@cloudflare/sandbox 0.9.1 → 0.9.2

package/dist/{sandbox-PAYx1CcU.js → sandbox-CReFGUtF.js}

@@ -1,5 +1,5 @@
 import { _ as GitLogger, b as getEnvString, c as parseSSEFrames, d as createNoOpLogger, f as TraceContext, g as DEFAULT_GIT_CLONE_TIMEOUT_MS, h as ResultImpl, i as isWSStreamChunk, l as shellEscape, m as Execution, n as isWSError, p as logCanonicalEvent, r as isWSResponse, t as generateRequestId, u as createLogger, v as extractRepoName, x as partitionEnvVars, y as filterEnvVars } from "./dist-B_eXrP83.js";
-import { n as ErrorCode, t as getHttpStatus } from "./errors-LE3HHcRb.js";
+import { n as getHttpStatus, r as ErrorCode, t as getSuggestion } from "./errors-CBi-O-pF.js";
 import { Container, getContainer, switchPort } from "@cloudflare/containers";
 import { AwsClient } from "aws4fetch";
 import { RpcSession } from "capnweb";
@@ -11,8 +11,8 @@ import path from "node:path/posix";
 * Preserves all error information from container
 */
 var SandboxError = class extends Error {
-	constructor(errorResponse) {
-		super(errorResponse.message);
+	constructor(errorResponse, options) {
+		super(errorResponse.message, options);
 		this.errorResponse = errorResponse;
 		this.name = "SandboxError";
 	}
@@ -664,6 +664,30 @@ var DesktopInvalidCoordinatesError = class extends SandboxError {
 		this.name = "DesktopInvalidCoordinatesError";
 	}
 };
+/**
+* Raised when the capnweb WebSocket session itself fails on the SDK side.
+* Unlike the rest of the SandboxError tree, the container never produces
+* this error — it is synthesised by `translateRPCError` from the plain
+* Errors capnweb / DeferredTransport raise when the connection dies.
+*
+* `kind` distinguishes the failure mode (peer close, upgrade failed, etc.)
+* so callers can branch on a structured code instead of substring-matching
+* on the message.
+*
+* Always retryable: the SDK opens a fresh connection on the next call.
+*/
+var RPCTransportError = class extends SandboxError {
+	constructor(errorResponse, options) {
+		super(errorResponse, options);
+		this.name = "RPCTransportError";
+	}
+	get kind() {
+		return this.errorResponse.context.kind;
+	}
+	get originalMessage() {
+		return this.errorResponse.context.originalMessage;
+	}
+};
 
 //#endregion
 //#region src/errors/adapter.ts
@@ -671,7 +695,7 @@ var DesktopInvalidCoordinatesError = class extends SandboxError {
 * Convert ErrorResponse to appropriate Error class
 * Simple switch statement - we trust the container sends correct context
 */
-function createErrorFromResponse(errorResponse) {
+function createErrorFromResponse(errorResponse, options) {
 	switch (errorResponse.code) {
 		case ErrorCode.FILE_NOT_FOUND: return new FileNotFoundError(errorResponse);
 		case ErrorCode.FILE_EXISTS: return new FileExistsError(errorResponse);
@@ -727,6 +751,7 @@ function createErrorFromResponse(errorResponse) {
 		case ErrorCode.DESKTOP_PROCESS_CRASHED: return new DesktopProcessCrashedError(errorResponse);
 		case ErrorCode.DESKTOP_INVALID_OPTIONS: return new DesktopInvalidOptionsError(errorResponse);
 		case ErrorCode.DESKTOP_INVALID_COORDINATES: return new DesktopInvalidCoordinatesError(errorResponse);
+		case ErrorCode.RPC_TRANSPORT_ERROR: return new RPCTransportError(errorResponse, options);
 		case ErrorCode.VALIDATION_FAILED: return new ValidationFailedError(errorResponse);
 		case ErrorCode.INVALID_JSON_RESPONSE:
 		case ErrorCode.UNKNOWN_ERROR:
@@ -2712,6 +2737,14 @@ const BACKUP_ALLOWED_PREFIXES = [
 	"/var/tmp",
 	"/app"
 ];
+function normalizeBackupExcludePattern(pattern) {
+	let normalized = pattern;
+	while (normalized.startsWith("**/")) normalized = normalized.slice(3);
+	while (normalized.includes("/**/")) normalized = normalized.replace(/\/\*\*\//g, "/");
+	if (normalized.endsWith("/**")) normalized = normalized.slice(0, -3);
+	if (!normalized || normalized === "**") return null;
+	return normalized;
+}
 
 //#endregion
 //#region src/container-connection.ts
@@ -2847,12 +2880,13 @@ var DeferredTransport = class {
 				this.#receiveResolver = void 0;
 				this.#receiveRejecter = void 0;
 			} else this.#receiveQueue.push(event.data);
+			else this.#fail(/* @__PURE__ */ new TypeError("Received non-string message from WebSocket."));
 		});
 		ws.addEventListener("close", (event) => {
 			this.#fail(/* @__PURE__ */ new Error(`Peer closed WebSocket: ${event.code} ${event.reason}`));
 		});
 		ws.addEventListener("error", () => {
-			this.#fail(/* @__PURE__ */ new Error("WebSocket connection failed"));
+			this.#fail(/* @__PURE__ */ new Error("WebSocket connection failed."));
 		});
 		for (const msg of this.#sendQueue) ws.send(msg);
 		this.#sendQueue = [];
@@ -2924,19 +2958,65 @@ const IDLE_EXPORT_THRESHOLD = 1;
 * string: `{"code":"...","message":"...","context":{...}}`.
 */
 function translateRPCError(error) {
-	if (error instanceof Error) try {
-		const payload = JSON.parse(error.message);
-		if (typeof payload.code === "string" && typeof payload.message === "string") throw createErrorFromResponse({
+	if (error instanceof Error) {
+		let payload;
+		try {
+			payload = JSON.parse(error.message);
+		} catch {}
+		if (payload && typeof payload.code === "string" && typeof payload.message === "string") throw createErrorFromResponse({
 			code: payload.code,
 			message: payload.message,
 			context: payload.context ?? {},
 			httpStatus: getHttpStatus(payload.code),
 			timestamp: (/* @__PURE__ */ new Date()).toISOString()
 		});
-	} catch (e) {
-		if (e instanceof Error && e !== error) throw e;
+		throw createErrorFromResponse(buildTransportErrorResponse(error), { cause: error });
 	}
-	throw error;
+	throw createErrorFromResponse(buildTransportErrorResponse(new Error(String(error))), { cause: error });
+}
+/**
+* Inspect a transport-level Error's message and produce the ErrorResponse
+* that becomes an RPCTransportError. Pattern strings are pinned to the exact
+* messages emitted by capnweb's WebSocketTransport (see capnweb's
+* src/websocket.ts) and our DeferredTransport in container-connection.ts —
+* notably the trailing period in `WebSocket connection failed.` matches
+* capnweb verbatim. The DeferredTransport tests in
+* tests/container-connection.test.ts pin the literal strings.
+*/
+function buildTransportErrorResponse(error) {
+	const message = error.message;
+	const errorName = error.name;
+	let kind = "unknown";
+	let closeCode;
+	let closeReason;
+	if (errorName === "TypeError") kind = "invalid_frame";
+	else if (errorName === "SyntaxError") kind = "protocol_error";
+	else {
+		const peerCloseMatch = message.match(/^Peer closed WebSocket: (\d+) ?(.*)$/);
+		if (peerCloseMatch) {
+			kind = "peer_closed";
+			closeCode = Number(peerCloseMatch[1]);
+			closeReason = peerCloseMatch[2] || void 0;
+		} else if (message === "WebSocket connection failed.") kind = "connection_failed";
+		else if (message.startsWith("WebSocket upgrade failed")) kind = "upgrade_failed";
+		else if (message === "No WebSocket in upgrade response") kind = "upgrade_failed";
+		else if (message === "RPC session was shut down by disposing the main stub" || message === "RPC was canceled because the RpcPromise was disposed.") kind = "session_disposed";
+	}
+	const context = {
+		kind,
+		originalMessage: message,
+		errorName,
+		...closeCode !== void 0 ? { closeCode } : {},
+		...closeReason !== void 0 ? { closeReason } : {}
+	};
+	return {
+		code: ErrorCode.RPC_TRANSPORT_ERROR,
+		message,
+		context,
+		httpStatus: getHttpStatus(ErrorCode.RPC_TRANSPORT_ERROR),
+		suggestion: getSuggestion(ErrorCode.RPC_TRANSPORT_ERROR, context),
+		timestamp: (/* @__PURE__ */ new Date()).toISOString()
+	};
 }
 /**
 * Wrap a capnweb RPC stub so that every method call translates errors
@@ -4111,7 +4191,7 @@ function isLocalhostPattern(hostname) {
 * This file is auto-updated by .github/changeset-version.ts during releases
 * DO NOT EDIT MANUALLY - Changes will be overwritten on the next version bump
 */
-const SDK_VERSION = "0.9.1";
+const SDK_VERSION = "0.9.2";
 
 //#endregion
 //#region src/sandbox.ts
@@ -6362,6 +6442,22 @@ var Sandbox = class Sandbox extends Container {
 		});
 		return this.backupBucket;
 	}
+	normalizeBackupExcludes(excludes) {
+		const normalizedExcludes = [];
+		for (const pattern of excludes) {
+			const normalized = normalizeBackupExcludePattern(pattern);
+			if (normalized === null) {
+				this.logger.warn("Exclude pattern reduced to empty after globstar normalization; skipping", { original: pattern });
+				continue;
+			}
+			if (normalized !== pattern) this.logger.warn("Exclude pattern contained ** (globstar) which mksquashfs does not support; normalized automatically", {
+				original: pattern,
+				normalized
+			});
+			normalizedExcludes.push(normalized);
+		}
+		return normalizedExcludes;
+	}
 	static PRESIGNED_URL_EXPIRY_SECONDS = 3600;
 	/**
 	* Create a unique, dedicated session for a single backup operation.
@@ -6592,12 +6688,13 @@ var Sandbox = class Sandbox extends Container {
 				context: { reason: "excludes must be an array of strings" },
 				timestamp: (/* @__PURE__ */ new Date()).toISOString()
 			});
+			const normalizedExcludes = this.normalizeBackupExcludes(excludes);
 			backupSession = await this.ensureBackupSession();
 			backupId = crypto.randomUUID();
 			const archivePath = `${BACKUP_CONTAINER_DIR}/${backupId}.sqsh`;
 			const createResult = await this.client.backup.createArchive(dir, archivePath, backupSession, {
 				gitignore,
-				excludes
+				excludes: normalizedExcludes
 			});
 			if (!createResult.success) throw new BackupCreateError({
 				message: "Container failed to create backup archive",
@@ -6713,12 +6810,13 @@ var Sandbox = class Sandbox extends Container {
 				context: { reason: "excludes must be an array of strings" },
 				timestamp: (/* @__PURE__ */ new Date()).toISOString()
 			});
+			const normalizedExcludes = this.normalizeBackupExcludes(excludes);
 			backupSession = await this.ensureBackupSession();
 			backupId = crypto.randomUUID();
 			const archivePath = `${BACKUP_CONTAINER_DIR}/${backupId}.sqsh`;
 			const createResult = await this.client.backup.createArchive(dir, archivePath, backupSession, {
 				gitignore,
-				excludes
+				excludes: normalizedExcludes
 			});
 			if (!createResult.success) throw new BackupCreateError({
 				message: "Container failed to create backup archive",
@@ -7070,5 +7168,5 @@ var Sandbox = class Sandbox extends Container {
 };
 
 //#endregion
-export { DesktopInvalidOptionsError as A, CommandClient as C, BackupNotFoundError as D, BackupExpiredError as E, InvalidBackupConfigError as F, ProcessExitedBeforeReadyError as I, ProcessReadyTimeoutError as L, DesktopProcessCrashedError as M, DesktopStartFailedError as N, BackupRestoreError as O, DesktopUnavailableError as P, SessionTerminatedError as R, DesktopClient as S, BackupCreateError as T, UtilityClient as _, BucketMountError as a, GitClient as b, MissingCredentialsError as c, parseSSEStream as d, responseToAsyncIterable as f, SandboxClient as g, streamFile as h, proxyTerminal as i, DesktopNotStartedError as j, DesktopInvalidCoordinatesError as k, S3FSMountError as l, collectFile as m, getSandbox as n, BucketUnmountError as o, CodeInterpreter as p, proxyToSandbox as r, InvalidMountConfigError as s, Sandbox as t, asyncIterableToSSEStream as u, ProcessClient as v, BackupClient as w, FileClient as x, PortClient as y };
-//# sourceMappingURL=sandbox-PAYx1CcU.js.map
+export { DesktopInvalidOptionsError as A, CommandClient as C, BackupNotFoundError as D, BackupExpiredError as E, InvalidBackupConfigError as F, ProcessExitedBeforeReadyError as I, ProcessReadyTimeoutError as L, DesktopProcessCrashedError as M, DesktopStartFailedError as N, BackupRestoreError as O, DesktopUnavailableError as P, RPCTransportError as R, DesktopClient as S, BackupCreateError as T, UtilityClient as _, BucketMountError as a, GitClient as b, MissingCredentialsError as c, parseSSEStream as d, responseToAsyncIterable as f, SandboxClient as g, streamFile as h, proxyTerminal as i, DesktopNotStartedError as j, DesktopInvalidCoordinatesError as k, S3FSMountError as l, collectFile as m, getSandbox as n, BucketUnmountError as o, CodeInterpreter as p, proxyToSandbox as r, InvalidMountConfigError as s, Sandbox as t, asyncIterableToSSEStream as u, ProcessClient as v, BackupClient as w, FileClient as x, PortClient as y, SessionTerminatedError as z };
+//# sourceMappingURL=sandbox-CReFGUtF.js.map