diff --git a/.changeset/chilly-pugs-cross.md b/.changeset/chilly-pugs-cross.md deleted file mode 100644 index 2488cfb3..00000000 --- a/.changeset/chilly-pugs-cross.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@cloudflare/sandbox': patch ---- - -Update dependencies diff --git a/.changeset/docker-layer-caching.md b/.changeset/docker-layer-caching.md deleted file mode 100644 index 3b4d84b1..00000000 --- a/.changeset/docker-layer-caching.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -'@cloudflare/sandbox': patch ---- - -Add cache mounts to Dockerfile for faster builds - -Adds cache mounts for npm, apt, and pip package managers in the Dockerfile. This speeds up Docker image builds when dependencies change, particularly beneficial for users building from source. diff --git a/.changeset/giant-paths-enjoy.md b/.changeset/giant-paths-enjoy.md deleted file mode 100644 index 79151b1f..00000000 --- a/.changeset/giant-paths-enjoy.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -'@cloudflare/sandbox': patch ---- - -Fix type generation - -We inline types from `@repo/shared` so that it includes the types we reexport. Fixes #165 diff --git a/.changeset/hot-pans-warn.md b/.changeset/hot-pans-warn.md deleted file mode 100644 index 8f471fed..00000000 --- a/.changeset/hot-pans-warn.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@cloudflare/sandbox": patch ---- - -Move .connect to .wsConnect within DO stub diff --git a/examples/claude-code/Dockerfile b/examples/claude-code/Dockerfile index e9e43fc9..15636dc7 100644 --- a/examples/claude-code/Dockerfile +++ b/examples/claude-code/Dockerfile @@ -1,7 +1,7 @@ -FROM docker.io/cloudflare/sandbox:0.4.13 +FROM docker.io/cloudflare/sandbox:0.4.14 RUN npm install -g @anthropic-ai/claude-code ENV COMMAND_TIMEOUT_MS=300000 EXPOSE 3000 # On a Mac with Apple Silicon, you might need to specify the platform: -# FROM --platform=linux/arm64 docker.io/cloudflare/sandbox:0.4.13 +# FROM --platform=linux/arm64 docker.io/cloudflare/sandbox:0.4.14 diff --git a/examples/code-interpreter/Dockerfile b/examples/code-interpreter/Dockerfile index f55b6c58..9e857905 100644 --- a/examples/code-interpreter/Dockerfile +++ b/examples/code-interpreter/Dockerfile @@ -1,9 +1,9 @@ # This image is unique to this repo, and you'll never need it. # Whenever you're integrating with sandbox SDK in your own project, # you should use the official image instead: -# FROM docker.io/cloudflare/sandbox:0.4.13 -FROM cloudflare/sandbox-test:0.4.13 +# FROM docker.io/cloudflare/sandbox:0.4.14 +FROM cloudflare/sandbox-test:0.4.14 # On a mac, you might need to actively pick up the # arm64 build of the image. -# FROM --platform=linux/arm64 cloudflare/sandbox-test:0.4.13 +# FROM --platform=linux/arm64 cloudflare/sandbox-test:0.4.14 diff --git a/examples/minimal/Dockerfile b/examples/minimal/Dockerfile index 78462d90..cbcc78dc 100644 --- a/examples/minimal/Dockerfile +++ b/examples/minimal/Dockerfile @@ -1,7 +1,7 @@ -FROM docker.io/cloudflare/sandbox:0.4.13 +FROM docker.io/cloudflare/sandbox:0.4.14 # On a Mac with Apple Silicon, you might need to specify the platform: -# FROM --platform=linux/arm64 docker.io/cloudflare/sandbox:0.4.13 +# FROM --platform=linux/arm64 docker.io/cloudflare/sandbox:0.4.14 # Required during local development to access exposed ports EXPOSE 8080 diff --git a/package-lock.json b/package-lock.json index 25b14585..0f03c891 100644 --- a/package-lock.json +++ b/package-lock.json @@ -180,6 +180,7 @@ "integrity": "sha512-e7jT4DxYvIDLk1ZHmU/m/mB19rex9sv0c2ftBtjSBv+kVM/902eh0fINUzD7UwLLNR+jU585GxUJ8/EBfAM5fw==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.5", @@ -1128,7 +1129,8 @@ "resolved": "https://registry.npmjs.org/@cloudflare/workers-types/-/workers-types-4.20251014.0.tgz", "integrity": "sha512-tEW98J/kOa0TdylIUOrLKRdwkUw0rvvYVlo+Ce0mqRH3c8kSoxLzUH9gfCvwLe0M89z1RkzFovSKAW2Nwtyn3w==", "dev": true, - "license": "MIT OR Apache-2.0" + "license": "MIT OR Apache-2.0", + "peer": true }, "node_modules/@cspotcode/source-map-support": { "version": "0.8.1", @@ -2280,6 +2282,7 @@ "integrity": "sha512-/g2d4sW9nUDJOMz3mabVQvOGhVa4e/BN/Um7yca9Bb2XTzPPnfTWHWQg+IsEYO7M3Vx+EXvaM/I2pJWIMun1bg==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@octokit/auth-token": "^4.0.0", "@octokit/graphql": "^7.1.0", @@ -3312,6 +3315,7 @@ "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.2.tgz", "integrity": "sha512-6mDvHUFSjyT2B2yeNx2nUgMxh9LtOWvkhIU3uePn2I2oyNymUAX1NIsdgviM4CH+JSrp2D2hsMvJOkxY+0wNRA==", "license": "MIT", + "peer": true, "dependencies": { "csstype": "^3.0.2" } @@ -3449,6 +3453,7 @@ "integrity": "sha512-oukfKT9Mk41LreEW09vt45f8wx7DordoWUZMYdY/cyAk7w5TWkTRCNZYF7sX7n2wB7jyGAl74OxgwhPgKaqDMQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@vitest/utils": "3.2.4", "pathe": "^2.0.3", @@ -3464,6 +3469,7 @@ "integrity": "sha512-dEYtS7qQP2CjU27QBC5oUOxLE/v5eLkGqPE0ZKEIDGMs4vKWe7IjgLOeauHsR0D5YuuycGRO5oSRXnwnmA78fQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@vitest/pretty-format": "3.2.4", "magic-string": "^0.30.17", @@ -3492,6 +3498,7 @@ "integrity": "sha512-hGISOaP18plkzbWEcP/QvtRW1xDXF2+96HbEX6byqQhAUbiS5oH6/9JwW+QsQCIYON2bI6QZBF+2PvOmrRZ9wA==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@vitest/utils": "3.2.4", "fflate": "^0.8.2", @@ -3713,6 +3720,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "baseline-browser-mapping": "^2.8.19", "caniuse-lite": "^1.0.30001751", @@ -4965,7 +4973,6 @@ "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", "license": "MIT", - "peer": true, "dependencies": { "js-tokens": "^3.0.0 || ^4.0.0" }, @@ -6043,7 +6050,6 @@ "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", "license": "MIT", - "peer": true, "engines": { "node": ">=0.10.0" } @@ -6465,6 +6471,7 @@ "resolved": "https://registry.npmjs.org/react/-/react-19.2.0.tgz", "integrity": "sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ==", "license": "MIT", + "peer": true, "engines": { "node": ">=0.10.0" } @@ -6486,8 +6493,7 @@ "version": "16.13.1", "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==", - "license": "MIT", - "peer": true + "license": "MIT" }, "node_modules/react-katex": { "version": "3.1.0", @@ -6672,6 +6678,7 @@ "integrity": "sha512-iMmuD72XXLf26Tqrv1cryNYLX6NNPLhZ3AmNkSf8+xda0H+yijjGJ+wVT9UdBUHOpKzq9RjKtQKRCWoEKQQBZQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@oxc-project/types": "=0.95.0", "@rolldown/pluginutils": "1.0.0-beta.45" @@ -7332,6 +7339,7 @@ "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "dev": true, "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, @@ -7500,6 +7508,7 @@ "integrity": "sha512-ytQKuwgmrrkDTFP4LjR0ToE2nqgy886GpvRSpU0JAnrdBYppuY5rLkRUYPU1yCryb24SsKBTL/hlDQAEFVwtZg==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "esbuild": "~0.25.0", "get-tsconfig": "^4.7.5" @@ -7696,6 +7705,7 @@ "integrity": "sha512-Wj7/AMtE9MRnAXa6Su3Lk0LNCfqDYgfwVjwRFVum9U7wsto1imuHqk4kTm7Jni+5A0Hn7dttL6O/zjvUvoo+8A==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "defu": "^6.1.4", "exsolve": "^1.0.7", @@ -7914,6 +7924,7 @@ "integrity": "sha512-ZWyE8YXEXqJrrSLvYgrRP7p62OziLW7xI5HYGWFzOvupfAlrLvURSzv/FyGyy0eidogEM3ujU+kUG1zuHgb6Ug==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", @@ -8030,6 +8041,7 @@ "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "dev": true, "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, @@ -8043,6 +8055,7 @@ "integrity": "sha512-LUCP5ev3GURDysTWiP47wRRUpLKMOfPh+yKTx3kVIEiu5KOMeqzpnYNsKyOoVrULivR8tLcks4+lga33Whn90A==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@types/chai": "^5.2.2", "@vitest/expect": "3.2.4", @@ -8198,6 +8211,7 @@ "dev": true, "hasInstallScript": true, "license": "Apache-2.0", + "peer": true, "bin": { "workerd": "bin/workerd" }, @@ -8726,6 +8740,7 @@ "integrity": "sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg==", "devOptional": true, "license": "MIT", + "peer": true, "engines": { "node": ">=10.0.0" }, @@ -8808,7 +8823,7 @@ }, "packages/sandbox": { "name": "@cloudflare/sandbox", - "version": "0.4.13", + "version": "0.4.14", "license": "ISC", "dependencies": { "@cloudflare/containers": "^0.0.30" diff --git a/packages/sandbox/CHANGELOG.md b/packages/sandbox/CHANGELOG.md index 7d395242..bc847e9a 100644 --- a/packages/sandbox/CHANGELOG.md +++ b/packages/sandbox/CHANGELOG.md @@ -1,5 +1,21 @@ # @cloudflare/sandbox +## 0.4.14 + +### Patch Changes + +- [#172](https://github.com/cloudflare/sandbox-sdk/pull/172) [`1bf3576`](https://github.com/cloudflare/sandbox-sdk/commit/1bf35768b02532c77df6f30a2f2eb08cb2b12115) Thanks [@threepointone](https://github.com/threepointone)! - Update dependencies + +- [#176](https://github.com/cloudflare/sandbox-sdk/pull/176) [`7edbfa9`](https://github.com/cloudflare/sandbox-sdk/commit/7edbfa906668d75f540527f50b52483dc787192c) Thanks [@ghostwriternr](https://github.com/ghostwriternr)! - Add cache mounts to Dockerfile for faster builds + + Adds cache mounts for npm, apt, and pip package managers in the Dockerfile. This speeds up Docker image builds when dependencies change, particularly beneficial for users building from source. + +- [#172](https://github.com/cloudflare/sandbox-sdk/pull/172) [`1bf3576`](https://github.com/cloudflare/sandbox-sdk/commit/1bf35768b02532c77df6f30a2f2eb08cb2b12115) Thanks [@threepointone](https://github.com/threepointone)! - Fix type generation + + We inline types from `@repo/shared` so that it includes the types we reexport. Fixes #165 + +- [#175](https://github.com/cloudflare/sandbox-sdk/pull/175) [`77cb937`](https://github.com/cloudflare/sandbox-sdk/commit/77cb93762a619523758f769a10509e665ca819fe) Thanks [@ghostwriternr](https://github.com/ghostwriternr)! - Move .connect to .wsConnect within DO stub + ## 0.4.13 ### Patch Changes @@ -37,7 +53,6 @@ This adds a new `exists()` method to the SDK that checks whether a file or directory exists at a given path. The method returns a boolean indicating existence, similar to Python's `os.path.exists()` and JavaScript's `fs.existsSync()`. The implementation is end-to-end: - - New `FileExistsResult` and `FileExistsRequest` types in shared package - Handler endpoint at `/api/exists` in container layer - Client method in `FileClient` and `Sandbox` classes @@ -136,50 +151,47 @@ Implements PID namespace isolation to protect control plane processes (Jupyter, Bun) from sandboxed code. Commands executed via `exec()` now run in isolated namespaces that cannot see or interact with system processes. **Key security improvements:** - - Control plane processes are hidden from sandboxed commands - Platform secrets in `/proc/1/environ` are inaccessible - Ports 8888 (Jupyter) and 3000 (Bun) are protected from hijacking **Breaking changes:** - 1. **Removed `sessionId` parameter**: The `sessionId` parameter has been removed from all methods (`exec()`, `execStream()`, `startProcess()`, etc.). Each sandbox now maintains its own persistent session automatically. ```javascript // Before: manual session management - await sandbox.exec("cd /app", { sessionId: "my-session" }); + await sandbox.exec('cd /app', { sessionId: 'my-session' }); // After: automatic session per sandbox - await sandbox.exec("cd /app"); + await sandbox.exec('cd /app'); ``` 2. **Commands now maintain state**: Commands within the same sandbox now share state (working directory, environment variables, background processes). Previously each command was stateless. ```javascript // Before: each exec was independent - await sandbox.exec("cd /app"); - await sandbox.exec("pwd"); // Output: /workspace + await sandbox.exec('cd /app'); + await sandbox.exec('pwd'); // Output: /workspace // After: state persists in session - await sandbox.exec("cd /app"); - await sandbox.exec("pwd"); // Output: /app + await sandbox.exec('cd /app'); + await sandbox.exec('pwd'); // Output: /app ``` **Migration guide:** - - Remove `sessionId` from all method calls - each sandbox maintains its own session - If you need isolated execution contexts within the same sandbox, use `sandbox.createSession()`: ```javascript // Create independent sessions with different environments const buildSession = await sandbox.createSession({ - name: "build", - env: { NODE_ENV: "production" }, - cwd: "/build", + name: 'build', + env: { NODE_ENV: 'production' }, + cwd: '/build' }); const testSession = await sandbox.createSession({ - name: "test", - env: { NODE_ENV: "test" }, - cwd: "/test", + name: 'test', + env: { NODE_ENV: 'test' }, + cwd: '/test' }); ``` - Environment variables set in one command persist to the next diff --git a/packages/sandbox/package.json b/packages/sandbox/package.json index 410fdd17..9d5161b0 100644 --- a/packages/sandbox/package.json +++ b/packages/sandbox/package.json @@ -1,6 +1,6 @@ { "name": "@cloudflare/sandbox", - "version": "0.4.13", + "version": "0.4.14", "repository": { "type": "git", "url": "https://github.com/cloudflare/sandbox-sdk" diff --git a/packages/sandbox/src/version.ts b/packages/sandbox/src/version.ts index 504bb63d..1115aa76 100644 --- a/packages/sandbox/src/version.ts +++ b/packages/sandbox/src/version.ts @@ -3,4 +3,4 @@ * This file is auto-updated by .github/changeset-version.ts during releases * DO NOT EDIT MANUALLY - Changes will be overwritten on the next version bump */ -export const SDK_VERSION = '0.4.13'; +export const SDK_VERSION = '0.4.14'; diff --git a/tests/e2e/test-worker/Dockerfile b/tests/e2e/test-worker/Dockerfile index 2dfd9302..0b599b60 100644 --- a/tests/e2e/test-worker/Dockerfile +++ b/tests/e2e/test-worker/Dockerfile @@ -1,5 +1,5 @@ # Integration test Dockerfile -FROM docker.io/cloudflare/sandbox-test:0.4.13 +FROM docker.io/cloudflare/sandbox-test:0.4.14 # Expose ports used for testing EXPOSE 8080 diff --git a/tests/integration/Dockerfile b/tests/integration/Dockerfile index 498a4162..f38075f9 100644 --- a/tests/integration/Dockerfile +++ b/tests/integration/Dockerfile @@ -1,12 +1,12 @@ # This image is unique to this repo, and you'll never need it. # Whenever you're integrating with sandbox SDK in your own project, # you should use the official image instead: -# FROM docker.io/cloudflare/sandbox:0.4.13 -FROM cloudflare/sandbox-test:0.4.13 +# FROM docker.io/cloudflare/sandbox:0.4.14 +FROM cloudflare/sandbox-test:0.4.14 # On a mac, you might need to actively pick up the # arm64 build of the image. -# FROM --platform=linux/arm64 cloudflare/sandbox-test:0.4.13 +# FROM --platform=linux/arm64 cloudflare/sandbox-test:0.4.14 # Expose the ports you want to expose EXPOSE 8080