@vercel/sandbox 2.0.0-beta.11 → 2.0.0-beta.13

package/dist/session.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.cjs","names":["getCredentials","APIClient","WORKFLOW_SERIALIZE","WORKFLOW_DESERIALIZE","toSandboxSnapshot","Command","params: RunCommandParams","command","CommandFinished","path","consumeReadable","Snapshot"],"sources":["../src/session.ts"],"sourcesContent":["import { WORKFLOW_DESERIALIZE, WORKFLOW_SERIALIZE } from \"@workflow/serde\";\nimport { type SessionMetaData, type SandboxRouteData, APIClient } from \"./api-client/index.js\";\nimport type { Writable } from \"stream\";\nimport { pipeline } from \"stream/promises\";\nimport { createWriteStream } from \"fs\";\nimport { mkdir } from \"fs/promises\";\nimport { dirname, resolve } from \"path\";\nimport { Command, CommandFinished } from \"./command.js\";\nimport { Snapshot } from \"./snapshot.js\";\nimport { consumeReadable } from \"./utils/consume-readable.js\";\nimport type {\n  NetworkPolicy,\n  NetworkPolicyRule,\n  NetworkTransformer,\n} from \"./network-policy.js\";\nimport { toSandboxSnapshot, type SandboxSnapshot } from \"./utils/sandbox-snapshot.js\";\nimport { getCredentials } from \"./utils/get-credentials.js\";\n\nexport type { NetworkPolicy, NetworkPolicyRule, NetworkTransformer };\n\n/**\n * Serialized representation of a Session for @workflow/serde.\n */\nexport interface SerializedSession {\n  session: SandboxSnapshot;\n  routes: SandboxRouteData[];\n}\n\n/** @inline */\nexport interface RunCommandParams {\n  /**\n   * The command to execute\n   */\n  cmd: string;\n  /**\n   * Arguments to pass to the command\n   */\n  args?: string[];\n  /**\n   * Working directory to execute the command in\n   */\n  cwd?: string;\n  /**\n   * Environment variables to set for this command\n   */\n  env?: Record<string, string>;\n  /**\n   * If true, execute this command with root privileges. Defaults to false.\n   */\n  sudo?: boolean;\n  /**\n   * If true, the command will return without waiting for `exitCode`\n   */\n  detached?: boolean;\n  /**\n   * A `Writable` stream where `stdout` from the command will be piped\n   */\n  stdout?: Writable;\n  /**\n   * A `Writable` stream where `stderr` from the command will be piped\n   */\n  stderr?: Writable;\n  /**\n   * An AbortSignal to cancel the command execution\n   */\n  signal?: AbortSignal;\n}\n\n/**\n * A Session represents a running VM instance within a {@link Sandbox}.\n *\n * Obtain a session via {@link Sandbox.currentSession}.\n */\nexport class Session {\n  private _client: APIClient | null = null;\n\n  /**\n   * Lazily resolve credentials and construct an API client.\n   * This is used in step contexts where the Sandbox was deserialized\n   * without a client (e.g. when crossing workflow/step boundaries).\n   * Uses getCredentials() which resolves from OIDC or env vars.\n   * @internal\n   */\n  private async ensureClient(): Promise<APIClient> {\n    \"use step\";\n    if (this._client) return this._client;\n    const credentials = await getCredentials();\n    this._client = new APIClient({\n      teamId: credentials.teamId,\n      token: credentials.token,\n    });\n    return this._client;\n  }\n\n  /**\n   * Routes from ports to subdomains.\n   * @hidden\n   */\n  public readonly routes: SandboxRouteData[];\n\n  /**\n   * Internal metadata about the current session.\n   */\n  private session: SandboxSnapshot;\n\n  private get client(): APIClient {\n    if (!this._client) throw new Error(\"API client not initialized\");\n    return this._client;\n  }\n\n  /** @internal */\n  get _sessionSnapshot(): SandboxSnapshot {\n    return this.session;\n  }\n\n  /**\n   * Unique ID of this session.\n   */\n  public get sessionId(): string {\n    return this.session.id;\n  }\n\n  public get interactivePort(): number | undefined {\n    return this.session.interactivePort ?? undefined;\n  }\n\n  /**\n   * The status of this session.\n   */\n  public get status(): SessionMetaData[\"status\"] {\n    return this.session.status;\n  }\n\n  /**\n   * The creation date of this session.\n   */\n  public get createdAt(): Date {\n    return new Date(this.session.createdAt);\n  }\n\n  /**\n   * The timeout of this session in milliseconds.\n   */\n  public get timeout(): number {\n    return this.session.timeout;\n  }\n\n  /**\n   * The network policy of this session.\n   */\n  public get networkPolicy(): NetworkPolicy | undefined {\n    return this.session.networkPolicy;\n  }\n\n  /**\n   * If the session was created from a snapshot, the ID of that snapshot.\n   */\n  public get sourceSnapshotId(): string | undefined {\n    return this.session.sourceSnapshotId;\n  }\n\n  /**\n   * Memory allocated to this session in MB.\n   */\n  public get memory(): number {\n    return this.session.memory;\n  }\n\n  /**\n   * Number of vCPUs allocated to this session.\n   */\n  public get vcpus(): number {\n    return this.session.vcpus;\n  }\n\n  /**\n   * The region where this session is hosted.\n   */\n  public get region(): string {\n    return this.session.region;\n  }\n\n  /**\n   * Runtime identifier (e.g. \"node24\", \"python3.13\").\n   */\n  public get runtime(): string {\n    return this.session.runtime;\n  }\n\n  /**\n   * The working directory of this session.\n   */\n  public get cwd(): string {\n    return this.session.cwd;\n  }\n\n  /**\n   * When this session was requested.\n   */\n  public get requestedAt(): Date {\n    return new Date(this.session.requestedAt);\n  }\n\n  /**\n   * When this session started running.\n   */\n  public get startedAt(): Date | undefined {\n    return this.session.startedAt != null\n      ? new Date(this.session.startedAt)\n      : undefined;\n  }\n\n  /**\n   * When this session was requested to stop.\n   */\n  public get requestedStopAt(): Date | undefined {\n    return this.session.requestedStopAt != null\n      ? new Date(this.session.requestedStopAt)\n      : undefined;\n  }\n\n  /**\n   * When this session was stopped.\n   */\n  public get stoppedAt(): Date | undefined {\n    return this.session.stoppedAt != null\n      ? new Date(this.session.stoppedAt)\n      : undefined;\n  }\n\n  /**\n   * When this session was aborted.\n   */\n  public get abortedAt(): Date | undefined {\n    return this.session.abortedAt != null\n      ? new Date(this.session.abortedAt)\n      : undefined;\n  }\n\n  /**\n   * The wall-clock duration of this session in milliseconds.\n   */\n  public get duration(): number | undefined {\n    return this.session.duration;\n  }\n\n  /**\n   * When a snapshot was requested for this session.\n   */\n  public get snapshottedAt(): Date | undefined {\n    return this.session.snapshottedAt != null\n      ? new Date(this.session.snapshottedAt)\n      : undefined;\n  }\n\n  /**\n   * When this session was last updated.\n   */\n  public get updatedAt(): Date {\n    return new Date(this.session.updatedAt);\n  }\n\n  /**\n   * The amount of active CPU used by the session. Only reported once the VM is\n   * stopped.\n   */\n  public get activeCpuUsageMs(): number | undefined {\n    return this.session.activeCpuDurationMs;\n  }\n\n  /**\n   * The amount of network data used by the session. Only reported once the VM\n   * is stopped.\n   */\n  public get networkTransfer():\n    | { ingress: number; egress: number }\n    | undefined {\n    return this.session.networkTransfer;\n  }\n\n  /**\n   * Serialize a Session instance to plain data for @workflow/serde.\n   *\n   * Although Sandbox handles top-level serialization, Session needs these\n   * methods so the Workflow SWC compiler can resolve the class by name.\n   * The `new Session(...)` self-reference in WORKFLOW_DESERIALIZE forces\n   * rolldown to preserve the class name in the compiled output.\n   */\n  static [WORKFLOW_SERIALIZE](instance: Session): SerializedSession {\n    return {\n      session: instance.session,\n      routes: instance.routes,\n    };\n  }\n\n  static [WORKFLOW_DESERIALIZE](data: SerializedSession): Session {\n    return new Session({ routes: data.routes, snapshot: data.session });\n  }\n\n  constructor(params: {\n    client: APIClient;\n    routes: SandboxRouteData[];\n    session: SessionMetaData;\n  } | {\n    /** @internal – used during deserialization with an already-converted snapshot */\n    routes: SandboxRouteData[];\n    snapshot: SandboxSnapshot;\n  }) {\n    this.routes = params.routes;\n    if (\"snapshot\" in params) {\n      this.session = params.snapshot;\n    } else {\n      this._client = params.client;\n      this.session = toSandboxSnapshot(params.session);\n    }\n  }\n\n  /**\n   * Get a previously run command by its ID.\n   *\n   * @param cmdId - ID of the command to retrieve\n   * @param opts - Optional parameters.\n   * @param opts.signal - An AbortSignal to cancel the operation.\n   * @returns A {@link Command} instance representing the command\n   */\n  async getCommand(\n    cmdId: string,\n    opts?: { signal?: AbortSignal },\n  ): Promise<Command> {\n    \"use step\";\n    const client = await this.ensureClient();\n    const command = await client.getCommand({\n      sessionId: this.session.id,\n      cmdId,\n      signal: opts?.signal,\n    });\n\n    return new Command({\n      client,\n      sessionId: this.session.id,\n      cmd: command.json.command,\n    });\n  }\n\n  /**\n   * Start executing a command in this session.\n   *\n   * @param command - The command to execute.\n   * @param args - Arguments to pass to the command.\n   * @param opts - Optional parameters.\n   * @param opts.signal - An AbortSignal to cancel the command execution.\n   * @returns A {@link CommandFinished} result once execution is done.\n   */\n  async runCommand(\n    command: string,\n    args?: string[],\n    opts?: { signal?: AbortSignal },\n  ): Promise<CommandFinished>;\n\n  /**\n   * Start executing a command in detached mode.\n   *\n   * @param params - The command parameters.\n   * @returns A {@link Command} instance for the running command.\n   */\n  async runCommand(\n    params: RunCommandParams & { detached: true },\n  ): Promise<Command>;\n\n  /**\n   * Start executing a command in this session.\n   *\n   * @param params - The command parameters.\n   * @returns A {@link CommandFinished} result once execution is done.\n   */\n  async runCommand(params: RunCommandParams): Promise<CommandFinished>;\n\n  async runCommand(\n    commandOrParams: string | RunCommandParams,\n    args?: string[],\n    opts?: { signal?: AbortSignal },\n  ): Promise<Command | CommandFinished> {\n    \"use step\";\n    const client = await this.ensureClient();\n    const params: RunCommandParams =\n      typeof commandOrParams === \"string\"\n        ? { cmd: commandOrParams, args, signal: opts?.signal }\n        : commandOrParams;\n    const wait = params.detached ? false : true;\n    const pipeLogs = async (command: Command): Promise<void> => {\n      if (!params.stdout && !params.stderr) {\n        return;\n      }\n\n      try {\n        for await (const log of command.logs({ signal: params.signal })) {\n          if (log.stream === \"stdout\") {\n            params.stdout?.write(log.data);\n          } else if (log.stream === \"stderr\") {\n            params.stderr?.write(log.data);\n          }\n        }\n      } catch (err) {\n        if (params.signal?.aborted) {\n          return;\n        }\n        throw err;\n      }\n    };\n\n    if (wait) {\n      const commandStream = await client.runCommand({\n        sessionId: this.session.id,\n        command: params.cmd,\n        args: params.args ?? [],\n        cwd: params.cwd,\n        env: params.env ?? {},\n        sudo: params.sudo ?? false,\n        wait: true,\n        signal: params.signal,\n      });\n\n      const command = new Command({\n        client,\n        sessionId: this.session.id,\n        cmd: commandStream.command,\n      });\n\n      const [finished] = await Promise.all([\n        commandStream.finished,\n        pipeLogs(command),\n      ]);\n      return new CommandFinished({\n        client,\n        sessionId: this.session.id,\n        cmd: finished,\n        exitCode: finished.exitCode ?? 0,\n      });\n    }\n\n    const commandResponse = await client.runCommand({\n      sessionId: this.session.id,\n      command: params.cmd,\n      args: params.args ?? [],\n      cwd: params.cwd,\n      env: params.env ?? {},\n      sudo: params.sudo ?? false,\n      signal: params.signal,\n    });\n\n    const command = new Command({\n      client,\n      sessionId: this.session.id,\n      cmd: commandResponse.json.command,\n    });\n\n    void pipeLogs(command).catch((err) => {\n      if (params.signal?.aborted) {\n        return;\n      }\n      (params.stderr ?? params.stdout)?.emit(\"error\", err);\n    });\n\n    return command;\n  }\n\n  /**\n   * Create a directory in the filesystem of this session.\n   *\n   * @param path - Path of the directory to create\n   * @param opts - Optional parameters.\n   * @param opts.signal - An AbortSignal to cancel the operation.\n   */\n  async mkDir(path: string, opts?: { signal?: AbortSignal }): Promise<void> {\n    \"use step\";\n    const client = await this.ensureClient();\n    await client.mkDir({\n      sessionId: this.session.id,\n      path: path,\n      signal: opts?.signal,\n    });\n  }\n\n  /**\n   * Read a file from the filesystem of this session as a stream.\n   *\n   * @param file - File to read, with path and optional cwd\n   * @param opts - Optional parameters.\n   * @param opts.signal - An AbortSignal to cancel the operation.\n   * @returns A promise that resolves to a ReadableStream containing the file contents, or null if file not found\n   */\n  async readFile(\n    file: { path: string; cwd?: string },\n    opts?: { signal?: AbortSignal },\n  ): Promise<NodeJS.ReadableStream | null> {\n    \"use step\";\n    const client = await this.ensureClient();\n    return client.readFile({\n      sessionId: this.session.id,\n      path: file.path,\n      cwd: file.cwd,\n      signal: opts?.signal,\n    });\n  }\n\n  /**\n   * Read a file from the filesystem of this session as a Buffer.\n   *\n   * @param file - File to read, with path and optional cwd\n   * @param opts - Optional parameters.\n   * @param opts.signal - An AbortSignal to cancel the operation.\n   * @returns A promise that resolves to the file contents as a Buffer, or null if file not found\n   */\n  async readFileToBuffer(\n    file: { path: string; cwd?: string },\n    opts?: { signal?: AbortSignal },\n  ): Promise<Buffer | null> {\n    \"use step\";\n    const client = await this.ensureClient();\n    const stream = await client.readFile({\n      sessionId: this.session.id,\n      path: file.path,\n      cwd: file.cwd,\n      signal: opts?.signal,\n    });\n\n    if (stream === null) {\n      return null;\n    }\n\n    return consumeReadable(stream);\n  }\n\n  /**\n   * Download a file from the session to the local filesystem.\n   *\n   * @param src - Source file on the session, with path and optional cwd\n   * @param dst - Destination file on the local machine, with path and optional cwd\n   * @param opts - Optional parameters.\n   * @param opts.mkdirRecursive - If true, create parent directories for the destination if they don't exist.\n   * @param opts.signal - An AbortSignal to cancel the operation.\n   * @returns The absolute path to the written file, or null if the source file was not found\n   */\n  async downloadFile(\n    src: { path: string; cwd?: string },\n    dst: { path: string; cwd?: string },\n    opts?: { mkdirRecursive?: boolean; signal?: AbortSignal },\n  ): Promise<string | null> {\n    \"use step\";\n    const client = await this.ensureClient();\n    if (!src?.path) {\n      throw new Error(\"downloadFile: source path is required\");\n    }\n\n    if (!dst?.path) {\n      throw new Error(\"downloadFile: destination path is required\");\n    }\n\n    const stream = await client.readFile({\n      sessionId: this.session.id,\n      path: src.path,\n      cwd: src.cwd,\n      signal: opts?.signal,\n    });\n\n    if (stream === null) {\n      return null;\n    }\n\n    try {\n      const dstPath = resolve(dst.cwd ?? \"\", dst.path);\n      if (opts?.mkdirRecursive) {\n        await mkdir(dirname(dstPath), { recursive: true });\n      }\n      await pipeline(stream, createWriteStream(dstPath), {\n        signal: opts?.signal,\n      });\n      return dstPath;\n    } finally {\n      stream.destroy();\n    }\n  }\n\n  /**\n   * Write files to the filesystem of this session.\n   * Defaults to writing to /vercel/sandbox unless an absolute path is specified.\n   * Writes files using the `vercel-sandbox` user.\n   *\n   * @param files - Array of files with path and stream/buffer contents\n   * @param opts - Optional parameters.\n   * @param opts.signal - An AbortSignal to cancel the operation.\n   * @returns A promise that resolves when the files are written\n   */\n  async writeFiles(\n    files: { path: string; content: string | Uint8Array; mode?: number }[],\n    opts?: { signal?: AbortSignal },\n  ) {\n    \"use step\";\n    const client = await this.ensureClient();\n    return client.writeFiles({\n      sessionId: this.session.id,\n      cwd: this.session.cwd,\n      extractDir: \"/\",\n      files: files,\n      signal: opts?.signal,\n    });\n  }\n\n  /**\n   * Get the public domain of a port of this session.\n   *\n   * @param p - Port number to resolve\n   * @returns A full domain (e.g. `https://subdomain.vercel.run`)\n   * @throws If the port has no associated route\n   */\n  domain(p: number): string {\n    const route = this.routes.find(({ port }) => port == p);\n    if (route) {\n      return `https://${route.subdomain}.vercel.run`;\n    } else {\n      throw new Error(`No route for port ${p}`);\n    }\n  }\n\n  /**\n   * Stop this session.\n   *\n   * @param opts - Optional parameters.\n   * @param opts.signal - An AbortSignal to cancel the operation.\n   * @param opts.blocking - If true, poll until the session has fully stopped and return the final state.\n   * @returns The session at the time the stop was acknowledged, or after fully stopped if `blocking` is true.\n   */\n  async stop(opts?: {\n    signal?: AbortSignal;\n    blocking?: boolean;\n  }): Promise<SandboxSnapshot> {\n    \"use step\";\n    const client = await this.ensureClient();\n    const response = await client.stopSession({\n      sessionId: this.session.id,\n      signal: opts?.signal,\n      blocking: opts?.blocking,\n    });\n    this.session = toSandboxSnapshot(response.json.session);\n    return this.session;\n  }\n\n  /**\n   * Update the current session's settings.\n   *\n   * @param params - Fields to update.\n   * @param params.networkPolicy - The new network policy to apply.\n   * @param opts - Optional parameters.\n   * @param opts.signal - An AbortSignal to cancel the operation.\n   *\n   * @example\n   * // Restrict to specific domains\n   * await session.update({\n   *   networkPolicy: {\n   *     allow: [\"*.npmjs.org\", \"github.com\"],\n   *   }\n   * });\n   *\n   * @example\n   * // Inject credentials with per-domain transformers\n   * await session.update({\n   *   networkPolicy: {\n   *     allow: {\n   *       \"ai-gateway.vercel.sh\": [{\n   *         transform: [{\n   *           headers: { authorization: \"Bearer ...\" }\n   *         }]\n   *       }],\n   *       \"*\": []\n   *     }\n   *   }\n   * });\n   *\n   * @example\n   * // Deny all network access\n   * await session.update({ networkPolicy: \"deny-all\" });\n   */\n  async update(\n    params: {\n      networkPolicy?: NetworkPolicy;\n    },\n    opts?: { signal?: AbortSignal },\n  ): Promise<void> {\n    \"use step\";\n    if (params.networkPolicy !== undefined) {\n      const client = await this.ensureClient();\n      const response = await client.updateNetworkPolicy({\n        sessionId: this.session.id,\n        networkPolicy: params.networkPolicy,\n        signal: opts?.signal,\n      });\n\n      // Update the internal session with the new network policy\n      this.session = toSandboxSnapshot(response.json.session);\n    }\n  }\n\n  /**\n   * Extend the timeout of the session by the specified duration.\n   *\n   * This allows you to extend the lifetime of a session up until the maximum\n   * execution timeout for your plan.\n   *\n   * @param duration - The duration in milliseconds to extend the timeout by\n   * @param opts - Optional parameters.\n   * @param opts.signal - An AbortSignal to cancel the operation.\n   * @returns A promise that resolves when the timeout is extended\n   *\n   * @example\n   * const sandbox = await Sandbox.create({ timeout: ms('10m') });\n   * const session = sandbox.currentSession();\n   * // Extends timeout by 5 minutes, to a total of 15 minutes.\n   * await session.extendTimeout(ms('5m'));\n   */\n  async extendTimeout(\n    duration: number,\n    opts?: { signal?: AbortSignal },\n  ): Promise<void> {\n    \"use step\";\n    const client = await this.ensureClient();\n    const response = await client.extendTimeout({\n      sessionId: this.session.id,\n      duration,\n      signal: opts?.signal,\n    });\n\n    // Update the internal sandbox metadata with the new timeout value\n    this.session = toSandboxSnapshot(response.json.session);\n  }\n\n  /**\n   * Create a snapshot from this currently running session. New sandboxes can\n   * then be created from this snapshot using {@link Sandbox.create}.\n   *\n   * Note: this session will be stopped as part of the snapshot creation process.\n   *\n   * @param opts - Optional parameters.\n   * @param opts.expiration - Optional expiration time in milliseconds. Use 0 for no expiration at all.\n   * @param opts.signal - An AbortSignal to cancel the operation.\n   * @returns A promise that resolves to the Snapshot instance\n   */\n  async snapshot(opts?: {\n    expiration?: number;\n    signal?: AbortSignal;\n  }): Promise<Snapshot> {\n    \"use step\";\n    const client = await this.ensureClient();\n    const response = await client.createSnapshot({\n      sessionId: this.session.id,\n      expiration: opts?.expiration,\n      signal: opts?.signal,\n    });\n\n    this.session = toSandboxSnapshot(response.json.session);\n\n    return new Snapshot({\n      client,\n      snapshot: response.json.snapshot,\n    });\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAyEA,IAAa,UAAb,MAAa,QAAQ;;;;;;;;CAUnB,MAAc,eAAmC;AAC/C;AACA,MAAI,KAAK,QAAS,QAAO,KAAK;EAC9B,MAAM,cAAc,MAAMA,wCAAgB;AAC1C,OAAK,UAAU,IAAIC,6BAAU;GAC3B,QAAQ,YAAY;GACpB,OAAO,YAAY;GACpB,CAAC;AACF,SAAO,KAAK;;CAcd,IAAY,SAAoB;AAC9B,MAAI,CAAC,KAAK,QAAS,OAAM,IAAI,MAAM,6BAA6B;AAChE,SAAO,KAAK;;;CAId,IAAI,mBAAoC;AACtC,SAAO,KAAK;;;;;CAMd,IAAW,YAAoB;AAC7B,SAAO,KAAK,QAAQ;;CAGtB,IAAW,kBAAsC;AAC/C,SAAO,KAAK,QAAQ,mBAAmB;;;;;CAMzC,IAAW,SAAoC;AAC7C,SAAO,KAAK,QAAQ;;;;;CAMtB,IAAW,YAAkB;AAC3B,SAAO,IAAI,KAAK,KAAK,QAAQ,UAAU;;;;;CAMzC,IAAW,UAAkB;AAC3B,SAAO,KAAK,QAAQ;;;;;CAMtB,IAAW,gBAA2C;AACpD,SAAO,KAAK,QAAQ;;;;;CAMtB,IAAW,mBAAuC;AAChD,SAAO,KAAK,QAAQ;;;;;CAMtB,IAAW,SAAiB;AAC1B,SAAO,KAAK,QAAQ;;;;;CAMtB,IAAW,QAAgB;AACzB,SAAO,KAAK,QAAQ;;;;;CAMtB,IAAW,SAAiB;AAC1B,SAAO,KAAK,QAAQ;;;;;CAMtB,IAAW,UAAkB;AAC3B,SAAO,KAAK,QAAQ;;;;;CAMtB,IAAW,MAAc;AACvB,SAAO,KAAK,QAAQ;;;;;CAMtB,IAAW,cAAoB;AAC7B,SAAO,IAAI,KAAK,KAAK,QAAQ,YAAY;;;;;CAM3C,IAAW,YAA8B;AACvC,SAAO,KAAK,QAAQ,aAAa,OAC7B,IAAI,KAAK,KAAK,QAAQ,UAAU,GAChC;;;;;CAMN,IAAW,kBAAoC;AAC7C,SAAO,KAAK,QAAQ,mBAAmB,OACnC,IAAI,KAAK,KAAK,QAAQ,gBAAgB,GACtC;;;;;CAMN,IAAW,YAA8B;AACvC,SAAO,KAAK,QAAQ,aAAa,OAC7B,IAAI,KAAK,KAAK,QAAQ,UAAU,GAChC;;;;;CAMN,IAAW,YAA8B;AACvC,SAAO,KAAK,QAAQ,aAAa,OAC7B,IAAI,KAAK,KAAK,QAAQ,UAAU,GAChC;;;;;CAMN,IAAW,WAA+B;AACxC,SAAO,KAAK,QAAQ;;;;;CAMtB,IAAW,gBAAkC;AAC3C,SAAO,KAAK,QAAQ,iBAAiB,OACjC,IAAI,KAAK,KAAK,QAAQ,cAAc,GACpC;;;;;CAMN,IAAW,YAAkB;AAC3B,SAAO,IAAI,KAAK,KAAK,QAAQ,UAAU;;;;;;CAOzC,IAAW,mBAAuC;AAChD,SAAO,KAAK,QAAQ;;;;;;CAOtB,IAAW,kBAEG;AACZ,SAAO,KAAK,QAAQ;;;;;;;;;;CAWtB,QAAQC,qCAAoB,UAAsC;AAChE,SAAO;GACL,SAAS,SAAS;GAClB,QAAQ,SAAS;GAClB;;CAGH,QAAQC,uCAAsB,MAAkC;AAC9D,SAAO,IAAI,QAAQ;GAAE,QAAQ,KAAK;GAAQ,UAAU,KAAK;GAAS,CAAC;;CAGrE,YAAY,QAQT;OAzOK,UAA4B;AA0OlC,OAAK,SAAS,OAAO;AACrB,MAAI,cAAc,OAChB,MAAK,UAAU,OAAO;OACjB;AACL,QAAK,UAAU,OAAO;AACtB,QAAK,UAAUC,2CAAkB,OAAO,QAAQ;;;;;;;;;;;CAYpD,MAAM,WACJ,OACA,MACkB;AAClB;EACA,MAAM,SAAS,MAAM,KAAK,cAAc;EACxC,MAAM,UAAU,MAAM,OAAO,WAAW;GACtC,WAAW,KAAK,QAAQ;GACxB;GACA,QAAQ,MAAM;GACf,CAAC;AAEF,SAAO,IAAIC,wBAAQ;GACjB;GACA,WAAW,KAAK,QAAQ;GACxB,KAAK,QAAQ,KAAK;GACnB,CAAC;;CAoCJ,MAAM,WACJ,iBACA,MACA,MACoC;AACpC;EACA,MAAM,SAAS,MAAM,KAAK,cAAc;EACxC,MAAMC,SACJ,OAAO,oBAAoB,WACvB;GAAE,KAAK;GAAiB;GAAM,QAAQ,MAAM;GAAQ,GACpD;EACN,MAAM,OAAO,OAAO,WAAW,QAAQ;EACvC,MAAM,WAAW,OAAO,cAAoC;AAC1D,OAAI,CAAC,OAAO,UAAU,CAAC,OAAO,OAC5B;AAGF,OAAI;AACF,eAAW,MAAM,OAAOC,UAAQ,KAAK,EAAE,QAAQ,OAAO,QAAQ,CAAC,CAC7D,KAAI,IAAI,WAAW,SACjB,QAAO,QAAQ,MAAM,IAAI,KAAK;aACrB,IAAI,WAAW,SACxB,QAAO,QAAQ,MAAM,IAAI,KAAK;YAG3B,KAAK;AACZ,QAAI,OAAO,QAAQ,QACjB;AAEF,UAAM;;;AAIV,MAAI,MAAM;GACR,MAAM,gBAAgB,MAAM,OAAO,WAAW;IAC5C,WAAW,KAAK,QAAQ;IACxB,SAAS,OAAO;IAChB,MAAM,OAAO,QAAQ,EAAE;IACvB,KAAK,OAAO;IACZ,KAAK,OAAO,OAAO,EAAE;IACrB,MAAM,OAAO,QAAQ;IACrB,MAAM;IACN,QAAQ,OAAO;IAChB,CAAC;GAEF,MAAMA,YAAU,IAAIF,wBAAQ;IAC1B;IACA,WAAW,KAAK,QAAQ;IACxB,KAAK,cAAc;IACpB,CAAC;GAEF,MAAM,CAAC,YAAY,MAAM,QAAQ,IAAI,CACnC,cAAc,UACd,SAASE,UAAQ,CAClB,CAAC;AACF,UAAO,IAAIC,gCAAgB;IACzB;IACA,WAAW,KAAK,QAAQ;IACxB,KAAK;IACL,UAAU,SAAS,YAAY;IAChC,CAAC;;EAGJ,MAAM,kBAAkB,MAAM,OAAO,WAAW;GAC9C,WAAW,KAAK,QAAQ;GACxB,SAAS,OAAO;GAChB,MAAM,OAAO,QAAQ,EAAE;GACvB,KAAK,OAAO;GACZ,KAAK,OAAO,OAAO,EAAE;GACrB,MAAM,OAAO,QAAQ;GACrB,QAAQ,OAAO;GAChB,CAAC;EAEF,MAAM,UAAU,IAAIH,wBAAQ;GAC1B;GACA,WAAW,KAAK,QAAQ;GACxB,KAAK,gBAAgB,KAAK;GAC3B,CAAC;AAEF,EAAK,SAAS,QAAQ,CAAC,OAAO,QAAQ;AACpC,OAAI,OAAO,QAAQ,QACjB;AAEF,IAAC,OAAO,UAAU,OAAO,SAAS,KAAK,SAAS,IAAI;IACpD;AAEF,SAAO;;;;;;;;;CAUT,MAAM,MAAM,QAAc,MAAgD;AACxE;AAEA,SADe,MAAM,KAAK,cAAc,EAC3B,MAAM;GACjB,WAAW,KAAK,QAAQ;GACxB,MAAMI;GACN,QAAQ,MAAM;GACf,CAAC;;;;;;;;;;CAWJ,MAAM,SACJ,MACA,MACuC;AACvC;AAEA,UADe,MAAM,KAAK,cAAc,EAC1B,SAAS;GACrB,WAAW,KAAK,QAAQ;GACxB,MAAM,KAAK;GACX,KAAK,KAAK;GACV,QAAQ,MAAM;GACf,CAAC;;;;;;;;;;CAWJ,MAAM,iBACJ,MACA,MACwB;AACxB;EAEA,MAAM,SAAS,OADA,MAAM,KAAK,cAAc,EACZ,SAAS;GACnC,WAAW,KAAK,QAAQ;GACxB,MAAM,KAAK;GACX,KAAK,KAAK;GACV,QAAQ,MAAM;GACf,CAAC;AAEF,MAAI,WAAW,KACb,QAAO;AAGT,SAAOC,yCAAgB,OAAO;;;;;;;;;;;;CAahC,MAAM,aACJ,KACA,KACA,MACwB;AACxB;EACA,MAAM,SAAS,MAAM,KAAK,cAAc;AACxC,MAAI,CAAC,KAAK,KACR,OAAM,IAAI,MAAM,wCAAwC;AAG1D,MAAI,CAAC,KAAK,KACR,OAAM,IAAI,MAAM,6CAA6C;EAG/D,MAAM,SAAS,MAAM,OAAO,SAAS;GACnC,WAAW,KAAK,QAAQ;GACxB,MAAM,IAAI;GACV,KAAK,IAAI;GACT,QAAQ,MAAM;GACf,CAAC;AAEF,MAAI,WAAW,KACb,QAAO;AAGT,MAAI;GACF,MAAM,4BAAkB,IAAI,OAAO,IAAI,IAAI,KAAK;AAChD,OAAI,MAAM,eACR,gDAAoB,QAAQ,EAAE,EAAE,WAAW,MAAM,CAAC;AAEpD,uCAAe,kCAA0B,QAAQ,EAAE,EACjD,QAAQ,MAAM,QACf,CAAC;AACF,UAAO;YACC;AACR,UAAO,SAAS;;;;;;;;;;;;;CAcpB,MAAM,WACJ,OACA,MACA;AACA;AAEA,UADe,MAAM,KAAK,cAAc,EAC1B,WAAW;GACvB,WAAW,KAAK,QAAQ;GACxB,KAAK,KAAK,QAAQ;GAClB,YAAY;GACL;GACP,QAAQ,MAAM;GACf,CAAC;;;;;;;;;CAUJ,OAAO,GAAmB;EACxB,MAAM,QAAQ,KAAK,OAAO,MAAM,EAAE,WAAW,QAAQ,EAAE;AACvD,MAAI,MACF,QAAO,WAAW,MAAM,UAAU;MAElC,OAAM,IAAI,MAAM,qBAAqB,IAAI;;;;;;;;;;CAY7C,MAAM,KAAK,MAGkB;AAC3B;AAOA,OAAK,UAAUN,4CALE,OADF,MAAM,KAAK,cAAc,EACV,YAAY;GACxC,WAAW,KAAK,QAAQ;GACxB,QAAQ,MAAM;GACd,UAAU,MAAM;GACjB,CAAC,EACwC,KAAK,QAAQ;AACvD,SAAO,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsCd,MAAM,OACJ,QAGA,MACe;AACf;AACA,MAAI,OAAO,kBAAkB,OAS3B,MAAK,UAAUA,4CAPE,OADF,MAAM,KAAK,cAAc,EACV,oBAAoB;GAChD,WAAW,KAAK,QAAQ;GACxB,eAAe,OAAO;GACtB,QAAQ,MAAM;GACf,CAAC,EAGwC,KAAK,QAAQ;;;;;;;;;;;;;;;;;;;CAqB3D,MAAM,cACJ,UACA,MACe;AACf;AASA,OAAK,UAAUA,4CAPE,OADF,MAAM,KAAK,cAAc,EACV,cAAc;GAC1C,WAAW,KAAK,QAAQ;GACxB;GACA,QAAQ,MAAM;GACf,CAAC,EAGwC,KAAK,QAAQ;;;;;;;;;;;;;CAczD,MAAM,SAAS,MAGO;AACpB;EACA,MAAM,SAAS,MAAM,KAAK,cAAc;EACxC,MAAM,WAAW,MAAM,OAAO,eAAe;GAC3C,WAAW,KAAK,QAAQ;GACxB,YAAY,MAAM;GAClB,QAAQ,MAAM;GACf,CAAC;AAEF,OAAK,UAAUA,2CAAkB,SAAS,KAAK,QAAQ;AAEvD,SAAO,IAAIO,0BAAS;GAClB;GACA,UAAU,SAAS,KAAK;GACzB,CAAC"}

package/dist/session.d.cts

@@ -0,0 +1,406 @@
+import { SandboxRouteData, SessionMetaData } from "./api-client/validators.cjs";
+import { NetworkPolicy, NetworkPolicyRule, NetworkTransformer } from "./network-policy.cjs";
+import { APIClient } from "./api-client/api-client.cjs";
+import { Command, CommandFinished } from "./command.cjs";
+import { Snapshot } from "./snapshot.cjs";
+import { SandboxSnapshot } from "./utils/sandbox-snapshot.cjs";
+import { WORKFLOW_DESERIALIZE, WORKFLOW_SERIALIZE } from "@workflow/serde";
+import { Writable } from "stream";
+
+//#region src/session.d.ts
+
+/**
+ * Serialized representation of a Session for @workflow/serde.
+ */
+interface SerializedSession {
+  session: SandboxSnapshot;
+  routes: SandboxRouteData[];
+}
+/** @inline */
+interface RunCommandParams {
+  /**
+   * The command to execute
+   */
+  cmd: string;
+  /**
+   * Arguments to pass to the command
+   */
+  args?: string[];
+  /**
+   * Working directory to execute the command in
+   */
+  cwd?: string;
+  /**
+   * Environment variables to set for this command
+   */
+  env?: Record<string, string>;
+  /**
+   * If true, execute this command with root privileges. Defaults to false.
+   */
+  sudo?: boolean;
+  /**
+   * If true, the command will return without waiting for `exitCode`
+   */
+  detached?: boolean;
+  /**
+   * A `Writable` stream where `stdout` from the command will be piped
+   */
+  stdout?: Writable;
+  /**
+   * A `Writable` stream where `stderr` from the command will be piped
+   */
+  stderr?: Writable;
+  /**
+   * An AbortSignal to cancel the command execution
+   */
+  signal?: AbortSignal;
+}
+/**
+ * A Session represents a running VM instance within a {@link Sandbox}.
+ *
+ * Obtain a session via {@link Sandbox.currentSession}.
+ */
+declare class Session {
+  private _client;
+  /**
+   * Lazily resolve credentials and construct an API client.
+   * This is used in step contexts where the Sandbox was deserialized
+   * without a client (e.g. when crossing workflow/step boundaries).
+   * Uses getCredentials() which resolves from OIDC or env vars.
+   * @internal
+   */
+  private ensureClient;
+  /**
+   * Routes from ports to subdomains.
+   * @hidden
+   */
+  readonly routes: SandboxRouteData[];
+  /**
+   * Internal metadata about the current session.
+   */
+  private session;
+  private get client();
+  /** @internal */
+  get _sessionSnapshot(): SandboxSnapshot;
+  /**
+   * Unique ID of this session.
+   */
+  get sessionId(): string;
+  get interactivePort(): number | undefined;
+  /**
+   * The status of this session.
+   */
+  get status(): SessionMetaData["status"];
+  /**
+   * The creation date of this session.
+   */
+  get createdAt(): Date;
+  /**
+   * The timeout of this session in milliseconds.
+   */
+  get timeout(): number;
+  /**
+   * The network policy of this session.
+   */
+  get networkPolicy(): NetworkPolicy | undefined;
+  /**
+   * If the session was created from a snapshot, the ID of that snapshot.
+   */
+  get sourceSnapshotId(): string | undefined;
+  /**
+   * Memory allocated to this session in MB.
+   */
+  get memory(): number;
+  /**
+   * Number of vCPUs allocated to this session.
+   */
+  get vcpus(): number;
+  /**
+   * The region where this session is hosted.
+   */
+  get region(): string;
+  /**
+   * Runtime identifier (e.g. "node24", "python3.13").
+   */
+  get runtime(): string;
+  /**
+   * The working directory of this session.
+   */
+  get cwd(): string;
+  /**
+   * When this session was requested.
+   */
+  get requestedAt(): Date;
+  /**
+   * When this session started running.
+   */
+  get startedAt(): Date | undefined;
+  /**
+   * When this session was requested to stop.
+   */
+  get requestedStopAt(): Date | undefined;
+  /**
+   * When this session was stopped.
+   */
+  get stoppedAt(): Date | undefined;
+  /**
+   * When this session was aborted.
+   */
+  get abortedAt(): Date | undefined;
+  /**
+   * The wall-clock duration of this session in milliseconds.
+   */
+  get duration(): number | undefined;
+  /**
+   * When a snapshot was requested for this session.
+   */
+  get snapshottedAt(): Date | undefined;
+  /**
+   * When this session was last updated.
+   */
+  get updatedAt(): Date;
+  /**
+   * The amount of active CPU used by the session. Only reported once the VM is
+   * stopped.
+   */
+  get activeCpuUsageMs(): number | undefined;
+  /**
+   * The amount of network data used by the session. Only reported once the VM
+   * is stopped.
+   */
+  get networkTransfer(): {
+    ingress: number;
+    egress: number;
+  } | undefined;
+  /**
+   * Serialize a Session instance to plain data for @workflow/serde.
+   *
+   * Although Sandbox handles top-level serialization, Session needs these
+   * methods so the Workflow SWC compiler can resolve the class by name.
+   * The `new Session(...)` self-reference in WORKFLOW_DESERIALIZE forces
+   * rolldown to preserve the class name in the compiled output.
+   */
+  static [WORKFLOW_SERIALIZE](instance: Session): SerializedSession;
+  static [WORKFLOW_DESERIALIZE](data: SerializedSession): Session;
+  constructor(params: {
+    client: APIClient;
+    routes: SandboxRouteData[];
+    session: SessionMetaData;
+  } | {
+    /** @internal – used during deserialization with an already-converted snapshot */
+    routes: SandboxRouteData[];
+    snapshot: SandboxSnapshot;
+  });
+  /**
+   * Get a previously run command by its ID.
+   *
+   * @param cmdId - ID of the command to retrieve
+   * @param opts - Optional parameters.
+   * @param opts.signal - An AbortSignal to cancel the operation.
+   * @returns A {@link Command} instance representing the command
+   */
+  getCommand(cmdId: string, opts?: {
+    signal?: AbortSignal;
+  }): Promise<Command>;
+  /**
+   * Start executing a command in this session.
+   *
+   * @param command - The command to execute.
+   * @param args - Arguments to pass to the command.
+   * @param opts - Optional parameters.
+   * @param opts.signal - An AbortSignal to cancel the command execution.
+   * @returns A {@link CommandFinished} result once execution is done.
+   */
+  runCommand(command: string, args?: string[], opts?: {
+    signal?: AbortSignal;
+  }): Promise<CommandFinished>;
+  /**
+   * Start executing a command in detached mode.
+   *
+   * @param params - The command parameters.
+   * @returns A {@link Command} instance for the running command.
+   */
+  runCommand(params: RunCommandParams & {
+    detached: true;
+  }): Promise<Command>;
+  /**
+   * Start executing a command in this session.
+   *
+   * @param params - The command parameters.
+   * @returns A {@link CommandFinished} result once execution is done.
+   */
+  runCommand(params: RunCommandParams): Promise<CommandFinished>;
+  /**
+   * Create a directory in the filesystem of this session.
+   *
+   * @param path - Path of the directory to create
+   * @param opts - Optional parameters.
+   * @param opts.signal - An AbortSignal to cancel the operation.
+   */
+  mkDir(path: string, opts?: {
+    signal?: AbortSignal;
+  }): Promise<void>;
+  /**
+   * Read a file from the filesystem of this session as a stream.
+   *
+   * @param file - File to read, with path and optional cwd
+   * @param opts - Optional parameters.
+   * @param opts.signal - An AbortSignal to cancel the operation.
+   * @returns A promise that resolves to a ReadableStream containing the file contents, or null if file not found
+   */
+  readFile(file: {
+    path: string;
+    cwd?: string;
+  }, opts?: {
+    signal?: AbortSignal;
+  }): Promise<NodeJS.ReadableStream | null>;
+  /**
+   * Read a file from the filesystem of this session as a Buffer.
+   *
+   * @param file - File to read, with path and optional cwd
+   * @param opts - Optional parameters.
+   * @param opts.signal - An AbortSignal to cancel the operation.
+   * @returns A promise that resolves to the file contents as a Buffer, or null if file not found
+   */
+  readFileToBuffer(file: {
+    path: string;
+    cwd?: string;
+  }, opts?: {
+    signal?: AbortSignal;
+  }): Promise<Buffer | null>;
+  /**
+   * Download a file from the session to the local filesystem.
+   *
+   * @param src - Source file on the session, with path and optional cwd
+   * @param dst - Destination file on the local machine, with path and optional cwd
+   * @param opts - Optional parameters.
+   * @param opts.mkdirRecursive - If true, create parent directories for the destination if they don't exist.
+   * @param opts.signal - An AbortSignal to cancel the operation.
+   * @returns The absolute path to the written file, or null if the source file was not found
+   */
+  downloadFile(src: {
+    path: string;
+    cwd?: string;
+  }, dst: {
+    path: string;
+    cwd?: string;
+  }, opts?: {
+    mkdirRecursive?: boolean;
+    signal?: AbortSignal;
+  }): Promise<string | null>;
+  /**
+   * Write files to the filesystem of this session.
+   * Defaults to writing to /vercel/sandbox unless an absolute path is specified.
+   * Writes files using the `vercel-sandbox` user.
+   *
+   * @param files - Array of files with path and stream/buffer contents
+   * @param opts - Optional parameters.
+   * @param opts.signal - An AbortSignal to cancel the operation.
+   * @returns A promise that resolves when the files are written
+   */
+  writeFiles(files: {
+    path: string;
+    content: string | Uint8Array;
+    mode?: number;
+  }[], opts?: {
+    signal?: AbortSignal;
+  }): Promise<void>;
+  /**
+   * Get the public domain of a port of this session.
+   *
+   * @param p - Port number to resolve
+   * @returns A full domain (e.g. `https://subdomain.vercel.run`)
+   * @throws If the port has no associated route
+   */
+  domain(p: number): string;
+  /**
+   * Stop this session.
+   *
+   * @param opts - Optional parameters.
+   * @param opts.signal - An AbortSignal to cancel the operation.
+   * @param opts.blocking - If true, poll until the session has fully stopped and return the final state.
+   * @returns The session at the time the stop was acknowledged, or after fully stopped if `blocking` is true.
+   */
+  stop(opts?: {
+    signal?: AbortSignal;
+    blocking?: boolean;
+  }): Promise<SandboxSnapshot>;
+  /**
+   * Update the current session's settings.
+   *
+   * @param params - Fields to update.
+   * @param params.networkPolicy - The new network policy to apply.
+   * @param opts - Optional parameters.
+   * @param opts.signal - An AbortSignal to cancel the operation.
+   *
+   * @example
+   * // Restrict to specific domains
+   * await session.update({
+   *   networkPolicy: {
+   *     allow: ["*.npmjs.org", "github.com"],
+   *   }
+   * });
+   *
+   * @example
+   * // Inject credentials with per-domain transformers
+   * await session.update({
+   *   networkPolicy: {
+   *     allow: {
+   *       "ai-gateway.vercel.sh": [{
+   *         transform: [{
+   *           headers: { authorization: "Bearer ..." }
+   *         }]
+   *       }],
+   *       "*": []
+   *     }
+   *   }
+   * });
+   *
+   * @example
+   * // Deny all network access
+   * await session.update({ networkPolicy: "deny-all" });
+   */
+  update(params: {
+    networkPolicy?: NetworkPolicy;
+  }, opts?: {
+    signal?: AbortSignal;
+  }): Promise<void>;
+  /**
+   * Extend the timeout of the session by the specified duration.
+   *
+   * This allows you to extend the lifetime of a session up until the maximum
+   * execution timeout for your plan.
+   *
+   * @param duration - The duration in milliseconds to extend the timeout by
+   * @param opts - Optional parameters.
+   * @param opts.signal - An AbortSignal to cancel the operation.
+   * @returns A promise that resolves when the timeout is extended
+   *
+   * @example
+   * const sandbox = await Sandbox.create({ timeout: ms('10m') });
+   * const session = sandbox.currentSession();
+   * // Extends timeout by 5 minutes, to a total of 15 minutes.
+   * await session.extendTimeout(ms('5m'));
+   */
+  extendTimeout(duration: number, opts?: {
+    signal?: AbortSignal;
+  }): Promise<void>;
+  /**
+   * Create a snapshot from this currently running session. New sandboxes can
+   * then be created from this snapshot using {@link Sandbox.create}.
+   *
+   * Note: this session will be stopped as part of the snapshot creation process.
+   *
+   * @param opts - Optional parameters.
+   * @param opts.expiration - Optional expiration time in milliseconds. Use 0 for no expiration at all.
+   * @param opts.signal - An AbortSignal to cancel the operation.
+   * @returns A promise that resolves to the Snapshot instance
+   */
+  snapshot(opts?: {
+    expiration?: number;
+    signal?: AbortSignal;
+  }): Promise<Snapshot>;
+}
+//#endregion
+export { RunCommandParams, Session };
+//# sourceMappingURL=session.d.cts.map