@cloudflare/sandbox 0.0.0-cecde0a → 0.0.0-d4bb3b7

package/src/security.ts

@@ -10,7 +10,10 @@
  */
 
 export class SecurityError extends Error {
-  constructor(message: string, public readonly code?: string) {
+  constructor(
+    message: string,
+    public readonly code?: string
+  ) {
     super(message);
     this.name = 'SecurityError';
   }
@@ -34,7 +37,7 @@ export function validatePort(port: number): boolean {
   // Exclude ports reserved by our system
   const reservedPorts = [
     3000, // Control plane port
-    8787, // Common wrangler dev port
+    8787 // Common wrangler dev port
   ];
 
   if (reservedPorts.includes(port)) {
@@ -67,8 +70,13 @@ export function sanitizeSandboxId(id: string): string {
 
   // Prevent reserved names that cause technical conflicts
   const reservedNames = [
-    'www', 'api', 'admin', 'root', 'system',
-    'cloudflare', 'workers'
+    'www',
+    'api',
+    'admin',
+    'root',
+    'system',
+    'cloudflare',
+    'workers'
   ];
 
   const lowerCaseId = id.toLowerCase();
@@ -82,32 +90,30 @@ export function sanitizeSandboxId(id: string): string {
   return id;
 }
 
-
 /**
- * Logs security events for monitoring
+ * Validates language for code interpreter
+ * Only allows supported languages
  */
-export function logSecurityEvent(
-  event: string,
-  details: Record<string, any>,
-  severity: 'low' | 'medium' | 'high' | 'critical' = 'medium'
-): void {
-  const logEntry = {
-    timestamp: new Date().toISOString(),
-    event,
-    severity,
-    ...details
-  };
+export function validateLanguage(language: string | undefined): void {
+  if (!language) {
+    return; // undefined is valid, will default to python
+  }
+
+  const supportedLanguages = [
+    'python',
+    'python3',
+    'javascript',
+    'js',
+    'node',
+    'typescript',
+    'ts'
+  ];
+  const normalized = language.toLowerCase();
 
-  switch (severity) {
-    case 'critical':
-    case 'high':
-      console.error(`[SECURITY:${severity.toUpperCase()}] ${event}:`, JSON.stringify(logEntry));
-      break;
-    case 'medium':
-      console.warn(`[SECURITY:${severity.toUpperCase()}] ${event}:`, JSON.stringify(logEntry));
-      break;
-    case 'low':
-      console.info(`[SECURITY:${severity.toUpperCase()}] ${event}:`, JSON.stringify(logEntry));
-      break;
+  if (!supportedLanguages.includes(normalized)) {
+    throw new SecurityError(
+      `Unsupported language '${language}'. Supported languages: python, javascript, typescript`,
+      'INVALID_LANGUAGE'
+    );
   }
 }

package/src/sse-parser.ts

@@ -49,11 +49,8 @@ export async function* parseSSEStream<T>(
           try {
             const event = JSON.parse(data) as T;
             yield event;
-          } catch (error) {
-            // Log parsing errors but continue processing
-            console.error('Failed to parse SSE event:', data, error);
-            // Optionally yield an error event
-            // yield { type: 'error', data: `Parse error: ${error.message}` } as T;
+          } catch {
+            // Skip invalid JSON events and continue processing
           }
         }
         // Handle other SSE fields if needed (event:, id:, retry:)
@@ -68,8 +65,8 @@ export async function* parseSSEStream<T>(
         try {
           const event = JSON.parse(data) as T;
           yield event;
-        } catch (error) {
-          console.error('Failed to parse final SSE event:', data, error);
+        } catch {
+          // Skip invalid JSON in final event
         }
       }
     }
@@ -79,7 +76,6 @@ export async function* parseSSEStream<T>(
   }
 }
 
-
 /**
  * Helper to convert a Response with SSE stream directly to AsyncIterable
  * @param response - Response object with SSE stream
@@ -90,7 +86,9 @@ export async function* responseToAsyncIterable<T>(
   signal?: AbortSignal
 ): AsyncIterable<T> {
   if (!response.ok) {
-    throw new Error(`Response not ok: ${response.status} ${response.statusText}`);
+    throw new Error(
+      `Response not ok: ${response.status} ${response.statusText}`
+    );
   }
 
   if (!response.body) {
@@ -141,7 +139,6 @@ export function asyncIterableToSSEStream<T>(
 
     cancel() {
       // Handle stream cancellation
-      console.log('SSE stream cancelled');
     }
   });
-}
+}

package/src/version.ts

@@ -0,0 +1,6 @@
+/**
+ * SDK version - automatically synchronized with package.json by Changesets
+ * This file is auto-updated by .github/changeset-version.ts during releases
+ * DO NOT EDIT MANUALLY - Changes will be overwritten on the next version bump
+ */
+export const SDK_VERSION = '0.4.19';

package/startup.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec bun /container-server/dist/index.js

package/tests/base-client.test.ts

@@ -0,0 +1,364 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
+import type { BaseApiResponse, HttpClientOptions } from '../src/clients';
+import { BaseHttpClient } from '../src/clients/base-client';
+import type { ErrorResponse } from '../src/errors';
+import {
+  CommandError,
+  FileNotFoundError,
+  FileSystemError,
+  PermissionDeniedError,
+  SandboxError
+} from '../src/errors';
+
+interface TestDataResponse extends BaseApiResponse {
+  data: string;
+}
+
+interface TestResourceResponse extends BaseApiResponse {
+  id: string;
+}
+
+interface TestSourceResponse extends BaseApiResponse {
+  source: string;
+}
+
+interface TestStatusResponse extends BaseApiResponse {
+  status: string;
+}
+
+class TestHttpClient extends BaseHttpClient {
+  constructor(options: HttpClientOptions = {}) {
+    super({
+      baseUrl: 'http://test.com',
+      port: 3000,
+      ...options
+    });
+  }
+
+  public async testRequest<T = BaseApiResponse>(
+    endpoint: string,
+    data?: Record<string, unknown>
+  ): Promise<T> {
+    if (data) {
+      return this.post<T>(endpoint, data);
+    }
+    return this.get<T>(endpoint);
+  }
+
+  public async testStreamRequest(endpoint: string): Promise<ReadableStream> {
+    const response = await this.doFetch(endpoint);
+    return this.handleStreamResponse(response);
+  }
+
+  public async testErrorHandling(errorResponse: ErrorResponse) {
+    const response = new Response(JSON.stringify(errorResponse), {
+      status: errorResponse.httpStatus || 400
+    });
+    return this.handleErrorResponse(response);
+  }
+}
+
+describe('BaseHttpClient', () => {
+  let client: TestHttpClient;
+  let mockFetch: ReturnType<typeof vi.fn>;
+  let onError: ReturnType<typeof vi.fn>;
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+
+    mockFetch = vi.fn();
+    global.fetch = mockFetch as unknown as typeof fetch;
+    onError = vi.fn();
+
+    client = new TestHttpClient({
+      baseUrl: 'http://test.com',
+      port: 3000,
+      onError
+    });
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  describe('core request functionality', () => {
+    it('should handle successful API requests', async () => {
+      mockFetch.mockResolvedValue(
+        new Response(
+          JSON.stringify({ success: true, data: 'operation completed' }),
+          { status: 200 }
+        )
+      );
+
+      const result = await client.testRequest<TestDataResponse>('/api/test');
+
+      expect(result.success).toBe(true);
+      expect(result.data).toBe('operation completed');
+    });
+
+    it('should handle POST requests with data', async () => {
+      const requestData = { action: 'create', name: 'test-resource' };
+      mockFetch.mockResolvedValue(
+        new Response(JSON.stringify({ success: true, id: 'resource-123' }), {
+          status: 201
+        })
+      );
+
+      const result = await client.testRequest<TestResourceResponse>(
+        '/api/create',
+        requestData
+      );
+
+      expect(result.success).toBe(true);
+      expect(result.id).toBe('resource-123');
+
+      const [url, options] = mockFetch.mock.calls[0];
+      expect(url).toBe('http://test.com/api/create');
+      expect(options.method).toBe('POST');
+      expect(options.headers['Content-Type']).toBe('application/json');
+      expect(JSON.parse(options.body)).toEqual(requestData);
+    });
+  });
+
+  describe('error handling and mapping', () => {
+    it('should map container errors to client errors', async () => {
+      const errorMappingTests = [
+        {
+          containerError: {
+            code: 'FILE_NOT_FOUND',
+            message: 'File not found: /test.txt',
+            context: { path: '/test.txt' },
+            httpStatus: 404,
+            timestamp: new Date().toISOString()
+          },
+          expectedError: FileNotFoundError
+        },
+        {
+          containerError: {
+            code: 'PERMISSION_DENIED',
+            message: 'Permission denied',
+            context: { path: '/secure.txt' },
+            httpStatus: 403,
+            timestamp: new Date().toISOString()
+          },
+          expectedError: PermissionDeniedError
+        },
+        {
+          containerError: {
+            code: 'COMMAND_EXECUTION_ERROR',
+            message: 'Command failed: badcmd',
+            context: { command: 'badcmd' },
+            httpStatus: 400,
+            timestamp: new Date().toISOString()
+          },
+          expectedError: CommandError
+        },
+        {
+          containerError: {
+            code: 'FILESYSTEM_ERROR',
+            message: 'Filesystem error',
+            context: { path: '/test' },
+            httpStatus: 500,
+            timestamp: new Date().toISOString()
+          },
+          expectedError: FileSystemError
+        },
+        {
+          containerError: {
+            code: 'UNKNOWN_ERROR',
+            message: 'Unknown error',
+            context: {},
+            httpStatus: 500,
+            timestamp: new Date().toISOString()
+          },
+          expectedError: SandboxError
+        }
+      ];
+
+      for (const test of errorMappingTests) {
+        await expect(
+          client.testErrorHandling(test.containerError as ErrorResponse)
+        ).rejects.toThrow(test.expectedError);
+
+        expect(onError).toHaveBeenCalledWith(
+          test.containerError.message,
+          undefined
+        );
+      }
+    });
+
+    it('should handle malformed error responses', async () => {
+      mockFetch.mockResolvedValue(
+        new Response('invalid json {', { status: 500 })
+      );
+
+      await expect(client.testRequest('/api/test')).rejects.toThrow(
+        SandboxError
+      );
+    });
+
+    it('should handle network failures', async () => {
+      mockFetch.mockRejectedValue(new Error('Network connection timeout'));
+
+      await expect(client.testRequest('/api/test')).rejects.toThrow(
+        'Network connection timeout'
+      );
+    });
+
+    it('should handle server unavailable scenarios', async () => {
+      mockFetch.mockResolvedValue(
+        new Response('Service Unavailable', { status: 503 })
+      );
+
+      await expect(client.testRequest('/api/test')).rejects.toThrow(
+        SandboxError
+      );
+
+      expect(onError).toHaveBeenCalledWith(
+        'HTTP error! status: 503',
+        undefined
+      );
+    });
+  });
+
+  describe('streaming functionality', () => {
+    it('should handle streaming responses', async () => {
+      const streamData = 'data: {"type":"output","content":"stream data"}\n\n';
+      const mockStream = new ReadableStream({
+        start(controller) {
+          controller.enqueue(new TextEncoder().encode(streamData));
+          controller.close();
+        }
+      });
+
+      mockFetch.mockResolvedValue(
+        new Response(mockStream, {
+          status: 200,
+          headers: { 'Content-Type': 'text/event-stream' }
+        })
+      );
+
+      const stream = await client.testStreamRequest('/api/stream');
+
+      expect(stream).toBeInstanceOf(ReadableStream);
+
+      const reader = stream.getReader();
+      const { done, value } = await reader.read();
+      const content = new TextDecoder().decode(value);
+
+      expect(done).toBe(false);
+      expect(content).toContain('stream data');
+
+      reader.releaseLock();
+    });
+
+    it('should handle streaming errors', async () => {
+      mockFetch.mockResolvedValue(
+        new Response(
+          JSON.stringify({
+            error: 'Stream initialization failed',
+            code: 'STREAM_ERROR'
+          }),
+          { status: 400 }
+        )
+      );
+
+      await expect(client.testStreamRequest('/api/bad-stream')).rejects.toThrow(
+        SandboxError
+      );
+    });
+
+    it('should handle missing stream body', async () => {
+      mockFetch.mockResolvedValue(
+        new Response(null, {
+          status: 200,
+          headers: { 'Content-Type': 'text/event-stream' }
+        })
+      );
+
+      await expect(
+        client.testStreamRequest('/api/empty-stream')
+      ).rejects.toThrow('No response body for streaming');
+    });
+  });
+
+  describe('stub integration', () => {
+    it('should use stub when provided instead of fetch', async () => {
+      const stubFetch = vi.fn().mockResolvedValue(
+        new Response(JSON.stringify({ success: true, source: 'stub' }), {
+          status: 200
+        })
+      );
+
+      const stub = { containerFetch: stubFetch };
+      const stubClient = new TestHttpClient({
+        baseUrl: 'http://test.com',
+        port: 3000,
+        stub
+      });
+
+      const result =
+        await stubClient.testRequest<TestSourceResponse>('/api/stub-test');
+
+      expect(result.success).toBe(true);
+      expect(result.source).toBe('stub');
+      expect(stubFetch).toHaveBeenCalledWith(
+        'http://localhost:3000/api/stub-test',
+        { method: 'GET' },
+        3000
+      );
+      expect(mockFetch).not.toHaveBeenCalled();
+    });
+
+    it('should handle stub errors', async () => {
+      const stubFetch = vi
+        .fn()
+        .mockRejectedValue(new Error('Stub connection failed'));
+      const stub = { containerFetch: stubFetch };
+      const stubClient = new TestHttpClient({
+        baseUrl: 'http://test.com',
+        port: 3000,
+        stub
+      });
+
+      await expect(stubClient.testRequest('/api/stub-error')).rejects.toThrow(
+        'Stub connection failed'
+      );
+    });
+  });
+
+  describe('edge cases and resilience', () => {
+    it('should handle responses with unusual status codes', async () => {
+      const unusualStatusTests = [
+        { status: 201, shouldSucceed: true },
+        { status: 202, shouldSucceed: true },
+        { status: 409, shouldSucceed: false },
+        { status: 422, shouldSucceed: false },
+        { status: 429, shouldSucceed: false }
+      ];
+
+      for (const test of unusualStatusTests) {
+        mockFetch.mockResolvedValueOnce(
+          new Response(
+            test.shouldSucceed
+              ? JSON.stringify({ success: true, status: test.status })
+              : JSON.stringify({ error: `Status ${test.status}` }),
+            { status: test.status }
+          )
+        );
+
+        if (test.shouldSucceed) {
+          const result = await client.testRequest<TestStatusResponse>(
+            '/api/unusual-status'
+          );
+          expect(result.success).toBe(true);
+          expect(result.status).toBe(test.status);
+        } else {
+          await expect(
+            client.testRequest('/api/unusual-status')
+          ).rejects.toThrow();
+        }
+      }
+    });
+  });
+});