@cloudflare/sandbox 0.5.1 → 0.5.3

package/.turbo/turbo-build.log

@@ -1,15 +1,23 @@
 
-> @cloudflare/sandbox@0.5.1 build
+> @cloudflare/sandbox@0.5.3 build
 > rm -rf dist && tsdown --config tsdown.config.ts
 
-ℹ tsdown v0.16.4 powered by rolldown v1.0.0-beta.50
+ℹ tsdown v0.16.6 powered by rolldown v1.0.0-beta.51
 ℹ Using tsdown config: /home/runner/work/sandbox-sdk/sandbox-sdk/packages/sandbox/tsdown.config.ts
-ℹ entry: src/index.ts
+ℹ entry: src/index.ts, src/openai/index.ts
 ℹ tsconfig: tsconfig.json
 ℹ Build start
-ℹ dist/index.js        118.95 kB │ gzip: 28.12 kB
-ℹ dist/index.js.map    247.16 kB │ gzip: 56.13 kB
-ℹ dist/index.d.ts.map   72.87 kB │ gzip: 20.09 kB
-ℹ dist/index.d.ts       58.32 kB │ gzip: 13.36 kB
-ℹ 4 files, total: 497.30 kB
-✔ Build complete in 2409ms
+ℹ dist/index.js                   102.82 kB │ gzip: 23.33 kB
+ℹ dist/openai/index.js             10.42 kB │ gzip:  2.63 kB
+ℹ dist/index.js.map               219.05 kB │ gzip: 48.46 kB
+ℹ dist/sandbox-HQazw9bn.d.ts.map   61.69 kB │ gzip: 16.89 kB
+ℹ dist/dist-gVyG2H2h.js.map        30.14 kB │ gzip:  8.31 kB
+ℹ dist/openai/index.js.map         21.00 kB │ gzip:  5.13 kB
+ℹ dist/dist-gVyG2H2h.js            17.03 kB │ gzip:  5.39 kB
+ℹ dist/index.d.ts.map               9.22 kB │ gzip:  2.82 kB
+ℹ dist/openai/index.d.ts.map        0.72 kB │ gzip:  0.37 kB
+ℹ dist/index.d.ts                  11.11 kB │ gzip:  3.32 kB
+ℹ dist/openai/index.d.ts            2.10 kB │ gzip:  0.81 kB
+ℹ dist/sandbox-HQazw9bn.d.ts       51.36 kB │ gzip: 11.79 kB
+ℹ 12 files, total: 536.66 kB
+✔ Build complete in 3733ms

package/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @cloudflare/sandbox
 
+## 0.5.3
+
+### Patch Changes
+
+- [#204](https://github.com/cloudflare/sandbox-sdk/pull/204) [`55981f8`](https://github.com/cloudflare/sandbox-sdk/commit/55981f8802b4e0d3b65b947ef8ba7ae2bae183d7) Thanks [@whoiskatrin](https://github.com/whoiskatrin)! - add environment variables and working directory support to command exec
+
+## 0.5.2
+
+### Patch Changes
+
+- [#234](https://github.com/cloudflare/sandbox-sdk/pull/234) [`d4cee5e`](https://github.com/cloudflare/sandbox-sdk/commit/d4cee5e4617db205c9c1ca714e25493de7ea24ce) Thanks [@ghostwriternr](https://github.com/ghostwriternr)! - Remove unused logging infrastructure (getLogger, runWithLogger) that was never called
+
+- [#224](https://github.com/cloudflare/sandbox-sdk/pull/224) [`71e86f4`](https://github.com/cloudflare/sandbox-sdk/commit/71e86f42c3b98424db79c268d55f2d5be5e495b3) Thanks [@ghostwriternr](https://github.com/ghostwriternr)! - Fix memory leaks from listener accumulation, unbounded process storage, and stale DO state
+
+- [#221](https://github.com/cloudflare/sandbox-sdk/pull/221) [`3aba9e8`](https://github.com/cloudflare/sandbox-sdk/commit/3aba9e8da6e2e6acd7b40076cc0920a69cb02775) Thanks [@threepointone](https://github.com/threepointone)! - Add OpenAI Agents adapters
+
+  Add OpenAI Agents adapters (`Shell` and `Editor`) that integrate Cloudflare Sandbox with the OpenAI Agents SDK. These adapters enable AI agents to execute shell commands and perform file operations (create, update, delete) inside sandboxed environments. Both adapters automatically collect and timestamp results from operations, making it easy to track command execution and file modifications during agent sessions. The adapters are exported from `@cloudflare/sandbox/openai` and implement the OpenAI Agents `Shell` and `Editor` interfaces.
+
 ## 0.5.1
 
 ### Patch Changes

package/dist/dist-gVyG2H2h.js

@@ -0,0 +1,612 @@
+//#region ../shared/dist/env.js
+/**
+* Safely extract a string value from an environment object
+*
+* @param env - Environment object with dynamic keys
+* @param key - The environment variable key to access
+* @returns The string value if present and is a string, undefined otherwise
+*/
+function getEnvString(env, key) {
+	const value = env?.[key];
+	return typeof value === "string" ? value : void 0;
+}
+
+//#endregion
+//#region ../shared/dist/git.js
+/**
+* Redact credentials from URLs for secure logging
+*
+* Replaces any credentials (username:password, tokens, etc.) embedded
+* in URLs with ****** to prevent sensitive data exposure in logs.
+* Works with URLs embedded in text (e.g., "Error: https://token@github.com/repo.git failed")
+*
+* @param text - String that may contain URLs with credentials
+* @returns String with credentials redacted from any URLs
+*/
+function redactCredentials(text) {
+	let result = text;
+	let pos = 0;
+	while (pos < result.length) {
+		const httpPos = result.indexOf("http://", pos);
+		const httpsPos = result.indexOf("https://", pos);
+		let protocolPos = -1;
+		let protocolLen = 0;
+		if (httpPos === -1 && httpsPos === -1) break;
+		if (httpPos !== -1 && (httpsPos === -1 || httpPos < httpsPos)) {
+			protocolPos = httpPos;
+			protocolLen = 7;
+		} else {
+			protocolPos = httpsPos;
+			protocolLen = 8;
+		}
+		const searchStart = protocolPos + protocolLen;
+		const atPos = result.indexOf("@", searchStart);
+		let urlEnd = searchStart;
+		while (urlEnd < result.length) {
+			const char = result[urlEnd];
+			if (/[\s"'`<>,;{}[\]]/.test(char)) break;
+			urlEnd++;
+		}
+		if (atPos !== -1 && atPos < urlEnd) {
+			result = `${result.substring(0, searchStart)}******${result.substring(atPos)}`;
+			pos = searchStart + 6;
+		} else pos = protocolPos + protocolLen;
+	}
+	return result;
+}
+/**
+* Sanitize data by redacting credentials from any strings
+* Recursively processes objects and arrays to ensure credentials are never leaked
+*/
+function sanitizeGitData(data) {
+	if (typeof data === "string") return redactCredentials(data);
+	if (data === null || data === void 0) return data;
+	if (Array.isArray(data)) return data.map((item) => sanitizeGitData(item));
+	if (typeof data === "object") {
+		const result = {};
+		for (const [key, value] of Object.entries(data)) result[key] = sanitizeGitData(value);
+		return result;
+	}
+	return data;
+}
+/**
+* Logger wrapper that automatically sanitizes git credentials
+*/
+var GitLogger = class GitLogger {
+	baseLogger;
+	constructor(baseLogger) {
+		this.baseLogger = baseLogger;
+	}
+	sanitizeContext(context) {
+		return context ? sanitizeGitData(context) : context;
+	}
+	sanitizeError(error) {
+		if (!error) return error;
+		const sanitized = new Error(redactCredentials(error.message));
+		sanitized.name = error.name;
+		if (error.stack) sanitized.stack = redactCredentials(error.stack);
+		const sanitizedRecord = sanitized;
+		const errorRecord = error;
+		for (const key of Object.keys(error)) if (key !== "message" && key !== "stack" && key !== "name") sanitizedRecord[key] = sanitizeGitData(errorRecord[key]);
+		return sanitized;
+	}
+	debug(message, context) {
+		this.baseLogger.debug(message, this.sanitizeContext(context));
+	}
+	info(message, context) {
+		this.baseLogger.info(message, this.sanitizeContext(context));
+	}
+	warn(message, context) {
+		this.baseLogger.warn(message, this.sanitizeContext(context));
+	}
+	error(message, error, context) {
+		this.baseLogger.error(message, this.sanitizeError(error), this.sanitizeContext(context));
+	}
+	child(context) {
+		const sanitized = sanitizeGitData(context);
+		return new GitLogger(this.baseLogger.child(sanitized));
+	}
+};
+
+//#endregion
+//#region ../shared/dist/interpreter-types.js
+var Execution = class {
+	code;
+	context;
+	/**
+	* All results from the execution
+	*/
+	results = [];
+	/**
+	* Accumulated stdout and stderr
+	*/
+	logs = {
+		stdout: [],
+		stderr: []
+	};
+	/**
+	* Execution error if any
+	*/
+	error;
+	/**
+	* Execution count (for interpreter)
+	*/
+	executionCount;
+	constructor(code, context) {
+		this.code = code;
+		this.context = context;
+	}
+	/**
+	* Convert to a plain object for serialization
+	*/
+	toJSON() {
+		return {
+			code: this.code,
+			logs: this.logs,
+			error: this.error,
+			executionCount: this.executionCount,
+			results: this.results.map((result) => ({
+				text: result.text,
+				html: result.html,
+				png: result.png,
+				jpeg: result.jpeg,
+				svg: result.svg,
+				latex: result.latex,
+				markdown: result.markdown,
+				javascript: result.javascript,
+				json: result.json,
+				chart: result.chart,
+				data: result.data
+			}))
+		};
+	}
+};
+var ResultImpl = class {
+	raw;
+	constructor(raw) {
+		this.raw = raw;
+	}
+	get text() {
+		return this.raw.text || this.raw.data?.["text/plain"];
+	}
+	get html() {
+		return this.raw.html || this.raw.data?.["text/html"];
+	}
+	get png() {
+		return this.raw.png || this.raw.data?.["image/png"];
+	}
+	get jpeg() {
+		return this.raw.jpeg || this.raw.data?.["image/jpeg"];
+	}
+	get svg() {
+		return this.raw.svg || this.raw.data?.["image/svg+xml"];
+	}
+	get latex() {
+		return this.raw.latex || this.raw.data?.["text/latex"];
+	}
+	get markdown() {
+		return this.raw.markdown || this.raw.data?.["text/markdown"];
+	}
+	get javascript() {
+		return this.raw.javascript || this.raw.data?.["application/javascript"];
+	}
+	get json() {
+		return this.raw.json || this.raw.data?.["application/json"];
+	}
+	get chart() {
+		return this.raw.chart;
+	}
+	get data() {
+		return this.raw.data;
+	}
+	formats() {
+		const formats = [];
+		if (this.text) formats.push("text");
+		if (this.html) formats.push("html");
+		if (this.png) formats.push("png");
+		if (this.jpeg) formats.push("jpeg");
+		if (this.svg) formats.push("svg");
+		if (this.latex) formats.push("latex");
+		if (this.markdown) formats.push("markdown");
+		if (this.javascript) formats.push("javascript");
+		if (this.json) formats.push("json");
+		if (this.chart) formats.push("chart");
+		return formats;
+	}
+};
+
+//#endregion
+//#region ../shared/dist/logger/types.js
+/**
+* Logger types for Cloudflare Sandbox SDK
+*
+* Provides structured, trace-aware logging across Worker, Durable Object, and Container.
+*/
+/**
+* Log levels (from most to least verbose)
+*/
+var LogLevel;
+(function(LogLevel$1) {
+	LogLevel$1[LogLevel$1["DEBUG"] = 0] = "DEBUG";
+	LogLevel$1[LogLevel$1["INFO"] = 1] = "INFO";
+	LogLevel$1[LogLevel$1["WARN"] = 2] = "WARN";
+	LogLevel$1[LogLevel$1["ERROR"] = 3] = "ERROR";
+})(LogLevel || (LogLevel = {}));
+
+//#endregion
+//#region ../shared/dist/logger/logger.js
+/**
+* Logger implementation
+*/
+/**
+* ANSI color codes for terminal output
+*/
+const COLORS = {
+	reset: "\x1B[0m",
+	debug: "\x1B[36m",
+	info: "\x1B[32m",
+	warn: "\x1B[33m",
+	error: "\x1B[31m",
+	dim: "\x1B[2m"
+};
+/**
+* CloudflareLogger implements structured logging with support for
+* both JSON output (production) and pretty printing (development).
+*/
+var CloudflareLogger = class CloudflareLogger {
+	baseContext;
+	minLevel;
+	pretty;
+	/**
+	* Create a new CloudflareLogger
+	*
+	* @param baseContext Base context included in all log entries
+	* @param minLevel Minimum log level to output (default: INFO)
+	* @param pretty Enable pretty printing for human-readable output (default: false)
+	*/
+	constructor(baseContext, minLevel = LogLevel.INFO, pretty = false) {
+		this.baseContext = baseContext;
+		this.minLevel = minLevel;
+		this.pretty = pretty;
+	}
+	/**
+	* Log debug-level message
+	*/
+	debug(message, context) {
+		if (this.shouldLog(LogLevel.DEBUG)) {
+			const logData = this.buildLogData("debug", message, context);
+			this.output(console.log, logData);
+		}
+	}
+	/**
+	* Log info-level message
+	*/
+	info(message, context) {
+		if (this.shouldLog(LogLevel.INFO)) {
+			const logData = this.buildLogData("info", message, context);
+			this.output(console.log, logData);
+		}
+	}
+	/**
+	* Log warning-level message
+	*/
+	warn(message, context) {
+		if (this.shouldLog(LogLevel.WARN)) {
+			const logData = this.buildLogData("warn", message, context);
+			this.output(console.warn, logData);
+		}
+	}
+	/**
+	* Log error-level message
+	*/
+	error(message, error, context) {
+		if (this.shouldLog(LogLevel.ERROR)) {
+			const logData = this.buildLogData("error", message, context, error);
+			this.output(console.error, logData);
+		}
+	}
+	/**
+	* Create a child logger with additional context
+	*/
+	child(context) {
+		return new CloudflareLogger({
+			...this.baseContext,
+			...context
+		}, this.minLevel, this.pretty);
+	}
+	/**
+	* Check if a log level should be output
+	*/
+	shouldLog(level) {
+		return level >= this.minLevel;
+	}
+	/**
+	* Build log data object
+	*/
+	buildLogData(level, message, context, error) {
+		const logData = {
+			level,
+			msg: message,
+			...this.baseContext,
+			...context,
+			timestamp: (/* @__PURE__ */ new Date()).toISOString()
+		};
+		if (error) logData.error = {
+			message: error.message,
+			stack: error.stack,
+			name: error.name
+		};
+		return logData;
+	}
+	/**
+	* Output log data to console (pretty or JSON)
+	*/
+	output(consoleFn, data) {
+		if (this.pretty) this.outputPretty(consoleFn, data);
+		else this.outputJson(consoleFn, data);
+	}
+	/**
+	* Output as JSON (production)
+	*/
+	outputJson(consoleFn, data) {
+		consoleFn(JSON.stringify(data));
+	}
+	/**
+	* Output as pretty-printed, colored text (development)
+	*
+	* Format: LEVEL [component] message (trace: tr_...) {context}
+	* Example: INFO [sandbox-do] Command started (trace: tr_7f3a9b2c) {commandId: "cmd-123"}
+	*/
+	outputPretty(consoleFn, data) {
+		const { level, msg, timestamp, traceId, component, sandboxId, sessionId, processId, commandId, operation, duration, error, ...rest } = data;
+		const levelStr = String(level || "INFO").toUpperCase();
+		const levelColor = this.getLevelColor(levelStr);
+		const componentBadge = component ? `[${component}]` : "";
+		const traceIdShort = traceId ? String(traceId).substring(0, 12) : "";
+		let logLine = `${levelColor}${levelStr.padEnd(5)}${COLORS.reset} ${componentBadge} ${msg}`;
+		if (traceIdShort) logLine += ` ${COLORS.dim}(trace: ${traceIdShort})${COLORS.reset}`;
+		const contextFields = [];
+		if (operation) contextFields.push(`operation: ${operation}`);
+		if (commandId) contextFields.push(`commandId: ${String(commandId).substring(0, 12)}`);
+		if (sandboxId) contextFields.push(`sandboxId: ${sandboxId}`);
+		if (sessionId) contextFields.push(`sessionId: ${String(sessionId).substring(0, 12)}`);
+		if (processId) contextFields.push(`processId: ${processId}`);
+		if (duration !== void 0) contextFields.push(`duration: ${duration}ms`);
+		if (contextFields.length > 0) logLine += ` ${COLORS.dim}{${contextFields.join(", ")}}${COLORS.reset}`;
+		consoleFn(logLine);
+		if (error && typeof error === "object") {
+			const errorObj = error;
+			if (errorObj.message) consoleFn(`  ${COLORS.error}Error: ${errorObj.message}${COLORS.reset}`);
+			if (errorObj.stack) consoleFn(`  ${COLORS.dim}${errorObj.stack}${COLORS.reset}`);
+		}
+		if (Object.keys(rest).length > 0) consoleFn(`  ${COLORS.dim}${JSON.stringify(rest, null, 2)}${COLORS.reset}`);
+	}
+	/**
+	* Get ANSI color code for log level
+	*/
+	getLevelColor(level) {
+		switch (level.toLowerCase()) {
+			case "debug": return COLORS.debug;
+			case "info": return COLORS.info;
+			case "warn": return COLORS.warn;
+			case "error": return COLORS.error;
+			default: return COLORS.reset;
+		}
+	}
+};
+
+//#endregion
+//#region ../shared/dist/logger/trace-context.js
+/**
+* Trace context utilities for request correlation
+*
+* Trace IDs enable correlating logs across distributed components:
+* Worker → Durable Object → Container → back
+*
+* The trace ID is propagated via the X-Trace-Id HTTP header.
+*/
+/**
+* Utility for managing trace context across distributed components
+*/
+var TraceContext = class TraceContext {
+	/**
+	* HTTP header name for trace ID propagation
+	*/
+	static TRACE_HEADER = "X-Trace-Id";
+	/**
+	* Generate a new trace ID
+	*
+	* Format: "tr_" + 16 random hex characters
+	* Example: "tr_7f3a9b2c4e5d6f1a"
+	*
+	* @returns Newly generated trace ID
+	*/
+	static generate() {
+		return `tr_${crypto.randomUUID().replace(/-/g, "").substring(0, 16)}`;
+	}
+	/**
+	* Extract trace ID from HTTP request headers
+	*
+	* @param headers Request headers
+	* @returns Trace ID if present, null otherwise
+	*/
+	static fromHeaders(headers) {
+		return headers.get(TraceContext.TRACE_HEADER);
+	}
+	/**
+	* Create headers object with trace ID for outgoing requests
+	*
+	* @param traceId Trace ID to include
+	* @returns Headers object with X-Trace-Id set
+	*/
+	static toHeaders(traceId) {
+		return { [TraceContext.TRACE_HEADER]: traceId };
+	}
+	/**
+	* Get the header name used for trace ID propagation
+	*
+	* @returns Header name ("X-Trace-Id")
+	*/
+	static getHeaderName() {
+		return TraceContext.TRACE_HEADER;
+	}
+};
+
+//#endregion
+//#region ../shared/dist/logger/index.js
+/**
+* Logger module
+*
+* Provides structured, trace-aware logging with:
+* - Explicit logger passing via constructor injection
+* - Pretty printing for local development
+* - JSON output for production
+* - Environment auto-detection
+* - Log level configuration
+*
+* Usage:
+*
+* ```typescript
+* // Create a logger at entry point
+* const logger = createLogger({ component: 'sandbox-do', traceId: 'tr_abc123' });
+*
+* // Pass to classes via constructor
+* const service = new MyService(logger);
+*
+* // Create child loggers for additional context
+* const execLogger = logger.child({ operation: 'exec', commandId: 'cmd-456' });
+* execLogger.info('Operation started');
+* ```
+*/
+/**
+* Create a no-op logger for testing
+*
+* Returns a logger that implements the Logger interface but does nothing.
+* Useful for tests that don't need actual logging output.
+*
+* @returns No-op logger instance
+*
+* @example
+* ```typescript
+* // In tests
+* const client = new HttpClient({
+*   baseUrl: 'http://test.com',
+*   logger: createNoOpLogger() // Optional - tests can enable real logging if needed
+* });
+* ```
+*/
+function createNoOpLogger() {
+	return {
+		debug: () => {},
+		info: () => {},
+		warn: () => {},
+		error: () => {},
+		child: () => createNoOpLogger()
+	};
+}
+/**
+* Create a new logger instance
+*
+* @param context Base context for the logger. Must include 'component'.
+*                TraceId will be auto-generated if not provided.
+* @returns New logger instance
+*
+* @example
+* ```typescript
+* // In Durable Object
+* const logger = createLogger({
+*   component: 'sandbox-do',
+*   traceId: TraceContext.fromHeaders(request.headers) || TraceContext.generate(),
+*   sandboxId: this.id
+* });
+*
+* // In Container
+* const logger = createLogger({
+*   component: 'container',
+*   traceId: TraceContext.fromHeaders(request.headers)!,
+*   sessionId: this.id
+* });
+* ```
+*/
+function createLogger(context) {
+	const minLevel = getLogLevelFromEnv();
+	const pretty = isPrettyPrintEnabled();
+	return new CloudflareLogger({
+		...context,
+		traceId: context.traceId || TraceContext.generate(),
+		component: context.component
+	}, minLevel, pretty);
+}
+/**
+* Get log level from environment variable
+*
+* Checks SANDBOX_LOG_LEVEL env var, falls back to default based on environment.
+* Default: 'debug' for development, 'info' for production
+*/
+function getLogLevelFromEnv() {
+	switch ((getEnvVar("SANDBOX_LOG_LEVEL") || "info").toLowerCase()) {
+		case "debug": return LogLevel.DEBUG;
+		case "info": return LogLevel.INFO;
+		case "warn": return LogLevel.WARN;
+		case "error": return LogLevel.ERROR;
+		default: return LogLevel.INFO;
+	}
+}
+/**
+* Check if pretty printing should be enabled
+*
+* Checks SANDBOX_LOG_FORMAT env var, falls back to auto-detection:
+* - Local development: pretty (colored, human-readable)
+* - Production: json (structured)
+*/
+function isPrettyPrintEnabled() {
+	const format = getEnvVar("SANDBOX_LOG_FORMAT");
+	if (format) return format.toLowerCase() === "pretty";
+	return false;
+}
+/**
+* Get environment variable value
+*
+* Supports both Node.js (process.env) and Bun (Bun.env)
+*/
+function getEnvVar(name) {
+	if (typeof process !== "undefined" && process.env) return process.env[name];
+	if (typeof Bun !== "undefined") {
+		const bunEnv = Bun.env;
+		if (bunEnv) return bunEnv[name];
+	}
+}
+
+//#endregion
+//#region ../shared/dist/shell-escape.js
+/**
+* Escapes a string for safe use in shell commands using POSIX single-quote escaping.
+* Prevents command injection by wrapping the string in single quotes and escaping
+* any single quotes within the string.
+*/
+function shellEscape(str) {
+	return `'${str.replace(/'/g, "'\\''")}'`;
+}
+
+//#endregion
+//#region ../shared/dist/types.js
+function isExecResult(value) {
+	return value && typeof value.success === "boolean" && typeof value.exitCode === "number" && typeof value.stdout === "string" && typeof value.stderr === "string";
+}
+function isProcess(value) {
+	return value && typeof value.id === "string" && typeof value.command === "string" && typeof value.status === "string";
+}
+function isProcessStatus(value) {
+	return [
+		"starting",
+		"running",
+		"completed",
+		"failed",
+		"killed",
+		"error"
+	].includes(value);
+}
+
+//#endregion
+export { createLogger as a, Execution as c, getEnvString as d, shellEscape as i, ResultImpl as l, isProcess as n, createNoOpLogger as o, isProcessStatus as r, TraceContext as s, isExecResult as t, GitLogger as u };
+//# sourceMappingURL=dist-gVyG2H2h.js.map