@cloudflare/[email protected]

Patch Changes

• #71 fb3c9c2 Thanks @ghostwriternr! - Bump containers package version

• #70 e1fa354 Thanks @ghostwriternr! - Fix escaped quotes in file write operations

• #68 69b91d1 Thanks @CyrusNuevoDia! - Configurable timeouts via environment variables in isolation.ts

• #66 eca93b9 Thanks @peterp! - Determine if the port is specified in the URL.

@cloudflare/[email protected]

Minor Changes

• #59 b6757f7 Thanks @ghostwriternr! - Add process isolation for sandbox commands

  Implements PID namespace isolation to protect control plane processes (Jupyter, Bun) from sandboxed code. Commands executed via exec() now run in isolated namespaces that cannot see or interact with system processes.

  Key security improvements:

  • Control plane processes are hidden from sandboxed commands
  • Platform secrets in /proc/1/environ are inaccessible
  • Ports 8888 (Jupyter) and 3000 (Bun) are protected from hijacking

  Breaking changes:

  1. Removed sessionId parameter: The sessionId parameter has been removed from all methods (exec(), execStream(), startProcess(), etc.). Each sandbox now maintains its own persistent session automatically.

     // Before: manual session management
     await sandbox.exec("cd /app", { sessionId: "my-session" });
     
     // After: automatic session per sandbox
     await sandbox.exec("cd /app");

  2. Commands now maintain state: Commands within the same sandbox now share state (working directory, environment variables, background processes). Previously each command was stateless.

     // Before: each exec was independent
     await sandbox.exec("cd /app");
     await sandbox.exec("pwd"); // Output: /workspace
     
     // After: state persists in session
     await sandbox.exec("cd /app");
     await sandbox.exec("pwd"); // Output: /app

  Migration guide:

  • Remove sessionId from all method calls - each sandbox maintains its own session
  • If you need isolated execution contexts within the same sandbox, use sandbox.createSession():

    // Create independent sessions with different environments
    const buildSession = await sandbox.createSession({
      name: "build",
      env: { NODE_ENV: "production" },
      cwd: "/build",
    });
    const testSession = await sandbox.createSession({
      name: "test",
      env: { NODE_ENV: "test" },
      cwd: "/test",
    });

  • Environment variables set in one command persist to the next
  • Background processes remain active until explicitly killed
  • Requires CAP_SYS_ADMIN (available in production, falls back gracefully in dev)

Patch Changes

• #62 4bedc3a Thanks @ghostwriternr! - Fix broken build due to bun lockfile not being used

@cloudflare/[email protected]

Patch Changes

• #57 12bbd12 Thanks @ghostwriternr! - Add listFiles method

@cloudflare/[email protected]

Patch Changes

• #53 c87db11 Thanks @ghostwriternr! - Improve jupyterlab config to speed up startup

@cloudflare/[email protected]

Patch Changes

• #51 4aceb32 Thanks @ghostwriternr! - Handle intermittent interpreter failures and decouple jupyter startup

@cloudflare/[email protected]

Patch Changes

• #49 d81d2a5 Thanks @ghostwriternr! - Implement code interpreter API

@cloudflare/[email protected]

Minor Changes

• #47 8a93d0c Thanks @ghostwriternr! - Change default directory to a clean /workspace

@cloudflare/[email protected]

Patch Changes

• #46 7de28be Thanks @ghostwriternr! - Update README

• #44 215ab49 Thanks @ghostwriternr! - Update example to use env & cwd

• #42 bb72193 Thanks @jonasnobile! - Propagate cwd and env options in executeCommand

• #27 fd5ec7f Thanks @threepointone! - remove yarn and pnpm from the image

@cloudflare/[email protected]

Patch Changes

• #32 1a42464 Thanks @ghostwriternr! - Bring back package README

@cloudflare/[email protected]

Patch Changes

• #30 30e5c25 Thanks @ghostwriternr! - Remove actions timeout

• #29 d78508f Thanks @ghostwriternr! - Create multi-platform Docker image and switch to Cloudflare official repo