@vercel/sandbox 1.6.0 → 1.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api-client/api-client.d.ts +57 -1
- package/dist/api-client/api-client.js +56 -11
- package/dist/api-client/api-client.js.map +1 -1
- package/dist/api-client/validators.d.ts +870 -0
- package/dist/api-client/validators.js +14 -1
- package/dist/api-client/validators.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js.map +1 -1
- package/dist/network-policy.d.ts +51 -3
- package/dist/sandbox.d.ts +49 -4
- package/dist/sandbox.js +31 -2
- package/dist/sandbox.js.map +1 -1
- package/dist/utils/get-credentials.js +5 -1
- package/dist/utils/get-credentials.js.map +1 -1
- package/dist/utils/network-policy.js +54 -4
- package/dist/utils/network-policy.js.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/package.json +2 -2
- package/dist/utils/jwt-expiry.d.ts +0 -42
- package/dist/utils/jwt-expiry.js +0 -106
- package/dist/utils/jwt-expiry.js.map +0 -1
|
@@ -1,7 +1,14 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SnapshotResponse = exports.CreateSnapshotResponse = exports.UpdateNetworkPolicyResponse = exports.ExtendTimeoutResponse = exports.SnapshotsResponse = exports.SandboxesResponse = exports.LogLine = exports.LogError = exports.LogLineStderr = exports.LogLineStdout = exports.EmptyResponse = exports.CommandFinishedResponse = exports.CommandResponse = exports.SandboxAndRoutesResponse = exports.SandboxResponse = exports.Command = exports.Pagination = exports.Snapshot = exports.SandboxRoute = exports.Sandbox = exports.NetworkPolicyValidator = void 0;
|
|
3
|
+
exports.SnapshotResponse = exports.CreateSnapshotResponse = exports.UpdateNetworkPolicyResponse = exports.ExtendTimeoutResponse = exports.SnapshotsResponse = exports.SandboxesResponse = exports.LogLine = exports.LogError = exports.LogLineStderr = exports.LogLineStdout = exports.EmptyResponse = exports.CommandFinishedResponse = exports.CommandResponse = exports.SandboxAndRoutesResponse = exports.SandboxResponse = exports.Command = exports.Pagination = exports.Snapshot = exports.SandboxRoute = exports.Sandbox = exports.NetworkPolicyValidator = exports.InjectionRuleValidator = void 0;
|
|
4
4
|
const zod_1 = require("zod");
|
|
5
|
+
exports.InjectionRuleValidator = zod_1.z.object({
|
|
6
|
+
domain: zod_1.z.string(),
|
|
7
|
+
// headers are only sent in requests
|
|
8
|
+
headers: zod_1.z.record(zod_1.z.string()).optional(),
|
|
9
|
+
// headerNames are returned in responses
|
|
10
|
+
headerNames: zod_1.z.array(zod_1.z.string()).optional(),
|
|
11
|
+
});
|
|
5
12
|
exports.NetworkPolicyValidator = zod_1.z.union([
|
|
6
13
|
zod_1.z.object({ mode: zod_1.z.literal("allow-all") }).passthrough(),
|
|
7
14
|
zod_1.z.object({ mode: zod_1.z.literal("deny-all") }).passthrough(),
|
|
@@ -11,6 +18,7 @@ exports.NetworkPolicyValidator = zod_1.z.union([
|
|
|
11
18
|
allowedDomains: zod_1.z.array(zod_1.z.string()).optional(),
|
|
12
19
|
allowedCIDRs: zod_1.z.array(zod_1.z.string()).optional(),
|
|
13
20
|
deniedCIDRs: zod_1.z.array(zod_1.z.string()).optional(),
|
|
21
|
+
injectionRules: zod_1.z.array(exports.InjectionRuleValidator).optional(),
|
|
14
22
|
})
|
|
15
23
|
.passthrough(),
|
|
16
24
|
]);
|
|
@@ -43,6 +51,11 @@ exports.Sandbox = zod_1.z.object({
|
|
|
43
51
|
updatedAt: zod_1.z.number(),
|
|
44
52
|
interactivePort: zod_1.z.number().optional(),
|
|
45
53
|
networkPolicy: exports.NetworkPolicyValidator.optional(),
|
|
54
|
+
activeCpuDurationMs: zod_1.z.number().optional(),
|
|
55
|
+
networkTransfer: zod_1.z.object({
|
|
56
|
+
ingress: zod_1.z.number(),
|
|
57
|
+
egress: zod_1.z.number(),
|
|
58
|
+
}).optional(),
|
|
46
59
|
});
|
|
47
60
|
exports.SandboxRoute = zod_1.z.object({
|
|
48
61
|
url: zod_1.z.string(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validators.js","sourceRoot":"","sources":["../../src/api-client/validators.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAIX,QAAA,sBAAsB,GAAG,OAAC,CAAC,KAAK,CAAC;IAC5C,OAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE;IACxD,OAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE;IACvD,OAAC;SACE,MAAM,CAAC;QACN,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;QACzB,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC9C,YAAY,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC5C,WAAW,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;
|
|
1
|
+
{"version":3,"file":"validators.js","sourceRoot":"","sources":["../../src/api-client/validators.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAIX,QAAA,sBAAsB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7C,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;IAClB,oCAAoC;IACpC,OAAO,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxC,wCAAwC;IACxC,WAAW,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC5C,CAAC,CAAC;AAEU,QAAA,sBAAsB,GAAG,OAAC,CAAC,KAAK,CAAC;IAC5C,OAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE;IACxD,OAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE;IACvD,OAAC;SACE,MAAM,CAAC;QACN,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;QACzB,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC9C,YAAY,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC5C,WAAW,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC3C,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,8BAAsB,CAAC,CAAC,QAAQ,EAAE;KAC3D,CAAC;SACD,WAAW,EAAE;CACjB,CAAC,CAAC;AAEU,QAAA,OAAO,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9B,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE;IACd,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;IAClB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;IAClB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;IACnB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;IACnB,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC;QACb,SAAS;QACT,SAAS;QACT,UAAU;QACV,SAAS;QACT,QAAQ;QACR,SAAS;QACT,cAAc;KACf,CAAC;IACF,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE;IACvB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACvC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,aAAa,EAAE,8BAAsB,CAAC,QAAQ,EAAE;IAChD,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C,eAAe,EAAE,OAAC,CAAC,MAAM,CAAC;QACxB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;QACnB,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;KACnB,CAAC,CAAC,QAAQ,EAAE;CACd,CAAC,CAAC;AAIU,QAAA,YAAY,GAAG,OAAC,CAAC,MAAM,CAAC;IACnC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAIU,QAAA,QAAQ,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/B,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE;IACd,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE;IAC3B,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;IAClB,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAChD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC;AAEU,QAAA,UAAU,GAAG,OAAC,CAAC,MAAM,CAAC;IACjC;;;OAGG;IACH,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB;;;OAGG;IACH,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B;;;OAGG;IACH,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAIU,QAAA,OAAO,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9B,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;IAChB,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IACzB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,eAAO,CAAC,MAAM,CAAC;IACrC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;CACrB,CAAC,CAAC;AAEU,QAAA,eAAe,GAAG,OAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,eAAO;CACjB,CAAC,CAAC;AAEU,QAAA,wBAAwB,GAAG,uBAAe,CAAC,MAAM,CAAC;IAC7D,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,oBAAY,CAAC;CAC9B,CAAC,CAAC;AAEU,QAAA,eAAe,GAAG,OAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,eAAO;CACjB,CAAC,CAAC;AAIU,QAAA,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9C,OAAO,EAAE,eAAe;CACzB,CAAC,CAAC;AAEU,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAE1C,MAAM,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACtC,QAAA,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC;IAC9C,MAAM,EAAE,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;CAC5B,CAAC,CAAC;AACU,QAAA,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC;IAC9C,MAAM,EAAE,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;CAC5B,CAAC,CAAC;AAEU,QAAA,QAAQ,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/B,MAAM,EAAE,OAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAC1B,IAAI,EAAE,OAAC,CAAC,MAAM,CAAC;QACb,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;QAChB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;KACpB,CAAC;CACH,CAAC,CAAC;AAEU,QAAA,OAAO,GAAG,OAAC,CAAC,kBAAkB,CAAC,QAAQ,EAAE;IACpD,qBAAa;IACb,qBAAa;IACb,gBAAQ;CACT,CAAC,CAAC;AAEU,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,eAAO,CAAC;IAC3B,UAAU,EAAE,kBAAU;CACvB,CAAC,CAAC;AAEU,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,gBAAQ,CAAC;IAC5B,UAAU,EAAE,kBAAU;CACvB,CAAC,CAAC;AAEU,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,OAAO,EAAE,eAAO;CACjB,CAAC,CAAC;AAEU,QAAA,2BAA2B,GAAG,OAAC,CAAC,MAAM,CAAC;IAClD,OAAO,EAAE,eAAO;CACjB,CAAC,CAAC;AAEU,QAAA,sBAAsB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7C,QAAQ,EAAE,gBAAQ;IAClB,OAAO,EAAE,eAAO;CACjB,CAAC,CAAC;AAEU,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IACvC,QAAQ,EAAE,gBAAQ;CACnB,CAAC,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { Sandbox, type NetworkPolicy } from "./sandbox";
|
|
1
|
+
export { Sandbox, type NetworkPolicy, type NetworkPolicyRule, type NetworkTransformer, } from "./sandbox";
|
|
2
2
|
export { Snapshot } from "./snapshot";
|
|
3
3
|
export { Command, CommandFinished } from "./command";
|
|
4
4
|
export { StreamError } from "./api-client/api-error";
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,qCAKmB;AAJjB,kGAAA,OAAO,OAAA;AAKT,uCAAsC;AAA7B,oGAAA,QAAQ,OAAA;AACjB,qCAAqD;AAA5C,kGAAA,OAAO,OAAA;AAAE,0GAAA,eAAe,OAAA;AACjC,oDAAqD;AAA5C,wGAAA,WAAW,OAAA;AACpB,oDAAkD;AAAzC,qGAAA,QAAQ,OAAA"}
|
package/dist/network-policy.d.ts
CHANGED
|
@@ -1,3 +1,22 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* A transform applied to network requests matching a domain rule.
|
|
3
|
+
*
|
|
4
|
+
* @example
|
|
5
|
+
* {
|
|
6
|
+
* headers: { authorization: "Bearer sk-..." }
|
|
7
|
+
* }
|
|
8
|
+
*/
|
|
9
|
+
export type NetworkTransformer = {
|
|
10
|
+
/** Headers to set on the outgoing request. */
|
|
11
|
+
headers?: Record<string, string>;
|
|
12
|
+
};
|
|
13
|
+
/**
|
|
14
|
+
* A rule applied to requests matching a domain in the network policy.
|
|
15
|
+
*/
|
|
16
|
+
export type NetworkPolicyRule = {
|
|
17
|
+
/** Transforms to apply to matching requests. */
|
|
18
|
+
transform?: NetworkTransformer[];
|
|
19
|
+
};
|
|
1
20
|
/**
|
|
2
21
|
* Network policy to define network restrictions for the sandbox.
|
|
3
22
|
*
|
|
@@ -14,7 +33,7 @@
|
|
|
14
33
|
* "deny-all"
|
|
15
34
|
*
|
|
16
35
|
* @example
|
|
17
|
-
* // Custom access with specific domains
|
|
36
|
+
* // Custom access with specific domains (simple list)
|
|
18
37
|
* // All traffic not explicitly allowed is denied.
|
|
19
38
|
* {
|
|
20
39
|
* allow: ["*.npmjs.org", "github.com"],
|
|
@@ -23,13 +42,42 @@
|
|
|
23
42
|
* deny: ["10.1.0.0/16"]
|
|
24
43
|
* }
|
|
25
44
|
* }
|
|
45
|
+
*
|
|
46
|
+
* @example
|
|
47
|
+
* // Custom access with specific domains (record form)
|
|
48
|
+
* {
|
|
49
|
+
* allow: {
|
|
50
|
+
* "*.npmjs.org": [],
|
|
51
|
+
* "github.com": [],
|
|
52
|
+
* }
|
|
53
|
+
* }
|
|
54
|
+
*
|
|
55
|
+
* @example
|
|
56
|
+
* // Custom access with request transformers
|
|
57
|
+
* {
|
|
58
|
+
* allow: {
|
|
59
|
+
* "ai-gateway.vercel.sh": [
|
|
60
|
+
* {
|
|
61
|
+
* transform: [{
|
|
62
|
+
* headers: { authorization: "Bearer ..." }
|
|
63
|
+
* }]
|
|
64
|
+
* }
|
|
65
|
+
* ],
|
|
66
|
+
* "*": []
|
|
67
|
+
* }
|
|
68
|
+
* }
|
|
26
69
|
*/
|
|
27
70
|
export type NetworkPolicy = "allow-all" | "deny-all" | {
|
|
28
71
|
/**
|
|
29
|
-
*
|
|
72
|
+
* Domains to allow traffic to.
|
|
30
73
|
* Use "*" prefix for wildcard matching (e.g., "*.npmjs.org").
|
|
74
|
+
*
|
|
75
|
+
* Accepts either:
|
|
76
|
+
* - `string[]`: A simple list of domains to allow.
|
|
77
|
+
* - `Record<string, NetworkPolicyRule[]>`: A map of domains to rules.
|
|
78
|
+
* An empty array allows traffic with no additional rules.
|
|
31
79
|
*/
|
|
32
|
-
allow?: string[]
|
|
80
|
+
allow?: string[] | Record<string, NetworkPolicyRule[]>;
|
|
33
81
|
/**
|
|
34
82
|
* Subnet-level access control using CIDR notation.
|
|
35
83
|
*/
|
package/dist/sandbox.d.ts
CHANGED
|
@@ -7,8 +7,9 @@ import { WithPrivate } from "./utils/types";
|
|
|
7
7
|
import { WithFetchOptions } from "./api-client/api-client";
|
|
8
8
|
import { RUNTIMES } from "./constants";
|
|
9
9
|
import { Snapshot } from "./snapshot";
|
|
10
|
-
import { type NetworkPolicy } from "./network-policy";
|
|
11
|
-
|
|
10
|
+
import { type NetworkPolicy, type NetworkPolicyRule, type NetworkTransformer } from "./network-policy";
|
|
11
|
+
import { type ConvertedSandbox } from "./utils/convert-sandbox";
|
|
12
|
+
export type { NetworkPolicy, NetworkPolicyRule, NetworkTransformer };
|
|
12
13
|
/** @inline */
|
|
13
14
|
export interface BaseCreateSandboxParams {
|
|
14
15
|
/**
|
|
@@ -163,6 +164,17 @@ export declare class Sandbox {
|
|
|
163
164
|
* If the sandbox was created from a snapshot, the ID of that snapshot.
|
|
164
165
|
*/
|
|
165
166
|
get sourceSnapshotId(): string | undefined;
|
|
167
|
+
/**
|
|
168
|
+
* The amount of CPU used by the sandbox. Only reported once the VM is stopped.
|
|
169
|
+
*/
|
|
170
|
+
get activeCpuUsageMs(): number | undefined;
|
|
171
|
+
/**
|
|
172
|
+
* The amount of network data used by the sandbox. Only reported once the VM is stopped.
|
|
173
|
+
*/
|
|
174
|
+
get networkTransfer(): {
|
|
175
|
+
ingress: number;
|
|
176
|
+
egress: number;
|
|
177
|
+
} | undefined;
|
|
166
178
|
/**
|
|
167
179
|
* Internal metadata about this sandbox.
|
|
168
180
|
*/
|
|
@@ -202,7 +214,25 @@ export declare class Sandbox {
|
|
|
202
214
|
allowedDomains: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString, "many">>;
|
|
203
215
|
allowedCIDRs: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString, "many">>;
|
|
204
216
|
deniedCIDRs: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString, "many">>;
|
|
217
|
+
injectionRules: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodObject<{
|
|
218
|
+
domain: import("zod").ZodString;
|
|
219
|
+
headers: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodString>>;
|
|
220
|
+
headerNames: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString, "many">>;
|
|
221
|
+
}, "strip", import("zod").ZodTypeAny, {
|
|
222
|
+
domain: string;
|
|
223
|
+
headers?: Record<string, string> | undefined;
|
|
224
|
+
headerNames?: string[] | undefined;
|
|
225
|
+
}, {
|
|
226
|
+
domain: string;
|
|
227
|
+
headers?: Record<string, string> | undefined;
|
|
228
|
+
headerNames?: string[] | undefined;
|
|
229
|
+
}>, "many">>;
|
|
205
230
|
}, import("zod").ZodTypeAny, "passthrough"> | undefined;
|
|
231
|
+
activeCpuDurationMs?: number | undefined;
|
|
232
|
+
networkTransfer?: {
|
|
233
|
+
ingress: number;
|
|
234
|
+
egress: number;
|
|
235
|
+
} | undefined;
|
|
206
236
|
}[];
|
|
207
237
|
pagination: {
|
|
208
238
|
count: number;
|
|
@@ -369,11 +399,13 @@ export declare class Sandbox {
|
|
|
369
399
|
*
|
|
370
400
|
* @param opts - Optional parameters.
|
|
371
401
|
* @param opts.signal - An AbortSignal to cancel the operation.
|
|
372
|
-
* @
|
|
402
|
+
* @param opts.blocking - If true, poll until the sandbox has fully stopped and return the final state.
|
|
403
|
+
* @returns The sandbox metadata at the time the stop was acknowledged, or after fully stopped if `blocking` is true.
|
|
373
404
|
*/
|
|
374
405
|
stop(opts?: {
|
|
375
406
|
signal?: AbortSignal;
|
|
376
|
-
|
|
407
|
+
blocking?: boolean;
|
|
408
|
+
}): Promise<ConvertedSandbox>;
|
|
377
409
|
/**
|
|
378
410
|
* Update the network policy for this sandbox.
|
|
379
411
|
*
|
|
@@ -389,6 +421,19 @@ export declare class Sandbox {
|
|
|
389
421
|
* });
|
|
390
422
|
*
|
|
391
423
|
* @example
|
|
424
|
+
* // Inject credentials with per-domain transformers
|
|
425
|
+
* await sandbox.updateNetworkPolicy({
|
|
426
|
+
* allow: {
|
|
427
|
+
* "ai-gateway.vercel.sh": [{
|
|
428
|
+
* transform: [{
|
|
429
|
+
* headers: { authorization: "Bearer ..." }
|
|
430
|
+
* }]
|
|
431
|
+
* }],
|
|
432
|
+
* "*": []
|
|
433
|
+
* }
|
|
434
|
+
* });
|
|
435
|
+
*
|
|
436
|
+
* @example
|
|
392
437
|
* // Deny all network access
|
|
393
438
|
* await sandbox.updateNetworkPolicy("deny-all");
|
|
394
439
|
*/
|
package/dist/sandbox.js
CHANGED
|
@@ -58,6 +58,18 @@ class Sandbox {
|
|
|
58
58
|
get sourceSnapshotId() {
|
|
59
59
|
return this.sandbox.sourceSnapshotId;
|
|
60
60
|
}
|
|
61
|
+
/**
|
|
62
|
+
* The amount of CPU used by the sandbox. Only reported once the VM is stopped.
|
|
63
|
+
*/
|
|
64
|
+
get activeCpuUsageMs() {
|
|
65
|
+
return this.sandbox.activeCpuDurationMs;
|
|
66
|
+
}
|
|
67
|
+
/**
|
|
68
|
+
* The amount of network data used by the sandbox. Only reported once the VM is stopped.
|
|
69
|
+
*/
|
|
70
|
+
get networkTransfer() {
|
|
71
|
+
return this.sandbox.networkTransfer;
|
|
72
|
+
}
|
|
61
73
|
/**
|
|
62
74
|
* Allow to get a list of sandboxes for a team narrowed to the given params.
|
|
63
75
|
* It returns both the sandboxes and the pagination metadata to allow getting
|
|
@@ -370,13 +382,17 @@ class Sandbox {
|
|
|
370
382
|
*
|
|
371
383
|
* @param opts - Optional parameters.
|
|
372
384
|
* @param opts.signal - An AbortSignal to cancel the operation.
|
|
373
|
-
* @
|
|
385
|
+
* @param opts.blocking - If true, poll until the sandbox has fully stopped and return the final state.
|
|
386
|
+
* @returns The sandbox metadata at the time the stop was acknowledged, or after fully stopped if `blocking` is true.
|
|
374
387
|
*/
|
|
375
388
|
async stop(opts) {
|
|
376
|
-
await this.client.stopSandbox({
|
|
389
|
+
const response = await this.client.stopSandbox({
|
|
377
390
|
sandboxId: this.sandbox.id,
|
|
378
391
|
signal: opts?.signal,
|
|
392
|
+
blocking: opts?.blocking,
|
|
379
393
|
});
|
|
394
|
+
this.sandbox = (0, convert_sandbox_1.convertSandbox)(response.json.sandbox);
|
|
395
|
+
return this.sandbox;
|
|
380
396
|
}
|
|
381
397
|
/**
|
|
382
398
|
* Update the network policy for this sandbox.
|
|
@@ -393,6 +409,19 @@ class Sandbox {
|
|
|
393
409
|
* });
|
|
394
410
|
*
|
|
395
411
|
* @example
|
|
412
|
+
* // Inject credentials with per-domain transformers
|
|
413
|
+
* await sandbox.updateNetworkPolicy({
|
|
414
|
+
* allow: {
|
|
415
|
+
* "ai-gateway.vercel.sh": [{
|
|
416
|
+
* transform: [{
|
|
417
|
+
* headers: { authorization: "Bearer ..." }
|
|
418
|
+
* }]
|
|
419
|
+
* }],
|
|
420
|
+
* "*": []
|
|
421
|
+
* }
|
|
422
|
+
* });
|
|
423
|
+
*
|
|
424
|
+
* @example
|
|
396
425
|
* // Deny all network access
|
|
397
426
|
* await sandbox.updateNetworkPolicy("deny-all");
|
|
398
427
|
*/
|
package/dist/sandbox.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../src/sandbox.ts"],"names":[],"mappings":";;;AAEA,8CAA2C;AAC3C,2BAAuC;AACvC,0CAAoC;AACpC,+BAAwC;AACxC,6CAAyC;AACzC,uCAAqD;AACrD,6DAA2E;AAC3E,yCAA8D;AAG9D,yCAAsC;AACtC,+DAA2D;
|
|
1
|
+
{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../src/sandbox.ts"],"names":[],"mappings":";;;AAEA,8CAA2C;AAC3C,2BAAuC;AACvC,0CAAoC;AACpC,+BAAwC;AACxC,6CAAyC;AACzC,uCAAqD;AACrD,6DAA2E;AAC3E,yCAA8D;AAG9D,yCAAsC;AACtC,+DAA2D;AAM3D,6DAAgF;AA4HhF;;;;;GAKG;AACH,MAAa,OAAO;IASlB;;OAEG;IACH,IAAW,SAAS;QAClB,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;IACzB,CAAC;IAED,IAAW,eAAe;QACxB,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,SAAS,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,IAAW,SAAS;QAClB,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,IAAW,OAAO;QAChB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,IAAW,aAAa;QACtB,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,IAAW,gBAAgB;QACzB,OAAO,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,IAAW,gBAAgB;QACzB,OAAO,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,IAAW,eAAe;QACxB,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC;IACtC,CAAC;IAOD;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,IAAI,CACf,MAEkB;QAElB,MAAM,WAAW,GAAG,MAAM,IAAA,gCAAc,EAAC,MAAM,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,IAAI,sBAAS,CAAC;YAC3B,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,KAAK,EAAE,WAAW,CAAC,KAAK;YACxB,KAAK,EAAE,MAAM,EAAE,KAAK;SACrB,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,aAAa,CAAC;YAC1B,GAAG,WAAW;YACd,GAAG,MAAM;SACV,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM,CACjB,MAGkB;QAElB,MAAM,WAAW,GAAG,MAAM,IAAA,gCAAc,EAAC,MAAM,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,IAAI,sBAAS,CAAC;YAC3B,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,KAAK,EAAE,WAAW,CAAC,KAAK;YACxB,KAAK,EAAE,MAAM,EAAE,KAAK;SACrB,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,IAAA,wBAAgB,EAAC,MAAM,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC;YACzC,MAAM,EAAE,MAAM,EAAE,MAAM;YACtB,SAAS,EAAE,WAAW,CAAC,SAAS;YAChC,KAAK,EAAE,MAAM,EAAE,KAAK,IAAI,EAAE;YAC1B,OAAO,EAAE,MAAM,EAAE,OAAO;YACxB,SAAS,EAAE,MAAM,EAAE,SAAS;YAC5B,OAAO,EAAE,MAAM,IAAI,SAAS,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,SAAS;YACpE,aAAa,EAAE,MAAM,EAAE,aAAa;YACpC,MAAM,EAAE,MAAM,EAAE,MAAM;YACtB,GAAG,aAAa;SACjB,CAAC,CAAC;QAEH,OAAO,IAAI,iBAAiB,CAAC;YAC3B,MAAM;YACN,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO;YAC7B,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM;SAC5B,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,GAAG,CACd,MACkB;QAElB,MAAM,WAAW,GAAG,MAAM,IAAA,gCAAc,EAAC,MAAM,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,IAAI,sBAAS,CAAC;YAC3B,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,KAAK,EAAE,WAAW,CAAC,KAAK;YACxB,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,IAAA,wBAAgB,EAAC,MAAM,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC;YACtC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,GAAG,aAAa;SACjB,CAAC,CAAC;QAEH,OAAO,IAAI,OAAO,CAAC;YACjB,MAAM;YACN,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO;YAC7B,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,YAAY,EACV,MAAM,EACN,MAAM,EACN,OAAO,GAKR;QACC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,IAAA,gCAAc,EAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,UAAU,CACd,KAAa,EACb,IAA+B;QAE/B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC;YAC3C,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,KAAK;YACL,MAAM,EAAE,IAAI,EAAE,MAAM;SACrB,CAAC,CAAC;QAEH,OAAO,IAAI,iBAAO,CAAC;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO;SAC1B,CAAC,CAAC;IACL,CAAC;IAmCD,KAAK,CAAC,UAAU,CACd,eAA0C,EAC1C,IAAe,EACf,IAA+B;QAE/B,OAAO,OAAO,eAAe,KAAK,QAAQ;YACxC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,GAAG,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;YACxE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,CAAC;IACxC,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,WAAW,CAAC,MAAwB;QACxC,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5C,MAAM,OAAO,GAAG,CAAC,OAAgB,EAAE,EAAE;YACnC,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBACnC,CAAC,KAAK,IAAI,EAAE;oBACV,IAAI,CAAC;wBACH,IAAI,KAAK,EAAE,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;4BAChE,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gCAC5B,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;4BACjC,CAAC;iCAAM,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gCACnC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;4BACjC,CAAC;wBACH,CAAC;oBACH,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;4BAC3B,OAAO;wBACT,CAAC;wBACD,MAAM,GAAG,CAAC;oBACZ,CAAC;gBACH,CAAC,CAAC,EAAE,CAAC;YACP,CAAC;QACH,CAAC,CAAA;QAED,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC;gBACjD,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;gBAC1B,OAAO,EAAE,MAAM,CAAC,GAAG;gBACnB,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,EAAE;gBACvB,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,GAAG,EAAE,MAAM,CAAC,GAAG,IAAI,EAAE;gBACrB,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,KAAK;gBAC1B,IAAI,EAAE,IAAI;gBACV,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,IAAI,iBAAO,CAAC;gBAC1B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;gBAC1B,GAAG,EAAE,aAAa,CAAC,OAAO;aAC3B,CAAC,CAAC;YAEH,OAAO,CAAC,OAAO,CAAC,CAAC;YAEjB,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC;YAC9C,OAAO,IAAI,yBAAe,CAAC;gBACzB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;gBAC1B,GAAG,EAAE,QAAQ;gBACb,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC;YACnD,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,OAAO,EAAE,MAAM,CAAC,GAAG;YACnB,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,EAAE;YACvB,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,GAAG,EAAE,MAAM,CAAC,GAAG,IAAI,EAAE;YACrB,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,KAAK;YAC1B,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,IAAI,iBAAO,CAAC;YAC1B,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,GAAG,EAAE,eAAe,CAAC,IAAI,CAAC,OAAO;SAClC,CAAC,CAAC;QAEH,OAAO,CAAC,OAAO,CAAC,CAAC;QAEjB,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,KAAK,CAAC,IAAY,EAAE,IAA+B;QACvD,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;YACtB,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,IAAI,EAAE,IAAI;YACV,MAAM,EAAE,IAAI,EAAE,MAAM;SACrB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CACZ,IAAoC,EACpC,IAA+B;QAE/B,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;YAC1B,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM,EAAE,IAAI,EAAE,MAAM;SACrB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,gBAAgB,CACpB,IAAoC,EACpC,IAA+B;QAE/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;YACxC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM,EAAE,IAAI,EAAE,MAAM;SACrB,CAAC,CAAC;QAEH,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAA,kCAAe,EAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,GAAmC,EACnC,GAAmC,EACnC,IAAyD;QAEzD,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;YACxC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,MAAM,EAAE,IAAI,EAAE,MAAM;SACrB,CAAC,CAAC;QAEH,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAA,cAAO,EAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YACjD,IAAI,IAAI,EAAE,cAAc,EAAE,CAAC;gBACzB,MAAM,IAAA,gBAAK,EAAC,IAAA,cAAO,EAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACrD,CAAC;YACD,MAAM,IAAA,mBAAQ,EAAC,MAAM,EAAE,IAAA,sBAAiB,EAAC,OAAO,CAAC,EAAE;gBACjD,MAAM,EAAE,IAAI,EAAE,MAAM;aACrB,CAAC,CAAC;YACH,OAAO,OAAO,CAAC;QACjB,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,OAAO,EAAE,CAAA;QAClB,CAAC;IACH,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,UAAU,CACd,KAA0C,EAC1C,IAA+B;QAE/B,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC;YAC5B,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG;YACrB,UAAU,EAAE,GAAG;YACf,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,IAAI,EAAE,MAAM;SACrB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,CAAS;QACd,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;QACxD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,WAAW,KAAK,CAAC,SAAS,aAAa,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,IAAI,CAAC,IAAmD;QAC5D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;YAC7C,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,MAAM,EAAE,IAAI,EAAE,MAAM;YACpB,QAAQ,EAAE,IAAI,EAAE,QAAQ;SACzB,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,GAAG,IAAA,gCAAc,EAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACH,KAAK,CAAC,mBAAmB,CACvB,aAA4B,EAC5B,IAA+B;QAE/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;YACrD,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,aAAa,EAAE,aAAa;YAC5B,MAAM,EAAE,IAAI,EAAE,MAAM;SACrB,CAAC,CAAC;QAEH,kEAAkE;QAClE,IAAI,CAAC,OAAO,GAAG,IAAA,gCAAc,EAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,aAAc,CAAC;IACrC,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,KAAK,CAAC,aAAa,CACjB,QAAgB,EAChB,IAA+B;QAE/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;YAC/C,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,QAAQ;YACR,MAAM,EAAE,IAAI,EAAE,MAAM;SACrB,CAAC,CAAC;QAEH,kEAAkE;QAClE,IAAI,CAAC,OAAO,GAAG,IAAA,gCAAc,EAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvD,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,QAAQ,CAAC,IAGd;QACC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;YAChD,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YAC1B,UAAU,EAAE,IAAI,EAAE,UAAU;YAC5B,MAAM,EAAE,IAAI,EAAE,MAAM;SACrB,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,GAAG,IAAA,gCAAc,EAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAErD,OAAO,IAAI,mBAAQ,CAAC;YAClB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ;SACjC,CAAC,CAAC;IACL,CAAC;CACF;AA5lBD,0BA4lBC;AAED;;;;;;;;GAQG;AACH,MAAM,iBAAkB,SAAQ,OAAO;IACrC,KAAK,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC;QACzB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;CACF"}
|
|
@@ -42,7 +42,11 @@ class VercelOidcContextError extends Error {
|
|
|
42
42
|
exports.VercelOidcContextError = VercelOidcContextError;
|
|
43
43
|
async function getVercelToken(opts) {
|
|
44
44
|
try {
|
|
45
|
-
|
|
45
|
+
const token = await (0, oidc_1.getVercelOidcToken)({
|
|
46
|
+
team: opts.teamId,
|
|
47
|
+
project: opts.projectId,
|
|
48
|
+
});
|
|
49
|
+
return getCredentialsFromOIDCToken(token);
|
|
46
50
|
}
|
|
47
51
|
catch (error) {
|
|
48
52
|
if (!(0, dev_credentials_1.shouldPromptForCredentials)()) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-credentials.js","sourceRoot":"","sources":["../../src/utils/get-credentials.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"get-credentials.js","sourceRoot":"","sources":["../../src/utils/get-credentials.ts"],"names":[],"mappings":";;;AA0FA,wCAwBC;AAlHD,uCAAkD;AAClD,2DAAsD;AACtD,6BAAwB;AACxB,uDAG2B;AAkB3B;;;GAGG;AACH,MAAa,qBAAsB,SAAQ,KAAK;IAE9C,YAAY,KAAc;QACxB,MAAM,OAAO,GAAG;YACd,8CAA8C;YAC9C,0DAA0D;YAC1D,6DAA6D;YAC7D,YAAY;YACZ,8FAA8F;SAC/F,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,KAAK,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAT5B,SAAI,GAAG,uBAAuB,CAAC;IAU/B,CAAC;CACF;AAZD,sDAYC;AAED;;;GAGG;AACH,MAAa,sBAAuB,SAAQ,KAAK;IAE/C,YAAY,KAAc;QACxB,MAAM,OAAO,GAAG;YACd,8CAA8C;YAC9C,kDAAkD;YAClD,uCAAuC;SACxC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,KAAK,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAP5B,SAAI,GAAG,wBAAwB,CAAC;IAQhC,CAAC;CACF;AAVD,wDAUC;AAED,KAAK,UAAU,cAAc,CAAC,IAG7B;IACC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,IAAA,yBAAkB,EAAC;YACrC,IAAI,EAAE,IAAI,CAAC,MAAM;YACjB,OAAO,EAAE,IAAI,CAAC,SAAS;SACxB,CAAC,CAAC;QACH,OAAO,2BAA2B,CAAC,KAAK,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,IAAA,4CAA0B,GAAE,EAAE,CAAC;YAClC,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC;gBAC3B,MAAM,IAAI,sBAAsB,CAAC,KAAK,CAAC,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QACD,OAAO,MAAM,IAAA,2CAAyB,EAAC,IAAI,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACI,KAAK,UAAU,cAAc,CAAC,MAAgB;IACnD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IAC3D,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC;QACrC,MAAM,EACJ,MAAM;YACN,OAAO,MAAM,KAAK,QAAQ;YAC1B,QAAQ,IAAI,MAAM;YAClB,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ;YAC/B,CAAC,CAAC,MAAM,CAAC,MAAM;YACf,CAAC,CAAC,SAAS;QACf,SAAS,EACP,MAAM;YACN,OAAO,MAAM,KAAK,QAAQ;YAC1B,WAAW,IAAI,MAAM;YACrB,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ;YAClC,CAAC,CAAC,MAAM,CAAC,SAAS;YAClB,CAAC,CAAC,SAAS;KAChB,CAAC,CAAC;IAEH,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;GAIG;AACH,SAAS,wBAAwB,CAAC,MAAe;IAC/C,uCAAuC;IACvC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,OAAO,GAAG;QACd,OAAO,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO;QACtE,QAAQ,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ;QACzE,WAAW,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ;YAC3D,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,WAAW;KAChB,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC;IAEpC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,KAAK,EAAG,MAAc,CAAC,KAAK;YAC5B,SAAS,EAAG,MAAc,CAAC,SAAS;YACpC,MAAM,EAAG,MAAc,CAAC,MAAM;SAC/B,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACb,4DAA4D,OAAO;aAChE,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,IAAI,CAAC;aACjC,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACU,QAAA,MAAM,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;IAC7E,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC1D,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;CACvB,CAAC,CAAC;AAEH;;;;;;;GAOG;AACH,SAAS,2BAA2B,CAAC,KAAa;IAChD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,cAAM,CAAC,KAAK,CAAC,IAAA,mCAAe,EAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACnE,OAAO;YACL,KAAK;YACL,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,MAAM,EAAE,OAAO,CAAC,QAAQ;SACzB,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACvF,CAAC;IACJ,CAAC;AACH,CAAC"}
|
|
@@ -7,6 +7,28 @@ function toAPINetworkPolicy(policy) {
|
|
|
7
7
|
return { mode: "allow-all" };
|
|
8
8
|
if (policy === "deny-all")
|
|
9
9
|
return { mode: "deny-all" };
|
|
10
|
+
if (policy.allow && !Array.isArray(policy.allow)) {
|
|
11
|
+
const allowedDomains = Object.keys(policy.allow);
|
|
12
|
+
const injectionRules = [];
|
|
13
|
+
for (const [domain, rules] of Object.entries(policy.allow)) {
|
|
14
|
+
const merged = {};
|
|
15
|
+
for (const rule of rules) {
|
|
16
|
+
for (const t of rule.transform ?? []) {
|
|
17
|
+
Object.assign(merged, t.headers);
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
if (Object.keys(merged).length > 0) {
|
|
21
|
+
injectionRules.push({ domain, headers: merged });
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
return {
|
|
25
|
+
mode: "custom",
|
|
26
|
+
...(allowedDomains.length > 0 && { allowedDomains }),
|
|
27
|
+
...(injectionRules.length > 0 && { injectionRules }),
|
|
28
|
+
...(policy.subnets?.allow && { allowedCIDRs: policy.subnets.allow }),
|
|
29
|
+
...(policy.subnets?.deny && { deniedCIDRs: policy.subnets.deny }),
|
|
30
|
+
};
|
|
31
|
+
}
|
|
10
32
|
return {
|
|
11
33
|
mode: "custom",
|
|
12
34
|
...(policy.allow && { allowedDomains: policy.allow }),
|
|
@@ -19,14 +41,42 @@ function fromAPINetworkPolicy(api) {
|
|
|
19
41
|
return "allow-all";
|
|
20
42
|
if (api.mode === "deny-all")
|
|
21
43
|
return "deny-all";
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
...((api.allowedCIDRs || api.deniedCIDRs) && {
|
|
44
|
+
const subnets = (api.allowedCIDRs || api.deniedCIDRs)
|
|
45
|
+
? {
|
|
25
46
|
subnets: {
|
|
26
47
|
...(api.allowedCIDRs && { allow: api.allowedCIDRs }),
|
|
27
48
|
...(api.deniedCIDRs && { deny: api.deniedCIDRs }),
|
|
28
49
|
},
|
|
29
|
-
}
|
|
50
|
+
}
|
|
51
|
+
: undefined;
|
|
52
|
+
// If injectionRules are present, reconstruct the record form.
|
|
53
|
+
// The API returns headerNames (secret values are stripped), so we
|
|
54
|
+
// populate each header value with "<redacted>".
|
|
55
|
+
if (api.injectionRules && api.injectionRules.length > 0) {
|
|
56
|
+
const rulesByDomain = new Map(api.injectionRules.map((r) => [r.domain, r.headerNames ?? []]));
|
|
57
|
+
const allow = {};
|
|
58
|
+
for (const domain of api.allowedDomains ?? []) {
|
|
59
|
+
const headerNames = rulesByDomain.get(domain);
|
|
60
|
+
if (headerNames && headerNames.length > 0) {
|
|
61
|
+
const headers = Object.fromEntries(headerNames.map((n) => [n, "<redacted>"]));
|
|
62
|
+
allow[domain] = [{ transform: [{ headers }] }];
|
|
63
|
+
}
|
|
64
|
+
else {
|
|
65
|
+
allow[domain] = [];
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
// Include injection rules for domains not in allowedDomains
|
|
69
|
+
for (const rule of api.injectionRules) {
|
|
70
|
+
if (!(rule.domain in allow)) {
|
|
71
|
+
const headers = Object.fromEntries((rule.headerNames ?? []).map((n) => [n, "<redacted>"]));
|
|
72
|
+
allow[rule.domain] = [{ transform: [{ headers }] }];
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
return { allow, ...subnets };
|
|
76
|
+
}
|
|
77
|
+
return {
|
|
78
|
+
...(api.allowedDomains && { allow: api.allowedDomains }),
|
|
79
|
+
...subnets,
|
|
30
80
|
};
|
|
31
81
|
}
|
|
32
82
|
//# sourceMappingURL=network-policy.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"network-policy.js","sourceRoot":"","sources":["../../src/utils/network-policy.ts"],"names":[],"mappings":";;AAMA,
|
|
1
|
+
{"version":3,"file":"network-policy.js","sourceRoot":"","sources":["../../src/utils/network-policy.ts"],"names":[],"mappings":";;AAMA,gDAmCC;AAED,oDAgDC;AArFD,SAAgB,kBAAkB,CAAC,MAAqB;IACtD,IAAI,MAAM,KAAK,WAAW;QAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;IACzD,IAAI,MAAM,KAAK,UAAU;QAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;IAEvD,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QACjD,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,cAAc,GAA6C,EAAE,CAAC;QAEpE,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3D,MAAM,MAAM,GAA2B,EAAE,CAAC;YAC1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,SAAS,IAAI,EAAE,EAAE,CAAC;oBACrC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC;gBACnC,CAAC;YACH,CAAC;YACD,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACnC,cAAc,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QAED,OAAO;YACL,IAAI,EAAE,QAAQ;YACd,GAAG,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,cAAc,EAAE,CAAC;YACpD,GAAG,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,cAAc,EAAE,CAAC;YACpD,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE,YAAY,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACpE,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;SAClE,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,cAAc,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;QACrD,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE,YAAY,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACpE,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;KAClE,CAAC;AACJ,CAAC;AAED,SAAgB,oBAAoB,CAAC,GAAqB;IACxD,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW;QAAE,OAAO,WAAW,CAAC;IACjD,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU;QAAE,OAAO,UAAU,CAAC;IAE/C,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,WAAW,CAAC;QACnD,CAAC,CAAC;YACE,OAAO,EAAE;gBACP,GAAG,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,YAAY,EAAE,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC;aAClD;SACF;QACH,CAAC,CAAC,SAAS,CAAC;IAEd,8DAA8D;IAC9D,kEAAkE;IAClE,gDAAgD;IAChD,IAAI,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxD,MAAM,aAAa,GAAG,IAAI,GAAG,CAC3B,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,CAC/D,CAAC;QAEF,MAAM,KAAK,GAAwC,EAAE,CAAC;QACtD,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,cAAc,IAAI,EAAE,EAAE,CAAC;YAC9C,MAAM,WAAW,GAAG,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC9C,IAAI,WAAW,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1C,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC;gBAC9E,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YACrB,CAAC;QACH,CAAC;QACD,4DAA4D;QAC5D,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;YACtC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,CAChC,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CACvD,CAAC;gBACF,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC;IAC/B,CAAC;IAED,OAAO;QACL,GAAG,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,cAAc,EAAE,CAAC;QACxD,GAAG,OAAO;KACX,CAAC;AACJ,CAAC"}
|
package/dist/version.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export declare const VERSION = "1.
|
|
1
|
+
export declare const VERSION = "1.7.1";
|
package/dist/version.js
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vercel/sandbox",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.7.1",
|
|
4
4
|
"description": "Software Development Kit for Vercel Sandbox",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -22,7 +22,7 @@
|
|
|
22
22
|
},
|
|
23
23
|
"license": "Apache-2.0",
|
|
24
24
|
"dependencies": {
|
|
25
|
-
"@vercel/oidc": "
|
|
25
|
+
"@vercel/oidc": "3.2.0",
|
|
26
26
|
"async-retry": "1.3.3",
|
|
27
27
|
"jsonlines": "0.1.1",
|
|
28
28
|
"ms": "2.1.3",
|
|
@@ -1,42 +0,0 @@
|
|
|
1
|
-
import { z } from "zod";
|
|
2
|
-
import { schema } from "./get-credentials";
|
|
3
|
-
export declare class OidcRefreshError extends Error {
|
|
4
|
-
name: string;
|
|
5
|
-
}
|
|
6
|
-
/**
|
|
7
|
-
* Expiry implementation for JWT tokens (OIDC tokens).
|
|
8
|
-
* Parses the JWT once and provides fast expiry validation.
|
|
9
|
-
*/
|
|
10
|
-
export declare class JwtExpiry {
|
|
11
|
-
readonly token: string;
|
|
12
|
-
private expiryTime;
|
|
13
|
-
readonly payload?: Readonly<z.infer<typeof schema>>;
|
|
14
|
-
static fromToken(token: string): JwtExpiry | null;
|
|
15
|
-
/**
|
|
16
|
-
* Creates a new JWT expiry checker.
|
|
17
|
-
*
|
|
18
|
-
* @param token - The JWT token to parse
|
|
19
|
-
*/
|
|
20
|
-
constructor(token: string);
|
|
21
|
-
/**
|
|
22
|
-
* Checks if the JWT token is valid (not expired).
|
|
23
|
-
* @returns true if token is valid, false if expired or expiring soon
|
|
24
|
-
*/
|
|
25
|
-
isValid(): boolean;
|
|
26
|
-
/**
|
|
27
|
-
* Gets the expiry date of the JWT token.
|
|
28
|
-
*
|
|
29
|
-
* @returns Date object representing when the token expires, or null if no expiry
|
|
30
|
-
*/
|
|
31
|
-
getExpiryDate(): Date | null;
|
|
32
|
-
/**
|
|
33
|
-
* Refreshes the JWT token by fetching a new OIDC token.
|
|
34
|
-
*
|
|
35
|
-
* @returns Promise resolving to a new JwtExpiry instance with fresh token
|
|
36
|
-
*/
|
|
37
|
-
refresh(): Promise<JwtExpiry>;
|
|
38
|
-
/**
|
|
39
|
-
* Refreshes the JWT token if it's expired or expiring soon.
|
|
40
|
-
*/
|
|
41
|
-
tryRefresh(): Promise<JwtExpiry | null>;
|
|
42
|
-
}
|
package/dist/utils/jwt-expiry.js
DELETED
|
@@ -1,106 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.JwtExpiry = exports.OidcRefreshError = void 0;
|
|
7
|
-
const decode_base64_url_1 = require("./decode-base64-url");
|
|
8
|
-
const get_credentials_1 = require("./get-credentials");
|
|
9
|
-
const oidc_1 = require("@vercel/oidc");
|
|
10
|
-
const ms_1 = __importDefault(require("ms"));
|
|
11
|
-
/** Time buffer before token expiry to consider it invalid (in milliseconds) */
|
|
12
|
-
const BUFFER_MS = (0, ms_1.default)("5m");
|
|
13
|
-
class OidcRefreshError extends Error {
|
|
14
|
-
constructor() {
|
|
15
|
-
super(...arguments);
|
|
16
|
-
this.name = "OidcRefreshError";
|
|
17
|
-
}
|
|
18
|
-
}
|
|
19
|
-
exports.OidcRefreshError = OidcRefreshError;
|
|
20
|
-
/**
|
|
21
|
-
* Expiry implementation for JWT tokens (OIDC tokens).
|
|
22
|
-
* Parses the JWT once and provides fast expiry validation.
|
|
23
|
-
*/
|
|
24
|
-
class JwtExpiry {
|
|
25
|
-
static fromToken(token) {
|
|
26
|
-
if (!isJwtFormat(token)) {
|
|
27
|
-
return null;
|
|
28
|
-
}
|
|
29
|
-
else {
|
|
30
|
-
return new JwtExpiry(token);
|
|
31
|
-
}
|
|
32
|
-
}
|
|
33
|
-
/**
|
|
34
|
-
* Creates a new JWT expiry checker.
|
|
35
|
-
*
|
|
36
|
-
* @param token - The JWT token to parse
|
|
37
|
-
*/
|
|
38
|
-
constructor(token) {
|
|
39
|
-
this.token = token;
|
|
40
|
-
try {
|
|
41
|
-
const tokenContents = token.split(".")[1];
|
|
42
|
-
this.payload = get_credentials_1.schema.parse((0, decode_base64_url_1.decodeBase64Url)(tokenContents));
|
|
43
|
-
this.expiryTime = this.payload.exp || null;
|
|
44
|
-
}
|
|
45
|
-
catch {
|
|
46
|
-
// Malformed token - treat as expired to trigger refresh
|
|
47
|
-
this.expiryTime = 0;
|
|
48
|
-
}
|
|
49
|
-
}
|
|
50
|
-
/**
|
|
51
|
-
* Checks if the JWT token is valid (not expired).
|
|
52
|
-
* @returns true if token is valid, false if expired or expiring soon
|
|
53
|
-
*/
|
|
54
|
-
isValid() {
|
|
55
|
-
if (this.expiryTime === null) {
|
|
56
|
-
return false; // No expiry means malformed JWT
|
|
57
|
-
}
|
|
58
|
-
const now = Math.floor(Date.now() / 1000);
|
|
59
|
-
const buffer = BUFFER_MS / 1000;
|
|
60
|
-
return now + buffer < this.expiryTime;
|
|
61
|
-
}
|
|
62
|
-
/**
|
|
63
|
-
* Gets the expiry date of the JWT token.
|
|
64
|
-
*
|
|
65
|
-
* @returns Date object representing when the token expires, or null if no expiry
|
|
66
|
-
*/
|
|
67
|
-
getExpiryDate() {
|
|
68
|
-
return this.expiryTime ? new Date(this.expiryTime * 1000) : null;
|
|
69
|
-
}
|
|
70
|
-
/**
|
|
71
|
-
* Refreshes the JWT token by fetching a new OIDC token.
|
|
72
|
-
*
|
|
73
|
-
* @returns Promise resolving to a new JwtExpiry instance with fresh token
|
|
74
|
-
*/
|
|
75
|
-
async refresh() {
|
|
76
|
-
try {
|
|
77
|
-
const freshToken = await (0, oidc_1.getVercelOidcToken)();
|
|
78
|
-
return new JwtExpiry(freshToken);
|
|
79
|
-
}
|
|
80
|
-
catch (cause) {
|
|
81
|
-
throw new OidcRefreshError("Failed to refresh OIDC token", {
|
|
82
|
-
cause,
|
|
83
|
-
});
|
|
84
|
-
}
|
|
85
|
-
}
|
|
86
|
-
/**
|
|
87
|
-
* Refreshes the JWT token if it's expired or expiring soon.
|
|
88
|
-
*/
|
|
89
|
-
async tryRefresh() {
|
|
90
|
-
if (this.isValid()) {
|
|
91
|
-
return null; // Still valid, no need to refresh
|
|
92
|
-
}
|
|
93
|
-
return this.refresh();
|
|
94
|
-
}
|
|
95
|
-
}
|
|
96
|
-
exports.JwtExpiry = JwtExpiry;
|
|
97
|
-
/**
|
|
98
|
-
* Checks if a token follows JWT format (has 3 parts separated by dots).
|
|
99
|
-
*
|
|
100
|
-
* @param token - The token to check
|
|
101
|
-
* @returns true if token appears to be a JWT, false otherwise
|
|
102
|
-
*/
|
|
103
|
-
function isJwtFormat(token) {
|
|
104
|
-
return token.split(".").length === 3;
|
|
105
|
-
}
|
|
106
|
-
//# sourceMappingURL=jwt-expiry.js.map
|