@vercel/sandbox 0.0.16 → 0.0.18

package/.turbo/turbo-build.log

@@ -1,4 +1,4 @@
 
-> @vercel/sandbox@0.0.16 build /home/runner/work/sandbox-sdk/sandbox-sdk/packages/sandbox
+> @vercel/sandbox@0.0.18 build /home/runner/work/sandbox-sdk/sandbox-sdk/packages/sandbox
 > tsc
 

package/.turbo/turbo-typecheck.log

@@ -1,4 +1,4 @@
 
-> @vercel/sandbox@0.0.16 typecheck /home/runner/work/sandbox-sdk/sandbox-sdk/packages/sandbox
+> @vercel/sandbox@0.0.18 typecheck /home/runner/work/sandbox-sdk/sandbox-sdk/packages/sandbox
 > tsc --noEmit
 

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @vercel/sandbox
 
+## 0.0.18
+
+### Patch Changes
+
+- refresh oidc token if stale in development ([#106](https://github.com/vercel/sandbox-sdk/pull/106))
+
+## 0.0.17
+
+### Patch Changes
+
+- Sandboxes can now expose up to 4 ports ([#99](https://github.com/vercel/sandbox-sdk/pull/99))
+
+  This applies to all SDK versions, but this SDK release documents the limit.
+
+- Fix bug in Sandbox.writeFile, add support for absolute paths ([#97](https://github.com/vercel/sandbox-sdk/pull/97))
+
 ## 0.0.16
 
 ### Patch Changes

package/dist/api-client/api-client.d.ts

@@ -4,11 +4,13 @@ import { FileWriter } from "./file-writer";
 import { z } from "zod";
 export declare class APIClient extends BaseClient {
     private teamId;
+    private tokenExpiry;
     constructor(params: {
         host?: string;
         teamId: string;
         token: string;
     });
+    private ensureValidToken;
     protected request(path: string, params?: RequestParams): Promise<Response>;
     getSandbox(params: {
         sandboxId: string;
@@ -23,6 +25,7 @@ export declare class APIClient extends BaseClient {
             timeout: number;
             requestedAt: number;
             createdAt: number;
+            cwd: string;
             updatedAt: number;
             duration?: number | undefined;
             startedAt?: number | undefined;
@@ -65,6 +68,7 @@ export declare class APIClient extends BaseClient {
             timeout: number;
             requestedAt: number;
             createdAt: number;
+            cwd: string;
             updatedAt: number;
             duration?: number | undefined;
             startedAt?: number | undefined;
@@ -112,16 +116,19 @@ export declare class APIClient extends BaseClient {
     }): Promise<Parsed<{}>>;
     getFileWriter(params: {
         sandboxId: string;
+        extractDir: string;
     }): {
         response: Promise<Response>;
         writer: FileWriter;
     };
     writeFiles(params: {
         sandboxId: string;
+        cwd: string;
         files: {
             path: string;
             content: Buffer;
         }[];
+        extractDir: string;
     }): Promise<void>;
     readFile(params: {
         sandboxId: string;

package/dist/api-client/api-client.js

@@ -13,6 +13,8 @@ const consume_readable_1 = require("../utils/consume-readable");
 const jsonlines_1 = __importDefault(require("jsonlines"));
 const os_1 = __importDefault(require("os"));
 const stream_1 = require("stream");
+const normalizePath_1 = require("../utils/normalizePath");
+const jwt_expiry_1 = require("../utils/jwt-expiry");
 class APIClient extends base_client_1.BaseClient {
     constructor(params) {
         super({
@@ -21,8 +23,24 @@ class APIClient extends base_client_1.BaseClient {
             debug: false,
         });
         this.teamId = params.teamId;
+        this.tokenExpiry = jwt_expiry_1.JwtExpiry.fromToken(params.token);
+    }
+    async ensureValidToken() {
+        if (!this.tokenExpiry) {
+            return;
+        }
+        const newExpiry = await this.tokenExpiry.tryRefresh();
+        if (!newExpiry) {
+            return;
+        }
+        this.tokenExpiry = newExpiry;
+        this.token = this.tokenExpiry.token;
+        if (this.tokenExpiry.payload) {
+            this.teamId = this.tokenExpiry.payload?.owner_id;
+        }
     }
     async request(path, params) {
+        await this.ensureValidToken();
         return super.request(path, {
             ...params,
             query: { teamId: this.teamId, ...params?.query },
@@ -78,7 +96,10 @@ class APIClient extends base_client_1.BaseClient {
             response: (async () => {
                 return this.request(`/v1/sandboxes/${params.sandboxId}/fs/write`, {
                     method: "POST",
-                    headers: { "content-type": "application/gzip" },
+                    headers: {
+                        "content-type": "application/gzip",
+                        "x-cwd": params.extractDir,
+                    },
                     body: await (0, consume_readable_1.consumeReadable)(writer.readable),
                 });
             })(),
@@ -88,9 +109,17 @@ class APIClient extends base_client_1.BaseClient {
     async writeFiles(params) {
         const { writer, response } = this.getFileWriter({
             sandboxId: params.sandboxId,
+            extractDir: params.extractDir,
         });
         for (const file of params.files) {
-            await writer.addFile({ name: file.path, content: file.content });
+            await writer.addFile({
+                name: (0, normalizePath_1.normalizePath)({
+                    filePath: file.path,
+                    extractDir: params.extractDir,
+                    cwd: params.cwd,
+                }),
+                content: file.content,
+            });
         }
         writer.end();
         await (0, base_client_1.parseOrThrow)(validators_1.EmptyResponse, await response);

package/dist/api-client/validators.d.ts

@@ -14,6 +14,7 @@ export declare const Sandbox: z.ZodObject<{
     stoppedAt: z.ZodOptional<z.ZodNumber>;
     duration: z.ZodOptional<z.ZodNumber>;
     createdAt: z.ZodNumber;
+    cwd: z.ZodString;
     updatedAt: z.ZodNumber;
 }, "strip", z.ZodTypeAny, {
     region: string;
@@ -25,6 +26,7 @@ export declare const Sandbox: z.ZodObject<{
     timeout: number;
     requestedAt: number;
     createdAt: number;
+    cwd: string;
     updatedAt: number;
     duration?: number | undefined;
     startedAt?: number | undefined;
@@ -40,6 +42,7 @@ export declare const Sandbox: z.ZodObject<{
     timeout: number;
     requestedAt: number;
     createdAt: number;
+    cwd: string;
     updatedAt: number;
     duration?: number | undefined;
     startedAt?: number | undefined;
@@ -101,6 +104,7 @@ export declare const SandboxResponse: z.ZodObject<{
         stoppedAt: z.ZodOptional<z.ZodNumber>;
         duration: z.ZodOptional<z.ZodNumber>;
         createdAt: z.ZodNumber;
+        cwd: z.ZodString;
         updatedAt: z.ZodNumber;
     }, "strip", z.ZodTypeAny, {
         region: string;
@@ -112,6 +116,7 @@ export declare const SandboxResponse: z.ZodObject<{
         timeout: number;
         requestedAt: number;
         createdAt: number;
+        cwd: string;
         updatedAt: number;
         duration?: number | undefined;
         startedAt?: number | undefined;
@@ -127,6 +132,7 @@ export declare const SandboxResponse: z.ZodObject<{
         timeout: number;
         requestedAt: number;
         createdAt: number;
+        cwd: string;
         updatedAt: number;
         duration?: number | undefined;
         startedAt?: number | undefined;
@@ -144,6 +150,7 @@ export declare const SandboxResponse: z.ZodObject<{
         timeout: number;
         requestedAt: number;
         createdAt: number;
+        cwd: string;
         updatedAt: number;
         duration?: number | undefined;
         startedAt?: number | undefined;
@@ -161,6 +168,7 @@ export declare const SandboxResponse: z.ZodObject<{
         timeout: number;
         requestedAt: number;
         createdAt: number;
+        cwd: string;
         updatedAt: number;
         duration?: number | undefined;
         startedAt?: number | undefined;
@@ -183,6 +191,7 @@ export declare const SandboxAndRoutesResponse: z.ZodObject<{
         stoppedAt: z.ZodOptional<z.ZodNumber>;
         duration: z.ZodOptional<z.ZodNumber>;
         createdAt: z.ZodNumber;
+        cwd: z.ZodString;
         updatedAt: z.ZodNumber;
     }, "strip", z.ZodTypeAny, {
         region: string;
@@ -194,6 +203,7 @@ export declare const SandboxAndRoutesResponse: z.ZodObject<{
         timeout: number;
         requestedAt: number;
         createdAt: number;
+        cwd: string;
         updatedAt: number;
         duration?: number | undefined;
         startedAt?: number | undefined;
@@ -209,6 +219,7 @@ export declare const SandboxAndRoutesResponse: z.ZodObject<{
         timeout: number;
         requestedAt: number;
         createdAt: number;
+        cwd: string;
         updatedAt: number;
         duration?: number | undefined;
         startedAt?: number | undefined;
@@ -240,6 +251,7 @@ export declare const SandboxAndRoutesResponse: z.ZodObject<{
         timeout: number;
         requestedAt: number;
         createdAt: number;
+        cwd: string;
         updatedAt: number;
         duration?: number | undefined;
         startedAt?: number | undefined;
@@ -262,6 +274,7 @@ export declare const SandboxAndRoutesResponse: z.ZodObject<{
         timeout: number;
         requestedAt: number;
         createdAt: number;
+        cwd: string;
         updatedAt: number;
         duration?: number | undefined;
         startedAt?: number | undefined;

package/dist/api-client/validators.js

@@ -16,6 +16,7 @@ exports.Sandbox = zod_1.z.object({
     stoppedAt: zod_1.z.number().optional(),
     duration: zod_1.z.number().optional(),
     createdAt: zod_1.z.number(),
+    cwd: zod_1.z.string(),
     updatedAt: zod_1.z.number(),
 });
 exports.SandboxRoute = zod_1.z.object({

package/dist/command.d.ts

@@ -3,8 +3,11 @@ import { Signal } from "./utils/resolveSignal";
 /**
  * A command executed in a Sandbox.
  *
- * You can {@link wait} on commands to access their {@link CommandFinished.exitCode}, and
- * iterate over their output with {@link logs}.
+ * For detached commands, you can {@link wait} to get a {@link CommandFinished} instance
+ * with the populated exit code. For non-detached commands, {@link Sandbox.runCommand}
+ * automatically waits and returns a {@link CommandFinished} instance.
+ *
+ * You can iterate over command output with {@link logs}.
  *
  * @see {@link Sandbox.runCommand} to start a command.
  *
@@ -67,9 +70,14 @@ export declare class Command {
     /**
      * Wait for a command to exit and populate its exit code.
      *
+     * This method is useful for detached commands where you need to wait
+     * for completion. For non-detached commands, {@link Sandbox.runCommand}
+     * automatically waits and returns a {@link CommandFinished} instance.
+     *
      * ```
-     * await cmd.wait()
-     * if (cmd.exitCode != 0) {
+     * const detachedCmd = await sandbox.runCommand({ cmd: 'sleep', args: ['5'], detached: true });
+     * const result = await detachedCmd.wait();
+     * if (result.exitCode !== 0) {
      *   console.error("Something went wrong...")
      * }
      * ```
@@ -117,14 +125,16 @@ export declare class Command {
 /**
  * A command that has finished executing.
  *
- * Contains the exit code of the command.
+ * The exit code is immediately available and populated upon creation.
+ * Unlike {@link Command}, you don't need to call wait() - the command
+ * has already completed execution.
  *
  * @hideconstructor
  */
 export declare class CommandFinished extends Command {
     /**
-     * The exit code of the command, if available. This is set after
-     * {@link wait} has returned.
+     * The exit code of the command. This is always populated for
+     * CommandFinished instances.
      */
     exitCode: number;
     /**
@@ -140,4 +150,13 @@ export declare class CommandFinished extends Command {
         cmd: CommandData;
         exitCode: number;
     });
+    /**
+     * The wait method is not needed for CommandFinished instances since
+     * the command has already completed and exitCode is populated.
+     *
+     * @deprecated This method is redundant for CommandFinished instances.
+     * The exitCode is already available.
+     * @returns This CommandFinished instance.
+     */
+    wait(): Promise<CommandFinished>;
 }

package/dist/command.js

@@ -5,8 +5,11 @@ const resolveSignal_1 = require("./utils/resolveSignal");
 /**
  * A command executed in a Sandbox.
  *
- * You can {@link wait} on commands to access their {@link CommandFinished.exitCode}, and
- * iterate over their output with {@link logs}.
+ * For detached commands, you can {@link wait} to get a {@link CommandFinished} instance
+ * with the populated exit code. For non-detached commands, {@link Sandbox.runCommand}
+ * automatically waits and returns a {@link CommandFinished} instance.
+ *
+ * You can iterate over command output with {@link logs}.
  *
  * @see {@link Sandbox.runCommand} to start a command.
  *
@@ -64,9 +67,14 @@ class Command {
     /**
      * Wait for a command to exit and populate its exit code.
      *
+     * This method is useful for detached commands where you need to wait
+     * for completion. For non-detached commands, {@link Sandbox.runCommand}
+     * automatically waits and returns a {@link CommandFinished} instance.
+     *
      * ```
-     * await cmd.wait()
-     * if (cmd.exitCode != 0) {
+     * const detachedCmd = await sandbox.runCommand({ cmd: 'sleep', args: ['5'], detached: true });
+     * const result = await detachedCmd.wait();
+     * if (result.exitCode !== 0) {
      *   console.error("Something went wrong...")
      * }
      * ```
@@ -145,7 +153,9 @@ exports.Command = Command;
 /**
  * A command that has finished executing.
  *
- * Contains the exit code of the command.
+ * The exit code is immediately available and populated upon creation.
+ * Unlike {@link Command}, you don't need to call wait() - the command
+ * has already completed execution.
  *
  * @hideconstructor
  */
@@ -161,5 +171,16 @@ class CommandFinished extends Command {
         super({ ...params });
         this.exitCode = params.exitCode;
     }
+    /**
+     * The wait method is not needed for CommandFinished instances since
+     * the command has already completed and exitCode is populated.
+     *
+     * @deprecated This method is redundant for CommandFinished instances.
+     * The exitCode is already available.
+     * @returns This CommandFinished instance.
+     */
+    async wait() {
+        return this;
+    }
 }
 exports.CommandFinished = CommandFinished;

package/dist/sandbox.d.ts

@@ -31,7 +31,8 @@ export interface CreateSandboxParams {
         url: string;
     };
     /**
-     * Array of port numbers to expose from the sandbox.
+     * Array of port numbers to expose from the sandbox. Sandboxes can
+     * expose up to 4 ports.
      */
     ports?: number[];
     /**
@@ -184,7 +185,7 @@ export declare class Sandbox {
      * @returns A {@link Command} or {@link CommandFinished}, depending on `detached`.
      * @internal
      */
-    _runCommand(params: RunCommandParams): Promise<CommandFinished | Command>;
+    _runCommand(params: RunCommandParams): Promise<Command | CommandFinished>;
     /**
      * Create a directory in the filesystem of this sandbox.
      *
@@ -203,6 +204,8 @@ export declare class Sandbox {
     }): Promise<NodeJS.ReadableStream | null>;
     /**
      * Write files to the filesystem of this sandbox.
+     * Defaults to writing to /vercel/sandbox unless an absolute path is specified.
+     * Writes files using the `vercel-sandbox` user.
      *
      * @param files - Array of files with path and stream/buffer contents
      * @returns A promise that resolves when the files are written

package/dist/sandbox.js

@@ -30,7 +30,7 @@ class Sandbox {
      * @returns A promise resolving to the created {@link Sandbox}.
      */
     static async create(params) {
-        const credentials = (0, get_credentials_1.getCredentials)(params);
+        const credentials = await (0, get_credentials_1.getCredentials)(params);
         const client = new api_client_1.APIClient({
             teamId: credentials.teamId,
             token: credentials.token,
@@ -56,7 +56,7 @@ class Sandbox {
      * @returns A promise resolving to the {@link Sandbox}.
      */
     static async get(params) {
-        const credentials = (0, get_credentials_1.getCredentials)(params);
+        const credentials = await (0, get_credentials_1.getCredentials)(params);
         const client = new api_client_1.APIClient({
             teamId: credentials.teamId,
             token: credentials.token,
@@ -165,6 +165,8 @@ class Sandbox {
     }
     /**
      * Write files to the filesystem of this sandbox.
+     * Defaults to writing to /vercel/sandbox unless an absolute path is specified.
+     * Writes files using the `vercel-sandbox` user.
      *
      * @param files - Array of files with path and stream/buffer contents
      * @returns A promise that resolves when the files are written
@@ -172,6 +174,8 @@ class Sandbox {
     async writeFiles(files) {
         return this.client.writeFiles({
             sandboxId: this.sandbox.id,
+            cwd: this.sandbox.cwd,
+            extractDir: "/",
             files: files,
         });
     }

package/dist/utils/get-credentials.d.ts

@@ -1,3 +1,4 @@
+import { z } from "zod";
 export interface Credentials {
     /**
      * Authentication token for the Vercel API. It could be an OIDC token
@@ -23,4 +24,24 @@ export interface Credentials {
  * If both methods are used, the object properties take precedence over the
  * environment variable. If neither method is used, an error is thrown.
  */
-export declare function getCredentials<T>(params?: T | Credentials): Credentials;
+export declare function getCredentials(params?: unknown): Promise<Credentials>;
+/**
+ * Schema to validate the payload of the Vercel OIDC token where we expect
+ * to find the `teamId` and `projectId`.
+ */
+export declare const schema: z.ZodObject<{
+    exp: z.ZodOptional<z.ZodNumber>;
+    iat: z.ZodOptional<z.ZodNumber>;
+    owner_id: z.ZodString;
+    project_id: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    owner_id: string;
+    project_id: string;
+    exp?: number | undefined;
+    iat?: number | undefined;
+}, {
+    owner_id: string;
+    project_id: string;
+    exp?: number | undefined;
+    iat?: number | undefined;
+}>;

package/dist/utils/get-credentials.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.schema = void 0;
 exports.getCredentials = getCredentials;
 const oidc_1 = require("@vercel/oidc");
 const decode_base64_url_1 = require("./decode-base64-url");
@@ -14,12 +15,12 @@ const zod_1 = require("zod");
  * If both methods are used, the object properties take precedence over the
  * environment variable. If neither method is used, an error is thrown.
  */
-function getCredentials(params) {
+async function getCredentials(params) {
     const credentials = getCredentialsFromParams(params ?? {});
     if (credentials) {
         return credentials;
     }
-    const oidcToken = (0, oidc_1.getVercelOidcTokenSync)();
+    const oidcToken = await (0, oidc_1.getVercelOidcToken)();
     if (oidcToken) {
         return getCredentialsFromOIDCToken(oidcToken);
     }
@@ -32,6 +33,10 @@ function getCredentials(params) {
  * or none of them, otherwise an error is thrown.
  */
 function getCredentialsFromParams(params) {
+    // Type guard: params must be an object
+    if (!params || typeof params !== "object") {
+        return null;
+    }
     const missing = [
         "token" in params && typeof params.token === "string" ? null : "token",
         "teamId" in params && typeof params.teamId === "string" ? null : "teamId",
@@ -57,7 +62,9 @@ function getCredentialsFromParams(params) {
  * Schema to validate the payload of the Vercel OIDC token where we expect
  * to find the `teamId` and `projectId`.
  */
-const schema = zod_1.z.object({
+exports.schema = zod_1.z.object({
+    exp: zod_1.z.number().optional().describe("Expiry timestamp (seconds since epoch)"),
+    iat: zod_1.z.number().optional().describe("Issued at timestamp"),
     owner_id: zod_1.z.string(),
     project_id: zod_1.z.string(),
 });
@@ -71,7 +78,7 @@ const schema = zod_1.z.object({
  */
 function getCredentialsFromOIDCToken(token) {
     try {
-        const payload = schema.parse((0, decode_base64_url_1.decodeBase64Url)(token.split(".")[1]));
+        const payload = exports.schema.parse((0, decode_base64_url_1.decodeBase64Url)(token.split(".")[1]));
         return {
             token,
             projectId: payload.project_id,

package/dist/utils/jwt-expiry.d.ts

@@ -0,0 +1,42 @@
+import { z } from "zod";
+import { schema } from "./get-credentials";
+export declare class OidcRefreshError extends Error {
+    name: string;
+}
+/**
+ * Expiry implementation for JWT tokens (OIDC tokens).
+ * Parses the JWT once and provides fast expiry validation.
+ */
+export declare class JwtExpiry {
+    readonly token: string;
+    private expiryTime;
+    readonly payload?: Readonly<z.infer<typeof schema>>;
+    static fromToken(token: string): JwtExpiry | null;
+    /**
+     * Creates a new JWT expiry checker.
+     *
+     * @param token - The JWT token to parse
+     */
+    constructor(token: string);
+    /**
+     * Checks if the JWT token is valid (not expired).
+     * @returns true if token is valid, false if expired or expiring soon
+     */
+    isValid(): boolean;
+    /**
+     * Gets the expiry date of the JWT token.
+     *
+     * @returns Date object representing when the token expires, or null if no expiry
+     */
+    getExpiryDate(): Date | null;
+    /**
+     * Refreshes the JWT token by fetching a new OIDC token.
+     *
+     * @returns Promise resolving to a new JwtExpiry instance with fresh token
+     */
+    refresh(): Promise<JwtExpiry>;
+    /**
+     * Refreshes the JWT token if it's expired or expiring soon.
+     */
+    tryRefresh(): Promise<JwtExpiry | null>;
+}

package/dist/utils/jwt-expiry.js

@@ -0,0 +1,105 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtExpiry = exports.OidcRefreshError = void 0;
+const decode_base64_url_1 = require("./decode-base64-url");
+const get_credentials_1 = require("./get-credentials");
+const oidc_1 = require("@vercel/oidc");
+const ms_1 = __importDefault(require("ms"));
+/** Time buffer before token expiry to consider it invalid (in milliseconds) */
+const BUFFER_MS = (0, ms_1.default)("5m");
+class OidcRefreshError extends Error {
+    constructor() {
+        super(...arguments);
+        this.name = "OidcRefreshError";
+    }
+}
+exports.OidcRefreshError = OidcRefreshError;
+/**
+ * Expiry implementation for JWT tokens (OIDC tokens).
+ * Parses the JWT once and provides fast expiry validation.
+ */
+class JwtExpiry {
+    static fromToken(token) {
+        if (!isJwtFormat(token)) {
+            return null;
+        }
+        else {
+            return new JwtExpiry(token);
+        }
+    }
+    /**
+     * Creates a new JWT expiry checker.
+     *
+     * @param token - The JWT token to parse
+     */
+    constructor(token) {
+        this.token = token;
+        try {
+            const tokenContents = token.split(".")[1];
+            this.payload = get_credentials_1.schema.parse((0, decode_base64_url_1.decodeBase64Url)(tokenContents));
+            this.expiryTime = this.payload.exp || null;
+        }
+        catch {
+            // Malformed token - treat as expired to trigger refresh
+            this.expiryTime = 0;
+        }
+    }
+    /**
+     * Checks if the JWT token is valid (not expired).
+     * @returns true if token is valid, false if expired or expiring soon
+     */
+    isValid() {
+        if (this.expiryTime === null) {
+            return false; // No expiry means malformed JWT
+        }
+        const now = Math.floor(Date.now() / 1000);
+        const buffer = BUFFER_MS / 1000;
+        return now + buffer < this.expiryTime;
+    }
+    /**
+     * Gets the expiry date of the JWT token.
+     *
+     * @returns Date object representing when the token expires, or null if no expiry
+     */
+    getExpiryDate() {
+        return this.expiryTime ? new Date(this.expiryTime * 1000) : null;
+    }
+    /**
+     * Refreshes the JWT token by fetching a new OIDC token.
+     *
+     * @returns Promise resolving to a new JwtExpiry instance with fresh token
+     */
+    async refresh() {
+        try {
+            const freshToken = await (0, oidc_1.getVercelOidcToken)();
+            return new JwtExpiry(freshToken);
+        }
+        catch (cause) {
+            throw new OidcRefreshError("Failed to refresh OIDC token", {
+                cause,
+            });
+        }
+    }
+    /**
+     * Refreshes the JWT token if it's expired or expiring soon.
+     */
+    async tryRefresh() {
+        if (this.isValid()) {
+            return null; // Still valid, no need to refresh
+        }
+        return this.refresh();
+    }
+}
+exports.JwtExpiry = JwtExpiry;
+/**
+ * Checks if a token follows JWT format (has 3 parts separated by dots).
+ *
+ * @param token - The token to check
+ * @returns true if token appears to be a JWT, false otherwise
+ */
+function isJwtFormat(token) {
+    return token.split(".").length === 3;
+}