@cloudflare/sandbox 0.4.12 → 0.4.15

package/.turbo/turbo-build.log

@@ -1,49 +1,15 @@
 
-> @cloudflare/sandbox@0.4.12 build
-> rm -rf dist && tsup src/*.ts --outDir dist --dts --sourcemap --format esm
+> @cloudflare/sandbox@0.4.15 build
+> rm -rf dist && tsdown --config tsdown.config.ts
 
-CLI Building entry: src/file-stream.ts, src/index.ts, src/interpreter.ts, src/request-handler.ts, src/sandbox.ts, src/security.ts, src/sse-parser.ts, src/version.ts
-CLI Using tsconfig: tsconfig.json
-CLI tsup v8.5.0
-CLI Target: es2022
-ESM Build start
-ESM dist/file-stream.js         146.00 B
-ESM dist/index.js               1.13 KB
-ESM dist/chunk-BFVUNTP4.js      2.76 KB
-ESM dist/interpreter.js         156.00 B
-ESM dist/request-handler.js     292.00 B
-ESM dist/sandbox.js             254.00 B
-ESM dist/chunk-YE265ASX.js      76.11 KB
-ESM dist/chunk-JXZMAU2C.js      14.43 KB
-ESM dist/security.js            233.00 B
-ESM dist/chunk-Z532A7QC.js      1.75 KB
-ESM dist/sse-parser.js          233.00 B
-ESM dist/chunk-EKSWCBCA.js      2.28 KB
-ESM dist/version.js             114.00 B
-ESM dist/chunk-UJ3TV4M6.js      115.00 B
-ESM dist/file-stream.js.map     71.00 B
-ESM dist/chunk-BFVUNTP4.js.map  6.71 KB
-ESM dist/index.js.map           71.00 B
-ESM dist/request-handler.js.map 71.00 B
-ESM dist/interpreter.js.map     71.00 B
-ESM dist/sandbox.js.map         71.00 B
-ESM dist/chunk-JXZMAU2C.js.map  33.44 KB
-ESM dist/security.js.map        71.00 B
-ESM dist/chunk-Z532A7QC.js.map  3.96 KB
-ESM dist/sse-parser.js.map      71.00 B
-ESM dist/chunk-EKSWCBCA.js.map  5.61 KB
-ESM dist/chunk-YE265ASX.js.map  156.35 KB
-ESM dist/version.js.map         71.00 B
-ESM dist/chunk-UJ3TV4M6.js.map  391.00 B
-ESM ⚡️ Build success in 107ms
-DTS Build start
-DTS ⚡️ Build success in 2679ms
-DTS dist/index.d.ts            1.46 KB
-DTS dist/file-stream.d.ts      1.34 KB
-DTS dist/interpreter.d.ts      1007.00 B
-DTS dist/request-handler.d.ts  565.00 B
-DTS dist/security.d.ts         1.05 KB
-DTS dist/sse-parser.d.ts       1.18 KB
-DTS dist/version.d.ts          303.00 B
-DTS dist/sandbox.d.ts          156.00 B
-DTS dist/sandbox-CLZWpfGc.d.ts 21.79 KB
+ℹ tsdown v0.15.11 powered by rolldown v1.0.0-beta.45
+ℹ Using tsdown config: /home/runner/work/sandbox-sdk/sandbox-sdk/packages/sandbox/tsdown.config.ts
+ℹ entry: src/index.ts
+ℹ tsconfig: tsconfig.json
+ℹ Build start
+ℹ dist/index.js         95.61 kB │ gzip: 21.55 kB
+ℹ dist/index.js.map    202.56 kB │ gzip: 44.33 kB
+ℹ dist/index.d.ts.map   72.31 kB │ gzip: 19.90 kB
+ℹ dist/index.d.ts       53.99 kB │ gzip: 11.70 kB
+ℹ 4 files, total: 424.47 kB
+✔ Build complete in 1968ms

package/CHANGELOG.md

@@ -1,5 +1,39 @@
 # @cloudflare/sandbox
 
+## 0.4.15
+
+### Patch Changes
+
+- [#185](https://github.com/cloudflare/sandbox-sdk/pull/185) [`7897cdd`](https://github.com/cloudflare/sandbox-sdk/commit/7897cddefc366bbd640ea138b34a520a0b2ddf8c) Thanks [@ghostwriternr](https://github.com/ghostwriternr)! - Fix foreground commands blocking on background processes
+
+- [#183](https://github.com/cloudflare/sandbox-sdk/pull/183) [`ff2fa91`](https://github.com/cloudflare/sandbox-sdk/commit/ff2fa91479357ef88cfb22418f88acb257462faa) Thanks [@whoiskatrin](https://github.com/whoiskatrin)! - update python to 3.11.14
+
+## 0.4.14
+
+### Patch Changes
+
+- [#172](https://github.com/cloudflare/sandbox-sdk/pull/172) [`1bf3576`](https://github.com/cloudflare/sandbox-sdk/commit/1bf35768b02532c77df6f30a2f2eb08cb2b12115) Thanks [@threepointone](https://github.com/threepointone)! - Update dependencies
+
+- [#176](https://github.com/cloudflare/sandbox-sdk/pull/176) [`7edbfa9`](https://github.com/cloudflare/sandbox-sdk/commit/7edbfa906668d75f540527f50b52483dc787192c) Thanks [@ghostwriternr](https://github.com/ghostwriternr)! - Add cache mounts to Dockerfile for faster builds
+
+  Adds cache mounts for npm, apt, and pip package managers in the Dockerfile. This speeds up Docker image builds when dependencies change, particularly beneficial for users building from source.
+
+- [#172](https://github.com/cloudflare/sandbox-sdk/pull/172) [`1bf3576`](https://github.com/cloudflare/sandbox-sdk/commit/1bf35768b02532c77df6f30a2f2eb08cb2b12115) Thanks [@threepointone](https://github.com/threepointone)! - Fix type generation
+
+  We inline types from `@repo/shared` so that it includes the types we reexport. Fixes #165
+
+- [#175](https://github.com/cloudflare/sandbox-sdk/pull/175) [`77cb937`](https://github.com/cloudflare/sandbox-sdk/commit/77cb93762a619523758f769a10509e665ca819fe) Thanks [@ghostwriternr](https://github.com/ghostwriternr)! - Move .connect to .wsConnect within DO stub
+
+## 0.4.13
+
+### Patch Changes
+
+- [#168](https://github.com/cloudflare/sandbox-sdk/pull/168) [`6b08f02`](https://github.com/cloudflare/sandbox-sdk/commit/6b08f02c061aef07cc98188abef2973ac92365f8) Thanks [@threepointone](https://github.com/threepointone)! - Fix type generation
+
+  We inline types from `@repo/shared` so that it includes the types we reexport. Fixes #165
+
+- [#162](https://github.com/cloudflare/sandbox-sdk/pull/162) [`c4db459`](https://github.com/cloudflare/sandbox-sdk/commit/c4db459389a7b86048a03410d67d4dd7bf4a6085) Thanks [@whoiskatrin](https://github.com/whoiskatrin)! - Add WebSocket support via connect() method for routing client WebSocket connections directly to container services
+
 ## 0.4.12
 
 ### Patch Changes
@@ -27,7 +61,6 @@
   This adds a new `exists()` method to the SDK that checks whether a file or directory exists at a given path. The method returns a boolean indicating existence, similar to Python's `os.path.exists()` and JavaScript's `fs.existsSync()`.
 
   The implementation is end-to-end:
-
   - New `FileExistsResult` and `FileExistsRequest` types in shared package
   - Handler endpoint at `/api/exists` in container layer
   - Client method in `FileClient` and `Sandbox` classes
@@ -126,50 +159,47 @@
   Implements PID namespace isolation to protect control plane processes (Jupyter, Bun) from sandboxed code. Commands executed via `exec()` now run in isolated namespaces that cannot see or interact with system processes.
 
   **Key security improvements:**
-
   - Control plane processes are hidden from sandboxed commands
   - Platform secrets in `/proc/1/environ` are inaccessible
   - Ports 8888 (Jupyter) and 3000 (Bun) are protected from hijacking
 
   **Breaking changes:**
-
   1. **Removed `sessionId` parameter**: The `sessionId` parameter has been removed from all methods (`exec()`, `execStream()`, `startProcess()`, etc.). Each sandbox now maintains its own persistent session automatically.
 
      ```javascript
      // Before: manual session management
-     await sandbox.exec("cd /app", { sessionId: "my-session" });
+     await sandbox.exec('cd /app', { sessionId: 'my-session' });
 
      // After: automatic session per sandbox
-     await sandbox.exec("cd /app");
+     await sandbox.exec('cd /app');
      ```
 
   2. **Commands now maintain state**: Commands within the same sandbox now share state (working directory, environment variables, background processes). Previously each command was stateless.
 
      ```javascript
      // Before: each exec was independent
-     await sandbox.exec("cd /app");
-     await sandbox.exec("pwd"); // Output: /workspace
+     await sandbox.exec('cd /app');
+     await sandbox.exec('pwd'); // Output: /workspace
 
      // After: state persists in session
-     await sandbox.exec("cd /app");
-     await sandbox.exec("pwd"); // Output: /app
+     await sandbox.exec('cd /app');
+     await sandbox.exec('pwd'); // Output: /app
      ```
 
   **Migration guide:**
-
   - Remove `sessionId` from all method calls - each sandbox maintains its own session
   - If you need isolated execution contexts within the same sandbox, use `sandbox.createSession()`:
     ```javascript
     // Create independent sessions with different environments
     const buildSession = await sandbox.createSession({
-      name: "build",
-      env: { NODE_ENV: "production" },
-      cwd: "/build",
+      name: 'build',
+      env: { NODE_ENV: 'production' },
+      cwd: '/build'
     });
     const testSession = await sandbox.createSession({
-      name: "test",
-      env: { NODE_ENV: "test" },
-      cwd: "/test",
+      name: 'test',
+      env: { NODE_ENV: 'test' },
+      cwd: '/test'
     });
     ```
   - Environment variables set in one command persist to the next

package/Dockerfile

@@ -29,8 +29,9 @@ WORKDIR /app
 COPY --from=pruner /app/out/json/ .
 COPY --from=pruner /app/out/package-lock.json ./package-lock.json
 
-# Install ALL dependencies (including devDependencies for build)
-RUN npm ci
+# Install ALL dependencies with cache mount for npm packages
+RUN --mount=type=cache,target=/root/.npm \
+    npm ci
 
 # Copy pruned source code
 COPY --from=pruner /app/out/full/ .
@@ -53,10 +54,53 @@ COPY --from=builder /app/packages ./packages
 COPY --from=builder /app/tooling ./tooling
 
 # Install ONLY production dependencies (excludes typescript, @types/*, etc.)
-RUN npm ci --production
+RUN --mount=type=cache,target=/root/.npm \
+    npm ci --production
 
 # ============================================================================
-# Stage 4: Runtime - Ubuntu 22.04 with only runtime dependencies
+# Stage 4: Download pre-built Python 3.11.14
+# ============================================================================
+FROM ubuntu:22.04 AS python-builder
+
+# Prevent interactive prompts during package installation
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Accept architecture from Docker BuildKit (for multi-arch builds)
+ARG TARGETARCH
+
+# Install minimal dependencies for downloading
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    rm -f /etc/apt/apt.conf.d/docker-clean && \
+    echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache && \
+    apt-get update && apt-get install -y --no-install-recommends \
+    wget ca-certificates
+
+# Download and extract pre-built Python 3.11.14 from python-build-standalone
+# Using PGO+LTO optimized builds for better performance
+# Supports multi-arch: amd64 (x86_64) and arm64 (aarch64)
+RUN --mount=type=cache,target=/tmp/python-cache \
+    # Map Docker TARGETARCH to python-build-standalone arch naming
+    if [ "$TARGETARCH" = "amd64" ]; then \
+        PYTHON_ARCH="x86_64-unknown-linux-gnu"; \
+        EXPECTED_SHA256="edd8d11aa538953d12822fab418359a692fd1ee4ca2675579fbf0fa31e3688f1"; \
+    elif [ "$TARGETARCH" = "arm64" ]; then \
+        PYTHON_ARCH="aarch64-unknown-linux-gnu"; \
+        EXPECTED_SHA256="08141d31f95d86a23f23e4c741b726de0055f12f83200d1d4867b4e8e6e967c5"; \
+    else \
+        echo "Unsupported architecture: $TARGETARCH" && exit 1; \
+    fi && \
+    cd /tmp/python-cache && \
+    wget -nc https://github.com/indygreg/python-build-standalone/releases/download/20251028/cpython-3.11.14+20251028-${PYTHON_ARCH}-install_only.tar.gz && \
+    # Verify SHA256 checksum for security
+    echo "${EXPECTED_SHA256}  cpython-3.11.14+20251028-${PYTHON_ARCH}-install_only.tar.gz" | sha256sum -c - && \
+    cd /tmp && \
+    tar -xzf /tmp/python-cache/cpython-3.11.14+20251028-${PYTHON_ARCH}-install_only.tar.gz && \
+    mv python /usr/local/ && \
+    rm -rf /tmp/cpython-*
+
+# ============================================================================
+# Stage 5: Runtime - Ubuntu 22.04 with only runtime dependencies
 # ============================================================================
 FROM ubuntu:22.04 AS runtime
 
@@ -69,40 +113,43 @@ ENV DEBIAN_FRONTEND=noninteractive
 # Set the sandbox version as an environment variable for version checking
 ENV SANDBOX_VERSION=${SANDBOX_VERSION}
 
-# Install essential runtime packages
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    curl \
-    wget \
-    ca-certificates \
-    python3.11 \
-    python3-pip \
-    python3.11-venv \
-    procps \
-    git \
-    unzip \
-    zip \
-    jq \
-    file \
-    && rm -rf /var/lib/apt/lists/*
+# Install runtime packages and Python runtime libraries
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    rm -f /etc/apt/apt.conf.d/docker-clean && \
+    echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache && \
+    apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates curl wget procps git unzip zip jq file \
+    libssl3 zlib1g libbz2-1.0 libreadline8 libsqlite3-0 \
+    libncursesw6 libtinfo6 libxml2 libxmlsec1 libffi8 liblzma5 libtk8.6 && \
+    update-ca-certificates
+
+# Copy pre-built Python from python-builder stage
+COPY --from=python-builder /usr/local/python /usr/local/python
+
+# Create symlinks and update shared library cache
+RUN ln -s /usr/local/python/bin/python3.11 /usr/local/bin/python3.11 && \
+    ln -s /usr/local/python/bin/python3 /usr/local/bin/python3 && \
+    ln -s /usr/local/python/bin/pip3 /usr/local/bin/pip3 && \
+    echo "/usr/local/python/lib" > /etc/ld.so.conf.d/python.conf && \
+    ldconfig
 
 # Set Python 3.11 as default python3
-RUN update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 1
+RUN update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.11 1
 
-# Install Node.js 20 LTS using official NodeSource setup script
-RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
-    && apt-get install -y nodejs \
-    && rm -rf /var/lib/apt/lists/*
+# Install Python packages
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pip3 install --no-cache-dir matplotlib numpy pandas ipython
+
+# Install Node.js 20 LTS from official Node image
+COPY --from=node:20-slim /usr/local/bin/node /usr/local/bin/node
+COPY --from=node:20-slim /usr/local/lib/node_modules /usr/local/lib/node_modules
+RUN ln -s /usr/local/lib/node_modules/npm/bin/npm-cli.js /usr/local/bin/npm && \
+    ln -s /usr/local/lib/node_modules/npm/bin/npx-cli.js /usr/local/bin/npx
 
 # Install Bun runtime from official image
 COPY --from=oven/bun:1 /usr/local/bin/bun /usr/local/bin/bun
 
-# Install essential Python packages for code execution
-RUN pip3 install --no-cache-dir \
-    matplotlib \
-    numpy \
-    pandas \
-    ipython
-
 # Set up runtime container server directory
 WORKDIR /container-server
 

package/README.md

@@ -116,9 +116,17 @@ export default {
 - **Preview URLs** - Expose services with public URLs
 - **Git Integration** - Clone repositories directly
 
+## Contributing
+
+We welcome contributions from the community! See [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines on:
+
+- Setting up your development environment
+- Creating pull requests
+- Code style and testing requirements
+
 ## Development
 
-This repository contains the SDK source code. To contribute:
+This repository contains the SDK source code. Quick start:
 
 ```bash
 # Clone the repo
@@ -144,7 +152,6 @@ See the [examples directory](./examples) for complete working examples:
 
 - [Minimal](./examples/minimal) - Basic sandbox setup
 - [Code Interpreter](./examples/code-interpreter) - Use sandbox as an interpreter tool with gpt-oss
-- [Complete](./examples/basic) - Huge example integrated with every sandbox feature
 
 ## Status