@cloudflare/sandbox 0.0.0-e1fa354 → 0.0.0-e489cbb

package/dist/chunk-Z532A7QC.js

@@ -0,0 +1,78 @@
+// src/security.ts
+var SecurityError = class extends Error {
+  constructor(message, code) {
+    super(message);
+    this.code = code;
+    this.name = "SecurityError";
+  }
+};
+function validatePort(port) {
+  if (!Number.isInteger(port)) {
+    return false;
+  }
+  if (port < 1024 || port > 65535) {
+    return false;
+  }
+  const reservedPorts = [
+    3e3,
+    // Control plane port
+    8787
+    // Common wrangler dev port
+  ];
+  if (reservedPorts.includes(port)) {
+    return false;
+  }
+  return true;
+}
+function sanitizeSandboxId(id) {
+  if (!id || id.length > 63) {
+    throw new SecurityError(
+      "Sandbox ID must be 1-63 characters long.",
+      "INVALID_SANDBOX_ID_LENGTH"
+    );
+  }
+  if (id.startsWith("-") || id.endsWith("-")) {
+    throw new SecurityError(
+      "Sandbox ID cannot start or end with hyphens (DNS requirement).",
+      "INVALID_SANDBOX_ID_HYPHENS"
+    );
+  }
+  const reservedNames = [
+    "www",
+    "api",
+    "admin",
+    "root",
+    "system",
+    "cloudflare",
+    "workers"
+  ];
+  const lowerCaseId = id.toLowerCase();
+  if (reservedNames.includes(lowerCaseId)) {
+    throw new SecurityError(
+      `Reserved sandbox ID '${id}' is not allowed.`,
+      "RESERVED_SANDBOX_ID"
+    );
+  }
+  return id;
+}
+function validateLanguage(language) {
+  if (!language) {
+    return;
+  }
+  const supportedLanguages = ["python", "python3", "javascript", "js", "node", "typescript", "ts"];
+  const normalized = language.toLowerCase();
+  if (!supportedLanguages.includes(normalized)) {
+    throw new SecurityError(
+      `Unsupported language '${language}'. Supported languages: python, javascript, typescript`,
+      "INVALID_LANGUAGE"
+    );
+  }
+}
+
+export {
+  SecurityError,
+  validatePort,
+  sanitizeSandboxId,
+  validateLanguage
+};
+//# sourceMappingURL=chunk-Z532A7QC.js.map

package/dist/chunk-Z532A7QC.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/security.ts"],"sourcesContent":["/**\n * Security utilities for URL construction and input validation\n *\n * This module contains critical security functions to prevent:\n * - URL injection attacks\n * - SSRF (Server-Side Request Forgery) attacks\n * - DNS rebinding attacks\n * - Host header injection\n * - Open redirect vulnerabilities\n */\n\nexport class SecurityError extends Error {\n  constructor(message: string, public readonly code?: string) {\n    super(message);\n    this.name = 'SecurityError';\n  }\n}\n\n/**\n * Validates port numbers for sandbox services\n * Only allows non-system ports to prevent conflicts and security issues\n */\nexport function validatePort(port: number): boolean {\n  // Must be a valid integer\n  if (!Number.isInteger(port)) {\n    return false;\n  }\n\n  // Only allow non-system ports (1024-65535)\n  if (port < 1024 || port > 65535) {\n    return false;\n  }\n\n  // Exclude ports reserved by our system\n  const reservedPorts = [\n    3000, // Control plane port\n    8787, // Common wrangler dev port\n  ];\n\n  if (reservedPorts.includes(port)) {\n    return false;\n  }\n\n  return true;\n}\n\n/**\n * Sanitizes and validates sandbox IDs for DNS compliance and security\n * Only enforces critical requirements - allows maximum developer flexibility\n */\nexport function sanitizeSandboxId(id: string): string {\n  // Basic validation: not empty, reasonable length limit (DNS subdomain limit is 63 chars)\n  if (!id || id.length > 63) {\n    throw new SecurityError(\n      'Sandbox ID must be 1-63 characters long.',\n      'INVALID_SANDBOX_ID_LENGTH'\n    );\n  }\n\n  // DNS compliance: cannot start or end with hyphens (RFC requirement)\n  if (id.startsWith('-') || id.endsWith('-')) {\n    throw new SecurityError(\n      'Sandbox ID cannot start or end with hyphens (DNS requirement).',\n      'INVALID_SANDBOX_ID_HYPHENS'\n    );\n  }\n\n  // Prevent reserved names that cause technical conflicts\n  const reservedNames = [\n    'www', 'api', 'admin', 'root', 'system',\n    'cloudflare', 'workers'\n  ];\n\n  const lowerCaseId = id.toLowerCase();\n  if (reservedNames.includes(lowerCaseId)) {\n    throw new SecurityError(\n      `Reserved sandbox ID '${id}' is not allowed.`,\n      'RESERVED_SANDBOX_ID'\n    );\n  }\n\n  return id;\n}\n\n\n/**\n * Validates language for code interpreter\n * Only allows supported languages\n */\nexport function validateLanguage(language: string | undefined): void {\n  if (!language) {\n    return; // undefined is valid, will default to python\n  }\n\n  const supportedLanguages = ['python', 'python3', 'javascript', 'js', 'node', 'typescript', 'ts'];\n  const normalized = language.toLowerCase();\n\n  if (!supportedLanguages.includes(normalized)) {\n    throw new SecurityError(\n      `Unsupported language '${language}'. Supported languages: python, javascript, typescript`,\n      'INVALID_LANGUAGE'\n    );\n  }\n}\n"],"mappings":";AAWO,IAAM,gBAAN,cAA4B,MAAM;AAAA,EACvC,YAAY,SAAiC,MAAe;AAC1D,UAAM,OAAO;AAD8B;AAE3C,SAAK,OAAO;AAAA,EACd;AACF;AAMO,SAAS,aAAa,MAAuB;AAElD,MAAI,CAAC,OAAO,UAAU,IAAI,GAAG;AAC3B,WAAO;AAAA,EACT;AAGA,MAAI,OAAO,QAAQ,OAAO,OAAO;AAC/B,WAAO;AAAA,EACT;AAGA,QAAM,gBAAgB;AAAA,IACpB;AAAA;AAAA,IACA;AAAA;AAAA,EACF;AAEA,MAAI,cAAc,SAAS,IAAI,GAAG;AAChC,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAMO,SAAS,kBAAkB,IAAoB;AAEpD,MAAI,CAAC,MAAM,GAAG,SAAS,IAAI;AACzB,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAGA,MAAI,GAAG,WAAW,GAAG,KAAK,GAAG,SAAS,GAAG,GAAG;AAC1C,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAGA,QAAM,gBAAgB;AAAA,IACpB;AAAA,IAAO;AAAA,IAAO;AAAA,IAAS;AAAA,IAAQ;AAAA,IAC/B;AAAA,IAAc;AAAA,EAChB;AAEA,QAAM,cAAc,GAAG,YAAY;AACnC,MAAI,cAAc,SAAS,WAAW,GAAG;AACvC,UAAM,IAAI;AAAA,MACR,wBAAwB,EAAE;AAAA,MAC1B;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAOO,SAAS,iBAAiB,UAAoC;AACnE,MAAI,CAAC,UAAU;AACb;AAAA,EACF;AAEA,QAAM,qBAAqB,CAAC,UAAU,WAAW,cAAc,MAAM,QAAQ,cAAc,IAAI;AAC/F,QAAM,aAAa,SAAS,YAAY;AAExC,MAAI,CAAC,mBAAmB,SAAS,UAAU,GAAG;AAC5C,UAAM,IAAI;AAAA,MACR,yBAAyB,QAAQ;AAAA,MACjC;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/dist/file-stream.d.ts

@@ -0,0 +1,43 @@
+import { FileChunk, FileMetadata } from '@repo/shared';
+
+/**
+ * Stream a file from the sandbox with automatic base64 decoding for binary files
+ *
+ * @param stream - The ReadableStream from readFileStream()
+ * @returns AsyncGenerator that yields FileChunk (string for text, Uint8Array for binary)
+ *
+ * @example
+ * ```ts
+ * const stream = await sandbox.readFileStream('/path/to/file.png');
+ * for await (const chunk of streamFile(stream)) {
+ *   if (chunk instanceof Uint8Array) {
+ *     // Binary chunk
+ *     console.log('Binary chunk:', chunk.length, 'bytes');
+ *   } else {
+ *     // Text chunk
+ *     console.log('Text chunk:', chunk);
+ *   }
+ * }
+ * ```
+ */
+declare function streamFile(stream: ReadableStream<Uint8Array>): AsyncGenerator<FileChunk, FileMetadata>;
+/**
+ * Collect an entire file into memory from a stream
+ *
+ * @param stream - The ReadableStream from readFileStream()
+ * @returns Object containing the file content and metadata
+ *
+ * @example
+ * ```ts
+ * const stream = await sandbox.readFileStream('/path/to/file.txt');
+ * const { content, metadata } = await collectFile(stream);
+ * console.log('Content:', content);
+ * console.log('MIME type:', metadata.mimeType);
+ * ```
+ */
+declare function collectFile(stream: ReadableStream<Uint8Array>): Promise<{
+    content: string | Uint8Array;
+    metadata: FileMetadata;
+}>;
+
+export { collectFile, streamFile };

package/dist/file-stream.js

@@ -0,0 +1,9 @@
+import {
+  collectFile,
+  streamFile
+} from "./chunk-BFVUNTP4.js";
+export {
+  collectFile,
+  streamFile
+};
+//# sourceMappingURL=file-stream.js.map

package/dist/file-stream.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+export { B as BaseApiResponse, C as CommandClient, f as CommandExecuteResponse, c as CommandsResponse, d as ContainerStub, E as ErrorResponse, e as ExecuteRequest, p as ExecutionCallbacks, h as ExposePortRequest, F as FileClient, i as FileOperationRequest, j as GitCheckoutRequest, G as GitClient, I as InterpreterClient, M as MkdirRequest, k as PingResponse, P as PortClient, a as ProcessClient, R as ReadFileRequest, l as RequestConfig, m as ResponseHandler, b as Sandbox, S as SandboxClient, H as SandboxClientOptions, n as SessionRequest, o as UnexposePortRequest, U as UtilityClient, W as WriteFileRequest, g as getSandbox } from './sandbox-D9K2ypln.js';
+export * from '@repo/shared';
+export { BaseExecOptions, ExecEvent, ExecOptions, ExecResult, FileChunk, FileMetadata, FileStreamEvent, GitCheckoutResult, ISandbox, LogEvent, PortCloseResult, PortExposeResult, PortListResult, Process, ProcessCleanupResult, ProcessInfoResult, ProcessKillResult, ProcessListResult, ProcessLogsResult, ProcessOptions, ProcessStartResult, ProcessStatus, StartProcessRequest, StreamOptions, isExecResult, isProcess, isProcessStatus } from '@repo/shared';
+export { collectFile, streamFile } from './file-stream.js';
+export { CodeInterpreter } from './interpreter.js';
+export { RouteInfo, SandboxEnv, proxyToSandbox } from './request-handler.js';
+export { asyncIterableToSSEStream, parseSSEStream, responseToAsyncIterable } from './sse-parser.js';
+import 'cloudflare:workers';
+import '@cloudflare/containers';

package/dist/index.js

@@ -0,0 +1,66 @@
+import {
+  collectFile,
+  streamFile
+} from "./chunk-BFVUNTP4.js";
+import {
+  CommandClient,
+  FileClient,
+  GitClient,
+  PortClient,
+  ProcessClient,
+  Sandbox,
+  SandboxClient,
+  UtilityClient,
+  getSandbox,
+  proxyToSandbox
+} from "./chunk-53JFOF7F.js";
+import {
+  CodeInterpreter,
+  Execution,
+  LogLevel,
+  ResultImpl,
+  TraceContext,
+  createLogger,
+  createNoOpLogger,
+  getLogger,
+  isExecResult,
+  isProcess,
+  isProcessStatus,
+  runWithLogger
+} from "./chunk-JXZMAU2C.js";
+import "./chunk-Z532A7QC.js";
+import {
+  asyncIterableToSSEStream,
+  parseSSEStream,
+  responseToAsyncIterable
+} from "./chunk-EKSWCBCA.js";
+export {
+  CodeInterpreter,
+  CommandClient,
+  Execution,
+  FileClient,
+  GitClient,
+  LogLevel as LogLevelEnum,
+  PortClient,
+  ProcessClient,
+  ResultImpl,
+  Sandbox,
+  SandboxClient,
+  TraceContext,
+  UtilityClient,
+  asyncIterableToSSEStream,
+  collectFile,
+  createLogger,
+  createNoOpLogger,
+  getLogger,
+  getSandbox,
+  isExecResult,
+  isProcess,
+  isProcessStatus,
+  parseSSEStream,
+  proxyToSandbox,
+  responseToAsyncIterable,
+  runWithLogger,
+  streamFile
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/interpreter.d.ts

@@ -0,0 +1,33 @@
+import { CreateContextOptions, CodeContext, RunCodeOptions, Execution } from '@repo/shared';
+import { b as Sandbox } from './sandbox-D9K2ypln.js';
+import 'cloudflare:workers';
+import '@cloudflare/containers';
+
+declare class CodeInterpreter {
+    private interpreterClient;
+    private contexts;
+    constructor(sandbox: Sandbox);
+    /**
+     * Create a new code execution context
+     */
+    createCodeContext(options?: CreateContextOptions): Promise<CodeContext>;
+    /**
+     * Run code with optional context
+     */
+    runCode(code: string, options?: RunCodeOptions): Promise<Execution>;
+    /**
+     * Run code and return a streaming response
+     */
+    runCodeStream(code: string, options?: RunCodeOptions): Promise<ReadableStream>;
+    /**
+     * List all code contexts
+     */
+    listCodeContexts(): Promise<CodeContext[]>;
+    /**
+     * Delete a code context
+     */
+    deleteCodeContext(contextId: string): Promise<void>;
+    private getOrCreateDefaultContext;
+}
+
+export { CodeInterpreter };

package/dist/interpreter.js

@@ -0,0 +1,8 @@
+import {
+  CodeInterpreter
+} from "./chunk-JXZMAU2C.js";
+import "./chunk-Z532A7QC.js";
+export {
+  CodeInterpreter
+};
+//# sourceMappingURL=interpreter.js.map

package/dist/interpreter.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/request-handler.d.ts

@@ -0,0 +1,18 @@
+import { b as Sandbox } from './sandbox-D9K2ypln.js';
+import '@repo/shared';
+import 'cloudflare:workers';
+import '@cloudflare/containers';
+
+interface SandboxEnv {
+    Sandbox: DurableObjectNamespace<Sandbox>;
+}
+interface RouteInfo {
+    port: number;
+    sandboxId: string;
+    path: string;
+    token: string;
+}
+declare function proxyToSandbox<E extends SandboxEnv>(request: Request, env: E): Promise<Response | null>;
+declare function isLocalhostPattern(hostname: string): boolean;
+
+export { type RouteInfo, type SandboxEnv, isLocalhostPattern, proxyToSandbox };

package/dist/request-handler.js

@@ -0,0 +1,12 @@
+import {
+  isLocalhostPattern,
+  proxyToSandbox
+} from "./chunk-53JFOF7F.js";
+import "./chunk-JXZMAU2C.js";
+import "./chunk-Z532A7QC.js";
+import "./chunk-EKSWCBCA.js";
+export {
+  isLocalhostPattern,
+  proxyToSandbox
+};
+//# sourceMappingURL=request-handler.js.map

package/dist/request-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}