@pocketenv/cli 0.2.4 → 0.3.0

package/dist/index.js

@@ -8,21 +8,21 @@ import os from 'os';
 import { env as env$2 } from 'process';
 import axios from 'axios';
 import { cleanEnv, str } from 'envalid';
+import WebSocket from 'ws';
+import { EventSource } from 'eventsource';
 import open from 'open';
 import express from 'express';
 import cors from 'cors';
 import fs$1 from 'node:fs/promises';
 import os$1 from 'node:os';
 import path$1 from 'node:path';
-import WebSocket from 'ws';
-import { EventSource } from 'eventsource';
 import Table from 'cli-table3';
 import dayjs from 'dayjs';
 import relativeTime from 'dayjs/plugin/relativeTime.js';
 import { password, editor, input } from '@inquirer/prompts';
 import sodium from 'libsodium-wrappers';
 
-var version = "0.2.4";
+var version = "0.3.0";
 
 async function getAccessToken() {
   const tokenPath = path.join(os.homedir(), ".pocketenv", "token.json");
@@ -65,72 +65,6 @@ const client = axios.create({
   baseURL: env$1.POCKETENV_API_URL
 });
 
-async function start(name) {
-  const token = await getAccessToken();
-  try {
-    await client.post("/xrpc/io.pocketenv.sandbox.startSandbox", void 0, {
-      params: {
-        id: name
-      },
-      headers: {
-        Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
-      }
-    });
-    consola.success(`Sandbox ${chalk.greenBright(name)} started`);
-    consola.log(
-      `Run ${chalk.greenBright(`pocketenv console ${name}`)} to access the sandbox`
-    );
-  } catch {
-    consola.error("Failed to start sandbox");
-  }
-}
-
-async function login(handle) {
-  const app = express();
-  app.use(cors());
-  app.use(express.json());
-  const server = app.listen(6997);
-  app.post("/token", async (req, res) => {
-    console.log(chalk.bold(chalk.greenBright("Login successful!\n")));
-    const tokenPath = path$1.join(os$1.homedir(), ".pocketenv", "token.json");
-    await fs$1.mkdir(path$1.dirname(tokenPath), { recursive: true });
-    await fs$1.writeFile(
-      tokenPath,
-      JSON.stringify({ token: req.body.token }, null, 2)
-    );
-    res.json({
-      ok: 1
-    });
-    server.close();
-  });
-  const response = await client.post(`/login`, { handle, cli: true });
-  const redirectUrl = response.data;
-  if (!redirectUrl.includes("authorize")) {
-    console.error("Failed to login, please check your handle and try again.");
-    server.close();
-    return;
-  }
-  console.log("Please visit this URL to authorize the app:");
-  console.log(chalk.cyan(redirectUrl));
-  await open(response.data);
-}
-
-async function whoami() {
-  const token = await getAccessToken();
-  const profile = await client.get(
-    "/xrpc/io.pocketenv.actor.getProfile",
-    {
-      headers: {
-        Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
-      }
-    }
-  );
-  const handle = `@${profile.data.handle}`;
-  consola.log(
-    `You are logged in as ${chalk.cyan(handle)} (${profile.data.displayName}).`
-  );
-}
-
 function sendInput$1(ws, data) {
   if (ws.readyState === WebSocket.OPEN) {
     ws.send(data);
@@ -334,6 +268,10 @@ async function ssh$1(sandbox) {
     }
     process.stdin.resume();
     process.stdin.on("data", (chunk) => {
+      if (chunk.includes(11)) {
+        teardown(0);
+        return;
+      }
       sendInput(ttyUrl, sandbox.id, chunk, authToken);
     });
     process.stdout.on("resize", () => {
@@ -380,13 +318,16 @@ ${chalk.dim("Process exited.")}\r
   });
   es.onerror = (err) => {
     if (es && es.readyState === EventSource.CLOSED) {
-      const detail = err.message ? ` (${err.message})` : "";
-      process.stderr.write(
-        `\r
-${chalk.red(`Terminal connection lost${detail}`)}\r
+      if (!err.message) {
+        teardown(0);
+      } else {
+        process.stderr.write(
+          `\r
+${chalk.red(`Terminal connection lost (${err.message})`)}\r
 `
-      );
-      teardown(1);
+        );
+        teardown(1);
+      }
     }
   };
   process.on("SIGINT", () => teardown(0));
@@ -469,6 +410,87 @@ async function ssh(sandboxName) {
   }
 }
 
+async function start(name, { ssh: ssh$1 }) {
+  const token = await getAccessToken();
+  try {
+    await client.post("/xrpc/io.pocketenv.sandbox.startSandbox", void 0, {
+      params: {
+        id: name
+      },
+      headers: {
+        Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+      }
+    });
+    if (ssh$1) {
+      await ssh(name);
+      return;
+    }
+    consola.success(`Sandbox ${chalk.greenBright(name)} started`);
+    consola.log(
+      `Run ${chalk.greenBright(`pocketenv console ${name}`)} to access the sandbox`
+    );
+  } catch {
+    consola.error("Failed to start sandbox");
+  }
+}
+
+async function login(handle) {
+  const app = express();
+  app.use(cors());
+  app.use(express.json());
+  const server = app.listen(6997);
+  app.post("/token", async (req, res) => {
+    console.log(chalk.bold(chalk.greenBright("Login successful!\n")));
+    const tokenPath = path$1.join(os$1.homedir(), ".pocketenv", "token.json");
+    await fs$1.mkdir(path$1.dirname(tokenPath), { recursive: true });
+    await fs$1.writeFile(
+      tokenPath,
+      JSON.stringify({ token: req.body.token }, null, 2)
+    );
+    res.json({
+      ok: 1
+    });
+    server.close();
+  });
+  const response = await client.post(`/login`, { handle, cli: true });
+  const redirectUrl = response.data;
+  if (!redirectUrl.includes("authorize")) {
+    console.error("Failed to login, please check your handle and try again.");
+    server.close();
+    return;
+  }
+  console.log("Please visit this URL to authorize the app:");
+  console.log(chalk.cyan(redirectUrl));
+  await open(response.data);
+}
+
+async function whoami() {
+  const token = await getAccessToken();
+  const profile = await client.get(
+    "/xrpc/io.pocketenv.actor.getProfile",
+    {
+      headers: {
+        Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+      }
+    }
+  );
+  const handle = `@${profile.data.handle}`;
+  consola.log(
+    `You are logged in as ${chalk.cyan(handle)} (${profile.data.displayName}).`
+  );
+}
+
+const c = {
+  primary: (s) => chalk.rgb(0, 232, 198)(s),
+  secondary: (s) => chalk.rgb(0, 198, 232)(s),
+  accent: (s) => chalk.rgb(130, 100, 255)(s),
+  highlight: (s) => chalk.rgb(100, 232, 130)(s),
+  muted: (s) => chalk.rgb(200, 210, 220)(s),
+  link: (s) => chalk.rgb(255, 160, 100)(s),
+  sky: (s) => chalk.rgb(0, 210, 255)(s),
+  error: (s) => chalk.rgb(255, 100, 100)(s)
+};
+
 dayjs.extend(relativeTime);
 async function listSandboxes() {
   const token = await getAccessToken();
@@ -492,10 +514,10 @@ async function listSandboxes() {
   );
   const table = new Table({
     head: [
-      chalk.cyan("NAME"),
-      chalk.cyan("BASE"),
-      chalk.cyan("STATUS"),
-      chalk.cyan("CREATED AT")
+      c.primary("NAME"),
+      c.primary("BASE"),
+      c.primary("STATUS"),
+      c.primary("CREATED AT")
     ],
     chars: {
       top: "",
@@ -521,9 +543,9 @@ async function listSandboxes() {
   });
   for (const sandbox of response.data.sandboxes) {
     table.push([
-      chalk.greenBright(sandbox.name),
+      c.secondary(sandbox.name),
       sandbox.baseSandbox,
-      sandbox.status === "RUNNING" ? chalk.greenBright(sandbox.status) : sandbox.status,
+      sandbox.status === "RUNNING" ? c.highlight(sandbox.status) : sandbox.status,
       dayjs(sandbox.createdAt).fromNow()
     ]);
   }
@@ -555,7 +577,7 @@ async function createSandbox(name, {
   const token = await getAccessToken();
   if (["deno", "vercel", "daytona"].includes(provider || "")) {
     consola.error(
-      `This Sandbox Runtime is temporarily disabled. ${chalk.greenBright(provider ?? "")}`
+      `This Sandbox Runtime is temporarily disabled. ${c.primary(provider ?? "")}`
     );
     process.exit(1);
   }
@@ -575,7 +597,7 @@ async function createSandbox(name, {
     );
     if (!ssh$1) {
       consola.success(
-        `Sandbox created successfully: ${chalk.greenBright(sandbox.data.name)}`
+        `Sandbox created successfully: ${c.primary(sandbox.data.name)}`
       );
       return;
     }
@@ -651,7 +673,7 @@ async function listSecrets(sandbox) {
     }
   );
   const table = new Table({
-    head: [chalk.cyan("ID"), chalk.cyan("NAME"), chalk.cyan("CREATED AT")],
+    head: [c.primary("ID"), c.primary("NAME"), c.primary("CREATED AT")],
     chars: {
       top: "",
       "top-mid": "",
@@ -676,8 +698,8 @@ async function listSecrets(sandbox) {
   });
   for (const secret of response.data.secrets) {
     table.push([
-      chalk.greenBright(secret.id),
-      chalk.greenBright(secret.name),
+      c.secondary(secret.id),
+      c.highlight(secret.name),
       dayjs(secret.createdAt).fromNow()
     ]);
   }
@@ -685,7 +707,13 @@ async function listSecrets(sandbox) {
 }
 async function putSecret(sandbox, key) {
   const token = await getAccessToken();
-  const value = await password({ message: "Enter secret value" });
+  const isStdinPiped = !process.stdin.isTTY;
+  const value = isStdinPiped ? await new Promise((resolve) => {
+    let data2 = "";
+    process.stdin.setEncoding("utf8");
+    process.stdin.on("data", (chunk) => data2 += chunk);
+    process.stdin.on("end", () => resolve(data2.trimEnd()));
+  }) : await password({ message: "Enter secret value" });
   const { data } = await client.get("/xrpc/io.pocketenv.sandbox.getSandbox", {
     params: {
       id: sandbox
@@ -698,21 +726,26 @@ async function putSecret(sandbox, key) {
     consola.error(`Sandbox not found: ${chalk.greenBright(sandbox)}`);
     process.exit(1);
   }
-  await client.post(
-    "/xrpc/io.pocketenv.secret.addSecret",
-    {
-      secret: {
-        sandboxId: data.sandbox.id,
-        name: key,
-        value: await encrypt(value)
-      }
-    },
-    {
-      headers: {
-        Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+  try {
+    await client.post(
+      "/xrpc/io.pocketenv.secret.addSecret",
+      {
+        secret: {
+          sandboxId: data.sandbox.id,
+          name: key,
+          value: await encrypt(value)
+        }
+      },
+      {
+        headers: {
+          Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+        }
       }
-    }
-  );
+    );
+    consola.success("Secret added successfully");
+  } catch (error) {
+    consola.error("Failed to add secret:", error);
+  }
 }
 async function deleteSecret(id) {
   const token = await getAccessToken();
@@ -726,8 +759,8 @@ async function deleteSecret(id) {
       }
     });
     consola.success("Secret deleted successfully");
-  } catch {
-    consola.error("Failed to delete secret");
+  } catch (error) {
+    consola.error("Failed to delete secret:", error);
   }
 }
 
@@ -745,7 +778,7 @@ async function listEnvs(sandbox) {
     }
   );
   if (!data.sandbox) {
-    consola.error(`Sandbox not found: ${chalk.greenBright(sandbox)}`);
+    consola.error(`Sandbox not found: ${c.primary(sandbox)}`);
     process.exit(1);
   }
   const response = await client.get(
@@ -763,10 +796,10 @@ async function listEnvs(sandbox) {
   );
   const table = new Table({
     head: [
-      chalk.cyan("ID"),
-      chalk.cyan("NAME"),
-      chalk.cyan("VALUE"),
-      chalk.cyan("CREATED AT")
+      c.primary("ID"),
+      c.primary("NAME"),
+      c.primary("VALUE"),
+      c.primary("CREATED AT")
     ],
     chars: {
       top: "",
@@ -792,8 +825,8 @@ async function listEnvs(sandbox) {
   });
   for (const variable of response.data.variables) {
     table.push([
-      chalk.greenBright(variable.id),
-      chalk.greenBright(variable.name),
+      c.secondary(variable.id),
+      c.highlight(variable.name),
       variable.value,
       dayjs(variable.createdAt).fromNow()
     ]);
@@ -1089,7 +1122,7 @@ async function putAuthKey(sandbox) {
     }
   );
   if (!data.sandbox) {
-    consola.error(`Sandbox not found: ${chalk.greenBright(sandbox)}`);
+    consola.error(`Sandbox not found: ${c.primary(sandbox)}`);
     process.exit(1);
   }
   const redacted = authKey.length > 14 ? authKey.slice(0, 11) + "*".repeat(authKey.length - 14) + authKey.slice(-3) : authKey;
@@ -1108,7 +1141,7 @@ async function putAuthKey(sandbox) {
   );
   consola.success(redacted);
   consola.success(
-    `Tailscale auth key saved for sandbox: ${chalk.greenBright(sandbox)}`
+    `Tailscale auth key saved for sandbox: ${c.primary(sandbox)}`
   );
 }
 async function getTailscaleAuthKey(sandbox) {
@@ -1125,7 +1158,7 @@ async function getTailscaleAuthKey(sandbox) {
     }
   );
   if (!data.sandbox) {
-    consola.error(`Sandbox not found: ${chalk.greenBright(sandbox)}`);
+    consola.error(`Sandbox not found: ${c.primary(sandbox)}`);
     process.exit(1);
   }
   try {
@@ -1140,24 +1173,349 @@ async function getTailscaleAuthKey(sandbox) {
         }
       }
     );
-    consola.info(`Tailscale auth key: ${chalk.greenBright(tailscale.authKey)}`);
+    consola.info(`Tailscale auth key: ${c.primary(tailscale.authKey)}`);
   } catch {
     consola.error(
-      `No Tailscale Auth Key found for sandbox: ${chalk.greenBright(sandbox)}`
+      `No Tailscale Auth Key found for sandbox: ${c.primary(sandbox)}`
     );
     process.exit(1);
   }
 }
 
-const c = {
-  primary: (s) => chalk.rgb(0, 232, 198)(s),
-  secondary: (s) => chalk.rgb(0, 198, 232)(s),
-  accent: (s) => chalk.rgb(130, 100, 255)(s),
-  highlight: (s) => chalk.rgb(100, 232, 130)(s),
-  muted: (s) => chalk.rgb(200, 210, 220)(s),
-  link: (s) => chalk.rgb(255, 160, 100)(s),
-  sky: (s) => chalk.rgb(0, 210, 255)(s)
-};
+async function exposePort(sandbox, port, description) {
+  const token = await getAccessToken();
+  try {
+    const response = await client.post(
+      `/xrpc/io.pocketenv.sandbox.exposePort`,
+      { port, description },
+      {
+        params: {
+          id: sandbox
+        },
+        headers: {
+          Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+        }
+      }
+    );
+    consola.success(
+      `Port ${c.primary(port)} exposed for sandbox ${c.primary(sandbox)}`
+    );
+    if (response.data.previewUrl) {
+      consola.success(`Preview URL: ${c.secondary(response.data.previewUrl)}`);
+    }
+  } catch (error) {
+    consola.error("Failed to expose port:", error);
+    process.exit(1);
+  }
+}
+
+async function unexposePort(sandbox, port) {
+  const token = await getAccessToken();
+  try {
+    await client.post(
+      `/xrpc/io.pocketenv.sandbox.unexposePort`,
+      { port },
+      {
+        params: {
+          id: sandbox
+        },
+        headers: {
+          Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+        }
+      }
+    );
+    consola.success(
+      `Port ${c.primary(port)} unexposed for sandbox ${c.primary(sandbox)}`
+    );
+  } catch (error) {
+    consola.error(`Failed to unexpose port: ${error}`);
+    process.exit(1);
+  }
+}
+
+dayjs.extend(relativeTime);
+async function listVolumes(sandboxId) {
+  const token = await getAccessToken();
+  const response = await client.get(
+    "/xrpc/io.pocketenv.volume.getVolumes",
+    {
+      params: {
+        sandboxId
+      },
+      headers: {
+        Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+      }
+    }
+  );
+  const table = new Table({
+    head: [
+      c.primary("ID"),
+      c.primary("NAME"),
+      c.primary("PATH"),
+      c.primary("CREATED AT")
+    ],
+    chars: {
+      top: "",
+      "top-mid": "",
+      "top-left": "",
+      "top-right": "",
+      bottom: "",
+      "bottom-mid": "",
+      "bottom-left": "",
+      "bottom-right": "",
+      left: "",
+      "left-mid": "",
+      mid: "",
+      "mid-mid": "",
+      right: "",
+      "right-mid": "",
+      middle: " "
+    },
+    style: {
+      border: [],
+      head: []
+    }
+  });
+  for (const volume of response.data.volumes) {
+    table.push([
+      c.secondary(volume.id),
+      volume.name,
+      volume.path,
+      dayjs(volume.createdAt).fromNow()
+    ]);
+  }
+  consola.log(table.toString());
+}
+async function createVolume(sandbox, name, path) {
+  const token = await getAccessToken();
+  try {
+    await client.post(
+      "/xrpc/io.pocketenv.volume.addVolume",
+      {
+        volume: {
+          sandboxId: sandbox,
+          name,
+          path
+        }
+      },
+      {
+        headers: {
+          Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+        }
+      }
+    );
+    consola.success(
+      `Volume ${chalk.rgb(0, 232, 198)(name)} successfully mounted in sandbox ${chalk.rgb(0, 232, 198)(sandbox)} at path ${chalk.rgb(0, 232, 198)(path)}`
+    );
+  } catch (error) {
+    consola.error("Failed to create volume:", error);
+  }
+}
+async function deleteVolume(id) {
+  const token = await getAccessToken();
+  try {
+    await client.post(`/xrpc/io.pocketenv.volume.deleteVolume`, void 0, {
+      params: {
+        id
+      },
+      headers: {
+        Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+      }
+    });
+  } catch (error) {
+    consola.error(`Failed to delete volume: ${error}`);
+    return;
+  }
+  consola.success(
+    `Volume ${chalk.rgb(0, 232, 198)(id)} successfully deleted from sandbox`
+  );
+}
+
+dayjs.extend(relativeTime);
+async function putFile(sandbox, remotePath, localPath) {
+  const token = await getAccessToken();
+  let content;
+  if (!process.stdin.isTTY) {
+    const chunks = [];
+    for await (const chunk of process.stdin) chunks.push(chunk);
+    content = Buffer.concat(chunks).toString().trim();
+  } else if (localPath) {
+    const resolvedPath = path.resolve(localPath);
+    try {
+      await fs.access(resolvedPath);
+    } catch (err) {
+      consola.error(`No such file: ${c.error(localPath)}`);
+      process.exit(1);
+    }
+    content = await fs.readFile(resolvedPath, "utf-8");
+  } else {
+    content = (await editor({
+      message: "File content (opens in $EDITOR):",
+      waitForUserInput: false
+    })).trim();
+  }
+  try {
+    await client.post(
+      "/xrpc/io.pocketenv.file.addFile",
+      {
+        file: {
+          sandboxId: sandbox,
+          path: remotePath,
+          content: await encrypt(content)
+        }
+      },
+      {
+        headers: {
+          Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+        }
+      }
+    );
+    consola.success(
+      `File ${c.primary(remotePath)} successfully created in sandbox ${c.primary(sandbox)}`
+    );
+  } catch (error) {
+    consola.error(`Failed to create file: ${error}`);
+  }
+}
+async function listFiles(sandboxId) {
+  const token = await getAccessToken();
+  const response = await client.get(
+    "/xrpc/io.pocketenv.file.getFiles",
+    {
+      params: {
+        sandboxId
+      },
+      headers: {
+        Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+      }
+    }
+  );
+  const table = new Table({
+    head: [c.primary("ID"), c.primary("PATH"), c.primary("CREATED AT")],
+    chars: {
+      top: "",
+      "top-mid": "",
+      "top-left": "",
+      "top-right": "",
+      bottom: "",
+      "bottom-mid": "",
+      "bottom-left": "",
+      "bottom-right": "",
+      left: "",
+      "left-mid": "",
+      mid: "",
+      "mid-mid": "",
+      right: "",
+      "right-mid": "",
+      middle: " "
+    },
+    style: {
+      border: [],
+      head: []
+    }
+  });
+  for (const file of response.data.files) {
+    table.push([
+      c.secondary(file.id),
+      file.path,
+      dayjs(file.createdAt).fromNow()
+    ]);
+  }
+  consola.log(table.toString());
+}
+async function deleteFile(id) {
+  const token = await getAccessToken();
+  try {
+    await client.post(`/xrpc/io.pocketenv.file.deleteFile`, void 0, {
+      params: {
+        id
+      },
+      headers: {
+        Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+      }
+    });
+    consola.success(`File ${c.primary(id)} successfully deleted from sandbox`);
+  } catch (error) {
+    consola.error(`Failed to delete file: ${error}`);
+  }
+}
+
+async function listPorts(sandbox) {
+  const token = await getAccessToken();
+  const response = await client.get(
+    "/xrpc/io.pocketenv.sandbox.getExposedPorts",
+    {
+      params: {
+        id: sandbox
+      },
+      headers: {
+        Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+      }
+    }
+  );
+  const table = new Table({
+    head: [
+      c.primary("PORT"),
+      c.primary("DESCRIPTION"),
+      c.primary("PREVIEW URL")
+    ],
+    chars: {
+      top: "",
+      "top-mid": "",
+      "top-left": "",
+      "top-right": "",
+      bottom: "",
+      "bottom-mid": "",
+      "bottom-left": "",
+      "bottom-right": "",
+      left: "",
+      "left-mid": "",
+      mid: "",
+      "mid-mid": "",
+      right: "",
+      "right-mid": "",
+      middle: " "
+    },
+    style: {
+      border: [],
+      head: []
+    }
+  });
+  for (const port of response.data.ports) {
+    table.push([
+      c.secondary(port.port),
+      port.description || "-",
+      c.link(port.previewUrl || "-")
+    ]);
+  }
+  consola.log(table.toString());
+}
+
+async function exposeVscode(sandbox) {
+  const token = await getAccessToken();
+  try {
+    const response = await client.post(
+      `/xrpc/io.pocketenv.sandbox.exposeVscode`,
+      void 0,
+      {
+        params: {
+          id: sandbox
+        },
+        headers: {
+          Authorization: `Bearer ${env$1.POCKETENV_TOKEN || token}`
+        }
+      }
+    );
+    consola.success(`VS Code Server exposed for sandbox ${c.primary(sandbox)}`);
+    if (response.data.previewUrl) {
+      consola.success(`Preview URL: ${c.secondary(response.data.previewUrl)}`);
+    }
+  } catch (error) {
+    consola.error("Failed to expose VS Code:", error);
+    process.exit(1);
+  }
+}
+
 const program = new Command();
 program.name("pocketenv").description(
   `${chalk.bold.rgb(0, 232, 198)(`pocketenv v${version}`)} ${c.muted("\u2500")} ${c.muted("Open, interoperable sandbox platform for agents and humans")}`
@@ -1184,7 +1542,7 @@ program.command("login").argument("<handle>", "your AT Proto handle (e.g., <user
 program.command("whoami").description("get the current logged-in user").action(whoami);
 program.command("console").aliases(["shell", "ssh", "s"]).argument("[sandbox]", "the sandbox to connect to").description("open an interactive shell for the given sandbox").action(ssh);
 program.command("ls").description("list sandboxes").action(listSandboxes);
-program.command("start").argument("<sandbox>", "the sandbox to start").description("start the given sandbox").action(start);
+program.command("start").argument("<sandbox>", "the sandbox to start").option("--ssh, -s", "connect to the Sandbox and automatically open a shell").description("start the given sandbox").action(start);
 program.command("stop").argument("<sandbox>", "the sandbox to stop").description("stop the given sandbox").action(stop);
 program.command("create").aliases(["new"]).option("--provider, -p <provider>", "the provider to use for the sandbox").option(
   "--base, -b <base>",
@@ -1192,6 +1550,34 @@ program.command("create").aliases(["new"]).option("--provider, -p <provider>", "
 ).option("--ssh, -s", "connect to the Sandbox and automatically open a shell").argument("[name]", "the name of the sandbox to create").description("create a new sandbox").action(createSandbox);
 program.command("logout").description("logout (removes session token)").action(logout);
 program.command("rm").aliases(["delete", "remove"]).argument("<sandbox>", "the sandbox to delete").description("delete the given sandbox").action(deleteSandbox);
+program.command("vscode").argument("<sandbox>", "the sandbox to expose VS Code for").description(
+  "expose a VS Code Server instance running in the given sandbox to the internet"
+).action(exposeVscode);
+program.command("expose").argument("<sandbox>", "the sandbox to expose a port for").argument("<port>", "the port to expose", (val) => {
+  const port = parseInt(val, 10);
+  if (isNaN(port)) {
+    consola.error(`port must be a number, got: ${val}`);
+    process.exit(1);
+  }
+  return port;
+}).argument("[description]", "an optional description for the exposed port").description("expose a port from the given sandbox to the internet").action(exposePort);
+program.command("unexpose").argument("<sandbox>", "the sandbox to unexpose a port for").argument("<port>", "the port to unexpose", (val) => {
+  const port = parseInt(val, 10);
+  if (isNaN(port)) {
+    consola.error(`port must be a number, got: ${val}`);
+    process.exit(1);
+  }
+  return port;
+}).description("unexpose a port from the given sandbox").action(unexposePort);
+const volume = program.command("volume").description("manage volumes");
+volume.command("put").argument("<sandbox>", "the sandbox to put the volume in").argument("<name>", "the name of the volume").argument("<path>", "the path to mount the volume at").description("put a volume in the given sandbox").action(createVolume);
+volume.command("list").aliases(["ls"]).argument("<sandbox>", "the sandbox to list volumes for").description("list volumes in the given sandbox").action(listVolumes);
+volume.command("delete").aliases(["rm", "remove"]).argument("<id>", "the ID of the volume to delete").description("delete a volume").action(deleteVolume);
+const file = program.command("file").description("manage files");
+file.command("put").argument("<sandbox>", "the sandbox to put the file in").argument("<path>", "the remote path to upload the file to").argument("[localPath]", "the local path of the file to upload").description("upload a file to the given sandbox").action(putFile);
+file.command("list").aliases(["ls"]).argument("<sandbox>", "the sandbox to list files for").description("list files in the given sandbox").action(listFiles);
+file.command("delete").aliases(["rm", "remove"]).argument("<id>", "the ID of the file to delete").description("delete a file").action(deleteFile);
+program.command("ports").argument("<sandbox>", "the sandbox to list exposed ports for").description("list exposed ports for a sandbox").action(listPorts);
 const secret = program.command("secret").description("manage secrets");
 secret.command("put").argument("<sandbox>", "the sandbox to put the secret in").argument("<key>", "the key of the secret").description("put a secret in the given sandbox").action(putSecret);
 secret.command("list").aliases(["ls"]).argument("<sandbox>", "the sandbox to list secrets for").description("list secrets in the given sandbox").action(listSecrets);