@sentry/junior 0.50.0 → 0.52.0

package/dist/app.js

@@ -3,7 +3,7 @@ import {
   findSkillByName,
   loadSkillsByName,
   parseSkillInvocation
-} from "./chunk-AYM42AN3.js";
+} from "./chunk-ZNFNY53B.js";
 import {
   GEN_AI_PROVIDER_NAME,
   MISSING_GATEWAY_CREDENTIALS_ERROR,
@@ -31,7 +31,7 @@ import {
   runNonInteractiveCommand,
   sandboxSkillDir,
   sandboxSkillFile
-} from "./chunk-AQ4RO2WA.js";
+} from "./chunk-KCOKQLBF.js";
 import {
   CredentialUnavailableError,
   buildOAuthTokenRequest,
@@ -42,6 +42,7 @@ import {
   extractGenAiUsageAttributes,
   extractGenAiUsageSummary,
   getActiveTraceId,
+  getLogContextAttributes,
   getPluginCapabilityProviders,
   getPluginCatalogSignature,
   getPluginDefinition,
@@ -69,7 +70,7 @@ import {
   toOptionalString,
   withContext,
   withSpan
-} from "./chunk-UKR24HLJ.js";
+} from "./chunk-Q3FDONU7.js";
 import {
   sentry_exports
 } from "./chunk-Z3YD6NHK.js";
@@ -6215,13 +6216,22 @@ function createSlackChannelListMessagesTool(context) {
         }
         throw error;
       }
-      return {
+      const summary = {
         ok: true,
         channel_id: targetChannelId,
         count: result.messages.length,
         next_cursor: result.nextCursor,
         messages: result.messages
       };
+      return {
+        content: [{ type: "text", text: JSON.stringify(summary) }],
+        details: {
+          ok: true,
+          channel_id: targetChannelId,
+          count: result.messages.length,
+          ...result.nextCursor ? { next_cursor: result.nextCursor } : {}
+        }
+      };
     }
   });
 }
@@ -9044,87 +9054,135 @@ function resolveChannelCapabilities(channelId) {
   };
 }
 
-// src/chat/sandbox/sandbox.ts
-import fs4 from "fs/promises";
-
-// src/chat/sandbox/egress-policy.ts
-function matchesSandboxEgressDomain(host, domain) {
-  return host.toLowerCase() === domain.toLowerCase();
-}
-function manifestDomains(manifest) {
-  const domains = /* @__PURE__ */ new Set([
-    ...manifest.credentials?.domains ?? [],
-    ...manifest.domains ?? []
-  ]);
-  return [...domains].sort((left, right) => left.localeCompare(right));
-}
-function providerEntries() {
-  return getPluginProviders().map((plugin) => ({
-    provider: plugin.manifest.name,
-    domains: manifestDomains(plugin.manifest)
-  })).filter((entry) => entry.domains.length > 0).sort((left, right) => left.provider.localeCompare(right.provider));
-}
-function resolveSandboxEgressProviderForHost(host) {
-  return providerEntries().find(
-    (entry) => entry.domains.some((domain) => matchesSandboxEgressDomain(host, domain))
-  )?.provider;
-}
-function sandboxProxyUrl() {
-  const baseUrl = resolveBaseUrl();
-  if (!baseUrl) {
-    throw new Error(
-      "Cannot determine base URL for sandbox credential egress (set JUNIOR_BASE_URL or deploy to Vercel)"
-    );
-  }
-  return new URL("/", baseUrl).toString();
-}
-function buildSandboxEgressNetworkPolicy() {
-  const allow = {
-    "*": []
+// src/chat/pi/traced-stream.ts
+import {
+  streamSimple
+} from "@mariozechner/pi-ai";
+function buildChatStartAttributes(model, context) {
+  const attributes = {
+    "gen_ai.operation.name": "chat",
+    "gen_ai.provider.name": GEN_AI_PROVIDER_NAME,
+    "gen_ai.request.model": model.id
   };
-  const entries = providerEntries();
-  if (entries.length === 0) {
-    return { allow };
+  const inputMessages = serializeGenAiAttribute(context.messages);
+  if (inputMessages) {
+    attributes["gen_ai.input.messages"] = inputMessages;
   }
-  const forwardURL = sandboxProxyUrl();
-  for (const entry of entries) {
-    for (const domain of entry.domains) {
-      allow[domain] = [{ forwardURL }];
+  if (context.systemPrompt) {
+    const systemInstructions = serializeGenAiAttribute([
+      { type: "text", content: context.systemPrompt }
+    ]);
+    if (systemInstructions) {
+      attributes["gen_ai.system_instructions"] = systemInstructions;
     }
   }
-  return { allow };
+  return attributes;
 }
-async function resolveSandboxCommandEnvironment() {
-  const env = {};
-  for (const plugin of getPluginProviders().sort(
-    (left, right) => left.manifest.name.localeCompare(right.manifest.name)
-  )) {
-    Object.assign(env, resolvePluginCommandEnv(plugin.manifest));
-    const credentials = plugin.manifest.credentials;
-    if (credentials) {
-      env[credentials.authTokenEnv] = resolveAuthTokenPlaceholder(credentials);
-    }
+function buildChatEndAttributes(message) {
+  const attributes = {};
+  const outputMessages = serializeGenAiAttribute([message]);
+  if (outputMessages) {
+    attributes["gen_ai.output.messages"] = outputMessages;
   }
-  return env;
+  Object.assign(attributes, extractGenAiUsageAttributes(message));
+  if (message.stopReason) {
+    attributes["gen_ai.response.finish_reasons"] = [message.stopReason];
+  }
+  if (message.model) {
+    attributes["gen_ai.response.model"] = message.model;
+  }
+  return attributes;
 }
+function createTracedStreamFn(base = streamSimple) {
+  return async (model, context, options) => {
+    const span = sentry_exports.startInactiveSpan({
+      name: `chat ${model.id}`,
+      op: "gen_ai.chat",
+      attributes: {
+        ...getLogContextAttributes(),
+        ...buildChatStartAttributes(model, context)
+      }
+    });
+    try {
+      const stream = await sentry_exports.withActiveSpan(
+        span,
+        () => Promise.resolve(base(model, context, options))
+      );
+      stream.result().then(
+        (finalMessage) => {
+          try {
+            for (const [key, value] of Object.entries(
+              buildChatEndAttributes(finalMessage)
+            )) {
+              span.setAttribute(key, value);
+            }
+          } finally {
+            span.end();
+          }
+        },
+        () => {
+          span.setStatus({ code: 2, message: "LLM stream failed" });
+          span.end();
+        }
+      ).catch(() => {
+      });
+      return stream;
+    } catch (error) {
+      span.setStatus({ code: 2, message: "LLM call failed" });
+      span.end();
+      throw error;
+    }
+  };
+}
+
+// src/chat/sandbox/sandbox.ts
+import fs4 from "fs/promises";
 
 // src/chat/sandbox/egress-session.ts
-import { randomUUID as randomUUID3 } from "crypto";
-var SANDBOX_EGRESS_SESSION_PREFIX = "sandbox-egress-session";
+import { createHmac, randomUUID as randomUUID3, timingSafeEqual } from "crypto";
+var SANDBOX_EGRESS_PROXY_PATH = "/api/internal/sandbox-egress";
+var SANDBOX_EGRESS_TOKEN_VERSION = "v1";
 var SANDBOX_EGRESS_LEASE_PREFIX = "sandbox-egress-lease";
 var DEFAULT_SESSION_TTL_MS = 30 * 60 * 1e3;
-function sessionKey2(egressId) {
-  return `${SANDBOX_EGRESS_SESSION_PREFIX}:${egressId}`;
+function leaseKey(provider, context) {
+  return `${SANDBOX_EGRESS_LEASE_PREFIX}:${provider}:${context.requesterId}:${context.egressId}:${context.contextId}`;
 }
-function leaseKey(egressId, provider, session) {
-  return `${SANDBOX_EGRESS_LEASE_PREFIX}:${egressId}:${provider}:${session.requesterId}:${session.activationId}`;
+function getSandboxEgressSecret() {
+  const explicit = process.env.JUNIOR_SANDBOX_EGRESS_SECRET?.trim();
+  if (explicit) {
+    return explicit;
+  }
+  const sharedInternal = process.env.JUNIOR_INTERNAL_RESUME_SECRET?.trim();
+  if (sharedInternal) {
+    return sharedInternal;
+  }
+  throw new Error(
+    "Cannot determine sandbox egress secret (set JUNIOR_SANDBOX_EGRESS_SECRET or JUNIOR_INTERNAL_RESUME_SECRET)"
+  );
+}
+function base64Url(input) {
+  return Buffer.from(input, "utf8").toString("base64url");
+}
+function fromBase64Url(input) {
+  return Buffer.from(input, "base64url").toString("utf8");
+}
+function signPayload(payload) {
+  return createHmac("sha256", getSandboxEgressSecret()).update(payload).digest("base64url");
+}
+function timingSafeMatch(expected, actual) {
+  const expectedBuffer = Buffer.from(expected);
+  const actualBuffer = Buffer.from(actual);
+  if (expectedBuffer.length !== actualBuffer.length) {
+    return false;
+  }
+  return timingSafeEqual(expectedBuffer, actualBuffer);
 }
-function parseSession(value) {
+function parseRequesterContext(value) {
   if (!value || typeof value !== "object") {
     return void 0;
   }
   const record = value;
-  if (typeof record.requesterId !== "string" || typeof record.expiresAtMs !== "number" || !Number.isFinite(record.expiresAtMs) || typeof record.activationId !== "string" || !record.activationId) {
+  if (typeof record.requesterId !== "string" || !record.requesterId || typeof record.egressId !== "string" || !record.egressId || typeof record.expiresAtMs !== "number" || !Number.isFinite(record.expiresAtMs) || typeof record.contextId !== "string" || !record.contextId) {
     return void 0;
   }
   if (record.expiresAtMs <= Date.now()) {
@@ -9132,8 +9190,9 @@ function parseSession(value) {
   }
   return {
     requesterId: record.requesterId,
+    egressId: record.egressId,
     expiresAtMs: record.expiresAtMs,
-    activationId: record.activationId
+    contextId: record.contextId
   };
 }
 function parseLease(value) {
@@ -9162,50 +9221,127 @@ function parseLease(value) {
     headerTransforms
   };
 }
-async function upsertSandboxEgressSession(input) {
-  const state = getStateAdapter();
-  await state.connect();
+function createSandboxEgressRequesterToken(input) {
   const ttlMs = Math.max(1, input.ttlMs ?? DEFAULT_SESSION_TTL_MS);
   const now = Date.now();
-  const session = {
+  const context = {
     requesterId: input.requesterId,
+    egressId: input.egressId,
     expiresAtMs: now + ttlMs,
-    activationId: randomUUID3()
+    contextId: randomUUID3()
   };
-  await state.set(sessionKey2(input.egressId), session, ttlMs);
-}
-async function clearSandboxEgressSession(egressId) {
-  const state = getStateAdapter();
-  await state.connect();
-  await state.delete(sessionKey2(egressId));
+  const payload = `${SANDBOX_EGRESS_TOKEN_VERSION}.${base64Url(
+    JSON.stringify(context)
+  )}`;
+  return `${payload}.${signPayload(payload)}`;
 }
-async function getSandboxEgressSession(egressId) {
-  const state = getStateAdapter();
-  await state.connect();
-  return parseSession(await state.get(sessionKey2(egressId)));
+function parseSandboxEgressRequesterToken(token) {
+  if (!token) {
+    return void 0;
+  }
+  const parts = token.split(".");
+  if (parts.length !== 3 || parts[0] !== SANDBOX_EGRESS_TOKEN_VERSION) {
+    return void 0;
+  }
+  const encodedSession = parts[1];
+  const signature = parts[2];
+  if (!encodedSession || !signature) {
+    return void 0;
+  }
+  const payload = `${parts[0]}.${encodedSession}`;
+  if (!timingSafeMatch(signPayload(payload), signature)) {
+    return void 0;
+  }
+  try {
+    return parseRequesterContext(JSON.parse(fromBase64Url(encodedSession)));
+  } catch {
+    return void 0;
+  }
 }
-async function setSandboxEgressCredentialLease(egressId, session, lease) {
+async function setSandboxEgressCredentialLease(context, lease) {
   const leaseExpiresAtMs = Date.parse(lease.expiresAt);
   if (!Number.isFinite(leaseExpiresAtMs) || leaseExpiresAtMs <= Date.now()) {
     return;
   }
   const ttlMs = Math.max(
     1,
-    Math.min(leaseExpiresAtMs, session.expiresAtMs) - Date.now()
+    Math.min(leaseExpiresAtMs, context.expiresAtMs) - Date.now()
   );
   const state = getStateAdapter();
   await state.connect();
-  await state.set(leaseKey(egressId, lease.provider, session), lease, ttlMs);
+  await state.set(leaseKey(lease.provider, context), lease, ttlMs);
 }
-async function getSandboxEgressCredentialLease(egressId, provider, session) {
+async function getSandboxEgressCredentialLease(provider, context) {
   const state = getStateAdapter();
   await state.connect();
-  return parseLease(await state.get(leaseKey(egressId, provider, session)));
+  return parseLease(await state.get(leaseKey(provider, context)));
 }
-async function clearSandboxEgressCredentialLease(egressId, provider, session) {
+async function clearSandboxEgressCredentialLease(provider, context) {
   const state = getStateAdapter();
   await state.connect();
-  await state.delete(leaseKey(egressId, provider, session));
+  await state.delete(leaseKey(provider, context));
+}
+
+// src/chat/sandbox/egress-policy.ts
+function matchesSandboxEgressDomain(host, domain) {
+  return host.toLowerCase() === domain.toLowerCase();
+}
+function manifestDomains(manifest) {
+  const domains = /* @__PURE__ */ new Set([
+    ...manifest.credentials?.domains ?? [],
+    ...manifest.domains ?? []
+  ]);
+  return [...domains].sort((left, right) => left.localeCompare(right));
+}
+function providerEntries() {
+  return getPluginProviders().map((plugin) => ({
+    provider: plugin.manifest.name,
+    domains: manifestDomains(plugin.manifest)
+  })).filter((entry) => entry.domains.length > 0).sort((left, right) => left.provider.localeCompare(right.provider));
+}
+function resolveSandboxEgressProviderForHost(host) {
+  return providerEntries().find(
+    (entry) => entry.domains.some((domain) => matchesSandboxEgressDomain(host, domain))
+  )?.provider;
+}
+function sandboxProxyUrl(requesterToken) {
+  const baseUrl = resolveBaseUrl();
+  if (!baseUrl) {
+    throw new Error(
+      "Cannot determine base URL for sandbox credential egress (set JUNIOR_BASE_URL or deploy to Vercel)"
+    );
+  }
+  const path11 = requesterToken ? `${SANDBOX_EGRESS_PROXY_PATH}/${requesterToken}` : SANDBOX_EGRESS_PROXY_PATH;
+  return new URL(path11, baseUrl).toString();
+}
+function buildSandboxEgressNetworkPolicy(input) {
+  const allow = {
+    "*": []
+  };
+  const entries = providerEntries();
+  if (entries.length === 0) {
+    return { allow };
+  }
+  const forwardURL = sandboxProxyUrl(input?.requesterToken);
+  for (const entry of entries) {
+    for (const domain of entry.domains) {
+      allow[domain] = [{ forwardURL }];
+    }
+  }
+  return { allow };
+}
+async function resolveSandboxCommandEnvironment() {
+  const env = {};
+  for (const plugin of getPluginProviders().sort(
+    (left, right) => left.manifest.name.localeCompare(right.manifest.name)
+  )) {
+    Object.assign(env, resolvePluginCommandEnv(plugin.manifest));
+    const credentials = plugin.manifest.credentials;
+    if (credentials) {
+      env[credentials.authTokenEnv] = resolveAuthTokenPlaceholder(credentials);
+    }
+  }
+  return env;
 }
 
 // src/chat/sandbox/http-error-details.ts
@@ -10510,7 +10646,6 @@ function createSandboxSessionManager(options) {
     }
   };
   const buildToolExecutors = async (sandboxInstance) => {
-    const activeSandboxId = sandboxInstance.sandboxId;
     const toolkit = await withSandboxSpan(
       "sandbox.bash_tool.init",
       "sandbox.tool.init",
@@ -10530,35 +10665,9 @@ function createSandboxSessionManager(options) {
     }
     return {
       bash: async (input) => {
-        const commandEgressId = sandboxInstance.sandboxEgressId;
         let timedOut = false;
         let timeoutId;
-        let commandFinished = false;
-        const finishCommand = async () => {
-          if (commandFinished) {
-            return;
-          }
-          commandFinished = true;
-          await options?.afterCommand?.(commandEgressId);
-          await refreshNetworkPolicy(sandboxInstance);
-        };
-        const finishCommandBestEffort = async () => {
-          try {
-            await finishCommand();
-          } catch (error) {
-            logWarn(
-              "sandbox_command_cleanup_failed",
-              traceContext,
-              {
-                "app.sandbox.id": activeSandboxId,
-                "error.type": error instanceof Error ? error.name : "sandbox_command_cleanup_error"
-              },
-              "Sandbox command cleanup failed"
-            );
-          }
-        };
         try {
-          await options?.beforeCommand?.(commandEgressId);
           await refreshNetworkPolicy(sandboxInstance);
           const sandboxCommandEnv = await resolveCommandEnv();
           const script = buildNonInteractiveShellScript(input.command, {
@@ -10580,7 +10689,6 @@ function createSandboxSessionManager(options) {
             cwd: SANDBOX_WORKSPACE_ROOT,
             ...controller ? { signal: controller.signal } : {}
           });
-          await finishCommandBestEffort();
           return await readCommandOutput(commandResult2);
         } catch (error) {
           if (timedOut) {
@@ -10601,7 +10709,6 @@ function createSandboxSessionManager(options) {
           if (timeoutId) {
             clearTimeout(timeoutId);
           }
-          await finishCommandBestEffort();
         }
       },
       readFile: async (input) => await executeReadFile(input, {
@@ -10690,25 +10797,40 @@ function createSandboxExecutor(options) {
   let referenceFiles = [];
   const traceContext = options?.traceContext ?? {};
   const credentialEgress = options?.credentialEgress;
-  const authorizeSandboxEgressForCommand = credentialEgress ? async (egressId) => {
-    await upsertSandboxEgressSession({
-      egressId,
+  const sandboxEgressTokenTtlMs = Math.max(
+    1,
+    options?.timeoutMs ?? 1e3 * 60 * 30
+  );
+  const sandboxEgressRequesterTokens = /* @__PURE__ */ new Map();
+  const sandboxEgressRequesterTokenFor = (egressId) => {
+    const cached = sandboxEgressRequesterTokens.get(egressId);
+    if (cached && cached.expiresAtMs > Date.now()) {
+      return cached.token;
+    }
+    if (!credentialEgress) {
+      throw new Error("Sandbox credential egress is not configured");
+    }
+    const now = Date.now();
+    const token = createSandboxEgressRequesterToken({
       requesterId: credentialEgress.requesterId,
-      ttlMs: options?.timeoutMs
+      egressId,
+      ttlMs: sandboxEgressTokenTtlMs
+    });
+    sandboxEgressRequesterTokens.set(egressId, {
+      expiresAtMs: now + sandboxEgressTokenTtlMs,
+      token
     });
-  } : void 0;
-  const clearSandboxEgressForCommand = credentialEgress ? async (egressId) => {
-    await clearSandboxEgressSession(egressId);
-  } : void 0;
+    return token;
+  };
   const sessionManager = createSandboxSessionManager({
     sandboxId: options?.sandboxId,
     sandboxDependencyProfileHash: options?.sandboxDependencyProfileHash,
     timeoutMs: options?.timeoutMs,
     traceContext,
     commandEnv: credentialEgress ? async () => await resolveSandboxCommandEnvironment() : void 0,
-    createNetworkPolicy: credentialEgress ? buildSandboxEgressNetworkPolicy : void 0,
-    beforeCommand: authorizeSandboxEgressForCommand,
-    afterCommand: clearSandboxEgressForCommand,
+    createNetworkPolicy: credentialEgress ? (egressId) => buildSandboxEgressNetworkPolicy({
+      requesterToken: sandboxEgressRequesterTokenFor(egressId)
+    }) : void 0,
     onSandboxAcquired: async (sandbox) => {
       await options?.onSandboxAcquired?.(sandbox);
     }
@@ -13081,7 +13203,8 @@ async function generateAssistantReply(messageText, context = {}) {
           config: botConfig.advisor,
           conversationId: sessionConversationId,
           logContext: spanContext,
-          getTools: () => advisorTools
+          getTools: () => advisorTools,
+          streamFn: createTracedStreamFn()
         }
       }
     );
@@ -13174,6 +13297,7 @@ async function generateAssistantReply(messageText, context = {}) {
     );
     agent = new Agent2({
       getApiKey: () => getPiGatewayApiKeyOverride(),
+      streamFn: createTracedStreamFn(),
       initialState: {
         systemPrompt: baseInstructions,
         model: resolveGatewayModel(botConfig.modelId),
@@ -14834,7 +14958,7 @@ async function persistAuthPauseTurnState(args) {
 }
 
 // src/chat/services/timeout-resume.ts
-import { createHmac, timingSafeEqual } from "crypto";
+import { createHmac as createHmac2, timingSafeEqual as timingSafeEqual2 } from "crypto";
 var TURN_TIMEOUT_RESUME_PATH = "/api/internal/turn-resume";
 var TURN_TIMEOUT_RESUME_SIGNATURE_VERSION = "v1";
 var TURN_TIMEOUT_RESUME_MAX_SKEW_MS = 5 * 60 * 1e3;
@@ -14869,16 +14993,16 @@ function buildSignedPayload(timestamp, body) {
   return `${timestamp}:${body}`;
 }
 function signTurnTimeoutResumeBody(secret, timestamp, body) {
-  const digest = createHmac("sha256", secret).update(buildSignedPayload(timestamp, body)).digest("hex");
+  const digest = createHmac2("sha256", secret).update(buildSignedPayload(timestamp, body)).digest("hex");
   return `${TURN_TIMEOUT_RESUME_SIGNATURE_VERSION}=${digest}`;
 }
-function timingSafeMatch(expected, actual) {
+function timingSafeMatch2(expected, actual) {
   const expectedBuffer = Buffer.from(expected);
   const actualBuffer = Buffer.from(actual);
   if (expectedBuffer.length !== actualBuffer.length) {
     return false;
   }
-  return timingSafeEqual(expectedBuffer, actualBuffer);
+  return timingSafeEqual2(expectedBuffer, actualBuffer);
 }
 function parseTurnTimeoutResumeRequest(value) {
   if (!value || typeof value !== "object") {
@@ -14941,7 +15065,7 @@ async function verifyTurnTimeoutResumeRequest(request) {
   }
   const body = await request.text();
   const expectedSignature = signTurnTimeoutResumeBody(secret, timestamp, body);
-  if (!timingSafeMatch(expectedSignature, signature)) {
+  if (!timingSafeMatch2(expectedSignature, signature)) {
     return void 0;
   }
   try {
@@ -15976,10 +16100,32 @@ function egressAttributes(input) {
     ...input.status ? { "http.response.status_code": input.status } : {}
   };
 }
+function requesterTokenFromRequest(request) {
+  const pathname = new URL(request.url).pathname;
+  const prefix = `${SANDBOX_EGRESS_PROXY_PATH}/`;
+  if (!pathname.startsWith(prefix)) {
+    return void 0;
+  }
+  const token = pathname.slice(prefix.length).split("/")[0];
+  if (!token) {
+    return void 0;
+  }
+  try {
+    return decodeURIComponent(token);
+  } catch {
+    return void 0;
+  }
+}
+function redactedProxyPath(pathname) {
+  if (pathname.startsWith(`${SANDBOX_EGRESS_PROXY_PATH}/`)) {
+    return `${SANDBOX_EGRESS_PROXY_PATH}/<token>`;
+  }
+  return pathname;
+}
 function routingAttributes(request, upstreamUrl) {
   const proxyUrl = new URL(request.url);
   const attributes = {
-    "app.sandbox.egress.proxy_path": proxyUrl.pathname
+    "app.sandbox.egress.proxy_path": redactedProxyPath(proxyUrl.pathname)
   };
   if (upstreamUrl) {
     attributes["app.sandbox.egress.upstream_path"] = upstreamUrl.pathname;
@@ -16032,22 +16178,23 @@ function normalizePort(value) {
 function sandboxIdFromPayload(payload) {
   return typeof payload.sandbox_id === "string" ? payload.sandbox_id : void 0;
 }
+function normalizedForwardedPath(path11) {
+  if (!path11.startsWith("/") || path11.startsWith("//") || path11.includes("#") || /[\r\n]/.test(path11)) {
+    return { ok: false, error: "Invalid forwarded path" };
+  }
+  try {
+    const url = new URL(path11, "https://sandbox-forwarded.local");
+    return { ok: true, path: `${url.pathname}${url.search}` };
+  } catch {
+    return { ok: false, error: "Invalid forwarded path" };
+  }
+}
 function upstreamPath(request) {
   const forwardedPath = request.headers.get(FORWARDED_PATH_HEADER);
-  if (forwardedPath?.trim()) {
-    const path11 = forwardedPath.trim();
-    if (!path11.startsWith("/") || path11.startsWith("//") || path11.includes("#") || /[\r\n]/.test(path11)) {
-      return { ok: false, error: "Invalid forwarded path" };
-    }
-    try {
-      const url2 = new URL(path11, "https://sandbox-forwarded.local");
-      return { ok: true, path: `${url2.pathname}${url2.search}` };
-    } catch {
-      return { ok: false, error: "Invalid forwarded path" };
-    }
+  if (!forwardedPath?.trim()) {
+    return { ok: false, error: "Missing forwarded path" };
   }
-  const url = new URL(request.url);
-  return { ok: true, path: `${url.pathname}${url.search}` };
+  return normalizedForwardedPath(forwardedPath.trim());
 }
 function buildUpstreamUrl(request) {
   const forwardedHost = request.headers.get(FORWARDED_HOST_HEADER);
@@ -16119,18 +16266,14 @@ function responseHeaders(upstream) {
   });
   return headers;
 }
-async function credentialLease(egressId, provider, session) {
-  const cached = await getSandboxEgressCredentialLease(
-    egressId,
-    provider,
-    session
-  );
+async function credentialLease(provider, context) {
+  const cached = await getSandboxEgressCredentialLease(provider, context);
   if (cached) {
     return cached;
   }
   const lease = await issueProviderCredentialLease({
     provider,
-    requesterId: session.requesterId,
+    requesterId: context.requesterId,
     reason: `sandbox-egress:${provider}`
   });
   const headerTransforms = lease.headerTransforms ?? [];
@@ -16144,7 +16287,7 @@ async function credentialLease(egressId, provider, session) {
     expiresAt: lease.expiresAt,
     headerTransforms
   };
-  await setSandboxEgressCredentialLease(egressId, session, cachedLease);
+  await setSandboxEgressCredentialLease(context, cachedLease);
   return cachedLease;
 }
 function hasTransformForHost(lease, host) {
@@ -16185,7 +16328,7 @@ async function proxySandboxEgressRequest(request, deps = {}) {
       {},
       {
         "http.request.method": request.method,
-        "url.path": new URL(request.url).pathname
+        "url.path": redactedProxyPath(new URL(request.url).pathname)
       },
       "Sandbox egress OIDC payload did not include a VM session id"
     );
@@ -16203,7 +16346,7 @@ async function proxySandboxEgressRequest(request, deps = {}) {
         ...egressAttributes({
           egressId: activeEgressId,
           method: request.method,
-          path: new URL(request.url).pathname,
+          path: redactedProxyPath(new URL(request.url).pathname),
           status: 400
         }),
         ...routingAttributes(request)
@@ -16232,10 +16375,12 @@ async function proxySandboxEgressRequest(request, deps = {}) {
     );
     return jsonError("No provider owns forwarded host", 403);
   }
-  const session = await getSandboxEgressSession(activeEgressId);
-  if (!session) {
+  const requesterContext = parseSandboxEgressRequesterToken(
+    requesterTokenFromRequest(request)
+  );
+  if (!requesterContext || requesterContext.egressId !== activeEgressId) {
     logWarn(
-      "sandbox_egress_session_unauthorized",
+      "sandbox_egress_requester_context_unauthorized",
       {},
       {
         ...egressAttributes({
@@ -16248,13 +16393,13 @@ async function proxySandboxEgressRequest(request, deps = {}) {
         }),
         ...routingAttributes(request, upstreamUrl)
       },
-      "Sandbox egress VM session is not authorized for requester credentials"
+      "Sandbox egress request did not include a valid requester context for the VM session"
     );
-    return jsonError("Sandbox egress session is not authorized", 403);
+    return jsonError("Sandbox egress requester context is not authorized", 403);
   }
   let lease;
   try {
-    lease = await credentialLease(activeEgressId, provider, session);
+    lease = await credentialLease(provider, requesterContext);
   } catch (error) {
     if (error instanceof CredentialUnavailableError) {
       logWarn(
@@ -16358,7 +16503,7 @@ ${error.message}`,
       },
       "Sandbox egress upstream auth rejected"
     );
-    await clearSandboxEgressCredentialLease(activeEgressId, provider, session);
+    await clearSandboxEgressCredentialLease(provider, requesterContext);
   }
   return new Response(upstream.body, {
     status: upstream.status,

package/dist/{chunk-AQ4RO2WA.js → chunk-KCOKQLBF.js}

@@ -7,7 +7,7 @@ import {
   serializeGenAiAttribute,
   setSpanAttributes,
   withSpan
-} from "./chunk-UKR24HLJ.js";
+} from "./chunk-Q3FDONU7.js";
 
 // src/chat/state/adapter.ts
 import { createMemoryState } from "@chat-adapter/state-memory";

package/dist/{chunk-UKR24HLJ.js → chunk-Q3FDONU7.js}

@@ -3183,6 +3183,7 @@ export {
   toOptionalNumber,
   isRecord,
   createChatSdkLogger,
+  getLogContextAttributes,
   logInfo,
   logWarn,
   logError,

package/dist/{chunk-AYM42AN3.js → chunk-ZNFNY53B.js}

@@ -2,7 +2,7 @@ import {
   getPluginForSkillPath,
   getPluginSkillRoots,
   logWarn
-} from "./chunk-UKR24HLJ.js";
+} from "./chunk-Q3FDONU7.js";
 import {
   skillRoots
 } from "./chunk-XPXD3FCE.js";

package/dist/cli/check.js

@@ -1,9 +1,9 @@
 import {
   parseSkillFile
-} from "../chunk-AYM42AN3.js";
+} from "../chunk-ZNFNY53B.js";
 import {
   parsePluginManifest
-} from "../chunk-UKR24HLJ.js";
+} from "../chunk-Q3FDONU7.js";
 import "../chunk-Z3YD6NHK.js";
 import "../chunk-XPXD3FCE.js";
 import "../chunk-2KG3PWR4.js";

package/dist/cli/snapshot-warmup.js

@@ -1,12 +1,12 @@
 import {
   disconnectStateAdapter,
   resolveRuntimeDependencySnapshot
-} from "../chunk-AQ4RO2WA.js";
+} from "../chunk-KCOKQLBF.js";
 import {
   getPluginProviders,
   getPluginRuntimeDependencies,
   getPluginRuntimePostinstall
-} from "../chunk-UKR24HLJ.js";
+} from "../chunk-Q3FDONU7.js";
 import "../chunk-Z3YD6NHK.js";
 import "../chunk-XPXD3FCE.js";
 import "../chunk-2KG3PWR4.js";

package/dist/instrumentation.js

@@ -27,6 +27,7 @@ function initSentry() {
     sendDefaultPii: true,
     enabled: Boolean(dsn),
     enableLogs,
+    streamGenAiSpans: true,
     integrations: [
       sentry_exports.vercelAIIntegration({
         recordInputs: true,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentry/junior",
-  "version": "0.50.0",
+  "version": "0.52.0",
   "private": false,
   "publishConfig": {
     "access": "public"
@@ -46,7 +46,7 @@
     "@sentry/node": ">=10.0.0"
   },
   "devDependencies": {
-    "@sentry/node": "10.50.0-alpha.0",
+    "@sentry/node": "10.53.1",
     "@types/node": "^25.6.0",
     "dependency-cruiser": "^17.4.0",
     "msw": "^2.14.3",