@cloudflare/sandbox 0.4.15 → 0.4.16

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cloudflare/sandbox",
-  "version": "0.4.15",
+  "version": "0.4.16",
   "repository": {
     "type": "git",
     "url": "https://github.com/cloudflare/sandbox-sdk"

package/src/clients/git-client.ts

@@ -1,4 +1,5 @@
 import type { GitCheckoutResult } from '@repo/shared';
+import { GitLogger } from '@repo/shared';
 import { BaseHttpClient } from './base-client';
 import type { HttpClientOptions, SessionRequest } from './types';
 
@@ -18,6 +19,12 @@ export interface GitCheckoutRequest extends SessionRequest {
  * Client for Git repository operations
  */
 export class GitClient extends BaseHttpClient {
+  constructor(options: HttpClientOptions = {}) {
+    super(options);
+    // Wrap logger with GitLogger to auto-redact credentials
+    this.logger = new GitLogger(this.logger);
+  }
+
   /**
    * Clone a Git repository
    * @param repoUrl - URL of the Git repository to clone

package/src/clients/index.ts

@@ -54,6 +54,10 @@ export type {
 // Utility client types
 export type {
   CommandsResponse,
+  CreateSessionRequest,
+  CreateSessionResponse,
+  DeleteSessionRequest,
+  DeleteSessionResponse,
   PingResponse,
   VersionResponse
 } from './utility-client';

package/src/clients/utility-client.ts

@@ -41,6 +41,20 @@ export interface CreateSessionResponse extends BaseApiResponse {
   message: string;
 }
 
+/**
+ * Request interface for deleting sessions
+ */
+export interface DeleteSessionRequest {
+  sessionId: string;
+}
+
+/**
+ * Response interface for deleting sessions
+ */
+export interface DeleteSessionResponse extends BaseApiResponse {
+  sessionId: string;
+}
+
 /**
  * Client for health checks and utility operations
  */
@@ -100,6 +114,25 @@ export class UtilityClient extends BaseHttpClient {
     }
   }
 
+  /**
+   * Delete an execution session
+   * @param sessionId - Session ID to delete
+   */
+  async deleteSession(sessionId: string): Promise<DeleteSessionResponse> {
+    try {
+      const response = await this.post<DeleteSessionResponse>(
+        '/api/session/delete',
+        { sessionId }
+      );
+
+      this.logSuccess('Session deleted', `ID: ${sessionId}`);
+      return response;
+    } catch (error) {
+      this.logError('deleteSession', error);
+      throw error;
+    }
+  }
+
   /**
    * Get the container version
    * Returns the version embedded in the Docker image during build

package/src/index.ts

@@ -38,6 +38,12 @@ export type {
   BaseApiResponse,
   CommandsResponse,
   ContainerStub,
+
+  // Utility client types
+  CreateSessionRequest,
+  CreateSessionResponse,
+  DeleteSessionRequest,
+  DeleteSessionResponse,
   ErrorResponse,
 
   // Command client types
@@ -56,8 +62,6 @@ export type {
 
   // File client types
   MkdirRequest,
-
-  // Utility client types
   PingResponse,
   PortCloseResult,
   PortExposeResult,

package/src/sandbox.ts

@@ -17,7 +17,12 @@ import type {
   SessionOptions,
   StreamOptions
 } from '@repo/shared';
-import { createLogger, runWithLogger, TraceContext } from '@repo/shared';
+import {
+  createLogger,
+  runWithLogger,
+  type SessionDeleteResult,
+  TraceContext
+} from '@repo/shared';
 import { type ExecuteResponse, SandboxClient } from './clients';
 import type { ErrorResponse } from './errors';
 import { CustomDomainRequiredError, ErrorCode } from './errors';
@@ -54,9 +59,9 @@ export function getSandbox(
   });
 }
 
-export function connect(
-  stub: { fetch: (request: Request) => Promise<Response> }
-) {
+export function connect(stub: {
+  fetch: (request: Request) => Promise<Response>;
+}) {
   return async (request: Request, port: number) => {
     // Validate port before routing
     if (!validatePort(port)) {
@@ -1110,6 +1115,34 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
     return this.getSessionWrapper(sessionId);
   }
 
+  /**
+   * Delete an execution session
+   * Cleans up session resources and removes it from the container
+   * Note: Cannot delete the default session. To reset the default session,
+   * use sandbox.destroy() to terminate the entire sandbox.
+   *
+   * @param sessionId - The ID of the session to delete
+   * @returns Result with success status, sessionId, and timestamp
+   * @throws Error if attempting to delete the default session
+   */
+  async deleteSession(sessionId: string): Promise<SessionDeleteResult> {
+    // Prevent deletion of default session
+    if (this.defaultSession && sessionId === this.defaultSession) {
+      throw new Error(
+        `Cannot delete default session '${sessionId}'. Use sandbox.destroy() to terminate the sandbox.`
+      );
+    }
+
+    const response = await this.client.utils.deleteSession(sessionId);
+
+    // Map HTTP response to result type
+    return {
+      success: response.success,
+      sessionId: response.sessionId,
+      timestamp: response.timestamp
+    };
+  }
+
   /**
    * Internal helper to create ExecutionSession wrapper for a given sessionId
    * Used by both createSession and getSession

package/src/version.ts

@@ -3,4 +3,4 @@
  * This file is auto-updated by .github/changeset-version.ts during releases
  * DO NOT EDIT MANUALLY - Changes will be overwritten on the next version bump
  */
-export const SDK_VERSION = '0.4.15';
+export const SDK_VERSION = '0.4.16';

package/tests/git-client.test.ts

@@ -412,4 +412,76 @@ describe('GitClient', () => {
       expect(fullOptionsClient).toBeInstanceOf(GitClient);
     });
   });
+
+  describe('credential redaction in logs', () => {
+    it('should redact credentials from URLs but leave public URLs unchanged', async () => {
+      const mockLogger = {
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn(),
+        child: vi.fn()
+      };
+
+      const clientWithLogger = new GitClient({
+        baseUrl: 'http://test.com',
+        port: 3000,
+        logger: mockLogger
+      });
+
+      // Test with credentials
+      mockFetch.mockResolvedValueOnce(
+        new Response(
+          JSON.stringify({
+            success: true,
+            stdout: "Cloning into 'private-repo'...\nDone.",
+            stderr: '',
+            exitCode: 0,
+            repoUrl:
+              'https://oauth2:ghp_token123@github.com/user/private-repo.git',
+            branch: 'main',
+            targetDir: '/workspace/private-repo',
+            timestamp: '2023-01-01T00:00:00Z'
+          }),
+          { status: 200 }
+        )
+      );
+
+      await clientWithLogger.checkout(
+        'https://oauth2:ghp_token123@github.com/user/private-repo.git',
+        'test-session'
+      );
+
+      let logDetails = mockLogger.info.mock.calls[0]?.[1]?.details;
+      expect(logDetails).not.toContain('ghp_token123');
+      expect(logDetails).toContain(
+        'https://******@github.com/user/private-repo.git'
+      );
+
+      // Test without credentials
+      mockFetch.mockResolvedValueOnce(
+        new Response(
+          JSON.stringify({
+            success: true,
+            stdout: "Cloning into 'react'...\nDone.",
+            stderr: '',
+            exitCode: 0,
+            repoUrl: 'https://github.com/facebook/react.git',
+            branch: 'main',
+            targetDir: '/workspace/react',
+            timestamp: '2023-01-01T00:00:00Z'
+          }),
+          { status: 200 }
+        )
+      );
+
+      await clientWithLogger.checkout(
+        'https://github.com/facebook/react.git',
+        'test-session'
+      );
+
+      logDetails = mockLogger.info.mock.calls[1]?.[1]?.details;
+      expect(logDetails).toContain('https://github.com/facebook/react.git');
+    });
+  });
 });

package/tests/sandbox.test.ts

@@ -703,4 +703,37 @@ describe('Sandbox - Automatic Session Management', () => {
       expect(url.searchParams.get('room')).toBe('lobby');
     });
   });
+
+  describe('deleteSession', () => {
+    it('should prevent deletion of default session', async () => {
+      // Trigger creation of default session
+      await sandbox.exec('echo "test"');
+
+      // Verify default session exists
+      expect((sandbox as any).defaultSession).toBeTruthy();
+      const defaultSessionId = (sandbox as any).defaultSession;
+
+      // Attempt to delete default session should throw
+      await expect(sandbox.deleteSession(defaultSessionId)).rejects.toThrow(
+        `Cannot delete default session '${defaultSessionId}'. Use sandbox.destroy() to terminate the sandbox.`
+      );
+    });
+
+    it('should allow deletion of non-default sessions', async () => {
+      // Mock the deleteSession API response
+      vi.spyOn(sandbox.client.utils, 'deleteSession').mockResolvedValue({
+        success: true,
+        sessionId: 'custom-session',
+        timestamp: new Date().toISOString()
+      });
+
+      // Create a custom session
+      await sandbox.createSession({ id: 'custom-session' });
+
+      // Should successfully delete non-default session
+      const result = await sandbox.deleteSession('custom-session');
+      expect(result.success).toBe(true);
+      expect(result.sessionId).toBe('custom-session');
+    });
+  });
 });