@cloudflare/sandbox 0.5.4 → 0.6.0

package/tests/openai-shell-editor.test.ts

@@ -1,434 +0,0 @@
-import type { ApplyPatchOperation } from '@openai/agents';
-import { beforeEach, describe, expect, it, vi } from 'vitest';
-import { Editor, Shell } from '../src/openai/index';
-import type { Sandbox } from '../src/sandbox';
-
-interface MockSandbox {
-  exec?: ReturnType<typeof vi.fn>;
-  mkdir?: ReturnType<typeof vi.fn>;
-  writeFile?: ReturnType<typeof vi.fn>;
-  readFile?: ReturnType<typeof vi.fn>;
-  deleteFile?: ReturnType<typeof vi.fn>;
-}
-
-const { loggerSpies, createLoggerMock, applyDiffMock } = vi.hoisted(() => {
-  const logger = {
-    debug: vi.fn(),
-    info: vi.fn(),
-    warn: vi.fn(),
-    error: vi.fn(),
-    child: vi.fn().mockReturnThis()
-  };
-
-  return {
-    loggerSpies: logger,
-    createLoggerMock: vi.fn(() => logger),
-    applyDiffMock: vi.fn<(...args: any[]) => string>()
-  };
-});
-
-vi.mock('@repo/shared', () => ({
-  createLogger: createLoggerMock
-}));
-
-vi.mock('@openai/agents', () => ({
-  applyDiff: applyDiffMock
-}));
-
-describe('Shell', () => {
-  beforeEach(() => {
-    vi.clearAllMocks();
-  });
-
-  it('runs commands and collects results', async () => {
-    const execMock = vi.fn().mockResolvedValue({
-      stdout: 'hello\n',
-      stderr: '',
-      exitCode: 0
-    });
-
-    const mockSandbox: MockSandbox = { exec: execMock };
-    const shell = new Shell(mockSandbox as unknown as Sandbox);
-
-    const result = await shell.run({
-      commands: ['echo hello'],
-      timeoutMs: 500
-    });
-
-    expect(execMock).toHaveBeenCalledWith('echo hello', {
-      timeout: 500,
-      cwd: '/workspace'
-    });
-    expect(result.output).toHaveLength(1);
-    expect(result.output[0]).toMatchObject({
-      command: 'echo hello',
-      stdout: 'hello\n',
-      stderr: '',
-      outcome: { type: 'exit', exitCode: 0 }
-    });
-    expect(shell.results).toHaveLength(1);
-    expect(loggerSpies.info).toHaveBeenCalledWith(
-      'Command completed successfully',
-      { command: 'echo hello' }
-    );
-  });
-
-  it('halts subsequent commands after a timeout error', async () => {
-    const timeoutError = new Error('Command timed out');
-    const execMock = vi.fn().mockRejectedValue(timeoutError);
-
-    const mockSandbox: MockSandbox = { exec: execMock };
-    const shell = new Shell(mockSandbox as unknown as Sandbox);
-    const action = {
-      commands: ['sleep 1', 'echo never'],
-      timeoutMs: 25
-    };
-
-    const result = await shell.run(action);
-
-    expect(execMock).toHaveBeenCalledTimes(1);
-    expect(result.output[0].outcome).toEqual({ type: 'timeout' });
-    expect(shell.results[0].exitCode).toBeNull();
-    expect(loggerSpies.warn).toHaveBeenCalledWith(
-      'Breaking command loop due to timeout'
-    );
-    expect(loggerSpies.error).toHaveBeenCalledWith(
-      'Command timed out',
-      undefined,
-      expect.objectContaining({
-        command: 'sleep 1',
-        timeout: 25
-      })
-    );
-  });
-});
-
-describe('Editor', () => {
-  beforeEach(() => {
-    vi.clearAllMocks();
-    applyDiffMock.mockReset();
-  });
-
-  it('creates files using applyDiff output', async () => {
-    applyDiffMock.mockReturnValueOnce('file contents');
-
-    const mockSandbox: MockSandbox = {
-      mkdir: vi.fn().mockResolvedValue(undefined),
-      writeFile: vi.fn().mockResolvedValue(undefined)
-    };
-
-    const editor = new Editor(mockSandbox as unknown as Sandbox);
-    const operation = {
-      type: 'create_file',
-      path: 'src/app.ts',
-      diff: '--- diff ---'
-    } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
-
-    await editor.createFile(operation);
-
-    expect(applyDiffMock).toHaveBeenCalledWith('', operation.diff, 'create');
-    expect(mockSandbox.mkdir).toHaveBeenCalledWith('/workspace/src', {
-      recursive: true
-    });
-    expect(mockSandbox.writeFile).toHaveBeenCalledWith(
-      '/workspace/src/app.ts',
-      'file contents',
-      { encoding: 'utf-8' }
-    );
-    expect(editor.results[0]).toMatchObject({
-      operation: 'create',
-      path: 'src/app.ts',
-      status: 'completed'
-    });
-    expect(loggerSpies.info).toHaveBeenCalledWith(
-      'File created successfully',
-      expect.objectContaining({ path: 'src/app.ts' })
-    );
-  });
-
-  it('applies diffs when updating existing files', async () => {
-    applyDiffMock.mockReturnValueOnce('patched content');
-
-    const mockSandbox: MockSandbox = {
-      readFile: vi.fn().mockResolvedValue({ content: 'original content' }),
-      writeFile: vi.fn().mockResolvedValue(undefined)
-    };
-
-    const editor = new Editor(mockSandbox as unknown as Sandbox);
-    const operation = {
-      type: 'update_file',
-      path: 'README.md',
-      diff: 'patch diff'
-    } as Extract<ApplyPatchOperation, { type: 'update_file' }>;
-
-    await editor.updateFile(operation);
-
-    expect(mockSandbox.readFile).toHaveBeenCalledWith('/workspace/README.md', {
-      encoding: 'utf-8'
-    });
-    expect(applyDiffMock).toHaveBeenCalledWith(
-      'original content',
-      operation.diff
-    );
-    expect(mockSandbox.writeFile).toHaveBeenCalledWith(
-      '/workspace/README.md',
-      'patched content',
-      { encoding: 'utf-8' }
-    );
-    expect(editor.results[0]).toMatchObject({
-      operation: 'update',
-      path: 'README.md',
-      status: 'completed'
-    });
-  });
-
-  it('throws descriptive error when attempting to update a missing file', async () => {
-    const missingError = Object.assign(new Error('not found'), { status: 404 });
-    const mockSandbox: MockSandbox = {
-      readFile: vi.fn().mockRejectedValue(missingError)
-    };
-
-    const editor = new Editor(mockSandbox as unknown as Sandbox);
-    const operation = {
-      type: 'update_file',
-      path: 'missing.txt',
-      diff: 'patch diff'
-    } as Extract<ApplyPatchOperation, { type: 'update_file' }>;
-
-    await expect(editor.updateFile(operation)).rejects.toThrow(
-      'Cannot update missing file: missing.txt'
-    );
-    expect(loggerSpies.error).toHaveBeenCalledWith(
-      'Cannot update missing file',
-      undefined,
-      { path: 'missing.txt' }
-    );
-  });
-
-  describe('Path traversal security', () => {
-    it('should reject path traversal attempts with ../', async () => {
-      const mockSandbox: MockSandbox = {
-        mkdir: vi.fn(),
-        writeFile: vi.fn()
-      };
-
-      const editor = new Editor(mockSandbox as unknown as Sandbox);
-      const operation = {
-        type: 'create_file',
-        path: '../etc/passwd',
-        diff: 'malicious content'
-      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
-
-      await expect(editor.createFile(operation)).rejects.toThrow(
-        'Operation outside workspace: ../etc/passwd'
-      );
-      expect(mockSandbox.writeFile).not.toHaveBeenCalled();
-    });
-
-    it('should reject path traversal attempts with ../../', async () => {
-      const mockSandbox: MockSandbox = {
-        mkdir: vi.fn(),
-        writeFile: vi.fn()
-      };
-
-      const editor = new Editor(mockSandbox as unknown as Sandbox);
-      const operation = {
-        type: 'create_file',
-        path: '../../etc/passwd',
-        diff: 'malicious content'
-      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
-
-      await expect(editor.createFile(operation)).rejects.toThrow(
-        'Operation outside workspace: ../../etc/passwd'
-      );
-      expect(mockSandbox.writeFile).not.toHaveBeenCalled();
-    });
-
-    it('should reject path traversal attempts with mixed paths like src/../../etc/passwd', async () => {
-      const mockSandbox: MockSandbox = {
-        mkdir: vi.fn(),
-        writeFile: vi.fn()
-      };
-
-      const editor = new Editor(mockSandbox as unknown as Sandbox);
-      const operation = {
-        type: 'create_file',
-        path: 'src/../../etc/passwd',
-        diff: 'malicious content'
-      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
-
-      await expect(editor.createFile(operation)).rejects.toThrow(
-        'Operation outside workspace: src/../../etc/passwd'
-      );
-      expect(mockSandbox.writeFile).not.toHaveBeenCalled();
-    });
-
-    it('should reject path traversal attempts with leading slash /../../etc/passwd', async () => {
-      const mockSandbox: MockSandbox = {
-        mkdir: vi.fn(),
-        writeFile: vi.fn()
-      };
-
-      const editor = new Editor(mockSandbox as unknown as Sandbox);
-      const operation = {
-        type: 'create_file',
-        path: '/../../etc/passwd',
-        diff: 'malicious content'
-      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
-
-      await expect(editor.createFile(operation)).rejects.toThrow(
-        'Operation outside workspace: /../../etc/passwd'
-      );
-      expect(mockSandbox.writeFile).not.toHaveBeenCalled();
-    });
-
-    it('should reject path traversal attempts with leading dot-slash ./../../etc/passwd', async () => {
-      const mockSandbox: MockSandbox = {
-        mkdir: vi.fn(),
-        writeFile: vi.fn()
-      };
-
-      const editor = new Editor(mockSandbox as unknown as Sandbox);
-      const operation = {
-        type: 'create_file',
-        path: './../../etc/passwd',
-        diff: 'malicious content'
-      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
-
-      await expect(editor.createFile(operation)).rejects.toThrow(
-        'Operation outside workspace: ./../../etc/passwd'
-      );
-      expect(mockSandbox.writeFile).not.toHaveBeenCalled();
-    });
-
-    it('should reject path traversal in updateFile operations', async () => {
-      const mockSandbox: MockSandbox = {
-        readFile: vi.fn()
-      };
-
-      const editor = new Editor(mockSandbox as unknown as Sandbox);
-      const operation = {
-        type: 'update_file',
-        path: '../../etc/passwd',
-        diff: 'patch diff'
-      } as Extract<ApplyPatchOperation, { type: 'update_file' }>;
-
-      await expect(editor.updateFile(operation)).rejects.toThrow(
-        'Operation outside workspace: ../../etc/passwd'
-      );
-      expect(mockSandbox.readFile).not.toHaveBeenCalled();
-    });
-
-    it('should reject path traversal in deleteFile operations', async () => {
-      const mockSandbox: MockSandbox = {
-        deleteFile: vi.fn()
-      };
-
-      const editor = new Editor(mockSandbox as unknown as Sandbox);
-      const operation = {
-        type: 'delete_file',
-        path: '../../etc/passwd'
-      } as Extract<ApplyPatchOperation, { type: 'delete_file' }>;
-
-      await expect(editor.deleteFile(operation)).rejects.toThrow(
-        'Operation outside workspace: ../../etc/passwd'
-      );
-      expect(mockSandbox.deleteFile).not.toHaveBeenCalled();
-    });
-
-    it('should allow valid paths that use .. but stay within workspace', async () => {
-      applyDiffMock.mockReturnValueOnce('file contents');
-
-      const mockSandbox: MockSandbox = {
-        mkdir: vi.fn().mockResolvedValue(undefined),
-        writeFile: vi.fn().mockResolvedValue(undefined)
-      };
-
-      const editor = new Editor(mockSandbox as unknown as Sandbox);
-      const operation = {
-        type: 'create_file',
-        path: 'src/subdir/../../file.txt',
-        diff: '--- diff ---'
-      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
-
-      await editor.createFile(operation);
-
-      // Should resolve to /workspace/file.txt
-      expect(mockSandbox.writeFile).toHaveBeenCalledWith(
-        '/workspace/file.txt',
-        'file contents',
-        { encoding: 'utf-8' }
-      );
-    });
-
-    it('should handle paths with multiple consecutive slashes correctly', async () => {
-      applyDiffMock.mockReturnValueOnce('file contents');
-
-      const mockSandbox: MockSandbox = {
-        mkdir: vi.fn().mockResolvedValue(undefined),
-        writeFile: vi.fn().mockResolvedValue(undefined)
-      };
-
-      const editor = new Editor(mockSandbox as unknown as Sandbox);
-      const operation = {
-        type: 'create_file',
-        path: 'src//subdir///file.txt',
-        diff: '--- diff ---'
-      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
-
-      await editor.createFile(operation);
-
-      expect(mockSandbox.writeFile).toHaveBeenCalledWith(
-        '/workspace/src/subdir/file.txt',
-        'file contents',
-        { encoding: 'utf-8' }
-      );
-    });
-
-    it('should reject deep path traversal attempts', async () => {
-      const mockSandbox: MockSandbox = {
-        mkdir: vi.fn(),
-        writeFile: vi.fn()
-      };
-
-      const editor = new Editor(mockSandbox as unknown as Sandbox);
-      const operation = {
-        type: 'create_file',
-        path: 'a/b/c/../../../../etc/passwd',
-        diff: 'malicious content'
-      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
-
-      await expect(editor.createFile(operation)).rejects.toThrow(
-        'Operation outside workspace: a/b/c/../../../../etc/passwd'
-      );
-      expect(mockSandbox.writeFile).not.toHaveBeenCalled();
-    });
-
-    it('should handle absolute paths within workspace', async () => {
-      applyDiffMock.mockReturnValueOnce('content');
-
-      const mockSandbox: MockSandbox = {
-        mkdir: vi.fn().mockResolvedValue(undefined),
-        writeFile: vi.fn().mockResolvedValue(undefined)
-      };
-
-      const editor = new Editor(
-        mockSandbox as unknown as Sandbox,
-        '/workspace'
-      );
-      const operation = {
-        type: 'create_file',
-        path: '/workspace/file.txt',
-        diff: 'content'
-      } as Extract<ApplyPatchOperation, { type: 'create_file' }>;
-
-      await editor.createFile(operation);
-
-      expect(mockSandbox.writeFile).toHaveBeenCalledWith(
-        '/workspace/file.txt', // Not /workspace/workspace/file.txt
-        'content',
-        { encoding: 'utf-8' }
-      );
-    });
-  });
-});

package/tests/port-client.test.ts

@@ -1,283 +0,0 @@
-import type {
-  PortCloseResult,
-  PortExposeResult,
-  PortListResult
-} from '@repo/shared';
-import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
-import { PortClient } from '../src/clients/port-client';
-import {
-  InvalidPortError,
-  PortAlreadyExposedError,
-  PortError,
-  PortInUseError,
-  PortNotExposedError,
-  SandboxError,
-  ServiceNotRespondingError
-} from '../src/errors';
-
-describe('PortClient', () => {
-  let client: PortClient;
-  let mockFetch: ReturnType<typeof vi.fn>;
-
-  beforeEach(() => {
-    vi.clearAllMocks();
-
-    mockFetch = vi.fn();
-    global.fetch = mockFetch as unknown as typeof fetch;
-
-    client = new PortClient({
-      baseUrl: 'http://test.com',
-      port: 3000
-    });
-  });
-
-  afterEach(() => {
-    vi.restoreAllMocks();
-  });
-
-  describe('service exposure', () => {
-    it('should expose web services successfully', async () => {
-      const mockResponse: PortExposeResult = {
-        success: true,
-        port: 3001,
-        url: 'https://preview-abc123.workers.dev',
-        timestamp: '2023-01-01T00:00:00Z'
-      };
-
-      mockFetch.mockResolvedValue(
-        new Response(JSON.stringify(mockResponse), { status: 200 })
-      );
-
-      const result = await client.exposePort(3001, 'session-123', 'web-server');
-
-      expect(result.success).toBe(true);
-      expect(result.port).toBe(3001);
-      expect(result.url).toBe('https://preview-abc123.workers.dev');
-      expect(result.url.startsWith('https://')).toBe(true);
-    });
-
-    it('should expose API services on different ports', async () => {
-      const mockResponse: PortExposeResult = {
-        success: true,
-        port: 8080,
-        url: 'https://api-def456.workers.dev',
-        timestamp: '2023-01-01T00:00:00Z'
-      };
-
-      mockFetch.mockResolvedValue(
-        new Response(JSON.stringify(mockResponse), { status: 200 })
-      );
-
-      const result = await client.exposePort(8080, 'session-456', 'api-server');
-
-      expect(result.success).toBe(true);
-      expect(result.port).toBe(8080);
-      expect(result.url).toContain('api-');
-    });
-
-    it('should expose services without explicit names', async () => {
-      const mockResponse: PortExposeResult = {
-        success: true,
-        port: 5000,
-        url: 'https://service-ghi789.workers.dev',
-        timestamp: '2023-01-01T00:00:00Z'
-      };
-
-      mockFetch.mockResolvedValue(
-        new Response(JSON.stringify(mockResponse), { status: 200 })
-      );
-
-      const result = await client.exposePort(5000, 'session-789');
-
-      expect(result.success).toBe(true);
-      expect(result.port).toBe(5000);
-      expect(result.url).toBeDefined();
-    });
-  });
-
-  describe('service management', () => {
-    it('should list all exposed services', async () => {
-      const mockResponse: PortListResult = {
-        success: true,
-        ports: [
-          {
-            port: 3000,
-            url: 'https://frontend-abc123.workers.dev',
-            status: 'active'
-          },
-          {
-            port: 4000,
-            url: 'https://api-def456.workers.dev',
-            status: 'active'
-          },
-          {
-            port: 5432,
-            url: 'https://db-ghi789.workers.dev',
-            status: 'active'
-          }
-        ],
-        timestamp: '2023-01-01T00:10:00Z'
-      };
-
-      mockFetch.mockResolvedValue(
-        new Response(JSON.stringify(mockResponse), { status: 200 })
-      );
-
-      const result = await client.getExposedPorts('session-list');
-
-      expect(result.success).toBe(true);
-      expect(result.ports).toHaveLength(3);
-
-      result.ports.forEach((service) => {
-        expect(service.url).toContain('.workers.dev');
-        expect(service.port).toBeGreaterThan(0);
-      });
-    });
-
-    it('should handle empty exposed ports list', async () => {
-      const mockResponse: PortListResult = {
-        success: true,
-        ports: [],
-        timestamp: '2023-01-01T00:00:00Z'
-      };
-
-      mockFetch.mockResolvedValue(
-        new Response(JSON.stringify(mockResponse), { status: 200 })
-      );
-
-      const result = await client.getExposedPorts('session-empty');
-
-      expect(result.success).toBe(true);
-      expect(result.ports).toHaveLength(0);
-    });
-
-    it('should unexpose services cleanly', async () => {
-      const mockResponse: PortCloseResult = {
-        success: true,
-        port: 3001,
-        timestamp: '2023-01-01T00:15:00Z'
-      };
-
-      mockFetch.mockResolvedValue(
-        new Response(JSON.stringify(mockResponse), { status: 200 })
-      );
-
-      const result = await client.unexposePort(3001, 'session-unexpose');
-
-      expect(result.success).toBe(true);
-      expect(result.port).toBe(3001);
-    });
-  });
-
-  describe('port validation and error handling', () => {
-    it('should handle port already exposed errors', async () => {
-      const errorResponse = {
-        error: 'Port already exposed: 3000',
-        code: 'PORT_ALREADY_EXPOSED'
-      };
-
-      mockFetch.mockResolvedValue(
-        new Response(JSON.stringify(errorResponse), { status: 409 })
-      );
-
-      await expect(client.exposePort(3000, 'session-err')).rejects.toThrow(
-        PortAlreadyExposedError
-      );
-    });
-
-    it('should handle invalid port numbers', async () => {
-      const errorResponse = {
-        error: 'Invalid port number: 0',
-        code: 'INVALID_PORT_NUMBER'
-      };
-
-      mockFetch.mockResolvedValue(
-        new Response(JSON.stringify(errorResponse), { status: 400 })
-      );
-
-      await expect(client.exposePort(0, 'session-err')).rejects.toThrow(
-        InvalidPortError
-      );
-    });
-
-    it('should handle port in use errors', async () => {
-      const errorResponse = {
-        error: 'Port in use: 3000 is already bound by another process',
-        code: 'PORT_IN_USE'
-      };
-
-      mockFetch.mockResolvedValue(
-        new Response(JSON.stringify(errorResponse), { status: 409 })
-      );
-
-      await expect(client.exposePort(3000, 'session-err')).rejects.toThrow(
-        PortInUseError
-      );
-    });
-
-    it('should handle service not responding errors', async () => {
-      const errorResponse = {
-        error: 'Service not responding on port 8080',
-        code: 'SERVICE_NOT_RESPONDING'
-      };
-
-      mockFetch.mockResolvedValue(
-        new Response(JSON.stringify(errorResponse), { status: 503 })
-      );
-
-      await expect(client.exposePort(8080, 'session-err')).rejects.toThrow(
-        ServiceNotRespondingError
-      );
-    });
-
-    it('should handle unexpose non-existent port', async () => {
-      const errorResponse = {
-        error: 'Port not exposed: 9999',
-        code: 'PORT_NOT_EXPOSED'
-      };
-
-      mockFetch.mockResolvedValue(
-        new Response(JSON.stringify(errorResponse), { status: 404 })
-      );
-
-      await expect(client.unexposePort(9999, 'session-err')).rejects.toThrow(
-        PortNotExposedError
-      );
-    });
-
-    it('should handle port operation failures', async () => {
-      const errorResponse = {
-        error: 'Port operation failed: unable to setup proxy',
-        code: 'PORT_OPERATION_ERROR'
-      };
-
-      mockFetch.mockResolvedValue(
-        new Response(JSON.stringify(errorResponse), { status: 500 })
-      );
-
-      await expect(client.exposePort(3000, 'session-err')).rejects.toThrow(
-        PortError
-      );
-    });
-  });
-
-  describe('edge cases and resilience', () => {
-    it('should handle network failures gracefully', async () => {
-      mockFetch.mockRejectedValue(new Error('Network connection failed'));
-
-      await expect(client.exposePort(3000, 'session-net')).rejects.toThrow(
-        'Network connection failed'
-      );
-    });
-
-    it('should handle malformed server responses', async () => {
-      mockFetch.mockResolvedValue(
-        new Response('invalid json {', { status: 200 })
-      );
-
-      await expect(client.exposePort(3000, 'session-malform')).rejects.toThrow(
-        SandboxError
-      );
-    });
-  });
-});