@cloudflare/sandbox 0.5.1 → 0.5.2

package/src/sandbox.ts

@@ -22,7 +22,6 @@ import type {
 import {
   createLogger,
   getEnvString,
-  runWithLogger,
   type SessionDeleteResult,
   shellEscape,
   TraceContext
@@ -757,8 +756,20 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
     }
   }
 
-  override onStop() {
+  override async onStop() {
     this.logger.debug('Sandbox stopped');
+
+    // Clear in-memory state that references the old container
+    // This prevents stale references after container restarts
+    this.portTokens.clear();
+    this.defaultSession = null;
+    this.activeMounts.clear();
+
+    // Persist cleanup to storage so state is clean on next container start
+    await Promise.all([
+      this.ctx.storage.delete('portTokens'),
+      this.ctx.storage.delete('defaultSession')
+    ]);
   }
 
   override onError(error: unknown) {
@@ -905,48 +916,46 @@ export class Sandbox<Env = unknown> extends Container<Env> implements ISandbox {
     // Create request-specific logger with trace ID
     const requestLogger = this.logger.child({ traceId, operation: 'fetch' });
 
-    return await runWithLogger(requestLogger, async () => {
-      const url = new URL(request.url);
+    const url = new URL(request.url);
 
-      // Capture and store the sandbox name from the header if present
-      if (!this.sandboxName && request.headers.has('X-Sandbox-Name')) {
-        const name = request.headers.get('X-Sandbox-Name')!;
-        this.sandboxName = name;
-        await this.ctx.storage.put('sandboxName', name);
-      }
+    // Capture and store the sandbox name from the header if present
+    if (!this.sandboxName && request.headers.has('X-Sandbox-Name')) {
+      const name = request.headers.get('X-Sandbox-Name')!;
+      this.sandboxName = name;
+      await this.ctx.storage.put('sandboxName', name);
+    }
 
-      // Detect WebSocket upgrade request (RFC 6455 compliant)
-      const upgradeHeader = request.headers.get('Upgrade');
-      const connectionHeader = request.headers.get('Connection');
-      const isWebSocket =
-        upgradeHeader?.toLowerCase() === 'websocket' &&
-        connectionHeader?.toLowerCase().includes('upgrade');
+    // Detect WebSocket upgrade request (RFC 6455 compliant)
+    const upgradeHeader = request.headers.get('Upgrade');
+    const connectionHeader = request.headers.get('Connection');
+    const isWebSocket =
+      upgradeHeader?.toLowerCase() === 'websocket' &&
+      connectionHeader?.toLowerCase().includes('upgrade');
 
-      if (isWebSocket) {
-        // WebSocket path: Let parent Container class handle WebSocket proxying
-        // This bypasses containerFetch() which uses JSRPC and cannot handle WebSocket upgrades
-        try {
-          requestLogger.debug('WebSocket upgrade requested', {
-            path: url.pathname,
-            port: this.determinePort(url)
-          });
-          return await super.fetch(request);
-        } catch (error) {
-          requestLogger.error(
-            'WebSocket connection failed',
-            error instanceof Error ? error : new Error(String(error)),
-            { path: url.pathname }
-          );
-          throw error;
-        }
+    if (isWebSocket) {
+      // WebSocket path: Let parent Container class handle WebSocket proxying
+      // This bypasses containerFetch() which uses JSRPC and cannot handle WebSocket upgrades
+      try {
+        requestLogger.debug('WebSocket upgrade requested', {
+          path: url.pathname,
+          port: this.determinePort(url)
+        });
+        return await super.fetch(request);
+      } catch (error) {
+        requestLogger.error(
+          'WebSocket connection failed',
+          error instanceof Error ? error : new Error(String(error)),
+          { path: url.pathname }
+        );
+        throw error;
       }
+    }
 
-      // Non-WebSocket: Use existing port determination and HTTP routing logic
-      const port = this.determinePort(url);
+    // Non-WebSocket: Use existing port determination and HTTP routing logic
+    const port = this.determinePort(url);
 
-      // Route to the appropriate port
-      return await this.containerFetch(request, port);
-    });
+    // Route to the appropriate port
+    return await this.containerFetch(request, port);
   }
 
   wsConnect(request: Request, port: number): Promise<Response> {

package/src/version.ts

@@ -3,4 +3,4 @@
  * This file is auto-updated by .github/changeset-version.ts during releases
  * DO NOT EDIT MANUALLY - Changes will be overwritten on the next version bump
  */
-export const SDK_VERSION = '0.5.1';
+export const SDK_VERSION = '0.5.2';

package/tests/git-client.test.ts

@@ -1,5 +1,5 @@
+import type { GitCheckoutResult } from '@repo/shared';
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
-import type { GitCheckoutResponse } from '../src/clients';
 import { GitClient } from '../src/clients/git-client';
 import {
   GitAuthenticationError,
@@ -35,12 +35,8 @@ describe('GitClient', () => {
 
   describe('repository cloning', () => {
     it('should clone public repositories successfully', async () => {
-      const mockResponse: GitCheckoutResponse = {
+      const mockResponse: GitCheckoutResult = {
         success: true,
-        stdout:
-          "Cloning into 'react'...\nReceiving objects: 100% (1284/1284), done.",
-        stderr: '',
-        exitCode: 0,
         repoUrl: 'https://github.com/facebook/react.git',
         branch: 'main',
         targetDir: 'react',
@@ -59,15 +55,11 @@ describe('GitClient', () => {
       expect(result.success).toBe(true);
       expect(result.repoUrl).toBe('https://github.com/facebook/react.git');
       expect(result.branch).toBe('main');
-      expect(result.exitCode).toBe(0);
     });
 
     it('should clone repositories to specific branches', async () => {
-      const mockResponse: GitCheckoutResponse = {
+      const mockResponse: GitCheckoutResult = {
         success: true,
-        stdout: "Cloning into 'project'...\nSwitching to branch 'development'",
-        stderr: '',
-        exitCode: 0,
         repoUrl: 'https://github.com/company/project.git',
         branch: 'development',
         targetDir: 'project',
@@ -89,11 +81,8 @@ describe('GitClient', () => {
     });
 
     it('should clone repositories to custom directories', async () => {
-      const mockResponse: GitCheckoutResponse = {
+      const mockResponse: GitCheckoutResult = {
         success: true,
-        stdout: "Cloning into 'workspace/my-app'...\nDone.",
-        stderr: '',
-        exitCode: 0,
         repoUrl: 'https://github.com/user/my-app.git',
         branch: 'main',
         targetDir: 'workspace/my-app',
@@ -115,12 +104,8 @@ describe('GitClient', () => {
     });
 
     it('should handle large repository clones with warnings', async () => {
-      const mockResponse: GitCheckoutResponse = {
+      const mockResponse: GitCheckoutResult = {
         success: true,
-        stdout:
-          "Cloning into 'linux'...\nReceiving objects: 100% (8125432/8125432), 2.34 GiB, done.",
-        stderr: 'warning: filtering not recognized by server',
-        exitCode: 0,
         repoUrl: 'https://github.com/torvalds/linux.git',
         branch: 'master',
         targetDir: 'linux',
@@ -137,15 +122,11 @@ describe('GitClient', () => {
       );
 
       expect(result.success).toBe(true);
-      expect(result.stderr).toContain('warning:');
     });
 
     it('should handle SSH repository URLs', async () => {
-      const mockResponse: GitCheckoutResponse = {
+      const mockResponse: GitCheckoutResult = {
         success: true,
-        stdout: "Cloning into 'private-project'...\nDone.",
-        stderr: '',
-        exitCode: 0,
         repoUrl: 'git@github.com:company/private-project.git',
         branch: 'main',
         targetDir: 'private-project',
@@ -175,8 +156,6 @@ describe('GitClient', () => {
             JSON.stringify({
               success: true,
               stdout: `Cloning into '${repoName}'...\nDone.`,
-              stderr: '',
-              exitCode: 0,
               repoUrl: body.repoUrl,
               branch: body.branch || 'main',
               targetDir: body.targetDir || repoName,
@@ -320,11 +299,8 @@ describe('GitClient', () => {
     });
 
     it('should handle partial clone failures', async () => {
-      const mockResponse: GitCheckoutResponse = {
+      const mockResponse: GitCheckoutResult = {
         success: false,
-        stdout: "Cloning into 'repo'...\nReceiving objects:  45% (450/1000)",
-        stderr: 'error: RPC failed\nfatal: early EOF',
-        exitCode: 128,
         repoUrl: 'https://github.com/problematic/repo.git',
         branch: 'main',
         targetDir: 'repo',
@@ -341,8 +317,6 @@ describe('GitClient', () => {
       );
 
       expect(result.success).toBe(false);
-      expect(result.exitCode).toBe(128);
-      expect(result.stderr).toContain('RPC failed');
     });
   });
 
@@ -434,9 +408,6 @@ describe('GitClient', () => {
         new Response(
           JSON.stringify({
             success: true,
-            stdout: "Cloning into 'private-repo'...\nDone.",
-            stderr: '',
-            exitCode: 0,
             repoUrl:
               'https://oauth2:ghp_token123@github.com/user/private-repo.git',
             branch: 'main',
@@ -463,9 +434,6 @@ describe('GitClient', () => {
         new Response(
           JSON.stringify({
             success: true,
-            stdout: "Cloning into 'react'...\nDone.",
-            stderr: '',
-            exitCode: 0,
             repoUrl: 'https://github.com/facebook/react.git',
             branch: 'main',
             targetDir: '/workspace/react',

package/tests/openai-shell-editor.test.ts

@@ -0,0 +1,434 @@
+import type { ApplyPatchOperation } from '@openai/agents';
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+import { Editor, Shell } from '../src/openai/index';
+import type { Sandbox } from '../src/sandbox';
+
+interface MockSandbox {
+  exec?: ReturnType<typeof vi.fn>;
+  mkdir?: ReturnType<typeof vi.fn>;
+  writeFile?: ReturnType<typeof vi.fn>;
+  readFile?: ReturnType<typeof vi.fn>;
+  deleteFile?: ReturnType<typeof vi.fn>;
+}
+
+const { loggerSpies, createLoggerMock, applyDiffMock } = vi.hoisted(() => {
+  const logger = {
+    debug: vi.fn(),
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+    child: vi.fn().mockReturnThis()
+  };
+
+  return {
+    loggerSpies: logger,
+    createLoggerMock: vi.fn(() => logger),
+    applyDiffMock: vi.fn<(...args: any[]) => string>()
+  };
+});
+
+vi.mock('@repo/shared', () => ({
+  createLogger: createLoggerMock
+}));
+
+vi.mock('@openai/agents', () => ({
+  applyDiff: applyDiffMock
+}));
+
+describe('Shell', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it('runs commands and collects results', async () => {
+    const execMock = vi.fn().mockResolvedValue({
+      stdout: 'hello\n',
+      stderr: '',
+      exitCode: 0
+    });
+
+    const mockSandbox: MockSandbox = { exec: execMock };
+    const shell = new Shell(mockSandbox as unknown as Sandbox);
+
+    const result = await shell.run({
+      commands: ['echo hello'],
+      timeoutMs: 500
+    });
+
+    expect(execMock).toHaveBeenCalledWith('echo hello', {
+      timeout: 500,
+      cwd: '/workspace'
+    });
+    expect(result.output).toHaveLength(1);
+    expect(result.output[0]).toMatchObject({
+      command: 'echo hello',
+      stdout: 'hello\n',
+      stderr: '',
+      outcome: { type: 'exit', exitCode: 0 }
+    });
+    expect(shell.results).toHaveLength(1);
+    expect(loggerSpies.info).toHaveBeenCalledWith(
+      'Command completed successfully',
+      { command: 'echo hello' }
+    );
+  });
+
+  it('halts subsequent commands after a timeout error', async () => {
+    const timeoutError = new Error('Command timed out');
+    const execMock = vi.fn().mockRejectedValue(timeoutError);
+
+    const mockSandbox: MockSandbox = { exec: execMock };
+    const shell = new Shell(mockSandbox as unknown as Sandbox);
+    const action = {
+      commands: ['sleep 1', 'echo never'],
+      timeoutMs: 25
+    };
+
+    const result = await shell.run(action);
+
+    expect(execMock).toHaveBeenCalledTimes(1);
+    expect(result.output[0].outcome).toEqual({ type: 'timeout' });
+    expect(shell.results[0].exitCode).toBeNull();
+    expect(loggerSpies.warn).toHaveBeenCalledWith(
+      'Breaking command loop due to timeout'
+    );
+    expect(loggerSpies.error).toHaveBeenCalledWith(
+      'Command timed out',
+      undefined,
+      expect.objectContaining({
+        command: 'sleep 1',
+        timeout: 25
+      })
+    );
+  });
+});
+
+describe('Editor', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    applyDiffMock.mockReset();
+  });
+
+  it('creates files using applyDiff output', async () => {
+    applyDiffMock.mockReturnValueOnce('file contents');
+
+    const mockSandbox: MockSandbox = {
+      mkdir: vi.fn().mockResolvedValue(undefined),
+      writeFile: vi.fn().mockResolvedValue(undefined)
+    };
+
+    const editor = new Editor(mockSandbox as unknown as Sandbox);
+    const operation = {
+      type: 'create_file',
+      path: 'src/app.ts',
+      diff: '--- diff ---'
+    } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
+
+    await editor.createFile(operation);
+
+    expect(applyDiffMock).toHaveBeenCalledWith('', operation.diff, 'create');
+    expect(mockSandbox.mkdir).toHaveBeenCalledWith('/workspace/src', {
+      recursive: true
+    });
+    expect(mockSandbox.writeFile).toHaveBeenCalledWith(
+      '/workspace/src/app.ts',
+      'file contents',
+      { encoding: 'utf-8' }
+    );
+    expect(editor.results[0]).toMatchObject({
+      operation: 'create',
+      path: 'src/app.ts',
+      status: 'completed'
+    });
+    expect(loggerSpies.info).toHaveBeenCalledWith(
+      'File created successfully',
+      expect.objectContaining({ path: 'src/app.ts' })
+    );
+  });
+
+  it('applies diffs when updating existing files', async () => {
+    applyDiffMock.mockReturnValueOnce('patched content');
+
+    const mockSandbox: MockSandbox = {
+      readFile: vi.fn().mockResolvedValue({ content: 'original content' }),
+      writeFile: vi.fn().mockResolvedValue(undefined)
+    };
+
+    const editor = new Editor(mockSandbox as unknown as Sandbox);
+    const operation = {
+      type: 'update_file',
+      path: 'README.md',
+      diff: 'patch diff'
+    } as Extract<ApplyPatchOperation, { type: 'update_file' }>;
+
+    await editor.updateFile(operation);
+
+    expect(mockSandbox.readFile).toHaveBeenCalledWith('/workspace/README.md', {
+      encoding: 'utf-8'
+    });
+    expect(applyDiffMock).toHaveBeenCalledWith(
+      'original content',
+      operation.diff
+    );
+    expect(mockSandbox.writeFile).toHaveBeenCalledWith(
+      '/workspace/README.md',
+      'patched content',
+      { encoding: 'utf-8' }
+    );
+    expect(editor.results[0]).toMatchObject({
+      operation: 'update',
+      path: 'README.md',
+      status: 'completed'
+    });
+  });
+
+  it('throws descriptive error when attempting to update a missing file', async () => {
+    const missingError = Object.assign(new Error('not found'), { status: 404 });
+    const mockSandbox: MockSandbox = {
+      readFile: vi.fn().mockRejectedValue(missingError)
+    };
+
+    const editor = new Editor(mockSandbox as unknown as Sandbox);
+    const operation = {
+      type: 'update_file',
+      path: 'missing.txt',
+      diff: 'patch diff'
+    } as Extract<ApplyPatchOperation, { type: 'update_file' }>;
+
+    await expect(editor.updateFile(operation)).rejects.toThrow(
+      'Cannot update missing file: missing.txt'
+    );
+    expect(loggerSpies.error).toHaveBeenCalledWith(
+      'Cannot update missing file',
+      undefined,
+      { path: 'missing.txt' }
+    );
+  });
+
+  describe('Path traversal security', () => {
+    it('should reject path traversal attempts with ../', async () => {
+      const mockSandbox: MockSandbox = {
+        mkdir: vi.fn(),
+        writeFile: vi.fn()
+      };
+
+      const editor = new Editor(mockSandbox as unknown as Sandbox);
+      const operation = {
+        type: 'create_file',
+        path: '../etc/passwd',
+        diff: 'malicious content'
+      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
+
+      await expect(editor.createFile(operation)).rejects.toThrow(
+        'Operation outside workspace: ../etc/passwd'
+      );
+      expect(mockSandbox.writeFile).not.toHaveBeenCalled();
+    });
+
+    it('should reject path traversal attempts with ../../', async () => {
+      const mockSandbox: MockSandbox = {
+        mkdir: vi.fn(),
+        writeFile: vi.fn()
+      };
+
+      const editor = new Editor(mockSandbox as unknown as Sandbox);
+      const operation = {
+        type: 'create_file',
+        path: '../../etc/passwd',
+        diff: 'malicious content'
+      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
+
+      await expect(editor.createFile(operation)).rejects.toThrow(
+        'Operation outside workspace: ../../etc/passwd'
+      );
+      expect(mockSandbox.writeFile).not.toHaveBeenCalled();
+    });
+
+    it('should reject path traversal attempts with mixed paths like src/../../etc/passwd', async () => {
+      const mockSandbox: MockSandbox = {
+        mkdir: vi.fn(),
+        writeFile: vi.fn()
+      };
+
+      const editor = new Editor(mockSandbox as unknown as Sandbox);
+      const operation = {
+        type: 'create_file',
+        path: 'src/../../etc/passwd',
+        diff: 'malicious content'
+      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
+
+      await expect(editor.createFile(operation)).rejects.toThrow(
+        'Operation outside workspace: src/../../etc/passwd'
+      );
+      expect(mockSandbox.writeFile).not.toHaveBeenCalled();
+    });
+
+    it('should reject path traversal attempts with leading slash /../../etc/passwd', async () => {
+      const mockSandbox: MockSandbox = {
+        mkdir: vi.fn(),
+        writeFile: vi.fn()
+      };
+
+      const editor = new Editor(mockSandbox as unknown as Sandbox);
+      const operation = {
+        type: 'create_file',
+        path: '/../../etc/passwd',
+        diff: 'malicious content'
+      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
+
+      await expect(editor.createFile(operation)).rejects.toThrow(
+        'Operation outside workspace: /../../etc/passwd'
+      );
+      expect(mockSandbox.writeFile).not.toHaveBeenCalled();
+    });
+
+    it('should reject path traversal attempts with leading dot-slash ./../../etc/passwd', async () => {
+      const mockSandbox: MockSandbox = {
+        mkdir: vi.fn(),
+        writeFile: vi.fn()
+      };
+
+      const editor = new Editor(mockSandbox as unknown as Sandbox);
+      const operation = {
+        type: 'create_file',
+        path: './../../etc/passwd',
+        diff: 'malicious content'
+      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
+
+      await expect(editor.createFile(operation)).rejects.toThrow(
+        'Operation outside workspace: ./../../etc/passwd'
+      );
+      expect(mockSandbox.writeFile).not.toHaveBeenCalled();
+    });
+
+    it('should reject path traversal in updateFile operations', async () => {
+      const mockSandbox: MockSandbox = {
+        readFile: vi.fn()
+      };
+
+      const editor = new Editor(mockSandbox as unknown as Sandbox);
+      const operation = {
+        type: 'update_file',
+        path: '../../etc/passwd',
+        diff: 'patch diff'
+      } as Extract<ApplyPatchOperation, { type: 'update_file' }>;
+
+      await expect(editor.updateFile(operation)).rejects.toThrow(
+        'Operation outside workspace: ../../etc/passwd'
+      );
+      expect(mockSandbox.readFile).not.toHaveBeenCalled();
+    });
+
+    it('should reject path traversal in deleteFile operations', async () => {
+      const mockSandbox: MockSandbox = {
+        deleteFile: vi.fn()
+      };
+
+      const editor = new Editor(mockSandbox as unknown as Sandbox);
+      const operation = {
+        type: 'delete_file',
+        path: '../../etc/passwd'
+      } as Extract<ApplyPatchOperation, { type: 'delete_file' }>;
+
+      await expect(editor.deleteFile(operation)).rejects.toThrow(
+        'Operation outside workspace: ../../etc/passwd'
+      );
+      expect(mockSandbox.deleteFile).not.toHaveBeenCalled();
+    });
+
+    it('should allow valid paths that use .. but stay within workspace', async () => {
+      applyDiffMock.mockReturnValueOnce('file contents');
+
+      const mockSandbox: MockSandbox = {
+        mkdir: vi.fn().mockResolvedValue(undefined),
+        writeFile: vi.fn().mockResolvedValue(undefined)
+      };
+
+      const editor = new Editor(mockSandbox as unknown as Sandbox);
+      const operation = {
+        type: 'create_file',
+        path: 'src/subdir/../../file.txt',
+        diff: '--- diff ---'
+      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
+
+      await editor.createFile(operation);
+
+      // Should resolve to /workspace/file.txt
+      expect(mockSandbox.writeFile).toHaveBeenCalledWith(
+        '/workspace/file.txt',
+        'file contents',
+        { encoding: 'utf-8' }
+      );
+    });
+
+    it('should handle paths with multiple consecutive slashes correctly', async () => {
+      applyDiffMock.mockReturnValueOnce('file contents');
+
+      const mockSandbox: MockSandbox = {
+        mkdir: vi.fn().mockResolvedValue(undefined),
+        writeFile: vi.fn().mockResolvedValue(undefined)
+      };
+
+      const editor = new Editor(mockSandbox as unknown as Sandbox);
+      const operation = {
+        type: 'create_file',
+        path: 'src//subdir///file.txt',
+        diff: '--- diff ---'
+      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
+
+      await editor.createFile(operation);
+
+      expect(mockSandbox.writeFile).toHaveBeenCalledWith(
+        '/workspace/src/subdir/file.txt',
+        'file contents',
+        { encoding: 'utf-8' }
+      );
+    });
+
+    it('should reject deep path traversal attempts', async () => {
+      const mockSandbox: MockSandbox = {
+        mkdir: vi.fn(),
+        writeFile: vi.fn()
+      };
+
+      const editor = new Editor(mockSandbox as unknown as Sandbox);
+      const operation = {
+        type: 'create_file',
+        path: 'a/b/c/../../../../etc/passwd',
+        diff: 'malicious content'
+      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
+
+      await expect(editor.createFile(operation)).rejects.toThrow(
+        'Operation outside workspace: a/b/c/../../../../etc/passwd'
+      );
+      expect(mockSandbox.writeFile).not.toHaveBeenCalled();
+    });
+
+    it('should handle absolute paths within workspace', async () => {
+      applyDiffMock.mockReturnValueOnce('content');
+
+      const mockSandbox: MockSandbox = {
+        mkdir: vi.fn().mockResolvedValue(undefined),
+        writeFile: vi.fn().mockResolvedValue(undefined)
+      };
+
+      const editor = new Editor(
+        mockSandbox as unknown as Sandbox,
+        '/workspace'
+      );
+      const operation = {
+        type: 'create_file',
+        path: '/workspace/file.txt',
+        diff: 'content'
+      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
+
+      await editor.createFile(operation);
+
+      expect(mockSandbox.writeFile).toHaveBeenCalledWith(
+        '/workspace/file.txt', // Not /workspace/workspace/file.txt
+        'content',
+        { encoding: 'utf-8' }
+      );
+    });
+  });
+});