@vercel/sandbox 1.9.0 → 1.9.1

package/dist/sandbox.js

@@ -1,515 +1,542 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Sandbox = void 0;
-const promises_1 = require("stream/promises");
-const fs_1 = require("fs");
-const promises_2 = require("fs/promises");
-const path_1 = require("path");
-const api_client_1 = require("./api-client");
-const command_1 = require("./command");
-const get_credentials_1 = require("./utils/get-credentials");
-const types_1 = require("./utils/types");
-const snapshot_1 = require("./snapshot");
-const consume_readable_1 = require("./utils/consume-readable");
-const convert_sandbox_1 = require("./utils/convert-sandbox");
+import { consumeReadable } from "./utils/consume-readable.js";
+import { getPrivateParams } from "./utils/types.js";
+import { APIClient } from "./api-client/api-client.js";
+import "./api-client/index.js";
+import { getCredentials } from "./utils/get-credentials.js";
+import { Command, CommandFinished } from "./command.js";
+import { Snapshot } from "./snapshot.js";
+import { toSandboxSnapshot } from "./utils/sandbox-snapshot.js";
+import { WORKFLOW_DESERIALIZE, WORKFLOW_SERIALIZE } from "@workflow/serde";
+import { createWriteStream } from "fs";
+import { mkdir } from "fs/promises";
+import { dirname, resolve } from "path";
+import { pipeline } from "stream/promises";
+
+//#region src/sandbox.ts
 /**
- * A Sandbox is an isolated Linux MicroVM to run commands in.
- *
- * Use {@link Sandbox.create} or {@link Sandbox.get} to construct.
- * @hideconstructor
- */
-class Sandbox {
-    /**
-     * Unique ID of this sandbox.
-     */
-    get sandboxId() {
-        return this.sandbox.id;
-    }
-    get interactivePort() {
-        return this.sandbox.interactivePort ?? undefined;
-    }
-    /**
-     * The status of the sandbox.
-     */
-    get status() {
-        return this.sandbox.status;
-    }
-    /**
-     * The creation date of the sandbox.
-     */
-    get createdAt() {
-        return new Date(this.sandbox.createdAt);
-    }
-    /**
-     * The timeout of the sandbox in milliseconds.
-     */
-    get timeout() {
-        return this.sandbox.timeout;
-    }
-    /**
-     * The network policy of the sandbox.
-     */
-    get networkPolicy() {
-        return this.sandbox.networkPolicy;
-    }
-    /**
-     * If the sandbox was created from a snapshot, the ID of that snapshot.
-     */
-    get sourceSnapshotId() {
-        return this.sandbox.sourceSnapshotId;
-    }
-    /**
-     * The amount of CPU used by the sandbox. Only reported once the VM is stopped.
-     */
-    get activeCpuUsageMs() {
-        return this.sandbox.activeCpuDurationMs;
-    }
-    /**
-     * The amount of network data used by the sandbox. Only reported once the VM is stopped.
-     */
-    get networkTransfer() {
-        return this.sandbox.networkTransfer;
-    }
-    /**
-     * Allow to get a list of sandboxes for a team narrowed to the given params.
-     * It returns both the sandboxes and the pagination metadata to allow getting
-     * the next page of results.
-     */
-    static async list(params) {
-        const credentials = await (0, get_credentials_1.getCredentials)(params);
-        const client = new api_client_1.APIClient({
-            teamId: credentials.teamId,
-            token: credentials.token,
-            fetch: params?.fetch,
-        });
-        return client.listSandboxes({
-            ...credentials,
-            ...params,
-        });
-    }
-    /**
-     * Create a new sandbox.
-     *
-     * @param params - Creation parameters and optional credentials.
-     * @returns A promise resolving to the created {@link Sandbox}.
-     * @example
-     * <caption>Create a sandbox and drop it in the end of the block</caption>
-     * async function fn() {
-     *   await using const sandbox = await Sandbox.create();
-     *   // Sandbox automatically stopped at the end of the lexical scope
-     * }
-     */
-    static async create(params) {
-        const credentials = await (0, get_credentials_1.getCredentials)(params);
-        const client = new api_client_1.APIClient({
-            teamId: credentials.teamId,
-            token: credentials.token,
-            fetch: params?.fetch,
-        });
-        const privateParams = (0, types_1.getPrivateParams)(params);
-        const sandbox = await client.createSandbox({
-            source: params?.source,
-            projectId: credentials.projectId,
-            ports: params?.ports ?? [],
-            timeout: params?.timeout,
-            resources: params?.resources,
-            runtime: params && "runtime" in params ? params?.runtime : undefined,
-            networkPolicy: params?.networkPolicy,
-            env: params?.env,
-            signal: params?.signal,
-            ...privateParams,
-        });
-        return new DisposableSandbox({
-            client,
-            sandbox: sandbox.json.sandbox,
-            routes: sandbox.json.routes,
-        });
-    }
-    /**
-     * Retrieve an existing sandbox.
-     *
-     * @param params - Get parameters and optional credentials.
-     * @returns A promise resolving to the {@link Sandbox}.
-     */
-    static async get(params) {
-        const credentials = await (0, get_credentials_1.getCredentials)(params);
-        const client = new api_client_1.APIClient({
-            teamId: credentials.teamId,
-            token: credentials.token,
-            fetch: params.fetch,
-        });
-        const privateParams = (0, types_1.getPrivateParams)(params);
-        const sandbox = await client.getSandbox({
-            sandboxId: params.sandboxId,
-            signal: params.signal,
-            ...privateParams,
-        });
-        return new Sandbox({
-            client,
-            sandbox: sandbox.json.sandbox,
-            routes: sandbox.json.routes,
-        });
-    }
-    constructor({ client, routes, sandbox, }) {
-        this.client = client;
-        this.routes = routes;
-        this.sandbox = (0, convert_sandbox_1.convertSandbox)(sandbox);
-    }
-    /**
-     * Get a previously run command by its ID.
-     *
-     * @param cmdId - ID of the command to retrieve
-     * @param opts - Optional parameters.
-     * @param opts.signal - An AbortSignal to cancel the operation.
-     * @returns A {@link Command} instance representing the command
-     */
-    async getCommand(cmdId, opts) {
-        const command = await this.client.getCommand({
-            sandboxId: this.sandbox.id,
-            cmdId,
-            signal: opts?.signal,
-        });
-        return new command_1.Command({
-            client: this.client,
-            sandboxId: this.sandbox.id,
-            cmd: command.json.command,
-        });
-    }
-    async runCommand(commandOrParams, args, opts) {
-        return typeof commandOrParams === "string"
-            ? this._runCommand({ cmd: commandOrParams, args, signal: opts?.signal })
-            : this._runCommand(commandOrParams);
-    }
-    /**
-     * Internal helper to start a command in the sandbox.
-     *
-     * @param params - Command execution parameters.
-     * @returns A {@link Command} or {@link CommandFinished}, depending on `detached`.
-     * @internal
-     */
-    async _runCommand(params) {
-        const wait = params.detached ? false : true;
-        const pipeLogs = async (command) => {
-            if (!params.stdout && !params.stderr) {
-                return;
-            }
-            try {
-                for await (const log of command.logs({ signal: params.signal })) {
-                    if (log.stream === "stdout") {
-                        params.stdout?.write(log.data);
-                    }
-                    else if (log.stream === "stderr") {
-                        params.stderr?.write(log.data);
-                    }
-                }
-            }
-            catch (err) {
-                if (params.signal?.aborted) {
-                    return;
-                }
-                throw err;
-            }
-        };
-        if (wait) {
-            const commandStream = await this.client.runCommand({
-                sandboxId: this.sandbox.id,
-                command: params.cmd,
-                args: params.args ?? [],
-                cwd: params.cwd,
-                env: params.env ?? {},
-                sudo: params.sudo ?? false,
-                wait: true,
-                signal: params.signal,
-            });
-            const command = new command_1.Command({
-                client: this.client,
-                sandboxId: this.sandbox.id,
-                cmd: commandStream.command,
-            });
-            const [finished] = await Promise.all([
-                commandStream.finished,
-                pipeLogs(command),
-            ]);
-            return new command_1.CommandFinished({
-                client: this.client,
-                sandboxId: this.sandbox.id,
-                cmd: finished,
-                exitCode: finished.exitCode ?? 0,
-            });
-        }
-        const commandResponse = await this.client.runCommand({
-            sandboxId: this.sandbox.id,
-            command: params.cmd,
-            args: params.args ?? [],
-            cwd: params.cwd,
-            env: params.env ?? {},
-            sudo: params.sudo ?? false,
-            signal: params.signal,
-        });
-        const command = new command_1.Command({
-            client: this.client,
-            sandboxId: this.sandbox.id,
-            cmd: commandResponse.json.command,
-        });
-        void pipeLogs(command).catch((err) => {
-            if (params.signal?.aborted) {
-                return;
-            }
-            (params.stderr ?? params.stdout)?.emit('error', err);
-        });
-        return command;
-    }
-    /**
-     * Create a directory in the filesystem of this sandbox.
-     *
-     * @param path - Path of the directory to create
-     * @param opts - Optional parameters.
-     * @param opts.signal - An AbortSignal to cancel the operation.
-     */
-    async mkDir(path, opts) {
-        await this.client.mkDir({
-            sandboxId: this.sandbox.id,
-            path: path,
-            signal: opts?.signal,
-        });
-    }
-    /**
-     * Read a file from the filesystem of this sandbox as a stream.
-     *
-     * @param file - File to read, with path and optional cwd
-     * @param opts - Optional parameters.
-     * @param opts.signal - An AbortSignal to cancel the operation.
-     * @returns A promise that resolves to a ReadableStream containing the file contents, or null if file not found
-     */
-    async readFile(file, opts) {
-        return this.client.readFile({
-            sandboxId: this.sandbox.id,
-            path: file.path,
-            cwd: file.cwd,
-            signal: opts?.signal,
-        });
-    }
-    /**
-     * Read a file from the filesystem of this sandbox as a Buffer.
-     *
-     * @param file - File to read, with path and optional cwd
-     * @param opts - Optional parameters.
-     * @param opts.signal - An AbortSignal to cancel the operation.
-     * @returns A promise that resolves to the file contents as a Buffer, or null if file not found
-     */
-    async readFileToBuffer(file, opts) {
-        const stream = await this.client.readFile({
-            sandboxId: this.sandbox.id,
-            path: file.path,
-            cwd: file.cwd,
-            signal: opts?.signal,
-        });
-        if (stream === null) {
-            return null;
-        }
-        return (0, consume_readable_1.consumeReadable)(stream);
-    }
-    /**
-     * Download a file from the sandbox to the local filesystem.
-     *
-     * @param src - Source file on the sandbox, with path and optional cwd
-     * @param dst - Destination file on the local machine, with path and optional cwd
-     * @param opts - Optional parameters.
-     * @param opts.mkdirRecursive - If true, create parent directories for the destination if they don't exist.
-     * @param opts.signal - An AbortSignal to cancel the operation.
-     * @returns The absolute path to the written file, or null if the source file was not found
-     */
-    async downloadFile(src, dst, opts) {
-        if (!src?.path) {
-            throw new Error("downloadFile: source path is required");
-        }
-        if (!dst?.path) {
-            throw new Error("downloadFile: destination path is required");
-        }
-        const stream = await this.client.readFile({
-            sandboxId: this.sandbox.id,
-            path: src.path,
-            cwd: src.cwd,
-            signal: opts?.signal,
-        });
-        if (stream === null) {
-            return null;
-        }
-        try {
-            const dstPath = (0, path_1.resolve)(dst.cwd ?? "", dst.path);
-            if (opts?.mkdirRecursive) {
-                await (0, promises_2.mkdir)((0, path_1.dirname)(dstPath), { recursive: true });
-            }
-            await (0, promises_1.pipeline)(stream, (0, fs_1.createWriteStream)(dstPath), {
-                signal: opts?.signal,
-            });
-            return dstPath;
-        }
-        finally {
-            stream.destroy();
-        }
-    }
-    /**
-     * Write files to the filesystem of this sandbox.
-     * Defaults to writing to /vercel/sandbox unless an absolute path is specified.
-     * Writes files using the `vercel-sandbox` user.
-     *
-     * @param files - Array of files with path, content, and optional mode (permissions)
-     * @param opts - Optional parameters.
-     * @param opts.signal - An AbortSignal to cancel the operation.
-     * @returns A promise that resolves when the files are written
-     *
-     * @example
-     * // Write an executable script
-     * await sandbox.writeFiles([
-     *   { path: "/usr/local/bin/myscript", content: Buffer.from("#!/bin/bash\necho hello"), mode: 0o755 }
-     * ]);
-     */
-    async writeFiles(files, opts) {
-        return this.client.writeFiles({
-            sandboxId: this.sandbox.id,
-            cwd: this.sandbox.cwd,
-            extractDir: "/",
-            files: files,
-            signal: opts?.signal,
-        });
-    }
-    /**
-     * Get the public domain of a port of this sandbox.
-     *
-     * @param p - Port number to resolve
-     * @returns A full domain (e.g. `https://subdomain.vercel.run`)
-     * @throws If the port has no associated route
-     */
-    domain(p) {
-        const route = this.routes.find(({ port }) => port == p);
-        if (route) {
-            return `https://${route.subdomain}.vercel.run`;
-        }
-        else {
-            throw new Error(`No route for port ${p}`);
-        }
-    }
-    /**
-     * Stop the sandbox.
-     *
-     * @param opts - Optional parameters.
-     * @param opts.signal - An AbortSignal to cancel the operation.
-     * @param opts.blocking - If true, poll until the sandbox has fully stopped and return the final state.
-     * @returns The sandbox metadata at the time the stop was acknowledged, or after fully stopped if `blocking` is true.
-     */
-    async stop(opts) {
-        const response = await this.client.stopSandbox({
-            sandboxId: this.sandbox.id,
-            signal: opts?.signal,
-            blocking: opts?.blocking,
-        });
-        this.sandbox = (0, convert_sandbox_1.convertSandbox)(response.json.sandbox);
-        return this.sandbox;
-    }
-    /**
-     * Update the network policy for this sandbox.
-     *
-     * @param networkPolicy - The new network policy to apply.
-     * @param opts - Optional parameters.
-     * @param opts.signal - An AbortSignal to cancel the operation.
-     * @returns A promise that resolves when the network policy is updated.
-     *
-     * @example
-     * // Restrict to specific domains
-     * await sandbox.updateNetworkPolicy({
-     *   allow: ["*.npmjs.org", "github.com"],
-     * });
-     *
-     * @example
-     * // Inject credentials with per-domain transformers
-     * await sandbox.updateNetworkPolicy({
-     *   allow: {
-     *     "ai-gateway.vercel.sh": [{
-     *       transform: [{
-     *         headers: { authorization: "Bearer ..." }
-     *       }]
-     *     }],
-     *     "*": []
-     *   }
-     * });
-     *
-     * @example
-     * // Deny all network access
-     * await sandbox.updateNetworkPolicy("deny-all");
-     */
-    async updateNetworkPolicy(networkPolicy, opts) {
-        const response = await this.client.updateNetworkPolicy({
-            sandboxId: this.sandbox.id,
-            networkPolicy: networkPolicy,
-            signal: opts?.signal,
-        });
-        // Update the internal sandbox metadata with the new timeout value
-        this.sandbox = (0, convert_sandbox_1.convertSandbox)(response.json.sandbox);
-        return this.sandbox.networkPolicy;
-    }
-    /**
-     * Extend the timeout of the sandbox by the specified duration.
-     *
-     * This allows you to extend the lifetime of a sandbox up until the maximum
-     * execution timeout for your plan.
-     *
-     * @param duration - The duration in milliseconds to extend the timeout by
-     * @param opts - Optional parameters.
-     * @param opts.signal - An AbortSignal to cancel the operation.
-     * @returns A promise that resolves when the timeout is extended
-     *
-     * @example
-     * const sandbox = await Sandbox.create({ timeout: ms('10m') });
-     * // Extends timeout by 5 minutes, to a total of 15 minutes.
-     * await sandbox.extendTimeout(ms('5m'));
-     */
-    async extendTimeout(duration, opts) {
-        const response = await this.client.extendTimeout({
-            sandboxId: this.sandbox.id,
-            duration,
-            signal: opts?.signal,
-        });
-        // Update the internal sandbox metadata with the new timeout value
-        this.sandbox = (0, convert_sandbox_1.convertSandbox)(response.json.sandbox);
-    }
-    /**
-     * Create a snapshot from this currently running sandbox. New sandboxes can
-     * then be created from this snapshot using {@link Sandbox.createFromSnapshot}.
-     *
-     * Note: this sandbox will be stopped as part of the snapshot creation process.
-     *
-     * @param opts - Optional parameters.
-     * @param opts.expiration - Optional expiration time in milliseconds. Use 0 for no expiration at all.
-     * @param opts.signal - An AbortSignal to cancel the operation.
-     * @returns A promise that resolves to the Snapshot instance
-     */
-    async snapshot(opts) {
-        const response = await this.client.createSnapshot({
-            sandboxId: this.sandbox.id,
-            expiration: opts?.expiration,
-            signal: opts?.signal,
-        });
-        this.sandbox = (0, convert_sandbox_1.convertSandbox)(response.json.sandbox);
-        return new snapshot_1.Snapshot({
-            client: this.client,
-            snapshot: response.json.snapshot,
-        });
-    }
-}
-exports.Sandbox = Sandbox;
+* A Sandbox is an isolated Linux MicroVM to run commands in.
+*
+* Use {@link Sandbox.create} or {@link Sandbox.get} to construct.
+* @hideconstructor
+*/
+var Sandbox = class Sandbox {
+	/**
+	* Lazily resolve credentials and construct an API client.
+	* This is used in step contexts where the Sandbox was deserialized
+	* without a client (e.g. when crossing workflow/step boundaries).
+	* Uses getCredentials() which resolves from OIDC or env vars.
+	* @internal
+	*/
+	async ensureClient() {
+		"use step";
+		if (this._client) return this._client;
+		const credentials = await getCredentials();
+		this._client = new APIClient({
+			teamId: credentials.teamId,
+			token: credentials.token
+		});
+		return this._client;
+	}
+	/**
+	* Unique ID of this sandbox.
+	*/
+	get sandboxId() {
+		return this.sandbox.id;
+	}
+	get interactivePort() {
+		return this.sandbox.interactivePort ?? void 0;
+	}
+	/**
+	* The status of the sandbox.
+	*/
+	get status() {
+		return this.sandbox.status;
+	}
+	/**
+	* The creation date of the sandbox.
+	*/
+	get createdAt() {
+		return new Date(this.sandbox.createdAt);
+	}
+	/**
+	* The timeout of the sandbox in milliseconds.
+	*/
+	get timeout() {
+		return this.sandbox.timeout;
+	}
+	/**
+	* The network policy of the sandbox.
+	*/
+	get networkPolicy() {
+		return this.sandbox.networkPolicy;
+	}
+	/**
+	* If the sandbox was created from a snapshot, the ID of that snapshot.
+	*/
+	get sourceSnapshotId() {
+		return this.sandbox.sourceSnapshotId;
+	}
+	/**
+	* The amount of CPU used by the sandbox. Only reported once the VM is stopped.
+	*/
+	get activeCpuUsageMs() {
+		return this.sandbox.activeCpuDurationMs;
+	}
+	/**
+	* The amount of network data used by the sandbox. Only reported once the VM is stopped.
+	*/
+	get networkTransfer() {
+		return this.sandbox.networkTransfer;
+	}
+	/**
+	* Allow to get a list of sandboxes for a team narrowed to the given params.
+	* It returns both the sandboxes and the pagination metadata to allow getting
+	* the next page of results.
+	*/
+	static async list(params) {
+		"use step";
+		const credentials = await getCredentials(params);
+		return new APIClient({
+			teamId: credentials.teamId,
+			token: credentials.token,
+			fetch: params?.fetch
+		}).listSandboxes({
+			...credentials,
+			...params
+		});
+	}
+	/**
+	* Serialize a Sandbox instance to plain data for @workflow/serde.
+	*
+	* @param instance - The Sandbox instance to serialize
+	* @returns A plain object containing sandbox metadata and routes
+	*/
+	static [WORKFLOW_SERIALIZE](instance) {
+		return {
+			metadata: instance.sandbox,
+			routes: instance.routes
+		};
+	}
+	/**
+	* Deserialize a Sandbox from serialized snapshot data.
+	*
+	* The deserialized instance uses the serialized metadata synchronously and
+	* lazily creates an API client only when methods perform API requests.
+	*
+	* @param data - The serialized sandbox data
+	* @returns The reconstructed Sandbox instance
+	*/
+	static [WORKFLOW_DESERIALIZE](data) {
+		return new Sandbox({
+			sandbox: data.metadata,
+			routes: data.routes
+		});
+	}
+	/**
+	* Create a new sandbox.
+	*
+	* @param params - Creation parameters and optional credentials.
+	* @returns A promise resolving to the created {@link Sandbox}.
+	* @example
+	* <caption>Create a sandbox and drop it in the end of the block</caption>
+	* async function fn() {
+	*   await using const sandbox = await Sandbox.create();
+	*   // Sandbox automatically stopped at the end of the lexical scope
+	* }
+	*/
+	static async create(params) {
+		"use step";
+		const credentials = await getCredentials(params);
+		const client = new APIClient({
+			teamId: credentials.teamId,
+			token: credentials.token,
+			fetch: params?.fetch
+		});
+		const privateParams = getPrivateParams(params);
+		const sandbox = await client.createSandbox({
+			source: params?.source,
+			projectId: credentials.projectId,
+			ports: params?.ports ?? [],
+			timeout: params?.timeout,
+			resources: params?.resources,
+			runtime: params && "runtime" in params ? params?.runtime : void 0,
+			networkPolicy: params?.networkPolicy,
+			env: params?.env,
+			signal: params?.signal,
+			...privateParams
+		});
+		return new DisposableSandbox({
+			client,
+			sandbox: toSandboxSnapshot(sandbox.json.sandbox),
+			routes: sandbox.json.routes
+		});
+	}
+	/**
+	* Retrieve an existing sandbox.
+	*
+	* @param params - Get parameters and optional credentials.
+	* @returns A promise resolving to the {@link Sandbox}.
+	*/
+	static async get(params) {
+		"use step";
+		const credentials = await getCredentials(params);
+		const client = new APIClient({
+			teamId: credentials.teamId,
+			token: credentials.token,
+			fetch: params.fetch
+		});
+		const privateParams = getPrivateParams(params);
+		const sandbox = await client.getSandbox({
+			sandboxId: params.sandboxId,
+			signal: params.signal,
+			...privateParams
+		});
+		return new Sandbox({
+			client,
+			sandbox: toSandboxSnapshot(sandbox.json.sandbox),
+			routes: sandbox.json.routes
+		});
+	}
+	/**
+	* Create a new Sandbox instance.
+	*
+	* @param params.client - Optional API client. If not provided, will be lazily created using global credentials.
+	* @param params.routes - Port-to-subdomain mappings for exposed ports
+	* @param params.sandbox - Sandbox snapshot metadata
+	*/
+	constructor({ client, routes, sandbox }) {
+		this._client = null;
+		this._client = client ?? null;
+		this.routes = routes;
+		this.sandbox = sandbox;
+	}
+	/**
+	* Get a previously run command by its ID.
+	*
+	* @param cmdId - ID of the command to retrieve
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns A {@link Command} instance representing the command
+	*/
+	async getCommand(cmdId, opts) {
+		"use step";
+		const client = await this.ensureClient();
+		const command = await client.getCommand({
+			sandboxId: this.sandbox.id,
+			cmdId,
+			signal: opts?.signal
+		});
+		return new Command({
+			client,
+			sandboxId: this.sandbox.id,
+			cmd: command.json.command
+		});
+	}
+	async runCommand(commandOrParams, args, opts) {
+		"use step";
+		const client = await this.ensureClient();
+		const params = typeof commandOrParams === "string" ? {
+			cmd: commandOrParams,
+			args,
+			signal: opts?.signal
+		} : commandOrParams;
+		const wait = params.detached ? false : true;
+		const pipeLogs = async (command$1) => {
+			if (!params.stdout && !params.stderr) return;
+			try {
+				for await (const log of command$1.logs({ signal: params.signal })) if (log.stream === "stdout") params.stdout?.write(log.data);
+				else if (log.stream === "stderr") params.stderr?.write(log.data);
+			} catch (err) {
+				if (params.signal?.aborted) return;
+				throw err;
+			}
+		};
+		if (wait) {
+			const commandStream = await client.runCommand({
+				sandboxId: this.sandbox.id,
+				command: params.cmd,
+				args: params.args ?? [],
+				cwd: params.cwd,
+				env: params.env ?? {},
+				sudo: params.sudo ?? false,
+				wait: true,
+				signal: params.signal
+			});
+			const command$1 = new Command({
+				client,
+				sandboxId: this.sandbox.id,
+				cmd: commandStream.command
+			});
+			const [finished] = await Promise.all([commandStream.finished, pipeLogs(command$1)]);
+			return new CommandFinished({
+				client,
+				sandboxId: this.sandbox.id,
+				cmd: finished,
+				exitCode: finished.exitCode ?? 0
+			});
+		}
+		const commandResponse = await client.runCommand({
+			sandboxId: this.sandbox.id,
+			command: params.cmd,
+			args: params.args ?? [],
+			cwd: params.cwd,
+			env: params.env ?? {},
+			sudo: params.sudo ?? false,
+			signal: params.signal
+		});
+		const command = new Command({
+			client,
+			sandboxId: this.sandbox.id,
+			cmd: commandResponse.json.command
+		});
+		pipeLogs(command).catch((err) => {
+			if (params.signal?.aborted) return;
+			(params.stderr ?? params.stdout)?.emit("error", err);
+		});
+		return command;
+	}
+	/**
+	* Create a directory in the filesystem of this sandbox.
+	*
+	* @param path - Path of the directory to create
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	*/
+	async mkDir(path$1, opts) {
+		"use step";
+		await (await this.ensureClient()).mkDir({
+			sandboxId: this.sandbox.id,
+			path: path$1,
+			signal: opts?.signal
+		});
+	}
+	/**
+	* Read a file from the filesystem of this sandbox as a stream.
+	*
+	* @param file - File to read, with path and optional cwd
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns A promise that resolves to a ReadableStream containing the file contents, or null if file not found
+	*/
+	async readFile(file, opts) {
+		"use step";
+		return (await this.ensureClient()).readFile({
+			sandboxId: this.sandbox.id,
+			path: file.path,
+			cwd: file.cwd,
+			signal: opts?.signal
+		});
+	}
+	/**
+	* Read a file from the filesystem of this sandbox as a Buffer.
+	*
+	* @param file - File to read, with path and optional cwd
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns A promise that resolves to the file contents as a Buffer, or null if file not found
+	*/
+	async readFileToBuffer(file, opts) {
+		"use step";
+		const stream = await (await this.ensureClient()).readFile({
+			sandboxId: this.sandbox.id,
+			path: file.path,
+			cwd: file.cwd,
+			signal: opts?.signal
+		});
+		if (stream === null) return null;
+		return consumeReadable(stream);
+	}
+	/**
+	* Download a file from the sandbox to the local filesystem.
+	*
+	* @param src - Source file on the sandbox, with path and optional cwd
+	* @param dst - Destination file on the local machine, with path and optional cwd
+	* @param opts - Optional parameters.
+	* @param opts.mkdirRecursive - If true, create parent directories for the destination if they don't exist.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns The absolute path to the written file, or null if the source file was not found
+	*/
+	async downloadFile(src, dst, opts) {
+		"use step";
+		const client = await this.ensureClient();
+		if (!src?.path) throw new Error("downloadFile: source path is required");
+		if (!dst?.path) throw new Error("downloadFile: destination path is required");
+		const stream = await client.readFile({
+			sandboxId: this.sandbox.id,
+			path: src.path,
+			cwd: src.cwd,
+			signal: opts?.signal
+		});
+		if (stream === null) return null;
+		try {
+			const dstPath = resolve(dst.cwd ?? "", dst.path);
+			if (opts?.mkdirRecursive) await mkdir(dirname(dstPath), { recursive: true });
+			await pipeline(stream, createWriteStream(dstPath), { signal: opts?.signal });
+			return dstPath;
+		} finally {
+			stream.destroy();
+		}
+	}
+	/**
+	* Write files to the filesystem of this sandbox.
+	* Defaults to writing to /vercel/sandbox unless an absolute path is specified.
+	* Writes files using the `vercel-sandbox` user.
+	*
+	* @param files - Array of files with path, content, and optional mode (permissions)
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns A promise that resolves when the files are written
+	*
+	* @example
+	* // Write an executable script
+	* await sandbox.writeFiles([
+	*   { path: "/usr/local/bin/myscript", content: "#!/bin/bash\necho hello", mode: 0o755 }
+	* ]);
+	*/
+	async writeFiles(files, opts) {
+		"use step";
+		return (await this.ensureClient()).writeFiles({
+			sandboxId: this.sandbox.id,
+			cwd: this.sandbox.cwd,
+			extractDir: "/",
+			files,
+			signal: opts?.signal
+		});
+	}
+	/**
+	* Get the public domain of a port of this sandbox.
+	*
+	* @param p - Port number to resolve
+	* @returns A full domain (e.g. `https://subdomain.vercel.run`)
+	* @throws If the port has no associated route
+	*/
+	domain(p) {
+		const route = this.routes.find(({ port }) => port == p);
+		if (route) return `https://${route.subdomain}.vercel.run`;
+		else throw new Error(`No route for port ${p}`);
+	}
+	/**
+	* Stop the sandbox.
+	*
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @param opts.blocking - If true, poll until the sandbox has fully stopped and return the final state.
+	* @returns The sandbox metadata at the time the stop was acknowledged, or after fully stopped if `blocking` is true.
+	*/
+	async stop(opts) {
+		"use step";
+		this.sandbox = toSandboxSnapshot((await (await this.ensureClient()).stopSandbox({
+			sandboxId: this.sandbox.id,
+			signal: opts?.signal,
+			blocking: opts?.blocking
+		})).json.sandbox);
+		return this.sandbox;
+	}
+	/**
+	* Update the network policy for this sandbox.
+	*
+	* @param networkPolicy - The new network policy to apply.
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns A promise that resolves when the network policy is updated.
+	*
+	* @example
+	* // Restrict to specific domains
+	* await sandbox.updateNetworkPolicy({
+	*   allow: ["*.npmjs.org", "github.com"],
+	* });
+	*
+	* @example
+	* // Inject credentials with per-domain transformers
+	* await sandbox.updateNetworkPolicy({
+	*   allow: {
+	*     "ai-gateway.vercel.sh": [{
+	*       transform: [{
+	*         headers: { authorization: "Bearer ..." }
+	*       }]
+	*     }],
+	*     "*": []
+	*   }
+	* });
+	*
+	* @example
+	* // Deny all network access
+	* await sandbox.updateNetworkPolicy("deny-all");
+	*/
+	async updateNetworkPolicy(networkPolicy, opts) {
+		"use step";
+		this.sandbox = toSandboxSnapshot((await (await this.ensureClient()).updateNetworkPolicy({
+			sandboxId: this.sandbox.id,
+			networkPolicy,
+			signal: opts?.signal
+		})).json.sandbox);
+		return this.sandbox.networkPolicy;
+	}
+	/**
+	* Extend the timeout of the sandbox by the specified duration.
+	*
+	* This allows you to extend the lifetime of a sandbox up until the maximum
+	* execution timeout for your plan.
+	*
+	* @param duration - The duration in milliseconds to extend the timeout by
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns A promise that resolves when the timeout is extended
+	*
+	* @example
+	* const sandbox = await Sandbox.create({ timeout: ms('10m') });
+	* // Extends timeout by 5 minutes, to a total of 15 minutes.
+	* await sandbox.extendTimeout(ms('5m'));
+	*/
+	async extendTimeout(duration, opts) {
+		"use step";
+		this.sandbox = toSandboxSnapshot((await (await this.ensureClient()).extendTimeout({
+			sandboxId: this.sandbox.id,
+			duration,
+			signal: opts?.signal
+		})).json.sandbox);
+	}
+	/**
+	* Create a snapshot from this currently running sandbox. New sandboxes can
+	* then be created from this snapshot using {@link Sandbox.createFromSnapshot}.
+	*
+	* Note: this sandbox will be stopped as part of the snapshot creation process.
+	*
+	* @param opts - Optional parameters.
+	* @param opts.expiration - Optional expiration time in milliseconds. Use 0 for no expiration at all.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns A promise that resolves to the Snapshot instance
+	*/
+	async snapshot(opts) {
+		"use step";
+		const client = await this.ensureClient();
+		const response = await client.createSnapshot({
+			sandboxId: this.sandbox.id,
+			expiration: opts?.expiration,
+			signal: opts?.signal
+		});
+		this.sandbox = toSandboxSnapshot(response.json.sandbox);
+		return new Snapshot({
+			client,
+			snapshot: response.json.snapshot
+		});
+	}
+};
 /**
- * A {@link Sandbox} that can automatically be disposed using a `await using` statement.
- *
- * @example
- * {
- *   await using const sandbox = await Sandbox.create();
- * }
- * // Sandbox is automatically stopped here
- */
-class DisposableSandbox extends Sandbox {
-    async [Symbol.asyncDispose]() {
-        await this.stop();
-    }
-}
+* A {@link Sandbox} that can automatically be disposed using a `await using` statement.
+*
+* @example
+* {
+*   await using const sandbox = await Sandbox.create();
+* }
+* // Sandbox is automatically stopped here
+*/
+var DisposableSandbox = class extends Sandbox {
+	async [Symbol.asyncDispose]() {
+		await this.stop();
+	}
+};
+
+//#endregion
+export { Sandbox };
 //# sourceMappingURL=sandbox.js.map