@cloudflare/sandbox 0.10.3 → 0.12.0

package/dist/{sandbox-CwcSm_60.d.ts → sandbox-D3N9M5EI.d.ts}

@@ -1,81 +1,8 @@
-import { Container } from "@cloudflare/containers";
+import { Container, ContainerProxy } from "@cloudflare/containers";
 import "capnweb";
 
-//#region ../shared/dist/desktop-types.d.ts
-
-interface DesktopStartResult {
-  success: boolean;
-  resolution: [number, number];
-  dpi: number;
-}
-interface DesktopStopResult {
-  success: boolean;
-}
-interface DesktopStatusResult {
-  success: boolean;
-  status: 'active' | 'partial' | 'inactive';
-  processes: Record<string, DesktopProcessHealth>;
-  resolution: [number, number] | null;
-  dpi: number | null;
-}
-interface DesktopProcessHealth {
-  running: boolean;
-  pid?: number;
-  uptime?: number;
-}
-type DesktopImageFormat = 'png' | 'jpeg' | 'webp';
-interface DesktopScreenshotOptions {
-  /**
-   * How the SDK returns the screenshot payload to the caller.
-   * - `'base64'` (default): `data` is a base64-encoded string (also the wire format).
-   * - `'bytes'`: client-side convenience that base64-decodes the wire payload
-   *   into a `Uint8Array` before returning. The wire/server contract is
-   *   always base64.
-   */
-  format?: 'base64' | 'bytes';
-  imageFormat?: DesktopImageFormat;
-  quality?: number;
-  showCursor?: boolean;
-}
-interface DesktopScreenshotRegion {
-  x: number;
-  y: number;
-  width: number;
-  height: number;
-}
-/**
- * Screenshot payload returned to the SDK caller when `format` is `'base64'`
- * (the default). Matches the wire shape sent by the container.
- */
-interface DesktopScreenshotResult {
-  success: boolean;
-  data: string;
-  imageFormat: DesktopImageFormat;
-  width: number;
-  height: number;
-}
-/**
- * Screenshot payload returned to the SDK caller when `format: 'bytes'` is
- * requested. The SDK client decodes the base64 wire payload into a
- * `Uint8Array`; the server/wire contract is unchanged.
- */
-interface DesktopScreenshotBytesResult extends Omit<DesktopScreenshotResult, 'data'> {
-  data: Uint8Array;
-}
-type DesktopMouseButton = 'left' | 'right' | 'middle';
-type DesktopScrollDirection = 'up' | 'down' | 'left' | 'right';
-interface DesktopCursorPosition {
-  success: boolean;
-  x: number;
-  y: number;
-}
-interface DesktopScreenSize {
-  success: boolean;
-  width: number;
-  height: number;
-}
-//#endregion
 //#region ../shared/dist/logger/types.d.ts
+
 type LogComponent = 'container' | 'sandbox-do' | 'executor';
 /**
  * Context metadata included in every log entry
@@ -1200,26 +1127,6 @@ interface SessionDeleteResult {
   sessionId: string;
   timestamp: string;
 }
-interface PortExposeResult {
-  success: boolean;
-  port: number;
-  url: string;
-  timestamp: string;
-}
-interface PortListResult {
-  success: boolean;
-  ports: Array<{
-    port: number;
-    url: string;
-    status: 'active' | 'inactive';
-  }>;
-  timestamp: string;
-}
-interface PortCloseResult {
-  success: boolean;
-  port: number;
-  timestamp: string;
-}
 interface ExecutionSession {
   /** Unique session identifier */
   readonly id: string;
@@ -1411,6 +1318,15 @@ interface RemoteMountBucketOptions {
    * Must start with '/' (e.g., '/workspaces/project123' or '/data/uploads/')
    */
   prefix?: string;
+  /**
+   * Keep real credentials in the Durable Object; write dummy credentials into
+   * the container-side s3fs password file. Outbound s3fs requests are
+   * intercepted by the DO, signed with real credentials, and forwarded to the
+   * configured endpoint.
+   *
+   * Default: false (real credentials are written into the container)
+   */
+  credentialProxy?: boolean;
 }
 /**
  * Options for mounting a local R2 binding via bidirectional sync (local dev)
@@ -1571,13 +1487,6 @@ interface StartProcessRequest {
   autoCleanup?: boolean;
   origin?: 'user' | 'internal';
 }
-/**
- * Request to expose a port
- */
-interface ExposePortRequest {
-  port: number;
-  name?: string;
-}
 /**
  * Request to create a backup archive from a directory.
  * The container creates a squashfs archive at archivePath.
@@ -1715,9 +1624,6 @@ interface SandboxProcessesAPI {
   streamProcessLogs(id: string): Promise<ReadableStream<Uint8Array>>;
 }
 interface SandboxPortsAPI {
-  exposePort(port: number, sessionId: string, name?: string): Promise<PortExposeResult>;
-  getExposedPorts(sessionId: string): Promise<PortListResult>;
-  unexposePort(port: number, sessionId: string): Promise<PortCloseResult>;
   watchPort(request: PortWatchRequest): Promise<ReadableStream<Uint8Array>>;
 }
 interface SandboxGitAPI {
@@ -1782,81 +1688,66 @@ interface SandboxBackupAPI {
     sessionId?: string;
   }): Promise<UploadPartsResponse>;
 }
-interface SandboxDesktopAPI {
-  start(options?: {
-    resolution?: [number, number];
-    dpi?: number;
-  }): Promise<DesktopStartResult>;
-  stop(): Promise<DesktopStopResult>;
-  status(): Promise<DesktopStatusResult>;
-  screenshot(options?: DesktopScreenshotOptions & {
-    format?: 'base64';
-  }): Promise<DesktopScreenshotResult>;
-  screenshot(options: DesktopScreenshotOptions & {
-    format: 'bytes';
-  }): Promise<DesktopScreenshotBytesResult>;
-  screenshot(options?: DesktopScreenshotOptions): Promise<DesktopScreenshotResult | DesktopScreenshotBytesResult>;
-  screenshotRegion(region: DesktopScreenshotRegion, options?: DesktopScreenshotOptions & {
-    format?: 'base64';
-  }): Promise<DesktopScreenshotResult>;
-  screenshotRegion(region: DesktopScreenshotRegion, options: DesktopScreenshotOptions & {
-    format: 'bytes';
-  }): Promise<DesktopScreenshotBytesResult>;
-  screenshotRegion(region: DesktopScreenshotRegion, options?: DesktopScreenshotOptions): Promise<DesktopScreenshotResult | DesktopScreenshotBytesResult>;
-  click(x: number, y: number, options?: {
-    button?: DesktopMouseButton;
-    clickCount?: number;
-  }): Promise<void>;
-  doubleClick(x: number, y: number): Promise<void>;
-  tripleClick(x: number, y: number): Promise<void>;
-  rightClick(x: number, y: number): Promise<void>;
-  middleClick(x: number, y: number): Promise<void>;
-  mouseDown(x?: number, y?: number, options?: {
-    button?: DesktopMouseButton;
-  }): Promise<void>;
-  mouseUp(x?: number, y?: number, options?: {
-    button?: DesktopMouseButton;
-  }): Promise<void>;
-  moveMouse(x: number, y: number): Promise<void>;
-  drag(startX: number, startY: number, endX: number, endY: number, options?: {
-    button?: DesktopMouseButton;
-  }): Promise<void>;
-  scroll(x: number, y: number, direction: DesktopScrollDirection, amount?: number): Promise<void>;
-  getCursorPosition(): Promise<DesktopCursorPosition>;
-  type(text: string, options?: {
-    delayMs?: number;
-  }): Promise<void>;
-  press(key: string): Promise<void>;
-  keyDown(key: string): Promise<void>;
-  keyUp(key: string): Promise<void>;
-  getScreenSize(): Promise<DesktopScreenSize>;
-  getProcessStatus(name: string): Promise<DesktopProcessHealth>;
-}
 interface SandboxWatchAPI {
   watch(request: WatchRequest): Promise<ReadableStream<Uint8Array>>;
   checkChanges(request: CheckChangesRequest): Promise<CheckChangesResult>;
 }
 /**
- * Public-facing tunnel record.
- *
- * Today only quick tunnels (`*.trycloudflare.com`) are supported. Future
- * PRs will add named tunnels, which will carry a `name: string` field;
- * `TunnelInfo` will then become a discriminated union keyed on the
- * presence of `name`. The quick variant declares `name?: never` so the
- * narrowing works without a breaking change here.
+ * Public-facing tunnel record. Discriminated on the presence of `name`:
+ * quick tunnels (`*.trycloudflare.com`) omit it, named tunnels carry the
+ * label that was passed to `get(port, { name })`.
  */
-interface TunnelInfo {
+type TunnelInfo = QuickTunnelInfo | NamedTunnelInfo;
+interface QuickTunnelInfo {
   id: string;
   port: number;
+  /** `https://<random>.trycloudflare.com`. */
   url: string;
+  /** Hostname portion of `url`. */
   hostname: string;
   createdAt: string;
-  /** Reserved for the named-tunnel variant in a future PR. */
+  /** Absent on quick tunnels; narrows the union. */
   name?: never;
 }
+interface NamedTunnelInfo {
+  /** Cloudflare tunnel UUID (8-4-4-4-12). */
+  id: string;
+  port: number;
+  /** `https://<hostname>`. */
+  url: string;
+  /** Full hostname bound to the tunnel (without scheme). */
+  hostname: string;
+  createdAt: string;
+  /** Label originally passed via `TunnelOptions.name`. */
+  name: string;
+}
+/**
+ * Options accepted by `sandbox.tunnels.get(port, options)`. Omitting
+ * `name` (or omitting the options object) selects the zero-config quick
+ * tunnel; setting `name` selects the named-tunnel flow.
+ */
+interface TunnelOptions {
+  /**
+   * Single DNS label under the configured zone. The full hostname is
+   * `<name>.<zone-name>`. See `validateTunnelName` for the format rules.
+   */
+  name?: string;
+}
 interface SandboxTunnelsAPI {
   /** Spawn `cloudflared tunnel --url`. No credentials required. */
   runQuickTunnel(id: string, port: number): Promise<TunnelInfo>;
+  /**
+   * Spawn `cloudflared tunnel run --token <token> --url http://localhost:<port>`.
+   *
+   * The SDK is the source of truth for the hostname this tunnel binds to;
+   * the container only sees the opaque token and the local port. The
+   * returned `TunnelInfo` carries empty `url`/`hostname` fields — the SDK
+   * enriches them with the values from the Cloudflare API before handing
+   * the record to user code.
+   *
+   * The token must never be logged, persisted, or echoed back to callers.
+   */
+  runNamedTunnel(id: string, token: string, port: number): Promise<TunnelInfo>;
   /** Stop the cloudflared process for the given tunnel id. */
   destroyTunnel(id: string): Promise<{
     success: true;
@@ -2135,217 +2026,6 @@ declare class CommandClient extends BaseHttpClient implements SandboxCommandsAPI
   }): Promise<ReadableStream<Uint8Array>>;
 }
 //#endregion
-//#region src/clients/desktop-client.d.ts
-interface DesktopStartOptions {
-  resolution?: [number, number];
-  dpi?: number;
-}
-interface ScreenshotOptions {
-  format?: 'base64' | 'bytes';
-  imageFormat?: 'png' | 'jpeg' | 'webp';
-  quality?: number;
-  showCursor?: boolean;
-}
-interface ScreenshotRegion {
-  x: number;
-  y: number;
-  width: number;
-  height: number;
-}
-interface ClickOptions {
-  button?: 'left' | 'right' | 'middle';
-}
-type ScrollDirection = 'up' | 'down' | 'left' | 'right';
-type KeyInput = string;
-interface TypeOptions {
-  delayMs?: number;
-}
-interface DesktopStartResponse extends BaseApiResponse {
-  resolution: [number, number];
-  dpi: number;
-}
-interface DesktopStopResponse extends BaseApiResponse {}
-interface DesktopStatusResponse extends BaseApiResponse {
-  status: 'active' | 'partial' | 'inactive';
-  processes: Record<string, {
-    running: boolean;
-    pid?: number;
-    uptime?: number;
-  }>;
-  resolution: [number, number] | null;
-  dpi: number | null;
-}
-interface ScreenshotResponse extends BaseApiResponse {
-  data: string;
-  imageFormat: 'png' | 'jpeg' | 'webp';
-  width: number;
-  height: number;
-}
-interface ScreenshotBytesResponse extends BaseApiResponse {
-  data: Uint8Array;
-  imageFormat: 'png' | 'jpeg' | 'webp';
-  width: number;
-  height: number;
-}
-interface CursorPositionResponse extends BaseApiResponse {
-  x: number;
-  y: number;
-}
-interface ScreenSizeResponse extends BaseApiResponse {
-  width: number;
-  height: number;
-}
-/**
- * Public interface for desktop operations.
- * Returned by `sandbox.desktop` via an RpcTarget wrapper so that pipelined
- * method calls work across the Durable Object RPC boundary.
- */
-interface Desktop {
-  start(options?: DesktopStartOptions): Promise<DesktopStartResponse>;
-  stop(): Promise<DesktopStopResponse>;
-  status(): Promise<DesktopStatusResponse>;
-  screenshot(options?: ScreenshotOptions & {
-    format?: 'base64';
-  }): Promise<ScreenshotResponse>;
-  screenshot(options: ScreenshotOptions & {
-    format: 'bytes';
-  }): Promise<ScreenshotBytesResponse>;
-  screenshot(options?: ScreenshotOptions): Promise<ScreenshotResponse | ScreenshotBytesResponse>;
-  screenshotRegion(region: ScreenshotRegion, options?: ScreenshotOptions & {
-    format?: 'base64';
-  }): Promise<ScreenshotResponse>;
-  screenshotRegion(region: ScreenshotRegion, options: ScreenshotOptions & {
-    format: 'bytes';
-  }): Promise<ScreenshotBytesResponse>;
-  screenshotRegion(region: ScreenshotRegion, options?: ScreenshotOptions): Promise<ScreenshotResponse | ScreenshotBytesResponse>;
-  click(x: number, y: number, options?: ClickOptions): Promise<void>;
-  doubleClick(x: number, y: number, options?: ClickOptions): Promise<void>;
-  tripleClick(x: number, y: number, options?: ClickOptions): Promise<void>;
-  rightClick(x: number, y: number): Promise<void>;
-  middleClick(x: number, y: number): Promise<void>;
-  mouseDown(x?: number, y?: number, options?: ClickOptions): Promise<void>;
-  mouseUp(x?: number, y?: number, options?: ClickOptions): Promise<void>;
-  moveMouse(x: number, y: number): Promise<void>;
-  drag(startX: number, startY: number, endX: number, endY: number, options?: ClickOptions): Promise<void>;
-  scroll(x: number, y: number, direction: ScrollDirection, amount?: number): Promise<void>;
-  getCursorPosition(): Promise<CursorPositionResponse>;
-  type(text: string, options?: TypeOptions): Promise<void>;
-  press(key: KeyInput): Promise<void>;
-  keyDown(key: KeyInput): Promise<void>;
-  keyUp(key: KeyInput): Promise<void>;
-  getScreenSize(): Promise<ScreenSizeResponse>;
-  getProcessStatus(name: string): Promise<DesktopProcessHealth>;
-}
-/**
- * Client for desktop environment lifecycle, input, and screen operations
- */
-declare class DesktopClient extends BaseHttpClient implements SandboxDesktopAPI {
-  /**
-   * Start the desktop environment with optional resolution and DPI.
-   */
-  start(options?: DesktopStartOptions): Promise<DesktopStartResponse>;
-  /**
-   * Stop the desktop environment and all related processes.
-   */
-  stop(): Promise<DesktopStopResponse>;
-  /**
-   * Get desktop lifecycle and process health status.
-   */
-  status(): Promise<DesktopStatusResponse>;
-  /**
-   * Capture a full-screen screenshot as base64 (default).
-   */
-  screenshot(options?: ScreenshotOptions & {
-    format?: 'base64';
-  }): Promise<ScreenshotResponse>;
-  /**
-   * Capture a full-screen screenshot as bytes.
-   */
-  screenshot(options: ScreenshotOptions & {
-    format: 'bytes';
-  }): Promise<ScreenshotBytesResponse>;
-  /**
-   * Capture a region screenshot as base64 (default).
-   */
-  screenshotRegion(region: ScreenshotRegion, options?: ScreenshotOptions & {
-    format?: 'base64';
-  }): Promise<ScreenshotResponse>;
-  /**
-   * Capture a region screenshot as bytes.
-   */
-  screenshotRegion(region: ScreenshotRegion, options: ScreenshotOptions & {
-    format: 'bytes';
-  }): Promise<ScreenshotBytesResponse>;
-  /**
-   * Single-click at the given coordinates.
-   */
-  click(x: number, y: number, options?: ClickOptions): Promise<void>;
-  /**
-   * Double-click at the given coordinates.
-   */
-  doubleClick(x: number, y: number, options?: ClickOptions): Promise<void>;
-  /**
-   * Triple-click at the given coordinates.
-   */
-  tripleClick(x: number, y: number, options?: ClickOptions): Promise<void>;
-  /**
-   * Right-click at the given coordinates.
-   */
-  rightClick(x: number, y: number): Promise<void>;
-  /**
-   * Middle-click at the given coordinates.
-   */
-  middleClick(x: number, y: number): Promise<void>;
-  /**
-   * Press and hold a mouse button.
-   */
-  mouseDown(x?: number, y?: number, options?: ClickOptions): Promise<void>;
-  /**
-   * Release a held mouse button.
-   */
-  mouseUp(x?: number, y?: number, options?: ClickOptions): Promise<void>;
-  /**
-   * Move the mouse cursor to coordinates.
-   */
-  moveMouse(x: number, y: number): Promise<void>;
-  /**
-   * Drag from start coordinates to end coordinates.
-   */
-  drag(startX: number, startY: number, endX: number, endY: number, options?: ClickOptions): Promise<void>;
-  /**
-   * Scroll at coordinates in the specified direction.
-   */
-  scroll(x: number, y: number, direction: ScrollDirection, amount?: number): Promise<void>;
-  /**
-   * Get the current cursor coordinates.
-   */
-  getCursorPosition(): Promise<CursorPositionResponse>;
-  /**
-   * Type text into the focused element.
-   */
-  type(text: string, options?: TypeOptions): Promise<void>;
-  /**
-   * Press and release a key or key combination.
-   */
-  press(key: KeyInput): Promise<void>;
-  /**
-   * Press and hold a key.
-   */
-  keyDown(key: KeyInput): Promise<void>;
-  /**
-   * Release a held key.
-   */
-  keyUp(key: KeyInput): Promise<void>;
-  /**
-   * Get the active desktop screen size.
-   */
-  getScreenSize(): Promise<ScreenSizeResponse>;
-  /**
-   * Get health status for a specific desktop process.
-   */
-  getProcessStatus(name: string): Promise<DesktopProcessHealth>;
-}
-//#endregion
 //#region src/clients/file-client.d.ts
 /**
  * Request interface for creating directories
@@ -2534,33 +2214,9 @@ declare class InterpreterClient extends BaseHttpClient implements SandboxInterpr
 //#endregion
 //#region src/clients/port-client.d.ts
 /**
- * Request interface for unexposing ports
- */
-interface UnexposePortRequest {
-  port: number;
-}
-/**
- * Client for port management and preview URL operations
+ * Client for port readiness operations.
  */
-declare class PortClient extends BaseHttpClient implements SandboxPortsAPI {
-  /**
-   * Expose a port and get a preview URL
-   * @param port - Port number to expose
-   * @param sessionId - The session ID for this operation
-   * @param name - Optional name for the port
-   */
-  exposePort(port: number, sessionId: string, name?: string): Promise<PortExposeResult>;
-  /**
-   * Unexpose a port and remove its preview URL
-   * @param port - Port number to unexpose
-   * @param sessionId - The session ID for this operation
-   */
-  unexposePort(port: number, sessionId: string): Promise<PortCloseResult>;
-  /**
-   * Get all currently exposed ports
-   * @param sessionId - The session ID for this operation
-   */
-  getExposedPorts(sessionId: string): Promise<PortListResult>;
+declare class PortClient extends BaseHttpClient {
   /**
    * Watch a port for readiness via SSE stream
    * @param request - Port watch configuration
@@ -2749,7 +2405,6 @@ declare class SandboxClient {
   readonly git: GitClient;
   readonly interpreter: InterpreterClient;
   readonly utils: UtilityClient;
-  readonly desktop: DesktopClient;
   readonly watch: WatchClient;
   /**
    * Tunnels are RPC-only — the route-based transport does not implement them.
@@ -2915,7 +2570,6 @@ declare class ContainerControlClient {
   get git(): SandboxGitAPI;
   get utils(): SandboxUtilsAPI;
   get backup(): SandboxBackupAPI;
-  get desktop(): SandboxDesktopAPI;
   get watch(): SandboxWatchAPI;
   get tunnels(): SandboxTunnelsAPI;
   get interpreter(): SandboxInterpreterAPI;
@@ -2933,7 +2587,7 @@ declare class ContainerControlClient {
 //#endregion
 //#region src/tunnels/tunnels-handler.d.ts
 interface TunnelsHandler {
-  get(port: number): Promise<TunnelInfo>;
+  get(port: number, options?: TunnelOptions): Promise<TunnelInfo>;
   list(): Promise<TunnelInfo[]>;
   destroy(portOrInfo: number | TunnelInfo): Promise<void>;
 }
@@ -2949,6 +2603,18 @@ type SandboxConfiguration = {
   containerTimeouts?: NonNullable<SandboxOptions['containerTimeouts']>;
   transport?: SandboxTransport;
 };
+/**
+ * SDK-level ContainerProxy that directly dispatches SDK-internal mount hosts
+ * (r2.internal, s3-credential-proxy.internal) without relying on
+ * outboundHandlersRegistry lookups, which are NOT shared between the Durable
+ * Object's execution context and the ContainerProxy WorkerEntrypoint context.
+ *
+ * Users must export this class from their Worker entrypoint so the Sandbox DO
+ * can create outbound-interception fetchers that reference it.
+ */
+declare class ContainerProxy$1 extends ContainerProxy {
+  fetch(request: Request): Promise<Response>;
+}
 declare function getSandbox<T extends Sandbox<any>>(ns: DurableObjectNamespace<T>, id: string, options?: SandboxOptions): T;
 declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
   defaultPort: number;
@@ -2958,6 +2624,7 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
   private sandboxName;
   private tunnelsHandler;
   private tunnelExitHandler;
+  private destroyAllTunnels;
   private readonly controlCallback;
   private normalizeId;
   private defaultSession;
@@ -2967,6 +2634,8 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
   private logger;
   private keepAliveEnabled;
   private activeMounts;
+  private mountOperationQueue;
+  private currentRuntime;
   private transport;
   /**
    * True once transport has been written to storage at least once (either
@@ -2992,7 +2661,22 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
   private r2SecretAccessKey;
   private r2AccountId;
   private backupBucketName;
+  private backupBucketEndpoint;
   private r2Client;
+  /**
+   * Lazily-resolved Cloudflare account id for named-tunnel provisioning.
+   * Resolved on first access via `tunnels/credentials.ts` and cached for
+   * the lifetime of this DO instance. See the credentials helper for
+   * the precedence chain.
+   */
+  private tunnelAccountIdPromise;
+  /**
+   * Lazily-resolved Cloudflare zone id for named-tunnel provisioning.
+   * Falls back to the single zone the token can see under the resolved
+   * account id when `CLOUDFLARE_ZONE_ID` is not set. Cached for the
+   * lifetime of this DO instance.
+   */
+  private tunnelZoneIdPromise;
   /**
    * Default container startup timeouts (conservative for production)
    * Based on Cloudflare docs: "Containers take several minutes to provision"
@@ -3012,25 +2696,6 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
    * env/SDK defaults".
    */
   private hasStoredContainerTimeouts;
-  /**
-   * Desktop environment operations.
-   * Within the DO, this getter provides direct access to DesktopClient.
-   * Over RPC, the getSandbox() proxy intercepts this property and routes
-   * calls through callDesktop() instead.
-   */
-  get desktop(): Desktop;
-  /**
-   * Allowed desktop methods — derived from the Desktop interface.
-   * Restricts callDesktop() to a known set of operations.
-   */
-  private static readonly DESKTOP_METHODS;
-  /**
-   * Dispatch method for desktop operations.
-   * Called by the client-side proxy created in getSandbox() to provide
-   * the `sandbox.desktop.status()` API without relying on RPC pipelining
-   * through property getters which is broken when using vite-plugin.
-   */
-  callDesktop(method: string, args: unknown[]): Promise<unknown>;
   /**
    * Dispatch method for tunnel operations.
    * Called by the client-side proxy created in getSandbox() to provide
@@ -3083,12 +2748,16 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
    * @throws InvalidMountConfigError if bucket name, mount path, or endpoint is invalid
    */
   mountBucket(bucket: string, mountPath: string, options: MountBucketOptions): Promise<void>;
+  private runMountOperation;
+  private mountBucketUnlocked;
   /**
    * Local dev mount: bidirectional sync via R2 binding + file/watch APIs
    */
   private mountBucketLocal;
   private getR2EgressParams;
-  private validateR2EgressS3fsOptions;
+  private validateProtectedS3fsOptions;
+  private getS3CredentialProxyParams;
+  private resolveCredentialProxyAuthStrategy;
   /**
    * Credential-less R2 mount: egress interception routes s3fs requests to the
    * R2 binding. No S3 credentials are needed in the container or Worker env.
@@ -3105,6 +2774,7 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
    * @throws InvalidMountConfigError if mount path doesn't exist or isn't mounted
    */
   unmountBucket(mountPath: string): Promise<void>;
+  private unmountBucketUnlocked;
   /**
    * Shared validation for mount path (absolute, not already in use).
    */
@@ -3117,6 +2787,15 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
    * Generate unique password file path for s3fs credentials
    */
   private generatePasswordFilePath;
+  /**
+   * Generate unique ahbe_conf file path for s3fs additional header config
+   */
+  private generateS3FSAdditionalHeaderFilePath;
+  /**
+   * Create s3fs ahbe_conf file that suppresses the Expect: 100-continue header.
+   * Restricted to 0600 so s3fs will accept it (same requirement as passwd files).
+   */
+  private createDisableExpectHeaderFile;
   /**
    * Create password file with s3fs credentials
    * Format: bucket:accessKeyId:secretAccessKey
@@ -3126,6 +2805,7 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
    * Delete password file
    */
   private deletePasswordFile;
+  private deleteAdditionalHeaderFile;
   /**
    * Execute S3FS mount command
    */
@@ -3157,18 +2837,7 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
   destroy(): Promise<void>;
   private doDestroy;
   onStart(): Promise<void>;
-  /**
-   * Re-expose ports on the container runtime using tokens persisted in DO
-   * storage. Called from onStart() after a container (re)start.
-   *
-   * The DO storage holds the source of truth for which ports should be
-   * exposed, which tokens authorize them, and the friendly name (if any)
-   * that the caller set when first exposing the port. If a port is already
-   * exposed on the container this is a no-op for that port. Individual port
-   * failures are logged but do not abort the overall restore — a transient
-   * failure for one port must not prevent the others from being restored.
-   */
-  private restoreExposedPorts;
+  stop(signal?: Parameters<Container<Env>['stop']>[0]): Promise<void>;
   /**
    * Read the `portTokens` map from DO storage, normalizing the legacy
    * string-valued format (just a token) to the current object format
@@ -3176,6 +2845,10 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
    * can appear on any DO whose storage was written before that change.
    */
   private readPortTokens;
+  private readActivePreviewPorts;
+  private writeActivePreviewPorts;
+  private readPreviewState;
+  private clearActivePreviewPorts;
   /**
    * Check if the container version matches the SDK version
    * Logs a warning if there's a mismatch
@@ -3230,6 +2903,14 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
    * When keepAlive is disabled, calls parent implementation which stops the container
    */
   onActivityExpired(): Promise<void>;
+  private isPreviewProxyRequest;
+  private invalidPreviewTokenResponse;
+  private stalePreviewURLResponse;
+  private getPreviewForwardingContainer;
+  private beginPreviewForward;
+  private fetchPreviewIfRunning;
+  private buildPreviewProxyRequest;
+  private proxyPreviewRequest;
   fetch(request: Request): Promise<Response>;
   wsConnect(request: Request, port: number): Promise<Response>;
   private determinePort;
@@ -3403,23 +3084,6 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
   }): Promise<ReadableStream<Uint8Array>>;
   listFiles(path: string, options?: ListFilesOptions): Promise<ListFilesResult>;
   exists(path: string, sessionId?: string): Promise<FileExistsResult>;
-  /**
-   * Get the noVNC preview URL for browser-based desktop viewing.
-   * Confirms desktop is active, then uses exposePort() to generate
-   * a token-authenticated preview URL for the noVNC port (6080).
-   *
-   * @param hostname - The custom domain hostname for preview URLs
-   *   (e.g., 'preview.example.com'). Required because preview URLs
-   *   use subdomain patterns that .workers.dev doesn't support.
-   * @param options - Optional settings
-   * @param options.token - Reuse an existing token instead of generating a new one
-   * @returns The authenticated noVNC preview URL
-   */
-  getDesktopStreamUrl(hostname: string, options?: {
-    token?: string;
-  }): Promise<{
-    url: string;
-  }>;
   /**
    * Watch a directory for file system changes using native inotify.
    *
@@ -3448,11 +3112,10 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
   /**
    * Expose a port and get a preview URL for accessing services running in the sandbox
    *
-   * Preview URLs survive transient container restarts: the token and any
-   * friendly name are persisted in Durable Object storage, and the port is
-   * automatically re-exposed on the container when it comes back up. Tokens
-   * are cleared only on explicit `unexposePort()` or full sandbox
-   * `destroy()`.
+   * Preview URL authorization survives transient container restarts, but
+   * forwarding is active only for the runtime where `exposePort()` was last
+   * called. Call `exposePort()` again after a restart to reactivate an
+   * existing URL for the current runtime.
    *
    * @param port - Port number to expose (1024-65535)
    * @param options - Configuration options
@@ -3484,11 +3147,22 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
     port: number;
     name: string | undefined;
   }>;
+  /**
+   * Revoke preview URL authorization and current-runtime activation for a port.
+   *
+   * Revocation is idempotent: calling this for a port with no preview state is
+   * still successful. The operation clears Durable Object-owned preview state
+   * only and does not contact, probe, wake, or clean up the container runtime.
+   */
   unexposePort(port: number): Promise<void>;
+  /**
+   * Returns preview URLs that are currently forwardable in the active runtime.
+   * Durable authorization without current-runtime activation is omitted.
+   */
   getExposedPorts(hostname: string): Promise<{
     url: string;
     port: number;
-    status: "active" | "inactive";
+    status: "active";
   }[]>;
   /**
    * Namespaced tunnel API. Quick tunnels are zero-config preview URLs
@@ -3517,8 +3191,45 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
    * fields.
    */
   private ensureTunnelsBuilt;
+  /**
+   * Resolve the Cloudflare account id used for named-tunnel provisioning.
+   *
+   * Memoised for the lifetime of this DO instance. The first call may hit
+   * `GET /user/tokens/verify` to derive the account id from the configured
+   * `CLOUDFLARE_API_TOKEN`; subsequent calls return the cached promise.
+   *
+   * Only successful resolutions are cached: a rejected lookup clears the
+   * slot so the next caller retries. Otherwise a transient failure on
+   * first use would permanently poison every later named-tunnel `get()`
+   * on this DO instance.
+   */
+  private getTunnelAccountId;
+  /**
+   * Resolve the Cloudflare zone id used for named-tunnel provisioning.
+   *
+   * Memoised for the lifetime of this DO instance. Falls back to the
+   * single zone the token can see under `accountId` via `GET /zones`
+   * when `CLOUDFLARE_ZONE_ID` is not set. Failed lookups clear the cache
+   * so the next caller retries — see `getTunnelAccountId` for the
+   * rationale.
+   */
+  private getTunnelZoneId;
+  /**
+   * Returns whether a port is currently preview-forwardable.
+   * This checks Durable Object-owned auth and runtime activation without
+   * contacting or waking the container.
+   */
   isPortExposed(port: number): Promise<boolean>;
+  /**
+   * Checks durable preview URL authorization for a port/token pair.
+   *
+   * This does not check whether the port is activated for the current runtime
+   * and is not sufficient to decide whether preview traffic may forward.
+   */
   validatePortToken(port: number, token: string): Promise<boolean>;
+  private validatePreviewURLForRuntime;
+  private getCurrentPreviewPorts;
+  private previewTokensMatch;
   private validateCustomToken;
   private generatePortToken;
   private constructPreviewUrl;
@@ -3598,17 +3309,19 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
    * Returns validated presigned URL configuration or throws if not configured.
    * All credential fields plus the R2 binding are required for backup to work.
    */
-  private requirePresignedUrlSupport;
+  private requirePresignedURLSupport;
+  private getBackupBucketEndpoint;
+  private getBackupObjectURL;
   /**
    * Generate a presigned GET URL for downloading an object from R2.
    * The container can curl this URL directly without credentials.
    */
-  private generatePresignedGetUrl;
+  private generatePresignedGetURL;
   /**
    * Generate a presigned PUT URL for uploading an object to R2.
    * The container can curl PUT to this URL directly without credentials.
    */
-  private generatePresignedPutUrl;
+  private generatePresignedPutURL;
   /**
    * Upload a backup archive via presigned PUT URL.
    * The container curls the archive directly to R2, bypassing the DO.
@@ -3618,7 +3331,7 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
   /**
    * Generate a presigned PUT URL for a single part in a multipart upload.
    */
-  private generatePresignedPartUrl;
+  private generatePresignedPartURL;
   /**
    * Upload a backup archive to R2 using parallel multipart upload.
    * Uses the S3-compatible API exclusively for create/complete/abort so that
@@ -3710,7 +3423,8 @@ declare class Sandbox<Env = unknown> extends Container<Env> implements ISandbox
    */
   private doRestoreBackupLocal;
   private configureR2EgressOutbound;
+  private configureS3CredentialProxyOutbound;
 }
 //#endregion
-export { StartProcessRequest as $, DesktopStopResponse as A, ProcessOptions as At, ExecuteResponse as B, WaitForPortOptions as Bt, ClickOptions as C, PortListResult as Ct, DesktopStartOptions as D, ProcessKillResult as Dt, DesktopClient as E, ProcessInfoResult as Et, ScreenshotRegion as F, SandboxOptions as Ft, HttpClientOptions as G, PtyOptions as Gt, BaseApiResponse as H, isExecResult as Ht, ScreenshotResponse as I, SandboxTransport as It, SessionRequest as J, Execution as Jt, RequestConfig as K, CodeContext as Kt, ScrollDirection as L, SessionOptions as Lt, ScreenSizeResponse as M, ProcessStatus as Mt, ScreenshotBytesResponse as N, RemoteMountBucketOptions as Nt, DesktopStartResponse as O, ProcessListResult as Ot, ScreenshotOptions as P, RestoreBackupResult as Pt, ExposePortRequest as Q, TypeOptions as R, StreamOptions as Rt, WriteFileRequest as S, PortExposeResult as St, Desktop as T, ProcessCleanupResult as Tt, ContainerStub as U, isProcess as Ut, BackupClient as V, WatchOptions as Vt, ErrorResponse as W, isProcessStatus as Wt, TunnelInfo as X, RunCodeOptions as Xt, SandboxInterpreterAPI as Y, ExecutionResult as Yt, ExecuteRequest as Z, GitClient as _, ListFilesOptions as _t, CreateSessionRequest as a, CheckChangesResult as at, MkdirRequest as b, MountBucketOptions as bt, DeleteSessionResponse as c, ExecOptions as ct, ProcessClient as d, FileChunk as dt, BackupOptions as et, PortClient as f, FileMetadata as ft, GitCheckoutRequest as g, ISandbox as gt, InterpreterClient as h, GitCheckoutResult as ht, CommandsResponse as i, CheckChangesOptions as it, KeyInput as j, ProcessStartResult as jt, DesktopStatusResponse as k, ProcessLogsResult as kt, PingResponse as l, ExecResult as lt, ExecutionCallbacks as m, FileWatchSSEEvent as mt, getSandbox as n, BucketCredentials as nt, CreateSessionResponse as o, DirectoryBackup as ot, UnexposePortRequest as p, FileStreamEvent as pt, ResponseHandler as q, CreateContextOptions as qt, SandboxClient as r, BucketProvider as rt, DeleteSessionRequest as s, ExecEvent as st, Sandbox as t, BaseExecOptions as tt, UtilityClient as u, ExecutionSession as ut, FileClient as v, LocalMountBucketOptions as vt, CursorPositionResponse as w, Process as wt, ReadFileRequest as x, PortCloseResult as xt, FileOperationRequest as y, LogEvent as yt, CommandClient as z, WaitForLogResult as zt };
-//# sourceMappingURL=sandbox-CwcSm_60.d.ts.map
+export { FileStreamEvent as $, RequestConfig as A, CreateContextOptions as At, BackupOptions as B, CommandClient as C, WaitForPortOptions as Ct, ContainerStub as D, isProcessStatus as Dt, BaseApiResponse as E, isProcess as Et, SandboxInterpreterAPI as F, CheckChangesResult as G, BucketCredentials as H, TunnelInfo as I, ExecOptions as J, DirectoryBackup as K, TunnelOptions as L, SessionRequest as M, ExecutionResult as Mt, NamedTunnelInfo as N, RunCodeOptions as Nt, ErrorResponse as O, PtyOptions as Ot, QuickTunnelInfo as P, FileMetadata as Q, ExecuteRequest as R, WriteFileRequest as S, WaitForLogResult as St, BackupClient as T, isExecResult as Tt, BucketProvider as U, BaseExecOptions as V, CheckChangesOptions as W, ExecutionSession as X, ExecResult as Y, FileChunk as Z, GitClient as _, RestoreBackupResult as _t, CommandsResponse as a, LogEvent as at, MkdirRequest as b, SessionOptions as bt, DeleteSessionRequest as c, ProcessCleanupResult as ct, UtilityClient as d, ProcessListResult as dt, FileWatchSSEEvent as et, ProcessClient as f, ProcessLogsResult as ft, GitCheckoutRequest as g, RemoteMountBucketOptions as gt, InterpreterClient as h, ProcessStatus as ht, SandboxClient as i, LocalMountBucketOptions as it, ResponseHandler as j, Execution as jt, HttpClientOptions as k, CodeContext as kt, DeleteSessionResponse as l, ProcessInfoResult as lt, ExecutionCallbacks as m, ProcessStartResult as mt, Sandbox as n, ISandbox as nt, CreateSessionRequest as o, MountBucketOptions as ot, PortClient as p, ProcessOptions as pt, ExecEvent as q, getSandbox as r, ListFilesOptions as rt, CreateSessionResponse as s, Process as st, ContainerProxy$1 as t, GitCheckoutResult as tt, PingResponse as u, ProcessKillResult as ut, FileClient as v, SandboxOptions as vt, ExecuteResponse as w, WatchOptions as wt, ReadFileRequest as x, StreamOptions as xt, FileOperationRequest as y, SandboxTransport as yt, StartProcessRequest as z };
+//# sourceMappingURL=sandbox-D3N9M5EI.d.ts.map