@mastra/daytona 0.3.0 → 0.4.0-alpha.0

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 export { DaytonaSandbox, type DaytonaSandboxOptions } from './sandbox/index.js';
 export { DaytonaProcessManager } from './sandbox/process-manager.js';
 export { type DaytonaResources } from './sandbox/types.js';
-export type { DaytonaMountConfig, DaytonaS3MountConfig, DaytonaGCSMountConfig } from './sandbox/mounts/index.js';
+export type { DaytonaMountConfig, DaytonaS3MountConfig, DaytonaGCSMountConfig, DaytonaAzureBlobMountConfig, } from './sandbox/mounts/index.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,MAAM,WAAW,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxD,YAAY,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,MAAM,WAAW,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxD,YAAY,EACV,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,EACrB,2BAA2B,GAC5B,MAAM,kBAAkB,CAAC"}

package/dist/index.js

@@ -266,6 +266,250 @@ Sandbox network response: ${checkOutput}` : "")
     throw new Error(`Failed to mount GCS bucket: ${result.stderr || result.stdout}`);
   }
 }
+var SAFE_CONTAINER_NAME = /^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$/;
+var BLOBFUSE2_GITHUB_DEB = "https://github.com/Azure/azure-storage-fuse/releases/download/blobfuse2-2.5.1/blobfuse2-2.5.1-Ubuntu-22.04.x86_64.deb";
+function validateContainerName(name) {
+  if (!SAFE_CONTAINER_NAME.test(name) || name.includes("--")) {
+    throw new Error(
+      `Invalid Azure container name: "${name}". Container names must be 3-63 lowercase alphanumeric characters or hyphens, with no consecutive hyphens.`
+    );
+  }
+}
+function parseConnectionString(cs) {
+  const out = {};
+  for (const part of cs.split(";")) {
+    const eq = part.indexOf("=");
+    if (eq === -1) continue;
+    const key = part.slice(0, eq).trim();
+    const value = part.slice(eq + 1).trim();
+    if (!value) continue;
+    if (key === "AccountName") out.accountName = value;
+    else if (key === "AccountKey") out.accountKey = value;
+    else if (key === "SharedAccessSignature") out.sasToken = value;
+    else if (key === "BlobEndpoint") out.endpoint = value;
+    else if (key === "EndpointSuffix") out.endpointSuffix = value;
+    else if (key === "DefaultEndpointsProtocol") out.protocol = value;
+  }
+  if (!out.endpoint && out.accountName) {
+    out.endpoint = `${out.protocol || "https"}://${out.accountName}.blob.${out.endpointSuffix || "core.windows.net"}`;
+  }
+  return out;
+}
+function yamlString(value) {
+  return `"${value.replace(/\\/g, "\\\\").replace(/"/g, '\\"')}"`;
+}
+function parseOsRelease(output) {
+  const values = {};
+  for (const line of output.split("\n")) {
+    const eq = line.indexOf("=");
+    if (eq === -1) continue;
+    const key = line.slice(0, eq);
+    const value = line.slice(eq + 1).trim().replace(/^"|"$/g, "");
+    values[key] = value;
+  }
+  return values;
+}
+function resolveMicrosoftAptRepos(osReleaseOutput) {
+  const osRelease = parseOsRelease(osReleaseOutput);
+  const distroId = osRelease.ID || "ubuntu";
+  const codename = osRelease.VERSION_CODENAME || (distroId === "debian" ? "bookworm" : "jammy");
+  const versionId = osRelease.VERSION_ID || (distroId === "debian" ? "12" : "22.04");
+  if (!/^[a-z0-9][a-z0-9-]*$/.test(codename)) {
+    throw new Error(`Invalid distro codename for blobfuse2 repo: "${codename}"`);
+  }
+  if (!/^\d+(?:\.\d+)?$/.test(versionId)) {
+    throw new Error(`Invalid distro version for blobfuse2 repo: "${versionId}"`);
+  }
+  if (distroId === "debian") {
+    const repos = [
+      { repoUrl: `https://packages.microsoft.com/debian/${versionId.split(".")[0]}/prod`, suite: codename }
+    ];
+    if (versionId.split(".")[0] !== "12" || codename !== "bookworm") {
+      repos.push({ repoUrl: "https://packages.microsoft.com/debian/12/prod", suite: "bookworm" });
+    }
+    return repos;
+  }
+  if (distroId === "ubuntu") {
+    const repos = [{ repoUrl: `https://packages.microsoft.com/ubuntu/${versionId}/prod`, suite: codename }];
+    if (versionId !== "24.04" || codename !== "noble") {
+      repos.push({ repoUrl: "https://packages.microsoft.com/ubuntu/24.04/prod", suite: "noble" });
+    }
+    if (versionId !== "22.04" || codename !== "jammy") {
+      repos.push({ repoUrl: "https://packages.microsoft.com/ubuntu/22.04/prod", suite: "jammy" });
+    }
+    return repos;
+  }
+  throw new Error(`Unsupported distro for blobfuse2 runtime installation: "${distroId}"`);
+}
+function resolveAuth(config) {
+  let accountName = config.accountName;
+  let accountKey = config.accountKey;
+  let sasToken = config.sasToken;
+  let endpoint = config.endpoint;
+  if (config.connectionString) {
+    const parsed = parseConnectionString(config.connectionString);
+    accountName = accountName ?? parsed.accountName;
+    accountKey = accountKey ?? parsed.accountKey;
+    sasToken = sasToken ?? parsed.sasToken;
+    endpoint = endpoint ?? parsed.endpoint;
+  }
+  let mode;
+  if (config.useDefaultCredential) {
+    mode = "msi";
+  } else if (sasToken) {
+    mode = "sas";
+  } else if (accountKey) {
+    mode = "key";
+  } else {
+    throw new Error(
+      "Azure Blob mount requires credentials: provide connectionString, accountKey + accountName, sasToken + accountName, or useDefaultCredential."
+    );
+  }
+  if (!accountName) {
+    throw new Error("Azure Blob mount requires an accountName (either explicitly or via connectionString).");
+  }
+  if (endpoint) {
+    validateEndpoint(endpoint);
+  }
+  return { mode, accountName, accountKey, sasToken, endpoint };
+}
+function buildBlobfuseConfig(container, auth, cachePath, readOnly) {
+  const lines = [
+    "allow-other: true",
+    "foreground: false",
+    `read-only: ${readOnly ? "true" : "false"}`,
+    "logging:",
+    "  type: silent",
+    "components:",
+    "  - libfuse",
+    "  - file_cache",
+    "  - attr_cache",
+    "  - azstorage",
+    "libfuse:",
+    "  attribute-expiration-sec: 240",
+    "  entry-expiration-sec: 240",
+    "  negative-entry-expiration-sec: 120",
+    "file_cache:",
+    `  path: ${yamlString(cachePath)}`,
+    "  timeout-sec: 120",
+    "attr_cache:",
+    "  timeout-sec: 7200",
+    "azstorage:",
+    `  mode: ${auth.mode}`,
+    `  account-name: ${yamlString(auth.accountName)}`,
+    `  container: ${yamlString(container)}`
+  ];
+  if (auth.mode === "key" && auth.accountKey) {
+    lines.push(`  account-key: ${yamlString(auth.accountKey)}`);
+  } else if (auth.mode === "sas" && auth.sasToken) {
+    lines.push(`  sas: ${yamlString(auth.sasToken)}`);
+  }
+  if (auth.endpoint) {
+    lines.push(`  endpoint: ${yamlString(auth.endpoint.replace(/\/$/, ""))}`);
+  }
+  return lines.join("\n") + "\n";
+}
+async function mountAzure(mountPath, config, ctx) {
+  const { run, writeFile, logger } = ctx;
+  validateContainerName(config.container);
+  const auth = resolveAuth(config);
+  const prefix = config.prefix ? validatePrefix(config.prefix) : void 0;
+  const quotedMountPath = shellQuote(mountPath);
+  const curlCheck = await run('which curl 2>/dev/null || echo "not found"', 3e4);
+  if (curlCheck.stdout.includes("not found")) {
+    const curlInstall = await run("sudo apt-get update -qq 2>&1 && sudo apt-get install -y curl 2>&1", 12e4);
+    if (curlInstall.exitCode !== 0) {
+      throw new Error(
+        `Failed to install curl for Azure Blob reachability check: ${curlInstall.stderr || curlInstall.stdout}`
+      );
+    }
+  }
+  const probeUrl = auth.endpoint ? auth.endpoint.replace(/\/$/, "") : `https://${auth.accountName}.blob.core.windows.net`;
+  const connectivityCheck = await run(`curl -sS --max-time 5 ${shellQuote(probeUrl)} 2>&1`, 1e4);
+  const checkOutput = connectivityCheck.stdout.trim();
+  if (connectivityCheck.exitCode !== 0 || checkOutput.toLowerCase().includes("restricted") || checkOutput.toLowerCase().includes("blocked")) {
+    throw new Error(
+      `Cannot reach ${probeUrl} from this sandbox. Azure Blob mounting requires network access to the storage endpoint, which may be blocked on Daytona's restricted tiers. Upgrade to a tier with unrestricted internet access, or contact Daytona support to remove the network restriction.` + (checkOutput ? `
+
+Sandbox network response: ${checkOutput}` : "")
+    );
+  }
+  const checkResult = await run('which blobfuse2 2>/dev/null || echo "not found"', 3e4);
+  if (checkResult.stdout.includes("not found")) {
+    logger.warn(`${LOG_PREFIX} blobfuse2 not found, attempting runtime installation...`);
+    logger.info(`${LOG_PREFIX} Tip: For faster startup, pre-install blobfuse2 in your sandbox image`);
+    await run("sudo apt-get update -qq 2>&1", 6e4);
+    const prepResult = await run("sudo apt-get install -y curl gnupg 2>&1", 12e4);
+    if (prepResult.exitCode !== 0) {
+      throw new Error(
+        `Failed to install blobfuse2 prerequisites (curl, gnupg): ${prepResult.stderr || prepResult.stdout}`
+      );
+    }
+    const osReleaseResult = await run("cat /etc/os-release 2>/dev/null || true", 3e4);
+    const repos = resolveMicrosoftAptRepos(osReleaseResult.stdout);
+    const repoSetup = await run(
+      "sudo mkdir -p /etc/apt/keyrings && curl --retry 3 --retry-all-errors --retry-delay 2 -fsSL https://packages.microsoft.com/keys/microsoft.asc -o /tmp/ms-key.asc && sudo gpg --batch --yes --dearmor -o /etc/apt/keyrings/microsoft.gpg /tmp/ms-key.asc",
+      3e4
+    );
+    let installResult;
+    if (repoSetup.exitCode === 0) {
+      for (const { repoUrl, suite } of repos) {
+        await run(
+          `echo "deb [signed-by=/etc/apt/keyrings/microsoft.gpg] ${repoUrl} ${suite} main" | sudo tee /etc/apt/sources.list.d/microsoft-prod.list`,
+          3e4
+        );
+        await run("sudo apt-get update -qq 2>&1 || true", 6e4);
+        installResult = await run("sudo apt-get install -y blobfuse2 fuse3 2>&1", 12e4);
+        if (installResult.exitCode === 0) break;
+        logger.warn(`${LOG_PREFIX} blobfuse2 install failed for ${repoUrl} ${suite}, trying fallback if available`);
+      }
+    } else {
+      logger.warn(`${LOG_PREFIX} Failed to set up Microsoft apt repository, trying GitHub release fallback`);
+    }
+    let verifyResult = await run("which blobfuse2 && blobfuse2 --version", 3e4);
+    if (verifyResult.exitCode !== 0) {
+      installResult = await run(
+        `sudo apt-get update -qq 2>&1 || true && sudo apt-get install -y fuse3 ca-certificates curl 2>&1 && curl -L --retry 3 --retry-all-errors --retry-delay 2 -fSLo /tmp/blobfuse2.deb ${BLOBFUSE2_GITHUB_DEB} && sudo dpkg -i /tmp/blobfuse2.deb 2>&1 && sudo bash -c 'lib=$(find /usr/lib -name "libfuse3.so.3.*" | head -1); [ -z "$lib" ] || ln -sf "$lib" /usr/lib/x86_64-linux-gnu/libfuse3.so.3'`,
+        18e4
+      );
+      verifyResult = await run("which blobfuse2 && blobfuse2 --version", 3e4);
+    }
+    if (!installResult || verifyResult.exitCode !== 0) {
+      throw new Error(
+        `Failed to install blobfuse2: ${verifyResult.stderr || verifyResult.stdout || installResult?.stderr || installResult?.stdout || "unknown error"}`
+      );
+    }
+  }
+  const idResult = await run("id -u && id -g", 3e4);
+  const [uid, gid] = idResult.stdout.trim().split("\n");
+  const validUidGid = uid && gid && /^\d+$/.test(uid) && /^\d+$/.test(gid);
+  await run(
+    `sudo chmod a+rw /dev/fuse 2>/dev/null || true; sudo bash -c 'grep -q "^user_allow_other" /etc/fuse.conf 2>/dev/null || echo "user_allow_other" >> /etc/fuse.conf' 2>/dev/null || true`
+  );
+  const mountHash = createHash("md5").update(mountPath).digest("hex").slice(0, 8);
+  const configPath = `/tmp/.blobfuse2-config-${mountHash}.yaml`;
+  const cachePath = `/tmp/blobfuse2-cache-${mountHash}`;
+  const yaml = buildBlobfuseConfig(config.container, auth, cachePath, !!config.readOnly);
+  await run(`sudo rm -f ${shellQuote(configPath)}`, 3e4);
+  await writeFile(configPath, yaml);
+  await run(`chmod 600 ${shellQuote(configPath)}`, 3e4);
+  await run(`sudo rm -rf ${shellQuote(cachePath)} && mkdir -p ${shellQuote(cachePath)}`, 3e4);
+  if (validUidGid) {
+    await run(`sudo chown ${uid}:${gid} ${shellQuote(cachePath)} 2>/dev/null || true`, 3e4);
+  }
+  const prefixFlags = prefix ? ` --virtual-directory=true --subdirectory=${shellQuote(prefix)}` : "";
+  const mountCmd = `blobfuse2 mount ${quotedMountPath} --config-file=${shellQuote(configPath)}${prefixFlags}`;
+  logger.debug(`${LOG_PREFIX} Mounting Azure Blob:`, mountCmd);
+  const result = await run(mountCmd, 6e4);
+  logger.debug(`${LOG_PREFIX} blobfuse2 result:`, {
+    exitCode: result.exitCode,
+    stdout: result.stdout,
+    stderr: result.stderr
+  });
+  if (result.exitCode !== 0) {
+    throw new Error(`Failed to mount Azure Blob container: ${result.stderr || result.stdout}`);
+  }
+}
 var DaytonaProcessHandle = class extends ProcessHandle {
   pid;
   _cmdId;
@@ -838,6 +1082,11 @@ var DaytonaSandbox = class _DaytonaSandbox extends MastraSandbox {
           await mountGCS(mountPath, config, mountCtx);
           this.logger.debug(`${LOG_PREFIX} Mounted GCS bucket at ${mountPath}`);
           break;
+        case "azure-blob":
+          this.logger.debug(`${LOG_PREFIX} Mounting Azure Blob at "${mountPath}"...`);
+          await mountAzure(mountPath, config, mountCtx);
+          this.logger.debug(`${LOG_PREFIX} Mounted Azure Blob container at ${mountPath}`);
+          break;
         default: {
           const error = `Unsupported mount type: ${config.type}`;
           this.mounts.set(mountPath, { filesystem, state: "unsupported", config, error });
@@ -907,7 +1156,7 @@ var DaytonaSandbox = class _DaytonaSandbox extends MastraSandbox {
     try {
       const mountsResult = await runCommand(
         sandbox,
-        `grep -E 'fuse\\.(s3fs|gcsfuse)' /proc/mounts | awk '{print $2}'`,
+        `grep -E 'fuse\\.(s3fs|gcsfuse|blobfuse2)' /proc/mounts | awk '{print $2}'`,
         { timeout: MOUNT_COMMAND_TIMEOUT_MS }
       );
       currentMounts = mountsResult.output.trim().split("\n").filter((p) => p.length > 0);