@vercel/sandbox 2.0.0-beta.11 → 2.0.0-beta.13

package/dist/sandbox.cjs

@@ -0,0 +1,694 @@
+const require_rolldown_runtime = require('./_virtual/rolldown_runtime.cjs');
+const require_api_error = require('./api-client/api-error.cjs');
+const require_network_policy = require('./utils/network-policy.cjs');
+const require_types = require('./utils/types.cjs');
+const require_api_client = require('./api-client/api-client.cjs');
+require('./api-client/index.cjs');
+const require_get_credentials = require('./utils/get-credentials.cjs');
+const require_session = require('./session.cjs');
+let __workflow_serde = require("@workflow/serde");
+let node_timers_promises = require("node:timers/promises");
+
+//#region src/sandbox.ts
+function isSandboxStoppedError(err) {
+	return err instanceof require_api_error.APIError && err.response.status === 410;
+}
+function isSandboxStoppingError(err) {
+	return err instanceof require_api_error.APIError && err.response.status === 422 && err.json?.error?.code === "sandbox_stopping";
+}
+function isSandboxSnapshottingError(err) {
+	return err instanceof require_api_error.APIError && err.response.status === 422 && err.json?.error?.code === "sandbox_snapshotting";
+}
+/**
+* A Sandbox is a persistent, isolated Linux MicroVMs to run commands in.
+* Use {@link Sandbox.create} or {@link Sandbox.get} to construct.
+* @hideconstructor
+*/
+var Sandbox = class Sandbox {
+	/**
+	* Lazily resolve credentials and construct an API client.
+	* @internal
+	*/
+	async ensureClient() {
+		"use step";
+		if (this._client) return this._client;
+		const credentials = await require_get_credentials.getCredentials();
+		this._client = new require_api_client.APIClient({
+			teamId: credentials.teamId,
+			token: credentials.token
+		});
+		return this._client;
+	}
+	/**
+	* The name of this sandbox.
+	*/
+	get name() {
+		return this.sandbox.name;
+	}
+	/**
+	* Routes from ports to subdomains.
+	* @hidden
+	*/
+	get routes() {
+		return this.currentSession().routes;
+	}
+	/**
+	* Whether the sandbox persists the state.
+	*/
+	get persistent() {
+		return this.sandbox.persistent;
+	}
+	/**
+	* The region this sandbox runs in.
+	*/
+	get region() {
+		return this.sandbox.region;
+	}
+	/**
+	* Number of virtual CPUs allocated.
+	*/
+	get vcpus() {
+		return this.sandbox.vcpus;
+	}
+	/**
+	* Memory allocated in MB.
+	*/
+	get memory() {
+		return this.sandbox.memory;
+	}
+	/** Runtime identifier (e.g. "node24", "python3.13"). */
+	get runtime() {
+		return this.sandbox.runtime;
+	}
+	/**
+	* Cumulative egress bytes across all sessions.
+	*/
+	get totalEgressBytes() {
+		return this.sandbox.totalEgressBytes;
+	}
+	/**
+	* Cumulative ingress bytes across all sessions.
+	*/
+	get totalIngressBytes() {
+		return this.sandbox.totalIngressBytes;
+	}
+	/**
+	* Cumulative active CPU duration in milliseconds across all sessions.
+	*/
+	get totalActiveCpuDurationMs() {
+		return this.sandbox.totalActiveCpuDurationMs;
+	}
+	/**
+	* Cumulative wall-clock duration in milliseconds across all sessions.
+	*/
+	get totalDurationMs() {
+		return this.sandbox.totalDurationMs;
+	}
+	/**
+	* When this sandbox was last updated.
+	*/
+	get updatedAt() {
+		return new Date(this.sandbox.updatedAt);
+	}
+	/**
+	* When the sandbox status was last updated.
+	*/
+	get statusUpdatedAt() {
+		return this.sandbox.statusUpdatedAt ? new Date(this.sandbox.statusUpdatedAt) : void 0;
+	}
+	/**
+	* When this sandbox was created.
+	*/
+	get createdAt() {
+		return new Date(this.sandbox.createdAt);
+	}
+	/**
+	* Interactive port.
+	*/
+	get interactivePort() {
+		return this.currentSession().interactivePort;
+	}
+	/**
+	* The status of the current session.
+	*/
+	get status() {
+		return this.currentSession().status;
+	}
+	/**
+	* The default timeout of this sandbox in milliseconds.
+	*/
+	get timeout() {
+		return this.sandbox.timeout;
+	}
+	/**
+	* Key-value tags attached to the sandbox.
+	*/
+	get tags() {
+		return this.sandbox.tags;
+	}
+	/**
+	* The default network policy of this sandbox.
+	*/
+	get networkPolicy() {
+		return this.sandbox.networkPolicy ? require_network_policy.fromAPINetworkPolicy(this.sandbox.networkPolicy) : void 0;
+	}
+	/**
+	* If the session was created from a snapshot, the ID of that snapshot.
+	*/
+	get sourceSnapshotId() {
+		return this.currentSession().sourceSnapshotId;
+	}
+	/**
+	* The current snapshot ID of this sandbox, if any.
+	*/
+	get currentSnapshotId() {
+		return this.sandbox.currentSnapshotId;
+	}
+	/**
+	* The default snapshot expiration in milliseconds, if set.
+	*/
+	get snapshotExpiration() {
+		return this.sandbox.snapshotExpiration;
+	}
+	/**
+	* The amount of CPU used by the session. Only reported once the VM is stopped.
+	*/
+	get activeCpuUsageMs() {
+		return this.currentSession().activeCpuUsageMs;
+	}
+	/**
+	* The amount of network data used by the session. Only reported once the VM is stopped.
+	*/
+	get networkTransfer() {
+		return this.currentSession().networkTransfer;
+	}
+	/**
+	* Allow to get a list of sandboxes for a team narrowed to the given params.
+	* It returns both the sandboxes and the pagination metadata to allow getting
+	* the next page of results.
+	*/
+	static async list(params) {
+		"use step";
+		const credentials = await require_get_credentials.getCredentials(params);
+		return (await new require_api_client.APIClient({
+			teamId: credentials.teamId,
+			token: credentials.token,
+			fetch: params?.fetch
+		}).listSandboxes({
+			...credentials,
+			...params
+		})).json;
+	}
+	/**
+	* Serialize a Sandbox instance to plain data for @workflow/serde.
+	*
+	* @param instance - The Sandbox instance to serialize
+	* @returns A plain object containing sandbox metadata and routes
+	*/
+	static [__workflow_serde.WORKFLOW_SERIALIZE](instance) {
+		return {
+			metadata: instance.session?._sessionSnapshot,
+			routes: instance.session?.routes ?? [],
+			sandboxMetadata: instance.sandbox,
+			projectId: instance.projectId
+		};
+	}
+	/**
+	* Deserialize a Sandbox from serialized snapshot data.
+	*
+	* The deserialized instance uses the serialized metadata synchronously and
+	* lazily creates an API client only when methods perform API requests.
+	*
+	* @param data - The serialized sandbox data
+	* @returns The reconstructed Sandbox instance
+	*/
+	static [__workflow_serde.WORKFLOW_DESERIALIZE](data) {
+		const sandbox = new Sandbox({
+			sandbox: data.sandboxMetadata,
+			routes: data.routes,
+			projectId: data.projectId
+		});
+		if (data.metadata) sandbox.session = new require_session.Session({
+			routes: data.routes,
+			snapshot: data.metadata
+		});
+		return sandbox;
+	}
+	/**
+	* Create a new sandbox.
+	*
+	* @param params - Creation parameters and optional credentials.
+	* @returns A promise resolving to the created {@link Sandbox}.
+	* @example
+	* <caption>Create a sandbox with default options</caption>
+	* const sandbox = await Sandbox.create();
+	*
+	* @example
+	* <caption>Create a sandbox and drop it in the end of the block</caption>
+	* async function fn() {
+	*   await using const sandbox = await Sandbox.create();
+	*   // Sandbox automatically stopped at the end of the lexical scope
+	* }
+	*/
+	static async create(params) {
+		"use step";
+		const credentials = await require_get_credentials.getCredentials(params);
+		const client = new require_api_client.APIClient({
+			teamId: credentials.teamId,
+			token: credentials.token,
+			fetch: params?.fetch
+		});
+		const privateParams = require_types.getPrivateParams(params);
+		const response = await client.createSandbox({
+			source: params?.source,
+			projectId: credentials.projectId,
+			ports: params?.ports ?? [],
+			timeout: params?.timeout,
+			resources: params?.resources,
+			runtime: params && "runtime" in params ? params?.runtime : void 0,
+			networkPolicy: params?.networkPolicy,
+			env: params?.env,
+			tags: params?.tags,
+			snapshotExpiration: params?.snapshotExpiration,
+			signal: params?.signal,
+			name: params?.name,
+			persistent: params?.persistent,
+			...privateParams
+		});
+		return new DisposableSandbox({
+			client,
+			session: response.json.session,
+			sandbox: response.json.sandbox,
+			routes: response.json.routes,
+			projectId: credentials.projectId,
+			onResume: params?.onResume
+		});
+	}
+	/**
+	* Retrieve an existing sandbox and resume its session.
+	*
+	* @param params - Get parameters and optional credentials.
+	* @returns A promise resolving to the {@link Sandbox}.
+	*/
+	static async get(params) {
+		"use step";
+		const credentials = await require_get_credentials.getCredentials(params);
+		const client = new require_api_client.APIClient({
+			teamId: credentials.teamId,
+			token: credentials.token,
+			fetch: params.fetch
+		});
+		const privateParams = require_types.getPrivateParams(params);
+		const response = await client.getSandbox({
+			name: params.name,
+			projectId: credentials.projectId,
+			resume: params.resume,
+			signal: params.signal,
+			...privateParams
+		});
+		const sandbox = new Sandbox({
+			client,
+			session: response.json.session,
+			sandbox: response.json.sandbox,
+			routes: response.json.routes,
+			projectId: credentials.projectId,
+			onResume: params.onResume
+		});
+		if (response.json.resumed && params.onResume) await params.onResume(sandbox);
+		return sandbox;
+	}
+	/**
+	* Create a new Sandbox instance.
+	*
+	* @param params.client - Optional API client. If not provided, will be lazily created using global credentials.
+	* @param params.routes - Port-to-subdomain mappings for exposed ports
+	* @param params.sandbox - Sandbox snapshot metadata
+	*/
+	constructor({ client, routes, session, sandbox, projectId, onResume }) {
+		this._client = null;
+		this.resumePromise = null;
+		this._client = client ?? null;
+		if (session) this.session = new require_session.Session({
+			client,
+			routes,
+			session
+		});
+		this.sandbox = sandbox;
+		this.projectId = projectId ?? "";
+		this.onResume = onResume;
+	}
+	/**
+	* Get the current session (the running VM) for this sandbox.
+	*
+	* @returns The {@link Session} instance.
+	*/
+	currentSession() {
+		if (!this.session) throw new Error("No active session. Run a command or call resume first.");
+		return this.session;
+	}
+	/**
+	* Resume this sandbox by creating a new session via `getSandbox`.
+	*/
+	async resume(signal) {
+		if (!this.resumePromise) this.resumePromise = this.doResume(signal).finally(() => {
+			this.resumePromise = null;
+		});
+		return this.resumePromise;
+	}
+	async doResume(signal) {
+		const client = await this.ensureClient();
+		const response = await client.getSandbox({
+			name: this.sandbox.name,
+			projectId: this.projectId,
+			resume: true,
+			signal
+		});
+		this.session = new require_session.Session({
+			client,
+			routes: response.json.routes,
+			session: response.json.session
+		});
+		if (this.onResume && response.json.resumed) await this.onResume(this);
+	}
+	/**
+	* Poll until the current session reaches a terminal state, then resume.
+	*/
+	async waitForStopAndResume(signal) {
+		"use step";
+		const client = await this.ensureClient();
+		const pollingInterval = 500;
+		let status = this.session.status;
+		while (status === "stopping" || status === "snapshotting") {
+			await (0, node_timers_promises.setTimeout)(pollingInterval, void 0, { signal });
+			const poll = await client.getSession({
+				sessionId: this.session.sessionId,
+				signal
+			});
+			this.session = new require_session.Session({
+				client,
+				routes: poll.json.routes,
+				session: poll.json.session
+			});
+			status = poll.json.session.status;
+		}
+		await this.resume(signal);
+	}
+	/**
+	* Execute `fn`, and if the session is stopped/stopping/snapshotting, resume and retry.
+	*/
+	async withResume(fn, signal) {
+		if (!this.session) await this.resume(signal);
+		try {
+			return await fn();
+		} catch (err) {
+			if (isSandboxStoppedError(err)) {
+				await this.resume(signal);
+				return fn();
+			}
+			if (isSandboxStoppingError(err) || isSandboxSnapshottingError(err)) {
+				await this.waitForStopAndResume(signal);
+				return fn();
+			}
+			throw err;
+		}
+	}
+	async runCommand(commandOrParams, args, opts) {
+		"use step";
+		const signal = typeof commandOrParams === "string" ? opts?.signal : commandOrParams.signal;
+		return this.withResume(() => this.session.runCommand(commandOrParams, args, opts), signal);
+	}
+	/**
+	* Internal helper to start a command in the sandbox.
+	*
+	* @param params - Command execution parameters.
+	* @returns A {@link Command} or {@link CommandFinished}, depending on `detached`.
+	* @internal
+	*/
+	async getCommand(cmdId, opts) {
+		"use step";
+		return this.withResume(() => this.session.getCommand(cmdId, opts), opts?.signal);
+	}
+	/**
+	* Create a directory in the filesystem of this sandbox.
+	*
+	* @param path - Path of the directory to create
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	*/
+	async mkDir(path, opts) {
+		"use step";
+		return this.withResume(() => this.session.mkDir(path, opts), opts?.signal);
+	}
+	/**
+	* Read a file from the filesystem of this sandbox as a stream.
+	*
+	* @param file - File to read, with path and optional cwd
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns A promise that resolves to a ReadableStream containing the file contents, or null if file not found
+	*/
+	async readFile(file, opts) {
+		"use step";
+		return this.withResume(() => this.session.readFile(file, opts), opts?.signal);
+	}
+	/**
+	* Read a file from the filesystem of this sandbox as a Buffer.
+	*
+	* @param file - File to read, with path and optional cwd
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns A promise that resolves to the file contents as a Buffer, or null if file not found
+	*/
+	async readFileToBuffer(file, opts) {
+		"use step";
+		return this.withResume(() => this.session.readFileToBuffer(file, opts), opts?.signal);
+	}
+	/**
+	* Download a file from the sandbox to the local filesystem.
+	*
+	* @param src - Source file on the sandbox, with path and optional cwd
+	* @param dst - Destination file on the local machine, with path and optional cwd
+	* @param opts - Optional parameters.
+	* @param opts.mkdirRecursive - If true, create parent directories for the destination if they don't exist.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns The absolute path to the written file, or null if the source file was not found
+	*/
+	async downloadFile(src, dst, opts) {
+		"use step";
+		return this.withResume(() => this.session.downloadFile(src, dst, opts), opts?.signal);
+	}
+	/**
+	* Write files to the filesystem of this sandbox.
+	* Defaults to writing to /vercel/sandbox unless an absolute path is specified.
+	* Writes files using the `vercel-sandbox` user.
+	*
+	* @param files - Array of files with path, content, and optional mode (permissions)
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns A promise that resolves when the files are written
+	*
+	* @example
+	* // Write an executable script
+	* await sandbox.writeFiles([
+	*   { path: "/usr/local/bin/myscript", content: "#!/bin/bash\necho hello", mode: 0o755 }
+	* ]);
+	*/
+	async writeFiles(files, opts) {
+		"use step";
+		return this.withResume(() => this.session.writeFiles(files, opts), opts?.signal);
+	}
+	/**
+	* Get the public domain of a port of this sandbox.
+	*
+	* @param p - Port number to resolve
+	* @returns A full domain (e.g. `https://subdomain.vercel.run`)
+	* @throws If the port has no associated route
+	*/
+	domain(p) {
+		return this.currentSession().domain(p);
+	}
+	/**
+	* Stop the sandbox.
+	*
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @param opts.blocking - If true, poll until the sandbox has fully stopped and return the final state.
+	* @returns The sandbox at the time the stop was acknowledged, or after fully stopped if `blocking` is true.
+	*/
+	async stop(opts) {
+		"use step";
+		if (!this.session) throw new Error("No active session to stop.");
+		return this.session.stop(opts);
+	}
+	/**
+	* Update the network policy for this sandbox.
+	*
+	* @deprecated Use {@link Sandbox.update} instead.
+	*
+	* @param networkPolicy - The new network policy to apply.
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns A promise that resolves when the network policy is updated.
+	*
+	* @example
+	* // Restrict to specific domains
+	* await sandbox.updateNetworkPolicy({
+	*   allow: ["*.npmjs.org", "github.com"],
+	* });
+	*
+	* @example
+	* // Inject credentials with per-domain transformers
+	* await sandbox.updateNetworkPolicy({
+	*   allow: {
+	*     "ai-gateway.vercel.sh": [{
+	*       transform: [{
+	*         headers: { authorization: "Bearer ..." }
+	*       }]
+	*     }],
+	*     "*": []
+	*   }
+	* });
+	*
+	* @example
+	* // Deny all network access
+	* await sandbox.updateNetworkPolicy("deny-all");
+	*/
+	async updateNetworkPolicy(networkPolicy, opts) {
+		"use step";
+		await this.withResume(() => this.session.update({ networkPolicy }, opts), opts?.signal);
+		return this.session.networkPolicy;
+	}
+	/**
+	* Extend the timeout of the sandbox by the specified duration.
+	*
+	* This allows you to extend the lifetime of a sandbox up until the maximum
+	* execution timeout for your plan.
+	*
+	* @param duration - The duration in milliseconds to extend the timeout by
+	* @param opts - Optional parameters.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns A promise that resolves when the timeout is extended
+	*
+	* @example
+	* const sandbox = await Sandbox.create({ timeout: ms('10m') });
+	* // Extends timeout by 5 minutes, to a total of 15 minutes.
+	* await sandbox.extendTimeout(ms('5m'));
+	*/
+	async extendTimeout(duration, opts) {
+		"use step";
+		return this.withResume(() => this.session.extendTimeout(duration, opts), opts?.signal);
+	}
+	/**
+	* Create a snapshot from this currently running sandbox. New sandboxes can
+	* then be created from this snapshot using {@link Sandbox.createFromSnapshot}.
+	*
+	* Note: this sandbox will be stopped as part of the snapshot creation process.
+	*
+	* @param opts - Optional parameters.
+	* @param opts.expiration - Optional expiration time in milliseconds. Use 0 for no expiration at all.
+	* @param opts.signal - An AbortSignal to cancel the operation.
+	* @returns A promise that resolves to the Snapshot instance
+	*/
+	async snapshot(opts) {
+		"use step";
+		return this.withResume(() => this.session.snapshot(opts), opts?.signal);
+	}
+	/**
+	* Update the sandbox configuration.
+	*
+	* @param params - Fields to update.
+	* @param opts - Optional abort signal.
+	*/
+	async update(params, opts) {
+		"use step";
+		const client = await this.ensureClient();
+		let resources;
+		if (params.resources?.vcpus) resources = {
+			vcpus: params.resources.vcpus,
+			memory: params.resources.vcpus * 2048
+		};
+		this.sandbox = (await client.updateSandbox({
+			name: this.sandbox.name,
+			projectId: this.projectId,
+			persistent: params.persistent,
+			resources,
+			timeout: params.timeout,
+			networkPolicy: params.networkPolicy,
+			tags: params.tags,
+			snapshotExpiration: params.snapshotExpiration,
+			signal: opts?.signal
+		})).json.sandbox;
+		if (params.networkPolicy) try {
+			return await this.session?.update({ networkPolicy: params.networkPolicy }, opts);
+		} catch (err) {
+			if (isSandboxStoppedError(err) || isSandboxStoppingError(err)) return;
+			throw err;
+		}
+	}
+	/**
+	* Delete this sandbox.
+	*
+	* After deletion the instance becomes inert — all further API calls will
+	* throw immediately.
+	*/
+	async delete(opts) {
+		"use step";
+		await (await this.ensureClient()).deleteSandbox({
+			name: this.sandbox.name,
+			projectId: this.projectId,
+			signal: opts?.signal
+		});
+	}
+	/**
+	* List sessions (VMs) that have been created for this sandbox.
+	*
+	* @param params - Optional pagination parameters.
+	* @returns The list of sessions and pagination metadata.
+	*/
+	async listSessions(params) {
+		"use step";
+		return (await (await this.ensureClient()).listSessions({
+			projectId: this.projectId,
+			name: this.sandbox.name,
+			limit: params?.limit,
+			cursor: params?.cursor,
+			sortOrder: params?.sortOrder,
+			signal: params?.signal
+		})).json;
+	}
+	/**
+	* List snapshots that belong to this sandbox.
+	*
+	* @param params - Optional pagination parameters.
+	* @returns The list of snapshots and pagination metadata.
+	*/
+	async listSnapshots(params) {
+		"use step";
+		return (await (await this.ensureClient()).listSnapshots({
+			projectId: this.projectId,
+			name: this.sandbox.name,
+			limit: params?.limit,
+			cursor: params?.cursor,
+			sortOrder: params?.sortOrder,
+			signal: params?.signal
+		})).json;
+	}
+};
+/**
+* A {@link Sandbox} that can automatically be disposed using a `await using` statement.
+*
+* @example
+* {
+*   await using const sandbox = await Sandbox.create();
+* }
+* // Sandbox is automatically stopped here
+*/
+var DisposableSandbox = class extends Sandbox {
+	async [Symbol.asyncDispose]() {
+		await this.stop();
+	}
+};
+
+//#endregion
+exports.Sandbox = Sandbox;
+//# sourceMappingURL=sandbox.cjs.map