== undefined) {
50
+ stub.setSleepAfter(options.sleepAfter);
51
+ }
52
+
53
+ if (options?.keepAlive !== undefined) {
54
+ stub.setKeepAlive(options.keepAlive);
55
+ }
56
+
57
+ return Object.assign(stub, {
58
+ wsConnect: connect(stub)
59
+ });
60
+ }
61
+
62
+ export function connect(stub: {
63
+ fetch: (request: Request) => Promise<Response>;
64
+ }) {
65
+ return async (request: Request, port: number) => {
66
+ // Validate port before routing
67
+ if (!validatePort(port)) {
68
+ throw new SecurityError(
69
+ `Invalid or restricted port: ${port}. Ports must be in range 1024-65535 and not reserved.`
70
+ );
71
+ }
72
+ const portSwitchedRequest = switchPort(request, port);
73
+ return await stub.fetch(portSwitchedRequest);
74
+ };
12
75
  }
13
76
 
14
- export class Sandbox<Env = unknown> extends Container<Env> {
15
- sleepAfter = "3m"; // Sleep the sandbox if no requests are made in this timeframe
16
- client: HttpClient;
17
- private workerHostname: string | null = null;
77
+ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
78
+ defaultPort = 3000; // Default port for the container's Bun server
79
+ sleepAfter: string | number = '10m'; // Sleep the sandbox if no requests are made in this timeframe
80
+
81
+ client: SandboxClient;
82
+ private codeInterpreter: CodeInterpreter;
18
83
  private sandboxName: string | null = null;
84
+ private baseUrl: string | null = null;
85
+ private portTokens: Map<number, string> = new Map();
86
+ private defaultSession: string | null = null;
87
+ envVars: Record<string, string> = {};
88
+ private logger: ReturnType<typeof createLogger>;
89
+ private keepAliveEnabled: boolean = false;
19
90
 
20
- constructor(ctx: DurableObjectState, env: Env) {
91
+ constructor(ctx: DurableObjectState<{}>, env: Env) {
21
92
  super(ctx, env);
22
- this.client = new HttpClient({
23
- onCommandComplete: (success, exitCode, _stdout, _stderr, command, _args) => {
24
- console.log(
25
- `[Container] Command completed: ${command}, Success: ${success}, Exit code: ${exitCode}`
26
- );
27
- },
28
- onCommandStart: (command, args) => {
29
- console.log(
30
- `[Container] Command started: ${command} ${args.join(" ")}`
31
- );
32
- },
33
- onError: (error, _command, _args) => {
34
- console.error(`[Container] Command error: ${error}`);
35
- },
36
- onOutput: (stream, data, _command) => {
37
- console.log(`[Container] [${stream}] ${data}`);
38
- },
93
+
94
+ const envObj = env as any;
95
+ // Set sandbox environment variables from env object
96
+ const sandboxEnvKeys = ['SANDBOX_LOG_LEVEL', 'SANDBOX_LOG_FORMAT'] as const;
97
+ sandboxEnvKeys.forEach((key) => {
98
+ if (envObj?.[key]) {
99
+ this.envVars[key] = envObj[key];
100
+ }
101
+ });
102
+
103
+ this.logger = createLogger({
104
+ component: 'sandbox-do',
105
+ sandboxId: this.ctx.id.toString()
106
+ });
107
+
108
+ this.client = new SandboxClient({
109
+ logger: this.logger,
39
110
  port: 3000, // Control plane port
40
- stub: this,
111
+ stub: this
41
112
  });
42
113
 
43
- // Load the sandbox name from storage on initialization
114
+ // Initialize code interpreter - pass 'this' after client is ready
115
+ // The CodeInterpreter extracts client.interpreter from the sandbox
116
+ this.codeInterpreter = new CodeInterpreter(this);
117
+
118
+ // Load the sandbox name, port tokens, and default session from storage on initialization
44
119
  this.ctx.blockConcurrencyWhile(async () => {
45
- this.sandboxName = await this.ctx.storage.get<string>('sandboxName') || null;
120
+ this.sandboxName =
121
+ (await this.ctx.storage.get<string>('sandboxName')) || null;
122
+ this.defaultSession =
123
+ (await this.ctx.storage.get<string>('defaultSession')) || null;
124
+ const storedTokens =
125
+ (await this.ctx.storage.get<Record<string, string>>('portTokens')) ||
126
+ {};
127
+
128
+ // Convert stored tokens back to Map
129
+ this.portTokens = new Map();
130
+ for (const [portStr, token] of Object.entries(storedTokens)) {
131
+ this.portTokens.set(parseInt(portStr, 10), token);
132
+ }
46
133
  });
47
134
  }
48
135
 
@@ -51,61 +138,226 @@ export class Sandbox<Env = unknown> extends Container<Env> {
51
138
  if (!this.sandboxName) {
52
139
  this.sandboxName = name;
53
140
  await this.ctx.storage.put('sandboxName', name);
54
- console.log(`[Sandbox] Stored sandbox name via RPC: ${name}`);
141
+ }
142
+ }
143
+
144
+ // RPC method to set the base URL
145
+ async setBaseUrl(baseUrl: string): Promise<void> {
146
+ if (!this.baseUrl) {
147
+ this.baseUrl = baseUrl;
148
+ await this.ctx.storage.put('baseUrl', baseUrl);
149
+ } else {
150
+ if (this.baseUrl !== baseUrl) {
151
+ throw new Error(
152
+ 'Base URL already set and different from one previously provided'
153
+ );
154
+ }
155
+ }
156
+ }
157
+
158
+ // RPC method to set the sleep timeout
159
+ async setSleepAfter(sleepAfter: string | number): Promise<void> {
160
+ this.sleepAfter = sleepAfter;
161
+ }
162
+
163
+ // RPC method to enable keepAlive mode
164
+ async setKeepAlive(keepAlive: boolean): Promise<void> {
165
+ this.keepAliveEnabled = keepAlive;
166
+ if (keepAlive) {
167
+ this.logger.info(
168
+ 'KeepAlive mode enabled - container will stay alive until explicitly destroyed'
169
+ );
170
+ } else {
171
+ this.logger.info(
172
+ 'KeepAlive mode disabled - container will timeout normally'
173
+ );
55
174
  }
56
175
  }
57
176
 
58
177
  // RPC method to set environment variables
59
178
  async setEnvVars(envVars: Record<string, string>): Promise<void> {
179
+ // Update local state for new sessions
60
180
  this.envVars = { ...this.envVars, ...envVars };
61
- console.log(`[Sandbox] Updated environment variables`);
181
+
182
+ // If default session already exists, update it directly
183
+ if (this.defaultSession) {
184
+ // Set environment variables by executing export commands in the existing session
185
+ for (const [key, value] of Object.entries(envVars)) {
186
+ const escapedValue = value.replace(/'/g, "'\\''");
187
+ const exportCommand = `export ${key}='${escapedValue}'`;
188
+
189
+ const result = await this.client.commands.execute(
190
+ exportCommand,
191
+ this.defaultSession
192
+ );
193
+
194
+ if (result.exitCode !== 0) {
195
+ throw new Error(
196
+ `Failed to set ${key}: ${result.stderr || 'Unknown error'}`
197
+ );
198
+ }
199
+ }
200
+ }
201
+ }
202
+
203
+ /**
204
+ * Cleanup and destroy the sandbox container
205
+ */
206
+ override async destroy(): Promise<void> {
207
+ this.logger.info('Destroying sandbox container');
208
+ await super.destroy();
62
209
  }
63
210
 
64
211
  override onStart() {
65
- console.log("Sandbox successfully started");
212
+ this.logger.debug('Sandbox started');
213
+
214
+ // Check version compatibility asynchronously (don't block startup)
215
+ this.checkVersionCompatibility().catch((error) => {
216
+ this.logger.error(
217
+ 'Version compatibility check failed',
218
+ error instanceof Error ? error : new Error(String(error))
219
+ );
220
+ });
66
221
  }
67
222
 
68
- override onStop() {
69
- console.log("Sandbox successfully shut down");
70
- if (this.client) {
71
- this.client.clearSession();
223
+ /**
224
+ * Check if the container version matches the SDK version
225
+ * Logs a warning if there's a mismatch
226
+ */
227
+ private async checkVersionCompatibility(): Promise<void> {
228
+ try {
229
+ // Get the SDK version (imported from version.ts)
230
+ const sdkVersion = SDK_VERSION;
231
+
232
+ // Get container version
233
+ const containerVersion = await this.client.utils.getVersion();
234
+
235
+ // If container version is unknown, it's likely an old container without the endpoint
236
+ if (containerVersion === 'unknown') {
237
+ this.logger.warn(
238
+ 'Container version check: Container version could not be determined. ' +
239
+ 'This may indicate an outdated container image. ' +
240
+ 'Please update your container to match SDK version ' +
241
+ sdkVersion
242
+ );
243
+ return;
244
+ }
245
+
246
+ // Check if versions match
247
+ if (containerVersion !== sdkVersion) {
248
+ const message =
249
+ `Version mismatch detected! SDK version (${sdkVersion}) does not match ` +
250
+ `container version (${containerVersion}). This may cause compatibility issues. ` +
251
+ `Please update your container image to version ${sdkVersion}`;
252
+
253
+ // Log warning - we can't reliably detect dev vs prod environment in Durable Objects
254
+ // so we always use warning level as requested by the user
255
+ this.logger.warn(message);
256
+ } else {
257
+ this.logger.debug('Version check passed', {
258
+ sdkVersion,
259
+ containerVersion
260
+ });
261
+ }
262
+ } catch (error) {
263
+ // Don't fail the sandbox initialization if version check fails
264
+ this.logger.debug('Version compatibility check encountered an error', {
265
+ error: error instanceof Error ? error.message : String(error)
266
+ });
72
267
  }
73
268
  }
74
269
 
270
+ override onStop() {
271
+ this.logger.debug('Sandbox stopped');
272
+ }
273
+
75
274
  override onError(error: unknown) {
76
- console.log("Sandbox error:", error);
275
+ this.logger.error(
276
+ 'Sandbox error',
277
+ error instanceof Error ? error : new Error(String(error))
278
+ );
77
279
  }
78
280
 
79
- // Override fetch to capture the hostname and route to appropriate ports
281
+ /**
282
+ * Override onActivityExpired to prevent automatic shutdown when keepAlive is enabled
283
+ * When keepAlive is disabled, calls parent implementation which stops the container
284
+ */
285
+ override async onActivityExpired(): Promise<void> {
286
+ if (this.keepAliveEnabled) {
287
+ this.logger.debug(
288
+ 'Activity expired but keepAlive is enabled - container will stay alive'
289
+ );
290
+ // Do nothing - don't call stop(), container stays alive
291
+ } else {
292
+ // Default behavior: stop the container
293
+ this.logger.debug('Activity expired - stopping container');
294
+ await super.onActivityExpired();
295
+ }
296
+ }
297
+
298
+ // Override fetch to route internal container requests to appropriate ports
80
299
  override async fetch(request: Request): Promise<Response> {
81
- const url = new URL(request.url);
300
+ // Extract or generate trace ID from request
301
+ const traceId =
302
+ TraceContext.fromHeaders(request.headers) || TraceContext.generate();
82
303
 
83
- // Capture the hostname from the first request
84
- if (!this.workerHostname) {
85
- this.workerHostname = url.hostname;
86
- console.log(`[Sandbox] Captured hostname: ${this.workerHostname}`);
87
- }
304
+ // Create request-specific logger with trace ID
305
+ const requestLogger = this.logger.child({ traceId, operation: 'fetch' });
88
306
 
89
- // Capture and store the sandbox name from the header if present
90
- if (!this.sandboxName && request.headers.has('X-Sandbox-Name')) {
91
- const name = request.headers.get('X-Sandbox-Name')!;
92
- this.sandboxName = name;
93
- await this.ctx.storage.put('sandboxName', name);
94
- console.log(`[Sandbox] Stored sandbox name: ${this.sandboxName}`);
95
- }
307
+ return await runWithLogger(requestLogger, async () => {
308
+ const url = new URL(request.url);
309
+
310
+ // Capture and store the sandbox name from the header if present
311
+ if (!this.sandboxName && request.headers.has('X-Sandbox-Name')) {
312
+ const name = request.headers.get('X-Sandbox-Name')!;
313
+ this.sandboxName = name;
314
+ await this.ctx.storage.put('sandboxName', name);
315
+ }
96
316
 
97
- // Determine which port to route to
98
- const port = this.determinePort(url);
317
+ // Detect WebSocket upgrade request (RFC 6455 compliant)
318
+ const upgradeHeader = request.headers.get('Upgrade');
319
+ const connectionHeader = request.headers.get('Connection');
320
+ const isWebSocket =
321
+ upgradeHeader?.toLowerCase() === 'websocket' &&
322
+ connectionHeader?.toLowerCase().includes('upgrade');
99
323
 
100
- // Route to the appropriate port
101
- return await this.containerFetch(request, port);
324
+ if (isWebSocket) {
325
+ // WebSocket path: Let parent Container class handle WebSocket proxying
326
+ // This bypasses containerFetch() which uses JSRPC and cannot handle WebSocket upgrades
327
+ try {
328
+ requestLogger.debug('WebSocket upgrade requested', {
329
+ path: url.pathname,
330
+ port: this.determinePort(url)
331
+ });
332
+ return await super.fetch(request);
333
+ } catch (error) {
334
+ requestLogger.error(
335
+ 'WebSocket connection failed',
336
+ error instanceof Error ? error : new Error(String(error)),
337
+ { path: url.pathname }
338
+ );
339
+ throw error;
340
+ }
341
+ }
342
+
343
+ // Non-WebSocket: Use existing port determination and HTTP routing logic
344
+ const port = this.determinePort(url);
345
+
346
+ // Route to the appropriate port
347
+ return await this.containerFetch(request, port);
348
+ });
349
+ }
350
+
351
+ wsConnect(request: Request, port: number): Promise<Response> {
352
+ // Dummy implementation that will be overridden by the stub
353
+ throw new Error('Not implemented here to avoid RPC serialization issues');
102
354
  }
103
355
 
104
356
  private determinePort(url: URL): number {
105
357
  // Extract port from proxy requests (e.g., /proxy/8080/*)
106
358
  const proxyMatch = url.pathname.match(/^\/proxy\/(\d+)/);
107
359
  if (proxyMatch) {
108
- return parseInt(proxyMatch[1]);
360
+ return parseInt(proxyMatch[1], 10);
109
361
  }
110
362
 
111
363
  // All other requests go to control plane on port 3000
@@ -113,146 +365,904 @@ export class Sandbox<Env = unknown> extends Container<Env> {
113
365
  return 3000;
114
366
  }
115
367
 
116
- async exec(command: string, args: string[], options?: { stream?: boolean; background?: boolean }) {
117
- if (options?.stream) {
118
- return this.client.executeStream(command, args, undefined, options?.background);
368
+ /**
369
+ * Ensure default session exists - lazy initialization
370
+ * This is called automatically by all public methods that need a session
371
+ *
372
+ * The session is persisted to Durable Object storage to survive hot reloads
373
+ * during development. If a session already exists in the container after reload,
374
+ * we reuse it instead of trying to create a new one.
375
+ */
376
+ private async ensureDefaultSession(): Promise<string> {
377
+ if (!this.defaultSession) {
378
+ const sessionId = `sandbox-${this.sandboxName || 'default'}`;
379
+
380
+ try {
381
+ // Try to create session in container
382
+ await this.client.utils.createSession({
383
+ id: sessionId,
384
+ env: this.envVars || {},
385
+ cwd: '/workspace'
386
+ });
387
+
388
+ this.defaultSession = sessionId;
389
+ // Persist to storage so it survives hot reloads
390
+ await this.ctx.storage.put('defaultSession', sessionId);
391
+ this.logger.debug('Default session initialized', { sessionId });
392
+ } catch (error: any) {
393
+ // If session already exists (e.g., after hot reload), reuse it
394
+ if (error?.message?.includes('already exists')) {
395
+ this.logger.debug('Reusing existing session after reload', {
396
+ sessionId
397
+ });
398
+ this.defaultSession = sessionId;
399
+ // Persist to storage in case it wasn't saved before
400
+ await this.ctx.storage.put('defaultSession', sessionId);
401
+ } else {
402
+ // Re-throw other errors
403
+ throw error;
404
+ }
405
+ }
406
+ }
407
+ return this.defaultSession;
408
+ }
409
+
410
+ // Enhanced exec method - always returns ExecResult with optional streaming
411
+ // This replaces the old exec method to match ISandbox interface
412
+ async exec(command: string, options?: ExecOptions): Promise<ExecResult> {
413
+ const session = await this.ensureDefaultSession();
414
+ return this.execWithSession(command, session, options);
415
+ }
416
+
417
+ /**
418
+ * Internal session-aware exec implementation
419
+ * Used by both public exec() and session wrappers
420
+ */
421
+ private async execWithSession(
422
+ command: string,
423
+ sessionId: string,
424
+ options?: ExecOptions
425
+ ): Promise<ExecResult> {
426
+ const startTime = Date.now();
427
+ const timestamp = new Date().toISOString();
428
+
429
+ let timeoutId: NodeJS.Timeout | undefined;
430
+
431
+ try {
432
+ // Handle cancellation
433
+ if (options?.signal?.aborted) {
434
+ throw new Error('Operation was aborted');
435
+ }
436
+
437
+ let result: ExecResult;
438
+
439
+ if (options?.stream && options?.onOutput) {
440
+ // Streaming with callbacks - we need to collect the final result
441
+ result = await this.executeWithStreaming(
442
+ command,
443
+ sessionId,
444
+ options,
445
+ startTime,
446
+ timestamp
447
+ );
448
+ } else {
449
+ // Regular execution with session
450
+ const response = await this.client.commands.execute(command, sessionId);
451
+
452
+ const duration = Date.now() - startTime;
453
+ result = this.mapExecuteResponseToExecResult(
454
+ response,
455
+ duration,
456
+ sessionId
457
+ );
458
+ }
459
+
460
+ // Call completion callback if provided
461
+ if (options?.onComplete) {
462
+ options.onComplete(result);
463
+ }
464
+
465
+ return result;
466
+ } catch (error) {
467
+ if (options?.onError && error instanceof Error) {
468
+ options.onError(error);
469
+ }
470
+ throw error;
471
+ } finally {
472
+ if (timeoutId) {
473
+ clearTimeout(timeoutId);
474
+ }
475
+ }
476
+ }
477
+
478
+ private async executeWithStreaming(
479
+ command: string,
480
+ sessionId: string,
481
+ options: ExecOptions,
482
+ startTime: number,
483
+ timestamp: string
484
+ ): Promise<ExecResult> {
485
+ let stdout = '';
486
+ let stderr = '';
487
+
488
+ try {
489
+ const stream = await this.client.commands.executeStream(
490
+ command,
491
+ sessionId
492
+ );
493
+
494
+ for await (const event of parseSSEStream<ExecEvent>(stream)) {
495
+ // Check for cancellation
496
+ if (options.signal?.aborted) {
497
+ throw new Error('Operation was aborted');
498
+ }
499
+
500
+ switch (event.type) {
501
+ case 'stdout':
502
+ case 'stderr':
503
+ if (event.data) {
504
+ // Update accumulated output
505
+ if (event.type === 'stdout') stdout += event.data;
506
+ if (event.type === 'stderr') stderr += event.data;
507
+
508
+ // Call user's callback
509
+ if (options.onOutput) {
510
+ options.onOutput(event.type, event.data);
511
+ }
512
+ }
513
+ break;
514
+
515
+ case 'complete': {
516
+ // Use result from complete event if available
517
+ const duration = Date.now() - startTime;
518
+ return {
519
+ success: (event.exitCode ?? 0) === 0,
520
+ exitCode: event.exitCode ?? 0,
521
+ stdout,
522
+ stderr,
523
+ command,
524
+ duration,
525
+ timestamp,
526
+ sessionId
527
+ };
528
+ }
529
+
530
+ case 'error':
531
+ throw new Error(event.data || 'Command execution failed');
532
+ }
533
+ }
534
+
535
+ // If we get here without a complete event, something went wrong
536
+ throw new Error('Stream ended without completion event');
537
+ } catch (error) {
538
+ if (options.signal?.aborted) {
539
+ throw new Error('Operation was aborted');
540
+ }
541
+ throw error;
542
+ }
543
+ }
544
+
545
+ private mapExecuteResponseToExecResult(
546
+ response: ExecuteResponse,
547
+ duration: number,
548
+ sessionId?: string
549
+ ): ExecResult {
550
+ return {
551
+ success: response.success,
552
+ exitCode: response.exitCode,
553
+ stdout: response.stdout,
554
+ stderr: response.stderr,
555
+ command: response.command,
556
+ duration,
557
+ timestamp: response.timestamp,
558
+ sessionId
559
+ };
560
+ }
561
+
562
+ /**
563
+ * Create a Process domain object from HTTP client DTO
564
+ * Centralizes process object creation with bound methods
565
+ * This eliminates duplication across startProcess, listProcesses, getProcess, and session wrappers
566
+ */
567
+ private createProcessFromDTO(
568
+ data: {
569
+ id: string;
570
+ pid?: number;
571
+ command: string;
572
+ status: ProcessStatus;
573
+ startTime: string | Date;
574
+ endTime?: string | Date;
575
+ exitCode?: number;
576
+ },
577
+ sessionId: string
578
+ ): Process {
579
+ return {
580
+ id: data.id,
581
+ pid: data.pid,
582
+ command: data.command,
583
+ status: data.status,
584
+ startTime:
585
+ typeof data.startTime === 'string'
586
+ ? new Date(data.startTime)
587
+ : data.startTime,
588
+ endTime: data.endTime
589
+ ? typeof data.endTime === 'string'
590
+ ? new Date(data.endTime)
591
+ : data.endTime
592
+ : undefined,
593
+ exitCode: data.exitCode,
594
+ sessionId,
595
+
596
+ kill: async (signal?: string) => {
597
+ await this.killProcess(data.id, signal);
598
+ },
599
+
600
+ getStatus: async () => {
601
+ const current = await this.getProcess(data.id);
602
+ return current?.status || 'error';
603
+ },
604
+
605
+ getLogs: async () => {
606
+ const logs = await this.getProcessLogs(data.id);
607
+ return { stdout: logs.stdout, stderr: logs.stderr };
608
+ }
609
+ };
610
+ }
611
+
612
+ // Background process management
613
+ async startProcess(
614
+ command: string,
615
+ options?: ProcessOptions,
616
+ sessionId?: string
617
+ ): Promise<Process> {
618
+ // Use the new HttpClient method to start the process
619
+ try {
620
+ const session = sessionId ?? (await this.ensureDefaultSession());
621
+ const response = await this.client.processes.startProcess(
622
+ command,
623
+ session,
624
+ {
625
+ processId: options?.processId
626
+ }
627
+ );
628
+
629
+ const processObj = this.createProcessFromDTO(
630
+ {
631
+ id: response.processId,
632
+ pid: response.pid,
633
+ command: response.command,
634
+ status: 'running' as ProcessStatus,
635
+ startTime: new Date(),
636
+ endTime: undefined,
637
+ exitCode: undefined
638
+ },
639
+ session
640
+ );
641
+
642
+ // Call onStart callback if provided
643
+ if (options?.onStart) {
644
+ options.onStart(processObj);
645
+ }
646
+
647
+ return processObj;
648
+ } catch (error) {
649
+ if (options?.onError && error instanceof Error) {
650
+ options.onError(error);
651
+ }
652
+
653
+ throw error;
119
654
  }
120
- return this.client.execute(command, args, undefined, options?.background);
655
+ }
656
+
657
+ async listProcesses(sessionId?: string): Promise<Process[]> {
658
+ const session = sessionId ?? (await this.ensureDefaultSession());
659
+ const response = await this.client.processes.listProcesses();
660
+
661
+ return response.processes.map((processData) =>
662
+ this.createProcessFromDTO(
663
+ {
664
+ id: processData.id,
665
+ pid: processData.pid,
666
+ command: processData.command,
667
+ status: processData.status,
668
+ startTime: processData.startTime,
669
+ endTime: processData.endTime,
670
+ exitCode: processData.exitCode
671
+ },
672
+ session
673
+ )
674
+ );
675
+ }
676
+
677
+ async getProcess(id: string, sessionId?: string): Promise<Process | null> {
678
+ const session = sessionId ?? (await this.ensureDefaultSession());
679
+ const response = await this.client.processes.getProcess(id);
680
+ if (!response.process) {
681
+ return null;
682
+ }
683
+
684
+ const processData = response.process;
685
+ return this.createProcessFromDTO(
686
+ {
687
+ id: processData.id,
688
+ pid: processData.pid,
689
+ command: processData.command,
690
+ status: processData.status,
691
+ startTime: processData.startTime,
692
+ endTime: processData.endTime,
693
+ exitCode: processData.exitCode
694
+ },
695
+ session
696
+ );
697
+ }
698
+
699
+ async killProcess(
700
+ id: string,
701
+ signal?: string,
702
+ sessionId?: string
703
+ ): Promise<void> {
704
+ // Note: signal parameter is not currently supported by the HttpClient implementation
705
+ // The HTTP client already throws properly typed errors, so we just let them propagate
706
+ await this.client.processes.killProcess(id);
707
+ }
708
+
709
+ async killAllProcesses(sessionId?: string): Promise<number> {
710
+ const response = await this.client.processes.killAllProcesses();
711
+ return response.cleanedCount;
712
+ }
713
+
714
+ async cleanupCompletedProcesses(sessionId?: string): Promise<number> {
715
+ // For now, this would need to be implemented as a container endpoint
716
+ // as we no longer maintain local process storage
717
+ // We'll return 0 as a placeholder until the container endpoint is added
718
+ return 0;
719
+ }
720
+
721
+ async getProcessLogs(
722
+ id: string,
723
+ sessionId?: string
724
+ ): Promise<{ stdout: string; stderr: string; processId: string }> {
725
+ // The HTTP client already throws properly typed errors, so we just let them propagate
726
+ const response = await this.client.processes.getProcessLogs(id);
727
+ return {
728
+ stdout: response.stdout,
729
+ stderr: response.stderr,
730
+ processId: response.processId
731
+ };
732
+ }
733
+
734
+ // Streaming methods - return ReadableStream for RPC compatibility
735
+ async execStream(
736
+ command: string,
737
+ options?: StreamOptions
738
+ ): Promise<ReadableStream<Uint8Array>> {
739
+ // Check for cancellation
740
+ if (options?.signal?.aborted) {
741
+ throw new Error('Operation was aborted');
742
+ }
743
+
744
+ const session = await this.ensureDefaultSession();
745
+ // Get the stream from CommandClient
746
+ return this.client.commands.executeStream(command, session);
747
+ }
748
+
749
+ /**
750
+ * Internal session-aware execStream implementation
751
+ */
752
+ private async execStreamWithSession(
753
+ command: string,
754
+ sessionId: string,
755
+ options?: StreamOptions
756
+ ): Promise<ReadableStream<Uint8Array>> {
757
+ // Check for cancellation
758
+ if (options?.signal?.aborted) {
759
+ throw new Error('Operation was aborted');
760
+ }
761
+
762
+ return this.client.commands.executeStream(command, sessionId);
763
+ }
764
+
765
+ /**
766
+ * Stream logs from a background process as a ReadableStream.
767
+ */
768
+ async streamProcessLogs(
769
+ processId: string,
770
+ options?: { signal?: AbortSignal }
771
+ ): Promise<ReadableStream<Uint8Array>> {
772
+ // Check for cancellation
773
+ if (options?.signal?.aborted) {
774
+ throw new Error('Operation was aborted');
775
+ }
776
+
777
+ return this.client.processes.streamProcessLogs(processId);
121
778
  }
122
779
 
123
780
  async gitCheckout(
124
781
  repoUrl: string,
125
- options: { branch?: string; targetDir?: string; stream?: boolean }
782
+ options: { branch?: string; targetDir?: string; sessionId?: string }
126
783
  ) {
127
- if (options?.stream) {
128
- return this.client.gitCheckoutStream(
129
- repoUrl,
130
- options.branch,
131
- options.targetDir
132
- );
133
- }
134
- return this.client.gitCheckout(repoUrl, options.branch, options.targetDir);
784
+ const session = options.sessionId ?? (await this.ensureDefaultSession());
785
+ return this.client.git.checkout(repoUrl, session, {
786
+ branch: options.branch,
787
+ targetDir: options.targetDir
788
+ });
135
789
  }
136
790
 
137
791
  async mkdir(
138
792
  path: string,
139
- options: { recursive?: boolean; stream?: boolean } = {}
793
+ options: { recursive?: boolean; sessionId?: string } = {}
140
794
  ) {
141
- if (options?.stream) {
142
- return this.client.mkdirStream(path, options.recursive);
143
- }
144
- return this.client.mkdir(path, options.recursive);
795
+ const session = options.sessionId ?? (await this.ensureDefaultSession());
796
+ return this.client.files.mkdir(path, session, {
797
+ recursive: options.recursive
798
+ });
145
799
  }
146
800
 
147
801
  async writeFile(
148
802
  path: string,
149
803
  content: string,
150
- options: { encoding?: string; stream?: boolean } = {}
804
+ options: { encoding?: string; sessionId?: string } = {}
151
805
  ) {
152
- if (options?.stream) {
153
- return this.client.writeFileStream(path, content, options.encoding);
154
- }
155
- return this.client.writeFile(path, content, options.encoding);
806
+ const session = options.sessionId ?? (await this.ensureDefaultSession());
807
+ return this.client.files.writeFile(path, content, session, {
808
+ encoding: options.encoding
809
+ });
156
810
  }
157
811
 
158
- async deleteFile(path: string, options: { stream?: boolean } = {}) {
159
- if (options?.stream) {
160
- return this.client.deleteFileStream(path);
161
- }
162
- return this.client.deleteFile(path);
812
+ async deleteFile(path: string, sessionId?: string) {
813
+ const session = sessionId ?? (await this.ensureDefaultSession());
814
+ return this.client.files.deleteFile(path, session);
163
815
  }
164
816
 
165
- async renameFile(
166
- oldPath: string,
167
- newPath: string,
168
- options: { stream?: boolean } = {}
169
- ) {
170
- if (options?.stream) {
171
- return this.client.renameFileStream(oldPath, newPath);
172
- }
173
- return this.client.renameFile(oldPath, newPath);
817
+ async renameFile(oldPath: string, newPath: string, sessionId?: string) {
818
+ const session = sessionId ?? (await this.ensureDefaultSession());
819
+ return this.client.files.renameFile(oldPath, newPath, session);
174
820
  }
175
821
 
176
822
  async moveFile(
177
823
  sourcePath: string,
178
824
  destinationPath: string,
179
- options: { stream?: boolean } = {}
825
+ sessionId?: string
180
826
  ) {
181
- if (options?.stream) {
182
- return this.client.moveFileStream(sourcePath, destinationPath);
183
- }
184
- return this.client.moveFile(sourcePath, destinationPath);
827
+ const session = sessionId ?? (await this.ensureDefaultSession());
828
+ return this.client.files.moveFile(sourcePath, destinationPath, session);
185
829
  }
186
830
 
187
831
  async readFile(
188
832
  path: string,
189
- options: { encoding?: string; stream?: boolean } = {}
833
+ options: { encoding?: string; sessionId?: string } = {}
190
834
  ) {
191
- if (options?.stream) {
192
- return this.client.readFileStream(path, options.encoding);
193
- }
194
- return this.client.readFile(path, options.encoding);
835
+ const session = options.sessionId ?? (await this.ensureDefaultSession());
836
+ return this.client.files.readFile(path, session, {
837
+ encoding: options.encoding
838
+ });
839
+ }
840
+
841
+ /**
842
+ * Stream a file from the sandbox using Server-Sent Events
843
+ * Returns a ReadableStream that can be consumed with streamFile() or collectFile() utilities
844
+ * @param path - Path to the file to stream
845
+ * @param options - Optional session ID
846
+ */
847
+ async readFileStream(
848
+ path: string,
849
+ options: { sessionId?: string } = {}
850
+ ): Promise<ReadableStream<Uint8Array>> {
851
+ const session = options.sessionId ?? (await this.ensureDefaultSession());
852
+ return this.client.files.readFileStream(path, session);
853
+ }
854
+
855
+ async listFiles(
856
+ path: string,
857
+ options?: { recursive?: boolean; includeHidden?: boolean }
858
+ ) {
859
+ const session = await this.ensureDefaultSession();
860
+ return this.client.files.listFiles(path, session, options);
861
+ }
862
+
863
+ async exists(path: string, sessionId?: string) {
864
+ const session = sessionId ?? (await this.ensureDefaultSession());
865
+ return this.client.files.exists(path, session);
195
866
  }
196
867
 
197
- async exposePort(port: number, options?: { name?: string }) {
198
- await this.client.exposePort(port, options?.name);
868
+ async exposePort(port: number, options: { name?: string; hostname: string }) {
869
+ // Check if hostname is workers.dev domain (doesn't support wildcard subdomains)
870
+ if (options.hostname.endsWith('.workers.dev')) {
871
+ const errorResponse: ErrorResponse = {
872
+ code: ErrorCode.CUSTOM_DOMAIN_REQUIRED,
873
+ message: `Port exposure requires a custom domain. .workers.dev domains do not support wildcard subdomains required for port proxying.`,
874
+ context: { originalError: options.hostname },
875
+ httpStatus: 400,
876
+ timestamp: new Date().toISOString()
877
+ };
878
+ throw new CustomDomainRequiredError(errorResponse);
879
+ }
880
+
881
+ const sessionId = await this.ensureDefaultSession();
882
+ await this.client.ports.exposePort(port, sessionId, options?.name);
199
883
 
200
884
  // We need the sandbox name to construct preview URLs
201
885
  if (!this.sandboxName) {
202
- throw new Error('Sandbox name not available. Ensure sandbox is accessed through getSandbox()');
886
+ throw new Error(
887
+ 'Sandbox name not available. Ensure sandbox is accessed through getSandbox()'
888
+ );
203
889
  }
204
890
 
205
- const hostname = this.getHostname();
206
- const url = this.constructPreviewUrl(port, this.sandboxName, hostname);
891
+ // Generate and store token for this port
892
+ const token = this.generatePortToken();
893
+ this.portTokens.set(port, token);
894
+ await this.persistPortTokens();
895
+
896
+ const url = this.constructPreviewUrl(
897
+ port,
898
+ this.sandboxName,
899
+ options.hostname,
900
+ token
901
+ );
207
902
 
208
903
  return {
209
904
  url,
210
905
  port,
211
- name: options?.name,
906
+ name: options?.name
212
907
  };
213
908
  }
214
909
 
215
910
  async unexposePort(port: number) {
216
- await this.client.unexposePort(port);
911
+ if (!validatePort(port)) {
912
+ throw new SecurityError(
913
+ `Invalid port number: ${port}. Must be between 1024-65535 and not reserved.`
914
+ );
915
+ }
916
+
917
+ const sessionId = await this.ensureDefaultSession();
918
+ await this.client.ports.unexposePort(port, sessionId);
919
+
920
+ // Clean up token for this port
921
+ if (this.portTokens.has(port)) {
922
+ this.portTokens.delete(port);
923
+ await this.persistPortTokens();
924
+ }
217
925
  }
218
926
 
219
- async getExposedPorts() {
220
- const response = await this.client.getExposedPorts();
927
+ async getExposedPorts(hostname: string) {
928
+ const sessionId = await this.ensureDefaultSession();
929
+ const response = await this.client.ports.getExposedPorts(sessionId);
221
930
 
222
931
  // We need the sandbox name to construct preview URLs
223
932
  if (!this.sandboxName) {
224
- throw new Error('Sandbox name not available. Ensure sandbox is accessed through getSandbox()');
933
+ throw new Error(
934
+ 'Sandbox name not available. Ensure sandbox is accessed through getSandbox()'
935
+ );
936
+ }
937
+
938
+ return response.ports.map((port) => {
939
+ // Get token for this port - must exist for all exposed ports
940
+ const token = this.portTokens.get(port.port);
941
+ if (!token) {
942
+ throw new Error(
943
+ `Port ${port.port} is exposed but has no token. This should not happen.`
944
+ );
945
+ }
946
+
947
+ return {
948
+ url: this.constructPreviewUrl(
949
+ port.port,
950
+ this.sandboxName!,
951
+ hostname,
952
+ token
953
+ ),
954
+ port: port.port,
955
+ status: port.status
956
+ };
957
+ });
958
+ }
959
+
960
+ async isPortExposed(port: number): Promise<boolean> {
961
+ try {
962
+ const sessionId = await this.ensureDefaultSession();
963
+ const response = await this.client.ports.getExposedPorts(sessionId);
964
+ return response.ports.some((exposedPort) => exposedPort.port === port);
965
+ } catch (error) {
966
+ this.logger.error(
967
+ 'Error checking if port is exposed',
968
+ error instanceof Error ? error : new Error(String(error)),
969
+ { port }
970
+ );
971
+ return false;
972
+ }
973
+ }
974
+
975
+ async validatePortToken(port: number, token: string): Promise<boolean> {
976
+ // First check if port is exposed
977
+ const isExposed = await this.isPortExposed(port);
978
+ if (!isExposed) {
979
+ return false;
225
980
  }
226
981
 
227
- const hostname = this.getHostname();
982
+ // Get stored token for this port - must exist for all exposed ports
983
+ const storedToken = this.portTokens.get(port);
984
+ if (!storedToken) {
985
+ // This should not happen - all exposed ports must have tokens
986
+ this.logger.error(
987
+ 'Port is exposed but has no token - bug detected',
988
+ undefined,
989
+ { port }
990
+ );
991
+ return false;
992
+ }
993
+
994
+ // Constant-time comparison to prevent timing attacks
995
+ return storedToken === token;
996
+ }
997
+
998
+ private generatePortToken(): string {
999
+ // Generate cryptographically secure 16-character token using Web Crypto API
1000
+ // Available in Cloudflare Workers runtime
1001
+ const array = new Uint8Array(12); // 12 bytes = 16 base64url chars (after padding removal)
1002
+ crypto.getRandomValues(array);
228
1003
 
229
- return response.ports.map(port => ({
230
- url: this.constructPreviewUrl(port.port, this.sandboxName!, hostname),
231
- port: port.port,
232
- name: port.name,
233
- exposedAt: port.exposedAt,
234
- }));
1004
+ // Convert to base64url format (URL-safe, no padding, lowercase)
1005
+ const base64 = btoa(String.fromCharCode(...array));
1006
+ return base64
1007
+ .replace(/\+/g, '-')
1008
+ .replace(/\//g, '_')
1009
+ .replace(/=/g, '')
1010
+ .toLowerCase();
235
1011
  }
236
1012
 
237
- private getHostname(): string {
238
- // Use the captured hostname or fall back to localhost for development
239
- return this.workerHostname || "localhost:8787";
1013
+ private async persistPortTokens(): Promise<void> {
1014
+ // Convert Map to plain object for storage
1015
+ const tokensObj: Record<string, string> = {};
1016
+ for (const [port, token] of this.portTokens.entries()) {
1017
+ tokensObj[port.toString()] = token;
1018
+ }
1019
+ await this.ctx.storage.put('portTokens', tokensObj);
240
1020
  }
241
1021
 
242
- private constructPreviewUrl(port: number, sandboxId: string, hostname: string): string {
243
- // Check if this is a localhost pattern
1022
+ private constructPreviewUrl(
1023
+ port: number,
1024
+ sandboxId: string,
1025
+ hostname: string,
1026
+ token: string
1027
+ ): string {
1028
+ if (!validatePort(port)) {
1029
+ throw new SecurityError(
1030
+ `Invalid port number: ${port}. Must be between 1024-65535 and not reserved.`
1031
+ );
1032
+ }
1033
+
1034
+ // Validate sandbox ID (will throw SecurityError if invalid)
1035
+ const sanitizedSandboxId = sanitizeSandboxId(sandboxId);
1036
+
244
1037
  const isLocalhost = isLocalhostPattern(hostname);
245
1038
 
246
1039
  if (isLocalhost) {
247
- // For local development, we need to use a different approach
248
- // Since subdomains don't work with localhost, we'll use the base URL
249
- // with a note that the user needs to handle routing differently
250
- return `http://${hostname}/preview/${port}/${sandboxId}`;
1040
+ // Unified subdomain approach for localhost (RFC 6761)
1041
+ const [host, portStr] = hostname.split(':');
1042
+ const mainPort = portStr || '80';
1043
+
1044
+ // Use URL constructor for safe URL building
1045
+ try {
1046
+ const baseUrl = new URL(`http://${host}:${mainPort}`);
1047
+ // Construct subdomain safely with mandatory token
1048
+ const subdomainHost = `${port}-${sanitizedSandboxId}-${token}.${host}`;
1049
+ baseUrl.hostname = subdomainHost;
1050
+
1051
+ return baseUrl.toString();
1052
+ } catch (error) {
1053
+ throw new SecurityError(
1054
+ `Failed to construct preview URL: ${
1055
+ error instanceof Error ? error.message : 'Unknown error'
1056
+ }`
1057
+ );
1058
+ }
1059
+ }
1060
+
1061
+ // Production subdomain logic - enforce HTTPS
1062
+ try {
1063
+ // Always use HTTPS for production (non-localhost)
1064
+ const protocol = 'https';
1065
+ const baseUrl = new URL(`${protocol}://${hostname}`);
1066
+
1067
+ // Construct subdomain safely with mandatory token
1068
+ const subdomainHost = `${port}-${sanitizedSandboxId}-${token}.${hostname}`;
1069
+ baseUrl.hostname = subdomainHost;
1070
+
1071
+ return baseUrl.toString();
1072
+ } catch (error) {
1073
+ throw new SecurityError(
1074
+ `Failed to construct preview URL: ${
1075
+ error instanceof Error ? error.message : 'Unknown error'
1076
+ }`
1077
+ );
1078
+ }
1079
+ }
1080
+
1081
+ // ============================================================================
1082
+ // Session Management - Advanced Use Cases
1083
+ // ============================================================================
1084
+
1085
+ /**
1086
+ * Create isolated execution session for advanced use cases
1087
+ * Returns ExecutionSession with full sandbox API bound to specific session
1088
+ */
1089
+ async createSession(options?: SessionOptions): Promise<ExecutionSession> {
1090
+ const sessionId = options?.id || `session-${Date.now()}`;
1091
+
1092
+ // Create session in container
1093
+ await this.client.utils.createSession({
1094
+ id: sessionId,
1095
+ env: options?.env,
1096
+ cwd: options?.cwd
1097
+ });
1098
+
1099
+ // Return wrapper that binds sessionId to all operations
1100
+ return this.getSessionWrapper(sessionId);
1101
+ }
1102
+
1103
+ /**
1104
+ * Get an existing session by ID
1105
+ * Returns ExecutionSession wrapper bound to the specified session
1106
+ *
1107
+ * This is useful for retrieving sessions across different requests/contexts
1108
+ * without storing the ExecutionSession object (which has RPC lifecycle limitations)
1109
+ *
1110
+ * @param sessionId - The ID of an existing session
1111
+ * @returns ExecutionSession wrapper bound to the session
1112
+ */
1113
+ async getSession(sessionId: string): Promise<ExecutionSession> {
1114
+ // No need to verify session exists in container - operations will fail naturally if it doesn't
1115
+ return this.getSessionWrapper(sessionId);
1116
+ }
1117
+
1118
+ /**
1119
+ * Delete an execution session
1120
+ * Cleans up session resources and removes it from the container
1121
+ * Note: Cannot delete the default session. To reset the default session,
1122
+ * use sandbox.destroy() to terminate the entire sandbox.
1123
+ *
1124
+ * @param sessionId - The ID of the session to delete
1125
+ * @returns Result with success status, sessionId, and timestamp
1126
+ * @throws Error if attempting to delete the default session
1127
+ */
1128
+ async deleteSession(sessionId: string): Promise<SessionDeleteResult> {
1129
+ // Prevent deletion of default session
1130
+ if (this.defaultSession && sessionId === this.defaultSession) {
1131
+ throw new Error(
1132
+ `Cannot delete default session '${sessionId}'. Use sandbox.destroy() to terminate the sandbox.`
1133
+ );
251
1134
  }
252
1135
 
253
- // For all other domains (workers.dev, custom domains, etc.)
254
- // Use subdomain-based routing pattern
255
- const protocol = hostname.includes(":") ? "http" : "https";
256
- return `${protocol}://${port}-${sandboxId}.${hostname}`;
1136
+ const response = await this.client.utils.deleteSession(sessionId);
1137
+
1138
+ // Map HTTP response to result type
1139
+ return {
1140
+ success: response.success,
1141
+ sessionId: response.sessionId,
1142
+ timestamp: response.timestamp
1143
+ };
1144
+ }
1145
+
1146
+ /**
1147
+ * Internal helper to create ExecutionSession wrapper for a given sessionId
1148
+ * Used by both createSession and getSession
1149
+ */
1150
+ private getSessionWrapper(sessionId: string): ExecutionSession {
1151
+ return {
1152
+ id: sessionId,
1153
+
1154
+ // Command execution - delegate to internal session-aware methods
1155
+ exec: (command, options) =>
1156
+ this.execWithSession(command, sessionId, options),
1157
+ execStream: (command, options) =>
1158
+ this.execStreamWithSession(command, sessionId, options),
1159
+
1160
+ // Process management
1161
+ startProcess: (command, options) =>
1162
+ this.startProcess(command, options, sessionId),
1163
+ listProcesses: () => this.listProcesses(sessionId),
1164
+ getProcess: (id) => this.getProcess(id, sessionId),
1165
+ killProcess: (id, signal) => this.killProcess(id, signal),
1166
+ killAllProcesses: () => this.killAllProcesses(),
1167
+ cleanupCompletedProcesses: () => this.cleanupCompletedProcesses(),
1168
+ getProcessLogs: (id) => this.getProcessLogs(id),
1169
+ streamProcessLogs: (processId, options) =>
1170
+ this.streamProcessLogs(processId, options),
1171
+
1172
+ // File operations - pass sessionId via options or parameter
1173
+ writeFile: (path, content, options) =>
1174
+ this.writeFile(path, content, { ...options, sessionId }),
1175
+ readFile: (path, options) =>
1176
+ this.readFile(path, { ...options, sessionId }),
1177
+ readFileStream: (path) => this.readFileStream(path, { sessionId }),
1178
+ mkdir: (path, options) => this.mkdir(path, { ...options, sessionId }),
1179
+ deleteFile: (path) => this.deleteFile(path, sessionId),
1180
+ renameFile: (oldPath, newPath) =>
1181
+ this.renameFile(oldPath, newPath, sessionId),
1182
+ moveFile: (sourcePath, destPath) =>
1183
+ this.moveFile(sourcePath, destPath, sessionId),
1184
+ listFiles: (path, options) =>
1185
+ this.client.files.listFiles(path, sessionId, options),
1186
+ exists: (path) => this.exists(path, sessionId),
1187
+
1188
+ // Git operations
1189
+ gitCheckout: (repoUrl, options) =>
1190
+ this.gitCheckout(repoUrl, { ...options, sessionId }),
1191
+
1192
+ // Environment management - needs special handling
1193
+ setEnvVars: async (envVars: Record<string, string>) => {
1194
+ try {
1195
+ // Set environment variables by executing export commands
1196
+ for (const [key, value] of Object.entries(envVars)) {
1197
+ const escapedValue = value.replace(/'/g, "'\\''");
1198
+ const exportCommand = `export ${key}='${escapedValue}'`;
1199
+
1200
+ const result = await this.client.commands.execute(
1201
+ exportCommand,
1202
+ sessionId
1203
+ );
1204
+
1205
+ if (result.exitCode !== 0) {
1206
+ throw new Error(
1207
+ `Failed to set ${key}: ${result.stderr || 'Unknown error'}`
1208
+ );
1209
+ }
1210
+ }
1211
+ } catch (error) {
1212
+ this.logger.error(
1213
+ 'Failed to set environment variables',
1214
+ error instanceof Error ? error : new Error(String(error)),
1215
+ { sessionId }
1216
+ );
1217
+ throw error;
1218
+ }
1219
+ },
1220
+
1221
+ // Code interpreter methods - delegate to sandbox's code interpreter
1222
+ createCodeContext: (options) =>
1223
+ this.codeInterpreter.createCodeContext(options),
1224
+ runCode: async (code, options) => {
1225
+ const execution = await this.codeInterpreter.runCode(code, options);
1226
+ return execution.toJSON();
1227
+ },
1228
+ runCodeStream: (code, options) =>
1229
+ this.codeInterpreter.runCodeStream(code, options),
1230
+ listCodeContexts: () => this.codeInterpreter.listCodeContexts(),
1231
+ deleteCodeContext: (contextId) =>
1232
+ this.codeInterpreter.deleteCodeContext(contextId)
1233
+ };
1234
+ }
1235
+
1236
+ // ============================================================================
1237
+ // Code interpreter methods - delegate to CodeInterpreter wrapper
1238
+ // ============================================================================
1239
+
1240
+ async createCodeContext(
1241
+ options?: CreateContextOptions
1242
+ ): Promise<CodeContext> {
1243
+ return this.codeInterpreter.createCodeContext(options);
1244
+ }
1245
+
1246
+ async runCode(
1247
+ code: string,
1248
+ options?: RunCodeOptions
1249
+ ): Promise<ExecutionResult> {
1250
+ const execution = await this.codeInterpreter.runCode(code, options);
1251
+ return execution.toJSON();
1252
+ }
1253
+
1254
+ async runCodeStream(
1255
+ code: string,
1256
+ options?: RunCodeOptions
1257
+ ): Promise<ReadableStream> {
1258
+ return this.codeInterpreter.runCodeStream(code, options);
1259
+ }
1260
+
1261
+ async listCodeContexts(): Promise<CodeContext[]> {
1262
+ return this.codeInterpreter.listCodeContexts();
1263
+ }
1264
+
1265
+ async deleteCodeContext(contextId: string): Promise<void> {
1266
+ return this.codeInterpreter.deleteCodeContext(contextId);
257
1267
  }
258
1268
  }