npm - zeitlich - Versions diffs - 0.2.40 → 0.2.42 - Mend

zeitlich 0.2.40 → 0.2.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (134) hide show

package/README.md +12 -1
package/dist/{activities-CvUrG3YG.d.cts → activities-Coafq5zr.d.cts} +2 -2
package/dist/{activities-CULxRzJ1.d.ts → activities-CrN-ghLo.d.ts} +2 -2
package/dist/adapters/sandbox/daytona/index.cjs +4 -23
package/dist/adapters/sandbox/daytona/index.cjs.map +1 -1
package/dist/adapters/sandbox/daytona/index.d.cts +18 -86
package/dist/adapters/sandbox/daytona/index.d.ts +18 -86
package/dist/adapters/sandbox/daytona/index.js +4 -23
package/dist/adapters/sandbox/daytona/index.js.map +1 -1
package/dist/adapters/sandbox/daytona/workflow.cjs +1 -7
package/dist/adapters/sandbox/daytona/workflow.cjs.map +1 -1
package/dist/adapters/sandbox/daytona/workflow.d.cts +9 -2
package/dist/adapters/sandbox/daytona/workflow.d.ts +9 -2
package/dist/adapters/sandbox/daytona/workflow.js +1 -7
package/dist/adapters/sandbox/daytona/workflow.js.map +1 -1
package/dist/adapters/sandbox/e2b/index.cjs +21 -3
package/dist/adapters/sandbox/e2b/index.cjs.map +1 -1
package/dist/adapters/sandbox/e2b/index.d.cts +48 -7
package/dist/adapters/sandbox/e2b/index.d.ts +48 -7
package/dist/adapters/sandbox/e2b/index.js +22 -5
package/dist/adapters/sandbox/e2b/index.js.map +1 -1
package/dist/adapters/sandbox/e2b/workflow.cjs.map +1 -1
package/dist/adapters/sandbox/e2b/workflow.d.cts +4 -2
package/dist/adapters/sandbox/e2b/workflow.d.ts +4 -2
package/dist/adapters/sandbox/e2b/workflow.js.map +1 -1
package/dist/adapters/sandbox/inmemory/index.cjs +11 -0
package/dist/adapters/sandbox/inmemory/index.cjs.map +1 -1
package/dist/adapters/sandbox/inmemory/index.d.cts +11 -3
package/dist/adapters/sandbox/inmemory/index.d.ts +11 -3
package/dist/adapters/sandbox/inmemory/index.js +11 -1
package/dist/adapters/sandbox/inmemory/index.js.map +1 -1
package/dist/adapters/sandbox/inmemory/workflow.cjs.map +1 -1
package/dist/adapters/sandbox/inmemory/workflow.d.cts +4 -2
package/dist/adapters/sandbox/inmemory/workflow.d.ts +4 -2
package/dist/adapters/sandbox/inmemory/workflow.js.map +1 -1
package/dist/adapters/thread/anthropic/index.cjs.map +1 -1
package/dist/adapters/thread/anthropic/index.d.cts +6 -6
package/dist/adapters/thread/anthropic/index.d.ts +6 -6
package/dist/adapters/thread/anthropic/index.js.map +1 -1
package/dist/adapters/thread/anthropic/workflow.d.cts +6 -6
package/dist/adapters/thread/anthropic/workflow.d.ts +6 -6
package/dist/adapters/thread/google-genai/index.cjs.map +1 -1
package/dist/adapters/thread/google-genai/index.d.cts +6 -6
package/dist/adapters/thread/google-genai/index.d.ts +6 -6
package/dist/adapters/thread/google-genai/index.js.map +1 -1
package/dist/adapters/thread/google-genai/workflow.d.cts +6 -6
package/dist/adapters/thread/google-genai/workflow.d.ts +6 -6
package/dist/adapters/thread/langchain/index.cjs.map +1 -1
package/dist/adapters/thread/langchain/index.d.cts +6 -6
package/dist/adapters/thread/langchain/index.d.ts +6 -6
package/dist/adapters/thread/langchain/index.js.map +1 -1
package/dist/adapters/thread/langchain/workflow.d.cts +6 -6
package/dist/adapters/thread/langchain/workflow.d.ts +6 -6
package/dist/index.cjs +316 -119
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +93 -17
package/dist/index.d.ts +93 -17
package/dist/index.js +317 -120
package/dist/index.js.map +1 -1
package/dist/{proxy-5EbwzaY4.d.cts → proxy-Bf7uI-Hw.d.cts} +1 -1
package/dist/{proxy-wZufFfBh.d.ts → proxy-COqA95FW.d.ts} +1 -1
package/dist/{thread-manager-BqBAIsED.d.ts → thread-manager-BhkOyQ1I.d.ts} +2 -2
package/dist/{thread-manager-BNiIt5r8.d.ts → thread-manager-Bi1XlbpJ.d.ts} +2 -2
package/dist/{thread-manager-DF8WuCRs.d.cts → thread-manager-BsLO3Fgc.d.cts} +2 -2
package/dist/{thread-manager-BoN5DOvG.d.cts → thread-manager-wRVVBFgj.d.cts} +2 -2
package/dist/{types-C7OoY7h8.d.ts → types-BkX4HLzi.d.ts} +1 -1
package/dist/{types-CuISs0Ub.d.cts → types-C66-BVBr.d.cts} +1 -1
package/dist/types-CJ7tCdl6.d.cts +266 -0
package/dist/types-CJ7tCdl6.d.ts +266 -0
package/dist/{types-DeQH84C_.d.ts → types-CdALEF3z.d.cts} +342 -23
package/dist/{types-Cn2r3ol3.d.cts → types-ChAy_jSP.d.ts} +342 -23
package/dist/types-CjY93AWZ.d.cts +84 -0
package/dist/types-gVa5XCWD.d.ts +84 -0
package/dist/{workflow-DhplIN65.d.cts → workflow-BwT5EybR.d.ts} +7 -6
package/dist/{workflow-C2MZZj5K.d.ts → workflow-DMmiaw6w.d.cts} +7 -6
package/dist/workflow.cjs +138 -77
package/dist/workflow.cjs.map +1 -1
package/dist/workflow.d.cts +4 -4
package/dist/workflow.d.ts +4 -4
package/dist/workflow.js +139 -78
package/dist/workflow.js.map +1 -1
package/package.json +17 -33
package/src/adapters/sandbox/daytona/index.ts +25 -48
package/src/adapters/sandbox/daytona/proxy.ts +7 -8
package/src/adapters/sandbox/e2b/README.md +81 -0
package/src/adapters/sandbox/e2b/index.ts +53 -11
package/src/adapters/sandbox/e2b/keep-alive.test.ts +115 -0
package/src/adapters/sandbox/e2b/proxy.ts +3 -2
package/src/adapters/sandbox/e2b/types.ts +34 -2
package/src/adapters/sandbox/inmemory/index.ts +21 -1
package/src/adapters/sandbox/inmemory/proxy.ts +7 -3
package/src/index.ts +1 -1
package/src/lib/activity.ts +5 -0
package/src/lib/sandbox/capability-types.test.ts +859 -0
package/src/lib/sandbox/index.ts +1 -0
package/src/lib/sandbox/manager.ts +187 -31
package/src/lib/sandbox/types.ts +189 -46
package/src/lib/session/index.ts +1 -0
package/src/lib/session/session.integration.test.ts +58 -0
package/src/lib/session/session.ts +109 -50
package/src/lib/session/types.ts +189 -8
package/src/lib/subagent/handler.ts +66 -43
package/src/lib/subagent/subagent.integration.test.ts +2 -0
package/src/lib/subagent/types.ts +492 -16
package/src/lib/subagent/workflow.ts +11 -1
package/src/lib/tool-router/auto-append-sandbox.integration.test.ts +158 -0
package/src/lib/tool-router/index.ts +1 -1
package/src/lib/tool-router/with-sandbox.ts +45 -2
package/src/lib/virtual-fs/filesystem.ts +41 -16
package/src/lib/virtual-fs/types.ts +19 -0
package/src/lib/virtual-fs/virtual-fs.test.ts +204 -1
package/src/tools/read-file/handler.test.ts +83 -0
package/src/workflow.ts +3 -0
package/tsup.config.ts +0 -4
package/dist/adapters/sandbox/bedrock/index.cjs +0 -457
package/dist/adapters/sandbox/bedrock/index.cjs.map +0 -1
package/dist/adapters/sandbox/bedrock/index.d.cts +0 -25
package/dist/adapters/sandbox/bedrock/index.d.ts +0 -25
package/dist/adapters/sandbox/bedrock/index.js +0 -454
package/dist/adapters/sandbox/bedrock/index.js.map +0 -1
package/dist/adapters/sandbox/bedrock/workflow.cjs +0 -36
package/dist/adapters/sandbox/bedrock/workflow.cjs.map +0 -1
package/dist/adapters/sandbox/bedrock/workflow.d.cts +0 -29
package/dist/adapters/sandbox/bedrock/workflow.d.ts +0 -29
package/dist/adapters/sandbox/bedrock/workflow.js +0 -34
package/dist/adapters/sandbox/bedrock/workflow.js.map +0 -1
package/dist/types-DAsQ21Rt.d.ts +0 -74
package/dist/types-lm8tMNJQ.d.cts +0 -74
package/dist/types-yx0LzPGn.d.cts +0 -173
package/dist/types-yx0LzPGn.d.ts +0 -173
package/src/adapters/sandbox/bedrock/filesystem.ts +0 -340
package/src/adapters/sandbox/bedrock/index.ts +0 -274
package/src/adapters/sandbox/bedrock/proxy.ts +0 -59
package/src/adapters/sandbox/bedrock/types.ts +0 -24

package/src/lib/sandbox/index.ts CHANGED Viewed

@@ -4,6 +4,7 @@ export { toTree } from "./tree";
 export type {
   Sandbox,
   SandboxCapabilities,
+  SandboxCapability,
   SandboxCreateOptions,
   SandboxFileSystem,
   SandboxOps,

package/src/lib/sandbox/manager.ts CHANGED Viewed

@@ -1,11 +1,34 @@
 import type {
   Sandbox,
+  SandboxCapability,
   SandboxCreateOptions,
   SandboxOps,
   PrefixedSandboxOps,
   SandboxProvider,
   SandboxSnapshot,
 } from "./types";
+import { SandboxNotSupportedError } from "./types";
+/**
+ * Method names the manager treats as capability-gated, mirroring the
+ * conditional fields on {@link SandboxProvider}. The full list is used
+ * by the constructor-time consistency check below to assert that, for
+ * each gated method present on the provider at runtime, the matching
+ * capability is also declared in `supportedCapabilities` (and vice
+ * versa). This is the runtime half of the type↔runtime alignment guard
+ * the type-level constraint can't enforce on its own.
+ */
+const CAP_METHOD_TO_CAPABILITY: ReadonlyArray<{
+  method: string;
+  capability: SandboxCapability;
+}> = [
+  { method: "pause", capability: "pause" },
+  { method: "resume", capability: "resume" },
+  { method: "snapshot", capability: "snapshot" },
+  { method: "deleteSnapshot", capability: "snapshot" },
+  { method: "restore", capability: "restore" },
+  { method: "fork", capability: "fork" },
+];
 /**
  * Result returned by {@link SandboxManagerHooks.onPreCreate}.
@@ -61,8 +84,16 @@ export interface SandboxManagerHooks<
 /**
  * Stateless facade over a {@link SandboxProvider}.
  *
- * Delegates all lifecycle operations to the provider, which is responsible
- * for its own instance management strategy (e.g. in-memory map, remote API).
+ * Generic over the same capability set (`TCaps`) as the underlying
+ * provider. The manager's lifecycle methods are always present on the
+ * class (so existing call sites compile unchanged), but
+ * {@link SandboxManager.createActivities} is capability-gated: only
+ * activities whose capability the provider declares via
+ * {@link SandboxProvider.supportedCapabilities} are wrapped, and the
+ * returned object's type omits absent ones.
+ *
+ * The default `TCaps = SandboxCapability` keeps the full method surface
+ * for existing usages that only pass `TOptions` / `TSandbox` / `TId`.
  *
  * Optional {@link SandboxManagerHooks} can be passed at construction time.
  * The `onPreCreate` hook runs inside the `createSandbox` activity, receiving
@@ -105,16 +136,62 @@ export class SandboxManager<
   TSandbox extends Sandbox = Sandbox,
   TId extends string = string,
   TCtx = unknown,
+  TCaps extends SandboxCapability = SandboxCapability,
 > {
   private hooks: SandboxManagerHooks<TOptions, TCtx>;
   constructor(
-    private provider: SandboxProvider<TOptions, TSandbox> & {
+    private provider: SandboxProvider<TOptions, TSandbox, TCaps> & {
       readonly id: TId;
     },
     options?: { hooks?: SandboxManagerHooks<TOptions, TCtx> }
   ) {
     this.hooks = options?.hooks ?? {};
+    this.assertCapabilityRuntimeConsistency();
+  }
+  /**
+   * Verifies that the provider's runtime `supportedCapabilities` set is
+   * consistent with the gated methods physically present on the provider.
+   *
+   * Belt-and-suspenders complement to the type-level
+   * `ReadonlySet<TCaps & SandboxCapability>` constraint: TypeScript can
+   * prevent the runtime set from containing capabilities not declared in
+   * `TCaps`, but it cannot detect a provider that **declares** a cap in
+   * `TCaps` and forgets to include it in the runtime set (or that ships
+   * a method without listing its cap). Both shapes silently break
+   * activity registration, so we trip a loud failure at construction
+   * time instead.
+   *
+   * Adapters that derive both surfaces from a single `as const`
+   * capability array (the recommended pattern) pass this check by
+   * construction.
+   */
+  private assertCapabilityRuntimeConsistency(): void {
+    const supported = this.provider
+      .supportedCapabilities as ReadonlySet<SandboxCapability>;
+    for (const { method, capability } of CAP_METHOD_TO_CAPABILITY) {
+      const hasMethod =
+        typeof (this.provider as unknown as Record<string, unknown>)[method] ===
+        "function";
+      const declaresCap = supported.has(capability);
+      if (hasMethod && !declaresCap) {
+        throw new Error(
+          `Sandbox provider "${this.provider.id}" implements ${method}() but ` +
+            `does not list "${capability}" in supportedCapabilities. ` +
+            `Add the capability to the provider's runtime set so activities ` +
+            `for it can be registered.`
+        );
+      }
+      if (declaresCap && !hasMethod) {
+        throw new Error(
+          `Sandbox provider "${this.provider.id}" lists "${capability}" in ` +
+            `supportedCapabilities but does not implement ${method}(). ` +
+            `Either add the method to the provider or remove the capability ` +
+            `from supportedCapabilities.`
+        );
+      }
+    }
   }
   async create(
@@ -165,35 +242,84 @@ export class SandboxManager<
     await this.provider.destroy(id);
   }
+  /**
+   * Capability-gated lifecycle methods on the underlying provider.
+   *
+   * These manager methods always exist at runtime; calling one whose
+   * capability is absent from the provider's `supportedCapabilities`
+   * throws an error. The activities returned from
+   * {@link SandboxManager.createActivities} are gated at the type level
+   * via `TCaps`, which is where compile-time safety is enforced.
+   */
   async pause(id: string, ttlSeconds?: number): Promise<void> {
-    await this.provider.pause(id, ttlSeconds);
+    const fn = this.providerMethod("pause") as
+      | ((id: string, ttlSeconds?: number) => Promise<void>)
+      | undefined;
+    if (!fn) throw this.unsupported("pause");
+    await fn.call(this.provider, id, ttlSeconds);
   }
   async resume(id: string): Promise<void> {
-    await this.provider.resume(id);
+    const fn = this.providerMethod("resume") as
+      | ((id: string) => Promise<void>)
+      | undefined;
+    if (!fn) throw this.unsupported("resume");
+    await fn.call(this.provider, id);
   }
   async snapshot(id: string, options?: TOptions): Promise<SandboxSnapshot> {
-    return this.provider.snapshot(id, options);
+    const fn = this.providerMethod("snapshot") as
+      | ((id: string, options?: TOptions) => Promise<SandboxSnapshot>)
+      | undefined;
+    if (!fn) throw this.unsupported("snapshot");
+    return fn.call(this.provider, id, options);
   }
   async restore(
     snapshot: SandboxSnapshot,
     options?: TOptions
   ): Promise<string> {
-    const sandbox = await this.provider.restore(snapshot, options);
+    const fn = this.providerMethod("restore") as
+      | ((snap: SandboxSnapshot, options?: TOptions) => Promise<TSandbox>)
+      | undefined;
+    if (!fn) throw this.unsupported("restore");
+    const sandbox = await fn.call(this.provider, snapshot, options);
     return sandbox.id;
   }
   async deleteSnapshot(snapshot: SandboxSnapshot): Promise<void> {
-    await this.provider.deleteSnapshot(snapshot);
+    const fn = this.providerMethod("deleteSnapshot") as
+      | ((snap: SandboxSnapshot) => Promise<void>)
+      | undefined;
+    if (!fn) throw this.unsupported("deleteSnapshot");
+    await fn.call(this.provider, snapshot);
   }
   async fork(sandboxId: string, options?: TOptions): Promise<string> {
-    const sandbox = await this.provider.fork(sandboxId, options);
+    const fn = this.providerMethod("fork") as
+      | ((id: string, options?: TOptions) => Promise<TSandbox>)
+      | undefined;
+    if (!fn) throw this.unsupported("fork");
+    const sandbox = await fn.call(this.provider, sandboxId, options);
     return sandbox.id;
   }
+  private providerMethod(name: string): unknown {
+    const value = (this.provider as unknown as Record<string, unknown>)[name];
+    return typeof value === "function" ? value : undefined;
+  }
+  /**
+   * Constructs the structured error thrown when an unsupported lifecycle
+   * method is invoked through the manager. Uses the public
+   * {@link SandboxNotSupportedError} symbol so consumers that catch on
+   * `instanceof SandboxNotSupportedError` (the documented compatibility
+   * path) keep matching after the refactor.
+   */
+  private unsupported(name: string): SandboxNotSupportedError {
+    return new SandboxNotSupportedError(name);
+  }
   /**
    * Returns Temporal activity functions with prefixed names.
    *
@@ -201,6 +327,11 @@ export class SandboxManager<
    * to pass the workflow/scope name. Use the matching `proxy*SandboxOps()`
    * helper from the adapter's `/workflow` entrypoint on the workflow side.
    *
+   * Activities are only registered for capabilities the provider declares
+   * via {@link SandboxProvider.supportedCapabilities}: methods omitted
+   * from the cap set are not wrapped, and the returned object's type
+   * omits the corresponding keys.
+   *
    * @param scope - Workflow name (appended to the provider id)
    *
    * @example
@@ -211,14 +342,25 @@ export class SandboxManager<
    *
    * const dmgr = new SandboxManager(new DaytonaSandboxProvider(config));
    * dmgr.createActivities("CodingAgent");
-   * // registers: daytonaCodingAgentCreateSandbox, …
+   * // registers: daytonaCodingAgentCreateSandbox, daytonaCodingAgentDestroySandbox
+   * // (snapshot/restore/fork/pause/resume omitted — Daytona doesn't declare them)
    * ```
    */
   createActivities<S extends string>(
     scope: S
-  ): PrefixedSandboxOps<`${TId}${Capitalize<S>}`, TOptions, TCtx> {
+  ): PrefixedSandboxOps<`${TId}${Capitalize<S>}`, TOptions, TCtx, TCaps> {
     const prefix = `${this.provider.id}${scope.charAt(0).toUpperCase()}${scope.slice(1)}`;
-    const ops: SandboxOps<TOptions, TCtx> = {
+    const cap = (s: string): string => s.charAt(0).toUpperCase() + s.slice(1);
+    // The set is statically typed against the (possibly narrow) `TCaps`,
+    // but we need to probe every well-known capability here. Widen for
+    // the duration of the lookup; the constructor-time consistency check
+    // already ensures these probes can't accidentally observe a method
+    // present on the provider that's missing from the declared set.
+    const supported = this.provider
+      .supportedCapabilities as ReadonlySet<SandboxCapability>;
+    type WideOps = SandboxOps<TOptions, TCtx>;
+    const ops: Partial<WideOps> = {
       createSandbox: async (
         options?: TOptions,
         ctx?: TCtx
@@ -228,42 +370,56 @@ export class SandboxManager<
       destroySandbox: async (sandboxId: string): Promise<void> => {
         await this.destroy(sandboxId);
       },
-      pauseSandbox: async (
+    };
+    if (supported.has("pause")) {
+      ops.pauseSandbox = async (
         sandboxId: string,
         ttlSeconds?: number
       ): Promise<void> => {
         await this.pause(sandboxId, ttlSeconds);
-      },
-      resumeSandbox: async (sandboxId: string): Promise<void> => {
+      };
+    }
+    if (supported.has("resume")) {
+      ops.resumeSandbox = async (sandboxId: string): Promise<void> => {
         await this.resume(sandboxId);
-      },
-      snapshotSandbox: async (
+      };
+    }
+    if (supported.has("snapshot")) {
+      ops.snapshotSandbox = async (
         sandboxId: string,
         options?: TOptions
       ): Promise<SandboxSnapshot> => {
         return this.snapshot(sandboxId, options);
-      },
-      restoreSandbox: async (
+      };
+      ops.deleteSandboxSnapshot = async (
+        snapshot: SandboxSnapshot
+      ): Promise<void> => {
+        await this.deleteSnapshot(snapshot);
+      };
+    }
+    if (supported.has("restore")) {
+      ops.restoreSandbox = async (
         snapshot: SandboxSnapshot,
         options?: TOptions
       ): Promise<string> => {
         return this.restore(snapshot, options);
-      },
-      deleteSandboxSnapshot: async (
-        snapshot: SandboxSnapshot
-      ): Promise<void> => {
-        await this.deleteSnapshot(snapshot);
-      },
-      forkSandbox: async (
+      };
+    }
+    if (supported.has("fork")) {
+      ops.forkSandbox = async (
         sandboxId: string,
         options?: TOptions
       ): Promise<string> => {
         return this.fork(sandboxId, options);
-      },
-    };
-    const cap = (s: string): string => s.charAt(0).toUpperCase() + s.slice(1);
+      };
+    }
+    const entries = Object.entries(ops).filter(
+      ([, v]) => typeof v === "function"
+    );
     return Object.fromEntries(
-      Object.entries(ops).map(([k, v]) => [`${prefix}${cap(k)}`, v])
-    ) as PrefixedSandboxOps<`${TId}${Capitalize<S>}`, TOptions, TCtx>;
+      entries.map(([k, v]) => [`${prefix}${cap(k)}`, v])
+    ) as PrefixedSandboxOps<`${TId}${Capitalize<S>}`, TOptions, TCtx, TCaps>;
   }
 }

package/src/lib/sandbox/types.ts CHANGED Viewed

@@ -84,6 +84,14 @@ export interface ExecResult {
 // Capabilities
 // ============================================================================
+/**
+ * Runtime capability flags carried by a {@link Sandbox} instance.
+ *
+ * These are an orthogonal mechanism to the type-level
+ * {@link SandboxCapability} union: this flag bag is for runtime
+ * introspection ("does the sandbox support a filesystem?") whereas
+ * {@link SandboxCapability} narrows the type-level provider/ops contract.
+ */
 export interface SandboxCapabilities {
   /** Sandbox supports filesystem operations */
   filesystem: boolean;
@@ -93,6 +101,24 @@ export interface SandboxCapabilities {
   persistence: boolean;
 }
+/**
+ * Type-level capability vocabulary for {@link SandboxProvider} and
+ * {@link SandboxOps}. Adapters declare the subset they actually support; the
+ * conditional types on each contract gate the corresponding methods so
+ * unsupported calls become a compile-time error rather than a runtime
+ * {@link SandboxNotSupportedError}.
+ *
+ * `pause` and `resume` are split because some adapters might support one
+ * direction without the other. The `snapshot` cap covers both `snapshot()`
+ * and `deleteSnapshot()` since they always travel together in practice.
+ */
+export type SandboxCapability =
+  | "pause"
+  | "resume"
+  | "snapshot"
+  | "restore"
+  | "fork";
 // ============================================================================
 // Sandbox
 // ============================================================================
@@ -145,88 +171,196 @@ export interface SandboxCreateResult {
   sandbox: Sandbox;
 }
-export interface SandboxProvider<
-  TOptions extends SandboxCreateOptions = SandboxCreateOptions,
-  TSandbox extends Sandbox = Sandbox,
+/**
+ * Internal helper: drop keys whose value is `never` from an object type.
+ *
+ * Used by the capability-gated contracts below so that an absent capability
+ * removes the corresponding key entirely, instead of leaving a required
+ * field with type `never` (which would make implementations impossible).
+ */
+type OmitNever<T> = {
+  [K in keyof T as [T[K]] extends [never] ? never : K]: T[K];
+};
+/**
+ * Capability-gated provider lifecycle methods.
+ *
+ * Each field becomes `never` when its capability is absent from `TCaps`;
+ * the wrapping `OmitNever` removes those keys entirely, so the method
+ * isn't part of the type surface for adapters that don't support it.
+ */
+type SandboxProviderCapMethods<
+  TOptions extends SandboxCreateOptions,
+  TSandbox extends Sandbox,
+  TCaps extends SandboxCapability,
+> = OmitNever<{
+  pause: "pause" extends TCaps
+    ? (sandboxId: string, ttlSeconds?: number) => Promise<void>
+    : never;
+  resume: "resume" extends TCaps ? (sandboxId: string) => Promise<void> : never;
+  snapshot: "snapshot" extends TCaps
+    ? (sandboxId: string, options?: TOptions) => Promise<SandboxSnapshot>
+    : never;
+  deleteSnapshot: "snapshot" extends TCaps
+    ? (snapshot: SandboxSnapshot) => Promise<void>
+    : never;
+  restore: "restore" extends TCaps
+    ? (snapshot: SandboxSnapshot, options?: TOptions) => Promise<TSandbox>
+    : never;
+  fork: "fork" extends TCaps
+    ? (sandboxId: string, options?: TOptions) => Promise<TSandbox>
+    : never;
+}>;
+/**
+ * Always-present provider lifecycle methods. These do not depend on the
+ * capability set and are required by every adapter.
+ */
+interface SandboxProviderBase<
+  TOptions extends SandboxCreateOptions,
+  TSandbox extends Sandbox,
+  TCaps extends SandboxCapability,
 > {
   readonly id: string;
   readonly capabilities: SandboxCapabilities;
+  /**
+   * Runtime-introspectable list of supported capabilities.
+   *
+   * Constrained to `ReadonlySet<TCaps & SandboxCapability>` so the runtime
+   * set cannot include capabilities not declared at the type level — a
+   * provider typed as `SandboxProvider<…, never>` cannot ship a runtime
+   * set that contains `"pause"`, etc.
+   *
+   * The other direction (type declares a cap, runtime set omits it)
+   * cannot be enforced by TypeScript alone; adapters should derive both
+   * `TCaps` and the runtime set from the same `as const` array (see
+   * `SandboxManager`'s constructor-time consistency check) so the two
+   * surfaces cannot drift.
+   */
+  readonly supportedCapabilities: ReadonlySet<TCaps & SandboxCapability>;
   create(options?: TOptions): Promise<SandboxCreateResult>;
   get(sandboxId: string): Promise<TSandbox>;
   destroy(sandboxId: string): Promise<void>;
-  pause(sandboxId: string, ttlSeconds?: number): Promise<void>;
-  /** Resume a paused sandbox. No-op if already running. */
-  resume(sandboxId: string): Promise<void>;
-  /**
-   * Capture a snapshot of a running sandbox. `options` is a per-call override
-   * merged on top of the provider's static defaults.
-   */
-  snapshot(sandboxId: string, options?: TOptions): Promise<SandboxSnapshot>;
-  /**
-   * Restore a sandbox from a snapshot. `options` is a per-call override
-   * merged on top of the provider's static defaults.
-   */
-  restore(snapshot: SandboxSnapshot, options?: TOptions): Promise<Sandbox>;
-  /** Delete a previously captured snapshot. No-op if already deleted. */
-  deleteSnapshot(snapshot: SandboxSnapshot): Promise<void>;
-  /**
-   * Fork a running sandbox into a new one. `options` is a per-call override
-   * merged on top of the provider's static defaults.
-   */
-  fork(sandboxId: string, options?: TOptions): Promise<Sandbox>;
 }
+/**
+ * Provider-side sandbox lifecycle contract.
+ *
+ * Generic over an optional capability set (`TCaps`). Each capability gates
+ * a specific method: when the cap is absent the corresponding key is
+ * **removed** from the type entirely, so calling it produces a TypeScript
+ * error at the call site instead of a runtime
+ * {@link SandboxNotSupportedError}.
+ *
+ * The default `TCaps = SandboxCapability` resolves to the full union, so
+ * existing usages that only pass `TOptions` / `TSandbox` continue to see
+ * the full method surface (backwards compatible).
+ *
+ * Adapters that don't support a method should narrow `TCaps` accordingly:
+ *
+ * - In-memory / E2B: `SandboxCapability` (default — all caps present).
+ * - Bedrock Code Interpreter / Daytona: `never` (only base ops).
+ * - Bedrock AgentCore Runtime: `"pause" | "resume"`.
+ */
+export type SandboxProvider<
+  TOptions extends SandboxCreateOptions = SandboxCreateOptions,
+  TSandbox extends Sandbox = Sandbox,
+  TCaps extends SandboxCapability = SandboxCapability,
+> = SandboxProviderBase<TOptions, TSandbox, TCaps> &
+  SandboxProviderCapMethods<TOptions, TSandbox, TCaps>;
 // ============================================================================
 // SandboxOps — workflow-side activity interface (like ThreadOps)
 // ============================================================================
-export interface SandboxOps<
-  TOptions extends SandboxCreateOptions = SandboxCreateOptions,
-  TCtx = unknown,
+/**
+ * Capability-gated workflow-side methods. Mirrors the provider's gating:
+ * keys whose capability is absent from `TCaps` are removed from the type.
+ */
+type SandboxOpsCapMethods<
+  TOptions extends SandboxCreateOptions,
+  TCaps extends SandboxCapability,
+> = OmitNever<{
+  pauseSandbox: "pause" extends TCaps
+    ? (sandboxId: string) => Promise<void>
+    : never;
+  resumeSandbox: "resume" extends TCaps
+    ? (sandboxId: string) => Promise<void>
+    : never;
+  snapshotSandbox: "snapshot" extends TCaps
+    ? (sandboxId: string, options?: TOptions) => Promise<SandboxSnapshot>
+    : never;
+  deleteSandboxSnapshot: "snapshot" extends TCaps
+    ? (snapshot: SandboxSnapshot) => Promise<void>
+    : never;
+  restoreSandbox: "restore" extends TCaps
+    ? (snapshot: SandboxSnapshot, options?: TOptions) => Promise<string>
+    : never;
+  forkSandbox: "fork" extends TCaps
+    ? (sandboxId: string, options?: TOptions) => Promise<string>
+    : never;
+}>;
+/**
+ * Always-present workflow-side lifecycle methods.
+ */
+interface SandboxOpsBase<
+  TOptions extends SandboxCreateOptions,
+  TCtx,
 > {
   createSandbox(
     options?: TOptions,
     ctx?: TCtx
   ): Promise<{ sandboxId: string } | null>;
   destroySandbox(sandboxId: string): Promise<void>;
-  pauseSandbox(sandboxId: string): Promise<void>;
-  /** Resume a paused sandbox. No-op if already running. */
-  resumeSandbox(sandboxId: string): Promise<void>;
-  /** Capture a snapshot. `options` is a per-call override merged on top of provider defaults. */
-  snapshotSandbox(
-    sandboxId: string,
-    options?: TOptions
-  ): Promise<SandboxSnapshot>;
-  /** Create a fresh sandbox from a snapshot. `options` is a per-call override merged on top of provider defaults. */
-  restoreSandbox(
-    snapshot: SandboxSnapshot,
-    options?: TOptions
-  ): Promise<string>;
-  /** Delete a previously captured snapshot. No-op if already deleted. */
-  deleteSandboxSnapshot(snapshot: SandboxSnapshot): Promise<void>;
-  /** Fork a running sandbox. `options` is a per-call override merged on top of provider defaults. */
-  forkSandbox(sandboxId: string, options?: TOptions): Promise<string>;
 }
+/**
+ * Workflow-side counterpart to {@link SandboxProvider}. Exposed as a set of
+ * Temporal activities and consumed by `createSession`'s `sandboxOps` field
+ * and by `defineSubagent`'s `sandbox.proxy`.
+ *
+ * Generic over a capability set (`TCaps`) — same semantics as the provider:
+ * keys whose capability is absent are removed from the type, so calling
+ * them is a TypeScript error rather than a runtime throw. The default
+ * `TCaps = SandboxCapability` keeps the full method surface for existing
+ * consumers.
+ */
+export type SandboxOps<
+  TOptions extends SandboxCreateOptions = SandboxCreateOptions,
+  TCtx = unknown,
+  TCaps extends SandboxCapability = SandboxCapability,
+> = SandboxOpsBase<TOptions, TCtx> & SandboxOpsCapMethods<TOptions, TCaps>;
 /**
  * Maps generic {@link SandboxOps} method names to adapter-prefixed names.
  *
+ * Inherits the capability gating from {@link SandboxOps}: when `TCaps` omits
+ * a capability the prefixed key carries the `never` type so call sites are
+ * type-protected.
+ *
  * @example
  * ```typescript
  * type InMemOps = PrefixedSandboxOps<"inMemory">;
- * // → { inMemoryCreateSandbox, inMemoryDestroySandbox, inMemorySnapshotSandbox }
+ * // → { inMemoryCreateSandbox, inMemoryDestroySandbox, inMemorySnapshotSandbox, … }
  * ```
  */
 export type PrefixedSandboxOps<
   TPrefix extends string,
   TOptions extends SandboxCreateOptions = SandboxCreateOptions,
   TCtx = unknown,
+  TCaps extends SandboxCapability = SandboxCapability,
 > = {
   [K in keyof SandboxOps<
     TOptions,
-    TCtx
-  > as `${TPrefix}${Capitalize<K & string>}`]: SandboxOps<TOptions, TCtx>[K];
+    TCtx,
+    TCaps
+  > as `${TPrefix}${Capitalize<K & string>}`]: SandboxOps<
+    TOptions,
+    TCtx,
+    TCaps
+  >[K];
 };
 // ============================================================================
@@ -235,6 +369,15 @@ export type PrefixedSandboxOps<
 import { ApplicationFailure } from "@temporalio/common";
+/**
+ * Thrown by adapters that still surface an unsupported method at runtime.
+ *
+ * After the capability-generic refactor most adapters drop their
+ * unsupported methods entirely so the type system rejects them at call
+ * sites. This symbol is still exported so consumers running against older
+ * adapter versions can keep their backwards-compatible error-handling
+ * paths until they finish migrating.
+ */
 export class SandboxNotSupportedError extends ApplicationFailure {
   constructor(operation: string) {
     super(

package/src/lib/session/index.ts CHANGED Viewed

@@ -5,6 +5,7 @@ export type {
   PrefixedThreadOps,
   ScopedPrefix,
   SessionConfig,
+  SessionRequiredCaps,
   SessionResult,
   ZeitlichSession,
 } from "./types";