@cloudflare/sandbox 0.3.7 → 0.4.2

package/dist/chunk-SQLJNZ3K.js

@@ -1,674 +0,0 @@
-import {
-  SecurityError,
-  logSecurityEvent,
-  sanitizeSandboxId,
-  validatePort
-} from "./chunk-6UAWTJ5S.js";
-import {
-  InterpreterClient
-} from "./chunk-D3U63BZP.js";
-import {
-  CodeInterpreter
-} from "./chunk-JTKON2SH.js";
-
-// src/sandbox.ts
-import { Container, getContainer } from "@cloudflare/containers";
-
-// src/request-handler.ts
-async function proxyToSandbox(request, env) {
-  try {
-    const url = new URL(request.url);
-    const routeInfo = extractSandboxRoute(url);
-    if (!routeInfo) {
-      return null;
-    }
-    const { sandboxId, port, path } = routeInfo;
-    const sandbox = getSandbox(env.Sandbox, sandboxId);
-    let proxyUrl;
-    if (port !== 3e3) {
-      proxyUrl = `http://localhost:${port}${path}${url.search}`;
-    } else {
-      proxyUrl = `http://localhost:3000${path}${url.search}`;
-    }
-    const proxyRequest = new Request(proxyUrl, {
-      method: request.method,
-      headers: {
-        ...Object.fromEntries(request.headers),
-        "X-Original-URL": request.url,
-        "X-Forwarded-Host": url.hostname,
-        "X-Forwarded-Proto": url.protocol.replace(":", ""),
-        "X-Sandbox-Name": sandboxId
-        // Pass the friendly name
-      },
-      body: request.body
-    });
-    return sandbox.containerFetch(proxyRequest, port);
-  } catch (error) {
-    console.error("[Sandbox] Proxy routing error:", error);
-    return new Response("Proxy routing error", { status: 500 });
-  }
-}
-function extractSandboxRoute(url) {
-  const subdomainMatch = url.hostname.match(/^(\d{4,5})-([^.-][^.]*[^.-]|[^.-])\.(.+)$/);
-  if (!subdomainMatch) {
-    if (url.hostname.includes("-") && url.hostname.includes(".")) {
-      logSecurityEvent("MALFORMED_SUBDOMAIN_ATTEMPT", {
-        hostname: url.hostname,
-        url: url.toString()
-      }, "medium");
-    }
-    return null;
-  }
-  const portStr = subdomainMatch[1];
-  const sandboxId = subdomainMatch[2];
-  const domain = subdomainMatch[3];
-  const port = parseInt(portStr, 10);
-  if (!validatePort(port)) {
-    logSecurityEvent("INVALID_PORT_IN_SUBDOMAIN", {
-      port,
-      portStr,
-      sandboxId,
-      hostname: url.hostname,
-      url: url.toString()
-    }, "high");
-    return null;
-  }
-  let sanitizedSandboxId;
-  try {
-    sanitizedSandboxId = sanitizeSandboxId(sandboxId);
-  } catch (error) {
-    logSecurityEvent("INVALID_SANDBOX_ID_IN_SUBDOMAIN", {
-      sandboxId,
-      port,
-      hostname: url.hostname,
-      url: url.toString(),
-      error: error instanceof Error ? error.message : "Unknown error"
-    }, "high");
-    return null;
-  }
-  if (sandboxId.length > 63) {
-    logSecurityEvent("SANDBOX_ID_LENGTH_VIOLATION", {
-      sandboxId,
-      length: sandboxId.length,
-      port,
-      hostname: url.hostname
-    }, "medium");
-    return null;
-  }
-  logSecurityEvent("SANDBOX_ROUTE_EXTRACTED", {
-    port,
-    sandboxId: sanitizedSandboxId,
-    domain,
-    path: url.pathname || "/",
-    hostname: url.hostname
-  }, "low");
-  return {
-    port,
-    sandboxId: sanitizedSandboxId,
-    path: url.pathname || "/"
-  };
-}
-function isLocalhostPattern(hostname) {
-  const hostPart = hostname.split(":")[0];
-  return hostPart === "localhost" || hostPart === "127.0.0.1" || hostPart === "::1" || hostPart === "[::1]" || hostPart === "0.0.0.0";
-}
-
-// src/sandbox.ts
-function getSandbox(ns, id) {
-  const stub = getContainer(ns, id);
-  stub.setSandboxName?.(id);
-  return stub;
-}
-var Sandbox = class extends Container {
-  defaultPort = 3e3;
-  // Default port for the container's Bun server
-  sleepAfter = "20m";
-  // Keep container warm for 20 minutes to avoid cold starts
-  client;
-  sandboxName = null;
-  codeInterpreter;
-  defaultSession = null;
-  constructor(ctx, env) {
-    super(ctx, env);
-    this.client = new InterpreterClient({
-      onCommandComplete: (success, exitCode, _stdout, _stderr, command) => {
-        console.log(
-          `[Container] Command completed: ${command}, Success: ${success}, Exit code: ${exitCode}`
-        );
-      },
-      onCommandStart: (command) => {
-        console.log(`[Container] Command started: ${command}`);
-      },
-      onError: (error, _command) => {
-        console.error(`[Container] Command error: ${error}`);
-      },
-      onOutput: (stream, data, _command) => {
-        console.log(`[Container] [${stream}] ${data}`);
-      },
-      port: 3e3,
-      // Control plane port
-      stub: this
-    });
-    this.codeInterpreter = new CodeInterpreter(this);
-    this.ctx.blockConcurrencyWhile(async () => {
-      this.sandboxName = await this.ctx.storage.get("sandboxName") || null;
-    });
-  }
-  // RPC method to set the sandbox name
-  async setSandboxName(name) {
-    if (!this.sandboxName) {
-      this.sandboxName = name;
-      await this.ctx.storage.put("sandboxName", name);
-      console.log(`[Sandbox] Stored sandbox name via RPC: ${name}`);
-    }
-  }
-  // RPC method to set environment variables
-  async setEnvVars(envVars) {
-    this.envVars = { ...this.envVars, ...envVars };
-    console.log(`[Sandbox] Updated environment variables`);
-    if (this.defaultSession) {
-      await this.defaultSession.setEnvVars(envVars);
-    }
-  }
-  onStart() {
-    console.log("Sandbox successfully started");
-  }
-  onStop() {
-    console.log("Sandbox successfully shut down");
-  }
-  onError(error) {
-    console.log("Sandbox error:", error);
-  }
-  // Override fetch to route internal container requests to appropriate ports
-  async fetch(request) {
-    const url = new URL(request.url);
-    if (!this.sandboxName && request.headers.has("X-Sandbox-Name")) {
-      const name = request.headers.get("X-Sandbox-Name");
-      this.sandboxName = name;
-      await this.ctx.storage.put("sandboxName", name);
-      console.log(`[Sandbox] Stored sandbox name: ${this.sandboxName}`);
-    }
-    const port = this.determinePort(url);
-    return await this.containerFetch(request, port);
-  }
-  determinePort(url) {
-    const proxyMatch = url.pathname.match(/^\/proxy\/(\d+)/);
-    if (proxyMatch) {
-      return parseInt(proxyMatch[1]);
-    }
-    if (url.port) {
-      return parseInt(url.port);
-    }
-    return 3e3;
-  }
-  // Helper to ensure default session is initialized
-  async ensureDefaultSession() {
-    if (!this.defaultSession) {
-      const sessionId = `sandbox-${this.sandboxName || "default"}`;
-      this.defaultSession = await this.createSession({
-        id: sessionId,
-        env: this.envVars || {},
-        cwd: "/workspace",
-        isolation: true
-      });
-      console.log(`[Sandbox] Default session initialized: ${sessionId}`);
-    }
-    return this.defaultSession;
-  }
-  async exec(command, options) {
-    const session = await this.ensureDefaultSession();
-    return session.exec(command, options);
-  }
-  async startProcess(command, options) {
-    const session = await this.ensureDefaultSession();
-    return session.startProcess(command, options);
-  }
-  async listProcesses() {
-    const session = await this.ensureDefaultSession();
-    return session.listProcesses();
-  }
-  async getProcess(id) {
-    const session = await this.ensureDefaultSession();
-    return session.getProcess(id);
-  }
-  async killProcess(id, signal) {
-    const session = await this.ensureDefaultSession();
-    return session.killProcess(id, signal);
-  }
-  async killAllProcesses() {
-    const session = await this.ensureDefaultSession();
-    return session.killAllProcesses();
-  }
-  async cleanupCompletedProcesses() {
-    const session = await this.ensureDefaultSession();
-    return session.cleanupCompletedProcesses();
-  }
-  async getProcessLogs(id) {
-    const session = await this.ensureDefaultSession();
-    return session.getProcessLogs(id);
-  }
-  // Streaming methods - delegates to default session
-  async execStream(command, options) {
-    const session = await this.ensureDefaultSession();
-    return session.execStream(command, options);
-  }
-  async streamProcessLogs(processId, options) {
-    const session = await this.ensureDefaultSession();
-    return session.streamProcessLogs(processId, options);
-  }
-  async gitCheckout(repoUrl, options) {
-    const session = await this.ensureDefaultSession();
-    return session.gitCheckout(repoUrl, options);
-  }
-  async mkdir(path, options = {}) {
-    const session = await this.ensureDefaultSession();
-    return session.mkdir(path, options);
-  }
-  async writeFile(path, content, options = {}) {
-    const session = await this.ensureDefaultSession();
-    return session.writeFile(path, content, options);
-  }
-  async deleteFile(path) {
-    const session = await this.ensureDefaultSession();
-    return session.deleteFile(path);
-  }
-  async renameFile(oldPath, newPath) {
-    const session = await this.ensureDefaultSession();
-    return session.renameFile(oldPath, newPath);
-  }
-  async moveFile(sourcePath, destinationPath) {
-    const session = await this.ensureDefaultSession();
-    return session.moveFile(sourcePath, destinationPath);
-  }
-  async readFile(path, options = {}) {
-    const session = await this.ensureDefaultSession();
-    return session.readFile(path, options);
-  }
-  async readFileStream(path) {
-    const session = await this.ensureDefaultSession();
-    return session.readFileStream(path);
-  }
-  async listFiles(path, options = {}) {
-    const session = await this.ensureDefaultSession();
-    return session.listFiles(path, options);
-  }
-  async exposePort(port, options) {
-    await this.client.exposePort(port, options?.name);
-    if (!this.sandboxName) {
-      throw new Error(
-        "Sandbox name not available. Ensure sandbox is accessed through getSandbox()"
-      );
-    }
-    const url = this.constructPreviewUrl(
-      port,
-      this.sandboxName,
-      options.hostname
-    );
-    return {
-      url,
-      port,
-      name: options?.name
-    };
-  }
-  async unexposePort(port) {
-    if (!validatePort(port)) {
-      logSecurityEvent(
-        "INVALID_PORT_UNEXPOSE",
-        {
-          port
-        },
-        "high"
-      );
-      throw new SecurityError(
-        `Invalid port number: ${port}. Must be between 1024-65535 and not reserved.`
-      );
-    }
-    await this.client.unexposePort(port);
-    logSecurityEvent(
-      "PORT_UNEXPOSED",
-      {
-        port
-      },
-      "low"
-    );
-  }
-  async getExposedPorts(hostname) {
-    const response = await this.client.getExposedPorts();
-    if (!this.sandboxName) {
-      throw new Error(
-        "Sandbox name not available. Ensure sandbox is accessed through getSandbox()"
-      );
-    }
-    return response.ports.map((port) => ({
-      url: this.constructPreviewUrl(port.port, this.sandboxName, hostname),
-      port: port.port,
-      name: port.name,
-      exposedAt: port.exposedAt
-    }));
-  }
-  constructPreviewUrl(port, sandboxId, hostname) {
-    if (!validatePort(port)) {
-      logSecurityEvent(
-        "INVALID_PORT_REJECTED",
-        {
-          port,
-          sandboxId,
-          hostname
-        },
-        "high"
-      );
-      throw new SecurityError(
-        `Invalid port number: ${port}. Must be between 1024-65535 and not reserved.`
-      );
-    }
-    let sanitizedSandboxId;
-    try {
-      sanitizedSandboxId = sanitizeSandboxId(sandboxId);
-    } catch (error) {
-      logSecurityEvent(
-        "INVALID_SANDBOX_ID_REJECTED",
-        {
-          sandboxId,
-          port,
-          hostname,
-          error: error instanceof Error ? error.message : "Unknown error"
-        },
-        "high"
-      );
-      throw error;
-    }
-    const isLocalhost = isLocalhostPattern(hostname);
-    if (isLocalhost) {
-      const [host, portStr] = hostname.split(":");
-      const mainPort = portStr || "80";
-      try {
-        const baseUrl = new URL(`http://${host}:${mainPort}`);
-        const subdomainHost = `${port}-${sanitizedSandboxId}.${host}`;
-        baseUrl.hostname = subdomainHost;
-        const finalUrl = baseUrl.toString();
-        logSecurityEvent(
-          "PREVIEW_URL_CONSTRUCTED",
-          {
-            port,
-            sandboxId: sanitizedSandboxId,
-            hostname,
-            resultUrl: finalUrl,
-            environment: "localhost"
-          },
-          "low"
-        );
-        return finalUrl;
-      } catch (error) {
-        logSecurityEvent(
-          "URL_CONSTRUCTION_FAILED",
-          {
-            port,
-            sandboxId: sanitizedSandboxId,
-            hostname,
-            error: error instanceof Error ? error.message : "Unknown error"
-          },
-          "high"
-        );
-        throw new SecurityError(
-          `Failed to construct preview URL: ${error instanceof Error ? error.message : "Unknown error"}`
-        );
-      }
-    }
-    try {
-      const protocol = "https";
-      const baseUrl = new URL(`${protocol}://${hostname}`);
-      const subdomainHost = `${port}-${sanitizedSandboxId}.${hostname}`;
-      baseUrl.hostname = subdomainHost;
-      const finalUrl = baseUrl.toString();
-      logSecurityEvent(
-        "PREVIEW_URL_CONSTRUCTED",
-        {
-          port,
-          sandboxId: sanitizedSandboxId,
-          hostname,
-          resultUrl: finalUrl,
-          environment: "production"
-        },
-        "low"
-      );
-      return finalUrl;
-    } catch (error) {
-      logSecurityEvent(
-        "URL_CONSTRUCTION_FAILED",
-        {
-          port,
-          sandboxId: sanitizedSandboxId,
-          hostname,
-          error: error instanceof Error ? error.message : "Unknown error"
-        },
-        "high"
-      );
-      throw new SecurityError(
-        `Failed to construct preview URL: ${error instanceof Error ? error.message : "Unknown error"}`
-      );
-    }
-  }
-  // Code Interpreter Methods
-  /**
-   * Create a new code execution context
-   */
-  async createCodeContext(options) {
-    return this.codeInterpreter.createCodeContext(options);
-  }
-  /**
-   * Run code with streaming callbacks
-   */
-  async runCode(code, options) {
-    const execution = await this.codeInterpreter.runCode(code, options);
-    return execution.toJSON();
-  }
-  /**
-   * Run code and return a streaming response
-   */
-  async runCodeStream(code, options) {
-    return this.codeInterpreter.runCodeStream(code, options);
-  }
-  /**
-   * List all code contexts
-   */
-  async listCodeContexts() {
-    return this.codeInterpreter.listCodeContexts();
-  }
-  /**
-   * Delete a code context
-   */
-  async deleteCodeContext(contextId) {
-    return this.codeInterpreter.deleteCodeContext(contextId);
-  }
-  // ============================================================================
-  // Session Management (Simple Isolation)
-  // ============================================================================
-  /**
-   * Create a new execution session with isolation
-   * Returns a session object with exec() method
-   */
-  async createSession(options) {
-    const sessionId = options.id || `session-${Date.now()}`;
-    await this.client.createSession({
-      id: sessionId,
-      env: options.env,
-      cwd: options.cwd,
-      isolation: options.isolation
-    });
-    return {
-      id: sessionId,
-      // Command execution - clean method names
-      exec: async (command, options2) => {
-        const result = await this.client.exec(sessionId, command);
-        return {
-          ...result,
-          command,
-          duration: 0,
-          timestamp: (/* @__PURE__ */ new Date()).toISOString()
-        };
-      },
-      execStream: async (command, options2) => {
-        return await this.client.execStream(sessionId, command);
-      },
-      // Process management - route to session-aware methods
-      startProcess: async (command, options2) => {
-        const response = await this.client.startProcess(command, sessionId, {
-          processId: options2?.processId,
-          timeout: options2?.timeout,
-          env: options2?.env,
-          cwd: options2?.cwd,
-          encoding: options2?.encoding,
-          autoCleanup: options2?.autoCleanup
-        });
-        const process = response.process;
-        return {
-          id: process.id,
-          pid: process.pid,
-          command: process.command,
-          status: process.status,
-          startTime: new Date(process.startTime),
-          endTime: process.endTime ? new Date(process.endTime) : void 0,
-          exitCode: process.exitCode ?? void 0,
-          kill: async (signal) => {
-            await this.client.killProcess(process.id);
-          },
-          getStatus: async () => {
-            const resp = await this.client.getProcess(process.id);
-            return resp.process?.status || "error";
-          },
-          getLogs: async () => {
-            return await this.client.getProcessLogs(process.id);
-          }
-        };
-      },
-      listProcesses: async () => {
-        const response = await this.client.listProcesses(sessionId);
-        return response.processes.map((p) => ({
-          id: p.id,
-          pid: p.pid,
-          command: p.command,
-          status: p.status,
-          startTime: new Date(p.startTime),
-          endTime: p.endTime ? new Date(p.endTime) : void 0,
-          exitCode: p.exitCode ?? void 0,
-          kill: async (signal) => {
-            await this.client.killProcess(p.id);
-          },
-          getStatus: async () => {
-            const processResp = await this.client.getProcess(p.id);
-            return processResp.process?.status || "error";
-          },
-          getLogs: async () => {
-            return this.client.getProcessLogs(p.id);
-          }
-        }));
-      },
-      getProcess: async (id) => {
-        const response = await this.client.getProcess(id);
-        if (!response.process) return null;
-        const p = response.process;
-        return {
-          id: p.id,
-          pid: p.pid,
-          command: p.command,
-          status: p.status,
-          startTime: new Date(p.startTime),
-          endTime: p.endTime ? new Date(p.endTime) : void 0,
-          exitCode: p.exitCode ?? void 0,
-          kill: async (signal) => {
-            await this.client.killProcess(p.id);
-          },
-          getStatus: async () => {
-            const processResp = await this.client.getProcess(p.id);
-            return processResp.process?.status || "error";
-          },
-          getLogs: async () => {
-            return this.client.getProcessLogs(p.id);
-          }
-        };
-      },
-      killProcess: async (id, signal) => {
-        await this.client.killProcess(id);
-      },
-      killAllProcesses: async () => {
-        const response = await this.client.killAllProcesses(sessionId);
-        return response.killedCount;
-      },
-      streamProcessLogs: async (processId, options2) => {
-        return await this.client.streamProcessLogs(processId, options2);
-      },
-      getProcessLogs: async (id) => {
-        return await this.client.getProcessLogs(id);
-      },
-      cleanupCompletedProcesses: async () => {
-        return 0;
-      },
-      // File operations - clean method names (no "InSession" suffix)
-      writeFile: async (path, content, options2) => {
-        return await this.client.writeFile(path, content, options2?.encoding, sessionId);
-      },
-      readFile: async (path, options2) => {
-        return await this.client.readFile(path, options2?.encoding, sessionId);
-      },
-      readFileStream: async (path) => {
-        return await this.client.readFileStream(path, sessionId);
-      },
-      mkdir: async (path, options2) => {
-        return await this.client.mkdir(path, options2?.recursive, sessionId);
-      },
-      deleteFile: async (path) => {
-        return await this.client.deleteFile(path, sessionId);
-      },
-      renameFile: async (oldPath, newPath) => {
-        return await this.client.renameFile(oldPath, newPath, sessionId);
-      },
-      moveFile: async (sourcePath, destinationPath) => {
-        return await this.client.moveFile(sourcePath, destinationPath, sessionId);
-      },
-      listFiles: async (path, options2) => {
-        return await this.client.listFiles(path, sessionId, options2);
-      },
-      gitCheckout: async (repoUrl, options2) => {
-        return await this.client.gitCheckout(repoUrl, sessionId, options2?.branch, options2?.targetDir);
-      },
-      // Port management
-      exposePort: async (port, options2) => {
-        return await this.exposePort(port, options2);
-      },
-      unexposePort: async (port) => {
-        return await this.unexposePort(port);
-      },
-      getExposedPorts: async (hostname) => {
-        return await this.getExposedPorts(hostname);
-      },
-      // Environment management
-      setEnvVars: async (envVars) => {
-        console.log(`[Session ${sessionId}] Environment variables update not yet implemented`);
-      },
-      // Code Interpreter API
-      createCodeContext: async (options2) => {
-        return await this.createCodeContext(options2);
-      },
-      runCode: async (code, options2) => {
-        return await this.runCode(code, options2);
-      },
-      runCodeStream: async (code, options2) => {
-        return await this.runCodeStream(code, options2);
-      },
-      listCodeContexts: async () => {
-        return await this.listCodeContexts();
-      },
-      deleteCodeContext: async (contextId) => {
-        return await this.deleteCodeContext(contextId);
-      }
-    };
-  }
-};
-
-export {
-  getSandbox,
-  Sandbox,
-  proxyToSandbox,
-  isLocalhostPattern
-};
-//# sourceMappingURL=chunk-SQLJNZ3K.js.map