(fn: (runner: PiSandboxRunner) => Promise<T>)
| 431 | * so secrets handed to one command never leak into the next. |
| 432 | */ |
| 433 | export async function withPiSandbox<T>(fn: (runner: PiSandboxRunner) => Promise<T>): Promise<T> { |
| 434 | const sandbox = await createE2BSandbox('pi') |
| 435 | const sandboxId = sandbox.sandboxId |
| 436 | logger.info('Started Pi sandbox', { sandboxId }) |
| 437 | |
| 438 | const runner: PiSandboxRunner = { |
| 439 | run: async (command, options) => { |
| 440 | try { |
| 441 | const result = await sandbox.commands.run(command, { |
| 442 | envs: { ...(options.envs ?? {}), PATH: PI_SANDBOX_PATH }, |
| 443 | timeoutMs: options.timeoutMs, |
| 444 | user: 'root', |
| 445 | onStdout: options.onStdout, |
| 446 | onStderr: options.onStderr, |
| 447 | }) |
| 448 | return { stdout: result.stdout, stderr: result.stderr, exitCode: result.exitCode } |
| 449 | } catch (error) { |
| 450 | const failure = error as { |
| 451 | stdout?: string |
| 452 | stderr?: string |
| 453 | message?: string |
| 454 | exitCode?: number |
| 455 | } |
| 456 | return { |
| 457 | stdout: failure.stdout ?? '', |
| 458 | stderr: failure.stderr ?? failure.message ?? getErrorMessage(error), |
| 459 | exitCode: failure.exitCode ?? 1, |
| 460 | } |
| 461 | } |
| 462 | }, |
| 463 | readFile: (path) => sandbox.files.read(path), |
| 464 | writeFile: async (path, content) => { |
| 465 | await sandbox.files.write(path, content) |
| 466 | }, |
| 467 | } |
| 468 | |
| 469 | try { |
| 470 | return await fn(runner) |
| 471 | } finally { |
| 472 | try { |
| 473 | await sandbox.kill() |
| 474 | } catch {} |
| 475 | } |
| 476 | } |
no test coverage detected