experimental-ash 0.34.0 → 0.35.0

package/dist/src/public/sandbox/vercel-sandbox.d.ts

@@ -6,9 +6,9 @@ import type { Sandbox as SdkSandbox, SandboxUpdateParams } from "#compiled/@verc
  * session-create). Skipped on resume (`Sandbox.get`) since no create
  * happens there.
  *
- * Framework-injected fields (`name`, `persistent`, `signal`) are
- * excluded — the framework owns those and overrides any author-supplied
- * values.
+ * Framework-injected fields (`name`, `onResume`, `persistent`, `signal`)
+ * are excluded — the framework owns those and overrides any
+ * author-supplied values.
  *
  * `source` is honored only on the template create at prewarm time, so
  * an author-supplied snapshot, git revision, or tarball becomes the
@@ -20,7 +20,7 @@ import type { Sandbox as SdkSandbox, SandboxUpdateParams } from "#compiled/@verc
  * snapshot, force a template rebuild (e.g. by changing the sandbox
  * definition so its template key changes).
  */
-export type VercelSandboxCreateOptions = Omit<NonNullable<Parameters<typeof SdkSandbox.create>[0]>, "name" | "persistent" | "signal">;
+export type VercelSandboxCreateOptions = Omit<NonNullable<Parameters<typeof SdkSandbox.create>[0]>, "name" | "onResume" | "persistent" | "signal">;
 /**
  * Options accepted by the Vercel backend's `bootstrap({ use })` hook.
  * Aliases the Vercel SDK's `SandboxUpdateParams` because bootstrap

package/dist/src/runtime/governance/auth/oidc.js

@@ -1 +1 @@
-import{z}from"#compiled/zod/index.js";import{createRemoteJWKSet,jwtVerify}from"#compiled/jose/index.js";import{areTokenClaimMatchersSatisfied,createJwtAuthenticatedCallerPrincipal}from"#runtime/governance/auth/token-claims.js";const oidcDiscoveryDocumentSchema=z.object({issuer:z.string().optional(),jwks_uri:z.string().url()}).passthrough(),oidcDiscoveryDocumentCache=new Map,oidcJwksCache=new Map;async function authenticateOidcStrategy(e){let t;try{t=await getOidcRemoteJwks(e.strategy)}catch(e){return{kind:`misconfigured`,message:`Failed to load OIDC discovery metadata. ${e instanceof Error?e.message:`Unknown discovery failure.`}`}}try{let a=await jwtVerify(e.token,t,{audience:[...e.strategy.audiences],clockTolerance:e.strategy.clockSkewSeconds,issuer:e.strategy.issuer});if(typeof a.payload.sub!=`string`||a.payload.sub.length===0)return{kind:`not-authenticated`};let o=e.strategy.acceptCurrentVercelProject&&isCurrentVercelProject({issuer:e.strategy.issuer,payload:a.payload}),s=o&&isCurrentVercelEnvironment({payload:a.payload});return!o&&!areTokenClaimMatchersSatisfied(a.payload,e.strategy)?{kind:`caller-not-allowed`}:{kind:`authenticated`,principal:createJwtAuthenticatedCallerPrincipal({authenticator:`oidc`,payload:a.payload,principalType:s?`runtime`:`service`})}}catch{return{kind:`not-authenticated`}}}async function getOidcRemoteJwks(e){let n=await getOidcDiscoveryDocument(e.discoveryUrl),r=oidcJwksCache.get(n.jwks_uri);if(r!==void 0)return r;let i=createRemoteJWKSet(new URL(n.jwks_uri));return oidcJwksCache.set(n.jwks_uri,i),i}async function getOidcDiscoveryDocument(e){let t=oidcDiscoveryDocumentCache.get(e);if(t!==void 0)return await t;let n=fetch(e,{headers:{accept:`application/json`}}).then(async e=>{if(!e.ok)throw Error(`Discovery route returned HTTP ${e.status}.`);return oidcDiscoveryDocumentSchema.parse(await e.json())}).catch(t=>{throw oidcDiscoveryDocumentCache.delete(e),t});return oidcDiscoveryDocumentCache.set(e,n),await n}function isCurrentVercelProject(e){if(!e.issuer.startsWith(`https://oidc.vercel.com`))return!1;let t=process.env.VERCEL_PROJECT_ID?.trim();return t===void 0||t.length===0?!1:typeof e.payload.project_id==`string`&&e.payload.project_id===t}function isCurrentVercelEnvironment(e){let t=(process.env.VERCEL_TARGET_ENV?.trim()??process.env.VERCEL_ENV?.trim())?.trim();return t===void 0||t.length===0?!1:typeof e.payload.environment==`string`&&e.payload.environment===t}export{authenticateOidcStrategy};
+import{z}from"#compiled/zod/index.js";import{createRemoteJWKSet,jwtVerify}from"#compiled/jose/index.js";import{areTokenClaimMatchersSatisfied,createJwtAuthenticatedCallerPrincipal}from"#runtime/governance/auth/token-claims.js";const oidcDiscoveryDocumentSchema=z.object({issuer:z.string().optional(),jwks_uri:z.string().url()}).passthrough(),oidcDiscoveryDocumentCache=new Map,oidcJwksCache=new Map;async function authenticateOidcStrategy(e){let t;try{t=await getOidcRemoteJwks(e.strategy)}catch(e){return{kind:`misconfigured`,message:`Failed to load OIDC discovery metadata. ${e instanceof Error?e.message:`Unknown discovery failure.`}`}}try{let a=await jwtVerify(e.token,t,{audience:[...e.strategy.audiences],clockTolerance:e.strategy.clockSkewSeconds,issuer:e.strategy.issuer});if(e.strategy.acceptCurrentVercelProject&&e.strategy.issuer.startsWith(`https://oidc.vercel.com/`)&&a.payload.external_sub!==void 0)return typeof a.payload.external_sub!=`string`||a.payload.external_sub.length===0||!satisfiesCurrentVercelProjectConstraint({payload:a.payload})||!satisfiesCurrentVercelEnvironmentConstraint({payload:a.payload})?{kind:`caller-not-allowed`}:{kind:`authenticated`,principal:createJwtAuthenticatedCallerPrincipal({authenticator:`oidc`,issuerClaims:[`external_iss`,`connector_id`],payload:a.payload,principalType:`user`,subjectClaim:`external_sub`})};if(typeof a.payload.sub!=`string`||a.payload.sub.length===0)return{kind:`not-authenticated`};let o=e.strategy.acceptCurrentVercelProject&&isCurrentVercelProjectToken({issuer:e.strategy.issuer,payload:a.payload}),s=o&&isCurrentVercelEnvironmentToken({payload:a.payload});return!o&&!areTokenClaimMatchersSatisfied(a.payload,e.strategy)?{kind:`caller-not-allowed`}:{kind:`authenticated`,principal:createJwtAuthenticatedCallerPrincipal({authenticator:`oidc`,payload:a.payload,principalType:s?`runtime`:`service`})}}catch{return{kind:`not-authenticated`}}}async function getOidcRemoteJwks(e){let n=await getOidcDiscoveryDocument(e.discoveryUrl),r=oidcJwksCache.get(n.jwks_uri);if(r!==void 0)return r;let i=createRemoteJWKSet(new URL(n.jwks_uri));return oidcJwksCache.set(n.jwks_uri,i),i}async function getOidcDiscoveryDocument(e){let t=oidcDiscoveryDocumentCache.get(e);if(t!==void 0)return await t;let n=fetch(e,{headers:{accept:`application/json`}}).then(async e=>{if(!e.ok)throw Error(`Discovery route returned HTTP ${e.status}.`);return oidcDiscoveryDocumentSchema.parse(await e.json())}).catch(t=>{throw oidcDiscoveryDocumentCache.delete(e),t});return oidcDiscoveryDocumentCache.set(e,n),await n}function isCurrentVercelProjectToken(e){if(!e.issuer.startsWith(`https://oidc.vercel.com`))return!1;let t=process.env.VERCEL_PROJECT_ID?.trim();return t===void 0||t.length===0?!1:typeof e.payload.project_id==`string`&&e.payload.project_id===t}function satisfiesCurrentVercelProjectConstraint(e){let t=process.env.VERCEL_PROJECT_ID?.trim();return t===void 0||t.length===0?!0:typeof e.payload.project_id==`string`&&e.payload.project_id===t}function isCurrentVercelEnvironmentToken(e){let t=getCurrentVercelEnvironment();return t===void 0||t.length===0?!1:typeof e.payload.environment==`string`&&e.payload.environment===t}function satisfiesCurrentVercelEnvironmentConstraint(e){let t=getCurrentVercelEnvironment();return t===void 0||t.length===0?!0:typeof e.payload.environment==`string`&&e.payload.environment===t}function getCurrentVercelEnvironment(){return process.env.VERCEL_TARGET_ENV?.trim()||process.env.VERCEL_ENV?.trim()||void 0}export{authenticateOidcStrategy};

package/dist/src/runtime/governance/auth/token-claims.d.ts

@@ -10,6 +10,8 @@ export declare function areTokenClaimMatchersSatisfied(payload: JWTPayload, matc
  */
 export declare function createJwtAuthenticatedCallerPrincipal(input: {
     readonly authenticator: AuthenticatedCallerPrincipal["authenticator"];
+    readonly issuerClaims?: readonly string[];
     readonly payload: JWTPayload;
     readonly principalType: AuthenticatedCallerPrincipal["principalType"];
+    readonly subjectClaim?: string;
 }): AuthenticatedCallerPrincipal;

package/dist/src/runtime/governance/auth/token-claims.js

@@ -1 +1 @@
-const STANDARD_PROJECTED_CLAIM_KEYS=new Set([`aud`,`exp`,`iat`,`iss`,`jti`,`nbf`,`sub`]);function normalizeJwtClaims(e){let t={};for(let[n,r]of Object.entries(e)){if(typeof r==`string`){t[n]=r;continue}Array.isArray(r)&&r.every(e=>typeof e==`string`)&&(t[n]=Object.freeze([...r]))}return Object.freeze(t)}function createJwtAttributeProjection(t){let n=normalizeJwtClaims(t);return Object.freeze(Object.fromEntries(Object.entries(n).filter(([t])=>!STANDARD_PROJECTED_CLAIM_KEYS.has(t))))}function areTokenClaimMatchersSatisfied(e,t){let n=normalizeJwtClaims(e);if(t.subjects!==void 0){let n=typeof e.sub==`string`?e.sub:null;if(n===null||!t.subjects.some(e=>matchesWildcardPattern(e,n)))return!1}return t.claims===void 0?!0:Object.entries(t.claims).every(([e,t])=>{let r=n[e];return r===void 0?!1:typeof r==`string`?t.includes(r):r.some(e=>t.includes(e))})}function createJwtAuthenticatedCallerPrincipal(e){let t=typeof e.payload.iss==`string`?e.payload.iss:void 0,n=typeof e.payload.sub==`string`?e.payload.sub:void 0;if(t===void 0||n===void 0)throw Error(`Expected verified JWT payloads to include string iss and sub claims.`);let r=normalizeJwtClaims(e.payload);return{attributes:createJwtAttributeProjection(e.payload),authenticator:e.authenticator,claims:r,issuer:t,principalId:`${t}:${n}`,principalType:e.principalType,subject:n}}function matchesWildcardPattern(e,t){if(!e.includes(`*`))return e===t;let n=e.replaceAll(/[.+?^${}()|[\]\\]/g,`\\$&`).replaceAll(`*`,`.*`);return RegExp(`^${n}$`).test(t)}export{areTokenClaimMatchersSatisfied,createJwtAuthenticatedCallerPrincipal};
+const STANDARD_PROJECTED_CLAIM_KEYS=new Set([`aud`,`exp`,`iat`,`iss`,`jti`,`nbf`,`sub`]);function normalizeJwtClaims(e){let t={};for(let[n,r]of Object.entries(e)){if(typeof r==`string`){t[n]=r;continue}Array.isArray(r)&&r.every(e=>typeof e==`string`)&&(t[n]=Object.freeze([...r]))}return Object.freeze(t)}function createJwtAttributeProjection(t){let n=normalizeJwtClaims(t);return Object.freeze(Object.fromEntries(Object.entries(n).filter(([t])=>!STANDARD_PROJECTED_CLAIM_KEYS.has(t))))}function areTokenClaimMatchersSatisfied(e,t){let n=normalizeJwtClaims(e);if(t.subjects!==void 0){let n=typeof e.sub==`string`?e.sub:null;if(n===null||!t.subjects.some(e=>matchesWildcardPattern(e,n)))return!1}return t.claims===void 0?!0:Object.entries(t.claims).every(([e,t])=>{let r=n[e];return r===void 0?!1:typeof r==`string`?t.includes(r):r.some(e=>t.includes(e))})}function createJwtAuthenticatedCallerPrincipal(e){let t=readFirstStringClaim(e.payload,[...e.issuerClaims??[],`iss`]),n=e.subjectClaim??`sub`,r=readFirstStringClaim(e.payload,[n]);if(t===void 0||r===void 0)throw Error(`Expected verified JWT payloads to include string iss and ${n} claims.`);let i=normalizeJwtClaims(e.payload);return{attributes:createJwtAttributeProjection(e.payload),authenticator:e.authenticator,claims:i,issuer:t,principalId:`${t}:${r}`,principalType:e.principalType,subject:r}}function readFirstStringClaim(e,t){for(let n of t){let t=e[n];if(typeof t==`string`&&t.length>0)return t}}function matchesWildcardPattern(e,t){if(!e.includes(`*`))return e===t;let n=e.replaceAll(/[.+?^${}()|[\]\\]/g,`\\$&`).replaceAll(`*`,`.*`);return RegExp(`^${n}$`).test(t)}export{areTokenClaimMatchersSatisfied,createJwtAuthenticatedCallerPrincipal};

package/dist/src/runtime/governance/auth/types.d.ts

@@ -67,6 +67,12 @@ export interface ResolvedOidcAuthStrategy extends ResolvedTokenClaimMatchers {
      * `principalType: "runtime"`; other current-project tokens are
      * tagged `"service"`.
      *
+     * Vercel OIDC tokens with an `external_sub` claim are user tokens.
+     * They must satisfy the current project/environment constraints when
+     * those environment variables are configured, and then authenticate as
+     * `principalType: "user"` with `external_sub` as their subject and
+     * `external_iss` / `connector_id` as their issuer when present.
+     *
      * Set exclusively by `verifyVercelOidc`. The generic public
      * `verifyOidc` always passes `false`.
      */

package/dist/src/shared/sandbox-session.d.ts

@@ -19,11 +19,6 @@ export type SandboxSpawnOptions = Parameters<AiSdkSandbox["spawn"]>[0];
  * Mirrors the AI SDK `Experimental_SandboxProcess` type.
  */
 export type SandboxProcess = Awaited<ReturnType<AiSdkSandbox["spawn"]>>;
-/**
- * @deprecated Use {@link SandboxRunOptions} instead. Kept as an alias
- * for source compatibility; will be removed in a future release.
- */
-export type SandboxRunCommandOptions = SandboxRunOptions;
 /**
  * Options for reading one file as a stream of bytes.
  */
@@ -67,8 +62,6 @@ export type SandboxWriteTextFileOptions = Parameters<AiSdkSandbox["writeTextFile
  * Relative paths resolve from `/workspace`, the live working directory
  * for every backend. Absolute paths pass through unchanged.
  *
- * `runCommand` is preserved as a deprecated alias for `run`. It emits a
- * one-time warning per session when called.
  */
 export interface SandboxSession extends Pick<AiSdkSandbox, "run" | "spawn" | "readFile" | "readBinaryFile" | "readTextFile" | "writeFile" | "writeBinaryFile" | "writeTextFile"> {
     /**
@@ -90,16 +83,6 @@ export interface SandboxSession extends Pick<AiSdkSandbox, "run" | "spawn" | "re
      * The read and write methods already apply this internally.
      */
     resolvePath(path: string): string;
-    /**
-     * @deprecated Use {@link SandboxSession.run} instead. This alias wraps
-     * `run` and emits a one-time deprecation warning per session on call.
-     *
-     * Marked optional on the public type so authored code that constructs
-     * its own session-like fixtures isn't forced to mock the deprecated
-     * path. Runtime sessions built through `buildSandboxSession` always
-     * provide it.
-     */
-    runCommand?: AiSdkSandbox["run"];
 }
 /**
  * Internal sandbox session, used to construct the public {@link SandboxSession}.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "experimental-ash",
-  "version": "0.34.0",
+  "version": "0.35.0",
   "bin": {
     "ash": "./bin/ash.js",
     "experimental-ash": "./bin/ash.js"
@@ -190,7 +190,7 @@
     "@types/react": "19.2.15",
     "@types/react-test-renderer": "19.1.0",
     "@vercel/oidc": "3.4.1",
-    "@vercel/sandbox": "2.0.0",
+    "@vercel/sandbox": "2.0.1",
     "@workflow/core": "5.0.0-beta.7",
     "@workflow/errors": "5.0.0-beta.4",
     "@workflow/world-local": "5.0.0-beta.6",