npm - eve - Versions diffs - 0.7.3 → 0.8.0 - Mend

eve 0.7.3 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (349) hide show

package/dist/src/execution/sandbox/bindings/local-backend-utils.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { SandboxSeedFile } from "#shared/sandbox-backend.js";
+import type { InternalSandboxSession, SandboxProcess, SandboxRemovePathOptions, SandboxSession, SandboxSpawnOptions } from "#shared/sandbox-session.js";
+export interface FileBackedSandbox {
+    readFileBytes(path: string): Promise<Buffer | null>;
+    removePath(options: SandboxRemovePathOptions): Promise<void>;
+    spawn(options: SandboxSpawnOptions): Promise<SandboxProcess>;
+    writeFiles(files: ReadonlyArray<{
+        readonly path: string;
+        readonly content: Uint8Array;
+    }>): Promise<void>;
+}
+export declare function createFileBackedInternalSandboxSession(input: {
+    readonly id: string;
+    readonly sandbox: FileBackedSandbox;
+}): InternalSandboxSession;
+export declare function resolveWorkspacePath(path: string): string;
+export declare function pathExists(path: string): Promise<boolean>;
+export declare function copyDirectoryAtomically(sourcePath: string, targetPath: string): Promise<void>;
+export declare function touchDirectory(path: string): Promise<void>;
+export declare function resolveLocalBackendTemplateRootPath(cacheDirectory: string, backendCacheName: string, templateKey: string): string;
+export declare function resolveLocalBackendTemplatesDirectory(cacheDirectory: string, backendCacheName: string): string;
+export declare function resolveLocalBackendSessionRootPath(cacheDirectory: string, backendCacheName: string, sessionKey: string): string;
+export declare function writeSandboxSeedFiles(session: Pick<SandboxSession, "writeBinaryFile" | "writeTextFile">, seedFiles: ReadonlyArray<SandboxSeedFile>): Promise<void>;

package/dist/src/execution/sandbox/bindings/local-backend-utils.js ADDED Viewed

@@ -0,0 +1 @@

+ import{dirname,join}from"node:path";import{access,cp,mkdir,rename,rm,utimes}from"node:fs/promises";import{randomUUID}from"node:crypto";import{WORKSPACE_ROOT}from"#runtime/workspace/types.js";import{bufferToStream,streamToBuffer}from"#execution/sandbox/stream-utils.js";function createFileBackedInternalSandboxSession(e){return{id:e.id,resolvePath:resolveWorkspacePath,async spawn(t){return await e.sandbox.spawn(t)},async readFile(t){let n=await e.sandbox.readFileBytes(t.path);return n===null?null:bufferToStream(n)},async removePath(t){await e.sandbox.removePath(t)},async writeFile(t){let n=await streamToBuffer(t.content);await e.sandbox.writeFiles([{content:n,path:t.path}])}}}function resolveWorkspacePath(e){return e.startsWith(`/`)?e:`${WORKSPACE_ROOT}/${e}`}async function pathExists(e){try{return await access(e),!0}catch{return!1}}async function copyDirectoryAtomically(t,n){let i=`${n}.${randomUUID()}.tmp`;await rm(i,{force:!0,recursive:!0}),await mkdir(dirname(n),{recursive:!0});try{await cp(t,i,{recursive:!0}),await rename(i,n)}catch(e){if(await rm(i,{force:!0,recursive:!0}).catch(()=>{}),await pathExists(n))return;throw e}}async function touchDirectory(e){let t=new Date;await utimes(e,t,t)}function resolveLocalBackendTemplateRootPath(e,n,r){return join(resolveLocalBackendTemplatesDirectory(e,n),r)}function resolveLocalBackendTemplatesDirectory(e,n){return join(e,n,`templates`)}function resolveLocalBackendSessionRootPath(e,n,r){return join(e,n,`sessions`,r)}async function writeSandboxSeedFiles(e,t){for(let n of t)typeof n.content==`string`?await e.writeTextFile({content:n.content,path:n.path}):await e.writeBinaryFile({content:n.content,path:n.path})}export{copyDirectoryAtomically,createFileBackedInternalSandboxSession,pathExists,resolveLocalBackendSessionRootPath,resolveLocalBackendTemplateRootPath,resolveLocalBackendTemplatesDirectory,resolveWorkspacePath,touchDirectory,writeSandboxSeedFiles};

package/dist/src/execution/sandbox/bindings/local-template-prune.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Shared staleness selection for local sandbox template stores (the
+ * just-bash directory cache and the Docker template-image markers).
+ *
+ * An entry is stale when it is neither among the `retainCount` most
+ * recently used entries nor used within the trailing `recentWindowMs`.
+ */
+export declare function selectStaleTemplateEntries<T extends {
+    readonly mtimeMs: number;
+}>(entries: readonly T[], input: {
+    readonly now: number;
+    readonly recentWindowMs: number;
+    readonly retainCount: number;
+}): T[];
+export declare const LOCAL_SANDBOX_TEMPLATE_RECENT_WINDOW_MS: number;
+export declare const LOCAL_SANDBOX_TEMPLATE_RETAIN_COUNT = 5;

package/dist/src/execution/sandbox/bindings/local-template-prune.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ function selectStaleTemplateEntries(e,t){return[...e].sort((e,t)=>t.mtimeMs-e.mtimeMs).filter((e,n)=>n>=t.retainCount&&t.now-e.mtimeMs>t.recentWindowMs)}const LOCAL_SANDBOX_TEMPLATE_RECENT_WINDOW_MS=900*1e3,LOCAL_SANDBOX_TEMPLATE_RETAIN_COUNT=5;export{LOCAL_SANDBOX_TEMPLATE_RECENT_WINDOW_MS,LOCAL_SANDBOX_TEMPLATE_RETAIN_COUNT,selectStaleTemplateEntries};

package/dist/src/execution/sandbox/bindings/local.d.ts CHANGED Viewed

@@ -1,33 +1,24 @@
-import type { SandboxBackend } from "#public/definitions/sandbox-backend.js";
-import type { LocalSandboxCreateOptions } from "#public/sandbox/local-sandbox.js";
+export { createDockerSandboxBackend, DOCKER_BACKEND_NAME, pruneDockerSandboxTemplates, } from "#execution/sandbox/bindings/docker.js";
+export { isDockerDaemonAvailableSync } from "#execution/sandbox/bindings/docker-cli.js";
+export { createJustBashSandboxBackend, JUST_BASH_BACKEND_NAME, pruneJustBashSandboxTemplates, } from "#execution/sandbox/bindings/just-bash.js";
+export { createMicrosandboxSandboxBackend, MICROSANDBOX_BACKEND_NAME, pruneMicrosandboxTemplates, } from "#execution/sandbox/bindings/microsandbox.js";
+export { isMicrosandboxPlatformSupported } from "#execution/sandbox/bindings/microsandbox-platform.js";
+export { stopDevelopmentSandboxResources } from "#execution/sandbox/development-cleanup.js";
 /**
- * Construction input for {@link createLocalSandboxBackend}. Internal —
- * the public surface is the `localBackend()` factory under
- * `eve/sandbox`.
+ * Removes stale local sandbox template state for one application
+ * across every local engine: just-bash template directories, Docker
+ * template images (tracked through per-app marker files), and
+ * microsandbox template snapshots. Docker pruning silently skips when
+ * no Docker runtime is reachable so docker-less setups stay quiet.
  */
-export interface CreateLocalSandboxBackendInput {
-    readonly createOptions?: LocalSandboxCreateOptions;
-}
-/**
- * Creates the local just-bash-backed sandbox backend.
- *
- * The cache directory is derived from the runtime context's `appRoot`
- * on every `create` call so the backend stays stateless and matches
- * the framework's per-call dispatch contract.
- *
- * Accepts `createOptions` for parity with other backends; the local
- * backend currently has no consumer-controllable create options so the
- * value is reserved for future widening of {@link LocalSandboxCreateOptions}.
- */
-export declare function createLocalSandboxBackend(_input?: CreateLocalSandboxBackendInput): SandboxBackend;
-/**
- * Starts best-effort cleanup for stale local just-bash templates without
- * delaying `eve dev` startup or rebuild handling.
- */
-export declare function pruneLocalSandboxTemplatesInBackground(appRoot: string): void;
 export declare function pruneLocalSandboxTemplates(input: {
     readonly appRoot: string;
     readonly now?: number;
     readonly recentWindowMs?: number;
     readonly retainCount?: number;
 }): Promise<void>;
+/**
+ * Starts best-effort cleanup for stale local sandbox templates without
+ * delaying `eve dev` startup or rebuild handling.
+ */
+export declare function pruneLocalSandboxTemplatesInBackground(appRoot: string): void;

package/dist/src/execution/sandbox/bindings/local.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{~~dirname~~,~~join}from"node:path";import"node:fs";import{access~~,~~cp,mkdir,readFile,readdir,rename,rm,stat,utimes,writeFile~~}from"~~node:fs/promises";import{resolveSandboxCacheDirectory}from"~~#~~internal~~/~~application~~/~~paths~~.js";import{~~randomUUID~~}from"~~node:crypto";import{shellQuote}from"~~#execution/sandbox/~~shell-quote~~.js";import{~~SandboxTemplateNotProvisionedError~~}from"#~~public~~/~~definitions~~/~~sandbox~~-~~backend~~.js";import{~~WORKSPACE_ROOT~~}from"#~~runtime~~/~~workspace~~/~~types~~.js";import{~~buildSandboxSession~~}from"#execution/sandbox/~~session~~.js";import{~~bufferToStream,streamToBuffer~~}from"#execution/sandbox/~~stream~~-~~utils~~.js";function ~~createLocalSandboxBackend~~(t~~={}~~){~~return{name:`local`,async~~ ~~prewarm(t){let n=resolveTemplateRootPath(resolveSandboxCacheDirectory(t~~.~~runtimeContext.appRoot),t.templateKey);if~~(~~await doesPathExist(n))return await touchDirectory(n),{reused:!0};let r=`${n}.${randomUUID()}.tmp`,a=!~~1~~,o=await createBashSandbox~~(~~{rootPath:r,sessionKey:~~t~~.templateKey}~~),~~l=buildSandboxSession~~(~~createLocalInternalSandboxSession(o),localSetNetworkPolicyUnsupported);try{~~t~~.bootstrap!==void 0&&await t.bootstrap({use:async(~~)~~=>l});for(let e of t.seedFiles)typeof e.content==`string`?await l.writeTextFile({content:e.content~~,~~path:e.path}):await l.writeBinaryFile~~(~~{content:e.content,path:e.path});if(await o.captureState()===null)throw Error(`Failed to capture local sandbox template state for "${~~t~~.templateKey}".`~~)~~;await mkdir(dirname(n),{recursive:!0});try{await rename(r,n),a=!0}catch(e){if(await doesPathExist(n))return{reused:!0};throw e}}finally{await o~~.~~dispose(),a\|\|await rm(r,{force:!0,recursive:!0}).~~catch(()=>{~~})}return{reused:!1}},async create(e){let t=resolveSandboxCacheDirectory(e.runtimeContext.appRoot),n=getLocalRootPath(e.existingMetadata)??resolveSessionRootPath(t,e.sessionKey);~~if(!~~await doesPathExist~~(~~n))if(e.templateKey===null)await~~ ~~mkdir(n,{recursive:!0});else{let~~ ~~r=resolveTemplateRootPath(~~t~~,e.templateKey);if(!await~~ ~~doesPathExist(r~~))throw ~~new SandboxTemplateNotProvisionedError({backendName:`local`,templateKey:e.templateKey~~})~~;await copyDirectoryAtomically(r,n~~)}~~return createHandle(await createBashSandbox({rootPath:n,sessionKey:e.sessionKey}))}}}~~function pruneLocalSandboxTemplatesInBackground(e){pruneLocalSandboxTemplates({appRoot:e}).catch(e=>{console.warn(`[eve:dev] failed to prune stale local sandbox templates: ${errorMessage(e)}`)})}~~async~~ function ~~pruneLocalSandboxTemplates~~(e){~~let~~ ~~n=resolveTemplatesDirectory(resolveSandboxCacheDirectory(~~e~~.appRoot)),r=e.now??Date.now(),i=e.recentWindowMs??9e5,a=e.retainCount??5,s;try{s=await~~ ~~readdir(n,{withFileTypes:!0})}catch(e){if(e~~ instanceof Error&&`code`in e&&e.code===`ENOENT`)return;throw e}let u=(await Promise.all(s.filter(e=>e.isDirectory()).map(async e=>{let r=join(n,e.name);return{isTemporary:e.name.endsWith(`.tmp`),mtimeMs:(await stat(r)).mtimeMs,path:r}}))).sort((e,t)=>t.mtimeMs-e.mtimeMs),d=u.filter(e=>!e.isTemporary);await Promise.all([...d.map(async(e,t)=>{t<a\|\|r-e.mtimeMs<=i\|\|await rm(e.path,{force:!0,recursive:!0})}),...u.filter(e=>e.isTemporary).map(async e=>{r-e.mtimeMs<=i\|\|await rm(e.path,{force:!0,recursive:!0})})])}async function copyDirectoryAtomically(t,n){let a=`${n}.${randomUUID()}.tmp`;await rm(a,{force:!0,recursive:!0}),await mkdir(dirname(n),{recursive:!0});try{await cp(t,a,{recursive:!0}),await rename(a,n)}catch(e){if(await rm(a,{force:!0,recursive:!0}).catch(()=>{}),await doesPathExist(n))return;throw e}}async function createBashSandbox(t){let{ReadWriteFs:n,Sandbox:r}=await import(`#compiled/just-bash/index.js`),a=resolveLocalSandboxFilesystemRootPath(t.rootPath),o=resolveLocalSandboxMetadataPath(t.rootPath),s=await readLocalMetadata(o);await mkdir(a,{recursive:!0});let c=new n({allowSymlinks:!0,maxFileReadSize:2**53-1,root:a});await ensureLocalSandboxDirectories(c);let l=await r.create({cwd:WORKSPACE_ROOT,env:s?.env,fs:c,network:{dangerouslyAllowFullInternetAccess:!0}});return{async captureState(){return await writeLocalMetadata(o,{env:{...l.bashEnvInstance.getEnv()},version:1}),{rootPath:t.rootPath}},async dispose(){await l.stop()},async readFileBytes(e){let t;try{t=await c.readFileBuffer(e)}catch{return null}return Buffer.from(t)},async removePath(e){await c.rm(e.path,{force:e.force,recursive:e.recursive})},rootPath:t.rootPath,sessionKey:t.sessionKey,async spawn(e){if(e.abortSignal?.aborted)throw new DOMException(`The operation was aborted.`,`AbortError`);let t=e.workingDirectory===void 0?e.~~command:`( cd ${shellQuote(e.workingDirectory)} && ${e.command} )`;return adaptJustBashCommandToSandboxProcess(await l.runCommand({args~~:~~[t],cmd:`eval`,detached:!0,env:e.env,signal:e.abortSignal}))},async writeFiles~~(~~t){for(let n of t){let t=dirname(n.path);await c.mkdir(t,{recursive:!0}),await c.writeFile(n.path,n.content)}}}}function adaptJustBashCommandToSandboxProcess(~~e)~~{let t=new TextEncoder,n,r,i=!1,a,o=new ReadableStream({start(e){n=e~~}~~}),s=new ReadableStream(~~{~~start(e){r=e}});return(async()=>{try{for await(let i of e.logs()){let e=t.encode(i.data);i.type===`stdout`?n?.enqueue(e):r?.enqueue(e)}}catch(e){a=e~~,~~n?.error(e)~~,~~r?.error(e)}finally{i=!0~~,~~a===void 0&&(n?.close()~~,~~r?.close())}})()~~,~~{stdout:o~~,~~stderr:s~~,~~async wait(){let t=await e.wait();for(;!i;)await new Promise(e=>setTimeout(e~~,~~0));if(a!==void 0)throw a;return{exitCode:t.exitCode}}~~,async kill(){await e.kill()}}}async function localSetNetworkPolicyUnsupported(){throw Error(`setNetworkPolicy() is not supported on the local sandbox backend. just-bash applies its network policy only at sandbox creation (no run-time update) and does not run git or other binaries. Use the Vercel backend for credential brokering and egress control.`)}function createHandle(e){let t=buildSandboxSession(createLocalInternalSandboxSession(e),~~localSetNetworkPolicyUnsupported);return{session:t~~,~~useSessionFn:async()=>t~~,~~async captureState(){return{backendName:`local`,metadata:await e.captureState()??{}~~,~~sessionKey:e.sessionKey~~}},async dispose(){await e.dispose()}}}function createLocalInternalSandboxSession(e){return{id:e.sessionKey,resolvePath:resolveLocalPath,async spawn(t){return await e.spawn(t)},async readFile(t){let n=await e.readFileBytes(t.path);return n===null?null:bufferToStream(n)},async removePath(t){await e.removePath(t)},async writeFile(t){let n=await streamToBuffer(t.content);await e.writeFiles([{content:n,path:t.path}])}}}function resolveLocalPath(e){return e.startsWith(`/`)?e:`${WORKSPACE_ROOT}/${e}`}function resolveTemplateRootPath(e,n){return join(resolveTemplatesDirectory(e),n)}function resolveTemplatesDirectory(e){return join(e,`local`,`templates`)}function resolveSessionRootPath(e,n){return join(e,`local`,`sessions`,n)}function resolveLocalSandboxFilesystemRootPath(e){return join(e,`fs`)}function resolveLocalSandboxMetadataPath(e){return join(e,`metadata.json`)}async function ensureLocalSandboxDirectories(e){await e.mkdir(WORKSPACE_ROOT,{recursive:!0})}async function readLocalMetadata(e){if(!await doesPathExist(e))return null;let t=JSON.parse(await readFile(e,`utf8`));return t.version!==1\|\|!isStringRecord(t.env)?null:{env:t.env,version:1}}async function writeLocalMetadata(t,n){await mkdir(dirname(t),{recursive:!0}),await writeFile(t,`${JSON.stringify(n,null,2)}\n`)}function getLocalRootPath(e){let t=e?.rootPath;return typeof t==`string`?t:void 0}function isStringRecord(e){return typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).every(e=>typeof e==`string`)}async function doesPathExist(e){try{return await access(e),!0}catch{return!1}}async function touchDirectory(e){let t=new Date;await utimes(e,t,t)}function errorMessage(e){return e instanceof Error?e.message:String(e)}export{createLocalSandboxBackend,pruneLocalSandboxTemplates,pruneLocalSandboxTemplatesInBackground};
1	+ import{DockerDaemonUnavailableError,DockerUnavailableError,isDockerDaemonAvailableSync}from"#execution/sandbox/bindings/docker-cli.js";import{DOCKER_BACKEND_NAME,createDockerSandboxBackend,pruneDockerSandboxTemplates,pruneDockerSandboxTemplates as pruneDockerSandboxTemplates$1}from"#execution/sandbox/bindings/docker.js";import{JUST_BASH_BACKEND_NAME,createJustBashSandboxBackend,pruneJustBashSandboxTemplates,pruneJustBashSandboxTemplates as pruneJustBashSandboxTemplates$1}from"#execution/sandbox/bindings/just-bash.js";import{MICROSANDBOX_BACKEND_NAME,createMicrosandboxSandboxBackend,pruneMicrosandboxTemplates,pruneMicrosandboxTemplates as pruneMicrosandboxTemplates$1}from"#execution/sandbox/bindings/microsandbox.js";import{isMicrosandboxPlatformSupported}from"#execution/sandbox/bindings/microsandbox-platform.js";import{stopDevelopmentSandboxResources}from"#execution/sandbox/development-cleanup.js";async function pruneLocalSandboxTemplates(t){await Promise.all([pruneJustBashSandboxTemplates$1(t),pruneMicrosandboxTemplates$1(t),pruneDockerSandboxTemplates$1(t).catch(t=>{if(!(t instanceof DockerUnavailableError\|\|t instanceof DockerDaemonUnavailableError))throw t})])}function pruneLocalSandboxTemplatesInBackground(e){pruneLocalSandboxTemplates({appRoot:e}).catch(e=>{console.warn(`[eve:dev] failed to prune stale local sandbox templates: ${errorMessage(e)}`)})}function errorMessage(e){return e instanceof Error?e.message:String(e)}export{DOCKER_BACKEND_NAME,JUST_BASH_BACKEND_NAME,MICROSANDBOX_BACKEND_NAME,createDockerSandboxBackend,createJustBashSandboxBackend,createMicrosandboxSandboxBackend,isDockerDaemonAvailableSync,isMicrosandboxPlatformSupported,pruneDockerSandboxTemplates,pruneJustBashSandboxTemplates,pruneLocalSandboxTemplates,pruneLocalSandboxTemplatesInBackground,pruneMicrosandboxTemplates,stopDevelopmentSandboxResources};

package/dist/src/execution/sandbox/bindings/microsandbox-lifecycle.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { ResolvedMicrosandboxOptions } from "#execution/sandbox/bindings/microsandbox-options.js";
+import type { SandboxBackendCreateInput, SandboxBackendHandle, SandboxBackendPrewarmInput, SandboxBackendPrewarmResult } from "#public/definitions/sandbox-backend.js";
+import type { MicrosandboxBootstrapUseOptions, MicrosandboxSessionUseOptions } from "#public/sandbox/microsandbox-sandbox.js";
+export declare function prewarmMicrosandboxTemplate(input: {
+    readonly backendName: string;
+    readonly options: ResolvedMicrosandboxOptions;
+    readonly optionsHash: string;
+    readonly prewarmInput: SandboxBackendPrewarmInput<MicrosandboxBootstrapUseOptions>;
+}): Promise<SandboxBackendPrewarmResult>;
+export declare function createMicrosandboxHandle(input: {
+    readonly backendName: string;
+    readonly createInput: SandboxBackendCreateInput;
+    readonly options: ResolvedMicrosandboxOptions;
+    readonly optionsHash: string;
+}): Promise<SandboxBackendHandle<MicrosandboxSessionUseOptions>>;
+export declare function clearActiveMicrosandboxSessionHandlesForTest(): void;

package/dist/src/execution/sandbox/bindings/microsandbox-lifecycle.js ADDED Viewed

@@ -0,0 +1 @@

+ import{dirname}from"node:path";import{mkdir,rename,rm}from"node:fs/promises";import{resolveSandboxCacheDirectory}from"#internal/application/paths.js";import{randomUUID}from"node:crypto";import{withDevelopmentSandboxMetadataPathTag}from"#execution/sandbox/development-run.js";import{createFileBackedInternalSandboxSession,touchDirectory,writeSandboxSeedFiles}from"#execution/sandbox/bindings/local-backend-utils.js";import{createLoggingSandboxSession}from"#execution/sandbox/logging-session.js";import{buildSandboxSession}from"#execution/sandbox/session.js";import{SandboxTemplateNotProvisionedError}from"#public/definitions/sandbox-backend.js";import{MICROSANDBOX_METADATA_VERSION,readSessionMetadata,readSessionMetadataRecord,readTemplateMetadata,resolveMicrosandboxMetadataPath,writeTemplateMetadata}from"#execution/sandbox/bindings/microsandbox-metadata.js";import{connectMicrosandbox,createPreparedMicrosandbox,createProviderName,doesPathExist,loadMicrosandboxModule,removeSnapshotIfExists,sandboxExists,snapshotExists}from"#execution/sandbox/bindings/microsandbox-runtime.js";import{resolveMicrosandboxSessionRootPath,resolveMicrosandboxTemplateRootPath}from"#execution/sandbox/bindings/microsandbox-templates.js";const activeMicrosandboxSessionHandles=new Map;async function prewarmMicrosandboxTemplate(i){i.prewarmInput.log?.(`loading microsandbox runtime`);let a=await loadMicrosandboxModule({appRoot:i.prewarmInput.runtimeContext.appRoot,log:i.prewarmInput.log,options:i.options}),u=resolveMicrosandboxTemplateRootPath(resolveSandboxCacheDirectory(i.prewarmInput.runtimeContext.appRoot),i.prewarmInput.templateKey),f=resolveMicrosandboxMetadataPath(u);i.prewarmInput.log?.(`checking cached snapshot`);let p=await readTemplateMetadata(f);if(p?.optionsHash===i.optionsHash&&await snapshotExists(a,p.snapshotName))return i.prewarmInput.log?.(`reusing cached snapshot`),await touchDirectory(u),{reused:!0};let h=createProviderName(`eve-sbx-tpl`,i.prewarmInput.templateKey,i.optionsHash),_=`${u}.${randomUUID()}.tmp`,v=createProviderName(`eve-sbx-tpl-tmp`,`${i.prewarmInput.templateKey}:${randomUUID()}`);await removeSnapshotIfExists(a,h),await rm(_,{force:!0,recursive:!0}),await mkdir(_,{recursive:!0}),i.prewarmInput.log?.(`creating template VM from image "${i.options.image}"`);let y=await createPreparedMicrosandbox({log:i.prewarmInput.log,module:a,name:v,networkPolicy:i.options.networkPolicy,options:i.options,sessionKey:i.prewarmInput.templateKey,setupBaseRuntime:!0,tags:void 0}),b=buildSandboxSession(createMicrosandboxInternalSession(y),async e=>{await y.setNetworkPolicy(e)});try{i.prewarmInput.bootstrap!==void 0&&(i.prewarmInput.log?.(`running sandbox bootstrap`),await i.prewarmInput.bootstrap({use:async e=>(e?.networkPolicy!==void 0&&await y.setNetworkPolicy(e.networkPolicy),createLoggingSandboxSession({log:i.prewarmInput.log,session:b}))})),i.prewarmInput.seedFiles.length>0&&i.prewarmInput.log?.(`writing ${i.prewarmInput.seedFiles.length} seed file(s)`),await writeSandboxSeedFiles(b,i.prewarmInput.seedFiles),i.prewarmInput.log?.(`snapshotting template VM`),await y.stopAndSnapshot(h),await writeTemplateMetadata(resolveMicrosandboxMetadataPath(_),{optionsHash:i.optionsHash,snapshotName:h,version:MICROSANDBOX_METADATA_VERSION}),await mkdir(dirname(u),{recursive:!0}),await rm(u,{force:!0,recursive:!0});try{await rename(_,u)}catch(e){if(await doesPathExist(u))return{reused:!0};throw e}}finally{await y.removePersisted(),await rm(_,{force:!0,recursive:!0}).catch(()=>{})}return{reused:!1}}async function createMicrosandboxHandle(e){let t=await loadMicrosandboxModule({appRoot:e.createInput.runtimeContext.appRoot,options:e.options}),n=resolveSandboxCacheDirectory(e.createInput.runtimeContext.appRoot),r=resolveMicrosandboxSessionRootPath(n,e.createInput.sessionKey),a=createActiveMicrosandboxSessionKey(r,e.optionsHash),o=activeMicrosandboxSessionHandles.get(a);if(o!==void 0)return o;let s=resolveMicrosandboxMetadataPath(r),c=readSessionMetadataRecord(e.createInput.existingMetadata)??await readSessionMetadata(s),l=withDevelopmentSandboxMetadataPathTag(e.createInput.tags,s);if(c?.optionsHash===e.optionsHash&&(await sandboxExists(t,c.sandboxName)||c.stateSnapshotName!==void 0&&await snapshotExists(t,c.stateSnapshotName)))return cacheHandle(a,createHandle(await connectMicrosandbox({metadata:c,metadataPath:s,module:t,options:e.options,sessionKey:e.createInput.sessionKey,tags:l}),e.backendName,e.optionsHash,()=>{activeMicrosandboxSessionHandles.delete(a)}));let d=null;if(e.createInput.templateKey!==null){let r=await readTemplateMetadata(resolveMicrosandboxMetadataPath(resolveMicrosandboxTemplateRootPath(n,e.createInput.templateKey)));if(r===null||r.optionsHash!==e.optionsHash||!await snapshotExists(t,r.snapshotName))throw new SandboxTemplateNotProvisionedError({backendName:e.backendName,templateKey:e.createInput.templateKey});d=r.snapshotName}let m=createProviderName(`eve-sbx-ses`,`${e.createInput.sessionKey}:${randomUUID()}`),g=await createPreparedMicrosandbox({fromSnapshot:d??void 0,module:t,name:m,networkPolicy:e.options.networkPolicy,options:e.options,sessionKey:e.createInput.sessionKey,setupBaseRuntime:d===null,tags:l});return await g.writeMetadata(s,e.optionsHash),cacheHandle(a,createHandle(g,e.backendName,e.optionsHash,()=>{activeMicrosandboxSessionHandles.delete(a)}))}function createHandle(e,t,n,r){return{session:buildSandboxSession(createMicrosandboxInternalSession(e),async t=>{await e.setNetworkPolicy(t)}),useSessionFn:async t=>(t?.networkPolicy!==void 0&&await e.setNetworkPolicy(t.networkPolicy),buildSandboxSession(createMicrosandboxInternalSession(e),async t=>{await e.setNetworkPolicy(t)})),async captureState(){return{backendName:t,metadata:{...await e.captureState(n)},sessionKey:e.id}},async dispose(){r?.(),await e.detach()}}}function createMicrosandboxInternalSession(e){return createFileBackedInternalSandboxSession({id:e.id,sandbox:e})}function createActiveMicrosandboxSessionKey(e,t){return`${e}\0${t}`}function cacheHandle(e,t){return activeMicrosandboxSessionHandles.set(e,t),t}function clearActiveMicrosandboxSessionHandlesForTest(){activeMicrosandboxSessionHandles.clear()}export{clearActiveMicrosandboxSessionHandlesForTest,createMicrosandboxHandle,prewarmMicrosandboxTemplate};

package/dist/src/execution/sandbox/bindings/microsandbox-metadata.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import type { SandboxNetworkPolicy } from "#shared/sandbox-network-policy.js";
+export declare const MICROSANDBOX_METADATA_VERSION = 2;
+export declare const MICROSANDBOX_METADATA_FILE_NAME = "metadata.json";
+export interface MicrosandboxTemplateMetadata {
+    readonly optionsHash: string;
+    readonly snapshotName: string;
+    readonly version: typeof MICROSANDBOX_METADATA_VERSION;
+}
+export interface MicrosandboxSessionMetadata {
+    readonly networkPolicy?: SandboxNetworkPolicy;
+    readonly optionsHash: string;
+    readonly sandboxName: string;
+    readonly stateSnapshotName?: string;
+    readonly version: typeof MICROSANDBOX_METADATA_VERSION;
+}
+export declare function resolveMicrosandboxMetadataPath(rootPath: string): string;
+export declare function readTemplateMetadata(path: string): Promise<MicrosandboxTemplateMetadata | null>;
+export declare function writeTemplateMetadata(path: string, metadata: MicrosandboxTemplateMetadata): Promise<void>;
+export declare function readSessionMetadata(path: string): Promise<MicrosandboxSessionMetadata | null>;
+export declare function readSessionMetadataRecord(value: unknown): MicrosandboxSessionMetadata | null;
+export declare function writeSessionMetadata(path: string, metadata: MicrosandboxSessionMetadata): Promise<void>;

package/dist/src/execution/sandbox/bindings/microsandbox-metadata.js ADDED Viewed

@@ -0,0 +1 @@

+ import{dirname,join}from"node:path";import{mkdir,readFile,rename,writeFile}from"node:fs/promises";import{randomUUID}from"node:crypto";const MICROSANDBOX_METADATA_VERSION=2,MICROSANDBOX_METADATA_FILE_NAME=`metadata.json`;function resolveMicrosandboxMetadataPath(e){return join(e,MICROSANDBOX_METADATA_FILE_NAME)}async function readTemplateMetadata(e){let t=await readJsonFile(e);return t?.version!==2||typeof t.optionsHash!=`string`||typeof t.snapshotName!=`string`?null:{optionsHash:t.optionsHash,snapshotName:t.snapshotName,version:2}}async function writeTemplateMetadata(e,t){await writeJsonFileAtomically(e,t)}async function readSessionMetadata(e){return readSessionMetadataRecord(await readJsonFile(e))}function readSessionMetadataRecord(e){return!isRecord(e)||e.version!==2||typeof e.optionsHash!=`string`||typeof e.sandboxName!=`string`?null:{networkPolicy:e.networkPolicy,optionsHash:e.optionsHash,sandboxName:e.sandboxName,stateSnapshotName:typeof e.stateSnapshotName==`string`?e.stateSnapshotName:void 0,version:2}}async function writeSessionMetadata(e,t){await writeJsonFileAtomically(e,t)}async function readJsonFile(e){try{let t=JSON.parse(await readFile(e,`utf8`));return isRecord(t)?t:null}catch(e){if(e instanceof Error&&`code`in e&&e.code===`ENOENT`)return null;throw e}}async function writeJsonFileAtomically(t,n){let r=`${t}.${randomUUID()}.tmp`;await mkdir(dirname(t),{recursive:!0}),await writeFile(r,`${JSON.stringify(n,null,2)}\n`),await rename(r,t)}function isRecord(e){return typeof e==`object`&&!!e&&!Array.isArray(e)}export{MICROSANDBOX_METADATA_FILE_NAME,MICROSANDBOX_METADATA_VERSION,readSessionMetadata,readSessionMetadataRecord,readTemplateMetadata,resolveMicrosandboxMetadataPath,writeSessionMetadata,writeTemplateMetadata};

package/dist/src/execution/sandbox/bindings/microsandbox-network.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import type { SandboxNetworkPolicy } from "#shared/sandbox-network-policy.js";
+import type { NetworkPolicy as MicrosandboxNetworkPolicy, SandboxBuilder as MicrosandboxSandboxBuilder } from "microsandbox";
+interface MicrosandboxTransformHeaderRule {
+    readonly domain: string;
+    readonly headers: Readonly<Record<string, string>>;
+    readonly match?: unknown;
+    readonly placeholderHeaders: Readonly<Record<string, string>>;
+}
+export interface MicrosandboxNetworkPlan {
+    readonly disabled: boolean;
+    readonly policy: MicrosandboxNetworkPolicy | null;
+    readonly transformHeaderRules: readonly MicrosandboxTransformHeaderRule[];
+}
+export declare function applyMicrosandboxNetwork(builder: MicrosandboxSandboxBuilder, networkPolicy: SandboxNetworkPolicy | undefined): MicrosandboxSandboxBuilder;
+export declare function serializeMicrosandboxNetworkPolicyJson(policy: MicrosandboxNetworkPolicy): string;
+export declare function createMicrosandboxNetworkPlan(policy: SandboxNetworkPolicy | undefined): MicrosandboxNetworkPlan;
+export declare function createTransformBrokerEnvironment(plan: MicrosandboxNetworkPlan): Readonly<Record<string, string>>;
+export {};

package/dist/src/execution/sandbox/bindings/microsandbox-network.js ADDED Viewed

@@ -0,0 +1 @@

+ import{createHash}from"node:crypto";function applyMicrosandboxNetwork(e,t){let n=createMicrosandboxNetworkPlan(t);return n.disabled?e.disableNetwork():n.policy===null&&n.transformHeaderRules.length===0?e:e.network(e=>{let t=e.enabled(!0);if(n.policy!==null&&(t=t.policyJson(serializeMicrosandboxNetworkPolicyJson(n.policy))),n.transformHeaderRules.length===0)return t;t=t.trustHostCAs(!0);for(let e of n.transformHeaderRules)for(let[n,r]of Object.entries(e.headers)){let i=e.placeholderHeaders[n];if(i===void 0)continue;let a=createSecretEnvName(e.domain,n,r);t=t.secret(t=>{let n=t.env(a).value(r).placeholder(i).injectHeaders(!0).injectBasicAuth(!0).injectQuery(!1).injectBody(!1).requireTlsIdentity(!0);return n=e.domain===`*`?n.allowAnyHostDangerous(!0):e.domain.startsWith(`*.`)?n.allowHostPattern(e.domain):n.allowHost(e.domain),n})}return t})}function serializeMicrosandboxNetworkPolicyJson(e){let t={default_egress:e.defaultEgress,default_ingress:e.defaultIngress,rules:e.rules.map(e=>({action:e.action,destination:serializeMicrosandboxNetworkDestination(e.destination),direction:e.direction,ports:e.ports,protocols:e.protocols}))};return JSON.stringify(t)}function createMicrosandboxNetworkPlan(e){if(e===void 0||e===`allow-all`)return{disabled:!1,policy:{defaultEgress:`allow`,defaultIngress:`deny`,rules:[]},transformHeaderRules:[]};if(e===`deny-all`)return{disabled:!0,policy:null,transformHeaderRules:[]};let t=[],n=[],r=normalizeAllowEntries(e.allow),i=r.some(e=>e.domain===`*`),a=i?`allow`:`deny`;for(let n of e.subnets?.deny??[])t.push({action:`deny`,destination:{cidr:n,kind:`cidr`},direction:`egress`,ports:[],protocols:[]});for(let n of e.subnets?.allow??[])t.push({action:`allow`,destination:{cidr:n,kind:`cidr`},direction:`egress`,ports:[],protocols:[]});i||t.push({action:`allow`,destination:{kind:`any`},direction:`egress`,ports:[{start:53,end:53}],protocols:[`udp`,`tcp`]});for(let e of r)if(e.domain!==`*`){t.push({action:`allow`,destination:domainToDestination(e.domain),direction:`egress`,ports:[],protocols:[]});for(let t of e.rules)for(let r of normalizeTransforms(t.transform))Object.keys(r.headers).length!==0&&n.push({domain:e.domain,headers:r.headers,match:t.match,placeholderHeaders:createPlaceholderHeaders(e.domain,r.headers)})}return{disabled:!1,policy:{defaultEgress:a,defaultIngress:`deny`,rules:t},transformHeaderRules:n}}function createTransformBrokerEnvironment(e){if(e.transformHeaderRules.length===0)return{};let t=e.transformHeaderRules.flatMap(e=>Object.entries(e.placeholderHeaders).filter(([e])=>e.toLowerCase()===`authorization`).flatMap(([t,n])=>e.domain===`*`||e.domain.startsWith(`*.`)?[]:[{key:`http.https://${e.domain}/.extraheader`,value:`${t}: ${n}`}])),n={};return t.length>0&&(n.GIT_CONFIG_COUNT=String(t.length),t.forEach((e,t)=>{n[`GIT_CONFIG_KEY_${t}`]=e.key,n[`GIT_CONFIG_VALUE_${t}`]=e.value})),{EVE_MICROSANDBOX_NETWORK_TRANSFORMS:Buffer.from(JSON.stringify(e.transformHeaderRules)).toString(`base64`),...n}}function normalizeAllowEntries(e){return e===void 0?[]:Array.isArray(e)?e.map(e=>({domain:e,rules:[]})):Object.entries(e).map(([e,t])=>({domain:e,rules:Array.isArray(t)?t:[]}))}function normalizeTransforms(e){return e===void 0?[]:e.map(e=>({headers:e.headers??{}}))}function domainToDestination(e){return e.startsWith(`*.`)?{kind:`domainSuffix`,suffix:e.slice(2)}:{domain:e,kind:`domain`}}function serializeMicrosandboxNetworkDestination(e){switch(e.kind){case`any`:return`any`;case`cidr`:return{cidr:e.cidr??``};case`domain`:return{domain:e.domain??``};case`domainSuffix`:return{domain_suffix:e.suffix??``};case`group`:return{group:e.group??``};default:throw Error(`Unsupported microsandbox network destination kind.`)}}function createPlaceholderHeaders(e,t){let n={};for(let[r,i]of Object.entries(t))n[r]=`__EVE_MSB_SECRET_${createStableHash(`${e}:${r}:${i}`).slice(0,24)}__`;return n}function createSecretEnvName(e,t,n){return`EVE_MSB_SECRET_${createStableHash(`${e}:${t}:${n}`).slice(0,24).toUpperCase()}`}function createStableHash(t){return createHash(`sha256`).update(t).digest(`hex`)}export{applyMicrosandboxNetwork,createMicrosandboxNetworkPlan,createTransformBrokerEnvironment,serializeMicrosandboxNetworkPolicyJson};

package/dist/src/execution/sandbox/bindings/microsandbox-options.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import type { MicrosandboxCreateOptions } from "#public/sandbox/microsandbox-sandbox.js";
+import type { SandboxNetworkPolicy } from "#shared/sandbox-network-policy.js";
+export declare const MICROSANDBOX_DEFAULT_IMAGE = "ubuntu:26.04";
+export declare const MICROSANDBOX_DEFAULT_CPUS = 1;
+export declare const MICROSANDBOX_DEFAULT_MEMORY_MIB = 1024;
+export declare const MICROSANDBOX_DEFAULT_PULL_POLICY = "if-missing";
+/** User every sandbox command runs as, mirroring hosted Vercel Sandbox. */
+export declare const MICROSANDBOX_USER = "vercel-sandbox";
+/**
+ * Fully-defaulted microsandbox backend options consumed by the backend
+ * implementation.
+ */
+export interface ResolvedMicrosandboxOptions {
+    readonly cpus: number;
+    readonly env: Readonly<Record<string, string>>;
+    readonly image: string;
+    readonly memoryMiB: number;
+    readonly networkPolicy?: SandboxNetworkPolicy;
+    readonly pullPolicy: "always" | "if-missing" | "never";
+    readonly setup: {
+        readonly autoInstall: boolean;
+        readonly skipVerify: boolean;
+    };
+}
+/**
+ * Applies defaults to `microsandboxBackend(opts)`.
+ */
+export declare function resolveMicrosandboxOptions(options: MicrosandboxCreateOptions | undefined): ResolvedMicrosandboxOptions;
+/**
+ * The subset of options that participates in template/session
+ * compatibility hashing. Setup behavior intentionally stays out: how
+ * the runtime got installed must not invalidate captured templates.
+ */
+export declare function microsandboxOptionsForHash(options: ResolvedMicrosandboxOptions): Record<string, unknown>;

package/dist/src/execution/sandbox/bindings/microsandbox-options.js ADDED Viewed

@@ -0,0 +1 @@

+ const MICROSANDBOX_DEFAULT_IMAGE=`ubuntu:26.04`,MICROSANDBOX_DEFAULT_CPUS=1,MICROSANDBOX_DEFAULT_MEMORY_MIB=1024,MICROSANDBOX_DEFAULT_PULL_POLICY=`if-missing`,MICROSANDBOX_USER=`vercel-sandbox`;function resolveMicrosandboxOptions(e){return{cpus:e?.cpus??1,env:e?.env??{},image:e?.image??`ubuntu:26.04`,memoryMiB:e?.memoryMiB??1024,networkPolicy:e?.networkPolicy,pullPolicy:e?.pullPolicy??`if-missing`,setup:{autoInstall:e?.setup?.autoInstall??!0,skipVerify:e?.setup?.skipVerify??!1}}}function microsandboxOptionsForHash(e){return{cpus:e.cpus,env:e.env,image:e.image,memoryMiB:e.memoryMiB,pullPolicy:e.pullPolicy}}export{MICROSANDBOX_DEFAULT_CPUS,MICROSANDBOX_DEFAULT_IMAGE,MICROSANDBOX_DEFAULT_MEMORY_MIB,MICROSANDBOX_DEFAULT_PULL_POLICY,MICROSANDBOX_USER,microsandboxOptionsForHash,resolveMicrosandboxOptions};

package/dist/src/execution/sandbox/bindings/microsandbox-platform.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { Sandbox as MicrosandboxSandbox } from "microsandbox";
+/**
+ * Synchronously reports whether this host can run microsandbox at all:
+ * macOS on Apple Silicon, or Linux (glibc) with KVM available. Used by
+ * `defaultBackend()`'s availability chain.
+ */
+export declare function isMicrosandboxPlatformSupported(): boolean;
+/**
+ * Validates the host before loading the microsandbox package, turning
+ * unsupported platforms into actionable errors instead of opaque
+ * native-binding resolution failures.
+ */
+export declare function assertMicrosandboxPlatformCandidate(): Promise<void>;
+/**
+ * One-time setup applied to sandboxes created from the raw base image:
+ * installs baseline tools (git, ripgrep, Node 24, pnpm, sudo, …),
+ * creates the `vercel-sandbox` user with passwordless sudo, and hands
+ * it `/workspace` — mirroring the hosted Vercel Sandbox runtime.
+ */
+export declare function ensureMicrosandboxBaseRuntime(sandbox: MicrosandboxSandbox, options?: {
+    readonly log?: (message: string) => void;
+}): Promise<void>;

package/dist/src/execution/sandbox/bindings/microsandbox-platform.js ADDED Viewed

@@ -0,0 +1,178 @@
+import{existsSync}from"node:fs";import{access}from"node:fs/promises";import{WORKSPACE_ROOT}from"#runtime/workspace/types.js";import{MICROSANDBOX_USER}from"#execution/sandbox/bindings/microsandbox-options.js";function isMicrosandboxPlatformSupported(){return process.platform===`darwin`&&process.arch===`arm64`?!0:process.platform===`linux`&&(process.arch===`x64`||process.arch===`arm64`)&&isGlibcLinux()?process.env.MSB_PATH!==void 0||existsSync(`/dev/kvm`):!1}function isGlibcLinux(){try{return typeof(process.report?.getReport())?.header?.glibcVersionRuntime==`string`}catch{return!1}}async function assertMicrosandboxPlatformCandidate(){if(!(process.platform===`darwin`&&process.arch===`arm64`)){if(process.platform===`linux`&&(process.arch===`x64`||process.arch===`arm64`)){if(!isGlibcLinux())throw Error(`The microsandbox sandbox backend requires a glibc-based Linux distribution; musl hosts are not supported. Use dockerBackend() or vercelSandboxBackend() instead.`);if(process.env.MSB_PATH!==void 0||await doesPathExist(`/dev/kvm`))return;throw Error("The microsandbox sandbox backend requires Linux with KVM enabled. `/dev/kvm` is not available on this host. Enable KVM, set MSB_PATH for a custom runtime, or use dockerBackend() / vercelSandboxBackend().")}throw Error(`The microsandbox sandbox backend supports Linux with KVM or macOS on Apple Silicon. Current host is ${process.platform}/${process.arch}. Use dockerBackend() or vercelSandboxBackend() on this host.`)}}async function doesPathExist(e){try{return await access(e),!0}catch{return!1}}async function ensureMicrosandboxBaseRuntime(e,t={}){let n=await collectMicrosandboxBaseRuntimeOutput(await e.execStreamWith(`bash`,e=>e.args([`-lc`,MICROSANDBOX_BASE_SETUP_SCRIPT]).cwd(`/`).user(`root`)),t.log);if(n.exitCode!==0)throw Error(`Failed to initialize the microsandbox base runtime. ${n.stderr||n.stdout}`.trim())}async function collectMicrosandboxBaseRuntimeOutput(e,t){let n=new TextDecoder,r=new TextDecoder,i=``,a=``,o=``,s=``,c;for await(let l of e)if(l.kind===`stdout`){let e=n.decode(l.data,{stream:!0});i=appendOutput(i,e),o=emitMicrosandboxBaseRuntimeLogs(o+e,t)}else if(l.kind===`stderr`){let e=r.decode(l.data,{stream:!0});a=appendOutput(a,e),s=emitMicrosandboxBaseRuntimeLogs(s+e,t)}else if(l.kind===`exited`){c=l.code;break}let l=n.decode(),u=r.decode();if(l.length>0&&(i=appendOutput(i,l),o=emitMicrosandboxBaseRuntimeLogs(o+l,t)),u.length>0&&(a=appendOutput(a,u),s=emitMicrosandboxBaseRuntimeLogs(s+u,t)),emitMicrosandboxBaseRuntimeLogLine(o,t),emitMicrosandboxBaseRuntimeLogLine(s,t),c===void 0)throw Error(`Microsandbox base runtime setup ended without an exit event.`);return{exitCode:c,stderr:a,stdout:i}}function emitMicrosandboxBaseRuntimeLogs(e,t){let n=e.split(/\r?\n/u),r=n.pop()??``;for(let e of n)emitMicrosandboxBaseRuntimeLogLine(e,t);return r}function emitMicrosandboxBaseRuntimeLogLine(e,t){let n=e.match(/^eve-base-runtime: ?(.*)$/u)?.[1];n!==void 0&&n.length>0&&t?.(n)}function appendOutput(e,t){let n=e+t;return n.length>2e4?n.slice(-2e4):n}const MICROSANDBOX_BASE_SETUP_SCRIPT=`
+set -euo pipefail
+log_step() {
+  printf 'eve-base-runtime: %s\\n' "$*" >&2
+}
+install_packages() {
+  local packages=("$@")
+  if [ "\${#packages[@]}" -eq 0 ]; then
+    return
+  fi
+  if command -v dnf >/dev/null 2>&1; then
+    log_step "dnf install: \${packages[*]}"
+    dnf install -y "\${packages[@]}"
+    return
+  fi
+  if command -v microdnf >/dev/null 2>&1; then
+    log_step "microdnf install: \${packages[*]}"
+    microdnf install -y "\${packages[@]}"
+    return
+  fi
+  if command -v apt-get >/dev/null 2>&1; then
+    export DEBIAN_FRONTEND=noninteractive
+    log_step "apt-get update"
+    apt-get update
+    log_step "apt-get install: \${packages[*]}"
+    apt-get install -y --no-install-recommends "\${packages[@]}"
+    return
+  fi
+  if command -v apk >/dev/null 2>&1; then
+    log_step "apk add: \${packages[*]}"
+    apk add --no-cache "\${packages[@]}"
+    return
+  fi
+  echo "No supported package manager found for installing: \${packages[*]}" >&2
+  return 1
+}
+install_nodejs24() {
+  log_step "checking Node.js 24"
+  if command -v node >/dev/null 2>&1 && node --version | grep -q '^v24\\.'; then
+    log_step "Node.js 24 already installed"
+    return
+  fi
+  if command -v apt-get >/dev/null 2>&1; then
+    export DEBIAN_FRONTEND=noninteractive
+    log_step "apt-get update for Node.js prerequisites"
+    apt-get update
+    log_step "apt-get install: ca-certificates curl gnupg"
+    apt-get install -y --no-install-recommends ca-certificates curl gnupg
+    log_step "download NodeSource signing key"
+    mkdir -p /etc/apt/keyrings
+    curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
+    log_step "configure NodeSource Node.js 24 repository"
+    echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_24.x nodistro main" > /etc/apt/sources.list.d/nodesource.list
+    log_step "apt-get update for Node.js 24"
+    apt-get update
+    log_step "apt-get install: nodejs"
+    apt-get install -y --no-install-recommends nodejs
+    return
+  fi
+  log_step "install Node.js 24 packages"
+  install_packages nodejs24 nodejs24-npm || install_packages nodejs24 || install_packages nodejs npm
+}
+install_missing_packages() {
+  log_step "checking base packages"
+  local packages=()
+  if command -v apt-get >/dev/null 2>&1; then
+    command -v sudo >/dev/null 2>&1 || packages+=(sudo)
+    command -v git >/dev/null 2>&1 || packages+=(git)
+    command -v find >/dev/null 2>&1 || packages+=(findutils)
+    command -v gzip >/dev/null 2>&1 || packages+=(gzip)
+    command -v tar >/dev/null 2>&1 || packages+=(tar)
+    command -v unzip >/dev/null 2>&1 || packages+=(unzip)
+    command -v which >/dev/null 2>&1 || packages+=(debianutils)
+    command -v ps >/dev/null 2>&1 || packages+=(procps)
+    command -v openssl >/dev/null 2>&1 || packages+=(openssl)
+    command -v zstd >/dev/null 2>&1 || packages+=(zstd)
+    command -v useradd >/dev/null 2>&1 || packages+=(passwd)
+    [ -e /etc/ssl/certs/ca-certificates.crt ] || packages+=(ca-certificates)
+  elif command -v apk >/dev/null 2>&1; then
+    command -v sudo >/dev/null 2>&1 || packages+=(sudo)
+    command -v git >/dev/null 2>&1 || packages+=(git)
+    command -v find >/dev/null 2>&1 || packages+=(findutils)
+    command -v gzip >/dev/null 2>&1 || packages+=(gzip)
+    command -v tar >/dev/null 2>&1 || packages+=(tar)
+    command -v unzip >/dev/null 2>&1 || packages+=(unzip)
+    command -v which >/dev/null 2>&1 || packages+=(which)
+    command -v ps >/dev/null 2>&1 || packages+=(procps)
+    command -v openssl >/dev/null 2>&1 || packages+=(openssl)
+    command -v zstd >/dev/null 2>&1 || packages+=(zstd)
+    command -v useradd >/dev/null 2>&1 || packages+=(shadow)
+    [ -e /etc/ssl/certs/ca-certificates.crt ] || packages+=(ca-certificates)
+  else
+    command -v sudo >/dev/null 2>&1 || packages+=(sudo)
+    command -v git >/dev/null 2>&1 || packages+=(git)
+    command -v find >/dev/null 2>&1 || packages+=(findutils)
+    command -v gzip >/dev/null 2>&1 || packages+=(gzip)
+    command -v tar >/dev/null 2>&1 || packages+=(tar)
+    command -v unzip >/dev/null 2>&1 || packages+=(unzip)
+    command -v which >/dev/null 2>&1 || packages+=(which)
+    command -v ps >/dev/null 2>&1 || packages+=(procps-ng)
+    command -v openssl >/dev/null 2>&1 || packages+=(openssl)
+    command -v zstd >/dev/null 2>&1 || packages+=(zstd)
+    command -v useradd >/dev/null 2>&1 || packages+=(shadow-utils)
+  fi
+  install_packages "\${packages[@]}"
+}
+install_missing_packages
+install_nodejs24
+log_step "checking node binary"
+if ! command -v node >/dev/null 2>&1; then
+  for candidate in /usr/bin/node-24 /usr/bin/node24 /usr/bin/nodejs24 /usr/bin/nodejs; do
+    if [ -x "$candidate" ]; then
+      log_step "link node binary: $candidate"
+      ln -sf "$candidate" /usr/local/bin/node
+      break
+    fi
+  done
+fi
+log_step "checking npm binary"
+if ! command -v npm >/dev/null 2>&1; then
+  for candidate in /usr/bin/npm-24 /usr/bin/npm24 /usr/bin/npm; do
+    if [ -x "$candidate" ]; then
+      log_step "link npm binary: $candidate"
+      ln -sf "$candidate" /usr/local/bin/npm
+      break
+    fi
+  done
+fi
+log_step "verifying Node.js and npm"
+command -v node >/dev/null 2>&1
+node --version | grep -q '^v24\\.'
+command -v npm >/dev/null 2>&1
+log_step "checking pnpm"
+if ! command -v pnpm >/dev/null 2>&1; then
+  log_step "npm install -g pnpm"
+  npm install -g pnpm
+fi
+log_step "checking ripgrep"
+if ! command -v rg >/dev/null 2>&1; then
+  log_step "install ripgrep"
+  install_packages ripgrep || { install_packages spal-release && install_packages ripgrep; }
+fi
+log_step "checking sandbox user"
+if ! id -u ${MICROSANDBOX_USER} >/dev/null 2>&1; then
+  log_step "create sandbox user: ${MICROSANDBOX_USER}"
+  useradd -m -s /bin/bash ${MICROSANDBOX_USER}
+fi
+log_step "configure passwordless sudo for ${MICROSANDBOX_USER}"
+mkdir -p /etc/sudoers.d
+printf '${MICROSANDBOX_USER} ALL=(ALL) NOPASSWD:ALL\\n' > /etc/sudoers.d/${MICROSANDBOX_USER}
+chmod 0440 /etc/sudoers.d/${MICROSANDBOX_USER}
+log_step "prepare workspace directory: ${WORKSPACE_ROOT}"
+mkdir -p ${WORKSPACE_ROOT}
+chown ${MICROSANDBOX_USER}:${MICROSANDBOX_USER} ${WORKSPACE_ROOT}
+`;export{assertMicrosandboxPlatformCandidate,ensureMicrosandboxBaseRuntime,isMicrosandboxPlatformSupported};

package/dist/src/execution/sandbox/bindings/microsandbox-process.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { SandboxProcess } from "#shared/sandbox-session.js";
+import type { ExecHandle as MicrosandboxExecHandle } from "microsandbox";
+export declare function adaptMicrosandboxExecToSandboxProcess(command: MicrosandboxExecHandle): SandboxProcess;

package/dist/src/execution/sandbox/bindings/microsandbox-process.js ADDED Viewed

@@ -0,0 +1 @@

+ function adaptMicrosandboxExecToSandboxProcess(e){let t,n,r,i,a,o=new Promise((e,t)=>{i=e,a=t}),s=new ReadableStream({start(e){t=e}}),c=new ReadableStream({start(e){n=e}});return(async()=>{let o=e[Symbol.asyncIterator]();try{for(;;){let e=r===void 0?await o.next():await nextWithTimeout(o,100);if(e===`timeout`||e.done===!0)break;let i=e.value;i.kind===`stdout`?t?.enqueue(i.data):i.kind===`stderr`?n?.enqueue(i.data):i.kind===`exited`&&(r=i.code)}}catch(e){t?.error(e),n?.error(e),a?.(e)}finally{if(o.return?.().catch(()=>{}),r===void 0){let e=Error(`Microsandbox command ended without an exit event.`);t?.error(e),n?.error(e),a?.(e)}else t?.close(),n?.close(),i?.()}})(),{stdout:s,stderr:c,async wait(){return await o,{exitCode:r??0}},async kill(){await e.kill()}}}async function nextWithTimeout(e,t){let n;try{return await Promise.race([e.next(),new Promise(e=>{n=setTimeout(()=>e(`timeout`),t)})])}finally{n!==void 0&&clearTimeout(n)}}export{adaptMicrosandboxExecToSandboxProcess};

package/dist/src/execution/sandbox/bindings/microsandbox-runtime.d.ts ADDED Viewed

@@ -0,0 +1,75 @@
+import { type ResolvedMicrosandboxOptions } from "#execution/sandbox/bindings/microsandbox-options.js";
+import { type MicrosandboxSessionMetadata } from "#execution/sandbox/bindings/microsandbox-metadata.js";
+import type { SandboxBackendTags } from "#public/definitions/sandbox-backend.js";
+import type { SandboxNetworkPolicy } from "#shared/sandbox-network-policy.js";
+import type { SandboxProcess, SandboxRemovePathOptions, SandboxSpawnOptions } from "#shared/sandbox-session.js";
+import type { Sandbox as MicrosandboxSandbox } from "microsandbox";
+export type MicrosandboxModule = typeof import("microsandbox");
+export declare class MicrosandboxVm {
+    #private;
+    constructor(input: {
+        readonly module: MicrosandboxModule;
+        readonly options: ResolvedMicrosandboxOptions;
+        readonly sessionKey: string;
+        readonly tags?: SandboxBackendTags;
+    }, sandbox: MicrosandboxSandbox, sandboxName: string, networkPolicy: SandboxNetworkPolicy | undefined, metadataPath?: string, optionsHash?: string, stateSnapshotName?: string);
+    get id(): string;
+    captureState(optionsHash: string): Promise<MicrosandboxSessionMetadata>;
+    detach(): Promise<void>;
+    readFileBytes(path: string): Promise<Buffer | null>;
+    removePath(options: SandboxRemovePathOptions): Promise<void>;
+    removePersisted(): Promise<void>;
+    setNetworkPolicy(policy: SandboxNetworkPolicy): Promise<void>;
+    spawn(options: SandboxSpawnOptions): Promise<SandboxProcess>;
+    stopAndSnapshot(snapshotName: string): Promise<void>;
+    writeFiles(files: ReadonlyArray<{
+        path: string;
+        content: string | Uint8Array;
+    }>): Promise<void>;
+    writeMetadata(path: string, optionsHash: string): Promise<void>;
+    private runInternalCommand;
+}
+export declare function createPreparedMicrosandbox(input: {
+    readonly fromSnapshot?: string;
+    readonly log?: (message: string) => void;
+    readonly module: MicrosandboxModule;
+    readonly name: string;
+    readonly networkPolicy?: SandboxNetworkPolicy;
+    readonly options: ResolvedMicrosandboxOptions;
+    readonly sessionKey: string;
+    readonly setupBaseRuntime: boolean;
+    readonly tags?: SandboxBackendTags;
+}): Promise<MicrosandboxVm>;
+export declare function connectMicrosandbox(input: {
+    readonly metadata: MicrosandboxSessionMetadata;
+    readonly metadataPath: string;
+    readonly module: MicrosandboxModule;
+    readonly options: ResolvedMicrosandboxOptions;
+    readonly sessionKey: string;
+    readonly tags?: SandboxBackendTags;
+}): Promise<MicrosandboxVm>;
+/**
+ * Loads the microsandbox npm package and ensures its VM runtime is
+ * installed. During `eve dev`, both are installed automatically when
+ * missing (unless `setup.autoInstall: false`): the package with the
+ * project's package manager, the runtime via microsandbox's installer.
+ * Production processes never install — they fail with actionable
+ * errors instead.
+ */
+export declare function loadMicrosandboxModule(input: {
+    readonly appRoot: string;
+    readonly log?: (message: string) => void;
+    readonly options: ResolvedMicrosandboxOptions;
+}): Promise<MicrosandboxModule>;
+/**
+ * Loads microsandbox only when its package and runtime are already
+ * present — used by cleanup paths that must never trigger installs.
+ */
+export declare function loadMicrosandboxWithoutInstall(): Promise<MicrosandboxModule | null>;
+export declare function stopAndSnapshotMicrosandboxSandbox(module: MicrosandboxModule, sandboxName: string, snapshotName: string): Promise<void>;
+export declare function snapshotExists(module: MicrosandboxModule, snapshotName: string): Promise<boolean>;
+export declare function sandboxExists(module: MicrosandboxModule, sandboxName: string): Promise<boolean>;
+export declare function removeSnapshotIfExists(module: MicrosandboxModule, snapshotName: string): Promise<void>;
+export declare function createProviderName(prefix: string, key: string, extra?: string): string;
+export declare function createStableHash(value: string): string;
+export declare function doesPathExist(path: string): Promise<boolean>;

package/dist/src/execution/sandbox/bindings/microsandbox-runtime.js ADDED Viewed

@@ -0,0 +1 @@

+ import{posix}from"node:path";import{access}from"node:fs/promises";import{createHash,randomUUID}from"node:crypto";import{isEveDevEnvironment,loadOptionalEnginePackage}from"#internal/application/optional-package-install.js";import{WORKSPACE_ROOT}from"#runtime/workspace/types.js";import{withDevelopmentSandboxTags}from"#execution/sandbox/development-run.js";import{shellQuote}from"#execution/sandbox/shell-quote.js";import{assertMicrosandboxPlatformCandidate,ensureMicrosandboxBaseRuntime}from"#execution/sandbox/bindings/microsandbox-platform.js";import{MICROSANDBOX_METADATA_VERSION,writeSessionMetadata}from"#execution/sandbox/bindings/microsandbox-metadata.js";import{MICROSANDBOX_USER}from"#execution/sandbox/bindings/microsandbox-options.js";import{applyMicrosandboxNetwork,createMicrosandboxNetworkPlan,createTransformBrokerEnvironment}from"#execution/sandbox/bindings/microsandbox-network.js";import{adaptMicrosandboxExecToSandboxProcess}from"#execution/sandbox/bindings/microsandbox-process.js";const MICROSANDBOX_STOP_TIMEOUT_MS=1e4;var MicrosandboxVm=class{#e;#t;#n;#r;#i;#a;#o;constructor(e,t,n,r,i,a,o){this.#e=e,this.#i=t,this.#a=n,this.#n=r,this.#t=i,this.#r=a,this.#o=o}get id(){return this.#e.sessionKey}async captureState(e){if(this.#r=e,isEveDevEnvironment())return this.#t!==void 0&&await this.writeMetadata(this.#t,e),{networkPolicy:this.#n,optionsHash:e,sandboxName:this.#a,stateSnapshotName:this.#o,version:MICROSANDBOX_METADATA_VERSION};let t=this.#o,n=createProviderName(`eve-sbx-state`,`${this.#e.sessionKey}:${randomUUID()}`);return await this.stopAndSnapshot(n),this.#o=n,this.#t!==void 0&&await this.writeMetadata(this.#t,e),t!==void 0&&await removeSnapshotIfExists(this.#e.module,t),{networkPolicy:this.#n,optionsHash:e,sandboxName:this.#a,stateSnapshotName:n,version:MICROSANDBOX_METADATA_VERSION}}async detach(){await this.#i.detach().catch(()=>{})}async readFileBytes(e){try{let t=this.#i.fs();return await t.exists(e)?Buffer.from(await t.read(e)):null}catch{return null}}async removePath(e){let t=`${e.force===!0?`f`:``}${e.recursive===!0?`r`:``}`,n=`${t.length>0?`rm -${t}`:`rm`} -- ${shellQuote(e.path)}`;await this.runInternalCommand({abortSignal:e.abortSignal,command:n,user:MICROSANDBOX_USER})}async removePersisted(){await removeSandboxIfExists(this.#e.module,this.#a),this.#o!==void 0&&await removeSnapshotIfExists(this.#e.module,this.#o)}async setNetworkPolicy(e){let t=this.#o,n=createProviderName(`eve-sbx-state`,`${this.#e.sessionKey}:${randomUUID()}`),i=this.#a;await this.stopAndSnapshot(n),await removeSandboxIfExists(this.#e.module,i);let a=createProviderName(`eve-sbx-ses`,`${this.#e.sessionKey}:${randomUUID()}`);this.#i=await createMicrosandbox({fromSnapshot:n,module:this.#e.module,name:a,networkPolicy:e,options:this.#e.options,tags:this.#e.tags,user:MICROSANDBOX_USER,workdir:WORKSPACE_ROOT}),this.#a=a,this.#n=e,this.#o=void 0,this.#t!==void 0&&this.#r!==void 0&&await this.writeMetadata(this.#t,this.#r),await removeSnapshotIfExists(this.#e.module,n),t!==void 0&&await removeSnapshotIfExists(this.#e.module,t)}async spawn(e){if(e.abortSignal?.aborted)throw new DOMException(`The operation was aborted.`,`AbortError`);let t={...this.#e.options.env,...createTransformBrokerEnvironment(createMicrosandboxNetworkPlan(this.#n)),...e.env},n=await this.#i.execStreamWith(`bash`,n=>n.args([`-lc`,e.command]).cwd(e.workingDirectory??WORKSPACE_ROOT).envs(t).user(MICROSANDBOX_USER));return e.abortSignal!==void 0&&e.abortSignal.addEventListener(`abort`,()=>{n.kill().catch(()=>{})},{once:!0}),adaptMicrosandboxExecToSandboxProcess(n)}async stopAndSnapshot(e){await this.#i.stop().catch(()=>{}),await stopAndSnapshotMicrosandboxSandbox(this.#e.module,this.#a,e)}async writeFiles(t){let n=this.#i.fs();for(let r of t){let t=posix.dirname(r.path);await this.runInternalCommand({command:`mkdir -p ${shellQuote(t)}`,user:MICROSANDBOX_USER}),await n.write(r.path,r.content),await this.runInternalCommand({command:`chown ${MICROSANDBOX_USER}:${MICROSANDBOX_USER} ${shellQuote(r.path)}`,user:`root`})}}async writeMetadata(e,t){this.#t=e,this.#r=t,await writeSessionMetadata(e,{networkPolicy:this.#n,optionsHash:t,sandboxName:this.#a,stateSnapshotName:this.#o,version:MICROSANDBOX_METADATA_VERSION})}async runInternalCommand(e){if(e.abortSignal?.aborted)throw new DOMException(`The operation was aborted.`,`AbortError`);let t=await this.#i.execWith(`bash`,t=>t.args([`-lc`,e.command]).cwd(WORKSPACE_ROOT).user(e.user));if(t.code!==0){let n=e.failureMessage??`Microsandbox command failed.`;throw Error(`${n} ${t.stderr()}`.trim())}}};async function createPreparedMicrosandbox(e){let t=e.setupBaseRuntime?`allow-all`:e.networkPolicy,n=await createMicrosandbox({fromSnapshot:e.fromSnapshot,module:e.module,name:e.name,networkPolicy:t,options:e.options,tags:e.tags,user:e.setupBaseRuntime?void 0:MICROSANDBOX_USER,workdir:e.setupBaseRuntime?`/`:WORKSPACE_ROOT}),r=new MicrosandboxVm({module:e.module,options:e.options,sessionKey:e.sessionKey,tags:e.tags},n,e.name,t);return e.setupBaseRuntime&&(await withProgressHeartbeat(`preparing base runtime inside VM`,e.log,async()=>{await ensureMicrosandboxBaseRuntime(n,{log:e.log})}),e.networkPolicy!==void 0&&e.networkPolicy!==`allow-all`&&(e.log?.(`applying network policy`),await r.setNetworkPolicy(e.networkPolicy))),r}async function connectMicrosandbox(e){let t;try{t=await e.module.Sandbox.get(e.metadata.sandboxName)}catch(t){if(!isMicrosandboxNotFoundError(t)||e.metadata.stateSnapshotName===void 0)throw t;return await restoreMicrosandboxSessionSnapshot(e)}if(t.status!==`running`&&t.status!==`draining`&&e.metadata.stateSnapshotName!==void 0)return await restoreMicrosandboxSessionSnapshot(e);let n=t.status===`running`||t.status===`draining`?await t.connectWithTimeout(1e4):await t.startDetached();return new MicrosandboxVm({module:e.module,options:e.options,sessionKey:e.sessionKey,tags:e.tags},n,e.metadata.sandboxName,e.metadata.networkPolicy,e.metadataPath,e.metadata.optionsHash,e.metadata.stateSnapshotName)}async function restoreMicrosandboxSessionSnapshot(e){if(e.metadata.stateSnapshotName===void 0||!await snapshotExists(e.module,e.metadata.stateSnapshotName))throw Error(`Microsandbox session snapshot is missing for sandbox "${e.metadata.sandboxName}".`);let t=createProviderName(`eve-sbx-ses`,`${e.sessionKey}:${randomUUID()}`),n=await createMicrosandbox({fromSnapshot:e.metadata.stateSnapshotName,module:e.module,name:t,networkPolicy:e.metadata.networkPolicy,options:e.options,tags:e.tags,user:MICROSANDBOX_USER,workdir:WORKSPACE_ROOT});await removeSandboxIfExists(e.module,e.metadata.sandboxName);let i=new MicrosandboxVm({module:e.module,options:e.options,sessionKey:e.sessionKey,tags:e.tags},n,t,e.metadata.networkPolicy,e.metadataPath,e.metadata.optionsHash,e.metadata.stateSnapshotName);return await i.writeMetadata(e.metadataPath,e.metadata.optionsHash),i}async function loadMicrosandboxModule(e){e.log?.(`checking microsandbox platform support`),await assertMicrosandboxPlatformCandidate();let t=await withProgressHeartbeat(`loading microsandbox npm package`,e.log,()=>loadOptionalEnginePackage({appRoot:e.appRoot,autoInstall:e.options.setup.autoInstall,importModule:async()=>await import(`microsandbox`),missingMessage:"The microsandbox sandbox backend requires the `microsandbox` package, which is not bundled with Eve. Install it in your application (for example `pnpm add -D microsandbox`), or use dockerBackend() / vercelSandboxBackend() instead.",packageName:`microsandbox`}));if(e.log?.(`checking microsandbox VM runtime`),!t.isInstalled()){if(!e.options.setup.autoInstall||!isEveDevEnvironment())throw Error("The microsandbox VM runtime is not installed. Run `npx microsandbox install`, set MSB_PATH for a custom install, or let `eve dev` install it automatically with microsandboxBackend({ setup: { autoInstall: true } }).");await withProgressHeartbeat(`installing microsandbox VM runtime`,e.log,async()=>{await t.setup().skipVerify(e.options.setup.skipVerify).install()})}return e.log?.(`microsandbox runtime ready`),t}async function withProgressHeartbeat(e,t,n){if(t?.(e),t===void 0)return await n();let r=Date.now(),i=setInterval(()=>{t(`${e} (${Math.round((Date.now()-r)/1e3)}s elapsed)`)},1e4);i.unref?.();try{return await n()}finally{clearInterval(i)}}async function loadMicrosandboxWithoutInstall(){try{let e=await import(`microsandbox`);return e.isInstalled()?e:null}catch{return null}}async function stopAndSnapshotMicrosandboxSandbox(e,t,n){for(let r=0;r<3;r+=1){let i=await e.Sandbox.get(t);await i.stopWithTimeout(r===0?MICROSANDBOX_STOP_TIMEOUT_MS:0).catch(()=>{});try{await i.snapshot(n);return}catch(e){if(!isMicrosandboxSnapshotSourceRunningError(e)||r===2)throw e;await i.kill().catch(()=>{}),await new Promise(e=>setTimeout(e,250))}}}async function snapshotExists(e,t){try{return await e.Snapshot.get(t),!0}catch(e){if(isMicrosandboxNotFoundError(e))return!1;throw e}}async function sandboxExists(e,t){try{return await e.Sandbox.get(t),!0}catch(e){if(isMicrosandboxNotFoundError(e))return!1;throw e}}async function removeSnapshotIfExists(e,t){try{await e.Snapshot.remove(t,{force:!0})}catch(e){if(!isMicrosandboxNotFoundError(e))throw e}}function createProviderName(e,t,n=``){return`${e}-${createStableHash(`${t}:${n}`).slice(0,32)}`}function createStableHash(e){return createHash(`sha256`).update(e).digest(`hex`)}async function doesPathExist(e){try{return await access(e),!0}catch{return!1}}async function createMicrosandbox(e){let t=e.module.Sandbox.builder(e.name).cpus(e.options.cpus).detached(!0).envs(e.options.env).labels(resolveMicrosandboxLabels(e.tags)).memory(e.options.memoryMiB).pullPolicy(e.options.pullPolicy).replace().workdir(e.workdir);return t=e.fromSnapshot===void 0?t.image(e.options.image):t.fromSnapshot(e.fromSnapshot),e.user!==void 0&&(t=t.user(e.user)),await applyMicrosandboxNetwork(t,e.networkPolicy).create()}async function removeSandboxIfExists(e,t){for(let n=0;n<3;n+=1)try{let r=await e.Sandbox.get(t);await r.stopWithTimeout(n===0?MICROSANDBOX_STOP_TIMEOUT_MS:0).catch(()=>{}),await r.remove();return}catch(r){if(isMicrosandboxNotFoundError(r))return;if(isMicrosandboxStillRunningError(r)&&n<2){await(await e.Sandbox.get(t).catch(()=>null))?.kill().catch(()=>{}),await new Promise(e=>setTimeout(e,250));continue}throw r}}function isMicrosandboxNotFoundError(e){return e instanceof Error?/not found|not exist|no such/i.test(e.message):!1}function isMicrosandboxStillRunningError(e){return e instanceof Error?/still running/i.test(e.message):!1}function isMicrosandboxSnapshotSourceRunningError(e){return e instanceof Error?/snapshot source sandbox .*not stopped|SnapshotSandboxRunning/i.test(e.message):!1}function resolveMicrosandboxLabels(e){return{"eve.backend":`microsandbox`,...withDevelopmentSandboxTags(e)}}export{MicrosandboxVm,connectMicrosandbox,createPreparedMicrosandbox,createProviderName,createStableHash,doesPathExist,loadMicrosandboxModule,loadMicrosandboxWithoutInstall,removeSnapshotIfExists,sandboxExists,snapshotExists,stopAndSnapshotMicrosandboxSandbox};

package/dist/src/execution/sandbox/bindings/microsandbox-templates.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Removes stale microsandbox template metadata directories (and their
+ * captured snapshots) for one application.
+ */
+export declare function pruneMicrosandboxTemplates(input: {
+    readonly appRoot: string;
+    readonly now?: number;
+    readonly recentWindowMs?: number;
+    readonly retainCount?: number;
+}): Promise<void>;
+export declare function resolveMicrosandboxTemplateRootPath(cacheDirectory: string, templateKey: string): string;
+export declare function resolveMicrosandboxTemplatesDirectory(cacheDirectory: string): string;
+export declare function resolveMicrosandboxSessionRootPath(cacheDirectory: string, sessionKey: string): string;

package/dist/src/execution/sandbox/bindings/microsandbox-templates.js ADDED Viewed

@@ -0,0 +1 @@

+ import{join}from"node:path";import"node:fs";import{readdir,rm,stat}from"node:fs/promises";import{resolveSandboxCacheDirectory}from"#internal/application/paths.js";import{resolveLocalBackendSessionRootPath,resolveLocalBackendTemplateRootPath,resolveLocalBackendTemplatesDirectory}from"#execution/sandbox/bindings/local-backend-utils.js";import{LOCAL_SANDBOX_TEMPLATE_RECENT_WINDOW_MS,LOCAL_SANDBOX_TEMPLATE_RETAIN_COUNT}from"#execution/sandbox/bindings/local-template-prune.js";import{readTemplateMetadata,resolveMicrosandboxMetadataPath}from"#execution/sandbox/bindings/microsandbox-metadata.js";import{loadMicrosandboxWithoutInstall,removeSnapshotIfExists}from"#execution/sandbox/bindings/microsandbox-runtime.js";const MICROSANDBOX_CACHE_DIRECTORY_NAME=`microsandbox`;async function pruneMicrosandboxTemplates(e){let t=resolveMicrosandboxTemplatesDirectory(resolveSandboxCacheDirectory(e.appRoot)),n=e.now??Date.now(),r=e.recentWindowMs??LOCAL_SANDBOX_TEMPLATE_RECENT_WINDOW_MS,a=e.retainCount??LOCAL_SANDBOX_TEMPLATE_RETAIN_COUNT,o=await readMicrosandboxTemplateDirectories(t),s=o.filter(e=>!e.isTemporary);await Promise.all([...s.map(async(e,t)=>{t<a||n-e.mtimeMs<=r||await removeTemplateDirectory(e.path,e.metadata)}),...o.filter(e=>e.isTemporary).map(async e=>{n-e.mtimeMs<=r||await removeTemplateDirectory(e.path,e.metadata)})])}function resolveMicrosandboxTemplateRootPath(e,t){return resolveLocalBackendTemplateRootPath(e,MICROSANDBOX_CACHE_DIRECTORY_NAME,t)}function resolveMicrosandboxTemplatesDirectory(e){return resolveLocalBackendTemplatesDirectory(e,MICROSANDBOX_CACHE_DIRECTORY_NAME)}function resolveMicrosandboxSessionRootPath(e,t){return resolveLocalBackendSessionRootPath(e,MICROSANDBOX_CACHE_DIRECTORY_NAME,t)}async function readMicrosandboxTemplateDirectories(n){let i;try{i=await readdir(n,{withFileTypes:!0})}catch(e){if(e instanceof Error&&`code`in e&&e.code===`ENOENT`)return[];throw e}return(await Promise.all(i.filter(e=>e.isDirectory()).map(async t=>{let i=join(n,t.name);return{isTemporary:t.name.endsWith(`.tmp`),metadata:await readTemplateMetadata(resolveMicrosandboxMetadataPath(i)),mtimeMs:(await stat(i)).mtimeMs,path:i}}))).sort((e,t)=>t.mtimeMs-e.mtimeMs)}async function removeTemplateDirectory(e,t){if(await rm(e,{force:!0,recursive:!0}),t===null)return;let r=await loadMicrosandboxWithoutInstall();r!==null&&await removeSnapshotIfExists(r,t.snapshotName)}export{pruneMicrosandboxTemplates,resolveMicrosandboxSessionRootPath,resolveMicrosandboxTemplateRootPath,resolveMicrosandboxTemplatesDirectory};