@cloudflare/sandbox 0.7.12 → 0.7.14

package/Dockerfile

@@ -199,6 +199,12 @@ ENTRYPOINT ["/container-server/sandbox"]
 # ============================================================================
 FROM runtime-base AS opencode
 
+RUN --mount=type=secret,id=wrangler_ca \
+    if [ -f /run/secrets/wrangler_ca ] && [ -s /run/secrets/wrangler_ca ]; then \
+        cp /run/secrets/wrangler_ca /usr/local/share/ca-certificates/wrangler-dev-ca.crt && \
+        update-ca-certificates; \
+    fi
+
 # Install OpenCode CLI via npm (avoids GitHub API rate limits)
 RUN npm i -g opencode-ai \
     && opencode --version

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { $ as DirectoryBackup, A as DesktopStopResponse, At as WaitForPortOptions, B as ExecuteResponse, Bt as CreateContextOptions, C as ClickOptions, Ct as ProcessStartResult, D as DesktopStartOptions, Dt as SessionOptions, E as DesktopClient, Et as SandboxOptions, F as ScreenshotRegion, Ft as ExecuteRequest, G as HttpClientOptions, H as BaseApiResponse, Ht as ExecutionResult, I as ScreenshotResponse, It as ExposePortRequest, J as SessionRequest, K as RequestConfig, L as ScrollDirection, Lt as StartProcessRequest, M as ScreenSizeResponse, Mt as isExecResult, N as ScreenshotBytesResponse, Nt as isProcess, O as DesktopStartResponse, Ot as StreamOptions, P as ScreenshotOptions, Pt as isProcessStatus, Q as BucketProvider, R as TypeOptions, Rt as PtyOptions, S as WriteFileRequest, St as ProcessOptions, T as Desktop, Tt as RestoreBackupResult, U as ContainerStub, Ut as RunCodeOptions, V as BackupClient, Vt as Execution, W as ErrorResponse, X as BaseExecOptions, Y as BackupOptions, Z as BucketCredentials, _ as GitClient, _t as ProcessCleanupResult, a as CreateSessionRequest, at as FileMetadata, b as MkdirRequest, bt as ProcessListResult, c as DeleteSessionResponse, ct as GitCheckoutResult, d as ProcessClient, dt as LogEvent, et as ExecEvent, f as PortClient, ft as MountBucketOptions, g as GitCheckoutRequest, gt as Process, h as InterpreterClient, ht as PortListResult, i as CommandsResponse, it as FileChunk, j as KeyInput, jt as WatchOptions, k as DesktopStatusResponse, kt as WaitForLogResult, l as PingResponse, lt as ISandbox, m as ExecutionCallbacks, mt as PortExposeResult, n as getSandbox, nt as ExecResult, o as CreateSessionResponse, ot as FileStreamEvent, p as UnexposePortRequest, pt as PortCloseResult, q as ResponseHandler, r as SandboxClient, rt as ExecutionSession, s as DeleteSessionRequest, st as FileWatchSSEEvent, t as Sandbox, tt as ExecOptions, u as UtilityClient, ut as ListFilesOptions, v as FileClient, vt as ProcessInfoResult, w as CursorPositionResponse, wt as ProcessStatus, x as ReadFileRequest, xt as ProcessLogsResult, y as FileOperationRequest, yt as ProcessKillResult, z as CommandClient, zt as CodeContext } from "./sandbox-Buy5jfCP.js";
+import { $ as DirectoryBackup, A as DesktopStopResponse, At as WaitForPortOptions, B as ExecuteResponse, Bt as CreateContextOptions, C as ClickOptions, Ct as ProcessStartResult, D as DesktopStartOptions, Dt as SessionOptions, E as DesktopClient, Et as SandboxOptions, F as ScreenshotRegion, Ft as ExecuteRequest, G as HttpClientOptions, H as BaseApiResponse, Ht as ExecutionResult, I as ScreenshotResponse, It as ExposePortRequest, J as SessionRequest, K as RequestConfig, L as ScrollDirection, Lt as StartProcessRequest, M as ScreenSizeResponse, Mt as isExecResult, N as ScreenshotBytesResponse, Nt as isProcess, O as DesktopStartResponse, Ot as StreamOptions, P as ScreenshotOptions, Pt as isProcessStatus, Q as BucketProvider, R as TypeOptions, Rt as PtyOptions, S as WriteFileRequest, St as ProcessOptions, T as Desktop, Tt as RestoreBackupResult, U as ContainerStub, Ut as RunCodeOptions, V as BackupClient, Vt as Execution, W as ErrorResponse, X as BaseExecOptions, Y as BackupOptions, Z as BucketCredentials, _ as GitClient, _t as ProcessCleanupResult, a as CreateSessionRequest, at as FileMetadata, b as MkdirRequest, bt as ProcessListResult, c as DeleteSessionResponse, ct as GitCheckoutResult, d as ProcessClient, dt as LogEvent, et as ExecEvent, f as PortClient, ft as MountBucketOptions, g as GitCheckoutRequest, gt as Process, h as InterpreterClient, ht as PortListResult, i as CommandsResponse, it as FileChunk, j as KeyInput, jt as WatchOptions, k as DesktopStatusResponse, kt as WaitForLogResult, l as PingResponse, lt as ISandbox, m as ExecutionCallbacks, mt as PortExposeResult, n as getSandbox, nt as ExecResult, o as CreateSessionResponse, ot as FileStreamEvent, p as UnexposePortRequest, pt as PortCloseResult, q as ResponseHandler, r as SandboxClient, rt as ExecutionSession, s as DeleteSessionRequest, st as FileWatchSSEEvent, t as Sandbox, tt as ExecOptions, u as UtilityClient, ut as ListFilesOptions, v as FileClient, vt as ProcessInfoResult, w as CursorPositionResponse, wt as ProcessStatus, x as ReadFileRequest, xt as ProcessLogsResult, y as FileOperationRequest, yt as ProcessKillResult, z as CommandClient, zt as CodeContext } from "./sandbox-CUee1P3v.js";
 import { a as DesktopCoordinateErrorContext, d as ErrorResponse$1, f as OperationType, i as BackupRestoreContext, l as ProcessExitedBeforeReadyContext, n as BackupExpiredContext, o as DesktopErrorContext, p as ErrorCode, r as BackupNotFoundContext, s as InvalidBackupConfigContext, t as BackupCreateContext, u as ProcessReadyTimeoutContext } from "./contexts-CeQR115r.js";
 
 //#region src/errors/classes.d.ts

package/dist/index.js

@@ -1123,7 +1123,22 @@ var WebSocketTransport = class extends BaseTransport {
 					if (!firstMessageReceived) {
 						firstMessageReceived = true;
 						const pending = this.pendingRequests.get(id);
-						if (pending) pending.streamController = streamController;
+						if (pending) {
+							pending.streamController = streamController;
+							if (pending.bufferedChunks) {
+								try {
+									for (const buffered of pending.bufferedChunks) streamController.enqueue(buffered);
+								} catch (error) {
+									this.logger.debug("Failed to flush buffered chunks, cleaning up", {
+										id,
+										error: error instanceof Error ? error.message : String(error)
+									});
+									if (pending.timeoutId) clearTimeout(pending.timeoutId);
+									this.pendingRequests.delete(id);
+								}
+								pending.bufferedChunks = void 0;
+							}
+						}
 						resolveStream(stream);
 					}
 				}
@@ -1194,7 +1209,12 @@ var WebSocketTransport = class extends BaseTransport {
 			pending.onFirstChunk = void 0;
 		}
 		if (!pending.streamController) {
-			this.logger.warn("Stream chunk received but controller not ready", { id: chunk.id });
+			if (!pending.bufferedChunks) pending.bufferedChunks = [];
+			const encoder$1 = new TextEncoder();
+			let sseData$1;
+			if (chunk.event) sseData$1 = `event: ${chunk.event}\ndata: ${chunk.data}\n\n`;
+			else sseData$1 = `data: ${chunk.data}\n\n`;
+			pending.bufferedChunks.push(encoder$1.encode(sseData$1));
 			return;
 		}
 		const encoder = new TextEncoder();
@@ -2975,6 +2995,7 @@ async function proxyTerminal(stub, sessionId, request, options) {
 	const params = new URLSearchParams({ sessionId });
 	if (options?.cols) params.set("cols", String(options.cols));
 	if (options?.rows) params.set("rows", String(options.rows));
+	if (options?.shell) params.set("shell", options.shell);
 	const ptyUrl = `http://localhost/ws/pty?${params}`;
 	const ptyRequest = new Request(ptyUrl, request);
 	return stub.fetch(switchPort(ptyRequest, 3e3));
@@ -3328,7 +3349,7 @@ function buildS3fsSource(bucket, prefix) {
 * This file is auto-updated by .github/changeset-version.ts during releases
 * DO NOT EDIT MANUALLY - Changes will be overwritten on the next version bump
 */
-const SDK_VERSION = "0.7.12";
+const SDK_VERSION = "0.7.14";
 
 //#endregion
 //#region src/sandbox.ts
@@ -3569,6 +3590,7 @@ var Sandbox = class Sandbox extends Container {
 	async setKeepAlive(keepAlive) {
 		this.keepAliveEnabled = keepAlive;
 		await this.ctx.storage.put("keepAliveEnabled", keepAlive);
+		if (!keepAlive) this.renewActivityTimeout();
 	}
 	async setEnvVars(envVars) {
 		const { toSet, toUnset } = partitionEnvVars(envVars);
@@ -3848,22 +3870,84 @@ var Sandbox = class Sandbox extends Container {
 					}
 				});
 			} catch (e) {
-				if (this.isNoInstanceError(e)) return new Response("Container is currently provisioning. This can take several minutes on first deployment. Please retry in a moment.", {
-					status: 503,
-					headers: { "Retry-After": "10" }
-				});
+				if (this.isNoInstanceError(e)) {
+					const errorBody$1 = {
+						code: ErrorCode.INTERNAL_ERROR,
+						message: "Container is currently provisioning. This can take several minutes on first deployment.",
+						context: { phase: "provisioning" },
+						httpStatus: 503,
+						timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+						suggestion: "This is expected during first deployment. The SDK will retry automatically."
+					};
+					return new Response(JSON.stringify(errorBody$1), {
+						status: 503,
+						headers: {
+							"Content-Type": "application/json",
+							"Retry-After": "10"
+						}
+					});
+				}
+				if (this.isPermanentStartupError(e)) {
+					this.logger.error("Permanent container startup error, returning 500", e instanceof Error ? e : new Error(String(e)));
+					const errorBody$1 = {
+						code: ErrorCode.INTERNAL_ERROR,
+						message: "Container failed to start due to a permanent error. Check your container configuration.",
+						context: {
+							phase: "startup",
+							error: e instanceof Error ? e.message : String(e)
+						},
+						httpStatus: 500,
+						timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+						suggestion: "This error will not resolve with retries. Check container logs, image name, and resource limits."
+					};
+					return new Response(JSON.stringify(errorBody$1), {
+						status: 500,
+						headers: { "Content-Type": "application/json" }
+					});
+				}
 				if (this.isTransientStartupError(e)) {
 					if (staleStateDetected) {
 						this.logger.warn("Container startup failed after stale state detection, aborting DO for recovery", { error: e instanceof Error ? e.message : String(e) });
 						this.ctx.abort();
 					} else this.logger.debug("Transient container startup error, returning 503", { error: e instanceof Error ? e.message : String(e) });
-					return new Response("Container is starting. Please retry in a moment.", {
+					const errorBody$1 = {
+						code: ErrorCode.INTERNAL_ERROR,
+						message: "Container is starting. Please retry in a moment.",
+						context: {
+							phase: "startup",
+							error: e instanceof Error ? e.message : String(e)
+						},
+						httpStatus: 503,
+						timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+						suggestion: "The container is booting. The SDK will retry automatically."
+					};
+					return new Response(JSON.stringify(errorBody$1), {
 						status: 503,
-						headers: { "Retry-After": "3" }
+						headers: {
+							"Content-Type": "application/json",
+							"Retry-After": "3"
+						}
 					});
 				}
-				this.logger.error("Container startup failed with permanent error", e instanceof Error ? e : new Error(String(e)));
-				return new Response(`Failed to start container: ${e instanceof Error ? e.message : String(e)}`, { status: 500 });
+				this.logger.warn("Unrecognized container startup error, returning 503 for retry", { error: e instanceof Error ? e.message : String(e) });
+				const errorBody = {
+					code: ErrorCode.INTERNAL_ERROR,
+					message: "Container is starting. Please retry in a moment.",
+					context: {
+						phase: "startup",
+						error: e instanceof Error ? e.message : String(e)
+					},
+					httpStatus: 503,
+					timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+					suggestion: "The SDK will retry automatically. If this persists, the container may need redeployment."
+				};
+				return new Response(JSON.stringify(errorBody), {
+					status: 503,
+					headers: {
+						"Content-Type": "application/json",
+						"Retry-After": "5"
+					}
+				});
 			}
 		}
 		return await super.containerFetch(requestOrUrl, portOrInit, portParam);
@@ -3909,6 +3993,30 @@ var Sandbox = class Sandbox extends Container {
 		].some((pattern) => msg.includes(pattern));
 	}
 	/**
+	* Helper: Check if error is a permanent startup failure that will never recover
+	*
+	* These errors indicate resource exhaustion, misconfiguration, or missing images.
+	* Retrying will never succeed, so the SDK should fail fast with HTTP 500.
+	*
+	* Error sources (traced from platform internals):
+	*   - Container runtime: OOM, PID limit
+	*   - Scheduling/provisioning: no matching app, no namespace configured
+	*   - workerd container-client.c++: no such image
+	*   - @cloudflare/containers: did not call start
+	*/
+	isPermanentStartupError(error) {
+		if (!(error instanceof Error)) return false;
+		const msg = error.message.toLowerCase();
+		return [
+			"ran out of memory",
+			"too many subprocesses",
+			"no application that matches",
+			"no container application assigned",
+			"no such image",
+			"did not call start"
+		].some((pattern) => msg.includes(pattern));
+	}
+	/**
 	* Helper: Parse containerFetch arguments (supports multiple signatures)
 	*/
 	parseContainerFetchArgs(requestOrUrl, portOrInit, portParam) {
@@ -4168,9 +4276,6 @@ var Sandbox = class Sandbox extends Container {
 		}
 		try {
 			const streamProcessor = async () => {
-				const DEBOUNCE_MS = 50;
-				let lastCheckTime = 0;
-				let pendingCheck = false;
 				const checkPattern = () => {
 					const stdoutResult = this.matchPattern(collectedStdout, pattern);
 					if (stdoutResult) return stdoutResult;
@@ -4183,27 +4288,17 @@ var Sandbox = class Sandbox extends Container {
 						const data = event.data || "";
 						if (event.type === "stdout") collectedStdout += data;
 						else collectedStderr += data;
-						pendingCheck = true;
-						const now = Date.now();
-						if (now - lastCheckTime >= DEBOUNCE_MS) {
-							lastCheckTime = now;
-							pendingCheck = false;
-							const result = checkPattern();
-							if (result) return result;
-						}
+						const result = checkPattern();
+						if (result) return result;
 					}
 					if (event.type === "exit") {
-						if (pendingCheck) {
-							const result = checkPattern();
-							if (result) return result;
-						}
+						const result = checkPattern();
+						if (result) return result;
 						throw this.createExitedBeforeReadyError(processId, command, conditionStr, event.exitCode ?? 1);
 					}
 				}
-				if (pendingCheck) {
-					const result = checkPattern();
-					if (result) return result;
-				}
+				const finalResult = checkPattern();
+				if (finalResult) return finalResult;
 				throw this.createExitedBeforeReadyError(processId, command, conditionStr, 0);
 			};
 			if (timeoutPromise) return await Promise.race([streamProcessor(), timeoutPromise]);