@cloudflare/sandbox 0.0.0-af03394 → 0.0.0-b61841c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (90) hide show
  1. package/CHANGELOG.md +226 -0
  2. package/Dockerfile +118 -55
  3. package/README.md +162 -0
  4. package/dist/chunk-BFVUNTP4.js +104 -0
  5. package/dist/chunk-BFVUNTP4.js.map +1 -0
  6. package/dist/chunk-EKSWCBCA.js +86 -0
  7. package/dist/chunk-EKSWCBCA.js.map +1 -0
  8. package/dist/chunk-JXZMAU2C.js +559 -0
  9. package/dist/chunk-JXZMAU2C.js.map +1 -0
  10. package/dist/chunk-QHRFHK6X.js +7 -0
  11. package/dist/chunk-QHRFHK6X.js.map +1 -0
  12. package/dist/chunk-SFCV5YTY.js +2456 -0
  13. package/dist/chunk-SFCV5YTY.js.map +1 -0
  14. package/dist/chunk-Z532A7QC.js +78 -0
  15. package/dist/chunk-Z532A7QC.js.map +1 -0
  16. package/dist/file-stream.d.ts +43 -0
  17. package/dist/file-stream.js +9 -0
  18. package/dist/file-stream.js.map +1 -0
  19. package/dist/index.d.ts +9 -0
  20. package/dist/index.js +67 -0
  21. package/dist/index.js.map +1 -0
  22. package/dist/interpreter.d.ts +33 -0
  23. package/dist/interpreter.js +8 -0
  24. package/dist/interpreter.js.map +1 -0
  25. package/dist/request-handler.d.ts +18 -0
  26. package/dist/request-handler.js +13 -0
  27. package/dist/request-handler.js.map +1 -0
  28. package/dist/sandbox-DWQVgVTY.d.ts +603 -0
  29. package/dist/sandbox.d.ts +4 -0
  30. package/dist/sandbox.js +13 -0
  31. package/dist/sandbox.js.map +1 -0
  32. package/dist/security.d.ts +31 -0
  33. package/dist/security.js +13 -0
  34. package/dist/security.js.map +1 -0
  35. package/dist/sse-parser.d.ts +28 -0
  36. package/dist/sse-parser.js +11 -0
  37. package/dist/sse-parser.js.map +1 -0
  38. package/dist/version.d.ts +8 -0
  39. package/dist/version.js +7 -0
  40. package/dist/version.js.map +1 -0
  41. package/package.json +13 -4
  42. package/src/clients/base-client.ts +280 -0
  43. package/src/clients/command-client.ts +115 -0
  44. package/src/clients/file-client.ts +295 -0
  45. package/src/clients/git-client.ts +92 -0
  46. package/src/clients/index.ts +64 -0
  47. package/src/clients/interpreter-client.ts +329 -0
  48. package/src/clients/port-client.ts +105 -0
  49. package/src/clients/process-client.ts +177 -0
  50. package/src/clients/sandbox-client.ts +41 -0
  51. package/src/clients/types.ts +84 -0
  52. package/src/clients/utility-client.ts +119 -0
  53. package/src/errors/adapter.ts +180 -0
  54. package/src/errors/classes.ts +469 -0
  55. package/src/errors/index.ts +105 -0
  56. package/src/file-stream.ts +164 -0
  57. package/src/index.ts +85 -12
  58. package/src/interpreter.ts +159 -0
  59. package/src/request-handler.ts +80 -44
  60. package/src/sandbox.ts +658 -290
  61. package/src/security.ts +14 -23
  62. package/src/sse-parser.ts +4 -8
  63. package/src/version.ts +6 -0
  64. package/startup.sh +3 -0
  65. package/tests/base-client.test.ts +328 -0
  66. package/tests/command-client.test.ts +407 -0
  67. package/tests/file-client.test.ts +719 -0
  68. package/tests/file-stream.test.ts +306 -0
  69. package/tests/get-sandbox.test.ts +110 -0
  70. package/tests/git-client.test.ts +328 -0
  71. package/tests/port-client.test.ts +301 -0
  72. package/tests/process-client.test.ts +658 -0
  73. package/tests/request-handler.test.ts +240 -0
  74. package/tests/sandbox.test.ts +554 -0
  75. package/tests/sse-parser.test.ts +290 -0
  76. package/tests/utility-client.test.ts +332 -0
  77. package/tests/version.test.ts +16 -0
  78. package/tests/wrangler.jsonc +35 -0
  79. package/tsconfig.json +9 -1
  80. package/vitest.config.ts +31 -0
  81. package/container_src/handler/exec.ts +0 -337
  82. package/container_src/handler/file.ts +0 -844
  83. package/container_src/handler/git.ts +0 -182
  84. package/container_src/handler/ports.ts +0 -314
  85. package/container_src/handler/process.ts +0 -640
  86. package/container_src/index.ts +0 -361
  87. package/container_src/package.json +0 -9
  88. package/container_src/types.ts +0 -103
  89. package/src/client.ts +0 -1038
  90. package/src/types.ts +0 -386
package/src/sandbox.ts CHANGED
@@ -1,66 +1,108 @@
1
+ import type { DurableObject } from 'cloudflare:workers';
1
2
  import { Container, getContainer } from "@cloudflare/containers";
2
- import { HttpClient } from "./client";
3
- import { isLocalhostPattern } from "./request-handler";
4
- import {
5
- logSecurityEvent,
6
- SecurityError,
7
- sanitizeSandboxId,
8
- validatePort
9
- } from "./security";
10
3
  import type {
4
+ CodeContext,
5
+ CreateContextOptions,
6
+ ExecEvent,
11
7
  ExecOptions,
12
8
  ExecResult,
9
+ ExecutionResult,
10
+ ExecutionSession,
13
11
  ISandbox,
14
12
  Process,
15
13
  ProcessOptions,
16
14
  ProcessStatus,
15
+ RunCodeOptions,
16
+ SandboxOptions,
17
+ SessionOptions,
17
18
  StreamOptions
18
- } from "./types";
19
+ } from "@repo/shared";
20
+ import { createLogger, runWithLogger, TraceContext } from "@repo/shared";
21
+ import { type ExecuteResponse, SandboxClient } from "./clients";
22
+ import type { ErrorResponse } from './errors';
23
+ import { CustomDomainRequiredError, ErrorCode } from './errors';
24
+ import { CodeInterpreter } from "./interpreter";
25
+ import { isLocalhostPattern } from "./request-handler";
19
26
  import {
20
- ProcessNotFoundError,
21
- SandboxError
22
- } from "./types";
23
-
24
- export function getSandbox(ns: DurableObjectNamespace<Sandbox>, id: string) {
27
+ SecurityError,
28
+ sanitizeSandboxId,
29
+ validatePort
30
+ } from "./security";
31
+ import { parseSSEStream } from "./sse-parser";
32
+ import { SDK_VERSION } from "./version";
33
+
34
+ export function getSandbox(
35
+ ns: DurableObjectNamespace<Sandbox>,
36
+ id: string,
37
+ options?: SandboxOptions
38
+ ) {
25
39
  const stub = getContainer(ns, id);
26
40
 
27
41
  // Store the name on first access
28
42
  stub.setSandboxName?.(id);
29
43
 
44
+ if (options?.baseUrl) {
45
+ stub.setBaseUrl(options.baseUrl);
46
+ }
47
+
48
+ if (options?.sleepAfter !== undefined) {
49
+ stub.setSleepAfter(options.sleepAfter);
50
+ }
51
+
30
52
  return stub;
31
53
  }
32
54
 
33
55
  export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
34
- sleepAfter = "3m"; // Sleep the sandbox if no requests are made in this timeframe
35
- client: HttpClient;
56
+ defaultPort = 3000; // Default port for the container's Bun server
57
+ sleepAfter: string | number = "10m"; // Sleep the sandbox if no requests are made in this timeframe
58
+
59
+ client: SandboxClient;
60
+ private codeInterpreter: CodeInterpreter;
36
61
  private sandboxName: string | null = null;
62
+ private baseUrl: string | null = null;
63
+ private portTokens: Map<number, string> = new Map();
64
+ private defaultSession: string | null = null;
65
+ envVars: Record<string, string> = {};
66
+ private logger: ReturnType<typeof createLogger>;
37
67
 
38
- constructor(ctx: DurableObjectState, env: Env) {
68
+ constructor(ctx: DurableObject['ctx'], env: Env) {
39
69
  super(ctx, env);
40
- this.client = new HttpClient({
41
- onCommandComplete: (success, exitCode, _stdout, _stderr, command) => {
42
- console.log(
43
- `[Container] Command completed: ${command}, Success: ${success}, Exit code: ${exitCode}`
44
- );
45
- },
46
- onCommandStart: (command) => {
47
- console.log(
48
- `[Container] Command started: ${command}`
49
- );
50
- },
51
- onError: (error, _command) => {
52
- console.error(`[Container] Command error: ${error}`);
53
- },
54
- onOutput: (stream, data, _command) => {
55
- console.log(`[Container] [${stream}] ${data}`);
56
- },
70
+
71
+ const envObj = env as any;
72
+ // Set sandbox environment variables from env object
73
+ const sandboxEnvKeys = ['SANDBOX_LOG_LEVEL', 'SANDBOX_LOG_FORMAT'] as const;
74
+ sandboxEnvKeys.forEach(key => {
75
+ if (envObj?.[key]) {
76
+ this.envVars[key] = envObj[key];
77
+ }
78
+ });
79
+
80
+ this.logger = createLogger({
81
+ component: 'sandbox-do',
82
+ sandboxId: this.ctx.id.toString()
83
+ });
84
+
85
+ this.client = new SandboxClient({
86
+ logger: this.logger,
57
87
  port: 3000, // Control plane port
58
88
  stub: this,
59
89
  });
60
90
 
61
- // Load the sandbox name from storage on initialization
91
+ // Initialize code interpreter - pass 'this' after client is ready
92
+ // The CodeInterpreter extracts client.interpreter from the sandbox
93
+ this.codeInterpreter = new CodeInterpreter(this);
94
+
95
+ // Load the sandbox name, port tokens, and default session from storage on initialization
62
96
  this.ctx.blockConcurrencyWhile(async () => {
63
97
  this.sandboxName = await this.ctx.storage.get<string>('sandboxName') || null;
98
+ this.defaultSession = await this.ctx.storage.get<string>('defaultSession') || null;
99
+ const storedTokens = await this.ctx.storage.get<Record<string, string>>('portTokens') || {};
100
+
101
+ // Convert stored tokens back to Map
102
+ this.portTokens = new Map();
103
+ for (const [portStr, token] of Object.entries(storedTokens)) {
104
+ this.portTokens.set(parseInt(portStr, 10), token);
105
+ }
64
106
  });
65
107
  }
66
108
 
@@ -69,55 +111,156 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
69
111
  if (!this.sandboxName) {
70
112
  this.sandboxName = name;
71
113
  await this.ctx.storage.put('sandboxName', name);
72
- console.log(`[Sandbox] Stored sandbox name via RPC: ${name}`);
73
114
  }
74
115
  }
75
116
 
117
+ // RPC method to set the base URL
118
+ async setBaseUrl(baseUrl: string): Promise<void> {
119
+ if (!this.baseUrl) {
120
+ this.baseUrl = baseUrl;
121
+ await this.ctx.storage.put('baseUrl', baseUrl);
122
+ } else {
123
+ if(this.baseUrl !== baseUrl) {
124
+ throw new Error('Base URL already set and different from one previously provided');
125
+ }
126
+ }
127
+ }
128
+
129
+ // RPC method to set the sleep timeout
130
+ async setSleepAfter(sleepAfter: string | number): Promise<void> {
131
+ this.sleepAfter = sleepAfter;
132
+ }
133
+
76
134
  // RPC method to set environment variables
77
135
  async setEnvVars(envVars: Record<string, string>): Promise<void> {
136
+ // Update local state for new sessions
78
137
  this.envVars = { ...this.envVars, ...envVars };
79
- console.log(`[Sandbox] Updated environment variables`);
138
+
139
+ // If default session already exists, update it directly
140
+ if (this.defaultSession) {
141
+ // Set environment variables by executing export commands in the existing session
142
+ for (const [key, value] of Object.entries(envVars)) {
143
+ const escapedValue = value.replace(/'/g, "'\\''");
144
+ const exportCommand = `export ${key}='${escapedValue}'`;
145
+
146
+ const result = await this.client.commands.execute(exportCommand, this.defaultSession);
147
+
148
+ if (result.exitCode !== 0) {
149
+ throw new Error(`Failed to set ${key}: ${result.stderr || 'Unknown error'}`);
150
+ }
151
+ }
152
+ }
153
+ }
154
+
155
+ /**
156
+ * Cleanup and destroy the sandbox container
157
+ */
158
+ override async destroy(): Promise<void> {
159
+ this.logger.info('Destroying sandbox container');
160
+ await super.destroy();
80
161
  }
81
162
 
82
163
  override onStart() {
83
- console.log("Sandbox successfully started");
164
+ this.logger.debug('Sandbox started');
165
+
166
+ // Check version compatibility asynchronously (don't block startup)
167
+ this.checkVersionCompatibility().catch(error => {
168
+ this.logger.error('Version compatibility check failed', error instanceof Error ? error : new Error(String(error)));
169
+ });
84
170
  }
85
171
 
86
- override onStop() {
87
- console.log("Sandbox successfully shut down");
88
- if (this.client) {
89
- this.client.clearSession();
172
+ /**
173
+ * Check if the container version matches the SDK version
174
+ * Logs a warning if there's a mismatch
175
+ */
176
+ private async checkVersionCompatibility(): Promise<void> {
177
+ try {
178
+ // Get the SDK version (imported from version.ts)
179
+ const sdkVersion = SDK_VERSION;
180
+
181
+ // Get container version
182
+ const containerVersion = await this.client.utils.getVersion();
183
+
184
+ // If container version is unknown, it's likely an old container without the endpoint
185
+ if (containerVersion === 'unknown') {
186
+ this.logger.warn(
187
+ 'Container version check: Container version could not be determined. ' +
188
+ 'This may indicate an outdated container image. ' +
189
+ 'Please update your container to match SDK version ' + sdkVersion
190
+ );
191
+ return;
192
+ }
193
+
194
+ // Check if versions match
195
+ if (containerVersion !== sdkVersion) {
196
+ const message =
197
+ `Version mismatch detected! SDK version (${sdkVersion}) does not match ` +
198
+ `container version (${containerVersion}). This may cause compatibility issues. ` +
199
+ `Please update your container image to version ${sdkVersion}`;
200
+
201
+ // Log warning - we can't reliably detect dev vs prod environment in Durable Objects
202
+ // so we always use warning level as requested by the user
203
+ this.logger.warn(message);
204
+ } else {
205
+ this.logger.debug('Version check passed', { sdkVersion, containerVersion });
206
+ }
207
+ } catch (error) {
208
+ // Don't fail the sandbox initialization if version check fails
209
+ this.logger.debug('Version compatibility check encountered an error', {
210
+ error: error instanceof Error ? error.message : String(error)
211
+ });
90
212
  }
91
213
  }
92
214
 
215
+ override onStop() {
216
+ this.logger.debug('Sandbox stopped');
217
+ }
218
+
93
219
  override onError(error: unknown) {
94
- console.log("Sandbox error:", error);
220
+ this.logger.error('Sandbox error', error instanceof Error ? error : new Error(String(error)));
95
221
  }
96
222
 
97
223
  // Override fetch to route internal container requests to appropriate ports
98
224
  override async fetch(request: Request): Promise<Response> {
99
- const url = new URL(request.url);
225
+ // Extract or generate trace ID from request
226
+ const traceId = TraceContext.fromHeaders(request.headers) || TraceContext.generate();
100
227
 
101
- // Capture and store the sandbox name from the header if present
102
- if (!this.sandboxName && request.headers.has('X-Sandbox-Name')) {
103
- const name = request.headers.get('X-Sandbox-Name')!;
104
- this.sandboxName = name;
105
- await this.ctx.storage.put('sandboxName', name);
106
- console.log(`[Sandbox] Stored sandbox name: ${this.sandboxName}`);
107
- }
228
+ // Create request-specific logger with trace ID
229
+ const requestLogger = this.logger.child({ traceId, operation: 'fetch' });
230
+
231
+ return await runWithLogger(requestLogger, async () => {
232
+ const url = new URL(request.url);
233
+
234
+ // Capture and store the sandbox name from the header if present
235
+ if (!this.sandboxName && request.headers.has('X-Sandbox-Name')) {
236
+ const name = request.headers.get('X-Sandbox-Name')!;
237
+ this.sandboxName = name;
238
+ await this.ctx.storage.put('sandboxName', name);
239
+ }
108
240
 
109
- // Determine which port to route to
110
- const port = this.determinePort(url);
241
+ // Detect WebSocket upgrade request
242
+ const upgradeHeader = request.headers.get('Upgrade');
243
+ const isWebSocket = upgradeHeader?.toLowerCase() === 'websocket';
111
244
 
112
- // Route to the appropriate port
113
- return await this.containerFetch(request, port);
245
+ if (isWebSocket) {
246
+ // WebSocket path: Let parent Container class handle WebSocket proxying
247
+ // This bypasses containerFetch() which uses JSRPC and cannot handle WebSocket upgrades
248
+ return await super.fetch(request);
249
+ }
250
+
251
+ // Non-WebSocket: Use existing port determination and HTTP routing logic
252
+ const port = this.determinePort(url);
253
+
254
+ // Route to the appropriate port
255
+ return await this.containerFetch(request, port);
256
+ });
114
257
  }
115
258
 
116
259
  private determinePort(url: URL): number {
117
260
  // Extract port from proxy requests (e.g., /proxy/8080/*)
118
261
  const proxyMatch = url.pathname.match(/^\/proxy\/(\d+)/);
119
262
  if (proxyMatch) {
120
- return parseInt(proxyMatch[1]);
263
+ return parseInt(proxyMatch[1], 10);
121
264
  }
122
265
 
123
266
  // All other requests go to control plane on port 3000
@@ -125,9 +268,62 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
125
268
  return 3000;
126
269
  }
127
270
 
271
+ /**
272
+ * Ensure default session exists - lazy initialization
273
+ * This is called automatically by all public methods that need a session
274
+ *
275
+ * The session is persisted to Durable Object storage to survive hot reloads
276
+ * during development. If a session already exists in the container after reload,
277
+ * we reuse it instead of trying to create a new one.
278
+ */
279
+ private async ensureDefaultSession(): Promise<string> {
280
+ if (!this.defaultSession) {
281
+ const sessionId = `sandbox-${this.sandboxName || 'default'}`;
282
+
283
+ try {
284
+ // Try to create session in container
285
+ await this.client.utils.createSession({
286
+ id: sessionId,
287
+ env: this.envVars || {},
288
+ cwd: '/workspace',
289
+ });
290
+
291
+ this.defaultSession = sessionId;
292
+ // Persist to storage so it survives hot reloads
293
+ await this.ctx.storage.put('defaultSession', sessionId);
294
+ this.logger.debug('Default session initialized', { sessionId });
295
+ } catch (error: any) {
296
+ // If session already exists (e.g., after hot reload), reuse it
297
+ if (error?.message?.includes('already exists')) {
298
+ this.logger.debug('Reusing existing session after reload', { sessionId });
299
+ this.defaultSession = sessionId;
300
+ // Persist to storage in case it wasn't saved before
301
+ await this.ctx.storage.put('defaultSession', sessionId);
302
+ } else {
303
+ // Re-throw other errors
304
+ throw error;
305
+ }
306
+ }
307
+ }
308
+ return this.defaultSession;
309
+ }
310
+
128
311
  // Enhanced exec method - always returns ExecResult with optional streaming
129
312
  // This replaces the old exec method to match ISandbox interface
130
313
  async exec(command: string, options?: ExecOptions): Promise<ExecResult> {
314
+ const session = await this.ensureDefaultSession();
315
+ return this.execWithSession(command, session, options);
316
+ }
317
+
318
+ /**
319
+ * Internal session-aware exec implementation
320
+ * Used by both public exec() and session wrappers
321
+ */
322
+ private async execWithSession(
323
+ command: string,
324
+ sessionId: string,
325
+ options?: ExecOptions
326
+ ): Promise<ExecResult> {
131
327
  const startTime = Date.now();
132
328
  const timestamp = new Date().toISOString();
133
329
 
@@ -144,16 +340,13 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
144
340
 
145
341
  if (options?.stream && options?.onOutput) {
146
342
  // Streaming with callbacks - we need to collect the final result
147
- result = await this.executeWithStreaming(command, options, startTime, timestamp);
343
+ result = await this.executeWithStreaming(command, sessionId, options, startTime, timestamp);
148
344
  } else {
149
- // Regular execution
150
- const response = await this.client.execute(
151
- command,
152
- options?.sessionId
153
- );
345
+ // Regular execution with session
346
+ const response = await this.client.commands.execute(command, sessionId);
154
347
 
155
348
  const duration = Date.now() - startTime;
156
- result = this.mapExecuteResponseToExecResult(response, duration, options?.sessionId);
349
+ result = this.mapExecuteResponseToExecResult(response, duration, sessionId);
157
350
  }
158
351
 
159
352
  // Call completion callback if provided
@@ -176,6 +369,7 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
176
369
 
177
370
  private async executeWithStreaming(
178
371
  command: string,
372
+ sessionId: string,
179
373
  options: ExecOptions,
180
374
  startTime: number,
181
375
  timestamp: string
@@ -184,10 +378,9 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
184
378
  let stderr = '';
185
379
 
186
380
  try {
187
- const stream = await this.client.executeCommandStream(command, options.sessionId);
188
- const { parseSSEStream } = await import('./sse-parser');
381
+ const stream = await this.client.commands.executeStream(command, sessionId);
189
382
 
190
- for await (const event of parseSSEStream<import('./types').ExecEvent>(stream)) {
383
+ for await (const event of parseSSEStream<ExecEvent>(stream)) {
191
384
  // Check for cancellation
192
385
  if (options.signal?.aborted) {
193
386
  throw new Error('Operation was aborted');
@@ -211,20 +404,20 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
211
404
  case 'complete': {
212
405
  // Use result from complete event if available
213
406
  const duration = Date.now() - startTime;
214
- return event.result || {
215
- success: event.exitCode === 0,
216
- exitCode: event.exitCode || 0,
407
+ return {
408
+ success: (event.exitCode ?? 0) === 0,
409
+ exitCode: event.exitCode ?? 0,
217
410
  stdout,
218
411
  stderr,
219
412
  command,
220
413
  duration,
221
414
  timestamp,
222
- sessionId: options.sessionId
415
+ sessionId
223
416
  };
224
417
  }
225
418
 
226
419
  case 'error':
227
- throw new Error(event.error || 'Command execution failed');
420
+ throw new Error(event.data || 'Command execution failed');
228
421
  }
229
422
  }
230
423
 
@@ -240,7 +433,7 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
240
433
  }
241
434
 
242
435
  private mapExecuteResponseToExecResult(
243
- response: import('./client').ExecuteResponse,
436
+ response: ExecuteResponse,
244
437
  duration: number,
245
438
  sessionId?: string
246
439
  ): ExecResult {
@@ -256,57 +449,68 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
256
449
  };
257
450
  }
258
451
 
452
+ /**
453
+ * Create a Process domain object from HTTP client DTO
454
+ * Centralizes process object creation with bound methods
455
+ * This eliminates duplication across startProcess, listProcesses, getProcess, and session wrappers
456
+ */
457
+ private createProcessFromDTO(
458
+ data: {
459
+ id: string;
460
+ pid?: number;
461
+ command: string;
462
+ status: ProcessStatus;
463
+ startTime: string | Date;
464
+ endTime?: string | Date;
465
+ exitCode?: number;
466
+ },
467
+ sessionId: string
468
+ ): Process {
469
+ return {
470
+ id: data.id,
471
+ pid: data.pid,
472
+ command: data.command,
473
+ status: data.status,
474
+ startTime: typeof data.startTime === 'string' ? new Date(data.startTime) : data.startTime,
475
+ endTime: data.endTime ? (typeof data.endTime === 'string' ? new Date(data.endTime) : data.endTime) : undefined,
476
+ exitCode: data.exitCode,
477
+ sessionId,
478
+
479
+ kill: async (signal?: string) => {
480
+ await this.killProcess(data.id, signal);
481
+ },
482
+
483
+ getStatus: async () => {
484
+ const current = await this.getProcess(data.id);
485
+ return current?.status || 'error';
486
+ },
487
+
488
+ getLogs: async () => {
489
+ const logs = await this.getProcessLogs(data.id);
490
+ return { stdout: logs.stdout, stderr: logs.stderr };
491
+ }
492
+ };
493
+ }
494
+
259
495
 
260
496
  // Background process management
261
- async startProcess(command: string, options?: ProcessOptions): Promise<Process> {
497
+ async startProcess(command: string, options?: ProcessOptions, sessionId?: string): Promise<Process> {
262
498
  // Use the new HttpClient method to start the process
263
499
  try {
264
- const response = await this.client.startProcess(command, {
265
- processId: options?.processId,
266
- sessionId: options?.sessionId,
267
- timeout: options?.timeout,
268
- env: options?.env,
269
- cwd: options?.cwd,
270
- encoding: options?.encoding,
271
- autoCleanup: options?.autoCleanup
500
+ const session = sessionId ?? await this.ensureDefaultSession();
501
+ const response = await this.client.processes.startProcess(command, session, {
502
+ processId: options?.processId
272
503
  });
273
504
 
274
- const process = response.process;
275
- const processObj: Process = {
276
- id: process.id,
277
- pid: process.pid,
278
- command: process.command,
279
- status: process.status as ProcessStatus,
280
- startTime: new Date(process.startTime),
505
+ const processObj = this.createProcessFromDTO({
506
+ id: response.processId,
507
+ pid: response.pid,
508
+ command: response.command,
509
+ status: 'running' as ProcessStatus,
510
+ startTime: new Date(),
281
511
  endTime: undefined,
282
- exitCode: undefined,
283
- sessionId: process.sessionId,
284
-
285
- async kill(): Promise<void> {
286
- throw new Error('Method will be replaced');
287
- },
288
- async getStatus(): Promise<ProcessStatus> {
289
- throw new Error('Method will be replaced');
290
- },
291
- async getLogs(): Promise<{ stdout: string; stderr: string }> {
292
- throw new Error('Method will be replaced');
293
- }
294
- };
295
-
296
- // Bind context properly
297
- processObj.kill = async (signal?: string) => {
298
- await this.killProcess(process.id, signal);
299
- };
300
-
301
- processObj.getStatus = async () => {
302
- const current = await this.getProcess(process.id);
303
- return current?.status || 'error';
304
- };
305
-
306
- processObj.getLogs = async () => {
307
- const logs = await this.getProcessLogs(process.id);
308
- return { stdout: logs.stdout, stderr: logs.stderr };
309
- };
512
+ exitCode: undefined
513
+ }, session);
310
514
 
311
515
  // Call onStart callback if provided
312
516
  if (options?.onStart) {
@@ -324,108 +528,68 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
324
528
  }
325
529
  }
326
530
 
327
- async listProcesses(): Promise<Process[]> {
328
- const response = await this.client.listProcesses();
329
-
330
- return response.processes.map(processData => ({
331
- id: processData.id,
332
- pid: processData.pid,
333
- command: processData.command,
334
- status: processData.status,
335
- startTime: new Date(processData.startTime),
336
- endTime: processData.endTime ? new Date(processData.endTime) : undefined,
337
- exitCode: processData.exitCode,
338
- sessionId: processData.sessionId,
339
-
340
- kill: async (signal?: string) => {
341
- await this.killProcess(processData.id, signal);
342
- },
343
-
344
- getStatus: async () => {
345
- const current = await this.getProcess(processData.id);
346
- return current?.status || 'error';
347
- },
348
-
349
- getLogs: async () => {
350
- const logs = await this.getProcessLogs(processData.id);
351
- return { stdout: logs.stdout, stderr: logs.stderr };
352
- }
353
- }));
531
+ async listProcesses(sessionId?: string): Promise<Process[]> {
532
+ const session = sessionId ?? await this.ensureDefaultSession();
533
+ const response = await this.client.processes.listProcesses();
534
+
535
+ return response.processes.map(processData =>
536
+ this.createProcessFromDTO({
537
+ id: processData.id,
538
+ pid: processData.pid,
539
+ command: processData.command,
540
+ status: processData.status,
541
+ startTime: processData.startTime,
542
+ endTime: processData.endTime,
543
+ exitCode: processData.exitCode
544
+ }, session)
545
+ );
354
546
  }
355
547
 
356
- async getProcess(id: string): Promise<Process | null> {
357
- const response = await this.client.getProcess(id);
548
+ async getProcess(id: string, sessionId?: string): Promise<Process | null> {
549
+ const session = sessionId ?? await this.ensureDefaultSession();
550
+ const response = await this.client.processes.getProcess(id);
358
551
  if (!response.process) {
359
552
  return null;
360
553
  }
361
554
 
362
555
  const processData = response.process;
363
- return {
556
+ return this.createProcessFromDTO({
364
557
  id: processData.id,
365
558
  pid: processData.pid,
366
559
  command: processData.command,
367
560
  status: processData.status,
368
- startTime: new Date(processData.startTime),
369
- endTime: processData.endTime ? new Date(processData.endTime) : undefined,
370
- exitCode: processData.exitCode,
371
- sessionId: processData.sessionId,
372
-
373
- kill: async (signal?: string) => {
374
- await this.killProcess(processData.id, signal);
375
- },
376
-
377
- getStatus: async () => {
378
- const current = await this.getProcess(processData.id);
379
- return current?.status || 'error';
380
- },
381
-
382
- getLogs: async () => {
383
- const logs = await this.getProcessLogs(processData.id);
384
- return { stdout: logs.stdout, stderr: logs.stderr };
385
- }
386
- };
561
+ startTime: processData.startTime,
562
+ endTime: processData.endTime,
563
+ exitCode: processData.exitCode
564
+ }, session);
387
565
  }
388
566
 
389
- async killProcess(id: string, _signal?: string): Promise<void> {
390
- try {
391
- // Note: signal parameter is not currently supported by the HttpClient implementation
392
- await this.client.killProcess(id);
393
- } catch (error) {
394
- if (error instanceof Error && error.message.includes('Process not found')) {
395
- throw new ProcessNotFoundError(id);
396
- }
397
- throw new SandboxError(
398
- `Failed to kill process ${id}: ${error instanceof Error ? error.message : 'Unknown error'}`,
399
- 'KILL_PROCESS_FAILED'
400
- );
401
- }
567
+ async killProcess(id: string, signal?: string, sessionId?: string): Promise<void> {
568
+ // Note: signal parameter is not currently supported by the HttpClient implementation
569
+ // The HTTP client already throws properly typed errors, so we just let them propagate
570
+ await this.client.processes.killProcess(id);
402
571
  }
403
572
 
404
- async killAllProcesses(): Promise<number> {
405
- const response = await this.client.killAllProcesses();
406
- return response.killedCount;
573
+ async killAllProcesses(sessionId?: string): Promise<number> {
574
+ const response = await this.client.processes.killAllProcesses();
575
+ return response.cleanedCount;
407
576
  }
408
577
 
409
- async cleanupCompletedProcesses(): Promise<number> {
578
+ async cleanupCompletedProcesses(sessionId?: string): Promise<number> {
410
579
  // For now, this would need to be implemented as a container endpoint
411
580
  // as we no longer maintain local process storage
412
581
  // We'll return 0 as a placeholder until the container endpoint is added
413
582
  return 0;
414
583
  }
415
584
 
416
- async getProcessLogs(id: string): Promise<{ stdout: string; stderr: string }> {
417
- try {
418
- const response = await this.client.getProcessLogs(id);
419
- return {
420
- stdout: response.stdout,
421
- stderr: response.stderr
422
- };
423
- } catch (error) {
424
- if (error instanceof Error && error.message.includes('Process not found')) {
425
- throw new ProcessNotFoundError(id);
426
- }
427
- throw error;
428
- }
585
+ async getProcessLogs(id: string, sessionId?: string): Promise<{ stdout: string; stderr: string; processId: string }> {
586
+ // The HTTP client already throws properly typed errors, so we just let them propagate
587
+ const response = await this.client.processes.getProcessLogs(id);
588
+ return {
589
+ stdout: response.stdout,
590
+ stderr: response.stderr,
591
+ processId: response.processId
592
+ };
429
593
  }
430
594
 
431
595
 
@@ -436,11 +600,21 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
436
600
  throw new Error('Operation was aborted');
437
601
  }
438
602
 
439
- // Get the stream from HttpClient (need to add this method)
440
- const stream = await this.client.executeCommandStream(command, options?.sessionId);
603
+ const session = await this.ensureDefaultSession();
604
+ // Get the stream from CommandClient
605
+ return this.client.commands.executeStream(command, session);
606
+ }
441
607
 
442
- // Return the ReadableStream directly - can be converted to AsyncIterable by consumers
443
- return stream;
608
+ /**
609
+ * Internal session-aware execStream implementation
610
+ */
611
+ private async execStreamWithSession(command: string, sessionId: string, options?: StreamOptions): Promise<ReadableStream<Uint8Array>> {
612
+ // Check for cancellation
613
+ if (options?.signal?.aborted) {
614
+ throw new Error('Operation was aborted');
615
+ }
616
+
617
+ return this.client.commands.executeStream(command, sessionId);
444
618
  }
445
619
 
446
620
  async streamProcessLogs(processId: string, options?: { signal?: AbortSignal }): Promise<ReadableStream<Uint8Array>> {
@@ -449,69 +623,122 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
449
623
  throw new Error('Operation was aborted');
450
624
  }
451
625
 
452
- // Get the stream from HttpClient
453
- const stream = await this.client.streamProcessLogs(processId);
454
-
455
- // Return the ReadableStream directly - can be converted to AsyncIterable by consumers
456
- return stream;
626
+ return this.client.processes.streamProcessLogs(processId);
457
627
  }
458
628
 
459
629
  async gitCheckout(
460
630
  repoUrl: string,
461
- options: { branch?: string; targetDir?: string }
631
+ options: { branch?: string; targetDir?: string; sessionId?: string }
462
632
  ) {
463
- return this.client.gitCheckout(repoUrl, options.branch, options.targetDir);
633
+ const session = options.sessionId ?? await this.ensureDefaultSession();
634
+ return this.client.git.checkout(repoUrl, session, {
635
+ branch: options.branch,
636
+ targetDir: options.targetDir
637
+ });
464
638
  }
465
639
 
466
640
  async mkdir(
467
641
  path: string,
468
- options: { recursive?: boolean } = {}
642
+ options: { recursive?: boolean; sessionId?: string } = {}
469
643
  ) {
470
- return this.client.mkdir(path, options.recursive);
644
+ const session = options.sessionId ?? await this.ensureDefaultSession();
645
+ return this.client.files.mkdir(path, session, { recursive: options.recursive });
471
646
  }
472
647
 
473
648
  async writeFile(
474
649
  path: string,
475
650
  content: string,
476
- options: { encoding?: string } = {}
651
+ options: { encoding?: string; sessionId?: string } = {}
477
652
  ) {
478
- return this.client.writeFile(path, content, options.encoding);
653
+ const session = options.sessionId ?? await this.ensureDefaultSession();
654
+ return this.client.files.writeFile(path, content, session, { encoding: options.encoding });
479
655
  }
480
656
 
481
- async deleteFile(path: string) {
482
- return this.client.deleteFile(path);
657
+ async deleteFile(path: string, sessionId?: string) {
658
+ const session = sessionId ?? await this.ensureDefaultSession();
659
+ return this.client.files.deleteFile(path, session);
483
660
  }
484
661
 
485
662
  async renameFile(
486
663
  oldPath: string,
487
- newPath: string
664
+ newPath: string,
665
+ sessionId?: string
488
666
  ) {
489
- return this.client.renameFile(oldPath, newPath);
667
+ const session = sessionId ?? await this.ensureDefaultSession();
668
+ return this.client.files.renameFile(oldPath, newPath, session);
490
669
  }
491
670
 
492
671
  async moveFile(
493
672
  sourcePath: string,
494
- destinationPath: string
673
+ destinationPath: string,
674
+ sessionId?: string
495
675
  ) {
496
- return this.client.moveFile(sourcePath, destinationPath);
676
+ const session = sessionId ?? await this.ensureDefaultSession();
677
+ return this.client.files.moveFile(sourcePath, destinationPath, session);
497
678
  }
498
679
 
499
680
  async readFile(
500
681
  path: string,
501
- options: { encoding?: string } = {}
682
+ options: { encoding?: string; sessionId?: string } = {}
683
+ ) {
684
+ const session = options.sessionId ?? await this.ensureDefaultSession();
685
+ return this.client.files.readFile(path, session, { encoding: options.encoding });
686
+ }
687
+
688
+ /**
689
+ * Stream a file from the sandbox using Server-Sent Events
690
+ * Returns a ReadableStream that can be consumed with streamFile() or collectFile() utilities
691
+ * @param path - Path to the file to stream
692
+ * @param options - Optional session ID
693
+ */
694
+ async readFileStream(
695
+ path: string,
696
+ options: { sessionId?: string } = {}
697
+ ): Promise<ReadableStream<Uint8Array>> {
698
+ const session = options.sessionId ?? await this.ensureDefaultSession();
699
+ return this.client.files.readFileStream(path, session);
700
+ }
701
+
702
+ async listFiles(
703
+ path: string,
704
+ options?: { recursive?: boolean; includeHidden?: boolean }
502
705
  ) {
503
- return this.client.readFile(path, options.encoding);
706
+ const session = await this.ensureDefaultSession();
707
+ return this.client.files.listFiles(path, session, options);
708
+ }
709
+
710
+ async exists(path: string, sessionId?: string) {
711
+ const session = sessionId ?? await this.ensureDefaultSession();
712
+ return this.client.files.exists(path, session);
504
713
  }
505
714
 
506
715
  async exposePort(port: number, options: { name?: string; hostname: string }) {
507
- await this.client.exposePort(port, options?.name);
716
+ // Check if hostname is workers.dev domain (doesn't support wildcard subdomains)
717
+ if (options.hostname.endsWith('.workers.dev')) {
718
+ const errorResponse: ErrorResponse = {
719
+ code: ErrorCode.CUSTOM_DOMAIN_REQUIRED,
720
+ message: `Port exposure requires a custom domain. .workers.dev domains do not support wildcard subdomains required for port proxying.`,
721
+ context: { originalError: options.hostname },
722
+ httpStatus: 400,
723
+ timestamp: new Date().toISOString()
724
+ };
725
+ throw new CustomDomainRequiredError(errorResponse);
726
+ }
727
+
728
+ const sessionId = await this.ensureDefaultSession();
729
+ await this.client.ports.exposePort(port, sessionId, options?.name);
508
730
 
509
731
  // We need the sandbox name to construct preview URLs
510
732
  if (!this.sandboxName) {
511
733
  throw new Error('Sandbox name not available. Ensure sandbox is accessed through getSandbox()');
512
734
  }
513
735
 
514
- const url = this.constructPreviewUrl(port, this.sandboxName, options.hostname);
736
+ // Generate and store token for this port
737
+ const token = this.generatePortToken();
738
+ this.portTokens.set(port, token);
739
+ await this.persistPortTokens();
740
+
741
+ const url = this.constructPreviewUrl(port, this.sandboxName, options.hostname, token);
515
742
 
516
743
  return {
517
744
  url,
@@ -522,58 +749,101 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
522
749
 
523
750
  async unexposePort(port: number) {
524
751
  if (!validatePort(port)) {
525
- logSecurityEvent('INVALID_PORT_UNEXPOSE', {
526
- port
527
- }, 'high');
528
752
  throw new SecurityError(`Invalid port number: ${port}. Must be between 1024-65535 and not reserved.`);
529
753
  }
530
754
 
531
- await this.client.unexposePort(port);
755
+ const sessionId = await this.ensureDefaultSession();
756
+ await this.client.ports.unexposePort(port, sessionId);
532
757
 
533
- logSecurityEvent('PORT_UNEXPOSED', {
534
- port
535
- }, 'low');
758
+ // Clean up token for this port
759
+ if (this.portTokens.has(port)) {
760
+ this.portTokens.delete(port);
761
+ await this.persistPortTokens();
762
+ }
536
763
  }
537
764
 
538
765
  async getExposedPorts(hostname: string) {
539
- const response = await this.client.getExposedPorts();
766
+ const sessionId = await this.ensureDefaultSession();
767
+ const response = await this.client.ports.getExposedPorts(sessionId);
540
768
 
541
769
  // We need the sandbox name to construct preview URLs
542
770
  if (!this.sandboxName) {
543
771
  throw new Error('Sandbox name not available. Ensure sandbox is accessed through getSandbox()');
544
772
  }
545
773
 
546
- return response.ports.map(port => ({
547
- url: this.constructPreviewUrl(port.port, this.sandboxName!, hostname),
548
- port: port.port,
549
- name: port.name,
550
- exposedAt: port.exposedAt,
551
- }));
774
+ return response.ports.map(port => {
775
+ // Get token for this port - must exist for all exposed ports
776
+ const token = this.portTokens.get(port.port);
777
+ if (!token) {
778
+ throw new Error(`Port ${port.port} is exposed but has no token. This should not happen.`);
779
+ }
780
+
781
+ return {
782
+ url: this.constructPreviewUrl(port.port, this.sandboxName!, hostname, token),
783
+ port: port.port,
784
+ status: port.status,
785
+ };
786
+ });
552
787
  }
553
788
 
554
789
 
555
- private constructPreviewUrl(port: number, sandboxId: string, hostname: string): string {
790
+ async isPortExposed(port: number): Promise<boolean> {
791
+ try {
792
+ const sessionId = await this.ensureDefaultSession();
793
+ const response = await this.client.ports.getExposedPorts(sessionId);
794
+ return response.ports.some(exposedPort => exposedPort.port === port);
795
+ } catch (error) {
796
+ this.logger.error('Error checking if port is exposed', error instanceof Error ? error : new Error(String(error)), { port });
797
+ return false;
798
+ }
799
+ }
800
+
801
+ async validatePortToken(port: number, token: string): Promise<boolean> {
802
+ // First check if port is exposed
803
+ const isExposed = await this.isPortExposed(port);
804
+ if (!isExposed) {
805
+ return false;
806
+ }
807
+
808
+ // Get stored token for this port - must exist for all exposed ports
809
+ const storedToken = this.portTokens.get(port);
810
+ if (!storedToken) {
811
+ // This should not happen - all exposed ports must have tokens
812
+ this.logger.error('Port is exposed but has no token - bug detected', undefined, { port });
813
+ return false;
814
+ }
815
+
816
+ // Constant-time comparison to prevent timing attacks
817
+ return storedToken === token;
818
+ }
819
+
820
+ private generatePortToken(): string {
821
+ // Generate cryptographically secure 16-character token using Web Crypto API
822
+ // Available in Cloudflare Workers runtime
823
+ const array = new Uint8Array(12); // 12 bytes = 16 base64url chars (after padding removal)
824
+ crypto.getRandomValues(array);
825
+
826
+ // Convert to base64url format (URL-safe, no padding, lowercase)
827
+ const base64 = btoa(String.fromCharCode(...array));
828
+ return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '').toLowerCase();
829
+ }
830
+
831
+ private async persistPortTokens(): Promise<void> {
832
+ // Convert Map to plain object for storage
833
+ const tokensObj: Record<string, string> = {};
834
+ for (const [port, token] of this.portTokens.entries()) {
835
+ tokensObj[port.toString()] = token;
836
+ }
837
+ await this.ctx.storage.put('portTokens', tokensObj);
838
+ }
839
+
840
+ private constructPreviewUrl(port: number, sandboxId: string, hostname: string, token: string): string {
556
841
  if (!validatePort(port)) {
557
- logSecurityEvent('INVALID_PORT_REJECTED', {
558
- port,
559
- sandboxId,
560
- hostname
561
- }, 'high');
562
842
  throw new SecurityError(`Invalid port number: ${port}. Must be between 1024-65535 and not reserved.`);
563
843
  }
564
844
 
565
- let sanitizedSandboxId: string;
566
- try {
567
- sanitizedSandboxId = sanitizeSandboxId(sandboxId);
568
- } catch (error) {
569
- logSecurityEvent('INVALID_SANDBOX_ID_REJECTED', {
570
- sandboxId,
571
- port,
572
- hostname,
573
- error: error instanceof Error ? error.message : 'Unknown error'
574
- }, 'high');
575
- throw error;
576
- }
845
+ // Validate sandbox ID (will throw SecurityError if invalid)
846
+ const sanitizedSandboxId = sanitizeSandboxId(sandboxId);
577
847
 
578
848
  const isLocalhost = isLocalhostPattern(hostname);
579
849
 
@@ -585,28 +855,12 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
585
855
  // Use URL constructor for safe URL building
586
856
  try {
587
857
  const baseUrl = new URL(`http://${host}:${mainPort}`);
588
- // Construct subdomain safely
589
- const subdomainHost = `${port}-${sanitizedSandboxId}.${host}`;
858
+ // Construct subdomain safely with mandatory token
859
+ const subdomainHost = `${port}-${sanitizedSandboxId}-${token}.${host}`;
590
860
  baseUrl.hostname = subdomainHost;
591
861
 
592
- const finalUrl = baseUrl.toString();
593
-
594
- logSecurityEvent('PREVIEW_URL_CONSTRUCTED', {
595
- port,
596
- sandboxId: sanitizedSandboxId,
597
- hostname,
598
- resultUrl: finalUrl,
599
- environment: 'localhost'
600
- }, 'low');
601
-
602
- return finalUrl;
862
+ return baseUrl.toString();
603
863
  } catch (error) {
604
- logSecurityEvent('URL_CONSTRUCTION_FAILED', {
605
- port,
606
- sandboxId: sanitizedSandboxId,
607
- hostname,
608
- error: error instanceof Error ? error.message : 'Unknown error'
609
- }, 'high');
610
864
  throw new SecurityError(`Failed to construct preview URL: ${error instanceof Error ? error.message : 'Unknown error'}`);
611
865
  }
612
866
  }
@@ -617,29 +871,143 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
617
871
  const protocol = "https";
618
872
  const baseUrl = new URL(`${protocol}://${hostname}`);
619
873
 
620
- // Construct subdomain safely
621
- const subdomainHost = `${port}-${sanitizedSandboxId}.${hostname}`;
874
+ // Construct subdomain safely with mandatory token
875
+ const subdomainHost = `${port}-${sanitizedSandboxId}-${token}.${hostname}`;
622
876
  baseUrl.hostname = subdomainHost;
623
877
 
624
- const finalUrl = baseUrl.toString();
625
-
626
- logSecurityEvent('PREVIEW_URL_CONSTRUCTED', {
627
- port,
628
- sandboxId: sanitizedSandboxId,
629
- hostname,
630
- resultUrl: finalUrl,
631
- environment: 'production'
632
- }, 'low');
633
-
634
- return finalUrl;
878
+ return baseUrl.toString();
635
879
  } catch (error) {
636
- logSecurityEvent('URL_CONSTRUCTION_FAILED', {
637
- port,
638
- sandboxId: sanitizedSandboxId,
639
- hostname,
640
- error: error instanceof Error ? error.message : 'Unknown error'
641
- }, 'high');
642
880
  throw new SecurityError(`Failed to construct preview URL: ${error instanceof Error ? error.message : 'Unknown error'}`);
643
881
  }
644
882
  }
883
+
884
+ // ============================================================================
885
+ // Session Management - Advanced Use Cases
886
+ // ============================================================================
887
+
888
+ /**
889
+ * Create isolated execution session for advanced use cases
890
+ * Returns ExecutionSession with full sandbox API bound to specific session
891
+ */
892
+ async createSession(options?: SessionOptions): Promise<ExecutionSession> {
893
+ const sessionId = options?.id || `session-${Date.now()}`;
894
+
895
+ // Create session in container
896
+ await this.client.utils.createSession({
897
+ id: sessionId,
898
+ env: options?.env,
899
+ cwd: options?.cwd,
900
+ });
901
+
902
+ // Return wrapper that binds sessionId to all operations
903
+ return this.getSessionWrapper(sessionId);
904
+ }
905
+
906
+ /**
907
+ * Get an existing session by ID
908
+ * Returns ExecutionSession wrapper bound to the specified session
909
+ *
910
+ * This is useful for retrieving sessions across different requests/contexts
911
+ * without storing the ExecutionSession object (which has RPC lifecycle limitations)
912
+ *
913
+ * @param sessionId - The ID of an existing session
914
+ * @returns ExecutionSession wrapper bound to the session
915
+ */
916
+ async getSession(sessionId: string): Promise<ExecutionSession> {
917
+ // No need to verify session exists in container - operations will fail naturally if it doesn't
918
+ return this.getSessionWrapper(sessionId);
919
+ }
920
+
921
+ /**
922
+ * Internal helper to create ExecutionSession wrapper for a given sessionId
923
+ * Used by both createSession and getSession
924
+ */
925
+ private getSessionWrapper(sessionId: string): ExecutionSession {
926
+ return {
927
+ id: sessionId,
928
+
929
+ // Command execution - delegate to internal session-aware methods
930
+ exec: (command, options) => this.execWithSession(command, sessionId, options),
931
+ execStream: (command, options) => this.execStreamWithSession(command, sessionId, options),
932
+
933
+ // Process management
934
+ startProcess: (command, options) => this.startProcess(command, options, sessionId),
935
+ listProcesses: () => this.listProcesses(sessionId),
936
+ getProcess: (id) => this.getProcess(id, sessionId),
937
+ killProcess: (id, signal) => this.killProcess(id, signal),
938
+ killAllProcesses: () => this.killAllProcesses(),
939
+ cleanupCompletedProcesses: () => this.cleanupCompletedProcesses(),
940
+ getProcessLogs: (id) => this.getProcessLogs(id),
941
+ streamProcessLogs: (processId, options) => this.streamProcessLogs(processId, options),
942
+
943
+ // File operations - pass sessionId via options or parameter
944
+ writeFile: (path, content, options) => this.writeFile(path, content, { ...options, sessionId }),
945
+ readFile: (path, options) => this.readFile(path, { ...options, sessionId }),
946
+ readFileStream: (path) => this.readFileStream(path, { sessionId }),
947
+ mkdir: (path, options) => this.mkdir(path, { ...options, sessionId }),
948
+ deleteFile: (path) => this.deleteFile(path, sessionId),
949
+ renameFile: (oldPath, newPath) => this.renameFile(oldPath, newPath, sessionId),
950
+ moveFile: (sourcePath, destPath) => this.moveFile(sourcePath, destPath, sessionId),
951
+ listFiles: (path, options) => this.client.files.listFiles(path, sessionId, options),
952
+ exists: (path) => this.exists(path, sessionId),
953
+
954
+ // Git operations
955
+ gitCheckout: (repoUrl, options) => this.gitCheckout(repoUrl, { ...options, sessionId }),
956
+
957
+ // Environment management - needs special handling
958
+ setEnvVars: async (envVars: Record<string, string>) => {
959
+ try {
960
+ // Set environment variables by executing export commands
961
+ for (const [key, value] of Object.entries(envVars)) {
962
+ const escapedValue = value.replace(/'/g, "'\\''");
963
+ const exportCommand = `export ${key}='${escapedValue}'`;
964
+
965
+ const result = await this.client.commands.execute(exportCommand, sessionId);
966
+
967
+ if (result.exitCode !== 0) {
968
+ throw new Error(`Failed to set ${key}: ${result.stderr || 'Unknown error'}`);
969
+ }
970
+ }
971
+ } catch (error) {
972
+ this.logger.error('Failed to set environment variables', error instanceof Error ? error : new Error(String(error)), { sessionId });
973
+ throw error;
974
+ }
975
+ },
976
+
977
+ // Code interpreter methods - delegate to sandbox's code interpreter
978
+ createCodeContext: (options) => this.codeInterpreter.createCodeContext(options),
979
+ runCode: async (code, options) => {
980
+ const execution = await this.codeInterpreter.runCode(code, options);
981
+ return execution.toJSON();
982
+ },
983
+ runCodeStream: (code, options) => this.codeInterpreter.runCodeStream(code, options),
984
+ listCodeContexts: () => this.codeInterpreter.listCodeContexts(),
985
+ deleteCodeContext: (contextId) => this.codeInterpreter.deleteCodeContext(contextId),
986
+ };
987
+ }
988
+
989
+ // ============================================================================
990
+ // Code interpreter methods - delegate to CodeInterpreter wrapper
991
+ // ============================================================================
992
+
993
+ async createCodeContext(options?: CreateContextOptions): Promise<CodeContext> {
994
+ return this.codeInterpreter.createCodeContext(options);
995
+ }
996
+
997
+ async runCode(code: string, options?: RunCodeOptions): Promise<ExecutionResult> {
998
+ const execution = await this.codeInterpreter.runCode(code, options);
999
+ return execution.toJSON();
1000
+ }
1001
+
1002
+ async runCodeStream(code: string, options?: RunCodeOptions): Promise<ReadableStream> {
1003
+ return this.codeInterpreter.runCodeStream(code, options);
1004
+ }
1005
+
1006
+ async listCodeContexts(): Promise<CodeContext[]> {
1007
+ return this.codeInterpreter.listCodeContexts();
1008
+ }
1009
+
1010
+ async deleteCodeContext(contextId: string): Promise<void> {
1011
+ return this.codeInterpreter.deleteCodeContext(contextId);
1012
+ }
645
1013
  }