npm - @giselles-ai/sandbox-agent-core - Versions diffs - 0.1.2 → 0.1.4 - Mend

@giselles-ai/sandbox-agent-core 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,54 +1,54 @@
-import { BridgeRequest, BridgeResponse, BridgeErrorCode } from '@giselles-ai/browser-tool';
-import Redis from 'ioredis';
 import { z } from 'zod';
+import { RelayRequest, RelayResponse, RelayErrorCode } from '@giselles-ai/browser-tool';
+import Redis from 'ioredis';
+declare const requestSchema: z.ZodObject<{
+    message: z.ZodString;
+    session_id: z.ZodOptional<z.ZodString>;
+    sandbox_id: z.ZodOptional<z.ZodString>;
+    relay_session_id: z.ZodString;
+    relay_token: z.ZodString;
+}, z.core.$strip>;
+type GeminiChatRouteOptions = {
+    requestParser?: typeof requestSchema;
+};
+declare function createGeminiChatHandler(_options?: GeminiChatRouteOptions): (request: Request) => Promise<Response>;
+declare function createRelayHandler(): {
+    GET: (request: Request) => Promise<Response>;
+    POST: (request: Request) => Promise<Response>;
+};
-declare const BRIDGE_SSE_KEEPALIVE_INTERVAL_MS: number;
+declare const RELAY_SSE_KEEPALIVE_INTERVAL_MS: number;
 declare global {
-    var __geminiBrowserToolBridgeRedis: Redis | undefined;
+    var __browserToolRelayRedis: Redis | undefined;
 }
-declare class BridgeBrokerError extends Error {
-    readonly code: BridgeErrorCode;
+declare class RelayStoreError extends Error {
+    readonly code: RelayErrorCode;
     readonly status: number;
-    constructor(code: BridgeErrorCode, message: string, status: number);
+    constructor(code: RelayErrorCode, message: string, status: number);
 }
-declare function createBridgeSubscriber(): Redis;
-declare function bridgeRequestChannel(sessionId: string): string;
-declare function createBridgeSession(): Promise<{
+declare function createRelaySubscriber(): Redis;
+declare function relayRequestChannel(sessionId: string): string;
+declare function createRelaySession(): Promise<{
     sessionId: string;
     token: string;
     expiresAt: number;
 }>;
-declare function assertBridgeSession(sessionId: string, token: string): Promise<void>;
-declare function markBridgeBrowserConnected(sessionId: string, token: string): Promise<void>;
-declare function touchBridgeBrowserConnected(sessionId: string): Promise<void>;
-declare function dispatchBridgeRequest(input: {
+declare function assertRelaySession(sessionId: string, token: string): Promise<void>;
+declare function markBrowserConnected(sessionId: string, token: string): Promise<void>;
+declare function touchBrowserConnected(sessionId: string): Promise<void>;
+declare function dispatchRelayRequest(input: {
     sessionId: string;
     token: string;
-    request: BridgeRequest;
+    request: RelayRequest;
     timeoutMs?: number;
-}): Promise<BridgeResponse>;
-declare function resolveBridgeResponse(input: {
+}): Promise<RelayResponse>;
+declare function resolveRelayResponse(input: {
     sessionId: string;
     token: string;
-    response: BridgeResponse;
+    response: RelayResponse;
 }): Promise<void>;
-declare function toBridgeError(error: unknown): BridgeBrokerError;
-declare function createBridgeHandler(): {
-    GET: (request: Request) => Promise<Response>;
-    POST: (request: Request) => Promise<Response>;
-};
-declare const requestSchema: z.ZodObject<{
-    message: z.ZodString;
-    session_id: z.ZodOptional<z.ZodString>;
-    sandbox_id: z.ZodOptional<z.ZodString>;
-    bridge_session_id: z.ZodString;
-    bridge_token: z.ZodString;
-}, z.core.$strip>;
-type GeminiChatRouteOptions = {
-    requestParser?: typeof requestSchema;
-};
-declare function createGeminiChatHandler(_options?: GeminiChatRouteOptions): (request: Request) => Promise<Response>;
+declare function toRelayError(error: unknown): RelayStoreError;
-export { BRIDGE_SSE_KEEPALIVE_INTERVAL_MS, assertBridgeSession, bridgeRequestChannel, createBridgeHandler, createBridgeSession, createBridgeSubscriber, createGeminiChatHandler, dispatchBridgeRequest, markBridgeBrowserConnected, resolveBridgeResponse, toBridgeError, touchBridgeBrowserConnected };
+export { RELAY_SSE_KEEPALIVE_INTERVAL_MS, assertRelaySession, createGeminiChatHandler, createRelayHandler, createRelaySession, createRelaySubscriber, dispatchRelayRequest, markBrowserConnected, relayRequestChannel, resolveRelayResponse, toRelayError, touchBrowserConnected };

package/dist/index.js CHANGED Viewed

@@ -1,14 +1,247 @@
-// src/bridge-broker.ts
+// src/chat-handler.ts
+import { Writable } from "stream";
+import { Sandbox } from "@vercel/sandbox";
+import { z } from "zod";
+var GEMINI_SETTINGS_PATH = "/home/vercel-sandbox/.gemini/settings.json";
+var requestSchema = z.object({
+  message: z.string().min(1),
+  session_id: z.string().min(1).optional(),
+  sandbox_id: z.string().min(1).optional(),
+  relay_session_id: z.string().min(1),
+  relay_token: z.string().min(1)
+});
+function requiredEnv(name) {
+  const value = process.env[name]?.trim();
+  if (!value) {
+    throw new Error(`Missing required environment variable: ${name}`);
+  }
+  return value;
+}
+function extractTokenFromRequest(request) {
+  const oidcToken = request.headers.get("x-vercel-oidc-token")?.trim();
+  if (oidcToken) {
+    return oidcToken;
+  }
+  const authorization = request.headers.get("authorization")?.trim();
+  if (!authorization) {
+    return void 0;
+  }
+  if (/^bearer\s+/i.test(authorization)) {
+    return authorization.replace(/^bearer\s+/i, "").trim();
+  }
+  return authorization;
+}
+function buildMcpEnv(input) {
+  const env = {
+    BROWSER_TOOL_RELAY_URL: input.relayUrl,
+    BROWSER_TOOL_RELAY_SESSION_ID: input.relaySessionId,
+    BROWSER_TOOL_RELAY_TOKEN: input.relayToken
+  };
+  if (input.oidcToken) {
+    env.VERCEL_OIDC_TOKEN = input.oidcToken;
+  }
+  if (input.vercelProtectionBypass?.trim()) {
+    env.VERCEL_PROTECTION_BYPASS = input.vercelProtectionBypass.trim();
+  }
+  if (input.giselleProtectionBypass?.trim()) {
+    env.GISELLE_PROTECTION_BYPASS = input.giselleProtectionBypass.trim();
+  }
+  return env;
+}
+async function patchGeminiSettingsEnv(sandbox, mcpEnv) {
+  const buffer = await sandbox.readFileToBuffer({
+    path: GEMINI_SETTINGS_PATH
+  });
+  if (!buffer) {
+    throw new Error(
+      `Gemini settings not found in sandbox at ${GEMINI_SETTINGS_PATH}. Ensure the snapshot contains a pre-configured settings.json.`
+    );
+  }
+  const settings = JSON.parse(new TextDecoder().decode(buffer));
+  if (settings.mcpServers) {
+    settings.mcpServers = Object.fromEntries(
+      Object.entries(settings.mcpServers).map(([key, server]) => [
+        key,
+        { ...server, env: { ...server.env, ...mcpEnv } }
+      ])
+    );
+  }
+  await sandbox.writeFiles([
+    {
+      path: GEMINI_SETTINGS_PATH,
+      content: Buffer.from(JSON.stringify(settings, null, 2))
+    }
+  ]);
+}
+function emitText(controller, text, encoder) {
+  if (text.length === 0) {
+    return;
+  }
+  controller.enqueue(encoder.encode(text));
+}
+function emitEvent(controller, payload, encoder) {
+  emitText(controller, `${JSON.stringify(payload)}
+`, encoder);
+}
+function createGeminiChatHandler(_options = {}) {
+  const requestParser = requestSchema;
+  return async function POST(request) {
+    const payload = await request.json().catch(() => null);
+    const parsed = requestParser.safeParse(payload);
+    if (!parsed.success) {
+      return Response.json(
+        {
+          error: "Invalid request payload.",
+          detail: parsed.error.flatten()
+        },
+        { status: 400 }
+      );
+    }
+    const stream = new ReadableStream({
+      start(controller) {
+        const encoder = new TextEncoder();
+        const abortController = new AbortController();
+        let closed = false;
+        const close = () => {
+          if (closed) {
+            return;
+          }
+          closed = true;
+          try {
+            controller.close();
+          } catch {
+          }
+        };
+        const onAbort = () => {
+          if (!abortController.signal.aborted) {
+            abortController.abort();
+          }
+          close();
+        };
+        if (request.signal.aborted) {
+          onAbort();
+          return;
+        }
+        request.signal.addEventListener("abort", onAbort);
+        const enqueueEvent = (payload2) => {
+          if (closed) {
+            return;
+          }
+          emitEvent(controller, payload2, encoder);
+        };
+        const enqueueStdout = (text) => {
+          if (closed) {
+            return;
+          }
+          emitText(controller, text, encoder);
+        };
+        (async () => {
+          const geminiApiKey = requiredEnv("GEMINI_API_KEY");
+          const sandboxSnapshotId = requiredEnv("SANDBOX_SNAPSHOT_ID");
+          const oidcToken = extractTokenFromRequest(request) ?? process.env.VERCEL_OIDC_TOKEN ?? "";
+          if (!oidcToken) {
+            throw new Error(
+              "Planner authentication is required: set OIDC token in x-vercel-oidc-token or VERCEL_OIDC_TOKEN."
+            );
+          }
+          const vercelProtectionBypass = process.env.VERCEL_PROTECTION_BYPASS?.trim() || void 0;
+          const giselleProtectionBypass = process.env.GISELLE_PROTECTION_PASSWORD?.trim() || void 0;
+          const relayUrl = process.env.BROWSER_TOOL_RELAY_URL?.trim() || new URL(request.url).origin;
+          const {
+            message,
+            session_id: sessionId,
+            sandbox_id: sandboxId,
+            relay_session_id: relaySessionId,
+            relay_token: relayToken
+          } = parsed.data;
+          const sandbox = sandboxId ? await Sandbox.get({ sandboxId }) : await Sandbox.create({
+            source: {
+              type: "snapshot",
+              snapshotId: sandboxSnapshotId
+            }
+          });
+          enqueueEvent({ type: "sandbox", sandbox_id: sandbox.sandboxId });
+          const mcpEnv = buildMcpEnv({
+            relayUrl,
+            relaySessionId,
+            relayToken,
+            oidcToken,
+            vercelProtectionBypass,
+            giselleProtectionBypass
+          });
+          await patchGeminiSettingsEnv(sandbox, mcpEnv);
+          const args = [
+            "--prompt",
+            message,
+            "--output-format",
+            "stream-json",
+            "--approval-mode",
+            "yolo"
+          ];
+          if (sessionId) {
+            args.push("--resume", sessionId);
+          }
+          await sandbox.runCommand({
+            cmd: "gemini",
+            args,
+            env: {
+              GEMINI_API_KEY: geminiApiKey
+            },
+            stdout: new Writable({
+              write(chunk, _encoding, callback) {
+                const text = typeof chunk === "string" ? chunk : chunk.toString("utf8");
+                enqueueStdout(text);
+                callback();
+              }
+            }),
+            stderr: new Writable({
+              write(chunk, _encoding, callback) {
+                const text = typeof chunk === "string" ? chunk : chunk.toString("utf8");
+                enqueueEvent({ type: "stderr", content: text });
+                callback();
+              }
+            }),
+            signal: abortController.signal
+          });
+        })().catch((error) => {
+          if (abortController.signal.aborted) {
+            return;
+          }
+          const message = error instanceof Error ? error.message : String(error);
+          enqueueEvent({ type: "stderr", content: `[error] ${message}` });
+        }).finally(() => {
+          request.signal.removeEventListener("abort", onAbort);
+          close();
+        });
+      }
+    });
+    return new Response(stream, {
+      headers: {
+        "Content-Type": "application/x-ndjson; charset=utf-8",
+        "Cache-Control": "no-cache, no-transform"
+      }
+    });
+  };
+}
+// src/relay-handler.ts
+import {
+  relayRequestSchema,
+  relayResponseSchema as relayResponseSchema2
+} from "@giselles-ai/browser-tool";
+import { z as z2 } from "zod";
+// src/relay-store.ts
 import { randomUUID } from "crypto";
 import {
-  bridgeResponseSchema
+  relayResponseSchema
 } from "@giselles-ai/browser-tool";
 import Redis from "ioredis";
 var DEFAULT_SESSION_TTL_MS = 10 * 60 * 1e3;
 var DEFAULT_REQUEST_TTL_SEC = 60;
 var DEFAULT_DISPATCH_TIMEOUT_MS = 20 * 1e3;
 var BROWSER_PRESENCE_TTL_SEC = 90;
-var BRIDGE_SSE_KEEPALIVE_INTERVAL_MS = 20 * 1e3;
+var RELAY_SSE_KEEPALIVE_INTERVAL_MS = 20 * 1e3;
 var REDIS_URL_ENV_CANDIDATES = [
   "REDIS_URL",
   "REDIS_TLS_URL",
@@ -16,13 +249,13 @@ var REDIS_URL_ENV_CANDIDATES = [
   "UPSTASH_REDIS_TLS_URL",
   "UPSTASH_REDIS_URL"
 ];
-var BRIDGE_SUBSCRIBER_REDIS_OPTIONS = {
+var RELAY_SUBSCRIBER_REDIS_OPTIONS = {
   enableReadyCheck: false,
   autoResubscribe: false,
   autoResendUnfulfilledCommands: false,
   maxRetriesPerRequest: 2
 };
-var BridgeBrokerError = class extends Error {
+var RelayStoreError = class extends Error {
   code;
   status;
   constructor(code, message, status) {
@@ -31,22 +264,22 @@ var BridgeBrokerError = class extends Error {
     this.status = status;
   }
 };
-function createBridgeError(code, message) {
+function createRelayError(code, message) {
   switch (code) {
     case "UNAUTHORIZED":
-      return new BridgeBrokerError(code, message, 401);
+      return new RelayStoreError(code, message, 401);
     case "NO_BROWSER":
-      return new BridgeBrokerError(code, message, 409);
+      return new RelayStoreError(code, message, 409);
     case "TIMEOUT":
-      return new BridgeBrokerError(code, message, 408);
+      return new RelayStoreError(code, message, 408);
     case "INVALID_RESPONSE":
-      return new BridgeBrokerError(code, message, 422);
+      return new RelayStoreError(code, message, 422);
     case "NOT_FOUND":
-      return new BridgeBrokerError(code, message, 404);
+      return new RelayStoreError(code, message, 404);
     case "INTERNAL":
-      return new BridgeBrokerError(code, message, 500);
+      return new RelayStoreError(code, message, 500);
     default:
-      return new BridgeBrokerError("INTERNAL", message, 500);
+      return new RelayStoreError("INTERNAL", message, 500);
   }
 }
 function resolveRedisUrl() {
@@ -56,39 +289,39 @@ function resolveRedisUrl() {
       return value;
     }
   }
-  throw createBridgeError(
+  throw createRelayError(
     "INTERNAL",
     `Missing Redis URL. Set one of: ${REDIS_URL_ENV_CANDIDATES.join(", ")}`
   );
 }
 function getRedisClient() {
-  if (!globalThis.__geminiBrowserToolBridgeRedis) {
-    globalThis.__geminiBrowserToolBridgeRedis = new Redis(resolveRedisUrl(), {
+  if (!globalThis.__browserToolRelayRedis) {
+    globalThis.__browserToolRelayRedis = new Redis(resolveRedisUrl(), {
       maxRetriesPerRequest: 2
     });
   }
-  return globalThis.__geminiBrowserToolBridgeRedis;
+  return globalThis.__browserToolRelayRedis;
 }
-function createBridgeSubscriber() {
-  return getRedisClient().duplicate(BRIDGE_SUBSCRIBER_REDIS_OPTIONS);
+function createRelaySubscriber() {
+  return getRedisClient().duplicate(RELAY_SUBSCRIBER_REDIS_OPTIONS);
 }
 function sessionKey(sessionId) {
-  return `bridge:session:${sessionId}`;
+  return `relay:session:${sessionId}`;
 }
 function browserPresenceKey(sessionId) {
-  return `bridge:browser:${sessionId}`;
+  return `relay:browser:${sessionId}`;
 }
 function requestTypeKey(sessionId, requestId) {
-  return `bridge:req:${sessionId}:${requestId}:type`;
+  return `relay:req:${sessionId}:${requestId}:type`;
 }
 function responseKey(sessionId, requestId) {
-  return `bridge:resp:${sessionId}:${requestId}`;
+  return `relay:resp:${sessionId}:${requestId}`;
 }
-function bridgeRequestChannel(sessionId) {
-  return `bridge:${sessionId}:request`;
+function relayRequestChannel(sessionId) {
+  return `relay:${sessionId}:request`;
 }
-function bridgeResponseChannel(sessionId, requestId) {
-  return `bridge:${sessionId}:response:${requestId}`;
+function relayResponseChannel(sessionId, requestId) {
+  return `relay:${sessionId}:response:${requestId}`;
 }
 function sessionExpiryTimestamp() {
   return Date.now() + DEFAULT_SESSION_TTL_MS;
@@ -98,15 +331,15 @@ function parseSessionRecord(raw) {
   try {
     parsed = JSON.parse(raw);
   } catch {
-    throw createBridgeError(
+    throw createRelayError(
       "INTERNAL",
-      "Bridge session payload in Redis is malformed."
+      "Relay session payload in Redis is malformed."
     );
   }
   if (!parsed || typeof parsed !== "object" || !("token" in parsed) || !("expiresAt" in parsed) || typeof parsed.token !== "string" || typeof parsed.expiresAt !== "number") {
-    throw createBridgeError(
+    throw createRelayError(
       "INTERNAL",
-      "Bridge session payload in Redis is invalid."
+      "Relay session payload in Redis is invalid."
     );
   }
   return {
@@ -118,26 +351,26 @@ function toRequestType(value) {
   if (value === "snapshot_request" || value === "execute_request") {
     return value;
   }
-  throw createBridgeError(
+  throw createRelayError(
     "INTERNAL",
     `Stored request type is invalid: ${value}`
   );
 }
-function parseStoredBridgeResponse(raw) {
+function parseStoredRelayResponse(raw) {
   let decoded = null;
   try {
     decoded = JSON.parse(raw);
   } catch {
-    throw createBridgeError(
+    throw createRelayError(
       "INVALID_RESPONSE",
-      "Bridge response payload in Redis is malformed."
+      "Relay response payload in Redis is malformed."
     );
   }
-  const parsed = bridgeResponseSchema.safeParse(decoded);
+  const parsed = relayResponseSchema.safeParse(decoded);
   if (!parsed.success) {
-    throw createBridgeError(
+    throw createRelayError(
       "INVALID_RESPONSE",
-      "Bridge response payload in Redis is invalid."
+      "Relay response payload in Redis is invalid."
     );
   }
   return parsed.data;
@@ -157,16 +390,16 @@ async function getAuthorizedSession(sessionId, token) {
   const redis = getRedisClient();
   const raw = await redis.get(sessionKey(sessionId));
   if (!raw) {
-    throw createBridgeError(
+    throw createRelayError(
       "UNAUTHORIZED",
-      "Invalid bridge session credentials."
+      "Invalid relay session credentials."
     );
   }
   const session = parseSessionRecord(raw);
   if (session.token !== token) {
-    throw createBridgeError(
+    throw createRelayError(
       "UNAUTHORIZED",
-      "Invalid bridge session credentials."
+      "Invalid relay session credentials."
     );
   }
   const expiresAt = await touchSession(sessionId, token);
@@ -177,13 +410,13 @@ async function getAuthorizedSession(sessionId, token) {
 }
 function validateResponseType(requestType, responseType) {
   if (requestType === "snapshot_request" && responseType !== "snapshot_response") {
-    throw createBridgeError(
+    throw createRelayError(
       "INVALID_RESPONSE",
       `Expected snapshot_response, but received ${responseType}.`
     );
   }
   if (requestType === "execute_request" && responseType !== "execute_response") {
-    throw createBridgeError(
+    throw createRelayError(
       "INVALID_RESPONSE",
       `Expected execute_response, but received ${responseType}.`
     );
@@ -193,13 +426,13 @@ async function ensureBrowserConnected(sessionId) {
   const redis = getRedisClient();
   const isConnected = await redis.exists(browserPresenceKey(sessionId));
   if (isConnected === 0) {
-    throw createBridgeError(
+    throw createRelayError(
       "NO_BROWSER",
-      "No browser client is connected to this bridge session."
+      "No browser client is connected to this relay session."
     );
   }
 }
-async function waitForBridgeResponseSignal(input) {
+async function waitForRelayResponseSignal(input) {
   await new Promise((resolve, reject) => {
     let settled = false;
     const onMessage = (channel) => {
@@ -218,7 +451,7 @@ async function waitForBridgeResponseSignal(input) {
       cleanup();
       const message = error instanceof Error ? error.message : "Unknown Redis subscriber error.";
       reject(
-        createBridgeError(
+        createRelayError(
           "INTERNAL",
           `Redis subscriber failed while waiting for response. ${message}`
         )
@@ -231,9 +464,9 @@ async function waitForBridgeResponseSignal(input) {
       settled = true;
       cleanup();
       reject(
-        createBridgeError(
+        createRelayError(
           "TIMEOUT",
-          "Timed out waiting for browser bridge response."
+          "Timed out waiting for browser relay response."
         )
       );
     };
@@ -251,21 +484,21 @@ async function waitForBridgeResponseSignal(input) {
       }
       settled = true;
       cleanup();
-      if (error instanceof BridgeBrokerError) {
+      if (error instanceof RelayStoreError) {
         reject(error);
         return;
       }
       const message = error instanceof Error ? error.message : "Unknown Redis publish error.";
       reject(
-        createBridgeError(
+        createRelayError(
           "INTERNAL",
-          `Failed to publish bridge request. ${message}`
+          `Failed to publish relay request. ${message}`
         )
       );
     });
   });
 }
-async function storeBridgeResponse(input) {
+async function storeRelayResponse(input) {
   const redis = getRedisClient();
   await redis.multi().set(
     responseKey(input.sessionId, input.requestId),
@@ -273,11 +506,11 @@ async function storeBridgeResponse(input) {
     "EX",
     DEFAULT_REQUEST_TTL_SEC
   ).del(requestTypeKey(input.sessionId, input.requestId)).publish(
-    bridgeResponseChannel(input.sessionId, input.requestId),
+    relayResponseChannel(input.sessionId, input.requestId),
     input.requestId
   ).exec();
 }
-async function createBridgeSession() {
+async function createRelaySession() {
   const sessionId = randomUUID();
   const token = `${randomUUID()}-${randomUUID()}`;
   const expiresAt = sessionExpiryTimestamp();
@@ -297,10 +530,10 @@ async function createBridgeSession() {
     expiresAt
   };
 }
-async function assertBridgeSession(sessionId, token) {
+async function assertRelaySession(sessionId, token) {
   await getAuthorizedSession(sessionId, token);
 }
-async function markBridgeBrowserConnected(sessionId, token) {
+async function markBrowserConnected(sessionId, token) {
   await getAuthorizedSession(sessionId, token);
   const redis = getRedisClient();
   await redis.set(
@@ -310,7 +543,7 @@ async function markBridgeBrowserConnected(sessionId, token) {
     BROWSER_PRESENCE_TTL_SEC
   );
 }
-async function touchBridgeBrowserConnected(sessionId) {
+async function touchBrowserConnected(sessionId) {
   const redis = getRedisClient();
   await redis.set(
     browserPresenceKey(sessionId),
@@ -319,7 +552,7 @@ async function touchBridgeBrowserConnected(sessionId) {
     BROWSER_PRESENCE_TTL_SEC
   );
 }
-async function dispatchBridgeRequest(input) {
+async function dispatchRelayRequest(input) {
   await getAuthorizedSession(input.sessionId, input.token);
   await ensureBrowserConnected(input.sessionId);
   const redis = getRedisClient();
@@ -327,11 +560,8 @@ async function dispatchBridgeRequest(input) {
   const requestId = input.request.requestId;
   const requestTypeStateKey = requestTypeKey(input.sessionId, requestId);
   const storedResponseKey = responseKey(input.sessionId, requestId);
-  const responseEventChannel = bridgeResponseChannel(
-    input.sessionId,
-    requestId
-  );
-  const subscriber = createBridgeSubscriber();
+  const responseEventChannel = relayResponseChannel(input.sessionId, requestId);
+  const subscriber = createRelaySubscriber();
   const setPending = await redis.set(
     requestTypeStateKey,
     input.request.type,
@@ -340,7 +570,7 @@ async function dispatchBridgeRequest(input) {
     "NX"
   );
   if (setPending !== "OK") {
-    throw createBridgeError(
+    throw createRelayError(
       "INVALID_RESPONSE",
       `Request id is already pending: ${requestId}`
     );
@@ -348,27 +578,27 @@ async function dispatchBridgeRequest(input) {
   try {
     await redis.del(storedResponseKey);
     await subscriber.subscribe(responseEventChannel);
-    await waitForBridgeResponseSignal({
+    await waitForRelayResponseSignal({
       subscriber,
       channel: responseEventChannel,
       timeoutMs,
       trigger: async () => {
         await redis.publish(
-          bridgeRequestChannel(input.sessionId),
+          relayRequestChannel(input.sessionId),
           JSON.stringify(input.request)
         );
       }
     });
     const storedResponse = await redis.get(storedResponseKey);
     if (!storedResponse) {
-      throw createBridgeError(
+      throw createRelayError(
         "TIMEOUT",
-        "Bridge response notification was received without payload."
+        "Relay response notification was received without payload."
       );
     }
-    const parsedResponse = parseStoredBridgeResponse(storedResponse);
+    const parsedResponse = parseStoredRelayResponse(storedResponse);
     if (parsedResponse.type === "error_response") {
-      throw createBridgeError("INVALID_RESPONSE", parsedResponse.message);
+      throw createRelayError("INVALID_RESPONSE", parsedResponse.message);
     }
     validateResponseType(input.request.type, parsedResponse.type);
     return parsedResponse;
@@ -383,21 +613,21 @@ async function dispatchBridgeRequest(input) {
     });
   }
 }
-async function resolveBridgeResponse(input) {
+async function resolveRelayResponse(input) {
   await getAuthorizedSession(input.sessionId, input.token);
   const redis = getRedisClient();
   const requestId = input.response.requestId;
   const requestTypeStateKey = requestTypeKey(input.sessionId, requestId);
   const expectedRequestTypeRaw = await redis.get(requestTypeStateKey);
   if (!expectedRequestTypeRaw) {
-    throw createBridgeError(
+    throw createRelayError(
       "NOT_FOUND",
       `Pending request was not found: ${requestId}`
     );
   }
   const expectedRequestType = toRequestType(expectedRequestTypeRaw);
   if (input.response.type === "error_response") {
-    await storeBridgeResponse({
+    await storeRelayResponse({
       sessionId: input.sessionId,
       requestId,
       response: input.response
@@ -407,63 +637,58 @@ async function resolveBridgeResponse(input) {
   try {
     validateResponseType(expectedRequestType, input.response.type);
   } catch (error) {
-    const bridgeError = error instanceof BridgeBrokerError ? error : createBridgeError(
+    const relayError = error instanceof RelayStoreError ? error : createRelayError(
       "INVALID_RESPONSE",
-      "Unexpected bridge response type."
+      "Unexpected relay response type."
     );
-    await storeBridgeResponse({
+    await storeRelayResponse({
       sessionId: input.sessionId,
       requestId,
       response: {
         type: "error_response",
         requestId,
-        message: bridgeError.message
+        message: relayError.message
       }
     });
-    throw bridgeError;
+    throw relayError;
   }
-  await storeBridgeResponse({
+  await storeRelayResponse({
     sessionId: input.sessionId,
     requestId,
     response: input.response
   });
 }
-function toBridgeError(error) {
-  if (error instanceof BridgeBrokerError) {
+function toRelayError(error) {
+  if (error instanceof RelayStoreError) {
     return error;
   }
-  const message = error instanceof Error ? error.message : "Unexpected bridge failure.";
-  return createBridgeError("INTERNAL", message);
+  const message = error instanceof Error ? error.message : "Unexpected relay failure.";
+  return createRelayError("INTERNAL", message);
 }
-// src/bridge-handler.ts
-import {
-  bridgeRequestSchema,
-  bridgeResponseSchema as bridgeResponseSchema2
-} from "@giselles-ai/browser-tool";
-import { z } from "zod";
-var LOG_PREFIX = "[bridge-handler]";
-var dispatchSchema = z.object({
-  type: z.literal("bridge.dispatch"),
-  sessionId: z.string().min(1),
-  token: z.string().min(1),
-  request: bridgeRequestSchema,
-  timeoutMs: z.number().int().positive().max(55e3).optional()
+// src/relay-handler.ts
+var LOG_PREFIX = "[relay-handler]";
+var dispatchSchema = z2.object({
+  type: z2.literal("relay.dispatch"),
+  sessionId: z2.string().min(1),
+  token: z2.string().min(1),
+  request: relayRequestSchema,
+  timeoutMs: z2.number().int().positive().max(55e3).optional()
 });
-var respondSchema = z.object({
-  type: z.literal("bridge.respond"),
-  sessionId: z.string().min(1),
-  token: z.string().min(1),
-  response: bridgeResponseSchema2
+var respondSchema = z2.object({
+  type: z2.literal("relay.respond"),
+  sessionId: z2.string().min(1),
+  token: z2.string().min(1),
+  response: relayResponseSchema2
 });
-var postBodySchema = z.discriminatedUnion("type", [
+var postBodySchema = z2.discriminatedUnion("type", [
   dispatchSchema,
   respondSchema
 ]);
 function createSafeError(code, message, status) {
   return Response.json({ ok: false, errorCode: code, message }, { status });
 }
-function createBridgeEventsRoute(request) {
+function createRelayEventsRoute(request) {
   const url = new URL(request.url);
   const sessionId = url.searchParams.get("sessionId") ?? "";
   const token = url.searchParams.get("token") ?? "";
@@ -480,12 +705,12 @@ function createBridgeEventsRoute(request) {
   }
   let cleanup = null;
   const encoder = new TextEncoder();
-  return assertBridgeSession(sessionId, token).then(() => {
+  return assertRelaySession(sessionId, token).then(() => {
     console.info(`${LOG_PREFIX} sse.connect`, { sessionId });
-    const requestChannel = bridgeRequestChannel(sessionId);
+    const requestChannel = relayRequestChannel(sessionId);
     const stream = new ReadableStream({
       start(controller) {
-        const subscriber = createBridgeSubscriber();
+        const subscriber = createRelaySubscriber();
         let keepaliveId = null;
         let closed = false;
         let nextEventId = 0;
@@ -567,20 +792,18 @@ data: ${rawJson}
         void (async () => {
           try {
             await subscriber.subscribe(requestChannel);
-            await markBridgeBrowserConnected(sessionId, token);
+            await markBrowserConnected(sessionId, token);
             console.info(`${LOG_PREFIX} sse.ready`, { sessionId });
             sendSseData({ type: "ready", sessionId });
             keepaliveId = setInterval(() => {
-              void touchBridgeBrowserConnected(sessionId).catch(
-                () => void 0
-              );
+              void touchBrowserConnected(sessionId).catch(() => void 0);
               try {
                 sendSseComment("keepalive");
               } catch {
                 void cleanup?.();
                 closeController();
               }
-            }, BRIDGE_SSE_KEEPALIVE_INTERVAL_MS);
+            }, RELAY_SSE_KEEPALIVE_INTERVAL_MS);
           } catch (error) {
             if (closed) {
               return;
@@ -608,25 +831,25 @@ data: ${rawJson}
       sessionId,
       error: error instanceof Error ? error.message : String(error)
     });
-    const bridgeError = toBridgeError(error);
+    const relayError = toRelayError(error);
     return Response.json(
       {
-        errorCode: bridgeError.code,
-        message: bridgeError.message
+        errorCode: relayError.code,
+        message: relayError.message
       },
-      { status: bridgeError.status }
+      { status: relayError.status }
     );
   });
 }
-async function createBridgePostRoute(request) {
+async function createRelayPostRoute(request) {
   const payload = await request.json().catch(() => null);
   const parsed = postBodySchema.safeParse(payload);
   if (!parsed.success) {
     return createSafeError("INVALID_RESPONSE", "Invalid request payload.", 400);
   }
-  if (parsed.data.type === "bridge.dispatch") {
+  if (parsed.data.type === "relay.dispatch") {
     try {
-      const response = await dispatchBridgeRequest({
+      const response = await dispatchRelayRequest({
         sessionId: parsed.data.sessionId,
         token: parsed.data.token,
         request: parsed.data.request,
@@ -634,273 +857,47 @@ async function createBridgePostRoute(request) {
       });
       return Response.json({ ok: true, response });
     } catch (error) {
-      const bridgeError = toBridgeError(error);
+      const relayError = toRelayError(error);
       return createSafeError(
-        bridgeError.code,
-        bridgeError.message,
-        bridgeError.status
+        relayError.code,
+        relayError.message,
+        relayError.status
       );
     }
   }
   try {
-    await resolveBridgeResponse({
+    await resolveRelayResponse({
       sessionId: parsed.data.sessionId,
       token: parsed.data.token,
       response: parsed.data.response
     });
     return Response.json({ ok: true });
   } catch (error) {
-    const bridgeError = toBridgeError(error);
+    const relayError = toRelayError(error);
     return createSafeError(
-      bridgeError.code,
-      bridgeError.message,
-      bridgeError.status
+      relayError.code,
+      relayError.message,
+      relayError.status
     );
   }
 }
-function createBridgeHandler() {
+function createRelayHandler() {
   return {
-    GET: async (request) => createBridgeEventsRoute(request),
-    POST: createBridgePostRoute
-  };
-}
-// src/chat-handler.ts
-import { Writable } from "stream";
-import { Sandbox } from "@vercel/sandbox";
-import { z as z2 } from "zod";
-var GEMINI_SETTINGS_PATH = "/home/vercel-sandbox/.gemini/settings.json";
-var requestSchema = z2.object({
-  message: z2.string().min(1),
-  session_id: z2.string().min(1).optional(),
-  sandbox_id: z2.string().min(1).optional(),
-  bridge_session_id: z2.string().min(1),
-  bridge_token: z2.string().min(1)
-});
-function requiredEnv(name) {
-  const value = process.env[name]?.trim();
-  if (!value) {
-    throw new Error(`Missing required environment variable: ${name}`);
-  }
-  return value;
-}
-function extractTokenFromRequest(request) {
-  const oidcToken = request.headers.get("x-vercel-oidc-token")?.trim();
-  if (oidcToken) {
-    return oidcToken;
-  }
-  const authorization = request.headers.get("authorization")?.trim();
-  if (!authorization) {
-    return void 0;
-  }
-  if (/^bearer\s+/i.test(authorization)) {
-    return authorization.replace(/^bearer\s+/i, "").trim();
-  }
-  return authorization;
-}
-function buildMcpEnv(input) {
-  const env = {
-    BROWSER_TOOL_BRIDGE_BASE_URL: input.bridgeBaseUrl,
-    BROWSER_TOOL_BRIDGE_SESSION_ID: input.bridgeSessionId,
-    BROWSER_TOOL_BRIDGE_TOKEN: input.bridgeToken
-  };
-  if (input.oidcToken) {
-    env.VERCEL_OIDC_TOKEN = input.oidcToken;
-  }
-  if (input.vercelProtectionBypass?.trim()) {
-    env.VERCEL_PROTECTION_BYPASS = input.vercelProtectionBypass.trim();
-  }
-  if (input.giselleProtectionBypass?.trim()) {
-    env.GISELLE_PROTECTION_BYPASS = input.giselleProtectionBypass.trim();
-  }
-  return env;
-}
-async function patchGeminiSettingsEnv(sandbox, mcpEnv) {
-  const buffer = await sandbox.readFileToBuffer({
-    path: GEMINI_SETTINGS_PATH
-  });
-  if (!buffer) {
-    throw new Error(
-      `Gemini settings not found in sandbox at ${GEMINI_SETTINGS_PATH}. Ensure the snapshot contains a pre-configured settings.json.`
-    );
-  }
-  const settings = JSON.parse(new TextDecoder().decode(buffer));
-  if (settings.mcpServers) {
-    settings.mcpServers = Object.fromEntries(
-      Object.entries(settings.mcpServers).map(([key, server]) => [
-        key,
-        { ...server, env: { ...server.env, ...mcpEnv } }
-      ])
-    );
-  }
-  await sandbox.writeFiles([
-    {
-      path: GEMINI_SETTINGS_PATH,
-      content: Buffer.from(JSON.stringify(settings, null, 2))
-    }
-  ]);
-}
-function emitText(controller, text, encoder) {
-  if (text.length === 0) {
-    return;
-  }
-  controller.enqueue(encoder.encode(text));
-}
-function emitEvent(controller, payload, encoder) {
-  emitText(controller, `${JSON.stringify(payload)}
-`, encoder);
-}
-function createGeminiChatHandler(_options = {}) {
-  const requestParser = requestSchema;
-  return async function POST(request) {
-    const payload = await request.json().catch(() => null);
-    const parsed = requestParser.safeParse(payload);
-    if (!parsed.success) {
-      return Response.json(
-        {
-          error: "Invalid request payload.",
-          detail: parsed.error.flatten()
-        },
-        { status: 400 }
-      );
-    }
-    const stream = new ReadableStream({
-      start(controller) {
-        const encoder = new TextEncoder();
-        const abortController = new AbortController();
-        let closed = false;
-        const close = () => {
-          if (closed) {
-            return;
-          }
-          closed = true;
-          try {
-            controller.close();
-          } catch {
-          }
-        };
-        const onAbort = () => {
-          if (!abortController.signal.aborted) {
-            abortController.abort();
-          }
-          close();
-        };
-        if (request.signal.aborted) {
-          onAbort();
-          return;
-        }
-        request.signal.addEventListener("abort", onAbort);
-        const enqueueEvent = (payload2) => {
-          if (closed) {
-            return;
-          }
-          emitEvent(controller, payload2, encoder);
-        };
-        const enqueueStdout = (text) => {
-          if (closed) {
-            return;
-          }
-          emitText(controller, text, encoder);
-        };
-        (async () => {
-          const geminiApiKey = requiredEnv("GEMINI_API_KEY");
-          const sandboxSnapshotId = requiredEnv("SANDBOX_SNAPSHOT_ID");
-          const oidcToken = extractTokenFromRequest(request) ?? process.env.VERCEL_OIDC_TOKEN ?? "";
-          if (!oidcToken) {
-            throw new Error(
-              "Planner authentication is required: set OIDC token in x-vercel-oidc-token or VERCEL_OIDC_TOKEN."
-            );
-          }
-          const vercelProtectionBypass = process.env.VERCEL_PROTECTION_BYPASS?.trim() || void 0;
-          const giselleProtectionBypass = process.env.GISELLE_PROTECTION_PASSWORD?.trim() || void 0;
-          const bridgeBaseUrl = process.env.BROWSER_TOOL_BRIDGE_BASE_URL?.trim() || new URL(request.url).origin;
-          const {
-            message,
-            session_id: sessionId,
-            sandbox_id: sandboxId,
-            bridge_session_id: bridgeSessionId,
-            bridge_token: bridgeToken
-          } = parsed.data;
-          const sandbox = sandboxId ? await Sandbox.get({ sandboxId }) : await Sandbox.create({
-            source: {
-              type: "snapshot",
-              snapshotId: sandboxSnapshotId
-            }
-          });
-          enqueueEvent({ type: "sandbox", sandbox_id: sandbox.sandboxId });
-          const mcpEnv = buildMcpEnv({
-            bridgeBaseUrl,
-            bridgeSessionId,
-            bridgeToken,
-            oidcToken,
-            vercelProtectionBypass,
-            giselleProtectionBypass
-          });
-          await patchGeminiSettingsEnv(sandbox, mcpEnv);
-          const args = [
-            "--prompt",
-            message,
-            "--output-format",
-            "stream-json",
-            "--approval-mode",
-            "yolo"
-          ];
-          if (sessionId) {
-            args.push("--resume", sessionId);
-          }
-          await sandbox.runCommand({
-            cmd: "gemini",
-            args,
-            env: {
-              GEMINI_API_KEY: geminiApiKey
-            },
-            stdout: new Writable({
-              write(chunk, _encoding, callback) {
-                const text = typeof chunk === "string" ? chunk : chunk.toString("utf8");
-                enqueueStdout(text);
-                callback();
-              }
-            }),
-            stderr: new Writable({
-              write(chunk, _encoding, callback) {
-                const text = typeof chunk === "string" ? chunk : chunk.toString("utf8");
-                enqueueEvent({ type: "stderr", content: text });
-                callback();
-              }
-            }),
-            signal: abortController.signal
-          });
-        })().catch((error) => {
-          if (abortController.signal.aborted) {
-            return;
-          }
-          const message = error instanceof Error ? error.message : String(error);
-          enqueueEvent({ type: "stderr", content: `[error] ${message}` });
-        }).finally(() => {
-          request.signal.removeEventListener("abort", onAbort);
-          close();
-        });
-      }
-    });
-    return new Response(stream, {
-      headers: {
-        "Content-Type": "application/x-ndjson; charset=utf-8",
-        "Cache-Control": "no-cache, no-transform"
-      }
-    });
+    GET: async (request) => createRelayEventsRoute(request),
+    POST: createRelayPostRoute
   };
 }
 export {
-  BRIDGE_SSE_KEEPALIVE_INTERVAL_MS,
-  assertBridgeSession,
-  bridgeRequestChannel,
-  createBridgeHandler,
-  createBridgeSession,
-  createBridgeSubscriber,
+  RELAY_SSE_KEEPALIVE_INTERVAL_MS,
+  assertRelaySession,
   createGeminiChatHandler,
-  dispatchBridgeRequest,
-  markBridgeBrowserConnected,
-  resolveBridgeResponse,
-  toBridgeError,
-  touchBridgeBrowserConnected
+  createRelayHandler,
+  createRelaySession,
+  createRelaySubscriber,
+  dispatchRelayRequest,
+  markBrowserConnected,
+  relayRequestChannel,
+  resolveRelayResponse,
+  toRelayError,
+  touchBrowserConnected
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@giselles-ai/sandbox-agent-core",
-	"version": "0.1.2",
+	"version": "0.1.4",
 	"type": "module",
 	"sideEffects": false,
 	"license": "Apache-2.0",
@@ -26,7 +26,7 @@
 		"format": "pnpm exec biome check --write ."
 	},
 	"dependencies": {
-		"@giselles-ai/browser-tool": "0.1.2",
+		"@giselles-ai/browser-tool": "0.1.4",
 		"@vercel/sandbox": "^1.0.0",
 		"ioredis": "^5.9.2",
 		"zod": "4.3.6"