[ { "path": ".devcontainer/Dockerfile", "content": "FROM buildpack-deps:jammy-curl\n\nARG TARGETARCH\n\n# common tools\nRUN apt update && export DEBIAN_FRONTEND=noninteractive \\\n && apt -y install --no-install-recommends apt-utils vim htop telnet socat expect-dev tini psmisc libgit2-dev \\\n python3 python3-pip libx11-dev libxtst-dev libxext-dev libxrandr-dev libxinerama-dev libxi-dev \\\n libx11-6 libxrandr2 libxext6 libxrender1 libxfixes3 libxss1 libxtst6 libxi6 \\\n xvfb x11vnc novnc xfce4 xfce4-terminal dbus-x11 dnsmasq gettext-base\n\n# build tools\nRUN apt update && export DEBIAN_FRONTEND=noninteractive \\\n && apt -y install --no-install-recommends openjdk-11-jdk protobuf-compiler libprotobuf-dev\n\n# Mount-s3 (AWS S3 FUSE driver)\nRUN /bin/bash -c 'apt update && export DEBIAN_FRONTEND=noninteractive \\\n && apt -y install --no-install-recommends fuse libfuse2 \\\n && MOUNT_S3_ARCH=$([ \"$TARGETARCH\" = \"amd64\" ] && echo \"x86_64\" || echo \"arm64\") \\\n && wget https://s3.amazonaws.com/mountpoint-s3-release/1.20.0/${MOUNT_S3_ARCH}/mount-s3-1.20.0-${MOUNT_S3_ARCH}.deb \\\n && apt install -y ./mount-s3-1.20.0-${MOUNT_S3_ARCH}.deb \\\n && rm -f mount-s3-1.20.0-${MOUNT_S3_ARCH}.deb'\n# Telepresence\nRUN curl -fL https://app.getambassador.io/download/tel2oss/releases/download/v2.17.0/telepresence-linux-${TARGETARCH} -o /usr/local/bin/telepresence && \\\n chmod a+x /usr/local/bin/telepresence\n\nRUN echo \"address=/proxy.localhost/127.0.0.1\" >> /etc/dnsmasq.conf\n\nCMD [\"sh\", \"-c\", \"service dnsmasq start && echo 'nameserver 127.0.0.1' > /etc/resolv.conf && tail -f /dev/null\"]" }, { "path": ".devcontainer/buildkitd.toml", "content": "insecure-entitlements = [ \"network.host\", \"security.insecure\" ]\n\n[registry.\"registry:5000\"]\n http = true\n insecure = true" }, { "path": ".devcontainer/devcontainer.build.json", "content": "{\n // Duplicate of devcontainer.json but without docker compose\n // Docker compose is not supported for building and pushing the devcontainer image\n \"name\": \"Daytona\",\n \"build\": {\n \"dockerfile\": \"Dockerfile\",\n \"context\": \".\"\n },\n \"workspaceFolder\": \"/workspaces/daytona\",\n // Configure tool-specific properties.\n \"containerEnv\": {\n \"COREPACK_ENABLE_DOWNLOAD_PROMPT\": \"0\"\n },\n \"remoteEnv\": {\n \"NX_DAEMON\": \"true\",\n \"NODE_ENV\": \"development\",\n \"POETRY_VIRTUALENVS_IN_PROJECT\": \"true\"\n },\n \"customizations\": {\n // Configure properties specific to VS Code.\n \"vscode\": {\n // Add the IDs of extensions you want installed when the container is created.\n \"extensions\": [\n \"dbaeumer.vscode-eslint\",\n \"esbenp.prettier-vscode\",\n \"nrwl.angular-console\",\n \"astro-build.astro-vscode\",\n \"unifiedjs.vscode-mdx\",\n \"timonwong.shellcheck\",\n \"foxundermoon.shell-format\",\n \"cschlosser.doxdocgen\",\n \"ms-python.python\",\n \"ms-toolsai.jupyter\",\n \"bradlc.vscode-tailwindcss\",\n \"shopify.ruby-lsp\",\n \"castwide.solargraph\"\n ],\n \"settings\": {\n \"editor.defaultFormatter\": \"esbenp.prettier-vscode\",\n \"python.defaultInterpreterPath\": \"${containerWorkspaceFolder}/.venv/bin/python\",\n \"python.terminal.activateEnvironment\": true,\n \"python.terminal.activateEnvInCurrentTerminal\": true\n }\n }\n },\n \"features\": {\n \"ghcr.io/devcontainers/features/common-utils:2.5.3\": {\n \"installZsh\": \"true\",\n \"username\": \"daytona\",\n \"uid\": \"1000\",\n \"gid\": \"1000\",\n \"upgradePackages\": \"false\"\n },\n \"ghcr.io/devcontainers/features/docker-in-docker:2.12.2\": {\n \"version\": \"24.0.7\",\n \"moby\": false,\n \"dockerDashComposeVersion\": \"v2\"\n },\n \"ghcr.io/devcontainers/features/go:1.3.2\": {\n \"version\": \"1.23.5\",\n \"golangciLintVersion\": \"1.63.4\"\n },\n \"ghcr.io/devcontainers/features/node:1.6.2\": {\n \"version\": \"22.14.0\",\n \"installYarnUsingApt\": false\n },\n \"ghcr.io/devcontainers/features/ruby:1\": {\n \"version\": \"3.4.5\"\n },\n \"./tools-feature\": {\n \"pipPackages\": [\"poetry==2.1.3\"],\n \"goTools\": [\"github.com/swaggo/swag/cmd/swag@v1.16.4\", \"github.com/mitranim/gow@latest\"]\n }\n },\n \"onCreateCommand\": {\n // \"install-deps\": \"git config --global --add safe.directory ${containerWorkspaceFolder} && yarn\",\n \"env\": \"test -f .env.local || touch .env.local\"\n },\n \"postStartCommand\": \"yarn && poetry lock && poetry install && bundle install\",\n \"postAttachCommand\": \"\",\n \"forwardPorts\": [5556, \"pgadmin:80\", \"registry-ui:5100\", \"maildev:1080\", \"minio:9000\", \"minio:9001\", \"jaeger:16686\"],\n // Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.\n \"remoteUser\": \"daytona\"\n}\n" }, { "path": ".devcontainer/devcontainer.json", "content": "{\n \"name\": \"Daytona\",\n \"dockerComposeFile\": \"docker-compose.yaml\",\n \"service\": \"app\",\n \"workspaceFolder\": \"/workspaces/daytona\",\n // Configure tool-specific properties.\n \"containerEnv\": {\n \"COREPACK_ENABLE_DOWNLOAD_PROMPT\": \"0\"\n },\n \"remoteEnv\": {\n \"NX_DAEMON\": \"true\",\n \"NODE_ENV\": \"development\",\n \"POETRY_VIRTUALENVS_IN_PROJECT\": \"true\",\n \"RUBYLIB\": \"${containerWorkspaceFolder}/libs/sdk-ruby/lib:${containerWorkspaceFolder}/libs/api-client-ruby/lib:${containerWorkspaceFolder}/libs/toolbox-api-client-ruby/lib\",\n \"BUNDLE_GEMFILE\": \"${containerWorkspaceFolder}/Gemfile\"\n },\n \"customizations\": {\n // Configure properties specific to VS Code.\n \"vscode\": {\n // Add the IDs of extensions you want installed when the container is created.\n \"extensions\": [\n \"dbaeumer.vscode-eslint\",\n \"esbenp.prettier-vscode\",\n \"nrwl.angular-console\",\n \"astro-build.astro-vscode\",\n \"unifiedjs.vscode-mdx\",\n \"timonwong.shellcheck\",\n \"foxundermoon.shell-format\",\n \"cschlosser.doxdocgen\",\n \"ms-python.python\",\n \"ms-toolsai.jupyter\",\n \"bradlc.vscode-tailwindcss\",\n \"shopify.ruby-lsp\",\n \"castwide.solargraph\"\n ],\n \"settings\": {\n \"editor.defaultFormatter\": \"esbenp.prettier-vscode\",\n \"python.defaultInterpreterPath\": \"${containerWorkspaceFolder}/.venv/bin/python\",\n \"python.terminal.activateEnvironment\": true,\n \"python.terminal.activateEnvInCurrentTerminal\": true\n }\n }\n },\n \"features\": {\n \"ghcr.io/devcontainers/features/common-utils:2.5.3\": {\n \"installZsh\": \"true\",\n \"username\": \"daytona\",\n \"uid\": \"1000\",\n \"gid\": \"1000\",\n \"upgradePackages\": \"false\"\n },\n \"ghcr.io/devcontainers/features/docker-in-docker:2.12.2\": {\n \"version\": \"28.4.0\",\n \"moby\": false,\n \"dockerDashComposeVersion\": \"v2\"\n },\n \"ghcr.io/devcontainers/features/go:1.3.2\": {\n \"version\": \"1.25.4\",\n \"golangciLintVersion\": \"2.6.2\"\n },\n \"ghcr.io/devcontainers/features/node:1.6.2\": {\n \"version\": \"22.14.0\",\n \"installYarnUsingApt\": false\n },\n \"ghcr.io/devcontainers/features/ruby:1\": {\n \"version\": \"3.4.5\"\n },\n \"./tools-feature\": {\n \"pipPackages\": [\n \"poetry==2.1.3\"\n ],\n \"goTools\": [\n \"github.com/swaggo/swag/cmd/swag@v1.16.4\",\n \"github.com/mitranim/gow@latest\",\n \"github.com/princjef/gomarkdoc/cmd/gomarkdoc@v1.1.0\"\n ]\n }\n },\n \"onCreateCommand\": {\n // \"install-deps\": \"git config --global --add safe.directory ${containerWorkspaceFolder} && yarn\",\n \"env\": \"test -f .env.local || touch .env.local\"\n },\n \"postStartCommand\": \"yarn && poetry lock && poetry install && bundle install && docker buildx create --name builder --driver-opt network=host --config .devcontainer/buildkitd.toml --driver docker-container --use\",\n \"postAttachCommand\": \"\",\n \"forwardPorts\": [\n 5556,\n \"pgadmin:80\",\n \"registry-ui:5100\",\n \"maildev:1080\",\n \"minio:9000\",\n \"minio:9001\",\n \"jaeger:16686\"\n ],\n // Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.\n \"remoteUser\": \"daytona\"\n}" }, { "path": ".devcontainer/dex/config.yaml", "content": "# config.yaml\nissuer: http://localhost:5556/dex\nstorage:\n type: memory\nweb:\n http: 0.0.0.0:5556\n allowedOrigins: ['*']\n allowedHeaders: ['x-requested-with']\nstaticClients:\n - id: daytona\n redirectURIs:\n - 'http://localhost:3000'\n - 'http://localhost:3000/api/oauth2-redirect.html'\n - 'http://localhost:3009/callback'\n - 'http://proxy.localhost:4000/callback'\n name: 'Daytona'\n public: true\nenablePasswordDB: true\nstaticPasswords:\n - email: 'dev@daytona.io'\n # password generated with:\n # echo password | htpasswd -BinC 10 admin | cut -d: -f2\n hash: '$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W'\n username: 'admin'\n userID: '1234'\n" }, { "path": ".devcontainer/docker-compose.yaml", "content": "version: '3.8'\n\nservices:\n app:\n build:\n context: .\n dockerfile: Dockerfile\n privileged: true\n volumes:\n - ..:/workspaces/daytona\n\n dex:\n image: dexidp/dex:v2.42.0\n volumes:\n - ./dex/config.yaml:/etc/dex/config.yaml\n command: ['dex', 'serve', '/etc/dex/config.yaml']\n network_mode: service:app\n\n db:\n image: postgres:18\n environment:\n - POSTGRES_PASSWORD=pass\n - POSTGRES_USER=user\n - POSTGRES_DB=application_ctx\n\n pgadmin:\n image: dpage/pgadmin4:9.2.0\n entrypoint: ['sh', '-c', 'chmod 600 /pgpass && exec /entrypoint.sh']\n environment:\n PGADMIN_DEFAULT_EMAIL: dev@daytona.io\n PGADMIN_DEFAULT_PASSWORD: pgadmin\n PGADMIN_CONFIG_SERVER_MODE: 'False'\n PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'\n user: root\n volumes:\n - ./pgadmin4/servers.json:/pgadmin4/servers.json\n - ./pgadmin4/pgpass:/pgpass\n depends_on:\n - db\n\n redis:\n image: redis:latest\n\n registry-ui:\n image: joxit/docker-registry-ui:main\n restart: always\n environment:\n - SINGLE_REGISTRY=true\n - REGISTRY_TITLE=Docker Registry UI\n - DELETE_IMAGES=true\n - SHOW_CONTENT_DIGEST=true\n - NGINX_PROXY_PASS_URL=http://registry:5000\n - SHOW_CATALOG_NB_TAGS=true\n - CATALOG_MIN_BRANCHES=1\n - CATALOG_MAX_BRANCHES=1\n - TAGLIST_PAGE_SIZE=100\n - REGISTRY_SECURED=false\n - CATALOG_ELEMENTS_LIMIT=1000\n\n registry:\n image: registry:2.8.2\n restart: always\n environment:\n REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[http://registry-ui.example.com]'\n REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD,GET,OPTIONS,DELETE]'\n REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'\n REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization,Accept,Cache-Control]'\n REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'\n REGISTRY_STORAGE_DELETE_ENABLED: 'true'\n volumes:\n - registry:/var/lib/registry\n\n maildev:\n image: maildev/maildev\n\n minio:\n image: minio/minio:latest\n environment:\n - MINIO_ROOT_USER=minioadmin\n - MINIO_ROOT_PASSWORD=minioadmin\n - MINIO_IDENTITY_STS_EXPIRY=\"24h\"\n volumes:\n - minio_data:/data\n command: server /data --console-address \":9001\"\n\n jaeger:\n image: jaegertracing/all-in-one:1.74.0\n\n otel-collector:\n image: otel/opentelemetry-collector-contrib:0.138.0\n volumes:\n - ./otel/otel-collector-config.yaml:/etc/otelcol-contrib/config.yaml\n\nvolumes:\n registry: {}\n minio_data: {}\n" }, { "path": ".devcontainer/otel/otel-collector-config.yaml", "content": "receivers:\n otlp:\n protocols:\n grpc:\n endpoint: 0.0.0.0:4317\n http:\n endpoint: 0.0.0.0:4318\n\nprocessors:\n batch:\n\nexporters:\n # Logs to console\n debug:\n verbosity: detailed\n\n # Metrics to Prometheus endpoint\n prometheus:\n endpoint: 0.0.0.0:9090\n namespace: otel\n\n # Traces to Jaeger\n otlp/jaeger:\n endpoint: jaeger:4317\n tls:\n insecure: true\n\nservice:\n pipelines:\n traces:\n receivers: [otlp]\n processors: [batch]\n exporters: [otlp/jaeger]\n\n metrics:\n receivers: [otlp]\n processors: [batch]\n exporters: [prometheus]\n\n logs:\n receivers: [otlp]\n processors: [batch]\n exporters: [debug]\n" }, { "path": ".devcontainer/pgadmin4/pgpass", "content": "db:5432:*:user:pass" }, { "path": ".devcontainer/pgadmin4/servers.json", "content": "{\n \"Servers\": {\n \"1\": {\n \"Name\": \"Daytona\",\n \"Group\": \"Servers\",\n \"Host\": \"db\",\n \"Port\": 5432,\n \"MaintenanceDB\": \"postgres\",\n \"Username\": \"user\",\n \"PassFile\": \"/pgpass\"\n }\n }\n}\n" }, { "path": ".devcontainer/tools-feature/devcontainer-feature.json", "content": "{\n \"name\": \"Development tools\",\n \"id\": \"tools\",\n \"version\": \"1.0.0\",\n \"description\": \"Installs development tools.\",\n \"options\": {\n \"pipPackages\": {\n \"type\": \"array\",\n \"description\": \"List of pip packages to install\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"goTools\": {\n \"type\": \"array\",\n \"description\": \"List of Go tools to install\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"installsAfter\": [\n \"ghcr.io/devcontainers/features/go\",\n \"ghcr.io/devcontainers/features/python\",\n \"ghcr.io/devcontainers/features/ruby\",\n \"ghcr.io/devcontainers/features/docker-in-docker\"\n ]\n}\n" }, { "path": ".devcontainer/tools-feature/install.sh", "content": "#!/bin/bash\n# Copyright 2025 Daytona Platforms Inc.\n# SPDX-License-Identifier: AGPL-3.0\n\nset -e\n\necho \"Installing Python packages and Go tools...\"\n\nUSERNAME=\"${USERNAME:-\"${_REMOTE_USER:-\"automatic\"}\"}\"\n\n# Determine the appropriate non-root user\nif [ \"${USERNAME}\" = \"auto\" ] || [ \"${USERNAME}\" = \"automatic\" ]; then\n USERNAME=\"\"\n POSSIBLE_USERS=(\"vscode\" \"node\" \"codespace\" \"$(awk -v val=1000 -F \":\" '$3==val{print $1}' /etc/passwd)\")\n for CURRENT_USER in \"${POSSIBLE_USERS[@]}\"; do\n if id -u \"${CURRENT_USER}\" > /dev/null 2>&1; then\n USERNAME=${CURRENT_USER}\n break\n fi\n done\n if [ \"${USERNAME}\" = \"\" ]; then\n USERNAME=root\n fi\nelif [ \"${USERNAME}\" = \"none\" ] || ! id -u \"${USERNAME}\" > /dev/null 2>&1; then\n USERNAME=root\nfi\n\nexport GOROOT=\"${TARGET_GOROOT:-\"/usr/local/go\"}\"\nexport GOPATH=\"${TARGET_GOPATH:-\"/go\"}\"\nexport GOCACHE=/tmp/gotools/cache\n\n\nsudo -E -u \"${USERNAME}\" bash -c '\nexport PATH=$GOROOT/bin:$PATH\nexport HOME=/home/${USER}\n\n# Install pip packages\nif [ -n \"$PIPPACKAGES\" ]; then\n echo \"Installing pip packages: $PIPPACKAGES\"\n IFS=',' read -ra PACKAGES <<< \"${PIPPACKAGES}\"\n pip3 install --no-cache-dir \"${PACKAGES[@]}\"\nelse\n echo \"No pip packages specified. Skipping.\"\nfi\n\n# Install Go tools\nif [ -n \"$GOTOOLS\" ]; then\n echo \"Installing Go tools: $GOTOOLS\"\n IFS=',' read -ra TOOLS <<< \"${GOTOOLS}\"\n for tool in \"${TOOLS[@]}\"; do\n go install $tool\n done\nelse\n echo \"No Go tools specified. Skipping.\"\nfi\n'\n\n# Set insecure registry\ncat > /etc/docker/daemon.json <&2\n exit 1\n fi\n if [ \"${{ inputs.install-swag }}\" = \"true\" ] && [ \"${{ inputs.install-go }}\" != \"true\" ]; then\n echo \"Error: install-swag is 'true' but install-go is not 'true'. Please enable install-go when using install-swag.\" >&2\n exit 1\n fi\n\n - uses: actions/setup-go@v5\n if: inputs.install-go == 'true'\n with:\n go-version-file: go.work\n cache: ${{ inputs.go-cache }}\n cache-dependency-path: |\n **/go.sum\n\n - uses: actions/setup-java@v4\n if: inputs.install-java == 'true'\n with:\n java-version: 21\n distribution: 'temurin'\n\n - uses: actions/setup-python@v5\n if: inputs.install-python == 'true'\n with:\n python-version: '3.12'\n\n - uses: ruby/setup-ruby@v1\n if: inputs.install-ruby == 'true'\n with:\n ruby-version: '3.4.5'\n bundler-cache: false\n\n - name: Bundle install\n if: inputs.install-ruby == 'true'\n shell: bash\n run: |\n bundle install\n\n - uses: actions/setup-node@v4\n if: inputs.install-node == 'true'\n with:\n node-version: 22\n\n - name: System dependencies\n shell: bash\n run: |\n sudo apt-get update && sudo apt-get install -y gcc libx11-dev libxtst-dev\n if [[ \"${{ inputs.install-node }}\" == 'true' || \"${{ inputs.run-yarn-install }}\" == 'true' ]]; then\n corepack enable\n fi\n\n - name: Install Poetry\n if: inputs.install-poetry == 'true' && inputs.install-python == 'true'\n shell: bash\n run: |\n python3 -m pip install --upgrade pip\n python3 -m pip install \"poetry==2.1.3\"\n\n - name: Install swag\n if: inputs.install-swag == 'true' && inputs.install-go == 'true'\n shell: bash\n run: go install github.com/swaggo/swag/cmd/swag@v1.16.4\n\n - name: Get yarn cache directory\n if: inputs.run-yarn-install == 'true'\n id: yarn-cache\n shell: bash\n run: echo \"dir=$(yarn config get cacheFolder)\" >> $GITHUB_OUTPUT\n\n - uses: actions/cache@v4\n if: inputs.run-yarn-install == 'true'\n with:\n path: ${{ steps.yarn-cache.outputs.dir }}\n key: yarn-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('yarn.lock') }}\n restore-keys: yarn-${{ runner.os }}-${{ runner.arch }}-\n\n - name: Yarn install\n if: inputs.run-yarn-install == 'true'\n shell: bash\n run: yarn install --immutable\n\n - name: Cache Poetry virtualenv\n if: inputs.run-poetry-install == 'true'\n uses: actions/cache@v4\n with:\n path: .venv\n key: poetry-venv-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('poetry.lock') }}\n restore-keys: poetry-venv-${{ runner.os }}-${{ runner.arch }}-\n\n - name: Poetry install\n if: inputs.run-poetry-install == 'true'\n shell: bash\n run: |\n poetry lock\n poetry install\n\n - name: Go work sync\n if: inputs.run-go-work-sync == 'true'\n shell: bash\n run: |\n GONOSUMDB=github.com/daytonaio/daytona go work sync\n go env -w GOFLAGS=\"-buildvcs=false\"\n" }, { "path": ".github/pull_request_template.md", "content": "## Description\n\nPlease include a summary of the change or the feature being introduced. Include relevant motivation and context. List any dependencies that are required for this change.\n\n## Documentation\n\n- [ ] This change requires a documentation update\n- [ ] I have made corresponding changes to the documentation\n\n## Related Issue(s)\n\nThis PR addresses issue #X\n\n## Screenshots\n\nIf relevant, please add screenshots.\n\n## Notes\n\nPlease add any relevant notes if necessary.\n" }, { "path": ".github/workflows/build_devcontainer.yaml", "content": "name: 'Build devcontainer image'\non:\n push:\n branches:\n - main\n\njobs:\n build:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout (GitHub)\n uses: actions/checkout@v4\n - name: Set up QEMU for multi-architecture builds\n uses: docker/setup-qemu-action@v3\n - name: Setup Docker buildx for multi-architecture builds\n uses: docker/setup-buildx-action@v3\n with:\n use: true\n - name: Login to GitHub Container Registry\n uses: docker/login-action@v3\n with:\n registry: ghcr.io\n username: ${{ github.repository_owner }}\n password: ${{ secrets.GITHUB_TOKEN }}\n - name: Build and release devcontainer Multi-Platform\n uses: devcontainers/ci@v0.3\n env:\n # see: https://github.com/devcontainers/ci/issues/191#issuecomment-1603857155\n BUILDX_NO_DEFAULT_ATTESTATIONS: true\n with:\n imageName: ghcr.io/daytonaio/daytona-devcontainer\n cacheFrom: ghcr.io/daytonaio/daytona-devcontainer\n platform: linux/amd64,linux/arm64\n imageTag: main,latest\n configFile: .devcontainer/devcontainer.build.json\n" }, { "path": ".github/workflows/default_image_publish.yaml", "content": "name: Default Snapshot Images Publish\n\non:\n workflow_dispatch:\n inputs:\n version:\n description: Version to release (e.g., \"0.1.2\")\n required: true\n default: '0.0.0-dev'\n push_latest:\n description: Push latest tags (disable for rc/pre-release)\n type: boolean\n default: true\n\nenv:\n VERSION: ${{ inputs.version }}\n BUILDX_NO_DEFAULT_ATTESTATIONS: 1\n REGISTRY_IMAGE: daytonaio/sandbox\n\njobs:\n docker_build:\n strategy:\n fail-fast: false\n matrix:\n include:\n - runner: [self-hosted, Linux, ARM64, github-actions-runner-arm]\n platform: linux/arm64\n - runner: [self-hosted, Linux, X64, github-actions-runner-amd64]\n platform: linux/amd64\n\n runs-on: ${{ matrix.runner }}\n\n steps:\n - name: Prepare\n run: |\n platform=${{ matrix.platform }}\n echo \"PLATFORM_PAIR=${platform//\\//-}\" >> $GITHUB_ENV\n\n - name: Checkout code\n uses: actions/checkout@v4\n\n - name: Set up Docker Buildx\n uses: docker/setup-buildx-action@v3\n\n - name: Log in to Docker Hub\n uses: docker/login-action@v3\n with:\n registry: docker.io\n username: daytonaio\n password: ${{ secrets.DOCKER_TOKEN }}\n\n - name: Build and push sandbox by digest\n id: build-sandbox\n uses: docker/build-push-action@v6\n with:\n context: ./images/sandbox\n file: ./images/sandbox/Dockerfile\n platforms: ${{ matrix.platform }}\n tags: ${{ env.REGISTRY_IMAGE }}\n outputs: type=image,push-by-digest=true,name-canonical=true,push=true\n cache-from: type=registry,ref=daytonaio/sandbox:buildcache-${{ env.PLATFORM_PAIR }}\n cache-to: type=registry,ref=daytonaio/sandbox:buildcache-${{ env.PLATFORM_PAIR }},mode=max\n\n - name: Export sandbox digest\n run: |\n mkdir -p ${{ runner.temp }}/digests/sandbox\n digest=\"${{ steps.build-sandbox.outputs.digest }}\"\n touch \"${{ runner.temp }}/digests/sandbox/${digest#sha256:}\"\n\n - name: Build and push sandbox-slim by digest\n id: build-sandbox-slim\n uses: docker/build-push-action@v6\n with:\n context: ./images/sandbox-slim\n file: ./images/sandbox-slim/Dockerfile\n platforms: ${{ matrix.platform }}\n tags: ${{ env.REGISTRY_IMAGE }}\n outputs: type=image,push-by-digest=true,name-canonical=true,push=true\n cache-from: type=registry,ref=daytonaio/sandbox:buildcache-slim-${{ env.PLATFORM_PAIR }}\n cache-to: type=registry,ref=daytonaio/sandbox:buildcache-slim-${{ env.PLATFORM_PAIR }},mode=max\n\n - name: Export sandbox-slim digest\n run: |\n mkdir -p ${{ runner.temp }}/digests/sandbox-slim\n digest=\"${{ steps.build-sandbox-slim.outputs.digest }}\"\n touch \"${{ runner.temp }}/digests/sandbox-slim/${digest#sha256:}\"\n\n - name: Upload sandbox digest\n uses: actions/upload-artifact@v4\n with:\n name: digests-default-${{ env.PLATFORM_PAIR }}\n path: ${{ runner.temp }}/digests/sandbox/*\n if-no-files-found: error\n retention-days: 1\n\n - name: Upload sandbox-slim digest\n uses: actions/upload-artifact@v4\n with:\n name: digests-slim-${{ env.PLATFORM_PAIR }}\n path: ${{ runner.temp }}/digests/sandbox-slim/*\n if-no-files-found: error\n retention-days: 1\n\n docker_manifest:\n needs: docker_build\n runs-on: [self-hosted, Linux, X64, github-actions-runner-amd64]\n\n steps:\n - name: Download sandbox digests\n uses: actions/download-artifact@v4\n with:\n path: ${{ runner.temp }}/digests/sandbox\n pattern: digests-default-*\n merge-multiple: true\n\n - name: Download sandbox-slim digests\n uses: actions/download-artifact@v4\n with:\n path: ${{ runner.temp }}/digests/sandbox-slim\n pattern: digests-slim-*\n merge-multiple: true\n\n - name: Set up Docker Buildx\n uses: docker/setup-buildx-action@v3\n\n - name: Log in to Docker Hub\n uses: docker/login-action@v3\n with:\n registry: docker.io\n username: daytonaio\n password: ${{ secrets.DOCKER_TOKEN }}\n\n - name: Create and push sandbox manifest\n working-directory: ${{ runner.temp }}/digests/sandbox\n run: |\n TAGS=\"-t ${{ env.REGISTRY_IMAGE }}:${{ env.VERSION }}\"\n if [ \"${{ inputs.push_latest }}\" = \"true\" ]; then\n TAGS=\"$TAGS -t ${{ env.REGISTRY_IMAGE }}:latest\"\n fi\n docker buildx imagetools create $TAGS \\\n $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)\n\n - name: Create and push sandbox-slim manifest\n working-directory: ${{ runner.temp }}/digests/sandbox-slim\n run: |\n TAGS=\"-t ${{ env.REGISTRY_IMAGE }}:${{ env.VERSION }}-slim\"\n if [ \"${{ inputs.push_latest }}\" = \"true\" ]; then\n TAGS=\"$TAGS -t ${{ env.REGISTRY_IMAGE }}:latest-slim\"\n fi\n docker buildx imagetools create $TAGS \\\n $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)\n\n - name: Inspect images\n run: |\n docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ env.VERSION }}\n docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ env.VERSION }}-slim\n" }, { "path": ".github/workflows/pr_checks.yaml", "content": "name: '[PR] Validate code'\n\non:\n pull_request:\n branches:\n - main\n\npermissions:\n contents: read\n\nconcurrency:\n # New commit on branch cancels running workflows of the same branch\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: true\n\nenv:\n POETRY_VIRTUALENVS_IN_PROJECT: true\n\njobs:\n go-work:\n name: Go work\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-go@v5\n with:\n go-version-file: go.work\n cache: true\n cache-dependency-path: '**/go.sum'\n - name: go work\n run: |\n GONOSUMDB=github.com/daytonaio/daytona go work sync\n git diff --exit-code -- 'go.work*' '*/go.mod' '*/go.sum' || (echo \"Go workspace files are not up to date! Please run 'go work sync' and commit the changes.\" && exit 1)\n\n cli-docs:\n name: CLI docs\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-node@v4\n with:\n node-version: 22\n - run: corepack enable\n - name: Get yarn cache directory\n id: yarn-cache\n run: echo \"dir=$(yarn config get cacheFolder)\" >> $GITHUB_OUTPUT\n - uses: actions/cache@v4\n with:\n path: ${{ steps.yarn-cache.outputs.dir }}\n key: yarn-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('yarn.lock') }}\n restore-keys: yarn-${{ runner.os }}-${{ runner.arch }}-\n - run: yarn install --immutable\n - name: Check CLI reference docs are up to date\n run: |\n cd apps/docs\n node tools/update-cli-reference.js --local\n git diff --exit-code -- src/content/docs/en/tools/cli.mdx || (echo \"CLI reference docs on the docs site are out of sync! Please run 'cd apps/docs && node tools/update-cli-reference.js --local' and commit the changes.\" && exit 1)\n\n golangci:\n name: Go lint\n runs-on: ubuntu-latest\n strategy:\n matrix:\n working-directory: [apps/daemon, apps/runner, apps/cli, apps/proxy, libs/sdk-go, apps/otel-collector/exporter]\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-go@v5\n with:\n go-version-file: go.work\n cache: true\n cache-dependency-path: '**/go.sum'\n - name: golangci-lint\n uses: golangci/golangci-lint-action@v9\n with:\n version: v2.6.2\n working-directory: ${{ matrix.working-directory }}\n args: --timeout=5m ./...\n - name: format\n run: |\n cd ${{ matrix.working-directory }}\n go fmt ./...\n git diff --exit-code '**/*.go' || (echo \"Code is not formatted! Please run 'go fmt ./...' and commit\" && exit 1)\n\n lint-computer-use:\n name: Go lint (Computer Use)\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-go@v5\n with:\n go-version-file: go.work\n cache: true\n cache-dependency-path: '**/go.sum'\n - name: format\n run: |\n sudo apt-get update && sudo apt-get install -y gcc libx11-dev libxtst-dev\n cd libs/computer-use\n go fmt ./...\n git diff --exit-code '**/*.go' || (echo \"Code is not formatted! Please run 'go fmt ./...' and commit\" && exit 1)\n - name: golangci-lint\n uses: golangci/golangci-lint-action@v9\n with:\n version: v2.6.2\n working-directory: libs/computer-use\n args: --timeout=5m ./...\n\n lint-python:\n name: Python lint\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-python@v5\n with:\n python-version: '3.12'\n - name: Install Dependencies\n run: |\n corepack enable\n python -m pip install --upgrade pip\n pip install \"poetry==2.1.3\"\n poetry install\n - name: Get yarn cache directory\n id: yarn-cache\n run: echo \"dir=$(yarn config get cacheFolder)\" >> $GITHUB_OUTPUT\n - uses: actions/cache@v4\n with:\n path: ${{ steps.yarn-cache.outputs.dir }}\n key: yarn-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('yarn.lock') }}\n restore-keys: yarn-${{ runner.os }}-${{ runner.arch }}-\n - run: yarn install --immutable\n - name: Lint Python Code\n run: |\n source \"$(poetry env info --path)/bin/activate\"\n yarn lint:py\n\n format-lint-api-clients:\n name: Format, lint and generate API clients\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: ./.github/actions/setup-toolchain\n with:\n run-go-work-sync: 'false'\n - name: generate-api-clients\n run: |\n source \"$(poetry env info --path)/bin/activate\"\n go install github.com/princjef/gomarkdoc/cmd/gomarkdoc@v1.1.0\n echo -e 'DEFAULT_PACKAGE_VERSION=0.0.0-dev\\nDEFAULT_GEM_VERSION=0.0.0.pre.dev\\n\\nPYPI_PKG_VERSION=\\nNPM_PKG_VERSION=\\nNPM_TAG=\\nPYPI_TOKEN=\\nNPM_TOKEN=' > .env\n mkdir -p dist/apps/api\n yarn generate:api-client\n yarn lint:fix\n yarn format\n poetry lock\n yarn docs\n GONOSUMDB=github.com/daytonaio/daytona go work sync\n git diff --exit-code || (echo \"Code not formatted or linting errors! Hint: 'yarn generate:api-client', 'yarn lint:fix', 'yarn docs' and commit\" && exit 1)\n\n build:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: ./.github/actions/setup-toolchain\n - name: Build all\n run: |\n source \"$(poetry env info --path)/bin/activate\"\n VERSION=0.0.0-dev yarn build --nxBail=true\n\n license-check:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n\n - name: Check AGPL License Headers\n uses: apache/skywalking-eyes/header@main\n with:\n token: ${{ github.token }}\n config: .licenserc.yaml\n mode: 'check'\n\n - name: Check Apache License Headers\n uses: apache/skywalking-eyes/header@main\n with:\n token: ${{ github.token }}\n config: .licenserc-clients.yaml\n mode: 'check'\n" }, { "path": ".github/workflows/prepare-release.yaml", "content": "name: Prepare Release\n\non:\n workflow_dispatch:\n inputs:\n version:\n description: Version to release (start with \"v\")\n required: true\n default: 'v0.0.0-dev'\n\nenv:\n VERSION: ${{ inputs.version }}\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n\njobs:\n prepare:\n runs-on: ubuntu-latest\n\n steps:\n - name: Checkout code\n uses: actions/checkout@v4\n with:\n fetch-tags: true\n fetch-depth: 0\n\n - uses: ./.github/actions/setup-toolchain\n - uses: dev-hanz-ops/install-gh-cli-action@v0.2.1\n\n - name: Configure git\n run: |\n git config --global --add safe.directory $GITHUB_WORKSPACE\n git config --global user.name \"Daytona Release Bot\"\n git config --global user.email \"daytona-release@users.noreply.github.com\"\n\n - name: Create release branch\n run: |\n git checkout -b prepare-release-${{ inputs.version }}\n\n - name: Prepare release\n run: |\n VERSION=${{ inputs.version }} yarn prepare-release\n\n - name: Push branch and create PR\n run: |\n git push origin prepare-release-${{ inputs.version }}\n gh pr create \\\n --title \"chore: prepare release ${{ inputs.version }}\" \\\n --body \"Automated PR to prepare release ${{ inputs.version }}\" \\\n --base main \\\n --head prepare-release-${{ inputs.version }}\n" }, { "path": ".github/workflows/release.yaml", "content": "name: Release\n\non:\n workflow_dispatch:\n inputs:\n version:\n description: Version to release (start with \"v\")\n required: true\n default: 'v0.0.0-dev'\n\nenv:\n VERSION: ${{ inputs.version }}\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n BUILDX_NO_DEFAULT_ATTESTATIONS: 1\n DAYTONA_API_URL: ${{ secrets.DAYTONA_API_URL }}\n DAYTONA_AUTH0_DOMAIN: ${{ secrets.DAYTONA_AUTH0_DOMAIN }}\n DAYTONA_AUTH0_CLIENT_ID: ${{ secrets.DAYTONA_AUTH0_CLIENT_ID }}\n DAYTONA_AUTH0_CALLBACK_PORT: ${{ secrets.DAYTONA_AUTH0_CALLBACK_PORT }}\n DAYTONA_AUTH0_CLIENT_SECRET: ${{ secrets.DAYTONA_AUTH0_CLIENT_SECRET }}\n DAYTONA_AUTH0_AUDIENCE: ${{ secrets.DAYTONA_AUTH0_AUDIENCE }}\n POETRY_VIRTUALENVS_IN_PROJECT: true\n GONOSUMDB: github.com/daytonaio/daytona\n\njobs:\n publish:\n runs-on: [self-hosted, Linux, X64, github-actions-runner-amd64]\n\n steps:\n - name: Checkout code\n uses: actions/checkout@v4\n with:\n fetch-tags: true\n fetch-depth: 0\n\n - uses: ./.github/actions/setup-toolchain\n with:\n run-go-work-sync: 'false'\n\n - uses: dev-hanz-ops/install-gh-cli-action@v0.2.1\n\n - name: Configure git\n run: |\n git config --global --add safe.directory $GITHUB_WORKSPACE\n git config --global user.name \"Daytona Release Bot\"\n git config --global user.email \"daytona-release@users.noreply.github.com\"\n\n - name: Tag Go modules\n run: |\n git tag libs/api-client-go/${{ inputs.version }}\n git tag libs/toolbox-api-client-go/${{ inputs.version }}\n git tag libs/sdk-go/${{ inputs.version }}\n git push origin libs/api-client-go/${{ inputs.version }} libs/toolbox-api-client-go/${{ inputs.version }} libs/sdk-go/${{ inputs.version }}\n\n - name: Go work sync\n run: |\n GONOSUMDB=github.com/daytonaio/daytona go work sync\n go env -w GOFLAGS=\"-buildvcs=false\"\n\n # Write version to required folders so nx release can run\n - name: Write package.json to required folders\n run: |\n mkdir dist\n echo '{\n \"name\": \"api\",\n \"version\": \"0.0.0\"\n }' > dist/package.json\n echo '{\n \"name\": \"api\",\n \"version\": \"0.0.0\"\n }' > apps/api/package.json\n echo '{\n \"name\": \"dashboard\",\n \"version\": \"0.0.0\"\n }' > apps/dashboard/package.json\n echo '{\n \"name\": \"docs\",\n \"version\": \"0.0.0\"\n }' > apps/docs/package.json\n echo '{\n \"name\": \"runner\",\n \"version\": \"0.0.0\"\n }' > apps/runner/package.json\n\n - name: Create release\n run: yarn nx release ${{ inputs.version }} --skip-publish --verbose\n\n build_projects:\n needs: publish\n runs-on: [self-hosted, Linux, X64, github-actions-runner-amd64]\n\n steps:\n - name: Checkout code\n uses: actions/checkout@v4\n with:\n fetch-tags: true\n fetch-depth: 0\n\n - uses: ./.github/actions/setup-toolchain\n - uses: dev-hanz-ops/install-gh-cli-action@v0.2.1\n\n - name: Install gettext\n run: sudo apt-get install -y gettext\n\n - name: Configure git\n run: |\n git config --global --add safe.directory $GITHUB_WORKSPACE\n git config --global user.name \"Daytona Release Bot\"\n git config --global user.email \"daytona-release@users.noreply.github.com\"\n\n - name: Build projects\n run: |\n source \"$(poetry env info --path)/bin/activate\"\n yarn build:production\n yarn nx build-amd64 runner --configuration=production --nxBail=true\n\n - name: Build runner .deb package\n run: VERSION=\"${VERSION#v}\" yarn nx package-deb runner\n\n - name: Build CLI\n run: |\n cd ./apps/cli\n GOOS=linux GOARCH=amd64 ./hack/build.sh --skip-env-file\n GOOS=linux GOARCH=arm64 ./hack/build.sh --skip-env-file\n GOOS=darwin GOARCH=amd64 ./hack/build.sh --skip-env-file\n GOOS=darwin GOARCH=arm64 ./hack/build.sh --skip-env-file\n GOOS=windows GOARCH=amd64 ./hack/build.sh --skip-env-file\n GOOS=windows GOARCH=arm64 ./hack/build.sh --skip-env-file\n cd ../..\n\n - name: Upload runner to release assets\n run: |\n gh release upload ${{ inputs.version }} dist/apps/runner-amd64#daytona-runner-${{ inputs.version }}-amd64 --clobber\n\n - name: Upload runner .deb to release assets\n run: |\n DEB_VERSION=\"${VERSION#v}\"\n gh release upload ${{ inputs.version }} \"dist/apps/runner-deb/daytona-runner_${DEB_VERSION}_amd64.deb#daytona-runner-${DEB_VERSION}-amd64.deb\" --clobber\n\n - name: Upload daemon to release assets\n run: |\n gh release upload ${{ inputs.version }} dist/apps/daemon-amd64#daytona-daemon-${{ inputs.version }}-amd64 --clobber\n\n - name: Upload CLI to release assets\n run: |\n gh release upload ${{ inputs.version }} dist/apps/cli/daytona-linux-amd64#daytona-cli-${{ inputs.version }}-linux-amd64 --clobber\n gh release upload ${{ inputs.version }} dist/apps/cli/daytona-linux-arm64#daytona-cli-${{ inputs.version }}-linux-arm64 --clobber\n gh release upload ${{ inputs.version }} dist/apps/cli/daytona-darwin-amd64#daytona-cli-${{ inputs.version }}-darwin-amd64 --clobber\n gh release upload ${{ inputs.version }} dist/apps/cli/daytona-darwin-arm64#daytona-cli-${{ inputs.version }}-darwin-arm64 --clobber\n gh release upload ${{ inputs.version }} dist/apps/cli/daytona-windows-amd64.exe#daytona-cli-${{ inputs.version }}-windows-amd64.exe --clobber\n gh release upload ${{ inputs.version }} dist/apps/cli/daytona-windows-arm64.exe#daytona-cli-${{ inputs.version }}-windows-arm64.exe --clobber\n\n - name: Upload computer-use artifact\n uses: actions/upload-artifact@v4\n with:\n name: computer-use-amd64\n path: dist/libs/computer-use-amd64\n retention-days: 1\n overwrite: true\n\n - name: Upload runner artifact\n uses: actions/upload-artifact@v4\n with:\n name: runner-amd64\n path: dist/apps/runner-amd64\n retention-days: 1\n overwrite: true\n\n # Separately build docker images for AMD64 and ARM64\n docker_build:\n needs: build_projects\n runs-on: ${{ matrix.runner }}\n strategy:\n matrix:\n include:\n - runner: [self-hosted, Linux, X64, github-actions-runner-amd64]\n arch: amd64\n - runner: [self-hosted, Linux, ARM64, github-actions-runner-arm]\n arch: arm64\n\n steps:\n - name: Checkout code\n uses: actions/checkout@v4\n with:\n fetch-tags: true\n fetch-depth: 0\n\n - name: Download computer-use artifact\n uses: actions/download-artifact@v4\n with:\n name: computer-use-amd64\n path: dist/libs/\n\n - name: Download runner artifact\n uses: actions/download-artifact@v4\n with:\n name: runner-amd64\n path: dist/apps/\n\n - name: Check artifacts\n run: |\n ls -la dist/libs/\n ls -la dist/apps/\n\n - uses: actions/setup-go@v5\n with:\n go-version-file: go.work\n - uses: actions/setup-node@v4\n with:\n node-version: 22\n\n - name: Generate go.work.sum\n run: GONOSUMDB=github.com/daytonaio/daytona go work sync\n\n - name: Log in to the Container registry\n uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1\n with:\n registry: docker.io\n username: daytonaio\n password: ${{ secrets.DOCKER_TOKEN }}\n\n - name: Set up Docker Buildx\n uses: docker/setup-buildx-action@v3\n\n - name: Project dependencies\n run: corepack enable\n - name: Get yarn cache directory\n id: yarn-cache\n run: echo \"dir=$(yarn config get cacheFolder)\" >> $GITHUB_OUTPUT\n - uses: actions/cache@v4\n with:\n path: ${{ steps.yarn-cache.outputs.dir }}\n key: yarn-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('yarn.lock') }}\n restore-keys: yarn-${{ runner.os }}-${{ runner.arch }}-\n - run: yarn install --immutable\n\n - name: Publish docker images\n run: |\n VERSION=${{ inputs.version }} ARCH=\"-${{ matrix.arch }}\" yarn docker:production\n\n # Push combined manifest\n docker_push_manifest:\n needs: docker_build\n runs-on: ubuntu-latest\n steps:\n - name: Checkout code\n uses: actions/checkout@v4\n - uses: actions/setup-node@v4\n with:\n node-version: 22\n - name: Project dependencies\n run: corepack enable\n - name: Get yarn cache directory\n id: yarn-cache\n run: echo \"dir=$(yarn config get cacheFolder)\" >> $GITHUB_OUTPUT\n - uses: actions/cache@v4\n with:\n path: ${{ steps.yarn-cache.outputs.dir }}\n key: yarn-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('yarn.lock') }}\n restore-keys: yarn-${{ runner.os }}-${{ runner.arch }}-\n - run: yarn install --immutable\n - name: Log in to the Container registry\n uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1\n with:\n registry: docker.io\n username: daytonaio\n password: ${{ secrets.DOCKER_TOKEN }}\n - name: Push manifest\n run: |\n VERSION=${{ inputs.version }} yarn push-manifest\n\n sync_gosum:\n needs: build_projects\n runs-on: [self-hosted, Linux, X64, github-actions-runner-amd64]\n\n steps:\n - name: Checkout code\n uses: actions/checkout@v4\n with:\n fetch-tags: true\n fetch-depth: 0\n\n - uses: actions/setup-go@v5\n with:\n go-version-file: go.work\n - uses: actions/setup-node@v4\n with:\n node-version: 22\n - uses: dev-hanz-ops/install-gh-cli-action@v0.2.1\n\n - name: Configure git\n run: |\n git config --global user.name \"Daytona Release Bot\"\n git config --global user.email \"daytona-release@users.noreply.github.com\"\n\n - name: Project dependencies\n run: corepack enable\n - name: Get yarn cache directory\n id: yarn-cache\n run: echo \"dir=$(yarn config get cacheFolder)\" >> $GITHUB_OUTPUT\n - uses: actions/cache@v4\n with:\n path: ${{ steps.yarn-cache.outputs.dir }}\n key: yarn-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('yarn.lock') }}\n restore-keys: yarn-${{ runner.os }}-${{ runner.arch }}-\n - run: yarn install --immutable\n\n - name: Sync go.sum and create PR\n run: |\n git checkout -b sync-gosum-${{ inputs.version }}\n GONOSUMDB=github.com/daytonaio/daytona go work sync\n if git diff --quiet -- **/go.sum; then\n echo \"No go.sum changes detected; skipping commit and PR creation.\"\n else\n git add **/go.sum\n git commit -s -m \"chore: sync go.sum for ${{ inputs.version }}\"\n git push origin sync-gosum-${{ inputs.version }}\n gh pr create \\\n --title \"chore: sync go.sum for ${{ inputs.version }}\" \\\n --body \"Automated PR to sync go.sum after release ${{ inputs.version }}\" \\\n --base main \\\n --head sync-gosum-${{ inputs.version }}\n fi\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" }, { "path": ".github/workflows/sdk_publish.yaml", "content": "name: SDK and CLI Publish\n\non:\n workflow_dispatch:\n inputs:\n version:\n description: Version to release (start with \"v\")\n required: true\n default: 'v0.0.0-dev'\n pypi_pkg_version:\n description: 'PyPI package version (default: version)'\n required: false\n npm_pkg_version:\n description: 'NPM package version (default: version)'\n required: false\n npm_tag:\n description: 'NPM tag (default: latest)'\n required: false\n default: 'latest'\n rubygems_pkg_version:\n description: 'RubyGems package version (default: version)'\n required: false\n\nenv:\n VERSION: ${{ inputs.version }}\n PYPI_PKG_VERSION: ${{ inputs.pypi_pkg_version || inputs.version}}\n NPM_PKG_VERSION: ${{ inputs.npm_pkg_version || inputs.version}}\n RUBYGEMS_PKG_VERSION: ${{ inputs.rubygems_pkg_version || inputs.version}}\n NPM_TAG: ${{ inputs.npm_tag }}\n NPM_TOKEN: ${{ secrets.NPM_TOKEN }}\n PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}\n RUBYGEMS_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }}\n POETRY_VIRTUALENVS_IN_PROJECT: true\n\njobs:\n publish:\n runs-on: [self-hosted, Linux, X64, github-actions-runner-amd64]\n\n steps:\n - name: Checkout code\n uses: actions/checkout@v4\n with:\n fetch-tags: true\n fetch-depth: 0\n\n - uses: ./.github/actions/setup-toolchain\n with:\n install-swag: 'false'\n - uses: dev-hanz-ops/install-gh-cli-action@v0.2.1\n\n - name: Configure git\n run: |\n git config --global --add safe.directory $GITHUB_WORKSPACE\n git config --global user.name \"Daytona Release Bot\"\n git config --global user.email \"daytona-release@users.noreply.github.com\"\n\n - name: Configure RubyGems credentials\n run: |\n mkdir -p ~/.gem\n echo \"---\" > ~/.gem/credentials\n echo \":rubygems_api_key: $RUBYGEMS_API_KEY\" >> ~/.gem/credentials\n chmod 0600 ~/.gem/credentials\n\n - name: Publish projects\n run: |\n source \"$(poetry env info --path)/bin/activate\"\n yarn publish\n\n update-homebrew-tap:\n if: ${{ inputs.npm_tag == 'latest' }}\n needs: publish\n runs-on: [self-hosted, Linux, X64, github-actions-runner-amd64]\n name: Update Homebrew CLI tap\n steps:\n - name: Update version\n run: |\n curl -f -X POST -H \"Accept: application/vnd.github+json\" \\\n -H \"Authorization: Bearer ${{ secrets.GITHUBBOT_TOKEN }}\" \\\n https://api.github.com/repos/daytonaio/homebrew-cli/dispatches \\\n -d \"{\\\"event_type\\\": \\\"update-version\\\", \\\"client_payload\\\": {\\\"version\\\": \\\"${{ env.VERSION }}\\\"}}\"\n" }, { "path": ".github/workflows/translate.yaml", "content": "name: GT Translate\non:\n push:\n branches: [main]\n\njobs:\n translate:\n runs-on: ubuntu-latest\n if: ${{ github.event.head_commit.author.name != 'github-actions[bot]' && !contains(github.event.head_commit.message, 'gt-translate/') }}\n permissions:\n contents: write\n pull-requests: write\n steps:\n - uses: actions/checkout@v4\n\n - uses: generaltranslation/translate@v0\n with:\n gt_api_key: ${{ secrets.GT_API_KEY }}\n gt_project_id: ${{ secrets.GT_PROJECT_ID }}\n config: 'apps/docs/gt.config.json'\n inline: true\n timeout: 3600\n pr_branch: 'gt-translate/${{ github.ref_name }}'\n" }, { "path": ".gitignore", "content": "# See http://help.github.com/ignore-files/ for more about ignoring files.\n\n# compiled output\ndist\ntmp\nout-tsc\n\n# dependencies\nnode_modules\npackage-lock.json\n\n# IDEs and editors\n/.idea\n.project\n.classpath\n.c9/\n*.launch\n.settings/\n*.sublime-workspace\n.cursor\n\n# IDE - VSCode\n.vscode/*\n!.vscode/settings.json\n!.vscode/tasks.json\n!.vscode/launch.json\n!.vscode/extensions.json\n\n# misc\n/.sass-cache\n/connect.lock\n/coverage\n/libpeerconnection.log\nnpm-debug.log\nyarn-error.log\ntestem.log\n/typings\n\n# System Files\n.DS_Store\nThumbs.db\n\n.nx/cache\n.nx/workspace-data\n\nvite.config.*.timestamp*\nvitest.config.*.timestamp*\n\n# yarn\n# https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored\n.pnp.*\n.yarn/*\n!.yarn/patches\n!.yarn/plugins\n!.yarn/releases\n!.yarn/sdks\n!.yarn/versions\n\n.eslintcache\n.tmp/\n.env.local\n\n# Python package metadata\n*.egg-info/\n*.egg\n*.pyc\n__pycache__/\n\n# Ruby gem artifacts\n*.gem\n**/.bundle/\n**/vendor/bundle\n**/Gemfile.lock\n!/Gemfile.lock\n\nexamples/**/*.png\n\n**/.venv\n**/poetry.lock\n!/poetry.lock\n.astro\n.github/instructions/nx.instructions.md\n\ngo.work.sum\n\n.claude/worktrees" }, { "path": ".golangci.yaml", "content": "version: '2'\nrun:\n build-tags:\n - testing\nlinters:\n settings:\n errcheck:\n exclude-functions:\n - (*github.com/gin-gonic/gin.Context).AbortWithError\n - (*github.com/gin-gonic/gin.Context).Error\n - io.Copy\n - syscall.Syscall\n - (github.com/gliderlabs/ssh.Session).Exit\n - (io.Writer).Write\n exclusions:\n generated: lax\n presets:\n - comments\n - common-false-positives\n - legacy\n - std-error-handling\n paths:\n - third_party$\n - builtin$\n - examples$\nformatters:\n exclusions:\n generated: lax\n paths:\n - third_party$\n - builtin$\n - examples$\n" }, { "path": ".husky/.gitignore", "content": "_\n" }, { "path": ".husky/pre-commit", "content": "#!/bin/sh\n\nyarn lint-staged\n" }, { "path": ".licenserc-clients.yaml", "content": "header:\n license:\n spdx-id: Apache-2.0\n copyright-owner: Daytona Platforms Inc.\n content: |\n Copyright Daytona Platforms Inc.\n SPDX-License-Identifier: Apache-2.0\n pattern: |\n Copyright (\\d{4} )?Daytona Platforms Inc\\.\n SPDX-License-Identifier: Apache-2\\.0\n paths:\n - 'libs/**/*.go'\n - 'libs/**/*.sh'\n - 'libs/**/*.js'\n - 'libs/**/*.ts'\n - 'libs/**/*.tsx'\n - 'libs/**/*.py'\n - 'guides/**/*.py'\n - 'guides/**/*.ts'\n - 'guides/**/*.go'\n - 'guides/**/*.js'\n\n paths-ignore:\n - 'libs/analytics-api-client/**'\n - 'libs/api-client/**'\n - 'libs/runner-api-client/**'\n - 'libs/api-client-go/**'\n - 'libs/api-client-python/**'\n - 'libs/api-client-python-async/**'\n - 'libs/api-client-ruby/**'\n - 'apps/docs/**'\n - 'libs/computer-use/**'\n - 'hack/**'\n - 'libs/toolbox-api-client/**'\n - 'libs/toolbox-api-client-python/**'\n - 'libs/toolbox-api-client-python-async/**'\n - 'libs/toolbox-api-client-ruby/**'\n - 'libs/toolbox-api-client-go/**'\n\n comment: on-failure\n" }, { "path": ".licenserc.yaml", "content": "header:\n license:\n spdx-id: AGPL-3.0\n copyright-owner: Daytona Platforms Inc.\n content: |\n Copyright Daytona Platforms Inc.\n SPDX-License-Identifier: AGPL-3.0\n pattern: |\n Copyright (\\d{4} )?Daytona Platforms Inc\\.\n SPDX-License-Identifier: AGPL-3\\.0\n paths:\n - '**/*.go'\n - '**/*.sh'\n - '**/*.js'\n - '**/*.ts'\n - '**/*.tsx'\n - '**/*.py'\n\n paths-ignore:\n - 'libs/**'\n - '!libs/computer-use/**'\n - 'apps/api/src/generate-openapi.ts'\n - 'apps/runner/pkg/api/docs/docs.go'\n - 'examples/**'\n - 'apps/docs/**'\n - 'hack/**'\n - 'guides/**'\n - 'apps/daemon/pkg/toolbox/docs/docs.go'\n - 'apps/dashboard/public/mockServiceWorker.js'\n\n comment: on-failure\n" }, { "path": ".markdownlint-cli2.jsonc", "content": "{\n \"$schema\": \"https://raw.githubusercontent.com/DavidAnson/markdownlint-cli2/24eb4dce508ab81398d14d75179123fca425f12d/schema/markdownlint-cli2-config-schema.json\",\n \"config\": {\n \"no-emphasis-as-heading\": false,\n \"line-length\": false,\n \"no-inline-html\": false,\n \"first-line-h1\": false,\n \"no-bare-urls\": false,\n \"no-duplicate-heading\": false,\n \"emphasis-style\": {\n \"style\": \"underscore\",\n },\n \"ol-prefix\": false,\n \"fenced-code-language\": false,\n \"single-title\": false,\n \"heading-increment\": false,\n \"table-column-count\": false,\n \"table-pipe-style\": false,\n \"no-empty-links\": false,\n },\n \"ignores\": [\n \"**/node_modules/**\",\n \"**/apps/docs/**\",\n \"**/.venv/**\",\n \"**/libs/toolbox-api-client-go/**\"\n ],\n}" }, { "path": ".npmrc", "content": "# Expose Astro dependencies for \\`pnpm\\` users\nshamefully-hoist=true" }, { "path": ".nxignore", "content": ".claude/\nexamples/" }, { "path": ".prettierignore", "content": "# Add files here to ignore them from prettier formatting\n/dist\n/coverage\n/.nx/cache\n/.nx/workspace-data\n*.md\n\nlibs/*api-client*/**" }, { "path": ".prettierrc", "content": "{\n \"singleQuote\": true,\n \"semi\": false,\n \"tabWidth\": 2,\n \"printWidth\": 120\n}\n" }, { "path": ".rubocop.yml", "content": "AllCops:\n NewCops: enable\n TargetRubyVersion: 3.2\n\nLayout/LineLength:\n AllowedPatterns: ['\\A\\s*#']\n AllowCopDirectives: true\n\nStyle/Documentation:\n Enabled: false\n\nStyle/AccessorGrouping:\n EnforcedStyle: separated\n\n# Relax some metrics for examples\nMetrics/MethodLength:\n Max: 25\n Exclude:\n - 'examples/**/*'\n\nMetrics/AbcSize:\n Max: 25\n Exclude:\n - 'examples/**/*'\n\nMetrics/CyclomaticComplexity:\n Exclude:\n - 'examples/**/*'\n\nMetrics/PerceivedComplexity:\n Exclude:\n - 'examples/**/*'\n\nMetrics/BlockLength:\n Exclude:\n - 'examples/**/*'\n\nMetrics/ClassLength:\n Exclude:\n - 'examples/**/*'\n\n# Examples can use any style for string concatenation\nStyle/StringConcatenation:\n Exclude:\n - 'examples/**/*'\n\n# Examples don't need execute permissions\nLint/ScriptPermission:\n Exclude:\n - 'examples/**/*'\n" }, { "path": ".verdaccio/config.yml", "content": "# path to a directory with all packages\nstorage: ../tmp/local-registry/storage\n\n# a list of other known repositories we can talk to\nuplinks:\n npmjs:\n url: https://registry.npmjs.org/\n maxage: 60m\n\npackages:\n '**':\n # give all users (including non-authenticated users) full access\n # because it is a local registry\n access: $all\n publish: $all\n unpublish: $all\n\n # if package is not available locally, proxy requests to npm registry\n proxy: npmjs\n\n# log settings\nlog:\n type: stdout\n format: pretty\n level: warn\n\npublish:\n allow_offline: true # set offline to true to allow publish offline\n" }, { "path": ".vscode/launch.json", "content": "{\n // Use IntelliSense to learn about possible attributes.\n // Hover to view descriptions of existing attributes.\n // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387\n \"version\": \"0.2.0\",\n \"configurations\": [\n {\n \"command\": \"yarn serve\",\n \"name\": \"Debug\",\n \"request\": \"launch\",\n \"type\": \"node-terminal\"\n },\n {\n \"command\": \"yarn serve:skip-runner\",\n \"name\": \"Debug - Skip Runner\",\n \"request\": \"launch\",\n \"type\": \"node-terminal\"\n },\n {\n \"command\": \"yarn serve:skip-proxy\",\n \"name\": \"Debug - Skip Proxy\",\n \"request\": \"launch\",\n \"type\": \"node-terminal\"\n },\n {\n \"name\": \"Runner\",\n \"type\": \"go\",\n \"request\": \"launch\",\n \"mode\": \"debug\",\n \"program\": \"${workspaceFolder}/apps/runner/cmd/runner\",\n \"console\": \"integratedTerminal\",\n \"envFile\": \"${workspaceFolder}/apps/runner/.env\",\n \"output\": \"${workspaceFolder}/dist/apps/runner\",\n \"preLaunchTask\": \"debug-build-runner\"\n },\n {\n \"name\": \"Daemon\",\n \"type\": \"go\",\n \"request\": \"launch\",\n \"mode\": \"debug\",\n \"program\": \"${workspaceFolder}/apps/daemon/cmd/daemon\",\n \"console\": \"integratedTerminal\",\n \"output\": \"${workspaceFolder}/dist/apps/daemon\"\n },\n {\n \"name\": \"Proxy\",\n \"type\": \"go\",\n \"request\": \"launch\",\n \"mode\": \"debug\",\n \"program\": \"${workspaceFolder}/apps/proxy/cmd/proxy\",\n \"console\": \"integratedTerminal\",\n \"envFile\": [\n \"${workspaceFolder}/apps/proxy/.env\",\n \"${workspaceFolder}/apps/proxy/.env.local\"\n ],\n \"output\": \"${workspaceFolder}/dist/apps/proxy\"\n }\n ]\n}" }, { "path": ".vscode/settings.json", "content": "{\n \"files.watcherExclude\": {\n \"**/libs/api-client*/**\": true\n }\n}\n" }, { "path": ".vscode/tasks.json", "content": "{\n \"version\": \"2.0.0\",\n \"tasks\": [\n {\n \"label\": \"debug-build-runner\",\n \"type\": \"shell\",\n \"command\": \"yarn nx build runner --output-style=stream\",\n \"group\": {\n \"kind\": \"build\",\n \"isDefault\": true\n },\n \"presentation\": {\n \"reveal\": \"silent\"\n },\n \"problemMatcher\": [\"$go\"]\n }\n ]\n}\n" }, { "path": ".yarnrc.yml", "content": "enableInlineHunks: true\n\nnodeLinker: node-modules\n" }, { "path": "CODE_OF_CONDUCT.md", "content": "\n# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nWe as members, contributors, and leaders pledge to make participation in our\ncommunity a harassment-free experience for everyone, regardless of age, body\nsize, visible or invisible disability, ethnicity, sex characteristics, gender\nidentity and expression, level of experience, education, socio-economic status,\nnationality, personal appearance, race, caste, color, religion, or sexual\nidentity and orientation.\n\nWe pledge to act and interact in ways that contribute to an open, welcoming,\ndiverse, inclusive, and healthy community.\n\n## Our Standards\n\nExamples of behavior that contributes to a positive environment for our\ncommunity include:\n\n* Demonstrating empathy and kindness toward other people\n* Being respectful of differing opinions, viewpoints, and experiences\n* Giving and gracefully accepting constructive feedback\n* Accepting responsibility and apologizing to those affected by our mistakes,\n and learning from the experience\n* Focusing on what is best not just for us as individuals, but for the overall\n community\n\nExamples of unacceptable behavior include:\n\n* The use of sexualized language or imagery, and sexual attention or advances of\n any kind\n* Trolling, insulting or derogatory comments, and personal or political attacks\n* Public or private harassment\n* Publishing others' private information, such as a physical or email address,\n without their explicit permission\n* Other conduct which could reasonably be considered inappropriate in a\n professional setting\n\n## Enforcement Responsibilities\n\nCommunity leaders are responsible for clarifying and enforcing our standards of\nacceptable behavior and will take appropriate and fair corrective action in\nresponse to any behavior that they deem inappropriate, threatening, offensive,\nor harmful.\n\nCommunity leaders have the right and responsibility to remove, edit, or reject\ncomments, commits, code, wiki edits, issues, and other contributions that are\nnot aligned to this Code of Conduct, and will communicate reasons for moderation\ndecisions when appropriate.\n\n## Scope\n\nThis Code of Conduct applies within all community spaces, and also applies when\nan individual is officially representing the community in public spaces.\nExamples of representing our community include using an official email address,\nposting via an official social media account, or acting as an appointed\nrepresentative at an online or offline event.\n\n## Enforcement\n\nInstances of abusive, harassing, or otherwise unacceptable behavior may be\nreported to the community leaders responsible for enforcement at\ncodeofconduct@daytona.io.\n\nAll complaints will be reviewed and investigated promptly and fairly.\n\nAll community leaders are obligated to respect the privacy and security of the\nreporter of any incident.\n\n## Enforcement Guidelines\n\nCommunity leaders will follow these Community Impact Guidelines in determining\nthe consequences for any action they deem in violation of this Code of Conduct:\n\n### 1. Correction\n\n**Community Impact**: Use of inappropriate language or other behavior deemed\nunprofessional or unwelcome in the community.\n\n**Consequence**: A private, written warning from community leaders, providing\nclarity around the nature of the violation and an explanation of why the\nbehavior was inappropriate. A public apology may be requested.\n\n### 2. Warning\n\n**Community Impact**: A violation through a single incident or series of\nactions.\n\n**Consequence**: A warning with consequences for continued behavior. No\ninteraction with the people involved, including unsolicited interaction with\nthose enforcing the Code of Conduct, for a specified period of time. This\nincludes avoiding interactions in community spaces as well as external channels\nlike social media. Violating these terms may lead to a temporary or permanent\nban.\n\n### 3. Temporary Ban\n\n**Community Impact**: A serious violation of community standards, including\nsustained inappropriate behavior.\n\n**Consequence**: A temporary ban from any sort of interaction or public\ncommunication with the community for a specified period of time. No public or\nprivate interaction with the people involved, including unsolicited interaction\nwith those enforcing the Code of Conduct, is allowed during this period.\nViolating these terms may lead to a permanent ban.\n\n### 4. Permanent Ban\n\n**Community Impact**: Demonstrating a pattern of violation of community\nstandards, including sustained inappropriate behavior, harassment of an\nindividual, or aggression toward or disparagement of classes of individuals.\n\n**Consequence**: A permanent ban from any sort of public interaction within the\ncommunity.\n\n## Attribution\n\nThis Code of Conduct is adapted from the [Contributor Covenant][homepage],\nversion 2.1, available at\n[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].\n\nCommunity Impact Guidelines were inspired by\n[Mozilla's code of conduct enforcement ladder][Mozilla CoC].\n\nFor answers to common questions about this code of conduct, see the FAQ at\n[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at\n[https://www.contributor-covenant.org/translations][translations].\n\n[homepage]: https://www.contributor-covenant.org\n[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html\n[Mozilla CoC]: https://github.com/mozilla/diversity\n[FAQ]: https://www.contributor-covenant.org/faq\n[translations]: https://www.contributor-covenant.org/translations\n" }, { "path": "CONTRIBUTING.md", "content": "# Contributing to Daytona\n\nThe team at Daytona welcomes contributions from the community. There are many ways to get involved!\n\nThanks for taking the time to contribute! ❤️\n\n> And if you like the project but don't have time to contribute, that's perfectly okay. There are other simple ways to support the project and show your appreciation, which we would greatly appreciate:\n>\n> - Star the project\n> - Tweet about it\n> - Contribute to our [Docs](https://github.com/daytonaio/docs/)\n> - Refer this project in your project's readme\n> - Mention the project at local meetups and tell your friends/colleagues\n\n## Code of Conduct\n\nThis project and everyone participating in it is governed by the\n[Daytona Code of Conduct](https://github.com/daytonaio/daytona?tab=coc-ov-file#readme).\nBy participating, you are expected to uphold this code. Please report unacceptable behavior\nto [info@daytona.io](mailto:info@daytona.io).\n\n## Provide Feedback\n\nYou might find things that can be improved while you are using Daytona. You can help by [submitting an issue](https://github.com/daytonaio/daytona/issues/new) when:\n\n- A new feature or an enhancement to an existing feature will improve the utility or usability of Daytona.\n- Daytona crashes, or you encounter a bug that can only be resolved by restarting Daytona.\n- An error occurs that is unrecoverable, causes Sandbox integrity problems or loss, or generally prevents you from using a Sandbox.\n\nBefore creating a new issue, please confirm that an existing issue doesn't already exist.\n\nWe will then take care of the issue as soon as possible.\n\n## Participate in the Community\n\nYou can engage with our community by:\n\n- Helping other users on [Daytona Community Slack](https://go.daytona.io/slack).\n- Improving [documentation](https://github.com/daytonaio/docs/)\n- Participating in general discussions about development and DevOps\n- Authoring new Daytona Plugins and sharing those Plugins\n- Authoring new dev containers and sharing examples\n\n## Contributing Code\n\nYou can contribute to Daytona by:\n\n- Enhancing current functionality\n- Fixing bugs\n- Adding new features and capabilities\n\nBefore starting your contribution, especially for core features, we encourage you to reach out to us on [Slack](https://go.daytona.io/slack). This allows us to ensure that your proposed feature aligns with the project's roadmap and goals. Developers are the key to making Daytona the best tool it can be, and we value input from the community.\n\nWe look forward to working with you to improve Daytona and make development environments as easy as possible for developers everywhere.\n\n### Steps to Contribute Code\n\nFollow the following steps to ensure your contribution goes smoothly.\n\n1. Read and follow the steps outlined in the [Daytona Contributing Policy](README.md#contributing).\n1. Configure your development environment by either following the guide below.\n1. [Fork](https://help.github.com/articles/working-with-forks/) the GitHub Repository allowing you to make the changes in your own copy of the repository.\n1. Create a [GitHub issue](https://github.com/daytonaio/daytona/issues) if one doesn't exist already.\n1. [Prepare your changes](/PREPARING_YOUR_CHANGES.md) and ensure your commits are descriptive. The document contains an optional commit template, if desired.\n1. Ensure that you sign off on all your commits to comply with the DCO v1.1. We have more details in [Prepare your changes](/PREPARING_YOUR_CHANGES.md).\n1. Ensure to generate new docs after making command related changes, by running `./hack/generate-cli-docs.sh` in the daytona root directory.\n1. Ensure to generate a new API client after making changes related to the API spec, by running `./hack/swagger.sh` in the daytona root directory.\n1. Ensure that you are using `yarn` as the package manager for any Node.js dependencies.\n1. Ensure that you have no lint errors. We use `golangci-lint` as our linter which you can install by following instructions found [here](https://golangci-lint.run/welcome/install/#local-installation) (or simply open Daytona in a Dev Container). You can check for linting errors by running `golangci-lint run` in the root of the project.\n1. Create a pull request on GitHub. If you're new to GitHub, read about [pull requests](https://help.github.com/articles/about-pull-requests/). You are welcome to submit your pull request for commentary or review before it is complete by creating a [draft pull request](https://help.github.com/en/articles/about-pull-requests#draft-pull-requests). Please include specific questions or items you'd like feedback on.\n1. A member of the Daytona team will review your PR within three business days (excluding any holidays) and either merge, comment, and/or assign someone for review.\n1. Work with the reviewer to complete a code review. For each change, create a new commit and push it to make changes to your pull request. When necessary, the reviewer can trigger CI to run tests prior to merging.\n1. Once you believe your pull request is ready to be reviewed, ensure the pull request is no longer a draft by [marking it ready for review](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request).\n1. The reviewer will look over your contribution and either approve it or provide comments letting you know if there is anything left to do. We try to give you the opportunity to make the required changes yourself, but in some cases, we may perform the changes ourselves if it makes sense to (minor changes or for urgent issues). We do our best to review PRs promptly, but complex changes could require more time.\n1. After completing your review, a Daytona team member will trigger merge to run all tests. Upon passing, your change will be merged into `main`, and your pull requests will be closed. All merges to `main` create a new release, and all final changes are attributed to you.\n\nNote: In some cases, we might decide that a PR should be closed without merging. We'll make sure to provide clear reasoning when this happens.\n\n### Coding Style and Conventions\n\nTo make the code base consistent, we follow a few guidelines and conventions listed below.\n\nIt is possible that the code base does not currently comply with all these guidelines.\nWhile working on a PR, if you see something that can be refactored to comply, go ahead, but keep in mind that we are not looking for massive PRs that only address that.\n\nAPI and service method conventions:\n\n1. Avoid using model names in service methods\n - e.g. `Create` instead of `CreateSandbox`, `Find` instead of `FindSandbox`\n1. Use appropriate verbs in the UI\n - e.g. `Create API Key` instead of `Generate API Key` since the method is called `Create`\n1. Refer to the table below for a connection between API and service methods\n\n| HTTP Method | Controller / Service / Store |\n| ----------- | ---------------------------- |\n| POST | Create or Update |\n| DELETE | Delete |\n| PUT | Save |\n| GET | Find or List |\n\n#### What Does Contributing Mean for You?\n\nHere is what being a contributor means for you:\n\n- License all our contributions to the project under the AGPL 3.0 License or the Apache 2.0 License\n- Have the legal rights to license our contributions ourselves, or get permission to license them from our employers, clients, or others who may have them\n\nFor more information, see the [README](README.md) and feel free to reach out to us on [Slack](https://go.daytona.io/slack).\n" }, { "path": "COPYRIGHT", "content": "Copyrights in the Daytona software are retained by their contributors.\nNo copyright assignment is required to contribute to Daytona software.\n\nWhen we refer to the 'Daytona software authors', we mean anyone who\nhas contributed to this repository.\n\nUnless otherwise noted, such as with a LICENSE file in a directory, or a\nspecific copyright notice on a file, all files in this repository are\nlicensed under the AGPL 3.0 license.\n" }, { "path": "Gemfile", "content": "# frozen_string_literal: true\n\nsource 'https://rubygems.org'\n\n# Local gems from libs\ngem 'daytona_api_client', '>= 0.0.0.pre.dev', path: 'libs/api-client-ruby'\ngem 'daytona_toolbox_api_client', '>= 0.0.0.pre.dev', path: 'libs/toolbox-api-client-ruby'\ngem 'daytona', '>= 0.0.0.pre.dev', path: 'libs/sdk-ruby'\n\n# Shared development dependencies\ngroup :development do\n gem 'pry', '~> 0.15'\n gem 'pry-byebug'\n gem 'rake', '~> 13.0'\n gem 'rspec', '~> 3.6', '>= 3.6.0'\n gem 'rubocop', '1.84.2'\n gem 'rubocop-rake', '~> 0.7'\n gem 'solargraph', '~> 0.57'\n gem 'webmock', '~> 3.25'\n gem 'yard-markdown', '~> 0.5.0'\nend\n" }, { "path": "Gemfile.lock", "content": "PATH\n remote: libs/api-client-ruby\n specs:\n daytona_api_client (0.0.0.pre.dev)\n typhoeus (~> 1.0, >= 1.0.1)\n\nPATH\n remote: libs/sdk-ruby\n specs:\n daytona (0.0.0.pre.dev)\n aws-sdk-s3 (~> 1.0)\n daytona_api_client (= 0.0.0.pre.dev)\n daytona_toolbox_api_client (= 0.0.0.pre.dev)\n dotenv (~> 2.0)\n opentelemetry-exporter-otlp (~> 0.29)\n opentelemetry-exporter-otlp-metrics (~> 0.1)\n opentelemetry-metrics-sdk (~> 0.2)\n opentelemetry-sdk (~> 1.4)\n toml (~> 0.3)\n websocket-client-simple (~> 0.6)\n\nPATH\n remote: libs/toolbox-api-client-ruby\n specs:\n daytona_toolbox_api_client (0.0.0.pre.dev)\n typhoeus (~> 1.0, >= 1.0.1)\n\nGEM\n remote: https://rubygems.org/\n specs:\n addressable (2.8.8)\n public_suffix (>= 2.0.2, < 8.0)\n ast (2.4.3)\n aws-eventstream (1.4.0)\n aws-partitions (1.1209.0)\n aws-sdk-core (3.241.4)\n aws-eventstream (~> 1, >= 1.3.0)\n aws-partitions (~> 1, >= 1.992.0)\n aws-sigv4 (~> 1.9)\n base64\n bigdecimal\n jmespath (~> 1, >= 1.6.1)\n logger\n aws-sdk-kms (1.121.0)\n aws-sdk-core (~> 3, >= 3.241.4)\n aws-sigv4 (~> 1.5)\n aws-sdk-s3 (1.212.0)\n aws-sdk-core (~> 3, >= 3.241.4)\n aws-sdk-kms (~> 1)\n aws-sigv4 (~> 1.5)\n aws-sigv4 (1.12.1)\n aws-eventstream (~> 1, >= 1.0.2)\n backport (1.2.0)\n base64 (0.3.0)\n benchmark (0.5.0)\n bigdecimal (4.0.1)\n byebug (13.0.0)\n reline (>= 0.6.0)\n coderay (1.1.3)\n crack (1.0.1)\n bigdecimal\n rexml\n csv (3.3.5)\n diff-lcs (1.6.2)\n dotenv (2.8.1)\n ethon (0.15.0)\n ffi (>= 1.15.0)\n event_emitter (0.2.6)\n ffi (1.17.3-aarch64-linux-gnu)\n ffi (1.17.3-aarch64-linux-musl)\n ffi (1.17.3-arm-linux-gnu)\n ffi (1.17.3-arm-linux-musl)\n ffi (1.17.3-arm64-darwin)\n ffi (1.17.3-x86_64-darwin)\n ffi (1.17.3-x86_64-linux-gnu)\n ffi (1.17.3-x86_64-linux-musl)\n google-protobuf (4.33.5)\n bigdecimal\n rake (>= 13)\n google-protobuf (4.33.5-aarch64-linux-gnu)\n bigdecimal\n rake (>= 13)\n google-protobuf (4.33.5-aarch64-linux-musl)\n bigdecimal\n rake (>= 13)\n google-protobuf (4.33.5-arm64-darwin)\n bigdecimal\n rake (>= 13)\n google-protobuf (4.33.5-x86_64-darwin)\n bigdecimal\n rake (>= 13)\n google-protobuf (4.33.5-x86_64-linux-gnu)\n bigdecimal\n rake (>= 13)\n google-protobuf (4.33.5-x86_64-linux-musl)\n bigdecimal\n rake (>= 13)\n googleapis-common-protos-types (1.22.0)\n google-protobuf (~> 4.26)\n hashdiff (1.2.1)\n io-console (0.8.2)\n jaro_winkler (1.6.1)\n jmespath (1.6.2)\n json (2.18.0)\n kramdown (2.5.2)\n rexml (>= 3.4.4)\n kramdown-parser-gfm (1.1.0)\n kramdown (~> 2.0)\n language_server-protocol (3.17.0.5)\n lint_roller (1.1.0)\n logger (1.7.0)\n method_source (1.1.0)\n mutex_m (0.3.0)\n nokogiri (1.19.1-aarch64-linux-gnu)\n racc (~> 1.4)\n nokogiri (1.19.1-aarch64-linux-musl)\n racc (~> 1.4)\n nokogiri (1.19.1-arm-linux-gnu)\n racc (~> 1.4)\n nokogiri (1.19.1-arm-linux-musl)\n racc (~> 1.4)\n nokogiri (1.19.1-arm64-darwin)\n racc (~> 1.4)\n nokogiri (1.19.1-x86_64-darwin)\n racc (~> 1.4)\n nokogiri (1.19.1-x86_64-linux-gnu)\n racc (~> 1.4)\n nokogiri (1.19.1-x86_64-linux-musl)\n racc (~> 1.4)\n observer (0.1.2)\n open3 (0.2.1)\n opentelemetry-api (1.7.0)\n opentelemetry-common (0.23.0)\n opentelemetry-api (~> 1.0)\n opentelemetry-exporter-otlp (0.31.1)\n google-protobuf (>= 3.18)\n googleapis-common-protos-types (~> 1.3)\n opentelemetry-api (~> 1.1)\n opentelemetry-common (~> 0.20)\n opentelemetry-sdk (~> 1.10)\n opentelemetry-semantic_conventions\n opentelemetry-exporter-otlp-metrics (0.6.1)\n google-protobuf (>= 3.18, < 5.0)\n googleapis-common-protos-types (~> 1.3)\n opentelemetry-api (~> 1.1)\n opentelemetry-common (~> 0.20)\n opentelemetry-metrics-api (~> 0.2)\n opentelemetry-metrics-sdk (~> 0.5)\n opentelemetry-sdk (~> 1.2)\n opentelemetry-semantic_conventions\n opentelemetry-metrics-api (0.4.0)\n opentelemetry-api (~> 1.0)\n opentelemetry-metrics-sdk (0.11.2)\n opentelemetry-api (~> 1.1)\n opentelemetry-metrics-api (~> 0.2)\n opentelemetry-sdk (~> 1.2)\n opentelemetry-registry (0.4.0)\n opentelemetry-api (~> 1.1)\n opentelemetry-sdk (1.10.0)\n opentelemetry-api (~> 1.1)\n opentelemetry-common (~> 0.20)\n opentelemetry-registry (~> 0.2)\n opentelemetry-semantic_conventions\n opentelemetry-semantic_conventions (1.36.0)\n opentelemetry-api (~> 1.0)\n ostruct (0.6.3)\n parallel (1.27.0)\n parser (3.3.10.1)\n ast (~> 2.4.1)\n racc\n parslet (2.0.0)\n prism (1.8.0)\n pry (0.16.0)\n coderay (~> 1.1)\n method_source (~> 1.0)\n reline (>= 0.6.0)\n pry-byebug (3.12.0)\n byebug (~> 13.0)\n pry (>= 0.13, < 0.17)\n public_suffix (7.0.2)\n racc (1.8.1)\n rainbow (3.1.1)\n rake (13.3.1)\n rbs (3.10.2)\n logger\n regexp_parser (2.11.3)\n reline (0.6.3)\n io-console (~> 0.5)\n reverse_markdown (3.0.2)\n nokogiri\n rexml (3.4.4)\n rspec (3.13.2)\n rspec-core (~> 3.13.0)\n rspec-expectations (~> 3.13.0)\n rspec-mocks (~> 3.13.0)\n rspec-core (3.13.6)\n rspec-support (~> 3.13.0)\n rspec-expectations (3.13.5)\n diff-lcs (>= 1.2.0, < 2.0)\n rspec-support (~> 3.13.0)\n rspec-mocks (3.13.7)\n diff-lcs (>= 1.2.0, < 2.0)\n rspec-support (~> 3.13.0)\n rspec-support (3.13.6)\n rubocop (1.84.2)\n json (~> 2.3)\n language_server-protocol (~> 3.17.0.2)\n lint_roller (~> 1.1.0)\n parallel (~> 1.10)\n parser (>= 3.3.0.2)\n rainbow (>= 2.2.2, < 4.0)\n regexp_parser (>= 2.9.3, < 3.0)\n rubocop-ast (>= 1.49.0, < 2.0)\n ruby-progressbar (~> 1.7)\n unicode-display_width (>= 2.4.0, < 4.0)\n rubocop-ast (1.49.0)\n parser (>= 3.3.7.2)\n prism (~> 1.7)\n rubocop-rake (0.7.1)\n lint_roller (~> 1.1)\n rubocop (>= 1.72.1)\n ruby-progressbar (1.13.0)\n solargraph (0.58.2)\n ast (~> 2.4.3)\n backport (~> 1.2)\n benchmark (~> 0.4)\n bundler (>= 2.0)\n diff-lcs (~> 1.4)\n jaro_winkler (~> 1.6, >= 1.6.1)\n kramdown (~> 2.3)\n kramdown-parser-gfm (~> 1.1)\n logger (~> 1.6)\n observer (~> 0.1)\n open3 (~> 0.2.1)\n ostruct (~> 0.6)\n parser (~> 3.0)\n prism (~> 1.4)\n rbs (>= 3.6.1, <= 4.0.0.dev.4)\n reverse_markdown (~> 3.0)\n rubocop (~> 1.76)\n thor (~> 1.0)\n tilt (~> 2.0)\n yard (~> 0.9, >= 0.9.24)\n yard-activesupport-concern (~> 0.0)\n yard-solargraph (~> 0.1)\n thor (1.5.0)\n tilt (2.7.0)\n toml (0.3.0)\n parslet (>= 1.8.0, < 3.0.0)\n typhoeus (1.5.0)\n ethon (>= 0.9.0, < 0.16.0)\n unicode-display_width (3.2.0)\n unicode-emoji (~> 4.1)\n unicode-emoji (4.2.0)\n webmock (3.26.1)\n addressable (>= 2.8.0)\n crack (>= 0.3.2)\n hashdiff (>= 0.4.0, < 2.0.0)\n websocket (1.2.11)\n websocket-client-simple (0.9.0)\n base64\n event_emitter\n mutex_m\n websocket\n yard (0.9.38)\n yard-activesupport-concern (0.0.1)\n yard (>= 0.8)\n yard-markdown (0.5.0)\n csv\n yard\n yard-solargraph (0.1.0)\n yard (~> 0.9)\n\nPLATFORMS\n aarch64-linux\n aarch64-linux-gnu\n aarch64-linux-musl\n arm-linux-gnu\n arm-linux-musl\n arm64-darwin\n x86_64-darwin\n x86_64-linux-gnu\n x86_64-linux-musl\n\nDEPENDENCIES\n daytona (>= 0.0.0.pre.dev)!\n daytona_api_client (>= 0.0.0.pre.dev)!\n daytona_toolbox_api_client (>= 0.0.0.pre.dev)!\n pry (~> 0.15)\n pry-byebug\n rake (~> 13.0)\n rspec (~> 3.6, >= 3.6.0)\n rubocop (= 1.84.2)\n rubocop-rake (~> 0.7)\n solargraph (~> 0.57)\n webmock (~> 3.25)\n yard-markdown (~> 0.5.0)\n\nBUNDLED WITH\n 2.6.9\n" }, { "path": "LICENSE", "content": " GNU AFFERO GENERAL PUBLIC LICENSE\n Version 3, 19 November 2007\n\n Copyright (C) 2007 Free Software Foundation, Inc. \n Everyone is permitted to copy and distribute verbatim copies\n of this license document, but changing it is not allowed.\n\n Preamble\n\n The GNU Affero General Public License is a free, copyleft license for\nsoftware and other kinds of works, specifically designed to ensure\ncooperation with the community in the case of network server software.\n\n The licenses for most software and other practical works are designed\nto take away your freedom to share and change the works. By contrast,\nour General Public Licenses are intended to guarantee your freedom to\nshare and change all versions of a program--to make sure it remains free\nsoftware for all its users.\n\n When we speak of free software, we are referring to freedom, not\nprice. Our General Public Licenses are designed to make sure that you\nhave the freedom to distribute copies of free software (and charge for\nthem if you wish), that you receive source code or can get it if you\nwant it, that you can change the software or use pieces of it in new\nfree programs, and that you know you can do these things.\n\n Developers that use our General Public Licenses protect your rights\nwith two steps: (1) assert copyright on the software, and (2) offer\nyou this License which gives you legal permission to copy, distribute\nand/or modify the software.\n\n A secondary benefit of defending all users' freedom is that\nimprovements made in alternate versions of the program, if they\nreceive widespread use, become available for other developers to\nincorporate. Many developers of free software are heartened and\nencouraged by the resulting cooperation. However, in the case of\nsoftware used on network servers, this result may fail to come about.\nThe GNU General Public License permits making a modified version and\nletting the public access it on a server without ever releasing its\nsource code to the public.\n\n The GNU Affero General Public License is designed specifically to\nensure that, in such cases, the modified source code becomes available\nto the community. It requires the operator of a network server to\nprovide the source code of the modified version running there to the\nusers of that server. Therefore, public use of a modified version, on\na publicly accessible server, gives the public access to the source\ncode of the modified version.\n\n An older license, called the Affero General Public License and\npublished by Affero, was designed to accomplish similar goals. This is\na different license, not a version of the Affero GPL, but Affero has\nreleased a new version of the Affero GPL which permits relicensing under\nthis license.\n\n The precise terms and conditions for copying, distribution and\nmodification follow.\n\n TERMS AND CONDITIONS\n\n 0. Definitions.\n\n \"This License\" refers to version 3 of the GNU Affero General Public License.\n\n \"Copyright\" also means copyright-like laws that apply to other kinds of\nworks, such as semiconductor masks.\n\n \"The Program\" refers to any copyrightable work licensed under this\nLicense. Each licensee is addressed as \"you\". \"Licensees\" and\n\"recipients\" may be individuals or organizations.\n\n To \"modify\" a work means to copy from or adapt all or part of the work\nin a fashion requiring copyright permission, other than the making of an\nexact copy. The resulting work is called a \"modified version\" of the\nearlier work or a work \"based on\" the earlier work.\n\n A \"covered work\" means either the unmodified Program or a work based\non the Program.\n\n To \"propagate\" a work means to do anything with it that, without\npermission, would make you directly or secondarily liable for\ninfringement under applicable copyright law, except executing it on a\ncomputer or modifying a private copy. Propagation includes copying,\ndistribution (with or without modification), making available to the\npublic, and in some countries other activities as well.\n\n To \"convey\" a work means any kind of propagation that enables other\nparties to make or receive copies. Mere interaction with a user through\na computer network, with no transfer of a copy, is not conveying.\n\n An interactive user interface displays \"Appropriate Legal Notices\"\nto the extent that it includes a convenient and prominently visible\nfeature that (1) displays an appropriate copyright notice, and (2)\ntells the user that there is no warranty for the work (except to the\nextent that warranties are provided), that licensees may convey the\nwork under this License, and how to view a copy of this License. If\nthe interface presents a list of user commands or options, such as a\nmenu, a prominent item in the list meets this criterion.\n\n 1. Source Code.\n\n The \"source code\" for a work means the preferred form of the work\nfor making modifications to it. \"Object code\" means any non-source\nform of a work.\n\n A \"Standard Interface\" means an interface that either is an official\nstandard defined by a recognized standards body, or, in the case of\ninterfaces specified for a particular programming language, one that\nis widely used among developers working in that language.\n\n The \"System Libraries\" of an executable work include anything, other\nthan the work as a whole, that (a) is included in the normal form of\npackaging a Major Component, but which is not part of that Major\nComponent, and (b) serves only to enable use of the work with that\nMajor Component, or to implement a Standard Interface for which an\nimplementation is available to the public in source code form. A\n\"Major Component\", in this context, means a major essential component\n(kernel, window system, and so on) of the specific operating system\n(if any) on which the executable work runs, or a compiler used to\nproduce the work, or an object code interpreter used to run it.\n\n The \"Corresponding Source\" for a work in object code form means all\nthe source code needed to generate, install, and (for an executable\nwork) run the object code and to modify the work, including scripts to\ncontrol those activities. However, it does not include the work's\nSystem Libraries, or general-purpose tools or generally available free\nprograms which are used unmodified in performing those activities but\nwhich are not part of the work. For example, Corresponding Source\nincludes interface definition files associated with source files for\nthe work, and the source code for shared libraries and dynamically\nlinked subprograms that the work is specifically designed to require,\nsuch as by intimate data communication or control flow between those\nsubprograms and other parts of the work.\n\n The Corresponding Source need not include anything that users\ncan regenerate automatically from other parts of the Corresponding\nSource.\n\n The Corresponding Source for a work in source code form is that\nsame work.\n\n 2. Basic Permissions.\n\n All rights granted under this License are granted for the term of\ncopyright on the Program, and are irrevocable provided the stated\nconditions are met. This License explicitly affirms your unlimited\npermission to run the unmodified Program. The output from running a\ncovered work is covered by this License only if the output, given its\ncontent, constitutes a covered work. This License acknowledges your\nrights of fair use or other equivalent, as provided by copyright law.\n\n You may make, run and propagate covered works that you do not\nconvey, without conditions so long as your license otherwise remains\nin force. You may convey covered works to others for the sole purpose\nof having them make modifications exclusively for you, or provide you\nwith facilities for running those works, provided that you comply with\nthe terms of this License in conveying all material for which you do\nnot control copyright. Those thus making or running the covered works\nfor you must do so exclusively on your behalf, under your direction\nand control, on terms that prohibit them from making any copies of\nyour copyrighted material outside their relationship with you.\n\n Conveying under any other circumstances is permitted solely under\nthe conditions stated below. Sublicensing is not allowed; section 10\nmakes it unnecessary.\n\n 3. Protecting Users' Legal Rights From Anti-Circumvention Law.\n\n No covered work shall be deemed part of an effective technological\nmeasure under any applicable law fulfilling obligations under article\n11 of the WIPO copyright treaty adopted on 20 December 1996, or\nsimilar laws prohibiting or restricting circumvention of such\nmeasures.\n\n When you convey a covered work, you waive any legal power to forbid\ncircumvention of technological measures to the extent such circumvention\nis effected by exercising rights under this License with respect to\nthe covered work, and you disclaim any intention to limit operation or\nmodification of the work as a means of enforcing, against the work's\nusers, your or third parties' legal rights to forbid circumvention of\ntechnological measures.\n\n 4. Conveying Verbatim Copies.\n\n You may convey verbatim copies of the Program's source code as you\nreceive it, in any medium, provided that you conspicuously and\nappropriately publish on each copy an appropriate copyright notice;\nkeep intact all notices stating that this License and any\nnon-permissive terms added in accord with section 7 apply to the code;\nkeep intact all notices of the absence of any warranty; and give all\nrecipients a copy of this License along with the Program.\n\n You may charge any price or no price for each copy that you convey,\nand you may offer support or warranty protection for a fee.\n\n 5. Conveying Modified Source Versions.\n\n You may convey a work based on the Program, or the modifications to\nproduce it from the Program, in the form of source code under the\nterms of section 4, provided that you also meet all of these conditions:\n\n a) The work must carry prominent notices stating that you modified\n it, and giving a relevant date.\n\n b) The work must carry prominent notices stating that it is\n released under this License and any conditions added under section\n 7. This requirement modifies the requirement in section 4 to\n \"keep intact all notices\".\n\n c) You must license the entire work, as a whole, under this\n License to anyone who comes into possession of a copy. This\n License will therefore apply, along with any applicable section 7\n additional terms, to the whole of the work, and all its parts,\n regardless of how they are packaged. This License gives no\n permission to license the work in any other way, but it does not\n invalidate such permission if you have separately received it.\n\n d) If the work has interactive user interfaces, each must display\n Appropriate Legal Notices; however, if the Program has interactive\n interfaces that do not display Appropriate Legal Notices, your\n work need not make them do so.\n\n A compilation of a covered work with other separate and independent\nworks, which are not by their nature extensions of the covered work,\nand which are not combined with it such as to form a larger program,\nin or on a volume of a storage or distribution medium, is called an\n\"aggregate\" if the compilation and its resulting copyright are not\nused to limit the access or legal rights of the compilation's users\nbeyond what the individual works permit. Inclusion of a covered work\nin an aggregate does not cause this License to apply to the other\nparts of the aggregate.\n\n 6. Conveying Non-Source Forms.\n\n You may convey a covered work in object code form under the terms\nof sections 4 and 5, provided that you also convey the\nmachine-readable Corresponding Source under the terms of this License,\nin one of these ways:\n\n a) Convey the object code in, or embodied in, a physical product\n (including a physical distribution medium), accompanied by the\n Corresponding Source fixed on a durable physical medium\n customarily used for software interchange.\n\n b) Convey the object code in, or embodied in, a physical product\n (including a physical distribution medium), accompanied by a\n written offer, valid for at least three years and valid for as\n long as you offer spare parts or customer support for that product\n model, to give anyone who possesses the object code either (1) a\n copy of the Corresponding Source for all the software in the\n product that is covered by this License, on a durable physical\n medium customarily used for software interchange, for a price no\n more than your reasonable cost of physically performing this\n conveying of source, or (2) access to copy the\n Corresponding Source from a network server at no charge.\n\n c) Convey individual copies of the object code with a copy of the\n written offer to provide the Corresponding Source. This\n alternative is allowed only occasionally and noncommercially, and\n only if you received the object code with such an offer, in accord\n with subsection 6b.\n\n d) Convey the object code by offering access from a designated\n place (gratis or for a charge), and offer equivalent access to the\n Corresponding Source in the same way through the same place at no\n further charge. You need not require recipients to copy the\n Corresponding Source along with the object code. If the place to\n copy the object code is a network server, the Corresponding Source\n may be on a different server (operated by you or a third party)\n that supports equivalent copying facilities, provided you maintain\n clear directions next to the object code saying where to find the\n Corresponding Source. Regardless of what server hosts the\n Corresponding Source, you remain obligated to ensure that it is\n available for as long as needed to satisfy these requirements.\n\n e) Convey the object code using peer-to-peer transmission, provided\n you inform other peers where the object code and Corresponding\n Source of the work are being offered to the general public at no\n charge under subsection 6d.\n\n A separable portion of the object code, whose source code is excluded\nfrom the Corresponding Source as a System Library, need not be\nincluded in conveying the object code work.\n\n A \"User Product\" is either (1) a \"consumer product\", which means any\ntangible personal property which is normally used for personal, family,\nor household purposes, or (2) anything designed or sold for incorporation\ninto a dwelling. In determining whether a product is a consumer product,\ndoubtful cases shall be resolved in favor of coverage. For a particular\nproduct received by a particular user, \"normally used\" refers to a\ntypical or common use of that class of product, regardless of the status\nof the particular user or of the way in which the particular user\nactually uses, or expects or is expected to use, the product. A product\nis a consumer product regardless of whether the product has substantial\ncommercial, industrial or non-consumer uses, unless such uses represent\nthe only significant mode of use of the product.\n\n \"Installation Information\" for a User Product means any methods,\nprocedures, authorization keys, or other information required to install\nand execute modified versions of a covered work in that User Product from\na modified version of its Corresponding Source. The information must\nsuffice to ensure that the continued functioning of the modified object\ncode is in no case prevented or interfered with solely because\nmodification has been made.\n\n If you convey an object code work under this section in, or with, or\nspecifically for use in, a User Product, and the conveying occurs as\npart of a transaction in which the right of possession and use of the\nUser Product is transferred to the recipient in perpetuity or for a\nfixed term (regardless of how the transaction is characterized), the\nCorresponding Source conveyed under this section must be accompanied\nby the Installation Information. But this requirement does not apply\nif neither you nor any third party retains the ability to install\nmodified object code on the User Product (for example, the work has\nbeen installed in ROM).\n\n The requirement to provide Installation Information does not include a\nrequirement to continue to provide support service, warranty, or updates\nfor a work that has been modified or installed by the recipient, or for\nthe User Product in which it has been modified or installed. Access to a\nnetwork may be denied when the modification itself materially and\nadversely affects the operation of the network or violates the rules and\nprotocols for communication across the network.\n\n Corresponding Source conveyed, and Installation Information provided,\nin accord with this section must be in a format that is publicly\ndocumented (and with an implementation available to the public in\nsource code form), and must require no special password or key for\nunpacking, reading or copying.\n\n 7. Additional Terms.\n\n \"Additional permissions\" are terms that supplement the terms of this\nLicense by making exceptions from one or more of its conditions.\nAdditional permissions that are applicable to the entire Program shall\nbe treated as though they were included in this License, to the extent\nthat they are valid under applicable law. If additional permissions\napply only to part of the Program, that part may be used separately\nunder those permissions, but the entire Program remains governed by\nthis License without regard to the additional permissions.\n\n When you convey a copy of a covered work, you may at your option\nremove any additional permissions from that copy, or from any part of\nit. (Additional permissions may be written to require their own\nremoval in certain cases when you modify the work.) You may place\nadditional permissions on material, added by you to a covered work,\nfor which you have or can give appropriate copyright permission.\n\n Notwithstanding any other provision of this License, for material you\nadd to a covered work, you may (if authorized by the copyright holders of\nthat material) supplement the terms of this License with terms:\n\n a) Disclaiming warranty or limiting liability differently from the\n terms of sections 15 and 16 of this License; or\n\n b) Requiring preservation of specified reasonable legal notices or\n author attributions in that material or in the Appropriate Legal\n Notices displayed by works containing it; or\n\n c) Prohibiting misrepresentation of the origin of that material, or\n requiring that modified versions of such material be marked in\n reasonable ways as different from the original version; or\n\n d) Limiting the use for publicity purposes of names of licensors or\n authors of the material; or\n\n e) Declining to grant rights under trademark law for use of some\n trade names, trademarks, or service marks; or\n\n f) Requiring indemnification of licensors and authors of that\n material by anyone who conveys the material (or modified versions of\n it) with contractual assumptions of liability to the recipient, for\n any liability that these contractual assumptions directly impose on\n those licensors and authors.\n\n All other non-permissive additional terms are considered \"further\nrestrictions\" within the meaning of section 10. If the Program as you\nreceived it, or any part of it, contains a notice stating that it is\ngoverned by this License along with a term that is a further\nrestriction, you may remove that term. If a license document contains\na further restriction but permits relicensing or conveying under this\nLicense, you may add to a covered work material governed by the terms\nof that license document, provided that the further restriction does\nnot survive such relicensing or conveying.\n\n If you add terms to a covered work in accord with this section, you\nmust place, in the relevant source files, a statement of the\nadditional terms that apply to those files, or a notice indicating\nwhere to find the applicable terms.\n\n Additional terms, permissive or non-permissive, may be stated in the\nform of a separately written license, or stated as exceptions;\nthe above requirements apply either way.\n\n 8. Termination.\n\n You may not propagate or modify a covered work except as expressly\nprovided under this License. Any attempt otherwise to propagate or\nmodify it is void, and will automatically terminate your rights under\nthis License (including any patent licenses granted under the third\nparagraph of section 11).\n\n However, if you cease all violation of this License, then your\nlicense from a particular copyright holder is reinstated (a)\nprovisionally, unless and until the copyright holder explicitly and\nfinally terminates your license, and (b) permanently, if the copyright\nholder fails to notify you of the violation by some reasonable means\nprior to 60 days after the cessation.\n\n Moreover, your license from a particular copyright holder is\nreinstated permanently if the copyright holder notifies you of the\nviolation by some reasonable means, this is the first time you have\nreceived notice of violation of this License (for any work) from that\ncopyright holder, and you cure the violation prior to 30 days after\nyour receipt of the notice.\n\n Termination of your rights under this section does not terminate the\nlicenses of parties who have received copies or rights from you under\nthis License. If your rights have been terminated and not permanently\nreinstated, you do not qualify to receive new licenses for the same\nmaterial under section 10.\n\n 9. Acceptance Not Required for Having Copies.\n\n You are not required to accept this License in order to receive or\nrun a copy of the Program. Ancillary propagation of a covered work\noccurring solely as a consequence of using peer-to-peer transmission\nto receive a copy likewise does not require acceptance. However,\nnothing other than this License grants you permission to propagate or\nmodify any covered work. These actions infringe copyright if you do\nnot accept this License. Therefore, by modifying or propagating a\ncovered work, you indicate your acceptance of this License to do so.\n\n 10. Automatic Licensing of Downstream Recipients.\n\n Each time you convey a covered work, the recipient automatically\nreceives a license from the original licensors, to run, modify and\npropagate that work, subject to this License. You are not responsible\nfor enforcing compliance by third parties with this License.\n\n An \"entity transaction\" is a transaction transferring control of an\norganization, or substantially all assets of one, or subdividing an\norganization, or merging organizations. If propagation of a covered\nwork results from an entity transaction, each party to that\ntransaction who receives a copy of the work also receives whatever\nlicenses to the work the party's predecessor in interest had or could\ngive under the previous paragraph, plus a right to possession of the\nCorresponding Source of the work from the predecessor in interest, if\nthe predecessor has it or can get it with reasonable efforts.\n\n You may not impose any further restrictions on the exercise of the\nrights granted or affirmed under this License. For example, you may\nnot impose a license fee, royalty, or other charge for exercise of\nrights granted under this License, and you may not initiate litigation\n(including a cross-claim or counterclaim in a lawsuit) alleging that\nany patent claim is infringed by making, using, selling, offering for\nsale, or importing the Program or any portion of it.\n\n 11. Patents.\n\n A \"contributor\" is a copyright holder who authorizes use under this\nLicense of the Program or a work on which the Program is based. The\nwork thus licensed is called the contributor's \"contributor version\".\n\n A contributor's \"essential patent claims\" are all patent claims\nowned or controlled by the contributor, whether already acquired or\nhereafter acquired, that would be infringed by some manner, permitted\nby this License, of making, using, or selling its contributor version,\nbut do not include claims that would be infringed only as a\nconsequence of further modification of the contributor version. For\npurposes of this definition, \"control\" includes the right to grant\npatent sublicenses in a manner consistent with the requirements of\nthis License.\n\n Each contributor grants you a non-exclusive, worldwide, royalty-free\npatent license under the contributor's essential patent claims, to\nmake, use, sell, offer for sale, import and otherwise run, modify and\npropagate the contents of its contributor version.\n\n In the following three paragraphs, a \"patent license\" is any express\nagreement or commitment, however denominated, not to enforce a patent\n(such as an express permission to practice a patent or covenant not to\nsue for patent infringement). To \"grant\" such a patent license to a\nparty means to make such an agreement or commitment not to enforce a\npatent against the party.\n\n If you convey a covered work, knowingly relying on a patent license,\nand the Corresponding Source of the work is not available for anyone\nto copy, free of charge and under the terms of this License, through a\npublicly available network server or other readily accessible means,\nthen you must either (1) cause the Corresponding Source to be so\navailable, or (2) arrange to deprive yourself of the benefit of the\npatent license for this particular work, or (3) arrange, in a manner\nconsistent with the requirements of this License, to extend the patent\nlicense to downstream recipients. \"Knowingly relying\" means you have\nactual knowledge that, but for the patent license, your conveying the\ncovered work in a country, or your recipient's use of the covered work\nin a country, would infringe one or more identifiable patents in that\ncountry that you have reason to believe are valid.\n\n If, pursuant to or in connection with a single transaction or\narrangement, you convey, or propagate by procuring conveyance of, a\ncovered work, and grant a patent license to some of the parties\nreceiving the covered work authorizing them to use, propagate, modify\nor convey a specific copy of the covered work, then the patent license\nyou grant is automatically extended to all recipients of the covered\nwork and works based on it.\n\n A patent license is \"discriminatory\" if it does not include within\nthe scope of its coverage, prohibits the exercise of, or is\nconditioned on the non-exercise of one or more of the rights that are\nspecifically granted under this License. You may not convey a covered\nwork if you are a party to an arrangement with a third party that is\nin the business of distributing software, under which you make payment\nto the third party based on the extent of your activity of conveying\nthe work, and under which the third party grants, to any of the\nparties who would receive the covered work from you, a discriminatory\npatent license (a) in connection with copies of the covered work\nconveyed by you (or copies made from those copies), or (b) primarily\nfor and in connection with specific products or compilations that\ncontain the covered work, unless you entered into that arrangement,\nor that patent license was granted, prior to 28 March 2007.\n\n Nothing in this License shall be construed as excluding or limiting\nany implied license or other defenses to infringement that may\notherwise be available to you under applicable patent law.\n\n 12. No Surrender of Others' Freedom.\n\n If conditions are imposed on you (whether by court order, agreement or\notherwise) that contradict the conditions of this License, they do not\nexcuse you from the conditions of this License. If you cannot convey a\ncovered work so as to satisfy simultaneously your obligations under this\nLicense and any other pertinent obligations, then as a consequence you may\nnot convey it at all. For example, if you agree to terms that obligate you\nto collect a royalty for further conveying from those to whom you convey\nthe Program, the only way you could satisfy both those terms and this\nLicense would be to refrain entirely from conveying the Program.\n\n 13. Remote Network Interaction; Use with the GNU General Public License.\n\n Notwithstanding any other provision of this License, if you modify the\nProgram, your modified version must prominently offer all users\ninteracting with it remotely through a computer network (if your version\nsupports such interaction) an opportunity to receive the Corresponding\nSource of your version by providing access to the Corresponding Source\nfrom a network server at no charge, through some standard or customary\nmeans of facilitating copying of software. This Corresponding Source\nshall include the Corresponding Source for any work covered by version 3\nof the GNU General Public License that is incorporated pursuant to the\nfollowing paragraph.\n\n Notwithstanding any other provision of this License, you have\npermission to link or combine any covered work with a work licensed\nunder version 3 of the GNU General Public License into a single\ncombined work, and to convey the resulting work. The terms of this\nLicense will continue to apply to the part which is the covered work,\nbut the work with which it is combined will remain governed by version\n3 of the GNU General Public License.\n\n 14. Revised Versions of this License.\n\n The Free Software Foundation may publish revised and/or new versions of\nthe GNU Affero General Public License from time to time. Such new versions\nwill be similar in spirit to the present version, but may differ in detail to\naddress new problems or concerns.\n\n Each version is given a distinguishing version number. If the\nProgram specifies that a certain numbered version of the GNU Affero General\nPublic License \"or any later version\" applies to it, you have the\noption of following the terms and conditions either of that numbered\nversion or of any later version published by the Free Software\nFoundation. If the Program does not specify a version number of the\nGNU Affero General Public License, you may choose any version ever published\nby the Free Software Foundation.\n\n If the Program specifies that a proxy can decide which future\nversions of the GNU Affero General Public License can be used, that proxy's\npublic statement of acceptance of a version permanently authorizes you\nto choose that version for the Program.\n\n Later license versions may give you additional or different\npermissions. However, no additional obligations are imposed on any\nauthor or copyright holder as a result of your choosing to follow a\nlater version.\n\n 15. Disclaimer of Warranty.\n\n THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY\nAPPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT\nHOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM \"AS IS\" WITHOUT WARRANTY\nOF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,\nTHE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM\nIS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF\nALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n 16. Limitation of Liability.\n\n IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING\nWILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS\nTHE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY\nGENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE\nUSE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF\nDATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD\nPARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),\nEVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF\nSUCH DAMAGES.\n\n 17. Interpretation of Sections 15 and 16.\n\n If the disclaimer of warranty and limitation of liability provided\nabove cannot be given local legal effect according to their terms,\nreviewing courts shall apply local law that most closely approximates\nan absolute waiver of all civil liability in connection with the\nProgram, unless a warranty or assumption of liability accompanies a\ncopy of the Program in return for a fee.\n\n END OF TERMS AND CONDITIONS\n\n How to Apply These Terms to Your New Programs\n\n If you develop a new program, and you want it to be of the greatest\npossible use to the public, the best way to achieve this is to make it\nfree software which everyone can redistribute and change under these terms.\n\n To do so, attach the following notices to the program. It is safest\nto attach them to the start of each source file to most effectively\nstate the exclusion of warranty; and each file should have at least\nthe \"copyright\" line and a pointer to where the full notice is found.\n\n \n Copyright (C) \n\n This program is free software: you can redistribute it and/or modify\n it under the terms of the GNU Affero General Public License as published by\n the Free Software Foundation, either version 3 of the License, or\n (at your option) any later version.\n\n This program is distributed in the hope that it will be useful,\n but WITHOUT ANY WARRANTY; without even the implied warranty of\n MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n GNU Affero General Public License for more details.\n\n You should have received a copy of the GNU Affero General Public License\n along with this program. If not, see .\n\nAlso add information on how to contact you by electronic and paper mail.\n\n If your software can interact with users remotely through a computer\nnetwork, you should also make sure that it provides a way for users to\nget its source. For example, if your program is a web application, its\ninterface could display a \"Source\" link that leads users to an archive\nof the code. There are many ways you could offer source, and different\nsolutions will be better for different programs; see section 13 for the\nspecific requirements.\n\n You should also get your employer (if you work as a programmer) or school,\nif any, to sign a \"copyright disclaimer\" for the program, if necessary.\nFor more information on this, and how to apply and follow the GNU AGPL, see\n." }, { "path": "NOTICE", "content": "Daytona\nCopyright the various Daytona software authors.\n\nThe initial developer of the software is Daytona Platforms, Inc. (https://daytona.io).\nCopyright 2025 Daytona Platforms, Inc. All Rights Reserved.\n" }, { "path": "PACKAGING.md", "content": "# Packaging Guidelines for Daytona\n\nThe Daytona team appreciates any efforts to make our software more accessible to users on various platforms.\nWhile we encourage packaging and distribution of our open-source project, we have some important guidelines, particularly regarding naming.\n\n## Critical Naming Guideline\n\n**Important**: While you are free to package and distribute our software, you **MUST NOT** name your package `daytona` or, in any way, suggest that, the package you distribute, is an official distribution of `daytona`. This restriction is to prevent confusion and maintain the integrity of our project identity.\n\n- Acceptable: \"unofficial-daytona-package\", \"unofficial-daytona-distribution\", etc.\n- Not Acceptable: \"daytona\", \"official-daytona\", etc.\n\n## General Guidelines\n\n1. **License Compliance**: Ensure that the AGPL 3.0/Apache 2.0 license is included with the package and that all copyright notices are preserved.\n\n2. **Version Accuracy**: Use the exact version number of Daytona that you are packaging. Do not modify the version number or add custom suffixes without explicit permission.\n\n3. **Dependencies**: Include all necessary dependencies as specified in our project documentation. Do not add extra dependencies without consulting the project maintainers.\n\n4. **Modifications**: If you need to make any modifications to the source code for packaging purposes, please document these changes clearly and consider submitting them as pull requests to the main project.\n\n5. **Standard Note**: Please include the following standard note in your package description or metadata:\n\n ```\n This package contains an unofficial distribution of Daytona, an open source project\n developed by Daytona Platforms Inc. This package is not officially supported or endorsed\n by the Daytona project. For the official version, please visit https://github.com/daytonaio/daytona.\n ```\n\n## Feedback and Questions\n\nIf you have any questions about packaging Daytona or need clarification on these guidelines, especially regarding naming conventions, please open an issue in our GitHub repository.\n\nWe appreciate your contribution to making Daytona more accessible to users across different platforms, while respecting our project's identity!\n" }, { "path": "PREPARING_YOUR_CHANGES.md", "content": "# Preparing Your Changes\n\nThis document contains information related to preparing changes for a pull request. Here's a quick checklist for a good PR, more details below:\n\n1. A discussion around the change on [Slack](https://go.daytona.io/slack) or in an issue.\n1. A GitHub Issue with a good description associated with the PR\n1. One feature/change per PR\n1. One commit per PR\n1. PR rebased on main (git rebase, not git pull)\n1. Good descriptive commit message, with link to issue\n1. No changes to code not directly related to your PR\n1. Includes functional/integration test\n1. Includes documentation\n\n## Commit Message Format\n\nWe do not require a particular commit message format of any kind, but we do require that individual commits be descriptive, relative to size and impact.\nFor example, if a descriptive title covers what the commit does in practice, then an additional description below the title is not required.\nHowever, if the commit has an out-sized impact relative to other commits, its description will need to reflect that.\n\nReviewers may ask you to amend your commits if they are not descriptive enough.\nSince the descriptiveness of a commit is subjective, please feel free to talk to us on [Slack](https://go.daytona.io/slack) if you have any questions.\n\n### Optional Commit Template\n\nIf you would like an optional commit template, see the following:\n\n```text\n \n\n\n```\n\n## Squashed Commits\n\nWe require that you squash all changes to a single commit. You can do this with the `git rebase -i HEAD~X` command where X is the number of commits you want to squash. See the [Git Documentation](https://git-scm.com/book/en/v2/Git-Branching-Rebasing) for more details.\n\n## Developer's Certificate of Origin\n\nAny contributions to Daytona must only contain code that can legally be contributed to Daytona, and which the Daytona project can distribute under its license.\n\nPrior to contributing to Daytona please read the [Developer's Certificate of Origin](https://developercertificate.org/) and sign-off all commits with the `--signoff` option provided by `git commit`. For example:\n\n```\ngit commit --signoff --message \"This is the commit message\"\n```\n\nThis option adds a `Signed-off-by` trailer at the end of the commit log message.\n\n## DCO Policy on Real Names\n\nThe DCO is a representation by someone stating they have the right to contribute the code they have proposed and is important for legal purposes. We have adopted the CNCF DCO Guidelines (https://github.com/cncf/foundation/blob/main/dco-guidelines.md). Which for simplicity we will include here in full:\n\n### DCO Guidelines v1.1\n\nThe DCO is a representation by someone stating they have the right to contribute the code they have proposed for acceptance into a project: https://developercertificate.org\n\nThat representation is important for legal purposes and was the community-developed outcome after a $1 billion [lawsuit](https://en.wikipedia.org/wiki/SCO%E2%80%93Linux_disputes) by SCO against IBM. The representation is designed to prevent issues but also keep the burden on contributors low. It has proven very adaptable to other projects, is built into git itself (and now also GitHub), and is in use by thousands of projects to avoid more burdensome requirements to contribute (such as a CLA).\n\n### DCO and Real Names\n\nThe DCO requires the use of a real name that can be used to identify someone in case there is an issue about a contribution they made.\n\n**A real name does not require a legal name, nor a birth name, nor any name that appears on an official ID (e.g. a passport). Your real name is the name you convey to people in the community for them to use to identify you as you. The key concern is that your identification is sufficient enough to contact you if an issue were to arise in the future about your contribution.**\n\nYour real name should not be an anonymous id or false name that misrepresents who you are.\n" }, { "path": "PUBLISHING.md", "content": "# Publishing Daytona SDKs\n\nThis document describes how to publish the Daytona SDKs (Python, TypeScript, and Ruby) to their respective package registries.\n\n## Table of Contents\n\n- [Prerequisites](#prerequisites)\n- [Python SDK (PyPI)](#python-sdk-pypi)\n- [TypeScript SDK (npm)](#typescript-sdk-npm)\n- [Ruby SDK (RubyGems)](#ruby-sdk-rubygems)\n- [Automated Publishing (CI/CD)](#automated-publishing-cicd)\n- [Version Management](#version-management)\n\n## Prerequisites\n\nBefore publishing any SDK, ensure you have:\n\n1. **Maintainer Access**: Write access to the Daytona repository\n2. **Package Registry Credentials**:\n - PyPI: Token with upload permissions\n - npm: Token with publish permissions\n - RubyGems: API key with push permissions\n3. **Local Development Setup**:\n - All dependencies installed (`yarn install`)\n - SDKs built successfully\n - Tests passing\n\n## Python SDK (PyPI)\n\n### Using Nx\n\n```bash\n# From repository root\nexport PYPI_TOKEN=\"your-pypi-token\"\nexport PYPI_PKG_VERSION=\"X.Y.Z\" # pre-release format example: \"X.Y.Za1\"\nyarn nx publish sdk-python\n```\n\n**Note**: [Guide](https://packaging.python.org/en/latest/discussions/versioning/) for versioning Python packages.\n\n## TypeScript SDK (npm)\n\n### Using Nx\n\n```bash\n# From repository root\nexport NPM_TOKEN=\"your-npm-token\"\nexport NPM_PKG_VERSION=\"X.Y.Z\" # pre-release format example: \"X.Y.Z-alpha.1\"\nexport NPM_TAG=\"latest\" # or \"beta\", \"alpha\", etc.\nyarn nx publish sdk-typescript\n```\n\n**Note**: NPM packages must have [SemVer-aligned formats](https://semver.org/).\n\n## Ruby SDK (RubyGems)\n\n### Using Nx\n\n```bash\n# From repository root\nexport RUBYGEMS_API_KEY=\"your-rubygems-api-key\"\nexport RUBYGEMS_PKG_VERSION=\"X.Y.Z\" # pre-release format example: \"X.Y.Z.alpha.1\"\nyarn nx publish sdk-ruby\n```\n\n**Note**: [Guide](https://guides.rubygems.org/patterns/#prerelease-gems) for versioning Ruby gems.\n\n## Automated Publishing (CI/CD)\n\n### GitHub Actions Workflow\n\nThe repository includes a GitHub Actions workflow for automated publishing: `.github/workflows/sdk_publish.yaml`\n\n#### Triggering a Release\n\n1. Go to **Actions** → **SDK and CLI Publish** in the GitHub repository\n2. Click **Run workflow**\n3. Fill in the parameters:\n - **version**: The version to release (e.g., `v0.126.0`)\n - **pypi_pkg_version**: (Optional) Override PyPI version\n - **npm_pkg_version**: (Optional) Override npm version\n - **rubygems_pkg_version**: (Optional) Override RubyGems version\n - **npm_tag**: npm dist-tag (default: `latest`)\n\n#### Required Secrets\n\nEnsure these secrets are configured in GitHub repository settings:\n\n- `PYPI_TOKEN`: PyPI API token\n- `NPM_TOKEN`: npm access token\n- `RUBYGEMS_API_KEY`: RubyGems API key\n- `GITHUBBOT_TOKEN`: GitHub token for Homebrew tap updates\n\n### What the Workflow Does\n\n1. Checks out the code\n2. Sets up all required environments (Go, Java, Python, Node.js, Ruby)\n3. Installs dependencies\n4. Configures credentials for all package registries\n5. Runs `yarn publish` which uses Nx to publish all SDKs in the correct order\n6. Updates the Homebrew tap (for the CLI)\n\n## Version Management\n\n### Version Format\n\n`MAJOR.MINOR.PATCH` releases follow semantics:\n\n- **MAJOR**: Breaking changes\n- **MINOR**: New features (backward compatible)\n- **PATCH**: Bug fixes (backward compatible)\n\nPrerelease formats depend on SDK language:\n\n1. For **Typescript** (npm) follow semantic versioning ([SemVer](https://semver.org/)): `MAJOR.MINOR.PATCH`\n\n For pre-releases, use:\n\n - `0.126.0-alpha.1` - Alpha release\n - `0.126.0-beta.1` - Beta release\n - `0.126.0-rc.1` - Release candidate\n\n2. For **Python** (PyPI) follow Python packages versioning [guide](https://packaging.python.org/en/latest/discussions/versioning/):\n\n For pre-releases, use:\n\n - `1.2.0a1` - Alpha release\n - `1.2.0b1` - Beta release\n - `1.2.0rc1` - Release candidate\n\n3. For **Ruby** (gem) follow Ruby gems versioning [guide](https://guides.rubygems.org/patterns/#prerelease-gems):\n\n For pre-releases, use:\n\n - `0.126.0.alpha.1` - Alpha release\n - `0.126.0.beta.1` - Beta release\n - `0.126.0.rc.1` - Release candidate\n\n### Checking Published Versions\n\n#### PyPI\n\n```bash\npip index versions daytona\n# or\ncurl -s https://pypi.org/pypi/daytona/json | jq -r .info.version\n```\n\n#### npm\n\n```bash\nnpm view @daytonaio/sdk version\n# or\nnpm info @daytonaio/sdk\n```\n\n#### RubyGems\n\n```bash\ngem search daytona --remote --exact\n# or\ngem info daytona --remote\n```\n\n## References\n\n- [Semantic Versioning](https://semver.org/)\n- [Python packages versioning](https://packaging.python.org/en/latest/discussions/versioning/)\n- [Ruby gems versioning guide](https://guides.rubygems.org/patterns/#prerelease-gems)\n" }, { "path": "README.md", "content": "
\n\n[![Documentation](https://img.shields.io/github/v/release/daytonaio/docs?label=Docs&color=23cc71)](https://www.daytona.io/docs)\n![License](https://img.shields.io/badge/License-AGPL--3-blue)\n[![Go Report Card](https://goreportcard.com/badge/github.com/daytonaio/daytona)](https://goreportcard.com/report/github.com/daytonaio/daytona)\n[![Issues - daytona](https://img.shields.io/github/issues/daytonaio/daytona)](https://github.com/daytonaio/daytona/issues)\n![GitHub Release](https://img.shields.io/github/v/release/daytonaio/daytona)\n\n
\n\n \n\n
\n \n \n \n \"Daytona\n \n
\n\n

\n Run AI Code.\n
\n Secure and Elastic Infrastructure for\n Running Your AI-Generated Code.\n

\n\n

\n Documentation ·\n Report Bug ·\n Request Feature ·\n Join our Slack ·\n Connect on X \n

\n\n

\n \"Daytona \n \"Daytona \n

\n\n---\n\n## Installation\n\n### Python SDK\n\n```bash\npip install daytona\n```\n\n### TypeScript SDK\n\n```bash\nnpm install @daytonaio/sdk\n```\n\n---\n\n## Features\n\n- **Lightning-Fast Infrastructure**: Sub-90ms Sandbox creation from code to execution.\n- **Separated & Isolated Runtime**: Execute AI-generated code with zero risk to your infrastructure.\n- **Massive Parallelization for Concurrent AI Workflows**: Fork Sandbox filesystem and memory state (Coming soon!)\n- **Programmatic Control**: File, Git, LSP, and Execute API\n- **Unlimited Persistence**: Your Sandboxes can live forever\n- **OCI/Docker Compatibility**: Use any OCI/Docker image to create a Sandbox\n\n---\n\n## Quick Start\n\n1. Create an account at https://app.daytona.io\n1. Generate a [new API key](https://app.daytona.io/dashboard/keys)\n1. Follow the [Getting Started docs](https://www.daytona.io/docs/getting-started/) to start using the Daytona SDK\n\n## Creating your first Sandbox\n\n### Python SDK\n\n```py\nfrom daytona import Daytona, DaytonaConfig, CreateSandboxBaseParams\n\n# Initialize the Daytona client\ndaytona = Daytona(DaytonaConfig(api_key=\"YOUR_API_KEY\"))\n\n# Create the Sandbox instance\nsandbox = daytona.create(CreateSandboxBaseParams(language=\"python\"))\n\n# Run code securely inside the Sandbox\nresponse = sandbox.process.code_run('print(\"Sum of 3 and 4 is \" + str(3 + 4))')\nif response.exit_code != 0:\n print(f\"Error running code: {response.exit_code} {response.result}\")\nelse:\n print(response.result)\n\n# Clean up the Sandbox\ndaytona.delete(sandbox)\n```\n\n### Typescript SDK\n\n```jsx\nimport { Daytona } from '@daytonaio/sdk'\n\nasync function main() {\n // Initialize the Daytona client\n const daytona = new Daytona({\n apiKey: 'YOUR_API_KEY',\n })\n\n let sandbox\n try {\n // Create the Sandbox instance\n sandbox = await daytona.create({\n language: 'typescript',\n })\n // Run code securely inside the Sandbox\n const response = await sandbox.process.codeRun('console.log(\"Sum of 3 and 4 is \" + (3 + 4))')\n if (response.exitCode !== 0) {\n console.error('Error running code:', response.exitCode, response.result)\n } else {\n console.log(response.result)\n }\n } catch (error) {\n console.error('Sandbox flow error:', error)\n } finally {\n if (sandbox) await daytona.delete(sandbox)\n }\n}\n\nmain().catch(console.error)\n```\n\n### Go SDK\n\n```go\npackage main\n\nimport (\n \"context\"\n \"fmt\"\n \"log\"\n \"time\"\n\n \"github.com/daytonaio/daytona/libs/sdk-go/pkg/daytona\"\n \"github.com/daytonaio/daytona/libs/sdk-go/pkg/types\"\n)\n\nfunc main() {\n // Initialize the Daytona client with DAYTONA_API_KEY in env\n // Alternative is to use daytona.NewClientWithConfig(...) for more specific config\n client, err := daytona.NewClient()\n if err != nil {\n log.Fatalf(\"Failed to create client: %v\", err)\n }\n\n ctx := context.Background()\n\n // Create the Sandbox instance\n params := types.SnapshotParams{\n SandboxBaseParams: types.SandboxBaseParams{\n Language: types.CodeLanguagePython,\n },\n }\n\n sandbox, err := client.Create(ctx, params, daytona.WithTimeout(90*time.Second))\n if err != nil {\n log.Fatalf(\"Failed to create sandbox: %v\", err)\n }\n\n // Run code securely inside the Sandbox\n response, err := sandbox.Process.ExecuteCommand(ctx, `python3 -c \"print('Sum of 3 and 4 is', 3 + 4)\"`)\n if err != nil {\n log.Fatalf(\"Failed to execute command: %v\", err)\n }\n\n if response.ExitCode != 0 {\n fmt.Printf(\"Error running code: %d %s\\n\", response.ExitCode, response.Result)\n } else {\n fmt.Println(response.Result)\n }\n\n // Clean up the Sandbox\n if err := sandbox.Delete(ctx); err != nil {\n log.Fatalf(\"Failed to delete sandbox: %v\", err)\n }\n}\n```\n\n---\n\n## Contributing\n\nDaytona is Open Source under the [GNU AFFERO GENERAL PUBLIC LICENSE](LICENSE), and is the [copyright of its contributors](NOTICE). If you would like to contribute to the software, read the Developer Certificate of Origin Version 1.1 (https://developercertificate.org/). Afterwards, navigate to the [contributing guide](CONTRIBUTING.md) to get started.\n" }, { "path": "SECURITY.md", "content": "# Security Policy\n\n## Reporting a Vulnerability\n\nAt Daytona, we take security seriously. If you believe you have found a security vulnerability in any Daytona-owned repository or service, please report it responsibly.\n\n**Please do NOT report security vulnerabilities through public GitHub issues.**\n\nInstead, please email us at: **security@daytona.io**\n\nYou can also report vulnerabilities privately through [GitHub's security advisory feature](https://github.com/daytonaio/daytona/security/advisories/new).\n\nPlease include:\n\n- Description of the vulnerability\n- Steps to reproduce\n- Impact assessment\n- Any relevant screenshots or proof-of-concept\n\nWe will acknowledge receipt within 2 business days and provide an initial assessment within 5 business days.\n\n## Scope\n\nThe following assets and areas are in scope for vulnerability reports:\n\n- **Daytona platform** — app.daytona.io, including the web application and management interfaces\n- **API and SDK** — all documented and undocumented API endpoints, client SDKs\n- **Sandbox runtime isolation** — escape from sandbox to host, cross-tenant access, isolation boundary bypasses\n- **Authentication and authorization** — SSO, API key management, session handling, privilege escalation across accounts or organizations\n- **Secrets management** — scoped secret injection, unauthorized access to secrets, leakage across sandbox boundaries\n- **Public GitHub repositories** — any repository under the [daytonaio](https://github.com/daytonaio) organization\n\n## Excluded Submission Types\n\nThe following categories are excluded from this program. Reports in these categories will be closed without further assessment unless they demonstrate impact beyond what is described.\n\n1. **In-sandbox privilege escalation, root access, or capability use** — Daytona sandboxes provide full root access within user-namespace isolation by design. Findings that chain to host escape or cross-sandbox access remain in scope.\n2. **Findings within the reporter's own sandbox** that do not demonstrate impact beyond that sandbox's isolation boundary.\n3. **Denial of service** — DoS, DDoS, resource exhaustion, volumetric testing, or network flooding.\n4. **Rate limiting observations** that do not demonstrate resource exhaustion, financial impact, or abuse potential.\n5. **Social engineering** — phishing, vishing, pretexting, or any form of social engineering targeting Daytona employees or users.\n6. **Physical security testing** of offices, data centers, or personnel.\n7. **Marketing and documentation sites** — findings against daytona.io or docs.daytona.io, excluding subdomain takeover vulnerabilities.\n8. **Third-party services** — vulnerabilities in services or platforms not owned or operated by Daytona.\n9. **Known public files or directories** — e.g., robots.txt, .well-known, or other intentionally public resources.\n10. **DNSSEC or TLS cipher suite configuration suggestions** without a demonstrated exploit path.\n11. **Missing Secure/HTTPOnly flags** on non-sensitive cookies.\n12. **CSRF on unauthenticated or public-facing forms.**\n13. **Outdated browsers and platforms** — vulnerabilities only affecting unpatched or end-of-life software.\n14. **Automated scan output** — reports generated solely by automated tools without validated proof of impact.\n15. **Best practice recommendations** without demonstrable security impact.\n16. **Spam or service degradation** — testing that results in sending unsolicited messages or degradation of service to other users.\n\n## Supported Versions\n\nWe accept vulnerability reports for the latest stable release of Daytona.\n\n## Safe Harbor\n\nDaytona supports safe harbor for security researchers who act in good faith and in accordance with this policy.\n\nWe will not pursue legal action against researchers who:\n\n- Make a good-faith effort to avoid privacy violations, data destruction, and service disruption\n- Only access data to the extent necessary to demonstrate the vulnerability\n- Do not exfiltrate, retain, or disclose any user data encountered during research\n- Report findings promptly through the channels listed above\n- Do not disclose findings publicly before coordinated resolution (see Disclosure Timeline below)\n- Comply with all applicable laws\n\nIf legal action is initiated by a third party against a researcher for activities conducted in accordance with this policy, we will take steps to make it known that the research was authorized.\n\nThis safe harbor applies to all Daytona services and assets listed in the Scope section.\n\n## Disclosure Timeline\n\nWe follow a coordinated disclosure process:\n\n- **90 days** — We target remediation within 90 days of a validated report. Complex issues may require additional time, and we will communicate timelines transparently.\n- **30 days post-patch** — After a fix is released, we ask that researchers wait 30 days before public disclosure to allow users to update.\n- **No response** — If we fail to acknowledge or respond to a report within 90 days, the researcher may proceed with public disclosure after providing 14 days advance written notice to security@daytona.io.\n\n## Rewards\n\nWe offer rewards from $100 to $1,000 for valid, original findings that demonstrate real security impact. Severity, exploitability, and report quality are all considered. Duplicate reports are credited to the first submission.\n" }, { "path": "apps/api/Dockerfile", "content": "FROM node:24-slim AS daytona\n\nENV CI=true\n\n# Install dependencies (apt instead of apk)\nRUN apt-get update && apt-get install -y --no-install-recommends bash curl && \\\n rm -rf /var/lib/apt/lists/*\nRUN npm install -g corepack && corepack enable\n\nWORKDIR /daytona\n\n# Yarn caching layer\nCOPY package.json yarn.lock .yarnrc.yml ./\nRUN yarn install --immutable\n\n# Nx + TS config\nCOPY nx.json tsconfig.base.json ./\n\n# App source\nCOPY apps/api/ apps/api/\nCOPY apps/dashboard/ apps/dashboard/\n\n# Lib dependencies\nCOPY libs/runner-api-client/ libs/runner-api-client/\nCOPY libs/api-client/ libs/api-client/\nCOPY libs/analytics-api-client/ libs/analytics-api-client/\nCOPY libs/toolbox-api-client/ libs/toolbox-api-client/\nCOPY libs/sdk-typescript/ libs/sdk-typescript/\n\nENV NX_DAEMON=false\n\nRUN yarn nx build api --configuration=production --nxBail=true\n\nRUN VITE_BASE_API_URL=%DAYTONA_BASE_API_URL% yarn nx build dashboard --configuration=production --nxBail=true --output-style=stream\n\nARG VERSION=0.0.1\nENV VERSION=${VERSION}\n\nHEALTHCHECK CMD [ \"curl\", \"-f\", \"http://localhost:3000/api/config\" ]\n\nENTRYPOINT [\"node\", \"dist/apps/api/main.js\"]\n" }, { "path": "apps/api/eslint.config.mjs", "content": "import baseConfig from '../../eslint.config.mjs'\n\nexport default [\n ...baseConfig,\n {\n files: ['**/*.ts'],\n rules: {\n 'no-restricted-syntax': [\n 'error',\n {\n selector:\n 'Decorator[expression.callee.name=\"InjectRepository\"] > CallExpression > Identifier[name=\"Sandbox\"]',\n message: 'Do not use @InjectRepository(Sandbox). Use the custom SandboxRepository instead.',\n },\n ],\n },\n },\n]\n" }, { "path": "apps/api/jest.config.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport default {\n displayName: 'daytona',\n preset: '../../jest.preset.js',\n testEnvironment: 'node',\n transform: {\n '^.+\\\\.[tj]s$': ['ts-jest', { tsconfig: '/tsconfig.spec.json' }],\n },\n moduleFileExtensions: ['ts', 'js', 'html'],\n coverageDirectory: '../../coverage/apps/daytona',\n}\n" }, { "path": "apps/api/project.json", "content": "{\n \"name\": \"api\",\n \"$schema\": \"../../node_modules/nx/schemas/project-schema.json\",\n \"sourceRoot\": \"apps/api/src\",\n \"projectType\": \"application\",\n \"tags\": [],\n \"targets\": {\n \"build\": {\n \"executor\": \"@nx/webpack:webpack\",\n \"options\": {\n \"outputPath\": \"dist/apps/api\",\n \"deleteOutputPath\": false,\n \"main\": \"apps/api/src/main.ts\",\n \"tsConfig\": \"apps/api/tsconfig.app.json\",\n \"generatePackageJson\": true,\n \"target\": \"node\",\n \"compiler\": \"tsc\",\n \"sourceMap\": true,\n \"webpackConfig\": \"apps/api/webpack.config.js\",\n \"assets\": [\n {\n \"input\": \"apps/api/src/assets\",\n \"glob\": \"**/*\",\n \"output\": \"./assets/\"\n }\n ]\n },\n \"configurations\": {\n \"production\": {\n \"optimization\": true,\n \"extractLicenses\": true,\n \"inspect\": false\n }\n }\n },\n \"openapi\": {\n \"executor\": \"nx:run-commands\",\n \"cache\": true,\n \"inputs\": [\n \"{projectRoot}/src/**/*.ts\",\n \"!{projectRoot}/src/**/*.spec.ts\",\n \"{projectRoot}/tsconfig.app.json\",\n {\n \"dependentTasksOutputFiles\": \"**/*\",\n \"transitive\": true\n }\n ],\n \"outputs\": [\"{workspaceRoot}/dist/apps/api/openapi.json\", \"{workspaceRoot}/dist/apps/api/openapi.3.1.0.json\"],\n \"options\": {\n \"commands\": [\n \"mkdir -p dist/apps/api\",\n \"yarn ts-node apps/api/src/generate-openapi.ts -o dist/apps/api/openapi.json\"\n ],\n \"parallel\": false,\n \"env\": {\n \"TS_NODE_PROJECT\": \"apps/api/tsconfig.app.json\",\n \"NODE_OPTIONS\": \"--require tsconfig-paths/register\",\n \"SKIP_CONNECTIONS\": \"true\"\n }\n }\n },\n \"serve\": {\n \"executor\": \"@nx/js:node\",\n \"defaultConfiguration\": \"development\",\n \"dependsOn\": [\"build\"],\n \"options\": {\n \"buildTarget\": \"api:build\",\n \"runBuildTargetDependencies\": false,\n \"watch\": true\n },\n \"configurations\": {\n \"development\": {\n \"buildTarget\": \"api:build:development\"\n },\n \"production\": {\n \"buildTarget\": \"api:build:production\"\n }\n }\n },\n \"format\": {\n \"executor\": \"nx:run-commands\",\n \"options\": {\n \"command\": \"cd {projectRoot} && prettier --write \\\"**/*.{ts,json,mjs}\\\" --config ../../.prettierrc\"\n }\n },\n \"test\": {\n \"options\": {\n \"passWithNoTests\": true\n }\n },\n \"check-version-env\": {},\n \"docker\": {\n \"options\": {\n \"target\": \"daytona\"\n },\n \"dependsOn\": [\n {\n \"target\": \"build-amd64\",\n \"projects\": \"runner\"\n }\n ]\n },\n \"push-manifest\": {},\n \"lint\": {\n \"executor\": \"nx:run-commands\",\n \"options\": {\n \"command\": \"bash apps/api/scripts/validate-migration-paths.sh $(find apps/api/src/migrations -name '*-migration.ts' -type f)\"\n }\n }\n }\n}\n" }, { "path": "apps/api/scripts/validate-migration-paths.sh", "content": "#!/bin/bash\n\n# Copyright Daytona Platforms Inc.\n# SPDX-License-Identifier: AGPL-3.0\n\n# Fails if any migration file is placed directly under\n# apps/api/src/migrations/ instead of pre-deploy/ or post-deploy/.\n# Legacy migrations (timestamp <= LEGACY_CUTOFF) are excluded.\n\n# Exit on error\nset -e\n\nLEGACY_CUTOFF=1770880371265\n\nforbidden=()\n\nfor f in \"$@\"; do\n rel=\"$(realpath --relative-to=\"$PWD\" \"$f\")\"\n\n case \"$rel\" in\n apps/api/src/migrations/pre-deploy/*-migration.ts) ;;\n apps/api/src/migrations/post-deploy/*-migration.ts) ;;\n apps/api/src/migrations/*/*-migration.ts)\n forbidden+=(\"$rel\")\n ;;\n apps/api/src/migrations/*-migration.ts)\n timestamp=$(basename \"$rel\" | grep -oP '^\\d+')\n if [ -n \"$timestamp\" ] && [ \"$timestamp\" -le \"$LEGACY_CUTOFF\" ]; then\n continue\n fi\n forbidden+=(\"$rel\")\n ;;\n esac\ndone\n\nif [ ${#forbidden[@]} -gt 0 ]; then\n echo \"Migration files must be placed in one of:\" >&2\n echo \" - apps/api/src/migrations/pre-deploy/\" >&2\n echo \" - apps/api/src/migrations/post-deploy/\" >&2\n echo \"\" >&2\n echo \"Invalid paths:\" >&2\n for p in \"${forbidden[@]}\"; do\n echo \" - $p\" >&2\n done\n echo \"\" >&2\n echo \"See apps/api/src/migrations/README.md for more information.\" >&2\n exit 1\nfi\n" }, { "path": "apps/api/src/admin/admin.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { AdminRunnerController } from './controllers/runner.controller'\nimport { AdminSandboxController } from './controllers/sandbox.controller'\nimport { SandboxModule } from '../sandbox/sandbox.module'\nimport { RegionModule } from '../region/region.module'\nimport { OrganizationModule } from '../organization/organization.module'\n\n@Module({\n imports: [SandboxModule, RegionModule, OrganizationModule],\n controllers: [AdminRunnerController, AdminSandboxController],\n})\nexport class AdminModule {}\n" }, { "path": "apps/api/src/admin/controllers/runner.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Body,\n Controller,\n Delete,\n Get,\n HttpCode,\n NotFoundException,\n Param,\n ParseUUIDPipe,\n Patch,\n Post,\n Query,\n UseGuards,\n} from '@nestjs/common'\nimport { ApiBearerAuth, ApiOAuth2, ApiOperation, ApiParam, ApiQuery, ApiResponse, ApiTags } from '@nestjs/swagger'\nimport { AdminCreateRunnerDto } from '../dto/create-runner.dto'\nimport { Audit, MASKED_AUDIT_VALUE, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { SystemActionGuard } from '../../auth/system-action.guard'\nimport { RequiredApiRole } from '../../common/decorators/required-role.decorator'\nimport { RegionService } from '../../region/services/region.service'\nimport { CreateRunnerResponseDto } from '../../sandbox/dto/create-runner-response.dto'\nimport { RunnerFullDto } from '../../sandbox/dto/runner-full.dto'\nimport { RunnerDto } from '../../sandbox/dto/runner.dto'\nimport { RunnerService } from '../../sandbox/services/runner.service'\nimport { SystemRole } from '../../user/enums/system-role.enum'\n\n@ApiTags('admin')\n@Controller('admin/runners')\n@UseGuards(CombinedAuthGuard, SystemActionGuard)\n@RequiredApiRole([SystemRole.ADMIN])\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class AdminRunnerController {\n constructor(\n private readonly runnerService: RunnerService,\n private readonly regionService: RegionService,\n ) {}\n\n @Post()\n @HttpCode(201)\n @ApiOperation({\n summary: 'Create runner',\n operationId: 'adminCreateRunner',\n })\n @ApiResponse({\n status: 201,\n type: CreateRunnerResponseDto,\n })\n @Audit({\n action: AuditAction.CREATE,\n targetType: AuditTarget.RUNNER,\n targetIdFromResult: (result: RunnerDto) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n domain: req.body?.domain,\n apiUrl: req.body?.apiUrl,\n proxyUrl: req.body?.proxyUrl,\n regionId: req.body?.regionId,\n name: req.body?.name,\n apiKey: MASKED_AUDIT_VALUE,\n apiVersion: req.body?.apiVersion,\n }),\n },\n })\n async create(@Body() createRunnerDto: AdminCreateRunnerDto): Promise {\n const region = await this.regionService.findOne(createRunnerDto.regionId)\n\n if (!region) {\n throw new NotFoundException('Region not found')\n }\n\n const { runner, apiKey } = await this.runnerService.create({\n domain: createRunnerDto.domain,\n apiUrl: createRunnerDto.apiUrl,\n proxyUrl: createRunnerDto.proxyUrl,\n regionId: createRunnerDto.regionId,\n name: createRunnerDto.name,\n apiKey: createRunnerDto.apiKey,\n apiVersion: createRunnerDto.apiVersion,\n cpu: createRunnerDto.cpu,\n memoryGiB: createRunnerDto.memoryGiB,\n diskGiB: createRunnerDto.diskGiB,\n })\n\n return CreateRunnerResponseDto.fromRunner(runner, apiKey)\n }\n\n @Get(':id')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Get runner by ID',\n operationId: 'adminGetRunnerById',\n })\n @ApiResponse({\n status: 200,\n type: RunnerFullDto,\n })\n @ApiParam({\n name: 'id',\n description: 'Runner ID',\n type: String,\n })\n async getRunnerById(@Param('id', ParseUUIDPipe) id: string): Promise {\n return this.runnerService.findOneFullOrFail(id)\n }\n\n @Get()\n @HttpCode(200)\n @ApiOperation({\n summary: 'List all runners',\n operationId: 'adminListRunners',\n })\n @ApiResponse({\n status: 200,\n type: [RunnerFullDto],\n })\n @ApiQuery({\n name: 'regionId',\n description: 'Filter runners by region ID',\n type: String,\n required: false,\n })\n async findAll(@Query('regionId') regionId?: string): Promise {\n if (regionId) {\n return this.runnerService.findAllByRegionFull(regionId)\n }\n return this.runnerService.findAllFull()\n }\n\n @Patch(':id/scheduling')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Update runner scheduling status',\n operationId: 'adminUpdateRunnerScheduling',\n })\n @ApiResponse({\n status: 204,\n })\n @Audit({\n action: AuditAction.UPDATE_SCHEDULING,\n targetType: AuditTarget.RUNNER,\n targetIdFromRequest: (req) => req.params.id,\n requestMetadata: {\n body: (req: TypedRequest<{ unschedulable: boolean }>) => ({\n unschedulable: req.body?.unschedulable,\n }),\n },\n })\n async updateSchedulingStatus(\n @Param('id', ParseUUIDPipe) id: string,\n @Body('unschedulable') unschedulable: boolean,\n ): Promise {\n await this.runnerService.updateSchedulingStatus(id, unschedulable)\n }\n\n @Delete(':id')\n @HttpCode(204)\n @ApiOperation({\n summary: 'Delete runner',\n operationId: 'adminDeleteRunner',\n })\n @ApiResponse({\n status: 204,\n })\n @ApiParam({\n name: 'id',\n description: 'Runner ID',\n type: String,\n })\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.RUNNER,\n targetIdFromRequest: (req) => req.params.id,\n })\n async delete(@Param('id', ParseUUIDPipe) id: string): Promise {\n return this.runnerService.remove(id)\n }\n}\n" }, { "path": "apps/api/src/admin/controllers/sandbox.controller.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Controller, HttpCode, NotFoundException, Param, Post, UseGuards } from '@nestjs/common'\nimport { ApiBearerAuth, ApiOAuth2, ApiOperation, ApiParam, ApiResponse, ApiTags } from '@nestjs/swagger'\nimport { Audit } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { SystemActionGuard } from '../../auth/system-action.guard'\nimport { RequiredApiRole } from '../../common/decorators/required-role.decorator'\nimport { OrganizationService } from '../../organization/services/organization.service'\nimport { SandboxDto } from '../../sandbox/dto/sandbox.dto'\nimport { SandboxService } from '../../sandbox/services/sandbox.service'\nimport { SystemRole } from '../../user/enums/system-role.enum'\n\n@ApiTags('admin')\n@Controller('admin/sandbox')\n@UseGuards(CombinedAuthGuard, SystemActionGuard)\n@RequiredApiRole([SystemRole.ADMIN])\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class AdminSandboxController {\n constructor(\n private readonly sandboxService: SandboxService,\n private readonly organizationService: OrganizationService,\n ) {}\n\n @Post(':sandboxId/recover')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Recover sandbox from error state as an admin',\n operationId: 'adminRecoverSandbox',\n })\n @ApiParam({\n name: 'sandboxId',\n description: 'ID of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Recovery initiated',\n type: SandboxDto,\n })\n @Audit({\n action: AuditAction.RECOVER,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n })\n async recoverSandbox(@Param('sandboxId') sandboxId: string): Promise {\n const organization = await this.organizationService.findBySandboxId(sandboxId)\n if (!organization) {\n throw new NotFoundException('Sandbox not found')\n }\n const recoveredSandbox = await this.sandboxService.recover(sandboxId, organization)\n return this.sandboxService.toSandboxDto(recoveredSandbox)\n }\n}\n" }, { "path": "apps/api/src/admin/dto/create-runner.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { IsNumber, IsOptional, IsString } from 'class-validator'\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { CreateRunnerDto } from '../../sandbox/dto/create-runner.dto'\n\n@ApiSchema({ name: 'AdminCreateRunner' })\nexport class AdminCreateRunnerDto extends CreateRunnerDto {\n @IsString()\n @ApiProperty()\n apiKey: string\n\n @IsString()\n @ApiProperty({\n description: 'The api version of the runner to create',\n pattern: '^(0|2)$',\n example: '2',\n })\n apiVersion: '0' | '2'\n\n @ApiProperty({\n required: false,\n description: 'The domain of the runner',\n example: 'runner1.example.com',\n })\n @IsString()\n @IsOptional()\n domain?: string\n\n @IsString()\n @ApiProperty({\n description: 'The API URL of the runner',\n example: 'https://api.runner1.example.com',\n required: false,\n })\n @IsOptional()\n apiUrl?: string\n\n @IsString()\n @ApiProperty({\n description: 'The proxy URL of the runner',\n example: 'https://proxy.runner1.example.com',\n required: false,\n })\n @IsOptional()\n proxyUrl?: string\n\n @IsNumber()\n @ApiProperty({\n description: 'The CPU capacity of the runner',\n example: 8,\n required: false,\n })\n @IsOptional()\n cpu?: number\n\n @IsNumber()\n @ApiProperty({\n description: 'The memory capacity of the runner in GiB',\n example: 16,\n required: false,\n })\n @IsOptional()\n memoryGiB?: number\n\n @IsNumber()\n @ApiProperty({\n description: 'The disk capacity of the runner in GiB',\n example: 100,\n required: false,\n })\n @IsOptional()\n diskGiB?: number\n}\n" }, { "path": "apps/api/src/analytics/analytics.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { TypeOrmModule } from '@nestjs/typeorm'\nimport { AnalyticsService } from './services/analytics.service'\n\n@Module({\n imports: [TypeOrmModule.forFeature([AnalyticsService])],\n providers: [AnalyticsService],\n exports: [AnalyticsService],\n})\nexport class AnalyticsModule {}\n" }, { "path": "apps/api/src/analytics/services/analytics.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger } from '@nestjs/common'\nimport { OnEvent } from '@nestjs/event-emitter'\nimport { SandboxEvents } from '../../sandbox/constants/sandbox-events.constants'\nimport { SandboxCreatedEvent } from '../../sandbox/events/sandbox-create.event'\nimport { SandboxDesiredStateUpdatedEvent } from '../../sandbox/events/sandbox-desired-state-updated.event'\nimport { SandboxDestroyedEvent } from '../../sandbox/events/sandbox-destroyed.event'\nimport { SandboxPublicStatusUpdatedEvent } from '../../sandbox/events/sandbox-public-status-updated.event'\nimport { SandboxStartedEvent } from '../../sandbox/events/sandbox-started.event'\nimport { SandboxStateUpdatedEvent } from '../../sandbox/events/sandbox-state-updated.event'\nimport { SandboxStoppedEvent } from '../../sandbox/events/sandbox-stopped.event'\nimport { PostHog } from 'posthog-node'\nimport { OnAsyncEvent } from '../../common/decorators/on-async-event.decorator'\nimport { Organization } from '../../organization/entities/organization.entity'\nimport { OrganizationEvents } from '../../organization/constants/organization-events.constant'\nimport { TypedConfigService } from '../../config/typed-config.service'\n\n@Injectable()\nexport class AnalyticsService {\n private readonly logger = new Logger(AnalyticsService.name)\n private readonly posthog?: PostHog\n\n constructor(private readonly configService: TypedConfigService) {\n if (!this.configService.get('posthog.apiKey')) {\n return\n }\n\n if (!this.configService.get('posthog.host')) {\n return\n }\n\n // Initialize PostHog client\n this.posthog = new PostHog(this.configService.get('posthog.apiKey'), {\n host: this.configService.get('posthog.host'),\n })\n }\n\n @OnEvent(SandboxEvents.CREATED)\n async handleSandboxCreatedEvent(event: SandboxCreatedEvent) {\n this.logger.debug(`Sandbox created: ${JSON.stringify(event)}`)\n }\n\n @OnEvent(SandboxEvents.STARTED)\n async handleSandboxStartedEvent(event: SandboxStartedEvent) {\n this.logger.debug(`Sandbox started: ${JSON.stringify(event)}`)\n }\n\n @OnEvent(SandboxEvents.STOPPED)\n async handleSandboxStoppedEvent(event: SandboxStoppedEvent) {\n this.logger.debug(`Sandbox stopped: ${JSON.stringify(event)}`)\n }\n\n @OnEvent(SandboxEvents.DESTROYED)\n async handleSandboxDestroyedEvent(event: SandboxDestroyedEvent) {\n this.logger.debug(`Sandbox destroyed: ${JSON.stringify(event)}`)\n }\n\n @OnEvent(SandboxEvents.PUBLIC_STATUS_UPDATED)\n async handleSandboxPublicStatusUpdatedEvent(event: SandboxPublicStatusUpdatedEvent) {\n this.logger.debug(`Sandbox public status updated: ${JSON.stringify(event)}`)\n }\n\n @OnEvent(SandboxEvents.DESIRED_STATE_UPDATED)\n async handleSandboxDesiredStateUpdatedEvent(event: SandboxDesiredStateUpdatedEvent) {\n this.logger.debug(`Sandbox desired state updated: ${JSON.stringify(event)}`)\n }\n\n @OnEvent(SandboxEvents.STATE_UPDATED)\n async handleSandboxStateUpdatedEvent(event: SandboxStateUpdatedEvent) {\n this.logger.debug(`Sandbox state updated: ${JSON.stringify(event)}`)\n }\n\n @OnAsyncEvent({\n event: OrganizationEvents.CREATED,\n })\n async handlePersonalOrganizationCreatedEvent(payload: Organization) {\n if (!payload.personal) {\n return\n }\n\n if (!this.posthog) {\n return\n }\n\n this.posthog.groupIdentify({\n groupType: 'organization',\n groupKey: payload.id,\n properties: {\n name: `Personal - ${payload.createdBy}`,\n created_at: payload.createdAt,\n created_by: payload.createdBy,\n personal: payload.personal,\n environment: this.configService.get('posthog.environment'),\n },\n })\n }\n}\n" }, { "path": "apps/api/src/api-key/api-key.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Controller, Post, Get, Delete, Param, Body, UseGuards, ForbiddenException, HttpCode } from '@nestjs/common'\nimport { ApiKeyService } from './api-key.service'\nimport { CreateApiKeyDto } from './dto/create-api-key.dto'\nimport { ApiHeader, ApiOAuth2, ApiOperation, ApiResponse, ApiTags, ApiBearerAuth } from '@nestjs/swagger'\nimport { ApiKeyResponseDto } from './dto/api-key-response.dto'\nimport { ApiKeyListDto } from './dto/api-key-list.dto'\nimport { CombinedAuthGuard } from '../auth/combined-auth.guard'\nimport { CustomHeaders } from '../common/constants/header.constants'\nimport { AuthContext } from '../common/decorators/auth-context.decorator'\nimport { AuthContext as IAuthContext } from '../common/interfaces/auth-context.interface'\nimport { OrganizationAuthContext } from '../common/interfaces/auth-context.interface'\nimport { OrganizationMemberRole } from '../organization/enums/organization-member-role.enum'\nimport { OrganizationResourcePermission } from '../organization/enums/organization-resource-permission.enum'\nimport { OrganizationResourceActionGuard } from '../organization/guards/organization-resource-action.guard'\nimport { SystemRole } from '../user/enums/system-role.enum'\nimport { Audit, TypedRequest } from '../audit/decorators/audit.decorator'\nimport { AuditAction } from '../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../audit/enums/audit-target.enum'\nimport { ApiKey } from './api-key.entity'\nimport { AuthenticatedRateLimitGuard } from '../common/guards/authenticated-rate-limit.guard'\n\n@ApiTags('api-keys')\n@Controller('api-keys')\n@ApiHeader(CustomHeaders.ORGANIZATION_ID)\n@UseGuards(CombinedAuthGuard, OrganizationResourceActionGuard, AuthenticatedRateLimitGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class ApiKeyController {\n constructor(private readonly apiKeyService: ApiKeyService) {}\n\n @Post()\n @ApiOperation({\n summary: 'Create API key',\n operationId: 'createApiKey',\n })\n @ApiResponse({\n status: 201,\n description: 'API key created successfully.',\n type: ApiKeyResponseDto,\n })\n @Audit({\n action: AuditAction.CREATE,\n targetType: AuditTarget.API_KEY,\n targetIdFromResult: (result: ApiKeyResponseDto) => result?.name,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n name: req.body?.name,\n permissions: req.body?.permissions,\n expiresAt: req.body?.expiresAt,\n }),\n },\n })\n async createApiKey(\n @AuthContext() authContext: OrganizationAuthContext,\n @Body() createApiKeyDto: CreateApiKeyDto,\n ): Promise {\n this.validateRequestedApiKeyPermissions(authContext, createApiKeyDto.permissions)\n\n const { apiKey, value } = await this.apiKeyService.createApiKey(\n authContext.organizationId,\n authContext.userId,\n createApiKeyDto.name,\n createApiKeyDto.permissions,\n createApiKeyDto.expiresAt,\n )\n\n return ApiKeyResponseDto.fromApiKey(apiKey, value)\n }\n\n @Get()\n @ApiOperation({\n summary: 'List API keys',\n operationId: 'listApiKeys',\n })\n @ApiResponse({\n status: 200,\n description: 'API keys retrieved successfully.',\n type: [ApiKeyListDto],\n })\n @ApiResponse({ status: 500, description: 'Error fetching API keys.' })\n async getApiKeys(@AuthContext() authContext: OrganizationAuthContext): Promise {\n let apiKeys: ApiKey[] = []\n\n if (authContext.role === SystemRole.ADMIN || authContext.organizationUser?.role === OrganizationMemberRole.OWNER) {\n apiKeys = await this.apiKeyService.getApiKeys(authContext.organizationId)\n } else {\n apiKeys = await this.apiKeyService.getApiKeys(authContext.organizationId, authContext.userId)\n }\n\n return apiKeys.map((apiKey) => ApiKeyListDto.fromApiKey(apiKey))\n }\n\n @Get('current')\n @ApiOperation({\n summary: \"Get current API key's details\",\n operationId: 'getCurrentApiKey',\n })\n @ApiResponse({\n status: 200,\n description: 'API key retrieved successfully.',\n type: ApiKeyListDto,\n })\n async getCurrentApiKey(@AuthContext() authContext: IAuthContext): Promise {\n if (!authContext.apiKey) {\n throw new ForbiddenException('Authenticate with an API key to use this endpoint')\n }\n\n return ApiKeyListDto.fromApiKey(authContext.apiKey)\n }\n\n @Get(':name')\n @ApiOperation({\n summary: 'Get API key',\n operationId: 'getApiKey',\n })\n @ApiResponse({\n status: 200,\n description: 'API key retrieved successfully.',\n type: ApiKeyListDto,\n })\n async getApiKey(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('name') name: string,\n ): Promise {\n const apiKey = await this.apiKeyService.getApiKeyByName(authContext.organizationId, authContext.userId, name)\n return ApiKeyListDto.fromApiKey(apiKey)\n }\n\n @Delete(':name')\n @ApiOperation({\n summary: 'Delete API key',\n operationId: 'deleteApiKey',\n })\n @ApiResponse({ status: 204, description: 'API key deleted successfully.' })\n @HttpCode(204)\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.API_KEY,\n targetIdFromRequest: (req) => req.params.name,\n })\n async deleteApiKey(@AuthContext() authContext: OrganizationAuthContext, @Param('name') name: string) {\n await this.apiKeyService.deleteApiKey(authContext.organizationId, authContext.userId, name)\n }\n\n @Delete(':userId/:name')\n @ApiOperation({\n summary: 'Delete API key for user',\n operationId: 'deleteApiKeyForUser',\n })\n @ApiResponse({ status: 204, description: 'API key deleted successfully.' })\n @HttpCode(204)\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.API_KEY,\n targetIdFromRequest: (req) => req.params.name,\n requestMetadata: {\n params: (req) => ({\n userId: req.params.userId,\n }),\n },\n })\n async deleteApiKeyForUser(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('userId') userId: string,\n @Param('name') name: string,\n ) {\n if (\n userId !== authContext.userId &&\n authContext.role !== SystemRole.ADMIN &&\n authContext.organizationUser?.role !== OrganizationMemberRole.OWNER\n ) {\n throw new ForbiddenException('Incorrect user ID provided')\n }\n\n await this.apiKeyService.deleteApiKey(authContext.organizationId, userId, name)\n }\n\n private validateRequestedApiKeyPermissions(\n authContext: OrganizationAuthContext,\n requestedPermissions: OrganizationResourcePermission[],\n ): void {\n if (authContext.role === SystemRole.ADMIN) {\n return\n }\n\n if (!authContext.organizationUser) {\n throw new ForbiddenException(`Insufficient permissions for assigning: ${requestedPermissions.join(', ')}`)\n }\n\n if (authContext.organizationUser.role === OrganizationMemberRole.OWNER) {\n return\n }\n\n const organizationUserPermissions = new Set(\n authContext.organizationUser.assignedRoles.flatMap((role) => role.permissions),\n )\n\n const forbiddenPermissions = requestedPermissions.filter(\n (permission) => !organizationUserPermissions.has(permission),\n )\n\n if (forbiddenPermissions.length) {\n throw new ForbiddenException(`Insufficient permissions for assigning: ${forbiddenPermissions.join(', ')}`)\n }\n }\n}\n" }, { "path": "apps/api/src/api-key/api-key.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Column, Entity, Index, PrimaryColumn } from 'typeorm'\nimport { OrganizationResourcePermission } from '../organization/enums/organization-resource-permission.enum'\n\n@Entity()\n@Index('api_key_org_user_idx', ['organizationId', 'userId'])\nexport class ApiKey {\n @PrimaryColumn({\n type: 'uuid',\n })\n organizationId: string\n\n @PrimaryColumn()\n userId: string\n\n @PrimaryColumn()\n name: string\n\n @Column({ unique: true, default: '' })\n keyHash: string\n\n @Column({\n default: '',\n })\n keyPrefix: string\n\n @Column({\n default: '',\n })\n keySuffix: string\n\n @Column({\n type: 'enum',\n enum: OrganizationResourcePermission,\n array: true,\n })\n permissions: OrganizationResourcePermission[]\n\n @Column()\n createdAt: Date\n\n @Column({ nullable: true })\n lastUsedAt?: Date\n\n @Column({ nullable: true })\n expiresAt?: Date\n}\n" }, { "path": "apps/api/src/api-key/api-key.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { ApiKeyController } from './api-key.controller'\nimport { ApiKeyService } from './api-key.service'\nimport { ApiKey } from './api-key.entity'\nimport { TypeOrmModule } from '@nestjs/typeorm'\nimport { OrganizationModule } from '../organization/organization.module'\nimport { RedisLockProvider } from '../sandbox/common/redis-lock.provider'\n\n@Module({\n imports: [OrganizationModule, TypeOrmModule.forFeature([ApiKey])],\n controllers: [ApiKeyController],\n providers: [ApiKeyService, RedisLockProvider],\n exports: [ApiKeyService],\n})\nexport class ApiKeyModule {}\n" }, { "path": "apps/api/src/api-key/api-key.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ConflictException, Injectable, Logger, NotFoundException } from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { EntityManager, Repository, ArrayOverlap } from 'typeorm'\nimport { ApiKey } from './api-key.entity'\nimport { OrganizationResourcePermission } from '../organization/enums/organization-resource-permission.enum'\nimport { RedisLockProvider } from '../sandbox/common/redis-lock.provider'\nimport { OnAsyncEvent } from '../common/decorators/on-async-event.decorator'\nimport { OrganizationEvents } from '../organization/constants/organization-events.constant'\nimport { OrganizationResourcePermissionsUnassignedEvent } from '../organization/events/organization-resource-permissions-unassigned.event'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport Redis from 'ioredis'\nimport { generateApiKeyHash, generateApiKeyValue } from '../common/utils/api-key'\n\n@Injectable()\nexport class ApiKeyService {\n private readonly logger = new Logger(ApiKeyService.name)\n\n constructor(\n @InjectRepository(ApiKey)\n private apiKeyRepository: Repository,\n private readonly redisLockProvider: RedisLockProvider,\n @InjectRedis() private readonly redis: Redis,\n ) {}\n\n private getApiKeyPrefix(value: string): string {\n return value.substring(0, 3)\n }\n\n private getApiKeySuffix(value: string): string {\n return value.slice(-3)\n }\n\n async createApiKey(\n organizationId: string,\n userId: string,\n name: string,\n permissions: OrganizationResourcePermission[],\n expiresAt?: Date,\n apiKeyValue?: string,\n ): Promise<{ apiKey: ApiKey; value: string }> {\n const existingKey = await this.apiKeyRepository.findOne({ where: { organizationId, userId, name } })\n if (existingKey) {\n throw new ConflictException('API key with this name already exists')\n }\n\n const value = apiKeyValue || generateApiKeyValue()\n\n const apiKey = await this.apiKeyRepository.save({\n organizationId,\n userId,\n name,\n keyHash: generateApiKeyHash(value),\n keyPrefix: this.getApiKeyPrefix(value),\n keySuffix: this.getApiKeySuffix(value),\n permissions,\n createdAt: new Date(),\n expiresAt,\n })\n\n return { apiKey, value }\n }\n\n async getApiKeys(organizationId: string, userId?: string): Promise {\n const apiKeys = await this.apiKeyRepository.find({\n where: { organizationId, userId },\n order: {\n lastUsedAt: {\n direction: 'DESC',\n nulls: 'LAST',\n },\n createdAt: 'DESC',\n },\n })\n\n return apiKeys\n }\n\n async getApiKeyByName(organizationId: string, userId: string, name: string): Promise {\n const apiKey = await this.apiKeyRepository.findOne({\n where: {\n organizationId,\n userId,\n name,\n },\n })\n\n if (!apiKey) {\n throw new NotFoundException('API key not found')\n }\n\n return apiKey\n }\n\n async getApiKeyByValue(value: string): Promise {\n const apiKey = await this.apiKeyRepository.findOne({\n where: {\n keyHash: generateApiKeyHash(value),\n },\n })\n\n if (!apiKey) {\n throw new NotFoundException('API key not found')\n }\n\n return apiKey\n }\n\n async deleteApiKey(organizationId: string, userId: string, name: string): Promise {\n const apiKey = await this.apiKeyRepository.findOne({ where: { organizationId, userId, name } })\n\n if (!apiKey) {\n throw new NotFoundException('API key not found')\n }\n\n await this.deleteWithEntityManager(this.apiKeyRepository.manager, apiKey)\n }\n\n async updateLastUsedAt(organizationId: string, userId: string, name: string, lastUsedAt: Date): Promise {\n const cooldownKey = `api-key-last-used-update-${organizationId}-${userId}-${name}`\n\n const aquired = await this.redisLockProvider.lock(cooldownKey, 10)\n\n // redis for cooldown period - 10 seconds\n // prevents database flooding when multiple requests are made at the same time\n if (!aquired) {\n return\n }\n\n await this.apiKeyRepository.update(\n {\n organizationId,\n userId,\n name,\n },\n { lastUsedAt },\n )\n }\n\n private async deleteWithEntityManager(entityManager: EntityManager, apiKey: ApiKey): Promise {\n await entityManager.remove(apiKey)\n // Invalidate cache when API key is deleted\n await this.invalidateApiKeyCache(apiKey.keyHash)\n }\n\n private async invalidateApiKeyCache(keyHash: string): Promise {\n try {\n const cacheKey = `api-key:validation:${keyHash}`\n await this.redis.del(cacheKey)\n this.logger.debug(`Invalidated cache for API key: ${cacheKey}`)\n } catch (error) {\n this.logger.error('Error invalidating API key cache:', error)\n }\n }\n\n @OnAsyncEvent({\n event: OrganizationEvents.PERMISSIONS_UNASSIGNED,\n })\n async handleOrganizationResourcePermissionsUnassignedEvent(\n payload: OrganizationResourcePermissionsUnassignedEvent,\n ): Promise {\n const apiKeysToRevoke = await this.apiKeyRepository.find({\n where: {\n organizationId: payload.organizationId,\n userId: payload.userId,\n permissions: ArrayOverlap(payload.unassignedPermissions),\n },\n })\n\n await Promise.all(apiKeysToRevoke.map((apiKey) => this.deleteWithEntityManager(payload.entityManager, apiKey)))\n }\n}\n" }, { "path": "apps/api/src/api-key/dto/api-key-list.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { OrganizationResourcePermission } from '../../organization/enums/organization-resource-permission.enum'\nimport { ApiKey } from '../api-key.entity'\n\n@ApiSchema({ name: 'ApiKeyList' })\nexport class ApiKeyListDto {\n @ApiProperty({\n description: 'The name of the API key',\n example: 'My API Key',\n })\n name: string\n\n @ApiProperty({\n description: 'The masked API key value',\n example: 'bb_********************def',\n })\n value: string\n\n @ApiProperty({\n description: 'When the API key was created',\n example: '2024-03-14T12:00:00.000Z',\n })\n createdAt: Date\n\n @ApiProperty({\n description: 'The list of organization resource permissions assigned to the API key',\n enum: OrganizationResourcePermission,\n isArray: true,\n })\n permissions: OrganizationResourcePermission[]\n\n @ApiProperty({\n description: 'When the API key was last used',\n example: '2024-03-14T12:00:00.000Z',\n nullable: true,\n })\n lastUsedAt?: Date\n\n @ApiProperty({\n description: 'When the API key expires',\n example: '2024-03-14T12:00:00.000Z',\n nullable: true,\n })\n expiresAt?: Date\n\n @ApiProperty({\n description: 'The user ID of the user who created the API key',\n example: '123',\n })\n userId: string\n\n constructor(partial: Partial) {\n Object.assign(this, partial)\n }\n\n static fromApiKey(apiKey: ApiKey): ApiKeyListDto {\n const maskedValue = `${apiKey.keyPrefix}********************${apiKey.keySuffix}`\n\n return new ApiKeyListDto({\n name: apiKey.name,\n value: maskedValue,\n createdAt: apiKey.createdAt,\n permissions: apiKey.permissions,\n lastUsedAt: apiKey.lastUsedAt,\n expiresAt: apiKey.expiresAt,\n userId: apiKey.userId,\n })\n }\n}\n" }, { "path": "apps/api/src/api-key/dto/api-key-response.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { OrganizationResourcePermission } from '../../organization/enums/organization-resource-permission.enum'\nimport { ApiKey } from '../api-key.entity'\n\n@ApiSchema({ name: 'ApiKeyResponse' })\nexport class ApiKeyResponseDto {\n @ApiProperty({\n description: 'The name of the API key',\n example: 'My API Key',\n })\n name: string\n\n @ApiProperty({\n description: 'The API key value',\n example: 'bb_sk_1234567890abcdef',\n })\n value: string\n\n @ApiProperty({\n description: 'When the API key was created',\n example: '2024-03-14T12:00:00.000Z',\n })\n createdAt: Date\n\n @ApiProperty({\n description: 'The list of organization resource permissions assigned to the API key',\n enum: OrganizationResourcePermission,\n isArray: true,\n })\n permissions: OrganizationResourcePermission[]\n\n @ApiProperty({\n description: 'When the API key expires',\n example: '2025-06-09T12:00:00.000Z',\n nullable: true,\n })\n expiresAt?: Date\n\n static fromApiKey(apiKey: ApiKey, value: string): ApiKeyResponseDto {\n return {\n name: apiKey.name,\n value,\n createdAt: apiKey.createdAt,\n permissions: apiKey.permissions,\n expiresAt: apiKey.expiresAt,\n }\n }\n}\n" }, { "path": "apps/api/src/api-key/dto/create-api-key.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { IsArray, IsDate, IsEnum, IsNotEmpty, IsOptional, IsString } from 'class-validator'\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { OrganizationResourcePermission } from '../../organization/enums/organization-resource-permission.enum'\nimport { Type } from 'class-transformer'\n\n@ApiSchema({ name: 'CreateApiKey' })\nexport class CreateApiKeyDto {\n @ApiProperty({\n description: 'The name of the API key',\n example: 'My API Key',\n required: true,\n })\n @IsNotEmpty()\n @IsString()\n name: string\n\n @ApiProperty({\n description: 'The list of organization resource permissions explicitly assigned to the API key',\n enum: OrganizationResourcePermission,\n isArray: true,\n required: true,\n })\n @IsArray()\n @IsEnum(OrganizationResourcePermission, { each: true })\n permissions: OrganizationResourcePermission[]\n\n @ApiPropertyOptional({\n description: 'When the API key expires',\n example: '2025-06-09T12:00:00.000Z',\n nullable: true,\n })\n @IsOptional()\n @Type(() => Date)\n @IsDate()\n expiresAt?: Date\n}\n" }, { "path": "apps/api/src/app.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module, NestModule, MiddlewareConsumer, RequestMethod, ExecutionContext } from '@nestjs/common'\nimport { VersionHeaderMiddleware } from './common/middleware/version-header.middleware'\nimport { FailedAuthRateLimitMiddleware } from './common/middleware/failed-auth-rate-limit.middleware'\nimport { AppService } from './app.service'\nimport { UserModule } from './user/user.module'\nimport { TypeOrmModule } from '@nestjs/typeorm'\nimport { SandboxModule } from './sandbox/sandbox.module'\nimport { AuthModule } from './auth/auth.module'\nimport { ServeStaticModule } from '@nestjs/serve-static'\nimport { join } from 'path'\nimport { ApiKeyModule } from './api-key/api-key.module'\nimport { seconds, ThrottlerModule } from '@nestjs/throttler'\nimport { DockerRegistryModule } from './docker-registry/docker-registry.module'\nimport { RedisModule, getRedisConnectionToken } from '@nestjs-modules/ioredis'\nimport { ScheduleModule } from '@nestjs/schedule'\nimport { EventEmitterModule } from '@nestjs/event-emitter'\nimport { UsageModule } from './usage/usage.module'\nimport { AnalyticsModule } from './analytics/analytics.module'\nimport { OrganizationModule } from './organization/organization.module'\nimport { EmailModule } from './email/email.module'\nimport { TypedConfigService } from './config/typed-config.service'\nimport { TypedConfigModule } from './config/typed-config.module'\nimport { NotificationModule } from './notification/notification.module'\nimport { WebhookModule } from './webhook/webhook.module'\nimport { ObjectStorageModule } from './object-storage/object-storage.module'\nimport { CustomNamingStrategy } from './common/utils/naming-strategy.util'\nimport { MaintenanceMiddleware } from './common/middleware/maintenance.middleware'\nimport { AuditModule } from './audit/audit.module'\nimport { HealthModule } from './health/health.module'\nimport { OpenFeatureModule } from '@openfeature/nestjs-sdk'\nimport { OpenFeaturePostHogProvider } from './common/providers/openfeature-posthog.provider'\nimport { LoggerModule } from 'nestjs-pino'\nimport { getPinoTransport, swapMessageAndObject } from './common/utils/pino.util'\nimport { Redis } from 'ioredis'\nimport { ThrottlerStorageRedisService } from '@nest-lab/throttler-storage-redis'\nimport { RegionModule } from './region/region.module'\nimport { BodyParserErrorModule } from './common/modules/body-parser-error.module'\nimport { AdminModule } from './admin/admin.module'\nimport { ClickHouseModule } from './clickhouse/clickhouse.module'\nimport { SandboxTelemetryModule } from './sandbox-telemetry/sandbox-telemetry.module'\n\n@Module({\n imports: [\n LoggerModule.forRootAsync({\n useFactory: (configService: TypedConfigService) => {\n const logConfig = configService.get('log')\n const isProduction = configService.get('production')\n return {\n pinoHttp: {\n autoLogging: logConfig.requests.enabled,\n level: logConfig.level,\n hooks: {\n logMethod: swapMessageAndObject,\n },\n quietReqLogger: true,\n transport: getPinoTransport(isProduction, logConfig),\n },\n }\n },\n inject: [TypedConfigService],\n }),\n TypedConfigModule.forRoot({\n isGlobal: true,\n }),\n TypeOrmModule.forRootAsync({\n inject: [TypedConfigService],\n useFactory: (configService: TypedConfigService) => {\n return {\n type: 'postgres',\n host: configService.getOrThrow('database.host'),\n port: configService.getOrThrow('database.port'),\n username: configService.getOrThrow('database.username'),\n password: configService.getOrThrow('database.password'),\n database: configService.getOrThrow('database.database'),\n autoLoadEntities: true,\n migrations: [join(__dirname, 'migrations/**/*-migration.{ts,js}')],\n migrationsRun: configService.get('runMigrations') || !configService.getOrThrow('production'),\n namingStrategy: new CustomNamingStrategy(),\n manualInitialization: configService.get('skipConnections'),\n ssl: configService.get('database.tls.enabled')\n ? {\n rejectUnauthorized: configService.get('database.tls.rejectUnauthorized'),\n }\n : undefined,\n extra: {\n max: configService.get('database.pool.max'),\n min: configService.get('database.pool.min'),\n idleTimeoutMillis: configService.get('database.pool.idleTimeoutMillis'),\n connectionTimeoutMillis: configService.get('database.pool.connectionTimeoutMillis'),\n },\n cache: {\n type: 'ioredis',\n ignoreErrors: true,\n options: configService.getRedisConfig({ keyPrefix: 'typeorm:' }),\n },\n entitySkipConstructor: true,\n }\n },\n }),\n BodyParserErrorModule,\n ServeStaticModule.forRoot({\n rootPath: join(__dirname, '..'),\n exclude: ['/api/{*path}'],\n renderPath: '/runner-amd64',\n serveStaticOptions: {\n cacheControl: false,\n },\n }),\n ServeStaticModule.forRoot({\n rootPath: join(__dirname, '..', 'dashboard'),\n exclude: ['/api/{*path}'],\n renderPath: '/',\n serveStaticOptions: {\n cacheControl: false,\n },\n }),\n RedisModule.forRootAsync({\n inject: [TypedConfigService],\n useFactory: (configService: TypedConfigService) => ({\n type: 'single',\n options: configService.getRedisConfig(),\n }),\n }),\n RedisModule.forRootAsync(\n {\n inject: [TypedConfigService],\n useFactory: (configService: TypedConfigService) => ({\n type: 'single',\n options: configService.getRedisConfig({ db: 1 }),\n }),\n },\n 'throttler',\n ),\n ThrottlerModule.forRootAsync({\n useFactory: async (redis: Redis, configService: TypedConfigService) => {\n const rateLimit = configService.get('rateLimit')\n const throttlers = [\n { name: 'anonymous', config: rateLimit.anonymous },\n { name: 'failed-auth', config: rateLimit.failedAuth },\n { name: 'authenticated', config: rateLimit.authenticated },\n { name: 'sandbox-create', config: rateLimit.sandboxCreate },\n { name: 'sandbox-lifecycle', config: rateLimit.sandboxLifecycle },\n ]\n .filter(({ config }) => config.ttl !== undefined && config.limit !== undefined)\n .map(({ name, config }) => ({\n name,\n ttl: seconds(config.ttl),\n limit: config.limit,\n }))\n\n return {\n throttlers,\n storage: new ThrottlerStorageRedisService(redis),\n }\n },\n inject: [getRedisConnectionToken('throttler'), TypedConfigService],\n }),\n EventEmitterModule.forRoot({\n maxListeners: 100,\n }),\n ApiKeyModule,\n AuthModule,\n UserModule,\n SandboxModule,\n DockerRegistryModule,\n ScheduleModule.forRoot(),\n UsageModule,\n AnalyticsModule,\n OrganizationModule,\n RegionModule,\n AdminModule,\n EmailModule.forRootAsync({\n inject: [TypedConfigService],\n useFactory: (configService: TypedConfigService) => {\n return {\n host: configService.get('smtp.host'),\n port: configService.get('smtp.port'),\n user: configService.get('smtp.user'),\n password: configService.get('smtp.password'),\n secure: configService.get('smtp.secure'),\n from: configService.get('smtp.from'),\n dashboardUrl: configService.getOrThrow('dashboardUrl'),\n }\n },\n }),\n NotificationModule,\n WebhookModule,\n ObjectStorageModule,\n AuditModule,\n HealthModule,\n ClickHouseModule,\n SandboxTelemetryModule,\n OpenFeatureModule.forRoot({\n contextFactory: (request: ExecutionContext) => {\n const req = request.switchToHttp().getRequest()\n\n return {\n targetingKey: req.user?.userId,\n organizationId: req.user?.organizationId,\n }\n },\n defaultProvider: new OpenFeaturePostHogProvider({\n clientOptions: {\n host: process.env.POSTHOG_HOST,\n },\n apiKey: process.env.POSTHOG_API_KEY,\n }),\n }),\n ],\n controllers: [],\n providers: [AppService],\n})\nexport class AppModule implements NestModule {\n configure(consumer: MiddlewareConsumer) {\n consumer.apply(VersionHeaderMiddleware).forRoutes({ path: '{*path}', method: RequestMethod.ALL })\n consumer.apply(FailedAuthRateLimitMiddleware).forRoutes({ path: '{*path}', method: RequestMethod.ALL })\n consumer.apply(MaintenanceMiddleware).forRoutes({ path: '{*path}', method: RequestMethod.ALL })\n }\n}\n" }, { "path": "apps/api/src/app.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger, OnApplicationBootstrap, OnApplicationShutdown } from '@nestjs/common'\nimport { DockerRegistryService } from './docker-registry/services/docker-registry.service'\nimport { RegistryType } from './docker-registry/enums/registry-type.enum'\nimport { OrganizationService } from './organization/services/organization.service'\nimport { UserService } from './user/user.service'\nimport { ApiKeyService } from './api-key/api-key.service'\nimport { EventEmitterReadinessWatcher } from '@nestjs/event-emitter'\nimport { SnapshotService } from './sandbox/services/snapshot.service'\nimport { SystemRole } from './user/enums/system-role.enum'\nimport { TypedConfigService } from './config/typed-config.service'\nimport { SchedulerRegistry } from '@nestjs/schedule'\nimport { RegionService } from './region/services/region.service'\nimport { RunnerService } from './sandbox/services/runner.service'\nimport { RunnerAdapterFactory } from './sandbox/runner-adapter/runnerAdapter'\nimport { RegionType } from './region/enums/region-type.enum'\nimport { RunnerState } from './sandbox/enums/runner-state.enum'\n\nexport const DAYTONA_ADMIN_USER_ID = 'daytona-admin'\n\n@Injectable()\nexport class AppService implements OnApplicationBootstrap, OnApplicationShutdown {\n private readonly logger = new Logger(AppService.name)\n\n constructor(\n private readonly dockerRegistryService: DockerRegistryService,\n private readonly configService: TypedConfigService,\n private readonly userService: UserService,\n private readonly organizationService: OrganizationService,\n private readonly apiKeyService: ApiKeyService,\n private readonly eventEmitterReadinessWatcher: EventEmitterReadinessWatcher,\n private readonly snapshotService: SnapshotService,\n private readonly schedulerRegistry: SchedulerRegistry,\n private readonly regionService: RegionService,\n private readonly runnerService: RunnerService,\n private readonly runnerAdapterFactory: RunnerAdapterFactory,\n ) {}\n\n async onApplicationShutdown(signal?: string) {\n this.logger.log(`Received shutdown signal: ${signal}. Shutting down gracefully...`)\n await this.stopAllCronJobs()\n }\n\n async onApplicationBootstrap() {\n if (this.configService.get('disableCronJobs') || this.configService.get('maintananceMode')) {\n await this.stopAllCronJobs()\n }\n\n await this.eventEmitterReadinessWatcher.waitUntilReady()\n\n await this.initializeDefaultRegion()\n await this.initializeAdminUser()\n await this.initializeTransientRegistry()\n await this.initializeBackupRegistry()\n await this.initializeInternalRegistry()\n await this.initializeBackupRegistry()\n\n // Default runner init is not awaited because v2 runners depend on the API to be ready\n this.initializeDefaultRunner()\n .then(() => this.initializeDefaultSnapshot())\n .catch((error) => {\n this.logger.error('Error initializing default runner', error)\n })\n }\n\n private async stopAllCronJobs(): Promise {\n for (const cronName of this.schedulerRegistry.getCronJobs().keys()) {\n this.logger.debug(`Stopping cron job: ${cronName}`)\n this.schedulerRegistry.deleteCronJob(cronName)\n }\n }\n\n private async initializeDefaultRegion(): Promise {\n const existingRegion = await this.regionService.findOne(this.configService.getOrThrow('defaultRegion.id'))\n if (existingRegion) {\n return\n }\n\n this.logger.log('Initializing default region...')\n\n await this.regionService.create(\n {\n id: this.configService.getOrThrow('defaultRegion.id'),\n name: this.configService.getOrThrow('defaultRegion.name'),\n enforceQuotas: this.configService.getOrThrow('defaultRegion.enforceQuotas'),\n regionType: RegionType.SHARED,\n },\n null,\n )\n\n this.logger.log(`Default region created successfully: ${this.configService.getOrThrow('defaultRegion.name')}`)\n }\n\n private async initializeDefaultRunner(): Promise {\n if (!this.configService.get('defaultRunner.name')) {\n return\n }\n\n const defaultRegionId = this.configService.getOrThrow('defaultRegion.id')\n\n const existingRunners = await this.runnerService.findAllByRegion(defaultRegionId)\n if (\n existingRunners.length > 0 &&\n existingRunners.some((r) => r.name === this.configService.get('defaultRunner.name'))\n ) {\n return\n }\n\n this.logger.log(`Creating default runner: ${this.configService.getOrThrow('defaultRunner.name')}`)\n\n const runnerVersion = this.configService.getOrThrow('defaultRunner.apiVersion')\n\n if (runnerVersion === '0') {\n const { runner } = await this.runnerService.create({\n apiUrl: this.configService.getOrThrow('defaultRunner.apiUrl'),\n proxyUrl: this.configService.getOrThrow('defaultRunner.proxyUrl'),\n apiKey: this.configService.getOrThrow('defaultRunner.apiKey'),\n cpu: this.configService.getOrThrow('defaultRunner.cpu'),\n memoryGiB: this.configService.getOrThrow('defaultRunner.memory'),\n diskGiB: this.configService.getOrThrow('defaultRunner.disk'),\n regionId: this.configService.getOrThrow('defaultRegion.id'),\n domain: this.configService.getOrThrow('defaultRunner.domain'),\n apiVersion: runnerVersion,\n name: this.configService.getOrThrow('defaultRunner.name'),\n })\n\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n this.logger.log(`Waiting for runner ${runner.name} to be healthy...`)\n for (let i = 0; i < 30; i++) {\n try {\n await runnerAdapter.healthCheck()\n this.logger.log(`Runner ${runner.name} is healthy`)\n return\n } catch {\n // ignore\n }\n await new Promise((resolve) => setTimeout(resolve, 1000))\n }\n } else if (runnerVersion === '2') {\n const { runner } = await this.runnerService.create({\n apiKey: this.configService.getOrThrow('defaultRunner.apiKey'),\n regionId: this.configService.getOrThrow('defaultRegion.id'),\n apiVersion: runnerVersion,\n name: this.configService.getOrThrow('defaultRunner.name'),\n })\n\n this.logger.log(`Waiting for runner ${runner.name} to be healthy...`)\n for (let i = 0; i < 30; i++) {\n const { state } = await this.runnerService.findOneFullOrFail(runner.id)\n if (state === RunnerState.READY) {\n this.logger.log(`Runner ${runner.name} is healthy`)\n return\n }\n await new Promise((resolve) => setTimeout(resolve, 1000))\n }\n }\n\n this.logger.log(\n `Default runner ${this.configService.getOrThrow('defaultRunner.name')} created successfully but didn't pass health check`,\n )\n }\n\n private async initializeAdminUser(): Promise {\n if (await this.userService.findOne(DAYTONA_ADMIN_USER_ID)) {\n return\n }\n\n const user = await this.userService.create({\n id: DAYTONA_ADMIN_USER_ID,\n name: 'Daytona Admin',\n personalOrganizationQuota: {\n totalCpuQuota: this.configService.getOrThrow('admin.totalCpuQuota'),\n totalMemoryQuota: this.configService.getOrThrow('admin.totalMemoryQuota'),\n totalDiskQuota: this.configService.getOrThrow('admin.totalDiskQuota'),\n maxCpuPerSandbox: this.configService.getOrThrow('admin.maxCpuPerSandbox'),\n maxMemoryPerSandbox: this.configService.getOrThrow('admin.maxMemoryPerSandbox'),\n maxDiskPerSandbox: this.configService.getOrThrow('admin.maxDiskPerSandbox'),\n snapshotQuota: this.configService.getOrThrow('admin.snapshotQuota'),\n maxSnapshotSize: this.configService.getOrThrow('admin.maxSnapshotSize'),\n volumeQuota: this.configService.getOrThrow('admin.volumeQuota'),\n },\n personalOrganizationDefaultRegionId: this.configService.getOrThrow('defaultRegion.id'),\n role: SystemRole.ADMIN,\n })\n const personalOrg = await this.organizationService.findPersonal(user.id)\n const { value } = await this.apiKeyService.createApiKey(\n personalOrg.id,\n user.id,\n DAYTONA_ADMIN_USER_ID,\n [],\n undefined,\n this.configService.getOrThrow('admin.apiKey'),\n )\n this.logger.log(\n `\n=========================================\n=========================================\nAdmin user created with API key: ${value}\n=========================================\n=========================================`,\n )\n }\n\n private async initializeTransientRegistry(): Promise {\n const existingRegistry = await this.dockerRegistryService.getAvailableTransientRegistry(\n this.configService.getOrThrow('defaultRegion.id'),\n )\n if (existingRegistry) {\n return\n }\n\n const registryUrl = this.configService.getOrThrow('transientRegistry.url')\n const registryAdmin = this.configService.getOrThrow('transientRegistry.admin')\n const registryPassword = this.configService.getOrThrow('transientRegistry.password')\n const registryProjectId = this.configService.getOrThrow('transientRegistry.projectId')\n\n if (!registryUrl || !registryAdmin || !registryPassword || !registryProjectId) {\n this.logger.warn('Registry configuration not found, skipping transient registry setup')\n return\n }\n\n this.logger.log('Initializing default transient registry...')\n\n await this.dockerRegistryService.create({\n name: 'Transient Registry',\n url: registryUrl,\n username: registryAdmin,\n password: registryPassword,\n project: registryProjectId,\n registryType: RegistryType.TRANSIENT,\n isDefault: true,\n })\n\n this.logger.log('Default transient registry initialized successfully')\n }\n\n private async initializeInternalRegistry(): Promise {\n const existingRegistry = await this.dockerRegistryService.getAvailableInternalRegistry(\n this.configService.getOrThrow('defaultRegion.id'),\n )\n if (existingRegistry) {\n return\n }\n\n const registryUrl = this.configService.getOrThrow('internalRegistry.url')\n const registryAdmin = this.configService.getOrThrow('internalRegistry.admin')\n const registryPassword = this.configService.getOrThrow('internalRegistry.password')\n const registryProjectId = this.configService.getOrThrow('internalRegistry.projectId')\n\n if (!registryUrl || !registryAdmin || !registryPassword || !registryProjectId) {\n this.logger.warn('Registry configuration not found, skipping internal registry setup')\n return\n }\n\n this.logger.log('Initializing default internal registry...')\n\n await this.dockerRegistryService.create({\n name: 'Internal Registry',\n url: registryUrl,\n username: registryAdmin,\n password: registryPassword,\n project: registryProjectId,\n registryType: RegistryType.INTERNAL,\n isDefault: true,\n })\n\n this.logger.log('Default internal registry initialized successfully')\n }\n\n private async initializeBackupRegistry(): Promise {\n const existingRegistry = await this.dockerRegistryService.getAvailableBackupRegistry(\n this.configService.getOrThrow('defaultRegion.id'),\n )\n if (existingRegistry) {\n return\n }\n\n const registryUrl = this.configService.getOrThrow('internalRegistry.url')\n const registryAdmin = this.configService.getOrThrow('internalRegistry.admin')\n const registryPassword = this.configService.getOrThrow('internalRegistry.password')\n const registryProjectId = this.configService.getOrThrow('internalRegistry.projectId')\n\n if (!registryUrl || !registryAdmin || !registryPassword || !registryProjectId) {\n this.logger.warn('Registry configuration not found, skipping backup registry setup')\n return\n }\n\n this.logger.log('Initializing default backup registry...')\n\n await this.dockerRegistryService.create(\n {\n name: 'Backup Registry',\n url: registryUrl,\n username: registryAdmin,\n password: registryPassword,\n project: registryProjectId,\n registryType: RegistryType.BACKUP,\n isDefault: true,\n },\n undefined,\n true,\n )\n\n this.logger.log('Default backup registry initialized successfully')\n }\n\n private async initializeDefaultSnapshot(): Promise {\n const adminPersonalOrg = await this.organizationService.findPersonal(DAYTONA_ADMIN_USER_ID)\n\n try {\n const existingSnapshot = await this.snapshotService.getSnapshotByName(\n this.configService.getOrThrow('defaultSnapshot'),\n adminPersonalOrg.id,\n )\n if (existingSnapshot) {\n return\n }\n } catch {\n this.logger.log('Default snapshot not found, creating...')\n }\n\n const defaultSnapshot = this.configService.getOrThrow('defaultSnapshot')\n\n await this.snapshotService.createFromPull(\n adminPersonalOrg,\n {\n name: defaultSnapshot,\n imageName: defaultSnapshot,\n },\n true,\n )\n\n this.logger.log('Default snapshot created successfully')\n }\n}\n" }, { "path": "apps/api/src/assets/.gitkeep", "content": "" }, { "path": "apps/api/src/assets/templates/organization-invitation.template.ejs", "content": "\n\n\n \n \n Daytona Organization Invitation\n\n\n \n \n \n \n \n \n
\n
\n \n \n \n \n \n \n
\n \n \n \n \n \n \n
\n \n \n \n \n \n \n
\n \"Daytona \n \n \n \n \n \n \n
 
\n

<% if (invitedBy) { %><%= invitedBy %> has invited you to join the <%= organizationName %> organization<% } else { %>You have been invited to join the <%= organizationName %> organization<% } %>

\n \n \n \n \n \n \n
 
\n

This invitation expires on <%= expiresAt %>

\n \n \n \n \n \n \n
 
\n \n \n \n \n \n \n
\n \n \n \n \n \n \n
\n \n \n \n \n \n \n
\">Join <%= organizationName %>
\n
\n
\n \n \n \n \n \n \n
 
\n

Button not working? Paste the following link into your browser:
\"><%= invitationLink %>

\n
\n
\n
\n \n \n \n \n \n \n
\n \n \n \n \n \n \n
 
\n

* If you were not expecting this invitation, please disregard this email.

\n \n \n \n \n \n \n
 
\n

Copyright © <%= new Date().getFullYear() %> Daytona Platforms, Inc. All Rights Reserved

\n
\n
\n
\n
                                                           
\n\n" }, { "path": "apps/api/src/audit/adapters/audit-opensearch.adapter.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { BadRequestException, Logger, OnModuleInit } from '@nestjs/common'\nimport { errors } from '@opensearch-project/opensearch'\nimport { AuditLog } from '../entities/audit-log.entity'\nimport { PaginatedList } from '../../common/interfaces/paginated-list.interface'\nimport { AuditLogStorageAdapter } from '../interfaces/audit-storage.interface'\nimport { AuditLogFilter } from '../interfaces/audit-filter.interface'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { OpensearchClient } from 'nestjs-opensearch'\nimport { PolicyEnvelope } from '@opensearch-project/opensearch/api/_types/ism._common.js'\nimport { QueryContainer } from '@opensearch-project/opensearch/api/_types/_common.query_dsl.js'\nimport { Bulk_RequestBody, Search_RequestBody, Search_Response } from '@opensearch-project/opensearch/api/index.js'\nimport { TotalHits } from '@opensearch-project/opensearch/api/_types/_core.search.js'\nimport { isMatch } from 'es-toolkit/compat'\n\n// Safe limit for offset-based pagination to avoid hitting OpenSearch's 10000 limit\nconst MAX_OFFSET_PAGINATION_LIMIT = 10000\n\nexport class AuditOpenSearchStorageAdapter implements AuditLogStorageAdapter, OnModuleInit {\n private readonly logger = new Logger(AuditOpenSearchStorageAdapter.name)\n private indexName: string\n\n constructor(\n private readonly configService: TypedConfigService,\n private readonly client: OpensearchClient,\n ) {\n this.indexName = configService.getOrThrow('audit.publish.opensearchIndexName')\n }\n\n async onModuleInit(): Promise {\n await this.putIndexTemplate()\n await this.setupISM()\n await this.createDataStream()\n\n this.logger.log('OpenSearch audit storage adapter initialized')\n }\n\n async write(auditLogs: AuditLog[]): Promise {\n try {\n const documents = auditLogs.map((auditLog) => ({\n '@timestamp': new Date(), // Required field for data streams\n ...auditLog,\n }))\n\n // Include document ID to prevent duplicates\n const bulkBody: Bulk_RequestBody = documents.flatMap((document) => [\n { create: { _index: this.indexName, _id: document.id } },\n document,\n ])\n\n const response = await this.client.bulk({\n body: bulkBody,\n refresh: false,\n })\n\n if (response.body.errors) {\n const errors = response.body.items\n .filter((item: any) => item.create?.error)\n .map((item: any) => item.create.error)\n\n // Check if any errors are not 409 (idempotent errors are OK) or version conflicts (also idempotent)\n const nonIdempotentErrors = errors.filter(\n (error: any) => error.status !== 409 && error.type !== 'version_conflict_engine_exception',\n )\n\n if (nonIdempotentErrors.length > 0) {\n throw new Error(`OpenSearch bulk operation failed: ${JSON.stringify(nonIdempotentErrors)}`)\n }\n }\n\n this.logger.debug(`Saved ${auditLogs.length} audit logs to OpenSearch`)\n } catch (error) {\n this.logger.error(`Failed to save audit log to OpenSearch: ${error.message}`)\n throw error\n }\n }\n\n async getAllLogs(\n page?: number,\n limit?: number,\n filters?: AuditLogFilter,\n nextToken?: string,\n ): Promise> {\n const query = this.buildDateRangeQuery(filters)\n const searchBody = this.buildSearchBody(query, page, limit, nextToken)\n const response = await this.executeSearch(searchBody)\n return this.processSearchResponse(response, page, limit, nextToken, query)\n }\n\n async getOrganizationLogs(\n organizationId: string,\n page?: number,\n limit?: number,\n filters?: AuditLogFilter,\n nextToken?: string,\n ): Promise> {\n if (!organizationId) {\n throw new Error('Organization ID is required')\n }\n\n const query = this.buildOrganizationQuery(organizationId, filters)\n const searchBody = this.buildSearchBody(query, page, limit, nextToken)\n const response = await this.executeSearch(searchBody)\n return this.processSearchResponse(response, page, limit, nextToken, query)\n }\n\n private async createDataStream() {\n try {\n await this.client.indices.createDataStream({ name: this.indexName })\n this.logger.debug(`Created data stream: ${this.indexName}.`)\n } catch (error) {\n if (error instanceof errors.ResponseError && error.body.error.type === 'resource_already_exists_exception') {\n this.logger.debug(`Data stream already exists: ${this.indexName}. Skipping creation.`)\n return\n }\n throw error\n }\n }\n\n private async putIndexTemplate() {\n const templateName = `${this.indexName}-template`\n await this.client.indices.putIndexTemplate({\n name: templateName,\n body: {\n index_patterns: [`${this.indexName}*`],\n data_stream: {},\n template: {\n settings: {\n index: {\n number_of_shards: 1,\n number_of_replicas: 1,\n },\n },\n mappings: {\n dynamic: 'true',\n dynamic_templates: [\n {\n ids_as_keyword: {\n match: '*Id',\n mapping: { type: 'keyword', index: true },\n },\n },\n {\n default_strings: {\n match: '*',\n match_mapping_type: 'string',\n mapping: { type: 'keyword', index: false },\n },\n },\n {\n non_queryable_fields: {\n match: '*',\n match_mapping_type: 'object',\n mapping: {\n type: 'object',\n enabled: false,\n },\n },\n },\n ],\n properties: {\n id: { type: 'keyword' },\n actorEmail: { type: 'keyword' },\n action: { type: 'keyword' },\n targetType: { type: 'keyword' },\n statusCode: { type: 'integer' },\n createdAt: { type: 'date' },\n },\n },\n },\n },\n })\n }\n\n private mapSourceToAuditLog(source: any): AuditLog {\n return new AuditLog({\n id: source.id,\n actorId: source.actorId,\n actorEmail: source.actorEmail,\n organizationId: source.organizationId,\n action: source.action,\n targetType: source.targetType,\n targetId: source.targetId,\n statusCode: source.statusCode,\n errorMessage: source.errorMessage,\n ipAddress: source.ipAddress,\n userAgent: source.userAgent,\n source: source.source,\n metadata: source.metadata,\n createdAt: new Date(source.createdAt),\n })\n }\n\n private async setupISM(): Promise {\n try {\n const retentionDays = this.configService.get('audit.retentionDays') || 0\n if (!retentionDays || retentionDays < 1) {\n this.logger.debug('Audit log retention not configured, skipping ISM setup')\n return\n }\n\n await this.createISMPolicy(retentionDays)\n await this.applyISMPolicyToIndexTemplate()\n\n this.logger.debug(`OpenSearch ISM policy configured for ${retentionDays} days retention`)\n } catch (error) {\n this.logger.warn(`Failed to setup ISM policy: ${error.message}`)\n }\n }\n\n private async createISMPolicy(retentionDays: number): Promise {\n const policyName = `${this.indexName}-lifecycle-policy`\n\n const policy: PolicyEnvelope = {\n policy: {\n description: `Lifecycle policy for audit logs with ${retentionDays} days retention`,\n default_state: 'hot',\n states: [\n {\n name: 'hot',\n actions: [\n {\n rollover: {\n // incorrect client type definitions\n // ref: https://github.com/opensearch-project/opensearch-js/issues/1001\n min_index_age: '30d' as any,\n min_primary_shard_size: '20gb' as any,\n min_doc_count: 20_000_000,\n },\n },\n ],\n transitions: [\n {\n state_name: 'delete',\n conditions: {\n min_index_age: `${retentionDays}d`, // Delete after retention period\n },\n },\n ],\n },\n {\n name: 'delete',\n actions: [\n {\n delete: {},\n },\n ],\n },\n ],\n ism_template: [\n {\n index_patterns: [`${this.indexName}*`],\n priority: 100,\n },\n ],\n },\n }\n\n try {\n // Check does policy already exist\n const existingPolicy = await this.client.ism.getPolicy({\n policy_id: policyName,\n })\n\n // Check does policy need to be updated\n if (isMatch(existingPolicy.body, policy)) {\n this.logger.debug(`ISM policy ${policyName} is up to date`)\n } else {\n this.logger.debug(`ISM policy ${policyName} is out of date. Updating it.`)\n await this.client.ism.putPolicy({\n policy_id: policyName,\n if_primary_term: existingPolicy.body._primary_term,\n if_seq_no: existingPolicy.body._seq_no,\n body: policy,\n })\n this.logger.debug(`ISM policy ${policyName} updated`)\n }\n } catch (error) {\n if (error instanceof errors.ResponseError && error.statusCode === 404) {\n this.logger.debug(`ISM policy ${policyName} not found, creating it.`)\n await this.client.ism.putPolicy({\n policy_id: policyName,\n body: policy,\n })\n this.logger.debug(`ISM policy ${policyName} created`)\n return\n }\n this.logger.error(`Failed to create ISM policy`, error)\n throw error\n }\n }\n\n private async applyISMPolicyToIndexTemplate(): Promise {\n const templateName = `${this.indexName}-template`\n const policyName = `${this.indexName}-lifecycle-policy`\n\n try {\n // Get existing template\n const existingTemplate = await this.client.indices.getIndexTemplate({\n name: templateName,\n })\n\n if (!existingTemplate.body?.index_templates?.[0]) {\n this.logger.debug(`Index template ${templateName} not found, cannot apply ILM policy`)\n return\n }\n\n // Update template with ILM policy\n const template = existingTemplate.body.index_templates[0].index_template\n\n // Add ILM settings to the template\n if (!template.template) template.template = {}\n if (!template.template.settings) template.template.settings = {}\n if (!template.template.settings.index) template.template.settings.index = {}\n\n template.template.settings.index = {\n ...template.template.settings.index,\n 'plugins.index_state_management.policy_id': policyName,\n 'plugins.index_state_management.rollover_alias': this.indexName,\n number_of_shards: 1,\n number_of_replicas: 1,\n refresh_interval: '5s',\n }\n\n // Update the template\n await this.client.indices.putIndexTemplate({\n name: templateName,\n body: template,\n })\n\n this.logger.debug(`Applied ILM policy ${policyName} to index template ${templateName}`)\n } catch (error) {\n this.logger.error(`Failed to apply ILM policy to index template: ${error.message}`)\n }\n }\n\n private buildDateRangeQuery(filters?: AuditLogFilter): QueryContainer {\n return {\n bool: {\n filter: [\n {\n range: {\n createdAt: {\n gte: filters?.from?.toISOString(),\n lte: filters?.to?.toISOString(),\n },\n },\n },\n ],\n },\n }\n }\n\n private buildOrganizationQuery(organizationId: string, filters?: AuditLogFilter): QueryContainer {\n return {\n bool: {\n filter: [\n {\n term: { organizationId },\n },\n {\n range: {\n createdAt: {\n gte: filters?.from?.toISOString(),\n lte: filters?.to?.toISOString(),\n },\n },\n },\n ],\n },\n }\n }\n\n private buildSearchBody(\n query: QueryContainer,\n page?: number,\n limit?: number,\n nextToken?: string,\n ): Search_RequestBody {\n const size = limit\n const searchBody: Search_RequestBody = {\n query,\n sort: [{ createdAt: { order: 'desc' } }, { id: { order: 'desc' } }],\n size: size + 1, // Request one extra to check if there are more results\n }\n\n if (nextToken) {\n // Cursor-based pagination using search_after\n try {\n const searchAfter = JSON.parse(Buffer.from(nextToken, 'base64').toString())\n searchBody.search_after = searchAfter\n this.logger.debug(`Using cursor-based pagination with search_after: ${JSON.stringify(searchAfter)}`)\n } catch {\n throw new BadRequestException(`Invalid nextToken provided: ${nextToken}`)\n }\n } else {\n // Offset-based pagination - only use when within safe limits\n const from = (page - 1) * limit\n if (from + size <= MAX_OFFSET_PAGINATION_LIMIT) {\n searchBody.from = from\n this.logger.debug(`Using offset-based pagination: from=${from}, size=${size + 1}`)\n } else {\n throw new BadRequestException(\n `Offset-based pagination not supported for page ${page} with limit ${limit}. Please use cursor-based pagination with nextToken parameter instead.`,\n )\n }\n }\n\n return searchBody\n }\n\n private async executeSearch(searchBody: Search_RequestBody) {\n return await this.client.search({\n index: this.indexName,\n body: searchBody,\n track_total_hits: MAX_OFFSET_PAGINATION_LIMIT,\n })\n }\n\n private async processSearchResponse(\n response: Search_Response,\n page?: number,\n limit?: number,\n nextToken?: string,\n query?: QueryContainer,\n ): Promise> {\n const size = limit\n const hits = response.body.hits?.hits || []\n const totalHits = response.body.hits?.total as TotalHits\n const hasMore = hits.length > size\n const items = hasMore ? hits.slice(0, size) : hits\n\n // Generate nextToken when there are more results and we're approaching limits\n let nextTokenResult: string | undefined\n const currentOffset = nextToken ? 0 : (page - 1) * limit // If using cursor, we don't know the exact offset\n const nextPageOffset = currentOffset + limit\n const wouldExceedLimit = nextPageOffset >= MAX_OFFSET_PAGINATION_LIMIT\n\n // Only generate nextToken if we're already using cursor pagination OR if the next page would exceed the limit\n if (hasMore && items.length > 0 && (nextToken || wouldExceedLimit)) {\n const lastItem = items[items.length - 1]\n const searchAfter = [lastItem._source.createdAt, lastItem._source.id]\n nextTokenResult = Buffer.from(JSON.stringify(searchAfter)).toString('base64')\n }\n\n let total = totalHits?.value\n let totalPages = Math.ceil(total / limit)\n if (totalHits?.relation === 'gte') {\n // TODO: This should be cached to avoid hitting OpenSearch for every request\n const totalResponse = await this.client.count({\n index: this.indexName,\n body: { query },\n })\n total = totalResponse.body.count\n totalPages = Math.ceil(total / limit)\n }\n\n return {\n items: items.map((hit) => this.mapSourceToAuditLog(hit._source)),\n total,\n page: page || 1,\n totalPages,\n nextToken: nextTokenResult,\n }\n }\n}\n" }, { "path": "apps/api/src/audit/adapters/audit-typeorm.adapter.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Logger } from '@nestjs/common'\nimport { AuditLogStorageAdapter } from '../interfaces/audit-storage.interface'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { AuditLog } from '../entities/audit-log.entity'\nimport { FindManyOptions, Repository } from 'typeorm'\nimport { PaginatedList } from '../../common/interfaces/paginated-list.interface'\nimport { AuditLogFilter } from '../interfaces/audit-filter.interface'\nimport { createRangeFilter } from '../../common/utils/range-filter'\n\nexport class AuditTypeormStorageAdapter implements AuditLogStorageAdapter {\n private readonly logger = new Logger(AuditTypeormStorageAdapter.name)\n\n constructor(\n @InjectRepository(AuditLog)\n private readonly auditLogRepository: Repository,\n ) {}\n\n async write(auditLogs: AuditLog[]): Promise {\n throw new Error('Typeorm adapter does not support writing audit logs.')\n }\n\n async getAllLogs(page?: number, limit = 1000, filters?: AuditLogFilter): Promise> {\n const options: FindManyOptions = {\n order: {\n createdAt: 'DESC',\n },\n skip: (page - 1) * limit,\n take: limit,\n where: {\n createdAt: createRangeFilter(filters?.from, filters?.to),\n },\n }\n\n const [items, total] = await this.auditLogRepository.findAndCount(options)\n\n return {\n items,\n total,\n page: page,\n totalPages: Math.ceil(total / limit),\n }\n }\n\n async getOrganizationLogs(\n organizationId: string,\n page?: number,\n limit = 1000,\n filters?: AuditLogFilter,\n ): Promise> {\n const options: FindManyOptions = {\n order: {\n createdAt: 'DESC',\n },\n skip: (page - 1) * limit,\n take: limit,\n where: [\n {\n organizationId,\n createdAt: createRangeFilter(filters?.from, filters?.to),\n },\n ],\n }\n\n const [items, total] = await this.auditLogRepository.findAndCount(options)\n\n return {\n items,\n total,\n page: page,\n totalPages: Math.ceil(total / limit),\n }\n }\n}\n" }, { "path": "apps/api/src/audit/audit.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { TypeOrmModule } from '@nestjs/typeorm'\nimport { OrganizationModule } from '../organization/organization.module'\nimport { AuditLog } from './entities/audit-log.entity'\nimport { AuditService } from './services/audit.service'\nimport { AuditInterceptor } from './interceptors/audit.interceptor'\nimport { AuditLogSubscriber } from './subscribers/audit-log.subscriber'\nimport { RedisLockProvider } from '../sandbox/common/redis-lock.provider'\nimport { AuditController } from './controllers/audit.controller'\nimport { AuditKafkaConsumerController } from './publishers/kafka/audit-kafka-consumer.controller'\nimport { ClientsModule, Transport } from '@nestjs/microservices'\nimport { TypedConfigService } from '../config/typed-config.service'\nimport { Partitioners } from 'kafkajs'\nimport { OpensearchModule } from 'nestjs-opensearch'\nimport { AuditStorageAdapterProvider } from './providers/audit-storage.provider'\nimport { AuditPublisherProvider } from './providers/audit-publisher.provider'\nimport { AUDIT_KAFKA_SERVICE } from './constants/audit-tokens'\n\n@Module({\n imports: [\n OrganizationModule,\n TypeOrmModule.forFeature([AuditLog]),\n ClientsModule.registerAsync([\n {\n name: AUDIT_KAFKA_SERVICE,\n inject: [TypedConfigService],\n useFactory: (configService: TypedConfigService) => {\n return {\n transport: Transport.KAFKA,\n options: {\n producerOnlyMode: true,\n client: configService.getKafkaClientConfig(),\n producer: {\n allowAutoTopicCreation: true,\n createPartitioner: Partitioners.DefaultPartitioner,\n idempotent: true,\n },\n },\n }\n },\n },\n ]),\n OpensearchModule.forRootAsync({\n inject: [TypedConfigService],\n useFactory: (configService: TypedConfigService) => {\n return configService.getOpenSearchConfig()\n },\n }),\n ],\n controllers: [AuditController, AuditKafkaConsumerController],\n providers: [\n AuditService,\n AuditInterceptor,\n AuditLogSubscriber,\n RedisLockProvider,\n AuditStorageAdapterProvider,\n AuditPublisherProvider,\n ],\n exports: [AuditService, AuditInterceptor],\n})\nexport class AuditModule {}\n" }, { "path": "apps/api/src/audit/constants/audit-log-events.constant.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const AuditLogEvents = {\n CREATED: 'audit-log.created',\n UPDATED: 'audit-log.updated',\n} as const\n" }, { "path": "apps/api/src/audit/constants/audit-tokens.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const AUDIT_STORAGE_ADAPTER = 'AUDIT_STORAGE_ADAPTER'\nexport const AUDIT_LOG_PUBLISHER = 'AUDIT_LOG_PUBLISHER'\nexport const AUDIT_KAFKA_SERVICE = 'AUDIT_KAFKA_SERVICE'\nexport const AUDIT_KAFKA_TOPIC = 'audit-logs'\n" }, { "path": "apps/api/src/audit/controllers/audit.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Controller, Get, Param, Query, UseGuards } from '@nestjs/common'\nimport { ApiTags, ApiOperation, ApiResponse, ApiBearerAuth, ApiOAuth2, ApiParam } from '@nestjs/swagger'\nimport { AuditLogDto } from '../dto/audit-log.dto'\nimport { PaginatedAuditLogsDto } from '../dto/paginated-audit-logs.dto'\nimport { AuditService } from '../services/audit.service'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { SystemActionGuard } from '../../auth/system-action.guard'\nimport { RequiredSystemRole } from '../../common/decorators/required-role.decorator'\nimport { OrganizationResourceActionGuard } from '../../organization/guards/organization-resource-action.guard'\nimport { RequiredOrganizationResourcePermissions } from '../../organization/decorators/required-organization-resource-permissions.decorator'\nimport { OrganizationResourcePermission } from '../../organization/enums/organization-resource-permission.enum'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { ListAuditLogsQueryDto } from '../dto/list-audit-logs-query.dto'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\n\n@ApiTags('audit')\n@Controller('audit')\n@UseGuards(CombinedAuthGuard, SystemActionGuard, OrganizationResourceActionGuard, AuthenticatedRateLimitGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class AuditController {\n constructor(private readonly auditService: AuditService) {}\n\n @Get()\n @ApiOperation({\n summary: 'Get all audit logs',\n operationId: 'getAllAuditLogs',\n })\n @ApiResponse({\n status: 200,\n description: 'Paginated list of all audit logs',\n type: PaginatedAuditLogsDto,\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n async getAllLogs(@Query() query: ListAuditLogsQueryDto): Promise {\n const result = await this.auditService.getAllLogs(\n query.page,\n query.limit,\n {\n from: query.from,\n to: query.to,\n },\n query.nextToken,\n )\n return {\n items: result.items.map(AuditLogDto.fromAuditLog),\n total: result.total,\n page: result.page,\n totalPages: result.totalPages,\n nextToken: result.nextToken,\n }\n }\n\n @Get('/organizations/:organizationId')\n @ApiOperation({\n summary: 'Get audit logs for organization',\n operationId: 'getOrganizationAuditLogs',\n })\n @ApiResponse({\n status: 200,\n description: 'Paginated list of organization audit logs',\n type: PaginatedAuditLogsDto,\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.READ_AUDIT_LOGS])\n async getOrganizationLogs(\n @Param('organizationId') organizationId: string,\n @Query() query: ListAuditLogsQueryDto,\n ): Promise {\n const result = await this.auditService.getOrganizationLogs(\n organizationId,\n query.page,\n query.limit,\n {\n from: query.from,\n to: query.to,\n },\n query.nextToken,\n )\n return {\n items: result.items.map(AuditLogDto.fromAuditLog),\n total: result.total,\n page: result.page,\n totalPages: result.totalPages,\n nextToken: result.nextToken,\n }\n }\n}\n" }, { "path": "apps/api/src/audit/decorators/audit.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { SetMetadata } from '@nestjs/common'\nimport { Request } from 'express'\nimport { AuditAction } from '../enums/audit-action.enum'\nimport { AuditTarget } from '../enums/audit-target.enum'\n\nexport type TypedRequest = Omit & { body: T }\n\nexport const MASKED_AUDIT_VALUE = '********'\n\nexport interface AuditContext {\n action: AuditAction\n targetType?: AuditTarget\n targetIdFromRequest?: (req: Request) => string | null | undefined\n targetIdFromResult?: (result: any) => string | null | undefined\n requestMetadata?: Record any>\n}\n\nexport const AUDIT_CONTEXT_KEY = 'audit_context'\n\nexport const Audit = (context: AuditContext) => SetMetadata(AUDIT_CONTEXT_KEY, context)\n" }, { "path": "apps/api/src/audit/dto/audit-log.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { AuditLog, AuditLogMetadata } from '../entities/audit-log.entity'\n\n@ApiSchema({ name: 'AuditLog' })\nexport class AuditLogDto {\n @ApiProperty()\n id: string\n\n @ApiProperty()\n actorId: string\n\n @ApiProperty()\n actorEmail: string\n\n @ApiPropertyOptional()\n organizationId?: string\n\n @ApiProperty()\n action: string\n\n @ApiPropertyOptional()\n targetType?: string\n\n @ApiPropertyOptional()\n targetId?: string\n\n @ApiPropertyOptional()\n statusCode?: number\n\n @ApiPropertyOptional()\n errorMessage?: string\n\n @ApiPropertyOptional()\n ipAddress?: string\n\n @ApiPropertyOptional()\n userAgent?: string\n\n @ApiPropertyOptional()\n source?: string\n\n @ApiPropertyOptional({\n type: 'object',\n additionalProperties: true,\n })\n metadata?: AuditLogMetadata\n\n @ApiProperty()\n createdAt: Date\n\n static fromAuditLog(auditLog: AuditLog): AuditLogDto {\n return {\n id: auditLog.id,\n actorId: auditLog.actorId,\n actorEmail: auditLog.actorEmail,\n organizationId: auditLog.organizationId,\n action: auditLog.action,\n targetType: auditLog.targetType,\n targetId: auditLog.targetId,\n statusCode: auditLog.statusCode,\n errorMessage: auditLog.errorMessage,\n ipAddress: auditLog.ipAddress,\n userAgent: auditLog.userAgent,\n source: auditLog.source,\n metadata: auditLog.metadata,\n createdAt: auditLog.createdAt,\n }\n }\n}\n" }, { "path": "apps/api/src/audit/dto/create-audit-log-internal.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { AuditLogMetadata } from '../entities/audit-log.entity'\nimport { AuditAction } from '../enums/audit-action.enum'\nimport { AuditTarget } from '../enums/audit-target.enum'\n\nexport class CreateAuditLogInternalDto {\n actorId: string\n actorEmail: string\n organizationId?: string\n action: AuditAction\n targetType?: AuditTarget\n targetId?: string\n statusCode?: number\n errorMessage?: string\n ipAddress?: string\n userAgent?: string\n source?: string\n metadata?: AuditLogMetadata\n}\n" }, { "path": "apps/api/src/audit/dto/create-audit-log.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { IsEnum, IsOptional } from 'class-validator'\nimport { AuditAction } from '../enums/audit-action.enum'\nimport { AuditTarget } from '../enums/audit-target.enum'\n\n@ApiSchema({ name: 'CreateAuditLog' })\nexport class CreateAuditLogDto {\n @ApiProperty()\n actorId: string\n\n @ApiProperty()\n actorEmail: string\n\n @ApiPropertyOptional()\n @IsOptional()\n organizationId?: string\n\n @ApiProperty({\n enum: AuditAction,\n })\n @IsEnum(AuditAction)\n action: AuditAction\n\n @ApiPropertyOptional({\n enum: AuditTarget,\n })\n @IsOptional()\n @IsEnum(AuditTarget)\n targetType?: AuditTarget\n\n @ApiPropertyOptional()\n @IsOptional()\n targetId?: string\n}\n" }, { "path": "apps/api/src/audit/dto/list-audit-logs-query.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { PageNumber } from '../../common/decorators/page-number.decorator'\nimport { PageLimit } from '../../common/decorators/page-limit.decorator'\nimport { IsDate, IsOptional, IsString } from 'class-validator'\nimport { Type } from 'class-transformer'\n\n@ApiSchema({ name: 'ListAuditLogsQuery' })\nexport class ListAuditLogsQueryDto {\n @PageNumber(1)\n page = 1\n\n @PageLimit(100)\n limit = 100\n\n @ApiPropertyOptional({ type: String, format: 'date-time', description: 'From date (ISO 8601 format)' })\n @IsOptional()\n @Type(() => Date)\n @IsDate()\n from?: Date\n\n @ApiPropertyOptional({ type: String, format: 'date-time', description: 'To date (ISO 8601 format)' })\n @IsOptional()\n @Type(() => Date)\n @IsDate()\n to?: Date\n\n @ApiPropertyOptional({\n type: String,\n description: 'Token for cursor-based pagination. When provided, takes precedence over page parameter.',\n })\n @IsOptional()\n @IsString()\n nextToken?: string\n}\n" }, { "path": "apps/api/src/audit/dto/paginated-audit-logs.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { AuditLogDto } from './audit-log.dto'\n\n@ApiSchema({ name: 'PaginatedAuditLogs' })\nexport class PaginatedAuditLogsDto {\n @ApiProperty({ type: [AuditLogDto] })\n items: AuditLogDto[]\n\n @ApiProperty()\n total: number\n\n @ApiProperty()\n page: number\n\n @ApiProperty()\n totalPages: number\n\n @ApiProperty({ required: false, description: 'Token for next page in cursor-based pagination' })\n nextToken?: string\n}\n" }, { "path": "apps/api/src/audit/dto/update-audit-log-internal.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport class UpdateAuditLogInternalDto {\n statusCode?: number\n errorMessage?: string\n targetId?: string\n organizationId?: string\n}\n" }, { "path": "apps/api/src/audit/entities/audit-log.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Entity, PrimaryGeneratedColumn, Column, CreateDateColumn, Index } from 'typeorm'\nimport { v4 } from 'uuid'\n\nexport type AuditLogMetadata = Record\n\n@Entity()\n@Index(['createdAt'])\n@Index(['organizationId', 'createdAt'])\nexport class AuditLog {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @Column()\n actorId: string\n\n @Column({\n default: '',\n })\n actorEmail: string\n\n @Column({ nullable: true })\n organizationId?: string\n\n @Column()\n action: string\n\n @Column({ nullable: true })\n targetType?: string\n\n @Column({ nullable: true })\n targetId?: string\n\n @Column({ nullable: true })\n statusCode?: number\n\n @Column({ nullable: true })\n errorMessage?: string\n\n @Column({ nullable: true })\n ipAddress?: string\n\n @Column({ type: 'text', nullable: true })\n userAgent?: string\n\n @Column({ nullable: true })\n source?: string\n\n @Column({ type: 'jsonb', nullable: true })\n metadata?: AuditLogMetadata\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n constructor(params: {\n id?: string\n actorId: string\n actorEmail: string\n organizationId?: string\n action: string\n targetType?: string\n targetId?: string\n statusCode?: number\n errorMessage?: string\n ipAddress?: string\n userAgent?: string\n source?: string\n metadata?: AuditLogMetadata\n createdAt?: Date\n }) {\n this.id = params.id || v4()\n this.actorId = params.actorId\n this.actorEmail = params.actorEmail\n this.organizationId = params.organizationId\n this.action = params.action\n this.targetType = params.targetType\n this.targetId = params.targetId\n this.statusCode = params.statusCode\n this.errorMessage = params.errorMessage\n this.ipAddress = params.ipAddress\n this.userAgent = params.userAgent\n this.source = params.source\n this.metadata = params.metadata\n this.createdAt = params.createdAt || new Date()\n }\n}\n" }, { "path": "apps/api/src/audit/enums/audit-action.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum AuditAction {\n CREATE = 'create',\n READ = 'read',\n UPDATE = 'update',\n DELETE = 'delete',\n LOGIN = 'login',\n SET_DEFAULT = 'set_default',\n UPDATE_ACCESS = 'update_access',\n UPDATE_QUOTA = 'update_quota',\n UPDATE_REGION_QUOTA = 'update_region_quota',\n SUSPEND = 'suspend',\n UNSUSPEND = 'unsuspend',\n ACCEPT = 'accept',\n DECLINE = 'decline',\n LINK_ACCOUNT = 'link_account',\n UNLINK_ACCOUNT = 'unlink_account',\n LEAVE_ORGANIZATION = 'leave_organization',\n REGENERATE_KEY_PAIR = 'regenerate_key_pair',\n UPDATE_SCHEDULING = 'update_scheduling',\n UPDATE_DRAINING = 'update_draining',\n START = 'start',\n STOP = 'stop',\n RESIZE = 'resize',\n REPLACE_LABELS = 'replace_labels',\n CREATE_BACKUP = 'create_backup',\n UPDATE_PUBLIC_STATUS = 'update_public_status',\n SET_AUTO_STOP_INTERVAL = 'set_auto_stop_interval',\n SET_AUTO_ARCHIVE_INTERVAL = 'set_auto_archive_interval',\n SET_AUTO_DELETE_INTERVAL = 'set_auto_delete_interval',\n ARCHIVE = 'archive',\n GET_PORT_PREVIEW_URL = 'get_port_preview_url',\n SET_GENERAL_STATUS = 'set_general_status',\n ACTIVATE = 'activate',\n DEACTIVATE = 'deactivate',\n UPDATE_NETWORK_SETTINGS = 'update_network_settings',\n SEND_WEBHOOK_MESSAGE = 'send_webhook_message',\n INITIALIZE_WEBHOOKS = 'initialize_webhooks',\n UPDATE_SANDBOX_DEFAULT_LIMITED_NETWORK_EGRESS = 'update_sandbox_default_limited_network_egress',\n CREATE_SSH_ACCESS = 'create_ssh_access',\n REVOKE_SSH_ACCESS = 'revoke_ssh_access',\n RECOVER = 'recover',\n REGENERATE_PROXY_API_KEY = 'regenerate_proxy_api_key',\n REGENERATE_SSH_GATEWAY_API_KEY = 'regenerate_ssh_gateway_api_key',\n REGENERATE_SNAPSHOT_MANAGER_CREDENTIALS = 'regenerate_snapshot_manager_credentials',\n // toolbox actions (must be prefixed with 'toolbox_')\n TOOLBOX_DELETE_FILE = 'toolbox_delete_file',\n TOOLBOX_DOWNLOAD_FILE = 'toolbox_download_file',\n TOOLBOX_CREATE_FOLDER = 'toolbox_create_folder',\n TOOLBOX_MOVE_FILE = 'toolbox_move_file',\n TOOLBOX_SET_FILE_PERMISSIONS = 'toolbox_set_file_permissions',\n TOOLBOX_REPLACE_IN_FILES = 'toolbox_replace_in_files',\n TOOLBOX_UPLOAD_FILE = 'toolbox_upload_file',\n TOOLBOX_BULK_UPLOAD_FILES = 'toolbox_bulk_upload_files',\n TOOLBOX_GIT_ADD_FILES = 'toolbox_git_add_files',\n TOOLBOX_GIT_CREATE_BRANCH = 'toolbox_git_create_branch',\n TOOLBOX_GIT_DELETE_BRANCH = 'toolbox_git_delete_branch',\n TOOLBOX_GIT_CLONE_REPOSITORY = 'toolbox_git_clone_repository',\n TOOLBOX_GIT_COMMIT_CHANGES = 'toolbox_git_commit_changes',\n TOOLBOX_GIT_PULL_CHANGES = 'toolbox_git_pull_changes',\n TOOLBOX_GIT_PUSH_CHANGES = 'toolbox_git_push_changes',\n TOOLBOX_GIT_CHECKOUT_BRANCH = 'toolbox_git_checkout_branch',\n TOOLBOX_EXECUTE_COMMAND = 'toolbox_execute_command',\n TOOLBOX_CREATE_SESSION = 'toolbox_create_session',\n TOOLBOX_SESSION_EXECUTE_COMMAND = 'toolbox_session_execute_command',\n TOOLBOX_DELETE_SESSION = 'toolbox_delete_session',\n TOOLBOX_COMPUTER_USE_START = 'toolbox_computer_use_start',\n TOOLBOX_COMPUTER_USE_STOP = 'toolbox_computer_use_stop',\n TOOLBOX_COMPUTER_USE_RESTART_PROCESS = 'toolbox_computer_use_restart_process',\n}\n" }, { "path": "apps/api/src/audit/enums/audit-target.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum AuditTarget {\n API_KEY = 'api_key',\n ORGANIZATION = 'organization',\n ORGANIZATION_INVITATION = 'organization_invitation',\n ORGANIZATION_ROLE = 'organization_role',\n ORGANIZATION_USER = 'organization_user',\n DOCKER_REGISTRY = 'docker_registry',\n RUNNER = 'runner',\n SANDBOX = 'sandbox',\n SNAPSHOT = 'snapshot',\n USER = 'user',\n VOLUME = 'volume',\n REGION = 'region',\n}\n" }, { "path": "apps/api/src/audit/events/audit-log-created.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { AuditLog } from '../entities/audit-log.entity'\n\nexport class AuditLogCreatedEvent {\n constructor(public readonly auditLog: AuditLog) {}\n}\n" }, { "path": "apps/api/src/audit/events/audit-log-updated.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { AuditLog } from '../entities/audit-log.entity'\n\nexport class AuditLogUpdatedEvent {\n constructor(public readonly auditLog: AuditLog) {}\n}\n" }, { "path": "apps/api/src/audit/interceptors/audit.interceptor.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Injectable,\n NestInterceptor,\n ExecutionContext,\n CallHandler,\n Logger,\n UnauthorizedException,\n InternalServerErrorException,\n HttpException,\n HttpStatus,\n} from '@nestjs/common'\nimport { Reflector } from '@nestjs/core'\nimport { Request, Response } from 'express'\nimport { Observable, Subscriber, firstValueFrom } from 'rxjs'\nimport { AUDIT_CONTEXT_KEY, AuditContext } from '../decorators/audit.decorator'\nimport { AuditLog, AuditLogMetadata } from '../entities/audit-log.entity'\nimport { AuditAction } from '../enums/audit-action.enum'\nimport { AuditService } from '../services/audit.service'\nimport { AuthContext } from '../../common/interfaces/auth-context.interface'\nimport { CustomHeaders } from '../../common/constants/header.constants'\nimport { TypedConfigService } from '../../config/typed-config.service'\n\ntype RequestWithUser = Request & {\n user?: AuthContext\n}\n\n@Injectable()\nexport class AuditInterceptor implements NestInterceptor {\n private readonly logger = new Logger(AuditInterceptor.name)\n\n constructor(\n private readonly reflector: Reflector,\n private readonly auditService: AuditService,\n private readonly configService: TypedConfigService,\n ) {}\n\n intercept(context: ExecutionContext, next: CallHandler): Observable {\n const request = context.switchToHttp().getRequest()\n const response = context.switchToHttp().getResponse()\n\n const auditContext = this.reflector.get(AUDIT_CONTEXT_KEY, context.getHandler())\n\n // Non-audited request\n if (!auditContext) {\n return next.handle()\n }\n\n // Toolbox requests are not audited by default\n if (this.isToolboxAction(auditContext.action) && !this.configService.get('audit.toolboxRequestsEnabled')) {\n return next.handle()\n }\n\n if (!request.user) {\n this.logger.error('No user context found for audited request:', request.url)\n throw new UnauthorizedException()\n }\n\n return new Observable((observer) => {\n this.handleAuditedRequest(auditContext, request, response, next, observer)\n })\n }\n\n // An audit log must be created before the request is passed to the request handler\n // After the request handler returns, the audit log is optimistically updated with the outcome\n private async handleAuditedRequest(\n auditContext: AuditContext,\n request: RequestWithUser,\n response: Response,\n next: CallHandler,\n observer: Subscriber,\n ): Promise {\n try {\n const auditLog = await this.auditService.createLog({\n actorId: request.user.userId,\n actorEmail: request.user.email,\n organizationId: request.user.organizationId,\n action: auditContext.action,\n targetType: auditContext.targetType,\n targetId: this.resolveTargetId(auditContext, request),\n ipAddress: request.ip,\n userAgent: request.get('user-agent'),\n source: request.get(CustomHeaders.SOURCE.name),\n metadata: this.resolveRequestMetadata(auditContext, request),\n })\n\n try {\n const result = await firstValueFrom(next.handle())\n\n const organizationId = this.resolveOrganizationId(request, result)\n const targetId = this.resolveTargetId(auditContext, request, result)\n const statusCode = response.statusCode || HttpStatus.NO_CONTENT\n await this.recordHandlerSuccess(auditLog, organizationId, targetId, statusCode)\n\n observer.next(result)\n observer.complete()\n } catch (handlerError) {\n const errorMessage =\n handlerError instanceof HttpException ? handlerError.message : 'An unexpected error occurred.'\n const statusCode = this.resolveErrorStatusCode(handlerError)\n await this.recordHandlerError(auditLog, errorMessage, statusCode)\n\n observer.error(handlerError)\n }\n } catch (createLogError) {\n this.logger.error('Failed to create audit log:', createLogError)\n observer.error(new InternalServerErrorException())\n }\n }\n\n private resolveOrganizationId(request: RequestWithUser, result?: any): string | null {\n return result?.organizationId || request.user.organizationId\n }\n\n /**\n * Resolves the identifier of the target resource from the initial request or the response object.\n *\n * Prioritizes resolving the ID from the response object as the request may not include a unique resource identifier (e.g. delete sandbox by name).\n */\n private resolveTargetId(auditContext: AuditContext, request: RequestWithUser, result?: any): string | null {\n if (auditContext.targetIdFromResult && result) {\n const targetId = auditContext.targetIdFromResult(result)\n if (targetId) {\n return targetId\n }\n }\n\n if (auditContext.targetIdFromRequest) {\n const targetId = auditContext.targetIdFromRequest(request)\n if (targetId) {\n return targetId\n }\n }\n\n return null\n }\n\n private resolveRequestMetadata(auditContext: AuditContext, request: RequestWithUser): AuditLogMetadata | null {\n if (!auditContext.requestMetadata) {\n return null\n }\n\n const resolvedMetadata: AuditLogMetadata = {}\n\n for (const [key, resolver] of Object.entries(auditContext.requestMetadata)) {\n try {\n resolvedMetadata[key] = resolver(request)\n } catch (error) {\n this.logger.warn(`Failed to resolve audit log metadata key \"${key}\":`, error)\n resolvedMetadata[key] = null\n }\n }\n\n return Object.keys(resolvedMetadata).length > 0 ? resolvedMetadata : null\n }\n\n private isToolboxAction(action: AuditAction): boolean {\n return action.startsWith('toolbox_')\n }\n\n private async recordHandlerSuccess(\n auditLog: AuditLog,\n organizationId: string | null,\n targetId: string | null,\n statusCode: number,\n ): Promise {\n try {\n await this.auditService.updateLog(auditLog.id, {\n organizationId,\n targetId,\n statusCode,\n })\n } catch (error) {\n this.logger.error('Failed to record handler result:', error)\n }\n }\n\n private async recordHandlerError(auditLog: AuditLog, errorMessage: string, statusCode: number): Promise {\n try {\n await this.auditService.updateLog(auditLog.id, {\n errorMessage,\n statusCode,\n })\n } catch (error) {\n this.logger.error('Failed to record handler error:', error)\n }\n }\n\n private resolveErrorStatusCode(error: any): number {\n if (error instanceof HttpException) {\n return error.getStatus()\n }\n\n return HttpStatus.INTERNAL_SERVER_ERROR\n }\n}\n" }, { "path": "apps/api/src/audit/interfaces/audit-filter.interface.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport interface AuditLogFilter {\n from?: Date\n to?: Date\n}\n" }, { "path": "apps/api/src/audit/interfaces/audit-publisher.interface.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { AuditLog } from '../entities/audit-log.entity'\n\n/**\n * Interface for audit log publisher operations\n * Handles publishing audit logs\n */\nexport interface AuditLogPublisher {\n /**\n * Publish audit logs\n */\n write(auditLogs: AuditLog[]): Promise\n}\n" }, { "path": "apps/api/src/audit/interfaces/audit-storage.interface.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { AuditLog } from '../entities/audit-log.entity'\nimport { PaginatedList } from '../../common/interfaces/paginated-list.interface'\nimport { AuditLogFilter } from './audit-filter.interface'\n\n/**\n * Interface for audit log storage operations\n * Handles persistent storage and audit logs queries\n */\nexport interface AuditLogStorageAdapter {\n /**\n * Write audit logs to storage\n */\n write(auditLogs: AuditLog[]): Promise\n\n /**\n * Get all audit logs\n * @param page - Page number (1-based) for offset-based pagination\n * @param limit - Number of items per page\n * @param filters - Optional filters\n * @param nextToken - Cursor token for cursor-based pagination (takes precedence over page)\n */\n getAllLogs(\n page?: number,\n limit?: number,\n filters?: AuditLogFilter,\n nextToken?: string,\n ): Promise>\n\n /**\n * Get audit logs for organization\n * @param organizationId - Organization ID\n * @param page - Page number (1-based) for offset-based pagination\n * @param limit - Number of items per page\n * @param filters - Optional filters\n * @param nextToken - Cursor token for cursor-based pagination (takes precedence over page)\n */\n getOrganizationLogs(\n organizationId: string,\n page?: number,\n limit?: number,\n filters?: AuditLogFilter,\n nextToken?: string,\n ): Promise>\n}\n" }, { "path": "apps/api/src/audit/providers/audit-publisher.provider.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Provider } from '@nestjs/common'\nimport { AuditKafkaPublisher } from '../publishers/kafka/audit-kafka-publisher'\nimport { AuditDirectPublisher } from '../publishers/audit-direct-publisher'\nimport { AuditLogStorageAdapter } from '../interfaces/audit-storage.interface'\nimport { AuditLogPublisher } from '../interfaces/audit-publisher.interface'\nimport { AUDIT_KAFKA_SERVICE, AUDIT_STORAGE_ADAPTER, AUDIT_LOG_PUBLISHER } from '../constants/audit-tokens'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { ClientKafka } from '@nestjs/microservices'\n\nexport const AuditPublisherProvider: Provider = {\n provide: AUDIT_LOG_PUBLISHER,\n useFactory: (\n configService: TypedConfigService,\n kafkaService: ClientKafka,\n auditStorageAdapter: AuditLogStorageAdapter,\n ): AuditLogPublisher => {\n const auditConfig = configService.get('audit')\n\n if (!auditConfig.publish.enabled) {\n return\n }\n\n switch (auditConfig.publish.mode) {\n case 'direct':\n return new AuditDirectPublisher(auditStorageAdapter)\n case 'kafka':\n if (!configService.get('kafka.enabled')) {\n throw new Error('Kafka must be enabled to publish audit logs to Kafka')\n }\n return new AuditKafkaPublisher(kafkaService)\n default:\n throw new Error(`Invalid publish mode: ${auditConfig.publish.mode}`)\n }\n },\n inject: [TypedConfigService, AUDIT_KAFKA_SERVICE, AUDIT_STORAGE_ADAPTER],\n}\n" }, { "path": "apps/api/src/audit/providers/audit-storage.provider.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Provider } from '@nestjs/common'\nimport { getRepositoryToken } from '@nestjs/typeorm'\nimport { AuditOpenSearchStorageAdapter } from '../adapters/audit-opensearch.adapter'\nimport { AuditLogStorageAdapter } from '../interfaces/audit-storage.interface'\nimport { AUDIT_STORAGE_ADAPTER } from '../constants/audit-tokens'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { OpensearchClient } from 'nestjs-opensearch'\nimport { AuditTypeormStorageAdapter } from '../adapters/audit-typeorm.adapter'\nimport { Repository } from 'typeorm'\nimport { AuditLog } from '../entities/audit-log.entity'\n\nexport const AuditStorageAdapterProvider: Provider = {\n provide: AUDIT_STORAGE_ADAPTER,\n useFactory: (\n configService: TypedConfigService,\n opensearchClient: OpensearchClient,\n auditLogRepository: Repository,\n ): AuditLogStorageAdapter => {\n const auditConfig = configService.get('audit')\n\n if (auditConfig.publish.enabled) {\n switch (auditConfig.publish.storageAdapter) {\n case 'opensearch': {\n return new AuditOpenSearchStorageAdapter(configService, opensearchClient)\n }\n default:\n throw new Error(`Invalid storage adapter: ${auditConfig.publish.storageAdapter}`)\n }\n } else {\n return new AuditTypeormStorageAdapter(auditLogRepository)\n }\n },\n inject: [TypedConfigService, OpensearchClient, getRepositoryToken(AuditLog)],\n}\n" }, { "path": "apps/api/src/audit/publishers/audit-direct-publisher.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger, Inject, OnModuleInit } from '@nestjs/common'\nimport { AuditLog } from '../entities/audit-log.entity'\nimport { AuditLogPublisher } from '../interfaces/audit-publisher.interface'\nimport { AuditLogStorageAdapter } from '../interfaces/audit-storage.interface'\nimport { AUDIT_STORAGE_ADAPTER } from '../constants/audit-tokens'\n\n@Injectable()\nexport class AuditDirectPublisher implements AuditLogPublisher, OnModuleInit {\n private readonly logger = new Logger(AuditDirectPublisher.name)\n\n constructor(@Inject(AUDIT_STORAGE_ADAPTER) private readonly storageAdapter: AuditLogStorageAdapter) {}\n\n async onModuleInit(): Promise {\n this.logger.log('Direct storage publisher initialized')\n }\n\n async write(auditLogs: AuditLog[]): Promise {\n await this.storageAdapter.write(auditLogs)\n this.logger.debug(\n `Written ${auditLogs.length} audit logs directly to ${this.storageAdapter.constructor.name} publisher`,\n )\n }\n}\n" }, { "path": "apps/api/src/audit/publishers/kafka/audit-kafka-consumer.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Controller, Inject, Logger, UseFilters } from '@nestjs/common'\nimport { Ctx, EventPattern, KafkaContext, Payload } from '@nestjs/microservices'\nimport { AuditLog } from '../../entities/audit-log.entity'\nimport { AuditLogStorageAdapter } from '../../interfaces/audit-storage.interface'\nimport { AutoCommitOffset } from '../../../common/decorators/autocommit-offset.decorator'\nimport { AUDIT_KAFKA_TOPIC, AUDIT_STORAGE_ADAPTER } from '../../constants/audit-tokens'\nimport { KafkaMaxRetryExceptionFilter } from '../../../filters/kafka-exception.filter'\n\n@Controller('kafka-audit')\n@UseFilters(new KafkaMaxRetryExceptionFilter({ retries: 3, sendToDlq: true }))\nexport class AuditKafkaConsumerController {\n private readonly logger = new Logger(AuditKafkaConsumerController.name)\n\n constructor(@Inject(AUDIT_STORAGE_ADAPTER) private readonly auditStorageAdapter: AuditLogStorageAdapter) {}\n\n @EventPattern(AUDIT_KAFKA_TOPIC)\n @AutoCommitOffset()\n public async handleAuditLogMessage(@Payload() message: AuditLog, @Ctx() context: KafkaContext): Promise {\n this.logger.debug('Handling audit log message', { message })\n await this.auditStorageAdapter.write([message])\n }\n}\n" }, { "path": "apps/api/src/audit/publishers/kafka/audit-kafka-publisher.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Logger, OnModuleInit } from '@nestjs/common'\nimport { ClientKafkaProxy } from '@nestjs/microservices'\nimport { CompressionTypes, Message } from 'kafkajs'\nimport { AuditLog } from '../../entities/audit-log.entity'\nimport { AuditLogPublisher } from '../../interfaces/audit-publisher.interface'\nimport { AUDIT_KAFKA_TOPIC } from '../../constants/audit-tokens'\n\nexport class AuditKafkaPublisher implements AuditLogPublisher, OnModuleInit {\n private readonly logger = new Logger(AuditKafkaPublisher.name)\n\n constructor(private readonly kafkaService: ClientKafkaProxy) {}\n\n async onModuleInit() {\n await this.kafkaService.connect()\n this.logger.debug('Kafka audit log publisher initialized')\n }\n\n async write(auditLogs: AuditLog[]): Promise {\n const messages: Message[] = auditLogs.map((auditLog) => ({\n key: auditLog.organizationId,\n value: JSON.stringify(auditLog),\n }))\n\n try {\n await this.kafkaService.producer.send({\n topic: AUDIT_KAFKA_TOPIC,\n messages: messages,\n acks: -1,\n compression: CompressionTypes.GZIP,\n })\n } catch (error) {\n this.logger.error('Failed to write audit log to Kafka:', error)\n throw error\n }\n this.logger.debug(`${auditLogs.length} audit logs written to Kafka`)\n }\n}\n" }, { "path": "apps/api/src/audit/services/audit.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Inject, Injectable, Logger, NotFoundException, OnApplicationBootstrap, Optional } from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { Cron, CronExpression, SchedulerRegistry } from '@nestjs/schedule'\nimport { LessThan, Repository, IsNull, Not } from 'typeorm'\nimport { CreateAuditLogInternalDto } from '../dto/create-audit-log-internal.dto'\nimport { UpdateAuditLogInternalDto } from '../dto/update-audit-log-internal.dto'\nimport { AuditLog } from '../entities/audit-log.entity'\nimport { PaginatedList } from '../../common/interfaces/paginated-list.interface'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { RedisLockProvider } from '../../sandbox/common/redis-lock.provider'\nimport { AUDIT_LOG_PUBLISHER, AUDIT_STORAGE_ADAPTER } from '../constants/audit-tokens'\nimport { AuditLogStorageAdapter } from '../interfaces/audit-storage.interface'\nimport { AuditLogPublisher } from '../interfaces/audit-publisher.interface'\nimport { AuditLogFilter } from '../interfaces/audit-filter.interface'\nimport { DistributedLock } from '../../common/decorators/distributed-lock.decorator'\nimport { WithInstrumentation } from '../../common/decorators/otel.decorator'\nimport { LogExecution } from '../../common/decorators/log-execution.decorator'\n\n@Injectable()\nexport class AuditService implements OnApplicationBootstrap {\n private readonly logger = new Logger(AuditService.name)\n\n constructor(\n @InjectRepository(AuditLog)\n private readonly auditLogRepository: Repository,\n private readonly configService: TypedConfigService,\n private readonly redisLockProvider: RedisLockProvider,\n private readonly schedulerRegistry: SchedulerRegistry,\n @Inject(AUDIT_STORAGE_ADAPTER)\n private readonly auditStorageAdapter: AuditLogStorageAdapter,\n @Optional()\n @Inject(AUDIT_LOG_PUBLISHER)\n private readonly auditLogPublisher?: AuditLogPublisher,\n ) {}\n\n onApplicationBootstrap() {\n const auditConfig = this.configService.get('audit')\n\n // Enable publish cron job if publish is enabled\n if (auditConfig.publish.enabled) {\n this.schedulerRegistry.getCronJob('publish-audit-logs').start()\n return\n }\n\n // Enable cleanup cron job if retention days is configured and publish is disabled\n if (auditConfig.retentionDays && auditConfig.retentionDays > 0) {\n this.schedulerRegistry.getCronJob('cleanup-old-audit-logs').start()\n }\n\n const batchSize = this.configService.getOrThrow('audit.publish.batchSize')\n\n if (batchSize > 50000) {\n throw new Error('Audit publish batch size cannot be greater than 50000')\n }\n }\n\n async createLog(createDto: CreateAuditLogInternalDto): Promise {\n const auditLog = new AuditLog(createDto)\n\n await this.auditLogRepository.insert(auditLog)\n return auditLog\n }\n\n async updateLog(id: string, updateDto: UpdateAuditLogInternalDto): Promise {\n const auditLog = await this.auditLogRepository.findOne({ where: { id } })\n if (!auditLog) {\n throw new NotFoundException(`Audit log with ID ${id} not found`)\n }\n\n if (updateDto.statusCode) {\n auditLog.statusCode = updateDto.statusCode\n }\n\n if (updateDto.errorMessage) {\n auditLog.errorMessage = updateDto.errorMessage\n }\n\n if (updateDto.targetId) {\n auditLog.targetId = updateDto.targetId\n }\n\n if (updateDto.organizationId) {\n auditLog.organizationId = updateDto.organizationId\n }\n\n if (this.configService.get('audit.consoleLogEnabled')) {\n this.logger.log(`AUDIT_ENTRY: ${JSON.stringify(auditLog)}`)\n }\n\n return this.auditLogRepository.save(auditLog)\n }\n\n async getAllLogs(\n page = 1,\n limit = 10,\n filters?: AuditLogFilter,\n nextToken?: string,\n ): Promise> {\n return this.auditStorageAdapter.getAllLogs(page, limit, filters, nextToken)\n }\n\n async getOrganizationLogs(\n organizationId: string,\n page = 1,\n limit = 10,\n filters?: AuditLogFilter,\n nextToken?: string,\n ): Promise> {\n return this.auditStorageAdapter.getOrganizationLogs(organizationId, page, limit, filters, nextToken)\n }\n\n @Cron(CronExpression.EVERY_DAY_AT_2AM, {\n name: 'cleanup-old-audit-logs',\n waitForCompletion: true,\n disabled: true,\n })\n @DistributedLock()\n @LogExecution('cleanup-old-audit-logs')\n async cleanupOldAuditLogs(): Promise {\n try {\n const retentionDays = this.configService.get('audit.retentionDays')\n if (!retentionDays) {\n return\n }\n\n const cutoffDate = new Date(Date.now() - retentionDays * 24 * 60 * 60 * 1000)\n this.logger.log(`Starting cleanup of audit logs older than ${retentionDays} days`)\n\n const deletedLogs = await this.auditLogRepository.delete({\n createdAt: LessThan(cutoffDate),\n })\n\n const totalDeleted = deletedLogs.affected\n\n this.logger.log(`Completed cleanup of audit logs older than ${retentionDays} days (${totalDeleted} logs deleted)`)\n } catch (error) {\n this.logger.error(`An error occurred during cleanup of old audit logs: ${error.message}`, error.stack)\n }\n }\n\n // Resolve dangling audit logs where status code is not set and created at is more than half an hour ago\n @Cron(CronExpression.EVERY_MINUTE, {\n name: 'resolve-dangling-audit-logs',\n waitForCompletion: true,\n })\n @DistributedLock()\n @WithInstrumentation()\n @LogExecution('resolve-dangling-audit-logs')\n async resolveDanglingLogs() {\n const danglingLogs = await this.auditLogRepository.find({\n where: {\n statusCode: IsNull(),\n createdAt: LessThan(new Date(Date.now() - 30 * 60 * 1000)),\n },\n })\n\n for (const log of danglingLogs) {\n // set status code to unknown\n log.statusCode = 0\n await this.auditLogRepository.save(log)\n if (this.configService.get('audit.consoleLogEnabled')) {\n this.logger.log(`AUDIT_ENTRY: ${JSON.stringify(log)}`)\n }\n }\n this.logger.debug(`Resolved ${danglingLogs.length} dangling audit logs`)\n }\n\n @Cron(CronExpression.EVERY_SECOND, {\n name: 'publish-audit-logs',\n waitForCompletion: true,\n disabled: true,\n })\n @LogExecution('publish-audit-logs')\n @DistributedLock()\n @WithInstrumentation()\n async publishAuditLogs() {\n // Safeguard\n if (!this.auditLogPublisher) {\n this.logger.warn('Audit log publisher not configured, skipping publish')\n return\n }\n\n const auditLogs = await this.auditLogRepository.find({\n where: {\n statusCode: Not(IsNull()),\n },\n take: this.configService.getOrThrow('audit.publish.batchSize'),\n order: {\n createdAt: 'ASC',\n },\n })\n\n if (auditLogs.length === 0) {\n return\n }\n\n await this.auditLogPublisher.write(auditLogs)\n await this.auditLogRepository.delete(auditLogs.map((log) => log.id))\n }\n}\n" }, { "path": "apps/api/src/audit/subscribers/audit-log.subscriber.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ForbiddenException, Inject, Logger } from '@nestjs/common'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { DataSource, EntitySubscriberInterface, EventSubscriber, UpdateEvent } from 'typeorm'\nimport { AuditLog } from '../entities/audit-log.entity'\n\n@EventSubscriber()\nexport class AuditLogSubscriber implements EntitySubscriberInterface {\n private readonly logger = new Logger(AuditLogSubscriber.name)\n\n @Inject(EventEmitter2)\n private eventEmitter: EventEmitter2\n\n constructor(dataSource: DataSource) {\n dataSource.subscribers.push(this)\n }\n\n listenTo() {\n return AuditLog\n }\n\n beforeUpdate(event: UpdateEvent) {\n const existingEntity = event.databaseEntity as AuditLog\n\n if (!existingEntity) {\n // This should not happen, throw exception as a fail-safe\n this.logger.warn('Could not find existing audit log entity, beforeUpdate event:', event)\n throw new ForbiddenException()\n }\n\n if (existingEntity.statusCode) {\n throw new ForbiddenException('Finalized audit logs are immutable.')\n }\n }\n}\n" }, { "path": "apps/api/src/auth/api-key.strategy.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, UnauthorizedException, Logger, OnModuleInit } from '@nestjs/common'\nimport { PassportStrategy } from '@nestjs/passport'\nimport { Strategy } from 'passport-http-bearer'\nimport { ApiKeyService } from '../api-key/api-key.service'\nimport { ApiKey } from '../api-key/api-key.entity'\nimport { UserService } from '../user/user.service'\nimport { AuthContextType } from '../common/interfaces/auth-context.interface'\nimport { TypedConfigService } from '../config/typed-config.service'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport Redis from 'ioredis'\nimport { SystemRole } from '../user/enums/system-role.enum'\nimport { RunnerService } from '../sandbox/services/runner.service'\nimport { generateApiKeyHash } from '../common/utils/api-key'\nimport { RegionService } from '../region/services/region.service'\nimport { JWT_REGEX } from './constants/jwt-regex.constant'\n\ntype UserCache = {\n userId: string\n role: SystemRole\n email: string\n}\n\n@Injectable()\nexport class ApiKeyStrategy extends PassportStrategy(Strategy, 'api-key') implements OnModuleInit {\n private readonly logger = new Logger(ApiKeyStrategy.name)\n\n constructor(\n @InjectRedis() private readonly redis: Redis,\n private readonly apiKeyService: ApiKeyService,\n private readonly userService: UserService,\n private readonly configService: TypedConfigService,\n private readonly runnerService: RunnerService,\n private readonly regionService: RegionService,\n ) {\n super()\n this.logger.log('ApiKeyStrategy constructor called')\n }\n\n onModuleInit() {\n this.logger.log('ApiKeyStrategy initialized')\n }\n\n async validate(token: string): Promise {\n this.logger.debug('Validate method called')\n this.logger.debug(`Validating API key: ${token.substring(0, 8)}...`)\n\n const sshGatewayApiKey = this.configService.getOrThrow('sshGateway.apiKey')\n if (sshGatewayApiKey === token) {\n return {\n role: 'ssh-gateway',\n }\n }\n\n const proxyApiKey = this.configService.getOrThrow('proxy.apiKey')\n if (proxyApiKey === token) {\n return {\n role: 'proxy',\n }\n }\n\n const otelCollectorApiKey = this.configService.get('otelCollector.apiKey')\n if (otelCollectorApiKey && otelCollectorApiKey === token) {\n return {\n role: 'otel-collector',\n }\n }\n\n const healthCheckApiKey = this.configService.get('healthCheck.apiKey')\n if (healthCheckApiKey && healthCheckApiKey === token) {\n return {\n role: 'health-check',\n }\n }\n\n // Tokens matching JWT structure are not API keys — skip DB lookups and delegate to the JWT strategy.\n if (JWT_REGEX.test(token)) {\n return null\n }\n\n try {\n let apiKey = await this.getApiKeyCache(token)\n if (!apiKey) {\n // Cache miss - validate from database\n apiKey = await this.apiKeyService.getApiKeyByValue(token)\n this.logger.debug(`API key found for userId: ${apiKey.userId}`)\n\n // Check expiry BEFORE caching to prevent storing expired keys\n if (apiKey.expiresAt && apiKey.expiresAt < new Date()) {\n throw new UnauthorizedException('This API key has expired')\n }\n\n const validationCacheTtl = this.configService.get('apiKey.validationCacheTtlSeconds')\n const cacheKey = this.generateValidationCacheKey(token)\n await this.redis.setex(cacheKey, validationCacheTtl, JSON.stringify(apiKey))\n }\n if (apiKey.expiresAt && apiKey.expiresAt < new Date()) {\n throw new UnauthorizedException('This API key has expired')\n }\n\n this.logger.debug(`Updating last used timestamp for API key: ${token.substring(0, 8)}...`)\n await this.apiKeyService.updateLastUsedAt(apiKey.organizationId, apiKey.userId, apiKey.name, new Date())\n\n let userCache = await this.getUserCache(apiKey.userId)\n if (!userCache) {\n const user = await this.userService.findOne(apiKey.userId)\n if (!user) {\n this.logger.error(`Api key has invalid user: ${apiKey.keySuffix} - ${apiKey.userId}`)\n throw new UnauthorizedException('User not found')\n }\n userCache = {\n userId: user.id,\n role: user.role,\n email: user.email,\n }\n const userCacheTtl = this.configService.get('apiKey.userCacheTtlSeconds')\n await this.redis.setex(this.generateUserCacheKey(apiKey.userId), userCacheTtl, JSON.stringify(userCache))\n }\n\n const result = {\n userId: userCache.userId,\n role: userCache.role,\n email: userCache.email,\n apiKey,\n organizationId: apiKey.organizationId,\n }\n\n this.logger.debug('Authentication successful', result)\n return result\n } catch (error) {\n this.logger.debug('Error checking user API key:', error)\n // Continue to check runner API keys if user check fails\n }\n\n try {\n const runner = await this.runnerService.findByApiKey(token)\n if (runner) {\n this.logger.debug(`Runner API key found for runner: ${runner.id}`)\n return {\n role: 'runner',\n runnerId: runner.id,\n runner,\n }\n }\n } catch (error) {\n this.logger.debug('Error checking runner API key:', error)\n }\n\n try {\n const region = await this.regionService.findOneByProxyApiKey(token)\n if (region) {\n this.logger.debug(`Region proxy API key found for region: ${region.id}`)\n return {\n role: 'region-proxy',\n regionId: region.id,\n }\n }\n } catch (error) {\n this.logger.debug('Error checking region proxy API key:', error)\n }\n\n try {\n const region = await this.regionService.findOneBySshGatewayApiKey(token)\n if (region) {\n this.logger.debug(`Region SSH gateway API key found for region: ${region.id}`)\n return {\n role: 'region-ssh-gateway',\n regionId: region.id,\n }\n }\n } catch (error) {\n this.logger.debug('Error checking region SSH gateway API key:', error)\n }\n\n return null\n }\n\n private async getUserCache(userId: string): Promise {\n try {\n const userCacheRaw = await this.redis.get(`api-key:user:${userId}`)\n if (userCacheRaw) {\n return JSON.parse(userCacheRaw)\n }\n return null\n } catch (error) {\n this.logger.error('Error getting user cache:', error)\n return null\n }\n }\n\n private async getApiKeyCache(token: string): Promise {\n try {\n const cacheKey = this.generateValidationCacheKey(token)\n const cached = await this.redis.get(cacheKey)\n if (cached) {\n this.logger.debug('Using cached API key validation')\n const apiKey = JSON.parse(cached)\n // Parse Date fields from cached data\n if (apiKey.createdAt) {\n apiKey.createdAt = new Date(apiKey.createdAt)\n }\n if (apiKey.lastUsedAt) {\n apiKey.lastUsedAt = new Date(apiKey.lastUsedAt)\n }\n if (apiKey.expiresAt) {\n apiKey.expiresAt = new Date(apiKey.expiresAt)\n }\n return apiKey\n }\n return null\n } catch (error) {\n this.logger.error('Error getting API key cache:', error)\n return null\n }\n }\n\n private generateValidationCacheKey(token: string): string {\n return `api-key:validation:${generateApiKeyHash(token)}`\n }\n\n private generateUserCacheKey(userId: string): string {\n return `api-key:user:${userId}`\n }\n}\n" }, { "path": "apps/api/src/auth/auth.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { PassportModule } from '@nestjs/passport'\nimport { JwtStrategy } from './jwt.strategy'\nimport { ApiKeyStrategy } from './api-key.strategy'\nimport { UserModule } from '../user/user.module'\nimport { ApiKeyModule } from '../api-key/api-key.module'\nimport { SandboxModule } from '../sandbox/sandbox.module'\nimport { TypedConfigService } from '../config/typed-config.service'\nimport { HttpModule, HttpService } from '@nestjs/axios'\nimport { OidcMetadata } from 'oidc-client-ts'\nimport { firstValueFrom } from 'rxjs'\nimport { UserService } from '../user/user.service'\nimport { TypedConfigModule } from '../config/typed-config.module'\nimport { catchError, map } from 'rxjs/operators'\nimport { FailedAuthTrackerService } from './failed-auth-tracker.service'\nimport { RegionModule } from '../region/region.module'\n@Module({\n imports: [\n PassportModule.register({\n defaultStrategy: ['jwt', 'api-key'],\n property: 'user',\n session: false,\n }),\n TypedConfigModule,\n UserModule,\n ApiKeyModule,\n SandboxModule,\n RegionModule,\n HttpModule,\n ],\n providers: [\n ApiKeyStrategy,\n {\n provide: JwtStrategy,\n useFactory: async (userService: UserService, httpService: HttpService, configService: TypedConfigService) => {\n if (configService.get('skipConnections')) {\n return\n }\n\n // Get the OpenID configuration from the issuer\n const discoveryUrl = `${configService.get('oidc.issuer')}/.well-known/openid-configuration`\n const metadata = await firstValueFrom(\n httpService.get(discoveryUrl).pipe(\n map((response) => response.data as OidcMetadata),\n catchError((error) => {\n throw new Error(`Failed to fetch OpenID configuration: ${error.message}`)\n }),\n ),\n )\n\n let jwksUri = metadata.jwks_uri\n\n const internalIssuer = configService.getOrThrow('oidc.issuer')\n const publicIssuer = configService.get('oidc.publicIssuer')\n if (publicIssuer) {\n // Replace localhost URLs with Docker network URLs for internal API use\n jwksUri = metadata.jwks_uri.replace(publicIssuer, internalIssuer)\n }\n return new JwtStrategy(\n {\n audience: configService.get('oidc.audience'),\n issuer: metadata.issuer,\n jwksUri: jwksUri,\n },\n userService,\n configService,\n )\n },\n inject: [UserService, HttpService, TypedConfigService],\n },\n FailedAuthTrackerService,\n ],\n exports: [PassportModule, JwtStrategy, ApiKeyStrategy, FailedAuthTrackerService],\n})\nexport class AuthModule {}\n" }, { "path": "apps/api/src/auth/combined-auth.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger, UnauthorizedException } from '@nestjs/common'\nimport { AuthGuard } from '@nestjs/passport'\n\n/**\n * Main authentication guard for the application.\n *\n * Strategies are tried in array order.\n * On first success, the rest are skipped.\n *\n * `handleRequest` is invoked once — either when a strategy succeeds or when all strategies fail.\n * It returns the authenticated user object or throws a generic `UnauthorizedException`.\n */\n@Injectable()\nexport class CombinedAuthGuard extends AuthGuard(['api-key', 'jwt']) {\n private readonly logger = new Logger(CombinedAuthGuard.name)\n\n handleRequest(err: any, user: any) {\n if (err || !user) {\n this.logger.debug('Authentication failed', { err, user })\n throw new UnauthorizedException('Invalid credentials')\n }\n\n return user\n }\n}\n" }, { "path": "apps/api/src/auth/constants/jwt-regex.constant.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\n/**\n * Matches the structure of a JWT token: three base64url-encoded segments\n * separated by dots (header.payload.signature).\n *\n * Both header and payload must start with `eyJ` — the base64url encoding of `{\"`,\n * which is guaranteed since both are JSON objects.\n *\n * The signature segment has no prefix constraint since it is raw bytes.\n */\nexport const JWT_REGEX = /^eyJ[A-Za-z0-9_-]+\\.eyJ[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+$/\n" }, { "path": "apps/api/src/auth/failed-auth-tracker.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Inject, Logger } from '@nestjs/common'\nimport { getRedisConnectionToken } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport { Request, Response } from 'express'\nimport { ThrottlerException } from '@nestjs/throttler'\nimport { TypedConfigService } from '../config/typed-config.service'\nimport { setRateLimitHeaders } from '../common/utils/rate-limit-headers.util'\n\n/**\n * Service to track failed authentication attempts across all auth guards.\n * Shared logic for both JWT and API key authentication failures.\n */\n@Injectable()\nexport class FailedAuthTrackerService {\n private readonly logger = new Logger(FailedAuthTrackerService.name)\n\n constructor(\n @Inject(getRedisConnectionToken('throttler')) private readonly redis: Redis,\n private readonly configService: TypedConfigService,\n ) {}\n\n async incrementFailedAuth(request: Request, response: Response): Promise {\n try {\n const ip = request.ips.length ? request.ips[0] : request.ip\n const throttlerName = 'failed-auth'\n const tracker = `${throttlerName}:${ip}`\n\n // Get failed-auth config from TypedConfigService\n const failedAuthConfig = this.configService.get('rateLimit.failedAuth')\n if (!failedAuthConfig || !failedAuthConfig.ttl || !failedAuthConfig.limit) {\n // If failed-auth throttler is not configured, skip tracking\n return\n }\n\n const limit = failedAuthConfig.limit\n const ttl = failedAuthConfig.ttl * 1000 // Convert seconds to milliseconds\n\n const keyPrefix = this.redis.options.keyPrefix || ''\n const key = `${throttlerName}-${tracker}`\n const hitKey = `${keyPrefix}{${key}:${throttlerName}}:hits`\n const blockedKey = `${keyPrefix}{${key}:${throttlerName}}:blocked`\n\n // Increment hits\n const hits = await this.redis.incr(hitKey)\n if (hits === 1) {\n await this.redis.pexpire(hitKey, ttl)\n }\n const ttlRemaining = await this.redis.pttl(hitKey)\n\n // Set rate limit headers\n setRateLimitHeaders(response, {\n throttlerName,\n limit,\n remaining: Math.max(0, limit - hits),\n resetSeconds: Math.ceil(ttlRemaining / 1000),\n })\n\n // Check if blocked\n if (hits >= limit) {\n await this.redis.set(blockedKey, '1', 'PX', ttl)\n setRateLimitHeaders(response, {\n throttlerName,\n limit,\n remaining: 0,\n resetSeconds: Math.ceil(ttl / 1000),\n retryAfterSeconds: Math.ceil(ttl / 1000),\n })\n throw new ThrottlerException()\n }\n } catch (error) {\n if (error instanceof ThrottlerException) {\n throw error\n }\n // Log error but don't block auth if rate limiting has issues\n this.logger.error('Failed to track authentication failure:', error)\n }\n }\n}\n" }, { "path": "apps/api/src/auth/get-auth-context.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ExecutionContext, UnauthorizedException } from '@nestjs/common'\nimport { BaseAuthContext } from '../common/interfaces/auth-context.interface'\n\nexport function getAuthContext(\n context: ExecutionContext,\n isFunction: (user: BaseAuthContext) => user is T,\n): T {\n const request = context.switchToHttp().getRequest()\n\n if (request.user && isFunction(request.user)) {\n return request.user\n }\n\n throw new UnauthorizedException('Unauthorized')\n}\n" }, { "path": "apps/api/src/auth/health-check.guard.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, ExecutionContext, Logger, CanActivate } from '@nestjs/common'\nimport { getAuthContext } from './get-auth-context'\nimport { isHealthCheckContext } from '../common/interfaces/health-check-context.interface'\n\n@Injectable()\nexport class HealthCheckGuard implements CanActivate {\n protected readonly logger = new Logger(HealthCheckGuard.name)\n\n async canActivate(context: ExecutionContext): Promise {\n // Throws if not health check context\n getAuthContext(context, isHealthCheckContext)\n return true\n }\n}\n" }, { "path": "apps/api/src/auth/jwt.strategy.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger } from '@nestjs/common'\nimport { PassportStrategy } from '@nestjs/passport'\nimport { ExtractJwt, Strategy } from 'passport-jwt'\nimport { passportJwtSecret } from 'jwks-rsa'\nimport { createRemoteJWKSet, JWTPayload, jwtVerify } from 'jose'\nimport { UserService } from '../user/user.service'\nimport { AuthContext } from '../common/interfaces/auth-context.interface'\nimport { Request } from 'express'\nimport { CustomHeaders } from '../common/constants/header.constants'\nimport { TypedConfigService } from '../config/typed-config.service'\n\ninterface JwtStrategyConfig {\n jwksUri: string\n audience: string\n issuer: string\n}\n\n@Injectable()\nexport class JwtStrategy extends PassportStrategy(Strategy) {\n private readonly logger = new Logger(JwtStrategy.name)\n private JWKS: ReturnType\n\n constructor(\n private readonly options: JwtStrategyConfig,\n private readonly userService: UserService,\n private readonly configService: TypedConfigService,\n ) {\n super({\n secretOrKeyProvider: passportJwtSecret({\n cache: true,\n rateLimit: true,\n jwksRequestsPerMinute: 5,\n jwksUri: options.jwksUri,\n }),\n jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),\n audience: options.audience,\n issuer: options.issuer,\n algorithms: ['RS256'],\n passReqToCallback: true,\n })\n this.JWKS = createRemoteJWKSet(new URL(options.jwksUri))\n this.logger.debug('JwtStrategy initialized')\n }\n\n async validate(request: Request, payload: any): Promise {\n // OKTA does not return the userId in access_token sub claim\n // real userId is in the uid claim and email is in the sub claim\n let userId = payload.sub\n let email = payload.email\n if (payload.cid && payload.uid) {\n userId = payload.uid\n email = payload.sub\n }\n let user = await this.userService.findOne(userId)\n\n if (user && !user.emailVerified && payload.email_verified) {\n await this.userService.update(user.id, {\n emailVerified: payload.email_verified,\n })\n }\n\n if (!user) {\n user = await this.userService.create({\n id: userId,\n name: payload.name || payload.username || 'Unknown',\n email: email || '',\n emailVerified: payload.email_verified || false,\n personalOrganizationQuota: this.configService.getOrThrow('defaultOrganizationQuota'),\n })\n this.logger.debug(`Created new user with ID: ${userId}`)\n } else if (user.name === 'Unknown' || !user.email) {\n await this.userService.update(user.id, {\n name: payload.name || payload.username || 'Unknown',\n email: email || '',\n })\n this.logger.debug(`Updated name and email address for existing user with ID: ${userId}`)\n } else if (user.email !== email) {\n await this.userService.update(user.id, {\n email: email || '',\n })\n this.logger.debug(`Updated email address for existing user with ID: ${userId}`)\n }\n\n const organizationId = request.get(CustomHeaders.ORGANIZATION_ID.name)\n\n return {\n userId: user.id,\n role: user.role,\n email: user.email,\n organizationId,\n }\n }\n\n async verifyToken(token: string): Promise {\n const { payload } = await jwtVerify(token, this.JWKS, {\n audience: this.options.audience,\n issuer: this.options.issuer,\n algorithms: ['RS256'],\n })\n return payload\n }\n}\n" }, { "path": "apps/api/src/auth/or.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, ExecutionContext, Logger, CanActivate, Type, mixin } from '@nestjs/common'\nimport { ModuleRef } from '@nestjs/core'\n\n/**\n * Creates an OrGuard that allows access if at least one of the provided guards allows access.\n * It tries each guard in sequence and returns true on the first successful guard.\n * If all guards fail, it returns false.\n *\n * Usage:\n * ```typescript\n * @UseGuards(OrGuard([GuardA, GuardB]))\n * ```\n */\nexport function OrGuard(guards: Type[]): Type {\n @Injectable()\n class OrGuardMixin implements CanActivate {\n protected readonly logger = new Logger(`OrGuard`)\n\n constructor(private readonly moduleRef: ModuleRef) {}\n\n async canActivate(context: ExecutionContext): Promise {\n for (const GuardClass of guards) {\n try {\n const guard = this.moduleRef.get(GuardClass, { strict: false })\n const result = await guard.canActivate(context)\n\n if (result) {\n this.logger.debug(`Guard ${GuardClass.name} succeeded`)\n return true\n }\n } catch (error) {\n this.logger.debug(`Guard ${GuardClass.name} failed: ${error.message}`)\n }\n }\n\n this.logger.debug('All guards in OrGuard failed')\n return false\n }\n }\n\n return mixin(OrGuardMixin)\n}\n" }, { "path": "apps/api/src/auth/otel-collector.guard.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, ExecutionContext, Logger, CanActivate } from '@nestjs/common'\nimport { getAuthContext } from './get-auth-context'\nimport { isOtelCollectorContext } from '../common/interfaces/otel-collector-context.interface'\n\n@Injectable()\nexport class OtelCollectorGuard implements CanActivate {\n protected readonly logger = new Logger(OtelCollectorGuard.name)\n\n async canActivate(context: ExecutionContext): Promise {\n // Throws if not otel collector context\n getAuthContext(context, isOtelCollectorContext)\n return true\n }\n}\n" }, { "path": "apps/api/src/auth/runner-auth.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, CanActivate, ExecutionContext, Logger } from '@nestjs/common'\nimport { isRunnerContext } from '../common/interfaces/runner-context.interface'\nimport { getAuthContext } from './get-auth-context'\n\n@Injectable()\nexport class RunnerAuthGuard implements CanActivate {\n private readonly logger = new Logger(RunnerAuthGuard.name)\n\n async canActivate(context: ExecutionContext): Promise {\n // Throws if not runner context\n getAuthContext(context, isRunnerContext)\n return true\n }\n}\n" }, { "path": "apps/api/src/auth/system-action.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, ExecutionContext, Logger, CanActivate } from '@nestjs/common'\nimport { Reflector } from '@nestjs/core'\nimport { RequiredSystemRole, RequiredApiRole } from '../common/decorators/required-role.decorator'\nimport { SystemRole } from '../user/enums/system-role.enum'\nimport { ApiRole, AuthContext } from '../common/interfaces/auth-context.interface'\n\n@Injectable()\nexport class SystemActionGuard implements CanActivate {\n protected readonly logger = new Logger(SystemActionGuard.name)\n\n constructor(private readonly reflector: Reflector) {}\n\n async canActivate(context: ExecutionContext): Promise {\n const request = context.switchToHttp().getRequest()\n // TODO: initialize authContext safely\n const authContext: AuthContext = request.user\n\n let requiredRole: SystemRole | SystemRole[] | ApiRole | ApiRole[] =\n this.reflector.get(RequiredSystemRole, context.getHandler()) ||\n this.reflector.get(RequiredSystemRole, context.getClass())\n\n if (!requiredRole) {\n requiredRole =\n this.reflector.get(RequiredApiRole, context.getHandler()) ||\n this.reflector.get(RequiredApiRole, context.getClass())\n if (!requiredRole) {\n return true\n }\n }\n\n if (!Array.isArray(requiredRole)) {\n requiredRole = [requiredRole]\n }\n\n return (requiredRole as string[]).includes(authContext.role as string)\n }\n}\n" }, { "path": "apps/api/src/clickhouse/clickhouse.module.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module, Global } from '@nestjs/common'\nimport { ClickHouseService } from './clickhouse.service'\n\n@Global()\n@Module({\n providers: [ClickHouseService],\n exports: [ClickHouseService],\n})\nexport class ClickHouseModule {}\n" }, { "path": "apps/api/src/clickhouse/clickhouse.service.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger, OnModuleDestroy } from '@nestjs/common'\nimport { createClient, ClickHouseClient } from '@clickhouse/client'\nimport { TypedConfigService } from '../config/typed-config.service'\n\n@Injectable()\nexport class ClickHouseService implements OnModuleDestroy {\n private readonly logger = new Logger(ClickHouseService.name)\n private client: ClickHouseClient | null = null\n\n constructor(private readonly configService: TypedConfigService) {}\n\n private getClient(): ClickHouseClient | null {\n if (this.client) {\n return this.client\n }\n\n const config = this.configService.getClickHouseConfig()\n if (!config) {\n return null\n }\n\n this.client = createClient({\n url: config.url,\n username: config.username,\n password: config.password,\n database: config.database,\n })\n\n return this.client\n }\n\n async onModuleDestroy() {\n if (this.client) {\n await this.client.close()\n }\n }\n\n isConfigured(): boolean {\n return this.configService.getClickHouseConfig() !== null\n }\n\n async query(query: string, params?: Record): Promise {\n const client = this.getClient()\n if (!client) {\n this.logger.warn('ClickHouse is not configured')\n return []\n }\n\n try {\n const result = await client.query({\n query,\n query_params: params,\n format: 'JSONEachRow',\n clickhouse_settings: {\n date_time_input_format: 'best_effort',\n },\n })\n\n return (await result.json()) as T[]\n } catch (error) {\n this.logger.error('ClickHouse query failed:', error)\n throw error\n }\n }\n\n async queryOne(query: string, params?: Record): Promise {\n const results = await this.query(query, params)\n return results.length > 0 ? results[0] : null\n }\n}\n" }, { "path": "apps/api/src/clickhouse/index.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport * from './clickhouse.module'\nexport * from './clickhouse.service'\n" }, { "path": "apps/api/src/common/constants/constants.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const SANDBOX_EVENT_CHANNEL = 'sandbox.event.channel'\n" }, { "path": "apps/api/src/common/constants/error-messages.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const UPGRADE_TIER_MESSAGE = (dashboardUrl: string) =>\n `To increase concurrency limits, upgrade your organization's Tier by visiting ${dashboardUrl}/limits.`\n\nexport const ARCHIVE_SANDBOXES_MESSAGE = 'Consider archiving your unused Sandboxes to free up available storage.'\n\nexport const PER_SANDBOX_LIMIT_MESSAGE =\n 'Need higher resource limits per-sandbox? Contact us at support@daytona.io and let us know about your use case.'\n" }, { "path": "apps/api/src/common/constants/feature-flags.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const FeatureFlags = {\n ORGANIZATION_INFRASTRUCTURE: 'organization_infrastructure',\n SANDBOX_RESIZE: 'sandbox_resize',\n} as const\n" }, { "path": "apps/api/src/common/constants/header.constants.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const CustomHeaders: {\n [key: string]: {\n name: string\n description?: string\n required?: boolean\n schema?: {\n type?: string\n }\n }\n} = {\n ORGANIZATION_ID: {\n name: 'X-Daytona-Organization-ID',\n description: 'Use with JWT to specify the organization ID',\n required: false,\n schema: {\n type: 'string',\n },\n },\n SOURCE: {\n name: 'X-Daytona-Source',\n description: 'Use to specify the source of the request',\n required: false,\n schema: {\n type: 'string',\n },\n },\n SDK_VERSION: {\n name: 'X-Daytona-SDK-Version',\n description: 'Use to specify the version of the SDK',\n required: false,\n schema: {\n type: 'string',\n },\n },\n}\n" }, { "path": "apps/api/src/common/decorators/auth-context.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { createParamDecorator, ExecutionContext } from '@nestjs/common'\n\nexport const AuthContext = createParamDecorator((data: unknown, ctx: ExecutionContext) => {\n const request = ctx.switchToHttp().getRequest()\n return request.user\n})\n" }, { "path": "apps/api/src/common/decorators/autocommit-offset.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { KafkaContext } from '@nestjs/microservices'\n\n/**\n * Auto commit offset decorator for Kafka messages. The offset is committed only if the method completes successfully.\n * @returns A decorator function that commits the offset of the Kafka message.\n */\nexport function AutoCommitOffset(): MethodDecorator {\n return function (target: any, propertyKey: string | symbol, descriptor: PropertyDescriptor): PropertyDescriptor {\n const originalMethod = descriptor.value\n\n descriptor.value = async function (...args: any[]) {\n const result = await originalMethod.apply(this, args)\n\n // Find KafkaContext in arguments\n const context = args.find((arg) => arg instanceof KafkaContext)\n\n if (context) {\n const message = context.getMessage()\n const partition = context.getPartition()\n const topic = context.getTopic()\n const consumer = context.getConsumer()\n\n await consumer.commitOffsets([\n {\n topic,\n partition,\n offset: String(Number(message.offset) + 1),\n },\n ])\n }\n\n return result\n }\n\n return descriptor\n }\n}\n" }, { "path": "apps/api/src/common/decorators/distributed-lock.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { RedisLockProvider } from '../../sandbox/common/redis-lock.provider'\n\ntype DistributedLockOptions = {\n lockKey?: string\n lockTtl?: number\n}\n\n/**\n * Redis lock decorator for exclusive execution. The lock is released automatically when the method completes.\n * redisLockProvider is required to be injected in the class.\n * @param options - The options for the Redis lock\n * @param options.lockKey - The key to use for the Redis lock\n * @param options.lockTtl - Time to live for the lock in seconds\n * @returns A decorator function that handles Redis locking\n */\nexport function DistributedLock(options?: DistributedLockOptions): MethodDecorator {\n return function (target: any, propertyKey: string, descriptor: PropertyDescriptor) {\n const originalMethod = descriptor.value\n\n descriptor.value = async function (...args: any[]) {\n if (!this.redisLockProvider) {\n throw new Error(`@DistributedLock requires 'redisLockProvider' property on ${target.constructor.name}`)\n }\n\n const redisLockProvider: RedisLockProvider = this.redisLockProvider\n\n // Generate lock key\n const lockKey = `lock:${options?.lockKey ?? target.constructor.name}.${propertyKey}`\n\n // Set default TTL if not provided\n const lockTtlMs = options?.lockTtl || 30 // 30 seconds default\n\n const hasLock = await redisLockProvider.lock(lockKey, lockTtlMs)\n if (!hasLock) {\n return\n }\n try {\n return await originalMethod.apply(this, args)\n } finally {\n await redisLockProvider.unlock(lockKey)\n }\n }\n }\n}\n" }, { "path": "apps/api/src/common/decorators/log-execution.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Logger } from '@nestjs/common'\n\n// Parse threshold once at module load time\nlet LOG_THRESHOLD = parseInt(process.env.LOG_EXECUTION_THRESHOLD_MILLISECONDS, 10)\nif (isNaN(LOG_THRESHOLD) || LOG_THRESHOLD <= 0) {\n LOG_THRESHOLD = 1000 // Default to 1000ms if not set or invalid\n}\n\nexport function LogExecution(name?: string) {\n return function (target: any, propertyKey: string, descriptor: PropertyDescriptor) {\n const shouldLogExecutions = process.env.LOG_EXECUTIONS === 'true'\n if (!shouldLogExecutions) {\n return descriptor\n }\n\n // Wrap the original method with logging\n const originalMethod = descriptor.value\n const logger = new Logger(`Function:${target.constructor.name}`)\n\n descriptor.value = async function (...args: any[]) {\n const startTime = Date.now()\n const functionName = name || propertyKey\n\n try {\n const result = await originalMethod.apply(this, args)\n const duration = Date.now() - startTime\n\n if (duration > LOG_THRESHOLD) {\n logger.warn(`Function ${functionName} took a long time: ${duration}ms`)\n }\n\n return result\n } catch (error) {\n const duration = Date.now() - startTime\n logger.error(`Failed function: ${functionName} (took ${duration}ms)`, error.stack)\n throw error\n }\n }\n\n return descriptor\n }\n}\n" }, { "path": "apps/api/src/common/decorators/on-async-event.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { OnEvent, OnEventMetadata } from '@nestjs/event-emitter'\n\nexport function OnAsyncEvent({ event, options = {} }: OnEventMetadata): MethodDecorator {\n return OnEvent(event, {\n ...options,\n promisify: true,\n suppressErrors: false,\n })\n}\n" }, { "path": "apps/api/src/common/decorators/otel.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { trace, context, metrics, SpanStatusCode, Histogram } from '@opentelemetry/api'\nimport { applyDecorators } from '@nestjs/common'\n\n// Lazy initialization to ensure SDK is started before getting tracer/meter\nconst getTracer = () => trace.getTracer('')\nconst getMeter = () => metrics.getMeter('')\n\nconst executionHistograms = new Map()\n\n/**\n * Configuration options for span instrumentation\n */\nexport interface SpanConfig {\n /**\n * Custom name for the span. If not provided, uses `ClassName.methodName` format\n */\n name?: string\n /**\n * Additional attributes to attach to the span\n */\n attributes?: Record\n}\n\n/**\n * Configuration options for metric instrumentation\n */\nexport interface MetricConfig {\n /**\n * Custom name for the metric. If not provided, uses `ClassName.methodName` format\n */\n name?: string\n /**\n * Description for the metrics being collected\n */\n description?: string\n /**\n * Additional labels to attach to the metrics\n */\n labels?: Record\n}\n\n/**\n * Configuration options for the combined instrumentation decorator\n */\nexport interface InstrumentationConfig {\n /**\n * Custom name for the span and metric. If not provided, uses `ClassName.methodName` format\n */\n name?: string\n /**\n * Description for the metrics being collected\n */\n description?: string\n /**\n * Additional labels/attributes to attach to spans and metrics\n */\n labels?: Record\n /**\n * Enable trace collection (default: true)\n */\n enableTraces?: boolean\n /**\n * Enable metrics collection (default: true)\n */\n enableMetrics?: boolean\n}\n\n/**\n * Converts a string to snake_case for Prometheus-friendly metric names\n */\nfunction toSnakeCase(str: string): string {\n return str\n .replace(/([A-Z])/g, '_$1')\n .toLowerCase()\n .replace(/^_/, '')\n .replace(/\\./g, '_')\n}\n\n/**\n * Decorator for instrumenting methods with OpenTelemetry spans (traces only)\n *\n * @param config - Configuration object or string name for the span\n *\n */\nexport function WithSpan(config?: string | SpanConfig) {\n return (target: object, propertyKey: string | symbol, descriptor: PropertyDescriptor) => {\n const originalMethod = descriptor.value\n const methodName = String(propertyKey)\n\n descriptor.value = async function (...args: any[]) {\n const cfg: SpanConfig = typeof config === 'string' ? { name: config } : config || {}\n const { name, attributes = {} } = cfg\n\n const spanName = name || `${target.constructor.name}.${methodName}`\n\n const allAttributes = {\n component: target.constructor.name,\n method: methodName,\n ...attributes,\n }\n\n const span = getTracer().startSpan(\n spanName,\n {\n attributes: allAttributes,\n },\n context.active(),\n )\n\n return context.with(trace.setSpan(context.active(), span), async () => {\n try {\n const result = await originalMethod.apply(this, args)\n span.setStatus({ code: SpanStatusCode.OK })\n return result\n } catch (error) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: error instanceof Error ? error.message : String(error),\n })\n span.recordException(error instanceof Error ? error : new Error(String(error)))\n throw error\n } finally {\n span.end()\n }\n })\n }\n }\n}\n\n/**\n * Decorator for instrumenting methods with OpenTelemetry metrics (metrics only)\n *\n * Collects two metrics:\n * - Counter: `{name}_executions` - tracks number of executions with status (success/error)\n * - Histogram: `{name}_duration` - tracks execution duration in milliseconds\n *\n * @param config - Configuration object or string name for the metric\n *\n */\nexport function WithMetric(config?: string | MetricConfig) {\n return (target: object, propertyKey: string | symbol, descriptor: PropertyDescriptor) => {\n const originalMethod = descriptor.value\n const methodName = String(propertyKey)\n\n descriptor.value = async function (...args: any[]) {\n const cfg: MetricConfig = typeof config === 'string' ? { name: config } : config || {}\n const { name, description, labels = {} } = cfg\n\n const metricName = toSnakeCase(name || `${target.constructor.name}.${methodName}`)\n const allLabels = {\n component: target.constructor.name,\n method: methodName,\n ...labels,\n }\n\n // Get or create histogram for this method\n if (!executionHistograms.has(metricName)) {\n executionHistograms.set(\n metricName,\n getMeter().createHistogram(`${metricName}_duration`, {\n description: description || `Duration of executions for ${metricName}`,\n unit: 'ms',\n }),\n )\n }\n const histogram = executionHistograms.get(metricName)\n if (!histogram) {\n throw new Error(`Histogram not found for metric: ${metricName}`)\n }\n\n const startTime = Date.now()\n\n let status: 'success' | 'error' = 'success'\n try {\n const result = await originalMethod.apply(this, args)\n return result\n } catch (error) {\n status = 'error'\n throw error\n } finally {\n const duration = Date.now() - startTime\n histogram.record(duration, { ...allLabels, status })\n }\n }\n }\n}\n\n/**\n * Decorator for instrumenting methods with both OpenTelemetry traces and metrics\n *\n * This decorator composes @WithSpan and @WithMetric to provide both trace and metric collection.\n * You can selectively enable/disable traces or metrics using the config options.\n *\n * @param config - Configuration object or string name for the instrumentation\n */\nexport function WithInstrumentation(config?: string | InstrumentationConfig): MethodDecorator {\n const cfg: InstrumentationConfig = typeof config === 'string' ? { name: config } : config || {}\n const { enableTraces = true, enableMetrics = true, name, description, labels } = cfg\n\n const decorators: MethodDecorator[] = []\n\n if (enableTraces) {\n decorators.push(WithSpan({ name, attributes: labels }))\n }\n\n if (enableMetrics) {\n decorators.push(WithMetric({ name, description, labels }))\n }\n\n return applyDecorators(...decorators)\n}\n" }, { "path": "apps/api/src/common/decorators/page-limit.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { applyDecorators } from '@nestjs/common'\nimport { ApiProperty } from '@nestjs/swagger'\nimport { IsOptional, IsInt, Min, Max } from 'class-validator'\nimport { Type } from 'class-transformer'\n\nexport function PageLimit(defaultValue = 100) {\n return applyDecorators(\n ApiProperty({\n name: 'limit',\n description: 'Number of results per page',\n required: false,\n type: Number,\n minimum: 1,\n maximum: 200,\n default: defaultValue,\n }),\n IsOptional(),\n Type(() => Number),\n IsInt(),\n Min(1),\n Max(200),\n )\n}\n" }, { "path": "apps/api/src/common/decorators/page-number.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { applyDecorators } from '@nestjs/common'\nimport { ApiProperty } from '@nestjs/swagger'\nimport { IsOptional, IsInt, Min } from 'class-validator'\nimport { Type } from 'class-transformer'\n\nexport function PageNumber(defaultValue = 1) {\n return applyDecorators(\n ApiProperty({\n name: 'page',\n description: 'Page number of the results',\n required: false,\n type: Number,\n minimum: 1,\n default: defaultValue,\n }),\n IsOptional(),\n Type(() => Number),\n IsInt(),\n Min(1),\n )\n}\n" }, { "path": "apps/api/src/common/decorators/required-role.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Reflector } from '@nestjs/core'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { ApiRole } from '../interfaces/auth-context.interface'\n\nexport const RequiredSystemRole = Reflector.createDecorator()\nexport const RequiredApiRole = Reflector.createDecorator()\n" }, { "path": "apps/api/src/common/decorators/runner-context.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { createParamDecorator, ExecutionContext } from '@nestjs/common'\nimport { RunnerContext } from '../interfaces/runner-context.interface'\n\nexport const RunnerContextDecorator = createParamDecorator((data: unknown, ctx: ExecutionContext): RunnerContext => {\n const request = ctx.switchToHttp().getRequest()\n return request.user as RunnerContext\n})\n" }, { "path": "apps/api/src/common/decorators/throttler-scope.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { SetMetadata } from '@nestjs/common'\n\nexport const THROTTLER_SCOPE_KEY = 'throttler:scope'\n\n/**\n * Marks a route or controller with specific throttler scopes.\n * Only the specified throttlers will be applied to this route.\n * The 'authenticated' throttler always applies to authenticated routes.\n *\n * @example\n * // Apply sandbox-create throttler\n * @ThrottlerScope('sandbox-create')\n * @Post()\n * createSandbox() {}\n *\n * @example\n * // Apply multiple throttlers\n * @ThrottlerScope('sandbox-create', 'sandbox-lifecycle')\n * @Post()\n * createAndStart() {}\n */\nexport const ThrottlerScope = (...scopes: string[]) => SetMetadata(THROTTLER_SCOPE_KEY, scopes)\n" }, { "path": "apps/api/src/common/decorators/to-array.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Transform } from 'class-transformer'\n\n/**\n * Decorator that transforms a value to an array. Useful for query parameters that can be a single value or an array of values.\n *\n * If the value is a primitive, it will return a single element array. If the value is already an array, it will return it as is.\n */\nexport function ToArray() {\n return Transform(({ value }) => {\n return value ? (Array.isArray(value) ? value : [value]) : undefined\n })\n}\n" }, { "path": "apps/api/src/common/decorators/track-job-execution.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\n/**\n * Track job execution in activeJobs set.\n * @returns A decorator function that tracks execution of a job.\n */\nexport function TrackJobExecution() {\n return function (target: any, propertyKey: string, descriptor: PropertyDescriptor) {\n const original = descriptor.value\n\n descriptor.value = async function (...args: any[]) {\n if (!this.activeJobs) {\n throw new Error(`@TrackExecution requires 'activeJobs' property on ${target.constructor.name}`)\n }\n\n this.activeJobs.add(propertyKey)\n try {\n return await original.apply(this, args)\n } finally {\n this.activeJobs.delete(propertyKey)\n }\n }\n }\n}\n" }, { "path": "apps/api/src/common/dto/url.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsString } from 'class-validator'\n\n@ApiSchema({ name: 'Url' })\nexport class UrlDto {\n @ApiProperty({\n description: 'URL response',\n })\n @IsString()\n url: string\n\n constructor(url: string) {\n this.url = url\n }\n}\n" }, { "path": "apps/api/src/common/guards/anonymous-rate-limit.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, ExecutionContext } from '@nestjs/common'\nimport { Reflector } from '@nestjs/core'\nimport { ThrottlerGuard, ThrottlerModuleOptions, ThrottlerRequest, ThrottlerStorage } from '@nestjs/throttler'\nimport { Request } from 'express'\n\n@Injectable()\nexport class AnonymousRateLimitGuard extends ThrottlerGuard {\n constructor(options: ThrottlerModuleOptions, storageService: ThrottlerStorage, reflector: Reflector) {\n super(options, storageService, reflector)\n }\n\n protected async getTracker(req: Request): Promise {\n // For anonymous requests, use IP address as tracker\n const ip = req.ips.length ? req.ips[0] : req.ip\n return `anonymous:${ip}`\n }\n\n protected generateKey(context: ExecutionContext, suffix: string, name: string): string {\n // Override to make rate limiting per-rate-limit-type, not per-route\n // This ensures all routes share the same counter for anonymous rate limiting\n return `${name}-${suffix}`\n }\n\n async handleRequest(requestProps: ThrottlerRequest): Promise {\n const { throttler } = requestProps\n\n // Apply anonymous throttler to ALL requests (with or without Bearer tokens)\n // This ensures we catch invalid/malicious tokens before they reach authentication\n if (throttler.name === 'anonymous') {\n return super.handleRequest(requestProps)\n }\n\n // Skip other throttlers in this guard\n return true\n }\n}\n" }, { "path": "apps/api/src/common/guards/authenticated-rate-limit.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger, Inject, ExecutionContext, Optional } from '@nestjs/common'\nimport { ThrottlerGuard, ThrottlerRequest, ThrottlerModuleOptions, ThrottlerStorage } from '@nestjs/throttler'\nimport { Reflector } from '@nestjs/core'\nimport { Request } from 'express'\nimport { getRedisConnectionToken } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport { OrganizationService } from '../../organization/services/organization.service'\nimport { THROTTLER_SCOPE_KEY } from '../decorators/throttler-scope.decorator'\n\n@Injectable()\nexport class AuthenticatedRateLimitGuard extends ThrottlerGuard {\n private readonly logger = new Logger(AuthenticatedRateLimitGuard.name)\n\n constructor(\n options: ThrottlerModuleOptions,\n storageService: ThrottlerStorage,\n reflector: Reflector,\n @Inject(getRedisConnectionToken('throttler')) private readonly redis: Redis,\n @Optional() private readonly organizationService?: OrganizationService,\n ) {\n super(options, storageService, reflector)\n }\n\n protected async getTracker(req: Request): Promise {\n const user = req.user as any\n\n // Track by organization ID when available (shared quota per org)\n if (user?.organizationId) {\n return `auth:org:${user.organizationId}`\n }\n\n // Fallback to user ID for non-org routes (e.g., /users/me)\n if (user?.userId) {\n return `auth:user:${user.userId}`\n }\n\n // Ultimate fallback (shouldn't happen in normal flow)\n const ip = req.ips.length ? req.ips[0] : req.ip\n return `fallback:${ip}`\n }\n\n protected generateKey(context: ExecutionContext, suffix: string, name: string): string {\n // Override to make rate limiting per-rate-limit-type, not per-route\n // This ensures all routes share the same counter per rate limit type (authenticated, sandbox-create, sandbox-lifecycle)\n return `${name}-${suffix}`\n }\n\n async handleRequest(requestProps: ThrottlerRequest): Promise {\n const { context, throttler } = requestProps\n const request = context.switchToHttp().getRequest()\n const isAuthenticated = request.user && this.isValidAuthContext(request.user)\n\n // Skip rate limiting for M2M system roles (checked AFTER auth runs)\n if (this.isSystemRole(request.user)) {\n return true\n }\n\n // Skip anonymous throttler (handled by AnonymousRateLimitGuard on public routes)\n if (throttler.name === 'anonymous') {\n return true\n }\n\n // Skip failed-auth throttler (handled by FailedAuthRateLimitMiddleware and auth guards)\n if (throttler.name === 'failed-auth') {\n return true\n }\n\n // Check authenticated throttlers\n const authenticatedThrottlers = ['authenticated', 'sandbox-create', 'sandbox-lifecycle']\n if (authenticatedThrottlers.includes(throttler.name)) {\n if (isAuthenticated) {\n // Only 'authenticated' applies to all routes by default\n // 'sandbox-create' and 'sandbox-lifecycle' only apply if explicitly configured via @SkipThrottle or @Throttle\n const isDefaultThrottler = throttler.name === 'authenticated'\n\n if (!isDefaultThrottler) {\n // Sandbox throttlers (sandbox-create, sandbox-lifecycle) are opt-in only\n // Check if this route declares this throttler scope via @ThrottlerScope() decorator\n const scopes = this.reflector.getAllAndOverride(THROTTLER_SCOPE_KEY, [\n context.getHandler(),\n context.getClass(),\n ])\n\n // If the route hasn't declared this throttler in its scope, skip it\n if (!scopes || !scopes.includes(throttler.name)) {\n return true\n }\n }\n\n const user = request.user as any\n const orgId = user?.organizationId\n if (orgId) {\n const orgLimits = await this.getCachedOrganizationRateLimits(orgId)\n if (orgLimits) {\n const customLimit =\n throttler.name === 'authenticated'\n ? orgLimits.authenticated\n : throttler.name === 'sandbox-create'\n ? orgLimits.sandboxCreate\n : throttler.name === 'sandbox-lifecycle'\n ? orgLimits.sandboxLifecycle\n : undefined\n\n const customTtlSeconds =\n throttler.name === 'authenticated'\n ? orgLimits.authenticatedTtlSeconds\n : throttler.name === 'sandbox-create'\n ? orgLimits.sandboxCreateTtlSeconds\n : throttler.name === 'sandbox-lifecycle'\n ? orgLimits.sandboxLifecycleTtlSeconds\n : undefined\n\n if (customLimit != null || customTtlSeconds != null) {\n const modifiedProps = {\n ...requestProps,\n ...(customLimit != null && { limit: customLimit }),\n ...(customTtlSeconds != null && {\n ttl: customTtlSeconds * 1000,\n blockDuration: customTtlSeconds * 1000,\n }),\n }\n return super.handleRequest(modifiedProps)\n }\n }\n }\n return super.handleRequest(requestProps)\n }\n return true\n }\n\n // For any other throttlers, defer to base ThrottlerGuard\n if (isAuthenticated) {\n return super.handleRequest(requestProps)\n }\n return true\n }\n\n private isValidAuthContext(user: any): boolean {\n return user && (user.userId || user.role)\n }\n\n private isSystemRole(user: any): boolean {\n // Skip rate limiting for M2M system roles (proxy, runner, ssh-gateway)\n return user?.role === 'ssh-gateway' || user?.role === 'proxy' || user?.role === 'runner'\n }\n\n private async getCachedOrganizationRateLimits(organizationId: string): Promise<{\n authenticated: number | null\n sandboxCreate: number | null\n sandboxLifecycle: number | null\n authenticatedTtlSeconds: number | null\n sandboxCreateTtlSeconds: number | null\n sandboxLifecycleTtlSeconds: number | null\n } | null> {\n // If OrganizationService is not available (e.g., in UserModule), use default rate limits\n if (!this.organizationService) {\n return null\n }\n\n try {\n const cacheKey = `organization:rate-limits:${organizationId}`\n const cachedLimits = await this.redis.get(cacheKey)\n\n if (cachedLimits) {\n return JSON.parse(cachedLimits)\n }\n\n const organization = await this.organizationService.findOne(organizationId)\n if (organization) {\n const limits = {\n authenticated: organization.authenticatedRateLimit,\n sandboxCreate: organization.sandboxCreateRateLimit,\n sandboxLifecycle: organization.sandboxLifecycleRateLimit,\n authenticatedTtlSeconds: organization.authenticatedRateLimitTtlSeconds,\n sandboxCreateTtlSeconds: organization.sandboxCreateRateLimitTtlSeconds,\n sandboxLifecycleTtlSeconds: organization.sandboxLifecycleRateLimitTtlSeconds,\n }\n await this.redis.set(cacheKey, JSON.stringify(limits), 'EX', 60)\n return limits\n }\n\n return null\n } catch (error) {\n this.logger.error('Error getting cached organization rate limits:', error)\n return null\n }\n }\n}\n" }, { "path": "apps/api/src/common/interceptors/content-type.interceptors.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, NestInterceptor, ExecutionContext, CallHandler, Logger } from '@nestjs/common'\nimport { Observable } from 'rxjs'\n\n@Injectable()\nexport class ContentTypeInterceptor implements NestInterceptor {\n private readonly logger = new Logger(ContentTypeInterceptor.name)\n\n async intercept(context: ExecutionContext, next: CallHandler): Promise> {\n const request = context.switchToHttp().getRequest()\n\n // Check if we have raw body data but no parsed body\n if (request.readable) {\n // Create a promise to handle the body parsing\n await new Promise((resolve, reject) => {\n let rawBody = ''\n\n // Collect the raw body data\n request.on('data', (chunk: Buffer) => {\n rawBody += chunk.toString()\n })\n\n // Once we have all the data, try to parse it as JSON\n request.on('end', () => {\n try {\n if (rawBody) {\n request.body = JSON.parse(rawBody)\n request.headers['content-type'] = 'application/json'\n }\n resolve()\n } catch (e) {\n this.logger.error('Failed to parse JSON body:', e)\n resolve() // Still resolve even on error to prevent hanging\n }\n })\n\n // Handle potential errors\n request.on('error', (error) => {\n this.logger.error('Error reading request body:', error)\n reject(error)\n })\n })\n }\n\n // Add Content-Type header if it's missing and there's a request body\n if (request.body && Object.keys(request.body).length > 0 && !request.get('content-type')) {\n request.headers['content-type'] = 'application/json'\n }\n\n return next.handle()\n }\n}\n" }, { "path": "apps/api/src/common/interfaces/auth-context.interface.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiKey } from '../../api-key/api-key.entity'\nimport { OrganizationUser } from '../../organization/entities/organization-user.entity'\nimport { Organization } from '../../organization/entities/organization.entity'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { ProxyContext } from './proxy-context.interface'\nimport { RunnerContext } from './runner-context.interface'\nimport { SshGatewayContext } from './ssh-gateway-context.interface'\nimport { RegionProxyContext } from './region-proxy.interface'\nimport { RegionSSHGatewayContext } from './region-ssh-gateway.interface'\nimport { OtelCollectorContext } from './otel-collector-context.interface'\nimport { HealthCheckContext } from './health-check-context.interface'\n\nexport interface BaseAuthContext {\n role: ApiRole\n}\n\nexport type ApiRole =\n | SystemRole\n | 'proxy'\n | 'runner'\n | 'ssh-gateway'\n | 'region-proxy'\n | 'region-ssh-gateway'\n | 'otel-collector'\n | 'health-check'\n\nexport interface AuthContext extends BaseAuthContext {\n userId: string\n email: string\n apiKey?: ApiKey\n organizationId?: string\n runnerId?: string\n}\n\nexport function isAuthContext(user: BaseAuthContext): user is AuthContext {\n return 'userId' in user\n}\n\nexport interface OrganizationAuthContext extends AuthContext {\n organizationId: string\n organization: Organization\n organizationUser?: OrganizationUser\n}\n\nexport function isOrganizationAuthContext(user: BaseAuthContext): user is OrganizationAuthContext {\n return 'organizationId' in user\n}\n\nexport type AuthContextType =\n | AuthContext\n | OrganizationAuthContext\n | ProxyContext\n | RunnerContext\n | SshGatewayContext\n | RegionProxyContext\n | RegionSSHGatewayContext\n | OtelCollectorContext\n | HealthCheckContext\n" }, { "path": "apps/api/src/common/interfaces/health-check-context.interface.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { BaseAuthContext } from './auth-context.interface'\n\nexport interface HealthCheckContext extends BaseAuthContext {\n role: 'health-check'\n}\n\nexport function isHealthCheckContext(user: BaseAuthContext): user is HealthCheckContext {\n return 'role' in user && user.role === 'health-check'\n}\n" }, { "path": "apps/api/src/common/interfaces/otel-collector-context.interface.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { BaseAuthContext } from './auth-context.interface'\n\nexport interface OtelCollectorContext extends BaseAuthContext {\n role: 'otel-collector'\n}\n\nexport function isOtelCollectorContext(user: BaseAuthContext): user is OtelCollectorContext {\n return 'role' in user && user.role === 'otel-collector'\n}\n" }, { "path": "apps/api/src/common/interfaces/otel-config.interface.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport interface OTELConfig {\n enabled: boolean\n endpoint: string\n headers: Record\n}\n" }, { "path": "apps/api/src/common/interfaces/paginated-list.interface.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport interface PaginatedList {\n items: T[]\n total: number\n page: number\n totalPages: number\n nextToken?: string\n}\n" }, { "path": "apps/api/src/common/interfaces/proxy-context.interface.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { BaseAuthContext } from './auth-context.interface'\n\nexport interface ProxyContext extends BaseAuthContext {\n role: 'proxy'\n}\n\nexport function isProxyContext(user: BaseAuthContext): user is ProxyContext {\n return 'role' in user && user.role === 'proxy'\n}\n" }, { "path": "apps/api/src/common/interfaces/region-proxy.interface.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { BaseAuthContext } from './auth-context.interface'\n\nexport interface RegionProxyContext extends BaseAuthContext {\n role: 'region-proxy'\n regionId: string\n}\n\nexport function isRegionProxyContext(user: BaseAuthContext): user is RegionProxyContext {\n return 'role' in user && user.role === 'region-proxy'\n}\n" }, { "path": "apps/api/src/common/interfaces/region-ssh-gateway.interface.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { BaseAuthContext } from './auth-context.interface'\n\nexport interface RegionSSHGatewayContext extends BaseAuthContext {\n role: 'region-ssh-gateway'\n regionId: string\n}\n\nexport function isRegionSSHGatewayContext(user: BaseAuthContext): user is RegionSSHGatewayContext {\n return 'role' in user && user.role === 'region-ssh-gateway'\n}\n" }, { "path": "apps/api/src/common/interfaces/runner-context.interface.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { BaseAuthContext } from './auth-context.interface'\nimport { Runner } from '../../sandbox/entities/runner.entity'\n\nexport interface RunnerContext extends BaseAuthContext {\n role: 'runner'\n runnerId: string\n runner: Runner\n}\n\nexport function isRunnerContext(user: BaseAuthContext): user is RunnerContext {\n return 'role' in user && user.role === 'runner'\n}\n" }, { "path": "apps/api/src/common/interfaces/ssh-gateway-context.interface.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { BaseAuthContext } from './auth-context.interface'\n\nexport interface SshGatewayContext extends BaseAuthContext {\n role: 'ssh-gateway'\n}\n\nexport function isSshGatewayContext(user: BaseAuthContext): user is SshGatewayContext {\n return 'role' in user && user.role === 'ssh-gateway'\n}\n" }, { "path": "apps/api/src/common/interfaces/trackable-job-executions.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport interface TrackableJobExecutions {\n activeJobs: Set\n}\n" }, { "path": "apps/api/src/common/middleware/failed-auth-rate-limit.middleware.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, NestMiddleware, Inject, Logger } from '@nestjs/common'\nimport { Request, Response, NextFunction } from 'express'\nimport { ThrottlerException } from '@nestjs/throttler'\nimport { getRedisConnectionToken } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { setRateLimitHeaders } from '../utils/rate-limit-headers.util'\n\n/**\n * Middleware that checks if an IP is blocked due to too many failed auth attempts.\n * Runs BEFORE auth guards to block requests early and prevent wasting resources on auth.\n *\n * Flow:\n * 1. Request comes in\n * 2. This middleware checks Redis if IP has exceeded failed auth limit (isBlocked)\n * 3. If blocked: return 429 with rate limit headers immediately\n * 4. If not blocked: continue to auth guards\n */\n@Injectable()\nexport class FailedAuthRateLimitMiddleware implements NestMiddleware {\n private readonly logger = new Logger(FailedAuthRateLimitMiddleware.name)\n\n constructor(\n @Inject(getRedisConnectionToken('throttler')) private readonly redis: Redis,\n private readonly configService: TypedConfigService,\n ) {}\n\n async use(req: Request, res: Response, next: NextFunction) {\n const ip = req.ips.length ? req.ips[0] : req.ip\n const throttlerName = 'failed-auth'\n const tracker = `${throttlerName}:${ip}`\n\n // Get failed-auth config from TypedConfigService\n const failedAuthConfig = this.configService.get('rateLimit.failedAuth')\n\n if (!failedAuthConfig || !failedAuthConfig.ttl || !failedAuthConfig.limit) {\n // If failed-auth throttler is not configured, skip\n return next()\n }\n\n try {\n // Build the Redis key (same format as ThrottlerStorageRedisService)\n const keyPrefix = this.redis.options.keyPrefix || ''\n const key = `${throttlerName}-${tracker}`\n const blockedKey = `${keyPrefix}{${key}:${throttlerName}}:blocked`\n\n // Check if IP is blocked\n const isBlocked = await this.redis.get(blockedKey)\n\n if (isBlocked) {\n // Get TTL for the blocked key\n const ttl = await this.redis.pttl(blockedKey)\n const ttlSeconds = Math.ceil(ttl / 1000)\n\n // Set rate limit headers to inform client\n setRateLimitHeaders(res, {\n throttlerName,\n limit: failedAuthConfig.limit,\n remaining: 0,\n resetSeconds: ttlSeconds,\n retryAfterSeconds: ttlSeconds,\n })\n\n throw new ThrottlerException()\n }\n\n // Not blocked, continue to auth guards\n next()\n } catch (error) {\n if (error instanceof ThrottlerException) {\n throw error\n }\n // If there's an error checking the rate limit, log it and allow the request to continue\n // We don't want rate limiting failures to block legitimate requests\n this.logger.error('Failed to check failed-auth rate limit:', error)\n next()\n }\n }\n}\n" }, { "path": "apps/api/src/common/middleware/maintenance.middleware.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, NestMiddleware, HttpException, HttpStatus } from '@nestjs/common'\nimport { Request, Response, NextFunction } from 'express'\nimport { TypedConfigService } from '../../config/typed-config.service'\n\n@Injectable()\nexport class MaintenanceMiddleware implements NestMiddleware {\n constructor(private readonly configService: TypedConfigService) {}\n\n use(req: Request, res: Response, next: NextFunction) {\n const isMaintenanceMode = this.configService.get('maintananceMode')\n\n if (isMaintenanceMode) {\n throw new HttpException(\n {\n statusCode: HttpStatus.SERVICE_UNAVAILABLE,\n message: 'Service is currently under maintenance. Please try again later.',\n error: 'Service Unavailable',\n },\n HttpStatus.SERVICE_UNAVAILABLE,\n )\n }\n\n next()\n }\n}\n" }, { "path": "apps/api/src/common/middleware/version-header.middleware.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, NestMiddleware } from '@nestjs/common'\nimport { Request, Response, NextFunction } from 'express'\nimport { TypedConfigService } from '../../config/typed-config.service'\n\n@Injectable()\nexport class VersionHeaderMiddleware implements NestMiddleware {\n private readonly version: string | undefined\n\n constructor(private readonly configService: TypedConfigService) {\n this.version = this.configService.get('version')\n }\n\n use(req: Request, res: Response, next: NextFunction) {\n if (this.version) {\n res.setHeader('X-Daytona-Api-Version', `${this.version}`)\n }\n next()\n }\n}\n" }, { "path": "apps/api/src/common/modules/body-parser-error.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module, OnModuleInit, BadRequestException } from '@nestjs/common'\nimport { HttpAdapterHost } from '@nestjs/core'\nimport { Request, Response, NextFunction } from 'express'\n@Module({})\nexport class BodyParserErrorModule implements OnModuleInit {\n constructor(private readonly httpAdapterHost: HttpAdapterHost) {}\n\n onModuleInit() {\n const app = this.httpAdapterHost.httpAdapter.getInstance()\n\n app.use((err: Error & { body?: unknown }, req: Request, res: Response, next: NextFunction) => {\n if (err instanceof SyntaxError && 'body' in err) {\n const response = new BadRequestException('Invalid JSON in request body').getResponse()\n return res.status(400).json(response)\n }\n\n next(err)\n })\n }\n}\n" }, { "path": "apps/api/src/common/providers/openfeature-posthog.provider.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport type { EvaluationContext, Provider, ResolutionDetails, Hook, JsonValue, Logger } from '@openfeature/server-sdk'\nimport { TypeMismatchError, StandardResolutionReasons, ErrorCode } from '@openfeature/server-sdk'\nimport { PostHog } from 'posthog-node'\nimport type { PostHogOptions } from 'posthog-node'\n\nexport interface OpenFeaturePostHogProviderConfig {\n /** PostHog project API key (starts with phc_) - if not provided, all flags return default values */\n apiKey?: string\n /** Optional PostHog client options */\n clientOptions?: PostHogOptions\n /** Whether to evaluate flags locally (default: false) */\n evaluateLocally?: boolean\n}\n\nexport class OpenFeaturePostHogProvider implements Provider {\n readonly metadata = {\n name: 'simple-posthog-provider',\n } as const\n\n private readonly client?: PostHog\n private readonly evaluateLocally: boolean\n private readonly isConfigured: boolean\n\n constructor(config: OpenFeaturePostHogProviderConfig = {}) {\n this.evaluateLocally = config.evaluateLocally ?? false\n this.isConfigured = !!config.apiKey\n\n if (config.apiKey) {\n try {\n this.client = new PostHog(config.apiKey, config.clientOptions)\n } catch (error) {\n console.warn('Failed to initialize PostHog client:', error)\n }\n }\n }\n\n async resolveBooleanEvaluation(\n flagKey: string,\n defaultValue: boolean,\n context: EvaluationContext,\n logger: Logger,\n ): Promise> {\n logger.debug(`Evaluating flag ${flagKey} with context and default value:`, context, defaultValue)\n const result = await this.evaluateFlag(flagKey, defaultValue, context, logger)\n\n if (typeof result.value === 'boolean') {\n return result as ResolutionDetails\n }\n\n throw new TypeMismatchError(`Flag ${flagKey} expected boolean, got ${typeof result.value}`)\n }\n\n async resolveStringEvaluation(\n flagKey: string,\n defaultValue: string,\n context: EvaluationContext,\n logger: Logger,\n ): Promise> {\n const result = await this.evaluateFlag(flagKey, defaultValue, context, logger)\n\n if (typeof result.value === 'string') {\n return result as ResolutionDetails\n }\n\n throw new TypeMismatchError(`Flag ${flagKey} expected string, got ${typeof result.value}`)\n }\n\n async resolveNumberEvaluation(\n flagKey: string,\n defaultValue: number,\n context: EvaluationContext,\n logger: Logger,\n ): Promise> {\n const result = await this.evaluateFlag(flagKey, defaultValue, context, logger)\n\n if (typeof result.value === 'number') {\n return result as ResolutionDetails\n }\n\n throw new TypeMismatchError(`Flag ${flagKey} expected number, got ${typeof result.value}`)\n }\n\n async resolveObjectEvaluation(\n flagKey: string,\n defaultValue: T,\n context: EvaluationContext,\n logger: Logger,\n ): Promise> {\n // If PostHog is not configured, return default value\n if (!this.isConfigured || !this.client) {\n logger.debug(`PostHog not configured, returning default value for flag ${flagKey}`)\n return {\n value: defaultValue,\n reason: StandardResolutionReasons.DEFAULT,\n }\n }\n\n const targetingKey = this.getTargetingKey(context)\n\n if (!targetingKey) {\n return {\n value: defaultValue,\n reason: StandardResolutionReasons.ERROR,\n errorCode: ErrorCode.GENERAL,\n }\n }\n\n try {\n const flagContext = this.buildFlagContext(context)\n const payload = await this.client.getFeatureFlagPayload(flagKey, targetingKey, undefined, {\n onlyEvaluateLocally: this.evaluateLocally,\n sendFeatureFlagEvents: true,\n ...flagContext,\n })\n\n if (payload === undefined) {\n return {\n value: defaultValue,\n reason: StandardResolutionReasons.DEFAULT,\n errorCode: ErrorCode.FLAG_NOT_FOUND,\n }\n }\n\n return {\n value: payload as T,\n reason: StandardResolutionReasons.TARGETING_MATCH,\n }\n } catch (error) {\n logger.error(`Error evaluating flag ${flagKey}:`, error)\n return {\n value: defaultValue,\n reason: StandardResolutionReasons.ERROR,\n errorCode: ErrorCode.GENERAL,\n }\n }\n }\n\n private async evaluateFlag(\n flagKey: string,\n defaultValue: any,\n context: EvaluationContext,\n logger: Logger,\n ): Promise> {\n // If PostHog is not configured, return default value\n if (!this.isConfigured || !this.client) {\n logger.debug(`PostHog not configured, returning default value for flag ${flagKey}`)\n return {\n value: defaultValue,\n reason: StandardResolutionReasons.DEFAULT,\n }\n }\n\n const targetingKey = this.getTargetingKey(context)\n\n if (!targetingKey) {\n logger.warn('No targetingKey provided in context')\n return {\n value: defaultValue,\n reason: StandardResolutionReasons.ERROR,\n errorCode: ErrorCode.GENERAL,\n }\n }\n\n try {\n const flagContext = this.buildFlagContext(context)\n const flagValue = await this.client.getFeatureFlag(flagKey, targetingKey, {\n onlyEvaluateLocally: this.evaluateLocally,\n sendFeatureFlagEvents: true,\n ...flagContext,\n })\n\n if (flagValue === undefined) {\n return {\n value: defaultValue,\n reason: StandardResolutionReasons.DEFAULT,\n errorCode: ErrorCode.FLAG_NOT_FOUND,\n }\n }\n\n return {\n value: flagValue,\n reason: StandardResolutionReasons.TARGETING_MATCH,\n }\n } catch (error) {\n logger.error(`Error evaluating flag ${flagKey}:`, error)\n return {\n value: defaultValue,\n reason: StandardResolutionReasons.ERROR,\n errorCode: ErrorCode.GENERAL,\n }\n }\n }\n\n private getTargetingKey(context: EvaluationContext): string | undefined {\n return context.targetingKey\n }\n\n private buildFlagContext(context: EvaluationContext) {\n const flagContext: {\n groups?: Record\n groupProperties?: Record>\n personProperties?: Record\n } = {}\n\n // Extract groups from context\n if (context.groups) {\n flagContext.groups = context.groups as Record\n }\n\n // Extract custom properties\n if (context.personProperties) {\n flagContext.personProperties = context.personProperties as Record\n }\n\n if (context.groupProperties) {\n flagContext.groupProperties = context.groupProperties as Record>\n }\n\n // Use organizationId from context attributes\n if (context.organizationId && !flagContext.groups?.organization) {\n flagContext.groups = {\n ...flagContext.groups,\n organization: context.organizationId as string,\n }\n }\n\n return flagContext\n }\n\n get hooks(): Hook[] {\n return []\n }\n\n async onClose(): Promise {\n if (this.client) {\n await this.client.shutdown()\n }\n }\n}\n" }, { "path": "apps/api/src/common/repositories/base.repository.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Repository,\n DataSource,\n FindOptionsWhere,\n FindOneOptions,\n FindManyOptions,\n EntityTarget,\n SelectQueryBuilder,\n DeleteResult,\n} from 'typeorm'\nimport { ObjectLiteral } from 'typeorm/common/ObjectLiteral'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\n\n/**\n * Abstract base repository class that provides common CRUD operations with event emission.\n *\n * @template TEntity - The entity class this repository manages\n */\nexport abstract class BaseRepository {\n protected repository: Repository\n\n constructor(\n protected readonly dataSource: DataSource,\n protected readonly eventEmitter: EventEmitter2,\n protected readonly entityClass: EntityTarget,\n ) {\n this.repository = this.dataSource.getRepository(entityClass)\n }\n\n /**\n * See reference for {@link Repository.findOne}\n */\n async findOne(options: FindOneOptions): Promise {\n return this.repository.findOne(options)\n }\n\n /**\n * See reference for {@link Repository.findOneBy}\n */\n async findOneBy(where: FindOptionsWhere | FindOptionsWhere[]): Promise {\n return this.repository.findOneBy(where)\n }\n\n /**\n * See reference for {@link Repository.findOneByOrFail}\n */\n async findOneByOrFail(where: FindOptionsWhere | FindOptionsWhere[]): Promise {\n return this.repository.findOneByOrFail(where)\n }\n\n /**\n * See reference for {@link Repository.findOneOrFail}\n */\n async findOneOrFail(options: FindOneOptions): Promise {\n return this.repository.findOneOrFail(options)\n }\n\n /**\n * See reference for {@link Repository.find}\n */\n async find(options?: FindManyOptions): Promise {\n return this.repository.find(options)\n }\n\n /**\n * See reference for {@link Repository.findAndCount}\n */\n async findAndCount(options?: FindManyOptions): Promise<[TEntity[], number]> {\n return this.repository.findAndCount(options)\n }\n\n /**\n * See reference for {@link Repository.count}\n */\n async count(options?: FindManyOptions): Promise {\n return this.repository.count(options)\n }\n\n /**\n * Returns the entity manager for the repository. Use this only when you need to perform raw SQL queries.\n *\n * See reference for {@link Repository.manager}\n */\n get manager() {\n return this.repository.manager\n }\n\n /**\n * See reference for {@link Repository.createQueryBuilder}\n */\n createQueryBuilder(alias?: string): SelectQueryBuilder {\n return this.repository.createQueryBuilder(alias)\n }\n\n /**\n * See reference for {@link Repository.delete}\n */\n async delete(criteria: FindOptionsWhere | FindOptionsWhere[]): Promise {\n return this.repository.delete(criteria)\n }\n\n /**\n * Inserts a new entity into the database.\n *\n * Uses {@link Repository.insert} to insert the entity into the database.\n *\n * @returns The inserted entity.\n */\n abstract insert(entity: TEntity): Promise\n\n /**\n * Partially updates an entity in the database.\n *\n * Uses {@link Repository.update} to update the entity in the database.\n *\n * @param id - The ID of the entity to update.\n * @param params.updateData - The partial data to update.\n * @param params.entity - Optional pre-fetched entity to use instead of fetching from the database when not performing a raw update.\n * @param raw - If true, performs only the database update via {@link Repository.update},\n * skipping entity fetching, domain logic (validation, derived fields), and event emission.\n *\n * @returns The updated entity or void if `raw` is true.\n */\n abstract update(id: string, params: { updateData: Partial; entity?: TEntity }, raw: true): Promise\n abstract update(id: string, params: { updateData: Partial; entity?: TEntity }, raw?: false): Promise\n abstract update(\n id: string,\n params: { updateData: Partial; entity?: TEntity },\n raw?: boolean,\n ): Promise\n}\n" }, { "path": "apps/api/src/common/utils/api-key.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport * as crypto from 'crypto'\n\nexport function generateRandomString(size: number): string {\n return crypto.randomBytes(size).toString('hex')\n}\n\nexport function generateApiKeyValue(): string {\n return `dtn_${generateRandomString(32)}`\n}\n\nexport function generateApiKeyHash(value: string): string {\n return crypto.createHash('sha256').update(value).digest('hex')\n}\n" }, { "path": "apps/api/src/common/utils/app-mode.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\ntype AppMode = 'api' | 'worker' | 'all'\n\nlet appMode = process.env.APP_MODE as AppMode\n\n// Default to all mode if no app mode is set\nif (!appMode) {\n appMode = 'all'\n}\n\n// Validate app mode\nif (!Object.values(['api', 'worker', 'all']).includes(appMode)) {\n throw new Error(`Invalid app mode: ${appMode}`)\n}\n\n/**\n * Returns true if the API should be started\n */\nexport function isApiEnabled(): boolean {\n return appMode === 'api' || appMode === 'all'\n}\n\n/**\n * Returns true if the worker should be started\n */\nexport function isWorkerEnabled(): boolean {\n return appMode === 'worker' || appMode === 'all'\n}\n\n/**\n * Returns the app mode\n */\nexport function getAppMode(): AppMode {\n return appMode\n}\n" }, { "path": "apps/api/src/common/utils/delete-s3-bucket.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n S3Client,\n ListObjectsV2Command,\n DeleteObjectsCommand,\n ListObjectVersionsCommand,\n DeleteBucketCommand,\n} from '@aws-sdk/client-s3'\n\nexport async function deleteS3Bucket(s3: S3Client, bucket: string): Promise {\n // First delete all object versions & delete markers (if any exist)\n let keyMarker: string | undefined\n let versionIdMarker: string | undefined\n do {\n const versions = await s3.send(\n new ListObjectVersionsCommand({\n Bucket: bucket,\n KeyMarker: keyMarker,\n VersionIdMarker: versionIdMarker,\n }),\n )\n const items = [\n ...(versions.Versions || []).map((v) => ({ Key: v.Key, VersionId: v.VersionId })),\n ...(versions.DeleteMarkers || []).map((d) => ({ Key: d.Key, VersionId: d.VersionId })),\n ]\n if (items.length) {\n await s3.send(\n new DeleteObjectsCommand({\n Bucket: bucket,\n Delete: { Objects: items, Quiet: true },\n }),\n )\n }\n keyMarker = versions.NextKeyMarker\n versionIdMarker = versions.NextVersionIdMarker\n } while (keyMarker || versionIdMarker)\n\n // Then delete any remaining live objects (for unversioned buckets)\n let continuationToken: string | undefined\n do {\n const list = await s3.send(\n new ListObjectsV2Command({\n Bucket: bucket,\n ContinuationToken: continuationToken,\n }),\n )\n if (list.Contents && list.Contents.length) {\n await s3.send(\n new DeleteObjectsCommand({\n Bucket: bucket,\n Delete: {\n Objects: list.Contents.map((o) => ({ Key: o.Key })),\n Quiet: true,\n },\n }),\n )\n }\n continuationToken = list.NextContinuationToken\n } while (continuationToken)\n\n // Finally delete the (now-empty) bucket\n await s3.send(new DeleteBucketCommand({ Bucket: bucket }))\n}\n" }, { "path": "apps/api/src/common/utils/docker-image.util.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\n/**\n * Interface representing parsed Docker image information\n */\nexport interface DockerImageInfo {\n /** The full registry hostname (e.g. 'registry:5000' or 'docker.io') */\n registry?: string\n /** The project/organization name (e.g. 'test' in 'registry:5000/test/image') */\n project?: string\n /** The repository/image name (e.g. 'image' in 'registry:5000/test/image') */\n repository: string\n /** The tag or digest (e.g. 'latest' or 'sha256:123...') */\n tag?: string\n /** The full original image name */\n originalName: string\n}\n\nexport class DockerImage implements DockerImageInfo {\n registry?: string\n project?: string\n repository: string\n tag?: string\n originalName: string\n\n constructor(info: DockerImageInfo) {\n this.registry = info.registry\n this.project = info.project\n this.repository = info.repository\n this.tag = info.tag\n this.originalName = info.originalName\n }\n\n getFullName(): string {\n let name = this.repository\n if (this.project) {\n name = `${this.project}/${name}`\n }\n if (this.registry) {\n name = `${this.registry}/${name}`\n }\n if (this.tag) {\n name = `${name}:${this.tag}`\n }\n return name\n }\n}\n\n/**\n * Parses a Docker image name into its component parts\n *\n * @param imageName - The full image name (e.g. 'registry:5000/test/image:latest')\n * @returns Parsed image information\n *\n * Examples:\n * - registry:5000/test/image:latest -> { registry: 'registry:5000', project: 'test', repository: 'image', tag: 'latest' }\n * - docker.io/library/ubuntu:20.04 -> { registry: 'docker.io', project: 'library', repository: 'ubuntu', tag: '20.04' }\n * - ubuntu:20.04 -> { registry: undefined, project: undefined, repository: 'ubuntu', tag: '20.04' }\n * - ubuntu -> { registry: undefined, project: undefined, repository: 'ubuntu', tag: undefined }\n */\nexport function parseDockerImage(imageName: string): DockerImage {\n // Handle empty or invalid input\n if (!imageName) {\n throw new Error('Image name cannot be empty')\n }\n\n const result: DockerImageInfo = {\n originalName: imageName,\n repository: '',\n }\n\n // Check for digest format first\n let parts: string[] = []\n if (imageName.includes('@sha256:')) {\n const [nameWithoutDigest, digest] = imageName.split('@sha256:')\n if (!nameWithoutDigest || !digest || !/^[a-f0-9]{64}$/.test(digest)) {\n throw new Error('Invalid digest format. Must be image@sha256:64_hex_characters')\n }\n result.tag = `sha256:${digest}`\n // Split remaining parts\n parts = nameWithoutDigest.split('/')\n\n // Throw if a part is empty\n if (parts.some((part) => part === '')) {\n throw new Error('Invalid image name. A part is empty')\n }\n } else {\n const lastSlashIndex = imageName.lastIndexOf('/')\n const lastColonIndex = imageName.lastIndexOf(':')\n const hasTag = lastColonIndex > lastSlashIndex\n\n const nameWithoutTag = hasTag ? imageName.substring(0, lastColonIndex) : imageName\n if (hasTag) {\n result.tag = imageName.substring(lastColonIndex + 1)\n }\n // Split remaining parts\n parts = nameWithoutTag.split('/')\n }\n\n // Check if first part looks like a registry hostname (contains '.' or ':' or is 'localhost')\n if (parts.length >= 2 && (parts[0].includes('.') || parts[0].includes(':') || parts[0] === 'localhost')) {\n result.registry = parts[0]\n parts.shift() // Remove registry part\n }\n\n // Handle remaining parts\n if (parts.length >= 2) {\n // Format: [registry/]project/repository\n result.project = parts.slice(0, -1).join('/')\n result.repository = parts[parts.length - 1]\n } else {\n // Format: repository\n result.repository = parts[0]\n }\n\n return new DockerImage(result)\n}\n\n/**\n * Checks if the Dockerfile content contains any FROM images that may require registry credentials.\n * This includes:\n * - Private registry images (e.g., 'myregistry.com/image', 'registry:5000/image')\n * - Private Docker Hub images (e.g., 'username/my-private-image')\n *\n * @param dockerfileContent - The full Dockerfile content as a string\n * @returns true if any FROM image may require credentials, false otherwise\n *\n * Example:\n * - FROM node:18 -> false (public Docker Hub library image)\n * - FROM username/my-image:0.0.1 -> true (private Docker Hub image)\n * - FROM myregistry.com/myimage:latest -> true (private registry)\n * - FROM registry:5000/test/image -> true (private registry)\n */\nexport function checkDockerfileHasRegistryPrefix(dockerfileContent: string): boolean {\n const lines = dockerfileContent.split('\\n')\n\n // Regex to match FROM statements\n const fromRegex = /^\\s*FROM\\s+(?:--[a-z-]+=[^\\s]+\\s+)*([^\\s]+)(?:\\s+AS\\s+[^\\s]+)?/i\n\n for (const line of lines) {\n // Remove inline comments (everything after #)\n const lineWithoutComment = line.split('#')[0]\n const trimmedLine = lineWithoutComment.trim()\n\n // Skip empty lines and comment-only lines\n if (!trimmedLine) {\n continue\n }\n\n const match = fromRegex.exec(trimmedLine)\n if (match && match[1]) {\n const imageName = match[1].trim()\n\n // Check if image has a path component (contains '/')\n // This covers both private registries and private Docker Hub images (namespace/image)\n if (imageName.includes('/')) {\n return true\n }\n }\n }\n\n return false\n}\n" }, { "path": "apps/api/src/common/utils/email.util.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport class EmailUtils {\n static normalize(email: string): string {\n return email.toLowerCase().trim()\n }\n\n static areEqual(email1: string, email2: string): boolean {\n return this.normalize(email1) === this.normalize(email2)\n }\n}\n" }, { "path": "apps/api/src/common/utils/from-axios-error.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport function fromAxiosError(error: any): Error {\n return new Error(error.response?.data?.message || error.response?.data || error.message || error)\n}\n" }, { "path": "apps/api/src/common/utils/naming-strategy.util.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { DefaultNamingStrategy, NamingStrategyInterface, Table } from 'typeorm'\n\nexport class CustomNamingStrategy extends DefaultNamingStrategy implements NamingStrategyInterface {\n primaryKeyName(tableOrName: Table | string, columnNames: string[]) {\n const table = tableOrName instanceof Table ? tableOrName.name : tableOrName\n const columnsSnakeCase = columnNames.join('_')\n return `${table}_${columnsSnakeCase}_pk`\n }\n\n foreignKeyName(tableOrName: Table | string, columnNames: string[]): string {\n const table = tableOrName instanceof Table ? tableOrName.name : tableOrName\n const columnsSnakeCase = columnNames.join('_')\n return `${table}_${columnsSnakeCase}_fk`\n }\n\n uniqueConstraintName(tableOrName: Table | string, columnNames: string[]): string {\n const table = tableOrName instanceof Table ? tableOrName.name : tableOrName\n const columnsSnakeCase = columnNames.join('_')\n return `${table}_${columnsSnakeCase}_unique`\n }\n\n indexName(tableOrName: Table | string, columnNames: string[]): string {\n const table = tableOrName instanceof Table ? tableOrName.name : tableOrName\n const columnsSnakeCase = columnNames.join('_')\n return `${table}_${columnsSnakeCase}_index`\n }\n}\n" }, { "path": "apps/api/src/common/utils/pino.util.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport pino, { TransportSingleOptions } from 'pino'\nimport { TypedConfigService } from '../../config/typed-config.service'\n\n/*\n * This is a workaround to swap the message and object in the arguments array.\n * It is needed because the logger in nestjs-pino is not compatible with nestjs console logger.\n * ref: https://github.com/iamolegga/nestjs-pino/issues/2004\n *\n */\nexport function swapMessageAndObject(\n this: pino.Logger,\n args: Parameters,\n method: pino.LogFn,\n level: number,\n): void {\n // Type guard helper\n const isPlainObject = (val: unknown): val is Record => {\n return typeof val === 'object' && val !== null && !Array.isArray(val)\n }\n\n // NestJS Logger adds context as first arg, so check args[1] and args[2]\n if (args.length >= 3 && isPlainObject(args[0])) {\n const contextObj = args[0]\n const firstArg: unknown = args[1]\n const secondArg: unknown = args[2]\n\n // Case 1: message + Error\n if (typeof firstArg === 'string' && secondArg instanceof Error) {\n method.apply(this, [{ ...contextObj, err: secondArg }, firstArg, ...args.slice(3)])\n return\n }\n\n // Case 2: message + additional context object\n if (typeof firstArg === 'string' && isPlainObject(secondArg)) {\n method.apply(this, [{ ...contextObj, ...secondArg }, firstArg, ...args.slice(3)])\n return\n }\n\n // Case 3: message + stack trace string\n if (\n typeof firstArg === 'string' &&\n typeof secondArg === 'string' &&\n secondArg.includes('\\n') &&\n secondArg.includes('at ')\n ) {\n method.apply(this, [{ ...contextObj, stack: secondArg }, firstArg, ...args.slice(3)])\n return\n }\n }\n\n // Handle case without context (direct Pino usage)\n if (args.length >= 2) {\n const firstArg: unknown = args[0]\n const secondArg: unknown = args[1]\n\n // Case 1: message + Error\n if (typeof firstArg === 'string' && secondArg instanceof Error) {\n method.apply(this, [{ err: secondArg }, firstArg, ...args.slice(2)])\n return\n }\n\n // Case 2: message + additional context object\n if (typeof firstArg === 'string' && isPlainObject(secondArg)) {\n method.apply(this, [secondArg, firstArg, ...args.slice(2)])\n return\n }\n\n // Case 3: message + stack trace string\n if (\n typeof firstArg === 'string' &&\n typeof secondArg === 'string' &&\n secondArg.includes('\\n') &&\n secondArg.includes('at ')\n ) {\n method.apply(this, [{ stack: secondArg }, firstArg, ...args.slice(2)])\n return\n }\n }\n\n // Default behavior for other cases\n method.apply(this, args)\n}\n\ntype LogConfig = ReturnType>\n\n/*\n * Get the pino transport based on the configuration\n * @param isProduction - whether the application is in production mode\n * @param logConfig - the log configuration\n * @returns the pino transport\n */\nexport function getPinoTransport(\n isProduction: boolean,\n logConfig: LogConfig,\n): TransportSingleOptions> {\n switch (true) {\n // if console disabled, set destination to /dev/null\n case logConfig.console.disabled:\n return {\n target: 'pino/file',\n options: {\n destination: '/dev/null',\n },\n }\n // if production mode, no transport => raw NDJSON\n case isProduction:\n return undefined\n // if non-production use pino-pretty\n default:\n return {\n target: 'pino-pretty',\n options: {\n colorize: true,\n singleLine: true,\n ignore: 'pid,hostname',\n },\n }\n }\n}\n" }, { "path": "apps/api/src/common/utils/range-filter.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MoreThanOrEqual, LessThanOrEqual, Between } from 'typeorm'\n\n/**\n * Creates a TypeORM range filter from min/max values\n * @param minValue - Minimum value (inclusive)\n * @param maxValue - Maximum value (inclusive)\n * @returns TypeORM comparison operator (Between, MoreThanOrEqual, LessThanOrEqual, or undefined)\n */\nexport function createRangeFilter(minValue?: T, maxValue?: T) {\n if (minValue !== undefined && maxValue !== undefined) {\n return Between(minValue, maxValue)\n } else if (minValue !== undefined) {\n return MoreThanOrEqual(minValue)\n } else if (maxValue !== undefined) {\n return LessThanOrEqual(maxValue)\n }\n return undefined\n}\n" }, { "path": "apps/api/src/common/utils/rate-limit-headers.util.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Response } from 'express'\n\n/**\n * Utility functions for setting rate limit headers consistently across middleware and services\n */\n\nexport interface RateLimitHeadersOptions {\n throttlerName: string\n limit: number\n remaining: number\n resetSeconds: number\n retryAfterSeconds?: number\n}\n\n/**\n * Sets standard rate limit headers on a response\n * Follows the pattern: X-RateLimit-{Limit|Remaining|Reset}-{throttlerName}\n */\nexport function setRateLimitHeaders(response: Response, options: RateLimitHeadersOptions): void {\n const { throttlerName, limit, remaining, resetSeconds, retryAfterSeconds } = options\n\n response.setHeader(`X-RateLimit-Limit-${throttlerName}`, limit.toString())\n response.setHeader(`X-RateLimit-Remaining-${throttlerName}`, remaining.toString())\n response.setHeader(`X-RateLimit-Reset-${throttlerName}`, resetSeconds.toString())\n\n if (retryAfterSeconds !== undefined) {\n response.setHeader('Retry-After', retryAfterSeconds.toString())\n }\n}\n" }, { "path": "apps/api/src/common/utils/uuid.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport function isValidUuid(value: string): boolean {\n return /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(value)\n}\n" }, { "path": "apps/api/src/config/config.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Controller, Get } from '@nestjs/common'\nimport { TypedConfigService } from './typed-config.service'\nimport { ApiOperation, ApiTags, ApiResponse } from '@nestjs/swagger'\nimport { ConfigurationDto } from './dto/configuration.dto'\n\n@ApiTags('config')\n@Controller('config')\nexport class ConfigController {\n constructor(private readonly configService: TypedConfigService) {}\n\n @Get()\n @ApiOperation({ summary: 'Get config' })\n @ApiResponse({\n status: 200,\n description: 'Daytona configuration',\n type: ConfigurationDto,\n })\n getConfig() {\n return new ConfigurationDto(this.configService)\n }\n}\n" }, { "path": "apps/api/src/config/configuration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nconst configuration = {\n production: process.env.NODE_ENV === 'production',\n version: process.env.VERSION || '0.0.0-dev',\n environment: process.env.ENVIRONMENT,\n runMigrations: process.env.RUN_MIGRATIONS === 'true',\n port: parseInt(process.env.PORT, 10),\n appUrl: process.env.APP_URL,\n database: {\n host: process.env.DB_HOST,\n port: parseInt(process.env.DB_PORT || '5432', 10),\n username: process.env.DB_USERNAME,\n password: process.env.DB_PASSWORD,\n database: process.env.DB_DATABASE,\n tls: {\n enabled: process.env.DB_TLS_ENABLED === 'true',\n rejectUnauthorized: process.env.DB_TLS_REJECT_UNAUTHORIZED !== 'false',\n },\n pool: {\n max: process.env.DB_POOL_MAX && parseInt(process.env.DB_POOL_MAX, 10),\n min: process.env.DB_POOL_MIN && parseInt(process.env.DB_POOL_MIN, 10),\n idleTimeoutMillis: process.env.DB_POOL_IDLE_TIMEOUT_MS && parseInt(process.env.DB_POOL_IDLE_TIMEOUT_MS, 10),\n connectionTimeoutMillis:\n process.env.DB_POOL_CONNECTION_TIMEOUT_MS && parseInt(process.env.DB_POOL_CONNECTION_TIMEOUT_MS, 10),\n },\n },\n redis: {\n host: process.env.REDIS_HOST,\n port: parseInt(process.env.REDIS_PORT || '6379', 10),\n username: process.env.REDIS_USERNAME,\n password: process.env.REDIS_PASSWORD,\n tls: process.env.REDIS_TLS === 'true' ? {} : undefined,\n },\n posthog: {\n apiKey: process.env.POSTHOG_API_KEY,\n host: process.env.POSTHOG_HOST,\n environment: process.env.POSTHOG_ENVIRONMENT,\n },\n oidc: {\n clientId: process.env.OIDC_CLIENT_ID || process.env.OID_CLIENT_ID,\n issuer: process.env.OIDC_ISSUER_BASE_URL || process.env.OID_ISSUER_BASE_URL,\n publicIssuer: process.env.PUBLIC_OIDC_DOMAIN,\n audience: process.env.OIDC_AUDIENCE || process.env.OID_AUDIENCE,\n managementApi: {\n enabled: process.env.OIDC_MANAGEMENT_API_ENABLED === 'true',\n clientId: process.env.OIDC_MANAGEMENT_API_CLIENT_ID,\n clientSecret: process.env.OIDC_MANAGEMENT_API_CLIENT_SECRET,\n audience: process.env.OIDC_MANAGEMENT_API_AUDIENCE,\n },\n },\n smtp: {\n host: process.env.SMTP_HOST,\n port: parseInt(process.env.SMTP_PORT || '587', 10),\n user: process.env.SMTP_USER,\n password: process.env.SMTP_PASSWORD,\n secure: process.env.SMTP_SECURE === 'true',\n from: process.env.SMTP_EMAIL_FROM || 'noreply@mail.daytona.io',\n },\n defaultSnapshot: process.env.DEFAULT_SNAPSHOT,\n dashboardUrl: process.env.DASHBOARD_URL,\n // Default to empty string - dashboard will then hit '/api'\n dashboardBaseApiUrl: process.env.DASHBOARD_BASE_API_URL || '',\n transientRegistry: {\n url: process.env.TRANSIENT_REGISTRY_URL,\n admin: process.env.TRANSIENT_REGISTRY_ADMIN,\n password: process.env.TRANSIENT_REGISTRY_PASSWORD,\n projectId: process.env.TRANSIENT_REGISTRY_PROJECT_ID,\n },\n internalRegistry: {\n url: process.env.INTERNAL_REGISTRY_URL,\n admin: process.env.INTERNAL_REGISTRY_ADMIN,\n password: process.env.INTERNAL_REGISTRY_PASSWORD,\n projectId: process.env.INTERNAL_REGISTRY_PROJECT_ID,\n },\n s3: {\n endpoint: process.env.S3_ENDPOINT,\n stsEndpoint: process.env.S3_STS_ENDPOINT,\n region: process.env.S3_REGION,\n accessKey: process.env.S3_ACCESS_KEY,\n secretKey: process.env.S3_SECRET_KEY,\n defaultBucket: process.env.S3_DEFAULT_BUCKET,\n accountId: process.env.S3_ACCOUNT_ID,\n roleName: process.env.S3_ROLE_NAME,\n },\n notificationGatewayDisabled: process.env.NOTIFICATION_GATEWAY_DISABLED === 'true',\n skipConnections: process.env.SKIP_CONNECTIONS === 'true',\n maxAutoArchiveInterval: parseInt(process.env.MAX_AUTO_ARCHIVE_INTERVAL || '43200', 10),\n maintananceMode: process.env.MAINTENANCE_MODE === 'true',\n disableCronJobs: process.env.DISABLE_CRON_JOBS === 'true',\n appRole: process.env.APP_ROLE || 'all',\n proxy: {\n domain: process.env.PROXY_DOMAIN,\n protocol: process.env.PROXY_PROTOCOL,\n apiKey: process.env.PROXY_API_KEY,\n templateUrl: process.env.PROXY_TEMPLATE_URL,\n toolboxUrl:\n (process.env.PROXY_TOOLBOX_BASE_URL || `${process.env.PROXY_PROTOCOL}://${process.env.PROXY_DOMAIN}`) +\n '/toolbox',\n },\n audit: {\n toolboxRequestsEnabled: process.env.AUDIT_TOOLBOX_REQUESTS_ENABLED === 'true',\n retentionDays: process.env.AUDIT_LOG_RETENTION_DAYS\n ? parseInt(process.env.AUDIT_LOG_RETENTION_DAYS, 10)\n : undefined,\n consoleLogEnabled: process.env.AUDIT_CONSOLE_LOG_ENABLED === 'true',\n publish: {\n enabled: process.env.AUDIT_PUBLISH_ENABLED === 'true',\n batchSize: process.env.AUDIT_PUBLISH_BATCH_SIZE ? parseInt(process.env.AUDIT_PUBLISH_BATCH_SIZE, 10) : 1000,\n mode: (process.env.AUDIT_PUBLISH_MODE || 'direct') as 'direct' | 'kafka',\n storageAdapter: process.env.AUDIT_PUBLISH_STORAGE_ADAPTER || 'opensearch',\n opensearchIndexName: process.env.AUDIT_PUBLISH_OPENSEARCH_INDEX_NAME || 'audit-logs',\n },\n },\n kafka: {\n enabled: process.env.KAFKA_ENABLED === 'true',\n brokers: process.env.KAFKA_BROKERS || 'localhost:9092',\n clientId: process.env.KAFKA_CLIENT_ID,\n sasl: {\n mechanism: process.env.KAFKA_SASL_MECHANISM,\n username: process.env.KAFKA_SASL_USERNAME,\n password: process.env.KAFKA_SASL_PASSWORD,\n },\n tls: {\n enabled: process.env.KAFKA_TLS_ENABLED === 'true',\n rejectUnauthorized: process.env.KAFKA_TLS_REJECT_UNAUTHORIZED !== 'false',\n },\n },\n opensearch: {\n nodes: process.env.OPENSEARCH_NODES || 'https://localhost:9200',\n username: process.env.OPENSEARCH_USERNAME,\n password: process.env.OPENSEARCH_PASSWORD,\n aws: {\n roleArn: process.env.OPENSEARCH_AWS_ROLE_ARN,\n region: process.env.OPENSEARCH_AWS_REGION,\n },\n tls: {\n rejectUnauthorized: process.env.OPENSEARCH_TLS_REJECT_UNAUTHORIZED !== 'false',\n },\n },\n cronTimeZone: process.env.CRON_TIMEZONE,\n maxConcurrentBackupsPerRunner: parseInt(process.env.MAX_CONCURRENT_BACKUPS_PER_RUNNER || '6', 10),\n webhook: {\n authToken: process.env.SVIX_AUTH_TOKEN,\n serverUrl: process.env.SVIX_SERVER_URL,\n },\n healthCheck: {\n apiKey: process.env.HEALTH_CHECK_API_KEY,\n },\n sshGateway: {\n apiKey: process.env.SSH_GATEWAY_API_KEY,\n command: process.env.SSH_GATEWAY_COMMAND,\n publicKey: process.env.SSH_GATEWAY_PUBLIC_KEY,\n url: process.env.SSH_GATEWAY_URL,\n },\n organizationSandboxDefaultLimitedNetworkEgress:\n process.env.ORGANIZATION_SANDBOX_DEFAULT_LIMITED_NETWORK_EGRESS === 'true',\n pylonAppId: process.env.PYLON_APP_ID,\n billingApiUrl: process.env.BILLING_API_URL,\n analyticsApiUrl: process.env.ANALYTICS_API_URL,\n defaultRunner: {\n domain: process.env.DEFAULT_RUNNER_DOMAIN,\n apiKey: process.env.DEFAULT_RUNNER_API_KEY,\n proxyUrl: process.env.DEFAULT_RUNNER_PROXY_URL,\n apiUrl: process.env.DEFAULT_RUNNER_API_URL,\n cpu: parseInt(process.env.DEFAULT_RUNNER_CPU || '4', 10),\n memory: parseInt(process.env.DEFAULT_RUNNER_MEMORY || '8', 10),\n disk: parseInt(process.env.DEFAULT_RUNNER_DISK || '50', 10),\n apiVersion: (process.env.DEFAULT_RUNNER_API_VERSION || '2') as '0' | '2',\n name: process.env.DEFAULT_RUNNER_NAME,\n },\n runnerScore: {\n thresholds: {\n declarativeBuild: parseInt(process.env.RUNNER_DECLARATIVE_BUILD_SCORE_THRESHOLD || '10', 10),\n availability: parseInt(process.env.RUNNER_AVAILABILITY_SCORE_THRESHOLD || '10', 10),\n start: parseInt(process.env.RUNNER_START_SCORE_THRESHOLD || '3', 10),\n },\n weights: {\n cpuUsage: parseFloat(process.env.RUNNER_CPU_USAGE_WEIGHT || '0.25'),\n memoryUsage: parseFloat(process.env.RUNNER_MEMORY_USAGE_WEIGHT || '0.4'),\n diskUsage: parseFloat(process.env.RUNNER_DISK_USAGE_WEIGHT || '0.4'),\n allocatedCpu: parseFloat(process.env.RUNNER_ALLOCATED_CPU_WEIGHT || '0.03'),\n allocatedMemory: parseFloat(process.env.RUNNER_ALLOCATED_MEMORY_WEIGHT || '0.03'),\n allocatedDisk: parseFloat(process.env.RUNNER_ALLOCATED_DISK_WEIGHT || '0.03'),\n startedSandboxes: parseFloat(process.env.RUNNER_STARTED_SANDBOXES_WEIGHT || '0.1'),\n },\n penalty: {\n exponents: {\n cpuLoadAvg: parseFloat(process.env.RUNNER_CPU_LOAD_AVG_PENALTY_EXPONENT || '0.1'),\n cpu: parseFloat(process.env.RUNNER_CPU_PENALTY_EXPONENT || '0.15'),\n memory: parseFloat(process.env.RUNNER_MEMORY_PENALTY_EXPONENT || '0.15'),\n disk: parseFloat(process.env.RUNNER_DISK_PENALTY_EXPONENT || '0.15'),\n },\n thresholds: {\n // cpuLoadAvg is a normalized per-CPU load average (e.g. load_avg / num_cpus), not a percentage like the cpu/memory/disk thresholds below.\n cpuLoadAvg: parseFloat(process.env.RUNNER_CPU_LOAD_AVG_PENALTY_THRESHOLD || '0.7'),\n cpu: parseInt(process.env.RUNNER_CPU_PENALTY_THRESHOLD || '90', 10),\n memory: parseInt(process.env.RUNNER_MEMORY_PENALTY_THRESHOLD || '75', 10),\n disk: parseInt(process.env.RUNNER_DISK_PENALTY_THRESHOLD || '75', 10),\n },\n },\n targetValues: {\n optimal: {\n cpu: parseInt(process.env.RUNNER_OPTIMAL_CPU || '0', 10),\n memory: parseInt(process.env.RUNNER_OPTIMAL_MEMORY || '0', 10),\n disk: parseInt(process.env.RUNNER_OPTIMAL_DISK || '0', 10),\n allocCpu: parseInt(process.env.RUNNER_OPTIMAL_ALLOC_CPU || '100', 10),\n allocMem: parseInt(process.env.RUNNER_OPTIMAL_ALLOC_MEM || '100', 10),\n allocDisk: parseInt(process.env.RUNNER_OPTIMAL_ALLOC_DISK || '100', 10),\n startedSandboxes: parseInt(process.env.RUNNER_OPTIMAL_STARTED_SANDBOXES || '0', 10),\n },\n critical: {\n cpu: parseInt(process.env.RUNNER_CRITICAL_CPU || '100', 10),\n memory: parseInt(process.env.RUNNER_CRITICAL_MEMORY || '100', 10),\n disk: parseInt(process.env.RUNNER_CRITICAL_DISK || '100', 10),\n allocCpu: parseInt(process.env.RUNNER_CRITICAL_ALLOC_CPU || '500', 10),\n allocMem: parseInt(process.env.RUNNER_CRITICAL_ALLOC_MEM || '500', 10),\n allocDisk: parseInt(process.env.RUNNER_CRITICAL_ALLOC_DISK || '500', 10),\n startedSandboxes: parseInt(process.env.RUNNER_CRITICAL_STARTED_SANDBOXES || '100', 10),\n },\n },\n },\n rateLimit: {\n anonymous: {\n ttl: process.env.RATE_LIMIT_ANONYMOUS_TTL ? parseInt(process.env.RATE_LIMIT_ANONYMOUS_TTL, 10) : undefined,\n limit: process.env.RATE_LIMIT_ANONYMOUS_LIMIT ? parseInt(process.env.RATE_LIMIT_ANONYMOUS_LIMIT, 10) : undefined,\n },\n failedAuth: {\n ttl: process.env.RATE_LIMIT_FAILED_AUTH_TTL ? parseInt(process.env.RATE_LIMIT_FAILED_AUTH_TTL, 10) : undefined,\n limit: process.env.RATE_LIMIT_FAILED_AUTH_LIMIT\n ? parseInt(process.env.RATE_LIMIT_FAILED_AUTH_LIMIT, 10)\n : undefined,\n },\n authenticated: {\n ttl: process.env.RATE_LIMIT_AUTHENTICATED_TTL\n ? parseInt(process.env.RATE_LIMIT_AUTHENTICATED_TTL, 10)\n : undefined,\n limit: process.env.RATE_LIMIT_AUTHENTICATED_LIMIT\n ? parseInt(process.env.RATE_LIMIT_AUTHENTICATED_LIMIT, 10)\n : undefined,\n },\n sandboxCreate: {\n ttl: process.env.RATE_LIMIT_SANDBOX_CREATE_TTL\n ? parseInt(process.env.RATE_LIMIT_SANDBOX_CREATE_TTL, 10)\n : undefined,\n limit: process.env.RATE_LIMIT_SANDBOX_CREATE_LIMIT\n ? parseInt(process.env.RATE_LIMIT_SANDBOX_CREATE_LIMIT, 10)\n : undefined,\n },\n sandboxLifecycle: {\n ttl: process.env.RATE_LIMIT_SANDBOX_LIFECYCLE_TTL\n ? parseInt(process.env.RATE_LIMIT_SANDBOX_LIFECYCLE_TTL, 10)\n : undefined,\n limit: process.env.RATE_LIMIT_SANDBOX_LIFECYCLE_LIMIT\n ? parseInt(process.env.RATE_LIMIT_SANDBOX_LIFECYCLE_LIMIT, 10)\n : undefined,\n },\n },\n log: {\n console: {\n disabled: process.env.LOG_CONSOLE_DISABLED === 'true',\n },\n level: process.env.LOG_LEVEL || 'info',\n requests: {\n enabled: process.env.LOG_REQUESTS_ENABLED === 'true',\n },\n },\n defaultOrganizationQuota: {\n totalCpuQuota: parseInt(process.env.DEFAULT_ORG_QUOTA_TOTAL_CPU_QUOTA || '10', 10),\n totalMemoryQuota: parseInt(process.env.DEFAULT_ORG_QUOTA_TOTAL_MEMORY_QUOTA || '10', 10),\n totalDiskQuota: parseInt(process.env.DEFAULT_ORG_QUOTA_TOTAL_DISK_QUOTA || '30', 10),\n maxCpuPerSandbox: parseInt(process.env.DEFAULT_ORG_QUOTA_MAX_CPU_PER_SANDBOX || '4', 10),\n maxMemoryPerSandbox: parseInt(process.env.DEFAULT_ORG_QUOTA_MAX_MEMORY_PER_SANDBOX || '8', 10),\n maxDiskPerSandbox: parseInt(process.env.DEFAULT_ORG_QUOTA_MAX_DISK_PER_SANDBOX || '10', 10),\n snapshotQuota: parseInt(process.env.DEFAULT_ORG_QUOTA_SNAPSHOT_QUOTA || '100', 10),\n maxSnapshotSize: parseInt(process.env.DEFAULT_ORG_QUOTA_MAX_SNAPSHOT_SIZE || '20', 10),\n volumeQuota: parseInt(process.env.DEFAULT_ORG_QUOTA_VOLUME_QUOTA || '100', 10),\n },\n defaultRegion: {\n id: process.env.DEFAULT_REGION_ID || 'us',\n name: process.env.DEFAULT_REGION_NAME || 'us',\n enforceQuotas: process.env.DEFAULT_REGION_ENFORCE_QUOTAS === 'true',\n },\n admin: {\n apiKey: process.env.ADMIN_API_KEY,\n totalCpuQuota: parseInt(process.env.ADMIN_TOTAL_CPU_QUOTA || '0', 10),\n totalMemoryQuota: parseInt(process.env.ADMIN_TOTAL_MEMORY_QUOTA || '0', 10),\n totalDiskQuota: parseInt(process.env.ADMIN_TOTAL_DISK_QUOTA || '0', 10),\n maxCpuPerSandbox: parseInt(process.env.ADMIN_MAX_CPU_PER_SANDBOX || '0', 10),\n maxMemoryPerSandbox: parseInt(process.env.ADMIN_MAX_MEMORY_PER_SANDBOX || '0', 10),\n maxDiskPerSandbox: parseInt(process.env.ADMIN_MAX_DISK_PER_SANDBOX || '0', 10),\n snapshotQuota: parseInt(process.env.ADMIN_SNAPSHOT_QUOTA || '100', 10),\n maxSnapshotSize: parseInt(process.env.ADMIN_MAX_SNAPSHOT_SIZE || '100', 10),\n volumeQuota: parseInt(process.env.ADMIN_VOLUME_QUOTA || '0', 10),\n },\n skipUserEmailVerification: process.env.SKIP_USER_EMAIL_VERIFICATION === 'true',\n apiKey: {\n validationCacheTtlSeconds: parseInt(process.env.API_KEY_VALIDATION_CACHE_TTL_SECONDS || '10', 10),\n userCacheTtlSeconds: parseInt(process.env.API_KEY_USER_CACHE_TTL_SECONDS || '60', 10),\n },\n runnerHealthTimeout: parseInt(process.env.RUNNER_HEALTH_TIMEOUT_SECONDS || '3', 10),\n warmPool: {\n candidateLimit: parseInt(process.env.WARM_POOL_CANDIDATE_LIMIT || '300', 10),\n },\n sandboxOtel: {\n endpointUrl: process.env.SANDBOX_OTEL_ENDPOINT_URL,\n },\n otelCollector: {\n apiKey: process.env.OTEL_COLLECTOR_API_KEY,\n },\n clickhouse: {\n host: process.env.CLICKHOUSE_HOST,\n port: parseInt(process.env.CLICKHOUSE_PORT || '8123', 10),\n database: process.env.CLICKHOUSE_DATABASE || 'otel',\n username: process.env.CLICKHOUSE_USERNAME || 'default',\n password: process.env.CLICKHOUSE_PASSWORD,\n protocol: process.env.CLICKHOUSE_PROTOCOL || 'https',\n },\n encryption: {\n key: process.env.ENCRYPTION_KEY,\n salt: process.env.ENCRYPTION_SALT,\n },\n}\n\nexport { configuration }\n" }, { "path": "apps/api/src/config/dto/configuration.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiExtraModels, ApiProperty, ApiPropertyOptional, ApiSchema, getSchemaPath } from '@nestjs/swagger'\nimport { IsBoolean, IsNumber, IsOptional, IsString } from 'class-validator'\nimport { TypedConfigService } from '../typed-config.service'\n\n@ApiSchema({ name: 'Announcement' })\nexport class Announcement {\n @ApiProperty({\n description: 'The announcement text',\n example: 'New feature available!',\n })\n @IsString()\n text: string\n\n @ApiPropertyOptional({\n description: 'URL to learn more about the announcement',\n example: 'https://example.com/learn-more',\n })\n @IsString()\n @IsOptional()\n learnMoreUrl?: string\n}\n\n@ApiSchema({ name: 'PosthogConfig' })\nexport class PosthogConfig {\n @ApiProperty({\n description: 'PostHog API key',\n example: 'phc_abc123',\n })\n @IsString()\n apiKey: string\n\n @ApiProperty({\n description: 'PostHog host URL',\n example: 'https://app.posthog.com',\n })\n @IsString()\n host: string\n}\n\n@ApiSchema({ name: 'RateLimitEntry' })\nexport class RateLimitEntry {\n @ApiPropertyOptional({\n description: 'Rate limit TTL in seconds',\n example: 60,\n })\n @IsNumber()\n @IsOptional()\n ttl?: number\n\n @ApiPropertyOptional({\n description: 'Rate limit max requests',\n example: 100,\n })\n @IsNumber()\n @IsOptional()\n limit?: number\n}\n\n@ApiSchema({ name: 'RateLimitConfig' })\nexport class RateLimitConfig {\n @ApiPropertyOptional({\n description: 'Failed authentication rate limit',\n type: RateLimitEntry,\n })\n @IsOptional()\n failedAuth?: RateLimitEntry\n\n @ApiPropertyOptional({\n description: 'Authenticated rate limit',\n type: RateLimitEntry,\n })\n @IsOptional()\n authenticated?: RateLimitEntry\n\n @ApiPropertyOptional({\n description: 'Sandbox create rate limit',\n type: RateLimitEntry,\n })\n @IsOptional()\n sandboxCreate?: RateLimitEntry\n\n @ApiPropertyOptional({\n description: 'Sandbox lifecycle rate limit',\n type: RateLimitEntry,\n })\n @IsOptional()\n sandboxLifecycle?: RateLimitEntry\n}\n\n@ApiSchema({ name: 'OidcConfig' })\nexport class OidcConfig {\n @ApiProperty({\n description: 'OIDC issuer',\n example: 'https://auth.example.com',\n })\n @IsString()\n issuer: string\n\n @ApiProperty({\n description: 'OIDC client ID',\n example: 'daytona-client',\n })\n @IsString()\n clientId: string\n\n @ApiProperty({\n description: 'OIDC audience',\n example: 'daytona-api',\n })\n @IsString()\n audience: string\n}\n\n@ApiExtraModels(Announcement)\n@ApiSchema({ name: 'DaytonaConfiguration' })\nexport class ConfigurationDto {\n @ApiProperty({\n description: 'Daytona version',\n example: '0.0.1',\n })\n @IsString()\n version: string\n\n @ApiPropertyOptional({\n description: 'PostHog configuration',\n type: PosthogConfig,\n })\n posthog?: PosthogConfig\n\n @ApiProperty({\n description: 'OIDC configuration',\n type: OidcConfig,\n })\n oidc: OidcConfig\n\n @ApiProperty({\n description: 'Whether linked accounts are enabled',\n example: true,\n })\n @IsBoolean()\n linkedAccountsEnabled: boolean\n\n @ApiProperty({\n description: 'System announcements',\n type: 'object',\n additionalProperties: { $ref: getSchemaPath(Announcement) },\n example: { 'feature-update': { text: 'New feature available!', learnMoreUrl: 'https://example.com' } },\n })\n announcements: Record\n\n @ApiPropertyOptional({\n description: 'Pylon application ID',\n example: 'pylon-app-123',\n })\n @IsString()\n @IsOptional()\n pylonAppId?: string\n\n @ApiProperty({\n description: 'Proxy template URL',\n example: 'https://{{PORT}}-{{sandboxId}}.proxy.example.com',\n })\n @IsString()\n proxyTemplateUrl: string\n\n @ApiProperty({\n description: 'Toolbox template URL',\n example: 'https://proxy.example.com/toolbox',\n })\n @IsString()\n proxyToolboxUrl: string\n\n @ApiProperty({\n description: 'Default snapshot for sandboxes',\n example: 'ubuntu:22.04',\n })\n @IsString()\n defaultSnapshot: string\n\n @ApiProperty({\n description: 'Dashboard URL',\n example: 'https://dashboard.example.com',\n })\n @IsString()\n dashboardUrl: string\n\n @ApiProperty({\n description: 'Maximum auto-archive interval in minutes',\n example: 43200,\n })\n @IsNumber()\n maxAutoArchiveInterval: number\n\n @ApiProperty({\n description: 'Whether maintenance mode is enabled',\n example: false,\n })\n @IsBoolean()\n maintananceMode: boolean\n\n @ApiProperty({\n description: 'Current environment',\n example: 'production',\n })\n @IsString()\n environment: string\n\n @ApiPropertyOptional({\n description: 'Billing API URL',\n example: 'https://billing.example.com',\n })\n @IsString()\n @IsOptional()\n billingApiUrl?: string\n\n @ApiPropertyOptional({\n description: 'Analytics API URL',\n example: 'https://analytics.example.com',\n })\n @IsString()\n @IsOptional()\n analyticsApiUrl?: string\n\n @ApiPropertyOptional({\n description: 'SSH Gateway command',\n example: 'ssh -p 2222 {{TOKEN}}@localhost',\n })\n @IsOptional()\n @IsString()\n sshGatewayCommand?: string\n\n @ApiPropertyOptional({\n description: 'Base64 encoded SSH Gateway public key',\n example: 'ssh-gateway-public-key',\n })\n @IsOptional()\n @IsString()\n sshGatewayPublicKey?: string\n\n @ApiPropertyOptional({\n description: 'Rate limit configuration',\n type: RateLimitConfig,\n })\n @IsOptional()\n rateLimit?: RateLimitConfig\n\n constructor(configService: TypedConfigService) {\n this.version = configService.getOrThrow('version')\n\n this.oidc = {\n issuer: configService.get('oidc.publicIssuer') || configService.getOrThrow('oidc.issuer'),\n clientId: configService.getOrThrow('oidc.clientId'),\n audience: configService.getOrThrow('oidc.audience'),\n }\n this.linkedAccountsEnabled = configService.get('oidc.managementApi.enabled')\n this.proxyTemplateUrl = configService.getOrThrow('proxy.templateUrl')\n this.proxyToolboxUrl = configService.getOrThrow('proxy.toolboxUrl')\n this.defaultSnapshot = configService.getOrThrow('defaultSnapshot')\n this.dashboardUrl = configService.getOrThrow('dashboardUrl')\n this.maxAutoArchiveInterval = configService.getOrThrow('maxAutoArchiveInterval')\n this.maintananceMode = configService.getOrThrow('maintananceMode')\n this.environment = configService.getOrThrow('environment')\n\n this.sshGatewayCommand = configService.get('sshGateway.command')\n this.sshGatewayPublicKey = configService.get('sshGateway.publicKey')\n\n if (configService.get('billingApiUrl')) {\n this.billingApiUrl = configService.get('billingApiUrl')\n }\n\n if (configService.get('analyticsApiUrl')) {\n this.analyticsApiUrl = configService.get('analyticsApiUrl')\n }\n\n if (configService.get('posthog.apiKey')) {\n this.posthog = {\n apiKey: configService.get('posthog.apiKey'),\n host: configService.get('posthog.host'),\n }\n }\n if (configService.get('pylonAppId')) {\n this.pylonAppId = configService.get('pylonAppId')\n }\n // TODO: announcements\n this.announcements = {}\n\n this.rateLimit = {\n authenticated: {\n ttl: configService.get('rateLimit.authenticated.ttl'),\n limit: configService.get('rateLimit.authenticated.limit'),\n },\n sandboxCreate: {\n ttl: configService.get('rateLimit.sandboxCreate.ttl'),\n limit: configService.get('rateLimit.sandboxCreate.limit'),\n },\n sandboxLifecycle: {\n ttl: configService.get('rateLimit.sandboxLifecycle.ttl'),\n limit: configService.get('rateLimit.sandboxLifecycle.limit'),\n },\n }\n }\n}\n" }, { "path": "apps/api/src/config/typed-config.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Global, Module, DynamicModule } from '@nestjs/common'\nimport { ConfigModule as NestConfigModule, ConfigModuleOptions } from '@nestjs/config'\nimport { TypedConfigService } from './typed-config.service'\nimport { configuration } from './configuration'\nimport { ConfigController } from './config.controller'\n\n@Global()\n@Module({\n imports: [\n NestConfigModule.forRoot({\n isGlobal: true,\n load: [() => configuration],\n }),\n ],\n controllers: [ConfigController],\n providers: [TypedConfigService],\n exports: [TypedConfigService],\n})\nexport class TypedConfigModule {\n static forRoot(options: Partial = {}): DynamicModule {\n return {\n module: TypedConfigModule,\n imports: [\n NestConfigModule.forRoot({\n ...options,\n }),\n ],\n providers: [TypedConfigService],\n exports: [TypedConfigService],\n }\n }\n}\n" }, { "path": "apps/api/src/config/typed-config.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ConfigService } from '@nestjs/config'\nimport { Injectable } from '@nestjs/common'\nimport { configuration } from './configuration'\nimport { KafkaConfig, Mechanism, SASLOptions } from 'kafkajs'\nimport { AwsSigv4Signer, AwsSigv4SignerResponse } from '@opensearch-project/opensearch/aws'\nimport { defaultProvider } from '@aws-sdk/credential-provider-node'\nimport { fromTemporaryCredentials } from '@aws-sdk/credential-providers'\nimport { ClientOptions } from '@opensearch-project/opensearch'\nimport { RedisOptions } from 'ioredis'\n\ntype Configuration = typeof configuration\n\n// Helper type to get nested property paths\ntype Paths = T extends object\n ? {\n [K in keyof T]: K extends string ? (T[K] extends object ? `${K}` | `${K}.${Paths}` : `${K}`) : never\n }[keyof T]\n : never\n\n// Helper type to get the type of a property at a given path\ntype PathValue = P extends `${infer K}.${infer Rest}`\n ? K extends keyof T\n ? T[K] extends object\n ? PathValue\n : never\n : never\n : P extends keyof T\n ? T[P]\n : never\n\n@Injectable()\nexport class TypedConfigService {\n constructor(private configService: ConfigService) {}\n\n /**\n * Get a configuration value with type safety\n * @param key The configuration key (can be nested using dot notation)\n * @returns The configuration value with proper typing\n */\n get>(key: K): PathValue {\n return this.configService.get(key)\n }\n\n /**\n * Get a configuration value with type safety, throwing an error if undefined\n * @param key The configuration key (can be nested using dot notation)\n * @returns The configuration value with proper typing\n * @throws Error if the configuration value is undefined\n */\n getOrThrow>(key: K): NonNullable> {\n const value = this.get(key)\n if (value === undefined) {\n throw new Error(`Configuration key \"${key}\" is undefined`)\n }\n return value as NonNullable>\n }\n\n /**\n * Get the Kafka configuration\n * @returns The Kafka configuration\n */\n getKafkaClientConfig(): KafkaConfig {\n const mechanism = this.get('kafka.sasl.mechanism') || 'plain'\n const username = this.get('kafka.sasl.username')\n const password = this.get('kafka.sasl.password')\n\n if (mechanism !== 'plain' && mechanism !== 'scram-sha-256' && mechanism !== 'scram-sha-512') {\n throw new Error(`Invalid Kafka SASL mechanism: ${mechanism}`)\n }\n const sasl: SASLOptions | Mechanism | undefined =\n username && password\n ? ({\n mechanism,\n username,\n password,\n } as SASLOptions)\n : undefined\n\n return {\n brokers: this.get('kafka.brokers')\n .split(',')\n .map((broker) => broker.trim()),\n ssl: this.get('kafka.tls.enabled')\n ? {\n rejectUnauthorized: this.get('kafka.tls.rejectUnauthorized'),\n }\n : undefined,\n sasl,\n }\n }\n\n /**\n * Get the OpenSearch configuration\n * @returns The OpenSearch configuration\n */\n getOpenSearchConfig(): ClientOptions {\n const nodes = this.get('opensearch.nodes')\n .split(',')\n .map((node) => node.trim())\n const username = this.get('opensearch.username')\n const password = this.get('opensearch.password')\n\n // Basic auth\n if (username && password) {\n return {\n nodes,\n auth: {\n username,\n password,\n },\n ssl: {\n rejectUnauthorized: this.get('opensearch.tls.rejectUnauthorized'),\n },\n }\n }\n\n // AWS Sigv4 auth\n try {\n let signer: AwsSigv4SignerResponse\n if (this.get('opensearch.aws.roleArn')) {\n signer = AwsSigv4Signer({\n getCredentials: fromTemporaryCredentials({\n params: {\n RoleArn: this.get('opensearch.aws.roleArn'),\n RoleSessionName: 'daytona-opensearch',\n },\n }),\n service: 'es',\n region: this.get('opensearch.aws.region'),\n })\n } else {\n signer = AwsSigv4Signer({\n getCredentials() {\n const credentialsProvider = defaultProvider()\n return credentialsProvider()\n },\n service: 'es',\n region: this.get('opensearch.aws.region'),\n })\n }\n return {\n nodes,\n ssl: {\n rejectUnauthorized: this.get('opensearch.tls.rejectUnauthorized'),\n },\n ...signer,\n }\n // Try without auth if AWS credentials are not available\n } catch {\n return {\n nodes,\n ssl: {\n rejectUnauthorized: this.get('opensearch.tls.rejectUnauthorized'),\n },\n }\n }\n }\n\n /**\n * Get the Redis configuration\n * @param overrides Optional overrides for the Redis configuration\n * @returns The Redis configuration\n */\n getRedisConfig(overrides?: Partial): RedisOptions {\n return {\n host: this.getOrThrow('redis.host'),\n port: this.getOrThrow('redis.port'),\n username: this.get('redis.username'),\n password: this.get('redis.password'),\n tls: this.get('redis.tls'),\n lazyConnect: this.get('skipConnections'),\n ...overrides,\n }\n }\n\n /**\n * Get the ClickHouse configuration\n * @returns The ClickHouse configuration\n */\n getClickHouseConfig() {\n const host = this.get('clickhouse.host')\n if (!host) {\n return null\n }\n return {\n url: `${this.get('clickhouse.protocol')}://${host}:${this.get('clickhouse.port')}`,\n username: this.get('clickhouse.username'),\n password: this.get('clickhouse.password'),\n database: this.get('clickhouse.database'),\n }\n }\n}\n" }, { "path": "apps/api/src/docker-registry/controllers/docker-registry.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Controller,\n Get,\n Post,\n Body,\n Patch,\n Param,\n Delete,\n UseGuards,\n HttpCode,\n ForbiddenException,\n Query,\n} from '@nestjs/common'\nimport {\n ApiTags,\n ApiOperation,\n ApiResponse,\n ApiOAuth2,\n ApiHeader,\n ApiParam,\n ApiBearerAuth,\n ApiQuery,\n} from '@nestjs/swagger'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { DockerRegistryService } from '../services/docker-registry.service'\nimport { CreateDockerRegistryDto } from '../dto/create-docker-registry.dto'\nimport { UpdateDockerRegistryDto } from '../dto/update-docker-registry.dto'\nimport { DockerRegistryDto } from '../dto/docker-registry.dto'\nimport { RegistryPushAccessDto } from '../../sandbox/dto/registry-push-access-dto'\nimport { DockerRegistryAccessGuard } from '../guards/docker-registry-access.guard'\nimport { DockerRegistry } from '../decorators/docker-registry.decorator'\nimport { DockerRegistry as DockerRegistryEntity } from '../entities/docker-registry.entity'\nimport { CustomHeaders } from '../../common/constants/header.constants'\nimport { AuthContext } from '../../common/decorators/auth-context.decorator'\nimport { OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { RequiredOrganizationResourcePermissions } from '../../organization/decorators/required-organization-resource-permissions.decorator'\nimport { OrganizationResourcePermission } from '../../organization/enums/organization-resource-permission.enum'\nimport { OrganizationResourceActionGuard } from '../../organization/guards/organization-resource-action.guard'\nimport { SystemActionGuard } from '../../auth/system-action.guard'\nimport { RequiredSystemRole } from '../../common/decorators/required-role.decorator'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { Audit, MASKED_AUDIT_VALUE, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { RegistryType } from '../enums/registry-type.enum'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\n\n@ApiTags('docker-registry')\n@Controller('docker-registry')\n@ApiHeader(CustomHeaders.ORGANIZATION_ID)\n@UseGuards(CombinedAuthGuard, SystemActionGuard, OrganizationResourceActionGuard, AuthenticatedRateLimitGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class DockerRegistryController {\n constructor(private readonly dockerRegistryService: DockerRegistryService) {}\n\n @Post()\n @ApiOperation({\n summary: 'Create registry',\n operationId: 'createRegistry',\n })\n @ApiResponse({\n status: 201,\n description: 'The docker registry has been successfully created.',\n type: DockerRegistryDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_REGISTRIES])\n @Audit({\n action: AuditAction.CREATE,\n targetType: AuditTarget.DOCKER_REGISTRY,\n targetIdFromResult: (result: DockerRegistryDto) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n name: req.body?.name,\n username: req.body?.username,\n password: req.body?.password ? MASKED_AUDIT_VALUE : undefined,\n url: req.body?.url,\n project: req.body?.project,\n registryType: req.body?.registryType,\n isDefault: req.body?.isDefault,\n }),\n },\n })\n async create(\n @AuthContext() authContext: OrganizationAuthContext,\n @Body() createDockerRegistryDto: CreateDockerRegistryDto,\n ): Promise {\n if (createDockerRegistryDto.registryType !== RegistryType.ORGANIZATION && authContext.role !== SystemRole.ADMIN) {\n throw new ForbiddenException(\n `Insufficient permissions for creating ${createDockerRegistryDto.registryType} registries`,\n )\n }\n\n if (createDockerRegistryDto.isDefault && authContext.role !== SystemRole.ADMIN) {\n throw new ForbiddenException('Insufficient permissions for setting a default registry')\n }\n\n const dockerRegistry = await this.dockerRegistryService.create(createDockerRegistryDto, authContext.organizationId)\n return DockerRegistryDto.fromDockerRegistry(dockerRegistry)\n }\n\n @Get()\n @ApiOperation({\n summary: 'List registries',\n operationId: 'listRegistries',\n })\n @ApiResponse({\n status: 200,\n description: 'List of all docker registries',\n type: [DockerRegistryDto],\n })\n async findAll(@AuthContext() authContext: OrganizationAuthContext): Promise {\n const dockerRegistries = await this.dockerRegistryService.findAll(\n authContext.organizationId,\n // only include registries manually created by the organization\n RegistryType.ORGANIZATION,\n )\n return dockerRegistries.map(DockerRegistryDto.fromDockerRegistry)\n }\n\n @Get('registry-push-access')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Get temporary registry access for pushing snapshots',\n operationId: 'getTransientPushAccess',\n })\n @ApiQuery({\n name: 'regionId',\n required: false,\n description: 'ID of the region where the snapshot will be available (defaults to organization default region)',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Temporary registry access has been generated',\n type: RegistryPushAccessDto,\n })\n async getTransientPushAccess(\n @AuthContext() authContext: OrganizationAuthContext,\n @Query('regionId') regionId?: string,\n ): Promise {\n return this.dockerRegistryService.getRegistryPushAccess(authContext.organizationId, authContext.userId, regionId)\n }\n\n @Get(':id')\n @ApiOperation({\n summary: 'Get registry',\n operationId: 'getRegistry',\n })\n @ApiParam({\n name: 'id',\n description: 'ID of the docker registry',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'The docker registry',\n type: DockerRegistryDto,\n })\n @UseGuards(DockerRegistryAccessGuard)\n async findOne(@DockerRegistry() registry: DockerRegistryEntity): Promise {\n return DockerRegistryDto.fromDockerRegistry(registry)\n }\n\n @Patch(':id')\n @ApiOperation({\n summary: 'Update registry',\n operationId: 'updateRegistry',\n })\n @ApiParam({\n name: 'id',\n description: 'ID of the docker registry',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'The docker registry has been successfully updated.',\n type: DockerRegistryDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_REGISTRIES])\n @UseGuards(DockerRegistryAccessGuard)\n @Audit({\n action: AuditAction.UPDATE,\n targetType: AuditTarget.DOCKER_REGISTRY,\n targetIdFromRequest: (req) => req.params.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n name: req.body?.name,\n url: req.body?.url,\n username: req.body?.username,\n password: req.body?.password ? MASKED_AUDIT_VALUE : undefined,\n project: req.body?.project,\n }),\n },\n })\n async update(\n @Param('id') registryId: string,\n @Body() updateDockerRegistryDto: UpdateDockerRegistryDto,\n ): Promise {\n const dockerRegistry = await this.dockerRegistryService.update(registryId, updateDockerRegistryDto)\n return DockerRegistryDto.fromDockerRegistry(dockerRegistry)\n }\n\n @Delete(':id')\n @ApiOperation({\n summary: 'Delete registry',\n operationId: 'deleteRegistry',\n })\n @ApiParam({\n name: 'id',\n description: 'ID of the docker registry',\n type: 'string',\n })\n @ApiResponse({\n status: 204,\n description: 'The docker registry has been successfully deleted.',\n })\n @HttpCode(204)\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.DELETE_REGISTRIES])\n @UseGuards(DockerRegistryAccessGuard)\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.DOCKER_REGISTRY,\n targetIdFromRequest: (req) => req.params.id,\n })\n async remove(@Param('id') registryId: string): Promise {\n return this.dockerRegistryService.remove(registryId)\n }\n\n @Post(':id/set-default')\n @ApiOperation({\n summary: 'Set default registry',\n operationId: 'setDefaultRegistry',\n })\n @ApiParam({\n name: 'id',\n description: 'ID of the docker registry',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'The docker registry has been set as default.',\n type: DockerRegistryDto,\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n @UseGuards(DockerRegistryAccessGuard)\n @Audit({\n action: AuditAction.SET_DEFAULT,\n targetType: AuditTarget.DOCKER_REGISTRY,\n targetIdFromRequest: (req) => req.params.id,\n })\n async setDefault(@Param('id') registryId: string): Promise {\n const dockerRegistry = await this.dockerRegistryService.setDefault(registryId)\n return DockerRegistryDto.fromDockerRegistry(dockerRegistry)\n }\n}\n" }, { "path": "apps/api/src/docker-registry/decorators/docker-registry.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { createParamDecorator, ExecutionContext } from '@nestjs/common'\n\nexport const DockerRegistry = createParamDecorator((data: unknown, ctx: ExecutionContext) => {\n const request = ctx.switchToHttp().getRequest()\n return request.dockerRegistry\n})\n" }, { "path": "apps/api/src/docker-registry/docker-registry.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { TypeOrmModule } from '@nestjs/typeorm'\nimport { DockerRegistry } from './entities/docker-registry.entity'\nimport { DockerRegistryService } from './services/docker-registry.service'\nimport { DockerRegistryController } from './controllers/docker-registry.controller'\nimport { HttpModule } from '@nestjs/axios'\nimport { DockerRegistryProvider } from './providers/docker-registry.provider'\nimport { DOCKER_REGISTRY_PROVIDER } from './providers/docker-registry.provider.interface'\nimport { OrganizationModule } from '../organization/organization.module'\nimport { RegionModule } from '../region/region.module'\n\n@Module({\n imports: [OrganizationModule, RegionModule, TypeOrmModule.forFeature([DockerRegistry]), HttpModule],\n controllers: [DockerRegistryController],\n providers: [\n {\n provide: DOCKER_REGISTRY_PROVIDER,\n useClass: DockerRegistryProvider,\n },\n DockerRegistryService,\n ],\n exports: [DockerRegistryService],\n})\nexport class DockerRegistryModule {}\n" }, { "path": "apps/api/src/docker-registry/dto/create-docker-registry-internal.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { RegistryType } from '../enums/registry-type.enum'\n\nexport class CreateDockerRegistryInternalDto {\n name: string\n url: string\n username: string\n password: string\n project?: string\n registryType: RegistryType\n isDefault?: boolean\n regionId?: string | null\n}\n" }, { "path": "apps/api/src/docker-registry/dto/create-docker-registry.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { IsString, IsUrl, IsEnum, IsOptional, IsBoolean } from 'class-validator'\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { RegistryType } from './../../docker-registry/enums/registry-type.enum'\n\n@ApiSchema({ name: 'CreateDockerRegistry' })\nexport class CreateDockerRegistryDto {\n @ApiProperty({ description: 'Registry name' })\n @IsString()\n name: string\n\n @ApiProperty({ description: 'Registry URL' })\n @IsUrl()\n url: string\n\n @ApiProperty({ description: 'Registry username' })\n @IsString()\n username: string\n\n @ApiProperty({ description: 'Registry password' })\n @IsString()\n password: string\n\n @ApiPropertyOptional({ description: 'Registry project' })\n @IsString()\n @IsOptional()\n project?: string\n\n @ApiProperty({\n description: 'Registry type',\n enum: RegistryType,\n default: RegistryType.ORGANIZATION,\n })\n @IsEnum(RegistryType)\n registryType: RegistryType\n\n @ApiPropertyOptional({ description: 'Set as default registry' })\n @IsBoolean()\n @IsOptional()\n isDefault?: boolean\n}\n" }, { "path": "apps/api/src/docker-registry/dto/docker-registry.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { RegistryType } from './../../docker-registry/enums/registry-type.enum'\nimport { DockerRegistry } from '../entities/docker-registry.entity'\n\n@ApiSchema({ name: 'DockerRegistry' })\nexport class DockerRegistryDto {\n @ApiProperty({\n description: 'Registry ID',\n example: '123e4567-e89b-12d3-a456-426614174000',\n })\n id: string\n\n @ApiProperty({\n description: 'Registry name',\n example: 'My Docker Hub',\n })\n name: string\n\n @ApiProperty({\n description: 'Registry URL',\n example: 'https://registry.hub.docker.com',\n })\n url: string\n\n @ApiProperty({\n description: 'Registry username',\n example: 'username',\n })\n username: string\n\n @ApiProperty({\n description: 'Registry project',\n example: 'my-project',\n })\n project: string\n\n @ApiProperty({\n description: 'Registry type',\n enum: RegistryType,\n example: RegistryType.INTERNAL,\n })\n registryType: RegistryType\n\n @ApiProperty({\n description: 'Creation timestamp',\n example: '2024-01-31T12:00:00Z',\n })\n createdAt: Date\n\n @ApiProperty({\n description: 'Last update timestamp',\n example: '2024-01-31T12:00:00Z',\n })\n updatedAt: Date\n\n static fromDockerRegistry(dockerRegistry: DockerRegistry): DockerRegistryDto {\n const dto: DockerRegistryDto = {\n id: dockerRegistry.id,\n name: dockerRegistry.name,\n url: dockerRegistry.url,\n username: dockerRegistry.username,\n project: dockerRegistry.project,\n registryType: dockerRegistry.registryType,\n createdAt: dockerRegistry.createdAt,\n updatedAt: dockerRegistry.updatedAt,\n }\n\n return dto\n }\n}\n" }, { "path": "apps/api/src/docker-registry/dto/update-docker-registry.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { IsString, IsOptional, IsUrl } from 'class-validator'\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'UpdateDockerRegistry' })\nexport class UpdateDockerRegistryDto {\n @ApiProperty({ description: 'Registry name' })\n @IsString()\n name: string\n\n @ApiProperty({ description: 'Registry URL' })\n @IsUrl()\n url: string\n\n @ApiProperty({ description: 'Registry username' })\n @IsString()\n username: string\n\n @ApiPropertyOptional({ description: 'Registry password' })\n @IsString()\n @IsOptional()\n password?: string\n\n @ApiPropertyOptional({ description: 'Registry project' })\n @IsString()\n @IsOptional()\n project?: string\n}\n" }, { "path": "apps/api/src/docker-registry/entities/docker-registry.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { RegistryType } from './../../docker-registry/enums/registry-type.enum'\nimport { Column, CreateDateColumn, Entity, Index, PrimaryGeneratedColumn, UpdateDateColumn } from 'typeorm'\n\n@Entity()\n@Index(['organizationId', 'registryType'])\n@Index(['region', 'registryType'])\n@Index(['registryType', 'isDefault'])\nexport class DockerRegistry {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @Column()\n name: string\n\n @Column()\n url: string\n\n @Column()\n username: string\n\n @Column()\n password: string\n\n @Column({ default: false })\n isDefault: boolean\n\n @Column({ default: false })\n isFallback: boolean\n\n @Column({ default: '' })\n project: string\n\n @Column({ nullable: true, type: 'uuid' })\n organizationId?: string\n\n @Column({ nullable: true })\n region: string | null\n\n @Column({\n type: 'enum',\n enum: RegistryType,\n default: RegistryType.INTERNAL,\n })\n registryType: RegistryType\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n}\n" }, { "path": "apps/api/src/docker-registry/enums/registry-type.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum RegistryType {\n INTERNAL = 'internal', // Used for internal snapshots\n ORGANIZATION = 'organization',\n TRANSIENT = 'transient',\n BACKUP = 'backup',\n}\n" }, { "path": "apps/api/src/docker-registry/guards/docker-registry-access.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, CanActivate, ExecutionContext, NotFoundException, ForbiddenException } from '@nestjs/common'\nimport { DockerRegistryService } from '../services/docker-registry.service'\nimport { OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { RegistryType } from '../enums/registry-type.enum'\n\n@Injectable()\nexport class DockerRegistryAccessGuard implements CanActivate {\n constructor(private readonly dockerRegistryService: DockerRegistryService) {}\n\n async canActivate(context: ExecutionContext): Promise {\n const request = context.switchToHttp().getRequest()\n const dockerRegistryId: string = request.params.dockerRegistryId || request.params.registryId || request.params.id\n\n // TODO: initialize authContext safely\n const authContext: OrganizationAuthContext = request.user\n\n try {\n const dockerRegistry = await this.dockerRegistryService.findOneOrFail(dockerRegistryId)\n if (authContext.role !== SystemRole.ADMIN && dockerRegistry.organizationId !== authContext.organizationId) {\n throw new ForbiddenException('Request organization ID does not match resource organization ID')\n }\n if (authContext.role !== SystemRole.ADMIN && dockerRegistry.registryType !== RegistryType.ORGANIZATION) {\n // only allow access to registries manually created by the organization\n throw new ForbiddenException(`Requested registry is not type \"${RegistryType.ORGANIZATION}\"`)\n }\n request.dockerRegistry = dockerRegistry\n return true\n } catch (error) {\n throw new NotFoundException(`Docker registry with ID ${dockerRegistryId} not found`)\n }\n }\n}\n" }, { "path": "apps/api/src/docker-registry/providers/docker-registry.provider.interface.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const DOCKER_REGISTRY_PROVIDER = 'DOCKER_REGISTRY_PROVIDER'\n\nexport interface IDockerRegistryProvider {\n createRobotAccount(\n url: string,\n auth: { username: string; password: string },\n robotConfig: {\n name: string\n description: string\n duration: number\n level: string\n permissions: Array<{\n kind: string\n namespace: string\n access: Array<{ resource: string; action: string }>\n }>\n },\n ): Promise<{ name: string; secret: string }>\n\n deleteArtifact(\n baseUrl: string,\n auth: { username: string; password: string },\n params: { project: string; repository: string; tag: string },\n ): Promise\n}\n" }, { "path": "apps/api/src/docker-registry/providers/docker-registry.provider.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { HttpService } from '@nestjs/axios'\nimport { firstValueFrom } from 'rxjs'\nimport { IDockerRegistryProvider } from './docker-registry.provider.interface'\n\n@Injectable()\nexport class DockerRegistryProvider implements IDockerRegistryProvider {\n constructor(private readonly httpService: HttpService) {}\n\n async createRobotAccount(\n url: string,\n auth: { username: string; password: string },\n robotConfig: {\n name: string\n description: string\n duration: number\n level: string\n permissions: Array<{\n kind: string\n namespace: string\n access: Array<{ resource: string; action: string }>\n }>\n },\n ): Promise<{ name: string; secret: string }> {\n const response = await firstValueFrom(this.httpService.post(url, robotConfig, { auth }))\n return {\n name: response.data.name,\n secret: response.data.secret,\n }\n }\n\n async deleteArtifact(\n baseUrl: string,\n auth: { username: string; password: string },\n params: { project: string; repository: string; tag: string },\n ): Promise {\n const url = `${baseUrl}/api/v2.0/projects/${params.project}/repositories/${params.repository}/artifacts/${params.tag}`\n\n try {\n await firstValueFrom(this.httpService.delete(url, { auth }))\n } catch (error) {\n if (error.response?.status === 404) {\n return // Artifact not found, consider it a success\n }\n throw error\n }\n }\n}\n" }, { "path": "apps/api/src/docker-registry/providers/mock-docker-registry.provider.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { IDockerRegistryProvider } from './docker-registry.provider.interface'\n\nexport class MockDockerRegistryProvider implements IDockerRegistryProvider {\n async createRobotAccount(): Promise<{ name: string; secret: string }> {\n return {\n name: 'mock-robot',\n secret: 'mock-secret',\n }\n }\n\n async deleteArtifact(): Promise {\n return Promise.resolve()\n }\n}\n" }, { "path": "apps/api/src/docker-registry/services/docker-registry.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ForbiddenException, Inject, Injectable, Logger, NotFoundException } from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { EntityManager, FindOptionsWhere, IsNull, Repository } from 'typeorm'\nimport { DockerRegistry } from '../entities/docker-registry.entity'\nimport { CreateDockerRegistryInternalDto } from '../dto/create-docker-registry-internal.dto'\nimport { UpdateDockerRegistryDto } from '../dto/update-docker-registry.dto'\nimport { ApiOAuth2 } from '@nestjs/swagger'\nimport { RegistryPushAccessDto } from '../../sandbox/dto/registry-push-access-dto'\nimport {\n DOCKER_REGISTRY_PROVIDER,\n IDockerRegistryProvider,\n} from './../../docker-registry/providers/docker-registry.provider.interface'\nimport { RegistryType } from './../../docker-registry/enums/registry-type.enum'\nimport { parseDockerImage, checkDockerfileHasRegistryPrefix } from '../../common/utils/docker-image.util'\nimport axios from 'axios'\nimport { OnAsyncEvent } from '../../common/decorators/on-async-event.decorator'\nimport { RegionEvents } from '../../region/constants/region-events.constant'\nimport { RegionCreatedEvent } from '../../region/events/region-created.event'\nimport { RegionDeletedEvent } from '../../region/events/region-deleted.event'\nimport { RegionService } from '../../region/services/region.service'\nimport {\n RegionSnapshotManagerCredsRegeneratedEvent,\n RegionSnapshotManagerUpdatedEvent,\n} from '../../region/events/region-snapshot-manager-creds.event'\n\nconst AXIOS_TIMEOUT_MS = 3000\nconst DOCKER_HUB_REGISTRY = 'registry-1.docker.io'\nconst DOCKER_HUB_URL = 'docker.io'\n\n/**\n * Normalizes Docker Hub URLs to 'docker.io' for storage.\n * Empty URLs are assumed to be Docker Hub.\n */\nfunction normalizeRegistryUrl(url: string): string {\n if (!url || url.trim() === '' || url.toLowerCase().includes('docker.io')) {\n return DOCKER_HUB_URL\n }\n // Strip trailing slashes for consistent matching\n return url.trim().replace(/\\/+$/, '')\n}\n\nexport interface ImageDetails {\n digest: string\n sizeGB: number\n entrypoint: string[]\n cmd: string[]\n env: string[]\n workingDir?: string\n user?: string\n}\n\n@Injectable()\n@ApiOAuth2(['openid', 'profile', 'email'])\nexport class DockerRegistryService {\n private readonly logger = new Logger(DockerRegistryService.name)\n\n constructor(\n @InjectRepository(DockerRegistry)\n private readonly dockerRegistryRepository: Repository,\n @Inject(DOCKER_REGISTRY_PROVIDER)\n private readonly dockerRegistryProvider: IDockerRegistryProvider,\n private readonly regionService: RegionService,\n ) {}\n\n async create(\n createDto: CreateDockerRegistryInternalDto,\n organizationId?: string,\n isFallback = false,\n entityManager?: EntityManager,\n ): Promise {\n const repository = entityManager ? entityManager.getRepository(DockerRegistry) : this.dockerRegistryRepository\n\n // set some limit to the number of registries\n if (organizationId) {\n const registries = await repository.find({\n where: { organizationId },\n })\n if (registries.length >= 100) {\n throw new ForbiddenException('You have reached the maximum number of registries')\n }\n }\n\n const registry = repository.create({\n ...createDto,\n url: normalizeRegistryUrl(createDto.url),\n region: createDto.regionId,\n organizationId,\n isFallback,\n })\n return repository.save(registry)\n }\n\n async findAll(organizationId: string, registryType: RegistryType): Promise {\n return this.dockerRegistryRepository.find({\n where: { organizationId, registryType },\n order: {\n createdAt: 'DESC',\n },\n })\n }\n\n async findOne(registryId: string): Promise {\n return this.dockerRegistryRepository.findOne({\n where: { id: registryId },\n })\n }\n\n async findOneOrFail(registryId: string): Promise {\n return this.dockerRegistryRepository.findOneOrFail({\n where: { id: registryId },\n })\n }\n\n async update(registryId: string, updateDto: UpdateDockerRegistryDto): Promise {\n const registry = await this.dockerRegistryRepository.findOne({\n where: { id: registryId },\n })\n\n if (!registry) {\n throw new NotFoundException(`Docker registry with ID ${registryId} not found`)\n }\n\n registry.name = updateDto.name\n registry.url = normalizeRegistryUrl(updateDto.url)\n registry.username = updateDto.username\n if (updateDto.password) {\n registry.password = updateDto.password\n }\n registry.project = updateDto.project\n\n return this.dockerRegistryRepository.save(registry)\n }\n\n async remove(registryId: string): Promise {\n const registry = await this.dockerRegistryRepository.findOne({\n where: { id: registryId },\n })\n\n if (!registry) {\n throw new NotFoundException(`Docker registry with ID ${registryId} not found`)\n }\n\n await this.dockerRegistryRepository.remove(registry)\n }\n\n async setDefault(registryId: string): Promise {\n const registry = await this.dockerRegistryRepository.findOne({\n where: { id: registryId },\n })\n\n if (!registry) {\n throw new NotFoundException(`Docker registry with ID ${registryId} not found`)\n }\n\n await this.unsetDefaultRegistry()\n\n registry.isDefault = true\n return this.dockerRegistryRepository.save(registry)\n }\n\n private async unsetDefaultRegistry(): Promise {\n await this.dockerRegistryRepository.update({ isDefault: true }, { isDefault: false })\n }\n\n /**\n * Returns an available internal registry for storing snapshots.\n *\n * If a snapshot manager _is_ configured for the region identified by the provided _regionId_, only an internal registry that matches the region snapshot manager can be returned.\n * If no matching internal registry is found, _null_ will be returned.\n *\n * If a snapshot manager _is not_ configured for the provided region, the default internal registry will be returned (if available).\n * If no default internal registry is found, _null_ will be returned.\n *\n * @param regionId - The ID of the region.\n */\n async getAvailableInternalRegistry(regionId: string): Promise {\n const region = await this.regionService.findOne(regionId)\n if (!region) {\n return null\n }\n\n if (region.snapshotManagerUrl) {\n return this.dockerRegistryRepository.findOne({\n where: { region: regionId, registryType: RegistryType.INTERNAL },\n })\n }\n\n return this.dockerRegistryRepository.findOne({\n where: { isDefault: true, registryType: RegistryType.INTERNAL },\n })\n }\n\n /**\n * Returns an available transient registry for pushing snapshots.\n *\n * If a snapshot manager _is_ configured for the region identified by the provided _regionId_, only a transient registry that matches the region snapshot manager can be returned.\n * If no matching transient registry is found, _null_ will be returned.\n *\n * If a snapshot manager _is not_ configured for the provided region or no region is provided, the default transient registry will be returned (if available).\n * If no default transient registry is found, _null_ will be returned.\n *\n * @param regionId - (Optional) The ID of the region.\n */\n async getAvailableTransientRegistry(regionId?: string): Promise {\n if (regionId) {\n const region = await this.regionService.findOne(regionId)\n if (!region) {\n return null\n }\n\n if (region.snapshotManagerUrl) {\n return this.dockerRegistryRepository.findOne({\n where: { region: regionId, registryType: RegistryType.TRANSIENT },\n })\n }\n }\n\n return this.dockerRegistryRepository.findOne({\n where: { isDefault: true, registryType: RegistryType.TRANSIENT },\n })\n }\n\n async getDefaultDockerHubRegistry(): Promise {\n return this.dockerRegistryRepository.findOne({\n where: {\n organizationId: IsNull(),\n registryType: RegistryType.INTERNAL,\n url: DOCKER_HUB_URL,\n project: '',\n },\n })\n }\n\n /**\n * Returns an available backup registry for storing snapshots.\n *\n * If a snapshot manager _is_ configured for the region identified by the provided _preferredRegionId_, only a backup registry that matches the region snapshot manager can be returned.\n * If no matching backup registry is found, _null_ will be returned.\n *\n * If a snapshot manager _is not_ configured for the provided region, a backup registry in the preferred region will be returned (if available).\n * If no backup registry is found in the preferred region, a fallback backup registry will be returned (if available).\n * If no fallback backup registry is found, _null_ will be returned.\n *\n * @param preferredRegionId - The ID of the preferred region.\n */\n async getAvailableBackupRegistry(preferredRegionId: string): Promise {\n const region = await this.regionService.findOne(preferredRegionId)\n if (!region) {\n return null\n }\n\n if (region.snapshotManagerUrl) {\n return this.dockerRegistryRepository.findOne({\n where: { region: preferredRegionId, registryType: RegistryType.BACKUP },\n })\n }\n\n const registries = await this.dockerRegistryRepository.find({\n where: { registryType: RegistryType.BACKUP, isDefault: true },\n })\n\n if (registries.length === 0) {\n return null\n }\n\n // Filter registries by preferred region\n const preferredRegionRegistries = registries.filter((registry) => registry.region === preferredRegionId)\n\n // If we have registries in the preferred region, randomly select one\n if (preferredRegionRegistries.length > 0) {\n const randomIndex = Math.floor(Math.random() * preferredRegionRegistries.length)\n return preferredRegionRegistries[randomIndex]\n }\n\n // If no registry found in preferred region, try to find a fallback registry\n const fallbackRegistries = registries.filter((registry) => registry.isFallback === true)\n\n if (fallbackRegistries.length > 0) {\n const randomIndex = Math.floor(Math.random() * fallbackRegistries.length)\n return fallbackRegistries[randomIndex]\n }\n\n // If no fallback registry found either, throw an error\n throw new Error('No backup registry available')\n }\n\n /**\n * Returns an internal registry that matches the snapshot ref.\n *\n * If no matching internal registry is found, _null_ will be returned.\n *\n * @param ref - The snapshot ref.\n * @param regionId - The ID of the region which needs access to the internal registry.\n */\n async findInternalRegistryBySnapshotRef(ref: string, regionId: string): Promise {\n const region = await this.regionService.findOne(regionId)\n if (!region) {\n return null\n }\n\n let registries: DockerRegistry[]\n\n if (region.snapshotManagerUrl) {\n registries = await this.dockerRegistryRepository.find({\n where: {\n region: regionId,\n registryType: RegistryType.INTERNAL,\n },\n })\n } else {\n registries = await this.dockerRegistryRepository.find({\n where: {\n organizationId: IsNull(),\n registryType: RegistryType.INTERNAL,\n },\n })\n }\n\n return this.findRegistryByUrlMatch(registries, ref)\n }\n\n /**\n * Returns a source registry that matches the snapshot image name and can be used to pull the image.\n *\n * If no matching source registry is found, _null_ will be returned.\n *\n * @param imageName - The user-provided image.\n * @param regionId - The ID of the region which needs access to the source registry.\n */\n async findSourceRegistryBySnapshotImageName(\n imageName: string,\n regionId: string,\n organizationId?: string,\n ): Promise {\n const region = await this.regionService.findOne(regionId)\n if (!region) {\n return null\n }\n\n const whereCondition: FindOptionsWhere[] = []\n\n if (region.organizationId) {\n // registries manually added by the organization\n whereCondition.push({\n organizationId: region.organizationId,\n registryType: RegistryType.ORGANIZATION,\n })\n }\n\n if (organizationId) {\n whereCondition.push({\n organizationId: organizationId,\n registryType: RegistryType.ORGANIZATION,\n })\n }\n\n if (region.snapshotManagerUrl) {\n // internal registry associated with region snapshot manager\n whereCondition.push({\n region: regionId,\n registryType: RegistryType.INTERNAL,\n })\n } else {\n // shared internal registries\n whereCondition.push({\n organizationId: IsNull(),\n registryType: RegistryType.INTERNAL,\n })\n }\n\n const registries = await this.dockerRegistryRepository.find({\n where: whereCondition,\n })\n\n // Prioritize ORGANIZATION registries over others\n // This ensures user-configured credentials take precedence over shared internal ones\n const priority: Partial> = {\n [RegistryType.ORGANIZATION]: 0,\n }\n const sortedRegistries = [...registries].sort(\n (a, b) => (priority[a.registryType] ?? 1) - (priority[b.registryType] ?? 1),\n )\n\n return this.findRegistryByUrlMatch(sortedRegistries, imageName)\n }\n\n /**\n * Returns a transient registry that matches the snapshot image name.\n *\n * If no matching transient registry is found, _null_ will be returned.\n *\n * @param imageName - The user-provided image.\n * @param regionId - The ID of the region which needs access to the transient registry.\n */\n async findTransientRegistryBySnapshotImageName(imageName: string, regionId: string): Promise {\n const region = await this.regionService.findOne(regionId)\n if (!region) {\n return null\n }\n\n let registries: DockerRegistry[]\n\n if (region.snapshotManagerUrl) {\n registries = await this.dockerRegistryRepository.find({\n where: {\n region: regionId,\n registryType: RegistryType.TRANSIENT,\n },\n })\n } else {\n registries = await this.dockerRegistryRepository.find({\n where: {\n organizationId: IsNull(),\n registryType: RegistryType.TRANSIENT,\n },\n })\n }\n\n return this.findRegistryByUrlMatch(registries, imageName)\n }\n\n async getRegistryPushAccess(\n organizationId: string,\n userId: string,\n regionId?: string,\n ): Promise {\n const transientRegistry = await this.getAvailableTransientRegistry(regionId)\n if (!transientRegistry) {\n throw new Error('No default transient registry configured')\n }\n\n const uniqueId = crypto.randomUUID().replace(/-/g, '').slice(0, 12)\n const robotName = `temp-push-robot-${uniqueId}`\n const expiresAt = new Date()\n expiresAt.setHours(expiresAt.getHours() + 1) // Token valid for 1 hour\n\n const url = this.getRegistryUrl(transientRegistry) + '/api/v2.0/robots'\n\n try {\n const response = await this.dockerRegistryProvider.createRobotAccount(\n url,\n {\n username: transientRegistry.username,\n password: transientRegistry.password,\n },\n {\n name: robotName,\n description: `Temporary push access for user ${userId} in organization ${organizationId}`,\n duration: 3600,\n level: 'project',\n permissions: [\n {\n kind: 'project',\n namespace: transientRegistry.project,\n access: [{ resource: 'repository', action: 'push' }],\n },\n ],\n },\n )\n\n return {\n username: response.name,\n secret: response.secret,\n registryId: transientRegistry.id,\n registryUrl: new URL(url).host,\n project: transientRegistry.project,\n expiresAt: expiresAt.toISOString(),\n }\n } catch (error) {\n let errorMessage = `Failed to generate push token: ${error.message}`\n if (error.response) {\n errorMessage += ` - ${error.response.data.message || error.response.statusText}`\n }\n throw new Error(errorMessage)\n }\n }\n\n async removeImage(imageName: string, registryId: string): Promise {\n const registry = await this.findOne(registryId)\n if (!registry) {\n throw new Error('Registry not found')\n }\n\n const parsedImage = parseDockerImage(imageName)\n if (!parsedImage.project) {\n throw new Error('Invalid image name format. Expected: [registry]/project/repository[:tag]')\n }\n\n try {\n await this.dockerRegistryProvider.deleteArtifact(\n this.getRegistryUrl(registry),\n {\n username: registry.username,\n password: registry.password,\n },\n {\n project: parsedImage.project,\n repository: parsedImage.repository,\n tag: parsedImage.tag,\n },\n )\n } catch (error) {\n const message = error.response?.data?.message || error.message\n throw new Error(`Failed to remove image ${imageName}: ${message}`)\n }\n }\n\n getRegistryUrl(registry: DockerRegistry): string {\n // Dev mode\n if (registry.url.startsWith('localhost:') || registry.url.startsWith('registry:')) {\n return `http://${registry.url}`\n }\n\n if (registry.url.startsWith('localhost') || registry.url.startsWith('127.0.0.1')) {\n return `http://${registry.url}`\n }\n\n return registry.url.startsWith('http') ? registry.url : `https://${registry.url}`\n }\n\n public async findRegistryByImageName(\n imageName: string,\n regionId: string,\n organizationId?: string,\n ): Promise {\n // Parse the image to extract potential registry hostname\n const parsedImage = parseDockerImage(imageName)\n\n if (parsedImage.registry) {\n // Image has registry prefix, try to find matching registry in database first\n const registry = await this.findSourceRegistryBySnapshotImageName(imageName, regionId, organizationId)\n if (registry) {\n return registry\n }\n // Not found in database, create temporary registry config for public access\n return this.createTemporaryRegistryConfig(parsedImage.registry)\n } else {\n // Image has no registry prefix (e.g., \"alpine:3.21\")\n // Create temporary Docker Hub config\n return this.createTemporaryRegistryConfig('docker.io')\n }\n }\n\n /**\n * Finds a registry with a URL that matches the start of the target string.\n *\n * @param registries - The list of registries to search.\n * @param targetString - The string to match against registry URLs.\n * @returns The matching registry, or null if no match is found.\n */\n private findRegistryByUrlMatch(registries: DockerRegistry[], targetString: string): DockerRegistry | null {\n for (const registry of registries) {\n const strippedUrl = registry.url.replace(/^(https?:\\/\\/)/, '').replace(/\\/+$/, '')\n if (targetString.startsWith(strippedUrl)) {\n // Ensure match is at a proper boundary (followed by '/', ':', or end-of-string)\n // to prevent \"registry.depot.dev\" from matching \"registry.depot.dev-evil.com/...\"\n const nextChar = targetString[strippedUrl.length]\n if (nextChar === undefined || nextChar === '/' || nextChar === ':') {\n return registry\n }\n }\n }\n return null\n }\n\n private createTemporaryRegistryConfig(registryOrigin: string): DockerRegistry {\n const registry = new DockerRegistry()\n registry.id = `temp-${registryOrigin}`\n registry.name = `Temporary ${registryOrigin}`\n registryOrigin = registryOrigin.replace(/^(https?:\\/\\/)/, '')\n registry.url = `https://${registryOrigin}`\n registry.username = ''\n registry.password = ''\n registry.project = ''\n registry.isDefault = false\n registry.registryType = RegistryType.INTERNAL\n return registry\n }\n\n private async getDockerHubToken(repository: string): Promise {\n try {\n const tokenUrl = `https://auth.docker.io/token?service=${DOCKER_HUB_REGISTRY}&scope=repository:${repository}:pull`\n const response = await axios.get(tokenUrl, { timeout: 10000 })\n return response.data.token\n } catch (error) {\n this.logger.warn(`Failed to get Docker Hub token: ${error.message}`)\n return null\n }\n }\n\n private async deleteRepositoryWithPrefix(\n repository: string,\n prefix: string,\n registry: DockerRegistry,\n ): Promise {\n const registryUrl = this.getRegistryUrl(registry)\n const encodedCredentials = Buffer.from(`${registry.username}:${registry.password}`).toString('base64')\n const repoPath = `${registry.project}/${prefix}${repository}`\n\n try {\n // Step 1: List all tags in the repository\n const tagsUrl = `${registryUrl}/v2/${repoPath}/tags/list`\n\n const tagsResponse = await axios({\n method: 'get',\n url: tagsUrl,\n headers: {\n Authorization: `Basic ${encodedCredentials}`,\n },\n validateStatus: (status) => status < 500,\n timeout: AXIOS_TIMEOUT_MS,\n })\n\n if (tagsResponse.status === 404) {\n return\n }\n\n if (tagsResponse.status >= 300) {\n this.logger.error(`Error listing tags in repository ${repoPath}: ${tagsResponse.statusText}`)\n throw new Error(`Failed to list tags in repository ${repoPath}: ${tagsResponse.statusText}`)\n }\n\n const tags = tagsResponse.data.tags || []\n\n if (tags.length === 0) {\n this.logger.debug(`Repository ${repoPath} has no tags to delete`)\n return\n }\n\n if (tags.length > 500) {\n this.logger.warn(`Repository ${repoPath} has more than 500 tags, skipping cleanup`)\n return\n }\n\n // Step 2: Delete each tag\n for (const tag of tags) {\n try {\n // Get the digest for this tag\n const manifestUrl = `${registryUrl}/v2/${repoPath}/manifests/${tag}`\n\n const manifestResponse = await axios({\n method: 'head',\n url: manifestUrl,\n headers: {\n Authorization: `Basic ${encodedCredentials}`,\n Accept: 'application/vnd.docker.distribution.manifest.v2+json',\n },\n validateStatus: (status) => status < 500,\n timeout: AXIOS_TIMEOUT_MS,\n })\n\n if (manifestResponse.status >= 300) {\n this.logger.warn(`Couldn't get manifest for tag ${tag}: ${manifestResponse.statusText}`)\n continue\n }\n\n const digest = manifestResponse.headers['docker-content-digest']\n if (!digest) {\n this.logger.warn(`Docker content digest not found for tag ${tag}`)\n continue\n }\n\n // Delete the manifest\n const deleteUrl = `${registryUrl}/v2/${repoPath}/manifests/${digest}`\n\n const deleteResponse = await axios({\n method: 'delete',\n url: deleteUrl,\n headers: {\n Authorization: `Basic ${encodedCredentials}`,\n },\n validateStatus: (status) => status < 500,\n timeout: AXIOS_TIMEOUT_MS,\n })\n\n if (deleteResponse.status < 300) {\n this.logger.debug(`Deleted tag ${tag} from repository ${repoPath}`)\n } else {\n this.logger.warn(`Failed to delete tag ${tag}: ${deleteResponse.statusText}`)\n }\n } catch (error) {\n this.logger.warn(`Exception when deleting tag ${tag}: ${error.message}`)\n // Continue with other tags\n }\n }\n\n this.logger.debug(`Repository ${repoPath} cleanup completed`)\n } catch (error) {\n this.logger.error(`Exception when deleting repository ${repoPath}: ${error.message}`)\n throw error\n }\n }\n\n async deleteSandboxRepository(repository: string, registry: DockerRegistry): Promise {\n try {\n // Delete both backup and snapshot repositories - necessary due to renaming\n await this.deleteRepositoryWithPrefix(repository, 'backup-', registry)\n await this.deleteRepositoryWithPrefix(repository, 'snapshot-', registry)\n } catch (error) {\n this.logger.error(`Failed to delete repositories for ${repository}: ${error.message}`)\n throw error\n }\n }\n\n async deleteBackupImageFromRegistry(imageName: string, registry: DockerRegistry): Promise {\n const parsedImage = parseDockerImage(imageName)\n if (!parsedImage.project || !parsedImage.tag) {\n throw new Error('Invalid image name format. Expected: [registry]/project/repository:tag')\n }\n\n const registryUrl = this.getRegistryUrl(registry)\n const repoPath = `${parsedImage.project}/${parsedImage.repository}`\n\n // First, get the digest for the tag using the manifests endpoint\n const manifestUrl = `${registryUrl}/v2/${repoPath}/manifests/${parsedImage.tag}`\n const encodedCredentials = Buffer.from(`${registry.username}:${registry.password}`).toString('base64')\n\n try {\n // Get the digest from the headers\n const manifestResponse = await axios({\n method: 'head', // Using HEAD request to only fetch headers\n url: manifestUrl,\n headers: {\n Authorization: `Basic ${encodedCredentials}`,\n Accept: 'application/vnd.docker.distribution.manifest.v2+json',\n },\n validateStatus: (status) => status < 500,\n timeout: AXIOS_TIMEOUT_MS,\n })\n\n if (manifestResponse.status >= 300) {\n this.logger.error(`Error getting manifest for image ${imageName}: ${manifestResponse.statusText}`)\n throw new Error(`Failed to get manifest for image ${imageName}: ${manifestResponse.statusText}`)\n }\n\n // Extract the digest from headers\n const digest = manifestResponse.headers['docker-content-digest']\n if (!digest) {\n throw new Error(`Docker content digest not found for image ${imageName}`)\n }\n\n // Now delete the image using the digest\n const deleteUrl = `${registryUrl}/v2/${repoPath}/manifests/${digest}`\n\n const deleteResponse = await axios({\n method: 'delete',\n url: deleteUrl,\n headers: {\n Authorization: `Basic ${encodedCredentials}`,\n },\n validateStatus: (status) => status < 500,\n timeout: AXIOS_TIMEOUT_MS,\n })\n\n if (deleteResponse.status < 300) {\n this.logger.debug(`Image ${imageName} removed from the registry`)\n return\n }\n\n this.logger.error(`Error removing image ${imageName} from registry: ${deleteResponse.statusText}`)\n throw new Error(`Failed to remove image ${imageName} from registry: ${deleteResponse.statusText}`)\n } catch (error) {\n this.logger.error(`Exception when deleting image ${imageName}: ${error.message}`)\n throw error\n }\n }\n\n /**\n * Gets source registries for building a Docker image from a Dockerfile\n * If the Dockerfile has images with registry prefixes, returns all user registries\n *\n * @param dockerfileContent - The Dockerfile content\n * @param organizationId - The organization ID\n * @returns Array of source registries (private registries + default Docker Hub)\n */\n async getSourceRegistriesForDockerfile(dockerfileContent: string, organizationId: string): Promise {\n const sourceRegistries: DockerRegistry[] = []\n\n // Check if Dockerfile has any images with a registry prefix\n // If so, include all user's registries (we can't reliably match specific registries)\n if (checkDockerfileHasRegistryPrefix(dockerfileContent)) {\n const userRegistries = await this.findAll(organizationId, RegistryType.ORGANIZATION)\n sourceRegistries.push(...userRegistries)\n }\n\n // Add default Docker Hub registry only if user doesn't have their own Docker Hub credentials\n // The auth configs map is keyed by URL, so adding the default last would override user credentials\n const userHasDockerHubCreds = sourceRegistries.some((registry) => registry.url.includes('docker.io'))\n\n if (!userHasDockerHubCreds) {\n const defaultDockerHubRegistry = await this.getDefaultDockerHubRegistry()\n if (defaultDockerHubRegistry) {\n sourceRegistries.push(defaultDockerHubRegistry)\n }\n }\n\n return sourceRegistries\n }\n\n @OnAsyncEvent({\n event: RegionEvents.SNAPSHOT_MANAGER_CREDENTIALS_REGENERATED,\n })\n private async _handleRegionSnapshotManagerCredsRegenerated(\n payload: RegionSnapshotManagerCredsRegeneratedEvent,\n ): Promise {\n const { regionId, snapshotManagerUrl, username, password, entityManager } = payload\n\n const em = entityManager ?? this.dockerRegistryRepository.manager\n\n const registries = await em.count(DockerRegistry, {\n where: { region: regionId, url: snapshotManagerUrl },\n })\n\n if (registries === 0) {\n throw new NotFoundException(`No registries found for region ${regionId} with URL ${snapshotManagerUrl}`)\n }\n\n await em.update(DockerRegistry, { region: regionId, url: snapshotManagerUrl }, { username, password })\n }\n\n @OnAsyncEvent({\n event: RegionEvents.SNAPSHOT_MANAGER_UPDATED,\n })\n private async _handleRegionSnapshotManagerUpdated(payload: RegionSnapshotManagerUpdatedEvent): Promise {\n const {\n region,\n organizationId,\n snapshotManagerUrl,\n prevSnapshotManagerUrl,\n entityManager,\n newUsername,\n newPassword,\n } = payload\n\n const em = entityManager ?? this.dockerRegistryRepository.manager\n\n if (prevSnapshotManagerUrl) {\n // Update old registries associated with previous snapshot manager URL\n if (snapshotManagerUrl) {\n await em.update(\n DockerRegistry,\n {\n region: region.id,\n url: prevSnapshotManagerUrl,\n },\n {\n url: snapshotManagerUrl,\n username: newUsername,\n password: newPassword,\n },\n )\n } else {\n // If snapshot manager URL is removed, delete associated registries\n await em.delete(DockerRegistry, {\n region: region.id,\n url: prevSnapshotManagerUrl,\n })\n }\n\n return\n }\n\n const registries = await em.count(DockerRegistry, {\n where: { region: region.id, url: snapshotManagerUrl },\n })\n\n if (registries === 0) {\n await this._handleRegionCreatedEvent(\n new RegionCreatedEvent(entityManager, region, organizationId, newUsername, newPassword),\n )\n }\n }\n\n @OnAsyncEvent({\n event: RegionEvents.CREATED,\n })\n private async _handleRegionCreatedEvent(payload: RegionCreatedEvent): Promise {\n const { entityManager, region, organizationId, snapshotManagerUsername, snapshotManagerPassword } = payload\n\n if (!region.snapshotManagerUrl || !snapshotManagerUsername || !snapshotManagerPassword) {\n return\n }\n\n await this.create(\n {\n name: `${region.name}-backup`,\n url: region.snapshotManagerUrl,\n username: snapshotManagerUsername,\n password: snapshotManagerPassword,\n registryType: RegistryType.BACKUP,\n regionId: region.id,\n },\n organizationId ?? undefined,\n false,\n entityManager,\n )\n\n await this.create(\n {\n name: `${region.name}-internal`,\n url: region.snapshotManagerUrl,\n username: snapshotManagerUsername,\n password: snapshotManagerPassword,\n registryType: RegistryType.INTERNAL,\n regionId: region.id,\n },\n organizationId ?? undefined,\n false,\n entityManager,\n )\n\n await this.create(\n {\n name: `${region.name}-transient`,\n url: region.snapshotManagerUrl,\n username: snapshotManagerUsername,\n password: snapshotManagerPassword,\n registryType: RegistryType.TRANSIENT,\n regionId: region.id,\n },\n organizationId ?? undefined,\n false,\n entityManager,\n )\n }\n\n @OnAsyncEvent({\n event: RegionEvents.DELETED,\n })\n async handleRegionDeletedEvent(payload: RegionDeletedEvent): Promise {\n const { entityManager, region } = payload\n\n if (!region.snapshotManagerUrl) {\n return\n }\n\n const repository = entityManager.getRepository(DockerRegistry)\n await repository.delete({ region: region.id })\n }\n}\n" }, { "path": "apps/api/src/email/constants.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const EMAIL_MODULE_OPTIONS = 'EMAIL_MODULE_OPTIONS'\n" }, { "path": "apps/api/src/email/email.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { DynamicModule, Module } from '@nestjs/common'\nimport { EmailService } from './services/email.service'\nimport { EMAIL_MODULE_OPTIONS } from './constants'\n\nexport interface EmailModuleOptions {\n host: string\n port: number\n user?: string\n password?: string\n secure?: boolean\n from: string\n dashboardUrl: string\n}\n\n@Module({})\nexport class EmailModule {\n static forRoot(options: EmailModuleOptions): DynamicModule {\n return {\n module: EmailModule,\n providers: [\n {\n provide: EMAIL_MODULE_OPTIONS,\n useValue: options,\n },\n EmailService,\n ],\n exports: [EmailService],\n }\n }\n\n static forRootAsync(options: {\n useFactory: (...args: any[]) => Promise | EmailModuleOptions\n inject?: any[]\n }): DynamicModule {\n return {\n module: EmailModule,\n providers: [\n {\n provide: EMAIL_MODULE_OPTIONS,\n useFactory: options.useFactory,\n inject: options.inject || [],\n },\n EmailService,\n ],\n exports: [EmailService],\n }\n }\n}\n" }, { "path": "apps/api/src/email/services/email.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Inject, Injectable, Logger } from '@nestjs/common'\nimport { renderFile } from 'ejs'\nimport { createTransport, Transporter } from 'nodemailer'\nimport path from 'path'\nimport { OnAsyncEvent } from '../../common/decorators/on-async-event.decorator'\nimport { OrganizationEvents } from '../../organization/constants/organization-events.constant'\nimport { OrganizationInvitationCreatedEvent } from '../../organization/events/organization-invitation-created.event'\nimport { EmailModuleOptions } from '../email.module'\n\n@Injectable()\nexport class EmailService {\n private readonly transporter: Transporter | null\n private readonly logger = new Logger(EmailService.name)\n\n constructor(@Inject('EMAIL_MODULE_OPTIONS') private readonly options: EmailModuleOptions) {\n const { host, port, user, password, secure, from, dashboardUrl } = this.options\n\n if (!host || !port || !from) {\n this.logger.warn('Email configuration not found, email functionality will be disabled')\n this.transporter = null\n return\n }\n\n this.transporter = createTransport({\n host,\n port,\n auth: user && password ? { user, pass: password } : undefined,\n secure,\n })\n }\n\n @OnAsyncEvent({\n event: OrganizationEvents.INVITATION_CREATED,\n })\n async handleOrganizationInvitationCreated(payload: OrganizationInvitationCreatedEvent): Promise {\n if (!this.transporter) {\n this.logger.warn('Failed to send organization invitation email, email configuration not found')\n return\n }\n\n try {\n await this.transporter.sendMail({\n from: this.options.from,\n to: payload.inviteeEmail,\n subject: 'Invitation to join a Daytona organization',\n html: await renderFile(path.join(__dirname, 'assets/templates/organization-invitation.template.ejs'), {\n organizationName: payload.organizationName,\n invitedBy: payload.invitedBy,\n invitationLink: `${this.options.dashboardUrl}/user/invitations?id=${payload.invitationId}`,\n expiresAt: new Date(payload.expiresAt).toLocaleDateString('en-US', {\n year: 'numeric',\n month: 'long',\n day: 'numeric',\n }),\n }),\n })\n } catch (error) {\n // TODO: resilient email sending\n this.logger.error(`Failed to send organization invitation email to ${payload.inviteeEmail}`, error)\n }\n }\n}\n" }, { "path": "apps/api/src/encryption/encryption.module.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { EncryptionService } from './encryption.service'\n\n@Module({\n providers: [EncryptionService],\n exports: [EncryptionService],\n})\nexport class EncryptionModule {}\n" }, { "path": "apps/api/src/encryption/encryption.service.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger } from '@nestjs/common'\nimport { createCipheriv, createDecipheriv, randomBytes, scrypt } from 'crypto'\nimport { promisify } from 'node:util'\nimport { TypedConfigService } from '../config/typed-config.service'\n\nexport interface EncryptedData {\n data: string\n iv: string\n}\n\n@Injectable()\nexport class EncryptionService {\n private readonly algorithm = 'aes-256-ctr'\n private readonly encoding = 'base64'\n private readonly secret: string\n private readonly salt: string\n private readonly logger = new Logger(EncryptionService.name)\n\n constructor(configService: TypedConfigService) {\n this.logger.debug('Initializing encryption service')\n this.secret = configService.getOrThrow('encryption.key')\n this.salt = configService.getOrThrow('encryption.salt')\n }\n\n public async encrypt(input: string): Promise {\n const key = (await promisify(scrypt)(this.secret, this.salt, 32)) as Buffer\n const iv = randomBytes(16)\n const cipher = createCipheriv(this.algorithm, key, iv)\n\n return this.serialize({\n data: Buffer.concat([cipher.update(input), cipher.final()]).toString(this.encoding),\n iv: iv.toString(this.encoding),\n })\n }\n\n /**\n * Decrypts the input string. If backwardsCompatible is true, it will return the input string\n * as is if decryption fails (for handling unencrypted data).\n */\n public async decrypt(input: string, backwardsCompatible = false): Promise {\n if (backwardsCompatible) {\n try {\n return await this._decrypt(input)\n } catch {\n return input\n }\n }\n\n return this._decrypt(input)\n }\n\n private async _decrypt(input: string): Promise {\n const encryptedData = this.deserialize(input)\n const key = (await promisify(scrypt)(this.secret, this.salt, 32)) as Buffer\n const encrypted = Buffer.from(encryptedData.data, this.encoding)\n const iv = Buffer.from(encryptedData.iv, this.encoding)\n const decipher = createDecipheriv(this.algorithm, key, iv)\n\n const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()])\n return decrypted.toString()\n }\n\n private serialize(data: EncryptedData): string {\n return JSON.stringify(data)\n }\n\n private deserialize(data: string): EncryptedData {\n return JSON.parse(data)\n }\n}\n" }, { "path": "apps/api/src/exceptions/bad-request.exception.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { HttpException, HttpStatus } from '@nestjs/common'\n\nexport class BadRequestError extends HttpException {\n constructor(message: string) {\n super(message, HttpStatus.BAD_REQUEST)\n }\n}\n" }, { "path": "apps/api/src/exceptions/forbidden-operation.exception.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { HttpException, HttpStatus } from '@nestjs/common'\n\nexport class ForbiddenOperationError extends HttpException {\n constructor(message: string) {\n super(message, HttpStatus.FORBIDDEN)\n }\n}\n" }, { "path": "apps/api/src/exceptions/not-found.exception.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { HttpException, HttpStatus } from '@nestjs/common'\n\nexport class ResourceNotFoundError extends HttpException {\n constructor(message: string) {\n super(message, HttpStatus.NOT_FOUND)\n }\n}\n" }, { "path": "apps/api/src/exceptions/sandbox-error.exception.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { HttpException, HttpStatus } from '@nestjs/common'\n\nexport class SandboxError extends HttpException {\n constructor(message: string) {\n super(message, HttpStatus.BAD_REQUEST)\n }\n}\n" }, { "path": "apps/api/src/filters/all-exceptions.filter.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { join } from 'node:path'\nimport { STATUS_CODES } from 'node:http'\nimport { Request, Response } from 'express'\nimport {\n ExceptionFilter,\n Catch,\n ArgumentsHost,\n HttpException,\n Logger,\n HttpStatus,\n NotFoundException,\n UnauthorizedException,\n} from '@nestjs/common'\nimport { FailedAuthTrackerService } from '../auth/failed-auth-tracker.service'\n\n@Catch()\nexport class AllExceptionsFilter implements ExceptionFilter {\n private readonly logger = new Logger(AllExceptionsFilter.name)\n\n constructor(private readonly failedAuthTracker: FailedAuthTrackerService) {}\n\n async catch(exception: unknown, host: ArgumentsHost): Promise {\n const ctx = host.switchToHttp()\n const response = ctx.getResponse()\n const request = ctx.getRequest()\n\n let statusCode: number\n let error: string\n let message: string\n\n // If the exception is a NotFoundException and the request path is not an API request, serve the dashboard index.html file\n if (exception instanceof NotFoundException && !request.path.startsWith('/api/')) {\n const response = ctx.getResponse()\n response.sendFile(join(__dirname, '..', 'dashboard', 'index.html'))\n return\n }\n\n // Track failed authentication attempts\n if (exception instanceof UnauthorizedException) {\n try {\n await this.failedAuthTracker.incrementFailedAuth(request, response)\n } catch (error) {\n this.logger.error('Failed to track authentication failure:', error)\n }\n }\n\n if (exception instanceof HttpException) {\n statusCode = exception.getStatus()\n error = STATUS_CODES[statusCode]\n const exceptionResponse = exception.getResponse()\n if (typeof exceptionResponse === 'string') {\n message = exceptionResponse\n } else {\n const responseMessage = (exceptionResponse as Record).message\n message = Array.isArray(responseMessage)\n ? responseMessage.join(', ')\n : (responseMessage as string) || exception.message\n }\n } else {\n this.logger.error(exception)\n error = STATUS_CODES[HttpStatus.INTERNAL_SERVER_ERROR]\n message = 'An unexpected error occurred.'\n statusCode = HttpStatus.INTERNAL_SERVER_ERROR\n }\n\n response.status(statusCode).json({\n path: request.url,\n timestamp: new Date().toISOString(),\n statusCode,\n error,\n message,\n })\n }\n}\n" }, { "path": "apps/api/src/filters/kafka-exception.filter.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Catch, ArgumentsHost, Logger } from '@nestjs/common'\nimport { KafkaContext } from '@nestjs/microservices'\nimport NodeCache from 'node-cache'\n\ninterface KafkaMaxRetryOptions {\n retries?: number\n sendToDlq?: boolean\n commitOffset?: boolean\n}\n\n@Catch()\nexport class KafkaMaxRetryExceptionFilter {\n private readonly logger = new Logger(KafkaMaxRetryExceptionFilter.name)\n private readonly maxRetries: number\n private readonly sendToDlq: boolean\n private readonly dlqTopicSuffix = '.dlq'\n private readonly commitOffset: boolean\n private readonly retryTracker: NodeCache\n\n constructor(options: KafkaMaxRetryOptions = {}) {\n this.maxRetries = options.retries ?? 3\n this.sendToDlq = options.sendToDlq ?? false\n this.commitOffset = options.commitOffset ?? true\n\n // Initialize retry tracker with 5 minutes TTL\n this.retryTracker = new NodeCache({\n stdTTL: 300,\n checkperiod: 60,\n useClones: false,\n })\n }\n\n async catch(exception: unknown, host: ArgumentsHost) {\n try {\n const kafkaContext = host.switchToRpc().getContext()\n const message = kafkaContext.getMessage()\n const messageKey = this.createMessageKey(kafkaContext)\n\n this.logger.debug('Processing message', { messageKey, offset: message.offset })\n\n const currentRetryCount = (this.retryTracker.get(messageKey) as number) || 0\n\n if (currentRetryCount >= this.maxRetries) {\n await this.handleMaxRetriesExceeded(kafkaContext, message, messageKey, currentRetryCount, exception)\n return\n }\n\n // Allow retry\n this.retryTracker.set(messageKey, currentRetryCount + 1, 300) // 5 minutes TTL\n this.logger.debug(`Allowing retry ${currentRetryCount + 1}/${this.maxRetries} for message ${messageKey}`)\n throw exception\n } catch (filterError) {\n this.logger.error('Error in filter:', filterError)\n throw exception\n }\n }\n\n private createMessageKey(context: KafkaContext): string {\n return `${context.getTopic()}-${context.getPartition()}-${context.getMessage().offset}`\n }\n\n private async handleMaxRetriesExceeded(\n context: KafkaContext,\n message: any,\n messageKey: string,\n retryCount: number,\n exception: unknown,\n ): Promise {\n this.logger.warn(`Max retries (${this.maxRetries}) exceeded for message ${messageKey}`)\n\n // Clean up retry tracker\n this.retryTracker.del(messageKey)\n\n if (this.sendToDlq) {\n await this.sendToDLQ(context, message, retryCount, exception)\n }\n\n if (this.commitOffset) {\n await this.commitMessageOffset(context, messageKey)\n }\n }\n\n private async sendToDLQ(context: KafkaContext, message: any, retryCount: number, exception: unknown): Promise {\n try {\n const producer = context.getProducer()\n if (!producer) {\n this.logger.warn('Producer not available, cannot send to DLQ')\n return\n }\n\n const dlqTopic = `${context.getTopic()}${this.dlqTopicSuffix}`\n const dlqMessage = this.createDLQMessage(message, retryCount, context, exception)\n\n await producer.send({\n topic: dlqTopic,\n messages: [dlqMessage],\n })\n\n this.logger.log(`Message sent to DLQ: ${dlqTopic}`)\n } catch (error) {\n this.logger.error('Failed to send message to DLQ:', error)\n }\n }\n\n private createDLQMessage(message: any, retryCount: number, context: KafkaContext, exception: unknown) {\n return {\n value: JSON.stringify(message.value),\n headers: {\n ...message.headers,\n 'retry-count': retryCount.toString(),\n 'original-topic': context.getTopic(),\n 'original-offset': String(message.offset),\n 'failed-at': new Date().toISOString(),\n 'error-type': exception instanceof Error ? exception.constructor.name : typeof exception,\n 'error-message': exception instanceof Error ? exception.message : String(exception),\n 'error-stack': exception instanceof Error ? exception.stack : undefined,\n },\n }\n }\n\n private async commitMessageOffset(context: KafkaContext, messageKey: string): Promise {\n try {\n const consumer = context.getConsumer()\n if (!consumer) {\n this.logger.warn('Consumer not available, cannot commit offset')\n return\n }\n\n await consumer.commitOffsets([\n {\n topic: context.getTopic(),\n partition: context.getPartition(),\n offset: String(Number(context.getMessage().offset) + 1),\n },\n ])\n\n this.logger.log(`Offset committed for message ${messageKey}`)\n } catch (error) {\n this.logger.error(`Failed to commit offset for message ${messageKey}:`, error)\n }\n }\n}\n" }, { "path": "apps/api/src/generate-openapi.ts", "content": "#!/usr/bin/env ts-node\nimport * as fs from 'fs'\nimport * as path from 'path'\nimport { NestFactory } from '@nestjs/core'\nimport { AppModule } from './app.module'\nimport { SwaggerModule } from '@nestjs/swagger'\nimport { getOpenApiConfig } from './openapi.config'\nimport { addWebhookDocumentation } from './openapi-webhooks'\nimport {\n SandboxCreatedWebhookDto,\n SandboxStateUpdatedWebhookDto,\n SnapshotCreatedWebhookDto,\n SnapshotStateUpdatedWebhookDto,\n SnapshotRemovedWebhookDto,\n VolumeCreatedWebhookDto,\n VolumeStateUpdatedWebhookDto,\n} from './webhook/dto/webhook-event-payloads.dto'\n\nasync function generateOpenAPI() {\n try {\n const app = await NestFactory.create(AppModule, {\n logger: ['error'], // Reduce logging noise\n })\n\n const config = getOpenApiConfig('http://localhost:3000')\n\n const document = {\n ...SwaggerModule.createDocument(app, config),\n }\n const openapiPath = './dist/apps/api/openapi.json'\n fs.mkdirSync(path.dirname(openapiPath), { recursive: true })\n fs.writeFileSync(openapiPath, JSON.stringify(document, null, 2))\n\n // Generate 3.1.0 version of the OpenAPI specification\n // Needed for the webhook documentation\n const document_3_1_0 = {\n ...SwaggerModule.createDocument(app, config, {\n extraModels: [\n SandboxCreatedWebhookDto,\n SandboxStateUpdatedWebhookDto,\n SnapshotCreatedWebhookDto,\n SnapshotStateUpdatedWebhookDto,\n SnapshotRemovedWebhookDto,\n VolumeCreatedWebhookDto,\n VolumeStateUpdatedWebhookDto,\n ],\n }),\n openapi: '3.1.0',\n }\n const documentWithWebhooks = addWebhookDocumentation(document_3_1_0)\n const openapi310Path = './dist/apps/api/openapi.3.1.0.json'\n fs.mkdirSync(path.dirname(openapi310Path), { recursive: true })\n fs.writeFileSync(openapi310Path, JSON.stringify(documentWithWebhooks, null, 2))\n\n await app.close()\n console.log('OpenAPI specification generated successfully!')\n clearTimeout(timeout)\n process.exit(0)\n } catch (error) {\n console.error('Failed to generate OpenAPI specification:', error)\n clearTimeout(timeout)\n process.exit(1)\n }\n}\n\n// Add timeout to prevent hanging\nconst timeout = setTimeout(() => {\n console.error('Generation timed out after 30 seconds')\n process.exit(1)\n}, 30000)\n\n// Clear timeout if process exits normally\nprocess.on('exit', () => {\n clearTimeout(timeout)\n})\n\ngenerateOpenAPI()\n" }, { "path": "apps/api/src/health/health.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Controller, Get, Logger, ServiceUnavailableException, UseGuards } from '@nestjs/common'\nimport { HealthCheckService, HealthCheck, TypeOrmHealthIndicator } from '@nestjs/terminus'\nimport { RedisHealthIndicator } from './redis.health'\nimport { AnonymousRateLimitGuard } from '../common/guards/anonymous-rate-limit.guard'\nimport { AuthenticatedRateLimitGuard } from '../common/guards/authenticated-rate-limit.guard'\nimport { CombinedAuthGuard } from '../auth/combined-auth.guard'\nimport { HealthCheckGuard } from '../auth/health-check.guard'\n\n@Controller('health')\nexport class HealthController {\n private readonly logger = new Logger(HealthController.name)\n\n constructor(\n private health: HealthCheckService,\n private db: TypeOrmHealthIndicator,\n private redis: RedisHealthIndicator,\n ) {}\n\n @Get()\n @UseGuards(AnonymousRateLimitGuard)\n live() {\n return { status: 'ok' }\n }\n\n @Get('ready')\n @UseGuards(CombinedAuthGuard, HealthCheckGuard, AuthenticatedRateLimitGuard)\n @HealthCheck()\n async check() {\n try {\n const result = await this.health.check([() => this.db.pingCheck('database'), () => this.redis.isHealthy('redis')])\n return { status: result.status }\n } catch (error) {\n this.logger.error(error)\n throw new ServiceUnavailableException()\n }\n }\n}\n" }, { "path": "apps/api/src/health/health.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { TerminusModule } from '@nestjs/terminus'\nimport { HealthController } from './health.controller'\nimport { RedisModule } from '@nestjs-modules/ioredis'\nimport { RedisHealthIndicator } from './redis.health'\n\n@Module({\n imports: [TerminusModule, RedisModule],\n controllers: [HealthController],\n providers: [RedisHealthIndicator],\n})\nexport class HealthModule {}\n" }, { "path": "apps/api/src/health/redis.health.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { HealthIndicatorService } from '@nestjs/terminus'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport Redis from 'ioredis'\n\n@Injectable()\nexport class RedisHealthIndicator {\n private readonly redis: Redis\n constructor(\n @InjectRedis() redis: Redis,\n private readonly healthIndicatorService: HealthIndicatorService,\n ) {\n this.redis = redis.duplicate({\n commandTimeout: 1000,\n })\n }\n\n async isHealthy(key: string) {\n // Start the health indicator check for the given key\n const indicator = this.healthIndicatorService.check(key)\n\n try {\n await this.redis.ping()\n return indicator.up()\n } catch (error) {\n return indicator.down(error)\n }\n }\n}\n" }, { "path": "apps/api/src/interceptors/metrics.interceptor.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Injectable,\n NestInterceptor,\n ExecutionContext,\n CallHandler,\n OnApplicationShutdown,\n Logger,\n} from '@nestjs/common'\nimport { Observable } from 'rxjs'\nimport { tap } from 'rxjs/operators'\nimport { PostHog } from 'posthog-node'\nimport { SandboxDto } from '../sandbox/dto/sandbox.dto'\nimport { DockerRegistryDto } from '../docker-registry/dto/docker-registry.dto'\nimport { CreateSandboxDto } from '../sandbox/dto/create-sandbox.dto'\nimport { Request } from 'express'\nimport { CreateSnapshotDto } from '../sandbox/dto/create-snapshot.dto'\nimport { SnapshotDto } from '../sandbox/dto/snapshot.dto'\nimport { CreateOrganizationDto } from '../organization/dto/create-organization.dto'\nimport { UpdateOrganizationQuotaDto } from '../organization/dto/update-organization-quota.dto'\nimport { OrganizationDto } from '../organization/dto/organization.dto'\nimport { UpdateOrganizationMemberAccessDto } from '../organization/dto/update-organization-member-access.dto'\nimport { CreateOrganizationRoleDto } from '../organization/dto/create-organization-role.dto'\nimport { UpdateOrganizationRoleDto } from '../organization/dto/update-organization-role.dto'\nimport { CreateOrganizationInvitationDto } from '../organization/dto/create-organization-invitation.dto'\nimport { UpdateOrganizationInvitationDto } from '../organization/dto/update-organization-invitation.dto'\nimport { CustomHeaders } from '../common/constants/header.constants'\nimport { CreateVolumeDto } from '../sandbox/dto/create-volume.dto'\nimport { VolumeDto } from '../sandbox/dto/volume.dto'\nimport { CreateWorkspaceDto } from '../sandbox/dto/create-workspace.deprecated.dto'\nimport { WorkspaceDto } from '../sandbox/dto/workspace.deprecated.dto'\nimport { TypedConfigService } from '../config/typed-config.service'\nimport { UpdateOrganizationRegionQuotaDto } from '../organization/dto/update-organization-region-quota.dto'\nimport { UpdateOrganizationDefaultRegionDto } from '../organization/dto/update-organization-default-region.dto'\n\ntype RequestWithUser = Request & { user?: { userId: string; organizationId: string } }\ntype CommonCaptureProps = {\n organizationId?: string\n distinctId: string\n durationMs: number\n statusCode: number\n userAgent: string\n error?: string\n source: string\n isDeprecated?: boolean\n sdkVersion?: string\n environment?: string\n}\n\n@Injectable()\nexport class MetricsInterceptor implements NestInterceptor, OnApplicationShutdown {\n private readonly posthog?: PostHog\n private readonly version: string\n private readonly logger = new Logger(MetricsInterceptor.name)\n\n constructor(private readonly configService: TypedConfigService) {\n this.version = this.configService.getOrThrow('version')\n\n if (!this.configService.get('posthog.apiKey')) {\n this.logger.warn('POSTHOG_API_KEY is not set, metrics will not be recorded')\n return\n }\n\n if (!this.configService.get('posthog.host')) {\n this.logger.warn('POSTHOG_HOST is not set, metrics will not be recorded')\n return\n }\n\n // Initialize PostHog client\n // Make sure to set POSTHOG_API_KEY in your environment variables\n this.posthog = new PostHog(this.configService.getOrThrow('posthog.apiKey'), {\n host: this.configService.getOrThrow('posthog.host'),\n })\n }\n\n intercept(context: ExecutionContext, next: CallHandler): Observable {\n if (!this.posthog) {\n return next.handle()\n }\n\n const request = context.switchToHttp().getRequest()\n const startTime = Date.now()\n\n return next.handle().pipe(\n tap({\n next: (response) => {\n // For DELETE requests or empty responses, pass an empty object with statusCode\n const responseObj = response || { statusCode: 204 }\n this.recordMetrics(request, responseObj, startTime).catch((err) => this.logger.error(err))\n },\n error: (error) => {\n this.recordMetrics(\n request,\n { statusCode: error.status || 500 },\n startTime,\n error.message || JSON.stringify(error),\n ).catch((err) => this.logger.error(err))\n },\n }),\n )\n }\n\n private async recordMetrics(request: RequestWithUser, response: any, startTime: number, error?: string) {\n const durationMs = Date.now() - startTime\n const statusCode = error ? response.statusCode : response.statusCode || (request.method === 'DELETE' ? 204 : 200) // Default to 204 for DELETE requests\n const distinctId = request.user?.userId || 'anonymous'\n const userAgent = request.get('user-agent')\n const source = request.get(CustomHeaders.SOURCE.name)\n const sdkVersion = request.get(CustomHeaders.SDK_VERSION.name)\n\n const props: CommonCaptureProps = {\n distinctId,\n organizationId: request.user?.organizationId,\n durationMs,\n statusCode,\n userAgent,\n error,\n source: Array.isArray(source) ? source[0] : source,\n isDeprecated: request.route.path.includes('/workspace') || request.route.path.includes('/images'),\n sdkVersion,\n environment: this.configService.get('posthog.environment'),\n }\n\n switch (request.method) {\n case 'POST':\n switch (request.route.path) {\n case '/api/api-keys':\n this.captureCreateApiKey(props)\n break\n case '/api/snapshots':\n this.captureCreateSnapshot(props, request.body, response)\n break\n case '/api/snapshots/:snapshotId/activate':\n this.captureActivateSnapshot(props, request.params.snapshotId)\n break\n case '/api/snapshots/:snapshotId/deactivate':\n this.captureDeactivateSnapshot(props, request.params.snapshotId)\n break\n case '/api/docker-registry':\n this.captureCreateDockerRegistry(props, response)\n break\n case '/api/sandbox':\n this.captureCreateSandbox(props, request.body, response)\n break\n case '/api/workspace':\n this.captureCreateWorkspace_deprecated(props, request.body, response)\n break\n case '/api/sandbox/:sandboxIdOrName/start':\n case '/api/workspace/:workspaceId/start':\n this.captureStartSandbox(props, request.params.sandboxIdOrName || request.params.workspaceId)\n break\n case '/api/sandbox/:sandboxIdOrName/stop':\n case '/api/workspace/:workspaceId/stop':\n this.captureStopSandbox(props, request.params.sandboxIdOrName || request.params.workspaceId)\n break\n case '/api/sandbox/:sandboxIdOrName/resize':\n this.captureResizeSandbox(props, request.params.sandboxIdOrName, request.body)\n break\n case '/api/sandbox/:sandboxIdOrName/archive':\n case '/api/workspace/:workspaceId/archive':\n this.captureArchiveSandbox(props, request.params.sandboxIdOrName || request.params.workspaceId)\n break\n case '/api/sandbox/:sandboxIdOrName/backup':\n this.captureCreateBackup(props, request.params.sandboxIdOrName)\n break\n case '/api/sandbox/:sandboxIdOrName/public/:isPublic':\n case '/api/workspace/:workspaceId/public/:isPublic':\n this.captureUpdatePublicStatus(\n props,\n request.params.sandboxIdOrName || request.params.workspaceId,\n request.params.isPublic === 'true',\n )\n break\n case '/api/sandbox/:sandboxIdOrName/autostop/:interval':\n case '/api/workspace/:workspaceId/autostop/:interval':\n this.captureSetAutostopInterval(\n props,\n request.params.sandboxIdOrName || request.params.workspaceId,\n parseInt(request.params.interval),\n )\n break\n case '/api/sandbox/:sandboxIdOrName/autoarchive/:interval':\n case '/api/workspace/:workspaceId/autoarchive/:interval':\n this.captureSetAutoArchiveInterval(\n props,\n request.params.sandboxIdOrName || request.params.workspaceId,\n parseInt(request.params.interval),\n )\n break\n case '/api/sandbox/:sandboxIdOrName/autodelete/:interval':\n this.captureSetAutoDeleteInterval(props, request.params.sandboxIdOrName, parseInt(request.params.interval))\n break\n case '/api/organizations/invitations/:invitationId/accept':\n this.captureAcceptInvitation(props, request.params.invitationId)\n break\n case '/api/organizations/invitations/:invitationId/decline':\n this.captureDeclineInvitation(props, request.params.invitationId)\n break\n case '/api/organizations':\n this.captureCreateOrganization(props, request.body, response)\n break\n case '/api/organizations/:organizationId/leave':\n this.captureLeaveOrganization(props, request.params.organizationId)\n break\n case '/api/organizations/:organizationId/users/:userId/access':\n this.captureUpdateOrganizationUserAccess(\n props,\n request.params.organizationId,\n request.params.userId,\n request.body,\n )\n break\n case '/api/organizations/:organizationId/roles':\n this.captureCreateOrganizationRole(props, request.params.organizationId, request.body)\n break\n case '/api/organizations/:organizationId/invitations':\n this.captureCreateOrganizationInvitation(props, request.params.organizationId, request.body)\n break\n case '/api/organizations/:organizationId/invitations/:invitationId/cancel':\n this.captureCancelOrganizationInvitation(props, request.params.organizationId, request.params.invitationId)\n break\n case '/api/volumes':\n this.captureCreateVolume(props, request.body, response)\n break\n }\n break\n case 'DELETE':\n switch (request.route.path) {\n case '/api/sandbox/:sandboxIdOrName':\n case '/api/workspace/:workspaceId':\n this.captureDeleteSandbox(props, request.params.sandboxIdOrName || request.params.workspaceId)\n break\n case '/api/snapshots/:snapshotId':\n this.captureDeleteSnapshot(props, request.params.snapshotId)\n break\n case '/api/organizations/:organizationId':\n this.captureDeleteOrganization(props, request.params.organizationId)\n break\n case '/api/organizations/:organizationId/users/:userId':\n this.captureDeleteOrganizationUser(props, request.params.organizationId, request.params.userId)\n break\n case '/api/organizations/:organizationId/roles/:roleId':\n this.captureDeleteOrganizationRole(props, request.params.organizationId, request.params.roleId)\n break\n case '/api/volumes/:volumeId':\n this.captureDeleteVolume(props, request.params.volumeId)\n break\n }\n break\n case 'PUT':\n switch (request.route.path) {\n case '/api/sandbox/:sandboxIdOrName/labels':\n case '/api/workspace/:workspaceId/labels':\n this.captureUpdateSandboxLabels(props, request.params.sandboxIdOrName || request.params.workspaceId)\n break\n case '/api/organizations/:organizationId/roles/:roleId':\n this.captureUpdateOrganizationRole(\n props,\n request.params.organizationId,\n request.params.roleId,\n request.body,\n )\n break\n case '/api/organizations/:organizationId/invitations/:invitationId':\n this.captureUpdateOrganizationInvitation(\n props,\n request.params.organizationId,\n request.params.invitationId,\n request.body,\n )\n break\n case '/api/organizations/:organizationId/experimental-config':\n this.captureUpdateOrganizationExperimentalConfig(props, request.body)\n break\n }\n break\n case 'PATCH':\n switch (request.route.path) {\n case '/api/organizations/:organizationId/default-region':\n this.captureSetOrganizationDefaultRegion(props, request.params.organizationId, request.body)\n break\n case '/api/organizations/:organizationId/quota':\n this.captureUpdateOrganizationQuota(props, request.params.organizationId, request.body)\n break\n case '/api/organizations/:organizationId/quota/:regionId':\n this.captureUpdateOrganizationRegionQuota(\n props,\n request.params.organizationId,\n request.params.regionId,\n request.body,\n )\n break\n }\n break\n }\n\n if (!request.route.path.startsWith('/api/toolbox/:sandboxId/toolbox')) {\n return\n }\n\n const path = request.route.path.replace('/api/toolbox/:sandboxId/toolbox', '')\n\n switch (path) {\n case '/project-dir':\n this.captureToolboxCommand(props, request.params.sandboxId, 'project-dir_get')\n break\n case '/files':\n switch (request.method) {\n case 'GET':\n this.captureToolboxCommand(props, request.params.sandboxId, 'files_list')\n break\n case 'DELETE':\n this.captureToolboxCommand(props, request.params.sandboxId, 'files_delete')\n break\n }\n break\n case '/files/download':\n this.captureToolboxCommand(props, request.params.sandboxId, 'files_download')\n break\n case '/files/find':\n this.captureToolboxCommand(props, request.params.sandboxId, 'files_find')\n break\n case '/files/folder':\n this.captureToolboxCommand(props, request.params.sandboxId, 'files_folder_create')\n break\n case '/files/info':\n this.captureToolboxCommand(props, request.params.sandboxId, 'files_info')\n break\n case '/files/move':\n this.captureToolboxCommand(props, request.params.sandboxId, 'files_move')\n break\n case '/files/permissions':\n this.captureToolboxCommand(props, request.params.sandboxId, 'files_permissions')\n break\n case '/files/replace':\n this.captureToolboxCommand(props, request.params.sandboxId, 'files_replace')\n break\n case '/files/search':\n this.captureToolboxCommand(props, request.params.sandboxId, 'files_search')\n break\n case '/files/upload':\n this.captureToolboxCommand(props, request.params.sandboxId, 'files_upload')\n break\n case '/git/add':\n this.captureToolboxCommand(props, request.params.sandboxId, 'git_add')\n break\n case '/git/branches':\n switch (request.method) {\n case 'GET':\n this.captureToolboxCommand(props, request.params.sandboxId, 'git_branches_list')\n break\n case 'POST':\n this.captureToolboxCommand(props, request.params.sandboxId, 'git_branches_create')\n break\n }\n break\n case '/git/clone':\n this.captureToolboxCommand(props, request.params.sandboxId, 'git_clone')\n break\n case '/git/commit':\n this.captureToolboxCommand(props, request.params.sandboxId, 'git_commit')\n break\n case '/git/history':\n this.captureToolboxCommand(props, request.params.sandboxId, 'git_history')\n break\n case '/git/pull':\n this.captureToolboxCommand(props, request.params.sandboxId, 'git_pull')\n break\n case '/git/push':\n this.captureToolboxCommand(props, request.params.sandboxId, 'git_push')\n break\n case '/git/status':\n this.captureToolboxCommand(props, request.params.sandboxId, 'git_status')\n break\n case '/process/execute':\n this.captureToolboxCommand(props, request.params.sandboxId, 'process_execute', {\n command: request.body.command,\n cwd: request.body.cwd,\n exit_code: response.exitCode,\n timeout_sec: request.body.timeout,\n })\n break\n case '/process/session':\n switch (request.method) {\n case 'GET':\n this.captureToolboxCommand(props, request.params.sandboxId, 'process_session_list')\n break\n case 'POST':\n this.captureToolboxCommand(props, request.params.sandboxId, 'process_session_create', {\n session_id: request.body.sessionId,\n })\n break\n }\n break\n case '/process/session/:sessionId':\n switch (request.method) {\n case 'GET':\n this.captureToolboxCommand(props, request.params.sandboxId, 'process_session_get', {\n session_id: request.params.sessionId,\n })\n break\n case 'DELETE':\n this.captureToolboxCommand(props, request.params.sandboxId, 'process_session_delete', {\n session_id: request.params.sessionId,\n })\n break\n }\n break\n case '/process/session/:sessionId/exec':\n this.captureToolboxCommand(props, request.params.sandboxId, 'process_session_execute', {\n session_id: request.params.sessionId,\n command: request.body.command,\n })\n break\n case '/process/session/:sessionId/command/:commandId':\n this.captureToolboxCommand(props, request.params.sandboxId, 'process_session_command_get', {\n session_id: request.params.sessionId,\n command_id: request.params.commandId,\n })\n break\n case '/process/session/:sessionId/command/:commandId/logs':\n this.captureToolboxCommand(props, request.params.sandboxId, 'process_session_command_logs', {\n session_id: request.params.sessionId,\n command_id: request.params.commandId,\n })\n break\n case '/lsp/completions':\n this.captureToolboxCommand(props, request.params.sandboxId, 'lsp_completions')\n break\n case '/lsp/did-close':\n this.captureToolboxCommand(props, request.params.sandboxId, 'lsp_did_close')\n break\n case '/lsp/did-open':\n this.captureToolboxCommand(props, request.params.sandboxId, 'lsp_did_open')\n break\n case '/lsp/document-symbols':\n this.captureToolboxCommand(props, request.params.sandboxId, 'lsp_document_symbols')\n break\n case '/lsp/start':\n this.captureToolboxCommand(props, request.params.sandboxId, 'lsp_start', {\n language_id: request.body.languageId,\n })\n break\n case '/lsp/stop':\n this.captureToolboxCommand(props, request.params.sandboxId, 'lsp_stop', {\n language_id: request.body.languageId,\n })\n break\n case '/lsp/sandbox-symbols':\n this.captureToolboxCommand(props, request.params.sandboxId, 'lsp_sandbox_symbols', {\n language_id: request.query.languageId,\n path_to_project: request.query.pathToProject,\n query: request.query.query,\n })\n break\n }\n }\n\n private captureCreateApiKey(props: CommonCaptureProps) {\n this.capture('api_api_key_created', props, 'api_api_key_creation_failed')\n }\n\n private captureCreateDockerRegistry(props: CommonCaptureProps, response: DockerRegistryDto) {\n this.capture('api_docker_registry_created', props, 'api_docker_registry_creation_failed', {\n registry_name: response.name,\n registry_url: response.url,\n })\n }\n\n private captureCreateSnapshot(props: CommonCaptureProps, request: CreateSnapshotDto, response: SnapshotDto) {\n this.capture('api_snapshot_created', props, 'api_snapshot_creation_failed', {\n snapshot_id: response.id,\n snapshot_name: request.name,\n snapshot_image_name: request.imageName,\n snapshot_entrypoint: request.entrypoint,\n snapshot_cpu: request.cpu,\n snapshot_gpu: request.gpu,\n snapshot_memory: request.memory,\n snapshot_disk: request.disk,\n snapshot_is_build: request.buildInfo ? true : false,\n snapshot_build_info_context_hashes_length: request.buildInfo?.contextHashes?.length,\n })\n }\n\n private captureActivateSnapshot(props: CommonCaptureProps, snapshotId: string) {\n this.capture('api_snapshot_activated', props, 'api_snapshot_activation_failed', {\n snapshot_id: snapshotId,\n })\n }\n\n private captureDeactivateSnapshot(props: CommonCaptureProps, snapshotId: string) {\n this.capture('api_snapshot_deactivated', props, 'api_snapshot_deactivation_failed', {\n snapshot_id: snapshotId,\n })\n }\n\n private captureDeleteSnapshot(props: CommonCaptureProps, snapshotId: string) {\n this.capture('api_snapshot_deleted', props, 'api_snapshot_deletion_failed', {\n snapshot_id: snapshotId,\n })\n }\n\n private captureCreateSandbox(props: CommonCaptureProps, request: CreateSandboxDto, response: SandboxDto) {\n const envVarsLength = request.env ? Object.keys(request.env).length : 0\n\n const records = {\n sandbox_id: response.id,\n sandbox_name_request: request.name,\n sandbox_name: response.name,\n sandbox_snapshot_request: request.snapshot,\n sandbox_snapshot: response.snapshot,\n sandbox_user_request: request.user,\n sandbox_user: response.user,\n sandbox_cpu_request: request.cpu,\n sandbox_cpu: response.cpu,\n sandbox_gpu_request: request.gpu,\n sandbox_gpu: response.gpu,\n sandbox_memory_mb_request: request.memory * 1024,\n sandbox_memory_mb: response.memory * 1024,\n sandbox_disk_gb_request: request.disk,\n sandbox_disk_gb: response.disk,\n sandbox_target_request: request.target,\n sandbox_target: response.target,\n sandbox_auto_stop_interval_min_request: request.autoStopInterval,\n sandbox_auto_stop_interval_min: response.autoStopInterval,\n sandbox_auto_archive_interval_min_request: request.autoArchiveInterval,\n sandbox_auto_archive_interval_min: response.autoArchiveInterval,\n sandbox_auto_delete_interval_min_request: request.autoDeleteInterval,\n sandbox_auto_delete_interval_min: response.autoDeleteInterval,\n sandbox_public_request: request.public,\n sandbox_public: response.public,\n sandbox_labels_request: request.labels,\n sandbox_labels: response.labels,\n sandbox_env_vars_length_request: envVarsLength,\n sandbox_volumes_length_request: request.volumes?.length,\n sandbox_daemon_version: response.daemonVersion,\n sandbox_network_block_all_request: request.networkBlockAll,\n sandbox_network_block_all: response.networkBlockAll,\n sandbox_network_allow_list_set_request: !!request.networkAllowList,\n sandbox_network_allow_list_set: !!response.networkAllowList,\n }\n\n if (request.buildInfo) {\n records['sandbox_is_dynamic_build'] = true\n records['sandbox_build_info_context_hashes_length'] = request.buildInfo.contextHashes?.length\n }\n\n this.capture('api_sandbox_created', props, 'api_sandbox_creation_failed', records)\n }\n\n private captureCreateWorkspace_deprecated(\n props: CommonCaptureProps,\n request: CreateWorkspaceDto,\n response: WorkspaceDto,\n ) {\n const envVarsLength = request.env ? Object.keys(request.env).length : 0\n\n const records = {\n sandbox_id: response.id,\n sandbox_snapshot_request: request.image,\n sandbox_snapshot: response.snapshot,\n sandbox_user_request: request.user,\n sandbox_user: response.user,\n sandbox_cpu_request: request.cpu,\n sandbox_cpu: response.cpu,\n sandbox_gpu_request: request.gpu,\n sandbox_gpu: response.gpu,\n sandbox_memory_mb_request: request.memory * 1024,\n sandbox_memory_mb: response.memory * 1024,\n sandbox_disk_gb_request: request.disk,\n sandbox_disk_gb: response.disk,\n sandbox_target_request: request.target,\n sandbox_target: response.target,\n sandbox_auto_stop_interval_min_request: request.autoStopInterval,\n sandbox_auto_stop_interval_min: response.autoStopInterval,\n sandbox_auto_archive_interval_min_request: request.autoArchiveInterval,\n sandbox_auto_archive_interval_min: response.autoArchiveInterval,\n sandbox_public_request: request.public,\n sandbox_public: response.public,\n sandbox_labels_request: request.labels,\n sandbox_labels: response.labels,\n sandbox_env_vars_length_request: envVarsLength,\n sandbox_volumes_length_request: request.volumes?.length,\n sandbox_daemon_version: response.daemonVersion,\n }\n\n if (request.buildInfo) {\n records['sandbox_is_dynamic_build'] = true\n records['sandbox_build_info_context_hashes_length'] = request.buildInfo.contextHashes?.length\n }\n\n this.capture('api_sandbox_created', props, 'api_sandbox_creation_failed', records)\n }\n\n private captureDeleteSandbox(props: CommonCaptureProps, sandboxId: string) {\n this.capture('api_sandbox_deleted', props, 'api_sandbox_deletion_failed', {\n sandbox_id: sandboxId,\n })\n }\n\n private captureStartSandbox(props: CommonCaptureProps, sandboxId: string) {\n this.capture('api_sandbox_started', props, 'api_sandbox_start_failed', {\n sandbox_id: sandboxId,\n })\n }\n\n private captureStopSandbox(props: CommonCaptureProps, sandboxId: string) {\n this.capture('api_sandbox_stopped', props, 'api_sandbox_stop_failed', {\n sandbox_id: sandboxId,\n })\n }\n\n private captureResizeSandbox(\n props: CommonCaptureProps,\n sandboxId: string,\n body: { cpu?: number; memory?: number; disk?: number },\n ) {\n this.capture('api_sandbox_resized', props, 'api_sandbox_resize_failed', {\n sandbox_id: sandboxId,\n cpu: body?.cpu,\n memory: body?.memory,\n disk: body?.disk,\n })\n }\n\n private captureArchiveSandbox(props: CommonCaptureProps, sandboxId: string) {\n this.capture('api_sandbox_archived', props, 'api_sandbox_archive_failed', {\n sandbox_id: sandboxId,\n })\n }\n\n private captureCreateBackup(props: CommonCaptureProps, sandboxId: string) {\n this.capture('api_sandbox_backup_created', props, 'api_sandbox_backup_creation_failed', {\n sandbox_id: sandboxId,\n })\n }\n\n private captureUpdatePublicStatus(props: CommonCaptureProps, sandboxId: string, isPublic: boolean) {\n this.capture('api_sandbox_public_status_updated', props, 'api_sandbox_public_status_update_failed', {\n sandbox_id: sandboxId,\n sandbox_public: isPublic,\n })\n }\n\n private captureSetAutostopInterval(props: CommonCaptureProps, sandboxId: string, interval: number) {\n this.capture('api_sandbox_autostop_interval_updated', props, 'api_sandbox_autostop_interval_update_failed', {\n sandbox_id: sandboxId,\n sandbox_autostop_interval: interval,\n })\n }\n\n private captureSetAutoArchiveInterval(props: CommonCaptureProps, sandboxId: string, interval: number) {\n this.capture('api_sandbox_autoarchive_interval_updated', props, 'api_sandbox_autoarchive_interval_update_failed', {\n sandbox_id: sandboxId,\n sandbox_autoarchive_interval: interval,\n })\n }\n\n private captureSetAutoDeleteInterval(props: CommonCaptureProps, sandboxId: string, interval: number) {\n this.capture('api_sandbox_autodelete_interval_updated', props, 'api_sandbox_autodelete_interval_update_failed', {\n sandbox_id: sandboxId,\n sandbox_autodelete_interval: interval,\n })\n }\n\n private captureUpdateSandboxLabels(props: CommonCaptureProps, sandboxId: string) {\n this.capture('api_sandbox_labels_update', props, 'api_sandbox_labels_update_failed', {\n sandbox_id: sandboxId,\n })\n }\n\n private captureAcceptInvitation(props: CommonCaptureProps, invitationId: string) {\n this.capture('api_invitation_accepted', props, 'api_invitation_accept_failed', {\n invitation_id: invitationId,\n })\n }\n\n private captureDeclineInvitation(props: CommonCaptureProps, invitationId: string) {\n this.capture('api_invitation_declined', props, 'api_invitation_decline_failed', {\n invitation_id: invitationId,\n })\n }\n\n private captureCreateOrganization(\n props: CommonCaptureProps,\n request: CreateOrganizationDto,\n response: OrganizationDto,\n ) {\n if (!this.posthog) {\n return\n }\n\n this.posthog.groupIdentify({\n groupType: 'organization',\n groupKey: response.id,\n properties: {\n name: request.name,\n created_at: response.createdAt,\n created_by: response.createdBy,\n personal: response.personal,\n environment: this.configService.get('posthog.environment'),\n },\n })\n\n this.capture('api_organization_created', props, 'api_organization_creation_failed', {\n organization_id: response.id,\n organization_name: request.name,\n organization_default_region_id: request.defaultRegionId,\n })\n }\n\n private captureLeaveOrganization(props: CommonCaptureProps, organizationId: string) {\n this.capture('api_organization_left', props, 'api_organization_leave_failed', {\n organization_id: organizationId,\n })\n }\n\n private captureSetOrganizationDefaultRegion(\n props: CommonCaptureProps,\n organizationId: string,\n request: UpdateOrganizationDefaultRegionDto,\n ) {\n this.capture('api_organization_default_region_set', props, 'api_organization_default_region_set_failed', {\n organization_id: organizationId,\n organization_default_region_id: request.defaultRegionId,\n })\n }\n\n private captureUpdateOrganizationQuota(\n props: CommonCaptureProps,\n organizationId: string,\n request: UpdateOrganizationQuotaDto,\n ) {\n this.capture('api_organization_quota_updated', props, 'api_organization_quota_update_failed', {\n organization_id: organizationId,\n organization_max_cpu_per_sandbox: request.maxCpuPerSandbox,\n organization_max_memory_per_sandbox_mb: request.maxMemoryPerSandbox ? request.maxMemoryPerSandbox * 1024 : null,\n organization_max_disk_per_sandbox_gb: request.maxDiskPerSandbox,\n organization_snapshot_quota: request.snapshotQuota,\n organization_max_snapshot_size_mb: request.maxSnapshotSize ? request.maxSnapshotSize * 1024 : null,\n organization_volume_quota: request.volumeQuota,\n })\n }\n\n private captureUpdateOrganizationRegionQuota(\n props: CommonCaptureProps,\n organizationId: string,\n regionId: string,\n request: UpdateOrganizationRegionQuotaDto,\n ) {\n this.capture('api_organization_region_quota_updated', props, 'api_organization_region_quota_update_failed', {\n organization_id: organizationId,\n organization_region_id: regionId,\n organization_region_total_cpu_quota: request.totalCpuQuota,\n organization_region_total_memory_quota_mb: request.totalMemoryQuota ? request.totalMemoryQuota * 1024 : null,\n organization_region_total_disk_quota_gb: request.totalDiskQuota,\n })\n }\n\n private captureDeleteOrganization(props: CommonCaptureProps, organizationId: string) {\n this.capture('api_organization_deleted', props, 'api_organization_deletion_failed', {\n organization_id: organizationId,\n })\n }\n\n private captureUpdateOrganizationUserAccess(\n props: CommonCaptureProps,\n organizationId: string,\n userId: string,\n request: UpdateOrganizationMemberAccessDto,\n ) {\n this.capture('api_organization_user_access_updated', props, 'api_organization_user_access_update_failed', {\n organization_id: organizationId,\n organization_user_id: userId,\n organization_user_role: request.role,\n organization_user_assigned_role_ids: request.assignedRoleIds,\n })\n }\n\n private captureDeleteOrganizationUser(props: CommonCaptureProps, organizationId: string, userId: string) {\n this.capture('api_organization_user_deleted', props, 'api_organization_user_deletion_failed', {\n organization_id: organizationId,\n organization_user_id: userId,\n })\n }\n\n private captureCreateOrganizationRole(\n props: CommonCaptureProps,\n organizationId: string,\n request: CreateOrganizationRoleDto,\n ) {\n this.capture('api_organization_role_created', props, 'api_organization_role_creation_failed', {\n organization_id: organizationId,\n organization_role_name: request.name,\n organization_role_description: request.description,\n organization_role_permissions: request.permissions,\n })\n }\n\n private captureDeleteOrganizationRole(props: CommonCaptureProps, organizationId: string, roleId: string) {\n this.capture('api_organization_role_deleted', props, 'api_organization_role_deletion_failed', {\n organization_id: organizationId,\n organization_role_id: roleId,\n })\n }\n\n private captureUpdateOrganizationRole(\n props: CommonCaptureProps,\n organizationId: string,\n roleId: string,\n request: UpdateOrganizationRoleDto,\n ) {\n this.capture('api_organization_role_updated', props, 'api_organization_role_update_failed', {\n organization_id: organizationId,\n organization_role_id: roleId,\n organization_role_name: request.name,\n organization_role_description: request.description,\n organization_role_permissions: request.permissions,\n })\n }\n\n private captureCreateOrganizationInvitation(\n props: CommonCaptureProps,\n organizationId: string,\n request: CreateOrganizationInvitationDto,\n ) {\n this.capture('api_organization_invitation_created', props, 'api_organization_invitation_creation_failed', {\n organization_id: organizationId,\n organization_invitation_email: request.email,\n organization_invitation_role: request.role,\n organization_invitation_assigned_role_ids: request.assignedRoleIds,\n organization_invitation_expires_at: request.expiresAt,\n })\n }\n\n private captureUpdateOrganizationInvitation(\n props: CommonCaptureProps,\n organizationId: string,\n invitationId: string,\n request: UpdateOrganizationInvitationDto,\n ) {\n this.capture('api_organization_invitation_updated', props, 'api_organization_invitation_update_failed', {\n organization_id: organizationId,\n organization_invitation_id: invitationId,\n organization_invitation_expires_at: request.expiresAt,\n organization_invitation_role: request.role,\n organization_invitation_assigned_role_ids: request.assignedRoleIds,\n })\n }\n\n private captureCancelOrganizationInvitation(props: CommonCaptureProps, organizationId: string, invitationId: string) {\n this.capture('api_organization_invitation_canceled', props, 'api_organization_invitation_cancel_failed', {\n organization_id: organizationId,\n organization_invitation_id: invitationId,\n })\n }\n\n private captureCreateVolume(props: CommonCaptureProps, request: CreateVolumeDto, response: VolumeDto) {\n this.capture('api_volume_created', props, 'api_volume_creation_failed', {\n volume_id: response.id,\n volume_name_request_set: !!request.name,\n })\n }\n\n private captureDeleteVolume(props: CommonCaptureProps, volumeId: string) {\n this.capture('api_volume_deleted', props, 'api_volume_deletion_failed', {\n volume_id: volumeId,\n })\n }\n\n private captureUpdateOrganizationExperimentalConfig(\n props: CommonCaptureProps,\n experimentalConfig: Record | null,\n ) {\n this.capture(\n 'api_organization_experimental_config_updated',\n props,\n 'api_organization_experimental_config_update_failed',\n {\n experimental_config_empty: !experimentalConfig,\n experimental_config_otel_set: !!experimentalConfig?.otel,\n },\n )\n }\n\n private captureToolboxCommand(\n props: CommonCaptureProps,\n sandboxId: string,\n command: string,\n extraProps?: Record,\n ) {\n this.capture('api_toolbox_command', props, 'api_toolbox_command_failed', {\n sandbox_id: sandboxId,\n toolbox_command: command,\n ...extraProps,\n })\n }\n\n private capture(event: string, props: CommonCaptureProps, errorEvent?: string, extraProps?: Record) {\n if (!this.posthog) {\n return\n }\n\n this.posthog.capture({\n distinctId: props.distinctId,\n event: props.error ? errorEvent || event : event,\n groups: this.captureCommonGroups(props),\n properties: { ...this.captureCommonProperties(props), ...extraProps },\n })\n }\n\n private captureCommonProperties(props: CommonCaptureProps) {\n return {\n duration_ms: props.durationMs,\n status_code: props.statusCode,\n user_agent: props.userAgent,\n error: props.error,\n source: props.source,\n is_deprecated: props.isDeprecated,\n sdk_version: props.sdkVersion,\n environment: props.environment,\n daytona_version: this.version,\n }\n }\n\n private captureCommonGroups(props: CommonCaptureProps) {\n return props.organizationId ? { organization: props.organizationId } : undefined\n }\n\n onApplicationShutdown(/*signal?: string*/) {\n if (this.posthog) {\n this.posthog.shutdown()\n }\n }\n}\n" }, { "path": "apps/api/src/main.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { otelSdk } from './tracing'\nimport { readdirSync, readFileSync, statSync, writeFileSync } from 'node:fs'\nimport { NestFactory } from '@nestjs/core'\nimport { NestExpressApplication } from '@nestjs/platform-express'\nimport { AppModule } from './app.module'\nimport { SwaggerModule } from '@nestjs/swagger'\nimport { INestApplication, Logger, ValidationPipe } from '@nestjs/common'\nimport { AllExceptionsFilter } from './filters/all-exceptions.filter'\nimport { MetricsInterceptor } from './interceptors/metrics.interceptor'\nimport { HttpsOptions } from '@nestjs/common/interfaces/external/https-options.interface'\nimport { TypedConfigService } from './config/typed-config.service'\nimport { FailedAuthTrackerService } from './auth/failed-auth-tracker.service'\nimport { DataSource, MigrationExecutor } from 'typeorm'\nimport { getOpenApiConfig } from './openapi.config'\nimport { AuditInterceptor } from './audit/interceptors/audit.interceptor'\nimport { join } from 'node:path'\nimport { ApiKeyService } from './api-key/api-key.service'\nimport { DAYTONA_ADMIN_USER_ID } from './app.service'\nimport { OrganizationService } from './organization/services/organization.service'\nimport { MicroserviceOptions, Transport } from '@nestjs/microservices'\nimport { Partitioners } from 'kafkajs'\nimport { isApiEnabled, isWorkerEnabled } from './common/utils/app-mode'\nimport cluster from 'node:cluster'\nimport { Logger as PinoLogger, LoggerErrorInterceptor } from 'nestjs-pino'\n\n// https options\nconst httpsEnabled = process.env.CERT_PATH && process.env.CERT_KEY_PATH\nconst httpsOptions: HttpsOptions = {\n cert: process.env.CERT_PATH ? readFileSync(process.env.CERT_PATH) : undefined,\n key: process.env.CERT_KEY_PATH ? readFileSync(process.env.CERT_KEY_PATH) : undefined,\n}\n\nasync function bootstrap() {\n if (process.env.OTEL_ENABLED === 'true') {\n await otelSdk.start()\n }\n const app = await NestFactory.create(AppModule, {\n bufferLogs: true,\n httpsOptions: httpsEnabled ? httpsOptions : undefined,\n })\n app.useLogger(app.get(PinoLogger))\n app.flushLogs()\n app.enableCors({\n origin: true,\n methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',\n credentials: true,\n })\n\n const configService = app.get(TypedConfigService)\n const failedAuthTracker = app.get(FailedAuthTrackerService)\n app.set('trust proxy', true)\n app.useGlobalFilters(new AllExceptionsFilter(failedAuthTracker))\n app.useGlobalInterceptors(new LoggerErrorInterceptor())\n app.useGlobalInterceptors(new MetricsInterceptor(configService))\n app.useGlobalInterceptors(app.get(AuditInterceptor))\n app.useGlobalPipes(\n new ValidationPipe({\n transform: true,\n }),\n )\n\n // Runtime flags for migrations for run and revert migrations\n if (process.argv.length > 2) {\n if (process.argv[2].startsWith('--migration-')) {\n const dataSource = app.get(DataSource)\n dataSource.setOptions({ logging: true })\n const migrationExecutor = new MigrationExecutor(dataSource)\n\n switch (process.argv[2]) {\n case '--migration-run':\n await migrationExecutor.executePendingMigrations()\n break\n case '--migration-revert':\n await migrationExecutor.undoLastMigration()\n break\n default:\n Logger.error('Invalid migration flag')\n process.exit(1)\n }\n } else if (process.argv[2] === '--create-admin-api-key') {\n if (process.argv.length < 4) {\n Logger.error('Invalid flag. API key name is required.')\n process.exit(1)\n }\n await createAdminApiKey(app, process.argv[3])\n } else {\n Logger.error('Invalid flag')\n process.exit(1)\n }\n\n process.exit(0)\n }\n\n const globalPrefix = 'api'\n app.setGlobalPrefix(globalPrefix)\n\n const documentFactory = () => SwaggerModule.createDocument(app, getOpenApiConfig(configService.get('oidc.issuer')))\n SwaggerModule.setup('api', app, documentFactory, {\n swaggerOptions: {\n initOAuth: {\n clientId: configService.get('oidc.clientId'),\n appName: 'Daytona AI',\n scopes: ['openid', 'profile', 'email'],\n additionalQueryStringParams: {\n audience: configService.get('oidc.audience'),\n },\n },\n },\n })\n\n // Replace dashboard api url before serving\n if (configService.get('production')) {\n const dashboardDir = join(__dirname, '..', 'dashboard')\n const replaceInDirectory = (dir: string) => {\n for (const file of readdirSync(dir)) {\n const filePath = join(dir, file)\n if (statSync(filePath).isDirectory()) {\n if (file === 'assets') {\n replaceInDirectory(filePath)\n }\n continue\n }\n Logger.log(`Replacing %DAYTONA_BASE_API_URL% in ${filePath}`)\n const fileContent = readFileSync(filePath, 'utf8')\n const newFileContent = fileContent.replaceAll(\n '%DAYTONA_BASE_API_URL%',\n configService.get('dashboardBaseApiUrl'),\n )\n writeFileSync(filePath, newFileContent)\n }\n }\n replaceInDirectory(dashboardDir)\n }\n\n // Starts listening for shutdown hooks\n app.enableShutdownHooks()\n\n const host = '0.0.0.0'\n const port = configService.get('port')\n\n if (isApiEnabled()) {\n await app.listen(port, host)\n Logger.log(`🚀 Daytona API is running on: http://${host}:${port}/${globalPrefix}`)\n } else {\n await app.init()\n app.flushLogs()\n }\n\n if (isWorkerEnabled() && configService.get('kafka.enabled')) {\n app.connectMicroservice({\n transport: Transport.KAFKA,\n options: {\n client: configService.getKafkaClientConfig(),\n producer: {\n allowAutoTopicCreation: true,\n createPartitioner: Partitioners.DefaultPartitioner,\n idempotent: true,\n },\n consumer: {\n allowAutoTopicCreation: true,\n groupId: 'daytona',\n },\n run: {\n autoCommit: false,\n },\n subscribe: {\n fromBeginning: true,\n },\n },\n })\n await app.startAllMicroservices()\n }\n\n // If app running in cluster mode, send ready signal\n if (cluster.isWorker) {\n process.send('ready')\n }\n}\n\nasync function createAdminApiKey(app: INestApplication, apiKeyName: string) {\n const apiKeyService = app.get(ApiKeyService)\n const organizationService = app.get(OrganizationService)\n\n const personalOrg = await organizationService.findPersonal(DAYTONA_ADMIN_USER_ID)\n const { value } = await apiKeyService.createApiKey(personalOrg.id, DAYTONA_ADMIN_USER_ID, apiKeyName, [])\n Logger.log(\n `\n=========================================\n=========================================\nAdmin API key created: ${value}\n=========================================\n=========================================`,\n )\n}\n\nbootstrap()\n" }, { "path": "apps/api/src/migrations/1741087887225-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1741087887225 implements MigrationInterface {\n name = 'Migration1741087887225'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`CREATE SCHEMA IF NOT EXISTS \"public\"`)\n await queryRunner.query(\n `CREATE TABLE \"user\" (\"id\" character varying NOT NULL, \"name\" character varying NOT NULL, \"keyPair\" text, \"publicKeys\" text NOT NULL, \"total_cpu_quota\" integer NOT NULL DEFAULT '10', \"total_memory_quota\" integer NOT NULL DEFAULT '40', \"total_disk_quota\" integer NOT NULL DEFAULT '100', \"max_cpu_per_workspace\" integer NOT NULL DEFAULT '2', \"max_memory_per_workspace\" integer NOT NULL DEFAULT '4', \"max_disk_per_workspace\" integer NOT NULL DEFAULT '10', \"max_concurrent_workspaces\" integer NOT NULL DEFAULT '10', \"workspace_quota\" integer NOT NULL DEFAULT '0', \"image_quota\" integer NOT NULL DEFAULT '5', \"max_image_size\" integer NOT NULL DEFAULT '2', \"total_image_size\" integer NOT NULL DEFAULT '5', CONSTRAINT \"PK_cace4a159ff9f2512dd42373760\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(\n `CREATE TABLE \"team\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"name\" character varying NOT NULL, CONSTRAINT \"PK_f57d8293406df4af348402e4b74\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(\n `CREATE TABLE \"workspace_usage_periods\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"workspaceId\" character varying NOT NULL, \"startAt\" TIMESTAMP NOT NULL, \"endAt\" TIMESTAMP, \"cpu\" double precision NOT NULL, \"gpu\" double precision NOT NULL, \"mem\" double precision NOT NULL, \"disk\" double precision NOT NULL, \"storage\" double precision NOT NULL, \"region\" character varying NOT NULL, CONSTRAINT \"PK_b8d71f79ee638064397f678e877\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(`CREATE TYPE \"node_class_enum\" AS ENUM('small', 'medium', 'large')`)\n await queryRunner.query(`CREATE TYPE \"node_region_enum\" AS ENUM('eu', 'us', 'asia')`)\n await queryRunner.query(\n `CREATE TYPE \"node_state_enum\" AS ENUM('initializing', 'ready', 'disabled', 'decommissioned', 'unresponsive')`,\n )\n await queryRunner.query(\n `CREATE TABLE \"node\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"domain\" character varying NOT NULL, \"apiUrl\" character varying NOT NULL, \"apiKey\" character varying NOT NULL, \"cpu\" integer NOT NULL, \"memory\" integer NOT NULL, \"disk\" integer NOT NULL, \"gpu\" integer NOT NULL, \"gpuType\" character varying NOT NULL, \"class\" \"node_class_enum\" NOT NULL DEFAULT 'small', \"used\" integer NOT NULL DEFAULT '0', \"capacity\" integer NOT NULL, \"region\" \"node_region_enum\" NOT NULL, \"state\" \"node_state_enum\" NOT NULL DEFAULT 'initializing', \"lastChecked\" TIMESTAMP, \"unschedulable\" boolean NOT NULL DEFAULT false, \"createdAt\" TIMESTAMP NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP NOT NULL DEFAULT now(), CONSTRAINT \"UQ_330d74ac3d0e349b4c73c62ad6d\" UNIQUE (\"domain\"), CONSTRAINT \"PK_8c8caf5f29d25264abe9eaf94dd\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(\n `CREATE TYPE \"image_node_state_enum\" AS ENUM('pulling_image', 'ready', 'error', 'removing')`,\n )\n await queryRunner.query(\n `CREATE TABLE \"image_node\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"state\" \"image_node_state_enum\" NOT NULL DEFAULT 'pulling_image', \"errorReason\" character varying, \"image\" character varying NOT NULL, \"internalImageName\" character varying NOT NULL DEFAULT '', \"nodeId\" character varying NOT NULL, \"createdAt\" TIMESTAMP NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP NOT NULL DEFAULT now(), CONSTRAINT \"PK_6c66fc8bd2b9fb41362a50fddd0\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(\n `CREATE TYPE \"image_state_enum\" AS ENUM('pending', 'pulling_image', 'pending_validation', 'validating', 'active', 'error', 'removing')`,\n )\n await queryRunner.query(\n `CREATE TABLE \"image\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"userId\" character varying NOT NULL, \"general\" boolean NOT NULL DEFAULT false, \"name\" character varying NOT NULL, \"internalName\" character varying, \"enabled\" boolean NOT NULL DEFAULT true, \"state\" \"image_state_enum\" NOT NULL DEFAULT 'pending', \"errorReason\" character varying, \"size\" double precision, \"entrypoint\" character varying, \"internalRegistryId\" character varying, \"createdAt\" TIMESTAMP NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP NOT NULL DEFAULT now(), \"lastUsedAt\" TIMESTAMP, CONSTRAINT \"UQ_9db6fbe71409d80375c32826db3\" UNIQUE (\"userId\", \"name\"), CONSTRAINT \"PK_d6db1ab4ee9ad9dbe86c64e4cc3\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(`CREATE TYPE \"workspace_region_enum\" AS ENUM('eu', 'us', 'asia')`)\n await queryRunner.query(`CREATE TYPE \"workspace_class_enum\" AS ENUM('small', 'medium', 'large')`)\n await queryRunner.query(\n `CREATE TYPE \"workspace_state_enum\" AS ENUM('creating', 'restoring', 'destroyed', 'destroying', 'started', 'stopped', 'starting', 'stopping', 'resizing', 'error', 'unknown', 'pulling_image', 'archiving', 'archived')`,\n )\n await queryRunner.query(\n `CREATE TYPE \"workspace_desiredstate_enum\" AS ENUM('destroyed', 'started', 'stopped', 'resized', 'archived')`,\n )\n await queryRunner.query(\n `CREATE TYPE \"workspace_snapshotstate_enum\" AS ENUM('None', 'Pending', 'InProgress', 'Completed', 'Error')`,\n )\n await queryRunner.query(\n `CREATE TABLE \"workspace\" (\"id\" character varying NOT NULL, \"name\" character varying NOT NULL, \"userId\" character varying NOT NULL, \"region\" \"workspace_region_enum\" NOT NULL DEFAULT 'eu', \"nodeId\" uuid, \"prevNodeId\" uuid, \"class\" \"workspace_class_enum\" NOT NULL DEFAULT 'small', \"state\" \"workspace_state_enum\" NOT NULL DEFAULT 'unknown', \"desiredState\" \"workspace_desiredstate_enum\" NOT NULL DEFAULT 'started', \"image\" character varying NOT NULL, \"osUser\" character varying NOT NULL, \"errorReason\" character varying, \"env\" text NOT NULL DEFAULT '{}', \"public\" boolean NOT NULL DEFAULT false, \"labels\" jsonb, \"snapshotRegistryId\" character varying, \"snapshotImage\" character varying, \"lastSnapshotAt\" TIMESTAMP, \"snapshotState\" \"workspace_snapshotstate_enum\" NOT NULL DEFAULT 'None', \"existingSnapshotImages\" jsonb NOT NULL DEFAULT '[]', \"cpu\" integer NOT NULL DEFAULT '2', \"gpu\" integer NOT NULL DEFAULT '0', \"mem\" integer NOT NULL DEFAULT '4', \"disk\" integer NOT NULL DEFAULT '10', \"createdAt\" TIMESTAMP NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP NOT NULL DEFAULT now(), \"lastActivityAt\" TIMESTAMP, \"autoStopInterval\" integer NOT NULL DEFAULT '15', CONSTRAINT \"PK_ca86b6f9b3be5fe26d307d09b49\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(\n `CREATE TABLE \"docker_registry\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"name\" character varying NOT NULL, \"url\" character varying NOT NULL, \"username\" character varying NOT NULL, \"password\" character varying NOT NULL, \"isDefault\" boolean NOT NULL DEFAULT false, \"project\" character varying NOT NULL, \"userId\" character varying, \"createdAt\" TIMESTAMP NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP NOT NULL DEFAULT now(), CONSTRAINT \"PK_4ad72294240279415eb57799798\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(\n `CREATE TABLE \"api_key\" (\"userId\" character varying NOT NULL, \"name\" character varying NOT NULL, \"value\" character varying NOT NULL, \"createdAt\" TIMESTAMP NOT NULL, CONSTRAINT \"UQ_4b0873b633484d5de20b2d8f852\" UNIQUE (\"value\"), CONSTRAINT \"PK_1df0337a701df00e9b2a16c8a0b\" PRIMARY KEY (\"userId\", \"name\"))`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`DROP TABLE \"api_key\"`)\n await queryRunner.query(`DROP TABLE \"docker_registry\"`)\n await queryRunner.query(`DROP TABLE \"workspace\"`)\n await queryRunner.query(`DROP TYPE \"workspace_snapshotstate_enum\"`)\n await queryRunner.query(`DROP TYPE \"workspace_desiredstate_enum\"`)\n await queryRunner.query(`DROP TYPE \"workspace_state_enum\"`)\n await queryRunner.query(`DROP TYPE \"workspace_class_enum\"`)\n await queryRunner.query(`DROP TYPE \"workspace_region_enum\"`)\n await queryRunner.query(`DROP TABLE \"image\"`)\n await queryRunner.query(`DROP TYPE \"image_state_enum\"`)\n await queryRunner.query(`DROP TABLE \"image_node\"`)\n await queryRunner.query(`DROP TYPE \"image_node_state_enum\"`)\n await queryRunner.query(`DROP TABLE \"node\"`)\n await queryRunner.query(`DROP TYPE \"node_state_enum\"`)\n await queryRunner.query(`DROP TYPE \"node_region_enum\"`)\n await queryRunner.query(`DROP TYPE \"node_class_enum\"`)\n await queryRunner.query(`DROP TABLE \"workspace_usage_periods\"`)\n await queryRunner.query(`DROP TABLE \"team\"`)\n await queryRunner.query(`DROP TABLE \"user\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1741088165704-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1741088165704 implements MigrationInterface {\n name = 'Migration1741088165704'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"image\" DROP COLUMN \"internalRegistryId\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"docker_registry_registrytype_enum\" AS ENUM('internal', 'user', 'public', 'transient')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"docker_registry\" ADD \"registryType\" \"public\".\"docker_registry_registrytype_enum\" NOT NULL DEFAULT 'internal'`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"docker_registry\" DROP COLUMN \"registryType\"`)\n await queryRunner.query(`DROP TYPE \"public\".\"docker_registry_registrytype_enum\"`)\n await queryRunner.query(`ALTER TABLE \"image\" ADD \"internalRegistryId\" character varying`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1741088883000-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1741088883000 implements MigrationInterface {\n name = 'Migration1741088883000'\n\n public async up(queryRunner: QueryRunner): Promise {\n // organizations\n await queryRunner.query(\n `CREATE TABLE \"organization\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"name\" character varying NOT NULL, \"createdBy\" character varying NOT NULL, \"personal\" boolean NOT NULL DEFAULT false, \"telemetryEnabled\" boolean NOT NULL DEFAULT true, \"total_cpu_quota\" integer NOT NULL DEFAULT '10', \"total_memory_quota\" integer NOT NULL DEFAULT '40', \"total_disk_quota\" integer NOT NULL DEFAULT '100', \"max_cpu_per_workspace\" integer NOT NULL DEFAULT '2', \"max_memory_per_workspace\" integer NOT NULL DEFAULT '4', \"max_disk_per_workspace\" integer NOT NULL DEFAULT '10', \"max_concurrent_workspaces\" integer NOT NULL DEFAULT '10', \"workspace_quota\" integer NOT NULL DEFAULT '0', \"image_quota\" integer NOT NULL DEFAULT '5', \"max_image_size\" integer NOT NULL DEFAULT '2', \"total_image_size\" integer NOT NULL DEFAULT '5', \"createdAt\" TIMESTAMP NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP NOT NULL DEFAULT now(), CONSTRAINT \"organization_id_pk\" PRIMARY KEY (\"id\"))`,\n )\n\n // organization users\n await queryRunner.query(`CREATE TYPE \"public\".\"organization_user_role_enum\" AS ENUM('owner', 'member')`)\n await queryRunner.query(\n `CREATE TABLE \"organization_user\" (\"organizationId\" uuid NOT NULL, \"userId\" character varying NOT NULL, \"role\" \"public\".\"organization_user_role_enum\" NOT NULL DEFAULT 'member', \"createdAt\" TIMESTAMP NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP NOT NULL DEFAULT now(), CONSTRAINT \"organization_user_organizationId_userId_pk\" PRIMARY KEY (\"organizationId\", \"userId\"))`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_user\" ADD CONSTRAINT \"organization_user_organizationId_fk\" FOREIGN KEY (\"organizationId\") REFERENCES \"organization\"(\"id\") ON DELETE CASCADE ON UPDATE NO ACTION`,\n )\n\n // organization invitations\n await queryRunner.query(`CREATE TYPE \"public\".\"organization_invitation_role_enum\" AS ENUM('owner', 'member')`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"organization_invitation_status_enum\" AS ENUM('pending', 'accepted', 'declined', 'cancelled')`,\n )\n await queryRunner.query(\n `CREATE TABLE \"organization_invitation\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"organizationId\" uuid NOT NULL, \"email\" character varying NOT NULL, \"role\" \"public\".\"organization_invitation_role_enum\" NOT NULL DEFAULT 'member', \"expiresAt\" TIMESTAMP NOT NULL, \"status\" \"public\".\"organization_invitation_status_enum\" NOT NULL DEFAULT 'pending', \"createdAt\" TIMESTAMP NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP NOT NULL DEFAULT now(), CONSTRAINT \"organization_invitation_id_pk\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_invitation\" ADD CONSTRAINT \"organization_invitation_organizationId_fk\" FOREIGN KEY (\"organizationId\") REFERENCES \"organization\"(\"id\") ON DELETE CASCADE ON UPDATE NO ACTION`,\n )\n\n // organization roles\n await queryRunner.query(\n `CREATE TYPE \"public\".\"organization_role_permissions_enum\" AS ENUM('write:registries', 'delete:registries', 'write:images', 'delete:images', 'write:sandboxes', 'delete:sandboxes')`,\n )\n await queryRunner.query(\n `CREATE TABLE \"organization_role\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"name\" character varying NOT NULL, \"description\" character varying NOT NULL, \"permissions\" \"public\".\"organization_role_permissions_enum\" array NOT NULL, \"isGlobal\" boolean NOT NULL DEFAULT false, \"organizationId\" uuid, \"createdAt\" TIMESTAMP NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP NOT NULL DEFAULT now(), CONSTRAINT \"organization_role_id_pk\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role\" ADD CONSTRAINT \"organization_role_organizationId_fk\" FOREIGN KEY (\"organizationId\") REFERENCES \"organization\"(\"id\") ON DELETE CASCADE ON UPDATE NO ACTION`,\n )\n\n // organization role assignments for members\n await queryRunner.query(\n `CREATE TABLE \"organization_role_assignment\" (\"organizationId\" uuid NOT NULL, \"userId\" character varying NOT NULL, \"roleId\" uuid NOT NULL, CONSTRAINT \"organization_role_assignment_organizationId_userId_roleId_pk\" PRIMARY KEY (\"organizationId\", \"userId\", \"roleId\"))`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment\" ADD CONSTRAINT \"organization_role_assignment_organizationId_userId_fk\" FOREIGN KEY (\"organizationId\", \"userId\") REFERENCES \"organization_user\"(\"organizationId\",\"userId\") ON DELETE CASCADE ON UPDATE CASCADE`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment\" ADD CONSTRAINT \"organization_role_assignment_roleId_fk\" FOREIGN KEY (\"roleId\") REFERENCES \"organization_role\"(\"id\") ON DELETE CASCADE ON UPDATE CASCADE`,\n )\n await queryRunner.query(\n `CREATE INDEX \"organization_role_assignment_organizationId_userId_index\" ON \"organization_role_assignment\" (\"organizationId\", \"userId\") `,\n )\n await queryRunner.query(\n `CREATE INDEX \"organization_role_assignment_roleId_index\" ON \"organization_role_assignment\" (\"roleId\") `,\n )\n\n // organization role assignments for invitations\n await queryRunner.query(\n `CREATE TABLE \"organization_role_assignment_invitation\" (\"invitationId\" uuid NOT NULL, \"roleId\" uuid NOT NULL, CONSTRAINT \"organization_role_assignment_invitation_invitationId_roleId_pk\" PRIMARY KEY (\"invitationId\", \"roleId\"))`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment_invitation\" ADD CONSTRAINT \"organization_role_assignment_invitation_invitationId_fk\" FOREIGN KEY (\"invitationId\") REFERENCES \"organization_invitation\"(\"id\") ON DELETE CASCADE ON UPDATE CASCADE`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment_invitation\" ADD CONSTRAINT \"organization_role_assignment_invitation_roleId_fk\" FOREIGN KEY (\"roleId\") REFERENCES \"organization_role\"(\"id\") ON DELETE CASCADE ON UPDATE CASCADE`,\n )\n await queryRunner.query(\n `CREATE INDEX \"organization_role_assignment_invitation_invitationId_index\" ON \"organization_role_assignment_invitation\" (\"invitationId\") `,\n )\n await queryRunner.query(\n `CREATE INDEX \"organization_role_assignment_invitation_roleId_index\" ON \"organization_role_assignment_invitation\" (\"roleId\") `,\n )\n\n // create personal organizations\n await queryRunner.query(`\n INSERT INTO \"organization\" (\n name, \n personal,\n \"createdBy\", \n total_cpu_quota,\n total_memory_quota,\n total_disk_quota,\n max_cpu_per_workspace,\n max_memory_per_workspace,\n max_disk_per_workspace,\n max_concurrent_workspaces,\n workspace_quota,\n image_quota,\n max_image_size,\n total_image_size\n )\n SELECT \n 'Personal',\n true,\n u.id,\n u.total_cpu_quota,\n u.total_memory_quota,\n u.total_disk_quota,\n u.max_cpu_per_workspace,\n u.max_memory_per_workspace,\n u.max_disk_per_workspace,\n u.max_concurrent_workspaces,\n u.workspace_quota,\n u.image_quota,\n u.max_image_size,\n u.total_image_size\n FROM \"user\" u\n `)\n await queryRunner.query(`\n INSERT INTO \"organization_user\" (\"organizationId\", \"userId\", role)\n SELECT \n o.id,\n o.\"createdBy\",\n 'owner'\n FROM \"organization\" o\n WHERE o.personal = true\n `)\n\n // drop user quotas\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"total_cpu_quota\"`)\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"total_memory_quota\"`)\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"total_disk_quota\"`)\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"max_cpu_per_workspace\"`)\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"max_memory_per_workspace\"`)\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"max_disk_per_workspace\"`)\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"max_concurrent_workspaces\"`)\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"workspace_quota\"`)\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"image_quota\"`)\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"max_image_size\"`)\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"total_image_size\"`)\n\n // move existing api keys to corresponding personal organizations\n await queryRunner.query(`ALTER TABLE \"api_key\" ADD \"organizationId\" uuid NULL`)\n await queryRunner.query(`\n UPDATE \"api_key\" ak\n SET \"organizationId\" = (\n SELECT o.id \n FROM \"organization\" o\n WHERE o.\"createdBy\" = ak.\"userId\" \n AND o.personal = true\n LIMIT 1\n )\n `)\n await queryRunner.query(`ALTER TABLE \"api_key\" ALTER COLUMN \"organizationId\" SET NOT NULL`)\n\n // update api key primary key\n await queryRunner.query(`\n DO $$\n DECLARE\n constraint_name text;\n BEGIN\n SELECT tc.constraint_name INTO constraint_name\n FROM information_schema.table_constraints tc\n WHERE tc.table_name = 'api_key' \n AND tc.constraint_type = 'PRIMARY KEY';\n IF constraint_name IS NOT NULL THEN\n EXECUTE format('ALTER TABLE \"api_key\" DROP CONSTRAINT \"%s\"', constraint_name);\n END IF;\n END $$;\n `)\n await queryRunner.query(\n `ALTER TABLE \"api_key\" ADD CONSTRAINT \"api_key_userId_name_organizationId_pk\" PRIMARY KEY (\"userId\", \"name\", \"organizationId\")`,\n )\n\n // api key permissions\n await queryRunner.query(\n `CREATE TYPE \"public\".\"api_key_permissions_enum\" AS ENUM('write:registries', 'delete:registries', 'write:images', 'delete:images', 'write:sandboxes', 'delete:sandboxes')`,\n )\n await queryRunner.query(`ALTER TABLE \"api_key\" ADD \"permissions\" \"public\".\"api_key_permissions_enum\" array NULL`)\n await queryRunner.query(`\n UPDATE api_key\n SET permissions = ARRAY[\n 'write:registries',\n 'delete:registries', \n 'write:images',\n 'delete:images',\n 'write:sandboxes',\n 'delete:sandboxes'\n ]::api_key_permissions_enum[]\n `)\n await queryRunner.query(`ALTER TABLE \"api_key\" ALTER COLUMN \"permissions\" SET NOT NULL`)\n\n // modify docker registry type enum\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"registryType\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TYPE \"public\".\"docker_registry_registrytype_enum\" RENAME TO \"docker_registry_registrytype_enum_old\"`,\n )\n await queryRunner.query(\n `CREATE TYPE \"public\".\"docker_registry_registrytype_enum\" AS ENUM('internal', 'organization', 'public', 'transient')`,\n )\n await queryRunner.query(`\n CREATE OR REPLACE FUNCTION migrate_registry_type(old_type text) \n RETURNS \"public\".\"docker_registry_registrytype_enum\" AS $$\n BEGIN\n IF old_type = 'user' THEN\n RETURN 'organization'::\"public\".\"docker_registry_registrytype_enum\";\n ELSE\n RETURN old_type::\"public\".\"docker_registry_registrytype_enum\";\n END IF;\n END;\n $$ LANGUAGE plpgsql;\n `)\n await queryRunner.query(`\n ALTER TABLE \"docker_registry\" \n ALTER COLUMN \"registryType\" TYPE \"public\".\"docker_registry_registrytype_enum\" \n USING migrate_registry_type(\"registryType\"::text)\n `)\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"registryType\" SET DEFAULT 'internal'`)\n await queryRunner.query(`DROP TYPE \"public\".\"docker_registry_registrytype_enum_old\"`)\n await queryRunner.query(`DROP FUNCTION migrate_registry_type`)\n\n // move existing docker registries to corresponding personal organizations\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ADD \"organizationId\" uuid NULL`)\n await queryRunner.query(`UPDATE \"docker_registry\" SET \"organizationId\" = NULL WHERE \"userId\" = 'system'`)\n await queryRunner.query(`\n UPDATE \"docker_registry\" dr\n SET \"organizationId\" = (\n SELECT o.id \n FROM \"organization\" o\n WHERE o.\"createdBy\" = dr.\"userId\" \n AND o.personal = true\n LIMIT 1\n )\n `)\n await queryRunner.query(`ALTER TABLE \"docker_registry\" DROP COLUMN \"userId\"`)\n\n // move existing images to corresponding personal organizations\n await queryRunner.query(`ALTER TABLE \"image\" ADD \"organizationId\" uuid NULL`)\n await queryRunner.query(`\n UPDATE \"image\" i\n SET \"organizationId\" = (\n SELECT o.id \n FROM \"organization\" o\n WHERE o.\"createdBy\" = i.\"userId\" \n AND o.personal = true\n LIMIT 1\n )\n `)\n\n // update image unique constraint\n await queryRunner.query(`\n DO $$\n DECLARE\n constraint_name text;\n BEGIN\n SELECT tc.constraint_name INTO constraint_name\n FROM information_schema.table_constraints tc\n WHERE tc.table_name = 'image' \n AND tc.constraint_type = 'UNIQUE' \n AND tc.constraint_name LIKE '%name%';\n \n IF constraint_name IS NOT NULL THEN\n EXECUTE format('ALTER TABLE \"image\" DROP CONSTRAINT \"%s\"', constraint_name);\n END IF;\n END $$;\n `)\n await queryRunner.query(\n `ALTER TABLE \"image\" ADD CONSTRAINT \"image_organizationId_name_unique\" UNIQUE (\"organizationId\", \"name\")`,\n )\n await queryRunner.query(`ALTER TABLE \"image\" DROP COLUMN \"userId\"`)\n\n // move existing workspaces to corresponding personal organizations\n await queryRunner.query(`ALTER TABLE \"workspace\" ADD \"organizationId\" uuid NULL`)\n await queryRunner.query(`\n UPDATE \"workspace\" w\n SET \"organizationId\" = (\n SELECT o.id \n FROM \"organization\" o\n WHERE o.\"createdBy\" = w.\"userId\" \n AND o.personal = true\n LIMIT 1\n )\n WHERE w.\"userId\" != 'unassigned'\n `)\n await queryRunner.query(`\n UPDATE \"workspace\" w\n SET \"organizationId\" = '00000000-0000-0000-0000-000000000000'\n WHERE w.\"userId\" = 'unassigned'\n `)\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"organizationId\" SET NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"workspace\" DROP COLUMN \"userId\"`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // workspaces\n await queryRunner.query(`ALTER TABLE \"workspace\" ADD \"userId\" character varying NULL`)\n await queryRunner.query(`\n UPDATE \"workspace\" w\n SET \"userId\" = 'unassigned'\n WHERE w.\"organizationId\" = '00000000-0000-0000-0000-000000000000'\n `)\n await queryRunner.query(`\n UPDATE \"workspace\" w\n SET \"userId\" = (\n SELECT o.\"createdBy\" \n FROM \"organization\" o\n WHERE o.id = w.\"organizationId\"\n )\n WHERE w.\"organizationId\" != '00000000-0000-0000-0000-000000000000'\n `)\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"userId\" SET NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"workspace\" DROP COLUMN \"organizationId\"`)\n\n // images\n await queryRunner.query(`ALTER TABLE \"image\" ADD \"userId\" character varying NULL`)\n await queryRunner.query(`\n UPDATE \"image\" i\n SET \"userId\" = (\n SELECT o.\"createdBy\" \n FROM \"organization\" o\n WHERE o.id = i.\"organizationId\"\n )\n `)\n await queryRunner.query(`ALTER TABLE \"image\" ALTER COLUMN \"userId\" SET NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"image\" DROP CONSTRAINT \"image_organizationId_name_unique\"`)\n await queryRunner.query(`ALTER TABLE \"image\" ADD CONSTRAINT \"image_userId_name_unique\" UNIQUE (\"userId\", \"name\")`)\n await queryRunner.query(`ALTER TABLE \"image\" DROP COLUMN \"organizationId\"`)\n\n // docker registries\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"registryType\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TYPE \"public\".\"docker_registry_registrytype_enum\" RENAME TO \"docker_registry_registrytype_enum_old\"`,\n )\n await queryRunner.query(\n `CREATE TYPE \"public\".\"docker_registry_registrytype_enum\" AS ENUM('internal', 'user', 'public', 'transient')`,\n )\n await queryRunner.query(`\n CREATE OR REPLACE FUNCTION rollback_registry_type(new_type text) \n RETURNS \"public\".\"docker_registry_registrytype_enum\" AS $$\n BEGIN\n IF new_type = 'organization' THEN\n RETURN 'user'::\"public\".\"docker_registry_registrytype_enum\";\n ELSE\n RETURN new_type::\"public\".\"docker_registry_registrytype_enum\";\n END IF;\n END;\n $$ LANGUAGE plpgsql;\n `)\n await queryRunner.query(`\n ALTER TABLE \"docker_registry\" \n ALTER COLUMN \"registryType\" TYPE \"public\".\"docker_registry_registrytype_enum\" \n USING rollback_registry_type(\"registryType\"::text)\n `)\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"registryType\" SET DEFAULT 'internal'`)\n await queryRunner.query(`DROP TYPE \"public\".\"docker_registry_registrytype_enum_old\"`)\n await queryRunner.query(`DROP FUNCTION rollback_registry_type`)\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ADD \"userId\" character varying NULL`)\n await queryRunner.query(`\n UPDATE \"docker_registry\" dr\n SET \"userId\" = (\n SELECT o.\"createdBy\" \n FROM \"organization\" o\n WHERE o.id = dr.\"organizationId\"\n )\n `)\n await queryRunner.query(`ALTER TABLE \"docker_registry\" DROP COLUMN \"organizationId\"`)\n\n // api keys\n await queryRunner.query(`ALTER TABLE \"api_key\" DROP CONSTRAINT \"api_key_userId_name_organizationId_pk\"`)\n await queryRunner.query(\n `ALTER TABLE \"api_key\" ADD CONSTRAINT \"api_key_userId_name_pk\" PRIMARY KEY (\"userId\", \"name\")`,\n )\n await queryRunner.query(`ALTER TABLE \"api_key\" DROP COLUMN \"organizationId\"`)\n await queryRunner.query(`ALTER TABLE \"api_key\" DROP COLUMN \"permissions\"`)\n await queryRunner.query(`DROP TYPE \"public\".\"api_key_permissions_enum\"`)\n\n // user quotas\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"total_cpu_quota\" integer NOT NULL DEFAULT '10'`)\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"total_memory_quota\" integer NOT NULL DEFAULT '40'`)\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"total_disk_quota\" integer NOT NULL DEFAULT '100'`)\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"max_cpu_per_workspace\" integer NOT NULL DEFAULT '2'`)\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"max_memory_per_workspace\" integer NOT NULL DEFAULT '4'`)\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"max_disk_per_workspace\" integer NOT NULL DEFAULT '10'`)\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"max_concurrent_workspaces\" integer NOT NULL DEFAULT '10'`)\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"workspace_quota\" integer NOT NULL DEFAULT '0'`)\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"image_quota\" integer NOT NULL DEFAULT '5'`)\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"max_image_size\" integer NOT NULL DEFAULT '2'`)\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"total_image_size\" integer NOT NULL DEFAULT '5'`)\n await queryRunner.query(`\n UPDATE \"user\" u\n SET \n total_cpu_quota = (\n SELECT o.total_cpu_quota\n FROM \"organization\" o\n WHERE o.\"createdBy\" = u.id\n AND o.personal = true\n LIMIT 1\n ),\n total_memory_quota = (\n SELECT o.total_memory_quota\n FROM \"organization\" o\n WHERE o.\"createdBy\" = u.id\n AND o.personal = true\n LIMIT 1\n ),\n total_disk_quota = (\n SELECT o.total_disk_quota\n FROM \"organization\" o\n WHERE o.\"createdBy\" = u.id\n AND o.personal = true\n LIMIT 1\n ),\n max_cpu_per_workspace = (\n SELECT o.max_cpu_per_workspace\n FROM \"organization\" o\n WHERE o.\"createdBy\" = u.id\n AND o.personal = true\n LIMIT 1\n ),\n max_memory_per_workspace = (\n SELECT o.max_memory_per_workspace\n FROM \"organization\" o\n WHERE o.\"createdBy\" = u.id\n AND o.personal = true\n LIMIT 1\n ),\n max_disk_per_workspace = (\n SELECT o.max_disk_per_workspace\n FROM \"organization\" o\n WHERE o.\"createdBy\" = u.id\n AND o.personal = true\n LIMIT 1\n ),\n max_concurrent_workspaces = (\n SELECT o.max_concurrent_workspaces\n FROM \"organization\" o\n WHERE o.\"createdBy\" = u.id\n AND o.personal = true\n LIMIT 1\n ),\n workspace_quota = (\n SELECT o.workspace_quota\n FROM \"organization\" o\n WHERE o.\"createdBy\" = u.id\n AND o.personal = true\n LIMIT 1\n ),\n image_quota = (\n SELECT o.image_quota\n FROM \"organization\" o\n WHERE o.\"createdBy\" = u.id\n AND o.personal = true\n LIMIT 1\n ),\n max_image_size = (\n SELECT o.max_image_size\n FROM \"organization\" o\n WHERE o.\"createdBy\" = u.id\n AND o.personal = true\n LIMIT 1\n ),\n total_image_size = (\n SELECT o.total_image_size\n FROM \"organization\" o\n WHERE o.\"createdBy\" = u.id\n AND o.personal = true\n LIMIT 1\n )\n `)\n\n // drop organization tables and related constraints\n await queryRunner.query(`DROP INDEX \"organization_role_assignment_invitation_roleId_index\"`)\n await queryRunner.query(`DROP INDEX \"organization_role_assignment_invitation_invitationId_index\"`)\n await queryRunner.query(`DROP TABLE \"organization_role_assignment_invitation\"`)\n await queryRunner.query(`DROP INDEX \"organization_role_assignment_roleId_index\"`)\n await queryRunner.query(`DROP INDEX \"organization_role_assignment_organizationId_userId_index\"`)\n await queryRunner.query(`DROP TABLE \"organization_role_assignment\"`)\n await queryRunner.query(`DROP TABLE \"organization_role\"`)\n await queryRunner.query(`DROP TYPE \"organization_role_permissions_enum\"`)\n await queryRunner.query(`DROP TABLE \"organization_invitation\"`)\n await queryRunner.query(`DROP TYPE \"organization_invitation_status_enum\"`)\n await queryRunner.query(`DROP TYPE \"organization_invitation_role_enum\"`)\n await queryRunner.query(`DROP TABLE \"organization_user\"`)\n await queryRunner.query(`DROP TYPE \"organization_user_role_enum\"`)\n await queryRunner.query(`DROP TABLE \"organization\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1741088883001-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1741088883001 implements MigrationInterface {\n name = 'Migration1741088883001'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"email\" character varying NOT NULL DEFAULT ''`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"email\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1741088883002-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\nimport { GlobalOrganizationRolesIds } from '../organization/constants/global-organization-roles.constant'\nimport { OrganizationResourcePermission } from '../organization/enums/organization-resource-permission.enum'\n\nexport class Migration1741088883002 implements MigrationInterface {\n name = 'Migration1741088883002'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`\n INSERT INTO \"organization_role\" \n (\"id\", \"name\", \"description\", \"permissions\", \"isGlobal\")\n VALUES \n (\n '${GlobalOrganizationRolesIds.DEVELOPER}',\n 'Developer', \n 'Grants the ability to create sandboxes and keys in the organization', \n ARRAY[\n '${OrganizationResourcePermission.WRITE_SANDBOXES}'\n ]::organization_role_permissions_enum[],\n TRUE\n )\n `)\n\n await queryRunner.query(`\n INSERT INTO \"organization_role\" \n (\"id\", \"name\", \"description\", \"permissions\", \"isGlobal\")\n VALUES \n (\n '${GlobalOrganizationRolesIds.SANDBOXES_ADMIN}',\n 'Sandboxes Admin', \n 'Grants admin access to sandboxes in the organization', \n ARRAY[\n '${OrganizationResourcePermission.WRITE_SANDBOXES}',\n '${OrganizationResourcePermission.DELETE_SANDBOXES}'\n ]::organization_role_permissions_enum[],\n TRUE\n )\n `)\n\n await queryRunner.query(`\n INSERT INTO \"organization_role\" \n (\"id\", \"name\", \"description\", \"permissions\", \"isGlobal\")\n VALUES \n (\n '${GlobalOrganizationRolesIds.SNAPSHOTS_ADMIN}',\n 'Images Admin', \n 'Grants admin access to images in the organization', \n ARRAY[\n 'write:images',\n 'delete:images'\n ]::organization_role_permissions_enum[],\n TRUE\n )\n `)\n\n await queryRunner.query(`\n INSERT INTO \"organization_role\" \n (\"id\", \"name\", \"description\", \"permissions\", \"isGlobal\")\n VALUES \n (\n '${GlobalOrganizationRolesIds.REGISTRIES_ADMIN}',\n 'Registries Admin', \n 'Grants admin access to registries in the organization', \n ARRAY[\n '${OrganizationResourcePermission.WRITE_REGISTRIES}',\n '${OrganizationResourcePermission.DELETE_REGISTRIES}'\n ]::organization_role_permissions_enum[],\n TRUE\n )\n `)\n\n await queryRunner.query(`\n INSERT INTO \"organization_role\" \n (\"id\", \"name\", \"description\", \"permissions\", \"isGlobal\")\n VALUES \n (\n '${GlobalOrganizationRolesIds.SUPER_ADMIN}',\n 'Super Admin', \n 'Grants full access to all resources in the organization', \n ARRAY[\n '${OrganizationResourcePermission.WRITE_REGISTRIES}',\n '${OrganizationResourcePermission.DELETE_REGISTRIES}',\n 'write:images',\n 'delete:images',\n '${OrganizationResourcePermission.WRITE_SANDBOXES}',\n '${OrganizationResourcePermission.DELETE_SANDBOXES}'\n ]::organization_role_permissions_enum[],\n TRUE\n )\n `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`DELETE FROM \"organization_role\" WHERE \"isGlobal\" = TRUE`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1741877019888-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1741877019888 implements MigrationInterface {\n name = 'Migration1741877019888'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`CREATE TYPE \"public\".\"warm_pool_target_enum\" AS ENUM('eu', 'us', 'asia')`)\n await queryRunner.query(`CREATE TYPE \"public\".\"warm_pool_class_enum\" AS ENUM('small', 'medium', 'large')`)\n await queryRunner.query(\n `CREATE TABLE \"warm_pool\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"pool\" integer NOT NULL, \"image\" character varying NOT NULL, \"target\" \"public\".\"warm_pool_target_enum\" NOT NULL DEFAULT 'eu', \"cpu\" integer NOT NULL, \"mem\" integer NOT NULL, \"disk\" integer NOT NULL, \"gpu\" integer NOT NULL, \"gpuType\" character varying NOT NULL, \"class\" \"public\".\"warm_pool_class_enum\" NOT NULL DEFAULT 'small', \"osUser\" character varying NOT NULL, \"errorReason\" character varying, \"env\" text NOT NULL DEFAULT '{}', \"createdAt\" TIMESTAMP NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP NOT NULL DEFAULT now(), CONSTRAINT \"PK_fb06a13baeb3ac0ced145345d90\" PRIMARY KEY (\"id\"))`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`DROP TABLE \"warm_pool\"`)\n await queryRunner.query(`DROP TYPE \"public\".\"warm_pool_class_enum\"`)\n await queryRunner.query(`DROP TYPE \"public\".\"warm_pool_target_enum\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1742215525714-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1742215525714 implements MigrationInterface {\n name = 'Migration1742215525714'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"image_quota\" SET DEFAULT '0'`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"image_quota\" SET DEFAULT '5'`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1742475055353-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1742475055353 implements MigrationInterface {\n name = 'Migration1742475055353'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`CREATE TYPE \"public\".\"user_role_enum\" AS ENUM('admin', 'user')`)\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"role\" \"public\".\"user_role_enum\" NOT NULL DEFAULT 'user'`)\n\n await queryRunner.query(`UPDATE \"user\" SET \"role\" = 'admin' WHERE \"id\" = 'daytona-admin'`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"role\"`)\n await queryRunner.query(`DROP TYPE \"public\".\"user_role_enum\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1742831092942-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1742831092942 implements MigrationInterface {\n name = 'Migration1742831092942'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"workspace\" ADD \"pending\" boolean NOT NULL DEFAULT false`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"workspace\" DROP COLUMN \"pending\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1743593463168-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1743593463168 implements MigrationInterface {\n name = 'Migration1743593463168'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `ALTER TABLE \"organization_invitation\" ADD \"invitedBy\" character varying NOT NULL DEFAULT ''`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization_invitation\" DROP COLUMN \"invitedBy\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1743683015304-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1743683015304 implements MigrationInterface {\n name = 'Migration1743683015304'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"workspace\" DROP COLUMN \"name\"`)\n await queryRunner.query(`ALTER TABLE \"workspace\" DROP CONSTRAINT \"PK_ca86b6f9b3be5fe26d307d09b49\"`)\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"id\" SET DEFAULT uuid_generate_v4()`)\n await queryRunner.query(`ALTER TABLE \"workspace\" ADD CONSTRAINT \"workspace_id_pk\" PRIMARY KEY (\"id\")`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"workspace\" DROP CONSTRAINT \"workspace_id_pk\"`)\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"id\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"workspace\" ADD CONSTRAINT \"PK_ca86b6f9b3be5fe26d307d09b49\" PRIMARY KEY (\"id\")`,\n )\n await queryRunner.query(`ALTER TABLE \"workspace\" ADD \"name\" character varying NOT NULL DEFAULT ''`)\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"name\" DROP DEFAULT`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1744028841133-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1744028841133 implements MigrationInterface {\n name = 'Migration1744028841133'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"workspace_usage_periods\" DROP COLUMN \"storage\"`)\n await queryRunner.query(`ALTER TABLE \"workspace_usage_periods\" ADD \"organizationId\" character varying NOT NULL`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"workspace_usage_periods\" DROP COLUMN \"organizationId\"`)\n await queryRunner.query(`ALTER TABLE \"workspace_usage_periods\" ADD \"storage\" double precision NOT NULL`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1744114341077-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1744114341077 implements MigrationInterface {\n name = 'Migration1744114341077'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment\" DROP CONSTRAINT \"organization_role_assignment_roleId_fk\"`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment_invitation\" DROP CONSTRAINT \"organization_role_assignment_invitation_roleId_fk\"`,\n )\n await queryRunner.query(\n `ALTER TABLE \"workspace\" ADD \"authToken\" character varying NOT NULL DEFAULT MD5(random()::text)`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment\" ADD CONSTRAINT \"organization_role_assignment_roleId_fk\" FOREIGN KEY (\"roleId\") REFERENCES \"organization_role\"(\"id\") ON DELETE NO ACTION ON UPDATE NO ACTION`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment_invitation\" ADD CONSTRAINT \"organization_role_assignment_invitation_roleId_fk\" FOREIGN KEY (\"roleId\") REFERENCES \"organization_role\"(\"id\") ON DELETE NO ACTION ON UPDATE NO ACTION`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment_invitation\" DROP CONSTRAINT \"organization_role_assignment_invitation_roleId_fk\"`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment\" DROP CONSTRAINT \"organization_role_assignment_roleId_fk\"`,\n )\n await queryRunner.query(`ALTER TABLE \"workspace\" DROP COLUMN \"authToken\"`)\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment_invitation\" ADD CONSTRAINT \"organization_role_assignment_invitation_roleId_fk\" FOREIGN KEY (\"roleId\") REFERENCES \"organization_role\"(\"id\") ON DELETE CASCADE ON UPDATE CASCADE`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment\" ADD CONSTRAINT \"organization_role_assignment_roleId_fk\" FOREIGN KEY (\"roleId\") REFERENCES \"organization_role\"(\"id\") ON DELETE CASCADE ON UPDATE CASCADE`,\n )\n }\n}\n" }, { "path": "apps/api/src/migrations/1744378115901-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1744378115901 implements MigrationInterface {\n name = 'Migration1744378115901'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"suspended\" boolean NOT NULL DEFAULT false`)\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"suspensionReason\" character varying`)\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"suspendedUntil\" TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"suspendedAt\" TIMESTAMP`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"suspendedAt\"`)\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"suspendedUntil\"`)\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"suspensionReason\"`)\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"suspended\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1744808444807-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1744808444807 implements MigrationInterface {\n name = 'Migration1744808444807'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `CREATE TABLE \"volume\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"organizationId\" uuid, \"name\" character varying NOT NULL, \"state\" character varying NOT NULL, \"errorReason\" character varying, \"createdAt\" TIMESTAMP NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP NOT NULL DEFAULT now(), \"lastUsedAt\" TIMESTAMP, CONSTRAINT \"volume_organizationId_name_unique\" UNIQUE (\"organizationId\", \"name\"), CONSTRAINT \"volume_id_pk\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"authToken\" SET DEFAULT MD5(random()::text)`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"authToken\" SET DEFAULT md5((random()))`)\n await queryRunner.query(`DROP TABLE \"volume\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1744868914148-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\nimport { GlobalOrganizationRolesIds } from '../organization/constants/global-organization-roles.constant'\nimport { OrganizationResourcePermission } from '../organization/enums/organization-resource-permission.enum'\n\nexport class Migration1744868914148 implements MigrationInterface {\n name = 'Migration1744868914148'\n\n public async up(queryRunner: QueryRunner): Promise {\n // update enums\n await queryRunner.query(`ALTER TYPE \"public\".\"api_key_permissions_enum\" RENAME TO \"api_key_permissions_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"api_key_permissions_enum\" AS ENUM('write:registries', 'delete:registries', 'write:images', 'delete:images', 'write:sandboxes', 'delete:sandboxes', 'read:volumes', 'write:volumes', 'delete:volumes')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"api_key\" ALTER COLUMN \"permissions\" TYPE \"public\".\"api_key_permissions_enum\"[] USING \"permissions\"::\"text\"::\"public\".\"api_key_permissions_enum\"[]`,\n )\n await queryRunner.query(`DROP TYPE \"public\".\"api_key_permissions_enum_old\"`)\n await queryRunner.query(\n `ALTER TYPE \"public\".\"organization_role_permissions_enum\" RENAME TO \"organization_role_permissions_enum_old\"`,\n )\n await queryRunner.query(\n `CREATE TYPE \"public\".\"organization_role_permissions_enum\" AS ENUM('write:registries', 'delete:registries', 'write:images', 'delete:images', 'write:sandboxes', 'delete:sandboxes', 'read:volumes', 'write:volumes', 'delete:volumes')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role\" ALTER COLUMN \"permissions\" TYPE \"public\".\"organization_role_permissions_enum\"[] USING \"permissions\"::\"text\"::\"public\".\"organization_role_permissions_enum\"[]`,\n )\n await queryRunner.query(`DROP TYPE \"public\".\"organization_role_permissions_enum_old\"`)\n\n // add volumes admin role\n await queryRunner.query(`\n INSERT INTO \"organization_role\" \n (\"id\", \"name\", \"description\", \"permissions\", \"isGlobal\")\n VALUES \n (\n '${GlobalOrganizationRolesIds.VOLUMES_ADMIN}', \n 'Volumes Admin', \n 'Grants admin access to volumes in the organization', \n ARRAY[\n '${OrganizationResourcePermission.READ_VOLUMES}',\n '${OrganizationResourcePermission.WRITE_VOLUMES}',\n '${OrganizationResourcePermission.DELETE_VOLUMES}'\n ]::organization_role_permissions_enum[],\n TRUE\n )\n `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // remove volumes admin role\n await queryRunner.query(\n `DELETE FROM \"organization_role\" WHERE \"id\" = '${GlobalOrganizationRolesIds.VOLUMES_ADMIN}'`,\n )\n\n // revert enums\n await queryRunner.query(\n `CREATE TYPE \"public\".\"organization_role_permissions_enum_old\" AS ENUM('write:registries', 'delete:registries', 'write:images', 'delete:images', 'write:sandboxes', 'delete:sandboxes')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role\" ALTER COLUMN \"permissions\" TYPE \"public\".\"organization_role_permissions_enum_old\"[] USING \"permissions\"::\"text\"::\"public\".\"organization_role_permissions_enum_old\"[]`,\n )\n await queryRunner.query(`DROP TYPE \"public\".\"organization_role_permissions_enum\"`)\n await queryRunner.query(\n `ALTER TYPE \"public\".\"organization_role_permissions_enum_old\" RENAME TO \"organization_role_permissions_enum\"`,\n )\n await queryRunner.query(\n `CREATE TYPE \"public\".\"api_key_permissions_enum_old\" AS ENUM('write:registries', 'delete:registries', 'write:images', 'delete:images', 'write:sandboxes', 'delete:sandboxes')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"api_key\" ALTER COLUMN \"permissions\" TYPE \"public\".\"api_key_permissions_enum_old\"[] USING \"permissions\"::\"text\"::\"public\".\"api_key_permissions_enum_old\"[]`,\n )\n await queryRunner.query(`DROP TYPE \"public\".\"api_key_permissions_enum\"`)\n await queryRunner.query(`ALTER TYPE \"public\".\"api_key_permissions_enum_old\" RENAME TO \"api_key_permissions_enum\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1744971114480-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1744971114480 implements MigrationInterface {\n name = 'Migration1744971114480'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"workspace\" ADD \"volumes\" jsonb NOT NULL DEFAULT '[]'`)\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"authToken\" SET DEFAULT MD5(random()::text)`)\n await queryRunner.query(`ALTER TABLE \"volume\" DROP COLUMN \"state\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"volume_state_enum\" AS ENUM('creating', 'ready', 'pending_create', 'pending_delete', 'deleting', 'deleted', 'error')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"volume\" ADD \"state\" \"public\".\"volume_state_enum\" NOT NULL DEFAULT 'pending_create'`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"volume\" DROP COLUMN \"state\"`)\n await queryRunner.query(`DROP TYPE \"public\".\"volume_state_enum\"`)\n await queryRunner.query(`ALTER TABLE \"volume\" ADD \"state\" character varying NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"authToken\" SET DEFAULT md5((random()))`)\n await queryRunner.query(`ALTER TABLE \"workspace\" DROP COLUMN \"volumes\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1745393243334-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1745393243334 implements MigrationInterface {\n name = 'Migration1745393243334'\n\n public async up(queryRunner: QueryRunner): Promise {\n // First, get all images with their current entrypoint values\n const images = await queryRunner.query(`SELECT id, entrypoint FROM \"image\" WHERE entrypoint IS NOT NULL`)\n\n // Rename the column to avoid data loss\n await queryRunner.query(`ALTER TABLE \"image\" RENAME COLUMN \"entrypoint\" TO \"entrypoint_old\"`)\n\n // Add the new jsonb column\n await queryRunner.query(`ALTER TABLE \"image\" ADD \"entrypoint\" text[]`)\n\n // Update each image to convert the string entrypoint to a JSON array\n for (const image of images) {\n const entrypointValue = image.entrypoint\n if (entrypointValue) {\n // Convert the string to a JSON array with a single element\n await queryRunner.query(`UPDATE \"image\" SET \"entrypoint\" = $1 WHERE id = $2`, [\n entrypointValue.split(' '),\n image.id,\n ])\n }\n }\n\n // Drop the old column\n await queryRunner.query(`ALTER TABLE \"image\" DROP COLUMN \"entrypoint_old\"`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // First, get all images with their current entrypoint values\n const images = await queryRunner.query(`SELECT id, entrypoint FROM \"image\" WHERE entrypoint IS NOT NULL`)\n\n // Rename the column to avoid data loss\n await queryRunner.query(`ALTER TABLE \"image\" RENAME COLUMN \"entrypoint\" TO \"entrypoint_old\"`)\n\n // Add the new character varying column\n await queryRunner.query(`ALTER TABLE \"image\" ADD \"entrypoint\" character varying`)\n\n // Update each image to convert the JSON array to a string\n for (const image of images) {\n const entrypointArray = image.entrypoint_old\n if (entrypointArray && Array.isArray(entrypointArray) && entrypointArray.length > 0) {\n // Take the first element of the array as the string value\n await queryRunner.query(`UPDATE \"image\" SET \"entrypoint\" = $1 WHERE id = $2`, [entrypointArray[0], image.id])\n }\n }\n\n // Drop the old column\n await queryRunner.query(`ALTER TABLE \"image\" DROP COLUMN \"entrypoint_old\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1745494761360-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1745494761360 implements MigrationInterface {\n name = 'Migration1745494761360'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"emailVerified\" boolean NOT NULL DEFAULT false`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"emailVerified\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1745574377029-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1745574377029 implements MigrationInterface {\n name = 'Migration1745574377029'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `CREATE TABLE \"build_info\" (\"imageRef\" character varying NOT NULL, \"dockerfileContent\" text, \"contextHashes\" text, \"lastUsedAt\" TIMESTAMP NOT NULL DEFAULT now(), \"createdAt\" TIMESTAMP NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP NOT NULL DEFAULT now(), CONSTRAINT \"build_info_imageRef_pk\" PRIMARY KEY (\"imageRef\"))`,\n )\n await queryRunner.renameColumn('image_node', 'internalImageName', 'imageRef')\n await queryRunner.query(`ALTER TABLE \"image_node\" DROP COLUMN \"image\"`)\n await queryRunner.query(`ALTER TABLE \"image\" ADD \"buildInfoImageRef\" character varying`)\n await queryRunner.query(`ALTER TABLE \"workspace\" ADD \"buildInfoImageRef\" character varying`)\n await queryRunner.query(`ALTER TYPE \"public\".\"image_node_state_enum\" RENAME TO \"image_node_state_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"image_node_state_enum\" AS ENUM('pulling_image', 'building_image', 'ready', 'error', 'removing')`,\n )\n await queryRunner.query(`ALTER TABLE \"image_node\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"image_node\" ALTER COLUMN \"state\" TYPE \"public\".\"image_node_state_enum\" USING \"state\"::\"text\"::\"public\".\"image_node_state_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"image_node\" ALTER COLUMN \"state\" SET DEFAULT 'pulling_image'`)\n await queryRunner.query(`DROP TYPE \"public\".\"image_node_state_enum_old\"`)\n await queryRunner.query(`ALTER TYPE \"public\".\"image_state_enum\" RENAME TO \"image_state_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"image_state_enum\" AS ENUM('build_pending', 'building', 'pending', 'pulling_image', 'pending_validation', 'validating', 'active', 'error', 'removing')`,\n )\n await queryRunner.query(`ALTER TABLE \"image\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"image\" ALTER COLUMN \"state\" TYPE \"public\".\"image_state_enum\" USING \"state\"::\"text\"::\"public\".\"image_state_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"image\" ALTER COLUMN \"state\" SET DEFAULT 'pending'`)\n await queryRunner.query(`DROP TYPE \"public\".\"image_state_enum_old\"`)\n await queryRunner.query(`ALTER TYPE \"public\".\"workspace_state_enum\" RENAME TO \"workspace_state_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"workspace_state_enum\" AS ENUM('creating', 'restoring', 'destroyed', 'destroying', 'started', 'stopped', 'starting', 'stopping', 'resizing', 'error', 'pending_build', 'building_image', 'unknown', 'pulling_image', 'archiving', 'archived')`,\n )\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"workspace\" ALTER COLUMN \"state\" TYPE \"public\".\"workspace_state_enum\" USING \"state\"::\"text\"::\"public\".\"workspace_state_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"state\" SET DEFAULT 'unknown'`)\n await queryRunner.query(`DROP TYPE \"public\".\"workspace_state_enum_old\"`)\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"image\" DROP NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"authToken\" SET DEFAULT MD5(random()::text)`)\n await queryRunner.query(\n `ALTER TABLE \"image\" ADD CONSTRAINT \"image_buildInfoImageRef_fk\" FOREIGN KEY (\"buildInfoImageRef\") REFERENCES \"build_info\"(\"imageRef\") ON DELETE NO ACTION ON UPDATE NO ACTION`,\n )\n await queryRunner.query(\n `ALTER TABLE \"workspace\" ADD CONSTRAINT \"workspace_buildInfoImageRef_fk\" FOREIGN KEY (\"buildInfoImageRef\") REFERENCES \"build_info\"(\"imageRef\") ON DELETE NO ACTION ON UPDATE NO ACTION`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"workspace\" DROP CONSTRAINT \"workspace_buildInfoImageRef_fk\"`)\n await queryRunner.query(`ALTER TABLE \"image\" DROP CONSTRAINT \"image_buildInfoImageRef_fk\"`)\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"authToken\" SET DEFAULT md5((random()))`)\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"image\" SET NOT NULL`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"workspace_state_enum_old\" AS ENUM('archived', 'archiving', 'creating', 'destroyed', 'destroying', 'error', 'pulling_image', 'resizing', 'restoring', 'started', 'starting', 'stopped', 'stopping', 'unknown')`,\n )\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"workspace\" ALTER COLUMN \"state\" TYPE \"public\".\"workspace_state_enum_old\" USING \"state\"::\"text\"::\"public\".\"workspace_state_enum_old\"`,\n )\n await queryRunner.query(`ALTER TABLE \"workspace\" ALTER COLUMN \"state\" SET DEFAULT 'unknown'`)\n await queryRunner.query(`DROP TYPE \"public\".\"workspace_state_enum\"`)\n await queryRunner.query(`ALTER TYPE \"public\".\"workspace_state_enum_old\" RENAME TO \"workspace_state_enum\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"image_state_enum_old\" AS ENUM('active', 'error', 'pending', 'pending_validation', 'pulling_image', 'removing', 'validating')`,\n )\n await queryRunner.query(`ALTER TABLE \"image\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"image\" ALTER COLUMN \"state\" TYPE \"public\".\"image_state_enum_old\" USING \"state\"::\"text\"::\"public\".\"image_state_enum_old\"`,\n )\n await queryRunner.query(`ALTER TABLE \"image\" ALTER COLUMN \"state\" SET DEFAULT 'pending'`)\n await queryRunner.query(`DROP TYPE \"public\".\"image_state_enum\"`)\n await queryRunner.query(`ALTER TYPE \"public\".\"image_state_enum_old\" RENAME TO \"image_state_enum\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"image_node_state_enum_old\" AS ENUM('error', 'pulling_image', 'ready', 'removing')`,\n )\n await queryRunner.query(`ALTER TABLE \"image_node\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"image_node\" ALTER COLUMN \"state\" TYPE \"public\".\"image_node_state_enum_old\" USING \"state\"::\"text\"::\"public\".\"image_node_state_enum_old\"`,\n )\n await queryRunner.query(`ALTER TABLE \"image_node\" ALTER COLUMN \"state\" SET DEFAULT 'pulling_image'`)\n await queryRunner.query(`DROP TYPE \"public\".\"image_node_state_enum\"`)\n await queryRunner.query(`ALTER TYPE \"public\".\"image_node_state_enum_old\" RENAME TO \"image_node_state_enum\"`)\n await queryRunner.query(`ALTER TABLE \"workspace\" DROP COLUMN \"buildInfoImageRef\"`)\n await queryRunner.query(`ALTER TABLE \"image\" DROP COLUMN \"buildInfoImageRef\"`)\n await queryRunner.renameColumn('image_node', 'imageRef', 'internalImageName')\n await queryRunner.query(`ALTER TABLE \"image_node\" ADD \"image\" character varying NOT NULL`)\n await queryRunner.query(`DROP TABLE \"build_info\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1745840296260-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\nimport * as crypto from 'crypto'\n\nexport class Migration1745840296260 implements MigrationInterface {\n name = 'Migration1745840296260'\n\n public async up(queryRunner: QueryRunner): Promise {\n // Add the new columns\n await queryRunner.query(`ALTER TABLE \"api_key\" ADD \"keyHash\" character varying NOT NULL DEFAULT ''`)\n await queryRunner.query(`ALTER TABLE \"api_key\" ADD \"keyPrefix\" character varying NOT NULL DEFAULT ''`)\n await queryRunner.query(`ALTER TABLE \"api_key\" ADD \"keySuffix\" character varying NOT NULL DEFAULT ''`)\n\n // Get all existing API keys\n const existingKeys = await queryRunner.query(`SELECT \"value\" FROM \"api_key\"`)\n\n // Update each key with its hash, prefix, and suffix\n for (const key of existingKeys) {\n const value = key.value\n const keyHash = crypto.createHash('sha256').update(value).digest('hex')\n const keyPrefix = value.substring(0, 3)\n const keySuffix = value.slice(-3)\n\n await queryRunner.query(\n `UPDATE \"api_key\" \n SET \"keyHash\" = $1, \n \"keyPrefix\" = $2, \n \"keySuffix\" = $3 \n WHERE \"value\" = $4`,\n [keyHash, keyPrefix, keySuffix, value],\n )\n }\n\n // Drop value column and its unique constraint\n await queryRunner.query(`ALTER TABLE \"api_key\" DROP CONSTRAINT \"UQ_4b0873b633484d5de20b2d8f852\"`)\n await queryRunner.query(`ALTER TABLE \"api_key\" DROP COLUMN \"value\"`)\n\n // Add unique constraint\n await queryRunner.query(`ALTER TABLE \"api_key\" ADD CONSTRAINT \"api_key_keyHash_unique\" UNIQUE (\"keyHash\")`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // Revert the schema changes\n await queryRunner.query(`ALTER TABLE \"api_key\" DROP CONSTRAINT \"api_key_keyHash_unique\"`)\n await queryRunner.query(`ALTER TABLE \"api_key\" DROP COLUMN \"keySuffix\"`)\n await queryRunner.query(`ALTER TABLE \"api_key\" DROP COLUMN \"keyPrefix\"`)\n await queryRunner.query(`ALTER TABLE \"api_key\" DROP COLUMN \"keyHash\"`)\n await queryRunner.query(`ALTER TABLE \"api_key\" ADD \"value\" character varying NOT NULL DEFAULT ''`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1745864972652-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1745864972652 implements MigrationInterface {\n name = 'Migration1745864972652'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`\n ALTER TABLE \"workspace\"\n ALTER COLUMN \"env\" DROP DEFAULT,\n ALTER COLUMN \"env\" TYPE jsonb USING \"env\"::jsonb,\n ALTER COLUMN \"env\" SET DEFAULT '{}'::jsonb,\n ALTER COLUMN \"env\" SET NOT NULL;\n `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`\n ALTER TABLE \"workspace\"\n ALTER COLUMN \"env\" DROP DEFAULT,\n ALTER COLUMN \"env\" TYPE text USING \"env\"::text,\n ALTER COLUMN \"env\" SET DEFAULT '{}'::text,\n ALTER COLUMN \"env\" SET NOT NULL;\n `)\n }\n}\n" }, { "path": "apps/api/src/migrations/1746354231722-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1746354231722 implements MigrationInterface {\n name = 'Migration1746354231722'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"image\" ADD \"buildNodeId\" character varying`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"image\" DROP COLUMN \"buildNodeId\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1746604150910-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1746604150910 implements MigrationInterface {\n name = 'Migration1746604150910'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"volume_quota\" integer NOT NULL DEFAULT '10'`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"volume_quota\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1747658203010-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1747658203010 implements MigrationInterface {\n name = 'Migration1747658203010'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"api_key\" ADD \"lastUsedAt\" TIMESTAMP`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"api_key\" DROP COLUMN \"lastUsedAt\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1748006546552-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1748006546552 implements MigrationInterface {\n name = 'Migration1748006546552'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"max_concurrent_workspaces\"`)\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"workspace_quota\"`)\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"total_image_size\"`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"total_memory_quota\" SET DEFAULT '10'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"total_disk_quota\" SET DEFAULT '30'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"max_cpu_per_workspace\" SET DEFAULT '4'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"max_memory_per_workspace\" SET DEFAULT '8'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"max_image_size\" SET DEFAULT '20'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"image_quota\" SET DEFAULT '100'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"volume_quota\" SET DEFAULT '100'`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"volume_quota\" SET DEFAULT '10'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"image_quota\" SET DEFAULT '0'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"max_image_size\" SET DEFAULT '2'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"max_memory_per_workspace\" SET DEFAULT '4'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"max_cpu_per_workspace\" SET DEFAULT '2'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"total_disk_quota\" SET DEFAULT '100'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"total_memory_quota\" SET DEFAULT '40'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"total_image_size\" integer NOT NULL DEFAULT '5'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"workspace_quota\" integer NOT NULL DEFAULT '0'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"max_concurrent_workspaces\" integer NOT NULL DEFAULT '10'`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1748866194353-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1748866194353 implements MigrationInterface {\n name = 'Migration1748866194353'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"workspace\" ADD \"autoArchiveInterval\" integer NOT NULL DEFAULT '10080'`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"workspace\" DROP COLUMN \"autoArchiveInterval\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1749474791343-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1749474791343 implements MigrationInterface {\n name = 'Migration1749474791343'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"api_key\" ADD \"expiresAt\" TIMESTAMP`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"api_key\" DROP COLUMN \"expiresAt\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1749474791344-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1749474791344 implements MigrationInterface {\n name = 'Migration1749474791344'\n\n public async up(queryRunner: QueryRunner): Promise {\n // Snapshot to backup rename\n await queryRunner.renameColumn('workspace', 'snapshotRegistryId', 'backupRegistryId')\n await queryRunner.renameColumn('workspace', 'snapshotImage', 'backupImage')\n await queryRunner.renameColumn('workspace', 'lastSnapshotAt', 'lastBackupAt')\n await queryRunner.renameColumn('workspace', 'snapshotState', 'backupState')\n await queryRunner.renameColumn('workspace', 'existingSnapshotImages', 'existingBackupImages')\n\n // Node to runner rename\n await queryRunner.renameColumn('image', 'buildNodeId', 'buildRunnerId')\n await queryRunner.renameTable('image_node', 'image_runner')\n await queryRunner.renameColumn('image_runner', 'nodeId', 'runnerId')\n await queryRunner.renameTable('node', 'runner')\n await queryRunner.renameColumn('workspace', 'nodeId', 'runnerId')\n await queryRunner.renameColumn('workspace', 'prevNodeId', 'prevRunnerId')\n\n // Image to snapshot rename\n await queryRunner.renameColumn('warm_pool', 'image', 'snapshot')\n await queryRunner.renameColumn('organization', 'image_quota', 'snapshot_quota')\n await queryRunner.renameColumn('organization', 'max_image_size', 'max_snapshot_size')\n await queryRunner.query(\n `ALTER TYPE \"public\".\"organization_role_permissions_enum\" RENAME VALUE 'write:images' TO 'write:snapshots'`,\n )\n await queryRunner.query(\n `ALTER TYPE \"public\".\"organization_role_permissions_enum\" RENAME VALUE 'delete:images' TO 'delete:snapshots'`,\n )\n await queryRunner.query(\n `ALTER TYPE \"public\".\"api_key_permissions_enum\" RENAME VALUE 'write:images' TO 'write:snapshots'`,\n )\n await queryRunner.query(\n `ALTER TYPE \"public\".\"api_key_permissions_enum\" RENAME VALUE 'delete:images' TO 'delete:snapshots'`,\n )\n await queryRunner.renameTable('image_runner', 'snapshot_runner')\n await queryRunner.renameColumn('snapshot_runner', 'imageRef', 'snapshotRef')\n await queryRunner.query(\n `ALTER TYPE \"public\".\"snapshot_runner_state_enum\" RENAME VALUE 'pulling_image' TO 'pulling_snapshot'`,\n )\n await queryRunner.query(\n `ALTER TYPE \"public\".\"snapshot_runner_state_enum\" RENAME VALUE 'building_image' TO 'building_snapshot'`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot_runner\" ALTER COLUMN \"state\" SET DEFAULT 'pulling_snapshot'`)\n await queryRunner.renameColumn('build_info', 'imageRef', 'snapshotRef')\n await queryRunner.renameTable('image', 'snapshot')\n await queryRunner.renameColumn('snapshot', 'buildInfoImageRef', 'buildInfoSnapshotRef')\n await queryRunner.query(`ALTER TYPE \"public\".\"snapshot_state_enum\" RENAME VALUE 'pulling_image' TO 'pulling'`)\n await queryRunner.renameColumn('workspace', 'image', 'snapshot')\n await queryRunner.renameColumn('workspace', 'buildInfoImageRef', 'buildInfoSnapshotRef')\n await queryRunner.renameColumn('workspace', 'backupImage', 'backupSnapshot')\n await queryRunner.renameColumn('workspace', 'existingBackupImages', 'existingBackupSnapshots')\n await queryRunner.query(\n `ALTER TYPE \"public\".\"workspace_state_enum\" RENAME VALUE 'pulling_image' TO 'pulling_snapshot'`,\n )\n await queryRunner.query(\n `ALTER TYPE \"public\".\"workspace_state_enum\" RENAME VALUE 'building_image' TO 'building_snapshot'`,\n )\n\n // Workspace to sandbox rename\n await queryRunner.renameTable('workspace', 'sandbox')\n await queryRunner.renameTable('workspace_usage_periods', 'sandbox_usage_periods')\n await queryRunner.renameColumn('sandbox_usage_periods', 'workspaceId', 'sandboxId')\n await queryRunner.renameColumn('organization', 'max_cpu_per_workspace', 'max_cpu_per_sandbox')\n await queryRunner.renameColumn('organization', 'max_memory_per_workspace', 'max_memory_per_sandbox')\n await queryRunner.renameColumn('organization', 'max_disk_per_workspace', 'max_disk_per_sandbox')\n\n // Snapshot fields\n await queryRunner.query(`ALTER TABLE \"snapshot\" ADD \"imageName\" character varying NOT NULL DEFAULT ''`)\n await queryRunner.query(`ALTER TABLE \"snapshot\" ADD \"cpu\" integer NOT NULL DEFAULT '1'`)\n await queryRunner.query(`ALTER TABLE \"snapshot\" ADD \"gpu\" integer NOT NULL DEFAULT '0'`)\n await queryRunner.query(`ALTER TABLE \"snapshot\" ADD \"mem\" integer NOT NULL DEFAULT '1'`)\n await queryRunner.query(`ALTER TABLE \"snapshot\" ADD \"disk\" integer NOT NULL DEFAULT '3'`)\n await queryRunner.query(`UPDATE \"snapshot\" SET \"imageName\" = \"name\"`)\n\n // Add hideFromUsers column\n await queryRunner.query(`ALTER TABLE \"snapshot\" ADD \"hideFromUsers\" boolean NOT NULL DEFAULT false`)\n\n // Set hideFromUsers to true for general snapshots with names starting with \"daytonaio/\"\n await queryRunner.query(\n `UPDATE \"snapshot\" SET \"hideFromUsers\" = true WHERE \"general\" = true AND \"name\" LIKE 'daytonaio/%'`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // Remove hideFromUsers column\n await queryRunner.query(`ALTER TABLE \"snapshot\" DROP COLUMN \"hideFromUsers\"`)\n\n // Snapshot fields\n await queryRunner.query(`ALTER TABLE \"snapshot\" DROP COLUMN \"disk\"`)\n await queryRunner.query(`ALTER TABLE \"snapshot\" DROP COLUMN \"mem\"`)\n await queryRunner.query(`ALTER TABLE \"snapshot\" DROP COLUMN \"gpu\"`)\n await queryRunner.query(`ALTER TABLE \"snapshot\" DROP COLUMN \"cpu\"`)\n await queryRunner.query(`ALTER TABLE \"snapshot\" DROP COLUMN \"imageName\"`)\n\n // Revert workspace to sandbox rename\n await queryRunner.renameColumn('organization', 'max_disk_per_sandbox', 'max_disk_per_workspace')\n await queryRunner.renameColumn('organization', 'max_memory_per_sandbox', 'max_memory_per_workspace')\n await queryRunner.renameColumn('organization', 'max_cpu_per_sandbox', 'max_cpu_per_workspace')\n await queryRunner.renameColumn('sandbox_usage_periods', 'sandboxId', 'workspaceId')\n await queryRunner.renameTable('sandbox_usage_periods', 'workspace_usage_periods')\n await queryRunner.renameTable('sandbox', 'workspace')\n\n // Revert image to snapshot rename\n await queryRunner.query(\n `ALTER TYPE \"public\".\"workspace_state_enum\" RENAME VALUE 'pulling_snapshot' TO 'pulling_image'`,\n )\n await queryRunner.query(\n `ALTER TYPE \"public\".\"workspace_state_enum\" RENAME VALUE 'building_snapshot' TO 'building_image'`,\n )\n await queryRunner.renameColumn('workspace', 'existingBackupSnapshots', 'existingBackupImages')\n await queryRunner.renameColumn('workspace', 'backupSnapshot', 'backupImage')\n await queryRunner.renameColumn('workspace', 'buildInfoSnapshotRef', 'buildInfoImageRef')\n await queryRunner.renameColumn('workspace', 'snapshot', 'image')\n await queryRunner.query(`ALTER TYPE \"public\".\"snapshot_state_enum\" RENAME VALUE 'pulling' TO 'pulling_image'`)\n await queryRunner.renameColumn('snapshot', 'buildInfoSnapshotRef', 'buildInfoImageRef')\n await queryRunner.renameTable('snapshot', 'image')\n await queryRunner.renameColumn('build_info', 'snapshotRef', 'imageRef')\n await queryRunner.query(\n `ALTER TYPE \"public\".\"snapshot_runner_state_enum\" RENAME VALUE 'pulling_snapshot' TO 'pulling_image'`,\n )\n await queryRunner.query(\n `ALTER TYPE \"public\".\"snapshot_runner_state_enum\" RENAME VALUE 'building_snapshot' TO 'building_image'`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot_runner\" ALTER COLUMN \"state\" SET DEFAULT 'pulling_image'`)\n await queryRunner.renameColumn('snapshot_runner', 'snapshotRef', 'imageRef')\n await queryRunner.renameTable('snapshot_runner', 'image_runner')\n await queryRunner.query(\n `ALTER TYPE \"public\".\"api_key_permissions_enum\" RENAME VALUE 'write:snapshots' TO 'write:images'`,\n )\n await queryRunner.query(\n `ALTER TYPE \"public\".\"api_key_permissions_enum\" RENAME VALUE 'delete:snapshots' TO 'delete:images'`,\n )\n await queryRunner.query(\n `ALTER TYPE \"public\".\"organization_role_permissions_enum\" RENAME VALUE 'write:snapshots' TO 'write:images'`,\n )\n await queryRunner.query(\n `ALTER TYPE \"public\".\"organization_role_permissions_enum\" RENAME VALUE 'delete:snapshots' TO 'delete:images'`,\n )\n await queryRunner.renameColumn('organization', 'max_snapshot_size', 'max_image_size')\n await queryRunner.renameColumn('organization', 'snapshot_quota', 'image_quota')\n await queryRunner.renameColumn('warm_pool', 'snapshot', 'image')\n\n // Revert node to runner rename\n await queryRunner.renameColumn('workspace', 'prevRunnerId', 'prevNodeId')\n await queryRunner.renameColumn('workspace', 'runnerId', 'nodeId')\n await queryRunner.renameTable('runner', 'node')\n await queryRunner.renameColumn('image_runner', 'runnerId', 'nodeId')\n await queryRunner.renameTable('image_runner', 'image_node')\n await queryRunner.renameColumn('image', 'buildRunnerId', 'buildNodeId')\n\n // Revert snapshot to backup rename\n await queryRunner.renameColumn('workspace', 'existingBackupImages', 'existingSnapshotImages')\n await queryRunner.renameColumn('workspace', 'backupState', 'snapshotState')\n await queryRunner.renameColumn('workspace', 'lastBackupAt', 'lastSnapshotAt')\n await queryRunner.renameColumn('workspace', 'backupImage', 'snapshotImage')\n await queryRunner.renameColumn('workspace', 'backupRegistryId', 'snapshotRegistryId')\n }\n}\n" }, { "path": "apps/api/src/migrations/1749474791345-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1749474791345 implements MigrationInterface {\n name = 'Migration1749474791345'\n\n public async up(queryRunner: QueryRunner): Promise {\n // For sandbox_state_enum\n await queryRunner.query(`ALTER TYPE \"public\".\"sandbox_state_enum\" RENAME TO \"sandbox_state_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"sandbox_state_enum\" AS ENUM('creating', 'restoring', 'destroyed', 'destroying', 'started', 'stopped', 'starting', 'stopping', 'error', 'build_failed', 'pending_build', 'building_snapshot', 'unknown', 'pulling_snapshot', 'archiving', 'archived')`,\n )\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"sandbox\" ALTER COLUMN \"state\" TYPE \"public\".\"sandbox_state_enum\" USING \"state\"::\"text\"::\"public\".\"sandbox_state_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"state\" SET DEFAULT 'unknown'`)\n await queryRunner.query(`DROP TYPE \"public\".\"sandbox_state_enum_old\"`)\n\n // For snapshot_state_enum\n await queryRunner.query(`ALTER TYPE \"public\".\"snapshot_state_enum\" RENAME TO \"snapshot_state_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"snapshot_state_enum\" AS ENUM('build_pending', 'building', 'pending', 'pulling', 'pending_validation', 'validating', 'active', 'error', 'build_failed', 'removing')`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" TYPE \"public\".\"snapshot_state_enum\" USING \"state\"::\"text\"::\"public\".\"snapshot_state_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" SET DEFAULT 'pending'`)\n await queryRunner.query(`DROP TYPE \"public\".\"snapshot_state_enum_old\"`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // For snapshot_state_enum - recreate without build_failed\n await queryRunner.query(`UPDATE \"snapshot\" SET \"state\" = 'error' WHERE \"state\" = 'build_failed'`)\n\n await queryRunner.query(`ALTER TYPE \"public\".\"snapshot_state_enum\" RENAME TO \"snapshot_state_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"snapshot_state_enum\" AS ENUM('build_pending', 'building', 'pending', 'pulling', 'pending_validation', 'validating', 'active', 'error', 'removing')`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" TYPE \"public\".\"snapshot_state_enum\" USING \"state\"::\"text\"::\"public\".\"snapshot_state_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" SET DEFAULT 'pending'`)\n await queryRunner.query(`DROP TYPE \"public\".\"snapshot_state_enum_old\"`)\n\n // For sandbox_state_enum - recreate without build_failed\n await queryRunner.query(`UPDATE \"sandbox\" SET \"state\" = 'error' WHERE \"state\" = 'build_failed'`)\n\n await queryRunner.query(`ALTER TYPE \"public\".\"sandbox_state_enum\" RENAME TO \"sandbox_state_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"sandbox_state_enum\" AS ENUM('creating', 'restoring', 'destroyed', 'destroying', 'started', 'stopped', 'starting', 'stopping', 'error', 'pending_build', 'building_snapshot', 'unknown', 'pulling_snapshot', 'archiving', 'archived')`,\n )\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"sandbox\" ALTER COLUMN \"state\" TYPE \"public\".\"sandbox_state_enum\" USING \"state\"::\"text\"::\"public\".\"sandbox_state_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"state\" SET DEFAULT 'unknown'`)\n await queryRunner.query(`DROP TYPE \"public\".\"sandbox_state_enum_old\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1750077343089-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1750077343089 implements MigrationInterface {\n name = 'Migration1750077343089'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"sandbox\" ADD \"daemonVersion\" character varying`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"sandbox\" DROP COLUMN \"daemonVersion\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1750436374899-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1750436374899 implements MigrationInterface {\n name = 'Migration1750436374899'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `CREATE TABLE \"audit_log\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"actorId\" character varying NOT NULL, \"actorEmail\" character varying NOT NULL DEFAULT '', \"organizationId\" character varying, \"action\" character varying NOT NULL, \"targetType\" character varying, \"targetId\" character varying, \"statusCode\" integer, \"errorMessage\" character varying, \"ipAddress\" character varying, \"userAgent\" text, \"source\" character varying, \"metadata\" jsonb, \"createdAt\" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), CONSTRAINT \"audit_log_id_pk\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(\n `CREATE INDEX \"audit_log_organizationId_createdAt_index\" ON \"audit_log\" (\"organizationId\", \"createdAt\") `,\n )\n await queryRunner.query(`CREATE INDEX \"audit_log_createdAt_index\" ON \"audit_log\" (\"createdAt\") `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`DROP INDEX \"public\".\"audit_log_createdAt_index\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"audit_log_organizationId_createdAt_index\"`)\n await queryRunner.query(`DROP TABLE \"audit_log\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1750668569562-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1750668569562 implements MigrationInterface {\n name = 'Migration1750668569562'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"sandbox\" ADD \"autoDeleteInterval\" integer NOT NULL DEFAULT '-1'`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"sandbox\" DROP COLUMN \"autoDeleteInterval\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1750751712412-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1750751712412 implements MigrationInterface {\n name = 'Migration1750751712412'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TYPE \"public\".\"snapshot_state_enum\" RENAME TO \"snapshot_state_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"snapshot_state_enum\" AS ENUM('build_pending', 'building', 'pending', 'pulling', 'pending_validation', 'validating', 'active', 'inactive', 'error', 'build_failed', 'removing')`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" TYPE \"public\".\"snapshot_state_enum\" USING \"state\"::\"text\"::\"public\".\"snapshot_state_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" SET DEFAULT 'pending'`)\n await queryRunner.query(`DROP TYPE \"public\".\"snapshot_state_enum_old\"`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `CREATE TYPE \"public\".\"snapshot_state_enum_old\" AS ENUM('active', 'build_failed', 'build_pending', 'building', 'error', 'pending', 'pending_validation', 'pulling', 'removing', 'validating')`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" TYPE \"public\".\"snapshot_state_enum_old\" USING \"state\"::\"text\"::\"public\".\"snapshot_state_enum_old\"`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" SET DEFAULT 'pending'`)\n await queryRunner.query(`DROP TYPE \"public\".\"snapshot_state_enum\"`)\n await queryRunner.query(`ALTER TYPE \"public\".\"snapshot_state_enum_old\" RENAME TO \"snapshot_state_enum\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1751456907334-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\nimport { GlobalOrganizationRolesIds } from '../organization/constants/global-organization-roles.constant'\nimport { OrganizationResourcePermission } from '../organization/enums/organization-resource-permission.enum'\n\nexport class Migration1751456907334 implements MigrationInterface {\n name = 'Migration1751456907334'\n\n public async up(queryRunner: QueryRunner): Promise {\n // update enums\n await queryRunner.query(`ALTER TYPE \"public\".\"api_key_permissions_enum\" RENAME TO \"api_key_permissions_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"api_key_permissions_enum\" AS ENUM('write:registries', 'delete:registries', 'write:snapshots', 'delete:snapshots', 'write:sandboxes', 'delete:sandboxes', 'read:volumes', 'write:volumes', 'delete:volumes', 'read:audit_logs')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"api_key\" ALTER COLUMN \"permissions\" TYPE \"public\".\"api_key_permissions_enum\"[] USING \"permissions\"::\"text\"::\"public\".\"api_key_permissions_enum\"[]`,\n )\n await queryRunner.query(`DROP TYPE \"public\".\"api_key_permissions_enum_old\"`)\n await queryRunner.query(\n `ALTER TYPE \"public\".\"organization_role_permissions_enum\" RENAME TO \"organization_role_permissions_enum_old\"`,\n )\n await queryRunner.query(\n `CREATE TYPE \"public\".\"organization_role_permissions_enum\" AS ENUM('write:registries', 'delete:registries', 'write:snapshots', 'delete:snapshots', 'write:sandboxes', 'delete:sandboxes', 'read:volumes', 'write:volumes', 'delete:volumes', 'read:audit_logs')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role\" ALTER COLUMN \"permissions\" TYPE \"public\".\"organization_role_permissions_enum\"[] USING \"permissions\"::\"text\"::\"public\".\"organization_role_permissions_enum\"[]`,\n )\n await queryRunner.query(`DROP TYPE \"public\".\"organization_role_permissions_enum_old\"`)\n\n // add auditor role\n await queryRunner.query(`\n INSERT INTO \"organization_role\" \n (\"id\", \"name\", \"description\", \"permissions\", \"isGlobal\")\n VALUES \n (\n '${GlobalOrganizationRolesIds.AUDITOR}', \n 'Auditor', \n 'Grants access to audit logs in the organization', \n ARRAY[\n '${OrganizationResourcePermission.READ_AUDIT_LOGS}'\n ]::organization_role_permissions_enum[],\n TRUE\n )\n `)\n\n // update organization role foreign keys\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment\" DROP CONSTRAINT \"organization_role_assignment_roleId_fk\"`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment\" ADD CONSTRAINT \"organization_role_assignment_roleId_fk\" FOREIGN KEY (\"roleId\") REFERENCES \"organization_role\"(\"id\") ON DELETE CASCADE ON UPDATE CASCADE`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment_invitation\" DROP CONSTRAINT \"organization_role_assignment_invitation_roleId_fk\"`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role_assignment_invitation\" ADD CONSTRAINT \"organization_role_assignment_invitation_roleId_fk\" FOREIGN KEY (\"roleId\") REFERENCES \"organization_role\"(\"id\") ON DELETE CASCADE ON UPDATE CASCADE`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // delete auditor role\n await queryRunner.query(`DELETE FROM \"organization_role\" WHERE \"id\" = '${GlobalOrganizationRolesIds.AUDITOR}'`)\n\n // remove read:audit_logs permission from api keys and organization roles\n await queryRunner.query(\n `UPDATE \"api_key\" SET \"permissions\" = array_remove(\"permissions\", '${OrganizationResourcePermission.READ_AUDIT_LOGS}')`,\n )\n await queryRunner.query(\n `UPDATE \"organization_role\" SET \"permissions\" = array_remove(\"permissions\", '${OrganizationResourcePermission.READ_AUDIT_LOGS}')`,\n )\n\n // revert enums\n await queryRunner.query(\n `CREATE TYPE \"public\".\"organization_role_permissions_enum_old\" AS ENUM('delete:registries', 'delete:sandboxes', 'delete:snapshots', 'delete:volumes', 'read:volumes', 'write:registries', 'write:sandboxes', 'write:snapshots', 'write:volumes')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role\" ALTER COLUMN \"permissions\" TYPE \"public\".\"organization_role_permissions_enum_old\"[] USING \"permissions\"::\"text\"::\"public\".\"organization_role_permissions_enum_old\"[]`,\n )\n await queryRunner.query(`DROP TYPE \"public\".\"organization_role_permissions_enum\"`)\n await queryRunner.query(\n `ALTER TYPE \"public\".\"organization_role_permissions_enum_old\" RENAME TO \"organization_role_permissions_enum\"`,\n )\n await queryRunner.query(\n `CREATE TYPE \"public\".\"api_key_permissions_enum_old\" AS ENUM('delete:registries', 'delete:sandboxes', 'delete:snapshots', 'delete:volumes', 'read:volumes', 'write:registries', 'write:sandboxes', 'write:snapshots', 'write:volumes')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"api_key\" ALTER COLUMN \"permissions\" TYPE \"public\".\"api_key_permissions_enum_old\"[] USING \"permissions\"::\"text\"::\"public\".\"api_key_permissions_enum_old\"[]`,\n )\n await queryRunner.query(`DROP TYPE \"public\".\"api_key_permissions_enum\"`)\n await queryRunner.query(`ALTER TYPE \"public\".\"api_key_permissions_enum_old\" RENAME TO \"api_key_permissions_enum\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1752494676200-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1752494676200 implements MigrationInterface {\n name = 'Migration1752494676200'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`DROP TABLE \"team\"`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `CREATE TABLE \"team\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"name\" character varying NOT NULL, CONSTRAINT \"PK_f57d8293406df4af348402e4b74\" PRIMARY KEY (\"id\"))`,\n )\n }\n}\n" }, { "path": "apps/api/src/migrations/1752494676205-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1752494676205 implements MigrationInterface {\n name = 'Migration1752494676205'\n\n public async up(queryRunner: QueryRunner): Promise {\n // Convert runner.region from enum to varchar\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"region\" TYPE varchar USING \"region\"::text`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"region\" SET DEFAULT 'us'`)\n\n // Convert sandbox.region from enum to varchar\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"region\" TYPE varchar USING \"region\"::text`)\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"region\" SET DEFAULT 'us'`)\n\n // Convert warm_pool.target from enum to varchar\n await queryRunner.query(`ALTER TABLE \"warm_pool\" ALTER COLUMN \"target\" TYPE varchar USING \"target\"::text`)\n await queryRunner.query(`ALTER TABLE \"warm_pool\" ALTER COLUMN \"target\" SET DEFAULT 'us'`)\n\n // Drop the enum type if it exists\n await queryRunner.query(`DROP TYPE IF EXISTS \"public\".\"runner_region_enum\"`)\n await queryRunner.query(`DROP TYPE IF EXISTS \"public\".\"sandbox_region_enum\"`)\n await queryRunner.query(`DROP TYPE IF EXISTS \"public\".\"warm_pool_target_enum\"`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // Recreate the enum type\n await queryRunner.query(`CREATE TYPE \"public\".\"warm_pool_target_enum\" AS ENUM('eu', 'us', 'asia')`)\n await queryRunner.query(`CREATE TYPE \"public\".\"sandbox_region_enum\" AS ENUM('eu', 'us', 'asia')`)\n await queryRunner.query(`CREATE TYPE \"public\".\"runner_region_enum\" AS ENUM('eu', 'us', 'asia')`)\n\n // Convert back to enum for runner.region\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"region\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"runner\" ALTER COLUMN \"region\" TYPE \"public\".\"runner_region_enum\" USING \"region\"::\"public\".\"runner_region_enum\"`,\n )\n\n // Convert back to enum for sandbox.region\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"region\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"sandbox\" ALTER COLUMN \"region\" TYPE \"public\".\"sandbox_region_enum\" USING \"region\"::\"public\".\"sandbox_region_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"region\" SET DEFAULT 'eu'`)\n\n // Convert back to enum for warm_pool.target\n await queryRunner.query(`ALTER TABLE \"warm_pool\" ALTER COLUMN \"target\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"warm_pool\" ALTER COLUMN \"target\" TYPE \"public\".\"warm_pool_target_enum\" USING \"target\"::\"public\".\"warm_pool_target_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"warm_pool\" ALTER COLUMN \"target\" SET DEFAULT 'eu'`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1752848014862-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1752848014862 implements MigrationInterface {\n name = 'Migration1752848014862'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"warm_pool\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"warm_pool\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"lastChecked\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"sandbox_usage_periods\" ALTER COLUMN \"startAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"sandbox_usage_periods\" ALTER COLUMN \"endAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"snapshot_runner\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"snapshot_runner\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"lastActivityAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"lastBackupAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"build_info\" ALTER COLUMN \"lastUsedAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"build_info\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"build_info\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"volume\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"volume\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"organization_user\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"organization_user\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(\n `ALTER TABLE \"organization_invitation\" ALTER COLUMN \"expiresAt\" TYPE TIMESTAMP WITH TIME ZONE`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_invitation\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP WITH TIME ZONE`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_invitation\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP WITH TIME ZONE`,\n )\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"suspendedAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"suspendedUntil\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"organization_role\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n await queryRunner.query(`ALTER TABLE \"organization_role\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP WITH TIME ZONE`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization_role\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"organization_role\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"suspendedUntil\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"suspendedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"organization_invitation\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"organization_invitation\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"organization_invitation\" ALTER COLUMN \"expiresAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"organization_user\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"organization_user\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"volume\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"volume\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"imageName\" SET DEFAULT ''`)\n await queryRunner.query(`ALTER TABLE \"build_info\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"build_info\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"build_info\" ALTER COLUMN \"lastUsedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"lastBackupAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"lastActivityAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"snapshot_runner\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"snapshot_runner\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"sandbox_usage_periods\" ALTER COLUMN \"endAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"sandbox_usage_periods\" ALTER COLUMN \"startAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"lastChecked\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"warm_pool\" ALTER COLUMN \"updatedAt\" TYPE TIMESTAMP`)\n await queryRunner.query(`ALTER TABLE \"warm_pool\" ALTER COLUMN \"createdAt\" TYPE TIMESTAMP`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1753099115783-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1753099115783 implements MigrationInterface {\n name = 'Migration1753099115783'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"snapshot\" DROP COLUMN \"enabled\"`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"snapshot\" ADD \"enabled\" boolean NOT NULL DEFAULT true`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1753100751730-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1753100751730 implements MigrationInterface {\n name = 'Migration1753100751730'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.renameColumn('runner', 'memory', 'memoryGiB')\n await queryRunner.renameColumn('runner', 'disk', 'diskGiB')\n await queryRunner.query(\n `ALTER TABLE \"runner\" ADD \"currentCpuUsagePercentage\" double precision NOT NULL DEFAULT '0'`,\n )\n await queryRunner.query(\n `ALTER TABLE \"runner\" ADD \"currentMemoryUsagePercentage\" double precision NOT NULL DEFAULT '0'`,\n )\n await queryRunner.query(\n `ALTER TABLE \"runner\" ADD \"currentDiskUsagePercentage\" double precision NOT NULL DEFAULT '0'`,\n )\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"currentAllocatedCpu\" integer NOT NULL DEFAULT '0'`)\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"currentAllocatedMemoryGiB\" integer NOT NULL DEFAULT '0'`)\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"currentAllocatedDiskGiB\" integer NOT NULL DEFAULT '0'`)\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"currentSnapshotCount\" integer NOT NULL DEFAULT '0'`)\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"availabilityScore\" integer NOT NULL DEFAULT '0'`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"availabilityScore\"`)\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"currentSnapshotCount\"`)\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"currentAllocatedDiskGiB\"`)\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"currentAllocatedMemoryGiB\"`)\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"currentAllocatedCpu\"`)\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"currentDiskUsagePercentage\"`)\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"currentMemoryUsagePercentage\"`)\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"currentCpuUsagePercentage\"`)\n await queryRunner.renameColumn('runner', 'diskGiB', 'disk')\n await queryRunner.renameColumn('runner', 'memoryGiB', 'memory')\n }\n}\n" }, { "path": "apps/api/src/migrations/1753100751731-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\nimport { GlobalOrganizationRolesIds } from '../organization/constants/global-organization-roles.constant'\n\nexport class Migration1753100751731 implements MigrationInterface {\n name = 'Migration1753100751731'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`\n UPDATE \"organization_role\" \n SET \"name\" = 'Snapshots Admin', \"description\" = 'Grants admin access to snapshots in the organization'\n WHERE \"id\" = '${GlobalOrganizationRolesIds.SNAPSHOTS_ADMIN}'\n `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`\n UPDATE \"organization_role\" \n SET \"name\" = 'Images Admin', \"description\" = 'Grants admin access to images in the organization'\n WHERE \"id\" = '${GlobalOrganizationRolesIds.SNAPSHOTS_ADMIN}'\n `)\n }\n}\n" }, { "path": "apps/api/src/migrations/1753185133351-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1753185133351 implements MigrationInterface {\n name = 'Migration1753185133351'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"version\" character varying NOT NULL DEFAULT '0'`)\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"proxyUrl\" character varying NOT NULL DEFAULT ''`)\n // Copy apiUrl to proxyUrl for all existing records\n await queryRunner.query(`UPDATE \"runner\" SET \"proxyUrl\" = \"apiUrl\"`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"version\"`)\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"proxyUrl\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1753274135567-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1753274135567 implements MigrationInterface {\n name = 'Migration1753274135567'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"project\" SET DEFAULT ''`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"project\" DROP DEFAULT`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1753430929609-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1753430929609 implements MigrationInterface {\n name = 'Migration1753430929609'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"user\" ADD \"createdAt\" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now()`)\n\n // For existing users, set createdAt to match their personal organization's createdAt\n await queryRunner.query(`\n UPDATE \"user\" u \n SET \"createdAt\" = o.\"createdAt\" \n FROM \"organization\" o \n WHERE o.\"createdBy\" = u.id \n AND o.personal = true;\n `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"user\" DROP COLUMN \"createdAt\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1753717830378-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1753717830378 implements MigrationInterface {\n name = 'Migration1753717830378'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"sandbox\" ADD \"networkBlockAll\" boolean NOT NULL DEFAULT false`)\n await queryRunner.query(`ALTER TABLE \"sandbox\" ADD \"networkAllowList\" character varying`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"sandbox\" DROP COLUMN \"networkAllowList\"`)\n await queryRunner.query(`ALTER TABLE \"sandbox\" DROP COLUMN \"networkBlockAll\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1754042247109-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1754042247109 implements MigrationInterface {\n name = 'Migration1754042247109'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `ALTER TABLE \"organization\" ADD \"suspensionCleanupGracePeriodHours\" integer NOT NULL DEFAULT '24'`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"suspensionCleanupGracePeriodHours\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1755003696741-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1755003696741 implements MigrationInterface {\n name = 'Migration1755003696741'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"sandbox\" ADD \"backupErrorReason\" text`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"sandbox\" DROP COLUMN \"backupErrorReason\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1755356869493-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1755356869493 implements MigrationInterface {\n name = 'Migration1755356869493'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `CREATE TABLE \"webhook_initialization\" (\"organizationId\" character varying NOT NULL, \"svixApplicationId\" character varying, \"lastError\" text, \"retryCount\" integer NOT NULL DEFAULT '0', \"createdAt\" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), CONSTRAINT \"webhook_initialization_organizationId_pk\" PRIMARY KEY (\"organizationId\"))`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`DROP TABLE \"webhook_initialization\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1755464957487-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1755464957487 implements MigrationInterface {\n name = 'Migration1755464957487'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `CREATE TABLE \"ssh_access\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"sandboxId\" character varying NOT NULL, \"token\" text NOT NULL, \"expiresAt\" TIMESTAMP NOT NULL, \"createdAt\" TIMESTAMP NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP NOT NULL DEFAULT now(), CONSTRAINT \"ssh_access_id_pk\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(\n `ALTER TABLE \"ssh_access\" ADD CONSTRAINT \"ssh_access_sandboxId_fk\" FOREIGN KEY (\"sandboxId\") REFERENCES \"sandbox\"(\"id\") ON DELETE CASCADE ON UPDATE NO ACTION`,\n )\n await queryRunner.query(\n `ALTER TABLE \"sandbox\" ADD \"sshPass\" character varying(32) NOT NULL DEFAULT REPLACE(uuid_generate_v4()::text, '-', '')`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"sandbox\" DROP COLUMN \"sshPass\"`)\n await queryRunner.query(`ALTER TABLE \"ssh_access\" DROP CONSTRAINT \"ssh_access_sandboxId_fk\"`)\n await queryRunner.query(`DROP TABLE \"ssh_access\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1755521645207-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1755521645207 implements MigrationInterface {\n name = 'Migration1755521645207'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `CREATE TABLE \"sandbox_usage_periods_archive\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"sandboxId\" character varying NOT NULL, \"organizationId\" character varying NOT NULL, \"startAt\" TIMESTAMP WITH TIME ZONE NOT NULL, \"endAt\" TIMESTAMP WITH TIME ZONE NOT NULL, \"cpu\" double precision NOT NULL, \"gpu\" double precision NOT NULL, \"mem\" double precision NOT NULL, \"disk\" double precision NOT NULL, \"region\" character varying NOT NULL, CONSTRAINT \"sandbox_usage_periods_archive_id_pk\" PRIMARY KEY (\"id\"))`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`DROP TABLE \"sandbox_usage_periods_archive\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1755860619921-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1755860619921 implements MigrationInterface {\n name = 'Migration1755860619921'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `ALTER TABLE \"organization\" ADD \"sandboxLimitedNetworkEgress\" boolean NOT NULL DEFAULT false`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"sandboxLimitedNetworkEgress\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1757513754037-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1757513754037 implements MigrationInterface {\n name = 'Migration1757513754037'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ADD \"region\" character varying`)\n\n await queryRunner.query(\n `ALTER TYPE \"public\".\"docker_registry_registrytype_enum\" RENAME TO \"docker_registry_registrytype_enum_old\"`,\n )\n await queryRunner.query(\n `CREATE TYPE \"public\".\"docker_registry_registrytype_enum\" AS ENUM('internal', 'organization', 'transient', 'backup')`,\n )\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"registryType\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"docker_registry\" ALTER COLUMN \"registryType\" TYPE \"public\".\"docker_registry_registrytype_enum\" USING \"registryType\"::\"text\"::\"public\".\"docker_registry_registrytype_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"registryType\" SET DEFAULT 'internal'`)\n await queryRunner.query(`DROP TYPE \"public\".\"docker_registry_registrytype_enum_old\"`)\n\n // Create the base default registry by copying from the default internal one\n await queryRunner.query(`\n INSERT INTO public.docker_registry (\n name, url, username, password, \"isDefault\", project, \"createdAt\", \"updatedAt\", \"registryType\", \"organizationId\", \"region\"\n )\n SELECT\n 'Backup Registry' AS name,\n url,\n username,\n password,\n \"isDefault\",\n project,\n now() AS \"createdAt\",\n now() AS \"updatedAt\",\n 'backup' AS \"registryType\",\n \"organizationId\",\n \"region\"\n FROM public.docker_registry\n WHERE \"registryType\" = 'internal'\n AND \"isDefault\" = true\n ORDER BY \"createdAt\" ASC\n LIMIT 1\n `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`\n DELETE FROM public.docker_registry\n WHERE \"registryType\" = 'backup'\n `)\n\n await queryRunner.query(\n `CREATE TYPE \"public\".\"docker_registry_registrytype_enum_old\" AS ENUM('internal', 'organization', 'transient', 'backup')`,\n )\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"registryType\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"docker_registry\" ALTER COLUMN \"registryType\" TYPE \"public\".\"docker_registry_registrytype_enum_old\" USING \"registryType\"::\"text\"::\"public\".\"docker_registry_registrytype_enum_old\"`,\n )\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ALTER COLUMN \"registryType\" SET DEFAULT 'internal'`)\n await queryRunner.query(`DROP TYPE \"public\".\"docker_registry_registrytype_enum\"`)\n await queryRunner.query(\n `ALTER TYPE \"public\".\"docker_registry_registrytype_enum_old\" RENAME TO \"docker_registry_registrytype_enum\"`,\n )\n\n await queryRunner.query(`ALTER TABLE \"docker_registry\" DROP COLUMN \"region\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1757513754038-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1757513754038 implements MigrationInterface {\n name = 'Migration1757513754038'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"docker_registry\" ADD \"isFallback\" boolean NOT NULL DEFAULT false`)\n\n // Update existing registries that have isDefault = true and region = null to be fallback registries\n await queryRunner.query(`\n UPDATE \"docker_registry\"\n SET \"isFallback\" = true\n WHERE \"isDefault\" = true AND \"region\" IS NULL AND \"registryType\" = 'backup'\n `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"docker_registry\" DROP COLUMN \"isFallback\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1759241690773-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1759241690773 implements MigrationInterface {\n name = 'Migration1759241690773'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"used\"`)\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"capacity\"`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"capacity\" integer NOT NULL DEFAULT '1000'`)\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"used\" integer NOT NULL DEFAULT '0'`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1759768058397-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1759768058397 implements MigrationInterface {\n name = 'Migration1759768058397'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"sandbox\" ADD \"name\" character varying`)\n await queryRunner.query(`UPDATE \"sandbox\" SET \"name\" = \"id\"`)\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"name\" SET NOT NULL`)\n await queryRunner.query(\n `ALTER TABLE \"sandbox\" ALTER COLUMN \"name\" SET DEFAULT 'sandbox-' || substring(gen_random_uuid()::text, 1, 10)`,\n )\n await queryRunner.query(\n `ALTER TABLE \"sandbox\" ADD CONSTRAINT \"sandbox_organizationId_name_unique\" UNIQUE (\"organizationId\", \"name\")`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"sandbox\" DROP CONSTRAINT \"sandbox_organizationId_name_unique\"`)\n await queryRunner.query(`ALTER TABLE \"sandbox\" DROP COLUMN \"name\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1761912147638-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\nimport { configuration } from '../config/configuration'\n\nexport class Migration1761912147638 implements MigrationInterface {\n name = 'Migration1761912147638'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"defaultRegion\" character varying NULL`)\n await queryRunner.query(`UPDATE \"organization\" SET \"defaultRegion\" = '${configuration.defaultRegion.id}'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"defaultRegion\" SET NOT NULL`)\n\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"region\" DROP DEFAULT`)\n await queryRunner.query(`ALTER TABLE \"warm_pool\" ALTER COLUMN \"target\" DROP DEFAULT`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"defaultRegion\"`)\n\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"region\" SET DEFAULT 'us'`)\n await queryRunner.query(`ALTER TABLE \"warm_pool\" ALTER COLUMN \"target\" SET DEFAULT 'us'`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1761912147639-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1761912147639 implements MigrationInterface {\n name = 'Migration1761912147639'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.renameColumn('snapshot', 'internalName', 'ref')\n await queryRunner.renameColumn('snapshot', 'buildRunnerId', 'initialRunnerId')\n await queryRunner.query(`ALTER TABLE \"snapshot\" ADD \"skipValidation\" boolean NOT NULL DEFAULT false`)\n\n // Update snapshot states\n await queryRunner.query(`ALTER TYPE \"public\".\"snapshot_state_enum\" RENAME TO \"snapshot_state_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"snapshot_state_enum\" AS ENUM('pending', 'pulling', 'pending_validation', 'validating', 'active', 'inactive', 'building', 'error', 'build_failed', 'removing')`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" TYPE \"public\".\"snapshot_state_enum\" USING \"state\"::\"text\"::\"public\".\"snapshot_state_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" SET DEFAULT 'pending'`)\n await queryRunner.query(`DROP TYPE \"public\".\"snapshot_state_enum_old\"`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // Revert snapshot states\n await queryRunner.query(`ALTER TYPE \"public\".\"snapshot_state_enum\" RENAME TO \"snapshot_state_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"snapshot_state_enum\" AS ENUM('build_pending', 'pending', 'pulling', 'pending_validation', 'validating', 'active', 'inactive', 'building', 'error', 'build_failed', 'removing')`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" TYPE \"public\".\"snapshot_state_enum\" USING \"state\"::\"text\"::\"public\".\"snapshot_state_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" SET DEFAULT 'pending'`)\n await queryRunner.query(`DROP TYPE \"public\".\"snapshot_state_enum_old\"`)\n\n await queryRunner.query(`ALTER TABLE \"snapshot\" DROP COLUMN \"skipValidation\"`)\n await queryRunner.renameColumn('snapshot', 'initialRunnerId', 'buildRunnerId')\n await queryRunner.renameColumn('snapshot', 'ref', 'internalName')\n }\n}\n" }, { "path": "apps/api/src/migrations/1763561822000-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1763561822000 implements MigrationInterface {\n name = 'Migration1763561822000'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"authenticated_rate_limit\" integer`)\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"sandbox_create_rate_limit\" integer`)\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"sandbox_lifecycle_rate_limit\" integer`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"sandbox_lifecycle_rate_limit\"`)\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"sandbox_create_rate_limit\"`)\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"authenticated_rate_limit\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1764073472179-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\nimport { configuration } from '../config/configuration'\n\nexport class Migration1764073472179 implements MigrationInterface {\n name = 'Migration1764073472179'\n\n public async up(queryRunner: QueryRunner): Promise {\n // Create region table\n await queryRunner.query(\n `CREATE TABLE \"region\" (\"id\" character varying NOT NULL, \"name\" character varying NOT NULL, \"organizationId\" uuid, \"hidden\" boolean NOT NULL DEFAULT false, \"enforceQuotas\" boolean NOT NULL DEFAULT true, \"createdAt\" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), CONSTRAINT \"region_id_pk\" PRIMARY KEY (\"id\"))`,\n )\n\n // Add unique constraints for region name\n await queryRunner.query(\n `CREATE UNIQUE INDEX \"region_organizationId_null_name_unique\" ON \"region\" (\"name\") WHERE \"organizationId\" IS NULL`,\n )\n await queryRunner.query(\n `CREATE UNIQUE INDEX \"region_organizationId_name_unique\" ON \"region\" (\"organizationId\", \"name\") WHERE \"organizationId\" IS NOT NULL`,\n )\n\n // Expand organization table with defaultRegionId column (make it nullable)\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"defaultRegionId\" character varying NULL`)\n await queryRunner.query(`UPDATE \"organization\" SET \"defaultRegionId\" = \"defaultRegion\"`)\n\n // Add default value for required defaultRegion column before dropping it in the contract migration\n await queryRunner.query(\n `ALTER TABLE \"organization\" ALTER COLUMN \"defaultRegion\" SET DEFAULT '${configuration.defaultRegion.id}'`,\n )\n\n // Create region_quota table\n await queryRunner.query(\n `CREATE TABLE \"region_quota\" (\"organizationId\" uuid NOT NULL, \"regionId\" character varying NOT NULL, \"total_cpu_quota\" integer NOT NULL DEFAULT '10', \"total_memory_quota\" integer NOT NULL DEFAULT '10', \"total_disk_quota\" integer NOT NULL DEFAULT '30', \"createdAt\" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), CONSTRAINT \"region_quota_organizationId_regionId_pk\" PRIMARY KEY (\"organizationId\", \"regionId\"))`,\n )\n await queryRunner.query(\n `ALTER TABLE \"region_quota\" ADD CONSTRAINT \"region_quota_organizationId_fk\" FOREIGN KEY (\"organizationId\") REFERENCES \"organization\"(\"id\") ON DELETE CASCADE ON UPDATE NO ACTION`,\n )\n\n // For existing organizations, migrate their region-specific quotas to their default region\n await queryRunner.query(`\n INSERT INTO \"region_quota\" (\"organizationId\", \"regionId\", \"total_cpu_quota\", \"total_memory_quota\", \"total_disk_quota\")\n SELECT \n o.\"id\" as \"organizationId\",\n o.\"defaultRegionId\" as \"regionId\",\n o.\"total_cpu_quota\",\n o.\"total_memory_quota\",\n o.\"total_disk_quota\"\n FROM \"organization\" o\n `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // Drop region table\n await queryRunner.query(`DROP TABLE \"region\"`)\n\n // Drop defaultRegionId column from organization table\n await queryRunner.dropColumn('organization', 'defaultRegionId')\n\n // Drop region_quota table\n await queryRunner.query(`DROP TABLE \"region_quota\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1764073472180-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\nimport { configuration } from '../config/configuration'\n\nexport class Migration1764073472180 implements MigrationInterface {\n name = 'Migration1764073472180'\n\n public async up(queryRunner: QueryRunner): Promise {\n // Remove defaultRegion column from organization table\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"defaultRegion\"`)\n\n // Remove region-specific quotas from organization table\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"total_cpu_quota\"`)\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"total_memory_quota\"`)\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"total_disk_quota\"`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // Restore defaultRegion column to organization table\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"defaultRegion\" character varying NULL`)\n await queryRunner.query(`UPDATE \"organization\" SET \"defaultRegion\" = \"defaultRegionId\"`)\n await queryRunner.query(\n `ALTER TABLE \"organization\" ALTER COLUMN \"defaultRegion\" SET DEFAULT '${configuration.defaultRegion.id}'`,\n )\n await queryRunner.query(`ALTER TABLE \"organization\" ALTER COLUMN \"defaultRegion\" SET NOT NULL`)\n\n // Restore region-specific quotas to organization table\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"total_disk_quota\" integer NOT NULL DEFAULT '30'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"total_memory_quota\" integer NOT NULL DEFAULT '10'`)\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"total_cpu_quota\" integer NOT NULL DEFAULT '10'`)\n\n // For each organization, restore region-specific quotas by taking the maximum values among all region quotas\n await queryRunner.query(`\n UPDATE \"organization\" o\n SET \n \"total_cpu_quota\" = COALESCE(q.\"total_cpu_quota\", 10),\n \"total_memory_quota\" = COALESCE(q.\"total_memory_quota\", 10),\n \"total_disk_quota\" = COALESCE(q.\"total_disk_quota\", 30)\n FROM (\n SELECT \n \"organizationId\",\n MAX(\"total_cpu_quota\") as \"total_cpu_quota\",\n MAX(\"total_memory_quota\") as \"total_memory_quota\",\n MAX(\"total_disk_quota\") as \"total_disk_quota\"\n FROM \"region_quota\"\n GROUP BY \"organizationId\"\n ) q\n WHERE o.\"id\" = q.\"organizationId\"\n `)\n }\n}\n" }, { "path": "apps/api/src/migrations/1764844895057-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\nimport { GlobalOrganizationRolesIds } from '../organization/constants/global-organization-roles.constant'\nimport { OrganizationResourcePermission } from '../organization/enums/organization-resource-permission.enum'\n\nexport class Migration1764844895057 implements MigrationInterface {\n name = 'Migration1764844895057'\n\n public async up(queryRunner: QueryRunner): Promise {\n // add region type field with its type and constraints\n await queryRunner.query(`CREATE TYPE \"public\".\"region_regiontype_enum\" AS ENUM('shared', 'dedicated', 'custom')`)\n await queryRunner.query(`ALTER TABLE \"region\" ADD \"regionType\" \"public\".\"region_regiontype_enum\"`)\n await queryRunner.query(\n `ALTER TABLE \"region\" ADD CONSTRAINT \"region_not_custom\" CHECK (\"organizationId\" IS NOT NULL OR \"regionType\" != 'custom')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"region\" ADD CONSTRAINT \"region_not_shared\" CHECK (\"organizationId\" IS NULL OR \"regionType\" != 'shared')`,\n )\n await queryRunner.query(`UPDATE \"region\" SET \"regionType\" = 'custom' WHERE \"organizationId\" IS NOT NULL`)\n await queryRunner.query(`UPDATE \"region\" SET \"regionType\" = 'shared' WHERE \"organizationId\" IS NULL`)\n await queryRunner.query(`ALTER TABLE \"region\" ALTER COLUMN \"regionType\" SET NOT NULL`)\n\n // update api key permission enum\n await queryRunner.query(`ALTER TYPE \"public\".\"api_key_permissions_enum\" RENAME TO \"api_key_permissions_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"api_key_permissions_enum\" AS ENUM('write:registries', 'delete:registries', 'write:snapshots', 'delete:snapshots', 'write:sandboxes', 'delete:sandboxes', 'read:volumes', 'write:volumes', 'delete:volumes', 'write:regions', 'delete:regions', 'read:runners', 'write:runners', 'delete:runners', 'read:audit_logs')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"api_key\" ALTER COLUMN \"permissions\" TYPE \"public\".\"api_key_permissions_enum\"[] USING \"permissions\"::\"text\"::\"public\".\"api_key_permissions_enum\"[]`,\n )\n await queryRunner.query(`DROP TYPE \"public\".\"api_key_permissions_enum_old\"`)\n\n // update organization role permission enum\n await queryRunner.query(\n `ALTER TYPE \"public\".\"organization_role_permissions_enum\" RENAME TO \"organization_role_permissions_enum_old\"`,\n )\n await queryRunner.query(\n `CREATE TYPE \"public\".\"organization_role_permissions_enum\" AS ENUM('write:registries', 'delete:registries', 'write:snapshots', 'delete:snapshots', 'write:sandboxes', 'delete:sandboxes', 'read:volumes', 'write:volumes', 'delete:volumes', 'write:regions', 'delete:regions', 'read:runners', 'write:runners', 'delete:runners', 'read:audit_logs')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role\" ALTER COLUMN \"permissions\" TYPE \"public\".\"organization_role_permissions_enum\"[] USING \"permissions\"::\"text\"::\"public\".\"organization_role_permissions_enum\"[]`,\n )\n await queryRunner.query(`DROP TYPE \"public\".\"organization_role_permissions_enum_old\"`)\n\n // add infrastructure admin role\n await queryRunner.query(`\n INSERT INTO \"organization_role\" \n (\"id\", \"name\", \"description\", \"permissions\", \"isGlobal\")\n VALUES \n (\n '${GlobalOrganizationRolesIds.INFRASTRUCTURE_ADMIN}', \n 'Infrastructure Admin', \n 'Grants admin access to infrastructure in the organization', \n ARRAY[\n '${OrganizationResourcePermission.WRITE_REGIONS}',\n '${OrganizationResourcePermission.DELETE_REGIONS}',\n '${OrganizationResourcePermission.READ_RUNNERS}',\n '${OrganizationResourcePermission.WRITE_RUNNERS}',\n '${OrganizationResourcePermission.DELETE_RUNNERS}'\n ]::organization_role_permissions_enum[],\n TRUE\n )\n `)\n\n // add runner name field\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"name\" character varying`)\n await queryRunner.query(`UPDATE \"runner\" SET \"name\" = \"id\"`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"name\" SET NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"runner\" ADD CONSTRAINT \"runner_region_name_unique\" UNIQUE (\"region\", \"name\")`)\n\n // create new index for runner\n await queryRunner.query(\n `CREATE INDEX \"runner_state_unschedulable_region_index\" ON \"runner\" (\"state\", \"unschedulable\", \"region\") `,\n )\n\n // add region proxy and ssh gateway fields\n await queryRunner.query(`ALTER TABLE \"region\" ADD \"proxyUrl\" character varying`)\n await queryRunner.query(`ALTER TABLE \"region\" ADD \"toolboxProxyUrl\" character varying`)\n await queryRunner.query(`ALTER TABLE \"region\" ADD \"proxyApiKeyHash\" character varying`)\n await queryRunner.query(`ALTER TABLE \"region\" ADD \"sshGatewayUrl\" character varying`)\n await queryRunner.query(`ALTER TABLE \"region\" ADD \"sshGatewayApiKeyHash\" character varying`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"proxyUrl\" DROP DEFAULT`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"region\" DROP DEFAULT`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // remove region proxy and ssh gateway fields\n await queryRunner.query(`ALTER TABLE \"region\" DROP COLUMN \"sshGatewayApiKeyHash\"`)\n await queryRunner.query(`ALTER TABLE \"region\" DROP COLUMN \"sshGatewayUrl\"`)\n await queryRunner.query(`ALTER TABLE \"region\" DROP COLUMN \"proxyApiKeyHash\"`)\n await queryRunner.query(`ALTER TABLE \"region\" DROP COLUMN \"toolboxProxyUrl\"`)\n await queryRunner.query(`ALTER TABLE \"region\" DROP COLUMN \"proxyUrl\"`)\n\n // drop region type field\n await queryRunner.query(`ALTER TABLE \"region\" DROP COLUMN \"regionType\"`)\n await queryRunner.query(`DROP TYPE \"public\".\"region_regiontype_enum\"`)\n\n // remove infrastructure admin role\n await queryRunner.query(\n `DELETE FROM \"organization_role\" WHERE \"id\" = '${GlobalOrganizationRolesIds.INFRASTRUCTURE_ADMIN}'`,\n )\n\n // revert api key permission enum\n await queryRunner.query(\n `CREATE TYPE \"public\".\"api_key_permissions_enum_old\" AS ENUM('delete:registries', 'delete:sandboxes', 'delete:snapshots', 'delete:volumes', 'read:audit_logs', 'read:volumes', 'write:registries', 'write:sandboxes', 'write:snapshots', 'write:volumes')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"api_key\" ALTER COLUMN \"permissions\" TYPE \"public\".\"api_key_permissions_enum_old\"[] USING \"permissions\"::\"text\"::\"public\".\"api_key_permissions_enum_old\"[]`,\n )\n await queryRunner.query(`DROP TYPE \"public\".\"api_key_permissions_enum\"`)\n await queryRunner.query(`ALTER TYPE \"public\".\"api_key_permissions_enum_old\" RENAME TO \"api_key_permissions_enum\"`)\n\n // revert organization role permission enum\n await queryRunner.query(\n `CREATE TYPE \"public\".\"organization_role_permissions_enum_old\" AS ENUM('delete:registries', 'delete:sandboxes', 'delete:snapshots', 'delete:volumes', 'read:audit_logs', 'read:volumes', 'write:registries', 'write:sandboxes', 'write:snapshots', 'write:volumes')`,\n )\n await queryRunner.query(\n `ALTER TABLE \"organization_role\" ALTER COLUMN \"permissions\" TYPE \"public\".\"organization_role_permissions_enum_old\"[] USING \"permissions\"::\"text\"::\"public\".\"organization_role_permissions_enum_old\"[]`,\n )\n await queryRunner.query(`DROP TYPE \"public\".\"organization_role_permissions_enum\"`)\n await queryRunner.query(\n `ALTER TYPE \"public\".\"organization_role_permissions_enum_old\" RENAME TO \"organization_role_permissions_enum\"`,\n )\n\n // drop runner name field\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"name\"`)\n\n // drop new index for runner\n await queryRunner.query(`DROP INDEX \"public\".\"runner_state_unschedulable_region_index\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1764844895058-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1764844895058 implements MigrationInterface {\n name = 'Migration1764844895058'\n\n public async up(queryRunner: QueryRunner): Promise {\n // drop region hidden field\n await queryRunner.query(`ALTER TABLE \"region\" DROP COLUMN \"hidden\"`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // revert drop region hidden field\n await queryRunner.query(`ALTER TABLE \"region\" ADD \"hidden\" boolean NOT NULL DEFAULT false`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1765282546000-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1765282546000 implements MigrationInterface {\n name = 'Migration1765282546000'\n\n public async up(queryRunner: QueryRunner): Promise {\n // Remove skipValidation column\n await queryRunner.query(`ALTER TABLE \"snapshot\" DROP COLUMN \"skipValidation\"`)\n\n // Update any snapshots in VALIDATING or PENDING_VALIDATION state to PENDING\n await queryRunner.query(`UPDATE \"snapshot\" SET \"state\" = 'pending' WHERE \"state\" = 'validating'`)\n await queryRunner.query(`UPDATE \"snapshot\" SET \"state\" = 'pending' WHERE \"state\" = 'pending_validation'`)\n\n // Update snapshot_state_enum to remove VALIDATING and PENDING_VALIDATION\n await queryRunner.query(`ALTER TYPE \"public\".\"snapshot_state_enum\" RENAME TO \"snapshot_state_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"snapshot_state_enum\" AS ENUM('pending', 'pulling', 'active', 'inactive', 'building', 'error', 'build_failed', 'removing')`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" TYPE \"public\".\"snapshot_state_enum\" USING \"state\"::\"text\"::\"public\".\"snapshot_state_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" SET DEFAULT 'pending'`)\n await queryRunner.query(`DROP TYPE \"public\".\"snapshot_state_enum_old\"`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // Revert snapshot_state_enum to include VALIDATING and PENDING_VALIDATION\n await queryRunner.query(`ALTER TYPE \"public\".\"snapshot_state_enum\" RENAME TO \"snapshot_state_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"snapshot_state_enum\" AS ENUM('pending', 'pulling', 'pending_validation', 'validating', 'active', 'inactive', 'building', 'error', 'build_failed', 'removing')`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" TYPE \"public\".\"snapshot_state_enum\" USING \"state\"::\"text\"::\"public\".\"snapshot_state_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"snapshot\" ALTER COLUMN \"state\" SET DEFAULT 'pending'`)\n await queryRunner.query(`DROP TYPE \"public\".\"snapshot_state_enum_old\"`)\n\n // Re-add skipValidation column\n await queryRunner.query(`ALTER TABLE \"snapshot\" ADD \"skipValidation\" boolean NOT NULL DEFAULT false`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1765366773736-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1765366773736 implements MigrationInterface {\n name = 'Migration1765366773736'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"sandbox\" ADD \"recoverable\" boolean NOT NULL DEFAULT false`)\n\n // Update existing sandboxes with recoverable error reasons to set recoverable = true\n await queryRunner.query(`\n UPDATE \"sandbox\" \n SET \"recoverable\" = true \n WHERE \"state\" = 'error' \n AND (\n LOWER(\"errorReason\") LIKE '%no space left on device%'\n OR LOWER(\"errorReason\") LIKE '%storage limit%'\n OR LOWER(\"errorReason\") LIKE '%disk quota exceeded%'\n )\n `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"sandbox\" DROP COLUMN \"recoverable\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1765400000000-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1765400000000 implements MigrationInterface {\n name = 'Migration1765400000000'\n\n public async up(queryRunner: QueryRunner): Promise {\n // Normalize Docker Hub URLs to 'docker.io' for consistency\n // The runner will convert to 'index.docker.io/v1/' for builds where needed\n await queryRunner.query(`\n UPDATE \"docker_registry\"\n SET \"url\" = 'docker.io'\n WHERE LOWER(\"url\") LIKE '%docker.io%'\n `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // Cannot reliably reverse this migration as we don't know the original URLs\n // This is a one-way normalization\n }\n}\n" }, { "path": "apps/api/src/migrations/1765806205881-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1765806205881 implements MigrationInterface {\n name = 'Migration1765806205881'\n\n public async up(queryRunner: QueryRunner): Promise {\n // Create snapshot_region table\n await queryRunner.query(`\n CREATE TABLE \"snapshot_region\" (\n \"snapshotId\" uuid NOT NULL,\n \"regionId\" character varying NOT NULL,\n \"createdAt\" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),\n \"updatedAt\" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),\n CONSTRAINT \"PK_snapshot_region\" PRIMARY KEY (\"snapshotId\", \"regionId\")\n )\n `)\n\n // Add foreign key constraints\n await queryRunner.query(`\n ALTER TABLE \"snapshot_region\"\n ADD CONSTRAINT \"FK_snapshot_region_snapshot\"\n FOREIGN KEY (\"snapshotId\") REFERENCES \"snapshot\"(\"id\") ON DELETE CASCADE ON UPDATE NO ACTION\n `)\n\n await queryRunner.query(`\n ALTER TABLE \"snapshot_region\"\n ADD CONSTRAINT \"FK_snapshot_region_region\"\n FOREIGN KEY (\"regionId\") REFERENCES \"region\"(\"id\") ON DELETE CASCADE ON UPDATE NO ACTION\n `)\n\n // Migrate existing snapshots: add snapshot_region entries based on organization's default region\n await queryRunner.query(`\n INSERT INTO \"snapshot_region\" (\"snapshotId\", \"regionId\")\n SELECT s.id, o.\"defaultRegionId\"\n FROM \"snapshot\" s\n INNER JOIN \"organization\" o ON s.\"organizationId\" = o.id\n WHERE o.\"defaultRegionId\" IS NOT NULL\n `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // Drop foreign key constraints\n await queryRunner.query(`ALTER TABLE \"snapshot_region\" DROP CONSTRAINT \"FK_snapshot_region_region\"`)\n await queryRunner.query(`ALTER TABLE \"snapshot_region\" DROP CONSTRAINT \"FK_snapshot_region_snapshot\"`)\n\n // Drop snapshot_region table\n await queryRunner.query(`DROP TABLE \"snapshot_region\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1766415256696-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1766415256696 implements MigrationInterface {\n name = 'Migration1766415256696'\n\n public async up(queryRunner: QueryRunner): Promise {\n // region snapshot manager field\n await queryRunner.query(`ALTER TABLE \"region\" ADD \"snapshotManagerUrl\" character varying`)\n\n // docker registry indexes\n await queryRunner.query(\n `CREATE INDEX \"docker_registry_registryType_isDefault_index\" ON \"docker_registry\" (\"registryType\", \"isDefault\") `,\n )\n await queryRunner.query(\n `CREATE INDEX \"docker_registry_region_registryType_index\" ON \"docker_registry\" (\"region\", \"registryType\") `,\n )\n await queryRunner.query(\n `CREATE INDEX \"docker_registry_organizationId_registryType_index\" ON \"docker_registry\" (\"organizationId\", \"registryType\") `,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // drop region snapshot manager field\n await queryRunner.query(`ALTER TABLE \"region\" DROP COLUMN \"snapshotManagerUrl\"`)\n\n // drop docker registry indexes\n await queryRunner.query(`DROP INDEX \"public\".\"docker_registry_organizationId_registryType_index\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"docker_registry_region_registryType_index\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"docker_registry_registryType_isDefault_index\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1767830400000-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1767830400000 implements MigrationInterface {\n name = 'Migration1767830400000'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"currentStartedSandboxes\" integer NOT NULL DEFAULT 0`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"currentStartedSandboxes\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1768306129179-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1768306129179 implements MigrationInterface {\n name = 'Migration1768306129179'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `CREATE TYPE \"public\".\"job_status_enum\" AS ENUM('PENDING', 'IN_PROGRESS', 'COMPLETED', 'FAILED')`,\n )\n await queryRunner.query(`CREATE TYPE \"public\".\"job_resourcetype_enum\" AS ENUM('SANDBOX', 'SNAPSHOT', 'BACKUP')`)\n await queryRunner.query(\n `CREATE TABLE \"job\" (\"id\" uuid NOT NULL DEFAULT uuid_generate_v4(), \"version\" integer NOT NULL, \"type\" character varying NOT NULL, \"status\" \"public\".\"job_status_enum\" NOT NULL DEFAULT 'PENDING', \"runnerId\" character varying NOT NULL, \"resourceType\" \"public\".\"job_resourcetype_enum\" NOT NULL, \"resourceId\" character varying NOT NULL, \"payload\" character varying, \"resultMetadata\" character varying, \"traceContext\" jsonb, \"errorMessage\" text, \"startedAt\" TIMESTAMP WITH TIME ZONE, \"completedAt\" TIMESTAMP WITH TIME ZONE, \"createdAt\" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), \"updatedAt\" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), CONSTRAINT \"job_id_pk\" PRIMARY KEY (\"id\"))`,\n )\n await queryRunner.query(\n `CREATE UNIQUE INDEX \"IDX_UNIQUE_INCOMPLETE_JOB\" ON \"job\" (\"resourceType\", \"resourceId\", \"runnerId\") WHERE \"completedAt\" IS NULL`,\n )\n await queryRunner.query(`CREATE INDEX \"job_resourceType_resourceId_index\" ON \"job\" (\"resourceType\", \"resourceId\") `)\n await queryRunner.query(`CREATE INDEX \"job_status_createdAt_index\" ON \"job\" (\"status\", \"createdAt\") `)\n await queryRunner.query(`CREATE INDEX \"job_runnerId_status_index\" ON \"job\" (\"runnerId\", \"status\") `)\n await queryRunner.query(`ALTER TABLE \"runner\" RENAME COLUMN \"version\" TO \"apiVersion\"`)\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"appVersion\" character varying DEFAULT 'v0.0.0-dev'`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"domain\" DROP NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"runner\" DROP CONSTRAINT \"UQ_330d74ac3d0e349b4c73c62ad6d\"`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"apiUrl\" DROP NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"proxyUrl\" DROP NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"cpu\" TYPE double precision`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"memoryGiB\" TYPE double precision`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"diskGiB\" TYPE double precision`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"gpu\" DROP NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"gpuType\" DROP NOT NULL`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"gpuType\" SET NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"gpu\" SET NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"diskGiB\" TYPE integer`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"memoryGiB\" TYPE integer`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"cpu\" TYPE integer`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"proxyUrl\" SET NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"apiUrl\" SET NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"runner\" ADD CONSTRAINT \"UQ_330d74ac3d0e349b4c73c62ad6d\" UNIQUE (\"domain\")`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"domain\" SET NOT NULL`)\n await queryRunner.query(`ALTER TABLE \"runner\" RENAME COLUMN \"apiVersion\" TO \"version\"`)\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"appVersion\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"job_runnerId_status_index\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"job_status_createdAt_index\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"job_resourceType_resourceId_index\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"IDX_UNIQUE_INCOMPLETE_JOB\"`)\n await queryRunner.query(`DROP TABLE \"job\"`)\n await queryRunner.query(`DROP TYPE \"public\".\"job_resourcetype_enum\"`)\n await queryRunner.query(`DROP TYPE \"public\".\"job_status_enum\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1768461678804-migration.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1768461678804 implements MigrationInterface {\n name = 'Migration1768461678804'\n\n // TODO: Add migrationsTransactionMode: 'each', to data-source.ts\n // TypeORM currently does not support non-transactional reverts\n // Needed because CREATE/DROP INDEX CONCURRENTLY cannot run inside a transaction\n // public readonly transaction = false\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`\n CREATE INDEX IF NOT EXISTS \"idx_sandbox_volumes_gin\"\n ON \"sandbox\"\n USING GIN (\"volumes\" jsonb_path_ops)\n WHERE \"desiredState\" <> 'destroyed';\n `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`\n DROP INDEX IF EXISTS \"idx_sandbox_volumes_gin\";\n `)\n }\n}\n" }, { "path": "apps/api/src/migrations/1768475454675-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1768475454675 implements MigrationInterface {\n name = 'Migration1768475454675'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `CREATE INDEX \"idx_region_custom\" ON \"region\" (\"organizationId\") WHERE \"regionType\" = 'custom'`,\n )\n await queryRunner.query(\n `CREATE UNIQUE INDEX \"region_sshGatewayApiKeyHash_unique\" ON \"region\" (\"sshGatewayApiKeyHash\") WHERE \"sshGatewayApiKeyHash\" IS NOT NULL`,\n )\n await queryRunner.query(\n `CREATE UNIQUE INDEX \"region_proxyApiKeyHash_unique\" ON \"region\" (\"proxyApiKeyHash\") WHERE \"proxyApiKeyHash\" IS NOT NULL`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`DROP INDEX \"public\".\"region_proxyApiKeyHash_unique\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"region_sshGatewayApiKeyHash_unique\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"idx_region_custom\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1768485728153-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1768485728153 implements MigrationInterface {\n name = 'Migration1768485728153'\n\n public async up(queryRunner: QueryRunner): Promise {\n // Note: not using CONCURRENTLY + skipping transactions because of reverting issue: https://github.com/typeorm/typeorm/issues/9981\n\n await queryRunner.query(`CREATE INDEX \"api_key_org_user_idx\" ON \"api_key\" (\"organizationId\", \"userId\") `)\n await queryRunner.query(\n `CREATE INDEX \"warm_pool_find_idx\" ON \"warm_pool\" (\"snapshot\", \"target\", \"class\", \"cpu\", \"mem\", \"disk\", \"gpu\", \"osUser\", \"env\") `,\n )\n await queryRunner.query(`CREATE INDEX \"snapshot_runner_state_idx\" ON \"snapshot_runner\" (\"state\") `)\n await queryRunner.query(`CREATE INDEX \"snapshot_runner_runnerid_idx\" ON \"snapshot_runner\" (\"runnerId\") `)\n await queryRunner.query(\n `CREATE INDEX \"snapshot_runner_runnerid_snapshotref_idx\" ON \"snapshot_runner\" (\"runnerId\", \"snapshotRef\") `,\n )\n await queryRunner.query(`CREATE INDEX \"snapshot_runner_snapshotref_idx\" ON \"snapshot_runner\" (\"snapshotRef\") `)\n await queryRunner.query(`CREATE INDEX \"sandbox_pending_idx\" ON \"sandbox\" (\"id\") WHERE \"pending\" = true`)\n await queryRunner.query(\n `CREATE INDEX \"sandbox_active_only_idx\" ON \"sandbox\" (\"id\") WHERE \"state\" <> ALL (ARRAY['destroyed'::sandbox_state_enum, 'archived'::sandbox_state_enum])`,\n )\n await queryRunner.query(\n `CREATE INDEX \"sandbox_runner_state_desired_idx\" ON \"sandbox\" (\"runnerId\", \"state\", \"desiredState\") WHERE \"pending\" = false`,\n )\n await queryRunner.query(`CREATE INDEX \"sandbox_backupstate_idx\" ON \"sandbox\" (\"backupState\") `)\n await queryRunner.query(`CREATE INDEX \"sandbox_resources_idx\" ON \"sandbox\" (\"cpu\", \"mem\", \"disk\", \"gpu\") `)\n await queryRunner.query(`CREATE INDEX \"sandbox_region_idx\" ON \"sandbox\" (\"region\") `)\n await queryRunner.query(`CREATE INDEX \"sandbox_organizationid_idx\" ON \"sandbox\" (\"organizationId\") `)\n await queryRunner.query(`CREATE INDEX \"sandbox_runner_state_idx\" ON \"sandbox\" (\"runnerId\", \"state\") `)\n await queryRunner.query(`CREATE INDEX \"sandbox_runnerid_idx\" ON \"sandbox\" (\"runnerId\") `)\n await queryRunner.query(`CREATE INDEX \"sandbox_snapshot_idx\" ON \"sandbox\" (\"snapshot\") `)\n await queryRunner.query(`CREATE INDEX \"sandbox_desiredstate_idx\" ON \"sandbox\" (\"desiredState\") `)\n await queryRunner.query(`CREATE INDEX \"sandbox_state_idx\" ON \"sandbox\" (\"state\") `)\n await queryRunner.query(`CREATE INDEX \"snapshot_state_idx\" ON \"snapshot\" (\"state\") `)\n await queryRunner.query(`CREATE INDEX \"snapshot_name_idx\" ON \"snapshot\" (\"name\") `)\n await queryRunner.query(\n `CREATE INDEX \"sandbox_labels_gin_full_idx\" ON \"sandbox\" USING gin (\"labels\" jsonb_path_ops)`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`DROP INDEX \"public\".\"sandbox_labels_gin_full_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"snapshot_name_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"snapshot_state_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"sandbox_state_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"sandbox_desiredstate_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"sandbox_snapshot_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"sandbox_runnerid_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"sandbox_runner_state_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"sandbox_organizationid_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"sandbox_region_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"sandbox_resources_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"sandbox_backupstate_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"sandbox_runner_state_desired_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"sandbox_active_only_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"sandbox_pending_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"snapshot_runner_snapshotref_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"snapshot_runner_runnerid_snapshotref_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"snapshot_runner_runnerid_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"snapshot_runner_state_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"warm_pool_find_idx\"`)\n await queryRunner.query(`DROP INDEX \"public\".\"api_key_org_user_idx\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1768583941244-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1768583941244 implements MigrationInterface {\n name = 'Migration1768583941244'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"currentCpuLoadAverage\" double precision NOT NULL DEFAULT '0'`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"currentCpuLoadAverage\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1769516172576-migration.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1769516172576 implements MigrationInterface {\n name = 'Migration1769516172576'\n\n public async up(queryRunner: QueryRunner): Promise {\n // For sandbox_state_enum - add 'resizing' value\n await queryRunner.query(`ALTER TYPE \"public\".\"sandbox_state_enum\" ADD VALUE IF NOT EXISTS 'resizing'`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n // Drop any index with explicit desiredState enum type cast in WHERE clause (required for enum swap)\n\n // For sandbox_state_enum - remove 'resizing' value\n await queryRunner.query(`UPDATE \"sandbox\" SET \"state\" = 'stopped' WHERE \"state\" = 'resizing'`)\n await queryRunner.query(`ALTER TYPE \"public\".\"sandbox_state_enum\" RENAME TO \"sandbox_state_enum_old\"`)\n await queryRunner.query(\n `CREATE TYPE \"public\".\"sandbox_state_enum\" AS ENUM('creating', 'restoring', 'destroyed', 'destroying', 'started', 'stopped', 'starting', 'stopping', 'error', 'build_failed', 'pending_build', 'building_snapshot', 'unknown', 'pulling_snapshot', 'archiving', 'archived')`,\n )\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"state\" DROP DEFAULT`)\n await queryRunner.query(\n `ALTER TABLE \"sandbox\" ALTER COLUMN \"state\" TYPE \"public\".\"sandbox_state_enum\" USING \"state\"::\"text\"::\"public\".\"sandbox_state_enum\"`,\n )\n await queryRunner.query(`ALTER TABLE \"sandbox\" ALTER COLUMN \"state\" SET DEFAULT 'unknown'`)\n await queryRunner.query(`DROP TYPE \"public\".\"sandbox_state_enum_old\"`)\n\n // Recreate the indices that were dropped\n }\n}\n" }, { "path": "apps/api/src/migrations/1769516172577-migration.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1769516172577 implements MigrationInterface {\n name = 'Migration1769516172577'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"draining\" boolean NOT NULL DEFAULT false`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"draining\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1770043707083-migration.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1770043707083 implements MigrationInterface {\n name = 'Migration1770043707083'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"experimentalConfig\" jsonb`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"experimentalConfig\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1770212429837-migration.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1770212429837 implements MigrationInterface {\n name = 'Migration1770212429837'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"authenticated_rate_limit_ttl_seconds\" integer`)\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"sandbox_create_rate_limit_ttl_seconds\" integer`)\n await queryRunner.query(`ALTER TABLE \"organization\" ADD \"sandbox_lifecycle_rate_limit_ttl_seconds\" integer`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"sandbox_lifecycle_rate_limit_ttl_seconds\"`)\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"sandbox_create_rate_limit_ttl_seconds\"`)\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"authenticated_rate_limit_ttl_seconds\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1770823569571-migration.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1770823569571 implements MigrationInterface {\n name = 'Migration1770823569571'\n\n public async up(queryRunner: QueryRunner): Promise {\n // Note: not using CONCURRENTLY + skipping transactions because of reverting issue: https://github.com/typeorm/typeorm/issues/9981\n await queryRunner.query(`CREATE INDEX \"idx_sandbox_authtoken\" ON \"sandbox\" (\"authToken\") `)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`DROP INDEX \"public\".\"idx_sandbox_authtoken\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/1770880371265-migration.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1770880371265 implements MigrationInterface {\n name = 'Migration1770880371265'\n\n public async up(queryRunner: QueryRunner): Promise {\n // Note: not using CONCURRENTLY + skipping transactions because of reverting issue: https://github.com/typeorm/typeorm/issues/9981\n await queryRunner.query(\n `CREATE INDEX \"idx_sandbox_usage_periods_sandbox_end\" ON \"sandbox_usage_periods\" (\"sandboxId\", \"endAt\") `,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`DROP INDEX \"public\".\"idx_sandbox_usage_periods_sandbox_end\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/README.md", "content": "# Database Migrations\n\nThis project uses the **Expand and Contract** pattern for database migrations to support zero-downtime deployments.\n\n## Overview\n\nThe expand and contract pattern splits database changes into two phases:\n\n- **Pre-deploy (Expand)**: Additive, non-breaking changes that are backwards compatible with the current API version\n- **Post-deploy (Contract)**: Breaking changes that require the new API version to be deployed first\n\nThis allows the database and API to be updated independently while maintaining compatibility during the deployment window.\n\n## Migration Folders\n\n- `pre-deploy/` - Migrations that run **before** the API is deployed\n- `post-deploy/` - Migrations that run **after** the API is deployed\n\nNote: Root folder migrations (not in pre-deploy or post-deploy) are legacy migrations created before the expand-and-contract pattern was introduced. These run during `migration:run:init` only.\n\n## Developer Workflow\n\n### 1. Make Changes to Database Entities\n\nModify the TypeORM entity files in `src/**/*.entity.ts` as needed.\n\n### 2. Generate Migrations\n\nRun the migration generator:\n\n```bash\nnpm run migration:generate\n```\n\nThis creates the **same autogenerated migration in both** `pre-deploy/` and `post-deploy/` folders with a timestamp prefix.\n\n### 3. Analyze and Adjust Migrations\n\n**This is the critical step.** You MUST analyze the generated migrations and determine:\n\n- Which changes are safe to run before the API deployment (pre-deploy)\n- Which changes require the new API to be running first (post-deploy)\n- Whether manual adjustments are needed for zero-downtime compatibility\n\n#### Example Scenarios\n\n**Adding a new field (Pre-deploy only)**\n\nWhen adding a new nullable column or a column with a default value:\n\n```typescript\n// pre-deploy/migration.ts\npublic async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"workspace\" ADD \"description\" varchar NULL`);\n}\n```\n\n```typescript\n// post-deploy/migration.ts\n// DELETE the generated migration - no post-deploy changes needed\n```\n\nThe new column can be added before the API deployment since the old API will simply ignore it.\n\n---\n\n**Dropping a field (Post-deploy only)**\n\nWhen removing a column:\n\n```typescript\n// pre-deploy/migration.ts\n// DELETE the generated migration - no pre-deploy changes needed\n```\n\n```typescript\n// post-deploy/migration.ts\npublic async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"workspace\" DROP COLUMN \"legacy_field\"`);\n}\n```\n\nThe column must only be dropped after the new API is deployed, since the old API may still be reading from it.\n\n---\n\n**Renaming a field (Expand then Contract)**\n\nRenaming requires both phases to maintain zero-downtime. Use a **database trigger** to keep columns synchronized automatically:\n\n```typescript\n// pre-deploy/migration.ts (Expand)\npublic async up(queryRunner: QueryRunner): Promise {\n // Add new column\n await queryRunner.query(`ALTER TABLE \"workspace\" ADD \"display_name\" varchar NULL`);\n // Copy existing data\n await queryRunner.query(`UPDATE \"workspace\" SET \"display_name\" = \"name\"`);\n // Create trigger to keep columns in sync during transition\n await queryRunner.query(`\n CREATE OR REPLACE FUNCTION sync_workspace_name()\n RETURNS TRIGGER AS $$\n BEGIN\n IF NEW.display_name IS NOT NULL THEN\n NEW.name := NEW.display_name;\n ELSIF NEW.name IS NOT NULL THEN\n NEW.display_name := NEW.name;\n END IF;\n RETURN NEW;\n END;\n $$ LANGUAGE plpgsql;\n `);\n await queryRunner.query(`\n CREATE TRIGGER workspace_name_sync\n BEFORE INSERT OR UPDATE ON \"workspace\"\n FOR EACH ROW EXECUTE FUNCTION sync_workspace_name();\n `);\n}\n```\n\n```typescript\n// post-deploy/migration.ts (Contract)\npublic async up(queryRunner: QueryRunner): Promise {\n // Remove trigger and old column\n await queryRunner.query(`DROP TRIGGER workspace_name_sync ON \"workspace\"`);\n await queryRunner.query(`DROP FUNCTION sync_workspace_name()`);\n await queryRunner.query(`ALTER TABLE \"workspace\" DROP COLUMN \"name\"`);\n}\n```\n\n**How the trigger works:**\n\nThe trigger intercepts every INSERT and UPDATE on the table and automatically copies the value between columns:\n\n| API Version | Writes to | Trigger copies to | Result |\n|-------------|-----------|-------------------|--------|\n| Old API | `name` | `display_name` | Both columns have the value |\n| New API | `display_name` | `name` | Both columns have the value |\n\n**Deployment timeline:**\n\n1. **Pre-deploy migration runs** → Trigger is active, both columns exist\n2. **Rolling deployment begins** → Mix of old and new API instances, trigger keeps data in sync\n3. **Rolling deployment completes** → All instances are new API\n4. **Post-deploy migration runs** → Trigger and old column are removed\n\n**New API code changes:**\n\nThe new API should read from and write to `display_name` only. The trigger handles backward compatibility with old API instances—no dual-write logic needed in application code.\n\n## Migration Scripts\n\n### `npm run migration:run:init`\n\nRuns **all migrations** from both pre-deploy and post-deploy folders. Use this for:\n\n- Initial database setup\n- Development environments\n- Fresh database instances\n\n### `npm run migration:run:pre-deploy`\n\nRuns only migrations in the `pre-deploy/` folder. Use this:\n\n- **Before** deploying a new API version\n- As part of your CI/CD pipeline, before the rolling update begins\n\n### `npm run migration:run:post-deploy`\n\nRuns only migrations in the `post-deploy/` folder. Use this:\n\n- **After** the new API version is fully deployed\n- As part of your CI/CD pipeline, after the rolling update completes\n\n## Reverting Migrations\n\n```bash\nnpm run migration:revert\n```\n\nThis reverts the **last executed migration** from either folder (based on the combined migration history in the database).\n\n**Important behaviors:**\n\n- Reverts one migration at a time - run multiple times to revert multiple migrations\n- Uses the combined data-source that sees all migrations\n- The revert order follows the execution timestamp, not the folder structure\n- Always test revert scripts in development before relying on them in production\n\n**Recommendation:** After reverting, you may need to also revert the corresponding entity changes and regenerate migrations to keep everything in sync.\n" }, { "path": "apps/api/src/migrations/data-source.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { DataSource, DataSourceOptions } from 'typeorm'\nimport { CustomNamingStrategy } from '../common/utils/naming-strategy.util'\nimport { join } from 'path'\nimport { config } from 'dotenv'\n\nconfig({ path: [join(__dirname, '../../.env'), join(__dirname, '../../.env.local')] })\n\nexport const baseDataSourceOptions: DataSourceOptions = {\n type: 'postgres' as const,\n host: process.env.DB_HOST,\n port: parseInt(process.env.DB_PORT!, 10),\n username: process.env.DB_USERNAME,\n password: process.env.DB_PASSWORD,\n database: process.env.DB_DATABASE,\n synchronize: false,\n migrationsRun: false,\n logging: process.env.DB_LOGGING === 'true',\n namingStrategy: new CustomNamingStrategy(),\n entities: [join(__dirname, '../**/*.entity.ts')],\n entitySkipConstructor: true,\n}\n\nconst AppDataSource = new DataSource({\n ...baseDataSourceOptions,\n migrations: [join(__dirname, '**/*-migration.{ts,js}')],\n})\n\nexport default AppDataSource\n" }, { "path": "apps/api/src/migrations/post-deploy/data-source.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { join } from 'path'\nimport { DataSource } from 'typeorm'\nimport { baseDataSourceOptions } from '../data-source'\n\nconst PostDeployDataSource = new DataSource({\n ...baseDataSourceOptions,\n migrations: [join(__dirname, '*-migration.{ts,js}')],\n})\n\nexport default PostDeployDataSource\n" }, { "path": "apps/api/src/migrations/pre-deploy/1770900000000-migration.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1770900000000 implements MigrationInterface {\n name = 'Migration1770900000000'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `ALTER TABLE \"organization\" ADD \"snapshot_deactivation_timeout_minutes\" integer NOT NULL DEFAULT 20160`,\n )\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"organization\" DROP COLUMN \"snapshot_deactivation_timeout_minutes\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/pre-deploy/1773744656413-migration.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1773744656413 implements MigrationInterface {\n name = 'Migration1773744656413'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"currentAllocatedCpu\" TYPE double precision`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"currentAllocatedMemoryGiB\" TYPE double precision`)\n await queryRunner.query(`ALTER TABLE \"runner\" ALTER COLUMN \"currentAllocatedDiskGiB\" TYPE double precision`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(\n `ALTER TABLE \"runner\" ALTER COLUMN \"currentAllocatedDiskGiB\" TYPE integer USING ROUND(\"currentAllocatedDiskGiB\")::integer`,\n )\n await queryRunner.query(\n `ALTER TABLE \"runner\" ALTER COLUMN \"currentAllocatedMemoryGiB\" TYPE integer USING ROUND(\"currentAllocatedMemoryGiB\")::integer`,\n )\n await queryRunner.query(\n `ALTER TABLE \"runner\" ALTER COLUMN \"currentAllocatedCpu\" TYPE integer USING ROUND(\"currentAllocatedCpu\")::integer`,\n )\n }\n}\n" }, { "path": "apps/api/src/migrations/pre-deploy/1773916204375-migration.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MigrationInterface, QueryRunner } from 'typeorm'\n\nexport class Migration1773916204375 implements MigrationInterface {\n name = 'Migration1773916204375'\n\n public async up(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" ADD \"serviceHealth\" jsonb`)\n }\n\n public async down(queryRunner: QueryRunner): Promise {\n await queryRunner.query(`ALTER TABLE \"runner\" DROP COLUMN \"serviceHealth\"`)\n }\n}\n" }, { "path": "apps/api/src/migrations/pre-deploy/data-source.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { join } from 'path'\nimport { DataSource } from 'typeorm'\nimport { baseDataSourceOptions } from '../data-source'\n\nconst PreDeployDataSource = new DataSource({\n ...baseDataSourceOptions,\n migrations: [join(__dirname, '*-migration.{ts,js}')],\n})\n\nexport default PreDeployDataSource\n" }, { "path": "apps/api/src/notification/emitters/notification-redis.emitter.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger, OnModuleInit } from '@nestjs/common'\nimport { Emitter } from '@socket.io/redis-emitter'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport Redis from 'ioredis'\nimport { NotificationEmitter } from '../gateways/notification-emitter.abstract'\nimport { SandboxDto } from '../../sandbox/dto/sandbox.dto'\nimport { SandboxState } from '../../sandbox/enums/sandbox-state.enum'\nimport { SandboxDesiredState } from '../../sandbox/enums/sandbox-desired-state.enum'\nimport { SandboxEvents } from '../../sandbox/constants/sandbox-events.constants'\nimport { SnapshotDto } from '../../sandbox/dto/snapshot.dto'\nimport { SnapshotState } from '../../sandbox/enums/snapshot-state.enum'\nimport { SnapshotEvents } from '../../sandbox/constants/snapshot-events'\nimport { VolumeDto } from '../../sandbox/dto/volume.dto'\nimport { VolumeState } from '../../sandbox/enums/volume-state.enum'\nimport { VolumeEvents } from '../../sandbox/constants/volume-events'\nimport { RunnerDto } from '../../sandbox/dto/runner.dto'\nimport { RunnerState } from '../../sandbox/enums/runner-state.enum'\nimport { RunnerEvents } from '../../sandbox/constants/runner-events'\n\n@Injectable()\nexport class NotificationRedisEmitter extends NotificationEmitter implements OnModuleInit {\n private readonly logger = new Logger(NotificationRedisEmitter.name)\n private emitter: Emitter\n\n constructor(@InjectRedis() private readonly redis: Redis) {\n super()\n }\n\n onModuleInit() {\n this.emitter = new Emitter(this.redis.duplicate())\n this.logger.debug('Socket.io Redis emitter initialized (publish-only)')\n }\n\n emitSandboxCreated(sandbox: SandboxDto) {\n this.emitter.to(sandbox.organizationId).emit(SandboxEvents.CREATED, sandbox)\n }\n\n emitSandboxStateUpdated(sandbox: SandboxDto, oldState: SandboxState, newState: SandboxState) {\n this.emitter.to(sandbox.organizationId).emit(SandboxEvents.STATE_UPDATED, { sandbox, oldState, newState })\n }\n\n emitSandboxDesiredStateUpdated(\n sandbox: SandboxDto,\n oldDesiredState: SandboxDesiredState,\n newDesiredState: SandboxDesiredState,\n ) {\n this.emitter\n .to(sandbox.organizationId)\n .emit(SandboxEvents.DESIRED_STATE_UPDATED, { sandbox, oldDesiredState, newDesiredState })\n }\n\n emitSnapshotCreated(snapshot: SnapshotDto) {\n this.emitter.to(snapshot.organizationId).emit(SnapshotEvents.CREATED, snapshot)\n }\n\n emitSnapshotStateUpdated(snapshot: SnapshotDto, oldState: SnapshotState, newState: SnapshotState) {\n this.emitter\n .to(snapshot.organizationId)\n .emit(SnapshotEvents.STATE_UPDATED, { snapshot: snapshot, oldState, newState })\n }\n\n emitSnapshotRemoved(snapshot: SnapshotDto) {\n this.emitter.to(snapshot.organizationId).emit(SnapshotEvents.REMOVED, snapshot)\n }\n\n emitVolumeCreated(volume: VolumeDto) {\n this.emitter.to(volume.organizationId).emit(VolumeEvents.CREATED, volume)\n }\n\n emitVolumeStateUpdated(volume: VolumeDto, oldState: VolumeState, newState: VolumeState) {\n this.emitter.to(volume.organizationId).emit(VolumeEvents.STATE_UPDATED, { volume, oldState, newState })\n }\n\n emitVolumeLastUsedAtUpdated(volume: VolumeDto) {\n this.emitter.to(volume.organizationId).emit(VolumeEvents.LAST_USED_AT_UPDATED, volume)\n }\n\n emitRunnerCreated(runner: RunnerDto, organizationId: string | null) {\n if (!organizationId) {\n return\n }\n this.emitter.to(organizationId).emit(RunnerEvents.CREATED, runner)\n }\n\n emitRunnerStateUpdated(\n runner: RunnerDto,\n organizationId: string | null,\n oldState: RunnerState,\n newState: RunnerState,\n ) {\n if (!organizationId) {\n return\n }\n this.emitter.to(organizationId).emit(RunnerEvents.STATE_UPDATED, { runner, oldState, newState })\n }\n\n emitRunnerUnschedulableUpdated(runner: RunnerDto, organizationId: string | null) {\n if (!organizationId) {\n return\n }\n this.emitter.to(organizationId).emit(RunnerEvents.UNSCHEDULABLE_UPDATED, runner)\n }\n}\n" }, { "path": "apps/api/src/notification/gateways/notification-emitter.abstract.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { SandboxDto } from '../../sandbox/dto/sandbox.dto'\nimport { SandboxState } from '../../sandbox/enums/sandbox-state.enum'\nimport { SandboxDesiredState } from '../../sandbox/enums/sandbox-desired-state.enum'\nimport { SnapshotDto } from '../../sandbox/dto/snapshot.dto'\nimport { SnapshotState } from '../../sandbox/enums/snapshot-state.enum'\nimport { VolumeDto } from '../../sandbox/dto/volume.dto'\nimport { VolumeState } from '../../sandbox/enums/volume-state.enum'\nimport { RunnerDto } from '../../sandbox/dto/runner.dto'\nimport { RunnerState } from '../../sandbox/enums/runner-state.enum'\n\nexport abstract class NotificationEmitter {\n abstract emitSandboxCreated(sandbox: SandboxDto): void\n abstract emitSandboxStateUpdated(sandbox: SandboxDto, oldState: SandboxState, newState: SandboxState): void\n abstract emitSandboxDesiredStateUpdated(\n sandbox: SandboxDto,\n oldDesiredState: SandboxDesiredState,\n newDesiredState: SandboxDesiredState,\n ): void\n abstract emitSnapshotCreated(snapshot: SnapshotDto): void\n abstract emitSnapshotStateUpdated(snapshot: SnapshotDto, oldState: SnapshotState, newState: SnapshotState): void\n abstract emitSnapshotRemoved(snapshot: SnapshotDto): void\n abstract emitVolumeCreated(volume: VolumeDto): void\n abstract emitVolumeStateUpdated(volume: VolumeDto, oldState: VolumeState, newState: VolumeState): void\n abstract emitVolumeLastUsedAtUpdated(volume: VolumeDto): void\n abstract emitRunnerCreated(runner: RunnerDto, organizationId: string | null): void\n abstract emitRunnerStateUpdated(\n runner: RunnerDto,\n organizationId: string | null,\n oldState: RunnerState,\n newState: RunnerState,\n ): void\n abstract emitRunnerUnschedulableUpdated(runner: RunnerDto, organizationId: string | null): void\n}\n" }, { "path": "apps/api/src/notification/gateways/notification.gateway.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Logger, OnModuleInit, UnauthorizedException } from '@nestjs/common'\nimport { WebSocketGateway, WebSocketServer, OnGatewayInit } from '@nestjs/websockets'\nimport { Server, Socket } from 'socket.io'\nimport { createAdapter } from '@socket.io/redis-adapter'\nimport { SandboxEvents } from '../../sandbox/constants/sandbox-events.constants'\nimport { SandboxState } from '../../sandbox/enums/sandbox-state.enum'\nimport { SandboxDto } from '../../sandbox/dto/sandbox.dto'\nimport { SnapshotDto } from '../../sandbox/dto/snapshot.dto'\nimport { SnapshotEvents } from '../../sandbox/constants/snapshot-events'\nimport { SnapshotState } from '../../sandbox/enums/snapshot-state.enum'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport Redis from 'ioredis'\nimport { JwtStrategy } from '../../auth/jwt.strategy'\nimport { ApiKeyStrategy } from '../../auth/api-key.strategy'\nimport { isAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { VolumeEvents } from '../../sandbox/constants/volume-events'\nimport { VolumeDto } from '../../sandbox/dto/volume.dto'\nimport { VolumeState } from '../../sandbox/enums/volume-state.enum'\nimport { SandboxDesiredState } from '../../sandbox/enums/sandbox-desired-state.enum'\nimport { RunnerDto } from '../../sandbox/dto/runner.dto'\nimport { RunnerState } from '../../sandbox/enums/runner-state.enum'\nimport { RunnerEvents } from '../../sandbox/constants/runner-events'\nimport { NotificationEmitter } from './notification-emitter.abstract'\n\n@WebSocketGateway({\n path: '/api/socket.io/',\n transports: ['websocket'],\n})\nexport class NotificationGateway extends NotificationEmitter implements OnGatewayInit, OnModuleInit {\n private readonly logger = new Logger(NotificationGateway.name)\n\n @WebSocketServer()\n server: Server\n\n constructor(\n private readonly jwtStrategy: JwtStrategy,\n private readonly apiKeyStrategy: ApiKeyStrategy,\n @InjectRedis() private readonly redis: Redis,\n ) {\n super()\n }\n\n onModuleInit() {\n const pubClient = this.redis.duplicate()\n const subClient = pubClient.duplicate()\n this.server.adapter(createAdapter(pubClient, subClient))\n this.logger.debug('Socket.io initialized with Redis adapter')\n }\n\n afterInit(server: Server) {\n this.logger.debug('WebSocket Gateway initialized')\n\n server.use(async (socket: Socket, next) => {\n const token = socket.handshake.auth.token\n if (!token) {\n return next(new UnauthorizedException())\n }\n\n // Try JWT authentication first\n try {\n const payload = await this.jwtStrategy.verifyToken(token)\n\n // Join the user room for user scoped notifications\n await socket.join(payload.sub)\n\n // Join the organization room for organization scoped notifications\n const organizationId = socket.handshake.query.organizationId as string | undefined\n if (organizationId) {\n await socket.join(organizationId)\n }\n\n return next()\n } catch {\n // JWT failed, try API key authentication\n }\n\n // Try API key authentication\n try {\n const authContext = await this.apiKeyStrategy.validate(token)\n\n if (isAuthContext(authContext)) {\n // Join the user room for user scoped notifications\n await socket.join(authContext.userId)\n\n // Join the organization room for organization scoped notifications\n if (authContext.organizationId) {\n await socket.join(authContext.organizationId)\n }\n\n return next()\n }\n\n return next(new UnauthorizedException())\n } catch {\n return next(new UnauthorizedException())\n }\n })\n }\n\n emitSandboxCreated(sandbox: SandboxDto) {\n this.server.to(sandbox.organizationId).emit(SandboxEvents.CREATED, sandbox)\n }\n\n emitSandboxStateUpdated(sandbox: SandboxDto, oldState: SandboxState, newState: SandboxState) {\n this.server.to(sandbox.organizationId).emit(SandboxEvents.STATE_UPDATED, { sandbox, oldState, newState })\n }\n\n emitSandboxDesiredStateUpdated(\n sandbox: SandboxDto,\n oldDesiredState: SandboxDesiredState,\n newDesiredState: SandboxDesiredState,\n ) {\n this.server\n .to(sandbox.organizationId)\n .emit(SandboxEvents.DESIRED_STATE_UPDATED, { sandbox, oldDesiredState, newDesiredState })\n }\n\n emitSnapshotCreated(snapshot: SnapshotDto) {\n this.server.to(snapshot.organizationId).emit(SnapshotEvents.CREATED, snapshot)\n }\n\n emitSnapshotStateUpdated(snapshot: SnapshotDto, oldState: SnapshotState, newState: SnapshotState) {\n this.server\n .to(snapshot.organizationId)\n .emit(SnapshotEvents.STATE_UPDATED, { snapshot: snapshot, oldState, newState })\n }\n\n emitSnapshotRemoved(snapshot: SnapshotDto) {\n this.server.to(snapshot.organizationId).emit(SnapshotEvents.REMOVED, snapshot)\n }\n\n emitVolumeCreated(volume: VolumeDto) {\n this.server.to(volume.organizationId).emit(VolumeEvents.CREATED, volume)\n }\n\n emitVolumeStateUpdated(volume: VolumeDto, oldState: VolumeState, newState: VolumeState) {\n this.server.to(volume.organizationId).emit(VolumeEvents.STATE_UPDATED, { volume, oldState, newState })\n }\n\n emitVolumeLastUsedAtUpdated(volume: VolumeDto) {\n this.server.to(volume.organizationId).emit(VolumeEvents.LAST_USED_AT_UPDATED, volume)\n }\n\n emitRunnerCreated(runner: RunnerDto, organizationId: string | null) {\n if (!organizationId) {\n return\n }\n this.server.to(organizationId).emit(RunnerEvents.CREATED, runner)\n }\n\n emitRunnerStateUpdated(\n runner: RunnerDto,\n organizationId: string | null,\n oldState: RunnerState,\n newState: RunnerState,\n ) {\n if (!organizationId) {\n return\n }\n this.server.to(organizationId).emit(RunnerEvents.STATE_UPDATED, { runner, oldState, newState })\n }\n\n emitRunnerUnschedulableUpdated(runner: RunnerDto, organizationId: string | null) {\n if (!organizationId) {\n return\n }\n this.server.to(organizationId).emit(RunnerEvents.UNSCHEDULABLE_UPDATED, runner)\n }\n}\n" }, { "path": "apps/api/src/notification/notification.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { NotificationService } from './services/notification.service'\nimport { NotificationGateway } from './gateways/notification.gateway'\nimport { NotificationRedisEmitter } from './emitters/notification-redis.emitter'\nimport { NotificationEmitter } from './gateways/notification-emitter.abstract'\nimport { OrganizationModule } from '../organization/organization.module'\nimport { SandboxModule } from '../sandbox/sandbox.module'\nimport { RedisModule } from '@nestjs-modules/ioredis'\nimport { AuthModule } from '../auth/auth.module'\nimport { RegionModule } from '../region/region.module'\nimport { isApiEnabled } from '../common/utils/app-mode'\n\nconst gatewayEnabled = isApiEnabled() && process.env.NOTIFICATION_GATEWAY_DISABLED !== 'true'\n\n@Module({\n imports: [OrganizationModule, SandboxModule, RedisModule, AuthModule, RegionModule],\n providers: [\n NotificationService,\n ...(gatewayEnabled\n ? [NotificationGateway, { provide: NotificationEmitter, useExisting: NotificationGateway }]\n : [{ provide: NotificationEmitter, useClass: NotificationRedisEmitter }]),\n ],\n exports: [NotificationService],\n})\nexport class NotificationModule {}\n" }, { "path": "apps/api/src/notification/services/notification.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { OnEvent } from '@nestjs/event-emitter'\nimport { NotificationEmitter } from '../gateways/notification-emitter.abstract'\nimport { SandboxEvents } from '../../sandbox/constants/sandbox-events.constants'\nimport { SandboxCreatedEvent } from '../../sandbox/events/sandbox-create.event'\nimport { SandboxStateUpdatedEvent } from '../../sandbox/events/sandbox-state-updated.event'\nimport { SnapshotCreatedEvent } from '../../sandbox/events/snapshot-created.event'\nimport { SnapshotEvents } from '../../sandbox/constants/snapshot-events'\nimport { SnapshotDto } from '../../sandbox/dto/snapshot.dto'\nimport { SnapshotStateUpdatedEvent } from '../../sandbox/events/snapshot-state-updated.event'\nimport { SnapshotRemovedEvent } from '../../sandbox/events/snapshot-removed.event'\nimport { VolumeEvents } from '../../sandbox/constants/volume-events'\nimport { VolumeCreatedEvent } from '../../sandbox/events/volume-created.event'\nimport { VolumeDto } from '../../sandbox/dto/volume.dto'\nimport { VolumeStateUpdatedEvent } from '../../sandbox/events/volume-state-updated.event'\nimport { VolumeLastUsedAtUpdatedEvent } from '../../sandbox/events/volume-last-used-at-updated.event'\nimport { SandboxDesiredStateUpdatedEvent } from '../../sandbox/events/sandbox-desired-state-updated.event'\nimport { RunnerEvents } from '../../sandbox/constants/runner-events'\nimport { RunnerDto } from '../../sandbox/dto/runner.dto'\nimport { RunnerCreatedEvent } from '../../sandbox/events/runner-created.event'\nimport { RunnerStateUpdatedEvent } from '../../sandbox/events/runner-state-updated.event'\nimport { RunnerUnschedulableUpdatedEvent } from '../../sandbox/events/runner-unschedulable-updated.event'\nimport { RegionService } from '../../region/services/region.service'\nimport { SandboxService } from '../../sandbox/services/sandbox.service'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport { SANDBOX_EVENT_CHANNEL } from '../../common/constants/constants'\n\n@Injectable()\nexport class NotificationService {\n constructor(\n private readonly notificationEmitter: NotificationEmitter,\n private readonly regionService: RegionService,\n private readonly sandboxService: SandboxService,\n @InjectRedis() private readonly redis: Redis,\n ) {}\n\n @OnEvent(SandboxEvents.CREATED)\n async handleSandboxCreated(event: SandboxCreatedEvent) {\n const dto = await this.sandboxService.toSandboxDto(event.sandbox)\n this.notificationEmitter.emitSandboxCreated(dto)\n }\n\n @OnEvent(SandboxEvents.STATE_UPDATED)\n async handleSandboxStateUpdated(event: SandboxStateUpdatedEvent) {\n const dto = await this.sandboxService.toSandboxDto(event.sandbox)\n this.notificationEmitter.emitSandboxStateUpdated(dto, event.oldState, event.newState)\n this.redis.publish(SANDBOX_EVENT_CHANNEL, JSON.stringify(event))\n }\n\n @OnEvent(SandboxEvents.DESIRED_STATE_UPDATED)\n async handleSandboxDesiredStateUpdated(event: SandboxDesiredStateUpdatedEvent) {\n const dto = await this.sandboxService.toSandboxDto(event.sandbox)\n this.notificationEmitter.emitSandboxDesiredStateUpdated(dto, event.oldDesiredState, event.newDesiredState)\n this.redis.publish(SANDBOX_EVENT_CHANNEL, JSON.stringify(event))\n }\n\n @OnEvent(SnapshotEvents.CREATED)\n async handleSnapshotCreated(event: SnapshotCreatedEvent) {\n const dto = SnapshotDto.fromSnapshot(event.snapshot)\n this.notificationEmitter.emitSnapshotCreated(dto)\n }\n\n @OnEvent(SnapshotEvents.STATE_UPDATED)\n async handleSnapshotStateUpdated(event: SnapshotStateUpdatedEvent) {\n const dto = SnapshotDto.fromSnapshot(event.snapshot)\n this.notificationEmitter.emitSnapshotStateUpdated(dto, event.oldState, event.newState)\n }\n\n @OnEvent(SnapshotEvents.REMOVED)\n async handleSnapshotRemoved(event: SnapshotRemovedEvent) {\n const dto = SnapshotDto.fromSnapshot(event.snapshot)\n this.notificationEmitter.emitSnapshotRemoved(dto)\n }\n\n @OnEvent(VolumeEvents.CREATED)\n async handleVolumeCreated(event: VolumeCreatedEvent) {\n const dto = VolumeDto.fromVolume(event.volume)\n this.notificationEmitter.emitVolumeCreated(dto)\n }\n\n @OnEvent(VolumeEvents.STATE_UPDATED)\n async handleVolumeStateUpdated(event: VolumeStateUpdatedEvent) {\n const dto = VolumeDto.fromVolume(event.volume)\n this.notificationEmitter.emitVolumeStateUpdated(dto, event.oldState, event.newState)\n }\n\n @OnEvent(VolumeEvents.LAST_USED_AT_UPDATED)\n async handleVolumeLastUsedAtUpdated(event: VolumeLastUsedAtUpdatedEvent) {\n const dto = VolumeDto.fromVolume(event.volume)\n this.notificationEmitter.emitVolumeLastUsedAtUpdated(dto)\n }\n\n @OnEvent(RunnerEvents.CREATED)\n async handleRunnerCreated(event: RunnerCreatedEvent) {\n const dto = RunnerDto.fromRunner(event.runner)\n const organizationId = await this.regionService.getOrganizationId(event.runner.region)\n if (organizationId !== undefined) {\n this.notificationEmitter.emitRunnerCreated(dto, organizationId)\n }\n }\n\n @OnEvent(RunnerEvents.STATE_UPDATED)\n async handleRunnerStateUpdated(event: RunnerStateUpdatedEvent) {\n const dto = RunnerDto.fromRunner(event.runner)\n const organizationId = await this.regionService.getOrganizationId(event.runner.region)\n if (organizationId !== undefined) {\n this.notificationEmitter.emitRunnerStateUpdated(dto, organizationId, event.oldState, event.newState)\n }\n }\n\n @OnEvent(RunnerEvents.UNSCHEDULABLE_UPDATED)\n async handleRunnerUnschedulableUpdated(event: RunnerUnschedulableUpdatedEvent) {\n const dto = RunnerDto.fromRunner(event.runner)\n const organizationId = await this.regionService.getOrganizationId(event.runner.region)\n if (organizationId !== undefined) {\n this.notificationEmitter.emitRunnerUnschedulableUpdated(dto, organizationId)\n }\n }\n}\n" }, { "path": "apps/api/src/object-storage/controllers/object-storage.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Controller, Get, UseGuards, HttpCode } from '@nestjs/common'\nimport { ApiOAuth2, ApiTags, ApiOperation, ApiResponse, ApiHeader, ApiBearerAuth } from '@nestjs/swagger'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { ObjectStorageService } from '../services/object-storage.service'\nimport { StorageAccessDto } from '../../sandbox/dto/storage-access-dto'\nimport { CustomHeaders } from '../../common/constants/header.constants'\nimport { OrganizationResourceActionGuard } from '../../organization/guards/organization-resource-action.guard'\nimport { AuthContext } from '../../common/decorators/auth-context.decorator'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\n\n@ApiTags('object-storage')\n@Controller('object-storage')\n@ApiHeader(CustomHeaders.ORGANIZATION_ID)\n@UseGuards(CombinedAuthGuard, OrganizationResourceActionGuard, AuthenticatedRateLimitGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class ObjectStorageController {\n constructor(private readonly objectStorageService: ObjectStorageService) {}\n\n @Get('push-access')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Get temporary storage access for pushing objects',\n operationId: 'getPushAccess',\n })\n @ApiResponse({\n status: 200,\n description: 'Temporary storage access has been generated',\n type: StorageAccessDto,\n })\n async getPushAccess(@AuthContext() authContext: OrganizationAuthContext): Promise {\n return this.objectStorageService.getPushAccess(authContext.organizationId)\n }\n}\n" }, { "path": "apps/api/src/object-storage/object-storage.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { ObjectStorageController } from './controllers/object-storage.controller'\nimport { ObjectStorageService } from './services/object-storage.service'\nimport { ConfigModule } from '@nestjs/config'\nimport { OrganizationModule } from '../organization/organization.module'\n\n@Module({\n imports: [ConfigModule, OrganizationModule],\n controllers: [ObjectStorageController],\n providers: [ObjectStorageService],\n exports: [ObjectStorageService],\n})\nexport class ObjectStorageModule {}\n" }, { "path": "apps/api/src/object-storage/services/object-storage.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { BadRequestException, Injectable, Logger, ServiceUnavailableException } from '@nestjs/common'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { StorageAccessDto } from '../../sandbox/dto/storage-access-dto'\nimport axios from 'axios'\nimport * as aws4 from 'aws4'\nimport * as xml2js from 'xml2js'\nimport { STSClient, AssumeRoleCommand } from '@aws-sdk/client-sts'\n\ninterface S3Config {\n endpoint: string\n stsEndpoint: string\n accessKey: string\n secretKey: string\n bucket: string\n region: string\n accountId?: string\n roleName?: string\n organizationId: string\n policy: any\n}\n\n@Injectable()\nexport class ObjectStorageService {\n private readonly logger = new Logger(ObjectStorageService.name)\n\n constructor(private readonly configService: TypedConfigService) {}\n\n async getPushAccess(organizationId: string): Promise {\n if (!this.configService.get('s3.endpoint')) {\n throw new ServiceUnavailableException('Object storage is not configured')\n }\n\n try {\n const bucket = this.configService.getOrThrow('s3.defaultBucket')\n const s3Config: S3Config = {\n endpoint: this.configService.getOrThrow('s3.endpoint'),\n stsEndpoint: this.configService.getOrThrow('s3.stsEndpoint'),\n accessKey: this.configService.getOrThrow('s3.accessKey'),\n secretKey: this.configService.getOrThrow('s3.secretKey'),\n bucket,\n region: this.configService.getOrThrow('s3.region'),\n accountId: this.configService.getOrThrow('s3.accountId'),\n roleName: this.configService.getOrThrow('s3.roleName'),\n organizationId,\n policy: {\n Version: '2012-10-17',\n Statement: [\n {\n Effect: 'Allow',\n Action: ['s3:PutObject', 's3:GetObject'],\n Resource: [`arn:aws:s3:::${bucket}/${organizationId}/*`],\n },\n // ListBucket only shows object keys and some metadata, not the actual objects\n {\n Effect: 'Allow',\n Action: ['s3:ListBucket'],\n Resource: [`arn:aws:s3:::${bucket}`],\n },\n ],\n },\n }\n\n const isMinioServer = s3Config.endpoint.includes('minio')\n\n if (isMinioServer) {\n return this.getMinioCredentials(s3Config)\n } else {\n return this.getAwsCredentials(s3Config)\n }\n } catch (error) {\n this.logger.error('Storage push access error:', error.response?.data || error.message)\n throw new BadRequestException(`Failed to get temporary credentials: ${error.message}`)\n }\n }\n\n private async getMinioCredentials(config: S3Config): Promise {\n const body = new URLSearchParams({\n Action: 'AssumeRole',\n Version: '2011-06-15',\n DurationSeconds: '3600', // 1 hour (in seconds)\n Policy: JSON.stringify(config.policy),\n })\n\n const requestOptions = {\n host: new URL(config.endpoint).hostname,\n path: '/minio/v1/assume-role',\n service: 'sts',\n method: 'POST',\n body: body.toString(),\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n }\n\n aws4.sign(requestOptions, {\n accessKeyId: config.accessKey,\n secretAccessKey: config.secretKey,\n })\n\n const response = await axios.post(config.stsEndpoint, body.toString(), {\n headers: requestOptions.headers,\n })\n\n const parser = new xml2js.Parser({ explicitArray: false })\n const parsedData = await parser.parseStringPromise(response.data)\n\n if (!parsedData.AssumeRoleResponse.AssumeRoleResult.Credentials) {\n throw new BadRequestException('MinIO STS response did not return expected credentials')\n }\n\n const creds = parsedData.AssumeRoleResponse.AssumeRoleResult.Credentials\n\n return {\n accessKey: creds.AccessKeyId,\n secret: creds.SecretAccessKey,\n sessionToken: creds.SessionToken,\n storageUrl: config.endpoint,\n organizationId: config.organizationId,\n bucket: config.bucket,\n }\n }\n\n private async getAwsCredentials(config: S3Config): Promise {\n try {\n const stsClient = new STSClient({\n region: config.region,\n endpoint: config.stsEndpoint,\n credentials: {\n accessKeyId: config.accessKey,\n secretAccessKey: config.secretKey,\n },\n maxAttempts: 3,\n })\n\n const command = new AssumeRoleCommand({\n RoleArn: `arn:aws:iam::${config.accountId}:role/${config.roleName}`,\n RoleSessionName: `daytona-${config.organizationId}-${Date.now()}`,\n DurationSeconds: 3600, // One hour\n Policy: JSON.stringify(config.policy),\n })\n\n try {\n const response = await stsClient.send(command)\n\n if (!response.Credentials) {\n throw new BadRequestException('AWS STS response did not return expected credentials')\n }\n\n return {\n accessKey: response.Credentials.AccessKeyId,\n secret: response.Credentials.SecretAccessKey,\n sessionToken: response.Credentials.SessionToken,\n storageUrl: config.endpoint,\n organizationId: config.organizationId,\n bucket: config.bucket,\n }\n } catch (error: any) {\n throw new BadRequestException(`Failed to assume role: ${error.message || 'Unknown AWS error'}`)\n }\n } catch (error: any) {\n this.logger.error(`AWS STS client setup error: ${error.message}`, error.stack)\n throw new BadRequestException(`Failed to setup AWS client: ${error.message}`)\n }\n }\n}\n" }, { "path": "apps/api/src/openapi-webhooks.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { OpenAPIObject, getSchemaPath } from '@nestjs/swagger'\nimport { WebhookEvent } from './webhook/constants/webhook-events.constants'\nimport {\n SandboxCreatedWebhookDto,\n SandboxStateUpdatedWebhookDto,\n SnapshotCreatedWebhookDto,\n SnapshotStateUpdatedWebhookDto,\n SnapshotRemovedWebhookDto,\n VolumeCreatedWebhookDto,\n VolumeStateUpdatedWebhookDto,\n} from './webhook/dto/webhook-event-payloads.dto'\n\nexport interface OpenAPIObjectWithWebhooks extends OpenAPIObject {\n webhooks?: {\n [key: string]: {\n post: {\n requestBody: {\n description: string\n content: {\n 'application/json': {\n schema: any\n }\n }\n }\n responses: {\n [statusCode: string]: {\n description: string\n }\n }\n }\n }\n }\n}\n\nexport function addWebhookDocumentation(document: OpenAPIObject): OpenAPIObjectWithWebhooks {\n return {\n ...document,\n webhooks: {\n [WebhookEvent.SANDBOX_CREATED]: {\n post: {\n requestBody: {\n description: 'Sandbox created event',\n content: {\n 'application/json': {\n schema: { $ref: getSchemaPath(SandboxCreatedWebhookDto) },\n },\n },\n },\n responses: {\n '200': {\n description: 'Webhook received successfully',\n },\n },\n },\n },\n [WebhookEvent.SANDBOX_STATE_UPDATED]: {\n post: {\n requestBody: {\n description: 'Sandbox state updated event',\n content: {\n 'application/json': {\n schema: { $ref: getSchemaPath(SandboxStateUpdatedWebhookDto) },\n },\n },\n },\n responses: {\n '200': {\n description: 'Webhook received successfully',\n },\n },\n },\n },\n [WebhookEvent.SNAPSHOT_CREATED]: {\n post: {\n requestBody: {\n description: 'Snapshot created event',\n content: {\n 'application/json': {\n schema: { $ref: getSchemaPath(SnapshotCreatedWebhookDto) },\n },\n },\n },\n responses: {\n '200': {\n description: 'Webhook received successfully',\n },\n },\n },\n },\n [WebhookEvent.SNAPSHOT_STATE_UPDATED]: {\n post: {\n requestBody: {\n description: 'Snapshot state updated event',\n content: {\n 'application/json': {\n schema: { $ref: getSchemaPath(SnapshotStateUpdatedWebhookDto) },\n },\n },\n },\n responses: {\n '200': {\n description: 'Webhook received successfully',\n },\n },\n },\n },\n [WebhookEvent.SNAPSHOT_REMOVED]: {\n post: {\n requestBody: {\n description: 'Snapshot removed event',\n content: {\n 'application/json': {\n schema: { $ref: getSchemaPath(SnapshotRemovedWebhookDto) },\n },\n },\n },\n responses: {\n '200': {\n description: 'Webhook received successfully',\n },\n },\n },\n },\n [WebhookEvent.VOLUME_CREATED]: {\n post: {\n requestBody: {\n description: 'Volume created event',\n content: {\n 'application/json': {\n schema: { $ref: getSchemaPath(VolumeCreatedWebhookDto) },\n },\n },\n },\n responses: {\n '200': {\n description: 'Webhook received successfully',\n },\n },\n },\n },\n [WebhookEvent.VOLUME_STATE_UPDATED]: {\n post: {\n requestBody: {\n description: 'Volume state updated event',\n content: {\n 'application/json': {\n schema: { $ref: getSchemaPath(VolumeStateUpdatedWebhookDto) },\n },\n },\n },\n responses: {\n '200': {\n description: 'Webhook received successfully',\n },\n },\n },\n },\n },\n }\n}\n" }, { "path": "apps/api/src/openapi.config.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { DocumentBuilder } from '@nestjs/swagger'\n\nconst getOpenApiConfig = (oidcIssuer: string) =>\n new DocumentBuilder()\n .setTitle('Daytona')\n .addServer('http://localhost:3000')\n .setDescription('Daytona AI platform API Docs')\n .setContact('Daytona Platforms Inc.', 'https://www.daytona.io', 'support@daytona.com')\n .setVersion('1.0')\n .addBearerAuth({\n type: 'http',\n scheme: 'bearer',\n description: 'API Key access',\n })\n .addOAuth2({\n type: 'openIdConnect',\n flows: undefined,\n openIdConnectUrl: `${oidcIssuer}/.well-known/openid-configuration`,\n })\n .build()\n\nexport { getOpenApiConfig }\n" }, { "path": "apps/api/src/organization/constants/global-organization-roles.constant.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const GlobalOrganizationRolesIds = {\n DEVELOPER: '00000000-0000-0000-0000-000000000001',\n SANDBOXES_ADMIN: '00000000-0000-0000-0000-000000000002',\n SNAPSHOTS_ADMIN: '00000000-0000-0000-0000-000000000003',\n REGISTRIES_ADMIN: '00000000-0000-0000-0000-000000000004',\n SUPER_ADMIN: '00000000-0000-0000-0000-000000000005',\n VOLUMES_ADMIN: '00000000-0000-0000-0000-000000000006',\n AUDITOR: '00000000-0000-0000-0000-000000000007',\n INFRASTRUCTURE_ADMIN: '00000000-0000-0000-0000-000000000008',\n} as const\n" }, { "path": "apps/api/src/organization/constants/organization-events.constant.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const OrganizationEvents = {\n INVITATION_CREATED: 'invitation.created',\n INVITATION_ACCEPTED: 'invitation.accepted',\n INVITATION_DECLINED: 'invitation.declined',\n INVITATION_CANCELLED: 'invitation.cancelled',\n CREATED: 'organization.created',\n SUSPENDED_SANDBOX_STOPPED: 'organization.suspended-sandbox-stopped',\n SUSPENDED_SNAPSHOT_DEACTIVATED: 'organization.suspended-snapshot-deactivated',\n PERMISSIONS_UNASSIGNED: 'permissions.unassigned',\n} as const\n" }, { "path": "apps/api/src/organization/constants/sandbox-states-consuming-compute.constant.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { SandboxState } from '../../sandbox/enums/sandbox-state.enum'\n\nexport const SANDBOX_STATES_CONSUMING_COMPUTE: SandboxState[] = [\n SandboxState.CREATING,\n SandboxState.RESTORING,\n SandboxState.STARTED,\n SandboxState.STARTING,\n SandboxState.STOPPING,\n SandboxState.PENDING_BUILD,\n SandboxState.BUILDING_SNAPSHOT,\n SandboxState.UNKNOWN,\n SandboxState.PULLING_SNAPSHOT,\n]\n" }, { "path": "apps/api/src/organization/constants/sandbox-states-consuming-disk.constant.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { SandboxState } from '../../sandbox/enums/sandbox-state.enum'\nimport { SANDBOX_STATES_CONSUMING_COMPUTE } from './sandbox-states-consuming-compute.constant'\n\nexport const SANDBOX_STATES_CONSUMING_DISK: SandboxState[] = [\n ...SANDBOX_STATES_CONSUMING_COMPUTE,\n SandboxState.STOPPED,\n SandboxState.ARCHIVING,\n SandboxState.RESIZING,\n]\n" }, { "path": "apps/api/src/organization/constants/snapshot-states-consuming-resources.constant.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { SnapshotState } from '../../sandbox/enums/snapshot-state.enum'\n\nexport const SNAPSHOT_STATES_CONSUMING_RESOURCES: SnapshotState[] = [\n SnapshotState.BUILDING,\n SnapshotState.PENDING,\n SnapshotState.PULLING,\n SnapshotState.ACTIVE,\n]\n" }, { "path": "apps/api/src/organization/constants/volume-states-consuming-resources.constant.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { VolumeState } from '../../sandbox/enums/volume-state.enum'\n\nexport const VOLUME_STATES_CONSUMING_RESOURCES: VolumeState[] = [\n VolumeState.CREATING,\n VolumeState.READY,\n VolumeState.PENDING_CREATE,\n VolumeState.PENDING_DELETE,\n VolumeState.DELETING,\n]\n" }, { "path": "apps/api/src/organization/controllers/organization-invitation.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Body, Controller, Get, Param, Post, Put, UseGuards } from '@nestjs/common'\nimport { AuthGuard } from '@nestjs/passport'\nimport { ApiOAuth2, ApiTags, ApiOperation, ApiResponse, ApiParam, ApiBearerAuth } from '@nestjs/swagger'\nimport { RequiredOrganizationMemberRole } from '../decorators/required-organization-member-role.decorator'\nimport { CreateOrganizationInvitationDto } from '../dto/create-organization-invitation.dto'\nimport { UpdateOrganizationInvitationDto } from '../dto/update-organization-invitation.dto'\nimport { OrganizationInvitationDto } from '../dto/organization-invitation.dto'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\nimport { OrganizationActionGuard } from '../guards/organization-action.guard'\nimport { OrganizationInvitationService } from '../services/organization-invitation.service'\nimport { AuthContext } from '../../common/decorators/auth-context.decorator'\nimport { AuthContext as IAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { Audit, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\n\n@ApiTags('organizations')\n@Controller('organizations/:organizationId/invitations')\n@UseGuards(AuthGuard('jwt'), AuthenticatedRateLimitGuard, OrganizationActionGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class OrganizationInvitationController {\n constructor(private readonly organizationInvitationService: OrganizationInvitationService) {}\n\n @Post()\n @ApiOperation({\n summary: 'Create organization invitation',\n operationId: 'createOrganizationInvitation',\n })\n @ApiResponse({\n status: 201,\n description: 'Organization invitation created successfully',\n type: OrganizationInvitationDto,\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @RequiredOrganizationMemberRole(OrganizationMemberRole.OWNER)\n @Audit({\n action: AuditAction.CREATE,\n targetType: AuditTarget.ORGANIZATION_INVITATION,\n targetIdFromResult: (result: OrganizationInvitationDto) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n email: req.body?.email,\n role: req.body?.role,\n assignedRoleIds: req.body?.assignedRoleIds,\n expiresAt: req.body?.expiresAt,\n }),\n },\n })\n async create(\n @AuthContext() authContext: IAuthContext,\n @Param('organizationId') organizationId: string,\n @Body() createOrganizationInvitationDto: CreateOrganizationInvitationDto,\n ): Promise {\n const invitation = await this.organizationInvitationService.create(\n organizationId,\n createOrganizationInvitationDto,\n authContext.email,\n )\n return OrganizationInvitationDto.fromOrganizationInvitation(invitation)\n }\n\n @Put('/:invitationId')\n @ApiOperation({\n summary: 'Update organization invitation',\n operationId: 'updateOrganizationInvitation',\n })\n @ApiResponse({\n status: 200,\n description: 'Organization invitation updated successfully',\n type: OrganizationInvitationDto,\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @ApiParam({\n name: 'invitationId',\n description: 'Invitation ID',\n type: 'string',\n })\n @RequiredOrganizationMemberRole(OrganizationMemberRole.OWNER)\n @Audit({\n action: AuditAction.UPDATE,\n targetType: AuditTarget.ORGANIZATION_INVITATION,\n targetIdFromRequest: (req) => req.params.invitationId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n role: req.body?.role,\n assignedRoleIds: req.body?.assignedRoleIds,\n expiresAt: req.body?.expiresAt,\n }),\n },\n })\n async update(\n @Param('organizationId') organizationId: string,\n @Param('invitationId') invitationId: string,\n @Body() updateOrganizationInvitationDto: UpdateOrganizationInvitationDto,\n ): Promise {\n const invitation = await this.organizationInvitationService.update(invitationId, updateOrganizationInvitationDto)\n return OrganizationInvitationDto.fromOrganizationInvitation(invitation)\n }\n\n @Get()\n @ApiOperation({\n summary: 'List pending organization invitations',\n operationId: 'listOrganizationInvitations',\n })\n @ApiResponse({\n status: 200,\n description: 'List of pending organization invitations',\n type: [OrganizationInvitationDto],\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n async findPending(@Param('organizationId') organizationId: string): Promise {\n const invitations = await this.organizationInvitationService.findPending(organizationId)\n return invitations.map(OrganizationInvitationDto.fromOrganizationInvitation)\n }\n\n @Post('/:invitationId/cancel')\n @ApiOperation({\n summary: 'Cancel organization invitation',\n operationId: 'cancelOrganizationInvitation',\n })\n @ApiResponse({\n status: 204,\n description: 'Organization invitation cancelled successfully',\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @ApiParam({\n name: 'invitationId',\n description: 'Invitation ID',\n type: 'string',\n })\n @RequiredOrganizationMemberRole(OrganizationMemberRole.OWNER)\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.ORGANIZATION_INVITATION,\n targetIdFromRequest: (req) => req.params.invitationId,\n })\n async cancel(\n @Param('organizationId') organizationId: string,\n @Param('invitationId') invitationId: string,\n ): Promise {\n return this.organizationInvitationService.cancel(invitationId)\n }\n}\n" }, { "path": "apps/api/src/organization/controllers/organization-region.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Controller,\n Get,\n Logger,\n UseGuards,\n HttpCode,\n Post,\n UseInterceptors,\n Body,\n Param,\n NotFoundException,\n Delete,\n Patch,\n} from '@nestjs/common'\nimport { ApiOAuth2, ApiResponse, ApiOperation, ApiTags, ApiBearerAuth, ApiParam, ApiHeader } from '@nestjs/swagger'\nimport { RequiredOrganizationResourcePermissions } from '../decorators/required-organization-resource-permissions.decorator'\nimport { OrganizationResourcePermission } from '../enums/organization-resource-permission.enum'\nimport { OrganizationResourceActionGuard } from '../guards/organization-resource-action.guard'\nimport { OrganizationService } from '../services/organization.service'\nimport { Audit, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { ContentTypeInterceptor } from '../../common/interceptors/content-type.interceptors'\nimport { CreateRegionDto, CreateRegionResponseDto } from '../../region/dto/create-region.dto'\nimport { RegionDto } from '../../region/dto/region.dto'\nimport { RegionService } from '../../region/services/region.service'\nimport { RegionAccessGuard } from '../../region/guards/region-access.guard'\nimport { RegenerateApiKeyResponseDto } from '../../region/dto/regenerate-api-key.dto'\nimport { RegionType } from '../../region/enums/region-type.enum'\nimport { RequireFlagsEnabled } from '@openfeature/nestjs-sdk'\nimport { FeatureFlags } from '../../common/constants/feature-flags'\nimport { CustomHeaders } from '../../common/constants/header.constants'\nimport { AuthContext } from '../../common/decorators/auth-context.decorator'\nimport { OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { SnapshotManagerCredentialsDto } from '../../region/dto/snapshot-manager-credentials.dto'\nimport { UpdateRegionDto } from '../../region/dto/update-region.dto'\n\n@ApiTags('organizations')\n@Controller('regions')\n@ApiHeader(CustomHeaders.ORGANIZATION_ID)\n@UseGuards(CombinedAuthGuard, OrganizationResourceActionGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class OrganizationRegionController {\n private readonly logger = new Logger(OrganizationRegionController.name)\n\n constructor(\n private readonly regionService: RegionService,\n private readonly organizationService: OrganizationService,\n ) {}\n\n @Get()\n @HttpCode(200)\n @ApiOperation({\n summary: 'List all available regions for the organization',\n operationId: 'listAvailableRegions',\n })\n @ApiResponse({\n status: 200,\n description: 'List of all available regions',\n type: [RegionDto],\n })\n async listAvailableRegions(@AuthContext() authContext: OrganizationAuthContext): Promise {\n return this.organizationService.listAvailableRegions(authContext.organizationId)\n }\n\n @Post()\n @HttpCode(201)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: 'Create a new region',\n operationId: 'createRegion',\n })\n @ApiResponse({\n status: 201,\n description: 'The region has been successfully created.',\n type: CreateRegionResponseDto,\n })\n @Audit({\n action: AuditAction.CREATE,\n targetType: AuditTarget.REGION,\n targetIdFromResult: (result: RegionDto) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n name: req.body?.name,\n }),\n },\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_REGIONS])\n @RequireFlagsEnabled({ flags: [{ flagKey: FeatureFlags.ORGANIZATION_INFRASTRUCTURE, defaultValue: false }] })\n async createRegion(\n @AuthContext() authContext: OrganizationAuthContext,\n @Body() createRegionDto: CreateRegionDto,\n ): Promise {\n return await this.regionService.create(\n {\n ...createRegionDto,\n enforceQuotas: false,\n regionType: RegionType.CUSTOM,\n },\n authContext.organizationId,\n )\n }\n\n @Get(':id')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Get region by ID',\n operationId: 'getRegionById',\n })\n @ApiResponse({\n status: 200,\n type: RegionDto,\n })\n @ApiParam({\n name: 'id',\n description: 'Region ID',\n type: String,\n })\n @UseGuards(RegionAccessGuard)\n async getRegionById(@Param('id') id: string): Promise {\n const region = await this.regionService.findOne(id)\n if (!region) {\n throw new NotFoundException('Region not found')\n }\n return RegionDto.fromRegion(region)\n }\n\n @Delete(':id')\n @HttpCode(204)\n @ApiOperation({\n summary: 'Delete a region',\n operationId: 'deleteRegion',\n })\n @ApiResponse({\n status: 204,\n description: 'The region has been successfully deleted.',\n })\n @ApiParam({\n name: 'id',\n description: 'Region ID',\n })\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.REGION,\n targetIdFromRequest: (req) => req.params.id,\n })\n @UseGuards(RegionAccessGuard)\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.DELETE_REGIONS])\n @RequireFlagsEnabled({ flags: [{ flagKey: FeatureFlags.ORGANIZATION_INFRASTRUCTURE, defaultValue: false }] })\n async deleteRegion(@Param('id') id: string): Promise {\n await this.regionService.delete(id)\n }\n\n @Post(':id/regenerate-proxy-api-key')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: 'Regenerate proxy API key for a region',\n operationId: 'regenerateProxyApiKey',\n })\n @ApiResponse({\n status: 200,\n description: 'The proxy API key has been successfully regenerated.',\n type: RegenerateApiKeyResponseDto,\n })\n @ApiParam({\n name: 'id',\n description: 'Region ID',\n type: String,\n })\n @Audit({\n action: AuditAction.REGENERATE_PROXY_API_KEY,\n targetType: AuditTarget.REGION,\n targetIdFromRequest: (req) => req.params.id,\n })\n @UseGuards(RegionAccessGuard)\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_REGIONS])\n @RequireFlagsEnabled({ flags: [{ flagKey: FeatureFlags.ORGANIZATION_INFRASTRUCTURE, defaultValue: false }] })\n async regenerateProxyApiKey(@Param('id') id: string): Promise {\n const apiKey = await this.regionService.regenerateProxyApiKey(id)\n return new RegenerateApiKeyResponseDto(apiKey)\n }\n\n @Patch(':id')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: 'Update region configuration',\n operationId: 'updateRegion',\n })\n @ApiParam({\n name: 'id',\n description: 'Region ID',\n type: String,\n })\n @Audit({\n action: AuditAction.UPDATE,\n targetType: AuditTarget.REGION,\n targetIdFromRequest: (req) => req.params.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n ...req.body,\n }),\n },\n })\n @UseGuards(RegionAccessGuard)\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_REGIONS])\n @RequireFlagsEnabled({ flags: [{ flagKey: FeatureFlags.ORGANIZATION_INFRASTRUCTURE, defaultValue: false }] })\n async updateRegion(@Param('id') id: string, @Body() updateRegionDto: UpdateRegionDto): Promise {\n return await this.regionService.update(id, updateRegionDto)\n }\n\n @Post(':id/regenerate-ssh-gateway-api-key')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: 'Regenerate SSH gateway API key for a region',\n operationId: 'regenerateSshGatewayApiKey',\n })\n @ApiResponse({\n status: 200,\n description: 'The SSH gateway API key has been successfully regenerated.',\n type: RegenerateApiKeyResponseDto,\n })\n @ApiParam({\n name: 'id',\n description: 'Region ID',\n type: String,\n })\n @Audit({\n action: AuditAction.REGENERATE_SSH_GATEWAY_API_KEY,\n targetType: AuditTarget.REGION,\n targetIdFromRequest: (req) => req.params.id,\n })\n @UseGuards(RegionAccessGuard)\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_REGIONS])\n @RequireFlagsEnabled({ flags: [{ flagKey: FeatureFlags.ORGANIZATION_INFRASTRUCTURE, defaultValue: false }] })\n async regenerateSshGatewayApiKey(@Param('id') id: string): Promise {\n const apiKey = await this.regionService.regenerateSshGatewayApiKey(id)\n return new RegenerateApiKeyResponseDto(apiKey)\n }\n\n @Post(':id/regenerate-snapshot-manager-credentials')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: 'Regenerate snapshot manager credentials for a region',\n operationId: 'regenerateSnapshotManagerCredentials',\n })\n @ApiResponse({\n status: 200,\n description: 'The snapshot manager credentials have been successfully regenerated.',\n type: SnapshotManagerCredentialsDto,\n })\n @ApiParam({\n name: 'id',\n description: 'Region ID',\n type: String,\n })\n @Audit({\n action: AuditAction.REGENERATE_SNAPSHOT_MANAGER_CREDENTIALS,\n targetType: AuditTarget.REGION,\n targetIdFromRequest: (req) => req.params.id,\n })\n @UseGuards(RegionAccessGuard)\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_REGIONS])\n @RequireFlagsEnabled({ flags: [{ flagKey: FeatureFlags.ORGANIZATION_INFRASTRUCTURE, defaultValue: false }] })\n async regenerateSnapshotManagerCredentials(@Param('id') id: string): Promise {\n return await this.regionService.regenerateSnapshotManagerCredentials(id)\n }\n}\n" }, { "path": "apps/api/src/organization/controllers/organization-role.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Body, Controller, Delete, Get, Param, Post, Put, UseGuards } from '@nestjs/common'\nimport { AuthGuard } from '@nestjs/passport'\nimport { ApiOAuth2, ApiTags, ApiOperation, ApiResponse, ApiParam, ApiBearerAuth } from '@nestjs/swagger'\nimport { RequiredOrganizationMemberRole } from '../decorators/required-organization-member-role.decorator'\nimport { CreateOrganizationRoleDto } from '../dto/create-organization-role.dto'\nimport { UpdateOrganizationRoleDto } from '../dto/update-organization-role.dto'\nimport { OrganizationRoleDto } from '../dto/organization-role.dto'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\nimport { OrganizationActionGuard } from '../guards/organization-action.guard'\nimport { OrganizationRoleService } from '../services/organization-role.service'\nimport { Audit, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\n\n@ApiTags('organizations')\n@Controller('organizations/:organizationId/roles')\n@UseGuards(AuthGuard('jwt'), AuthenticatedRateLimitGuard, OrganizationActionGuard)\n@RequiredOrganizationMemberRole(OrganizationMemberRole.OWNER)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class OrganizationRoleController {\n constructor(private readonly organizationRoleService: OrganizationRoleService) {}\n\n @Post()\n @ApiOperation({\n summary: 'Create organization role',\n operationId: 'createOrganizationRole',\n })\n @ApiResponse({\n status: 201,\n description: 'Organization role created successfully',\n type: OrganizationRoleDto,\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @Audit({\n action: AuditAction.CREATE,\n targetType: AuditTarget.ORGANIZATION_ROLE,\n targetIdFromResult: (result: OrganizationRoleDto) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n name: req.body?.name,\n description: req.body?.description,\n permissions: req.body?.permissions,\n }),\n },\n })\n async create(\n @Param('organizationId') organizationId: string,\n @Body() createOrganizationRoleDto: CreateOrganizationRoleDto,\n ): Promise {\n const role = await this.organizationRoleService.create(organizationId, createOrganizationRoleDto)\n return OrganizationRoleDto.fromOrganizationRole(role)\n }\n\n @Get()\n @ApiOperation({\n summary: 'List organization roles',\n operationId: 'listOrganizationRoles',\n })\n @ApiResponse({\n status: 200,\n description: 'List of organization roles',\n type: [OrganizationRoleDto],\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n async findAll(@Param('organizationId') organizationId: string): Promise {\n const roles = await this.organizationRoleService.findAll(organizationId)\n return roles.map(OrganizationRoleDto.fromOrganizationRole)\n }\n\n @Put('/:roleId')\n @ApiOperation({\n summary: 'Update organization role',\n operationId: 'updateOrganizationRole',\n })\n @ApiResponse({\n status: 200,\n description: 'Role updated successfully',\n type: OrganizationRoleDto,\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @ApiParam({\n name: 'roleId',\n description: 'Role ID',\n type: 'string',\n })\n @Audit({\n action: AuditAction.UPDATE,\n targetType: AuditTarget.ORGANIZATION_ROLE,\n targetIdFromRequest: (req) => req.params.roleId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n name: req.body?.name,\n description: req.body?.description,\n permissions: req.body?.permissions,\n }),\n },\n })\n async updateRole(\n @Param('organizationId') organizationId: string,\n @Param('roleId') roleId: string,\n @Body() updateOrganizationRoleDto: UpdateOrganizationRoleDto,\n ): Promise {\n const updatedRole = await this.organizationRoleService.update(roleId, updateOrganizationRoleDto)\n return OrganizationRoleDto.fromOrganizationRole(updatedRole)\n }\n\n @Delete('/:roleId')\n @ApiOperation({\n summary: 'Delete organization role',\n operationId: 'deleteOrganizationRole',\n })\n @ApiResponse({\n status: 204,\n description: 'Organization role deleted successfully',\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @ApiParam({\n name: 'roleId',\n description: 'Role ID',\n type: 'string',\n })\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.ORGANIZATION_ROLE,\n targetIdFromRequest: (req) => req.params.roleId,\n })\n async delete(@Param('organizationId') organizationId: string, @Param('roleId') roleId: string): Promise {\n return this.organizationRoleService.delete(roleId)\n }\n}\n" }, { "path": "apps/api/src/organization/controllers/organization-user.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Body, Controller, Delete, ForbiddenException, Get, Param, Post, UseGuards } from '@nestjs/common'\nimport { AuthGuard } from '@nestjs/passport'\nimport { ApiOAuth2, ApiTags, ApiOperation, ApiResponse, ApiParam, ApiBearerAuth } from '@nestjs/swagger'\nimport { RequiredOrganizationMemberRole } from '../decorators/required-organization-member-role.decorator'\nimport { UpdateOrganizationMemberAccessDto } from '../dto/update-organization-member-access.dto'\nimport { OrganizationUserDto } from '../dto/organization-user.dto'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\nimport { OrganizationActionGuard } from '../guards/organization-action.guard'\nimport { OrganizationUserService } from '../services/organization-user.service'\nimport { AuthContext } from '../../common/decorators/auth-context.decorator'\nimport { AuthContext as IAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { Audit, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\n\n@ApiTags('organizations')\n@Controller('organizations/:organizationId/users')\n@UseGuards(AuthGuard('jwt'), AuthenticatedRateLimitGuard, OrganizationActionGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class OrganizationUserController {\n constructor(private readonly organizationUserService: OrganizationUserService) {}\n\n @Get()\n @ApiOperation({\n summary: 'List organization members',\n operationId: 'listOrganizationMembers',\n })\n @ApiResponse({\n status: 200,\n description: 'List of organization members',\n type: [OrganizationUserDto],\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n async findAll(@Param('organizationId') organizationId: string): Promise {\n return this.organizationUserService.findAll(organizationId)\n }\n\n @Post('/:userId/access')\n @ApiOperation({\n summary: 'Update access for organization member',\n operationId: 'updateAccessForOrganizationMember',\n })\n @ApiResponse({\n status: 200,\n description: 'Access updated successfully',\n type: OrganizationUserDto,\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @ApiParam({\n name: 'userId',\n description: 'User ID',\n type: 'string',\n })\n @RequiredOrganizationMemberRole(OrganizationMemberRole.OWNER)\n @Audit({\n action: AuditAction.UPDATE_ACCESS,\n targetType: AuditTarget.ORGANIZATION_USER,\n targetIdFromRequest: (req) => req.params.userId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n role: req.body?.role,\n assignedRoleIds: req.body?.assignedRoleIds,\n }),\n },\n })\n async updateAccess(\n @AuthContext() authContext: IAuthContext,\n @Param('organizationId') organizationId: string,\n @Param('userId') userId: string,\n @Body() dto: UpdateOrganizationMemberAccessDto,\n ): Promise {\n if (authContext.userId === userId) {\n throw new ForbiddenException('You cannot update your own access')\n }\n\n return this.organizationUserService.updateAccess(organizationId, userId, dto.role, dto.assignedRoleIds)\n }\n\n @Delete('/:userId')\n @ApiOperation({\n summary: 'Delete organization member',\n operationId: 'deleteOrganizationMember',\n })\n @ApiResponse({\n status: 204,\n description: 'User removed from organization successfully',\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @ApiParam({\n name: 'userId',\n description: 'User ID',\n type: 'string',\n })\n @RequiredOrganizationMemberRole(OrganizationMemberRole.OWNER)\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.ORGANIZATION_USER,\n targetIdFromRequest: (req) => req.params.userId,\n })\n async delete(@Param('organizationId') organizationId: string, @Param('userId') userId: string): Promise {\n return this.organizationUserService.delete(organizationId, userId)\n }\n}\n" }, { "path": "apps/api/src/organization/controllers/organization.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Body,\n Controller,\n Delete,\n ForbiddenException,\n Get,\n HttpCode,\n NotFoundException,\n Param,\n Patch,\n Post,\n Put,\n UseGuards,\n} from '@nestjs/common'\nimport { AuthGuard } from '@nestjs/passport'\nimport { ApiOAuth2, ApiTags, ApiOperation, ApiResponse, ApiParam, ApiBody, ApiBearerAuth } from '@nestjs/swagger'\nimport { RequiredOrganizationMemberRole } from '../decorators/required-organization-member-role.decorator'\nimport { CreateOrganizationDto } from '../dto/create-organization.dto'\nimport { OrganizationDto } from '../dto/organization.dto'\nimport { OrganizationInvitationDto } from '../dto/organization-invitation.dto'\nimport { OrganizationUsageOverviewDto } from '../dto/organization-usage-overview.dto'\nimport { UpdateOrganizationQuotaDto } from '../dto/update-organization-quota.dto'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\nimport { OrganizationActionGuard } from '../guards/organization-action.guard'\nimport { OrganizationService } from '../services/organization.service'\nimport { OrganizationUserService } from '../services/organization-user.service'\nimport { OrganizationInvitationService } from '../services/organization-invitation.service'\nimport { AuthContext } from '../../common/decorators/auth-context.decorator'\nimport { AuthContext as IAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { SystemActionGuard } from '../../auth/system-action.guard'\nimport { RequiredApiRole, RequiredSystemRole } from '../../common/decorators/required-role.decorator'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { OrganizationSuspensionDto } from '../dto/organization-suspension.dto'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { UserService } from '../../user/user.service'\nimport { Audit, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { EmailUtils } from '../../common/utils/email.util'\nimport { OrganizationUsageService } from '../services/organization-usage.service'\nimport { OrganizationSandboxDefaultLimitedNetworkEgressDto } from '../dto/organization-sandbox-default-limited-network-egress.dto'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\nimport { UpdateOrganizationRegionQuotaDto } from '../dto/update-organization-region-quota.dto'\nimport { UpdateOrganizationDefaultRegionDto } from '../dto/update-organization-default-region.dto'\nimport { RegionQuotaDto } from '../dto/region-quota.dto'\nimport { RequireFlagsEnabled } from '@openfeature/nestjs-sdk'\nimport { OrGuard } from '../../auth/or.guard'\nimport { OtelCollectorGuard } from '../../auth/otel-collector.guard'\nimport { OtelConfigDto } from '../dto/otel-config.dto'\n\n@ApiTags('organizations')\n@Controller('organizations')\n// TODO: Rethink this. Can we allow access to these methods with API keys as well?\n// @UseGuards(AuthGuard('jwt'))\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class OrganizationController {\n constructor(\n private readonly organizationService: OrganizationService,\n private readonly organizationUserService: OrganizationUserService,\n private readonly organizationInvitationService: OrganizationInvitationService,\n private readonly organizationUsageService: OrganizationUsageService,\n private readonly userService: UserService,\n private readonly configService: TypedConfigService,\n ) {}\n\n @Get('/invitations')\n @ApiOperation({\n summary: 'List organization invitations for authenticated user',\n operationId: 'listOrganizationInvitationsForAuthenticatedUser',\n })\n @ApiResponse({\n status: 200,\n description: 'List of organization invitations',\n type: [OrganizationInvitationDto],\n })\n @UseGuards(AuthGuard('jwt'))\n async findInvitationsByUser(@AuthContext() authContext: IAuthContext): Promise {\n const invitations = await this.organizationInvitationService.findByUser(authContext.userId)\n return invitations.map(OrganizationInvitationDto.fromOrganizationInvitation)\n }\n\n @Get('/invitations/count')\n @ApiOperation({\n summary: 'Get count of organization invitations for authenticated user',\n operationId: 'getOrganizationInvitationsCountForAuthenticatedUser',\n })\n @ApiResponse({\n status: 200,\n description: 'Count of organization invitations',\n type: Number,\n })\n @UseGuards(AuthGuard('jwt'))\n async getInvitationsCountByUser(@AuthContext() authContext: IAuthContext): Promise {\n return this.organizationInvitationService.getCountByUser(authContext.userId)\n }\n\n @Post('/invitations/:invitationId/accept')\n @ApiOperation({\n summary: 'Accept organization invitation',\n operationId: 'acceptOrganizationInvitation',\n })\n @ApiResponse({\n status: 200,\n description: 'Organization invitation accepted successfully',\n type: OrganizationInvitationDto,\n })\n @ApiParam({\n name: 'invitationId',\n description: 'Invitation ID',\n type: 'string',\n })\n @UseGuards(AuthGuard('jwt'))\n @Audit({\n action: AuditAction.ACCEPT,\n targetType: AuditTarget.ORGANIZATION_INVITATION,\n targetIdFromRequest: (req) => req.params.invitationId,\n })\n async acceptInvitation(\n @AuthContext() authContext: IAuthContext,\n @Param('invitationId') invitationId: string,\n ): Promise {\n try {\n const invitation = await this.organizationInvitationService.findOneOrFail(invitationId)\n if (!EmailUtils.areEqual(invitation.email, authContext.email)) {\n throw new ForbiddenException('User email does not match invitation email')\n }\n } catch (error) {\n throw new NotFoundException(`Organization invitation with ID ${invitationId} not found`)\n }\n\n const acceptedInvitation = await this.organizationInvitationService.accept(invitationId, authContext.userId)\n return OrganizationInvitationDto.fromOrganizationInvitation(acceptedInvitation)\n }\n\n @Post('/invitations/:invitationId/decline')\n @ApiOperation({\n summary: 'Decline organization invitation',\n operationId: 'declineOrganizationInvitation',\n })\n @ApiResponse({\n status: 200,\n description: 'Organization invitation declined successfully',\n })\n @ApiParam({\n name: 'invitationId',\n description: 'Invitation ID',\n type: 'string',\n })\n @UseGuards(AuthGuard('jwt'))\n @Audit({\n action: AuditAction.DECLINE,\n targetType: AuditTarget.ORGANIZATION_INVITATION,\n targetIdFromRequest: (req) => req.params.invitationId,\n })\n async declineInvitation(\n @AuthContext() authContext: IAuthContext,\n @Param('invitationId') invitationId: string,\n ): Promise {\n try {\n const invitation = await this.organizationInvitationService.findOneOrFail(invitationId)\n if (!EmailUtils.areEqual(invitation.email, authContext.email)) {\n throw new ForbiddenException('User email does not match invitation email')\n }\n } catch (error) {\n throw new NotFoundException(`Organization invitation with ID ${invitationId} not found`)\n }\n\n return this.organizationInvitationService.decline(invitationId)\n }\n\n @Post()\n @ApiOperation({\n summary: 'Create organization',\n operationId: 'createOrganization',\n })\n @ApiResponse({\n status: 201,\n description: 'Organization created successfully',\n type: OrganizationDto,\n })\n @UseGuards(AuthGuard('jwt'))\n @Audit({\n action: AuditAction.CREATE,\n targetType: AuditTarget.ORGANIZATION,\n targetIdFromResult: (result: OrganizationDto) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n name: req.body?.name,\n defaultRegionId: req.body?.defaultRegionId,\n }),\n },\n })\n async create(\n @AuthContext() authContext: IAuthContext,\n @Body() createOrganizationDto: CreateOrganizationDto,\n ): Promise {\n const user = await this.userService.findOne(authContext.userId)\n if (!user.emailVerified && !this.configService.get('skipUserEmailVerification')) {\n throw new ForbiddenException('Please verify your email address')\n }\n\n const organization = await this.organizationService.create(createOrganizationDto, authContext.userId, false, true)\n return OrganizationDto.fromOrganization(organization)\n }\n\n @Patch('/:organizationId/default-region')\n @HttpCode(204)\n @ApiOperation({\n summary: 'Set default region for organization',\n operationId: 'setOrganizationDefaultRegion',\n })\n @ApiResponse({\n status: 204,\n description: 'Default region set successfully',\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @ApiBody({\n type: UpdateOrganizationDefaultRegionDto,\n required: true,\n })\n @UseGuards(AuthGuard('jwt'), AuthenticatedRateLimitGuard, OrganizationActionGuard)\n @RequiredOrganizationMemberRole(OrganizationMemberRole.OWNER)\n @Audit({\n action: AuditAction.UPDATE,\n targetType: AuditTarget.ORGANIZATION,\n targetIdFromRequest: (req) => req.params.organizationId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n defaultRegionId: req.body?.defaultRegionId,\n }),\n },\n })\n async setDefaultRegion(\n @Param('organizationId') organizationId: string,\n @Body() updateDto: UpdateOrganizationDefaultRegionDto,\n ): Promise {\n await this.organizationService.setDefaultRegion(organizationId, updateDto.defaultRegionId)\n }\n\n @Get()\n @ApiOperation({\n summary: 'List organizations',\n operationId: 'listOrganizations',\n })\n @ApiResponse({\n status: 200,\n description: 'List of organizations',\n type: [OrganizationDto],\n })\n @UseGuards(AuthGuard('jwt'))\n async findAll(@AuthContext() authContext: IAuthContext): Promise {\n const organizations = await this.organizationService.findByUser(authContext.userId)\n return organizations.map(OrganizationDto.fromOrganization)\n }\n\n @Get('/:organizationId')\n @ApiOperation({\n summary: 'Get organization by ID',\n operationId: 'getOrganization',\n })\n @ApiResponse({\n status: 200,\n description: 'Organization details',\n type: OrganizationDto,\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @UseGuards(AuthGuard('jwt'), OrganizationActionGuard)\n async findOne(@Param('organizationId') organizationId: string): Promise {\n const organization = await this.organizationService.findOne(organizationId)\n if (!organization) {\n throw new NotFoundException(`Organization with ID ${organizationId} not found`)\n }\n\n return OrganizationDto.fromOrganization(organization)\n }\n\n @Delete('/:organizationId')\n @ApiOperation({\n summary: 'Delete organization',\n operationId: 'deleteOrganization',\n })\n @ApiResponse({\n status: 204,\n description: 'Organization deleted successfully',\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @UseGuards(AuthGuard('jwt'), OrganizationActionGuard)\n @RequiredOrganizationMemberRole(OrganizationMemberRole.OWNER)\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.ORGANIZATION,\n targetIdFromRequest: (req) => req.params.organizationId,\n })\n async delete(@Param('organizationId') organizationId: string): Promise {\n return this.organizationService.delete(organizationId)\n }\n\n @Get('/:organizationId/usage')\n @ApiOperation({\n summary: 'Get organization current usage overview',\n operationId: 'getOrganizationUsageOverview',\n })\n @ApiResponse({\n status: 200,\n description: 'Current usage overview',\n type: OrganizationUsageOverviewDto,\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @UseGuards(AuthGuard('jwt'), OrganizationActionGuard)\n async getUsageOverview(@Param('organizationId') organizationId: string): Promise {\n return this.organizationUsageService.getUsageOverview(organizationId)\n }\n\n @Patch('/:organizationId/quota')\n @HttpCode(204)\n @ApiOperation({\n summary: 'Update organization quota',\n operationId: 'updateOrganizationQuota',\n })\n @ApiResponse({\n status: 204,\n description: 'Organization quota updated successfully',\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n @UseGuards(CombinedAuthGuard, AuthenticatedRateLimitGuard, SystemActionGuard)\n @Audit({\n action: AuditAction.UPDATE_QUOTA,\n targetType: AuditTarget.ORGANIZATION,\n targetIdFromRequest: (req) => req.params.organizationId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n maxCpuPerSandbox: req.body?.maxCpuPerSandbox,\n maxMemoryPerSandbox: req.body?.maxMemoryPerSandbox,\n maxDiskPerSandbox: req.body?.maxDiskPerSandbox,\n snapshotQuota: req.body?.snapshotQuota,\n maxSnapshotSize: req.body?.maxSnapshotSize,\n volumeQuota: req.body?.volumeQuota,\n }),\n },\n })\n async updateOrganizationQuota(\n @Param('organizationId') organizationId: string,\n @Body() updateDto: UpdateOrganizationQuotaDto,\n ): Promise {\n await this.organizationService.updateQuota(organizationId, updateDto)\n }\n\n @Patch('/:organizationId/quota/:regionId')\n @HttpCode(204)\n @ApiOperation({\n summary: 'Update organization region quota',\n operationId: 'updateOrganizationRegionQuota',\n })\n @ApiResponse({\n status: 204,\n description: 'Region quota updated successfully',\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @ApiParam({\n name: 'regionId',\n description: 'ID of the region where the updated quota will be applied',\n type: 'string',\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n @UseGuards(CombinedAuthGuard, AuthenticatedRateLimitGuard, SystemActionGuard)\n @Audit({\n action: AuditAction.UPDATE_REGION_QUOTA,\n targetType: AuditTarget.ORGANIZATION,\n targetIdFromRequest: (req) => req.params.organizationId,\n requestMetadata: {\n params: (req) => ({\n regionId: req.params.regionId,\n }),\n body: (req: TypedRequest) => ({\n totalCpuQuota: req.body?.totalCpuQuota,\n totalMemoryQuota: req.body?.totalMemoryQuota,\n totalDiskQuota: req.body?.totalDiskQuota,\n }),\n },\n })\n async updateOrganizationRegionQuota(\n @Param('organizationId') organizationId: string,\n @Param('regionId') regionId: string,\n @Body() updateDto: UpdateOrganizationRegionQuotaDto,\n ): Promise {\n await this.organizationService.updateRegionQuota(organizationId, regionId, updateDto)\n }\n\n @Post('/:organizationId/leave')\n @ApiOperation({\n summary: 'Leave organization',\n operationId: 'leaveOrganization',\n })\n @ApiResponse({\n status: 204,\n description: 'Organization left successfully',\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @UseGuards(AuthGuard('jwt'), OrganizationActionGuard)\n @Audit({\n action: AuditAction.LEAVE_ORGANIZATION,\n })\n async leave(\n @AuthContext() authContext: IAuthContext,\n @Param('organizationId') organizationId: string,\n ): Promise {\n return this.organizationUserService.delete(organizationId, authContext.userId)\n }\n\n @Post('/:organizationId/suspend')\n @ApiOperation({\n summary: 'Suspend organization',\n operationId: 'suspendOrganization',\n })\n @ApiResponse({\n status: 204,\n description: 'Organization suspended successfully',\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @ApiBody({\n type: OrganizationSuspensionDto,\n required: false,\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n @UseGuards(CombinedAuthGuard, AuthenticatedRateLimitGuard, SystemActionGuard)\n @Audit({\n action: AuditAction.SUSPEND,\n targetType: AuditTarget.ORGANIZATION,\n targetIdFromRequest: (req) => req.params.organizationId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n reason: req.body?.reason,\n until: req.body?.until,\n }),\n },\n })\n async suspend(\n @Param('organizationId') organizationId: string,\n @Body() organizationSuspensionDto?: OrganizationSuspensionDto,\n ): Promise {\n return this.organizationService.suspend(\n organizationId,\n organizationSuspensionDto?.reason,\n organizationSuspensionDto?.until,\n organizationSuspensionDto?.suspensionCleanupGracePeriodHours,\n )\n }\n\n @Post('/:organizationId/unsuspend')\n @ApiOperation({\n summary: 'Unsuspend organization',\n operationId: 'unsuspendOrganization',\n })\n @ApiResponse({\n status: 204,\n description: 'Organization unsuspended successfully',\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n @UseGuards(CombinedAuthGuard, AuthenticatedRateLimitGuard, SystemActionGuard)\n @Audit({\n action: AuditAction.UNSUSPEND,\n targetType: AuditTarget.ORGANIZATION,\n targetIdFromRequest: (req) => req.params.organizationId,\n })\n async unsuspend(@Param('organizationId') organizationId: string): Promise {\n return this.organizationService.unsuspend(organizationId)\n }\n\n @Get('/by-sandbox-id/:sandboxId')\n @ApiOperation({\n summary: 'Get organization by sandbox ID',\n operationId: 'getOrganizationBySandboxId',\n })\n @ApiResponse({\n status: 200,\n description: 'Organization',\n type: OrganizationDto,\n })\n @ApiParam({\n name: 'sandboxId',\n description: 'Sandbox ID',\n type: 'string',\n })\n @RequiredApiRole([SystemRole.ADMIN, 'proxy'])\n @UseGuards(CombinedAuthGuard, AuthenticatedRateLimitGuard, SystemActionGuard)\n async getBySandboxId(@Param('sandboxId') sandboxId: string): Promise {\n const organization = await this.organizationService.findBySandboxId(sandboxId)\n if (!organization) {\n throw new NotFoundException(`Organization with sandbox ID ${sandboxId} not found`)\n }\n\n return OrganizationDto.fromOrganization(organization)\n }\n\n @Get('/region-quota/by-sandbox-id/:sandboxId')\n @ApiOperation({\n summary: 'Get region quota by sandbox ID',\n operationId: 'getRegionQuotaBySandboxId',\n })\n @ApiResponse({\n status: 200,\n description: 'Region quota',\n type: RegionQuotaDto,\n })\n @ApiParam({\n name: 'sandboxId',\n description: 'Sandbox ID',\n type: 'string',\n })\n @RequiredApiRole([SystemRole.ADMIN, 'proxy'])\n @UseGuards(CombinedAuthGuard, AuthenticatedRateLimitGuard, SystemActionGuard)\n async getRegionQuotaBySandboxId(@Param('sandboxId') sandboxId: string): Promise {\n const regionQuota = await this.organizationService.getRegionQuotaBySandboxId(sandboxId)\n if (!regionQuota) {\n throw new NotFoundException(`Region quota for sandbox with ID ${sandboxId} not found`)\n }\n\n return regionQuota\n }\n\n @Get('/otel-config/by-sandbox-auth-token/:authToken')\n @ApiOperation({\n summary: 'Get organization OTEL config by sandbox auth token',\n operationId: 'getOrganizationOtelConfigBySandboxAuthToken',\n })\n @ApiResponse({\n status: 200,\n description: 'OTEL Config',\n type: OtelConfigDto,\n })\n @ApiParam({\n name: 'authToken',\n description: 'Sandbox Auth Token',\n type: 'string',\n })\n @RequiredApiRole([SystemRole.ADMIN, 'otel-collector'])\n @UseGuards(CombinedAuthGuard, OrGuard([SystemActionGuard, OtelCollectorGuard]))\n async getOtelConfigBySandboxAuthToken(@Param('authToken') authToken: string): Promise {\n const otelConfigDto = await this.organizationService.getOtelConfigBySandboxAuthToken(authToken)\n if (!otelConfigDto) {\n throw new NotFoundException(`Organization OTEL config with sandbox auth token ${authToken} not found`)\n }\n\n return otelConfigDto\n }\n\n @Post('/:organizationId/sandbox-default-limited-network-egress')\n @ApiOperation({\n summary: 'Update sandbox default limited network egress',\n operationId: 'updateSandboxDefaultLimitedNetworkEgress',\n })\n @ApiResponse({\n status: 204,\n description: 'Sandbox default limited network egress updated successfully',\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n @UseGuards(CombinedAuthGuard, SystemActionGuard)\n @Audit({\n action: AuditAction.UPDATE_SANDBOX_DEFAULT_LIMITED_NETWORK_EGRESS,\n targetType: AuditTarget.ORGANIZATION,\n targetIdFromRequest: (req) => req.params.organizationId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n sandboxDefaultLimitedNetworkEgress: req.body?.sandboxDefaultLimitedNetworkEgress,\n }),\n },\n })\n async updateSandboxDefaultLimitedNetworkEgress(\n @Param('organizationId') organizationId: string,\n @Body() body: OrganizationSandboxDefaultLimitedNetworkEgressDto,\n ): Promise {\n return this.organizationService.updateSandboxDefaultLimitedNetworkEgress(\n organizationId,\n body.sandboxDefaultLimitedNetworkEgress,\n )\n }\n\n @Put('/:organizationId/experimental-config')\n @ApiOperation({\n summary: 'Update experimental configuration',\n operationId: 'updateExperimentalConfig',\n })\n @ApiParam({\n name: 'organizationId',\n description: 'Organization ID',\n type: 'string',\n })\n @ApiBody({\n description: 'Experimental configuration as a JSON object. Set to null to clear the configuration.',\n required: false,\n schema: {\n additionalProperties: true,\n example: {\n otel: {\n endpoint: 'http://otel-collector:4317',\n headers: {\n 'api-key': 'XXX',\n },\n },\n },\n },\n })\n @RequiredOrganizationMemberRole(OrganizationMemberRole.OWNER)\n @UseGuards(AuthGuard('jwt'), OrganizationActionGuard)\n @RequireFlagsEnabled({ flags: [{ flagKey: 'organization_experiments', defaultValue: true }] })\n async updateExperimentalConfig(\n @Param('organizationId') organizationId: string,\n @Body() experimentalConfig: Record | null,\n ): Promise {\n await this.organizationService.updateExperimentalConfig(organizationId, experimentalConfig)\n }\n}\n" }, { "path": "apps/api/src/organization/decorators/required-organization-member-role.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Reflector } from '@nestjs/core'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\n\nexport const RequiredOrganizationMemberRole = Reflector.createDecorator()\n" }, { "path": "apps/api/src/organization/decorators/required-organization-resource-permissions.decorator.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Reflector } from '@nestjs/core'\nimport { OrganizationResourcePermission } from '../enums/organization-resource-permission.enum'\n\nexport const RequiredOrganizationResourcePermissions = Reflector.createDecorator()\n" }, { "path": "apps/api/src/organization/dto/create-organization-invitation.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { Type } from 'class-transformer'\nimport { IsArray, IsDate, IsEmail, IsEnum, IsOptional, IsString } from 'class-validator'\nimport { GlobalOrganizationRolesIds } from '../constants/global-organization-roles.constant'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\n\n@ApiSchema({ name: 'CreateOrganizationInvitation' })\nexport class CreateOrganizationInvitationDto {\n @ApiProperty({\n description: 'Email address of the invitee',\n example: 'mail@example.com',\n required: true,\n })\n @IsString()\n @IsEmail()\n email: string\n\n @ApiProperty({\n description: 'Organization member role for the invitee',\n enum: OrganizationMemberRole,\n default: OrganizationMemberRole.MEMBER,\n })\n @IsEnum(OrganizationMemberRole)\n role: OrganizationMemberRole\n\n @ApiProperty({\n description: 'Array of assigned role IDs for the invitee',\n type: [String],\n default: [GlobalOrganizationRolesIds.DEVELOPER],\n })\n @IsArray()\n @IsString({ each: true })\n assignedRoleIds: string[]\n\n @ApiPropertyOptional({\n description: 'Expiration date of the invitation',\n example: '2021-12-31T23:59:59Z',\n })\n @IsOptional()\n @Type(() => Date)\n @IsDate()\n expiresAt?: Date\n}\n" }, { "path": "apps/api/src/organization/dto/create-organization-quota.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { IsNumber, IsOptional } from 'class-validator'\n\n@ApiSchema({ name: 'CreateOrganizationQuota' })\nexport class CreateOrganizationQuotaDto {\n @ApiPropertyOptional()\n @IsNumber()\n @IsOptional()\n totalCpuQuota?: number\n\n @ApiPropertyOptional()\n @IsNumber()\n @IsOptional()\n totalMemoryQuota?: number\n\n @ApiPropertyOptional()\n @IsNumber()\n @IsOptional()\n totalDiskQuota?: number\n\n @ApiPropertyOptional()\n @IsNumber()\n @IsOptional()\n maxCpuPerSandbox?: number\n\n @ApiPropertyOptional()\n @IsNumber()\n @IsOptional()\n maxMemoryPerSandbox?: number\n\n @ApiPropertyOptional()\n @IsNumber()\n @IsOptional()\n maxDiskPerSandbox?: number\n\n @ApiPropertyOptional()\n @IsNumber()\n @IsOptional()\n snapshotQuota?: number\n\n @ApiPropertyOptional()\n @IsNumber()\n @IsOptional()\n maxSnapshotSize?: number\n\n @ApiPropertyOptional()\n @IsNumber()\n @IsOptional()\n volumeQuota?: number\n}\n" }, { "path": "apps/api/src/organization/dto/create-organization-role.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { ArrayNotEmpty, IsArray, IsEnum, IsString } from 'class-validator'\nimport { OrganizationResourcePermission } from '../enums/organization-resource-permission.enum'\n\n@ApiSchema({ name: 'CreateOrganizationRole' })\nexport class CreateOrganizationRoleDto {\n @ApiProperty({\n description: 'The name of the role',\n example: 'Maintainer',\n required: true,\n })\n @IsString()\n name: string\n\n @ApiProperty({\n description: 'The description of the role',\n example: 'Can manage all resources',\n })\n @IsString()\n description: string\n\n @ApiProperty({\n description: 'The list of permissions assigned to the role',\n enum: OrganizationResourcePermission,\n isArray: true,\n required: true,\n })\n @IsArray()\n @ArrayNotEmpty()\n @IsEnum(OrganizationResourcePermission, { each: true })\n permissions: OrganizationResourcePermission[]\n}\n" }, { "path": "apps/api/src/organization/dto/create-organization.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsNotEmpty, IsString } from 'class-validator'\n\n@ApiSchema({ name: 'CreateOrganization' })\nexport class CreateOrganizationDto {\n @ApiProperty({\n description: 'The name of organization',\n example: 'My Organization',\n required: true,\n })\n @IsString()\n @IsNotEmpty()\n name: string\n\n @ApiProperty({\n description: 'The ID of the default region for the organization',\n example: 'us',\n required: true,\n })\n @IsString()\n @IsNotEmpty()\n defaultRegionId: string\n}\n" }, { "path": "apps/api/src/organization/dto/create-organization.internal.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport interface CreateOrganizationInternalDto {\n name: string\n defaultRegionId?: string\n}\n" }, { "path": "apps/api/src/organization/dto/organization-invitation.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { OrganizationRoleDto } from './organization-role.dto'\nimport { OrganizationInvitationStatus } from '../enums/organization-invitation-status.enum'\nimport { OrganizationInvitation } from '../entities/organization-invitation.entity'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\n\n@ApiSchema({ name: 'OrganizationInvitation' })\nexport class OrganizationInvitationDto {\n @ApiProperty({\n description: 'Invitation ID',\n })\n id: string\n\n @ApiProperty({\n description: 'Email address of the invitee',\n })\n email: string\n\n @ApiProperty({\n description: 'Email address of the inviter',\n })\n invitedBy: string\n\n @ApiProperty({\n description: 'Organization ID',\n })\n organizationId: string\n\n @ApiProperty({\n description: 'Organization name',\n })\n organizationName: string\n\n @ApiProperty({\n description: 'Expiration date of the invitation',\n })\n expiresAt: Date\n\n @ApiProperty({\n description: 'Invitation status',\n enum: OrganizationInvitationStatus,\n })\n status: OrganizationInvitationStatus\n\n @ApiProperty({\n description: 'Member role',\n enum: OrganizationMemberRole,\n })\n role: OrganizationMemberRole\n\n @ApiProperty({\n description: 'Assigned roles',\n type: [OrganizationRoleDto],\n })\n assignedRoles: OrganizationRoleDto[]\n\n @ApiProperty({\n description: 'Creation timestamp',\n })\n createdAt: Date\n\n @ApiProperty({\n description: 'Last update timestamp',\n })\n updatedAt: Date\n\n static fromOrganizationInvitation(invitation: OrganizationInvitation): OrganizationInvitationDto {\n const dto: OrganizationInvitationDto = {\n id: invitation.id,\n email: invitation.email,\n invitedBy: invitation.invitedBy,\n organizationId: invitation.organizationId,\n organizationName: invitation.organization.name,\n expiresAt: invitation.expiresAt,\n status: invitation.status,\n role: invitation.role,\n assignedRoles: invitation.assignedRoles.map(OrganizationRoleDto.fromOrganizationRole),\n createdAt: invitation.createdAt,\n updatedAt: invitation.updatedAt,\n }\n\n return dto\n }\n}\n" }, { "path": "apps/api/src/organization/dto/organization-role.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { OrganizationRole } from '../entities/organization-role.entity'\nimport { OrganizationResourcePermission } from '../enums/organization-resource-permission.enum'\n\n@ApiSchema({ name: 'OrganizationRole' })\nexport class OrganizationRoleDto {\n @ApiProperty({\n description: 'Role ID',\n })\n id: string\n\n @ApiProperty({\n description: 'Role name',\n })\n name: string\n\n @ApiProperty({\n description: 'Role description',\n })\n description: string\n\n @ApiProperty({\n description: 'Roles assigned to the user',\n enum: OrganizationResourcePermission,\n isArray: true,\n })\n permissions: OrganizationResourcePermission[]\n\n @ApiProperty({\n description: 'Global role flag',\n })\n isGlobal: boolean\n\n @ApiProperty({\n description: 'Creation timestamp',\n })\n createdAt: Date\n\n @ApiProperty({\n description: 'Last update timestamp',\n })\n updatedAt: Date\n\n static fromOrganizationRole(role: OrganizationRole): OrganizationRoleDto {\n const dto: OrganizationRoleDto = {\n id: role.id,\n name: role.name,\n description: role.description,\n permissions: role.permissions,\n isGlobal: role.isGlobal,\n createdAt: role.createdAt,\n updatedAt: role.updatedAt,\n }\n\n return dto\n }\n}\n" }, { "path": "apps/api/src/organization/dto/organization-sandbox-default-limited-network-egress.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'OrganizationSandboxDefaultLimitedNetworkEgress' })\nexport class OrganizationSandboxDefaultLimitedNetworkEgressDto {\n @ApiProperty({\n description: 'Sandbox default limited network egress',\n })\n sandboxDefaultLimitedNetworkEgress: boolean\n}\n" }, { "path": "apps/api/src/organization/dto/organization-suspension.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { IsNumber, IsOptional, Min } from 'class-validator'\n\n@ApiSchema({ name: 'OrganizationSuspension' })\nexport class OrganizationSuspensionDto {\n @ApiProperty({\n description: 'Suspension reason',\n })\n reason: string\n\n @ApiProperty({\n description: 'Suspension until',\n })\n @IsOptional()\n until?: Date\n\n @ApiPropertyOptional({\n description: 'Suspension cleanup grace period hours',\n type: 'number',\n minimum: 0,\n })\n @IsOptional()\n @IsNumber()\n @Min(0)\n suspensionCleanupGracePeriodHours?: number\n}\n" }, { "path": "apps/api/src/organization/dto/organization-usage-overview.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'RegionUsageOverview' })\nexport class RegionUsageOverviewDto {\n @ApiProperty()\n regionId: string\n\n @ApiProperty()\n totalCpuQuota: number\n @ApiProperty()\n currentCpuUsage: number\n\n @ApiProperty()\n totalMemoryQuota: number\n @ApiProperty()\n currentMemoryUsage: number\n\n @ApiProperty()\n totalDiskQuota: number\n @ApiProperty()\n currentDiskUsage: number\n}\n\n@ApiSchema({ name: 'OrganizationUsageOverview' })\nexport class OrganizationUsageOverviewDto {\n @ApiProperty({\n type: [RegionUsageOverviewDto],\n })\n regionUsage: RegionUsageOverviewDto[]\n\n // Snapshot usage\n @ApiProperty()\n totalSnapshotQuota: number\n @ApiProperty()\n currentSnapshotUsage: number\n\n // Volume usage\n @ApiProperty()\n totalVolumeQuota: number\n @ApiProperty()\n currentVolumeUsage: number\n}\n" }, { "path": "apps/api/src/organization/dto/organization-user.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\nimport { OrganizationRoleDto } from './organization-role.dto'\nimport { OrganizationUser } from '../entities/organization-user.entity'\nimport { User } from '../../user/user.entity'\n\n@ApiSchema({ name: 'OrganizationUser' })\nexport class OrganizationUserDto {\n @ApiProperty({\n description: 'User ID',\n })\n userId: string\n\n @ApiProperty({\n description: 'Organization ID',\n })\n organizationId: string\n\n @ApiProperty({\n description: 'User name',\n })\n name: string\n\n @ApiProperty({\n description: 'User email',\n })\n email: string\n\n @ApiProperty({\n description: 'Member role',\n enum: OrganizationMemberRole,\n })\n role: OrganizationMemberRole\n\n @ApiProperty({\n description: 'Roles assigned to the user',\n type: [OrganizationRoleDto],\n })\n assignedRoles: OrganizationRoleDto[]\n\n @ApiProperty({\n description: 'Creation timestamp',\n })\n createdAt: Date\n\n @ApiProperty({\n description: 'Last update timestamp',\n })\n updatedAt: Date\n\n static fromEntities(organizationUser: OrganizationUser, user: User | null | undefined): OrganizationUserDto {\n const dto: OrganizationUserDto = {\n ...organizationUser,\n assignedRoles: organizationUser.assignedRoles.map(OrganizationRoleDto.fromOrganizationRole),\n name: user ? user.name : '',\n email: user ? user.email : '',\n }\n\n return dto\n }\n}\n" }, { "path": "apps/api/src/organization/dto/organization.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { Organization } from '../entities/organization.entity'\n\n@ApiSchema({ name: 'Organization' })\nexport class OrganizationDto {\n @ApiProperty({\n description: 'Organization ID',\n })\n id: string\n\n @ApiProperty({\n description: 'Organization name',\n })\n name: string\n\n @ApiProperty({\n description: 'User ID of the organization creator',\n })\n createdBy: string\n\n @ApiProperty({\n description: 'Personal organization flag',\n })\n personal: boolean\n\n @ApiProperty({\n description: 'Creation timestamp',\n })\n createdAt: Date\n\n @ApiProperty({\n description: 'Last update timestamp',\n })\n updatedAt: Date\n\n @ApiProperty({\n description: 'Suspended flag',\n })\n suspended: boolean\n\n @ApiProperty({\n description: 'Suspended at',\n })\n suspendedAt?: Date\n\n @ApiProperty({\n description: 'Suspended reason',\n })\n suspensionReason?: string\n\n @ApiProperty({\n description: 'Suspended until',\n })\n suspendedUntil?: Date\n\n @ApiProperty({\n description: 'Suspension cleanup grace period hours',\n })\n suspensionCleanupGracePeriodHours?: number\n\n @ApiProperty({\n description: 'Max CPU per sandbox',\n })\n maxCpuPerSandbox: number\n\n @ApiProperty({\n description: 'Max memory per sandbox',\n })\n maxMemoryPerSandbox: number\n\n @ApiProperty({\n description: 'Max disk per sandbox',\n })\n maxDiskPerSandbox: number\n\n @ApiProperty({\n description: 'Time in minutes before an unused snapshot is deactivated',\n default: 20160,\n })\n snapshotDeactivationTimeoutMinutes: number\n\n @ApiProperty({\n description: 'Sandbox default network block all',\n })\n sandboxLimitedNetworkEgress: boolean\n\n @ApiPropertyOptional({\n description: 'Default region ID',\n required: false,\n })\n defaultRegionId?: string\n\n @ApiProperty({\n description: 'Authenticated rate limit per minute',\n nullable: true,\n })\n authenticatedRateLimit: number | null\n\n @ApiProperty({\n description: 'Sandbox create rate limit per minute',\n nullable: true,\n })\n sandboxCreateRateLimit: number | null\n\n @ApiProperty({\n description: 'Sandbox lifecycle rate limit per minute',\n nullable: true,\n })\n sandboxLifecycleRateLimit: number | null\n\n @ApiProperty({\n description: 'Experimental configuration',\n })\n experimentalConfig: Record | null\n\n @ApiProperty({\n description: 'Authenticated rate limit TTL in seconds',\n nullable: true,\n })\n authenticatedRateLimitTtlSeconds: number | null\n\n @ApiProperty({\n description: 'Sandbox create rate limit TTL in seconds',\n nullable: true,\n })\n sandboxCreateRateLimitTtlSeconds: number | null\n\n @ApiProperty({\n description: 'Sandbox lifecycle rate limit TTL in seconds',\n nullable: true,\n })\n sandboxLifecycleRateLimitTtlSeconds: number | null\n\n static fromOrganization(organization: Organization): OrganizationDto {\n const experimentalConfig = organization._experimentalConfig\n if (experimentalConfig && experimentalConfig.otel && experimentalConfig.otel.headers) {\n experimentalConfig.otel.headers = Object.entries(experimentalConfig.otel.headers).reduce(\n (acc, [key]) => {\n acc[key] = '******'\n return acc\n },\n {} as Record,\n )\n }\n\n const dto: OrganizationDto = {\n id: organization.id,\n name: organization.name,\n createdBy: organization.createdBy,\n personal: organization.personal,\n createdAt: organization.createdAt,\n updatedAt: organization.updatedAt,\n suspended: organization.suspended,\n suspensionReason: organization.suspensionReason,\n suspendedAt: organization.suspendedAt,\n suspendedUntil: organization.suspendedUntil,\n suspensionCleanupGracePeriodHours: organization.suspensionCleanupGracePeriodHours,\n maxCpuPerSandbox: organization.maxCpuPerSandbox,\n maxMemoryPerSandbox: organization.maxMemoryPerSandbox,\n maxDiskPerSandbox: organization.maxDiskPerSandbox,\n snapshotDeactivationTimeoutMinutes: organization.snapshotDeactivationTimeoutMinutes,\n sandboxLimitedNetworkEgress: organization.sandboxLimitedNetworkEgress,\n defaultRegionId: organization.defaultRegionId,\n authenticatedRateLimit: organization.authenticatedRateLimit,\n sandboxCreateRateLimit: organization.sandboxCreateRateLimit,\n sandboxLifecycleRateLimit: organization.sandboxLifecycleRateLimit,\n experimentalConfig,\n authenticatedRateLimitTtlSeconds: organization.authenticatedRateLimitTtlSeconds,\n sandboxCreateRateLimitTtlSeconds: organization.sandboxCreateRateLimitTtlSeconds,\n sandboxLifecycleRateLimitTtlSeconds: organization.sandboxLifecycleRateLimitTtlSeconds,\n }\n\n return dto\n }\n}\n" }, { "path": "apps/api/src/organization/dto/otel-config.dto.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'OtelConfig' })\nexport class OtelConfigDto {\n @ApiProperty({\n description: 'Endpoint',\n })\n endpoint: string\n\n @ApiProperty({\n description: 'Headers',\n example: {\n 'x-api-key': 'my-api-key',\n },\n nullable: true,\n required: false,\n additionalProperties: { type: 'string' },\n })\n headers?: Record\n}\n" }, { "path": "apps/api/src/organization/dto/region-quota.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { RegionQuota } from '../entities/region-quota.entity'\n\n@ApiSchema({ name: 'RegionQuota' })\nexport class RegionQuotaDto {\n @ApiProperty()\n organizationId: string\n\n @ApiProperty()\n regionId: string\n\n @ApiProperty()\n totalCpuQuota: number\n\n @ApiProperty()\n totalMemoryQuota: number\n\n @ApiProperty()\n totalDiskQuota: number\n\n constructor(regionQuota: RegionQuota) {\n this.organizationId = regionQuota.organizationId\n this.regionId = regionQuota.regionId\n this.totalCpuQuota = regionQuota.totalCpuQuota\n this.totalMemoryQuota = regionQuota.totalMemoryQuota\n this.totalDiskQuota = regionQuota.totalDiskQuota\n }\n}\n" }, { "path": "apps/api/src/organization/dto/sandbox-usage-overview-internal.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport type SandboxUsageOverviewInternalDto = {\n currentCpuUsage: number\n currentMemoryUsage: number\n currentDiskUsage: number\n}\n\nexport type PendingSandboxUsageOverviewInternalDto = {\n pendingCpuUsage: number | null\n pendingMemoryUsage: number | null\n pendingDiskUsage: number | null\n}\n\nexport type SandboxUsageOverviewWithPendingInternalDto = SandboxUsageOverviewInternalDto &\n PendingSandboxUsageOverviewInternalDto\n" }, { "path": "apps/api/src/organization/dto/snapshot-usage-overview-internal.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport type SnapshotUsageOverviewInternalDto = {\n currentSnapshotUsage: number\n}\n\nexport type PendingSnapshotUsageOverviewInternalDto = {\n pendingSnapshotUsage: number | null\n}\n\nexport type SnapshotUsageOverviewWithPendingInternalDto = SnapshotUsageOverviewInternalDto &\n PendingSnapshotUsageOverviewInternalDto\n" }, { "path": "apps/api/src/organization/dto/update-organization-default-region.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsNotEmpty, IsString } from 'class-validator'\n\n@ApiSchema({ name: 'UpdateOrganizationDefaultRegion' })\nexport class UpdateOrganizationDefaultRegionDto {\n @ApiProperty({\n description: 'The ID of the default region for the organization',\n example: 'us',\n required: true,\n })\n @IsString()\n @IsNotEmpty()\n defaultRegionId: string\n}\n" }, { "path": "apps/api/src/organization/dto/update-organization-invitation.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { Type } from 'class-transformer'\nimport { IsDate, IsEnum, IsOptional, IsString } from 'class-validator'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\n\n@ApiSchema({ name: 'UpdateOrganizationInvitation' })\nexport class UpdateOrganizationInvitationDto {\n @ApiProperty({\n description: 'Organization member role',\n enum: OrganizationMemberRole,\n })\n @IsEnum(OrganizationMemberRole)\n role: OrganizationMemberRole\n\n @ApiProperty({\n description: 'Array of role IDs',\n type: [String],\n })\n @IsString({ each: true })\n assignedRoleIds: string[]\n\n @ApiPropertyOptional({\n description: 'Expiration date of the invitation',\n example: '2021-12-31T23:59:59Z',\n })\n @IsOptional()\n @Type(() => Date)\n @IsDate()\n expiresAt?: Date\n}\n" }, { "path": "apps/api/src/organization/dto/update-organization-member-access.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsArray, IsEnum, IsString } from 'class-validator'\nimport { GlobalOrganizationRolesIds } from '../constants/global-organization-roles.constant'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\n\n@ApiSchema({ name: 'UpdateOrganizationMemberAccess' })\nexport class UpdateOrganizationMemberAccessDto {\n @ApiProperty({\n description: 'Organization member role',\n enum: OrganizationMemberRole,\n default: OrganizationMemberRole.MEMBER,\n })\n @IsEnum(OrganizationMemberRole)\n role: OrganizationMemberRole\n\n @ApiProperty({\n description: 'Array of assigned role IDs',\n type: [String],\n default: [GlobalOrganizationRolesIds.DEVELOPER],\n })\n @IsArray()\n @IsString({ each: true })\n assignedRoleIds: string[]\n}\n" }, { "path": "apps/api/src/organization/dto/update-organization-quota.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'UpdateOrganizationQuota' })\nexport class UpdateOrganizationQuotaDto {\n @ApiProperty({ nullable: true })\n maxCpuPerSandbox?: number\n\n @ApiProperty({ nullable: true })\n maxMemoryPerSandbox?: number\n\n @ApiProperty({ nullable: true })\n maxDiskPerSandbox?: number\n\n @ApiProperty({ nullable: true })\n snapshotQuota?: number\n\n @ApiProperty({ nullable: true })\n maxSnapshotSize?: number\n\n @ApiProperty({ nullable: true })\n volumeQuota?: number\n\n @ApiProperty({ nullable: true })\n authenticatedRateLimit?: number\n\n @ApiProperty({ nullable: true })\n sandboxCreateRateLimit?: number\n\n @ApiProperty({ nullable: true })\n sandboxLifecycleRateLimit?: number\n\n @ApiProperty({ nullable: true })\n authenticatedRateLimitTtlSeconds?: number\n\n @ApiProperty({ nullable: true })\n sandboxCreateRateLimitTtlSeconds?: number\n\n @ApiProperty({ nullable: true })\n sandboxLifecycleRateLimitTtlSeconds?: number\n\n @ApiProperty({ nullable: true, description: 'Time in minutes before an unused snapshot is deactivated' })\n snapshotDeactivationTimeoutMinutes?: number\n}\n" }, { "path": "apps/api/src/organization/dto/update-organization-region-quota.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'UpdateOrganizationRegionQuota' })\nexport class UpdateOrganizationRegionQuotaDto {\n @ApiProperty({ nullable: true })\n totalCpuQuota?: number\n\n @ApiProperty({ nullable: true })\n totalMemoryQuota?: number\n\n @ApiProperty({ nullable: true })\n totalDiskQuota?: number\n}\n" }, { "path": "apps/api/src/organization/dto/update-organization-role.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { ArrayNotEmpty, IsArray, IsEnum, IsString } from 'class-validator'\nimport { OrganizationResourcePermission } from '../enums/organization-resource-permission.enum'\n\n@ApiSchema({ name: 'UpdateOrganizationRole' })\nexport class UpdateOrganizationRoleDto {\n @ApiProperty({\n description: 'The name of the role',\n example: 'Maintainer',\n required: true,\n })\n @IsString()\n name: string\n\n @ApiProperty({\n description: 'The description of the role',\n example: 'Can manage all resources',\n })\n @IsString()\n description: string\n\n @ApiProperty({\n description: 'The list of permissions assigned to the role',\n enum: OrganizationResourcePermission,\n isArray: true,\n required: true,\n })\n @IsArray()\n @ArrayNotEmpty()\n @IsEnum(OrganizationResourcePermission, { each: true })\n permissions: OrganizationResourcePermission[]\n}\n" }, { "path": "apps/api/src/organization/dto/volume-usage-overview-internal.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport type VolumeUsageOverviewInternalDto = {\n currentVolumeUsage: number\n}\n\nexport type PendingVolumeUsageOverviewInternalDto = {\n pendingVolumeUsage: number | null\n}\n\nexport type VolumeUsageOverviewWithPendingInternalDto = VolumeUsageOverviewInternalDto &\n PendingVolumeUsageOverviewInternalDto\n" }, { "path": "apps/api/src/organization/entities/organization-invitation.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Column,\n CreateDateColumn,\n Entity,\n JoinColumn,\n JoinTable,\n ManyToMany,\n ManyToOne,\n PrimaryGeneratedColumn,\n} from 'typeorm'\nimport { Organization } from './organization.entity'\nimport { OrganizationInvitationStatus } from '../enums/organization-invitation-status.enum'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\nimport { OrganizationRole } from './organization-role.entity'\n\n@Entity()\nexport class OrganizationInvitation {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @Column()\n organizationId: string\n\n @Column()\n email: string\n\n @Column({\n default: '',\n })\n invitedBy: string\n\n @Column({\n type: 'enum',\n enum: OrganizationMemberRole,\n default: OrganizationMemberRole.MEMBER,\n })\n role: OrganizationMemberRole\n\n @ManyToMany(() => OrganizationRole, (role) => role.invitations, {\n cascade: true,\n onDelete: 'CASCADE',\n })\n @JoinTable({\n name: 'organization_role_assignment_invitation',\n joinColumn: {\n name: 'invitationId',\n referencedColumnName: 'id',\n },\n inverseJoinColumn: {\n name: 'roleId',\n referencedColumnName: 'id',\n },\n })\n assignedRoles: OrganizationRole[]\n\n @Column({\n type: 'timestamp with time zone',\n })\n expiresAt: Date\n\n @Column({\n type: 'enum',\n enum: OrganizationInvitationStatus,\n default: OrganizationInvitationStatus.PENDING,\n })\n status: OrganizationInvitationStatus\n\n @ManyToOne(() => Organization, { onDelete: 'CASCADE' })\n @JoinColumn({ name: 'organizationId' })\n organization: Organization\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n}\n" }, { "path": "apps/api/src/organization/entities/organization-role.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Column, CreateDateColumn, Entity, JoinColumn, ManyToMany, ManyToOne, PrimaryGeneratedColumn } from 'typeorm'\nimport { Organization } from './organization.entity'\nimport { OrganizationUser } from './organization-user.entity'\nimport { OrganizationResourcePermission } from '../enums/organization-resource-permission.enum'\nimport { OrganizationInvitation } from './organization-invitation.entity'\n\n@Entity()\nexport class OrganizationRole {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @Column()\n name: string\n\n @Column()\n description: string\n\n @Column({\n type: 'enum',\n enum: OrganizationResourcePermission,\n array: true,\n })\n permissions: OrganizationResourcePermission[]\n\n @Column({ default: false })\n isGlobal: boolean\n\n @Column({\n nullable: true,\n })\n organizationId?: string\n\n @ManyToOne(() => Organization, { onDelete: 'CASCADE' })\n @JoinColumn({ name: 'organizationId' })\n organization: Organization\n\n @ManyToMany(() => OrganizationUser, (user) => user.assignedRoles)\n users: OrganizationUser[]\n\n @ManyToMany(() => OrganizationInvitation, (invitation) => invitation.assignedRoles)\n invitations: OrganizationInvitation[]\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n}\n" }, { "path": "apps/api/src/organization/entities/organization-user.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Column, CreateDateColumn, Entity, JoinColumn, JoinTable, ManyToMany, ManyToOne, PrimaryColumn } from 'typeorm'\nimport { Organization } from './organization.entity'\nimport { OrganizationRole } from './organization-role.entity'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\n\n@Entity()\nexport class OrganizationUser {\n @PrimaryColumn()\n organizationId: string\n\n @PrimaryColumn()\n userId: string\n\n @Column({\n type: 'enum',\n enum: OrganizationMemberRole,\n default: OrganizationMemberRole.MEMBER,\n })\n role: OrganizationMemberRole\n\n @ManyToOne(() => Organization, (organization) => organization.users, {\n onDelete: 'CASCADE',\n })\n @JoinColumn({ name: 'organizationId' })\n organization: Organization\n\n @ManyToMany(() => OrganizationRole, (role) => role.users, {\n cascade: true,\n onDelete: 'CASCADE',\n })\n @JoinTable({\n name: 'organization_role_assignment',\n joinColumns: [\n { name: 'organizationId', referencedColumnName: 'organizationId' },\n { name: 'userId', referencedColumnName: 'userId' },\n ],\n inverseJoinColumns: [{ name: 'roleId', referencedColumnName: 'id' }],\n })\n assignedRoles: OrganizationRole[]\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n}\n" }, { "path": "apps/api/src/organization/entities/organization.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Column, CreateDateColumn, Entity, OneToMany, PrimaryGeneratedColumn, UpdateDateColumn } from 'typeorm'\nimport { OrganizationUser } from './organization-user.entity'\nimport { OrganizationRole } from './organization-role.entity'\nimport { OrganizationInvitation } from './organization-invitation.entity'\nimport { RegionQuota } from './region-quota.entity'\n\n@Entity()\nexport class Organization {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @Column()\n name: string\n\n @Column()\n createdBy: string\n\n @Column({\n default: false,\n })\n personal: boolean\n\n @Column({\n default: true,\n })\n telemetryEnabled: boolean\n\n @Column({ nullable: true })\n defaultRegionId?: string\n\n @Column({\n type: 'int',\n default: 4,\n name: 'max_cpu_per_sandbox',\n })\n maxCpuPerSandbox: number\n\n @Column({\n type: 'int',\n default: 8,\n name: 'max_memory_per_sandbox',\n })\n maxMemoryPerSandbox: number\n\n @Column({\n type: 'int',\n default: 10,\n name: 'max_disk_per_sandbox',\n })\n maxDiskPerSandbox: number\n\n @Column({\n type: 'int',\n default: 20,\n name: 'max_snapshot_size',\n })\n maxSnapshotSize: number\n\n @Column({\n type: 'int',\n default: 100,\n name: 'snapshot_quota',\n })\n snapshotQuota: number\n\n @Column({\n type: 'int',\n default: 100,\n name: 'volume_quota',\n })\n volumeQuota: number\n\n @Column({\n type: 'int',\n nullable: true,\n name: 'authenticated_rate_limit',\n })\n authenticatedRateLimit: number | null\n\n @Column({\n type: 'int',\n nullable: true,\n name: 'sandbox_create_rate_limit',\n })\n sandboxCreateRateLimit: number | null\n\n @Column({\n type: 'int',\n nullable: true,\n name: 'sandbox_lifecycle_rate_limit',\n })\n sandboxLifecycleRateLimit: number | null\n\n @Column({\n type: 'int',\n nullable: true,\n name: 'authenticated_rate_limit_ttl_seconds',\n })\n authenticatedRateLimitTtlSeconds: number | null\n\n @Column({\n type: 'int',\n nullable: true,\n name: 'sandbox_create_rate_limit_ttl_seconds',\n })\n sandboxCreateRateLimitTtlSeconds: number | null\n\n @Column({\n type: 'int',\n nullable: true,\n name: 'sandbox_lifecycle_rate_limit_ttl_seconds',\n })\n sandboxLifecycleRateLimitTtlSeconds: number | null\n\n @OneToMany(() => RegionQuota, (quota) => quota.organization, {\n cascade: true,\n onDelete: 'CASCADE',\n })\n regionQuotas: RegionQuota[]\n\n @OneToMany(() => OrganizationRole, (organizationRole) => organizationRole.organization, {\n cascade: true,\n onDelete: 'CASCADE',\n })\n roles: OrganizationRole[]\n\n @OneToMany(() => OrganizationUser, (user) => user.organization, {\n cascade: true,\n onDelete: 'CASCADE',\n })\n users: OrganizationUser[]\n\n @OneToMany(() => OrganizationInvitation, (invitation) => invitation.organization, {\n cascade: true,\n onDelete: 'CASCADE',\n })\n invitations: OrganizationInvitation[]\n\n @Column({\n default: false,\n })\n suspended: boolean\n\n @Column({\n nullable: true,\n type: 'timestamp with time zone',\n })\n suspendedAt?: Date\n\n @Column({\n nullable: true,\n })\n suspensionReason?: string\n\n @Column({\n type: 'int',\n default: 24,\n })\n suspensionCleanupGracePeriodHours: number\n\n @Column({\n nullable: true,\n type: 'timestamp with time zone',\n })\n suspendedUntil?: Date\n\n @Column({\n type: 'int',\n default: 20160,\n name: 'snapshot_deactivation_timeout_minutes',\n })\n snapshotDeactivationTimeoutMinutes: number\n\n @Column({\n default: false,\n })\n sandboxLimitedNetworkEgress: boolean\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n\n @Column({\n type: 'jsonb',\n nullable: true,\n name: 'experimentalConfig',\n })\n // configuration for experimental features\n _experimentalConfig: Record | null\n\n get sandboxMetadata(): Record {\n return {\n organizationId: this.id,\n organizationName: this.name,\n limitNetworkEgress: String(this.sandboxLimitedNetworkEgress),\n }\n }\n\n constructor(defaultRegionId?: string) {\n if (defaultRegionId) {\n this.defaultRegionId = defaultRegionId\n }\n }\n}\n" }, { "path": "apps/api/src/organization/entities/region-quota.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Column, CreateDateColumn, Entity, JoinColumn, ManyToOne, PrimaryColumn, UpdateDateColumn } from 'typeorm'\nimport { Organization } from './organization.entity'\n\n@Entity()\nexport class RegionQuota {\n @PrimaryColumn()\n organizationId: string\n\n @PrimaryColumn()\n regionId: string\n\n @ManyToOne(() => Organization, (organization) => organization.regionQuotas, {\n onDelete: 'CASCADE',\n })\n @JoinColumn({ name: 'organizationId' })\n organization: Organization\n\n @Column({\n type: 'int',\n default: 10,\n name: 'total_cpu_quota',\n })\n totalCpuQuota: number\n\n @Column({\n type: 'int',\n default: 10,\n name: 'total_memory_quota',\n })\n totalMemoryQuota: number\n\n @Column({\n type: 'int',\n default: 30,\n name: 'total_disk_quota',\n })\n totalDiskQuota: number\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n\n constructor(\n organizationId: string,\n regionId: string,\n totalCpuQuota: number,\n totalMemoryQuota: number,\n totalDiskQuota: number,\n ) {\n this.organizationId = organizationId\n this.regionId = regionId\n this.totalCpuQuota = totalCpuQuota\n this.totalMemoryQuota = totalMemoryQuota\n this.totalDiskQuota = totalDiskQuota\n }\n}\n" }, { "path": "apps/api/src/organization/enums/organization-invitation-status.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum OrganizationInvitationStatus {\n PENDING = 'pending',\n ACCEPTED = 'accepted',\n DECLINED = 'declined',\n CANCELLED = 'cancelled',\n}\n" }, { "path": "apps/api/src/organization/enums/organization-member-role.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum OrganizationMemberRole {\n OWNER = 'owner',\n MEMBER = 'member',\n}\n" }, { "path": "apps/api/src/organization/enums/organization-resource-permission.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\n/*\n IMPORTANT: When adding a new permission, make sure to update apps/dashboard/src/constants/CreateApiKeyPermissionsGroups.ts accordingly\n*/\nexport enum OrganizationResourcePermission {\n // docker registries\n WRITE_REGISTRIES = 'write:registries',\n DELETE_REGISTRIES = 'delete:registries',\n\n // snapshots\n WRITE_SNAPSHOTS = 'write:snapshots',\n DELETE_SNAPSHOTS = 'delete:snapshots',\n\n // sandboxes\n WRITE_SANDBOXES = 'write:sandboxes',\n DELETE_SANDBOXES = 'delete:sandboxes',\n\n // volumes\n READ_VOLUMES = 'read:volumes',\n WRITE_VOLUMES = 'write:volumes',\n DELETE_VOLUMES = 'delete:volumes',\n\n // regions\n WRITE_REGIONS = 'write:regions',\n DELETE_REGIONS = 'delete:regions',\n\n // runners\n READ_RUNNERS = 'read:runners',\n WRITE_RUNNERS = 'write:runners',\n DELETE_RUNNERS = 'delete:runners',\n\n // audit\n READ_AUDIT_LOGS = 'read:audit_logs',\n}\n" }, { "path": "apps/api/src/organization/events/organization-invitation-accepted.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { EntityManager } from 'typeorm'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\nimport { OrganizationRole } from '../entities/organization-role.entity'\n\nexport class OrganizationInvitationAcceptedEvent {\n constructor(\n public readonly entityManager: EntityManager,\n public readonly organizationId: string,\n public readonly userId: string,\n public readonly role: OrganizationMemberRole,\n public readonly assignedRoles: OrganizationRole[],\n ) {}\n}\n" }, { "path": "apps/api/src/organization/events/organization-invitation-created.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport class OrganizationInvitationCreatedEvent {\n constructor(\n public readonly organizationName: string,\n public readonly invitedBy: string,\n public readonly inviteeEmail: string,\n public readonly invitationId: string,\n public readonly expiresAt: Date,\n ) {}\n}\n" }, { "path": "apps/api/src/organization/events/organization-resource-permissions-unassigned.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { EntityManager } from 'typeorm'\nimport { OrganizationResourcePermission } from '../enums/organization-resource-permission.enum'\n\nexport class OrganizationResourcePermissionsUnassignedEvent {\n constructor(\n public readonly entityManager: EntityManager,\n public readonly organizationId: string,\n public readonly userId: string,\n public readonly unassignedPermissions: OrganizationResourcePermission[],\n ) {}\n}\n" }, { "path": "apps/api/src/organization/events/organization-suspended-sandbox-stopped.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport class OrganizationSuspendedSandboxStoppedEvent {\n constructor(public readonly sandboxId: string) {}\n}\n" }, { "path": "apps/api/src/organization/events/organization-suspended-snapshot-deactivated.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport class OrganizationSuspendedSnapshotDeactivatedEvent {\n constructor(public readonly snapshotId: string) {}\n}\n" }, { "path": "apps/api/src/organization/exceptions/DefaultRegionRequiredException.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { HttpException, HttpStatus } from '@nestjs/common'\n\nexport class DefaultRegionRequiredException extends HttpException {\n constructor(\n message = 'This organization does not have a default region. Please open the Daytona Dashboard to set a default region.',\n ) {\n super(message, HttpStatus.PRECONDITION_REQUIRED)\n }\n}\n" }, { "path": "apps/api/src/organization/guards/organization-access.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { CanActivate, ExecutionContext, Injectable, Logger } from '@nestjs/common'\nimport { OrganizationService } from '../services/organization.service'\nimport { OrganizationUserService } from '../services/organization-user.service'\nimport { AuthContext, OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport Redis from 'ioredis'\nimport { Organization } from '../entities/organization.entity'\nimport { OrganizationUser } from '../entities/organization-user.entity'\n\n@Injectable()\nexport class OrganizationAccessGuard implements CanActivate {\n protected readonly logger = new Logger(OrganizationAccessGuard.name)\n @InjectRedis() private readonly redis: Redis\n\n constructor(\n private readonly organizationService: OrganizationService,\n private readonly organizationUserService: OrganizationUserService,\n ) {}\n\n async canActivate(context: ExecutionContext): Promise {\n const request = context.switchToHttp().getRequest()\n // TODO: initialize authContext safely\n const authContext: AuthContext = request.user\n\n if (!authContext) {\n this.logger.warn('User object is undefined. Authentication may not be set up correctly.')\n return false\n }\n\n // note: semantic parameter names must be used (avoid :id)\n const organizationIdParam = request.params.organizationId || request.params.orgId\n\n if (\n authContext.role !== 'ssh-gateway' &&\n authContext.role !== 'runner' &&\n authContext.role !== 'proxy' &&\n authContext.role !== 'region-proxy' &&\n authContext.role !== 'region-ssh-gateway' &&\n !organizationIdParam &&\n !authContext.organizationId\n ) {\n this.logger.warn('Organization ID missing from the request context.')\n return false\n }\n\n if (\n organizationIdParam &&\n authContext.apiKey &&\n authContext.apiKey.organizationId !== organizationIdParam &&\n authContext.role !== SystemRole.ADMIN &&\n authContext.role !== 'ssh-gateway'\n ) {\n this.logger.warn(\n `Organization ID mismatch in the request context. Expected: ${organizationIdParam}, Actual: ${authContext.apiKey.organizationId}`,\n )\n return false\n }\n\n const organizationId = organizationIdParam || authContext.organizationId\n\n const organization = await this.getCachedOrganization(organizationId)\n\n if (!organization) {\n this.logger.warn(`Organization not found. Organization ID: ${organizationId}`)\n return false\n }\n\n const organizationAuthContext: OrganizationAuthContext = {\n ...authContext,\n organizationId,\n organization,\n }\n request.user = organizationAuthContext\n\n if (authContext.role === SystemRole.ADMIN) {\n return true\n }\n\n const organizationUser = await this.getCachedOrganizationUser(organizationId, authContext.userId)\n\n if (!organizationUser) {\n this.logger.warn(\n `Organization user not found. User ID: ${authContext.userId}, Organization ID: ${organizationId}`,\n )\n return false\n }\n\n organizationAuthContext.organizationUser = organizationUser\n request.user = organizationAuthContext\n\n return true\n }\n\n private async getCachedOrganization(organizationId: string): Promise {\n try {\n const cachedOrganization = await this.redis.get(`organization:${organizationId}`)\n if (cachedOrganization) {\n return JSON.parse(cachedOrganization)\n }\n const organization = await this.organizationService.findOne(organizationId)\n if (organization) {\n await this.redis.set(`organization:${organizationId}`, JSON.stringify(organization), 'EX', 10)\n return organization\n }\n return null\n } catch (error) {\n this.logger.error('Error getting cached organization:', error)\n return null\n }\n }\n\n private async getCachedOrganizationUser(organizationId: string, userId: string): Promise {\n try {\n const cachedOrganizationUser = await this.redis.get(`organization-user:${organizationId}:${userId}`)\n if (cachedOrganizationUser) {\n return JSON.parse(cachedOrganizationUser)\n }\n const organizationUser = await this.organizationUserService.findOne(organizationId, userId)\n if (organizationUser) {\n await this.redis.set(\n `organization-user:${organizationId}:${userId}`,\n JSON.stringify(organizationUser),\n 'EX',\n 10,\n )\n return organizationUser\n }\n return null\n } catch (ex) {\n this.logger.error('Error getting cached organization user:', ex)\n return null\n }\n }\n}\n" }, { "path": "apps/api/src/organization/guards/organization-action.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, ExecutionContext, Logger } from '@nestjs/common'\nimport { Reflector } from '@nestjs/core'\nimport { OrganizationAccessGuard } from './organization-access.guard'\nimport { RequiredOrganizationMemberRole } from '../decorators/required-organization-member-role.decorator'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\nimport { OrganizationService } from '../services/organization.service'\nimport { OrganizationUserService } from '../services/organization-user.service'\nimport { OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { SystemRole } from '../../user/enums/system-role.enum'\n\n@Injectable()\nexport class OrganizationActionGuard extends OrganizationAccessGuard {\n protected readonly logger = new Logger(OrganizationActionGuard.name)\n\n constructor(\n organizationService: OrganizationService,\n organizationUserService: OrganizationUserService,\n private readonly reflector: Reflector,\n ) {\n super(organizationService, organizationUserService)\n }\n\n async canActivate(context: ExecutionContext): Promise {\n if (!(await super.canActivate(context))) {\n return false\n }\n\n const request = context.switchToHttp().getRequest()\n // TODO: initialize authContext safely\n const authContext: OrganizationAuthContext = request.user\n\n if (authContext.role === SystemRole.ADMIN) {\n return true\n }\n\n if (!authContext.organizationUser) {\n return false\n }\n\n const requiredRole = this.reflector.get(RequiredOrganizationMemberRole, context.getHandler())\n if (!requiredRole) {\n return true\n }\n\n if (requiredRole === OrganizationMemberRole.OWNER) {\n return authContext.organizationUser.role === OrganizationMemberRole.OWNER\n }\n\n return true\n }\n}\n" }, { "path": "apps/api/src/organization/guards/organization-resource-action.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, ExecutionContext, Logger } from '@nestjs/common'\nimport { Reflector } from '@nestjs/core'\nimport { OrganizationAccessGuard } from './organization-access.guard'\nimport { RequiredOrganizationResourcePermissions } from '../decorators/required-organization-resource-permissions.decorator'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\nimport { OrganizationService } from '../services/organization.service'\nimport { OrganizationUserService } from '../services/organization-user.service'\nimport { OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { SystemRole } from '../../user/enums/system-role.enum'\n\n@Injectable()\nexport class OrganizationResourceActionGuard extends OrganizationAccessGuard {\n protected readonly logger = new Logger(OrganizationResourceActionGuard.name)\n\n constructor(\n organizationService: OrganizationService,\n organizationUserService: OrganizationUserService,\n private readonly reflector: Reflector,\n ) {\n super(organizationService, organizationUserService)\n }\n async canActivate(context: ExecutionContext): Promise {\n const canActivate = await super.canActivate(context)\n\n const request = context.switchToHttp().getRequest()\n // TODO: initialize authContext safely\n const authContext: OrganizationAuthContext = request.user\n\n if (authContext.role === SystemRole.ADMIN) {\n return true\n }\n\n if (!canActivate) {\n return false\n }\n\n if (!authContext.organizationUser) {\n return false\n }\n\n if (authContext.organizationUser.role === OrganizationMemberRole.OWNER && !authContext.apiKey) {\n return true\n }\n\n const requiredPermissions =\n this.reflector.get(RequiredOrganizationResourcePermissions, context.getHandler()) ||\n this.reflector.get(RequiredOrganizationResourcePermissions, context.getClass())\n\n if (!requiredPermissions) {\n return true\n }\n\n const assignedPermissions = authContext.apiKey\n ? new Set(authContext.apiKey.permissions)\n : new Set(authContext.organizationUser.assignedRoles.flatMap((role) => role.permissions))\n\n return requiredPermissions.every((permission) => assignedPermissions.has(permission))\n }\n}\n" }, { "path": "apps/api/src/organization/helpers/organization-usage.helper.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport type OrganizationUsageQuotaType = 'cpu' | 'memory' | 'disk' | 'snapshot_count' | 'volume_count'\nexport type OrganizationUsageResourceType = 'sandbox' | 'snapshot' | 'volume'\n\nconst QUOTA_TO_RESOURCE_MAP: Record = {\n cpu: 'sandbox',\n memory: 'sandbox',\n disk: 'sandbox',\n snapshot_count: 'snapshot',\n volume_count: 'volume',\n} as const\n\nexport function getResourceTypeFromQuota(quotaType: OrganizationUsageQuotaType): OrganizationUsageResourceType {\n return QUOTA_TO_RESOURCE_MAP[quotaType]\n}\n" }, { "path": "apps/api/src/organization/organization.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { TypeOrmModule } from '@nestjs/typeorm'\nimport { OrganizationController } from './controllers/organization.controller'\nimport { OrganizationRoleController } from './controllers/organization-role.controller'\nimport { OrganizationUserController } from './controllers/organization-user.controller'\nimport { OrganizationInvitationController } from './controllers/organization-invitation.controller'\nimport { Organization } from './entities/organization.entity'\nimport { OrganizationRole } from './entities/organization-role.entity'\nimport { OrganizationUser } from './entities/organization-user.entity'\nimport { OrganizationInvitation } from './entities/organization-invitation.entity'\nimport { OrganizationService } from './services/organization.service'\nimport { OrganizationRoleService } from './services/organization-role.service'\nimport { OrganizationUserService } from './services/organization-user.service'\nimport { OrganizationInvitationService } from './services/organization-invitation.service'\nimport { UserModule } from '../user/user.module'\nimport { Sandbox } from '../sandbox/entities/sandbox.entity'\nimport { Snapshot } from '../sandbox/entities/snapshot.entity'\nimport { Volume } from '../sandbox/entities/volume.entity'\nimport { RedisLockProvider } from '../sandbox/common/redis-lock.provider'\nimport { SnapshotRunner } from '../sandbox/entities/snapshot-runner.entity'\nimport { OrganizationUsageService } from './services/organization-usage.service'\nimport { DataSource } from 'typeorm'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { SandboxRepository } from '../sandbox/repositories/sandbox.repository'\nimport { SandboxLookupCacheInvalidationService } from '../sandbox/services/sandbox-lookup-cache-invalidation.service'\nimport { RegionQuota } from './entities/region-quota.entity'\nimport { RegionModule } from '../region/region.module'\nimport { OrganizationRegionController } from './controllers/organization-region.controller'\nimport { Region } from '../region/entities/region.entity'\nimport { EncryptionModule } from '../encryption/encryption.module'\n\n@Module({\n imports: [\n UserModule,\n RegionModule,\n TypeOrmModule.forFeature([\n Organization,\n OrganizationRole,\n OrganizationUser,\n OrganizationInvitation,\n Sandbox,\n Snapshot,\n Volume,\n SnapshotRunner,\n RegionQuota,\n Region,\n ]),\n EncryptionModule,\n ],\n controllers: [\n OrganizationController,\n OrganizationRoleController,\n OrganizationUserController,\n OrganizationInvitationController,\n OrganizationRegionController,\n ],\n providers: [\n OrganizationService,\n OrganizationRoleService,\n OrganizationUserService,\n OrganizationInvitationService,\n OrganizationUsageService,\n RedisLockProvider,\n SandboxLookupCacheInvalidationService,\n {\n provide: SandboxRepository,\n inject: [DataSource, EventEmitter2, SandboxLookupCacheInvalidationService],\n useFactory: (\n dataSource: DataSource,\n eventEmitter: EventEmitter2,\n sandboxLookupCacheInvalidationService: SandboxLookupCacheInvalidationService,\n ) => new SandboxRepository(dataSource, eventEmitter, sandboxLookupCacheInvalidationService),\n },\n ],\n exports: [\n OrganizationService,\n OrganizationRoleService,\n OrganizationUserService,\n OrganizationInvitationService,\n OrganizationUsageService,\n ],\n})\nexport class OrganizationModule {}\n" }, { "path": "apps/api/src/organization/services/organization-invitation.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n BadRequestException,\n ConflictException,\n ForbiddenException,\n Injectable,\n NotFoundException,\n} from '@nestjs/common'\nimport { ConfigService } from '@nestjs/config'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { DataSource, MoreThan, Repository } from 'typeorm'\nimport { OrganizationRoleService } from './organization-role.service'\nimport { OrganizationUserService } from './organization-user.service'\nimport { OrganizationService } from './organization.service'\nimport { OrganizationEvents } from '../constants/organization-events.constant'\nimport { CreateOrganizationInvitationDto } from '../dto/create-organization-invitation.dto'\nimport { UpdateOrganizationInvitationDto } from '../dto/update-organization-invitation.dto'\nimport { OrganizationInvitation } from '../entities/organization-invitation.entity'\nimport { OrganizationInvitationStatus } from '../enums/organization-invitation-status.enum'\nimport { OrganizationInvitationAcceptedEvent } from '../events/organization-invitation-accepted.event'\nimport { OrganizationInvitationCreatedEvent } from '../events/organization-invitation-created.event'\nimport { UserService } from '../../user/user.service'\nimport { EmailUtils } from '../../common/utils/email.util'\n\n@Injectable()\nexport class OrganizationInvitationService {\n constructor(\n @InjectRepository(OrganizationInvitation)\n private readonly organizationInvitationRepository: Repository,\n private readonly organizationService: OrganizationService,\n private readonly organizationUserService: OrganizationUserService,\n private readonly organizationRoleService: OrganizationRoleService,\n private readonly userService: UserService,\n private readonly eventEmitter: EventEmitter2,\n private readonly dataSource: DataSource,\n private readonly configService: ConfigService,\n ) {}\n\n async create(\n organizationId: string,\n createOrganizationInvitationDto: CreateOrganizationInvitationDto,\n invitedBy: string,\n ): Promise {\n const organization = await this.organizationService.findOne(organizationId)\n if (!organization) {\n throw new NotFoundException(`Organization with ID ${organizationId} not found`)\n }\n if (organization.personal) {\n throw new ForbiddenException('Cannot invite users to personal organization')\n }\n\n const normalizedEmail = EmailUtils.normalize(createOrganizationInvitationDto.email)\n\n const existingUser = await this.userService.findOneByEmail(normalizedEmail, true)\n if (existingUser) {\n const organizationUser = await this.organizationUserService.findOne(organizationId, existingUser.id)\n if (organizationUser) {\n throw new ConflictException(`User with email ${normalizedEmail} is already associated with this organization`)\n }\n }\n\n const existingInvitation = await this.organizationInvitationRepository.findOne({\n where: {\n organizationId,\n email: normalizedEmail,\n status: OrganizationInvitationStatus.PENDING,\n expiresAt: MoreThan(new Date()),\n },\n })\n if (existingInvitation) {\n throw new ConflictException(`User with email \"${normalizedEmail}\" already invited to this organization`)\n }\n\n let invitation = new OrganizationInvitation()\n invitation.organizationId = organizationId\n invitation.organization = organization\n invitation.email = normalizedEmail\n invitation.expiresAt = createOrganizationInvitationDto.expiresAt || new Date(Date.now() + 7 * 24 * 60 * 60 * 1000)\n invitation.role = createOrganizationInvitationDto.role\n invitation.invitedBy = invitedBy\n\n const assignedRoles = await this.organizationRoleService.findByIds(createOrganizationInvitationDto.assignedRoleIds)\n if (assignedRoles.length !== createOrganizationInvitationDto.assignedRoleIds.length) {\n throw new BadRequestException('One or more role IDs are invalid')\n }\n invitation.assignedRoles = assignedRoles\n\n invitation = await this.organizationInvitationRepository.save(invitation)\n\n this.eventEmitter.emit(\n OrganizationEvents.INVITATION_CREATED,\n new OrganizationInvitationCreatedEvent(\n invitation.organization.name,\n invitation.invitedBy,\n invitation.email,\n invitation.id,\n invitation.expiresAt,\n ),\n )\n\n return invitation\n }\n\n async update(\n invitationId: string,\n updateOrganizationInvitationDto: UpdateOrganizationInvitationDto,\n ): Promise {\n const invitation = await this.organizationInvitationRepository.findOne({\n where: { id: invitationId },\n relations: {\n organization: true,\n assignedRoles: true,\n },\n })\n\n if (!invitation) {\n throw new NotFoundException(`Invitation with ID ${invitationId} not found`)\n }\n\n if (invitation.expiresAt && invitation.expiresAt < new Date()) {\n throw new ForbiddenException(`Invitation with ID ${invitationId} is expired`)\n }\n\n if (invitation.status !== OrganizationInvitationStatus.PENDING) {\n throw new ForbiddenException(`Invitation with ID ${invitationId} is already ${invitation.status}`)\n }\n\n if (updateOrganizationInvitationDto.expiresAt) {\n invitation.expiresAt = updateOrganizationInvitationDto.expiresAt\n }\n invitation.role = updateOrganizationInvitationDto.role\n\n const assignedRoles = await this.organizationRoleService.findByIds(updateOrganizationInvitationDto.assignedRoleIds)\n if (assignedRoles.length !== updateOrganizationInvitationDto.assignedRoleIds.length) {\n throw new BadRequestException('One or more role IDs are invalid')\n }\n invitation.assignedRoles = assignedRoles\n\n return this.organizationInvitationRepository.save(invitation)\n }\n\n async findPending(organizationId: string): Promise {\n return this.organizationInvitationRepository.find({\n where: {\n organizationId,\n status: OrganizationInvitationStatus.PENDING,\n expiresAt: MoreThan(new Date()),\n },\n relations: {\n organization: true,\n assignedRoles: true,\n },\n })\n }\n\n async findByUser(userId: string): Promise {\n const user = await this.userService.findOne(userId)\n\n if (!user) {\n throw new NotFoundException(`User with ID ${userId} not found`)\n }\n\n return this.organizationInvitationRepository.find({\n where: {\n email: EmailUtils.normalize(user.email),\n status: OrganizationInvitationStatus.PENDING,\n expiresAt: MoreThan(new Date()),\n },\n relations: {\n organization: true,\n assignedRoles: true,\n },\n })\n }\n\n async getCountByUser(userId: string): Promise {\n const user = await this.userService.findOne(userId)\n\n if (!user) {\n throw new NotFoundException(`User with ID ${userId} not found`)\n }\n\n return this.organizationInvitationRepository.count({\n where: {\n email: EmailUtils.normalize(user.email),\n status: OrganizationInvitationStatus.PENDING,\n expiresAt: MoreThan(new Date()),\n },\n })\n }\n\n async findOneOrFail(invitationId: string): Promise {\n return this.organizationInvitationRepository.findOneOrFail({\n where: { id: invitationId },\n relations: {\n organization: true,\n assignedRoles: true,\n },\n })\n }\n\n async accept(invitationId: string, userId: string): Promise {\n const invitation = await this.prepareStatusUpdate(invitationId, OrganizationInvitationStatus.ACCEPTED)\n\n await this.dataSource.transaction(async (em) => {\n await em.save(invitation)\n await this.eventEmitter.emitAsync(\n OrganizationEvents.INVITATION_ACCEPTED,\n new OrganizationInvitationAcceptedEvent(\n em,\n invitation.organizationId,\n userId,\n invitation.role,\n invitation.assignedRoles,\n ),\n )\n })\n return invitation\n }\n\n async decline(invitationId: string): Promise {\n const invitation = await this.prepareStatusUpdate(invitationId, OrganizationInvitationStatus.DECLINED)\n await this.organizationInvitationRepository.save(invitation)\n }\n\n async cancel(invitationId: string): Promise {\n const invitation = await this.prepareStatusUpdate(invitationId, OrganizationInvitationStatus.CANCELLED)\n await this.organizationInvitationRepository.save(invitation)\n }\n\n private async prepareStatusUpdate(\n invitationId: string,\n newStatus: OrganizationInvitationStatus,\n ): Promise {\n const invitation = await this.organizationInvitationRepository.findOne({\n where: { id: invitationId },\n relations: {\n organization: true,\n assignedRoles: true,\n },\n })\n\n if (!invitation) {\n throw new NotFoundException(`Invitation with ID ${invitationId} not found`)\n }\n\n if (invitation.expiresAt && invitation.expiresAt < new Date()) {\n throw new ForbiddenException(`Invitation with ID ${invitationId} is expired`)\n }\n\n if (invitation.status !== OrganizationInvitationStatus.PENDING) {\n throw new ForbiddenException(`Invitation with ID ${invitationId} is already ${invitation.status}`)\n }\n\n invitation.status = newStatus\n return invitation\n }\n}\n" }, { "path": "apps/api/src/organization/services/organization-role.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ForbiddenException, Injectable, NotFoundException } from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { In, Repository } from 'typeorm'\nimport { CreateOrganizationRoleDto } from '../dto/create-organization-role.dto'\nimport { UpdateOrganizationRoleDto } from '../dto/update-organization-role.dto'\nimport { OrganizationRole } from '../entities/organization-role.entity'\n\n@Injectable()\nexport class OrganizationRoleService {\n constructor(\n @InjectRepository(OrganizationRole)\n private readonly organizationRoleRepository: Repository,\n ) {}\n\n async create(\n organizationId: string,\n createOrganizationRoleDto: CreateOrganizationRoleDto,\n ): Promise {\n const role = new OrganizationRole()\n role.organizationId = organizationId\n role.name = createOrganizationRoleDto.name\n role.description = createOrganizationRoleDto.description\n role.permissions = createOrganizationRoleDto.permissions\n return this.organizationRoleRepository.save(role)\n }\n\n async findAll(organizationId: string): Promise {\n return this.organizationRoleRepository.find({\n where: [{ organizationId }, { isGlobal: true }],\n order: {\n id: 'ASC',\n },\n })\n }\n\n async findByIds(roleIds: string[]): Promise {\n if (roleIds.length === 0) {\n return []\n }\n\n return this.organizationRoleRepository.find({\n where: {\n id: In(roleIds),\n },\n })\n }\n\n async update(roleId: string, updateOrganizationRoleDto: UpdateOrganizationRoleDto): Promise {\n const role = await this.organizationRoleRepository.findOne({\n where: { id: roleId },\n })\n\n if (!role) {\n throw new NotFoundException(`Organization role with ID ${roleId} not found`)\n }\n\n if (role.isGlobal) {\n throw new ForbiddenException('Global roles cannot be updated')\n }\n\n role.name = updateOrganizationRoleDto.name\n role.description = updateOrganizationRoleDto.description\n role.permissions = updateOrganizationRoleDto.permissions\n\n return this.organizationRoleRepository.save(role)\n }\n\n async delete(roleId: string): Promise {\n const role = await this.organizationRoleRepository.findOne({\n where: { id: roleId },\n })\n\n if (!role) {\n throw new NotFoundException(`Organization role with ID ${roleId} not found`)\n }\n\n if (role.isGlobal) {\n throw new ForbiddenException('Global roles cannot be deleted')\n }\n\n await this.organizationRoleRepository.remove(role)\n }\n}\n" }, { "path": "apps/api/src/organization/services/organization-usage.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { BadRequestException, Injectable, Logger, NotFoundException } from '@nestjs/common'\nimport { OnEvent } from '@nestjs/event-emitter'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport { In, Repository } from 'typeorm'\nimport { SANDBOX_STATES_CONSUMING_COMPUTE } from '../constants/sandbox-states-consuming-compute.constant'\nimport { SANDBOX_STATES_CONSUMING_DISK } from '../constants/sandbox-states-consuming-disk.constant'\nimport { SNAPSHOT_STATES_CONSUMING_RESOURCES } from '../constants/snapshot-states-consuming-resources.constant'\nimport { VOLUME_STATES_CONSUMING_RESOURCES } from '../constants/volume-states-consuming-resources.constant'\nimport { OrganizationUsageOverviewDto, RegionUsageOverviewDto } from '../dto/organization-usage-overview.dto'\nimport {\n PendingSandboxUsageOverviewInternalDto,\n SandboxUsageOverviewInternalDto,\n SandboxUsageOverviewWithPendingInternalDto,\n} from '../dto/sandbox-usage-overview-internal.dto'\nimport {\n PendingSnapshotUsageOverviewInternalDto,\n SnapshotUsageOverviewInternalDto,\n SnapshotUsageOverviewWithPendingInternalDto,\n} from '../dto/snapshot-usage-overview-internal.dto'\nimport {\n PendingVolumeUsageOverviewInternalDto,\n VolumeUsageOverviewInternalDto,\n VolumeUsageOverviewWithPendingInternalDto,\n} from '../dto/volume-usage-overview-internal.dto'\nimport { Organization } from '../entities/organization.entity'\nimport { OrganizationUsageQuotaType, OrganizationUsageResourceType } from '../helpers/organization-usage.helper'\nimport { RedisLockProvider } from '../../sandbox/common/redis-lock.provider'\nimport { SandboxEvents } from '../../sandbox/constants/sandbox-events.constants'\nimport { SnapshotEvents } from '../../sandbox/constants/snapshot-events'\nimport { VolumeEvents } from '../../sandbox/constants/volume-events'\nimport { Snapshot } from '../../sandbox/entities/snapshot.entity'\nimport { Volume } from '../../sandbox/entities/volume.entity'\nimport { SandboxCreatedEvent } from '../../sandbox/events/sandbox-create.event'\nimport { SandboxStateUpdatedEvent } from '../../sandbox/events/sandbox-state-updated.event'\nimport { SnapshotCreatedEvent } from '../../sandbox/events/snapshot-created.event'\nimport { SnapshotStateUpdatedEvent } from '../../sandbox/events/snapshot-state-updated.event'\nimport { VolumeCreatedEvent } from '../../sandbox/events/volume-created.event'\nimport { VolumeStateUpdatedEvent } from '../../sandbox/events/volume-state-updated.event'\nimport { SandboxDesiredState } from '../../sandbox/enums/sandbox-desired-state.enum'\nimport { SandboxState } from '../../sandbox/enums/sandbox-state.enum'\nimport { OrganizationService } from './organization.service'\nimport { SandboxRepository } from '../../sandbox/repositories/sandbox.repository'\n\n@Injectable()\nexport class OrganizationUsageService {\n private readonly logger = new Logger(OrganizationUsageService.name)\n\n /**\n * Time-to-live for cached quota usage values\n */\n private readonly CACHE_TTL_SECONDS = 60\n\n /**\n * Cache is considered stale if it was last populated from db more than `CACHE_MAX_AGE_MS` ago\n */\n private readonly CACHE_MAX_AGE_MS = 60 * 60 * 1000\n\n constructor(\n @InjectRedis() private readonly redis: Redis,\n @InjectRepository(Organization)\n private readonly organizationRepository: Repository,\n private readonly sandboxRepository: SandboxRepository,\n @InjectRepository(Snapshot)\n private readonly snapshotRepository: Repository,\n @InjectRepository(Volume)\n private readonly volumeRepository: Repository,\n private readonly redisLockProvider: RedisLockProvider,\n private readonly organizationService: OrganizationService,\n ) {}\n\n /**\n * Get the current usage overview for all organization quotas.\n *\n * @param organizationId\n * @param organization - Provide the organization entity to avoid fetching it from the database (optional)\n */\n async getUsageOverview(organizationId: string, organization?: Organization): Promise {\n if (organization && organization.id !== organizationId) {\n throw new BadRequestException('Organization ID mismatch')\n }\n\n if (!organization) {\n organization = await this.organizationRepository.findOne({ where: { id: organizationId } })\n }\n\n if (!organization) {\n throw new NotFoundException(`Organization with ID ${organizationId} not found`)\n }\n\n const regionQuotas = await this.organizationService.getRegionQuotas(organizationId)\n\n const regionUsage: RegionUsageOverviewDto[] = await Promise.all(\n regionQuotas.map(async (rq) => {\n const sandboxUsage = await this.getSandboxUsageOverview(organizationId, rq.regionId)\n\n const usage: RegionUsageOverviewDto = {\n regionId: rq.regionId,\n totalCpuQuota: rq.totalCpuQuota,\n totalMemoryQuota: rq.totalMemoryQuota,\n totalDiskQuota: rq.totalDiskQuota,\n currentCpuUsage: sandboxUsage.currentCpuUsage,\n currentMemoryUsage: sandboxUsage.currentMemoryUsage,\n currentDiskUsage: sandboxUsage.currentDiskUsage,\n }\n\n return usage\n }),\n )\n\n const snapshotUsage = await this.getSnapshotUsageOverview(organizationId)\n const volumeUsage = await this.getVolumeUsageOverview(organizationId)\n\n return {\n regionUsage,\n totalSnapshotQuota: organization.snapshotQuota,\n totalVolumeQuota: organization.volumeQuota,\n currentSnapshotUsage: snapshotUsage.currentSnapshotUsage,\n currentVolumeUsage: volumeUsage.currentVolumeUsage,\n }\n }\n\n /**\n * Get the current and pending usage overview for sandbox-related organization quotas in a specific region.\n *\n * @param organizationId\n * @param regionId\n * @param excludeSandboxId - If provided, the usage overview will exclude the current usage of the sandbox with the given ID\n */\n async getSandboxUsageOverview(\n organizationId: string,\n regionId: string,\n excludeSandboxId?: string,\n ): Promise {\n let cachedUsageOverview = await this.getCachedSandboxUsageOverview(organizationId, regionId)\n\n // cache hit\n if (cachedUsageOverview) {\n if (excludeSandboxId) {\n return await this.excludeSandboxFromUsageOverview(cachedUsageOverview, excludeSandboxId)\n }\n\n return cachedUsageOverview\n }\n\n // cache miss, wait for lock\n const lockKey = `org:${organizationId}:fetch-sandbox-usage-from-db`\n await this.redisLockProvider.waitForLock(lockKey, 60)\n\n try {\n // check if cache was updated while waiting for lock\n cachedUsageOverview = await this.getCachedSandboxUsageOverview(organizationId, regionId)\n\n // cache hit\n if (cachedUsageOverview) {\n if (excludeSandboxId) {\n return await this.excludeSandboxFromUsageOverview(cachedUsageOverview, excludeSandboxId)\n }\n\n return cachedUsageOverview\n }\n\n // cache miss, fetch from db\n const usageOverview = await this.fetchSandboxUsageFromDb(organizationId, regionId)\n\n // get pending usage separately since it's not stored in DB\n const pendingUsageOverview = await this.getCachedPendingSandboxUsageOverview(organizationId, regionId)\n\n const combinedUsageOverview: SandboxUsageOverviewWithPendingInternalDto = {\n ...usageOverview,\n ...pendingUsageOverview,\n }\n\n if (excludeSandboxId) {\n return await this.excludeSandboxFromUsageOverview(combinedUsageOverview, excludeSandboxId)\n }\n\n return combinedUsageOverview\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n /**\n * Get the current and pending usage overview for snapshot-related organization quotas.\n *\n * @param organizationId\n */\n async getSnapshotUsageOverview(organizationId: string): Promise {\n let cachedUsageOverview = await this.getCachedSnapshotUsageOverview(organizationId)\n\n // cache hit\n if (cachedUsageOverview) {\n return cachedUsageOverview\n }\n\n // cache miss, wait for lock\n const lockKey = `org:${organizationId}:fetch-snapshot-usage-from-db`\n await this.redisLockProvider.waitForLock(lockKey, 60)\n\n try {\n // check if cache was updated while waiting for lock\n cachedUsageOverview = await this.getCachedSnapshotUsageOverview(organizationId)\n\n // cache hit\n if (cachedUsageOverview) {\n return cachedUsageOverview\n }\n\n // cache miss, fetch from db\n const usageOverview = await this.fetchSnapshotUsageFromDb(organizationId)\n\n // get pending usage separately since it's not stored in DB\n const pendingUsageOverview = await this.getCachedPendingSnapshotUsageOverview(organizationId)\n\n return {\n ...usageOverview,\n ...pendingUsageOverview,\n }\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n /**\n * Get the current and pending usage overview for volume-related organization quotas.\n *\n * @param organizationId\n */\n async getVolumeUsageOverview(organizationId: string): Promise {\n let cachedUsageOverview = await this.getCachedVolumeUsageOverview(organizationId)\n\n // cache hit\n if (cachedUsageOverview) {\n return cachedUsageOverview\n }\n\n // cache miss, wait for lock\n const lockKey = `org:${organizationId}:fetch-volume-usage-from-db`\n await this.redisLockProvider.waitForLock(lockKey, 60)\n\n try {\n // check if cache was updated while waiting for lock\n cachedUsageOverview = await this.getCachedVolumeUsageOverview(organizationId)\n\n // cache hit\n if (cachedUsageOverview) {\n return cachedUsageOverview\n }\n\n // cache miss, fetch from db\n const usageOverview = await this.fetchVolumeUsageFromDb(organizationId)\n\n // get pending usage separately since it's not stored in DB\n const pendingUsageOverview = await this.getCachedPendingVolumeUsageOverview(organizationId)\n\n return {\n ...usageOverview,\n ...pendingUsageOverview,\n }\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n /**\n * Exclude the current usage of a specific sandbox from the usage overview.\n *\n * @param usageOverview\n * @param excludeSandboxId\n */\n private async excludeSandboxFromUsageOverview(\n usageOverview: T,\n excludeSandboxId: string,\n ): Promise {\n const excludedSandbox = await this.sandboxRepository.findOne({\n where: { id: excludeSandboxId },\n })\n\n if (!excludedSandbox) {\n return usageOverview\n }\n\n let cpuToSubtract = 0\n let memToSubtract = 0\n let diskToSubtract = 0\n\n if (SANDBOX_STATES_CONSUMING_COMPUTE.includes(excludedSandbox.state)) {\n cpuToSubtract = excludedSandbox.cpu\n memToSubtract = excludedSandbox.mem\n }\n\n if (SANDBOX_STATES_CONSUMING_DISK.includes(excludedSandbox.state)) {\n diskToSubtract = excludedSandbox.disk\n }\n\n return {\n ...usageOverview,\n currentCpuUsage: Math.max(0, usageOverview.currentCpuUsage - cpuToSubtract),\n currentMemoryUsage: Math.max(0, usageOverview.currentMemoryUsage - memToSubtract),\n currentDiskUsage: Math.max(0, usageOverview.currentDiskUsage - diskToSubtract),\n }\n }\n\n /**\n * Get the cached current and pending usage overview for sandbox-related organization quotas in a specific region.\n *\n * @param organizationId\n * @param regionId\n */\n private async getCachedSandboxUsageOverview(\n organizationId: string,\n regionId: string,\n ): Promise {\n const script = `\n return {\n redis.call(\"GET\", KEYS[1]),\n redis.call(\"GET\", KEYS[2]),\n redis.call(\"GET\", KEYS[3]),\n redis.call(\"GET\", KEYS[4]),\n redis.call(\"GET\", KEYS[5]),\n redis.call(\"GET\", KEYS[6])\n }\n `\n\n const result = (await this.redis.eval(\n script,\n 6,\n this.getCurrentQuotaUsageCacheKey(organizationId, 'cpu', regionId),\n this.getCurrentQuotaUsageCacheKey(organizationId, 'memory', regionId),\n this.getCurrentQuotaUsageCacheKey(organizationId, 'disk', regionId),\n this.getPendingQuotaUsageCacheKey(organizationId, 'cpu', regionId),\n this.getPendingQuotaUsageCacheKey(organizationId, 'memory', regionId),\n this.getPendingQuotaUsageCacheKey(organizationId, 'disk', regionId),\n )) as (string | null)[]\n\n const [cpuUsage, memoryUsage, diskUsage, pendingCpuUsage, pendingMemoryUsage, pendingDiskUsage] = result\n\n // Cache miss\n if (cpuUsage === null || memoryUsage === null || diskUsage === null) {\n return null\n }\n\n // Check cache staleness for current usage\n const isStale = await this.isCacheStale(organizationId, 'sandbox', regionId)\n\n if (isStale) {\n return null\n }\n\n // Validate current usage values are non-negative numbers\n const parsedCpuUsage = this.parseNonNegativeCachedValue(cpuUsage)\n const parsedMemoryUsage = this.parseNonNegativeCachedValue(memoryUsage)\n const parsedDiskUsage = this.parseNonNegativeCachedValue(diskUsage)\n\n if (parsedCpuUsage === null || parsedMemoryUsage === null || parsedDiskUsage === null) {\n return null\n }\n\n // Parse pending usage values (null is acceptable)\n const parsedPendingCpuUsage = this.parseNonNegativeCachedValue(pendingCpuUsage)\n const parsedPendingMemoryUsage = this.parseNonNegativeCachedValue(pendingMemoryUsage)\n const parsedPendingDiskUsage = this.parseNonNegativeCachedValue(pendingDiskUsage)\n\n return {\n currentCpuUsage: parsedCpuUsage,\n currentMemoryUsage: parsedMemoryUsage,\n currentDiskUsage: parsedDiskUsage,\n pendingCpuUsage: parsedPendingCpuUsage,\n pendingMemoryUsage: parsedPendingMemoryUsage,\n pendingDiskUsage: parsedPendingDiskUsage,\n }\n }\n\n /**\n * Get the cached pending usage overview for sandbox-related organization quotas in a specific region.\n *\n * @param organizationId\n * @param regionId\n */\n private async getCachedPendingSandboxUsageOverview(\n organizationId: string,\n regionId: string,\n ): Promise {\n const script = `\n return {\n redis.call(\"GET\", KEYS[1]),\n redis.call(\"GET\", KEYS[2]),\n redis.call(\"GET\", KEYS[3])\n }\n `\n const result = (await this.redis.eval(\n script,\n 3,\n this.getPendingQuotaUsageCacheKey(organizationId, 'cpu', regionId),\n this.getPendingQuotaUsageCacheKey(organizationId, 'memory', regionId),\n this.getPendingQuotaUsageCacheKey(organizationId, 'disk', regionId),\n )) as (string | null)[]\n\n const [pendingCpuUsage, pendingMemoryUsage, pendingDiskUsage] = result\n\n const parsedPendingCpuUsage = this.parseNonNegativeCachedValue(pendingCpuUsage)\n const parsedPendingMemoryUsage = this.parseNonNegativeCachedValue(pendingMemoryUsage)\n const parsedPendingDiskUsage = this.parseNonNegativeCachedValue(pendingDiskUsage)\n\n return {\n pendingCpuUsage: parsedPendingCpuUsage,\n pendingMemoryUsage: parsedPendingMemoryUsage,\n pendingDiskUsage: parsedPendingDiskUsage,\n }\n }\n\n /**\n * Get the cached overview for current and pending usage for snapshot-related organization quotas.\n *\n * @param organizationId\n */\n private async getCachedSnapshotUsageOverview(\n organizationId: string,\n ): Promise {\n const script = `\n return {\n redis.call(\"GET\", KEYS[1]),\n redis.call(\"GET\", KEYS[2])\n }\n `\n const result = (await this.redis.eval(\n script,\n 2,\n this.getCurrentQuotaUsageCacheKey(organizationId, 'snapshot_count'),\n this.getPendingQuotaUsageCacheKey(organizationId, 'snapshot_count'),\n )) as (string | null)[]\n\n const [currentSnapshotUsage, pendingSnapshotUsage] = result\n\n // Cache miss\n if (currentSnapshotUsage === null) {\n return null\n }\n\n // Check cache staleness for current usage\n const isStale = await this.isCacheStale(organizationId, 'snapshot')\n\n if (isStale) {\n return null\n }\n\n // Validate current usage values are non-negative numbers\n const parsedCurrentSnapshotUsage = this.parseNonNegativeCachedValue(currentSnapshotUsage)\n\n if (parsedCurrentSnapshotUsage === null) {\n return null\n }\n\n // Parse pending usage values (null is acceptable)\n const parsedPendingSnapshotUsage = this.parseNonNegativeCachedValue(pendingSnapshotUsage)\n\n return {\n currentSnapshotUsage: parsedCurrentSnapshotUsage,\n pendingSnapshotUsage: parsedPendingSnapshotUsage,\n }\n }\n\n /**\n * Get the cached pending usage overview for snapshot-related organization quotas.\n *\n * @param organizationId\n */\n private async getCachedPendingSnapshotUsageOverview(\n organizationId: string,\n ): Promise {\n const script = `\n return {\n redis.call(\"GET\", KEYS[1])\n }\n `\n const result = (await this.redis.eval(\n script,\n 1,\n this.getPendingQuotaUsageCacheKey(organizationId, 'snapshot_count'),\n )) as (string | null)[]\n\n const [pendingSnapshotUsage] = result\n\n // Parse pending usage values (null is acceptable)\n const parsedPendingSnapshotUsage = this.parseNonNegativeCachedValue(pendingSnapshotUsage)\n\n return {\n pendingSnapshotUsage: parsedPendingSnapshotUsage,\n }\n }\n\n /**\n * Get the cached overview for current and pending usage for volume-related organization quotas.\n *\n * @param organizationId\n */\n private async getCachedVolumeUsageOverview(\n organizationId: string,\n ): Promise {\n const script = `\n return {\n redis.call(\"GET\", KEYS[1]),\n redis.call(\"GET\", KEYS[2])\n }\n `\n\n const result = (await this.redis.eval(\n script,\n 2,\n this.getCurrentQuotaUsageCacheKey(organizationId, 'volume_count'),\n this.getPendingQuotaUsageCacheKey(organizationId, 'volume_count'),\n )) as (string | null)[]\n\n const [currentVolumeUsage, pendingVolumeUsage] = result\n\n if (currentVolumeUsage === null) {\n return null\n }\n\n // Check cache staleness for current usage\n const isStale = await this.isCacheStale(organizationId, 'volume')\n\n if (isStale) {\n return null\n }\n\n // Validate current usage values are non-negative numbers\n const parsedCurrentVolumeUsage = this.parseNonNegativeCachedValue(currentVolumeUsage)\n\n if (parsedCurrentVolumeUsage === null) {\n return null\n }\n\n // Parse pending usage values (null is acceptable)\n const parsedPendingVolumeUsage = this.parseNonNegativeCachedValue(pendingVolumeUsage)\n\n return {\n currentVolumeUsage: parsedCurrentVolumeUsage,\n pendingVolumeUsage: parsedPendingVolumeUsage,\n }\n }\n\n /**\n * Get the cached pending usage overview for volume-related organization quotas.\n *\n * @param organizationId\n */\n private async getCachedPendingVolumeUsageOverview(\n organizationId: string,\n ): Promise {\n const script = `\n return {\n redis.call(\"GET\", KEYS[1])\n }\n `\n\n const result = (await this.redis.eval(\n script,\n 1,\n this.getPendingQuotaUsageCacheKey(organizationId, 'volume_count'),\n )) as (string | null)[]\n\n const [pendingVolumeUsage] = result\n\n // Parse pending usage values (null is acceptable)\n const parsedPendingVolumeUsage = this.parseNonNegativeCachedValue(pendingVolumeUsage)\n\n return {\n pendingVolumeUsage: parsedPendingVolumeUsage,\n }\n }\n\n /**\n * Attempts to parse a given value to a non-negative number.\n *\n * @param value - The value to parse.\n * @returns The parsed non-negative number or `null` if the given value is null or not a non-negative number.\n */\n private parseNonNegativeCachedValue(value: string | null): number | null {\n if (value === null) {\n return null\n }\n\n const parsedValue = Number(value)\n\n if (isNaN(parsedValue) || parsedValue < 0) {\n return null\n }\n\n return parsedValue\n }\n\n /**\n * Fetch the current usage overview for sandbox-related organization quotas in a specific region from the database and cache the results.\n *\n * @param organizationId\n * @param regionId\n */\n async fetchSandboxUsageFromDb(organizationId: string, regionId: string): Promise {\n // fetch from db\n // For CPU/memory, we need to also count RESIZING sandboxes that were hot resizing (desiredState = 'started')\n // since they are still running and consuming compute resources\n const sandboxUsageMetrics: {\n used_cpu: number\n used_mem: number\n used_disk: number\n } = await this.sandboxRepository\n .createQueryBuilder('sandbox')\n .select([\n `SUM(CASE WHEN sandbox.state IN (:...statesConsumingCompute) OR (sandbox.state = :resizingState AND sandbox.\"desiredState\" = :startedDesiredState) THEN sandbox.cpu ELSE 0 END) as used_cpu`,\n `SUM(CASE WHEN sandbox.state IN (:...statesConsumingCompute) OR (sandbox.state = :resizingState AND sandbox.\"desiredState\" = :startedDesiredState) THEN sandbox.mem ELSE 0 END) as used_mem`,\n 'SUM(CASE WHEN sandbox.state IN (:...statesConsumingDisk) THEN sandbox.disk ELSE 0 END) as used_disk',\n ])\n .where('sandbox.organizationId = :organizationId', { organizationId })\n .andWhere('sandbox.region = :regionId', { regionId })\n .setParameter('statesConsumingCompute', SANDBOX_STATES_CONSUMING_COMPUTE)\n .setParameter('statesConsumingDisk', SANDBOX_STATES_CONSUMING_DISK)\n .setParameter('resizingState', SandboxState.RESIZING)\n .setParameter('startedDesiredState', SandboxDesiredState.STARTED)\n .getRawOne()\n\n const cpuUsage = Number(sandboxUsageMetrics.used_cpu) || 0\n const memoryUsage = Number(sandboxUsageMetrics.used_mem) || 0\n const diskUsage = Number(sandboxUsageMetrics.used_disk) || 0\n\n // cache the results\n const cpuCacheKey = this.getCurrentQuotaUsageCacheKey(organizationId, 'cpu', regionId)\n const memoryCacheKey = this.getCurrentQuotaUsageCacheKey(organizationId, 'memory', regionId)\n const diskCacheKey = this.getCurrentQuotaUsageCacheKey(organizationId, 'disk', regionId)\n\n await this.redis\n .multi()\n .setex(cpuCacheKey, this.CACHE_TTL_SECONDS, cpuUsage)\n .setex(memoryCacheKey, this.CACHE_TTL_SECONDS, memoryUsage)\n .setex(diskCacheKey, this.CACHE_TTL_SECONDS, diskUsage)\n .exec()\n\n await this.resetCacheStaleness(organizationId, 'sandbox', regionId)\n\n return {\n currentCpuUsage: cpuUsage,\n currentMemoryUsage: memoryUsage,\n currentDiskUsage: diskUsage,\n }\n }\n\n /**\n * Fetch the current usage overview for snapshot-related organization quotas from the database and cache the results.\n *\n * @param organizationId\n */\n private async fetchSnapshotUsageFromDb(organizationId: string): Promise {\n // fetch from db\n const snapshotUsage = await this.snapshotRepository.count({\n where: {\n organizationId,\n state: In(SNAPSHOT_STATES_CONSUMING_RESOURCES),\n },\n })\n\n // cache the result\n const cacheKey = this.getCurrentQuotaUsageCacheKey(organizationId, 'snapshot_count')\n await this.redis.setex(cacheKey, this.CACHE_TTL_SECONDS, snapshotUsage)\n\n await this.resetCacheStaleness(organizationId, 'snapshot')\n\n return {\n currentSnapshotUsage: snapshotUsage,\n }\n }\n\n /**\n * Fetch the current usage overview for volume-related organization quotas from the database and cache the results.\n *\n * @param organizationId\n */\n private async fetchVolumeUsageFromDb(organizationId: string): Promise {\n // fetch from db\n const volumeUsage = await this.volumeRepository.count({\n where: {\n organizationId,\n state: In(VOLUME_STATES_CONSUMING_RESOURCES),\n },\n })\n\n // cache the result\n const cacheKey = this.getCurrentQuotaUsageCacheKey(organizationId, 'volume_count')\n await this.redis.setex(cacheKey, this.CACHE_TTL_SECONDS, volumeUsage)\n\n await this.resetCacheStaleness(organizationId, 'volume')\n\n return {\n currentVolumeUsage: volumeUsage,\n }\n }\n\n /**\n * Get the cache key for the current usage of a given organization quota.\n */\n private getCurrentQuotaUsageCacheKey(\n organizationId: string,\n quotaType: 'cpu' | 'memory' | 'disk',\n regionId: string,\n ): string\n private getCurrentQuotaUsageCacheKey(organizationId: string, quotaType: 'snapshot_count' | 'volume_count'): string\n private getCurrentQuotaUsageCacheKey(\n organizationId: string,\n quotaType: OrganizationUsageQuotaType,\n regionId?: string,\n ): string {\n return `org:${organizationId}${regionId ? `:region:${regionId}` : ''}:quota:${quotaType}:usage`\n }\n\n /**\n * Get the cache key for the pending usage of a given organization quota.\n */\n private getPendingQuotaUsageCacheKey(\n organizationId: string,\n quotaType: 'cpu' | 'memory' | 'disk',\n regionId: string,\n ): string\n private getPendingQuotaUsageCacheKey(organizationId: string, quotaType: 'snapshot_count' | 'volume_count'): string\n private getPendingQuotaUsageCacheKey(\n organizationId: string,\n quotaType: OrganizationUsageQuotaType,\n regionId?: string,\n ): string {\n return `org:${organizationId}${regionId ? `:region:${regionId}` : ''}:quota:${quotaType}:pending`\n }\n\n /**\n * Updates the current usage of a given organization quota in the cache. If cache is not present, this method is a no-op.\n *\n * If the corresponding quota type has pending usage in the cache and the delta is positive, the pending usage is decremented accordingly.\n */\n private async updateCurrentQuotaUsage(\n organizationId: string,\n quotaType: 'cpu' | 'memory' | 'disk',\n delta: number,\n regionId: string,\n ): Promise\n private async updateCurrentQuotaUsage(\n organizationId: string,\n quotaType: 'snapshot_count' | 'volume_count',\n delta: number,\n ): Promise\n private async updateCurrentQuotaUsage(\n organizationId: string,\n quotaType: OrganizationUsageQuotaType,\n delta: number,\n regionId?: string,\n ): Promise {\n const script = `\n local cacheKey = KEYS[1]\n local pendingCacheKey = KEYS[2]\n local delta = tonumber(ARGV[1])\n local ttl = tonumber(ARGV[2])\n\n if redis.call(\"EXISTS\", cacheKey) == 1 then\n redis.call(\"INCRBY\", cacheKey, delta)\n redis.call(\"EXPIRE\", cacheKey, ttl)\n end\n\n local pending = tonumber(redis.call(\"GET\", pendingCacheKey))\n if pending and pending > 0 and delta > 0 then\n redis.call(\"DECRBY\", pendingCacheKey, delta)\n end\n `\n\n let currentQuotaUsageCacheKey = ''\n let pendingQuotaUsageCacheKey = ''\n\n switch (quotaType) {\n case 'cpu':\n case 'memory':\n case 'disk':\n currentQuotaUsageCacheKey = this.getCurrentQuotaUsageCacheKey(organizationId, quotaType, regionId)\n pendingQuotaUsageCacheKey = this.getPendingQuotaUsageCacheKey(organizationId, quotaType, regionId)\n break\n case 'snapshot_count':\n case 'volume_count':\n currentQuotaUsageCacheKey = this.getCurrentQuotaUsageCacheKey(organizationId, quotaType)\n pendingQuotaUsageCacheKey = this.getPendingQuotaUsageCacheKey(organizationId, quotaType)\n break\n }\n\n await this.redis.eval(\n script,\n 2,\n currentQuotaUsageCacheKey,\n pendingQuotaUsageCacheKey,\n delta.toString(),\n this.CACHE_TTL_SECONDS.toString(),\n )\n }\n\n /**\n * Increments the pending usage for sandbox-related organization quotas in a specific region.\n *\n * Pending usage is used to protect against race conditions to prevent quota abuse.\n *\n * If a user action will result in increased quota usage, we will first increment the pending usage.\n *\n * When the user action is complete, this pending usage will be transfered to the actual usage.\n *\n * As a safeguard, an expiration time is set on the pending usage cache to prevent lockout for new operations.\n *\n * @param organizationId\n * @param regionId\n * @param cpu - The amount of CPU to increment.\n * @param memory - The amount of memory to increment.\n * @param disk - The amount of disk to increment.\n * @param excludeSandboxId - If provided, pending usage will be incremented only for quotas that are not consumed by the sandbox in its current state.\n * @returns an object with the boolean values indicating if the pending usage was incremented for each quota type\n */\n async incrementPendingSandboxUsage(\n organizationId: string,\n regionId: string,\n cpu: number,\n memory: number,\n disk: number,\n excludeSandboxId?: string,\n ): Promise<{\n cpuIncremented: boolean\n memoryIncremented: boolean\n diskIncremented: boolean\n }> {\n // determine for which quota types we should increment the pending usage\n let shouldIncrementCpu = true\n let shouldIncrementMemory = true\n let shouldIncrementDisk = true\n\n if (excludeSandboxId) {\n const excludedSandbox = await this.sandboxRepository.findOne({\n where: { id: excludeSandboxId },\n })\n\n if (excludedSandbox) {\n if (SANDBOX_STATES_CONSUMING_COMPUTE.includes(excludedSandbox.state)) {\n shouldIncrementCpu = false\n shouldIncrementMemory = false\n }\n\n if (SANDBOX_STATES_CONSUMING_DISK.includes(excludedSandbox.state)) {\n shouldIncrementDisk = false\n }\n }\n }\n\n // increment the pending usage for necessary quota types\n const script = `\n local cpuKey = KEYS[1]\n local memoryKey = KEYS[2]\n local diskKey = KEYS[3]\n\n local shouldIncrementCpu = ARGV[1] == \"true\"\n local shouldIncrementMemory = ARGV[2] == \"true\"\n local shouldIncrementDisk = ARGV[3] == \"true\"\n\n local cpuIncrement = tonumber(ARGV[4])\n local memoryIncrement = tonumber(ARGV[5])\n local diskIncrement = tonumber(ARGV[6])\n\n local ttl = tonumber(ARGV[7])\n \n if shouldIncrementCpu then\n redis.call(\"INCRBY\", cpuKey, cpuIncrement)\n redis.call(\"EXPIRE\", cpuKey, ttl)\n end\n\n if shouldIncrementMemory then\n redis.call(\"INCRBY\", memoryKey, memoryIncrement)\n redis.call(\"EXPIRE\", memoryKey, ttl)\n end\n\n if shouldIncrementDisk then\n redis.call(\"INCRBY\", diskKey, diskIncrement)\n redis.call(\"EXPIRE\", diskKey, ttl)\n end\n `\n\n await this.redis.eval(\n script,\n 3,\n this.getPendingQuotaUsageCacheKey(organizationId, 'cpu', regionId),\n this.getPendingQuotaUsageCacheKey(organizationId, 'memory', regionId),\n this.getPendingQuotaUsageCacheKey(organizationId, 'disk', regionId),\n shouldIncrementCpu.toString(),\n shouldIncrementMemory.toString(),\n shouldIncrementDisk.toString(),\n cpu.toString(),\n memory.toString(),\n disk.toString(),\n this.CACHE_TTL_SECONDS.toString(),\n )\n\n return {\n cpuIncremented: shouldIncrementCpu,\n memoryIncremented: shouldIncrementMemory,\n diskIncremented: shouldIncrementDisk,\n }\n }\n\n /**\n * Decrements the pending usage for sandbox-related organization quotas in a specific region.\n *\n * Use this method to roll back pending usage after incrementing it for an action that was subsequently rejected.\n *\n * Pending usage is used to protect against race conditions to prevent quota abuse.\n *\n * If a user action will result in increased quota usage, we will first increment the pending usage.\n *\n * When the user action is complete, this pending usage will be transfered to the actual usage.\n *\n * @param organizationId\n * @param regionId\n * @param cpu - If provided, the amount of CPU to decrement.\n * @param memory - If provided, the amount of memory to decrement.\n * @param disk - If provided, the amount of disk to decrement.\n */\n async decrementPendingSandboxUsage(\n organizationId: string,\n regionId: string,\n cpu?: number,\n memory?: number,\n disk?: number,\n ): Promise {\n // decrement the pending usage for necessary quota types\n const script = `\n local cpuKey = KEYS[1]\n local memoryKey = KEYS[2] \n local diskKey = KEYS[3]\n\n local cpuDecrement = tonumber(ARGV[1])\n local memoryDecrement = tonumber(ARGV[2])\n local diskDecrement = tonumber(ARGV[3])\n \n if cpuDecrement then\n redis.call(\"DECRBY\", cpuKey, cpuDecrement)\n end\n\n if memoryDecrement then\n redis.call(\"DECRBY\", memoryKey, memoryDecrement)\n end\n\n if diskDecrement then\n redis.call(\"DECRBY\", diskKey, diskDecrement)\n end\n `\n\n await this.redis.eval(\n script,\n 3,\n this.getPendingQuotaUsageCacheKey(organizationId, 'cpu', regionId),\n this.getPendingQuotaUsageCacheKey(organizationId, 'memory', regionId),\n this.getPendingQuotaUsageCacheKey(organizationId, 'disk', regionId),\n cpu?.toString() ?? '0',\n memory?.toString() ?? '0',\n disk?.toString() ?? '0',\n )\n }\n\n /**\n * Increments the pending usage for snapshot-related organization quotas.\n *\n * Pending usage is used to protect against race conditions to prevent quota abuse.\n *\n * If a user action will result in increased quota usage, we will first increment the pending usage.\n *\n * When the user action is complete, this pending usage will be transfered to the actual usage.\n *\n * As a safeguard, an expiration time is set on the pending usage cache to prevent lockout for new operations.\n *\n * @param organizationId\n * @param snapshotCount - The count of snapshots to increment.\n */\n async incrementPendingSnapshotUsage(organizationId: string, snapshotCount: number): Promise {\n const script = `\n local snapshotCountKey = KEYS[1]\n\n local snapshotCountIncrement = tonumber(ARGV[1])\n local ttl = tonumber(ARGV[2])\n \n redis.call(\"INCRBY\", snapshotCountKey, snapshotCountIncrement)\n redis.call(\"EXPIRE\", snapshotCountKey, ttl)\n `\n\n await this.redis.eval(\n script,\n 1,\n this.getPendingQuotaUsageCacheKey(organizationId, 'snapshot_count'),\n snapshotCount.toString(),\n this.CACHE_TTL_SECONDS.toString(),\n )\n }\n\n /**\n * Decrements the pending usage for snapshot-related organization quotas.\n *\n * Use this method to roll back pending usage after incrementing it for an action that was subsequently rejected.\n *\n * Pending usage is used to protect against race conditions to prevent quota abuse.\n *\n * If a user action will result in increased quota usage, we will first increment the pending usage.\n *\n * When the user action is complete, this pending usage will be transfered to the actual usage.\n *\n * @param organizationId\n * @param snapshotCount - If provided, the count of snapshots to decrement.\n */\n async decrementPendingSnapshotUsage(organizationId: string, snapshotCount?: number): Promise {\n // decrement the pending usage for necessary quota types\n const script = `\n local snapshotCountKey = KEYS[1]\n\n local snapshotCountDecrement = tonumber(ARGV[1])\n \n if snapshotCountDecrement then\n redis.call(\"DECRBY\", snapshotCountKey, snapshotCountDecrement)\n end\n `\n\n await this.redis.eval(\n script,\n 1,\n this.getPendingQuotaUsageCacheKey(organizationId, 'snapshot_count'),\n snapshotCount?.toString() ?? '0',\n )\n }\n\n /**\n * Increments the pending usage for volume-related organization quotas.\n *\n * Pending usage is used to protect against race conditions to prevent quota abuse.\n *\n * If a user action will result in increased quota usage, we will first increment the pending usage.\n *\n * When the user action is complete, this pending usage will be transfered to the actual usage.\n *\n * As a safeguard, an expiration time is set on the pending usage cache to prevent lockout for new operations.\n *\n * @param organizationId\n * @param volumeCount - The count of volumes to increment.\n */\n async incrementPendingVolumeUsage(organizationId: string, volumeCount: number): Promise {\n const script = `\n local volumeCountKey = KEYS[1]\n\n local volumeCountIncrement = tonumber(ARGV[1])\n local ttl = tonumber(ARGV[2])\n \n redis.call(\"INCRBY\", volumeCountKey, volumeCountIncrement)\n redis.call(\"EXPIRE\", volumeCountKey, ttl)\n `\n\n await this.redis.eval(\n script,\n 1,\n this.getPendingQuotaUsageCacheKey(organizationId, 'volume_count'),\n volumeCount.toString(),\n this.CACHE_TTL_SECONDS.toString(),\n )\n }\n\n /**\n * Decrements the pending usage for volume-related organization quotas.\n *\n * Use this method to roll back pending usage after incrementing it for an action that was subsequently rejected.\n *\n * Pending usage is used to protect against race conditions to prevent quota abuse.\n *\n * If a user action will result in increased quota usage, we will first increment the pending usage.\n *\n * When the user action is complete, this pending usage will be transfered to the actual usage.\n *\n * @param organizationId\n * @param volumeCount - If provided, the count of volumes to decrement.\n */\n async decrementPendingVolumeUsage(organizationId: string, volumeCount?: number): Promise {\n // decrement the pending usage for necessary quota types\n const script = `\n local volumeCountKey = KEYS[1]\n\n local volumeCountDecrement = tonumber(ARGV[1])\n\n if volumeCountDecrement then\n redis.call(\"DECRBY\", volumeCountKey, volumeCountDecrement)\n end\n `\n\n await this.redis.eval(\n script,\n 1,\n this.getPendingQuotaUsageCacheKey(organizationId, 'volume_count'),\n volumeCount?.toString() ?? '0',\n )\n }\n\n /**\n * Apply usage change after resize completes successfully.\n * Updates current usage and clears pending by the deltas.\n * Supports both positive (increase) and negative (decrease) deltas.\n * @param organizationId\n * @param regionId\n * @param cpuDelta\n * @param memDelta\n * @param diskDelta\n */\n async applyResizeUsageChange(\n organizationId: string,\n regionId: string,\n cpuDelta: number,\n memDelta: number,\n diskDelta: number,\n ): Promise {\n if (cpuDelta !== 0) {\n await this.updateCurrentQuotaUsage(organizationId, 'cpu', cpuDelta, regionId)\n }\n if (memDelta !== 0) {\n await this.updateCurrentQuotaUsage(organizationId, 'memory', memDelta, regionId)\n }\n if (diskDelta !== 0) {\n await this.updateCurrentQuotaUsage(organizationId, 'disk', diskDelta, regionId)\n }\n }\n\n /**\n * Get the cache key for the timestamp of the last time the cached usage of organization quotas for a given resource type was populated from the database.\n *\n * @param organizationId\n * @param resourceType\n * @param regionId\n */\n private getCacheStalenessKey(\n organizationId: string,\n resourceType: OrganizationUsageResourceType,\n regionId?: string,\n ): string {\n return `org:${organizationId}${regionId ? `:region:${regionId}` : ''}:resource:${resourceType}:usage:fetched_at`\n }\n\n /**\n * Reset the timestamp of the last time the cached usage of organization quotas for a given resource type was populated from the database.\n */\n private resetCacheStaleness(organizationId: string, resourceType: 'sandbox', regionId: string): Promise\n private resetCacheStaleness(organizationId: string, resourceType: 'snapshot' | 'volume'): Promise\n private async resetCacheStaleness(\n organizationId: string,\n resourceType: OrganizationUsageResourceType,\n regionId?: string,\n ): Promise {\n const cacheKey = this.getCacheStalenessKey(organizationId, resourceType, regionId)\n await this.redis.set(cacheKey, Date.now())\n }\n\n /**\n * Check if the cached usage of organization quotas for a given resource type was last populated from the database more than CACHE_MAX_AGE_MS ago.\n *\n * @returns `true` if the cached usage is stale, `false` otherwise\n */\n private async isCacheStale(organizationId: string, resourceType: 'sandbox', regionId: string): Promise\n private async isCacheStale(organizationId: string, resourceType: 'snapshot' | 'volume'): Promise\n private async isCacheStale(\n organizationId: string,\n resourceType: OrganizationUsageResourceType,\n regionId?: string,\n ): Promise {\n const cacheKey = this.getCacheStalenessKey(organizationId, resourceType, regionId)\n const cachedData = await this.redis.get(cacheKey)\n\n if (!cachedData) {\n return true\n }\n\n const lastFetchedAtTimestamp = Number(cachedData)\n if (isNaN(lastFetchedAtTimestamp)) {\n return true\n }\n\n return Date.now() - lastFetchedAtTimestamp > this.CACHE_MAX_AGE_MS\n }\n\n @OnEvent(SandboxEvents.CREATED)\n async handleSandboxCreated(event: SandboxCreatedEvent) {\n const lockKey = `sandbox:${event.sandbox.id}:quota-usage-update`\n await this.redisLockProvider.waitForLock(lockKey, 60)\n\n try {\n await this.updateCurrentQuotaUsage(event.sandbox.organizationId, 'cpu', event.sandbox.cpu, event.sandbox.region)\n await this.updateCurrentQuotaUsage(\n event.sandbox.organizationId,\n 'memory',\n event.sandbox.mem,\n event.sandbox.region,\n )\n await this.updateCurrentQuotaUsage(event.sandbox.organizationId, 'disk', event.sandbox.disk, event.sandbox.region)\n } catch (error) {\n this.logger.warn(\n `Error updating cached sandbox quota usage for organization ${event.sandbox.organizationId} in region ${event.sandbox.region}`,\n error,\n )\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @OnEvent(SandboxEvents.STATE_UPDATED)\n async handleSandboxStateUpdated(event: SandboxStateUpdatedEvent) {\n if (event.oldState === SandboxState.RESIZING || event.newState === SandboxState.RESIZING) {\n return\n }\n\n const lockKey = `sandbox:${event.sandbox.id}:quota-usage-update`\n await this.redisLockProvider.waitForLock(lockKey, 60)\n\n // Special case for warm pool sandboxes (otherwise the quota usage deltas would be 0 due to the \"unchanged\" state)\n if (event.oldState === event.newState && event.newState === SandboxState.STARTED) {\n try {\n await this.updateCurrentQuotaUsage(event.sandbox.organizationId, 'cpu', event.sandbox.cpu, event.sandbox.region)\n await this.updateCurrentQuotaUsage(\n event.sandbox.organizationId,\n 'memory',\n event.sandbox.mem,\n event.sandbox.region,\n )\n await this.updateCurrentQuotaUsage(\n event.sandbox.organizationId,\n 'disk',\n event.sandbox.disk,\n event.sandbox.region,\n )\n return\n } catch (error) {\n this.logger.warn(\n `Error updating cached sandbox quota usage for organization ${event.sandbox.organizationId} in region ${event.sandbox.region}`,\n error,\n )\n return\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n try {\n const cpuDelta = this.calculateQuotaUsageDelta(\n event.sandbox.cpu,\n event.oldState,\n event.newState,\n SANDBOX_STATES_CONSUMING_COMPUTE,\n )\n\n const memDelta = this.calculateQuotaUsageDelta(\n event.sandbox.mem,\n event.oldState,\n event.newState,\n SANDBOX_STATES_CONSUMING_COMPUTE,\n )\n\n const diskDelta = this.calculateQuotaUsageDelta(\n event.sandbox.disk,\n event.oldState,\n event.newState,\n SANDBOX_STATES_CONSUMING_DISK,\n )\n\n if (cpuDelta !== 0) {\n await this.updateCurrentQuotaUsage(event.sandbox.organizationId, 'cpu', cpuDelta, event.sandbox.region)\n }\n\n if (memDelta !== 0) {\n await this.updateCurrentQuotaUsage(event.sandbox.organizationId, 'memory', memDelta, event.sandbox.region)\n }\n\n if (diskDelta !== 0) {\n await this.updateCurrentQuotaUsage(event.sandbox.organizationId, 'disk', diskDelta, event.sandbox.region)\n }\n } catch (error) {\n this.logger.warn(\n `Error updating cached sandbox quota usage for organization ${event.sandbox.organizationId} in region ${event.sandbox.region}`,\n error,\n )\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @OnEvent(SnapshotEvents.CREATED)\n async handleSnapshotCreated(event: SnapshotCreatedEvent) {\n const lockKey = `snapshot:${event.snapshot.id}:quota-usage-update`\n await this.redisLockProvider.waitForLock(lockKey, 60)\n\n try {\n await this.updateCurrentQuotaUsage(event.snapshot.organizationId, 'snapshot_count', 1)\n } catch (error) {\n this.logger.warn(\n `Error updating cached snapshot quota usage for organization ${event.snapshot.organizationId}`,\n error,\n )\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @OnEvent(SnapshotEvents.STATE_UPDATED)\n async handleSnapshotStateUpdated(event: SnapshotStateUpdatedEvent) {\n const lockKey = `snapshot:${event.snapshot.id}:quota-usage-update`\n await this.redisLockProvider.waitForLock(lockKey, 60)\n\n try {\n const countDelta = this.calculateQuotaUsageDelta(\n 1,\n event.oldState,\n event.newState,\n SNAPSHOT_STATES_CONSUMING_RESOURCES,\n )\n\n if (countDelta !== 0) {\n await this.updateCurrentQuotaUsage(event.snapshot.organizationId, 'snapshot_count', countDelta)\n }\n } catch (error) {\n this.logger.warn(\n `Error updating cached snapshot quota usage for organization ${event.snapshot.organizationId}`,\n error,\n )\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @OnEvent(VolumeEvents.CREATED)\n async handleVolumeCreated(event: VolumeCreatedEvent) {\n const lockKey = `volume:${event.volume.id}:quota-usage-update`\n await this.redisLockProvider.waitForLock(lockKey, 60)\n\n try {\n await this.updateCurrentQuotaUsage(event.volume.organizationId, 'volume_count', 1)\n } catch (error) {\n this.logger.warn(\n `Error updating cached volume quota usage for organization ${event.volume.organizationId}`,\n error,\n )\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @OnEvent(VolumeEvents.STATE_UPDATED)\n async handleVolumeStateUpdated(event: VolumeStateUpdatedEvent) {\n const lockKey = `volume:${event.volume.id}:quota-usage-update`\n await this.redisLockProvider.waitForLock(lockKey, 60)\n\n try {\n const countDelta = this.calculateQuotaUsageDelta(\n 1,\n event.oldState,\n event.newState,\n VOLUME_STATES_CONSUMING_RESOURCES,\n )\n\n if (countDelta !== 0) {\n await this.updateCurrentQuotaUsage(event.volume.organizationId, 'volume_count', countDelta)\n }\n } catch (error) {\n this.logger.warn(\n `Error updating cached volume quota usage for organization ${event.volume.organizationId}`,\n error,\n )\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n private calculateQuotaUsageDelta(\n resourceAmount: number,\n oldState: TState,\n newState: TState,\n statesConsumingResource: TState[],\n ): number {\n const wasConsumingResource = statesConsumingResource.includes(oldState)\n const isConsumingResource = statesConsumingResource.includes(newState)\n\n if (!wasConsumingResource && isConsumingResource) {\n return resourceAmount\n }\n\n if (wasConsumingResource && !isConsumingResource) {\n return -resourceAmount\n }\n\n return 0\n }\n}\n" }, { "path": "apps/api/src/organization/services/organization-user.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { BadRequestException, ForbiddenException, Injectable, NotFoundException } from '@nestjs/common'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { DataSource, EntityManager, Repository } from 'typeorm'\nimport { OrganizationRoleService } from './organization-role.service'\nimport { OrganizationEvents } from '../constants/organization-events.constant'\nimport { OrganizationUserDto } from '../dto/organization-user.dto'\nimport { OrganizationUser } from '../entities/organization-user.entity'\nimport { OrganizationRole } from '../entities/organization-role.entity'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\nimport { OrganizationResourcePermission } from '../enums/organization-resource-permission.enum'\nimport { OrganizationInvitationAcceptedEvent } from '../events/organization-invitation-accepted.event'\nimport { OrganizationResourcePermissionsUnassignedEvent } from '../events/organization-resource-permissions-unassigned.event'\nimport { OnAsyncEvent } from '../../common/decorators/on-async-event.decorator'\nimport { UserService } from '../../user/user.service'\nimport { UserEvents } from '../../user/constants/user-events.constant'\nimport { UserDeletedEvent } from '../../user/events/user-deleted.event'\n\n@Injectable()\nexport class OrganizationUserService {\n constructor(\n @InjectRepository(OrganizationUser)\n private readonly organizationUserRepository: Repository,\n private readonly organizationRoleService: OrganizationRoleService,\n private readonly userService: UserService,\n private readonly eventEmitter: EventEmitter2,\n private readonly dataSource: DataSource,\n ) {}\n\n async findAll(organizationId: string): Promise {\n const organizationUsers = await this.organizationUserRepository.find({\n where: { organizationId },\n relations: {\n assignedRoles: true,\n },\n })\n\n const userIds = organizationUsers.map((orgUser) => orgUser.userId)\n\n const users = await this.userService.findByIds(userIds)\n const userMap = new Map(users.map((user) => [user.id, user]))\n\n const dtos: OrganizationUserDto[] = organizationUsers.map((orgUser) => {\n const user = userMap.get(orgUser.userId)\n return OrganizationUserDto.fromEntities(orgUser, user)\n })\n\n return dtos\n }\n\n async findOne(organizationId: string, userId: string): Promise {\n return this.organizationUserRepository.findOne({\n where: { organizationId, userId },\n relations: {\n assignedRoles: true,\n },\n })\n }\n\n async exists(organizationId: string, userId: string): Promise {\n return this.organizationUserRepository.exists({\n where: { organizationId, userId },\n })\n }\n\n async updateAccess(\n organizationId: string,\n userId: string,\n role: OrganizationMemberRole,\n assignedRoleIds: string[],\n ): Promise {\n let organizationUser = await this.organizationUserRepository.findOne({\n where: {\n organizationId,\n userId,\n },\n relations: {\n assignedRoles: true,\n },\n })\n\n if (!organizationUser) {\n throw new NotFoundException(`User with ID ${userId} not found in organization with ID ${organizationId}`)\n }\n\n // validate role\n if (organizationUser.role === OrganizationMemberRole.OWNER && role !== OrganizationMemberRole.OWNER) {\n const ownersCount = await this.organizationUserRepository.count({\n where: {\n organizationId,\n role: OrganizationMemberRole.OWNER,\n },\n })\n\n if (ownersCount === 1) {\n throw new ForbiddenException('The organization must have at least one owner')\n }\n }\n\n // validate assignments\n const assignedRoles = await this.organizationRoleService.findByIds(assignedRoleIds)\n if (assignedRoles.length !== assignedRoleIds.length) {\n throw new BadRequestException('One or more role IDs are invalid')\n }\n\n // check if any previous permissions are not present in the new assignments, api keys with those permissions will be revoked\n let permissionsToRevoke: OrganizationResourcePermission[] = []\n if (role !== OrganizationMemberRole.OWNER) {\n const prevPermissions = this.getAssignedPermissions(organizationUser.role, organizationUser.assignedRoles)\n const newPermissions = this.getAssignedPermissions(role, assignedRoles)\n permissionsToRevoke = Array.from(prevPermissions).filter((permission) => !newPermissions.has(permission))\n }\n\n organizationUser.role = role\n organizationUser.assignedRoles = assignedRoles\n\n if (permissionsToRevoke.length > 0) {\n await this.dataSource.transaction(async (em) => {\n organizationUser = await em.save(organizationUser)\n await this.eventEmitter.emitAsync(\n OrganizationEvents.PERMISSIONS_UNASSIGNED,\n new OrganizationResourcePermissionsUnassignedEvent(em, organizationId, userId, permissionsToRevoke),\n )\n })\n } else {\n organizationUser = await this.organizationUserRepository.save(organizationUser)\n }\n\n const user = await this.userService.findOne(userId)\n\n return OrganizationUserDto.fromEntities(organizationUser, user)\n }\n\n async delete(organizationId: string, userId: string): Promise {\n const organizationUser = await this.organizationUserRepository.findOne({\n where: {\n organizationId,\n userId,\n },\n })\n\n if (!organizationUser) {\n throw new NotFoundException(`User with ID ${userId} not found in organization with ID ${organizationId}`)\n }\n\n await this.removeWithEntityManager(this.organizationUserRepository.manager, organizationUser)\n }\n\n private async removeWithEntityManager(\n entityManager: EntityManager,\n organizationUser: OrganizationUser,\n force = false,\n ): Promise {\n if (!force) {\n if (organizationUser.role === OrganizationMemberRole.OWNER) {\n const ownersCount = await entityManager.count(OrganizationUser, {\n where: {\n organizationId: organizationUser.organizationId,\n role: OrganizationMemberRole.OWNER,\n },\n })\n\n if (ownersCount === 1) {\n throw new ForbiddenException(\n `Organization with ID ${organizationUser.organizationId} must have at least one owner`,\n )\n }\n }\n }\n\n await entityManager.remove(organizationUser)\n }\n\n private async createWithEntityManager(\n entityManager: EntityManager,\n organizationId: string,\n userId: string,\n role: OrganizationMemberRole,\n assignedRoles: OrganizationRole[],\n ): Promise {\n const organizationUser = new OrganizationUser()\n organizationUser.organizationId = organizationId\n organizationUser.userId = userId\n organizationUser.role = role\n organizationUser.assignedRoles = assignedRoles\n return entityManager.save(organizationUser)\n }\n\n @OnAsyncEvent({\n event: OrganizationEvents.INVITATION_ACCEPTED,\n })\n async handleOrganizationInvitationAcceptedEvent(\n payload: OrganizationInvitationAcceptedEvent,\n ): Promise {\n return this.createWithEntityManager(\n payload.entityManager,\n payload.organizationId,\n payload.userId,\n payload.role,\n payload.assignedRoles,\n )\n }\n\n @OnAsyncEvent({\n event: UserEvents.DELETED,\n })\n async handleUserDeletedEvent(payload: UserDeletedEvent): Promise {\n const memberships = await payload.entityManager.find(OrganizationUser, {\n where: {\n userId: payload.userId,\n organization: {\n personal: false,\n },\n },\n relations: {\n organization: true,\n },\n })\n\n /*\n // TODO\n // user deletion will fail if the user is the only owner of some non-personal organization\n // potential improvements:\n // - auto-delete the organization if there are no other members\n // - auto-promote a new owner if there are other members\n */\n await Promise.all(memberships.map((membership) => this.removeWithEntityManager(payload.entityManager, membership)))\n }\n\n private getAssignedPermissions(\n role: OrganizationMemberRole,\n assignedRoles: OrganizationRole[],\n ): Set {\n if (role === OrganizationMemberRole.OWNER) {\n return new Set(Object.values(OrganizationResourcePermission))\n }\n\n return new Set(assignedRoles.flatMap((role) => role.permissions))\n }\n}\n" }, { "path": "apps/api/src/organization/services/organization.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n ForbiddenException,\n Injectable,\n NotFoundException,\n Logger,\n OnModuleInit,\n OnApplicationShutdown,\n ConflictException,\n} from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { EntityManager, In, Not, Repository } from 'typeorm'\nimport { CreateOrganizationInternalDto } from '../dto/create-organization.internal.dto'\nimport { UpdateOrganizationQuotaDto } from '../dto/update-organization-quota.dto'\nimport { Organization } from '../entities/organization.entity'\nimport { OrganizationUser } from '../entities/organization-user.entity'\nimport { OrganizationMemberRole } from '../enums/organization-member-role.enum'\nimport { OnAsyncEvent } from '../../common/decorators/on-async-event.decorator'\nimport { UserEvents } from '../../user/constants/user-events.constant'\nimport { UserCreatedEvent } from '../../user/events/user-created.event'\nimport { UserDeletedEvent } from '../../user/events/user-deleted.event'\nimport { Snapshot } from '../../sandbox/entities/snapshot.entity'\nimport { SandboxState } from '../../sandbox/enums/sandbox-state.enum'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { OrganizationEvents } from '../constants/organization-events.constant'\nimport { CreateOrganizationQuotaDto } from '../dto/create-organization-quota.dto'\nimport { UserEmailVerifiedEvent } from '../../user/events/user-email-verified.event'\nimport { Cron, CronExpression } from '@nestjs/schedule'\nimport { RedisLockProvider } from '../../sandbox/common/redis-lock.provider'\nimport { OrganizationSuspendedSandboxStoppedEvent } from '../events/organization-suspended-sandbox-stopped.event'\nimport { SandboxDesiredState } from '../../sandbox/enums/sandbox-desired-state.enum'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { SnapshotState } from '../../sandbox/enums/snapshot-state.enum'\nimport { OrganizationSuspendedSnapshotDeactivatedEvent } from '../events/organization-suspended-snapshot-deactivated.event'\nimport { TrackJobExecution } from '../../common/decorators/track-job-execution.decorator'\nimport { TrackableJobExecutions } from '../../common/interfaces/trackable-job-executions'\nimport { setTimeout } from 'timers/promises'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { LogExecution } from '../../common/decorators/log-execution.decorator'\nimport { WithInstrumentation } from '../../common/decorators/otel.decorator'\nimport { RegionQuota } from '../entities/region-quota.entity'\nimport { UpdateOrganizationRegionQuotaDto } from '../dto/update-organization-region-quota.dto'\nimport { RegionService } from '../../region/services/region.service'\nimport { Region } from '../../region/entities/region.entity'\nimport { RegionQuotaDto } from '../dto/region-quota.dto'\nimport { RegionType } from '../../region/enums/region-type.enum'\nimport { RegionDto } from '../../region/dto/region.dto'\nimport { EncryptionService } from '../../encryption/encryption.service'\nimport { OtelConfigDto } from '../dto/otel-config.dto'\nimport { sandboxLookupCacheKeyByAuthToken } from '../../sandbox/utils/sandbox-lookup-cache.util'\nimport { SandboxRepository } from '../../sandbox/repositories/sandbox.repository'\n\n@Injectable()\nexport class OrganizationService implements OnModuleInit, TrackableJobExecutions, OnApplicationShutdown {\n activeJobs = new Set()\n private readonly logger = new Logger(OrganizationService.name)\n private defaultOrganizationQuota: CreateOrganizationQuotaDto\n private defaultSandboxLimitedNetworkEgress: boolean\n\n constructor(\n @InjectRepository(Organization)\n private readonly organizationRepository: Repository,\n private readonly sandboxRepository: SandboxRepository,\n @InjectRepository(Snapshot)\n private readonly snapshotRepository: Repository,\n private readonly eventEmitter: EventEmitter2,\n private readonly configService: TypedConfigService,\n private readonly redisLockProvider: RedisLockProvider,\n @InjectRepository(RegionQuota)\n private readonly regionQuotaRepository: Repository,\n @InjectRepository(Region)\n private readonly regionRepository: Repository,\n private readonly regionService: RegionService,\n private readonly encryptionService: EncryptionService,\n ) {\n this.defaultOrganizationQuota = this.configService.getOrThrow('defaultOrganizationQuota')\n this.defaultSandboxLimitedNetworkEgress = this.configService.getOrThrow(\n 'organizationSandboxDefaultLimitedNetworkEgress',\n )\n }\n\n async onApplicationShutdown() {\n // wait for all active jobs to finish\n while (this.activeJobs.size > 0) {\n this.logger.log(`Waiting for ${this.activeJobs.size} active jobs to finish`)\n await setTimeout(1000)\n }\n }\n\n async onModuleInit(): Promise {\n await this.stopSuspendedOrganizationSandboxes()\n }\n\n async create(\n createOrganizationDto: CreateOrganizationInternalDto,\n createdBy: string,\n personal = false,\n creatorEmailVerified = false,\n ): Promise {\n return this.createWithEntityManager(\n this.organizationRepository.manager,\n createOrganizationDto,\n createdBy,\n creatorEmailVerified,\n personal,\n )\n }\n\n async findByUser(userId: string): Promise {\n return this.organizationRepository.find({\n where: {\n users: {\n userId,\n },\n },\n })\n }\n\n async findOne(organizationId: string): Promise {\n return this.organizationRepository.findOne({\n where: { id: organizationId },\n })\n }\n\n async findBySandboxId(sandboxId: string): Promise {\n const sandbox = await this.sandboxRepository.findOne({\n where: { id: sandboxId },\n })\n\n if (!sandbox) {\n return null\n }\n\n return this.organizationRepository.findOne({ where: { id: sandbox.organizationId } })\n }\n\n async findBySandboxAuthToken(authToken: string): Promise {\n const sandbox = await this.sandboxRepository.findOne({\n where: { authToken },\n cache: {\n id: sandboxLookupCacheKeyByAuthToken({ authToken }),\n milliseconds: 10_000,\n },\n })\n\n if (!sandbox) {\n return null\n }\n\n return this.organizationRepository.findOne({ where: { id: sandbox.organizationId } })\n }\n\n async findPersonal(userId: string): Promise {\n return this.findPersonalWithEntityManager(this.organizationRepository.manager, userId)\n }\n\n async delete(organizationId: string): Promise {\n const organization = await this.organizationRepository.findOne({ where: { id: organizationId } })\n\n if (!organization) {\n throw new NotFoundException(`Organization with ID ${organizationId} not found`)\n }\n\n return this.removeWithEntityManager(this.organizationRepository.manager, organization)\n }\n\n async updateQuota(organizationId: string, updateDto: UpdateOrganizationQuotaDto): Promise {\n const organization = await this.organizationRepository.findOne({ where: { id: organizationId } })\n if (!organization) {\n throw new NotFoundException(`Organization with ID ${organizationId} not found`)\n }\n\n organization.maxCpuPerSandbox = updateDto.maxCpuPerSandbox ?? organization.maxCpuPerSandbox\n organization.maxMemoryPerSandbox = updateDto.maxMemoryPerSandbox ?? organization.maxMemoryPerSandbox\n organization.maxDiskPerSandbox = updateDto.maxDiskPerSandbox ?? organization.maxDiskPerSandbox\n organization.maxSnapshotSize = updateDto.maxSnapshotSize ?? organization.maxSnapshotSize\n organization.volumeQuota = updateDto.volumeQuota ?? organization.volumeQuota\n organization.snapshotQuota = updateDto.snapshotQuota ?? organization.snapshotQuota\n organization.authenticatedRateLimit = updateDto.authenticatedRateLimit ?? organization.authenticatedRateLimit\n organization.sandboxCreateRateLimit = updateDto.sandboxCreateRateLimit ?? organization.sandboxCreateRateLimit\n organization.sandboxLifecycleRateLimit =\n updateDto.sandboxLifecycleRateLimit ?? organization.sandboxLifecycleRateLimit\n organization.authenticatedRateLimitTtlSeconds =\n updateDto.authenticatedRateLimitTtlSeconds ?? organization.authenticatedRateLimitTtlSeconds\n organization.sandboxCreateRateLimitTtlSeconds =\n updateDto.sandboxCreateRateLimitTtlSeconds ?? organization.sandboxCreateRateLimitTtlSeconds\n organization.sandboxLifecycleRateLimitTtlSeconds =\n updateDto.sandboxLifecycleRateLimitTtlSeconds ?? organization.sandboxLifecycleRateLimitTtlSeconds\n organization.snapshotDeactivationTimeoutMinutes =\n updateDto.snapshotDeactivationTimeoutMinutes ?? organization.snapshotDeactivationTimeoutMinutes\n\n await this.organizationRepository.save(organization)\n }\n\n async updateRegionQuota(\n organizationId: string,\n regionId: string,\n updateDto: UpdateOrganizationRegionQuotaDto,\n ): Promise {\n const regionQuota = await this.regionQuotaRepository.findOne({ where: { organizationId, regionId } })\n if (!regionQuota) {\n throw new NotFoundException('Region not found')\n }\n\n regionQuota.totalCpuQuota = updateDto.totalCpuQuota ?? regionQuota.totalCpuQuota\n regionQuota.totalMemoryQuota = updateDto.totalMemoryQuota ?? regionQuota.totalMemoryQuota\n regionQuota.totalDiskQuota = updateDto.totalDiskQuota ?? regionQuota.totalDiskQuota\n\n await this.regionQuotaRepository.save(regionQuota)\n }\n\n async getRegionQuotas(organizationId: string): Promise {\n const regionQuotas = await this.regionQuotaRepository.find({ where: { organizationId } })\n return regionQuotas.map((regionQuota) => new RegionQuotaDto(regionQuota))\n }\n\n async getRegionQuota(organizationId: string, regionId: string): Promise {\n const regionQuota = await this.regionQuotaRepository.findOne({ where: { organizationId, regionId } })\n if (!regionQuota) {\n return null\n }\n return new RegionQuotaDto(regionQuota)\n }\n\n async getRegionQuotaBySandboxId(sandboxId: string): Promise {\n const sandbox = await this.sandboxRepository.findOne({\n where: { id: sandboxId },\n })\n if (!sandbox) {\n return null\n }\n return this.getRegionQuota(sandbox.organizationId, sandbox.region)\n }\n\n /**\n * Lists all available regions for the organization.\n *\n * A region is available for the organization if either:\n * - It is directly associated with the organization, or\n * - It is not associated with any organization, but the organization has quotas allocated for the region or quotas are not enforced for the region\n *\n * @param organizationId - The organization ID.\n * @returns The available regions\n */\n async listAvailableRegions(organizationId: string): Promise {\n const regions = await this.regionRepository\n .createQueryBuilder('region')\n .where('region.\"regionType\" = :customRegionType AND region.\"organizationId\" = :organizationId', {\n customRegionType: RegionType.CUSTOM,\n organizationId,\n })\n .orWhere('region.\"regionType\" IN (:...otherRegionTypes) AND region.\"enforceQuotas\" = false', {\n otherRegionTypes: [RegionType.DEDICATED, RegionType.SHARED],\n })\n .orWhere(\n 'region.\"regionType\" IN (:...otherRegionTypes) AND region.\"enforceQuotas\" = true AND EXISTS (SELECT 1 FROM region_quota rq WHERE rq.\"regionId\" = region.\"id\" AND rq.\"organizationId\" = :organizationId)',\n {\n otherRegionTypes: [RegionType.DEDICATED, RegionType.SHARED],\n organizationId,\n },\n )\n .orderBy(\n `CASE region.\"regionType\" \n WHEN '${RegionType.CUSTOM}' THEN 1 \n WHEN '${RegionType.DEDICATED}' THEN 2 \n WHEN '${RegionType.SHARED}' THEN 3 \n ELSE 4 \n END`,\n )\n .getMany()\n\n return regions.map(RegionDto.fromRegion)\n }\n\n async suspend(\n organizationId: string,\n suspensionReason?: string,\n suspendedUntil?: Date,\n suspensionCleanupGracePeriodHours?: number,\n ): Promise {\n const organization = await this.organizationRepository.findOne({ where: { id: organizationId } })\n if (!organization) {\n throw new NotFoundException(`Organization with ID ${organizationId} not found`)\n }\n\n organization.suspended = true\n organization.suspensionReason = suspensionReason || null\n organization.suspendedUntil = suspendedUntil || null\n organization.suspendedAt = new Date()\n if (suspensionCleanupGracePeriodHours) {\n organization.suspensionCleanupGracePeriodHours = suspensionCleanupGracePeriodHours\n }\n\n await this.organizationRepository.save(organization)\n }\n\n async unsuspend(organizationId: string): Promise {\n const organization = await this.organizationRepository.findOne({ where: { id: organizationId } })\n if (!organization) {\n throw new NotFoundException(`Organization with ID ${organizationId} not found`)\n }\n\n organization.suspended = false\n organization.suspensionReason = null\n organization.suspendedUntil = null\n organization.suspendedAt = null\n\n await this.organizationRepository.save(organization)\n }\n\n async updateSandboxDefaultLimitedNetworkEgress(\n organizationId: string,\n sandboxDefaultLimitedNetworkEgress: boolean,\n ): Promise {\n const organization = await this.organizationRepository.findOne({ where: { id: organizationId } })\n if (!organization) {\n throw new NotFoundException(`Organization with ID ${organizationId} not found`)\n }\n organization.sandboxLimitedNetworkEgress = sandboxDefaultLimitedNetworkEgress\n\n await this.organizationRepository.save(organization)\n }\n\n /**\n * @param organizationId - The ID of the organization.\n * @param defaultRegionId - The ID of the region to set as the default region.\n * @throws {NotFoundException} If the organization is not found.\n * @throws {ConflictException} If the organization already has a default region set.\n */\n async setDefaultRegion(organizationId: string, defaultRegionId: string): Promise {\n const organization = await this.organizationRepository.findOne({ where: { id: organizationId } })\n if (!organization) {\n throw new NotFoundException(`Organization with ID ${organizationId} not found`)\n }\n\n if (organization.defaultRegionId) {\n throw new ConflictException('Organization already has a default region set')\n }\n\n const defaultRegion = await this.validateOrganizationDefaultRegion(defaultRegionId)\n organization.defaultRegionId = defaultRegionId\n\n if (defaultRegion.enforceQuotas) {\n const regionQuota = new RegionQuota(\n organization.id,\n defaultRegionId,\n this.defaultOrganizationQuota.totalCpuQuota,\n this.defaultOrganizationQuota.totalMemoryQuota,\n this.defaultOrganizationQuota.totalDiskQuota,\n )\n if (organization.regionQuotas) {\n organization.regionQuotas = [...organization.regionQuotas, regionQuota]\n } else {\n organization.regionQuotas = [regionQuota]\n }\n }\n\n await this.organizationRepository.save(organization)\n }\n\n async updateExperimentalConfig(\n organizationId: string,\n experimentalConfig: Record | null,\n ): Promise {\n const organization = await this.organizationRepository.findOne({ where: { id: organizationId } })\n if (!organization) {\n throw new NotFoundException(`Organization with ID ${organizationId} not found`)\n }\n\n const existingConfig = organization._experimentalConfig\n\n organization._experimentalConfig = await this.validatedExperimentalConfig(experimentalConfig)\n\n // If experimentalConfig contains redacted fields, we need to preserve the existing encrypted values\n if (experimentalConfig && experimentalConfig.otel && experimentalConfig.otel.headers) {\n if (existingConfig && existingConfig.otel && existingConfig.otel.headers) {\n for (const [key, value] of Object.entries(experimentalConfig.otel.headers)) {\n if (\n typeof value === 'string' &&\n value.match(/\\*/g)?.length === value.length &&\n existingConfig.otel.headers[key]\n ) {\n organization._experimentalConfig.otel.headers[key] = existingConfig.otel.headers[key]\n }\n }\n }\n }\n\n await this.organizationRepository.save(organization)\n }\n\n async getOtelConfigBySandboxAuthToken(sandboxAuthToken: string): Promise {\n const organization = await this.findBySandboxAuthToken(sandboxAuthToken)\n if (!organization) {\n return null\n }\n\n if (!organization._experimentalConfig || !organization._experimentalConfig.otel) {\n return null\n }\n\n const otelConfig = organization._experimentalConfig.otel\n const decryptedHeaders: Record = {}\n if (otelConfig.headers && typeof otelConfig.headers === 'object') {\n for (const [key, value] of Object.entries(otelConfig.headers)) {\n if (typeof key === 'string' && key.trim() && typeof value === 'string' && value.trim()) {\n decryptedHeaders[key] = await this.encryptionService.decrypt(value)\n }\n }\n }\n\n return {\n endpoint: otelConfig.endpoint,\n headers: Object.keys(decryptedHeaders).length > 0 ? decryptedHeaders : undefined,\n }\n }\n\n private async validatedExperimentalConfig(\n experimentalConfig: Record | null,\n ): Promise | null> {\n if (!experimentalConfig) {\n return null\n }\n\n if (!experimentalConfig.otel) {\n return experimentalConfig\n }\n\n const otelConfig = { ...experimentalConfig.otel }\n if (typeof otelConfig.endpoint !== 'string' || !otelConfig.endpoint.trim()) {\n throw new ForbiddenException('Invalid OpenTelemetry endpoint')\n }\n\n if (otelConfig.headers && typeof otelConfig.headers === 'object') {\n const headers: Record = {}\n for (const [key, value] of Object.entries(otelConfig.headers)) {\n if (typeof key === 'string' && key.trim() && typeof value === 'string' && value.trim()) {\n headers[key] = await this.encryptionService.encrypt(value)\n }\n }\n otelConfig.headers = headers\n } else {\n otelConfig.headers = {}\n }\n\n return {\n ...experimentalConfig,\n otel: otelConfig,\n }\n }\n\n private async createWithEntityManager(\n entityManager: EntityManager,\n createOrganizationDto: CreateOrganizationInternalDto,\n createdBy: string,\n creatorEmailVerified: boolean,\n personal = false,\n quota: CreateOrganizationQuotaDto = this.defaultOrganizationQuota,\n sandboxLimitedNetworkEgress: boolean = this.defaultSandboxLimitedNetworkEgress,\n ): Promise {\n if (personal) {\n const count = await entityManager.count(Organization, {\n where: { createdBy, personal: true },\n })\n if (count > 0) {\n throw new ForbiddenException('Personal organization already exists')\n }\n }\n\n // set some limit to the number of created organizations\n const createdCount = await entityManager.count(Organization, {\n where: { createdBy },\n })\n if (createdCount >= 10) {\n throw new ForbiddenException('You have reached the maximum number of created organizations')\n }\n\n let organization = new Organization(createOrganizationDto.defaultRegionId)\n\n organization.name = createOrganizationDto.name\n organization.createdBy = createdBy\n organization.personal = personal\n\n organization.maxCpuPerSandbox = quota.maxCpuPerSandbox\n organization.maxMemoryPerSandbox = quota.maxMemoryPerSandbox\n organization.maxDiskPerSandbox = quota.maxDiskPerSandbox\n organization.snapshotQuota = quota.snapshotQuota\n organization.maxSnapshotSize = quota.maxSnapshotSize\n organization.volumeQuota = quota.volumeQuota\n\n if (!creatorEmailVerified && !this.configService.get('skipUserEmailVerification')) {\n organization.suspended = true\n organization.suspendedAt = new Date()\n organization.suspensionReason = 'Please verify your email address'\n } else if (this.configService.get('billingApiUrl') && !personal) {\n organization.suspended = true\n organization.suspendedAt = new Date()\n organization.suspensionReason = 'Payment method required'\n }\n\n organization.sandboxLimitedNetworkEgress = sandboxLimitedNetworkEgress\n\n const owner = new OrganizationUser()\n owner.userId = createdBy\n owner.role = OrganizationMemberRole.OWNER\n\n organization.users = [owner]\n\n if (createOrganizationDto.defaultRegionId) {\n const defaultRegion = await this.validateOrganizationDefaultRegion(createOrganizationDto.defaultRegionId)\n\n if (defaultRegion.enforceQuotas) {\n const regionQuota = new RegionQuota(\n organization.id,\n createOrganizationDto.defaultRegionId,\n quota.totalCpuQuota,\n quota.totalMemoryQuota,\n quota.totalDiskQuota,\n )\n organization.regionQuotas = [regionQuota]\n }\n }\n\n await entityManager.transaction(async (em) => {\n organization = await em.save(organization)\n await this.eventEmitter.emitAsync(OrganizationEvents.CREATED, organization)\n })\n\n return organization\n }\n\n private async removeWithEntityManager(\n entityManager: EntityManager,\n organization: Organization,\n force = false,\n ): Promise {\n if (!force) {\n if (organization.personal) {\n throw new ForbiddenException('Cannot delete personal organization')\n }\n }\n await entityManager.remove(organization)\n }\n\n private async unsuspendPersonalWithEntityManager(entityManager: EntityManager, userId: string): Promise {\n const organization = await this.findPersonalWithEntityManager(entityManager, userId)\n\n organization.suspended = false\n organization.suspendedAt = null\n organization.suspensionReason = null\n organization.suspendedUntil = null\n await entityManager.save(organization)\n }\n\n private async findPersonalWithEntityManager(entityManager: EntityManager, userId: string): Promise {\n const organization = await entityManager.findOne(Organization, {\n where: { createdBy: userId, personal: true },\n })\n\n if (!organization) {\n throw new NotFoundException(`Personal organization for user ${userId} not found`)\n }\n\n return organization\n }\n\n /**\n * @throws NotFoundException - If the region is not found or not available to the organization\n */\n async validateOrganizationDefaultRegion(defaultRegionId: string): Promise {\n const region = await this.regionService.findOne(defaultRegionId)\n if (!region || region.regionType !== RegionType.SHARED) {\n throw new NotFoundException('Region not found')\n }\n\n return region\n }\n\n @Cron(CronExpression.EVERY_MINUTE, { name: 'stop-suspended-organization-sandboxes' })\n @TrackJobExecution()\n @LogExecution('stop-suspended-organization-sandboxes')\n @WithInstrumentation()\n async stopSuspendedOrganizationSandboxes(): Promise {\n // lock the sync to only run one instance at a time\n const lockKey = 'stop-suspended-organization-sandboxes'\n if (!(await this.redisLockProvider.lock(lockKey, 60))) {\n return\n }\n\n const queryResult = await this.organizationRepository\n .createQueryBuilder('organization')\n .select('id')\n .where('suspended = true')\n .andWhere(`\"suspendedAt\" < NOW() - INTERVAL '1 hour' * \"suspensionCleanupGracePeriodHours\"`)\n .andWhere(`\"suspendedAt\" > NOW() - INTERVAL '7 day'`)\n .andWhereExists(\n this.sandboxRepository\n .createQueryBuilder('sandbox')\n .select('1')\n .where(\n `\"sandbox\".\"organizationId\" = \"organization\".\"id\" AND \"sandbox\".\"desiredState\" = '${SandboxDesiredState.STARTED}' and \"sandbox\".\"state\" NOT IN ('${SandboxState.ERROR}', '${SandboxState.BUILD_FAILED}')`,\n ),\n )\n .take(100)\n .getRawMany()\n\n const suspendedOrganizationIds = queryResult.map((result) => result.id)\n\n // Skip if no suspended organizations found to avoid empty IN clause\n if (suspendedOrganizationIds.length === 0) {\n await this.redisLockProvider.unlock(lockKey)\n return\n }\n\n const sandboxes = await this.sandboxRepository.find({\n where: {\n organizationId: In(suspendedOrganizationIds),\n desiredState: SandboxDesiredState.STARTED,\n state: Not(In([SandboxState.ERROR, SandboxState.BUILD_FAILED])),\n },\n })\n\n sandboxes.map((sandbox) =>\n this.eventEmitter.emitAsync(\n OrganizationEvents.SUSPENDED_SANDBOX_STOPPED,\n new OrganizationSuspendedSandboxStoppedEvent(sandbox.id),\n ),\n )\n\n await this.redisLockProvider.unlock(lockKey)\n }\n\n @Cron(CronExpression.EVERY_MINUTE, { name: 'deactivate-suspended-organization-snapshots' })\n @TrackJobExecution()\n @LogExecution('deactivate-suspended-organization-snapshots')\n @WithInstrumentation()\n async deactivateSuspendedOrganizationSnapshots(): Promise {\n // lock the sync to only run one instance at a time\n const lockKey = 'deactivate-suspended-organization-snapshots'\n if (!(await this.redisLockProvider.lock(lockKey, 60))) {\n return\n }\n\n const queryResult = await this.organizationRepository\n .createQueryBuilder('organization')\n .select('id')\n .where('suspended = true')\n .andWhere(`\"suspendedAt\" < NOW() - INTERVAL '1 hour' * \"suspensionCleanupGracePeriodHours\"`)\n .andWhere(`\"suspendedAt\" > NOW() - INTERVAL '7 day'`)\n .andWhereExists(\n this.snapshotRepository\n .createQueryBuilder('snapshot')\n .select('1')\n .where('snapshot.organizationId = organization.id')\n .andWhere(`snapshot.state = '${SnapshotState.ACTIVE}'`)\n .andWhere(`snapshot.general = false`),\n )\n .take(100)\n .getRawMany()\n\n const suspendedOrganizationIds = queryResult.map((result) => result.id)\n\n // Skip if no suspended organizations found to avoid empty IN clause\n if (suspendedOrganizationIds.length === 0) {\n await this.redisLockProvider.unlock(lockKey)\n return\n }\n\n const snapshotQueryResult = await this.snapshotRepository\n .createQueryBuilder('snapshot')\n .select('id')\n .where('snapshot.organizationId IN (:...suspendedOrgIds)', { suspendedOrgIds: suspendedOrganizationIds })\n .andWhere(`snapshot.state = '${SnapshotState.ACTIVE}'`)\n .andWhere(`snapshot.general = false`)\n .take(100)\n .getRawMany()\n\n const snapshotIds = snapshotQueryResult.map((result) => result.id)\n\n snapshotIds.map((id) =>\n this.eventEmitter.emitAsync(\n OrganizationEvents.SUSPENDED_SNAPSHOT_DEACTIVATED,\n new OrganizationSuspendedSnapshotDeactivatedEvent(id),\n ),\n )\n\n await this.redisLockProvider.unlock(lockKey)\n }\n\n @OnAsyncEvent({\n event: UserEvents.CREATED,\n })\n @TrackJobExecution()\n async handleUserCreatedEvent(payload: UserCreatedEvent): Promise {\n return this.createWithEntityManager(\n payload.entityManager,\n {\n name: 'Personal',\n defaultRegionId: payload.personalOrganizationDefaultRegionId,\n },\n payload.user.id,\n payload.user.role === SystemRole.ADMIN ? true : payload.user.emailVerified,\n true,\n payload.personalOrganizationQuota,\n payload.user.role === SystemRole.ADMIN ? false : undefined,\n )\n }\n\n @OnAsyncEvent({\n event: UserEvents.EMAIL_VERIFIED,\n })\n @TrackJobExecution()\n async handleUserEmailVerifiedEvent(payload: UserEmailVerifiedEvent): Promise {\n await this.unsuspendPersonalWithEntityManager(payload.entityManager, payload.userId)\n }\n\n @OnAsyncEvent({\n event: UserEvents.DELETED,\n })\n @TrackJobExecution()\n async handleUserDeletedEvent(payload: UserDeletedEvent): Promise {\n const organization = await this.findPersonalWithEntityManager(payload.entityManager, payload.userId)\n\n await this.removeWithEntityManager(payload.entityManager, organization, true)\n }\n\n assertOrganizationIsNotSuspended(organization: Organization): void {\n if (!organization.suspended) {\n return\n }\n\n if (organization.suspendedUntil ? organization.suspendedUntil > new Date() : true) {\n if (organization.suspensionReason) {\n throw new ForbiddenException(`Organization is suspended: ${organization.suspensionReason}`)\n } else {\n throw new ForbiddenException('Organization is suspended')\n }\n }\n }\n}\n" }, { "path": "apps/api/src/region/constants/region-events.constant.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const RegionEvents = {\n CREATED: 'region.created',\n DELETED: 'region.deleted',\n SNAPSHOT_MANAGER_CREDENTIALS_REGENERATED: 'region.snapshot-manager-credentials-regenerated',\n SNAPSHOT_MANAGER_UPDATED: 'region.snapshot-manager-updated',\n} as const\n" }, { "path": "apps/api/src/region/constants/region-name-regex.constant.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const REGION_NAME_REGEX = /^[a-zA-Z0-9_.-]+$/\n" }, { "path": "apps/api/src/region/controllers/region.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Controller, Get, Logger, HttpCode } from '@nestjs/common'\nimport { ApiOAuth2, ApiResponse, ApiOperation, ApiTags, ApiBearerAuth } from '@nestjs/swagger'\nimport { RegionDto } from '../dto/region.dto'\nimport { RegionType } from '../enums/region-type.enum'\nimport { RegionService } from '../services/region.service'\n\n@ApiTags('regions')\n@Controller('shared-regions')\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class RegionController {\n private readonly logger = new Logger(RegionController.name)\n\n constructor(private readonly regionService: RegionService) {}\n\n @Get()\n @HttpCode(200)\n @ApiOperation({\n summary: 'List all shared regions',\n operationId: 'listSharedRegions',\n })\n @ApiResponse({\n status: 200,\n description: 'List of all shared regions',\n type: [RegionDto],\n })\n async listRegions(): Promise {\n return this.regionService.findAllByRegionType(RegionType.SHARED)\n }\n}\n" }, { "path": "apps/api/src/region/dto/create-region-internal.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { RegionType } from '../enums/region-type.enum'\n\nexport class CreateRegionInternalDto {\n id?: string\n name: string\n enforceQuotas: boolean\n regionType: RegionType\n proxyUrl?: string | null\n sshGatewayUrl?: string | null\n snapshotManagerUrl?: string | null\n}\n" }, { "path": "apps/api/src/region/dto/create-region.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsString, IsNotEmpty } from 'class-validator'\n\n@ApiSchema({ name: 'CreateRegion' })\nexport class CreateRegionDto {\n @ApiProperty({\n description: 'Region name',\n example: 'us-east-1',\n })\n @IsString()\n @IsNotEmpty()\n name: string\n\n @ApiProperty({\n description: 'Proxy URL for the region',\n example: 'https://proxy.example.com',\n nullable: true,\n required: false,\n })\n proxyUrl?: string\n\n @ApiProperty({\n description: 'SSH Gateway URL for the region',\n example: 'ssh://ssh-gateway.example.com',\n nullable: true,\n required: false,\n })\n sshGatewayUrl?: string\n\n @ApiProperty({\n description: 'Snapshot Manager URL for the region',\n example: 'https://snapshot-manager.example.com',\n nullable: true,\n required: false,\n })\n snapshotManagerUrl?: string\n}\n\n@ApiSchema({ name: 'CreateRegionResponse' })\nexport class CreateRegionResponseDto {\n @ApiProperty({\n description: 'ID of the created region',\n example: 'region_12345',\n })\n @IsString()\n @IsNotEmpty()\n id: string\n\n @ApiProperty({\n description: 'Proxy API key for the region',\n example: 'proxy-api-key-xyz',\n nullable: true,\n required: false,\n })\n proxyApiKey?: string\n\n @ApiProperty({\n description: 'SSH Gateway API key for the region',\n example: 'ssh-gateway-api-key-abc',\n nullable: true,\n required: false,\n })\n sshGatewayApiKey?: string\n\n @ApiProperty({\n description: 'Snapshot Manager username for the region',\n example: 'daytona',\n nullable: true,\n required: false,\n })\n snapshotManagerUsername?: string\n\n @ApiProperty({\n description: 'Snapshot Manager password for the region',\n nullable: true,\n required: false,\n })\n snapshotManagerPassword?: string\n\n constructor(params: {\n id: string\n proxyApiKey?: string\n sshGatewayApiKey?: string\n snapshotManagerUsername?: string\n snapshotManagerPassword?: string\n }) {\n this.id = params.id\n this.proxyApiKey = params.proxyApiKey\n this.sshGatewayApiKey = params.sshGatewayApiKey\n this.snapshotManagerUsername = params.snapshotManagerUsername\n this.snapshotManagerPassword = params.snapshotManagerPassword\n }\n}\n" }, { "path": "apps/api/src/region/dto/create-region.internal.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport interface CreateRegionInternalDto {\n id?: string\n name: string\n enforceQuotas: boolean\n}\n" }, { "path": "apps/api/src/region/dto/regenerate-api-key.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsString, IsNotEmpty } from 'class-validator'\n\n@ApiSchema({ name: 'RegenerateApiKeyResponse' })\nexport class RegenerateApiKeyResponseDto {\n @ApiProperty({\n description: 'The newly generated API key',\n example: 'api-key-xyz123',\n })\n @IsString()\n @IsNotEmpty()\n apiKey: string\n\n constructor(apiKey: string) {\n this.apiKey = apiKey\n }\n}\n" }, { "path": "apps/api/src/region/dto/region.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsEnum } from 'class-validator'\nimport { Region } from '../entities/region.entity'\nimport { RegionType } from '../enums/region-type.enum'\n\n@ApiSchema({ name: 'Region' })\nexport class RegionDto {\n @ApiProperty({\n description: 'Region ID',\n example: '123456789012',\n })\n id: string\n\n @ApiProperty({\n description: 'Region name',\n example: 'us-east-1',\n })\n name: string\n\n @ApiProperty({\n description: 'Organization ID',\n example: '123e4567-e89b-12d3-a456-426614174000',\n nullable: true,\n required: false,\n })\n organizationId: string | null\n\n @ApiProperty({\n description: 'The type of the region',\n enum: RegionType,\n enumName: 'RegionType',\n example: Object.values(RegionType)[0],\n })\n @IsEnum(RegionType)\n regionType: RegionType\n\n @ApiProperty({\n description: 'Creation timestamp',\n example: '2023-01-01T00:00:00.000Z',\n })\n createdAt: string\n\n @ApiProperty({\n description: 'Last update timestamp',\n example: '2023-01-01T00:00:00.000Z',\n })\n updatedAt: string\n\n @ApiProperty({\n description: 'Proxy URL for the region',\n example: 'https://proxy.example.com',\n nullable: true,\n required: false,\n })\n proxyUrl?: string | null\n\n @ApiProperty({\n description: 'SSH Gateway URL for the region',\n example: 'http://ssh-gateway.example.com',\n nullable: true,\n required: false,\n })\n sshGatewayUrl?: string | null\n\n @ApiProperty({\n description: 'Snapshot Manager URL for the region',\n example: 'http://snapshot-manager.example.com',\n nullable: true,\n required: false,\n })\n snapshotManagerUrl?: string | null\n\n static fromRegion(region: Region): RegionDto {\n return {\n id: region.id,\n name: region.name,\n organizationId: region.organizationId,\n regionType: region.regionType,\n createdAt: region.createdAt?.toISOString(),\n updatedAt: region.updatedAt?.toISOString(),\n proxyUrl: region.proxyUrl,\n sshGatewayUrl: region.sshGatewayUrl,\n snapshotManagerUrl: region.snapshotManagerUrl,\n }\n }\n}\n" }, { "path": "apps/api/src/region/dto/snapshot-manager-credentials.dto.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiSchema, ApiProperty } from '@nestjs/swagger'\nimport { IsString, IsNotEmpty } from 'class-validator'\n\n@ApiSchema({ name: 'SnapshotManagerCredentials' })\nexport class SnapshotManagerCredentialsDto {\n @ApiProperty({\n description: 'Snapshot Manager username for the region',\n example: 'daytona',\n })\n @IsString()\n @IsNotEmpty()\n username: string\n\n @ApiProperty({\n description: 'Snapshot Manager password for the region',\n })\n @IsString()\n @IsNotEmpty()\n password: string\n\n constructor(params: { username: string; password: string }) {\n this.username = params.username\n this.password = params.password\n }\n}\n" }, { "path": "apps/api/src/region/dto/update-region.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'UpdateRegion' })\nexport class UpdateRegionDto {\n @ApiProperty({\n description: 'Proxy URL for the region',\n example: 'https://proxy.example.com',\n nullable: true,\n required: false,\n })\n proxyUrl?: string\n\n @ApiProperty({\n description: 'SSH Gateway URL for the region',\n example: 'ssh://ssh-gateway.example.com',\n nullable: true,\n required: false,\n })\n sshGatewayUrl?: string\n\n @ApiProperty({\n description: 'Snapshot Manager URL for the region',\n example: 'https://snapshot-manager.example.com',\n nullable: true,\n required: false,\n })\n snapshotManagerUrl?: string\n}\n" }, { "path": "apps/api/src/region/entities/region.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n BeforeInsert,\n BeforeUpdate,\n Check,\n Column,\n CreateDateColumn,\n Entity,\n Index,\n PrimaryColumn,\n UpdateDateColumn,\n} from 'typeorm'\nimport { nanoid } from 'nanoid'\nimport { RegionType } from '../enums/region-type.enum'\n\n@Entity()\n@Index('region_organizationId_name_unique', ['organizationId', 'name'], {\n unique: true,\n where: '\"organizationId\" IS NOT NULL',\n})\n@Index('region_organizationId_null_name_unique', ['name'], {\n unique: true,\n where: '\"organizationId\" IS NULL',\n})\n@Index('region_proxyApiKeyHash_unique', ['proxyApiKeyHash'], {\n unique: true,\n where: '\"proxyApiKeyHash\" IS NOT NULL',\n})\n@Index('region_sshGatewayApiKeyHash_unique', ['sshGatewayApiKeyHash'], {\n unique: true,\n where: '\"sshGatewayApiKeyHash\" IS NOT NULL',\n})\n@Index('idx_region_custom', ['organizationId'], {\n where: '\"regionType\" = \\'custom\\'',\n})\n@Check('region_not_shared', '\"organizationId\" IS NULL OR \"regionType\" != \\'shared\\'')\n@Check('region_not_custom', '\"organizationId\" IS NOT NULL OR \"regionType\" != \\'custom\\'')\nexport class Region {\n @PrimaryColumn()\n id: string\n\n @Column()\n name: string\n\n @Column({\n type: 'uuid',\n nullable: true,\n })\n organizationId: string | null\n\n @Column({\n type: 'enum',\n enum: RegionType,\n })\n regionType: RegionType\n\n @Column({\n type: 'boolean',\n default: true,\n })\n enforceQuotas: boolean\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n\n @Column({ nullable: true })\n proxyUrl: string | null\n\n @Column({ nullable: true })\n toolboxProxyUrl: string | null\n\n @Column({ nullable: true })\n proxyApiKeyHash: string | null\n\n @Column({ nullable: true })\n sshGatewayUrl: string | null\n\n @Column({ nullable: true })\n sshGatewayApiKeyHash: string | null\n\n @Column({ nullable: true })\n snapshotManagerUrl: string | null\n\n constructor(params: {\n name: string\n enforceQuotas: boolean\n regionType: RegionType\n id?: string\n organizationId?: string | null\n proxyUrl?: string | null\n toolboxProxyUrl?: string | null\n sshGatewayUrl?: string | null\n proxyApiKeyHash?: string | null\n sshGatewayApiKeyHash?: string | null\n snapshotManagerUrl?: string | null\n }) {\n this.name = params.name\n this.enforceQuotas = params.enforceQuotas\n this.regionType = params.regionType\n\n if (params.id) {\n this.id = params.id\n } else {\n this.id = this.name.toLowerCase() + '_' + nanoid(4)\n }\n if (params.organizationId) {\n this.organizationId = params.organizationId\n }\n\n this.proxyUrl = params.proxyUrl ?? null\n this.toolboxProxyUrl = params.toolboxProxyUrl ?? params.proxyUrl ?? null\n this.sshGatewayUrl = params.sshGatewayUrl ?? null\n this.proxyApiKeyHash = params.proxyApiKeyHash ?? null\n this.sshGatewayApiKeyHash = params.sshGatewayApiKeyHash ?? null\n this.snapshotManagerUrl = params.snapshotManagerUrl ?? null\n }\n\n @BeforeInsert()\n @BeforeUpdate()\n validateRegionType() {\n if (this.regionType === RegionType.SHARED) {\n if (this.organizationId) {\n throw new Error('Shared regions cannot be associated with an organization.')\n }\n }\n if (this.regionType === RegionType.CUSTOM) {\n if (!this.organizationId) {\n throw new Error('Custom regions must be associated with an organization.')\n }\n }\n }\n}\n" }, { "path": "apps/api/src/region/enums/region-type.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum RegionType {\n /**\n * Shared by all organizations.\n */\n SHARED = 'shared',\n /**\n * Dedicated to specific organizations.\n */\n DEDICATED = 'dedicated',\n /**\n * Created by and owned by a specific organization.\n */\n CUSTOM = 'custom',\n}\n" }, { "path": "apps/api/src/region/events/region-created.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { EntityManager } from 'typeorm'\nimport { Region } from '../entities/region.entity'\n\nexport class RegionCreatedEvent {\n constructor(\n public readonly entityManager: EntityManager,\n public readonly region: Region,\n public readonly organizationId: string | null,\n public readonly snapshotManagerUsername?: string,\n public readonly snapshotManagerPassword?: string,\n ) {}\n}\n" }, { "path": "apps/api/src/region/events/region-deleted.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { EntityManager } from 'typeorm'\nimport { Region } from '../entities/region.entity'\n\nexport class RegionDeletedEvent {\n constructor(\n public readonly entityManager: EntityManager,\n public readonly region: Region,\n ) {}\n}\n" }, { "path": "apps/api/src/region/events/region-snapshot-manager-creds.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { EntityManager } from 'typeorm'\nimport { Region } from '../entities/region.entity'\n\nexport class RegionSnapshotManagerCredsRegeneratedEvent {\n constructor(\n public readonly regionId: string,\n public readonly snapshotManagerUrl: string,\n public readonly username: string,\n public readonly password: string,\n public readonly entityManager?: EntityManager,\n ) {}\n}\n\nexport class RegionSnapshotManagerUpdatedEvent {\n constructor(\n public readonly region: Region,\n public readonly organizationId: string,\n public readonly snapshotManagerUrl: string | null,\n public readonly prevSnapshotManagerUrl: string | null,\n public readonly newUsername?: string,\n public readonly newPassword?: string,\n public readonly entityManager?: EntityManager,\n ) {}\n}\n" }, { "path": "apps/api/src/region/guards/region-access.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Injectable,\n CanActivate,\n ExecutionContext,\n NotFoundException,\n ForbiddenException,\n Logger,\n} from '@nestjs/common'\nimport { RegionService } from '../services/region.service'\nimport { OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { RegionType } from '../enums/region-type.enum'\n\n@Injectable()\nexport class RegionAccessGuard implements CanActivate {\n private readonly logger = new Logger(RegionAccessGuard.name)\n\n constructor(private readonly regionService: RegionService) {}\n\n async canActivate(context: ExecutionContext): Promise {\n const request = context.switchToHttp().getRequest()\n const regionId: string = request.params.regionId || request.params.id\n\n // TODO: initialize authContext safely\n const authContext: OrganizationAuthContext = request.user\n\n try {\n const region = await this.regionService.findOne(regionId)\n if (!region) {\n throw new NotFoundException('Region not found')\n }\n if (authContext.role !== SystemRole.ADMIN && region.organizationId !== authContext.organizationId) {\n throw new ForbiddenException('Request organization ID does not match resource organization ID')\n }\n if (authContext.role !== SystemRole.ADMIN && region.regionType !== RegionType.CUSTOM) {\n throw new ForbiddenException('Region is not a custom region')\n }\n return true\n } catch (error) {\n if (!(error instanceof NotFoundException)) {\n this.logger.error(error)\n }\n throw new NotFoundException('Region not found')\n }\n }\n}\n" }, { "path": "apps/api/src/region/region.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { TypeOrmModule } from '@nestjs/typeorm'\nimport { Region } from './entities/region.entity'\nimport { RegionService } from './services/region.service'\nimport { Runner } from '../sandbox/entities/runner.entity'\nimport { RegionController } from './controllers/region.controller'\nimport { Snapshot } from '../sandbox/entities/snapshot.entity'\n\n@Module({\n imports: [TypeOrmModule.forFeature([Region, Runner, Snapshot])],\n controllers: [RegionController],\n providers: [RegionService],\n exports: [RegionService],\n})\nexport class RegionModule {}\n" }, { "path": "apps/api/src/region/services/region.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\nimport {\n Injectable,\n Logger,\n NotFoundException,\n ConflictException,\n BadRequestException,\n HttpException,\n HttpStatus,\n} from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { DataSource, In, IsNull, Like, Repository } from 'typeorm'\nimport { REGION_NAME_REGEX } from '../constants/region-name-regex.constant'\nimport { CreateRegionInternalDto } from '../dto/create-region-internal.dto'\nimport { Region } from '../entities/region.entity'\nimport { Runner } from '../../sandbox/entities/runner.entity'\nimport { RegionType } from '../enums/region-type.enum'\nimport { CreateRegionResponseDto } from '../dto/create-region.dto'\nimport { generateApiKeyHash, generateApiKeyValue, generateRandomString } from '../../common/utils/api-key'\nimport { RegionDto } from '../dto/region.dto'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { RegionEvents } from '../constants/region-events.constant'\nimport { RegionCreatedEvent } from '../events/region-created.event'\nimport { RegionDeletedEvent } from '../events/region-deleted.event'\nimport { SnapshotManagerCredentialsDto } from '../dto/snapshot-manager-credentials.dto'\nimport {\n RegionSnapshotManagerCredsRegeneratedEvent,\n RegionSnapshotManagerUpdatedEvent,\n} from '../events/region-snapshot-manager-creds.event'\nimport { UpdateRegionDto } from '../dto/update-region.dto'\nimport { Snapshot } from '../../sandbox/entities/snapshot.entity'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport { toolboxProxyUrlCacheKey } from '../../sandbox/utils/sandbox-lookup-cache.util'\n\n@Injectable()\nexport class RegionService {\n private readonly logger = new Logger(RegionService.name)\n\n constructor(\n @InjectRepository(Region)\n private readonly regionRepository: Repository,\n @InjectRepository(Runner)\n private readonly runnerRepository: Repository,\n private readonly dataSource: DataSource,\n private readonly eventEmitter: EventEmitter2,\n @InjectRepository(Snapshot)\n private readonly snapshotRepository: Repository,\n @InjectRedis() private readonly redis: Redis,\n ) {}\n\n /**\n * @param createRegionDto - The region details.\n * @param organizationId - The ID of the organization, or null for regions not associated with an organization.\n * @throws {BadRequestException} If the region name is invalid.\n * @throws {ConflictException} If the region with the same ID already exists or region with the same name already exists in the organization.\n */\n async create(\n createRegionDto: CreateRegionInternalDto,\n organizationId: string | null,\n ): Promise {\n if (!REGION_NAME_REGEX.test(createRegionDto.name)) {\n throw new BadRequestException('Region name must contain only letters, numbers, underscores, periods, and hyphens')\n }\n if (createRegionDto.name.length < 2 || createRegionDto.name.length > 255) {\n throw new BadRequestException('Region name must be between 3 and 255 characters')\n }\n\n if (createRegionDto.id) {\n const existingRegion = await this.findOne(createRegionDto.id)\n if (existingRegion) {\n throw new ConflictException(`Region with id ${createRegionDto.id} already exists`)\n }\n }\n\n try {\n const proxyApiKey = createRegionDto.proxyUrl ? generateApiKeyValue() : undefined\n const sshGatewayApiKey = createRegionDto.sshGatewayUrl ? generateApiKeyValue() : undefined\n\n const snapshotManagerUsername = createRegionDto.snapshotManagerUrl ? 'daytona' : undefined\n const snapshotManagerPassword = createRegionDto.snapshotManagerUrl ? generateRandomString(16) : undefined\n\n const region = new Region({\n name: createRegionDto.name,\n enforceQuotas: createRegionDto.enforceQuotas,\n regionType: createRegionDto.regionType,\n id: createRegionDto.id,\n organizationId,\n proxyUrl: createRegionDto.proxyUrl,\n sshGatewayUrl: createRegionDto.sshGatewayUrl,\n proxyApiKeyHash: proxyApiKey ? generateApiKeyHash(proxyApiKey) : null,\n sshGatewayApiKeyHash: sshGatewayApiKey ? generateApiKeyHash(sshGatewayApiKey) : null,\n snapshotManagerUrl: createRegionDto.snapshotManagerUrl,\n })\n\n await this.dataSource.transaction(async (em) => {\n await em.save(region)\n await this.eventEmitter.emitAsync(\n RegionEvents.CREATED,\n new RegionCreatedEvent(em, region, organizationId, snapshotManagerUsername, snapshotManagerPassword),\n )\n })\n\n return new CreateRegionResponseDto({\n id: region.id,\n proxyApiKey,\n sshGatewayApiKey,\n snapshotManagerUsername,\n snapshotManagerPassword,\n })\n } catch (error) {\n if (error.code === '23505') {\n throw new ConflictException(`Region with name ${createRegionDto.name} already exists`)\n }\n throw error\n }\n }\n\n /**\n * @param id - The ID of the region.\n * @returns The region if found, or null otherwise.\n */\n async findOne(id: string, cache = false): Promise {\n return await this.regionRepository.findOne({\n where: {\n id,\n },\n cache: cache\n ? {\n id: `region:${id}`,\n milliseconds: 30000,\n }\n : undefined,\n })\n }\n\n /**\n * @param name - The name of the region.\n * @param organizationId - The organization ID, or null for regions not associated with an organization.\n * @returns The region if found, or null otherwise.\n */\n async findOneByName(name: string, organizationId: string | null): Promise {\n return await this.regionRepository.findOne({\n where: [{ name, organizationId: organizationId ?? IsNull() }],\n })\n }\n\n /**\n * @param proxyApiKey - The proxy API key.\n * @returns The region if found, or null otherwise.\n */\n async findOneByProxyApiKey(proxyApiKey: string): Promise {\n return await this.regionRepository.findOne({\n where: { proxyApiKeyHash: generateApiKeyHash(proxyApiKey) },\n })\n }\n\n /**\n * @param sshGatewayApiKey - The SSH gateway API key.\n * @returns The region if found, or null otherwise.\n */\n async findOneBySshGatewayApiKey(sshGatewayApiKey: string): Promise {\n return await this.regionRepository.findOne({\n where: { sshGatewayApiKeyHash: generateApiKeyHash(sshGatewayApiKey) },\n })\n }\n\n /**\n * @param regionId - The ID of the region.\n * @returns The organization ID or null for for regions not associated with an organization if the region is found, or undefined if the region is not found.\n */\n async getOrganizationId(regionId: string): Promise {\n const region = await this.regionRepository.findOne({\n where: {\n id: regionId,\n },\n select: ['organizationId'],\n loadEagerRelations: false,\n })\n\n if (!region) {\n return undefined\n }\n\n return region.organizationId ?? null\n }\n\n /**\n * @param organizationId - The organization ID of the regions to find.\n * @param regionType - If provided, only return regions of the specified type.\n * @returns The regions found ordered by name ascending.\n */\n async findAllByOrganization(organizationId: string, regionType?: RegionType): Promise {\n return this.regionRepository.find({\n where: {\n organizationId,\n ...(regionType ? { regionType } : {}),\n },\n order: {\n name: 'ASC',\n },\n })\n }\n\n /**\n * @param type - The type of the regions to find.\n * @returns The regions found ordered by name ascending.\n */\n async findAllByRegionType(regionType: RegionType): Promise {\n const regions = await this.regionRepository.find({\n where: {\n regionType,\n },\n order: {\n name: 'ASC',\n },\n })\n\n return regions.map(RegionDto.fromRegion)\n }\n\n /**\n * @param ids - The IDs of the regions to find.\n * @returns The regions found.\n */\n async findByIds(ids: string[]): Promise {\n if (ids.length === 0) {\n return []\n }\n\n return this.regionRepository.find({\n where: {\n id: In(ids),\n },\n })\n }\n\n /**\n * @param id - The ID of the region to delete.\n * @throws {NotFoundException} If the region is not found.\n */\n async delete(id: string): Promise {\n const region = await this.findOne(id)\n\n if (!region) {\n throw new NotFoundException('Region not found')\n }\n\n const runnerCount = await this.runnerRepository.count({\n where: {\n region: id,\n },\n })\n\n if (runnerCount > 0) {\n throw new HttpException(\n 'Cannot delete region which has runners associated with it',\n HttpStatus.PRECONDITION_REQUIRED,\n )\n }\n\n await this.dataSource.transaction(async (em) => {\n await this.eventEmitter.emitAsync(RegionEvents.DELETED, new RegionDeletedEvent(em, region))\n await em.remove(region)\n })\n\n this.redis.del(toolboxProxyUrlCacheKey(id)).catch((err) => {\n this.logger.warn(`Failed to invalidate toolbox proxy URL cache for region ${id}: ${err.message}`)\n })\n }\n\n async update(regionId: string, updateRegion: UpdateRegionDto): Promise {\n const region = await this.findOne(regionId)\n\n if (!region) {\n throw new NotFoundException('Region not found')\n }\n\n await this.dataSource.transaction(async (em) => {\n if (updateRegion.proxyUrl !== undefined) {\n region.proxyUrl = updateRegion.proxyUrl ?? null\n region.toolboxProxyUrl = updateRegion.proxyUrl ?? null\n }\n\n if (updateRegion.sshGatewayUrl !== undefined) {\n region.sshGatewayUrl = updateRegion.sshGatewayUrl ?? null\n }\n\n if (updateRegion.snapshotManagerUrl !== undefined) {\n if (region.snapshotManagerUrl) {\n // If snapshots already exist, prevent changing the snapshot manager URL\n const exists = await this.snapshotRepository.exists({\n where: {\n ref: Like(`${region.snapshotManagerUrl.replace(/^https?:\\/\\//, '')}%`),\n },\n })\n if (exists) {\n throw new BadRequestException(\n 'Cannot change snapshot manager URL for region with existing snapshots. Please delete existing snapshots first.',\n )\n }\n }\n\n const prevSnapshotManagerUrl = region.snapshotManagerUrl\n region.snapshotManagerUrl = updateRegion.snapshotManagerUrl ?? null\n\n let newUsername: string | undefined = undefined\n let newPassword: string | undefined = undefined\n\n // If the region did not have a snapshot manager, create new credentials\n if (!prevSnapshotManagerUrl) {\n newUsername = 'daytona'\n newPassword = generateRandomString(16)\n }\n\n await this.eventEmitter.emitAsync(\n RegionEvents.SNAPSHOT_MANAGER_UPDATED,\n new RegionSnapshotManagerUpdatedEvent(\n region,\n region.organizationId,\n region.snapshotManagerUrl,\n prevSnapshotManagerUrl,\n newUsername,\n newPassword,\n em,\n ),\n )\n }\n\n await em.save(region)\n })\n\n if (updateRegion.proxyUrl !== undefined) {\n this.redis.del(toolboxProxyUrlCacheKey(regionId)).catch((err) => {\n this.logger.warn(`Failed to invalidate toolbox proxy URL cache for region ${regionId}: ${err.message}`)\n })\n }\n }\n\n /**\n * @param regionId - The ID of the region.\n * @throws {NotFoundException} If the region is not found.\n * @throws {BadRequestException} If the region does not have a proxy URL configured.\n * @returns The newly generated proxy API key.\n */\n async regenerateProxyApiKey(regionId: string): Promise {\n const region = await this.findOne(regionId)\n\n if (!region) {\n throw new NotFoundException('Region not found')\n }\n\n if (!region.proxyUrl) {\n throw new BadRequestException('Region does not have a proxy URL configured')\n }\n\n const newApiKey = generateApiKeyValue()\n region.proxyApiKeyHash = generateApiKeyHash(newApiKey)\n\n await this.regionRepository.save(region)\n\n return newApiKey\n }\n\n /**\n * @param regionId - The ID of the region.\n * @throws {NotFoundException} If the region is not found.\n * @throws {BadRequestException} If the region does not have an SSH gateway URL configured.\n * @returns The newly generated SSH gateway API key.\n */\n async regenerateSshGatewayApiKey(regionId: string): Promise {\n const region = await this.findOne(regionId)\n\n if (!region) {\n throw new NotFoundException('Region not found')\n }\n\n if (!region.sshGatewayUrl) {\n throw new BadRequestException('Region does not have an SSH gateway URL configured')\n }\n\n const newApiKey = generateApiKeyValue()\n region.sshGatewayApiKeyHash = generateApiKeyHash(newApiKey)\n\n await this.regionRepository.save(region)\n\n return newApiKey\n }\n\n /**\n * @param regionId - The ID of the region.\n * @throws {NotFoundException} If the region is not found.\n * @throws {BadRequestException} If the region does not have a snapshot manager URL configured.\n * @returns The newly generated snapshot manager credentials.\n */\n async regenerateSnapshotManagerCredentials(regionId: string): Promise {\n const region = await this.findOne(regionId)\n\n if (!region) {\n throw new NotFoundException('Region not found')\n }\n\n if (!region.snapshotManagerUrl) {\n throw new BadRequestException('Region does not have a snapshot manager URL configured')\n }\n\n const newUsername = 'daytona'\n const newPassword = generateRandomString(16)\n\n await this.eventEmitter.emitAsync(\n RegionEvents.SNAPSHOT_MANAGER_CREDENTIALS_REGENERATED,\n new RegionSnapshotManagerCredsRegeneratedEvent(regionId, region.snapshotManagerUrl, newUsername, newPassword),\n )\n\n return new SnapshotManagerCredentialsDto({\n username: newUsername,\n password: newPassword,\n })\n }\n}\n" }, { "path": "apps/api/src/sandbox/common/redis-lock.provider.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { Injectable } from '@nestjs/common'\nimport { Redis } from 'ioredis'\n\ntype Acquired = boolean\n\nexport class LockCode {\n constructor(private readonly code: string) {}\n\n public getCode(): string {\n return this.code\n }\n}\n\n@Injectable()\nexport class RedisLockProvider {\n constructor(@InjectRedis() private readonly redis: Redis) {}\n\n async lock(key: string, ttl: number, code?: LockCode | null): Promise {\n const keyValue = code ? code.getCode() : '1'\n const acquired = await this.redis.set(key, keyValue, 'EX', ttl, 'NX')\n return !!acquired\n }\n\n async getCode(key: string): Promise {\n const keyValue = await this.redis.get(key)\n return keyValue ? new LockCode(keyValue) : null\n }\n\n async unlock(key: string): Promise {\n await this.redis.del(key)\n }\n\n async isLocked(key: string): Promise {\n const exists = await this.redis.exists(key)\n return exists === 1\n }\n\n async waitForLock(key: string, ttl: number): Promise {\n while (true) {\n const acquired = await this.lock(key, ttl)\n if (acquired) break\n await new Promise((resolve) => setTimeout(resolve, 50))\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/common/runner-service-info.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport type RunnerServiceInfo = {\n serviceName: string\n healthy: boolean\n errorReason?: string\n}\n" }, { "path": "apps/api/src/sandbox/constants/errors-for-recovery.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\n// Substrings in an error message that should trigger an automatic restore\nexport const RECOVERY_ERROR_SUBSTRINGS: string[] = ['Can not connect to the Docker daemon']\n" }, { "path": "apps/api/src/sandbox/constants/runner-events.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const RunnerEvents = {\n CREATED: 'runner.created',\n STATE_UPDATED: 'runner.state.updated',\n UNSCHEDULABLE_UPDATED: 'runner.unschedulable.updated',\n DELETED: 'runner.deleted',\n} as const\n" }, { "path": "apps/api/src/sandbox/constants/runner-name-regex.constant.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const RUNNER_NAME_REGEX = /^[a-zA-Z0-9_.-]+$/\n" }, { "path": "apps/api/src/sandbox/constants/sandbox-events.constants.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const SandboxEvents = {\n ARCHIVED: 'sandbox.archived',\n STATE_UPDATED: 'sandbox.state.updated',\n DESIRED_STATE_UPDATED: 'sandbox.desired-state.updated',\n CREATED: 'sandbox.created',\n STARTED: 'sandbox.started',\n STOPPED: 'sandbox.stopped',\n DESTROYED: 'sandbox.destroyed',\n PUBLIC_STATUS_UPDATED: 'sandbox.public-status.updated',\n ORGANIZATION_UPDATED: 'sandbox.organization.updated',\n BACKUP_CREATED: 'sandbox.backup.created',\n} as const\n" }, { "path": "apps/api/src/sandbox/constants/sandbox.constants.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION = '00000000-0000-0000-0000-000000000000'\n" }, { "path": "apps/api/src/sandbox/constants/snapshot-events.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const SnapshotEvents = {\n CREATED: 'snapshot.created',\n ACTIVATED: 'snapshot.activated',\n STATE_UPDATED: 'snapshot.state.updated',\n REMOVED: 'snapshot.removed',\n} as const\n" }, { "path": "apps/api/src/sandbox/constants/volume-events.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const VolumeEvents = {\n CREATED: 'volume.created',\n STATE_UPDATED: 'volume.state.updated',\n LAST_USED_AT_UPDATED: 'volume.lastUsedAt.updated',\n} as const\n" }, { "path": "apps/api/src/sandbox/constants/warmpool-events.constants.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const WarmPoolEvents = {\n TOPUP_REQUESTED: 'warmpool.topup-requested',\n} as const\n" }, { "path": "apps/api/src/sandbox/controllers/job.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Controller, Get, Post, Body, Param, Query, UseGuards, Logger, Req, NotFoundException } from '@nestjs/common'\nimport { Request } from 'express'\nimport { ApiOAuth2, ApiTags, ApiOperation, ApiBearerAuth, ApiResponse, ApiParam, ApiQuery } from '@nestjs/swagger'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { RunnerAuthGuard } from '../../auth/runner-auth.guard'\nimport { RunnerContextDecorator } from '../../common/decorators/runner-context.decorator'\nimport { RunnerContext } from '../../common/interfaces/runner-context.interface'\nimport {\n JobDto,\n JobStatus,\n ListJobsQueryDto,\n PaginatedJobsDto,\n PollJobsResponseDto,\n UpdateJobStatusDto,\n} from '../dto/job.dto'\nimport { JobService } from '../services/job.service'\nimport { JobAccessGuard } from '../guards/job-access.guard'\n\n@ApiTags('jobs')\n@Controller('jobs')\n@UseGuards(CombinedAuthGuard, RunnerAuthGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class JobController {\n private readonly logger = new Logger(JobController.name)\n\n constructor(private readonly jobService: JobService) {}\n\n @Get()\n @ApiOperation({\n summary: 'List jobs for the runner',\n operationId: 'listJobs',\n description: 'Returns a paginated list of jobs for the runner, optionally filtered by status.',\n })\n @ApiQuery({\n name: 'status',\n required: false,\n enum: JobStatus,\n enumName: 'JobStatus',\n example: JobStatus.PENDING,\n description: 'Filter jobs by status',\n })\n @ApiQuery({\n name: 'limit',\n required: false,\n type: Number,\n description: 'Maximum number of jobs to return (default: 100, max: 500)',\n })\n @ApiQuery({\n name: 'offset',\n required: false,\n type: Number,\n description: 'Number of jobs to skip for pagination (default: 0)',\n })\n @ApiResponse({\n status: 200,\n description: 'List of jobs for the runner',\n type: PaginatedJobsDto,\n })\n async listJobs(\n @RunnerContextDecorator() runnerContext: RunnerContext,\n @Query() query: ListJobsQueryDto,\n ): Promise {\n return await this.jobService.findJobsForRunner(runnerContext.runnerId, query.status, query.page, query.limit)\n }\n\n @Get('poll')\n @ApiOperation({\n summary: 'Long poll for jobs',\n operationId: 'pollJobs',\n description:\n 'Long poll endpoint for runners to fetch pending jobs. Returns immediately if jobs are available, otherwise waits up to timeout seconds.',\n })\n @ApiQuery({\n name: 'timeout',\n required: false,\n type: Number,\n description: 'Timeout in seconds for long polling (default: 30, max: 60)',\n })\n @ApiQuery({\n name: 'limit',\n required: false,\n type: Number,\n description: 'Maximum number of jobs to return (default: 10, max: 100)',\n })\n @ApiResponse({\n status: 200,\n description: 'List of jobs for the runner',\n type: PollJobsResponseDto,\n })\n async pollJobs(\n @Req() req: Request,\n @RunnerContextDecorator() runnerContext: RunnerContext,\n @Query('timeout') timeout?: number,\n @Query('limit') limit?: number,\n ): Promise {\n this.logger.debug(`Runner ${runnerContext.runnerId} polling for jobs (timeout: ${timeout}s, limit: ${limit})`)\n\n const timeoutSeconds = timeout ? Math.min(Number(timeout), 60) : 30\n const limitNumber = limit ? Math.min(Number(limit), 100) : 10\n\n // Create AbortSignal from request's 'close' event\n const abortController = new AbortController()\n const onClose = () => {\n this.logger.debug(`Runner ${runnerContext.runnerId} disconnected during polling, aborting`)\n abortController.abort()\n }\n req.on('close', onClose)\n\n try {\n const jobs = await this.jobService.pollJobs(\n runnerContext.runnerId,\n limitNumber,\n timeoutSeconds,\n abortController.signal,\n )\n this.logger.debug(`Returning ${jobs.length} jobs to runner ${runnerContext.runnerId}`)\n return { jobs }\n } catch (error) {\n if (abortController.signal.aborted) {\n this.logger.debug(`Polling aborted for disconnected runner ${runnerContext.runnerId}`)\n return { jobs: [] } // Return empty array on disconnect\n }\n this.logger.error(`Error polling jobs for runner ${runnerContext.runnerId}: ${error.message}`, error.stack)\n throw error\n } finally {\n req.off('close', onClose)\n }\n }\n\n @Get(':jobId')\n @ApiOperation({\n summary: 'Get job details',\n operationId: 'getJob',\n })\n @ApiParam({\n name: 'jobId',\n description: 'ID of the job',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Job details',\n type: JobDto,\n })\n @UseGuards(JobAccessGuard)\n async getJob(@RunnerContextDecorator() runnerContext: RunnerContext, @Param('jobId') jobId: string): Promise {\n this.logger.log(`Runner ${runnerContext.runnerId} fetching job ${jobId}`)\n\n const job = await this.jobService.findOne(jobId)\n if (!job) {\n throw new NotFoundException(`Job ${jobId} not found`)\n }\n\n return new JobDto(job)\n }\n\n @Post(':jobId/status')\n @ApiOperation({\n summary: 'Update job status',\n operationId: 'updateJobStatus',\n })\n @ApiParam({\n name: 'jobId',\n description: 'ID of the job',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Job status updated successfully',\n type: JobDto,\n })\n @UseGuards(JobAccessGuard)\n async updateJobStatus(\n @RunnerContextDecorator() runnerContext: RunnerContext,\n @Param('jobId') jobId: string,\n @Body() updateJobStatusDto: UpdateJobStatusDto,\n ): Promise {\n this.logger.debug(`Runner ${runnerContext.runnerId} updating job ${jobId} status to ${updateJobStatusDto.status}`)\n\n const job = await this.jobService.updateJobStatus(\n jobId,\n updateJobStatusDto.status,\n updateJobStatusDto.errorMessage,\n updateJobStatusDto.resultMetadata,\n )\n\n return new JobDto(job)\n }\n}\n" }, { "path": "apps/api/src/sandbox/controllers/preview.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport Redis from 'ioredis'\nimport { Controller, Get, Param, Logger, NotFoundException, UseGuards, Req } from '@nestjs/common'\nimport { SandboxService } from '../services/sandbox.service'\nimport { ApiResponse, ApiOperation, ApiParam, ApiTags, ApiOAuth2, ApiBearerAuth } from '@nestjs/swagger'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { OrganizationUserService } from '../../organization/services/organization-user.service'\n\n@ApiTags('preview')\n@Controller('preview')\nexport class PreviewController {\n private readonly logger = new Logger(PreviewController.name)\n\n constructor(\n @InjectRedis() private readonly redis: Redis,\n private readonly sandboxService: SandboxService,\n private readonly organizationUserService: OrganizationUserService,\n ) {}\n\n @Get(':sandboxId/public')\n @ApiOperation({\n summary: 'Check if sandbox is public',\n operationId: 'isSandboxPublic',\n })\n @ApiParam({\n name: 'sandboxId',\n description: 'ID of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Public status of the sandbox',\n type: Boolean,\n })\n async isSandboxPublic(@Param('sandboxId') sandboxId: string): Promise {\n const cached = await this.redis.get(`preview:public:${sandboxId}`)\n if (cached) {\n if (cached === '1') {\n return true\n }\n throw new NotFoundException(`Sandbox with ID ${sandboxId} not found`)\n }\n\n try {\n const isPublic = await this.sandboxService.isSandboxPublic(sandboxId)\n // for private sandboxes, throw 404 as well\n // to prevent using the method to check if a sandbox exists\n if (!isPublic) {\n // cache the result for 3 seconds to avoid unnecessary requests to the database\n await this.redis.setex(`preview:public:${sandboxId}`, 3, '0')\n\n throw new NotFoundException(`Sandbox with ID ${sandboxId} not found`)\n }\n // cache the result for 3 seconds to avoid unnecessary requests to the database\n await this.redis.setex(`preview:public:${sandboxId}`, 3, '1')\n return true\n } catch (ex) {\n if (ex instanceof NotFoundException) {\n // cache the not found sandbox as well\n // as it is the same case as for the private sandboxes\n await this.redis.setex(`preview:public:${sandboxId}`, 3, '0')\n throw ex\n }\n throw ex\n }\n }\n\n @Get(':sandboxId/validate/:authToken')\n @ApiOperation({\n summary: 'Check if sandbox auth token is valid',\n operationId: 'isValidAuthToken',\n })\n @ApiParam({\n name: 'sandboxId',\n description: 'ID of the sandbox',\n type: 'string',\n })\n @ApiParam({\n name: 'authToken',\n description: 'Auth token of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Sandbox auth token validation status',\n type: Boolean,\n })\n async isValidAuthToken(\n @Param('sandboxId') sandboxId: string,\n @Param('authToken') authToken: string,\n ): Promise {\n const cached = await this.redis.get(`preview:token:${sandboxId}:${authToken}`)\n if (cached) {\n if (cached === '1') {\n return true\n }\n throw new NotFoundException(`Sandbox with ID ${sandboxId} not found`)\n }\n const sandbox = await this.sandboxService.findOne(sandboxId)\n if (!sandbox) {\n await this.redis.setex(`preview:token:${sandboxId}:${authToken}`, 3, '0')\n throw new NotFoundException(`Sandbox with ID ${sandboxId} not found`)\n }\n if (sandbox.authToken === authToken) {\n await this.redis.setex(`preview:token:${sandboxId}:${authToken}`, 3, '1')\n return true\n }\n await this.redis.setex(`preview:token:${sandboxId}:${authToken}`, 3, '0')\n throw new NotFoundException(`Sandbox with ID ${sandboxId} not found`)\n }\n\n @Get(':sandboxId/access')\n @ApiOperation({\n summary: 'Check if user has access to the sandbox',\n operationId: 'hasSandboxAccess',\n })\n @ApiResponse({\n status: 200,\n description: 'User access status to the sandbox',\n type: Boolean,\n })\n @UseGuards(CombinedAuthGuard)\n @ApiOAuth2(['openid', 'profile', 'email'])\n @ApiBearerAuth()\n async hasSandboxAccess(@Req() req: Request, @Param('sandboxId') sandboxId: string): Promise {\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n const userId = req.user?.userId\n\n const cached = await this.redis.get(`preview:access:${sandboxId}:${userId}`)\n if (cached) {\n if (cached === '1') {\n return true\n }\n throw new NotFoundException(`Sandbox with ID ${sandboxId} not found`)\n }\n\n const sandbox = await this.sandboxService.findOne(sandboxId)\n const hasAccess = await this.organizationUserService.exists(sandbox.organizationId, userId)\n if (!hasAccess) {\n await this.redis.setex(`preview:token:${sandboxId}:${userId}`, 3, '0')\n throw new NotFoundException(`Sandbox with ID ${sandboxId} not found`)\n }\n // if user has access, keep it in cache longer\n await this.redis.setex(`preview:access:${sandboxId}:${userId}`, 30, '1')\n return true\n }\n\n @Get(':signedPreviewToken/:port/sandbox-id')\n @ApiOperation({\n summary: 'Get sandbox ID from signed preview URL token',\n operationId: 'getSandboxIdFromSignedPreviewUrlToken',\n })\n @ApiParam({\n name: 'signedPreviewToken',\n description: 'Signed preview URL token',\n type: 'string',\n })\n @ApiParam({\n name: 'port',\n description: 'Port number to get sandbox ID from signed preview URL token',\n type: 'number',\n })\n @ApiResponse({\n status: 200,\n description: 'Sandbox ID from signed preview URL token',\n type: String,\n })\n async getSandboxIdFromSignedPreviewUrlToken(\n @Param('signedPreviewToken') signedPreviewToken: string,\n @Param('port') port: number,\n ): Promise {\n return this.sandboxService.getSandboxIdFromSignedPreviewUrlToken(signedPreviewToken, port)\n }\n}\n" }, { "path": "apps/api/src/sandbox/controllers/runner.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Body,\n Controller,\n Get,\n Post,\n Param,\n Patch,\n UseGuards,\n Query,\n Delete,\n HttpCode,\n NotFoundException,\n ForbiddenException,\n ParseUUIDPipe,\n} from '@nestjs/common'\nimport { CreateRunnerDto } from '../dto/create-runner.dto'\nimport { RunnerService } from '../services/runner.service'\nimport {\n ApiOAuth2,\n ApiTags,\n ApiOperation,\n ApiBearerAuth,\n ApiResponse,\n ApiQuery,\n ApiParam,\n ApiHeader,\n} from '@nestjs/swagger'\nimport { SystemActionGuard } from '../../auth/system-action.guard'\nimport { RequiredApiRole } from '../../common/decorators/required-role.decorator'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { ProxyGuard } from '../guards/proxy.guard'\nimport { RunnerDto } from '../dto/runner.dto'\nimport { RunnerSnapshotDto } from '../dto/runner-snapshot.dto'\nimport { Audit, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { SshGatewayGuard } from '../guards/ssh-gateway.guard'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { OrGuard } from '../../auth/or.guard'\nimport { RunnerAuthGuard } from '../../auth/runner-auth.guard'\nimport { RunnerContextDecorator } from '../../common/decorators/runner-context.decorator'\nimport { RunnerContext } from '../../common/interfaces/runner-context.interface'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\nimport { RunnerAccessGuard } from '../guards/runner-access.guard'\nimport { RegionRunnerAccessGuard } from '../guards/region-runner-access.guard'\nimport { CustomHeaders } from '../../common/constants/header.constants'\nimport { AuthContext } from '../../common/decorators/auth-context.decorator'\nimport { OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { RequiredOrganizationResourcePermissions } from '../../organization/decorators/required-organization-resource-permissions.decorator'\nimport { OrganizationResourcePermission } from '../../organization/enums/organization-resource-permission.enum'\nimport { OrganizationResourceActionGuard } from '../../organization/guards/organization-resource-action.guard'\nimport { CreateRunnerResponseDto } from '../dto/create-runner-response.dto'\nimport { RegionSandboxAccessGuard } from '../guards/region-sandbox-access.guard'\nimport { RunnerFullDto } from '../dto/runner-full.dto'\nimport { RegionType } from '../../region/enums/region-type.enum'\nimport { RegionService } from '../../region/services/region.service'\nimport { RequireFlagsEnabled } from '@openfeature/nestjs-sdk'\nimport { FeatureFlags } from '../../common/constants/feature-flags'\nimport { RunnerHealthcheckDto } from '../dto/runner-health.dto'\n\n@ApiTags('runners')\n@Controller('runners')\n@UseGuards(CombinedAuthGuard, AuthenticatedRateLimitGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class RunnerController {\n constructor(\n private readonly runnerService: RunnerService,\n private readonly regionService: RegionService,\n ) {}\n\n @Post()\n @HttpCode(201)\n @ApiOperation({\n summary: 'Create runner',\n operationId: 'createRunner',\n })\n @ApiResponse({\n status: 201,\n type: CreateRunnerResponseDto,\n })\n @Audit({\n action: AuditAction.CREATE,\n targetType: AuditTarget.RUNNER,\n targetIdFromResult: (result: CreateRunnerResponseDto) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n regionId: req.body?.regionId,\n name: req.body?.name,\n }),\n },\n })\n @ApiHeader(CustomHeaders.ORGANIZATION_ID)\n @UseGuards(OrganizationResourceActionGuard)\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_RUNNERS])\n @RequireFlagsEnabled({ flags: [{ flagKey: FeatureFlags.ORGANIZATION_INFRASTRUCTURE, defaultValue: false }] })\n async create(\n @Body() createRunnerDto: CreateRunnerDto,\n @AuthContext() authContext: OrganizationAuthContext,\n ): Promise {\n // validate that the runner region is a custom region owned by the organization\n const region = await this.regionService.findOne(createRunnerDto.regionId)\n\n if (!region || region.organizationId !== authContext.organizationId) {\n throw new NotFoundException('Region not found')\n }\n\n if (region.regionType !== RegionType.CUSTOM) {\n throw new ForbiddenException('Runner can only be created in a custom region')\n }\n\n // create the runner\n const { runner, apiKey } = await this.runnerService.create({\n regionId: createRunnerDto.regionId,\n name: createRunnerDto.name,\n apiVersion: '2',\n })\n\n return CreateRunnerResponseDto.fromRunner(runner, apiKey)\n }\n\n @Get('/me')\n @UseGuards(RunnerAuthGuard)\n @ApiOperation({\n summary: 'Get info for authenticated runner',\n operationId: 'getInfoForAuthenticatedRunner',\n })\n @ApiResponse({\n status: 200,\n description: 'Runner info',\n type: RunnerFullDto,\n })\n async getInfoForAuthenticatedRunner(@RunnerContextDecorator() runnerContext: RunnerContext): Promise {\n return this.runnerService.findOneFullOrFail(runnerContext.runnerId)\n }\n\n @Get(':id')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Get runner by ID',\n operationId: 'getRunnerById',\n })\n @ApiResponse({\n status: 200,\n type: RunnerDto,\n })\n @ApiParam({\n name: 'id',\n description: 'Runner ID',\n type: String,\n })\n @ApiHeader(CustomHeaders.ORGANIZATION_ID)\n @UseGuards(OrganizationResourceActionGuard, RunnerAccessGuard)\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.READ_RUNNERS])\n async getRunnerById(@Param('id', ParseUUIDPipe) id: string): Promise {\n const runner = await this.runnerService.findOneOrFail(id)\n return RunnerDto.fromRunner(runner)\n }\n\n @Get(':id/full')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Get runner by ID',\n operationId: 'getRunnerFullById',\n })\n @ApiResponse({\n status: 200,\n type: RunnerFullDto,\n })\n @ApiParam({\n name: 'id',\n description: 'Runner ID',\n type: String,\n })\n @UseGuards(OrGuard([SystemActionGuard, ProxyGuard, SshGatewayGuard, RegionRunnerAccessGuard]))\n @RequiredApiRole([SystemRole.ADMIN])\n async getRunnerByIdFull(@Param('id', ParseUUIDPipe) id: string): Promise {\n const runner = await this.runnerService.findOneOrFail(id)\n return RunnerFullDto.fromRunner(runner)\n }\n\n @Get()\n @HttpCode(200)\n @ApiOperation({\n summary: 'List all runners',\n operationId: 'listRunners',\n })\n @ApiResponse({\n status: 200,\n type: [RunnerDto],\n })\n @ApiHeader(CustomHeaders.ORGANIZATION_ID)\n @UseGuards(OrganizationResourceActionGuard)\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.READ_RUNNERS])\n @RequireFlagsEnabled({ flags: [{ flagKey: FeatureFlags.ORGANIZATION_INFRASTRUCTURE, defaultValue: false }] })\n async findAll(@AuthContext() authContext: OrganizationAuthContext): Promise {\n return this.runnerService.findAllByOrganization(authContext.organizationId, RegionType.CUSTOM)\n }\n\n @Patch(':id/scheduling')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Update runner scheduling status',\n operationId: 'updateRunnerScheduling',\n })\n @ApiResponse({\n status: 200,\n type: RunnerDto,\n })\n @ApiParam({\n name: 'id',\n description: 'Runner ID',\n type: String,\n })\n @Audit({\n action: AuditAction.UPDATE_SCHEDULING,\n targetType: AuditTarget.RUNNER,\n targetIdFromRequest: (req) => req.params.id,\n requestMetadata: {\n body: (req: TypedRequest<{ unschedulable: boolean }>) => ({\n unschedulable: req.body?.unschedulable,\n }),\n },\n })\n @ApiHeader(CustomHeaders.ORGANIZATION_ID)\n @UseGuards(OrganizationResourceActionGuard, RunnerAccessGuard)\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_RUNNERS])\n @RequireFlagsEnabled({ flags: [{ flagKey: FeatureFlags.ORGANIZATION_INFRASTRUCTURE, defaultValue: false }] })\n async updateSchedulingStatus(\n @Param('id', ParseUUIDPipe) id: string,\n @Body('unschedulable') unschedulable: boolean,\n ): Promise {\n const updatedRunner = await this.runnerService.updateSchedulingStatus(id, unschedulable)\n return RunnerDto.fromRunner(updatedRunner)\n }\n\n @Patch(':id/draining')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Update runner draining status',\n operationId: 'updateRunnerDraining',\n })\n @ApiResponse({\n status: 200,\n type: RunnerDto,\n })\n @ApiParam({\n name: 'id',\n description: 'Runner ID',\n type: String,\n })\n @Audit({\n action: AuditAction.UPDATE_DRAINING,\n targetType: AuditTarget.RUNNER,\n targetIdFromRequest: (req) => req.params.id,\n requestMetadata: {\n body: (req: TypedRequest<{ draining: boolean }>) => ({\n draining: req.body?.draining,\n }),\n },\n })\n @ApiHeader(CustomHeaders.ORGANIZATION_ID)\n @UseGuards(OrganizationResourceActionGuard, RunnerAccessGuard)\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_RUNNERS])\n @RequireFlagsEnabled({ flags: [{ flagKey: FeatureFlags.ORGANIZATION_INFRASTRUCTURE, defaultValue: false }] })\n async updateDrainingStatus(\n @Param('id', ParseUUIDPipe) id: string,\n @Body('draining') draining: boolean,\n ): Promise {\n const updatedRunner = await this.runnerService.updateDrainingStatus(id, draining)\n return RunnerDto.fromRunner(updatedRunner)\n }\n\n @Delete(':id')\n @HttpCode(204)\n @ApiOperation({\n summary: 'Delete runner',\n operationId: 'deleteRunner',\n })\n @ApiResponse({\n status: 204,\n })\n @ApiParam({\n name: 'id',\n description: 'Runner ID',\n type: String,\n })\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.RUNNER,\n targetIdFromRequest: (req) => req.params.id,\n })\n @ApiHeader(CustomHeaders.ORGANIZATION_ID)\n @UseGuards(OrganizationResourceActionGuard, RunnerAccessGuard)\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.DELETE_RUNNERS])\n @RequireFlagsEnabled({ flags: [{ flagKey: FeatureFlags.ORGANIZATION_INFRASTRUCTURE, defaultValue: false }] })\n async delete(@Param('id', ParseUUIDPipe) id: string): Promise {\n return this.runnerService.remove(id)\n }\n\n @Get('/by-sandbox/:sandboxId')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Get runner by sandbox ID',\n operationId: 'getRunnerBySandboxId',\n })\n @ApiResponse({\n status: 200,\n type: RunnerFullDto,\n })\n @UseGuards(OrGuard([SystemActionGuard, ProxyGuard, SshGatewayGuard, RegionSandboxAccessGuard]))\n @RequiredApiRole([SystemRole.ADMIN])\n async getRunnerBySandboxId(@Param('sandboxId') sandboxId: string): Promise {\n const runner = await this.runnerService.findBySandboxId(sandboxId)\n\n if (!runner) {\n throw new NotFoundException('Runner not found')\n }\n\n return RunnerFullDto.fromRunner(runner)\n }\n\n @Get('/by-snapshot-ref')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Get runners by snapshot ref',\n operationId: 'getRunnersBySnapshotRef',\n })\n @ApiResponse({\n status: 200,\n type: [RunnerSnapshotDto],\n })\n @ApiQuery({\n name: 'ref',\n description: 'Snapshot ref',\n type: String,\n required: true,\n })\n @UseGuards(OrGuard([SystemActionGuard, ProxyGuard, SshGatewayGuard]))\n @RequiredApiRole([SystemRole.ADMIN, 'proxy', 'ssh-gateway'])\n async getRunnersBySnapshotRef(@Query('ref') ref: string): Promise {\n return this.runnerService.getRunnersBySnapshotRef(ref)\n }\n\n @Post('healthcheck')\n @ApiOperation({\n summary: 'Runner healthcheck',\n operationId: 'runnerHealthcheck',\n description:\n 'Endpoint for version 2 runners to send healthcheck and metrics. Updates lastChecked timestamp and runner metrics.',\n })\n @ApiResponse({\n status: 200,\n description: 'Healthcheck received',\n })\n async runnerHealthcheck(\n @RunnerContextDecorator() runnerContext: RunnerContext,\n @Body() healthcheck: RunnerHealthcheckDto,\n ): Promise {\n await this.runnerService.updateRunnerHealth(\n runnerContext.runnerId,\n healthcheck.domain,\n healthcheck.apiUrl,\n healthcheck.proxyUrl,\n healthcheck.serviceHealth,\n healthcheck.metrics,\n healthcheck.appVersion,\n )\n }\n}\n" }, { "path": "apps/api/src/sandbox/controllers/sandbox.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Controller,\n Get,\n Post,\n Delete,\n Body,\n Param,\n Query,\n Logger,\n UseGuards,\n HttpCode,\n UseInterceptors,\n Put,\n NotFoundException,\n Res,\n Request,\n RawBodyRequest,\n Next,\n ParseBoolPipe,\n} from '@nestjs/common'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { SandboxService } from '../services/sandbox.service'\nimport { CreateSandboxDto } from '../dto/create-sandbox.dto'\nimport {\n ApiOAuth2,\n ApiResponse,\n ApiQuery,\n ApiOperation,\n ApiParam,\n ApiTags,\n ApiHeader,\n ApiBearerAuth,\n} from '@nestjs/swagger'\nimport { SandboxDto, SandboxLabelsDto } from '../dto/sandbox.dto'\nimport { ResizeSandboxDto } from '../dto/resize-sandbox.dto'\nimport { UpdateSandboxStateDto } from '../dto/update-sandbox-state.dto'\nimport { PaginatedSandboxesDto } from '../dto/paginated-sandboxes.dto'\nimport { RunnerService } from '../services/runner.service'\nimport { RunnerAuthGuard } from '../../auth/runner-auth.guard'\nimport { RunnerContextDecorator } from '../../common/decorators/runner-context.decorator'\nimport { RunnerContext } from '../../common/interfaces/runner-context.interface'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { ContentTypeInterceptor } from '../../common/interceptors/content-type.interceptors'\nimport { SandboxAccessGuard } from '../guards/sandbox-access.guard'\nimport { CustomHeaders } from '../../common/constants/header.constants'\nimport { AuthContext } from '../../common/decorators/auth-context.decorator'\nimport { OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { RequiredOrganizationResourcePermissions } from '../../organization/decorators/required-organization-resource-permissions.decorator'\nimport { OrganizationResourcePermission } from '../../organization/enums/organization-resource-permission.enum'\nimport { OrganizationResourceActionGuard } from '../../organization/guards/organization-resource-action.guard'\nimport { PortPreviewUrlDto, SignedPortPreviewUrlDto } from '../dto/port-preview-url.dto'\nimport { IncomingMessage, ServerResponse } from 'http'\nimport { NextFunction } from 'http-proxy-middleware/dist/types'\nimport { LogProxy } from '../proxy/log-proxy'\nimport { BadRequestError } from '../../exceptions/bad-request.exception'\nimport { SandboxStateUpdatedEvent } from '../events/sandbox-state-updated.event'\nimport { Audit, MASKED_AUDIT_VALUE, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\n// import { UpdateSandboxNetworkSettingsDto } from '../dto/update-sandbox-network-settings.dto'\nimport { SshAccessDto, SshAccessValidationDto } from '../dto/ssh-access.dto'\nimport { ListSandboxesQueryDto } from '../dto/list-sandboxes-query.dto'\nimport { ProxyGuard } from '../guards/proxy.guard'\nimport { OrGuard } from '../../auth/or.guard'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\nimport { SkipThrottle } from '@nestjs/throttler'\nimport { ThrottlerScope } from '../../common/decorators/throttler-scope.decorator'\nimport { SshGatewayGuard } from '../guards/ssh-gateway.guard'\nimport { ToolboxProxyUrlDto } from '../dto/toolbox-proxy-url.dto'\nimport { UrlDto } from '../../common/dto/url.dto'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport { SANDBOX_EVENT_CHANNEL } from '../../common/constants/constants'\nimport { RequireFlagsEnabled } from '@openfeature/nestjs-sdk'\nimport { FeatureFlags } from '../../common/constants/feature-flags'\n\n@ApiTags('sandbox')\n@Controller('sandbox')\n@ApiHeader(CustomHeaders.ORGANIZATION_ID)\n@UseGuards(CombinedAuthGuard, OrganizationResourceActionGuard, AuthenticatedRateLimitGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class SandboxController {\n private readonly logger = new Logger(SandboxController.name)\n private readonly sandboxCallbacks: Map void> = new Map()\n private readonly redisSubscriber: Redis\n constructor(\n private readonly runnerService: RunnerService,\n private readonly sandboxService: SandboxService,\n @InjectRedis() private readonly redis: Redis,\n ) {\n this.redisSubscriber = this.redis.duplicate()\n this.redisSubscriber.subscribe(SANDBOX_EVENT_CHANNEL)\n this.redisSubscriber.on('message', (channel, message) => {\n if (channel !== SANDBOX_EVENT_CHANNEL) {\n return\n }\n\n try {\n const event = JSON.parse(message) as SandboxStateUpdatedEvent\n this.handleSandboxStateUpdated(event)\n } catch (error) {\n this.logger.error('Failed to parse sandbox state updated event:', error)\n return\n }\n })\n }\n\n @Get()\n @ApiOperation({\n summary: 'List all sandboxes',\n operationId: 'listSandboxes',\n })\n @ApiResponse({\n status: 200,\n description: 'List of all sandboxes',\n type: [SandboxDto],\n })\n @ApiQuery({\n name: 'verbose',\n required: false,\n type: Boolean,\n description: 'Include verbose output',\n })\n @ApiQuery({\n name: 'labels',\n type: String,\n required: false,\n example: '{\"label1\": \"value1\", \"label2\": \"value2\"}',\n description: 'JSON encoded labels to filter by',\n })\n @ApiQuery({\n name: 'includeErroredDeleted',\n required: false,\n type: Boolean,\n description: 'Include errored and deleted sandboxes',\n })\n async listSandboxes(\n @AuthContext() authContext: OrganizationAuthContext,\n @Query('verbose') verbose?: boolean,\n @Query('labels') labelsQuery?: string,\n @Query('includeErroredDeleted') includeErroredDeleted?: boolean,\n ): Promise {\n const labels = labelsQuery ? JSON.parse(labelsQuery) : undefined\n const sandboxes = await this.sandboxService.findAllDeprecated(\n authContext.organizationId,\n labels,\n includeErroredDeleted,\n )\n\n return this.sandboxService.toSandboxDtos(sandboxes)\n }\n\n @Get('paginated')\n @ApiOperation({\n summary: 'List all sandboxes paginated',\n operationId: 'listSandboxesPaginated',\n })\n @ApiResponse({\n status: 200,\n description: 'Paginated list of all sandboxes',\n type: PaginatedSandboxesDto,\n })\n async listSandboxesPaginated(\n @AuthContext() authContext: OrganizationAuthContext,\n @Query() queryParams: ListSandboxesQueryDto,\n ): Promise {\n const {\n page,\n limit,\n id,\n name,\n labels,\n includeErroredDeleted: includeErroredDestroyed,\n states,\n snapshots,\n regions,\n minCpu,\n maxCpu,\n minMemoryGiB,\n maxMemoryGiB,\n minDiskGiB,\n maxDiskGiB,\n lastEventAfter,\n lastEventBefore,\n sort: sortField,\n order: sortDirection,\n } = queryParams\n\n const result = await this.sandboxService.findAll(\n authContext.organizationId,\n page,\n limit,\n {\n id,\n name,\n labels: labels ? JSON.parse(labels) : undefined,\n includeErroredDestroyed,\n states,\n snapshots,\n regionIds: regions,\n minCpu,\n maxCpu,\n minMemoryGiB,\n maxMemoryGiB,\n minDiskGiB,\n maxDiskGiB,\n lastEventAfter,\n lastEventBefore,\n },\n {\n field: sortField,\n direction: sortDirection,\n },\n )\n\n return {\n items: await this.sandboxService.toSandboxDtos(result.items),\n total: result.total,\n page: result.page,\n totalPages: result.totalPages,\n }\n }\n\n @Post()\n @HttpCode(200) // for Daytona Api compatibility\n @UseInterceptors(ContentTypeInterceptor)\n @SkipThrottle({ authenticated: true })\n @ThrottlerScope('sandbox-create')\n @ApiOperation({\n summary: 'Create a new sandbox',\n operationId: 'createSandbox',\n })\n @ApiResponse({\n status: 200,\n description: 'The sandbox has been successfully created.',\n type: SandboxDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @Audit({\n action: AuditAction.CREATE,\n targetType: AuditTarget.SANDBOX,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n name: req.body?.name,\n snapshot: req.body?.snapshot,\n user: req.body?.user,\n env: req.body?.env\n ? Object.fromEntries(Object.keys(req.body?.env).map((key) => [key, MASKED_AUDIT_VALUE]))\n : undefined,\n labels: req.body?.labels,\n public: req.body?.public,\n class: req.body?.class,\n target: req.body?.target,\n cpu: req.body?.cpu,\n gpu: req.body?.gpu,\n memory: req.body?.memory,\n disk: req.body?.disk,\n autoStopInterval: req.body?.autoStopInterval,\n autoArchiveInterval: req.body?.autoArchiveInterval,\n autoDeleteInterval: req.body?.autoDeleteInterval,\n volumes: req.body?.volumes,\n buildInfo: req.body?.buildInfo,\n networkBlockAll: req.body?.networkBlockAll,\n networkAllowList: req.body?.networkAllowList,\n }),\n },\n })\n async createSandbox(\n @AuthContext() authContext: OrganizationAuthContext,\n @Body() createSandboxDto: CreateSandboxDto,\n ): Promise {\n const organization = authContext.organization\n let sandbox: SandboxDto\n\n if (createSandboxDto.buildInfo) {\n if (createSandboxDto.snapshot) {\n throw new BadRequestError('Cannot specify a snapshot when using a build info entry')\n }\n sandbox = await this.sandboxService.createFromBuildInfo(createSandboxDto, organization)\n } else {\n if (createSandboxDto.cpu || createSandboxDto.gpu || createSandboxDto.memory || createSandboxDto.disk) {\n throw new BadRequestError('Cannot specify Sandbox resources when using a snapshot')\n }\n sandbox = await this.sandboxService.createFromSnapshot(createSandboxDto, organization)\n if (sandbox.state === SandboxState.STARTED) {\n return sandbox\n }\n\n await this.waitForSandboxStarted(sandbox, 30)\n }\n\n return sandbox\n }\n\n @Get('for-runner')\n @UseGuards(RunnerAuthGuard)\n @ApiOperation({\n summary: 'Get sandboxes for the authenticated runner',\n operationId: 'getSandboxesForRunner',\n })\n @ApiQuery({\n name: 'states',\n required: false,\n type: String,\n description: 'Comma-separated list of sandbox states to filter by',\n })\n @ApiQuery({\n name: 'skipReconcilingSandboxes',\n required: false,\n type: Boolean,\n description: 'Skip sandboxes where state differs from desired state',\n })\n @ApiResponse({\n status: 200,\n description: 'List of sandboxes for the authenticated runner',\n type: [SandboxDto],\n })\n async getSandboxesForRunner(\n @RunnerContextDecorator() runnerContext: RunnerContext,\n @Query('states') states?: string,\n @Query('skipReconcilingSandboxes') skipReconcilingSandboxes?: string,\n ): Promise {\n const stateArray = states\n ? states.split(',').map((s) => {\n if (!Object.values(SandboxState).includes(s as SandboxState)) {\n throw new BadRequestError(`Invalid sandbox state: ${s}`)\n }\n return s as SandboxState\n })\n : undefined\n\n const skip = skipReconcilingSandboxes === 'true'\n const sandboxes = await this.sandboxService.findByRunnerId(runnerContext.runnerId, stateArray, skip)\n\n return this.sandboxService.toSandboxDtos(sandboxes)\n }\n\n @Get(':sandboxIdOrName')\n @ApiOperation({\n summary: 'Get sandbox details',\n operationId: 'getSandbox',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiQuery({\n name: 'verbose',\n required: false,\n type: Boolean,\n description: 'Include verbose output',\n })\n @ApiResponse({\n status: 200,\n description: 'Sandbox details',\n type: SandboxDto,\n })\n @UseGuards(SandboxAccessGuard)\n async getSandbox(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n @Query('verbose') verbose?: boolean,\n ): Promise {\n const sandbox = await this.sandboxService.findOneByIdOrName(sandboxIdOrName, authContext.organizationId)\n\n return this.sandboxService.toSandboxDto(sandbox)\n }\n\n @Delete(':sandboxIdOrName')\n @SkipThrottle({ authenticated: true })\n @ThrottlerScope('sandbox-lifecycle')\n @ApiOperation({\n summary: 'Delete sandbox',\n operationId: 'deleteSandbox',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Sandbox has been deleted',\n type: SandboxDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.DELETE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n })\n async deleteSandbox(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n ): Promise {\n const sandbox = await this.sandboxService.destroy(sandboxIdOrName, authContext.organizationId)\n return this.sandboxService.toSandboxDto(sandbox)\n }\n\n @Post(':sandboxIdOrName/recover')\n @HttpCode(200)\n @SkipThrottle({ authenticated: true })\n @ThrottlerScope('sandbox-lifecycle')\n @ApiOperation({\n summary: 'Recover sandbox from error state',\n operationId: 'recoverSandbox',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Recovery initiated',\n type: SandboxDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @Audit({\n action: AuditAction.RECOVER,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n })\n async recoverSandbox(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n ): Promise {\n const recoveredSandbox = await this.sandboxService.recover(sandboxIdOrName, authContext.organization)\n let sandboxDto = await this.sandboxService.toSandboxDto(recoveredSandbox)\n\n if (sandboxDto.state !== SandboxState.STARTED) {\n sandboxDto = await this.waitForSandboxStarted(sandboxDto, 30)\n }\n\n return sandboxDto\n }\n\n @Post(':sandboxIdOrName/start')\n @HttpCode(200)\n @SkipThrottle({ authenticated: true })\n @ThrottlerScope('sandbox-lifecycle')\n @ApiOperation({\n summary: 'Start sandbox',\n operationId: 'startSandbox',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Sandbox has been started or is being restored from archived state',\n type: SandboxDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @Audit({\n action: AuditAction.START,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n })\n async startSandbox(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n ): Promise {\n const sbx = await this.sandboxService.start(sandboxIdOrName, authContext.organization)\n let sandbox = await this.sandboxService.toSandboxDto(sbx)\n\n if (![SandboxState.ARCHIVED, SandboxState.RESTORING, SandboxState.STARTED].includes(sandbox.state)) {\n sandbox = await this.waitForSandboxStarted(sandbox, 30)\n }\n\n return sandbox\n }\n\n @Post(':sandboxIdOrName/stop')\n @HttpCode(200) // for Daytona Api compatibility\n @SkipThrottle({ authenticated: true })\n @ThrottlerScope('sandbox-lifecycle')\n @ApiOperation({\n summary: 'Stop sandbox',\n operationId: 'stopSandbox',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Sandbox has been stopped',\n type: SandboxDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @Audit({\n action: AuditAction.STOP,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n })\n async stopSandbox(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n ): Promise {\n const sandbox = await this.sandboxService.stop(sandboxIdOrName, authContext.organizationId)\n return this.sandboxService.toSandboxDto(sandbox)\n }\n\n @Post(':sandboxIdOrName/resize')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @SkipThrottle({ authenticated: true })\n @ThrottlerScope('sandbox-lifecycle')\n @ApiOperation({\n summary: 'Resize sandbox resources',\n operationId: 'resizeSandbox',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Sandbox has been resized',\n type: SandboxDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @RequireFlagsEnabled({ flags: [{ flagKey: FeatureFlags.SANDBOX_RESIZE, defaultValue: false }] })\n @Audit({\n action: AuditAction.RESIZE,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n cpu: req.body?.cpu,\n memory: req.body?.memory,\n disk: req.body?.disk,\n }),\n },\n })\n async resizeSandbox(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n @Body() resizeSandboxDto: ResizeSandboxDto,\n ): Promise {\n const sandbox = await this.sandboxService.resize(sandboxIdOrName, resizeSandboxDto, authContext.organization)\n return this.sandboxService.toSandboxDto(sandbox)\n }\n\n @Put(':sandboxIdOrName/labels')\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: 'Replace sandbox labels',\n operationId: 'replaceLabels',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Labels have been successfully replaced',\n type: SandboxLabelsDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @Audit({\n action: AuditAction.REPLACE_LABELS,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n labels: req.body?.labels,\n }),\n },\n })\n async replaceLabels(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n @Body() labelsDto: SandboxLabelsDto,\n ): Promise {\n const sandbox = await this.sandboxService.replaceLabels(\n sandboxIdOrName,\n labelsDto.labels,\n authContext.organizationId,\n )\n return this.sandboxService.toSandboxDto(sandbox)\n }\n\n @Put(':sandboxId/state')\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: 'Update sandbox state',\n operationId: 'updateSandboxState',\n })\n @ApiParam({\n name: 'sandboxId',\n description: 'ID of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Sandbox state has been successfully updated',\n })\n @UseGuards(RunnerAuthGuard)\n @UseGuards(SandboxAccessGuard)\n async updateSandboxState(\n @Param('sandboxId') sandboxId: string,\n @Body() updateStateDto: UpdateSandboxStateDto,\n ): Promise {\n await this.sandboxService.updateState(\n sandboxId,\n updateStateDto.state,\n updateStateDto.recoverable,\n updateStateDto.errorReason,\n )\n }\n\n @Post(':sandboxIdOrName/backup')\n @ApiOperation({\n summary: 'Create sandbox backup',\n operationId: 'createBackup',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Sandbox backup has been initiated',\n type: SandboxDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @Audit({\n action: AuditAction.CREATE_BACKUP,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n })\n async createBackup(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n ): Promise {\n const sandbox = await this.sandboxService.createBackup(sandboxIdOrName, authContext.organizationId)\n return this.sandboxService.toSandboxDto(sandbox)\n }\n\n @Post(':sandboxIdOrName/public/:isPublic')\n @ApiOperation({\n summary: 'Update public status',\n operationId: 'updatePublicStatus',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiParam({\n name: 'isPublic',\n description: 'Public status to set',\n type: 'boolean',\n })\n @ApiResponse({\n status: 200,\n description: 'Public status has been successfully updated',\n type: SandboxDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @Audit({\n action: AuditAction.UPDATE_PUBLIC_STATUS,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n requestMetadata: {\n params: (req) => ({\n isPublic: req.params.isPublic,\n }),\n },\n })\n async updatePublicStatus(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n @Param('isPublic') isPublic: boolean,\n ): Promise {\n const sandbox = await this.sandboxService.updatePublicStatus(sandboxIdOrName, isPublic, authContext.organizationId)\n return this.sandboxService.toSandboxDto(sandbox)\n }\n\n @Post(':sandboxId/last-activity')\n @ApiOperation({\n summary: 'Update sandbox last activity',\n operationId: 'updateLastActivity',\n })\n @ApiParam({\n name: 'sandboxId',\n description: 'ID of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 201,\n description: 'Last activity has been updated',\n })\n @UseGuards(OrGuard([SandboxAccessGuard, ProxyGuard, SshGatewayGuard]))\n async updateLastActivity(@Param('sandboxId') sandboxId: string): Promise {\n await this.sandboxService.updateLastActivityAt(sandboxId, new Date())\n }\n\n @Post(':sandboxIdOrName/autostop/:interval')\n @ApiOperation({\n summary: 'Set sandbox auto-stop interval',\n operationId: 'setAutostopInterval',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiParam({\n name: 'interval',\n description: 'Auto-stop interval in minutes (0 to disable)',\n type: 'number',\n })\n @ApiResponse({\n status: 200,\n description: 'Auto-stop interval has been set',\n type: SandboxDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @Audit({\n action: AuditAction.SET_AUTO_STOP_INTERVAL,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n requestMetadata: {\n params: (req) => ({\n interval: req.params.interval,\n }),\n },\n })\n async setAutostopInterval(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n @Param('interval') interval: number,\n ): Promise {\n const sandbox = await this.sandboxService.setAutostopInterval(sandboxIdOrName, interval, authContext.organizationId)\n return this.sandboxService.toSandboxDto(sandbox)\n }\n\n @Post(':sandboxIdOrName/autoarchive/:interval')\n @ApiOperation({\n summary: 'Set sandbox auto-archive interval',\n operationId: 'setAutoArchiveInterval',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiParam({\n name: 'interval',\n description: 'Auto-archive interval in minutes (0 means the maximum interval will be used)',\n type: 'number',\n })\n @ApiResponse({\n status: 200,\n description: 'Auto-archive interval has been set',\n type: SandboxDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @Audit({\n action: AuditAction.SET_AUTO_ARCHIVE_INTERVAL,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n requestMetadata: {\n params: (req) => ({\n interval: req.params.interval,\n }),\n },\n })\n async setAutoArchiveInterval(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n @Param('interval') interval: number,\n ): Promise {\n const sandbox = await this.sandboxService.setAutoArchiveInterval(\n sandboxIdOrName,\n interval,\n authContext.organizationId,\n )\n return this.sandboxService.toSandboxDto(sandbox)\n }\n\n @Post(':sandboxIdOrName/autodelete/:interval')\n @ApiOperation({\n summary: 'Set sandbox auto-delete interval',\n operationId: 'setAutoDeleteInterval',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiParam({\n name: 'interval',\n description:\n 'Auto-delete interval in minutes (negative value means disabled, 0 means delete immediately upon stopping)',\n type: 'number',\n })\n @ApiResponse({\n status: 200,\n description: 'Auto-delete interval has been set',\n type: SandboxDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @Audit({\n action: AuditAction.SET_AUTO_DELETE_INTERVAL,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n requestMetadata: {\n params: (req) => ({\n interval: req.params.interval,\n }),\n },\n })\n async setAutoDeleteInterval(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n @Param('interval') interval: number,\n ): Promise {\n const sandbox = await this.sandboxService.setAutoDeleteInterval(\n sandboxIdOrName,\n interval,\n authContext.organizationId,\n )\n return this.sandboxService.toSandboxDto(sandbox)\n }\n\n // TODO: Network settings endpoint will not be enabled for now\n // @Post(':sandboxIdOrName/network-settings')\n // @ApiOperation({\n // summary: 'Update sandbox network settings',\n // operationId: 'updateNetworkSettings',\n // })\n // @ApiParam({\n // name: 'sandboxIdOrName',\n // description: 'ID or name of the sandbox',\n // type: 'string',\n // })\n // @ApiResponse({\n // status: 200,\n // description: 'Network settings have been updated',\n // type: SandboxDto,\n // })\n // @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n // @UseGuards(SandboxAccessGuard)\n // @Audit({\n // action: AuditAction.UPDATE_NETWORK_SETTINGS,\n // targetType: AuditTarget.SANDBOX,\n // targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n // targetIdFromResult: (result: SandboxDto) => result?.id,\n // requestMetadata: {\n // body: (req: TypedRequest) => ({\n // networkBlockAll: req.body?.networkBlockAll,\n // networkAllowList: req.body?.networkAllowList,\n // }),\n // },\n // })\n // async updateNetworkSettings(\n // @AuthContext() authContext: OrganizationAuthContext,\n // @Param('sandboxIdOrName') sandboxIdOrName: string,\n // @Body() networkSettings: UpdateSandboxNetworkSettingsDto,\n // ): Promise {\n // const sandbox = await this.sandboxService.updateNetworkSettings(\n // sandboxIdOrName,\n // networkSettings.networkBlockAll,\n // networkSettings.networkAllowList,\n // authContext.organizationId,\n // )\n // return SandboxDto.fromSandbox(sandbox, '')\n // }\n\n @Post(':sandboxIdOrName/archive')\n @HttpCode(200)\n @SkipThrottle({ authenticated: true })\n @ThrottlerScope('sandbox-lifecycle')\n @ApiOperation({\n summary: 'Archive sandbox',\n operationId: 'archiveSandbox',\n })\n @ApiResponse({\n status: 200,\n description: 'Sandbox has been archived',\n type: SandboxDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @Audit({\n action: AuditAction.ARCHIVE,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n })\n async archiveSandbox(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n ): Promise {\n const sandbox = await this.sandboxService.archive(sandboxIdOrName, authContext.organizationId)\n return this.sandboxService.toSandboxDto(sandbox)\n }\n\n @Get(':sandboxIdOrName/ports/:port/preview-url')\n @ApiOperation({\n summary: 'Get preview URL for a sandbox port',\n operationId: 'getPortPreviewUrl',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiParam({\n name: 'port',\n description: 'Port number to get preview URL for',\n type: 'number',\n })\n @ApiResponse({\n status: 200,\n description: 'Preview URL for the specified port',\n type: PortPreviewUrlDto,\n })\n @UseGuards(SandboxAccessGuard)\n async getPortPreviewUrl(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n @Param('port') port: number,\n ): Promise {\n return this.sandboxService.getPortPreviewUrl(sandboxIdOrName, authContext.organizationId, port)\n }\n\n @Get(':sandboxIdOrName/ports/:port/signed-preview-url')\n @ApiOperation({\n summary: 'Get signed preview URL for a sandbox port',\n operationId: 'getSignedPortPreviewUrl',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiParam({\n name: 'port',\n description: 'Port number to get signed preview URL for',\n type: 'integer',\n })\n @ApiQuery({\n name: 'expiresInSeconds',\n required: false,\n type: 'integer',\n description: 'Expiration time in seconds (default: 60 seconds)',\n })\n @ApiResponse({\n status: 200,\n description: 'Signed preview URL for the specified port',\n type: SignedPortPreviewUrlDto,\n })\n @UseGuards(SandboxAccessGuard)\n async getSignedPortPreviewUrl(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n @Param('port') port: number,\n @Query('expiresInSeconds') expiresInSeconds?: number,\n ): Promise {\n return this.sandboxService.getSignedPortPreviewUrl(\n sandboxIdOrName,\n authContext.organizationId,\n port,\n expiresInSeconds,\n )\n }\n\n @Post(':sandboxIdOrName/ports/:port/signed-preview-url/:token/expire')\n @ApiOperation({\n summary: 'Expire signed preview URL for a sandbox port',\n operationId: 'expireSignedPortPreviewUrl',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiParam({\n name: 'port',\n description: 'Port number to expire signed preview URL for',\n type: 'integer',\n })\n @ApiParam({\n name: 'token',\n description: 'Token to expire signed preview URL for',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Signed preview URL has been expired',\n })\n @UseGuards(SandboxAccessGuard)\n async expireSignedPortPreviewUrl(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n @Param('port') port: number,\n @Param('token') token: string,\n ): Promise {\n await this.sandboxService.expireSignedPreviewUrlToken(sandboxIdOrName, authContext.organizationId, token, port)\n }\n\n @Get(':sandboxIdOrName/build-logs')\n @ApiOperation({\n summary: 'Get build logs',\n operationId: 'getBuildLogs',\n deprecated: true,\n description: 'This endpoint is deprecated. Use `getBuildLogsUrl` instead.',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Build logs stream',\n })\n @ApiQuery({\n name: 'follow',\n required: false,\n type: Boolean,\n description: 'Whether to follow the logs stream',\n })\n @UseGuards(SandboxAccessGuard)\n async getBuildLogs(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n @Query('follow', new ParseBoolPipe({ optional: true })) follow?: boolean,\n ): Promise {\n const sandbox = await this.sandboxService.findOneByIdOrName(sandboxIdOrName, authContext.organizationId)\n if (!sandbox.runnerId) {\n throw new NotFoundException(`Sandbox with ID or name ${sandboxIdOrName} has no runner assigned`)\n }\n\n if (!sandbox.buildInfo) {\n throw new NotFoundException(`Sandbox with ID or name ${sandboxIdOrName} has no build info`)\n }\n\n const runner = await this.runnerService.findOneOrFail(sandbox.runnerId)\n\n if (!runner.apiUrl) {\n throw new NotFoundException(`Runner for sandbox ${sandboxIdOrName} has no API URL`)\n }\n\n const logProxy = new LogProxy(\n runner.apiUrl,\n sandbox.buildInfo.snapshotRef.split(':')[0],\n runner.apiKey,\n follow === true,\n req,\n res,\n next,\n )\n return logProxy.create()\n }\n\n @Get(':sandboxIdOrName/build-logs-url')\n @ApiOperation({\n summary: 'Get build logs URL',\n operationId: 'getBuildLogsUrl',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Build logs URL',\n type: UrlDto,\n })\n @UseGuards(SandboxAccessGuard)\n async getBuildLogsUrl(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n ): Promise {\n const buildLogsUrl = await this.sandboxService.getBuildLogsUrl(sandboxIdOrName, authContext.organizationId)\n\n return new UrlDto(buildLogsUrl)\n }\n\n @Post(':sandboxIdOrName/ssh-access')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Create SSH access for sandbox',\n operationId: 'createSshAccess',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiQuery({\n name: 'expiresInMinutes',\n required: false,\n type: Number,\n description: 'Expiration time in minutes (default: 60)',\n })\n @ApiResponse({\n status: 200,\n description: 'SSH access has been created',\n type: SshAccessDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @Audit({\n action: AuditAction.CREATE_SSH_ACCESS,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SshAccessDto) => result?.sandboxId,\n requestMetadata: {\n query: (req) => ({\n expiresInMinutes: req.query.expiresInMinutes,\n }),\n },\n })\n async createSshAccess(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n @Query('expiresInMinutes') expiresInMinutes?: number,\n ): Promise {\n return await this.sandboxService.createSshAccess(sandboxIdOrName, expiresInMinutes, authContext.organizationId)\n }\n\n @Delete(':sandboxIdOrName/ssh-access')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Revoke SSH access for sandbox',\n operationId: 'revokeSshAccess',\n })\n @ApiParam({\n name: 'sandboxIdOrName',\n description: 'ID or name of the sandbox',\n type: 'string',\n })\n @ApiQuery({\n name: 'token',\n required: false,\n type: String,\n description: 'SSH access token to revoke. If not provided, all SSH access for the sandbox will be revoked.',\n })\n @ApiResponse({\n status: 200,\n description: 'SSH access has been revoked',\n type: SandboxDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(SandboxAccessGuard)\n @Audit({\n action: AuditAction.REVOKE_SSH_ACCESS,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxIdOrName,\n targetIdFromResult: (result: SandboxDto) => result?.id,\n requestMetadata: {\n query: (req) => ({\n token: req.query.token,\n }),\n },\n })\n async revokeSshAccess(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('sandboxIdOrName') sandboxIdOrName: string,\n @Query('token') token?: string,\n ): Promise {\n const sandbox = await this.sandboxService.revokeSshAccess(sandboxIdOrName, token, authContext.organizationId)\n return this.sandboxService.toSandboxDto(sandbox)\n }\n\n @Get('ssh-access/validate')\n @ApiOperation({\n summary: 'Validate SSH access for sandbox',\n operationId: 'validateSshAccess',\n })\n @ApiQuery({\n name: 'token',\n required: true,\n type: String,\n description: 'SSH access token to validate',\n })\n @ApiResponse({\n status: 200,\n description: 'SSH access validation result',\n type: SshAccessValidationDto,\n })\n async validateSshAccess(@Query('token') token: string): Promise {\n const result = await this.sandboxService.validateSshAccess(token)\n return SshAccessValidationDto.fromValidationResult(result.valid, result.sandboxId)\n }\n\n @Get(':sandboxId/toolbox-proxy-url')\n @ApiOperation({\n summary: 'Get toolbox proxy URL for a sandbox',\n operationId: 'getToolboxProxyUrl',\n })\n @ApiParam({\n name: 'sandboxId',\n description: 'ID of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Toolbox proxy URL for the specified sandbox',\n type: ToolboxProxyUrlDto,\n })\n @UseGuards(SandboxAccessGuard)\n async getToolboxProxyUrl(@Param('sandboxId') sandboxId: string): Promise {\n const url = await this.sandboxService.getToolboxProxyUrl(sandboxId)\n return new ToolboxProxyUrlDto(url)\n }\n\n // wait up to `timeoutSeconds` for the sandbox to start; if it doesn’t, return current sandbox\n private async waitForSandboxStarted(sandbox: SandboxDto, timeoutSeconds: number): Promise {\n let latestSandbox: Sandbox\n const waitForStarted = new Promise((resolve, reject) => {\n // eslint-disable-next-line\n let timeout: NodeJS.Timeout\n const handleStateUpdated = (event: SandboxStateUpdatedEvent) => {\n if (event.sandbox.id !== sandbox.id) {\n return\n }\n latestSandbox = event.sandbox\n if (event.sandbox.state === SandboxState.STARTED) {\n this.sandboxCallbacks.delete(sandbox.id)\n clearTimeout(timeout)\n resolve(this.sandboxService.toSandboxDto(event.sandbox))\n }\n if (event.sandbox.state === SandboxState.ERROR || event.sandbox.state === SandboxState.BUILD_FAILED) {\n this.sandboxCallbacks.delete(sandbox.id)\n clearTimeout(timeout)\n reject(new BadRequestError(`Sandbox failed to start: ${event.sandbox.errorReason}`))\n }\n }\n\n this.sandboxCallbacks.set(sandbox.id, handleStateUpdated)\n\n timeout = setTimeout(() => {\n this.sandboxCallbacks.delete(sandbox.id)\n if (latestSandbox) {\n resolve(this.sandboxService.toSandboxDto(latestSandbox))\n } else {\n resolve(sandbox)\n }\n }, timeoutSeconds * 1000)\n })\n\n return waitForStarted\n }\n\n private handleSandboxStateUpdated(event: SandboxStateUpdatedEvent) {\n const callback = this.sandboxCallbacks.get(event.sandbox.id)\n if (callback) {\n callback(event)\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/controllers/snapshot.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Body,\n Controller,\n Delete,\n Get,\n Param,\n Patch,\n Post,\n Query,\n UseGuards,\n HttpCode,\n ForbiddenException,\n Logger,\n NotFoundException,\n Res,\n Request,\n RawBodyRequest,\n Next,\n ParseBoolPipe,\n} from '@nestjs/common'\nimport { IncomingMessage, ServerResponse } from 'http'\nimport { NextFunction } from 'express'\nimport { SnapshotService } from '../services/snapshot.service'\nimport { RunnerService } from '../services/runner.service'\nimport {\n ApiOAuth2,\n ApiTags,\n ApiOperation,\n ApiResponse,\n ApiParam,\n ApiQuery,\n ApiHeader,\n ApiBearerAuth,\n} from '@nestjs/swagger'\nimport { CreateSnapshotDto } from '../dto/create-snapshot.dto'\nimport { SnapshotDto } from '../dto/snapshot.dto'\nimport { PaginatedSnapshotsDto } from '../dto/paginated-snapshots.dto'\nimport { SnapshotAccessGuard } from '../guards/snapshot-access.guard'\nimport { SnapshotReadAccessGuard } from '../guards/snapshot-read-access.guard'\nimport { CustomHeaders } from '../../common/constants/header.constants'\nimport { AuthContext } from '../../common/decorators/auth-context.decorator'\nimport { OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { RequiredOrganizationResourcePermissions } from '../../organization/decorators/required-organization-resource-permissions.decorator'\nimport { OrganizationResourcePermission } from '../../organization/enums/organization-resource-permission.enum'\nimport { OrganizationResourceActionGuard } from '../../organization/guards/organization-resource-action.guard'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { SystemActionGuard } from '../../auth/system-action.guard'\nimport { RequiredSystemRole } from '../../common/decorators/required-role.decorator'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { SetSnapshotGeneralStatusDto } from '../dto/update-snapshot.dto'\nimport { LogProxy } from '../proxy/log-proxy'\nimport { BadRequestError } from '../../exceptions/bad-request.exception'\nimport { Snapshot } from '../entities/snapshot.entity'\nimport { Audit, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { ListSnapshotsQueryDto } from '../dto/list-snapshots-query.dto'\nimport { SnapshotState } from '../enums/snapshot-state.enum'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\nimport { UrlDto } from '../../common/dto/url.dto'\n\n@ApiTags('snapshots')\n@Controller('snapshots')\n@ApiHeader(CustomHeaders.ORGANIZATION_ID)\n@UseGuards(CombinedAuthGuard, SystemActionGuard, OrganizationResourceActionGuard, AuthenticatedRateLimitGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class SnapshotController {\n private readonly logger = new Logger(SnapshotController.name)\n\n constructor(\n private readonly snapshotService: SnapshotService,\n private readonly runnerService: RunnerService,\n ) {}\n\n @Post()\n @HttpCode(200)\n @ApiOperation({\n summary: 'Create a new snapshot',\n operationId: 'createSnapshot',\n })\n @ApiResponse({\n status: 200,\n description: 'The snapshot has been successfully created.',\n type: SnapshotDto,\n })\n @ApiResponse({\n status: 400,\n description: 'Bad request - Snapshots with tag \":latest\" are not allowed',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SNAPSHOTS])\n @Audit({\n action: AuditAction.CREATE,\n targetType: AuditTarget.SNAPSHOT,\n targetIdFromResult: (result: SnapshotDto) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n name: req.body?.name,\n imageName: req.body?.imageName,\n entrypoint: req.body?.entrypoint,\n general: req.body?.general,\n cpu: req.body?.cpu,\n memory: req.body?.memory,\n disk: req.body?.disk,\n gpu: req.body?.gpu,\n buildInfo: req.body?.buildInfo,\n }),\n },\n })\n async createSnapshot(\n @AuthContext() authContext: OrganizationAuthContext,\n @Body() createSnapshotDto: CreateSnapshotDto,\n ): Promise {\n if (createSnapshotDto.general && authContext.role !== SystemRole.ADMIN) {\n throw new ForbiddenException('Insufficient permissions for creating general snapshots')\n }\n\n if (createSnapshotDto.buildInfo) {\n if (createSnapshotDto.imageName) {\n throw new BadRequestError('Cannot specify an image name when using a build info entry')\n }\n if (createSnapshotDto.entrypoint) {\n throw new BadRequestError('Cannot specify an entrypoint when using a build info entry')\n }\n } else {\n if (!createSnapshotDto.imageName) {\n throw new BadRequestError('Must specify an image name when not using a build info entry')\n }\n }\n\n // TODO: consider - if using transient registry, prepend the snapshot name with the username\n const snapshot = createSnapshotDto.buildInfo\n ? await this.snapshotService.createFromBuildInfo(authContext.organization, createSnapshotDto)\n : await this.snapshotService.createFromPull(authContext.organization, createSnapshotDto)\n return SnapshotDto.fromSnapshot(snapshot)\n }\n\n @Get('can-cleanup-image')\n @ApiOperation({\n summary: 'Check if an image can be cleaned up',\n operationId: 'canCleanupImage',\n })\n @ApiQuery({\n name: 'imageName',\n required: true,\n type: String,\n description: 'Image name with tag to check',\n })\n @ApiResponse({\n status: 200,\n description: 'Boolean indicating if image can be cleaned up',\n type: Boolean,\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n async canCleanupImage(@Query('imageName') imageName: string): Promise {\n return this.snapshotService.canCleanupImage(imageName)\n }\n\n @Get(':id')\n @ApiOperation({\n summary: 'Get snapshot by ID or name',\n operationId: 'getSnapshot',\n })\n @ApiParam({\n name: 'id',\n description: 'Snapshot ID or name',\n })\n @ApiResponse({\n status: 200,\n description: 'The snapshot',\n type: SnapshotDto,\n })\n @ApiResponse({\n status: 404,\n description: 'Snapshot not found',\n })\n @UseGuards(SnapshotReadAccessGuard)\n async getSnapshot(\n @Param('id') snapshotIdOrName: string,\n @AuthContext() authContext: OrganizationAuthContext,\n ): Promise {\n const snapshot = await this.snapshotService.getSnapshotWithRegions(snapshotIdOrName, authContext.organizationId)\n return SnapshotDto.fromSnapshot(snapshot)\n }\n\n @Delete(':id')\n @ApiOperation({\n summary: 'Delete snapshot',\n operationId: 'removeSnapshot',\n })\n @ApiParam({\n name: 'id',\n description: 'Snapshot ID',\n })\n @ApiResponse({\n status: 200,\n description: 'Snapshot has been deleted',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.DELETE_SNAPSHOTS])\n @UseGuards(SnapshotAccessGuard)\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.SNAPSHOT,\n targetIdFromRequest: (req) => req.params.id,\n })\n async removeSnapshot(@Param('id') snapshotId: string): Promise {\n await this.snapshotService.removeSnapshot(snapshotId)\n }\n\n @Get()\n @ApiOperation({\n summary: 'List all snapshots',\n operationId: 'getAllSnapshots',\n })\n @ApiResponse({\n status: 200,\n description: 'Paginated list of all snapshots',\n type: PaginatedSnapshotsDto,\n })\n async getAllSnapshots(\n @AuthContext() authContext: OrganizationAuthContext,\n @Query() queryParams: ListSnapshotsQueryDto,\n ): Promise {\n const { page, limit, name, sort, order } = queryParams\n\n const result = await this.snapshotService.getAllSnapshots(\n authContext.organizationId,\n page,\n limit,\n { name },\n { field: sort, direction: order },\n )\n\n return {\n items: result.items.map(SnapshotDto.fromSnapshot),\n total: result.total,\n page: result.page,\n totalPages: result.totalPages,\n }\n }\n\n @Patch(':id/general')\n @ApiOperation({\n summary: 'Set snapshot general status',\n operationId: 'setSnapshotGeneralStatus',\n })\n @ApiParam({\n name: 'id',\n description: 'Snapshot ID',\n })\n @ApiResponse({\n status: 200,\n description: 'Snapshot general status has been set',\n type: SnapshotDto,\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n @Audit({\n action: AuditAction.SET_GENERAL_STATUS,\n targetType: AuditTarget.SNAPSHOT,\n targetIdFromRequest: (req) => req.params.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n general: req.body?.general,\n }),\n },\n })\n async setSnapshotGeneralStatus(\n @Param('id') snapshotId: string,\n @Body() dto: SetSnapshotGeneralStatusDto,\n ): Promise {\n const snapshot = await this.snapshotService.setSnapshotGeneralStatus(snapshotId, dto.general)\n return SnapshotDto.fromSnapshot(snapshot)\n }\n\n @Get(':id/build-logs')\n @ApiOperation({\n summary: 'Get snapshot build logs',\n operationId: 'getSnapshotBuildLogs',\n deprecated: true,\n description: 'This endpoint is deprecated. Use `getSnapshotBuildLogsUrl` instead.',\n })\n @ApiParam({\n name: 'id',\n description: 'Snapshot ID',\n })\n @ApiQuery({\n name: 'follow',\n required: false,\n type: Boolean,\n description: 'Whether to follow the logs stream',\n })\n @UseGuards(SnapshotAccessGuard)\n async getSnapshotBuildLogs(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n @Param('id') snapshotId: string,\n @Query('follow', new ParseBoolPipe({ optional: true })) follow?: boolean,\n ): Promise {\n let snapshot = await this.snapshotService.getSnapshot(snapshotId)\n\n // Check if the snapshot has build info\n if (!snapshot.buildInfo) {\n throw new NotFoundException(`Snapshot ${snapshotId} has no build info`)\n }\n\n if (snapshot.state == SnapshotState.ACTIVE) {\n // Close the connection\n res.end()\n return\n }\n\n // Retry until a runner is assigned or timeout after 30 seconds\n const startTime = Date.now()\n const timeoutMs = 30 * 1000\n\n while (!snapshot.initialRunnerId) {\n if (Date.now() - startTime > timeoutMs) {\n throw new NotFoundException(`Timeout waiting for build runner assignment for snapshot ${snapshotId}`)\n }\n await new Promise((resolve) => setTimeout(resolve, 1000))\n snapshot = await this.snapshotService.getSnapshot(snapshotId)\n }\n\n const runner = await this.runnerService.findOneOrFail(snapshot.initialRunnerId)\n\n if (!runner.apiUrl) {\n throw new NotFoundException(`Build runner for snapshot ${snapshotId} has no API URL`)\n }\n\n const logProxy = new LogProxy(\n runner.apiUrl,\n snapshot.buildInfo.snapshotRef,\n runner.apiKey,\n follow === true,\n req,\n res,\n next,\n )\n return logProxy.create()\n }\n\n @Get(':id/build-logs-url')\n @ApiOperation({\n summary: 'Get snapshot build logs URL',\n operationId: 'getSnapshotBuildLogsUrl',\n })\n @ApiParam({\n name: 'id',\n description: 'Snapshot ID',\n })\n @ApiResponse({\n status: 200,\n description: 'The snapshot build logs URL',\n type: UrlDto,\n })\n @UseGuards(SnapshotAccessGuard)\n async getSnapshotBuildLogsUrl(@Param('id') snapshotId: string): Promise {\n let snapshot = await this.snapshotService.getSnapshot(snapshotId)\n\n // Check if the snapshot has build info\n if (!snapshot.buildInfo) {\n throw new NotFoundException(`Snapshot ${snapshotId} has no build info`)\n }\n\n // Retry until a runner is assigned or timeout after 30 seconds\n const startTime = Date.now()\n const timeoutMs = 30 * 1000\n\n while (!snapshot.initialRunnerId) {\n if (Date.now() - startTime > timeoutMs) {\n throw new NotFoundException(`Timeout waiting for build runner assignment for snapshot ${snapshotId}`)\n }\n await new Promise((resolve) => setTimeout(resolve, 1000))\n snapshot = await this.snapshotService.getSnapshot(snapshotId)\n }\n\n const url = await this.snapshotService.getBuildLogsUrl(snapshot)\n return new UrlDto(url)\n }\n\n @Post(':id/activate')\n @HttpCode(200)\n @ApiOperation({\n summary: 'Activate a snapshot',\n operationId: 'activateSnapshot',\n })\n @ApiParam({\n name: 'id',\n description: 'Snapshot ID',\n })\n @ApiResponse({\n status: 200,\n description: 'The snapshot has been successfully activated.',\n type: SnapshotDto,\n })\n @ApiResponse({\n status: 400,\n description: 'Bad request - Snapshot is already active, not in inactive state, or has associated snapshot runners',\n })\n @ApiResponse({\n status: 404,\n description: 'Snapshot not found',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SNAPSHOTS])\n @UseGuards(SnapshotAccessGuard)\n @Audit({\n action: AuditAction.ACTIVATE,\n targetType: AuditTarget.SNAPSHOT,\n targetIdFromRequest: (req) => req.params.id,\n })\n async activateSnapshot(\n @Param('id') snapshotId: string,\n @AuthContext() authContext: OrganizationAuthContext,\n ): Promise {\n const snapshot = await this.snapshotService.activateSnapshot(snapshotId, authContext.organization)\n return SnapshotDto.fromSnapshot(snapshot)\n }\n\n @Post(':id/deactivate')\n @HttpCode(204)\n @ApiOperation({\n summary: 'Deactivate a snapshot',\n operationId: 'deactivateSnapshot',\n })\n @ApiParam({\n name: 'id',\n description: 'Snapshot ID',\n })\n @ApiResponse({\n status: 204,\n description: 'The snapshot has been successfully deactivated.',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SNAPSHOTS])\n @UseGuards(SnapshotAccessGuard)\n @Audit({\n action: AuditAction.DEACTIVATE,\n targetType: AuditTarget.SNAPSHOT,\n targetIdFromRequest: (req) => req.params.id,\n })\n async deactivateSnapshot(@Param('id') snapshotId: string) {\n await this.snapshotService.deactivateSnapshot(snapshotId)\n }\n}\n" }, { "path": "apps/api/src/sandbox/controllers/toolbox.deprecated.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Controller,\n Get,\n Post,\n Delete,\n Body,\n Param,\n Request,\n Logger,\n UseGuards,\n HttpCode,\n UseInterceptors,\n RawBodyRequest,\n BadRequestException,\n Res,\n Next,\n} from '@nestjs/common'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport {\n ApiOAuth2,\n ApiResponse,\n ApiQuery,\n ApiOperation,\n ApiConsumes,\n ApiBody,\n ApiTags,\n ApiParam,\n ApiHeader,\n ApiBearerAuth,\n} from '@nestjs/swagger'\nimport {\n FileInfoDto,\n MatchDto,\n SearchFilesResponseDto,\n ReplaceRequestDto,\n ReplaceResultDto,\n GitAddRequestDto,\n GitBranchRequestDto,\n GitDeleteBranchRequestDto,\n GitCloneRequestDto,\n GitCommitRequestDto,\n GitCommitResponseDto,\n GitRepoRequestDto,\n GitStatusDto,\n ListBranchResponseDto,\n GitCommitInfoDto,\n GitCheckoutRequestDto,\n ExecuteRequestDto,\n ExecuteResponseDto,\n ProjectDirResponseDto,\n CreateSessionRequestDto,\n SessionExecuteRequestDto,\n SessionExecuteResponseDto,\n SessionDto,\n CommandDto,\n MousePositionDto,\n MouseMoveRequestDto,\n MouseMoveResponseDto,\n MouseClickRequestDto,\n MouseClickResponseDto,\n MouseDragRequestDto,\n MouseDragResponseDto,\n MouseScrollRequestDto,\n MouseScrollResponseDto,\n KeyboardTypeRequestDto,\n KeyboardPressRequestDto,\n KeyboardHotkeyRequestDto,\n ScreenshotResponseDto,\n RegionScreenshotResponseDto,\n CompressedScreenshotResponseDto,\n DisplayInfoResponseDto,\n WindowsResponseDto,\n ComputerUseStartResponseDto,\n ComputerUseStopResponseDto,\n ComputerUseStatusResponseDto,\n ProcessStatusResponseDto,\n ProcessRestartResponseDto,\n ProcessLogsResponseDto,\n ProcessErrorsResponseDto,\n UserHomeDirResponseDto,\n WorkDirResponseDto,\n PtyCreateRequestDto,\n PtyCreateResponseDto,\n PtySessionInfoDto,\n PtyListResponseDto,\n PtyResizeRequestDto,\n} from '../dto/toolbox.deprecated.dto'\nimport { ToolboxService } from '../services/toolbox.deprecated.service'\nimport { ContentTypeInterceptor } from '../../common/interceptors/content-type.interceptors'\nimport {\n CompletionListDto,\n LspCompletionParamsDto,\n LspDocumentRequestDto,\n LspSymbolDto,\n LspServerRequestDto,\n} from '../dto/lsp.dto'\nimport { createProxyMiddleware, RequestHandler, fixRequestBody, Options } from 'http-proxy-middleware'\nimport { IncomingMessage } from 'http'\nimport { NextFunction } from 'express'\nimport { ServerResponse } from 'http'\nimport { SandboxAccessGuard } from '../guards/sandbox-access.guard'\nimport { CustomHeaders } from '../../common/constants/header.constants'\nimport { OrganizationResourceActionGuard } from '../../organization/guards/organization-resource-action.guard'\nimport { RequiredOrganizationResourcePermissions } from '../../organization/decorators/required-organization-resource-permissions.decorator'\nimport { OrganizationResourcePermission } from '../../organization/enums/organization-resource-permission.enum'\nimport followRedirects from 'follow-redirects'\nimport { UploadFileDto } from '../dto/upload-file.dto'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { Audit, MASKED_AUDIT_VALUE, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport { DownloadFilesDto } from '../dto/download-files.dto'\nimport { SkipThrottle } from '@nestjs/throttler'\n\nfollowRedirects.maxRedirects = 10\nfollowRedirects.maxBodyLength = 50 * 1024 * 1024\n\ntype RunnerInfo = {\n apiKey: string\n apiUrl: string\n}\nconst RUNNER_INFO_CACHE_PREFIX = 'proxy:sandbox-runner-info:'\nconst RUNNER_INFO_CACHE_TTL = 2 * 60 // 2 minutes\n\n@ApiTags('toolbox')\n@Controller('toolbox')\n@ApiHeader(CustomHeaders.ORGANIZATION_ID)\n@SkipThrottle({ anonymous: true, authenticated: true })\n@UseGuards(CombinedAuthGuard, OrganizationResourceActionGuard, SandboxAccessGuard)\n@RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class ToolboxController {\n private readonly logger = new Logger(ToolboxController.name)\n private readonly toolboxProxy: RequestHandler<\n RawBodyRequest,\n ServerResponse,\n NextFunction\n >\n private readonly toolboxStreamProxy: RequestHandler<\n RawBodyRequest,\n ServerResponse,\n NextFunction\n >\n\n constructor(\n private readonly toolboxService: ToolboxService,\n @InjectRedis() private readonly redis: Redis,\n ) {\n const commonProxyOptions: Options = {\n router: async (req: RawBodyRequest) => {\n // eslint-disable-next-line no-useless-escape\n const sandboxId = req.url.match(/^\\/api\\/toolbox\\/([^\\/]+)\\/toolbox/)?.[1]\n try {\n const runnerInfo = await this.getRunnerInfo(sandboxId)\n\n // @ts-expect-error - used later to set request headers\n req._runnerApiKey = runnerInfo.apiKey\n\n return runnerInfo.apiUrl\n } catch (err) {\n // @ts-expect-error - used later to throw error\n req._err = err\n }\n\n // Must return a valid url\n return 'http://target-error'\n },\n pathRewrite: (path) => {\n // eslint-disable-next-line no-useless-escape\n const sandboxId = path.match(/^\\/api\\/toolbox\\/([^\\/]+)\\/toolbox/)?.[1]\n const routePath = path.split(`/api/toolbox/${sandboxId}/toolbox`)[1]\n const newPath = `/sandboxes/${sandboxId}/toolbox${routePath}`\n\n // Handle files path which is served on /files/ in the daemon\n // TODO: Circle back to this after daemon versioning\n // We can then switch /files/ to /files and only perform this for older daemon versions\n const url = new URL(`http://runner${newPath}`)\n if (url.pathname.endsWith('/files')) {\n url.pathname = url.pathname + '/'\n return url.toString().replace('http://runner', '')\n }\n\n return newPath\n },\n changeOrigin: true,\n autoRewrite: true,\n proxyTimeout: 5 * 60 * 1000,\n on: {\n proxyReq: (proxyReq, req, res) => {\n // @ts-expect-error - set when routing\n if (req._err) {\n res.writeHead(400, { 'Content-Type': 'application/json' })\n // @ts-expect-error - set when routing\n res.end(JSON.stringify(req._err))\n return\n }\n\n // @ts-expect-error - set when routing\n const runnerApiKey = req._runnerApiKey\n\n try {\n proxyReq.setHeader('Authorization', `Bearer ${runnerApiKey}`)\n } catch {\n // Ignore error - headers are already set\n return\n }\n fixRequestBody(proxyReq, req)\n },\n proxyRes: (proxyRes, req, res) => {\n // console.log('proxyRes', proxyRes)\n },\n },\n }\n\n this.toolboxProxy = createProxyMiddleware({\n ...commonProxyOptions,\n followRedirects: true,\n })\n\n this.toolboxStreamProxy = createProxyMiddleware({\n ...commonProxyOptions,\n followRedirects: false,\n })\n }\n\n private async getRunnerInfo(sandboxId: string): Promise {\n let runnerInfo: RunnerInfo | null = null\n try {\n const cached: { value: RunnerInfo } = JSON.parse(await this.redis.get(`${RUNNER_INFO_CACHE_PREFIX}${sandboxId}`))\n runnerInfo = cached.value\n } catch {\n // Ignore error and fetch from db\n }\n\n if (!runnerInfo) {\n const runner = await this.toolboxService.getRunner(sandboxId)\n if (!runner.proxyUrl) {\n throw new BadRequestException('Runner proxy URL not found')\n }\n\n runnerInfo = {\n apiKey: runner.apiKey,\n apiUrl: runner.proxyUrl,\n }\n await this.redis.set(\n `${RUNNER_INFO_CACHE_PREFIX}${sandboxId}`,\n JSON.stringify({ value: runnerInfo }),\n 'EX',\n RUNNER_INFO_CACHE_TTL,\n )\n }\n\n return runnerInfo\n }\n\n @Get(':sandboxId/toolbox/project-dir')\n @ApiOperation({\n summary: '[DEPRECATED] Get sandbox project dir',\n operationId: 'getProjectDir_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Project directory retrieved successfully',\n type: ProjectDirResponseDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getProjectDir(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/user-home-dir')\n @ApiOperation({\n summary: '[DEPRECATED] Get sandbox user home dir',\n operationId: 'getUserHomeDir_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'User home directory retrieved successfully',\n type: UserHomeDirResponseDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getUserHomeDir(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/work-dir')\n @ApiOperation({\n summary: '[DEPRECATED] Get sandbox work-dir',\n operationId: 'getWorkDir_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Work-dir retrieved successfully',\n type: WorkDirResponseDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getWorkDir(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/files')\n @ApiOperation({\n summary: '[DEPRECATED] List files',\n operationId: 'listFiles_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Files listed successfully',\n type: [FileInfoDto],\n })\n @ApiQuery({ name: 'path', type: String, required: false })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async listFiles(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Delete(':sandboxId/toolbox/files')\n @ApiOperation({\n summary: '[DEPRECATED] Delete file',\n description: 'Delete file inside sandbox',\n operationId: 'deleteFile_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'File deleted successfully',\n })\n @ApiQuery({ name: 'path', type: String, required: true })\n @ApiQuery({ name: 'recursive', type: Boolean, required: false })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_DELETE_FILE,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n query: (req) => ({\n path: req.query.path,\n }),\n },\n })\n async deleteFile(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/files/download')\n @ApiOperation({\n summary: '[DEPRECATED] Download file',\n description: 'Download file from sandbox',\n operationId: 'downloadFile_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'File downloaded successfully',\n schema: {\n type: 'string',\n format: 'binary',\n },\n })\n @ApiQuery({ name: 'path', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_DOWNLOAD_FILE,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n query: (req) => ({\n path: req.query.path,\n }),\n },\n })\n async downloadFile(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/files/bulk-download')\n @ApiOperation({\n summary: '[DEPRECATED] Download multiple files',\n description: 'Streams back a multipart/form-data bundle of the requested paths',\n operationId: 'downloadFiles_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'A multipart/form-data response with each file as a part',\n schema: {\n type: 'string',\n format: 'binary',\n },\n })\n @ApiBody({\n type: DownloadFilesDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async downloadFiles(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/files/find')\n @ApiOperation({\n summary: '[DEPRECATED] Search for text/pattern in files',\n description: 'Search for text/pattern inside sandbox files',\n operationId: 'findInFiles_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Search completed successfully',\n type: [MatchDto],\n })\n @ApiQuery({ name: 'pattern', type: String, required: true })\n @ApiQuery({ name: 'path', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async findInFiles(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/files/folder')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Create folder',\n description: 'Create folder inside sandbox',\n operationId: 'createFolder_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Folder created successfully',\n })\n @ApiQuery({ name: 'mode', type: String, required: true })\n @ApiQuery({ name: 'path', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_CREATE_FOLDER,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n query: (req) => ({\n path: req.query.path,\n mode: req.query.mode,\n }),\n },\n })\n async createFolder(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/files/info')\n @ApiOperation({\n summary: '[DEPRECATED] Get file info',\n description: 'Get file info inside sandbox',\n operationId: 'getFileInfo_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'File info retrieved successfully',\n type: FileInfoDto,\n })\n @ApiQuery({ name: 'path', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getFileInfo(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/files/move')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Move file',\n description: 'Move file inside sandbox',\n operationId: 'moveFile_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'File moved successfully',\n })\n @ApiQuery({ name: 'destination', type: String, required: true })\n @ApiQuery({ name: 'source', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_MOVE_FILE,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n query: (req) => ({\n destination: req.query.destination,\n source: req.query.source,\n }),\n },\n })\n async moveFile(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/files/permissions')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Set file permissions',\n description: 'Set file owner/group/permissions inside sandbox',\n operationId: 'setFilePermissions_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'File permissions updated successfully',\n })\n @ApiQuery({ name: 'mode', type: String, required: false })\n @ApiQuery({ name: 'group', type: String, required: false })\n @ApiQuery({ name: 'owner', type: String, required: false })\n @ApiQuery({ name: 'path', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_SET_FILE_PERMISSIONS,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n query: (req) => ({\n mode: req.query.mode,\n group: req.query.group,\n owner: req.query.owner,\n path: req.query.path,\n }),\n },\n })\n async setFilePermissions(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/files/replace')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Replace in files',\n description: 'Replace text/pattern in multiple files inside sandbox',\n operationId: 'replaceInFiles_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Text replaced successfully',\n type: [ReplaceResultDto],\n })\n @ApiBody({\n type: ReplaceRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_REPLACE_IN_FILES,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n files: req.body?.files,\n pattern: req.body?.pattern,\n newValue: req.body?.newValue,\n }),\n },\n })\n async replaceInFiles(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/files/search')\n @ApiOperation({\n summary: '[DEPRECATED] Search files',\n description: 'Search for files inside sandbox',\n operationId: 'searchFiles_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Search completed successfully',\n type: SearchFilesResponseDto,\n })\n @ApiQuery({ name: 'pattern', type: String, required: true })\n @ApiQuery({ name: 'path', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async searchFiles(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @HttpCode(200)\n @Post(':sandboxId/toolbox/files/upload')\n @ApiOperation({\n summary: '[DEPRECATED] Upload file',\n description: 'Upload file inside sandbox',\n operationId: 'uploadFile_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'File uploaded successfully',\n })\n @ApiConsumes('multipart/form-data')\n @ApiBody({\n schema: {\n type: 'object',\n properties: {\n file: {\n type: 'string',\n format: 'binary',\n },\n },\n },\n })\n @ApiQuery({ name: 'path', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_UPLOAD_FILE,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n query: (req) => ({\n path: req.query.path,\n }),\n },\n })\n async uploadFile(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return this.toolboxProxy(req, res, next)\n }\n\n @HttpCode(200)\n @Post(':sandboxId/toolbox/files/bulk-upload')\n @ApiOperation({\n summary: '[DEPRECATED] Upload multiple files',\n description: 'Upload multiple files inside sandbox',\n operationId: 'uploadFiles_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Files uploaded successfully',\n })\n @ApiConsumes('multipart/form-data')\n @ApiBody({ type: [UploadFileDto] })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_BULK_UPLOAD_FILES,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n })\n async uploadFiles(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return this.toolboxStreamProxy(req, res, next)\n }\n\n // Git operations\n @Post(':sandboxId/toolbox/git/add')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Add files',\n description: 'Add files to git commit',\n operationId: 'gitAddFiles_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Files added to git successfully',\n })\n @ApiBody({\n type: GitAddRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_GIT_ADD_FILES,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n path: req.body?.path,\n files: req.body?.files,\n }),\n },\n })\n async gitAddFiles(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/git/branches')\n @ApiOperation({\n summary: '[DEPRECATED] Get branch list',\n description: 'Get branch list from git repository',\n operationId: 'gitListBranches_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Branch list retrieved successfully',\n type: ListBranchResponseDto,\n })\n @ApiQuery({ name: 'path', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async gitBranchList(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/git/branches')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Create branch',\n description: 'Create branch on git repository',\n operationId: 'gitCreateBranch_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Branch created successfully',\n })\n @ApiBody({\n type: GitBranchRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_GIT_CREATE_BRANCH,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n path: req.body?.path,\n name: req.body?.name,\n }),\n },\n })\n async gitCreateBranch(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Delete(':sandboxId/toolbox/git/branches')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Delete branch',\n description: 'Delete branch on git repository',\n operationId: 'gitDeleteBranch_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Branch deleted successfully',\n })\n @ApiBody({\n type: GitDeleteBranchRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_GIT_DELETE_BRANCH,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n path: req.body?.path,\n name: req.body?.name,\n }),\n },\n })\n async gitDeleteBranch(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/git/clone')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Clone repository',\n description: 'Clone git repository',\n operationId: 'gitCloneRepository_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Repository cloned successfully',\n })\n @ApiBody({\n type: GitCloneRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_GIT_CLONE_REPOSITORY,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n url: req.body?.url,\n path: req.body?.path,\n username: req.body?.username,\n password: req.body?.password ? MASKED_AUDIT_VALUE : undefined,\n branch: req.body?.branch,\n commit_id: req.body?.commit_id,\n }),\n },\n })\n async gitCloneRepository(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/git/commit')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Commit changes',\n description: 'Commit changes to git repository',\n operationId: 'gitCommitChanges_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Changes committed successfully',\n type: GitCommitResponseDto,\n })\n @ApiBody({\n type: GitCommitRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_GIT_COMMIT_CHANGES,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n path: req.body?.path,\n message: req.body?.message,\n author: req.body?.author,\n email: req.body?.email,\n allow_empty: req.body?.allow_empty,\n }),\n },\n })\n async gitCommitChanges(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/git/history')\n @ApiOperation({\n summary: '[DEPRECATED] Get commit history',\n description: 'Get commit history from git repository',\n operationId: 'gitGetHistory_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Commit history retrieved successfully',\n type: [GitCommitInfoDto],\n })\n @ApiQuery({ name: 'path', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async gitCommitHistory(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/git/pull')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Pull changes',\n description: 'Pull changes from remote',\n operationId: 'gitPullChanges_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Changes pulled successfully',\n })\n @ApiBody({\n type: GitRepoRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_GIT_PULL_CHANGES,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n path: req.body?.path,\n username: req.body?.username,\n password: req.body?.password ? MASKED_AUDIT_VALUE : undefined,\n }),\n },\n })\n async gitPullChanges(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/git/push')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Push changes',\n description: 'Push changes to remote',\n operationId: 'gitPushChanges_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Changes pushed successfully',\n })\n @ApiBody({\n type: GitRepoRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_GIT_PUSH_CHANGES,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n path: req.body?.path,\n username: req.body?.username,\n password: req.body?.password ? MASKED_AUDIT_VALUE : undefined,\n }),\n },\n })\n async gitPushChanges(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/git/checkout')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Checkout branch',\n description: 'Checkout branch or commit in git repository',\n operationId: 'gitCheckoutBranch_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Branch checked out successfully',\n })\n @ApiBody({\n type: GitCheckoutRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_GIT_CHECKOUT_BRANCH,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n path: req.body?.path,\n branch: req.body?.branch,\n }),\n },\n })\n async gitCheckoutBranch(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/git/status')\n @ApiOperation({\n summary: '[DEPRECATED] Get git status',\n description: 'Get status from git repository',\n operationId: 'gitGetStatus_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Git status retrieved successfully',\n type: GitStatusDto,\n })\n @ApiQuery({ name: 'path', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async gitStatus(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/process/execute')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Execute command',\n description: 'Execute command synchronously inside sandbox',\n operationId: 'executeCommand_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Command executed successfully',\n type: ExecuteResponseDto,\n })\n @Audit({\n action: AuditAction.TOOLBOX_EXECUTE_COMMAND,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n command: req.body?.command,\n cwd: req.body?.cwd,\n timeout: req.body?.timeout,\n }),\n },\n })\n async executeCommand(\n @Param('sandboxId') sandboxId: string,\n @Body() executeRequest: ExecuteRequestDto,\n ): Promise {\n const response = await this.toolboxService.forwardRequestToRunner(\n sandboxId,\n 'POST',\n '/toolbox/process/execute',\n executeRequest,\n )\n\n // TODO: use new proxy - can't use it now because of this\n return {\n exitCode: response.exitCode ?? response.code,\n result: response.result,\n }\n }\n\n // Session management endpoints\n @Get(':sandboxId/toolbox/process/session')\n @ApiOperation({\n summary: '[DEPRECATED] List sessions',\n description: 'List all active sessions in the sandbox',\n operationId: 'listSessions_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Sessions retrieved successfully',\n type: [SessionDto],\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async listSessions(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/process/session/:sessionId')\n @ApiOperation({\n summary: '[DEPRECATED] Get session',\n description: 'Get session by ID',\n operationId: 'getSession_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Session retrieved successfully',\n type: SessionDto,\n })\n @ApiParam({ name: 'sessionId', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getSession(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/process/session')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Create session',\n description: 'Create a new session in the sandbox',\n operationId: 'createSession_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n })\n @ApiBody({\n type: CreateSessionRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_CREATE_SESSION,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n sessionId: req.body?.sessionId,\n }),\n },\n })\n async createSession(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/process/session/:sessionId/exec')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Execute command in session',\n description: 'Execute a command in a specific session',\n operationId: 'executeSessionCommand_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Command executed successfully',\n type: SessionExecuteResponseDto,\n })\n @ApiResponse({\n status: 202,\n description: 'Command accepted and is being processed',\n type: SessionExecuteResponseDto,\n })\n @ApiBody({\n type: SessionExecuteRequestDto,\n })\n @ApiParam({ name: 'sessionId', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_SESSION_EXECUTE_COMMAND,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n params: (req) => ({\n sessionId: req.params.sessionId,\n }),\n body: (req: TypedRequest) => ({\n command: req.body?.command,\n runAsync: req.body?.runAsync,\n async: req.body?.async,\n }),\n },\n })\n async executeSessionCommand(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Delete(':sandboxId/toolbox/process/session/:sessionId')\n @ApiOperation({\n summary: '[DEPRECATED] Delete session',\n description: 'Delete a specific session',\n operationId: 'deleteSession_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Session deleted successfully',\n })\n @ApiParam({ name: 'sessionId', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_DELETE_SESSION,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n params: (req) => ({\n sessionId: req.params.sessionId,\n }),\n },\n })\n async deleteSession(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/process/session/:sessionId/command/:commandId')\n @ApiOperation({\n summary: '[DEPRECATED] Get session command',\n description: 'Get session command by ID',\n operationId: 'getSessionCommand_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Session command retrieved successfully',\n type: CommandDto,\n })\n @ApiParam({ name: 'commandId', type: String, required: true })\n @ApiParam({ name: 'sessionId', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getSessionCommand(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/process/session/:sessionId/command/:commandId/logs')\n @ApiOperation({\n summary: '[DEPRECATED] Get command logs',\n description: 'Get logs for a specific command in a session',\n operationId: 'getSessionCommandLogs_deprecated',\n deprecated: true,\n })\n // When follow is true, the response is an octet stream\n @ApiResponse({\n status: 200,\n description: 'Command log stream marked with stdout and stderr prefixes',\n content: {\n 'text/plain': {\n schema: {\n type: 'string',\n },\n },\n },\n })\n @ApiQuery({ name: 'follow', type: Boolean, required: false, description: 'Whether to stream the logs' })\n @ApiParam({ name: 'commandId', type: String, required: true })\n @ApiParam({ name: 'sessionId', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getSessionCommandLogs(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return this.toolboxProxy(req, res, next)\n }\n\n // PTY endpoints\n @Get(':sandboxId/toolbox/process/pty')\n @ApiOperation({\n summary: '[DEPRECATED] List PTY sessions',\n description: 'List all active PTY sessions in the sandbox',\n operationId: 'listPTYSessions_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'PTY sessions retrieved successfully',\n type: PtyListResponseDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async listPtySessions(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/process/pty')\n @HttpCode(201)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Create PTY session',\n description: 'Create a new PTY session in the sandbox',\n operationId: 'createPTYSession_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 201,\n description: 'PTY session created successfully',\n type: PtyCreateResponseDto,\n })\n @ApiBody({\n type: PtyCreateRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async createPtySession(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/process/pty/:sessionId')\n @ApiOperation({\n summary: '[DEPRECATED] Get PTY session',\n description: 'Get PTY session information by ID',\n operationId: 'getPTYSession_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'PTY session retrieved successfully',\n type: PtySessionInfoDto,\n })\n @ApiParam({ name: 'sessionId', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getPtySession(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/process/pty/:sessionId/resize')\n @ApiOperation({\n summary: '[DEPRECATED] Resize PTY session',\n description: 'Resize a PTY session',\n operationId: 'resizePTYSession_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'PTY session resized successfully',\n type: PtySessionInfoDto,\n })\n @ApiParam({ name: 'sessionId', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @ApiBody({\n type: PtyResizeRequestDto,\n })\n async resizePtySession(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Delete(':sandboxId/toolbox/process/pty/:sessionId')\n @ApiOperation({\n summary: '[DEPRECATED] Delete PTY session',\n description: 'Delete a PTY session and terminate the associated process',\n operationId: 'deletePTYSession_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'PTY session deleted successfully',\n })\n @ApiParam({ name: 'sessionId', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async deletePtySession(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/lsp/completions')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Get Lsp Completions',\n description:\n 'The Completion request is sent from the client to the server to compute completion items at a given cursor position.',\n operationId: 'LspCompletions_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'OK',\n type: CompletionListDto,\n })\n @ApiBody({\n type: LspCompletionParamsDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getLspCompletions(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/lsp/did-close')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Call Lsp DidClose',\n description:\n 'The document close notification is sent from the client to the server when the document got closed in the client.',\n operationId: 'LspDidClose_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'OK',\n })\n @ApiBody({\n type: LspDocumentRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async lspDidClose(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/lsp/did-open')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Call Lsp DidOpen',\n description:\n 'The document open notification is sent from the client to the server to signal newly opened text documents.',\n operationId: 'LspDidOpen_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'OK',\n })\n @ApiBody({\n type: LspDocumentRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async lspDidOpen(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/lsp/document-symbols')\n @ApiOperation({\n summary: '[DEPRECATED] Call Lsp DocumentSymbols',\n description: 'The document symbol request is sent from the client to the server.',\n operationId: 'LspDocumentSymbols_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'OK',\n type: [LspSymbolDto],\n })\n @ApiQuery({ name: 'uri', type: String, required: true })\n @ApiQuery({ name: 'pathToProject', type: String, required: true })\n @ApiQuery({ name: 'languageId', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getLspDocumentSymbols(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/lsp/start')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Start Lsp server',\n description: 'Start Lsp server process inside sandbox project',\n operationId: 'LspStart_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'OK',\n })\n @ApiBody({\n type: LspServerRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async startLspServer(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/lsp/stop')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Stop Lsp server',\n description: 'Stop Lsp server process inside sandbox project',\n operationId: 'LspStop_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'OK',\n })\n @ApiBody({\n type: LspServerRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async stopLspServer(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/lsp/workspace-symbols')\n @ApiOperation({\n summary: '[DEPRECATED] Call Lsp WorkspaceSymbols',\n description:\n 'The workspace symbol request is sent from the client to the server to list project-wide symbols matching the query string.',\n operationId: 'LspWorkspaceSymbols_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'OK',\n type: [LspSymbolDto],\n })\n @ApiQuery({ name: 'query', type: String, required: true })\n @ApiQuery({ name: 'pathToProject', type: String, required: true })\n @ApiQuery({ name: 'languageId', type: String, required: true })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getLspWorkspaceSymbols(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n // Computer Use endpoints\n\n // Computer use management endpoints\n @Post(':sandboxId/toolbox/computeruse/start')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Start computer use processes',\n description: 'Start all VNC desktop processes (Xvfb, xfce4, x11vnc, novnc)',\n operationId: 'startComputerUse_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Computer use processes started successfully',\n type: ComputerUseStartResponseDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_COMPUTER_USE_START,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n })\n async startComputerUse(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/computeruse/stop')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Stop computer use processes',\n description: 'Stop all VNC desktop processes (Xvfb, xfce4, x11vnc, novnc)',\n operationId: 'stopComputerUse_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Computer use processes stopped successfully',\n type: ComputerUseStopResponseDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_COMPUTER_USE_STOP,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n })\n async stopComputerUse(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/computeruse/status')\n @ApiOperation({\n summary: '[DEPRECATED] Get computer use status',\n description: 'Get status of all VNC desktop processes',\n operationId: 'getComputerUseStatus_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Computer use status retrieved successfully',\n type: ComputerUseStatusResponseDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getComputerUseStatus(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/computeruse/process/:processName/status')\n @ApiOperation({\n summary: '[DEPRECATED] Get process status',\n description: 'Get status of a specific VNC process',\n operationId: 'getProcessStatus_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Process status retrieved successfully',\n type: ProcessStatusResponseDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @ApiParam({ name: 'processName', type: String, required: true })\n async getProcessStatus(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/computeruse/process/:processName/restart')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Restart process',\n description: 'Restart a specific VNC process',\n operationId: 'restartProcess_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Process restarted successfully',\n type: ProcessRestartResponseDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @ApiParam({ name: 'processName', type: String, required: true })\n @Audit({\n action: AuditAction.TOOLBOX_COMPUTER_USE_RESTART_PROCESS,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.sandboxId,\n requestMetadata: {\n params: (req) => ({\n processName: req.params.processName,\n }),\n },\n })\n async restartProcess(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/computeruse/process/:processName/logs')\n @ApiOperation({\n summary: '[DEPRECATED] Get process logs',\n description: 'Get logs for a specific VNC process',\n operationId: 'getProcessLogs_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Process logs retrieved successfully',\n type: ProcessLogsResponseDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @ApiParam({ name: 'processName', type: String, required: true })\n async getProcessLogs(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/computeruse/process/:processName/errors')\n @ApiOperation({\n summary: '[DEPRECATED] Get process errors',\n description: 'Get error logs for a specific VNC process',\n operationId: 'getProcessErrors_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Process errors retrieved successfully',\n type: ProcessErrorsResponseDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n @ApiParam({ name: 'processName', type: String, required: true })\n async getProcessErrors(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n // Mouse endpoints\n @Get(':sandboxId/toolbox/computeruse/mouse/position')\n @ApiOperation({\n summary: '[DEPRECATED] Get mouse position',\n description: 'Get current mouse cursor position',\n operationId: 'getMousePosition_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Mouse position retrieved successfully',\n type: MousePositionDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getMousePosition(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/computeruse/mouse/move')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Move mouse',\n description: 'Move mouse cursor to specified coordinates',\n operationId: 'moveMouse_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Mouse moved successfully',\n type: MouseMoveResponseDto,\n })\n @ApiBody({\n type: MouseMoveRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async moveMouse(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/computeruse/mouse/click')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Click mouse',\n description: 'Click mouse at specified coordinates',\n operationId: 'clickMouse_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Mouse clicked successfully',\n type: MouseClickResponseDto,\n })\n @ApiBody({\n type: MouseClickRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async clickMouse(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/computeruse/mouse/drag')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Drag mouse',\n description: 'Drag mouse from start to end coordinates',\n operationId: 'dragMouse_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Mouse dragged successfully',\n type: MouseDragResponseDto,\n })\n @ApiBody({\n type: MouseDragRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async dragMouse(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/computeruse/mouse/scroll')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Scroll mouse',\n description: 'Scroll mouse at specified coordinates',\n operationId: 'scrollMouse_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Mouse scrolled successfully',\n type: MouseScrollResponseDto,\n })\n @ApiBody({\n type: MouseScrollRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async scrollMouse(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n // Keyboard endpoints\n @Post(':sandboxId/toolbox/computeruse/keyboard/type')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Type text',\n description: 'Type text using keyboard',\n operationId: 'typeText_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Text typed successfully',\n })\n @ApiBody({\n type: KeyboardTypeRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async typeText(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/computeruse/keyboard/key')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Press key',\n description: 'Press a key with optional modifiers',\n operationId: 'pressKey_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Key pressed successfully',\n })\n @ApiBody({\n type: KeyboardPressRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async pressKey(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Post(':sandboxId/toolbox/computeruse/keyboard/hotkey')\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Press hotkey',\n description: 'Press a hotkey combination',\n operationId: 'pressHotkey_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Hotkey pressed successfully',\n })\n @ApiBody({\n type: KeyboardHotkeyRequestDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async pressHotkey(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n // Screenshot endpoints\n @Get(':sandboxId/toolbox/computeruse/screenshot')\n @ApiOperation({\n summary: '[DEPRECATED] Take screenshot',\n description: 'Take a screenshot of the entire screen',\n operationId: 'takeScreenshot_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Screenshot taken successfully',\n type: ScreenshotResponseDto,\n })\n @ApiQuery({ name: 'show_cursor', type: Boolean, required: false })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async takeScreenshot(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/computeruse/screenshot/region')\n @ApiOperation({\n summary: '[DEPRECATED] Take region screenshot',\n description: 'Take a screenshot of a specific region',\n operationId: 'takeRegionScreenshot_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Region screenshot taken successfully',\n type: RegionScreenshotResponseDto,\n })\n @ApiQuery({ name: 'x', type: Number, required: true })\n @ApiQuery({ name: 'y', type: Number, required: true })\n @ApiQuery({ name: 'width', type: Number, required: true })\n @ApiQuery({ name: 'height', type: Number, required: true })\n @ApiQuery({ name: 'show_cursor', type: Boolean, required: false })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async takeRegionScreenshot(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/computeruse/screenshot/compressed')\n @ApiOperation({\n summary: '[DEPRECATED] Take compressed screenshot',\n description: 'Take a compressed screenshot with format, quality, and scale options',\n operationId: 'takeCompressedScreenshot_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Compressed screenshot taken successfully',\n type: CompressedScreenshotResponseDto,\n })\n @ApiQuery({ name: 'show_cursor', type: Boolean, required: false })\n @ApiQuery({ name: 'format', type: String, required: false })\n @ApiQuery({ name: 'quality', type: Number, required: false })\n @ApiQuery({ name: 'scale', type: Number, required: false })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async takeCompressedScreenshot(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/computeruse/screenshot/region/compressed')\n @ApiOperation({\n summary: '[DEPRECATED] Take compressed region screenshot',\n description: 'Take a compressed screenshot of a specific region',\n operationId: 'takeCompressedRegionScreenshot_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Compressed region screenshot taken successfully',\n type: CompressedScreenshotResponseDto,\n })\n @ApiQuery({ name: 'x', type: Number, required: true })\n @ApiQuery({ name: 'y', type: Number, required: true })\n @ApiQuery({ name: 'width', type: Number, required: true })\n @ApiQuery({ name: 'height', type: Number, required: true })\n @ApiQuery({ name: 'show_cursor', type: Boolean, required: false })\n @ApiQuery({ name: 'format', type: String, required: false })\n @ApiQuery({ name: 'quality', type: Number, required: false })\n @ApiQuery({ name: 'scale', type: Number, required: false })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async takeCompressedRegionScreenshot(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n // Display endpoints\n @Get(':sandboxId/toolbox/computeruse/display/info')\n @ApiOperation({\n summary: '[DEPRECATED] Get display info',\n description: 'Get information about displays',\n operationId: 'getDisplayInfo_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Display info retrieved successfully',\n type: DisplayInfoResponseDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getDisplayInfo(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n\n @Get(':sandboxId/toolbox/computeruse/display/windows')\n @ApiOperation({\n summary: '[DEPRECATED] Get windows',\n description: 'Get list of open windows',\n operationId: 'getWindows_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Windows list retrieved successfully',\n type: WindowsResponseDto,\n })\n @ApiParam({ name: 'sandboxId', type: String, required: true })\n async getWindows(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n ): Promise {\n return await this.toolboxProxy(req, res, next)\n }\n}\n" }, { "path": "apps/api/src/sandbox/controllers/volume.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Controller,\n Get,\n Post,\n Delete,\n Body,\n Param,\n Logger,\n UseGuards,\n HttpCode,\n UseInterceptors,\n Query,\n} from '@nestjs/common'\nimport {\n ApiOAuth2,\n ApiResponse,\n ApiOperation,\n ApiParam,\n ApiTags,\n ApiHeader,\n ApiQuery,\n ApiBearerAuth,\n} from '@nestjs/swagger'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { VolumeService } from '../services/volume.service'\nimport { CreateVolumeDto } from '../dto/create-volume.dto'\nimport { ContentTypeInterceptor } from '../../common/interceptors/content-type.interceptors'\nimport { CustomHeaders } from '../../common/constants/header.constants'\nimport { AuthContext } from '../../common/decorators/auth-context.decorator'\nimport { OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { RequiredOrganizationResourcePermissions } from '../../organization/decorators/required-organization-resource-permissions.decorator'\nimport { OrganizationResourcePermission } from '../../organization/enums/organization-resource-permission.enum'\nimport { OrganizationResourceActionGuard } from '../../organization/guards/organization-resource-action.guard'\nimport { VolumeDto } from '../dto/volume.dto'\nimport { Audit, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { VolumeAccessGuard } from '../guards/volume-access.guard'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\n\n@ApiTags('volumes')\n@Controller('volumes')\n@ApiHeader(CustomHeaders.ORGANIZATION_ID)\n@UseGuards(CombinedAuthGuard, OrganizationResourceActionGuard, AuthenticatedRateLimitGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class VolumeController {\n private readonly logger = new Logger(VolumeController.name)\n\n constructor(private readonly volumeService: VolumeService) {}\n\n @Get()\n @ApiOperation({\n summary: 'List all volumes',\n operationId: 'listVolumes',\n })\n @ApiResponse({\n status: 200,\n description: 'List of all volumes',\n type: [VolumeDto],\n })\n @ApiQuery({\n name: 'includeDeleted',\n required: false,\n type: Boolean,\n description: 'Include deleted volumes in the response',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.READ_VOLUMES])\n async listVolumes(\n @AuthContext() authContext: OrganizationAuthContext,\n @Query('includeDeleted') includeDeleted = false,\n ): Promise {\n const volumes = await this.volumeService.findAll(authContext.organizationId, includeDeleted)\n return volumes.map(VolumeDto.fromVolume)\n }\n\n @Post()\n @HttpCode(200)\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: 'Create a new volume',\n operationId: 'createVolume',\n })\n @ApiResponse({\n status: 200,\n description: 'The volume has been successfully created.',\n type: VolumeDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_VOLUMES])\n @Audit({\n action: AuditAction.CREATE,\n targetType: AuditTarget.VOLUME,\n targetIdFromResult: (result: VolumeDto) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n name: req.body?.name,\n }),\n },\n })\n async createVolume(\n @AuthContext() authContext: OrganizationAuthContext,\n @Body() createVolumeDto: CreateVolumeDto,\n ): Promise {\n const volume = await this.volumeService.create(authContext.organization, createVolumeDto)\n return VolumeDto.fromVolume(volume)\n }\n\n @Get(':volumeId')\n @ApiOperation({\n summary: 'Get volume details',\n operationId: 'getVolume',\n })\n @ApiParam({\n name: 'volumeId',\n description: 'ID of the volume',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Volume details',\n type: VolumeDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.READ_VOLUMES])\n @UseGuards(VolumeAccessGuard)\n async getVolume(@Param('volumeId') volumeId: string): Promise {\n const volume = await this.volumeService.findOne(volumeId)\n return VolumeDto.fromVolume(volume)\n }\n\n @Delete(':volumeId')\n @ApiOperation({\n summary: 'Delete volume',\n operationId: 'deleteVolume',\n })\n @ApiParam({\n name: 'volumeId',\n description: 'ID of the volume',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Volume has been marked for deletion',\n })\n @ApiResponse({\n status: 409,\n description: 'Volume is in use by one or more sandboxes',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.DELETE_VOLUMES])\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.VOLUME,\n targetIdFromRequest: (req) => req.params.volumeId,\n })\n @UseGuards(VolumeAccessGuard)\n async deleteVolume(@Param('volumeId') volumeId: string): Promise {\n return this.volumeService.delete(volumeId)\n }\n\n @Get('by-name/:name')\n @ApiOperation({\n summary: 'Get volume details by name',\n operationId: 'getVolumeByName',\n })\n @ApiParam({\n name: 'name',\n description: 'Name of the volume',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Volume details',\n type: VolumeDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.READ_VOLUMES])\n @UseGuards(VolumeAccessGuard)\n async getVolumeByName(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('name') name: string,\n ): Promise {\n const volume = await this.volumeService.findByName(authContext.organizationId, name)\n return VolumeDto.fromVolume(volume)\n }\n}\n" }, { "path": "apps/api/src/sandbox/controllers/workspace.deprecated.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Controller,\n Get,\n Post,\n Delete,\n Body,\n Param,\n Query,\n Logger,\n UseGuards,\n HttpCode,\n UseInterceptors,\n Put,\n NotFoundException,\n ForbiddenException,\n Res,\n Request,\n RawBodyRequest,\n Next,\n ParseBoolPipe,\n} from '@nestjs/common'\nimport Redis from 'ioredis'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { SandboxService as WorkspaceService } from '../services/sandbox.service'\nimport {\n ApiOAuth2,\n ApiResponse,\n ApiQuery,\n ApiOperation,\n ApiParam,\n ApiTags,\n ApiHeader,\n ApiBearerAuth,\n} from '@nestjs/swagger'\nimport { SandboxLabelsDto as WorkspaceLabelsDto } from '../dto/sandbox.dto'\nimport { WorkspaceDto } from '../dto/workspace.deprecated.dto'\nimport { RunnerService } from '../services/runner.service'\nimport { SandboxState as WorkspaceState } from '../enums/sandbox-state.enum'\nimport { ContentTypeInterceptor } from '../../common/interceptors/content-type.interceptors'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { SandboxAccessGuard as WorkspaceAccessGuard } from '../guards/sandbox-access.guard'\nimport { CustomHeaders } from '../../common/constants/header.constants'\nimport { AuthContext } from '../../common/decorators/auth-context.decorator'\nimport { OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { RequiredOrganizationResourcePermissions } from '../../organization/decorators/required-organization-resource-permissions.decorator'\nimport { OrganizationResourcePermission } from '../../organization/enums/organization-resource-permission.enum'\nimport { OrganizationResourceActionGuard } from '../../organization/guards/organization-resource-action.guard'\nimport { WorkspacePortPreviewUrlDto } from '../dto/workspace-port-preview-url.deprecated.dto'\nimport { IncomingMessage, ServerResponse } from 'http'\nimport { NextFunction } from 'http-proxy-middleware/dist/types'\nimport { LogProxy } from '../proxy/log-proxy'\nimport { CreateWorkspaceDto } from '../dto/create-workspace.deprecated.dto'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { BadRequestError } from '../../exceptions/bad-request.exception'\nimport { Audit, MASKED_AUDIT_VALUE, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\n\n@ApiTags('workspace')\n@Controller('workspace')\n@ApiHeader(CustomHeaders.ORGANIZATION_ID)\n@UseGuards(CombinedAuthGuard, OrganizationResourceActionGuard, AuthenticatedRateLimitGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class WorkspaceController {\n private readonly logger = new Logger(WorkspaceController.name)\n\n constructor(\n @InjectRedis() private readonly redis: Redis,\n private readonly runnerService: RunnerService,\n private readonly workspaceService: WorkspaceService,\n private readonly configService: TypedConfigService,\n ) {}\n\n @Get()\n @ApiOperation({\n summary: '[DEPRECATED] List all workspaces',\n operationId: 'listWorkspaces_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'List of all workspacees',\n type: [WorkspaceDto],\n })\n @ApiQuery({\n name: 'verbose',\n required: false,\n type: Boolean,\n description: 'Include verbose output',\n })\n @ApiQuery({\n name: 'labels',\n type: String,\n required: false,\n example: '{\"label1\": \"value1\", \"label2\": \"value2\"}',\n description: 'JSON encoded labels to filter by',\n })\n async listWorkspacees(\n @AuthContext() authContext: OrganizationAuthContext,\n @Query('verbose') verbose?: boolean,\n @Query('labels') labelsQuery?: string,\n ): Promise {\n const labels = labelsQuery ? JSON.parse(labelsQuery) : {}\n const workspacees = await this.workspaceService.findAllDeprecated(authContext.organizationId, labels)\n const dtos = workspacees.map(async (workspace) => {\n const dto = WorkspaceDto.fromSandbox(workspace)\n return dto\n })\n return await Promise.all(dtos)\n }\n\n @Post()\n @HttpCode(200) // for Daytona Api compatibility\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Create a new workspace',\n operationId: 'createWorkspace_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'The workspace has been successfully created.',\n type: WorkspaceDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @Audit({\n action: AuditAction.CREATE,\n targetType: AuditTarget.SANDBOX,\n targetIdFromResult: (result: WorkspaceDto) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n image: req.body?.image,\n user: req.body?.user,\n env: req.body?.env\n ? Object.fromEntries(Object.keys(req.body?.env).map((key) => [key, MASKED_AUDIT_VALUE]))\n : undefined,\n labels: req.body?.labels,\n public: req.body?.public,\n class: req.body?.class,\n target: req.body?.target,\n cpu: req.body?.cpu,\n gpu: req.body?.gpu,\n memory: req.body?.memory,\n disk: req.body?.disk,\n autoStopInterval: req.body?.autoStopInterval,\n autoArchiveInterval: req.body?.autoArchiveInterval,\n volumes: req.body?.volumes,\n buildInfo: req.body?.buildInfo,\n }),\n },\n })\n async createWorkspace(\n @AuthContext() authContext: OrganizationAuthContext,\n @Body() createWorkspaceDto: CreateWorkspaceDto,\n ): Promise {\n if (createWorkspaceDto.buildInfo) {\n throw new ForbiddenException('Build info is not supported in this deprecated API - please upgrade your client')\n }\n\n const organization = authContext.organization\n\n const workspace = WorkspaceDto.fromSandboxDto(\n await this.workspaceService.createFromSnapshot(\n {\n ...createWorkspaceDto,\n snapshot: createWorkspaceDto.image,\n },\n organization,\n true,\n ),\n )\n\n // Wait for the workspace to start\n const sandboxState = await this.waitForWorkspaceState(\n workspace.id,\n WorkspaceState.STARTED,\n 30000, // 30 seconds timeout\n )\n workspace.state = sandboxState\n\n return workspace\n }\n\n @Get(':workspaceId')\n @ApiOperation({\n summary: '[DEPRECATED] Get workspace details',\n operationId: 'getWorkspace_deprecated',\n deprecated: true,\n })\n @ApiParam({\n name: 'workspaceId',\n description: 'ID of the workspace',\n type: 'string',\n })\n @ApiQuery({\n name: 'verbose',\n required: false,\n type: Boolean,\n description: 'Include verbose output',\n })\n @ApiResponse({\n status: 200,\n description: 'Workspace details',\n type: WorkspaceDto,\n })\n @UseGuards(WorkspaceAccessGuard)\n async getWorkspace(\n @Param('workspaceId') workspaceId: string,\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n @Query('verbose') verbose?: boolean,\n ): Promise {\n const workspace = await this.workspaceService.findOne(workspaceId, true)\n\n return WorkspaceDto.fromSandbox(workspace)\n }\n\n @Delete(':workspaceId')\n @ApiOperation({\n summary: '[DEPRECATED] Delete workspace',\n operationId: 'deleteWorkspace_deprecated',\n deprecated: true,\n })\n @ApiParam({\n name: 'workspaceId',\n description: 'ID of the workspace',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Workspace has been deleted',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.DELETE_SANDBOXES])\n @UseGuards(WorkspaceAccessGuard)\n @Audit({\n action: AuditAction.DELETE,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.workspaceId,\n })\n async removeWorkspace(\n @Param('workspaceId') workspaceId: string,\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n @Query('force') force?: boolean,\n ): Promise {\n await this.workspaceService.destroy(workspaceId)\n }\n\n @Post(':workspaceId/start')\n @HttpCode(200)\n @ApiOperation({\n summary: '[DEPRECATED] Start workspace',\n operationId: 'startWorkspace_deprecated',\n deprecated: true,\n })\n @ApiParam({\n name: 'workspaceId',\n description: 'ID of the workspace',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Workspace has been started',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(WorkspaceAccessGuard)\n @Audit({\n action: AuditAction.START,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.workspaceId,\n })\n async startWorkspace(\n @AuthContext() authContext: OrganizationAuthContext,\n @Param('workspaceId') workspaceId: string,\n ): Promise {\n await this.workspaceService.start(workspaceId, authContext.organization)\n }\n\n @Post(':workspaceId/stop')\n @HttpCode(200) // for Daytona Api compatibility\n @ApiOperation({\n summary: '[DEPRECATED] Stop workspace',\n operationId: 'stopWorkspace_deprecated',\n deprecated: true,\n })\n @ApiParam({\n name: 'workspaceId',\n description: 'ID of the workspace',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Workspace has been stopped',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(WorkspaceAccessGuard)\n @Audit({\n action: AuditAction.STOP,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.workspaceId,\n })\n async stopWorkspace(@Param('workspaceId') workspaceId: string): Promise {\n await this.workspaceService.stop(workspaceId)\n }\n\n @Put(':workspaceId/labels')\n @UseInterceptors(ContentTypeInterceptor)\n @ApiOperation({\n summary: '[DEPRECATED] Replace workspace labels',\n operationId: 'replaceLabelsWorkspace_deprecated',\n deprecated: true,\n })\n @ApiParam({\n name: 'workspaceId',\n description: 'ID of the workspace',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Labels have been successfully replaced',\n type: WorkspaceLabelsDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(WorkspaceAccessGuard)\n @Audit({\n action: AuditAction.REPLACE_LABELS,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.workspaceId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n labels: req.body?.labels,\n }),\n },\n })\n async replaceLabels(\n @Param('workspaceId') workspaceId: string,\n @Body() labelsDto: WorkspaceLabelsDto,\n ): Promise {\n const { labels } = await this.workspaceService.replaceLabels(workspaceId, labelsDto.labels)\n return { labels }\n }\n\n @Post(':workspaceId/backup')\n @ApiOperation({\n summary: '[DEPRECATED] Create workspace backup',\n operationId: 'createBackupWorkspace_deprecated',\n deprecated: true,\n })\n @ApiParam({\n name: 'workspaceId',\n description: 'ID of the workspace',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Workspace backup has been initiated',\n type: WorkspaceDto,\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(WorkspaceAccessGuard)\n @Audit({\n action: AuditAction.CREATE_BACKUP,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.workspaceId,\n })\n async createBackup(@Param('workspaceId') workspaceId: string): Promise {\n await this.workspaceService.createBackup(workspaceId)\n }\n\n @Post(':workspaceId/public/:isPublic')\n @ApiOperation({\n summary: '[DEPRECATED] Update public status',\n operationId: 'updatePublicStatusWorkspace_deprecated',\n deprecated: true,\n })\n @ApiParam({\n name: 'workspaceId',\n description: 'ID of the workspace',\n type: 'string',\n })\n @ApiParam({\n name: 'isPublic',\n description: 'Public status to set',\n type: 'boolean',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(WorkspaceAccessGuard)\n @Audit({\n action: AuditAction.UPDATE_PUBLIC_STATUS,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.workspaceId,\n requestMetadata: {\n params: (req) => ({\n isPublic: req.params.isPublic,\n }),\n },\n })\n async updatePublicStatus(\n @Param('workspaceId') workspaceId: string,\n @Param('isPublic') isPublic: boolean,\n ): Promise {\n await this.workspaceService.updatePublicStatus(workspaceId, isPublic)\n }\n\n @Post(':workspaceId/autostop/:interval')\n @ApiOperation({\n summary: '[DEPRECATED] Set workspace auto-stop interval',\n operationId: 'setAutostopIntervalWorkspace_deprecated',\n deprecated: true,\n })\n @ApiParam({\n name: 'workspaceId',\n description: 'ID of the workspace',\n type: 'string',\n })\n @ApiParam({\n name: 'interval',\n description: 'Auto-stop interval in minutes (0 to disable)',\n type: 'number',\n })\n @ApiResponse({\n status: 200,\n description: 'Auto-stop interval has been set',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(WorkspaceAccessGuard)\n @Audit({\n action: AuditAction.SET_AUTO_STOP_INTERVAL,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.workspaceId,\n requestMetadata: {\n params: (req) => ({\n interval: req.params.interval,\n }),\n },\n })\n async setAutostopInterval(\n @Param('workspaceId') workspaceId: string,\n @Param('interval') interval: number,\n ): Promise {\n await this.workspaceService.setAutostopInterval(workspaceId, interval)\n }\n\n @Post(':workspaceId/autoarchive/:interval')\n @ApiOperation({\n summary: '[DEPRECATED] Set workspace auto-archive interval',\n operationId: 'setAutoArchiveIntervalWorkspace_deprecated',\n deprecated: true,\n })\n @ApiParam({\n name: 'workspaceId',\n description: 'ID of the workspace',\n type: 'string',\n })\n @ApiParam({\n name: 'interval',\n description: 'Auto-archive interval in minutes (0 means the maximum interval will be used)',\n type: 'number',\n })\n @ApiResponse({\n status: 200,\n description: 'Auto-archive interval has been set',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(WorkspaceAccessGuard)\n @Audit({\n action: AuditAction.SET_AUTO_ARCHIVE_INTERVAL,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.workspaceId,\n requestMetadata: {\n params: (req) => ({\n interval: req.params.interval,\n }),\n },\n })\n async setAutoArchiveInterval(\n @Param('workspaceId') workspaceId: string,\n @Param('interval') interval: number,\n ): Promise {\n await this.workspaceService.setAutoArchiveInterval(workspaceId, interval)\n }\n\n @Post(':workspaceId/archive')\n @HttpCode(200)\n @ApiOperation({\n summary: '[DEPRECATED] Archive workspace',\n operationId: 'archiveWorkspace_deprecated',\n deprecated: true,\n })\n @ApiResponse({\n status: 200,\n description: 'Workspace has been archived',\n })\n @RequiredOrganizationResourcePermissions([OrganizationResourcePermission.WRITE_SANDBOXES])\n @UseGuards(WorkspaceAccessGuard)\n @Audit({\n action: AuditAction.ARCHIVE,\n targetType: AuditTarget.SANDBOX,\n targetIdFromRequest: (req) => req.params.workspaceId,\n })\n async archiveWorkspace(@Param('workspaceId') workspaceId: string): Promise {\n await this.workspaceService.archive(workspaceId)\n }\n\n @Get(':workspaceId/ports/:port/preview-url')\n @ApiOperation({\n summary: '[DEPRECATED] Get preview URL for a workspace port',\n operationId: 'getPortPreviewUrlWorkspace_deprecated',\n deprecated: true,\n })\n @ApiParam({\n name: 'workspaceId',\n description: 'ID of the workspace',\n type: 'string',\n })\n @ApiParam({\n name: 'port',\n description: 'Port number to get preview URL for',\n type: 'number',\n })\n @ApiResponse({\n status: 200,\n description: 'Preview URL for the specified port',\n type: WorkspacePortPreviewUrlDto,\n })\n @UseGuards(WorkspaceAccessGuard)\n async getPortPreviewUrl(\n @Param('workspaceId') workspaceId: string,\n @Param('port') port: number,\n ): Promise {\n if (port < 1 || port > 65535) {\n throw new BadRequestError('Invalid port')\n }\n\n const proxyDomain = this.configService.getOrThrow('proxy.domain')\n const proxyProtocol = this.configService.getOrThrow('proxy.protocol')\n const workspace = await this.workspaceService.findOne(workspaceId)\n if (!workspace) {\n throw new NotFoundException(`Workspace with ID ${workspaceId} not found`)\n }\n\n return {\n url: `${proxyProtocol}://${port}-${workspaceId}.${proxyDomain}`,\n token: workspace.authToken,\n }\n }\n\n @Get(':workspaceId/build-logs')\n @ApiOperation({\n summary: '[DEPRECATED] Get build logs',\n operationId: 'getBuildLogsWorkspace_deprecated',\n deprecated: true,\n })\n @ApiParam({\n name: 'workspaceId',\n description: 'ID of the workspace',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Build logs stream',\n })\n @ApiQuery({\n name: 'follow',\n required: false,\n type: Boolean,\n description: 'Whether to follow the logs stream',\n })\n @UseGuards(WorkspaceAccessGuard)\n async getBuildLogs(\n @Request() req: RawBodyRequest,\n @Res() res: ServerResponse,\n @Next() next: NextFunction,\n @Param('workspaceId') workspaceId: string,\n @Query('follow', new ParseBoolPipe({ optional: true })) follow?: boolean,\n ): Promise {\n const workspace = await this.workspaceService.findOne(workspaceId)\n if (!workspace || !workspace.runnerId) {\n throw new NotFoundException(`Workspace with ID ${workspaceId} not found or has no runner assigned`)\n }\n\n if (!workspace.buildInfo) {\n throw new NotFoundException(`Workspace with ID ${workspaceId} has no build info`)\n }\n\n const runner = await this.runnerService.findOneOrFail(workspace.runnerId)\n\n if (!runner.apiUrl) {\n throw new NotFoundException(`Runner for workspace ${workspaceId} has no API URL`)\n }\n\n const logProxy = new LogProxy(\n runner.apiUrl,\n workspace.buildInfo.snapshotRef.split(':')[0],\n runner.apiKey,\n follow === true,\n req,\n res,\n next,\n )\n return logProxy.create()\n }\n\n private async waitForWorkspaceState(\n workspaceId: string,\n desiredState: WorkspaceState,\n timeout: number,\n ): Promise {\n const startTime = Date.now()\n\n let workspaceState: WorkspaceState\n while (Date.now() - startTime < timeout) {\n const workspace = await this.workspaceService.findOne(workspaceId)\n workspaceState = workspace.state\n if (\n workspaceState === desiredState ||\n workspaceState === WorkspaceState.ERROR ||\n workspaceState === WorkspaceState.BUILD_FAILED\n ) {\n return workspaceState\n }\n await new Promise((resolve) => setTimeout(resolve, 100)) // Wait 100 ms before checking again\n }\n\n return workspaceState\n }\n}\n" }, { "path": "apps/api/src/sandbox/dto/build-info.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'BuildInfo' })\nexport class BuildInfoDto {\n @ApiPropertyOptional({\n description: 'The Dockerfile content used for the build',\n example: 'FROM node:14\\nWORKDIR /app\\nCOPY . .\\nRUN npm install\\nCMD [\"npm\", \"start\"]',\n })\n dockerfileContent?: string\n\n @ApiPropertyOptional({\n description: 'The context hashes used for the build',\n type: [String],\n example: ['hash1', 'hash2'],\n })\n contextHashes?: string[]\n\n @ApiProperty({\n description: 'The creation timestamp',\n })\n createdAt: Date\n\n @ApiProperty({\n description: 'The last update timestamp',\n })\n updatedAt: Date\n\n @ApiProperty({\n description: 'The snapshot reference',\n example: 'daytonaio/sandbox:latest',\n })\n snapshotRef: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/create-build-info.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { IsNotEmpty, IsOptional, IsString } from 'class-validator'\n\n@ApiSchema({ name: 'CreateBuildInfo' })\nexport class CreateBuildInfoDto {\n @ApiProperty({\n description: 'The Dockerfile content used for the build',\n example: 'FROM node:14\\nWORKDIR /app\\nCOPY . .\\nRUN npm install\\nCMD [\"npm\", \"start\"]',\n })\n @IsString()\n @IsNotEmpty()\n dockerfileContent: string\n\n @ApiPropertyOptional({\n description: 'The context hashes used for the build',\n type: [String],\n example: ['hash1', 'hash2'],\n })\n @IsString({ each: true })\n @IsOptional()\n contextHashes?: string[]\n}\n" }, { "path": "apps/api/src/sandbox/dto/create-runner-internal.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport type CreateRunnerV0InternalDto = {\n domain: string\n apiUrl: string\n proxyUrl: string\n cpu: number\n memoryGiB: number\n diskGiB: number\n regionId: string\n name: string\n apiKey?: string\n apiVersion: '0'\n appVersion?: string\n}\n\nexport type CreateRunnerV2InternalDto = {\n apiKey?: string\n regionId: string\n name: string\n apiVersion: '2'\n appVersion?: string\n}\n\nexport type CreateRunnerInternalDto = CreateRunnerV0InternalDto | CreateRunnerV2InternalDto\n" }, { "path": "apps/api/src/sandbox/dto/create-runner-response.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { Runner } from '../entities/runner.entity'\n\n@ApiSchema({ name: 'CreateRunnerResponse' })\nexport class CreateRunnerResponseDto {\n @ApiProperty({\n description: 'The ID of the runner',\n example: 'runner123',\n })\n id: string\n\n @ApiProperty({\n description: 'The API key for the runner',\n example: 'dtn_1234567890',\n })\n apiKey: string\n\n static fromRunner(runner: Runner, apiKey: string): CreateRunnerResponseDto {\n return {\n id: runner.id,\n apiKey,\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/dto/create-runner.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { IsString } from 'class-validator'\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'CreateRunner' })\nexport class CreateRunnerDto {\n @IsString()\n @ApiProperty()\n regionId: string\n\n @IsString()\n @ApiProperty()\n name: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/create-sandbox.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { IsEnum, IsObject, IsOptional, IsString, IsNumber, IsBoolean, IsArray } from 'class-validator'\nimport { ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { SandboxClass } from '../enums/sandbox-class.enum'\nimport { SandboxVolume } from './sandbox.dto'\nimport { CreateBuildInfoDto } from './create-build-info.dto'\n\n@ApiSchema({ name: 'CreateSandbox' })\nexport class CreateSandboxDto {\n @ApiPropertyOptional({\n description: 'The name of the sandbox. If not provided, the sandbox ID will be used as the name',\n example: 'MySandbox',\n })\n @IsOptional()\n @IsString()\n name?: string\n\n @ApiPropertyOptional({\n description: 'The ID or name of the snapshot used for the sandbox',\n example: 'ubuntu-4vcpu-8ram-100gb',\n })\n @IsOptional()\n @IsString()\n snapshot?: string\n\n @ApiPropertyOptional({\n description: 'The user associated with the project',\n example: 'daytona',\n })\n @IsOptional()\n @IsString()\n user?: string\n\n @ApiPropertyOptional({\n description: 'Environment variables for the sandbox',\n type: 'object',\n additionalProperties: { type: 'string' },\n example: { NODE_ENV: 'production' },\n })\n @IsOptional()\n @IsObject()\n env?: { [key: string]: string }\n\n @ApiPropertyOptional({\n description: 'Labels for the sandbox',\n type: 'object',\n additionalProperties: { type: 'string' },\n example: { 'daytona.io/public': 'true' },\n })\n @IsOptional()\n @IsObject()\n labels?: { [key: string]: string }\n\n @ApiPropertyOptional({\n description: 'Whether the sandbox http preview is publicly accessible',\n example: false,\n })\n @IsOptional()\n @IsBoolean()\n public?: boolean\n\n @ApiPropertyOptional({\n description: 'Whether to block all network access for the sandbox',\n example: false,\n })\n @IsOptional()\n @IsBoolean()\n networkBlockAll?: boolean\n\n @ApiPropertyOptional({\n description: 'Comma-separated list of allowed CIDR network addresses for the sandbox',\n example: '192.168.1.0/16,10.0.0.0/24',\n })\n @IsOptional()\n @IsString()\n networkAllowList?: string\n\n @ApiPropertyOptional({\n description: 'The sandbox class type',\n enum: SandboxClass,\n example: Object.values(SandboxClass)[0],\n })\n @IsOptional()\n @IsEnum(SandboxClass)\n class?: SandboxClass\n\n @ApiPropertyOptional({\n description: 'The target (region) where the sandbox will be created',\n example: 'us',\n })\n @IsOptional()\n @IsString()\n target?: string\n\n @ApiPropertyOptional({\n description: 'CPU cores allocated to the sandbox',\n example: 2,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n cpu?: number\n\n @ApiPropertyOptional({\n description: 'GPU units allocated to the sandbox',\n example: 1,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n gpu?: number\n\n @ApiPropertyOptional({\n description: 'Memory allocated to the sandbox in GB',\n example: 1,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n memory?: number\n\n @ApiPropertyOptional({\n description: 'Disk space allocated to the sandbox in GB',\n example: 3,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n disk?: number\n\n @ApiPropertyOptional({\n description: 'Auto-stop interval in minutes (0 means disabled)',\n example: 30,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n autoStopInterval?: number\n\n @ApiPropertyOptional({\n description: 'Auto-archive interval in minutes (0 means the maximum interval will be used)',\n example: 7 * 24 * 60,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n autoArchiveInterval?: number\n\n @ApiPropertyOptional({\n description:\n 'Auto-delete interval in minutes (negative value means disabled, 0 means delete immediately upon stopping)',\n example: 30,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n autoDeleteInterval?: number\n\n @ApiPropertyOptional({\n description: 'Array of volumes to attach to the sandbox',\n type: [SandboxVolume],\n required: false,\n })\n @IsOptional()\n @IsArray()\n volumes?: SandboxVolume[]\n\n @ApiPropertyOptional({\n description: 'Build information for the sandbox',\n type: CreateBuildInfoDto,\n })\n @IsOptional()\n @IsObject()\n buildInfo?: CreateBuildInfoDto\n}\n" }, { "path": "apps/api/src/sandbox/dto/create-snapshot.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { IsArray, IsObject, IsBoolean, IsNumber, IsOptional, IsString } from 'class-validator'\nimport { CreateBuildInfoDto } from './create-build-info.dto'\n\n@ApiSchema({ name: 'CreateSnapshot' })\nexport class CreateSnapshotDto {\n @ApiProperty({\n description: 'The name of the snapshot',\n example: 'ubuntu-4vcpu-8ram-100gb',\n })\n @IsString()\n name: string\n\n @ApiPropertyOptional({\n description: 'The image name of the snapshot',\n example: 'ubuntu:22.04',\n })\n @IsOptional()\n @IsString()\n imageName?: string\n\n @ApiPropertyOptional({\n description: 'The entrypoint command for the snapshot',\n example: 'sleep infinity',\n })\n @IsString({\n each: true,\n })\n @IsArray()\n @IsOptional()\n entrypoint?: string[]\n\n @ApiPropertyOptional({\n description: 'Whether the snapshot is general',\n })\n @IsBoolean()\n @IsOptional()\n general?: boolean\n\n @ApiPropertyOptional({\n description: 'CPU cores allocated to the resulting sandbox',\n example: 1,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n cpu?: number\n\n @ApiPropertyOptional({\n description: 'GPU units allocated to the resulting sandbox',\n example: 0,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n gpu?: number\n\n @ApiPropertyOptional({\n description: 'Memory allocated to the resulting sandbox in GB',\n example: 1,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n memory?: number\n\n @ApiPropertyOptional({\n description: 'Disk space allocated to the sandbox in GB',\n example: 3,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n disk?: number\n\n @ApiPropertyOptional({\n description: 'Build information for the snapshot',\n type: CreateBuildInfoDto,\n })\n @IsOptional()\n @IsObject()\n buildInfo?: CreateBuildInfoDto\n\n @ApiPropertyOptional({\n description:\n 'ID of the region where the snapshot will be available. Defaults to organization default region if not specified.',\n })\n @IsOptional()\n @IsString()\n regionId?: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/create-volume.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsString } from 'class-validator'\n\n@ApiSchema({ name: 'CreateVolume' })\nexport class CreateVolumeDto {\n @ApiProperty()\n @IsString()\n name?: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/create-workspace.deprecated.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { IsEnum, IsObject, IsOptional, IsString, IsNumber, IsBoolean } from 'class-validator'\nimport { ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { SandboxClass } from '../enums/sandbox-class.enum'\nimport { SandboxVolume } from './sandbox.dto'\nimport { CreateBuildInfoDto } from './create-build-info.dto'\n\nenum RunnerRegion {\n EU = 'eu',\n US = 'us',\n ASIA = 'asia',\n}\n@ApiSchema({ name: 'CreateWorkspace' })\nexport class CreateWorkspaceDto {\n @ApiPropertyOptional({\n description: 'The image used for the workspace',\n example: 'daytonaio/workspace:latest',\n })\n @IsOptional()\n @IsString()\n image?: string\n\n @ApiPropertyOptional({\n description: 'The user associated with the project',\n example: 'daytona',\n })\n @IsOptional()\n @IsString()\n user?: string\n\n @ApiPropertyOptional({\n description: 'Environment variables for the workspace',\n type: 'object',\n additionalProperties: { type: 'string' },\n example: { NODE_ENV: 'production' },\n })\n @IsOptional()\n @IsObject()\n env?: { [key: string]: string }\n\n @ApiPropertyOptional({\n description: 'Labels for the workspace',\n type: 'object',\n additionalProperties: { type: 'string' },\n example: { 'daytona.io/public': 'true' },\n })\n @IsOptional()\n @IsObject()\n labels?: { [key: string]: string }\n\n @ApiPropertyOptional({\n description: 'Whether the workspace http preview is publicly accessible',\n example: false,\n })\n @IsOptional()\n @IsBoolean()\n public?: boolean\n\n @ApiPropertyOptional({\n description: 'The workspace class type',\n enum: SandboxClass,\n example: Object.values(SandboxClass)[0],\n })\n @IsOptional()\n @IsEnum(SandboxClass)\n class?: SandboxClass\n\n @ApiPropertyOptional({\n description: 'The target (region) where the workspace will be created',\n enum: RunnerRegion,\n example: Object.values(RunnerRegion)[0],\n })\n @IsOptional()\n @IsEnum(RunnerRegion)\n target?: RunnerRegion\n\n @ApiPropertyOptional({\n description: 'CPU cores allocated to the workspace',\n example: 2,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n cpu?: number\n\n @ApiPropertyOptional({\n description: 'GPU units allocated to the workspace',\n example: 1,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n gpu?: number\n\n @ApiPropertyOptional({\n description: 'Memory allocated to the workspace in GB',\n example: 1,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n memory?: number\n\n @ApiPropertyOptional({\n description: 'Disk space allocated to the workspace in GB',\n example: 3,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n disk?: number\n\n @ApiPropertyOptional({\n description: 'Auto-stop interval in minutes (0 means disabled)',\n example: 30,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n autoStopInterval?: number\n\n @ApiPropertyOptional({\n description: 'Auto-archive interval in minutes (0 means the maximum interval will be used)',\n example: 7 * 24 * 60,\n type: 'integer',\n })\n @IsOptional()\n @IsNumber()\n autoArchiveInterval?: number\n\n @ApiPropertyOptional({\n description: 'Array of volumes to attach to the workspace',\n type: [SandboxVolume],\n required: false,\n })\n @IsOptional()\n volumes?: SandboxVolume[]\n\n @ApiPropertyOptional({\n description: 'Build information for the workspace',\n type: CreateBuildInfoDto,\n })\n @IsOptional()\n @IsObject()\n buildInfo?: CreateBuildInfoDto\n}\n" }, { "path": "apps/api/src/sandbox/dto/download-files.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'DownloadFiles' })\nexport class DownloadFilesDto {\n @ApiProperty({\n description: 'List of remote file paths to download',\n type: [String],\n })\n paths: string[]\n}\n" }, { "path": "apps/api/src/sandbox/dto/job-type-map.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { JobType } from '../enums/job-type.enum'\nimport { ResourceType } from '../enums/resource-type.enum'\n\n/**\n * Type-safe mapping between JobType and its corresponding ResourceType(s) + Payload\n * This ensures compile-time safety when creating jobs\n * resourceType is an array of allowed ResourceTypes - the user can supply any of them\n */\nexport interface JobTypeMap {\n [JobType.CREATE_SANDBOX]: {\n resourceType: [ResourceType.SANDBOX]\n }\n [JobType.START_SANDBOX]: {\n resourceType: [ResourceType.SANDBOX]\n }\n [JobType.STOP_SANDBOX]: {\n resourceType: [ResourceType.SANDBOX]\n }\n [JobType.DESTROY_SANDBOX]: {\n resourceType: [ResourceType.SANDBOX]\n }\n [JobType.RESIZE_SANDBOX]: {\n resourceType: [ResourceType.SANDBOX]\n }\n [JobType.CREATE_BACKUP]: {\n resourceType: [ResourceType.SANDBOX]\n }\n [JobType.BUILD_SNAPSHOT]: {\n resourceType: [ResourceType.SANDBOX, ResourceType.SNAPSHOT]\n }\n [JobType.PULL_SNAPSHOT]: {\n resourceType: [ResourceType.SNAPSHOT]\n }\n [JobType.REMOVE_SNAPSHOT]: {\n resourceType: [ResourceType.SNAPSHOT]\n }\n [JobType.UPDATE_SANDBOX_NETWORK_SETTINGS]: {\n resourceType: [ResourceType.SANDBOX]\n }\n [JobType.INSPECT_SNAPSHOT_IN_REGISTRY]: {\n resourceType: [ResourceType.SNAPSHOT]\n }\n [JobType.RECOVER_SANDBOX]: {\n resourceType: [ResourceType.SANDBOX]\n }\n}\n\n/**\n * Helper type to extract the allowed resource types for a given JobType as a union\n */\nexport type ResourceTypeForJobType = JobTypeMap[T]['resourceType'][number]\n" }, { "path": "apps/api/src/sandbox/dto/job.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { IsEnum, IsObject, IsOptional, IsString } from 'class-validator'\nimport { JobType } from '../enums/job-type.enum'\nimport { JobStatus } from '../enums/job-status.enum'\nimport { ResourceType } from '../enums/resource-type.enum'\nimport { Job } from '../entities/job.entity'\nimport { PageNumber } from '../../common/decorators/page-number.decorator'\nimport { PageLimit } from '../../common/decorators/page-limit.decorator'\n\n// Re-export enums for convenience\nexport { JobType, JobStatus, ResourceType }\n\n@ApiSchema({ name: 'Job' })\nexport class JobDto {\n @ApiProperty({\n description: 'The ID of the job',\n example: 'job123',\n })\n id: string\n\n @ApiProperty({\n description: 'The type of the job',\n enum: JobType,\n enumName: 'JobType',\n example: JobType.CREATE_SANDBOX,\n })\n @IsEnum(JobType)\n type: JobType\n\n @ApiProperty({\n description: 'The status of the job',\n enum: JobStatus,\n enumName: 'JobStatus',\n example: JobStatus.PENDING,\n })\n @IsEnum(JobStatus)\n status: JobStatus\n\n @ApiProperty({\n description: 'The type of resource this job operates on',\n enum: ResourceType,\n example: ResourceType.SANDBOX,\n })\n @IsEnum(ResourceType)\n resourceType: ResourceType\n\n @ApiProperty({\n description: 'The ID of the resource this job operates on (sandboxId, snapshotRef, etc.)',\n example: 'sandbox123',\n })\n @IsString()\n resourceId: string\n\n @ApiPropertyOptional({\n description: 'Job-specific JSON-encoded payload data (operational metadata)',\n })\n @IsOptional()\n payload?: string\n\n @ApiPropertyOptional({\n description: 'OpenTelemetry trace context for distributed tracing (W3C Trace Context format)',\n type: 'object',\n additionalProperties: true,\n example: { traceparent: '00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01' },\n })\n @IsOptional()\n @IsObject()\n traceContext?: Record\n\n @ApiPropertyOptional({\n description: 'Error message if the job failed',\n example: 'Failed to create sandbox',\n })\n @IsOptional()\n @IsString()\n errorMessage?: string\n\n @ApiProperty({\n description: 'The creation timestamp of the job',\n example: '2024-10-01T12:00:00Z',\n })\n createdAt: string\n\n @ApiPropertyOptional({\n description: 'The last update timestamp of the job',\n example: '2024-10-01T12:00:00Z',\n })\n @IsOptional()\n updatedAt?: string\n\n constructor(job: Job) {\n this.id = job.id\n this.type = job.type\n this.status = job.status\n this.resourceType = job.resourceType\n this.resourceId = job.resourceId\n this.payload = job.payload || undefined\n this.traceContext = job.traceContext || undefined\n this.errorMessage = job.errorMessage || undefined\n this.createdAt = job.createdAt.toISOString()\n this.updatedAt = job.updatedAt?.toISOString()\n }\n}\n\n@ApiSchema({ name: 'PollJobsRequest' })\nexport class PollJobsRequestDto {\n @ApiPropertyOptional({\n description: 'Timeout in seconds for long polling (default: 30)',\n example: 30,\n })\n @IsOptional()\n timeout?: number\n\n @ApiPropertyOptional({\n description: 'Maximum number of jobs to return',\n example: 10,\n })\n @IsOptional()\n limit?: number\n}\n\n@ApiSchema({ name: 'PollJobsResponse' })\nexport class PollJobsResponseDto {\n @ApiProperty({\n description: 'List of jobs',\n type: [JobDto],\n })\n jobs: JobDto[]\n}\n\n@ApiSchema({ name: 'PaginatedJobs' })\nexport class PaginatedJobsDto {\n @ApiProperty({ type: [JobDto] })\n items: JobDto[]\n\n @ApiProperty()\n total: number\n\n @ApiProperty()\n page: number\n\n @ApiProperty()\n totalPages: number\n}\n\n@ApiSchema({ name: 'ListJobsQuery' })\nexport class ListJobsQueryDto {\n @PageNumber(1)\n page = 1\n\n @PageLimit(100)\n limit = 100\n\n @ApiPropertyOptional({\n description: 'Filter by job status',\n enum: JobStatus,\n enumName: 'JobStatus',\n example: JobStatus.PENDING,\n })\n @IsOptional()\n @IsEnum(JobStatus)\n status?: JobStatus\n}\n\n@ApiSchema({ name: 'UpdateJobStatus' })\nexport class UpdateJobStatusDto {\n @ApiProperty({\n description: 'The new status of the job',\n enum: JobStatus,\n enumName: 'JobStatus',\n example: JobStatus.IN_PROGRESS,\n })\n @IsEnum(JobStatus)\n status: JobStatus\n\n @ApiPropertyOptional({\n description: 'Error message if the job failed',\n example: 'Failed to create sandbox',\n })\n @IsOptional()\n @IsString()\n errorMessage?: string\n\n @ApiPropertyOptional({\n description: 'Result metadata for the job',\n })\n @IsOptional()\n @IsString()\n resultMetadata?: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/list-sandboxes-query.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsBoolean, IsInt, IsOptional, IsString, IsArray, IsEnum, IsDate, Min } from 'class-validator'\nimport { Type } from 'class-transformer'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { ToArray } from '../../common/decorators/to-array.decorator'\nimport { PageNumber } from '../../common/decorators/page-number.decorator'\nimport { PageLimit } from '../../common/decorators/page-limit.decorator'\n\nexport enum SandboxSortField {\n ID = 'id',\n NAME = 'name',\n STATE = 'state',\n SNAPSHOT = 'snapshot',\n REGION = 'region',\n UPDATED_AT = 'updatedAt',\n CREATED_AT = 'createdAt',\n}\n\nexport enum SandboxSortDirection {\n ASC = 'asc',\n DESC = 'desc',\n}\n\nexport const DEFAULT_SANDBOX_SORT_FIELD = SandboxSortField.CREATED_AT\nexport const DEFAULT_SANDBOX_SORT_DIRECTION = SandboxSortDirection.DESC\n\nconst VALID_QUERY_STATES = Object.values(SandboxState).filter((state) => state !== SandboxState.DESTROYED)\n\n@ApiSchema({ name: 'ListSandboxesQuery' })\nexport class ListSandboxesQueryDto {\n @PageNumber(1)\n page = 1\n\n @PageLimit(100)\n limit = 100\n\n @ApiProperty({\n name: 'id',\n description: 'Filter by partial ID match',\n required: false,\n type: String,\n example: 'abc123',\n })\n @IsOptional()\n @IsString()\n id?: string\n\n @ApiProperty({\n name: 'name',\n description: 'Filter by partial name match',\n required: false,\n type: String,\n example: 'abc123',\n })\n @IsOptional()\n @IsString()\n name?: string\n\n @ApiProperty({\n name: 'labels',\n description: 'JSON encoded labels to filter by',\n required: false,\n type: String,\n example: '{\"label1\": \"value1\", \"label2\": \"value2\"}',\n })\n @IsOptional()\n @IsString()\n labels?: string\n\n @ApiProperty({\n name: 'includeErroredDeleted',\n description: 'Include results with errored state and deleted desired state',\n required: false,\n type: Boolean,\n default: false,\n })\n @IsOptional()\n @Type(() => Boolean)\n @IsBoolean()\n includeErroredDeleted?: boolean\n\n @ApiProperty({\n name: 'states',\n description: 'List of states to filter by',\n required: false,\n enum: VALID_QUERY_STATES,\n isArray: true,\n })\n @IsOptional()\n @ToArray()\n @IsArray()\n @IsEnum(VALID_QUERY_STATES, {\n each: true,\n message: `each value must be one of the following values: ${VALID_QUERY_STATES.join(', ')}`,\n })\n states?: SandboxState[]\n\n @ApiProperty({\n name: 'snapshots',\n description: 'List of snapshot names to filter by',\n required: false,\n type: [String],\n })\n @IsOptional()\n @ToArray()\n @IsArray()\n @IsString({ each: true })\n snapshots?: string[]\n\n @ApiProperty({\n name: 'regions',\n description: 'List of regions to filter by',\n required: false,\n type: [String],\n })\n @IsOptional()\n @ToArray()\n @IsArray()\n @IsString({ each: true })\n regions?: string[]\n\n @ApiProperty({\n name: 'minCpu',\n description: 'Minimum CPU',\n required: false,\n type: Number,\n minimum: 1,\n })\n @IsOptional()\n @Type(() => Number)\n @IsInt()\n @Min(1)\n minCpu?: number\n\n @ApiProperty({\n name: 'maxCpu',\n description: 'Maximum CPU',\n required: false,\n type: Number,\n minimum: 1,\n })\n @IsOptional()\n @Type(() => Number)\n @IsInt()\n @Min(1)\n maxCpu?: number\n\n @ApiProperty({\n name: 'minMemoryGiB',\n description: 'Minimum memory in GiB',\n required: false,\n type: Number,\n minimum: 1,\n })\n @IsOptional()\n @Type(() => Number)\n @IsInt()\n @Min(1)\n minMemoryGiB?: number\n\n @ApiProperty({\n name: 'maxMemoryGiB',\n description: 'Maximum memory in GiB',\n required: false,\n type: Number,\n minimum: 1,\n })\n @IsOptional()\n @Type(() => Number)\n @IsInt()\n @Min(1)\n maxMemoryGiB?: number\n\n @ApiProperty({\n name: 'minDiskGiB',\n description: 'Minimum disk space in GiB',\n required: false,\n type: Number,\n minimum: 1,\n })\n @IsOptional()\n @Type(() => Number)\n @IsInt()\n @Min(1)\n minDiskGiB?: number\n\n @ApiProperty({\n name: 'maxDiskGiB',\n description: 'Maximum disk space in GiB',\n required: false,\n type: Number,\n minimum: 1,\n })\n @IsOptional()\n @Type(() => Number)\n @IsInt()\n @Min(1)\n maxDiskGiB?: number\n\n @ApiProperty({\n name: 'lastEventAfter',\n description: 'Include items with last event after this timestamp',\n required: false,\n type: String,\n format: 'date-time',\n example: '2024-01-01T00:00:00Z',\n })\n @IsOptional()\n @Type(() => Date)\n @IsDate()\n lastEventAfter?: Date\n\n @ApiProperty({\n name: 'lastEventBefore',\n description: 'Include items with last event before this timestamp',\n required: false,\n type: String,\n format: 'date-time',\n example: '2024-12-31T23:59:59Z',\n })\n @IsOptional()\n @Type(() => Date)\n @IsDate()\n lastEventBefore?: Date\n\n @ApiProperty({\n name: 'sort',\n description: 'Field to sort by',\n required: false,\n enum: SandboxSortField,\n default: DEFAULT_SANDBOX_SORT_FIELD,\n })\n @IsOptional()\n @IsEnum(SandboxSortField)\n sort = DEFAULT_SANDBOX_SORT_FIELD\n\n @ApiProperty({\n name: 'order',\n description: 'Direction to sort by',\n required: false,\n enum: SandboxSortDirection,\n default: DEFAULT_SANDBOX_SORT_DIRECTION,\n })\n @IsOptional()\n @IsEnum(SandboxSortDirection)\n order = DEFAULT_SANDBOX_SORT_DIRECTION\n}\n" }, { "path": "apps/api/src/sandbox/dto/list-snapshots-query.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsOptional, IsString, IsEnum } from 'class-validator'\nimport { PageNumber } from '../../common/decorators/page-number.decorator'\nimport { PageLimit } from '../../common/decorators/page-limit.decorator'\n\nexport enum SnapshotSortField {\n NAME = 'name',\n STATE = 'state',\n LAST_USED_AT = 'lastUsedAt',\n CREATED_AT = 'createdAt',\n}\n\nexport enum SnapshotSortDirection {\n ASC = 'asc',\n DESC = 'desc',\n}\n\n@ApiSchema({ name: 'ListSnapshotsQuery' })\nexport class ListSnapshotsQueryDto {\n @PageNumber(1)\n page = 1\n\n @PageLimit(100)\n limit = 100\n\n @ApiProperty({\n name: 'name',\n description: 'Filter by partial name match',\n required: false,\n type: String,\n example: 'abc123',\n })\n @IsOptional()\n @IsString()\n name?: string\n\n @ApiProperty({\n name: 'sort',\n description: 'Field to sort by',\n required: false,\n enum: SnapshotSortField,\n default: SnapshotSortField.LAST_USED_AT,\n })\n @IsOptional()\n @IsEnum(SnapshotSortField)\n sort = SnapshotSortField.LAST_USED_AT\n\n @ApiProperty({\n name: 'order',\n description: 'Direction to sort by',\n required: false,\n enum: SnapshotSortDirection,\n default: SnapshotSortDirection.DESC,\n })\n @IsOptional()\n @IsEnum(SnapshotSortDirection)\n order = SnapshotSortDirection.DESC\n}\n" }, { "path": "apps/api/src/sandbox/dto/lsp.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { IsString, IsNumber, IsOptional, ValidateNested, IsArray, IsBoolean } from 'class-validator'\nimport { Type } from 'class-transformer'\n\n@ApiSchema({ name: 'LspServerRequest' })\nexport class LspServerRequestDto {\n @ApiProperty({ description: 'Language identifier' })\n @IsString()\n languageId: string\n\n @ApiProperty({ description: 'Path to the project' })\n @IsString()\n pathToProject: string\n}\n\n@ApiSchema({ name: 'LspDocumentRequest' })\nexport class LspDocumentRequestDto extends LspServerRequestDto {\n @ApiProperty({ description: 'Document URI' })\n @IsString()\n uri: string\n}\n\n@ApiSchema({ name: 'Position' })\nexport class PositionDto {\n @ApiProperty()\n @IsNumber()\n line: number\n\n @ApiProperty()\n @IsNumber()\n character: number\n}\n\n@ApiSchema({ name: 'CompletionContext' })\nexport class CompletionContextDto {\n @ApiProperty()\n @IsNumber()\n triggerKind: number\n\n @ApiPropertyOptional()\n @IsOptional()\n @IsString()\n triggerCharacter?: string\n}\n\n@ApiSchema({ name: 'LspCompletionParams' })\nexport class LspCompletionParamsDto extends LspDocumentRequestDto {\n @ApiProperty()\n @ValidateNested()\n @Type(() => PositionDto)\n position: PositionDto\n\n @ApiPropertyOptional()\n @IsOptional()\n @ValidateNested()\n @Type(() => CompletionContextDto)\n context?: CompletionContextDto\n}\n\n@ApiSchema({ name: 'Range' })\nexport class RangeDto {\n @ApiProperty()\n @ValidateNested()\n @Type(() => PositionDto)\n start: PositionDto\n\n @ApiProperty()\n @ValidateNested()\n @Type(() => PositionDto)\n end: PositionDto\n}\n\n@ApiSchema({ name: 'CompletionItem' })\nexport class CompletionItemDto {\n @ApiProperty()\n @IsString()\n label: string\n\n @ApiPropertyOptional()\n @IsOptional()\n @IsNumber()\n kind?: number\n\n @ApiPropertyOptional()\n @IsOptional()\n @IsString()\n detail?: string\n\n @ApiPropertyOptional()\n @IsOptional()\n documentation?: any\n\n @ApiPropertyOptional()\n @IsOptional()\n @IsString()\n sortText?: string\n\n @ApiPropertyOptional()\n @IsOptional()\n @IsString()\n filterText?: string\n\n @ApiPropertyOptional()\n @IsOptional()\n @IsString()\n insertText?: string\n}\n\n@ApiSchema({ name: 'CompletionList' })\nexport class CompletionListDto {\n @ApiProperty()\n @IsBoolean()\n isIncomplete: boolean\n\n @ApiProperty({ type: [CompletionItemDto] })\n @IsArray()\n @ValidateNested({ each: true })\n @Type(() => CompletionItemDto)\n items: CompletionItemDto[]\n}\n\n@ApiSchema({ name: 'LspLocation' })\nexport class LspLocationDto {\n @ApiProperty()\n @ValidateNested()\n @Type(() => RangeDto)\n range: RangeDto\n\n @ApiProperty()\n @IsString()\n uri: string\n}\n\n@ApiSchema({ name: 'LspSymbol' })\nexport class LspSymbolDto {\n @ApiProperty()\n @IsNumber()\n kind: number\n\n @ApiProperty()\n @ValidateNested()\n @Type(() => LspLocationDto)\n location: LspLocationDto\n\n @ApiProperty()\n @IsString()\n name: string\n}\n\n@ApiSchema({ name: 'WorkspaceSymbolParams' })\nexport class WorkspaceSymbolParamsDto {\n @ApiProperty()\n @IsString()\n query: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/paginated-sandboxes.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { SandboxDto } from './sandbox.dto'\n\n@ApiSchema({ name: 'PaginatedSandboxes' })\nexport class PaginatedSandboxesDto {\n @ApiProperty({ type: [SandboxDto] })\n items: SandboxDto[]\n\n @ApiProperty()\n total: number\n\n @ApiProperty()\n page: number\n\n @ApiProperty()\n totalPages: number\n}\n" }, { "path": "apps/api/src/sandbox/dto/paginated-snapshots.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { SnapshotDto } from './snapshot.dto'\n\n@ApiSchema({ name: 'PaginatedSnapshots' })\nexport class PaginatedSnapshotsDto {\n @ApiProperty({ type: [SnapshotDto] })\n items: SnapshotDto[]\n\n @ApiProperty()\n total: number\n\n @ApiProperty()\n page: number\n\n @ApiProperty()\n totalPages: number\n}\n" }, { "path": "apps/api/src/sandbox/dto/port-preview-url.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsNumber, IsString } from 'class-validator'\n\n@ApiSchema({ name: 'PortPreviewUrl' })\nexport class PortPreviewUrlDto {\n @ApiProperty({\n description: 'ID of the sandbox',\n example: '123456',\n })\n @IsString()\n sandboxId: string\n\n @ApiProperty({\n description: 'Preview url',\n example: 'https://{port}-{sandboxId}.{proxyDomain}',\n })\n @IsString()\n url: string\n\n @ApiProperty({\n description: 'Access token',\n example: 'ul67qtv-jl6wb9z5o3eii-ljqt9qed6l',\n })\n @IsString()\n token: string\n}\n\n@ApiSchema({ name: 'SignedPortPreviewUrl' })\nexport class SignedPortPreviewUrlDto {\n @ApiProperty({\n description: 'ID of the sandbox',\n example: '123456',\n })\n @IsString()\n sandboxId: string\n\n @ApiProperty({\n description: 'Port number of the signed preview URL',\n example: 3000,\n type: 'integer',\n })\n @IsNumber()\n port: number\n\n @ApiProperty({\n description: 'Token of the signed preview URL',\n example: 'jl6wb9z5o3eii',\n })\n @IsString()\n token: string\n\n @ApiProperty({\n description: 'Signed preview url',\n example: 'https://{port}-{token}.{proxyDomain}',\n })\n @IsString()\n url: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/registry-push-access-dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty } from '@nestjs/swagger'\n\nexport class RegistryPushAccessDto {\n @ApiProperty({\n description: 'Temporary username for registry authentication',\n example: 'temp-user-123',\n })\n username: string\n\n @ApiProperty({\n description: 'Temporary secret for registry authentication',\n example: 'eyJhbGciOiJIUzI1NiIs...',\n })\n secret: string\n\n @ApiProperty({\n description: 'Registry URL',\n example: 'registry.example.com',\n })\n registryUrl: string\n\n @ApiProperty({\n description: 'Registry ID',\n example: '123e4567-e89b-12d3-a456-426614174000',\n })\n registryId: string\n\n @ApiProperty({\n description: 'Registry project ID',\n example: 'library',\n })\n project: string\n\n @ApiProperty({\n description: 'Token expiration time in ISO format',\n example: '2023-12-31T23:59:59Z',\n })\n expiresAt: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/resize-sandbox.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { IsOptional, IsNumber, Min } from 'class-validator'\nimport { ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'ResizeSandbox' })\nexport class ResizeSandboxDto {\n @ApiPropertyOptional({\n description: 'CPU cores to allocate to the sandbox (minimum: 1)',\n example: 2,\n type: 'integer',\n minimum: 1,\n })\n @IsOptional()\n @IsNumber()\n @Min(1)\n cpu?: number\n\n @ApiPropertyOptional({\n description: 'Memory in GB to allocate to the sandbox (minimum: 1)',\n example: 4,\n type: 'integer',\n minimum: 1,\n })\n @IsOptional()\n @IsNumber()\n @Min(1)\n memory?: number\n\n @ApiPropertyOptional({\n description: 'Disk space in GB to allocate to the sandbox (can only be increased)',\n example: 20,\n type: 'integer',\n minimum: 1,\n })\n @IsOptional()\n @IsNumber()\n @Min(1)\n disk?: number\n}\n" }, { "path": "apps/api/src/sandbox/dto/runner-full.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { IsEnum, IsOptional } from 'class-validator'\nimport { Runner } from '../entities/runner.entity'\nimport { RunnerDto } from './runner.dto'\nimport { RegionType } from '../../region/enums/region-type.enum'\n\n@ApiSchema({ name: 'RunnerFull' })\nexport class RunnerFullDto extends RunnerDto {\n @ApiProperty({\n description: 'The API key for the runner',\n example: 'dtn_1234567890',\n })\n apiKey: string\n\n @ApiPropertyOptional({\n description: 'The region type of the runner',\n enum: RegionType,\n enumName: 'RegionType',\n example: Object.values(RegionType)[0],\n })\n @IsOptional()\n @IsEnum(RegionType)\n regionType?: RegionType\n\n static fromRunner(runner: Runner, regionType?: RegionType): RunnerFullDto {\n return {\n ...RunnerDto.fromRunner(runner),\n apiKey: runner.apiKey,\n regionType,\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/dto/runner-health.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { IsArray, IsBoolean, IsNumber, IsOptional, IsString, ValidateNested } from 'class-validator'\nimport { Type } from 'class-transformer'\n\n@ApiSchema({ name: 'RunnerHealthMetrics' })\nexport class RunnerHealthMetricsDto {\n @ApiProperty({\n description: 'Current CPU load average',\n example: 0.98,\n })\n @IsNumber()\n currentCpuLoadAverage: number\n\n @ApiProperty({\n description: 'Current CPU usage percentage',\n example: 45.5,\n })\n @IsNumber()\n currentCpuUsagePercentage: number\n\n @ApiProperty({\n description: 'Current memory usage percentage',\n example: 60.2,\n })\n @IsNumber()\n currentMemoryUsagePercentage: number\n\n @ApiProperty({\n description: 'Current disk usage percentage',\n example: 35.8,\n })\n @IsNumber()\n currentDiskUsagePercentage: number\n\n @ApiProperty({\n description: 'Currently allocated CPU cores',\n example: 8,\n })\n @IsNumber()\n currentAllocatedCpu: number\n\n @ApiProperty({\n description: 'Currently allocated memory in GiB',\n example: 16,\n })\n @IsNumber()\n currentAllocatedMemoryGiB: number\n\n @ApiProperty({\n description: 'Currently allocated disk in GiB',\n example: 100,\n })\n @IsNumber()\n currentAllocatedDiskGiB: number\n\n @ApiProperty({\n description: 'Number of snapshots currently stored',\n example: 5,\n })\n @IsNumber()\n currentSnapshotCount: number\n\n @ApiProperty({\n description: 'Number of started sandboxes',\n example: 10,\n })\n @IsNumber()\n currentStartedSandboxes: number\n\n @ApiProperty({\n description: 'Total CPU cores on the runner',\n example: 8,\n })\n @IsNumber()\n cpu: number\n\n @ApiProperty({\n description: 'Total RAM in GiB on the runner',\n example: 16,\n })\n @IsNumber()\n memoryGiB: number\n\n @ApiProperty({\n description: 'Total disk space in GiB on the runner',\n example: 100,\n })\n @IsNumber()\n diskGiB: number\n}\n\n@ApiSchema({ name: 'RunnerServiceHealth' })\nexport class RunnerServiceHealthDto {\n @ApiProperty({\n description: 'Name of the service being checked',\n example: 'runner',\n })\n @IsString()\n serviceName: string\n\n @ApiProperty({\n description: 'Whether the service is healthy',\n example: false,\n })\n @IsBoolean()\n healthy: boolean\n\n @ApiPropertyOptional({\n description: 'Error reason if the service is unhealthy',\n example: 'Cannot connect to the runner',\n })\n @IsOptional()\n @IsString()\n errorReason?: string\n}\n\n@ApiSchema({ name: 'RunnerHealthcheck' })\nexport class RunnerHealthcheckDto {\n @ApiPropertyOptional({\n description: 'Runner metrics',\n type: RunnerHealthMetricsDto,\n })\n @IsOptional()\n metrics?: RunnerHealthMetricsDto\n\n @ApiPropertyOptional({\n description: 'Health status of individual services on the runner',\n type: [RunnerServiceHealthDto],\n })\n @IsOptional()\n @IsArray()\n @ValidateNested({ each: true })\n @Type(() => RunnerServiceHealthDto)\n serviceHealth?: RunnerServiceHealthDto[]\n\n @ApiPropertyOptional({\n description: 'Runner domain',\n example: 'runner-123.daytona.example.com',\n })\n @IsOptional()\n domain?: string\n\n @ApiPropertyOptional({\n description: 'Runner proxy URL',\n example: 'http://proxy.daytona.example.com:8080',\n })\n @IsOptional()\n proxyUrl?: string\n\n @ApiPropertyOptional({\n description: 'Runner API URL',\n example: 'http://api.daytona.example.com:8080',\n })\n @IsOptional()\n apiUrl?: string\n\n @ApiProperty({\n description: 'Runner app version',\n example: 'v0.0.0-dev',\n })\n @IsString()\n appVersion: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/runner-snapshot.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'\n\nexport class RunnerSnapshotDto {\n @ApiProperty({\n description: 'Runner snapshot ID',\n example: '123e4567-e89b-12d3-a456-426614174000',\n })\n runnerSnapshotId: string\n\n @ApiProperty({\n description: 'Runner ID',\n example: '123e4567-e89b-12d3-a456-426614174000',\n })\n runnerId: string\n\n @ApiPropertyOptional({\n description: 'Runner domain',\n example: 'runner.example.com',\n })\n runnerDomain?: string\n\n constructor(runnerSnapshotId: string, runnerId: string, runnerDomain: string | null) {\n this.runnerSnapshotId = runnerSnapshotId\n this.runnerId = runnerId\n this.runnerDomain = runnerDomain ?? undefined\n }\n}\n" }, { "path": "apps/api/src/sandbox/dto/runner-status.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'RunnerStatus' })\nexport class RunnerStatusDto {\n @ApiProperty({\n description: 'Current CPU usage percentage',\n example: 45.6,\n })\n currentCpuUsagePercentage: number\n\n @ApiProperty({\n description: 'Current RAM usage percentage',\n example: 68.2,\n })\n currentMemoryUsagePercentage: number\n\n @ApiProperty({\n description: 'Current disk usage percentage',\n example: 33.8,\n })\n currentDiskUsagePercentage: number\n\n @ApiProperty({\n description: 'Current allocated CPU',\n example: 4000,\n })\n currentAllocatedCpu: number\n\n @ApiProperty({\n description: 'Current allocated memory',\n example: 8000,\n })\n currentAllocatedMemoryGiB: number\n\n @ApiProperty({\n description: 'Current allocated disk',\n example: 50000,\n })\n currentAllocatedDiskGiB: number\n\n @ApiProperty({\n description: 'Current snapshot count',\n example: 12,\n })\n currentSnapshotCount: number\n\n @ApiProperty({\n description: 'Runner status',\n example: 'ok',\n })\n status: string\n\n @ApiProperty({\n description: 'Runner version',\n example: '0.0.1',\n })\n version: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/runner.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { IsEnum, IsOptional } from 'class-validator'\nimport { Runner } from '../entities/runner.entity'\nimport { SandboxClass } from '../enums/sandbox-class.enum'\nimport { RunnerState } from '../enums/runner-state.enum'\n\n@ApiSchema({ name: 'Runner' })\nexport class RunnerDto {\n @ApiProperty({\n description: 'The ID of the runner',\n example: 'runner123',\n })\n id: string\n\n @ApiProperty({\n description: 'The domain of the runner',\n example: 'runner1.example.com',\n required: false,\n })\n @IsOptional()\n domain?: string\n\n @ApiProperty({\n description: 'The API URL of the runner',\n example: 'https://api.runner1.example.com',\n required: false,\n })\n @IsOptional()\n apiUrl?: string\n\n @ApiProperty({\n description: 'The proxy URL of the runner',\n example: 'https://proxy.runner1.example.com',\n required: false,\n })\n @IsOptional()\n proxyUrl?: string\n\n @ApiProperty({\n description: 'The CPU capacity of the runner',\n example: 8,\n })\n cpu: number\n\n @ApiProperty({\n description: 'The memory capacity of the runner in GiB',\n example: 16,\n })\n memory: number\n\n @ApiProperty({\n description: 'The disk capacity of the runner in GiB',\n example: 100,\n })\n disk: number\n\n @ApiProperty({\n description: 'The GPU capacity of the runner',\n example: 1,\n required: false,\n })\n @IsOptional()\n gpu?: number\n\n @ApiProperty({\n description: 'The type of GPU',\n required: false,\n })\n @IsOptional()\n gpuType?: string\n\n @ApiProperty({\n description: 'The class of the runner',\n enum: SandboxClass,\n enumName: 'SandboxClass',\n example: SandboxClass.SMALL,\n })\n @IsEnum(SandboxClass)\n class: SandboxClass\n\n @ApiPropertyOptional({\n description: 'Current CPU usage percentage',\n example: 45.6,\n })\n currentCpuUsagePercentage: number\n\n @ApiPropertyOptional({\n description: 'Current RAM usage percentage',\n example: 68.2,\n })\n currentMemoryUsagePercentage: number\n\n @ApiPropertyOptional({\n description: 'Current disk usage percentage',\n example: 33.8,\n })\n currentDiskUsagePercentage: number\n\n @ApiPropertyOptional({\n description: 'Current allocated CPU',\n example: 4000,\n })\n currentAllocatedCpu: number\n\n @ApiPropertyOptional({\n description: 'Current allocated memory in GiB',\n example: 8000,\n })\n currentAllocatedMemoryGiB: number\n\n @ApiPropertyOptional({\n description: 'Current allocated disk in GiB',\n example: 50000,\n })\n currentAllocatedDiskGiB: number\n\n @ApiPropertyOptional({\n description: 'Current snapshot count',\n example: 12,\n })\n currentSnapshotCount: number\n\n @ApiPropertyOptional({\n description: 'Current number of started sandboxes',\n example: 5,\n })\n currentStartedSandboxes: number\n\n @ApiPropertyOptional({\n description: 'Runner availability score',\n example: 85,\n })\n availabilityScore: number\n\n @ApiProperty({\n description: 'The region of the runner',\n example: 'us',\n })\n region: string\n\n @ApiProperty({\n description: 'The name of the runner',\n example: 'runner1',\n })\n name: string\n\n @ApiProperty({\n description: 'The state of the runner',\n enum: RunnerState,\n enumName: 'RunnerState',\n example: RunnerState.INITIALIZING,\n })\n @IsEnum(RunnerState)\n state: RunnerState\n\n @ApiPropertyOptional({\n description: 'The last time the runner was checked',\n example: '2024-10-01T12:00:00Z',\n required: false,\n })\n @IsOptional()\n lastChecked?: string\n\n @ApiProperty({\n description: 'Whether the runner is unschedulable',\n example: false,\n })\n unschedulable: boolean\n\n @ApiProperty({\n description: 'The creation timestamp of the runner',\n example: '2023-10-01T12:00:00Z',\n })\n createdAt: string\n\n @ApiProperty({\n description: 'The last update timestamp of the runner',\n example: '2023-10-01T12:00:00Z',\n })\n updatedAt: string\n\n @ApiProperty({\n description: 'The version of the runner (deprecated in favor of apiVersion)',\n example: '0',\n deprecated: true,\n })\n version: string\n\n @ApiProperty({\n description: 'The api version of the runner',\n example: '0',\n deprecated: true,\n })\n apiVersion: string\n\n @ApiPropertyOptional({\n description: 'The app version of the runner',\n example: 'v0.0.0-dev',\n deprecated: true,\n })\n @IsOptional()\n appVersion?: string\n\n static fromRunner(runner: Runner): RunnerDto {\n return {\n id: runner.id,\n domain: runner.domain,\n apiUrl: runner.apiUrl,\n proxyUrl: runner.proxyUrl,\n cpu: runner.cpu,\n memory: runner.memoryGiB,\n disk: runner.diskGiB,\n gpu: runner.gpu,\n gpuType: runner.gpuType,\n class: runner.class,\n currentCpuUsagePercentage: runner.currentCpuUsagePercentage,\n currentMemoryUsagePercentage: runner.currentMemoryUsagePercentage,\n currentDiskUsagePercentage: runner.currentDiskUsagePercentage,\n currentAllocatedCpu: runner.currentAllocatedCpu,\n currentAllocatedMemoryGiB: runner.currentAllocatedMemoryGiB,\n currentAllocatedDiskGiB: runner.currentAllocatedDiskGiB,\n currentSnapshotCount: runner.currentSnapshotCount,\n currentStartedSandboxes: runner.currentStartedSandboxes,\n availabilityScore: runner.availabilityScore,\n region: runner.region,\n name: runner.name,\n state: runner.state,\n lastChecked: runner.lastChecked?.toISOString(),\n unschedulable: runner.unschedulable,\n createdAt: runner.createdAt.toISOString(),\n updatedAt: runner.updatedAt.toISOString(),\n version: runner.apiVersion,\n apiVersion: runner.apiVersion,\n appVersion: runner.appVersion,\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/dto/sandbox.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { IsEnum, IsOptional } from 'class-validator'\nimport { BackupState } from '../enums/backup-state.enum'\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { SandboxDesiredState } from '../enums/sandbox-desired-state.enum'\nimport { BuildInfoDto } from './build-info.dto'\nimport { SandboxClass } from '../enums/sandbox-class.enum'\n\n@ApiSchema({ name: 'SandboxVolume' })\nexport class SandboxVolume {\n @ApiProperty({\n description: 'The ID of the volume',\n example: 'volume123',\n })\n volumeId: string\n\n @ApiProperty({\n description: 'The mount path for the volume',\n example: '/data',\n })\n mountPath: string\n\n @ApiPropertyOptional({\n description:\n 'Optional subpath within the volume to mount. When specified, only this S3 prefix will be accessible. When omitted, the entire volume is mounted.',\n example: 'users/alice',\n })\n subpath?: string\n}\n\n@ApiSchema({ name: 'Sandbox' })\nexport class SandboxDto {\n @ApiProperty({\n description: 'The ID of the sandbox',\n example: 'sandbox123',\n })\n id: string\n\n @ApiProperty({\n description: 'The organization ID of the sandbox',\n example: 'organization123',\n })\n organizationId: string\n\n @ApiProperty({\n description: 'The name of the sandbox',\n example: 'MySandbox',\n })\n name: string\n\n @ApiPropertyOptional({\n description: 'The snapshot used for the sandbox',\n example: 'daytonaio/sandbox:latest',\n })\n snapshot: string\n\n @ApiProperty({\n description: 'The user associated with the project',\n example: 'daytona',\n })\n user: string\n\n @ApiProperty({\n description: 'Environment variables for the sandbox',\n type: 'object',\n additionalProperties: { type: 'string' },\n example: { NODE_ENV: 'production' },\n })\n env: Record\n\n @ApiProperty({\n description: 'Labels for the sandbox',\n type: 'object',\n additionalProperties: { type: 'string' },\n example: { 'daytona.io/public': 'true' },\n })\n labels: { [key: string]: string }\n\n @ApiProperty({\n description: 'Whether the sandbox http preview is public',\n example: false,\n })\n public: boolean\n\n @ApiProperty({\n description: 'Whether to block all network access for the sandbox',\n example: false,\n })\n networkBlockAll: boolean\n\n @ApiPropertyOptional({\n description: 'Comma-separated list of allowed CIDR network addresses for the sandbox',\n example: '192.168.1.0/16,10.0.0.0/24',\n })\n networkAllowList?: string\n\n @ApiProperty({\n description: 'The target environment for the sandbox',\n example: 'local',\n })\n target: string\n\n @ApiProperty({\n description: 'The CPU quota for the sandbox',\n example: 2,\n })\n cpu: number\n\n @ApiProperty({\n description: 'The GPU quota for the sandbox',\n example: 0,\n })\n gpu: number\n\n @ApiProperty({\n description: 'The memory quota for the sandbox',\n example: 4,\n })\n memory: number\n\n @ApiProperty({\n description: 'The disk quota for the sandbox',\n example: 10,\n })\n disk: number\n\n @ApiPropertyOptional({\n description: 'The state of the sandbox',\n enum: SandboxState,\n enumName: 'SandboxState',\n example: Object.values(SandboxState)[0],\n required: false,\n })\n @IsEnum(SandboxState)\n @IsOptional()\n state?: SandboxState\n\n @ApiPropertyOptional({\n description: 'The desired state of the sandbox',\n enum: SandboxDesiredState,\n enumName: 'SandboxDesiredState',\n example: Object.values(SandboxDesiredState)[0],\n required: false,\n })\n @IsEnum(SandboxDesiredState)\n @IsOptional()\n desiredState?: SandboxDesiredState\n\n @ApiPropertyOptional({\n description: 'The error reason of the sandbox',\n example: 'The sandbox is not running',\n required: false,\n })\n @IsOptional()\n errorReason?: string\n\n @ApiPropertyOptional({\n description: 'Whether the sandbox error is recoverable.',\n example: true,\n required: false,\n })\n @IsOptional()\n recoverable?: boolean\n\n @ApiPropertyOptional({\n description: 'The state of the backup',\n enum: BackupState,\n example: Object.values(BackupState)[0],\n required: false,\n })\n @IsEnum(BackupState)\n @IsOptional()\n backupState?: BackupState\n\n @ApiPropertyOptional({\n description: 'The creation timestamp of the last backup',\n example: '2024-10-01T12:00:00Z',\n required: false,\n })\n @IsOptional()\n backupCreatedAt?: string\n\n @ApiPropertyOptional({\n description: 'Auto-stop interval in minutes (0 means disabled)',\n example: 30,\n required: false,\n })\n @IsOptional()\n autoStopInterval?: number\n\n @ApiPropertyOptional({\n description: 'Auto-archive interval in minutes',\n example: 7 * 24 * 60,\n required: false,\n })\n @IsOptional()\n autoArchiveInterval?: number\n\n @ApiPropertyOptional({\n description:\n 'Auto-delete interval in minutes (negative value means disabled, 0 means delete immediately upon stopping)',\n example: 30,\n required: false,\n })\n @IsOptional()\n autoDeleteInterval?: number\n\n @ApiPropertyOptional({\n description: 'Array of volumes attached to the sandbox',\n type: [SandboxVolume],\n required: false,\n })\n @IsOptional()\n volumes?: SandboxVolume[]\n\n @ApiPropertyOptional({\n description: 'Build information for the sandbox',\n type: BuildInfoDto,\n required: false,\n })\n @IsOptional()\n buildInfo?: BuildInfoDto\n\n @ApiPropertyOptional({\n description: 'The creation timestamp of the sandbox',\n example: '2024-10-01T12:00:00Z',\n required: false,\n })\n @IsOptional()\n createdAt?: string\n\n @ApiPropertyOptional({\n description: 'The last update timestamp of the sandbox',\n example: '2024-10-01T12:00:00Z',\n required: false,\n })\n @IsOptional()\n updatedAt?: string\n\n @ApiPropertyOptional({\n description: 'The class of the sandbox',\n enum: SandboxClass,\n example: Object.values(SandboxClass)[0],\n required: false,\n deprecated: true,\n })\n @IsEnum(SandboxClass)\n @IsOptional()\n class?: SandboxClass\n\n @ApiPropertyOptional({\n description: 'The version of the daemon running in the sandbox',\n example: '1.0.0',\n required: false,\n })\n @IsOptional()\n daemonVersion?: string\n\n @ApiPropertyOptional({\n description: 'The runner ID of the sandbox',\n example: 'runner123',\n required: false,\n })\n @IsOptional()\n runnerId?: string\n\n @ApiProperty({\n description: 'The toolbox proxy URL for the sandbox',\n example: 'https://proxy.app.daytona.io/toolbox',\n })\n toolboxProxyUrl: string\n\n static fromSandbox(sandbox: Sandbox, toolboxProxyUrl: string): SandboxDto {\n return {\n id: sandbox.id,\n organizationId: sandbox.organizationId,\n name: sandbox.name,\n target: sandbox.region,\n snapshot: sandbox.snapshot,\n user: sandbox.osUser,\n env: sandbox.env,\n cpu: sandbox.cpu,\n gpu: sandbox.gpu,\n memory: sandbox.mem,\n disk: sandbox.disk,\n public: sandbox.public,\n networkBlockAll: sandbox.networkBlockAll,\n networkAllowList: sandbox.networkAllowList,\n labels: sandbox.labels,\n volumes: sandbox.volumes,\n state: this.getSandboxState(sandbox),\n desiredState: sandbox.desiredState,\n errorReason: sandbox.errorReason,\n recoverable: sandbox.recoverable,\n backupState: sandbox.backupState,\n backupCreatedAt: sandbox.lastBackupAt ? new Date(sandbox.lastBackupAt).toISOString() : undefined,\n autoStopInterval: sandbox.autoStopInterval,\n autoArchiveInterval: sandbox.autoArchiveInterval,\n autoDeleteInterval: sandbox.autoDeleteInterval,\n class: sandbox.class,\n createdAt: sandbox.createdAt ? new Date(sandbox.createdAt).toISOString() : undefined,\n updatedAt: sandbox.updatedAt ? new Date(sandbox.updatedAt).toISOString() : undefined,\n buildInfo: sandbox.buildInfo\n ? {\n dockerfileContent: sandbox.buildInfo.dockerfileContent,\n contextHashes: sandbox.buildInfo.contextHashes,\n createdAt: sandbox.buildInfo.createdAt,\n updatedAt: sandbox.buildInfo.updatedAt,\n snapshotRef: sandbox.buildInfo.snapshotRef,\n }\n : undefined,\n daemonVersion: sandbox.daemonVersion,\n runnerId: sandbox.runnerId,\n toolboxProxyUrl,\n }\n }\n\n private static getSandboxState(sandbox: Sandbox): SandboxState {\n switch (sandbox.state) {\n case SandboxState.STARTED:\n if (sandbox.desiredState === SandboxDesiredState.STOPPED) {\n return SandboxState.STOPPING\n }\n if (sandbox.desiredState === SandboxDesiredState.DESTROYED) {\n return SandboxState.DESTROYING\n }\n break\n case SandboxState.STOPPED:\n if (sandbox.desiredState === SandboxDesiredState.STARTED) {\n return SandboxState.STARTING\n }\n if (sandbox.desiredState === SandboxDesiredState.DESTROYED) {\n return SandboxState.DESTROYING\n }\n if (sandbox.desiredState === SandboxDesiredState.ARCHIVED) {\n return SandboxState.ARCHIVING\n }\n break\n case SandboxState.UNKNOWN:\n if (sandbox.desiredState === SandboxDesiredState.STARTED) {\n return SandboxState.CREATING\n }\n break\n }\n return sandbox.state\n }\n}\n\n@ApiSchema({ name: 'SandboxLabels' })\nexport class SandboxLabelsDto {\n @ApiProperty({\n description: 'Key-value pairs of labels',\n example: { environment: 'dev', team: 'backend' },\n type: 'object',\n additionalProperties: { type: 'string' },\n })\n labels: { [key: string]: string }\n}\n" }, { "path": "apps/api/src/sandbox/dto/snapshot.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'\nimport { SnapshotState } from '../enums/snapshot-state.enum'\nimport { Snapshot } from '../entities/snapshot.entity'\nimport { BuildInfoDto } from './build-info.dto'\nimport { IsOptional } from 'class-validator'\n\nexport class SnapshotDto {\n @ApiProperty()\n id: string\n\n @ApiPropertyOptional()\n organizationId?: string\n\n @ApiProperty()\n general: boolean\n\n @ApiProperty()\n name: string\n\n @ApiPropertyOptional()\n imageName?: string\n\n @ApiProperty({\n enum: SnapshotState,\n enumName: 'SnapshotState',\n })\n state: SnapshotState\n\n @ApiProperty({ nullable: true })\n size?: number\n\n @ApiProperty({ nullable: true })\n entrypoint?: string[]\n\n @ApiProperty()\n cpu: number\n\n @ApiProperty()\n gpu: number\n\n @ApiProperty()\n mem: number\n\n @ApiProperty()\n disk: number\n\n @ApiProperty({ nullable: true })\n errorReason?: string\n\n @ApiProperty()\n createdAt: Date\n\n @ApiProperty()\n updatedAt: Date\n\n @ApiProperty({ nullable: true })\n lastUsedAt?: Date\n\n @ApiPropertyOptional({\n description: 'Build information for the snapshot',\n type: BuildInfoDto,\n })\n buildInfo?: BuildInfoDto\n\n @ApiPropertyOptional({\n description: 'IDs of regions where the snapshot is available',\n type: [String],\n })\n regionIds?: string[]\n\n @ApiPropertyOptional({\n description: 'The initial runner ID of the snapshot',\n example: 'runner123',\n required: false,\n })\n @IsOptional()\n initialRunnerId?: string\n\n @ApiPropertyOptional({\n description: 'The snapshot reference',\n example: 'daytonaio/sandbox:latest',\n required: false,\n })\n @IsOptional()\n ref?: string\n\n static fromSnapshot(snapshot: Snapshot): SnapshotDto {\n return {\n id: snapshot.id,\n organizationId: snapshot.organizationId,\n general: snapshot.general,\n name: snapshot.name,\n imageName: snapshot.imageName,\n state: snapshot.state,\n size: snapshot.size,\n entrypoint: snapshot.entrypoint,\n cpu: snapshot.cpu,\n gpu: snapshot.gpu,\n mem: snapshot.mem,\n disk: snapshot.disk,\n errorReason: snapshot.errorReason,\n createdAt: snapshot.createdAt,\n updatedAt: snapshot.updatedAt,\n lastUsedAt: snapshot.lastUsedAt,\n buildInfo: snapshot.buildInfo\n ? {\n dockerfileContent: snapshot.buildInfo.dockerfileContent,\n contextHashes: snapshot.buildInfo.contextHashes,\n createdAt: snapshot.buildInfo.createdAt,\n updatedAt: snapshot.buildInfo.updatedAt,\n snapshotRef: snapshot.buildInfo.snapshotRef,\n }\n : undefined,\n regionIds: snapshot.snapshotRegions?.map((sr) => sr.regionId) ?? undefined,\n initialRunnerId: snapshot.initialRunnerId,\n ref: snapshot.ref,\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/dto/ssh-access.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty } from '@nestjs/swagger'\nimport { SshAccess } from '../entities/ssh-access.entity'\n\nexport class SshAccessDto {\n @ApiProperty({\n description: 'Unique identifier for the SSH access',\n example: '123e4567-e89b-12d3-a456-426614174000',\n })\n id: string\n\n @ApiProperty({\n description: 'ID of the sandbox this SSH access is for',\n example: '123e4567-e89b-12d3-a456-426614174000',\n })\n sandboxId: string\n\n @ApiProperty({\n description: 'SSH access token',\n example: 'abc123def456ghi789jkl012mno345pqr678stu901vwx234yz',\n })\n token: string\n\n @ApiProperty({\n description: 'When the SSH access expires',\n example: '2025-01-01T12:00:00.000Z',\n })\n expiresAt: Date\n\n @ApiProperty({\n description: 'When the SSH access was created',\n example: '2025-01-01T11:00:00.000Z',\n })\n createdAt: Date\n\n @ApiProperty({\n description: 'When the SSH access was last updated',\n example: '2025-01-01T11:00:00.000Z',\n })\n updatedAt: Date\n\n @ApiProperty({\n description: 'SSH command to connect to the sandbox',\n example: 'ssh -p 2222 token@localhost',\n })\n sshCommand: string\n\n static fromSshAccess(sshAccess: SshAccess, sshGatewayUrl: string): SshAccessDto {\n const dto = new SshAccessDto()\n dto.id = sshAccess.id\n dto.sandboxId = sshAccess.sandboxId\n dto.token = sshAccess.token\n dto.expiresAt = sshAccess.expiresAt\n dto.createdAt = sshAccess.createdAt\n dto.updatedAt = sshAccess.updatedAt\n // Robustly extract host and port from sshGatewayUrl\n let host: string\n let port: string\n try {\n // If protocol is present, use URL\n if (sshGatewayUrl.includes('://')) {\n const url = new URL(sshGatewayUrl)\n host = url.hostname\n port = url.port || '22'\n } else {\n // No protocol, parse manually\n const [hostPart, portPart] = sshGatewayUrl.split(':')\n host = hostPart\n port = portPart || '22'\n }\n } catch {\n // Fallback: treat as host only\n host = sshGatewayUrl\n port = '22'\n }\n\n if (port === '22') {\n dto.sshCommand = `ssh ${sshAccess.token}@${host}`\n } else {\n dto.sshCommand = `ssh -p ${port} ${sshAccess.token}@${host}`\n }\n\n return dto\n }\n}\n\nexport class SshAccessValidationDto {\n @ApiProperty({\n description: 'Whether the SSH access token is valid',\n example: true,\n })\n valid: boolean\n\n @ApiProperty({\n description: 'ID of the sandbox this SSH access is for',\n example: '123e4567-e89b-12d3-a456-426614174000',\n })\n sandboxId: string\n\n static fromValidationResult(valid: boolean, sandboxId: string): SshAccessValidationDto {\n const dto = new SshAccessValidationDto()\n dto.valid = valid\n dto.sandboxId = sandboxId\n return dto\n }\n}\n\nexport class RevokeSshAccessDto {\n @ApiProperty({\n description: 'ID of the sandbox',\n example: '123e4567-e89b-12d3-a456-426614174000',\n })\n sandboxId: string\n\n @ApiProperty({\n description: 'SSH access token to revoke',\n example: 'abc123def456ghi789jkl012mno345pqr678stu901vwx234yz',\n })\n token: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/storage-access-dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty } from '@nestjs/swagger'\n\nexport class StorageAccessDto {\n @ApiProperty({\n description: 'Access key for storage authentication',\n example: 'temp-user-123',\n })\n accessKey: string\n\n @ApiProperty({\n description: 'Secret key for storage authentication',\n example: 'abchbGciOiJIUzI1NiIs...',\n })\n secret: string\n\n @ApiProperty({\n description: 'Session token for storage authentication',\n example: 'eyJhbGciOiJIUzI1NiIs...',\n })\n sessionToken: string\n\n @ApiProperty({\n description: 'Storage URL',\n example: 'storage.example.com',\n })\n storageUrl: string\n\n @ApiProperty({\n description: 'Organization ID',\n example: '123e4567-e89b-12d3-a456-426614174000',\n })\n organizationId: string\n\n @ApiProperty({\n description: 'S3 bucket name',\n example: 'daytona',\n })\n bucket: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/toolbox-proxy-url.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'ToolboxProxyUrl' })\nexport class ToolboxProxyUrlDto {\n @ApiProperty({\n description: 'The toolbox proxy URL for the sandbox',\n example: 'https://proxy.app.daytona.io/toolbox',\n })\n url: string\n\n constructor(url: string) {\n this.url = url\n }\n}\n" }, { "path": "apps/api/src/sandbox/dto/toolbox.deprecated.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { IsString, IsBoolean, IsOptional, IsArray } from 'class-validator'\n\n@ApiSchema({ name: 'FileInfo' })\nexport class FileInfoDto {\n @ApiProperty()\n name: string\n\n @ApiProperty()\n isDir: boolean\n\n @ApiProperty()\n size: number\n\n @ApiProperty()\n modTime: string\n\n @ApiProperty()\n mode: string\n\n @ApiProperty()\n permissions: string\n\n @ApiProperty()\n owner: string\n\n @ApiProperty()\n group: string\n}\n\n@ApiSchema({ name: 'Match' })\nexport class MatchDto {\n @ApiProperty()\n file: string\n\n @ApiProperty()\n line: number\n\n @ApiProperty()\n content: string\n}\n\n@ApiSchema({ name: 'SearchFilesResponse' })\nexport class SearchFilesResponseDto {\n @ApiProperty({ type: [String] })\n files: string[]\n}\n\n@ApiSchema({ name: 'ReplaceRequest' })\nexport class ReplaceRequestDto {\n @ApiProperty({ type: [String] })\n files: string[]\n\n @ApiProperty()\n pattern: string\n\n @ApiProperty()\n newValue: string\n}\n\n@ApiSchema({ name: 'ReplaceResult' })\nexport class ReplaceResultDto {\n @ApiPropertyOptional()\n file?: string\n\n @ApiPropertyOptional()\n success?: boolean\n\n @ApiPropertyOptional()\n error?: string\n}\n\n@ApiSchema({ name: 'GitAddRequest' })\nexport class GitAddRequestDto {\n @ApiProperty()\n path: string\n\n @ApiProperty({\n type: [String],\n description: 'files to add (use . for all files)',\n })\n files: string[]\n}\n\n@ApiSchema({ name: 'GitBranchRequest' })\nexport class GitBranchRequestDto {\n @ApiProperty()\n path: string\n\n @ApiProperty()\n name: string\n}\n\n@ApiSchema({ name: 'GitDeleteBranchRequest' })\nexport class GitDeleteBranchRequestDto {\n @ApiProperty()\n path: string\n\n @ApiProperty()\n name: string\n}\n\n@ApiSchema({ name: 'GitCloneRequest' })\nexport class GitCloneRequestDto {\n @ApiProperty()\n url: string\n\n @ApiProperty()\n path: string\n\n @ApiPropertyOptional()\n username?: string\n\n @ApiPropertyOptional()\n password?: string\n\n @ApiPropertyOptional()\n branch?: string\n\n @ApiPropertyOptional()\n commit_id?: string\n}\n\n@ApiSchema({ name: 'GitCommitRequest' })\nexport class GitCommitRequestDto {\n @ApiProperty()\n path: string\n\n @ApiProperty()\n message: string\n\n @ApiProperty()\n author: string\n\n @ApiProperty()\n email: string\n\n @ApiPropertyOptional({\n description: 'Allow creating an empty commit when no changes are staged',\n default: false,\n })\n allow_empty?: boolean\n}\n\n@ApiSchema({ name: 'GitCommitResponse' })\nexport class GitCommitResponseDto {\n @ApiProperty()\n hash: string\n}\n\n@ApiSchema({ name: 'GitCheckoutRequest' })\nexport class GitCheckoutRequestDto {\n @ApiProperty()\n path: string\n\n @ApiProperty()\n branch: string\n}\n\n@ApiSchema({ name: 'GitRepoRequest' })\nexport class GitRepoRequestDto {\n @ApiProperty()\n path: string\n\n @ApiPropertyOptional()\n username?: string\n\n @ApiPropertyOptional()\n password?: string\n}\n\n@ApiSchema({ name: 'FileStatus' })\nexport class FileStatusDto {\n @ApiProperty()\n name: string\n\n @ApiProperty()\n staging: string\n\n @ApiProperty()\n worktree: string\n\n @ApiProperty()\n extra: string\n}\n\n@ApiSchema({ name: 'GitStatus' })\nexport class GitStatusDto {\n @ApiProperty()\n currentBranch: string\n\n @ApiProperty({\n type: [FileStatusDto],\n })\n fileStatus: FileStatusDto[]\n\n @ApiPropertyOptional()\n ahead?: number\n\n @ApiPropertyOptional()\n behind?: number\n\n @ApiPropertyOptional()\n branchPublished?: boolean\n}\n\n@ApiSchema({ name: 'ListBranchResponse' })\nexport class ListBranchResponseDto {\n @ApiProperty({ type: [String] })\n branches: string[]\n}\n\n@ApiSchema({ name: 'GitCommitInfo' })\nexport class GitCommitInfoDto {\n @ApiProperty()\n hash: string\n\n @ApiProperty()\n message: string\n\n @ApiProperty()\n author: string\n\n @ApiProperty()\n email: string\n\n @ApiProperty()\n timestamp: string\n}\n\n@ApiSchema({ name: 'ExecuteRequest' })\nexport class ExecuteRequestDto {\n @ApiProperty()\n command: string\n\n @ApiPropertyOptional({\n description: 'Current working directory',\n })\n cwd?: string\n\n @ApiPropertyOptional({\n description: 'Timeout in seconds, defaults to 10 seconds',\n })\n timeout?: number\n}\n\n@ApiSchema({ name: 'ExecuteResponse' })\nexport class ExecuteResponseDto {\n @ApiProperty({\n type: Number,\n description: 'Exit code',\n example: 0,\n })\n exitCode: number\n\n @ApiProperty({\n type: String,\n description: 'Command output',\n example: 'Command output here',\n })\n result: string\n}\n\n@ApiSchema({ name: 'ProjectDirResponse' })\nexport class ProjectDirResponseDto {\n @ApiPropertyOptional()\n dir?: string\n}\n\n@ApiSchema({ name: 'UserHomeDirResponse' })\nexport class UserHomeDirResponseDto {\n @ApiPropertyOptional()\n dir?: string\n}\n\n@ApiSchema({ name: 'WorkDirResponse' })\nexport class WorkDirResponseDto {\n @ApiPropertyOptional()\n dir?: string\n}\n\n@ApiSchema({ name: 'CreateSessionRequest' })\nexport class CreateSessionRequestDto {\n @ApiProperty({\n description: 'The ID of the session',\n example: 'session-123',\n })\n @IsString()\n sessionId: string\n}\n\n@ApiSchema({ name: 'SessionExecuteRequest' })\nexport class SessionExecuteRequestDto {\n @ApiProperty({\n description: 'The command to execute',\n example: 'ls -la',\n })\n @IsString()\n command: string\n\n @ApiPropertyOptional({\n description: 'Whether to execute the command asynchronously',\n example: false,\n })\n @IsBoolean()\n @IsOptional()\n runAsync?: boolean\n\n @ApiPropertyOptional({\n description: 'Deprecated: Use runAsync instead. Whether to execute the command asynchronously',\n example: false,\n deprecated: true,\n })\n @IsBoolean()\n @IsOptional()\n async?: boolean\n\n constructor(partial: Partial) {\n Object.assign(this, partial)\n // Migrate async to runAsync if async is set and runAsync is not set\n if (this.async !== undefined && this.runAsync === undefined) {\n this.runAsync = this.async\n }\n }\n}\n\n@ApiSchema({ name: 'SessionExecuteResponse' })\nexport class SessionExecuteResponseDto {\n @ApiPropertyOptional({\n description: 'The ID of the executed command',\n example: 'cmd-123',\n })\n @IsString()\n @IsOptional()\n cmdId?: string\n\n @ApiPropertyOptional({\n description: 'The output of the executed command marked with stdout and stderr prefixes',\n example: 'total 20\\ndrwxr-xr-x 4 user group 128 Mar 15 10:30 .',\n })\n @IsString()\n @IsOptional()\n output?: string\n\n @ApiPropertyOptional({\n description: 'The exit code of the executed command',\n example: 0,\n })\n @IsOptional()\n exitCode?: number\n}\n\n@ApiSchema({ name: 'Command' })\nexport class CommandDto {\n @ApiProperty({\n description: 'The ID of the command',\n example: 'cmd-123',\n })\n @IsString()\n id: string\n\n @ApiProperty({\n description: 'The command that was executed',\n example: 'ls -la',\n })\n @IsString()\n command: string\n\n @ApiPropertyOptional({\n description: 'The exit code of the command',\n example: 0,\n })\n @IsOptional()\n exitCode?: number\n}\n\n@ApiSchema({ name: 'Session' })\nexport class SessionDto {\n @ApiProperty({\n description: 'The ID of the session',\n example: 'session-123',\n })\n @IsString()\n sessionId: string\n\n @ApiProperty({\n description: 'The list of commands executed in this session',\n type: [CommandDto],\n nullable: true,\n })\n @IsArray()\n @IsOptional()\n commands?: CommandDto[] | null\n}\n\n// Computer Use DTOs\n@ApiSchema({ name: 'MousePosition' })\nexport class MousePositionDto {\n @ApiProperty({\n description: 'The X coordinate of the mouse cursor position',\n example: 100,\n })\n x: number\n\n @ApiProperty({\n description: 'The Y coordinate of the mouse cursor position',\n example: 200,\n })\n y: number\n}\n\n@ApiSchema({ name: 'MouseMoveRequest' })\nexport class MouseMoveRequestDto {\n @ApiProperty({\n description: 'The target X coordinate to move the mouse cursor to',\n example: 150,\n })\n x: number\n\n @ApiProperty({\n description: 'The target Y coordinate to move the mouse cursor to',\n example: 250,\n })\n y: number\n}\n\n@ApiSchema({ name: 'MouseMoveResponse' })\nexport class MouseMoveResponseDto {\n @ApiProperty({\n description: 'The actual X coordinate where the mouse cursor ended up',\n example: 150,\n })\n x: number\n\n @ApiProperty({\n description: 'The actual Y coordinate where the mouse cursor ended up',\n example: 250,\n })\n y: number\n}\n\n@ApiSchema({ name: 'MouseClickRequest' })\nexport class MouseClickRequestDto {\n @ApiProperty({\n description: 'The X coordinate where to perform the mouse click',\n example: 100,\n })\n x: number\n\n @ApiProperty({\n description: 'The Y coordinate where to perform the mouse click',\n example: 200,\n })\n y: number\n\n @ApiPropertyOptional({\n description: 'The mouse button to click (left, right, middle). Defaults to left',\n example: 'left',\n })\n button?: string\n\n @ApiPropertyOptional({\n description: 'Whether to perform a double-click instead of a single click',\n example: false,\n })\n double?: boolean\n}\n\n@ApiSchema({ name: 'MouseClickResponse' })\nexport class MouseClickResponseDto {\n @ApiProperty({\n description: 'The actual X coordinate where the click occurred',\n example: 100,\n })\n x: number\n\n @ApiProperty({\n description: 'The actual Y coordinate where the click occurred',\n example: 200,\n })\n y: number\n}\n\n@ApiSchema({ name: 'MouseDragRequest' })\nexport class MouseDragRequestDto {\n @ApiProperty({\n description: 'The starting X coordinate for the drag operation',\n example: 100,\n })\n startX: number\n\n @ApiProperty({\n description: 'The starting Y coordinate for the drag operation',\n example: 200,\n })\n startY: number\n\n @ApiProperty({\n description: 'The ending X coordinate for the drag operation',\n example: 300,\n })\n endX: number\n\n @ApiProperty({\n description: 'The ending Y coordinate for the drag operation',\n example: 400,\n })\n endY: number\n\n @ApiPropertyOptional({\n description: 'The mouse button to use for dragging (left, right, middle). Defaults to left',\n example: 'left',\n })\n button?: string\n}\n\n@ApiSchema({ name: 'MouseDragResponse' })\nexport class MouseDragResponseDto {\n @ApiProperty({\n description: 'The actual X coordinate where the drag ended',\n example: 300,\n })\n x: number\n\n @ApiProperty({\n description: 'The actual Y coordinate where the drag ended',\n example: 400,\n })\n y: number\n}\n\n@ApiSchema({ name: 'MouseScrollRequest' })\nexport class MouseScrollRequestDto {\n @ApiProperty({\n description: 'The X coordinate where to perform the scroll operation',\n example: 100,\n })\n x: number\n\n @ApiProperty({\n description: 'The Y coordinate where to perform the scroll operation',\n example: 200,\n })\n y: number\n\n @ApiProperty({\n description: 'The scroll direction (up, down)',\n example: 'down',\n })\n direction: string\n\n @ApiPropertyOptional({\n description: 'The number of scroll units to scroll. Defaults to 1',\n example: 3,\n })\n amount?: number\n}\n\n@ApiSchema({ name: 'MouseScrollResponse' })\nexport class MouseScrollResponseDto {\n @ApiProperty({\n description: 'Whether the mouse scroll operation was successful',\n example: true,\n })\n success: boolean\n}\n\n@ApiSchema({ name: 'KeyboardTypeRequest' })\nexport class KeyboardTypeRequestDto {\n @ApiProperty({\n description: 'The text to type using the keyboard',\n example: 'Hello, World!',\n })\n text: string\n\n @ApiPropertyOptional({\n description: 'Delay in milliseconds between keystrokes. Defaults to 0',\n example: 100,\n })\n delay?: number\n}\n\n@ApiSchema({ name: 'KeyboardPressRequest' })\nexport class KeyboardPressRequestDto {\n @ApiProperty({\n description: 'The key to press (e.g., a, b, c, enter, space, etc.)',\n example: 'enter',\n })\n key: string\n\n @ApiPropertyOptional({\n description: 'Array of modifier keys to press along with the main key (ctrl, alt, shift, cmd)',\n type: [String],\n example: ['ctrl', 'shift'],\n })\n modifiers?: string[]\n}\n\n@ApiSchema({ name: 'KeyboardHotkeyRequest' })\nexport class KeyboardHotkeyRequestDto {\n @ApiProperty({\n description: 'The hotkey combination to press (e.g., \"ctrl+c\", \"cmd+v\", \"alt+tab\")',\n example: 'ctrl+c',\n })\n keys: string\n}\n\n@ApiSchema({ name: 'ScreenshotResponse' })\nexport class ScreenshotResponseDto {\n @ApiProperty({\n description: 'Base64 encoded screenshot image data',\n example: 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNkYPhfDwAChwGA60e6kgAAAABJRU5ErkJggg==',\n })\n screenshot: string\n\n @ApiPropertyOptional({\n description: 'The current cursor position when the screenshot was taken',\n example: { x: 500, y: 300 },\n })\n cursorPosition?: { x: number; y: number }\n\n @ApiPropertyOptional({\n description: 'The size of the screenshot data in bytes',\n example: 24576,\n })\n sizeBytes?: number\n}\n\n@ApiSchema({ name: 'RegionScreenshotRequest' })\nexport class RegionScreenshotRequestDto {\n @ApiProperty({\n description: 'The X coordinate of the top-left corner of the region to capture',\n example: 100,\n })\n x: number\n\n @ApiProperty({\n description: 'The Y coordinate of the top-left corner of the region to capture',\n example: 100,\n })\n y: number\n\n @ApiProperty({\n description: 'The width of the region to capture in pixels',\n example: 800,\n })\n width: number\n\n @ApiProperty({\n description: 'The height of the region to capture in pixels',\n example: 600,\n })\n height: number\n}\n\n@ApiSchema({ name: 'RegionScreenshotResponse' })\nexport class RegionScreenshotResponseDto {\n @ApiProperty({\n description: 'Base64 encoded screenshot image data of the specified region',\n example: 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNkYPhfDwAChwGA60e6kgAAAABJRU5ErkJggg==',\n })\n screenshot: string\n\n @ApiPropertyOptional({\n description: 'The current cursor position when the region screenshot was taken',\n example: { x: 500, y: 300 },\n })\n cursorPosition?: { x: number; y: number }\n\n @ApiPropertyOptional({\n description: 'The size of the screenshot data in bytes',\n example: 24576,\n })\n sizeBytes?: number\n}\n\n@ApiSchema({ name: 'CompressedScreenshotResponse' })\nexport class CompressedScreenshotResponseDto {\n @ApiProperty({\n description: 'Base64 encoded compressed screenshot image data',\n example: 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNkYPhfDwAChwGA60e6kgAAAABJRU5ErkJggg==',\n })\n screenshot: string\n\n @ApiPropertyOptional({\n description: 'The current cursor position when the compressed screenshot was taken',\n example: { x: 250, y: 150 },\n })\n cursorPosition?: { x: number; y: number }\n\n @ApiPropertyOptional({\n description: 'The size of the compressed screenshot data in bytes',\n example: 12288,\n })\n sizeBytes?: number\n}\n\n@ApiSchema({ name: 'DisplayInfoResponse' })\nexport class DisplayInfoResponseDto {\n @ApiProperty({\n description: 'Array of display information for all connected displays',\n type: [Object],\n example: [\n {\n id: 0,\n x: 0,\n y: 0,\n width: 1920,\n height: 1080,\n is_active: true,\n },\n ],\n })\n displays: Array<{ id: number; x: number; y: number; width: number; height: number; is_active: boolean }>\n}\n\n@ApiSchema({ name: 'WindowsResponse' })\nexport class WindowsResponseDto {\n @ApiProperty({\n description: 'Array of window information for all visible windows',\n type: [Object],\n example: [\n {\n id: 12345,\n title: 'Terminal',\n },\n ],\n })\n windows: Array<{ id: number; title: string }>\n\n @ApiProperty({\n description: 'The total number of windows found',\n example: 5,\n })\n count: number\n}\n\n// Computer Use Management Response DTOs\n\n@ApiSchema({ name: 'ComputerUseStartResponse' })\nexport class ComputerUseStartResponseDto {\n @ApiProperty({\n description: 'A message indicating the result of starting computer use processes',\n example: 'Computer use processes started successfully',\n })\n message: string\n\n @ApiProperty({\n description: 'Status information about all VNC desktop processes after starting',\n type: Object,\n example: {\n xvfb: { running: true, priority: 100, autoRestart: true, pid: 12345 },\n xfce4: { running: true, priority: 200, autoRestart: true, pid: 12346 },\n x11vnc: { running: true, priority: 300, autoRestart: true, pid: 12347 },\n novnc: { running: true, priority: 400, autoRestart: true, pid: 12348 },\n },\n })\n status: Record\n}\n\n@ApiSchema({ name: 'ComputerUseStopResponse' })\nexport class ComputerUseStopResponseDto {\n @ApiProperty({\n description: 'A message indicating the result of stopping computer use processes',\n example: 'Computer use processes stopped successfully',\n })\n message: string\n\n @ApiProperty({\n description: 'Status information about all VNC desktop processes after stopping',\n type: Object,\n example: {\n xvfb: { running: false, priority: 100, autoRestart: true },\n xfce4: { running: false, priority: 200, autoRestart: true },\n x11vnc: { running: false, priority: 300, autoRestart: true },\n novnc: { running: false, priority: 400, autoRestart: true },\n },\n })\n status: Record\n}\n\n@ApiSchema({ name: 'ComputerUseStatusResponse' })\nexport class ComputerUseStatusResponseDto {\n @ApiProperty({\n description: 'Status of computer use services (active, partial, inactive, error)',\n example: 'active',\n enum: ['active', 'partial', 'inactive', 'error'],\n })\n status: string\n}\n\n@ApiSchema({ name: 'ProcessStatusResponse' })\nexport class ProcessStatusResponseDto {\n @ApiProperty({\n description: 'The name of the VNC process being checked',\n example: 'xfce4',\n })\n processName: string\n\n @ApiProperty({\n description: 'Whether the specified VNC process is currently running',\n example: true,\n })\n running: boolean\n}\n\n@ApiSchema({ name: 'ProcessRestartResponse' })\nexport class ProcessRestartResponseDto {\n @ApiProperty({\n description: 'A message indicating the result of restarting the process',\n example: 'Process xfce4 restarted successfully',\n })\n message: string\n\n @ApiProperty({\n description: 'The name of the VNC process that was restarted',\n example: 'xfce4',\n })\n processName: string\n}\n\n@ApiSchema({ name: 'ProcessLogsResponse' })\nexport class ProcessLogsResponseDto {\n @ApiProperty({\n description: 'The name of the VNC process whose logs were retrieved',\n example: 'novnc',\n })\n processName: string\n\n @ApiProperty({\n description: 'The log output from the specified VNC process',\n example: '2024-01-15 10:30:45 [INFO] NoVNC server started on port 6080',\n })\n logs: string\n}\n\n@ApiSchema({ name: 'ProcessErrorsResponse' })\nexport class ProcessErrorsResponseDto {\n @ApiProperty({\n description: 'The name of the VNC process whose error logs were retrieved',\n example: 'x11vnc',\n })\n processName: string\n\n @ApiProperty({\n description: 'The error log output from the specified VNC process',\n example: '2024-01-15 10:30:45 [ERROR] Failed to bind to port 5901',\n })\n errors: string\n}\n\n// PTY DTOs\n@ApiSchema({ name: 'PtyCreateRequest' })\nexport class PtyCreateRequestDto {\n @ApiProperty({\n description: 'The unique identifier for the PTY session',\n example: 'pty-session-12345',\n })\n id: string\n\n @ApiPropertyOptional({\n description: \"Starting directory for the PTY session, defaults to the sandbox's working directory\",\n example: '/home/user',\n })\n cwd?: string\n\n @ApiPropertyOptional({\n description: 'Environment variables for the PTY session',\n type: Object,\n example: { TERM: 'xterm-256color', PS1: '\\\\u@daytona:\\\\w$ ' },\n })\n envs?: Record\n\n @ApiPropertyOptional({\n description: 'Number of terminal columns',\n example: 80,\n })\n cols?: number\n\n @ApiPropertyOptional({\n description: 'Number of terminal rows',\n example: 24,\n })\n rows?: number\n\n @ApiPropertyOptional({\n description: 'Whether to start the PTY session lazily (only start when first client connects)',\n example: false,\n default: false,\n })\n lazyStart?: boolean\n}\n\n@ApiSchema({ name: 'PtyCreateResponse' })\nexport class PtyCreateResponseDto {\n @ApiProperty({\n description: 'The unique identifier for the created PTY session',\n example: 'pty-session-12345',\n })\n sessionId: string\n}\n\n@ApiSchema({ name: 'PtySessionInfo' })\nexport class PtySessionInfoDto {\n @ApiProperty({\n description: 'The unique identifier for the PTY session',\n example: 'pty-session-12345',\n })\n id: string\n\n @ApiProperty({\n description: \"Starting directory for the PTY session, defaults to the sandbox's working directory\",\n example: '/home/user',\n })\n cwd: string\n\n @ApiProperty({\n description: 'Environment variables for the PTY session',\n type: Object,\n example: { TERM: 'xterm-256color', PS1: '\\\\u@daytona:\\\\w$ ' },\n })\n envs: Record\n\n @ApiProperty({\n description: 'Number of terminal columns',\n example: 80,\n })\n cols: number\n\n @ApiProperty({\n description: 'Number of terminal rows',\n example: 24,\n })\n rows: number\n\n @ApiProperty({\n description: 'When the PTY session was created',\n example: '2024-01-15T10:30:45Z',\n })\n createdAt: string\n\n @ApiProperty({\n description: 'Whether the PTY session is currently active',\n example: true,\n })\n active: boolean\n\n @ApiProperty({\n description: 'Whether the PTY session uses lazy start (only start when first client connects)',\n example: false,\n default: false,\n })\n lazyStart: boolean\n}\n\n@ApiSchema({ name: 'PtyListResponse' })\nexport class PtyListResponseDto {\n @ApiProperty({\n description: 'List of active PTY sessions',\n type: [PtySessionInfoDto],\n })\n sessions: PtySessionInfoDto[]\n}\n\n@ApiSchema({ name: 'PtyResizeRequest' })\nexport class PtyResizeRequestDto {\n @ApiProperty({\n description: 'Number of terminal columns',\n example: 80,\n })\n cols: number\n\n @ApiProperty({\n description: 'Number of terminal rows',\n example: 24,\n })\n rows: number\n}\n" }, { "path": "apps/api/src/sandbox/dto/update-sandbox-network-settings.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { IsOptional, IsString, IsBoolean } from 'class-validator'\nimport { ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'UpdateSandboxNetworkSettings' })\nexport class UpdateSandboxNetworkSettingsDto {\n @ApiPropertyOptional({\n description: 'Whether to block all network access for the sandbox',\n example: false,\n })\n @IsOptional()\n @IsBoolean()\n networkBlockAll?: boolean\n\n @ApiPropertyOptional({\n description: 'Comma-separated list of allowed CIDR network addresses for the sandbox',\n example: '192.168.1.0/16,10.0.0.0/24',\n })\n @IsOptional()\n @IsString()\n networkAllowList?: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/update-sandbox-state.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'\nimport { IsBoolean, IsEnum, IsOptional, IsString } from 'class-validator'\nimport { SandboxState } from '../enums/sandbox-state.enum'\n\nexport class UpdateSandboxStateDto {\n @IsEnum(SandboxState)\n @ApiProperty({\n description: 'The new state for the sandbox',\n enum: SandboxState,\n example: SandboxState.STARTED,\n })\n state: SandboxState\n\n @IsOptional()\n @IsString()\n @ApiPropertyOptional({\n description: 'Optional error message when reporting an error state',\n example: 'Failed to pull snapshot image',\n })\n errorReason?: string\n\n @IsOptional()\n @IsBoolean()\n @ApiPropertyOptional({\n description: 'Whether the sandbox is recoverable',\n example: true,\n })\n recoverable?: boolean\n}\n" }, { "path": "apps/api/src/sandbox/dto/update-snapshot.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsBoolean } from 'class-validator'\n\n@ApiSchema({ name: 'SetSnapshotGeneralStatusDto' })\nexport class SetSnapshotGeneralStatusDto {\n @ApiProperty({\n description: 'Whether the snapshot is general',\n example: true,\n })\n @IsBoolean()\n general: boolean\n}\n" }, { "path": "apps/api/src/sandbox/dto/upload-file.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'UploadFile' })\nexport class UploadFileDto {\n @ApiProperty({ type: 'string', format: 'binary' })\n file: any\n\n @ApiProperty()\n path: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/volume.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'\nimport { IsEnum } from 'class-validator'\nimport { VolumeState } from '../enums/volume-state.enum'\nimport { Volume } from '../entities/volume.entity'\n\nexport class VolumeDto {\n @ApiProperty({\n description: 'Volume ID',\n example: 'vol-12345678',\n })\n id: string\n\n @ApiProperty({\n description: 'Volume name',\n example: 'my-volume',\n })\n name: string\n\n @ApiProperty({\n description: 'Organization ID',\n example: '123e4567-e89b-12d3-a456-426614174000',\n })\n organizationId: string\n\n @ApiProperty({\n description: 'Volume state',\n enum: VolumeState,\n enumName: 'VolumeState',\n example: VolumeState.READY,\n })\n @IsEnum(VolumeState)\n state: VolumeState\n\n @ApiProperty({\n description: 'Creation timestamp',\n example: '2023-01-01T00:00:00.000Z',\n })\n createdAt: string\n\n @ApiProperty({\n description: 'Last update timestamp',\n example: '2023-01-01T00:00:00.000Z',\n })\n updatedAt: string\n\n @ApiPropertyOptional({\n description: 'Last used timestamp',\n example: '2023-01-01T00:00:00.000Z',\n nullable: true,\n })\n lastUsedAt?: string\n\n @ApiProperty({\n description: 'The error reason of the volume',\n example: 'Error processing volume',\n nullable: true,\n })\n errorReason?: string\n\n static fromVolume(volume: Volume): VolumeDto {\n return {\n id: volume.id,\n name: volume.name,\n organizationId: volume.organizationId,\n state: volume.state,\n createdAt: volume.createdAt?.toISOString(),\n updatedAt: volume.updatedAt?.toISOString(),\n lastUsedAt: volume.lastUsedAt?.toISOString(),\n errorReason: volume.errorReason,\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/dto/workspace-port-preview-url.deprecated.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsString } from 'class-validator'\n\n@ApiSchema({ name: 'WorkspacePortPreviewUrl' })\nexport class WorkspacePortPreviewUrlDto {\n @ApiProperty({\n description: 'Preview url',\n example: 'https://123456-mysandbox.runner.com',\n })\n @IsString()\n url: string\n\n @ApiProperty({\n description: 'Access token',\n example: 'ul67qtv-jl6wb9z5o3eii-ljqt9qed6l',\n })\n @IsString()\n token: string\n}\n" }, { "path": "apps/api/src/sandbox/dto/workspace.deprecated.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { SandboxDto } from './sandbox.dto'\nimport { IsEnum, IsOptional } from 'class-validator'\nimport { BackupState as SnapshotState } from '../enums/backup-state.enum'\nimport { Sandbox } from '../entities/sandbox.entity'\n\n@ApiSchema({ name: 'SandboxInfo' })\nexport class SandboxInfoDto {\n @ApiProperty({\n description: 'The creation timestamp of the project',\n example: '2023-10-01T12:00:00Z',\n })\n created: string\n\n @ApiProperty({\n description: 'Deprecated: The name of the sandbox',\n example: 'MySandbox',\n deprecated: true,\n default: '',\n })\n name: string\n\n @ApiPropertyOptional({\n description: 'Additional metadata provided by the provider',\n example: '{\"key\": \"value\"}',\n required: false,\n })\n @IsOptional()\n providerMetadata?: string\n}\n\n@ApiSchema({ name: 'Workspace' })\nexport class WorkspaceDto extends SandboxDto {\n @ApiPropertyOptional({\n description: 'The image used for the workspace',\n example: 'daytonaio/workspace:latest',\n })\n image: string\n\n @ApiPropertyOptional({\n description: 'The state of the snapshot',\n enum: SnapshotState,\n example: Object.values(SnapshotState)[0],\n required: false,\n })\n @IsEnum(SnapshotState)\n snapshotState?: SnapshotState\n\n @ApiPropertyOptional({\n description: 'The creation timestamp of the last snapshot',\n example: '2024-10-01T12:00:00Z',\n required: false,\n })\n snapshotCreatedAt?: string\n\n @ApiPropertyOptional({\n description: 'Additional information about the sandbox',\n type: SandboxInfoDto,\n required: false,\n })\n @IsOptional()\n info?: SandboxInfoDto\n\n constructor() {\n super()\n }\n\n static fromSandbox(sandbox: Sandbox): WorkspaceDto {\n // Send empty string for toolboxProxyUrl as it is not needed in deprecated DTO\n const dto = super.fromSandbox(sandbox, '')\n return this.fromSandboxDto(dto)\n }\n\n static fromSandboxDto(sandboxDto: SandboxDto): WorkspaceDto {\n return {\n ...sandboxDto,\n image: sandboxDto.snapshot,\n snapshotState: sandboxDto.backupState,\n snapshotCreatedAt: sandboxDto.backupCreatedAt,\n info: {\n name: sandboxDto.name,\n created: sandboxDto.createdAt,\n providerMetadata: JSON.stringify({\n state: sandboxDto.state,\n region: sandboxDto.target,\n class: sandboxDto.class,\n updatedAt: sandboxDto.updatedAt,\n lastSnapshot: sandboxDto.backupCreatedAt,\n cpu: sandboxDto.cpu,\n gpu: sandboxDto.gpu,\n memory: sandboxDto.memory,\n disk: sandboxDto.disk,\n autoStopInterval: sandboxDto.autoStopInterval,\n autoArchiveInterval: sandboxDto.autoArchiveInterval,\n daemonVersion: sandboxDto.daemonVersion,\n }),\n },\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/entities/build-info.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Column, CreateDateColumn, Entity, OneToMany, PrimaryColumn, UpdateDateColumn, BeforeInsert } from 'typeorm'\nimport { Snapshot } from './snapshot.entity'\nimport { Sandbox } from './sandbox.entity'\nimport { createHash } from 'crypto'\n\nexport function generateBuildInfoHash(dockerfileContent: string, contextHashes: string[] = []): string {\n const sortedContextHashes = [...contextHashes].sort() || []\n const combined = dockerfileContent + sortedContextHashes.join('')\n const hash = createHash('sha256').update(combined).digest('hex')\n return 'daytona-' + hash + ':daytona'\n}\n\n@Entity()\nexport class BuildInfo {\n @PrimaryColumn()\n snapshotRef: string\n\n @Column({ type: 'text', nullable: true })\n dockerfileContent?: string\n\n @Column('simple-array', { nullable: true })\n contextHashes?: string[]\n\n @OneToMany(() => Snapshot, (snapshot) => snapshot.buildInfo)\n snapshots: Snapshot[]\n\n @OneToMany(() => Sandbox, (sandbox) => sandbox.buildInfo)\n sandboxes: Sandbox[]\n\n @Column({ type: 'timestamp with time zone', default: () => 'CURRENT_TIMESTAMP' })\n lastUsedAt: Date\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n\n @BeforeInsert()\n generateHash() {\n this.snapshotRef = generateBuildInfoHash(this.dockerfileContent, this.contextHashes)\n }\n}\n" }, { "path": "apps/api/src/sandbox/entities/job.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Check,\n Column,\n CreateDateColumn,\n Entity,\n Index,\n PrimaryGeneratedColumn,\n UpdateDateColumn,\n VersionColumn,\n} from 'typeorm'\nimport { JobStatus } from '../enums/job-status.enum'\nimport { JobType } from '../enums/job-type.enum'\nimport { ResourceType } from '../enums/resource-type.enum'\nimport { v4 } from 'uuid'\n\n@Entity()\n@Index(['runnerId', 'status'])\n@Index(['status', 'createdAt'])\n@Index(['resourceType', 'resourceId'])\n@Index('IDX_UNIQUE_INCOMPLETE_JOB', ['resourceType', 'resourceId', 'runnerId'], {\n unique: true,\n where: '\"completedAt\" IS NULL',\n})\n// FIXME: Add this once https://github.com/typeorm/typeorm/issues/11714 is resolved\n// @Check(\n// 'VALIDATE_JOB_TYPE',\n// `\"type\" IN (${Object.values(JobType)\n// .map((v) => `'${v}'`)\n// .join(', ')})`,\n// )\nexport class Job {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @VersionColumn()\n version: number\n\n @Column({\n type: 'character varying',\n })\n type: JobType\n\n @Column({\n type: 'enum',\n enum: JobStatus,\n default: JobStatus.PENDING,\n })\n status: JobStatus\n\n @Column()\n runnerId: string\n\n @Column({\n type: 'enum',\n enum: ResourceType,\n })\n resourceType: ResourceType\n\n @Column()\n resourceId: string\n\n @Column({\n nullable: true,\n })\n payload: string | null\n\n @Column({\n nullable: true,\n })\n resultMetadata: string | null\n\n @Column({\n type: 'jsonb',\n nullable: true,\n })\n traceContext: Record | null\n\n @Column({\n nullable: true,\n type: 'text',\n })\n errorMessage: string | null\n\n @Column({\n nullable: true,\n type: 'timestamp with time zone',\n })\n startedAt: Date | null\n\n @Column({\n nullable: true,\n type: 'timestamp with time zone',\n })\n completedAt: Date | null\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n\n constructor(params: {\n id?: string\n type: JobType\n status?: JobStatus\n runnerId: string\n resourceType: ResourceType\n resourceId: string\n payload?: string | null\n traceContext?: Record | null\n errorMessage?: string | null\n startedAt?: Date | null\n completedAt?: Date | null\n }) {\n this.id = params.id || v4()\n this.version = 1\n this.type = params.type\n this.status = params.status || JobStatus.PENDING\n this.runnerId = params.runnerId\n this.resourceType = params.resourceType\n this.resourceId = params.resourceId\n this.payload = params.payload || null\n this.traceContext = params.traceContext || null\n this.errorMessage = params.errorMessage || null\n this.startedAt = params.startedAt || null\n this.completedAt = params.completedAt || null\n this.createdAt = new Date()\n this.updatedAt = new Date()\n }\n\n getResultMetadata(): Record | null {\n if (!this.resultMetadata) {\n return null\n }\n\n try {\n return JSON.parse(this.resultMetadata)\n } catch {\n return null\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/entities/runner.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Column, CreateDateColumn, Entity, Index, PrimaryGeneratedColumn, Unique, UpdateDateColumn } from 'typeorm'\nimport { SandboxClass } from '../enums/sandbox-class.enum'\nimport { RunnerState } from '../enums/runner-state.enum'\nimport { RunnerServiceInfo } from '../common/runner-service-info'\n\n@Entity()\n@Unique(['region', 'name'])\n@Index(['state', 'unschedulable', 'region'])\nexport class Runner {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @Column({\n nullable: true,\n })\n domain: string | null\n\n @Column({\n nullable: true,\n })\n apiUrl: string | null\n\n @Column({\n nullable: true,\n })\n proxyUrl: string | null\n\n @Column()\n apiKey: string\n\n @Column({\n type: 'float',\n default: 0,\n })\n cpu: number\n\n @Column({\n type: 'float',\n default: 0,\n })\n memoryGiB: number\n\n @Column({\n type: 'float',\n default: 0,\n })\n diskGiB: number\n\n @Column({\n nullable: true,\n })\n gpu: number | null\n\n @Column({\n nullable: true,\n })\n gpuType: string | null\n\n @Column({\n type: 'enum',\n enum: SandboxClass,\n default: SandboxClass.SMALL,\n })\n class: SandboxClass\n\n @Column({\n type: 'float',\n default: 0,\n })\n currentCpuLoadAverage: number\n\n @Column({\n type: 'float',\n default: 0,\n })\n currentCpuUsagePercentage: number\n\n @Column({\n type: 'float',\n default: 0,\n })\n currentMemoryUsagePercentage: number\n\n @Column({\n type: 'float',\n default: 0,\n })\n currentDiskUsagePercentage: number\n\n @Column({\n type: 'float',\n default: 0,\n })\n currentAllocatedCpu: number\n\n @Column({\n type: 'float',\n default: 0,\n })\n currentAllocatedMemoryGiB: number\n\n @Column({\n type: 'float',\n default: 0,\n })\n currentAllocatedDiskGiB: number\n\n @Column({\n default: 0,\n })\n currentSnapshotCount: number\n\n @Column({\n default: 0,\n })\n currentStartedSandboxes: number\n\n @Column({\n default: 0,\n })\n availabilityScore: number\n\n @Column()\n region: string\n\n @Column()\n name: string\n\n @Column({\n type: 'enum',\n enum: RunnerState,\n default: RunnerState.INITIALIZING,\n })\n state: RunnerState\n\n @Column({\n default: 'v0.0.0-dev',\n nullable: true,\n })\n appVersion: string | null\n\n @Column({\n default: '0',\n })\n apiVersion: string\n\n @Column({\n nullable: true,\n type: 'timestamp with time zone',\n })\n lastChecked: Date\n\n @Column({\n default: false,\n })\n unschedulable: boolean\n\n @Column({\n default: false,\n })\n draining: boolean\n\n @Column({\n type: 'jsonb',\n nullable: true,\n default: null,\n })\n serviceHealth: RunnerServiceInfo[] | null\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n\n constructor(params: {\n region: string\n name: string\n apiKey: string\n apiVersion: string\n cpu?: number\n memoryGiB?: number\n diskGiB?: number\n domain?: string | null\n apiUrl?: string\n proxyUrl?: string\n appVersion?: string | null\n }) {\n this.region = params.region\n this.name = params.name\n this.apiKey = params.apiKey\n this.cpu = params.cpu ?? 0\n this.memoryGiB = params.memoryGiB ?? 0\n this.diskGiB = params.diskGiB ?? 0\n this.domain = params.domain ?? null\n this.apiUrl = params.apiUrl\n this.proxyUrl = params.proxyUrl\n this.class = SandboxClass.SMALL\n this.apiVersion = params.apiVersion\n this.appVersion = params.appVersion ?? null\n this.gpu = null\n this.gpuType = null\n\n if (this.apiVersion === '0') {\n if (!this.apiUrl) {\n throw new Error('API URL is required for runner version 0')\n }\n if (!this.proxyUrl) {\n this.proxyUrl = this.apiUrl\n }\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/entities/sandbox.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Column,\n CreateDateColumn,\n Entity,\n Index,\n JoinColumn,\n ManyToOne,\n PrimaryGeneratedColumn,\n Unique,\n UpdateDateColumn,\n} from 'typeorm'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { SandboxDesiredState } from '../enums/sandbox-desired-state.enum'\nimport { SandboxClass } from '../enums/sandbox-class.enum'\nimport { BackupState } from '../enums/backup-state.enum'\nimport { v4 as uuidv4 } from 'uuid'\nimport { SandboxVolume } from '../dto/sandbox.dto'\nimport { BuildInfo } from './build-info.entity'\nimport { nanoid } from 'nanoid'\n\n@Entity()\n@Unique(['organizationId', 'name'])\n@Index('sandbox_state_idx', ['state'])\n@Index('sandbox_desiredstate_idx', ['desiredState'])\n@Index('sandbox_snapshot_idx', ['snapshot'])\n@Index('sandbox_runnerid_idx', ['runnerId'])\n@Index('sandbox_runner_state_idx', ['runnerId', 'state'])\n@Index('sandbox_organizationid_idx', ['organizationId'])\n@Index('sandbox_region_idx', ['region'])\n@Index('sandbox_resources_idx', ['cpu', 'mem', 'disk', 'gpu'])\n@Index('sandbox_backupstate_idx', ['backupState'])\n@Index('sandbox_runner_state_desired_idx', ['runnerId', 'state', 'desiredState'], {\n where: '\"pending\" = false',\n})\n@Index('sandbox_active_only_idx', ['id'], {\n where: `\"state\" <> ALL (ARRAY['destroyed'::sandbox_state_enum, 'archived'::sandbox_state_enum])`,\n})\n@Index('sandbox_pending_idx', ['id'], {\n where: `\"pending\" = true`,\n})\n@Index('idx_sandbox_authtoken', ['authToken'])\n@Index('sandbox_labels_gin_full_idx', { synchronize: false })\nexport class Sandbox {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @Column({\n type: 'uuid',\n })\n organizationId: string\n\n @Column()\n name: string\n\n @Column()\n region: string\n\n @Column({\n type: 'uuid',\n nullable: true,\n })\n runnerId?: string\n\n // this is the runnerId of the runner that was previously assigned to the sandbox\n // if something goes wrong with new runner assignment, we can revert to the previous runner\n @Column({\n type: 'uuid',\n nullable: true,\n })\n prevRunnerId?: string\n\n @Column({\n type: 'enum',\n enum: SandboxClass,\n default: SandboxClass.SMALL,\n })\n class = SandboxClass.SMALL\n\n @Column({\n type: 'enum',\n enum: SandboxState,\n default: SandboxState.UNKNOWN,\n })\n state = SandboxState.UNKNOWN\n\n @Column({\n type: 'enum',\n enum: SandboxDesiredState,\n default: SandboxDesiredState.STARTED,\n })\n desiredState = SandboxDesiredState.STARTED\n\n @Column({ nullable: true })\n snapshot?: string\n\n @Column()\n osUser: string\n\n @Column({ nullable: true })\n errorReason?: string\n\n @Column({ default: false, type: 'boolean' })\n recoverable = false\n\n @Column({\n type: 'jsonb',\n default: {},\n })\n env: { [key: string]: string } = {}\n\n @Column({ default: false, type: 'boolean' })\n public = false\n\n @Column({ default: false, type: 'boolean' })\n networkBlockAll = false\n\n @Column({ nullable: true })\n networkAllowList?: string\n\n @Column('jsonb', { nullable: true })\n labels: { [key: string]: string }\n\n @Column({ nullable: true })\n backupRegistryId: string | null\n\n @Column({ nullable: true })\n backupSnapshot: string | null\n\n @Column({ nullable: true, type: 'timestamp with time zone' })\n lastBackupAt: Date | null\n\n @Column({\n type: 'enum',\n enum: BackupState,\n default: BackupState.NONE,\n })\n backupState = BackupState.NONE\n\n @Column({\n type: 'text',\n nullable: true,\n })\n backupErrorReason: string | null\n\n @Column({\n type: 'jsonb',\n default: [],\n })\n existingBackupSnapshots: Array<{\n snapshotName: string\n createdAt: Date\n }> = []\n\n @Column({ type: 'int', default: 2 })\n cpu = 2\n\n @Column({ type: 'int', default: 0 })\n gpu = 0\n\n @Column({ type: 'int', default: 4 })\n mem = 4\n\n @Column({ type: 'int', default: 10 })\n disk = 10\n\n @Column({\n type: 'jsonb',\n default: [],\n })\n volumes: SandboxVolume[] = []\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n\n @Column({ nullable: true, type: 'timestamp with time zone' })\n lastActivityAt?: Date\n\n // this is the interval in minutes after which the sandbox will be stopped if lastActivityAt is not updated\n // if set to 0, auto stop will be disabled\n @Column({ default: 15, type: 'int' })\n autoStopInterval: number | undefined = 15\n\n // this is the interval in minutes after which a continuously stopped workspace will be automatically archived\n @Column({ default: 7 * 24 * 60, type: 'int' })\n autoArchiveInterval: number | undefined = 7 * 24 * 60\n\n // this is the interval in minutes after which a continuously stopped workspace will be automatically deleted\n // if set to negative value, auto delete will be disabled\n // if set to 0, sandbox will be immediately deleted upon stopping\n @Column({ default: -1, type: 'int' })\n autoDeleteInterval: number | undefined = -1\n\n @Column({ default: false, type: 'boolean' })\n pending: boolean | undefined = false\n\n @Column({ default: () => 'MD5(random()::text)', type: 'text' })\n authToken = nanoid(32).toLocaleLowerCase()\n\n @ManyToOne(() => BuildInfo, (buildInfo) => buildInfo.sandboxes, {\n nullable: true,\n })\n @JoinColumn()\n buildInfo?: BuildInfo\n\n @Column({ nullable: true })\n daemonVersion?: string\n\n constructor(region: string, name?: string) {\n this.id = uuidv4()\n // Set name - use provided name or fallback to ID\n this.name = name || this.id\n this.region = region\n }\n\n /**\n * Helper method that returns the update data needed for a backup state update.\n */\n static getBackupStateUpdate(\n sandbox: Sandbox,\n backupState: BackupState,\n backupSnapshot?: string | null,\n backupRegistryId?: string | null,\n backupErrorReason?: string | null,\n ): Partial {\n const update: Partial = {\n backupState,\n }\n switch (backupState) {\n case BackupState.NONE:\n update.backupSnapshot = null\n break\n case BackupState.COMPLETED: {\n const now = new Date()\n update.lastBackupAt = now\n update.existingBackupSnapshots = [\n ...sandbox.existingBackupSnapshots,\n {\n snapshotName: sandbox.backupSnapshot,\n createdAt: now,\n },\n ]\n update.backupErrorReason = null\n break\n }\n }\n if (backupSnapshot !== undefined) {\n update.backupSnapshot = backupSnapshot\n }\n if (backupRegistryId !== undefined) {\n update.backupRegistryId = backupRegistryId\n }\n if (backupErrorReason !== undefined) {\n update.backupErrorReason = backupErrorReason\n }\n return update\n }\n\n /**\n * Helper method that returns the update data needed for a soft delete operation.\n */\n static getSoftDeleteUpdate(sandbox: Sandbox): Partial {\n return {\n pending: true,\n desiredState: SandboxDesiredState.DESTROYED,\n backupState: BackupState.NONE,\n name: 'DESTROYED_' + sandbox.name + '_' + Date.now(),\n }\n }\n\n /**\n * Asserts that the current entity state is valid.\n */\n assertValid(): void {\n this.validateDesiredStateTransition()\n }\n\n private validateDesiredStateTransition(): void {\n switch (this.desiredState) {\n case SandboxDesiredState.STARTED:\n if (\n [\n SandboxState.STARTED,\n SandboxState.STOPPED,\n SandboxState.STARTING,\n SandboxState.ARCHIVED,\n SandboxState.CREATING,\n SandboxState.UNKNOWN,\n SandboxState.RESTORING,\n SandboxState.PENDING_BUILD,\n SandboxState.BUILDING_SNAPSHOT,\n SandboxState.PULLING_SNAPSHOT,\n SandboxState.ARCHIVING,\n SandboxState.ERROR,\n SandboxState.BUILD_FAILED,\n SandboxState.RESIZING,\n ].includes(this.state)\n ) {\n break\n }\n throw new Error(`Sandbox ${this.id} is not in a valid state to be started. State: ${this.state}`)\n case SandboxDesiredState.STOPPED:\n if (\n [\n SandboxState.STARTED,\n SandboxState.STOPPING,\n SandboxState.STOPPED,\n SandboxState.ERROR,\n SandboxState.BUILD_FAILED,\n SandboxState.RESIZING,\n ].includes(this.state)\n ) {\n break\n }\n throw new Error(`Sandbox ${this.id} is not in a valid state to be stopped. State: ${this.state}`)\n case SandboxDesiredState.ARCHIVED:\n if (\n [\n SandboxState.ARCHIVED,\n SandboxState.ARCHIVING,\n SandboxState.STOPPED,\n SandboxState.ERROR,\n SandboxState.BUILD_FAILED,\n ].includes(this.state)\n ) {\n break\n }\n throw new Error(`Sandbox ${this.id} is not in a valid state to be archived. State: ${this.state}`)\n case SandboxDesiredState.DESTROYED:\n if (\n [\n SandboxState.DESTROYED,\n SandboxState.DESTROYING,\n SandboxState.STOPPED,\n SandboxState.STARTED,\n SandboxState.ARCHIVED,\n SandboxState.ERROR,\n SandboxState.BUILD_FAILED,\n SandboxState.ARCHIVING,\n SandboxState.PENDING_BUILD,\n ].includes(this.state)\n ) {\n break\n }\n throw new Error(`Sandbox ${this.id} is not in a valid state to be destroyed. State: ${this.state}`)\n }\n }\n\n /**\n * Enforces domain invariants on the current entity state.\n *\n * @returns Additional field changes that invariant enforcement produced.\n */\n enforceInvariants(): Partial {\n const changes = this.getInvariantChanges()\n Object.assign(this, changes)\n return changes\n }\n\n private getInvariantChanges(): Partial {\n const changes: Partial = {}\n\n if (!this.pending && String(this.state) !== String(this.desiredState)) {\n changes.pending = true\n }\n if (this.pending && String(this.state) === String(this.desiredState)) {\n changes.pending = false\n }\n if (\n this.state === SandboxState.ERROR ||\n this.state === SandboxState.BUILD_FAILED ||\n this.desiredState === SandboxDesiredState.ARCHIVED\n ) {\n changes.pending = false\n }\n\n if (this.state === SandboxState.DESTROYED || this.state === SandboxState.ARCHIVED) {\n changes.runnerId = null\n }\n\n if (this.state === SandboxState.DESTROYED) {\n changes.backupState = BackupState.NONE\n }\n\n return changes\n }\n}\n" }, { "path": "apps/api/src/sandbox/entities/snapshot-region.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { CreateDateColumn, Entity, JoinColumn, ManyToOne, PrimaryColumn, UpdateDateColumn } from 'typeorm'\nimport { Snapshot } from './snapshot.entity'\nimport { Region } from '../../region/entities/region.entity'\n\n@Entity()\nexport class SnapshotRegion {\n @PrimaryColumn('uuid')\n snapshotId: string\n\n @PrimaryColumn()\n regionId: string\n\n @ManyToOne(() => Snapshot, (snapshot) => snapshot.snapshotRegions, {\n onDelete: 'CASCADE',\n })\n @JoinColumn({ name: 'snapshotId' })\n snapshot: Snapshot\n\n @ManyToOne(() => Region, {\n onDelete: 'CASCADE',\n })\n @JoinColumn({ name: 'regionId' })\n region: Region\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n}\n" }, { "path": "apps/api/src/sandbox/entities/snapshot-runner.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Column, CreateDateColumn, Entity, Index, PrimaryGeneratedColumn, UpdateDateColumn } from 'typeorm'\nimport { SnapshotRunnerState } from '../enums/snapshot-runner-state.enum'\n\n@Entity()\n@Index('snapshot_runner_snapshotref_idx', ['snapshotRef'])\n@Index('snapshot_runner_runnerid_snapshotref_idx', ['runnerId', 'snapshotRef'])\n@Index('snapshot_runner_runnerid_idx', ['runnerId'])\n@Index('snapshot_runner_state_idx', ['state'])\nexport class SnapshotRunner {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @Column({\n type: 'enum',\n enum: SnapshotRunnerState,\n default: SnapshotRunnerState.PULLING_SNAPSHOT,\n })\n state: SnapshotRunnerState\n\n @Column({ nullable: true })\n errorReason?: string\n\n @Column({\n // todo: remove default\n default: '',\n })\n snapshotRef: string\n\n @Column()\n runnerId: string\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n}\n" }, { "path": "apps/api/src/sandbox/entities/snapshot.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Column,\n CreateDateColumn,\n Entity,\n Index,\n JoinColumn,\n ManyToOne,\n OneToMany,\n PrimaryGeneratedColumn,\n Unique,\n UpdateDateColumn,\n} from 'typeorm'\nimport { SnapshotRunner } from './snapshot-runner.entity'\nimport { SnapshotState } from '../enums/snapshot-state.enum'\nimport { BuildInfo } from './build-info.entity'\nimport { SnapshotRegion } from './snapshot-region.entity'\n\n@Entity()\n@Unique(['organizationId', 'name'])\n@Index('snapshot_name_idx', ['name'])\n@Index('snapshot_state_idx', ['state'])\nexport class Snapshot {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @Column({\n nullable: true,\n type: 'uuid',\n })\n organizationId?: string\n\n // general snapshot is available to all organizations\n @Column({\n type: 'boolean',\n default: false,\n })\n general = false\n\n @Column()\n name: string\n\n @Column()\n imageName: string\n\n @Column({ nullable: true })\n ref?: string\n\n @Column({\n type: 'enum',\n enum: SnapshotState,\n default: SnapshotState.PENDING,\n })\n state = SnapshotState.PENDING\n\n @Column({ nullable: true })\n errorReason?: string\n\n @Column({ type: 'float', nullable: true })\n size?: number\n\n @Column({ type: 'int', default: 1 })\n cpu = 1\n\n @Column({ type: 'int', default: 0 })\n gpu = 0\n\n @Column({ type: 'int', default: 1 })\n mem = 1\n\n @Column({ type: 'int', default: 3 })\n disk = 3\n\n @Column({ type: 'boolean', default: false })\n hideFromUsers = false\n\n @OneToMany(() => SnapshotRunner, (runner) => runner.snapshotRef)\n runners: SnapshotRunner[]\n\n @Column({ array: true, type: 'text', nullable: true })\n entrypoint?: string[]\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n\n @Column({ nullable: true })\n lastUsedAt?: Date\n\n @ManyToOne(() => BuildInfo, (buildInfo) => buildInfo.snapshots, {\n nullable: true,\n eager: true,\n })\n @JoinColumn()\n buildInfo?: BuildInfo\n\n @Column({ nullable: true })\n initialRunnerId?: string\n\n @OneToMany(() => SnapshotRegion, (snapshotRegion) => snapshotRegion.snapshot, {\n cascade: true,\n onDelete: 'CASCADE',\n })\n snapshotRegions: SnapshotRegion[]\n}\n" }, { "path": "apps/api/src/sandbox/entities/ssh-access.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Column,\n CreateDateColumn,\n Entity,\n Generated,\n JoinColumn,\n ManyToOne,\n PrimaryColumn,\n UpdateDateColumn,\n} from 'typeorm'\nimport { Sandbox } from './sandbox.entity'\n\n@Entity()\nexport class SshAccess {\n @PrimaryColumn()\n @Generated('uuid')\n id: string\n\n @Column({\n type: 'uuid',\n })\n sandboxId: string\n\n @Column({\n type: 'text',\n })\n token: string\n\n @Column({\n type: 'timestamp',\n })\n expiresAt: Date\n\n @CreateDateColumn()\n createdAt: Date\n\n @UpdateDateColumn()\n updatedAt: Date\n\n @ManyToOne(() => Sandbox, { onDelete: 'CASCADE' })\n @JoinColumn({ name: 'sandboxId' })\n sandbox: Sandbox\n}\n" }, { "path": "apps/api/src/sandbox/entities/volume.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Column, CreateDateColumn, Entity, PrimaryGeneratedColumn, Unique, UpdateDateColumn } from 'typeorm'\nimport { VolumeState } from '../enums/volume-state.enum'\n\n@Entity()\n@Unique(['organizationId', 'name'])\nexport class Volume {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @Column({\n nullable: true,\n type: 'uuid',\n })\n organizationId?: string\n\n @Column()\n name: string\n\n @Column({\n type: 'enum',\n enum: VolumeState,\n default: VolumeState.PENDING_CREATE,\n })\n state: VolumeState\n\n @Column({ nullable: true })\n errorReason?: string\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n\n @Column({ nullable: true })\n lastUsedAt?: Date\n\n public getBucketName(): string {\n return `daytona-volume-${this.id}`\n }\n}\n" }, { "path": "apps/api/src/sandbox/entities/warm-pool.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Column, CreateDateColumn, Entity, Index, PrimaryGeneratedColumn, UpdateDateColumn } from 'typeorm'\nimport { SandboxClass } from '../enums/sandbox-class.enum'\n\n@Entity()\n@Index('warm_pool_find_idx', ['snapshot', 'target', 'class', 'cpu', 'mem', 'disk', 'gpu', 'osUser', 'env'])\nexport class WarmPool {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @Column()\n pool: number\n\n @Column()\n snapshot: string\n\n @Column()\n target: string\n\n @Column()\n cpu: number\n\n @Column()\n mem: number\n\n @Column()\n disk: number\n\n @Column()\n gpu: number\n\n @Column()\n gpuType: string\n\n @Column({\n type: 'enum',\n enum: SandboxClass,\n default: SandboxClass.SMALL,\n })\n class: SandboxClass\n\n @Column()\n osUser: string\n\n @Column({ nullable: true })\n errorReason?: string\n\n @Column({\n type: 'simple-json',\n default: {},\n })\n env: { [key: string]: string }\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n}\n" }, { "path": "apps/api/src/sandbox/enums/backup-state.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum BackupState {\n NONE = 'None',\n PENDING = 'Pending',\n IN_PROGRESS = 'InProgress',\n COMPLETED = 'Completed',\n ERROR = 'Error',\n}\n" }, { "path": "apps/api/src/sandbox/enums/job-status.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum JobStatus {\n PENDING = 'PENDING',\n IN_PROGRESS = 'IN_PROGRESS',\n COMPLETED = 'COMPLETED',\n FAILED = 'FAILED',\n}\n" }, { "path": "apps/api/src/sandbox/enums/job-type.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum JobType {\n CREATE_SANDBOX = 'CREATE_SANDBOX',\n START_SANDBOX = 'START_SANDBOX',\n STOP_SANDBOX = 'STOP_SANDBOX',\n DESTROY_SANDBOX = 'DESTROY_SANDBOX',\n RESIZE_SANDBOX = 'RESIZE_SANDBOX',\n CREATE_BACKUP = 'CREATE_BACKUP',\n BUILD_SNAPSHOT = 'BUILD_SNAPSHOT',\n PULL_SNAPSHOT = 'PULL_SNAPSHOT',\n RECOVER_SANDBOX = 'RECOVER_SANDBOX',\n INSPECT_SNAPSHOT_IN_REGISTRY = 'INSPECT_SNAPSHOT_IN_REGISTRY',\n REMOVE_SNAPSHOT = 'REMOVE_SNAPSHOT',\n UPDATE_SANDBOX_NETWORK_SETTINGS = 'UPDATE_SANDBOX_NETWORK_SETTINGS',\n}\n" }, { "path": "apps/api/src/sandbox/enums/resource-type.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum ResourceType {\n SANDBOX = 'SANDBOX',\n SNAPSHOT = 'SNAPSHOT',\n BACKUP = 'BACKUP',\n}\n" }, { "path": "apps/api/src/sandbox/enums/runner-state.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum RunnerState {\n INITIALIZING = 'initializing',\n READY = 'ready',\n DISABLED = 'disabled',\n DECOMMISSIONED = 'decommissioned',\n UNRESPONSIVE = 'unresponsive',\n}\n" }, { "path": "apps/api/src/sandbox/enums/sandbox-class.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum SandboxClass {\n SMALL = 'small',\n MEDIUM = 'medium',\n LARGE = 'large',\n}\n\nexport const SandboxClassData = {\n [SandboxClass.SMALL]: {\n cpu: 4,\n memory: 8,\n disk: 30,\n },\n [SandboxClass.MEDIUM]: {\n cpu: 8,\n memory: 16,\n disk: 60,\n },\n [SandboxClass.LARGE]: {\n cpu: 12,\n memory: 24,\n disk: 90,\n },\n}\n" }, { "path": "apps/api/src/sandbox/enums/sandbox-desired-state.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum SandboxDesiredState {\n DESTROYED = 'destroyed',\n STARTED = 'started',\n STOPPED = 'stopped',\n RESIZED = 'resized',\n ARCHIVED = 'archived',\n}\n" }, { "path": "apps/api/src/sandbox/enums/sandbox-state.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum SandboxState {\n CREATING = 'creating',\n RESTORING = 'restoring',\n DESTROYED = 'destroyed',\n DESTROYING = 'destroying',\n STARTED = 'started',\n STOPPED = 'stopped',\n STARTING = 'starting',\n STOPPING = 'stopping',\n ERROR = 'error',\n BUILD_FAILED = 'build_failed',\n PENDING_BUILD = 'pending_build',\n BUILDING_SNAPSHOT = 'building_snapshot',\n UNKNOWN = 'unknown',\n PULLING_SNAPSHOT = 'pulling_snapshot',\n ARCHIVED = 'archived',\n ARCHIVING = 'archiving',\n RESIZING = 'resizing',\n}\n" }, { "path": "apps/api/src/sandbox/enums/snapshot-runner-state.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum SnapshotRunnerState {\n PULLING_SNAPSHOT = 'pulling_snapshot',\n BUILDING_SNAPSHOT = 'building_snapshot',\n READY = 'ready',\n ERROR = 'error',\n REMOVING = 'removing',\n}\n" }, { "path": "apps/api/src/sandbox/enums/snapshot-state.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum SnapshotState {\n BUILDING = 'building',\n PENDING = 'pending',\n PULLING = 'pulling',\n ACTIVE = 'active',\n INACTIVE = 'inactive',\n ERROR = 'error',\n BUILD_FAILED = 'build_failed',\n REMOVING = 'removing',\n}\n" }, { "path": "apps/api/src/sandbox/enums/volume-state.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum VolumeState {\n CREATING = 'creating',\n READY = 'ready',\n PENDING_CREATE = 'pending_create',\n PENDING_DELETE = 'pending_delete',\n DELETING = 'deleting',\n DELETED = 'deleted',\n ERROR = 'error',\n}\n" }, { "path": "apps/api/src/sandbox/errors/runner-api-error.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport class RunnerApiError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n public readonly code?: string,\n ) {\n super(message)\n this.name = 'RunnerApiError'\n }\n}\n" }, { "path": "apps/api/src/sandbox/errors/runner-not-ready.error.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport class RunnerNotReadyError extends Error {\n constructor(message: string) {\n super(message)\n this.name = 'RunnerNotReadyError'\n }\n}\n" }, { "path": "apps/api/src/sandbox/errors/snapshot-state-error.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport class SnapshotStateError extends Error {\n constructor(public readonly errorReason: string) {\n super(errorReason)\n this.name = 'SnapshotStateError'\n }\n}\n" }, { "path": "apps/api/src/sandbox/events/runner-created.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Runner } from '../entities/runner.entity'\n\nexport class RunnerCreatedEvent {\n constructor(public readonly runner: Runner) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/runner-deleted.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { EntityManager } from 'typeorm/entity-manager/EntityManager.js'\n\nexport class RunnerDeletedEvent {\n constructor(\n public readonly entityManager: EntityManager,\n public readonly runnerId: string,\n ) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/runner-state-updated.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Runner } from '../entities/runner.entity'\nimport { RunnerState } from '../enums/runner-state.enum'\n\nexport class RunnerStateUpdatedEvent {\n constructor(\n public readonly runner: Runner,\n public readonly oldState: RunnerState,\n public readonly newState: RunnerState,\n ) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/runner-unschedulable-updated.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Runner } from '../entities/runner.entity'\n\nexport class RunnerUnschedulableUpdatedEvent {\n constructor(\n public readonly runner: Runner,\n public readonly oldUnschedulable: boolean,\n public readonly newUnschedulable: boolean,\n ) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/sandbox-archived.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Sandbox } from '../entities/sandbox.entity'\n\nexport class SandboxArchivedEvent {\n constructor(public readonly sandbox: Sandbox) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/sandbox-backup-created.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Sandbox } from '../entities/sandbox.entity'\n\nexport class SandboxBackupCreatedEvent {\n constructor(public readonly sandbox: Sandbox) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/sandbox-create.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Sandbox } from '../entities/sandbox.entity'\n\nexport class SandboxCreatedEvent {\n constructor(public readonly sandbox: Sandbox) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/sandbox-desired-state-updated.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { SandboxDesiredState } from '../enums/sandbox-desired-state.enum'\n\nexport class SandboxDesiredStateUpdatedEvent {\n constructor(\n public readonly sandbox: Sandbox,\n public readonly oldDesiredState: SandboxDesiredState,\n public readonly newDesiredState: SandboxDesiredState,\n ) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/sandbox-destroyed.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Sandbox } from '../entities/sandbox.entity'\n\nexport class SandboxDestroyedEvent {\n constructor(public readonly sandbox: Sandbox) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/sandbox-organization-updated.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Sandbox } from '../entities/sandbox.entity'\n\nexport class SandboxOrganizationUpdatedEvent {\n constructor(\n public readonly sandbox: Sandbox,\n public readonly oldOrganizationId: string,\n public readonly newOrganizationId: string,\n ) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/sandbox-public-status-updated.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Sandbox } from '../entities/sandbox.entity'\n\nexport class SandboxPublicStatusUpdatedEvent {\n constructor(\n public readonly sandbox: Sandbox,\n public readonly oldStatus: boolean,\n public readonly newStatus: boolean,\n ) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/sandbox-started.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Sandbox } from '../entities/sandbox.entity'\n\nexport class SandboxStartedEvent {\n constructor(public readonly sandbox: Sandbox) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/sandbox-state-updated.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { SandboxState } from '../enums/sandbox-state.enum'\n\nexport class SandboxStateUpdatedEvent {\n constructor(\n public readonly sandbox: Sandbox,\n public readonly oldState: SandboxState,\n public readonly newState: SandboxState,\n ) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/sandbox-stopped.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Sandbox } from '../entities/sandbox.entity'\n\nexport class SandboxStoppedEvent {\n constructor(public readonly sandbox: Sandbox) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/snapshot-activated.event.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Snapshot } from '../entities/snapshot.entity'\n\nexport class SnapshotActivatedEvent {\n constructor(public readonly snapshot: Snapshot) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/snapshot-created.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Snapshot } from '../entities/snapshot.entity'\n\nexport class SnapshotCreatedEvent {\n constructor(public readonly snapshot: Snapshot) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/snapshot-removed.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Snapshot } from '../entities/snapshot.entity'\n\nexport class SnapshotRemovedEvent {\n constructor(public readonly snapshot: Snapshot) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/snapshot-state-updated.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Snapshot } from '../entities/snapshot.entity'\nimport { SnapshotState } from '../enums/snapshot-state.enum'\n\nexport class SnapshotStateUpdatedEvent {\n constructor(\n public readonly snapshot: Snapshot,\n public readonly oldState: SnapshotState,\n public readonly newState: SnapshotState,\n ) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/volume-created.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Volume } from '../entities/volume.entity'\n\nexport class VolumeCreatedEvent {\n constructor(public readonly volume: Volume) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/volume-last-used-at-updated.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Volume } from '../entities/volume.entity'\n\nexport class VolumeLastUsedAtUpdatedEvent {\n constructor(public readonly volume: Volume) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/volume-state-updated.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Volume } from '../entities/volume.entity'\nimport { VolumeState } from '../enums/volume-state.enum'\n\nexport class VolumeStateUpdatedEvent {\n constructor(\n public readonly volume: Volume,\n public readonly oldState: VolumeState,\n public readonly newState: VolumeState,\n ) {}\n}\n" }, { "path": "apps/api/src/sandbox/events/warmpool-topup-requested.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { WarmPool } from '../entities/warm-pool.entity'\n\nexport class WarmPoolTopUpRequested {\n constructor(public readonly warmPool: WarmPool) {}\n}\n" }, { "path": "apps/api/src/sandbox/guards/job-access.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Injectable,\n CanActivate,\n ExecutionContext,\n NotFoundException,\n ForbiddenException,\n Logger,\n} from '@nestjs/common'\nimport { BaseAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { JobService } from '../services/job.service'\nimport { isRunnerContext, RunnerContext } from '../../common/interfaces/runner-context.interface'\n\n@Injectable()\nexport class JobAccessGuard implements CanActivate {\n private readonly logger = new Logger(JobAccessGuard.name)\n\n constructor(private readonly jobService: JobService) {}\n\n async canActivate(context: ExecutionContext): Promise {\n const request = context.switchToHttp().getRequest()\n const jobId: string = request.params.jobId || request.params.id\n\n // TODO: initialize authContext safely\n const authContext: BaseAuthContext = request.user\n\n try {\n const job = await this.jobService.findOne(jobId)\n if (!job) {\n throw new NotFoundException('Job not found')\n }\n\n if (!isRunnerContext(authContext)) {\n throw new ForbiddenException('User is not a runner')\n }\n\n const runnerContext = authContext as RunnerContext\n\n if (runnerContext.runnerId !== job.runnerId) {\n throw new ForbiddenException('Runner ID does not match job runner ID')\n }\n\n return true\n } catch (error) {\n if (!(error instanceof NotFoundException)) {\n this.logger.error(error)\n }\n throw new NotFoundException('Job not found')\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/guards/proxy.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, ExecutionContext, Logger, CanActivate } from '@nestjs/common'\nimport { getAuthContext } from '../../auth/get-auth-context'\nimport { isProxyContext } from '../../common/interfaces/proxy-context.interface'\n\n@Injectable()\nexport class ProxyGuard implements CanActivate {\n protected readonly logger = new Logger(ProxyGuard.name)\n\n async canActivate(context: ExecutionContext): Promise {\n // Throws if not proxy context\n getAuthContext(context, isProxyContext)\n return true\n }\n}\n" }, { "path": "apps/api/src/sandbox/guards/region-runner-access.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Injectable,\n CanActivate,\n ExecutionContext,\n NotFoundException,\n ForbiddenException,\n Logger,\n} from '@nestjs/common'\nimport { RunnerService } from '../services/runner.service'\nimport { BaseAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { isRegionProxyContext, RegionProxyContext } from '../../common/interfaces/region-proxy.interface'\nimport {\n isRegionSSHGatewayContext,\n RegionSSHGatewayContext,\n} from '../../common/interfaces/region-ssh-gateway.interface'\n\n@Injectable()\nexport class RegionRunnerAccessGuard implements CanActivate {\n private readonly logger = new Logger(RegionRunnerAccessGuard.name)\n\n constructor(private readonly runnerService: RunnerService) {}\n\n async canActivate(context: ExecutionContext): Promise {\n const request = context.switchToHttp().getRequest()\n const runnerId: string = request.params.runnerId || request.params.id\n\n const authContext: BaseAuthContext = request.user\n\n if (!isRegionProxyContext(authContext) && !isRegionSSHGatewayContext(authContext)) {\n return false\n }\n\n try {\n const regionContext = authContext as RegionProxyContext | RegionSSHGatewayContext\n const runner = await this.runnerService.findOneOrFail(runnerId)\n if (regionContext.regionId !== runner.region) {\n throw new ForbiddenException('Region ID does not match runner region ID')\n }\n return true\n } catch (error) {\n if (!(error instanceof NotFoundException)) {\n this.logger.error(error)\n }\n throw new NotFoundException('Runner not found')\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/guards/region-sandbox-access.guard.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, CanActivate, ExecutionContext, NotFoundException, ForbiddenException } from '@nestjs/common'\nimport { SandboxService } from '../services/sandbox.service'\nimport { BaseAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { isRegionProxyContext, RegionProxyContext } from '../../common/interfaces/region-proxy.interface'\nimport {\n isRegionSSHGatewayContext,\n RegionSSHGatewayContext,\n} from '../../common/interfaces/region-ssh-gateway.interface'\n\n@Injectable()\nexport class RegionSandboxAccessGuard implements CanActivate {\n constructor(private readonly sandboxService: SandboxService) {}\n\n async canActivate(context: ExecutionContext): Promise {\n const request = context.switchToHttp().getRequest()\n const sandboxId: string = request.params.sandboxId || request.params.id\n\n const authContext: BaseAuthContext = request.user\n\n if (!isRegionProxyContext(authContext) && !isRegionSSHGatewayContext(authContext)) {\n return false\n }\n\n try {\n const regionContext = authContext as RegionProxyContext | RegionSSHGatewayContext\n const sandboxRegionId = await this.sandboxService.getRegionId(sandboxId)\n if (sandboxRegionId !== regionContext.regionId) {\n throw new ForbiddenException(`Sandbox region ID does not match region ${regionContext.role} region ID`)\n }\n return true\n } catch (error) {\n if (!(error instanceof NotFoundException)) {\n console.error(error)\n }\n throw new NotFoundException(`Sandbox with ID or name ${sandboxId} not found`)\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/guards/runner-access.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Injectable,\n CanActivate,\n ExecutionContext,\n NotFoundException,\n ForbiddenException,\n Logger,\n} from '@nestjs/common'\nimport { RegionService } from '../../region/services/region.service'\nimport { RunnerService } from '../services/runner.service'\nimport { BaseAuthContext, OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { RegionType } from '../../region/enums/region-type.enum'\nimport { isRegionProxyContext } from '../../common/interfaces/region-proxy.interface'\nimport { isRegionSSHGatewayContext } from '../../common/interfaces/region-ssh-gateway.interface'\nimport { isProxyContext } from '../../common/interfaces/proxy-context.interface'\nimport { isSshGatewayContext } from '../../common/interfaces/ssh-gateway-context.interface'\n\n@Injectable()\nexport class RunnerAccessGuard implements CanActivate {\n private readonly logger = new Logger(RunnerAccessGuard.name)\n\n constructor(\n private readonly runnerService: RunnerService,\n private readonly regionService: RegionService,\n ) {}\n\n async canActivate(context: ExecutionContext): Promise {\n const request = context.switchToHttp().getRequest()\n const runnerId: string = request.params.runnerId || request.params.id\n\n // TODO: initialize authContext safely\n const authContext: BaseAuthContext = request.user\n\n try {\n const runner = await this.runnerService.findOneOrFail(runnerId)\n\n switch (true) {\n case isRegionProxyContext(authContext):\n case isRegionSSHGatewayContext(authContext): {\n // Use RunnerRegionAccessGuard to check access instead\n return false\n }\n case isProxyContext(authContext):\n case isSshGatewayContext(authContext):\n return true\n default: {\n const orgAuthContext = authContext as OrganizationAuthContext\n\n if (orgAuthContext.role !== SystemRole.ADMIN) {\n const region = await this.regionService.findOne(runner.region)\n if (!region) {\n throw new NotFoundException('Region not found')\n }\n if (region.organizationId !== orgAuthContext.organizationId) {\n throw new ForbiddenException('Request organization ID does not match resource organization ID')\n }\n if (region.regionType !== RegionType.CUSTOM) {\n throw new ForbiddenException('Runner is not in a custom region')\n }\n }\n return true\n }\n }\n } catch (error) {\n if (!(error instanceof NotFoundException)) {\n this.logger.error(error)\n }\n throw new NotFoundException('Runner not found')\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/guards/sandbox-access.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, CanActivate, ExecutionContext, NotFoundException, ForbiddenException } from '@nestjs/common'\nimport { SandboxService } from '../services/sandbox.service'\nimport { OrganizationAuthContext, BaseAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { isRunnerContext, RunnerContext } from '../../common/interfaces/runner-context.interface'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { isProxyContext } from '../../common/interfaces/proxy-context.interface'\nimport { isSshGatewayContext } from '../../common/interfaces/ssh-gateway-context.interface'\nimport { isRegionProxyContext } from '../../common/interfaces/region-proxy.interface'\nimport { isRegionSSHGatewayContext } from '../../common/interfaces/region-ssh-gateway.interface'\n\n@Injectable()\nexport class SandboxAccessGuard implements CanActivate {\n constructor(private readonly sandboxService: SandboxService) {}\n\n async canActivate(context: ExecutionContext): Promise {\n const request = context.switchToHttp().getRequest()\n // TODO: remove deprecated request.params.workspaceId param once we remove the deprecated workspace controller\n const sandboxIdOrName: string =\n request.params.sandboxIdOrName || request.params.sandboxId || request.params.id || request.params.workspaceId\n\n // TODO: initialize authContext safely\n const authContext: BaseAuthContext = request.user\n\n try {\n switch (true) {\n case isRunnerContext(authContext): {\n // For runner authentication, verify that the runner ID matches the sandbox's runner ID\n const runnerContext = authContext as RunnerContext\n const sandboxRunnerId = await this.sandboxService.getRunnerId(sandboxIdOrName)\n if (sandboxRunnerId !== runnerContext.runnerId) {\n throw new ForbiddenException('Runner ID does not match sandbox runner ID')\n }\n break\n }\n case isRegionProxyContext(authContext):\n case isRegionSSHGatewayContext(authContext): {\n // Use RegionSandboxAccessGuard to check access instead\n return false\n }\n case isProxyContext(authContext):\n case isSshGatewayContext(authContext):\n return true\n default: {\n // For user/organization authentication, check organization access\n const orgAuthContext = authContext as OrganizationAuthContext\n const sandboxOrganizationId = await this.sandboxService.getOrganizationId(\n sandboxIdOrName,\n orgAuthContext.organizationId,\n )\n if (orgAuthContext.role !== SystemRole.ADMIN && sandboxOrganizationId !== orgAuthContext.organizationId) {\n throw new ForbiddenException('Request organization ID does not match resource organization ID')\n }\n }\n }\n return true\n } catch (error) {\n if (!(error instanceof NotFoundException)) {\n console.error(error)\n }\n throw new NotFoundException(`Sandbox with ID or name ${sandboxIdOrName} not found`)\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/guards/snapshot-access.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, CanActivate, ExecutionContext, ForbiddenException, NotFoundException } from '@nestjs/common'\nimport { SnapshotService } from '../services/snapshot.service'\nimport {\n BaseAuthContext,\n isOrganizationAuthContext,\n OrganizationAuthContext,\n} from '../../common/interfaces/auth-context.interface'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { Snapshot } from '../entities/snapshot.entity'\nimport { isSshGatewayContext } from '../../common/interfaces/ssh-gateway-context.interface'\nimport { isProxyContext } from '../../common/interfaces/proxy-context.interface'\nimport { isRegionProxyContext, RegionProxyContext } from '../../common/interfaces/region-proxy.interface'\nimport {\n isRegionSSHGatewayContext,\n RegionSSHGatewayContext,\n} from '../../common/interfaces/region-ssh-gateway.interface'\n\n@Injectable()\nexport class SnapshotAccessGuard implements CanActivate {\n constructor(private readonly snapshotService: SnapshotService) {}\n\n async canActivate(context: ExecutionContext): Promise {\n const request = context.switchToHttp().getRequest()\n const snapshotId: string = request.params.snapshotId || request.params.id\n\n let snapshot: Snapshot\n\n // TODO: initialize authContext safely\n const authContext: BaseAuthContext = request.user\n\n try {\n snapshot = await this.snapshotService.getSnapshot(snapshotId)\n } catch {\n if (!isOrganizationAuthContext(authContext)) {\n throw new NotFoundException(`Snapshot with ID ${snapshotId} not found`)\n }\n\n // If not found by ID, try by name\n snapshot = await this.snapshotService.getSnapshotByName(snapshotId, authContext.organizationId)\n }\n\n try {\n switch (true) {\n case isRegionProxyContext(authContext):\n case isRegionSSHGatewayContext(authContext): {\n // For region proxy/ssh gateway authentication, verify that the runner's region ID matches the region ID\n const regionContext = authContext as RegionProxyContext | RegionSSHGatewayContext\n const isAvailable = await this.snapshotService.isAvailableInRegion(snapshot.id, regionContext.regionId)\n if (!isAvailable) {\n throw new NotFoundException(`Snapshot is not available in region ${regionContext.regionId}`)\n }\n break\n }\n case isProxyContext(authContext):\n case isSshGatewayContext(authContext):\n break\n default: {\n // For user/organization authentication, check organization access\n const orgAuthContext = authContext as OrganizationAuthContext\n if (orgAuthContext.role !== SystemRole.ADMIN && snapshot.organizationId !== orgAuthContext.organizationId) {\n throw new ForbiddenException('Request organization ID does not match resource organization ID')\n }\n }\n }\n\n request.snapshot = snapshot\n\n return true\n } catch (error) {\n if (!(error instanceof NotFoundException)) {\n console.error(error)\n }\n throw new NotFoundException(`Snapshot with ID or name ${snapshotId} not found`)\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/guards/snapshot-read-access.guard.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, CanActivate, ExecutionContext, ForbiddenException, NotFoundException } from '@nestjs/common'\nimport { SnapshotService } from '../services/snapshot.service'\nimport {\n BaseAuthContext,\n isOrganizationAuthContext,\n OrganizationAuthContext,\n} from '../../common/interfaces/auth-context.interface'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { Snapshot } from '../entities/snapshot.entity'\nimport { isSshGatewayContext } from '../../common/interfaces/ssh-gateway-context.interface'\nimport { isProxyContext } from '../../common/interfaces/proxy-context.interface'\nimport { isRegionProxyContext, RegionProxyContext } from '../../common/interfaces/region-proxy.interface'\nimport {\n isRegionSSHGatewayContext,\n RegionSSHGatewayContext,\n} from '../../common/interfaces/region-ssh-gateway.interface'\n\n@Injectable()\nexport class SnapshotReadAccessGuard implements CanActivate {\n constructor(private readonly snapshotService: SnapshotService) {}\n\n async canActivate(context: ExecutionContext): Promise {\n const request = context.switchToHttp().getRequest()\n const snapshotId: string = request.params.snapshotId || request.params.id\n\n let snapshot: Snapshot\n\n const authContext: BaseAuthContext = request.user\n\n try {\n snapshot = await this.snapshotService.getSnapshot(snapshotId)\n } catch {\n if (!isOrganizationAuthContext(authContext)) {\n throw new NotFoundException(`Snapshot with ID ${snapshotId} not found`)\n }\n\n snapshot = await this.snapshotService.getSnapshotByName(snapshotId, authContext.organizationId)\n }\n\n try {\n switch (true) {\n case isRegionProxyContext(authContext):\n case isRegionSSHGatewayContext(authContext): {\n const regionContext = authContext as RegionProxyContext | RegionSSHGatewayContext\n const isAvailable = await this.snapshotService.isAvailableInRegion(snapshot.id, regionContext.regionId)\n if (!isAvailable) {\n throw new NotFoundException(`Snapshot is not available in region ${regionContext.regionId}`)\n }\n break\n }\n case isProxyContext(authContext):\n case isSshGatewayContext(authContext):\n break\n default: {\n const orgAuthContext = authContext as OrganizationAuthContext\n if (\n orgAuthContext.role !== SystemRole.ADMIN &&\n snapshot.organizationId !== orgAuthContext.organizationId &&\n !snapshot.general\n ) {\n throw new ForbiddenException('Request organization ID does not match resource organization ID')\n }\n }\n }\n\n request.snapshot = snapshot\n\n return true\n } catch (error) {\n if (!(error instanceof NotFoundException)) {\n console.error(error)\n }\n throw new NotFoundException(`Snapshot with ID or name ${snapshotId} not found`)\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/guards/ssh-gateway.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, ExecutionContext, Logger, CanActivate } from '@nestjs/common'\nimport { getAuthContext } from '../../auth/get-auth-context'\nimport { isSshGatewayContext } from '../../common/interfaces/ssh-gateway-context.interface'\n\n@Injectable()\nexport class SshGatewayGuard implements CanActivate {\n protected readonly logger = new Logger(SshGatewayGuard.name)\n\n async canActivate(context: ExecutionContext): Promise {\n // Throws if not ssh gateway context\n getAuthContext(context, isSshGatewayContext)\n return true\n }\n}\n" }, { "path": "apps/api/src/sandbox/guards/volume-access.guard.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\nimport { Injectable, CanActivate, ExecutionContext, ForbiddenException, NotFoundException } from '@nestjs/common'\nimport { OrganizationAuthContext } from '../../common/interfaces/auth-context.interface'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { VolumeService } from '../services/volume.service'\n@Injectable()\nexport class VolumeAccessGuard implements CanActivate {\n constructor(private readonly volumeService: VolumeService) {}\n async canActivate(context: ExecutionContext): Promise {\n const request = context.switchToHttp().getRequest()\n\n const volumeId = request.params.volumeId || request.params.id\n const volumeName = request.params.name\n\n if (!volumeId && !volumeName) {\n throw new NotFoundException(`Volume not found`)\n }\n\n const authContext: OrganizationAuthContext = request.user\n\n try {\n const params = volumeId ? { id: volumeId } : { name: volumeName, organizationId: authContext.organizationId }\n const volumeOrganizationId = await this.volumeService.getOrganizationId(params)\n\n if (authContext.role !== SystemRole.ADMIN && volumeOrganizationId !== authContext.organizationId) {\n throw new ForbiddenException('Request organization ID does not match resource organization ID')\n }\n } catch {\n throw new NotFoundException(`Volume with ${volumeId ? 'ID' : 'name'} ${volumeId || volumeName} not found`)\n }\n\n return true\n }\n}\n" }, { "path": "apps/api/src/sandbox/managers/backup.manager.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger, OnApplicationShutdown } from '@nestjs/common'\nimport { Cron, CronExpression } from '@nestjs/schedule'\nimport { In, IsNull, LessThan, Not, Or } from 'typeorm'\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { RunnerService } from '../services/runner.service'\nimport { RunnerState } from '../enums/runner-state.enum'\nimport { BadRequestError } from '../../exceptions/bad-request.exception'\nimport { DockerRegistryService } from '../../docker-registry/services/docker-registry.service'\nimport { BackupState } from '../enums/backup-state.enum'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport { SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION } from '../constants/sandbox.constants'\nimport { fromAxiosError } from '../../common/utils/from-axios-error'\nimport { RedisLockProvider } from '../common/redis-lock.provider'\nimport { OnEvent } from '@nestjs/event-emitter'\nimport { SandboxEvents } from '../constants/sandbox-events.constants'\nimport { SandboxDestroyedEvent } from '../events/sandbox-destroyed.event'\nimport { SandboxBackupCreatedEvent } from '../events/sandbox-backup-created.event'\nimport { SandboxArchivedEvent } from '../events/sandbox-archived.event'\nimport { RunnerAdapterFactory } from '../runner-adapter/runnerAdapter'\nimport { TypedConfigService } from '../../config/typed-config.service'\n\nimport { TrackJobExecution } from '../../common/decorators/track-job-execution.decorator'\nimport { TrackableJobExecutions } from '../../common/interfaces/trackable-job-executions'\nimport { setTimeout } from 'timers/promises'\nimport { LogExecution } from '../../common/decorators/log-execution.decorator'\nimport { WithInstrumentation } from '../../common/decorators/otel.decorator'\nimport { DockerRegistry } from '../../docker-registry/entities/docker-registry.entity'\nimport { SandboxService } from '../services/sandbox.service'\nimport { SandboxRepository } from '../repositories/sandbox.repository'\n\n@Injectable()\nexport class BackupManager implements TrackableJobExecutions, OnApplicationShutdown {\n activeJobs = new Set()\n\n private readonly logger = new Logger(BackupManager.name)\n\n constructor(\n private readonly sandboxRepository: SandboxRepository,\n private readonly sandboxService: SandboxService,\n private readonly runnerService: RunnerService,\n private readonly runnerAdapterFactory: RunnerAdapterFactory,\n private readonly dockerRegistryService: DockerRegistryService,\n @InjectRedis() private readonly redis: Redis,\n private readonly redisLockProvider: RedisLockProvider,\n private readonly configService: TypedConfigService,\n ) {}\n\n // on init\n async onApplicationBootstrap() {\n await this.adHocBackupCheck()\n }\n\n async onApplicationShutdown() {\n // wait for all active jobs to finish\n while (this.activeJobs.size > 0) {\n this.logger.log(`Waiting for ${this.activeJobs.size} active jobs to finish`)\n await setTimeout(1000)\n }\n }\n\n // todo: make frequency configurable or more efficient\n @Cron(CronExpression.EVERY_5_MINUTES, { name: 'ad-hoc-backup-check' })\n @TrackJobExecution()\n @LogExecution('ad-hoc-backup-check')\n @WithInstrumentation()\n async adHocBackupCheck(): Promise {\n const lockKey = 'ad-hoc-backup-check'\n const hasLock = await this.redisLockProvider.lock(lockKey, 5 * 60)\n if (!hasLock) {\n return\n }\n\n // Get all ready runners\n const readyRunners = await this.runnerService.findAllReady()\n\n try {\n // Process all runners in parallel\n await Promise.all(\n readyRunners.map(async (runner) => {\n const sandboxes = await this.sandboxRepository.find({\n where: {\n runnerId: runner.id,\n organizationId: Not(SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION),\n state: SandboxState.STARTED,\n backupState: In([BackupState.NONE, BackupState.COMPLETED]),\n lastBackupAt: Or(IsNull(), LessThan(new Date(Date.now() - 1 * 60 * 60 * 1000))),\n autoDeleteInterval: Not(0),\n },\n order: {\n lastBackupAt: 'ASC',\n },\n // todo: increase this number when backup is stable\n take: 10,\n })\n\n await Promise.all(\n sandboxes.map(async (sandbox) => {\n const lockKey = `sandbox-backup-${sandbox.id}`\n const hasLock = await this.redisLockProvider.lock(lockKey, 60)\n if (!hasLock) {\n return\n }\n\n try {\n // todo: remove the catch handler asap\n await this.setBackupPending(sandbox).catch((error) => {\n if (error instanceof BadRequestError && error.message === 'A backup is already in progress') {\n return\n }\n this.logger.error(`Failed to create backup for sandbox ${sandbox.id}:`, fromAxiosError(error))\n })\n } catch (error) {\n this.logger.error(`Error processing stop state for sandbox ${sandbox.id}:`, fromAxiosError(error))\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }),\n )\n }),\n )\n } catch (error) {\n this.logger.error(`Error processing backups: `, error)\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'check-backup-states' })\n @TrackJobExecution()\n @LogExecution('check-backup-states')\n @WithInstrumentation()\n async checkBackupStates(): Promise {\n // lock the sync to only run one instance at a time\n const lockKey = 'check-backup-states'\n const hasLock = await this.redisLockProvider.lock(lockKey, 10)\n if (!hasLock) {\n return\n }\n\n try {\n const sandboxes = await this.sandboxRepository\n .createQueryBuilder('sandbox')\n .innerJoin('runner', 'r', 'r.id = sandbox.runnerId')\n .where('sandbox.state IN (:...states)', {\n states: [SandboxState.ARCHIVING, SandboxState.STARTED, SandboxState.STOPPED],\n })\n .andWhere('sandbox.backupState IN (:...backupStates)', {\n backupStates: [BackupState.PENDING, BackupState.IN_PROGRESS],\n })\n .andWhere('r.state = :ready', { ready: RunnerState.READY })\n // Prioritize manual archival action, then auto-archive poller, then ad-hoc backup poller\n .addSelect(\n `\n CASE sandbox.state\n WHEN :archiving THEN 1\n WHEN :stopped THEN 2\n WHEN :started THEN 3\n ELSE 999\n END\n `,\n 'state_priority',\n )\n .setParameters({\n archiving: SandboxState.ARCHIVING,\n stopped: SandboxState.STOPPED,\n started: SandboxState.STARTED,\n })\n .orderBy('state_priority', 'ASC')\n .addOrderBy('sandbox.lastBackupAt', 'ASC', 'NULLS FIRST') // Process sandboxes with no backups first\n .addOrderBy('sandbox.createdAt', 'ASC') // For equal lastBackupAt, process older sandboxes first\n .take(100)\n .getMany()\n\n await Promise.allSettled(\n sandboxes.map(async (s) => {\n const lockKey = `sandbox-backup-${s.id}`\n const hasLock = await this.redisLockProvider.lock(lockKey, 60)\n if (!hasLock) {\n return\n }\n\n try {\n // get the latest sandbox state\n const sandbox = await this.sandboxRepository.findOneByOrFail({\n id: s.id,\n })\n\n try {\n switch (sandbox.backupState) {\n case BackupState.PENDING: {\n await this.handlePendingBackup(sandbox)\n break\n }\n case BackupState.IN_PROGRESS: {\n await this.checkBackupProgress(sandbox)\n break\n }\n }\n } catch (error) {\n // if error, retry 10 times\n const errorRetryKey = `${lockKey}-error-retry`\n const errorRetryCount = await this.redis.get(errorRetryKey)\n if (!errorRetryCount) {\n await this.redis.setex(errorRetryKey, 300, '1')\n } else if (parseInt(errorRetryCount) > 10) {\n this.logger.error(`Error processing backup for sandbox ${sandbox.id}:`, fromAxiosError(error))\n await this.sandboxService.updateSandboxBackupState(\n sandbox.id,\n BackupState.ERROR,\n undefined,\n undefined,\n fromAxiosError(error).message,\n )\n } else {\n await this.redis.setex(errorRetryKey, 300, errorRetryCount + 1)\n }\n }\n } catch (error) {\n this.logger.error(`Error processing backup for sandbox ${s.id}:`, error)\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }),\n )\n } catch (error) {\n this.logger.error(`Error processing backups: `, error)\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'check-backup-states-errored-draining' })\n @TrackJobExecution()\n @LogExecution('check-backup-states-errored-draining')\n @WithInstrumentation()\n async checkBackupStatesForErroredDraining(): Promise {\n const lockKey = 'check-backup-states-errored-draining'\n const hasLock = await this.redisLockProvider.lock(lockKey, 10)\n if (!hasLock) {\n return\n }\n\n try {\n const sandboxes = await this.sandboxRepository\n .createQueryBuilder('sandbox')\n .innerJoin('runner', 'r', 'r.id = sandbox.runnerId')\n .where('sandbox.state = :error', { error: SandboxState.ERROR })\n .andWhere('sandbox.backupState IN (:...backupStates)', {\n backupStates: [BackupState.PENDING, BackupState.IN_PROGRESS],\n })\n .andWhere('r.state = :ready', { ready: RunnerState.READY })\n .andWhere('r.\"draining\" = true')\n .addOrderBy('sandbox.lastBackupAt', 'ASC', 'NULLS FIRST')\n .addOrderBy('sandbox.createdAt', 'ASC')\n .take(100)\n .getMany()\n\n await Promise.allSettled(\n sandboxes.map(async (s) => {\n const lockKey = `sandbox-backup-${s.id}`\n const hasLock = await this.redisLockProvider.lock(lockKey, 60)\n if (!hasLock) {\n return\n }\n\n try {\n const sandbox = await this.sandboxRepository.findOneByOrFail({\n id: s.id,\n })\n\n try {\n switch (sandbox.backupState) {\n case BackupState.PENDING: {\n await this.handlePendingBackup(sandbox)\n break\n }\n case BackupState.IN_PROGRESS: {\n await this.checkBackupProgress(sandbox)\n break\n }\n }\n } catch (error) {\n const errorRetryKey = `${lockKey}-error-retry`\n const errorRetryCount = await this.redis.get(errorRetryKey)\n if (!errorRetryCount) {\n await this.redis.setex(errorRetryKey, 300, '1')\n } else if (parseInt(errorRetryCount) > 10) {\n this.logger.error(\n `Error processing backup for errored sandbox ${sandbox.id} on draining runner:`,\n fromAxiosError(error),\n )\n await this.sandboxService.updateSandboxBackupState(\n sandbox.id,\n BackupState.ERROR,\n undefined,\n undefined,\n fromAxiosError(error).message,\n )\n } else {\n await this.redis.setex(errorRetryKey, 300, errorRetryCount + 1)\n }\n }\n } catch (error) {\n this.logger.error(`Error processing backup for errored sandbox ${s.id} on draining runner:`, error)\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }),\n )\n } catch (error) {\n this.logger.error(`Error processing backups for errored sandboxes on draining runners: `, error)\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'sync-stop-state-create-backups' })\n @TrackJobExecution()\n @LogExecution('sync-stop-state-create-backups')\n @WithInstrumentation()\n async syncStopStateCreateBackups(): Promise {\n const lockKey = 'sync-stop-state-create-backups'\n const hasLock = await this.redisLockProvider.lock(lockKey, 10)\n if (!hasLock) {\n return\n }\n\n try {\n const sandboxes = await this.sandboxRepository\n .createQueryBuilder('sandbox')\n .innerJoin('runner', 'r', 'r.id = sandbox.runnerId')\n .where('sandbox.state IN (:...states)', { states: [SandboxState.ARCHIVING, SandboxState.STOPPED] })\n .andWhere('sandbox.backupState = :none', { none: BackupState.NONE })\n .andWhere('r.state = :ready', { ready: RunnerState.READY })\n .take(100)\n .getMany()\n\n await Promise.allSettled(\n sandboxes\n .filter((sandbox) => sandbox.runnerId !== null)\n .map(async (sandbox) => {\n const lockKey = `sandbox-backup-${sandbox.id}`\n const hasLock = await this.redisLockProvider.lock(lockKey, 30)\n if (!hasLock) {\n return\n }\n\n try {\n await this.setBackupPending(sandbox)\n } catch (error) {\n this.logger.error(`Error processing backup for sandbox ${sandbox.id}:`, error)\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }),\n )\n } catch (error) {\n this.logger.error(`Error processing backups: `, error)\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n async setBackupPending(sandbox: Sandbox): Promise {\n if (sandbox.backupState === BackupState.COMPLETED) {\n return\n }\n\n // Allow backups for STARTED sandboxes, STOPPED/ERROR sandboxes with runnerId, or ARCHIVING sandboxes\n if (\n !(\n sandbox.state === SandboxState.STARTED ||\n sandbox.state === SandboxState.ARCHIVING ||\n (sandbox.state === SandboxState.STOPPED && sandbox.runnerId) ||\n (sandbox.state === SandboxState.ERROR && sandbox.runnerId)\n )\n ) {\n throw new BadRequestError('Sandbox must be started, stopped, or errored with assigned runner to create a backup')\n }\n\n if (sandbox.backupState === BackupState.IN_PROGRESS || sandbox.backupState === BackupState.PENDING) {\n return\n }\n\n let registry: DockerRegistry | null = null\n\n if (sandbox.backupRegistryId) {\n registry = await this.dockerRegistryService.findOne(sandbox.backupRegistryId)\n } else {\n registry = await this.dockerRegistryService.getAvailableBackupRegistry(sandbox.region)\n }\n\n if (!registry) {\n throw new BadRequestError('No backup registry configured')\n }\n // Generate backup snapshot name\n const timestamp = new Date().toISOString().replace(/[:.]/g, '-')\n const backupSnapshot = `${registry.url.replace('https://', '').replace('http://', '')}/${registry.project || 'daytona'}/backup-${sandbox.id}:${timestamp}`\n\n await this.sandboxService.updateSandboxBackupState(sandbox.id, BackupState.PENDING, backupSnapshot, registry.id)\n }\n\n private async checkBackupProgress(sandbox: Sandbox): Promise {\n try {\n const runner = await this.runnerService.findOneOrFail(sandbox.runnerId)\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n // Get sandbox info from runner\n const sandboxInfo = await runnerAdapter.sandboxInfo(sandbox.id)\n\n switch (sandboxInfo.backupState) {\n case BackupState.COMPLETED: {\n await this.sandboxService.updateSandboxBackupState(sandbox.id, BackupState.COMPLETED)\n break\n }\n case BackupState.ERROR: {\n await this.sandboxService.updateSandboxBackupState(\n sandbox.id,\n BackupState.ERROR,\n undefined,\n undefined,\n sandboxInfo.backupErrorReason,\n )\n break\n }\n // If backup state is none, retry the backup process by setting the backup state to pending\n // This can happen if the runner is restarted or the operation is cancelled\n case BackupState.NONE: {\n await this.sandboxService.updateSandboxBackupState(sandbox.id, BackupState.PENDING)\n break\n }\n // If still in progress or any other state, do nothing and wait for next sync\n }\n } catch (error) {\n await this.sandboxService.updateSandboxBackupState(\n sandbox.id,\n BackupState.ERROR,\n undefined,\n undefined,\n fromAxiosError(error).message,\n )\n throw error\n }\n }\n\n private async deleteSandboxBackupRepositoryFromRegistry(sandbox: Sandbox): Promise {\n const registry = await this.dockerRegistryService.findOne(sandbox.backupRegistryId)\n\n try {\n await this.dockerRegistryService.deleteSandboxRepository(sandbox.id, registry)\n } catch (error) {\n this.logger.error(\n `Failed to delete backup repository ${sandbox.id} from registry ${registry.id}:`,\n fromAxiosError(error),\n )\n }\n }\n\n private async handlePendingBackup(sandbox: Sandbox): Promise {\n const lockKey = `runner-${sandbox.runnerId}-backup-lock`\n try {\n await this.redisLockProvider.waitForLock(lockKey, 10)\n\n const backupsInProgress = await this.sandboxRepository.count({\n where: {\n runnerId: sandbox.runnerId,\n backupState: BackupState.IN_PROGRESS,\n },\n })\n if (backupsInProgress >= this.configService.getOrThrow('maxConcurrentBackupsPerRunner')) {\n return\n }\n\n const registry = await this.dockerRegistryService.findOne(sandbox.backupRegistryId)\n if (!registry) {\n throw new Error('Registry not found')\n }\n\n const runner = await this.runnerService.findOneOrFail(sandbox.runnerId)\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n // check if backup is already in progress on the runner\n const runnerSandbox = await runnerAdapter.sandboxInfo(sandbox.id)\n if (runnerSandbox.backupState === BackupState.IN_PROGRESS) {\n await this.sandboxService.updateSandboxBackupState(sandbox.id, BackupState.IN_PROGRESS)\n return\n }\n\n // Initiate backup on runner\n await runnerAdapter.createBackup(sandbox, sandbox.backupSnapshot, registry)\n\n await this.sandboxService.updateSandboxBackupState(sandbox.id, BackupState.IN_PROGRESS)\n } catch (error) {\n if (error.response?.status === 400 && error.response?.data?.message.includes('A backup is already in progress')) {\n await this.sandboxService.updateSandboxBackupState(sandbox.id, BackupState.IN_PROGRESS)\n return\n }\n await this.sandboxService.updateSandboxBackupState(\n sandbox.id,\n BackupState.ERROR,\n undefined,\n undefined,\n fromAxiosError(error).message,\n )\n throw error\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @OnEvent(SandboxEvents.ARCHIVED)\n @TrackJobExecution()\n private async handleSandboxArchivedEvent(event: SandboxArchivedEvent) {\n this.setBackupPending(event.sandbox)\n }\n\n @OnEvent(SandboxEvents.DESTROYED)\n @TrackJobExecution()\n private async handleSandboxDestroyedEvent(event: SandboxDestroyedEvent) {\n this.deleteSandboxBackupRepositoryFromRegistry(event.sandbox)\n }\n\n @OnEvent(SandboxEvents.BACKUP_CREATED)\n @TrackJobExecution()\n private async handleSandboxBackupCreatedEvent(event: SandboxBackupCreatedEvent) {\n this.setBackupPending(event.sandbox)\n }\n}\n" }, { "path": "apps/api/src/sandbox/managers/sandbox-actions/sandbox-archive.action.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { Sandbox } from '../../entities/sandbox.entity'\nimport { SandboxState } from '../../enums/sandbox-state.enum'\nimport { DONT_SYNC_AGAIN, SandboxAction, SyncState, SYNC_AGAIN } from './sandbox.action'\nimport { BackupState } from '../../enums/backup-state.enum'\nimport { LockCode, RedisLockProvider } from '../../common/redis-lock.provider'\nimport { RunnerService } from '../../services/runner.service'\nimport { SandboxRepository } from '../../repositories/sandbox.repository'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport Redis from 'ioredis'\nimport { RunnerAdapterFactory } from '../../runner-adapter/runnerAdapter'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { SandboxEvents } from '../../constants/sandbox-events.constants'\nimport { SandboxBackupCreatedEvent } from '../../events/sandbox-backup-created.event'\nimport { WithSpan } from '../../../common/decorators/otel.decorator'\n\n@Injectable()\nexport class SandboxArchiveAction extends SandboxAction {\n constructor(\n protected runnerService: RunnerService,\n protected runnerAdapterFactory: RunnerAdapterFactory,\n protected sandboxRepository: SandboxRepository,\n protected readonly redisLockProvider: RedisLockProvider,\n @InjectRedis() private readonly redis: Redis,\n private readonly eventEmitter: EventEmitter2,\n ) {\n super(runnerService, runnerAdapterFactory, sandboxRepository, redisLockProvider)\n }\n\n @WithSpan()\n async run(sandbox: Sandbox, lockCode: LockCode): Promise {\n // Only proceed with archiving if the sandbox is in STOPPED, ARCHIVING or ERROR (runner draining) state.\n // For all other states, do not proceed with archiving.\n if (\n sandbox.state !== SandboxState.STOPPED &&\n sandbox.state !== SandboxState.ARCHIVING &&\n sandbox.state !== SandboxState.ERROR\n ) {\n return DONT_SYNC_AGAIN\n }\n\n const lockKey = 'archive-lock-' + sandbox.runnerId\n if (!(await this.redisLockProvider.lock(lockKey, 10))) {\n return DONT_SYNC_AGAIN\n }\n\n const isFromErrorState = sandbox.state === SandboxState.ERROR\n\n await this.redisLockProvider.unlock(lockKey)\n\n // if the backup state is error, we need to retry the backup\n if (sandbox.backupState === BackupState.ERROR) {\n const archiveErrorRetryKey = 'archive-error-retry-' + sandbox.id\n const archiveErrorRetryCountRaw = await this.redis.get(archiveErrorRetryKey)\n const archiveErrorRetryCount = archiveErrorRetryCountRaw ? parseInt(archiveErrorRetryCountRaw) : 0\n // if the archive error retry count is greater than 3, we need to mark the sandbox as error\n if (archiveErrorRetryCount > 3) {\n // Only transition to ERROR if not already in ERROR state\n if (!isFromErrorState) {\n await this.updateSandboxState(\n sandbox,\n SandboxState.ERROR,\n lockCode,\n undefined,\n 'Failed to archive sandbox after 3 retries',\n )\n }\n await this.redis.del(archiveErrorRetryKey)\n return DONT_SYNC_AGAIN\n }\n await this.redis.setex('archive-error-retry-' + sandbox.id, 720, String(archiveErrorRetryCount + 1))\n\n // recreate the backup to retry\n this.eventEmitter.emit(SandboxEvents.BACKUP_CREATED, new SandboxBackupCreatedEvent(sandbox))\n\n return DONT_SYNC_AGAIN\n }\n\n if (sandbox.backupState !== BackupState.COMPLETED) {\n return DONT_SYNC_AGAIN\n }\n\n // when the backup is completed, destroy the sandbox on the runner\n // and deassociate the sandbox from the runner\n const runner = await this.runnerService.findOneOrFail(sandbox.runnerId)\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n try {\n const sandboxInfo = await runnerAdapter.sandboxInfo(sandbox.id)\n this.logger.log(`sandbox info from runner: state: ${sandboxInfo.state}, backupState: ${sandboxInfo.backupState}`)\n if (sandboxInfo.state === SandboxState.DESTROYED) {\n if (isFromErrorState) {\n this.logger.warn(`Transitioning sandbox ${sandbox.id} from ERROR to ARCHIVED state (runner draining)`)\n }\n\n await this.updateSandboxState(sandbox, SandboxState.ARCHIVED, lockCode, null)\n return DONT_SYNC_AGAIN\n }\n\n if (sandboxInfo.state !== SandboxState.DESTROYING) {\n await runnerAdapter.destroySandbox(sandbox.id)\n }\n\n return SYNC_AGAIN\n } catch (error) {\n // fail for errors other than sandbox not found or sandbox already destroyed\n if (\n (error.response?.data?.statusCode === 400 &&\n error.response?.data?.message.includes('Sandbox already destroyed')) ||\n error.response?.status === 404 ||\n error.statusCode === 404\n ) {\n // if the sandbox is already destroyed, do nothing\n if (isFromErrorState) {\n this.logger.warn(`Transitioning sandbox ${sandbox.id} from ERROR to ARCHIVED state (runner draining)`)\n }\n\n await this.updateSandboxState(sandbox, SandboxState.ARCHIVED, lockCode, null)\n return DONT_SYNC_AGAIN\n }\n\n throw error\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/managers/sandbox-actions/sandbox-destroy.action.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { Sandbox } from '../../entities/sandbox.entity'\nimport { SandboxState } from '../../enums/sandbox-state.enum'\nimport { DONT_SYNC_AGAIN, SandboxAction, SyncState, SYNC_AGAIN } from './sandbox.action'\nimport { RunnerState } from '../../enums/runner-state.enum'\nimport { RunnerService } from '../../services/runner.service'\nimport { RunnerAdapterFactory } from '../../runner-adapter/runnerAdapter'\nimport { SandboxRepository } from '../../repositories/sandbox.repository'\nimport { LockCode, RedisLockProvider } from '../../common/redis-lock.provider'\nimport { WithSpan } from '../../../common/decorators/otel.decorator'\n\n@Injectable()\nexport class SandboxDestroyAction extends SandboxAction {\n constructor(\n protected runnerService: RunnerService,\n protected runnerAdapterFactory: RunnerAdapterFactory,\n protected sandboxRepository: SandboxRepository,\n protected redisLockProvider: RedisLockProvider,\n ) {\n super(runnerService, runnerAdapterFactory, sandboxRepository, redisLockProvider)\n }\n\n @WithSpan()\n async run(sandbox: Sandbox, lockCode: LockCode): Promise {\n if (sandbox.state === SandboxState.DESTROYED) {\n return DONT_SYNC_AGAIN\n }\n\n if (sandbox.state === SandboxState.ARCHIVED || sandbox.state === SandboxState.PENDING_BUILD) {\n await this.updateSandboxState(sandbox, SandboxState.DESTROYED, lockCode)\n return DONT_SYNC_AGAIN\n }\n\n const runner = await this.runnerService.findOneOrFail(sandbox.runnerId)\n if (runner.state !== RunnerState.READY) {\n return DONT_SYNC_AGAIN\n }\n\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n try {\n const sandboxInfo = await runnerAdapter.sandboxInfo(sandbox.id)\n\n if (sandboxInfo.state === SandboxState.DESTROYED) {\n await this.updateSandboxState(sandbox, SandboxState.DESTROYED, lockCode)\n return DONT_SYNC_AGAIN\n }\n\n if (sandbox.state !== SandboxState.DESTROYING) {\n await runnerAdapter.destroySandbox(sandbox.id)\n await this.updateSandboxState(sandbox, SandboxState.DESTROYING, lockCode)\n }\n\n return SYNC_AGAIN\n } catch (error) {\n // if the sandbox is not found on runner, it is already destroyed\n if (error.response?.status === 404 || error.statusCode === 404) {\n await this.updateSandboxState(sandbox, SandboxState.DESTROYED, lockCode)\n return DONT_SYNC_AGAIN\n }\n\n throw error\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/managers/sandbox-actions/sandbox-start.action.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger, NotFoundException } from '@nestjs/common'\nimport { SandboxRepository } from '../../repositories/sandbox.repository'\nimport { RECOVERY_ERROR_SUBSTRINGS } from '../../constants/errors-for-recovery'\nimport { Sandbox } from '../../entities/sandbox.entity'\nimport { SandboxState } from '../../enums/sandbox-state.enum'\nimport { DONT_SYNC_AGAIN, SandboxAction, SYNC_AGAIN, SyncState } from './sandbox.action'\nimport { SANDBOX_BUILD_INFO_CACHE_TTL_MS } from '../../utils/sandbox-lookup-cache.util'\nimport { SnapshotRunnerState } from '../../enums/snapshot-runner-state.enum'\nimport { BackupState } from '../../enums/backup-state.enum'\nimport { RunnerState } from '../../enums/runner-state.enum'\nimport { BuildInfo } from '../../entities/build-info.entity'\nimport { SnapshotService } from '../../services/snapshot.service'\nimport { DockerRegistryService } from '../../../docker-registry/services/docker-registry.service'\nimport { DockerRegistry } from '../../../docker-registry/entities/docker-registry.entity'\nimport { RunnerService } from '../../services/runner.service'\nimport { RunnerAdapterFactory } from '../../runner-adapter/runnerAdapter'\nimport { SnapshotStateError } from '../../errors/snapshot-state-error'\nimport { Snapshot } from '../../entities/snapshot.entity'\nimport { OrganizationService } from '../../../organization/services/organization.service'\nimport { TypedConfigService } from '../../../config/typed-config.service'\nimport { Runner } from '../../entities/runner.entity'\nimport { Organization } from '../../../organization/entities/organization.entity'\nimport { LockCode, RedisLockProvider } from '../../common/redis-lock.provider'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport Redis from 'ioredis'\nimport { WithSpan } from '../../../common/decorators/otel.decorator'\n\n@Injectable()\nexport class SandboxStartAction extends SandboxAction {\n protected readonly logger = new Logger(SandboxStartAction.name)\n constructor(\n protected runnerService: RunnerService,\n protected runnerAdapterFactory: RunnerAdapterFactory,\n protected sandboxRepository: SandboxRepository,\n protected readonly snapshotService: SnapshotService,\n protected readonly dockerRegistryService: DockerRegistryService,\n protected readonly organizationService: OrganizationService,\n protected readonly configService: TypedConfigService,\n protected readonly redisLockProvider: RedisLockProvider,\n @InjectRedis() private readonly redis: Redis,\n ) {\n super(runnerService, runnerAdapterFactory, sandboxRepository, redisLockProvider)\n }\n\n @WithSpan()\n async run(sandbox: Sandbox, lockCode: LockCode): Promise {\n // Load buildInfo only for states that need it — avoids a JOIN+DISTINCT in the\n // shared syncInstanceState query that stop/destroy/archive paths never use.\n if (\n sandbox.snapshot === null &&\n [SandboxState.PENDING_BUILD, SandboxState.BUILDING_SNAPSHOT, SandboxState.UNKNOWN].includes(sandbox.state)\n ) {\n await this.loadBuildInfo(sandbox)\n }\n\n switch (sandbox.state) {\n case SandboxState.PULLING_SNAPSHOT: {\n if (!sandbox.runnerId) {\n // Using the PULLING_SNAPSHOT state for the case where the runner isn't assigned yet as well\n return this.handleUnassignedRunnerSandbox(sandbox, lockCode)\n } else {\n return this.handleRunnerSandboxStartedStateCheck(sandbox, lockCode)\n }\n }\n case SandboxState.PENDING_BUILD: {\n return this.handleUnassignedRunnerSandbox(sandbox, lockCode, true)\n }\n case SandboxState.BUILDING_SNAPSHOT: {\n return this.handleRunnerSandboxBuildingSnapshotStateOnDesiredStateStart(sandbox, lockCode)\n }\n case SandboxState.UNKNOWN: {\n return this.handleRunnerSandboxUnknownStateOnDesiredStateStart(sandbox, lockCode)\n }\n case SandboxState.ARCHIVED:\n case SandboxState.ARCHIVING:\n case SandboxState.STOPPED: {\n return this.handleRunnerSandboxStoppedOrArchivedStateOnDesiredStateStart(sandbox, lockCode)\n }\n case SandboxState.RESTORING:\n case SandboxState.CREATING:\n case SandboxState.STARTING: {\n return this.handleRunnerSandboxStartedStateCheck(sandbox, lockCode)\n }\n case SandboxState.ERROR: {\n this.logger.error(`Sandbox ${sandbox.id} is in error state on desired state start`)\n return DONT_SYNC_AGAIN\n }\n }\n\n return DONT_SYNC_AGAIN\n }\n\n /**\n * Loads the buildInfo relation for a sandbox.\n * Uses QueryBuilder with getMany() to avoid the SELECT DISTINCT subquery\n * that TypeORM generates when combining relations with findOne/LIMIT.\n * Since sandbox.id is a PK and BuildInfo is @ManyToOne, at most one row is returned.\n */\n private async loadBuildInfo(sandbox: Sandbox): Promise {\n const [result] = await this.sandboxRepository\n .createQueryBuilder('sandbox')\n .leftJoinAndSelect('sandbox.buildInfo', 'buildInfo')\n .where('sandbox.id = :id', { id: sandbox.id })\n .cache(`sandbox:buildInfo:${sandbox.id}`, SANDBOX_BUILD_INFO_CACHE_TTL_MS)\n .getMany()\n sandbox.buildInfo = result?.buildInfo ?? null\n }\n\n private async handleRunnerSandboxBuildingSnapshotStateOnDesiredStateStart(\n sandbox: Sandbox,\n lockCode: LockCode,\n ): Promise {\n // Check for timeout - allow up to 60 minutes since the last sandbox update\n const timeoutMinutes = 60\n const timeoutMs = timeoutMinutes * 60 * 1000\n\n if (sandbox.updatedAt && Date.now() - sandbox.updatedAt.getTime() > timeoutMs) {\n await this.updateSandboxState(\n sandbox,\n SandboxState.BUILD_FAILED,\n lockCode,\n undefined,\n 'Timeout while building snapshot on runner',\n )\n return DONT_SYNC_AGAIN\n }\n\n const snapshotRunner = await this.runnerService.getSnapshotRunner(sandbox.runnerId, sandbox.buildInfo.snapshotRef)\n if (snapshotRunner) {\n switch (snapshotRunner.state) {\n case SnapshotRunnerState.READY: {\n // TODO: \"UNKNOWN\" should probably be changed to something else\n await this.updateSandboxState(sandbox, SandboxState.UNKNOWN, lockCode)\n return SYNC_AGAIN\n }\n case SnapshotRunnerState.ERROR: {\n await this.updateSandboxState(\n sandbox,\n SandboxState.BUILD_FAILED,\n lockCode,\n undefined,\n snapshotRunner.errorReason,\n )\n return DONT_SYNC_AGAIN\n }\n }\n }\n if (!snapshotRunner || snapshotRunner.state === SnapshotRunnerState.BUILDING_SNAPSHOT) {\n // Sleep for a second and go back to syncing instance state\n await new Promise((resolve) => setTimeout(resolve, 1000))\n return SYNC_AGAIN\n }\n\n return DONT_SYNC_AGAIN\n }\n\n private async handleUnassignedRunnerSandbox(\n sandbox: Sandbox,\n lockCode: LockCode,\n isBuild = false,\n ): Promise {\n // Get snapshot reference based on whether it's a pull or build operation\n let snapshotRef: string\n\n if (isBuild) {\n snapshotRef = sandbox.buildInfo.snapshotRef\n } else {\n const snapshot = await this.snapshotService.getSnapshotByName(sandbox.snapshot, sandbox.organizationId)\n snapshotRef = snapshot.ref\n }\n\n const declarativeBuildScoreThreshold = this.configService.get('runnerScore.thresholds.declarativeBuild')\n\n // Try to assign an available runner with the snapshot already available\n try {\n const runner = await this.runnerService.getRandomAvailableRunner({\n regions: [sandbox.region],\n sandboxClass: sandbox.class,\n snapshotRef: snapshotRef,\n ...(isBuild &&\n declarativeBuildScoreThreshold !== undefined && {\n availabilityScoreThreshold: declarativeBuildScoreThreshold,\n }),\n })\n if (runner) {\n await this.updateSandboxState(sandbox, SandboxState.UNKNOWN, lockCode, runner.id)\n return SYNC_AGAIN\n }\n } catch {\n // Continue to next assignment method\n }\n\n // Try to assign an available runner that is currently processing the snapshot\n const snapshotRunners = await this.runnerService.getSnapshotRunners(snapshotRef)\n const targetState = isBuild ? SnapshotRunnerState.BUILDING_SNAPSHOT : SnapshotRunnerState.PULLING_SNAPSHOT\n const targetSandboxState = isBuild ? SandboxState.BUILDING_SNAPSHOT : SandboxState.PULLING_SNAPSHOT\n const errorSandboxState = isBuild ? SandboxState.BUILD_FAILED : SandboxState.ERROR\n\n for (const snapshotRunner of snapshotRunners) {\n // Consider removing the runner usage rate check or improving it\n const runner = await this.runnerService.findOneOrFail(snapshotRunner.runnerId)\n\n if (snapshotRunner.state === SnapshotRunnerState.ERROR) {\n await this.updateSandboxState(sandbox, errorSandboxState, lockCode, runner.id, snapshotRunner.errorReason)\n return DONT_SYNC_AGAIN\n }\n\n if (runner.unschedulable || runner.draining || runner.state !== RunnerState.READY) {\n continue\n }\n\n if (declarativeBuildScoreThreshold === undefined || runner.availabilityScore >= declarativeBuildScoreThreshold) {\n if (snapshotRunner.state === targetState) {\n await this.updateSandboxState(sandbox, targetSandboxState, lockCode, runner.id)\n return SYNC_AGAIN\n }\n }\n }\n\n // Get excluded runner IDs based on operation type\n const excludedRunnerIds = await (isBuild\n ? this.runnerService.getRunnersWithMultipleSnapshotsBuilding()\n : this.runnerService.getRunnersWithMultipleSnapshotsPulling())\n\n // Try to assign an available runner to start processing the snapshot\n let runner: Runner\n\n try {\n runner = await this.runnerService.getRandomAvailableRunner({\n regions: [sandbox.region],\n sandboxClass: sandbox.class,\n excludedRunnerIds: excludedRunnerIds,\n ...(isBuild &&\n declarativeBuildScoreThreshold !== undefined && {\n availabilityScoreThreshold: declarativeBuildScoreThreshold,\n }),\n })\n } catch {\n // TODO: reconsider the timeout here\n // No runners available, wait for 3 seconds and retry\n await new Promise((resolve) => setTimeout(resolve, 3000))\n return SYNC_AGAIN\n }\n\n if (isBuild) {\n this.buildOnRunner(sandbox.buildInfo, runner, sandbox.organizationId)\n await this.updateSandboxState(sandbox, SandboxState.BUILDING_SNAPSHOT, lockCode, runner.id)\n } else {\n const snapshot = await this.snapshotService.getSnapshotByName(sandbox.snapshot, sandbox.organizationId)\n await this.runnerService.createSnapshotRunnerEntry(runner.id, snapshot.ref, SnapshotRunnerState.PULLING_SNAPSHOT)\n this.pullSnapshotToRunner(snapshot, runner)\n await this.updateSandboxState(sandbox, SandboxState.PULLING_SNAPSHOT, lockCode, runner.id)\n }\n\n return SYNC_AGAIN\n }\n\n async pullSnapshotToRunner(snapshot: Snapshot, runner: Runner) {\n const internalRegistry = await this.dockerRegistryService.findInternalRegistryBySnapshotRef(\n snapshot.ref,\n runner.region,\n )\n if (!internalRegistry) {\n throw new Error('No internal registry found for sandbox snapshot')\n }\n\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n // Fire the pull request (runner returns 202 immediately)\n await runnerAdapter.pullSnapshot(snapshot.ref, internalRegistry)\n\n const pollTimeoutMs = 60 * 60 * 1_000 // 1 hour\n const pollIntervalMs = 5 * 1_000 // 5 seconds\n const startTime = Date.now()\n\n while (Date.now() - startTime < pollTimeoutMs) {\n try {\n await runnerAdapter.getSnapshotInfo(snapshot.ref)\n return\n } catch (err) {\n if (err instanceof SnapshotStateError) {\n throw err\n }\n }\n await new Promise((resolve) => setTimeout(resolve, pollIntervalMs))\n }\n }\n\n // Initiates the snapshot build on the runner and creates an SnapshotRunner depending on the result\n async buildOnRunner(buildInfo: BuildInfo, runner: Runner, organizationId: string) {\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n const sourceRegistries = await this.dockerRegistryService.getSourceRegistriesForDockerfile(\n buildInfo.dockerfileContent,\n organizationId,\n )\n\n // Fire build request (runner returns 202 immediately)\n await runnerAdapter.buildSnapshot(\n buildInfo,\n organizationId,\n sourceRegistries.length > 0 ? sourceRegistries : undefined,\n )\n\n const pollTimeoutMs = 60 * 60 * 1_000 // 1 hour\n const pollIntervalMs = 5 * 1_000 // 5 seconds\n const startTime = Date.now()\n\n while (Date.now() - startTime < pollTimeoutMs) {\n try {\n await runnerAdapter.getSnapshotInfo(buildInfo.snapshotRef)\n break\n } catch (err) {\n if (err instanceof SnapshotStateError) {\n await this.runnerService.createSnapshotRunnerEntry(\n runner.id,\n buildInfo.snapshotRef,\n SnapshotRunnerState.ERROR,\n err.message,\n )\n return\n }\n await new Promise((resolve) => setTimeout(resolve, pollIntervalMs))\n }\n }\n\n if (Date.now() - startTime >= pollTimeoutMs) {\n await this.runnerService.createSnapshotRunnerEntry(\n runner.id,\n buildInfo.snapshotRef,\n SnapshotRunnerState.ERROR,\n 'Timeout while building',\n )\n return\n }\n\n const exists = await runnerAdapter.snapshotExists(buildInfo.snapshotRef)\n let state = SnapshotRunnerState.BUILDING_SNAPSHOT\n if (exists) {\n state = SnapshotRunnerState.READY\n }\n\n await this.runnerService.createSnapshotRunnerEntry(runner.id, buildInfo.snapshotRef, state)\n }\n\n private async handleRunnerSandboxUnknownStateOnDesiredStateStart(\n sandbox: Sandbox,\n lockCode: LockCode,\n ): Promise {\n const runner = await this.runnerService.findOneOrFail(sandbox.runnerId)\n if (runner.state !== RunnerState.READY) {\n return DONT_SYNC_AGAIN\n }\n\n const organization = await this.organizationService.findOne(sandbox.organizationId)\n\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n let internalRegistry: DockerRegistry\n let entrypoint: string[]\n if (!sandbox.buildInfo) {\n // get internal snapshot name\n const snapshot = await this.snapshotService.getSnapshotByName(sandbox.snapshot, sandbox.organizationId)\n const snapshotRef = snapshot.ref\n\n internalRegistry = await this.dockerRegistryService.findInternalRegistryBySnapshotRef(snapshotRef, runner.region)\n if (!internalRegistry) {\n throw new Error('No registry found for snapshot')\n }\n\n sandbox.snapshot = snapshotRef\n entrypoint = snapshot.entrypoint\n } else {\n sandbox.snapshot = sandbox.buildInfo.snapshotRef\n entrypoint = this.snapshotService.getEntrypointFromDockerfile(sandbox.buildInfo.dockerfileContent)\n }\n\n const metadata = {\n ...organization?.sandboxMetadata,\n sandboxName: sandbox.name,\n }\n\n const result = await runnerAdapter.createSandbox(\n sandbox,\n internalRegistry,\n entrypoint,\n metadata,\n this.configService.get('sandboxOtel.endpointUrl'),\n )\n\n await this.updateSandboxState(sandbox, SandboxState.CREATING, lockCode, undefined, undefined, result?.daemonVersion)\n // sync states again immediately for sandbox\n return SYNC_AGAIN\n }\n\n private async handleRunnerSandboxStoppedOrArchivedStateOnDesiredStateStart(\n sandbox: Sandbox,\n lockCode: LockCode,\n ): Promise {\n const organization = await this.organizationService.findOne(sandbox.organizationId)\n\n // check if sandbox is assigned to a runner and if that runner is unschedulable\n // if it is, move sandbox to prevRunnerId, and set runnerId to null\n // this will assign a new runner to the sandbox and restore the sandbox from the latest backup\n if (sandbox.runnerId) {\n const runner = await this.runnerService.findOneOrFail(sandbox.runnerId)\n const originalRunnerId = sandbox.runnerId // Store original value\n\n const startScoreThreshold = this.configService.get('runnerScore.thresholds.start') || 0\n\n const shouldMoveToNewRunner =\n (runner.unschedulable || runner.state != RunnerState.READY || runner.availabilityScore < startScoreThreshold) &&\n sandbox.backupState === BackupState.COMPLETED\n\n // if the runner is unschedulable/not ready and sandbox has a valid backup, move sandbox to a new runner\n if (shouldMoveToNewRunner) {\n sandbox.prevRunnerId = originalRunnerId\n sandbox.runnerId = null\n\n await this.sandboxRepository.update(\n sandbox.id,\n {\n updateData: {\n prevRunnerId: originalRunnerId,\n runnerId: null,\n },\n },\n true,\n )\n }\n\n // If the sandbox is on a runner and its backupState is COMPLETED\n // but there are too many running sandboxes on that runner, move it to a less used runner\n if (sandbox.backupState === BackupState.COMPLETED) {\n if (runner.availabilityScore < this.configService.getOrThrow('runnerScore.thresholds.availability')) {\n const availableRunners = await this.runnerService.findAvailableRunners({\n regions: [sandbox.region],\n sandboxClass: sandbox.class,\n })\n const lessUsedRunners = availableRunners.filter((runner) => runner.id !== originalRunnerId)\n\n // temp workaround to move sandboxes to less used runner\n if (lessUsedRunners.length > 0) {\n sandbox.prevRunnerId = originalRunnerId\n sandbox.runnerId = null\n\n await this.sandboxRepository.update(\n sandbox.id,\n {\n updateData: {\n prevRunnerId: originalRunnerId,\n runnerId: null,\n },\n },\n true,\n )\n try {\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n await runnerAdapter.destroySandbox(sandbox.id)\n } catch (e) {\n if (e.response?.status !== 404 && e.statusCode !== 404) {\n this.logger.error(`Failed to cleanup sandbox ${sandbox.id} on previous runner ${runner.id}:`, e)\n }\n }\n }\n }\n }\n }\n\n if (sandbox.runnerId === null) {\n // if sandbox has no runner, check if backup is completed\n // if not, set sandbox to error\n // if backup is completed, get random available runner and start sandbox\n // use the backup to start the sandbox\n\n if (sandbox.backupState !== BackupState.COMPLETED) {\n await this.updateSandboxState(\n sandbox,\n SandboxState.ERROR,\n lockCode,\n undefined,\n 'Sandbox has no runner and backup is not completed',\n )\n return DONT_SYNC_AGAIN\n }\n\n const syncCheck = await this.restoreSandboxOnNewRunner(sandbox, lockCode, organization, sandbox.prevRunnerId)\n if (syncCheck !== null) {\n return syncCheck\n }\n } else {\n // if sandbox has runner, start sandbox\n const runner = await this.runnerService.findOneOrFail(sandbox.runnerId)\n\n if (runner.state !== RunnerState.READY) {\n return DONT_SYNC_AGAIN\n }\n\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n const metadata: { [key: string]: string } = { ...organization?.sandboxMetadata }\n if (sandbox.volumes?.length) {\n metadata['volumes'] = JSON.stringify(\n sandbox.volumes.map((v) => ({ volumeId: v.volumeId, mountPath: v.mountPath, subpath: v.subpath })),\n )\n }\n\n try {\n await runnerAdapter.startSandbox(sandbox.id, sandbox.authToken, metadata)\n } catch (error) {\n // Check against a list of substrings that should trigger an automatic recovery\n if (error?.message) {\n const matchesRecovery = RECOVERY_ERROR_SUBSTRINGS.some((substring) =>\n error.message.toLowerCase().includes(substring.toLowerCase()),\n )\n if (matchesRecovery) {\n try {\n await this.restoreSandboxOnNewRunner(sandbox, lockCode, organization, sandbox.runnerId, true)\n this.logger.warn(`Sandbox ${sandbox.id} transferred to a new runner`)\n return SYNC_AGAIN\n } catch (restoreError) {\n this.logger.warn(`Sandbox ${sandbox.id} recovery attempt failed:`, restoreError.message)\n }\n }\n }\n throw error\n }\n\n await this.updateSandboxState(sandbox, SandboxState.STARTING, lockCode)\n return SYNC_AGAIN\n }\n\n return SYNC_AGAIN\n }\n\n // used to check if sandbox is started on runner and update sandbox state accordingly\n // also used to handle the case where a sandbox is started on a runner and then transferred to a new runner\n private async handleRunnerSandboxStartedStateCheck(sandbox: Sandbox, lockCode: LockCode): Promise {\n // edge case when sandbox is being transferred to a new runner\n if (!sandbox.runnerId) {\n return SYNC_AGAIN\n }\n\n const runner = await this.runnerService.findOneOrFail(sandbox.runnerId)\n\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n const sandboxInfo = await runnerAdapter.sandboxInfo(sandbox.id)\n\n switch (sandboxInfo.state) {\n case SandboxState.STARTED: {\n // if previous backup state is error or completed, set backup state to none\n if ([BackupState.ERROR, BackupState.COMPLETED].includes(sandbox.backupState)) {\n await this.updateSandboxState(\n sandbox,\n SandboxState.STARTED,\n lockCode,\n undefined,\n undefined,\n sandboxInfo.daemonVersion,\n BackupState.NONE,\n )\n return DONT_SYNC_AGAIN\n } else {\n await this.updateSandboxState(\n sandbox,\n SandboxState.STARTED,\n lockCode,\n undefined,\n undefined,\n sandboxInfo.daemonVersion,\n )\n\n // if sandbox was transferred to a new runner, remove it from the old runner\n if (sandbox.prevRunnerId) {\n await this.removeSandboxFromPreviousRunner(sandbox)\n }\n\n return DONT_SYNC_AGAIN\n }\n }\n case SandboxState.STARTING:\n if (await this.checkTimeoutError(sandbox, 5, 'Timeout while starting sandbox')) {\n return DONT_SYNC_AGAIN\n }\n break\n case SandboxState.RESTORING:\n if (await this.checkTimeoutError(sandbox, 30, 'Timeout while starting sandbox')) {\n return DONT_SYNC_AGAIN\n }\n break\n case SandboxState.CREATING: {\n if (await this.checkTimeoutError(sandbox, 15, 'Timeout while creating sandbox')) {\n return DONT_SYNC_AGAIN\n }\n break\n }\n case SandboxState.UNKNOWN: {\n await this.updateSandboxState(sandbox, SandboxState.UNKNOWN, lockCode)\n break\n }\n case SandboxState.ERROR: {\n await this.updateSandboxState(\n sandbox,\n SandboxState.ERROR,\n lockCode,\n undefined,\n 'Sandbox entered error state on runner during startup wait loop',\n )\n break\n }\n case SandboxState.PULLING_SNAPSHOT: {\n if (await this.checkTimeoutError(sandbox, 30, 'Timeout while pulling snapshot')) {\n return DONT_SYNC_AGAIN\n }\n await this.updateSandboxState(sandbox, SandboxState.PULLING_SNAPSHOT, lockCode)\n break\n }\n case SandboxState.DESTROYED: {\n this.logger.warn(\n `Sandbox ${sandbox.id} is in destroyed state while starting on runner ${sandbox.runnerId}, prev runner ${sandbox.prevRunnerId}`,\n )\n await this.checkTimeoutError(\n sandbox,\n 15,\n 'Timeout while starting sandbox: Sandbox is in unknown state on runner',\n )\n return DONT_SYNC_AGAIN\n }\n // also any other state that is not STARTED\n default: {\n this.logger.error(`Sandbox ${sandbox.id} is in unexpected state ${sandboxInfo.state}`)\n await this.updateSandboxState(\n sandbox,\n SandboxState.ERROR,\n lockCode,\n undefined,\n `Sandbox is in unexpected state: ${sandboxInfo.state}`,\n )\n break\n }\n }\n\n return SYNC_AGAIN\n }\n\n private async checkTimeoutError(sandbox: Sandbox, timeoutMinutes: number, errorReason: string): Promise {\n if (\n sandbox.lastActivityAt &&\n new Date(sandbox.lastActivityAt).getTime() < Date.now() - 1000 * 60 * timeoutMinutes\n ) {\n const updateData: Partial = {\n state: SandboxState.ERROR,\n errorReason,\n recoverable: false,\n }\n await this.sandboxRepository.update(sandbox.id, { updateData, entity: sandbox })\n return true\n }\n return false\n }\n\n private async restoreSandboxOnNewRunner(\n sandbox: Sandbox,\n lockCode: LockCode,\n organization: Organization,\n excludedRunnerId: string,\n isRecovery?: boolean,\n ): Promise {\n let lockKey: string | null = null\n\n // Recovery lock to prevent frequent automatic restore attempts\n if (isRecovery) {\n lockKey = `sandbox-${sandbox.id}-restored-cooldown`\n const sixHoursInSeconds = 6 * 60 * 60\n const acquired = await this.redisLockProvider.lock(lockKey, sixHoursInSeconds)\n if (!acquired) {\n return null\n }\n }\n\n if (!sandbox.backupRegistryId) {\n throw new Error('No registry found for backup')\n }\n\n const registry = await this.dockerRegistryService.findOne(sandbox.backupRegistryId)\n if (!registry) {\n throw new Error('No registry found for backup')\n }\n\n // make sure we pick a runner that has the base snapshot\n let baseSnapshot: Snapshot | null = null\n if (sandbox.snapshot) {\n try {\n baseSnapshot = await this.snapshotService.getSnapshotByName(sandbox.snapshot, sandbox.organizationId)\n } catch (e) {\n if (e instanceof NotFoundException) {\n // if the base snapshot is not found, we'll use any available runner later\n } else {\n if (isRecovery) {\n return SYNC_AGAIN\n }\n // for all other errors, throw them\n throw e\n }\n }\n }\n\n const snapshotRef = baseSnapshot ? baseSnapshot.ref : null\n\n let availableRunners: Runner[] = []\n\n const excludedRunnerIds: string[] = excludedRunnerId ? [excludedRunnerId] : []\n\n const runnersWithBaseSnapshot: Runner[] = snapshotRef\n ? await this.runnerService.findAvailableRunners({\n regions: [sandbox.region],\n sandboxClass: sandbox.class,\n snapshotRef,\n excludedRunnerIds,\n })\n : []\n if (runnersWithBaseSnapshot.length > 0) {\n availableRunners = runnersWithBaseSnapshot\n } else {\n // if no runner has the base snapshot, get all available runners\n availableRunners = await this.runnerService.findAvailableRunners({\n regions: [sandbox.region],\n excludedRunnerIds,\n })\n }\n\n // check if we have any available runners after filtering\n if (availableRunners.length === 0) {\n // Sync state again later. Runners are unavailable\n if (isRecovery) {\n await this.redisLockProvider.unlock(lockKey)\n }\n return DONT_SYNC_AGAIN\n }\n\n // get random runner from available runners\n const randomRunnerIndex = (min: number, max: number) => Math.floor(Math.random() * (max - min + 1) + min)\n const runner = availableRunners[randomRunnerIndex(0, availableRunners.length - 1)]\n\n // verify the runner is still available and ready\n if (!runner || runner.state !== RunnerState.READY || runner.unschedulable) {\n this.logger.warn(`Selected runner ${runner?.id || 'null'} is no longer available, retrying sandbox assignment`)\n if (isRecovery) {\n await this.redisLockProvider.unlock(lockKey)\n }\n return SYNC_AGAIN\n }\n\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n const existingBackups = sandbox.existingBackupSnapshots\n .sort((a, b) => new Date(b.createdAt).getTime() - new Date(a.createdAt).getTime())\n .map((existingSnapshot) => existingSnapshot.snapshotName)\n\n let validBackup: string | null = null\n let exists = false\n\n for (const existingBackup of existingBackups) {\n try {\n if (!validBackup && sandbox.backupSnapshot) {\n // last snapshot is the current snapshot, so we don't need to check it\n // just in case, we'll use the value from the backupSnapshot property\n validBackup = sandbox.backupSnapshot\n } else {\n validBackup = existingBackup\n }\n\n if (!validBackup) {\n continue\n }\n\n await runnerAdapter.inspectSnapshotInRegistry(validBackup, registry)\n exists = true\n break\n } catch (error) {\n this.logger.error(`Failed to check if backup snapshot ${validBackup} exists in registry ${registry.id}:`, error)\n }\n }\n\n const restoreBackupSnapshotRetryKey = `restore-backup-snapshot-retry-${sandbox.id}`\n if (!exists) {\n if (!isRecovery) {\n // Check retry count - allow up to 3 attempts for transient issues\n const retryCountRaw = await this.redis.get(restoreBackupSnapshotRetryKey)\n const retryCount = retryCountRaw ? parseInt(retryCountRaw) : 0\n\n if (retryCount < 3) {\n // Increment retry count with 10 minute TTL, let syncStates cron pick up the retry later\n await this.redis.setex(restoreBackupSnapshotRetryKey, 600, String(retryCount + 1))\n this.logger.warn(\n `No valid backup snapshot found for sandbox ${sandbox.id}, retry attempt ${retryCount + 1}/3`,\n )\n return DONT_SYNC_AGAIN\n }\n\n // After 3 retries, error out and clear the retry counter\n await this.redis.del(restoreBackupSnapshotRetryKey)\n await this.updateSandboxState(\n sandbox,\n SandboxState.ERROR,\n lockCode,\n undefined,\n 'No valid backup snapshot found',\n )\n } else {\n throw new Error('No valid backup snapshot found')\n }\n return SYNC_AGAIN\n }\n\n // Clear the retry counter on success\n await this.redis.del(restoreBackupSnapshotRetryKey)\n\n await this.updateSandboxState(sandbox, SandboxState.RESTORING, lockCode, runner.id)\n\n sandbox.snapshot = validBackup\n\n const metadata = {\n ...organization?.sandboxMetadata,\n sandboxName: sandbox.name,\n }\n\n await runnerAdapter.createSandbox(\n sandbox,\n registry,\n undefined,\n metadata,\n this.configService.get('sandboxOtel.endpointUrl'),\n )\n return null\n }\n\n private async removeSandboxFromPreviousRunner(sandbox: Sandbox): Promise {\n const runner = await this.runnerService.findOne(sandbox.prevRunnerId)\n if (!runner) {\n this.logger.warn(`Previously assigned runner ${sandbox.prevRunnerId} for sandbox ${sandbox.id} not found`)\n\n await this.sandboxRepository.update(sandbox.id, { updateData: { prevRunnerId: null } }, true)\n return\n }\n\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n try {\n // First try to destroy the sandbox\n await runnerAdapter.destroySandbox(sandbox.id)\n } catch (error) {\n if (error.response?.status !== 404 && error.statusCode !== 404) {\n this.logger.error(`Failed to cleanup sandbox ${sandbox.id} on previous runner ${runner.id}:`, error)\n throw error\n }\n }\n\n await this.sandboxRepository.update(sandbox.id, { updateData: { prevRunnerId: null } }, true)\n }\n}\n" }, { "path": "apps/api/src/sandbox/managers/sandbox-actions/sandbox-stop.action.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { Sandbox } from '../../entities/sandbox.entity'\nimport { SandboxState } from '../../enums/sandbox-state.enum'\nimport { DONT_SYNC_AGAIN, SandboxAction, SyncState, SYNC_AGAIN } from './sandbox.action'\nimport { BackupState } from '../../enums/backup-state.enum'\nimport { RunnerState } from '../../enums/runner-state.enum'\nimport { RunnerService } from '../../services/runner.service'\nimport { RunnerAdapterFactory } from '../../runner-adapter/runnerAdapter'\nimport { SandboxRepository } from '../../repositories/sandbox.repository'\nimport { LockCode, RedisLockProvider } from '../../common/redis-lock.provider'\nimport { WithSpan } from '../../../common/decorators/otel.decorator'\n\n@Injectable()\nexport class SandboxStopAction extends SandboxAction {\n constructor(\n protected runnerService: RunnerService,\n protected runnerAdapterFactory: RunnerAdapterFactory,\n protected sandboxRepository: SandboxRepository,\n protected redisLockProvider: RedisLockProvider,\n ) {\n super(runnerService, runnerAdapterFactory, sandboxRepository, redisLockProvider)\n }\n\n @WithSpan()\n async run(sandbox: Sandbox, lockCode: LockCode): Promise {\n const runner = await this.runnerService.findOneOrFail(sandbox.runnerId)\n if (runner.state !== RunnerState.READY) {\n return DONT_SYNC_AGAIN\n }\n\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n if (sandbox.state === SandboxState.STARTED) {\n // stop sandbox\n await runnerAdapter.stopSandbox(sandbox.id)\n await this.updateSandboxState(sandbox, SandboxState.STOPPING, lockCode)\n\n // sync states again immediately for sandbox\n return SYNC_AGAIN\n }\n\n if (sandbox.state !== SandboxState.STOPPING && sandbox.state !== SandboxState.ERROR) {\n return DONT_SYNC_AGAIN\n }\n\n const sandboxInfo = await runnerAdapter.sandboxInfo(sandbox.id)\n\n if (sandboxInfo.state === SandboxState.STOPPED) {\n await this.updateSandboxState(\n sandbox,\n SandboxState.STOPPED,\n lockCode,\n undefined,\n undefined,\n undefined,\n BackupState.NONE,\n )\n return DONT_SYNC_AGAIN\n } else if (sandboxInfo.state === SandboxState.ERROR) {\n await this.updateSandboxState(\n sandbox,\n SandboxState.ERROR,\n lockCode,\n undefined,\n 'Sandbox is in error state on runner',\n )\n return DONT_SYNC_AGAIN\n }\n\n return SYNC_AGAIN\n }\n}\n" }, { "path": "apps/api/src/sandbox/managers/sandbox-actions/sandbox.action.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger } from '@nestjs/common'\nimport { RunnerService } from '../../services/runner.service'\nimport { RunnerAdapterFactory } from '../../runner-adapter/runnerAdapter'\nimport { Sandbox } from '../../entities/sandbox.entity'\nimport { SandboxRepository } from '../../repositories/sandbox.repository'\nimport { SandboxState } from '../../enums/sandbox-state.enum'\nimport { BackupState } from '../../enums/backup-state.enum'\nimport { getStateChangeLockKey } from '../../utils/lock-key.util'\nimport { LockCode, RedisLockProvider } from '../../common/redis-lock.provider'\n\nexport const SYNC_AGAIN = 'sync-again'\nexport const DONT_SYNC_AGAIN = 'dont-sync-again'\nexport type SyncState = typeof SYNC_AGAIN | typeof DONT_SYNC_AGAIN\n\n@Injectable()\nexport abstract class SandboxAction {\n protected readonly logger = new Logger(SandboxAction.name)\n\n constructor(\n protected readonly runnerService: RunnerService,\n protected runnerAdapterFactory: RunnerAdapterFactory,\n protected readonly sandboxRepository: SandboxRepository,\n protected readonly redisLockProvider: RedisLockProvider,\n ) {}\n\n abstract run(sandbox: Sandbox, lockCode: LockCode): Promise\n\n protected async updateSandboxState(\n sandbox: Sandbox,\n state: SandboxState,\n expectedLockCode: LockCode,\n runnerId?: string | null | undefined,\n errorReason?: string,\n daemonVersion?: string,\n backupState?: BackupState,\n recoverable?: boolean,\n ) {\n // check if the lock code is still valid\n const lockKey = getStateChangeLockKey(sandbox.id)\n const currentLockCode = await this.redisLockProvider.getCode(lockKey)\n\n if (currentLockCode === null) {\n this.logger.warn(\n `no lock code found - state update action expired - skipping - sandboxId: ${sandbox.id} - state: ${state}`,\n )\n return\n }\n\n if (expectedLockCode.getCode() !== currentLockCode.getCode()) {\n this.logger.warn(\n `lock code mismatch - state update action expired - skipping - sandboxId: ${sandbox.id} - state: ${state}`,\n )\n return\n }\n\n if (state !== SandboxState.ARCHIVED && !sandbox.pending) {\n const err = new Error(`sandbox ${sandbox.id} is not in a pending state`)\n this.logger.error(err)\n return\n }\n\n const updateData: Partial = {\n state,\n }\n\n if (runnerId !== undefined) {\n updateData.runnerId = runnerId\n }\n\n if (errorReason !== undefined) {\n updateData.errorReason = errorReason\n if (state === SandboxState.ERROR) {\n updateData.recoverable = recoverable ?? false\n }\n }\n\n if (sandbox.state === SandboxState.ERROR && !sandbox.errorReason) {\n updateData.errorReason = 'Sandbox is in error state during update'\n updateData.recoverable = false\n }\n\n if (daemonVersion !== undefined) {\n updateData.daemonVersion = daemonVersion\n }\n\n if (state == SandboxState.DESTROYED) {\n updateData.backupState = BackupState.NONE\n }\n\n if (backupState !== undefined) {\n Object.assign(updateData, Sandbox.getBackupStateUpdate(sandbox, backupState))\n }\n\n if (recoverable !== undefined) {\n updateData.recoverable = recoverable\n }\n\n await this.sandboxRepository.update(sandbox.id, { updateData, entity: sandbox })\n }\n}\n" }, { "path": "apps/api/src/sandbox/managers/sandbox.manager.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger, OnApplicationShutdown } from '@nestjs/common'\nimport { Cron, CronExpression } from '@nestjs/schedule'\nimport { In, IsNull, MoreThanOrEqual, Not, Raw } from 'typeorm'\nimport { randomUUID } from 'crypto'\n\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { SandboxDesiredState } from '../enums/sandbox-desired-state.enum'\nimport { RunnerService } from '../services/runner.service'\n\nimport { RedisLockProvider, LockCode } from '../common/redis-lock.provider'\n\nimport { SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION } from '../constants/sandbox.constants'\n\nimport { SandboxEvents } from '../constants/sandbox-events.constants'\nimport { SandboxStoppedEvent } from '../events/sandbox-stopped.event'\nimport { SandboxStartedEvent } from '../events/sandbox-started.event'\nimport { SandboxArchivedEvent } from '../events/sandbox-archived.event'\nimport { SandboxDestroyedEvent } from '../events/sandbox-destroyed.event'\nimport { SandboxCreatedEvent } from '../events/sandbox-create.event'\n\nimport { WithInstrumentation, WithSpan } from '../../common/decorators/otel.decorator'\n\nimport { SandboxStartAction } from './sandbox-actions/sandbox-start.action'\nimport { SandboxStopAction } from './sandbox-actions/sandbox-stop.action'\nimport { SandboxDestroyAction } from './sandbox-actions/sandbox-destroy.action'\nimport { SandboxArchiveAction } from './sandbox-actions/sandbox-archive.action'\nimport { SYNC_AGAIN, DONT_SYNC_AGAIN } from './sandbox-actions/sandbox.action'\n\nimport { TrackJobExecution } from '../../common/decorators/track-job-execution.decorator'\nimport { TrackableJobExecutions } from '../../common/interfaces/trackable-job-executions'\nimport { setTimeout } from 'timers/promises'\nimport { LogExecution } from '../../common/decorators/log-execution.decorator'\nimport { SandboxRepository } from '../repositories/sandbox.repository'\nimport { getStateChangeLockKey } from '../utils/lock-key.util'\nimport { BackupState } from '../enums/backup-state.enum'\nimport { OnAsyncEvent } from '../../common/decorators/on-async-event.decorator'\nimport { sanitizeSandboxError } from '../utils/sanitize-error.util'\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { RunnerAdapterFactory } from '../runner-adapter/runnerAdapter'\nimport { DockerRegistryService } from '../../docker-registry/services/docker-registry.service'\nimport { OrganizationService } from '../../organization/services/organization.service'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { BackupManager } from './backup.manager'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport Redis from 'ioredis'\n\n@Injectable()\nexport class SandboxManager implements TrackableJobExecutions, OnApplicationShutdown {\n activeJobs = new Set()\n\n private readonly logger = new Logger(SandboxManager.name)\n\n constructor(\n private readonly sandboxRepository: SandboxRepository,\n private readonly runnerService: RunnerService,\n private readonly redisLockProvider: RedisLockProvider,\n private readonly sandboxStartAction: SandboxStartAction,\n private readonly sandboxStopAction: SandboxStopAction,\n private readonly sandboxDestroyAction: SandboxDestroyAction,\n private readonly sandboxArchiveAction: SandboxArchiveAction,\n private readonly configService: TypedConfigService,\n private readonly dockerRegistryService: DockerRegistryService,\n private readonly organizationService: OrganizationService,\n private readonly runnerAdapterFactory: RunnerAdapterFactory,\n private readonly backupManager: BackupManager,\n @InjectRedis() private readonly redis: Redis,\n ) {}\n\n async onApplicationShutdown() {\n // wait for all active jobs to finish\n while (this.activeJobs.size > 0) {\n this.logger.log(`Waiting for ${this.activeJobs.size} active jobs to finish`)\n await setTimeout(1000)\n }\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'auto-stop-check' })\n @TrackJobExecution()\n @WithInstrumentation()\n @LogExecution('auto-stop-check')\n @WithInstrumentation()\n async autostopCheck(): Promise {\n const lockKey = 'auto-stop-check-worker-selected'\n // lock the sync to only run one instance at a time\n if (!(await this.redisLockProvider.lock(lockKey, 60))) {\n return\n }\n\n try {\n const readyRunners = await this.runnerService.findAllReady()\n\n // Process all runners in parallel\n await Promise.all(\n readyRunners.map(async (runner) => {\n const sandboxes = await this.sandboxRepository.find({\n where: {\n runnerId: runner.id,\n organizationId: Not(SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION),\n state: SandboxState.STARTED,\n desiredState: SandboxDesiredState.STARTED,\n pending: Not(true),\n autoStopInterval: Not(0),\n lastActivityAt: Raw((alias) => `${alias} < NOW() - INTERVAL '1 minute' * \"autoStopInterval\"`),\n },\n order: {\n lastBackupAt: 'ASC',\n },\n take: 100,\n })\n\n await Promise.all(\n sandboxes.map(async (sandbox) => {\n const lockKey = getStateChangeLockKey(sandbox.id)\n const acquired = await this.redisLockProvider.lock(lockKey, 30)\n if (!acquired) {\n return\n }\n\n let updateData: Partial = {}\n\n // if auto-delete interval is 0, delete the sandbox immediately\n if (sandbox.autoDeleteInterval === 0) {\n updateData = Sandbox.getSoftDeleteUpdate(sandbox)\n } else {\n updateData.pending = true\n updateData.desiredState = SandboxDesiredState.STOPPED\n }\n\n try {\n await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { pending: false, state: sandbox.state },\n })\n\n this.syncInstanceState(sandbox.id).catch(this.logger.error)\n } catch (error) {\n this.logger.error(`Error processing auto-stop state for sandbox ${sandbox.id}:`, error)\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }),\n )\n }),\n )\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'auto-archive-check' })\n @TrackJobExecution()\n @LogExecution('auto-archive-check')\n @WithInstrumentation()\n async autoArchiveCheck(): Promise {\n const lockKey = 'auto-archive-check-worker-selected'\n // lock the sync to only run one instance at a time\n if (!(await this.redisLockProvider.lock(lockKey, 60))) {\n return\n }\n\n try {\n const sandboxes = await this.sandboxRepository.find({\n where: {\n organizationId: Not(SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION),\n state: SandboxState.STOPPED,\n desiredState: SandboxDesiredState.STOPPED,\n pending: Not(true),\n lastActivityAt: Raw((alias) => `${alias} < NOW() - INTERVAL '1 minute' * \"autoArchiveInterval\"`),\n },\n order: {\n lastBackupAt: 'ASC',\n },\n take: 100,\n })\n\n await Promise.all(\n sandboxes.map(async (sandbox) => {\n const lockKey = getStateChangeLockKey(sandbox.id)\n const acquired = await this.redisLockProvider.lock(lockKey, 30)\n if (!acquired) {\n return\n }\n\n try {\n const updateData: Partial = {\n desiredState: SandboxDesiredState.ARCHIVED,\n }\n await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { pending: false, state: sandbox.state },\n })\n\n this.syncInstanceState(sandbox.id).catch(this.logger.error)\n } catch (error) {\n this.logger.error(`Error processing auto-archive state for sandbox ${sandbox.id}:`, error)\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }),\n )\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'auto-delete-check' })\n @TrackJobExecution()\n @LogExecution('auto-delete-check')\n @WithInstrumentation()\n async autoDeleteCheck(): Promise {\n const lockKey = 'auto-delete-check-worker-selected'\n // lock the sync to only run one instance at a time\n if (!(await this.redisLockProvider.lock(lockKey, 60))) {\n return\n }\n\n try {\n const readyRunners = await this.runnerService.findAllReady()\n\n // Process all runners in parallel\n await Promise.all(\n readyRunners.map(async (runner) => {\n const sandboxes = await this.sandboxRepository.find({\n where: {\n runnerId: runner.id,\n organizationId: Not(SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION),\n state: SandboxState.STOPPED,\n desiredState: SandboxDesiredState.STOPPED,\n pending: Not(true),\n autoDeleteInterval: MoreThanOrEqual(0),\n lastActivityAt: Raw((alias) => `${alias} < NOW() - INTERVAL '1 minute' * \"autoDeleteInterval\"`),\n },\n order: {\n lastActivityAt: 'ASC',\n },\n take: 100,\n })\n\n await Promise.all(\n sandboxes.map(async (sandbox) => {\n const lockKey = getStateChangeLockKey(sandbox.id)\n const acquired = await this.redisLockProvider.lock(lockKey, 30)\n if (!acquired) {\n return\n }\n\n try {\n const updateData = Sandbox.getSoftDeleteUpdate(sandbox)\n await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { pending: false, state: sandbox.state },\n })\n\n this.syncInstanceState(sandbox.id).catch(this.logger.error)\n } catch (error) {\n this.logger.error(`Error processing auto-delete state for sandbox ${sandbox.id}:`, error)\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }),\n )\n }),\n )\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'draining-runner-sandboxes-check' })\n @TrackJobExecution()\n @LogExecution('draining-runner-sandboxes-check')\n @WithInstrumentation()\n async drainingRunnerSandboxesCheck(): Promise {\n const lockKey = 'draining-runner-sandboxes-check'\n const lockTtl = 10 * 60 // seconds (10 min)\n if (!(await this.redisLockProvider.lock(lockKey, lockTtl))) {\n return\n }\n\n try {\n const skip = (await this.redis.get('draining-runner-sandboxes-skip')) || 0\n\n const drainingRunners = await this.runnerService.findDrainingPaginated(Number(skip), 10)\n\n this.logger.debug(`Checking ${drainingRunners.length} draining runners for sandbox migration (offset: ${skip})`)\n\n if (drainingRunners.length === 0) {\n await this.redis.set('draining-runner-sandboxes-skip', 0)\n return\n }\n\n await this.redis.set('draining-runner-sandboxes-skip', Number(skip) + drainingRunners.length)\n\n await Promise.allSettled(\n drainingRunners.map(async (runner) => {\n try {\n const sandboxes = await this.sandboxRepository.find({\n where: {\n runnerId: runner.id,\n state: SandboxState.STOPPED,\n desiredState: SandboxDesiredState.STOPPED,\n backupState: BackupState.COMPLETED,\n backupSnapshot: Not(IsNull()),\n },\n take: 100,\n })\n\n this.logger.debug(\n `Found ${sandboxes.length} eligible sandboxes on draining runner ${runner.id} for migration`,\n )\n\n await Promise.allSettled(\n sandboxes.map(async (sandbox) => {\n const sandboxLockKey = getStateChangeLockKey(sandbox.id)\n const hasSandboxLock = await this.redisLockProvider.lock(sandboxLockKey, 60)\n if (!hasSandboxLock) {\n return\n }\n\n try {\n const startScoreThreshold = this.configService.get('runnerScore.thresholds.start') || 0\n const targetRunner = await this.runnerService.getRandomAvailableRunner({\n snapshotRef: sandbox.backupSnapshot,\n excludedRunnerIds: [runner.id],\n availabilityScoreThreshold: startScoreThreshold,\n })\n\n await this.reassignSandbox(sandbox, runner.id, targetRunner.id)\n } catch (e) {\n this.logger.error(`Error migrating sandbox ${sandbox.id} from draining runner ${runner.id}`, e)\n } finally {\n await this.redisLockProvider.unlock(sandboxLockKey)\n }\n }),\n )\n\n // Archive ERROR sandboxes that have completed backups on this draining runner\n await this.archiveErroredSandboxesOnDrainingRunner(runner.id)\n\n // Recover recoverable ERROR sandboxes in-place (expand disk) so they become STOPPED\n await this.recoverRecoverableSandboxesOnDrainingRunner(runner.id)\n\n // Retry backups for non-started sandboxes with errored backup state\n await this.retryErroredBackupsOnDrainingRunner(runner.id)\n } catch (e) {\n this.logger.error(`Error processing draining runner ${runner.id} for sandbox migration`, e)\n }\n }),\n )\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n private async archiveErroredSandboxesOnDrainingRunner(runnerId: string): Promise {\n const erroredSandboxes = await this.sandboxRepository.find({\n where: {\n runnerId,\n state: SandboxState.ERROR,\n recoverable: false,\n desiredState: Not(In([SandboxDesiredState.DESTROYED, SandboxDesiredState.ARCHIVED])),\n backupState: BackupState.COMPLETED,\n backupSnapshot: Not(IsNull()),\n },\n take: 100,\n })\n\n if (erroredSandboxes.length === 0) {\n return\n }\n\n this.logger.debug(\n `Found ${erroredSandboxes.length} errored sandboxes with completed backups on draining runner ${runnerId}`,\n )\n\n await Promise.allSettled(\n erroredSandboxes.map(async (sandbox) => {\n const sandboxLockKey = getStateChangeLockKey(sandbox.id)\n const acquired = await this.redisLockProvider.lock(sandboxLockKey, 30)\n if (!acquired) {\n return\n }\n\n try {\n this.logger.warn(\n `Setting desired state to ARCHIVED for errored sandbox ${sandbox.id} on draining runner ${runnerId} (previous desired state: ${sandbox.desiredState})`,\n )\n const updateData: Partial = {\n desiredState: SandboxDesiredState.ARCHIVED,\n }\n await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { state: SandboxState.ERROR },\n })\n } catch (e) {\n this.logger.error(\n `Failed to set desired state to ARCHIVED for errored sandbox ${sandbox.id} on draining runner ${runnerId}`,\n e,\n )\n } finally {\n await this.redisLockProvider.unlock(sandboxLockKey)\n }\n }),\n )\n }\n\n private static readonly DRAINING_BACKUP_RETRY_TTL_SECONDS = 12 * 60 * 60 // 12 hours\n private static readonly DRAINING_RECOVER_TTL_SECONDS = 12 * 60 * 60 // 12 hours\n\n private async retryErroredBackupsOnDrainingRunner(runnerId: string): Promise {\n const erroredSandboxes = await this.sandboxRepository.find({\n where: [\n {\n runnerId,\n state: SandboxState.STOPPED,\n recoverable: false,\n desiredState: SandboxDesiredState.STOPPED,\n backupState: BackupState.ERROR,\n },\n {\n runnerId,\n state: SandboxState.ERROR,\n recoverable: false,\n backupState: In([BackupState.ERROR, BackupState.NONE]),\n desiredState: Not(SandboxDesiredState.DESTROYED),\n },\n ],\n take: 100,\n })\n\n if (erroredSandboxes.length === 0) {\n return\n }\n\n this.logger.debug(`Found ${erroredSandboxes.length} sandboxes with errored backups on draining runner ${runnerId}`)\n\n await Promise.allSettled(\n erroredSandboxes.map(async (sandbox) => {\n const redisKey = `draining:backup-retry:${sandbox.id}`\n\n // Check if we've already retried within the last 12 hours\n const alreadyRetried = await this.redis.exists(redisKey)\n if (alreadyRetried) {\n this.logger.debug(\n `Skipping backup retry for sandbox ${sandbox.id} on draining runner ${runnerId} — already retried within 12 hours`,\n )\n return\n }\n\n try {\n await this.backupManager.setBackupPending(sandbox)\n await this.redis.set(redisKey, '1', 'EX', SandboxManager.DRAINING_BACKUP_RETRY_TTL_SECONDS)\n this.logger.log(`Retried backup for sandbox ${sandbox.id} on draining runner ${runnerId}`)\n } catch (e) {\n this.logger.error(`Failed to retry backup for sandbox ${sandbox.id} on draining runner ${runnerId}`, e)\n }\n }),\n )\n }\n\n private async recoverRecoverableSandboxesOnDrainingRunner(runnerId: string): Promise {\n const recoverableSandboxes = await this.sandboxRepository.find({\n where: {\n runnerId,\n recoverable: true,\n desiredState: Not(In([SandboxDesiredState.DESTROYED])),\n backupSnapshot: Not(IsNull()),\n },\n take: 100,\n })\n\n if (recoverableSandboxes.length === 0) {\n return\n }\n\n this.logger.debug(`Found ${recoverableSandboxes.length} recoverable sandboxes on draining runner ${runnerId}`)\n\n const runner = await this.runnerService.findOneOrFail(runnerId)\n\n if (runner.apiVersion === '2') {\n this.logger.debug(\n `Skipping recovery for sandboxes on draining runner ${runnerId} — not supported for runner API v2`,\n )\n return\n }\n\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n await Promise.allSettled(\n recoverableSandboxes.map(async (sandbox) => {\n const redisKey = `draining:recover:${sandbox.id}`\n\n // Check if we've already attempted recovery within the last 12 hours\n const alreadyAttempted = await this.redis.exists(redisKey)\n if (alreadyAttempted) {\n this.logger.debug(\n `Skipping recovery for sandbox ${sandbox.id} on draining runner ${runnerId} — already attempted within 12 hours`,\n )\n return\n }\n\n const sandboxLockKey = getStateChangeLockKey(sandbox.id)\n const acquired = await this.redisLockProvider.lock(sandboxLockKey, 60)\n if (!acquired) {\n return\n }\n\n try {\n await runnerAdapter.recoverSandbox(sandbox)\n\n const updateData: Partial = {\n state: SandboxState.STOPPED,\n desiredState: SandboxDesiredState.STOPPED,\n errorReason: null,\n recoverable: false,\n backupState: BackupState.NONE,\n }\n\n await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { pending: false, state: sandbox.state },\n })\n\n this.logger.log(`Recovered sandbox ${sandbox.id} on draining runner ${runnerId}`)\n } catch (e) {\n await this.redis.set(redisKey, '1', 'EX', SandboxManager.DRAINING_RECOVER_TTL_SECONDS)\n this.logger.error(`Failed to recover sandbox ${sandbox.id} on draining runner ${runnerId}`, e)\n } finally {\n await this.redisLockProvider.unlock(sandboxLockKey)\n }\n }),\n )\n }\n\n private async reassignSandbox(sandbox: Sandbox, oldRunnerId: string, newRunnerId: string): Promise {\n this.logger.debug(\n `Starting sandbox reassignment for ${sandbox.id} from runner ${oldRunnerId} to runner ${newRunnerId}`,\n )\n\n // Safety check: ensure sandbox is not pending\n if (sandbox.pending) {\n this.logger.warn(\n `Sandbox ${sandbox.id} is pending, skipping reassignment from runner ${oldRunnerId} to runner ${newRunnerId}`,\n )\n return\n }\n\n if (!sandbox.backupRegistryId) {\n throw new Error(`Sandbox ${sandbox.id} has no backup registry`)\n }\n\n const registry = await this.dockerRegistryService.findOne(sandbox.backupRegistryId)\n if (!registry) {\n throw new Error(`Registry ${sandbox.backupRegistryId} not found for sandbox ${sandbox.id}`)\n }\n\n const organization = await this.organizationService.findOne(sandbox.organizationId)\n\n const metadata = {\n ...organization?.sandboxMetadata,\n sandboxName: sandbox.name,\n }\n\n const newRunner = await this.runnerService.findOneOrFail(newRunnerId)\n const newRunnerAdapter = await this.runnerAdapterFactory.create(newRunner)\n\n const originalSnapshot = sandbox.snapshot\n sandbox.snapshot = sandbox.backupSnapshot\n\n try {\n // Pass undefined for entrypoint as the backup snapshot already has it baked in and use skipStart\n await newRunnerAdapter.createSandbox(sandbox, registry, undefined, metadata, undefined, true)\n this.logger.debug(`Created sandbox ${sandbox.id} on new runner ${newRunnerId} with skipStart`)\n } catch (e) {\n // Restore original snapshot on failure\n sandbox.snapshot = originalSnapshot\n this.logger.error(`Failed to create sandbox ${sandbox.id} on new runner ${newRunnerId}`, e)\n throw e\n }\n\n // Re-fetch sandbox from DB to get fresh state (the in-memory entity may be stale)\n const freshSandbox = await this.sandboxRepository.findOne({ where: { id: sandbox.id } })\n if (!freshSandbox || freshSandbox.pending) {\n this.logger.warn(\n `Sandbox ${sandbox.id} is pending or missing, aborting reassignment from runner ${oldRunnerId} to runner ${newRunnerId}`,\n )\n\n // Roll back: remove the sandbox from the new runner since we won't complete the migration\n try {\n await newRunnerAdapter.destroySandbox(sandbox.id)\n this.logger.debug(`Rolled back sandbox ${sandbox.id} creation on new runner ${newRunnerId}`)\n } catch (rollbackErr) {\n this.logger.error(\n `Failed to roll back sandbox ${sandbox.id} on new runner ${newRunnerId} after pending check`,\n rollbackErr,\n )\n }\n return\n }\n\n // Update the sandbox to use the new runner; roll back on failure\n try {\n const updateData: Partial = {\n prevRunnerId: sandbox.runnerId,\n runnerId: newRunnerId,\n }\n await this.sandboxRepository.update(\n sandbox.id,\n {\n updateData,\n },\n true,\n )\n } catch (e) {\n this.logger.error(`Failed to update sandbox ${sandbox.id} runnerId to ${newRunnerId}, rolling back`, e)\n\n // Roll back: remove the sandbox from the new runner\n try {\n await newRunnerAdapter.destroySandbox(sandbox.id)\n this.logger.debug(`Rolled back sandbox ${sandbox.id} creation on new runner ${newRunnerId}`)\n } catch (rollbackErr) {\n this.logger.error(\n `Failed to roll back sandbox ${sandbox.id} on new runner ${newRunnerId} after DB update failure`,\n rollbackErr,\n )\n }\n throw e\n }\n\n this.logger.log(`Migrated sandbox ${sandbox.id} from draining runner ${oldRunnerId} to runner ${newRunnerId}`)\n\n // Best effort deletion of the sandbox on the old runner\n try {\n const oldRunner = await this.runnerService.findOne(oldRunnerId)\n if (oldRunner) {\n const oldRunnerAdapter = await this.runnerAdapterFactory.create(oldRunner)\n await oldRunnerAdapter.destroySandbox(sandbox.id)\n this.logger.debug(`Deleted sandbox ${sandbox.id} from old runner ${oldRunnerId}`)\n }\n } catch (e) {\n this.logger.warn(`Best effort deletion failed for sandbox ${sandbox.id} on old runner ${oldRunnerId}`, e)\n }\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'sync-states' })\n @TrackJobExecution()\n @WithInstrumentation()\n @LogExecution('sync-states')\n async syncStates(): Promise {\n const globalLockKey = 'sync-states'\n const lockTtl = 10 * 60 // seconds (10 min)\n if (!(await this.redisLockProvider.lock(globalLockKey, lockTtl))) {\n return\n }\n\n try {\n const queryBuilder = this.sandboxRepository\n .createQueryBuilder('sandbox')\n .select(['sandbox.id'])\n .where('sandbox.state NOT IN (:...excludedStates)', {\n excludedStates: [\n SandboxState.DESTROYED,\n SandboxState.ERROR,\n SandboxState.BUILD_FAILED,\n SandboxState.RESIZING,\n ],\n })\n .andWhere('sandbox.\"desiredState\"::text != sandbox.state::text')\n .andWhere('sandbox.\"desiredState\"::text != :archived', { archived: SandboxDesiredState.ARCHIVED })\n .orderBy('sandbox.\"lastActivityAt\"', 'DESC')\n\n const stream = await queryBuilder.stream()\n let processedCount = 0\n const maxProcessPerRun = 1000\n const pendingProcesses: Promise[] = []\n\n try {\n await new Promise((resolve, reject) => {\n stream.on('data', async (row: any) => {\n if (processedCount >= maxProcessPerRun) {\n resolve()\n return\n }\n\n const lockKey = getStateChangeLockKey(row.sandbox_id)\n if (await this.redisLockProvider.isLocked(lockKey)) {\n // Sandbox is already being processed, skip it\n return\n }\n\n // Process sandbox asynchronously but track the promise\n const processPromise = this.syncInstanceState(row.sandbox_id)\n pendingProcesses.push(processPromise)\n processedCount++\n\n // Limit concurrent processing to avoid overwhelming the system\n if (pendingProcesses.length >= 10) {\n stream.pause()\n Promise.allSettled(pendingProcesses.splice(0, pendingProcesses.length))\n .then(() => stream.resume())\n .catch(reject)\n }\n })\n\n stream.on('end', () => {\n Promise.all(pendingProcesses)\n .then(() => {\n resolve()\n })\n .catch(reject)\n })\n\n stream.on('error', reject)\n })\n } finally {\n if (!stream.destroyed) {\n stream.destroy()\n }\n }\n } finally {\n await this.redisLockProvider.unlock(globalLockKey)\n }\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'sync-archived-desired-states' })\n @TrackJobExecution()\n @LogExecution('sync-archived-desired-states')\n @WithInstrumentation()\n async syncArchivedDesiredStates(): Promise {\n const lockKey = 'sync-archived-desired-states'\n if (!(await this.redisLockProvider.lock(lockKey, 30))) {\n return\n }\n\n const sandboxes = await this.sandboxRepository.find({\n where: {\n state: In([SandboxState.ARCHIVING, SandboxState.STOPPED, SandboxState.ERROR]),\n desiredState: SandboxDesiredState.ARCHIVED,\n },\n take: 100,\n order: {\n updatedAt: 'ASC',\n },\n })\n\n await Promise.all(\n sandboxes.map(async (sandbox) => {\n this.syncInstanceState(sandbox.id)\n }),\n )\n await this.redisLockProvider.unlock(lockKey)\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'sync-archived-completed-states' })\n @TrackJobExecution()\n @LogExecution('sync-archived-completed-states')\n async syncArchivedCompletedStates(): Promise {\n const lockKey = 'sync-archived-completed-states'\n if (!(await this.redisLockProvider.lock(lockKey, 30))) {\n return\n }\n\n const sandboxes = await this.sandboxRepository.find({\n where: {\n state: In([SandboxState.ARCHIVING, SandboxState.STOPPED, SandboxState.ERROR]),\n desiredState: SandboxDesiredState.ARCHIVED,\n backupState: BackupState.COMPLETED,\n },\n take: 100,\n order: {\n updatedAt: 'ASC',\n },\n })\n\n await Promise.allSettled(\n sandboxes.map(async (sandbox) => {\n await this.syncInstanceState(sandbox.id)\n }),\n )\n await this.redisLockProvider.unlock(lockKey)\n }\n\n /**\n * Sync the state of a sandbox.\n *\n * Loop to handle SYNC_AGAIN without releasing the lock or re-fetching.\n * The sandbox entity is mutated in-place by repository.update() on each iteration,\n * and the lock guarantees no concurrent modification.\n */\n async syncInstanceState(sandboxId: string): Promise {\n // Track the start time of the sync operation.\n const startedAt = new Date()\n\n // Generate a random lock code to prevent race condition if sandbox action continues after the lock expires.\n const lockCode = new LockCode(randomUUID())\n\n // Prevent syncState cron from running multiple instances of the same sandbox.\n const lockKey = getStateChangeLockKey(sandboxId)\n const acquired = await this.redisLockProvider.lock(lockKey, 30, lockCode)\n if (!acquired) {\n return\n }\n\n try {\n const sandbox = await this.sandboxRepository.findOneOrFail({\n where: { id: sandboxId },\n })\n\n while (new Date().getTime() - startedAt.getTime() <= 10000) {\n if (\n [SandboxState.DESTROYED, SandboxState.BUILD_FAILED, SandboxState.RESIZING].includes(sandbox.state) ||\n (sandbox.state === SandboxState.ERROR && sandbox.desiredState !== SandboxDesiredState.ARCHIVED)\n ) {\n // Break sync loop if sandbox reaches a terminal state.\n // However, should allow ERROR → ARCHIVED transition (e.g., during runner draining).\n break\n }\n\n if (String(sandbox.state) === String(sandbox.desiredState)) {\n this.logger.warn(\n `Sandbox ${sandboxId} is already in the desired state ${sandbox.desiredState}, skipping sync`,\n )\n // Break sync loop if sandbox is already in the desired state.\n break\n }\n\n // Rely on the sandbox action to return SYNC_AGAIN or DONT_SYNC_AGAIN to continue/break the sync loop.\n let syncState = DONT_SYNC_AGAIN\n\n try {\n switch (sandbox.desiredState) {\n case SandboxDesiredState.STARTED: {\n syncState = await this.sandboxStartAction.run(sandbox, lockCode)\n break\n }\n case SandboxDesiredState.STOPPED: {\n syncState = await this.sandboxStopAction.run(sandbox, lockCode)\n break\n }\n case SandboxDesiredState.DESTROYED: {\n syncState = await this.sandboxDestroyAction.run(sandbox, lockCode)\n break\n }\n case SandboxDesiredState.ARCHIVED: {\n syncState = await this.sandboxArchiveAction.run(sandbox, lockCode)\n break\n }\n }\n } catch (error) {\n this.logger.error(`Error processing desired state for sandbox ${sandboxId}:`, error)\n\n const { recoverable, errorReason } = sanitizeSandboxError(error)\n\n const updateData: Partial = {\n state: SandboxState.ERROR,\n errorReason,\n recoverable,\n }\n\n await this.sandboxRepository.update(sandboxId, { updateData, entity: sandbox })\n\n // Break sync loop since sandbox is in error state.\n break\n }\n\n // Do not sync again for v2 runners\n // Job completion will update the sandbox state\n if (sandbox.runnerId && (await this.runnerService.getRunnerApiVersion(sandbox.runnerId)) === '2') {\n break\n }\n\n // Break sync loop if sandbox action returned DONT_SYNC_AGAIN.\n if (syncState !== SYNC_AGAIN) {\n break\n }\n }\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @OnAsyncEvent({\n event: SandboxEvents.ARCHIVED,\n })\n @TrackJobExecution()\n @WithSpan()\n private async handleSandboxArchivedEvent(event: SandboxArchivedEvent) {\n await this.syncInstanceState(event.sandbox.id)\n }\n\n @OnAsyncEvent({\n event: SandboxEvents.DESTROYED,\n })\n @TrackJobExecution()\n @WithSpan()\n private async handleSandboxDestroyedEvent(event: SandboxDestroyedEvent) {\n await this.syncInstanceState(event.sandbox.id)\n }\n\n @OnAsyncEvent({\n event: SandboxEvents.STARTED,\n })\n @TrackJobExecution()\n @WithSpan()\n private async handleSandboxStartedEvent(event: SandboxStartedEvent) {\n await this.syncInstanceState(event.sandbox.id)\n }\n\n @OnAsyncEvent({\n event: SandboxEvents.STOPPED,\n })\n @TrackJobExecution()\n @WithSpan()\n private async handleSandboxStoppedEvent(event: SandboxStoppedEvent) {\n await this.syncInstanceState(event.sandbox.id)\n }\n\n @OnAsyncEvent({\n event: SandboxEvents.CREATED,\n })\n @TrackJobExecution()\n @WithSpan()\n private async handleSandboxCreatedEvent(event: SandboxCreatedEvent) {\n await this.syncInstanceState(event.sandbox.id)\n }\n}\n" }, { "path": "apps/api/src/sandbox/managers/snapshot.manager.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger, NotFoundException, OnApplicationShutdown } from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { Cron, CronExpression } from '@nestjs/schedule'\nimport { In, IsNull, LessThan, Not, Repository } from 'typeorm'\nimport { DockerRegistryService } from '../../docker-registry/services/docker-registry.service'\nimport { Snapshot } from '../entities/snapshot.entity'\nimport { SnapshotState } from '../enums/snapshot-state.enum'\nimport { SnapshotRunner } from '../entities/snapshot-runner.entity'\nimport { Runner } from '../entities/runner.entity'\nimport { DockerRegistry } from '../../docker-registry/entities/docker-registry.entity'\nimport { RunnerState } from '../enums/runner-state.enum'\nimport { SnapshotRunnerState } from '../enums/snapshot-runner-state.enum'\nimport { v4 as uuidv4 } from 'uuid'\nimport { RunnerNotReadyError } from '../errors/runner-not-ready.error'\nimport { RedisLockProvider } from '../common/redis-lock.provider'\nimport { OrganizationService } from '../../organization/services/organization.service'\nimport { BuildInfo } from '../entities/build-info.entity'\nimport { fromAxiosError } from '../../common/utils/from-axios-error'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport { RunnerService } from '../services/runner.service'\nimport { TrackableJobExecutions } from '../../common/interfaces/trackable-job-executions'\nimport { TrackJobExecution } from '../../common/decorators/track-job-execution.decorator'\nimport { setTimeout as sleep } from 'timers/promises'\nimport { LogExecution } from '../../common/decorators/log-execution.decorator'\nimport { WithInstrumentation } from '../../common/decorators/otel.decorator'\nimport { RunnerAdapterFactory } from '../runner-adapter/runnerAdapter'\nimport { SnapshotStateError } from '../errors/snapshot-state-error'\nimport { SnapshotEvents } from '../constants/snapshot-events'\nimport { SnapshotCreatedEvent } from '../events/snapshot-created.event'\nimport { SnapshotService } from '../services/snapshot.service'\nimport { OnAsyncEvent } from '../../common/decorators/on-async-event.decorator'\nimport { parseDockerImage } from '../../common/utils/docker-image.util'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { SandboxDesiredState } from '../enums/sandbox-desired-state.enum'\nimport { BackupState } from '../enums/backup-state.enum'\nimport { BadRequestError } from '../../exceptions/bad-request.exception'\nimport { SandboxRepository } from '../repositories/sandbox.repository'\nimport { SnapshotInfoResponse } from '@daytonaio/runner-api-client'\nimport { SnapshotActivatedEvent } from '../events/snapshot-activated.event'\n\nconst SYNC_AGAIN = 'sync-again'\nconst DONT_SYNC_AGAIN = 'dont-sync-again'\nconst DEFAULT_SNAPSHOT_DEACTIVATION_TIMEOUT_MINUTES = 14 * 24 * 60 // 14 days\ntype SyncState = typeof SYNC_AGAIN | typeof DONT_SYNC_AGAIN\n\n@Injectable()\nexport class SnapshotManager implements TrackableJobExecutions, OnApplicationShutdown {\n activeJobs = new Set()\n\n private readonly logger = new Logger(SnapshotManager.name)\n // generate a unique instance id used to ensure only one instance of the worker is handing the\n // snapshot activation\n private readonly instanceId = uuidv4()\n\n constructor(\n @InjectRedis() private readonly redis: Redis,\n @InjectRepository(Snapshot)\n private readonly snapshotRepository: Repository,\n @InjectRepository(SnapshotRunner)\n private readonly snapshotRunnerRepository: Repository,\n @InjectRepository(Runner)\n private readonly runnerRepository: Repository,\n private readonly sandboxRepository: SandboxRepository,\n @InjectRepository(BuildInfo)\n private readonly buildInfoRepository: Repository,\n private readonly runnerService: RunnerService,\n private readonly dockerRegistryService: DockerRegistryService,\n private readonly runnerAdapterFactory: RunnerAdapterFactory,\n private readonly redisLockProvider: RedisLockProvider,\n private readonly organizationService: OrganizationService,\n private readonly snapshotService: SnapshotService,\n ) {}\n\n async onApplicationShutdown() {\n // wait for all active jobs to finish\n while (this.activeJobs.size > 0) {\n this.logger.log(`Waiting for ${this.activeJobs.size} active jobs to finish`)\n await sleep(1000)\n }\n }\n\n @Cron(CronExpression.EVERY_5_SECONDS, { name: 'sync-runner-snapshots', waitForCompletion: true })\n @TrackJobExecution()\n @LogExecution('sync-runner-snapshots')\n @WithInstrumentation()\n async syncRunnerSnapshots() {\n const lockKey = 'sync-runner-snapshots-lock'\n const lockTtl = 10 * 60 // seconds (10 min)\n if (!(await this.redisLockProvider.lock(lockKey, lockTtl))) {\n return\n }\n\n const skip = (await this.redis.get('sync-runner-snapshots-skip')) || 0\n\n const snapshots = await this.snapshotRepository\n .createQueryBuilder('snapshot')\n .innerJoin('organization', 'org', 'org.id = snapshot.organizationId')\n .where('snapshot.state = :snapshotState', { snapshotState: SnapshotState.ACTIVE })\n .andWhere('org.suspended = false')\n .orderBy('snapshot.createdAt', 'ASC')\n .take(100)\n .skip(Number(skip))\n .getMany()\n\n if (snapshots.length === 0) {\n await this.redisLockProvider.unlock(lockKey)\n await this.redis.set('sync-runner-snapshots-skip', 0)\n return\n }\n\n await this.redis.set('sync-runner-snapshots-skip', Number(skip) + snapshots.length)\n\n const results = await Promise.allSettled(\n snapshots.map(async (snapshot) => {\n const regions = await this.snapshotService.getSnapshotRegions(snapshot.id)\n\n const sharedRegionIds = regions.filter((r) => r.organizationId === null).map((r) => r.id)\n const organizationRegionIds = regions\n .filter((r) => r.organizationId === snapshot.organizationId)\n .map((r) => r.id)\n\n return this.propagateSnapshotToRunners(snapshot, sharedRegionIds, organizationRegionIds)\n }),\n )\n\n // Log all promise errors\n results.forEach((result) => {\n if (result.status === 'rejected') {\n this.logger.error(`Error propagating snapshot to runners: ${fromAxiosError(result.reason)}`)\n }\n })\n\n await this.redisLockProvider.unlock(lockKey)\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'sync-runner-snapshot-states', waitForCompletion: true })\n @TrackJobExecution()\n @LogExecution('sync-runner-snapshot-states')\n @WithInstrumentation()\n async syncRunnerSnapshotStates() {\n // this approach is not ideal, as if the number of runners is large, this will take a long time\n // also, if some snapshots stuck in a \"pulling\" state, they will infest the queue\n // todo: find a better approach\n\n const lockKey = 'sync-runner-snapshot-states-lock'\n if (!(await this.redisLockProvider.lock(lockKey, 30))) {\n return\n }\n\n const runnerSnapshots = await this.snapshotRunnerRepository\n .createQueryBuilder('snapshotRunner')\n .where({\n state: In([\n SnapshotRunnerState.PULLING_SNAPSHOT,\n SnapshotRunnerState.BUILDING_SNAPSHOT,\n SnapshotRunnerState.REMOVING,\n ]),\n })\n .orderBy('RANDOM()')\n .take(100)\n .getMany()\n\n await Promise.allSettled(\n runnerSnapshots.map((snapshotRunner) => {\n return this.syncRunnerSnapshotState(snapshotRunner).catch((err) => {\n if (err.code !== 'ECONNRESET') {\n if (err instanceof RunnerNotReadyError) {\n this.logger.debug(\n `Runner ${snapshotRunner.runnerId} is not ready while trying to sync snapshot runner ${snapshotRunner.id}: ${err}`,\n )\n return\n }\n this.logger.error(`Error syncing runner snapshot state ${snapshotRunner.id}: ${fromAxiosError(err)}`)\n this.snapshotRunnerRepository.update(snapshotRunner.id, {\n state: SnapshotRunnerState.ERROR,\n errorReason: fromAxiosError(err).message,\n })\n }\n })\n }),\n )\n\n await this.redisLockProvider.unlock(lockKey)\n }\n\n async syncRunnerSnapshotState(snapshotRunner: SnapshotRunner): Promise {\n const runner = await this.runnerService.findOne(snapshotRunner.runnerId)\n if (!runner) {\n // cleanup the snapshot runner record if the runner is not found\n // this can happen if the runner is deleted from the database without cleaning up the snapshot runners\n await this.snapshotRunnerRepository.delete(snapshotRunner.id)\n this.logger.warn(\n `Runner ${snapshotRunner.runnerId} not found while trying to process snapshot runner ${snapshotRunner.id}. Snapshot runner has been removed.`,\n )\n return\n }\n\n if (runner.state !== RunnerState.READY) {\n // todo: handle timeout policy\n // for now just remove the snapshot runner record if the runner is not ready\n await this.snapshotRunnerRepository.delete(snapshotRunner.id)\n\n throw new RunnerNotReadyError(`Runner ${runner.id} is not ready`)\n }\n\n switch (snapshotRunner.state) {\n case SnapshotRunnerState.PULLING_SNAPSHOT:\n await this.handleSnapshotRunnerStatePullingSnapshot(snapshotRunner, runner)\n break\n case SnapshotRunnerState.BUILDING_SNAPSHOT:\n await this.handleSnapshotRunnerStateBuildingSnapshot(snapshotRunner, runner)\n break\n case SnapshotRunnerState.REMOVING:\n await this.handleSnapshotRunnerStateRemoving(snapshotRunner, runner)\n break\n }\n }\n\n async propagateSnapshotToRunners(snapshot: Snapshot, sharedRegionIds: string[], organizationRegionIds: string[]) {\n // todo: remove try catch block and implement error handling\n try {\n // get all runners in the regions to propagate to\n const runners = await this.runnerRepository.find({\n where: {\n state: RunnerState.READY,\n unschedulable: Not(true),\n region: In([...sharedRegionIds, ...organizationRegionIds]),\n },\n })\n\n const sharedRunners = runners.filter((runner) => sharedRegionIds.includes(runner.region))\n const sharedRunnerIds = sharedRunners.map((runner) => runner.id)\n\n const organizationRunners = runners.filter((runner) => organizationRegionIds.includes(runner.region))\n const organizationRunnerIds = organizationRunners.map((runner) => runner.id)\n\n // get all runners where the snapshot is already propagated to (or in progress)\n const sharedSnapshotRunners = await this.snapshotRunnerRepository.find({\n where: {\n snapshotRef: snapshot.ref,\n state: In([SnapshotRunnerState.READY, SnapshotRunnerState.PULLING_SNAPSHOT]),\n runnerId: In(sharedRunnerIds),\n },\n })\n const sharedSnapshotRunnersDistinctRunnersIds = new Set(\n sharedSnapshotRunners.map((snapshotRunner) => snapshotRunner.runnerId),\n )\n\n const organizationSnapshotRunners = await this.snapshotRunnerRepository.find({\n where: {\n snapshotRef: snapshot.ref,\n state: In([SnapshotRunnerState.READY, SnapshotRunnerState.PULLING_SNAPSHOT]),\n runnerId: In(organizationRunnerIds),\n },\n })\n const organizationSnapshotRunnersDistinctRunnersIds = new Set(\n organizationSnapshotRunners.map((snapshotRunner) => snapshotRunner.runnerId),\n )\n\n // get all runners where the snapshot is not propagated to\n const unallocatedSharedRunners = sharedRunners.filter(\n (runner) => !sharedSnapshotRunnersDistinctRunnersIds.has(runner.id),\n )\n const unallocatedOrganizationRunners = organizationRunners.filter(\n (runner) => !organizationSnapshotRunnersDistinctRunnersIds.has(runner.id),\n )\n\n const runnersToPropagateTo: Runner[] = []\n\n // propagate the snapshot to all organization runners\n runnersToPropagateTo.push(...unallocatedOrganizationRunners)\n\n // respect the propagation limit for shared runners\n const sharedRunnersPropagateLimit = Math.max(\n 0,\n Math.ceil(sharedRunners.length / 3) - sharedSnapshotRunnersDistinctRunnersIds.size,\n )\n runnersToPropagateTo.push(\n ...unallocatedSharedRunners.sort(() => Math.random() - 0.5).slice(0, sharedRunnersPropagateLimit),\n )\n\n if (runnersToPropagateTo.length === 0) {\n return\n }\n\n // regionId -> registry\n const internalRegistriesMap = new Map()\n\n for (const regionId of [...sharedRegionIds, ...organizationRegionIds]) {\n const registry = await this.dockerRegistryService.findInternalRegistryBySnapshotRef(snapshot.ref, regionId)\n if (registry) {\n internalRegistriesMap.set(regionId, registry)\n }\n }\n\n const results = await Promise.allSettled(\n runnersToPropagateTo.map(async (runner) => {\n const internalRegistry = internalRegistriesMap.get(runner.region)\n if (!internalRegistry) {\n throw new Error(`No internal registry found for snapshot ${snapshot.ref} in region ${runner.region}`)\n }\n\n const snapshotRunner = await this.runnerService.getSnapshotRunner(runner.id, snapshot.ref)\n\n try {\n if (!snapshotRunner) {\n await this.runnerService.createSnapshotRunnerEntry(\n runner.id,\n snapshot.ref,\n SnapshotRunnerState.PULLING_SNAPSHOT,\n )\n await this.pullSnapshotRunner(runner, snapshot.ref, internalRegistry)\n } else if (snapshotRunner.state === SnapshotRunnerState.PULLING_SNAPSHOT) {\n await this.handleSnapshotRunnerStatePullingSnapshot(snapshotRunner, runner)\n }\n } catch (err) {\n this.logger.error(`Error propagating snapshot to runner ${runner.id}: ${fromAxiosError(err)}`)\n snapshotRunner.state = SnapshotRunnerState.ERROR\n snapshotRunner.errorReason = err.message\n await this.snapshotRunnerRepository.update(snapshotRunner.id, snapshotRunner)\n }\n }),\n )\n\n results.forEach((result) => {\n if (result.status === 'rejected') {\n this.logger.error(result.reason)\n }\n })\n } catch (err) {\n this.logger.error(err)\n }\n }\n\n async pullSnapshotRunner(\n runner: Runner,\n snapshotRef: string,\n registry?: DockerRegistry,\n destinationRegistry?: DockerRegistry,\n destinationRef?: string,\n ) {\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n // Runner returns immediately; polling for completion is handled by syncRunnerSnapshotStates cron\n await runnerAdapter.pullSnapshot(snapshotRef, registry, destinationRegistry, destinationRef)\n }\n\n async handleSnapshotRunnerStatePullingSnapshot(snapshotRunner: SnapshotRunner, runner: Runner) {\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n try {\n await runnerAdapter.getSnapshotInfo(snapshotRunner.snapshotRef)\n snapshotRunner.state = SnapshotRunnerState.READY\n await this.snapshotRunnerRepository.save(snapshotRunner)\n return\n } catch (err) {\n if (err instanceof SnapshotStateError) {\n snapshotRunner.state = SnapshotRunnerState.ERROR\n snapshotRunner.errorReason = err.errorReason\n await this.snapshotRunnerRepository.save(snapshotRunner)\n return\n }\n }\n\n const timeoutMinutes = 60\n const timeoutMs = timeoutMinutes * 60 * 1000\n if (Date.now() - snapshotRunner.updatedAt.getTime() > timeoutMs) {\n snapshotRunner.state = SnapshotRunnerState.ERROR\n snapshotRunner.errorReason = 'Timeout while pulling snapshot to runner'\n await this.snapshotRunnerRepository.save(snapshotRunner)\n return\n }\n\n const retryTimeoutMinutes = 10\n const retryTimeoutMs = retryTimeoutMinutes * 60 * 1000\n if (Date.now() - snapshotRunner.createdAt.getTime() > retryTimeoutMs) {\n const internalRegistry = await this.dockerRegistryService.findInternalRegistryBySnapshotRef(\n snapshotRunner.snapshotRef,\n runner.region,\n )\n if (!internalRegistry) {\n throw new Error(\n `No internal registry found for snapshot ${snapshotRunner.snapshotRef} in region ${runner.region}`,\n )\n }\n await this.pullSnapshotRunner(runner, snapshotRunner.snapshotRef, internalRegistry)\n return\n }\n }\n\n async handleSnapshotRunnerStateBuildingSnapshot(snapshotRunner: SnapshotRunner, runner: Runner) {\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n try {\n await runnerAdapter.getSnapshotInfo(snapshotRunner.snapshotRef)\n snapshotRunner.state = SnapshotRunnerState.READY\n await this.snapshotRunnerRepository.save(snapshotRunner)\n return\n } catch (err) {\n if (err instanceof SnapshotStateError) {\n snapshotRunner.state = SnapshotRunnerState.ERROR\n snapshotRunner.errorReason = err.errorReason\n await this.snapshotRunnerRepository.save(snapshotRunner)\n return\n }\n }\n }\n\n // Pulls stopped sandboxes' backup snapshots to another runner to prepare for reassignment during draining\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'migrate-draining-runner-snapshots', waitForCompletion: true })\n @TrackJobExecution()\n @LogExecution('migrate-draining-runner-snapshots')\n @WithInstrumentation()\n private async handleMigrateDrainingRunnerSnapshots() {\n const lockKey = 'migrate-draining-runner-snapshots'\n const hasLock = await this.redisLockProvider.lock(lockKey, 60)\n if (!hasLock) {\n return\n }\n\n try {\n const drainingRunners = await this.runnerRepository.find({\n where: {\n draining: true,\n state: RunnerState.READY,\n },\n })\n\n this.logger.debug(`Checking ${drainingRunners.length} draining runners for snapshot migration`)\n\n await Promise.allSettled(\n drainingRunners.map(async (runner) => {\n try {\n const sandboxes = await this.sandboxRepository.find({\n where: {\n runnerId: runner.id,\n state: SandboxState.STOPPED,\n desiredState: SandboxDesiredState.STOPPED,\n backupState: BackupState.COMPLETED,\n backupSnapshot: Not(IsNull()),\n },\n take: 100,\n })\n\n this.logger.debug(\n `Found ${sandboxes.length} eligible sandboxes on draining runner ${runner.id} for snapshot migration`,\n )\n\n await Promise.allSettled(\n sandboxes.map(async (sandbox) => {\n const sandboxLockKey = `draining-runner-snapshot-migration:${sandbox.id}`\n const hasSandboxLock = await this.redisLockProvider.lock(sandboxLockKey, 3600)\n if (!hasSandboxLock) {\n return\n }\n\n try {\n // Get an available runner in the same region with the same class\n const targetRunner = await this.runnerService.getRandomAvailableRunner({\n regions: [sandbox.region],\n sandboxClass: sandbox.class,\n excludedRunnerIds: [runner.id],\n })\n\n // Check if snapshot runner entry already exists\n const existingEntry = await this.runnerService.getSnapshotRunner(\n targetRunner.id,\n sandbox.backupSnapshot,\n )\n if (existingEntry) {\n if (existingEntry.state === SnapshotRunnerState.ERROR) {\n // Clean up the failed entry so we can retry\n this.logger.warn(\n `Removing ERROR snapshot runner entry ${existingEntry.id} for runner ${targetRunner.id} and snapshot ${sandbox.backupSnapshot} to allow retry`,\n )\n await this.snapshotRunnerRepository.delete(existingEntry.id)\n } else {\n this.logger.debug(\n `Snapshot runner entry already exists for runner ${targetRunner.id} and snapshot ${sandbox.backupSnapshot} (state: ${existingEntry.state})`,\n )\n // Do not unlock to avoid duplicates\n return\n }\n }\n\n // Find the backup registry to use as source for the pull\n const registry = sandbox.backupRegistryId\n ? await this.dockerRegistryService.findOne(sandbox.backupRegistryId)\n : await this.dockerRegistryService.findInternalRegistryBySnapshotRef(\n sandbox.backupSnapshot,\n targetRunner.region,\n )\n\n if (!registry) {\n this.logger.warn(\n `No registry found for backup snapshot ${sandbox.backupSnapshot} of sandbox ${sandbox.id}`,\n )\n await this.redisLockProvider.unlock(sandboxLockKey)\n return\n }\n\n // Create snapshot runner entry on the target runner\n await this.runnerService.createSnapshotRunnerEntry(\n targetRunner.id,\n sandbox.backupSnapshot,\n SnapshotRunnerState.PULLING_SNAPSHOT,\n )\n await this.pullSnapshotRunner(targetRunner, sandbox.backupSnapshot, registry)\n\n this.logger.log(\n `Created snapshot runner entry for sandbox ${sandbox.id} backup ${sandbox.backupSnapshot} on runner ${targetRunner.id} (migrating from draining runner ${runner.id})`,\n )\n await this.redisLockProvider.unlock(sandboxLockKey)\n } catch (e) {\n if (e instanceof BadRequestError && e.message === 'No available runners') {\n this.logger.warn(\n `No available runners found in region ${sandbox.region} for sandbox ${sandbox.id} snapshot migration`,\n )\n } else {\n this.logger.error(`Error migrating snapshot for sandbox ${sandbox.id}`, e)\n }\n await this.redisLockProvider.unlock(sandboxLockKey)\n }\n }),\n )\n } catch (e) {\n this.logger.error(`Error processing draining runner ${runner.id} for snapshot migration`, e)\n }\n }),\n )\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'check-snapshot-cleanup' })\n @TrackJobExecution()\n @LogExecution('check-snapshot-cleanup')\n @WithInstrumentation()\n async checkSnapshotCleanup() {\n const lockKey = 'check-snapshot-cleanup-lock'\n if (!(await this.redisLockProvider.lock(lockKey, 30))) {\n return\n }\n\n const snapshots = await this.snapshotRepository.find({\n where: {\n state: SnapshotState.REMOVING,\n },\n })\n\n await Promise.all(\n snapshots.map(async (snapshot) => {\n const countActiveSnapshots = await this.snapshotRepository.count({\n where: {\n state: SnapshotState.ACTIVE,\n ref: snapshot.ref,\n },\n })\n\n // Only remove snapshot runners if no other snapshots depend on them\n if (countActiveSnapshots === 0) {\n await this.snapshotRunnerRepository.update(\n {\n snapshotRef: snapshot.ref,\n },\n {\n state: SnapshotRunnerState.REMOVING,\n },\n )\n }\n\n await this.snapshotRepository.remove(snapshot)\n }),\n )\n\n await this.redisLockProvider.unlock(lockKey)\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'check-snapshot-state' })\n @TrackJobExecution()\n @LogExecution('check-snapshot-state')\n @WithInstrumentation()\n async checkSnapshotState() {\n // the first time the snapshot is created it needs to be pushed to the internal registry\n // before propagating to the runners\n // this cron job will process the snapshot states until the snapshot is active (or error)\n\n // get all snapshots\n const snapshots = await this.snapshotRepository.find({\n where: {\n state: Not(In([SnapshotState.ACTIVE, SnapshotState.ERROR, SnapshotState.BUILD_FAILED, SnapshotState.INACTIVE])),\n },\n })\n\n await Promise.all(\n snapshots.map(async (snapshot) => {\n this.syncSnapshotState(snapshot.id)\n }),\n )\n }\n\n async syncSnapshotState(snapshotId: string): Promise {\n const lockKey = `sync-snapshot-state-${snapshotId}`\n if (!(await this.redisLockProvider.lock(lockKey, 720))) {\n return\n }\n\n const snapshot = await this.snapshotRepository.findOne({\n where: { id: snapshotId },\n })\n\n if (\n !snapshot ||\n [SnapshotState.ACTIVE, SnapshotState.ERROR, SnapshotState.BUILD_FAILED, SnapshotState.INACTIVE].includes(\n snapshot.state,\n )\n ) {\n await this.redisLockProvider.unlock(lockKey)\n return\n }\n\n let syncState = DONT_SYNC_AGAIN\n\n try {\n switch (snapshot.state) {\n case SnapshotState.PENDING:\n syncState = await this.handleSnapshotStatePending(snapshot)\n break\n case SnapshotState.PULLING:\n case SnapshotState.BUILDING:\n syncState = await this.handleCheckInitialRunnerSnapshot(snapshot)\n break\n case SnapshotState.REMOVING:\n syncState = await this.handleSnapshotStateRemoving(snapshot)\n break\n }\n } catch (error) {\n if (error.code === 'ECONNRESET') {\n syncState = SYNC_AGAIN\n } else {\n const message = error.message || String(error)\n await this.updateSnapshotState(snapshot.id, SnapshotState.ERROR, message)\n }\n }\n\n await this.redisLockProvider.unlock(lockKey)\n if (syncState === SYNC_AGAIN) {\n this.syncSnapshotState(snapshotId)\n }\n }\n\n async handleSnapshotRunnerStateRemoving(snapshotRunner: SnapshotRunner, runner: Runner) {\n if (!runner) {\n // generally this should not happen\n // in case the runner has been deleted from the database, delete the snapshot runner record\n const errorMessage = `Runner not found while trying to remove snapshot ${snapshotRunner.snapshotRef} from runner ${snapshotRunner.runnerId}`\n this.logger.warn(errorMessage)\n\n this.snapshotRunnerRepository.delete(snapshotRunner.id).catch((err) => {\n this.logger.error(fromAxiosError(err))\n })\n return\n }\n if (!snapshotRunner.snapshotRef) {\n // this should never happen\n // remove the snapshot runner record (it will be recreated again by the snapshot propagation job)\n this.logger.warn(`Internal snapshot name not found for snapshot runner ${snapshotRunner.id}`)\n this.snapshotRunnerRepository.delete(snapshotRunner.id).catch((err) => {\n this.logger.error(fromAxiosError(err))\n })\n return\n }\n\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n const exists = await runnerAdapter.snapshotExists(snapshotRunner.snapshotRef)\n if (!exists) {\n await this.snapshotRunnerRepository.delete(snapshotRunner.id)\n } else {\n // just in case the snapshot is still there\n runnerAdapter.removeSnapshot(snapshotRunner.snapshotRef).catch((err) => {\n // this should not happen, and is not critical\n // if the runner can not remove the snapshot, just delete the snapshot runner record\n this.snapshotRunnerRepository.delete(snapshotRunner.id).catch((err) => {\n this.logger.error(fromAxiosError(err))\n })\n // and log the error for tracking\n const errorMessage = `Failed to do just in case remove snapshot ${snapshotRunner.snapshotRef} from runner ${runner.id}: ${fromAxiosError(err)}`\n this.logger.warn(errorMessage)\n })\n }\n }\n\n async handleSnapshotStateRemoving(snapshot: Snapshot): Promise {\n const snapshotRunnerItems = await this.snapshotRunnerRepository.find({\n where: {\n snapshotRef: snapshot.ref,\n },\n })\n\n if (snapshotRunnerItems.length === 0) {\n await this.snapshotRepository.remove(snapshot)\n }\n\n return DONT_SYNC_AGAIN\n }\n\n async handleCheckInitialRunnerSnapshot(snapshot: Snapshot): Promise {\n // Check for timeout - allow up to 30 minutes\n const timeoutMinutes = 30\n const timeoutMs = timeoutMinutes * 60 * 1000\n if (Date.now() - snapshot.updatedAt.getTime() > timeoutMs) {\n await this.updateSnapshotState(snapshot.id, SnapshotState.ERROR, 'Timeout processing snapshot on initial runner')\n return DONT_SYNC_AGAIN\n }\n\n // Check if the snapshot ref is already set and it is already on the runner\n const snapshotRunner = await this.snapshotRunnerRepository.findOne({\n where: {\n snapshotRef: snapshot.ref,\n runnerId: snapshot.initialRunnerId,\n },\n })\n\n if (snapshot.ref && snapshotRunner) {\n if (snapshotRunner.state === SnapshotRunnerState.READY) {\n await this.updateSnapshotState(snapshot.id, SnapshotState.ACTIVE)\n return DONT_SYNC_AGAIN\n } else if (snapshotRunner.state === SnapshotRunnerState.ERROR) {\n await this.snapshotRunnerRepository.delete(snapshotRunner.id)\n }\n }\n\n const runner = await this.runnerService.findOneOrFail(snapshot.initialRunnerId)\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n const initialImageRefOnRunner = snapshot.buildInfo ? snapshot.buildInfo.snapshotRef : snapshot.ref\n\n let snapshotInfoResponse: SnapshotInfoResponse\n try {\n snapshotInfoResponse = await runnerAdapter.getSnapshotInfo(initialImageRefOnRunner)\n } catch (error) {\n if (error instanceof SnapshotStateError) {\n throw error\n } else {\n return DONT_SYNC_AGAIN\n }\n }\n\n const internalRegistry = await this.dockerRegistryService.getAvailableInternalRegistry(runner.region)\n if (!internalRegistry) {\n throw new Error('No internal registry found for snapshot')\n }\n\n await this.processSnapshotDigest(\n snapshot,\n internalRegistry,\n snapshotInfoResponse.hash,\n snapshotInfoResponse.sizeGB,\n snapshotInfoResponse.entrypoint,\n )\n\n try {\n await runnerAdapter.inspectSnapshotInRegistry(snapshot.ref, internalRegistry)\n } catch (error) {\n this.logger.error(`Failed to inspect snapshot ${snapshot.ref} in registry: ${error}`)\n await this.snapshotRepository.save(snapshot)\n return DONT_SYNC_AGAIN\n }\n\n try {\n await runnerAdapter.removeSnapshot(initialImageRefOnRunner)\n } catch (error) {\n this.logger.error(`Failed to remove snapshot ${snapshot.imageName}: ${fromAxiosError(error)}`)\n }\n\n // For pull snapshots, best effort cleanup the original image now that we've computed the ref from it\n // Only cleanup if there's no other snapshot in processing state using the same image\n if (!snapshot.buildInfo) {\n try {\n const anotherSnapshot = await this.snapshotRepository.findOne({\n where: {\n imageName: snapshot.imageName,\n id: Not(snapshot.id),\n state: Not(In([SnapshotState.ACTIVE, SnapshotState.INACTIVE])),\n },\n })\n if (!anotherSnapshot) {\n await runnerAdapter.removeSnapshot(snapshot.imageName)\n }\n } catch (err) {\n this.logger.error(`Failed to cleanup original image ${snapshot.imageName}: ${fromAxiosError(err)}`)\n }\n }\n\n if (snapshotRunner) {\n snapshotRunner.state = SnapshotRunnerState.READY\n await this.snapshotRunnerRepository.save(snapshotRunner)\n } else {\n await this.runnerService.createSnapshotRunnerEntry(runner.id, snapshot.ref, SnapshotRunnerState.READY)\n }\n await this.updateSnapshotState(snapshot.id, SnapshotState.ACTIVE)\n\n // Best effort removal of old snapshot from transient registry\n const transientRegistry = await this.dockerRegistryService.findTransientRegistryBySnapshotImageName(\n snapshot.imageName,\n runner.region,\n )\n if (transientRegistry) {\n try {\n await this.dockerRegistryService.removeImage(snapshot.imageName, transientRegistry.id)\n } catch (error) {\n if (error.statusCode === 404) {\n // image not found, just return\n return DONT_SYNC_AGAIN\n }\n this.logger.error('Failed to remove transient image:', fromAxiosError(error))\n }\n }\n\n return DONT_SYNC_AGAIN\n }\n\n async processPullOnInitialRunner(snapshot: Snapshot, runner: Runner) {\n // Check for timeout - allow up to 30 minutes\n const timeoutMinutes = 30\n const timeoutMs = timeoutMinutes * 60 * 1000\n if (Date.now() - snapshot.updatedAt.getTime() > timeoutMs) {\n await this.updateSnapshotState(\n snapshot.id,\n SnapshotState.ERROR,\n 'Timeout processing snapshot pull on initial runner',\n )\n return DONT_SYNC_AGAIN\n }\n\n let sourceRegistry = await this.dockerRegistryService.findSourceRegistryBySnapshotImageName(\n snapshot.imageName,\n runner.region,\n snapshot.organizationId,\n )\n if (!sourceRegistry) {\n sourceRegistry = await this.dockerRegistryService.getDefaultDockerHubRegistry()\n }\n const destinationRegistry = await this.dockerRegistryService.getAvailableInternalRegistry(runner.region)\n\n // Fire pull request (runner returns 202 immediately)\n // Post-processing (digest, cleanup) is handled by handleCheckInitialRunnerSnapshot on the next poll cycle\n try {\n await this.pullSnapshotRunner(\n runner,\n snapshot.imageName,\n sourceRegistry,\n destinationRegistry ?? undefined,\n snapshot.ref ? snapshot.ref : undefined,\n )\n } catch (err) {\n // Validation errors are still returned synchronously\n await this.updateSnapshotState(snapshot.id, SnapshotState.ERROR, err.message)\n throw err\n }\n }\n\n async processBuildOnRunner(snapshot: Snapshot, runner: Runner) {\n try {\n const registry = await this.dockerRegistryService.getAvailableInternalRegistry(runner.region)\n\n const sourceRegistries = await this.dockerRegistryService.getSourceRegistriesForDockerfile(\n snapshot.buildInfo.dockerfileContent,\n snapshot.organizationId,\n )\n\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n registry.url = registry.url.replace(/^(https?:\\/\\/)/, '')\n // Runner returns immediately; polling for completion is handled by handleCheckInitialRunnerSnapshot\n await runnerAdapter.buildSnapshot(\n snapshot.buildInfo,\n snapshot.organizationId,\n sourceRegistries.length > 0 ? sourceRegistries : undefined,\n registry ?? undefined,\n true,\n )\n } catch (err) {\n this.logger.error(`Error building snapshot ${snapshot.name}: ${fromAxiosError(err)}`)\n await this.updateSnapshotState(snapshot.id, SnapshotState.BUILD_FAILED, fromAxiosError(err).message)\n }\n }\n\n async handleSnapshotStatePending(snapshot: Snapshot): Promise {\n let initialRunner: Runner | undefined = undefined\n\n if (!snapshot.initialRunnerId) {\n // TODO: get only runners where the base snapshot is available (extract from buildInfo)\n const excludedRunnerIds = snapshot.buildInfo\n ? await this.runnerService.getRunnersWithMultipleSnapshotsBuilding()\n : await this.runnerService.getRunnersWithMultipleSnapshotsPulling()\n\n try {\n const regions = await this.snapshotService.getSnapshotRegions(snapshot.id)\n if (!regions.length) {\n throw new Error('No regions found for snapshot')\n }\n\n initialRunner = await this.runnerService.getRandomAvailableRunner({\n regions: regions.map((region) => region.id),\n excludedRunnerIds: excludedRunnerIds,\n })\n } catch (error) {\n this.logger.warn(`Failed to get initial runner: ${fromAxiosError(error)}`)\n }\n\n if (!initialRunner) {\n // No runners available, retry later\n return DONT_SYNC_AGAIN\n }\n\n snapshot.initialRunnerId = initialRunner.id\n await this.snapshotRepository.save(snapshot)\n } else {\n initialRunner = await this.runnerService.findOneOrFail(snapshot.initialRunnerId)\n }\n\n if (snapshot.buildInfo) {\n await this.updateSnapshotState(snapshot.id, SnapshotState.BUILDING)\n await this.runnerService.createSnapshotRunnerEntry(\n initialRunner.id,\n snapshot.buildInfo.snapshotRef,\n SnapshotRunnerState.BUILDING_SNAPSHOT,\n )\n await this.processBuildOnRunner(snapshot, initialRunner)\n } else {\n if (!snapshot.ref) {\n const runnerAdapter = await this.runnerAdapterFactory.create(initialRunner)\n const registry = await this.dockerRegistryService.findRegistryByImageName(\n snapshot.imageName,\n initialRunner.region,\n snapshot.organizationId,\n )\n\n const image = parseDockerImage(snapshot.imageName)\n if (registry && !image.registry) {\n image.registry = registry.url.replace(/^(https?:\\/\\/)/, '')\n }\n const imageName = image.getFullName()\n\n const internalRegistry = await this.dockerRegistryService.getAvailableInternalRegistry(initialRunner.region)\n if (!internalRegistry) {\n throw new Error('No internal registry found for snapshot')\n }\n\n const snapshotDigestResponse = await runnerAdapter.inspectSnapshotInRegistry(imageName, registry)\n await this.processSnapshotDigest(\n snapshot,\n internalRegistry,\n snapshotDigestResponse.hash,\n snapshotDigestResponse.sizeGB,\n )\n await this.snapshotRepository.save(snapshot)\n }\n\n await this.updateSnapshotState(snapshot.id, SnapshotState.PULLING)\n await this.runnerService.createSnapshotRunnerEntry(\n initialRunner.id,\n snapshot.ref,\n SnapshotRunnerState.PULLING_SNAPSHOT,\n )\n await this.processPullOnInitialRunner(snapshot, initialRunner)\n }\n\n return SYNC_AGAIN\n }\n\n private async updateSnapshotState(snapshotId: string, state: SnapshotState, errorReason?: string) {\n const partialUpdate: Partial = {\n state,\n }\n\n if (state === SnapshotState.ACTIVE) {\n partialUpdate.lastUsedAt = new Date()\n }\n\n if (errorReason !== undefined) {\n partialUpdate.errorReason = errorReason\n }\n\n const result = await this.snapshotRepository.update(\n {\n id: snapshotId,\n },\n partialUpdate,\n )\n\n if (!result.affected) {\n throw new NotFoundException(`Snapshot with ID ${snapshotId} not found`)\n }\n }\n\n @Cron(CronExpression.EVERY_HOUR, { name: 'cleanup-old-buildinfo-snapshot-runners' })\n @TrackJobExecution()\n @LogExecution('cleanup-old-buildinfo-snapshot-runners')\n @WithInstrumentation()\n async cleanupOldBuildInfoSnapshotRunners() {\n const lockKey = 'cleanup-old-buildinfo-snapshots-lock'\n if (!(await this.redisLockProvider.lock(lockKey, 300))) {\n return\n }\n\n try {\n const oneDayAgo = new Date()\n oneDayAgo.setDate(oneDayAgo.getDate() - 1)\n\n // Find all BuildInfo entities that haven't been used in over a day\n const oldBuildInfos = await this.buildInfoRepository.find({\n where: {\n lastUsedAt: LessThan(oneDayAgo),\n },\n })\n\n if (oldBuildInfos.length === 0) {\n return\n }\n\n const snapshotRefs = oldBuildInfos.map((buildInfo) => buildInfo.snapshotRef)\n\n const result = await this.snapshotRunnerRepository.update(\n { snapshotRef: In(snapshotRefs) },\n { state: SnapshotRunnerState.REMOVING },\n )\n\n if (result.affected > 0) {\n this.logger.debug(`Marked ${result.affected} SnapshotRunners for removal due to unused BuildInfo`)\n }\n } catch (error) {\n this.logger.error(`Failed to mark old BuildInfo SnapshotRunners for removal: ${fromAxiosError(error)}`)\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @Cron(CronExpression.EVERY_10_MINUTES, { name: 'deactivate-old-snapshots' })\n @TrackJobExecution()\n @LogExecution('deactivate-old-snapshots')\n @WithInstrumentation()\n async deactivateOldSnapshots() {\n const lockKey = 'deactivate-old-snapshots-lock'\n if (!(await this.redisLockProvider.lock(lockKey, 300))) {\n return\n }\n\n try {\n const cutoff = `NOW() - INTERVAL '1 minute' * COALESCE(org.\"snapshot_deactivation_timeout_minutes\", ${DEFAULT_SNAPSHOT_DEACTIVATION_TIMEOUT_MINUTES})`\n\n const oldSnapshots = await this.snapshotRepository\n .createQueryBuilder('snapshot')\n .leftJoin('organization', 'org', `org.\"id\" = snapshot.\"organizationId\"`)\n .where('snapshot.general = false')\n .andWhere('snapshot.state = :snapshotState', { snapshotState: SnapshotState.ACTIVE })\n .andWhere(`(snapshot.\"lastUsedAt\" IS NULL OR snapshot.\"lastUsedAt\" < ${cutoff})`)\n .andWhere(`snapshot.\"createdAt\" < ${cutoff}`)\n .andWhere(\n `NOT EXISTS (\n SELECT 1 FROM snapshot s\n WHERE s.\"ref\" = snapshot.\"ref\"\n AND s.state = :activeState\n AND (s.\"lastUsedAt\" >= ${cutoff} OR s.\"createdAt\" >= ${cutoff})\n )`,\n {\n activeState: SnapshotState.ACTIVE,\n },\n )\n .take(100)\n .getMany()\n\n if (oldSnapshots.length === 0) {\n return\n }\n\n // Deactivate the snapshots\n const snapshotIds = oldSnapshots.map((snapshot) => snapshot.id)\n await this.snapshotRepository.update({ id: In(snapshotIds) }, { state: SnapshotState.INACTIVE })\n\n // Get internal names of deactivated snapshots\n const refs = oldSnapshots.map((snapshot) => snapshot.ref).filter((name) => name) // Filter out null/undefined values\n\n if (refs.length > 0) {\n // Set associated SnapshotRunner records to REMOVING state\n const result = await this.snapshotRunnerRepository.update(\n { snapshotRef: In(refs) },\n { state: SnapshotRunnerState.REMOVING },\n )\n\n this.logger.debug(\n `Deactivated ${oldSnapshots.length} snapshots and marked ${result.affected} SnapshotRunners for removal`,\n )\n }\n } catch (error) {\n this.logger.error(`Failed to deactivate old snapshots: ${fromAxiosError(error)}`)\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n @Cron(CronExpression.EVERY_10_MINUTES, { name: 'cleanup-inactive-snapshots-from-runners' })\n @TrackJobExecution()\n @LogExecution('cleanup-inactive-snapshots-from-runners')\n @WithInstrumentation()\n async cleanupInactiveSnapshotsFromRunners() {\n const lockKey = 'cleanup-inactive-snapshots-from-runners-lock'\n if (!(await this.redisLockProvider.lock(lockKey, 300))) {\n return\n }\n\n try {\n // Only fetch inactive snapshots that have associated snapshot runner entries\n const queryResult = await this.snapshotRepository\n .createQueryBuilder('snapshot')\n .select('snapshot.\"ref\"')\n .where('snapshot.state = :snapshotState', { snapshotState: SnapshotState.INACTIVE })\n .andWhere('snapshot.\"ref\" IS NOT NULL')\n .andWhereExists(\n this.snapshotRunnerRepository\n .createQueryBuilder('snapshot_runner')\n .select('1')\n .where('snapshot_runner.\"snapshotRef\" = snapshot.\"ref\"')\n .andWhere('snapshot_runner.state != :snapshotRunnerState', {\n snapshotRunnerState: SnapshotRunnerState.REMOVING,\n }),\n )\n .andWhere(\n () => {\n const query = this.snapshotRepository\n .createQueryBuilder('s')\n .select('1')\n .where('s.\"ref\" = snapshot.\"ref\"')\n .andWhere('s.state = :snapshotState')\n return `NOT EXISTS (${query.getQuery()})`\n },\n {\n snapshotState: SnapshotState.ACTIVE,\n },\n )\n .take(100)\n .getRawMany()\n\n const inactiveSnapshotRefs = queryResult.map((result) => result.ref)\n\n if (inactiveSnapshotRefs.length > 0) {\n // Set associated SnapshotRunner records to REMOVING state\n const result = await this.snapshotRunnerRepository.update(\n { snapshotRef: In(inactiveSnapshotRefs) },\n { state: SnapshotRunnerState.REMOVING },\n )\n\n this.logger.debug(`Marked ${result.affected} SnapshotRunners for removal`)\n }\n } catch (error) {\n this.logger.error(`Failed to cleanup inactive snapshots from runners: ${fromAxiosError(error)}`)\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n private async processSnapshotDigest(\n snapshot: Snapshot,\n internalRegistry: DockerRegistry,\n hash: string,\n sizeGB: number,\n entrypoint?: string[] | string,\n ) {\n let shouldSave = false\n if (!snapshot.ref) {\n shouldSave = true\n const sanitizedUrl = internalRegistry.url.replace(/^https?:\\/\\//, '')\n snapshot.ref = `${sanitizedUrl}/${internalRegistry.project || 'daytona'}/daytona-${hash}:daytona`\n }\n\n if (!snapshot.size) {\n shouldSave = true\n\n const organization = await this.organizationService.findOne(snapshot.organizationId)\n if (!organization) {\n throw new NotFoundException(`Organization with ID ${snapshot.organizationId} not found`)\n }\n\n const MAX_SIZE_GB = organization.maxSnapshotSize\n\n if (sizeGB > MAX_SIZE_GB) {\n await this.updateSnapshotState(\n snapshot.id,\n SnapshotState.ERROR,\n `Snapshot size (${sizeGB.toFixed(2)}GB) exceeds maximum allowed size of ${MAX_SIZE_GB}GB`,\n )\n return DONT_SYNC_AGAIN\n }\n\n snapshot.size = sizeGB\n }\n\n // If entrypoint is not explicitly set, set it from snapshotInfoResponse\n if (!snapshot.entrypoint) {\n if (entrypoint && entrypoint.length > 0) {\n shouldSave = true\n if (Array.isArray(entrypoint)) {\n snapshot.entrypoint = entrypoint\n } else {\n snapshot.entrypoint = [entrypoint]\n }\n }\n }\n\n if (shouldSave) {\n await this.snapshotRepository.save(snapshot)\n }\n }\n\n @OnAsyncEvent({\n event: SnapshotEvents.CREATED,\n })\n private async handleSnapshotCreatedEvent(event: SnapshotCreatedEvent) {\n await this.syncSnapshotState(event.snapshot.id)\n }\n\n @OnAsyncEvent({\n event: SnapshotEvents.ACTIVATED,\n })\n private async handleSnapshotActivatedEvent(event: SnapshotActivatedEvent) {\n await this.syncSnapshotState(event.snapshot.id)\n }\n}\n" }, { "path": "apps/api/src/sandbox/managers/volume.manager.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger, OnApplicationBootstrap, OnApplicationShutdown, OnModuleInit } from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { Repository, In } from 'typeorm'\nimport { Volume } from '../entities/volume.entity'\nimport { VolumeState } from '../enums/volume-state.enum'\nimport { Cron, CronExpression, SchedulerRegistry } from '@nestjs/schedule'\nimport { S3Client, CreateBucketCommand, ListBucketsCommand, PutBucketTaggingCommand } from '@aws-sdk/client-s3'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport { RedisLockProvider } from '../common/redis-lock.provider'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { deleteS3Bucket } from '../../common/utils/delete-s3-bucket'\n\nimport { TrackableJobExecutions } from '../../common/interfaces/trackable-job-executions'\nimport { TrackJobExecution } from '../../common/decorators/track-job-execution.decorator'\nimport { setTimeout } from 'timers/promises'\nimport { LogExecution } from '../../common/decorators/log-execution.decorator'\nimport { WithInstrumentation } from '../../common/decorators/otel.decorator'\n\nconst VOLUME_STATE_LOCK_KEY = 'volume-state-'\n\n@Injectable()\nexport class VolumeManager\n implements OnModuleInit, TrackableJobExecutions, OnApplicationShutdown, OnApplicationBootstrap\n{\n activeJobs = new Set()\n\n private readonly logger = new Logger(VolumeManager.name)\n private processingVolumes: Set = new Set()\n private skipTestConnection = false\n private s3Client: S3Client | null = null\n\n constructor(\n @InjectRepository(Volume)\n private readonly volumeRepository: Repository,\n private readonly configService: TypedConfigService,\n @InjectRedis() private readonly redis: Redis,\n private readonly redisLockProvider: RedisLockProvider,\n private readonly schedulerRegistry: SchedulerRegistry,\n ) {\n if (!this.configService.get('s3.endpoint')) {\n return\n }\n\n const endpoint = this.configService.getOrThrow('s3.endpoint')\n const region = this.configService.getOrThrow('s3.region')\n const accessKeyId = this.configService.getOrThrow('s3.accessKey')\n const secretAccessKey = this.configService.getOrThrow('s3.secretKey')\n this.skipTestConnection = this.configService.get('skipConnections')\n\n this.s3Client = new S3Client({\n endpoint: endpoint.startsWith('http') ? endpoint : `http://${endpoint}`,\n region,\n credentials: {\n accessKeyId,\n secretAccessKey,\n },\n forcePathStyle: true,\n })\n }\n\n async onModuleInit() {\n if (!this.s3Client) {\n return\n }\n\n if (this.skipTestConnection) {\n this.logger.debug('Skipping S3 connection test')\n return\n }\n\n await this.testConnection()\n }\n\n onApplicationBootstrap() {\n if (!this.s3Client) {\n return\n }\n\n this.schedulerRegistry.getCronJob('process-pending-volumes').start()\n }\n\n async onApplicationShutdown() {\n // wait for all active jobs to finish\n while (this.activeJobs.size > 0) {\n this.logger.log(`Waiting for ${this.activeJobs.size} active jobs to finish`)\n await setTimeout(1000)\n }\n }\n\n private async testConnection() {\n try {\n // Try a simple operation to test the connection\n const command = new ListBucketsCommand({})\n await this.s3Client.send(command)\n this.logger.debug('Successfully connected to S3')\n } catch (error) {\n this.logger.error('Failed to connect to S3:', error)\n throw error\n }\n }\n\n @Cron(CronExpression.EVERY_5_SECONDS, { name: 'process-pending-volumes', waitForCompletion: true, disabled: true })\n @TrackJobExecution()\n @LogExecution('process-pending-volumes')\n @WithInstrumentation()\n async processPendingVolumes() {\n if (!this.s3Client) {\n return\n }\n\n try {\n // Lock the entire process\n const lockKey = 'process-pending-volumes'\n if (!(await this.redisLockProvider.lock(lockKey, 30))) {\n return\n }\n\n const pendingVolumes = await this.volumeRepository.find({\n where: {\n state: In([VolumeState.PENDING_CREATE, VolumeState.PENDING_DELETE]),\n },\n })\n\n await Promise.all(\n pendingVolumes.map(async (volume) => {\n if (this.processingVolumes.has(volume.id)) {\n return\n }\n\n // Get lock for this specific volume\n const volumeLockKey = `${VOLUME_STATE_LOCK_KEY}${volume.id}`\n const acquired = await this.redisLockProvider.lock(volumeLockKey, 30)\n if (!acquired) {\n return\n }\n\n try {\n this.processingVolumes.add(volume.id)\n await this.processVolumeState(volume)\n } finally {\n this.processingVolumes.delete(volume.id)\n await this.redisLockProvider.unlock(volumeLockKey)\n }\n }),\n )\n\n await this.redisLockProvider.unlock(lockKey)\n } catch (error) {\n this.logger.error('Error processing pending volumes:', error)\n }\n }\n\n private async processVolumeState(volume: Volume): Promise {\n const volumeLockKey = `${VOLUME_STATE_LOCK_KEY}${volume.id}`\n\n try {\n switch (volume.state) {\n case VolumeState.PENDING_CREATE:\n await this.handlePendingCreate(volume, volumeLockKey)\n break\n case VolumeState.PENDING_DELETE:\n await this.handlePendingDelete(volume, volumeLockKey)\n break\n }\n } catch (error) {\n this.logger.error(`Error processing volume ${volume.id}:`, error)\n await this.volumeRepository.update(volume.id, {\n state: VolumeState.ERROR,\n errorReason: error.message,\n })\n }\n }\n\n private async handlePendingCreate(volume: Volume, lockKey: string): Promise {\n try {\n // Refresh lock before state change\n await this.redis.setex(lockKey, 30, '1')\n\n // Update state to CREATING\n await this.volumeRepository.save({\n ...volume,\n state: VolumeState.CREATING,\n })\n\n // Refresh lock before S3 operation\n await this.redis.setex(lockKey, 30, '1')\n\n // Create bucket in Minio/S3\n const createBucketCommand = new CreateBucketCommand({\n Bucket: volume.getBucketName(),\n })\n\n await this.s3Client.send(createBucketCommand)\n\n await this.s3Client.send(\n new PutBucketTaggingCommand({\n Bucket: volume.getBucketName(),\n Tagging: {\n TagSet: [\n {\n Key: 'VolumeId',\n Value: volume.id,\n },\n {\n Key: 'OrganizationId',\n Value: volume.organizationId,\n },\n {\n Key: 'Environment',\n Value: this.configService.get('environment'),\n },\n ],\n },\n }),\n )\n\n // Refresh lock before final state update\n await this.redis.setex(lockKey, 30, '1')\n\n // Update volume state to READY\n await this.volumeRepository.save({\n ...volume,\n state: VolumeState.READY,\n })\n this.logger.debug(`Volume ${volume.id} created successfully`)\n } catch (error) {\n this.logger.error(`Error creating volume ${volume.id}:`, error)\n await this.volumeRepository.save({\n ...volume,\n state: VolumeState.ERROR,\n errorReason: error.message,\n })\n }\n }\n\n private async handlePendingDelete(volume: Volume, lockKey: string): Promise {\n try {\n // Refresh lock before state change\n await this.redis.setex(lockKey, 30, '1')\n\n // Update state to DELETING\n await this.volumeRepository.save({\n ...volume,\n state: VolumeState.DELETING,\n })\n\n // Refresh lock before S3 operation\n await this.redis.setex(lockKey, 30, '1')\n\n // Delete bucket from Minio/S3\n try {\n await deleteS3Bucket(this.s3Client, volume.getBucketName())\n } catch (error) {\n if (error.name === 'NoSuchBucket') {\n this.logger.warn(`Bucket for volume ${volume.id} does not exist, treating as already deleted`)\n } else if (error.name === 'BucketNotEmpty') {\n throw new Error('Volume deletion failed because the bucket is not empty. You may retry deletion.')\n } else {\n throw error\n }\n }\n\n // Refresh lock before final state update\n await this.redis.setex(lockKey, 30, '1')\n\n // Delete any existing volume record with the deleted state and the same name in the same organization\n await this.volumeRepository.delete({\n organizationId: volume.organizationId,\n name: `${volume.name}-deleted`,\n state: VolumeState.DELETED,\n })\n\n // Update volume state to DELETED and rename\n await this.volumeRepository.save({\n ...volume,\n state: VolumeState.DELETED,\n name: `${volume.name}-deleted`,\n })\n this.logger.debug(`Volume ${volume.id} deleted successfully`)\n } catch (error) {\n this.logger.error(`Error deleting volume ${volume.id}:`, error)\n await this.volumeRepository.save({\n ...volume,\n state: VolumeState.ERROR,\n errorReason: error.message,\n })\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/proxy/log-proxy.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Logger } from '@nestjs/common'\nimport { createProxyMiddleware, fixRequestBody, Options } from 'http-proxy-middleware'\nimport { IncomingMessage, ServerResponse } from 'http'\nimport { NextFunction } from 'express'\n\nexport class LogProxy {\n private readonly logger = new Logger(LogProxy.name)\n\n constructor(\n private readonly targetUrl: string,\n private readonly snapshotRef: string,\n private readonly authToken: string,\n private readonly follow: boolean,\n private readonly req: IncomingMessage,\n private readonly res: ServerResponse,\n private readonly next: NextFunction,\n ) {}\n\n create() {\n const proxyOptions: Options = {\n target: this.targetUrl,\n secure: false,\n changeOrigin: true,\n autoRewrite: true,\n pathRewrite: () => `/snapshots/logs?snapshotRef=${this.snapshotRef}&follow=${this.follow}`,\n on: {\n proxyReq: (proxyReq: any, req: any) => {\n proxyReq.setHeader('Authorization', `Bearer ${this.authToken}`)\n proxyReq.setHeader('Accept', 'application/octet-stream')\n fixRequestBody(proxyReq, req)\n },\n },\n proxyTimeout: 5 * 60 * 1000,\n }\n\n return createProxyMiddleware(proxyOptions)(this.req, this.res, this.next)\n }\n}\n" }, { "path": "apps/api/src/sandbox/repositories/sandbox.repository.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { DataSource, FindOptionsWhere } from 'typeorm'\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { ConflictException, Injectable, Logger, NotFoundException } from '@nestjs/common'\nimport { InjectDataSource } from '@nestjs/typeorm'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { BaseRepository } from '../../common/repositories/base.repository'\nimport { SandboxEvents } from '../constants/sandbox-events.constants'\nimport { SandboxStateUpdatedEvent } from '../events/sandbox-state-updated.event'\nimport { SandboxDesiredStateUpdatedEvent } from '../events/sandbox-desired-state-updated.event'\nimport { SandboxPublicStatusUpdatedEvent } from '../events/sandbox-public-status-updated.event'\nimport { SandboxOrganizationUpdatedEvent } from '../events/sandbox-organization-updated.event'\nimport { SandboxLookupCacheInvalidationService } from '../services/sandbox-lookup-cache-invalidation.service'\n\n@Injectable()\nexport class SandboxRepository extends BaseRepository {\n private readonly logger = new Logger(SandboxRepository.name)\n\n constructor(\n @InjectDataSource() dataSource: DataSource,\n eventEmitter: EventEmitter2,\n private readonly sandboxLookupCacheInvalidationService: SandboxLookupCacheInvalidationService,\n ) {\n super(dataSource, eventEmitter, Sandbox)\n }\n\n async insert(sandbox: Sandbox): Promise {\n const now = new Date()\n if (!sandbox.createdAt) {\n sandbox.createdAt = now\n }\n if (!sandbox.updatedAt) {\n sandbox.updatedAt = now\n }\n if (!sandbox.lastActivityAt) {\n sandbox.lastActivityAt = now\n }\n\n sandbox.assertValid()\n sandbox.enforceInvariants()\n\n await this.repository.insert(sandbox)\n\n this.invalidateLookupCacheOnInsert(sandbox)\n\n return sandbox\n }\n\n /**\n * @param id - The ID of the sandbox to update.\n * @param params.updateData - The partial data to update.\n *\n * @returns `void` because a raw update is performed.\n */\n async update(id: string, params: { updateData: Partial }, raw: true): Promise\n /**\n * @param id - The ID of the sandbox to update.\n * @param params.updateData - The partial data to update.\n * @param params.entity - Optional pre-fetched sandbox to use instead of fetching from the database.\n *\n * @returns The updated sandbox.\n */\n async update(id: string, params: { updateData: Partial; entity?: Sandbox }, raw?: false): Promise\n async update(\n id: string,\n params: { updateData: Partial; entity?: Sandbox },\n raw = false,\n ): Promise {\n const { updateData, entity } = params\n\n if (updateData.state && !updateData.lastActivityAt) {\n updateData.lastActivityAt = new Date()\n }\n\n if (raw) {\n await this.repository.update(id, updateData)\n return\n }\n\n const sandbox = entity ?? (await this.findOneBy({ id }))\n if (!sandbox) {\n throw new NotFoundException('Sandbox not found')\n }\n\n const previousSandbox = { ...sandbox }\n\n Object.assign(sandbox, updateData)\n sandbox.assertValid()\n const invariantChanges = sandbox.enforceInvariants()\n\n const result = await this.repository.update(id, { ...updateData, ...invariantChanges })\n if (!result.affected) {\n throw new NotFoundException('Sandbox not found after update')\n }\n sandbox.updatedAt = new Date()\n\n this.emitUpdateEvents(sandbox, previousSandbox)\n this.invalidateLookupCacheOnUpdate(sandbox, previousSandbox)\n\n return sandbox\n }\n\n /**\n * Partially updates a sandbox in the database and optionally emits a corresponding event based on the changes.\n *\n * Performs the update in a transaction with a pessimistic write lock to ensure consistency.\n *\n * @param id - The ID of the sandbox to update.\n * @param params.updateData - The partial data to update.\n * @param params.whereCondition - The where condition to use for the update.\n *\n * @throws {ConflictException} if the sandbox was modified by another operation\n */\n async updateWhere(\n id: string,\n params: {\n updateData: Partial\n whereCondition: FindOptionsWhere\n },\n ): Promise {\n const { updateData, whereCondition } = params\n\n if (updateData.state && !updateData.lastActivityAt) {\n updateData.lastActivityAt = new Date()\n }\n\n return this.manager.transaction(async (entityManager) => {\n const whereClause = {\n ...whereCondition,\n id,\n }\n\n const sandbox = await entityManager.findOne(Sandbox, {\n where: whereClause,\n lock: { mode: 'pessimistic_write' },\n relations: [],\n loadEagerRelations: false,\n })\n\n if (!sandbox) {\n throw new ConflictException('Sandbox was modified by another operation, please try again')\n }\n\n const previousSandbox = { ...sandbox }\n\n Object.assign(sandbox, updateData)\n sandbox.assertValid()\n const invariantChanges = sandbox.enforceInvariants()\n\n await entityManager.update(Sandbox, id, { ...updateData, ...invariantChanges })\n sandbox.updatedAt = new Date()\n\n this.emitUpdateEvents(sandbox, previousSandbox)\n this.invalidateLookupCacheOnUpdate(sandbox, previousSandbox)\n\n return sandbox\n })\n }\n\n /**\n * Invalidates the sandbox lookup cache for the inserted sandbox.\n */\n private invalidateLookupCacheOnInsert(sandbox: Sandbox): void {\n try {\n this.sandboxLookupCacheInvalidationService.invalidateOrgId({\n sandboxId: sandbox.id,\n organizationId: sandbox.organizationId,\n name: sandbox.name,\n })\n } catch (error) {\n this.logger.warn(\n `Failed to enqueue sandbox lookup cache invalidation on insert (id, organizationId, name) for ${sandbox.id}: ${error instanceof Error ? error.message : String(error)}`,\n )\n }\n }\n\n /**\n * Invalidates the sandbox lookup cache for the updated sandbox.\n */\n private invalidateLookupCacheOnUpdate(\n updatedSandbox: Sandbox,\n previousSandbox: Pick,\n ): void {\n try {\n this.sandboxLookupCacheInvalidationService.invalidate({\n sandboxId: updatedSandbox.id,\n organizationId: updatedSandbox.organizationId,\n previousOrganizationId: previousSandbox.organizationId,\n name: updatedSandbox.name,\n previousName: previousSandbox.name,\n })\n } catch (error) {\n this.logger.warn(\n `Failed to enqueue sandbox lookup cache invalidation on update (id, organizationId, name) for ${updatedSandbox.id}: ${error instanceof Error ? error.message : String(error)}`,\n )\n }\n\n try {\n if (updatedSandbox.authToken !== previousSandbox.authToken) {\n this.sandboxLookupCacheInvalidationService.invalidate({\n authToken: updatedSandbox.authToken,\n })\n }\n } catch (error) {\n this.logger.warn(\n `Failed to enqueue sandbox lookup cache invalidation on update (authToken) for ${updatedSandbox.id}: ${error instanceof Error ? error.message : String(error)}`,\n )\n }\n }\n\n /**\n * Emits events based on the changes made to a sandbox.\n */\n private emitUpdateEvents(\n updatedSandbox: Sandbox,\n previousSandbox: Pick,\n ): void {\n if (previousSandbox.state !== updatedSandbox.state) {\n this.eventEmitter.emit(\n SandboxEvents.STATE_UPDATED,\n new SandboxStateUpdatedEvent(updatedSandbox, previousSandbox.state, updatedSandbox.state),\n )\n }\n\n if (previousSandbox.desiredState !== updatedSandbox.desiredState) {\n this.eventEmitter.emit(\n SandboxEvents.DESIRED_STATE_UPDATED,\n new SandboxDesiredStateUpdatedEvent(updatedSandbox, previousSandbox.desiredState, updatedSandbox.desiredState),\n )\n }\n\n if (previousSandbox.public !== updatedSandbox.public) {\n this.eventEmitter.emit(\n SandboxEvents.PUBLIC_STATUS_UPDATED,\n new SandboxPublicStatusUpdatedEvent(updatedSandbox, previousSandbox.public, updatedSandbox.public),\n )\n }\n\n if (previousSandbox.organizationId !== updatedSandbox.organizationId) {\n this.eventEmitter.emit(\n SandboxEvents.ORGANIZATION_UPDATED,\n new SandboxOrganizationUpdatedEvent(\n updatedSandbox,\n previousSandbox.organizationId,\n updatedSandbox.organizationId,\n ),\n )\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/runner-adapter/runnerAdapter.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger } from '@nestjs/common'\nimport { Runner } from '../entities/runner.entity'\nimport { ModuleRef } from '@nestjs/core'\nimport { RunnerAdapterV0 } from './runnerAdapter.v0'\nimport { RunnerAdapterV2 } from './runnerAdapter.v2'\nimport { BuildInfo } from '../entities/build-info.entity'\nimport { DockerRegistry } from '../../docker-registry/entities/docker-registry.entity'\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { BackupState } from '../enums/backup-state.enum'\nimport { RunnerServiceInfo } from '../common/runner-service-info'\n\nexport interface RunnerSandboxInfo {\n state: SandboxState\n daemonVersion?: string\n backupState?: BackupState\n backupErrorReason?: string\n}\n\nexport interface RunnerSnapshotInfo {\n name: string\n sizeGB: number\n entrypoint: string[]\n cmd: string[]\n hash: string\n}\n\nexport interface SnapshotDigestResponse {\n hash: string\n sizeGB: number\n}\n\nexport interface RunnerMetrics {\n currentAllocatedCpu?: number\n currentAllocatedDiskGiB?: number\n currentAllocatedMemoryGiB?: number\n currentCpuUsagePercentage?: number\n currentDiskUsagePercentage?: number\n currentMemoryUsagePercentage?: number\n currentSnapshotCount?: number\n currentStartedSandboxes?: number\n}\n\nexport interface RunnerInfo {\n serviceHealth?: RunnerServiceInfo[]\n metrics?: RunnerMetrics\n appVersion?: string\n}\n\nexport interface StartSandboxResponse {\n daemonVersion: string\n}\n\nexport interface RunnerAdapter {\n init(runner: Runner): Promise\n\n healthCheck(signal?: AbortSignal): Promise\n\n runnerInfo(signal?: AbortSignal): Promise\n\n sandboxInfo(sandboxId: string): Promise\n createSandbox(\n sandbox: Sandbox,\n registry?: DockerRegistry,\n entrypoint?: string[],\n metadata?: { [key: string]: string },\n otelEndpoint?: string,\n skipStart?: boolean,\n ): Promise\n startSandbox(\n sandboxId: string,\n authToken: string,\n metadata?: { [key: string]: string },\n skipStart?: boolean,\n ): Promise\n stopSandbox(sandboxId: string): Promise\n destroySandbox(sandboxId: string): Promise\n createBackup(sandbox: Sandbox, backupSnapshotName: string, registry?: DockerRegistry): Promise\n\n removeSnapshot(snapshotName: string): Promise\n buildSnapshot(\n buildInfo: BuildInfo,\n organizationId?: string,\n sourceRegistries?: DockerRegistry[],\n registry?: DockerRegistry,\n pushToInternalRegistry?: boolean,\n ): Promise\n pullSnapshot(\n snapshotName: string,\n registry?: DockerRegistry,\n destinationRegistry?: DockerRegistry,\n destinationRef?: string,\n newTag?: string,\n ): Promise\n snapshotExists(snapshotRef: string): Promise\n getSnapshotInfo(snapshotName: string): Promise\n inspectSnapshotInRegistry(snapshotName: string, registry?: DockerRegistry): Promise\n\n updateNetworkSettings(\n sandboxId: string,\n networkBlockAll?: boolean,\n networkAllowList?: string,\n networkLimitEgress?: boolean,\n ): Promise\n\n recoverSandbox(sandbox: Sandbox): Promise\n\n resizeSandbox(sandboxId: string, cpu?: number, memory?: number, disk?: number): Promise\n}\n\n@Injectable()\nexport class RunnerAdapterFactory {\n private readonly logger = new Logger(RunnerAdapterFactory.name)\n\n constructor(private moduleRef: ModuleRef) {}\n\n async create(runner: Runner): Promise {\n switch (runner.apiVersion) {\n case '0': {\n const adapter = await this.moduleRef.create(RunnerAdapterV0)\n await adapter.init(runner)\n return adapter\n }\n case '2': {\n const adapter = await this.moduleRef.create(RunnerAdapterV2)\n await adapter.init(runner)\n return adapter\n }\n default:\n throw new Error(`Unsupported runner version: ${runner.apiVersion}`)\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/runner-adapter/runnerAdapter.v0.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport axios, { AxiosError } from 'axios'\nimport axiosDebug from 'axios-debug-log'\nimport axiosRetry from 'axios-retry'\n\nimport { Injectable, Logger } from '@nestjs/common'\nimport {\n RunnerAdapter,\n RunnerInfo,\n RunnerSandboxInfo,\n RunnerSnapshotInfo,\n StartSandboxResponse,\n SnapshotDigestResponse,\n} from './runnerAdapter'\nimport { SnapshotStateError } from '../errors/snapshot-state-error'\nimport { Runner } from '../entities/runner.entity'\nimport {\n Configuration,\n SandboxApi,\n EnumsSandboxState,\n SnapshotsApi,\n EnumsBackupState,\n DefaultApi,\n CreateSandboxDTO,\n BuildSnapshotRequestDTO,\n CreateBackupDTO,\n PullSnapshotRequestDTO,\n ToolboxApi,\n UpdateNetworkSettingsDTO,\n RecoverSandboxDTO,\n} from '@daytonaio/runner-api-client'\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { BuildInfo } from '../entities/build-info.entity'\nimport { DockerRegistry } from '../../docker-registry/entities/docker-registry.entity'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { BackupState } from '../enums/backup-state.enum'\nimport { RunnerApiError } from '../errors/runner-api-error'\n\nconst isDebugEnabled = process.env.DEBUG === 'true'\n\n// Network error codes that should trigger a retry\nconst RETRYABLE_NETWORK_ERROR_CODES = ['ECONNRESET', 'ETIMEDOUT']\n\n@Injectable()\nexport class RunnerAdapterV0 implements RunnerAdapter {\n private readonly logger = new Logger(RunnerAdapterV0.name)\n private sandboxApiClient: SandboxApi\n private snapshotApiClient: SnapshotsApi\n private runnerApiClient: DefaultApi\n private toolboxApiClient: ToolboxApi\n\n private convertSandboxState(state: EnumsSandboxState): SandboxState {\n switch (state) {\n case EnumsSandboxState.SandboxStateCreating:\n return SandboxState.CREATING\n case EnumsSandboxState.SandboxStateRestoring:\n return SandboxState.RESTORING\n case EnumsSandboxState.SandboxStateDestroyed:\n return SandboxState.DESTROYED\n case EnumsSandboxState.SandboxStateDestroying:\n return SandboxState.DESTROYING\n case EnumsSandboxState.SandboxStateStarted:\n return SandboxState.STARTED\n case EnumsSandboxState.SandboxStateStopped:\n return SandboxState.STOPPED\n case EnumsSandboxState.SandboxStateStarting:\n return SandboxState.STARTING\n case EnumsSandboxState.SandboxStateStopping:\n return SandboxState.STOPPING\n case EnumsSandboxState.SandboxStateError:\n return SandboxState.ERROR\n case EnumsSandboxState.SandboxStatePullingSnapshot:\n return SandboxState.PULLING_SNAPSHOT\n default:\n return SandboxState.UNKNOWN\n }\n }\n\n private convertBackupState(state: EnumsBackupState): BackupState {\n switch (state) {\n case EnumsBackupState.BackupStatePending:\n return BackupState.PENDING\n case EnumsBackupState.BackupStateInProgress:\n return BackupState.IN_PROGRESS\n case EnumsBackupState.BackupStateCompleted:\n return BackupState.COMPLETED\n case EnumsBackupState.BackupStateFailed:\n return BackupState.ERROR\n default:\n return BackupState.NONE\n }\n }\n\n public async init(runner: Runner): Promise {\n if (!runner.apiUrl) {\n throw new Error('Runner API URL is required')\n }\n\n const axiosInstance = axios.create({\n baseURL: runner.apiUrl,\n headers: {\n Authorization: `Bearer ${runner.apiKey}`,\n },\n timeout: 1 * 60 * 60 * 1000, // 1 hour\n })\n\n const retryErrorMap = new WeakMap()\n\n // Configure axios-retry to handle network errors\n axiosRetry(axiosInstance, {\n retries: 3,\n retryDelay: axiosRetry.exponentialDelay,\n retryCondition: (error) => {\n // Check if error code or message matches any retryable error\n const matchedErrorCode = RETRYABLE_NETWORK_ERROR_CODES.find(\n (code) =>\n (error as any).code === code || error.message?.includes(code) || (error as any).cause?.code === code,\n )\n\n if (matchedErrorCode) {\n retryErrorMap.set(error, matchedErrorCode)\n return true\n }\n\n return false\n },\n onRetry: (retryCount, error, requestConfig) => {\n this.logger.warn(\n `Retrying request due to ${retryErrorMap.get(error)} (attempt ${retryCount}): ${requestConfig.method?.toUpperCase()} ${requestConfig.url}`,\n )\n },\n })\n\n axiosInstance.interceptors.response.use(\n (response) => {\n return response\n },\n (error) => {\n const errorMessage = error.response?.data?.message || error.response?.data || error.message || String(error)\n const statusCode = error.response?.data?.statusCode || error.response?.status || error.status\n const code = error.response?.data?.code || (error as any).code || (error as any).cause?.code || ''\n\n throw new RunnerApiError(String(errorMessage), statusCode, code)\n },\n )\n\n if (isDebugEnabled) {\n axiosDebug.addLogger(axiosInstance)\n }\n\n this.sandboxApiClient = new SandboxApi(new Configuration(), '', axiosInstance)\n this.snapshotApiClient = new SnapshotsApi(new Configuration(), '', axiosInstance)\n this.runnerApiClient = new DefaultApi(new Configuration(), '', axiosInstance)\n this.toolboxApiClient = new ToolboxApi(new Configuration(), '', axiosInstance)\n }\n\n async healthCheck(signal?: AbortSignal): Promise {\n const response = await this.runnerApiClient.healthCheck({ signal })\n if (response.data.status !== 'ok') {\n throw new Error('Runner is not healthy')\n }\n }\n\n async runnerInfo(signal?: AbortSignal): Promise {\n const response = await this.runnerApiClient.runnerInfo({ signal })\n return {\n serviceHealth: response.data.serviceHealth,\n metrics: response.data.metrics,\n appVersion: response.data.appVersion,\n }\n }\n\n async sandboxInfo(sandboxId: string): Promise {\n const sandboxInfo = await this.sandboxApiClient.info(sandboxId)\n return {\n state: this.convertSandboxState(sandboxInfo.data.state),\n backupState: this.convertBackupState(sandboxInfo.data.backupState),\n backupErrorReason: sandboxInfo.data.backupError,\n daemonVersion: sandboxInfo.data.daemonVersion,\n }\n }\n\n async createSandbox(\n sandbox: Sandbox,\n registry?: DockerRegistry,\n entrypoint?: string[],\n metadata?: { [key: string]: string },\n otelEndpoint?: string,\n skipStart?: boolean,\n ): Promise {\n const createSandboxDto: CreateSandboxDTO = {\n id: sandbox.id,\n userId: sandbox.organizationId,\n snapshot: sandbox.snapshot,\n osUser: sandbox.osUser,\n cpuQuota: sandbox.cpu,\n gpuQuota: sandbox.gpu,\n memoryQuota: sandbox.mem,\n storageQuota: sandbox.disk,\n env: sandbox.env,\n registry: registry\n ? {\n project: registry.project,\n url: registry.url.replace(/^(https?:\\/\\/)/, ''),\n username: registry.username,\n password: registry.password,\n }\n : undefined,\n entrypoint: entrypoint,\n volumes: sandbox.volumes?.map((volume) => ({\n volumeId: volume.volumeId,\n mountPath: volume.mountPath,\n subpath: volume.subpath,\n })),\n networkBlockAll: sandbox.networkBlockAll,\n networkAllowList: sandbox.networkAllowList,\n metadata: metadata,\n authToken: sandbox.authToken,\n otelEndpoint,\n skipStart: skipStart,\n organizationId: sandbox.organizationId,\n regionId: sandbox.region,\n }\n\n const response = await this.sandboxApiClient.create(createSandboxDto)\n\n if (!response?.data?.daemonVersion) {\n return undefined\n }\n\n return {\n daemonVersion: response.data.daemonVersion,\n }\n }\n\n async startSandbox(\n sandboxId: string,\n authToken: string,\n metadata?: { [key: string]: string },\n ): Promise {\n const response = await this.sandboxApiClient.start(sandboxId, authToken, metadata)\n\n if (!response?.data?.daemonVersion) {\n return undefined\n }\n\n return {\n daemonVersion: response.data.daemonVersion,\n }\n }\n\n async stopSandbox(sandboxId: string): Promise {\n await this.sandboxApiClient.stop(sandboxId)\n }\n\n async destroySandbox(sandboxId: string): Promise {\n await this.sandboxApiClient.destroy(sandboxId)\n }\n\n async createBackup(sandbox: Sandbox, backupSnapshotName: string, registry?: DockerRegistry): Promise {\n const request: CreateBackupDTO = {\n snapshot: backupSnapshotName,\n registry: undefined,\n }\n\n if (registry) {\n request.registry = {\n project: registry.project,\n url: registry.url.replace(/^(https?:\\/\\/)/, ''),\n username: registry.username,\n password: registry.password,\n }\n }\n\n await this.sandboxApiClient.createBackup(sandbox.id, request)\n }\n\n async buildSnapshot(\n buildInfo: BuildInfo,\n organizationId?: string,\n sourceRegistries?: DockerRegistry[],\n registry?: DockerRegistry,\n pushToInternalRegistry?: boolean,\n ): Promise {\n const request: BuildSnapshotRequestDTO = {\n snapshot: buildInfo.snapshotRef,\n dockerfile: buildInfo.dockerfileContent,\n organizationId: organizationId,\n context: buildInfo.contextHashes,\n pushToInternalRegistry: pushToInternalRegistry,\n }\n\n if (sourceRegistries) {\n request.sourceRegistries = sourceRegistries.map((sourceRegistry) => ({\n project: sourceRegistry.project,\n url: sourceRegistry.url.replace(/^(https?:\\/\\/)/, ''),\n username: sourceRegistry.username,\n password: sourceRegistry.password,\n }))\n }\n\n if (registry) {\n request.registry = {\n project: registry.project,\n url: registry.url.replace(/^(https?:\\/\\/)/, ''),\n username: registry.username,\n password: registry.password,\n }\n }\n\n await this.snapshotApiClient.buildSnapshot(request)\n }\n\n async removeSnapshot(snapshotName: string): Promise {\n await this.snapshotApiClient.removeSnapshot(snapshotName)\n }\n\n async pullSnapshot(\n snapshotName: string,\n registry?: DockerRegistry,\n destinationRegistry?: DockerRegistry,\n destinationRef?: string,\n newTag?: string,\n ): Promise {\n const request: PullSnapshotRequestDTO = {\n snapshot: snapshotName,\n newTag,\n }\n\n if (registry) {\n request.registry = {\n project: registry.project,\n url: registry.url.replace(/^(https?:\\/\\/)/, ''),\n username: registry.username,\n password: registry.password,\n }\n }\n\n if (destinationRegistry) {\n request.destinationRegistry = {\n project: destinationRegistry.project,\n url: destinationRegistry.url.replace(/^(https?:\\/\\/)/, ''),\n username: destinationRegistry.username,\n password: destinationRegistry.password,\n }\n }\n\n if (destinationRef) {\n request.destinationRef = destinationRef\n }\n\n await this.snapshotApiClient.pullSnapshot(request)\n }\n\n async snapshotExists(snapshotName: string): Promise {\n const response = await this.snapshotApiClient.snapshotExists(snapshotName)\n return response.data.exists\n }\n\n async getSnapshotInfo(snapshotName: string): Promise {\n try {\n const response = await this.snapshotApiClient.getSnapshotInfo(snapshotName)\n\n return {\n name: response.data.name || '',\n sizeGB: response.data.sizeGB,\n entrypoint: response.data.entrypoint,\n cmd: response.data.cmd,\n hash: response.data.hash,\n }\n } catch (err) {\n if (err instanceof RunnerApiError && err.statusCode === 422) {\n throw new SnapshotStateError(err.message)\n }\n throw err\n }\n }\n\n async inspectSnapshotInRegistry(snapshotName: string, registry?: DockerRegistry): Promise {\n const response = await this.snapshotApiClient.inspectSnapshotInRegistry({\n snapshot: snapshotName,\n registry: registry\n ? {\n project: registry.project,\n url: registry.url.replace(/^(https?:\\/\\/)/, ''),\n username: registry.username,\n password: registry.password,\n }\n : undefined,\n })\n\n return {\n hash: response.data.hash,\n sizeGB: response.data.sizeGB,\n }\n }\n\n async updateNetworkSettings(\n sandboxId: string,\n networkBlockAll?: boolean,\n networkAllowList?: string,\n networkLimitEgress?: boolean,\n ): Promise {\n const updateNetworkSettingsDto: UpdateNetworkSettingsDTO = {\n networkBlockAll: networkBlockAll,\n networkAllowList: networkAllowList,\n networkLimitEgress: networkLimitEgress,\n }\n\n await this.sandboxApiClient.updateNetworkSettings(sandboxId, updateNetworkSettingsDto)\n }\n\n async recoverSandbox(sandbox: Sandbox): Promise {\n const recoverSandboxDTO: RecoverSandboxDTO = {\n userId: sandbox.organizationId,\n snapshot: sandbox.snapshot,\n osUser: sandbox.osUser,\n cpuQuota: sandbox.cpu,\n gpuQuota: sandbox.gpu,\n memoryQuota: sandbox.mem,\n storageQuota: sandbox.disk,\n env: sandbox.env,\n volumes: sandbox.volumes?.map((volume) => ({\n volumeId: volume.volumeId,\n mountPath: volume.mountPath,\n subpath: volume.subpath,\n })),\n networkBlockAll: sandbox.networkBlockAll,\n networkAllowList: sandbox.networkAllowList,\n errorReason: sandbox.errorReason,\n backupErrorReason: sandbox.backupErrorReason,\n }\n await this.sandboxApiClient.recover(sandbox.id, recoverSandboxDTO)\n }\n\n async resizeSandbox(sandboxId: string, cpu?: number, memory?: number, disk?: number): Promise {\n await this.sandboxApiClient.resize(sandboxId, { cpu, memory, disk })\n }\n}\n" }, { "path": "apps/api/src/sandbox/runner-adapter/runnerAdapter.v2.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger } from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { Repository, IsNull, Not } from 'typeorm'\nimport {\n RunnerAdapter,\n RunnerInfo,\n RunnerSandboxInfo,\n RunnerSnapshotInfo,\n StartSandboxResponse,\n SnapshotDigestResponse,\n} from './runnerAdapter'\nimport { Runner } from '../entities/runner.entity'\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { Job } from '../entities/job.entity'\nimport { BuildInfo } from '../entities/build-info.entity'\nimport { DockerRegistry } from '../../docker-registry/entities/docker-registry.entity'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { JobType } from '../enums/job-type.enum'\nimport { JobStatus } from '../enums/job-status.enum'\nimport { ResourceType } from '../enums/resource-type.enum'\nimport { JobService } from '../services/job.service'\nimport { SandboxRepository } from '../repositories/sandbox.repository'\nimport {\n CreateSandboxDTO,\n CreateBackupDTO,\n BuildSnapshotRequestDTO,\n PullSnapshotRequestDTO,\n UpdateNetworkSettingsDTO,\n InspectSnapshotInRegistryRequest,\n RecoverSandboxDTO,\n} from '@daytonaio/runner-api-client'\nimport { SnapshotStateError } from '../errors/snapshot-state-error'\n\n/**\n * RunnerAdapterV2 implements RunnerAdapter for v2 runners.\n * Instead of making direct API calls to the runner, it creates jobs in the database\n * that the v2 runner polls and processes asynchronously.\n */\n@Injectable()\nexport class RunnerAdapterV2 implements RunnerAdapter {\n private readonly logger = new Logger(RunnerAdapterV2.name)\n private runner: Runner\n\n constructor(\n private readonly sandboxRepository: SandboxRepository,\n @InjectRepository(Job)\n private readonly jobRepository: Repository,\n private readonly jobService: JobService,\n ) {}\n\n async init(runner: Runner): Promise {\n this.runner = runner\n }\n\n async healthCheck(_signal?: AbortSignal): Promise {\n throw new Error('healthCheck is not supported for V2 runners')\n }\n\n async runnerInfo(_signal?: AbortSignal): Promise {\n throw new Error('runnerInfo is not supported for V2 runners')\n }\n\n async sandboxInfo(sandboxId: string): Promise {\n // Query the sandbox entity\n const sandbox = await this.sandboxRepository.findOne({\n where: { id: sandboxId },\n })\n\n if (!sandbox) {\n throw new Error(`Sandbox ${sandboxId} not found`)\n }\n\n // Query for any incomplete jobs for this sandbox to determine transitional state\n const incompleteJob = await this.jobRepository.findOne({\n where: {\n resourceType: ResourceType.SANDBOX,\n resourceId: sandboxId,\n completedAt: IsNull(),\n },\n order: { createdAt: 'DESC' },\n })\n\n let state = sandbox.state\n\n let daemonVersion: string | undefined = undefined\n\n // If there's an incomplete job, infer the transitional state from job type\n if (incompleteJob) {\n state = this.inferStateFromJob(incompleteJob, sandbox)\n daemonVersion = incompleteJob.getResultMetadata()?.daemonVersion\n } else {\n // Look for latest job for this sandbox\n const latestJob = await this.jobRepository.findOne({\n where: {\n resourceType: ResourceType.SANDBOX,\n resourceId: sandboxId,\n },\n order: { createdAt: 'DESC' },\n })\n if (latestJob) {\n state = this.inferStateFromJob(latestJob, sandbox)\n daemonVersion = latestJob.getResultMetadata()?.daemonVersion\n }\n }\n\n return {\n state,\n backupState: sandbox.backupState,\n backupErrorReason: sandbox.backupErrorReason,\n daemonVersion,\n }\n }\n\n private inferStateFromJob(job: Job, sandbox: Sandbox): SandboxState {\n // Map job types to transitional states\n switch (job.type) {\n case JobType.CREATE_SANDBOX:\n return job.status === JobStatus.COMPLETED ? SandboxState.STARTED : SandboxState.CREATING\n case JobType.START_SANDBOX:\n return job.status === JobStatus.COMPLETED ? SandboxState.STARTED : SandboxState.STARTING\n case JobType.STOP_SANDBOX:\n return job.status === JobStatus.COMPLETED ? SandboxState.STOPPED : SandboxState.STOPPING\n case JobType.DESTROY_SANDBOX:\n return job.status === JobStatus.COMPLETED ? SandboxState.DESTROYED : SandboxState.DESTROYING\n default:\n // For other job types (backup, etc.), return current sandbox state\n return sandbox.state\n }\n }\n\n async createSandbox(\n sandbox: Sandbox,\n registry?: DockerRegistry,\n entrypoint?: string[],\n metadata?: { [key: string]: string },\n otelEndpoint?: string,\n skipStart?: boolean,\n ): Promise {\n const payload: CreateSandboxDTO = {\n id: sandbox.id,\n userId: sandbox.organizationId,\n snapshot: sandbox.snapshot,\n osUser: sandbox.osUser,\n cpuQuota: sandbox.cpu,\n gpuQuota: sandbox.gpu,\n memoryQuota: sandbox.mem,\n storageQuota: sandbox.disk,\n env: sandbox.env,\n registry: registry\n ? {\n project: registry.project,\n url: registry.url.replace(/^(https?:\\/\\/)/, ''),\n username: registry.username,\n password: registry.password,\n }\n : undefined,\n entrypoint: entrypoint,\n volumes: sandbox.volumes?.map((volume) => ({\n volumeId: volume.volumeId,\n mountPath: volume.mountPath,\n subpath: volume.subpath,\n })),\n networkBlockAll: sandbox.networkBlockAll,\n networkAllowList: sandbox.networkAllowList,\n metadata: metadata,\n authToken: sandbox.authToken,\n otelEndpoint: otelEndpoint,\n skipStart: skipStart,\n organizationId: sandbox.organizationId,\n regionId: sandbox.region,\n }\n\n await this.jobService.createJob(\n null,\n JobType.CREATE_SANDBOX,\n this.runner.id,\n ResourceType.SANDBOX,\n sandbox.id,\n payload,\n )\n\n this.logger.debug(`Created CREATE_SANDBOX job for sandbox ${sandbox.id} on runner ${this.runner.id}`)\n\n // Daemon version will be set in the job result metadata\n return undefined\n }\n\n async startSandbox(\n sandboxId: string,\n authToken: string,\n metadata?: { [key: string]: string },\n ): Promise {\n await this.jobService.createJob(null, JobType.START_SANDBOX, this.runner.id, ResourceType.SANDBOX, sandboxId, {\n authToken,\n metadata,\n })\n\n this.logger.debug(`Created START_SANDBOX job for sandbox ${sandboxId} on runner ${this.runner.id}`)\n\n // Daemon version will be set in the job result metadata\n return undefined\n }\n\n async stopSandbox(sandboxId: string): Promise {\n await this.jobService.createJob(null, JobType.STOP_SANDBOX, this.runner.id, ResourceType.SANDBOX, sandboxId)\n\n this.logger.debug(`Created STOP_SANDBOX job for sandbox ${sandboxId} on runner ${this.runner.id}`)\n }\n\n async destroySandbox(sandboxId: string): Promise {\n await this.jobService.createJob(null, JobType.DESTROY_SANDBOX, this.runner.id, ResourceType.SANDBOX, sandboxId)\n\n this.logger.debug(`Created DESTROY_SANDBOX job for sandbox ${sandboxId} on runner ${this.runner.id}`)\n }\n\n async recoverSandbox(sandbox: Sandbox): Promise {\n const recoverSandboxDTO: RecoverSandboxDTO = {\n userId: sandbox.organizationId,\n snapshot: sandbox.snapshot,\n osUser: sandbox.osUser,\n cpuQuota: sandbox.cpu,\n gpuQuota: sandbox.gpu,\n memoryQuota: sandbox.mem,\n storageQuota: sandbox.disk,\n env: sandbox.env,\n volumes: sandbox.volumes?.map((volume) => ({\n volumeId: volume.volumeId,\n mountPath: volume.mountPath,\n subpath: volume.subpath,\n })),\n networkBlockAll: sandbox.networkBlockAll,\n networkAllowList: sandbox.networkAllowList,\n errorReason: sandbox.errorReason,\n backupErrorReason: sandbox.backupErrorReason,\n }\n await this.jobService.createJob(\n null,\n JobType.RECOVER_SANDBOX,\n this.runner.id,\n ResourceType.SANDBOX,\n sandbox.id,\n recoverSandboxDTO,\n )\n\n this.logger.debug(`Created RECOVER_SANDBOX job for sandbox ${sandbox.id} on runner ${this.runner.id}`)\n }\n\n async createBackup(sandbox: Sandbox, backupSnapshotName: string, registry?: DockerRegistry): Promise {\n const payload: CreateBackupDTO = {\n snapshot: backupSnapshotName,\n registry: undefined,\n }\n\n if (registry) {\n payload.registry = {\n project: registry.project,\n url: registry.url.replace(/^(https?:\\/\\/)/, ''),\n username: registry.username,\n password: registry.password,\n }\n }\n\n await this.jobService.createJob(\n null,\n JobType.CREATE_BACKUP,\n this.runner.id,\n ResourceType.SANDBOX,\n sandbox.id,\n payload,\n )\n\n this.logger.debug(`Created CREATE_BACKUP job for sandbox ${sandbox.id} on runner ${this.runner.id}`)\n }\n\n async buildSnapshot(\n buildInfo: BuildInfo,\n organizationId?: string,\n sourceRegistries?: DockerRegistry[],\n registry?: DockerRegistry,\n pushToInternalRegistry?: boolean,\n ): Promise {\n const payload: BuildSnapshotRequestDTO = {\n snapshot: buildInfo.snapshotRef,\n dockerfile: buildInfo.dockerfileContent,\n organizationId: organizationId,\n context: buildInfo.contextHashes,\n pushToInternalRegistry: pushToInternalRegistry,\n }\n\n if (sourceRegistries) {\n payload.sourceRegistries = sourceRegistries.map((sourceRegistry) => ({\n project: sourceRegistry.project,\n url: sourceRegistry.url.replace(/^(https?:\\/\\/)/, ''),\n username: sourceRegistry.username,\n password: sourceRegistry.password,\n }))\n }\n\n if (registry) {\n payload.registry = {\n project: registry.project,\n url: registry.url.replace(/^(https?:\\/\\/)/, ''),\n username: registry.username,\n password: registry.password,\n }\n }\n\n await this.jobService.createJob(\n null,\n JobType.BUILD_SNAPSHOT,\n this.runner.id,\n ResourceType.SNAPSHOT,\n buildInfo.snapshotRef,\n payload,\n )\n\n this.logger.debug(`Created BUILD_SNAPSHOT job for ${buildInfo.snapshotRef} on runner ${this.runner.id}`)\n }\n\n async pullSnapshot(\n snapshotName: string,\n registry?: DockerRegistry,\n destinationRegistry?: DockerRegistry,\n destinationRef?: string,\n newTag?: string,\n ): Promise {\n const payload: PullSnapshotRequestDTO = {\n snapshot: snapshotName,\n newTag,\n }\n\n if (registry) {\n payload.registry = {\n project: registry.project,\n url: registry.url.replace(/^(https?:\\/\\/)/, ''),\n username: registry.username,\n password: registry.password,\n }\n }\n\n if (destinationRegistry) {\n payload.destinationRegistry = {\n project: destinationRegistry.project,\n url: destinationRegistry.url.replace(/^(https?:\\/\\/)/, ''),\n username: destinationRegistry.username,\n password: destinationRegistry.password,\n }\n }\n\n if (destinationRef) {\n payload.destinationRef = destinationRef\n }\n\n await this.jobService.createJob(\n null,\n JobType.PULL_SNAPSHOT,\n this.runner.id,\n ResourceType.SNAPSHOT,\n destinationRef || snapshotName,\n payload,\n )\n\n this.logger.debug(`Created PULL_SNAPSHOT job for ${snapshotName} on runner ${this.runner.id}`)\n }\n\n async removeSnapshot(snapshotName: string): Promise {\n await this.jobService.createJob(null, JobType.REMOVE_SNAPSHOT, this.runner.id, ResourceType.SNAPSHOT, snapshotName)\n\n this.logger.debug(`Created REMOVE_SNAPSHOT job for ${snapshotName} on runner ${this.runner.id}`)\n }\n\n async snapshotExists(snapshotRef: string): Promise {\n // Find the latest job for this snapshot on this runner\n // Do not include INSPECT_SNAPSHOT_IN_REGISTRY\n const latestJob = await this.jobRepository.findOne({\n where: [\n {\n runnerId: this.runner.id,\n resourceType: ResourceType.SNAPSHOT,\n resourceId: snapshotRef,\n type: Not(JobType.INSPECT_SNAPSHOT_IN_REGISTRY),\n },\n ],\n order: { createdAt: 'DESC' },\n })\n\n // If no job exists, snapshot doesn't exist\n if (!latestJob) {\n return false\n }\n\n // If the latest job is a REMOVE_SNAPSHOT, the snapshot no longer exists\n if (latestJob.type === JobType.REMOVE_SNAPSHOT) {\n return false\n }\n\n // If the latest job is PULL_SNAPSHOT or BUILD_SNAPSHOT, check if it completed successfully\n if (latestJob.type === JobType.PULL_SNAPSHOT || latestJob.type === JobType.BUILD_SNAPSHOT) {\n return latestJob.status === JobStatus.COMPLETED\n }\n\n // For any other job type, snapshot doesn't exist\n return false\n }\n\n async getSnapshotInfo(snapshotRef: string): Promise {\n const latestJob = await this.jobRepository.findOne({\n where: [\n {\n runnerId: this.runner.id,\n resourceType: ResourceType.SNAPSHOT,\n resourceId: snapshotRef,\n type: Not(JobType.INSPECT_SNAPSHOT_IN_REGISTRY),\n },\n ],\n order: { createdAt: 'DESC' },\n })\n\n if (!latestJob) {\n throw new Error(`Snapshot ${snapshotRef} not found on runner ${this.runner.id}`)\n }\n\n const metadata = latestJob.getResultMetadata()\n\n switch (latestJob.status) {\n case JobStatus.COMPLETED:\n if (latestJob.type === JobType.PULL_SNAPSHOT || latestJob.type === JobType.BUILD_SNAPSHOT) {\n return {\n name: latestJob.resourceId,\n sizeGB: metadata?.sizeGB,\n entrypoint: metadata?.entrypoint,\n cmd: metadata?.cmd,\n hash: metadata?.hash,\n }\n }\n throw new Error(\n `Snapshot ${snapshotRef} is in an unknown state (${latestJob.status}) on runner ${this.runner.id}`,\n )\n case JobStatus.FAILED:\n throw new SnapshotStateError(\n latestJob.errorMessage || `Snapshot ${snapshotRef} failed on runner ${this.runner.id}`,\n )\n default:\n throw new Error(\n `Snapshot ${snapshotRef} is in an unknown state (${latestJob.status}) on runner ${this.runner.id}`,\n )\n }\n }\n\n async inspectSnapshotInRegistry(snapshotName: string, registry?: DockerRegistry): Promise {\n const payload: InspectSnapshotInRegistryRequest = {\n snapshot: snapshotName,\n registry: registry\n ? {\n project: registry.project,\n url: registry.url.replace(/^(https?:\\/\\/)/, ''),\n username: registry.username,\n password: registry.password,\n }\n : undefined,\n }\n\n const job = await this.jobService.createJob(\n null,\n JobType.INSPECT_SNAPSHOT_IN_REGISTRY,\n this.runner.id,\n ResourceType.SNAPSHOT,\n snapshotName,\n payload,\n )\n\n this.logger.debug(`Created INSPECT_SNAPSHOT_IN_REGISTRY job for ${snapshotName} on runner ${this.runner.id}`)\n\n const waitTimeout = 30 * 1000 // 30 seconds\n const completedJob = await this.jobService.waitJobCompletion(job.id, waitTimeout)\n\n if (!completedJob) {\n throw new Error(`Snapshot ${snapshotName} not found in registry on runner ${this.runner.id}`)\n }\n\n if (completedJob.status !== JobStatus.COMPLETED) {\n throw new Error(\n `Snapshot ${snapshotName} failed to inspect in registry on runner ${this.runner.id}. Error: ${completedJob.errorMessage}`,\n )\n }\n\n const resultMetadata = completedJob.getResultMetadata()\n\n return {\n hash: resultMetadata?.hash,\n sizeGB: resultMetadata?.sizeGB,\n }\n }\n\n async updateNetworkSettings(\n sandboxId: string,\n networkBlockAll?: boolean,\n networkAllowList?: string,\n networkLimitEgress?: boolean,\n ): Promise {\n const payload: UpdateNetworkSettingsDTO = {\n networkBlockAll: networkBlockAll,\n networkAllowList: networkAllowList,\n networkLimitEgress: networkLimitEgress,\n }\n\n await this.jobService.createJob(\n null,\n JobType.UPDATE_SANDBOX_NETWORK_SETTINGS,\n this.runner.id,\n ResourceType.SANDBOX,\n sandboxId,\n payload,\n )\n\n this.logger.debug(\n `Created UPDATE_SANDBOX_NETWORK_SETTINGS job for sandbox ${sandboxId} on runner ${this.runner.id}`,\n )\n }\n\n async resizeSandbox(sandboxId: string, cpu?: number, memory?: number, disk?: number): Promise {\n await this.jobService.createJob(null, JobType.RESIZE_SANDBOX, this.runner.id, ResourceType.SANDBOX, sandboxId, {\n cpu,\n memory,\n disk,\n })\n\n this.logger.debug(`Created RESIZE_SANDBOX job for sandbox ${sandboxId} on runner ${this.runner.id}`)\n }\n}\n" }, { "path": "apps/api/src/sandbox/sandbox.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { DataSource } from 'typeorm'\nimport { SandboxController } from './controllers/sandbox.controller'\nimport { SandboxService } from './services/sandbox.service'\nimport { TypeOrmModule } from '@nestjs/typeorm'\nimport { Sandbox } from './entities/sandbox.entity'\nimport { UserModule } from '../user/user.module'\nimport { RunnerService } from './services/runner.service'\nimport { Runner } from './entities/runner.entity'\nimport { RunnerController } from './controllers/runner.controller'\nimport { ToolboxService } from './services/toolbox.deprecated.service'\nimport { DockerRegistryModule } from '../docker-registry/docker-registry.module'\nimport { SandboxManager } from './managers/sandbox.manager'\nimport { ToolboxController } from './controllers/toolbox.deprecated.controller'\nimport { Snapshot } from './entities/snapshot.entity'\nimport { SnapshotController } from './controllers/snapshot.controller'\nimport { SnapshotService } from './services/snapshot.service'\nimport { SnapshotManager } from './managers/snapshot.manager'\nimport { SnapshotRunner } from './entities/snapshot-runner.entity'\nimport { DockerRegistry } from '../docker-registry/entities/docker-registry.entity'\nimport { RedisLockProvider } from './common/redis-lock.provider'\nimport { OrganizationModule } from '../organization/organization.module'\nimport { SandboxWarmPoolService } from './services/sandbox-warm-pool.service'\nimport { WarmPool } from './entities/warm-pool.entity'\nimport { PreviewController } from './controllers/preview.controller'\nimport { SnapshotSubscriber } from './subscribers/snapshot.subscriber'\nimport { VolumeController } from './controllers/volume.controller'\nimport { VolumeService } from './services/volume.service'\nimport { VolumeManager } from './managers/volume.manager'\nimport { Volume } from './entities/volume.entity'\nimport { BuildInfo } from './entities/build-info.entity'\nimport { BackupManager } from './managers/backup.manager'\nimport { VolumeSubscriber } from './subscribers/volume.subscriber'\nimport { RunnerSubscriber } from './subscribers/runner.subscriber'\nimport { WorkspaceController } from './controllers/workspace.deprecated.controller'\nimport { RunnerAdapterFactory } from './runner-adapter/runnerAdapter'\nimport { SandboxStartAction } from './managers/sandbox-actions/sandbox-start.action'\nimport { SandboxStopAction } from './managers/sandbox-actions/sandbox-stop.action'\nimport { SandboxDestroyAction } from './managers/sandbox-actions/sandbox-destroy.action'\nimport { SandboxArchiveAction } from './managers/sandbox-actions/sandbox-archive.action'\nimport { SshAccess } from './entities/ssh-access.entity'\nimport { SandboxRepository } from './repositories/sandbox.repository'\nimport { ProxyCacheInvalidationService } from './services/proxy-cache-invalidation.service'\nimport { RegionModule } from '../region/region.module'\nimport { Region } from '../region/entities/region.entity'\nimport { SnapshotRegion } from './entities/snapshot-region.entity'\nimport { JobController } from './controllers/job.controller'\nimport { JobService } from './services/job.service'\nimport { JobStateHandlerService } from './services/job-state-handler.service'\nimport { Job } from './entities/job.entity'\nimport { SandboxLookupCacheInvalidationService } from './services/sandbox-lookup-cache-invalidation.service'\nimport { SandboxAccessGuard } from './guards/sandbox-access.guard'\nimport { RunnerAccessGuard } from './guards/runner-access.guard'\nimport { RegionRunnerAccessGuard } from './guards/region-runner-access.guard'\nimport { RegionSandboxAccessGuard } from './guards/region-sandbox-access.guard'\nimport { ProxyGuard } from './guards/proxy.guard'\nimport { SshGatewayGuard } from './guards/ssh-gateway.guard'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\n\n@Module({\n imports: [\n UserModule,\n DockerRegistryModule,\n OrganizationModule,\n RegionModule,\n TypeOrmModule.forFeature([\n Sandbox,\n Runner,\n Snapshot,\n BuildInfo,\n SnapshotRunner,\n SnapshotRegion,\n DockerRegistry,\n WarmPool,\n Volume,\n SshAccess,\n Region,\n Job,\n ]),\n ],\n controllers: [\n SandboxController,\n RunnerController,\n ToolboxController,\n SnapshotController,\n WorkspaceController,\n PreviewController,\n VolumeController,\n JobController,\n ],\n providers: [\n SandboxService,\n SandboxManager,\n BackupManager,\n SandboxWarmPoolService,\n RunnerService,\n ToolboxService,\n SnapshotService,\n ProxyCacheInvalidationService,\n SandboxLookupCacheInvalidationService,\n SnapshotManager,\n RedisLockProvider,\n SnapshotSubscriber,\n VolumeService,\n VolumeManager,\n VolumeSubscriber,\n RunnerSubscriber,\n RunnerAdapterFactory,\n SandboxStartAction,\n SandboxStopAction,\n SandboxDestroyAction,\n SandboxArchiveAction,\n JobService,\n JobStateHandlerService,\n SandboxAccessGuard,\n RunnerAccessGuard,\n RegionRunnerAccessGuard,\n RegionSandboxAccessGuard,\n ProxyGuard,\n SshGatewayGuard,\n {\n provide: SandboxRepository,\n inject: [DataSource, EventEmitter2, SandboxLookupCacheInvalidationService],\n useFactory: (\n dataSource: DataSource,\n eventEmitter: EventEmitter2,\n sandboxLookupCacheInvalidationService: SandboxLookupCacheInvalidationService,\n ) => new SandboxRepository(dataSource, eventEmitter, sandboxLookupCacheInvalidationService),\n },\n ],\n exports: [\n SandboxService,\n RunnerService,\n RedisLockProvider,\n SnapshotService,\n VolumeService,\n VolumeManager,\n SandboxRepository,\n RunnerAdapterFactory,\n ],\n})\nexport class SandboxModule {}\n" }, { "path": "apps/api/src/sandbox/services/job-state-handler.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger } from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { Repository } from 'typeorm'\nimport { Snapshot } from '../entities/snapshot.entity'\nimport { SnapshotRunner } from '../entities/snapshot-runner.entity'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { SnapshotState } from '../enums/snapshot-state.enum'\nimport { SnapshotRunnerState } from '../enums/snapshot-runner-state.enum'\nimport { JobStatus } from '../enums/job-status.enum'\nimport { JobType } from '../enums/job-type.enum'\nimport { Job } from '../entities/job.entity'\nimport { BackupState } from '../enums/backup-state.enum'\nimport { SandboxDesiredState } from '../enums/sandbox-desired-state.enum'\nimport { sanitizeSandboxError } from '../utils/sanitize-error.util'\nimport { OrganizationUsageService } from '../../organization/services/organization-usage.service'\nimport { SandboxRepository } from '../repositories/sandbox.repository'\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { RedisLockProvider } from '../common/redis-lock.provider'\nimport { ResourceType } from '../enums/resource-type.enum'\nimport { getStateChangeLockKey } from '../utils/lock-key.util'\n\n/**\n * Service for handling entity state updates based on job completion (v2 runners only).\n * This service listens to job status changes and updates entity states accordingly.\n */\n@Injectable()\nexport class JobStateHandlerService {\n private readonly logger = new Logger(JobStateHandlerService.name)\n\n constructor(\n private readonly sandboxRepository: SandboxRepository,\n @InjectRepository(Snapshot)\n private readonly snapshotRepository: Repository,\n @InjectRepository(SnapshotRunner)\n private readonly snapshotRunnerRepository: Repository,\n private readonly organizationUsageService: OrganizationUsageService,\n private readonly redisLockProvider: RedisLockProvider,\n ) {}\n\n /**\n * Handle job completion and update entity state accordingly.\n * Called when a job status is updated to COMPLETED or FAILED.\n */\n async handleJobCompletion(job: Job): Promise {\n if (job.status !== JobStatus.COMPLETED && job.status !== JobStatus.FAILED) {\n return\n }\n\n if (!job.resourceId) {\n return\n }\n\n switch (job.type) {\n case JobType.CREATE_SANDBOX:\n await this.handleCreateSandboxJobCompletion(job)\n break\n case JobType.START_SANDBOX:\n await this.handleStartSandboxJobCompletion(job)\n break\n case JobType.STOP_SANDBOX:\n await this.handleStopSandboxJobCompletion(job)\n break\n case JobType.DESTROY_SANDBOX:\n await this.handleDestroySandboxJobCompletion(job)\n break\n case JobType.RESIZE_SANDBOX:\n await this.handleResizeSandboxJobCompletion(job)\n break\n case JobType.PULL_SNAPSHOT:\n await this.handlePullSnapshotJobCompletion(job)\n break\n case JobType.BUILD_SNAPSHOT:\n await this.handleBuildSnapshotJobCompletion(job)\n break\n case JobType.REMOVE_SNAPSHOT:\n await this.handleRemoveSnapshotJobCompletion(job)\n break\n case JobType.CREATE_BACKUP:\n await this.handleCreateBackupJobCompletion(job)\n break\n case JobType.RECOVER_SANDBOX:\n await this.handleRecoverSandboxJobCompletion(job)\n break\n default:\n break\n }\n\n switch (job.resourceType) {\n case ResourceType.SANDBOX: {\n const lockKey = getStateChangeLockKey(job.resourceId)\n this.redisLockProvider\n .unlock(lockKey)\n .catch((error) => this.logger.error(`Error unlocking Redis lock for sandbox ${job.resourceId}:`, error)) // Clean up lock after job completion\n break\n }\n default:\n break\n }\n }\n\n private async handleCreateSandboxJobCompletion(job: Job): Promise {\n const sandboxId = job.resourceId\n if (!sandboxId) return\n\n try {\n const sandbox = await this.sandboxRepository.findOne({ where: { id: sandboxId } })\n if (!sandbox) {\n this.logger.warn(`Sandbox ${sandboxId} not found for CREATE_SANDBOX job ${job.id}`)\n return\n }\n\n if (sandbox.desiredState !== SandboxDesiredState.STARTED) {\n this.logger.error(\n `Sandbox ${sandboxId} is not in desired state STARTED for CREATE_SANDBOX job ${job.id}. Desired state: ${sandbox.desiredState}`,\n )\n return\n }\n\n const updateData: Partial = {}\n\n if (job.status === JobStatus.COMPLETED) {\n this.logger.debug(\n `CREATE_SANDBOX job ${job.id} completed successfully, marking sandbox ${sandboxId} as STARTED`,\n )\n updateData.state = SandboxState.STARTED\n updateData.errorReason = null\n const metadata = job.getResultMetadata()\n if (metadata?.daemonVersion && typeof metadata.daemonVersion === 'string') {\n updateData.daemonVersion = metadata.daemonVersion\n }\n } else if (job.status === JobStatus.FAILED) {\n this.logger.error(`CREATE_SANDBOX job ${job.id} failed for sandbox ${sandboxId}: ${job.errorMessage}`)\n updateData.state = SandboxState.ERROR\n const { recoverable, errorReason } = sanitizeSandboxError(job.errorMessage)\n updateData.errorReason = errorReason || 'Failed to create sandbox'\n updateData.recoverable = recoverable\n }\n\n await this.sandboxRepository.update(sandboxId, { updateData, entity: sandbox })\n } catch (error) {\n this.logger.error(`Error handling CREATE_SANDBOX job completion for sandbox ${sandboxId}:`, error)\n }\n }\n\n private async handleStartSandboxJobCompletion(job: Job): Promise {\n const sandboxId = job.resourceId\n if (!sandboxId) return\n\n try {\n const sandbox = await this.sandboxRepository.findOne({ where: { id: sandboxId } })\n if (!sandbox) {\n this.logger.warn(`Sandbox ${sandboxId} not found for START_SANDBOX job ${job.id}`)\n return\n }\n\n if (sandbox.desiredState !== SandboxDesiredState.STARTED) {\n this.logger.error(\n `Sandbox ${sandboxId} is not in desired state STARTED for START_SANDBOX job ${job.id}. Desired state: ${sandbox.desiredState}`,\n )\n return\n }\n\n const updateData: Partial = {}\n\n if (job.status === JobStatus.COMPLETED) {\n this.logger.debug(`START_SANDBOX job ${job.id} completed successfully, marking sandbox ${sandboxId} as STARTED`)\n updateData.state = SandboxState.STARTED\n updateData.errorReason = null\n const metadata = job.getResultMetadata()\n if (metadata?.daemonVersion && typeof metadata.daemonVersion === 'string') {\n updateData.daemonVersion = metadata.daemonVersion\n }\n } else if (job.status === JobStatus.FAILED) {\n this.logger.error(`START_SANDBOX job ${job.id} failed for sandbox ${sandboxId}: ${job.errorMessage}`)\n updateData.state = SandboxState.ERROR\n const { recoverable, errorReason } = sanitizeSandboxError(job.errorMessage)\n updateData.errorReason = errorReason || 'Failed to start sandbox'\n updateData.recoverable = recoverable\n }\n\n await this.sandboxRepository.update(sandboxId, { updateData, entity: sandbox })\n } catch (error) {\n this.logger.error(`Error handling START_SANDBOX job completion for sandbox ${sandboxId}:`, error)\n }\n }\n\n private async handleStopSandboxJobCompletion(job: Job): Promise {\n const sandboxId = job.resourceId\n if (!sandboxId) return\n\n try {\n const sandbox = await this.sandboxRepository.findOne({ where: { id: sandboxId } })\n if (!sandbox) {\n this.logger.warn(`Sandbox ${sandboxId} not found for STOP_SANDBOX job ${job.id}`)\n return\n }\n\n if (sandbox.desiredState !== SandboxDesiredState.STOPPED) {\n this.logger.error(\n `Sandbox ${sandboxId} is not in desired state STOPPED for STOP_SANDBOX job ${job.id}. Desired state: ${sandbox.desiredState}`,\n )\n return\n }\n\n const updateData: Partial = {}\n\n if (job.status === JobStatus.COMPLETED) {\n this.logger.debug(`STOP_SANDBOX job ${job.id} completed successfully, marking sandbox ${sandboxId} as STOPPED`)\n updateData.state = SandboxState.STOPPED\n updateData.errorReason = null\n } else if (job.status === JobStatus.FAILED) {\n this.logger.error(`STOP_SANDBOX job ${job.id} failed for sandbox ${sandboxId}: ${job.errorMessage}`)\n updateData.state = SandboxState.ERROR\n const { recoverable, errorReason } = sanitizeSandboxError(job.errorMessage)\n updateData.errorReason = errorReason || 'Failed to stop sandbox'\n updateData.recoverable = recoverable\n }\n\n await this.sandboxRepository.update(sandboxId, { updateData, entity: sandbox })\n } catch (error) {\n this.logger.error(`Error handling STOP_SANDBOX job completion for sandbox ${sandboxId}:`, error)\n }\n }\n\n private async handleDestroySandboxJobCompletion(job: Job): Promise {\n const sandboxId = job.resourceId\n if (!sandboxId) return\n\n try {\n const sandbox = await this.sandboxRepository.findOne({ where: { id: sandboxId } })\n if (!sandbox) {\n this.logger.warn(`Sandbox ${sandboxId} not found for DESTROY_SANDBOX job ${job.id}`)\n return\n }\n if (sandbox.desiredState !== SandboxDesiredState.DESTROYED) {\n // Don't log anything because sandboxes can be destroyed on runners when archiving or moving to a new runner\n return\n }\n\n const updateData: Partial = {}\n\n if (job.status === JobStatus.COMPLETED) {\n this.logger.debug(\n `DESTROY_SANDBOX job ${job.id} completed successfully, marking sandbox ${sandboxId} as DESTROYED`,\n )\n updateData.state = SandboxState.DESTROYED\n updateData.errorReason = null\n } else if (job.status === JobStatus.FAILED) {\n this.logger.error(`DESTROY_SANDBOX job ${job.id} failed for sandbox ${sandboxId}: ${job.errorMessage}`)\n updateData.state = SandboxState.ERROR\n const { recoverable, errorReason } = sanitizeSandboxError(job.errorMessage)\n updateData.errorReason = errorReason || 'Failed to destroy sandbox'\n updateData.recoverable = recoverable\n }\n\n await this.sandboxRepository.update(sandboxId, { updateData, entity: sandbox })\n } catch (error) {\n this.logger.error(`Error handling DESTROY_SANDBOX job completion for sandbox ${sandboxId}:`, error)\n }\n }\n\n private async handlePullSnapshotJobCompletion(job: Job): Promise {\n const snapshotRef = job.resourceId\n const runnerId = job.runnerId\n if (!snapshotRef || !runnerId) return\n\n try {\n const snapshotRunner = await this.snapshotRunnerRepository.findOne({\n where: { snapshotRef, runnerId },\n })\n\n if (!snapshotRunner) {\n this.logger.warn(`SnapshotRunner not found for snapshot ${snapshotRef} on runner ${runnerId}`)\n return\n }\n\n if (job.status === JobStatus.COMPLETED) {\n this.logger.debug(\n `PULL_SNAPSHOT job ${job.id} completed successfully, marking SnapshotRunner ${snapshotRunner.id} as READY`,\n )\n snapshotRunner.state = SnapshotRunnerState.READY\n snapshotRunner.errorReason = null\n\n // Check if this is the initial runner for a snapshot and update the snapshot state\n const snapshot = await this.snapshotRepository.findOne({\n where: { initialRunnerId: runnerId, ref: snapshotRef },\n })\n if (snapshot && (snapshot.state === SnapshotState.PULLING || snapshot.state === SnapshotState.BUILDING)) {\n this.logger.debug(`Marking snapshot ${snapshot.id} as ACTIVE after initial pull completed`)\n snapshot.state = SnapshotState.ACTIVE\n snapshot.errorReason = null\n snapshot.lastUsedAt = new Date()\n await this.snapshotRepository.save(snapshot)\n }\n } else if (job.status === JobStatus.FAILED) {\n this.logger.error(`PULL_SNAPSHOT job ${job.id} failed for snapshot ${snapshotRef}: ${job.errorMessage}`)\n snapshotRunner.state = SnapshotRunnerState.ERROR\n snapshotRunner.errorReason = job.errorMessage || 'Failed to pull snapshot'\n\n // Check if this is the initial runner for a snapshot and update the snapshot state\n const snapshot = await this.snapshotRepository.findOne({\n where: { initialRunnerId: runnerId, ref: snapshotRef },\n })\n if (snapshot && snapshot.state === SnapshotState.PULLING) {\n this.logger.error(`Marking snapshot ${snapshot.id} as ERROR after initial pull failed`)\n snapshot.state = SnapshotState.ERROR\n snapshot.errorReason = job.errorMessage || 'Failed to pull snapshot on initial runner'\n await this.snapshotRepository.save(snapshot)\n }\n }\n\n await this.snapshotRunnerRepository.save(snapshotRunner)\n } catch (error) {\n this.logger.error(`Error handling PULL_SNAPSHOT job completion for snapshot ${snapshotRef}:`, error)\n }\n }\n\n private async handleBuildSnapshotJobCompletion(job: Job): Promise {\n const snapshotRef = job.resourceId\n const runnerId = job.runnerId\n if (!snapshotRef || !runnerId) return\n\n try {\n // For BUILD_SNAPSHOT, find snapshot by buildInfo.snapshotRef\n const snapshot = await this.snapshotRepository\n .createQueryBuilder('snapshot')\n .leftJoinAndSelect('snapshot.buildInfo', 'buildInfo')\n .where('snapshot.initialRunnerId = :runnerId', { runnerId })\n .andWhere('buildInfo.snapshotRef = :snapshotRef', { snapshotRef })\n .getOne()\n\n // Update SnapshotRunner state\n const snapshotRunner = await this.snapshotRunnerRepository.findOne({\n where: { snapshotRef, runnerId },\n })\n\n if (job.status === JobStatus.COMPLETED) {\n this.logger.debug(`BUILD_SNAPSHOT job ${job.id} completed successfully for snapshot ref ${snapshotRef}`)\n\n if (snapshot?.state === SnapshotState.BUILDING) {\n snapshot.state = SnapshotState.ACTIVE\n snapshot.errorReason = null\n snapshot.lastUsedAt = new Date()\n await this.snapshotRepository.save(snapshot)\n this.logger.debug(`Marked snapshot ${snapshot.id} as ACTIVE after build completed`)\n }\n\n if (snapshotRunner) {\n snapshotRunner.state = SnapshotRunnerState.READY\n snapshotRunner.errorReason = null\n await this.snapshotRunnerRepository.save(snapshotRunner)\n }\n } else if (job.status === JobStatus.FAILED) {\n this.logger.error(`BUILD_SNAPSHOT job ${job.id} failed for snapshot ref ${snapshotRef}: ${job.errorMessage}`)\n\n if (snapshot?.state === SnapshotState.BUILDING) {\n snapshot.state = SnapshotState.ERROR\n snapshot.errorReason = job.errorMessage || 'Failed to build snapshot'\n await this.snapshotRepository.save(snapshot)\n }\n\n if (snapshotRunner) {\n snapshotRunner.state = SnapshotRunnerState.ERROR\n snapshotRunner.errorReason = job.errorMessage || 'Failed to build snapshot'\n await this.snapshotRunnerRepository.save(snapshotRunner)\n }\n }\n } catch (error) {\n this.logger.error(`Error handling BUILD_SNAPSHOT job completion for snapshot ref ${snapshotRef}:`, error)\n }\n }\n\n private async handleRemoveSnapshotJobCompletion(job: Job): Promise {\n const snapshotRef = job.resourceId\n const runnerId = job.runnerId\n if (!snapshotRef || !runnerId) return\n\n try {\n if (job.status === JobStatus.COMPLETED) {\n this.logger.debug(\n `REMOVE_SNAPSHOT job ${job.id} completed successfully for snapshot ${snapshotRef} on runner ${runnerId}`,\n )\n const affected = await this.snapshotRunnerRepository.delete({ snapshotRef, runnerId })\n if (affected.affected && affected.affected > 0) {\n this.logger.debug(\n `Removed ${affected.affected} snapshot runners for snapshot ${snapshotRef} on runner ${runnerId}`,\n )\n }\n } else if (job.status === JobStatus.FAILED) {\n this.logger.error(\n `REMOVE_SNAPSHOT job ${job.id} failed for snapshot ${snapshotRef} on runner ${runnerId}: ${job.errorMessage}`,\n )\n }\n } catch (error) {\n this.logger.error(`Error handling REMOVE_SNAPSHOT job completion for snapshot ${snapshotRef}:`, error)\n }\n }\n\n private async handleCreateBackupJobCompletion(job: Job): Promise {\n const sandboxId = job.resourceId\n if (!sandboxId) return\n\n try {\n const sandbox = await this.sandboxRepository.findOne({ where: { id: sandboxId } })\n if (!sandbox) {\n this.logger.warn(`Sandbox ${sandboxId} not found for CREATE_BACKUP job ${job.id}`)\n return\n }\n\n const updateData: Partial = {}\n\n if (job.status === JobStatus.COMPLETED) {\n this.logger.debug(\n `CREATE_BACKUP job ${job.id} completed successfully, marking sandbox ${sandboxId} as BACKUP_COMPLETED`,\n )\n Object.assign(updateData, Sandbox.getBackupStateUpdate(sandbox, BackupState.COMPLETED))\n } else if (job.status === JobStatus.FAILED) {\n this.logger.error(`CREATE_BACKUP job ${job.id} failed for sandbox ${sandboxId}: ${job.errorMessage}`)\n Object.assign(\n updateData,\n Sandbox.getBackupStateUpdate(sandbox, BackupState.ERROR, undefined, undefined, job.errorMessage),\n )\n }\n\n await this.sandboxRepository.update(sandboxId, { updateData, entity: sandbox })\n } catch (error) {\n this.logger.error(`Error handling CREATE_BACKUP job completion for sandbox ${sandboxId}:`, error)\n }\n }\n\n private async handleRecoverSandboxJobCompletion(job: Job): Promise {\n const sandboxId = job.resourceId\n if (!sandboxId) return\n\n try {\n const sandbox = await this.sandboxRepository.findOne({ where: { id: sandboxId } })\n if (!sandbox) {\n this.logger.warn(`Sandbox ${sandboxId} not found for RECOVER_SANDBOX job ${job.id}`)\n return\n }\n\n if (sandbox.desiredState !== SandboxDesiredState.STARTED) {\n this.logger.error(\n `Sandbox ${sandboxId} is not in desired state STARTED for RECOVER_SANDBOX job ${job.id}. Desired state: ${sandbox.desiredState}`,\n )\n return\n }\n\n const updateData: Partial = {}\n\n if (job.status === JobStatus.COMPLETED) {\n this.logger.debug(\n `RECOVER_SANDBOX job ${job.id} completed successfully, marking sandbox ${sandboxId} as STARTED`,\n )\n updateData.state = SandboxState.STARTED\n updateData.errorReason = null\n } else if (job.status === JobStatus.FAILED) {\n this.logger.error(`RECOVER_SANDBOX job ${job.id} failed for sandbox ${sandboxId}: ${job.errorMessage}`)\n updateData.state = SandboxState.ERROR\n updateData.errorReason = job.errorMessage || 'Failed to recover sandbox'\n }\n\n await this.sandboxRepository.update(sandboxId, { updateData, entity: sandbox })\n } catch (error) {\n this.logger.error(`Error handling RECOVER_SANDBOX job completion for sandbox ${sandboxId}:`, error)\n }\n }\n\n private async handleResizeSandboxJobCompletion(job: Job): Promise {\n const sandboxId = job.resourceId\n if (!sandboxId) return\n\n try {\n const sandbox = await this.sandboxRepository.findOne({ where: { id: sandboxId } })\n if (!sandbox) {\n this.logger.warn(`Sandbox ${sandboxId} not found for RESIZE_SANDBOX job ${job.id}`)\n return\n }\n\n if (sandbox.state !== SandboxState.RESIZING) {\n this.logger.warn(\n `Sandbox ${sandboxId} is not in RESIZING state for RESIZE_SANDBOX job ${job.id}. State: ${sandbox.state}`,\n )\n return\n }\n\n // Determine the previous state (STARTED or STOPPED based on desiredState)\n const previousState =\n sandbox.desiredState === SandboxDesiredState.STARTED\n ? SandboxState.STARTED\n : sandbox.desiredState === SandboxDesiredState.STOPPED\n ? SandboxState.STOPPED\n : null\n\n if (!previousState) {\n this.logger.error(\n `Sandbox ${sandboxId} has unexpected desiredState ${sandbox.desiredState} for RESIZE_SANDBOX job ${job.id}`,\n )\n return\n }\n\n // Calculate deltas before updating sandbox\n const payload = job.payload as { cpu?: number; memory?: number; disk?: number }\n\n // For cold resize (previousState === STOPPED), cpu/memory don't affect org quota.\n const isHotResize = previousState === SandboxState.STARTED\n const cpuDeltaForQuota = isHotResize ? (payload.cpu ?? sandbox.cpu) - sandbox.cpu : 0\n const memDeltaForQuota = isHotResize ? (payload.memory ?? sandbox.mem) - sandbox.mem : 0\n const diskDeltaForQuota = (payload.disk ?? sandbox.disk) - sandbox.disk // Disk only increases\n\n const updateData: Partial = {}\n\n if (job.status === JobStatus.COMPLETED) {\n this.logger.debug(`RESIZE_SANDBOX job ${job.id} completed successfully for sandbox ${sandboxId}`)\n\n // Update sandbox resources\n updateData.cpu = payload.cpu ?? sandbox.cpu\n updateData.mem = payload.memory ?? sandbox.mem\n updateData.disk = payload.disk ?? sandbox.disk\n updateData.state = previousState\n\n // Apply usage change (handles both positive and negative deltas)\n await this.organizationUsageService.applyResizeUsageChange(\n sandbox.organizationId,\n sandbox.region,\n cpuDeltaForQuota,\n memDeltaForQuota,\n diskDeltaForQuota,\n )\n return\n } else if (job.status === JobStatus.FAILED) {\n this.logger.error(`RESIZE_SANDBOX job ${job.id} failed for sandbox ${sandboxId}: ${job.errorMessage}`)\n\n // Rollback pending usage (all deltas were tracked, including negative)\n await this.organizationUsageService.decrementPendingSandboxUsage(\n sandbox.organizationId,\n sandbox.region,\n cpuDeltaForQuota !== 0 ? cpuDeltaForQuota : undefined,\n memDeltaForQuota !== 0 ? memDeltaForQuota : undefined,\n diskDeltaForQuota !== 0 ? diskDeltaForQuota : undefined,\n )\n\n updateData.state = previousState\n }\n\n await this.sandboxRepository.update(sandboxId, { updateData, entity: sandbox })\n } catch (error) {\n this.logger.error(`Error handling RESIZE_SANDBOX job completion for sandbox ${sandboxId}:`, error)\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/services/job.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ConflictException, Injectable, Logger, NotFoundException } from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { Repository, LessThan, EntityManager } from 'typeorm'\nimport { Job } from '../entities/job.entity'\nimport { JobDto, JobStatus, JobType, ResourceType } from '../dto/job.dto'\nimport { ResourceTypeForJobType } from '../dto/job-type-map.dto'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport { Cron, CronExpression } from '@nestjs/schedule'\nimport { JobStateHandlerService } from './job-state-handler.service'\nimport { propagation, context as otelContext } from '@opentelemetry/api'\nimport { PaginatedList } from '../../common/interfaces/paginated-list.interface'\n\nconst REDIS_BLOCKING_COMMAND_TIMEOUT_BUFFER_MS = 3_000\n\n@Injectable()\nexport class JobService {\n private readonly logger = new Logger(JobService.name)\n private readonly REDIS_JOB_QUEUE_PREFIX = 'runner:jobs:'\n\n constructor(\n @InjectRepository(Job)\n private readonly jobRepository: Repository,\n @InjectRedis() private readonly redis: Redis,\n private readonly jobStateHandlerService: JobStateHandlerService,\n ) {}\n\n /**\n * Create a job within the provided transaction manager\n * If manager is null, uses the default repository (for non-transactional operations)\n * @template T The JobType enum value - ensures compile-time type safety for resourceType and payload\n */\n async createJob(\n manager: EntityManager | null,\n type: T,\n runnerId: string,\n resourceType: ResourceTypeForJobType,\n resourceId: string,\n payload?: string | Record,\n ): Promise {\n // Use provided manager if available, otherwise use default repository\n const repo = manager ? manager.getRepository(Job) : this.jobRepository\n\n // Capture current OpenTelemetry trace context for distributed tracing\n const traceContext = this.captureTraceContext()\n\n const encodedPayload = typeof payload === 'string' ? payload : payload ? JSON.stringify(payload) : undefined\n\n try {\n const job = new Job({\n type,\n runnerId,\n resourceType,\n resourceId,\n status: JobStatus.PENDING,\n payload: encodedPayload,\n traceContext,\n })\n\n await repo.insert(job)\n\n // Log with context-specific info\n const contextInfo = resourceId ? `${resourceType} ${resourceId}` : 'N/A'\n\n this.logger.debug(`Created job ${job.id} of type ${type} for ${contextInfo} on runner ${runnerId}`)\n\n // Notify runner via Redis - happens outside transaction\n // If transaction rolls back, notification is harmless (runner will poll and find nothing)\n await this.notifyRunner(runnerId, job.id)\n\n return job\n } catch (error) {\n if (error.code === '23505') {\n if (error.constraint === 'IDX_UNIQUE_INCOMPLETE_JOB') {\n this.logger.error(`An incomplete job already exists for ${resourceType} ${resourceId} on runner ${runnerId}`)\n }\n throw new ConflictException('An operation is already in progress for this resource')\n }\n this.logger.error(`Error creating job: ${error}`)\n throw error\n }\n }\n\n private async notifyRunner(runnerId: string, jobId: string): Promise {\n try {\n await this.redis.lpush(this.getRunnerQueueKey(runnerId), jobId)\n this.logger.debug(`Notified runner ${runnerId} about job ${jobId} via Redis`)\n } catch (error) {\n this.logger.warn(`Failed to notify runner ${runnerId} via Redis: ${error.message}`)\n // Job is still in DB, runner will pick it up via fallback polling\n }\n }\n\n async findOne(jobId: string): Promise {\n return this.jobRepository.findOneBy({ id: jobId })\n }\n\n async pollJobs(runnerId: string, limit = 10, timeoutSeconds = 30, abortSignal?: AbortSignal): Promise {\n const queueKey = this.getRunnerQueueKey(runnerId)\n const maxTimeout = Math.min(timeoutSeconds, 60) // Max 60 seconds\n\n // Check if already aborted\n if (abortSignal?.aborted) {\n this.logger.debug(`Poll request for runner ${runnerId} was already aborted`)\n return []\n }\n\n // STEP 1: Atomically claim pending jobs from database\n // This prevents duplicates by updating status to IN_PROGRESS\n let claimedJobs = await this.claimPendingJobs(runnerId, limit)\n\n if (claimedJobs.length > 0) {\n // Clear any stale job IDs from Redis queue\n try {\n await this.redis.del(queueKey)\n } catch (error) {\n this.logger.warn(`Failed to clear Redis queue: ${error.message}`)\n }\n\n return claimedJobs\n }\n\n // STEP 2: No existing jobs - wait for notification via Redis BRPOP\n // Create a new dedicated Redis client for this BRPOP to support concurrent polling from multiple runners\n // Each runner gets its own connection, preventing blocking issues\n let blockingClient: Redis | null = null\n try {\n this.logger.debug(`No existing jobs, runner ${runnerId} starting BRPOP with timeout ${maxTimeout}s`)\n\n blockingClient = this.redis.duplicate({\n commandTimeout: maxTimeout * 1000 + REDIS_BLOCKING_COMMAND_TIMEOUT_BUFFER_MS,\n retryStrategy: () => null,\n })\n\n // Wrap BRPOP in a promise that can be aborted\n const brpopPromise = blockingClient.brpop(queueKey, maxTimeout)\n\n let result: [string, string] | null = null\n if (abortSignal) {\n // Race between BRPOP and abort signal\n result = await Promise.race([\n brpopPromise,\n new Promise((resolve) => {\n if (abortSignal.aborted) {\n resolve(null)\n } else {\n abortSignal.addEventListener('abort', () => resolve(null), { once: true })\n }\n }),\n ])\n\n // If aborted, disconnect immediately to cancel BRPOP\n if (abortSignal.aborted) {\n this.logger.debug(`BRPOP aborted for runner ${runnerId}, closing Redis connection`)\n blockingClient.disconnect()\n return []\n }\n } else {\n result = await brpopPromise\n }\n\n if (result) {\n // Got notification - job(s) available\n // Clear the entire queue (job IDs are just hints, not used directly)\n this.logger.debug(`Got notification from Redis for runner ${runnerId}`)\n\n try {\n await this.redis.del(queueKey)\n } catch (error) {\n this.logger.warn(`Failed to clear Redis queue: ${error.message}`)\n }\n\n // Atomically claim jobs from database\n claimedJobs = await this.claimPendingJobs(runnerId, limit)\n\n if (claimedJobs.length > 0) {\n this.logger.debug(`Claimed ${claimedJobs.length} jobs after Redis notification for runner ${runnerId}`)\n return claimedJobs\n }\n\n // Notification received but no jobs found - possible race condition\n this.logger.warn(`Received Redis notification but no pending jobs found for runner ${runnerId}`)\n } else {\n // BRPOP timeout - no jobs received\n this.logger.debug(`BRPOP timeout for runner ${runnerId}, no new jobs`)\n }\n } catch (error) {\n this.logger.error(`Redis BRPOP error for runner ${runnerId}: ${error.message}`)\n // Fall through to database polling fallback\n } finally {\n // Always close the blocking client to prevent connection leaks\n if (blockingClient) {\n try {\n blockingClient.disconnect()\n } catch (error) {\n this.logger.warn(`Failed to disconnect blocking Redis client for runner ${runnerId}: ${error.message}`)\n }\n }\n }\n\n // STEP 3: Final fallback - check database again\n // This handles race conditions and Redis failures\n claimedJobs = await this.claimPendingJobs(runnerId, limit)\n\n if (claimedJobs.length > 0) {\n this.logger.debug(`Claimed ${claimedJobs.length} pending jobs in fallback for runner ${runnerId}`)\n }\n\n return claimedJobs\n }\n\n async updateJobStatus(\n jobId: string,\n status: JobStatus,\n errorMessage?: string,\n resultMetadata?: string,\n ): Promise {\n const job = await this.findOne(jobId)\n if (!job) {\n throw new NotFoundException(`Job with ID ${jobId} not found`)\n }\n\n if (!this.isValidStatusTransition(job.status, status)) {\n throw new ConflictException(`Invalid job status transition from ${job.status} to ${status} for job ${jobId}`)\n }\n\n job.status = status\n if (errorMessage) {\n job.errorMessage = errorMessage\n }\n\n if (status === JobStatus.IN_PROGRESS && !job.startedAt) {\n job.startedAt = new Date()\n }\n\n if (status === JobStatus.COMPLETED || status === JobStatus.FAILED) {\n job.completedAt = new Date()\n }\n\n if (resultMetadata) {\n job.resultMetadata = resultMetadata\n }\n\n const updatedJob = await this.jobRepository.save(job)\n this.logger.debug(`Updated job ${jobId} status to ${status}`)\n\n // Handle job completion for v2 runners - update sandbox/snapshot/backup state\n if (status === JobStatus.COMPLETED || status === JobStatus.FAILED) {\n // Fire and forget - don't block the response\n this.jobStateHandlerService.handleJobCompletion(updatedJob).catch((error) => {\n this.logger.error(`Error handling job completion for job ${jobId}:`, error)\n })\n }\n\n return updatedJob\n }\n\n async findPendingJobsForRunner(runnerId: string, limit = 10): Promise {\n return this.jobRepository.find({\n where: {\n runnerId,\n status: JobStatus.PENDING,\n },\n order: {\n createdAt: 'ASC',\n },\n take: limit,\n })\n }\n\n async findJobsForRunner(runnerId: string, status?: JobStatus, page = 1, limit = 100): Promise> {\n const whereCondition: { runnerId: string; status?: JobStatus } = { runnerId }\n\n if (status) {\n whereCondition.status = status\n }\n\n const [jobs, total] = await this.jobRepository.findAndCount({\n where: whereCondition,\n order: {\n createdAt: 'DESC',\n },\n skip: (page - 1) * limit,\n take: limit,\n })\n\n return {\n items: jobs.map((job) => new JobDto(job)),\n total,\n page,\n totalPages: Math.ceil(total / limit),\n }\n }\n\n async findJobsBySandboxId(sandboxId: string): Promise {\n return this.findJobsByResourceId(ResourceType.SANDBOX, sandboxId)\n }\n\n async findJobsByResourceId(resourceType: ResourceType, resourceId: string): Promise {\n return this.jobRepository.find({\n where: {\n resourceType,\n resourceId,\n },\n order: {\n createdAt: 'DESC',\n },\n })\n }\n\n async waitJobCompletion(jobId: string, waitTimeout: number): Promise {\n const startTime = Date.now()\n const endTime = startTime + waitTimeout\n\n while (Date.now() < endTime) {\n const job = await this.findOne(jobId)\n if (!job) {\n return null\n }\n\n if (job.status === JobStatus.COMPLETED || job.status === JobStatus.FAILED) {\n return job\n }\n\n await new Promise((resolve) => setTimeout(resolve, 100))\n }\n\n throw new Error(`Job ${jobId} timed out after ${waitTimeout}ms`)\n }\n\n /**\n * Captures the current OpenTelemetry trace context in W3C Trace Context format\n * This allows distributed tracing across the API and runner services\n * @returns A map of trace context headers (traceparent, tracestate)\n */\n private captureTraceContext(): Record | null {\n try {\n const carrier: Record = {}\n\n // Extract current trace context into carrier object using W3C Trace Context format\n propagation.inject(otelContext.active(), carrier)\n\n // Return the carrier if it contains trace information\n if (Object.keys(carrier).length > 0) {\n this.logger.debug(`Captured trace context: ${JSON.stringify(carrier)}`)\n return carrier\n }\n } catch (error) {\n this.logger.warn(`Failed to capture trace context: ${error.message}`)\n }\n\n return null\n }\n\n private isValidStatusTransition(currentStatus: JobStatus, newStatus: JobStatus): boolean {\n if (currentStatus === newStatus) {\n return true\n }\n\n const allowedTransitions: Record = {\n [JobStatus.PENDING]: [JobStatus.IN_PROGRESS, JobStatus.FAILED],\n [JobStatus.IN_PROGRESS]: [JobStatus.COMPLETED, JobStatus.FAILED],\n [JobStatus.COMPLETED]: [],\n [JobStatus.FAILED]: [],\n }\n\n return allowedTransitions[currentStatus]?.includes(newStatus) ?? false\n }\n\n private getRunnerQueueKey(runnerId: string): string {\n return `${this.REDIS_JOB_QUEUE_PREFIX}${runnerId}`\n }\n\n /**\n * Cron job to check for stale jobs and mark them as failed\n * Runs every minute to find jobs that have been IN_PROGRESS for too long\n */\n @Cron(CronExpression.EVERY_MINUTE)\n async handleStaleJobs(): Promise {\n const staleThresholdMinutes = 10\n const staleThreshold = new Date(Date.now() - staleThresholdMinutes * 60 * 1000)\n\n try {\n // Find jobs that are IN_PROGRESS but haven't been updated in the threshold time\n const staleJobs = await this.jobRepository.find({\n where: {\n status: JobStatus.IN_PROGRESS,\n updatedAt: LessThan(staleThreshold),\n },\n })\n\n if (staleJobs.length === 0) {\n return\n }\n\n this.logger.warn(`Found ${staleJobs.length} stale jobs, marking as failed`)\n\n // Mark each stale job as failed with timeout error\n for (const job of staleJobs) {\n try {\n await this.updateJobStatus(\n job.id,\n JobStatus.FAILED,\n `Job timed out - no update received for ${staleThresholdMinutes} minutes`,\n )\n\n this.logger.warn(\n `Marked job ${job.id} (type: ${job.type}, resource: ${job.resourceType} ${job.resourceId}) as failed due to timeout`,\n )\n } catch (error) {\n this.logger.error(`Error marking job ${job.id} as failed: ${error.message}`, error.stack)\n }\n }\n } catch (error) {\n this.logger.error(`Error handling stale jobs: ${error.message}`, error.stack)\n }\n }\n\n /**\n * Atomically claim pending jobs by updating their status to IN_PROGRESS\n * This prevents duplicate processing of the same job\n */\n private async claimPendingJobs(runnerId: string, limit: number): Promise {\n // Find pending jobs\n const jobs = await this.jobRepository.find({\n where: {\n runnerId,\n status: JobStatus.PENDING,\n },\n order: {\n createdAt: 'ASC',\n },\n take: limit,\n })\n\n if (jobs.length === 0) {\n return []\n }\n\n // Update jobs to IN_PROGRESS\n const now = new Date()\n const claimedJobs: JobDto[] = []\n\n for (const job of jobs) {\n try {\n job.status = JobStatus.IN_PROGRESS\n job.startedAt = now\n job.updatedAt = now\n\n // save() with @VersionColumn will automatically check version and throw OptimisticLockVersionMismatchError if changed\n const savedJob = await this.jobRepository.save(job)\n\n claimedJobs.push(new JobDto(savedJob))\n } catch (error) {\n // If optimistic lock fails, job was already claimed by another runner - skip it\n this.logger.debug(`Job ${job.id} already claimed by another runner (version mismatch)`)\n }\n }\n\n if (claimedJobs.length > 0) {\n this.logger.debug(`Claimed ${claimedJobs.length} existing pending jobs for runner ${runnerId}`)\n }\n\n return claimedJobs\n }\n}\n" }, { "path": "apps/api/src/sandbox/services/proxy-cache-invalidation.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { Injectable, Logger } from '@nestjs/common'\nimport { OnEvent } from '@nestjs/event-emitter'\nimport Redis from 'ioredis'\n\nimport { SandboxEvents } from '../constants/sandbox-events.constants'\nimport { SandboxArchivedEvent } from '../events/sandbox-archived.event'\n\n@Injectable()\nexport class ProxyCacheInvalidationService {\n private readonly logger = new Logger(ProxyCacheInvalidationService.name)\n private static readonly RUNNER_INFO_CACHE_PREFIX = 'proxy:sandbox-runner-info:'\n\n constructor(@InjectRedis() private readonly redis: Redis) {}\n\n @OnEvent(SandboxEvents.ARCHIVED)\n async handleSandboxArchived(event: SandboxArchivedEvent): Promise {\n await this.invalidateRunnerCache(event.sandbox.id)\n }\n\n private async invalidateRunnerCache(sandboxId: string): Promise {\n try {\n await this.redis.del(`${ProxyCacheInvalidationService.RUNNER_INFO_CACHE_PREFIX}${sandboxId}`)\n this.logger.debug(`Invalidated sandbox runner cache for ${sandboxId}`)\n } catch (error) {\n this.logger.warn(`Failed to invalidate runner cache for sandbox ${sandboxId}: ${error.message}`)\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/services/runner.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n BadRequestException,\n ConflictException,\n HttpException,\n HttpStatus,\n Inject,\n Injectable,\n Logger,\n NotFoundException,\n} from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { Cron, CronExpression } from '@nestjs/schedule'\nimport { DataSource, FindOptionsWhere, In, MoreThanOrEqual, Not, Repository, UpdateResult } from 'typeorm'\nimport { Runner } from '../entities/runner.entity'\nimport { CreateRunnerInternalDto } from '../dto/create-runner-internal.dto'\nimport { SandboxClass } from '../enums/sandbox-class.enum'\nimport { RunnerState } from '../enums/runner-state.enum'\nimport { BadRequestError } from '../../exceptions/bad-request.exception'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { SnapshotRunner } from '../entities/snapshot-runner.entity'\nimport { SnapshotRunnerState } from '../enums/snapshot-runner-state.enum'\nimport { RunnerSnapshotDto } from '../dto/runner-snapshot.dto'\nimport { RunnerAdapterFactory, RunnerInfo } from '../runner-adapter/runnerAdapter'\nimport { RedisLockProvider } from '../common/redis-lock.provider'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { LogExecution } from '../../common/decorators/log-execution.decorator'\nimport { WithInstrumentation } from '../../common/decorators/otel.decorator'\nimport { RegionService } from '../../region/services/region.service'\nimport { RUNNER_NAME_REGEX } from '../constants/runner-name-regex.constant'\nimport { RegionType } from '../../region/enums/region-type.enum'\nimport { RunnerDto } from '../dto/runner.dto'\nimport { RunnerEvents } from '../constants/runner-events'\nimport { RunnerStateUpdatedEvent } from '../events/runner-state-updated.event'\nimport { RunnerDeletedEvent } from '../events/runner-deleted.event'\nimport { generateApiKeyValue } from '../../common/utils/api-key'\nimport { RunnerFullDto } from '../dto/runner-full.dto'\nimport { Snapshot } from '../entities/snapshot.entity'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport Redis from 'ioredis'\nimport { SandboxDesiredState } from '../enums/sandbox-desired-state.enum'\nimport { runnerLookupCacheKeyById, RUNNER_LOOKUP_CACHE_TTL_MS } from '../utils/runner-lookup-cache.util'\nimport { SandboxRepository } from '../repositories/sandbox.repository'\nimport { RunnerServiceInfo } from '../common/runner-service-info'\n\n@Injectable()\nexport class RunnerService {\n private readonly logger = new Logger(RunnerService.name)\n private readonly serviceStartTime = new Date()\n private readonly scoreConfig: AvailabilityScoreConfig\n\n constructor(\n @InjectRepository(Runner)\n private readonly runnerRepository: Repository,\n private readonly runnerAdapterFactory: RunnerAdapterFactory,\n private readonly sandboxRepository: SandboxRepository,\n @InjectRepository(SnapshotRunner)\n private readonly snapshotRunnerRepository: Repository,\n private readonly redisLockProvider: RedisLockProvider,\n private readonly configService: TypedConfigService,\n private readonly regionService: RegionService,\n @InjectRepository(Snapshot)\n private readonly snapshotRepository: Repository,\n @Inject(EventEmitter2)\n private eventEmitter: EventEmitter2,\n private readonly dataSource: DataSource,\n @InjectRedis()\n private readonly redis: Redis,\n ) {\n this.scoreConfig = this.getAvailabilityScoreConfig()\n }\n\n /**\n * @throws {BadRequestException} If the runner name or class is invalid.\n * @throws {NotFoundException} If the region is not found.\n * @throws {ConflictException} If a runner with the same values already exists.\n */\n async create(createRunnerDto: CreateRunnerInternalDto): Promise<{\n runner: Runner\n apiKey: string\n }> {\n if (!RUNNER_NAME_REGEX.test(createRunnerDto.name)) {\n throw new BadRequestException('Runner name must contain only letters, numbers, underscores, periods, and hyphens')\n }\n if (createRunnerDto.name.length < 2 || createRunnerDto.name.length > 255) {\n throw new BadRequestException('Runner name must be between 3 and 255 characters')\n }\n\n const apiKey = createRunnerDto.apiKey ?? generateApiKeyValue()\n\n let runner: Runner\n\n switch (createRunnerDto.apiVersion) {\n case '0':\n runner = new Runner({\n region: createRunnerDto.regionId,\n name: createRunnerDto.name,\n apiVersion: createRunnerDto.apiVersion,\n apiKey: apiKey,\n cpu: createRunnerDto.cpu,\n memoryGiB: createRunnerDto.memoryGiB,\n diskGiB: createRunnerDto.diskGiB,\n domain: createRunnerDto.domain,\n apiUrl: createRunnerDto.apiUrl,\n proxyUrl: createRunnerDto.proxyUrl,\n appVersion: createRunnerDto.appVersion,\n })\n break\n case '2':\n runner = new Runner({\n region: createRunnerDto.regionId,\n name: createRunnerDto.name,\n apiVersion: createRunnerDto.apiVersion,\n apiKey: apiKey,\n appVersion: createRunnerDto.appVersion,\n })\n break\n default:\n throw new BadRequestException('Invalid runner version')\n }\n\n try {\n const savedRunner = await this.runnerRepository.save(runner)\n this.invalidateRunnerCache(savedRunner.id)\n return { runner: savedRunner, apiKey }\n } catch (error) {\n if (error.code === '23505') {\n if (error.detail.includes('domain')) {\n throw new ConflictException('This domain is already in use')\n }\n if (error.detail.includes('name')) {\n throw new ConflictException(`Runner with name ${createRunnerDto.name} already exists in this region`)\n }\n throw new ConflictException('A runner with these values already exists')\n }\n throw error\n }\n }\n\n async findAllFull(): Promise {\n const runners = await this.runnerRepository.find()\n\n const regionIds = new Set(runners.map((runner) => runner.region))\n const regions = await this.regionService.findByIds(Array.from(regionIds))\n\n const regionTypeMap = new Map()\n regions.forEach((region) => {\n regionTypeMap.set(region.id, region.regionType)\n })\n\n return runners.map((runner) => RunnerFullDto.fromRunner(runner, regionTypeMap.get(runner.region)))\n }\n\n async findAllByRegion(regionId: string): Promise {\n const runners = await this.runnerRepository.find({\n where: {\n region: regionId,\n },\n })\n\n return runners.map(RunnerDto.fromRunner)\n }\n\n async findAllByRegionFull(regionId: string): Promise {\n const runners = await this.runnerRepository.find({\n where: {\n region: regionId,\n },\n })\n\n const region = await this.regionService.findOne(regionId)\n\n return runners.map((runner) => RunnerFullDto.fromRunner(runner, region?.regionType))\n }\n\n async findAllByOrganization(organizationId: string, regionType?: RegionType): Promise {\n const regions = await this.regionService.findAllByOrganization(organizationId, regionType)\n const regionIds = regions.map((region) => region.id)\n\n const runners = await this.runnerRepository.find({\n where: {\n region: In(regionIds),\n },\n })\n\n return runners.map(RunnerDto.fromRunner)\n }\n\n async findDrainingPaginated(skip: number, take: number): Promise {\n return this.runnerRepository.find({\n where: {\n draining: true,\n state: Not(RunnerState.DECOMMISSIONED),\n },\n order: {\n id: 'ASC',\n },\n skip,\n take,\n })\n }\n\n async findAllReady(): Promise {\n return this.runnerRepository.find({\n where: {\n state: RunnerState.READY,\n },\n })\n }\n\n async findOne(id: string): Promise {\n return this.runnerRepository.findOne({\n where: { id },\n cache: {\n id: runnerLookupCacheKeyById(id),\n milliseconds: RUNNER_LOOKUP_CACHE_TTL_MS,\n },\n })\n }\n\n async findOneOrFail(id: string): Promise {\n const runner = await this.findOne(id)\n if (!runner) {\n throw new NotFoundException(`Runner with ID ${id} not found`)\n }\n return runner\n }\n\n async findOneFullOrFail(id: string): Promise {\n const runner = await this.findOneOrFail(id)\n const region = await this.regionService.findOne(runner.region)\n\n return RunnerFullDto.fromRunner(runner, region?.regionType)\n }\n\n async findOneByDomain(domain: string): Promise {\n return this.runnerRepository.findOneBy({ domain })\n }\n\n async findByIds(runnerIds: string[]): Promise {\n if (runnerIds.length === 0) {\n return []\n }\n\n return this.runnerRepository.find({\n where: { id: In(runnerIds) },\n })\n }\n\n async findByApiKey(apiKey: string): Promise {\n return this.runnerRepository.findOneBy({ apiKey })\n }\n\n async findBySandboxId(sandboxId: string): Promise {\n const sandbox = await this.sandboxRepository.findOne({\n where: { id: sandboxId, state: Not(SandboxState.DESTROYED) },\n select: ['runnerId'],\n })\n if (!sandbox) {\n throw new NotFoundException(`Sandbox with ID ${sandboxId} not found`)\n }\n if (!sandbox.runnerId) {\n throw new NotFoundException(`Sandbox with ID ${sandboxId} does not have a runner`)\n }\n\n return this.findOne(sandbox.runnerId)\n }\n\n async getRegionId(runnerId: string): Promise {\n const runner = await this.runnerRepository.findOne({\n where: {\n id: runnerId,\n },\n select: ['region'],\n loadEagerRelations: false,\n })\n\n if (!runner || !runner.region) {\n throw new NotFoundException('Runner not found')\n }\n\n return runner.region\n }\n\n async findAvailableRunners(params: GetRunnerParams): Promise {\n const runnerFilter: FindOptionsWhere = {\n state: RunnerState.READY,\n unschedulable: Not(true),\n draining: Not(true),\n availabilityScore: params.availabilityScoreThreshold\n ? MoreThanOrEqual(params.availabilityScoreThreshold)\n : MoreThanOrEqual(this.configService.getOrThrow('runnerScore.thresholds.availability')),\n }\n\n const excludedRunnerIds = params.excludedRunnerIds?.length\n ? params.excludedRunnerIds.filter((id) => !!id)\n : undefined\n\n if (params.snapshotRef !== undefined) {\n const snapshotRunners = await this.snapshotRunnerRepository.find({\n where: {\n state: SnapshotRunnerState.READY,\n snapshotRef: params.snapshotRef,\n },\n })\n\n let runnerIds = snapshotRunners.map((snapshotRunner) => snapshotRunner.runnerId)\n\n if (excludedRunnerIds?.length) {\n runnerIds = runnerIds.filter((id) => !excludedRunnerIds.includes(id))\n }\n\n if (!runnerIds.length) {\n return []\n }\n\n runnerFilter.id = In(runnerIds)\n } else if (excludedRunnerIds?.length) {\n runnerFilter.id = Not(In(excludedRunnerIds))\n }\n\n if (params.regions?.length) {\n runnerFilter.region = In(params.regions)\n }\n\n if (params.sandboxClass !== undefined) {\n runnerFilter.class = params.sandboxClass\n }\n\n const runners = await this.runnerRepository.find({\n where: runnerFilter,\n })\n\n return runners.sort((a, b) => b.availabilityScore - a.availabilityScore).slice(0, 10)\n }\n\n /**\n * @throws {NotFoundException} If the runner is not found.\n * @throws {HttpException} If the runner is not unschedulable.\n * @throws {HttpException} If the runner has sandboxes associated with it.\n */\n async remove(id: string): Promise {\n const runner = await this.findOne(id)\n if (!runner) {\n throw new NotFoundException('Runner not found')\n }\n\n if (!runner.unschedulable) {\n throw new HttpException(\n 'Cannot delete runner which is available for scheduling sandboxes',\n HttpStatus.PRECONDITION_REQUIRED,\n )\n }\n\n const sandboxCount = await this.sandboxRepository.count({\n where: { runnerId: id, state: Not(In([SandboxState.ARCHIVED, SandboxState.DESTROYED])) },\n })\n if (sandboxCount > 0) {\n throw new HttpException(\n 'Cannot delete runner which has sandboxes associated with it',\n HttpStatus.PRECONDITION_REQUIRED,\n )\n }\n\n await this.dataSource.transaction(async (em) => {\n await em.delete(Runner, id)\n await this.eventEmitter.emitAsync(RunnerEvents.DELETED, new RunnerDeletedEvent(em, id))\n })\n this.invalidateRunnerCache(id)\n }\n\n async updateRunnerHealth(\n runnerId: string,\n domain?: string,\n apiUrl?: string,\n proxyUrl?: string,\n serviceHealth?: RunnerServiceInfo[],\n metrics?: {\n currentCpuLoadAverage?: number\n currentCpuUsagePercentage?: number\n currentMemoryUsagePercentage?: number\n currentDiskUsagePercentage?: number\n currentAllocatedCpu?: number\n currentAllocatedMemoryGiB?: number\n currentAllocatedDiskGiB?: number\n currentSnapshotCount?: number\n currentStartedSandboxes?: number\n cpu?: number\n memoryGiB?: number\n diskGiB?: number\n },\n appVersion?: string,\n ): Promise {\n const runner = await this.findOne(runnerId)\n if (!runner) {\n this.logger.error(`Runner ${runnerId} not found when trying to update health`)\n return\n }\n\n if (runner.state === RunnerState.DECOMMISSIONED) {\n this.logger.debug(`Runner ${runnerId} is decommissioned, not updating health`)\n return\n }\n\n const updateData: Partial = {\n state: RunnerState.READY,\n lastChecked: new Date(),\n }\n\n if (domain) {\n updateData.domain = domain\n }\n\n if (apiUrl) {\n updateData.apiUrl = apiUrl\n }\n\n if (proxyUrl) {\n updateData.proxyUrl = proxyUrl\n }\n\n if (appVersion) {\n updateData.appVersion = appVersion\n }\n\n if (serviceHealth !== undefined) {\n updateData.serviceHealth = serviceHealth\n } else {\n // Clear any previously stored service health when no new health data is provided\n updateData.serviceHealth = null\n }\n\n const unhealthyServices = serviceHealth?.filter((s) => !s.healthy) ?? []\n if (unhealthyServices.length > 0) {\n const unhealthySummary = unhealthyServices\n .map((s) => `\"${s.serviceName}\"${s.errorReason ? ` (${s.errorReason})` : ''}`)\n .join(', ')\n this.logger.warn(`Runner ${runnerId} services reported unhealthy: ${unhealthySummary}`)\n updateData.state = RunnerState.UNRESPONSIVE\n }\n\n if (metrics) {\n updateData.currentCpuLoadAverage = metrics.currentCpuLoadAverage || 0\n updateData.currentCpuUsagePercentage = metrics.currentCpuUsagePercentage || 0\n updateData.currentMemoryUsagePercentage = metrics.currentMemoryUsagePercentage || 0\n updateData.currentDiskUsagePercentage = metrics.currentDiskUsagePercentage || 0\n updateData.currentAllocatedCpu = metrics.currentAllocatedCpu || 0\n updateData.currentAllocatedMemoryGiB = metrics.currentAllocatedMemoryGiB || 0\n updateData.currentAllocatedDiskGiB = metrics.currentAllocatedDiskGiB || 0\n updateData.currentSnapshotCount = metrics.currentSnapshotCount || 0\n updateData.currentStartedSandboxes = metrics.currentStartedSandboxes || 0\n updateData.cpu = metrics.cpu\n updateData.memoryGiB = metrics.memoryGiB\n updateData.diskGiB = metrics.diskGiB\n\n updateData.availabilityScore = this.calculateAvailabilityScore(runnerId, {\n cpuLoadAverage: updateData.currentCpuLoadAverage,\n cpuUsage: updateData.currentCpuUsagePercentage,\n memoryUsage: updateData.currentMemoryUsagePercentage,\n diskUsage: updateData.currentDiskUsagePercentage,\n allocatedCpu: updateData.currentAllocatedCpu,\n allocatedMemoryGiB: updateData.currentAllocatedMemoryGiB,\n allocatedDiskGiB: updateData.currentAllocatedDiskGiB,\n runnerCpu: updateData.cpu || runner.cpu,\n runnerMemoryGiB: updateData.memoryGiB || runner.memoryGiB,\n runnerDiskGiB: updateData.diskGiB || runner.diskGiB,\n startedSandboxes: updateData.currentStartedSandboxes || 0,\n })\n }\n\n await this.updateRunner(runnerId, updateData)\n this.logger.debug(`Updated health for runner ${runnerId}`)\n\n this.eventEmitter.emit(\n RunnerEvents.STATE_UPDATED,\n new RunnerStateUpdatedEvent(runner, runner.state, updateData.state),\n )\n }\n\n private async updateRunnerState(runnerId: string, newState: RunnerState): Promise {\n const runner = await this.findOne(runnerId)\n if (!runner) {\n this.logger.error(`Runner ${runnerId} not found when trying to update state`)\n return\n }\n\n // Don't change state if runner is decommissioned\n if (runner.state === RunnerState.DECOMMISSIONED) {\n this.logger.debug(`Runner ${runnerId} is decommissioned, not updating state`)\n return\n }\n\n await this.updateRunner(runnerId, {\n state: newState,\n lastChecked: new Date(),\n })\n\n this.eventEmitter.emit(RunnerEvents.STATE_UPDATED, new RunnerStateUpdatedEvent(runner, runner.state, newState))\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'check-runners', waitForCompletion: true })\n @LogExecution('check-runners')\n @WithInstrumentation()\n private async handleCheckRunners() {\n const lockKey = 'check-runners'\n const hasLock = await this.redisLockProvider.lock(lockKey, 60)\n if (!hasLock) {\n return\n }\n\n try {\n const runners = await this.runnerRepository.find({\n where: [\n {\n apiVersion: '0',\n state: Not(RunnerState.DECOMMISSIONED),\n },\n {\n // v2 runners report health via healthcheck endpoint, so we only check if the health is stale (lastChecked timestamp)\n apiVersion: '2',\n state: RunnerState.READY,\n },\n ],\n order: {\n lastChecked: {\n direction: 'ASC',\n nulls: 'FIRST',\n },\n },\n take: 100,\n })\n\n await Promise.allSettled(\n runners.map(async (runner) => {\n // v2 runners report health via healthcheck endpoint, check based on lastChecked timestamp\n if (runner.apiVersion === '2') {\n await this.checkRunnerV2Health(runner)\n return\n }\n\n // v0 runners: imperative health check via adapter\n const shouldRetry = runner.state === RunnerState.READY\n const retryDelays = shouldRetry ? [500, 1000] : []\n\n for (let attempt = 0; attempt <= retryDelays.length; attempt++) {\n if (attempt > 0) {\n await new Promise((resolve) => setTimeout(resolve, retryDelays[attempt - 1]))\n }\n\n const abortController = new AbortController()\n let timeoutId: NodeJS.Timeout | null = null\n\n const runnerHealthTimeoutSeconds = this.configService.get('runnerHealthTimeout')\n\n try {\n await Promise.race([\n (async () => {\n this.logger.debug(`Checking runner ${runner.id}`)\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n await runnerAdapter.healthCheck(abortController.signal)\n\n let runnerInfo: RunnerInfo | undefined\n try {\n runnerInfo = await runnerAdapter.runnerInfo(abortController.signal)\n } catch (e) {\n this.logger.warn(`Failed to get runner info for runner ${runner.id}: ${e.message}`)\n }\n\n await this.updateRunnerHealth(\n runner.id,\n undefined,\n undefined,\n undefined,\n runnerInfo?.serviceHealth,\n runnerInfo?.metrics,\n runnerInfo?.appVersion,\n )\n })(),\n new Promise((_, reject) => {\n timeoutId = setTimeout(() => {\n abortController.abort()\n reject(new Error('Health check timeout'))\n }, runnerHealthTimeoutSeconds * 1000)\n }),\n ])\n\n if (timeoutId) {\n clearTimeout(timeoutId)\n }\n return // Success, exit retry loop\n } catch (e) {\n if (timeoutId) {\n clearTimeout(timeoutId)\n }\n\n if (e.message === 'Health check timeout') {\n this.logger.error(\n `Runner ${runner.id} health check timed out after ${runnerHealthTimeoutSeconds} seconds`,\n )\n } else if (e.code === 'ECONNREFUSED') {\n this.logger.error(`Runner ${runner.id} not reachable`)\n } else if (e.name === 'AbortError') {\n this.logger.error(`Runner ${runner.id} health check was aborted due to timeout`)\n } else {\n this.logger.error(`Error checking runner ${runner.id}`, e)\n }\n\n // If last attempt, mark as unresponsive\n if (attempt === retryDelays.length) {\n await this.updateRunnerState(runner.id, RunnerState.UNRESPONSIVE)\n }\n }\n }\n }),\n )\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n /**\n * Check v2 runner health based on lastChecked timestamp.\n * v2 runners report health via the healthcheck endpoint, so we check if lastChecked is within threshold.\n */\n private async checkRunnerV2Health(runner: Runner): Promise {\n const markAsUnresponsive = async () => {\n this.logger.warn(\n `v2 Runner ${runner.id} health check stale (last: ${Math.round((Date.now() - runner.lastChecked.getTime()) / 1000)}s ago), marking as UNRESPONSIVE`,\n )\n await this.updateRunnerState(runner.id, RunnerState.UNRESPONSIVE)\n }\n\n if (!runner.lastChecked) {\n return\n }\n\n // v2 runners report health every ~10 seconds via the healthcheck endpoint\n // Allow 60 seconds (6 missed healthchecks) before marking as UNRESPONSIVE\n const healthCheckThresholdMs = 60 * 1000\n\n if (runner.lastChecked < this.serviceStartTime) {\n // Allow the runner a grace period to re-establish health checks\n const timeSinceServiceStart = Date.now() - this.serviceStartTime.getTime()\n\n if (timeSinceServiceStart > healthCheckThresholdMs) {\n // Grace period expired and runner still hasn't checked in\n await markAsUnresponsive()\n }\n } else {\n // Runner has checked in since API started - use normal threshold\n const timeSinceLastCheck = Date.now() - runner.lastChecked.getTime()\n\n if (timeSinceLastCheck > healthCheckThresholdMs) {\n // Runner hasn't reported health recently\n await markAsUnresponsive()\n }\n }\n }\n\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'check-decommission-runners', waitForCompletion: true })\n @LogExecution('check-decommission-runners')\n @WithInstrumentation()\n private async handleCheckDecommissionRunners() {\n const lockKey = 'check-decommission-runners'\n const hasLock = await this.redisLockProvider.lock(lockKey, 60)\n if (!hasLock) {\n return\n }\n\n try {\n const drainingRunners = await this.runnerRepository.find({\n where: {\n draining: true,\n state: Not(RunnerState.DECOMMISSIONED),\n },\n })\n\n this.logger.debug(`Checking ${drainingRunners.length} draining runners`)\n\n await Promise.allSettled(\n drainingRunners.map(async (runner) => {\n try {\n // Check if runner has any sandboxes with desiredState != DESTROYED\n const nonDestroyedSandboxCount = await this.sandboxRepository.count({\n where: {\n runnerId: runner.id,\n desiredState: Not(SandboxDesiredState.DESTROYED),\n },\n })\n\n const redisKey = `runner:draining-check:${runner.id}`\n\n if (nonDestroyedSandboxCount > 0) {\n // Reset counter if there are non-destroyed sandboxes\n await this.redis.set(redisKey, '0', 'EX', 600) // 10 minute TTL\n this.logger.debug(\n `Runner ${runner.id} has ${nonDestroyedSandboxCount} sandboxes with desiredState != DESTROYED, reset counter`,\n )\n } else {\n // Increment counter\n const currentCount = await this.redis.get(redisKey)\n const count = currentCount ? parseInt(currentCount, 10) + 1 : 1\n\n if (count >= 3) {\n // Decommission the runner\n await this.updateRunner(runner.id, {\n state: RunnerState.DECOMMISSIONED,\n })\n await this.redis.del(redisKey)\n this.logger.log(`Runner ${runner.id} has been decommissioned after 3 successful draining checks`)\n } else {\n await this.redis.set(redisKey, count.toString(), 'EX', 600) // 10 minute TTL\n this.logger.debug(\n `Runner ${runner.id} draining check passed (${count}/3), all sandboxes have desiredState = DESTROYED`,\n )\n }\n }\n } catch (e) {\n this.logger.error(`Error checking draining runner ${runner.id}`, e)\n }\n }),\n )\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n async updateSchedulingStatus(id: string, unschedulable: boolean): Promise {\n const runner = await this.findOneOrFail(id)\n runner.unschedulable = unschedulable\n await this.runnerRepository.save(runner)\n return runner\n }\n\n async updateDrainingStatus(id: string, draining: boolean): Promise {\n const runner = await this.findOneOrFail(id)\n runner.draining = draining\n await this.runnerRepository.save(runner)\n return runner\n }\n\n async getRandomAvailableRunner(params: GetRunnerParams): Promise {\n const availableRunners = await this.findAvailableRunners(params)\n\n if (availableRunners.length === 0) {\n throw new BadRequestError('No available runners')\n }\n\n // Get random runner from the best available runners\n const randomIntFromInterval = (min: number, max: number) => Math.floor(Math.random() * (max - min + 1) + min)\n\n return availableRunners[randomIntFromInterval(0, availableRunners.length - 1)]\n }\n\n async getSnapshotRunner(runnerId: string, snapshotRef: string): Promise {\n return this.snapshotRunnerRepository.findOne({\n where: {\n runnerId: runnerId,\n snapshotRef: snapshotRef,\n },\n })\n }\n\n async getSnapshotRunners(snapshotRef: string): Promise {\n return this.snapshotRunnerRepository.find({\n where: {\n snapshotRef,\n },\n order: {\n state: 'ASC', // Sorts state BUILDING_SNAPSHOT before ERROR\n createdAt: 'ASC', // Sorts first runner to start building snapshot on top\n },\n })\n }\n\n async createSnapshotRunnerEntry(\n runnerId: string,\n snapshotRef: string,\n state?: SnapshotRunnerState,\n errorReason?: string,\n ): Promise {\n try {\n const snapshotRunner = new SnapshotRunner()\n snapshotRunner.runnerId = runnerId\n snapshotRunner.snapshotRef = snapshotRef\n if (state) {\n snapshotRunner.state = state\n }\n if (errorReason) {\n snapshotRunner.errorReason = errorReason\n }\n await this.snapshotRunnerRepository.save(snapshotRunner)\n } catch (error) {\n if (error.code === '23505') {\n // PostgreSQL unique violation error code - entry already exists, allow it\n this.logger.debug(\n `SnapshotRunner entry already exists for runnerId: ${runnerId}, snapshotRef: ${snapshotRef}. Continuing...`,\n )\n return\n }\n throw error // Re-throw any other errors\n }\n }\n\n // TODO: combine getRunnersWithMultipleSnapshotsBuilding and getRunnersWithMultipleSnapshotsPulling?\n\n async getRunnersWithMultipleSnapshotsBuilding(maxSnapshotCount = 6): Promise {\n const runners = await this.sandboxRepository\n .createQueryBuilder('sandbox')\n .select('sandbox.runnerId', 'runnerId')\n .where('sandbox.state = :state', { state: SandboxState.BUILDING_SNAPSHOT })\n .andWhere('sandbox.buildInfoSnapshotRef IS NOT NULL')\n .groupBy('sandbox.runnerId')\n .having('COUNT(DISTINCT sandbox.buildInfoSnapshotRef) > :maxSnapshotCount', { maxSnapshotCount })\n .getRawMany()\n\n return runners.map((item) => item.runnerId)\n }\n\n async getRunnersWithMultipleSnapshotsPulling(maxSnapshotCount = 6): Promise {\n const runners = await this.snapshotRunnerRepository\n .createQueryBuilder('snapshot_runner')\n .select('snapshot_runner.runnerId')\n .where('snapshot_runner.state = :state', { state: SnapshotRunnerState.PULLING_SNAPSHOT })\n .groupBy('snapshot_runner.runnerId')\n .having('COUNT(*) > :maxSnapshotCount', { maxSnapshotCount })\n .getRawMany()\n\n return runners.map((item) => item.runnerId)\n }\n\n async getRunnersBySnapshotRef(ref: string): Promise {\n const snapshotRunners = await this.snapshotRunnerRepository.find({\n where: {\n snapshotRef: ref,\n state: Not(SnapshotRunnerState.ERROR),\n },\n select: ['runnerId', 'id'],\n })\n\n // Extract distinct runnerIds from snapshot runners\n const runnerIds = [...new Set(snapshotRunners.map((sr) => sr.runnerId))]\n\n // Find all runners with these IDs\n const runners = await this.runnerRepository.find({\n where: { id: In(runnerIds) },\n select: ['id', 'domain'],\n })\n\n this.logger.debug(`Found ${runners.length} runners with IDs: ${runners.map((r) => r.id).join(', ')}`)\n\n // Map to DTO format, including the snapshot runner ID\n return runners.map((runner) => {\n const snapshotRunner = snapshotRunners.find((sr) => sr.runnerId === runner.id)\n return new RunnerSnapshotDto(snapshotRunner.id, runner.id, runner.domain)\n })\n }\n\n async getInitialRunnerBySnapshotId(snapshotId: string): Promise {\n const snapshot = await this.snapshotRepository.findOne({ where: { id: snapshotId } })\n if (!snapshot) {\n throw new NotFoundException('Snapshot runner not found')\n }\n if (!snapshot.initialRunnerId) {\n throw new BadRequestException('Initial runner not found')\n }\n\n return await this.findOneOrFail(snapshot.initialRunnerId)\n }\n\n async getRunnerApiVersion(runnerId: string): Promise {\n const result = await this.runnerRepository.findOneOrFail({\n select: ['apiVersion'],\n where: { id: runnerId },\n cache: {\n id: `runner:apiVersion:${runnerId}`,\n milliseconds: 60 * 60 * 1000, // Cache for 1 hour\n },\n })\n\n return result.apiVersion\n }\n\n private async updateRunner(\n id: string,\n data: Partial>,\n ): Promise {\n const result = await this.runnerRepository.update(id, data)\n this.invalidateRunnerCache(id)\n return result\n }\n\n private invalidateRunnerCache(runnerId: string): void {\n const cache = this.dataSource.queryResultCache\n if (!cache) {\n return\n }\n\n cache\n .remove([runnerLookupCacheKeyById(runnerId)])\n .then(() => this.logger.debug(`Invalidated runner lookup cache for ${runnerId}`))\n .catch((error) =>\n this.logger.warn(\n `Failed to invalidate runner lookup cache for ${runnerId}: ${error instanceof Error ? error.message : String(error)}`,\n ),\n )\n }\n\n private calculateAvailabilityScore(runnerId: string, params: AvailabilityScoreParams): number {\n if (\n params.cpuLoadAverage < 0 ||\n params.cpuUsage < 0 ||\n params.memoryUsage < 0 ||\n params.diskUsage < 0 ||\n params.allocatedCpu < 0 ||\n params.allocatedMemoryGiB < 0 ||\n params.allocatedDiskGiB < 0 ||\n params.startedSandboxes < 0\n ) {\n this.logger.warn(\n `Runner ${runnerId} has negative values for load, CPU, memory, disk, allocated CPU, allocated memory, allocated disk, or started sandboxes`,\n )\n return 0\n }\n\n return this.calculateTOPSISScore(params)\n }\n\n private calculateTOPSISScore(params: AvailabilityScoreParams): number {\n const current = [\n params.cpuUsage,\n params.memoryUsage,\n params.diskUsage,\n // Allocation ratios percentage\n (params.allocatedCpu / params.runnerCpu) * 100,\n (params.allocatedMemoryGiB / params.runnerMemoryGiB) * 100,\n (params.allocatedDiskGiB / params.runnerDiskGiB) * 100,\n params.startedSandboxes, // Raw count, will be normalized against its critical target value\n ]\n\n // Calculate weighted Euclidean distances\n let distanceToOptimal = 0\n let distanceToCritical = 0\n\n for (let i = 0; i < current.length; i++) {\n // Normalize to 0-1 scale\n const normalizedCurrent = current[i] / 100\n const normalizedOptimal = this.scoreConfig.targetValues.optimal[i] / 100\n const normalizedCritical = this.scoreConfig.targetValues.critical[i] / 100\n\n distanceToOptimal += this.scoreConfig.weights[i] * Math.pow(normalizedCurrent - normalizedOptimal, 2)\n distanceToCritical += this.scoreConfig.weights[i] * Math.pow(normalizedCurrent - normalizedCritical, 2)\n }\n\n distanceToOptimal = Math.sqrt(distanceToOptimal)\n distanceToCritical = Math.sqrt(distanceToCritical)\n\n // TOPSIS relative closeness score (0 to 1)\n let topsisScore = distanceToCritical / (distanceToOptimal + distanceToCritical)\n\n // Apply exponential penalties for critical thresholds\n let penaltyMultiplier = 1\n\n if (params.cpuUsage >= this.scoreConfig.penalty.thresholds.cpu) {\n penaltyMultiplier *= Math.exp(\n -this.scoreConfig.penalty.exponents.cpu * (params.cpuUsage - this.scoreConfig.penalty.thresholds.cpu),\n )\n }\n\n if (params.cpuLoadAverage >= this.scoreConfig.penalty.thresholds.cpuLoadAvg) {\n penaltyMultiplier *= Math.exp(\n -this.scoreConfig.penalty.exponents.cpuLoadAvg *\n (params.cpuLoadAverage - this.scoreConfig.penalty.thresholds.cpuLoadAvg),\n )\n }\n\n if (params.memoryUsage >= this.scoreConfig.penalty.thresholds.memory) {\n penaltyMultiplier *= Math.exp(\n -this.scoreConfig.penalty.exponents.memory * (params.memoryUsage - this.scoreConfig.penalty.thresholds.memory),\n )\n }\n\n if (params.diskUsage >= this.scoreConfig.penalty.thresholds.disk) {\n penaltyMultiplier *= Math.exp(\n -this.scoreConfig.penalty.exponents.disk * (params.diskUsage - this.scoreConfig.penalty.thresholds.disk),\n )\n }\n\n // Apply penalty\n topsisScore *= penaltyMultiplier\n\n return Math.round(topsisScore * 100)\n }\n\n private getAvailabilityScoreConfig(): AvailabilityScoreConfig {\n return {\n availabilityThreshold: this.configService.getOrThrow('runnerScore.thresholds.availability'),\n weights: [\n this.configService.getOrThrow('runnerScore.weights.cpuUsage'),\n this.configService.getOrThrow('runnerScore.weights.memoryUsage'),\n this.configService.getOrThrow('runnerScore.weights.diskUsage'),\n this.configService.getOrThrow('runnerScore.weights.allocatedCpu'),\n this.configService.getOrThrow('runnerScore.weights.allocatedMemory'),\n this.configService.getOrThrow('runnerScore.weights.allocatedDisk'),\n this.configService.getOrThrow('runnerScore.weights.startedSandboxes'),\n ],\n penalty: {\n exponents: {\n cpu: this.configService.getOrThrow('runnerScore.penalty.exponents.cpu'),\n cpuLoadAvg: this.configService.getOrThrow('runnerScore.penalty.exponents.cpuLoadAvg'),\n memory: this.configService.getOrThrow('runnerScore.penalty.exponents.memory'),\n disk: this.configService.getOrThrow('runnerScore.penalty.exponents.disk'),\n },\n thresholds: {\n cpu: this.configService.getOrThrow('runnerScore.penalty.thresholds.cpu'),\n cpuLoadAvg: this.configService.getOrThrow('runnerScore.penalty.thresholds.cpuLoadAvg'),\n memory: this.configService.getOrThrow('runnerScore.penalty.thresholds.memory'),\n disk: this.configService.getOrThrow('runnerScore.penalty.thresholds.disk'),\n },\n },\n targetValues: {\n optimal: [\n this.configService.getOrThrow('runnerScore.targetValues.optimal.cpu'),\n this.configService.getOrThrow('runnerScore.targetValues.optimal.memory'),\n this.configService.getOrThrow('runnerScore.targetValues.optimal.disk'),\n this.configService.getOrThrow('runnerScore.targetValues.optimal.allocCpu'),\n this.configService.getOrThrow('runnerScore.targetValues.optimal.allocMem'),\n this.configService.getOrThrow('runnerScore.targetValues.optimal.allocDisk'),\n this.configService.getOrThrow('runnerScore.targetValues.optimal.startedSandboxes'),\n ],\n critical: [\n this.configService.getOrThrow('runnerScore.targetValues.critical.cpu'),\n this.configService.getOrThrow('runnerScore.targetValues.critical.memory'),\n this.configService.getOrThrow('runnerScore.targetValues.critical.disk'),\n this.configService.getOrThrow('runnerScore.targetValues.critical.allocCpu'),\n this.configService.getOrThrow('runnerScore.targetValues.critical.allocMem'),\n this.configService.getOrThrow('runnerScore.targetValues.critical.allocDisk'),\n this.configService.getOrThrow('runnerScore.targetValues.critical.startedSandboxes'),\n ],\n },\n }\n }\n}\n\nexport class GetRunnerParams {\n regions?: string[]\n sandboxClass?: SandboxClass\n snapshotRef?: string\n excludedRunnerIds?: string[]\n availabilityScoreThreshold?: number\n}\n\ninterface AvailabilityScoreParams {\n cpuLoadAverage: number\n cpuUsage: number\n memoryUsage: number\n diskUsage: number\n allocatedCpu: number\n allocatedMemoryGiB: number\n allocatedDiskGiB: number\n startedSandboxes: number\n runnerCpu: number\n runnerMemoryGiB: number\n runnerDiskGiB: number\n}\n\ninterface AvailabilityScoreConfig {\n availabilityThreshold: number\n weights: number[]\n penalty: {\n exponents: {\n cpu: number\n cpuLoadAvg: number\n memory: number\n disk: number\n }\n thresholds: {\n cpu: number\n cpuLoadAvg: number\n memory: number\n disk: number\n }\n }\n targetValues: {\n optimal: number[]\n critical: number[]\n }\n}\n" }, { "path": "apps/api/src/sandbox/services/sandbox-lookup-cache-invalidation.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger } from '@nestjs/common'\nimport { DataSource } from 'typeorm'\nimport {\n sandboxLookupCacheKeyByAuthToken,\n sandboxLookupCacheKeyById,\n sandboxLookupCacheKeyByName,\n sandboxOrgIdCacheKeyById,\n sandboxOrgIdCacheKeyByName,\n} from '../utils/sandbox-lookup-cache.util'\n\ntype InvalidateSandboxLookupCacheArgs =\n | {\n sandboxId: string\n organizationId: string\n name: string\n previousOrganizationId?: string | null\n previousName?: string | null\n }\n | {\n authToken: string\n }\n\n@Injectable()\nexport class SandboxLookupCacheInvalidationService {\n private readonly logger = new Logger(SandboxLookupCacheInvalidationService.name)\n\n constructor(private readonly dataSource: DataSource) {}\n\n invalidate(args: InvalidateSandboxLookupCacheArgs): void {\n const cache = this.dataSource.queryResultCache\n if (!cache) {\n return\n }\n\n if ('authToken' in args) {\n cache\n .remove([sandboxLookupCacheKeyByAuthToken({ authToken: args.authToken })])\n .then(() => this.logger.debug(`Invalidated sandbox lookup cache for authToken ${args.authToken}`))\n .catch((error) =>\n this.logger.warn(\n `Failed to invalidate sandbox lookup cache for authToken ${args.authToken}: ${error instanceof Error ? error.message : String(error)}`,\n ),\n )\n return\n }\n\n const organizationIds = Array.from(\n new Set(\n [args.organizationId, args.previousOrganizationId].filter((id): id is string =>\n Boolean(id && id.trim().length > 0),\n ),\n ),\n )\n const names = Array.from(\n new Set([args.name, args.previousName].filter((n): n is string => Boolean(n && n.trim().length > 0))),\n )\n\n const cacheIds: string[] = []\n for (const organizationId of organizationIds) {\n for (const returnDestroyed of [false, true]) {\n cacheIds.push(\n sandboxLookupCacheKeyById({\n organizationId,\n returnDestroyed,\n sandboxId: args.sandboxId,\n }),\n )\n for (const sandboxName of names) {\n cacheIds.push(\n sandboxLookupCacheKeyByName({\n organizationId,\n returnDestroyed,\n sandboxName,\n }),\n )\n }\n }\n }\n\n if (cacheIds.length === 0) {\n return\n }\n\n cache\n .remove(cacheIds)\n .then(() => this.logger.debug(`Invalidated sandbox lookup cache for ${args.sandboxId}`))\n .catch((error) =>\n this.logger.warn(\n `Failed to invalidate sandbox lookup cache for ${args.sandboxId}: ${error instanceof Error ? error.message : String(error)}`,\n ),\n )\n }\n\n invalidateOrgId(args: {\n sandboxId: string\n organizationId: string\n name: string\n previousOrganizationId?: string | null\n previousName?: string | null\n }): void {\n const cache = this.dataSource.queryResultCache\n if (!cache) {\n return\n }\n\n const organizationIds = Array.from(\n new Set(\n [args.organizationId, args.previousOrganizationId].filter((id): id is string =>\n Boolean(id && id.trim().length > 0),\n ),\n ),\n )\n const names = Array.from(\n new Set([args.name, args.previousName].filter((n): n is string => Boolean(n && n.trim().length > 0))),\n )\n\n const cacheIds: string[] = []\n for (const organizationId of organizationIds) {\n cacheIds.push(\n sandboxOrgIdCacheKeyById({\n organizationId,\n sandboxId: args.sandboxId,\n }),\n )\n for (const sandboxName of names) {\n cacheIds.push(\n sandboxOrgIdCacheKeyByName({\n organizationId,\n sandboxName,\n }),\n )\n }\n }\n\n // Also invalidate the \"no org\" variants (when organizationId was not provided to getOrganizationId)\n cacheIds.push(sandboxOrgIdCacheKeyById({ sandboxId: args.sandboxId }))\n for (const sandboxName of names) {\n cacheIds.push(sandboxOrgIdCacheKeyByName({ sandboxName }))\n }\n\n cache\n .remove(cacheIds)\n .then(() => this.logger.debug(`Invalidated sandbox orgId cache for ${args.sandboxId}`))\n .catch((error) =>\n this.logger.warn(\n `Failed to invalidate sandbox orgId cache for ${args.sandboxId}: ${error instanceof Error ? error.message : String(error)}`,\n ),\n )\n }\n}\n" }, { "path": "apps/api/src/sandbox/services/sandbox-warm-pool.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Inject, Injectable, Logger } from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { Cron, CronExpression } from '@nestjs/schedule'\nimport { FindOptionsWhere, In, MoreThan, Not, Repository } from 'typeorm'\nimport { RedisLockProvider } from '../common/redis-lock.provider'\nimport { SandboxRepository } from '../repositories/sandbox.repository'\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION } from '../constants/sandbox.constants'\nimport { WarmPool } from '../entities/warm-pool.entity'\nimport { EventEmitter2, OnEvent } from '@nestjs/event-emitter'\nimport { SandboxEvents } from '../constants/sandbox-events.constants'\nimport { SandboxOrganizationUpdatedEvent } from '../events/sandbox-organization-updated.event'\nimport { ConfigService } from '@nestjs/config'\nimport { Snapshot } from '../entities/snapshot.entity'\nimport { SnapshotState } from '../enums/snapshot-state.enum'\nimport { SandboxClass } from '../enums/sandbox-class.enum'\nimport { BadRequestError } from '../../exceptions/bad-request.exception'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { Runner } from '../entities/runner.entity'\nimport { WarmPoolTopUpRequested } from '../events/warmpool-topup-requested.event'\nimport { WarmPoolEvents } from '../constants/warmpool-events.constants'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport { SandboxDesiredState } from '../enums/sandbox-desired-state.enum'\nimport { isValidUuid } from '../../common/utils/uuid'\nimport { LogExecution } from '../../common/decorators/log-execution.decorator'\nimport { WithInstrumentation } from '../../common/decorators/otel.decorator'\n\nexport type FetchWarmPoolSandboxParams = {\n snapshot: string | Snapshot\n target: string\n class: SandboxClass\n cpu: number\n mem: number\n disk: number\n gpu: number\n osUser: string\n env: { [key: string]: string }\n organizationId: string\n state: string\n}\n\n@Injectable()\nexport class SandboxWarmPoolService {\n private readonly logger = new Logger(SandboxWarmPoolService.name)\n\n constructor(\n @InjectRepository(WarmPool)\n private readonly warmPoolRepository: Repository,\n private readonly sandboxRepository: SandboxRepository,\n @InjectRepository(Snapshot)\n private readonly snapshotRepository: Repository,\n @InjectRepository(Runner)\n private readonly runnerRepository: Repository,\n private readonly redisLockProvider: RedisLockProvider,\n private readonly configService: ConfigService,\n @Inject(EventEmitter2)\n private eventEmitter: EventEmitter2,\n @InjectRedis() private readonly redis: Redis,\n ) {}\n\n // on init\n async onApplicationBootstrap() {\n // await this.adHocBackupCheck()\n }\n\n async fetchWarmPoolSandbox(params: FetchWarmPoolSandboxParams): Promise {\n // validate snapshot\n let snapshot: Snapshot | null = null\n if (typeof params.snapshot === 'string') {\n const sandboxSnapshot = params.snapshot || this.configService.get('DEFAULT_SNAPSHOT')\n\n const snapshotFilter: FindOptionsWhere[] = [\n { organizationId: params.organizationId, name: sandboxSnapshot, state: SnapshotState.ACTIVE },\n { general: true, name: sandboxSnapshot, state: SnapshotState.ACTIVE },\n ]\n\n if (isValidUuid(sandboxSnapshot)) {\n snapshotFilter.push(\n { organizationId: params.organizationId, id: sandboxSnapshot, state: SnapshotState.ACTIVE },\n { general: true, id: sandboxSnapshot, state: SnapshotState.ACTIVE },\n )\n }\n\n snapshot = await this.snapshotRepository.findOne({\n where: snapshotFilter,\n })\n if (!snapshot) {\n throw new BadRequestError(\n `Snapshot ${sandboxSnapshot} not found. Did you add it through the Daytona Dashboard?`,\n )\n }\n } else {\n snapshot = params.snapshot\n }\n\n // check if sandbox is warm pool\n const warmPoolItem = await this.warmPoolRepository.findOne({\n where: {\n snapshot: snapshot.name,\n target: params.target,\n class: params.class,\n cpu: params.cpu,\n mem: params.mem,\n disk: params.disk,\n gpu: params.gpu,\n osUser: params.osUser,\n env: params.env,\n pool: MoreThan(0),\n },\n })\n if (warmPoolItem) {\n const availabilityScoreThreshold = this.configService.getOrThrow('runnerScore.thresholds.availability')\n\n // Build subquery to find excluded runners (unschedulable OR low score)\n const excludedRunnersSubquery = this.runnerRepository\n .createQueryBuilder('runner')\n .select('runner.id')\n .where('runner.region = :region')\n .andWhere('(runner.unschedulable = true OR runner.availabilityScore < :scoreThreshold)')\n\n const queryBuilder = this.sandboxRepository\n .createQueryBuilder('sandbox')\n .where('sandbox.class = :class', { class: warmPoolItem.class })\n .andWhere('sandbox.cpu = :cpu', { cpu: warmPoolItem.cpu })\n .andWhere('sandbox.mem = :mem', { mem: warmPoolItem.mem })\n .andWhere('sandbox.disk = :disk', { disk: warmPoolItem.disk })\n .andWhere('sandbox.snapshot = :snapshot', { snapshot: snapshot.name })\n .andWhere('sandbox.osUser = :osUser', { osUser: warmPoolItem.osUser })\n .andWhere('sandbox.env = :env', { env: warmPoolItem.env })\n .andWhere('sandbox.organizationId = :organizationId', {\n organizationId: SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION,\n })\n .andWhere('sandbox.region = :region', { region: warmPoolItem.target })\n .andWhere('sandbox.state = :state', { state: SandboxState.STARTED })\n .andWhere(`sandbox.runnerId NOT IN (${excludedRunnersSubquery.getQuery()})`)\n .setParameters({\n region: warmPoolItem.target,\n scoreThreshold: availabilityScoreThreshold,\n })\n\n const candidateLimit = this.configService.getOrThrow('warmPool.candidateLimit')\n const warmPoolSandboxes = await queryBuilder.orderBy('RANDOM()').take(candidateLimit).getMany()\n\n // make sure we only release warm pool sandbox once\n let warmPoolSandbox: Sandbox | null = null\n for (const sandbox of warmPoolSandboxes) {\n const lockKey = `sandbox-warm-pool-${sandbox.id}`\n if (!(await this.redisLockProvider.lock(lockKey, 10))) {\n continue\n }\n\n warmPoolSandbox = sandbox\n break\n }\n\n return warmPoolSandbox\n }\n\n // no warm pool config exists for this snapshot — cache it so callers can skip\n await this.redis.set(`warm-pool:skip:${snapshot.id}`, '1', 'EX', 60)\n\n return null\n }\n\n // todo: make frequency configurable or more efficient\n @Cron(CronExpression.EVERY_10_SECONDS, { name: 'warm-pool-check' })\n @LogExecution('warm-pool-check')\n @WithInstrumentation()\n async warmPoolCheck(): Promise {\n const warmPoolItems = await this.warmPoolRepository.find()\n\n await Promise.all(\n warmPoolItems.map(async (warmPoolItem) => {\n const lockKey = `warm-pool-lock-${warmPoolItem.id}`\n if (!(await this.redisLockProvider.lock(lockKey, 720))) {\n return\n }\n\n const sandboxCount = await this.sandboxRepository.count({\n where: {\n snapshot: warmPoolItem.snapshot,\n organizationId: SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION,\n class: warmPoolItem.class,\n osUser: warmPoolItem.osUser,\n env: warmPoolItem.env,\n region: warmPoolItem.target,\n cpu: warmPoolItem.cpu,\n gpu: warmPoolItem.gpu,\n mem: warmPoolItem.mem,\n disk: warmPoolItem.disk,\n desiredState: SandboxDesiredState.STARTED,\n state: Not(In([SandboxState.ERROR, SandboxState.BUILD_FAILED])),\n },\n })\n\n const missingCount = warmPoolItem.pool - sandboxCount\n if (missingCount > 0) {\n const promises = []\n this.logger.debug(`Creating ${missingCount} sandboxes for warm pool id ${warmPoolItem.id}`)\n\n for (let i = 0; i < missingCount; i++) {\n promises.push(\n this.eventEmitter.emitAsync(WarmPoolEvents.TOPUP_REQUESTED, new WarmPoolTopUpRequested(warmPoolItem)),\n )\n }\n\n // Wait for all promises to settle before releasing the lock. Otherwise, another worker could start creating sandboxes\n await Promise.allSettled(promises)\n }\n\n await this.redisLockProvider.unlock(lockKey)\n }),\n )\n }\n\n @OnEvent(SandboxEvents.ORGANIZATION_UPDATED)\n async handleSandboxOrganizationUpdated(event: SandboxOrganizationUpdatedEvent) {\n if (event.newOrganizationId === SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION) {\n return\n }\n const warmPoolItem = await this.warmPoolRepository.findOne({\n where: {\n snapshot: event.sandbox.snapshot,\n class: event.sandbox.class,\n cpu: event.sandbox.cpu,\n mem: event.sandbox.mem,\n disk: event.sandbox.disk,\n target: event.sandbox.region,\n env: event.sandbox.env,\n gpu: event.sandbox.gpu,\n osUser: event.sandbox.osUser,\n },\n })\n\n if (!warmPoolItem) {\n return\n }\n\n const sandboxCount = await this.sandboxRepository.count({\n where: {\n snapshot: warmPoolItem.snapshot,\n organizationId: SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION,\n class: warmPoolItem.class,\n osUser: warmPoolItem.osUser,\n env: warmPoolItem.env,\n region: warmPoolItem.target,\n cpu: warmPoolItem.cpu,\n gpu: warmPoolItem.gpu,\n mem: warmPoolItem.mem,\n disk: warmPoolItem.disk,\n desiredState: SandboxDesiredState.STARTED,\n state: Not(In([SandboxState.ERROR, SandboxState.BUILD_FAILED])),\n },\n })\n\n if (warmPoolItem.pool <= sandboxCount) {\n return\n }\n\n if (warmPoolItem) {\n this.eventEmitter.emit(WarmPoolEvents.TOPUP_REQUESTED, new WarmPoolTopUpRequested(warmPoolItem))\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/services/sandbox.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ForbiddenException, Injectable, Logger, NotFoundException, ConflictException } from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { Not, Repository, LessThan, In, JsonContains, FindOptionsWhere, ILike } from 'typeorm'\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { CreateSandboxDto } from '../dto/create-sandbox.dto'\nimport { ResizeSandboxDto } from '../dto/resize-sandbox.dto'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { SandboxClass } from '../enums/sandbox-class.enum'\nimport { SandboxDesiredState } from '../enums/sandbox-desired-state.enum'\nimport { RunnerService } from './runner.service'\nimport { SandboxError } from '../../exceptions/sandbox-error.exception'\nimport { BadRequestError } from '../../exceptions/bad-request.exception'\nimport { Cron, CronExpression } from '@nestjs/schedule'\nimport { BackupState } from '../enums/backup-state.enum'\nimport { Snapshot } from '../entities/snapshot.entity'\nimport { SnapshotState } from '../enums/snapshot-state.enum'\nimport { SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION } from '../constants/sandbox.constants'\nimport { SandboxWarmPoolService } from './sandbox-warm-pool.service'\nimport { EventEmitter2, OnEvent } from '@nestjs/event-emitter'\nimport { WarmPoolEvents } from '../constants/warmpool-events.constants'\nimport { WarmPoolTopUpRequested } from '../events/warmpool-topup-requested.event'\nimport { Runner } from '../entities/runner.entity'\nimport { Organization } from '../../organization/entities/organization.entity'\nimport { SandboxEvents } from '../constants/sandbox-events.constants'\nimport { SandboxStateUpdatedEvent } from '../events/sandbox-state-updated.event'\nimport { BuildInfo } from '../entities/build-info.entity'\nimport { generateBuildInfoHash as generateBuildSnapshotRef } from '../entities/build-info.entity'\nimport { SandboxBackupCreatedEvent } from '../events/sandbox-backup-created.event'\nimport { SandboxDestroyedEvent } from '../events/sandbox-destroyed.event'\nimport { SandboxStartedEvent } from '../events/sandbox-started.event'\nimport { SandboxStoppedEvent } from '../events/sandbox-stopped.event'\nimport { SandboxArchivedEvent } from '../events/sandbox-archived.event'\nimport { OrganizationService } from '../../organization/services/organization.service'\nimport { OrganizationEvents } from '../../organization/constants/organization-events.constant'\nimport { OrganizationSuspendedSandboxStoppedEvent } from '../../organization/events/organization-suspended-sandbox-stopped.event'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { WarmPool } from '../entities/warm-pool.entity'\nimport { SandboxDto, SandboxVolume } from '../dto/sandbox.dto'\nimport { isValidUuid } from '../../common/utils/uuid'\nimport { RunnerAdapterFactory } from '../runner-adapter/runnerAdapter'\nimport { validateNetworkAllowList } from '../utils/network-validation.util'\nimport { OrganizationUsageService } from '../../organization/services/organization-usage.service'\nimport { SshAccess } from '../entities/ssh-access.entity'\nimport { SshAccessDto, SshAccessValidationDto } from '../dto/ssh-access.dto'\nimport { VolumeService } from './volume.service'\nimport { PaginatedList } from '../../common/interfaces/paginated-list.interface'\nimport {\n SandboxSortField,\n SandboxSortDirection,\n DEFAULT_SANDBOX_SORT_FIELD,\n DEFAULT_SANDBOX_SORT_DIRECTION,\n} from '../dto/list-sandboxes-query.dto'\nimport { createRangeFilter } from '../../common/utils/range-filter'\nimport { LogExecution } from '../../common/decorators/log-execution.decorator'\nimport {\n UPGRADE_TIER_MESSAGE,\n ARCHIVE_SANDBOXES_MESSAGE,\n PER_SANDBOX_LIMIT_MESSAGE,\n} from '../../common/constants/error-messages'\nimport { RedisLockProvider } from '../common/redis-lock.provider'\nimport { customAlphabet as customNanoid, nanoid, urlAlphabet } from 'nanoid'\nimport { WithInstrumentation } from '../../common/decorators/otel.decorator'\nimport { validateMountPaths, validateSubpaths } from '../utils/volume-mount-path-validation.util'\nimport { SandboxRepository } from '../repositories/sandbox.repository'\nimport { PortPreviewUrlDto, SignedPortPreviewUrlDto } from '../dto/port-preview-url.dto'\nimport { RegionService } from '../../region/services/region.service'\nimport { DefaultRegionRequiredException } from '../../organization/exceptions/DefaultRegionRequiredException'\nimport { SnapshotService } from './snapshot.service'\nimport { RegionType } from '../../region/enums/region-type.enum'\nimport { SandboxCreatedEvent } from '../events/sandbox-create.event'\nimport { InjectRedis } from '@nestjs-modules/ioredis'\nimport { Redis } from 'ioredis'\nimport {\n SANDBOX_LOOKUP_CACHE_TTL_MS,\n SANDBOX_ORG_ID_CACHE_TTL_MS,\n TOOLBOX_PROXY_URL_CACHE_TTL_S,\n sandboxLookupCacheKeyById,\n sandboxLookupCacheKeyByName,\n sandboxOrgIdCacheKeyById,\n sandboxOrgIdCacheKeyByName,\n toolboxProxyUrlCacheKey,\n} from '../utils/sandbox-lookup-cache.util'\nimport { SandboxLookupCacheInvalidationService } from './sandbox-lookup-cache-invalidation.service'\nimport { Region } from '../../region/entities/region.entity'\n\nconst DEFAULT_CPU = 1\nconst DEFAULT_MEMORY = 1\nconst DEFAULT_DISK = 3\nconst DEFAULT_GPU = 0\n\n@Injectable()\nexport class SandboxService {\n private readonly logger = new Logger(SandboxService.name)\n\n constructor(\n private readonly sandboxRepository: SandboxRepository,\n @InjectRepository(Snapshot)\n private readonly snapshotRepository: Repository,\n @InjectRepository(Runner)\n private readonly runnerRepository: Repository,\n @InjectRepository(BuildInfo)\n private readonly buildInfoRepository: Repository,\n @InjectRepository(SshAccess)\n private readonly sshAccessRepository: Repository,\n private readonly runnerService: RunnerService,\n private readonly volumeService: VolumeService,\n private readonly configService: TypedConfigService,\n private readonly warmPoolService: SandboxWarmPoolService,\n private readonly eventEmitter: EventEmitter2,\n private readonly organizationService: OrganizationService,\n private readonly runnerAdapterFactory: RunnerAdapterFactory,\n private readonly organizationUsageService: OrganizationUsageService,\n private readonly redisLockProvider: RedisLockProvider,\n @InjectRedis() private readonly redis: Redis,\n private readonly regionService: RegionService,\n private readonly snapshotService: SnapshotService,\n private readonly sandboxLookupCacheInvalidationService: SandboxLookupCacheInvalidationService,\n ) {}\n\n protected getLockKey(id: string): string {\n return `sandbox:${id}:state-change`\n }\n\n private assertSandboxNotErrored(sandbox: Sandbox): void {\n if ([SandboxState.ERROR, SandboxState.BUILD_FAILED].includes(sandbox.state)) {\n throw new SandboxError('Sandbox is in an errored state')\n }\n }\n\n private async validateOrganizationQuotas(\n organization: Organization,\n region: Region,\n cpu: number,\n memory: number,\n disk: number,\n excludeSandboxId?: string,\n ): Promise<{\n pendingCpuIncremented: boolean\n pendingMemoryIncremented: boolean\n pendingDiskIncremented: boolean\n }> {\n // validate per-sandbox quotas\n if (cpu > organization.maxCpuPerSandbox) {\n throw new ForbiddenException(\n `CPU request ${cpu} exceeds maximum allowed per sandbox (${organization.maxCpuPerSandbox}).\\n${PER_SANDBOX_LIMIT_MESSAGE}`,\n )\n }\n if (memory > organization.maxMemoryPerSandbox) {\n throw new ForbiddenException(\n `Memory request ${memory}GB exceeds maximum allowed per sandbox (${organization.maxMemoryPerSandbox}GB).\\n${PER_SANDBOX_LIMIT_MESSAGE}`,\n )\n }\n if (disk > organization.maxDiskPerSandbox) {\n throw new ForbiddenException(\n `Disk request ${disk}GB exceeds maximum allowed per sandbox (${organization.maxDiskPerSandbox}GB).\\n${PER_SANDBOX_LIMIT_MESSAGE}`,\n )\n }\n\n // e.g. region belonging to an organization\n if (!region.enforceQuotas) {\n return {\n pendingCpuIncremented: false,\n pendingMemoryIncremented: false,\n pendingDiskIncremented: false,\n }\n }\n\n const regionQuota = await this.organizationService.getRegionQuota(organization.id, region.id)\n\n if (!regionQuota) {\n if (region.regionType === RegionType.SHARED) {\n // region is public, but the organization does not have a quota for it\n throw new ForbiddenException(`Region ${region.id} is not available to the organization`)\n } else {\n // region is not public, respond as if the region was not found\n throw new NotFoundException('Region not found')\n }\n }\n\n // validate usage quotas\n const {\n cpuIncremented: pendingCpuIncremented,\n memoryIncremented: pendingMemoryIncremented,\n diskIncremented: pendingDiskIncremented,\n } = await this.organizationUsageService.incrementPendingSandboxUsage(\n organization.id,\n region.id,\n cpu,\n memory,\n disk,\n excludeSandboxId,\n )\n\n const usageOverview = await this.organizationUsageService.getSandboxUsageOverview(\n organization.id,\n region.id,\n excludeSandboxId,\n )\n\n try {\n const upgradeTierMessage = UPGRADE_TIER_MESSAGE(this.configService.getOrThrow('dashboardUrl'))\n\n if (usageOverview.currentCpuUsage + usageOverview.pendingCpuUsage > regionQuota.totalCpuQuota) {\n throw new ForbiddenException(\n `Total CPU limit exceeded. Maximum allowed: ${regionQuota.totalCpuQuota}.\\n${upgradeTierMessage}`,\n )\n }\n\n if (usageOverview.currentMemoryUsage + usageOverview.pendingMemoryUsage > regionQuota.totalMemoryQuota) {\n throw new ForbiddenException(\n `Total memory limit exceeded. Maximum allowed: ${regionQuota.totalMemoryQuota}GiB.\\n${upgradeTierMessage}`,\n )\n }\n\n if (usageOverview.currentDiskUsage + usageOverview.pendingDiskUsage > regionQuota.totalDiskQuota) {\n throw new ForbiddenException(\n `Total disk limit exceeded. Maximum allowed: ${regionQuota.totalDiskQuota}GiB.\\n${ARCHIVE_SANDBOXES_MESSAGE}\\n${upgradeTierMessage}`,\n )\n }\n } catch (error) {\n await this.rollbackPendingUsage(\n organization.id,\n region.id,\n pendingCpuIncremented ? cpu : undefined,\n pendingMemoryIncremented ? memory : undefined,\n pendingDiskIncremented ? disk : undefined,\n )\n throw error\n }\n\n return {\n pendingCpuIncremented,\n pendingMemoryIncremented,\n pendingDiskIncremented,\n }\n }\n\n async rollbackPendingUsage(\n organizationId: string,\n regionId: string,\n pendingCpuIncrement?: number,\n pendingMemoryIncrement?: number,\n pendingDiskIncrement?: number,\n ): Promise {\n if (!pendingCpuIncrement && !pendingMemoryIncrement && !pendingDiskIncrement) {\n return\n }\n\n try {\n await this.organizationUsageService.decrementPendingSandboxUsage(\n organizationId,\n regionId,\n pendingCpuIncrement,\n pendingMemoryIncrement,\n pendingDiskIncrement,\n )\n } catch (error) {\n this.logger.error(`Error rolling back pending sandbox usage: ${error}`)\n }\n }\n\n async archive(sandboxIdOrName: string, organizationId?: string): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n\n this.assertSandboxNotErrored(sandbox)\n\n if (String(sandbox.state) !== String(sandbox.desiredState)) {\n throw new SandboxError('State change in progress')\n }\n\n if (sandbox.state !== SandboxState.STOPPED) {\n throw new SandboxError('Sandbox is not stopped')\n }\n\n if (sandbox.pending) {\n throw new SandboxError('Sandbox state change in progress')\n }\n\n if (sandbox.autoDeleteInterval === 0) {\n throw new SandboxError('Ephemeral sandboxes cannot be archived')\n }\n\n const updateData: Partial = {\n state: SandboxState.ARCHIVING,\n desiredState: SandboxDesiredState.ARCHIVED,\n }\n\n const updatedSandbox = await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { pending: false, state: SandboxState.STOPPED },\n })\n\n this.eventEmitter.emit(SandboxEvents.ARCHIVED, new SandboxArchivedEvent(updatedSandbox))\n return updatedSandbox\n }\n\n async createForWarmPool(warmPoolItem: WarmPool): Promise {\n const sandbox = new Sandbox(warmPoolItem.target)\n\n sandbox.organizationId = SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION\n\n sandbox.class = warmPoolItem.class\n sandbox.snapshot = warmPoolItem.snapshot\n // TODO: default user should be configurable\n sandbox.osUser = 'daytona'\n sandbox.env = warmPoolItem.env || {}\n\n sandbox.cpu = warmPoolItem.cpu\n sandbox.gpu = warmPoolItem.gpu\n sandbox.mem = warmPoolItem.mem\n sandbox.disk = warmPoolItem.disk\n\n const snapshot = await this.snapshotRepository.findOne({\n where: [\n { organizationId: sandbox.organizationId, name: sandbox.snapshot, state: SnapshotState.ACTIVE },\n { general: true, name: sandbox.snapshot, state: SnapshotState.ACTIVE },\n ],\n })\n if (!snapshot) {\n throw new BadRequestError(`Snapshot ${sandbox.snapshot} not found while creating warm pool sandbox`)\n }\n\n const runner = await this.runnerService.getRandomAvailableRunner({\n regions: [sandbox.region],\n sandboxClass: sandbox.class,\n snapshotRef: snapshot.ref,\n })\n\n sandbox.runnerId = runner.id\n sandbox.pending = true\n\n await this.sandboxRepository.insert(sandbox)\n return sandbox\n }\n\n async createFromSnapshot(\n createSandboxDto: CreateSandboxDto,\n organization: Organization,\n useSandboxResourceParams_deprecated?: boolean,\n ): Promise {\n let pendingCpuIncrement: number | undefined\n let pendingMemoryIncrement: number | undefined\n let pendingDiskIncrement: number | undefined\n\n const region = await this.getValidatedOrDefaultRegion(organization, createSandboxDto.target)\n\n try {\n const sandboxClass = this.getValidatedOrDefaultClass(createSandboxDto.class)\n\n let snapshotIdOrName = createSandboxDto.snapshot\n\n if (!createSandboxDto.snapshot?.trim()) {\n snapshotIdOrName = this.configService.getOrThrow('defaultSnapshot')\n }\n\n const snapshotFilter: FindOptionsWhere[] = [\n { organizationId: organization.id, name: snapshotIdOrName },\n { general: true, name: snapshotIdOrName },\n ]\n\n if (isValidUuid(snapshotIdOrName)) {\n snapshotFilter.push(\n { organizationId: organization.id, id: snapshotIdOrName },\n { general: true, id: snapshotIdOrName },\n )\n }\n\n const snapshots = await this.snapshotRepository.find({\n where: snapshotFilter,\n })\n\n if (snapshots.length === 0) {\n throw new BadRequestError(\n `Snapshot ${snapshotIdOrName} not found. Did you add it through the Daytona Dashboard?`,\n )\n }\n\n let snapshot = snapshots.find((s) => s.state === SnapshotState.ACTIVE)\n\n if (!snapshot) {\n snapshot = snapshots[0]\n }\n\n if (!(await this.snapshotService.isAvailableInRegion(snapshot.id, region.id))) {\n throw new BadRequestError(`Snapshot ${snapshotIdOrName} is not available in region ${region.id}`)\n }\n\n if (snapshot.state !== SnapshotState.ACTIVE) {\n throw new BadRequestError(`Snapshot ${snapshotIdOrName} is ${snapshot.state}`)\n }\n\n if (!snapshot.ref) {\n throw new BadRequestError('Snapshot ref is not defined')\n }\n\n let cpu = snapshot.cpu\n let mem = snapshot.mem\n let disk = snapshot.disk\n let gpu = snapshot.gpu\n\n // Remove the deprecated behavior in a future release\n if (useSandboxResourceParams_deprecated) {\n if (createSandboxDto.cpu) {\n cpu = createSandboxDto.cpu\n }\n if (createSandboxDto.memory) {\n mem = createSandboxDto.memory\n }\n if (createSandboxDto.disk) {\n disk = createSandboxDto.disk\n }\n if (createSandboxDto.gpu) {\n gpu = createSandboxDto.gpu\n }\n }\n\n this.organizationService.assertOrganizationIsNotSuspended(organization)\n\n const { pendingCpuIncremented, pendingMemoryIncremented, pendingDiskIncremented } =\n await this.validateOrganizationQuotas(organization, region, cpu, mem, disk)\n\n if (pendingCpuIncremented) {\n pendingCpuIncrement = cpu\n }\n if (pendingMemoryIncremented) {\n pendingMemoryIncrement = mem\n }\n if (pendingDiskIncremented) {\n pendingDiskIncrement = disk\n }\n\n if (!createSandboxDto.volumes || createSandboxDto.volumes.length === 0) {\n const skipWarmPool = (await this.redis.exists(`warm-pool:skip:${snapshot.id}`)) === 1\n\n if (!skipWarmPool) {\n const warmPoolSandbox = await this.warmPoolService.fetchWarmPoolSandbox({\n organizationId: organization.id,\n snapshot,\n target: region.id,\n class: createSandboxDto.class,\n cpu: cpu,\n mem: mem,\n disk: disk,\n gpu: gpu,\n osUser: createSandboxDto.user,\n env: createSandboxDto.env,\n state: SandboxState.STARTED,\n })\n\n if (warmPoolSandbox) {\n return await this.assignWarmPoolSandbox(warmPoolSandbox, createSandboxDto, organization)\n }\n }\n } else {\n const volumeIdOrNames = createSandboxDto.volumes.map((v) => v.volumeId)\n await this.volumeService.validateVolumes(organization.id, volumeIdOrNames)\n }\n\n const runner = await this.runnerService.getRandomAvailableRunner({\n regions: [region.id],\n sandboxClass,\n snapshotRef: snapshot.ref,\n })\n\n const sandbox = new Sandbox(region.id, createSandboxDto.name)\n\n sandbox.organizationId = organization.id\n\n // TODO: make configurable\n sandbox.class = sandboxClass\n sandbox.snapshot = snapshot.name\n // TODO: default user should be configurable\n sandbox.osUser = createSandboxDto.user || 'daytona'\n sandbox.env = createSandboxDto.env || {}\n sandbox.labels = createSandboxDto.labels || {}\n\n sandbox.cpu = cpu\n sandbox.gpu = gpu\n sandbox.mem = mem\n sandbox.disk = disk\n\n sandbox.public = createSandboxDto.public || false\n\n if (createSandboxDto.networkBlockAll !== undefined) {\n sandbox.networkBlockAll = createSandboxDto.networkBlockAll\n }\n\n if (createSandboxDto.networkAllowList !== undefined) {\n sandbox.networkAllowList = this.resolveNetworkAllowList(createSandboxDto.networkAllowList)\n }\n\n if (createSandboxDto.autoStopInterval !== undefined) {\n sandbox.autoStopInterval = this.resolveAutoStopInterval(createSandboxDto.autoStopInterval)\n }\n\n if (createSandboxDto.autoArchiveInterval !== undefined) {\n sandbox.autoArchiveInterval = this.resolveAutoArchiveInterval(createSandboxDto.autoArchiveInterval)\n }\n\n if (createSandboxDto.autoDeleteInterval !== undefined) {\n sandbox.autoDeleteInterval = createSandboxDto.autoDeleteInterval\n }\n\n if (createSandboxDto.volumes !== undefined) {\n sandbox.volumes = this.resolveVolumes(createSandboxDto.volumes)\n }\n\n sandbox.runnerId = runner.id\n sandbox.pending = true\n\n const insertedSandbox = await this.sandboxRepository.insert(sandbox)\n\n this.eventEmitter.emit(SandboxEvents.CREATED, new SandboxCreatedEvent(insertedSandbox))\n\n return this.toSandboxDto(insertedSandbox)\n } catch (error) {\n await this.rollbackPendingUsage(\n organization.id,\n region.id,\n pendingCpuIncrement,\n pendingMemoryIncrement,\n pendingDiskIncrement,\n )\n\n if (error.code === '23505') {\n throw new ConflictException(`Sandbox with name ${createSandboxDto.name} already exists`)\n }\n\n throw error\n }\n }\n\n private async assignWarmPoolSandbox(\n warmPoolSandbox: Sandbox,\n createSandboxDto: CreateSandboxDto,\n organization: Organization,\n ): Promise {\n const now = new Date()\n const updateData: Partial = {\n public: createSandboxDto.public || false,\n labels: createSandboxDto.labels || {},\n organizationId: organization.id,\n createdAt: now,\n lastActivityAt: now,\n }\n\n if (createSandboxDto.name) {\n updateData.name = createSandboxDto.name\n }\n\n if (createSandboxDto.autoStopInterval !== undefined) {\n updateData.autoStopInterval = this.resolveAutoStopInterval(createSandboxDto.autoStopInterval)\n }\n\n if (createSandboxDto.autoArchiveInterval !== undefined) {\n updateData.autoArchiveInterval = this.resolveAutoArchiveInterval(createSandboxDto.autoArchiveInterval)\n }\n\n if (createSandboxDto.autoDeleteInterval !== undefined) {\n updateData.autoDeleteInterval = createSandboxDto.autoDeleteInterval\n }\n\n if (createSandboxDto.networkBlockAll !== undefined) {\n updateData.networkBlockAll = createSandboxDto.networkBlockAll\n }\n\n if (createSandboxDto.networkAllowList !== undefined) {\n updateData.networkAllowList = this.resolveNetworkAllowList(createSandboxDto.networkAllowList)\n }\n\n if (!warmPoolSandbox.runnerId) {\n throw new SandboxError('Runner not found for warm pool sandbox')\n }\n\n if (\n createSandboxDto.networkBlockAll !== undefined ||\n createSandboxDto.networkAllowList !== undefined ||\n organization.sandboxLimitedNetworkEgress\n ) {\n const runner = await this.runnerService.findOneOrFail(warmPoolSandbox.runnerId)\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n await runnerAdapter.updateNetworkSettings(\n warmPoolSandbox.id,\n createSandboxDto.networkBlockAll,\n createSandboxDto.networkAllowList,\n organization.sandboxLimitedNetworkEgress,\n )\n }\n\n const updatedSandbox = await this.sandboxRepository.update(warmPoolSandbox.id, {\n updateData,\n entity: warmPoolSandbox,\n })\n\n // Defensive invalidation of orgId cache since the sandbox moved from unassigned to a real organization\n this.sandboxLookupCacheInvalidationService.invalidateOrgId({\n sandboxId: warmPoolSandbox.id,\n organizationId: organization.id,\n name: warmPoolSandbox.name,\n previousOrganizationId: SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION,\n })\n\n // Treat this as a newly started sandbox\n this.eventEmitter.emit(\n SandboxEvents.STATE_UPDATED,\n new SandboxStateUpdatedEvent(updatedSandbox, SandboxState.STARTED, SandboxState.STARTED),\n )\n return this.toSandboxDto(updatedSandbox)\n }\n\n async createFromBuildInfo(createSandboxDto: CreateSandboxDto, organization: Organization): Promise {\n let pendingCpuIncrement: number | undefined\n let pendingMemoryIncrement: number | undefined\n let pendingDiskIncrement: number | undefined\n\n const region = await this.getValidatedOrDefaultRegion(organization, createSandboxDto.target)\n\n try {\n const sandboxClass = this.getValidatedOrDefaultClass(createSandboxDto.class)\n\n const cpu = createSandboxDto.cpu || DEFAULT_CPU\n const mem = createSandboxDto.memory || DEFAULT_MEMORY\n const disk = createSandboxDto.disk || DEFAULT_DISK\n const gpu = createSandboxDto.gpu || DEFAULT_GPU\n\n this.organizationService.assertOrganizationIsNotSuspended(organization)\n\n const { pendingCpuIncremented, pendingMemoryIncremented, pendingDiskIncremented } =\n await this.validateOrganizationQuotas(organization, region, cpu, mem, disk)\n\n if (pendingCpuIncremented) {\n pendingCpuIncrement = cpu\n }\n if (pendingMemoryIncremented) {\n pendingMemoryIncrement = mem\n }\n if (pendingDiskIncremented) {\n pendingDiskIncrement = disk\n }\n\n if (createSandboxDto.volumes && createSandboxDto.volumes.length > 0) {\n const volumeIdOrNames = createSandboxDto.volumes.map((v) => v.volumeId)\n await this.volumeService.validateVolumes(organization.id, volumeIdOrNames)\n }\n\n const sandbox = new Sandbox(region.id, createSandboxDto.name)\n\n sandbox.organizationId = organization.id\n\n sandbox.class = sandboxClass\n sandbox.osUser = createSandboxDto.user || 'daytona'\n sandbox.env = createSandboxDto.env || {}\n sandbox.labels = createSandboxDto.labels || {}\n\n sandbox.cpu = cpu\n sandbox.gpu = gpu\n sandbox.mem = mem\n sandbox.disk = disk\n sandbox.public = createSandboxDto.public || false\n\n if (createSandboxDto.networkBlockAll !== undefined) {\n sandbox.networkBlockAll = createSandboxDto.networkBlockAll\n }\n\n if (createSandboxDto.networkAllowList !== undefined) {\n sandbox.networkAllowList = this.resolveNetworkAllowList(createSandboxDto.networkAllowList)\n }\n\n if (createSandboxDto.autoStopInterval !== undefined) {\n sandbox.autoStopInterval = this.resolveAutoStopInterval(createSandboxDto.autoStopInterval)\n }\n\n if (createSandboxDto.autoArchiveInterval !== undefined) {\n sandbox.autoArchiveInterval = this.resolveAutoArchiveInterval(createSandboxDto.autoArchiveInterval)\n }\n\n if (createSandboxDto.autoDeleteInterval !== undefined) {\n sandbox.autoDeleteInterval = createSandboxDto.autoDeleteInterval\n }\n\n if (createSandboxDto.volumes !== undefined) {\n sandbox.volumes = this.resolveVolumes(createSandboxDto.volumes)\n }\n\n const buildInfoSnapshotRef = generateBuildSnapshotRef(\n createSandboxDto.buildInfo.dockerfileContent,\n createSandboxDto.buildInfo.contextHashes,\n )\n\n // Check if buildInfo with the same snapshotRef already exists\n const existingBuildInfo = await this.buildInfoRepository.findOne({\n where: { snapshotRef: buildInfoSnapshotRef },\n })\n\n if (existingBuildInfo) {\n sandbox.buildInfo = existingBuildInfo\n if (await this.redisLockProvider.lock(`build-info:${existingBuildInfo.snapshotRef}:update`, 60)) {\n await this.buildInfoRepository.update(sandbox.buildInfo.snapshotRef, { lastUsedAt: new Date() })\n }\n } else {\n const buildInfoEntity = this.buildInfoRepository.create({\n ...createSandboxDto.buildInfo,\n })\n await this.buildInfoRepository.save(buildInfoEntity)\n sandbox.buildInfo = buildInfoEntity\n }\n\n let runner: Runner\n\n try {\n const declarativeBuildScoreThreshold = this.configService.get('runnerScore.thresholds.declarativeBuild')\n runner = await this.runnerService.getRandomAvailableRunner({\n regions: [sandbox.region],\n sandboxClass: sandbox.class,\n snapshotRef: sandbox.buildInfo.snapshotRef,\n ...(declarativeBuildScoreThreshold !== undefined && {\n availabilityScoreThreshold: declarativeBuildScoreThreshold,\n }),\n })\n sandbox.runnerId = runner.id\n } catch (error) {\n if (\n error instanceof BadRequestError == false ||\n error.message !== 'No available runners' ||\n !sandbox.buildInfo\n ) {\n throw error\n }\n sandbox.state = SandboxState.PENDING_BUILD\n }\n\n sandbox.pending = true\n\n const insertedSandbox = await this.sandboxRepository.insert(sandbox)\n\n this.eventEmitter.emit(SandboxEvents.CREATED, new SandboxCreatedEvent(insertedSandbox))\n\n return this.toSandboxDto(insertedSandbox)\n } catch (error) {\n await this.rollbackPendingUsage(\n organization.id,\n region.id,\n pendingCpuIncrement,\n pendingMemoryIncrement,\n pendingDiskIncrement,\n )\n\n if (error.code === '23505') {\n throw new ConflictException(`Sandbox with name ${createSandboxDto.name} already exists`)\n }\n\n throw error\n }\n }\n\n async createBackup(sandboxIdOrName: string, organizationId?: string): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n\n if (sandbox.autoDeleteInterval === 0) {\n throw new SandboxError('Ephemeral sandboxes cannot be backed up')\n }\n\n if (![BackupState.COMPLETED, BackupState.NONE].includes(sandbox.backupState)) {\n throw new SandboxError('Sandbox backup is already in progress')\n }\n\n this.eventEmitter.emit(SandboxEvents.BACKUP_CREATED, new SandboxBackupCreatedEvent(sandbox))\n\n return sandbox\n }\n\n async findAllDeprecated(\n organizationId: string,\n labels?: { [key: string]: string },\n includeErroredDestroyed?: boolean,\n ): Promise {\n const baseFindOptions: FindOptionsWhere = {\n organizationId,\n ...(labels ? { labels: JsonContains(labels) } : {}),\n }\n\n const where: FindOptionsWhere[] = [\n {\n ...baseFindOptions,\n state: Not(In([SandboxState.DESTROYED, SandboxState.ERROR, SandboxState.BUILD_FAILED])),\n },\n {\n ...baseFindOptions,\n state: In([SandboxState.ERROR, SandboxState.BUILD_FAILED]),\n ...(includeErroredDestroyed ? {} : { desiredState: Not(SandboxDesiredState.DESTROYED) }),\n },\n ]\n\n return this.sandboxRepository.find({ where })\n }\n\n async findAll(\n organizationId: string,\n page = 1,\n limit = 10,\n filters?: {\n id?: string\n name?: string\n labels?: { [key: string]: string }\n includeErroredDestroyed?: boolean\n states?: SandboxState[]\n snapshots?: string[]\n regionIds?: string[]\n minCpu?: number\n maxCpu?: number\n minMemoryGiB?: number\n maxMemoryGiB?: number\n minDiskGiB?: number\n maxDiskGiB?: number\n lastEventAfter?: Date\n lastEventBefore?: Date\n },\n sort?: {\n field?: SandboxSortField\n direction?: SandboxSortDirection\n },\n ): Promise> {\n const pageNum = Number(page)\n const limitNum = Number(limit)\n\n const {\n id,\n name,\n labels,\n includeErroredDestroyed,\n states,\n snapshots,\n regionIds,\n minCpu,\n maxCpu,\n minMemoryGiB,\n maxMemoryGiB,\n minDiskGiB,\n maxDiskGiB,\n lastEventAfter,\n lastEventBefore,\n } = filters || {}\n\n const { field: sortField = DEFAULT_SANDBOX_SORT_FIELD, direction: sortDirection = DEFAULT_SANDBOX_SORT_DIRECTION } =\n sort || {}\n\n const baseFindOptions: FindOptionsWhere = {\n organizationId,\n ...(id ? { id: ILike(`${id}%`) } : {}),\n ...(name ? { name: ILike(`${name}%`) } : {}),\n ...(labels ? { labels: JsonContains(labels) } : {}),\n ...(snapshots ? { snapshot: In(snapshots) } : {}),\n ...(regionIds ? { region: In(regionIds) } : {}),\n }\n\n baseFindOptions.cpu = createRangeFilter(minCpu, maxCpu)\n baseFindOptions.mem = createRangeFilter(minMemoryGiB, maxMemoryGiB)\n baseFindOptions.disk = createRangeFilter(minDiskGiB, maxDiskGiB)\n baseFindOptions.lastActivityAt = createRangeFilter(lastEventAfter, lastEventBefore)\n\n const statesToInclude = (states || Object.values(SandboxState)).filter((state) => state !== SandboxState.DESTROYED)\n const errorStates = [SandboxState.ERROR, SandboxState.BUILD_FAILED]\n\n const nonErrorStatesToInclude = statesToInclude.filter((state) => !errorStates.includes(state))\n const errorStatesToInclude = statesToInclude.filter((state) => errorStates.includes(state))\n\n const where: FindOptionsWhere[] = []\n\n if (nonErrorStatesToInclude.length > 0) {\n where.push({\n ...baseFindOptions,\n state: In(nonErrorStatesToInclude),\n })\n }\n\n if (errorStatesToInclude.length > 0) {\n where.push({\n ...baseFindOptions,\n state: In(errorStatesToInclude),\n ...(includeErroredDestroyed ? {} : { desiredState: Not(SandboxDesiredState.DESTROYED) }),\n })\n }\n\n const [items, total] = await this.sandboxRepository.findAndCount({\n where,\n order: {\n [sortField]: {\n direction: sortDirection,\n nulls: 'LAST',\n },\n ...(sortField !== SandboxSortField.CREATED_AT && { createdAt: 'DESC' }),\n },\n skip: (pageNum - 1) * limitNum,\n take: limitNum,\n })\n\n return {\n items,\n total,\n page: pageNum,\n totalPages: Math.ceil(total / limitNum),\n }\n }\n\n private getExpectedDesiredStateForState(state: SandboxState): SandboxDesiredState | undefined {\n switch (state) {\n case SandboxState.STARTED:\n return SandboxDesiredState.STARTED\n case SandboxState.STOPPED:\n return SandboxDesiredState.STOPPED\n case SandboxState.ARCHIVED:\n return SandboxDesiredState.ARCHIVED\n case SandboxState.DESTROYED:\n return SandboxDesiredState.DESTROYED\n default:\n return undefined\n }\n }\n\n private hasValidDesiredState(state: SandboxState): boolean {\n return this.getExpectedDesiredStateForState(state) !== undefined\n }\n\n async findByRunnerId(\n runnerId: string,\n states?: SandboxState[],\n skipReconcilingSandboxes?: boolean,\n ): Promise {\n const where: FindOptionsWhere = { runnerId }\n if (states && states.length > 0) {\n // Validate that all states have corresponding desired states\n states.forEach((state) => {\n if (!this.hasValidDesiredState(state)) {\n throw new BadRequestError(`State ${state} does not have a corresponding desired state`)\n }\n })\n where.state = In(states)\n }\n\n let sandboxes = await this.sandboxRepository.find({ where })\n\n if (skipReconcilingSandboxes) {\n sandboxes = sandboxes.filter((sandbox) => {\n const expectedDesiredState = this.getExpectedDesiredStateForState(sandbox.state)\n return expectedDesiredState !== undefined && expectedDesiredState === sandbox.desiredState\n })\n }\n\n return sandboxes\n }\n\n async findOneByIdOrName(\n sandboxIdOrName: string,\n organizationId: string,\n returnDestroyed?: boolean,\n ): Promise {\n const stateFilter = returnDestroyed ? {} : { state: Not(SandboxState.DESTROYED) }\n const relations: ['buildInfo'] = ['buildInfo']\n\n // Try lookup by ID first\n let sandbox = await this.sandboxRepository.findOne({\n where: {\n id: sandboxIdOrName,\n organizationId,\n ...stateFilter,\n },\n relations,\n cache: {\n id: sandboxLookupCacheKeyById({ organizationId, returnDestroyed, sandboxId: sandboxIdOrName }),\n milliseconds: SANDBOX_LOOKUP_CACHE_TTL_MS,\n },\n })\n\n // Fallback to lookup by name\n if (!sandbox) {\n sandbox = await this.sandboxRepository.findOne({\n where: {\n name: sandboxIdOrName,\n organizationId,\n ...stateFilter,\n },\n relations,\n cache: {\n id: sandboxLookupCacheKeyByName({ organizationId, returnDestroyed, sandboxName: sandboxIdOrName }),\n milliseconds: SANDBOX_LOOKUP_CACHE_TTL_MS,\n },\n })\n }\n\n if (\n !sandbox ||\n (!returnDestroyed &&\n [SandboxState.ERROR, SandboxState.BUILD_FAILED].includes(sandbox.state) &&\n sandbox.desiredState === SandboxDesiredState.DESTROYED)\n ) {\n throw new NotFoundException(`Sandbox with ID or name ${sandboxIdOrName} not found`)\n }\n\n return sandbox\n }\n\n async findOne(sandboxId: string, returnDestroyed?: boolean): Promise {\n const sandbox = await this.sandboxRepository.findOne({\n where: {\n id: sandboxId,\n ...(returnDestroyed ? {} : { state: Not(SandboxState.DESTROYED) }),\n },\n })\n\n if (\n !sandbox ||\n (!returnDestroyed &&\n [SandboxState.ERROR, SandboxState.BUILD_FAILED].includes(sandbox.state) &&\n sandbox.desiredState === SandboxDesiredState.DESTROYED)\n ) {\n throw new NotFoundException(`Sandbox with ID ${sandboxId} not found`)\n }\n\n return sandbox\n }\n\n async getOrganizationId(sandboxIdOrName: string, organizationId?: string): Promise {\n let sandbox = await this.sandboxRepository.findOne({\n where: {\n id: sandboxIdOrName,\n ...(organizationId ? { organizationId: organizationId } : {}),\n },\n select: ['organizationId'],\n cache: {\n id: sandboxOrgIdCacheKeyById({ organizationId, sandboxId: sandboxIdOrName }),\n milliseconds: SANDBOX_ORG_ID_CACHE_TTL_MS,\n },\n })\n\n if (!sandbox && organizationId) {\n sandbox = await this.sandboxRepository.findOne({\n where: {\n name: sandboxIdOrName,\n organizationId: organizationId,\n },\n select: ['organizationId'],\n cache: {\n id: sandboxOrgIdCacheKeyByName({ organizationId, sandboxName: sandboxIdOrName }),\n milliseconds: SANDBOX_ORG_ID_CACHE_TTL_MS,\n },\n })\n }\n\n if (!sandbox || !sandbox.organizationId) {\n throw new NotFoundException(`Sandbox with ID or name ${sandboxIdOrName} not found`)\n }\n\n return sandbox.organizationId\n }\n\n async getRunnerId(sandboxId: string): Promise {\n const sandbox = await this.sandboxRepository.findOne({\n where: {\n id: sandboxId,\n },\n select: ['runnerId'],\n loadEagerRelations: false,\n })\n\n if (!sandbox) {\n throw new NotFoundException(`Sandbox with ID ${sandboxId} not found`)\n }\n\n return sandbox.runnerId || null\n }\n\n async getRegionId(sandboxId: string): Promise {\n const sandbox = await this.sandboxRepository.findOne({\n where: {\n id: sandboxId,\n },\n select: ['region'],\n loadEagerRelations: false,\n })\n\n if (!sandbox) {\n throw new NotFoundException(`Sandbox with ID ${sandboxId} not found`)\n }\n\n return sandbox.region\n }\n\n async getPortPreviewUrl(sandboxIdOrName: string, organizationId: string, port: number): Promise {\n if (port < 1 || port > 65535) {\n throw new BadRequestError('Invalid port')\n }\n\n const proxyDomain = this.configService.getOrThrow('proxy.domain')\n const proxyProtocol = this.configService.getOrThrow('proxy.protocol')\n\n const where: FindOptionsWhere = {\n organizationId: organizationId,\n state: Not(SandboxState.DESTROYED),\n }\n\n const sandbox = await this.sandboxRepository.findOne({\n where: [\n {\n id: sandboxIdOrName,\n ...where,\n },\n {\n name: sandboxIdOrName,\n ...where,\n },\n ],\n cache: {\n id: `sandbox:${sandboxIdOrName}:organization:${organizationId}`,\n milliseconds: 1000,\n },\n })\n\n if (!sandbox) {\n throw new NotFoundException(`Sandbox with ID or name ${sandboxIdOrName} not found`)\n }\n\n let url = `${proxyProtocol}://${port}-${sandbox.id}.${proxyDomain}`\n\n const region = await this.regionService.findOne(sandbox.region, true)\n if (region && region.proxyUrl) {\n // Insert port and sandbox.id into the custom proxy URL\n url = region.proxyUrl.replace(/(https?:\\/)(\\/)/, `$1/${port}-${sandbox.id}.`)\n }\n\n return {\n sandboxId: sandbox.id,\n url,\n token: sandbox.authToken,\n }\n }\n\n async getSignedPortPreviewUrl(\n sandboxIdOrName: string,\n organizationId: string,\n port: number,\n expiresInSeconds = 60,\n ): Promise {\n if (port < 1 || port > 65535) {\n throw new BadRequestError('Invalid port')\n }\n\n if (expiresInSeconds < 1 || expiresInSeconds > 60 * 60 * 24) {\n throw new BadRequestError('expiresInSeconds must be between 1 second and 24 hours')\n }\n\n const proxyDomain = this.configService.getOrThrow('proxy.domain')\n const proxyProtocol = this.configService.getOrThrow('proxy.protocol')\n\n const where: FindOptionsWhere = {\n organizationId: organizationId,\n state: Not(SandboxState.DESTROYED),\n }\n\n const sandbox = await this.sandboxRepository.findOne({\n where: [\n {\n id: sandboxIdOrName,\n ...where,\n },\n {\n name: sandboxIdOrName,\n ...where,\n },\n ],\n cache: {\n id: `sandbox:${sandboxIdOrName}:organization:${organizationId}`,\n milliseconds: 1000,\n },\n })\n\n if (!sandbox) {\n throw new NotFoundException(`Sandbox with ID or name ${sandboxIdOrName} not found`)\n }\n\n const token = customNanoid(urlAlphabet.replace('_', '').replace('-', ''))(16).toLocaleLowerCase()\n\n const lockKey = `sandbox:signed-preview-url-token:${port}:${token}`\n await this.redis.setex(lockKey, expiresInSeconds, sandbox.id)\n\n let url = `${proxyProtocol}://${port}-${token}.${proxyDomain}`\n\n const region = await this.regionService.findOne(sandbox.region, true)\n if (region && region.proxyUrl) {\n // Insert port and sandbox.id into the custom proxy URL\n url = region.proxyUrl.replace(/(https?:\\/)(\\/)/, `$1/${port}-${token}.`)\n }\n\n return {\n sandboxId: sandbox.id,\n port,\n token,\n url,\n }\n }\n\n async getSandboxIdFromSignedPreviewUrlToken(token: string, port: number): Promise {\n const lockKey = `sandbox:signed-preview-url-token:${port}:${token}`\n const sandboxId = await this.redis.get(lockKey)\n if (!sandboxId) {\n throw new ForbiddenException('Invalid or expired token')\n }\n return sandboxId\n }\n\n async expireSignedPreviewUrlToken(\n sandboxIdOrName: string,\n organizationId: string,\n token: string,\n port: number,\n ): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n if (!sandbox) {\n throw new NotFoundException(`Sandbox with ID or name ${sandboxIdOrName} not found`)\n }\n\n const lockKey = `sandbox:signed-preview-url-token:${port}:${token}`\n await this.redis.del(lockKey)\n }\n\n async destroy(sandboxIdOrName: string, organizationId?: string): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n\n if (sandbox.pending && sandbox.state !== SandboxState.PENDING_BUILD) {\n throw new SandboxError('Sandbox state change in progress')\n }\n\n const updateData = Sandbox.getSoftDeleteUpdate(sandbox)\n\n const updatedSandbox = await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { pending: sandbox.pending, state: sandbox.state },\n })\n\n this.eventEmitter.emit(SandboxEvents.DESTROYED, new SandboxDestroyedEvent(updatedSandbox))\n return updatedSandbox\n }\n\n async start(sandboxIdOrName: string, organization: Organization): Promise {\n let pendingCpuIncrement: number | undefined\n let pendingMemoryIncrement: number | undefined\n let pendingDiskIncrement: number | undefined\n\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organization.id)\n\n const region = await this.regionService.findOne(sandbox.region)\n if (!region) {\n throw new NotFoundException(`Region with ID ${sandbox.region} not found`)\n }\n\n try {\n if (sandbox.state === SandboxState.STARTED && sandbox.desiredState === SandboxDesiredState.STARTED) {\n return sandbox\n }\n\n this.assertSandboxNotErrored(sandbox)\n\n if (String(sandbox.state) !== String(sandbox.desiredState)) {\n // Allow start of stopped | archived and archiving | archived sandboxes\n if (\n sandbox.desiredState !== SandboxDesiredState.ARCHIVED ||\n (sandbox.state !== SandboxState.STOPPED && sandbox.state !== SandboxState.ARCHIVING)\n ) {\n throw new SandboxError('State change in progress')\n }\n }\n\n if (![SandboxState.STOPPED, SandboxState.ARCHIVED, SandboxState.ARCHIVING].includes(sandbox.state)) {\n throw new SandboxError('Sandbox is not in valid state')\n }\n\n if (sandbox.pending) {\n throw new SandboxError('Sandbox state change in progress')\n }\n\n this.organizationService.assertOrganizationIsNotSuspended(organization)\n\n const { pendingCpuIncremented, pendingMemoryIncremented, pendingDiskIncremented } =\n await this.validateOrganizationQuotas(organization, region, sandbox.cpu, sandbox.mem, sandbox.disk, sandbox.id)\n\n if (pendingCpuIncremented) {\n pendingCpuIncrement = sandbox.cpu\n }\n if (pendingMemoryIncremented) {\n pendingMemoryIncrement = sandbox.mem\n }\n if (pendingDiskIncremented) {\n pendingDiskIncrement = sandbox.disk\n }\n\n const updateData: Partial = {\n pending: true,\n desiredState: SandboxDesiredState.STARTED,\n authToken: nanoid(32).toLocaleLowerCase(),\n }\n\n const updatedSandbox = await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { pending: false, state: sandbox.state },\n })\n\n this.eventEmitter.emit(SandboxEvents.STARTED, new SandboxStartedEvent(updatedSandbox))\n\n return updatedSandbox\n } catch (error) {\n await this.rollbackPendingUsage(\n organization.id,\n sandbox.region,\n pendingCpuIncrement,\n pendingMemoryIncrement,\n pendingDiskIncrement,\n )\n throw error\n }\n }\n\n async stop(sandboxIdOrName: string, organizationId?: string): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n\n this.assertSandboxNotErrored(sandbox)\n\n if (String(sandbox.state) !== String(sandbox.desiredState)) {\n throw new SandboxError('State change in progress')\n }\n\n if (sandbox.state !== SandboxState.STARTED) {\n throw new SandboxError('Sandbox is not started')\n }\n\n if (sandbox.pending) {\n throw new SandboxError('Sandbox state change in progress')\n }\n\n const updateData: Partial = {\n pending: true,\n desiredState: sandbox.autoDeleteInterval === 0 ? SandboxDesiredState.DESTROYED : SandboxDesiredState.STOPPED,\n }\n\n const updatedSandbox = await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { pending: false, state: sandbox.state },\n })\n\n if (sandbox.autoDeleteInterval === 0) {\n this.eventEmitter.emit(SandboxEvents.DESTROYED, new SandboxDestroyedEvent(updatedSandbox))\n } else {\n this.eventEmitter.emit(SandboxEvents.STOPPED, new SandboxStoppedEvent(updatedSandbox))\n }\n\n return updatedSandbox\n }\n\n async recover(sandboxIdOrName: string, organization: Organization): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organization.id)\n\n if (sandbox.state !== SandboxState.ERROR) {\n throw new BadRequestError('Sandbox must be in error state to recover')\n }\n\n if (sandbox.pending) {\n throw new SandboxError('Sandbox state change in progress')\n }\n\n // Validate runner exists\n if (!sandbox.runnerId) {\n throw new NotFoundException(`Sandbox with ID ${sandbox.id} does not have a runner`)\n }\n const runner = await this.runnerService.findOneOrFail(sandbox.runnerId)\n\n if (runner.apiVersion === '2') {\n // TODO: we need \"recovering\" state that can be set after calling recover\n // Once in recovering, we abort further processing and let the manager/job handler take care of it\n // (Also, since desiredState would be STARTED, we need to check the quota)\n throw new ForbiddenException('Recovering sandboxes with runner API version 2 is not supported')\n }\n\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n try {\n await runnerAdapter.recoverSandbox(sandbox)\n } catch (error) {\n if (error instanceof Error && error.message.includes('storage cannot be further expanded')) {\n const errorMsg = `Sandbox storage cannot be further expanded. Maximum expansion of ${(sandbox.disk * 0.1).toFixed(2)}GB (10% of original ${sandbox.disk.toFixed(2)}GB) has been reached. Please contact support for further assistance.`\n throw new ForbiddenException(errorMsg)\n }\n throw error\n }\n\n const updateData: Partial = {\n state: SandboxState.STOPPED,\n desiredState: SandboxDesiredState.STOPPED,\n errorReason: null,\n recoverable: false,\n }\n\n await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { state: SandboxState.ERROR },\n })\n\n // Now that sandbox is in STOPPED state, use the normal start flow\n // This handles quota validation, pending usage, event emission, etc.\n return await this.start(sandbox.id, organization)\n }\n\n async resize(sandboxIdOrName: string, resizeDto: ResizeSandboxDto, organization: Organization): Promise {\n let pendingCpuIncrement: number | undefined\n let pendingMemoryIncrement: number | undefined\n let pendingDiskIncrement: number | undefined\n\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organization.id)\n\n const region = await this.regionService.findOne(sandbox.region)\n if (!region) {\n throw new NotFoundException(`Region with ID ${sandbox.region} not found`)\n }\n\n try {\n // Validate sandbox is in a valid state for resize\n if (sandbox.state !== SandboxState.STARTED && sandbox.state !== SandboxState.STOPPED) {\n throw new BadRequestError('Sandbox must be in started or stopped state to resize')\n }\n\n if (sandbox.pending) {\n throw new SandboxError('Sandbox state change in progress')\n }\n\n // If no resize parameters provided, throw error\n if (resizeDto.cpu === undefined && resizeDto.memory === undefined && resizeDto.disk === undefined) {\n throw new BadRequestError('No resource changes specified - sandbox is already at the desired configuration')\n }\n\n // Disk resize requires stopped sandbox (cold resize only)\n if (resizeDto.disk !== undefined && sandbox.state !== SandboxState.STOPPED) {\n throw new BadRequestError('Disk resize can only be performed on a stopped sandbox')\n }\n\n // Hot resize (sandbox is running): only CPU and memory can be increased\n const isHotResize = sandbox.state === SandboxState.STARTED\n\n // Validate hot resize constraints\n if (isHotResize) {\n if (resizeDto.cpu !== undefined && resizeDto.cpu < sandbox.cpu) {\n throw new BadRequestError('Sandbox must be in stopped state to decrease the number of CPU cores')\n }\n\n if (resizeDto.memory !== undefined && resizeDto.memory < sandbox.mem) {\n throw new BadRequestError('Sandbox must be in stopped state to decrease memory')\n }\n }\n\n // Disk can only be increased (never decreased)\n if (resizeDto.disk !== undefined && resizeDto.disk < sandbox.disk) {\n throw new BadRequestError('Sandbox disk size cannot be decreased')\n }\n\n // Calculate new resource values\n const newCpu = resizeDto.cpu ?? sandbox.cpu\n const newMem = resizeDto.memory ?? sandbox.mem\n const newDisk = resizeDto.disk ?? sandbox.disk\n\n // Throw if nothing actually changes\n if (newCpu === sandbox.cpu && newMem === sandbox.mem && newDisk === sandbox.disk) {\n throw new BadRequestError('No resource changes specified - sandbox is already at the desired configuration')\n }\n\n // Validate organization quotas for the new resource values\n this.organizationService.assertOrganizationIsNotSuspended(organization)\n\n // Validate per-sandbox quotas with total new values\n if (newCpu > organization.maxCpuPerSandbox) {\n throw new ForbiddenException(\n `CPU request ${newCpu} exceeds maximum allowed per sandbox (${organization.maxCpuPerSandbox}).\\n${PER_SANDBOX_LIMIT_MESSAGE}`,\n )\n }\n if (newMem > organization.maxMemoryPerSandbox) {\n throw new ForbiddenException(\n `Memory request ${newMem}GB exceeds maximum allowed per sandbox (${organization.maxMemoryPerSandbox}GB).\\n${PER_SANDBOX_LIMIT_MESSAGE}`,\n )\n }\n if (newDisk > organization.maxDiskPerSandbox) {\n throw new ForbiddenException(\n `Disk request ${newDisk}GB exceeds maximum allowed per sandbox (${organization.maxDiskPerSandbox}GB).\\n${PER_SANDBOX_LIMIT_MESSAGE}`,\n )\n }\n\n // For cold resize, cpu/memory don't affect quota until sandbox is STARTED.\n // For hot resize, track all deltas (positive reserves quota, negative frees quota for others).\n const cpuDeltaForQuota = isHotResize ? newCpu - sandbox.cpu : 0\n const memDeltaForQuota = isHotResize ? newMem - sandbox.mem : 0\n const diskDeltaForQuota = newDisk - sandbox.disk // Disk only increases (validated at start of method)\n\n // Validate and track pending for any non-zero quota changes\n if (cpuDeltaForQuota !== 0 || memDeltaForQuota !== 0 || diskDeltaForQuota !== 0) {\n const { pendingCpuIncremented, pendingMemoryIncremented, pendingDiskIncremented } =\n await this.validateOrganizationQuotas(\n organization,\n region,\n cpuDeltaForQuota,\n memDeltaForQuota,\n diskDeltaForQuota,\n )\n\n if (pendingCpuIncremented) {\n pendingCpuIncrement = cpuDeltaForQuota\n }\n if (pendingMemoryIncremented) {\n pendingMemoryIncrement = memDeltaForQuota\n }\n if (pendingDiskIncremented) {\n pendingDiskIncrement = diskDeltaForQuota\n }\n }\n\n // Get runner and validate before changing state\n if (!sandbox.runnerId) {\n throw new BadRequestError('Sandbox has no runner assigned')\n }\n\n const runner = await this.runnerService.findOneOrFail(sandbox.runnerId)\n\n // Capture the previous state before transitioning to RESIZING (STARTED or STOPPED)\n const previousState =\n sandbox.state === SandboxState.STARTED\n ? SandboxState.STARTED\n : sandbox.state === SandboxState.STOPPED\n ? SandboxState.STOPPED\n : null\n\n if (!previousState) {\n throw new BadRequestError('Sandbox must be in started or stopped state to resize')\n }\n\n // Now transition to RESIZING state\n const updateData: Partial = {\n state: SandboxState.RESIZING,\n }\n\n await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { pending: false, state: previousState },\n })\n\n try {\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n\n await runnerAdapter.resizeSandbox(sandbox.id, resizeDto.cpu, resizeDto.memory, resizeDto.disk)\n\n // For V0 runners, update resources immediately (subscriber emits STATE_UPDATED)\n // For V2 runners, job handler will update resources on completion\n if (runner.apiVersion === '0') {\n const updateData: Partial = {\n cpu: newCpu,\n mem: newMem,\n disk: newDisk,\n state: previousState,\n }\n\n await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { state: SandboxState.RESIZING },\n })\n\n // Apply the usage change (increments current, decrements pending)\n // Only apply deltas for quotas that were validated/pending-incremented\n await this.organizationUsageService.applyResizeUsageChange(\n organization.id,\n sandbox.region,\n cpuDeltaForQuota,\n memDeltaForQuota,\n diskDeltaForQuota,\n )\n }\n\n return await this.findOneByIdOrName(sandbox.id, organization.id)\n } catch (error) {\n // Return to previous state on error\n const updateData: Partial = {\n state: previousState,\n }\n\n await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { state: SandboxState.RESIZING },\n })\n\n throw error\n }\n } catch (error) {\n await this.rollbackPendingUsage(\n organization.id,\n sandbox.region,\n pendingCpuIncrement,\n pendingMemoryIncrement,\n pendingDiskIncrement,\n )\n throw error\n }\n }\n\n async updatePublicStatus(sandboxIdOrName: string, isPublic: boolean, organizationId?: string): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n\n const updateData: Partial = {\n public: isPublic,\n }\n\n return await this.sandboxRepository.update(sandbox.id, {\n updateData,\n entity: sandbox,\n })\n }\n\n async updateLastActivityAt(sandboxId: string, lastActivityAt: Date): Promise {\n // Prevent spamming updates\n const lockKey = `sandbox:update-last-activity:${sandboxId}`\n const acquired = await this.redisLockProvider.lock(lockKey, 45)\n if (!acquired) {\n return\n }\n\n await this.sandboxRepository.update(sandboxId, { updateData: { lastActivityAt } }, true)\n }\n\n async getToolboxProxyUrl(sandboxId: string): Promise {\n const sandbox = await this.findOne(sandboxId)\n return this.resolveToolboxProxyUrl(sandbox.region)\n }\n\n async toSandboxDto(sandbox: Sandbox): Promise {\n const toolboxProxyUrl = await this.resolveToolboxProxyUrl(sandbox.region)\n return SandboxDto.fromSandbox(sandbox, toolboxProxyUrl)\n }\n\n async toSandboxDtos(sandboxes: Sandbox[]): Promise {\n const urlMap = await this.resolveToolboxProxyUrls(sandboxes.map((s) => s.region))\n return sandboxes.map((s) => {\n const url = urlMap.get(s.region)\n if (!url) {\n throw new NotFoundException(`Toolbox proxy URL not resolved for region ${s.region}`)\n }\n return SandboxDto.fromSandbox(s, url)\n })\n }\n\n async resolveToolboxProxyUrl(regionId: string): Promise {\n const cacheKey = toolboxProxyUrlCacheKey(regionId)\n const cached = await this.redis.get(cacheKey)\n if (cached) {\n return cached\n }\n\n const region = await this.regionService.findOne(regionId)\n const url = region?.toolboxProxyUrl\n ? region.toolboxProxyUrl.replace(/\\/+$/, '') + '/toolbox'\n : this.configService.getOrThrow('proxy.toolboxUrl')\n\n this.redis.setex(cacheKey, TOOLBOX_PROXY_URL_CACHE_TTL_S, url).catch((err) => {\n this.logger.warn(`Failed to cache toolbox proxy URL for region ${regionId}: ${err.message}`)\n })\n return url\n }\n\n async resolveToolboxProxyUrls(regionIds: string[]): Promise> {\n const unique = [...new Set(regionIds)]\n const result = new Map()\n\n const pipeline = this.redis.pipeline()\n for (const id of unique) {\n pipeline.get(toolboxProxyUrlCacheKey(id))\n }\n const cached = await pipeline.exec()\n\n const uncached: string[] = []\n for (let i = 0; i < unique.length; i++) {\n const err = cached?.[i]?.[0]\n if (err) {\n this.logger.warn(`Failed to get cached toolbox proxy URL for region ${unique[i]}: ${err.message}`)\n }\n const val = cached?.[i]?.[1] as string | null\n if (val) {\n result.set(unique[i], val)\n } else {\n uncached.push(unique[i])\n }\n }\n\n if (uncached.length > 0) {\n const regions = await this.regionService.findByIds(uncached)\n const regionMap = new Map(regions.map((r) => [r.id, r]))\n const fallback = this.configService.getOrThrow('proxy.toolboxUrl')\n const setPipeline = this.redis.pipeline()\n for (const id of uncached) {\n const region = regionMap.get(id)\n const url = region?.toolboxProxyUrl ? region.toolboxProxyUrl.replace(/\\/+$/, '') + '/toolbox' : fallback\n result.set(id, url)\n setPipeline.setex(toolboxProxyUrlCacheKey(id), TOOLBOX_PROXY_URL_CACHE_TTL_S, url)\n }\n const setResults = await setPipeline.exec()\n setResults?.forEach(([err], i) => {\n if (err) {\n this.logger.warn(`Failed to cache toolbox proxy URL for region ${uncached[i]}: ${err.message}`)\n }\n })\n }\n\n return result\n }\n\n async getBuildLogsUrl(sandboxIdOrName: string, organizationId: string): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n\n if (!sandbox.buildInfo?.snapshotRef) {\n throw new NotFoundException(`Sandbox ${sandboxIdOrName} has no build info`)\n }\n\n const region = await this.regionService.findOne(sandbox.region, true)\n\n if (!region) {\n throw new NotFoundException(`Region for runner for sandbox ${sandboxIdOrName} not found`)\n }\n\n if (!region.proxyUrl) {\n return `${this.configService.getOrThrow('proxy.protocol')}://${this.configService.getOrThrow('proxy.domain')}/sandboxes/${sandbox.id}/build-logs`\n }\n\n return region.proxyUrl + '/sandboxes/' + sandbox.id + '/build-logs'\n }\n\n private async getValidatedOrDefaultRegion(organization: Organization, regionIdOrName?: string): Promise {\n if (!organization.defaultRegionId) {\n throw new DefaultRegionRequiredException()\n }\n\n regionIdOrName = regionIdOrName?.trim()\n\n if (!regionIdOrName) {\n const region = await this.regionService.findOne(organization.defaultRegionId)\n if (!region) {\n throw new NotFoundException('Default region not found')\n }\n return region\n }\n\n const region =\n (await this.regionService.findOneByName(regionIdOrName, organization.id)) ??\n (await this.regionService.findOneByName(regionIdOrName, null)) ??\n (await this.regionService.findOne(regionIdOrName))\n\n if (!region) {\n throw new NotFoundException('Region not found')\n }\n\n return region\n }\n\n private getValidatedOrDefaultClass(sandboxClass: SandboxClass): SandboxClass {\n if (!sandboxClass) {\n return SandboxClass.SMALL\n }\n\n if (Object.values(SandboxClass).includes(sandboxClass)) {\n return sandboxClass\n } else {\n throw new BadRequestError('Invalid class')\n }\n }\n\n async replaceLabels(\n sandboxIdOrName: string,\n labels: { [key: string]: string },\n organizationId?: string,\n ): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n\n // Replace all labels\n const updateData: Partial = {\n labels,\n }\n\n return await this.sandboxRepository.update(sandbox.id, { updateData, entity: sandbox })\n }\n\n @Cron(CronExpression.EVERY_SECOND, { name: 'cleanup-destroyed-sandboxes' })\n @LogExecution('cleanup-destroyed-sandboxes')\n @WithInstrumentation()\n async cleanupDestroyedSandboxes() {\n const twentyFourHoursAgo = new Date()\n twentyFourHoursAgo.setHours(twentyFourHoursAgo.getHours() - 24)\n\n const destroyedSandboxs = await this.sandboxRepository.delete({\n state: SandboxState.DESTROYED,\n updatedAt: LessThan(twentyFourHoursAgo),\n })\n\n if (destroyedSandboxs.affected > 0) {\n this.logger.debug(`Cleaned up ${destroyedSandboxs.affected} destroyed sandboxes`)\n }\n }\n\n @Cron(CronExpression.EVERY_10_MINUTES, { name: 'cleanup-build-failed-sandboxes' })\n @LogExecution('cleanup-build-failed-sandboxes')\n @WithInstrumentation()\n async cleanupBuildFailedSandboxes() {\n const twentyFourHoursAgo = new Date()\n twentyFourHoursAgo.setHours(twentyFourHoursAgo.getHours() - 24)\n\n const destroyedSandboxs = await this.sandboxRepository.delete({\n state: SandboxState.BUILD_FAILED,\n desiredState: SandboxDesiredState.DESTROYED,\n updatedAt: LessThan(twentyFourHoursAgo),\n })\n\n if (destroyedSandboxs.affected > 0) {\n this.logger.debug(`Cleaned up ${destroyedSandboxs.affected} build failed sandboxes`)\n }\n }\n\n @Cron(CronExpression.EVERY_SECOND, { name: 'cleanup-stale-build-failed-sandboxes' })\n @LogExecution('cleanup-stale-build-failed-sandboxes')\n @WithInstrumentation()\n async cleanupStaleBuildFailedSandboxes() {\n const sevenDaysAgo = new Date()\n sevenDaysAgo.setDate(sevenDaysAgo.getDate() - 7)\n\n const result = await this.sandboxRepository.delete({\n state: SandboxState.BUILD_FAILED,\n desiredState: SandboxDesiredState.STARTED,\n updatedAt: LessThan(sevenDaysAgo),\n })\n\n if (result.affected > 0) {\n this.logger.debug(`Cleaned up ${result.affected} stale build failed sandboxes`)\n }\n }\n\n @Cron(CronExpression.EVERY_SECOND, { name: 'cleanup-stale-error-sandboxes' })\n @LogExecution('cleanup-stale-error-sandboxes')\n @WithInstrumentation()\n async cleanupStaleErrorSandboxes() {\n const sevenDaysAgo = new Date()\n sevenDaysAgo.setDate(sevenDaysAgo.getDate() - 7)\n\n const result = await this.sandboxRepository.delete({\n state: SandboxState.ERROR,\n desiredState: SandboxDesiredState.DESTROYED,\n updatedAt: LessThan(sevenDaysAgo),\n })\n\n if (result.affected > 0) {\n this.logger.debug(`Cleaned up ${result.affected} stale error sandboxes`)\n }\n }\n\n async setAutostopInterval(sandboxIdOrName: string, interval: number, organizationId?: string): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n\n const updateData: Partial = {\n autoStopInterval: this.resolveAutoStopInterval(interval),\n }\n\n return await this.sandboxRepository.update(sandbox.id, { updateData, entity: sandbox })\n }\n\n async setAutoArchiveInterval(sandboxIdOrName: string, interval: number, organizationId?: string): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n\n const updateData: Partial = {\n autoArchiveInterval: this.resolveAutoArchiveInterval(interval),\n }\n\n return await this.sandboxRepository.update(sandbox.id, { updateData, entity: sandbox })\n }\n\n async setAutoDeleteInterval(sandboxIdOrName: string, interval: number, organizationId?: string): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n\n const updateData: Partial = {\n autoDeleteInterval: interval,\n }\n\n return await this.sandboxRepository.update(sandbox.id, { updateData, entity: sandbox })\n }\n\n async updateNetworkSettings(\n sandboxIdOrName: string,\n networkBlockAll?: boolean,\n networkAllowList?: string,\n organizationId?: string,\n ): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n\n const updateData: Partial = {}\n\n if (networkBlockAll !== undefined) {\n updateData.networkBlockAll = networkBlockAll\n }\n\n if (networkAllowList !== undefined) {\n updateData.networkAllowList = this.resolveNetworkAllowList(networkAllowList)\n }\n\n const updatedSandbox = await this.sandboxRepository.update(sandbox.id, { updateData, entity: sandbox })\n\n // Update network settings on the runner\n if (sandbox.runnerId) {\n const runner = await this.runnerService.findOne(sandbox.runnerId)\n if (runner) {\n const runnerAdapter = await this.runnerAdapterFactory.create(runner)\n await runnerAdapter.updateNetworkSettings(sandbox.id, networkBlockAll, networkAllowList)\n }\n }\n\n return updatedSandbox\n }\n\n // used by internal services to update the state of a sandbox to resolve domain and runner state mismatch\n // notably, when a sandbox instance stops or errors on the runner, the domain state needs to be updated to reflect the actual state\n async updateState(\n sandboxId: string,\n newState: SandboxState,\n recoverable = false,\n errorReason?: string,\n ): Promise {\n const sandbox = await this.sandboxRepository.findOne({\n where: { id: sandboxId },\n })\n\n if (!sandbox) {\n throw new NotFoundException(`Sandbox with ID ${sandboxId} not found`)\n }\n\n if (sandbox.state === newState) {\n this.logger.debug(`Sandbox ${sandboxId} is already in state ${newState}`)\n return\n }\n\n // only allow updating the state of started | stopped sandboxes\n if (![SandboxState.STARTED, SandboxState.STOPPED].includes(sandbox.state)) {\n throw new BadRequestError('Sandbox is not in a valid state to be updated')\n }\n\n if (sandbox.desiredState == SandboxDesiredState.DESTROYED) {\n this.logger.debug(`Sandbox ${sandboxId} is already DESTROYED, skipping state update`)\n return\n }\n\n const oldState = sandbox.state\n const oldDesiredState = sandbox.desiredState\n\n const updateData: Partial = {\n state: newState,\n recoverable: false,\n }\n\n if (errorReason !== undefined) {\n updateData.errorReason = errorReason\n if (newState === SandboxState.ERROR) {\n updateData.recoverable = recoverable\n }\n }\n\n // we need to update the desired state to match the new state\n const desiredState = this.getExpectedDesiredStateForState(newState)\n if (desiredState) {\n updateData.desiredState = desiredState\n }\n\n await this.sandboxRepository.updateWhere(sandbox.id, {\n updateData,\n whereCondition: { pending: false, state: oldState, desiredState: oldDesiredState },\n })\n }\n\n @OnEvent(WarmPoolEvents.TOPUP_REQUESTED)\n private async createWarmPoolSandbox(event: WarmPoolTopUpRequested) {\n await this.createForWarmPool(event.warmPool)\n }\n\n @Cron(CronExpression.EVERY_MINUTE, { name: 'handle-unschedulable-runners' })\n @LogExecution('handle-unschedulable-runners')\n @WithInstrumentation()\n private async handleUnschedulableRunners() {\n const runners = await this.runnerRepository.find({ where: { unschedulable: true } })\n\n if (runners.length === 0) {\n return\n }\n\n // find all sandboxes that are using the unschedulable runners and have organizationId = '00000000-0000-0000-0000-000000000000'\n const sandboxes = await this.sandboxRepository.find({\n where: {\n runnerId: In(runners.map((runner) => runner.id)),\n organizationId: '00000000-0000-0000-0000-000000000000',\n state: SandboxState.STARTED,\n desiredState: Not(SandboxDesiredState.DESTROYED),\n },\n })\n\n if (sandboxes.length === 0) {\n return\n }\n\n const destroyPromises = sandboxes.map((sandbox) => this.destroy(sandbox.id))\n const results = await Promise.allSettled(destroyPromises)\n\n // Log any failed sandbox destructions\n results.forEach((result, index) => {\n if (result.status === 'rejected') {\n this.logger.error(`Failed to destroy sandbox ${sandboxes[index].id}: ${result.reason}`)\n }\n })\n }\n\n async isSandboxPublic(sandboxId: string): Promise {\n const sandbox = await this.sandboxRepository.findOne({\n where: { id: sandboxId },\n })\n\n if (!sandbox) {\n throw new NotFoundException(`Sandbox with ID ${sandboxId} not found`)\n }\n\n return sandbox.public\n }\n\n @OnEvent(OrganizationEvents.SUSPENDED_SANDBOX_STOPPED)\n async handleSuspendedSandboxStopped(event: OrganizationSuspendedSandboxStoppedEvent) {\n await this.stop(event.sandboxId).catch((error) => {\n // log the error for now, but don't throw it as it will be retried\n this.logger.error(`Error stopping sandbox from suspended organization. SandboxId: ${event.sandboxId}: `, error)\n })\n }\n\n private resolveAutoStopInterval(autoStopInterval: number): number {\n if (autoStopInterval < 0) {\n throw new BadRequestError('Auto-stop interval must be non-negative')\n }\n\n return autoStopInterval\n }\n\n private resolveAutoArchiveInterval(autoArchiveInterval: number): number {\n if (autoArchiveInterval < 0) {\n throw new BadRequestError('Auto-archive interval must be non-negative')\n }\n\n const maxAutoArchiveInterval = this.configService.getOrThrow('maxAutoArchiveInterval')\n\n if (autoArchiveInterval === 0) {\n return maxAutoArchiveInterval\n }\n\n return Math.min(autoArchiveInterval, maxAutoArchiveInterval)\n }\n\n private resolveNetworkAllowList(networkAllowList: string): string {\n try {\n validateNetworkAllowList(networkAllowList)\n } catch (error) {\n throw new BadRequestError(error instanceof Error ? error.message : 'Invalid network allow list')\n }\n\n return networkAllowList\n }\n\n private resolveVolumes(volumes: SandboxVolume[]): SandboxVolume[] {\n try {\n validateMountPaths(volumes)\n } catch (error) {\n throw new BadRequestError(error instanceof Error ? error.message : 'Invalid volume mount configuration')\n }\n\n try {\n validateSubpaths(volumes)\n } catch (error) {\n throw new BadRequestError(error instanceof Error ? error.message : 'Invalid volume subpath configuration')\n }\n\n return volumes\n }\n\n async createSshAccess(\n sandboxIdOrName: string,\n expiresInMinutes = 60,\n organizationId?: string,\n ): Promise {\n // check if sandbox exists\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n\n // Revoke any existing SSH access for this sandbox\n await this.revokeSshAccess(sandbox.id)\n\n const sshAccess = new SshAccess()\n sshAccess.sandboxId = sandbox.id\n // Generate a safe token that can't doesn't have _ or - to avoid CLI issues\n sshAccess.token = customNanoid(urlAlphabet.replace('_', '').replace('-', ''))(32)\n sshAccess.expiresAt = new Date(Date.now() + expiresInMinutes * 60 * 1000)\n\n await this.sshAccessRepository.save(sshAccess)\n\n const region = await this.regionService.findOne(sandbox.region, true)\n if (region && region.sshGatewayUrl) {\n return SshAccessDto.fromSshAccess(sshAccess, region.sshGatewayUrl)\n }\n\n return SshAccessDto.fromSshAccess(sshAccess, this.configService.getOrThrow('sshGateway.url'))\n }\n\n async revokeSshAccess(sandboxIdOrName: string, token?: string, organizationId?: string): Promise {\n const sandbox = await this.findOneByIdOrName(sandboxIdOrName, organizationId)\n\n if (token) {\n // Revoke specific SSH access by token\n await this.sshAccessRepository.delete({ sandboxId: sandbox.id, token })\n } else {\n // Revoke all SSH access for the sandbox\n await this.sshAccessRepository.delete({ sandboxId: sandbox.id })\n }\n\n return sandbox\n }\n\n async validateSshAccess(token: string): Promise {\n const sshAccess = await this.sshAccessRepository.findOne({\n where: {\n token,\n },\n relations: ['sandbox'],\n })\n\n if (!sshAccess) {\n return { valid: false, sandboxId: null }\n }\n\n // Check if token is expired\n const isExpired = sshAccess.expiresAt < new Date()\n if (isExpired) {\n return { valid: false, sandboxId: null }\n }\n\n // Get runner information if sandbox exists\n if (sshAccess.sandbox && sshAccess.sandbox.runnerId) {\n const runner = await this.runnerService.findOne(sshAccess.sandbox.runnerId)\n\n if (runner) {\n return {\n valid: true,\n sandboxId: sshAccess.sandbox.id,\n }\n }\n }\n\n return { valid: true, sandboxId: sshAccess.sandbox.id }\n }\n\n async updateSandboxBackupState(\n sandboxId: string,\n backupState: BackupState,\n backupSnapshot?: string | null,\n backupRegistryId?: string | null,\n backupErrorReason?: string | null,\n ): Promise {\n const sandboxToUpdate = await this.sandboxRepository.findOneByOrFail({\n id: sandboxId,\n })\n\n const updateData = Sandbox.getBackupStateUpdate(\n sandboxToUpdate,\n backupState,\n backupSnapshot,\n backupRegistryId,\n backupErrorReason,\n )\n\n await this.sandboxRepository.update(sandboxId, { updateData, entity: sandboxToUpdate })\n }\n}\n" }, { "path": "apps/api/src/sandbox/services/snapshot.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Injectable,\n NotFoundException,\n ConflictException,\n ForbiddenException,\n BadRequestException,\n Logger,\n} from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { Repository, Not, In, Raw, ILike, FindOptionsWhere } from 'typeorm'\nimport { v4 as uuidv4, validate as isUUID } from 'uuid'\nimport { Snapshot } from '../entities/snapshot.entity'\nimport { SnapshotState } from '../enums/snapshot-state.enum'\nimport { CreateSnapshotDto } from '../dto/create-snapshot.dto'\nimport { BuildInfo } from '../entities/build-info.entity'\nimport { generateBuildInfoHash as generateBuildSnapshotRef } from '../entities/build-info.entity'\nimport { EventEmitter2, OnEvent } from '@nestjs/event-emitter'\nimport { SandboxEvents } from '../constants/sandbox-events.constants'\nimport { SandboxCreatedEvent } from '../events/sandbox-create.event'\nimport { Organization } from '../../organization/entities/organization.entity'\nimport { OrganizationService } from '../../organization/services/organization.service'\nimport { SnapshotRunner } from '../entities/snapshot-runner.entity'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { OrganizationEvents } from '../../organization/constants/organization-events.constant'\nimport { OrganizationSuspendedSnapshotDeactivatedEvent } from '../../organization/events/organization-suspended-snapshot-deactivated.event'\nimport { SnapshotRunnerState } from '../enums/snapshot-runner-state.enum'\nimport { PaginatedList } from '../../common/interfaces/paginated-list.interface'\nimport { OrganizationUsageService } from '../../organization/services/organization-usage.service'\nimport { RedisLockProvider } from '../common/redis-lock.provider'\nimport { SnapshotSortDirection, SnapshotSortField } from '../dto/list-snapshots-query.dto'\nimport { PER_SANDBOX_LIMIT_MESSAGE } from '../../common/constants/error-messages'\nimport { DockerRegistryService } from '../../docker-registry/services/docker-registry.service'\nimport { DefaultRegionRequiredException } from '../../organization/exceptions/DefaultRegionRequiredException'\nimport { Region } from '../../region/entities/region.entity'\nimport { RunnerState } from '../enums/runner-state.enum'\nimport { OnAsyncEvent } from '../../common/decorators/on-async-event.decorator'\nimport { RunnerEvents } from '../constants/runner-events'\nimport { RunnerDeletedEvent } from '../events/runner-deleted.event'\nimport { SnapshotRegion } from '../entities/snapshot-region.entity'\nimport { RegionType } from '../../region/enums/region-type.enum'\nimport { SnapshotEvents } from '../constants/snapshot-events'\nimport { SnapshotCreatedEvent } from '../events/snapshot-created.event'\nimport { RunnerService } from './runner.service'\nimport { RegionService } from '../../region/services/region.service'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { SandboxRepository } from '../repositories/sandbox.repository'\nimport { SnapshotActivatedEvent } from '../events/snapshot-activated.event'\n\nconst IMAGE_NAME_REGEX = /^[a-zA-Z0-9_.\\-:]+(\\/[a-zA-Z0-9_.\\-:]+)*(@sha256:[a-f0-9]{64})?$/\n@Injectable()\nexport class SnapshotService {\n private readonly logger = new Logger(SnapshotService.name)\n\n constructor(\n private readonly sandboxRepository: SandboxRepository,\n @InjectRepository(Snapshot)\n private readonly snapshotRepository: Repository,\n @InjectRepository(BuildInfo)\n private readonly buildInfoRepository: Repository,\n @InjectRepository(SnapshotRunner)\n private readonly snapshotRunnerRepository: Repository,\n @InjectRepository(Region)\n private readonly regionRepository: Repository,\n @InjectRepository(SnapshotRegion)\n private readonly snapshotRegionRepository: Repository,\n private readonly organizationService: OrganizationService,\n private readonly organizationUsageService: OrganizationUsageService,\n private readonly redisLockProvider: RedisLockProvider,\n private readonly runnerService: RunnerService,\n private readonly regionService: RegionService,\n private readonly dockerRegistryService: DockerRegistryService,\n private readonly eventEmitter: EventEmitter2,\n private readonly configService: TypedConfigService,\n ) {}\n\n private validateImageName(name: string): string | null {\n // Check for digest format (@sha256:hash)\n if (name.includes('@sha256:')) {\n const [imageName, digest] = name.split('@sha256:')\n if (!imageName || !digest || !/^[a-f0-9]{64}$/.test(digest)) {\n return 'Invalid digest format. Must be image@sha256:64_hex_characters'\n }\n return null\n }\n\n // Handle tag format (image:tag)\n if (!name.includes(':') || name.endsWith(':') || /:\\s*$/.test(name)) {\n return 'Image name must include a tag (e.g., ubuntu:22.04) or digest (@sha256:...)'\n }\n\n if (name.endsWith(':latest')) {\n return 'Images with tag \":latest\" are not allowed'\n }\n\n if (!IMAGE_NAME_REGEX.test(name)) {\n return 'Invalid image name format. Must be lowercase, may contain digits, dots, dashes, and single slashes between components'\n }\n\n return null\n }\n\n private validateSnapshotName(name: string): string | null {\n if (!IMAGE_NAME_REGEX.test(name)) {\n return 'Invalid snapshot name format. May contain letters, digits, dots, colons, and dashes'\n }\n\n return null\n }\n\n private processEntrypoint(entrypoint?: string[]): string[] | undefined {\n if (!entrypoint || entrypoint.length === 0) {\n return undefined\n }\n\n // Filter out empty strings from the array\n const filteredEntrypoint = entrypoint.filter((cmd) => cmd && cmd.trim().length > 0)\n\n return filteredEntrypoint.length > 0 ? filteredEntrypoint : undefined\n }\n\n private async readySnapshotRunnerExists(ref: string, regionId: string): Promise {\n return await this.snapshotRunnerRepository\n .createQueryBuilder('sr')\n .innerJoin('runner', 'r', 'r.id::text = sr.\"runnerId\"::text')\n .where('sr.\"snapshotRef\" = :ref', { ref })\n .andWhere('sr.state = :snapshotRunnerState', { snapshotRunnerState: SnapshotRunnerState.READY })\n .andWhere('r.region = :regionId', { regionId })\n .andWhere('r.state = :runnerState', { runnerState: RunnerState.READY })\n .andWhere('r.unschedulable = false')\n .getExists()\n }\n\n async createFromPull(organization: Organization, createSnapshotDto: CreateSnapshotDto, general = false) {\n if (!organization.defaultRegionId) {\n throw new DefaultRegionRequiredException()\n }\n\n const regionId = await this.getValidatedOrDefaultRegionId(organization, createSnapshotDto.regionId)\n\n let pendingSnapshotCountIncrement: number | undefined\n\n if (!createSnapshotDto.imageName) {\n throw new BadRequestException('Must specify an image name')\n }\n\n try {\n const entrypoint = createSnapshotDto.entrypoint\n const ref: string | undefined = undefined\n const state: SnapshotState = SnapshotState.PENDING\n\n const nameValidationError = this.validateSnapshotName(createSnapshotDto.name)\n if (nameValidationError) {\n throw new BadRequestException(nameValidationError)\n }\n\n const imageValidationError = this.validateImageName(createSnapshotDto.imageName)\n if (imageValidationError) {\n throw new BadRequestException(imageValidationError)\n }\n\n this.organizationService.assertOrganizationIsNotSuspended(organization)\n\n const newSnapshotCount = 1\n\n const { pendingSnapshotCountIncremented } = await this.validateOrganizationQuotas(\n organization,\n newSnapshotCount,\n createSnapshotDto.cpu,\n createSnapshotDto.memory,\n createSnapshotDto.disk,\n )\n\n if (pendingSnapshotCountIncremented) {\n pendingSnapshotCountIncrement = newSnapshotCount\n }\n\n try {\n const snapshotId = uuidv4()\n\n const snapshot = this.snapshotRepository.create({\n id: snapshotId,\n organizationId: organization.id,\n ...createSnapshotDto,\n entrypoint: this.processEntrypoint(entrypoint),\n mem: createSnapshotDto.memory, // Map memory to mem\n state,\n ref,\n general,\n snapshotRegions: [{ snapshotId, regionId }],\n })\n\n const savedSnapshot = await this.snapshotRepository.save(snapshot)\n\n this.eventEmitter.emit(SnapshotEvents.CREATED, new SnapshotCreatedEvent(savedSnapshot))\n\n return savedSnapshot\n } catch (error) {\n if (error.code === '23505') {\n // PostgreSQL unique violation error code\n throw new ConflictException(\n `Snapshot with name \"${createSnapshotDto.name}\" already exists for this organization`,\n )\n }\n throw error\n }\n } catch (error) {\n await this.rollbackPendingUsage(organization.id, pendingSnapshotCountIncrement)\n throw error\n }\n }\n\n async createFromBuildInfo(organization: Organization, createSnapshotDto: CreateSnapshotDto, general = false) {\n if (!organization.defaultRegionId) {\n throw new DefaultRegionRequiredException()\n }\n\n const regionId = await this.getValidatedOrDefaultRegionId(organization, createSnapshotDto.regionId)\n\n let pendingSnapshotCountIncrement: number | undefined\n let entrypoint: string[] | undefined = undefined\n\n try {\n const nameValidationError = this.validateSnapshotName(createSnapshotDto.name)\n if (nameValidationError) {\n throw new BadRequestException(nameValidationError)\n }\n\n this.organizationService.assertOrganizationIsNotSuspended(organization)\n\n const newSnapshotCount = 1\n\n const { pendingSnapshotCountIncremented } = await this.validateOrganizationQuotas(\n organization,\n newSnapshotCount,\n createSnapshotDto.cpu,\n createSnapshotDto.memory,\n createSnapshotDto.disk,\n )\n\n if (pendingSnapshotCountIncremented) {\n pendingSnapshotCountIncrement = newSnapshotCount\n }\n\n entrypoint = this.getEntrypointFromDockerfile(createSnapshotDto.buildInfo.dockerfileContent)\n\n const snapshotId = uuidv4()\n\n const snapshot = this.snapshotRepository.create({\n id: snapshotId,\n organizationId: organization.id,\n ...createSnapshotDto,\n entrypoint: this.processEntrypoint(entrypoint),\n mem: createSnapshotDto.memory, // Map memory to mem\n state: SnapshotState.PENDING,\n general,\n snapshotRegions: [{ snapshotId, regionId }],\n })\n\n const buildSnapshotRef = generateBuildSnapshotRef(\n createSnapshotDto.buildInfo.dockerfileContent,\n createSnapshotDto.buildInfo.contextHashes,\n )\n\n // Check if buildInfo with the same snapshotRef already exists\n const existingBuildInfo = await this.buildInfoRepository.findOne({\n where: { snapshotRef: buildSnapshotRef },\n })\n\n if (existingBuildInfo) {\n snapshot.buildInfo = existingBuildInfo\n // Update lastUsed once per minute at most\n if (await this.redisLockProvider.lock(`build-info:${existingBuildInfo.snapshotRef}:update`, 60)) {\n existingBuildInfo.lastUsedAt = new Date()\n await this.buildInfoRepository.save(existingBuildInfo)\n }\n } else {\n const buildInfoEntity = this.buildInfoRepository.create({\n ...createSnapshotDto.buildInfo,\n })\n await this.buildInfoRepository.save(buildInfoEntity)\n snapshot.buildInfo = buildInfoEntity\n }\n\n const internalRegistry = await this.dockerRegistryService.getAvailableInternalRegistry(regionId)\n if (!internalRegistry) {\n throw new Error('No internal registry found for snapshot')\n }\n snapshot.ref = `${internalRegistry.url.replace(/^(https?:\\/\\/)/, '')}/${internalRegistry.project || 'daytona'}/${buildSnapshotRef}`\n\n const exists = await this.readySnapshotRunnerExists(snapshot.ref, regionId)\n\n if (exists) {\n snapshot.state = SnapshotState.ACTIVE\n snapshot.lastUsedAt = new Date()\n }\n\n try {\n const savedSnapshot = await this.snapshotRepository.save(snapshot)\n\n this.eventEmitter.emit(SnapshotEvents.CREATED, new SnapshotCreatedEvent(savedSnapshot))\n\n return savedSnapshot\n } catch (error) {\n if (error.code === '23505') {\n // PostgreSQL unique violation error code\n throw new ConflictException(\n `Snapshot with name \"${createSnapshotDto.name}\" already exists for this organization`,\n )\n }\n throw error\n }\n } catch (error) {\n await this.rollbackPendingUsage(organization.id, pendingSnapshotCountIncrement)\n throw error\n }\n }\n\n async removeSnapshot(snapshotId: string) {\n const snapshot = await this.snapshotRepository.findOne({\n where: { id: snapshotId },\n })\n\n if (!snapshot) {\n throw new NotFoundException(`Snapshot ${snapshotId} not found`)\n }\n if (snapshot.general) {\n throw new ForbiddenException('You cannot delete a general snapshot')\n }\n snapshot.state = SnapshotState.REMOVING\n await this.snapshotRepository.save(snapshot)\n }\n\n async getAllSnapshots(\n organizationId: string,\n page = 1,\n limit = 10,\n filters?: { name?: string },\n sort?: { field?: SnapshotSortField; direction?: SnapshotSortDirection },\n ): Promise> {\n const pageNum = Number(page)\n const limitNum = Number(limit)\n\n const { name } = filters || {}\n const { field: sortField, direction: sortDirection } = sort || {}\n\n const baseFindOptions: FindOptionsWhere = {\n ...(name ? { name: ILike(`%${name}%`) } : {}),\n }\n\n // Retrieve all snapshots belonging to the organization as well as all general snapshots\n const where: FindOptionsWhere[] = [\n {\n ...baseFindOptions,\n organizationId,\n },\n {\n ...baseFindOptions,\n general: true,\n hideFromUsers: false,\n },\n ]\n\n const [items, total] = await this.snapshotRepository.findAndCount({\n where,\n relations: ['snapshotRegions'],\n order: {\n general: 'ASC', // Sort general snapshots last\n [sortField]: {\n direction: sortDirection,\n nulls: 'LAST',\n },\n ...(sortField !== SnapshotSortField.CREATED_AT && { createdAt: 'DESC' }),\n },\n skip: (pageNum - 1) * limitNum,\n take: limitNum,\n })\n\n // Filter out snapshot regions that are not available to the organization\n const availableRegions = await this.organizationService.listAvailableRegions(organizationId)\n const availableRegionIds = new Set(availableRegions.map((r) => r.id))\n\n for (const snapshot of items) {\n if (snapshot.snapshotRegions) {\n snapshot.snapshotRegions = snapshot.snapshotRegions.filter((sr) => availableRegionIds.has(sr.regionId))\n }\n }\n\n return {\n items,\n total,\n page: pageNum,\n totalPages: Math.ceil(total / limit),\n }\n }\n\n async getSnapshot(snapshotId: string): Promise {\n const snapshot = await this.snapshotRepository.findOne({\n where: { id: snapshotId },\n })\n\n if (!snapshot) {\n throw new NotFoundException(`Snapshot ${snapshotId} not found`)\n }\n\n return snapshot\n }\n\n async getSnapshotWithRegions(snapshotIdOrName: string, organizationId: string): Promise {\n const where: FindOptionsWhere[] = [\n { name: snapshotIdOrName, organizationId },\n { name: snapshotIdOrName, general: true },\n ]\n if (isUUID(snapshotIdOrName)) {\n where.push({ id: snapshotIdOrName })\n }\n\n const snapshot = await this.snapshotRepository.findOne({\n where,\n relations: ['snapshotRegions'],\n order: { general: 'ASC' },\n })\n\n if (!snapshot) {\n throw new NotFoundException(`Snapshot ${snapshotIdOrName} not found`)\n }\n\n const availableRegions = await this.organizationService.listAvailableRegions(organizationId)\n const availableRegionIds = new Set(availableRegions.map((r) => r.id))\n if (snapshot.snapshotRegions) {\n snapshot.snapshotRegions = snapshot.snapshotRegions.filter((sr) => availableRegionIds.has(sr.regionId))\n }\n\n return snapshot\n }\n\n async getSnapshotByName(snapshotName: string, organizationId: string): Promise {\n const snapshot = await this.snapshotRepository.findOne({\n where: { name: snapshotName, organizationId },\n })\n\n if (!snapshot) {\n // check if the snapshot is general\n const generalSnapshot = await this.snapshotRepository.findOne({\n where: { name: snapshotName, general: true },\n })\n if (generalSnapshot) {\n return generalSnapshot\n }\n\n throw new NotFoundException(`Snapshot with name ${snapshotName} not found`)\n }\n\n return snapshot\n }\n\n async setSnapshotGeneralStatus(snapshotId: string, general: boolean) {\n const snapshot = await this.snapshotRepository.findOne({\n where: { id: snapshotId },\n })\n\n if (!snapshot) {\n throw new NotFoundException(`Snapshot ${snapshotId} not found`)\n }\n\n snapshot.general = general\n return await this.snapshotRepository.save(snapshot)\n }\n\n async getBuildLogsUrl(snapshot: Snapshot): Promise {\n if (!snapshot.initialRunnerId) {\n throw new NotFoundException(`Snapshot ${snapshot.id} has no initial runner`)\n }\n\n const runner = await this.runnerService.findOneOrFail(snapshot.initialRunnerId)\n const region = await this.regionService.findOne(runner.region, true)\n\n if (!region) {\n throw new NotFoundException(`Region for initial runner for snapshot ${snapshot.id} not found`)\n }\n\n if (!region.proxyUrl) {\n return `${this.configService.getOrThrow('proxy.protocol')}://${this.configService.getOrThrow('proxy.domain')}/snapshots/${snapshot.id}/build-logs`\n }\n\n return region.proxyUrl + '/snapshots/' + snapshot.id + '/build-logs'\n }\n\n private async validateOrganizationQuotas(\n organization: Organization,\n addedSnapshotCount: number,\n cpu?: number,\n memory?: number,\n disk?: number,\n ): Promise<{\n pendingSnapshotCountIncremented: boolean\n }> {\n // validate per-sandbox quotas\n if (cpu && cpu > organization.maxCpuPerSandbox) {\n throw new ForbiddenException(\n `CPU request ${cpu} exceeds maximum allowed per sandbox (${organization.maxCpuPerSandbox}).\\n${PER_SANDBOX_LIMIT_MESSAGE}`,\n )\n }\n if (memory && memory > organization.maxMemoryPerSandbox) {\n throw new ForbiddenException(\n `Memory request ${memory}GB exceeds maximum allowed per sandbox (${organization.maxMemoryPerSandbox}GB).\\n${PER_SANDBOX_LIMIT_MESSAGE}`,\n )\n }\n if (disk && disk > organization.maxDiskPerSandbox) {\n throw new ForbiddenException(\n `Disk request ${disk}GB exceeds maximum allowed per sandbox (${organization.maxDiskPerSandbox}GB).\\n${PER_SANDBOX_LIMIT_MESSAGE}`,\n )\n }\n\n // validate usage quotas\n await this.organizationUsageService.incrementPendingSnapshotUsage(organization.id, addedSnapshotCount)\n\n const usageOverview = await this.organizationUsageService.getSnapshotUsageOverview(organization.id)\n\n try {\n if (usageOverview.currentSnapshotUsage + usageOverview.pendingSnapshotUsage > organization.snapshotQuota) {\n throw new ForbiddenException(`Snapshot quota exceeded. Maximum allowed: ${organization.snapshotQuota}`)\n }\n } catch (error) {\n await this.rollbackPendingUsage(organization.id, addedSnapshotCount)\n throw error\n }\n\n return {\n pendingSnapshotCountIncremented: true,\n }\n }\n\n async rollbackPendingUsage(organizationId: string, pendingSnapshotCountIncrement?: number): Promise {\n if (!pendingSnapshotCountIncrement) {\n return\n }\n\n try {\n await this.organizationUsageService.decrementPendingSnapshotUsage(organizationId, pendingSnapshotCountIncrement)\n } catch (error) {\n this.logger.error(`Error rolling back pending snapshot usage: ${error}`)\n }\n }\n\n @OnEvent(SandboxEvents.CREATED)\n private async handleSandboxCreatedEvent(event: SandboxCreatedEvent) {\n if (!event.sandbox.snapshot) {\n return\n }\n\n // Update once per minute at most\n if (!(await this.redisLockProvider.lock(`snapshot:${event.sandbox.snapshot}:update-last-used`, 60))) {\n return\n }\n\n const snapshot = await this.getSnapshotByName(event.sandbox.snapshot, event.sandbox.organizationId)\n snapshot.lastUsedAt = event.sandbox.createdAt\n await this.snapshotRepository.save(snapshot)\n }\n\n async activateSnapshot(snapshotId: string, organization: Organization): Promise {\n const lockKey = `snapshot:${snapshotId}:activate`\n await this.redisLockProvider.waitForLock(lockKey, 60)\n\n let pendingSnapshotCountIncrement: number | undefined\n\n try {\n const snapshot = await this.snapshotRepository.findOne({\n where: { id: snapshotId },\n })\n\n if (!snapshot) {\n throw new NotFoundException(`Snapshot ${snapshotId} not found`)\n }\n\n if (snapshot.state === SnapshotState.ACTIVE) {\n throw new BadRequestException(`Snapshot ${snapshotId} is already active`)\n }\n\n if (snapshot.state !== SnapshotState.INACTIVE) {\n throw new BadRequestException(`Snapshot ${snapshotId} cannot be activated - it is in ${snapshot.state} state`)\n }\n\n this.organizationService.assertOrganizationIsNotSuspended(organization)\n\n const activatedSnapshotCount = 1\n\n const { pendingSnapshotCountIncremented } = await this.validateOrganizationQuotas(\n organization,\n activatedSnapshotCount,\n snapshot.cpu,\n snapshot.mem,\n snapshot.disk,\n )\n\n if (pendingSnapshotCountIncremented) {\n pendingSnapshotCountIncrement = activatedSnapshotCount\n }\n\n snapshot.state = SnapshotState.PENDING\n const savedSnapshot = await this.snapshotRepository.save(snapshot)\n\n this.eventEmitter.emit(SnapshotEvents.ACTIVATED, new SnapshotActivatedEvent(savedSnapshot))\n\n return savedSnapshot\n } catch (error) {\n await this.rollbackPendingUsage(organization.id, pendingSnapshotCountIncrement)\n throw error\n } finally {\n await this.redisLockProvider.unlock(lockKey)\n }\n }\n\n async canCleanupImage(imageName: string): Promise {\n const snapshot = await this.snapshotRepository.findOne({\n where: {\n state: Not(In([SnapshotState.ERROR, SnapshotState.BUILD_FAILED])),\n ref: imageName,\n },\n })\n\n if (snapshot) {\n return false\n }\n\n const sandbox = await this.sandboxRepository.findOne({\n where: [\n {\n existingBackupSnapshots: Raw((alias) => `${alias} @> '[{\"snapshotName\":\"${imageName}\"}]'::jsonb`),\n },\n {\n existingBackupSnapshots: Raw((alias) => `${alias} @> '[{\"imageName\":\"${imageName}\"}]'::jsonb`),\n },\n {\n backupSnapshot: imageName,\n },\n ],\n })\n\n if (sandbox && sandbox.state !== SandboxState.DESTROYED) {\n return false\n }\n\n return true\n }\n\n async deactivateSnapshot(snapshotId: string): Promise {\n const snapshot = await this.snapshotRepository.findOne({\n where: { id: snapshotId },\n })\n\n if (!snapshot) {\n throw new NotFoundException(`Snapshot ${snapshotId} not found`)\n }\n\n if (snapshot.state === SnapshotState.INACTIVE) {\n return\n }\n\n snapshot.state = SnapshotState.INACTIVE\n await this.snapshotRepository.save(snapshot)\n\n try {\n const countActiveSnapshots = await this.snapshotRepository.count({\n where: {\n state: SnapshotState.ACTIVE,\n ref: snapshot.ref,\n },\n })\n\n if (countActiveSnapshots === 0) {\n // Set associated SnapshotRunner records to REMOVING state\n const result = await this.snapshotRunnerRepository.update(\n { snapshotRef: snapshot.ref },\n { state: SnapshotRunnerState.REMOVING },\n )\n this.logger.debug(\n `Deactivated snapshot ${snapshot.id} and marked ${result.affected} SnapshotRunners for removal`,\n )\n }\n } catch (error) {\n this.logger.error(`Deactivated snapshot ${snapshot.id}, but failed to mark snapshot runners for removal`, error)\n }\n }\n\n // TODO: revise/cleanup\n getEntrypointFromDockerfile(dockerfileContent: string): string[] {\n // Match ENTRYPOINT with either a string or JSON array\n const entrypointMatch = dockerfileContent.match(/ENTRYPOINT\\s+(.*)/)\n if (entrypointMatch) {\n const rawEntrypoint = entrypointMatch[1].trim()\n try {\n // Try parsing as JSON array\n const parsed = JSON.parse(rawEntrypoint)\n if (Array.isArray(parsed)) {\n return parsed\n }\n } catch {\n // Fallback: it's probably a plain string\n return [rawEntrypoint.replace(/[\"']/g, '')]\n }\n }\n\n return ['sleep', 'infinity']\n }\n\n /**\n * Validates and returns a region ID for snapshot availability.\n *\n * @param organization - The organization which is creating the snapshot.\n * @param regionId - The requested region ID. If omitted, the organization's default region is used.\n * @returns The validated region ID\n * @throws {NotFoundException} If the requested region is not available to the organization\n */\n private async getValidatedOrDefaultRegionId(organization: Organization, regionId?: string): Promise {\n if (!regionId) {\n return organization.defaultRegionId\n }\n\n const region = await this.regionRepository.findOne({\n where: { id: regionId },\n })\n\n if (!region) {\n throw new NotFoundException('Region not found')\n }\n\n const availableRegions = await this.organizationService.listAvailableRegions(organization.id)\n\n if (!availableRegions.some((r) => r.id === regionId)) {\n if (region.regionType === RegionType.SHARED) {\n // region is public, but the organization does not have a quota for it\n throw new ForbiddenException(`Region ${regionId} is not available to the organization`)\n } else {\n // region is not public, respond as if the region was not found\n throw new NotFoundException('Region not found')\n }\n }\n\n return regionId\n }\n\n /**\n * @param snapshotId\n * @returns The regions where the snapshot is configured to be propagated to.\n */\n async getSnapshotRegions(snapshotId: string): Promise {\n return await this.regionRepository\n .createQueryBuilder('r')\n .innerJoin('snapshot_region', 'sr', 'sr.\"regionId\" = r.id')\n .where('sr.\"snapshotId\" = :snapshotId', { snapshotId })\n .getMany()\n }\n\n /**\n * @param snapshotId - The ID of the snapshot.\n * @param regionId - The ID of the region.\n * @returns true if the snapshot is available in the region, false otherwise.\n */\n async isAvailableInRegion(snapshotId: string, regionId: string): Promise {\n return await this.snapshotRegionRepository.exists({\n where: {\n snapshotId,\n regionId,\n },\n })\n }\n\n @OnEvent(OrganizationEvents.SUSPENDED_SNAPSHOT_DEACTIVATED)\n async handleSuspendedOrganizationSnapshotDeactivated(event: OrganizationSuspendedSnapshotDeactivatedEvent) {\n await this.deactivateSnapshot(event.snapshotId).catch((error) => {\n // log the error for now, but don't throw it as it will be retried\n this.logger.error(\n `Error deactivating snapshot from suspended organization. SnapshotId: ${event.snapshotId}: `,\n error,\n )\n })\n }\n\n @OnAsyncEvent({\n event: RunnerEvents.DELETED,\n })\n async handleRunnerDeletedEvent(payload: RunnerDeletedEvent): Promise {\n await payload.entityManager.update(\n SnapshotRunner,\n { runnerId: payload.runnerId },\n { state: SnapshotRunnerState.REMOVING },\n )\n }\n}\n" }, { "path": "apps/api/src/sandbox/services/toolbox.deprecated.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, NotFoundException, HttpException, BadRequestException, Logger } from '@nestjs/common'\nimport { Sandbox } from '../entities/sandbox.entity'\nimport { Runner } from '../entities/runner.entity'\nimport axios from 'axios'\nimport { SandboxState } from '../enums/sandbox-state.enum'\nimport { RedisLockProvider } from '../common/redis-lock.provider'\nimport { SandboxService } from './sandbox.service'\nimport { RunnerService } from './runner.service'\nimport { SandboxRepository } from '../repositories/sandbox.repository'\n\n@Injectable()\nexport class ToolboxService {\n private readonly logger = new Logger(ToolboxService.name)\n\n constructor(\n private readonly sandboxRepository: SandboxRepository,\n private readonly redisLockProvider: RedisLockProvider,\n private readonly sandboxService: SandboxService,\n private readonly runnerService: RunnerService,\n ) {}\n\n async forwardRequestToRunner(sandboxId: string, method: string, path: string, data?: any): Promise {\n const runner = await this.getRunner(sandboxId)\n\n if (!runner.proxyUrl) {\n throw new NotFoundException(`Runner for sandbox ${sandboxId} has no proxy URL`)\n }\n\n const maxRetries = 5\n let attempt = 1\n\n while (attempt <= maxRetries) {\n try {\n const headers: any = {\n Authorization: `Bearer ${runner.apiKey}`,\n }\n\n // Only set Content-Type for requests with body data\n if (data && typeof data === 'object' && Object.keys(data).length > 0) {\n headers['Content-Type'] = 'application/json'\n }\n\n const requestConfig: any = {\n method,\n url: `${runner.proxyUrl}/sandboxes/${sandboxId}${path}`,\n headers,\n maxBodyLength: 209715200, // 200MB in bytes\n maxContentLength: 209715200, // 200MB in bytes\n timeout: 360000, // 360 seconds\n }\n\n // Only add data if it's not an empty string or undefined\n if (data !== undefined && data !== '') {\n requestConfig.data = data\n }\n\n const response = await axios(requestConfig)\n return response.data\n } catch (error) {\n if (error.message.includes('ECONNREFUSED')) {\n if (attempt === maxRetries) {\n throw new HttpException('Failed to connect to runner after multiple attempts', 500)\n }\n // Wait for attempt * 1000ms (1s, 2s, 3s)\n await new Promise((resolve) => setTimeout(resolve, attempt * 1000))\n attempt++\n continue\n }\n // If it's an axios error with a response, throw a NestJS HttpException\n if (error.response) {\n throw new HttpException(error.response.data, error.response.status)\n }\n\n // For other types of errors, throw a generic 500 error\n throw new HttpException(`Error forwarding request to runner: ${error.message}`, 500)\n }\n }\n }\n\n public async getRunner(sandboxId: string): Promise {\n let sandbox: Sandbox | null = null\n try {\n sandbox = await this.sandboxRepository.findOne({\n where: { id: sandboxId },\n })\n\n if (!sandbox) {\n throw new NotFoundException('Sandbox not found')\n }\n\n const runner = await this.runnerService.findOneOrFail(sandbox.runnerId)\n\n if (sandbox.state !== SandboxState.STARTED) {\n throw new BadRequestException('Sandbox is not running')\n }\n\n return runner\n } finally {\n const lockKey = `sandbox-last-activity-${sandboxId}`\n const acquired = await this.redisLockProvider.lock(lockKey, 10)\n\n // redis for cooldown period - 10 seconds\n // prevents database flooding when multiple requests are made at the same time\n if (acquired) {\n await this.sandboxService.updateLastActivityAt(sandboxId, new Date())\n }\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/services/volume.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n ConflictException,\n ForbiddenException,\n Injectable,\n Logger,\n NotFoundException,\n ServiceUnavailableException,\n} from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { Repository, Not, In } from 'typeorm'\nimport { Volume } from '../entities/volume.entity'\nimport { VolumeState } from '../enums/volume-state.enum'\nimport { CreateVolumeDto } from '../dto/create-volume.dto'\nimport { v4 as uuidv4 } from 'uuid'\nimport { BadRequestError } from '../../exceptions/bad-request.exception'\nimport { Organization } from '../../organization/entities/organization.entity'\nimport { OnEvent } from '@nestjs/event-emitter'\nimport { SandboxEvents } from '../constants/sandbox-events.constants'\nimport { SandboxCreatedEvent } from '../events/sandbox-create.event'\nimport { OrganizationService } from '../../organization/services/organization.service'\nimport { OrganizationUsageService } from '../../organization/services/organization-usage.service'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { RedisLockProvider } from '../common/redis-lock.provider'\nimport { SandboxRepository } from '../repositories/sandbox.repository'\nimport { SandboxDesiredState } from '../enums/sandbox-desired-state.enum'\n\n@Injectable()\nexport class VolumeService {\n private readonly logger = new Logger(VolumeService.name)\n\n constructor(\n @InjectRepository(Volume)\n private readonly volumeRepository: Repository,\n private readonly sandboxRepository: SandboxRepository,\n private readonly organizationService: OrganizationService,\n private readonly organizationUsageService: OrganizationUsageService,\n private readonly configService: TypedConfigService,\n private readonly redisLockProvider: RedisLockProvider,\n ) {}\n\n private async validateOrganizationQuotas(\n organization: Organization,\n addedVolumeCount: number,\n ): Promise<{\n pendingVolumeCountIncremented: boolean\n }> {\n // validate usage quotas\n await this.organizationUsageService.incrementPendingVolumeUsage(organization.id, addedVolumeCount)\n\n const usageOverview = await this.organizationUsageService.getVolumeUsageOverview(organization.id)\n\n try {\n if (usageOverview.currentVolumeUsage + usageOverview.pendingVolumeUsage > organization.volumeQuota) {\n throw new ForbiddenException(`Volume quota exceeded. Maximum allowed: ${organization.volumeQuota}`)\n }\n } catch (error) {\n await this.rollbackPendingUsage(organization.id, addedVolumeCount)\n throw error\n }\n\n return {\n pendingVolumeCountIncremented: true,\n }\n }\n\n async rollbackPendingUsage(organizationId: string, pendingVolumeCountIncrement?: number): Promise {\n if (!pendingVolumeCountIncrement) {\n return\n }\n\n try {\n await this.organizationUsageService.decrementPendingVolumeUsage(organizationId, pendingVolumeCountIncrement)\n } catch (error) {\n this.logger.error(`Error rolling back pending volume usage: ${error}`)\n }\n }\n\n async create(organization: Organization, createVolumeDto: CreateVolumeDto): Promise {\n if (!this.configService.get('s3.endpoint')) {\n throw new ServiceUnavailableException('Object storage is not configured')\n }\n\n let pendingVolumeCountIncrement: number | undefined\n\n try {\n this.organizationService.assertOrganizationIsNotSuspended(organization)\n\n const newVolumeCount = 1\n\n const { pendingVolumeCountIncremented } = await this.validateOrganizationQuotas(organization, newVolumeCount)\n\n if (pendingVolumeCountIncremented) {\n pendingVolumeCountIncrement = newVolumeCount\n }\n\n const volume = new Volume()\n\n // Generate ID\n volume.id = uuidv4()\n\n // Set name from DTO or use ID as default\n volume.name = createVolumeDto.name || volume.id\n\n // Check if volume with same name already exists for organization\n const existingVolume = await this.volumeRepository.findOne({\n where: {\n organizationId: organization.id,\n name: volume.name,\n state: Not(VolumeState.DELETED),\n },\n })\n\n if (existingVolume) {\n throw new BadRequestError(`Volume with name ${volume.name} already exists`)\n }\n\n volume.organizationId = organization.id\n volume.state = VolumeState.PENDING_CREATE\n\n const savedVolume = await this.volumeRepository.save(volume)\n this.logger.debug(`Created volume ${savedVolume.id} for organization ${organization.id}`)\n return savedVolume\n } catch (error) {\n await this.rollbackPendingUsage(organization.id, pendingVolumeCountIncrement)\n throw error\n }\n }\n\n async delete(volumeId: string): Promise {\n const volume = await this.volumeRepository.findOne({\n where: {\n id: volumeId,\n },\n })\n\n if (!volume) {\n throw new NotFoundException(`Volume with ID ${volumeId} not found`)\n }\n\n if (volume.state !== VolumeState.READY && volume.state !== VolumeState.ERROR) {\n throw new BadRequestError(\n `Volume must be in '${VolumeState.READY}' or '${VolumeState.ERROR}' state in order to be deleted`,\n )\n }\n\n // Check if any non-destroyed sandboxes are using this volume\n const sandboxUsingVolume = await this.sandboxRepository\n .createQueryBuilder('sandbox')\n .where('sandbox.organizationId = :organizationId', {\n organizationId: volume.organizationId,\n })\n .andWhere('sandbox.volumes @> :volFilter::jsonb', {\n volFilter: JSON.stringify([{ volumeId }]),\n })\n .andWhere('sandbox.desiredState != :destroyed', {\n destroyed: SandboxDesiredState.DESTROYED,\n })\n .select(['sandbox.id', 'sandbox.name'])\n .getOne()\n\n if (sandboxUsingVolume) {\n throw new ConflictException(\n `Volume cannot be deleted because it is in use by one or more sandboxes (e.g. ${sandboxUsingVolume.name})`,\n )\n }\n\n // Update state to mark as deleting\n volume.state = VolumeState.PENDING_DELETE\n await this.volumeRepository.save(volume)\n this.logger.debug(`Marked volume ${volumeId} for deletion`)\n }\n\n async findOne(volumeId: string): Promise {\n const volume = await this.volumeRepository.findOne({\n where: { id: volumeId },\n })\n\n if (!volume) {\n throw new NotFoundException(`Volume with ID ${volumeId} not found`)\n }\n\n return volume\n }\n\n async findAll(organizationId: string, includeDeleted = false): Promise {\n return this.volumeRepository.find({\n where: {\n organizationId,\n ...(includeDeleted ? {} : { state: Not(VolumeState.DELETED) }),\n },\n order: {\n lastUsedAt: {\n direction: 'DESC',\n nulls: 'LAST',\n },\n createdAt: 'DESC',\n },\n })\n }\n\n async findByName(organizationId: string, name: string): Promise {\n const volume = await this.volumeRepository.findOne({\n where: {\n organizationId,\n name,\n state: Not(VolumeState.DELETED),\n },\n })\n\n if (!volume) {\n throw new NotFoundException(`Volume with name ${name} not found`)\n }\n\n return volume\n }\n\n async validateVolumes(organizationId: string, volumeIdOrNames: string[]): Promise {\n if (!volumeIdOrNames.length) {\n return\n }\n\n const volumes = await this.volumeRepository.find({\n where: [\n { id: In(volumeIdOrNames), organizationId, state: Not(VolumeState.DELETED) },\n { name: In(volumeIdOrNames), organizationId, state: Not(VolumeState.DELETED) },\n ],\n })\n\n // Check if all requested volumes were found and are in a READY state\n const foundIds = new Set(volumes.map((v) => v.id))\n const foundNames = new Set(volumes.map((v) => v.name))\n\n for (const idOrName of volumeIdOrNames) {\n if (!foundIds.has(idOrName) && !foundNames.has(idOrName)) {\n throw new NotFoundException(`Volume '${idOrName}' not found`)\n }\n }\n\n for (const volume of volumes) {\n if (volume.state !== VolumeState.READY) {\n throw new BadRequestError(`Volume '${volume.name}' is not in a ready state. Current state: ${volume.state}`)\n }\n }\n }\n\n async getOrganizationId(params: { id: string } | { name: string; organizationId: string }): Promise {\n if ('id' in params) {\n const volume = await this.volumeRepository.findOneOrFail({\n where: {\n id: params.id,\n },\n select: ['organizationId'],\n loadEagerRelations: false,\n })\n return volume.organizationId\n }\n\n const volume = await this.volumeRepository.findOneOrFail({\n where: {\n name: params.name,\n organizationId: params.organizationId,\n },\n select: ['organizationId'],\n loadEagerRelations: false,\n })\n\n return volume.organizationId\n }\n\n @OnEvent(SandboxEvents.CREATED)\n private async handleSandboxCreatedEvent(event: SandboxCreatedEvent) {\n if (!event.sandbox.volumes.length) {\n return\n }\n\n try {\n const volumeIds = event.sandbox.volumes.map((vol) => vol.volumeId)\n const volumes = await this.volumeRepository.find({ where: { id: In(volumeIds) } })\n\n const results = await Promise.allSettled(\n volumes.map(async (volume) => {\n // Update once per minute at most\n if (!(await this.redisLockProvider.lock(`volume:${volume.id}:update-last-used`, 60))) {\n return\n }\n volume.lastUsedAt = event.sandbox.createdAt\n return this.volumeRepository.save(volume)\n }),\n )\n\n results.forEach((result) => {\n if (result.status === 'rejected') {\n this.logger.error(\n `Failed to update volume lastUsedAt timestamp for sandbox ${event.sandbox.id}: ${result.reason}`,\n )\n }\n })\n } catch (err) {\n this.logger.error(err)\n }\n }\n}\n" }, { "path": "apps/api/src/sandbox/subscribers/runner.subscriber.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Inject, Logger } from '@nestjs/common'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { DataSource, EntitySubscriberInterface, EventSubscriber, InsertEvent, UpdateEvent } from 'typeorm'\nimport { RunnerEvents } from '../constants/runner-events'\nimport { Runner } from '../entities/runner.entity'\nimport { RunnerCreatedEvent } from '../events/runner-created.event'\nimport { RunnerStateUpdatedEvent } from '../events/runner-state-updated.event'\nimport { RunnerUnschedulableUpdatedEvent } from '../events/runner-unschedulable-updated.event'\nimport { runnerLookupCacheKeyById } from '../utils/runner-lookup-cache.util'\n\n@EventSubscriber()\nexport class RunnerSubscriber implements EntitySubscriberInterface {\n private readonly logger = new Logger(RunnerSubscriber.name)\n\n @Inject(EventEmitter2)\n private eventEmitter: EventEmitter2\n\n private dataSource: DataSource\n\n constructor(dataSource: DataSource) {\n this.dataSource = dataSource\n dataSource.subscribers.push(this)\n }\n\n listenTo() {\n return Runner\n }\n\n afterInsert(event: InsertEvent) {\n this.eventEmitter.emit(RunnerEvents.CREATED, new RunnerCreatedEvent(event.entity as Runner))\n }\n\n afterUpdate(event: UpdateEvent) {\n const updatedColumns = event.updatedColumns.map((col) => col.propertyName)\n\n updatedColumns.forEach((column) => {\n // For Repository.update(), TypeORM doesn't provide databaseEntity.\n if (!event.entity || !event.databaseEntity) {\n return\n }\n\n switch (column) {\n case 'state':\n this.eventEmitter.emit(\n RunnerEvents.STATE_UPDATED,\n new RunnerStateUpdatedEvent(event.entity as Runner, event.databaseEntity[column], event.entity[column]),\n )\n break\n case 'unschedulable':\n this.eventEmitter.emit(\n RunnerEvents.UNSCHEDULABLE_UPDATED,\n new RunnerUnschedulableUpdatedEvent(\n event.entity as Runner,\n event.databaseEntity[column],\n event.entity[column],\n ),\n )\n break\n default:\n break\n }\n })\n\n // Invalidate cached runner lookup queries on any update triggered via save().\n // Note: Repository.update() does not provide databaseEntity, so those paths\n // invalidate explicitly via RunnerService.updateRunner().\n const entity = event.entity as Runner | undefined\n if (!entity?.id) {\n return\n }\n\n const cache = this.dataSource.queryResultCache\n if (!cache) {\n return\n }\n\n cache\n .remove([runnerLookupCacheKeyById(entity.id)])\n .catch((error) =>\n this.logger.warn(\n `Failed to invalidate runner lookup cache for ${entity.id}: ${error instanceof Error ? error.message : String(error)}`,\n ),\n )\n }\n}\n" }, { "path": "apps/api/src/sandbox/subscribers/snapshot.subscriber.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Inject } from '@nestjs/common'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { DataSource, EntitySubscriberInterface, EventSubscriber, RemoveEvent, UpdateEvent } from 'typeorm'\nimport { SnapshotEvents } from '../constants/snapshot-events'\nimport { Snapshot } from '../entities/snapshot.entity'\nimport { SnapshotStateUpdatedEvent } from '../events/snapshot-state-updated.event'\nimport { SnapshotRemovedEvent } from '../events/snapshot-removed.event'\n\n@EventSubscriber()\nexport class SnapshotSubscriber implements EntitySubscriberInterface {\n @Inject(EventEmitter2)\n private eventEmitter: EventEmitter2\n\n constructor(dataSource: DataSource) {\n dataSource.subscribers.push(this)\n }\n\n listenTo() {\n return Snapshot\n }\n\n afterUpdate(event: UpdateEvent) {\n const updatedColumns = event.updatedColumns.map((col) => col.propertyName)\n\n updatedColumns.forEach((column) => {\n switch (column) {\n case 'state':\n this.eventEmitter.emit(\n SnapshotEvents.STATE_UPDATED,\n new SnapshotStateUpdatedEvent(event.entity as Snapshot, event.databaseEntity[column], event.entity[column]),\n )\n break\n default:\n break\n }\n })\n }\n\n beforeRemove(event: RemoveEvent) {\n this.eventEmitter.emit(SnapshotEvents.REMOVED, new SnapshotRemovedEvent(event.databaseEntity as Snapshot))\n }\n}\n" }, { "path": "apps/api/src/sandbox/subscribers/volume.subscriber.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Inject } from '@nestjs/common'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { DataSource, EntitySubscriberInterface, EventSubscriber, InsertEvent, UpdateEvent } from 'typeorm'\nimport { VolumeEvents } from '../constants/volume-events'\nimport { Volume } from '../entities/volume.entity'\nimport { VolumeCreatedEvent } from '../events/volume-created.event'\nimport { VolumeStateUpdatedEvent } from '../events/volume-state-updated.event'\nimport { VolumeLastUsedAtUpdatedEvent } from '../events/volume-last-used-at-updated.event'\n\n@EventSubscriber()\nexport class VolumeSubscriber implements EntitySubscriberInterface {\n @Inject(EventEmitter2)\n private eventEmitter: EventEmitter2\n\n constructor(dataSource: DataSource) {\n dataSource.subscribers.push(this)\n }\n\n listenTo() {\n return Volume\n }\n\n afterInsert(event: InsertEvent) {\n this.eventEmitter.emit(VolumeEvents.CREATED, new VolumeCreatedEvent(event.entity as Volume))\n }\n\n afterUpdate(event: UpdateEvent) {\n const updatedColumns = event.updatedColumns.map((col) => col.propertyName)\n\n updatedColumns.forEach((column) => {\n switch (column) {\n case 'state':\n this.eventEmitter.emit(\n VolumeEvents.STATE_UPDATED,\n new VolumeStateUpdatedEvent(event.entity as Volume, event.databaseEntity[column], event.entity[column]),\n )\n break\n case 'lastUsedAt':\n this.eventEmitter.emit(\n VolumeEvents.LAST_USED_AT_UPDATED,\n new VolumeLastUsedAtUpdatedEvent(event.entity as Volume),\n )\n break\n default:\n break\n }\n })\n }\n}\n" }, { "path": "apps/api/src/sandbox/utils/lock-key.util.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport function getStateChangeLockKey(id: string): string {\n return `sandbox:${id}:state-change`\n}\n" }, { "path": "apps/api/src/sandbox/utils/network-validation.util.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\nimport { isIPv4 } from 'net'\n\n/**\n * Validates network allow list to ensure valid CIDR network addresses are allowed\n * @param networkAllowList - Comma-separated string of network addresses\n * @returns null if valid, error message string if invalid\n */\nexport function validateNetworkAllowList(networkAllowList: string): void {\n const networks = networkAllowList.split(',').map((net: string) => net.trim())\n\n for (const network of networks) {\n if (!network) continue // Skip empty entries\n\n const [ipAddress, prefixLength] = network.split('/')\n\n if (!isIPv4(ipAddress)) {\n throw new Error(`Invalid IP address: \"${ipAddress}\" in network \"${network}\". Must be a valid IPv4 address`)\n }\n\n if (!prefixLength) {\n throw new Error(`Invalid network format: \"${network}\". Missing CIDR prefix length (e.g., /24)`)\n }\n\n // Validate CIDR prefix length (0-32 for IPv4)\n const prefix = parseInt(prefixLength, 10)\n if (prefix < 0 || prefix > 32) {\n throw new Error(`Invalid CIDR prefix length: ${network}. Prefix must be between 0 and 32`)\n }\n }\n\n if (networks.length > 10) {\n throw new Error(`Network allow list cannot contain more than 10 networks`)\n }\n}\n" }, { "path": "apps/api/src/sandbox/utils/runner-lookup-cache.util.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const RUNNER_LOOKUP_CACHE_TTL_MS = 60_000\n\nexport function runnerLookupCacheKeyById(runnerId: string): string {\n return `runner:lookup:by-id:${runnerId}`\n}\n" }, { "path": "apps/api/src/sandbox/utils/sandbox-lookup-cache.util.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const SANDBOX_LOOKUP_CACHE_TTL_MS = 10_000\nexport const SANDBOX_BUILD_INFO_CACHE_TTL_MS = 60_000\nexport const SANDBOX_ORG_ID_CACHE_TTL_MS = 60_000\nexport const TOOLBOX_PROXY_URL_CACHE_TTL_S = 30 * 60 // 30 minutes\n\ntype SandboxLookupCacheKeyArgs = {\n organizationId?: string | null\n returnDestroyed?: boolean\n}\n\nexport function sandboxLookupCacheKeyById(args: SandboxLookupCacheKeyArgs & { sandboxId: string }): string {\n const organizationId = args.organizationId ?? 'none'\n const returnDestroyed = args.returnDestroyed ? 1 : 0\n return `sandbox:lookup:by-id:org:${organizationId}:returnDestroyed:${returnDestroyed}:value:${args.sandboxId}`\n}\n\nexport function sandboxLookupCacheKeyByName(args: SandboxLookupCacheKeyArgs & { sandboxName: string }): string {\n const organizationId = args.organizationId ?? 'none'\n const returnDestroyed = args.returnDestroyed ? 1 : 0\n return `sandbox:lookup:by-name:org:${organizationId}:returnDestroyed:${returnDestroyed}:value:${args.sandboxName}`\n}\n\nexport function sandboxLookupCacheKeyByAuthToken(args: { authToken: string }): string {\n return `sandbox:lookup:by-authToken:${args.authToken}`\n}\n\ntype SandboxOrgIdCacheKeyArgs = {\n organizationId?: string\n}\n\nexport function sandboxOrgIdCacheKeyById(args: SandboxOrgIdCacheKeyArgs & { sandboxId: string }): string {\n const organizationId = args.organizationId ?? 'none'\n return `sandbox:orgId:by-id:org:${organizationId}:value:${args.sandboxId}`\n}\n\nexport function sandboxOrgIdCacheKeyByName(args: SandboxOrgIdCacheKeyArgs & { sandboxName: string }): string {\n const organizationId = args.organizationId ?? 'none'\n return `sandbox:orgId:by-name:org:${organizationId}:value:${args.sandboxName}`\n}\n\nexport function toolboxProxyUrlCacheKey(regionId: string): string {\n return `toolbox-proxy-url:region:${regionId}`\n}\n" }, { "path": "apps/api/src/sandbox/utils/sanitize-error.util.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport function sanitizeSandboxError(error: any): { recoverable: boolean; errorReason: string } {\n if (typeof error === 'string') {\n try {\n const errObj = JSON.parse(error) as { recoverable: boolean; errorReason: string }\n return { recoverable: errObj.recoverable, errorReason: errObj.errorReason }\n } catch {\n return { recoverable: false, errorReason: error }\n }\n } else if (typeof error === 'object' && error !== null && 'recoverable' in error && 'errorReason' in error) {\n return { recoverable: error.recoverable, errorReason: error.errorReason }\n } else if (typeof error === 'object' && error.message) {\n return sanitizeSandboxError(error.message)\n }\n\n return { recoverable: false, errorReason: String(error) }\n}\n" }, { "path": "apps/api/src/sandbox/utils/volume-mount-path-validation.util.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { SandboxVolume } from '../dto/sandbox.dto'\n\n/**\n * Validates mount paths for sandbox volumes to ensure they are safe and valid\n * @param volumes - Array of SandboxVolume objects to validate\n * @throws Error with descriptive message if any mount path is invalid\n */\nexport function validateMountPaths(volumes: SandboxVolume[]): void {\n const errors: string[] = []\n\n for (const volume of volumes) {\n const value = volume.mountPath\n\n if (typeof value !== 'string') {\n errors.push(`Invalid mount path ${value} (must be a string)`)\n continue\n }\n\n if (!value.startsWith('/')) {\n errors.push(`Invalid mount path ${value} (must be absolute)`)\n continue\n }\n\n if (value === '/' || value === '//') {\n errors.push(`Invalid mount path ${value} (cannot mount to the root directory)`)\n continue\n }\n\n if (value.includes('/../') || value.includes('/./') || value.endsWith('/..') || value.endsWith('/.')) {\n errors.push(`Invalid mount path ${value} (cannot contain relative path components)`)\n continue\n }\n\n if (/\\/\\/+/.test(value.slice(1))) {\n errors.push(`Invalid mount path ${value} (cannot contain consecutive slashes)`)\n continue\n }\n\n const invalidPaths = ['/proc', '/sys', '/dev', '/boot', '/etc', '/bin', '/sbin', '/lib', '/lib64']\n const matchedInvalid = invalidPaths.find((invalid) => value === invalid || value.startsWith(invalid + '/'))\n if (matchedInvalid) {\n errors.push(`Invalid mount path ${value} (cannot mount to system directory)`)\n }\n }\n\n if (errors.length > 0) {\n throw new Error(errors.join(', '))\n }\n}\n\n/**\n * Validates subpaths for sandbox volumes to ensure they are safe S3 key prefixes\n * @param volumes - Array of SandboxVolume objects to validate\n * @throws Error with descriptive message if any subpath is invalid\n */\nexport function validateSubpaths(volumes: SandboxVolume[]): void {\n const errors: string[] = []\n\n for (const volume of volumes) {\n const subpath = volume.subpath\n\n // Empty/undefined subpath is valid (means mount entire volume)\n if (!subpath) {\n continue\n }\n\n if (typeof subpath !== 'string') {\n errors.push(`Invalid subpath ${subpath} (must be a string)`)\n continue\n }\n\n // S3 keys should not start with /\n if (subpath.startsWith('/')) {\n errors.push(`Invalid subpath \"${subpath}\" (S3 key prefixes cannot start with /)`)\n continue\n }\n\n // Prevent path traversal\n if (subpath.includes('..')) {\n errors.push(`Invalid subpath \"${subpath}\" (cannot contain .. for security)`)\n continue\n }\n\n // No consecutive slashes\n if (subpath.includes('//')) {\n errors.push(`Invalid subpath \"${subpath}\" (cannot contain consecutive slashes)`)\n continue\n }\n }\n\n if (errors.length > 0) {\n throw new Error(errors.join(', '))\n }\n}\n" }, { "path": "apps/api/src/sandbox-telemetry/controllers/sandbox-telemetry.controller.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Controller, Get, Param, Query, UseGuards } from '@nestjs/common'\nimport { ApiOAuth2, ApiResponse, ApiOperation, ApiParam, ApiTags, ApiHeader, ApiBearerAuth } from '@nestjs/swagger'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { OrganizationResourceActionGuard } from '../../organization/guards/organization-resource-action.guard'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\nimport { SandboxAccessGuard } from '../../sandbox/guards/sandbox-access.guard'\nimport { CustomHeaders } from '../../common/constants/header.constants'\nimport { SandboxTelemetryService } from '../services/sandbox-telemetry.service'\nimport { LogsQueryParamsDto, TelemetryQueryParamsDto, MetricsQueryParamsDto } from '../dto/telemetry-query-params.dto'\nimport { PaginatedLogsDto } from '../dto/paginated-logs.dto'\nimport { PaginatedTracesDto } from '../dto/paginated-traces.dto'\nimport { TraceSpanDto } from '../dto/trace-span.dto'\nimport { MetricsResponseDto } from '../dto/metrics-response.dto'\nimport { RequireFlagsEnabled } from '@openfeature/nestjs-sdk'\nimport { AnalyticsApiDisabledGuard } from '../guards/analytics-api-disabled.guard'\n\n@ApiTags('sandbox')\n@Controller('sandbox')\n@ApiHeader(CustomHeaders.ORGANIZATION_ID)\n@UseGuards(CombinedAuthGuard, OrganizationResourceActionGuard, AuthenticatedRateLimitGuard, AnalyticsApiDisabledGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class SandboxTelemetryController {\n constructor(private readonly sandboxTelemetryService: SandboxTelemetryService) {}\n\n @Get(':sandboxId/telemetry/logs')\n @ApiOperation({\n summary: 'Get sandbox logs',\n operationId: 'getSandboxLogs',\n description: 'Retrieve OTEL logs for a sandbox within a time range',\n })\n @ApiParam({\n name: 'sandboxId',\n description: 'ID of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Paginated list of log entries',\n type: PaginatedLogsDto,\n })\n @UseGuards(SandboxAccessGuard)\n @RequireFlagsEnabled({ flags: [{ flagKey: 'organization_experiments', defaultValue: true }] })\n async getSandboxLogs(\n @Param('sandboxId') sandboxId: string,\n @Query() queryParams: LogsQueryParamsDto,\n ): Promise {\n return this.sandboxTelemetryService.getLogs(\n sandboxId,\n queryParams.from,\n queryParams.to,\n queryParams.page ?? 1,\n queryParams.limit ?? 100,\n queryParams.severities,\n queryParams.search,\n )\n }\n\n @Get(':sandboxId/telemetry/traces')\n @ApiOperation({\n summary: 'Get sandbox traces',\n operationId: 'getSandboxTraces',\n description: 'Retrieve OTEL traces for a sandbox within a time range',\n })\n @ApiParam({\n name: 'sandboxId',\n description: 'ID of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Paginated list of trace summaries',\n type: PaginatedTracesDto,\n })\n @UseGuards(SandboxAccessGuard)\n @RequireFlagsEnabled({ flags: [{ flagKey: 'organization_experiments', defaultValue: true }] })\n async getSandboxTraces(\n @Param('sandboxId') sandboxId: string,\n @Query() queryParams: TelemetryQueryParamsDto,\n ): Promise {\n return this.sandboxTelemetryService.getTraces(\n sandboxId,\n queryParams.from,\n queryParams.to,\n queryParams.page ?? 1,\n queryParams.limit ?? 100,\n )\n }\n\n @Get(':sandboxId/telemetry/traces/:traceId')\n @ApiOperation({\n summary: 'Get trace spans',\n operationId: 'getSandboxTraceSpans',\n description: 'Retrieve all spans for a specific trace',\n })\n @ApiParam({\n name: 'sandboxId',\n description: 'ID of the sandbox',\n type: 'string',\n })\n @ApiParam({\n name: 'traceId',\n description: 'ID of the trace',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'List of spans in the trace',\n type: [TraceSpanDto],\n })\n @UseGuards(SandboxAccessGuard)\n @RequireFlagsEnabled({ flags: [{ flagKey: 'organization_experiments', defaultValue: true }] })\n async getSandboxTraceSpans(\n @Param('sandboxId') sandboxId: string,\n @Param('traceId') traceId: string,\n ): Promise {\n return this.sandboxTelemetryService.getTraceSpans(sandboxId, traceId)\n }\n\n @Get(':sandboxId/telemetry/metrics')\n @ApiOperation({\n summary: 'Get sandbox metrics',\n operationId: 'getSandboxMetrics',\n description: 'Retrieve OTEL metrics for a sandbox within a time range',\n })\n @ApiParam({\n name: 'sandboxId',\n description: 'ID of the sandbox',\n type: 'string',\n })\n @ApiResponse({\n status: 200,\n description: 'Metrics time series data',\n type: MetricsResponseDto,\n })\n @UseGuards(SandboxAccessGuard)\n @RequireFlagsEnabled({ flags: [{ flagKey: 'organization_experiments', defaultValue: true }] })\n async getSandboxMetrics(\n @Param('sandboxId') sandboxId: string,\n @Query() queryParams: MetricsQueryParamsDto,\n ): Promise {\n return this.sandboxTelemetryService.getMetrics(sandboxId, queryParams.from, queryParams.to, queryParams.metricNames)\n }\n}\n" }, { "path": "apps/api/src/sandbox-telemetry/dto/index.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport * from './telemetry-query-params.dto'\nexport * from './log-entry.dto'\nexport * from './paginated-logs.dto'\nexport * from './trace-summary.dto'\nexport * from './trace-span.dto'\nexport * from './paginated-traces.dto'\nexport * from './metrics-response.dto'\n" }, { "path": "apps/api/src/sandbox-telemetry/dto/log-entry.dto.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'LogEntry' })\nexport class LogEntryDto {\n @ApiProperty({ description: 'Timestamp of the log entry' })\n timestamp: string\n\n @ApiProperty({ description: 'Log message body' })\n body: string\n\n @ApiProperty({ description: 'Severity level text (e.g., INFO, WARN, ERROR)' })\n severityText: string\n\n @ApiPropertyOptional({ description: 'Severity level number' })\n severityNumber?: number\n\n @ApiProperty({ description: 'Service name that generated the log' })\n serviceName: string\n\n @ApiProperty({\n type: 'object',\n description: 'Resource attributes from OTEL',\n additionalProperties: { type: 'string' },\n })\n resourceAttributes: Record\n\n @ApiProperty({ type: 'object', description: 'Log-specific attributes', additionalProperties: { type: 'string' } })\n logAttributes: Record\n\n @ApiPropertyOptional({ description: 'Associated trace ID if available' })\n traceId?: string\n\n @ApiPropertyOptional({ description: 'Associated span ID if available' })\n spanId?: string\n}\n" }, { "path": "apps/api/src/sandbox-telemetry/dto/metrics-response.dto.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'MetricDataPoint' })\nexport class MetricDataPointDto {\n @ApiProperty({ description: 'Timestamp of the data point' })\n timestamp: string\n\n @ApiProperty({ description: 'Value at this timestamp' })\n value: number\n}\n\n@ApiSchema({ name: 'MetricSeries' })\nexport class MetricSeriesDto {\n @ApiProperty({ description: 'Name of the metric' })\n metricName: string\n\n @ApiProperty({ type: [MetricDataPointDto], description: 'Data points for this metric' })\n dataPoints: MetricDataPointDto[]\n}\n\n@ApiSchema({ name: 'MetricsResponse' })\nexport class MetricsResponseDto {\n @ApiProperty({ type: [MetricSeriesDto], description: 'List of metric series' })\n series: MetricSeriesDto[]\n}\n" }, { "path": "apps/api/src/sandbox-telemetry/dto/paginated-logs.dto.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { LogEntryDto } from './log-entry.dto'\n\n@ApiSchema({ name: 'PaginatedLogs' })\nexport class PaginatedLogsDto {\n @ApiProperty({ type: [LogEntryDto], description: 'List of log entries' })\n items: LogEntryDto[]\n\n @ApiProperty({ description: 'Total number of log entries matching the query' })\n total: number\n\n @ApiProperty({ description: 'Current page number' })\n page: number\n\n @ApiProperty({ description: 'Total number of pages' })\n totalPages: number\n}\n" }, { "path": "apps/api/src/sandbox-telemetry/dto/paginated-traces.dto.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { TraceSummaryDto } from './trace-summary.dto'\n\n@ApiSchema({ name: 'PaginatedTraces' })\nexport class PaginatedTracesDto {\n @ApiProperty({ type: [TraceSummaryDto], description: 'List of trace summaries' })\n items: TraceSummaryDto[]\n\n @ApiProperty({ description: 'Total number of traces matching the query' })\n total: number\n\n @ApiProperty({ description: 'Current page number' })\n page: number\n\n @ApiProperty({ description: 'Total number of pages' })\n totalPages: number\n}\n" }, { "path": "apps/api/src/sandbox-telemetry/dto/telemetry-query-params.dto.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'\nimport { IsDateString, IsOptional, IsArray, IsString, IsNumber, Min } from 'class-validator'\nimport { Type, Transform } from 'class-transformer'\n\nexport class TelemetryQueryParamsDto {\n @ApiProperty({ type: String, format: 'date-time', description: 'Start of time range (ISO 8601)' })\n @IsDateString()\n from: string\n\n @ApiProperty({ type: String, format: 'date-time', description: 'End of time range (ISO 8601)' })\n @IsDateString()\n to: string\n\n @ApiPropertyOptional({ type: Number, default: 1, description: 'Page number (1-indexed)' })\n @IsOptional()\n @Type(() => Number)\n @IsNumber()\n @Min(1)\n page?: number = 1\n\n @ApiPropertyOptional({ type: Number, default: 100, description: 'Number of items per page' })\n @IsOptional()\n @Type(() => Number)\n @IsNumber()\n @Min(1)\n limit?: number = 100\n}\n\nexport class LogsQueryParamsDto extends TelemetryQueryParamsDto {\n @ApiPropertyOptional({\n type: [String],\n description: 'Filter by severity levels (DEBUG, INFO, WARN, ERROR)',\n })\n @IsOptional()\n @IsArray()\n @IsString({ each: true })\n @Transform(({ value }) => (Array.isArray(value) ? value : [value]))\n severities?: string[]\n\n @ApiPropertyOptional({ type: String, description: 'Search in log body' })\n @IsOptional()\n @IsString()\n search?: string\n}\n\nexport class MetricsQueryParamsDto {\n @ApiProperty({ type: String, format: 'date-time', description: 'Start of time range (ISO 8601)' })\n @IsDateString()\n from: string\n\n @ApiProperty({ type: String, format: 'date-time', description: 'End of time range (ISO 8601)' })\n @IsDateString()\n to: string\n\n @ApiPropertyOptional({\n type: [String],\n description: 'Filter by metric names',\n })\n @IsOptional()\n @IsArray()\n @IsString({ each: true })\n @Transform(({ value }) => (Array.isArray(value) ? value : [value]))\n metricNames?: string[]\n}\n" }, { "path": "apps/api/src/sandbox-telemetry/dto/trace-span.dto.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'TraceSpan' })\nexport class TraceSpanDto {\n @ApiProperty({ description: 'Trace identifier' })\n traceId: string\n\n @ApiProperty({ description: 'Span identifier' })\n spanId: string\n\n @ApiPropertyOptional({ description: 'Parent span identifier' })\n parentSpanId?: string\n\n @ApiProperty({ description: 'Span name' })\n spanName: string\n\n @ApiProperty({ description: 'Span start timestamp' })\n timestamp: string\n\n @ApiProperty({ description: 'Span duration in nanoseconds' })\n durationNs: number\n\n @ApiProperty({ type: 'object', description: 'Span attributes', additionalProperties: { type: 'string' } })\n spanAttributes: Record\n\n @ApiPropertyOptional({ description: 'Status code of the span' })\n statusCode?: string\n\n @ApiPropertyOptional({ description: 'Status message' })\n statusMessage?: string\n}\n" }, { "path": "apps/api/src/sandbox-telemetry/dto/trace-summary.dto.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'TraceSummary' })\nexport class TraceSummaryDto {\n @ApiProperty({ description: 'Unique trace identifier' })\n traceId: string\n\n @ApiProperty({ description: 'Name of the root span' })\n rootSpanName: string\n\n @ApiProperty({ description: 'Trace start time' })\n startTime: string\n\n @ApiProperty({ description: 'Trace end time' })\n endTime: string\n\n @ApiProperty({ description: 'Total duration in milliseconds' })\n durationMs: number\n\n @ApiProperty({ description: 'Number of spans in this trace' })\n spanCount: number\n\n @ApiPropertyOptional({ description: 'Status code of the trace' })\n statusCode?: string\n}\n" }, { "path": "apps/api/src/sandbox-telemetry/guards/analytics-api-disabled.guard.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { CanActivate, Injectable, ForbiddenException } from '@nestjs/common'\nimport { TypedConfigService } from '../../config/typed-config.service'\n\n@Injectable()\nexport class AnalyticsApiDisabledGuard implements CanActivate {\n constructor(private readonly configService: TypedConfigService) {}\n\n canActivate(): boolean {\n if (this.configService.get('analyticsApiUrl')) {\n throw new ForbiddenException('Telemetry endpoints are disabled when Analytics API is configured')\n }\n return true\n }\n}\n" }, { "path": "apps/api/src/sandbox-telemetry/index.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport * from './sandbox-telemetry.module'\nexport * from './services/sandbox-telemetry.service'\nexport * from './dto'\n" }, { "path": "apps/api/src/sandbox-telemetry/sandbox-telemetry.module.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { SandboxTelemetryController } from './controllers/sandbox-telemetry.controller'\nimport { SandboxTelemetryService } from './services/sandbox-telemetry.service'\nimport { SandboxModule } from '../sandbox/sandbox.module'\nimport { OrganizationModule } from '../organization/organization.module'\n\n@Module({\n imports: [SandboxModule, OrganizationModule],\n controllers: [SandboxTelemetryController],\n providers: [SandboxTelemetryService],\n exports: [SandboxTelemetryService],\n})\nexport class SandboxTelemetryModule {}\n" }, { "path": "apps/api/src/sandbox-telemetry/services/sandbox-telemetry.service.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger } from '@nestjs/common'\nimport { ClickHouseService } from '../../clickhouse/clickhouse.service'\nimport { LogEntryDto } from '../dto/log-entry.dto'\nimport { PaginatedLogsDto } from '../dto/paginated-logs.dto'\nimport { TraceSummaryDto } from '../dto/trace-summary.dto'\nimport { TraceSpanDto } from '../dto/trace-span.dto'\nimport { PaginatedTracesDto } from '../dto/paginated-traces.dto'\nimport { MetricsResponseDto, MetricSeriesDto, MetricDataPointDto } from '../dto/metrics-response.dto'\n\ninterface ClickHouseLogRow {\n Timestamp: string\n Body: string\n SeverityText: string\n SeverityNumber: number\n ServiceName: string\n ResourceAttributes: Record\n LogAttributes: Record\n TraceId: string\n SpanId: string\n}\n\ninterface ClickHouseTraceAggregateRow {\n TraceId: string\n startTime: string\n endTime: string\n spanCount: number\n rootSpanName: string\n totalDuration: number\n statusCode: string\n}\n\ninterface ClickHouseSpanRow {\n TraceId: string\n SpanId: string\n ParentSpanId: string\n SpanName: string\n Timestamp: string\n Duration: number\n SpanAttributes: Record\n StatusCode: string\n StatusMessage: string\n}\n\ninterface ClickHouseMetricRow {\n timestamp: string\n MetricName: string\n value: number\n}\n\ninterface ClickHouseCountRow {\n count: number\n}\n\n@Injectable()\nexport class SandboxTelemetryService {\n private readonly logger = new Logger(SandboxTelemetryService.name)\n\n constructor(private readonly clickhouseService: ClickHouseService) {}\n\n private getServiceName(sandboxId: string): string {\n return `sandbox-${sandboxId}`\n }\n\n isConfigured(): boolean {\n return this.clickhouseService.isConfigured()\n }\n\n async getLogs(\n sandboxId: string,\n from: string,\n to: string,\n page: number,\n limit: number,\n severities?: string[],\n search?: string,\n ): Promise {\n const serviceName = this.getServiceName(sandboxId)\n const offset = (page - 1) * limit\n\n // Build WHERE clause for optional filters\n let whereClause = `ServiceName = {serviceName:String}\n AND Timestamp >= {from:DateTime64}\n AND Timestamp <= {to:DateTime64}`\n\n if (severities && severities.length > 0) {\n whereClause += ` AND SeverityText IN ({severities:Array(String)})`\n }\n\n if (search) {\n whereClause += ` AND Body ILIKE {search:String}`\n }\n\n const params: Record = {\n serviceName,\n from: new Date(from),\n to: new Date(to),\n limit,\n offset,\n }\n\n if (severities && severities.length > 0) {\n params.severities = severities\n }\n\n if (search) {\n params.search = `%${search}%`\n }\n\n // Get total count\n const countQuery = `\n SELECT count() as count\n FROM otel_logs\n WHERE ${whereClause}\n `\n const countResult = await this.clickhouseService.query(countQuery, params)\n const total = countResult[0]?.count || 0\n\n // Get paginated logs\n const logsQuery = `\n SELECT Timestamp, Body, SeverityText, SeverityNumber, ServiceName,\n ResourceAttributes, LogAttributes, TraceId, SpanId\n FROM otel_logs\n WHERE ${whereClause}\n ORDER BY Timestamp DESC\n LIMIT {limit:UInt32} OFFSET {offset:UInt32}\n `\n const rows = await this.clickhouseService.query(logsQuery, params)\n\n const items: LogEntryDto[] = rows.map((row) => ({\n timestamp: row.Timestamp,\n body: row.Body,\n severityText: row.SeverityText,\n severityNumber: row.SeverityNumber,\n serviceName: row.ServiceName,\n resourceAttributes: row.ResourceAttributes || {},\n logAttributes: row.LogAttributes || {},\n traceId: row.TraceId || undefined,\n spanId: row.SpanId || undefined,\n }))\n\n return {\n items,\n total,\n page,\n totalPages: Math.ceil(total / limit),\n }\n }\n\n async getTraces(\n sandboxId: string,\n from: string,\n to: string,\n page: number,\n limit: number,\n ): Promise {\n const serviceName = this.getServiceName(sandboxId)\n const offset = (page - 1) * limit\n\n const params = {\n serviceName,\n from: new Date(from),\n to: new Date(to),\n limit,\n offset,\n }\n\n // Get total count of unique traces\n const countQuery = `\n SELECT count(DISTINCT TraceId) as count\n FROM otel_traces\n WHERE ServiceName = {serviceName:String}\n AND Timestamp >= {from:DateTime64}\n AND Timestamp <= {to:DateTime64}\n `\n const countResult = await this.clickhouseService.query(countQuery, params)\n const total = countResult[0]?.count || 0\n\n // Get aggregated trace data\n const tracesQuery = `\n SELECT\n TraceId,\n min(Timestamp) as startTime,\n max(Timestamp) as endTime,\n count() as spanCount,\n argMinIf(SpanName, Timestamp, ParentSpanId = '') as rootSpanName,\n max(Duration) as totalDuration,\n any(StatusCode) as statusCode\n FROM otel_traces\n WHERE ServiceName = {serviceName:String}\n AND Timestamp >= {from:DateTime64}\n AND Timestamp <= {to:DateTime64}\n GROUP BY TraceId\n ORDER BY startTime DESC\n LIMIT {limit:UInt32} OFFSET {offset:UInt32}\n `\n const rows = await this.clickhouseService.query(tracesQuery, params)\n\n const items: TraceSummaryDto[] = rows.map((row) => ({\n traceId: row.TraceId,\n rootSpanName: row.rootSpanName,\n startTime: row.startTime,\n endTime: row.endTime,\n durationMs: row.totalDuration / 1_000_000, // Convert nanoseconds to milliseconds\n spanCount: row.spanCount,\n statusCode: row.statusCode || undefined,\n }))\n\n return {\n items,\n total,\n page,\n totalPages: Math.ceil(total / limit),\n }\n }\n\n async getTraceSpans(sandboxId: string, traceId: string): Promise {\n const serviceName = this.getServiceName(sandboxId)\n\n const query = `\n SELECT TraceId, SpanId, ParentSpanId, SpanName, Timestamp, Duration,\n SpanAttributes, StatusCode, StatusMessage\n FROM otel_traces\n WHERE TraceId = {traceId:String}\n AND ServiceName = {serviceName:String}\n ORDER BY Timestamp ASC\n `\n\n const rows = await this.clickhouseService.query(query, { traceId, serviceName })\n\n return rows.map((row) => ({\n traceId: row.TraceId,\n spanId: row.SpanId,\n parentSpanId: row.ParentSpanId || undefined,\n spanName: row.SpanName,\n timestamp: row.Timestamp,\n durationNs: row.Duration,\n spanAttributes: row.SpanAttributes || {},\n statusCode: row.StatusCode || undefined,\n statusMessage: row.StatusMessage || undefined,\n }))\n }\n\n async getMetrics(sandboxId: string, from: string, to: string, metricNames?: string[]): Promise {\n const serviceName = this.getServiceName(sandboxId)\n\n let whereClause = `ServiceName = {serviceName:String}\n AND TimeUnix >= {from:DateTime64}\n AND TimeUnix <= {to:DateTime64}`\n\n const params: Record = {\n serviceName,\n from: new Date(from),\n to: new Date(to),\n }\n\n if (metricNames && metricNames.length > 0) {\n whereClause += ` AND MetricName IN ({metricNames:Array(String)})`\n params.metricNames = metricNames\n }\n\n // Query gauge metrics with 1-minute intervals\n const gaugeQuery = `\n SELECT\n toStartOfInterval(TimeUnix, INTERVAL 1 MINUTE) as timestamp,\n MetricName,\n avg(Value) as value\n FROM otel_metrics_gauge\n WHERE ${whereClause}\n GROUP BY timestamp, MetricName\n ORDER BY timestamp ASC\n `\n\n const rows = await this.clickhouseService.query(gaugeQuery, params)\n\n // Group by metric name\n const seriesMap = new Map()\n for (const row of rows) {\n if (!seriesMap.has(row.MetricName)) {\n seriesMap.set(row.MetricName, [])\n }\n seriesMap.get(row.MetricName)!.push({\n timestamp: row.timestamp,\n value: row.value,\n })\n }\n\n const series: MetricSeriesDto[] = Array.from(seriesMap.entries()).map(([metricName, dataPoints]) => ({\n metricName,\n dataPoints,\n }))\n\n return { series }\n }\n}\n" }, { "path": "apps/api/src/tracing.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { NodeSDK } from '@opentelemetry/sdk-node'\nimport { HttpInstrumentation } from '@opentelemetry/instrumentation-http'\nimport { ExpressInstrumentation } from '@opentelemetry/instrumentation-express'\nimport { NestInstrumentation } from '@opentelemetry/instrumentation-nestjs-core'\nimport { BatchSpanProcessor } from '@opentelemetry/sdk-trace-base'\nimport { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http'\nimport { CompressionAlgorithm, OTLPExporterNodeConfigBase } from '@opentelemetry/otlp-exporter-base'\nimport { resourceFromAttributes } from '@opentelemetry/resources'\nimport { ATTR_SERVICE_NAME } from '@opentelemetry/semantic-conventions'\nimport {\n ATTR_DEPLOYMENT_ENVIRONMENT_NAME,\n ATTR_SERVICE_INSTANCE_ID,\n} from '@opentelemetry/semantic-conventions/incubating'\nimport { IORedisInstrumentation } from '@opentelemetry/instrumentation-ioredis'\nimport { PgInstrumentation } from '@opentelemetry/instrumentation-pg'\nimport { KafkaJsInstrumentation } from '@opentelemetry/instrumentation-kafkajs'\nimport { getAppMode } from './common/utils/app-mode'\nimport { diag, DiagConsoleLogger, DiagLogLevel } from '@opentelemetry/api'\nimport { hostname } from 'os'\nimport { OTLPMetricExporter } from '@opentelemetry/exporter-metrics-otlp-http'\nimport { PeriodicExportingMetricReader } from '@opentelemetry/sdk-metrics'\nimport { PinoInstrumentation } from '@opentelemetry/instrumentation-pino'\nimport { RuntimeNodeInstrumentation } from '@opentelemetry/instrumentation-runtime-node'\nimport { BatchLogRecordProcessor } from '@opentelemetry/sdk-logs'\nimport { OTLPLogExporter } from '@opentelemetry/exporter-logs-otlp-http'\n\n// Enable OpenTelemetry diagnostics\ndiag.setLogger(new DiagConsoleLogger(), DiagLogLevel.WARN)\n\nconst appMode = getAppMode()\nconst serviceNameSuffix = appMode === 'api' ? 'api' : appMode === 'worker' ? 'worker' : 'api'\n\nconst otlpExporterConfig: OTLPExporterNodeConfigBase = {\n compression: CompressionAlgorithm.GZIP,\n keepAlive: true,\n}\n\nconst otelSdk = new NodeSDK({\n resource: resourceFromAttributes({\n [ATTR_SERVICE_NAME]: `daytona-${serviceNameSuffix}`,\n [ATTR_DEPLOYMENT_ENVIRONMENT_NAME]: process.env.ENVIRONMENT,\n [ATTR_SERVICE_INSTANCE_ID]: process.env.NODE_APP_INSTANCE\n ? `${hostname()}-${process.env.NODE_APP_INSTANCE}`\n : hostname(),\n }),\n instrumentations: [\n new PinoInstrumentation(),\n new HttpInstrumentation({ requireParentforOutgoingSpans: true }),\n new ExpressInstrumentation(),\n new NestInstrumentation(),\n new IORedisInstrumentation({ requireParentSpan: true }),\n new PgInstrumentation({ requireParentSpan: true }),\n new KafkaJsInstrumentation(),\n new RuntimeNodeInstrumentation(),\n ],\n logRecordProcessors: [new BatchLogRecordProcessor(new OTLPLogExporter(otlpExporterConfig))],\n spanProcessors: [new BatchSpanProcessor(new OTLPTraceExporter(otlpExporterConfig))],\n metricReaders: [\n new PeriodicExportingMetricReader({\n exporter: new OTLPMetricExporter(otlpExporterConfig),\n exportIntervalMillis: 30 * 1000,\n }),\n ],\n})\n\nexport { otelSdk }\n\nprocess.on('SIGTERM', async () => {\n console.log('SIGTERM received, shutting down OpenTelemetry SDK')\n await otelSdk.shutdown()\n console.log('OpenTelemetry SDK shut down')\n})\n" }, { "path": "apps/api/src/usage/entities/sandbox-usage-period-archive.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Column, Entity, PrimaryGeneratedColumn } from 'typeorm'\nimport { SandboxUsagePeriod } from './sandbox-usage-period.entity'\n\n// Duplicate of SandboxUsagePeriod\n// Used to archive usage periods and keep the original table lightweight\n// Will only contain closed usage periods\n@Entity('sandbox_usage_periods_archive')\nexport class SandboxUsagePeriodArchive {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @Column()\n sandboxId: string\n\n @Column()\n // Redundant property to optimize billing queries\n organizationId: string\n\n @Column({ type: 'timestamp with time zone' })\n startAt: Date\n\n @Column({ type: 'timestamp with time zone' })\n endAt: Date\n\n @Column({ type: 'float' })\n cpu: number\n\n @Column({ type: 'float' })\n gpu: number\n\n @Column({ type: 'float' })\n mem: number\n\n @Column({ type: 'float' })\n disk: number\n\n @Column()\n region: string\n\n public static fromUsagePeriod(usagePeriod: SandboxUsagePeriod) {\n const usagePeriodEntity = new SandboxUsagePeriodArchive()\n usagePeriodEntity.sandboxId = usagePeriod.sandboxId\n usagePeriodEntity.organizationId = usagePeriod.organizationId\n usagePeriodEntity.startAt = usagePeriod.startAt\n usagePeriodEntity.endAt = usagePeriod.endAt\n usagePeriodEntity.cpu = usagePeriod.cpu\n usagePeriodEntity.gpu = usagePeriod.gpu\n usagePeriodEntity.mem = usagePeriod.mem\n usagePeriodEntity.disk = usagePeriod.disk\n usagePeriodEntity.region = usagePeriod.region\n return usagePeriodEntity\n }\n}\n" }, { "path": "apps/api/src/usage/entities/sandbox-usage-period.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Column, Entity, Index, PrimaryGeneratedColumn } from 'typeorm'\n\n@Entity('sandbox_usage_periods')\n@Index('idx_sandbox_usage_periods_sandbox_end', ['sandboxId', 'endAt'])\nexport class SandboxUsagePeriod {\n @PrimaryGeneratedColumn('uuid')\n id: string\n\n @Column()\n sandboxId: string\n\n @Column()\n // Redundant property to optimize billing queries\n organizationId: string\n\n @Column({ type: 'timestamp with time zone' })\n startAt: Date\n\n @Column({ type: 'timestamp with time zone', nullable: true })\n endAt: Date | null\n\n @Column({ type: 'float' })\n cpu: number\n\n @Column({ type: 'float' })\n gpu: number\n\n @Column({ type: 'float' })\n mem: number\n\n @Column({ type: 'float' })\n disk: number\n\n @Column()\n region: string\n\n public static fromUsagePeriod(usagePeriod: SandboxUsagePeriod) {\n const usagePeriodEntity = new SandboxUsagePeriod()\n usagePeriodEntity.sandboxId = usagePeriod.sandboxId\n usagePeriodEntity.organizationId = usagePeriod.organizationId\n usagePeriodEntity.startAt = usagePeriod.startAt\n usagePeriodEntity.endAt = usagePeriod.endAt\n usagePeriodEntity.cpu = usagePeriod.cpu\n usagePeriodEntity.gpu = usagePeriod.gpu\n usagePeriodEntity.mem = usagePeriod.mem\n usagePeriodEntity.disk = usagePeriod.disk\n usagePeriodEntity.region = usagePeriod.region\n return usagePeriodEntity\n }\n}\n" }, { "path": "apps/api/src/usage/services/usage.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger, OnApplicationShutdown } from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { IsNull, LessThan, Not, Repository } from 'typeorm'\nimport { SandboxUsagePeriod } from '../entities/sandbox-usage-period.entity'\nimport { OnEvent } from '@nestjs/event-emitter'\nimport { SandboxStateUpdatedEvent } from '../../sandbox/events/sandbox-state-updated.event'\nimport { SandboxState } from '../../sandbox/enums/sandbox-state.enum'\nimport { SandboxEvents } from './../../sandbox/constants/sandbox-events.constants'\nimport { Cron, CronExpression } from '@nestjs/schedule'\nimport { RedisLockProvider } from '../../sandbox/common/redis-lock.provider'\nimport { SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION } from '../../sandbox/constants/sandbox.constants'\nimport { SandboxUsagePeriodArchive } from '../entities/sandbox-usage-period-archive.entity'\nimport { TrackableJobExecutions } from '../../common/interfaces/trackable-job-executions'\nimport { TrackJobExecution } from '../../common/decorators/track-job-execution.decorator'\nimport { setTimeout as sleep } from 'timers/promises'\nimport { LogExecution } from '../../common/decorators/log-execution.decorator'\nimport { WithInstrumentation } from '../../common/decorators/otel.decorator'\nimport { SandboxRepository } from '../../sandbox/repositories/sandbox.repository'\n\n@Injectable()\nexport class UsageService implements TrackableJobExecutions, OnApplicationShutdown {\n activeJobs = new Set()\n private readonly logger = new Logger(UsageService.name)\n\n constructor(\n @InjectRepository(SandboxUsagePeriod)\n private sandboxUsagePeriodRepository: Repository,\n private readonly redisLockProvider: RedisLockProvider,\n private readonly sandboxRepository: SandboxRepository,\n ) {}\n\n async onApplicationShutdown() {\n // wait for all active jobs to finish\n while (this.activeJobs.size > 0) {\n this.logger.log(`Waiting for ${this.activeJobs.size} active jobs to finish`)\n await sleep(1000)\n }\n }\n\n @OnEvent(SandboxEvents.STATE_UPDATED)\n @TrackJobExecution()\n async handleSandboxStateUpdate(event: SandboxStateUpdatedEvent) {\n await this.waitForLock(event.sandbox.id)\n\n try {\n switch (event.newState) {\n case SandboxState.STARTED: {\n await this.closeUsagePeriod(event.sandbox.id)\n await this.createUsagePeriod(event)\n break\n }\n case SandboxState.STOPPING:\n await this.closeUsagePeriod(event.sandbox.id)\n await this.createUsagePeriod(event, true)\n break\n case SandboxState.ERROR:\n case SandboxState.BUILD_FAILED:\n case SandboxState.ARCHIVED:\n case SandboxState.DESTROYED: {\n await this.closeUsagePeriod(event.sandbox.id)\n break\n }\n }\n } finally {\n this.releaseLock(event.sandbox.id).catch((error) => {\n this.logger.error(`Error releasing lock for sandbox ${event.sandbox.id}`, error)\n })\n }\n }\n\n private async createUsagePeriod(event: SandboxStateUpdatedEvent, diskOnly = false) {\n const usagePeriod = new SandboxUsagePeriod()\n usagePeriod.sandboxId = event.sandbox.id\n usagePeriod.startAt = new Date()\n usagePeriod.endAt = null\n if (!diskOnly) {\n usagePeriod.cpu = event.sandbox.cpu\n usagePeriod.gpu = event.sandbox.gpu\n usagePeriod.mem = event.sandbox.mem\n } else {\n usagePeriod.cpu = 0\n usagePeriod.gpu = 0\n usagePeriod.mem = 0\n }\n usagePeriod.disk = event.sandbox.disk\n usagePeriod.organizationId = event.sandbox.organizationId\n usagePeriod.region = event.sandbox.region\n\n await this.sandboxUsagePeriodRepository.save(usagePeriod)\n }\n\n private async closeUsagePeriod(sandboxId: string) {\n const lastUsagePeriod = await this.sandboxUsagePeriodRepository.findOne({\n where: {\n sandboxId,\n endAt: IsNull(),\n },\n })\n\n if (lastUsagePeriod) {\n lastUsagePeriod.endAt = new Date()\n await this.sandboxUsagePeriodRepository.save(lastUsagePeriod)\n }\n }\n\n @Cron(CronExpression.EVERY_MINUTE, { name: 'close-and-reopen-usage-periods' })\n @TrackJobExecution()\n @LogExecution('close-and-reopen-usage-periods')\n @WithInstrumentation()\n async closeAndReopenUsagePeriods() {\n if (!(await this.redisLockProvider.lock('close-and-reopen-usage-periods', 60))) {\n return\n }\n\n const usagePeriods = await this.sandboxUsagePeriodRepository.find({\n where: {\n endAt: IsNull(),\n // 1 day ago\n startAt: LessThan(new Date(Date.now() - 1000 * 60 * 60 * 24)),\n organizationId: Not(SANDBOX_WARM_POOL_UNASSIGNED_ORGANIZATION),\n },\n order: {\n startAt: 'ASC',\n },\n take: 100,\n })\n\n for (const usagePeriod of usagePeriods) {\n if (!(await this.aquireLock(usagePeriod.sandboxId))) {\n continue\n }\n\n // validate that the usage period should remain active just in case\n try {\n const sandbox = await this.sandboxRepository.findOne({\n where: {\n id: usagePeriod.sandboxId,\n },\n })\n\n await this.sandboxUsagePeriodRepository.manager.transaction(async (transactionalEntityManager) => {\n // Close usage period\n const closeTime = new Date()\n usagePeriod.endAt = closeTime\n await transactionalEntityManager.save(usagePeriod)\n\n if (\n sandbox &&\n (sandbox.state === SandboxState.STARTED ||\n sandbox.state === SandboxState.STOPPED ||\n sandbox.state === SandboxState.STOPPING)\n ) {\n // Create new usage period\n const newUsagePeriod = SandboxUsagePeriod.fromUsagePeriod(usagePeriod)\n newUsagePeriod.startAt = closeTime\n newUsagePeriod.endAt = null\n await transactionalEntityManager.save(newUsagePeriod)\n }\n })\n } catch (error) {\n this.logger.error(`Error closing and reopening usage period ${usagePeriod.sandboxId}`, error)\n } finally {\n await this.releaseLock(usagePeriod.sandboxId)\n }\n }\n\n await this.redisLockProvider.unlock('close-and-reopen-usage-periods')\n }\n\n @Cron(CronExpression.EVERY_MINUTE, { name: 'archive-usage-periods' })\n @TrackJobExecution()\n @LogExecution('archive-usage-periods')\n @WithInstrumentation()\n async archiveUsagePeriods() {\n const lockKey = 'archive-usage-periods'\n if (!(await this.redisLockProvider.lock(lockKey, 60))) {\n return\n }\n\n await this.sandboxUsagePeriodRepository.manager.transaction(async (transactionalEntityManager) => {\n const usagePeriods = await transactionalEntityManager.find(SandboxUsagePeriod, {\n where: {\n endAt: Not(IsNull()),\n },\n order: {\n startAt: 'ASC',\n },\n take: 1000,\n })\n\n if (usagePeriods.length === 0) {\n return\n }\n\n this.logger.debug(`Found ${usagePeriods.length} usage periods to archive`)\n\n await transactionalEntityManager.delete(\n SandboxUsagePeriod,\n usagePeriods.map((usagePeriod) => usagePeriod.id),\n )\n await transactionalEntityManager.save(usagePeriods.map(SandboxUsagePeriodArchive.fromUsagePeriod))\n })\n\n await this.redisLockProvider.unlock(lockKey)\n }\n\n private async waitForLock(sandboxId: string) {\n while (!(await this.aquireLock(sandboxId))) {\n await new Promise((resolve) => setTimeout(resolve, 500))\n }\n }\n\n private async aquireLock(sandboxId: string): Promise {\n return await this.redisLockProvider.lock(`usage-period-${sandboxId}`, 60)\n }\n\n private async releaseLock(sandboxId: string) {\n await this.redisLockProvider.unlock(`usage-period-${sandboxId}`)\n }\n}\n" }, { "path": "apps/api/src/usage/usage.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { TypeOrmModule } from '@nestjs/typeorm'\nimport { DataSource } from 'typeorm'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { SandboxUsagePeriod } from './entities/sandbox-usage-period.entity'\nimport { UsageService } from './services/usage.service'\nimport { RedisLockProvider } from '../sandbox/common/redis-lock.provider'\nimport { SandboxUsagePeriodArchive } from './entities/sandbox-usage-period-archive.entity'\nimport { SandboxRepository } from '../sandbox/repositories/sandbox.repository'\nimport { SandboxLookupCacheInvalidationService } from '../sandbox/services/sandbox-lookup-cache-invalidation.service'\nimport { Sandbox } from '../sandbox/entities/sandbox.entity'\n\n@Module({\n imports: [TypeOrmModule.forFeature([SandboxUsagePeriod, Sandbox, SandboxUsagePeriodArchive])],\n providers: [\n UsageService,\n RedisLockProvider,\n SandboxLookupCacheInvalidationService,\n {\n provide: SandboxRepository,\n inject: [DataSource, EventEmitter2, SandboxLookupCacheInvalidationService],\n useFactory: (\n dataSource: DataSource,\n eventEmitter: EventEmitter2,\n sandboxLookupCacheInvalidationService: SandboxLookupCacheInvalidationService,\n ) => new SandboxRepository(dataSource, eventEmitter, sandboxLookupCacheInvalidationService),\n },\n ],\n exports: [UsageService],\n})\nexport class UsageModule {}\n" }, { "path": "apps/api/src/user/constants/acount-provider-display-name.constant.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { AccountProvider } from '../enums/account-provider.enum'\n\nexport const ACCOUNT_PROVIDER_DISPLAY_NAME: Record = {\n [AccountProvider.GOOGLE]: 'Google',\n [AccountProvider.GITHUB]: 'GitHub',\n}\n" }, { "path": "apps/api/src/user/constants/user-events.constant.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport const UserEvents = {\n CREATED: 'user.created',\n DELETED: 'user.deleted',\n EMAIL_VERIFIED: 'user.email-verified',\n} as const\n" }, { "path": "apps/api/src/user/dto/account-provider.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsString } from 'class-validator'\n\n@ApiSchema({ name: 'AccountProvider' })\nexport class AccountProviderDto {\n @ApiProperty()\n @IsString()\n name: string\n\n @ApiProperty()\n @IsString()\n displayName: string\n}\n" }, { "path": "apps/api/src/user/dto/create-linked-account.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { IsString } from 'class-validator'\n\n@ApiSchema({ name: 'CreateLinkedAccount' })\nexport class CreateLinkedAccountDto {\n @ApiProperty({\n description: 'The authentication provider of the secondary account',\n })\n @IsString()\n provider: string\n\n @ApiProperty({\n description: 'The user ID of the secondary account',\n })\n @IsString()\n userId: string\n}\n" }, { "path": "apps/api/src/user/dto/create-user.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { IsBoolean, IsEnum, IsOptional, IsString } from 'class-validator'\nimport { SystemRole } from '../enums/system-role.enum'\nimport { CreateOrganizationQuotaDto } from '../../organization/dto/create-organization-quota.dto'\n\n@ApiSchema({ name: 'CreateUser' })\nexport class CreateUserDto {\n @ApiProperty()\n @IsString()\n id: string\n\n @ApiProperty()\n @IsString()\n name: string\n\n @ApiPropertyOptional()\n @IsString()\n @IsOptional()\n email?: string\n\n @ApiPropertyOptional()\n @IsOptional()\n personalOrganizationQuota?: CreateOrganizationQuotaDto\n\n @ApiPropertyOptional()\n @IsString()\n @IsOptional()\n personalOrganizationDefaultRegionId?: string\n\n @ApiPropertyOptional({\n enum: SystemRole,\n })\n @IsEnum(SystemRole)\n @IsOptional()\n role?: SystemRole\n\n @ApiPropertyOptional()\n @IsBoolean()\n @IsOptional()\n emailVerified?: boolean\n}\n" }, { "path": "apps/api/src/user/dto/update-user.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiPropertyOptional, ApiSchema } from '@nestjs/swagger'\nimport { IsBoolean, IsEnum, IsOptional, IsString } from 'class-validator'\nimport { SystemRole } from '../enums/system-role.enum'\n\n@ApiSchema({ name: 'UpdateUser' })\nexport class UpdateUserDto {\n @ApiPropertyOptional()\n @IsString()\n @IsOptional()\n name?: string\n\n @ApiPropertyOptional()\n @IsString()\n @IsOptional()\n email?: string\n\n @ApiPropertyOptional({\n enum: SystemRole,\n })\n @IsEnum(SystemRole)\n @IsOptional()\n role?: SystemRole\n\n @ApiPropertyOptional()\n @IsBoolean()\n @IsOptional()\n emailVerified?: boolean\n}\n" }, { "path": "apps/api/src/user/dto/user-public-key.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { UserPublicKey } from '../user.entity'\n\n@ApiSchema({ name: 'UserPublicKey' })\nexport class UserPublicKeyDto {\n @ApiProperty({\n description: 'Public key',\n })\n key: string\n\n @ApiProperty({\n description: 'Key name',\n })\n name: string\n\n static fromUserPublicKey(publicKey: UserPublicKey): UserPublicKeyDto {\n const dto: UserPublicKeyDto = {\n key: publicKey.key,\n name: publicKey.name,\n }\n\n return dto\n }\n}\n" }, { "path": "apps/api/src/user/dto/user.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { User } from '../user.entity'\nimport { UserPublicKeyDto } from './user-public-key.dto'\n\n@ApiSchema({ name: 'User' })\nexport class UserDto {\n @ApiProperty({\n description: 'User ID',\n })\n id: string\n\n @ApiProperty({\n description: 'User name',\n })\n name: string\n\n @ApiProperty({\n description: 'User email',\n })\n email: string\n\n @ApiProperty({\n description: 'User public keys',\n type: [UserPublicKeyDto],\n })\n publicKeys: UserPublicKeyDto[]\n\n @ApiProperty({\n description: 'Creation timestamp',\n })\n createdAt: Date\n\n static fromUser(user: User): UserDto {\n const dto: UserDto = {\n id: user.id,\n name: user.name,\n email: user.email,\n publicKeys: user.publicKeys.map(UserPublicKeyDto.fromUserPublicKey),\n createdAt: user.createdAt,\n }\n\n return dto\n }\n}\n" }, { "path": "apps/api/src/user/enums/account-provider.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum AccountProvider {\n GOOGLE = 'google-oauth2',\n GITHUB = 'github',\n}\n" }, { "path": "apps/api/src/user/enums/system-role.enum.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum SystemRole {\n ADMIN = 'admin',\n USER = 'user',\n}\n" }, { "path": "apps/api/src/user/events/user-created.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { EntityManager } from 'typeorm'\nimport { User } from '../user.entity'\nimport { CreateOrganizationQuotaDto } from '../../organization/dto/create-organization-quota.dto'\n\nexport class UserCreatedEvent {\n constructor(\n public readonly entityManager: EntityManager,\n public readonly user: User,\n public readonly personalOrganizationQuota?: CreateOrganizationQuotaDto,\n public readonly personalOrganizationDefaultRegionId?: string,\n ) {}\n}\n" }, { "path": "apps/api/src/user/events/user-deleted.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { EntityManager } from 'typeorm'\n\nexport class UserDeletedEvent {\n constructor(\n public readonly entityManager: EntityManager,\n public readonly userId: string,\n ) {}\n}\n" }, { "path": "apps/api/src/user/events/user-email-verified.event.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { EntityManager } from 'typeorm'\n\nexport class UserEmailVerifiedEvent {\n constructor(\n public readonly entityManager: EntityManager,\n public readonly userId: string,\n ) {}\n}\n" }, { "path": "apps/api/src/user/user.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n BadRequestException,\n Body,\n Controller,\n Delete,\n ForbiddenException,\n Get,\n Logger,\n NotFoundException,\n Param,\n Post,\n UnauthorizedException,\n UseGuards,\n} from '@nestjs/common'\nimport { User } from './user.entity'\nimport { UserService } from './user.service'\nimport { CreateUserDto } from './dto/create-user.dto'\nimport { ApiOAuth2, ApiTags, ApiOperation, ApiResponse, ApiBearerAuth } from '@nestjs/swagger'\nimport { CombinedAuthGuard } from '../auth/combined-auth.guard'\nimport { AuthContext } from '../common/decorators/auth-context.decorator'\nimport { AuthContext as IAuthContext } from '../common/interfaces/auth-context.interface'\nimport { UserDto } from './dto/user.dto'\nimport { SystemActionGuard } from '../auth/system-action.guard'\nimport { RequiredSystemRole } from '../common/decorators/required-role.decorator'\nimport { SystemRole } from './enums/system-role.enum'\nimport { TypedConfigService } from '../config/typed-config.service'\nimport axios from 'axios'\nimport { AccountProviderDto } from './dto/account-provider.dto'\nimport { ACCOUNT_PROVIDER_DISPLAY_NAME } from './constants/acount-provider-display-name.constant'\nimport { AccountProvider } from './enums/account-provider.enum'\nimport { CreateLinkedAccountDto } from './dto/create-linked-account.dto'\nimport { Audit, TypedRequest } from '../audit/decorators/audit.decorator'\nimport { AuditAction } from '../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../audit/enums/audit-target.enum'\nimport { AuthenticatedRateLimitGuard } from '../common/guards/authenticated-rate-limit.guard'\n\n@ApiTags('users')\n@Controller('users')\n@UseGuards(CombinedAuthGuard, AuthenticatedRateLimitGuard, SystemActionGuard)\n@ApiOAuth2(['openid', 'profile', 'email'])\n@ApiBearerAuth()\nexport class UserController {\n private readonly logger = new Logger(UserController.name)\n\n constructor(\n private readonly userService: UserService,\n private readonly configService: TypedConfigService,\n ) {}\n\n @Get('/me')\n @ApiOperation({\n summary: 'Get authenticated user',\n operationId: 'getAuthenticatedUser',\n })\n @ApiResponse({\n status: 200,\n description: 'User details',\n type: UserDto,\n })\n async getAuthenticatedUser(@AuthContext() authContext: IAuthContext): Promise {\n const user = await this.userService.findOne(authContext.userId)\n if (!user) {\n throw new NotFoundException(`User with ID ${authContext.userId} not found`)\n }\n\n return UserDto.fromUser(user)\n }\n\n @Post()\n @ApiOperation({\n summary: 'Create user',\n operationId: 'createUser',\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n @Audit({\n action: AuditAction.CREATE,\n targetType: AuditTarget.USER,\n targetIdFromResult: (result: User) => result?.id,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n id: req.body?.id,\n name: req.body?.name,\n email: req.body?.email,\n personalOrganizationQuota: req.body?.personalOrganizationQuota,\n role: req.body?.role,\n emailVerified: req.body?.emailVerified,\n }),\n },\n })\n async create(@Body() createUserDto: CreateUserDto): Promise {\n return this.userService.create(createUserDto)\n }\n\n @Get()\n @ApiOperation({\n summary: 'List all users',\n operationId: 'listUsers',\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n async findAll(): Promise {\n return this.userService.findAll()\n }\n\n @Post('/:id/regenerate-key-pair')\n @ApiOperation({\n summary: 'Regenerate user key pair',\n operationId: 'regenerateKeyPair',\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n @Audit({\n action: AuditAction.REGENERATE_KEY_PAIR,\n targetType: AuditTarget.USER,\n targetIdFromRequest: (req) => req.params.id,\n })\n async regenerateKeyPair(@Param('id') id: string): Promise {\n return this.userService.regenerateKeyPair(id)\n }\n\n @Get('/account-providers')\n @ApiOperation({\n summary: 'Get available account providers',\n operationId: 'getAvailableAccountProviders',\n })\n @ApiResponse({\n status: 200,\n description: 'Available account providers',\n type: [AccountProviderDto],\n })\n async getAvailableAccountProviders(): Promise {\n if (!this.configService.get('oidc.managementApi.enabled')) {\n this.logger.warn('OIDC Management API is not enabled')\n throw new NotFoundException()\n }\n\n const token = await this.getManagementApiToken()\n\n try {\n const response = await axios.get<{ name: string }[]>(\n `${this.configService.getOrThrow('oidc.issuer')}/api/v2/connections`,\n {\n headers: {\n Authorization: `Bearer ${token}`,\n },\n },\n )\n\n const supportedProviders = new Set([AccountProvider.GOOGLE, AccountProvider.GITHUB])\n\n const result: AccountProviderDto[] = response.data\n .filter((connection) => supportedProviders.has(connection.name as AccountProvider))\n .map((connection) => ({\n name: connection.name,\n displayName: ACCOUNT_PROVIDER_DISPLAY_NAME[connection.name as AccountProvider],\n }))\n\n return result\n } catch (error) {\n this.logger.error('Failed to get available account providers', error?.message || String(error))\n throw new UnauthorizedException()\n }\n }\n\n @Post('/linked-accounts')\n @ApiOperation({\n summary: 'Link account',\n operationId: 'linkAccount',\n })\n @ApiResponse({\n status: 204,\n description: 'Account linked successfully',\n })\n @Audit({\n action: AuditAction.LINK_ACCOUNT,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n provider: req.body?.provider,\n userId: req.body?.userId,\n }),\n },\n })\n async linkAccount(\n @AuthContext() authContext: IAuthContext,\n @Body() createLinkedAccountDto: CreateLinkedAccountDto,\n ): Promise {\n if (!this.configService.get('oidc.managementApi.enabled')) {\n this.logger.warn('OIDC Management API is not enabled')\n throw new NotFoundException()\n }\n\n const authenticatedUser = await this.userService.findOne(authContext.userId)\n if (!authenticatedUser.emailVerified) {\n throw new ForbiddenException('Please verify your email address')\n }\n\n const userToLinkId = `${createLinkedAccountDto.provider}|${createLinkedAccountDto.userId}`\n\n // Verify user doesn't already exist in our user table\n const userToLink = await this.userService.findOne(userToLinkId)\n if (userToLink) {\n throw new BadRequestException('This account is already associated with another user')\n }\n\n const token = await this.getManagementApiToken()\n\n // Verify account is eligible to be linked (must be reachable via OIDC Management API)\n try {\n await axios.get(\n `${this.configService.getOrThrow('oidc.issuer')}/api/v2/users/${encodeURIComponent(userToLinkId)}`,\n {\n headers: {\n Authorization: `Bearer ${token}`,\n },\n },\n )\n } catch (error) {\n if (axios.isAxiosError(error) && error.response?.status === 404) {\n throw new BadRequestException('Account not found or already linked to another user')\n }\n throw error\n }\n\n // Link account\n try {\n await axios.post(\n `${this.configService.getOrThrow('oidc.issuer')}/api/v2/users/${authContext.userId}/identities`,\n {\n provider: createLinkedAccountDto.provider,\n user_id: createLinkedAccountDto.userId,\n },\n {\n headers: {\n Authorization: `Bearer ${token}`,\n },\n },\n )\n } catch (error) {\n this.logger.error('Failed to link account', error?.message || String(error))\n throw new UnauthorizedException()\n }\n }\n\n @Delete('/linked-accounts/:provider/:providerUserId')\n @ApiOperation({\n summary: 'Unlink account',\n operationId: 'unlinkAccount',\n })\n @ApiResponse({\n status: 204,\n description: 'Account unlinked successfully',\n })\n @Audit({\n action: AuditAction.UNLINK_ACCOUNT,\n requestMetadata: {\n params: (req) => ({\n provider: req.params.provider,\n providerUserId: req.params.providerUserId,\n }),\n },\n })\n async unlinkAccount(\n @AuthContext() authContext: IAuthContext,\n @Param('provider') provider: string,\n @Param('providerUserId') providerUserId: string,\n ): Promise {\n if (!this.configService.get('oidc.managementApi.enabled')) {\n this.logger.warn('OIDC Management API is not enabled')\n throw new NotFoundException()\n }\n\n const token = await this.getManagementApiToken()\n\n try {\n await axios.delete(\n `${this.configService.getOrThrow('oidc.issuer')}/api/v2/users/${authContext.userId}/identities/${provider}/${providerUserId}`,\n {\n headers: {\n Authorization: `Bearer ${token}`,\n },\n },\n )\n } catch (error) {\n this.logger.error('Failed to unlink account', error?.message || String(error))\n throw new UnauthorizedException()\n }\n }\n\n @Post('/mfa/sms/enroll')\n @ApiOperation({\n summary: 'Enroll in SMS MFA',\n operationId: 'enrollInSmsMfa',\n })\n @ApiResponse({\n status: 200,\n description: 'SMS MFA enrollment URL',\n type: String,\n })\n async enrollInSmsMfa(@AuthContext() authContext: IAuthContext): Promise {\n if (!this.configService.get('oidc.managementApi.enabled')) {\n this.logger.warn('OIDC Management API is not enabled')\n throw new NotFoundException()\n }\n\n const token = await this.getManagementApiToken()\n\n try {\n const response = await axios.post(\n `${this.configService.getOrThrow('oidc.issuer')}/api/v2/guardian/enrollments/ticket`,\n {\n user_id: authContext.userId,\n },\n {\n headers: {\n Authorization: `Bearer ${token}`,\n },\n },\n )\n\n return response.data.ticket_url\n } catch (error) {\n this.logger.error('Failed to enable SMS MFA', error?.message || String(error))\n throw new UnauthorizedException()\n }\n }\n\n @Get('/:id')\n @ApiOperation({\n summary: 'Get user by ID',\n operationId: 'getUser',\n })\n @ApiResponse({\n status: 200,\n description: 'User details',\n type: UserDto,\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n async getUserById(@Param('id') id: string): Promise {\n const user = await this.userService.findOne(id)\n if (!user) {\n throw new NotFoundException(`User with ID ${id} not found`)\n }\n\n return UserDto.fromUser(user)\n }\n\n private async getManagementApiToken(): Promise {\n try {\n const tokenResponse = await axios.post(`${this.configService.getOrThrow('oidc.issuer')}/oauth/token`, {\n grant_type: 'client_credentials',\n client_id: this.configService.getOrThrow('oidc.managementApi.clientId'),\n client_secret: this.configService.getOrThrow('oidc.managementApi.clientSecret'),\n audience: this.configService.getOrThrow('oidc.managementApi.audience'),\n })\n return tokenResponse.data.access_token\n } catch (error) {\n this.logger.error('Failed to get OIDC Management API token', error?.message || String(error))\n throw new UnauthorizedException()\n }\n }\n}\n" }, { "path": "apps/api/src/user/user.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Column, CreateDateColumn, Entity, PrimaryColumn } from 'typeorm'\nimport { SystemRole } from './enums/system-role.enum'\n\nexport interface UserSSHKeyPair {\n privateKey: string\n publicKey: string\n}\n\nexport interface UserPublicKey {\n key: string\n name: string\n}\n\n@Entity()\nexport class User {\n @PrimaryColumn()\n id: string\n\n @Column()\n name: string\n\n @Column({\n default: '',\n })\n email: string\n\n @Column({\n default: false,\n })\n emailVerified: boolean\n\n @Column({\n type: 'simple-json',\n nullable: true,\n })\n keyPair: UserSSHKeyPair\n\n @Column('simple-json')\n publicKeys: UserPublicKey[]\n\n @Column({\n type: 'enum',\n enum: SystemRole,\n default: SystemRole.USER,\n })\n role: SystemRole\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n}\n" }, { "path": "apps/api/src/user/user.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { UserController } from './user.controller'\nimport { UserService } from './user.service'\nimport { TypeOrmModule } from '@nestjs/typeorm'\nimport { User } from './user.entity'\n\n@Module({\n imports: [TypeOrmModule.forFeature([User])],\n controllers: [UserController],\n providers: [UserService],\n exports: [UserService],\n})\nexport class UserModule {}\n" }, { "path": "apps/api/src/user/user.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, NotFoundException } from '@nestjs/common'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { User, UserSSHKeyPair } from './user.entity'\nimport { DataSource, ILike, In, Repository } from 'typeorm'\nimport { CreateUserDto } from './dto/create-user.dto'\nimport * as crypto from 'crypto'\nimport * as forge from 'node-forge'\nimport { EventEmitter2 } from '@nestjs/event-emitter'\nimport { UserEvents } from './constants/user-events.constant'\nimport { UpdateUserDto } from './dto/update-user.dto'\nimport { UserCreatedEvent } from './events/user-created.event'\nimport { UserDeletedEvent } from './events/user-deleted.event'\nimport { UserEmailVerifiedEvent } from './events/user-email-verified.event'\n\n@Injectable()\nexport class UserService {\n constructor(\n @InjectRepository(User)\n private readonly userRepository: Repository,\n private readonly eventEmitter: EventEmitter2,\n private readonly dataSource: DataSource,\n ) {}\n\n async create(createUserDto: CreateUserDto): Promise {\n let user = new User()\n user.id = createUserDto.id\n user.name = createUserDto.name\n const keyPair = await this.generatePrivateKey()\n user.keyPair = keyPair\n user.publicKeys = []\n user.emailVerified = createUserDto.emailVerified\n\n if (createUserDto.email) {\n user.email = createUserDto.email\n }\n\n if (createUserDto.role) {\n user.role = createUserDto.role\n }\n\n await this.dataSource.transaction(async (em) => {\n user = await em.save(user)\n await this.eventEmitter.emitAsync(\n UserEvents.CREATED,\n new UserCreatedEvent(\n em,\n user,\n createUserDto.personalOrganizationQuota,\n createUserDto.personalOrganizationDefaultRegionId,\n ),\n )\n })\n\n return user\n }\n\n async findAll(): Promise {\n return this.userRepository.find()\n }\n\n async findByIds(ids: string[]): Promise {\n if (ids.length === 0) {\n return []\n }\n\n return this.userRepository.find({\n where: {\n id: In(ids),\n },\n })\n }\n\n async findOne(id: string): Promise {\n return this.userRepository.findOne({ where: { id } })\n }\n\n async findOneOrFail(id: string): Promise {\n return this.userRepository.findOneOrFail({ where: { id } })\n }\n\n async findOneByEmail(email: string, ignoreCase = false): Promise {\n return this.userRepository.findOne({\n where: {\n email: ignoreCase ? ILike(email) : email,\n },\n })\n }\n\n async remove(id: string): Promise {\n await this.dataSource.transaction(async (em) => {\n await em.delete(User, id)\n await this.eventEmitter.emitAsync(UserEvents.DELETED, new UserDeletedEvent(em, id))\n })\n }\n\n async regenerateKeyPair(id: string): Promise {\n const user = await this.userRepository.findOneBy({ id: id })\n const keyPair = await this.generatePrivateKey()\n user.keyPair = keyPair\n return this.userRepository.save(user)\n }\n\n private generatePrivateKey(): Promise {\n const comment = 'daytona'\n\n return new Promise((resolve, reject) => {\n crypto.generateKeyPair(\n 'rsa',\n {\n modulusLength: 4096,\n publicKeyEncoding: {\n type: 'pkcs1',\n format: 'pem',\n },\n privateKeyEncoding: {\n type: 'pkcs1',\n format: 'pem',\n },\n },\n (error, publicKey, privateKey) => {\n if (error) {\n reject(error)\n } else {\n const publicKeySShEncoded = forge.ssh.publicKeyToOpenSSH(forge.pki.publicKeyFromPem(publicKey), comment)\n\n const privateKeySShEncoded = forge.ssh.privateKeyToOpenSSH(forge.pki.privateKeyFromPem(privateKey))\n\n resolve({\n publicKey: publicKeySShEncoded,\n privateKey: privateKeySShEncoded,\n })\n }\n },\n )\n })\n }\n\n // TODO: discuss if we need separate methods for updating specific fields\n async update(userId: string, updateUserDto: UpdateUserDto): Promise {\n const user = await this.userRepository.findOne({\n where: {\n id: userId,\n },\n })\n\n if (!user) {\n throw new NotFoundException(`User with ID ${userId} not found.`)\n }\n\n if (updateUserDto.name) {\n user.name = updateUserDto.name\n }\n\n if (updateUserDto.email) {\n user.email = updateUserDto.email\n }\n\n if (updateUserDto.role) {\n user.role = updateUserDto.role\n }\n\n if (updateUserDto.emailVerified) {\n user.emailVerified = updateUserDto.emailVerified\n await this.dataSource.transaction(async (em) => {\n await em.save(user)\n await this.eventEmitter.emitAsync(UserEvents.EMAIL_VERIFIED, new UserEmailVerifiedEvent(em, user.id))\n })\n }\n\n return this.userRepository.save(user)\n }\n}\n" }, { "path": "apps/api/src/webhook/README.md", "content": "# Webhook Service\n\nThis service provides webhook functionality using [Svix](https://svix.com) as the webhook delivery provider. It automatically creates Svix applications for new organizations and sends webhooks for various events.\n\n## Configuration\n\nSet the following environment variables:\n\n```bash\n# Required: Your Svix authentication token\nSVIX_AUTH_TOKEN=your_svix_auth_token_here\n\n# Optional: Custom Svix server URL (for self-hosted instances)\nSVIX_SERVER_URL=https://your-svix-instance.com\n```\n\n## API Endpoints\n\n### Get App Portal Access\n\n```http\nPOST /api/webhooks/organizations/{organizationId}/app-portal-access\n```\n\n**Response:**\n\n```json\n{\n \"url\": \"https://app.svix.com/consumer/...\"\n}\n```\n\nReturns a URL that provides access to the Svix Consumer App Portal for managing webhook endpoints, viewing delivery attempts, and monitoring webhook performance.\n\n### Send Custom Webhook\n\n```http\nPOST /api/webhooks/organizations/{organizationId}/send\n```\n\n**Request Body:**\n\n```json\n{\n \"eventType\": \"custom.event\",\n \"payload\": {\n \"message\": \"Hello from Daytona!\",\n \"timestamp\": \"2025-01-01T00:00:00.000Z\"\n },\n \"eventId\": \"optional-unique-id\"\n}\n```\n\nSends a custom webhook message to all configured endpoints for the specified organization.\n\n### Get Message Delivery Attempts\n\n```http\nGET /api/webhooks/organizations/{organizationId}/messages/{messageId}/attempts\n```\n\n**Response:**\n\n```json\n[\n {\n \"id\": \"msg_attempt_123\",\n \"status\": 200,\n \"response\": \"OK\",\n \"timestamp\": \"2025-01-01T00:00:00.000Z\"\n }\n]\n```\n\nReturns the delivery attempts for a specific webhook message, including delivery status and response details.\n\n### Get Service Status\n\n```http\nGET /api/webhooks/status\n```\n\n**Response:**\n\n```json\n{\n \"enabled\": true\n}\n```\n\nReturns the current status of the webhook service, indicating whether it's properly configured and enabled.\n\n## Automatic Events\n\nThe service automatically sends webhooks for the following events:\n\n### Sandbox Events\n\n- `sandbox.created` - When a sandbox is created\n- `sandbox.state.updated` - When sandbox state changes\n\n### Snapshot Events\n\n- `snapshot.created` - When a snapshot is created\n- `snapshot.state.updated` - When snapshot state changes\n- `snapshot.removed` - When a snapshot is removed\n\n### Volume Events\n\n- `volume.created` - When a volume is created\n- `volume.state.updated` - When volume state changes\n\n## Webhook Payload Format\n\nAll webhooks include event-specific data relevant to the resource being updated.\n\n### Example Sandbox Created Payload\n\n```json\n{\n \"id\": \"sandbox-uuid\",\n \"organizationId\": \"org-uuid\",\n \"state\": \"STARTED\",\n \"class\": \"SMALL\",\n \"createdAt\": \"2025-01-01T00:00:00.000Z\"\n}\n```\n\n### Example Sandbox State Updated Payload\n\n```json\n{\n \"id\": \"sandbox-uuid\",\n \"organizationId\": \"org-uuid\",\n \"oldState\": \"STOPPED\",\n \"newState\": \"STARTED\",\n \"updatedAt\": \"2025-01-01T00:00:00.000Z\"\n}\n```\n\n### Example Snapshot Created Payload\n\n```json\n{\n \"id\": \"snapshot-uuid\",\n \"name\": \"my-snapshot\",\n \"organizationId\": \"org-uuid\",\n \"state\": \"ACTIVE\",\n \"createdAt\": \"2025-01-01T00:00:00.000Z\"\n}\n```\n\n### Example Volume State Updated Payload\n\n```json\n{\n \"id\": \"volume-uuid\",\n \"name\": \"my-volume\",\n \"organizationId\": \"org-uuid\",\n \"oldState\": \"CREATING\",\n \"newState\": \"READY\",\n \"updatedAt\": \"2025-01-01T00:00:00.000Z\"\n}\n```\n\n## Development\n\n### Adding New Event Types\n\n1. Add the event type to `webhook-events.constants.ts`\n2. Create an event handler in `webhook-event-handler.service.ts`\n3. Use the `@OnEvent()` decorator to listen for the event\n4. Define the payload structure for the new event type\n5. Add the events to the `openapi-webhooks.ts`\n6. Generate the openapi spec\n7. Upload the new schema to the Svix dashboard\n\n### Testing\n\nUse the Svix Play webhook debugger during development:\n\n1. Set up a webhook endpoint pointing to your Svix Play URL\n2. Send test webhooks using the `/send` endpoint\n3. Check the Svix dashboard for delivery status\n4. Monitor delivery attempts through the API\n\n### Local Development\n\nFor local development without Svix:\n\n1. Set `SVIX_AUTH_TOKEN` to an empty string or invalid value\n2. The service will log warnings but continue to function\n3. Event handlers will skip webhook delivery when disabled\n4. Use the status endpoint to verify configuration\n\n## Dependencies\n\n- `svix` - Official Svix JavaScript SDK\n- `@nestjs/event-emitter` - Event handling\n- `@nestjs/common` - Core NestJS functionality\n\n### Event Flow\n\n1. System event occurs (e.g., sandbox created)\n2. Event emitter publishes the event\n3. Webhook event handler catches the event\n4. Handler calls webhook service to send webhook\n5. Service delivers webhook through Svix\n6. Delivery status is tracked and available via API\n" }, { "path": "apps/api/src/webhook/constants/webhook-events.constants.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport enum WebhookEvent {\n SANDBOX_CREATED = 'sandbox.created',\n SANDBOX_STATE_UPDATED = 'sandbox.state.updated',\n SNAPSHOT_CREATED = 'snapshot.created',\n SNAPSHOT_STATE_UPDATED = 'snapshot.state.updated',\n SNAPSHOT_REMOVED = 'snapshot.removed',\n VOLUME_CREATED = 'volume.created',\n VOLUME_STATE_UPDATED = 'volume.state.updated',\n}\n" }, { "path": "apps/api/src/webhook/controllers/webhook.controller.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Controller, Post, Get, Body, Param, UseGuards, HttpStatus, NotFoundException } from '@nestjs/common'\nimport { ApiTags, ApiOperation, ApiResponse, ApiBearerAuth, ApiHeader } from '@nestjs/swagger'\nimport { WebhookService } from '../services/webhook.service'\nimport { SendWebhookDto } from '../dto/send-webhook.dto'\nimport { CombinedAuthGuard } from '../../auth/combined-auth.guard'\nimport { CustomHeaders } from '../../common/constants/header.constants'\nimport { SystemActionGuard } from '../../auth/system-action.guard'\nimport { OrganizationAccessGuard } from '../../organization/guards/organization-access.guard'\nimport { RequiredSystemRole } from '../../common/decorators/required-role.decorator'\nimport { SystemRole } from '../../user/enums/system-role.enum'\nimport { Audit, TypedRequest } from '../../audit/decorators/audit.decorator'\nimport { AuditAction } from '../../audit/enums/audit-action.enum'\nimport { AuditTarget } from '../../audit/enums/audit-target.enum'\nimport { OrganizationService } from '../../organization/services/organization.service'\nimport { WebhookAppPortalAccessDto } from '../dto/webhook-app-portal-access.dto'\nimport { WebhookInitializationStatusDto } from '../dto/webhook-initialization-status.dto'\nimport { AuthenticatedRateLimitGuard } from '../../common/guards/authenticated-rate-limit.guard'\n\n@ApiTags('webhooks')\n@Controller('webhooks')\n@ApiHeader(CustomHeaders.ORGANIZATION_ID)\n@UseGuards(CombinedAuthGuard, SystemActionGuard, OrganizationAccessGuard, AuthenticatedRateLimitGuard)\n@ApiBearerAuth()\nexport class WebhookController {\n constructor(\n private readonly organizationService: OrganizationService,\n private readonly webhookService: WebhookService,\n ) {}\n\n @Post('organizations/:organizationId/app-portal-access')\n @ApiOperation({ summary: 'Get Svix Consumer App Portal access for an organization' })\n @ApiResponse({\n status: HttpStatus.OK,\n description: 'App Portal access generated successfully',\n type: WebhookAppPortalAccessDto,\n })\n async getAppPortalAccess(@Param('organizationId') organizationId: string): Promise {\n return this.webhookService.getAppPortalAccess(organizationId)\n }\n\n @Post('organizations/:organizationId/send')\n @ApiOperation({ summary: 'Send a webhook message to an organization' })\n @ApiResponse({\n status: HttpStatus.OK,\n description: 'Webhook message sent successfully',\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n @Audit({\n action: AuditAction.SEND_WEBHOOK_MESSAGE,\n targetType: AuditTarget.ORGANIZATION,\n targetIdFromRequest: (req) => req.params.organizationId,\n requestMetadata: {\n body: (req: TypedRequest) => ({\n eventType: req.body?.eventType,\n payload: req.body?.payload,\n eventId: req.body?.eventId,\n }),\n },\n })\n async sendWebhook(\n @Param('organizationId') organizationId: string,\n @Body() sendWebhookDto: SendWebhookDto,\n ): Promise {\n await this.webhookService.sendWebhook(\n organizationId,\n sendWebhookDto.eventType,\n sendWebhookDto.payload,\n sendWebhookDto.eventId,\n )\n }\n\n @Get('organizations/:organizationId/messages/:messageId/attempts')\n @ApiOperation({ summary: 'Get delivery attempts for a webhook message' })\n @ApiResponse({\n status: HttpStatus.OK,\n description: 'List of delivery attempts',\n type: [Object],\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n async getMessageAttempts(\n @Param('organizationId') organizationId: string,\n @Param('messageId') messageId: string,\n ): Promise {\n return this.webhookService.getMessageAttempts(organizationId, messageId)\n }\n\n @Get('status')\n @ApiOperation({ summary: 'Get webhook service status' })\n @ApiResponse({\n status: HttpStatus.OK,\n description: 'Webhook service status',\n schema: {\n type: 'object',\n properties: {\n enabled: { type: 'boolean' },\n },\n },\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n async getStatus(): Promise<{ enabled: boolean }> {\n return {\n enabled: this.webhookService.isEnabled(),\n }\n }\n\n @Get('organizations/:organizationId/initialization-status')\n @ApiOperation({ summary: 'Get webhook initialization status for an organization' })\n @ApiResponse({\n status: HttpStatus.OK,\n description: 'Webhook initialization status',\n type: WebhookInitializationStatusDto,\n })\n @ApiResponse({\n status: HttpStatus.NOT_FOUND,\n description: 'Webhook initialization status not found',\n })\n async getInitializationStatus(\n @Param('organizationId') organizationId: string,\n ): Promise {\n const status = await this.webhookService.getInitializationStatus(organizationId)\n if (!status) {\n throw new NotFoundException('Webhook initialization status not found')\n }\n return WebhookInitializationStatusDto.fromWebhookInitialization(status)\n }\n\n @Post('organizations/:organizationId/initialize')\n @ApiOperation({ summary: 'Initialize webhooks for an organization' })\n @ApiResponse({\n status: HttpStatus.CREATED,\n description: 'Webhooks initialized successfully',\n })\n @ApiResponse({\n status: HttpStatus.FORBIDDEN,\n description: 'User does not have access to this organization',\n })\n @ApiResponse({\n status: HttpStatus.NOT_FOUND,\n description: 'Organization not found',\n })\n @RequiredSystemRole(SystemRole.ADMIN)\n @Audit({\n action: AuditAction.INITIALIZE_WEBHOOKS,\n targetType: AuditTarget.ORGANIZATION,\n targetIdFromRequest: (req) => req.params.organizationId,\n })\n async initializeWebhooks(@Param('organizationId') organizationId: string): Promise {\n const organization = await this.organizationService.findOne(organizationId)\n if (!organization) {\n throw new NotFoundException('Organization not found')\n }\n\n await this.webhookService.createSvixApplication(organization)\n }\n}\n" }, { "path": "apps/api/src/webhook/dto/send-webhook.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { IsString, IsObject, IsOptional, IsEnum } from 'class-validator'\nimport { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'\nimport { WebhookEvent } from '../constants/webhook-events.constants'\n\nexport class SendWebhookDto {\n @ApiProperty({\n description: 'The type of event being sent',\n enum: WebhookEvent,\n enumName: 'WebhookEvent',\n example: 'sandbox.created',\n })\n @IsEnum(WebhookEvent)\n eventType: WebhookEvent\n\n @ApiProperty({\n description: 'The payload data to send',\n example: { id: 'sandbox-123', name: 'My Sandbox' },\n })\n @IsObject()\n payload: Record\n\n @ApiPropertyOptional({\n description: 'Optional event ID for idempotency',\n example: 'evt_1234567890abcdef',\n })\n @IsOptional()\n @IsString()\n eventId?: string\n}\n" }, { "path": "apps/api/src/webhook/dto/webhook-app-portal-access.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\n\n@ApiSchema({ name: 'WebhookAppPortalAccess' })\nexport class WebhookAppPortalAccessDto {\n @ApiProperty({\n description: 'The authentication token for the Svix consumer app portal',\n example: 'appsk_...',\n })\n token: string\n\n @ApiProperty({\n description: 'The URL to the webhook app portal',\n example: 'https://app.svix.com/app_1234567890',\n })\n url: string\n}\n" }, { "path": "apps/api/src/webhook/dto/webhook-event-payloads.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { WebhookEvent } from '../constants/webhook-events.constants'\nimport { SandboxState } from '../../sandbox/enums/sandbox-state.enum'\nimport { SandboxClass } from '../../sandbox/enums/sandbox-class.enum'\nimport { SnapshotState } from '../../sandbox/enums/snapshot-state.enum'\nimport { VolumeState } from '../../sandbox/enums/volume-state.enum'\nimport { SandboxCreatedEvent } from '../../sandbox/events/sandbox-create.event'\nimport { SandboxStateUpdatedEvent } from '../../sandbox/events/sandbox-state-updated.event'\nimport { SnapshotCreatedEvent } from '../../sandbox/events/snapshot-created.event'\nimport { SnapshotStateUpdatedEvent } from '../../sandbox/events/snapshot-state-updated.event'\nimport { SnapshotRemovedEvent } from '../../sandbox/events/snapshot-removed.event'\nimport { VolumeCreatedEvent } from '../../sandbox/events/volume-created.event'\nimport { VolumeStateUpdatedEvent } from '../../sandbox/events/volume-state-updated.event'\n\nexport abstract class BaseWebhookEventDto {\n @ApiProperty({\n description: 'Event type identifier',\n enum: WebhookEvent,\n enumName: 'WebhookEvent',\n example: 'sandbox.created',\n })\n event: string\n\n @ApiProperty({\n description: 'Timestamp when the event occurred',\n example: '2025-12-19T10:30:00.000Z',\n format: 'date-time',\n })\n timestamp: string\n}\n\n@ApiSchema({ name: 'SandboxCreatedWebhook' })\nexport class SandboxCreatedWebhookDto extends BaseWebhookEventDto {\n @ApiProperty({\n description: 'Sandbox ID',\n example: 'sandbox123',\n })\n id: string\n\n @ApiProperty({\n description: 'Organization ID',\n example: 'org123',\n })\n organizationId: string\n\n @ApiProperty({\n description: 'Sandbox state',\n enum: SandboxState,\n enumName: 'SandboxState',\n })\n state: SandboxState\n\n @ApiProperty({\n description: 'Sandbox class',\n enum: SandboxClass,\n enumName: 'SandboxClass',\n })\n class: SandboxClass\n\n @ApiProperty({\n description: 'When the sandbox was created',\n example: '2025-12-19T10:30:00.000Z',\n format: 'date-time',\n })\n createdAt: string\n\n static fromEvent(event: SandboxCreatedEvent, eventType: string): SandboxCreatedWebhookDto {\n return {\n event: eventType,\n timestamp: new Date().toISOString(),\n id: event.sandbox.id,\n organizationId: event.sandbox.organizationId,\n state: event.sandbox.state,\n class: event.sandbox.class,\n createdAt: event.sandbox.createdAt.toISOString(),\n }\n }\n}\n\n@ApiSchema({ name: 'SandboxStateUpdatedWebhook' })\nexport class SandboxStateUpdatedWebhookDto extends BaseWebhookEventDto {\n @ApiProperty({\n description: 'Sandbox ID',\n example: 'sandbox123',\n })\n id: string\n\n @ApiProperty({\n description: 'Organization ID',\n example: 'org123',\n })\n organizationId: string\n\n @ApiProperty({\n description: 'Previous state',\n enum: SandboxState,\n enumName: 'SandboxState',\n })\n oldState: SandboxState\n\n @ApiProperty({\n description: 'New state',\n enum: SandboxState,\n enumName: 'SandboxState',\n })\n newState: SandboxState\n\n @ApiProperty({\n description: 'When the sandbox was last updated',\n example: '2025-12-19T10:30:00.000Z',\n format: 'date-time',\n })\n updatedAt: string\n\n static fromEvent(event: SandboxStateUpdatedEvent, eventType: string): SandboxStateUpdatedWebhookDto {\n return {\n event: eventType,\n timestamp: new Date().toISOString(),\n id: event.sandbox.id,\n organizationId: event.sandbox.organizationId,\n oldState: event.oldState,\n newState: event.newState,\n updatedAt: event.sandbox.updatedAt.toISOString(),\n }\n }\n}\n\n@ApiSchema({ name: 'SnapshotCreatedWebhook' })\nexport class SnapshotCreatedWebhookDto extends BaseWebhookEventDto {\n @ApiProperty({\n description: 'Snapshot ID',\n example: 'snapshot123',\n })\n id: string\n\n @ApiProperty({\n description: 'Snapshot name',\n example: 'my-snapshot',\n })\n name: string\n\n @ApiProperty({\n description: 'Organization ID',\n example: 'org123',\n })\n organizationId: string\n\n @ApiProperty({\n description: 'Snapshot state',\n enum: SnapshotState,\n enumName: 'SnapshotState',\n })\n state: SnapshotState\n\n @ApiProperty({\n description: 'When the snapshot was created',\n example: '2025-12-19T10:30:00.000Z',\n format: 'date-time',\n })\n createdAt: string\n\n static fromEvent(event: SnapshotCreatedEvent, eventType: string): SnapshotCreatedWebhookDto {\n return {\n event: eventType,\n timestamp: new Date().toISOString(),\n id: event.snapshot.id,\n name: event.snapshot.name,\n organizationId: event.snapshot.organizationId,\n state: event.snapshot.state,\n createdAt: event.snapshot.createdAt.toISOString(),\n }\n }\n}\n\n@ApiSchema({ name: 'SnapshotStateUpdatedWebhook' })\nexport class SnapshotStateUpdatedWebhookDto extends BaseWebhookEventDto {\n @ApiProperty({\n description: 'Snapshot ID',\n example: 'snapshot123',\n })\n id: string\n\n @ApiProperty({\n description: 'Snapshot name',\n example: 'my-snapshot',\n })\n name: string\n\n @ApiProperty({\n description: 'Organization ID',\n example: 'org123',\n })\n organizationId: string\n\n @ApiProperty({\n description: 'Previous state',\n enum: SnapshotState,\n enumName: 'SnapshotState',\n })\n oldState: SnapshotState\n\n @ApiProperty({\n description: 'New state',\n enum: SnapshotState,\n enumName: 'SnapshotState',\n })\n newState: SnapshotState\n\n @ApiProperty({\n description: 'When the snapshot was last updated',\n example: '2025-12-19T10:30:00.000Z',\n format: 'date-time',\n })\n updatedAt: string\n\n static fromEvent(event: SnapshotStateUpdatedEvent, eventType: string): SnapshotStateUpdatedWebhookDto {\n return {\n event: eventType,\n timestamp: new Date().toISOString(),\n id: event.snapshot.id,\n name: event.snapshot.name,\n organizationId: event.snapshot.organizationId,\n oldState: event.oldState,\n newState: event.newState,\n updatedAt: event.snapshot.updatedAt.toISOString(),\n }\n }\n}\n\n@ApiSchema({ name: 'SnapshotRemovedWebhook' })\nexport class SnapshotRemovedWebhookDto extends BaseWebhookEventDto {\n @ApiProperty({\n description: 'Snapshot ID',\n example: 'snapshot123',\n })\n id: string\n\n @ApiProperty({\n description: 'Snapshot name',\n example: 'my-snapshot',\n })\n name: string\n\n @ApiProperty({\n description: 'Organization ID',\n example: 'org123',\n })\n organizationId: string\n\n @ApiProperty({\n description: 'When the snapshot was removed',\n example: '2025-12-19T10:30:00.000Z',\n format: 'date-time',\n })\n removedAt: string\n\n static fromEvent(event: SnapshotRemovedEvent, eventType: string): SnapshotRemovedWebhookDto {\n return {\n event: eventType,\n timestamp: new Date().toISOString(),\n id: event.snapshot.id,\n name: event.snapshot.name,\n organizationId: event.snapshot.organizationId,\n removedAt: new Date().toISOString(),\n }\n }\n}\n\n@ApiSchema({ name: 'VolumeCreatedWebhook' })\nexport class VolumeCreatedWebhookDto extends BaseWebhookEventDto {\n @ApiProperty({\n description: 'Volume ID',\n example: 'vol-12345678',\n })\n id: string\n\n @ApiProperty({\n description: 'Volume name',\n example: 'my-volume',\n })\n name: string\n\n @ApiProperty({\n description: 'Organization ID',\n example: 'org123',\n })\n organizationId: string\n\n @ApiProperty({\n description: 'Volume state',\n enum: VolumeState,\n enumName: 'VolumeState',\n })\n state: VolumeState\n\n @ApiProperty({\n description: 'When the volume was created',\n example: '2025-12-19T10:30:00.000Z',\n format: 'date-time',\n })\n createdAt: string\n\n static fromEvent(event: VolumeCreatedEvent, eventType: string): VolumeCreatedWebhookDto {\n return {\n event: eventType,\n timestamp: new Date().toISOString(),\n id: event.volume.id,\n name: event.volume.name,\n organizationId: event.volume.organizationId,\n state: event.volume.state,\n createdAt: event.volume.createdAt.toISOString(),\n }\n }\n}\n\n@ApiSchema({ name: 'VolumeStateUpdatedWebhook' })\nexport class VolumeStateUpdatedWebhookDto extends BaseWebhookEventDto {\n @ApiProperty({\n description: 'Volume ID',\n example: 'vol-12345678',\n })\n id: string\n\n @ApiProperty({\n description: 'Volume name',\n example: 'my-volume',\n })\n name: string\n\n @ApiProperty({\n description: 'Organization ID',\n example: 'org123',\n })\n organizationId: string\n\n @ApiProperty({\n description: 'Previous state',\n enum: VolumeState,\n enumName: 'VolumeState',\n })\n oldState: VolumeState\n\n @ApiProperty({\n description: 'New state',\n enum: VolumeState,\n enumName: 'VolumeState',\n })\n newState: VolumeState\n\n @ApiProperty({\n description: 'When the volume was last updated',\n example: '2025-12-19T10:30:00.000Z',\n format: 'date-time',\n })\n updatedAt: string\n\n static fromEvent(event: VolumeStateUpdatedEvent, eventType: string): VolumeStateUpdatedWebhookDto {\n return {\n event: eventType,\n timestamp: new Date().toISOString(),\n id: event.volume.id,\n name: event.volume.name,\n organizationId: event.volume.organizationId,\n oldState: event.oldState,\n newState: event.newState,\n updatedAt: event.volume.updatedAt.toISOString(),\n }\n }\n}\n" }, { "path": "apps/api/src/webhook/dto/webhook-initialization-status.dto.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ApiProperty, ApiSchema } from '@nestjs/swagger'\nimport { WebhookInitialization } from '../entities/webhook-initialization.entity'\n\n@ApiSchema({ name: 'WebhookInitializationStatus' })\nexport class WebhookInitializationStatusDto {\n @ApiProperty({\n description: 'Organization ID',\n example: '123e4567-e89b-12d3-a456-426614174000',\n })\n organizationId: string\n\n @ApiProperty({\n description: 'The ID of the Svix application',\n example: 'app_1234567890',\n nullable: true,\n })\n svixApplicationId?: string\n\n @ApiProperty({\n description: 'The error reason for the last initialization attempt',\n example: 'Failed to create Svix application',\n nullable: true,\n })\n lastError?: string\n\n @ApiProperty({\n description: 'The number of times the initialization has been attempted',\n example: 3,\n })\n retryCount: number\n\n @ApiProperty({\n description: 'When the webhook initialization was created',\n example: '2023-01-01T00:00:00.000Z',\n })\n createdAt: string\n\n @ApiProperty({\n description: 'When the webhook initialization was last updated',\n example: '2023-01-01T00:00:00.000Z',\n })\n updatedAt: string\n\n static fromWebhookInitialization(webhookInitialization: WebhookInitialization): WebhookInitializationStatusDto {\n return {\n organizationId: webhookInitialization.organizationId,\n svixApplicationId: webhookInitialization.svixApplicationId,\n lastError: webhookInitialization.lastError,\n retryCount: webhookInitialization.retryCount,\n createdAt: webhookInitialization.createdAt.toISOString(),\n updatedAt: webhookInitialization.updatedAt.toISOString(),\n }\n }\n}\n" }, { "path": "apps/api/src/webhook/entities/webhook-initialization.entity.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Entity, PrimaryColumn, CreateDateColumn, UpdateDateColumn, Column } from 'typeorm'\n\n@Entity()\nexport class WebhookInitialization {\n @PrimaryColumn()\n organizationId: string\n\n @Column({\n nullable: true,\n })\n svixApplicationId?: string\n\n @Column({\n type: 'text',\n nullable: true,\n })\n lastError?: string\n\n @Column({\n type: 'int',\n default: 0,\n })\n retryCount: number\n\n @CreateDateColumn({\n type: 'timestamp with time zone',\n })\n createdAt: Date\n\n @UpdateDateColumn({\n type: 'timestamp with time zone',\n })\n updatedAt: Date\n}\n" }, { "path": "apps/api/src/webhook/index.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport * from './webhook.module'\nexport * from './services/webhook.service'\nexport * from './services/webhook-event-handler.service'\nexport * from './entities/webhook-initialization.entity'\nexport * from './controllers/webhook.controller'\nexport * from './dto/send-webhook.dto'\n" }, { "path": "apps/api/src/webhook/services/webhook-event-handler.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger } from '@nestjs/common'\nimport { OnEvent } from '@nestjs/event-emitter'\nimport { WebhookService } from './webhook.service'\nimport { SandboxEvents } from '../../sandbox/constants/sandbox-events.constants'\nimport { SnapshotEvents } from '../../sandbox/constants/snapshot-events'\nimport { VolumeEvents } from '../../sandbox/constants/volume-events'\nimport { SandboxCreatedEvent } from '../../sandbox/events/sandbox-create.event'\nimport { SandboxStateUpdatedEvent } from '../../sandbox/events/sandbox-state-updated.event'\nimport { SnapshotCreatedEvent } from '../../sandbox/events/snapshot-created.event'\nimport { SnapshotStateUpdatedEvent } from '../../sandbox/events/snapshot-state-updated.event'\nimport { SnapshotRemovedEvent } from '../../sandbox/events/snapshot-removed.event'\nimport { VolumeCreatedEvent } from '../../sandbox/events/volume-created.event'\nimport { VolumeStateUpdatedEvent } from '../../sandbox/events/volume-state-updated.event'\nimport { WebhookEvent } from '../constants/webhook-events.constants'\nimport {\n SandboxCreatedWebhookDto,\n SandboxStateUpdatedWebhookDto,\n SnapshotCreatedWebhookDto,\n SnapshotStateUpdatedWebhookDto,\n SnapshotRemovedWebhookDto,\n VolumeCreatedWebhookDto,\n VolumeStateUpdatedWebhookDto,\n} from '../dto/webhook-event-payloads.dto'\n\n@Injectable()\nexport class WebhookEventHandlerService {\n private readonly logger = new Logger(WebhookEventHandlerService.name)\n\n constructor(private readonly webhookService: WebhookService) {}\n\n @OnEvent(SandboxEvents.CREATED)\n async handleSandboxCreated(event: SandboxCreatedEvent) {\n if (!this.webhookService.isEnabled()) {\n return\n }\n\n try {\n const payload = SandboxCreatedWebhookDto.fromEvent(event, WebhookEvent.SANDBOX_CREATED)\n await this.webhookService.sendWebhook(event.sandbox.organizationId, WebhookEvent.SANDBOX_CREATED, payload)\n } catch (error) {\n this.logger.error(`Failed to send webhook for sandbox created: ${error.message}`)\n }\n }\n\n @OnEvent(SandboxEvents.STATE_UPDATED)\n async handleSandboxStateUpdated(event: SandboxStateUpdatedEvent) {\n if (!this.webhookService.isEnabled()) {\n return\n }\n\n try {\n const payload = SandboxStateUpdatedWebhookDto.fromEvent(event, WebhookEvent.SANDBOX_STATE_UPDATED)\n await this.webhookService.sendWebhook(event.sandbox.organizationId, WebhookEvent.SANDBOX_STATE_UPDATED, payload)\n } catch (error) {\n this.logger.error(`Failed to send webhook for sandbox state updated: ${error.message}`)\n }\n }\n\n @OnEvent(SnapshotEvents.CREATED)\n async handleSnapshotCreated(event: SnapshotCreatedEvent) {\n if (!this.webhookService.isEnabled()) {\n return\n }\n\n try {\n const payload = SnapshotCreatedWebhookDto.fromEvent(event, WebhookEvent.SNAPSHOT_CREATED)\n await this.webhookService.sendWebhook(event.snapshot.organizationId, WebhookEvent.SNAPSHOT_CREATED, payload)\n } catch (error) {\n this.logger.error(`Failed to send webhook for snapshot created: ${error.message}`)\n }\n }\n\n @OnEvent(SnapshotEvents.STATE_UPDATED)\n async handleSnapshotStateUpdated(event: SnapshotStateUpdatedEvent) {\n if (!this.webhookService.isEnabled()) {\n return\n }\n\n try {\n const payload = SnapshotStateUpdatedWebhookDto.fromEvent(event, WebhookEvent.SNAPSHOT_STATE_UPDATED)\n await this.webhookService.sendWebhook(event.snapshot.organizationId, WebhookEvent.SNAPSHOT_STATE_UPDATED, payload)\n } catch (error) {\n this.logger.error(`Failed to send webhook for snapshot state updated: ${error.message}`)\n }\n }\n\n @OnEvent(SnapshotEvents.REMOVED)\n async handleSnapshotRemoved(event: SnapshotRemovedEvent) {\n if (!this.webhookService.isEnabled()) {\n return\n }\n\n try {\n const payload = SnapshotRemovedWebhookDto.fromEvent(event, WebhookEvent.SNAPSHOT_REMOVED)\n await this.webhookService.sendWebhook(event.snapshot.organizationId, WebhookEvent.SNAPSHOT_REMOVED, payload)\n } catch (error) {\n this.logger.error(`Failed to send webhook for snapshot removed: ${error.message}`)\n }\n }\n\n @OnEvent(VolumeEvents.CREATED)\n async handleVolumeCreated(event: VolumeCreatedEvent) {\n if (!this.webhookService.isEnabled()) {\n return\n }\n\n try {\n const payload = VolumeCreatedWebhookDto.fromEvent(event, WebhookEvent.VOLUME_CREATED)\n await this.webhookService.sendWebhook(event.volume.organizationId, WebhookEvent.VOLUME_CREATED, payload)\n } catch (error) {\n this.logger.error(`Failed to send webhook for volume created: ${error.message}`)\n }\n }\n\n @OnEvent(VolumeEvents.STATE_UPDATED)\n async handleVolumeStateUpdated(event: VolumeStateUpdatedEvent) {\n if (!this.webhookService.isEnabled()) {\n return\n }\n\n try {\n const payload = VolumeStateUpdatedWebhookDto.fromEvent(event, WebhookEvent.VOLUME_STATE_UPDATED)\n await this.webhookService.sendWebhook(event.volume.organizationId, WebhookEvent.VOLUME_STATE_UPDATED, payload)\n } catch (error) {\n this.logger.error(`Failed to send webhook for volume state updated: ${error.message}`)\n }\n }\n\n /**\n * Send a custom webhook event\n */\n async sendCustomWebhook(organizationId: string, eventType: string, payload: any, eventId?: string): Promise {\n if (!this.webhookService.isEnabled()) {\n return\n }\n\n try {\n await this.webhookService.sendWebhook(organizationId, eventType, payload, eventId)\n } catch (error) {\n this.logger.error(`Failed to send custom webhook: ${error.message}`)\n }\n }\n}\n" }, { "path": "apps/api/src/webhook/services/webhook.service.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Injectable, Logger, OnModuleInit } from '@nestjs/common'\nimport { OnEvent } from '@nestjs/event-emitter'\nimport { TypedConfigService } from '../../config/typed-config.service'\nimport { Svix } from 'svix'\nimport { OrganizationEvents } from '../../organization/constants/organization-events.constant'\nimport { Organization } from '../../organization/entities/organization.entity'\nimport { InjectRepository } from '@nestjs/typeorm'\nimport { WebhookInitialization } from '../entities/webhook-initialization.entity'\nimport { Repository } from 'typeorm'\n\n@Injectable()\nexport class WebhookService implements OnModuleInit {\n private readonly logger = new Logger(WebhookService.name)\n private svix: Svix | null = null\n\n constructor(\n private readonly configService: TypedConfigService,\n @InjectRepository(WebhookInitialization)\n private readonly webhookInitializationRepository: Repository,\n ) {}\n\n async onModuleInit() {\n const svixAuthToken = this.configService.get('webhook.authToken')\n if (svixAuthToken) {\n const serverUrl = this.configService.get('webhook.serverUrl')\n if (serverUrl) {\n this.svix = new Svix(svixAuthToken, { serverUrl })\n } else {\n this.svix = new Svix(svixAuthToken)\n //this.svix.eventType.importOpenapi\n }\n this.logger.log('Svix webhook service initialized')\n } else {\n this.logger.warn('SVIX_AUTH_TOKEN not configured, webhook service disabled')\n }\n }\n\n /**\n * Get webhook initialization status for an organization\n */\n async getInitializationStatus(organizationId: string): Promise {\n return this.webhookInitializationRepository.findOne({\n where: { organizationId },\n })\n }\n\n // TODO: Remove this once we decide to open webhooks to all organizations\n // @OnEvent(OrganizationEvents.CREATED)\n async handleOrganizationCreated(organization: Organization) {\n if (!this.svix) {\n this.logger.debug('Svix not configured, skipping webhook creation')\n return\n }\n\n try {\n // Create a new Svix application for this organization\n const svixAppId = await this.createSvixApplication(organization)\n this.logger.log(`Created Svix application for organization ${organization.id}: ${svixAppId}`)\n } catch (error) {\n this.logger.error(`Failed to create Svix application for organization ${organization.id}:`, error)\n }\n }\n\n /**\n * Create a Svix application for an organization\n */\n async createSvixApplication(organization: Organization): Promise {\n if (!this.svix) {\n throw new Error('Svix not configured')\n }\n\n let existingWebhookInitialization = await this.getInitializationStatus(organization.id)\n if (existingWebhookInitialization && existingWebhookInitialization.svixApplicationId) {\n this.logger.warn(\n `Svix application already exists for organization ${organization.id}: ${existingWebhookInitialization.svixApplicationId}`,\n )\n return existingWebhookInitialization.svixApplicationId\n } else {\n existingWebhookInitialization = new WebhookInitialization()\n existingWebhookInitialization.organizationId = organization.id\n existingWebhookInitialization.svixApplicationId = null\n existingWebhookInitialization.retryCount = -1\n existingWebhookInitialization.lastError = null\n }\n\n try {\n const svixApp = await this.svix.application.getOrCreate({\n name: organization.name,\n uid: organization.id,\n })\n existingWebhookInitialization.svixApplicationId = svixApp.id\n existingWebhookInitialization.retryCount = existingWebhookInitialization.retryCount + 1\n existingWebhookInitialization.lastError = null\n\n await this.webhookInitializationRepository.save(existingWebhookInitialization)\n\n this.logger.log(`Created Svix application for organization ${organization.id}: ${svixApp.id}`)\n return svixApp.id\n } catch (error) {\n existingWebhookInitialization.retryCount = existingWebhookInitialization.retryCount + 1\n existingWebhookInitialization.lastError = String(error)\n await this.webhookInitializationRepository.save(existingWebhookInitialization)\n this.logger.error(`Failed to create Svix application for organization ${organization.id}:`, error)\n throw error\n }\n }\n\n /**\n * Send a webhook message to all endpoints of an organization\n */\n async sendWebhook(organizationId: string, eventType: string, payload: any, eventId?: string): Promise {\n if (!this.svix) {\n this.logger.debug('Svix not configured, skipping webhook delivery')\n return\n }\n\n try {\n // Check if webhooks are initialized for this organization\n const isInitialized = await this.getInitializationStatus(organizationId)\n\n if (!isInitialized) {\n this.logger.log(`Webhooks not initialized for organization ${organizationId}, creating Svix application now...`)\n // For now, we'll just log that initialization is needed\n // The actual initialization should be done through the API or event handler\n this.logger.warn(\n `Organization ${organizationId} needs webhook initialization. Please use the initialization API endpoint.`,\n )\n return\n }\n\n // Send the webhook message\n await this.svix.message.create(organizationId, {\n eventType,\n payload,\n eventId,\n })\n\n this.logger.debug(`Sent webhook ${eventType} to organization ${organizationId}`)\n } catch (error) {\n this.logger.error(`Failed to send webhook ${eventType} to organization ${organizationId}:`, error)\n throw error\n }\n }\n\n /**\n * Get webhook delivery attempts for a message\n */\n async getMessageAttempts(organizationId: string, messageId: string): Promise {\n if (!this.svix) {\n throw new Error('Svix not configured')\n }\n\n try {\n const attempts = await this.svix.messageAttempt.listByMsg(organizationId, messageId)\n return attempts.data\n } catch (error) {\n this.logger.error(`Failed to get message attempts for message ${messageId}:`, error)\n throw error\n }\n }\n\n /**\n * Check if webhook service is enabled\n */\n isEnabled(): boolean {\n return this.svix !== null\n }\n\n /**\n * Get Svix Consumer App Portal access for an organization\n */\n async getAppPortalAccess(organizationId: string): Promise<{ token: string; url: string }> {\n if (!this.svix) {\n throw new Error('Svix not configured')\n }\n try {\n const appPortalAccess = await this.svix.authentication.appPortalAccess(organizationId, {})\n this.logger.debug(`Generated app portal access for organization ${organizationId}`)\n return {\n token: appPortalAccess.token,\n url: appPortalAccess.url,\n }\n } catch (error) {\n this.logger.debug(`Failed to generate app portal access for organization ${organizationId}:`, error)\n throw error\n }\n }\n}\n" }, { "path": "apps/api/src/webhook/webhook.module.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Module } from '@nestjs/common'\nimport { TypeOrmModule } from '@nestjs/typeorm'\nimport { WebhookService } from './services/webhook.service'\nimport { WebhookController } from './controllers/webhook.controller'\nimport { WebhookEventHandlerService } from './services/webhook-event-handler.service'\nimport { WebhookInitialization } from './entities/webhook-initialization.entity'\nimport { OrganizationModule } from '../organization/organization.module'\nimport { TypedConfigModule } from '../config/typed-config.module'\nimport { AuthModule } from '../auth/auth.module'\n\n@Module({\n imports: [OrganizationModule, TypedConfigModule, TypeOrmModule.forFeature([WebhookInitialization]), AuthModule],\n controllers: [WebhookController],\n providers: [WebhookService, WebhookEventHandlerService],\n exports: [WebhookService],\n})\nexport class WebhookModule {}\n" }, { "path": "apps/api/tsconfig.app.json", "content": "{\n \"extends\": \"./tsconfig.json\",\n \"compilerOptions\": {\n \"outDir\": \"../../dist/out-tsc\",\n \"module\": \"NodeNext\",\n \"moduleResolution\": \"nodenext\",\n \"types\": [\"node\"],\n \"experimentalDecorators\": true,\n \"emitDecoratorMetadata\": true,\n \"target\": \"es2022\"\n },\n \"include\": [\"src/**/*.ts\"],\n \"exclude\": [\"jest.config.ts\", \"src/**/*.spec.ts\", \"src/**/*.test.ts\"]\n}\n" }, { "path": "apps/api/tsconfig.json", "content": "{\n \"extends\": \"../../tsconfig.base.json\",\n \"files\": [],\n \"include\": [],\n \"references\": [\n {\n \"path\": \"./tsconfig.app.json\"\n },\n {\n \"path\": \"./tsconfig.spec.json\"\n }\n ],\n \"compilerOptions\": {\n \"esModuleInterop\": true\n }\n}\n" }, { "path": "apps/api/tsconfig.spec.json", "content": "{\n \"extends\": \"./tsconfig.json\",\n \"compilerOptions\": {\n \"outDir\": \"../../dist/out-tsc\",\n \"module\": \"commonjs\",\n \"moduleResolution\": \"node10\",\n \"types\": [\"jest\", \"node\"]\n },\n \"include\": [\"jest.config.ts\", \"src/**/*.test.ts\", \"src/**/*.spec.ts\", \"src/**/*.d.ts\"]\n}\n" }, { "path": "apps/api/webpack.config.js", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nconst { composePlugins, withNx } = require('@nx/webpack')\nconst path = require('path')\nconst glob = require('glob')\n\nconst migrationFiles = glob.sync('apps/api/src/migrations/**/*-migration.{ts,js}')\nconst migrationEntries = migrationFiles.reduce((acc, migrationFile) => {\n const entryName = migrationFile.substring(migrationFile.lastIndexOf('/') + 1, migrationFile.lastIndexOf('.'))\n acc[entryName] = migrationFile\n return acc\n}, {})\n\nmodule.exports = composePlugins(\n // Default Nx composable plugin\n withNx(),\n // Custom composable plugin\n (config, { options, context }) => {\n // `config` is the Webpack configuration object\n // `options` is the options passed to the `@nx/webpack:webpack` executor\n // `context` is the context passed to the `@nx/webpack:webpack` executor\n // customize configuration here\n config.output.devtoolModuleFilenameTemplate = function (info) {\n const rel = path.relative(process.cwd(), info.absoluteResourcePath)\n return `webpack:///./${rel}`\n }\n // Preserve openapi files while cleaning other build artifacts\n config.output.clean = {\n keep: /openapi.*\\.json$/,\n }\n // add typeorm migrations as entry points\n for (const key in migrationEntries) {\n config.entry[`migrations/${key}`] = migrationEntries[key]\n }\n config.mode = process.env.NODE_ENV\n return config\n },\n)\n" }, { "path": "apps/cli/apiclient/api_client.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage apiclient\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"strings\"\n\t\"sync\"\n\n\t\"github.com/daytonaio/daytona/cli/auth\"\n\t\"github.com/daytonaio/daytona/cli/config\"\n\t\"github.com/daytonaio/daytona/cli/internal\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\n\tlog \"github.com/sirupsen/logrus\"\n)\n\ntype versionCheckTransport struct {\n\ttransport http.RoundTripper\n}\n\nvar versionMismatchWarningOnce sync.Once\n\nfunc (t *versionCheckTransport) RoundTrip(req *http.Request) (*http.Response, error) {\n\tresp, err := t.transport.RoundTrip(req)\n\tif resp != nil {\n\t\t// Check version mismatch on all responses, not just errors\n\t\tcheckVersionsMismatch(resp)\n\t}\n\treturn resp, err\n}\n\nvar apiClient *apiclient.APIClient\n\nconst DaytonaSourceHeader = \"X-Daytona-Source\"\nconst API_VERSION_HEADER = \"X-Daytona-Api-Version\"\n\nfunc checkVersionsMismatch(res *http.Response) {\n\t// If the CLI is running in a structured output mode (e.g. json/yaml),\n\t// avoid printing human-readable warnings that could break consumers.\n\tif internal.SuppressVersionMismatchWarning {\n\t\treturn\n\t}\n\n\tserverVersion := res.Header.Get(API_VERSION_HEADER)\n\tif serverVersion == \"\" {\n\t\treturn\n\t}\n\n\t// Trim \"v\" prefix from both versions for comparison\n\tcliVersion := strings.TrimPrefix(internal.Version, \"v\")\n\tapiVersion := strings.TrimPrefix(serverVersion, \"v\")\n\n\tif cliVersion == \"0.0.0-dev\" || cliVersion == apiVersion {\n\t\treturn\n\t}\n\n\tif compareVersions(cliVersion, apiVersion) >= 0 {\n\t\treturn\n\t}\n\n\tversionMismatchWarningOnce.Do(func() {\n\t\tlog.Warn(fmt.Sprintf(\"Version mismatch: Daytona CLI is on v%s and API is on v%s.\\nMake sure the versions are aligned using 'brew upgrade daytonaio/cli/daytona' or by downloading the latest version from https://github.com/daytonaio/daytona/releases.\", cliVersion, apiVersion))\n\t})\n}\n\n// compareVersions compares two semver strings\n// Returns: -1 if v1 < v2, 0 if v1 == v2, 1 if v1 > v2\nfunc compareVersions(v1, v2 string) int {\n\tparts1 := strings.Split(v1, \".\")\n\tparts2 := strings.Split(v2, \".\")\n\n\tmaxLen := len(parts1)\n\tif len(parts2) > maxLen {\n\t\tmaxLen = len(parts2)\n\t}\n\n\tfor i := 0; i < maxLen; i++ {\n\t\tvar n1, n2 int\n\t\tif i < len(parts1) {\n\t\t\t_, _ = fmt.Sscanf(parts1[i], \"%d\", &n1)\n\t\t}\n\t\tif i < len(parts2) {\n\t\t\t_, _ = fmt.Sscanf(parts2[i], \"%d\", &n2)\n\t\t}\n\n\t\tif n1 < n2 {\n\t\t\treturn -1\n\t\t}\n\t\tif n1 > n2 {\n\t\t\treturn 1\n\t\t}\n\t}\n\n\treturn 0\n}\n\nfunc GetApiClient(profile *config.Profile, defaultHeaders map[string]string) (*apiclient.APIClient, error) {\n\tc, err := config.GetConfig()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tvar activeProfile config.Profile\n\tif profile == nil {\n\t\tvar err error\n\t\tactiveProfile, err = c.GetActiveProfile()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t} else {\n\t\tactiveProfile = *profile\n\t}\n\n\tif apiClient != nil && activeProfile.Api.Key == nil {\n\t\terr := auth.RefreshTokenIfNeeded(context.Background())\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\treturn apiClient, nil\n\t}\n\n\tvar newApiClient *apiclient.APIClient\n\n\tserverUrl := activeProfile.Api.Url\n\n\tclientConfig := apiclient.NewConfiguration()\n\tclientConfig.Servers = apiclient.ServerConfigurations{\n\t\t{\n\t\t\tURL: serverUrl,\n\t\t},\n\t}\n\n\tif activeProfile.Api.Key != nil {\n\t\tclientConfig.AddDefaultHeader(\"Authorization\", \"Bearer \"+*activeProfile.Api.Key)\n\t} else if activeProfile.Api.Token != nil {\n\t\tclientConfig.AddDefaultHeader(\"Authorization\", \"Bearer \"+activeProfile.Api.Token.AccessToken)\n\n\t\tif activeProfile.ActiveOrganizationId != nil {\n\t\t\tclientConfig.AddDefaultHeader(\"X-Daytona-Organization-ID\", *activeProfile.ActiveOrganizationId)\n\t\t}\n\t}\n\n\tclientConfig.AddDefaultHeader(DaytonaSourceHeader, \"cli\")\n\n\tfor headerKey, headerValue := range defaultHeaders {\n\t\tclientConfig.AddDefaultHeader(headerKey, headerValue)\n\t}\n\n\tnewApiClient = apiclient.NewAPIClient(clientConfig)\n\n\tnewApiClient.GetConfig().HTTPClient = &http.Client{\n\t\tTransport: &versionCheckTransport{\n\t\t\ttransport: http.DefaultTransport,\n\t\t},\n\t}\n\n\tif apiClient != nil && activeProfile.Api.Key == nil {\n\t\terr = auth.RefreshTokenIfNeeded(context.Background())\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\tapiClient = newApiClient\n\treturn apiClient, nil\n}\n" }, { "path": "apps/cli/apiclient/error_handler.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage apiclient\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n)\n\ntype ApiErrorResponse struct {\n\tError string `json:\"error\"`\n\tMessage any `json:\"message,omitempty\"`\n}\n\nfunc HandleErrorResponse(res *http.Response, requestErr error) error {\n\tif res == nil {\n\t\treturn requestErr\n\t}\n\n\tdefer res.Body.Close()\n\n\tbody, err := io.ReadAll(res.Body)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tvar errResponse ApiErrorResponse\n\terr = json.Unmarshal(body, &errResponse)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\terrMessage := string(errResponse.Error)\n\tif errMessage == \"\" {\n\t\t// Fall back to raw body if error field is empty\n\t\terrMessage = string(body)\n\t} else {\n\t\tif errResponse.Message != nil {\n\t\t\t// Message field could be a string or an array\n\t\t\tswitch msg := errResponse.Message.(type) {\n\t\t\tcase string:\n\t\t\t\terrMessage += \": \" + msg\n\t\t\tcase []any:\n\t\t\t\tif len(msg) > 0 {\n\t\t\t\t\tmsgStr := fmt.Sprintf(\"%v\", msg)\n\t\t\t\t\terrMessage += \": \" + msgStr\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tif res.StatusCode == http.StatusUnauthorized {\n\t\terrMessage += \" - run 'daytona login' to reauthenticate\"\n\t}\n\n\treturn errors.New(errMessage)\n}\n" }, { "path": "apps/cli/auth/auth.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage auth\n\nimport (\n\t\"context\"\n\t\"crypto/rand\"\n\t_ \"embed\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/coreos/go-oidc/v3/oidc\"\n\t\"github.com/daytonaio/daytona/cli/config\"\n\tlog \"github.com/sirupsen/logrus\"\n\t\"golang.org/x/oauth2\"\n)\n\n//go:embed auth_success.html\nvar successHTML []byte\n\nfunc StartCallbackServer(expectedState string) (string, error) {\n\tvar code string\n\tvar err error\n\tvar wg sync.WaitGroup\n\twg.Add(1)\n\n\tserver := &http.Server{Addr: fmt.Sprintf(\":%s\", config.GetAuth0CallbackPort())}\n\n\thttp.HandleFunc(\"/callback\", func(w http.ResponseWriter, r *http.Request) {\n\t\tif r.URL.Query().Get(\"state\") != expectedState {\n\t\t\terr = fmt.Errorf(\"invalid state parameter\")\n\t\t\thttp.Error(w, \"State invalid\", http.StatusBadRequest)\n\t\t\twg.Done()\n\t\t\treturn\n\t\t}\n\n\t\tcode = r.URL.Query().Get(\"code\")\n\t\tif code == \"\" {\n\t\t\terr = fmt.Errorf(\"no code in callback\")\n\t\t\thttp.Error(w, \"No code\", http.StatusBadRequest)\n\t\t\twg.Done()\n\t\t\treturn\n\t\t}\n\n\t\tw.Header().Set(\"Content-Type\", \"text/html\")\n\t\t_, _ = w.Write(successHTML)\n\n\t\t// Delay server close to ensure browser receives the success page\n\t\tgo func() {\n\t\t\ttime.Sleep(500 * time.Millisecond)\n\t\t\twg.Done()\n\t\t\tserver.Close()\n\t\t}()\n\t})\n\n\tgo func() {\n\t\tif err := server.ListenAndServe(); err != http.ErrServerClosed {\n\t\t\tlog.Errorf(\"HTTP server error: %v\", err)\n\t\t}\n\t}()\n\twg.Wait()\n\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\treturn code, nil\n}\n\nfunc GenerateRandomState() (string, error) {\n\tb := make([]byte, 32)\n\t_, err := rand.Read(b)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\treturn base64.URLEncoding.EncodeToString(b), nil\n}\n\nfunc RefreshTokenIfNeeded(ctx context.Context) error {\n\tc, err := config.GetConfig()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tactiveProfile, err := c.GetActiveProfile()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif activeProfile.Api.Key != nil {\n\t\treturn nil\n\t}\n\n\tif activeProfile.Api.Token == nil {\n\t\treturn fmt.Errorf(\"no valid token found, use 'daytona login' to reauthenticate\")\n\t}\n\n\t// Check if token is about to expire (within 5 minutes)\n\tif time.Until(activeProfile.Api.Token.ExpiresAt) > 5*time.Minute {\n\t\treturn nil\n\t}\n\n\tprovider, err := oidc.NewProvider(ctx, config.GetAuth0Domain())\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to initialize OIDC provider: %w\", err)\n\t}\n\n\toauth2Config := oauth2.Config{\n\t\tClientID: config.GetAuth0ClientId(),\n\t\tClientSecret: config.GetAuth0ClientSecret(),\n\t\tRedirectURL: fmt.Sprintf(\"http://localhost:%s/callback\", config.GetAuth0CallbackPort()),\n\t\tEndpoint: provider.Endpoint(),\n\t\tScopes: []string{oidc.ScopeOpenID, oidc.ScopeOfflineAccess, \"profile\"},\n\t}\n\n\ttoken := &oauth2.Token{\n\t\tRefreshToken: activeProfile.Api.Token.RefreshToken,\n\t}\n\n\tnewToken, err := oauth2Config.TokenSource(ctx, token).Token()\n\tif err != nil {\n\t\treturn fmt.Errorf(\"use 'daytona login' to reauthenticate: %w\", err)\n\t}\n\n\tactiveProfile.Api.Token = &config.Token{\n\t\tAccessToken: newToken.AccessToken,\n\t\tRefreshToken: newToken.RefreshToken,\n\t\tExpiresAt: newToken.Expiry,\n\t}\n\n\treturn c.EditProfile(activeProfile)\n}\n" }, { "path": "apps/cli/auth/auth_success.html", "content": "\n\n \n Daytona\n \n \n \n\n \n
\n \n

Authentication Successful

\n

You can now close this window and return to the CLI.

\n
\n\n \n \n\n" }, { "path": "apps/cli/cmd/auth/login.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage auth\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/coreos/go-oidc/v3/oidc\"\n\t\"github.com/daytonaio/daytona/cli/auth\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/daytonaio/daytona/cli/config\"\n\t\"github.com/daytonaio/daytona/cli/internal\"\n\tview_common \"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/pkg/browser\"\n\t\"github.com/spf13/cobra\"\n\t\"golang.org/x/oauth2\"\n)\n\nvar LoginCmd = &cobra.Command{\n\tUse: \"login\",\n\tShort: \"Log in to Daytona\",\n\tArgs: cobra.NoArgs,\n\tGroupID: internal.USER_GROUP,\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tif apiKeyFlag != \"\" {\n\t\t\treturn updateProfileWithLogin(nil, &apiKeyFlag)\n\t\t}\n\n\t\titems := []view_common.SelectItem{\n\t\t\t{Title: \"Login with Browser\", Desc: \"Authenticate using OAuth in your browser\"},\n\t\t\t{Title: \"Set Daytona API Key\", Desc: \"Authenticate using Daytona API key\"},\n\t\t}\n\n\t\tchoice, err := view_common.Select(\"Select Authentication Method\", items)\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"error running selection prompt: %w\", err)\n\t\t}\n\n\t\tif choice == \"\" {\n\t\t\treturn nil\n\t\t}\n\n\t\tvar tokenConfig *config.Token\n\t\tsetApiKey := choice == \"Set Daytona API Key\"\n\n\t\tif setApiKey {\n\t\t\t// Prompt for API key\n\t\t\tapiKey, err := view_common.PromptForInput(\"\", \"Enter your Daytona API key\", \"You can find it in the Daytona dashboard - https://app.daytona.io/dashboard\")\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\treturn updateProfileWithLogin(nil, &apiKey)\n\t\t}\n\n\t\ttoken, err := login(ctx)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\ttokenConfig = &config.Token{\n\t\t\tAccessToken: token.AccessToken,\n\t\t\tRefreshToken: token.RefreshToken,\n\t\t\tExpiresAt: token.Expiry,\n\t\t}\n\n\t\treturn updateProfileWithLogin(tokenConfig, nil)\n\t},\n}\n\nvar (\n\tapiKeyFlag string\n)\n\nfunc init() {\n\tLoginCmd.Flags().StringVar(&apiKeyFlag, \"api-key\", \"\", \"API key to use for authentication\")\n}\n\nfunc updateProfileWithLogin(tokenConfig *config.Token, apiKey *string) error {\n\tc, err := config.GetConfig()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tactiveProfile, err := c.GetActiveProfile()\n\tif err != nil {\n\t\tif err == config.ErrNoProfilesFound {\n\t\t\tactiveProfile, err = createInitialProfile(c)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t} else {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tif apiKey != nil {\n\t\tactiveProfile.Api.Token = nil\n\t\tactiveProfile.Api.Key = apiKey\n\n\t\tview_common.RenderInfoMessageBold(\"Successfully set Daytona API key!\")\n\t}\n\n\tif tokenConfig != nil {\n\t\tactiveProfile.Api.Key = nil\n\t\tactiveProfile.Api.Token = tokenConfig\n\n\t\terr = c.EditProfile(activeProfile)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif activeProfile.Api.Key == nil {\n\t\t\tpersonalOrganizationId, err := common.GetPersonalOrganizationId(activeProfile)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tactiveProfile.ActiveOrganizationId = &personalOrganizationId\n\t\t}\n\t}\n\n\treturn c.EditProfile(activeProfile)\n}\n\nfunc createInitialProfile(c *config.Config) (config.Profile, error) {\n\tprofile := config.Profile{\n\t\tId: \"initial\",\n\t\tName: \"initial\",\n\t\tApi: config.ServerApi{\n\t\t\tUrl: config.GetDaytonaApiUrl(),\n\t\t},\n\t}\n\n\tif internal.Version == \"v0.0.0-dev\" {\n\t\tprofile.Api.Url = \"http://localhost:3001/api\"\n\t}\n\n\treturn profile, c.AddProfile(profile)\n}\n\nfunc login(ctx context.Context) (*oauth2.Token, error) {\n\tprovider, err := oidc.NewProvider(ctx, config.GetAuth0Domain())\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to initialize OIDC provider: %w\", err)\n\t}\n\n\tverifier := provider.Verifier(&oidc.Config{ClientID: config.GetAuth0ClientId()})\n\n\toauth2Config := oauth2.Config{\n\t\tClientID: config.GetAuth0ClientId(),\n\t\tClientSecret: config.GetAuth0ClientSecret(),\n\t\tRedirectURL: fmt.Sprintf(\"http://localhost:%s/callback\", config.GetAuth0CallbackPort()),\n\t\tEndpoint: provider.Endpoint(),\n\t\tScopes: []string{oidc.ScopeOpenID, oidc.ScopeOfflineAccess, \"profile\"},\n\t}\n\n\tstate, err := auth.GenerateRandomState()\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to generate random state: %w\", err)\n\t}\n\n\tauthURL := oauth2Config.AuthCodeURL(\n\t\tstate,\n\t\toauth2.SetAuthURLParam(\"audience\", config.GetAuth0Audience()),\n\t)\n\n\tview_common.RenderInfoMessageBold(\"Opening the browser for authentication ...\")\n\n\tview_common.RenderInfoMessage(\"If opening fails, visit:\\n\")\n\n\tfmt.Println(authURL)\n\n\t_ = browser.OpenURL(authURL)\n\n\tcode, err := auth.StartCallbackServer(state)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"authentication failed: %w\", err)\n\t}\n\n\ttoken, err := oauth2Config.Exchange(ctx, code)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to exchange token: %w\", err)\n\t}\n\n\trawIDToken, ok := token.Extra(\"id_token\").(string)\n\tif !ok {\n\t\treturn nil, fmt.Errorf(\"no id_token in token response\")\n\t}\n\n\t_, err = verifier.Verify(ctx, rawIDToken)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to verify ID token: %w\", err)\n\t}\n\n\tview_common.RenderInfoMessageBold(\"Successfully logged in!\")\n\n\treturn token, nil\n}\n" }, { "path": "apps/cli/cmd/auth/logout.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage auth\n\nimport (\n\t\"github.com/daytonaio/daytona/cli/config\"\n\t\"github.com/daytonaio/daytona/cli/internal\"\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar LogoutCmd = &cobra.Command{\n\tUse: \"logout\",\n\tShort: \"Logout from Daytona\",\n\tArgs: cobra.NoArgs,\n\tGroupID: internal.USER_GROUP,\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tc, err := config.GetConfig()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tactiveProfile, err := c.GetActiveProfile()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\t// For now, this just clears the local auth token/api key entries\n\t\tactiveProfile.Api.Token = nil\n\t\tactiveProfile.Api.Key = nil\n\n\t\terr = c.EditProfile(activeProfile)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tcommon.RenderInfoMessageBold(\"Successfully logged out\")\n\t\treturn nil\n\t},\n}\n" }, { "path": "apps/cli/cmd/autocomplete.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage cmd\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/spf13/cobra\"\n)\n\nvar supportedShells = []string{\"bash\", \"zsh\", \"fish\", \"powershell\"}\n\nvar AutoCompleteCmd = &cobra.Command{\n\tUse: fmt.Sprintf(\"autocomplete [%s]\", strings.Join(supportedShells, \"|\")),\n\tShort: \"Adds a completion script for your shell environment\",\n\tArgs: cobra.ExactArgs(1),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tshell := args[0]\n\n\t\tprofilePath, err := SetupAutocompletionForShell(cmd.Root(), shell)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tfmt.Println(\"Autocomplete script generated and injected successfully.\")\n\t\tfmt.Printf(\"Please source your %s profile to apply the changes or restart your terminal.\\n\", shell)\n\t\tfmt.Printf(\"For manual sourcing, use: source %s\\n\", profilePath)\n\t\tif shell == \"bash\" {\n\t\t\tfmt.Println(\"Please make sure that you have bash-completion installed in order to get full autocompletion functionality.\")\n\t\t\tfmt.Println(\"On how to install bash-completion, please refer to the following link: https://www.daytona.io/docs/tools/cli/#daytona-autocomplete\")\n\t\t}\n\n\t\treturn nil\n\t},\n}\n\nfunc DetectShellAndSetupAutocompletion(rootCmd *cobra.Command) error {\n\tshell := os.Getenv(\"SHELL\")\n\tif shell == \"\" {\n\t\treturn fmt.Errorf(\"unable to detect the shell, please use a supported one: %s\", strings.Join(supportedShells, \", \"))\n\t}\n\n\tfor _, supportedShell := range supportedShells {\n\t\tif strings.Contains(shell, supportedShell) {\n\t\t\tshell = supportedShell\n\t\t\tbreak\n\t\t}\n\t}\n\n\t_, err := SetupAutocompletionForShell(rootCmd, shell)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc SetupAutocompletionForShell(rootCmd *cobra.Command, shell string) (string, error) {\n\thomeDir, err := os.UserHomeDir()\n\tif err != nil {\n\t\treturn \"\", fmt.Errorf(\"error finding user home directory: %s\", err)\n\t}\n\n\tvar filePath, profilePath string\n\tswitch shell {\n\tcase \"bash\":\n\t\tfilePath = filepath.Join(homeDir, \".daytona.completion_script.bash\")\n\t\tprofilePath = filepath.Join(homeDir, \".bashrc\")\n\tcase \"zsh\":\n\t\tfilePath = filepath.Join(homeDir, \".daytona.completion_script.zsh\")\n\t\tprofilePath = filepath.Join(homeDir, \".zshrc\")\n\tcase \"fish\":\n\t\tfilePath = filepath.Join(homeDir, \".config\", \"fish\", \"daytona.completion_script.fish\")\n\t\tprofilePath = filepath.Join(homeDir, \".config\", \"fish\", \"config.fish\")\n\tcase \"powershell\":\n\t\tfilePath = filepath.Join(homeDir, \"daytona.completion_script.ps1\")\n\t\tprofilePath = filepath.Join(homeDir, \"Documents\", \"WindowsPowerShell\", \"Microsoft.PowerShell_profile.ps1\")\n\tdefault:\n\t\treturn \"\", errors.New(\"unsupported shell type. Please use bash, zsh, fish, or powershell\")\n\t}\n\n\tfile, err := os.Create(filePath)\n\tif err != nil {\n\t\treturn \"\", fmt.Errorf(\"error creating completion script file: %s\", err)\n\t}\n\tdefer file.Close()\n\n\tswitch shell {\n\tcase \"bash\":\n\t\terr = rootCmd.GenBashCompletion(file)\n\tcase \"zsh\":\n\t\terr = rootCmd.GenZshCompletion(file)\n\tcase \"fish\":\n\t\terr = rootCmd.GenFishCompletion(file, true)\n\tcase \"powershell\":\n\t\terr = rootCmd.GenPowerShellCompletionWithDesc(file)\n\t}\n\n\tif err != nil {\n\t\treturn \"\", fmt.Errorf(\"error generating completion script: %s\", err)\n\t}\n\n\tsourceCommand := fmt.Sprintf(\"\\nsource %s\\n\", filePath)\n\tif shell == \"powershell\" {\n\t\tsourceCommand = fmt.Sprintf(\". %s\\n\", filePath)\n\t}\n\n\talreadyPresent := false\n\t// Read existing content from the file\n\tprofile, err := os.ReadFile(profilePath)\n\n\tif err != nil && !os.IsNotExist(err) {\n\t\treturn \"\", fmt.Errorf(\"error while reading profile (%s): %s\", profilePath, err)\n\t}\n\n\tif strings.Contains(string(profile), strings.TrimSpace(sourceCommand)) {\n\t\talreadyPresent = true\n\t}\n\n\tif !alreadyPresent {\n\t\t// Append the source command to the shell's profile file if not present\n\t\tprofile, err := os.OpenFile(profilePath, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0644)\n\t\tif err != nil {\n\t\t\treturn \"\", fmt.Errorf(\"error opening profile file (%s): %s\", profilePath, err)\n\t\t}\n\t\tdefer profile.Close()\n\n\t\tif _, err := profile.WriteString(sourceCommand); err != nil {\n\t\t\treturn \"\", fmt.Errorf(\"error writing to profile file (%s): %s\", profilePath, err)\n\t\t}\n\t}\n\n\treturn profilePath, nil\n}\n" }, { "path": "apps/cli/cmd/common/aliases.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nvar commandAliases = map[string][]string{\n\t\"create\": {\"add\", \"new\"},\n\t\"delete\": {\"remove\", \"rm\"},\n\t\"update\": {\"set\"},\n\t\"install\": {\"i\"},\n\t\"uninstall\": {\"u\"},\n\t\"info\": {\"view\", \"inspect\"},\n\t\"code\": {\"open\"},\n\t\"logs\": {\"log\"},\n\t\"forward\": {\"fwd\"},\n\t\"list\": {\"ls\"},\n}\n\nfunc GetAliases(cmd string) []string {\n\tif aliases, exists := commandAliases[cmd]; exists {\n\t\treturn aliases\n\t}\n\treturn nil\n}\n" }, { "path": "apps/cli/cmd/common/build.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/url\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"regexp\"\n\t\"strings\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/pkg/minio\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n)\n\n// Create MinIO client from access parameters\nfunc CreateMinioClient(accessParams *apiclient.StorageAccessDto) (*minio.Client, error) {\n\tstorageURL, err := url.Parse(accessParams.StorageUrl)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"invalid storage URL: %w\", err)\n\t}\n\n\tminioClient, err := minio.NewClient(\n\t\tstorageURL.Host,\n\t\taccessParams.AccessKey,\n\t\taccessParams.Secret,\n\t\taccessParams.Bucket,\n\t\tstorageURL.Scheme == \"https\",\n\t\taccessParams.SessionToken,\n\t)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to create storage client: %w\", err)\n\t}\n\n\treturn minioClient, nil\n}\n\n// List existing objects in MinIO\nfunc ListExistingObjects(ctx context.Context, minioClient *minio.Client, orgID string) (map[string]bool, error) {\n\tobjects, err := minioClient.ListObjects(ctx, orgID)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to list objects: %w\", err)\n\t}\n\n\texistingObjects := make(map[string]bool)\n\tfor _, obj := range objects {\n\t\texistingObjects[obj] = true\n\t}\n\treturn existingObjects, nil\n}\n\n// getContextHashes processes context paths and returns their hashes\nfunc getContextHashes(ctx context.Context, apiClient *apiclient.APIClient, contextPaths []string) ([]string, error) {\n\tcontextHashes := []string{}\n\tif len(contextPaths) == 0 {\n\t\treturn contextHashes, nil\n\t}\n\n\t// Get storage access parameters\n\taccessParams, res, err := apiClient.ObjectStorageAPI.GetPushAccess(ctx).Execute()\n\tif err != nil {\n\t\treturn nil, apiclient_cli.HandleErrorResponse(res, err)\n\t}\n\n\t// Create MinIO client\n\tminioClient, err := CreateMinioClient(accessParams)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to create storage client: %w\", err)\n\t}\n\n\t// List existing objects to avoid re-uploading\n\texistingObjects, err := ListExistingObjects(ctx, minioClient, accessParams.OrganizationId)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to list existing objects: %w\", err)\n\t}\n\n\t// Process each context path\n\tfor _, contextPath := range contextPaths {\n\t\tabsPath, err := filepath.Abs(contextPath)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"invalid context path %s: %w\", contextPath, err)\n\t\t}\n\n\t\tfileInfo, err := os.Stat(absPath)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to access context path %s: %w\", contextPath, err)\n\t\t}\n\n\t\tif fileInfo.IsDir() {\n\t\t\t// Process directory\n\t\t\tdirHashes, err := minioClient.ProcessDirectory(ctx, absPath, accessParams.OrganizationId, existingObjects)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to process directory %s: %w\", absPath, err)\n\t\t\t}\n\t\t\tcontextHashes = append(contextHashes, dirHashes...)\n\t\t} else {\n\t\t\t// Process single file\n\t\t\thash, err := minioClient.ProcessFile(ctx, absPath, accessParams.OrganizationId, existingObjects)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to process file %s: %w\", absPath, err)\n\t\t\t}\n\t\t\tcontextHashes = append(contextHashes, hash)\n\t\t}\n\t}\n\n\treturn contextHashes, nil\n}\n\nfunc parseDockerfileForSources(dockerfileContent string, dockerfileDir string) ([]string, error) {\n\tvar sources []string\n\tlines := strings.Split(dockerfileContent, \"\\n\")\n\n\tcopyRegex := regexp.MustCompile(`^\\s*COPY\\s+(.+)`)\n\taddRegex := regexp.MustCompile(`^\\s*ADD\\s+(.+)`)\n\n\tfor _, line := range lines {\n\t\tline = strings.TrimSpace(line)\n\n\t\t// Skip empty lines and comments\n\t\tif line == \"\" || strings.HasPrefix(line, \"#\") {\n\t\t\tcontinue\n\t\t}\n\n\t\tvar matches []string\n\t\tif copyRegex.MatchString(line) {\n\t\t\t// Skip COPY commands with --from= flag (multi-stage builds)\n\t\t\tif !strings.Contains(line, \"--from=\") {\n\t\t\t\tmatches = copyRegex.FindStringSubmatch(line)\n\t\t\t}\n\t\t} else if addRegex.MatchString(line) {\n\t\t\tmatches = addRegex.FindStringSubmatch(line)\n\t\t}\n\n\t\tif len(matches) > 1 {\n\t\t\tsourcePaths := parseCopyAddCommand(matches[1])\n\t\t\tfor _, srcPath := range sourcePaths {\n\t\t\t\t// Skip if it's a URL (ADD command can use URLs)\n\t\t\t\tif strings.HasPrefix(srcPath, \"http://\") || strings.HasPrefix(srcPath, \"https://\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\t// Convert relative paths to absolute paths relative to Dockerfile directory\n\t\t\t\tif !filepath.IsAbs(srcPath) {\n\t\t\t\t\tsrcPath = filepath.Join(dockerfileDir, srcPath)\n\t\t\t\t}\n\n\t\t\t\tsrcPath = filepath.Clean(srcPath)\n\n\t\t\t\t// Check if path exists and add to sources\n\t\t\t\tif _, err := os.Stat(srcPath); err == nil {\n\t\t\t\t\tsources = append(sources, srcPath)\n\t\t\t\t} else {\n\t\t\t\t\t// If exact path doesn't exist, try to match glob patterns\n\t\t\t\t\tmatches, err := filepath.Glob(srcPath)\n\t\t\t\t\tif err == nil && len(matches) > 0 {\n\t\t\t\t\t\tsources = append(sources, matches...)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\t// Remove duplicates and optimize paths\n\tsourceMap := make(map[string]bool)\n\tvar uniqueSources []string\n\n\t// Check if we have the current directory (.) in our sources\n\thasCurrentDir := false\n\tcurrentDirPath := dockerfileDir\n\n\tfor _, src := range sources {\n\t\tif src == currentDirPath {\n\t\t\thasCurrentDir = true\n\t\t\tbreak\n\t\t}\n\t}\n\n\t// If we have the current directory, we only need that (it includes everything)\n\tif hasCurrentDir {\n\t\treturn []string{currentDirPath}, nil\n\t}\n\n\t// Otherwise, remove duplicates normally\n\tfor _, src := range sources {\n\t\tif !sourceMap[src] {\n\t\t\tsourceMap[src] = true\n\t\t\tuniqueSources = append(uniqueSources, src)\n\t\t}\n\t}\n\n\treturn uniqueSources, nil\n}\n\nfunc parseCopyAddCommand(args string) []string {\n\targs = strings.TrimSpace(args)\n\tvar sources []string\n\n\t// Handle JSON array format: [\"src1\", \"src2\", \"dest\"]\n\tif strings.HasPrefix(args, \"[\") && strings.HasSuffix(args, \"]\") {\n\t\t// Remove brackets and parse as space-separated values with quotes\n\t\tcontent := strings.Trim(args, \"[]\")\n\t\tparts := parseQuotedArguments(content)\n\t\tif len(parts) >= 2 {\n\t\t\t// All but the last argument are sources\n\t\t\tsources = parts[:len(parts)-1]\n\t\t}\n\t\treturn sources\n\t}\n\n\t// Handle regular format with possible flags\n\tparts := parseQuotedArguments(args)\n\n\t// Skip flags like --chown, --chmod, --from\n\tsourcesStartIdx := 0\n\tfor i := 0; i < len(parts); i++ {\n\t\tpart := parts[i]\n\t\tif strings.HasPrefix(part, \"--\") {\n\t\t\t// Skip the flag and its value if it has one\n\t\t\tif !strings.Contains(part, \"=\") && i+1 < len(parts) && !strings.HasPrefix(parts[i+1], \"--\") {\n\t\t\t\tsourcesStartIdx = i + 2\n\t\t\t} else {\n\t\t\t\tsourcesStartIdx = i + 1\n\t\t\t}\n\t\t} else {\n\t\t\tbreak\n\t\t}\n\t}\n\n\t// After skipping flags, we need at least one source and one destination\n\tif len(parts)-sourcesStartIdx >= 2 {\n\t\tsources = parts[sourcesStartIdx : len(parts)-1]\n\t}\n\n\treturn sources\n}\n\nfunc parseQuotedArguments(input string) []string {\n\tvar args []string\n\tvar current strings.Builder\n\tinQuotes := false\n\tquoteChar := byte(0)\n\n\tinput = strings.TrimSpace(input)\n\n\tfor i := 0; i < len(input); i++ {\n\t\tchar := input[i]\n\n\t\tif !inQuotes && (char == '\"' || char == '\\'') {\n\t\t\tinQuotes = true\n\t\t\tquoteChar = char\n\t\t} else if inQuotes && char == quoteChar {\n\t\t\tinQuotes = false\n\t\t\tquoteChar = 0\n\t\t} else if !inQuotes && (char == ' ' || char == '\\t') {\n\t\t\tif current.Len() > 0 {\n\t\t\t\targs = append(args, current.String())\n\t\t\t\tcurrent.Reset()\n\t\t\t}\n\t\t\t// Skip consecutive whitespace\n\t\t\tfor i+1 < len(input) && (input[i+1] == ' ' || input[i+1] == '\\t') {\n\t\t\t\ti++\n\t\t\t}\n\t\t} else {\n\t\t\tcurrent.WriteByte(char)\n\t\t}\n\t}\n\n\tif current.Len() > 0 {\n\t\targs = append(args, current.String())\n\t}\n\n\treturn args\n}\n\nfunc GetCreateBuildInfoDto(ctx context.Context, dockerfilePath string, contextPaths []string) (*apiclient.CreateBuildInfo, error) {\n\tdockerfileAbsPath, err := filepath.Abs(dockerfilePath)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"invalid dockerfile path: %w\", err)\n\t}\n\n\tif _, err := os.Stat(dockerfileAbsPath); os.IsNotExist(err) {\n\t\treturn nil, fmt.Errorf(\"dockerfile does not exist: %s\", dockerfileAbsPath)\n\t}\n\n\tdockerfileContent, err := os.ReadFile(dockerfileAbsPath)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to read dockerfile: %w\", err)\n\t}\n\n\tdockerfileDir := filepath.Dir(dockerfileAbsPath)\n\n\t// If no context paths are provided, automatically parse the Dockerfile to find them\n\tif len(contextPaths) == 0 {\n\t\tautoContextPaths, err := parseDockerfileForSources(string(dockerfileContent), dockerfileDir)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to parse dockerfile for context: %w\", err)\n\t\t}\n\t\tcontextPaths = autoContextPaths\n\t} else {\n\t\tvar resolvedContextPaths []string\n\t\tfor _, contextPath := range contextPaths {\n\t\t\tvar absPath string\n\t\t\tif filepath.IsAbs(contextPath) {\n\t\t\t\tabsPath = contextPath\n\t\t\t} else {\n\t\t\t\t// When context paths are provided manually (via --context flag),\n\t\t\t\t// resolve them relative to the current working directory\n\t\t\t\tabsPath, err = filepath.Abs(contextPath)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, fmt.Errorf(\"failed to resolve context path %s: %w\", contextPath, err)\n\t\t\t\t}\n\t\t\t}\n\t\t\tresolvedContextPaths = append(resolvedContextPaths, absPath)\n\t\t}\n\t\tcontextPaths = resolvedContextPaths\n\t}\n\n\tapiClient, err := apiclient_cli.GetApiClient(nil, nil)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tcontextHashes, err := getContextHashes(ctx, apiClient, contextPaths)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &apiclient.CreateBuildInfo{\n\t\tDockerfileContent: string(dockerfileContent),\n\t\tContextHashes: contextHashes,\n\t}, nil\n}\n" }, { "path": "apps/cli/cmd/common/format.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/daytonaio/daytona/cli/internal\"\n\t\"github.com/spf13/cobra\"\n\t\"gopkg.in/yaml.v2\"\n)\n\nconst (\n\tformatFlagDescription = `Output format. Must be one of (yaml, json)`\n\tformatFlagName = \"format\"\n\tformatFlagShortHand = \"f\"\n)\n\nvar (\n\tFormatFlag string\n\tstandardOut *os.File\n)\n\ntype outputFormatter struct {\n\tdata interface{}\n\tformatter Formatter\n}\n\nfunc NewFormatter(data interface{}) *outputFormatter {\n\tvar formatter Formatter\n\tswitch FormatFlag {\n\tcase \"json\":\n\t\tformatter = JSONFormatter{}\n\tcase \"yaml\":\n\t\tformatter = YAMLFormatter{}\n\tcase \"\":\n\t\tformatter = nil\n\tdefault:\n\t\tformatter = JSONFormatter{} // Default to JSON\n\t}\n\n\treturn &outputFormatter{\n\t\tdata: data,\n\t\tformatter: formatter,\n\t}\n\n}\n\ntype Formatter interface {\n\tFormat(data interface{}) (string, error)\n}\n\ntype JSONFormatter struct{}\n\nfunc (f JSONFormatter) Format(data interface{}) (string, error) {\n\tjsonData, err := json.MarshalIndent(data, \"\", \" \") // Indent with two spaces\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\treturn string(jsonData), nil\n}\n\ntype YAMLFormatter struct{}\n\nfunc (f YAMLFormatter) Format(data interface{}) (string, error) {\n\tyamlData, err := yaml.Marshal(data)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\treturn string(yamlData), nil\n}\n\nfunc (f *outputFormatter) Print() {\n\n\tformattedOutput, err := f.formatter.Format(f.data)\n\tif err != nil {\n\t\tfmt.Printf(\"Error formatting output: %v\\n\", err)\n\t\tos.Exit(1)\n\t}\n\n\tUnblockStdOut()\n\tfmt.Println(formattedOutput)\n\tBlockStdOut()\n}\n\nfunc BlockStdOut() {\n\tif os.Stdout != nil {\n\t\tstandardOut = os.Stdout\n\t\tos.Stdout = nil\n\t}\n}\n\nfunc UnblockStdOut() {\n\tif os.Stdout == nil {\n\t\tos.Stdout = standardOut\n\t\tstandardOut = nil\n\t}\n}\n\nfunc RegisterFormatFlag(cmd *cobra.Command) {\n\tcmd.Flags().StringVarP(&FormatFlag, formatFlagName, formatFlagShortHand, FormatFlag, formatFlagDescription)\n\tcmd.PreRun = func(cmd *cobra.Command, args []string) {\n\t\tif FormatFlag != \"\" {\n\t\t\tBlockStdOut()\n\t\t\t// When a structured output format is requested, suppress\n\t\t\t// noisy warnings such as version mismatch so scripts\n\t\t\t// consuming json/yaml aren't broken.\n\t\t\tinternal.SuppressVersionMismatchWarning = true\n\t\t} else {\n\t\t\tinternal.SuppressVersionMismatchWarning = false\n\t\t}\n\t}\n}\n" }, { "path": "apps/cli/cmd/common/logs.go", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\npackage common\n\nimport (\n\t\"bufio\"\n\t\"context\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"time\"\n\n\t\"github.com/daytonaio/daytona/cli/config\"\n\tlog \"github.com/sirupsen/logrus\"\n)\n\ntype ReadLogParams struct {\n\tId string\n\tServerUrl string\n\tServerApi config.ServerApi\n\tActiveOrganizationId *string\n\tFollow *bool\n\tResourceType ResourceType\n}\n\ntype ResourceType string\n\nconst (\n\tResourceTypeSandbox ResourceType = \"sandbox\"\n\tResourceTypeSnapshot ResourceType = \"snapshots\"\n)\n\nfunc ReadBuildLogs(ctx context.Context, params ReadLogParams) {\n\turl := fmt.Sprintf(\"%s/%s/%s/build-logs\", params.ServerUrl, params.ResourceType, params.Id)\n\tif params.Follow != nil && *params.Follow {\n\t\turl = fmt.Sprintf(\"%s?follow=true\", url)\n\t}\n\n\treq, err := http.NewRequestWithContext(ctx, \"GET\", url, nil)\n\tif err != nil {\n\t\tlog.Errorf(\"Failed to create request: %v\", err)\n\t\treturn\n\t}\n\n\tif params.ServerApi.Key != nil {\n\t\treq.Header.Add(\"Authorization\", fmt.Sprintf(\"Bearer %s\", *params.ServerApi.Key))\n\t} else if params.ServerApi.Token != nil {\n\t\treq.Header.Add(\"Authorization\", fmt.Sprintf(\"Bearer %s\", params.ServerApi.Token.AccessToken))\n\n\t\tif params.ActiveOrganizationId != nil {\n\t\t\treq.Header.Add(\"X-Daytona-Organization-ID\", *params.ActiveOrganizationId)\n\t\t}\n\t}\n\n\treq.Header.Add(\"Accept\", \"application/octet-stream\")\n\n\tclient := &http.Client{}\n\tresp, err := client.Do(req)\n\tif err != nil {\n\t\tlog.Errorf(\"Failed to connect to server: %v\", err)\n\t\treturn\n\t}\n\tdefer resp.Body.Close()\n\n\tif resp.StatusCode != http.StatusOK {\n\t\tlog.Errorf(\"Server returned a non-OK status while retrieving logs: %d\", resp.StatusCode)\n\t\treturn\n\t}\n\n\treader := bufio.NewReader(resp.Body)\n\tbuffer := make([]byte, 4096)\n\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn\n\t\tdefault:\n\t\t\tn, err := reader.Read(buffer)\n\t\t\tif n > 0 {\n\t\t\t\tfmt.Print(string(buffer[:n]))\n\t\t\t}\n\n\t\t\tif err != nil {\n\t\t\t\tif err == io.EOF {\n\t\t\t\t\tif params.Follow != nil && *params.Follow {\n\t\t\t\t\t\ttime.Sleep(500 * time.Millisecond)\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\t\t\t\t\treturn\n\t\t\t\t}\n\t\t\t\t// Don't log context.Canceled as it's an expected case when streaming is stopped\n\t\t\t\tif err != context.Canceled {\n\t\t\t\t\tlog.Errorf(\"Error reading from stream: %v\", err)\n\t\t\t\t}\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "apps/cli/cmd/common/organization.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\t\"context\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/config\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n)\n\nfunc GetPersonalOrganizationId(profile config.Profile) (string, error) {\n\tapiClient, err := apiclient_cli.GetApiClient(&profile, nil)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\torganizationList, res, err := apiClient.OrganizationsAPI.ListOrganizations(context.Background()).Execute()\n\tif err != nil {\n\t\treturn \"\", apiclient_cli.HandleErrorResponse(res, err)\n\t}\n\n\tfor _, organization := range organizationList {\n\t\tif organization.Personal {\n\t\t\treturn organization.Id, nil\n\t\t}\n\t}\n\n\treturn \"\", nil\n}\n\nfunc GetActiveOrganizationName(apiClient *apiclient.APIClient, ctx context.Context) (string, error) {\n\tactiveOrganizationId, err := config.GetActiveOrganizationId()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tif activeOrganizationId == \"\" {\n\t\treturn \"\", config.ErrNoActiveOrganization\n\t}\n\n\tactiveOrganization, res, err := apiClient.OrganizationsAPI.GetOrganization(ctx, activeOrganizationId).Execute()\n\tif err != nil {\n\t\treturn \"\", apiclient_cli.HandleErrorResponse(res, err)\n\t}\n\n\treturn activeOrganization.Name, nil\n}\n" }, { "path": "apps/cli/cmd/common/sandbox.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\t\"fmt\"\n\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n)\n\nfunc RequireStartedState(sandbox *apiclient.Sandbox) error {\n\tif sandbox.State == nil {\n\t\treturn fmt.Errorf(\"sandbox state is unknown\")\n\t}\n\n\tstate := *sandbox.State\n\tif state == apiclient.SANDBOXSTATE_STARTED {\n\t\treturn nil\n\t}\n\n\tsandboxRef := sandbox.Id\n\tif sandbox.Name != \"\" {\n\t\tsandboxRef = sandbox.Name\n\t}\n\n\tswitch state {\n\tcase apiclient.SANDBOXSTATE_STOPPED:\n\t\treturn fmt.Errorf(\"sandbox is stopped. Start it with: daytona sandbox start %s\", sandboxRef)\n\tcase apiclient.SANDBOXSTATE_ARCHIVED:\n\t\treturn fmt.Errorf(\"sandbox is archived. Start it with: daytona sandbox start %s\", sandboxRef)\n\tcase apiclient.SANDBOXSTATE_ARCHIVING:\n\t\treturn fmt.Errorf(\"sandbox is archiving. Start it with: daytona sandbox start %s\", sandboxRef)\n\tcase apiclient.SANDBOXSTATE_STARTING:\n\t\treturn fmt.Errorf(\"sandbox is starting. Please wait for it to be ready\")\n\tcase apiclient.SANDBOXSTATE_STOPPING:\n\t\treturn fmt.Errorf(\"sandbox is stopping. Please wait for it to complete\")\n\tcase apiclient.SANDBOXSTATE_CREATING:\n\t\treturn fmt.Errorf(\"sandbox is being created. Please wait for it to be ready\")\n\tcase apiclient.SANDBOXSTATE_DESTROYING:\n\t\treturn fmt.Errorf(\"sandbox is being destroyed\")\n\tcase apiclient.SANDBOXSTATE_DESTROYED:\n\t\treturn fmt.Errorf(\"sandbox has been destroyed\")\n\tcase apiclient.SANDBOXSTATE_ERROR:\n\t\treturn fmt.Errorf(\"sandbox is in an error state\")\n\tcase apiclient.SANDBOXSTATE_BUILD_FAILED:\n\t\treturn fmt.Errorf(\"sandbox build failed\")\n\tdefault:\n\t\treturn fmt.Errorf(\"sandbox is not running (state: %s)\", state)\n\t}\n}\n" }, { "path": "apps/cli/cmd/common/ssh.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n)\n\n// ParseSSHCommand parses the SSH command string returned by the API\n// Expected formats:\n// - \"ssh token@host\" (port 22)\n// - \"ssh -p port token@host\"\nfunc ParseSSHCommand(sshCommand string) ([]string, error) {\n\tparts := strings.Fields(sshCommand)\n\tif len(parts) < 2 {\n\t\treturn nil, fmt.Errorf(\"invalid SSH command format: %s\", sshCommand)\n\t}\n\n\t// Skip the \"ssh\" part\n\targs := parts[1:]\n\n\treturn args, nil\n}\n" }, { "path": "apps/cli/cmd/common/ssh_unix.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\n//go:build unix\n\npackage common\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"os/exec\"\n\t\"os/signal\"\n\t\"syscall\"\n)\n\n// ExecuteSSH runs the SSH command with proper terminal handling\nfunc ExecuteSSH(sshArgs []string) error {\n\tsshPath, err := exec.LookPath(\"ssh\")\n\tif err != nil {\n\t\treturn fmt.Errorf(\"ssh not found in PATH: %w\", err)\n\t}\n\n\t// Create the command\n\tsshCmd := exec.Command(sshPath, sshArgs...)\n\tsshCmd.Stdin = os.Stdin\n\tsshCmd.Stdout = os.Stdout\n\tsshCmd.Stderr = os.Stderr\n\n\t// Handle signals - forward them to the SSH process\n\tsigChan := make(chan os.Signal, 1)\n\tsignal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM, syscall.SIGWINCH)\n\n\t// Start the SSH process\n\tif err := sshCmd.Start(); err != nil {\n\t\treturn fmt.Errorf(\"failed to start SSH: %w\", err)\n\t}\n\n\t// Forward signals to the SSH process\n\tgo func() {\n\t\tfor sig := range sigChan {\n\t\t\tif sshCmd.Process != nil {\n\t\t\t\t_ = sshCmd.Process.Signal(sig)\n\t\t\t}\n\t\t}\n\t}()\n\n\t// Wait for SSH to complete\n\terr = sshCmd.Wait()\n\n\t// Stop signal handling\n\tsignal.Stop(sigChan)\n\tclose(sigChan)\n\n\tif err != nil {\n\t\tif exitErr, ok := err.(*exec.ExitError); ok {\n\t\t\tos.Exit(exitErr.ExitCode())\n\t\t}\n\t\treturn err\n\t}\n\n\treturn nil\n}\n" }, { "path": "apps/cli/cmd/common/ssh_windows.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\n//go:build windows\n\npackage common\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"os/exec\"\n\t\"os/signal\"\n\t\"syscall\"\n)\n\n// ExecuteSSH runs the SSH command with proper terminal handling\nfunc ExecuteSSH(sshArgs []string) error {\n\tsshPath, err := exec.LookPath(\"ssh\")\n\tif err != nil {\n\t\treturn fmt.Errorf(\"ssh not found in PATH: %w\", err)\n\t}\n\n\t// Create the command\n\tsshCmd := exec.Command(sshPath, sshArgs...)\n\tsshCmd.Stdin = os.Stdin\n\tsshCmd.Stdout = os.Stdout\n\tsshCmd.Stderr = os.Stderr\n\n\t// Handle signals - forward them to the SSH process\n\t// Note: SIGWINCH is not available on Windows\n\tsigChan := make(chan os.Signal, 1)\n\tsignal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)\n\n\t// Start the SSH process\n\tif err := sshCmd.Start(); err != nil {\n\t\treturn fmt.Errorf(\"failed to start SSH: %w\", err)\n\t}\n\n\t// Forward signals to the SSH process\n\tgo func() {\n\t\tfor sig := range sigChan {\n\t\t\tif sshCmd.Process != nil {\n\t\t\t\t_ = sshCmd.Process.Signal(sig)\n\t\t\t}\n\t\t}\n\t}()\n\n\t// Wait for SSH to complete\n\terr = sshCmd.Wait()\n\n\t// Stop signal handling\n\tsignal.Stop(sigChan)\n\tclose(sigChan)\n\n\tif err != nil {\n\t\tif exitErr, ok := err.(*exec.ExitError); ok {\n\t\t\tos.Exit(exitErr.ExitCode())\n\t\t}\n\t\treturn err\n\t}\n\n\treturn nil\n}\n" }, { "path": "apps/cli/cmd/common/state.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"time\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n)\n\nfunc AwaitSnapshotState(ctx context.Context, apiClient *apiclient.APIClient, name string, state apiclient.SnapshotState) error {\n\tfor {\n\t\tsnapshot, res, err := apiClient.SnapshotsAPI.GetSnapshot(ctx, name).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tswitch snapshot.State {\n\t\tcase state:\n\t\t\treturn nil\n\t\tcase apiclient.SNAPSHOTSTATE_ERROR, apiclient.SNAPSHOTSTATE_BUILD_FAILED:\n\t\t\tif !snapshot.ErrorReason.IsSet() {\n\t\t\t\treturn fmt.Errorf(\"snapshot processing failed\")\n\t\t\t}\n\t\t\treturn fmt.Errorf(\"snapshot processing failed: %s\", *snapshot.ErrorReason.Get())\n\t\t}\n\n\t\ttime.Sleep(time.Second)\n\t}\n}\n\nfunc AwaitSandboxState(ctx context.Context, apiClient *apiclient.APIClient, targetSandbox string, state apiclient.SandboxState) error {\n\tfor {\n\t\tsandbox, res, err := apiClient.SandboxAPI.GetSandbox(ctx, targetSandbox).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tif sandbox.State != nil && *sandbox.State == state {\n\t\t\treturn nil\n\t\t} else if sandbox.State != nil && (*sandbox.State == apiclient.SANDBOXSTATE_ERROR || *sandbox.State == apiclient.SANDBOXSTATE_BUILD_FAILED) {\n\t\t\tif sandbox.ErrorReason == nil {\n\t\t\t\treturn fmt.Errorf(\"sandbox processing failed\")\n\t\t\t}\n\t\t\treturn fmt.Errorf(\"sandbox processing failed: %s\", *sandbox.ErrorReason)\n\t\t}\n\n\t\ttime.Sleep(time.Second)\n\t}\n}\n" }, { "path": "apps/cli/cmd/common/validate.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n)\n\nfunc ValidateImageName(imageName string) error {\n\tparts := strings.Split(imageName, \":\")\n\tif len(parts) != 2 {\n\t\treturn fmt.Errorf(\"invalid image format: must contain exactly one colon (e.g., 'ubuntu:22.04')\")\n\t}\n\tif parts[1] == \"latest\" {\n\t\treturn fmt.Errorf(\"tag 'latest' not allowed, please use a specific version tag\")\n\t}\n\n\treturn nil\n}\n" }, { "path": "apps/cli/cmd/docs.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage cmd\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/pkg/browser\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar docsURL string = \"https://www.daytona.io/docs/\"\n\nvar DocsCmd = &cobra.Command{\n\tUse: \"docs\",\n\tShort: \"Opens the Daytona documentation in your default browser.\",\n\tArgs: cobra.NoArgs,\n\tAliases: []string{\"documentation\", \"doc\"},\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tcommon.RenderInfoMessageBold(fmt.Sprintf(\"Opening the Daytona documentation in your default browser. If opening fails, you can go to %s manually.\", common.LinkStyle.Render(docsURL)))\n\t\treturn browser.OpenURL(docsURL)\n\t},\n}\n" }, { "path": "apps/cli/cmd/generatedocs.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage cmd\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/spf13/cobra\"\n\t\"github.com/spf13/cobra/doc\"\n)\n\nvar yamlDirectory = \"hack\"\nvar defaultDirectory = \"docs\"\n\nvar GenerateDocsCmd = &cobra.Command{\n\tUse: \"generate-docs\",\n\tShort: \"Generate documentation for the Daytona CLI\",\n\tArgs: cobra.NoArgs,\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tdirectory, err := cmd.Flags().GetString(\"directory\")\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif directory == \"\" {\n\t\t\tdirectory = defaultDirectory\n\t\t}\n\n\t\terr = os.MkdirAll(directory, os.ModePerm)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\terr = os.MkdirAll(filepath.Join(yamlDirectory, directory), os.ModePerm)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\terr = doc.GenMarkdownTree(cmd.Root(), directory)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\terr = doc.GenYamlTree(cmd.Root(), filepath.Join(yamlDirectory, directory))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tfmt.Printf(\"Documentation generated at %s\\n\", directory)\n\t\treturn nil\n\t},\n\tHidden: true,\n}\n\nfunc init() {\n\tGenerateDocsCmd.Flags().String(\"directory\", \"\", \"Directory to generate documentation into\")\n}\n" }, { "path": "apps/cli/cmd/mcp/agents/claude.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage agents\n\nimport (\n\t\"errors\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"runtime\"\n)\n\nfunc InitClaude(homeDir string) (string, string, error) {\n\tvar agentConfigFilePath string\n\tvar mcpLogFilePath string\n\n\tswitch runtime.GOOS {\n\tcase \"darwin\":\n\t\tagentConfigFilePath = filepath.Join(homeDir, \"Library\", \"Application Support\", \"Claude\", \"claude_desktop_config.json\")\n\t\tmcpLogFilePath = filepath.Join(homeDir, \"Library\", \"Logs\", \"Claude\", mcpLogFileName)\n\n\tcase \"windows\":\n\t\t// Resolve %APPDATA% environment variable\n\t\tappData := os.Getenv(\"APPDATA\")\n\t\tif appData == \"\" {\n\t\t\treturn \"\", \"\", errors.New(\"could not resolve APPDATA environment variable\")\n\t\t}\n\n\t\tagentConfigFilePath = filepath.Join(appData, \"Claude\", \"claude_desktop_config.json\")\n\t\tmcpLogFilePath = filepath.Join(appData, \"Claude\", \"Logs\", mcpLogFileName)\n\n\tcase \"linux\":\n\t\tagentConfigFilePath = filepath.Join(homeDir, \".config\", \"Claude\", \"claude_desktop_config.json\")\n\t\tmcpLogFilePath = filepath.Join(\"var\", \"log\", \"Claude\", mcpLogFileName)\n\tdefault:\n\t\treturn \"\", \"\", errors.New(\"operating system is not supported\")\n\t}\n\n\treturn agentConfigFilePath, mcpLogFilePath, nil\n}\n" }, { "path": "apps/cli/cmd/mcp/agents/common.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage agents\n\nvar mcpLogFileName string = \"daytona-mcp-server.log\"\n" }, { "path": "apps/cli/cmd/mcp/agents/cursor.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage agents\n\nimport (\n\t\"errors\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"runtime\"\n)\n\nfunc InitCursor(homeDir string) (string, string, error) {\n\tvar agentConfigFilePath string\n\tvar mcpLogFilePath string\n\n\tswitch runtime.GOOS {\n\tcase \"darwin\":\n\t\tagentConfigFilePath = filepath.Join(homeDir, \".cursor\", \"mcp.json\")\n\t\tmcpLogFilePath = filepath.Join(homeDir, \"Library\", \"Logs\", \"Cursor\", mcpLogFileName)\n\n\tcase \"windows\":\n\t\t// Resolve %APPDATA% environment variable\n\t\tappData := os.Getenv(\"APPDATA\")\n\t\tif appData == \"\" {\n\t\t\treturn \"\", \"\", errors.New(\"could not resolve APPDATA environment variable\")\n\t\t}\n\n\t\tagentConfigFilePath = filepath.Join(appData, \".cursor\", \"mcp.json\")\n\t\tmcpLogFilePath = filepath.Join(appData, \"Cursor\", \"Logs\", mcpLogFileName)\n\n\tcase \"linux\":\n\t\tagentConfigFilePath = filepath.Join(homeDir, \".cursor\", \"mcp.json\")\n\t\tmcpLogFilePath = filepath.Join(\"var\", \"log\", \"Cursor\", mcpLogFileName)\n\tdefault:\n\t\treturn \"\", \"\", errors.New(\"operating system is not supported\")\n\t}\n\n\treturn agentConfigFilePath, mcpLogFilePath, nil\n}\n" }, { "path": "apps/cli/cmd/mcp/agents/windsurf.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage agents\n\nimport (\n\t\"errors\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"runtime\"\n)\n\nfunc InitWindsurf(homeDir string) (string, string, error) {\n\tvar agentConfigFilePath string\n\tvar mcpLogFilePath string\n\n\tswitch runtime.GOOS {\n\tcase \"darwin\":\n\t\tagentConfigFilePath = filepath.Join(homeDir, \".codeium\", \"windsurf\", \"mcp_config.json\")\n\t\tmcpLogFilePath = filepath.Join(homeDir, \"Library\", \"Logs\", \"Windsurf\", mcpLogFileName)\n\n\tcase \"windows\":\n\t\t// Resolve %APPDATA% environment variable\n\t\tappData := os.Getenv(\"APPDATA\")\n\t\tif appData == \"\" {\n\t\t\treturn \"\", \"\", errors.New(\"could not resolve APPDATA environment variable\")\n\t\t}\n\n\t\tagentConfigFilePath = filepath.Join(appData, \".codeium\", \"windsurf\", \"mcp_config.json\")\n\t\tmcpLogFilePath = filepath.Join(appData, \"Windsurf\", \"Logs\", mcpLogFileName)\n\n\tcase \"linux\":\n\t\tagentConfigFilePath = filepath.Join(homeDir, \".codeium\", \"windsurf\", \"mcp_config.json\")\n\t\tmcpLogFilePath = filepath.Join(\"var\", \"log\", \"Windsurf\", mcpLogFileName)\n\tdefault:\n\t\treturn \"\", \"\", errors.New(\"operating system is not supported\")\n\t}\n\n\treturn agentConfigFilePath, mcpLogFilePath, nil\n}\n" }, { "path": "apps/cli/cmd/mcp/config.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage mcp\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"os\"\n\t\"runtime\"\n\n\t\"github.com/spf13/cobra\"\n)\n\nvar ConfigCmd = &cobra.Command{\n\tUse: \"config [AGENT_NAME]\",\n\tShort: \"Outputs JSON configuration for Daytona MCP Server\",\n\tArgs: cobra.NoArgs,\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\thomeDir, err := os.UserHomeDir()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tvar mcpLogFilePath string\n\n\t\tswitch runtime.GOOS {\n\t\tcase \"darwin\":\n\t\t\tmcpLogFilePath = homeDir + \"/.daytona/daytona-mcp.log\"\n\t\tcase \"windows\":\n\t\t\tmcpLogFilePath = os.Getenv(\"APPDATA\") + \"\\\\.daytona\\\\daytona-mcp.log\"\n\t\tcase \"linux\":\n\t\t\tmcpLogFilePath = homeDir + \"/.daytona/daytona-mcp.log\"\n\t\tdefault:\n\t\t\treturn fmt.Errorf(\"unsupported OS: %s\", runtime.GOOS)\n\t\t}\n\n\t\tdaytonaMcpConfig, err := getDayonaMcpConfig(mcpLogFilePath)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tmcpConfig := map[string]interface{}{\n\t\t\t\"daytona-mcp\": daytonaMcpConfig,\n\t\t}\n\n\t\tjsonBytes, err := json.MarshalIndent(mcpConfig, \"\", \" \")\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tfmt.Println(string(jsonBytes))\n\n\t\treturn nil\n\t},\n}\n\nfunc getDayonaMcpConfig(mcpLogFilePath string) (map[string]interface{}, error) {\n\thomeDir, err := os.UserHomeDir()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// Create daytona-mcp config\n\tdaytonaMcpConfig := map[string]interface{}{\n\t\t\"command\": \"daytona\",\n\t\t\"args\": []string{\"mcp\", \"start\"},\n\t\t\"env\": map[string]string{\n\t\t\t\"PATH\": homeDir + \":/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/homebrew/bin\",\n\t\t\t\"HOME\": homeDir,\n\t\t},\n\t\t\"logFile\": mcpLogFilePath,\n\t}\n\n\tif runtime.GOOS == \"windows\" {\n\t\tdaytonaMcpConfig[\"env\"].(map[string]string)[\"APPDATA\"] = os.Getenv(\"APPDATA\")\n\t}\n\n\treturn daytonaMcpConfig, nil\n}\n" }, { "path": "apps/cli/cmd/mcp/init.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage mcp\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/daytonaio/daytona/cli/cmd/mcp/agents\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar InitCmd = &cobra.Command{\n\tUse: \"init [AGENT_NAME]\",\n\tShort: \"Initialize Daytona MCP Server with an agent (currently supported: claude, windsurf, cursor)\",\n\tArgs: cobra.MaximumNArgs(1),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tif len(args) == 0 {\n\t\t\treturn fmt.Errorf(\"agent name is required\")\n\t\t}\n\n\t\thomeDir, err := os.UserHomeDir()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tvar agentConfigFilePath, mcpLogFilePath string\n\n\t\tswitch args[0] {\n\t\tcase \"claude\":\n\t\t\tagentConfigFilePath, mcpLogFilePath, err = agents.InitClaude(homeDir)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\tcase \"cursor\":\n\t\t\tagentConfigFilePath, mcpLogFilePath, err = agents.InitCursor(homeDir)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\tcase \"windsurf\":\n\t\t\tagentConfigFilePath, mcpLogFilePath, err = agents.InitWindsurf(homeDir)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\tdefault:\n\t\t\treturn fmt.Errorf(\"agent name %s is not supported\", args[0])\n\t\t}\n\n\t\treturn injectConfig(agentConfigFilePath, mcpLogFilePath)\n\t},\n}\n\nfunc injectConfig(agentConfigFilePath, mcpLogFilePath string) error {\n\tdaytonaMcpConfig, err := getDayonaMcpConfig(mcpLogFilePath)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// Read existing model config or create new one\n\tvar agentConfig map[string]interface{}\n\tif agentConfigData, err := os.ReadFile(agentConfigFilePath); err == nil {\n\t\tif err := json.Unmarshal(agentConfigData, &agentConfig); err != nil {\n\t\t\treturn err\n\t\t}\n\t} else if !os.IsNotExist(err) {\n\t\treturn err\n\t} else {\n\t\tagentConfig = make(map[string]interface{})\n\t}\n\n\t// Initialize or update mcpServers field\n\tmcpServers, ok := agentConfig[\"mcpServers\"].(map[string]interface{})\n\tif !ok {\n\t\tmcpServers = make(map[string]interface{})\n\t}\n\n\t// Add or update daytona-mcp configuration\n\tmcpServers[\"daytona-mcp\"] = daytonaMcpConfig\n\tagentConfig[\"mcpServers\"] = mcpServers\n\n\t// Write back the updated config with indentation\n\tupdatedJSON, err := json.MarshalIndent(agentConfig, \"\", \" \")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn os.WriteFile(agentConfigFilePath, updatedJSON, 0644)\n}\n" }, { "path": "apps/cli/cmd/mcp/mcp.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage mcp\n\nimport (\n\t\"github.com/spf13/cobra\"\n)\n\nvar MCPCmd = &cobra.Command{\n\tUse: \"mcp\",\n\tShort: \"Manage Daytona MCP Server\",\n\tLong: \"Commands for managing Daytona MCP Server\",\n}\n\nfunc init() {\n\tMCPCmd.AddCommand(InitCmd)\n\tMCPCmd.AddCommand(StartCmd)\n\tMCPCmd.AddCommand(ConfigCmd)\n}\n" }, { "path": "apps/cli/cmd/mcp/start.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage mcp\n\nimport (\n\t\"os\"\n\t\"os/signal\"\n\n\t\"github.com/daytonaio/daytona/cli/mcp\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar StartCmd = &cobra.Command{\n\tUse: \"start\",\n\tShort: \"Start Daytona MCP Server\",\n\tArgs: cobra.NoArgs,\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tserver := mcp.NewDaytonaMCPServer()\n\n\t\tinterruptChan := make(chan os.Signal, 1)\n\t\tsignal.Notify(interruptChan, os.Interrupt)\n\n\t\terrChan := make(chan error)\n\n\t\tgo func() {\n\t\t\terrChan <- server.Start()\n\t\t}()\n\n\t\tselect {\n\t\tcase err := <-errChan:\n\t\t\treturn err\n\t\tcase <-interruptChan:\n\t\t\treturn nil\n\t\t}\n\t},\n}\n" }, { "path": "apps/cli/cmd/organization/create.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage organization\n\nimport (\n\t\"context\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/config\"\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/daytonaio/daytona/cli/views/organization\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar CreateCmd = &cobra.Command{\n\tUse: \"create [ORGANIZATION_NAME]\",\n\tShort: \"Create a new organization and set it as active\",\n\tArgs: cobra.ExactArgs(1),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient_cli.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tcreateOrganizationDto := apiclient.CreateOrganization{\n\t\t\tName: args[0],\n\t\t}\n\n\t\torg, res, err := apiClient.OrganizationsAPI.CreateOrganization(ctx).CreateOrganization(createOrganizationDto).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tc, err := config.GetConfig()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tactiveProfile, err := c.GetActiveProfile()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tactiveProfile.ActiveOrganizationId = &org.Id\n\t\terr = c.EditProfile(activeProfile)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\torganization.RenderInfo(org, false)\n\n\t\tcommon.RenderInfoMessageBold(\"Your organization has been created and its approval is pending\\nOur team has been notified and will set up your resource quotas shortly\")\n\t\treturn nil\n\t},\n}\n" }, { "path": "apps/cli/cmd/organization/delete.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage organization\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/daytonaio/daytona/cli/config\"\n\tview_common \"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/daytonaio/daytona/cli/views/organization\"\n\t\"github.com/daytonaio/daytona/cli/views/util\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar DeleteCmd = &cobra.Command{\n\tUse: \"delete [ORGANIZATION]\",\n\tShort: \"Delete an organization\",\n\tArgs: cobra.MaximumNArgs(1),\n\tAliases: common.GetAliases(\"delete\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tvar chosenOrganization *apiclient.Organization\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient_cli.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\torgList, res, err := apiClient.OrganizationsAPI.ListOrganizations(ctx).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tif len(orgList) == 0 {\n\t\t\tutil.NotifyEmptyOrganizationList(true)\n\t\t\treturn nil\n\t\t}\n\n\t\tif len(args) == 0 {\n\t\t\tchosenOrganization, err = organization.GetOrganizationIdFromPrompt(orgList)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t} else {\n\t\t\tfor _, org := range orgList {\n\t\t\t\tif org.Id == args[0] || org.Name == args[0] {\n\t\t\t\t\tchosenOrganization = &org\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif chosenOrganization == nil {\n\t\t\t\treturn fmt.Errorf(\"organization %s not found\", args[0])\n\t\t\t}\n\t\t}\n\n\t\tif chosenOrganization.Name == \"Personal\" {\n\t\t\treturn fmt.Errorf(\"cannot delete personal organization\")\n\t\t}\n\n\t\tres, err = apiClient.OrganizationsAPI.DeleteOrganization(ctx, chosenOrganization.Id).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tview_common.RenderInfoMessageBold(fmt.Sprintf(\"Organization %s has been deleted\", chosenOrganization.Name))\n\n\t\tc, err := config.GetConfig()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tactiveProfile, err := c.GetActiveProfile()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif activeProfile.ActiveOrganizationId == nil || *activeProfile.ActiveOrganizationId != chosenOrganization.Id {\n\t\t\treturn nil\n\t\t}\n\n\t\tpersonalOrganizationId, err := common.GetPersonalOrganizationId(activeProfile)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tactiveProfile.ActiveOrganizationId = &personalOrganizationId\n\t\treturn c.EditProfile(activeProfile)\n\t},\n}\n" }, { "path": "apps/cli/cmd/organization/list.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage organization\n\nimport (\n\t\"context\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/daytonaio/daytona/cli/config\"\n\t\"github.com/daytonaio/daytona/cli/views/organization\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar ListCmd = &cobra.Command{\n\tUse: \"list\",\n\tShort: \"List all organizations\",\n\tArgs: cobra.NoArgs,\n\tAliases: common.GetAliases(\"list\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\torganizationList, res, err := apiClient.OrganizationsAPI.ListOrganizations(ctx).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tif common.FormatFlag != \"\" {\n\t\t\tformattedData := common.NewFormatter(organizationList)\n\t\t\tformattedData.Print()\n\t\t\treturn nil\n\t\t}\n\n\t\tactiveOrganizationId, err := config.GetActiveOrganizationId()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\torganization.ListOrganizations(organizationList, &activeOrganizationId)\n\t\treturn nil\n\t},\n}\n\nfunc init() {\n\tcommon.RegisterFormatFlag(ListCmd)\n}\n" }, { "path": "apps/cli/cmd/organization/organization.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage organization\n\nimport (\n\t\"errors\"\n\n\t\"github.com/daytonaio/daytona/cli/config\"\n\t\"github.com/daytonaio/daytona/cli/internal\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar OrganizationCmd = &cobra.Command{\n\tUse: \"organization\",\n\tShort: \"Manage Daytona organizations\",\n\tLong: \"Commands for managing Daytona organizations\",\n\tAliases: []string{\"organizations\", \"org\", \"orgs\"},\n\tGroupID: internal.USER_GROUP,\n\tPersistentPreRunE: func(cmd *cobra.Command, args []string) error {\n\t\tif config.IsApiKeyAuth() {\n\t\t\treturn errors.New(\"organization commands are not available when using API key authentication - run `daytona login` to reauthenticate with browser\")\n\t\t}\n\n\t\treturn nil\n\t},\n}\n\nfunc init() {\n\tOrganizationCmd.AddCommand(ListCmd)\n\tOrganizationCmd.AddCommand(CreateCmd)\n\tOrganizationCmd.AddCommand(UseCmd)\n\tOrganizationCmd.AddCommand(DeleteCmd)\n}\n" }, { "path": "apps/cli/cmd/organization/use.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage organization\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/config\"\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/daytonaio/daytona/cli/views/organization\"\n\t\"github.com/daytonaio/daytona/cli/views/util\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar UseCmd = &cobra.Command{\n\tUse: \"use [ORGANIZATION]\",\n\tShort: \"Set active organization\",\n\tArgs: cobra.MaximumNArgs(1),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tvar chosenOrganization *apiclient.Organization\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient_cli.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\torgList, res, err := apiClient.OrganizationsAPI.ListOrganizations(ctx).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tif len(orgList) == 0 {\n\t\t\tutil.NotifyEmptyOrganizationList(true)\n\t\t\treturn nil\n\t\t}\n\n\t\tif len(args) == 0 {\n\t\t\tchosenOrganization, err = organization.GetOrganizationIdFromPrompt(orgList)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t} else {\n\t\t\tfor _, org := range orgList {\n\t\t\t\tif org.Id == args[0] || org.Name == args[0] {\n\t\t\t\t\tchosenOrganization = &org\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif chosenOrganization == nil {\n\t\t\t\treturn fmt.Errorf(\"organization %s not found\", args[0])\n\t\t\t}\n\t\t}\n\n\t\tc, err := config.GetConfig()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tactiveProfile, err := c.GetActiveProfile()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tactiveProfile.ActiveOrganizationId = &chosenOrganization.Id\n\t\terr = c.EditProfile(activeProfile)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tcommon.RenderInfoMessageBold(fmt.Sprintf(\"Organization %s is now active\", chosenOrganization.Name))\n\t\treturn nil\n\t},\n}\n" }, { "path": "apps/cli/cmd/sandbox/archive.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage sandbox\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\tview_common \"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar ArchiveCmd = &cobra.Command{\n\tUse: \"archive [SANDBOX_ID] | [SANDBOX_NAME]\",\n\tShort: \"Archive a sandbox\",\n\tArgs: cobra.MaximumNArgs(1),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tsandboxIdOrNameArg := args[0]\n\n\t\t_, res, err := apiClient.SandboxAPI.ArchiveSandbox(ctx, sandboxIdOrNameArg).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tview_common.RenderInfoMessageBold(fmt.Sprintf(\"Sandbox %s marked for archival\", sandboxIdOrNameArg))\n\t\treturn nil\n\t},\n}\n\nfunc init() {\n}\n" }, { "path": "apps/cli/cmd/sandbox/create.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage sandbox\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/charmbracelet/lipgloss\"\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/daytonaio/daytona/cli/config\"\n\t\"github.com/daytonaio/daytona/cli/util\"\n\tviews_common \"github.com/daytonaio/daytona/cli/views/common\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/spf13/cobra\"\n)\n\nconst SANDBOX_TERMINAL_PORT = 22222\n\nvar CreateCmd = &cobra.Command{\n\tUse: \"create [flags]\",\n\tShort: \"Create a new sandbox\",\n\tArgs: cobra.NoArgs,\n\tAliases: common.GetAliases(\"create\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient_cli.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tcreateSandbox := apiclient.NewCreateSandbox()\n\n\t\t// Add non-zero values to the request\n\t\tif snapshotFlag != \"\" {\n\t\t\tcreateSandbox.SetSnapshot(snapshotFlag)\n\t\t}\n\t\tif nameFlag != \"\" {\n\t\t\tcreateSandbox.SetName(nameFlag)\n\t\t}\n\t\tif userFlag != \"\" {\n\t\t\tcreateSandbox.SetUser(userFlag)\n\t\t}\n\t\tif len(envFlag) > 0 {\n\t\t\tenv := make(map[string]string)\n\t\t\tfor _, e := range envFlag {\n\t\t\t\tparts := strings.SplitN(e, \"=\", 2)\n\t\t\t\tif len(parts) == 2 {\n\t\t\t\t\tenv[parts[0]] = parts[1]\n\t\t\t\t}\n\t\t\t}\n\t\t\tcreateSandbox.SetEnv(env)\n\t\t}\n\t\tif len(labelsFlag) > 0 {\n\t\t\tlabels := make(map[string]string)\n\t\t\tfor _, l := range labelsFlag {\n\t\t\t\tparts := strings.SplitN(l, \"=\", 2)\n\t\t\t\tif len(parts) == 2 {\n\t\t\t\t\tlabels[parts[0]] = parts[1]\n\t\t\t\t}\n\t\t\t}\n\t\t\tcreateSandbox.SetLabels(labels)\n\t\t}\n\t\tif publicFlag {\n\t\t\tcreateSandbox.SetPublic(true)\n\t\t}\n\t\tif classFlag != \"\" {\n\t\t\tcreateSandbox.SetClass(classFlag)\n\t\t}\n\t\tif targetFlag != \"\" {\n\t\t\tcreateSandbox.SetTarget(targetFlag)\n\t\t}\n\t\tif cpuFlag > 0 {\n\t\t\tcreateSandbox.SetCpu(cpuFlag)\n\t\t}\n\t\tif gpuFlag > 0 {\n\t\t\tcreateSandbox.SetGpu(gpuFlag)\n\t\t}\n\t\tif memoryFlag > 0 {\n\t\t\tcreateSandbox.SetMemory(memoryFlag)\n\t\t}\n\t\tif diskFlag > 0 {\n\t\t\tcreateSandbox.SetDisk(diskFlag)\n\t\t}\n\t\tif autoStopFlag >= 0 {\n\t\t\tcreateSandbox.SetAutoStopInterval(autoStopFlag)\n\t\t}\n\t\tif autoArchiveFlag >= 0 {\n\t\t\tcreateSandbox.SetAutoArchiveInterval(autoArchiveFlag)\n\t\t}\n\t\tcreateSandbox.SetAutoDeleteInterval(autoDeleteFlag)\n\n\t\tcreateSandbox.SetNetworkBlockAll(networkBlockAllFlag)\n\t\tif networkAllowListFlag != \"\" {\n\t\t\tcreateSandbox.SetNetworkAllowList(networkAllowListFlag)\n\t\t}\n\n\t\tif dockerfileFlag != \"\" {\n\t\t\tcreateBuildInfoDto, err := common.GetCreateBuildInfoDto(ctx, dockerfileFlag, contextFlag)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tcreateSandbox.SetBuildInfo(*createBuildInfoDto)\n\t\t}\n\n\t\tif len(volumesFlag) > 0 {\n\t\t\tvolumes := make([]apiclient.SandboxVolume, 0, len(volumesFlag))\n\t\t\tfor _, v := range volumesFlag {\n\t\t\t\tparts := strings.SplitN(v, \":\", 2)\n\t\t\t\tif len(parts) == 2 {\n\t\t\t\t\tvolumeId := parts[0]\n\t\t\t\t\tmountPath := parts[1]\n\t\t\t\t\tvolume := apiclient.SandboxVolume{\n\t\t\t\t\t\tVolumeId: volumeId,\n\t\t\t\t\t\tMountPath: mountPath,\n\t\t\t\t\t}\n\t\t\t\t\tvolumes = append(volumes, volume)\n\t\t\t\t}\n\t\t\t}\n\t\t\tif len(volumes) > 0 {\n\t\t\t\tcreateSandbox.SetVolumes(volumes)\n\t\t\t}\n\t\t}\n\n\t\tvar sandbox *apiclient.Sandbox\n\n\t\tsandbox, res, err := apiClient.SandboxAPI.CreateSandbox(ctx).CreateSandbox(*createSandbox).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tif sandbox.State != nil && *sandbox.State == apiclient.SANDBOXSTATE_PENDING_BUILD {\n\t\t\tc, err := config.GetConfig()\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tactiveProfile, err := c.GetActiveProfile()\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\terr = common.AwaitSandboxState(ctx, apiClient, sandbox.Id, apiclient.SANDBOXSTATE_BUILDING_SNAPSHOT)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tlogsContext, stopLogs := context.WithCancel(context.Background())\n\t\t\tdefer stopLogs()\n\n\t\t\tgo common.ReadBuildLogs(logsContext, common.ReadLogParams{\n\t\t\t\tId: sandbox.Id,\n\t\t\t\tServerUrl: activeProfile.Api.Url,\n\t\t\t\tServerApi: activeProfile.Api,\n\t\t\t\tActiveOrganizationId: activeProfile.ActiveOrganizationId,\n\t\t\t\tFollow: util.Pointer(true),\n\t\t\t\tResourceType: common.ResourceTypeSandbox,\n\t\t\t})\n\n\t\t\terr = common.AwaitSandboxState(ctx, apiClient, sandbox.Id, apiclient.SANDBOXSTATE_STARTED)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\t// Wait for the last logs to be read\n\t\t\ttime.Sleep(250 * time.Millisecond)\n\t\t\tstopLogs()\n\t\t}\n\n\t\tpreviewUrl, res, err := apiClient.SandboxAPI.GetPortPreviewUrl(ctx, sandbox.Id, SANDBOX_TERMINAL_PORT).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tboldStyle := lipgloss.NewStyle().Bold(true)\n\n\t\tviews_common.RenderInfoMessageBold(fmt.Sprintf(\"Sandbox '%s' created successfully\", sandbox.Name))\n\t\tviews_common.RenderInfoMessage(fmt.Sprintf(\"Connect via SSH: %s\", boldStyle.Render(fmt.Sprintf(\"daytona ssh %s\", sandbox.Name))))\n\t\tviews_common.RenderInfoMessage(fmt.Sprintf(\"Open the Web Terminal: %s\\n\", views_common.LinkStyle.Render(previewUrl.Url)))\n\t\treturn nil\n\t},\n}\n\nvar (\n\tsnapshotFlag string\n\tnameFlag string\n\tuserFlag string\n\tenvFlag []string\n\tlabelsFlag []string\n\tpublicFlag bool\n\tclassFlag string\n\ttargetFlag string\n\tcpuFlag int32\n\tgpuFlag int32\n\tmemoryFlag int32\n\tdiskFlag int32\n\tautoStopFlag int32\n\tautoArchiveFlag int32\n\tautoDeleteFlag int32\n\tvolumesFlag []string\n\tdockerfileFlag string\n\tcontextFlag []string\n\tnetworkBlockAllFlag bool\n\tnetworkAllowListFlag string\n)\n\nfunc init() {\n\tCreateCmd.Flags().StringVar(&snapshotFlag, \"snapshot\", \"\", \"Snapshot to use for the sandbox\")\n\tCreateCmd.Flags().StringVar(&nameFlag, \"name\", \"\", \"Name of the sandbox\")\n\tCreateCmd.Flags().StringVar(&userFlag, \"user\", \"\", \"User associated with the sandbox\")\n\tCreateCmd.Flags().StringArrayVarP(&envFlag, \"env\", \"e\", []string{}, \"Environment variables (format: KEY=VALUE)\")\n\tCreateCmd.Flags().StringArrayVarP(&labelsFlag, \"label\", \"l\", []string{}, \"Labels (format: KEY=VALUE)\")\n\tCreateCmd.Flags().BoolVar(&publicFlag, \"public\", false, \"Make sandbox publicly accessible\")\n\tCreateCmd.Flags().StringVar(&classFlag, \"class\", \"\", \"Sandbox class type (small, medium, large)\")\n\tCreateCmd.Flags().StringVar(&targetFlag, \"target\", \"\", \"Target region (eu, us)\")\n\tCreateCmd.Flags().Int32Var(&cpuFlag, \"cpu\", 0, \"CPU cores allocated to the sandbox\")\n\tCreateCmd.Flags().Int32Var(&gpuFlag, \"gpu\", 0, \"GPU units allocated to the sandbox\")\n\tCreateCmd.Flags().Int32Var(&memoryFlag, \"memory\", 0, \"Memory allocated to the sandbox in MB\")\n\tCreateCmd.Flags().Int32Var(&diskFlag, \"disk\", 0, \"Disk space allocated to the sandbox in GB\")\n\tCreateCmd.Flags().Int32Var(&autoStopFlag, \"auto-stop\", 15, \"Auto-stop interval in minutes (0 means disabled)\")\n\tCreateCmd.Flags().Int32Var(&autoArchiveFlag, \"auto-archive\", 10080, \"Auto-archive interval in minutes (0 means the maximum interval will be used)\")\n\tCreateCmd.Flags().Int32Var(&autoDeleteFlag, \"auto-delete\", -1, \"Auto-delete interval in minutes (negative value means disabled, 0 means delete immediately upon stopping)\")\n\tCreateCmd.Flags().StringArrayVarP(&volumesFlag, \"volume\", \"v\", []string{}, \"Volumes to mount (format: VOLUME_NAME:MOUNT_PATH)\")\n\tCreateCmd.Flags().StringVarP(&dockerfileFlag, \"dockerfile\", \"f\", \"\", \"Path to Dockerfile for Sandbox snapshot\")\n\tCreateCmd.Flags().StringArrayVarP(&contextFlag, \"context\", \"c\", []string{}, \"Files or directories to include in the build context (can be specified multiple times)\")\n\tCreateCmd.Flags().BoolVar(&networkBlockAllFlag, \"network-block-all\", false, \"Whether to block all network access for the sandbox\")\n\tCreateCmd.Flags().StringVar(&networkAllowListFlag, \"network-allow-list\", \"\", \"Comma-separated list of allowed CIDR network addresses for the sandbox\")\n\n\tCreateCmd.MarkFlagsMutuallyExclusive(\"snapshot\", \"dockerfile\")\n\tCreateCmd.MarkFlagsMutuallyExclusive(\"snapshot\", \"context\")\n}\n" }, { "path": "apps/cli/cmd/sandbox/delete.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage sandbox\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"sync\"\n\t\"sync/atomic\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\tview_common \"github.com/daytonaio/daytona/cli/views/common\"\n\tviews_util \"github.com/daytonaio/daytona/cli/views/util\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/spf13/cobra\"\n)\n\nconst spinnerThreshold = 10\n\nvar DeleteCmd = &cobra.Command{\n\tUse: \"delete [SANDBOX_ID] | [SANDBOX_NAME]\",\n\tShort: \"Delete a sandbox\",\n\tArgs: cobra.MaximumNArgs(1),\n\tAliases: common.GetAliases(\"delete\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient_cli.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\t// Handle case when no sandbox ID is provided and allFlag is true\n\t\tif len(args) == 0 {\n\t\t\tif allFlag {\n\t\t\t\tpage := float32(1.0)\n\t\t\t\tlimit := float32(200.0) // 200 is the maximum limit for the API\n\t\t\t\tvar allSandboxes []apiclient.Sandbox\n\n\t\t\t\tfor {\n\t\t\t\t\tsandboxBatch, res, err := apiClient.SandboxAPI.ListSandboxesPaginated(ctx).Page(page).Limit(limit).Execute()\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t\t\t\t}\n\n\t\t\t\t\tallSandboxes = append(allSandboxes, sandboxBatch.Items...)\n\n\t\t\t\t\tif len(sandboxBatch.Items) < int(limit) || page >= float32(sandboxBatch.TotalPages) {\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t\tpage++\n\t\t\t\t}\n\n\t\t\t\tif len(allSandboxes) == 0 {\n\t\t\t\t\tview_common.RenderInfoMessageBold(\"No sandboxes to delete\")\n\t\t\t\t\treturn nil\n\t\t\t\t}\n\n\t\t\t\tvar deletedCount int64\n\n\t\t\t\tdeleteFn := func() error {\n\t\t\t\t\tvar wg sync.WaitGroup\n\t\t\t\t\tsem := make(chan struct{}, 10) // limit to 10 concurrent deletes\n\n\t\t\t\t\tfor _, sb := range allSandboxes {\n\t\t\t\t\t\twg.Add(1)\n\t\t\t\t\t\tgo func(sb apiclient.Sandbox) {\n\t\t\t\t\t\t\tdefer wg.Done()\n\t\t\t\t\t\t\tsem <- struct{}{}\n\t\t\t\t\t\t\tdefer func() { <-sem }()\n\n\t\t\t\t\t\t\t_, res, err := apiClient.SandboxAPI.DeleteSandbox(ctx, sb.Id).Execute()\n\t\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\t\tfmt.Printf(\"Failed to delete sandbox %s: %s\\n\", sb.Id, apiclient_cli.HandleErrorResponse(res, err))\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\tatomic.AddInt64(&deletedCount, 1)\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}(sb)\n\t\t\t\t\t}\n\t\t\t\t\twg.Wait()\n\t\t\t\t\treturn nil\n\t\t\t\t}\n\n\t\t\t\tif len(allSandboxes) > spinnerThreshold {\n\t\t\t\t\terr = views_util.WithInlineSpinner(\"Deleting all sandboxes\", deleteFn)\n\t\t\t\t} else {\n\t\t\t\t\terr = deleteFn()\n\t\t\t\t}\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tview_common.RenderInfoMessageBold(fmt.Sprintf(\"Deleted %d sandboxes\", atomic.LoadInt64(&deletedCount)))\n\t\t\t\treturn nil\n\t\t\t}\n\t\t\treturn cmd.Help()\n\t\t}\n\n\t\t// Handle case when a sandbox ID is provided\n\t\tsandboxIdOrNameArg := args[0]\n\n\t\t_, res, err := apiClient.SandboxAPI.DeleteSandbox(ctx, sandboxIdOrNameArg).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tview_common.RenderInfoMessageBold(fmt.Sprintf(\"Sandbox %s deleted\", sandboxIdOrNameArg))\n\n\t\treturn nil\n\t},\n}\n\nvar allFlag bool\n\nfunc init() {\n\tDeleteCmd.Flags().BoolVarP(&allFlag, \"all\", \"a\", false, \"Delete all sandboxes\")\n}\n" }, { "path": "apps/cli/cmd/sandbox/exec.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage sandbox\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/daytonaio/daytona/cli/toolbox\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar ExecCmd = &cobra.Command{\n\tUse: \"exec [SANDBOX_ID | SANDBOX_NAME] -- [COMMAND] [ARGS...]\",\n\tShort: \"Execute a command in a sandbox\",\n\tLong: \"Execute a command in a running sandbox\",\n\tArgs: cobra.MinimumNArgs(2),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tsandboxIdOrName := args[0]\n\n\t\t// Find the command args after \"--\"\n\t\tcommandArgs := args[1:]\n\t\tif len(commandArgs) == 0 {\n\t\t\treturn fmt.Errorf(\"no command specified\")\n\t\t}\n\n\t\t// First, get the sandbox to get its ID and region (in case name was provided)\n\t\tsandbox, res, err := apiClient.SandboxAPI.GetSandbox(ctx, sandboxIdOrName).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tif err := common.RequireStartedState(sandbox); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\ttoolboxClient := toolbox.NewClient(apiClient)\n\n\t\tcommand := strings.Join(commandArgs, \" \")\n\n\t\texecuteRequest := toolbox.ExecuteRequest{\n\t\t\tCommand: command,\n\t\t}\n\t\tif execCwd != \"\" {\n\t\t\texecuteRequest.Cwd = &execCwd\n\t\t}\n\t\tif execTimeout > 0 {\n\t\t\ttimeout := float32(execTimeout)\n\t\t\texecuteRequest.Timeout = &timeout\n\t\t}\n\n\t\t// Execute the command via toolbox\n\t\tresponse, err := toolboxClient.ExecuteCommand(ctx, sandbox, executeRequest)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\t// Print the output (stdout + stderr combined)\n\t\tif response.Result != \"\" {\n\t\t\tfmt.Print(response.Result)\n\t\t}\n\n\t\t// Exit with the command's exit code\n\t\texitCode := int(response.ExitCode)\n\t\tif exitCode != 0 {\n\t\t\tif response.Result == \"\" {\n\t\t\t\tfmt.Fprintf(os.Stderr, \"Command failed with exit code %d\\n\", exitCode)\n\t\t\t}\n\t\t\tos.Exit(exitCode)\n\t\t}\n\n\t\treturn nil\n\t},\n}\n\nvar (\n\texecCwd string\n\texecTimeout int\n)\n\nfunc init() {\n\tExecCmd.Flags().StringVar(&execCwd, \"cwd\", \"\", \"Working directory for command execution\")\n\tExecCmd.Flags().IntVar(&execTimeout, \"timeout\", 0, \"Command timeout in seconds (0 for no timeout)\")\n}\n" }, { "path": "apps/cli/cmd/sandbox/info.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage sandbox\n\nimport (\n\t\"context\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/daytonaio/daytona/cli/views/sandbox\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar InfoCmd = &cobra.Command{\n\tUse: \"info [SANDBOX_ID] | [SANDBOX_NAME]\",\n\tShort: \"Get sandbox info\",\n\tArgs: cobra.ExactArgs(1),\n\tAliases: common.GetAliases(\"info\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tsandboxIdOrNameArg := args[0]\n\n\t\tsb, res, err := apiClient.SandboxAPI.GetSandbox(ctx, sandboxIdOrNameArg).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tif common.FormatFlag != \"\" {\n\t\t\tformattedData := common.NewFormatter(sb)\n\t\t\tformattedData.Print()\n\t\t\treturn nil\n\t\t}\n\n\t\tsandbox.RenderInfo(sb, false)\n\n\t\treturn nil\n\t},\n}\n\nfunc init() {\n\tcommon.RegisterFormatFlag(InfoCmd)\n}\n" }, { "path": "apps/cli/cmd/sandbox/list.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage sandbox\n\nimport (\n\t\"context\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/daytonaio/daytona/cli/config\"\n\t\"github.com/daytonaio/daytona/cli/views/sandbox\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar (\n\tpageFlag int\n\tlimitFlag int\n)\n\nvar ListCmd = &cobra.Command{\n\tUse: \"list\",\n\tShort: \"List sandboxes\",\n\tArgs: cobra.NoArgs,\n\tAliases: common.GetAliases(\"list\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tpage := float32(1.0)\n\t\tlimit := float32(100.0)\n\n\t\tif cmd.Flags().Changed(\"page\") {\n\t\t\tpage = float32(pageFlag)\n\t\t}\n\n\t\tif cmd.Flags().Changed(\"limit\") {\n\t\t\tlimit = float32(limitFlag)\n\t\t}\n\n\t\tsandboxList, res, err := apiClient.SandboxAPI.ListSandboxesPaginated(ctx).Page(page).Limit(limit).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tsandbox.SortSandboxes(&sandboxList.Items)\n\n\t\tif common.FormatFlag != \"\" {\n\t\t\tformattedData := common.NewFormatter(sandboxList)\n\t\t\tformattedData.Print()\n\t\t\treturn nil\n\t\t}\n\n\t\tvar activeOrganizationName *string\n\n\t\tif !config.IsApiKeyAuth() {\n\t\t\tname, err := common.GetActiveOrganizationName(apiClient, ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tactiveOrganizationName = &name\n\t\t}\n\n\t\tsandbox.ListSandboxes(sandboxList.Items, activeOrganizationName)\n\t\treturn nil\n\t},\n}\n\nfunc init() {\n\tListCmd.Flags().IntVarP(&pageFlag, \"page\", \"p\", 1, \"Page number for pagination (starting from 1)\")\n\tListCmd.Flags().IntVarP(&limitFlag, \"limit\", \"l\", 100, \"Maximum number of items per page\")\n\tcommon.RegisterFormatFlag(ListCmd)\n}\n" }, { "path": "apps/cli/cmd/sandbox/preview_url.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage sandbox\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar PreviewUrlCmd = &cobra.Command{\n\tUse: \"preview-url [SANDBOX_ID | SANDBOX_NAME]\",\n\tShort: \"Get signed preview URL for a sandbox port\",\n\tArgs: cobra.ExactArgs(1),\n\tAliases: common.GetAliases(\"preview-url\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tsandboxIdOrName := args[0]\n\n\t\tif previewUrlPort == 0 {\n\t\t\treturn fmt.Errorf(\"port flag is required\")\n\t\t}\n\n\t\treq := apiClient.SandboxAPI.GetSignedPortPreviewUrl(ctx, sandboxIdOrName, previewUrlPort).\n\t\t\tExpiresInSeconds(previewUrlExpires)\n\n\t\tpreviewUrl, res, err := req.Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tfmt.Println(previewUrl.Url)\n\n\t\treturn nil\n\t},\n}\n\nvar (\n\tpreviewUrlPort int32\n\tpreviewUrlExpires int32\n)\n\nfunc init() {\n\tPreviewUrlCmd.Flags().Int32VarP(&previewUrlPort, \"port\", \"p\", 0, \"Port number to get preview URL for (required)\")\n\tPreviewUrlCmd.Flags().Int32Var(&previewUrlExpires, \"expires\", 3600, \"URL expiration time in seconds\")\n\n\t_ = PreviewUrlCmd.MarkFlagRequired(\"port\")\n}\n" }, { "path": "apps/cli/cmd/sandbox/sandbox.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage sandbox\n\nimport (\n\t\"github.com/daytonaio/daytona/cli/internal\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar SandboxCmd = &cobra.Command{\n\tUse: \"sandbox\",\n\tShort: \"Manage Daytona sandboxes\",\n\tLong: \"Commands for managing Daytona sandboxes\",\n\tAliases: []string{\"sandboxes\"},\n\tGroupID: internal.SANDBOX_GROUP,\n\tHidden: true, // Deprecated: use top-level commands instead (e.g., \"daytona start\" instead of \"daytona sandbox start\")\n}\n\nfunc init() {\n\tSandboxCmd.AddCommand(ListCmd)\n\tSandboxCmd.AddCommand(CreateCmd)\n\tSandboxCmd.AddCommand(InfoCmd)\n\tSandboxCmd.AddCommand(DeleteCmd)\n\tSandboxCmd.AddCommand(StartCmd)\n\tSandboxCmd.AddCommand(StopCmd)\n\tSandboxCmd.AddCommand(ArchiveCmd)\n\tSandboxCmd.AddCommand(SSHCmd)\n\tSandboxCmd.AddCommand(ExecCmd)\n\tSandboxCmd.AddCommand(PreviewUrlCmd)\n}\n" }, { "path": "apps/cli/cmd/sandbox/ssh.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage sandbox\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar SSHCmd = &cobra.Command{\n\tUse: \"ssh [SANDBOX_ID] | [SANDBOX_NAME]\",\n\tShort: \"SSH into a sandbox\",\n\tLong: \"Establish an SSH connection to a running sandbox\",\n\tArgs: cobra.ExactArgs(1),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tsandboxIdOrName := args[0]\n\n\t\t// Get sandbox to check state\n\t\tsandbox, res, err := apiClient.SandboxAPI.GetSandbox(ctx, sandboxIdOrName).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tif err := common.RequireStartedState(sandbox); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\t// Create SSH access token\n\t\tsshAccessRequest := apiClient.SandboxAPI.CreateSshAccess(ctx, sandbox.Id)\n\t\tif sshExpiresInMinutes > 0 {\n\t\t\tsshAccessRequest = sshAccessRequest.ExpiresInMinutes(float32(sshExpiresInMinutes))\n\t\t}\n\n\t\tsshAccess, res, err := sshAccessRequest.Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\t// Parse the SSH command from the response\n\t\tsshArgs, err := common.ParseSSHCommand(sshAccess.SshCommand)\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to parse SSH command: %w\", err)\n\t\t}\n\n\t\t// Execute SSH\n\t\treturn common.ExecuteSSH(sshArgs)\n\t},\n}\n\nvar sshExpiresInMinutes int\n\nfunc init() {\n\tSSHCmd.Flags().IntVar(&sshExpiresInMinutes, \"expires\", 1440, \"SSH access token expiration time in minutes (defaults to 24 hours)\")\n}\n" }, { "path": "apps/cli/cmd/sandbox/start.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage sandbox\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\tview_common \"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar StartCmd = &cobra.Command{\n\tUse: \"start [SANDBOX_ID] | [SANDBOX_NAME]\",\n\tShort: \"Start a sandbox\",\n\tArgs: cobra.MaximumNArgs(1),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tsandboxIdOrNameArg := args[0]\n\n\t\t_, res, err := apiClient.SandboxAPI.StartSandbox(ctx, sandboxIdOrNameArg).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tview_common.RenderInfoMessageBold(fmt.Sprintf(\"Sandbox %s started\", sandboxIdOrNameArg))\n\n\t\treturn nil\n\t},\n}\n\nfunc init() {\n}\n" }, { "path": "apps/cli/cmd/sandbox/stop.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage sandbox\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\tview_common \"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar StopCmd = &cobra.Command{\n\tUse: \"stop [SANDBOX_ID] | [SANDBOX_NAME]\",\n\tShort: \"Stop a sandbox\",\n\tArgs: cobra.MaximumNArgs(1),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tsandboxIdOrNameArg := args[0]\n\n\t\t_, res, err := apiClient.SandboxAPI.StopSandbox(ctx, sandboxIdOrNameArg).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tview_common.RenderInfoMessageBold(fmt.Sprintf(\"Sandbox %s stopped\", sandboxIdOrNameArg))\n\t\treturn nil\n\t},\n}\n\nfunc init() {\n}\n" }, { "path": "apps/cli/cmd/snapshot/create.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage snapshot\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"strings\"\n\t\"time\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/daytonaio/daytona/cli/config\"\n\t\"github.com/daytonaio/daytona/cli/util\"\n\tview_common \"github.com/daytonaio/daytona/cli/views/common\"\n\tviews_util \"github.com/daytonaio/daytona/cli/views/util\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar CreateCmd = &cobra.Command{\n\tUse: \"create [SNAPSHOT]\",\n\tShort: \"Create a snapshot\",\n\tArgs: cobra.ExactArgs(1),\n\tAliases: common.GetAliases(\"create\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\t\tsnapshotName := args[0]\n\n\t\tusingDockerfile := dockerfilePathFlag != \"\"\n\t\tusingImage := imageNameFlag != \"\"\n\n\t\tif !usingDockerfile && !usingImage {\n\t\t\treturn fmt.Errorf(\"must specify either --dockerfile or --image\")\n\t\t}\n\n\t\tapiClient, err := apiclient_cli.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tcreateSnapshot := apiclient.NewCreateSnapshot(snapshotName)\n\n\t\tif cpuFlag != 0 {\n\t\t\tcreateSnapshot.SetCpu(cpuFlag)\n\t\t}\n\t\tif memoryFlag != 0 {\n\t\t\tcreateSnapshot.SetMemory(memoryFlag)\n\t\t}\n\t\tif diskFlag != 0 {\n\t\t\tcreateSnapshot.SetDisk(diskFlag)\n\t\t}\n\t\tif regionIdFlag != \"\" {\n\t\t\tcreateSnapshot.SetRegionId(regionIdFlag)\n\t\t}\n\n\t\tif usingDockerfile {\n\t\t\tcreateBuildInfoDto, err := common.GetCreateBuildInfoDto(ctx, dockerfilePathFlag, contextFlag)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tcreateSnapshot.SetBuildInfo(*createBuildInfoDto)\n\t\t} else if usingImage {\n\t\t\terr := common.ValidateImageName(imageNameFlag)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tcreateSnapshot.SetImageName(imageNameFlag)\n\t\t\tif entrypointFlag != \"\" {\n\t\t\t\tcreateSnapshot.SetEntrypoint(strings.Split(entrypointFlag, \" \"))\n\t\t\t}\n\t\t} else if entrypointFlag != \"\" {\n\t\t\tcreateSnapshot.SetEntrypoint(strings.Split(entrypointFlag, \" \"))\n\t\t}\n\n\t\t// Send create request\n\t\tsnapshot, res, err := apiClient.SnapshotsAPI.CreateSnapshot(ctx).CreateSnapshot(*createSnapshot).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\t// If we're building from a Dockerfile, show build logs\n\t\tif usingDockerfile {\n\t\t\tc, err := config.GetConfig()\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tactiveProfile, err := c.GetActiveProfile()\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tlogsContext, stopLogs := context.WithCancel(context.Background())\n\t\t\tdefer stopLogs()\n\n\t\t\tgo common.ReadBuildLogs(logsContext, common.ReadLogParams{\n\t\t\t\tId: snapshot.Id,\n\t\t\t\tServerUrl: activeProfile.Api.Url,\n\t\t\t\tServerApi: activeProfile.Api,\n\t\t\t\tActiveOrganizationId: activeProfile.ActiveOrganizationId,\n\t\t\t\tFollow: util.Pointer(true),\n\t\t\t\tResourceType: common.ResourceTypeSnapshot,\n\t\t\t})\n\n\t\t\terr = common.AwaitSnapshotState(ctx, apiClient, snapshotName, apiclient.SNAPSHOTSTATE_PENDING)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\t// Wait for the last logs to be read\n\t\t\ttime.Sleep(250 * time.Millisecond)\n\t\t\tstopLogs()\n\t\t}\n\n\t\terr = views_util.WithInlineSpinner(\"Waiting for the snapshot to be validated\", func() error {\n\t\t\treturn common.AwaitSnapshotState(ctx, apiClient, snapshotName, apiclient.SNAPSHOTSTATE_ACTIVE)\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tview_common.RenderInfoMessageBold(fmt.Sprintf(\"Snapshot %s successfully created\", snapshotName))\n\t\tview_common.RenderInfoMessage(fmt.Sprintf(\"%s Run 'daytona sandbox create --snapshot %s' to create a new sandbox using this snapshot\", view_common.Checkmark, snapshotName))\n\t\treturn nil\n\t},\n}\n\nvar (\n\tentrypointFlag string\n\timageNameFlag string\n\tdockerfilePathFlag string\n\tcontextFlag []string\n\tcpuFlag int32\n\tmemoryFlag int32\n\tdiskFlag int32\n\tregionIdFlag string\n)\n\nfunc init() {\n\tCreateCmd.Flags().StringVarP(&entrypointFlag, \"entrypoint\", \"e\", \"\", \"The entrypoint command for the snapshot\")\n\tCreateCmd.Flags().StringVarP(&imageNameFlag, \"image\", \"i\", \"\", \"The image name for the snapshot\")\n\tCreateCmd.Flags().StringVarP(&dockerfilePathFlag, \"dockerfile\", \"f\", \"\", \"Path to Dockerfile to build\")\n\tCreateCmd.Flags().StringArrayVarP(&contextFlag, \"context\", \"c\", []string{}, \"Files or directories to include in the build context (can be specified multiple times). If not provided, context will be automatically determined from COPY/ADD commands in the Dockerfile\")\n\tCreateCmd.Flags().Int32Var(&cpuFlag, \"cpu\", 0, \"CPU cores that will be allocated to the underlying sandboxes (default: 1)\")\n\tCreateCmd.Flags().Int32Var(&memoryFlag, \"memory\", 0, \"Memory that will be allocated to the underlying sandboxes in GB (default: 1)\")\n\tCreateCmd.Flags().Int32Var(&diskFlag, \"disk\", 0, \"Disk space that will be allocated to the underlying sandboxes in GB (default: 3)\")\n\tCreateCmd.Flags().StringVar(®ionIdFlag, \"region\", \"\", \"ID of the region where the snapshot will be available (defaults to organization default region)\")\n\n\tCreateCmd.MarkFlagsMutuallyExclusive(\"image\", \"dockerfile\")\n\tCreateCmd.MarkFlagsMutuallyExclusive(\"image\", \"context\")\n\tCreateCmd.MarkFlagsMutuallyExclusive(\"entrypoint\", \"dockerfile\")\n\tCreateCmd.MarkFlagsMutuallyExclusive(\"entrypoint\", \"context\")\n}\n" }, { "path": "apps/cli/cmd/snapshot/delete.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage snapshot\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\tview_common \"github.com/daytonaio/daytona/cli/views/common\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar DeleteCmd = &cobra.Command{\n\tUse: \"delete [SNAPSHOT_ID | SNAPSHOT_NAME]\",\n\tShort: \"Delete a snapshot\",\n\tArgs: cobra.MaximumNArgs(1),\n\tAliases: common.GetAliases(\"delete\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient_cli.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\t// Handle case when no snapshot ID is provided and allFlag is true\n\t\tif len(args) == 0 {\n\t\t\tif allFlag {\n\t\t\t\tpage := float32(1.0)\n\t\t\t\tlimit := float32(200.0) // 200 is the maximum limit for the API\n\t\t\t\tvar allSnapshots []apiclient.SnapshotDto\n\n\t\t\t\tfor {\n\t\t\t\t\tsnapshotBatch, res, err := apiClient.SnapshotsAPI.GetAllSnapshots(ctx).Page(page).Limit(limit).Execute()\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t\t\t\t}\n\n\t\t\t\t\tallSnapshots = append(allSnapshots, snapshotBatch.Items...)\n\n\t\t\t\t\tif len(snapshotBatch.Items) < int(limit) || page >= snapshotBatch.TotalPages {\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t\tpage++\n\t\t\t\t}\n\n\t\t\t\tif len(allSnapshots) == 0 {\n\t\t\t\t\tview_common.RenderInfoMessageBold(\"No snapshots to delete\")\n\t\t\t\t\treturn nil\n\t\t\t\t}\n\n\t\t\t\tvar deletedCount int\n\n\t\t\t\tfor _, snapshot := range allSnapshots {\n\t\t\t\t\tres, err := apiClient.SnapshotsAPI.RemoveSnapshot(ctx, snapshot.Id).Execute()\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\tfmt.Printf(\"Failed to delete snapshot %s: %s\\n\", snapshot.Id, apiclient_cli.HandleErrorResponse(res, err))\n\t\t\t\t\t} else {\n\t\t\t\t\t\tdeletedCount++\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tview_common.RenderInfoMessageBold(fmt.Sprintf(\"Deleted %d snapshots\", deletedCount))\n\t\t\t\treturn nil\n\t\t\t}\n\t\t\treturn cmd.Help()\n\t\t}\n\n\t\tsnapshotIdOrName := args[0]\n\n\t\tsnapshot, res, err := apiClient.SnapshotsAPI.GetSnapshot(ctx, snapshotIdOrName).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tres, err = apiClient.SnapshotsAPI.RemoveSnapshot(ctx, snapshot.Id).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tview_common.RenderInfoMessageBold(fmt.Sprintf(\"Snapshot %s deleted\", snapshotIdOrName))\n\n\t\treturn nil\n\t},\n}\n\nvar allFlag bool\n\nfunc init() {\n\tDeleteCmd.Flags().BoolVarP(&allFlag, \"all\", \"a\", false, \"Delete all snapshots\")\n}\n" }, { "path": "apps/cli/cmd/snapshot/list.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage snapshot\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/daytonaio/daytona/cli/config\"\n\t\"github.com/daytonaio/daytona/cli/views/snapshot\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar (\n\tpageFlag int\n\tlimitFlag int\n)\n\nvar ListCmd = &cobra.Command{\n\tUse: \"list\",\n\tShort: \"List all snapshots\",\n\tLong: \"List all available Daytona snapshots\",\n\tAliases: common.GetAliases(\"list\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tpage := float32(1.0)\n\t\tlimit := float32(100.0)\n\n\t\tif cmd.Flags().Changed(\"page\") {\n\t\t\tpage = float32(pageFlag)\n\t\t}\n\n\t\tif cmd.Flags().Changed(\"limit\") {\n\t\t\tlimit = float32(limitFlag)\n\t\t}\n\n\t\tsnapshots, res, err := apiClient.SnapshotsAPI.GetAllSnapshots(ctx).Page(page).Limit(limit).Execute()\n\t\tif err != nil {\n\t\t\tfmt.Printf(\"Error: %v\\n\", err)\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tif common.FormatFlag != \"\" {\n\t\t\tformattedData := common.NewFormatter(snapshots.Items)\n\t\t\tformattedData.Print()\n\t\t\treturn nil\n\t\t}\n\n\t\tvar activeOrganizationName *string\n\n\t\tif !config.IsApiKeyAuth() {\n\t\t\tname, err := common.GetActiveOrganizationName(apiClient, ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tactiveOrganizationName = &name\n\t\t}\n\n\t\tsnapshot.ListSnapshots(snapshots.Items, activeOrganizationName)\n\t\treturn nil\n\t},\n}\n\nfunc init() {\n\tcommon.RegisterFormatFlag(ListCmd)\n\tListCmd.Flags().IntVarP(&pageFlag, \"page\", \"p\", 1, \"Page number for pagination (starting from 1)\")\n\tListCmd.Flags().IntVarP(&limitFlag, \"limit\", \"l\", 100, \"Maximum number of items per page\")\n}\n" }, { "path": "apps/cli/cmd/snapshot/push.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage snapshot\n\nimport (\n\t\"context\"\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"time\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/daytonaio/daytona/cli/docker\"\n\tviews_common \"github.com/daytonaio/daytona/cli/views/common\"\n\tviews_util \"github.com/daytonaio/daytona/cli/views/util\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/docker/docker/api/types/image\"\n\t\"github.com/docker/docker/api/types/registry\"\n\t\"github.com/docker/docker/client\"\n\t\"github.com/docker/docker/pkg/jsonmessage\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar PushCmd = &cobra.Command{\n\tUse: \"push [SNAPSHOT]\",\n\tShort: \"Push local snapshot\",\n\tLong: \"Push a local Docker image to Daytona. To securely build it on our infrastructure, use 'daytona snapshot build'\",\n\tArgs: cobra.ExactArgs(1),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\t\tsourceImage := args[0]\n\n\t\terr := common.ValidateImageName(sourceImage)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tdockerClient, err := client.NewClientWithOpts(\n\t\t\tclient.FromEnv,\n\t\t\tclient.WithAPIVersionNegotiation(),\n\t\t)\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to create Docker client: %w\", err)\n\t\t}\n\t\tdefer dockerClient.Close()\n\n\t\t// Check if the image exists locally when not building\n\t\tif exists, err := docker.ImageExistsLocally(ctx, dockerClient, sourceImage); err != nil {\n\t\t\treturn err\n\t\t} else if !exists {\n\t\t\treturn fmt.Errorf(\"image '%s' not found locally. Please ensure the image exists and try again\", sourceImage)\n\t\t}\n\n\t\t// Validate image architecture\n\t\tisArchAmd, err := docker.CheckAmdArchitecture(ctx, dockerClient, sourceImage)\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to check image architecture: %w\", err)\n\t\t}\n\t\tif !isArchAmd {\n\t\t\treturn fmt.Errorf(\"image '%s' is not compatible with AMD architecture\", sourceImage)\n\t\t}\n\n\t\tapiClient, err := apiclient_cli.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tpushAccessRequest := apiClient.DockerRegistryAPI.GetTransientPushAccess(ctx)\n\t\tif regionIdFlag != \"\" {\n\t\t\tpushAccessRequest = pushAccessRequest.RegionId(regionIdFlag)\n\t\t}\n\t\ttokenResponse, res, err := pushAccessRequest.Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tencodedAuthConfig, err := json.Marshal(registry.AuthConfig{\n\t\t\tUsername: tokenResponse.Username,\n\t\t\tPassword: tokenResponse.Secret,\n\t\t\tServerAddress: tokenResponse.RegistryUrl,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to marshal auth config: %w\", err)\n\t\t}\n\n\t\t// Extract image name without tag and create timestamp-based tag\n\t\timageName := sourceImage\n\t\tif colonIndex := strings.LastIndex(sourceImage, \":\"); colonIndex != -1 {\n\t\t\timageName = sourceImage[:colonIndex]\n\t\t}\n\n\t\t// Generate timestamp-based tag to avoid inconsistencies\n\t\t// 20060102150405 is the format of the timestamp (year, month, day, hour, minute, second)\n\t\ttimestamp := time.Now().Format(\"20060102150405\")\n\t\ttargetImage := fmt.Sprintf(\"%s/%s/%s:%s\", tokenResponse.RegistryUrl, tokenResponse.Project, imageName, timestamp)\n\t\terr = dockerClient.ImageTag(ctx, sourceImage, targetImage)\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to tag image: %w\", err)\n\t\t}\n\n\t\t// Push image to transient registry\n\t\tpushReader, err := dockerClient.ImagePush(ctx, targetImage, image.PushOptions{\n\t\t\tRegistryAuth: base64.URLEncoding.EncodeToString(encodedAuthConfig),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to push image: %w\", err)\n\t\t}\n\t\tdefer pushReader.Close()\n\n\t\terr = jsonmessage.DisplayJSONMessagesStream(pushReader, os.Stdout, 0, true, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tcreateSnapshot := apiclient.NewCreateSnapshot(nameFlag)\n\n\t\tcreateSnapshot.SetImageName(targetImage)\n\n\t\tif entrypointFlag != \"\" {\n\t\t\tcreateSnapshot.SetEntrypoint(strings.Split(entrypointFlag, \" \"))\n\t\t}\n\n\t\t// Poll until the image is really available on the registry\n\t\t// This is a workaround for harbor's delay in making newly created images available\n\t\tfor {\n\t\t\t_, err := dockerClient.DistributionInspect(ctx, targetImage,\n\t\t\t\tbase64.URLEncoding.EncodeToString(encodedAuthConfig))\n\t\t\tif err == nil {\n\t\t\t\tbreak\n\t\t\t}\n\t\t\ttime.Sleep(time.Second)\n\t\t}\n\n\t\tif cpuFlag != 0 {\n\t\t\tcreateSnapshot.SetCpu(cpuFlag)\n\t\t}\n\t\tif memoryFlag != 0 {\n\t\t\tcreateSnapshot.SetMemory(memoryFlag)\n\t\t}\n\t\tif diskFlag != 0 {\n\t\t\tcreateSnapshot.SetDisk(diskFlag)\n\t\t}\n\t\tif regionIdFlag != \"\" {\n\t\t\tcreateSnapshot.SetRegionId(regionIdFlag)\n\t\t}\n\n\t\t_, res, err = apiClient.SnapshotsAPI.CreateSnapshot(ctx).CreateSnapshot(*createSnapshot).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tviews_common.RenderInfoMessageBold(fmt.Sprintf(\"Successfully pushed %s to Daytona\", sourceImage))\n\n\t\terr = views_util.WithInlineSpinner(\"Waiting for the snapshot to be validated\", func() error {\n\t\t\treturn common.AwaitSnapshotState(ctx, apiClient, nameFlag, apiclient.SNAPSHOTSTATE_ACTIVE)\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tviews_common.RenderInfoMessage(fmt.Sprintf(\"%s Use '%s' to create a new sandbox using this snapshot\", views_common.Checkmark, nameFlag))\n\t\treturn nil\n\t},\n}\n\nvar (\n\tnameFlag string\n)\n\nfunc init() {\n\tPushCmd.Flags().StringVarP(&entrypointFlag, \"entrypoint\", \"e\", \"\", \"The entrypoint command for the image\")\n\tPushCmd.Flags().StringVarP(&nameFlag, \"name\", \"n\", \"\", \"Specify the Snapshot name\")\n\tPushCmd.Flags().Int32Var(&cpuFlag, \"cpu\", 0, \"CPU cores that will be allocated to the underlying sandboxes (default: 1)\")\n\tPushCmd.Flags().Int32Var(&memoryFlag, \"memory\", 0, \"Memory that will be allocated to the underlying sandboxes in GB (default: 1)\")\n\tPushCmd.Flags().Int32Var(&diskFlag, \"disk\", 0, \"Disk space that will be allocated to the underlying sandboxes in GB (default: 3)\")\n\tPushCmd.Flags().StringVar(®ionIdFlag, \"region\", \"\", \"ID of the region where the snapshot will be available (defaults to organization default region)\")\n\n\t_ = PushCmd.MarkFlagRequired(\"name\")\n}\n" }, { "path": "apps/cli/cmd/snapshot/snapshot.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage snapshot\n\nimport (\n\t\"github.com/daytonaio/daytona/cli/internal\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar SnapshotsCmd = &cobra.Command{\n\tUse: \"snapshot\",\n\tShort: \"Manage Daytona snapshots\",\n\tLong: \"Commands for managing Daytona snapshots\",\n\tAliases: []string{\"snapshots\"},\n\tGroupID: internal.SANDBOX_GROUP,\n}\n\nfunc init() {\n\tSnapshotsCmd.AddCommand(ListCmd)\n\tSnapshotsCmd.AddCommand(CreateCmd)\n\tSnapshotsCmd.AddCommand(PushCmd)\n\tSnapshotsCmd.AddCommand(DeleteCmd)\n}\n" }, { "path": "apps/cli/cmd/version.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage cmd\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/daytonaio/daytona/cli/internal\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar VersionCmd = &cobra.Command{\n\tUse: \"version\",\n\tShort: \"Print the version number\",\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tfmt.Println(\"Daytona CLI version\", internal.Version)\n\t\treturn nil\n\t},\n}\n" }, { "path": "apps/cli/cmd/volume/create.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage volume\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\tview_common \"github.com/daytonaio/daytona/cli/views/common\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar CreateCmd = &cobra.Command{\n\tUse: \"create [NAME]\",\n\tShort: \"Create a volume\",\n\tArgs: cobra.ExactArgs(1),\n\tAliases: common.GetAliases(\"create\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient_cli.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tvolume, res, err := apiClient.VolumesAPI.CreateVolume(ctx).CreateVolume(apiclient.CreateVolume{\n\t\t\tName: args[0],\n\t\t}).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient_cli.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tview_common.RenderInfoMessageBold(fmt.Sprintf(\"Volume %s successfully created\", volume.Name))\n\t\treturn nil\n\t},\n}\n\nvar sizeFlag int32\n\nfunc init() {\n\tCreateCmd.Flags().Int32VarP(&sizeFlag, \"size\", \"s\", 10, \"Size of the volume in GB\")\n}\n" }, { "path": "apps/cli/cmd/volume/delete.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage volume\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\tview_common \"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar DeleteCmd = &cobra.Command{\n\tUse: \"delete [VOLUME_ID]\",\n\tShort: \"Delete a volume\",\n\tArgs: cobra.ExactArgs(1),\n\tAliases: common.GetAliases(\"delete\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tres, err := apiClient.VolumesAPI.DeleteVolume(ctx, args[0]).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tview_common.RenderInfoMessageBold(fmt.Sprintf(\"Volume %s deleted\", args[0]))\n\t\treturn nil\n\t},\n}\n" }, { "path": "apps/cli/cmd/volume/get.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage volume\n\nimport (\n\t\"context\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/daytonaio/daytona/cli/views/volume\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar GetCmd = &cobra.Command{\n\tUse: \"get [VOLUME_ID]\",\n\tShort: \"Get volume details\",\n\tArgs: cobra.ExactArgs(1),\n\tAliases: common.GetAliases(\"get\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tvol, res, err := apiClient.VolumesAPI.GetVolume(ctx, args[0]).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tif common.FormatFlag != \"\" {\n\t\t\tformattedData := common.NewFormatter(vol)\n\t\t\tformattedData.Print()\n\t\t\treturn nil\n\t\t}\n\n\t\tvolume.RenderInfo(vol, false)\n\t\treturn nil\n\t},\n}\n\nfunc init() {\n\tcommon.RegisterFormatFlag(GetCmd)\n}\n" }, { "path": "apps/cli/cmd/volume/list.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage volume\n\nimport (\n\t\"context\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/daytonaio/daytona/cli/cmd/common\"\n\t\"github.com/daytonaio/daytona/cli/config\"\n\t\"github.com/daytonaio/daytona/cli/views/volume\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar ListCmd = &cobra.Command{\n\tUse: \"list\",\n\tShort: \"List all volumes\",\n\tArgs: cobra.NoArgs,\n\tAliases: common.GetAliases(\"list\"),\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\tctx := context.Background()\n\n\t\tapiClient, err := apiclient.GetApiClient(nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tvolumes, res, err := apiClient.VolumesAPI.ListVolumes(ctx).Execute()\n\t\tif err != nil {\n\t\t\treturn apiclient.HandleErrorResponse(res, err)\n\t\t}\n\n\t\tif common.FormatFlag != \"\" {\n\t\t\tformattedData := common.NewFormatter(volumes)\n\t\t\tformattedData.Print()\n\t\t\treturn nil\n\t\t}\n\n\t\tvar activeOrganizationName *string\n\n\t\tif !config.IsApiKeyAuth() {\n\t\t\tname, err := common.GetActiveOrganizationName(apiClient, ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tactiveOrganizationName = &name\n\t\t}\n\n\t\tvolume.ListVolumes(volumes, activeOrganizationName)\n\t\treturn nil\n\t},\n}\n\nfunc init() {\n\tcommon.RegisterFormatFlag(ListCmd)\n}\n" }, { "path": "apps/cli/cmd/volume/volume.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage volume\n\nimport (\n\t\"github.com/daytonaio/daytona/cli/internal\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar VolumeCmd = &cobra.Command{\n\tUse: \"volume\",\n\tShort: \"Manage Daytona volumes\",\n\tLong: \"Commands for managing Daytona volumes\",\n\tAliases: []string{\"volumes\"},\n\tGroupID: internal.SANDBOX_GROUP,\n}\n\nfunc init() {\n\tVolumeCmd.AddCommand(ListCmd)\n\tVolumeCmd.AddCommand(CreateCmd)\n\tVolumeCmd.AddCommand(GetCmd)\n\tVolumeCmd.AddCommand(DeleteCmd)\n}\n" }, { "path": "apps/cli/config/config.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage config\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"time\"\n\n\t\"github.com/daytonaio/daytona/cli/cmd\"\n\t\"github.com/daytonaio/daytona/cli/internal\"\n)\n\nconst DAYTONA_API_URL_ENV_VAR = \"DAYTONA_API_URL\"\nconst DAYTONA_API_KEY_ENV_VAR = \"DAYTONA_API_KEY\"\n\ntype Config struct {\n\tActiveProfileId string `json:\"activeProfile\"`\n\tProfiles []Profile `json:\"profiles\"`\n}\n\ntype Profile struct {\n\tId string `json:\"id\"`\n\tName string `json:\"name\"`\n\tApi ServerApi `json:\"api\"`\n\tActiveOrganizationId *string `json:\"activeOrganizationId\"`\n\tToolboxProxyUrls map[string]string `json:\"toolboxProxyUrls,omitempty\"` // Cache proxy URLs by region\n}\n\ntype ServerApi struct {\n\tUrl string `json:\"url\"`\n\tKey *string `json:\"key\"`\n\tToken *Token `json:\"token\"`\n}\n\ntype Token struct {\n\tAccessToken string `json:\"accessToken\"`\n\tRefreshToken string `json:\"refreshToken\"`\n\tExpiresAt time.Time `json:\"expiresAt\"`\n}\n\nfunc GetConfig() (*Config, error) {\n\tconfigFilePath, err := getConfigPath()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t_, err = os.Stat(configFilePath)\n\tif os.IsNotExist(err) {\n\t\t// Setup autocompletion when adding initial config\n\t\t_ = cmd.DetectShellAndSetupAutocompletion(cmd.AutoCompleteCmd.Root())\n\n\t\tconfig := &Config{}\n\t\treturn config, config.Save()\n\t}\n\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tvar c Config\n\tconfigContent, err := os.ReadFile(configFilePath)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\terr = json.Unmarshal(configContent, &c)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &c, nil\n}\n\nvar ErrNoProfilesFound = errors.New(\"no profiles found. Run `daytona login` to authenticate\")\n\nfunc (c *Config) GetActiveProfile() (Profile, error) {\n\tapiUrl := os.Getenv(DAYTONA_API_URL_ENV_VAR)\n\tapiKey := os.Getenv(DAYTONA_API_KEY_ENV_VAR)\n\n\tif apiUrl != \"\" && apiKey != \"\" {\n\t\treturn Profile{\n\t\t\tId: \"env\",\n\t\t\tApi: ServerApi{\n\t\t\t\tUrl: apiUrl,\n\t\t\t\tKey: &apiKey,\n\t\t\t},\n\t\t}, nil\n\t}\n\n\tif len(c.Profiles) == 0 {\n\t\treturn Profile{}, ErrNoProfilesFound\n\t}\n\n\tfor _, profile := range c.Profiles {\n\t\tif profile.Id == c.ActiveProfileId {\n\t\t\treturn profile, nil\n\t\t}\n\t}\n\n\treturn Profile{}, ErrNoActiveProfile\n}\n\nvar ErrNoActiveProfile = errors.New(\"no active profile found. Run `daytona login` to authenticate\")\nvar ErrNoActiveOrganization = errors.New(\"no active organization found. Run `daytona organization use` to select an organization\")\n\nfunc (c *Config) Save() error {\n\tconfigFilePath, err := getConfigPath()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\terr = os.MkdirAll(filepath.Dir(configFilePath), 0755)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tconfigContent, err := json.MarshalIndent(c, \"\", \" \")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn os.WriteFile(configFilePath, configContent, 0644)\n}\n\nfunc (c *Config) AddProfile(profile Profile) error {\n\tc.Profiles = append(c.Profiles, profile)\n\tc.ActiveProfileId = profile.Id\n\n\treturn c.Save()\n}\n\nfunc (c *Config) EditProfile(profile Profile) error {\n\tfor i, p := range c.Profiles {\n\t\tif p.Id == profile.Id {\n\t\t\tc.Profiles[i] = profile\n\n\t\t\treturn c.Save()\n\t\t}\n\t}\n\n\treturn fmt.Errorf(\"profile with id %s not found\", profile.Id)\n}\n\nfunc (c *Config) RemoveProfile(profileId string) error {\n\tif c.ActiveProfileId == profileId {\n\t\treturn errors.New(\"cannot remove active profile\")\n\t}\n\n\tvar profiles []Profile\n\tfor _, profile := range c.Profiles {\n\t\tif profile.Id != profileId {\n\t\t\tprofiles = append(profiles, profile)\n\t\t}\n\t}\n\n\tc.Profiles = profiles\n\n\treturn c.Save()\n}\n\nfunc (c *Config) GetProfile(profileId string) (Profile, error) {\n\tfor _, profile := range c.Profiles {\n\t\tif profile.Id == profileId {\n\t\t\treturn profile, nil\n\t\t}\n\t}\n\n\treturn Profile{}, errors.New(\"profile not found\")\n}\n\nfunc getConfigPath() (string, error) {\n\tconfigDir, err := GetConfigDir()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\treturn filepath.Join(configDir, \"config.json\"), nil\n}\n\nfunc GetConfigDir() (string, error) {\n\tdaytonaConfigDir := os.Getenv(\"DAYTONA_CONFIG_DIR\")\n\tif daytonaConfigDir != \"\" {\n\t\treturn daytonaConfigDir, nil\n\t}\n\n\tuserConfigDir, err := os.UserConfigDir()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\treturn filepath.Join(userConfigDir, \"daytona\"), nil\n}\n\nfunc DeleteConfigDir() error {\n\tconfigDir, err := GetConfigDir()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn os.RemoveAll(configDir)\n}\n\nfunc GetActiveOrganizationId() (string, error) {\n\tc, err := GetConfig()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tactiveProfile, err := c.GetActiveProfile()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tif activeProfile.ActiveOrganizationId == nil {\n\t\treturn \"\", ErrNoActiveOrganization\n\t}\n\n\treturn *activeProfile.ActiveOrganizationId, nil\n}\n\nfunc IsApiKeyAuth() bool {\n\tc, err := GetConfig()\n\tif err != nil {\n\t\treturn false\n\t}\n\n\tactiveProfile, err := c.GetActiveProfile()\n\tif err != nil {\n\t\treturn false\n\t}\n\n\treturn activeProfile.Api.Key != nil && activeProfile.Api.Token == nil\n}\n\nfunc GetAuth0Domain() string {\n\tauth0Domain := os.Getenv(\"DAYTONA_AUTH0_DOMAIN\")\n\tif auth0Domain == \"\" {\n\t\tauth0Domain = internal.Auth0Domain\n\t}\n\n\treturn auth0Domain\n}\n\nfunc GetAuth0ClientId() string {\n\tauth0ClientId := os.Getenv(\"DAYTONA_AUTH0_CLIENT_ID\")\n\tif auth0ClientId == \"\" {\n\t\tauth0ClientId = internal.Auth0ClientId\n\t}\n\n\treturn auth0ClientId\n}\n\nfunc GetAuth0ClientSecret() string {\n\tauth0ClientSecret := os.Getenv(\"DAYTONA_AUTH0_CLIENT_SECRET\")\n\tif auth0ClientSecret == \"\" {\n\t\tauth0ClientSecret = internal.Auth0ClientSecret\n\t}\n\n\treturn auth0ClientSecret\n}\n\nfunc GetAuth0CallbackPort() string {\n\tauth0CallbackPort := os.Getenv(\"DAYTONA_AUTH0_CALLBACK_PORT\")\n\tif auth0CallbackPort == \"\" {\n\t\tauth0CallbackPort = internal.Auth0CallbackPort\n\t}\n\n\treturn auth0CallbackPort\n}\n\nfunc GetAuth0Audience() string {\n\tauth0Audience := os.Getenv(\"DAYTONA_AUTH0_AUDIENCE\")\n\tif auth0Audience == \"\" {\n\t\tauth0Audience = internal.Auth0Audience\n\t}\n\n\treturn auth0Audience\n}\n\nfunc GetDaytonaApiUrl() string {\n\tdaytonaApiUrl := os.Getenv(\"DAYTONA_API_URL\")\n\tif daytonaApiUrl == \"\" {\n\t\tdaytonaApiUrl = internal.DaytonaApiUrl\n\t}\n\n\treturn daytonaApiUrl\n}\n\nfunc GetToolboxProxyUrl(region string) (string, error) {\n\tc, err := GetConfig()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tactiveProfile, err := c.GetActiveProfile()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tif activeProfile.ToolboxProxyUrls == nil {\n\t\treturn \"\", nil\n\t}\n\n\treturn activeProfile.ToolboxProxyUrls[region], nil\n}\n\nfunc SetToolboxProxyUrl(region, url string) error {\n\tc, err := GetConfig()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// Find and update the active profile\n\tfor i, profile := range c.Profiles {\n\t\tif profile.Id == c.ActiveProfileId {\n\t\t\tif c.Profiles[i].ToolboxProxyUrls == nil {\n\t\t\t\tc.Profiles[i].ToolboxProxyUrls = make(map[string]string)\n\t\t\t}\n\t\t\tc.Profiles[i].ToolboxProxyUrls[region] = url\n\t\t\treturn c.Save()\n\t\t}\n\t}\n\n\treturn ErrNoActiveProfile\n}\n" }, { "path": "apps/cli/docker/build.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage docker\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"slices\"\n\n\t\"github.com/docker/docker/api/types/image\"\n\t\"github.com/docker/docker/client\"\n)\n\nfunc ImageExistsLocally(ctx context.Context, dockerClient *client.Client, imageName string) (bool, error) {\n\timages, err := dockerClient.ImageList(ctx, image.ListOptions{})\n\tif err != nil {\n\t\treturn false, fmt.Errorf(\"failed to list images: %w\", err)\n\t}\n\n\tfor _, image := range images {\n\t\tfor _, tag := range image.RepoTags {\n\t\t\tif tag == imageName {\n\t\t\t\treturn true, nil\n\t\t\t}\n\t\t}\n\t}\n\treturn false, nil\n}\n\nfunc CheckAmdArchitecture(ctx context.Context, dockerClient *client.Client, imageName string) (bool, error) {\n\tinspect, err := dockerClient.ImageInspect(ctx, imageName)\n\tif err != nil {\n\t\treturn false, fmt.Errorf(\"failed to inspect image: %w\", err)\n\t}\n\n\tx64Architectures := []string{\"amd64\", \"x86_64\"}\n\n\tif slices.Contains(x64Architectures, inspect.Architecture) {\n\t\treturn true, nil\n\t}\n\n\treturn false, nil\n}\n" }, { "path": "apps/cli/docs/daytona.md", "content": "## daytona\n\nDaytona CLI\n\n### Synopsis\n\nCommand line interface for Daytona Sandboxes\n\n```\ndaytona [flags]\n```\n\n### Options\n\n```\n --help help for daytona\n -v, --version Display the version of Daytona\n```\n\n### SEE ALSO\n\n* [daytona archive](daytona_archive.md) - Archive a sandbox\n* [daytona autocomplete](daytona_autocomplete.md) - Adds a completion script for your shell environment\n* [daytona create](daytona_create.md) - Create a new sandbox\n* [daytona delete](daytona_delete.md) - Delete a sandbox\n* [daytona docs](daytona_docs.md) - Opens the Daytona documentation in your default browser.\n* [daytona exec](daytona_exec.md) - Execute a command in a sandbox\n* [daytona info](daytona_info.md) - Get sandbox info\n* [daytona list](daytona_list.md) - List sandboxes\n* [daytona login](daytona_login.md) - Log in to Daytona\n* [daytona logout](daytona_logout.md) - Logout from Daytona\n* [daytona mcp](daytona_mcp.md) - Manage Daytona MCP Server\n* [daytona organization](daytona_organization.md) - Manage Daytona organizations\n* [daytona preview-url](daytona_preview-url.md) - Get signed preview URL for a sandbox port\n* [daytona snapshot](daytona_snapshot.md) - Manage Daytona snapshots\n* [daytona ssh](daytona_ssh.md) - SSH into a sandbox\n* [daytona start](daytona_start.md) - Start a sandbox\n* [daytona stop](daytona_stop.md) - Stop a sandbox\n* [daytona version](daytona_version.md) - Print the version number\n* [daytona volume](daytona_volume.md) - Manage Daytona volumes\n" }, { "path": "apps/cli/docs/daytona_archive.md", "content": "## daytona archive\n\nArchive a sandbox\n\n```\ndaytona archive [SANDBOX_ID] | [SANDBOX_NAME] [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_autocomplete.md", "content": "## daytona autocomplete\n\nAdds a completion script for your shell environment\n\n```\ndaytona autocomplete [bash|zsh|fish|powershell] [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_create.md", "content": "## daytona create\n\nCreate a new sandbox\n\n```\ndaytona create [flags]\n```\n\n### Options\n\n```\n --auto-archive int32 Auto-archive interval in minutes (0 means the maximum interval will be used) (default 10080)\n --auto-delete int32 Auto-delete interval in minutes (negative value means disabled, 0 means delete immediately upon stopping) (default -1)\n --auto-stop int32 Auto-stop interval in minutes (0 means disabled) (default 15)\n --class string Sandbox class type (small, medium, large)\n -c, --context stringArray Files or directories to include in the build context (can be specified multiple times)\n --cpu int32 CPU cores allocated to the sandbox\n --disk int32 Disk space allocated to the sandbox in GB\n -f, --dockerfile string Path to Dockerfile for Sandbox snapshot\n -e, --env stringArray Environment variables (format: KEY=VALUE)\n --gpu int32 GPU units allocated to the sandbox\n -l, --label stringArray Labels (format: KEY=VALUE)\n --memory int32 Memory allocated to the sandbox in MB\n --name string Name of the sandbox\n --network-allow-list string Comma-separated list of allowed CIDR network addresses for the sandbox\n --network-block-all Whether to block all network access for the sandbox\n --public Make sandbox publicly accessible\n --snapshot string Snapshot to use for the sandbox\n --target string Target region (eu, us)\n --user string User associated with the sandbox\n -v, --volume stringArray Volumes to mount (format: VOLUME_NAME:MOUNT_PATH)\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_delete.md", "content": "## daytona delete\n\nDelete a sandbox\n\n```\ndaytona delete [SANDBOX_ID] | [SANDBOX_NAME] [flags]\n```\n\n### Options\n\n```\n -a, --all Delete all sandboxes\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_docs.md", "content": "## daytona docs\n\nOpens the Daytona documentation in your default browser.\n\n```\ndaytona docs [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_exec.md", "content": "## daytona exec\n\nExecute a command in a sandbox\n\n### Synopsis\n\nExecute a command in a running sandbox\n\n```\ndaytona exec [SANDBOX_ID | SANDBOX_NAME] -- [COMMAND] [ARGS...] [flags]\n```\n\n### Options\n\n```\n --cwd string Working directory for command execution\n --timeout int Command timeout in seconds (0 for no timeout)\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_info.md", "content": "## daytona info\n\nGet sandbox info\n\n```\ndaytona info [SANDBOX_ID] | [SANDBOX_NAME] [flags]\n```\n\n### Options\n\n```\n -f, --format string Output format. Must be one of (yaml, json)\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_list.md", "content": "## daytona list\n\nList sandboxes\n\n```\ndaytona list [flags]\n```\n\n### Options\n\n```\n -f, --format string Output format. Must be one of (yaml, json)\n -l, --limit int Maximum number of items per page (default 100)\n -p, --page int Page number for pagination (starting from 1) (default 1)\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_login.md", "content": "## daytona login\n\nLog in to Daytona\n\n```\ndaytona login [flags]\n```\n\n### Options\n\n```\n --api-key string API key to use for authentication\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_logout.md", "content": "## daytona logout\n\nLogout from Daytona\n\n```\ndaytona logout [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_mcp.md", "content": "## daytona mcp\n\nManage Daytona MCP Server\n\n### Synopsis\n\nCommands for managing Daytona MCP Server\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n* [daytona mcp config](daytona_mcp_config.md) - Outputs JSON configuration for Daytona MCP Server\n* [daytona mcp init](daytona_mcp_init.md) - Initialize Daytona MCP Server with an agent (currently supported: claude, windsurf, cursor)\n* [daytona mcp start](daytona_mcp_start.md) - Start Daytona MCP Server\n" }, { "path": "apps/cli/docs/daytona_mcp_config.md", "content": "## daytona mcp config\n\nOutputs JSON configuration for Daytona MCP Server\n\n```\ndaytona mcp config [AGENT_NAME] [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona mcp](daytona_mcp.md) - Manage Daytona MCP Server\n" }, { "path": "apps/cli/docs/daytona_mcp_init.md", "content": "## daytona mcp init\n\nInitialize Daytona MCP Server with an agent (currently supported: claude, windsurf, cursor)\n\n```\ndaytona mcp init [AGENT_NAME] [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona mcp](daytona_mcp.md) - Manage Daytona MCP Server\n" }, { "path": "apps/cli/docs/daytona_mcp_start.md", "content": "## daytona mcp start\n\nStart Daytona MCP Server\n\n```\ndaytona mcp start [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona mcp](daytona_mcp.md) - Manage Daytona MCP Server\n" }, { "path": "apps/cli/docs/daytona_organization.md", "content": "## daytona organization\n\nManage Daytona organizations\n\n### Synopsis\n\nCommands for managing Daytona organizations\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n* [daytona organization create](daytona_organization_create.md) - Create a new organization and set it as active\n* [daytona organization delete](daytona_organization_delete.md) - Delete an organization\n* [daytona organization list](daytona_organization_list.md) - List all organizations\n* [daytona organization use](daytona_organization_use.md) - Set active organization\n" }, { "path": "apps/cli/docs/daytona_organization_create.md", "content": "## daytona organization create\n\nCreate a new organization and set it as active\n\n```\ndaytona organization create [ORGANIZATION_NAME] [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona organization](daytona_organization.md) - Manage Daytona organizations\n" }, { "path": "apps/cli/docs/daytona_organization_delete.md", "content": "## daytona organization delete\n\nDelete an organization\n\n```\ndaytona organization delete [ORGANIZATION] [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona organization](daytona_organization.md) - Manage Daytona organizations\n" }, { "path": "apps/cli/docs/daytona_organization_list.md", "content": "## daytona organization list\n\nList all organizations\n\n```\ndaytona organization list [flags]\n```\n\n### Options\n\n```\n -f, --format string Output format. Must be one of (yaml, json)\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona organization](daytona_organization.md) - Manage Daytona organizations\n" }, { "path": "apps/cli/docs/daytona_organization_use.md", "content": "## daytona organization use\n\nSet active organization\n\n```\ndaytona organization use [ORGANIZATION] [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona organization](daytona_organization.md) - Manage Daytona organizations\n" }, { "path": "apps/cli/docs/daytona_preview-url.md", "content": "## daytona preview-url\n\nGet signed preview URL for a sandbox port\n\n```\ndaytona preview-url [SANDBOX_ID | SANDBOX_NAME] [flags]\n```\n\n### Options\n\n```\n --expires int32 URL expiration time in seconds (default 3600)\n -p, --port int32 Port number to get preview URL for (required)\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_snapshot.md", "content": "## daytona snapshot\n\nManage Daytona snapshots\n\n### Synopsis\n\nCommands for managing Daytona snapshots\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n* [daytona snapshot create](daytona_snapshot_create.md) - Create a snapshot\n* [daytona snapshot delete](daytona_snapshot_delete.md) - Delete a snapshot\n* [daytona snapshot list](daytona_snapshot_list.md) - List all snapshots\n* [daytona snapshot push](daytona_snapshot_push.md) - Push local snapshot\n" }, { "path": "apps/cli/docs/daytona_snapshot_create.md", "content": "## daytona snapshot create\n\nCreate a snapshot\n\n```\ndaytona snapshot create [SNAPSHOT] [flags]\n```\n\n### Options\n\n```\n -c, --context stringArray Files or directories to include in the build context (can be specified multiple times). If not provided, context will be automatically determined from COPY/ADD commands in the Dockerfile\n --cpu int32 CPU cores that will be allocated to the underlying sandboxes (default: 1)\n --disk int32 Disk space that will be allocated to the underlying sandboxes in GB (default: 3)\n -f, --dockerfile string Path to Dockerfile to build\n -e, --entrypoint string The entrypoint command for the snapshot\n -i, --image string The image name for the snapshot\n --memory int32 Memory that will be allocated to the underlying sandboxes in GB (default: 1)\n --region string ID of the region where the snapshot will be available (defaults to organization default region)\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona snapshot](daytona_snapshot.md) - Manage Daytona snapshots\n" }, { "path": "apps/cli/docs/daytona_snapshot_delete.md", "content": "## daytona snapshot delete\n\nDelete a snapshot\n\n```\ndaytona snapshot delete [SNAPSHOT_ID] [flags]\n```\n\n### Options\n\n```\n -a, --all Delete all snapshots\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona snapshot](daytona_snapshot.md) - Manage Daytona snapshots\n" }, { "path": "apps/cli/docs/daytona_snapshot_list.md", "content": "## daytona snapshot list\n\nList all snapshots\n\n### Synopsis\n\nList all available Daytona snapshots\n\n```\ndaytona snapshot list [flags]\n```\n\n### Options\n\n```\n -f, --format string Output format. Must be one of (yaml, json)\n -l, --limit int Maximum number of items per page (default 100)\n -p, --page int Page number for pagination (starting from 1) (default 1)\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona snapshot](daytona_snapshot.md) - Manage Daytona snapshots\n" }, { "path": "apps/cli/docs/daytona_snapshot_push.md", "content": "## daytona snapshot push\n\nPush local snapshot\n\n### Synopsis\n\nPush a local Docker image to Daytona. To securely build it on our infrastructure, use 'daytona snapshot build'\n\n```\ndaytona snapshot push [SNAPSHOT] [flags]\n```\n\n### Options\n\n```\n --cpu int32 CPU cores that will be allocated to the underlying sandboxes (default: 1)\n --disk int32 Disk space that will be allocated to the underlying sandboxes in GB (default: 3)\n -e, --entrypoint string The entrypoint command for the image\n --memory int32 Memory that will be allocated to the underlying sandboxes in GB (default: 1)\n -n, --name string Specify the Snapshot name\n --region string ID of the region where the snapshot will be available (defaults to organization default region)\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona snapshot](daytona_snapshot.md) - Manage Daytona snapshots\n" }, { "path": "apps/cli/docs/daytona_ssh.md", "content": "## daytona ssh\n\nSSH into a sandbox\n\n### Synopsis\n\nEstablish an SSH connection to a running sandbox\n\n```\ndaytona ssh [SANDBOX_ID] | [SANDBOX_NAME] [flags]\n```\n\n### Options\n\n```\n --expires int SSH access token expiration time in minutes (defaults to 24 hours) (default 1440)\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_start.md", "content": "## daytona start\n\nStart a sandbox\n\n```\ndaytona start [SANDBOX_ID] | [SANDBOX_NAME] [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_stop.md", "content": "## daytona stop\n\nStop a sandbox\n\n```\ndaytona stop [SANDBOX_ID] | [SANDBOX_NAME] [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_version.md", "content": "## daytona version\n\nPrint the version number\n\n```\ndaytona version [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n" }, { "path": "apps/cli/docs/daytona_volume.md", "content": "## daytona volume\n\nManage Daytona volumes\n\n### Synopsis\n\nCommands for managing Daytona volumes\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona](daytona.md) - Daytona CLI\n* [daytona volume create](daytona_volume_create.md) - Create a volume\n* [daytona volume delete](daytona_volume_delete.md) - Delete a volume\n* [daytona volume get](daytona_volume_get.md) - Get volume details\n* [daytona volume list](daytona_volume_list.md) - List all volumes\n" }, { "path": "apps/cli/docs/daytona_volume_create.md", "content": "## daytona volume create\n\nCreate a volume\n\n```\ndaytona volume create [NAME] [flags]\n```\n\n### Options\n\n```\n -s, --size int32 Size of the volume in GB (default 10)\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona volume](daytona_volume.md) - Manage Daytona volumes\n" }, { "path": "apps/cli/docs/daytona_volume_delete.md", "content": "## daytona volume delete\n\nDelete a volume\n\n```\ndaytona volume delete [VOLUME_ID] [flags]\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona volume](daytona_volume.md) - Manage Daytona volumes\n" }, { "path": "apps/cli/docs/daytona_volume_get.md", "content": "## daytona volume get\n\nGet volume details\n\n```\ndaytona volume get [VOLUME_ID] [flags]\n```\n\n### Options\n\n```\n -f, --format string Output format. Must be one of (yaml, json)\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona volume](daytona_volume.md) - Manage Daytona volumes\n" }, { "path": "apps/cli/docs/daytona_volume_list.md", "content": "## daytona volume list\n\nList all volumes\n\n```\ndaytona volume list [flags]\n```\n\n### Options\n\n```\n -f, --format string Output format. Must be one of (yaml, json)\n```\n\n### Options inherited from parent commands\n\n```\n --help help for daytona\n```\n\n### SEE ALSO\n\n* [daytona volume](daytona_volume.md) - Manage Daytona volumes\n" }, { "path": "apps/cli/go.mod", "content": "module github.com/daytonaio/daytona/cli\n\ngo 1.25.4\n\nrequire (\n\tgithub.com/charmbracelet/bubbletea v1.1.0\n\tgithub.com/daytonaio/daytona/libs/api-client-go v0.153.0\n\tgithub.com/docker/docker v28.5.2+incompatible\n\tgithub.com/mark3labs/mcp-go v0.32.0\n\tgithub.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c\n\tgithub.com/sirupsen/logrus v1.9.3\n\tgithub.com/spf13/cobra v1.10.1\n\tgolang.org/x/oauth2 v0.34.0\n)\n\nrequire (\n\tgithub.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect\n\tgithub.com/Microsoft/go-winio v0.6.2 // indirect\n\tgithub.com/atotto/clipboard v0.1.4 // indirect\n\tgithub.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect\n\tgithub.com/catppuccin/go v0.2.0 // indirect\n\tgithub.com/cespare/xxhash/v2 v2.3.0 // indirect\n\tgithub.com/charmbracelet/x/ansi v0.4.2 // indirect\n\tgithub.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0 // indirect\n\tgithub.com/charmbracelet/x/term v0.2.0 // indirect\n\tgithub.com/containerd/errdefs v1.0.0 // indirect\n\tgithub.com/containerd/errdefs/pkg v0.3.0 // indirect\n\tgithub.com/containerd/log v0.1.0 // indirect\n\tgithub.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect\n\tgithub.com/creack/pty v1.1.23 // indirect\n\tgithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect\n\tgithub.com/distribution/reference v0.6.0 // indirect\n\tgithub.com/docker/go-connections v0.5.0 // indirect\n\tgithub.com/docker/go-units v0.5.0 // indirect\n\tgithub.com/dustin/go-humanize v1.0.1 // indirect\n\tgithub.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect\n\tgithub.com/felixge/httpsnoop v1.0.4 // indirect\n\tgithub.com/go-ini/ini v1.67.0 // indirect\n\tgithub.com/go-jose/go-jose/v4 v4.1.3 // indirect\n\tgithub.com/go-logr/logr v1.4.3 // indirect\n\tgithub.com/go-logr/stdr v1.2.2 // indirect\n\tgithub.com/goccy/go-json v0.10.5 // indirect\n\tgithub.com/google/uuid v1.6.0 // indirect\n\tgithub.com/klauspost/compress v1.18.1 // indirect\n\tgithub.com/klauspost/cpuid/v2 v2.3.0 // indirect\n\tgithub.com/lucasb-eyer/go-colorful v1.2.0 // indirect\n\tgithub.com/mattn/go-isatty v0.0.20 // indirect\n\tgithub.com/mattn/go-localereader v0.0.1 // indirect\n\tgithub.com/mattn/go-runewidth v0.0.16 // indirect\n\tgithub.com/minio/crc64nvme v1.0.1 // indirect\n\tgithub.com/minio/md5-simd v1.1.2 // indirect\n\tgithub.com/mitchellh/hashstructure/v2 v2.0.2 // indirect\n\tgithub.com/moby/docker-image-spec v1.3.1 // indirect\n\tgithub.com/moby/sys/atomicwriter v0.1.0 // indirect\n\tgithub.com/moby/term v0.5.2 // indirect\n\tgithub.com/morikuni/aec v1.0.0 // indirect\n\tgithub.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect\n\tgithub.com/muesli/cancelreader v0.2.2 // indirect\n\tgithub.com/muesli/termenv v0.15.3-0.20240618155329-98d742f6907a // indirect\n\tgithub.com/opencontainers/go-digest v1.0.0 // indirect\n\tgithub.com/opencontainers/image-spec v1.1.1 // indirect\n\tgithub.com/pkg/errors v0.9.1 // indirect\n\tgithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect\n\tgithub.com/rivo/uniseg v0.4.7 // indirect\n\tgithub.com/rs/xid v1.6.0 // indirect\n\tgithub.com/russross/blackfriday/v2 v2.1.0 // indirect\n\tgithub.com/sahilm/fuzzy v0.1.1 // indirect\n\tgithub.com/spf13/cast v1.7.1 // indirect\n\tgithub.com/yosida95/uritemplate/v3 v3.0.2 // indirect\n\tgo.opentelemetry.io/auto/sdk v1.2.1 // indirect\n\tgo.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect\n\tgo.opentelemetry.io/otel v1.40.0 // indirect\n\tgo.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0 // indirect\n\tgo.opentelemetry.io/otel/metric v1.40.0 // indirect\n\tgo.opentelemetry.io/otel/sdk v1.40.0 // indirect\n\tgo.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect\n\tgo.opentelemetry.io/otel/trace v1.40.0 // indirect\n\tgolang.org/x/crypto v0.47.0 // indirect\n\tgolang.org/x/net v0.49.0 // indirect\n\tgolang.org/x/sync v0.19.0 // indirect\n\tgolang.org/x/sys v0.40.0 // indirect\n\tgolang.org/x/text v0.33.0 // indirect\n\tgolang.org/x/time v0.10.0 // indirect\n\tgoogle.golang.org/grpc v1.79.3 // indirect\n\tgopkg.in/yaml.v3 v3.0.1 // indirect\n\tgotest.tools/v3 v3.5.1 // indirect\n)\n\nrequire (\n\tgithub.com/charmbracelet/bubbles v0.20.0\n\tgithub.com/charmbracelet/huh v0.6.0\n\tgithub.com/charmbracelet/lipgloss v1.0.0\n\tgithub.com/coreos/go-oidc/v3 v3.12.0\n\tgithub.com/inconshreveable/mousetrap v1.1.0 // indirect\n\tgithub.com/joho/godotenv v1.5.1\n\tgithub.com/minio/minio-go/v7 v7.0.91\n\tgithub.com/spf13/pflag v1.0.9 // indirect\n\tgolang.org/x/term v0.39.0\n\tgopkg.in/yaml.v2 v2.4.0\n)\n" }, { "path": "apps/cli/go.sum", "content": "github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=\ngithub.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=\ngithub.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=\ngithub.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=\ngithub.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=\ngithub.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=\ngithub.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=\ngithub.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=\ngithub.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=\ngithub.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=\ngithub.com/aymanbagabas/go-udiff v0.2.0 h1:TK0fH4MteXUDspT88n8CKzvK0X9O2xu9yQjWpi6yML8=\ngithub.com/aymanbagabas/go-udiff v0.2.0/go.mod h1:RE4Ex0qsGkTAJoQdQQCA0uG+nAzJO/pI/QwceO5fgrA=\ngithub.com/catppuccin/go v0.2.0 h1:ktBeIrIP42b/8FGiScP9sgrWOss3lw0Z5SktRoithGA=\ngithub.com/catppuccin/go v0.2.0/go.mod h1:8IHJuMGaUUjQM82qBrGNBv7LFq6JI3NnQCF6MOlZjpc=\ngithub.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=\ngithub.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=\ngithub.com/charmbracelet/bubbles v0.20.0 h1:jSZu6qD8cRQ6k9OMfR1WlM+ruM8fkPWkHvQWD9LIutE=\ngithub.com/charmbracelet/bubbles v0.20.0/go.mod h1:39slydyswPy+uVOHZ5x/GjwVAFkCsV8IIVy+4MhzwwU=\ngithub.com/charmbracelet/bubbletea v1.1.0 h1:FjAl9eAL3HBCHenhz/ZPjkKdScmaS5SK69JAK2YJK9c=\ngithub.com/charmbracelet/bubbletea v1.1.0/go.mod h1:9Ogk0HrdbHolIKHdjfFpyXJmiCzGwy+FesYkZr7hYU4=\ngithub.com/charmbracelet/huh v0.6.0 h1:mZM8VvZGuE0hoDXq6XLxRtgfWyTI3b2jZNKh0xWmax8=\ngithub.com/charmbracelet/huh v0.6.0/go.mod h1:GGNKeWCeNzKpEOh/OJD8WBwTQjV3prFAtQPpLv+AVwU=\ngithub.com/charmbracelet/lipgloss v1.0.0 h1:O7VkGDvqEdGi93X+DeqsQ7PKHDgtQfF8j8/O2qFMQNg=\ngithub.com/charmbracelet/lipgloss v1.0.0/go.mod h1:U5fy9Z+C38obMs+T+tJqst9VGzlOYGj4ri9reL3qUlo=\ngithub.com/charmbracelet/x/ansi v0.4.2 h1:0JM6Aj/g/KC154/gOP4vfxun0ff6itogDYk41kof+qk=\ngithub.com/charmbracelet/x/ansi v0.4.2/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw=\ngithub.com/charmbracelet/x/exp/golden v0.0.0-20240815200342-61de596daa2b h1:MnAMdlwSltxJyULnrYbkZpp4k58Co7Tah3ciKhSNo0Q=\ngithub.com/charmbracelet/x/exp/golden v0.0.0-20240815200342-61de596daa2b/go.mod h1:wDlXFlCrmJ8J+swcL/MnGUuYnqgQdW9rhSD61oNMb6U=\ngithub.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0 h1:qko3AQ4gK1MTS/de7F5hPGx6/k1u0w4TeYmBFwzYVP4=\ngithub.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0/go.mod h1:pBhA0ybfXv6hDjQUZ7hk1lVxBiUbupdw5R31yPUViVQ=\ngithub.com/charmbracelet/x/term v0.2.0 h1:cNB9Ot9q8I711MyZ7myUR5HFWL/lc3OpU8jZ4hwm0x0=\ngithub.com/charmbracelet/x/term v0.2.0/go.mod h1:GVxgxAbjUrmpvIINHIQnJJKpMlHiZ4cktEQCN6GWyF0=\ngithub.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=\ngithub.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=\ngithub.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=\ngithub.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=\ngithub.com/coreos/go-oidc/v3 v3.12.0 h1:sJk+8G2qq94rDI6ehZ71Bol3oUHy63qNYmkiSjrc/Jo=\ngithub.com/coreos/go-oidc/v3 v3.12.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0=\ngithub.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo=\ngithub.com/creack/pty v1.1.23 h1:4M6+isWdcStXEf15G/RbrMPOQj1dZ7HPZCGwE4kOeP0=\ngithub.com/creack/pty v1.1.23/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=\ngithub.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=\ngithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/daytonaio/daytona/libs/api-client-go v0.153.0 h1:OGCzMcAR9RsrPToFuKJFUdKIcynnYtQCfvGn67Z0A2s=\ngithub.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=\ngithub.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=\ngithub.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=\ngithub.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=\ngithub.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=\ngithub.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=\ngithub.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=\ngithub.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=\ngithub.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=\ngithub.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=\ngithub.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4=\ngithub.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM=\ngithub.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=\ngithub.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=\ngithub.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=\ngithub.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=\ngithub.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=\ngithub.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=\ngithub.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=\ngithub.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=\ngithub.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=\ngithub.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=\ngithub.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=\ngithub.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=\ngithub.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=\ngithub.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=\ngithub.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=\ngithub.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=\ngithub.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=\ngithub.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=\ngithub.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7 h1:X+2YciYSxvMQK0UZ7sg45ZVabVZBeBuvMkmuI2V3Fak=\ngithub.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=\ngithub.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=\ngithub.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=\ngithub.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=\ngithub.com/klauspost/compress v1.18.1 h1:bcSGx7UbpBqMChDtsF28Lw6v/G94LPrrbMbdC3JH2co=\ngithub.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=\ngithub.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=\ngithub.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=\ngithub.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=\ngithub.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=\ngithub.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=\ngithub.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=\ngithub.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=\ngithub.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=\ngithub.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=\ngithub.com/mark3labs/mcp-go v0.32.0 h1:fgwmbfL2gbd67obg57OfV2Dnrhs1HtSdlY/i5fn7MU8=\ngithub.com/mark3labs/mcp-go v0.32.0/go.mod h1:rXqOudj/djTORU/ThxYx8fqEVj/5pvTuuebQ2RC7uk4=\ngithub.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=\ngithub.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=\ngithub.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4=\ngithub.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88=\ngithub.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=\ngithub.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=\ngithub.com/minio/crc64nvme v1.0.1 h1:DHQPrYPdqK7jQG/Ls5CTBZWeex/2FMS3G5XGkycuFrY=\ngithub.com/minio/crc64nvme v1.0.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=\ngithub.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=\ngithub.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=\ngithub.com/minio/minio-go/v7 v7.0.91 h1:tWLZnEfo3OZl5PoXQwcwTAPNNrjyWwOh6cbZitW5JQc=\ngithub.com/minio/minio-go/v7 v7.0.91/go.mod h1:uvMUcGrpgeSAAI6+sD3818508nUyMULw94j2Nxku/Go=\ngithub.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4=\ngithub.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE=\ngithub.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=\ngithub.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=\ngithub.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=\ngithub.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=\ngithub.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=\ngithub.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=\ngithub.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=\ngithub.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=\ngithub.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=\ngithub.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI=\ngithub.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo=\ngithub.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA=\ngithub.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo=\ngithub.com/muesli/termenv v0.15.3-0.20240618155329-98d742f6907a h1:2MaM6YC3mGu54x+RKAA6JiFFHlHDY1UbkxqppT7wYOg=\ngithub.com/muesli/termenv v0.15.3-0.20240618155329-98d742f6907a/go.mod h1:hxSnBBYLK21Vtq/PHd0S2FYCxBXzBua8ov5s1RobyRQ=\ngithub.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=\ngithub.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=\ngithub.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=\ngithub.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=\ngithub.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=\ngithub.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=\ngithub.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=\ngithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=\ngithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=\ngithub.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=\ngithub.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=\ngithub.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=\ngithub.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=\ngithub.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU=\ngithub.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=\ngithub.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=\ngithub.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=\ngithub.com/sahilm/fuzzy v0.1.1 h1:ceu5RHF8DGgoi+/dR5PsECjCDH1BE3Fnmpo7aVXOdRA=\ngithub.com/sahilm/fuzzy v0.1.1/go.mod h1:VFvziUEIMCrT6A6tw2RFIXPXXmzXbOsSHF0DOI8ZK9Y=\ngithub.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=\ngithub.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=\ngithub.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=\ngithub.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=\ngithub.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=\ngithub.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY=\ngithub.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=\ngithub.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=\ngithub.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=\ngithub.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=\ngithub.com/yosida95/uritemplate/v3 v3.0.2 h1:Ed3Oyj9yrmi9087+NczuL5BwkIc4wvTb5zIM+UJPGz4=\ngithub.com/yosida95/uritemplate/v3 v3.0.2/go.mod h1:ILOh0sOhIJR3+L/8afwt/kE++YT040gmv5BQTMR2HP4=\ngo.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=\ngo.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18=\ngo.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=\ngo.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0 h1:QKdN8ly8zEMrByybbQgv8cWBcdAarwmIPZ6FThrWXJs=\ngo.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0 h1:wVZXIWjQSeSmMoxF74LzAnpVQOAFDo3pPji9Y4SOFKc=\ngo.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=\ngo.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=\ngo.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=\ngo.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=\ngo.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=\ngolang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=\ngolang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=\ngolang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=\ngolang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=\ngolang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=\ngolang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=\ngolang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=\ngolang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=\ngolang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=\ngoogle.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 h1:merA0rdPeUV3YIIfHHcH4qBkiQAc1nfCKSI7lB4cV2M=\ngoogle.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 h1:H86B94AW+VfJWDqFeEbBPhEtHzJwJfTbgE2lZa54ZAQ=\ngoogle.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=\ngoogle.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=\ngopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=\ngopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=\ngopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=\ngopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=\ngopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=\ngopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=\ngopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=\ngopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=\ngotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=\ngotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=\n" }, { "path": "apps/cli/hack/build.sh", "content": "#!/bin/bash\n# Copyright 2025 Daytona Platforms Inc.\n# SPDX-License-Identifier: AGPL-3.0\n\n\n# Exit on error\nset -e\n\n# Get absolute path of script directory\nSCRIPT_DIR=\"$(cd \"$(dirname \"${BASH_SOURCE[0]}\")\" && pwd)\"\nPROJECT_ROOT=\"$(cd \"${SCRIPT_DIR}/../..\" && pwd)\"\nDIST_DIR=\"$(cd \"${SCRIPT_DIR}/../../..\" && pwd)\"\n\n# Environment file precedence:\n# 1. DAYTONA_ENV_FILE environment variable if set\n# 2. .env file in CLI directory\n# 3. .env file in project root\n# 4. Default values\n\nload_env_file() {\n local env_file=\"$1\"\n if [ -f \"$env_file\" ]; then\n source \"$env_file\"\n return 0\n fi\n return 1\n}\n\n# If --skip-env-file is passed, skip loading env files\nfor arg in \"$@\"; do\n if [ \"$arg\" == \"--skip-env-file\" ]; then\n echo \"Skipping loading of environment files\"\n SKIP_ENV_FILE=true\n break\n fi\ndone\n\nif [ \"$SKIP_ENV_FILE\" != \"true\" ]; then\n echo \"Loading environment files\"\n # Try loading environment files in order of precedence\n if [ -n \"$DAYTONA_ENV_FILE\" ]; then\n if ! load_env_file \"$DAYTONA_ENV_FILE\"; then\n echo \"Warning: Environment file specified by DAYTONA_ENV_FILE ($DAYTONA_ENV_FILE) not found\"\n fi\n elif load_env_file \"${SCRIPT_DIR}/../.env.local\"; then\n : # Successfully loaded CLI .env\n elif load_env_file \"${SCRIPT_DIR}/../.env\"; then\n : # Successfully loaded CLI .env\n elif load_env_file \"${PROJECT_ROOT}/.env.local\"; then\n : # Successfully loaded root .env\n elif load_env_file \"${PROJECT_ROOT}/.env\"; then\n : # Successfully loaded root .env\n else\n echo \"Note: No .env file found, using default values\"\n fi\nfi\n\n# Set default values\nDAYTONA_VERSION=${VERSION:-v0.0.0-dev}\nGOOS=${GOOS:-linux}\nGOARCH=${GOARCH:-amd64}\nCGO_ENABLED=${CGO_ENABLED:-0}\n\n# Validate required variables\nREQUIRED_VARS=(\n \"DAYTONA_API_URL\"\n \"DAYTONA_AUTH0_DOMAIN\"\n \"DAYTONA_AUTH0_CLIENT_ID\"\n \"DAYTONA_AUTH0_CALLBACK_PORT\"\n \"DAYTONA_AUTH0_AUDIENCE\"\n)\n\nMISSING_VARS=()\nfor var in \"${REQUIRED_VARS[@]}\"; do\n if [ -z \"${!var}\" ]; then\n MISSING_VARS+=(\"$var\")\n fi\ndone\n\nif [ ${#MISSING_VARS[@]} -ne 0 ]; then\n echo \"Error: Missing required environment variables:\"\n printf '%s\\n' \"${MISSING_VARS[@]}\"\n exit 1\nfi\n\n# Create build directory if it doesn't exist\nmkdir -p \"${DIST_DIR}/dist/apps/cli\"\n\n# Set output filename with .exe extension for Windows\nOUTPUT_FILE=\"daytona-${GOOS}-${GOARCH}\"\nif [ \"$GOOS\" == \"windows\" ]; then\n OUTPUT_FILE=\"${OUTPUT_FILE}.exe\"\nfi\n\n# Build the binary\necho \"Building Daytona CLI with version: $DAYTONA_VERSION\"\ngo build \\\n -ldflags \"-X 'github.com/daytonaio/daytona/cli/internal.Version=${DAYTONA_VERSION}' \\\n -X 'github.com/daytonaio/daytona/cli/internal.DaytonaApiUrl=${DAYTONA_API_URL}' \\\n -X 'github.com/daytonaio/daytona/cli/internal.Auth0Domain=${DAYTONA_AUTH0_DOMAIN}' \\\n -X 'github.com/daytonaio/daytona/cli/internal.Auth0ClientId=${DAYTONA_AUTH0_CLIENT_ID}' \\\n -X 'github.com/daytonaio/daytona/cli/internal.Auth0ClientSecret=${DAYTONA_AUTH0_CLIENT_SECRET}' \\\n -X 'github.com/daytonaio/daytona/cli/internal.Auth0CallbackPort=${DAYTONA_AUTH0_CALLBACK_PORT}' \\\n -X 'github.com/daytonaio/daytona/cli/internal.Auth0Audience=${DAYTONA_AUTH0_AUDIENCE}'\" \\\n -o \"${DIST_DIR}/dist/apps/cli/${OUTPUT_FILE}\" main.go\n\necho \"Build complete: ${DIST_DIR}/dist/apps/cli/${OUTPUT_FILE}\"\n" }, { "path": "apps/cli/hack/docs/daytona.yaml", "content": "name: daytona\nsynopsis: Daytona CLI\ndescription: Command line interface for Daytona Sandboxes\nusage: daytona [flags]\noptions:\n - name: help\n default_value: 'false'\n usage: help for daytona\n - name: version\n shorthand: v\n default_value: 'false'\n usage: Display the version of Daytona\nsee_also:\n - daytona archive - Archive a sandbox\n - daytona autocomplete - Adds a completion script for your shell environment\n - daytona create - Create a new sandbox\n - daytona delete - Delete a sandbox\n - daytona docs - Opens the Daytona documentation in your default browser.\n - daytona exec - Execute a command in a sandbox\n - daytona info - Get sandbox info\n - daytona list - List sandboxes\n - daytona login - Log in to Daytona\n - daytona logout - Logout from Daytona\n - daytona mcp - Manage Daytona MCP Server\n - daytona organization - Manage Daytona organizations\n - daytona preview-url - Get signed preview URL for a sandbox port\n - daytona snapshot - Manage Daytona snapshots\n - daytona ssh - SSH into a sandbox\n - daytona start - Start a sandbox\n - daytona stop - Stop a sandbox\n - daytona version - Print the version number\n - daytona volume - Manage Daytona volumes\n" }, { "path": "apps/cli/hack/docs/daytona_archive.yaml", "content": "name: daytona archive\nsynopsis: Archive a sandbox\nusage: daytona archive [SANDBOX_ID] | [SANDBOX_NAME] [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_autocomplete.yaml", "content": "name: daytona autocomplete\nsynopsis: Adds a completion script for your shell environment\nusage: daytona autocomplete [bash|zsh|fish|powershell] [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_create.yaml", "content": "name: daytona create\nsynopsis: Create a new sandbox\nusage: daytona create [flags]\noptions:\n - name: auto-archive\n default_value: '10080'\n usage: |\n Auto-archive interval in minutes (0 means the maximum interval will be used)\n - name: auto-delete\n default_value: '-1'\n usage: |\n Auto-delete interval in minutes (negative value means disabled, 0 means delete immediately upon stopping)\n - name: auto-stop\n default_value: '15'\n usage: Auto-stop interval in minutes (0 means disabled)\n - name: class\n usage: Sandbox class type (small, medium, large)\n - name: context\n shorthand: c\n default_value: '[]'\n usage: |\n Files or directories to include in the build context (can be specified multiple times)\n - name: cpu\n default_value: '0'\n usage: CPU cores allocated to the sandbox\n - name: disk\n default_value: '0'\n usage: Disk space allocated to the sandbox in GB\n - name: dockerfile\n shorthand: f\n usage: Path to Dockerfile for Sandbox snapshot\n - name: env\n shorthand: e\n default_value: '[]'\n usage: 'Environment variables (format: KEY=VALUE)'\n - name: gpu\n default_value: '0'\n usage: GPU units allocated to the sandbox\n - name: label\n shorthand: l\n default_value: '[]'\n usage: 'Labels (format: KEY=VALUE)'\n - name: memory\n default_value: '0'\n usage: Memory allocated to the sandbox in MB\n - name: name\n usage: Name of the sandbox\n - name: network-allow-list\n usage: |\n Comma-separated list of allowed CIDR network addresses for the sandbox\n - name: network-block-all\n default_value: 'false'\n usage: Whether to block all network access for the sandbox\n - name: public\n default_value: 'false'\n usage: Make sandbox publicly accessible\n - name: snapshot\n usage: Snapshot to use for the sandbox\n - name: target\n usage: Target region (eu, us)\n - name: user\n usage: User associated with the sandbox\n - name: volume\n shorthand: v\n default_value: '[]'\n usage: 'Volumes to mount (format: VOLUME_NAME:MOUNT_PATH)'\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_delete.yaml", "content": "name: daytona delete\nsynopsis: Delete a sandbox\nusage: daytona delete [SANDBOX_ID] | [SANDBOX_NAME] [flags]\noptions:\n - name: all\n shorthand: a\n default_value: 'false'\n usage: Delete all sandboxes\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_docs.yaml", "content": "name: daytona docs\nsynopsis: Opens the Daytona documentation in your default browser.\nusage: daytona docs [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_exec.yaml", "content": "name: daytona exec\nsynopsis: Execute a command in a sandbox\ndescription: Execute a command in a running sandbox\nusage: daytona exec [SANDBOX_ID | SANDBOX_NAME] -- [COMMAND] [ARGS...] [flags]\noptions:\n - name: cwd\n usage: Working directory for command execution\n - name: timeout\n default_value: '0'\n usage: Command timeout in seconds (0 for no timeout)\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_info.yaml", "content": "name: daytona info\nsynopsis: Get sandbox info\nusage: daytona info [SANDBOX_ID] | [SANDBOX_NAME] [flags]\noptions:\n - name: format\n shorthand: f\n usage: Output format. Must be one of (yaml, json)\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_list.yaml", "content": "name: daytona list\nsynopsis: List sandboxes\nusage: daytona list [flags]\noptions:\n - name: format\n shorthand: f\n usage: Output format. Must be one of (yaml, json)\n - name: limit\n shorthand: l\n default_value: '100'\n usage: Maximum number of items per page\n - name: page\n shorthand: p\n default_value: '1'\n usage: Page number for pagination (starting from 1)\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_login.yaml", "content": "name: daytona login\nsynopsis: Log in to Daytona\nusage: daytona login [flags]\noptions:\n - name: api-key\n usage: API key to use for authentication\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_logout.yaml", "content": "name: daytona logout\nsynopsis: Logout from Daytona\nusage: daytona logout [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_mcp.yaml", "content": "name: daytona mcp\nsynopsis: Manage Daytona MCP Server\ndescription: Commands for managing Daytona MCP Server\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n - daytona mcp config - Outputs JSON configuration for Daytona MCP Server\n - 'daytona mcp init - Initialize Daytona MCP Server with an agent (currently supported: claude, windsurf, cursor)'\n - daytona mcp start - Start Daytona MCP Server\n" }, { "path": "apps/cli/hack/docs/daytona_mcp_config.yaml", "content": "name: daytona mcp config\nsynopsis: Outputs JSON configuration for Daytona MCP Server\nusage: daytona mcp config [AGENT_NAME] [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona mcp - Manage Daytona MCP Server\n" }, { "path": "apps/cli/hack/docs/daytona_mcp_init.yaml", "content": "name: daytona mcp init\nsynopsis: |\n Initialize Daytona MCP Server with an agent (currently supported: claude, windsurf, cursor)\nusage: daytona mcp init [AGENT_NAME] [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona mcp - Manage Daytona MCP Server\n" }, { "path": "apps/cli/hack/docs/daytona_mcp_start.yaml", "content": "name: daytona mcp start\nsynopsis: Start Daytona MCP Server\nusage: daytona mcp start [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona mcp - Manage Daytona MCP Server\n" }, { "path": "apps/cli/hack/docs/daytona_organization.yaml", "content": "name: daytona organization\nsynopsis: Manage Daytona organizations\ndescription: Commands for managing Daytona organizations\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n - daytona organization create - Create a new organization and set it as active\n - daytona organization delete - Delete an organization\n - daytona organization list - List all organizations\n - daytona organization use - Set active organization\n" }, { "path": "apps/cli/hack/docs/daytona_organization_create.yaml", "content": "name: daytona organization create\nsynopsis: Create a new organization and set it as active\nusage: daytona organization create [ORGANIZATION_NAME] [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona organization - Manage Daytona organizations\n" }, { "path": "apps/cli/hack/docs/daytona_organization_delete.yaml", "content": "name: daytona organization delete\nsynopsis: Delete an organization\nusage: daytona organization delete [ORGANIZATION] [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona organization - Manage Daytona organizations\n" }, { "path": "apps/cli/hack/docs/daytona_organization_list.yaml", "content": "name: daytona organization list\nsynopsis: List all organizations\nusage: daytona organization list [flags]\noptions:\n - name: format\n shorthand: f\n usage: Output format. Must be one of (yaml, json)\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona organization - Manage Daytona organizations\n" }, { "path": "apps/cli/hack/docs/daytona_organization_use.yaml", "content": "name: daytona organization use\nsynopsis: Set active organization\nusage: daytona organization use [ORGANIZATION] [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona organization - Manage Daytona organizations\n" }, { "path": "apps/cli/hack/docs/daytona_preview-url.yaml", "content": "name: daytona preview-url\nsynopsis: Get signed preview URL for a sandbox port\nusage: daytona preview-url [SANDBOX_ID | SANDBOX_NAME] [flags]\noptions:\n - name: expires\n default_value: '3600'\n usage: URL expiration time in seconds\n - name: port\n shorthand: p\n default_value: '0'\n usage: Port number to get preview URL for (required)\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_snapshot.yaml", "content": "name: daytona snapshot\nsynopsis: Manage Daytona snapshots\ndescription: Commands for managing Daytona snapshots\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n - daytona snapshot create - Create a snapshot\n - daytona snapshot delete - Delete a snapshot\n - daytona snapshot list - List all snapshots\n - daytona snapshot push - Push local snapshot\n" }, { "path": "apps/cli/hack/docs/daytona_snapshot_create.yaml", "content": "name: daytona snapshot create\nsynopsis: Create a snapshot\nusage: daytona snapshot create [SNAPSHOT] [flags]\noptions:\n - name: context\n shorthand: c\n default_value: '[]'\n usage: |\n Files or directories to include in the build context (can be specified multiple times). If not provided, context will be automatically determined from COPY/ADD commands in the Dockerfile\n - name: cpu\n default_value: '0'\n usage: |\n CPU cores that will be allocated to the underlying sandboxes (default: 1)\n - name: disk\n default_value: '0'\n usage: |\n Disk space that will be allocated to the underlying sandboxes in GB (default: 3)\n - name: dockerfile\n shorthand: f\n usage: Path to Dockerfile to build\n - name: entrypoint\n shorthand: e\n usage: The entrypoint command for the snapshot\n - name: image\n shorthand: i\n usage: The image name for the snapshot\n - name: memory\n default_value: '0'\n usage: |\n Memory that will be allocated to the underlying sandboxes in GB (default: 1)\n - name: region\n usage: |\n ID of the region where the snapshot will be available (defaults to organization default region)\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona snapshot - Manage Daytona snapshots\n" }, { "path": "apps/cli/hack/docs/daytona_snapshot_delete.yaml", "content": "name: daytona snapshot delete\nsynopsis: Delete a snapshot\nusage: daytona snapshot delete [SNAPSHOT_ID] [flags]\noptions:\n - name: all\n shorthand: a\n default_value: 'false'\n usage: Delete all snapshots\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona snapshot - Manage Daytona snapshots\n" }, { "path": "apps/cli/hack/docs/daytona_snapshot_list.yaml", "content": "name: daytona snapshot list\nsynopsis: List all snapshots\ndescription: List all available Daytona snapshots\nusage: daytona snapshot list [flags]\noptions:\n - name: format\n shorthand: f\n usage: Output format. Must be one of (yaml, json)\n - name: limit\n shorthand: l\n default_value: '100'\n usage: Maximum number of items per page\n - name: page\n shorthand: p\n default_value: '1'\n usage: Page number for pagination (starting from 1)\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona snapshot - Manage Daytona snapshots\n" }, { "path": "apps/cli/hack/docs/daytona_snapshot_push.yaml", "content": "name: daytona snapshot push\nsynopsis: Push local snapshot\ndescription: |\n Push a local Docker image to Daytona. To securely build it on our infrastructure, use 'daytona snapshot build'\nusage: daytona snapshot push [SNAPSHOT] [flags]\noptions:\n - name: cpu\n default_value: '0'\n usage: |\n CPU cores that will be allocated to the underlying sandboxes (default: 1)\n - name: disk\n default_value: '0'\n usage: |\n Disk space that will be allocated to the underlying sandboxes in GB (default: 3)\n - name: entrypoint\n shorthand: e\n usage: The entrypoint command for the image\n - name: memory\n default_value: '0'\n usage: |\n Memory that will be allocated to the underlying sandboxes in GB (default: 1)\n - name: name\n shorthand: 'n'\n usage: Specify the Snapshot name\n - name: region\n usage: |\n ID of the region where the snapshot will be available (defaults to organization default region)\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona snapshot - Manage Daytona snapshots\n" }, { "path": "apps/cli/hack/docs/daytona_ssh.yaml", "content": "name: daytona ssh\nsynopsis: SSH into a sandbox\ndescription: Establish an SSH connection to a running sandbox\nusage: daytona ssh [SANDBOX_ID] | [SANDBOX_NAME] [flags]\noptions:\n - name: expires\n default_value: '1440'\n usage: |\n SSH access token expiration time in minutes (defaults to 24 hours)\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_start.yaml", "content": "name: daytona start\nsynopsis: Start a sandbox\nusage: daytona start [SANDBOX_ID] | [SANDBOX_NAME] [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_stop.yaml", "content": "name: daytona stop\nsynopsis: Stop a sandbox\nusage: daytona stop [SANDBOX_ID] | [SANDBOX_NAME] [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_version.yaml", "content": "name: daytona version\nsynopsis: Print the version number\nusage: daytona version [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n" }, { "path": "apps/cli/hack/docs/daytona_volume.yaml", "content": "name: daytona volume\nsynopsis: Manage Daytona volumes\ndescription: Commands for managing Daytona volumes\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona - Daytona CLI\n - daytona volume create - Create a volume\n - daytona volume delete - Delete a volume\n - daytona volume get - Get volume details\n - daytona volume list - List all volumes\n" }, { "path": "apps/cli/hack/docs/daytona_volume_create.yaml", "content": "name: daytona volume create\nsynopsis: Create a volume\nusage: daytona volume create [NAME] [flags]\noptions:\n - name: size\n shorthand: s\n default_value: '10'\n usage: Size of the volume in GB\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona volume - Manage Daytona volumes\n" }, { "path": "apps/cli/hack/docs/daytona_volume_delete.yaml", "content": "name: daytona volume delete\nsynopsis: Delete a volume\nusage: daytona volume delete [VOLUME_ID] [flags]\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona volume - Manage Daytona volumes\n" }, { "path": "apps/cli/hack/docs/daytona_volume_get.yaml", "content": "name: daytona volume get\nsynopsis: Get volume details\nusage: daytona volume get [VOLUME_ID] [flags]\noptions:\n - name: format\n shorthand: f\n usage: Output format. Must be one of (yaml, json)\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona volume - Manage Daytona volumes\n" }, { "path": "apps/cli/hack/docs/daytona_volume_list.yaml", "content": "name: daytona volume list\nsynopsis: List all volumes\nusage: daytona volume list [flags]\noptions:\n - name: format\n shorthand: f\n usage: Output format. Must be one of (yaml, json)\ninherited_options:\n - name: help\n default_value: 'false'\n usage: help for daytona\nsee_also:\n - daytona volume - Manage Daytona volumes\n" }, { "path": "apps/cli/hack/generate-cli-docs.sh", "content": "#!/bin/bash\n# Copyright 2025 Daytona Platforms Inc.\n# SPDX-License-Identifier: AGPL-3.0\n\n\n# Clean up existing documentation files\nrm -rf docs hack/docs\n\n# Generate default CLI documentation files in folder \"docs\"\ngo run main.go generate-docs\n" }, { "path": "apps/cli/internal/buildinfo.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage internal\n\nvar (\n\tVersion = \"v0.0.0-dev\"\n\tDaytonaApiUrl = \"\"\n\tAuth0Domain = \"\"\n\tAuth0ClientId = \"\"\n\tAuth0ClientSecret = \"\"\n\tAuth0CallbackPort = \"\"\n\tAuth0Audience = \"\"\n)\n" }, { "path": "apps/cli/internal/cmd.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage internal\n\nconst (\n\tUSER_GROUP = \"user\"\n\tSANDBOX_GROUP = \"sandbox\"\n)\n\nvar (\n\tSuppressVersionMismatchWarning = false\n)\n" }, { "path": "apps/cli/main.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage main\n\nimport (\n\t\"os\"\n\n\tlog \"github.com/sirupsen/logrus\"\n\n\t\"github.com/daytonaio/daytona/cli/cmd\"\n\t\"github.com/daytonaio/daytona/cli/cmd/auth\"\n\t\"github.com/daytonaio/daytona/cli/cmd/mcp\"\n\t\"github.com/daytonaio/daytona/cli/cmd/organization\"\n\t\"github.com/daytonaio/daytona/cli/cmd/sandbox\"\n\t\"github.com/daytonaio/daytona/cli/cmd/snapshot\"\n\t\"github.com/daytonaio/daytona/cli/cmd/volume\"\n\t\"github.com/daytonaio/daytona/cli/internal\"\n\t\"github.com/joho/godotenv\"\n\t\"github.com/spf13/cobra\"\n)\n\nvar rootCmd = &cobra.Command{\n\tUse: \"daytona\",\n\tShort: \"Daytona CLI\",\n\tLong: \"Command line interface for Daytona Sandboxes\",\n\tDisableAutoGenTag: true,\n\tSilenceUsage: true,\n\tSilenceErrors: true,\n\tRunE: func(cmd *cobra.Command, args []string) error {\n\t\treturn cmd.Help()\n\t},\n}\n\nfunc init() {\n\trootCmd.AddGroup(&cobra.Group{ID: internal.USER_GROUP, Title: \"User\"})\n\trootCmd.AddGroup(&cobra.Group{ID: internal.SANDBOX_GROUP, Title: \"Sandbox\"})\n\n\trootCmd.AddCommand(auth.LoginCmd)\n\trootCmd.AddCommand(auth.LogoutCmd)\n\trootCmd.AddCommand(sandbox.SandboxCmd)\n\trootCmd.AddCommand(snapshot.SnapshotsCmd)\n\trootCmd.AddCommand(volume.VolumeCmd)\n\trootCmd.AddCommand(organization.OrganizationCmd)\n\trootCmd.AddCommand(mcp.MCPCmd)\n\trootCmd.AddCommand(cmd.DocsCmd)\n\trootCmd.AddCommand(cmd.AutoCompleteCmd)\n\trootCmd.AddCommand(cmd.GenerateDocsCmd)\n\trootCmd.AddCommand(cmd.VersionCmd)\n\n\t// Add sandbox subcommands as top-level shortcuts\n\trootCmd.AddCommand(createSandboxShortcut(sandbox.CreateCmd))\n\trootCmd.AddCommand(createSandboxShortcut(sandbox.DeleteCmd))\n\trootCmd.AddCommand(createSandboxShortcut(sandbox.InfoCmd))\n\trootCmd.AddCommand(createSandboxShortcut(sandbox.ListCmd))\n\trootCmd.AddCommand(createSandboxShortcut(sandbox.StartCmd))\n\trootCmd.AddCommand(createSandboxShortcut(sandbox.StopCmd))\n\trootCmd.AddCommand(createSandboxShortcut(sandbox.ArchiveCmd))\n\trootCmd.AddCommand(createSandboxShortcut(sandbox.SSHCmd))\n\trootCmd.AddCommand(createSandboxShortcut(sandbox.ExecCmd))\n\trootCmd.AddCommand(createSandboxShortcut(sandbox.PreviewUrlCmd))\n\n\trootCmd.CompletionOptions.HiddenDefaultCmd = true\n\trootCmd.PersistentFlags().BoolP(\"help\", \"\", false, \"help for daytona\")\n\trootCmd.Flags().BoolP(\"version\", \"v\", false, \"Display the version of Daytona\")\n\n\trootCmd.PreRun = func(command *cobra.Command, args []string) {\n\t\tversionFlag, _ := command.Flags().GetBool(\"version\")\n\t\tif versionFlag {\n\t\t\terr := cmd.VersionCmd.RunE(command, []string{})\n\t\t\tif err != nil {\n\t\t\t\tlog.Fatal(err)\n\t\t\t}\n\t\t\tos.Exit(0)\n\t\t}\n\t}\n}\n\n// createSandboxShortcut creates a top-level shortcut for a sandbox subcommand\nfunc createSandboxShortcut(original *cobra.Command) *cobra.Command {\n\tshortcut := &cobra.Command{\n\t\tUse: original.Use,\n\t\tShort: original.Short,\n\t\tLong: original.Long,\n\t\tArgs: original.Args,\n\t\tAliases: original.Aliases,\n\t\tGroupID: internal.SANDBOX_GROUP,\n\t\tRunE: original.RunE,\n\t}\n\tshortcut.Flags().AddFlagSet(original.Flags())\n\treturn shortcut\n}\n\nfunc main() {\n\t_ = godotenv.Load()\n\n\terr := rootCmd.Execute()\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n}\n" }, { "path": "apps/cli/mcp/README.md", "content": "# Daytona MCP (Model Context Protocol) Server\n\nDaytona MCP Server allows AI agents to utilize:\n\n- Daytona Sandbox Management (Create, Destroy)\n- Execute commands in Daytona Sandboxes\n- File Operations in Daytona sandboxes\n- Generate preview links for web applications running in Daytona Sandboxes\n\n## Prerequisites\n\n- Daytona account\n- Daytona CLI installed\n- A compatible AI agent (Claude Desktop App, Claude Code, Cursor, Windsurf)\n\n## Steps to Integrate Daytona MCP Server with an AI Agent\n\n1. **Install the Daytona CLI:**\n\n**Mac/Linux**\n\n```bash\nbrew install daytonaio/cli/daytona\n```\n\n**Windows**\n\n```bash\npowershell -Command \"irm https://get.daytona.io/windows | iex\"\n```\n\n2. **Log in to your Daytona account:**\n\n```bash\ndaytona login\n```\n\n3. **Initialize the Daytona MCP server with Claude Desktop/Claude Code/Cursor/Windsurf:**\n\n```bash\ndaytona mcp init [claude/cursor/windsurf]\n```\n\n4. **Open Agent App**\n\n## Integrating with Other AI Agents Apps\n\n**Run the following command to get a JSON Daytona MCP configuration which you can c/p to your agent configuration:**\n\n```bash\ndaytona mcp config\n```\n\n**Command outputs the following:**\n\n```json\n{\n \"mcpServers\": {\n \"daytona-mcp\": {\n \"command\": \"daytona\",\n \"args\": [\"mcp\", \"start\"],\n \"env\": {\n \"HOME\": \"${HOME}\",\n \"PATH\": \"${HOME}:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/homebrew/bin\"\n },\n \"logFile\": \"${HOME}/Library/Logs/daytona/daytona-mcp-server.log\"\n }\n }\n}\n```\n\nNote: if you are running Daytona MCP Server on Windows OS, add the following to the env field of the configuration:\n\n```json\n\"APPDATA\": \"${APPDATA}\"\n```\n\n**Finally, open or restart your AI agent**\n\n## Available Tools\n\n### Sandbox Management\n\n- `create_sandbox`: Create a new sandbox with Daytona\n\n - Parameters:\n - `id` (optional): Sandbox ID - if provided, an existing sandbox will be used, new one will be created otherwise\n - `target` (optional): Target region of the sandbox (if not provided, default region of the organization is used)\n - `image`: Image of the sandbox (optional)\n - `auto_stop_interval` (default: \"15\"): Auto-stop interval in minutes (0 means disabled)\n - `auto_archive_interval` (default: \"10080\"): Auto-archive interval in minutes (0 means the maximum interval will be used)\n - `auto_delete_interval` (default: \"-1\"): Auto-delete interval in minutes (negative value means disabled, 0 means delete immediately upon stopping)\n\n- `destroy_sandbox`: Destroy a sandbox with Daytona\n\n### File Operations\n\n- `upload_file`: Upload a file to the Daytona sandbox\n\n - Files can be text or base64-encoded binary content\n - Creates necessary parent directories automatically\n - Files persist during the session and have appropriate permissions\n - Supports overwrite controls and maintains original files formats\n - Parameters:\n - `id` (optional): Sandbox ID\n - `file_path`: Path to the file to upload\n - `content`: Content of the file to upload\n - `encoding`: Encoding of the file to upload\n - `overwrite`: Overwrite the file if it already exists\n\n- `download_file`: Download a file from the Daytona sandbox\n\n - Returns file content as text or base64 encoded image\n - Handles special cases like matplotlib plots stored as JSON\n - Parameters:\n - `id` (optional): Sandbox ID\n - `file_path`: Path to the file to download\n\n- `create_folder`: Create a new folder in the Daytona sandbox\n\n - Parameters:\n - `id` (optional): Sandbox ID\n - `folder_path`: Path to the folder to create\n - `mode`: Mode of the folder to create (defaults to 0755)\n\n- `get_file_info`: Get information about a file in the Daytona sandbox\n\n - Parameters:\n - `id` (optional): Sandbox ID\n - `file_path`: Path to the file to get information about\n\n- `list_files`: List files in a directory in the Daytona sandbox\n\n - Parameters:\n - `id` (optional): Sandbox ID\n - `path`: Path to the directory to list files from (defaults to current directory)\n\n- `move_file`: Move or rename a file in the Daytona sandbox\n\n - Parameters:\n - `id` (optional): Sandbox ID\n - `source_path`: Source path of the file to move\n - `dest_path`: Destination path where to move the file\n\n- `delete_file`: Delete a file or directory in the Daytona sandbox\n\n - Parameters:\n - `id` (optional): Sandbox ID\n - `file_path`: Path to the file or directory to delete\n\n### Git Operations\n\n- `git_clone`: Clone a Git repository into the Daytona sandbox\n\n - Parameters:\n - `id` (optional): Sandbox ID\n - `url`: URL of the Git repository to clone\n - `path`: Directory to clone the repository into (defaults to current directory)\n - `branch`: Branch to clone\n - `commit_id`: Commit ID to clone\n - `username`: Username to clone the repository with\n - `password`: Password to clone the repository with\n\n### Command Execution\n\n- `execute_command`: Execute shell commands in the ephemeral Daytona Linux environment\n\n - Returns full stdout and stderr output with exit codes\n - Commands have sandbox user permissions\n - Parameters:\n - `id` (optional): Sandbox ID\n - `command`: Command to execute\n\n### Preview\n\n- `preview_link`: Generate accessible preview URLs for web applications running in the Daytona sandbox\n\n - Creates a secure tunnel to expose local ports externally without configuration\n - Validates if a server is actually running on the specified port\n - Provides diagnostic information for troubleshooting\n - Supports custom descriptions and metadata for better organization of multiple services\n - Parameters:\n - `id` (optional): Sandbox ID\n - `port`: Port to expose\n - `description`: Description of the service\n - `check_server`: Check if a server is running\n\n## Troubleshooting\n\n- **Authentication issues:** Run `daytona login` to refresh your credentials\n- **Connection errors:** Ensure that the Daytona MCP Server is properly configured\n- **Sandbox errors:** Check sandbox status with `daytona sandbox list`\n\n## Support\n\nFor more information, visit [daytona.io](https://daytona.io) or contact support at support@daytona.io.\n" }, { "path": "apps/cli/mcp/server.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage mcp\n\nimport (\n\t\"github.com/daytonaio/daytona/cli/mcp/tools\"\n\t\"github.com/mark3labs/mcp-go/mcp\"\n\t\"github.com/mark3labs/mcp-go/server\"\n)\n\ntype DaytonaMCPServer struct {\n\tserver.MCPServer\n}\n\nfunc NewDaytonaMCPServer() *DaytonaMCPServer {\n\ts := &DaytonaMCPServer{}\n\n\ts.MCPServer = *server.NewMCPServer(\n\t\t\"Daytona MCP Server\",\n\t\t\"0.0.0-dev\",\n\t\tserver.WithRecovery(),\n\t\tserver.WithPromptCapabilities(false),\n\t\tserver.WithResourceCapabilities(false, false),\n\t\tserver.WithToolCapabilities(true),\n\t\tserver.WithLogging(),\n\t)\n\n\ts.addTools()\n\n\treturn s\n}\n\nfunc (s *DaytonaMCPServer) Start() error {\n\treturn server.ServeStdio(&s.MCPServer)\n}\n\nfunc (s *DaytonaMCPServer) addTools() {\n\ts.AddTool(tools.GetCreateSandboxTool(), mcp.NewTypedToolHandler(tools.CreateSandbox))\n\ts.AddTool(tools.GetDestroySandboxTool(), mcp.NewTypedToolHandler(tools.DestroySandbox))\n\n\ts.AddTool(tools.GetFileUploadTool(), mcp.NewTypedToolHandler(tools.FileUpload))\n\ts.AddTool(tools.GetFileDownloadTool(), mcp.NewTypedToolHandler(tools.FileDownload))\n\ts.AddTool(tools.GetFileInfoTool(), mcp.NewTypedToolHandler(tools.FileInfo))\n\ts.AddTool(tools.GetListFilesTool(), mcp.NewTypedToolHandler(tools.ListFiles))\n\ts.AddTool(tools.GetMoveFileTool(), mcp.NewTypedToolHandler(tools.MoveFile))\n\ts.AddTool(tools.GetDeleteFileTool(), mcp.NewTypedToolHandler(tools.DeleteFile))\n\ts.AddTool(tools.GetCreateFolderTool(), mcp.NewTypedToolHandler(tools.CreateFolder))\n\n\ts.AddTool(tools.GetExecuteCommandTool(), mcp.NewTypedToolHandler(tools.ExecuteCommand))\n\ts.AddTool(tools.GetPreviewLinkTool(), mcp.NewTypedToolHandler(tools.PreviewLink))\n\ts.AddTool(tools.GetGitCloneTool(), mcp.NewTypedToolHandler(tools.GitClone))\n}\n" }, { "path": "apps/cli/mcp/tools/common.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage tools\n\nimport \"github.com/daytonaio/daytona/cli/apiclient\"\n\nvar daytonaMCPHeaders map[string]string = map[string]string{\n\tapiclient.DaytonaSourceHeader: \"daytona-mcp\",\n}\n" }, { "path": "apps/cli/mcp/tools/create_folder.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage tools\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/mark3labs/mcp-go/mcp\"\n\n\tlog \"github.com/sirupsen/logrus\"\n)\n\ntype CreateFolderArgs struct {\n\tId *string `json:\"id,omitempty\"`\n\tFolderPath *string `json:\"folderPath,omitempty\"`\n\tMode *string `json:\"mode,omitempty\"`\n}\n\nfunc GetCreateFolderTool() mcp.Tool {\n\treturn mcp.NewTool(\"create_folder\",\n\t\tmcp.WithDescription(\"Create a new folder in the Daytona sandbox.\"),\n\t\tmcp.WithString(\"folderPath\", mcp.Required(), mcp.Description(\"Path to the folder to create.\")),\n\t\tmcp.WithString(\"mode\", mcp.Description(\"Mode of the folder to create (defaults to 0755).\")),\n\t\tmcp.WithString(\"id\", mcp.Required(), mcp.Description(\"ID of the sandbox to create the folder in.\")),\n\t)\n}\n\nfunc CreateFolder(ctx context.Context, request mcp.CallToolRequest, args CreateFolderArgs) (*mcp.CallToolResult, error) {\n\tapiClient, err := apiclient.GetApiClient(nil, daytonaMCPHeaders)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, err\n\t}\n\n\tif args.Id == nil || *args.Id == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"sandbox ID is required\")\n\t}\n\n\tif args.FolderPath == nil || *args.FolderPath == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"folderPath parameter is required\")\n\t}\n\n\tmode := \"0755\" // default mode\n\tif args.Mode == nil || *args.Mode == \"\" {\n\t\targs.Mode = &mode\n\t}\n\n\t// Create the folder\n\t_, err = apiClient.ToolboxAPI.CreateFolderDeprecated(ctx, *args.Id).Path(*args.FolderPath).Mode(*args.Mode).Execute()\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error creating folder: %v\", err)\n\t}\n\n\tlog.Infof(\"Created folder: %s\", *args.FolderPath)\n\n\treturn mcp.NewToolResultText(fmt.Sprintf(\"Created folder: %s\", *args.FolderPath)), nil\n}\n" }, { "path": "apps/cli/mcp/tools/create_sandbox.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage tools\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"strings\"\n\t\"time\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/mark3labs/mcp-go/mcp\"\n\n\tlog \"github.com/sirupsen/logrus\"\n)\n\ntype CreateSandboxArgs struct {\n\tId *string `json:\"id,omitempty\"`\n\tName *string `json:\"name,omitempty\"`\n\tTarget *string `json:\"target,omitempty\"`\n\tSnapshot *string `json:\"snapshot,omitempty\"`\n\tUser *string `json:\"user,omitempty\"`\n\tEnv *map[string]string `json:\"env,omitempty\"`\n\tLabels *map[string]string `json:\"labels,omitempty\"`\n\tPublic *bool `json:\"public,omitempty\"`\n\tCpu *int32 `json:\"cpu,omitempty\"`\n\tGpu *int32 `json:\"gpu,omitempty\"`\n\tMemory *int32 `json:\"memory,omitempty\"`\n\tDisk *int32 `json:\"disk,omitempty\"`\n\tAutoStopInterval *int32 `json:\"autoStopInterval,omitempty\"`\n\tAutoArchiveInterval *int32 `json:\"autoArchiveInterval,omitempty\"`\n\tAutoDeleteInterval *int32 `json:\"autoDeleteInterval,omitempty\"`\n\tVolumes *[]apiclient.SandboxVolume `json:\"volumes,omitempty\"`\n\tBuildInfo *apiclient.CreateBuildInfo `json:\"buildInfo,omitempty\"`\n\tNetworkBlockAll *bool `json:\"networkBlockAll,omitempty\"`\n\tNetworkAllowList *string `json:\"networkAllowList,omitempty\"`\n}\n\nfunc GetCreateSandboxTool() mcp.Tool {\n\treturn mcp.NewTool(\"create_sandbox\",\n\t\tmcp.WithDescription(\"Create a new sandbox with Daytona\"),\n\t\tmcp.WithString(\"id\", mcp.Description(\"If a sandbox ID is provided it is first checked if it exists and is running, if so, the existing sandbox will be used. However, a model is not able to provide custom sandbox ID but only the ones Daytona commands return and should always leave ID field empty if the intention is to create a new sandbox.\")),\n\t\tmcp.WithString(\"name\", mcp.Description(\"Name of the sandbox. If not provided, the sandbox ID will be used as the name.\")),\n\t\tmcp.WithString(\"target\", mcp.DefaultString(\"us\"), mcp.Description(\"Target region of the sandbox.\")),\n\t\tmcp.WithString(\"snapshot\", mcp.Description(\"Snapshot of the sandbox (don't specify any if not explicitly instructed from user). Cannot be specified when using a build info entry.\")),\n\t\tmcp.WithString(\"user\", mcp.Description(\"User associated with the sandbox.\")),\n\t\tmcp.WithObject(\"env\", mcp.Description(\"Environment variables for the sandbox. Format: {\\\"key\\\": \\\"value\\\", \\\"key2\\\": \\\"value2\\\"}\"), mcp.AdditionalProperties(map[string]any{\"type\": \"string\"})),\n\t\tmcp.WithObject(\"labels\", mcp.Description(\"Labels for the sandbox. Format: {\\\"key\\\": \\\"value\\\", \\\"key2\\\": \\\"value2\\\"}\"), mcp.AdditionalProperties(map[string]any{\"type\": \"string\"})),\n\t\tmcp.WithBoolean(\"public\", mcp.Description(\"Whether the sandbox http preview is publicly accessible.\")),\n\t\tmcp.WithNumber(\"cpu\", mcp.Description(\"CPU cores allocated to the sandbox. Cannot specify sandbox resources when using a snapshot.\"), mcp.Max(4)),\n\t\tmcp.WithNumber(\"gpu\", mcp.Description(\"GPU units allocated to the sandbox. Cannot specify sandbox resources when using a snapshot.\"), mcp.Max(1)),\n\t\tmcp.WithNumber(\"memory\", mcp.Description(\"Memory allocated to the sandbox in GB. Cannot specify sandbox resources when using a snapshot.\"), mcp.Max(8)),\n\t\tmcp.WithNumber(\"disk\", mcp.Description(\"Disk space allocated to the sandbox in GB. Cannot specify sandbox resources when using a snapshot.\"), mcp.Max(10)),\n\t\tmcp.WithNumber(\"autoStopInterval\", mcp.DefaultNumber(15), mcp.Min(0), mcp.Description(\"Auto-stop interval in minutes (0 means disabled) for the sandbox.\")),\n\t\tmcp.WithNumber(\"autoArchiveInterval\", mcp.DefaultNumber(10080), mcp.Min(0), mcp.Description(\"Auto-archive interval in minutes (0 means the maximum interval will be used) for the sandbox.\")),\n\t\tmcp.WithNumber(\"autoDeleteInterval\", mcp.DefaultNumber(-1), mcp.Description(\"Auto-delete interval in minutes (negative value means disabled, 0 means delete immediately upon stopping) for the sandbox.\")),\n\t\tmcp.WithArray(\"volumes\", mcp.Description(\"Volumes to attach to the sandbox.\"), mcp.Items(map[string]any{\"type\": \"object\", \"properties\": map[string]any{\"volumeId\": map[string]any{\"type\": \"string\"}, \"mountPath\": map[string]any{\"type\": \"string\"}}})),\n\t\tmcp.WithObject(\"buildInfo\", mcp.Description(\"Build information for the sandbox.\"), mcp.Properties(map[string]any{\"dockerfileContent\": map[string]any{\"type\": \"string\"}, \"contextHashes\": map[string]any{\"type\": \"array\", \"items\": map[string]any{\"type\": \"string\"}}})),\n\t\tmcp.WithBoolean(\"networkBlockAll\", mcp.Description(\"Whether to block all network access to the sandbox.\")),\n\t\tmcp.WithString(\"networkAllowList\", mcp.Description(\"Comma-separated list of domains to allow network access to the sandbox.\")),\n\t)\n}\n\nfunc CreateSandbox(ctx context.Context, request mcp.CallToolRequest, args CreateSandboxArgs) (*mcp.CallToolResult, error) {\n\tapiClient, err := apiclient_cli.GetApiClient(nil, daytonaMCPHeaders)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, err\n\t}\n\n\tsandboxId := \"\"\n\tif args.Id != nil && *args.Id != \"\" {\n\t\tsandboxId = *args.Id\n\t}\n\n\tif sandboxId != \"\" {\n\t\tsandbox, _, err := apiClient.SandboxAPI.GetSandbox(ctx, sandboxId).Execute()\n\t\tif err == nil && sandbox.State != nil && *sandbox.State == apiclient.SANDBOXSTATE_STARTED {\n\t\t\treturn mcp.NewToolResultText(fmt.Sprintf(\"Reusing existing sandbox %s\", sandboxId)), nil\n\t\t}\n\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"sandbox %s not found or not running\", sandboxId)\n\t}\n\n\tcreateSandboxReq, err := createSandboxRequest(args)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, err\n\t}\n\n\t// Create new sandbox with retries\n\tmaxRetries := 3\n\tretryDelay := time.Second * 2\n\n\tfor retry := range maxRetries {\n\t\tsandbox, _, err := apiClient.SandboxAPI.CreateSandbox(ctx).CreateSandbox(*createSandboxReq).Execute()\n\t\tif err != nil {\n\t\t\tif strings.Contains(err.Error(), \"Total CPU quota exceeded\") {\n\t\t\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"CPU quota exceeded. Please delete unused sandboxes or upgrade your plan\")\n\t\t\t}\n\n\t\t\tif retry == maxRetries-1 {\n\t\t\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"failed to create sandbox after %d retries: %v\", maxRetries, err)\n\t\t\t}\n\n\t\t\tlog.Infof(\"Sandbox creation failed, retrying: %v\", err)\n\n\t\t\ttime.Sleep(retryDelay)\n\t\t\tretryDelay = retryDelay * 3 / 2 // Exponential backoff\n\t\t\tcontinue\n\t\t}\n\n\t\tlog.Infof(\"Created new sandbox: %s\", sandbox.Id)\n\n\t\treturn mcp.NewToolResultText(fmt.Sprintf(\"Created new sandbox %s\", sandbox.Id)), nil\n\t}\n\n\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"failed to create sandbox after %d retries\", maxRetries)\n}\n\nfunc createSandboxRequest(args CreateSandboxArgs) (*apiclient.CreateSandbox, error) {\n\tcreateSandbox := apiclient.NewCreateSandbox()\n\n\tif args.Name != nil && *args.Name != \"\" {\n\t\tcreateSandbox.SetName(*args.Name)\n\t}\n\n\tif args.BuildInfo != nil {\n\t\tif args.Snapshot != nil && *args.Snapshot != \"\" {\n\t\t\treturn nil, fmt.Errorf(\"cannot specify a snapshot when using a build info entry\")\n\t\t}\n\t} else {\n\t\tif args.Cpu != nil || args.Gpu != nil || args.Memory != nil || args.Disk != nil {\n\t\t\treturn nil, fmt.Errorf(\"cannot specify sandbox resources when using a snapshot\")\n\t\t}\n\t}\n\n\tif args.Snapshot != nil && *args.Snapshot != \"\" {\n\t\tcreateSandbox.SetSnapshot(*args.Snapshot)\n\t}\n\n\tif args.Target != nil && *args.Target != \"\" {\n\t\tcreateSandbox.SetTarget(*args.Target)\n\t}\n\n\tif args.AutoStopInterval != nil {\n\t\tcreateSandbox.SetAutoStopInterval(*args.AutoStopInterval)\n\t}\n\n\tif args.AutoArchiveInterval != nil {\n\t\tcreateSandbox.SetAutoArchiveInterval(*args.AutoArchiveInterval)\n\t}\n\n\tif args.AutoDeleteInterval != nil {\n\t\tcreateSandbox.SetAutoDeleteInterval(*args.AutoDeleteInterval)\n\t}\n\n\tif args.User != nil && *args.User != \"\" {\n\t\tcreateSandbox.SetUser(*args.User)\n\t}\n\n\tif args.Env != nil {\n\t\tcreateSandbox.SetEnv(*args.Env)\n\t}\n\n\tif args.Labels != nil {\n\t\tcreateSandbox.SetLabels(*args.Labels)\n\t}\n\n\tif args.Public != nil {\n\t\tcreateSandbox.SetPublic(*args.Public)\n\t}\n\n\tif args.Cpu != nil {\n\t\tcreateSandbox.SetCpu(*args.Cpu)\n\t}\n\n\tif args.Memory != nil {\n\t\tcreateSandbox.SetMemory(*args.Memory)\n\t}\n\n\tif args.Disk != nil {\n\t\tcreateSandbox.SetDisk(*args.Disk)\n\t}\n\n\tif args.Volumes != nil {\n\t\tcreateSandbox.SetVolumes(*args.Volumes)\n\t}\n\n\tif args.BuildInfo != nil {\n\t\tcreateSandbox.SetBuildInfo(*args.BuildInfo)\n\t}\n\n\tif args.NetworkBlockAll != nil {\n\t\tcreateSandbox.SetNetworkBlockAll(*args.NetworkBlockAll)\n\t}\n\n\tif args.NetworkAllowList != nil {\n\t\tcreateSandbox.SetNetworkAllowList(*args.NetworkAllowList)\n\t}\n\n\treturn createSandbox, nil\n}\n" }, { "path": "apps/cli/mcp/tools/delete_file.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage tools\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/mark3labs/mcp-go/mcp\"\n\n\tlog \"github.com/sirupsen/logrus\"\n)\n\ntype DeleteFileArgs struct {\n\tId *string `json:\"id,omitempty\"`\n\tFilePath *string `json:\"filePath,omitempty\"`\n}\n\nfunc GetDeleteFileTool() mcp.Tool {\n\treturn mcp.NewTool(\"delete_file\",\n\t\tmcp.WithDescription(\"Delete a file or directory in the Daytona sandbox.\"),\n\t\tmcp.WithString(\"filePath\", mcp.Required(), mcp.Description(\"Path to the file or directory to delete.\")),\n\t\tmcp.WithString(\"id\", mcp.Required(), mcp.Description(\"ID of the sandbox to delete the file in.\")),\n\t)\n}\n\nfunc DeleteFile(ctx context.Context, request mcp.CallToolRequest, args DeleteFileArgs) (*mcp.CallToolResult, error) {\n\tapiClient, err := apiclient_cli.GetApiClient(nil, daytonaMCPHeaders)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, err\n\t}\n\n\tif args.Id == nil || *args.Id == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"sandbox ID is required\")\n\t}\n\n\tif args.FilePath == nil || *args.FilePath == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"filePath parameter is required\")\n\t}\n\n\t// Execute delete command\n\texecResponse, _, err := apiClient.ToolboxAPI.ExecuteCommandDeprecated(ctx, *args.Id).\n\t\tExecuteRequest(*apiclient.NewExecuteRequest(fmt.Sprintf(\"rm -rf %s\", *args.FilePath))).\n\t\tExecute()\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error deleting file: %v\", err)\n\t}\n\n\tlog.Infof(\"Deleted file: %s\", *args.FilePath)\n\n\treturn mcp.NewToolResultText(fmt.Sprintf(\"Deleted file: %s\\nOutput: %s\", *args.FilePath, execResponse.Result)), nil\n}\n" }, { "path": "apps/cli/mcp/tools/destroy_sandbox.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage tools\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/mark3labs/mcp-go/mcp\"\n\n\tlog \"github.com/sirupsen/logrus\"\n)\n\ntype DestroySandboxArgs struct {\n\tId *string `json:\"id,omitempty\"`\n}\n\nfunc GetDestroySandboxTool() mcp.Tool {\n\treturn mcp.NewTool(\"destroy_sandbox\",\n\t\tmcp.WithDescription(\"Destroy a sandbox with Daytona\"),\n\t\tmcp.WithString(\"id\", mcp.Required(), mcp.Description(\"ID of the sandbox to destroy.\")),\n\t)\n}\n\nfunc DestroySandbox(ctx context.Context, request mcp.CallToolRequest, args DestroySandboxArgs) (*mcp.CallToolResult, error) {\n\tapiClient, err := apiclient.GetApiClient(nil, daytonaMCPHeaders)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, err\n\t}\n\n\tif args.Id == nil || *args.Id == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"sandbox ID is required\")\n\t}\n\n\t// Destroy sandbox with retries\n\tmaxRetries := 3\n\tretryDelay := time.Second * 2\n\n\tfor retry := range maxRetries {\n\t\t_, _, err := apiClient.SandboxAPI.DeleteSandbox(ctx, *args.Id).Execute()\n\t\tif err != nil {\n\t\t\tif retry == maxRetries-1 {\n\t\t\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"failed to destroy sandbox after %d retries: %v\", maxRetries, err)\n\t\t\t}\n\n\t\t\tlog.Infof(\"Sandbox creation failed, retrying: %v\", err)\n\n\t\t\ttime.Sleep(retryDelay)\n\t\t\tretryDelay = retryDelay * 3 / 2 // Exponential backoff\n\t\t\tcontinue\n\t\t}\n\n\t\tlog.Infof(\"Destroyed sandbox with ID: %s\", *args.Id)\n\n\t\treturn mcp.NewToolResultText(fmt.Sprintf(\"Destroyed sandbox with ID %s\", *args.Id)), nil\n\t}\n\n\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"failed to destroy sandbox after %d retries\", maxRetries)\n}\n" }, { "path": "apps/cli/mcp/tools/download_file.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage tools\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"path/filepath\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/mark3labs/mcp-go/mcp\"\n)\n\ntype FileDownloadArgs struct {\n\tId *string `json:\"id,omitempty\"`\n\tFilePath *string `json:\"filePath,omitempty\"`\n}\n\ntype Content struct {\n\tType string `json:\"type\"`\n\tText string `json:\"text,omitempty\"`\n\tData string `json:\"data,omitempty\"`\n}\n\nfunc GetFileDownloadTool() mcp.Tool {\n\treturn mcp.NewTool(\"file_download\",\n\t\tmcp.WithDescription(\"Download a file from the Daytona sandbox. Returns the file content either as text or as a base64 encoded image. Handles special cases like matplotlib plots stored as JSON with embedded base64 images.\"),\n\t\tmcp.WithString(\"filePath\", mcp.Required(), mcp.Description(\"Path to the file to download.\")),\n\t\tmcp.WithString(\"id\", mcp.Required(), mcp.Description(\"ID of the sandbox to download the file from.\")),\n\t)\n}\n\nfunc FileDownload(ctx context.Context, request mcp.CallToolRequest, args FileDownloadArgs) (*mcp.CallToolResult, error) {\n\tapiClient, err := apiclient.GetApiClient(nil, daytonaMCPHeaders)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, err\n\t}\n\n\tif args.Id == nil || *args.Id == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"sandbox ID is required\")\n\t}\n\n\tif args.FilePath == nil || *args.FilePath == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"filePath parameter is required\")\n\t}\n\n\t// Download the file\n\tfile, _, err := apiClient.ToolboxAPI.DownloadFileDeprecated(ctx, *args.Id).Path(*args.FilePath).Execute()\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error downloading file: %v\", err)\n\t}\n\tdefer file.Close()\n\n\t// Read file content\n\tcontent, err := io.ReadAll(file)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error reading file content: %v\", err)\n\t}\n\n\t// Process file content based on file type\n\text := filepath.Ext(*args.FilePath)\n\tvar result []Content\n\n\tswitch ext {\n\tcase \".png\", \".jpg\", \".jpeg\", \".gif\":\n\t\t// For image files, return as base64 encoded data\n\t\tresult = []Content{{\n\t\t\tType: \"image\",\n\t\t\tData: string(content),\n\t\t}}\n\tcase \".json\":\n\t\t// For JSON files, try to parse and handle special cases like matplotlib plots\n\t\tvar jsonData map[string]interface{}\n\t\tif err := json.Unmarshal(content, &jsonData); err != nil {\n\t\t\t// If not valid JSON, return as text\n\t\t\tresult = []Content{{\n\t\t\t\tType: \"text\",\n\t\t\t\tText: string(content),\n\t\t\t}}\n\t\t} else {\n\t\t\t// Check if it's a matplotlib plot\n\t\t\tif _, ok := jsonData[\"data\"]; ok {\n\t\t\t\tresult = []Content{{\n\t\t\t\t\tType: \"image\",\n\t\t\t\t\tData: jsonData[\"data\"].(string),\n\t\t\t\t}}\n\t\t\t} else {\n\t\t\t\tresult = []Content{{\n\t\t\t\t\tType: \"text\",\n\t\t\t\t\tText: string(content),\n\t\t\t\t}}\n\t\t\t}\n\t\t}\n\tdefault:\n\t\t// For all other files, return as text\n\t\tresult = []Content{{\n\t\t\tType: \"text\",\n\t\t\tText: string(content),\n\t\t}}\n\t}\n\n\t// Convert result to JSON\n\tresultJSON, err := json.Marshal(result)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error marshaling result: %v\", err)\n\t}\n\n\treturn mcp.NewToolResultText(string(resultJSON)), nil\n}\n" }, { "path": "apps/cli/mcp/tools/execute_command.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage tools\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"strings\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/mark3labs/mcp-go/mcp\"\n\n\tlog \"github.com/sirupsen/logrus\"\n)\n\ntype ExecuteCommandArgs struct {\n\tId *string `json:\"id,omitempty\"`\n\tCommand *string `json:\"command,omitempty\"`\n}\n\ntype CommandResult struct {\n\tStdout string `json:\"stdout\"`\n\tStderr string `json:\"stderr\"`\n\tExitCode int `json:\"exitCode\"`\n\tErrorType string `json:\"errorType,omitempty\"`\n}\n\nfunc GetExecuteCommandTool() mcp.Tool {\n\treturn mcp.NewTool(\"execute_command\",\n\t\tmcp.WithDescription(\"Execute shell commands in the ephemeral Daytona Linux environment. Returns full stdout and stderr output with exit codes. Commands have sandbox user permissions and can install packages, modify files, and interact with running services. Always use /tmp directory. Use verbose flags where available for better output.\"),\n\t\tmcp.WithString(\"command\", mcp.Required(), mcp.Description(\"Command to execute.\")),\n\t\tmcp.WithString(\"id\", mcp.Required(), mcp.Description(\"ID of the sandbox to execute the command in.\")),\n\t)\n}\n\nfunc ExecuteCommand(ctx context.Context, request mcp.CallToolRequest, args ExecuteCommandArgs) (*mcp.CallToolResult, error) {\n\tapiClient, err := apiclient_cli.GetApiClient(nil, daytonaMCPHeaders)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, err\n\t}\n\n\tif args.Id == nil || *args.Id == \"\" {\n\t\treturn returnCommandError(\"Sandbox ID is required\", \"SandboxError\")\n\t}\n\n\tif args.Command == nil || *args.Command == \"\" {\n\t\treturn returnCommandError(\"Command must be a non-empty string\", \"ValueError\")\n\t}\n\n\t// Process the command\n\tcommand := strings.TrimSpace(*args.Command)\n\tif strings.Contains(command, \"&&\") || strings.HasPrefix(command, \"cd \") {\n\t\t// Wrap complex commands in /bin/sh -c\n\t\tcommand = fmt.Sprintf(\"/bin/sh -c %s\", shellQuote(command))\n\t}\n\n\tlog.Infof(\"Executing command: %s\", command)\n\n\t// Execute the command\n\tresult, _, err := apiClient.ToolboxAPI.ExecuteCommandDeprecated(ctx, *args.Id).\n\t\tExecuteRequest(*apiclient.NewExecuteRequest(command)).\n\t\tExecute()\n\n\tif err != nil {\n\t\t// Classify error types\n\t\terrStr := err.Error()\n\t\tswitch {\n\t\tcase strings.Contains(errStr, \"Connection\") || strings.Contains(errStr, \"Timeout\"):\n\t\t\treturn returnCommandError(fmt.Sprintf(\"Network error during command execution: %s\", errStr), \"NetworkError\")\n\t\tcase strings.Contains(errStr, \"Unauthorized\") || strings.Contains(errStr, \"401\"):\n\t\t\treturn returnCommandError(\"Authentication failed during command execution. Please check your API key\", \"NetworkError\")\n\t\tdefault:\n\t\t\treturn returnCommandError(fmt.Sprintf(\"Command execution failed: %s\", errStr), \"CommandExecutionError\")\n\t\t}\n\t}\n\n\t// Process command output\n\tcmdResult := CommandResult{\n\t\tStdout: strings.TrimSpace(result.Result),\n\t\tExitCode: int(result.ExitCode),\n\t}\n\n\t// Log truncated output\n\toutputLen := len(cmdResult.Stdout)\n\tlogOutput := cmdResult.Stdout\n\tif outputLen > 500 {\n\t\tlogOutput = cmdResult.Stdout[:500] + \"...\"\n\t}\n\n\tlog.Infof(\"Command completed - exit code: %d, output length: %d\", cmdResult.ExitCode, outputLen)\n\n\tlog.Debugf(\"Command output (truncated): %s\", logOutput)\n\n\t// Check for non-zero exit code\n\tif cmdResult.ExitCode > 0 {\n\t\tlog.Infof(\"Command exited with non-zero status - exit code: %d\", cmdResult.ExitCode)\n\t}\n\n\t// Convert result to JSON\n\tresultJSON, err := json.MarshalIndent(cmdResult, \"\", \" \")\n\tif err != nil {\n\t\treturn returnCommandError(fmt.Sprintf(\"Error marshaling result: %v\", err), \"CommandExecutionError\")\n\t}\n\n\treturn mcp.NewToolResultText(string(resultJSON)), nil\n}\n\n// Helper function to return command errors in a consistent format\nfunc returnCommandError(message, errorType string) (*mcp.CallToolResult, error) {\n\treturn &mcp.CallToolResult{\n\t\tIsError: true,\n\t\tResult: mcp.Result{\n\t\t\tMeta: map[string]interface{}{\n\t\t\t\t\"Stdout\": \"\",\n\t\t\t\t\"Stderr\": message,\n\t\t\t\t\"ExitCode\": -1,\n\t\t\t\t\"ErrorType\": errorType,\n\t\t\t},\n\t\t},\n\t}, nil\n}\n\n// Helper function to quote shell commands\nfunc shellQuote(s string) string {\n\t// Simple shell quoting - wrap in single quotes and escape existing single quotes\n\treturn \"'\" + strings.ReplaceAll(s, \"'\", \"'\\\"'\\\"'\") + \"'\"\n}\n" }, { "path": "apps/cli/mcp/tools/file_info.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage tools\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/mark3labs/mcp-go/mcp\"\n\n\tlog \"github.com/sirupsen/logrus\"\n)\n\ntype FileInfoArgs struct {\n\tId *string `json:\"id,omitempty\"`\n\tFilePath *string `json:\"filePath,omitempty\"`\n}\n\nfunc GetFileInfoTool() mcp.Tool {\n\treturn mcp.NewTool(\"get_file_info\",\n\t\tmcp.WithDescription(\"Get information about a file in the Daytona sandbox.\"),\n\t\tmcp.WithString(\"filePath\", mcp.Required(), mcp.Description(\"Path to the file to get information about.\")),\n\t\tmcp.WithString(\"id\", mcp.Required(), mcp.Description(\"ID of the sandbox to get the file information from.\")),\n\t)\n}\n\nfunc FileInfo(ctx context.Context, request mcp.CallToolRequest, args FileInfoArgs) (*mcp.CallToolResult, error) {\n\tapiClient, err := apiclient.GetApiClient(nil, daytonaMCPHeaders)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, err\n\t}\n\n\tif args.Id == nil || *args.Id == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"sandbox ID is required\")\n\t}\n\n\tif args.FilePath == nil || *args.FilePath == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"filePath parameter is required\")\n\t}\n\n\t// Get file info\n\tfileInfo, _, err := apiClient.ToolboxAPI.GetFileInfoDeprecated(ctx, *args.Id).Path(*args.FilePath).Execute()\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error getting file info: %v\", err)\n\t}\n\n\t// Convert file info to JSON\n\tfileInfoJSON, err := json.MarshalIndent(fileInfo, \"\", \" \")\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error marshaling file info: %v\", err)\n\t}\n\n\tlog.Infof(\"Retrieved file info for: %s\", *args.FilePath)\n\n\treturn mcp.NewToolResultText(string(fileInfoJSON)), nil\n}\n" }, { "path": "apps/cli/mcp/tools/git_clone.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage tools\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/mark3labs/mcp-go/mcp\"\n\n\tlog \"github.com/sirupsen/logrus\"\n)\n\ntype GitCloneArgs struct {\n\tId *string `json:\"id,omitempty\"`\n\tUrl *string `json:\"url,omitempty\"`\n\tPath *string `json:\"path,omitempty\"`\n\tBranch *string `json:\"branch,omitempty\"`\n\tCommitId *string `json:\"commitId,omitempty\"`\n\tUsername *string `json:\"username,omitempty\"`\n\tPassword *string `json:\"password,omitempty\"`\n}\n\nfunc GetGitCloneTool() mcp.Tool {\n\treturn mcp.NewTool(\"git_clone\",\n\t\tmcp.WithDescription(\"Clone a Git repository into the Daytona sandbox.\"),\n\t\tmcp.WithString(\"url\", mcp.Required(), mcp.Description(\"URL of the Git repository to clone.\")),\n\t\tmcp.WithString(\"path\", mcp.Description(\"Directory to clone the repository into (defaults to current directory).\")),\n\t\tmcp.WithString(\"branch\", mcp.Description(\"Branch to clone.\")),\n\t\tmcp.WithString(\"commitId\", mcp.Description(\"Commit ID to clone.\")),\n\t\tmcp.WithString(\"username\", mcp.Description(\"Username to clone the repository with.\")),\n\t\tmcp.WithString(\"password\", mcp.Description(\"Password to clone the repository with.\")),\n\t\tmcp.WithString(\"id\", mcp.Required(), mcp.Description(\"ID of the sandbox to clone the repository in.\")),\n\t)\n}\n\nfunc GitClone(ctx context.Context, request mcp.CallToolRequest, args GitCloneArgs) (*mcp.CallToolResult, error) {\n\tapiClient, err := apiclient_cli.GetApiClient(nil, daytonaMCPHeaders)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, err\n\t}\n\n\tif args.Id == nil || *args.Id == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"sandbox ID is required\")\n\t}\n\n\tgitCloneRequest, err := getGitCloneRequest(args)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, err\n\t}\n\n\t_, err = apiClient.ToolboxAPI.GitCloneRepositoryDeprecated(ctx, *args.Id).GitCloneRequest(*gitCloneRequest).Execute()\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error cloning repository: %v\", err)\n\t}\n\n\tlog.Infof(\"Cloned repository: %s to %s\", gitCloneRequest.Url, gitCloneRequest.Path)\n\n\treturn mcp.NewToolResultText(fmt.Sprintf(\"Cloned repository: %s to %s\", gitCloneRequest.Url, gitCloneRequest.Path)), nil\n}\n\nfunc getGitCloneRequest(args GitCloneArgs) (*apiclient.GitCloneRequest, error) {\n\tgitCloneRequest := apiclient.GitCloneRequest{}\n\n\tif args.Url == nil || *args.Url == \"\" {\n\t\treturn nil, fmt.Errorf(\"url parameter is required\")\n\t}\n\n\tgitCloneRequest.Url = *args.Url\n\n\tgitCloneRequest.Path = \".\"\n\tif args.Path != nil && *args.Path != \"\" {\n\t\tgitCloneRequest.Path = *args.Path\n\t}\n\n\tif args.Branch != nil && *args.Branch != \"\" {\n\t\tgitCloneRequest.Branch = args.Branch\n\t}\n\n\tif args.CommitId != nil && *args.CommitId != \"\" {\n\t\tgitCloneRequest.CommitId = args.CommitId\n\t}\n\n\tif args.Username != nil && *args.Username != \"\" {\n\t\tgitCloneRequest.Username = args.Username\n\t}\n\n\tif args.Password != nil && *args.Password != \"\" {\n\t\tgitCloneRequest.Password = args.Password\n\t}\n\n\treturn &gitCloneRequest, nil\n}\n" }, { "path": "apps/cli/mcp/tools/list_files.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage tools\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/mark3labs/mcp-go/mcp\"\n\n\tlog \"github.com/sirupsen/logrus\"\n)\n\ntype ListFilesArgs struct {\n\tId *string `json:\"id,omitempty\"`\n\tPath *string `json:\"path,omitempty\"`\n}\n\nfunc GetListFilesTool() mcp.Tool {\n\treturn mcp.NewTool(\"list_files\",\n\t\tmcp.WithDescription(\"List files in a directory in the Daytona sandbox.\"),\n\t\tmcp.WithString(\"path\", mcp.Description(\"Path to the directory to list files from (defaults to current directory).\")),\n\t\tmcp.WithString(\"id\", mcp.Required(), mcp.Description(\"ID of the sandbox to list the files from.\")),\n\t)\n}\n\nfunc ListFiles(ctx context.Context, request mcp.CallToolRequest, args ListFilesArgs) (*mcp.CallToolResult, error) {\n\tapiClient, err := apiclient.GetApiClient(nil, daytonaMCPHeaders)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, err\n\t}\n\n\tif args.Id == nil || *args.Id == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"sandbox ID is required\")\n\t}\n\n\t// Get directory path from request arguments (optional)\n\tdirPath := \".\"\n\tif args.Path != nil && *args.Path != \"\" {\n\t\tdirPath = *args.Path\n\t}\n\n\t// List files\n\tfiles, _, err := apiClient.ToolboxAPI.ListFilesDeprecated(ctx, *args.Id).Path(dirPath).Execute()\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error listing files: %v\", err)\n\t}\n\n\t// Convert files to JSON\n\tfilesJSON, err := json.MarshalIndent(files, \"\", \" \")\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error marshaling files: %v\", err)\n\t}\n\n\tlog.Infof(\"Listed files in directory: %s\", dirPath)\n\n\treturn mcp.NewToolResultText(string(filesJSON)), nil\n}\n" }, { "path": "apps/cli/mcp/tools/move_file.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage tools\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/mark3labs/mcp-go/mcp\"\n\n\tlog \"github.com/sirupsen/logrus\"\n)\n\ntype MoveFileArgs struct {\n\tId *string `json:\"id,omitempty\"`\n\tSourcePath *string `json:\"sourcePath,omitempty\"`\n\tDestPath *string `json:\"destPath,omitempty\"`\n}\n\nfunc GetMoveFileTool() mcp.Tool {\n\treturn mcp.NewTool(\"move_file\",\n\t\tmcp.WithDescription(\"Move or rename a file in the Daytona sandbox.\"),\n\t\tmcp.WithString(\"sourcePath\", mcp.Required(), mcp.Description(\"Source path of the file to move.\")),\n\t\tmcp.WithString(\"destPath\", mcp.Required(), mcp.Description(\"Destination path where to move the file.\")),\n\t\tmcp.WithString(\"id\", mcp.Required(), mcp.Description(\"ID of the sandbox to move the file in.\")),\n\t)\n}\n\nfunc MoveFile(ctx context.Context, request mcp.CallToolRequest, args MoveFileArgs) (*mcp.CallToolResult, error) {\n\tapiClient, err := apiclient.GetApiClient(nil, daytonaMCPHeaders)\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, err\n\t}\n\n\tif args.Id == nil || *args.Id == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"sandbox ID is required\")\n\t}\n\n\t// Get source and destination paths from request arguments\n\tif args.SourcePath == nil || *args.SourcePath == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"sourcePath parameter is required\")\n\t}\n\n\tif args.DestPath == nil || *args.DestPath == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"destPath parameter is required\")\n\t}\n\n\t_, err = apiClient.ToolboxAPI.MoveFileDeprecated(ctx, *args.Id).Source(*args.SourcePath).Destination(*args.DestPath).Execute()\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error moving file: %v\", err)\n\t}\n\n\tlog.Infof(\"Moved file from %s to %s\", *args.SourcePath, *args.DestPath)\n\n\treturn mcp.NewToolResultText(fmt.Sprintf(\"Moved file from %s to %s\", *args.SourcePath, *args.DestPath)), nil\n}\n" }, { "path": "apps/cli/mcp/tools/preview_link.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage tools\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"strconv\"\n\t\"strings\"\n\n\tapiclient_cli \"github.com/daytonaio/daytona/cli/apiclient\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"github.com/mark3labs/mcp-go/mcp\"\n\n\tlog \"github.com/sirupsen/logrus\"\n)\n\ntype PreviewLinkArgs struct {\n\tId *string `json:\"id,omitempty\"`\n\tPort *int32 `json:\"port,omitempty\"`\n\tCheckServer *bool `json:\"checkServer,omitempty\"`\n\tDescription *string `json:\"description,omitempty\"`\n}\n\nfunc GetPreviewLinkTool() mcp.Tool {\n\treturn mcp.NewTool(\"preview_link\",\n\t\tmcp.WithDescription(\"Generate accessible preview URLs for web applications running in the Daytona sandbox. Creates a secure tunnel to expose local ports externally without configuration. Validates if a server is actually running on the specified port and provides diagnostic information for troubleshooting. Supports custom descriptions and metadata for better organization of multiple services.\"),\n\t\tmcp.WithNumber(\"port\", mcp.Required(), mcp.Description(\"Port to expose.\")),\n\t\tmcp.WithString(\"description\", mcp.Required(), mcp.Description(\"Description of the service.\")),\n\t\tmcp.WithBoolean(\"checkServer\", mcp.Required(), mcp.Description(\"Check if a server is running on the specified port.\")),\n\t\tmcp.WithString(\"id\", mcp.Required(), mcp.Description(\"ID of the sandbox to generate the preview link for.\")),\n\t)\n}\n\nfunc PreviewLink(ctx context.Context, request mcp.CallToolRequest, args PreviewLinkArgs) (*mcp.CallToolResult, error) {\n\tapiClient, err := apiclient_cli.GetApiClient(nil, daytonaMCPHeaders)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif args.Id == nil || *args.Id == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"sandbox ID is required\")\n\t}\n\n\tif args.Port == nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"port parameter is required\")\n\t}\n\n\tcheckServer := false\n\tif args.CheckServer != nil && *args.CheckServer {\n\t\tcheckServer = *args.CheckServer\n\t}\n\n\tlog.Infof(\"Generating preview link - port: %d\", *args.Port)\n\n\t// Get the sandbox using sandbox ID\n\tsandbox, _, err := apiClient.SandboxAPI.GetSandbox(ctx, *args.Id).Execute()\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"failed to get sandbox: %v\", err)\n\t}\n\n\tif sandbox == nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"no sandbox available\")\n\t}\n\n\t// Check if server is running on specified port\n\tif checkServer {\n\t\tlog.Infof(\"Checking if server is running - port: %d\", *args.Port)\n\n\t\tcheckCmd := fmt.Sprintf(\"curl -s -o /dev/null -w '%%{http_code}' http://localhost:%d --max-time 2 || echo 'error'\", *args.Port)\n\t\tresult, _, err := apiClient.ToolboxAPI.ExecuteCommandDeprecated(ctx, *args.Id).ExecuteRequest(*apiclient.NewExecuteRequest(checkCmd)).Execute()\n\t\tif err != nil {\n\t\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error checking server: %v\", err)\n\t\t}\n\n\t\tresponse := strings.TrimSpace(result.Result)\n\t\tif response == \"error\" || strings.HasPrefix(response, \"0\") {\n\t\t\tlog.Infof(\"No server detected - port: %d\", *args.Port)\n\n\t\t\t// Check what might be using the port\n\t\t\tpsCmd := fmt.Sprintf(\"ps aux | grep ':%d' | grep -v grep || echo 'No process found'\", *args.Port)\n\t\t\tpsResult, _, err := apiClient.ToolboxAPI.ExecuteCommandDeprecated(ctx, *args.Id).ExecuteRequest(*apiclient.NewExecuteRequest(psCmd)).Execute()\n\t\t\tif err != nil {\n\t\t\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error checking processes: %v\", err)\n\t\t\t}\n\n\t\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"no server detected on port %d. Process info: %s\", *args.Port, strings.TrimSpace(psResult.Result))\n\t\t}\n\t}\n\n\t// Fetch preview URL\n\tpreviewURL, _, err := apiClient.SandboxAPI.GetPortPreviewUrl(ctx, *args.Id, float32(*args.Port)).Execute()\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"failed to get preview URL: %v\", err)\n\t}\n\n\t// Test URL accessibility if requested\n\tvar accessible bool\n\tvar statusCode string\n\tif checkServer {\n\t\tcheckCmd := fmt.Sprintf(\"curl -s -o /dev/null -w '%%{http_code}' %s --max-time 3 || echo 'error'\", previewURL.Url)\n\t\tresult, _, err := apiClient.ToolboxAPI.ExecuteCommandDeprecated(ctx, *args.Id).ExecuteRequest(*apiclient.NewExecuteRequest(checkCmd)).Execute()\n\t\tif err != nil {\n\t\t\tlog.Errorf(\"Error checking preview URL: %v\", err)\n\t\t} else {\n\t\t\tresponse := strings.TrimSpace(result.Result)\n\t\t\taccessible = response != \"error\" && !strings.HasPrefix(response, \"0\")\n\t\t\tif _, err := strconv.Atoi(response); err == nil {\n\t\t\t\tstatusCode = response\n\t\t\t}\n\t\t}\n\t}\n\n\tlog.Infof(\"Preview link generated: %s\", previewURL.Url)\n\tlog.Infof(\"Accessible: %t\", accessible)\n\tlog.Infof(\"Status code: %s\", statusCode)\n\n\treturn mcp.NewToolResultText(fmt.Sprintf(\"Preview link generated: %s\", previewURL.Url)), nil\n}\n" }, { "path": "apps/cli/mcp/tools/upload_file.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage tools\n\nimport (\n\t\"context\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/daytonaio/daytona/cli/apiclient\"\n\t\"github.com/mark3labs/mcp-go/mcp\"\n\n\tlog \"github.com/sirupsen/logrus\"\n)\n\ntype FileUploadArgs struct {\n\tId *string `json:\"id,omitempty\"`\n\tFilePath *string `json:\"filePath,omitempty\"`\n\tContent *string `json:\"content,omitempty\"`\n\tEncoding *string `json:\"encoding,omitempty\"`\n\tOverwrite *bool `json:\"overwrite,omitempty\"`\n}\n\nfunc GetFileUploadTool() mcp.Tool {\n\treturn mcp.NewTool(\"file_upload\",\n\t\tmcp.WithDescription(\"Upload files to the Daytona sandbox from text or base64-encoded binary content. Creates necessary parent directories automatically and verifies successful writes. Files persist during the session and have appropriate permissions for further tool operations. Supports overwrite controls and maintains original file formats.\"),\n\t\tmcp.WithString(\"filePath\", mcp.Required(), mcp.Description(\"Path to the file to upload. Files should always be uploaded to the /tmp directory if user doesn't specify otherwise.\")),\n\t\tmcp.WithString(\"content\", mcp.Required(), mcp.Description(\"Content of the file to upload.\")),\n\t\tmcp.WithString(\"encoding\", mcp.Required(), mcp.Description(\"Encoding of the file to upload.\")),\n\t\tmcp.WithBoolean(\"overwrite\", mcp.Required(), mcp.Description(\"Overwrite the file if it already exists.\")),\n\t\tmcp.WithString(\"id\", mcp.Required(), mcp.Description(\"ID of the sandbox to upload the file to.\")),\n\t)\n}\n\nfunc FileUpload(ctx context.Context, request mcp.CallToolRequest, args FileUploadArgs) (*mcp.CallToolResult, error) {\n\tapiClient, err := apiclient.GetApiClient(nil, daytonaMCPHeaders)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif args.Id == nil || *args.Id == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"sandbox ID is required\")\n\t}\n\n\tif args.FilePath == nil || *args.FilePath == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"filePath parameter is required\")\n\t}\n\n\tif args.Content == nil || *args.Content == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"content parameter is required\")\n\t}\n\n\tif args.Encoding == nil || *args.Encoding == \"\" {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"encoding parameter is required\")\n\t}\n\n\toverwrite := false\n\tif args.Overwrite != nil && *args.Overwrite {\n\t\toverwrite = *args.Overwrite\n\t}\n\n\t// Get the sandbox using sandbox ID\n\tsandbox, _, err := apiClient.SandboxAPI.GetSandbox(ctx, *args.Id).Execute()\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"failed to get sandbox: %v\", err)\n\t}\n\n\tif sandbox == nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"no sandbox available\")\n\t}\n\n\t// Check if file exists and handle overwrite\n\tif !overwrite {\n\t\tfileInfo, _, err := apiClient.ToolboxAPI.GetFileInfoDeprecated(ctx, *args.Id).Path(*args.FilePath).Execute()\n\t\tif err == nil && fileInfo != nil {\n\t\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"file '%s' already exists and overwrite=false\", *args.FilePath)\n\t\t}\n\t}\n\n\t// Prepare content based on encoding\n\tvar binaryContent []byte\n\tif *args.Encoding == \"base64\" {\n\t\tvar err error\n\t\tbinaryContent, err = base64.StdEncoding.DecodeString(*args.Content)\n\t\tif err != nil {\n\t\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"invalid base64 encoding: %v\", err)\n\t\t}\n\t} else {\n\t\t// Default is text encoding\n\t\tbinaryContent = []byte(*args.Content)\n\t}\n\n\t// Create parent directories if they don't exist\n\tparentDir := filepath.Dir(*args.FilePath)\n\tif parentDir != \"\" {\n\t\t_, err := apiClient.ToolboxAPI.CreateFolderDeprecated(ctx, *args.Id).Path(parentDir).Mode(\"0755\").Execute()\n\t\tif err != nil {\n\t\t\tlog.Errorf(\"Error creating parent directory: %v\", err)\n\t\t\t// Continue anyway as upload might handle this\n\t\t}\n\t}\n\n\t// Upload the file\n\ttempFile, err := os.CreateTemp(\"\", \"upload-*\")\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error creating temp file: %v\", err)\n\t}\n\tdefer os.Remove(tempFile.Name()) // Clean up temp file when done\n\tdefer tempFile.Close()\n\n\t// Write content to temp file\n\tif _, err := tempFile.Write(binaryContent); err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error writing to temp file: %v\", err)\n\t}\n\n\t// Reset file pointer to beginning\n\tif _, err := tempFile.Seek(0, 0); err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error seeking temp file: %v\", err)\n\t}\n\n\t// Upload the file\n\t_, err = apiClient.ToolboxAPI.UploadFileDeprecated(ctx, *args.Id).Path(*args.FilePath).File(tempFile).Execute()\n\tif err != nil {\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error uploading file: %v\", err)\n\t}\n\n\t// Get file info for size\n\tfileInfo, _, err := apiClient.ToolboxAPI.GetFileInfoDeprecated(ctx, *args.Id).Path(*args.FilePath).Execute()\n\tif err != nil {\n\t\tlog.Errorf(\"Error getting file info after upload: %v\", err)\n\n\t\treturn &mcp.CallToolResult{IsError: true}, fmt.Errorf(\"error getting file info after upload: %v\", err)\n\t}\n\n\tfileSizeKB := float64(fileInfo.Size) / 1024\n\tlog.Infof(\"File uploaded successfully: %s, size: %.2fKB\", *args.FilePath, fileSizeKB)\n\n\treturn mcp.NewToolResultText(fmt.Sprintf(\"File uploaded successfully: %s\", *args.FilePath)), nil\n}\n" }, { "path": "apps/cli/pkg/minio/minio.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage minio\n\nimport (\n\t\"archive/tar\"\n\t\"bytes\"\n\t\"context\"\n\t\"crypto/sha256\"\n\t\"encoding/hex\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/minio/minio-go/v7\"\n\t\"github.com/minio/minio-go/v7/pkg/credentials\"\n)\n\nconst CONTEXT_TAR_FILE_NAME = \"context.tar\"\n\ntype Client struct {\n\tminioClient *minio.Client\n\tbucket string\n}\n\nfunc NewClient(endpoint, accessKey, secretKey, bucket string, useSSL bool, sessionToken string) (*Client, error) {\n\tminioClient, err := minio.New(endpoint, &minio.Options{\n\t\tCreds: credentials.NewStaticV4(accessKey, secretKey, sessionToken),\n\t\tSecure: useSSL,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to create MinIO client: %w\", err)\n\t}\n\n\treturn &Client{\n\t\tminioClient: minioClient,\n\t\tbucket: bucket,\n\t}, nil\n}\n\nfunc (c *Client) UploadFile(ctx context.Context, objectName string, data []byte) error {\n\texists, err := c.minioClient.BucketExists(ctx, c.bucket)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"error checking bucket existence: %w\", err)\n\t}\n\tif !exists {\n\t\terr = c.minioClient.MakeBucket(ctx, c.bucket, minio.MakeBucketOptions{})\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"error creating bucket: %w\", err)\n\t\t}\n\t}\n\n\treader := bytes.NewReader(data)\n\tobjectSize := int64(len(data))\n\n\t_, err = c.minioClient.PutObject(ctx, c.bucket, objectName, reader, objectSize, minio.PutObjectOptions{\n\t\tContentType: \"application/octet-stream\",\n\t})\n\tif err != nil {\n\t\treturn fmt.Errorf(\"error uploading file: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc readIgnoreFile(rootPath, filename string) []string {\n\tignoreFile := filepath.Join(rootPath, filename)\n\tcontent, err := os.ReadFile(ignoreFile)\n\tif err != nil {\n\t\treturn nil\n\t}\n\n\tvar patterns []string\n\tlines := strings.Split(string(content), \"\\n\")\n\tfor _, line := range lines {\n\t\tline = strings.TrimSpace(line)\n\t\t// Skip empty lines and comments\n\t\tif line == \"\" || strings.HasPrefix(line, \"#\") {\n\t\t\tcontinue\n\t\t}\n\t\tpatterns = append(patterns, line)\n\t}\n\treturn patterns\n}\n\nfunc matchPattern(filePath string, patterns []string) bool {\n\tfilePath = filepath.ToSlash(filePath)\n\n\tfor _, pattern := range patterns {\n\t\tpattern = filepath.ToSlash(pattern)\n\n\t\tif strings.HasSuffix(pattern, \"/\") {\n\t\t\tpattern = strings.TrimSuffix(pattern, \"/\")\n\t\t\tif strings.HasPrefix(filePath, pattern+\"/\") || filePath == pattern {\n\t\t\t\treturn true\n\t\t\t}\n\t\t\tcontinue\n\t\t}\n\n\t\t// Handle double star patterns (**) - matches any number of directories\n\t\tif strings.Contains(pattern, \"**\") {\n\t\t\t// Convert ** to a simpler pattern for basic matching\n\t\t\tparts := strings.Split(pattern, \"**\")\n\t\t\tif len(parts) == 2 {\n\t\t\t\tprefix := parts[0]\n\t\t\t\tsuffix := parts[1]\n\n\t\t\t\t// Remove trailing/leading slashes from prefix/suffix\n\t\t\t\tprefix = strings.TrimSuffix(prefix, \"/\")\n\t\t\t\tsuffix = strings.TrimPrefix(suffix, \"/\")\n\n\t\t\t\tif prefix == \"\" && suffix != \"\" {\n\t\t\t\t\t// Pattern like **/node_modules\n\t\t\t\t\tif strings.Contains(filePath, \"/\"+suffix) || strings.HasSuffix(filePath, suffix) || filePath == suffix {\n\t\t\t\t\t\treturn true\n\t\t\t\t\t}\n\t\t\t\t} else if prefix != \"\" && suffix == \"\" {\n\t\t\t\t\t// Pattern like .git/**\n\t\t\t\t\tif strings.HasPrefix(filePath, prefix+\"/\") || filePath == prefix {\n\t\t\t\t\t\treturn true\n\t\t\t\t\t}\n\t\t\t\t} else if prefix != \"\" && suffix != \"\" {\n\t\t\t\t\t// Pattern like src/**/test\n\t\t\t\t\tif strings.HasPrefix(filePath, prefix+\"/\") && (strings.Contains(filePath, \"/\"+suffix) || strings.HasSuffix(filePath, suffix)) {\n\t\t\t\t\t\treturn true\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tcontinue\n\t\t}\n\n\t\tif strings.Contains(pattern, \"*\") {\n\t\t\tmatched, err := filepath.Match(pattern, filepath.Base(filePath))\n\t\t\tif err == nil && matched {\n\t\t\t\treturn true\n\t\t\t}\n\t\t\t// Also check full path for patterns like */node_modules\n\t\t\tmatched, err = filepath.Match(pattern, filePath)\n\t\t\tif err == nil && matched {\n\t\t\t\treturn true\n\t\t\t}\n\t\t\tcontinue\n\t\t}\n\n\t\t// Handle exact matches and prefix matches\n\t\tif filePath == pattern ||\n\t\t\tstrings.HasPrefix(filePath, pattern+\"/\") ||\n\t\t\tfilepath.Base(filePath) == pattern {\n\t\t\treturn true\n\t\t}\n\t}\n\treturn false\n}\n\nfunc shouldExcludeFile(filePath, rootPath string) bool {\n\trelPath, err := filepath.Rel(rootPath, filePath)\n\tif err != nil {\n\t\treturn false\n\t}\n\n\tdockerignorePatterns := readIgnoreFile(rootPath, \".dockerignore\")\n\n\tif len(dockerignorePatterns) == 0 {\n\t\treturn false\n\t}\n\n\treturn matchPattern(relPath, dockerignorePatterns)\n}\n\nfunc (c *Client) ListObjects(ctx context.Context, prefix string) ([]string, error) {\n\tvar objects []string\n\n\tobjectCh := c.minioClient.ListObjects(ctx, c.bucket, minio.ListObjectsOptions{\n\t\tPrefix: prefix,\n\t})\n\n\tfor object := range objectCh {\n\t\tif object.Err != nil {\n\t\t\treturn nil, object.Err\n\t\t}\n\t\tobjects = append(objects, object.Key)\n\t}\n\n\treturn objects, nil\n}\n\nfunc (c *Client) ProcessDirectory(ctx context.Context, dirPath, orgID string, existingObjects map[string]bool) ([]string, error) {\n\t// Check if .dockerignore exists and provide helpful message if context is large\n\tdockerignoreExists := false\n\tif _, err := os.Stat(filepath.Join(dirPath, \".dockerignore\")); err == nil {\n\t\tdockerignoreExists = true\n\t}\n\n\ttarFile, err := os.Create(CONTEXT_TAR_FILE_NAME)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to create tar file: %w\", err)\n\t}\n\tdefer tarFile.Close()\n\n\ttw := tar.NewWriter(tarFile)\n\tdefer tw.Close()\n\n\tfileCount := 0\n\ttotalSize := int64(0)\n\n\twarned := false\n\terr = filepath.Walk(dirPath, func(file string, fi os.FileInfo, err error) error {\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif fi.Name() == CONTEXT_TAR_FILE_NAME {\n\t\t\treturn nil\n\t\t}\n\n\t\tif shouldExcludeFile(file, dirPath) {\n\t\t\trelPath, _ := filepath.Rel(dirPath, file)\n\t\t\tif fi.IsDir() {\n\t\t\t\tfmt.Printf(\"Excluding directory: %s\\n\", relPath)\n\t\t\t\treturn filepath.SkipDir\n\t\t\t}\n\t\t\tfmt.Printf(\"Excluding file: %s\\n\", relPath)\n\t\t\treturn nil\n\t\t}\n\n\t\theader, err := tar.FileInfoHeader(fi, fi.Name())\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\trelPath, err := filepath.Rel(dirPath, file)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\theader.Name = relPath\n\n\t\tif err := tw.WriteHeader(header); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\t// Write file contents if regular file\n\t\tif fi.Mode().IsRegular() {\n\t\t\tfileCount++\n\t\t\ttotalSize += fi.Size()\n\n\t\t\tif fileCount%1000 == 0 {\n\t\t\t\tfmt.Printf(\"Processing... %d files, %.2f MB total\\n\", fileCount, float64(totalSize)/(1024*1024))\n\t\t\t}\n\n\t\t\t// Warn if context is getting very large (only warn once)\n\t\t\tif totalSize > 100*1024*1024 && !dockerignoreExists && !warned {\n\t\t\t\tfmt.Printf(\"Warning: Context size exceeds 100MB. Consider adding a .dockerignore file to exclude unnecessary files.\\n\")\n\t\t\t\twarned = true\n\t\t\t}\n\n\t\t\tf, err := os.Open(file)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tdefer f.Close()\n\n\t\t\t_, err = io.Copy(tw, f)\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n\n\tif err != nil {\n\t\tif strings.Contains(err.Error(), \"write too long\") {\n\t\t\treturn nil, fmt.Errorf(\"context directory is too large for tar archive. Please create a .dockerignore file to exclude large directories like .git, node_modules, dist, etc. Original error: %w\", err)\n\t\t}\n\t\treturn nil, fmt.Errorf(\"failed to process directory: %w\", err)\n\t}\n\n\tfmt.Printf(\"Context processing complete: %d files, %.2f MB total\\n\", fileCount, float64(totalSize)/(1024*1024))\n\n\t// Seek to start of tar file before calculating hash\n\tif _, err := tarFile.Seek(0, 0); err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to seek tar file: %w\", err)\n\t}\n\n\t// Calculate hash of tar contents\n\thasher := sha256.New()\n\tif _, err := io.Copy(hasher, tarFile); err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to hash tar: %w\", err)\n\t}\n\thash := hex.EncodeToString(hasher.Sum(nil))\n\n\tobjectName := fmt.Sprintf(\"%s/%s\", orgID, hash)\n\tif _, exists := existingObjects[objectName]; !exists {\n\t\terr = c.CreateDirectory(ctx, objectName)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif _, err := tarFile.Seek(0, 0); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to seek tar file: %w\", err)\n\t\t}\n\n\t\ttarContent, err := io.ReadAll(tarFile)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to read tar file: %w\", err)\n\t\t}\n\n\t\terr = c.UploadFile(ctx, fmt.Sprintf(\"%s/%s\", objectName, CONTEXT_TAR_FILE_NAME), tarContent)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to upload tar: %w\", err)\n\t\t}\n\n\t\tif err := os.Remove(CONTEXT_TAR_FILE_NAME); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to remove tar file: %w\", err)\n\t\t}\n\t} else {\n\t\tfmt.Printf(\"Directory %s with hash %s already exists in storage\\n\", dirPath, hash)\n\t}\n\n\treturn []string{hash}, nil\n}\n\nfunc (c *Client) ProcessFile(ctx context.Context, filePath, orgID string, existingObjects map[string]bool) (string, error) {\n\tfileContent, err := os.ReadFile(filePath)\n\tif err != nil {\n\t\treturn \"\", fmt.Errorf(\"failed to read file: %w\", err)\n\t}\n\n\thasher := sha256.New()\n\thasher.Write(fileContent)\n\thash := hex.EncodeToString(hasher.Sum(nil))\n\n\tobjectName := fmt.Sprintf(\"%s/%s\", orgID, hash)\n\tif _, exists := existingObjects[objectName]; !exists {\n\t\tvar tarBuffer bytes.Buffer\n\t\ttarWriter := tar.NewWriter(&tarBuffer)\n\n\t\tfileName := filepath.Base(filePath)\n\n\t\tfileInfo, err := os.Stat(filePath)\n\t\tif err != nil {\n\t\t\treturn \"\", fmt.Errorf(\"failed to stat file: %w\", err)\n\t\t}\n\n\t\theader, err := tar.FileInfoHeader(fileInfo, \"\")\n\t\tif err != nil {\n\t\t\treturn \"\", fmt.Errorf(\"failed to create tar header: %w\", err)\n\t\t}\n\t\theader.Name = fileName\n\n\t\tif err := tarWriter.WriteHeader(header); err != nil {\n\t\t\treturn \"\", fmt.Errorf(\"failed to write tar header: %w\", err)\n\t\t}\n\n\t\tif _, err := tarWriter.Write(fileContent); err != nil {\n\t\t\treturn \"\", fmt.Errorf(\"failed to write file to tar: %w\", err)\n\t\t}\n\n\t\tif err := tarWriter.Close(); err != nil {\n\t\t\treturn \"\", fmt.Errorf(\"failed to close tar writer: %w\", err)\n\t\t}\n\n\t\terr = c.CreateDirectory(ctx, objectName)\n\t\tif err != nil {\n\t\t\treturn \"\", err\n\t\t}\n\n\t\t// Upload tar file instead of raw content\n\t\terr = c.UploadFile(ctx, fmt.Sprintf(\"%s/%s\", objectName, CONTEXT_TAR_FILE_NAME), tarBuffer.Bytes())\n\t\tif err != nil {\n\t\t\treturn \"\", err\n\t\t}\n\t} else {\n\t\tfmt.Printf(\"File %s with hash %s already exists in storage - skipping\\n\", filePath, hash)\n\t}\n\n\treturn hash, nil\n}\n\nfunc (c *Client) CreateDirectory(ctx context.Context, directoryPath string) error {\n\texists, err := c.minioClient.BucketExists(ctx, c.bucket)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"error checking bucket existence: %w\", err)\n\t}\n\tif !exists {\n\t\treturn fmt.Errorf(\"bucket does not exist\")\n\t}\n\n\t// Ensure the directory path ends with a slash to represent a directory\n\tif !strings.HasSuffix(directoryPath, \"/\") {\n\t\tdirectoryPath = directoryPath + \"/\"\n\t}\n\n\t// Create an empty object to represent the directory\n\temptyContent := []byte{}\n\treader := bytes.NewReader(emptyContent)\n\t_, err = c.minioClient.PutObject(ctx, c.bucket, directoryPath, reader, 0, minio.PutObjectOptions{\n\t\tContentType: \"application/directory\",\n\t})\n\tif err != nil {\n\t\treturn fmt.Errorf(\"error creating directory marker: %w\", err)\n\t}\n\n\treturn nil\n}\n" }, { "path": "apps/cli/project.json", "content": "{\n \"name\": \"cli\",\n \"$schema\": \"../../node_modules/nx/schemas/project-schema.json\",\n \"projectType\": \"application\",\n \"sourceRoot\": \"apps/cli\",\n \"tags\": [],\n \"targets\": {\n \"build\": {\n \"executor\": \"@nx-go/nx-go:build\",\n \"inputs\": [\"goProduction\"],\n \"options\": {\n \"main\": \"{projectRoot}/main.go\",\n \"outputPath\": \"dist/apps/cli/cli\"\n }\n },\n \"format\": {\n \"executor\": \"nx:run-commands\",\n \"options\": {\n \"command\": \"cd {projectRoot} && go fmt ./... && prettier --write \\\"**/*.{yaml,html}\\\"\"\n }\n },\n \"test\": {\n \"executor\": \"@nx-go/nx-go:test\"\n },\n \"lint\": {\n \"executor\": \"@nx-go/nx-go:lint\"\n }\n }\n}\n" }, { "path": "apps/cli/toolbox/toolbox.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage toolbox\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"strings\"\n\n\t\"github.com/daytonaio/daytona/cli/config\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n)\n\ntype ExecuteRequest struct {\n\tCommand string `json:\"command\"`\n\tCwd *string `json:\"cwd,omitempty\"`\n\tTimeout *float32 `json:\"timeout,omitempty\"`\n}\n\ntype ExecuteResponse struct {\n\tExitCode float32 `json:\"exitCode\"`\n\tResult string `json:\"result\"`\n}\n\ntype Client struct {\n\tapiClient *apiclient.APIClient\n}\n\nfunc NewClient(apiClient *apiclient.APIClient) *Client {\n\treturn &Client{\n\t\tapiClient: apiClient,\n\t}\n}\n\n// Gets the toolbox proxy URL for a sandbox, caching by region in config\nfunc (c *Client) getProxyURL(ctx context.Context, sandboxId, region string) (string, error) {\n\t// Check config cache first\n\tcachedURL, err := config.GetToolboxProxyUrl(region)\n\tif err == nil && cachedURL != \"\" {\n\t\treturn cachedURL, nil\n\t}\n\n\t// Fetch from API\n\ttoolboxProxyUrl, _, err := c.apiClient.SandboxAPI.GetToolboxProxyUrl(ctx, sandboxId).Execute()\n\tif err != nil {\n\t\treturn \"\", fmt.Errorf(\"failed to get toolbox proxy URL: %w\", err)\n\t}\n\n\t// Best-effort caching\n\t_ = config.SetToolboxProxyUrl(region, toolboxProxyUrl.Url)\n\n\treturn toolboxProxyUrl.Url, nil\n}\n\nfunc (c *Client) ExecuteCommand(ctx context.Context, sandbox *apiclient.Sandbox, request ExecuteRequest) (*ExecuteResponse, error) {\n\tproxyURL, err := c.getProxyURL(ctx, sandbox.Id, sandbox.Target)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn c.executeCommandViaProxy(ctx, proxyURL, sandbox.Id, request)\n}\n\n// TODO: replace this with the toolbox api client at some point\nfunc (c *Client) executeCommandViaProxy(ctx context.Context, proxyURL, sandboxId string, request ExecuteRequest) (*ExecuteResponse, error) {\n\t// Build the URL: {proxyUrl}/{sandboxId}/process/execute\n\turl := fmt.Sprintf(\"%s/%s/process/execute\", strings.TrimSuffix(proxyURL, \"/\"), sandboxId)\n\n\tbody, err := json.Marshal(request)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to marshal request: %w\", err)\n\t}\n\n\treq, err := http.NewRequestWithContext(ctx, \"POST\", url, bytes.NewReader(body))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to create request: %w\", err)\n\t}\n\n\treq.Header.Set(\"Content-Type\", \"application/json\")\n\n\tcfg, err := config.GetConfig()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tactiveProfile, err := cfg.GetActiveProfile()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif activeProfile.Api.Key != nil {\n\t\treq.Header.Set(\"Authorization\", \"Bearer \"+*activeProfile.Api.Key)\n\t} else if activeProfile.Api.Token != nil {\n\t\treq.Header.Set(\"Authorization\", \"Bearer \"+activeProfile.Api.Token.AccessToken)\n\t}\n\n\tif activeProfile.ActiveOrganizationId != nil {\n\t\treq.Header.Set(\"X-Daytona-Organization-ID\", *activeProfile.ActiveOrganizationId)\n\t}\n\n\tclient := &http.Client{}\n\tresp, err := client.Do(req)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute request: %w\", err)\n\t}\n\tdefer resp.Body.Close()\n\n\trespBody, err := io.ReadAll(resp.Body)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to read response: %w\", err)\n\t}\n\n\tif resp.StatusCode != http.StatusOK {\n\t\treturn nil, fmt.Errorf(\"request failed with status %d: %s\", resp.StatusCode, string(respBody))\n\t}\n\n\tvar response ExecuteResponse\n\tif err := json.Unmarshal(respBody, &response); err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to parse response: %w\", err)\n\t}\n\n\treturn &response, nil\n}\n" }, { "path": "apps/cli/util/pointer.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\n// Use generics to create a pointer to a value\nfunc Pointer[T any](d T) *T {\n\treturn &d\n}\n" }, { "path": "apps/cli/views/common/common.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/charmbracelet/huh\"\n\t\"github.com/charmbracelet/lipgloss\"\n)\n\nvar DefaultLayoutMarginTop = 1\n\nvar DefaultHorizontalMargin = 1\n\nvar TUITableMinimumWidth = 80\n\nvar SeparatorString = lipgloss.NewStyle().Foreground(LightGray).Render(\"===\")\n\nvar Checkmark = lipgloss.NewStyle().Foreground(lipgloss.Color(\"42\")).SetString(\"✓\").String()\n\nvar (\n\tminimumWidth = 40\n\tmaximumWidth = 160\n\twidthBreakpoints = []int{60, 80, 100, 120, 140, 160}\n)\n\nfunc RenderMainTitle(title string) {\n\tfmt.Println(lipgloss.NewStyle().Foreground(Green).Bold(true).Padding(1, 0, 1, 0).Render(title))\n}\n\nfunc RenderTip(message string) {\n\tfmt.Println(lipgloss.NewStyle().Padding(0, 0, 1, 1).Render(message))\n}\n\nfunc RenderInfoMessage(message string) {\n\tfmt.Println(lipgloss.NewStyle().PaddingLeft(1).Render(message))\n}\n\nfunc RenderInfoMessageBold(message string) {\n\tfmt.Println(lipgloss.NewStyle().Bold(true).Padding(1, 0, 1, 1).Render(message))\n}\n\nfunc GetStyledMainTitle(content string) string {\n\treturn lipgloss.NewStyle().Foreground(Dark).Background(Light).Padding(0, 1).MarginTop(1).Render(content)\n}\n\nfunc GetInfoMessage(message string) string {\n\treturn lipgloss.NewStyle().Padding(1, 0, 1, 1).Render(message)\n}\n\nfunc GetContainerBreakpointWidth(terminalWidth int) int {\n\tif terminalWidth < minimumWidth {\n\t\treturn 0\n\t}\n\tfor _, width := range widthBreakpoints {\n\t\tif terminalWidth < width {\n\t\t\treturn width - 20 - DefaultHorizontalMargin - DefaultHorizontalMargin\n\t\t}\n\t}\n\treturn maximumWidth\n}\n\nfunc GetEnvVarsInput(envVars *map[string]string) *huh.Text {\n\tif envVars == nil {\n\t\treturn nil\n\t}\n\n\tvar inputText string\n\tfor key, value := range *envVars {\n\t\tinputText += fmt.Sprintf(\"%s=%s\\n\", key, value)\n\t}\n\tinputText = strings.TrimSuffix(inputText, \"\\n\")\n\n\treturn huh.NewText().\n\t\tTitle(\"Environment Variables\").\n\t\tDescription(\"Enter environment variables in the format KEY=VALUE\\nTo pass machine env variables at runtime, use $VALUE\").\n\t\tCharLimit(-1).\n\t\tValue(&inputText).\n\t\tValidate(func(str string) error {\n\t\t\ttempEnvVars := map[string]string{}\n\t\t\tfor i, line := range strings.Split(str, \"\\n\") {\n\t\t\t\tif line == \"\" {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\tparts := strings.SplitN(line, \"=\", 2)\n\t\t\t\tif len(parts) != 2 {\n\t\t\t\t\treturn fmt.Errorf(\"invalid format: %s on line %d\", line, i+1)\n\t\t\t\t}\n\n\t\t\t\ttempEnvVars[parts[0]] = parts[1]\n\t\t\t}\n\t\t\t*envVars = tempEnvVars\n\n\t\t\treturn nil\n\t\t})\n}\n\n// Bolds the message and prepends a checkmark\nfunc GetPrettyLogLine(message string) string {\n\treturn fmt.Sprintf(\"%s \\033[1m%s\\033[0m\\n\", lipgloss.NewStyle().Foreground(lipgloss.Color(\"42\")).SetString(\"✓\").String(), message)\n}\n" }, { "path": "apps/cli/views/common/prompt.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/charmbracelet/bubbles/textinput\"\n\ttea \"github.com/charmbracelet/bubbletea\"\n\t\"github.com/charmbracelet/lipgloss\"\n)\n\ntype promptModel struct {\n\ttextInput textinput.Model\n\terr error\n\tdone bool\n\ttitle string\n\tdesc string\n}\n\nfunc (m promptModel) Init() tea.Cmd {\n\treturn textinput.Blink\n}\n\nfunc (m promptModel) Update(msg tea.Msg) (tea.Model, tea.Cmd) {\n\tvar cmd tea.Cmd\n\n\tswitch msg := msg.(type) {\n\tcase tea.KeyMsg:\n\t\tswitch msg.Type {\n\t\tcase tea.KeyEnter:\n\t\t\tm.done = true\n\t\t\treturn m, tea.Quit\n\t\tcase tea.KeyCtrlC:\n\t\t\tm.done = true\n\t\t\tm.err = fmt.Errorf(\"user cancelled\")\n\t\t\treturn m, tea.Quit\n\t\t}\n\t}\n\n\tm.textInput, cmd = m.textInput.Update(msg)\n\treturn m, cmd\n}\n\nfunc (m promptModel) View() string {\n\tif m.done {\n\t\treturn \"\"\n\t}\n\n\ttitleStyle := lipgloss.NewStyle().\n\t\tBold(true).\n\t\tMarginLeft(2).\n\t\tMarginTop(1)\n\n\tdescStyle := lipgloss.NewStyle().\n\t\tForeground(lipgloss.Color(\"241\")).\n\t\tMarginLeft(2)\n\n\treturn fmt.Sprintf(\"\\n%s\\n%s\\n\\n %s\\n\\n\",\n\t\ttitleStyle.Render(m.title),\n\t\tdescStyle.Render(m.desc),\n\t\tm.textInput.View())\n}\n\nfunc PromptForInput(prompt, title, desc string) (string, error) {\n\tti := textinput.New()\n\tti.Focus()\n\tti.CharLimit = 156\n\tti.Width = 80\n\tti.Prompt = \"› \"\n\n\tm := promptModel{\n\t\ttextInput: ti,\n\t\ttitle: title,\n\t\tdesc: desc,\n\t}\n\n\tp := tea.NewProgram(m, tea.WithAltScreen())\n\tmodel, err := p.Run()\n\tif err != nil {\n\t\treturn \"\", fmt.Errorf(\"error running prompt: %w\", err)\n\t}\n\n\tfinalModel, ok := model.(promptModel)\n\tif !ok {\n\t\treturn \"\", fmt.Errorf(\"could not read model state\")\n\t}\n\n\tif finalModel.err != nil {\n\t\treturn \"\", finalModel.err\n\t}\n\n\treturn strings.TrimSpace(finalModel.textInput.Value()), nil\n}\n" }, { "path": "apps/cli/views/common/select.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\ttea \"github.com/charmbracelet/bubbletea\"\n\t\"github.com/charmbracelet/lipgloss\"\n)\n\n// SelectItem represents an item in the selection list\ntype SelectItem struct {\n\tTitle string\n\tDesc string\n}\n\n// SelectModel represents the selection UI model\ntype SelectModel struct {\n\tTitle string\n\tItems []SelectItem\n\tSelected int\n\tChoice string\n\tQuitting bool\n}\n\n// NewSelectModel creates a new select model with the given title and items\nfunc NewSelectModel(title string, items []SelectItem) SelectModel {\n\treturn SelectModel{\n\t\tTitle: title,\n\t\tItems: items,\n\t\tSelected: 0,\n\t}\n}\n\nfunc (m SelectModel) Init() tea.Cmd {\n\treturn nil\n}\n\nfunc (m SelectModel) Update(msg tea.Msg) (tea.Model, tea.Cmd) {\n\tswitch msg := msg.(type) {\n\tcase tea.KeyMsg:\n\t\tswitch msg.String() {\n\t\tcase \"ctrl+c\":\n\t\t\tm.Quitting = true\n\t\t\treturn m, tea.Quit\n\t\tcase \"up\", \"k\":\n\t\t\tif m.Selected > 0 {\n\t\t\t\tm.Selected--\n\t\t\t}\n\t\tcase \"down\", \"j\":\n\t\t\tif m.Selected < len(m.Items)-1 {\n\t\t\t\tm.Selected++\n\t\t\t}\n\t\tcase \"enter\":\n\t\t\tm.Choice = m.Items[m.Selected].Title\n\t\t\treturn m, tea.Quit\n\t\t}\n\t}\n\treturn m, nil\n}\n\nfunc (m SelectModel) View() string {\n\tif m.Quitting {\n\t\treturn \"\"\n\t}\n\n\ts := lipgloss.NewStyle().\n\t\tBold(true).\n\t\tMarginLeft(2).\n\t\tMarginTop(1).\n\t\tRender(m.Title) + \"\\n\\n\"\n\n\tfor i, item := range m.Items {\n\t\tcursor := \" \"\n\t\tstyle := lipgloss.NewStyle().\n\t\t\tForeground(lipgloss.Color(\"151\")).\n\t\t\tPaddingLeft(2)\n\n\t\tif i == m.Selected {\n\t\t\tcursor = \"› \"\n\t\t\tstyle = style.Foreground(lipgloss.Color(\"42\")).Bold(true)\n\t\t}\n\n\t\ts += style.Render(cursor+item.Title) + \"\\n\"\n\t\ts += lipgloss.NewStyle().\n\t\t\tPaddingLeft(4).\n\t\t\tForeground(lipgloss.Color(\"241\")).\n\t\t\tRender(item.Desc) + \"\\n\\n\"\n\t}\n\n\treturn s\n}\n\n// Select displays a selection prompt with the given title and items\n// Returns the selected item's title and any error that occurred\nfunc Select(title string, items []SelectItem) (string, error) {\n\tp := tea.NewProgram(NewSelectModel(title, items), tea.WithAltScreen())\n\tm, err := p.Run()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tfinalModel, ok := m.(SelectModel)\n\tif !ok {\n\t\treturn \"\", nil\n\t}\n\n\tif finalModel.Quitting {\n\t\treturn \"\", nil\n\t}\n\n\treturn finalModel.Choice, nil\n}\n" }, { "path": "apps/cli/views/common/styles.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/charmbracelet/bubbles/list\"\n\t\"github.com/charmbracelet/huh\"\n\t\"github.com/charmbracelet/lipgloss\"\n)\n\nvar (\n\tListNavigationText = \"load more\"\n\tListNavigationRenderText = \"+ Load more..\"\n)\n\nvar (\n\tGreen = lipgloss.AdaptiveColor{Light: \"#23cc71\", Dark: \"#23cc71\"}\n\tBlue = lipgloss.AdaptiveColor{Light: \"#017ffe\", Dark: \"#017ffe\"}\n\tYellow = lipgloss.AdaptiveColor{Light: \"#d4ed2d\", Dark: \"#d4ed2d\"}\n\tCyan = lipgloss.AdaptiveColor{Light: \"#3ef7e5\", Dark: \"#3ef7e5\"}\n\tDimmedGreen = lipgloss.AdaptiveColor{Light: \"#7be0a9\", Dark: \"#7be0a9\"}\n\tOrange = lipgloss.AdaptiveColor{Light: \"#e3881b\", Dark: \"#e3881b\"}\n\tLight = lipgloss.AdaptiveColor{Light: \"#000\", Dark: \"#fff\"}\n\tDark = lipgloss.AdaptiveColor{Light: \"#fff\", Dark: \"#000\"}\n\tGray = lipgloss.AdaptiveColor{Light: \"243\", Dark: \"243\"}\n\tLightGray = lipgloss.AdaptiveColor{Light: \"#828282\", Dark: \"#828282\"}\n\tRed = lipgloss.AdaptiveColor{Light: \"#FF4672\", Dark: \"#ED567A\"}\n)\n\nvar (\n\tColorPending = lipgloss.AdaptiveColor{Light: \"#cce046\", Dark: \"#cce046\"}\n\tColorSuccess = lipgloss.AdaptiveColor{Light: \"#2ecc71\", Dark: \"#2ecc71\"}\n\tColorStarting = ColorSuccess\n\tColorStopped = lipgloss.AdaptiveColor{Light: \"#a2a2a2\", Dark: \"#a2a2a2\"}\n\tColorStopping = ColorStopped\n\tColorError = lipgloss.AdaptiveColor{Light: \"#e74c3c\", Dark: \"#e74c3c\"}\n\tColorDeleting = ColorStopped\n\tColorDeleted = ColorStopped\n\tColorUnresponsive = ColorError\n)\n\nvar (\n\tBaseTableStyleHorizontalPadding = 4\n\tBaseTableStyle = lipgloss.NewStyle().\n\t\t\t\t\tPaddingLeft(BaseTableStyleHorizontalPadding).\n\t\t\t\t\tPaddingRight(BaseTableStyleHorizontalPadding).\n\t\t\t\t\tPaddingTop(1).\n\t\t\t\t\tMargin(1, 0)\n\n\tNameStyle = lipgloss.NewStyle().Foreground(Light)\n\tLinkStyle = lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color(\"12\"))\n\tActiveStyle = lipgloss.NewStyle().Foreground(Green)\n\tInactiveStyle = lipgloss.NewStyle().Foreground(Orange)\n\tDefaultRowDataStyle = lipgloss.NewStyle().Foreground(Gray)\n\tBaseCellStyle = lipgloss.NewRenderer(os.Stdout).NewStyle().Padding(0, 4, 1, 0)\n\tTableHeaderStyle = BaseCellStyle.Foreground(LightGray).Bold(false).Padding(0).MarginRight(4)\n)\n\nvar (\n\tUndefinedStyle = lipgloss.NewStyle().Foreground(ColorPending)\n\tPendingStyle = lipgloss.NewStyle().Foreground(ColorPending)\n\tRunningStyle = lipgloss.NewStyle().Foreground(ColorPending)\n\tRunSuccessfulStyle = lipgloss.NewStyle().Foreground(ColorSuccess)\n\tCreatingStyle = lipgloss.NewStyle().Foreground(ColorPending)\n\tStartedStyle = lipgloss.NewStyle().Foreground(ColorSuccess)\n\tStartingStyle = lipgloss.NewStyle().Foreground(ColorStarting)\n\tStoppedStyle = lipgloss.NewStyle().Foreground(ColorStopped)\n\tStoppingStyle = lipgloss.NewStyle().Foreground(ColorStopping)\n\tErrorStyle = lipgloss.NewStyle().Foreground(ColorError)\n\tDeletingStyle = lipgloss.NewStyle().Foreground(ColorDeleting)\n\tDeletedStyle = lipgloss.NewStyle().Foreground(ColorDeleted)\n\tUnresponsiveStyle = lipgloss.NewStyle().Foreground(ColorUnresponsive)\n)\n\nvar LogPrefixColors = []lipgloss.AdaptiveColor{\n\tBlue, Orange, Cyan, Yellow,\n}\n\ntype SelectionListOptions struct {\n\tParentIdentifier string\n\tIsPaginationDisabled bool\n\tCursorIndex int\n}\n\nfunc GetStyledSelectList(items []list.Item, listOptions ...SelectionListOptions) list.Model {\n\n\td := list.NewDefaultDelegate()\n\n\td.Styles.SelectedTitle = lipgloss.NewStyle().\n\t\tBorder(lipgloss.NormalBorder(), false, false, false, true).\n\t\tBorderForeground(Green).\n\t\tForeground(Green).\n\t\tBold(true).\n\t\tPadding(0, 0, 0, 1)\n\n\td.Styles.SelectedDesc = d.Styles.SelectedTitle.Foreground(DimmedGreen).Bold(false)\n\n\tl := list.New(items, d, 0, 0)\n\n\tif listOptions != nil {\n\t\t// Sets the mouse cursor to point to the first index of newly loaded items\n\t\tif listOptions[0].CursorIndex > 0 {\n\t\t\tl.Select(listOptions[0].CursorIndex)\n\t\t}\n\n\t\tif !listOptions[0].IsPaginationDisabled {\n\t\t\t// Add the 'Load More' option in search filter results\n\t\t\tl.Filter = func(term string, targets []string) []list.Rank {\n\t\t\t\tranks := list.DefaultFilter(term, targets)\n\n\t\t\t\tloadMoreIdx := -1\n\t\t\t\t// Ideally 'Load More' option if present should be found at the last index\n\t\t\t\tfor i := len(targets) - 1; i >= 0; i-- {\n\t\t\t\t\tif targets[i] == ListNavigationRenderText {\n\t\t\t\t\t\tloadMoreIdx = i\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif loadMoreIdx == -1 {\n\t\t\t\t\treturn ranks\n\t\t\t\t}\n\n\t\t\t\t// Return if already present\n\t\t\t\tfor i := range ranks {\n\t\t\t\t\tif ranks[i].Index == loadMoreIdx {\n\t\t\t\t\t\treturn ranks\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// Append 'Load More' option in search filter results\n\t\t\t\tranks = append(ranks, list.Rank{\n\t\t\t\t\tIndex: loadMoreIdx,\n\t\t\t\t})\n\n\t\t\t\treturn ranks\n\t\t\t}\n\t\t}\n\t}\n\n\tl.Styles.FilterPrompt = lipgloss.NewStyle().Foreground(Green)\n\tl.Styles.FilterCursor = lipgloss.NewStyle().Foreground(Green).Background(Green)\n\tl.Styles.Title = lipgloss.NewStyle().Foreground(Dark).Bold(true).\n\t\tBackground(lipgloss.Color(\"#fff\")).Padding(0)\n\n\tl.FilterInput.PromptStyle = lipgloss.NewStyle().Foreground(Green)\n\tl.FilterInput.TextStyle = lipgloss.NewStyle().Foreground(Green)\n\n\tsingularItemName := \"item \" + SeparatorString\n\tvar pluralItemName string\n\tif listOptions == nil {\n\t\tpluralItemName = fmt.Sprintf(\"items\\n\\n%s\", SeparatorString)\n\t} else if len(listOptions[0].ParentIdentifier) > 0 {\n\t\tpluralItemName = fmt.Sprintf(\"items (%s)\\n\\n%s\", listOptions[0].ParentIdentifier, SeparatorString)\n\t}\n\n\tl.SetStatusBarItemName(singularItemName, pluralItemName)\n\n\treturn l\n}\n\nfunc GetCustomTheme() *huh.Theme {\n\tt := huh.ThemeCharm()\n\n\tt.Blurred.FocusedButton = t.Blurred.FocusedButton.Background(Green)\n\tt.Blurred.FocusedButton = t.Blurred.FocusedButton.Bold(true)\n\tt.Blurred.TextInput.Prompt = t.Blurred.TextInput.Prompt.Foreground(Light)\n\tt.Blurred.TextInput.Cursor = t.Blurred.TextInput.Cursor.Foreground(Light)\n\tt.Blurred.SelectSelector = t.Blurred.SelectSelector.Foreground(Green)\n\tt.Blurred.Title = t.Blurred.Title.Foreground(Gray).Bold(true)\n\tt.Blurred.Description = t.Blurred.Description.Foreground(LightGray)\n\n\tt.Focused.Title = t.Focused.Title.Foreground(Green).Bold(true)\n\tt.Focused.Description = t.Focused.Description.Foreground(LightGray).Bold(true)\n\tt.Focused.FocusedButton = t.Focused.FocusedButton.Bold(true)\n\tt.Focused.FocusedButton = t.Focused.FocusedButton.Background(Green)\n\tt.Focused.TextInput.Prompt = t.Focused.TextInput.Prompt.Foreground(Green)\n\tt.Focused.TextInput.Cursor = t.Focused.TextInput.Cursor.Foreground(Light)\n\tt.Focused.SelectSelector = t.Focused.SelectSelector.Foreground(Green)\n\tt.Focused.SelectedOption = t.Focused.SelectedOption.Foreground(Green)\n\n\tt.Focused.ErrorIndicator = t.Focused.ErrorIndicator.Foreground(Red)\n\tt.Focused.ErrorMessage = t.Focused.ErrorMessage.Foreground(Red)\n\n\tt.Focused.Base = t.Focused.Base.BorderForeground(Green)\n\tt.Focused.Base = t.Focused.Base.BorderBottomForeground(Green)\n\n\tt.Focused.Base = t.Focused.Base.MarginTop(DefaultLayoutMarginTop)\n\tt.Blurred.Base = t.Blurred.Base.MarginTop(DefaultLayoutMarginTop)\n\n\treturn t\n}\n\nfunc GetInitialCommandTheme() *huh.Theme {\n\n\tnewTheme := huh.ThemeCharm()\n\n\tnewTheme.Blurred.Title = newTheme.Focused.Title\n\n\tb := &newTheme.Blurred\n\tb.FocusedButton = b.FocusedButton.Background(Green)\n\tb.FocusedButton = b.FocusedButton.Bold(true)\n\tb.TextInput.Prompt = b.TextInput.Prompt.Foreground(Green)\n\tb.TextInput.Cursor = b.TextInput.Cursor.Foreground(Green)\n\tb.SelectSelector = b.SelectSelector.Foreground(Green)\n\n\tf := &newTheme.Focused\n\tf.Base = f.Base.BorderForeground(lipgloss.Color(\"fff\"))\n\tf.Title = f.Title.Foreground(Green).Bold(true)\n\tf.FocusedButton = f.FocusedButton.Bold(true)\n\tf.FocusedButton = f.FocusedButton.Background(Green)\n\tf.TextInput.Prompt = f.TextInput.Prompt.Foreground(Green)\n\tf.TextInput.Cursor = f.TextInput.Cursor.Foreground(Light)\n\tf.SelectSelector = f.SelectSelector.Foreground(Green)\n\n\tf.Base = f.Base.UnsetMarginLeft()\n\tf.Base = f.Base.UnsetPaddingLeft()\n\tf.Base = f.Base.BorderLeft(false)\n\n\tf.SelectedOption = lipgloss.NewStyle().Foreground(Green)\n\n\treturn newTheme\n}\n" }, { "path": "apps/cli/views/organization/info.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage organization\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/charmbracelet/lipgloss\"\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/daytonaio/daytona/cli/views/util\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"golang.org/x/term\"\n)\n\nfunc RenderInfo(organization *apiclient.Organization, forceUnstyled bool) {\n\tvar output string\n\tnameLabel := \"Organization\"\n\n\toutput += \"\\n\"\n\toutput += getInfoLine(nameLabel, organization.Name) + \"\\n\"\n\toutput += getInfoLine(\"Created\", util.GetTimeSinceLabel(organization.CreatedAt)) + \"\\n\"\n\toutput += getInfoLine(\"ID\", organization.Id) + \"\\n\"\n\n\tterminalWidth, _, err := term.GetSize(int(os.Stdout.Fd()))\n\tif err != nil {\n\t\tfmt.Println(output)\n\t\treturn\n\t}\n\n\tif terminalWidth < common.TUITableMinimumWidth || forceUnstyled {\n\t\trenderUnstyledInfo(output)\n\t\treturn\n\t}\n\n\toutput = common.GetStyledMainTitle(\"Organization Info\") + \"\\n\" + output\n\n\trenderTUIView(output, common.GetContainerBreakpointWidth(terminalWidth))\n}\n\nfunc renderUnstyledInfo(output string) {\n\tfmt.Println(output)\n}\n\nfunc renderTUIView(output string, width int) {\n\toutput = lipgloss.NewStyle().PaddingLeft(3).Render(output)\n\n\tcontent := lipgloss.\n\t\tNewStyle().Width(width).\n\t\tRender(output)\n\n\tfmt.Println(content)\n}\n\nfunc getInfoLine(key, value string) string {\n\treturn util.PropertyNameStyle.Render(fmt.Sprintf(\"%-*s\", util.PropertyNameWidth, key)) + util.PropertyValueStyle.Render(value) + \"\\n\"\n}\n" }, { "path": "apps/cli/views/organization/list.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage organization\n\nimport (\n\t\"fmt\"\n\t\"sort\"\n\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/daytonaio/daytona/cli/views/util\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n)\n\ntype RowData struct {\n\tName string\n\tId string\n\tCreated string\n}\n\nfunc ListOrganizations(organizationList []apiclient.Organization, activeOrganizationId *string) {\n\tif len(organizationList) == 0 {\n\t\tutil.NotifyEmptyOrganizationList(true)\n\t\treturn\n\t}\n\n\tSortOrganizations(&organizationList)\n\n\theaders := []string{\"Name\", \"Id\", \"Created\"}\n\n\tdata := [][]string{}\n\n\tfor _, o := range organizationList {\n\t\tvar rowData *RowData\n\t\tvar row []string\n\n\t\trowData = getTableRowData(o, activeOrganizationId)\n\t\trow = getRowFromRowData(*rowData)\n\t\tdata = append(data, row)\n\t}\n\n\ttable := util.GetTableView(data, headers, nil, func() {\n\t\trenderUnstyledList(organizationList)\n\t})\n\n\tfmt.Println(table)\n}\n\nfunc SortOrganizations(organizationList *[]apiclient.Organization) {\n\tsort.Slice(*organizationList, func(i, j int) bool {\n\t\treturn (*organizationList)[i].CreatedAt.After((*organizationList)[j].CreatedAt)\n\t})\n}\n\nfunc getTableRowData(organization apiclient.Organization, activeOrganizationId *string) *RowData {\n\trowData := RowData{\"\", \"\", \"\"}\n\trowData.Name = organization.Name + util.AdditionalPropertyPadding\n\n\tif activeOrganizationId != nil && *activeOrganizationId == organization.Id {\n\t\trowData.Name = \"*\" + rowData.Name\n\t}\n\n\trowData.Id = organization.Id\n\trowData.Created = util.GetTimeSinceLabel(organization.CreatedAt)\n\n\treturn &rowData\n}\n\nfunc renderUnstyledList(organizationList []apiclient.Organization) {\n\tfor _, organization := range organizationList {\n\t\tRenderInfo(&organization, true)\n\n\t\tif organization.Id != organizationList[len(organizationList)-1].Id {\n\t\t\tfmt.Printf(\"\\n%s\\n\\n\", common.SeparatorString)\n\t\t}\n\n\t}\n}\n\nfunc getRowFromRowData(rowData RowData) []string {\n\trow := []string{\n\t\tcommon.NameStyle.Render(rowData.Name),\n\t\tcommon.DefaultRowDataStyle.Render(rowData.Id),\n\t\tcommon.DefaultRowDataStyle.Render(rowData.Created),\n\t}\n\n\treturn row\n}\n" }, { "path": "apps/cli/views/organization/select.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage organization\n\nimport (\n\t\"github.com/charmbracelet/huh\"\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n)\n\nfunc GetOrganizationIdFromPrompt(organizationList []apiclient.Organization) (*apiclient.Organization, error) {\n\tvar chosenOrganizationId string\n\tvar organizationOptions []huh.Option[string]\n\n\tfor _, organization := range organizationList {\n\t\torganizationOptions = append(organizationOptions, huh.NewOption(organization.Name, organization.Id))\n\t}\n\n\tform := huh.NewForm(\n\t\thuh.NewGroup(\n\t\t\thuh.NewSelect[string]().\n\t\t\t\tTitle(\"Choose an Organization\").\n\t\t\t\tOptions(\n\t\t\t\t\torganizationOptions...,\n\t\t\t\t).\n\t\t\t\tValue(&chosenOrganizationId),\n\t\t).WithTheme(common.GetCustomTheme()),\n\t)\n\n\tif err := form.Run(); err != nil {\n\t\treturn nil, err\n\t}\n\n\tfor _, organization := range organizationList {\n\t\tif organization.Id == chosenOrganizationId {\n\t\t\treturn &organization, nil\n\t\t}\n\t}\n\n\treturn nil, nil\n}\n" }, { "path": "apps/cli/views/sandbox/info.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage sandbox\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/charmbracelet/lipgloss\"\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/daytonaio/daytona/cli/views/util\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"golang.org/x/term\"\n)\n\nfunc RenderInfo(sandbox *apiclient.Sandbox, forceUnstyled bool) {\n\tvar output string\n\n\toutput += \"\\n\"\n\n\toutput += getInfoLine(\"ID\", sandbox.Id) + \"\\n\"\n\n\tif sandbox.State != nil {\n\t\toutput += getInfoLine(\"State\", getStateLabel(*sandbox.State)) + \"\\n\"\n\t}\n\n\tif sandbox.Snapshot != nil {\n\t\toutput += getInfoLine(\"Snapshot\", *sandbox.Snapshot) + \"\\n\"\n\t}\n\n\toutput += getInfoLine(\"Region\", sandbox.Target) + \"\\n\"\n\n\tif sandbox.Class != nil {\n\t\toutput += getInfoLine(\"Class\", *sandbox.Class) + \"\\n\"\n\t}\n\n\tif sandbox.CreatedAt != nil {\n\t\toutput += getInfoLine(\"Created\", util.GetTimeSinceLabelFromString(*sandbox.CreatedAt)) + \"\\n\"\n\t}\n\n\tif sandbox.UpdatedAt != nil {\n\t\toutput += getInfoLine(\"Last Event\", util.GetTimeSinceLabelFromString(*sandbox.UpdatedAt)) + \"\\n\"\n\t}\n\n\tterminalWidth, _, err := term.GetSize(int(os.Stdout.Fd()))\n\tif err != nil {\n\t\tfmt.Println(output)\n\t\treturn\n\t}\n\tif terminalWidth < common.TUITableMinimumWidth || forceUnstyled {\n\t\trenderUnstyledInfo(output)\n\t\treturn\n\t}\n\n\toutput = common.GetStyledMainTitle(\"Sandbox Info\") + \"\\n\" + output\n\n\tif len(sandbox.Labels) > 0 {\n\t\tlabels := \"\"\n\t\ti := 0\n\t\tfor k, v := range sandbox.Labels {\n\t\t\tlabel := fmt.Sprintf(\"%s=%s\\n\", k, v)\n\t\t\tif i == 0 {\n\t\t\t\tlabels += label + \"\\n\"\n\t\t\t} else {\n\t\t\t\tlabels += getInfoLine(\"\", fmt.Sprintf(\"%s=%s\\n\", k, v))\n\t\t\t}\n\t\t\ti++\n\t\t}\n\t\tlabels = strings.TrimSuffix(labels, \"\\n\")\n\t\toutput += \"\\n\" + strings.TrimSuffix(getInfoLine(\"Labels\", labels), \"\\n\")\n\t}\n\n\trenderTUIView(output, common.GetContainerBreakpointWidth(terminalWidth))\n}\n\nfunc renderUnstyledInfo(output string) {\n\tfmt.Println(output)\n}\n\nfunc renderTUIView(output string, width int) {\n\toutput = lipgloss.NewStyle().PaddingLeft(3).Render(output)\n\n\tcontent := lipgloss.\n\t\tNewStyle().Width(width).\n\t\tRender(output)\n\n\tfmt.Println(content)\n}\n\nfunc getInfoLine(key, value string) string {\n\treturn util.PropertyNameStyle.Render(fmt.Sprintf(\"%-*s\", util.PropertyNameWidth, key)) + util.PropertyValueStyle.Render(value) + \"\\n\"\n}\n\nfunc getStateLabel(state apiclient.SandboxState) string {\n\tswitch state {\n\tcase apiclient.SANDBOXSTATE_CREATING:\n\t\treturn common.CreatingStyle.Render(\"CREATING\")\n\tcase apiclient.SANDBOXSTATE_RESTORING:\n\t\treturn common.CreatingStyle.Render(\"RESTORING\")\n\tcase apiclient.SANDBOXSTATE_DESTROYED:\n\t\treturn common.DeletedStyle.Render(\"DESTROYED\")\n\tcase apiclient.SANDBOXSTATE_DESTROYING:\n\t\treturn common.DeletedStyle.Render(\"DESTROYING\")\n\tcase apiclient.SANDBOXSTATE_STARTED:\n\t\treturn common.StartedStyle.Render(\"STARTED\")\n\tcase apiclient.SANDBOXSTATE_STOPPED:\n\t\treturn common.StoppedStyle.Render(\"STOPPED\")\n\tcase apiclient.SANDBOXSTATE_STARTING:\n\t\treturn common.StartingStyle.Render(\"STARTING\")\n\tcase apiclient.SANDBOXSTATE_STOPPING:\n\t\treturn common.StoppingStyle.Render(\"STOPPING\")\n\tcase apiclient.SANDBOXSTATE_PULLING_SNAPSHOT:\n\t\treturn common.CreatingStyle.Render(\"PULLING SNAPSHOT\")\n\tcase apiclient.SANDBOXSTATE_ARCHIVING:\n\t\treturn common.CreatingStyle.Render(\"ARCHIVING\")\n\tcase apiclient.SANDBOXSTATE_ARCHIVED:\n\t\treturn common.StoppedStyle.Render(\"ARCHIVED\")\n\tcase apiclient.SANDBOXSTATE_ERROR:\n\t\treturn common.ErrorStyle.Render(\"ERROR\")\n\tcase apiclient.SANDBOXSTATE_BUILD_FAILED:\n\t\treturn common.ErrorStyle.Render(\"BUILD FAILED\")\n\tcase apiclient.SANDBOXSTATE_UNKNOWN:\n\t\treturn common.UndefinedStyle.Render(\"UNKNOWN\")\n\tdefault:\n\t\treturn common.UndefinedStyle.Render(\"/\")\n\t}\n}\n" }, { "path": "apps/cli/views/sandbox/list.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage sandbox\n\nimport (\n\t\"fmt\"\n\t\"sort\"\n\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/daytonaio/daytona/cli/views/util\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n)\n\ntype RowData struct {\n\tName string\n\tState string\n\tRegion string\n\tClass string\n\tLastEvent string\n}\n\nfunc ListSandboxes(sandboxList []apiclient.Sandbox, activeOrganizationName *string) {\n\tif len(sandboxList) == 0 {\n\t\tutil.NotifyEmptySandboxList(true)\n\t\treturn\n\t}\n\n\theaders := []string{\"Sandbox\", \"State\", \"Region\", \"Class\", \"Last Event\"}\n\n\tdata := [][]string{}\n\n\tfor _, s := range sandboxList {\n\t\tvar rowData *RowData\n\t\tvar row []string\n\n\t\trowData = getTableRowData(s)\n\t\trow = getRowFromRowData(*rowData)\n\t\tdata = append(data, row)\n\t}\n\n\ttable := util.GetTableView(data, headers, activeOrganizationName, func() {\n\t\trenderUnstyledList(sandboxList)\n\t})\n\n\tfmt.Println(table)\n}\n\nfunc SortSandboxes(sandboxList *[]apiclient.Sandbox) {\n\tsort.Slice(*sandboxList, func(i, j int) bool {\n\t\tpi, pj := getStateSortPriorities(*(*sandboxList)[i].State, *(*sandboxList)[j].State)\n\t\tif pi != pj {\n\t\t\treturn pi < pj\n\t\t}\n\n\t\tif (*sandboxList)[i].CreatedAt == nil || (*sandboxList)[j].CreatedAt == nil {\n\t\t\treturn true\n\t\t}\n\n\t\t// If two sandboxes have the same state priority, compare the UpdatedAt property\n\t\treturn *(*sandboxList)[i].CreatedAt > *(*sandboxList)[j].CreatedAt\n\t})\n}\n\nfunc getTableRowData(sandbox apiclient.Sandbox) *RowData {\n\trowData := RowData{\"\", \"\", \"\", \"\", \"\"}\n\trowData.Name = sandbox.Id + util.AdditionalPropertyPadding\n\tif sandbox.State != nil {\n\t\trowData.State = getStateLabel(*sandbox.State)\n\t}\n\n\trowData.Region = sandbox.Target\n\tif sandbox.Class != nil {\n\t\trowData.Class = *sandbox.Class\n\t}\n\n\tif sandbox.UpdatedAt != nil {\n\t\trowData.LastEvent = util.GetTimeSinceLabelFromString(*sandbox.UpdatedAt)\n\t}\n\n\treturn &rowData\n}\n\nfunc renderUnstyledList(sandboxList []apiclient.Sandbox) {\n\tfor _, sandbox := range sandboxList {\n\t\tRenderInfo(&sandbox, true)\n\n\t\tif sandbox.Id != sandboxList[len(sandboxList)-1].Id {\n\t\t\tfmt.Printf(\"\\n%s\\n\\n\", common.SeparatorString)\n\t\t}\n\n\t}\n}\n\nfunc getRowFromRowData(rowData RowData) []string {\n\trow := []string{\n\t\tcommon.NameStyle.Render(rowData.Name),\n\t\trowData.State,\n\t\tcommon.DefaultRowDataStyle.Render(rowData.Region),\n\t\tcommon.DefaultRowDataStyle.Render(rowData.Class),\n\t\tcommon.DefaultRowDataStyle.Render(rowData.LastEvent),\n\t}\n\n\treturn row\n}\n\nfunc getStateSortPriorities(state1, state2 apiclient.SandboxState) (int, int) {\n\tpi, ok := sandboxListStatePriorities[state1]\n\tif !ok {\n\t\tpi = 99\n\t}\n\tpj, ok2 := sandboxListStatePriorities[state2]\n\tif !ok2 {\n\t\tpj = 99\n\t}\n\n\treturn pi, pj\n}\n\n// Sandboxes that have actions being performed on them have a higher priority when listing\nvar sandboxListStatePriorities = map[apiclient.SandboxState]int{\n\t\"pending\": 1,\n\t\"pending-start\": 1,\n\t\"deleting\": 1,\n\t\"creating\": 1,\n\t\"started\": 2,\n\t\"undefined\": 2,\n\t\"error\": 3,\n\t\"build-failed\": 3,\n\t\"stopped\": 4,\n}\n" }, { "path": "apps/cli/views/snapshot/info.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage snapshot\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/charmbracelet/lipgloss\"\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/daytonaio/daytona/cli/views/util\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"golang.org/x/term\"\n)\n\nfunc RenderInfo(snapshot *apiclient.SnapshotDto, forceUnstyled bool) {\n\tvar output string\n\tnameLabel := \"Snapshot\"\n\n\toutput += \"\\n\"\n\toutput += getInfoLine(nameLabel, snapshot.Name) + \"\\n\"\n\toutput += getInfoLine(\"State\", getStateLabel(snapshot.State)) + \"\\n\"\n\n\tif size := snapshot.Size.Get(); size != nil {\n\t\toutput += getInfoLine(\"Size\", fmt.Sprintf(\"%.2f GB\", *size)) + \"\\n\"\n\t} else {\n\t\toutput += getInfoLine(\"Size\", \"-\") + \"\\n\"\n\t}\n\toutput += getInfoLine(\"Created\", util.GetTimeSinceLabel(snapshot.CreatedAt)) + \"\\n\"\n\n\toutput += getInfoLine(\"ID\", snapshot.Id) + \"\\n\"\n\n\tterminalWidth, _, err := term.GetSize(int(os.Stdout.Fd()))\n\tif err != nil {\n\t\tfmt.Println(output)\n\t\treturn\n\t}\n\tif terminalWidth < common.TUITableMinimumWidth || forceUnstyled {\n\t\trenderUnstyledInfo(output)\n\t\treturn\n\t}\n\n\toutput = common.GetStyledMainTitle(\"Snapshot Info\") + \"\\n\" + output\n\n\trenderTUIView(output, common.GetContainerBreakpointWidth(terminalWidth))\n}\n\nfunc renderUnstyledInfo(output string) {\n\tfmt.Println(output)\n}\n\nfunc renderTUIView(output string, width int) {\n\toutput = lipgloss.NewStyle().PaddingLeft(3).Render(output)\n\n\tcontent := lipgloss.\n\t\tNewStyle().Width(width).\n\t\tRender(output)\n\n\tfmt.Println(content)\n}\n\nfunc getInfoLine(key, value string) string {\n\treturn util.PropertyNameStyle.Render(fmt.Sprintf(\"%-*s\", util.PropertyNameWidth, key)) + util.PropertyValueStyle.Render(value) + \"\\n\"\n}\n\nfunc getStateLabel(state apiclient.SnapshotState) string {\n\tswitch state {\n\tcase apiclient.SNAPSHOTSTATE_PENDING:\n\t\treturn common.CreatingStyle.Render(\"PENDING\")\n\tcase apiclient.SNAPSHOTSTATE_PULLING:\n\t\treturn common.CreatingStyle.Render(\"PULLING SNAPSHOT\")\n\tcase apiclient.SNAPSHOTSTATE_ACTIVE:\n\t\treturn common.StartedStyle.Render(\"ACTIVE\")\n\tcase apiclient.SNAPSHOTSTATE_ERROR:\n\t\treturn common.ErrorStyle.Render(\"ERROR\")\n\tcase apiclient.SNAPSHOTSTATE_BUILD_FAILED:\n\t\treturn common.ErrorStyle.Render(\"BUILD FAILED\")\n\tcase apiclient.SNAPSHOTSTATE_REMOVING:\n\t\treturn common.DeletedStyle.Render(\"REMOVING\")\n\tdefault:\n\t\treturn common.UndefinedStyle.Render(\"/\")\n\t}\n}\n" }, { "path": "apps/cli/views/snapshot/list.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage snapshot\n\nimport (\n\t\"fmt\"\n\t\"sort\"\n\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/daytonaio/daytona/cli/views/util\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n)\n\ntype RowData struct {\n\tName string\n\tState string\n\tSize string\n\tCreated string\n}\n\nfunc ListSnapshots(snapshotList []apiclient.SnapshotDto, activeOrganizationName *string) {\n\tif len(snapshotList) == 0 {\n\t\tutil.NotifyEmptySnapshotList(true)\n\t\treturn\n\t}\n\n\tSortSnapshots(&snapshotList)\n\n\theaders := []string{\"Snapshot\", \"State\", \"Size\", \"Created\"}\n\n\tdata := [][]string{}\n\n\tfor _, img := range snapshotList {\n\t\tvar rowData *RowData\n\t\tvar row []string\n\n\t\trowData = getTableRowData(img)\n\t\trow = getRowFromRowData(*rowData)\n\t\tdata = append(data, row)\n\t}\n\n\ttable := util.GetTableView(data, headers, activeOrganizationName, func() {\n\t\trenderUnstyledList(snapshotList)\n\t})\n\n\tfmt.Println(table)\n}\n\nfunc SortSnapshots(snapshotList *[]apiclient.SnapshotDto) {\n\tsort.Slice(*snapshotList, func(i, j int) bool {\n\t\tpi, pj := getStateSortPriorities((*snapshotList)[i].State, (*snapshotList)[j].State)\n\t\tif pi != pj {\n\t\t\treturn pi < pj\n\t\t}\n\n\t\t// If two snapshots have the same state priority, compare the UpdatedAt property\n\t\treturn (*snapshotList)[i].CreatedAt.After((*snapshotList)[j].CreatedAt)\n\t})\n}\n\nfunc getTableRowData(snapshot apiclient.SnapshotDto) *RowData {\n\trowData := RowData{\"\", \"\", \"\", \"\"}\n\trowData.Name = snapshot.Name + util.AdditionalPropertyPadding\n\trowData.State = getStateLabel(snapshot.State)\n\n\tif snapshot.Size.IsSet() && snapshot.Size.Get() != nil {\n\t\trowData.Size = fmt.Sprintf(\"%.2f GB\", *snapshot.Size.Get())\n\t} else {\n\t\trowData.Size = \"-\"\n\t}\n\n\trowData.Created = util.GetTimeSinceLabel(snapshot.CreatedAt)\n\treturn &rowData\n}\n\nfunc renderUnstyledList(snapshotList []apiclient.SnapshotDto) {\n\tfor _, snapshot := range snapshotList {\n\t\tRenderInfo(&snapshot, true)\n\n\t\tif snapshot.Id != snapshotList[len(snapshotList)-1].Id {\n\t\t\tfmt.Printf(\"\\n%s\\n\\n\", common.SeparatorString)\n\t\t}\n\t}\n}\n\nfunc getRowFromRowData(rowData RowData) []string {\n\trow := []string{\n\t\tcommon.NameStyle.Render(rowData.Name),\n\t\trowData.State,\n\t\tcommon.DefaultRowDataStyle.Render(rowData.Size),\n\t\tcommon.DefaultRowDataStyle.Render(rowData.Created),\n\t}\n\n\treturn row\n}\n\nfunc getStateSortPriorities(state1, state2 apiclient.SnapshotState) (int, int) {\n\tpi, ok := snapshotListStatePriorities[state1]\n\tif !ok {\n\t\tpi = 99\n\t}\n\tpj, ok2 := snapshotListStatePriorities[state2]\n\tif !ok2 {\n\t\tpj = 99\n\t}\n\n\treturn pi, pj\n}\n\n// snapshots that have actions being performed on them have a higher priority when listing\nvar snapshotListStatePriorities = map[apiclient.SnapshotState]int{\n\tapiclient.SNAPSHOTSTATE_PENDING: 1,\n\tapiclient.SNAPSHOTSTATE_PULLING: 1,\n\tapiclient.SNAPSHOTSTATE_ERROR: 2,\n\tapiclient.SNAPSHOTSTATE_ACTIVE: 3,\n\tapiclient.SNAPSHOTSTATE_REMOVING: 4,\n}\n" }, { "path": "apps/cli/views/util/empty_list.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\nimport (\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n)\n\nfunc NotifyEmptySandboxList(tip bool) {\n\tcommon.RenderInfoMessageBold(\"No sandboxes found\")\n\tif tip {\n\t\tcommon.RenderTip(\"Use the Daytona SDK to get started.\")\n\t}\n}\n\nfunc NotifyEmptySnapshotList(tip bool) {\n\tcommon.RenderInfoMessageBold(\"No snapshots found\")\n\tif tip {\n\t\tcommon.RenderTip(\"Use 'daytona snapshot push' to push a snapshot.\")\n\t}\n}\n\nfunc NotifyEmptyOrganizationList(tip bool) {\n\tcommon.RenderInfoMessageBold(\"No organizations found\")\n\tif tip {\n\t\tcommon.RenderTip(\"Use 'daytona organization create' to create an organization.\")\n\t}\n}\n\nfunc NotifyEmptyVolumeList(tip bool) {\n\tcommon.RenderInfoMessageBold(\"No volumes found\")\n\tif tip {\n\t\tcommon.RenderTip(\"Use 'daytona volume create' to create a volume.\")\n\t}\n}\n" }, { "path": "apps/cli/views/util/info.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\nimport (\n\t\"github.com/charmbracelet/lipgloss\"\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n)\n\nconst PropertyNameWidth = 16\n\nvar PropertyNameStyle = lipgloss.NewStyle().\n\tForeground(common.LightGray)\n\nvar PropertyValueStyle = lipgloss.NewStyle().\n\tForeground(common.Light).\n\tBold(true)\n" }, { "path": "apps/cli/views/util/spinner.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/charmbracelet/bubbles/spinner\"\n\ttea \"github.com/charmbracelet/bubbletea\"\n\t\"github.com/charmbracelet/lipgloss\"\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\tlog \"github.com/sirupsen/logrus\"\n\t\"golang.org/x/term\"\n)\n\nvar isAborted bool\n\ntype model struct {\n\tspinner spinner.Model\n\tquitting bool\n\tmessage string\n\tinline bool\n}\n\ntype Msg string\n\nfunc initialModel(message string, inline bool) model {\n\ts := spinner.New()\n\ts.Spinner = spinner.Dot\n\ts.Style = lipgloss.NewStyle().Foreground(common.Green)\n\treturn model{spinner: s, message: message, inline: inline}\n}\n\nfunc (m model) Init() tea.Cmd {\n\treturn m.spinner.Tick\n}\n\nfunc (m model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {\n\tswitch msg := msg.(type) {\n\tcase Msg:\n\t\tm.quitting = true\n\t\treturn m, tea.Quit\n\n\tcase tea.KeyMsg:\n\t\tswitch keypress := msg.String(); keypress {\n\t\tcase \"ctrl+c\":\n\t\t\tisAborted = true\n\t\t\tm.quitting = true\n\t\t\treturn m, tea.Quit\n\t\t}\n\t}\n\tvar cmd tea.Cmd\n\tm.spinner, cmd = m.spinner.Update(msg)\n\treturn m, cmd\n\n}\n\nfunc WithSpinner(message string, fn func() error) error {\n\tif isTTY() {\n\t\tp := start(message, false)\n\t\tdefer stop(p)\n\t}\n\treturn fn()\n}\n\nfunc WithInlineSpinner(message string, fn func() error) error {\n\tif isTTY() {\n\t\tp := start(message, true)\n\t\tdefer stop(p)\n\t}\n\treturn fn()\n}\n\nfunc start(message string, inline bool) *tea.Program {\n\tvar p *tea.Program\n\tif inline {\n\t\tp = tea.NewProgram(initialModel(message, true))\n\t} else {\n\t\tp = tea.NewProgram(initialModel(message, false), tea.WithAltScreen())\n\t}\n\tgo func() {\n\t\tif _, err := p.Run(); err != nil {\n\t\t\tfmt.Println(err)\n\t\t\tos.Exit(1)\n\t\t}\n\t\tif isAborted {\n\t\t\tfmt.Println(\"Operation cancelled\")\n\t\t\tos.Exit(1)\n\t\t}\n\t}()\n\treturn p\n\n}\n\nfunc stop(p *tea.Program) {\n\tp.Send(Msg(\"quit\"))\n\terr := p.ReleaseTerminal()\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n}\n\nfunc (m model) View() string {\n\tif m.quitting {\n\t\treturn \"\"\n\t}\n\n\tstr := \"\"\n\tif m.inline {\n\t\tstr = common.GetInfoMessage(fmt.Sprintf(\"%s %s ...\", m.spinner.View(), m.message))\n\t} else {\n\t\tstr = common.NameStyle.Render(fmt.Sprintf(\"\\n\\n %s %s ...\\n\\n\", m.spinner.View(), m.message))\n\t}\n\n\treturn str\n}\n\nfunc isTTY() bool {\n\treturn term.IsTerminal(int(os.Stdout.Fd()))\n}\n" }, { "path": "apps/cli/views/util/table.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"regexp\"\n\t\"strings\"\n\n\t\"github.com/charmbracelet/lipgloss\"\n\t\"github.com/charmbracelet/lipgloss/table\"\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\t\"golang.org/x/term\"\n)\n\nvar AdditionalPropertyPadding = \" \"\n\n// Left border, BaseTableStyle padding left, additional padding for target name and target config, BaseTableStyle padding right, BaseCellStyle padding right, right border\nvar RowWhiteSpace = 1 + 4 + len(AdditionalPropertyPadding)*2 + 4 + 4 + 1\nvar ArbitrarySpace = 10\n\n// Gets the table view string or falls back to an unstyled view for lower terminal widths\nfunc GetTableView(data [][]string, headers []string, activeOrganizationName *string, fallbackRender func()) string {\n\tre := lipgloss.NewRenderer(os.Stdout)\n\n\tterminalWidth, _, err := term.GetSize(int(os.Stdout.Fd()))\n\tif err != nil {\n\t\tfmt.Println(data)\n\t\treturn \"\"\n\t}\n\n\tbreakpointWidth := common.GetContainerBreakpointWidth(terminalWidth)\n\n\tminWidth := getMinimumWidth(data)\n\n\tif breakpointWidth == 0 || minWidth > breakpointWidth {\n\t\tfallbackRender()\n\t\treturn \"\"\n\t}\n\n\tt := table.New().\n\t\tHeaders(headers...).\n\t\tRows(data...).\n\t\tBorderStyle(re.NewStyle().Foreground(common.LightGray)).\n\t\tBorderRow(false).BorderColumn(false).BorderLeft(false).BorderRight(false).BorderTop(false).BorderBottom(false).\n\t\tStyleFunc(func(_, _ int) lipgloss.Style {\n\t\t\treturn common.BaseCellStyle\n\t\t}).Width(breakpointWidth - 2*common.BaseTableStyleHorizontalPadding - 1)\n\n\ttable := t.String()\n\n\tif activeOrganizationName != nil {\n\t\tactiveOrgMessage := common.GetInfoMessage(fmt.Sprintf(\"Active organization: %s\", *activeOrganizationName))\n\t\trightAlignedStyle := lipgloss.NewStyle().Width(breakpointWidth - 2*common.BaseTableStyleHorizontalPadding - 1).Align(lipgloss.Right)\n\t\ttable += \"\\n\" + rightAlignedStyle.Render(activeOrgMessage)\n\t}\n\n\treturn common.BaseTableStyle.Render(table)\n}\n\nfunc getMinimumWidth(data [][]string) int {\n\twidth := 0\n\twidestRow := 0\n\tfor _, row := range data {\n\t\tfor _, cell := range row {\n\t\t\t// Remove ANSI escape codes\n\t\t\tregex := regexp.MustCompile(\"\\x1b\\\\[[0-9;]*[a-zA-Z]\")\n\t\t\tstrippedCell := regex.ReplaceAllString(cell, \"\")\n\t\t\twidth += longestLineLength(strippedCell)\n\t\t\tif width > widestRow {\n\t\t\t\twidestRow = width\n\t\t\t}\n\t\t}\n\t\twidth = 0\n\t}\n\treturn widestRow\n}\n\n// Returns the length of the longest line in a string\nfunc longestLineLength(input string) int {\n\tlines := strings.Split(input, \"\\n\")\n\tmaxLength := 0\n\n\tfor _, line := range lines {\n\t\tif len(line) > maxLength {\n\t\t\tmaxLength = len(line)\n\t\t}\n\t}\n\n\treturn maxLength\n}\n" }, { "path": "apps/cli/views/util/time.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\nimport (\n\t\"fmt\"\n\t\"time\"\n)\n\nvar timeLayout = \"2006-01-02T15:04:05.999999999Z07:00\"\n\nfunc GetTimeSinceLabelFromString(input string) string {\n\tt, err := time.Parse(timeLayout, input)\n\tif err != nil {\n\t\treturn \"/\"\n\t}\n\n\treturn GetTimeSinceLabel(t)\n}\n\nfunc GetTimeSinceLabel(t time.Time) string {\n\tduration := time.Since(t)\n\n\tif duration < time.Minute {\n\t\treturn \"< 1 minute ago\"\n\t} else if duration < time.Hour {\n\t\tminutes := int(duration.Minutes())\n\t\tif minutes == 1 {\n\t\t\treturn \"1 minute ago\"\n\t\t}\n\t\treturn fmt.Sprintf(\"%d minutes ago\", minutes)\n\t} else if duration < 24*time.Hour {\n\t\thours := int(duration.Hours())\n\t\tif hours == 1 {\n\t\t\treturn \"1 hour ago\"\n\t\t}\n\t\treturn fmt.Sprintf(\"%d hours ago\", hours)\n\t} else {\n\t\tdays := int(duration.Hours() / 24)\n\t\tif days == 1 {\n\t\t\treturn \"1 day ago\"\n\t\t}\n\t\treturn fmt.Sprintf(\"%d days ago\", days)\n\t}\n}\n" }, { "path": "apps/cli/views/volume/info.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage volume\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/charmbracelet/lipgloss\"\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/daytonaio/daytona/cli/views/util\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n\t\"golang.org/x/term\"\n)\n\nfunc RenderInfo(volume *apiclient.VolumeDto, forceUnstyled bool) {\n\tvar output string\n\tnameLabel := \"Volume\"\n\n\toutput += \"\\n\"\n\toutput += getInfoLine(nameLabel, volume.Name) + \"\\n\"\n\toutput += getInfoLine(\"ID\", volume.Id) + \"\\n\"\n\toutput += getInfoLine(\"State\", getStateLabel(volume.State)) + \"\\n\"\n\n\toutput += getInfoLine(\"Created\", util.GetTimeSinceLabelFromString(volume.CreatedAt)) + \"\\n\"\n\n\tterminalWidth, _, err := term.GetSize(int(os.Stdout.Fd()))\n\tif err != nil {\n\t\tfmt.Println(output)\n\t\treturn\n\t}\n\tif terminalWidth < common.TUITableMinimumWidth || forceUnstyled {\n\t\trenderUnstyledInfo(output)\n\t\treturn\n\t}\n\n\toutput = common.GetStyledMainTitle(\"Volume Info\") + \"\\n\" + output\n\n\trenderTUIView(output, common.GetContainerBreakpointWidth(terminalWidth))\n}\n\nfunc renderUnstyledInfo(output string) {\n\tfmt.Println(output)\n}\n\nfunc renderTUIView(output string, width int) {\n\toutput = lipgloss.NewStyle().PaddingLeft(3).Render(output)\n\n\tcontent := lipgloss.\n\t\tNewStyle().Width(width).\n\t\tRender(output)\n\n\tfmt.Println(content)\n}\n\nfunc getInfoLine(key, value string) string {\n\treturn util.PropertyNameStyle.Render(fmt.Sprintf(\"%-*s\", util.PropertyNameWidth, key)) + util.PropertyValueStyle.Render(value) + \"\\n\"\n}\n\nfunc getStateLabel(state apiclient.VolumeState) string {\n\tswitch state {\n\tcase apiclient.VOLUMESTATE_PENDING_CREATE:\n\t\treturn common.CreatingStyle.Render(\"PENDING CREATE\")\n\tcase apiclient.VOLUMESTATE_CREATING:\n\t\treturn common.CreatingStyle.Render(\"CREATING\")\n\tcase apiclient.VOLUMESTATE_READY:\n\t\treturn common.StartedStyle.Render(\"READY\")\n\tcase apiclient.VOLUMESTATE_PENDING_DELETE:\n\t\treturn common.DeletedStyle.Render(\"PENDING DELETE\")\n\tcase apiclient.VOLUMESTATE_DELETING:\n\t\treturn common.DeletedStyle.Render(\"DELETING\")\n\tcase apiclient.VOLUMESTATE_DELETED:\n\t\treturn common.DeletedStyle.Render(\"DELETED\")\n\tcase apiclient.VOLUMESTATE_ERROR:\n\t\treturn common.ErrorStyle.Render(\"ERROR\")\n\tdefault:\n\t\treturn common.UndefinedStyle.Render(\"/\")\n\t}\n}\n" }, { "path": "apps/cli/views/volume/list.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage volume\n\nimport (\n\t\"fmt\"\n\t\"sort\"\n\n\t\"github.com/daytonaio/daytona/cli/views/common\"\n\t\"github.com/daytonaio/daytona/cli/views/util\"\n\tapiclient \"github.com/daytonaio/daytona/libs/api-client-go\"\n)\n\ntype RowData struct {\n\tName string\n\tState string\n\tSize string\n\tCreated string\n}\n\nfunc ListVolumes(volumeList []apiclient.VolumeDto, activeOrganizationName *string) {\n\tif len(volumeList) == 0 {\n\t\tutil.NotifyEmptyVolumeList(true)\n\t\treturn\n\t}\n\n\tSortVolumes(&volumeList)\n\n\theaders := []string{\"Volume\", \"State\", \"Size\", \"Created\"}\n\n\tdata := [][]string{}\n\n\tfor _, v := range volumeList {\n\t\tvar rowData *RowData\n\t\tvar row []string\n\n\t\trowData = getTableRowData(v)\n\t\trow = getRowFromRowData(*rowData)\n\t\tdata = append(data, row)\n\t}\n\n\ttable := util.GetTableView(data, headers, activeOrganizationName, func() {\n\t\trenderUnstyledList(volumeList)\n\t})\n\n\tfmt.Println(table)\n}\n\nfunc SortVolumes(volumeList *[]apiclient.VolumeDto) {\n\tsort.Slice(*volumeList, func(i, j int) bool {\n\t\tif (*volumeList)[i].State != (*volumeList)[j].State {\n\t\t\tpi, pj := getStateSortPriorities((*volumeList)[i].State, (*volumeList)[j].State)\n\t\t\treturn pi < pj\n\t\t}\n\n\t\t// If two volumes have the same state priority, compare the CreatedAt property\n\t\treturn (*volumeList)[i].CreatedAt > (*volumeList)[j].CreatedAt\n\t})\n}\n\nfunc getTableRowData(volume apiclient.VolumeDto) *RowData {\n\trowData := RowData{\"\", \"\", \"\", \"\"}\n\trowData.Name = volume.Name + util.AdditionalPropertyPadding\n\trowData.State = getStateLabel(volume.State)\n\trowData.Created = util.GetTimeSinceLabelFromString(volume.CreatedAt)\n\treturn &rowData\n}\n\nfunc renderUnstyledList(volumeList []apiclient.VolumeDto) {\n\tfor _, volume := range volumeList {\n\t\tRenderInfo(&volume, true)\n\n\t\tif volume.Id != volumeList[len(volumeList)-1].Id {\n\t\t\tfmt.Printf(\"\\n%s\\n\\n\", common.SeparatorString)\n\t\t}\n\t}\n}\n\nfunc getRowFromRowData(rowData RowData) []string {\n\trow := []string{\n\t\tcommon.NameStyle.Render(rowData.Name),\n\t\trowData.State,\n\t\tcommon.DefaultRowDataStyle.Render(rowData.Size),\n\t\tcommon.DefaultRowDataStyle.Render(rowData.Created),\n\t}\n\n\treturn row\n}\n\nfunc getStateSortPriorities(state1, state2 apiclient.VolumeState) (int, int) {\n\tpi, ok := volumeListStatePriorities[state1]\n\tif !ok {\n\t\tpi = 99\n\t}\n\tpj, ok2 := volumeListStatePriorities[state2]\n\tif !ok2 {\n\t\tpj = 99\n\t}\n\n\treturn pi, pj\n}\n\n// Volumes that have actions being performed on them have a higher priority when listing\nvar volumeListStatePriorities = map[apiclient.VolumeState]int{\n\tapiclient.VOLUMESTATE_PENDING_CREATE: 1,\n\tapiclient.VOLUMESTATE_CREATING: 1,\n\tapiclient.VOLUMESTATE_PENDING_DELETE: 1,\n\tapiclient.VOLUMESTATE_DELETING: 1,\n\tapiclient.VOLUMESTATE_READY: 2,\n\tapiclient.VOLUMESTATE_ERROR: 3,\n\tapiclient.VOLUMESTATE_DELETED: 4,\n}\n" }, { "path": "apps/daemon/.gitignore", "content": "pkg/terminal/static\n!pkg/terminal/static/index.html\n" }, { "path": "apps/daemon/cmd/daemon/config/config.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage config\n\nimport (\n\t\"time\"\n\n\t\"github.com/go-playground/validator/v10\"\n\t\"github.com/kelseyhightower/envconfig\"\n)\n\ntype Config struct {\n\tDaemonLogFilePath string `envconfig:\"DAYTONA_DAEMON_LOG_FILE_PATH\"`\n\tUserHomeAsWorkDir bool `envconfig:\"DAYTONA_USER_HOME_AS_WORKDIR\"`\n\tSandboxId string `envconfig:\"DAYTONA_SANDBOX_ID\" validate:\"required\"`\n\tOtelEndpoint *string `envconfig:\"DAYTONA_OTEL_ENDPOINT\"`\n\tTerminationCheckInterval time.Duration `envconfig:\"DAYTONA_TERMINATION_CHECK_INTERVAL\" default:\"100ms\" validate:\"min_duration=1ms\"`\n\tTerminationGracePeriod time.Duration `envconfig:\"DAYTONA_TERMINATION_GRACE_PERIOD\" default:\"5s\" validate:\"min_duration=1s\"`\n\tRecordingsDir string `envconfig:\"DAYTONA_RECORDINGS_DIR\"`\n\tOrganizationId *string `envconfig:\"DAYTONA_ORGANIZATION_ID\"`\n\tRegionId *string `envconfig:\"DAYTONA_REGION_ID\"`\n}\n\nvar defaultDaemonLogFilePath = \"/tmp/daytona-daemon.log\"\n\nvar config *Config\n\nfunc GetConfig() (*Config, error) {\n\tif config != nil {\n\t\treturn config, nil\n\t}\n\n\tconfig = &Config{}\n\n\terr := envconfig.Process(\"\", config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tvar validate = validator.New()\n\n\t// Register a custom tag \"min_duration\" that accepts a duration string like \"1ms\"\n\terr = validate.RegisterValidation(\"min_duration\", func(fl validator.FieldLevel) bool {\n\t\tmin, err := time.ParseDuration(fl.Param())\n\t\tif err != nil {\n\t\t\treturn false\n\t\t}\n\t\td, ok := fl.Field().Interface().(time.Duration)\n\t\tif !ok {\n\t\t\treturn false\n\t\t}\n\t\treturn d >= min\n\t})\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\terr = validate.Struct(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif config.DaemonLogFilePath == \"\" {\n\t\tconfig.DaemonLogFilePath = defaultDaemonLogFilePath\n\t}\n\n\treturn config, nil\n}\n" }, { "path": "apps/daemon/cmd/daemon/main.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage main\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"io\"\n\t\"log/slog\"\n\t\"os\"\n\t\"os/signal\"\n\t\"path/filepath\"\n\t\"syscall\"\n\t\"time\"\n\n\tgolog \"log\"\n\n\t\"github.com/daytonaio/common-go/pkg/log\"\n\t\"github.com/daytonaio/daemon/cmd/daemon/config\"\n\t\"github.com/daytonaio/daemon/internal/util\"\n\t\"github.com/daytonaio/daemon/pkg/recording\"\n\t\"github.com/daytonaio/daemon/pkg/recordingdashboard\"\n\t\"github.com/daytonaio/daemon/pkg/session\"\n\t\"github.com/daytonaio/daemon/pkg/ssh\"\n\t\"github.com/daytonaio/daemon/pkg/terminal\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox\"\n\t\"github.com/lmittmann/tint\"\n\t\"github.com/mattn/go-isatty\"\n)\n\nfunc main() {\n\tos.Exit(run())\n}\n\nfunc run() int {\n\tlogLevel := log.ParseLogLevel(os.Getenv(\"LOG_LEVEL\"))\n\n\t// Create the console handler with tint for colored output\n\tconsoleHandler := tint.NewHandler(os.Stdout, &tint.Options{\n\t\tNoColor: !isatty.IsTerminal(os.Stdout.Fd()),\n\t\tTimeFormat: time.RFC3339,\n\t\tLevel: logLevel,\n\t})\n\n\tlogger := slog.New(consoleHandler)\n\tslog.SetDefault(logger)\n\n\t// Redirect standard library log to slog\n\tgolog.SetOutput(&log.DebugLogWriter{})\n\n\thomeDir, err := os.UserHomeDir()\n\tif err != nil {\n\t\tlogger.Error(\"Failed to get user home directory\", \"error\", err)\n\t\treturn 2\n\t}\n\n\tconfigDir := filepath.Join(homeDir, \".daytona\")\n\terr = os.MkdirAll(configDir, 0755)\n\tif err != nil {\n\t\tlogger.Error(\"Failed to create config directory\", \"path\", configDir, \"error\", err)\n\t\treturn 2\n\t}\n\n\tentrypointLogFilePath := filepath.Join(configDir, \"sessions\", util.EntrypointSessionID, util.EntrypointCommandID, \"output.log\")\n\n\t// Check if user wants to read entrypoint logs\n\targs := os.Args[1:]\n\tif len(args) == 2 && args[0] == \"entrypoint\" && args[1] == \"logs\" {\n\t\terr := util.ReadEntrypointLogs(entrypointLogFilePath)\n\t\tif err != nil {\n\t\t\tif errors.Is(err, os.ErrNotExist) {\n\t\t\t\tlogger.Warn(\"Logs not found, please check if correct entrypoint was provided for sandbox.\")\n\t\t\t} else {\n\t\t\t\tlogger.Error(\"Failed to read entrypoint log file\", \"error\", err)\n\t\t\t}\n\n\t\t\treturn 1\n\t\t}\n\n\t\treturn 0\n\t}\n\n\tc, err := config.GetConfig()\n\tif err != nil {\n\t\tlogger.Error(\"Failed to get config\", \"error\", err)\n\t\treturn 2\n\t}\n\n\t// If workdir in image is not set, use user home as workdir\n\tif c.UserHomeAsWorkDir {\n\t\terr = os.Chdir(homeDir)\n\t\tif err != nil {\n\t\t\tlogger.Warn(\"Failed to change working directory to home directory\", \"error\", err)\n\t\t}\n\t}\n\n\tvar logWriter io.Writer\n\tif c.DaemonLogFilePath != \"\" {\n\t\tlogFile, err := os.OpenFile(c.DaemonLogFilePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)\n\t\tif err != nil {\n\t\t\tlogger.Error(\"Failed to open log file\", \"path\", c.DaemonLogFilePath, \"error\", err)\n\t\t} else {\n\t\t\tdefer logFile.Close()\n\t\t\tlogWriter = logFile\n\n\t\t\tfileHandler := slog.NewTextHandler(logWriter, &slog.HandlerOptions{\n\t\t\t\tLevel: logLevel,\n\t\t\t})\n\t\t\thandler := log.NewMultiHandler([]slog.Handler{consoleHandler, fileHandler}...)\n\n\t\t\tlogger = slog.New(handler)\n\t\t\tslog.SetDefault(logger)\n\t\t}\n\t}\n\n\tsessionService := session.NewSessionService(logger, configDir, c.TerminationGracePeriod, c.TerminationCheckInterval)\n\n\t// Execute passed arguments as command in entrypoint session\n\tif len(args) > 0 {\n\t\t// Create entrypoint session\n\t\terr = sessionService.Create(util.EntrypointSessionID, false)\n\t\tif err != nil {\n\t\t\tlogger.Error(\"Failed to create entrypoint session\", \"error\", err)\n\t\t\treturn 2\n\t\t}\n\n\t\t// Defer entrypoint session deletion concurrently with toolbox shutdown\n\t\tdefer func() {\n\t\t\tdelErr := sessionService.Delete(context.Background(), util.EntrypointSessionID)\n\t\t\tif delErr != nil {\n\t\t\t\tlogger.Error(\"Failed to delete entrypoint session\", \"error\", delErr)\n\t\t\t} else {\n\t\t\t\tlogger.Debug(\"Deleted entrypoint session\", \"session_id\", util.EntrypointSessionID)\n\t\t\t}\n\t\t}()\n\n\t\tlogger.Debug(\"Created entrypoint session\", \"session_id\", util.EntrypointSessionID)\n\n\t\t// Execute command asynchronously via session\n\t\tcommand := util.ShellQuoteJoin(args)\n\t\t_, err := sessionService.Execute(\n\t\t\tutil.EntrypointSessionID,\n\t\t\tutil.EntrypointCommandID,\n\t\t\tcommand,\n\t\t\ttrue, // async=true for non-blocking\n\t\t\tfalse, // isCombinedOutput=false\n\t\t\ttrue, // suppressInputEcho=true\n\t\t)\n\t\tif err != nil {\n\t\t\tlogger.Error(\"Failed to execute entrypoint command\", \"error\", err)\n\t\t\treturn 2\n\t\t}\n\t}\n\n\terrChan := make(chan error)\n\n\tworkDir, err := os.Getwd()\n\tif err != nil {\n\t\tlogger.Error(\"Failed to get current working directory\", \"error\", err)\n\t\treturn 2\n\t}\n\n\trecordingsDir := c.RecordingsDir\n\tif recordingsDir == \"\" {\n\t\trecordingsDir = filepath.Join(configDir, \"recordings\")\n\t}\n\trecordingService := recording.NewRecordingService(logger, recordingsDir)\n\n\ttoolBoxServer := toolbox.NewServer(toolbox.ServerConfig{\n\t\tLogger: logger,\n\t\tWorkDir: workDir,\n\t\tConfigDir: configDir,\n\t\tOtelEndpoint: c.OtelEndpoint,\n\t\tSandboxId: c.SandboxId,\n\t\tSessionService: sessionService,\n\t\tRecordingService: recordingService,\n\t\tOrganizationId: c.OrganizationId,\n\t\tRegionId: c.RegionId,\n\t\tEntrypointLogFilePath: entrypointLogFilePath,\n\t})\n\n\t// Start the toolbox server in a go routine\n\tgo func() {\n\t\terr := toolBoxServer.Start()\n\t\tif err != nil {\n\t\t\terrChan <- err\n\t\t}\n\t}()\n\n\t// Start terminal server\n\tgo func() {\n\t\tif err := terminal.StartTerminalServer(22222); err != nil {\n\t\t\terrChan <- err\n\t\t}\n\t}()\n\n\t// Start recording dashboard server\n\tgo func() {\n\t\tif err := recordingdashboard.NewDashboardServer(logger, recordingService).Start(); err != nil {\n\t\t\terrChan <- err\n\t\t}\n\t}()\n\n\tsshServer := ssh.NewServer(logger, workDir, workDir)\n\n\tgo func() {\n\t\tif err := sshServer.Start(); err != nil {\n\t\t\terrChan <- err\n\t\t}\n\t}()\n\n\t// Set up signal handling for graceful shutdown\n\tsigChan := make(chan os.Signal, 1)\n\tsignal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)\n\n\t// Wait for either an error or shutdown signal\n\tselect {\n\tcase err := <-errChan:\n\t\tlogger.Error(\"Error occurred\", \"error\", err)\n\tcase sig := <-sigChan:\n\t\tlogger.Info(\"Received signal, shutting down gracefully...\", \"signal\", sig)\n\t}\n\n\t// Toolbox server graceful shutdown\n\ttoolBoxServer.Shutdown()\n\n\tslog.Info(\"Shutdown complete\")\n\treturn 0\n}\n" }, { "path": "apps/daemon/go.mod", "content": "module github.com/daytonaio/daemon\n\ngo 1.25.4\n\n// v0.5.0 breaks tailscale-connected docker clients so we need to pin it to v0.4.0\nreplace github.com/docker/go-connections => github.com/docker/go-connections v0.4.0\n\n// samber/lo v1.47.0 - required by headscale breaks frp\nreplace github.com/samber/lo => github.com/samber/lo v1.39.0\n\nrequire (\n\tgithub.com/Masterminds/semver/v3 v3.4.0\n\tgithub.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5\n\tgithub.com/creack/pty v1.1.23\n\tgithub.com/gin-gonic/gin v1.10.1\n\tgithub.com/gliderlabs/ssh v0.3.8\n\tgithub.com/go-git/go-git/v5 v5.16.5\n\tgithub.com/go-playground/validator/v10 v10.27.0\n\tgithub.com/google/uuid v1.6.0\n\tgithub.com/gorilla/websocket v1.5.3\n\tgithub.com/hashicorp/go-hclog v1.6.3\n\tgithub.com/hashicorp/go-plugin v1.6.3\n\tgithub.com/kelseyhightower/envconfig v1.4.0\n\tgithub.com/lmittmann/tint v1.1.2\n\tgithub.com/mattn/go-isatty v0.0.20\n\tgithub.com/orcaman/concurrent-map/v2 v2.0.1\n\tgithub.com/pkg/sftp v1.13.6\n\tgithub.com/samber/slog-gin v1.20.1\n\tgithub.com/shirou/gopsutil/v4 v4.25.12\n\tgithub.com/sourcegraph/jsonrpc2 v0.2.0\n\tgithub.com/stretchr/testify v1.11.1\n\tgithub.com/swaggo/files v1.0.1\n\tgithub.com/swaggo/gin-swagger v1.6.0\n\tgithub.com/swaggo/swag v1.16.4\n\tgo.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin v0.63.0\n\tgo.opentelemetry.io/otel/sdk v1.40.0\n\tgo.opentelemetry.io/otel/sdk/log v0.14.0\n\tgo.opentelemetry.io/otel/sdk/metric v1.40.0\n\tgolang.org/x/crypto v0.47.0\n\tgolang.org/x/sys v0.40.0\n\tgopkg.in/ini.v1 v1.67.0\n)\n\nrequire (\n\tdario.cat/mergo v1.0.1 // indirect\n\tgithub.com/KyleBanks/depth v1.2.1 // indirect\n\tgithub.com/Microsoft/go-winio v0.6.2 // indirect\n\tgithub.com/ProtonMail/go-crypto v1.1.6 // indirect\n\tgithub.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect\n\tgithub.com/bytedance/sonic v1.14.0 // indirect\n\tgithub.com/bytedance/sonic/loader v0.3.0 // indirect\n\tgithub.com/cespare/xxhash/v2 v2.3.0 // indirect\n\tgithub.com/cloudflare/circl v1.6.3 // indirect\n\tgithub.com/cloudwego/base64x v0.1.6 // indirect\n\tgithub.com/cyphar/filepath-securejoin v0.4.1 // indirect\n\tgithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect\n\tgithub.com/ebitengine/purego v0.9.1 // indirect\n\tgithub.com/emirpasic/gods v1.18.1 // indirect\n\tgithub.com/fatih/color v1.15.0 // indirect\n\tgithub.com/gabriel-vasile/mimetype v1.4.10 // indirect\n\tgithub.com/gin-contrib/sse v1.1.0 // indirect\n\tgithub.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect\n\tgithub.com/go-git/go-billy/v5 v5.6.2 // indirect\n\tgithub.com/go-logr/logr v1.4.3 // indirect\n\tgithub.com/go-logr/stdr v1.2.2 // indirect\n\tgithub.com/go-ole/go-ole v1.3.0 // indirect\n\tgithub.com/go-openapi/jsonpointer v0.21.0 // indirect\n\tgithub.com/go-openapi/jsonreference v0.21.0 // indirect\n\tgithub.com/go-openapi/spec v0.21.0 // indirect\n\tgithub.com/go-openapi/swag v0.23.0 // indirect\n\tgithub.com/go-playground/locales v0.14.1 // indirect\n\tgithub.com/go-playground/universal-translator v0.18.1 // indirect\n\tgithub.com/goccy/go-json v0.10.5 // indirect\n\tgithub.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect\n\tgithub.com/golang/protobuf v1.5.4 // indirect\n\tgithub.com/hashicorp/yamux v0.1.1 // indirect\n\tgithub.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect\n\tgithub.com/josharian/intern v1.0.0 // indirect\n\tgithub.com/json-iterator/go v1.1.12 // indirect\n\tgithub.com/kevinburke/ssh_config v1.2.0 // indirect\n\tgithub.com/klauspost/cpuid/v2 v2.3.0 // indirect\n\tgithub.com/kr/fs v0.1.0 // indirect\n\tgithub.com/leodido/go-urn v1.4.0 // indirect\n\tgithub.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 // indirect\n\tgithub.com/mailru/easyjson v0.7.7 // indirect\n\tgithub.com/mattn/go-colorable v0.1.13 // indirect\n\tgithub.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect\n\tgithub.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect\n\tgithub.com/oklog/run v1.0.0 // indirect\n\tgithub.com/pelletier/go-toml/v2 v2.2.4 // indirect\n\tgithub.com/pjbgf/sha1cd v0.3.2 // indirect\n\tgithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect\n\tgithub.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect\n\tgithub.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect\n\tgithub.com/skeema/knownhosts v1.3.1 // indirect\n\tgithub.com/tklauser/go-sysconf v0.3.16 // indirect\n\tgithub.com/tklauser/numcpus v0.11.0 // indirect\n\tgithub.com/twitchyliquid64/golang-asm v0.15.1 // indirect\n\tgithub.com/ugorji/go/codec v1.3.0 // indirect\n\tgithub.com/xanzy/ssh-agent v0.3.3 // indirect\n\tgithub.com/yusufpapurcu/wmi v1.2.4 // indirect\n\tgo.opentelemetry.io/auto/sdk v1.2.1 // indirect\n\tgo.opentelemetry.io/otel v1.40.0 // indirect\n\tgo.opentelemetry.io/otel/log v0.14.0 // indirect\n\tgo.opentelemetry.io/otel/metric v1.40.0 // indirect\n\tgo.opentelemetry.io/otel/trace v1.40.0 // indirect\n\tgolang.org/x/arch v0.20.0 // indirect\n\tgolang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect\n\tgolang.org/x/net v0.49.0 // indirect\n\tgolang.org/x/text v0.33.0 // indirect\n\tgolang.org/x/tools v0.40.0 // indirect\n\tgoogle.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 // indirect\n\tgoogle.golang.org/grpc v1.79.3 // indirect\n\tgoogle.golang.org/protobuf v1.36.11 // indirect\n\tgopkg.in/warnings.v0 v0.1.2 // indirect\n\tgopkg.in/yaml.v3 v3.0.1 // indirect\n)\n" }, { "path": "apps/daemon/go.sum", "content": "dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=\ndario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=\ngithub.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc=\ngithub.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE=\ngithub.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=\ngithub.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=\ngithub.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=\ngithub.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=\ngithub.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=\ngithub.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw=\ngithub.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=\ngithub.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=\ngithub.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=\ngithub.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=\ngithub.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=\ngithub.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA=\ngithub.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8=\ngithub.com/bytedance/sonic v1.14.0 h1:/OfKt8HFw0kh2rj8N0F6C/qPGRESq0BbaNZgcNXXzQQ=\ngithub.com/bytedance/sonic v1.14.0/go.mod h1:WoEbx8WTcFJfzCe0hbmyTGrfjt8PzNEBdxlNUO24NhA=\ngithub.com/bytedance/sonic/loader v0.3.0 h1:dskwH8edlzNMctoruo8FPTJDF3vLtDT0sXZwvZJyqeA=\ngithub.com/bytedance/sonic/loader v0.3.0/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=\ngithub.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5 h1:BjkPE3785EwPhhyuFkbINB+2a1xATwk8SNDWnJiD41g=\ngithub.com/cakturk/go-netstat v0.0.0-20200220111822-e5b49efee7a5/go.mod h1:jtAfVaU/2cu1+wdSRPWE2c1N2qeAA3K4RH9pYgqwets=\ngithub.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=\ngithub.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=\ngithub.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8=\ngithub.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4=\ngithub.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=\ngithub.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=\ngithub.com/creack/pty v1.1.23 h1:4M6+isWdcStXEf15G/RbrMPOQj1dZ7HPZCGwE4kOeP0=\ngithub.com/creack/pty v1.1.23/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=\ngithub.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=\ngithub.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=\ngithub.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=\ngithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/ebitengine/purego v0.9.1 h1:a/k2f2HQU3Pi399RPW1MOaZyhKJL9w/xFpKAg4q1s0A=\ngithub.com/ebitengine/purego v0.9.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=\ngithub.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o=\ngithub.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE=\ngithub.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=\ngithub.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=\ngithub.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=\ngithub.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=\ngithub.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=\ngithub.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0=\ngithub.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=\ngithub.com/gin-contrib/gzip v0.0.6 h1:NjcunTcGAj5CO1gn4N8jHOSIeRFHIbn51z6K+xaN4d4=\ngithub.com/gin-contrib/gzip v0.0.6/go.mod h1:QOJlmV2xmayAjkNS2Y8NQsMneuRShOU/kjovCXNuzzk=\ngithub.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=\ngithub.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=\ngithub.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=\ngithub.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=\ngithub.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=\ngithub.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=\ngithub.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=\ngithub.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=\ngithub.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=\ngithub.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=\ngithub.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=\ngithub.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=\ngithub.com/go-git/go-git/v5 v5.16.5 h1:mdkuqblwr57kVfXri5TTH+nMFLNUxIj9Z7F5ykFbw5s=\ngithub.com/go-git/go-git/v5 v5.16.5/go.mod h1:QOMLpNf1qxuSY4StA/ArOdfFR2TrKEjJiye2kel2m+M=\ngithub.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=\ngithub.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=\ngithub.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=\ngithub.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=\ngithub.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=\ngithub.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=\ngithub.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=\ngithub.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=\ngithub.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=\ngithub.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=\ngithub.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=\ngithub.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=\ngithub.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=\ngithub.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=\ngithub.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=\ngithub.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=\ngithub.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=\ngithub.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=\ngithub.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=\ngithub.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=\ngithub.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=\ngithub.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=\ngithub.com/go-playground/validator/v10 v10.27.0 h1:w8+XrWVMhGkxOaaowyKH35gFydVHOvC0/uWoy2Fzwn4=\ngithub.com/go-playground/validator/v10 v10.27.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=\ngithub.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=\ngithub.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=\ngithub.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=\ngithub.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=\ngithub.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=\ngithub.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=\ngithub.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=\ngithub.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=\ngithub.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=\ngithub.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=\ngithub.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=\ngithub.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=\ngithub.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=\ngithub.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=\ngithub.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=\ngithub.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=\ngithub.com/hashicorp/go-plugin v1.6.3 h1:xgHB+ZUSYeuJi96WtxEjzi23uh7YQpznjGh0U0UUrwg=\ngithub.com/hashicorp/go-plugin v1.6.3/go.mod h1:MRobyh+Wc/nYy1V4KAXUiYfzxoYhs7V1mlH1Z7iY2h0=\ngithub.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=\ngithub.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=\ngithub.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=\ngithub.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=\ngithub.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c=\ngithub.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gavG9e0Q693nKo=\ngithub.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=\ngithub.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=\ngithub.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=\ngithub.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=\ngithub.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=\ngithub.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=\ngithub.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=\ngithub.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=\ngithub.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=\ngithub.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=\ngithub.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=\ngithub.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=\ngithub.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=\ngithub.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=\ngithub.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=\ngithub.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=\ngithub.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=\ngithub.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=\ngithub.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=\ngithub.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=\ngithub.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=\ngithub.com/lmittmann/tint v1.1.2 h1:2CQzrL6rslrsyjqLDwD11bZ5OpLBPU+g3G/r5LSfS8w=\ngithub.com/lmittmann/tint v1.1.2/go.mod h1:HIS3gSy7qNwGCj+5oRjAutErFBl4BzdQP6cJZ0NfMwE=\ngithub.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 h1:PwQumkgq4/acIiZhtifTV5OUqqiP82UAl0h87xj/l9k=\ngithub.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=\ngithub.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=\ngithub.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=\ngithub.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=\ngithub.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=\ngithub.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=\ngithub.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=\ngithub.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=\ngithub.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=\ngithub.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=\ngithub.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=\ngithub.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=\ngithub.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=\ngithub.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=\ngithub.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=\ngithub.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=\ngithub.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8=\ngithub.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=\ngithub.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=\ngithub.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=\ngithub.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=\ngithub.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=\ngithub.com/orcaman/concurrent-map/v2 v2.0.1 h1:jOJ5Pg2w1oeB6PeDurIYf6k9PQ+aTITr/6lP/L/zp6c=\ngithub.com/orcaman/concurrent-map/v2 v2.0.1/go.mod h1:9Eq3TG2oBe5FirmYWQfYO5iH1q0Jv47PLaNK++uCdOM=\ngithub.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=\ngithub.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=\ngithub.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4=\ngithub.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A=\ngithub.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=\ngithub.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=\ngithub.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo=\ngithub.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk=\ngithub.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=\ngithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=\ngithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=\ngithub.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=\ngithub.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=\ngithub.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=\ngithub.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=\ngithub.com/samber/slog-gin v1.20.1 h1:75wbryS7XrmGcVu/lfOwSFWWjmGoqV4GlE41nQFP0a4=\ngithub.com/samber/slog-gin v1.20.1/go.mod h1:7R4VMQGENllRLLnwGyoB5nUSB+qzxThpGe5G02xla6o=\ngithub.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=\ngithub.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=\ngithub.com/shirou/gopsutil/v4 v4.25.12 h1:e7PvW/0RmJ8p8vPGJH4jvNkOyLmbkXgXW4m6ZPic6CY=\ngithub.com/shirou/gopsutil/v4 v4.25.12/go.mod h1:EivAfP5x2EhLp2ovdpKSozecVXn1TmuG7SMzs/Wh4PU=\ngithub.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=\ngithub.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8=\ngithub.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY=\ngithub.com/sourcegraph/jsonrpc2 v0.2.0 h1:KjN/dC4fP6aN9030MZCJs9WQbTOjWHhrtKVpzzSrr/U=\ngithub.com/sourcegraph/jsonrpc2 v0.2.0/go.mod h1:ZafdZgk/axhT1cvZAPOhw+95nz2I/Ra5qMlU4gTRwIo=\ngithub.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=\ngithub.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=\ngithub.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=\ngithub.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=\ngithub.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=\ngithub.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=\ngithub.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=\ngithub.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=\ngithub.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=\ngithub.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=\ngithub.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=\ngithub.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=\ngithub.com/swaggo/files v1.0.1 h1:J1bVJ4XHZNq0I46UU90611i9/YzdrF7x92oX1ig5IdE=\ngithub.com/swaggo/files v1.0.1/go.mod h1:0qXmMNH6sXNf+73t65aKeB+ApmgxdnkQzVTAj2uaMUg=\ngithub.com/swaggo/gin-swagger v1.6.0 h1:y8sxvQ3E20/RCyrXeFfg60r6H0Z+SwpTjMYsMm+zy8M=\ngithub.com/swaggo/gin-swagger v1.6.0/go.mod h1:BG00cCEy294xtVpyIAHG6+e2Qzj/xKlRdOqDkvq0uzo=\ngithub.com/swaggo/swag v1.16.4 h1:clWJtd9LStiG3VeijiCfOVODP6VpHtKdQy9ELFG3s1A=\ngithub.com/swaggo/swag v1.16.4/go.mod h1:VBsHJRsDvfYvqoiMKnsdwhNV9LEMHgEDZcyVYX0sxPg=\ngithub.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA=\ngithub.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI=\ngithub.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw=\ngithub.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ=\ngithub.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=\ngithub.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=\ngithub.com/ugorji/go/codec v1.3.0 h1:Qd2W2sQawAfG8XSvzwhBeoGq71zXOC/Q1E9y/wUcsUA=\ngithub.com/ugorji/go/codec v1.3.0/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=\ngithub.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=\ngithub.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=\ngithub.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=\ngithub.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=\ngithub.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=\ngo.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=\ngo.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=\ngo.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin v0.63.0 h1:5kSIJ0y8ckZZKoDhZHdVtcyjVi6rXyAwyaR8mp4zLbg=\ngo.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin v0.63.0/go.mod h1:i+fIMHvcSQtsIY82/xgiVWRklrNt/O6QriHLjzGeY+s=\ngo.opentelemetry.io/contrib/propagators/b3 v1.38.0 h1:uHsCCOSKl0kLrV2dLkFK+8Ywk9iKa/fptkytc6aFFEo=\ngo.opentelemetry.io/contrib/propagators/b3 v1.38.0/go.mod h1:wMRSZJZcY8ya9mApLLhwIMjqmApy2o/Ml+62lhvxyHU=\ngo.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=\ngo.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=\ngo.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.38.0 h1:kJxSDN4SgWWTjG/hPp3O7LCGLcHXFlvS2/FFOrwL+SE=\ngo.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.38.0/go.mod h1:mgIOzS7iZeKJdeB8/NYHrJ48fdGc71Llo5bJ1J4DWUE=\ngo.opentelemetry.io/otel/log v0.14.0 h1:2rzJ+pOAZ8qmZ3DDHg73NEKzSZkhkGIua9gXtxNGgrM=\ngo.opentelemetry.io/otel/log v0.14.0/go.mod h1:5jRG92fEAgx0SU/vFPxmJvhIuDU9E1SUnEQrMlJpOno=\ngo.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=\ngo.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=\ngo.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=\ngo.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=\ngo.opentelemetry.io/otel/sdk/log v0.14.0 h1:JU/U3O7N6fsAXj0+CXz21Czg532dW2V4gG1HE/e8Zrg=\ngo.opentelemetry.io/otel/sdk/log v0.14.0/go.mod h1:imQvII+0ZylXfKU7/wtOND8Hn4OpT3YUoIgqJVksUkM=\ngo.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=\ngo.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=\ngo.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=\ngo.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=\ngo.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=\ngo.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=\ngolang.org/x/arch v0.20.0 h1:dx1zTU0MAE98U+TQ8BLl7XsJbgze2WnNKF/8tGp/Q6c=\ngolang.org/x/arch v0.20.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=\ngolang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=\ngolang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=\ngolang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=\ngolang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=\ngolang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=\ngolang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=\ngolang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o=\ngolang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=\ngolang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=\ngolang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=\ngolang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=\ngolang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=\ngolang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=\ngolang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=\ngolang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=\ngolang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=\ngolang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=\ngolang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=\ngolang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=\ngolang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=\ngolang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=\ngolang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=\ngolang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=\ngolang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=\ngolang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=\ngolang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=\ngolang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=\ngolang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=\ngolang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww=\ngolang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=\ngolang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=\ngolang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=\ngolang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=\ngolang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=\ngolang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=\ngolang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=\ngolang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=\ngolang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=\ngolang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=\ngolang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=\ngolang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=\ngolang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=\ngonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=\ngoogle.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 h1:H86B94AW+VfJWDqFeEbBPhEtHzJwJfTbgE2lZa54ZAQ=\ngoogle.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=\ngoogle.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=\ngoogle.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=\ngoogle.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=\ngopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=\ngopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=\ngopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=\ngopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=\ngopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=\ngopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=\ngopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=\ngopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=\ngopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\ngopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=\ngopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=\ngopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=\ngopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=\n" }, { "path": "apps/daemon/internal/buildinfo.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage internal\n\nvar (\n\tVersion = \"v0.0.0-dev\"\n)\n" }, { "path": "apps/daemon/internal/util/entrypoint_logs.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/daytonaio/common-go/pkg/log\"\n)\n\nfunc ReadEntrypointLogs(entrypointLogFilePath string) error {\n\tif entrypointLogFilePath == \"\" {\n\t\treturn errors.New(\"entrypoint log file path is not configured\")\n\t}\n\n\tlogFile, err := os.Open(entrypointLogFilePath)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to open entrypoint log file at %s: %w\", entrypointLogFilePath, err)\n\t}\n\tdefer logFile.Close()\n\n\terrChan := make(chan error, 1)\n\tstdoutChan := make(chan []byte)\n\tstderrChan := make(chan []byte)\n\tctx, cancel := context.WithCancel(context.Background())\n\tdefer cancel()\n\tgo log.ReadMultiplexedLog(ctx, logFile, true, stdoutChan, stderrChan, errChan)\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil\n\t\tcase line := <-stdoutChan:\n\t\t\t_, err := os.Stdout.Write(line)\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to write entrypoint log line to stdout: %w\", err)\n\t\t\t}\n\t\tcase line := <-stderrChan:\n\t\t\t_, err := os.Stderr.Write(line)\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to write entrypoint log line to stderr: %w\", err)\n\t\t\t}\n\t\tcase err := <-errChan:\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "apps/daemon/internal/util/entrypoint_session.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\nconst EntrypointSessionID string = \"entrypoint\"\nconst EntrypointCommandID string = \"entrypoint_command\"\nconst EmptyCommandID string = \"\"\n" }, { "path": "apps/daemon/internal/util/log_reader.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\nimport (\n\t\"bufio\"\n\t\"context\"\n\t\"io\"\n\t\"os\"\n\t\"strings\"\n\t\"time\"\n)\n\nfunc ReadLogWithExitCode(ctx context.Context, logReader io.Reader, follow bool, exitCodeFilePath string, c chan []byte, errChan chan error) {\n\treader := bufio.NewReader(logReader)\n\tconsecutiveEOFCount := 0\n\tmaxConsecutiveEOF := 50 // Check exit code after 50 consecutive EOF reads ( 50 * 20ms = 1 second)\n\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn\n\t\tdefault:\n\t\t\tbytes := make([]byte, 1024)\n\t\t\tn, err := reader.Read(bytes)\n\n\t\t\tif err != nil {\n\t\t\t\tif err != io.EOF {\n\t\t\t\t\terrChan <- err\n\t\t\t\t\treturn\n\t\t\t\t} else if !follow {\n\t\t\t\t\terrChan <- io.EOF\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\t// EOF while following - increment counter\n\t\t\t\tconsecutiveEOFCount++\n\n\t\t\t\t// Check exit code after maxConsecutiveEOF consecutive EOF reads\n\t\t\t\tif exitCodeFilePath != \"\" && consecutiveEOFCount >= maxConsecutiveEOF {\n\t\t\t\t\thasExit := hasExitCode(exitCodeFilePath)\n\t\t\t\t\tif hasExit {\n\t\t\t\t\t\terrChan <- io.EOF\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\t\t\t\t\t// Reset counter and continue\n\t\t\t\t\tconsecutiveEOFCount = 0\n\t\t\t\t}\n\n\t\t\t\t// Sleep for a short time to avoid busy-waiting\n\t\t\t\ttime.Sleep(20 * time.Millisecond)\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// Reset EOF counter on successful read\n\t\t\tif consecutiveEOFCount > 0 {\n\t\t\t\tconsecutiveEOFCount = 0\n\t\t\t}\n\n\t\t\tif n > 0 {\n\t\t\t\t// Create a new slice with only the actual read data to avoid sending null bytes\n\t\t\t\tdata := make([]byte, n)\n\t\t\t\tcopy(data, bytes[:n])\n\t\t\t\tc <- data\n\t\t\t}\n\t\t}\n\t}\n}\n\nfunc hasExitCode(exitCodeFilePath string) bool {\n\tcontent, err := os.ReadFile(exitCodeFilePath)\n\tif err != nil {\n\t\treturn false\n\t}\n\treturn len(strings.TrimSpace(string(content))) > 0\n}\n" }, { "path": "apps/daemon/internal/util/pointer.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\n// Use generics to create a pointer to a value\nfunc Pointer[T any](d T) *T {\n\treturn &d\n}\n" }, { "path": "apps/daemon/internal/util/sandbox.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\nimport (\n\t\"errors\"\n\t\"net/url\"\n\t\"regexp\"\n\t\"strings\"\n)\n\nfunc GetValidatedName(input string) (string, error) {\n\tinput = strings.ReplaceAll(input, \" \", \"-\")\n\n\t// Regular expression that catches letters, numbers, and dashes\n\tpattern := \"^[a-zA-Z0-9-]+$\"\n\n\tmatched, err := regexp.MatchString(pattern, input)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tif !matched {\n\t\treturn \"\", errors.New(\"only letters, numbers, and dashes are allowed\")\n\t}\n\n\treturn input, nil\n}\n\nfunc GetValidatedUrl(input string) (string, error) {\n\t// Check if the input starts with a scheme (e.g., http:// or https://)\n\tif !strings.HasPrefix(input, \"http://\") && !strings.HasPrefix(input, \"https://\") {\n\t\treturn \"\", errors.New(\"input is missing http:// or https://\")\n\t}\n\n\t// Try to parse the input as a URL\n\tparsedURL, err := url.Parse(input)\n\tif err != nil {\n\t\treturn \"\", errors.New(\"input is not a valid URL\")\n\t}\n\n\t// If parsing was successful, return the fixed URL\n\treturn parsedURL.String(), nil\n}\n\nfunc GetRepositorySlugFromUrl(url string, specifyGitProviders bool) string {\n\tif url == \"\" {\n\t\treturn \"/\"\n\t}\n\turl = strings.TrimSuffix(url, \"/\")\n\n\tparts := strings.Split(url, \"/\")\n\tif len(parts) < 2 {\n\t\treturn \"\"\n\t}\n\n\tif specifyGitProviders {\n\t\treturn parts[len(parts)-3] + \"/\" + parts[len(parts)-2] + \"/\" + parts[len(parts)-1]\n\t}\n\n\treturn parts[len(parts)-2] + \"/\" + parts[len(parts)-1]\n}\n\nfunc CleanUpRepositoryUrl(url string) string {\n\turl = strings.ToLower(url)\n\treturn strings.TrimSuffix(url, \"/\")\n}\n" }, { "path": "apps/daemon/internal/util/shell_quote.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\nimport \"strings\"\n\n// ShellQuoteJoin quotes each argument for safe use in a shell command string.\n// Each arg is wrapped in single quotes, with any internal single quotes escaped.\nfunc ShellQuoteJoin(args []string) string {\n\tquoted := make([]string, len(args))\n\tfor i, arg := range args {\n\t\tquoted[i] = \"'\" + strings.ReplaceAll(arg, \"'\", \"'\\\\''\") + \"'\"\n\t}\n\treturn strings.Join(quoted, \" \")\n}\n" }, { "path": "apps/daemon/internal/util/version.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"regexp\"\n\t\"strings\"\n\n\tsemver \"github.com/Masterminds/semver/v3\"\n)\n\n// ExtractSdkVersionFromHeader extracts the SDK version from the headers.\n// If the X-Daytona-SDK-Version header is not present, it looks through\n// the Sec-WebSocket-Protocol header looking for the version protocol formatted like\n// X-Daytona-SDK-Version/.\n// If no version is found, it returns an empty string.\nfunc ExtractSdkVersionFromHeader(header http.Header) string {\n\tif v := header.Get(\"X-Daytona-SDK-Version\"); v != \"\" {\n\t\treturn v\n\t}\n\n\t// no explicit header; look through Sec-WebSocket-Protocol entries\n\tprotocol := ExtractSdkVersionSubprotocol(header)\n\tif protocol != \"\" {\n\t\t// found version protocol; split off the version\n\t\tparts := strings.SplitN(protocol, \"~\", 2)\n\t\tif len(parts) == 2 {\n\t\t\treturn parts[1]\n\t\t}\n\t}\n\n\treturn \"\"\n}\n\n// ExtractSdkVersionSubprotocol extracts the SDK version subprotocol from request headers\n// It looks for the X-Daytona-SDK-Version~ subprotocol in the Sec-WebSocket-Protocol header.\n// Returns an empty string if no SDK version subprotocol is found.\nfunc ExtractSdkVersionSubprotocol(header http.Header) string {\n\tsubprotocols := header.Get(\"Sec-WebSocket-Protocol\")\n\tif subprotocols == \"\" {\n\t\treturn \"\"\n\t}\n\n\tconst prefix = \"X-Daytona-SDK-Version~\"\n\t// split comma-separated protocols\n\tfor _, subprotocol := range strings.Split(subprotocols, \",\") {\n\t\tsubprotocol = strings.TrimSpace(subprotocol)\n\t\tif strings.HasPrefix(subprotocol, prefix) {\n\t\t\t// Return the full subprotocol string\n\t\t\treturn subprotocol\n\t\t}\n\t}\n\n\treturn \"\"\n}\n\n// CompareVersions compares two versions and returns:\n// 1 if v1 is greater than v2\n// -1 if v1 is less than v2\n// 0 if they are equal\n//\n// It considers pre-releases to be invalid if the ranges does not include one.\n// If you want to have it include pre-releases a simple solution is to include -0 in your range.\nfunc CompareVersions(v1 string, v2 string) (*int, error) {\n\tsemverV1, err := semver.NewVersion(normalizeSemver(v1))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to parse semver v1: %s, normalized: %s, error: %w\", v1, normalizeSemver(v1), err)\n\t}\n\tsemverV2, err := semver.NewVersion(normalizeSemver(v2))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to parse semver v2: %s, normalized: %s, error: %w\", v2, normalizeSemver(v2), err)\n\t}\n\n\tcomparison := semverV1.Compare(semverV2)\n\treturn &comparison, nil\n}\n\nfunc normalizeSemver(input string) string {\n\t// If it's already in the form X.Y.Z-suffix, return as-is.\n\treAlreadyDashed := regexp.MustCompile(`^\\d+\\.\\d+\\.\\d+-\\S+$`)\n\tif reAlreadyDashed.MatchString(input) {\n\t\treturn input\n\t}\n\n\t// If there's a non-digit suffix immediately after X.Y.Z, dash it.\n\treNeedsDash := regexp.MustCompile(`^(\\d+)\\.(\\d+)\\.(\\d+)(\\D.+)$`)\n\tif reNeedsDash.MatchString(input) {\n\t\treturn reNeedsDash.ReplaceAllString(input, `$1.$2.$3-$4`)\n\t}\n\n\t// Otherwise (pure X.Y.Z or something else), leave unchanged.\n\treturn input\n}\n" }, { "path": "apps/daemon/internal/util/websocket.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\nimport (\n\t\"net/http\"\n\n\t\"github.com/gorilla/websocket\"\n)\n\n// UpgradeToWebSocket is a toolbox utility function that upgrades an HTTP connection to a WebSocket connection.\n// It automatically extracts and accepts SDK version subprotocols (if present) from the request headers and accepts them during handshake.\n// It uses a permissive CORS (CheckOrigin always returns true) to allow connections from any origin.\nfunc UpgradeToWebSocket(w http.ResponseWriter, r *http.Request) (*websocket.Conn, error) {\n\t// Extract SDK version subprotocol from request headers\n\tsubprotocol := ExtractSdkVersionSubprotocol(r.Header)\n\tvar protocols []string\n\tif subprotocol != \"\" {\n\t\tprotocols = []string{subprotocol}\n\t}\n\n\t// Create a new upgrader for this request to prevent concurrency issues\n\tupgrader := websocket.Upgrader{\n\t\tCheckOrigin: func(r *http.Request) bool { return true },\n\t\tSubprotocols: protocols,\n\t}\n\n\t// Upgrade the connection to a WebSocket protocol\n\tws, err := upgrader.Upgrade(w, r, nil)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn ws, nil\n}\n" }, { "path": "apps/daemon/internal/util/ws_keepalive.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage util\n\nimport (\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/gorilla/websocket\"\n)\n\n// SetupWSKeepAlive configures WebSocket keepalive ping/pong handling on the\n// given connection. It installs a custom PingHandler that queues pong payloads\n// onto a buffered channel instead of writing to the connection directly. This\n// avoids write-mutex contention between the PingHandler and the caller's\n// single writer goroutine.\n//\n// The caller's writer goroutine must drain the returned channel via\n// WritePendingPongs before each data write so that keepalive pongs are never\n// delayed.\nfunc SetupWSKeepAlive(conn *websocket.Conn, logger *slog.Logger) <-chan []byte {\n\tpongCh := make(chan []byte, 10)\n\tconn.SetPingHandler(func(message string) error {\n\t\tselect {\n\t\tcase pongCh <- []byte(message):\n\t\tdefault:\n\t\t\tlogger.Warn(\"pong channel full, dropping pong response\")\n\t\t}\n\t\treturn nil\n\t})\n\treturn pongCh\n}\n\n// WritePendingPongs drains all queued pong responses and writes them to the\n// connection. This MUST be called from the single writer goroutine before each\n// data write so that keepalive pongs are never delayed by data writes. Because\n// only one goroutine writes to the conn, WriteControl acquires the\n// gorilla/websocket write mutex instantly — no contention, no silent drops.\nfunc WritePendingPongs(conn *websocket.Conn, pongCh <-chan []byte, deadline time.Duration, logger *slog.Logger) {\n\tfor {\n\t\tselect {\n\t\tcase pongData := <-pongCh:\n\t\t\tif err := conn.WriteControl(websocket.PongMessage, pongData, time.Now().Add(deadline)); err != nil {\n\t\t\t\tlogger.Debug(\"failed to write pong\", \"error\", err)\n\t\t\t\treturn\n\t\t\t}\n\t\tdefault:\n\t\t\treturn\n\t\t}\n\t}\n}\n" }, { "path": "apps/daemon/pkg/common/errors.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\t\"time\"\n)\n\n// ErrorResponse represents the error response structure\n//\n//\t@Description\tError response\n//\t@Schema\t\t\tErrorResponse\ntype ErrorResponse struct {\n\tStatusCode int `json:\"statusCode\" example:\"400\" binding:\"required\"`\n\tMessage string `json:\"message\" example:\"Bad request\" binding:\"required\"`\n\tCode string `json:\"code\" example:\"BAD_REQUEST\" binding:\"required\"`\n\tTimestamp time.Time `json:\"timestamp\" example:\"2023-01-01T12:00:00Z\" binding:\"required\"`\n\tPath string `json:\"path\" example:\"/api/resource\" binding:\"required\"`\n\tMethod string `json:\"method\" example:\"GET\" binding:\"required\"`\n} //\t@name\tErrorResponse\n" }, { "path": "apps/daemon/pkg/common/get_shell.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\t\"os\"\n\t\"os/exec\"\n\t\"strings\"\n)\n\nfunc GetShell() string {\n\tout, err := exec.Command(\"sh\", \"-c\", \"grep '^[^#]' /etc/shells\").Output()\n\tif err != nil {\n\t\treturn \"sh\"\n\t}\n\n\tif strings.Contains(string(out), \"/usr/bin/zsh\") {\n\t\treturn \"/usr/bin/zsh\"\n\t}\n\n\tif strings.Contains(string(out), \"/bin/zsh\") {\n\t\treturn \"/bin/zsh\"\n\t}\n\n\tif strings.Contains(string(out), \"/usr/bin/bash\") {\n\t\treturn \"/usr/bin/bash\"\n\t}\n\n\tif strings.Contains(string(out), \"/bin/bash\") {\n\t\treturn \"/bin/bash\"\n\t}\n\n\tshellEnv, shellSet := os.LookupEnv(\"SHELL\")\n\n\tif shellSet {\n\t\treturn shellEnv\n\t}\n\n\treturn \"sh\"\n}\n" }, { "path": "apps/daemon/pkg/common/spawn_tty.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage common\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"os/exec\"\n\t\"syscall\"\n\t\"unsafe\"\n\n\t\"github.com/creack/pty\"\n)\n\ntype TTYSize struct {\n\tHeight int\n\tWidth int\n}\n\ntype SpawnTTYOptions struct {\n\tDir string\n\tStdIn io.Reader\n\tStdOut io.Writer\n\tTerm string\n\tEnv []string\n\tSizeCh <-chan TTYSize\n}\n\nfunc SpawnTTY(opts SpawnTTYOptions) error {\n\tshell := GetShell()\n\tcmd := exec.Command(shell)\n\n\tcmd.Dir = opts.Dir\n\n\tcmd.Env = append(cmd.Env, fmt.Sprintf(\"TERM=%s\", opts.Term))\n\tcmd.Env = append(cmd.Env, os.Environ()...)\n\tcmd.Env = append(cmd.Env, fmt.Sprintf(\"SHELL=%s\", shell))\n\tcmd.Env = append(cmd.Env, opts.Env...)\n\n\tf, err := pty.Start(cmd)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tdefer f.Close()\n\n\tgo func() {\n\t\tfor win := range opts.SizeCh {\n\t\t\tsyscall.Syscall(syscall.SYS_IOCTL, f.Fd(), uintptr(syscall.TIOCSWINSZ),\n\t\t\t\tuintptr(unsafe.Pointer(&struct{ h, w, x, y uint16 }{uint16(win.Height), uint16(win.Width), 0, 0})))\n\t\t}\n\t}()\n\n\tgo func() {\n\t\tio.Copy(f, opts.StdIn) // stdin\n\t}()\n\n\t_, err = io.Copy(opts.StdOut, f) // stdout\n\treturn err\n}\n" }, { "path": "apps/daemon/pkg/git/add.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport \"github.com/go-git/go-git/v5\"\n\nfunc (s *Service) Add(files []string) error {\n\trepo, err := git.PlainOpen(s.WorkDir)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tw, err := repo.Worktree()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tfor _, file := range files {\n\t\t_, err = w.Add(file)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\treturn nil\n}\n" }, { "path": "apps/daemon/pkg/git/branch.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"github.com/go-git/go-git/v5\"\n\t\"github.com/go-git/go-git/v5/plumbing\"\n)\n\nfunc (s *Service) CreateBranch(name string) error {\n\trepo, err := git.PlainOpen(s.WorkDir)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tw, err := repo.Worktree()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn w.Checkout(&git.CheckoutOptions{\n\t\tCreate: true,\n\t\tBranch: plumbing.NewBranchReferenceName(name),\n\t})\n}\n\nfunc (s *Service) ListBranches() ([]string, error) {\n\trepo, err := git.PlainOpen(s.WorkDir)\n\tif err != nil {\n\t\treturn []string{}, err\n\t}\n\n\tbranches, err := repo.Branches()\n\tif err != nil {\n\t\treturn []string{}, err\n\t}\n\n\tvar branchList []string\n\terr = branches.ForEach(func(ref *plumbing.Reference) error {\n\t\tbranchList = append(branchList, ref.Name().Short())\n\t\treturn nil\n\t})\n\n\treturn branchList, err\n}\n\nfunc (s *Service) DeleteBranch(name string) error {\n\trepo, err := git.PlainOpen(s.WorkDir)\n\tif err != nil {\n\t\treturn err\n\t}\n\treturn repo.Storer.RemoveReference(plumbing.NewBranchReferenceName(name))\n}\n" }, { "path": "apps/daemon/pkg/git/checkout.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/go-git/go-git/v5\"\n\t\"github.com/go-git/go-git/v5/plumbing\"\n)\n\nfunc (s *Service) Checkout(branch string) error {\n\tr, err := git.PlainOpen(s.WorkDir)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to open repository: %w\", err)\n\t}\n\n\tw, err := r.Worktree()\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to get worktree: %w\", err)\n\t}\n\n\t// Try to checkout as a branch first\n\terr = w.Checkout(&git.CheckoutOptions{\n\t\tBranch: plumbing.NewBranchReferenceName(branch),\n\t})\n\n\tif err != nil {\n\t\t// If branch checkout fails, try as a commit hash\n\t\terr = w.Checkout(&git.CheckoutOptions{\n\t\t\tHash: plumbing.NewHash(branch),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to checkout branch or commit '%s': %w\", branch, err)\n\t\t}\n\t}\n\n\treturn nil\n}\n" }, { "path": "apps/daemon/pkg/git/clone.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/daytonaio/daemon/pkg/gitprovider\"\n\t\"github.com/go-git/go-git/v5\"\n\t\"github.com/go-git/go-git/v5/plumbing\"\n\t\"github.com/go-git/go-git/v5/plumbing/protocol/packp/capability\"\n\t\"github.com/go-git/go-git/v5/plumbing/transport\"\n\t\"github.com/go-git/go-git/v5/plumbing/transport/http\"\n)\n\nfunc (s *Service) CloneRepository(repo *gitprovider.GitRepository, auth *http.BasicAuth) error {\n\tcloneOptions := &git.CloneOptions{\n\t\tURL: repo.Url,\n\t\tSingleBranch: true,\n\t\tInsecureSkipTLS: true,\n\t\tAuth: auth,\n\t}\n\n\tif s.LogWriter != nil {\n\t\tcloneOptions.Progress = s.LogWriter\n\t}\n\n\t// Azure DevOps requires capabilities multi_ack / multi_ack_detailed,\n\t// which are not fully implemented and by default are included in\n\t// transport.UnsupportedCapabilities.\n\t//\n\t// This can be removed once go-git implements the git v2 protocol.\n\ttransport.UnsupportedCapabilities = []capability.Capability{\n\t\tcapability.ThinPack,\n\t}\n\n\tif repo.Branch != \"\" {\n\t\tcloneOptions.ReferenceName = plumbing.NewBranchReferenceName(repo.Branch)\n\t}\n\n\t_, err := git.PlainClone(s.WorkDir, false, cloneOptions)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif repo.Target == gitprovider.CloneTargetCommit {\n\t\tr, err := git.PlainOpen(s.WorkDir)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tw, err := r.Worktree()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\terr = w.Checkout(&git.CheckoutOptions{\n\t\t\tHash: plumbing.NewHash(repo.Sha),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\treturn err\n}\n\nfunc (s *Service) CloneRepositoryCmd(repo *gitprovider.GitRepository, auth *http.BasicAuth) []string {\n\tcloneCmd := []string{\"git\", \"clone\", \"--single-branch\"}\n\n\t// Only add branch flag if a specific branch is provided\n\tif repo.Branch != \"\" {\n\t\tcloneCmd = append(cloneCmd, \"--branch\", fmt.Sprintf(\"\\\"%s\\\"\", repo.Branch))\n\t}\n\n\tcloneUrl := repo.Url\n\n\t// Default to https protocol if not specified\n\tif !strings.Contains(cloneUrl, \"://\") {\n\t\tcloneUrl = fmt.Sprintf(\"https://%s\", cloneUrl)\n\t}\n\n\tif auth != nil {\n\t\tcloneUrl = fmt.Sprintf(\"%s://%s:%s@%s\", strings.Split(cloneUrl, \"://\")[0], auth.Username, auth.Password, strings.SplitN(cloneUrl, \"://\", 2)[1])\n\t}\n\n\tcloneCmd = append(cloneCmd, cloneUrl, s.WorkDir)\n\n\tif repo.Target == gitprovider.CloneTargetCommit {\n\t\tcloneCmd = append(cloneCmd, \"&&\", \"cd\", s.WorkDir)\n\t\tcloneCmd = append(cloneCmd, \"&&\", \"git\", \"checkout\", repo.Sha)\n\t}\n\n\treturn cloneCmd\n}\n" }, { "path": "apps/daemon/pkg/git/commit.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport \"github.com/go-git/go-git/v5\"\n\nfunc (s *Service) Commit(message string, options *git.CommitOptions) (string, error) {\n\trepo, err := git.PlainOpen(s.WorkDir)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tw, err := repo.Worktree()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tcommit, err := w.Commit(message, options)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\treturn commit.String(), nil\n}\n" }, { "path": "apps/daemon/pkg/git/config.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/daytonaio/daemon/pkg/gitprovider\"\n\t\"gopkg.in/ini.v1\"\n)\n\nfunc (s *Service) SetGitConfig(userData *gitprovider.GitUser, providerConfig *gitprovider.GitProviderConfig) error {\n\tgitConfigFileName := s.GitConfigFileName\n\n\tvar gitConfigContent []byte\n\tgitConfigContent, err := os.ReadFile(gitConfigFileName)\n\tif err != nil {\n\t\tgitConfigContent = []byte{}\n\t}\n\n\tcfg, err := ini.Load(gitConfigContent)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif !cfg.HasSection(\"credential\") {\n\t\t_, err := cfg.NewSection(\"credential\")\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\t_, err = cfg.Section(\"credential\").NewKey(\"helper\", \"/usr/local/bin/daytona git-cred\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif !cfg.HasSection(\"safe\") {\n\t\t_, err := cfg.NewSection(\"safe\")\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\t_, err = cfg.Section(\"safe\").NewKey(\"directory\", s.WorkDir)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif userData != nil {\n\t\tif !cfg.HasSection(\"user\") {\n\t\t\t_, err := cfg.NewSection(\"user\")\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\n\t\t_, err := cfg.Section(\"user\").NewKey(\"name\", userData.Name)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\t_, err = cfg.Section(\"user\").NewKey(\"email\", userData.Email)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tif err := s.setSigningConfig(cfg, providerConfig, userData); err != nil {\n\t\treturn err\n\t}\n\n\tvar buf bytes.Buffer\n\t_, err = cfg.WriteTo(&buf)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn os.WriteFile(gitConfigFileName, buf.Bytes(), 0644)\n}\n\nfunc (s *Service) setSigningConfig(cfg *ini.File, providerConfig *gitprovider.GitProviderConfig, userData *gitprovider.GitUser) error {\n\tif providerConfig == nil || providerConfig.SigningMethod == nil || providerConfig.SigningKey == nil {\n\t\treturn nil\n\t}\n\n\tif !cfg.HasSection(\"user\") {\n\t\t_, err := cfg.NewSection(\"user\")\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\t_, err := cfg.Section(\"user\").NewKey(\"signingkey\", *providerConfig.SigningKey)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif !cfg.HasSection(\"commit\") {\n\t\t_, err := cfg.NewSection(\"commit\")\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tswitch *providerConfig.SigningMethod {\n\tcase gitprovider.SigningMethodGPG:\n\t\t_, err := cfg.Section(\"commit\").NewKey(\"gpgSign\", \"true\")\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\tcase gitprovider.SigningMethodSSH:\n\t\terr := s.configureAllowedSigners(userData.Email, *providerConfig.SigningKey)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif !cfg.HasSection(\"gpg\") {\n\t\t\t_, err := cfg.NewSection(\"gpg\")\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\t\t_, err = cfg.Section(\"gpg\").NewKey(\"format\", \"ssh\")\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif !cfg.HasSection(\"gpg \\\"ssh\\\"\") {\n\t\t\t_, err := cfg.NewSection(\"gpg \\\"ssh\\\"\")\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\n\t\tallowedSignersFile := filepath.Join(os.Getenv(\"HOME\"), \".ssh/allowed_signers\")\n\t\t_, err = cfg.Section(\"gpg \\\"ssh\\\"\").NewKey(\"allowedSignersFile\", allowedSignersFile)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\treturn nil\n}\n\nfunc (s *Service) configureAllowedSigners(email, sshKey string) error {\n\thomeDir := os.Getenv(\"HOME\")\n\tsshDir := filepath.Join(homeDir, \".ssh\")\n\tallowedSignersFile := filepath.Join(sshDir, \"allowed_signers\")\n\n\terr := os.MkdirAll(sshDir, 0700)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to create SSH directory: %w\", err)\n\t}\n\n\tentry := fmt.Sprintf(\"%s namespaces=\\\"git\\\" %s\\n\", email, sshKey)\n\n\texistingContent, err := os.ReadFile(allowedSignersFile)\n\tif err != nil && !os.IsNotExist(err) {\n\t\treturn fmt.Errorf(\"failed to read allowed_signers file: %w\", err)\n\t}\n\n\tnewContent := string(existingContent) + entry\n\n\terr = os.WriteFile(allowedSignersFile, []byte(newContent), 0600)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to write to allowed_signers file: %w\", err)\n\t}\n\n\treturn nil\n}\n" }, { "path": "apps/daemon/pkg/git/log.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"github.com/go-git/go-git/v5/plumbing/object\"\n\n\t\"github.com/go-git/go-git/v5\"\n)\n\nfunc (s *Service) Log() ([]GitCommitInfo, error) {\n\trepo, err := git.PlainOpen(s.WorkDir)\n\tif err != nil {\n\t\treturn []GitCommitInfo{}, err\n\t}\n\n\tref, err := repo.Head()\n\tif err != nil {\n\t\treturn []GitCommitInfo{}, err\n\t}\n\n\tcommits, err := repo.Log(&git.LogOptions{From: ref.Hash()})\n\tif err != nil {\n\t\treturn []GitCommitInfo{}, err\n\t}\n\n\tvar history []GitCommitInfo\n\terr = commits.ForEach(func(commit *object.Commit) error {\n\t\thistory = append(history, GitCommitInfo{\n\t\t\tHash: commit.Hash.String(),\n\t\t\tAuthor: commit.Author.Name,\n\t\t\tEmail: commit.Author.Email,\n\t\t\tMessage: commit.Message,\n\t\t\tTimestamp: commit.Author.When,\n\t\t})\n\t\treturn nil\n\t})\n\n\treturn history, err\n}\n" }, { "path": "apps/daemon/pkg/git/pull.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"github.com/go-git/go-git/v5/plumbing/transport/http\"\n\n\t\"github.com/go-git/go-git/v5\"\n)\n\nfunc (s *Service) Pull(auth *http.BasicAuth) error {\n\trepo, err := git.PlainOpen(s.WorkDir)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tw, err := repo.Worktree()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\toptions := &git.PullOptions{\n\t\tRemoteName: \"origin\",\n\t\tAuth: auth,\n\t}\n\n\treturn w.Pull(options)\n}\n" }, { "path": "apps/daemon/pkg/git/push.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/go-git/go-git/v5/config\"\n\t\"github.com/go-git/go-git/v5/plumbing/transport/http\"\n\n\t\"github.com/go-git/go-git/v5\"\n)\n\nfunc (s *Service) Push(auth *http.BasicAuth) error {\n\trepo, err := git.PlainOpen(s.WorkDir)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tref, err := repo.Head()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\toptions := &git.PushOptions{\n\t\tAuth: auth,\n\t\tRefSpecs: []config.RefSpec{\n\t\t\tconfig.RefSpec(fmt.Sprintf(\"%s:%s\", ref.Name(), ref.Name())),\n\t\t},\n\t}\n\n\treturn repo.Push(options)\n}\n" }, { "path": "apps/daemon/pkg/git/service.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"io\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/daytonaio/daemon/pkg/gitprovider\"\n\t\"github.com/go-git/go-git/v5\"\n\t\"github.com/go-git/go-git/v5/plumbing/transport/http\"\n)\n\ntype GitStatus struct {\n\tCurrentBranch string `json:\"currentBranch\" validate:\"required\"`\n\tFiles []*FileStatus `json:\"fileStatus\" validate:\"required\"`\n\tBranchPublished bool `json:\"branchPublished\" validate:\"optional\"`\n\tAhead int `json:\"ahead\" validate:\"optional\"`\n\tBehind int `json:\"behind\" validate:\"optional\"`\n} // @name GitStatus\n\ntype FileStatus struct {\n\tName string `json:\"name\" validate:\"required\"`\n\tExtra string `json:\"extra\" validate:\"required\"`\n\tStaging Status `json:\"staging\" validate:\"required\"`\n\tWorktree Status `json:\"worktree\" validate:\"required\"`\n} // @name FileStatus\n\n// Status status code of a file in the Worktree\ntype Status string // @name Status\n\nconst (\n\tUnmodified Status = \"Unmodified\"\n\tUntracked Status = \"Untracked\"\n\tModified Status = \"Modified\"\n\tAdded Status = \"Added\"\n\tDeleted Status = \"Deleted\"\n\tRenamed Status = \"Renamed\"\n\tCopied Status = \"Copied\"\n\tUpdatedButUnmerged Status = \"Updated but unmerged\"\n)\n\nvar MapStatus map[git.StatusCode]Status = map[git.StatusCode]Status{\n\tgit.Unmodified: Unmodified,\n\tgit.Untracked: Untracked,\n\tgit.Modified: Modified,\n\tgit.Added: Added,\n\tgit.Deleted: Deleted,\n\tgit.Renamed: Renamed,\n\tgit.Copied: Copied,\n\tgit.UpdatedButUnmerged: UpdatedButUnmerged,\n}\n\ntype IGitService interface {\n\tCloneRepository(repo *gitprovider.GitRepository, auth *http.BasicAuth) error\n\tCloneRepositoryCmd(repo *gitprovider.GitRepository, auth *http.BasicAuth) []string\n\tRepositoryExists() (bool, error)\n\tSetGitConfig(userData *gitprovider.GitUser, providerConfig *gitprovider.GitProviderConfig) error\n\tGetGitStatus() (*GitStatus, error)\n}\n\ntype Service struct {\n\tWorkDir string\n\tGitConfigFileName string\n\tLogWriter io.Writer\n\tOpenRepository *git.Repository\n}\n\nfunc (s *Service) RepositoryExists() (bool, error) {\n\t_, err := os.Stat(filepath.Join(s.WorkDir, \".git\"))\n\tif os.IsNotExist(err) {\n\t\treturn false, nil\n\t}\n\tif err != nil {\n\t\treturn false, err\n\t}\n\treturn true, nil\n}\n" }, { "path": "apps/daemon/pkg/git/service_test.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git_test\n\nimport (\n\t\"testing\"\n\n\t\"github.com/daytonaio/daemon/pkg/git\"\n\t\"github.com/daytonaio/daemon/pkg/gitprovider\"\n\t\"github.com/go-git/go-git/v5/plumbing/transport/http\"\n\t\"github.com/stretchr/testify/suite\"\n)\n\nvar repoHttp = &gitprovider.GitRepository{\n\tId: \"123\",\n\tUrl: \"http://localhost:3000/daytonaio/daytona\",\n\tName: \"daytona\",\n\tBranch: \"main\",\n\tTarget: gitprovider.CloneTargetBranch,\n}\n\nvar repoHttps = &gitprovider.GitRepository{\n\tId: \"123\",\n\tUrl: \"https://github.com/daytonaio/daytona\",\n\tName: \"daytona\",\n\tBranch: \"main\",\n\tTarget: gitprovider.CloneTargetBranch,\n}\n\nvar repoWithoutProtocol = &gitprovider.GitRepository{\n\tId: \"123\",\n\tUrl: \"github.com/daytonaio/daytona\",\n\tName: \"daytona\",\n\tBranch: \"main\",\n\tTarget: gitprovider.CloneTargetBranch,\n}\n\nvar repoWithCloneTargetCommit = &gitprovider.GitRepository{\n\tId: \"123\",\n\tUrl: \"https://github.com/daytonaio/daytona\",\n\tName: \"daytona\",\n\tBranch: \"main\",\n\tSha: \"1234567890\",\n\tTarget: gitprovider.CloneTargetCommit,\n}\n\nvar creds = &http.BasicAuth{\n\tUsername: \"daytonaio\",\n\tPassword: \"Daytona123\",\n}\n\ntype GitServiceTestSuite struct {\n\tsuite.Suite\n\tgitService git.IGitService\n}\n\nfunc NewGitServiceTestSuite() *GitServiceTestSuite {\n\treturn &GitServiceTestSuite{}\n}\n\nfunc (s *GitServiceTestSuite) SetupTest() {\n\ts.gitService = &git.Service{\n\t\tWorkDir: \"/work-dir\",\n\t}\n}\n\nfunc TestGitService(t *testing.T) {\n\tsuite.Run(t, NewGitServiceTestSuite())\n}\n\nfunc (s *GitServiceTestSuite) TestCloneRepositoryCmd_WithCreds() {\n\tcloneCmd := s.gitService.CloneRepositoryCmd(repoHttps, creds)\n\ts.Require().Equal([]string{\"git\", \"clone\", \"--single-branch\", \"--branch\", \"\\\"main\\\"\", \"https://daytonaio:Daytona123@github.com/daytonaio/daytona\", \"/work-dir\"}, cloneCmd)\n\n\tcloneCmd = s.gitService.CloneRepositoryCmd(repoHttp, creds)\n\ts.Require().Equal([]string{\"git\", \"clone\", \"--single-branch\", \"--branch\", \"\\\"main\\\"\", \"http://daytonaio:Daytona123@localhost:3000/daytonaio/daytona\", \"/work-dir\"}, cloneCmd)\n\n\tcloneCmd = s.gitService.CloneRepositoryCmd(repoWithoutProtocol, creds)\n\ts.Require().Equal([]string{\"git\", \"clone\", \"--single-branch\", \"--branch\", \"\\\"main\\\"\", \"https://daytonaio:Daytona123@github.com/daytonaio/daytona\", \"/work-dir\"}, cloneCmd)\n\n\tcloneCmd = s.gitService.CloneRepositoryCmd(repoWithCloneTargetCommit, creds)\n\ts.Require().Equal([]string{\"git\", \"clone\", \"--single-branch\", \"--branch\", \"\\\"main\\\"\", \"https://daytonaio:Daytona123@github.com/daytonaio/daytona\", \"/work-dir\", \"&&\", \"cd\", \"/work-dir\", \"&&\", \"git\", \"checkout\", \"1234567890\"}, cloneCmd)\n}\n\nfunc (s *GitServiceTestSuite) TestCloneRepositoryCmd_WithoutCreds() {\n\tcloneCmd := s.gitService.CloneRepositoryCmd(repoHttps, nil)\n\ts.Require().Equal([]string{\"git\", \"clone\", \"--single-branch\", \"--branch\", \"\\\"main\\\"\", \"https://github.com/daytonaio/daytona\", \"/work-dir\"}, cloneCmd)\n\n\tcloneCmd = s.gitService.CloneRepositoryCmd(repoHttp, nil)\n\ts.Require().Equal([]string{\"git\", \"clone\", \"--single-branch\", \"--branch\", \"\\\"main\\\"\", \"http://localhost:3000/daytonaio/daytona\", \"/work-dir\"}, cloneCmd)\n\n\tcloneCmd = s.gitService.CloneRepositoryCmd(repoWithoutProtocol, nil)\n\ts.Require().Equal([]string{\"git\", \"clone\", \"--single-branch\", \"--branch\", \"\\\"main\\\"\", \"https://github.com/daytonaio/daytona\", \"/work-dir\"}, cloneCmd)\n\n\tcloneCmd = s.gitService.CloneRepositoryCmd(repoWithCloneTargetCommit, nil)\n\ts.Require().Equal([]string{\"git\", \"clone\", \"--single-branch\", \"--branch\", \"\\\"main\\\"\", \"https://github.com/daytonaio/daytona\", \"/work-dir\", \"&&\", \"cd\", \"/work-dir\", \"&&\", \"git\", \"checkout\", \"1234567890\"}, cloneCmd)\n}\n" }, { "path": "apps/daemon/pkg/git/status.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"fmt\"\n\t\"os/exec\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"github.com/go-git/go-git/v5\"\n)\n\nfunc (s *Service) GetGitStatus() (*GitStatus, error) {\n\trepo, err := git.PlainOpen(s.WorkDir)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tref, err := repo.Head()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tworktree, err := repo.Worktree()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tstatus, err := worktree.Status()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tfiles := []*FileStatus{}\n\tfor path, file := range status {\n\t\tfiles = append(files, &FileStatus{\n\t\t\tName: path,\n\t\t\tExtra: file.Extra,\n\t\t\tStaging: MapStatus[file.Staging],\n\t\t\tWorktree: MapStatus[file.Worktree],\n\t\t})\n\t}\n\n\tbranchPublished, err := s.isBranchPublished()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tahead, behind, err := s.getAheadBehindInfo()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &GitStatus{\n\t\tCurrentBranch: ref.Name().Short(),\n\t\tFiles: files,\n\t\tBranchPublished: branchPublished,\n\t\tAhead: ahead,\n\t\tBehind: behind,\n\t}, nil\n}\n\nfunc (s *Service) isBranchPublished() (bool, error) {\n\tupstream, err := s.getUpstreamBranch()\n\tif err != nil {\n\t\treturn false, err\n\t}\n\treturn upstream != \"\", nil\n}\n\nfunc (s *Service) getUpstreamBranch() (string, error) {\n\tcmd := exec.Command(\"git\", \"-C\", s.WorkDir, \"rev-parse\", \"--abbrev-ref\", \"--symbolic-full-name\", \"@{upstream}\")\n\tout, err := cmd.CombinedOutput()\n\tif err != nil {\n\t\treturn \"\", nil\n\t}\n\n\treturn strings.TrimSpace(string(out)), nil\n}\n\nfunc (s *Service) getAheadBehindInfo() (int, int, error) {\n\tupstream, err := s.getUpstreamBranch()\n\tif err != nil {\n\t\treturn 0, 0, err\n\t}\n\tif upstream == \"\" {\n\t\treturn 0, 0, nil\n\t}\n\n\tcmd := exec.Command(\"git\", \"-C\", s.WorkDir, \"rev-list\", \"--left-right\", \"--count\", fmt.Sprintf(\"%s...HEAD\", upstream))\n\tout, err := cmd.CombinedOutput()\n\tif err != nil {\n\t\treturn 0, 0, nil\n\t}\n\n\treturn parseAheadBehind(out)\n}\n\nfunc parseAheadBehind(output []byte) (int, int, error) {\n\tcounts := strings.Split(strings.TrimSpace(string(output)), \"\\t\")\n\tif len(counts) != 2 {\n\t\treturn 0, 0, nil\n\t}\n\n\tahead, err := strconv.Atoi(counts[1])\n\tif err != nil {\n\t\treturn 0, 0, nil\n\t}\n\n\tbehind, err := strconv.Atoi(counts[0])\n\tif err != nil {\n\t\treturn 0, 0, nil\n\t}\n\n\treturn ahead, behind, nil\n}\n" }, { "path": "apps/daemon/pkg/git/types.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport \"time\"\n\ntype GitCommitInfo struct {\n\tHash string `json:\"hash\" validate:\"required\"`\n\tAuthor string `json:\"author\" validate:\"required\"`\n\tEmail string `json:\"email\" validate:\"required\"`\n\tMessage string `json:\"message\" validate:\"required\"`\n\tTimestamp time.Time `json:\"timestamp\" validate:\"required\"`\n} // @name GitCommitInfo\n" }, { "path": "apps/daemon/pkg/gitprovider/types.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage gitprovider\n\ntype SigningMethod string // @name SigningMethod\n\nconst (\n\tSigningMethodSSH SigningMethod = \"ssh\"\n\tSigningMethodGPG SigningMethod = \"gpg\"\n)\n\ntype GitProviderConfig struct {\n\tId string `json:\"id\" validate:\"required\"`\n\tProviderId string `json:\"providerId\" validate:\"required\"`\n\tUsername string `json:\"username\" validate:\"required\"`\n\tBaseApiUrl *string `json:\"baseApiUrl,omitempty\" validate:\"optional\"`\n\tToken string `json:\"token\" validate:\"required\"`\n\tAlias string `json:\"alias\" validate:\"required\"`\n\tSigningKey *string `json:\"signingKey,omitempty\" validate:\"optional\"`\n\tSigningMethod *SigningMethod `json:\"signingMethod,omitempty\" validate:\"optional\"`\n} // @name GitProvider\n\ntype GitUser struct {\n\tId string `json:\"id\" validate:\"required\"`\n\tUsername string `json:\"username\" validate:\"required\"`\n\tName string `json:\"name\" validate:\"required\"`\n\tEmail string `json:\"email\" validate:\"required\"`\n} // @name GitUser\n\ntype CloneTarget string // @name CloneTarget\n\nconst (\n\tCloneTargetBranch CloneTarget = \"branch\"\n\tCloneTargetCommit CloneTarget = \"commit\"\n)\n\ntype GitRepository struct {\n\tId string `json:\"id\" validate:\"required\"`\n\tUrl string `json:\"url\" validate:\"required\"`\n\tName string `json:\"name\" validate:\"required\"`\n\tBranch string `json:\"branch\" validate:\"required\"`\n\tSha string `json:\"sha\" validate:\"required\"`\n\tOwner string `json:\"owner\" validate:\"required\"`\n\tPrNumber *uint32 `json:\"prNumber,omitempty\" validate:\"optional\"`\n\tSource string `json:\"source\" validate:\"required\"`\n\tPath *string `json:\"path,omitempty\" validate:\"optional\"`\n\tTarget CloneTarget `json:\"cloneTarget,omitempty\" validate:\"optional\"`\n} // @name GitRepository\n\ntype GitNamespace struct {\n\tId string `json:\"id\" validate:\"required\"`\n\tName string `json:\"name\" validate:\"required\"`\n} // @name GitNamespace\n\ntype GitBranch struct {\n\tName string `json:\"name\" validate:\"required\"`\n\tSha string `json:\"sha\" validate:\"required\"`\n} // @name GitBranch\n\ntype GitPullRequest struct {\n\tName string `json:\"name\" validate:\"required\"`\n\tBranch string `json:\"branch\" validate:\"required\"`\n\tSha string `json:\"sha\" validate:\"required\"`\n\tSourceRepoId string `json:\"sourceRepoId\" validate:\"required\"`\n\tSourceRepoUrl string `json:\"sourceRepoUrl\" validate:\"required\"`\n\tSourceRepoOwner string `json:\"sourceRepoOwner\" validate:\"required\"`\n\tSourceRepoName string `json:\"sourceRepoName\" validate:\"required\"`\n} // @name GitPullRequest\n\ntype GitEventData struct {\n\tUrl string `json:\"url\" validate:\"required\"`\n\tBranch string `json:\"branch\" validate:\"required\"`\n\tSha string `json:\"sha\" validate:\"required\"`\n\tOwner string `json:\"user\" validate:\"required\"`\n\tAffectedFiles []string `json:\"affectedFiles\" validate:\"required\"`\n} //\t@name\tGitEventData\n" }, { "path": "apps/daemon/pkg/recording/delete.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recording\n\nimport (\n\t\"fmt\"\n\t\"os\"\n)\n\n// DeleteRecording deletes a recording by ID\nfunc (s *RecordingService) DeleteRecording(id string) error {\n\t// Check if it's an active recording\n\tif _, exists := s.activeRecordings.Get(id); exists {\n\t\treturn ErrRecordingStillActive\n\t}\n\n\t// Find the recording\n\trecording, err := s.GetRecording(id)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// Delete the file\n\tif err := os.Remove(recording.FilePath); err != nil {\n\t\tif os.IsNotExist(err) {\n\t\t\treturn ErrRecordingNotFound\n\t\t}\n\t\treturn fmt.Errorf(\"failed to delete recording file: %w\", err)\n\t}\n\n\ts.logger.Debug(\"Deleted recording\", \"id\", id, \"filePath\", recording.FilePath)\n\n\treturn nil\n}\n" }, { "path": "apps/daemon/pkg/recording/get.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recording\n\n// GetRecording returns a recording by ID (active or from filesystem)\nfunc (s *RecordingService) GetRecording(id string) (*Recording, error) {\n\t// First check active recordings\n\tif active, exists := s.activeRecordings.Get(id); exists {\n\t\trecording := *active.recording\n\t\treturn &recording, nil\n\t}\n\n\t// Search in completed recordings on disk\n\trecordings, err := s.ListRecordings()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tfor _, rec := range recordings {\n\t\tif rec.ID == id {\n\t\t\treturn &rec, nil\n\t\t}\n\t}\n\n\treturn nil, ErrRecordingNotFound\n}\n" }, { "path": "apps/daemon/pkg/recording/list.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recording\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/google/uuid\"\n)\n\n// ListRecordings returns all recordings (active and completed)\nfunc (s *RecordingService) ListRecordings() ([]Recording, error) {\n\trecordings := []Recording{}\n\n\t// Add active recordings\n\tfor item := range s.activeRecordings.IterBuffered() {\n\t\trecordings = append(recordings, *item.Val.recording)\n\t}\n\n\t// Scan recordings directory for completed recordings\n\tif _, err := os.Stat(s.recordingsDir); os.IsNotExist(err) {\n\t\treturn recordings, nil\n\t}\n\n\tentries, err := os.ReadDir(s.recordingsDir)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to read recordings directory: %w\", err)\n\t}\n\n\tfor _, entry := range entries {\n\t\tif entry.IsDir() {\n\t\t\tcontinue\n\t\t}\n\n\t\t// Only include MP4 files\n\t\tif filepath.Ext(entry.Name()) != \".mp4\" {\n\t\t\tcontinue\n\t\t}\n\n\t\t// Skip files that are currently being recorded\n\t\tisActive := false\n\t\tfor item := range s.activeRecordings.IterBuffered() {\n\t\t\tif item.Val.recording.FileName == entry.Name() {\n\t\t\t\tisActive = true\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\n\t\tif isActive {\n\t\t\tcontinue\n\t\t}\n\n\t\tfilePath := filepath.Join(s.recordingsDir, entry.Name())\n\t\tfileInfo, err := entry.Info()\n\t\tif err != nil {\n\t\t\tcontinue\n\t\t}\n\n\t\t// Extract ID from filename (format: {id}_{label}_{timestamp}.mp4 or {id}_session_{timestamp}.mp4)\n\t\t// The ID is the first part before the underscore (UUID format)\n\t\tfileName := entry.Name()\n\t\tvar recordingID string\n\t\tif idx := strings.Index(fileName, \"_\"); idx > 0 {\n\t\t\tpotentialID := fileName[:idx]\n\t\t\t// Validate it's a UUID\n\t\t\tif _, err := uuid.Parse(potentialID); err == nil {\n\t\t\t\trecordingID = potentialID\n\t\t\t}\n\t\t}\n\t\t// Fallback to generating ID from file path for legacy recordings without ID in filename\n\t\tif recordingID == \"\" {\n\t\t\trecordingID = uuid.NewSHA1(uuid.NameSpaceURL, []byte(filePath)).String()\n\t\t}\n\n\t\t// Create recording entry from file info\n\t\t// Use file modification time as a proxy for end time\n\t\tmodTime := fileInfo.ModTime()\n\t\tsize := fileInfo.Size()\n\n\t\trecording := Recording{\n\t\t\tID: recordingID,\n\t\t\tFileName: fileName,\n\t\t\tFilePath: filePath,\n\t\t\tStartTime: modTime, // Approximation - actual start time unknown for old recordings\n\t\t\tEndTime: &modTime,\n\t\t\tStatus: \"completed\",\n\t\t\tSizeBytes: &size,\n\t\t}\n\n\t\trecordings = append(recordings, recording)\n\t}\n\n\treturn recordings, nil\n}\n" }, { "path": "apps/daemon/pkg/recording/service.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recording\n\nimport (\n\t\"log/slog\"\n\n\tcmap \"github.com/orcaman/concurrent-map/v2\"\n)\n\n// RecordingService manages screen recording sessions\ntype RecordingService struct {\n\tlogger *slog.Logger\n\tactiveRecordings cmap.ConcurrentMap[string, *activeRecording]\n\trecordingsDir string\n}\n\nfunc NewRecordingService(logger *slog.Logger, recordingsDir string) *RecordingService {\n\treturn &RecordingService{\n\t\tlogger: logger.With(slog.String(\"component\", \"recording_service\")),\n\t\tactiveRecordings: cmap.New[*activeRecording](),\n\t\trecordingsDir: recordingsDir,\n\t}\n}\n\nfunc (s *RecordingService) GetRecordingsDir() string {\n\treturn s.recordingsDir\n}\n" }, { "path": "apps/daemon/pkg/recording/start.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recording\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"os/exec\"\n\t\"path/filepath\"\n\t\"regexp\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/google/uuid\"\n)\n\n// validateLabel validates a user-provided label to prevent path injection\n// and ensure it's safe for use in a filename. Returns error if invalid.\nfunc validateLabel(label string) error {\n\tconst maxLabelLength = 100\n\n\t// Trim whitespace for validation\n\ttrimmed := strings.TrimSpace(label)\n\n\t// Check if label is empty after trimming\n\tif trimmed == \"\" {\n\t\treturn ErrInvalidLabel\n\t}\n\n\t// Check length\n\tif len(label) > maxLabelLength {\n\t\treturn ErrInvalidLabel\n\t}\n\n\t// Check for path separators (directory traversal)\n\tif strings.Contains(label, \"/\") || strings.Contains(label, \"\\\\\") {\n\t\treturn ErrInvalidLabel\n\t}\n\n\t// Check for leading dots (hidden files)\n\tif strings.HasPrefix(trimmed, \".\") {\n\t\treturn ErrInvalidLabel\n\t}\n\n\t// Only allow safe characters: alphanumeric, spaces, dots, underscores, and hyphens\n\tsafePattern := regexp.MustCompile(`^[A-Za-z0-9.\\s_-]+$`)\n\tif !safePattern.MatchString(label) {\n\t\treturn ErrInvalidLabel\n\t}\n\n\treturn nil\n}\n\n// StartRecording starts a new screen recording session\nfunc (s *RecordingService) StartRecording(label *string) (*Recording, error) {\n\t// Ensure recordings directory exists\n\tif err := os.MkdirAll(s.recordingsDir, 0755); err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to create recordings directory: %w\", err)\n\t}\n\n\t// Check if ffmpeg is available\n\tffmpegPath, err := exec.LookPath(\"ffmpeg\")\n\tif err != nil {\n\t\treturn nil, ErrFFmpegNotFound\n\t}\n\n\t// Check for DISPLAY environment variable (required for X11)\n\tdisplay := os.Getenv(\"DISPLAY\")\n\tif display == \"\" {\n\t\tdisplay = \":0\" // Default to :0 if not set\n\t}\n\n\t// Generate recording ID and filename\n\t// ID is included in filename so it can be recovered when scanning disk\n\tid := uuid.New().String()\n\tnow := time.Now()\n\ttimestamp := now.Format(\"20060102_150405\")\n\n\t// Validate label if provided (reject invalid labels without modification)\n\tif label != nil && *label != \"\" {\n\t\tif err := validateLabel(*label); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\tvar fileName string\n\tif label != nil && *label != \"\" {\n\t\tfileName = fmt.Sprintf(\"%s_%s_%s.mp4\", id, *label, timestamp)\n\t} else {\n\t\tfileName = fmt.Sprintf(\"%s_session_%s.mp4\", id, timestamp)\n\t}\n\n\tfilePath := filepath.Join(s.recordingsDir, fileName)\n\n\t// Create recording entry\n\trecording := &Recording{\n\t\tID: id,\n\t\tFileName: fileName,\n\t\tFilePath: filePath,\n\t\tStartTime: now,\n\t\tStatus: \"recording\",\n\t}\n\n\t// Build ffmpeg command for Linux screen capture using x11grab\n\t// -f x11grab: X11 screen capture\n\t// -framerate 30: 30 FPS\n\t// -i :0.0: Capture from display :0, screen 0\n\t// -c:v libx264: H.264 codec\n\t// -preset ultrafast: Fast encoding for real-time capture\n\t// -pix_fmt yuv420p: Standard pixel format for compatibility\n\tcmd := exec.Command(ffmpegPath,\n\t\t\"-f\", \"x11grab\",\n\t\t\"-framerate\", \"30\",\n\t\t\"-i\", display,\n\t\t\"-c:v\", \"libx264\",\n\t\t\"-preset\", \"ultrafast\",\n\t\t\"-pix_fmt\", \"yuv420p\",\n\t\t\"-y\", // Overwrite output file if exists\n\t\tfilePath,\n\t)\n\n\t// Set environment to ensure DISPLAY is available\n\tcmd.Env = append(os.Environ(), fmt.Sprintf(\"DISPLAY=%s\", display))\n\n\t// Get stdin pipe for graceful shutdown\n\tstdinPipe, err := cmd.StdinPipe()\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to get stdin pipe: %w\", err)\n\t}\n\n\t// Start ffmpeg process\n\tif err := cmd.Start(); err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to start ffmpeg: %w\", err)\n\t}\n\n\ts.logger.Debug(\"Started recording\", \"id\", id, \"path\", filePath, \"display\", display)\n\n\t// Create a done channel to receive the Wait() result exactly once\n\tdone := make(chan error, 1)\n\n\t// Store active recording\n\ts.activeRecordings.Set(id, &activeRecording{\n\t\trecording: recording,\n\t\tcmd: cmd,\n\t\tstdinPipe: stdinPipe,\n\t\tdone: done,\n\t})\n\n\t// Start a goroutine to wait for the process and handle unexpected exits\n\tgo func() {\n\t\terr := cmd.Wait()\n\t\tdone <- err // Signal the done channel with the result\n\n\t\t// Atomically remove from active recordings if still there\n\t\tif active, exists := s.activeRecordings.Pop(id); exists {\n\t\t\tif err != nil {\n\t\t\t\ts.logger.Warn(\"Recording ffmpeg process exited unexpectedly\", \"id\", id, \"error\", err)\n\t\t\t\tactive.recording.Status = \"failed\"\n\t\t\t}\n\t\t}\n\t}()\n\n\treturn recording, nil\n}\n" }, { "path": "apps/daemon/pkg/recording/stop.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recording\n\nimport (\n\t\"os\"\n\t\"time\"\n)\n\n// StopRecording stops an active recording session\nfunc (s *RecordingService) StopRecording(id string) (*Recording, error) {\n\tactive, exists := s.activeRecordings.Pop(id)\n\tif !exists {\n\t\treturn nil, ErrRecordingNotFound\n\t}\n\n\t// Send 'q' to ffmpeg stdin for graceful shutdown\n\t// This allows ffmpeg to properly finalize the video file\n\tif active.stdinPipe != nil {\n\t\t_, err := active.stdinPipe.Write([]byte(\"q\"))\n\t\tif err != nil {\n\t\t\ts.logger.Warn(\"Failed to send quit signal to ffmpeg\", \"error\", err)\n\t\t}\n\t\tactive.stdinPipe.Close()\n\t}\n\n\t// Wait for ffmpeg to finish by waiting on the done channel\n\tselect {\n\tcase <-active.done:\n\t\t// Process exited normally\n\tcase <-time.After(10 * time.Second):\n\t\t// Force kill if it doesn't exit gracefully\n\t\ts.logger.Warn(\"Recording did not stop gracefully, force killing\", \"id\", id)\n\t\tif active.cmd.Process != nil {\n\t\t\terr := active.cmd.Process.Kill()\n\t\t\tif err != nil {\n\t\t\t\ts.logger.Error(\"Failed to force kill recording\", \"id\", id, \"error\", err)\n\t\t\t}\n\t\t}\n\t\t// Still wait for the done channel to avoid goroutine leak\n\t\t<-active.done\n\t}\n\n\t// Update recording metadata\n\tnow := time.Now()\n\tactive.recording.EndTime = &now\n\tactive.recording.Status = \"completed\"\n\n\tduration := now.Sub(active.recording.StartTime).Seconds()\n\tactive.recording.DurationSeconds = &duration\n\n\t// Get file size\n\tif fileInfo, err := os.Stat(active.recording.FilePath); err == nil {\n\t\tsize := fileInfo.Size()\n\t\tactive.recording.SizeBytes = &size\n\t}\n\n\ts.logger.Debug(\"Stopped recording\", \"id\", id, \"durationSeconds\", duration)\n\n\treturn active.recording, nil\n}\n" }, { "path": "apps/daemon/pkg/recording/types.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recording\n\nimport (\n\t\"errors\"\n\t\"io\"\n\t\"os/exec\"\n\t\"time\"\n)\n\nvar (\n\tErrRecordingNotFound = errors.New(\"recording not found\")\n\tErrRecordingNotActive = errors.New(\"recording is not active\")\n\tErrRecordingStillActive = errors.New(\"cannot delete an active recording\")\n\tErrFFmpegNotFound = errors.New(\"ffmpeg not found in PATH\")\n\tErrInvalidLabel = errors.New(\"invalid label: must be 1-100 characters, cannot start with dot, cannot contain path separators (/ or \\\\), and can only contain letters, numbers, spaces, dots, underscores, and hyphens\")\n)\n\ntype Recording struct {\n\tID string\n\tFileName string\n\tFilePath string\n\tStartTime time.Time\n\tEndTime *time.Time\n\tStatus string\n\tDurationSeconds *float64\n\tSizeBytes *int64\n}\n\n// activeRecording holds the state of a currently running recording\ntype activeRecording struct {\n\trecording *Recording\n\tcmd *exec.Cmd\n\tstdinPipe io.WriteCloser\n\tdone chan error\n}\n" }, { "path": "apps/daemon/pkg/recordingdashboard/assets.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recordingdashboard\n\nimport \"embed\"\n\n//go:embed static\nvar static embed.FS\n" }, { "path": "apps/daemon/pkg/recordingdashboard/server.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recordingdashboard\n\nimport (\n\t\"fmt\"\n\t\"io/fs\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/daytonaio/daemon/pkg/recording\"\n\trecordingcontroller \"github.com/daytonaio/daemon/pkg/toolbox/computeruse/recording\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox/config\"\n\t\"github.com/gin-gonic/gin\"\n)\n\n// DashboardServer serves the recording dashboard\ntype DashboardServer struct {\n\tlogger *slog.Logger\n\trecordingService *recording.RecordingService\n}\n\n// NewDashboardServer creates a new dashboard server\nfunc NewDashboardServer(logger *slog.Logger, recordingService *recording.RecordingService) *DashboardServer {\n\treturn &DashboardServer{\n\t\tlogger: logger.With(slog.String(\"component\", \"recordings_dashboard\")),\n\t\trecordingService: recordingService,\n\t}\n}\n\n// Start starts the dashboard server on the configured port\nfunc (s *DashboardServer) Start() error {\n\tgin.SetMode(gin.ReleaseMode)\n\tr := gin.New()\n\tr.Use(gin.Recovery())\n\n\t// Prepare the embedded frontend files\n\t// Serve the files from the embedded filesystem\n\tstaticFS, err := fs.Sub(static, \"static\")\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to create sub filesystem: %w\", err)\n\t}\n\n\t// Serve dashboard HTML from embedded files\n\tr.GET(\"/\", gin.WrapH(http.FileServer(http.FS(staticFS))))\n\n\t// Serve video files\n\tr.GET(\"/videos/:filename\", s.serveVideo)\n\n\t// API endpoints\n\tr.GET(\"/api/recordings\", s.listRecordings)\n\tr.DELETE(\"/api/recordings\", s.deleteRecordings)\n\n\taddr := fmt.Sprintf(\":%d\", config.RECORDING_DASHBOARD_PORT)\n\ts.logger.Info(\"Starting recording dashboard\", \"port\", config.RECORDING_DASHBOARD_PORT)\n\n\terr = r.Run(addr)\n\treturn err\n}\n\nfunc (s *DashboardServer) serveVideo(ctx *gin.Context) {\n\tfilename := ctx.Param(\"filename\")\n\trecordingsDir := s.recordingService.GetRecordingsDir()\n\tfilePath := filepath.Join(recordingsDir, filename)\n\n\t// Security check - prevent path traversal\n\t// filepath.Rel returns a path with \"..\" if target is outside base directory\n\trel, err := filepath.Rel(recordingsDir, filePath)\n\tif err != nil || strings.Contains(rel, \"..\") {\n\t\tctx.JSON(http.StatusForbidden, gin.H{\"error\": \"access denied\"})\n\t\treturn\n\t}\n\n\tif _, err := os.Stat(filePath); os.IsNotExist(err) {\n\t\tctx.JSON(http.StatusNotFound, gin.H{\"error\": \"file not found\"})\n\t\treturn\n\t}\n\n\tctx.File(filePath)\n}\n\nfunc (s *DashboardServer) listRecordings(ctx *gin.Context) {\n\trecordings, err := s.recordingService.ListRecordings()\n\tif err != nil {\n\t\tctx.JSON(http.StatusInternalServerError, gin.H{\"error\": err.Error()})\n\t\treturn\n\t}\n\n\trecordingDTOs := make([]recordingcontroller.RecordingDTO, 0, len(recordings))\n\tfor _, rec := range recordings {\n\t\trecordingDTOs = append(recordingDTOs, *recordingcontroller.RecordingToDTO(&rec))\n\t}\n\n\tctx.JSON(http.StatusOK, gin.H{\"recordings\": recordingDTOs})\n}\n\ntype deleteRequest struct {\n\tIDs []string `json:\"ids\"`\n}\n\nfunc (s *DashboardServer) deleteRecordings(ctx *gin.Context) {\n\tvar req deleteRequest\n\tif err := ctx.ShouldBindJSON(&req); err != nil {\n\t\tctx.JSON(http.StatusBadRequest, gin.H{\"error\": \"invalid request\"})\n\t\treturn\n\t}\n\n\tdeleted := []string{}\n\tfailed := []string{}\n\n\t// Direct calls to data provider\n\tfor _, id := range req.IDs {\n\t\tif err := s.recordingService.DeleteRecording(id); err != nil {\n\t\t\tfailed = append(failed, id)\n\t\t\ts.logger.Warn(\"Failed to delete recording\", \"id\", id, \"error\", err)\n\t\t} else {\n\t\t\tdeleted = append(deleted, id)\n\t\t}\n\t}\n\n\tctx.JSON(http.StatusOK, gin.H{\n\t\t\"deleted\": deleted,\n\t\t\"failed\": failed,\n\t})\n}\n" }, { "path": "apps/daemon/pkg/recordingdashboard/static/index.html", "content": "\n\n \n \n \n Screen Recordings\n \n \n \n
\n
\n
\n

Screen Recordings

\n Auto-refresh: 5s\n
\n \n
\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n
FilenameDurationSizeStatusDateActions
\n
📹
\n Loading...\n
\n
\n\n
\n
\n
\n

Video Playback

\n \n
\n \n
\n
\n\n \n \n\n" }, { "path": "apps/daemon/pkg/session/command.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"strconv\"\n\t\"strings\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n)\n\nfunc (s *SessionService) getSessionCommands(sessionId string) ([]*Command, error) {\n\tsession, ok := s.sessions.Get(sessionId)\n\tif !ok {\n\t\treturn nil, common_errors.NewNotFoundError(errors.New(\"session not found\"))\n\t}\n\n\tcommands := []*Command{}\n\tfor _, command := range session.commands.Items() {\n\t\tcmd, err := s.GetSessionCommand(sessionId, command.Id)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tcommands = append(commands, cmd)\n\t}\n\n\treturn commands, nil\n}\n\nfunc (s *SessionService) GetSessionCommand(sessionId, cmdId string) (*Command, error) {\n\tsession, ok := s.sessions.Get(sessionId)\n\tif !ok {\n\t\treturn nil, common_errors.NewNotFoundError(errors.New(\"session not found\"))\n\t}\n\n\tcommand, ok := session.commands.Get(cmdId)\n\tif !ok {\n\t\treturn nil, common_errors.NewNotFoundError(errors.New(\"command not found\"))\n\t}\n\n\tif command.ExitCode != nil {\n\t\treturn command, nil\n\t}\n\n\t_, exitCodeFilePath := command.LogFilePath(session.Dir(s.configDir))\n\texitCode, err := os.ReadFile(exitCodeFilePath)\n\tif err != nil {\n\t\tif os.IsNotExist(err) {\n\t\t\treturn command, nil\n\t\t}\n\t\treturn nil, fmt.Errorf(\"failed to read exit code file: %w\", err)\n\t}\n\n\texitCodeInt, err := strconv.Atoi(strings.TrimRight(string(exitCode), \"\\n\"))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to convert exit code to int: %w\", err)\n\t}\n\n\tcommand.ExitCode = &exitCodeInt\n\n\treturn command, nil\n}\n" }, { "path": "apps/daemon/pkg/session/common.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"net/http\"\n)\n\nfunc IsCombinedOutput(sdkVersion string, versionComparison *int, requestHeader http.Header) bool {\n\treturn (versionComparison != nil && *versionComparison < 0 && sdkVersion != \"0.0.0-dev\") || (sdkVersion == \"\" && requestHeader.Get(\"X-Daytona-Split-Output\") != \"true\")\n}\n" }, { "path": "apps/daemon/pkg/session/create.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"os/exec\"\n\n\t\"github.com/daytonaio/daemon/pkg/common\"\n\tcmap \"github.com/orcaman/concurrent-map/v2\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n)\n\nfunc (s *SessionService) Create(sessionId string, isLegacy bool) error {\n\tctx, cancel := context.WithCancel(context.Background())\n\n\tcmd := exec.CommandContext(ctx, common.GetShell())\n\tcmd.Env = os.Environ()\n\n\tif isLegacy {\n\t\thomeDir, err := os.UserHomeDir()\n\t\tif err != nil {\n\t\t\tcancel()\n\t\t\treturn fmt.Errorf(\"failed to obtain user home directory for legacy SDK compatibility: %w\", err)\n\t\t}\n\n\t\tcmd.Dir = homeDir\n\t}\n\n\tif _, ok := s.sessions.Get(sessionId); ok {\n\t\tcancel()\n\t\treturn common_errors.NewConflictError(errors.New(\"session already exists\"))\n\t}\n\n\tstdinWriter, err := cmd.StdinPipe()\n\tif err != nil {\n\t\tcancel()\n\t\treturn err\n\t}\n\n\terr = cmd.Start()\n\tif err != nil {\n\t\tcancel()\n\t\treturn err\n\t}\n\n\tsession := &session{\n\t\tid: sessionId,\n\t\tcmd: cmd,\n\t\tstdinWriter: stdinWriter,\n\t\tcommands: cmap.New[*Command](),\n\t\tctx: ctx,\n\t\tcancel: cancel,\n\t}\n\ts.sessions.Set(sessionId, session)\n\n\terr = os.MkdirAll(session.Dir(s.configDir), 0755)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n" }, { "path": "apps/daemon/pkg/session/delete.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"os\"\n\t\"syscall\"\n\t\"time\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n\t\"github.com/shirou/gopsutil/v4/process\"\n)\n\nfunc (s *SessionService) Delete(ctx context.Context, sessionId string) error {\n\tsession, ok := s.sessions.Get(sessionId)\n\tif !ok {\n\t\treturn common_errors.NewNotFoundError(errors.New(\"session not found\"))\n\t}\n\n\t// Terminate process group first with signals (SIGTERM -> SIGKILL)\n\terr := s.terminateSession(ctx, session)\n\tif err != nil {\n\t\ts.logger.ErrorContext(ctx, \"Failed to terminate session\", \"sessionId\", session.id, \"error\", err)\n\t\t// Continue with cleanup even if termination fails\n\t}\n\n\t// Cancel context after termination\n\tsession.cancel()\n\n\t// Clean up session directory\n\terr = os.RemoveAll(session.Dir(s.configDir))\n\tif err != nil {\n\t\treturn common_errors.NewBadRequestError(err)\n\t}\n\n\ts.sessions.Remove(session.id)\n\treturn nil\n}\n\nfunc (s *SessionService) terminateSession(ctx context.Context, session *session) error {\n\tif session.cmd == nil || session.cmd.Process == nil {\n\t\treturn nil\n\t}\n\n\tpid := session.cmd.Process.Pid\n\n\t_ = s.signalProcessTree(pid, syscall.SIGTERM)\n\n\terr := session.cmd.Process.Signal(syscall.SIGTERM)\n\tif err != nil {\n\t\t// If SIGTERM fails, try SIGKILL immediately\n\t\ts.logger.WarnContext(ctx, \"SIGTERM failed for session, trying SIGKILL\", \"sessionId\", session.id, \"error\", err)\n\t\t_ = s.signalProcessTree(pid, syscall.SIGKILL)\n\t\treturn session.cmd.Process.Kill()\n\t}\n\n\t// Wait for graceful termination\n\tif s.waitForTermination(ctx, pid, s.terminationGracePeriod, s.terminationCheckInterval) {\n\t\ts.logger.DebugContext(ctx, \"Session terminated gracefully\", \"sessionId\", session.id)\n\t\treturn nil\n\t}\n\n\ts.logger.DebugContext(ctx, \"Session timeout, sending SIGKILL to process tree\", \"sessionId\", session.id)\n\t_ = s.signalProcessTree(pid, syscall.SIGKILL)\n\treturn session.cmd.Process.Kill()\n}\n\nfunc (s *SessionService) signalProcessTree(pid int, sig syscall.Signal) error {\n\tparent, err := process.NewProcess(int32(pid))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tdescendants, err := parent.Children()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tfor _, child := range descendants {\n\t\tchildPid := int(child.Pid)\n\t\t_ = s.signalProcessTree(childPid, sig)\n\t}\n\n\tfor _, child := range descendants {\n\t\t// Convert to OS process to send custom signal\n\t\tif childProc, err := os.FindProcess(int(child.Pid)); err == nil {\n\t\t\t_ = childProc.Signal(sig)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (s *SessionService) waitForTermination(ctx context.Context, pid int, timeout, interval time.Duration) bool {\n\ttimeoutCtx, cancel := context.WithTimeout(ctx, timeout)\n\tdefer cancel()\n\n\tticker := time.NewTicker(interval)\n\tdefer ticker.Stop()\n\n\tfor {\n\t\tselect {\n\t\tcase <-timeoutCtx.Done():\n\t\t\treturn false\n\t\tcase <-ticker.C:\n\t\t\tparent, err := process.NewProcess(int32(pid))\n\t\t\tif err != nil {\n\t\t\t\t// Process doesn't exist anymore\n\t\t\t\treturn true\n\t\t\t}\n\t\t\tchildren, err := parent.Children()\n\t\t\tif err != nil {\n\t\t\t\t// Unable to enumerate children - likely process is dying/dead\n\t\t\t\treturn true\n\t\t\t}\n\t\t\tif len(children) == 0 {\n\t\t\t\treturn true\n\t\t\t}\n\t\t}\n\t}\n}\n" }, { "path": "apps/daemon/pkg/session/execute.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"bytes\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strconv\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/daytonaio/daemon/internal/util\"\n\t\"github.com/google/uuid\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n\t\"github.com/daytonaio/common-go/pkg/log\"\n)\n\nfunc (s *SessionService) Execute(sessionId, cmdId, cmd string, async, isCombinedOutput, suppressInputEcho bool) (*SessionExecute, error) {\n\tsession, ok := s.sessions.Get(sessionId)\n\tif !ok {\n\t\treturn nil, common_errors.NewNotFoundError(errors.New(\"session not found\"))\n\t}\n\n\tif cmdId == util.EmptyCommandID {\n\t\tcmdId = uuid.NewString()\n\t}\n\n\tif _, ok := session.commands.Get(cmdId); ok {\n\t\treturn nil, common_errors.NewConflictError(errors.New(\"command with the given ID already exists\"))\n\t}\n\n\tcommand := &Command{\n\t\tId: cmdId,\n\t\tCommand: cmd,\n\t\tSuppressInputEcho: suppressInputEcho,\n\t}\n\tsession.commands.Set(cmdId, command)\n\n\tlogFilePath, exitCodeFilePath := command.LogFilePath(session.Dir(s.configDir))\n\tlogDir := filepath.Dir(logFilePath)\n\n\tif err := os.MkdirAll(logDir, 0755); err != nil {\n\t\treturn nil, common_errors.NewBadRequestError(fmt.Errorf(\"failed to create log directory: %w\", err))\n\t}\n\n\tlogFile, err := os.Create(logFilePath)\n\tif err != nil {\n\t\treturn nil, common_errors.NewBadRequestError(fmt.Errorf(\"failed to create log file: %w\", err))\n\t}\n\n\tdefer logFile.Close()\n\n\tcmdToExec := fmt.Sprintf(cmdWrapperFormat+\"\\n\",\n\t\tlogFilePath, // %q -> log\n\t\tlogDir, // %q -> dir\n\t\tcommand.InputFilePath(session.Dir(s.configDir)), // %q -> input\n\t\ttoOctalEscapes(log.STDOUT_PREFIX), // %s -> stdout prefix\n\t\ttoOctalEscapes(log.STDERR_PREFIX), // %s -> stderr prefix\n\t\tcmd, // %s -> verbatim script body\n\t\texitCodeFilePath, // %q\n\t)\n\n\t_, err = session.stdinWriter.Write([]byte(cmdToExec))\n\tif err != nil {\n\t\treturn nil, common_errors.NewBadRequestError(fmt.Errorf(\"failed to write command: %w\", err))\n\t}\n\n\tif async {\n\t\treturn &SessionExecute{\n\t\t\tCommandId: cmdId,\n\t\t}, nil\n\t}\n\n\tfor {\n\t\tselect {\n\t\tcase <-session.ctx.Done():\n\t\t\tcommand, ok := session.commands.Get(cmdId)\n\t\t\tif !ok {\n\t\t\t\treturn nil, common_errors.NewBadRequestError(errors.New(\"command not found\"))\n\t\t\t}\n\n\t\t\tcommand.ExitCode = util.Pointer(1)\n\n\t\t\treturn nil, common_errors.NewBadRequestError(errors.New(\"session cancelled\"))\n\t\tdefault:\n\t\t\texitCode, err := os.ReadFile(exitCodeFilePath)\n\t\t\tif err != nil {\n\t\t\t\tif os.IsNotExist(err) {\n\t\t\t\t\ttime.Sleep(50 * time.Millisecond)\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t\treturn nil, common_errors.NewBadRequestError(fmt.Errorf(\"failed to read exit code file: %w\", err))\n\t\t\t}\n\n\t\t\texitCodeInt, err := strconv.Atoi(strings.TrimRight(string(exitCode), \"\\n\"))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, common_errors.NewBadRequestError(fmt.Errorf(\"failed to convert exit code to int: %w\", err))\n\t\t\t}\n\n\t\t\tcommand, ok := session.commands.Get(cmdId)\n\t\t\tif !ok {\n\t\t\t\treturn nil, common_errors.NewBadRequestError(errors.New(\"command not found\"))\n\t\t\t}\n\t\t\tcommand.ExitCode = &exitCodeInt\n\n\t\t\tlogBytes, err := os.ReadFile(logFilePath)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, common_errors.NewBadRequestError(fmt.Errorf(\"failed to read log file: %w\", err))\n\t\t\t}\n\n\t\t\tlogContent := string(logBytes)\n\n\t\t\tif isCombinedOutput {\n\t\t\t\t// remove prefixes from log bytes\n\t\t\t\tlogBytes = bytes.ReplaceAll(bytes.ReplaceAll(logBytes, log.STDOUT_PREFIX, []byte{}), log.STDERR_PREFIX, []byte{})\n\t\t\t\tlogContent = string(logBytes)\n\t\t\t}\n\n\t\t\treturn &SessionExecute{\n\t\t\t\tCommandId: cmdId,\n\t\t\t\tOutput: &logContent,\n\t\t\t\tExitCode: &exitCodeInt,\n\t\t\t}, nil\n\t\t}\n\t}\n}\n\nfunc toOctalEscapes(b []byte) string {\n\tout := \"\"\n\tfor _, c := range b {\n\t\tout += fmt.Sprintf(\"\\\\%03o\", c) // e.g. 0x01 → \\001\n\t}\n\treturn out\n}\n\nvar cmdWrapperFormat string = `\n{\n\tlog=%q\n\tdir=%q\n\n\t# per-command FIFOs\n\tsp=\"$dir/stdout.pipe\"\n\tep=\"$dir/stderr.pipe\"\n\tip=%q\n\t\n\trm -f \"$sp\" \"$ep\" \"$ip\" && mkfifo \"$sp\" \"$ep\" \"$ip\" || exit 1\n\n\tcleanup() { rm -f \"$sp\" \"$ep\" \"$ip\"; }\n\ttrap 'cleanup' EXIT HUP INT TERM\n\n # prefix each stream and append to shared log\n\t( while IFS= read -r line || [ -n \"$line\" ]; do printf '%s%%s\\n' \"$line\"; done < \"$sp\" ) >> \"$log\" & r1=$!\n\t( while IFS= read -r line || [ -n \"$line\" ]; do printf '%s%%s\\n' \"$line\"; done < \"$ep\" ) >> \"$log\" & r2=$!\n\n\t# Keep input FIFO open to prevent blocking when command opens stdin\n\tsleep infinity > \"$ip\" &\n\n\t# Run your command\n\t{ %s; } < \"$ip\" > \"$sp\" 2> \"$ep\"\n\techo \"$?\" >> %s\n\n\t# drain labelers (cleanup via trap)\n\twait \"$r1\" \"$r2\"\n\n\t# Ensure unlink even if the waits failed\n\tcleanup\n}\n`\n" }, { "path": "apps/daemon/pkg/session/get.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"errors\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n)\n\nfunc (s *SessionService) Get(sessionId string) (*Session, error) {\n\t_, ok := s.sessions.Get(sessionId)\n\tif !ok {\n\t\treturn nil, common_errors.NewNotFoundError(errors.New(\"session not found\"))\n\t}\n\n\tcommands, err := s.getSessionCommands(sessionId)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Session{\n\t\tSessionId: sessionId,\n\t\tCommands: commands,\n\t}, nil\n}\n" }, { "path": "apps/daemon/pkg/session/input.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n\t\"github.com/daytonaio/common-go/pkg/log\"\n)\n\n// SendInput sends data to the session's stdin for a specific running command\n// This enables interactive command input for sessions\nfunc (s *SessionService) SendInput(sessionId, commandId string, data string) error {\n\tsession, ok := s.sessions.Get(sessionId)\n\tif !ok {\n\t\treturn common_errors.NewNotFoundError(errors.New(\"session not found\"))\n\t}\n\n\t// Check if the session process is still active\n\tif session.cmd.ProcessState != nil && session.cmd.ProcessState.Exited() {\n\t\treturn common_errors.NewGoneError(errors.New(\"session process has exited\"))\n\t}\n\n\t// Verify the command exists\n\tcommand, ok := session.commands.Get(commandId)\n\tif !ok {\n\t\treturn common_errors.NewNotFoundError(errors.New(\"command not found\"))\n\t}\n\n\t// Check if the command is still running (exit code not set means still running)\n\tif command.ExitCode != nil {\n\t\treturn common_errors.NewGoneError(fmt.Errorf(\"command has already completed with exit code %d\", *command.ExitCode))\n\t}\n\n\tinputFilePath := command.InputFilePath(session.Dir(s.configDir))\n\tf, err := os.OpenFile(inputFilePath, os.O_WRONLY, 0600)\n\tif err != nil {\n\t\treturn common_errors.NewInternalServerError(fmt.Errorf(\"failed to open input pipe: %w\", err))\n\t}\n\tdefer f.Close()\n\n\t// Ensure newline for commands like `read`\n\tif !strings.HasSuffix(data, \"\\n\") {\n\t\tdata += \"\\n\"\n\t}\n\n\t// Write to input pipe\n\tif _, err := f.Write([]byte(data)); err != nil {\n\t\treturn common_errors.NewInternalServerError(fmt.Errorf(\"failed to write to input pipe: %w\", err))\n\t}\n\n\tif !command.SuppressInputEcho {\n\t\t// Also echo input to log file for visibility (appears as stdout)\n\t\tlogFilePath, _ := command.LogFilePath(session.Dir(s.configDir))\n\t\tlogFile, err := os.OpenFile(logFilePath, os.O_APPEND|os.O_WRONLY, 0600)\n\t\tif err != nil {\n\t\t\ts.logger.Debug(\"failed to open log file to echo input\", \"error\", err)\n\t\t} else {\n\t\t\tdefer logFile.Close()\n\t\t\t// Write with STDOUT prefix to maintain log format consistency\n\t\t\tdataWithPrefix := append(log.STDOUT_PREFIX, []byte(data)...)\n\t\t\t_, err = logFile.Write(dataWithPrefix)\n\t\t\tif err != nil {\n\t\t\t\ts.logger.Error(\"failed to echo input to log file\", \"error\", err)\n\t\t\t}\n\t\t}\n\t}\n\n\treturn nil\n}\n" }, { "path": "apps/daemon/pkg/session/list.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport \"github.com/daytonaio/daemon/internal/util\"\n\nfunc (s *SessionService) List() ([]Session, error) {\n\tsessions := []Session{}\n\n\tfor _, sessionId := range s.sessions.Keys() {\n\t\tif sessionId == util.EntrypointSessionID {\n\t\t\tcontinue\n\t\t}\n\n\t\tcommands, err := s.getSessionCommands(sessionId)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tsessions = append(sessions, Session{\n\t\t\tSessionId: sessionId,\n\t\t\tCommands: commands,\n\t\t})\n\t}\n\n\treturn sessions, nil\n}\n" }, { "path": "apps/daemon/pkg/session/log.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"errors\"\n\t\"io\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"os\"\n\t\"time\"\n\n\t\"github.com/daytonaio/daemon/internal/util\"\n\t\"github.com/gorilla/websocket\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n\t\"github.com/daytonaio/common-go/pkg/log\"\n)\n\ntype FetchLogsOptions struct {\n\tIsCombinedOutput bool\n\tIsWebsocketUpgrade bool\n\tFollow bool\n}\n\nfunc (s *SessionService) GetSessionCommandLogs(sessionId, commandId string, request *http.Request, responseWriter http.ResponseWriter, opts FetchLogsOptions) ([]byte, error) {\n\tsession, ok := s.sessions.Get(sessionId)\n\tif !ok {\n\t\treturn nil, common_errors.NewNotFoundError(errors.New(\"session not found\"))\n\t}\n\n\tcommand, ok := session.commands.Get(commandId)\n\tif !ok {\n\t\treturn nil, common_errors.NewNotFoundError(errors.New(\"command not found\"))\n\t}\n\n\tlogFilePath, exitCodeFilePath := command.LogFilePath(session.Dir(s.configDir))\n\n\tif opts.IsWebsocketUpgrade {\n\t\tlogFile, err := os.Open(logFilePath)\n\t\tif err != nil {\n\t\t\tif os.IsNotExist(err) {\n\t\t\t\treturn nil, common_errors.NewNotFoundError(err)\n\t\t\t}\n\t\t\tif os.IsPermission(err) {\n\t\t\t\treturn nil, common_errors.NewForbiddenError(err)\n\t\t\t}\n\t\t\treturn nil, common_errors.NewBadRequestError(err)\n\t\t}\n\t\tdefer logFile.Close()\n\t\tReadLog(s.logger, request, responseWriter, opts.Follow, logFile, util.ReadLogWithExitCode, exitCodeFilePath, func(logger *slog.Logger, conn *websocket.Conn, messages chan []byte, errors chan error, pongCh <-chan []byte) {\n\t\t\tvar buffer []byte\n\t\t\tfor {\n\t\t\t\t// Priority: always flush pending pong responses before writing data.\n\t\t\t\t// This ensures keepalive pongs are never delayed by data writes.\n\t\t\t\tutil.WritePendingPongs(conn, pongCh, time.Second, logger)\n\n\t\t\t\tselect {\n\t\t\t\tcase <-session.ctx.Done():\n\t\t\t\t\t// Flush any remaining bytes in buffer before closing\n\t\t\t\t\tif opts.IsCombinedOutput && len(buffer) > 0 {\n\t\t\t\t\t\tremainingData := flushRemainingBuffer(&buffer)\n\t\t\t\t\t\tif len(remainingData) > 0 {\n\t\t\t\t\t\t\terr := conn.WriteMessage(websocket.BinaryMessage, remainingData)\n\t\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\t\ts.logger.Error(\"websocket write error\", \"error\", err)\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\terr := conn.WriteControl(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, \"\"), time.Now().Add(time.Second))\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\ts.logger.Error(\"websocket close control error\", \"error\", err)\n\t\t\t\t\t}\n\t\t\t\t\tconn.Close()\n\t\t\t\t\treturn\n\t\t\t\tcase pong := <-pongCh:\n\t\t\t\t\t// Pong arrived while waiting for data — write it immediately\n\t\t\t\t\tif err := conn.WriteControl(websocket.PongMessage, pong, time.Now().Add(time.Second)); err != nil {\n\t\t\t\t\t\ts.logger.Debug(\"failed to write pong\", \"error\", err)\n\t\t\t\t\t}\n\t\t\t\tcase msg := <-messages:\n\t\t\t\t\tif opts.IsCombinedOutput {\n\t\t\t\t\t\t// Process chunks with buffering to handle prefixes split across chunks\n\t\t\t\t\t\tprocessedData := processLogChunkWithPrefixFiltering(msg, &buffer)\n\t\t\t\t\t\tif len(processedData) > 0 {\n\t\t\t\t\t\t\terr := conn.WriteMessage(websocket.BinaryMessage, processedData)\n\t\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\t\terrors <- err\n\t\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\terr := conn.WriteMessage(websocket.BinaryMessage, msg)\n\t\t\t\t\t\tif err != nil {\n\t\t\t\t\t\t\terrors <- err\n\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\tcase <-errors:\n\t\t\t\t\t// Stream ended, flush any remaining bytes in buffer\n\t\t\t\t\tif opts.IsCombinedOutput && len(buffer) > 0 {\n\t\t\t\t\t\tremainingData := flushRemainingBuffer(&buffer)\n\t\t\t\t\t\tif len(remainingData) > 0 {\n\t\t\t\t\t\t\twriteErr := conn.WriteMessage(websocket.BinaryMessage, remainingData)\n\t\t\t\t\t\t\tif writeErr != nil {\n\t\t\t\t\t\t\t\ts.logger.Error(\"websocket write error\", \"error\", writeErr)\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\t// The error will be handled by the main ReadLog function\n\t\t\t\t\treturn\n\t\t\t\t}\n\t\t\t}\n\t\t})\n\t\treturn nil, nil\n\t}\n\n\tlogBytes, err := os.ReadFile(logFilePath)\n\tif err != nil {\n\t\tif os.IsNotExist(err) {\n\t\t\treturn nil, common_errors.NewNotFoundError(err)\n\t\t}\n\t\tif os.IsPermission(err) {\n\t\t\treturn nil, common_errors.NewForbiddenError(err)\n\t\t}\n\t\treturn nil, common_errors.NewBadRequestError(err)\n\t}\n\n\tif opts.IsCombinedOutput {\n\t\t// remove prefixes from log bytes\n\t\tlogBytes = bytes.ReplaceAll(bytes.ReplaceAll(logBytes, log.STDOUT_PREFIX, []byte{}), log.STDERR_PREFIX, []byte{})\n\t}\n\n\treturn logBytes, nil\n}\n\n// ReadLog reads from the logReader and writes to the websocket.\n// TLogData is the type of the message to be read from the logReader.\n// The wsWriteFunc callback receives a pongCh that carries queued pong payloads;\n// the callback must drain it (via util.WritePendingPongs) before each data write\n// to give keepalive pongs priority over log data.\nfunc ReadLog[TLogData any](logger *slog.Logger, request *http.Request, responseWriter http.ResponseWriter, follow bool, logReader io.Reader, readFunc func(context.Context, io.Reader, bool, string, chan TLogData, chan error), exitCodeFilePath string, wsWriteFunc func(*slog.Logger, *websocket.Conn, chan TLogData, chan error, <-chan []byte)) {\n\tws, err := util.UpgradeToWebSocket(responseWriter, request)\n\tif err != nil {\n\t\tlogger.Error(\"websocket upgrade error\", \"error\", err)\n\t\treturn\n\t}\n\n\tpongCh := util.SetupWSKeepAlive(ws, logger)\n\n\tdefer func() {\n\t\tcloseErr := websocket.CloseNormalClosure\n\t\tif !errors.Is(err, io.EOF) {\n\t\t\tcloseErr = websocket.CloseInternalServerErr\n\t\t}\n\t\terr := ws.WriteControl(websocket.CloseMessage, websocket.FormatCloseMessage(closeErr, \"\"), time.Now().Add(time.Second))\n\t\tif err != nil {\n\t\t\tlogger.Debug(\"websocket close control error\", \"error\", err)\n\t\t}\n\t\tws.Close()\n\t}()\n\n\tmsgChannel := make(chan TLogData)\n\terrChannel := make(chan error)\n\tctx, cancel := context.WithCancel(request.Context())\n\n\tdefer cancel()\n\tgo readFunc(ctx, logReader, follow, exitCodeFilePath, msgChannel, errChannel)\n\tgo wsWriteFunc(logger, ws, msgChannel, errChannel, pongCh)\n\n\treadErr := make(chan error)\n\tgo func() {\n\t\tfor {\n\t\t\t_, _, err := ws.ReadMessage()\n\t\t\treadErr <- err\n\t\t}\n\t}()\n\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn\n\t\tcase err = <-errChannel:\n\t\t\tif err != nil {\n\t\t\t\tif !errors.Is(err, io.EOF) {\n\t\t\t\t\tlogger.Error(\"log read error\", \"error\", err)\n\t\t\t\t}\n\t\t\t\tcancel()\n\t\t\t\treturn\n\t\t\t}\n\t\tcase err := <-readErr:\n\t\t\tif websocket.IsUnexpectedCloseError(err, websocket.CloseNormalClosure, websocket.CloseAbnormalClosure) {\n\t\t\t\tlogger.Error(\"websocket unexpected close error\", \"error\", err)\n\t\t\t}\n\t\t\tif err != nil {\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\t}\n}\n\n// processLogChunkWithPrefixFiltering processes log chunks with buffering to handle prefixes split across chunks\nfunc processLogChunkWithPrefixFiltering(chunk []byte, buffer *[]byte) []byte {\n\t// Append new chunk to buffer\n\t*buffer = append(*buffer, chunk...)\n\n\tvar result []byte\n\tprocessed := 0\n\n\tfor processed < len(*buffer) {\n\t\t// Check if we have enough bytes to check for prefixes\n\t\tif len(*buffer)-processed < 3 {\n\t\t\t// Not enough bytes for a complete prefix\n\t\t\t// Check if remaining bytes could be part of a prefix\n\t\t\tremainingBytes := (*buffer)[processed:]\n\n\t\t\t// If remaining bytes could be start of STDOUT_PREFIX (0x01, 0x01, 0x01)\n\t\t\tcouldBeStdoutPrefix := true\n\t\t\tfor i, b := range remainingBytes {\n\t\t\t\tif b != log.STDOUT_PREFIX[i] {\n\t\t\t\t\tcouldBeStdoutPrefix = false\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// If remaining bytes could be start of STDERR_PREFIX (0x02, 0x02, 0x02)\n\t\t\tcouldBeStderrPrefix := true\n\t\t\tfor i, b := range remainingBytes {\n\t\t\t\tif b != log.STDERR_PREFIX[i] {\n\t\t\t\t\tcouldBeStderrPrefix = false\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// If remaining bytes could be part of either prefix, keep them in buffer\n\t\t\tif couldBeStdoutPrefix || couldBeStderrPrefix {\n\t\t\t\t*buffer = remainingBytes\n\t\t\t} else {\n\t\t\t\t// Remaining bytes cannot be part of any prefix, output them\n\t\t\t\tresult = append(result, remainingBytes...)\n\t\t\t\t*buffer = (*buffer)[:0]\n\t\t\t}\n\t\t\tbreak\n\t\t}\n\n\t\t// Check for STDOUT_PREFIX (0x01, 0x01, 0x01)\n\t\tif (*buffer)[processed] == log.STDOUT_PREFIX[0] &&\n\t\t\t(*buffer)[processed+1] == log.STDOUT_PREFIX[1] &&\n\t\t\t(*buffer)[processed+2] == log.STDOUT_PREFIX[2] {\n\t\t\t// Found STDOUT_PREFIX, skip it\n\t\t\tprocessed += 3\n\t\t\tcontinue\n\t\t}\n\n\t\t// Check for STDERR_PREFIX (0x02, 0x02, 0x02)\n\t\tif (*buffer)[processed] == log.STDERR_PREFIX[0] &&\n\t\t\t(*buffer)[processed+1] == log.STDERR_PREFIX[1] &&\n\t\t\t(*buffer)[processed+2] == log.STDERR_PREFIX[2] {\n\t\t\t// Found STDERR_PREFIX, skip it\n\t\t\tprocessed += 3\n\t\t\tcontinue\n\t\t}\n\n\t\t// No prefix found, add this byte to result\n\t\tresult = append(result, (*buffer)[processed])\n\t\tprocessed++\n\t}\n\n\t// Remove processed bytes from buffer\n\tif processed > 0 && processed < len(*buffer) {\n\t\t*buffer = (*buffer)[processed:]\n\t}\n\n\treturn result\n}\n\n// flushRemainingBuffer processes any remaining bytes in the buffer at the end of the stream\nfunc flushRemainingBuffer(buffer *[]byte) []byte {\n\tif len(*buffer) == 0 {\n\t\treturn nil\n\t}\n\n\t// At the end of stream, any remaining bytes are not prefixes (since they're incomplete)\n\t// So we should output them as regular data\n\tresult := make([]byte, len(*buffer))\n\tcopy(result, *buffer)\n\t*buffer = (*buffer)[:0] // Clear the buffer\n\treturn result\n}\n" }, { "path": "apps/daemon/pkg/session/service.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"log/slog\"\n\t\"time\"\n\n\tcmap \"github.com/orcaman/concurrent-map/v2\"\n)\n\ntype SessionService struct {\n\tlogger *slog.Logger\n\tconfigDir string\n\tsessions cmap.ConcurrentMap[string, *session]\n\tterminationGracePeriod time.Duration\n\tterminationCheckInterval time.Duration\n}\n\nfunc NewSessionService(logger *slog.Logger, configDir string, terminationGracePeriod, terminationCheckInterval time.Duration) *SessionService {\n\treturn &SessionService{\n\t\tlogger: logger.With(slog.String(\"component\", \"session_service\")),\n\t\tconfigDir: configDir,\n\t\tsessions: cmap.New[*session](),\n\t\tterminationGracePeriod: terminationGracePeriod,\n\t\tterminationCheckInterval: terminationCheckInterval,\n\t}\n}\n" }, { "path": "apps/daemon/pkg/session/types.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"context\"\n\t\"io\"\n\t\"os/exec\"\n\t\"path/filepath\"\n\n\tcmap \"github.com/orcaman/concurrent-map/v2\"\n)\n\ntype session struct {\n\tid string\n\tcmd *exec.Cmd\n\tstdinWriter io.Writer\n\tcommands cmap.ConcurrentMap[string, *Command]\n\tctx context.Context\n\tcancel context.CancelFunc\n}\n\nfunc (s *session) Dir(configDir string) string {\n\treturn filepath.Join(configDir, \"sessions\", s.id)\n}\n\ntype Command struct {\n\tId string `json:\"id\" validate:\"required\"`\n\tCommand string `json:\"command\" validate:\"required\"`\n\tExitCode *int `json:\"exitCode,omitempty\" validate:\"optional\"`\n\tSuppressInputEcho bool `json:\"suppressInputEcho\" validate:\"optional\"`\n}\n\nfunc (c *Command) LogFilePath(sessionDir string) (string, string) {\n\treturn filepath.Join(sessionDir, c.Id, \"output.log\"), filepath.Join(sessionDir, c.Id, \"exit_code\")\n}\n\nfunc (c *Command) InputFilePath(sessionDir string) string {\n\treturn filepath.Join(sessionDir, c.Id, \"input.pipe\")\n}\n\ntype Session struct {\n\tSessionId string `json:\"sessionId\" validate:\"required\"`\n\tCommands []*Command `json:\"commands\" validate:\"required\"`\n}\n\ntype SessionExecute struct {\n\tCommandId string `json:\"cmdId\" validate:\"optional\"`\n\tOutput *string `json:\"output\" validate:\"optional\"`\n\tStdout *string `json:\"stdout\" validate:\"optional\"`\n\tStderr *string `json:\"stderr\" validate:\"optional\"`\n\tExitCode *int `json:\"exitCode\" validate:\"optional\"`\n}\n" }, { "path": "apps/daemon/pkg/ssh/config/config.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage config\n\nconst SSH_PORT = 22220\n" }, { "path": "apps/daemon/pkg/ssh/server.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage ssh\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"log/slog\"\n\t\"os\"\n\t\"os/exec\"\n\n\t\"github.com/daytonaio/daemon/pkg/common\"\n\t\"github.com/daytonaio/daemon/pkg/ssh/config\"\n\t\"github.com/gliderlabs/ssh\"\n\t\"github.com/pkg/sftp\"\n\t\"golang.org/x/sys/unix\"\n)\n\ntype Server struct {\n\tlogger *slog.Logger\n\tworkDir string\n\tdefaultWorkDir string\n}\n\nfunc NewServer(logger *slog.Logger, workDir, defaultWorkDir string) *Server {\n\treturn &Server{\n\t\tlogger: logger.With(slog.String(\"component\", \"ssh_server\")),\n\t\tworkDir: workDir,\n\t\tdefaultWorkDir: defaultWorkDir,\n\t}\n}\n\nfunc (s *Server) Start() error {\n\tforwardedTCPHandler := &ssh.ForwardedTCPHandler{}\n\tunixForwardHandler := newForwardedUnixHandler()\n\n\tsshServer := ssh.Server{\n\t\tAddr: fmt.Sprintf(\":%d\", config.SSH_PORT),\n\t\tPublicKeyHandler: func(ctx ssh.Context, key ssh.PublicKey) bool {\n\t\t\t// Allow all public key authentication attempts\n\t\t\ts.logger.Debug(\"Public key authentication accepted\", \"user\", ctx.User())\n\t\t\treturn true\n\t\t},\n\t\tPasswordHandler: func(ctx ssh.Context, password string) bool {\n\t\t\ts.logger.Debug(\"Password authentication attempt\", \"user\", ctx.User())\n\t\t\tif len(password) > 0 {\n\t\t\t\ts.logger.Debug(\"Received password\", \"length\", len(password))\n\t\t\t} else {\n\t\t\t\ts.logger.Debug(\"Received empty password\")\n\t\t\t}\n\t\t\t// Only allow authentication with the hardcoded password 'sandbox-ssh'\n\t\t\tauthenticated := password == \"sandbox-ssh\"\n\t\t\tif authenticated {\n\t\t\t\ts.logger.Debug(\"Password authentication succeeded\", \"user\", ctx.User())\n\t\t\t} else {\n\t\t\t\ts.logger.Debug(\"Password authentication failed (wrong password)\", \"user\", ctx.User())\n\t\t\t}\n\t\t\treturn authenticated\n\t\t},\n\t\tHandler: func(session ssh.Session) {\n\t\t\tswitch ss := session.Subsystem(); ss {\n\t\t\tcase \"\":\n\t\t\tcase \"sftp\":\n\t\t\t\ts.sftpHandler(session)\n\t\t\t\treturn\n\t\t\tdefault:\n\t\t\t\ts.logger.Error(\"Subsystem not supported\", \"subsystem\", ss)\n\t\t\t\tsession.Exit(1)\n\t\t\t\treturn\n\t\t\t}\n\n\t\t\tptyReq, winCh, isPty := session.Pty()\n\t\t\tif session.RawCommand() == \"\" && isPty {\n\t\t\t\ts.handlePty(session, ptyReq, winCh)\n\t\t\t} else {\n\t\t\t\ts.handleNonPty(session)\n\t\t\t}\n\t\t},\n\t\tChannelHandlers: map[string]ssh.ChannelHandler{\n\t\t\t\"session\": ssh.DefaultSessionHandler,\n\t\t\t\"direct-tcpip\": ssh.DirectTCPIPHandler,\n\t\t\t\"direct-streamlocal@openssh.com\": directStreamLocalHandler,\n\t\t},\n\t\tRequestHandlers: map[string]ssh.RequestHandler{\n\t\t\t\"tcpip-forward\": forwardedTCPHandler.HandleSSHRequest,\n\t\t\t\"cancel-tcpip-forward\": forwardedTCPHandler.HandleSSHRequest,\n\t\t\t\"streamlocal-forward@openssh.com\": unixForwardHandler.HandleSSHRequest,\n\t\t\t\"cancel-streamlocal-forward@openssh.com\": unixForwardHandler.HandleSSHRequest,\n\t\t},\n\t\tSubsystemHandlers: map[string]ssh.SubsystemHandler{\n\t\t\t\"sftp\": s.sftpHandler,\n\t\t},\n\t\tLocalPortForwardingCallback: ssh.LocalPortForwardingCallback(func(ctx ssh.Context, dhost string, dport uint32) bool {\n\t\t\treturn true\n\t\t}),\n\t\tReversePortForwardingCallback: ssh.ReversePortForwardingCallback(func(ctx ssh.Context, host string, port uint32) bool {\n\t\t\treturn true\n\t\t}),\n\t\tSessionRequestCallback: func(sess ssh.Session, requestType string) bool {\n\t\t\treturn true\n\t\t},\n\t}\n\n\ts.logger.Info(\"Starting ssh server\", \"port\", config.SSH_PORT)\n\treturn sshServer.ListenAndServe()\n}\n\nfunc (s *Server) handlePty(session ssh.Session, ptyReq ssh.Pty, winCh <-chan ssh.Window) {\n\tdir := s.workDir\n\n\tif _, err := os.Stat(s.workDir); os.IsNotExist(err) {\n\t\tdir = s.defaultWorkDir\n\t}\n\n\tenv := []string{}\n\n\tif ssh.AgentRequested(session) {\n\t\tl, err := ssh.NewAgentListener()\n\t\tif err != nil {\n\t\t\ts.logger.Error(\"Failed to start agent listener\", \"error\", err)\n\t\t\treturn\n\t\t}\n\t\tdefer l.Close()\n\t\tgo ssh.ForwardAgentConnections(l, session)\n\t\tenv = append(env, fmt.Sprintf(\"%s=%s\", \"SSH_AUTH_SOCK\", l.Addr().String()))\n\t}\n\n\tsizeCh := make(chan common.TTYSize)\n\n\tgo func() {\n\t\tfor win := range winCh {\n\t\t\tsizeCh <- common.TTYSize{\n\t\t\t\tHeight: win.Height,\n\t\t\t\tWidth: win.Width,\n\t\t\t}\n\t\t}\n\t}()\n\n\terr := common.SpawnTTY(common.SpawnTTYOptions{\n\t\tDir: dir,\n\t\tStdIn: session,\n\t\tStdOut: session,\n\t\tTerm: ptyReq.Term,\n\t\tEnv: env,\n\t\tSizeCh: sizeCh,\n\t})\n\n\tif err != nil {\n\t\t// Debug log here because this gets called on each ssh \"exit\"\n\t\t// TODO: Find a better way to handle this\n\t\ts.logger.Debug(\"Failed to spawn tty\", \"error\", err)\n\t\treturn\n\t}\n}\n\nfunc (s *Server) handleNonPty(session ssh.Session) {\n\targs := []string{}\n\tif len(session.Command()) > 0 {\n\t\targs = append([]string{\"-c\"}, session.RawCommand())\n\t}\n\n\tcmd := exec.Command(\"/bin/sh\", args...)\n\n\tcmd.Env = append(cmd.Env, os.Environ()...)\n\n\tif ssh.AgentRequested(session) {\n\t\tl, err := ssh.NewAgentListener()\n\t\tif err != nil {\n\t\t\ts.logger.Error(\"Failed to start agent listener\", \"error\", err)\n\t\t\treturn\n\t\t}\n\t\tdefer l.Close()\n\t\tgo ssh.ForwardAgentConnections(l, session)\n\t\tcmd.Env = append(cmd.Env, fmt.Sprintf(\"%s=%s\", \"SSH_AUTH_SOCK\", l.Addr().String()))\n\t}\n\n\tcmd.Dir = s.workDir\n\tif _, err := os.Stat(s.workDir); os.IsNotExist(err) {\n\t\tcmd.Dir = s.defaultWorkDir\n\t}\n\n\tcmd.Stdout = session\n\tcmd.Stderr = session.Stderr()\n\tstdinPipe, err := cmd.StdinPipe()\n\tif err != nil {\n\t\ts.logger.Error(\"Unable to setup stdin for session\", \"error\", err)\n\t\treturn\n\t}\n\tgo func() {\n\t\t_, err := io.Copy(stdinPipe, session)\n\t\tif err != nil {\n\t\t\ts.logger.Error(\"Unable to read from session\", \"error\", err)\n\t\t\treturn\n\t\t}\n\t\t_ = stdinPipe.Close()\n\t}()\n\n\terr = cmd.Start()\n\tif err != nil {\n\t\ts.logger.Error(\"Unable to start command\", \"error\", err)\n\t\treturn\n\t}\n\tsigs := make(chan ssh.Signal, 1)\n\tsession.Signals(sigs)\n\tdefer func() {\n\t\tsession.Signals(nil)\n\t\tclose(sigs)\n\t}()\n\tgo func() {\n\t\tfor sig := range sigs {\n\t\t\tsignal := s.osSignalFrom(sig)\n\t\t\terr := cmd.Process.Signal(signal)\n\t\t\tif err != nil {\n\t\t\t\ts.logger.Warn(\"Unable to send signal to process\", \"error\", err)\n\t\t\t}\n\t\t}\n\t}()\n\terr = cmd.Wait()\n\n\tif err != nil {\n\t\ts.logger.Info(\"Command exited\", \"command\", session.RawCommand(), \"error\", err)\n\t\tsession.Exit(127)\n\t\treturn\n\t}\n\n\terr = session.Exit(0)\n\tif err != nil {\n\t\ts.logger.Warn(\"Unable to exit session\", \"error\", err)\n\t}\n}\n\nfunc (s *Server) osSignalFrom(sig ssh.Signal) os.Signal {\n\tswitch sig {\n\tcase ssh.SIGABRT:\n\t\treturn unix.SIGABRT\n\tcase ssh.SIGALRM:\n\t\treturn unix.SIGALRM\n\tcase ssh.SIGFPE:\n\t\treturn unix.SIGFPE\n\tcase ssh.SIGHUP:\n\t\treturn unix.SIGHUP\n\tcase ssh.SIGILL:\n\t\treturn unix.SIGILL\n\tcase ssh.SIGINT:\n\t\treturn unix.SIGINT\n\tcase ssh.SIGKILL:\n\t\treturn unix.SIGKILL\n\tcase ssh.SIGPIPE:\n\t\treturn unix.SIGPIPE\n\tcase ssh.SIGQUIT:\n\t\treturn unix.SIGQUIT\n\tcase ssh.SIGSEGV:\n\t\treturn unix.SIGSEGV\n\tcase ssh.SIGTERM:\n\t\treturn unix.SIGTERM\n\tcase ssh.SIGUSR1:\n\t\treturn unix.SIGUSR1\n\tcase ssh.SIGUSR2:\n\t\treturn unix.SIGUSR2\n\n\t// Unhandled, use sane fallback.\n\tdefault:\n\t\treturn unix.SIGKILL\n\t}\n}\n\nfunc (s *Server) sftpHandler(session ssh.Session) {\n\tdebugStream := io.Discard\n\tserverOptions := []sftp.ServerOption{\n\t\tsftp.WithDebug(debugStream),\n\t}\n\tserver, err := sftp.NewServer(\n\t\tsession,\n\t\tserverOptions...,\n\t)\n\tif err != nil {\n\t\ts.logger.Error(\"sftp server init error\", \"error\", err)\n\t\treturn\n\t}\n\tif err := server.Serve(); err == io.EOF {\n\t\tserver.Close()\n\t} else if err != nil {\n\t\ts.logger.Error(\"sftp server completed with error\", \"error\", err)\n\t}\n}\n" }, { "path": "apps/daemon/pkg/ssh/unix_forward.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage ssh\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"io/fs\"\n\t\"log/slog\"\n\t\"net\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"sync\"\n\t\"syscall\"\n\n\t\"github.com/gliderlabs/ssh\"\n\tgossh \"golang.org/x/crypto/ssh\"\n)\n\n// streamLocalForwardPayload describes the extra data sent in a\n// streamlocal-forward@openssh.com containing the socket path to bind to.\ntype streamLocalForwardPayload struct {\n\tSocketPath string\n}\n\n// forwardedStreamLocalPayload describes the data sent as the payload in the new\n// channel request when a Unix connection is accepted by the listener.\ntype forwardedStreamLocalPayload struct {\n\tSocketPath string\n\tReserved uint32\n}\n\n// forwardedUnixHandler is a clone of ssh.ForwardedTCPHandler that does\n// streamlocal forwarding (aka. unix forwarding) instead of TCP forwarding.\ntype forwardedUnixHandler struct {\n\tsync.Mutex\n\tforwards map[forwardKey]net.Listener\n}\n\ntype forwardKey struct {\n\tsessionID string\n\taddr string\n}\n\nfunc newForwardedUnixHandler() *forwardedUnixHandler {\n\treturn &forwardedUnixHandler{\n\t\tforwards: make(map[forwardKey]net.Listener),\n\t}\n}\n\nfunc (h *forwardedUnixHandler) HandleSSHRequest(ctx ssh.Context, _ *ssh.Server, req *gossh.Request) (bool, []byte) {\n\tslog.Debug(\"handling SSH unix forward\")\n\tconn, ok := ctx.Value(ssh.ContextKeyConn).(*gossh.ServerConn)\n\tif !ok {\n\t\tslog.Warn(\"SSH unix forward request from client with no gossh connection\")\n\t\treturn false, nil\n\t}\n\n\tswitch req.Type {\n\tcase \"streamlocal-forward@openssh.com\":\n\t\tvar reqPayload streamLocalForwardPayload\n\t\terr := gossh.Unmarshal(req.Payload, &reqPayload)\n\t\tif err != nil {\n\t\t\tslog.Warn(\"parse streamlocal-forward@openssh.com request (SSH unix forward) payload from client\", \"error\", err)\n\t\t\treturn false, nil\n\t\t}\n\n\t\taddr := reqPayload.SocketPath\n\t\tslog.Debug(\"request begin SSH unix forward\", \"socketPath\", addr)\n\n\t\tkey := forwardKey{\n\t\t\tsessionID: ctx.SessionID(),\n\t\t\taddr: addr,\n\t\t}\n\n\t\th.Lock()\n\t\t_, ok := h.forwards[key]\n\t\th.Unlock()\n\t\tif ok {\n\t\t\t// In cases where `ExitOnForwardFailure=yes` is set, returning false\n\t\t\t// here will cause the connection to be closed. To avoid this, and\n\t\t\t// to match OpenSSH behavior, we silently ignore the second forward\n\t\t\t// request.\n\t\t\tslog.Warn(\"SSH unix forward request for socket path that is already being forwarded on this session, ignoring\", \"socketPath\", addr)\n\t\t\treturn true, nil\n\t\t}\n\n\t\t// Create socket parent dir if not exists.\n\t\tparentDir := filepath.Dir(addr)\n\t\terr = os.MkdirAll(parentDir, 0o700)\n\t\tif err != nil {\n\t\t\tslog.Error(\"failed to create parent directory for unix socket\", \"error\", err)\n\t\t\treturn false, nil\n\t\t}\n\n\t\t// Remove existing socket if it exists. We do not use os.Remove() here\n\t\t// so that directories are kept. Note that it's possible that we will\n\t\t// overwrite a regular file here. Both of these behaviors match OpenSSH,\n\t\t// however, which is why we unlink.\n\t\terr = unlink(addr)\n\t\tif err != nil && !errors.Is(err, fs.ErrNotExist) {\n\t\t\tslog.Warn(\"remove existing socket for SSH unix forward request\", \"socketPath\", addr, \"error\", err)\n\t\t\treturn false, nil\n\t\t}\n\n\t\tlc := &net.ListenConfig{}\n\t\tln, err := lc.Listen(ctx, \"unix\", addr)\n\t\tif err != nil {\n\t\t\tslog.Warn(\"listen on Unix socket for SSH unix forward request\", \"socketPath\", addr, \"error\", err)\n\t\t\treturn false, nil\n\t\t}\n\t\tslog.Debug(\"SSH unix forward listening on socket\", \"socketPath\", addr)\n\n\t\t// The listener needs to successfully start before it can be added to\n\t\t// the map, so we don't have to worry about checking for an existing\n\t\t// listener.\n\t\t//\n\t\t// This is also what the upstream TCP version of this code does.\n\t\th.Lock()\n\t\th.forwards[key] = ln\n\t\th.Unlock()\n\t\tslog.Debug(\"SSH unix forward added to cache\", \"socketPath\", addr)\n\n\t\tctx, cancel := context.WithCancel(ctx)\n\t\tgo func() {\n\t\t\t<-ctx.Done()\n\t\t\t_ = ln.Close()\n\t\t}()\n\t\tgo func() {\n\t\t\tdefer cancel()\n\n\t\t\tfor {\n\t\t\t\tc, err := ln.Accept()\n\t\t\t\tif err != nil {\n\t\t\t\t\tif !errors.Is(err, net.ErrClosed) {\n\t\t\t\t\t\tslog.Warn(\"accept on local Unix socket for SSH unix forward request\", \"socketPath\", addr, \"error\", err)\n\t\t\t\t\t}\n\t\t\t\t\t// closed below\n\t\t\t\t\tslog.Debug(\"SSH unix forward listener closed\", \"socketPath\", addr)\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t\tslog.Debug(\"accepted SSH unix forward connection\", \"socketPath\", addr)\n\t\t\t\tpayload := gossh.Marshal(&forwardedStreamLocalPayload{\n\t\t\t\t\tSocketPath: addr,\n\t\t\t\t})\n\n\t\t\t\tgo func() {\n\t\t\t\t\tch, reqs, err := conn.OpenChannel(\"forwarded-streamlocal@openssh.com\", payload)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\tslog.Warn(\"open SSH unix forward channel to client\", \"socketPath\", addr, \"error\", err)\n\t\t\t\t\t\t_ = c.Close()\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\t\t\t\t\tgo gossh.DiscardRequests(reqs)\n\t\t\t\t\tBicopy(ctx, ch, c)\n\t\t\t\t}()\n\t\t\t}\n\n\t\t\th.Lock()\n\t\t\tif ln2, ok := h.forwards[key]; ok && ln2 == ln {\n\t\t\t\tdelete(h.forwards, key)\n\t\t\t}\n\t\t\th.Unlock()\n\t\t\tslog.Debug(\"SSH unix forward listener removed from cache\", \"socketPath\", addr)\n\t\t\t_ = ln.Close()\n\t\t}()\n\n\t\treturn true, nil\n\n\tcase \"cancel-streamlocal-forward@openssh.com\":\n\t\tvar reqPayload streamLocalForwardPayload\n\t\terr := gossh.Unmarshal(req.Payload, &reqPayload)\n\t\tif err != nil {\n\t\t\tslog.Warn(\"parse cancel-streamlocal-forward@openssh.com (SSH unix forward) request payload from client\", \"error\", err)\n\t\t\treturn false, nil\n\t\t}\n\t\tslog.Debug(\"request to cancel SSH unix forward\", \"socketPath\", reqPayload.SocketPath)\n\n\t\tkey := forwardKey{\n\t\t\tsessionID: ctx.SessionID(),\n\t\t\taddr: reqPayload.SocketPath,\n\t\t}\n\n\t\th.Lock()\n\t\tln, ok := h.forwards[key]\n\t\tdelete(h.forwards, key)\n\t\th.Unlock()\n\t\tif !ok {\n\t\t\tslog.Warn(\"SSH unix forward not found in cache\", \"socketPath\", reqPayload.SocketPath)\n\t\t\treturn true, nil\n\t\t}\n\t\t_ = ln.Close()\n\t\treturn true, nil\n\n\tdefault:\n\t\treturn false, nil\n\t}\n}\n\n// directStreamLocalPayload describes the extra data sent in a\n// direct-streamlocal@openssh.com channel request containing the socket path.\ntype directStreamLocalPayload struct {\n\tSocketPath string\n\n\tReserved1 string\n\tReserved2 uint32\n}\n\nfunc directStreamLocalHandler(_ *ssh.Server, _ *gossh.ServerConn, newChan gossh.NewChannel, ctx ssh.Context) {\n\tvar reqPayload directStreamLocalPayload\n\terr := gossh.Unmarshal(newChan.ExtraData(), &reqPayload)\n\tif err != nil {\n\t\t_ = newChan.Reject(gossh.ConnectionFailed, \"could not parse direct-streamlocal@openssh.com channel payload\")\n\t\treturn\n\t}\n\n\tvar dialer net.Dialer\n\tdconn, err := dialer.DialContext(ctx, \"unix\", reqPayload.SocketPath)\n\tif err != nil {\n\t\t_ = newChan.Reject(gossh.ConnectionFailed, fmt.Sprintf(\"dial unix socket %q: %+v\", reqPayload.SocketPath, err.Error()))\n\t\treturn\n\t}\n\n\tch, reqs, err := newChan.Accept()\n\tif err != nil {\n\t\t_ = dconn.Close()\n\t\treturn\n\t}\n\tgo gossh.DiscardRequests(reqs)\n\n\tBicopy(ctx, ch, dconn)\n}\n\n// unlink removes files and unlike os.Remove, directories are kept.\nfunc unlink(path string) error {\n\t// Ignore EINTR like os.Remove, see ignoringEINTR in os/file_posix.go\n\t// for more details.\n\tfor {\n\t\terr := syscall.Unlink(path)\n\t\tif !errors.Is(err, syscall.EINTR) {\n\t\t\treturn err\n\t\t}\n\t}\n}\n\n// Bicopy copies all of the data between the two connections and will close them\n// after one or both of them are done writing. If the context is canceled, both\n// of the connections will be closed.\nfunc Bicopy(ctx context.Context, c1, c2 io.ReadWriteCloser) {\n\tctx, cancel := context.WithCancel(ctx)\n\tdefer cancel()\n\n\tdefer func() {\n\t\t_ = c1.Close()\n\t\t_ = c2.Close()\n\t}()\n\n\tvar wg sync.WaitGroup\n\tcopyFunc := func(dst io.WriteCloser, src io.Reader) {\n\t\tdefer func() {\n\t\t\twg.Done()\n\t\t\t// If one side of the copy fails, ensure the other one exits as\n\t\t\t// well.\n\t\t\tcancel()\n\t\t}()\n\t\t_, _ = io.Copy(dst, src)\n\t}\n\n\twg.Add(2)\n\tgo copyFunc(c1, c2)\n\tgo copyFunc(c2, c1)\n\n\t// Convert waitgroup to a channel so we can also wait on the context.\n\tdone := make(chan struct{})\n\tgo func() {\n\t\tdefer close(done)\n\t\twg.Wait()\n\t}()\n\n\tselect {\n\tcase <-ctx.Done():\n\tcase <-done:\n\t}\n}\n" }, { "path": "apps/daemon/pkg/terminal/assets.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage terminal\n\nimport \"embed\"\n\n//go:embed static\nvar static embed.FS\n" }, { "path": "apps/daemon/pkg/terminal/decoder.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage terminal\n\nimport (\n\t\"bytes\"\n\t\"unicode/utf8\"\n)\n\ntype UTF8Decoder struct {\n\tbuffer []byte\n}\n\nfunc NewUTF8Decoder() *UTF8Decoder {\n\treturn &UTF8Decoder{\n\t\tbuffer: make([]byte, 0, 1024),\n\t}\n}\n\n// Write appends new data to the internal buffer and decodes valid UTF-8 runes.\n// It returns the decoded string. Any incomplete bytes are kept for the next call.\nfunc (d *UTF8Decoder) Write(data []byte) string {\n\t// Combine buffer + new data\n\tdata = append(d.buffer, data...)\n\tvar output bytes.Buffer\n\n\ti := 0\n\tfor i < len(data) {\n\t\tr, size := utf8.DecodeRune(data[i:])\n\t\tif r == utf8.RuneError {\n\t\t\tif size == 1 {\n\t\t\t\t// Could be incomplete rune at the end\n\t\t\t\tremaining := len(data) - i\n\t\t\t\tif remaining < utf8.UTFMax {\n\t\t\t\t\t// Buffer the remaining bytes for next call\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t\t// Otherwise, it's an invalid byte, emit replacement and advance by 1\n\t\t\t\toutput.WriteRune(r)\n\t\t\t\ti++\n\t\t\t\tcontinue\n\t\t\t}\n\t\t}\n\t\toutput.WriteRune(r)\n\t\ti += size\n\t}\n\n\t// Save leftover bytes (possibly an incomplete rune)\n\td.buffer = d.buffer[:0]\n\tif i < len(data) {\n\t\td.buffer = append(d.buffer, data[i:]...)\n\t}\n\n\treturn output.String()\n}\n" }, { "path": "apps/daemon/pkg/terminal/server.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage terminal\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"io/fs\"\n\t\"log\"\n\t\"net/http\"\n\n\t\"github.com/daytonaio/daemon/pkg/common\"\n\t\"github.com/gorilla/websocket\"\n)\n\nvar upgrader = websocket.Upgrader{\n\tCheckOrigin: func(r *http.Request) bool {\n\t\treturn true // Be careful with this in production\n\t},\n}\n\ntype windowSize struct {\n\tRows uint16 `json:\"rows\"`\n\tCols uint16 `json:\"cols\"`\n}\n\nfunc StartTerminalServer(port int) error {\n\t// Prepare the embedded frontend files\n\t// Serve the files from the embedded filesystem\n\tstaticFS, err := fs.Sub(static, \"static\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\thttp.Handle(\"/\", http.FileServer(http.FS(staticFS)))\n\thttp.HandleFunc(\"/ws\", handleWebSocket)\n\n\taddr := fmt.Sprintf(\":%d\", port)\n\tlog.Printf(\"Starting terminal server on http://localhost%s\", addr)\n\treturn http.ListenAndServe(addr, nil)\n}\n\nfunc handleWebSocket(w http.ResponseWriter, r *http.Request) {\n\tconn, err := upgrader.Upgrade(w, r, nil)\n\tif err != nil {\n\t\tlog.Printf(\"Failed to upgrade connection: %v\", err)\n\t\treturn\n\t}\n\tdefer conn.Close()\n\n\t// Create a new UTF8Decoder instance for this connection\n\tdecoder := NewUTF8Decoder()\n\n\tsizeCh := make(chan common.TTYSize)\n\tstdInReader, stdInWriter := io.Pipe()\n\tstdOutReader, stdOutWriter := io.Pipe()\n\n\t// Handle websocket -> pty\n\tgo func() {\n\t\tfor {\n\t\t\tmessageType, p, err := conn.ReadMessage()\n\t\t\tif err != nil {\n\t\t\t\treturn\n\t\t\t}\n\n\t\t\t// Check if it's a resize message\n\t\t\tif messageType == websocket.TextMessage {\n\t\t\t\tvar size windowSize\n\t\t\t\tif err := json.Unmarshal(p, &size); err == nil {\n\t\t\t\t\tsizeCh <- common.TTYSize{\n\t\t\t\t\t\tHeight: int(size.Rows),\n\t\t\t\t\t\tWidth: int(size.Cols),\n\t\t\t\t\t}\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// Write to pty\n\t\t\t_, err = stdInWriter.Write(p)\n\t\t\tif err != nil {\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\t}()\n\n\tgo func() {\n\t\t// Handle pty -> websocket\n\t\tbuf := make([]byte, 1024)\n\t\tfor {\n\t\t\tn, err := stdOutReader.Read(buf)\n\t\t\tif err != nil {\n\t\t\t\tif err != io.EOF {\n\t\t\t\t\tlog.Printf(\"Failed to read from pty: %v\", err)\n\t\t\t\t}\n\t\t\t\treturn\n\t\t\t}\n\n\t\t\t// A multi-byte UTF-8 character can be split across stream reads.\n\t\t\t// UTF8Decoder buffers incomplete sequences to ensure proper decoding.\n\t\t\tdecoded := decoder.Write(buf[:n])\n\n\t\t\terr = conn.WriteMessage(websocket.TextMessage, []byte(decoded))\n\t\t\tif err != nil {\n\t\t\t\tlog.Printf(\"Failed to write to websocket: %v\", err)\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\t}()\n\n\t// Create a pty\n\terr = common.SpawnTTY(common.SpawnTTYOptions{\n\t\tDir: \"/\",\n\t\tStdIn: stdInReader,\n\t\tStdOut: stdOutWriter,\n\t\tTerm: \"xterm-256color\",\n\t\tSizeCh: sizeCh,\n\t})\n\tif err != nil {\n\t\tlog.Printf(\"Failed to start pty: %v\", err)\n\t\treturn\n\t}\n}\n" }, { "path": "apps/daemon/pkg/terminal/static/index.html", "content": "\n\n \n Web Terminal\n \n \n \n \n \n \n
\n \n \n\n" }, { "path": "apps/daemon/pkg/toolbox/computeruse/disabled_middleware.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage computeruse\n\nimport (\n\t\"net/http\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// computerUseDisabledMiddleware returns a middleware that handles requests when computer-use is disabled\nfunc ComputerUseDisabledMiddleware() gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tc.JSON(http.StatusServiceUnavailable, gin.H{\n\t\t\t\"message\": \"Computer-use functionality is not available\",\n\t\t\t\"details\": \"The computer-use plugin failed to initialize due to missing dependencies in the runtime environment.\",\n\t\t\t\"solution\": \"Install the required X11 dependencies (x11-apps, xvfb, etc.) to enable computer-use functionality. Check the daemon logs for specific error details.\",\n\t\t})\n\t\tc.Abort()\n\t}\n}\n" }, { "path": "apps/daemon/pkg/toolbox/computeruse/handler.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage computeruse\n\nimport (\n\t\"fmt\"\n\t\"github.com/gin-gonic/gin\"\n\t\"net/http\"\n)\n\ntype Handler struct {\n\tComputerUse IComputerUse\n}\n\n// StartComputerUse godoc\n//\n//\t@Summary\t\tStart computer use processes\n//\t@Description\tStart all computer use processes and return their status\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tComputerUseStartResponse\n//\t@Router\t\t\t/computeruse/start [post]\n//\n//\t@id\t\t\t\tStartComputerUse\nfunc (h *Handler) StartComputerUse(ctx *gin.Context) {\n\t_, err := h.ComputerUse.Start()\n\tif err != nil {\n\t\tctx.JSON(http.StatusServiceUnavailable, gin.H{\n\t\t\t\"error\": \"Failed to start computer use\",\n\t\t\t\"details\": err.Error(),\n\t\t})\n\t\treturn\n\t}\n\n\tstatus, err := h.ComputerUse.GetProcessStatus()\n\tif err != nil {\n\t\tctx.JSON(http.StatusServiceUnavailable, gin.H{\n\t\t\t\"error\": \"Failed to get computer use status\",\n\t\t\t\"details\": err.Error(),\n\t\t})\n\t\treturn\n\t}\n\n\tctx.JSON(http.StatusOK, gin.H{\n\t\t\"message\": \"Computer use processes started successfully\",\n\t\t\"status\": status,\n\t})\n}\n\n// StopComputerUse godoc\n//\n//\t@Summary\t\tStop computer use processes\n//\t@Description\tStop all computer use processes and return their status\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tComputerUseStopResponse\n//\t@Router\t\t\t/computeruse/stop [post]\n//\n//\t@id\t\t\t\tStopComputerUse\nfunc (h *Handler) StopComputerUse(ctx *gin.Context) {\n\t_, err := h.ComputerUse.Stop()\n\tif err != nil {\n\t\tctx.JSON(http.StatusServiceUnavailable, gin.H{\n\t\t\t\"error\": \"Failed to stop computer use\",\n\t\t\t\"details\": err.Error(),\n\t\t})\n\t\treturn\n\t}\n\n\tstatus, err := h.ComputerUse.GetProcessStatus()\n\tif err != nil {\n\t\tctx.JSON(http.StatusServiceUnavailable, gin.H{\n\t\t\t\"error\": \"Failed to get computer use status\",\n\t\t\t\"details\": err.Error(),\n\t\t})\n\t\treturn\n\t}\n\tctx.JSON(http.StatusOK, gin.H{\n\t\t\"message\": \"Computer use processes stopped successfully\",\n\t\t\"status\": status,\n\t})\n}\n\n// GetComputerUseStatus godoc\n//\n//\t@Summary\t\tGet computer use process status\n//\t@Description\tGet the status of all computer use processes\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tComputerUseStatusResponse\n//\t@Router\t\t\t/computeruse/process-status [get]\n//\n//\t@id\t\t\t\tGetComputerUseStatus\nfunc (h *Handler) GetComputerUseStatus(ctx *gin.Context) {\n\tstatus, err := h.ComputerUse.GetStatus()\n\tif err != nil {\n\t\tctx.JSON(http.StatusServiceUnavailable, gin.H{\n\t\t\t\"error\": \"Failed to get computer use status\",\n\t\t\t\"details\": err.Error(),\n\t\t})\n\t\treturn\n\t}\n\tif status == nil {\n\t\tctx.JSON(http.StatusOK, gin.H{\n\t\t\t\"status\": \"unknown\",\n\t\t})\n\t\treturn\n\t}\n\tctx.JSON(http.StatusOK, *status)\n}\n\n// GetProcessStatus godoc\n//\n//\t@Summary\t\tGet specific process status\n//\t@Description\tCheck if a specific computer use process is running\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Param\t\t\tprocessName\tpath\t\tstring\ttrue\t\"Process name to check\"\n//\t@Success\t\t200\t\t\t{object}\tProcessStatusResponse\n//\t@Router\t\t\t/computeruse/process/{processName}/status [get]\n//\n//\t@id\t\t\t\tGetProcessStatus\nfunc (h *Handler) GetProcessStatus(ctx *gin.Context) {\n\tprocessName := ctx.Param(\"processName\")\n\treq := &ProcessRequest{\n\t\tProcessName: processName,\n\t}\n\tisRunning, err := h.ComputerUse.IsProcessRunning(req)\n\tif err != nil {\n\t\tctx.JSON(http.StatusServiceUnavailable, gin.H{\n\t\t\t\"error\": \"Failed to get process status\",\n\t\t\t\"details\": err.Error(),\n\t\t})\n\t\treturn\n\t}\n\n\tctx.JSON(http.StatusOK, gin.H{\n\t\t\"processName\": processName,\n\t\t\"running\": isRunning,\n\t})\n}\n\n// RestartProcess godoc\n//\n//\t@Summary\t\tRestart specific process\n//\t@Description\tRestart a specific computer use process\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Param\t\t\tprocessName\tpath\t\tstring\ttrue\t\"Process name to restart\"\n//\t@Success\t\t200\t\t\t{object}\tProcessRestartResponse\n//\t@Router\t\t\t/computeruse/process/{processName}/restart [post]\n//\n//\t@id\t\t\t\tRestartProcess\nfunc (h *Handler) RestartProcess(ctx *gin.Context) {\n\tprocessName := ctx.Param(\"processName\")\n\treq := &ProcessRequest{\n\t\tProcessName: processName,\n\t}\n\t_, err := h.ComputerUse.RestartProcess(req)\n\n\tif err != nil {\n\t\tctx.JSON(http.StatusBadRequest, gin.H{\n\t\t\t\"error\": err.Error(),\n\t\t})\n\t\treturn\n\t}\n\n\tctx.JSON(http.StatusOK, gin.H{\n\t\t\"message\": fmt.Sprintf(\"Process %s restarted successfully\", processName),\n\t\t\"processName\": processName,\n\t})\n}\n\n// GetProcessLogs godoc\n//\n//\t@Summary\t\tGet process logs\n//\t@Description\tGet logs for a specific computer use process\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Param\t\t\tprocessName\tpath\t\tstring\ttrue\t\"Process name to get logs for\"\n//\t@Success\t\t200\t\t\t{object}\tProcessLogsResponse\n//\t@Router\t\t\t/computeruse/process/{processName}/logs [get]\n//\n//\t@id\t\t\t\tGetProcessLogs\nfunc (h *Handler) GetProcessLogs(ctx *gin.Context) {\n\tprocessName := ctx.Param(\"processName\")\n\treq := &ProcessRequest{\n\t\tProcessName: processName,\n\t}\n\tlogs, err := h.ComputerUse.GetProcessLogs(req)\n\n\tif err != nil {\n\t\tctx.JSON(http.StatusBadRequest, gin.H{\n\t\t\t\"error\": err.Error(),\n\t\t})\n\t\treturn\n\t}\n\n\tctx.JSON(http.StatusOK, gin.H{\n\t\t\"processName\": processName,\n\t\t\"logs\": logs,\n\t})\n}\n\n// GetProcessErrors godoc\n//\n//\t@Summary\t\tGet process errors\n//\t@Description\tGet errors for a specific computer use process\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Param\t\t\tprocessName\tpath\t\tstring\ttrue\t\"Process name to get errors for\"\n//\t@Success\t\t200\t\t\t{object}\tProcessErrorsResponse\n//\t@Router\t\t\t/computeruse/process/{processName}/errors [get]\n//\n//\t@id\t\t\t\tGetProcessErrors\nfunc (h *Handler) GetProcessErrors(ctx *gin.Context) {\n\tprocessName := ctx.Param(\"processName\")\n\treq := &ProcessRequest{\n\t\tProcessName: processName,\n\t}\n\terrors, err := h.ComputerUse.GetProcessErrors(req)\n\n\tif err != nil {\n\t\tctx.JSON(http.StatusBadRequest, gin.H{\n\t\t\t\"error\": err.Error(),\n\t\t})\n\t\treturn\n\t}\n\n\tctx.JSON(http.StatusOK, gin.H{\n\t\t\"processName\": processName,\n\t\t\"errors\": errors,\n\t})\n}\n" }, { "path": "apps/daemon/pkg/toolbox/computeruse/interface.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage computeruse\n\nimport (\n\t\"net/http\"\n\t\"net/rpc\"\n\t\"strconv\"\n\n\t\"github.com/gin-gonic/gin\"\n\t\"github.com/hashicorp/go-plugin\"\n)\n\n// PluginInterface defines the interface that the computeruse plugin must implement\ntype IComputerUse interface {\n\t// Process management\n\tInitialize() (*Empty, error)\n\tStart() (*Empty, error)\n\tStop() (*Empty, error)\n\tGetProcessStatus() (map[string]ProcessStatus, error)\n\tIsProcessRunning(req *ProcessRequest) (bool, error)\n\tRestartProcess(req *ProcessRequest) (*Empty, error)\n\tGetProcessLogs(req *ProcessRequest) (string, error)\n\tGetProcessErrors(req *ProcessRequest) (string, error)\n\n\t// Screenshot methods\n\tTakeScreenshot(*ScreenshotRequest) (*ScreenshotResponse, error)\n\tTakeRegionScreenshot(*RegionScreenshotRequest) (*ScreenshotResponse, error)\n\tTakeCompressedScreenshot(*CompressedScreenshotRequest) (*ScreenshotResponse, error)\n\tTakeCompressedRegionScreenshot(*CompressedRegionScreenshotRequest) (*ScreenshotResponse, error)\n\n\t// Mouse control methods\n\tGetMousePosition() (*MousePositionResponse, error)\n\tMoveMouse(*MouseMoveRequest) (*MousePositionResponse, error)\n\tClick(*MouseClickRequest) (*MouseClickResponse, error)\n\tDrag(*MouseDragRequest) (*MouseDragResponse, error)\n\tScroll(*MouseScrollRequest) (*ScrollResponse, error)\n\n\t// Keyboard control methods\n\tTypeText(*KeyboardTypeRequest) (*Empty, error)\n\tPressKey(*KeyboardPressRequest) (*Empty, error)\n\tPressHotkey(*KeyboardHotkeyRequest) (*Empty, error)\n\n\t// Display info methods\n\tGetDisplayInfo() (*DisplayInfoResponse, error)\n\tGetWindows() (*WindowsResponse, error)\n\n\t// Status method\n\tGetStatus() (*ComputerUseStatusResponse, error)\n}\n\ntype ComputerUsePlugin struct {\n\tImpl IComputerUse\n}\n\n// Common structs for better composition\ntype Position struct {\n\tX int `json:\"x\"`\n\tY int `json:\"y\"`\n} //\t@name\tPosition\n\ntype Size struct {\n\tWidth int `json:\"width\"`\n\tHeight int `json:\"height\"`\n} //\t@name\tSize\n\n// Screenshot parameter structs\ntype ScreenshotRequest struct {\n\tShowCursor bool `json:\"showCursor\"`\n} //\t@name\tScreenshotRequest\n\ntype RegionScreenshotRequest struct {\n\tPosition\n\tSize\n\tShowCursor bool `json:\"showCursor\"`\n} //\t@name\tRegionScreenshotRequest\n\ntype CompressedScreenshotRequest struct {\n\tShowCursor bool `json:\"showCursor\"`\n\tFormat string `json:\"format\"` // \"png\" or \"jpeg\"\n\tQuality int `json:\"quality\"` // 1-100 for JPEG quality\n\tScale float64 `json:\"scale\"` // 0.1-1.0 for scaling down\n} //\t@name\tCompressedScreenshotRequest\n\ntype CompressedRegionScreenshotRequest struct {\n\tPosition\n\tSize\n\tShowCursor bool `json:\"showCursor\"`\n\tFormat string `json:\"format\"` // \"png\" or \"jpeg\"\n\tQuality int `json:\"quality\"` // 1-100 for JPEG quality\n\tScale float64 `json:\"scale\"` // 0.1-1.0 for scaling down\n} //\t@name\tCompressedRegionScreenshotRequest\n\n// Mouse parameter structs\ntype MouseMoveRequest struct {\n\tPosition\n} //\t@name\tMouseMoveRequest\n\ntype MouseClickRequest struct {\n\tPosition\n\tButton string `json:\"button\"` // left, right, middle\n\tDouble bool `json:\"double\"`\n} //\t@name\tMouseClickRequest\n\ntype MouseDragRequest struct {\n\tStartX int `json:\"startX\"`\n\tStartY int `json:\"startY\"`\n\tEndX int `json:\"endX\"`\n\tEndY int `json:\"endY\"`\n\tButton string `json:\"button\"`\n} //\t@name\tMouseDragRequest\n\ntype MouseScrollRequest struct {\n\tPosition\n\tDirection string `json:\"direction\"` // up, down\n\tAmount int `json:\"amount\"`\n} //\t@name\tMouseScrollRequest\n\n// Keyboard parameter structs\ntype KeyboardTypeRequest struct {\n\tText string `json:\"text\"`\n\tDelay int `json:\"delay\"` // milliseconds between keystrokes\n} //\t@name\tKeyboardTypeRequest\n\ntype KeyboardPressRequest struct {\n\tKey string `json:\"key\"`\n\tModifiers []string `json:\"modifiers\"` // ctrl, alt, shift, cmd\n} //\t@name\tKeyboardPressRequest\n\ntype KeyboardHotkeyRequest struct {\n\tKeys string `json:\"keys\"` // e.g., \"ctrl+c\", \"cmd+v\"\n} //\t@name\tKeyboardHotkeyRequest\n\n// Response structs for keyboard operations\ntype ScrollResponse struct {\n\tSuccess bool `json:\"success\"`\n} //\t@name\tScrollResponse\n\n// Response structs\ntype ScreenshotResponse struct {\n\tScreenshot string `json:\"screenshot\"`\n\tCursorPosition *Position `json:\"cursorPosition,omitempty\"`\n\tSizeBytes int `json:\"sizeBytes,omitempty\"`\n} //\t@name\tScreenshotResponse\n\n// Mouse response structs - separated by operation type\ntype MousePositionResponse struct {\n\tPosition\n} //\t@name\tMousePositionResponse\n\ntype MouseClickResponse struct {\n\tPosition\n} //\t@name\tMouseClickResponse\n\ntype MouseDragResponse struct {\n\tPosition // Final position\n} //\t@name\tMouseDragResponse\n\ntype DisplayInfoResponse struct {\n\tDisplays []DisplayInfo `json:\"displays\"`\n} //\t@name\tDisplayInfoResponse\n\ntype DisplayInfo struct {\n\tID int `json:\"id\"`\n\tPosition\n\tSize\n\tIsActive bool `json:\"isActive\"`\n} //\t@name\tDisplayInfo\n\ntype WindowsResponse struct {\n\tWindows []WindowInfo `json:\"windows\"`\n} //\t@name\tWindowsResponse\n\ntype WindowInfo struct {\n\tID int `json:\"id\"`\n\tTitle string `json:\"title\"`\n\tPosition\n\tSize\n\tIsActive bool `json:\"isActive\"`\n} //\t@name\tWindowInfo\n\ntype ComputerUseStatusResponse struct {\n\tStatus string `json:\"status\"`\n} //\t@name\tComputerUseStatusResponse\n\ntype ComputerUseStartResponse struct {\n\tMessage string `json:\"message\"`\n\tStatus map[string]ProcessStatus `json:\"status\"`\n} //\t@name\tComputerUseStartResponse\n\ntype ComputerUseStopResponse struct {\n\tMessage string `json:\"message\"`\n\tStatus map[string]ProcessStatus `json:\"status\"`\n} //\t@name\tComputerUseStopResponse\n\ntype ProcessStatus struct {\n\tRunning bool\n\tPriority int\n\tAutoRestart bool\n\tPid *int\n} //\t@name\tProcessStatus\n\ntype ProcessStatusResponse struct {\n\tProcessName string `json:\"processName\"`\n\tRunning bool `json:\"running\"`\n} //\t@name\tProcessStatusResponse\n\ntype ProcessRestartResponse struct {\n\tMessage string `json:\"message\"`\n\tProcessName string `json:\"processName\"`\n} //\t@name\tProcessRestartResponse\n\ntype ProcessLogsResponse struct {\n\tProcessName string `json:\"processName\"`\n\tLogs string `json:\"logs\"`\n} //\t@name\tProcessLogsResponse\n\ntype ProcessErrorsResponse struct {\n\tProcessName string `json:\"processName\"`\n\tErrors string `json:\"errors\"`\n} //\t@name\tProcessErrorsResponse\n\ntype ProcessRequest struct {\n\tProcessName string\n} //\t@name\tProcessRequest\n\ntype Empty struct{} //\t@name\tEmpty\n\nfunc (p *ComputerUsePlugin) Server(*plugin.MuxBroker) (any, error) {\n\treturn &ComputerUseRPCServer{Impl: p.Impl}, nil\n}\n\nfunc (p *ComputerUsePlugin) Client(b *plugin.MuxBroker, c *rpc.Client) (any, error) {\n\treturn &ComputerUseRPCClient{client: c}, nil\n}\n\n// TakeScreenshot godoc\n//\n//\t@Summary\t\tTake a screenshot\n//\t@Description\tTake a screenshot of the entire screen\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Param\t\t\tshowCursor\tquery\t\tbool\tfalse\t\"Whether to show cursor in screenshot\"\n//\t@Success\t\t200\t\t\t{object}\tScreenshotResponse\n//\t@Router\t\t\t/computeruse/screenshot [get]\n//\n//\t@id\t\t\t\tTakeScreenshot\nfunc WrapScreenshotHandler(fn func(*ScreenshotRequest) (*ScreenshotResponse, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\treq := &ScreenshotRequest{\n\t\t\tShowCursor: c.Query(\"showCursor\") == \"true\",\n\t\t}\n\t\tresponse, err := fn(req)\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// TakeRegionScreenshot godoc\n//\n//\t@Summary\t\tTake a region screenshot\n//\t@Description\tTake a screenshot of a specific region of the screen\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Param\t\t\tx\t\t\tquery\t\tint\t\ttrue\t\"X coordinate of the region\"\n//\t@Param\t\t\ty\t\t\tquery\t\tint\t\ttrue\t\"Y coordinate of the region\"\n//\t@Param\t\t\twidth\t\tquery\t\tint\t\ttrue\t\"Width of the region\"\n//\t@Param\t\t\theight\t\tquery\t\tint\t\ttrue\t\"Height of the region\"\n//\t@Param\t\t\tshowCursor\tquery\t\tbool\tfalse\t\"Whether to show cursor in screenshot\"\n//\t@Success\t\t200\t\t\t{object}\tScreenshotResponse\n//\t@Router\t\t\t/computeruse/screenshot/region [get]\n//\n//\t@id\t\t\t\tTakeRegionScreenshot\nfunc WrapRegionScreenshotHandler(fn func(*RegionScreenshotRequest) (*ScreenshotResponse, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req RegionScreenshotRequest\n\t\tif err := c.ShouldBindQuery(&req); err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"Invalid parameters\"})\n\t\t\treturn\n\t\t}\n\t\treq.ShowCursor = c.Query(\"showCursor\") == \"true\"\n\n\t\tresponse, err := fn(&req)\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// TakeCompressedScreenshot godoc\n//\n//\t@Summary\t\tTake a compressed screenshot\n//\t@Description\tTake a compressed screenshot of the entire screen\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Param\t\t\tshowCursor\tquery\t\tbool\tfalse\t\"Whether to show cursor in screenshot\"\n//\t@Param\t\t\tformat\t\tquery\t\tstring\tfalse\t\"Image format (png or jpeg)\"\n//\t@Param\t\t\tquality\t\tquery\t\tint\t\tfalse\t\"JPEG quality (1-100)\"\n//\t@Param\t\t\tscale\t\tquery\t\tfloat64\tfalse\t\"Scale factor (0.1-1.0)\"\n//\t@Success\t\t200\t\t\t{object}\tScreenshotResponse\n//\t@Router\t\t\t/computeruse/screenshot/compressed [get]\n//\n//\t@id\t\t\t\tTakeCompressedScreenshot\nfunc WrapCompressedScreenshotHandler(fn func(*CompressedScreenshotRequest) (*ScreenshotResponse, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\treq := &CompressedScreenshotRequest{\n\t\t\tShowCursor: c.Query(\"showCursor\") == \"true\",\n\t\t\tFormat: c.Query(\"format\"),\n\t\t\tQuality: 85,\n\t\t\tScale: 1.0,\n\t\t}\n\n\t\t// Parse quality\n\t\tif qualityStr := c.Query(\"quality\"); qualityStr != \"\" {\n\t\t\tif quality, err := strconv.Atoi(qualityStr); err == nil && quality >= 1 && quality <= 100 {\n\t\t\t\treq.Quality = quality\n\t\t\t}\n\t\t}\n\n\t\t// Parse scale\n\t\tif scaleStr := c.Query(\"scale\"); scaleStr != \"\" {\n\t\t\tif scale, err := strconv.ParseFloat(scaleStr, 64); err == nil && scale >= 0.1 && scale <= 1.0 {\n\t\t\t\treq.Scale = scale\n\t\t\t}\n\t\t}\n\n\t\tresponse, err := fn(req)\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// TakeCompressedRegionScreenshot godoc\n//\n//\t@Summary\t\tTake a compressed region screenshot\n//\t@Description\tTake a compressed screenshot of a specific region of the screen\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Param\t\t\tx\t\t\tquery\t\tint\t\ttrue\t\"X coordinate of the region\"\n//\t@Param\t\t\ty\t\t\tquery\t\tint\t\ttrue\t\"Y coordinate of the region\"\n//\t@Param\t\t\twidth\t\tquery\t\tint\t\ttrue\t\"Width of the region\"\n//\t@Param\t\t\theight\t\tquery\t\tint\t\ttrue\t\"Height of the region\"\n//\t@Param\t\t\tshowCursor\tquery\t\tbool\tfalse\t\"Whether to show cursor in screenshot\"\n//\t@Param\t\t\tformat\t\tquery\t\tstring\tfalse\t\"Image format (png or jpeg)\"\n//\t@Param\t\t\tquality\t\tquery\t\tint\t\tfalse\t\"JPEG quality (1-100)\"\n//\t@Param\t\t\tscale\t\tquery\t\tfloat64\tfalse\t\"Scale factor (0.1-1.0)\"\n//\t@Success\t\t200\t\t\t{object}\tScreenshotResponse\n//\t@Router\t\t\t/computeruse/screenshot/region/compressed [get]\n//\n//\t@id\t\t\t\tTakeCompressedRegionScreenshot\nfunc WrapCompressedRegionScreenshotHandler(fn func(*CompressedRegionScreenshotRequest) (*ScreenshotResponse, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req CompressedRegionScreenshotRequest\n\t\tif err := c.ShouldBindQuery(&req); err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"Invalid parameters\"})\n\t\t\treturn\n\t\t}\n\t\treq.ShowCursor = c.Query(\"showCursor\") == \"true\"\n\t\treq.Format = c.Query(\"format\")\n\t\treq.Quality = 85\n\t\treq.Scale = 1.0\n\n\t\t// Parse quality\n\t\tif qualityStr := c.Query(\"quality\"); qualityStr != \"\" {\n\t\t\tif quality, err := strconv.Atoi(qualityStr); err == nil && quality >= 1 && quality <= 100 {\n\t\t\t\treq.Quality = quality\n\t\t\t}\n\t\t}\n\n\t\t// Parse scale\n\t\tif scaleStr := c.Query(\"scale\"); scaleStr != \"\" {\n\t\t\tif scale, err := strconv.ParseFloat(scaleStr, 64); err == nil && scale >= 0.1 && scale <= 1.0 {\n\t\t\t\treq.Scale = scale\n\t\t\t}\n\t\t}\n\n\t\tresponse, err := fn(&req)\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// GetMousePosition godoc\n//\n//\t@Summary\t\tGet mouse position\n//\t@Description\tGet the current mouse cursor position\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tMousePositionResponse\n//\t@Router\t\t\t/computeruse/mouse/position [get]\n//\n//\t@id\t\t\t\tGetMousePosition\nfunc WrapMousePositionHandler(fn func() (*MousePositionResponse, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tresponse, err := fn()\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// MoveMouse godoc\n//\n//\t@Summary\t\tMove mouse cursor\n//\t@Description\tMove the mouse cursor to the specified coordinates\n//\t@Tags\t\t\tcomputer-use\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tMouseMoveRequest\ttrue\t\"Mouse move request\"\n//\t@Success\t\t200\t\t{object}\tMousePositionResponse\n//\t@Router\t\t\t/computeruse/mouse/move [post]\n//\n//\t@id\t\t\t\tMoveMouse\nfunc WrapMoveMouseHandler(fn func(*MouseMoveRequest) (*MousePositionResponse, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req MouseMoveRequest\n\t\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"Invalid coordinates\"})\n\t\t\treturn\n\t\t}\n\n\t\tresponse, err := fn(&req)\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// Click godoc\n//\n//\t@Summary\t\tClick mouse button\n//\t@Description\tClick the mouse button at the specified coordinates\n//\t@Tags\t\t\tcomputer-use\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tMouseClickRequest\ttrue\t\"Mouse click request\"\n//\t@Success\t\t200\t\t{object}\tMouseClickResponse\n//\t@Router\t\t\t/computeruse/mouse/click [post]\n//\n//\t@id\t\t\t\tClick\nfunc WrapClickHandler(fn func(*MouseClickRequest) (*MouseClickResponse, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req MouseClickRequest\n\t\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"Invalid click parameters\"})\n\t\t\treturn\n\t\t}\n\n\t\tresponse, err := fn(&req)\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// Drag godoc\n//\n//\t@Summary\t\tDrag mouse\n//\t@Description\tDrag the mouse from start to end coordinates\n//\t@Tags\t\t\tcomputer-use\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tMouseDragRequest\ttrue\t\"Mouse drag request\"\n//\t@Success\t\t200\t\t{object}\tMouseDragResponse\n//\t@Router\t\t\t/computeruse/mouse/drag [post]\n//\n//\t@id\t\t\t\tDrag\nfunc WrapDragHandler(fn func(*MouseDragRequest) (*MouseDragResponse, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req MouseDragRequest\n\t\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"Invalid drag parameters\"})\n\t\t\treturn\n\t\t}\n\n\t\tresponse, err := fn(&req)\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// Scroll godoc\n//\n//\t@Summary\t\tScroll mouse wheel\n//\t@Description\tScroll the mouse wheel at the specified coordinates\n//\t@Tags\t\t\tcomputer-use\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tMouseScrollRequest\ttrue\t\"Mouse scroll request\"\n//\t@Success\t\t200\t\t{object}\tScrollResponse\n//\t@Router\t\t\t/computeruse/mouse/scroll [post]\n//\n//\t@id\t\t\t\tScroll\nfunc WrapScrollHandler(fn func(*MouseScrollRequest) (*ScrollResponse, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req MouseScrollRequest\n\t\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"Invalid scroll parameters\"})\n\t\t\treturn\n\t\t}\n\n\t\tresponse, err := fn(&req)\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// TypeText godoc\n//\n//\t@Summary\t\tType text\n//\t@Description\tType text with optional delay between keystrokes\n//\t@Tags\t\t\tcomputer-use\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tKeyboardTypeRequest\ttrue\t\"Text typing request\"\n//\t@Success\t\t200\t\t{object}\tEmpty\n//\t@Router\t\t\t/computeruse/keyboard/type [post]\n//\n//\t@id\t\t\t\tTypeText\nfunc WrapTypeTextHandler(fn func(*KeyboardTypeRequest) (*Empty, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req KeyboardTypeRequest\n\t\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"Invalid input\"})\n\t\t\treturn\n\t\t}\n\n\t\tresponse, err := fn(&req)\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// PressKey godoc\n//\n//\t@Summary\t\tPress key\n//\t@Description\tPress a key with optional modifiers\n//\t@Tags\t\t\tcomputer-use\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tKeyboardPressRequest\ttrue\t\"Key press request\"\n//\t@Success\t\t200\t\t{object}\tEmpty\n//\t@Router\t\t\t/computeruse/keyboard/key [post]\n//\n//\t@id\t\t\t\tPressKey\nfunc WrapPressKeyHandler(fn func(*KeyboardPressRequest) (*Empty, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req KeyboardPressRequest\n\t\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"Invalid key\"})\n\t\t\treturn\n\t\t}\n\n\t\tresponse, err := fn(&req)\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// PressHotkey godoc\n//\n//\t@Summary\t\tPress hotkey\n//\t@Description\tPress a hotkey combination (e.g., ctrl+c, cmd+v)\n//\t@Tags\t\t\tcomputer-use\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tKeyboardHotkeyRequest\ttrue\t\"Hotkey press request\"\n//\t@Success\t\t200\t\t{object}\tEmpty\n//\t@Router\t\t\t/computeruse/keyboard/hotkey [post]\n//\n//\t@id\t\t\t\tPressHotkey\nfunc WrapPressHotkeyHandler(fn func(*KeyboardHotkeyRequest) (*Empty, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req KeyboardHotkeyRequest\n\t\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"Invalid hotkey\"})\n\t\t\treturn\n\t\t}\n\n\t\tresponse, err := fn(&req)\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// GetDisplayInfo godoc\n//\n//\t@Summary\t\tGet display information\n//\t@Description\tGet information about all available displays\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tDisplayInfoResponse\n//\t@Router\t\t\t/computeruse/display/info [get]\n//\n//\t@id\t\t\t\tGetDisplayInfo\nfunc WrapDisplayInfoHandler(fn func() (*DisplayInfoResponse, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tresponse, err := fn()\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// GetWindows godoc\n//\n//\t@Summary\t\tGet windows information\n//\t@Description\tGet information about all open windows\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tWindowsResponse\n//\t@Router\t\t\t/computeruse/display/windows [get]\n//\n//\t@id\t\t\t\tGetWindows\nfunc WrapWindowsHandler(fn func() (*WindowsResponse, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tresponse, err := fn()\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n\n// GetStatus godoc\n//\n//\t@Summary\t\tGet computer use status\n//\t@Description\tGet the current status of the computer use system\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tComputerUseStatusResponse\n//\t@Router\t\t\t/computeruse/status [get]\n//\n//\t@id\t\t\t\tGetComputerUseSystemStatus\nfunc WrapStatusHandler(fn func() (*ComputerUseStatusResponse, error)) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tresponse, err := fn()\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\t\treturn\n\t\t}\n\t\tc.JSON(http.StatusOK, response)\n\t}\n}\n" }, { "path": "apps/daemon/pkg/toolbox/computeruse/lazy.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage computeruse\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\t\"sync\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\nvar errNotLoaded = errors.New(\"computer-use plugin is not loaded yet\")\n\n// Compile-time check that LazyComputerUse implements IComputerUse.\nvar _ IComputerUse = &LazyComputerUse{}\n\n// LazyComputerUse is a proxy that implements IComputerUse and delegates to the\n// real implementation once it has been set. Before Set is called, every method\n// returns errNotLoaded.\ntype LazyComputerUse struct {\n\tmu sync.RWMutex\n\timpl IComputerUse\n}\n\nfunc NewLazyComputerUse() *LazyComputerUse {\n\treturn &LazyComputerUse{}\n}\n\n// Set stores the real implementation. It is safe to call from any goroutine.\nfunc (l *LazyComputerUse) Set(impl IComputerUse) {\n\tl.mu.Lock()\n\tdefer l.mu.Unlock()\n\tl.impl = impl\n}\n\n// IsReady reports whether the real implementation has been loaded.\nfunc (l *LazyComputerUse) IsReady() bool {\n\tl.mu.RLock()\n\tdefer l.mu.RUnlock()\n\treturn l.impl != nil\n}\n\nfunc (l *LazyComputerUse) get() (IComputerUse, error) {\n\tl.mu.RLock()\n\tdefer l.mu.RUnlock()\n\tif l.impl == nil {\n\t\treturn nil, errNotLoaded\n\t}\n\treturn l.impl, nil\n}\n\n// --- IComputerUse implementation ---\n\nfunc (l *LazyComputerUse) Initialize() (*Empty, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.Initialize()\n}\n\nfunc (l *LazyComputerUse) Start() (*Empty, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.Start()\n}\n\nfunc (l *LazyComputerUse) Stop() (*Empty, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.Stop()\n}\n\nfunc (l *LazyComputerUse) GetProcessStatus() (map[string]ProcessStatus, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.GetProcessStatus()\n}\n\nfunc (l *LazyComputerUse) IsProcessRunning(req *ProcessRequest) (bool, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn false, err\n\t}\n\treturn impl.IsProcessRunning(req)\n}\n\nfunc (l *LazyComputerUse) RestartProcess(req *ProcessRequest) (*Empty, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.RestartProcess(req)\n}\n\nfunc (l *LazyComputerUse) GetProcessLogs(req *ProcessRequest) (string, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\treturn impl.GetProcessLogs(req)\n}\n\nfunc (l *LazyComputerUse) GetProcessErrors(req *ProcessRequest) (string, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\treturn impl.GetProcessErrors(req)\n}\n\nfunc (l *LazyComputerUse) TakeScreenshot(req *ScreenshotRequest) (*ScreenshotResponse, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.TakeScreenshot(req)\n}\n\nfunc (l *LazyComputerUse) TakeRegionScreenshot(req *RegionScreenshotRequest) (*ScreenshotResponse, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.TakeRegionScreenshot(req)\n}\n\nfunc (l *LazyComputerUse) TakeCompressedScreenshot(req *CompressedScreenshotRequest) (*ScreenshotResponse, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.TakeCompressedScreenshot(req)\n}\n\nfunc (l *LazyComputerUse) TakeCompressedRegionScreenshot(req *CompressedRegionScreenshotRequest) (*ScreenshotResponse, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.TakeCompressedRegionScreenshot(req)\n}\n\nfunc (l *LazyComputerUse) GetMousePosition() (*MousePositionResponse, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.GetMousePosition()\n}\n\nfunc (l *LazyComputerUse) MoveMouse(req *MouseMoveRequest) (*MousePositionResponse, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.MoveMouse(req)\n}\n\nfunc (l *LazyComputerUse) Click(req *MouseClickRequest) (*MouseClickResponse, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.Click(req)\n}\n\nfunc (l *LazyComputerUse) Drag(req *MouseDragRequest) (*MouseDragResponse, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.Drag(req)\n}\n\nfunc (l *LazyComputerUse) Scroll(req *MouseScrollRequest) (*ScrollResponse, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.Scroll(req)\n}\n\nfunc (l *LazyComputerUse) TypeText(req *KeyboardTypeRequest) (*Empty, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.TypeText(req)\n}\n\nfunc (l *LazyComputerUse) PressKey(req *KeyboardPressRequest) (*Empty, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.PressKey(req)\n}\n\nfunc (l *LazyComputerUse) PressHotkey(req *KeyboardHotkeyRequest) (*Empty, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.PressHotkey(req)\n}\n\nfunc (l *LazyComputerUse) GetDisplayInfo() (*DisplayInfoResponse, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.GetDisplayInfo()\n}\n\nfunc (l *LazyComputerUse) GetWindows() (*WindowsResponse, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.GetWindows()\n}\n\nfunc (l *LazyComputerUse) GetStatus() (*ComputerUseStatusResponse, error) {\n\timpl, err := l.get()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn impl.GetStatus()\n}\n\n// LazyCheckMiddleware returns 503 if the computer-use plugin has not loaded yet.\nfunc LazyCheckMiddleware(lazy *LazyComputerUse) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tif !lazy.IsReady() {\n\t\t\tc.JSON(http.StatusServiceUnavailable, gin.H{\n\t\t\t\t\"message\": \"Computer-use functionality is not available\",\n\t\t\t\t\"details\": \"The computer-use plugin is still loading or failed to initialize.\",\n\t\t\t\t\"solution\": \"Retry shortly. If the problem persists, check the daemon logs for specific error details.\",\n\t\t\t})\n\t\t\tc.Abort()\n\t\t\treturn\n\t\t}\n\t\tc.Next()\n\t}\n}\n" }, { "path": "apps/daemon/pkg/toolbox/computeruse/manager/manager.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage manager\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"os\"\n\t\"os/exec\"\n\t\"path/filepath\"\n\t\"runtime\"\n\t\"strings\"\n\n\t\"github.com/daytonaio/daemon/pkg/toolbox/computeruse\"\n\t\"github.com/hashicorp/go-hclog\"\n\t\"github.com/hashicorp/go-plugin\"\n)\n\ntype pluginRef struct {\n\tclient *plugin.Client\n\timpl computeruse.IComputerUse\n\tpath string\n}\n\nvar ComputerUseHandshakeConfig = plugin.HandshakeConfig{\n\tProtocolVersion: 1,\n\tMagicCookieKey: \"DAYTONA_COMPUTER_USE_PLUGIN\",\n\tMagicCookieValue: \"daytona_computer_use\",\n}\n\nvar computerUse = &pluginRef{}\n\n// ComputerUseError represents a computer-use plugin error with context\ntype ComputerUseError struct {\n\tType string // \"dependency\", \"system\", \"plugin\"\n\tMessage string\n\tDetails string\n}\n\nfunc (e *ComputerUseError) Error() string {\n\treturn e.Message\n}\n\n// detectPluginError tries to execute the plugin binary directly to get detailed error information\nfunc detectPluginError(logger *slog.Logger, path string) *ComputerUseError {\n\t// Try to execute the plugin directly to get error output\n\tcmd := exec.Command(path)\n\n\t// Capture both stdout and stderr\n\tvar stdout, stderr bytes.Buffer\n\tcmd.Stdout = &stdout\n\tcmd.Stderr = &stderr\n\n\t// Execute the command\n\terr := cmd.Run()\n\n\t// Get the combined output\n\toutput := stdout.String() + stderr.String()\n\n\tif err == nil {\n\t\t// Plugin executed successfully, this shouldn't happen in normal flow\n\t\treturn &ComputerUseError{\n\t\t\tType: \"plugin\",\n\t\t\tMessage: \"Plugin executed successfully but failed during handshake\",\n\t\t\tDetails: \"This may indicate a protocol version mismatch or plugin configuration issue.\",\n\t\t}\n\t}\n\n\t// Get exit code if available\n\texitCode := -1\n\tif exitErr, ok := err.(*exec.ExitError); ok {\n\t\texitCode = exitErr.ExitCode()\n\t}\n\n\t// Log the raw error for debugging\n\tlogger.Debug(\"Plugin execution failed\", \"exitCode\", exitCode, \"error\", err)\n\tlogger.Debug(\"Plugin stdout\", \"stdout\", stdout.String())\n\tlogger.Debug(\"Plugin stderr\", \"stderr\", stderr.String())\n\n\t// Check for missing X11 runtime dependencies\n\tif strings.Contains(output, \"libX11.so.6\") ||\n\t\tstrings.Contains(output, \"libXext.so.6\") ||\n\t\tstrings.Contains(output, \"libXtst.so.6\") ||\n\t\tstrings.Contains(output, \"libXrandr.so.2\") ||\n\t\tstrings.Contains(output, \"libXrender.so.1\") ||\n\t\tstrings.Contains(output, \"libXfixes.so.3\") ||\n\t\tstrings.Contains(output, \"libXss.so.1\") ||\n\t\tstrings.Contains(output, \"libXi.so.6\") ||\n\t\tstrings.Contains(output, \"libXinerama.so.1\") {\n\n\t\tmissingLibs := []string{}\n\t\tif strings.Contains(output, \"libX11.so.6\") {\n\t\t\tmissingLibs = append(missingLibs, \"libX11\")\n\t\t}\n\t\tif strings.Contains(output, \"libXext.so.6\") {\n\t\t\tmissingLibs = append(missingLibs, \"libXext\")\n\t\t}\n\t\tif strings.Contains(output, \"libXtst.so.6\") {\n\t\t\tmissingLibs = append(missingLibs, \"libXtst\")\n\t\t}\n\t\tif strings.Contains(output, \"libXrandr.so.2\") {\n\t\t\tmissingLibs = append(missingLibs, \"libXrandr\")\n\t\t}\n\t\tif strings.Contains(output, \"libXrender.so.1\") {\n\t\t\tmissingLibs = append(missingLibs, \"libXrender\")\n\t\t}\n\t\tif strings.Contains(output, \"libXfixes.so.3\") {\n\t\t\tmissingLibs = append(missingLibs, \"libXfixes\")\n\t\t}\n\t\tif strings.Contains(output, \"libXss.so.1\") {\n\t\t\tmissingLibs = append(missingLibs, \"libXScrnSaver\")\n\t\t}\n\t\tif strings.Contains(output, \"libXi.so.6\") {\n\t\t\tmissingLibs = append(missingLibs, \"libXi\")\n\t\t}\n\t\tif strings.Contains(output, \"libXinerama.so.1\") {\n\t\t\tmissingLibs = append(missingLibs, \"libXinerama\")\n\t\t}\n\n\t\treturn &ComputerUseError{\n\t\t\tType: \"dependency\",\n\t\t\tMessage: fmt.Sprintf(\"Computer-use plugin requires X11 runtime libraries that are not available (missing: %s)\", strings.Join(missingLibs, \", \")),\n\t\t\tDetails: fmt.Sprintf(`To enable computer-use functionality, install the required dependencies:\n\nFor Ubuntu/Debian:\n sudo apt-get update && sudo apt-get install -y \\\\\n libx11-6 libxrandr2 libxext6 libxrender1 libxfixes3 libxss1 libxtst6 libxi6 libxinerama1 \\\\\n xvfb x11vnc novnc xfce4 xfce4-terminal dbus-x11\n\nFor CentOS/RHEL/Fedora:\n sudo yum install -y libX11 libXrandr libXext libXrender libXfixes libXScrnSaver libXtst libXi libXinerama \\\\\n xorg-x11-server-Xvfb x11vnc novnc xfce4 xfce4-terminal dbus-x11\n\nFor Alpine:\n apk add --no-cache \\\\\n libx11 libxrandr libxext libxrender libxfixes libxss libxtst libxi libxinerama \\\\\n xvfb x11vnc novnc xfce4 xfce4-terminal dbus-x11\n\nRaw error output: %s\n\nNote: Computer-use features will be disabled until dependencies are installed.`, output),\n\t\t}\n\t}\n\n\t// Check for missing development libraries (build-time dependencies)\n\tif strings.Contains(output, \"X11/extensions/XTest.h\") ||\n\t\tstrings.Contains(output, \"X11/Xlib.h\") ||\n\t\tstrings.Contains(output, \"X11/Xutil.h\") ||\n\t\tstrings.Contains(output, \"X11/X.h\") {\n\n\t\treturn &ComputerUseError{\n\t\t\tType: \"dependency\",\n\t\t\tMessage: \"Computer-use plugin requires X11 development libraries\",\n\t\t\tDetails: fmt.Sprintf(`To build computer-use functionality, install the required development dependencies:\n\nFor Ubuntu/Debian:\n sudo apt-get update && sudo apt-get install -y \\\\\n libx11-dev libxtst-dev libxext-dev libxrandr-dev libxinerama-dev libxi-dev\n\nFor CentOS/RHEL/Fedora:\n sudo yum install -y libX11-devel libXtst-devel libXext-devel libXrandr-devel libXinerama-devel libXi-devel\n\nFor Alpine:\n apk add --no-cache \\\\\n libx11-dev libxtst-dev libxext-dev libxrandr-dev libxinerama-dev libxi-dev\n\nRaw error output: %s\n\nNote: Computer-use features will be disabled until dependencies are installed.`, output),\n\t\t}\n\t}\n\n\t// Check for permission issues\n\tif strings.Contains(output, \"Permission denied\") ||\n\t\tstrings.Contains(output, \"not executable\") ||\n\t\tstrings.Contains(output, \"EACCES\") {\n\n\t\treturn &ComputerUseError{\n\t\t\tType: \"system\",\n\t\t\tMessage: \"Computer-use plugin has permission issues\",\n\t\t\tDetails: fmt.Sprintf(\"The plugin at %s is not executable. Please check file permissions and ensure the binary is executable.\\n\\nRaw error output: %s\", path, output),\n\t\t}\n\t}\n\n\t// Check for architecture mismatch\n\tif strings.Contains(output, \"wrong ELF class\") ||\n\t\tstrings.Contains(output, \"architecture\") ||\n\t\tstrings.Contains(output, \"ELF\") ||\n\t\tstrings.Contains(output, \"exec format error\") {\n\n\t\treturn &ComputerUseError{\n\t\t\tType: \"system\",\n\t\t\tMessage: \"Computer-use plugin architecture mismatch\",\n\t\t\tDetails: fmt.Sprintf(\"The plugin was compiled for a different architecture. Please rebuild the plugin for the current system architecture.\\n\\nRaw error output: %s\", output),\n\t\t}\n\t}\n\n\t// Check for missing system libraries\n\tif strings.Contains(output, \"libc.so\") ||\n\t\tstrings.Contains(output, \"libm.so\") ||\n\t\tstrings.Contains(output, \"libdl.so\") ||\n\t\tstrings.Contains(output, \"libpthread.so\") {\n\n\t\treturn &ComputerUseError{\n\t\t\tType: \"system\",\n\t\t\tMessage: \"Computer-use plugin requires basic system libraries\",\n\t\t\tDetails: fmt.Sprintf(\"The plugin is missing basic system libraries. This may indicate a corrupted binary or system issue.\\n\\nRaw error output: %s\", output),\n\t\t}\n\t}\n\n\t// Check for file not found\n\tif strings.Contains(output, \"No such file or directory\") ||\n\t\tstrings.Contains(output, \"ENOENT\") {\n\n\t\treturn &ComputerUseError{\n\t\t\tType: \"system\",\n\t\t\tMessage: \"Computer-use plugin file not found\",\n\t\t\tDetails: fmt.Sprintf(\"The plugin file at %s could not be found or accessed.\\n\\nRaw error output: %s\", path, output),\n\t\t}\n\t}\n\n\t// Check for Go runtime issues\n\tif strings.Contains(output, \"go:\") ||\n\t\tstrings.Contains(output, \"runtime:\") ||\n\t\tstrings.Contains(output, \"panic:\") {\n\n\t\treturn &ComputerUseError{\n\t\t\tType: \"plugin\",\n\t\t\tMessage: \"Computer-use plugin has Go runtime issues\",\n\t\t\tDetails: fmt.Sprintf(\"The plugin encountered a Go runtime error.\\n\\nRaw error output: %s\", output),\n\t\t}\n\t}\n\n\t// Generic plugin error with full details\n\treturn &ComputerUseError{\n\t\tType: \"plugin\",\n\t\tMessage: fmt.Sprintf(\"Computer-use plugin failed to start (exit code: %d)\", exitCode),\n\t\tDetails: fmt.Sprintf(\"Error: %v\\nExit Code: %d\\nOutput: %s\", err, exitCode, output),\n\t}\n}\n\nfunc GetComputerUse(logger *slog.Logger, path string) (computeruse.IComputerUse, error) {\n\tif computerUse.impl != nil {\n\t\treturn computerUse.impl, nil\n\t}\n\n\tif _, err := os.Stat(path); os.IsNotExist(err) {\n\t\treturn nil, fmt.Errorf(\"computer-use plugin not found at path: %s\", path)\n\t}\n\n\tpluginName := filepath.Base(path)\n\tpluginBasePath := filepath.Dir(path)\n\n\tif runtime.GOOS == \"windows\" && strings.HasSuffix(path, \".exe\") {\n\t\tpluginName = strings.TrimSuffix(pluginName, \".exe\")\n\t}\n\n\t// Pre-flight check: detect critical issues (missing shared libraries, wrong\n\t// architecture, permission errors) before starting the go-plugin client.\n\t// When the plugin binary exits immediately, go-plugin panics due to a\n\t// WaitGroup race condition in its goroutine, crashing the entire daemon.\n\tpluginErr := detectPluginError(logger, path)\n\tif pluginErr != nil && pluginErr.Type != \"plugin\" {\n\t\treturn nil, fmt.Errorf(\"failed to start computer-use plugin - detailed error\\n[type]: %s - [error]: %s - [details]: %s\", pluginErr.Type, pluginErr.Message, pluginErr.Details)\n\t}\n\n\thclogger := hclog.New(&hclog.LoggerOptions{\n\t\tName: pluginName,\n\t\t// Output: log.New().WriterLevel(log.DebugLevel),\n\t\tOutput: os.Stdout,\n\t\tLevel: hclog.Debug,\n\t})\n\n\tpluginMap := map[string]plugin.Plugin{}\n\tpluginMap[pluginName] = &computeruse.ComputerUsePlugin{}\n\n\tclient := plugin.NewClient(&plugin.ClientConfig{\n\t\tHandshakeConfig: ComputerUseHandshakeConfig,\n\t\tPlugins: pluginMap,\n\t\tCmd: exec.Command(path),\n\t\tLogger: hclogger,\n\t\tManaged: true,\n\t})\n\n\tsuccess := false\n\tdefer func() {\n\t\tif !success {\n\t\t\tclient.Kill()\n\t\t}\n\t}()\n\n\tlogger.Info(\"Computer use registered\", \"pluginName\", pluginName)\n\trpcClient, err := client.Client()\n\tif err != nil {\n\t\tpluginErr := detectPluginError(logger, path)\n\t\tif pluginErr != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to get RPC client for computer-use plugin - detailed error\\n[type]: %s - [error]: %s - [details]: %s\", pluginErr.Type, pluginErr.Message, pluginErr.Details)\n\t\t}\n\t\treturn nil, fmt.Errorf(\"failed to get RPC client for computer-use plugin: %w\", err)\n\t}\n\n\traw, err := rpcClient.Dispense(pluginName)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to dispense computer-use plugin: %w\", err)\n\t}\n\n\timpl, ok := raw.(computeruse.IComputerUse)\n\tif !ok {\n\t\treturn nil, fmt.Errorf(\"unexpected type from computer-use plugin\")\n\t}\n\n\t_, err = impl.Initialize()\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to initialize computer-use plugin: %w\", err)\n\t}\n\n\tsuccess = true\n\tlogger.Info(\"Computer-use plugin initialized successfully\")\n\tcomputerUse.client = client\n\tcomputerUse.impl = impl\n\tcomputerUse.path = pluginBasePath\n\n\treturn impl, nil\n}\n" }, { "path": "apps/daemon/pkg/toolbox/computeruse/recording/controller.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recording\n\nimport (\n\t\"github.com/daytonaio/daemon/pkg/recording\"\n)\n\ntype RecordingController struct {\n\trecordingService *recording.RecordingService\n}\n\nfunc NewRecordingController(recordingService *recording.RecordingService) *RecordingController {\n\treturn &RecordingController{\n\t\trecordingService: recordingService,\n\t}\n}\n" }, { "path": "apps/daemon/pkg/toolbox/computeruse/recording/download.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recording\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\t\"os\"\n\n\t\"github.com/daytonaio/daemon/pkg/recording\"\n\t\"github.com/gin-gonic/gin\"\n)\n\n// DownloadRecording godoc\n//\n//\t@Summary\t\tDownload a recording\n//\t@Description\tDownload a recording by providing its ID\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\toctet-stream\n//\t@Param\t\t\tid\tpath\t\tstring\ttrue\t\"Recording ID\"\n//\t@Success\t\t200\t{file}\t\tbinary\n//\t@Failure\t\t404\t{object}\tmap[string]string\n//\t@Failure\t\t500\t{object}\tmap[string]string\n//\t@Router\t\t\t/computeruse/recordings/{id}/download [get]\n//\n//\t@id\t\t\t\tDownloadRecording\nfunc (r *RecordingController) DownloadRecording(ctx *gin.Context) {\n\tid := ctx.Param(\"id\")\n\n\trec, err := r.recordingService.GetRecording(id)\n\tif err != nil {\n\t\tif errors.Is(err, recording.ErrRecordingNotFound) {\n\t\t\tctx.JSON(http.StatusNotFound, gin.H{\"error\": \"recording not found\"})\n\t\t\treturn\n\t\t}\n\t\tctx.JSON(http.StatusInternalServerError, gin.H{\"error\": err.Error()})\n\t\treturn\n\t}\n\n\tif _, err := os.Stat(rec.FilePath); os.IsNotExist(err) {\n\t\tctx.JSON(http.StatusNotFound, gin.H{\"error\": \"file not found\"})\n\t\treturn\n\t}\n\n\tctx.File(rec.FilePath)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/computeruse/recording/recording.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recording\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\n\t\"github.com/gin-gonic/gin\"\n\n\trecordingservice \"github.com/daytonaio/daemon/pkg/recording\"\n)\n\n// ListRecordings godoc\n//\n//\t@Summary\t\tList all recordings\n//\t@Description\tGet a list of all recordings (active and completed)\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tListRecordingsResponse\n//\t@Failure\t\t500\t{object}\tmap[string]string\n//\t@Router\t\t\t/computeruse/recordings [get]\n//\n//\t@id\t\t\t\tListRecordings\nfunc (r *RecordingController) ListRecordings(ctx *gin.Context) {\n\trecordings, err := r.recordingService.ListRecordings()\n\tif err != nil {\n\t\tctx.JSON(http.StatusInternalServerError, gin.H{\"error\": err.Error()})\n\t\treturn\n\t}\n\n\trecordingDTOs := make([]RecordingDTO, 0, len(recordings))\n\tfor _, rec := range recordings {\n\t\trecordingDTOs = append(recordingDTOs, *RecordingToDTO(&rec))\n\t}\n\n\tresponse := ListRecordingsResponse{\n\t\tRecordings: recordingDTOs,\n\t}\n\n\tctx.JSON(http.StatusOK, response)\n}\n\n// GetRecording godoc\n//\n//\t@Summary\t\tGet recording details\n//\t@Description\tGet details of a specific recording by ID\n//\t@Tags\t\t\tcomputer-use\n//\t@Produce\t\tjson\n//\t@Param\t\t\tid\tpath\t\tstring\ttrue\t\"Recording ID\"\n//\t@Success\t\t200\t{object}\tRecordingDTO\n//\t@Failure\t\t404\t{object}\tmap[string]string\n//\t@Failure\t\t500\t{object}\tmap[string]string\n//\t@Router\t\t\t/computeruse/recordings/{id} [get]\n//\n//\t@id\t\t\t\tGetRecording\nfunc (r *RecordingController) GetRecording(ctx *gin.Context) {\n\tid := ctx.Param(\"id\")\n\tif id == \"\" {\n\t\tctx.JSON(http.StatusBadRequest, gin.H{\"error\": \"id is required\"})\n\t\treturn\n\t}\n\n\trecording, err := r.recordingService.GetRecording(id)\n\tif err != nil {\n\t\tif errors.Is(err, recordingservice.ErrRecordingNotFound) {\n\t\t\tctx.JSON(http.StatusNotFound, gin.H{\"error\": \"recording not found\"})\n\t\t\treturn\n\t\t}\n\t\tctx.JSON(http.StatusInternalServerError, gin.H{\"error\": err.Error()})\n\t\treturn\n\t}\n\n\tctx.JSON(http.StatusOK, *RecordingToDTO(recording))\n}\n\n// DeleteRecording godoc\n//\n//\t@Summary\t\tDelete a recording\n//\t@Description\tDelete a recording file by ID\n//\t@Tags\t\t\tcomputer-use\n//\t@Param\t\t\tid\tpath\tstring\ttrue\t\"Recording ID\"\n//\t@Success\t\t204\n//\t@Failure\t\t400\t{object}\tmap[string]string\n//\t@Failure\t\t404\t{object}\tmap[string]string\n//\t@Failure\t\t500\t{object}\tmap[string]string\n//\t@Router\t\t\t/computeruse/recordings/{id} [delete]\n//\n//\t@id\t\t\t\tDeleteRecording\nfunc (r *RecordingController) DeleteRecording(ctx *gin.Context) {\n\tid := ctx.Param(\"id\")\n\tif id == \"\" {\n\t\tctx.JSON(http.StatusBadRequest, gin.H{\"error\": \"id is required\"})\n\t\treturn\n\t}\n\n\terr := r.recordingService.DeleteRecording(id)\n\tif err != nil {\n\t\tif errors.Is(err, recordingservice.ErrRecordingNotFound) {\n\t\t\tctx.JSON(http.StatusNotFound, gin.H{\"error\": \"recording not found\"})\n\t\t\treturn\n\t\t}\n\t\tif errors.Is(err, recordingservice.ErrRecordingStillActive) {\n\t\t\tctx.JSON(http.StatusBadRequest, gin.H{\"error\": \"cannot delete an active recording, stop it first\"})\n\t\t\treturn\n\t\t}\n\t\tctx.JSON(http.StatusInternalServerError, gin.H{\"error\": err.Error()})\n\t\treturn\n\t}\n\n\tctx.Status(http.StatusNoContent)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/computeruse/recording/start.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recording\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\n\t\"github.com/gin-gonic/gin\"\n\n\trecordingservice \"github.com/daytonaio/daemon/pkg/recording\"\n)\n\n// StartRecording godoc\n//\n//\t@Summary\t\tStart a new recording\n//\t@Description\tStart a new screen recording session\n//\t@Tags\t\t\tcomputer-use\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tStartRecordingRequest\tfalse\t\"Recording options\"\n//\t@Success\t\t201\t\t{object}\tRecordingDTO\n//\t@Failure\t\t400\t\t{object}\tmap[string]string\n//\t@Failure\t\t500\t\t{object}\tmap[string]string\n//\t@Router\t\t\t/computeruse/recordings/start [post]\n//\n//\t@id\t\t\t\tStartRecording\nfunc (h *RecordingController) StartRecording(ctx *gin.Context) {\n\tvar request StartRecordingRequest\n\tif err := ctx.ShouldBindJSON(&request); err != nil {\n\t\t// Allow empty body - label is optional\n\t\trequest = StartRecordingRequest{}\n\t}\n\n\trecording, err := h.recordingService.StartRecording(request.Label)\n\tif err != nil {\n\t\tif errors.Is(err, recordingservice.ErrFFmpegNotFound) {\n\t\t\tctx.JSON(http.StatusBadRequest, gin.H{\n\t\t\t\t\"error\": \"ffmpeg_not_found\",\n\t\t\t\t\"message\": \"FFmpeg must be installed and available in PATH to use screen recording\",\n\t\t\t})\n\t\t\treturn\n\t\t}\n\t\tif errors.Is(err, recordingservice.ErrInvalidLabel) {\n\t\t\tctx.JSON(http.StatusBadRequest, gin.H{\n\t\t\t\t\"error\": \"invalid_label\",\n\t\t\t\t\"message\": err.Error(),\n\t\t\t})\n\t\t\treturn\n\t\t}\n\t\tctx.JSON(http.StatusInternalServerError, gin.H{\"error\": err.Error()})\n\t\treturn\n\t}\n\n\tctx.JSON(http.StatusCreated, *RecordingToDTO(recording))\n}\n" }, { "path": "apps/daemon/pkg/toolbox/computeruse/recording/stop.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recording\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\n\t\"github.com/gin-gonic/gin\"\n\n\trecordingservice \"github.com/daytonaio/daemon/pkg/recording\"\n)\n\n// StopRecording godoc\n//\n//\t@Summary\t\tStop a recording\n//\t@Description\tStop an active screen recording session\n//\t@Tags\t\t\tcomputer-use\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tStopRecordingRequest\ttrue\t\"Recording ID to stop\"\n//\t@Success\t\t200\t\t{object}\tRecordingDTO\n//\t@Failure\t\t400\t\t{object}\tmap[string]string\n//\t@Failure\t\t404\t\t{object}\tmap[string]string\n//\t@Router\t\t\t/computeruse/recordings/stop [post]\n//\n//\t@id\t\t\t\tStopRecording\nfunc (r *RecordingController) StopRecording(ctx *gin.Context) {\n\tvar request StopRecordingRequest\n\tif err := ctx.ShouldBindJSON(&request); err != nil {\n\t\tctx.JSON(http.StatusBadRequest, gin.H{\"error\": \"invalid request: id is required\"})\n\t\treturn\n\t}\n\n\tif request.ID == \"\" {\n\t\tctx.JSON(http.StatusBadRequest, gin.H{\"error\": \"id is required\"})\n\t\treturn\n\t}\n\n\trecording, err := r.recordingService.StopRecording(request.ID)\n\tif err != nil {\n\t\tif errors.Is(err, recordingservice.ErrRecordingNotFound) {\n\t\t\tctx.JSON(http.StatusNotFound, gin.H{\"error\": \"recording not found\"})\n\t\t\treturn\n\t\t}\n\t\tctx.JSON(http.StatusInternalServerError, gin.H{\"error\": err.Error()})\n\t\treturn\n\t}\n\n\tctx.JSON(http.StatusOK, *RecordingToDTO(recording))\n}\n" }, { "path": "apps/daemon/pkg/toolbox/computeruse/recording/types.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage recording\n\nimport (\n\t\"time\"\n\n\t\"github.com/daytonaio/daemon/pkg/recording\"\n)\n\n// Recording represents a recording session (active or completed)\ntype RecordingDTO struct {\n\tID string `json:\"id\" validate:\"required\"`\n\tFileName string `json:\"fileName\" validate:\"required\"`\n\tFilePath string `json:\"filePath\" validate:\"required\"`\n\tStartTime time.Time `json:\"startTime\" validate:\"required\"`\n\tEndTime *time.Time `json:\"endTime,omitempty\"`\n\tStatus string `json:\"status\" validate:\"required\"`\n\tDurationSeconds *float64 `json:\"durationSeconds,omitempty\"`\n\tSizeBytes *int64 `json:\"sizeBytes,omitempty\"`\n} // @name Recording\n\n// StartRecordingRequest represents the request to start a new recording\ntype StartRecordingRequest struct {\n\tLabel *string `json:\"label,omitempty\"`\n} // @name StartRecordingRequest\n\n// StopRecordingRequest represents the request to stop an active recording\ntype StopRecordingRequest struct {\n\tID string `json:\"id\" validate:\"required\"`\n} // @name StopRecordingRequest\n\n// ListRecordingsResponse represents the response containing all recordings\ntype ListRecordingsResponse struct {\n\tRecordings []RecordingDTO `json:\"recordings\" validate:\"required\"`\n} // @name ListRecordingsResponse\n\nfunc RecordingToDTO(r *recording.Recording) *RecordingDTO {\n\treturn &RecordingDTO{\n\t\tID: r.ID,\n\t\tFileName: r.FileName,\n\t\tFilePath: r.FilePath,\n\t\tStartTime: r.StartTime,\n\t\tEndTime: r.EndTime,\n\t\tStatus: r.Status,\n\t\tDurationSeconds: r.DurationSeconds,\n\t\tSizeBytes: r.SizeBytes,\n\t}\n}\n" }, { "path": "apps/daemon/pkg/toolbox/computeruse/rpc_client.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage computeruse\n\nimport (\n\t\"net/rpc\"\n)\n\ntype ComputerUseRPCClient struct {\n\tclient *rpc.Client\n}\n\n// Type check\nvar _ IComputerUse = &ComputerUseRPCClient{}\n\n// Process management methods\nfunc (m *ComputerUseRPCClient) Initialize() (*Empty, error) {\n\terr := m.client.Call(\"Plugin.Initialize\", new(any), new(Empty))\n\treturn new(Empty), err\n}\n\nfunc (m *ComputerUseRPCClient) Start() (*Empty, error) {\n\terr := m.client.Call(\"Plugin.Start\", new(any), new(Empty))\n\treturn new(Empty), err\n}\n\nfunc (m *ComputerUseRPCClient) Stop() (*Empty, error) {\n\terr := m.client.Call(\"Plugin.Stop\", new(any), new(Empty))\n\treturn new(Empty), err\n}\n\nfunc (m *ComputerUseRPCClient) GetProcessStatus() (map[string]ProcessStatus, error) {\n\tresp := map[string]ProcessStatus{}\n\terr := m.client.Call(\"Plugin.GetProcessStatus\", new(any), &resp)\n\treturn resp, err\n}\n\nfunc (m *ComputerUseRPCClient) IsProcessRunning(req *ProcessRequest) (bool, error) {\n\tvar resp bool\n\terr := m.client.Call(\"Plugin.IsProcessRunning\", req, &resp)\n\treturn resp, err\n}\n\nfunc (m *ComputerUseRPCClient) RestartProcess(req *ProcessRequest) (*Empty, error) {\n\terr := m.client.Call(\"Plugin.RestartProcess\", req, new(Empty))\n\treturn new(Empty), err\n}\n\nfunc (m *ComputerUseRPCClient) GetProcessLogs(req *ProcessRequest) (string, error) {\n\tvar resp string\n\terr := m.client.Call(\"Plugin.GetProcessLogs\", req, &resp)\n\treturn resp, err\n}\n\nfunc (m *ComputerUseRPCClient) GetProcessErrors(req *ProcessRequest) (string, error) {\n\tvar resp string\n\terr := m.client.Call(\"Plugin.GetProcessErrors\", req, &resp)\n\treturn resp, err\n}\n\n// Screenshot methods\nfunc (m *ComputerUseRPCClient) TakeScreenshot(request *ScreenshotRequest) (*ScreenshotResponse, error) {\n\tvar resp ScreenshotResponse\n\terr := m.client.Call(\"Plugin.TakeScreenshot\", request, &resp)\n\treturn &resp, err\n}\n\nfunc (m *ComputerUseRPCClient) TakeRegionScreenshot(request *RegionScreenshotRequest) (*ScreenshotResponse, error) {\n\tvar resp ScreenshotResponse\n\terr := m.client.Call(\"Plugin.TakeRegionScreenshot\", request, &resp)\n\treturn &resp, err\n}\n\nfunc (m *ComputerUseRPCClient) TakeCompressedScreenshot(request *CompressedScreenshotRequest) (*ScreenshotResponse, error) {\n\tvar resp ScreenshotResponse\n\terr := m.client.Call(\"Plugin.TakeCompressedScreenshot\", request, &resp)\n\treturn &resp, err\n}\n\nfunc (m *ComputerUseRPCClient) TakeCompressedRegionScreenshot(request *CompressedRegionScreenshotRequest) (*ScreenshotResponse, error) {\n\tvar resp ScreenshotResponse\n\terr := m.client.Call(\"Plugin.TakeCompressedRegionScreenshot\", request, &resp)\n\treturn &resp, err\n}\n\n// Mouse control methods\nfunc (m *ComputerUseRPCClient) GetMousePosition() (*MousePositionResponse, error) {\n\tvar resp MousePositionResponse\n\terr := m.client.Call(\"Plugin.GetMousePosition\", new(any), &resp)\n\treturn &resp, err\n}\n\nfunc (m *ComputerUseRPCClient) MoveMouse(request *MouseMoveRequest) (*MousePositionResponse, error) {\n\tvar resp MousePositionResponse\n\terr := m.client.Call(\"Plugin.MoveMouse\", request, &resp)\n\treturn &resp, err\n}\n\nfunc (m *ComputerUseRPCClient) Click(request *MouseClickRequest) (*MouseClickResponse, error) {\n\tvar resp MouseClickResponse\n\terr := m.client.Call(\"Plugin.Click\", request, &resp)\n\treturn &resp, err\n}\n\nfunc (m *ComputerUseRPCClient) Drag(request *MouseDragRequest) (*MouseDragResponse, error) {\n\tvar resp MouseDragResponse\n\terr := m.client.Call(\"Plugin.Drag\", request, &resp)\n\treturn &resp, err\n}\n\nfunc (m *ComputerUseRPCClient) Scroll(request *MouseScrollRequest) (*ScrollResponse, error) {\n\tvar resp ScrollResponse\n\terr := m.client.Call(\"Plugin.Scroll\", request, &resp)\n\treturn &resp, err\n}\n\n// Keyboard control methods\nfunc (m *ComputerUseRPCClient) TypeText(request *KeyboardTypeRequest) (*Empty, error) {\n\terr := m.client.Call(\"Plugin.TypeText\", request, new(Empty))\n\treturn new(Empty), err\n}\n\nfunc (m *ComputerUseRPCClient) PressKey(request *KeyboardPressRequest) (*Empty, error) {\n\terr := m.client.Call(\"Plugin.PressKey\", request, new(Empty))\n\treturn new(Empty), err\n}\n\nfunc (m *ComputerUseRPCClient) PressHotkey(request *KeyboardHotkeyRequest) (*Empty, error) {\n\terr := m.client.Call(\"Plugin.PressHotkey\", request, new(Empty))\n\treturn new(Empty), err\n}\n\n// Display info methods\nfunc (m *ComputerUseRPCClient) GetDisplayInfo() (*DisplayInfoResponse, error) {\n\tvar resp DisplayInfoResponse\n\terr := m.client.Call(\"Plugin.GetDisplayInfo\", new(any), &resp)\n\treturn &resp, err\n}\n\nfunc (m *ComputerUseRPCClient) GetWindows() (*WindowsResponse, error) {\n\tvar resp WindowsResponse\n\terr := m.client.Call(\"Plugin.GetWindows\", new(any), &resp)\n\treturn &resp, err\n}\n\n// Status method\nfunc (m *ComputerUseRPCClient) GetStatus() (*ComputerUseStatusResponse, error) {\n\tvar resp ComputerUseStatusResponse\n\terr := m.client.Call(\"Plugin.GetStatus\", new(any), &resp)\n\treturn &resp, err\n}\n" }, { "path": "apps/daemon/pkg/toolbox/computeruse/rpc_server.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage computeruse\n\ntype ComputerUseRPCServer struct {\n\tImpl IComputerUse\n}\n\n// Process management methods\nfunc (m *ComputerUseRPCServer) Initialize(arg any, resp *Empty) error {\n\t_, err := m.Impl.Initialize()\n\treturn err\n}\n\nfunc (m *ComputerUseRPCServer) Start(arg any, resp *Empty) error {\n\t_, err := m.Impl.Start()\n\treturn err\n}\n\nfunc (m *ComputerUseRPCServer) Stop(arg any, resp *Empty) error {\n\t_, err := m.Impl.Stop()\n\treturn err\n}\n\nfunc (m *ComputerUseRPCServer) GetProcessStatus(arg any, resp *map[string]ProcessStatus) error {\n\tstatus, err := m.Impl.GetProcessStatus()\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = status\n\treturn nil\n}\n\nfunc (m *ComputerUseRPCServer) IsProcessRunning(arg *ProcessRequest, resp *bool) error {\n\tisRunning, err := m.Impl.IsProcessRunning(arg)\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = isRunning\n\treturn nil\n}\n\nfunc (m *ComputerUseRPCServer) RestartProcess(arg *ProcessRequest, resp *Empty) error {\n\t_, err := m.Impl.RestartProcess(arg)\n\treturn err\n}\n\nfunc (m *ComputerUseRPCServer) GetProcessLogs(arg *ProcessRequest, resp *string) error {\n\tlogs, err := m.Impl.GetProcessLogs(arg)\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = logs\n\treturn nil\n}\n\nfunc (m *ComputerUseRPCServer) GetProcessErrors(arg *ProcessRequest, resp *string) error {\n\terrors, err := m.Impl.GetProcessErrors(arg)\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = errors\n\treturn nil\n}\n\n// Screenshot methods\nfunc (m *ComputerUseRPCServer) TakeScreenshot(arg *ScreenshotRequest, resp *ScreenshotResponse) error {\n\tresponse, err := m.Impl.TakeScreenshot(arg)\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = *response\n\treturn nil\n}\n\nfunc (m *ComputerUseRPCServer) TakeRegionScreenshot(arg *RegionScreenshotRequest, resp *ScreenshotResponse) error {\n\tresponse, err := m.Impl.TakeRegionScreenshot(arg)\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = *response\n\treturn nil\n}\n\nfunc (m *ComputerUseRPCServer) TakeCompressedScreenshot(arg *CompressedScreenshotRequest, resp *ScreenshotResponse) error {\n\tresponse, err := m.Impl.TakeCompressedScreenshot(arg)\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = *response\n\treturn nil\n}\n\nfunc (m *ComputerUseRPCServer) TakeCompressedRegionScreenshot(arg *CompressedRegionScreenshotRequest, resp *ScreenshotResponse) error {\n\tresponse, err := m.Impl.TakeCompressedRegionScreenshot(arg)\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = *response\n\treturn nil\n}\n\n// Mouse control methods\nfunc (m *ComputerUseRPCServer) GetMousePosition(arg any, resp *MousePositionResponse) error {\n\tresponse, err := m.Impl.GetMousePosition()\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = *response\n\treturn nil\n}\n\nfunc (m *ComputerUseRPCServer) MoveMouse(arg *MouseMoveRequest, resp *MousePositionResponse) error {\n\tresponse, err := m.Impl.MoveMouse(arg)\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = *response\n\treturn nil\n}\n\nfunc (m *ComputerUseRPCServer) Click(arg *MouseClickRequest, resp *MouseClickResponse) error {\n\tresponse, err := m.Impl.Click(arg)\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = *response\n\treturn nil\n}\n\nfunc (m *ComputerUseRPCServer) Drag(arg *MouseDragRequest, resp *MouseDragResponse) error {\n\tresponse, err := m.Impl.Drag(arg)\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = *response\n\treturn nil\n}\n\nfunc (m *ComputerUseRPCServer) Scroll(arg *MouseScrollRequest, resp *ScrollResponse) error {\n\tresponse, err := m.Impl.Scroll(arg)\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = *response\n\treturn nil\n}\n\n// Keyboard control methods\nfunc (m *ComputerUseRPCServer) TypeText(arg *KeyboardTypeRequest, resp *Empty) error {\n\t_, err := m.Impl.TypeText(arg)\n\treturn err\n}\n\nfunc (m *ComputerUseRPCServer) PressKey(arg *KeyboardPressRequest, resp *Empty) error {\n\t_, err := m.Impl.PressKey(arg)\n\treturn err\n}\n\nfunc (m *ComputerUseRPCServer) PressHotkey(arg *KeyboardHotkeyRequest, resp *Empty) error {\n\t_, err := m.Impl.PressHotkey(arg)\n\treturn err\n}\n\n// Display info methods\nfunc (m *ComputerUseRPCServer) GetDisplayInfo(arg any, resp *DisplayInfoResponse) error {\n\tresponse, err := m.Impl.GetDisplayInfo()\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = *response\n\treturn nil\n}\n\nfunc (m *ComputerUseRPCServer) GetWindows(arg any, resp *WindowsResponse) error {\n\tresponse, err := m.Impl.GetWindows()\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = *response\n\treturn nil\n}\n\n// Status method\nfunc (m *ComputerUseRPCServer) GetStatus(arg any, resp *ComputerUseStatusResponse) error {\n\tresponse, err := m.Impl.GetStatus()\n\tif err != nil {\n\t\treturn err\n\t}\n\t*resp = *response\n\treturn nil\n}\n" }, { "path": "apps/daemon/pkg/toolbox/config/config.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage config\n\nconst TOOLBOX_API_PORT = 2280\nconst RECORDING_DASHBOARD_PORT = 33333\n" }, { "path": "apps/daemon/pkg/toolbox/controller.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage toolbox\n\nimport (\n\t\"net/http\"\n\t\"os\"\n\n\t\"github.com/daytonaio/daemon/internal\"\n\t\"github.com/gin-gonic/gin\"\n)\n\n// Initialize godoc\n//\n//\t@Summary\t\tInitialize toolbox server\n//\t@Description\tSet the auth token and initialize telemetry for the toolbox server\n//\t@Tags\t\t\tserver\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tInitializeRequest\ttrue\t\"Initialization request\"\n//\t@Success\t\t200\t\t{object}\tmap[string]string\n//\t@Router\t\t\t/init [post]\n//\n//\t@id\t\t\t\tInitialize\nfunc (s *server) Initialize(otelServiceName string, entrypointLogFilePath string, organizationId, regionId *string) gin.HandlerFunc {\n\treturn func(ctx *gin.Context) {\n\t\tvar req InitializeRequest\n\t\tif err := ctx.ShouldBindJSON(&req); err != nil {\n\t\t\tctx.AbortWithError(http.StatusBadRequest, err)\n\t\t\treturn\n\t\t}\n\n\t\ts.authToken = req.Token\n\n\t\terr := s.initTelemetry(ctx.Request.Context(), otelServiceName, entrypointLogFilePath, organizationId, regionId)\n\t\tif err != nil {\n\t\t\tctx.AbortWithError(http.StatusBadRequest, err)\n\t\t\treturn\n\t\t}\n\n\t\tctx.JSON(http.StatusOK, gin.H{\n\t\t\t\"message\": \"Auth token set and telemetry initialized successfully\",\n\t\t})\n\t}\n}\n\n// GetWorkDir godoc\n//\n//\t@Summary\t\tGet working directory\n//\t@Description\tGet the current working directory path. This is default directory used for running commands.\n//\t@Tags\t\t\tinfo\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tWorkDirResponse\n//\t@Router\t\t\t/work-dir [get]\n//\n//\t@id\t\t\t\tGetWorkDir\nfunc (s *server) GetWorkDir(ctx *gin.Context) {\n\tworkDir := WorkDirResponse{\n\t\tDir: s.WorkDir,\n\t}\n\n\tctx.JSON(http.StatusOK, workDir)\n}\n\n// GetUserHomeDir godoc\n//\n//\t@Summary\t\tGet user home directory\n//\t@Description\tGet the current user home directory path.\n//\t@Tags\t\t\tinfo\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tUserHomeDirResponse\n//\t@Router\t\t\t/user-home-dir [get]\n//\n//\t@id\t\t\t\tGetUserHomeDir\nfunc (s *server) GetUserHomeDir(ctx *gin.Context) {\n\tuserHomeDir, err := os.UserHomeDir()\n\tif err != nil {\n\t\tctx.AbortWithError(http.StatusInternalServerError, err)\n\t\treturn\n\t}\n\tuserHomeDirResponse := UserHomeDirResponse{\n\t\tDir: userHomeDir,\n\t}\n\n\tctx.JSON(http.StatusOK, userHomeDirResponse)\n}\n\n// GetVersion godoc\n//\n//\t@Summary\t\tGet version\n//\t@Description\tGet the current daemon version\n//\t@Tags\t\t\tinfo\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tmap[string]string\n//\t@Router\t\t\t/version [get]\n//\n//\t@id\t\t\t\tGetVersion\nfunc (s *server) GetVersion(ctx *gin.Context) {\n\tctx.JSON(http.StatusOK, gin.H{\n\t\t\"version\": internal.Version,\n\t})\n}\n" }, { "path": "apps/daemon/pkg/toolbox/docs/docs.go", "content": "// Package docs Code generated by swaggo/swag. DO NOT EDIT\npackage docs\n\nimport \"github.com/swaggo/swag\"\n\nconst docTemplate = `{\n \"schemes\": {{ marshal .Schemes }},\n \"swagger\": \"2.0\",\n \"info\": {\n \"description\": \"{{escape .Description}}\",\n \"title\": \"{{.Title}}\",\n \"contact\": {},\n \"version\": \"{{.Version}}\"\n },\n \"host\": \"{{.Host}}\",\n \"basePath\": \"{{.BasePath}}\",\n \"paths\": {\n \"/computeruse/display/info\": {\n \"get\": {\n \"description\": \"Get information about all available displays\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Get display information\",\n \"operationId\": \"GetDisplayInfo\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/DisplayInfoResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/display/windows\": {\n \"get\": {\n \"description\": \"Get information about all open windows\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Get windows information\",\n \"operationId\": \"GetWindows\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/WindowsResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/keyboard/hotkey\": {\n \"post\": {\n \"description\": \"Press a hotkey combination (e.g., ctrl+c, cmd+v)\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Press hotkey\",\n \"operationId\": \"PressHotkey\",\n \"parameters\": [\n {\n \"description\": \"Hotkey press request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/KeyboardHotkeyRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Empty\"\n }\n }\n }\n }\n },\n \"/computeruse/keyboard/key\": {\n \"post\": {\n \"description\": \"Press a key with optional modifiers\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Press key\",\n \"operationId\": \"PressKey\",\n \"parameters\": [\n {\n \"description\": \"Key press request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/KeyboardPressRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Empty\"\n }\n }\n }\n }\n },\n \"/computeruse/keyboard/type\": {\n \"post\": {\n \"description\": \"Type text with optional delay between keystrokes\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Type text\",\n \"operationId\": \"TypeText\",\n \"parameters\": [\n {\n \"description\": \"Text typing request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/KeyboardTypeRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Empty\"\n }\n }\n }\n }\n },\n \"/computeruse/mouse/click\": {\n \"post\": {\n \"description\": \"Click the mouse button at the specified coordinates\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Click mouse button\",\n \"operationId\": \"Click\",\n \"parameters\": [\n {\n \"description\": \"Mouse click request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/MouseClickRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/MouseClickResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/mouse/drag\": {\n \"post\": {\n \"description\": \"Drag the mouse from start to end coordinates\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Drag mouse\",\n \"operationId\": \"Drag\",\n \"parameters\": [\n {\n \"description\": \"Mouse drag request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/MouseDragRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/MouseDragResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/mouse/move\": {\n \"post\": {\n \"description\": \"Move the mouse cursor to the specified coordinates\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Move mouse cursor\",\n \"operationId\": \"MoveMouse\",\n \"parameters\": [\n {\n \"description\": \"Mouse move request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/MouseMoveRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/MousePositionResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/mouse/position\": {\n \"get\": {\n \"description\": \"Get the current mouse cursor position\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Get mouse position\",\n \"operationId\": \"GetMousePosition\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/MousePositionResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/mouse/scroll\": {\n \"post\": {\n \"description\": \"Scroll the mouse wheel at the specified coordinates\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Scroll mouse wheel\",\n \"operationId\": \"Scroll\",\n \"parameters\": [\n {\n \"description\": \"Mouse scroll request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/MouseScrollRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ScrollResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/process-status\": {\n \"get\": {\n \"description\": \"Get the status of all computer use processes\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Get computer use process status\",\n \"operationId\": \"GetComputerUseStatus\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ComputerUseStatusResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/process/{processName}/errors\": {\n \"get\": {\n \"description\": \"Get errors for a specific computer use process\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Get process errors\",\n \"operationId\": \"GetProcessErrors\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Process name to get errors for\",\n \"name\": \"processName\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ProcessErrorsResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/process/{processName}/logs\": {\n \"get\": {\n \"description\": \"Get logs for a specific computer use process\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Get process logs\",\n \"operationId\": \"GetProcessLogs\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Process name to get logs for\",\n \"name\": \"processName\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ProcessLogsResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/process/{processName}/restart\": {\n \"post\": {\n \"description\": \"Restart a specific computer use process\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Restart specific process\",\n \"operationId\": \"RestartProcess\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Process name to restart\",\n \"name\": \"processName\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ProcessRestartResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/process/{processName}/status\": {\n \"get\": {\n \"description\": \"Check if a specific computer use process is running\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Get specific process status\",\n \"operationId\": \"GetProcessStatus\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Process name to check\",\n \"name\": \"processName\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ProcessStatusResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/recordings\": {\n \"get\": {\n \"description\": \"Get a list of all recordings (active and completed)\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"List all recordings\",\n \"operationId\": \"ListRecordings\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ListRecordingsResponse\"\n }\n },\n \"500\": {\n \"description\": \"Internal Server Error\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/computeruse/recordings/start\": {\n \"post\": {\n \"description\": \"Start a new screen recording session\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Start a new recording\",\n \"operationId\": \"StartRecording\",\n \"parameters\": [\n {\n \"description\": \"Recording options\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"schema\": {\n \"$ref\": \"#/definitions/StartRecordingRequest\"\n }\n }\n ],\n \"responses\": {\n \"201\": {\n \"description\": \"Created\",\n \"schema\": {\n \"$ref\": \"#/definitions/Recording\"\n }\n },\n \"400\": {\n \"description\": \"Bad Request\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"500\": {\n \"description\": \"Internal Server Error\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/computeruse/recordings/stop\": {\n \"post\": {\n \"description\": \"Stop an active screen recording session\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Stop a recording\",\n \"operationId\": \"StopRecording\",\n \"parameters\": [\n {\n \"description\": \"Recording ID to stop\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/StopRecordingRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Recording\"\n }\n },\n \"400\": {\n \"description\": \"Bad Request\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"404\": {\n \"description\": \"Not Found\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/computeruse/recordings/{id}\": {\n \"get\": {\n \"description\": \"Get details of a specific recording by ID\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Get recording details\",\n \"operationId\": \"GetRecording\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Recording ID\",\n \"name\": \"id\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Recording\"\n }\n },\n \"404\": {\n \"description\": \"Not Found\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"500\": {\n \"description\": \"Internal Server Error\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n },\n \"delete\": {\n \"description\": \"Delete a recording file by ID\",\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Delete a recording\",\n \"operationId\": \"DeleteRecording\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Recording ID\",\n \"name\": \"id\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"204\": {\n \"description\": \"No Content\"\n },\n \"400\": {\n \"description\": \"Bad Request\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"404\": {\n \"description\": \"Not Found\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"500\": {\n \"description\": \"Internal Server Error\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/computeruse/recordings/{id}/download\": {\n \"get\": {\n \"description\": \"Download a recording by providing its ID\",\n \"produces\": [\n \"application/octet-stream\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Download a recording\",\n \"operationId\": \"DownloadRecording\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Recording ID\",\n \"name\": \"id\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"file\"\n }\n },\n \"404\": {\n \"description\": \"Not Found\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"500\": {\n \"description\": \"Internal Server Error\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/computeruse/screenshot\": {\n \"get\": {\n \"description\": \"Take a screenshot of the entire screen\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Take a screenshot\",\n \"operationId\": \"TakeScreenshot\",\n \"parameters\": [\n {\n \"type\": \"boolean\",\n \"description\": \"Whether to show cursor in screenshot\",\n \"name\": \"showCursor\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ScreenshotResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/screenshot/compressed\": {\n \"get\": {\n \"description\": \"Take a compressed screenshot of the entire screen\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Take a compressed screenshot\",\n \"operationId\": \"TakeCompressedScreenshot\",\n \"parameters\": [\n {\n \"type\": \"boolean\",\n \"description\": \"Whether to show cursor in screenshot\",\n \"name\": \"showCursor\",\n \"in\": \"query\"\n },\n {\n \"type\": \"string\",\n \"description\": \"Image format (png or jpeg)\",\n \"name\": \"format\",\n \"in\": \"query\"\n },\n {\n \"type\": \"integer\",\n \"description\": \"JPEG quality (1-100)\",\n \"name\": \"quality\",\n \"in\": \"query\"\n },\n {\n \"type\": \"number\",\n \"description\": \"Scale factor (0.1-1.0)\",\n \"name\": \"scale\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ScreenshotResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/screenshot/region\": {\n \"get\": {\n \"description\": \"Take a screenshot of a specific region of the screen\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Take a region screenshot\",\n \"operationId\": \"TakeRegionScreenshot\",\n \"parameters\": [\n {\n \"type\": \"integer\",\n \"description\": \"X coordinate of the region\",\n \"name\": \"x\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"integer\",\n \"description\": \"Y coordinate of the region\",\n \"name\": \"y\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"integer\",\n \"description\": \"Width of the region\",\n \"name\": \"width\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"integer\",\n \"description\": \"Height of the region\",\n \"name\": \"height\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"boolean\",\n \"description\": \"Whether to show cursor in screenshot\",\n \"name\": \"showCursor\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ScreenshotResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/screenshot/region/compressed\": {\n \"get\": {\n \"description\": \"Take a compressed screenshot of a specific region of the screen\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Take a compressed region screenshot\",\n \"operationId\": \"TakeCompressedRegionScreenshot\",\n \"parameters\": [\n {\n \"type\": \"integer\",\n \"description\": \"X coordinate of the region\",\n \"name\": \"x\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"integer\",\n \"description\": \"Y coordinate of the region\",\n \"name\": \"y\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"integer\",\n \"description\": \"Width of the region\",\n \"name\": \"width\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"integer\",\n \"description\": \"Height of the region\",\n \"name\": \"height\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"boolean\",\n \"description\": \"Whether to show cursor in screenshot\",\n \"name\": \"showCursor\",\n \"in\": \"query\"\n },\n {\n \"type\": \"string\",\n \"description\": \"Image format (png or jpeg)\",\n \"name\": \"format\",\n \"in\": \"query\"\n },\n {\n \"type\": \"integer\",\n \"description\": \"JPEG quality (1-100)\",\n \"name\": \"quality\",\n \"in\": \"query\"\n },\n {\n \"type\": \"number\",\n \"description\": \"Scale factor (0.1-1.0)\",\n \"name\": \"scale\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ScreenshotResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/start\": {\n \"post\": {\n \"description\": \"Start all computer use processes and return their status\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Start computer use processes\",\n \"operationId\": \"StartComputerUse\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ComputerUseStartResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/status\": {\n \"get\": {\n \"description\": \"Get the current status of the computer use system\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Get computer use status\",\n \"operationId\": \"GetComputerUseSystemStatus\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ComputerUseStatusResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/stop\": {\n \"post\": {\n \"description\": \"Stop all computer use processes and return their status\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"computer-use\"\n ],\n \"summary\": \"Stop computer use processes\",\n \"operationId\": \"StopComputerUse\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ComputerUseStopResponse\"\n }\n }\n }\n }\n },\n \"/files\": {\n \"get\": {\n \"description\": \"List files and directories in the specified path\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"file-system\"\n ],\n \"summary\": \"List files and directories\",\n \"operationId\": \"ListFiles\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Directory path to list (defaults to working directory)\",\n \"name\": \"path\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/FileInfo\"\n }\n }\n }\n }\n },\n \"delete\": {\n \"description\": \"Delete a file or directory at the specified path\",\n \"tags\": [\n \"file-system\"\n ],\n \"summary\": \"Delete a file or directory\",\n \"operationId\": \"DeleteFile\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"File or directory path to delete\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"boolean\",\n \"description\": \"Enable recursive deletion for directories\",\n \"name\": \"recursive\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"204\": {\n \"description\": \"No Content\"\n }\n }\n }\n },\n \"/files/bulk-download\": {\n \"post\": {\n \"description\": \"Download multiple files by providing their paths\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"multipart/form-data\"\n ],\n \"tags\": [\n \"file-system\"\n ],\n \"summary\": \"Download multiple files\",\n \"operationId\": \"DownloadFiles\",\n \"parameters\": [\n {\n \"description\": \"Paths of files to download\",\n \"name\": \"downloadFiles\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/FilesDownloadRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/gin.H\"\n }\n }\n }\n }\n },\n \"/files/bulk-upload\": {\n \"post\": {\n \"description\": \"Upload multiple files with their destination paths\",\n \"consumes\": [\n \"multipart/form-data\"\n ],\n \"tags\": [\n \"file-system\"\n ],\n \"summary\": \"Upload multiple files\",\n \"operationId\": \"UploadFiles\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/files/download\": {\n \"get\": {\n \"description\": \"Download a file by providing its path\",\n \"produces\": [\n \"application/octet-stream\"\n ],\n \"tags\": [\n \"file-system\"\n ],\n \"summary\": \"Download a file\",\n \"operationId\": \"DownloadFile\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"File path to download\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"file\"\n }\n }\n }\n }\n },\n \"/files/find\": {\n \"get\": {\n \"description\": \"Search for text pattern within files in a directory\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"file-system\"\n ],\n \"summary\": \"Find text in files\",\n \"operationId\": \"FindInFiles\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Directory path to search in\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Text pattern to search for\",\n \"name\": \"pattern\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/Match\"\n }\n }\n }\n }\n }\n },\n \"/files/folder\": {\n \"post\": {\n \"description\": \"Create a folder with the specified path and optional permissions\",\n \"consumes\": [\n \"application/json\"\n ],\n \"tags\": [\n \"file-system\"\n ],\n \"summary\": \"Create a folder\",\n \"operationId\": \"CreateFolder\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Folder path to create\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Octal permission mode (default: 0755)\",\n \"name\": \"mode\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"201\": {\n \"description\": \"Created\"\n }\n }\n }\n },\n \"/files/info\": {\n \"get\": {\n \"description\": \"Get detailed information about a file or directory\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"file-system\"\n ],\n \"summary\": \"Get file information\",\n \"operationId\": \"GetFileInfo\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"File or directory path\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/FileInfo\"\n }\n }\n }\n }\n },\n \"/files/move\": {\n \"post\": {\n \"description\": \"Move or rename a file or directory from source to destination\",\n \"tags\": [\n \"file-system\"\n ],\n \"summary\": \"Move or rename file/directory\",\n \"operationId\": \"MoveFile\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Source file or directory path\",\n \"name\": \"source\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Destination file or directory path\",\n \"name\": \"destination\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/files/permissions\": {\n \"post\": {\n \"description\": \"Set file permissions, ownership, and group for a file or directory\",\n \"tags\": [\n \"file-system\"\n ],\n \"summary\": \"Set file permissions\",\n \"operationId\": \"SetFilePermissions\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"File or directory path\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Owner (username or UID)\",\n \"name\": \"owner\",\n \"in\": \"query\"\n },\n {\n \"type\": \"string\",\n \"description\": \"Group (group name or GID)\",\n \"name\": \"group\",\n \"in\": \"query\"\n },\n {\n \"type\": \"string\",\n \"description\": \"File mode in octal format (e.g., 0755)\",\n \"name\": \"mode\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/files/replace\": {\n \"post\": {\n \"description\": \"Replace text pattern with new value in multiple files\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"file-system\"\n ],\n \"summary\": \"Replace text in files\",\n \"operationId\": \"ReplaceInFiles\",\n \"parameters\": [\n {\n \"description\": \"Replace request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/ReplaceRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/ReplaceResult\"\n }\n }\n }\n }\n }\n },\n \"/files/search\": {\n \"get\": {\n \"description\": \"Search for files matching a specific pattern in a directory\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"file-system\"\n ],\n \"summary\": \"Search files by pattern\",\n \"operationId\": \"SearchFiles\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Directory path to search in\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"File pattern to match (e.g., *.txt, *.go)\",\n \"name\": \"pattern\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/SearchFilesResponse\"\n }\n }\n }\n }\n },\n \"/files/upload\": {\n \"post\": {\n \"description\": \"Upload a file to the specified path\",\n \"consumes\": [\n \"multipart/form-data\"\n ],\n \"tags\": [\n \"file-system\"\n ],\n \"summary\": \"Upload a file\",\n \"operationId\": \"UploadFile\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Destination path for the uploaded file\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"file\",\n \"description\": \"File to upload\",\n \"name\": \"file\",\n \"in\": \"formData\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/gin.H\"\n }\n }\n }\n }\n },\n \"/git/add\": {\n \"post\": {\n \"description\": \"Add files to the Git staging area\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"git\"\n ],\n \"summary\": \"Add files to Git staging\",\n \"operationId\": \"AddFiles\",\n \"parameters\": [\n {\n \"description\": \"Add files request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitAddRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/git/branches\": {\n \"get\": {\n \"description\": \"Get a list of all branches in the Git repository\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"git\"\n ],\n \"summary\": \"List branches\",\n \"operationId\": \"ListBranches\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Repository path\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ListBranchResponse\"\n }\n }\n }\n },\n \"post\": {\n \"description\": \"Create a new branch in the Git repository\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"git\"\n ],\n \"summary\": \"Create a new branch\",\n \"operationId\": \"CreateBranch\",\n \"parameters\": [\n {\n \"description\": \"Create branch request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitBranchRequest\"\n }\n }\n ],\n \"responses\": {\n \"201\": {\n \"description\": \"Created\"\n }\n }\n },\n \"delete\": {\n \"description\": \"Delete a branch from the Git repository\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"git\"\n ],\n \"summary\": \"Delete a branch\",\n \"operationId\": \"DeleteBranch\",\n \"parameters\": [\n {\n \"description\": \"Delete branch request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/git.GitDeleteBranchRequest\"\n }\n }\n ],\n \"responses\": {\n \"204\": {\n \"description\": \"No Content\"\n }\n }\n }\n },\n \"/git/checkout\": {\n \"post\": {\n \"description\": \"Switch to a different branch or commit in the Git repository\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"git\"\n ],\n \"summary\": \"Checkout branch or commit\",\n \"operationId\": \"CheckoutBranch\",\n \"parameters\": [\n {\n \"description\": \"Checkout request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitCheckoutRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/git/clone\": {\n \"post\": {\n \"description\": \"Clone a Git repository to the specified path\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"git\"\n ],\n \"summary\": \"Clone a Git repository\",\n \"operationId\": \"CloneRepository\",\n \"parameters\": [\n {\n \"description\": \"Clone repository request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitCloneRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/git/commit\": {\n \"post\": {\n \"description\": \"Commit staged changes to the Git repository\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"git\"\n ],\n \"summary\": \"Commit changes\",\n \"operationId\": \"CommitChanges\",\n \"parameters\": [\n {\n \"description\": \"Commit request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitCommitRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/GitCommitResponse\"\n }\n }\n }\n }\n },\n \"/git/history\": {\n \"get\": {\n \"description\": \"Get the commit history of the Git repository\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"git\"\n ],\n \"summary\": \"Get commit history\",\n \"operationId\": \"GetCommitHistory\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Repository path\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/GitCommitInfo\"\n }\n }\n }\n }\n }\n },\n \"/git/pull\": {\n \"post\": {\n \"description\": \"Pull changes from the remote Git repository\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"git\"\n ],\n \"summary\": \"Pull changes from remote\",\n \"operationId\": \"PullChanges\",\n \"parameters\": [\n {\n \"description\": \"Pull request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitRepoRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/git/push\": {\n \"post\": {\n \"description\": \"Push local changes to the remote Git repository\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"git\"\n ],\n \"summary\": \"Push changes to remote\",\n \"operationId\": \"PushChanges\",\n \"parameters\": [\n {\n \"description\": \"Push request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitRepoRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/git/status\": {\n \"get\": {\n \"description\": \"Get the Git status of the repository at the specified path\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"git\"\n ],\n \"summary\": \"Get Git status\",\n \"operationId\": \"GetStatus\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Repository path\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/GitStatus\"\n }\n }\n }\n }\n },\n \"/init\": {\n \"post\": {\n \"description\": \"Set the auth token and initialize telemetry for the toolbox server\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"server\"\n ],\n \"summary\": \"Initialize toolbox server\",\n \"operationId\": \"Initialize\",\n \"parameters\": [\n {\n \"description\": \"Initialization request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/InitializeRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/lsp/completions\": {\n \"post\": {\n \"description\": \"Get code completion suggestions from the LSP server\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"lsp\"\n ],\n \"summary\": \"Get code completions\",\n \"operationId\": \"Completions\",\n \"parameters\": [\n {\n \"description\": \"Completion request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/LspCompletionParams\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/CompletionList\"\n }\n }\n }\n }\n },\n \"/lsp/did-close\": {\n \"post\": {\n \"description\": \"Notify the LSP server that a document has been closed\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"lsp\"\n ],\n \"summary\": \"Notify document closed\",\n \"operationId\": \"DidClose\",\n \"parameters\": [\n {\n \"description\": \"Document request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/LspDocumentRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/lsp/did-open\": {\n \"post\": {\n \"description\": \"Notify the LSP server that a document has been opened\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"lsp\"\n ],\n \"summary\": \"Notify document opened\",\n \"operationId\": \"DidOpen\",\n \"parameters\": [\n {\n \"description\": \"Document request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/LspDocumentRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/lsp/document-symbols\": {\n \"get\": {\n \"description\": \"Get symbols (functions, classes, etc.) from a document\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"lsp\"\n ],\n \"summary\": \"Get document symbols\",\n \"operationId\": \"DocumentSymbols\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Language ID (e.g., python, typescript)\",\n \"name\": \"languageId\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Path to project\",\n \"name\": \"pathToProject\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Document URI\",\n \"name\": \"uri\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/LspSymbol\"\n }\n }\n }\n }\n }\n },\n \"/lsp/start\": {\n \"post\": {\n \"description\": \"Start a Language Server Protocol server for the specified language\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"lsp\"\n ],\n \"summary\": \"Start LSP server\",\n \"operationId\": \"Start\",\n \"parameters\": [\n {\n \"description\": \"LSP server request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/LspServerRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/lsp/stop\": {\n \"post\": {\n \"description\": \"Stop a Language Server Protocol server\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"lsp\"\n ],\n \"summary\": \"Stop LSP server\",\n \"operationId\": \"Stop\",\n \"parameters\": [\n {\n \"description\": \"LSP server request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/LspServerRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/lsp/workspacesymbols\": {\n \"get\": {\n \"description\": \"Search for symbols across the entire workspace\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"lsp\"\n ],\n \"summary\": \"Get workspace symbols\",\n \"operationId\": \"WorkspaceSymbols\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Search query\",\n \"name\": \"query\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Language ID (e.g., python, typescript)\",\n \"name\": \"languageId\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Path to project\",\n \"name\": \"pathToProject\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/LspSymbol\"\n }\n }\n }\n }\n }\n },\n \"/port\": {\n \"get\": {\n \"description\": \"Get a list of all currently active ports\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"port\"\n ],\n \"summary\": \"Get active ports\",\n \"operationId\": \"GetPorts\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/PortList\"\n }\n }\n }\n }\n },\n \"/port/{port}/in-use\": {\n \"get\": {\n \"description\": \"Check if a specific port is currently in use\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"port\"\n ],\n \"summary\": \"Check if port is in use\",\n \"operationId\": \"IsPortInUse\",\n \"parameters\": [\n {\n \"type\": \"integer\",\n \"description\": \"Port number (3000-9999)\",\n \"name\": \"port\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/IsPortInUseResponse\"\n }\n }\n }\n }\n },\n \"/process/execute\": {\n \"post\": {\n \"description\": \"Execute a shell command and return the output and exit code\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Execute a command\",\n \"operationId\": \"ExecuteCommand\",\n \"parameters\": [\n {\n \"description\": \"Command execution request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/ExecuteRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ExecuteResponse\"\n }\n }\n }\n }\n },\n \"/process/interpreter/context\": {\n \"get\": {\n \"description\": \"Returns information about all user-created interpreter contexts (excludes default context)\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"interpreter\"\n ],\n \"summary\": \"List all user-created interpreter contexts\",\n \"operationId\": \"ListInterpreterContexts\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ListContextsResponse\"\n }\n }\n }\n },\n \"post\": {\n \"description\": \"Creates a new isolated interpreter context with optional working directory and language\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"interpreter\"\n ],\n \"summary\": \"Create a new interpreter context\",\n \"operationId\": \"CreateInterpreterContext\",\n \"parameters\": [\n {\n \"description\": \"Context configuration\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/CreateContextRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/InterpreterContext\"\n }\n },\n \"400\": {\n \"description\": \"Bad Request\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"500\": {\n \"description\": \"Internal Server Error\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/process/interpreter/context/{id}\": {\n \"delete\": {\n \"description\": \"Deletes an interpreter context and shuts down its worker process\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"interpreter\"\n ],\n \"summary\": \"Delete an interpreter context\",\n \"operationId\": \"DeleteInterpreterContext\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Context ID\",\n \"name\": \"id\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"400\": {\n \"description\": \"Bad Request\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"404\": {\n \"description\": \"Not Found\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/process/interpreter/execute\": {\n \"get\": {\n \"description\": \"Executes code in a specified context (or default context if not specified) via WebSocket streaming\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"interpreter\"\n ],\n \"summary\": \"Execute code in an interpreter context\",\n \"operationId\": \"ExecuteInterpreterCode\",\n \"responses\": {\n \"101\": {\n \"description\": \"Switching Protocols\",\n \"schema\": {\n \"type\": \"string\"\n },\n \"headers\": {\n \"Connection\": {\n \"type\": \"string\",\n \"description\": \"Upgrade\"\n },\n \"Upgrade\": {\n \"type\": \"string\",\n \"description\": \"websocket\"\n }\n }\n }\n }\n }\n },\n \"/process/pty\": {\n \"get\": {\n \"description\": \"Get a list of all active pseudo-terminal sessions\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"List all PTY sessions\",\n \"operationId\": \"ListPtySessions\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/PtyListResponse\"\n }\n }\n }\n },\n \"post\": {\n \"description\": \"Create a new pseudo-terminal session with specified configuration\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Create a new PTY session\",\n \"operationId\": \"CreatePtySession\",\n \"parameters\": [\n {\n \"description\": \"PTY session creation request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/PtyCreateRequest\"\n }\n }\n ],\n \"responses\": {\n \"201\": {\n \"description\": \"Created\",\n \"schema\": {\n \"$ref\": \"#/definitions/PtyCreateResponse\"\n }\n }\n }\n }\n },\n \"/process/pty/{sessionId}\": {\n \"get\": {\n \"description\": \"Get detailed information about a specific pseudo-terminal session\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Get PTY session information\",\n \"operationId\": \"GetPtySession\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"PTY session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/PtySessionInfo\"\n }\n }\n }\n },\n \"delete\": {\n \"description\": \"Delete a pseudo-terminal session and terminate its process\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Delete a PTY session\",\n \"operationId\": \"DeletePtySession\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"PTY session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/gin.H\"\n }\n }\n }\n }\n },\n \"/process/pty/{sessionId}/connect\": {\n \"get\": {\n \"description\": \"Establish a WebSocket connection to interact with a pseudo-terminal session\",\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Connect to PTY session via WebSocket\",\n \"operationId\": \"ConnectPtySession\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"PTY session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"101\": {\n \"description\": \"Switching Protocols - WebSocket connection established\"\n }\n }\n }\n },\n \"/process/pty/{sessionId}/resize\": {\n \"post\": {\n \"description\": \"Resize the terminal dimensions of a pseudo-terminal session\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Resize a PTY session\",\n \"operationId\": \"ResizePtySession\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"PTY session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"description\": \"Resize request with new dimensions\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/PtyResizeRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/PtySessionInfo\"\n }\n }\n }\n }\n },\n \"/process/session\": {\n \"get\": {\n \"description\": \"Get a list of all active shell sessions\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"List all sessions\",\n \"operationId\": \"ListSessions\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/Session\"\n }\n }\n }\n }\n },\n \"post\": {\n \"description\": \"Create a new shell session for command execution\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Create a new session\",\n \"operationId\": \"CreateSession\",\n \"parameters\": [\n {\n \"description\": \"Session creation request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/CreateSessionRequest\"\n }\n }\n ],\n \"responses\": {\n \"201\": {\n \"description\": \"Created\"\n }\n }\n }\n },\n \"/process/session/entrypoint\": {\n \"get\": {\n \"description\": \"Get details of an entrypoint session including its commands\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Get entrypoint session details\",\n \"operationId\": \"GetEntrypointSession\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Session\"\n }\n }\n }\n }\n },\n \"/process/session/entrypoint/logs\": {\n \"get\": {\n \"description\": \"Get logs for a sandbox entrypoint session. Supports both HTTP and WebSocket streaming.\",\n \"produces\": [\n \"text/plain\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Get entrypoint logs\",\n \"operationId\": \"GetEntrypointLogs\",\n \"parameters\": [\n {\n \"type\": \"boolean\",\n \"description\": \"Follow logs in real-time (WebSocket only)\",\n \"name\": \"follow\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"Entrypoint log content\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n }\n }\n },\n \"/process/session/{sessionId}\": {\n \"get\": {\n \"description\": \"Get details of a specific session including its commands\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Get session details\",\n \"operationId\": \"GetSession\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Session\"\n }\n }\n }\n },\n \"delete\": {\n \"description\": \"Delete an existing shell session\",\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Delete a session\",\n \"operationId\": \"DeleteSession\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"204\": {\n \"description\": \"No Content\"\n }\n }\n }\n },\n \"/process/session/{sessionId}/command/{commandId}\": {\n \"get\": {\n \"description\": \"Get details of a specific command within a session\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Get session command details\",\n \"operationId\": \"GetSessionCommand\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Command ID\",\n \"name\": \"commandId\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Command\"\n }\n }\n }\n }\n },\n \"/process/session/{sessionId}/command/{commandId}/input\": {\n \"post\": {\n \"description\": \"Send input data to a running command in a session for interactive execution\",\n \"consumes\": [\n \"application/json\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Send input to command\",\n \"operationId\": \"SendInput\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Command ID\",\n \"name\": \"commandId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"description\": \"Input send request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/SessionSendInputRequest\"\n }\n }\n ],\n \"responses\": {\n \"204\": {\n \"description\": \"No Content\"\n }\n }\n }\n },\n \"/process/session/{sessionId}/command/{commandId}/logs\": {\n \"get\": {\n \"description\": \"Get logs for a specific command within a session. Supports both HTTP and WebSocket streaming.\",\n \"produces\": [\n \"text/plain\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Get session command logs\",\n \"operationId\": \"GetSessionCommandLogs\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Command ID\",\n \"name\": \"commandId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"type\": \"boolean\",\n \"description\": \"Follow logs in real-time (WebSocket only)\",\n \"name\": \"follow\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"Log content\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n }\n }\n },\n \"/process/session/{sessionId}/exec\": {\n \"post\": {\n \"description\": \"Execute a command within an existing shell session\",\n \"consumes\": [\n \"application/json\"\n ],\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"process\"\n ],\n \"summary\": \"Execute command in session\",\n \"operationId\": \"SessionExecuteCommand\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"description\": \"Command execution request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/SessionExecuteRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/SessionExecuteResponse\"\n }\n },\n \"202\": {\n \"description\": \"Accepted\",\n \"schema\": {\n \"$ref\": \"#/definitions/SessionExecuteResponse\"\n }\n }\n }\n }\n },\n \"/user-home-dir\": {\n \"get\": {\n \"description\": \"Get the current user home directory path.\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"info\"\n ],\n \"summary\": \"Get user home directory\",\n \"operationId\": \"GetUserHomeDir\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/UserHomeDirResponse\"\n }\n }\n }\n }\n },\n \"/version\": {\n \"get\": {\n \"description\": \"Get the current daemon version\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"info\"\n ],\n \"summary\": \"Get version\",\n \"operationId\": \"GetVersion\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/work-dir\": {\n \"get\": {\n \"description\": \"Get the current working directory path. This is default directory used for running commands.\",\n \"produces\": [\n \"application/json\"\n ],\n \"tags\": [\n \"info\"\n ],\n \"summary\": \"Get working directory\",\n \"operationId\": \"GetWorkDir\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/WorkDirResponse\"\n }\n }\n }\n }\n }\n },\n \"definitions\": {\n \"Command\": {\n \"type\": \"object\",\n \"required\": [\n \"command\",\n \"id\"\n ],\n \"properties\": {\n \"command\": {\n \"type\": \"string\"\n },\n \"exitCode\": {\n \"type\": \"integer\"\n },\n \"id\": {\n \"type\": \"string\"\n }\n }\n },\n \"CompletionContext\": {\n \"type\": \"object\",\n \"required\": [\n \"triggerKind\"\n ],\n \"properties\": {\n \"triggerCharacter\": {\n \"type\": \"string\"\n },\n \"triggerKind\": {\n \"type\": \"integer\"\n }\n }\n },\n \"CompletionItem\": {\n \"type\": \"object\",\n \"required\": [\n \"label\"\n ],\n \"properties\": {\n \"detail\": {\n \"type\": \"string\"\n },\n \"documentation\": {},\n \"filterText\": {\n \"type\": \"string\"\n },\n \"insertText\": {\n \"type\": \"string\"\n },\n \"kind\": {\n \"type\": \"integer\"\n },\n \"label\": {\n \"type\": \"string\"\n },\n \"sortText\": {\n \"type\": \"string\"\n }\n }\n },\n \"CompletionList\": {\n \"type\": \"object\",\n \"required\": [\n \"isIncomplete\",\n \"items\"\n ],\n \"properties\": {\n \"isIncomplete\": {\n \"type\": \"boolean\"\n },\n \"items\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/CompletionItem\"\n }\n }\n }\n },\n \"ComputerUseStartResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"message\": {\n \"type\": \"string\"\n },\n \"status\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"$ref\": \"#/definitions/ProcessStatus\"\n }\n }\n }\n },\n \"ComputerUseStatusResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"string\"\n }\n }\n },\n \"ComputerUseStopResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"message\": {\n \"type\": \"string\"\n },\n \"status\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"$ref\": \"#/definitions/ProcessStatus\"\n }\n }\n }\n },\n \"CreateContextRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"cwd\": {\n \"type\": \"string\"\n },\n \"language\": {\n \"type\": \"string\"\n }\n }\n },\n \"CreateSessionRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"sessionId\"\n ],\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n }\n }\n },\n \"DisplayInfo\": {\n \"type\": \"object\",\n \"properties\": {\n \"height\": {\n \"type\": \"integer\"\n },\n \"id\": {\n \"type\": \"integer\"\n },\n \"isActive\": {\n \"type\": \"boolean\"\n },\n \"width\": {\n \"type\": \"integer\"\n },\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"DisplayInfoResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"displays\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/DisplayInfo\"\n }\n }\n }\n },\n \"Empty\": {\n \"type\": \"object\"\n },\n \"ExecuteRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"command\"\n ],\n \"properties\": {\n \"command\": {\n \"type\": \"string\"\n },\n \"cwd\": {\n \"description\": \"Current working directory\",\n \"type\": \"string\"\n },\n \"timeout\": {\n \"description\": \"Timeout in seconds, defaults to 10 seconds\",\n \"type\": \"integer\"\n }\n }\n },\n \"ExecuteResponse\": {\n \"type\": \"object\",\n \"required\": [\n \"result\"\n ],\n \"properties\": {\n \"exitCode\": {\n \"type\": \"integer\"\n },\n \"result\": {\n \"type\": \"string\"\n }\n }\n },\n \"FileInfo\": {\n \"type\": \"object\",\n \"required\": [\n \"group\",\n \"isDir\",\n \"modTime\",\n \"mode\",\n \"name\",\n \"owner\",\n \"permissions\",\n \"size\"\n ],\n \"properties\": {\n \"group\": {\n \"type\": \"string\"\n },\n \"isDir\": {\n \"type\": \"boolean\"\n },\n \"modTime\": {\n \"type\": \"string\"\n },\n \"mode\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"owner\": {\n \"type\": \"string\"\n },\n \"permissions\": {\n \"type\": \"string\"\n },\n \"size\": {\n \"type\": \"integer\"\n }\n }\n },\n \"FileStatus\": {\n \"type\": \"object\",\n \"required\": [\n \"extra\",\n \"name\",\n \"staging\",\n \"worktree\"\n ],\n \"properties\": {\n \"extra\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"staging\": {\n \"$ref\": \"#/definitions/Status\"\n },\n \"worktree\": {\n \"$ref\": \"#/definitions/Status\"\n }\n }\n },\n \"FilesDownloadRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"paths\"\n ],\n \"properties\": {\n \"paths\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"GitAddRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"files\",\n \"path\"\n ],\n \"properties\": {\n \"files\": {\n \"description\": \"files to add (use . for all files)\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"path\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitBranchRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"name\",\n \"path\"\n ],\n \"properties\": {\n \"name\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitCheckoutRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"branch\",\n \"path\"\n ],\n \"properties\": {\n \"branch\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitCloneRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"path\",\n \"url\"\n ],\n \"properties\": {\n \"branch\": {\n \"type\": \"string\"\n },\n \"commit_id\": {\n \"type\": \"string\"\n },\n \"password\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"string\"\n },\n \"url\": {\n \"type\": \"string\"\n },\n \"username\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitCommitInfo\": {\n \"type\": \"object\",\n \"required\": [\n \"author\",\n \"email\",\n \"hash\",\n \"message\",\n \"timestamp\"\n ],\n \"properties\": {\n \"author\": {\n \"type\": \"string\"\n },\n \"email\": {\n \"type\": \"string\"\n },\n \"hash\": {\n \"type\": \"string\"\n },\n \"message\": {\n \"type\": \"string\"\n },\n \"timestamp\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitCommitRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"author\",\n \"email\",\n \"message\",\n \"path\"\n ],\n \"properties\": {\n \"allow_empty\": {\n \"type\": \"boolean\"\n },\n \"author\": {\n \"type\": \"string\"\n },\n \"email\": {\n \"type\": \"string\"\n },\n \"message\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitCommitResponse\": {\n \"type\": \"object\",\n \"required\": [\n \"hash\"\n ],\n \"properties\": {\n \"hash\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitRepoRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"path\"\n ],\n \"properties\": {\n \"password\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"string\"\n },\n \"username\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitStatus\": {\n \"type\": \"object\",\n \"required\": [\n \"currentBranch\",\n \"fileStatus\"\n ],\n \"properties\": {\n \"ahead\": {\n \"type\": \"integer\"\n },\n \"behind\": {\n \"type\": \"integer\"\n },\n \"branchPublished\": {\n \"type\": \"boolean\"\n },\n \"currentBranch\": {\n \"type\": \"string\"\n },\n \"fileStatus\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/FileStatus\"\n }\n }\n }\n },\n \"InitializeRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"token\"\n ],\n \"properties\": {\n \"token\": {\n \"type\": \"string\"\n }\n }\n },\n \"InterpreterContext\": {\n \"type\": \"object\",\n \"required\": [\n \"active\",\n \"createdAt\",\n \"cwd\",\n \"id\",\n \"language\"\n ],\n \"properties\": {\n \"active\": {\n \"type\": \"boolean\"\n },\n \"createdAt\": {\n \"type\": \"string\"\n },\n \"cwd\": {\n \"type\": \"string\"\n },\n \"id\": {\n \"type\": \"string\"\n },\n \"language\": {\n \"type\": \"string\"\n }\n }\n },\n \"IsPortInUseResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"isInUse\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"KeyboardHotkeyRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"keys\": {\n \"description\": \"e.g., \\\"ctrl+c\\\", \\\"cmd+v\\\"\",\n \"type\": \"string\"\n }\n }\n },\n \"KeyboardPressRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"key\": {\n \"type\": \"string\"\n },\n \"modifiers\": {\n \"description\": \"ctrl, alt, shift, cmd\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"KeyboardTypeRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"delay\": {\n \"description\": \"milliseconds between keystrokes\",\n \"type\": \"integer\"\n },\n \"text\": {\n \"type\": \"string\"\n }\n }\n },\n \"ListBranchResponse\": {\n \"type\": \"object\",\n \"required\": [\n \"branches\"\n ],\n \"properties\": {\n \"branches\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"ListContextsResponse\": {\n \"type\": \"object\",\n \"required\": [\n \"contexts\"\n ],\n \"properties\": {\n \"contexts\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/InterpreterContext\"\n }\n }\n }\n },\n \"ListRecordingsResponse\": {\n \"type\": \"object\",\n \"required\": [\n \"recordings\"\n ],\n \"properties\": {\n \"recordings\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/Recording\"\n }\n }\n }\n },\n \"LspCompletionParams\": {\n \"type\": \"object\",\n \"required\": [\n \"languageId\",\n \"pathToProject\",\n \"position\",\n \"uri\"\n ],\n \"properties\": {\n \"context\": {\n \"$ref\": \"#/definitions/CompletionContext\"\n },\n \"languageId\": {\n \"type\": \"string\"\n },\n \"pathToProject\": {\n \"type\": \"string\"\n },\n \"position\": {\n \"$ref\": \"#/definitions/LspPosition\"\n },\n \"uri\": {\n \"type\": \"string\"\n }\n }\n },\n \"LspDocumentRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"languageId\",\n \"pathToProject\",\n \"uri\"\n ],\n \"properties\": {\n \"languageId\": {\n \"type\": \"string\"\n },\n \"pathToProject\": {\n \"type\": \"string\"\n },\n \"uri\": {\n \"type\": \"string\"\n }\n }\n },\n \"LspLocation\": {\n \"type\": \"object\",\n \"required\": [\n \"range\",\n \"uri\"\n ],\n \"properties\": {\n \"range\": {\n \"$ref\": \"#/definitions/LspRange\"\n },\n \"uri\": {\n \"type\": \"string\"\n }\n }\n },\n \"LspPosition\": {\n \"type\": \"object\",\n \"required\": [\n \"character\",\n \"line\"\n ],\n \"properties\": {\n \"character\": {\n \"type\": \"integer\"\n },\n \"line\": {\n \"type\": \"integer\"\n }\n }\n },\n \"LspRange\": {\n \"type\": \"object\",\n \"required\": [\n \"end\",\n \"start\"\n ],\n \"properties\": {\n \"end\": {\n \"$ref\": \"#/definitions/LspPosition\"\n },\n \"start\": {\n \"$ref\": \"#/definitions/LspPosition\"\n }\n }\n },\n \"LspServerRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"languageId\",\n \"pathToProject\"\n ],\n \"properties\": {\n \"languageId\": {\n \"type\": \"string\"\n },\n \"pathToProject\": {\n \"type\": \"string\"\n }\n }\n },\n \"LspSymbol\": {\n \"type\": \"object\",\n \"required\": [\n \"kind\",\n \"location\",\n \"name\"\n ],\n \"properties\": {\n \"kind\": {\n \"type\": \"integer\"\n },\n \"location\": {\n \"$ref\": \"#/definitions/LspLocation\"\n },\n \"name\": {\n \"type\": \"string\"\n }\n }\n },\n \"Match\": {\n \"type\": \"object\",\n \"required\": [\n \"content\",\n \"file\",\n \"line\"\n ],\n \"properties\": {\n \"content\": {\n \"type\": \"string\"\n },\n \"file\": {\n \"type\": \"string\"\n },\n \"line\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MouseClickRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"button\": {\n \"description\": \"left, right, middle\",\n \"type\": \"string\"\n },\n \"double\": {\n \"type\": \"boolean\"\n },\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MouseClickResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MouseDragRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"button\": {\n \"type\": \"string\"\n },\n \"endX\": {\n \"type\": \"integer\"\n },\n \"endY\": {\n \"type\": \"integer\"\n },\n \"startX\": {\n \"type\": \"integer\"\n },\n \"startY\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MouseDragResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MouseMoveRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MousePositionResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MouseScrollRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"amount\": {\n \"type\": \"integer\"\n },\n \"direction\": {\n \"description\": \"up, down\",\n \"type\": \"string\"\n },\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"PortList\": {\n \"type\": \"object\",\n \"properties\": {\n \"ports\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"integer\"\n }\n }\n }\n },\n \"Position\": {\n \"type\": \"object\",\n \"properties\": {\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"ProcessErrorsResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"errors\": {\n \"type\": \"string\"\n },\n \"processName\": {\n \"type\": \"string\"\n }\n }\n },\n \"ProcessLogsResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"logs\": {\n \"type\": \"string\"\n },\n \"processName\": {\n \"type\": \"string\"\n }\n }\n },\n \"ProcessRestartResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"message\": {\n \"type\": \"string\"\n },\n \"processName\": {\n \"type\": \"string\"\n }\n }\n },\n \"ProcessStatus\": {\n \"type\": \"object\",\n \"properties\": {\n \"autoRestart\": {\n \"type\": \"boolean\"\n },\n \"pid\": {\n \"type\": \"integer\"\n },\n \"priority\": {\n \"type\": \"integer\"\n },\n \"running\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"ProcessStatusResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"processName\": {\n \"type\": \"string\"\n },\n \"running\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"PtyCreateRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"cols\": {\n \"type\": \"integer\"\n },\n \"cwd\": {\n \"type\": \"string\"\n },\n \"envs\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n },\n \"id\": {\n \"type\": \"string\"\n },\n \"lazyStart\": {\n \"description\": \"Don't start PTY until first client connects\",\n \"type\": \"boolean\"\n },\n \"rows\": {\n \"type\": \"integer\"\n }\n }\n },\n \"PtyCreateResponse\": {\n \"type\": \"object\",\n \"required\": [\n \"sessionId\"\n ],\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n }\n }\n },\n \"PtyListResponse\": {\n \"type\": \"object\",\n \"required\": [\n \"sessions\"\n ],\n \"properties\": {\n \"sessions\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/PtySessionInfo\"\n }\n }\n }\n },\n \"PtyResizeRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"cols\",\n \"rows\"\n ],\n \"properties\": {\n \"cols\": {\n \"type\": \"integer\",\n \"maximum\": 1000,\n \"minimum\": 1\n },\n \"rows\": {\n \"type\": \"integer\",\n \"maximum\": 1000,\n \"minimum\": 1\n }\n }\n },\n \"PtySessionInfo\": {\n \"type\": \"object\",\n \"required\": [\n \"active\",\n \"cols\",\n \"createdAt\",\n \"cwd\",\n \"envs\",\n \"id\",\n \"lazyStart\",\n \"rows\"\n ],\n \"properties\": {\n \"active\": {\n \"type\": \"boolean\"\n },\n \"cols\": {\n \"type\": \"integer\"\n },\n \"createdAt\": {\n \"type\": \"string\"\n },\n \"cwd\": {\n \"type\": \"string\"\n },\n \"envs\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n },\n \"id\": {\n \"type\": \"string\"\n },\n \"lazyStart\": {\n \"description\": \"Whether this session uses lazy start\",\n \"type\": \"boolean\"\n },\n \"rows\": {\n \"type\": \"integer\"\n }\n }\n },\n \"Recording\": {\n \"type\": \"object\",\n \"required\": [\n \"fileName\",\n \"filePath\",\n \"id\",\n \"startTime\",\n \"status\"\n ],\n \"properties\": {\n \"durationSeconds\": {\n \"type\": \"number\"\n },\n \"endTime\": {\n \"type\": \"string\"\n },\n \"fileName\": {\n \"type\": \"string\"\n },\n \"filePath\": {\n \"type\": \"string\"\n },\n \"id\": {\n \"type\": \"string\"\n },\n \"sizeBytes\": {\n \"type\": \"integer\"\n },\n \"startTime\": {\n \"type\": \"string\"\n },\n \"status\": {\n \"type\": \"string\"\n }\n }\n },\n \"ReplaceRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"files\",\n \"newValue\",\n \"pattern\"\n ],\n \"properties\": {\n \"files\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"newValue\": {\n \"type\": \"string\"\n },\n \"pattern\": {\n \"type\": \"string\"\n }\n }\n },\n \"ReplaceResult\": {\n \"type\": \"object\",\n \"properties\": {\n \"error\": {\n \"type\": \"string\"\n },\n \"file\": {\n \"type\": \"string\"\n },\n \"success\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"ScreenshotResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"cursorPosition\": {\n \"$ref\": \"#/definitions/Position\"\n },\n \"screenshot\": {\n \"type\": \"string\"\n },\n \"sizeBytes\": {\n \"type\": \"integer\"\n }\n }\n },\n \"ScrollResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"success\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"SearchFilesResponse\": {\n \"type\": \"object\",\n \"required\": [\n \"files\"\n ],\n \"properties\": {\n \"files\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"Session\": {\n \"type\": \"object\",\n \"required\": [\n \"commands\",\n \"sessionId\"\n ],\n \"properties\": {\n \"commands\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/Command\"\n }\n },\n \"sessionId\": {\n \"type\": \"string\"\n }\n }\n },\n \"SessionExecuteRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"command\"\n ],\n \"properties\": {\n \"async\": {\n \"type\": \"boolean\"\n },\n \"command\": {\n \"type\": \"string\"\n },\n \"runAsync\": {\n \"type\": \"boolean\"\n },\n \"suppressInputEcho\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"SessionExecuteResponse\": {\n \"type\": \"object\",\n \"required\": [\n \"cmdId\"\n ],\n \"properties\": {\n \"cmdId\": {\n \"type\": \"string\"\n },\n \"exitCode\": {\n \"type\": \"integer\"\n },\n \"output\": {\n \"type\": \"string\"\n },\n \"stderr\": {\n \"type\": \"string\"\n },\n \"stdout\": {\n \"type\": \"string\"\n }\n }\n },\n \"SessionSendInputRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"data\"\n ],\n \"properties\": {\n \"data\": {\n \"type\": \"string\"\n }\n }\n },\n \"StartRecordingRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"label\": {\n \"type\": \"string\"\n }\n }\n },\n \"Status\": {\n \"type\": \"string\",\n \"enum\": [\n \"Unmodified\",\n \"Untracked\",\n \"Modified\",\n \"Added\",\n \"Deleted\",\n \"Renamed\",\n \"Copied\",\n \"Updated but unmerged\"\n ],\n \"x-enum-varnames\": [\n \"Unmodified\",\n \"Untracked\",\n \"Modified\",\n \"Added\",\n \"Deleted\",\n \"Renamed\",\n \"Copied\",\n \"UpdatedButUnmerged\"\n ]\n },\n \"StopRecordingRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"id\"\n ],\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n }\n }\n },\n \"UserHomeDirResponse\": {\n \"type\": \"object\",\n \"required\": [\n \"dir\"\n ],\n \"properties\": {\n \"dir\": {\n \"type\": \"string\"\n }\n }\n },\n \"WindowInfo\": {\n \"type\": \"object\",\n \"properties\": {\n \"height\": {\n \"type\": \"integer\"\n },\n \"id\": {\n \"type\": \"integer\"\n },\n \"isActive\": {\n \"type\": \"boolean\"\n },\n \"title\": {\n \"type\": \"string\"\n },\n \"width\": {\n \"type\": \"integer\"\n },\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"WindowsResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"windows\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/WindowInfo\"\n }\n }\n }\n },\n \"WorkDirResponse\": {\n \"type\": \"object\",\n \"required\": [\n \"dir\"\n ],\n \"properties\": {\n \"dir\": {\n \"type\": \"string\"\n }\n }\n },\n \"gin.H\": {\n \"type\": \"object\",\n \"additionalProperties\": {}\n },\n \"git.GitDeleteBranchRequest\": {\n \"type\": \"object\",\n \"required\": [\n \"name\",\n \"path\"\n ],\n \"properties\": {\n \"name\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"string\"\n }\n }\n }\n }\n}`\n\n// SwaggerInfo holds exported Swagger Info so clients can modify it\nvar SwaggerInfo = &swag.Spec{\n\tVersion: \"v0.0.0-dev\",\n\tHost: \"\",\n\tBasePath: \"\",\n\tSchemes: []string{},\n\tTitle: \"Daytona Toolbox API\",\n\tDescription: \"Daytona Toolbox API\",\n\tInfoInstanceName: \"swagger\",\n\tSwaggerTemplate: docTemplate,\n\tLeftDelim: \"{{\",\n\tRightDelim: \"}}\",\n}\n\nfunc init() {\n\tswag.Register(SwaggerInfo.InstanceName(), SwaggerInfo)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/docs/swagger.json", "content": "{\n \"swagger\": \"2.0\",\n \"info\": {\n \"description\": \"Daytona Toolbox API\",\n \"title\": \"Daytona Toolbox API\",\n \"contact\": {},\n \"version\": \"v0.0.0-dev\"\n },\n \"paths\": {\n \"/computeruse/display/info\": {\n \"get\": {\n \"description\": \"Get information about all available displays\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Get display information\",\n \"operationId\": \"GetDisplayInfo\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/DisplayInfoResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/display/windows\": {\n \"get\": {\n \"description\": \"Get information about all open windows\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Get windows information\",\n \"operationId\": \"GetWindows\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/WindowsResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/keyboard/hotkey\": {\n \"post\": {\n \"description\": \"Press a hotkey combination (e.g., ctrl+c, cmd+v)\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Press hotkey\",\n \"operationId\": \"PressHotkey\",\n \"parameters\": [\n {\n \"description\": \"Hotkey press request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/KeyboardHotkeyRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Empty\"\n }\n }\n }\n }\n },\n \"/computeruse/keyboard/key\": {\n \"post\": {\n \"description\": \"Press a key with optional modifiers\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Press key\",\n \"operationId\": \"PressKey\",\n \"parameters\": [\n {\n \"description\": \"Key press request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/KeyboardPressRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Empty\"\n }\n }\n }\n }\n },\n \"/computeruse/keyboard/type\": {\n \"post\": {\n \"description\": \"Type text with optional delay between keystrokes\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Type text\",\n \"operationId\": \"TypeText\",\n \"parameters\": [\n {\n \"description\": \"Text typing request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/KeyboardTypeRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Empty\"\n }\n }\n }\n }\n },\n \"/computeruse/mouse/click\": {\n \"post\": {\n \"description\": \"Click the mouse button at the specified coordinates\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Click mouse button\",\n \"operationId\": \"Click\",\n \"parameters\": [\n {\n \"description\": \"Mouse click request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/MouseClickRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/MouseClickResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/mouse/drag\": {\n \"post\": {\n \"description\": \"Drag the mouse from start to end coordinates\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Drag mouse\",\n \"operationId\": \"Drag\",\n \"parameters\": [\n {\n \"description\": \"Mouse drag request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/MouseDragRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/MouseDragResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/mouse/move\": {\n \"post\": {\n \"description\": \"Move the mouse cursor to the specified coordinates\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Move mouse cursor\",\n \"operationId\": \"MoveMouse\",\n \"parameters\": [\n {\n \"description\": \"Mouse move request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/MouseMoveRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/MousePositionResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/mouse/position\": {\n \"get\": {\n \"description\": \"Get the current mouse cursor position\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Get mouse position\",\n \"operationId\": \"GetMousePosition\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/MousePositionResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/mouse/scroll\": {\n \"post\": {\n \"description\": \"Scroll the mouse wheel at the specified coordinates\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Scroll mouse wheel\",\n \"operationId\": \"Scroll\",\n \"parameters\": [\n {\n \"description\": \"Mouse scroll request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/MouseScrollRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ScrollResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/process-status\": {\n \"get\": {\n \"description\": \"Get the status of all computer use processes\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Get computer use process status\",\n \"operationId\": \"GetComputerUseStatus\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ComputerUseStatusResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/process/{processName}/errors\": {\n \"get\": {\n \"description\": \"Get errors for a specific computer use process\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Get process errors\",\n \"operationId\": \"GetProcessErrors\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Process name to get errors for\",\n \"name\": \"processName\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ProcessErrorsResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/process/{processName}/logs\": {\n \"get\": {\n \"description\": \"Get logs for a specific computer use process\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Get process logs\",\n \"operationId\": \"GetProcessLogs\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Process name to get logs for\",\n \"name\": \"processName\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ProcessLogsResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/process/{processName}/restart\": {\n \"post\": {\n \"description\": \"Restart a specific computer use process\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Restart specific process\",\n \"operationId\": \"RestartProcess\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Process name to restart\",\n \"name\": \"processName\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ProcessRestartResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/process/{processName}/status\": {\n \"get\": {\n \"description\": \"Check if a specific computer use process is running\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Get specific process status\",\n \"operationId\": \"GetProcessStatus\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Process name to check\",\n \"name\": \"processName\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ProcessStatusResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/recordings\": {\n \"get\": {\n \"description\": \"Get a list of all recordings (active and completed)\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"List all recordings\",\n \"operationId\": \"ListRecordings\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ListRecordingsResponse\"\n }\n },\n \"500\": {\n \"description\": \"Internal Server Error\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/computeruse/recordings/start\": {\n \"post\": {\n \"description\": \"Start a new screen recording session\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Start a new recording\",\n \"operationId\": \"StartRecording\",\n \"parameters\": [\n {\n \"description\": \"Recording options\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"schema\": {\n \"$ref\": \"#/definitions/StartRecordingRequest\"\n }\n }\n ],\n \"responses\": {\n \"201\": {\n \"description\": \"Created\",\n \"schema\": {\n \"$ref\": \"#/definitions/Recording\"\n }\n },\n \"400\": {\n \"description\": \"Bad Request\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"500\": {\n \"description\": \"Internal Server Error\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/computeruse/recordings/stop\": {\n \"post\": {\n \"description\": \"Stop an active screen recording session\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Stop a recording\",\n \"operationId\": \"StopRecording\",\n \"parameters\": [\n {\n \"description\": \"Recording ID to stop\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/StopRecordingRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Recording\"\n }\n },\n \"400\": {\n \"description\": \"Bad Request\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"404\": {\n \"description\": \"Not Found\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/computeruse/recordings/{id}\": {\n \"get\": {\n \"description\": \"Get details of a specific recording by ID\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Get recording details\",\n \"operationId\": \"GetRecording\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Recording ID\",\n \"name\": \"id\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Recording\"\n }\n },\n \"404\": {\n \"description\": \"Not Found\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"500\": {\n \"description\": \"Internal Server Error\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n },\n \"delete\": {\n \"description\": \"Delete a recording file by ID\",\n \"tags\": [\"computer-use\"],\n \"summary\": \"Delete a recording\",\n \"operationId\": \"DeleteRecording\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Recording ID\",\n \"name\": \"id\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"204\": {\n \"description\": \"No Content\"\n },\n \"400\": {\n \"description\": \"Bad Request\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"404\": {\n \"description\": \"Not Found\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"500\": {\n \"description\": \"Internal Server Error\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/computeruse/recordings/{id}/download\": {\n \"get\": {\n \"description\": \"Download a recording by providing its ID\",\n \"produces\": [\"application/octet-stream\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Download a recording\",\n \"operationId\": \"DownloadRecording\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Recording ID\",\n \"name\": \"id\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"file\"\n }\n },\n \"404\": {\n \"description\": \"Not Found\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"500\": {\n \"description\": \"Internal Server Error\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/computeruse/screenshot\": {\n \"get\": {\n \"description\": \"Take a screenshot of the entire screen\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Take a screenshot\",\n \"operationId\": \"TakeScreenshot\",\n \"parameters\": [\n {\n \"type\": \"boolean\",\n \"description\": \"Whether to show cursor in screenshot\",\n \"name\": \"showCursor\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ScreenshotResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/screenshot/compressed\": {\n \"get\": {\n \"description\": \"Take a compressed screenshot of the entire screen\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Take a compressed screenshot\",\n \"operationId\": \"TakeCompressedScreenshot\",\n \"parameters\": [\n {\n \"type\": \"boolean\",\n \"description\": \"Whether to show cursor in screenshot\",\n \"name\": \"showCursor\",\n \"in\": \"query\"\n },\n {\n \"type\": \"string\",\n \"description\": \"Image format (png or jpeg)\",\n \"name\": \"format\",\n \"in\": \"query\"\n },\n {\n \"type\": \"integer\",\n \"description\": \"JPEG quality (1-100)\",\n \"name\": \"quality\",\n \"in\": \"query\"\n },\n {\n \"type\": \"number\",\n \"description\": \"Scale factor (0.1-1.0)\",\n \"name\": \"scale\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ScreenshotResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/screenshot/region\": {\n \"get\": {\n \"description\": \"Take a screenshot of a specific region of the screen\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Take a region screenshot\",\n \"operationId\": \"TakeRegionScreenshot\",\n \"parameters\": [\n {\n \"type\": \"integer\",\n \"description\": \"X coordinate of the region\",\n \"name\": \"x\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"integer\",\n \"description\": \"Y coordinate of the region\",\n \"name\": \"y\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"integer\",\n \"description\": \"Width of the region\",\n \"name\": \"width\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"integer\",\n \"description\": \"Height of the region\",\n \"name\": \"height\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"boolean\",\n \"description\": \"Whether to show cursor in screenshot\",\n \"name\": \"showCursor\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ScreenshotResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/screenshot/region/compressed\": {\n \"get\": {\n \"description\": \"Take a compressed screenshot of a specific region of the screen\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Take a compressed region screenshot\",\n \"operationId\": \"TakeCompressedRegionScreenshot\",\n \"parameters\": [\n {\n \"type\": \"integer\",\n \"description\": \"X coordinate of the region\",\n \"name\": \"x\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"integer\",\n \"description\": \"Y coordinate of the region\",\n \"name\": \"y\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"integer\",\n \"description\": \"Width of the region\",\n \"name\": \"width\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"integer\",\n \"description\": \"Height of the region\",\n \"name\": \"height\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"boolean\",\n \"description\": \"Whether to show cursor in screenshot\",\n \"name\": \"showCursor\",\n \"in\": \"query\"\n },\n {\n \"type\": \"string\",\n \"description\": \"Image format (png or jpeg)\",\n \"name\": \"format\",\n \"in\": \"query\"\n },\n {\n \"type\": \"integer\",\n \"description\": \"JPEG quality (1-100)\",\n \"name\": \"quality\",\n \"in\": \"query\"\n },\n {\n \"type\": \"number\",\n \"description\": \"Scale factor (0.1-1.0)\",\n \"name\": \"scale\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ScreenshotResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/start\": {\n \"post\": {\n \"description\": \"Start all computer use processes and return their status\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Start computer use processes\",\n \"operationId\": \"StartComputerUse\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ComputerUseStartResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/status\": {\n \"get\": {\n \"description\": \"Get the current status of the computer use system\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Get computer use status\",\n \"operationId\": \"GetComputerUseSystemStatus\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ComputerUseStatusResponse\"\n }\n }\n }\n }\n },\n \"/computeruse/stop\": {\n \"post\": {\n \"description\": \"Stop all computer use processes and return their status\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"computer-use\"],\n \"summary\": \"Stop computer use processes\",\n \"operationId\": \"StopComputerUse\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ComputerUseStopResponse\"\n }\n }\n }\n }\n },\n \"/files\": {\n \"get\": {\n \"description\": \"List files and directories in the specified path\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"file-system\"],\n \"summary\": \"List files and directories\",\n \"operationId\": \"ListFiles\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Directory path to list (defaults to working directory)\",\n \"name\": \"path\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/FileInfo\"\n }\n }\n }\n }\n },\n \"delete\": {\n \"description\": \"Delete a file or directory at the specified path\",\n \"tags\": [\"file-system\"],\n \"summary\": \"Delete a file or directory\",\n \"operationId\": \"DeleteFile\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"File or directory path to delete\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"boolean\",\n \"description\": \"Enable recursive deletion for directories\",\n \"name\": \"recursive\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"204\": {\n \"description\": \"No Content\"\n }\n }\n }\n },\n \"/files/bulk-download\": {\n \"post\": {\n \"description\": \"Download multiple files by providing their paths\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"multipart/form-data\"],\n \"tags\": [\"file-system\"],\n \"summary\": \"Download multiple files\",\n \"operationId\": \"DownloadFiles\",\n \"parameters\": [\n {\n \"description\": \"Paths of files to download\",\n \"name\": \"downloadFiles\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/FilesDownloadRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/gin.H\"\n }\n }\n }\n }\n },\n \"/files/bulk-upload\": {\n \"post\": {\n \"description\": \"Upload multiple files with their destination paths\",\n \"consumes\": [\"multipart/form-data\"],\n \"tags\": [\"file-system\"],\n \"summary\": \"Upload multiple files\",\n \"operationId\": \"UploadFiles\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/files/download\": {\n \"get\": {\n \"description\": \"Download a file by providing its path\",\n \"produces\": [\"application/octet-stream\"],\n \"tags\": [\"file-system\"],\n \"summary\": \"Download a file\",\n \"operationId\": \"DownloadFile\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"File path to download\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"file\"\n }\n }\n }\n }\n },\n \"/files/find\": {\n \"get\": {\n \"description\": \"Search for text pattern within files in a directory\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"file-system\"],\n \"summary\": \"Find text in files\",\n \"operationId\": \"FindInFiles\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Directory path to search in\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Text pattern to search for\",\n \"name\": \"pattern\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/Match\"\n }\n }\n }\n }\n }\n },\n \"/files/folder\": {\n \"post\": {\n \"description\": \"Create a folder with the specified path and optional permissions\",\n \"consumes\": [\"application/json\"],\n \"tags\": [\"file-system\"],\n \"summary\": \"Create a folder\",\n \"operationId\": \"CreateFolder\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Folder path to create\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Octal permission mode (default: 0755)\",\n \"name\": \"mode\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"201\": {\n \"description\": \"Created\"\n }\n }\n }\n },\n \"/files/info\": {\n \"get\": {\n \"description\": \"Get detailed information about a file or directory\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"file-system\"],\n \"summary\": \"Get file information\",\n \"operationId\": \"GetFileInfo\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"File or directory path\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/FileInfo\"\n }\n }\n }\n }\n },\n \"/files/move\": {\n \"post\": {\n \"description\": \"Move or rename a file or directory from source to destination\",\n \"tags\": [\"file-system\"],\n \"summary\": \"Move or rename file/directory\",\n \"operationId\": \"MoveFile\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Source file or directory path\",\n \"name\": \"source\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Destination file or directory path\",\n \"name\": \"destination\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/files/permissions\": {\n \"post\": {\n \"description\": \"Set file permissions, ownership, and group for a file or directory\",\n \"tags\": [\"file-system\"],\n \"summary\": \"Set file permissions\",\n \"operationId\": \"SetFilePermissions\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"File or directory path\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Owner (username or UID)\",\n \"name\": \"owner\",\n \"in\": \"query\"\n },\n {\n \"type\": \"string\",\n \"description\": \"Group (group name or GID)\",\n \"name\": \"group\",\n \"in\": \"query\"\n },\n {\n \"type\": \"string\",\n \"description\": \"File mode in octal format (e.g., 0755)\",\n \"name\": \"mode\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/files/replace\": {\n \"post\": {\n \"description\": \"Replace text pattern with new value in multiple files\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"file-system\"],\n \"summary\": \"Replace text in files\",\n \"operationId\": \"ReplaceInFiles\",\n \"parameters\": [\n {\n \"description\": \"Replace request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/ReplaceRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/ReplaceResult\"\n }\n }\n }\n }\n }\n },\n \"/files/search\": {\n \"get\": {\n \"description\": \"Search for files matching a specific pattern in a directory\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"file-system\"],\n \"summary\": \"Search files by pattern\",\n \"operationId\": \"SearchFiles\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Directory path to search in\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"File pattern to match (e.g., *.txt, *.go)\",\n \"name\": \"pattern\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/SearchFilesResponse\"\n }\n }\n }\n }\n },\n \"/files/upload\": {\n \"post\": {\n \"description\": \"Upload a file to the specified path\",\n \"consumes\": [\"multipart/form-data\"],\n \"tags\": [\"file-system\"],\n \"summary\": \"Upload a file\",\n \"operationId\": \"UploadFile\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Destination path for the uploaded file\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"file\",\n \"description\": \"File to upload\",\n \"name\": \"file\",\n \"in\": \"formData\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/gin.H\"\n }\n }\n }\n }\n },\n \"/git/add\": {\n \"post\": {\n \"description\": \"Add files to the Git staging area\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"git\"],\n \"summary\": \"Add files to Git staging\",\n \"operationId\": \"AddFiles\",\n \"parameters\": [\n {\n \"description\": \"Add files request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitAddRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/git/branches\": {\n \"get\": {\n \"description\": \"Get a list of all branches in the Git repository\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"git\"],\n \"summary\": \"List branches\",\n \"operationId\": \"ListBranches\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Repository path\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ListBranchResponse\"\n }\n }\n }\n },\n \"post\": {\n \"description\": \"Create a new branch in the Git repository\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"git\"],\n \"summary\": \"Create a new branch\",\n \"operationId\": \"CreateBranch\",\n \"parameters\": [\n {\n \"description\": \"Create branch request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitBranchRequest\"\n }\n }\n ],\n \"responses\": {\n \"201\": {\n \"description\": \"Created\"\n }\n }\n },\n \"delete\": {\n \"description\": \"Delete a branch from the Git repository\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"git\"],\n \"summary\": \"Delete a branch\",\n \"operationId\": \"DeleteBranch\",\n \"parameters\": [\n {\n \"description\": \"Delete branch request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/git.GitDeleteBranchRequest\"\n }\n }\n ],\n \"responses\": {\n \"204\": {\n \"description\": \"No Content\"\n }\n }\n }\n },\n \"/git/checkout\": {\n \"post\": {\n \"description\": \"Switch to a different branch or commit in the Git repository\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"git\"],\n \"summary\": \"Checkout branch or commit\",\n \"operationId\": \"CheckoutBranch\",\n \"parameters\": [\n {\n \"description\": \"Checkout request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitCheckoutRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/git/clone\": {\n \"post\": {\n \"description\": \"Clone a Git repository to the specified path\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"git\"],\n \"summary\": \"Clone a Git repository\",\n \"operationId\": \"CloneRepository\",\n \"parameters\": [\n {\n \"description\": \"Clone repository request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitCloneRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/git/commit\": {\n \"post\": {\n \"description\": \"Commit staged changes to the Git repository\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"git\"],\n \"summary\": \"Commit changes\",\n \"operationId\": \"CommitChanges\",\n \"parameters\": [\n {\n \"description\": \"Commit request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitCommitRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/GitCommitResponse\"\n }\n }\n }\n }\n },\n \"/git/history\": {\n \"get\": {\n \"description\": \"Get the commit history of the Git repository\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"git\"],\n \"summary\": \"Get commit history\",\n \"operationId\": \"GetCommitHistory\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Repository path\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/GitCommitInfo\"\n }\n }\n }\n }\n }\n },\n \"/git/pull\": {\n \"post\": {\n \"description\": \"Pull changes from the remote Git repository\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"git\"],\n \"summary\": \"Pull changes from remote\",\n \"operationId\": \"PullChanges\",\n \"parameters\": [\n {\n \"description\": \"Pull request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitRepoRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/git/push\": {\n \"post\": {\n \"description\": \"Push local changes to the remote Git repository\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"git\"],\n \"summary\": \"Push changes to remote\",\n \"operationId\": \"PushChanges\",\n \"parameters\": [\n {\n \"description\": \"Push request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/GitRepoRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/git/status\": {\n \"get\": {\n \"description\": \"Get the Git status of the repository at the specified path\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"git\"],\n \"summary\": \"Get Git status\",\n \"operationId\": \"GetStatus\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Repository path\",\n \"name\": \"path\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/GitStatus\"\n }\n }\n }\n }\n },\n \"/init\": {\n \"post\": {\n \"description\": \"Set the auth token and initialize telemetry for the toolbox server\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"server\"],\n \"summary\": \"Initialize toolbox server\",\n \"operationId\": \"Initialize\",\n \"parameters\": [\n {\n \"description\": \"Initialization request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/InitializeRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/lsp/completions\": {\n \"post\": {\n \"description\": \"Get code completion suggestions from the LSP server\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"lsp\"],\n \"summary\": \"Get code completions\",\n \"operationId\": \"Completions\",\n \"parameters\": [\n {\n \"description\": \"Completion request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/LspCompletionParams\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/CompletionList\"\n }\n }\n }\n }\n },\n \"/lsp/did-close\": {\n \"post\": {\n \"description\": \"Notify the LSP server that a document has been closed\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"lsp\"],\n \"summary\": \"Notify document closed\",\n \"operationId\": \"DidClose\",\n \"parameters\": [\n {\n \"description\": \"Document request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/LspDocumentRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/lsp/did-open\": {\n \"post\": {\n \"description\": \"Notify the LSP server that a document has been opened\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"lsp\"],\n \"summary\": \"Notify document opened\",\n \"operationId\": \"DidOpen\",\n \"parameters\": [\n {\n \"description\": \"Document request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/LspDocumentRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/lsp/document-symbols\": {\n \"get\": {\n \"description\": \"Get symbols (functions, classes, etc.) from a document\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"lsp\"],\n \"summary\": \"Get document symbols\",\n \"operationId\": \"DocumentSymbols\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Language ID (e.g., python, typescript)\",\n \"name\": \"languageId\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Path to project\",\n \"name\": \"pathToProject\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Document URI\",\n \"name\": \"uri\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/LspSymbol\"\n }\n }\n }\n }\n }\n },\n \"/lsp/start\": {\n \"post\": {\n \"description\": \"Start a Language Server Protocol server for the specified language\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"lsp\"],\n \"summary\": \"Start LSP server\",\n \"operationId\": \"Start\",\n \"parameters\": [\n {\n \"description\": \"LSP server request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/LspServerRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/lsp/stop\": {\n \"post\": {\n \"description\": \"Stop a Language Server Protocol server\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"lsp\"],\n \"summary\": \"Stop LSP server\",\n \"operationId\": \"Stop\",\n \"parameters\": [\n {\n \"description\": \"LSP server request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/LspServerRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\"\n }\n }\n }\n },\n \"/lsp/workspacesymbols\": {\n \"get\": {\n \"description\": \"Search for symbols across the entire workspace\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"lsp\"],\n \"summary\": \"Get workspace symbols\",\n \"operationId\": \"WorkspaceSymbols\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Search query\",\n \"name\": \"query\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Language ID (e.g., python, typescript)\",\n \"name\": \"languageId\",\n \"in\": \"query\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Path to project\",\n \"name\": \"pathToProject\",\n \"in\": \"query\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/LspSymbol\"\n }\n }\n }\n }\n }\n },\n \"/port\": {\n \"get\": {\n \"description\": \"Get a list of all currently active ports\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"port\"],\n \"summary\": \"Get active ports\",\n \"operationId\": \"GetPorts\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/PortList\"\n }\n }\n }\n }\n },\n \"/port/{port}/in-use\": {\n \"get\": {\n \"description\": \"Check if a specific port is currently in use\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"port\"],\n \"summary\": \"Check if port is in use\",\n \"operationId\": \"IsPortInUse\",\n \"parameters\": [\n {\n \"type\": \"integer\",\n \"description\": \"Port number (3000-9999)\",\n \"name\": \"port\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/IsPortInUseResponse\"\n }\n }\n }\n }\n },\n \"/process/execute\": {\n \"post\": {\n \"description\": \"Execute a shell command and return the output and exit code\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"process\"],\n \"summary\": \"Execute a command\",\n \"operationId\": \"ExecuteCommand\",\n \"parameters\": [\n {\n \"description\": \"Command execution request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/ExecuteRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ExecuteResponse\"\n }\n }\n }\n }\n },\n \"/process/interpreter/context\": {\n \"get\": {\n \"description\": \"Returns information about all user-created interpreter contexts (excludes default context)\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"interpreter\"],\n \"summary\": \"List all user-created interpreter contexts\",\n \"operationId\": \"ListInterpreterContexts\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/ListContextsResponse\"\n }\n }\n }\n },\n \"post\": {\n \"description\": \"Creates a new isolated interpreter context with optional working directory and language\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"interpreter\"],\n \"summary\": \"Create a new interpreter context\",\n \"operationId\": \"CreateInterpreterContext\",\n \"parameters\": [\n {\n \"description\": \"Context configuration\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/CreateContextRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/InterpreterContext\"\n }\n },\n \"400\": {\n \"description\": \"Bad Request\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"500\": {\n \"description\": \"Internal Server Error\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/process/interpreter/context/{id}\": {\n \"delete\": {\n \"description\": \"Deletes an interpreter context and shuts down its worker process\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"interpreter\"],\n \"summary\": \"Delete an interpreter context\",\n \"operationId\": \"DeleteInterpreterContext\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Context ID\",\n \"name\": \"id\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"400\": {\n \"description\": \"Bad Request\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n },\n \"404\": {\n \"description\": \"Not Found\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/process/interpreter/execute\": {\n \"get\": {\n \"description\": \"Executes code in a specified context (or default context if not specified) via WebSocket streaming\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"interpreter\"],\n \"summary\": \"Execute code in an interpreter context\",\n \"operationId\": \"ExecuteInterpreterCode\",\n \"responses\": {\n \"101\": {\n \"description\": \"Switching Protocols\",\n \"schema\": {\n \"type\": \"string\"\n },\n \"headers\": {\n \"Connection\": {\n \"type\": \"string\",\n \"description\": \"Upgrade\"\n },\n \"Upgrade\": {\n \"type\": \"string\",\n \"description\": \"websocket\"\n }\n }\n }\n }\n }\n },\n \"/process/pty\": {\n \"get\": {\n \"description\": \"Get a list of all active pseudo-terminal sessions\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"process\"],\n \"summary\": \"List all PTY sessions\",\n \"operationId\": \"ListPtySessions\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/PtyListResponse\"\n }\n }\n }\n },\n \"post\": {\n \"description\": \"Create a new pseudo-terminal session with specified configuration\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"process\"],\n \"summary\": \"Create a new PTY session\",\n \"operationId\": \"CreatePtySession\",\n \"parameters\": [\n {\n \"description\": \"PTY session creation request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/PtyCreateRequest\"\n }\n }\n ],\n \"responses\": {\n \"201\": {\n \"description\": \"Created\",\n \"schema\": {\n \"$ref\": \"#/definitions/PtyCreateResponse\"\n }\n }\n }\n }\n },\n \"/process/pty/{sessionId}\": {\n \"get\": {\n \"description\": \"Get detailed information about a specific pseudo-terminal session\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"process\"],\n \"summary\": \"Get PTY session information\",\n \"operationId\": \"GetPtySession\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"PTY session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/PtySessionInfo\"\n }\n }\n }\n },\n \"delete\": {\n \"description\": \"Delete a pseudo-terminal session and terminate its process\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"process\"],\n \"summary\": \"Delete a PTY session\",\n \"operationId\": \"DeletePtySession\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"PTY session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/gin.H\"\n }\n }\n }\n }\n },\n \"/process/pty/{sessionId}/connect\": {\n \"get\": {\n \"description\": \"Establish a WebSocket connection to interact with a pseudo-terminal session\",\n \"tags\": [\"process\"],\n \"summary\": \"Connect to PTY session via WebSocket\",\n \"operationId\": \"ConnectPtySession\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"PTY session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"101\": {\n \"description\": \"Switching Protocols - WebSocket connection established\"\n }\n }\n }\n },\n \"/process/pty/{sessionId}/resize\": {\n \"post\": {\n \"description\": \"Resize the terminal dimensions of a pseudo-terminal session\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"process\"],\n \"summary\": \"Resize a PTY session\",\n \"operationId\": \"ResizePtySession\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"PTY session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"description\": \"Resize request with new dimensions\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/PtyResizeRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/PtySessionInfo\"\n }\n }\n }\n }\n },\n \"/process/session\": {\n \"get\": {\n \"description\": \"Get a list of all active shell sessions\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"process\"],\n \"summary\": \"List all sessions\",\n \"operationId\": \"ListSessions\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/Session\"\n }\n }\n }\n }\n },\n \"post\": {\n \"description\": \"Create a new shell session for command execution\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"process\"],\n \"summary\": \"Create a new session\",\n \"operationId\": \"CreateSession\",\n \"parameters\": [\n {\n \"description\": \"Session creation request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/CreateSessionRequest\"\n }\n }\n ],\n \"responses\": {\n \"201\": {\n \"description\": \"Created\"\n }\n }\n }\n },\n \"/process/session/entrypoint\": {\n \"get\": {\n \"description\": \"Get details of an entrypoint session including its commands\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"process\"],\n \"summary\": \"Get entrypoint session details\",\n \"operationId\": \"GetEntrypointSession\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Session\"\n }\n }\n }\n }\n },\n \"/process/session/entrypoint/logs\": {\n \"get\": {\n \"description\": \"Get logs for a sandbox entrypoint session. Supports both HTTP and WebSocket streaming.\",\n \"produces\": [\"text/plain\"],\n \"tags\": [\"process\"],\n \"summary\": \"Get entrypoint logs\",\n \"operationId\": \"GetEntrypointLogs\",\n \"parameters\": [\n {\n \"type\": \"boolean\",\n \"description\": \"Follow logs in real-time (WebSocket only)\",\n \"name\": \"follow\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"Entrypoint log content\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n }\n }\n },\n \"/process/session/{sessionId}\": {\n \"get\": {\n \"description\": \"Get details of a specific session including its commands\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"process\"],\n \"summary\": \"Get session details\",\n \"operationId\": \"GetSession\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Session\"\n }\n }\n }\n },\n \"delete\": {\n \"description\": \"Delete an existing shell session\",\n \"tags\": [\"process\"],\n \"summary\": \"Delete a session\",\n \"operationId\": \"DeleteSession\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"204\": {\n \"description\": \"No Content\"\n }\n }\n }\n },\n \"/process/session/{sessionId}/command/{commandId}\": {\n \"get\": {\n \"description\": \"Get details of a specific command within a session\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"process\"],\n \"summary\": \"Get session command details\",\n \"operationId\": \"GetSessionCommand\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Command ID\",\n \"name\": \"commandId\",\n \"in\": \"path\",\n \"required\": true\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/Command\"\n }\n }\n }\n }\n },\n \"/process/session/{sessionId}/command/{commandId}/input\": {\n \"post\": {\n \"description\": \"Send input data to a running command in a session for interactive execution\",\n \"consumes\": [\"application/json\"],\n \"tags\": [\"process\"],\n \"summary\": \"Send input to command\",\n \"operationId\": \"SendInput\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Command ID\",\n \"name\": \"commandId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"description\": \"Input send request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/SessionSendInputRequest\"\n }\n }\n ],\n \"responses\": {\n \"204\": {\n \"description\": \"No Content\"\n }\n }\n }\n },\n \"/process/session/{sessionId}/command/{commandId}/logs\": {\n \"get\": {\n \"description\": \"Get logs for a specific command within a session. Supports both HTTP and WebSocket streaming.\",\n \"produces\": [\"text/plain\"],\n \"tags\": [\"process\"],\n \"summary\": \"Get session command logs\",\n \"operationId\": \"GetSessionCommandLogs\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"type\": \"string\",\n \"description\": \"Command ID\",\n \"name\": \"commandId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"type\": \"boolean\",\n \"description\": \"Follow logs in real-time (WebSocket only)\",\n \"name\": \"follow\",\n \"in\": \"query\"\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"Log content\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n }\n }\n },\n \"/process/session/{sessionId}/exec\": {\n \"post\": {\n \"description\": \"Execute a command within an existing shell session\",\n \"consumes\": [\"application/json\"],\n \"produces\": [\"application/json\"],\n \"tags\": [\"process\"],\n \"summary\": \"Execute command in session\",\n \"operationId\": \"SessionExecuteCommand\",\n \"parameters\": [\n {\n \"type\": \"string\",\n \"description\": \"Session ID\",\n \"name\": \"sessionId\",\n \"in\": \"path\",\n \"required\": true\n },\n {\n \"description\": \"Command execution request\",\n \"name\": \"request\",\n \"in\": \"body\",\n \"required\": true,\n \"schema\": {\n \"$ref\": \"#/definitions/SessionExecuteRequest\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/SessionExecuteResponse\"\n }\n },\n \"202\": {\n \"description\": \"Accepted\",\n \"schema\": {\n \"$ref\": \"#/definitions/SessionExecuteResponse\"\n }\n }\n }\n }\n },\n \"/user-home-dir\": {\n \"get\": {\n \"description\": \"Get the current user home directory path.\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"info\"],\n \"summary\": \"Get user home directory\",\n \"operationId\": \"GetUserHomeDir\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/UserHomeDirResponse\"\n }\n }\n }\n }\n },\n \"/version\": {\n \"get\": {\n \"description\": \"Get the current daemon version\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"info\"],\n \"summary\": \"Get version\",\n \"operationId\": \"GetVersion\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n }\n }\n }\n }\n },\n \"/work-dir\": {\n \"get\": {\n \"description\": \"Get the current working directory path. This is default directory used for running commands.\",\n \"produces\": [\"application/json\"],\n \"tags\": [\"info\"],\n \"summary\": \"Get working directory\",\n \"operationId\": \"GetWorkDir\",\n \"responses\": {\n \"200\": {\n \"description\": \"OK\",\n \"schema\": {\n \"$ref\": \"#/definitions/WorkDirResponse\"\n }\n }\n }\n }\n }\n },\n \"definitions\": {\n \"Command\": {\n \"type\": \"object\",\n \"required\": [\"command\", \"id\"],\n \"properties\": {\n \"command\": {\n \"type\": \"string\"\n },\n \"exitCode\": {\n \"type\": \"integer\"\n },\n \"id\": {\n \"type\": \"string\"\n }\n }\n },\n \"CompletionContext\": {\n \"type\": \"object\",\n \"required\": [\"triggerKind\"],\n \"properties\": {\n \"triggerCharacter\": {\n \"type\": \"string\"\n },\n \"triggerKind\": {\n \"type\": \"integer\"\n }\n }\n },\n \"CompletionItem\": {\n \"type\": \"object\",\n \"required\": [\"label\"],\n \"properties\": {\n \"detail\": {\n \"type\": \"string\"\n },\n \"documentation\": {},\n \"filterText\": {\n \"type\": \"string\"\n },\n \"insertText\": {\n \"type\": \"string\"\n },\n \"kind\": {\n \"type\": \"integer\"\n },\n \"label\": {\n \"type\": \"string\"\n },\n \"sortText\": {\n \"type\": \"string\"\n }\n }\n },\n \"CompletionList\": {\n \"type\": \"object\",\n \"required\": [\"isIncomplete\", \"items\"],\n \"properties\": {\n \"isIncomplete\": {\n \"type\": \"boolean\"\n },\n \"items\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/CompletionItem\"\n }\n }\n }\n },\n \"ComputerUseStartResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"message\": {\n \"type\": \"string\"\n },\n \"status\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"$ref\": \"#/definitions/ProcessStatus\"\n }\n }\n }\n },\n \"ComputerUseStatusResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"string\"\n }\n }\n },\n \"ComputerUseStopResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"message\": {\n \"type\": \"string\"\n },\n \"status\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"$ref\": \"#/definitions/ProcessStatus\"\n }\n }\n }\n },\n \"CreateContextRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"cwd\": {\n \"type\": \"string\"\n },\n \"language\": {\n \"type\": \"string\"\n }\n }\n },\n \"CreateSessionRequest\": {\n \"type\": \"object\",\n \"required\": [\"sessionId\"],\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n }\n }\n },\n \"DisplayInfo\": {\n \"type\": \"object\",\n \"properties\": {\n \"height\": {\n \"type\": \"integer\"\n },\n \"id\": {\n \"type\": \"integer\"\n },\n \"isActive\": {\n \"type\": \"boolean\"\n },\n \"width\": {\n \"type\": \"integer\"\n },\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"DisplayInfoResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"displays\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/DisplayInfo\"\n }\n }\n }\n },\n \"Empty\": {\n \"type\": \"object\"\n },\n \"ExecuteRequest\": {\n \"type\": \"object\",\n \"required\": [\"command\"],\n \"properties\": {\n \"command\": {\n \"type\": \"string\"\n },\n \"cwd\": {\n \"description\": \"Current working directory\",\n \"type\": \"string\"\n },\n \"timeout\": {\n \"description\": \"Timeout in seconds, defaults to 10 seconds\",\n \"type\": \"integer\"\n }\n }\n },\n \"ExecuteResponse\": {\n \"type\": \"object\",\n \"required\": [\"result\"],\n \"properties\": {\n \"exitCode\": {\n \"type\": \"integer\"\n },\n \"result\": {\n \"type\": \"string\"\n }\n }\n },\n \"FileInfo\": {\n \"type\": \"object\",\n \"required\": [\"group\", \"isDir\", \"modTime\", \"mode\", \"name\", \"owner\", \"permissions\", \"size\"],\n \"properties\": {\n \"group\": {\n \"type\": \"string\"\n },\n \"isDir\": {\n \"type\": \"boolean\"\n },\n \"modTime\": {\n \"type\": \"string\"\n },\n \"mode\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"owner\": {\n \"type\": \"string\"\n },\n \"permissions\": {\n \"type\": \"string\"\n },\n \"size\": {\n \"type\": \"integer\"\n }\n }\n },\n \"FileStatus\": {\n \"type\": \"object\",\n \"required\": [\"extra\", \"name\", \"staging\", \"worktree\"],\n \"properties\": {\n \"extra\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"staging\": {\n \"$ref\": \"#/definitions/Status\"\n },\n \"worktree\": {\n \"$ref\": \"#/definitions/Status\"\n }\n }\n },\n \"FilesDownloadRequest\": {\n \"type\": \"object\",\n \"required\": [\"paths\"],\n \"properties\": {\n \"paths\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"GitAddRequest\": {\n \"type\": \"object\",\n \"required\": [\"files\", \"path\"],\n \"properties\": {\n \"files\": {\n \"description\": \"files to add (use . for all files)\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"path\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitBranchRequest\": {\n \"type\": \"object\",\n \"required\": [\"name\", \"path\"],\n \"properties\": {\n \"name\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitCheckoutRequest\": {\n \"type\": \"object\",\n \"required\": [\"branch\", \"path\"],\n \"properties\": {\n \"branch\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitCloneRequest\": {\n \"type\": \"object\",\n \"required\": [\"path\", \"url\"],\n \"properties\": {\n \"branch\": {\n \"type\": \"string\"\n },\n \"commit_id\": {\n \"type\": \"string\"\n },\n \"password\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"string\"\n },\n \"url\": {\n \"type\": \"string\"\n },\n \"username\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitCommitInfo\": {\n \"type\": \"object\",\n \"required\": [\"author\", \"email\", \"hash\", \"message\", \"timestamp\"],\n \"properties\": {\n \"author\": {\n \"type\": \"string\"\n },\n \"email\": {\n \"type\": \"string\"\n },\n \"hash\": {\n \"type\": \"string\"\n },\n \"message\": {\n \"type\": \"string\"\n },\n \"timestamp\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitCommitRequest\": {\n \"type\": \"object\",\n \"required\": [\"author\", \"email\", \"message\", \"path\"],\n \"properties\": {\n \"allow_empty\": {\n \"type\": \"boolean\"\n },\n \"author\": {\n \"type\": \"string\"\n },\n \"email\": {\n \"type\": \"string\"\n },\n \"message\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitCommitResponse\": {\n \"type\": \"object\",\n \"required\": [\"hash\"],\n \"properties\": {\n \"hash\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitRepoRequest\": {\n \"type\": \"object\",\n \"required\": [\"path\"],\n \"properties\": {\n \"password\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"string\"\n },\n \"username\": {\n \"type\": \"string\"\n }\n }\n },\n \"GitStatus\": {\n \"type\": \"object\",\n \"required\": [\"currentBranch\", \"fileStatus\"],\n \"properties\": {\n \"ahead\": {\n \"type\": \"integer\"\n },\n \"behind\": {\n \"type\": \"integer\"\n },\n \"branchPublished\": {\n \"type\": \"boolean\"\n },\n \"currentBranch\": {\n \"type\": \"string\"\n },\n \"fileStatus\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/FileStatus\"\n }\n }\n }\n },\n \"InitializeRequest\": {\n \"type\": \"object\",\n \"required\": [\"token\"],\n \"properties\": {\n \"token\": {\n \"type\": \"string\"\n }\n }\n },\n \"InterpreterContext\": {\n \"type\": \"object\",\n \"required\": [\"active\", \"createdAt\", \"cwd\", \"id\", \"language\"],\n \"properties\": {\n \"active\": {\n \"type\": \"boolean\"\n },\n \"createdAt\": {\n \"type\": \"string\"\n },\n \"cwd\": {\n \"type\": \"string\"\n },\n \"id\": {\n \"type\": \"string\"\n },\n \"language\": {\n \"type\": \"string\"\n }\n }\n },\n \"IsPortInUseResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"isInUse\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"KeyboardHotkeyRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"keys\": {\n \"description\": \"e.g., \\\"ctrl+c\\\", \\\"cmd+v\\\"\",\n \"type\": \"string\"\n }\n }\n },\n \"KeyboardPressRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"key\": {\n \"type\": \"string\"\n },\n \"modifiers\": {\n \"description\": \"ctrl, alt, shift, cmd\",\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"KeyboardTypeRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"delay\": {\n \"description\": \"milliseconds between keystrokes\",\n \"type\": \"integer\"\n },\n \"text\": {\n \"type\": \"string\"\n }\n }\n },\n \"ListBranchResponse\": {\n \"type\": \"object\",\n \"required\": [\"branches\"],\n \"properties\": {\n \"branches\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"ListContextsResponse\": {\n \"type\": \"object\",\n \"required\": [\"contexts\"],\n \"properties\": {\n \"contexts\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/InterpreterContext\"\n }\n }\n }\n },\n \"ListRecordingsResponse\": {\n \"type\": \"object\",\n \"required\": [\"recordings\"],\n \"properties\": {\n \"recordings\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/Recording\"\n }\n }\n }\n },\n \"LspCompletionParams\": {\n \"type\": \"object\",\n \"required\": [\"languageId\", \"pathToProject\", \"position\", \"uri\"],\n \"properties\": {\n \"context\": {\n \"$ref\": \"#/definitions/CompletionContext\"\n },\n \"languageId\": {\n \"type\": \"string\"\n },\n \"pathToProject\": {\n \"type\": \"string\"\n },\n \"position\": {\n \"$ref\": \"#/definitions/LspPosition\"\n },\n \"uri\": {\n \"type\": \"string\"\n }\n }\n },\n \"LspDocumentRequest\": {\n \"type\": \"object\",\n \"required\": [\"languageId\", \"pathToProject\", \"uri\"],\n \"properties\": {\n \"languageId\": {\n \"type\": \"string\"\n },\n \"pathToProject\": {\n \"type\": \"string\"\n },\n \"uri\": {\n \"type\": \"string\"\n }\n }\n },\n \"LspLocation\": {\n \"type\": \"object\",\n \"required\": [\"range\", \"uri\"],\n \"properties\": {\n \"range\": {\n \"$ref\": \"#/definitions/LspRange\"\n },\n \"uri\": {\n \"type\": \"string\"\n }\n }\n },\n \"LspPosition\": {\n \"type\": \"object\",\n \"required\": [\"character\", \"line\"],\n \"properties\": {\n \"character\": {\n \"type\": \"integer\"\n },\n \"line\": {\n \"type\": \"integer\"\n }\n }\n },\n \"LspRange\": {\n \"type\": \"object\",\n \"required\": [\"end\", \"start\"],\n \"properties\": {\n \"end\": {\n \"$ref\": \"#/definitions/LspPosition\"\n },\n \"start\": {\n \"$ref\": \"#/definitions/LspPosition\"\n }\n }\n },\n \"LspServerRequest\": {\n \"type\": \"object\",\n \"required\": [\"languageId\", \"pathToProject\"],\n \"properties\": {\n \"languageId\": {\n \"type\": \"string\"\n },\n \"pathToProject\": {\n \"type\": \"string\"\n }\n }\n },\n \"LspSymbol\": {\n \"type\": \"object\",\n \"required\": [\"kind\", \"location\", \"name\"],\n \"properties\": {\n \"kind\": {\n \"type\": \"integer\"\n },\n \"location\": {\n \"$ref\": \"#/definitions/LspLocation\"\n },\n \"name\": {\n \"type\": \"string\"\n }\n }\n },\n \"Match\": {\n \"type\": \"object\",\n \"required\": [\"content\", \"file\", \"line\"],\n \"properties\": {\n \"content\": {\n \"type\": \"string\"\n },\n \"file\": {\n \"type\": \"string\"\n },\n \"line\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MouseClickRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"button\": {\n \"description\": \"left, right, middle\",\n \"type\": \"string\"\n },\n \"double\": {\n \"type\": \"boolean\"\n },\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MouseClickResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MouseDragRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"button\": {\n \"type\": \"string\"\n },\n \"endX\": {\n \"type\": \"integer\"\n },\n \"endY\": {\n \"type\": \"integer\"\n },\n \"startX\": {\n \"type\": \"integer\"\n },\n \"startY\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MouseDragResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MouseMoveRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MousePositionResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"MouseScrollRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"amount\": {\n \"type\": \"integer\"\n },\n \"direction\": {\n \"description\": \"up, down\",\n \"type\": \"string\"\n },\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"PortList\": {\n \"type\": \"object\",\n \"properties\": {\n \"ports\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"integer\"\n }\n }\n }\n },\n \"Position\": {\n \"type\": \"object\",\n \"properties\": {\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"ProcessErrorsResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"errors\": {\n \"type\": \"string\"\n },\n \"processName\": {\n \"type\": \"string\"\n }\n }\n },\n \"ProcessLogsResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"logs\": {\n \"type\": \"string\"\n },\n \"processName\": {\n \"type\": \"string\"\n }\n }\n },\n \"ProcessRestartResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"message\": {\n \"type\": \"string\"\n },\n \"processName\": {\n \"type\": \"string\"\n }\n }\n },\n \"ProcessStatus\": {\n \"type\": \"object\",\n \"properties\": {\n \"autoRestart\": {\n \"type\": \"boolean\"\n },\n \"pid\": {\n \"type\": \"integer\"\n },\n \"priority\": {\n \"type\": \"integer\"\n },\n \"running\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"ProcessStatusResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"processName\": {\n \"type\": \"string\"\n },\n \"running\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"PtyCreateRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"cols\": {\n \"type\": \"integer\"\n },\n \"cwd\": {\n \"type\": \"string\"\n },\n \"envs\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n },\n \"id\": {\n \"type\": \"string\"\n },\n \"lazyStart\": {\n \"description\": \"Don't start PTY until first client connects\",\n \"type\": \"boolean\"\n },\n \"rows\": {\n \"type\": \"integer\"\n }\n }\n },\n \"PtyCreateResponse\": {\n \"type\": \"object\",\n \"required\": [\"sessionId\"],\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n }\n }\n },\n \"PtyListResponse\": {\n \"type\": \"object\",\n \"required\": [\"sessions\"],\n \"properties\": {\n \"sessions\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/PtySessionInfo\"\n }\n }\n }\n },\n \"PtyResizeRequest\": {\n \"type\": \"object\",\n \"required\": [\"cols\", \"rows\"],\n \"properties\": {\n \"cols\": {\n \"type\": \"integer\",\n \"maximum\": 1000,\n \"minimum\": 1\n },\n \"rows\": {\n \"type\": \"integer\",\n \"maximum\": 1000,\n \"minimum\": 1\n }\n }\n },\n \"PtySessionInfo\": {\n \"type\": \"object\",\n \"required\": [\"active\", \"cols\", \"createdAt\", \"cwd\", \"envs\", \"id\", \"lazyStart\", \"rows\"],\n \"properties\": {\n \"active\": {\n \"type\": \"boolean\"\n },\n \"cols\": {\n \"type\": \"integer\"\n },\n \"createdAt\": {\n \"type\": \"string\"\n },\n \"cwd\": {\n \"type\": \"string\"\n },\n \"envs\": {\n \"type\": \"object\",\n \"additionalProperties\": {\n \"type\": \"string\"\n }\n },\n \"id\": {\n \"type\": \"string\"\n },\n \"lazyStart\": {\n \"description\": \"Whether this session uses lazy start\",\n \"type\": \"boolean\"\n },\n \"rows\": {\n \"type\": \"integer\"\n }\n }\n },\n \"Recording\": {\n \"type\": \"object\",\n \"required\": [\"fileName\", \"filePath\", \"id\", \"startTime\", \"status\"],\n \"properties\": {\n \"durationSeconds\": {\n \"type\": \"number\"\n },\n \"endTime\": {\n \"type\": \"string\"\n },\n \"fileName\": {\n \"type\": \"string\"\n },\n \"filePath\": {\n \"type\": \"string\"\n },\n \"id\": {\n \"type\": \"string\"\n },\n \"sizeBytes\": {\n \"type\": \"integer\"\n },\n \"startTime\": {\n \"type\": \"string\"\n },\n \"status\": {\n \"type\": \"string\"\n }\n }\n },\n \"ReplaceRequest\": {\n \"type\": \"object\",\n \"required\": [\"files\", \"newValue\", \"pattern\"],\n \"properties\": {\n \"files\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"newValue\": {\n \"type\": \"string\"\n },\n \"pattern\": {\n \"type\": \"string\"\n }\n }\n },\n \"ReplaceResult\": {\n \"type\": \"object\",\n \"properties\": {\n \"error\": {\n \"type\": \"string\"\n },\n \"file\": {\n \"type\": \"string\"\n },\n \"success\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"ScreenshotResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"cursorPosition\": {\n \"$ref\": \"#/definitions/Position\"\n },\n \"screenshot\": {\n \"type\": \"string\"\n },\n \"sizeBytes\": {\n \"type\": \"integer\"\n }\n }\n },\n \"ScrollResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"success\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"SearchFilesResponse\": {\n \"type\": \"object\",\n \"required\": [\"files\"],\n \"properties\": {\n \"files\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"Session\": {\n \"type\": \"object\",\n \"required\": [\"commands\", \"sessionId\"],\n \"properties\": {\n \"commands\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/Command\"\n }\n },\n \"sessionId\": {\n \"type\": \"string\"\n }\n }\n },\n \"SessionExecuteRequest\": {\n \"type\": \"object\",\n \"required\": [\"command\"],\n \"properties\": {\n \"async\": {\n \"type\": \"boolean\"\n },\n \"command\": {\n \"type\": \"string\"\n },\n \"runAsync\": {\n \"type\": \"boolean\"\n },\n \"suppressInputEcho\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"SessionExecuteResponse\": {\n \"type\": \"object\",\n \"required\": [\"cmdId\"],\n \"properties\": {\n \"cmdId\": {\n \"type\": \"string\"\n },\n \"exitCode\": {\n \"type\": \"integer\"\n },\n \"output\": {\n \"type\": \"string\"\n },\n \"stderr\": {\n \"type\": \"string\"\n },\n \"stdout\": {\n \"type\": \"string\"\n }\n }\n },\n \"SessionSendInputRequest\": {\n \"type\": \"object\",\n \"required\": [\"data\"],\n \"properties\": {\n \"data\": {\n \"type\": \"string\"\n }\n }\n },\n \"StartRecordingRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"label\": {\n \"type\": \"string\"\n }\n }\n },\n \"Status\": {\n \"type\": \"string\",\n \"enum\": [\"Unmodified\", \"Untracked\", \"Modified\", \"Added\", \"Deleted\", \"Renamed\", \"Copied\", \"Updated but unmerged\"],\n \"x-enum-varnames\": [\n \"Unmodified\",\n \"Untracked\",\n \"Modified\",\n \"Added\",\n \"Deleted\",\n \"Renamed\",\n \"Copied\",\n \"UpdatedButUnmerged\"\n ]\n },\n \"StopRecordingRequest\": {\n \"type\": \"object\",\n \"required\": [\"id\"],\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n }\n }\n },\n \"UserHomeDirResponse\": {\n \"type\": \"object\",\n \"required\": [\"dir\"],\n \"properties\": {\n \"dir\": {\n \"type\": \"string\"\n }\n }\n },\n \"WindowInfo\": {\n \"type\": \"object\",\n \"properties\": {\n \"height\": {\n \"type\": \"integer\"\n },\n \"id\": {\n \"type\": \"integer\"\n },\n \"isActive\": {\n \"type\": \"boolean\"\n },\n \"title\": {\n \"type\": \"string\"\n },\n \"width\": {\n \"type\": \"integer\"\n },\n \"x\": {\n \"type\": \"integer\"\n },\n \"y\": {\n \"type\": \"integer\"\n }\n }\n },\n \"WindowsResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"windows\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/definitions/WindowInfo\"\n }\n }\n }\n },\n \"WorkDirResponse\": {\n \"type\": \"object\",\n \"required\": [\"dir\"],\n \"properties\": {\n \"dir\": {\n \"type\": \"string\"\n }\n }\n },\n \"gin.H\": {\n \"type\": \"object\",\n \"additionalProperties\": {}\n },\n \"git.GitDeleteBranchRequest\": {\n \"type\": \"object\",\n \"required\": [\"name\", \"path\"],\n \"properties\": {\n \"name\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"string\"\n }\n }\n }\n }\n}\n" }, { "path": "apps/daemon/pkg/toolbox/docs/swagger.yaml", "content": "definitions:\n Command:\n properties:\n command:\n type: string\n exitCode:\n type: integer\n id:\n type: string\n required:\n - command\n - id\n type: object\n CompletionContext:\n properties:\n triggerCharacter:\n type: string\n triggerKind:\n type: integer\n required:\n - triggerKind\n type: object\n CompletionItem:\n properties:\n detail:\n type: string\n documentation: {}\n filterText:\n type: string\n insertText:\n type: string\n kind:\n type: integer\n label:\n type: string\n sortText:\n type: string\n required:\n - label\n type: object\n CompletionList:\n properties:\n isIncomplete:\n type: boolean\n items:\n items:\n $ref: '#/definitions/CompletionItem'\n type: array\n required:\n - isIncomplete\n - items\n type: object\n ComputerUseStartResponse:\n properties:\n message:\n type: string\n status:\n additionalProperties:\n $ref: '#/definitions/ProcessStatus'\n type: object\n type: object\n ComputerUseStatusResponse:\n properties:\n status:\n type: string\n type: object\n ComputerUseStopResponse:\n properties:\n message:\n type: string\n status:\n additionalProperties:\n $ref: '#/definitions/ProcessStatus'\n type: object\n type: object\n CreateContextRequest:\n properties:\n cwd:\n type: string\n language:\n type: string\n type: object\n CreateSessionRequest:\n properties:\n sessionId:\n type: string\n required:\n - sessionId\n type: object\n DisplayInfo:\n properties:\n height:\n type: integer\n id:\n type: integer\n isActive:\n type: boolean\n width:\n type: integer\n x:\n type: integer\n 'y':\n type: integer\n type: object\n DisplayInfoResponse:\n properties:\n displays:\n items:\n $ref: '#/definitions/DisplayInfo'\n type: array\n type: object\n Empty:\n type: object\n ExecuteRequest:\n properties:\n command:\n type: string\n cwd:\n description: Current working directory\n type: string\n timeout:\n description: Timeout in seconds, defaults to 10 seconds\n type: integer\n required:\n - command\n type: object\n ExecuteResponse:\n properties:\n exitCode:\n type: integer\n result:\n type: string\n required:\n - result\n type: object\n FileInfo:\n properties:\n group:\n type: string\n isDir:\n type: boolean\n modTime:\n type: string\n mode:\n type: string\n name:\n type: string\n owner:\n type: string\n permissions:\n type: string\n size:\n type: integer\n required:\n - group\n - isDir\n - modTime\n - mode\n - name\n - owner\n - permissions\n - size\n type: object\n FileStatus:\n properties:\n extra:\n type: string\n name:\n type: string\n staging:\n $ref: '#/definitions/Status'\n worktree:\n $ref: '#/definitions/Status'\n required:\n - extra\n - name\n - staging\n - worktree\n type: object\n FilesDownloadRequest:\n properties:\n paths:\n items:\n type: string\n type: array\n required:\n - paths\n type: object\n GitAddRequest:\n properties:\n files:\n description: files to add (use . for all files)\n items:\n type: string\n type: array\n path:\n type: string\n required:\n - files\n - path\n type: object\n GitBranchRequest:\n properties:\n name:\n type: string\n path:\n type: string\n required:\n - name\n - path\n type: object\n GitCheckoutRequest:\n properties:\n branch:\n type: string\n path:\n type: string\n required:\n - branch\n - path\n type: object\n GitCloneRequest:\n properties:\n branch:\n type: string\n commit_id:\n type: string\n password:\n type: string\n path:\n type: string\n url:\n type: string\n username:\n type: string\n required:\n - path\n - url\n type: object\n GitCommitInfo:\n properties:\n author:\n type: string\n email:\n type: string\n hash:\n type: string\n message:\n type: string\n timestamp:\n type: string\n required:\n - author\n - email\n - hash\n - message\n - timestamp\n type: object\n GitCommitRequest:\n properties:\n allow_empty:\n type: boolean\n author:\n type: string\n email:\n type: string\n message:\n type: string\n path:\n type: string\n required:\n - author\n - email\n - message\n - path\n type: object\n GitCommitResponse:\n properties:\n hash:\n type: string\n required:\n - hash\n type: object\n GitRepoRequest:\n properties:\n password:\n type: string\n path:\n type: string\n username:\n type: string\n required:\n - path\n type: object\n GitStatus:\n properties:\n ahead:\n type: integer\n behind:\n type: integer\n branchPublished:\n type: boolean\n currentBranch:\n type: string\n fileStatus:\n items:\n $ref: '#/definitions/FileStatus'\n type: array\n required:\n - currentBranch\n - fileStatus\n type: object\n InitializeRequest:\n properties:\n token:\n type: string\n required:\n - token\n type: object\n InterpreterContext:\n properties:\n active:\n type: boolean\n createdAt:\n type: string\n cwd:\n type: string\n id:\n type: string\n language:\n type: string\n required:\n - active\n - createdAt\n - cwd\n - id\n - language\n type: object\n IsPortInUseResponse:\n properties:\n isInUse:\n type: boolean\n type: object\n KeyboardHotkeyRequest:\n properties:\n keys:\n description: e.g., \"ctrl+c\", \"cmd+v\"\n type: string\n type: object\n KeyboardPressRequest:\n properties:\n key:\n type: string\n modifiers:\n description: ctrl, alt, shift, cmd\n items:\n type: string\n type: array\n type: object\n KeyboardTypeRequest:\n properties:\n delay:\n description: milliseconds between keystrokes\n type: integer\n text:\n type: string\n type: object\n ListBranchResponse:\n properties:\n branches:\n items:\n type: string\n type: array\n required:\n - branches\n type: object\n ListContextsResponse:\n properties:\n contexts:\n items:\n $ref: '#/definitions/InterpreterContext'\n type: array\n required:\n - contexts\n type: object\n ListRecordingsResponse:\n properties:\n recordings:\n items:\n $ref: '#/definitions/Recording'\n type: array\n required:\n - recordings\n type: object\n LspCompletionParams:\n properties:\n context:\n $ref: '#/definitions/CompletionContext'\n languageId:\n type: string\n pathToProject:\n type: string\n position:\n $ref: '#/definitions/LspPosition'\n uri:\n type: string\n required:\n - languageId\n - pathToProject\n - position\n - uri\n type: object\n LspDocumentRequest:\n properties:\n languageId:\n type: string\n pathToProject:\n type: string\n uri:\n type: string\n required:\n - languageId\n - pathToProject\n - uri\n type: object\n LspLocation:\n properties:\n range:\n $ref: '#/definitions/LspRange'\n uri:\n type: string\n required:\n - range\n - uri\n type: object\n LspPosition:\n properties:\n character:\n type: integer\n line:\n type: integer\n required:\n - character\n - line\n type: object\n LspRange:\n properties:\n end:\n $ref: '#/definitions/LspPosition'\n start:\n $ref: '#/definitions/LspPosition'\n required:\n - end\n - start\n type: object\n LspServerRequest:\n properties:\n languageId:\n type: string\n pathToProject:\n type: string\n required:\n - languageId\n - pathToProject\n type: object\n LspSymbol:\n properties:\n kind:\n type: integer\n location:\n $ref: '#/definitions/LspLocation'\n name:\n type: string\n required:\n - kind\n - location\n - name\n type: object\n Match:\n properties:\n content:\n type: string\n file:\n type: string\n line:\n type: integer\n required:\n - content\n - file\n - line\n type: object\n MouseClickRequest:\n properties:\n button:\n description: left, right, middle\n type: string\n double:\n type: boolean\n x:\n type: integer\n 'y':\n type: integer\n type: object\n MouseClickResponse:\n properties:\n x:\n type: integer\n 'y':\n type: integer\n type: object\n MouseDragRequest:\n properties:\n button:\n type: string\n endX:\n type: integer\n endY:\n type: integer\n startX:\n type: integer\n startY:\n type: integer\n type: object\n MouseDragResponse:\n properties:\n x:\n type: integer\n 'y':\n type: integer\n type: object\n MouseMoveRequest:\n properties:\n x:\n type: integer\n 'y':\n type: integer\n type: object\n MousePositionResponse:\n properties:\n x:\n type: integer\n 'y':\n type: integer\n type: object\n MouseScrollRequest:\n properties:\n amount:\n type: integer\n direction:\n description: up, down\n type: string\n x:\n type: integer\n 'y':\n type: integer\n type: object\n PortList:\n properties:\n ports:\n items:\n type: integer\n type: array\n type: object\n Position:\n properties:\n x:\n type: integer\n 'y':\n type: integer\n type: object\n ProcessErrorsResponse:\n properties:\n errors:\n type: string\n processName:\n type: string\n type: object\n ProcessLogsResponse:\n properties:\n logs:\n type: string\n processName:\n type: string\n type: object\n ProcessRestartResponse:\n properties:\n message:\n type: string\n processName:\n type: string\n type: object\n ProcessStatus:\n properties:\n autoRestart:\n type: boolean\n pid:\n type: integer\n priority:\n type: integer\n running:\n type: boolean\n type: object\n ProcessStatusResponse:\n properties:\n processName:\n type: string\n running:\n type: boolean\n type: object\n PtyCreateRequest:\n properties:\n cols:\n type: integer\n cwd:\n type: string\n envs:\n additionalProperties:\n type: string\n type: object\n id:\n type: string\n lazyStart:\n description: Don't start PTY until first client connects\n type: boolean\n rows:\n type: integer\n type: object\n PtyCreateResponse:\n properties:\n sessionId:\n type: string\n required:\n - sessionId\n type: object\n PtyListResponse:\n properties:\n sessions:\n items:\n $ref: '#/definitions/PtySessionInfo'\n type: array\n required:\n - sessions\n type: object\n PtyResizeRequest:\n properties:\n cols:\n maximum: 1000\n minimum: 1\n type: integer\n rows:\n maximum: 1000\n minimum: 1\n type: integer\n required:\n - cols\n - rows\n type: object\n PtySessionInfo:\n properties:\n active:\n type: boolean\n cols:\n type: integer\n createdAt:\n type: string\n cwd:\n type: string\n envs:\n additionalProperties:\n type: string\n type: object\n id:\n type: string\n lazyStart:\n description: Whether this session uses lazy start\n type: boolean\n rows:\n type: integer\n required:\n - active\n - cols\n - createdAt\n - cwd\n - envs\n - id\n - lazyStart\n - rows\n type: object\n Recording:\n properties:\n durationSeconds:\n type: number\n endTime:\n type: string\n fileName:\n type: string\n filePath:\n type: string\n id:\n type: string\n sizeBytes:\n type: integer\n startTime:\n type: string\n status:\n type: string\n required:\n - fileName\n - filePath\n - id\n - startTime\n - status\n type: object\n ReplaceRequest:\n properties:\n files:\n items:\n type: string\n type: array\n newValue:\n type: string\n pattern:\n type: string\n required:\n - files\n - newValue\n - pattern\n type: object\n ReplaceResult:\n properties:\n error:\n type: string\n file:\n type: string\n success:\n type: boolean\n type: object\n ScreenshotResponse:\n properties:\n cursorPosition:\n $ref: '#/definitions/Position'\n screenshot:\n type: string\n sizeBytes:\n type: integer\n type: object\n ScrollResponse:\n properties:\n success:\n type: boolean\n type: object\n SearchFilesResponse:\n properties:\n files:\n items:\n type: string\n type: array\n required:\n - files\n type: object\n Session:\n properties:\n commands:\n items:\n $ref: '#/definitions/Command'\n type: array\n sessionId:\n type: string\n required:\n - commands\n - sessionId\n type: object\n SessionExecuteRequest:\n properties:\n async:\n type: boolean\n command:\n type: string\n runAsync:\n type: boolean\n suppressInputEcho:\n type: boolean\n required:\n - command\n type: object\n SessionExecuteResponse:\n properties:\n cmdId:\n type: string\n exitCode:\n type: integer\n output:\n type: string\n stderr:\n type: string\n stdout:\n type: string\n required:\n - cmdId\n type: object\n SessionSendInputRequest:\n properties:\n data:\n type: string\n required:\n - data\n type: object\n StartRecordingRequest:\n properties:\n label:\n type: string\n type: object\n Status:\n enum:\n - Unmodified\n - Untracked\n - Modified\n - Added\n - Deleted\n - Renamed\n - Copied\n - Updated but unmerged\n type: string\n x-enum-varnames:\n - Unmodified\n - Untracked\n - Modified\n - Added\n - Deleted\n - Renamed\n - Copied\n - UpdatedButUnmerged\n StopRecordingRequest:\n properties:\n id:\n type: string\n required:\n - id\n type: object\n UserHomeDirResponse:\n properties:\n dir:\n type: string\n required:\n - dir\n type: object\n WindowInfo:\n properties:\n height:\n type: integer\n id:\n type: integer\n isActive:\n type: boolean\n title:\n type: string\n width:\n type: integer\n x:\n type: integer\n 'y':\n type: integer\n type: object\n WindowsResponse:\n properties:\n windows:\n items:\n $ref: '#/definitions/WindowInfo'\n type: array\n type: object\n WorkDirResponse:\n properties:\n dir:\n type: string\n required:\n - dir\n type: object\n gin.H:\n additionalProperties: {}\n type: object\n git.GitDeleteBranchRequest:\n properties:\n name:\n type: string\n path:\n type: string\n required:\n - name\n - path\n type: object\ninfo:\n contact: {}\n description: Daytona Toolbox API\n title: Daytona Toolbox API\n version: v0.0.0-dev\npaths:\n /computeruse/display/info:\n get:\n description: Get information about all available displays\n operationId: GetDisplayInfo\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/DisplayInfoResponse'\n summary: Get display information\n tags:\n - computer-use\n /computeruse/display/windows:\n get:\n description: Get information about all open windows\n operationId: GetWindows\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/WindowsResponse'\n summary: Get windows information\n tags:\n - computer-use\n /computeruse/keyboard/hotkey:\n post:\n consumes:\n - application/json\n description: Press a hotkey combination (e.g., ctrl+c, cmd+v)\n operationId: PressHotkey\n parameters:\n - description: Hotkey press request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/KeyboardHotkeyRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/Empty'\n summary: Press hotkey\n tags:\n - computer-use\n /computeruse/keyboard/key:\n post:\n consumes:\n - application/json\n description: Press a key with optional modifiers\n operationId: PressKey\n parameters:\n - description: Key press request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/KeyboardPressRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/Empty'\n summary: Press key\n tags:\n - computer-use\n /computeruse/keyboard/type:\n post:\n consumes:\n - application/json\n description: Type text with optional delay between keystrokes\n operationId: TypeText\n parameters:\n - description: Text typing request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/KeyboardTypeRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/Empty'\n summary: Type text\n tags:\n - computer-use\n /computeruse/mouse/click:\n post:\n consumes:\n - application/json\n description: Click the mouse button at the specified coordinates\n operationId: Click\n parameters:\n - description: Mouse click request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/MouseClickRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/MouseClickResponse'\n summary: Click mouse button\n tags:\n - computer-use\n /computeruse/mouse/drag:\n post:\n consumes:\n - application/json\n description: Drag the mouse from start to end coordinates\n operationId: Drag\n parameters:\n - description: Mouse drag request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/MouseDragRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/MouseDragResponse'\n summary: Drag mouse\n tags:\n - computer-use\n /computeruse/mouse/move:\n post:\n consumes:\n - application/json\n description: Move the mouse cursor to the specified coordinates\n operationId: MoveMouse\n parameters:\n - description: Mouse move request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/MouseMoveRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/MousePositionResponse'\n summary: Move mouse cursor\n tags:\n - computer-use\n /computeruse/mouse/position:\n get:\n description: Get the current mouse cursor position\n operationId: GetMousePosition\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/MousePositionResponse'\n summary: Get mouse position\n tags:\n - computer-use\n /computeruse/mouse/scroll:\n post:\n consumes:\n - application/json\n description: Scroll the mouse wheel at the specified coordinates\n operationId: Scroll\n parameters:\n - description: Mouse scroll request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/MouseScrollRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ScrollResponse'\n summary: Scroll mouse wheel\n tags:\n - computer-use\n /computeruse/process-status:\n get:\n description: Get the status of all computer use processes\n operationId: GetComputerUseStatus\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ComputerUseStatusResponse'\n summary: Get computer use process status\n tags:\n - computer-use\n /computeruse/process/{processName}/errors:\n get:\n description: Get errors for a specific computer use process\n operationId: GetProcessErrors\n parameters:\n - description: Process name to get errors for\n in: path\n name: processName\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ProcessErrorsResponse'\n summary: Get process errors\n tags:\n - computer-use\n /computeruse/process/{processName}/logs:\n get:\n description: Get logs for a specific computer use process\n operationId: GetProcessLogs\n parameters:\n - description: Process name to get logs for\n in: path\n name: processName\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ProcessLogsResponse'\n summary: Get process logs\n tags:\n - computer-use\n /computeruse/process/{processName}/restart:\n post:\n description: Restart a specific computer use process\n operationId: RestartProcess\n parameters:\n - description: Process name to restart\n in: path\n name: processName\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ProcessRestartResponse'\n summary: Restart specific process\n tags:\n - computer-use\n /computeruse/process/{processName}/status:\n get:\n description: Check if a specific computer use process is running\n operationId: GetProcessStatus\n parameters:\n - description: Process name to check\n in: path\n name: processName\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ProcessStatusResponse'\n summary: Get specific process status\n tags:\n - computer-use\n /computeruse/recordings:\n get:\n description: Get a list of all recordings (active and completed)\n operationId: ListRecordings\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ListRecordingsResponse'\n '500':\n description: Internal Server Error\n schema:\n additionalProperties:\n type: string\n type: object\n summary: List all recordings\n tags:\n - computer-use\n /computeruse/recordings/{id}:\n delete:\n description: Delete a recording file by ID\n operationId: DeleteRecording\n parameters:\n - description: Recording ID\n in: path\n name: id\n required: true\n type: string\n responses:\n '204':\n description: No Content\n '400':\n description: Bad Request\n schema:\n additionalProperties:\n type: string\n type: object\n '404':\n description: Not Found\n schema:\n additionalProperties:\n type: string\n type: object\n '500':\n description: Internal Server Error\n schema:\n additionalProperties:\n type: string\n type: object\n summary: Delete a recording\n tags:\n - computer-use\n get:\n description: Get details of a specific recording by ID\n operationId: GetRecording\n parameters:\n - description: Recording ID\n in: path\n name: id\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/Recording'\n '404':\n description: Not Found\n schema:\n additionalProperties:\n type: string\n type: object\n '500':\n description: Internal Server Error\n schema:\n additionalProperties:\n type: string\n type: object\n summary: Get recording details\n tags:\n - computer-use\n /computeruse/recordings/{id}/download:\n get:\n description: Download a recording by providing its ID\n operationId: DownloadRecording\n parameters:\n - description: Recording ID\n in: path\n name: id\n required: true\n type: string\n produces:\n - application/octet-stream\n responses:\n '200':\n description: OK\n schema:\n type: file\n '404':\n description: Not Found\n schema:\n additionalProperties:\n type: string\n type: object\n '500':\n description: Internal Server Error\n schema:\n additionalProperties:\n type: string\n type: object\n summary: Download a recording\n tags:\n - computer-use\n /computeruse/recordings/start:\n post:\n consumes:\n - application/json\n description: Start a new screen recording session\n operationId: StartRecording\n parameters:\n - description: Recording options\n in: body\n name: request\n schema:\n $ref: '#/definitions/StartRecordingRequest'\n produces:\n - application/json\n responses:\n '201':\n description: Created\n schema:\n $ref: '#/definitions/Recording'\n '400':\n description: Bad Request\n schema:\n additionalProperties:\n type: string\n type: object\n '500':\n description: Internal Server Error\n schema:\n additionalProperties:\n type: string\n type: object\n summary: Start a new recording\n tags:\n - computer-use\n /computeruse/recordings/stop:\n post:\n consumes:\n - application/json\n description: Stop an active screen recording session\n operationId: StopRecording\n parameters:\n - description: Recording ID to stop\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/StopRecordingRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/Recording'\n '400':\n description: Bad Request\n schema:\n additionalProperties:\n type: string\n type: object\n '404':\n description: Not Found\n schema:\n additionalProperties:\n type: string\n type: object\n summary: Stop a recording\n tags:\n - computer-use\n /computeruse/screenshot:\n get:\n description: Take a screenshot of the entire screen\n operationId: TakeScreenshot\n parameters:\n - description: Whether to show cursor in screenshot\n in: query\n name: showCursor\n type: boolean\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ScreenshotResponse'\n summary: Take a screenshot\n tags:\n - computer-use\n /computeruse/screenshot/compressed:\n get:\n description: Take a compressed screenshot of the entire screen\n operationId: TakeCompressedScreenshot\n parameters:\n - description: Whether to show cursor in screenshot\n in: query\n name: showCursor\n type: boolean\n - description: Image format (png or jpeg)\n in: query\n name: format\n type: string\n - description: JPEG quality (1-100)\n in: query\n name: quality\n type: integer\n - description: Scale factor (0.1-1.0)\n in: query\n name: scale\n type: number\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ScreenshotResponse'\n summary: Take a compressed screenshot\n tags:\n - computer-use\n /computeruse/screenshot/region:\n get:\n description: Take a screenshot of a specific region of the screen\n operationId: TakeRegionScreenshot\n parameters:\n - description: X coordinate of the region\n in: query\n name: x\n required: true\n type: integer\n - description: Y coordinate of the region\n in: query\n name: 'y'\n required: true\n type: integer\n - description: Width of the region\n in: query\n name: width\n required: true\n type: integer\n - description: Height of the region\n in: query\n name: height\n required: true\n type: integer\n - description: Whether to show cursor in screenshot\n in: query\n name: showCursor\n type: boolean\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ScreenshotResponse'\n summary: Take a region screenshot\n tags:\n - computer-use\n /computeruse/screenshot/region/compressed:\n get:\n description: Take a compressed screenshot of a specific region of the screen\n operationId: TakeCompressedRegionScreenshot\n parameters:\n - description: X coordinate of the region\n in: query\n name: x\n required: true\n type: integer\n - description: Y coordinate of the region\n in: query\n name: 'y'\n required: true\n type: integer\n - description: Width of the region\n in: query\n name: width\n required: true\n type: integer\n - description: Height of the region\n in: query\n name: height\n required: true\n type: integer\n - description: Whether to show cursor in screenshot\n in: query\n name: showCursor\n type: boolean\n - description: Image format (png or jpeg)\n in: query\n name: format\n type: string\n - description: JPEG quality (1-100)\n in: query\n name: quality\n type: integer\n - description: Scale factor (0.1-1.0)\n in: query\n name: scale\n type: number\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ScreenshotResponse'\n summary: Take a compressed region screenshot\n tags:\n - computer-use\n /computeruse/start:\n post:\n description: Start all computer use processes and return their status\n operationId: StartComputerUse\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ComputerUseStartResponse'\n summary: Start computer use processes\n tags:\n - computer-use\n /computeruse/status:\n get:\n description: Get the current status of the computer use system\n operationId: GetComputerUseSystemStatus\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ComputerUseStatusResponse'\n summary: Get computer use status\n tags:\n - computer-use\n /computeruse/stop:\n post:\n description: Stop all computer use processes and return their status\n operationId: StopComputerUse\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ComputerUseStopResponse'\n summary: Stop computer use processes\n tags:\n - computer-use\n /files:\n delete:\n description: Delete a file or directory at the specified path\n operationId: DeleteFile\n parameters:\n - description: File or directory path to delete\n in: query\n name: path\n required: true\n type: string\n - description: Enable recursive deletion for directories\n in: query\n name: recursive\n type: boolean\n responses:\n '204':\n description: No Content\n summary: Delete a file or directory\n tags:\n - file-system\n get:\n description: List files and directories in the specified path\n operationId: ListFiles\n parameters:\n - description: Directory path to list (defaults to working directory)\n in: query\n name: path\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n items:\n $ref: '#/definitions/FileInfo'\n type: array\n summary: List files and directories\n tags:\n - file-system\n /files/bulk-download:\n post:\n consumes:\n - application/json\n description: Download multiple files by providing their paths\n operationId: DownloadFiles\n parameters:\n - description: Paths of files to download\n in: body\n name: downloadFiles\n required: true\n schema:\n $ref: '#/definitions/FilesDownloadRequest'\n produces:\n - multipart/form-data\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/gin.H'\n summary: Download multiple files\n tags:\n - file-system\n /files/bulk-upload:\n post:\n consumes:\n - multipart/form-data\n description: Upload multiple files with their destination paths\n operationId: UploadFiles\n responses:\n '200':\n description: OK\n summary: Upload multiple files\n tags:\n - file-system\n /files/download:\n get:\n description: Download a file by providing its path\n operationId: DownloadFile\n parameters:\n - description: File path to download\n in: query\n name: path\n required: true\n type: string\n produces:\n - application/octet-stream\n responses:\n '200':\n description: OK\n schema:\n type: file\n summary: Download a file\n tags:\n - file-system\n /files/find:\n get:\n description: Search for text pattern within files in a directory\n operationId: FindInFiles\n parameters:\n - description: Directory path to search in\n in: query\n name: path\n required: true\n type: string\n - description: Text pattern to search for\n in: query\n name: pattern\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n items:\n $ref: '#/definitions/Match'\n type: array\n summary: Find text in files\n tags:\n - file-system\n /files/folder:\n post:\n consumes:\n - application/json\n description: Create a folder with the specified path and optional permissions\n operationId: CreateFolder\n parameters:\n - description: Folder path to create\n in: query\n name: path\n required: true\n type: string\n - description: 'Octal permission mode (default: 0755)'\n in: query\n name: mode\n required: true\n type: string\n responses:\n '201':\n description: Created\n summary: Create a folder\n tags:\n - file-system\n /files/info:\n get:\n description: Get detailed information about a file or directory\n operationId: GetFileInfo\n parameters:\n - description: File or directory path\n in: query\n name: path\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/FileInfo'\n summary: Get file information\n tags:\n - file-system\n /files/move:\n post:\n description: Move or rename a file or directory from source to destination\n operationId: MoveFile\n parameters:\n - description: Source file or directory path\n in: query\n name: source\n required: true\n type: string\n - description: Destination file or directory path\n in: query\n name: destination\n required: true\n type: string\n responses:\n '200':\n description: OK\n summary: Move or rename file/directory\n tags:\n - file-system\n /files/permissions:\n post:\n description: Set file permissions, ownership, and group for a file or directory\n operationId: SetFilePermissions\n parameters:\n - description: File or directory path\n in: query\n name: path\n required: true\n type: string\n - description: Owner (username or UID)\n in: query\n name: owner\n type: string\n - description: Group (group name or GID)\n in: query\n name: group\n type: string\n - description: File mode in octal format (e.g., 0755)\n in: query\n name: mode\n type: string\n responses:\n '200':\n description: OK\n summary: Set file permissions\n tags:\n - file-system\n /files/replace:\n post:\n consumes:\n - application/json\n description: Replace text pattern with new value in multiple files\n operationId: ReplaceInFiles\n parameters:\n - description: Replace request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/ReplaceRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n items:\n $ref: '#/definitions/ReplaceResult'\n type: array\n summary: Replace text in files\n tags:\n - file-system\n /files/search:\n get:\n description: Search for files matching a specific pattern in a directory\n operationId: SearchFiles\n parameters:\n - description: Directory path to search in\n in: query\n name: path\n required: true\n type: string\n - description: File pattern to match (e.g., *.txt, *.go)\n in: query\n name: pattern\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/SearchFilesResponse'\n summary: Search files by pattern\n tags:\n - file-system\n /files/upload:\n post:\n consumes:\n - multipart/form-data\n description: Upload a file to the specified path\n operationId: UploadFile\n parameters:\n - description: Destination path for the uploaded file\n in: query\n name: path\n required: true\n type: string\n - description: File to upload\n in: formData\n name: file\n required: true\n type: file\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/gin.H'\n summary: Upload a file\n tags:\n - file-system\n /git/add:\n post:\n consumes:\n - application/json\n description: Add files to the Git staging area\n operationId: AddFiles\n parameters:\n - description: Add files request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/GitAddRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n summary: Add files to Git staging\n tags:\n - git\n /git/branches:\n delete:\n consumes:\n - application/json\n description: Delete a branch from the Git repository\n operationId: DeleteBranch\n parameters:\n - description: Delete branch request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/git.GitDeleteBranchRequest'\n produces:\n - application/json\n responses:\n '204':\n description: No Content\n summary: Delete a branch\n tags:\n - git\n get:\n description: Get a list of all branches in the Git repository\n operationId: ListBranches\n parameters:\n - description: Repository path\n in: query\n name: path\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ListBranchResponse'\n summary: List branches\n tags:\n - git\n post:\n consumes:\n - application/json\n description: Create a new branch in the Git repository\n operationId: CreateBranch\n parameters:\n - description: Create branch request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/GitBranchRequest'\n produces:\n - application/json\n responses:\n '201':\n description: Created\n summary: Create a new branch\n tags:\n - git\n /git/checkout:\n post:\n consumes:\n - application/json\n description: Switch to a different branch or commit in the Git repository\n operationId: CheckoutBranch\n parameters:\n - description: Checkout request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/GitCheckoutRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n summary: Checkout branch or commit\n tags:\n - git\n /git/clone:\n post:\n consumes:\n - application/json\n description: Clone a Git repository to the specified path\n operationId: CloneRepository\n parameters:\n - description: Clone repository request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/GitCloneRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n summary: Clone a Git repository\n tags:\n - git\n /git/commit:\n post:\n consumes:\n - application/json\n description: Commit staged changes to the Git repository\n operationId: CommitChanges\n parameters:\n - description: Commit request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/GitCommitRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/GitCommitResponse'\n summary: Commit changes\n tags:\n - git\n /git/history:\n get:\n description: Get the commit history of the Git repository\n operationId: GetCommitHistory\n parameters:\n - description: Repository path\n in: query\n name: path\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n items:\n $ref: '#/definitions/GitCommitInfo'\n type: array\n summary: Get commit history\n tags:\n - git\n /git/pull:\n post:\n consumes:\n - application/json\n description: Pull changes from the remote Git repository\n operationId: PullChanges\n parameters:\n - description: Pull request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/GitRepoRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n summary: Pull changes from remote\n tags:\n - git\n /git/push:\n post:\n consumes:\n - application/json\n description: Push local changes to the remote Git repository\n operationId: PushChanges\n parameters:\n - description: Push request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/GitRepoRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n summary: Push changes to remote\n tags:\n - git\n /git/status:\n get:\n description: Get the Git status of the repository at the specified path\n operationId: GetStatus\n parameters:\n - description: Repository path\n in: query\n name: path\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/GitStatus'\n summary: Get Git status\n tags:\n - git\n /init:\n post:\n description: Set the auth token and initialize telemetry for the toolbox server\n operationId: Initialize\n parameters:\n - description: Initialization request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/InitializeRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n additionalProperties:\n type: string\n type: object\n summary: Initialize toolbox server\n tags:\n - server\n /lsp/completions:\n post:\n consumes:\n - application/json\n description: Get code completion suggestions from the LSP server\n operationId: Completions\n parameters:\n - description: Completion request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/LspCompletionParams'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/CompletionList'\n summary: Get code completions\n tags:\n - lsp\n /lsp/did-close:\n post:\n consumes:\n - application/json\n description: Notify the LSP server that a document has been closed\n operationId: DidClose\n parameters:\n - description: Document request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/LspDocumentRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n summary: Notify document closed\n tags:\n - lsp\n /lsp/did-open:\n post:\n consumes:\n - application/json\n description: Notify the LSP server that a document has been opened\n operationId: DidOpen\n parameters:\n - description: Document request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/LspDocumentRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n summary: Notify document opened\n tags:\n - lsp\n /lsp/document-symbols:\n get:\n description: Get symbols (functions, classes, etc.) from a document\n operationId: DocumentSymbols\n parameters:\n - description: Language ID (e.g., python, typescript)\n in: query\n name: languageId\n required: true\n type: string\n - description: Path to project\n in: query\n name: pathToProject\n required: true\n type: string\n - description: Document URI\n in: query\n name: uri\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n items:\n $ref: '#/definitions/LspSymbol'\n type: array\n summary: Get document symbols\n tags:\n - lsp\n /lsp/start:\n post:\n consumes:\n - application/json\n description: Start a Language Server Protocol server for the specified language\n operationId: Start\n parameters:\n - description: LSP server request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/LspServerRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n summary: Start LSP server\n tags:\n - lsp\n /lsp/stop:\n post:\n consumes:\n - application/json\n description: Stop a Language Server Protocol server\n operationId: Stop\n parameters:\n - description: LSP server request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/LspServerRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n summary: Stop LSP server\n tags:\n - lsp\n /lsp/workspacesymbols:\n get:\n description: Search for symbols across the entire workspace\n operationId: WorkspaceSymbols\n parameters:\n - description: Search query\n in: query\n name: query\n required: true\n type: string\n - description: Language ID (e.g., python, typescript)\n in: query\n name: languageId\n required: true\n type: string\n - description: Path to project\n in: query\n name: pathToProject\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n items:\n $ref: '#/definitions/LspSymbol'\n type: array\n summary: Get workspace symbols\n tags:\n - lsp\n /port:\n get:\n description: Get a list of all currently active ports\n operationId: GetPorts\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/PortList'\n summary: Get active ports\n tags:\n - port\n /port/{port}/in-use:\n get:\n description: Check if a specific port is currently in use\n operationId: IsPortInUse\n parameters:\n - description: Port number (3000-9999)\n in: path\n name: port\n required: true\n type: integer\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/IsPortInUseResponse'\n summary: Check if port is in use\n tags:\n - port\n /process/execute:\n post:\n consumes:\n - application/json\n description: Execute a shell command and return the output and exit code\n operationId: ExecuteCommand\n parameters:\n - description: Command execution request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/ExecuteRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ExecuteResponse'\n summary: Execute a command\n tags:\n - process\n /process/interpreter/context:\n get:\n description: Returns information about all user-created interpreter contexts\n (excludes default context)\n operationId: ListInterpreterContexts\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/ListContextsResponse'\n summary: List all user-created interpreter contexts\n tags:\n - interpreter\n post:\n consumes:\n - application/json\n description: Creates a new isolated interpreter context with optional working\n directory and language\n operationId: CreateInterpreterContext\n parameters:\n - description: Context configuration\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/CreateContextRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/InterpreterContext'\n '400':\n description: Bad Request\n schema:\n additionalProperties:\n type: string\n type: object\n '500':\n description: Internal Server Error\n schema:\n additionalProperties:\n type: string\n type: object\n summary: Create a new interpreter context\n tags:\n - interpreter\n /process/interpreter/context/{id}:\n delete:\n description: Deletes an interpreter context and shuts down its worker process\n operationId: DeleteInterpreterContext\n parameters:\n - description: Context ID\n in: path\n name: id\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n additionalProperties:\n type: string\n type: object\n '400':\n description: Bad Request\n schema:\n additionalProperties:\n type: string\n type: object\n '404':\n description: Not Found\n schema:\n additionalProperties:\n type: string\n type: object\n summary: Delete an interpreter context\n tags:\n - interpreter\n /process/interpreter/execute:\n get:\n consumes:\n - application/json\n description: Executes code in a specified context (or default context if not\n specified) via WebSocket streaming\n operationId: ExecuteInterpreterCode\n produces:\n - application/json\n responses:\n '101':\n description: Switching Protocols\n headers:\n Connection:\n description: Upgrade\n type: string\n Upgrade:\n description: websocket\n type: string\n schema:\n type: string\n summary: Execute code in an interpreter context\n tags:\n - interpreter\n /process/pty:\n get:\n description: Get a list of all active pseudo-terminal sessions\n operationId: ListPtySessions\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/PtyListResponse'\n summary: List all PTY sessions\n tags:\n - process\n post:\n consumes:\n - application/json\n description: Create a new pseudo-terminal session with specified configuration\n operationId: CreatePtySession\n parameters:\n - description: PTY session creation request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/PtyCreateRequest'\n produces:\n - application/json\n responses:\n '201':\n description: Created\n schema:\n $ref: '#/definitions/PtyCreateResponse'\n summary: Create a new PTY session\n tags:\n - process\n /process/pty/{sessionId}:\n delete:\n description: Delete a pseudo-terminal session and terminate its process\n operationId: DeletePtySession\n parameters:\n - description: PTY session ID\n in: path\n name: sessionId\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/gin.H'\n summary: Delete a PTY session\n tags:\n - process\n get:\n description: Get detailed information about a specific pseudo-terminal session\n operationId: GetPtySession\n parameters:\n - description: PTY session ID\n in: path\n name: sessionId\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/PtySessionInfo'\n summary: Get PTY session information\n tags:\n - process\n /process/pty/{sessionId}/connect:\n get:\n description: Establish a WebSocket connection to interact with a pseudo-terminal\n session\n operationId: ConnectPtySession\n parameters:\n - description: PTY session ID\n in: path\n name: sessionId\n required: true\n type: string\n responses:\n '101':\n description: Switching Protocols - WebSocket connection established\n summary: Connect to PTY session via WebSocket\n tags:\n - process\n /process/pty/{sessionId}/resize:\n post:\n consumes:\n - application/json\n description: Resize the terminal dimensions of a pseudo-terminal session\n operationId: ResizePtySession\n parameters:\n - description: PTY session ID\n in: path\n name: sessionId\n required: true\n type: string\n - description: Resize request with new dimensions\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/PtyResizeRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/PtySessionInfo'\n summary: Resize a PTY session\n tags:\n - process\n /process/session:\n get:\n description: Get a list of all active shell sessions\n operationId: ListSessions\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n items:\n $ref: '#/definitions/Session'\n type: array\n summary: List all sessions\n tags:\n - process\n post:\n consumes:\n - application/json\n description: Create a new shell session for command execution\n operationId: CreateSession\n parameters:\n - description: Session creation request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/CreateSessionRequest'\n produces:\n - application/json\n responses:\n '201':\n description: Created\n summary: Create a new session\n tags:\n - process\n /process/session/{sessionId}:\n delete:\n description: Delete an existing shell session\n operationId: DeleteSession\n parameters:\n - description: Session ID\n in: path\n name: sessionId\n required: true\n type: string\n responses:\n '204':\n description: No Content\n summary: Delete a session\n tags:\n - process\n get:\n description: Get details of a specific session including its commands\n operationId: GetSession\n parameters:\n - description: Session ID\n in: path\n name: sessionId\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/Session'\n summary: Get session details\n tags:\n - process\n /process/session/{sessionId}/command/{commandId}:\n get:\n description: Get details of a specific command within a session\n operationId: GetSessionCommand\n parameters:\n - description: Session ID\n in: path\n name: sessionId\n required: true\n type: string\n - description: Command ID\n in: path\n name: commandId\n required: true\n type: string\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/Command'\n summary: Get session command details\n tags:\n - process\n /process/session/{sessionId}/command/{commandId}/input:\n post:\n consumes:\n - application/json\n description: Send input data to a running command in a session for interactive\n execution\n operationId: SendInput\n parameters:\n - description: Session ID\n in: path\n name: sessionId\n required: true\n type: string\n - description: Command ID\n in: path\n name: commandId\n required: true\n type: string\n - description: Input send request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/SessionSendInputRequest'\n responses:\n '204':\n description: No Content\n summary: Send input to command\n tags:\n - process\n /process/session/{sessionId}/command/{commandId}/logs:\n get:\n description: Get logs for a specific command within a session. Supports both\n HTTP and WebSocket streaming.\n operationId: GetSessionCommandLogs\n parameters:\n - description: Session ID\n in: path\n name: sessionId\n required: true\n type: string\n - description: Command ID\n in: path\n name: commandId\n required: true\n type: string\n - description: Follow logs in real-time (WebSocket only)\n in: query\n name: follow\n type: boolean\n produces:\n - text/plain\n responses:\n '200':\n description: Log content\n schema:\n type: string\n summary: Get session command logs\n tags:\n - process\n /process/session/{sessionId}/exec:\n post:\n consumes:\n - application/json\n description: Execute a command within an existing shell session\n operationId: SessionExecuteCommand\n parameters:\n - description: Session ID\n in: path\n name: sessionId\n required: true\n type: string\n - description: Command execution request\n in: body\n name: request\n required: true\n schema:\n $ref: '#/definitions/SessionExecuteRequest'\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/SessionExecuteResponse'\n '202':\n description: Accepted\n schema:\n $ref: '#/definitions/SessionExecuteResponse'\n summary: Execute command in session\n tags:\n - process\n /process/session/entrypoint:\n get:\n description: Get details of an entrypoint session including its commands\n operationId: GetEntrypointSession\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/Session'\n summary: Get entrypoint session details\n tags:\n - process\n /process/session/entrypoint/logs:\n get:\n description: Get logs for a sandbox entrypoint session. Supports both HTTP and\n WebSocket streaming.\n operationId: GetEntrypointLogs\n parameters:\n - description: Follow logs in real-time (WebSocket only)\n in: query\n name: follow\n type: boolean\n produces:\n - text/plain\n responses:\n '200':\n description: Entrypoint log content\n schema:\n type: string\n summary: Get entrypoint logs\n tags:\n - process\n /user-home-dir:\n get:\n description: Get the current user home directory path.\n operationId: GetUserHomeDir\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/UserHomeDirResponse'\n summary: Get user home directory\n tags:\n - info\n /version:\n get:\n description: Get the current daemon version\n operationId: GetVersion\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n additionalProperties:\n type: string\n type: object\n summary: Get version\n tags:\n - info\n /work-dir:\n get:\n description: Get the current working directory path. This is default directory\n used for running commands.\n operationId: GetWorkDir\n produces:\n - application/json\n responses:\n '200':\n description: OK\n schema:\n $ref: '#/definitions/WorkDirResponse'\n summary: Get working directory\n tags:\n - info\nswagger: '2.0'\n" }, { "path": "apps/daemon/pkg/toolbox/fs/create_folder.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\t\"os\"\n\t\"strconv\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// CreateFolder godoc\n//\n//\t@Summary\t\tCreate a folder\n//\t@Description\tCreate a folder with the specified path and optional permissions\n//\t@Tags\t\t\tfile-system\n//\t@Accept\t\t\tjson\n//\t@Param\t\t\tpath\tquery\tstring\ttrue\t\"Folder path to create\"\n//\t@Param\t\t\tmode\tquery\tstring\ttrue\t\"Octal permission mode (default: 0755)\"\n//\t@Success\t\t201\n//\t@Router\t\t\t/files/folder [post]\n//\n//\t@id\t\t\t\tCreateFolder\nfunc CreateFolder(c *gin.Context) {\n\tpath := c.Query(\"path\")\n\tif path == \"\" {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"path is required\"))\n\t\treturn\n\t}\n\n\t// Get the permission mode from query params, default to 0755\n\tmode := c.Query(\"mode\")\n\tvar perm os.FileMode = 0755\n\tif mode != \"\" {\n\t\tmodeNum, err := strconv.ParseUint(mode, 8, 32)\n\t\tif err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"invalid mode format\"))\n\t\t\treturn\n\t\t}\n\t\tperm = os.FileMode(modeNum)\n\t}\n\n\tif err := os.MkdirAll(path, perm); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.Status(http.StatusCreated)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/fs/delete_file.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\t\"os\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// DeleteFile godoc\n//\n//\t@Summary\t\tDelete a file or directory\n//\t@Description\tDelete a file or directory at the specified path\n//\t@Tags\t\t\tfile-system\n//\t@Param\t\t\tpath\t\tquery\tstring\ttrue\t\"File or directory path to delete\"\n//\t@Param\t\t\trecursive\tquery\tboolean\tfalse\t\"Enable recursive deletion for directories\"\n//\t@Success\t\t204\n//\t@Router\t\t\t/files [delete]\n//\n//\t@id\t\t\t\tDeleteFile\nfunc DeleteFile(c *gin.Context) {\n\tpath := c.Query(\"path\")\n\tif path == \"\" {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"path is required\"))\n\t\treturn\n\t}\n\n\t// Check if recursive deletion is requested\n\trecursive := c.Query(\"recursive\") == \"true\"\n\n\t// Get file info to check if it's a directory\n\tinfo, err := os.Stat(path)\n\tif err != nil {\n\t\tif os.IsNotExist(err) {\n\t\t\tc.AbortWithError(http.StatusNotFound, err)\n\t\t\treturn\n\t\t}\n\t\tif os.IsPermission(err) {\n\t\t\tc.AbortWithError(http.StatusForbidden, err)\n\t\t\treturn\n\t\t}\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\t// If it's a directory and recursive flag is not set, return error\n\tif info.IsDir() && !recursive {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"cannot delete directory without recursive flag\"))\n\t\treturn\n\t}\n\n\tvar deleteErr error\n\tif recursive {\n\t\tdeleteErr = os.RemoveAll(path)\n\t} else {\n\t\tdeleteErr = os.Remove(path)\n\t}\n\n\tif deleteErr != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, deleteErr)\n\t\treturn\n\t}\n\n\tc.Status(http.StatusNoContent)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/fs/download_file.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// DownloadFile godoc\n//\n//\t@Summary\t\tDownload a file\n//\t@Description\tDownload a file by providing its path\n//\t@Tags\t\t\tfile-system\n//\t@Produce\t\toctet-stream\n//\t@Param\t\t\tpath\tquery\tstring\ttrue\t\"File path to download\"\n//\t@Success\t\t200\t\t{file}\tbinary\n//\t@Router\t\t\t/files/download [get]\n//\n//\t@id\t\t\t\tDownloadFile\nfunc DownloadFile(c *gin.Context) {\n\trequestedPath := c.Query(\"path\")\n\tif requestedPath == \"\" {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"path is required\"))\n\t\treturn\n\t}\n\n\tabsPath, err := filepath.Abs(requestedPath)\n\tif err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid path: %w\", err))\n\t\treturn\n\t}\n\n\tfileInfo, err := os.Stat(absPath)\n\tif err != nil {\n\t\tif os.IsNotExist(err) {\n\t\t\tc.AbortWithError(http.StatusNotFound, err)\n\t\t\treturn\n\t\t}\n\t\tif os.IsPermission(err) {\n\t\t\tc.AbortWithError(http.StatusForbidden, err)\n\t\t\treturn\n\t\t}\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tif fileInfo.IsDir() {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"path must be a file\"))\n\t\treturn\n\t}\n\n\tc.Header(\"Content-Description\", \"File Transfer\")\n\tc.Header(\"Content-Type\", \"application/octet-stream\")\n\tc.Header(\"Content-Disposition\", \"attachment; filename=\"+filepath.Base(absPath))\n\tc.Header(\"Content-Transfer-Encoding\", \"binary\")\n\tc.Header(\"Expires\", \"0\")\n\tc.Header(\"Cache-Control\", \"must-revalidate\")\n\tc.Header(\"Pragma\", \"public\")\n\n\tc.File(absPath)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/fs/download_files.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"io\"\n\t\"mime\"\n\t\"mime/multipart\"\n\t\"net/http\"\n\t\"net/textproto\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// Wraps an io.Writer and aborts writes if the context is canceled.\ntype ctxWriter struct {\n\tctx context.Context\n\tw io.Writer\n}\n\nfunc (cw *ctxWriter) Write(p []byte) (int, error) {\n\tselect {\n\tcase <-cw.ctx.Done():\n\t\treturn 0, cw.ctx.Err()\n\tdefault:\n\t}\n\treturn cw.w.Write(p)\n}\n\n// DownloadFiles godoc\n//\n//\t@Summary\t\tDownload multiple files\n//\t@Description\tDownload multiple files by providing their paths\n//\t@Tags\t\t\tfile-system\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tmultipart/form-data\n//\t@Param\t\t\tdownloadFiles\tbody\t\tFilesDownloadRequest\ttrue\t\"Paths of files to download\"\n//\t@Success\t\t200\t\t\t\t{object}\tgin.H\n//\t@Router\t\t\t/files/bulk-download [post]\n//\n//\t@id\t\t\t\tDownloadFiles\nfunc DownloadFiles(c *gin.Context) {\n\tvar req FilesDownloadRequest\n\tif err := c.BindJSON(&req); err != nil || len(req.Paths) == 0 {\n\t\tc.AbortWithStatusJSON(http.StatusBadRequest, gin.H{\n\t\t\t\"error\": \"request body must be {\\\"paths\\\": [ ... ]} and non-empty\",\n\t\t})\n\t\treturn\n\t}\n\n\tconst boundary = \"DAYTONA-FILE-BOUNDARY\"\n\tc.Status(http.StatusOK)\n\tc.Header(\"Content-Type\", fmt.Sprintf(\"multipart/form-data; boundary=%s\", boundary))\n\n\tmw := multipart.NewWriter(c.Writer)\n\tif err := mw.SetBoundary(boundary); err != nil {\n\t\tc.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{\n\t\t\t\"error\": \"failed to set multipart boundary\",\n\t\t})\n\t\treturn\n\t}\n\tdefer mw.Close() // ensure final boundary is written\n\n\tfor _, path := range req.Paths {\n\t\tif !fileExists(path) {\n\t\t\twriteErrorPart(c, mw, path, fmt.Sprintf(\"file not found or invalid: %s\", path))\n\t\t\tcontinue\n\t\t}\n\n\t\tf, err := os.Open(path)\n\t\tif err != nil {\n\t\t\twriteErrorPart(c, mw, path, fmt.Sprintf(\"error opening file: %v\", err))\n\t\t\tcontinue\n\t\t}\n\n\t\tif err := writeFilePart(c.Request.Context(), mw, path, f); err != nil {\n\t\t\twriteErrorPart(c, mw, path,\n\t\t\t\tfmt.Sprintf(\"error streaming file: %v\", err))\n\t\t}\n\t\tf.Close()\n\t}\n}\n\n// Streams a file part using io.Copy and respects context cancellation.\nfunc writeFilePart(ctx context.Context, mw *multipart.Writer, path string, r io.Reader) error {\n\tctype := mime.TypeByExtension(filepath.Ext(path))\n\tif ctype == \"\" {\n\t\tctype = \"application/octet-stream\"\n\t}\n\n\thdr := textproto.MIMEHeader{}\n\thdr.Set(\"Content-Type\", ctype)\n\thdr.Set(\"Content-Disposition\",\n\t\tfmt.Sprintf(`form-data; name=\"%s\"; filename=\"%s\"`, \"file\", path),\n\t)\n\n\tpart, err := mw.CreatePart(hdr)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// Wrap part with context-aware writer\n\tcw := &ctxWriter{ctx: ctx, w: part}\n\t_, err = io.Copy(cw, r)\n\treturn err\n}\n\n// Writes an error message as a multipart part.\nfunc writeErrorPart(ctx *gin.Context, mw *multipart.Writer, path, text string) {\n\thdr := textproto.MIMEHeader{}\n\thdr.Set(\"Content-Type\", \"text/plain; charset=utf-8\")\n\thdr.Set(\"Content-Disposition\",\n\t\tfmt.Sprintf(`form-data; name=\"%s\"; filename=\"%s\"`, \"error\", path),\n\t)\n\tif part, err := mw.CreatePart(hdr); err == nil {\n\t\t_, err := io.WriteString(part, text)\n\t\tif err != nil {\n\t\t\tctx.AbortWithError(http.StatusInternalServerError, err)\n\t\t}\n\t}\n}\n\nfunc fileExists(path string) bool {\n\tinfo, err := os.Stat(path)\n\treturn err == nil && !info.IsDir()\n}\n" }, { "path": "apps/daemon/pkg/toolbox/fs/find_in_files.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\nimport (\n\t\"bufio\"\n\t\"errors\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// FindInFiles godoc\n//\n//\t@Summary\t\tFind text in files\n//\t@Description\tSearch for text pattern within files in a directory\n//\t@Tags\t\t\tfile-system\n//\t@Produce\t\tjson\n//\t@Param\t\t\tpath\tquery\tstring\ttrue\t\"Directory path to search in\"\n//\t@Param\t\t\tpattern\tquery\tstring\ttrue\t\"Text pattern to search for\"\n//\t@Success\t\t200\t\t{array}\tMatch\n//\t@Router\t\t\t/files/find [get]\n//\n//\t@id\t\t\t\tFindInFiles\nfunc FindInFiles(c *gin.Context) {\n\tpath := c.Query(\"path\")\n\tpattern := c.Query(\"pattern\")\n\tif path == \"\" || pattern == \"\" {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"path and pattern are required\"))\n\t\treturn\n\t}\n\n\tvar matches = make([]Match, 0)\n\terr := filepath.Walk(path, func(filePath string, info os.FileInfo, err error) error {\n\t\tif err != nil {\n\t\t\treturn filepath.SkipDir\n\t\t}\n\n\t\tif !info.Mode().IsRegular() {\n\t\t\treturn nil\n\t\t}\n\n\t\tfile, err := os.Open(filePath)\n\t\tif err != nil {\n\t\t\treturn nil\n\t\t}\n\t\tdefer file.Close()\n\n\t\tbuf := make([]byte, 512)\n\t\tn, err := file.Read(buf)\n\t\tif err != nil {\n\t\t\treturn nil\n\t\t}\n\n\t\tfor i := 0; i < n; i++ {\n\t\t\t// skip binary files\n\t\t\tif buf[i] == 0 {\n\t\t\t\treturn nil\n\t\t\t}\n\t\t}\n\n\t\t_, err = file.Seek(0, 0)\n\t\tif err != nil {\n\t\t\treturn nil\n\t\t}\n\n\t\tscanner := bufio.NewScanner(file)\n\t\tlineNum := 1\n\t\tfor scanner.Scan() {\n\t\t\tif strings.Contains(scanner.Text(), pattern) {\n\t\t\t\tmatches = append(matches, Match{\n\t\t\t\t\tFile: filePath,\n\t\t\t\t\tLine: lineNum,\n\t\t\t\t\tContent: scanner.Text(),\n\t\t\t\t})\n\t\t\t}\n\t\t\tlineNum++\n\t\t}\n\t\treturn nil\n\t})\n\n\tif err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.JSON(http.StatusOK, matches)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/fs/get_file_info.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"os\"\n\t\"strconv\"\n\t\"syscall\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// GetFileInfo godoc\n//\n//\t@Summary\t\tGet file information\n//\t@Description\tGet detailed information about a file or directory\n//\t@Tags\t\t\tfile-system\n//\t@Produce\t\tjson\n//\t@Param\t\t\tpath\tquery\t\tstring\ttrue\t\"File or directory path\"\n//\t@Success\t\t200\t\t{object}\tFileInfo\n//\t@Router\t\t\t/files/info [get]\n//\n//\t@id\t\t\t\tGetFileInfo\nfunc GetFileInfo(c *gin.Context) {\n\tpath := c.Query(\"path\")\n\tif path == \"\" {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"path is required\"))\n\t\treturn\n\t}\n\n\tinfo, err := getFileInfo(path)\n\tif err != nil {\n\t\tif os.IsNotExist(err) {\n\t\t\tc.AbortWithError(http.StatusNotFound, err)\n\t\t\treturn\n\t\t}\n\t\tif os.IsPermission(err) {\n\t\t\tc.AbortWithError(http.StatusForbidden, err)\n\t\t\treturn\n\t\t}\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.JSON(http.StatusOK, info)\n}\n\nfunc getFileInfo(path string) (FileInfo, error) {\n\tinfo, err := os.Stat(path)\n\tif err != nil {\n\t\treturn FileInfo{}, err\n\t}\n\n\tstat := info.Sys().(*syscall.Stat_t)\n\treturn FileInfo{\n\t\tName: info.Name(),\n\t\tSize: info.Size(),\n\t\tMode: info.Mode().String(),\n\t\tModTime: info.ModTime().String(),\n\t\tIsDir: info.IsDir(),\n\t\tOwner: strconv.FormatUint(uint64(stat.Uid), 10),\n\t\tGroup: strconv.FormatUint(uint64(stat.Gid), 10),\n\t\tPermissions: fmt.Sprintf(\"%04o\", info.Mode().Perm()),\n\t}, nil\n}\n" }, { "path": "apps/daemon/pkg/toolbox/fs/list_files.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\nimport (\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// ListFiles godoc\n//\n//\t@Summary\t\tList files and directories\n//\t@Description\tList files and directories in the specified path\n//\t@Tags\t\t\tfile-system\n//\t@Produce\t\tjson\n//\t@Param\t\t\tpath\tquery\tstring\tfalse\t\"Directory path to list (defaults to working directory)\"\n//\t@Success\t\t200\t\t{array}\tFileInfo\n//\t@Router\t\t\t/files [get]\n//\n//\t@id\t\t\t\tListFiles\nfunc ListFiles(c *gin.Context) {\n\tpath := c.Query(\"path\")\n\tif path == \"\" {\n\t\tpath = \".\"\n\t}\n\n\tfiles, err := os.ReadDir(path)\n\tif err != nil {\n\t\tif os.IsNotExist(err) {\n\t\t\tc.AbortWithError(http.StatusNotFound, err)\n\t\t\treturn\n\t\t}\n\t\tif os.IsPermission(err) {\n\t\t\tc.AbortWithError(http.StatusForbidden, err)\n\t\t\treturn\n\t\t}\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tvar fileInfos = make([]FileInfo, 0)\n\tfor _, file := range files {\n\t\tinfo, err := getFileInfo(filepath.Join(path, file.Name()))\n\t\tif err != nil {\n\t\t\tcontinue\n\t\t}\n\t\tfileInfos = append(fileInfos, info)\n\t}\n\n\tc.JSON(http.StatusOK, fileInfos)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/fs/move_file.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\nimport (\n\t\"bufio\"\n\t\"errors\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// MoveFile godoc\n//\n//\t@Summary\t\tMove or rename file/directory\n//\t@Description\tMove or rename a file or directory from source to destination\n//\t@Tags\t\t\tfile-system\n//\t@Param\t\t\tsource\t\tquery\tstring\ttrue\t\"Source file or directory path\"\n//\t@Param\t\t\tdestination\tquery\tstring\ttrue\t\"Destination file or directory path\"\n//\t@Success\t\t200\n//\t@Router\t\t\t/files/move [post]\n//\n//\t@id\t\t\t\tMoveFile\nfunc MoveFile(c *gin.Context) {\n\tsourcePath := c.Query(\"source\")\n\tdestPath := c.Query(\"destination\")\n\n\tif sourcePath == \"\" || destPath == \"\" {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"source and destination paths are required\"))\n\t\treturn\n\t}\n\n\t// Get absolute paths\n\tabsSourcePath, err := filepath.Abs(sourcePath)\n\tif err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"invalid source path\"))\n\t\treturn\n\t}\n\n\tabsDestPath, err := filepath.Abs(destPath)\n\tif err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"invalid destination path\"))\n\t\treturn\n\t}\n\n\t// Check if source exists\n\tsourceInfo, err := os.Stat(absSourcePath)\n\tif err != nil {\n\t\tif os.IsNotExist(err) {\n\t\t\tc.AbortWithError(http.StatusNotFound, err)\n\t\t\treturn\n\t\t}\n\t\tif os.IsPermission(err) {\n\t\t\tc.AbortWithError(http.StatusForbidden, err)\n\t\t\treturn\n\t\t}\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\t// Check if destination parent directory exists\n\tdestDir := filepath.Dir(absDestPath)\n\t_, err = os.Stat(destDir)\n\tif err != nil {\n\t\tif os.IsNotExist(err) {\n\t\t\tc.AbortWithError(http.StatusNotFound, err)\n\t\t\treturn\n\t\t}\n\t\tif os.IsPermission(err) {\n\t\t\tc.AbortWithError(http.StatusForbidden, err)\n\t\t\treturn\n\t\t}\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\t// Check if destination already exists\n\tif _, err := os.Stat(absDestPath); err == nil {\n\t\tc.AbortWithError(http.StatusConflict, errors.New(\"destination already exists\"))\n\t\treturn\n\t}\n\n\t// Perform the move operation\n\terr = os.Rename(absSourcePath, absDestPath)\n\tif err != nil {\n\t\t// If rename fails (e.g., across different devices), try copy and delete\n\t\tif err := copyFile(absSourcePath, absDestPath, sourceInfo); err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"failed to move file: %w\", err))\n\t\t\treturn\n\t\t}\n\n\t\t// If copy successful, delete the source\n\t\tif err := os.RemoveAll(absSourcePath); err != nil {\n\t\t\t// If delete fails, inform that the file was copied but not deleted\n\t\t\tc.JSON(http.StatusOK, gin.H{\n\t\t\t\t\"message\": \"file copied successfully but source could not be deleted\",\n\t\t\t\t\"error\": fmt.Sprintf(\"failed to delete source: %v\", err),\n\t\t\t})\n\t\t\treturn\n\t\t}\n\t}\n\n\tc.Status(http.StatusOK)\n}\n\nfunc copyFile(src, dst string, srcInfo os.FileInfo) error {\n\tif srcInfo.IsDir() {\n\t\treturn filepath.Walk(src, func(path string, info os.FileInfo, err error) error {\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\t// Create relative path\n\t\t\trelPath, err := filepath.Rel(src, path)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\ttargetPath := filepath.Join(dst, relPath)\n\n\t\t\tif info.IsDir() {\n\t\t\t\treturn os.MkdirAll(targetPath, info.Mode())\n\t\t\t}\n\n\t\t\t// Copy the file\n\t\t\treturn copyFileContents(path, targetPath, info.Mode())\n\t\t})\n\t}\n\treturn copyFileContents(src, dst, srcInfo.Mode())\n}\n\nfunc copyFileContents(src, dst string, mode os.FileMode) error {\n\tin, err := os.Open(src)\n\tif err != nil {\n\t\treturn err\n\t}\n\tdefer in.Close()\n\n\tout, err := os.OpenFile(dst, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, mode)\n\tif err != nil {\n\t\treturn err\n\t}\n\tdefer out.Close()\n\n\t_, err = bufio.NewReader(in).WriteTo(out)\n\treturn err\n}\n" }, { "path": "apps/daemon/pkg/toolbox/fs/replace_in_files.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// ReplaceInFiles godoc\n//\n//\t@Summary\t\tReplace text in files\n//\t@Description\tReplace text pattern with new value in multiple files\n//\t@Tags\t\t\tfile-system\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\tReplaceRequest\ttrue\t\"Replace request\"\n//\t@Success\t\t200\t\t{array}\tReplaceResult\n//\t@Router\t\t\t/files/replace [post]\n//\n//\t@id\t\t\t\tReplaceInFiles\nfunc ReplaceInFiles(c *gin.Context) {\n\tvar req ReplaceRequest\n\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\treturn\n\t}\n\n\tresults := make([]ReplaceResult, 0, len(req.Files))\n\n\tfor _, filePath := range req.Files {\n\t\tcontent, err := os.ReadFile(filePath)\n\t\tif err != nil {\n\t\t\tresults = append(results, ReplaceResult{\n\t\t\t\tFile: filePath,\n\t\t\t\tSuccess: false,\n\t\t\t\tError: err.Error(),\n\t\t\t})\n\t\t\tcontinue\n\t\t}\n\n\t\tnewValue := \"\"\n\t\tif req.NewValue != nil {\n\t\t\tnewValue = *req.NewValue\n\t\t}\n\n\t\tnewContent := strings.ReplaceAll(string(content), req.Pattern, newValue)\n\n\t\terr = os.WriteFile(filePath, []byte(newContent), 0644)\n\t\tif err != nil {\n\t\t\tresults = append(results, ReplaceResult{\n\t\t\t\tFile: filePath,\n\t\t\t\tSuccess: false,\n\t\t\t\tError: err.Error(),\n\t\t\t})\n\t\t\tcontinue\n\t\t}\n\n\t\tresults = append(results, ReplaceResult{\n\t\t\tFile: filePath,\n\t\t\tSuccess: true,\n\t\t})\n\t}\n\n\tc.JSON(http.StatusOK, results)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/fs/search_files.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// SearchFiles godoc\n//\n//\t@Summary\t\tSearch files by pattern\n//\t@Description\tSearch for files matching a specific pattern in a directory\n//\t@Tags\t\t\tfile-system\n//\t@Produce\t\tjson\n//\t@Param\t\t\tpath\tquery\t\tstring\ttrue\t\"Directory path to search in\"\n//\t@Param\t\t\tpattern\tquery\t\tstring\ttrue\t\"File pattern to match (e.g., *.txt, *.go)\"\n//\t@Success\t\t200\t\t{object}\tSearchFilesResponse\n//\t@Router\t\t\t/files/search [get]\n//\n//\t@id\t\t\t\tSearchFiles\nfunc SearchFiles(c *gin.Context) {\n\tpath := c.Query(\"path\")\n\tpattern := c.Query(\"pattern\")\n\tif path == \"\" || pattern == \"\" {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"path and pattern are required\"))\n\t\treturn\n\t}\n\n\tvar matches []string\n\terr := filepath.Walk(path, func(path string, info os.FileInfo, err error) error {\n\t\tif err != nil {\n\t\t\treturn filepath.SkipDir\n\t\t}\n\t\tif matched, _ := filepath.Match(pattern, info.Name()); matched {\n\t\t\tmatches = append(matches, path)\n\t\t}\n\t\treturn nil\n\t})\n\n\tif err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.JSON(http.StatusOK, SearchFilesResponse{\n\t\tFiles: matches,\n\t})\n}\n" }, { "path": "apps/daemon/pkg/toolbox/fs/set_file_permissions.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"os\"\n\t\"os/user\"\n\t\"path/filepath\"\n\t\"strconv\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// SetFilePermissions godoc\n//\n//\t@Summary\t\tSet file permissions\n//\t@Description\tSet file permissions, ownership, and group for a file or directory\n//\t@Tags\t\t\tfile-system\n//\t@Param\t\t\tpath\tquery\tstring\ttrue\t\"File or directory path\"\n//\t@Param\t\t\towner\tquery\tstring\tfalse\t\"Owner (username or UID)\"\n//\t@Param\t\t\tgroup\tquery\tstring\tfalse\t\"Group (group name or GID)\"\n//\t@Param\t\t\tmode\tquery\tstring\tfalse\t\"File mode in octal format (e.g., 0755)\"\n//\t@Success\t\t200\n//\t@Router\t\t\t/files/permissions [post]\n//\n//\t@id\t\t\t\tSetFilePermissions\nfunc SetFilePermissions(c *gin.Context) {\n\tpath := c.Query(\"path\")\n\townerParam := c.Query(\"owner\")\n\tgroupParam := c.Query(\"group\")\n\tmode := c.Query(\"mode\")\n\n\tif path == \"\" {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"path is required\"))\n\t\treturn\n\t}\n\n\t// convert to absolute path and check existence\n\tabsPath, err := filepath.Abs(path)\n\tif err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"invalid path\"))\n\t\treturn\n\t}\n\n\t_, err = os.Stat(absPath)\n\tif err != nil {\n\t\tif os.IsNotExist(err) {\n\t\t\tc.AbortWithError(http.StatusNotFound, err)\n\t\t\treturn\n\t\t}\n\t\tif os.IsPermission(err) {\n\t\t\tc.AbortWithError(http.StatusForbidden, err)\n\t\t\treturn\n\t\t}\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\t// handle mode change\n\tif mode != \"\" {\n\t\tmodeNum, err := strconv.ParseUint(mode, 8, 32)\n\t\tif err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"invalid mode format\"))\n\t\t\treturn\n\t\t}\n\n\t\tif err := os.Chmod(absPath, os.FileMode(modeNum)); err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"failed to change mode: %w\", err))\n\t\t\treturn\n\t\t}\n\t}\n\n\t// handle ownership change\n\tif ownerParam != \"\" || groupParam != \"\" {\n\t\tuid := -1\n\t\tgid := -1\n\n\t\t// resolve owner\n\t\tif ownerParam != \"\" {\n\t\t\t// first try as numeric UID\n\t\t\tif uidNum, err := strconv.Atoi(ownerParam); err == nil {\n\t\t\t\tuid = uidNum\n\t\t\t} else {\n\t\t\t\t// try as username\n\t\t\t\tif u, err := user.Lookup(ownerParam); err == nil {\n\t\t\t\t\tif uid, err = strconv.Atoi(u.Uid); err != nil {\n\t\t\t\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"invalid user ID\"))\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"user not found\"))\n\t\t\t\t\treturn\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// resolve group\n\t\tif groupParam != \"\" {\n\t\t\t// first try as numeric GID\n\t\t\tif gidNum, err := strconv.Atoi(groupParam); err == nil {\n\t\t\t\tgid = gidNum\n\t\t\t} else {\n\t\t\t\t// try as group name\n\t\t\t\tif g, err := user.LookupGroup(groupParam); err == nil {\n\t\t\t\t\tif gid, err = strconv.Atoi(g.Gid); err != nil {\n\t\t\t\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"invalid group ID\"))\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"group not found\"))\n\t\t\t\t\treturn\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif err := os.Chown(absPath, uid, gid); err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"failed to change ownership: %w\", err))\n\t\t\treturn\n\t\t}\n\t}\n\n\tc.Status(http.StatusOK)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/fs/types.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\ntype FileInfo struct {\n\tName string `json:\"name\" validate:\"required\"`\n\tSize int64 `json:\"size\" validate:\"required\"`\n\tMode string `json:\"mode\" validate:\"required\"`\n\tModTime string `json:\"modTime\" validate:\"required\"`\n\tIsDir bool `json:\"isDir\" validate:\"required\"`\n\tOwner string `json:\"owner\" validate:\"required\"`\n\tGroup string `json:\"group\" validate:\"required\"`\n\tPermissions string `json:\"permissions\" validate:\"required\"`\n} // @name FileInfo\n\ntype ReplaceRequest struct {\n\tFiles []string `json:\"files\" validate:\"required\"`\n\tPattern string `json:\"pattern\" validate:\"required\"`\n\tNewValue *string `json:\"newValue\" validate:\"required\"`\n} // @name ReplaceRequest\n\ntype ReplaceResult struct {\n\tFile string `json:\"file\"`\n\tSuccess bool `json:\"success\"`\n\tError string `json:\"error,omitempty\"`\n} // @name ReplaceResult\n\ntype Match struct {\n\tFile string `json:\"file\" validate:\"required\"`\n\tLine int `json:\"line\" validate:\"required\"`\n\tContent string `json:\"content\" validate:\"required\"`\n} // @name Match\n\ntype SearchFilesResponse struct {\n\tFiles []string `json:\"files\" validate:\"required\"`\n} // @name SearchFilesResponse\n\ntype FilesDownloadRequest struct {\n\tPaths []string `json:\"paths\" validate:\"required\"`\n} // @name FilesDownloadRequest\n" }, { "path": "apps/daemon/pkg/toolbox/fs/upload_file.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// UploadFile godoc\n//\n//\t@Summary\t\tUpload a file\n//\t@Description\tUpload a file to the specified path\n//\t@Tags\t\t\tfile-system\n//\t@Accept\t\t\tmultipart/form-data\n//\t@Param\t\t\tpath\tquery\t\tstring\ttrue\t\"Destination path for the uploaded file\"\n//\t@Param\t\t\tfile\tformData\tfile\ttrue\t\"File to upload\"\n//\t@Success\t\t200\t\t{object}\tgin.H\n//\t@Router\t\t\t/files/upload [post]\n//\n//\t@id\t\t\t\tUploadFile\nfunc UploadFile(c *gin.Context) {\n\tpath := c.Query(\"path\")\n\tif path == \"\" {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"path is required\"))\n\t\treturn\n\t}\n\n\tfile, err := c.FormFile(\"file\")\n\tif err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tif err := c.SaveUploadedFile(file, path); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.Status(http.StatusOK)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/fs/upload_files.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage fs\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// UploadFiles godoc\n//\n//\t@Summary\t\tUpload multiple files\n//\t@Description\tUpload multiple files with their destination paths\n//\t@Tags\t\t\tfile-system\n//\t@Accept\t\t\tmultipart/form-data\n//\t@Success\t\t200\n//\t@Router\t\t\t/files/bulk-upload [post]\n//\n//\t@id\t\t\t\tUploadFiles\nfunc UploadFiles(c *gin.Context) {\n\treader, err := c.Request.MultipartReader()\n\tif err != nil {\n\t\tc.JSON(http.StatusBadRequest, gin.H{\"errors\": []string{\"invalid multipart form\"}})\n\t\treturn\n\t}\n\n\tdests := make(map[string]string)\n\tvar errs []string\n\n\tfor {\n\t\tpart, err := reader.NextPart()\n\t\tif err == io.EOF {\n\t\t\tbreak\n\t\t}\n\t\tif err != nil {\n\t\t\terrs = append(errs, fmt.Sprintf(\"reading part: %v\", err))\n\t\t\tcontinue\n\t\t}\n\n\t\tname := part.FormName()\n\n\t\tif strings.HasSuffix(name, \".path\") {\n\t\t\tdata, err := io.ReadAll(part)\n\t\t\tif err != nil {\n\t\t\t\tidx := extractIndex(name)\n\t\t\t\terrs = append(errs, fmt.Sprintf(\"path[%s]: %v\", idx, err))\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tidx := extractIndex(name)\n\t\t\tdests[idx] = string(data)\n\t\t\tcontinue\n\t\t}\n\n\t\tif strings.HasSuffix(name, \".file\") {\n\t\t\tidx := extractIndex(name)\n\t\t\tdest, ok := dests[idx]\n\t\t\tif !ok {\n\t\t\t\terrs = append(errs, fmt.Sprintf(\"file[%s]: missing .path metadata\", idx))\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tif d := filepath.Dir(dest); d != \"\" {\n\t\t\t\tif err := os.MkdirAll(d, 0o755); err != nil {\n\t\t\t\t\terrs = append(errs, fmt.Sprintf(\"%s: mkdir %s: %v\", dest, d, err))\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tf, err := os.Create(dest)\n\t\t\tif err != nil {\n\t\t\t\terrs = append(errs, fmt.Sprintf(\"%s: create: %v\", dest, err))\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tif _, err := io.Copy(f, part); err != nil {\n\t\t\t\terrs = append(errs, fmt.Sprintf(\"%s: write: %v\", dest, err))\n\t\t\t}\n\t\t\tf.Close()\n\t\t\tcontinue\n\t\t}\n\t}\n\n\tif len(errs) > 0 {\n\t\tc.JSON(http.StatusBadRequest, gin.H{\"errors\": errs})\n\t\treturn\n\t}\n\n\tc.Status(http.StatusOK)\n}\n\nfunc extractIndex(fieldName string) string {\n\ts := strings.TrimPrefix(fieldName, \"files[\")\n\treturn strings.TrimSuffix(strings.TrimSuffix(s, \"].path\"), \"].file\")\n}\n" }, { "path": "apps/daemon/pkg/toolbox/git/add.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/daytonaio/daemon/pkg/git\"\n\t\"github.com/gin-gonic/gin\"\n)\n\n// AddFiles godoc\n//\n//\t@Summary\t\tAdd files to Git staging\n//\t@Description\tAdd files to the Git staging area\n//\t@Tags\t\t\tgit\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\tGitAddRequest\ttrue\t\"Add files request\"\n//\t@Success\t\t200\n//\t@Router\t\t\t/git/add [post]\n//\n//\t@id\t\t\t\tAddFiles\nfunc AddFiles(c *gin.Context) {\n\tvar req GitAddRequest\n\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\treturn\n\t}\n\n\tgitService := git.Service{\n\t\tWorkDir: req.Path,\n\t}\n\n\tif err := gitService.Add(req.Files); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.Status(http.StatusOK)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/git/checkout.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/daytonaio/daemon/pkg/git\"\n\t\"github.com/gin-gonic/gin\"\n)\n\n// CheckoutBranch godoc\n//\n//\t@Summary\t\tCheckout branch or commit\n//\t@Description\tSwitch to a different branch or commit in the Git repository\n//\t@Tags\t\t\tgit\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\tGitCheckoutRequest\ttrue\t\"Checkout request\"\n//\t@Success\t\t200\n//\t@Router\t\t\t/git/checkout [post]\n//\n//\t@id\t\t\t\tCheckoutBranch\nfunc CheckoutBranch(c *gin.Context) {\n\tvar req GitCheckoutRequest\n\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\treturn\n\t}\n\n\tgitService := git.Service{\n\t\tWorkDir: req.Path,\n\t}\n\n\tif err := gitService.Checkout(req.Branch); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.Status(http.StatusOK)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/git/clone_repository.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/daytonaio/daemon/pkg/git\"\n\t\"github.com/daytonaio/daemon/pkg/gitprovider\"\n\t\"github.com/gin-gonic/gin\"\n\tgo_git_http \"github.com/go-git/go-git/v5/plumbing/transport/http\"\n)\n\n// CloneRepository godoc\n//\n//\t@Summary\t\tClone a Git repository\n//\t@Description\tClone a Git repository to the specified path\n//\t@Tags\t\t\tgit\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\tGitCloneRequest\ttrue\t\"Clone repository request\"\n//\t@Success\t\t200\n//\t@Router\t\t\t/git/clone [post]\n//\n//\t@id\t\t\t\tCloneRepository\nfunc CloneRepository(c *gin.Context) {\n\tvar req GitCloneRequest\n\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\treturn\n\t}\n\n\tbranch := \"\"\n\tif req.Branch != nil {\n\t\tbranch = *req.Branch\n\t}\n\n\trepo := gitprovider.GitRepository{\n\t\tUrl: req.URL,\n\t\tBranch: branch,\n\t}\n\n\tif req.CommitID != nil {\n\t\trepo.Target = gitprovider.CloneTargetCommit\n\t\trepo.Sha = *req.CommitID\n\t}\n\n\tgitService := git.Service{\n\t\tWorkDir: req.Path,\n\t}\n\n\tvar auth *go_git_http.BasicAuth\n\n\t// Set authentication if provided\n\tif req.Username != nil && req.Password != nil {\n\t\tauth = &go_git_http.BasicAuth{\n\t\t\tUsername: *req.Username,\n\t\t\tPassword: *req.Password,\n\t\t}\n\t}\n\n\terr := gitService.CloneRepository(&repo, auth)\n\tif err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.Status(http.StatusOK)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/git/commit.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"time\"\n\n\t\"github.com/daytonaio/daemon/pkg/git\"\n\t\"github.com/gin-gonic/gin\"\n\tgo_git \"github.com/go-git/go-git/v5\"\n\t\"github.com/go-git/go-git/v5/plumbing/object\"\n)\n\n// CommitChanges godoc\n//\n//\t@Summary\t\tCommit changes\n//\t@Description\tCommit staged changes to the Git repository\n//\t@Tags\t\t\tgit\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tGitCommitRequest\ttrue\t\"Commit request\"\n//\t@Success\t\t200\t\t{object}\tGitCommitResponse\n//\t@Router\t\t\t/git/commit [post]\n//\n//\t@id\t\t\t\tCommitChanges\nfunc CommitChanges(c *gin.Context) {\n\tvar req GitCommitRequest\n\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\treturn\n\t}\n\n\tgitService := git.Service{\n\t\tWorkDir: req.Path,\n\t}\n\n\tcommitSha, err := gitService.Commit(req.Message, &go_git.CommitOptions{\n\t\tAuthor: &object.Signature{\n\t\t\tName: req.Author,\n\t\t\tEmail: req.Email,\n\t\t\tWhen: time.Now(),\n\t\t},\n\t\tAllowEmptyCommits: req.AllowEmpty,\n\t})\n\n\tif err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.JSON(http.StatusOK, GitCommitResponse{\n\t\tHash: commitSha,\n\t})\n}\n" }, { "path": "apps/daemon/pkg/toolbox/git/create_branch.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/daytonaio/daemon/pkg/git\"\n\t\"github.com/gin-gonic/gin\"\n)\n\n// CreateBranch godoc\n//\n//\t@Summary\t\tCreate a new branch\n//\t@Description\tCreate a new branch in the Git repository\n//\t@Tags\t\t\tgit\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\tGitBranchRequest\ttrue\t\"Create branch request\"\n//\t@Success\t\t201\n//\t@Router\t\t\t/git/branches [post]\n//\n//\t@id\t\t\t\tCreateBranch\nfunc CreateBranch(c *gin.Context) {\n\tvar req GitBranchRequest\n\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\treturn\n\t}\n\n\tgitService := git.Service{\n\t\tWorkDir: req.Path,\n\t}\n\n\tif err := gitService.CreateBranch(req.Name); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.Status(http.StatusCreated)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/git/delete_branch.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/daytonaio/daemon/pkg/git\"\n\t\"github.com/gin-gonic/gin\"\n)\n\n// DeleteBranch godoc\n//\n//\t@Summary\t\tDelete a branch\n//\t@Description\tDelete a branch from the Git repository\n//\t@Tags\t\t\tgit\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\tGitDeleteBranchRequest\ttrue\t\"Delete branch request\"\n//\t@Success\t\t204\n//\t@Router\t\t\t/git/branches [delete]\n//\n//\t@id\t\t\t\tDeleteBranch\nfunc DeleteBranch(c *gin.Context) {\n\tvar req GitDeleteBranchRequest\n\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\treturn\n\t}\n\n\tgitService := git.Service{\n\t\tWorkDir: req.Path,\n\t}\n\n\tif err := gitService.DeleteBranch(req.Name); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.Status(http.StatusNoContent)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/git/history.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\n\t\"github.com/daytonaio/daemon/pkg/git\"\n\t\"github.com/gin-gonic/gin\"\n)\n\n// GetCommitHistory godoc\n//\n//\t@Summary\t\tGet commit history\n//\t@Description\tGet the commit history of the Git repository\n//\t@Tags\t\t\tgit\n//\t@Produce\t\tjson\n//\t@Param\t\t\tpath\tquery\tstring\ttrue\t\"Repository path\"\n//\t@Success\t\t200\t\t{array}\tgit.GitCommitInfo\n//\t@Router\t\t\t/git/history [get]\n//\n//\t@id\t\t\t\tGetCommitHistory\nfunc GetCommitHistory(c *gin.Context) {\n\tpath := c.Query(\"path\")\n\tif path == \"\" {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"path is required\"))\n\t\treturn\n\t}\n\n\tgitService := git.Service{\n\t\tWorkDir: path,\n\t}\n\n\tlog, err := gitService.Log()\n\tif err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.JSON(http.StatusOK, log)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/git/list_branches.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\n\t\"github.com/daytonaio/daemon/pkg/git\"\n\t\"github.com/gin-gonic/gin\"\n)\n\n// ListBranches godoc\n//\n//\t@Summary\t\tList branches\n//\t@Description\tGet a list of all branches in the Git repository\n//\t@Tags\t\t\tgit\n//\t@Produce\t\tjson\n//\t@Param\t\t\tpath\tquery\t\tstring\ttrue\t\"Repository path\"\n//\t@Success\t\t200\t\t{object}\tListBranchResponse\n//\t@Router\t\t\t/git/branches [get]\n//\n//\t@id\t\t\t\tListBranches\nfunc ListBranches(c *gin.Context) {\n\tpath := c.Query(\"path\")\n\tif path == \"\" {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"path is required\"))\n\t\treturn\n\t}\n\n\tgitService := git.Service{\n\t\tWorkDir: path,\n\t}\n\n\tbranchList, err := gitService.ListBranches()\n\tif err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.JSON(http.StatusOK, ListBranchResponse{\n\t\tBranches: branchList,\n\t})\n}\n" }, { "path": "apps/daemon/pkg/toolbox/git/pull.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/daytonaio/daemon/pkg/git\"\n\t\"github.com/gin-gonic/gin\"\n\tgo_git \"github.com/go-git/go-git/v5\"\n\tgo_git_http \"github.com/go-git/go-git/v5/plumbing/transport/http\"\n)\n\n// PullChanges godoc\n//\n//\t@Summary\t\tPull changes from remote\n//\t@Description\tPull changes from the remote Git repository\n//\t@Tags\t\t\tgit\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\tGitRepoRequest\ttrue\t\"Pull request\"\n//\t@Success\t\t200\n//\t@Router\t\t\t/git/pull [post]\n//\n//\t@id\t\t\t\tPullChanges\nfunc PullChanges(c *gin.Context) {\n\tvar req GitRepoRequest\n\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\treturn\n\t}\n\n\tvar auth *go_git_http.BasicAuth\n\tif req.Username != nil && req.Password != nil {\n\t\tauth = &go_git_http.BasicAuth{\n\t\t\tUsername: *req.Username,\n\t\t\tPassword: *req.Password,\n\t\t}\n\t}\n\n\tgitService := git.Service{\n\t\tWorkDir: req.Path,\n\t}\n\n\terr := gitService.Pull(auth)\n\tif err != nil && err != go_git.NoErrAlreadyUpToDate {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.Status(http.StatusOK)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/git/push.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/daytonaio/daemon/pkg/git\"\n\t\"github.com/gin-gonic/gin\"\n\tgo_git \"github.com/go-git/go-git/v5\"\n\tgo_git_http \"github.com/go-git/go-git/v5/plumbing/transport/http\"\n)\n\n// PushChanges godoc\n//\n//\t@Summary\t\tPush changes to remote\n//\t@Description\tPush local changes to the remote Git repository\n//\t@Tags\t\t\tgit\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\tGitRepoRequest\ttrue\t\"Push request\"\n//\t@Success\t\t200\n//\t@Router\t\t\t/git/push [post]\n//\n//\t@id\t\t\t\tPushChanges\nfunc PushChanges(c *gin.Context) {\n\tvar req GitRepoRequest\n\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\treturn\n\t}\n\n\tvar auth *go_git_http.BasicAuth\n\tif req.Username != nil && req.Password != nil {\n\t\tauth = &go_git_http.BasicAuth{\n\t\t\tUsername: *req.Username,\n\t\t\tPassword: *req.Password,\n\t\t}\n\t}\n\n\tgitService := git.Service{\n\t\tWorkDir: req.Path,\n\t}\n\n\terr := gitService.Push(auth)\n\tif err != nil && err != go_git.NoErrAlreadyUpToDate {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.Status(http.StatusOK)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/git/status.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\n\t\"github.com/daytonaio/daemon/pkg/git\"\n\t\"github.com/gin-gonic/gin\"\n)\n\n// GetStatus godoc\n//\n//\t@Summary\t\tGet Git status\n//\t@Description\tGet the Git status of the repository at the specified path\n//\t@Tags\t\t\tgit\n//\t@Produce\t\tjson\n//\t@Param\t\t\tpath\tquery\t\tstring\ttrue\t\"Repository path\"\n//\t@Success\t\t200\t\t{object}\tgit.GitStatus\n//\t@Router\t\t\t/git/status [get]\n//\n//\t@id\t\t\t\tGetStatus\nfunc GetStatus(c *gin.Context) {\n\tpath := c.Query(\"path\")\n\tif path == \"\" {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"path is required\"))\n\t\treturn\n\t}\n\n\tgitService := git.Service{\n\t\tWorkDir: path,\n\t}\n\n\tstatus, err := gitService.GetGitStatus()\n\tif err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\treturn\n\t}\n\n\tc.JSON(http.StatusOK, status)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/git/types.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage git\n\ntype GitAddRequest struct {\n\tPath string `json:\"path\" validate:\"required\"`\n\t// files to add (use . for all files)\n\tFiles []string `json:\"files\" validate:\"required\"`\n} // @name GitAddRequest\n\ntype GitCloneRequest struct {\n\tURL string `json:\"url\" validate:\"required\"`\n\tPath string `json:\"path\" validate:\"required\"`\n\tUsername *string `json:\"username,omitempty\" validate:\"optional\"`\n\tPassword *string `json:\"password,omitempty\" validate:\"optional\"`\n\tBranch *string `json:\"branch,omitempty\" validate:\"optional\"`\n\tCommitID *string `json:\"commit_id,omitempty\" validate:\"optional\"`\n} // @name GitCloneRequest\n\ntype GitCommitRequest struct {\n\tPath string `json:\"path\" validate:\"required\"`\n\tMessage string `json:\"message\" validate:\"required\"`\n\tAuthor string `json:\"author\" validate:\"required\"`\n\tEmail string `json:\"email\" validate:\"required\"`\n\tAllowEmpty bool `json:\"allow_empty,omitempty\"`\n} // @name GitCommitRequest\n\ntype GitCommitResponse struct {\n\tHash string `json:\"hash\" validate:\"required\"`\n} // @name GitCommitResponse\n\ntype GitBranchRequest struct {\n\tPath string `json:\"path\" validate:\"required\"`\n\tName string `json:\"name\" validate:\"required\"`\n} // @name GitBranchRequest\n\ntype GitDeleteBranchRequest struct {\n\tPath string `json:\"path\" validate:\"required\"`\n\tName string `json:\"name\" validate:\"required\"`\n}\n\ntype ListBranchResponse struct {\n\tBranches []string `json:\"branches\" validate:\"required\"`\n} // @name ListBranchResponse\n\ntype GitRepoRequest struct {\n\tPath string `json:\"path\" validate:\"required\"`\n\tUsername *string `json:\"username,omitempty\" validate:\"optional\"`\n\tPassword *string `json:\"password,omitempty\" validate:\"optional\"`\n} // @name GitRepoRequest\n\ntype GitCheckoutRequest struct {\n\tPath string `json:\"path\" validate:\"required\"`\n\tBranch string `json:\"branch\" validate:\"required\"`\n} // @name GitCheckoutRequest\n" }, { "path": "apps/daemon/pkg/toolbox/lsp/client.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage lsp\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"os/exec\"\n\t\"strings\"\n\n\t\"github.com/sourcegraph/jsonrpc2\"\n)\n\ntype Client struct {\n\tconn *jsonrpc2.Conn\n}\n\ntype InitializeParams struct {\n\tProcessID int `json:\"processId\"`\n\tClientInfo ClientInfo `json:\"clientInfo\"`\n\tRootURI string `json:\"rootUri\"`\n\tCapabilities ClientCapabilities `json:\"capabilities\"`\n}\n\ntype ClientInfo struct {\n\tName string `json:\"name\"`\n\tVersion string `json:\"version\"`\n}\n\ntype ClientCapabilities struct {\n\tTextDocument TextDocumentClientCapabilities `json:\"textDocument\"`\n\tWorkspace WorkspaceClientCapabilities `json:\"workspace\"`\n}\n\ntype TextDocumentClientCapabilities struct {\n\tCompletion CompletionClientCapabilities `json:\"completion\"`\n\tDocumentSymbol DocumentSymbolClientCapabilities `json:\"documentSymbol\"`\n}\n\ntype CompletionClientCapabilities struct {\n\tDynamicRegistration bool `json:\"dynamicRegistration\"`\n\tCompletionItem CompletionItemCapabilities `json:\"completionItem\"`\n\tContextSupport bool `json:\"contextSupport\"`\n}\n\ntype CompletionItemCapabilities struct {\n\tSnippetSupport bool `json:\"snippetSupport\"`\n\tCommitCharactersSupport bool `json:\"commitCharactersSupport\"`\n\tDocumentationFormat []string `json:\"documentationFormat\"`\n\tDeprecatedSupport bool `json:\"deprecatedSupport\"`\n\tPreselectSupport bool `json:\"preselectSupport\"`\n}\n\ntype DocumentSymbolClientCapabilities struct {\n\tDynamicRegistration bool `json:\"dynamicRegistration\"`\n\tSymbolKind SymbolKindInfo `json:\"symbolKind\"`\n}\n\ntype SymbolKindInfo struct {\n\tValueSet []int `json:\"valueSet\"`\n}\n\ntype WorkspaceClientCapabilities struct {\n\tSymbol WorkspaceSymbolClientCapabilities `json:\"symbol\"`\n}\n\ntype WorkspaceSymbolClientCapabilities struct {\n\tDynamicRegistration bool `json:\"dynamicRegistration\"`\n}\n\ntype StdioStream struct {\n\tcmd *exec.Cmd\n\tin io.WriteCloser\n\tout io.ReadCloser\n}\n\ntype Range struct {\n\tStart LspPosition `json:\"start\" validate:\"required\"`\n\tEnd LspPosition `json:\"end\" validate:\"required\"`\n} // @name Range\n\ntype TextDocumentIdentifier struct {\n\tURI string `json:\"uri\" validate:\"required\"`\n}\n\ntype VersionedTextDocumentIdentifier struct {\n\tURI string `json:\"uri\" validate:\"required\"`\n\tVersion int `json:\"version\" validate:\"required\"`\n} // @name VersionedTextDocumentIdentifier\n\ntype CompletionParams struct {\n\tTextDocument TextDocumentIdentifier `json:\"textDocument\" validate:\"required\"`\n\tPosition LspPosition `json:\"position\" validate:\"required\"`\n\tContext *CompletionContext `json:\"context,omitempty\" validate:\"optional\"`\n} // @name CompletionParams\n\ntype CompletionContext struct {\n\tTriggerKind int `json:\"triggerKind\" validate:\"required\"`\n\tTriggerCharacter *string `json:\"triggerCharacter,omitempty\" validate:\"optional\"`\n} // @name CompletionContext\n\ntype CompletionItem struct {\n\tLabel string `json:\"label\" validate:\"required\"`\n\tKind *int `json:\"kind,omitempty\" validate:\"optional\"`\n\tDetail *string `json:\"detail,omitempty\" validate:\"optional\"`\n\tDocumentation interface{} `json:\"documentation,omitempty\" validate:\"optional\"`\n\tSortText *string `json:\"sortText,omitempty\" validate:\"optional\"`\n\tFilterText *string `json:\"filterText,omitempty\" validate:\"optional\"`\n\tInsertText *string `json:\"insertText,omitempty\" validate:\"optional\"`\n} // @name CompletionItem\n\ntype CompletionList struct {\n\tIsIncomplete bool `json:\"isIncomplete\" validate:\"required\"`\n\tItems []CompletionItem `json:\"items\" validate:\"required\"`\n} // @name CompletionList\n\ntype LspSymbol struct {\n\tKind int `json:\"kind\" validate:\"required\"`\n\tLocation LspLocation `json:\"location\" validate:\"required\"`\n\tName string `json:\"name\" validate:\"required\"`\n} // @name LspSymbol\n\ntype LspLocation struct {\n\tRange LspRange `json:\"range\" validate:\"required\"`\n\tURI string `json:\"uri\" validate:\"required\"`\n} // @name LspLocation\n\ntype LspRange struct {\n\tEnd LspPosition `json:\"end\" validate:\"required\"`\n\tStart LspPosition `json:\"start\" validate:\"required\"`\n} // @name LspRange\n\ntype LspPosition struct {\n\tCharacter int `json:\"character\" validate:\"required\"`\n\tLine int `json:\"line\" validate:\"required\"`\n} // @name LspPosition\n\ntype WorkspaceSymbolParams struct {\n\tQuery string `json:\"query\" validate:\"required\"`\n} // @name WorkspaceSymbolParams\n\nfunc (s *StdioStream) Read(p []byte) (n int, err error) {\n\treturn s.out.Read(p)\n}\n\nfunc (s *StdioStream) Write(p []byte) (n int, err error) {\n\treturn s.in.Write(p)\n}\n\nfunc (s *StdioStream) Close() error {\n\tif err := s.in.Close(); err != nil {\n\t\treturn err\n\t}\n\treturn s.out.Close()\n}\n\nfunc NewStdioStream(cmd *exec.Cmd) (*StdioStream, error) {\n\tstdin, err := cmd.StdinPipe()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tstdout, err := cmd.StdoutPipe()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &StdioStream{\n\t\tcmd: cmd,\n\t\tin: stdin,\n\t\tout: stdout,\n\t}, nil\n}\n\nfunc (c *Client) NotifyDidClose(ctx context.Context, uri string) error {\n\tparams := map[string]interface{}{\n\t\t\"textDocument\": map[string]interface{}{\n\t\t\t\"uri\": uri,\n\t\t},\n\t}\n\n\treturn c.conn.Notify(ctx, \"textDocument/didClose\", params)\n}\n\nfunc (c *Client) GetWorkspaceSymbols(ctx context.Context, query string) ([]LspSymbol, error) {\n\tparams := map[string]interface{}{\n\t\t\"query\": query,\n\t}\n\n\tvar symbols []LspSymbol\n\terr := c.conn.Call(ctx, \"workspace/symbol\", params, &symbols)\n\treturn symbols, err\n}\n\nfunc (c *Client) GetCompletion(ctx context.Context, uri string, position LspPosition, context *CompletionContext) (*CompletionList, error) {\n\tparams := CompletionParams{\n\t\tTextDocument: TextDocumentIdentifier{\n\t\t\tURI: uri,\n\t\t},\n\t\tPosition: position,\n\t\tContext: context,\n\t}\n\n\tvar result interface{}\n\tif err := c.conn.Call(ctx, \"textDocument/completion\", params, &result); err != nil {\n\t\treturn nil, err\n\t}\n\n\t// Handle both possible response types: CompletionList or []CompletionItem\n\tvar completionList CompletionList\n\tswitch v := result.(type) {\n\tcase map[string]interface{}:\n\t\t// It's a CompletionList\n\t\tif items, ok := v[\"items\"].([]interface{}); ok {\n\t\t\tcompletionItems := make([]CompletionItem, 0, len(items))\n\t\t\tfor _, item := range items {\n\t\t\t\tif itemMap, ok := item.(map[string]interface{}); ok {\n\t\t\t\t\tcompletionItems = append(completionItems, parseCompletionItem(itemMap))\n\t\t\t\t}\n\t\t\t}\n\t\t\tcompletionList.Items = completionItems\n\t\t\tcompletionList.IsIncomplete = v[\"isIncomplete\"].(bool)\n\t\t}\n\tcase []interface{}:\n\t\t// It's an array of CompletionItems\n\t\tcompletionItems := make([]CompletionItem, 0, len(v))\n\t\tfor _, item := range v {\n\t\t\tif itemMap, ok := item.(map[string]interface{}); ok {\n\t\t\t\tcompletionItems = append(completionItems, parseCompletionItem(itemMap))\n\t\t\t}\n\t\t}\n\t\tcompletionList.Items = completionItems\n\t}\n\n\treturn &completionList, nil\n}\n\nfunc (c *Client) DidOpen(ctx context.Context, uri string, languageId string) error {\n\tpath := strings.TrimPrefix(uri, \"file://\")\n\n\tcontent, err := os.ReadFile(path)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to read file: %w\", err)\n\t}\n\n\tparams := map[string]interface{}{\n\t\t\"textDocument\": map[string]interface{}{\n\t\t\t\"uri\": uri,\n\t\t\t\"languageId\": languageId,\n\t\t\t\"version\": 1,\n\t\t\t\"text\": string(content),\n\t\t},\n\t}\n\n\treturn c.conn.Notify(ctx, \"textDocument/didOpen\", params)\n}\n\nfunc (c *Client) GetDocumentSymbols(ctx context.Context, uri string) ([]LspSymbol, error) {\n\tparams := map[string]interface{}{\n\t\t\"textDocument\": map[string]interface{}{\n\t\t\t\"uri\": uri,\n\t\t},\n\t}\n\n\tvar symbols []LspSymbol\n\terr := c.conn.Call(ctx, \"textDocument/documentSymbol\", params, &symbols)\n\treturn symbols, err\n}\n\nfunc parseCompletionItem(item map[string]interface{}) CompletionItem {\n\tci := CompletionItem{\n\t\tLabel: item[\"label\"].(string),\n\t}\n\n\tif kind, ok := item[\"kind\"].(float64); ok {\n\t\tk := int(kind)\n\t\tci.Kind = &k\n\t}\n\n\tif detail, ok := item[\"detail\"].(string); ok {\n\t\tci.Detail = &detail\n\t}\n\n\tif sortText, ok := item[\"sortText\"].(string); ok {\n\t\tci.SortText = &sortText\n\t}\n\n\tif filterText, ok := item[\"filterText\"].(string); ok {\n\t\tci.FilterText = &filterText\n\t}\n\n\tif insertText, ok := item[\"insertText\"].(string); ok {\n\t\tci.InsertText = &insertText\n\t}\n\n\tci.Documentation = item[\"documentation\"]\n\n\treturn ci\n}\n\nfunc (c *Client) Initialize(ctx context.Context, params InitializeParams) error {\n\tvar result interface{}\n\tif err := c.conn.Call(ctx, \"initialize\", params, &result); err != nil {\n\t\treturn err\n\t}\n\n\treturn c.conn.Notify(ctx, \"initialized\", nil)\n}\n\nfunc (c *Client) Shutdown(ctx context.Context) error {\n\treturn c.conn.Notify(ctx, \"shutdown\", nil)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/lsp/lsp.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage lsp\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// Start godoc\n//\n//\t@Summary\t\tStart LSP server\n//\t@Description\tStart a Language Server Protocol server for the specified language\n//\t@Tags\t\t\tlsp\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\tLspServerRequest\ttrue\t\"LSP server request\"\n//\t@Success\t\t200\n//\t@Router\t\t\t/lsp/start [post]\n//\n//\t@id\t\t\t\tStart\nfunc Start(logger *slog.Logger) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req LspServerRequest\n\t\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\t\treturn\n\t\t}\n\n\t\tservice := GetLSPService(logger)\n\t\terr := service.Start(req.LanguageId, req.PathToProject)\n\t\tif err != nil {\n\t\t\tlogger.Error(\"error starting LSP server\", \"error\", err)\n\t\t\tc.AbortWithError(http.StatusInternalServerError, errors.New(\"error starting LSP server\"))\n\t\t\treturn\n\t\t}\n\n\t\tc.Status(http.StatusOK)\n\t}\n}\n\n// Stop godoc\n//\n//\t@Summary\t\tStop LSP server\n//\t@Description\tStop a Language Server Protocol server\n//\t@Tags\t\t\tlsp\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\tLspServerRequest\ttrue\t\"LSP server request\"\n//\t@Success\t\t200\n//\t@Router\t\t\t/lsp/stop [post]\n//\n//\t@id\t\t\t\tStop\nfunc Stop(logger *slog.Logger) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req LspServerRequest\n\t\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\t\treturn\n\t\t}\n\n\t\tservice := GetLSPService(logger)\n\t\terr := service.Shutdown(req.LanguageId, req.PathToProject)\n\t\tif err != nil {\n\t\t\tlogger.Error(\"error stopping LSP server\", \"error\", err)\n\t\t\tc.AbortWithError(http.StatusInternalServerError, errors.New(\"error stopping LSP server\"))\n\t\t\treturn\n\t\t}\n\n\t\tc.Status(http.StatusOK)\n\t}\n}\n\n// DidOpen godoc\n//\n//\t@Summary\t\tNotify document opened\n//\t@Description\tNotify the LSP server that a document has been opened\n//\t@Tags\t\t\tlsp\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\tLspDocumentRequest\ttrue\t\"Document request\"\n//\t@Success\t\t200\n//\t@Router\t\t\t/lsp/did-open [post]\n//\n//\t@id\t\t\t\tDidOpen\nfunc DidOpen(logger *slog.Logger) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req LspDocumentRequest\n\t\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\t\treturn\n\t\t}\n\n\t\tservice := GetLSPService(logger)\n\t\tserver, err := service.Get(req.LanguageId, req.PathToProject)\n\t\tif err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\t\treturn\n\t\t}\n\t\tif !server.IsInitialized() {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"server not initialized\"))\n\t\t\treturn\n\t\t}\n\t\terr = server.HandleDidOpen(c.Request.Context(), req.Uri)\n\t\tif err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\t\treturn\n\t\t}\n\n\t\tc.Status(http.StatusOK)\n\t}\n}\n\n// DidClose godoc\n//\n//\t@Summary\t\tNotify document closed\n//\t@Description\tNotify the LSP server that a document has been closed\n//\t@Tags\t\t\tlsp\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\tLspDocumentRequest\ttrue\t\"Document request\"\n//\t@Success\t\t200\n//\t@Router\t\t\t/lsp/did-close [post]\n//\n//\t@id\t\t\t\tDidClose\nfunc DidClose(logger *slog.Logger) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req LspDocumentRequest\n\t\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\t\treturn\n\t\t}\n\n\t\tservice := GetLSPService(logger)\n\t\tserver, err := service.Get(req.LanguageId, req.PathToProject)\n\t\tif err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\t\treturn\n\t\t}\n\t\tif !server.IsInitialized() {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"server not initialized\"))\n\t\t\treturn\n\t\t}\n\t\terr = server.HandleDidClose(c.Request.Context(), req.Uri)\n\t\tif err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\t\treturn\n\t\t}\n\n\t\tc.Status(http.StatusOK)\n\t}\n}\n\n// Completions godoc\n//\n//\t@Summary\t\tGet code completions\n//\t@Description\tGet code completion suggestions from the LSP server\n//\t@Tags\t\t\tlsp\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tLspCompletionParams\ttrue\t\"Completion request\"\n//\t@Success\t\t200\t\t{object}\tCompletionList\n//\t@Router\t\t\t/lsp/completions [post]\n//\n//\t@id\t\t\t\tCompletions\nfunc Completions(logger *slog.Logger) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar req LspCompletionParams\n\t\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\t\treturn\n\t\t}\n\n\t\tservice := GetLSPService(logger)\n\t\tserver, err := service.Get(req.LanguageId, req.PathToProject)\n\t\tif err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\t\treturn\n\t\t}\n\t\tif !server.IsInitialized() {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"server not initialized\"))\n\t\t\treturn\n\t\t}\n\n\t\ttextDocument := TextDocumentIdentifier{\n\t\t\tURI: req.Uri,\n\t\t}\n\n\t\tcompletionParams := CompletionParams{\n\t\t\tTextDocument: textDocument,\n\t\t\tPosition: req.Position,\n\t\t\tContext: req.Context,\n\t\t}\n\n\t\tlist, err := server.HandleCompletions(c.Request.Context(), completionParams)\n\t\tif err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\t\treturn\n\t\t}\n\n\t\tc.JSON(http.StatusOK, list)\n\t}\n}\n\n// DocumentSymbols godoc\n//\n//\t@Summary\t\tGet document symbols\n//\t@Description\tGet symbols (functions, classes, etc.) from a document\n//\t@Tags\t\t\tlsp\n//\t@Produce\t\tjson\n//\t@Param\t\t\tlanguageId\t\tquery\tstring\ttrue\t\"Language ID (e.g., python, typescript)\"\n//\t@Param\t\t\tpathToProject\tquery\tstring\ttrue\t\"Path to project\"\n//\t@Param\t\t\turi\t\t\t\tquery\tstring\ttrue\t\"Document URI\"\n//\t@Success\t\t200\t\t\t\t{array}\tLspSymbol\n//\t@Router\t\t\t/lsp/document-symbols [get]\n//\n//\t@id\t\t\t\tDocumentSymbols\nfunc DocumentSymbols(logger *slog.Logger) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tlanguageId := c.Query(\"languageId\")\n\t\tif languageId == \"\" {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"languageId is required\"))\n\t\t\treturn\n\t\t}\n\n\t\tpathToProject := c.Query(\"pathToProject\")\n\t\tif pathToProject == \"\" {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"pathToProject is required\"))\n\t\t\treturn\n\t\t}\n\n\t\turi := c.Query(\"uri\")\n\t\tif uri == \"\" {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"uri is required\"))\n\t\t\treturn\n\t\t}\n\n\t\tservice := GetLSPService(logger)\n\t\tserver, err := service.Get(languageId, pathToProject)\n\t\tif err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\t\treturn\n\t\t}\n\t\tif !server.IsInitialized() {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"server not initialized\"))\n\t\t\treturn\n\t\t}\n\n\t\tsymbols, err := server.HandleDocumentSymbols(c.Request.Context(), uri)\n\t\tif err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\t\treturn\n\t\t}\n\n\t\tc.JSON(http.StatusOK, symbols)\n\t}\n}\n\n// WorkspaceSymbols godoc\n//\n//\t@Summary\t\tGet workspace symbols\n//\t@Description\tSearch for symbols across the entire workspace\n//\t@Tags\t\t\tlsp\n//\t@Produce\t\tjson\n//\t@Param\t\t\tquery\t\t\tquery\tstring\ttrue\t\"Search query\"\n//\t@Param\t\t\tlanguageId\t\tquery\tstring\ttrue\t\"Language ID (e.g., python, typescript)\"\n//\t@Param\t\t\tpathToProject\tquery\tstring\ttrue\t\"Path to project\"\n//\t@Success\t\t200\t\t\t\t{array}\tLspSymbol\n//\t@Router\t\t\t/lsp/workspacesymbols [get]\n//\n//\t@id\t\t\t\tWorkspaceSymbols\nfunc WorkspaceSymbols(logger *slog.Logger) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tquery := c.Query(\"query\")\n\t\tif query == \"\" {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"query is required\"))\n\t\t\treturn\n\t\t}\n\n\t\tlanguageId := c.Query(\"languageId\")\n\t\tif languageId == \"\" {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"languageId is required\"))\n\t\t\treturn\n\t\t}\n\n\t\tpathToProject := c.Query(\"pathToProject\")\n\t\tif pathToProject == \"\" {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"pathToProject is required\"))\n\t\t\treturn\n\t\t}\n\n\t\tservice := GetLSPService(logger)\n\t\tserver, err := service.Get(languageId, pathToProject)\n\t\tif err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\t\treturn\n\t\t}\n\t\tif !server.IsInitialized() {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"server not initialized\"))\n\t\t\treturn\n\t\t}\n\n\t\tsymbols, err := server.HandleWorkspaceSymbols(c.Request.Context(), query)\n\t\tif err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, err)\n\t\t\treturn\n\t\t}\n\n\t\tc.JSON(http.StatusOK, symbols)\n\t}\n}\n" }, { "path": "apps/daemon/pkg/toolbox/lsp/python_lsp.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage lsp\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"os\"\n\t\"os/exec\"\n\n\t\"github.com/sourcegraph/jsonrpc2\"\n)\n\ntype PythonLSPServer struct {\n\t*LSPServerAbstract\n}\n\nfunc (s *PythonLSPServer) Initialize(pathToProject string) error {\n\tctx := context.Background()\n\n\tcmd := exec.Command(\"pylsp\")\n\n\tstream, err := NewStdioStream(cmd)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to create stdio stream: %w\", err)\n\t}\n\n\tif err := cmd.Start(); err != nil {\n\t\treturn fmt.Errorf(\"failed to start Python LSP server: %w\", err)\n\t}\n\n\thandler := jsonrpc2.HandlerWithError(func(ctx context.Context, conn *jsonrpc2.Conn, req *jsonrpc2.Request) (interface{}, error) {\n\t\ts.logger.Debug(\"Received request\", \"method\", req.Method)\n\t\tif req.Params != nil {\n\t\t\ts.logger.Debug(\"Request params\", \"params\", req.Params)\n\t\t}\n\t\treturn nil, nil\n\t})\n\n\tconn := jsonrpc2.NewConn(ctx, jsonrpc2.NewBufferedStream(stream, jsonrpc2.VSCodeObjectCodec{}), handler)\n\n\tclient := &Client{conn: conn}\n\n\tparams := InitializeParams{\n\t\tProcessID: os.Getpid(),\n\t\tClientInfo: ClientInfo{\n\t\t\tName: \"datyona-python-lsp-client\",\n\t\t\tVersion: \"0.0.1\",\n\t\t},\n\t\tRootURI: \"file://\" + pathToProject,\n\t\tCapabilities: ClientCapabilities{\n\t\t\tTextDocument: TextDocumentClientCapabilities{\n\t\t\t\tCompletion: CompletionClientCapabilities{\n\t\t\t\t\tDynamicRegistration: true,\n\t\t\t\t\tCompletionItem: CompletionItemCapabilities{\n\t\t\t\t\t\tSnippetSupport: true,\n\t\t\t\t\t\tCommitCharactersSupport: true,\n\t\t\t\t\t\tDocumentationFormat: []string{\"markdown\", \"plaintext\"},\n\t\t\t\t\t\tDeprecatedSupport: true,\n\t\t\t\t\t\tPreselectSupport: true,\n\t\t\t\t\t},\n\t\t\t\t\tContextSupport: true,\n\t\t\t\t},\n\t\t\t\tDocumentSymbol: DocumentSymbolClientCapabilities{\n\t\t\t\t\tDynamicRegistration: true,\n\t\t\t\t\tSymbolKind: SymbolKindInfo{\n\t\t\t\t\t\tValueSet: []int{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tWorkspace: WorkspaceClientCapabilities{\n\t\t\t\tSymbol: WorkspaceSymbolClientCapabilities{\n\t\t\t\t\tDynamicRegistration: true,\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t}\n\n\tif err := client.Initialize(ctx, params); err != nil {\n\t\tconn.Close()\n\t\tkillerr := cmd.Process.Kill()\n\t\tif killerr != nil {\n\t\t\treturn fmt.Errorf(\"failed to initialize Python LSP connection: %w, failed to kill process: %w\", err, killerr)\n\t\t}\n\t\treturn fmt.Errorf(\"failed to initialize Python LSP connection: %w\", err)\n\t}\n\n\ts.client = client\n\ts.initialized = true\n\n\treturn nil\n}\n\nfunc (s *PythonLSPServer) Shutdown() error {\n\terr := s.client.Shutdown(context.Background())\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to shutdown Python LSP server: %w\", err)\n\t}\n\ts.initialized = false\n\treturn nil\n}\n\nfunc NewPythonLSPServer(logger *slog.Logger) *PythonLSPServer {\n\treturn &PythonLSPServer{\n\t\tLSPServerAbstract: &LSPServerAbstract{\n\t\t\tlanguageId: \"python\",\n\t\t\tlogger: logger.With(slog.String(\"component\", \"python_lsp_server\")),\n\t\t},\n\t}\n}\n" }, { "path": "apps/daemon/pkg/toolbox/lsp/server.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage lsp\n\nimport (\n\t\"context\"\n\t\"log/slog\"\n)\n\ntype LSPServer interface {\n\tInitialize(pathToProject string) error\n\tIsInitialized() bool\n\tShutdown() error\n\n\tHandleDidOpen(ctx context.Context, uri string) error\n\tHandleDidClose(ctx context.Context, uri string) error\n\tHandleCompletions(ctx context.Context, params CompletionParams) (*CompletionList, error)\n\tHandleDocumentSymbols(ctx context.Context, uri string) ([]LspSymbol, error)\n\tHandleWorkspaceSymbols(ctx context.Context, query string) ([]LspSymbol, error)\n}\n\ntype LSPServerAbstract struct {\n\tclient *Client\n\n\tlogger *slog.Logger\n\n\tlanguageId string\n\tinitialized bool\n}\n\n// Add new request types\ntype WorkspaceSymbolRequest struct {\n\tQuery string `json:\"query\"`\n}\n\nfunc (s *LSPServerAbstract) IsInitialized() bool {\n\treturn s.initialized\n}\n\nfunc (s *LSPServerAbstract) HandleDidOpen(ctx context.Context, uri string) error {\n\tif err := s.client.DidOpen(ctx, uri, s.languageId); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (s *LSPServerAbstract) HandleDidClose(ctx context.Context, uri string) error {\n\tif err := s.client.NotifyDidClose(ctx, uri); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (s *LSPServerAbstract) HandleCompletions(ctx context.Context, params CompletionParams) (*CompletionList, error) {\n\tcompletions, err := s.client.GetCompletion(\n\t\tctx,\n\t\tparams.TextDocument.URI,\n\t\tparams.Position,\n\t\tparams.Context,\n\t)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn completions, nil\n}\n\nfunc (s *LSPServerAbstract) HandleDocumentSymbols(ctx context.Context, uri string) ([]LspSymbol, error) {\n\tsymbols, err := s.client.GetDocumentSymbols(ctx, uri)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn symbols, nil\n}\n\nfunc (s *LSPServerAbstract) HandleWorkspaceSymbols(ctx context.Context, query string) ([]LspSymbol, error) {\n\tsymbols, err := s.client.GetWorkspaceSymbols(ctx, query)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn symbols, nil\n}\n" }, { "path": "apps/daemon/pkg/toolbox/lsp/service.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage lsp\n\nimport (\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"sync\"\n)\n\ntype LSPService struct {\n\tlogger *slog.Logger\n\tservers map[string]LSPServer\n}\n\nvar (\n\tinstance *LSPService\n\tonce sync.Once\n)\n\nfunc GetLSPService(logger *slog.Logger) *LSPService {\n\tonce.Do(func() {\n\t\tinstance = &LSPService{\n\t\t\tlogger: logger,\n\t\t\tservers: make(map[string]LSPServer),\n\t\t}\n\t})\n\treturn instance\n}\n\nfunc (s *LSPService) Get(languageId string, pathToProject string) (LSPServer, error) {\n\tkey := generateKey(languageId, pathToProject)\n\n\tif server, ok := s.servers[key]; ok {\n\t\treturn server, nil\n\t}\n\n\tswitch languageId {\n\tcase \"typescript\":\n\t\tserver := NewTypeScriptLSPServer(s.logger)\n\t\ts.servers[key] = server\n\t\treturn server, nil\n\tcase \"python\":\n\t\tserver := NewPythonLSPServer(s.logger)\n\t\ts.servers[key] = server\n\t\treturn server, nil\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported language: %s\", languageId)\n\t}\n}\n\nfunc (s *LSPService) Start(languageId string, pathToProject string) error {\n\tkey := generateKey(languageId, pathToProject)\n\n\tserver, ok := s.servers[key]\n\tif ok {\n\t\tif server.IsInitialized() {\n\t\t\treturn nil\n\t\t}\n\t} else {\n\t\tnewServer := NewTypeScriptLSPServer(s.logger)\n\t\ts.servers[key] = newServer\n\t\tserver = newServer\n\t}\n\n\terr := server.Initialize(pathToProject)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to create TypeScript LSP server: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (s *LSPService) Shutdown(languageId string, pathToProject string) error {\n\tkey := generateKey(languageId, pathToProject)\n\n\tserver, ok := s.servers[key]\n\tif !ok {\n\t\treturn fmt.Errorf(\"no server for language: %s\", languageId)\n\t}\n\terr := server.Shutdown()\n\tdelete(s.servers, key)\n\treturn err\n}\n\nfunc generateKey(languageId, pathToProject string) string {\n\tdata := fmt.Sprintf(\"%s:%s\", languageId, pathToProject)\n\treturn base64.StdEncoding.EncodeToString([]byte(data))\n}\n" }, { "path": "apps/daemon/pkg/toolbox/lsp/types.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage lsp\n\ntype LspServerRequest struct {\n\tLanguageId string `json:\"languageId\" validate:\"required\"`\n\tPathToProject string `json:\"pathToProject\" validate:\"required\"`\n} // @name LspServerRequest\n\ntype LspDocumentRequest struct {\n\tLanguageId string `json:\"languageId\" validate:\"required\"`\n\tPathToProject string `json:\"pathToProject\" validate:\"required\"`\n\tUri string `json:\"uri\" validate:\"required\"`\n} // @name LspDocumentRequest\n\ntype LspCompletionParams struct {\n\tLanguageId string `json:\"languageId\" validate:\"required\"`\n\tPathToProject string `json:\"pathToProject\" validate:\"required\"`\n\tUri string `json:\"uri\" validate:\"required\"`\n\tPosition LspPosition `json:\"position\" validate:\"required\"`\n\tContext *CompletionContext `json:\"context,omitempty\" validate:\"optional\"`\n} // @name LspCompletionParams\n" }, { "path": "apps/daemon/pkg/toolbox/lsp/typescript_lsp.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage lsp\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"os\"\n\t\"os/exec\"\n\n\t\"github.com/sourcegraph/jsonrpc2\"\n)\n\ntype TypescriptLSPServer struct {\n\t*LSPServerAbstract\n}\n\nfunc (s *TypescriptLSPServer) Initialize(pathToProject string) error {\n\tctx := context.Background()\n\n\tcmd := exec.Command(\"typescript-language-server\", \"--stdio\")\n\n\tstream, err := NewStdioStream(cmd)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to create stdio stream: %w\", err)\n\t}\n\n\tif err := cmd.Start(); err != nil {\n\t\treturn fmt.Errorf(\"failed to start LSP server: %w\", err)\n\t}\n\n\thandler := jsonrpc2.HandlerWithError(func(ctx context.Context, conn *jsonrpc2.Conn, req *jsonrpc2.Request) (interface{}, error) {\n\t\ts.logger.Debug(\"Received request\", \"method\", req.Method)\n\t\tif req.Params != nil {\n\t\t\ts.logger.Debug(\"Request params\", \"params\", req.Params)\n\t\t}\n\t\treturn nil, nil\n\t})\n\n\tconn := jsonrpc2.NewConn(ctx, jsonrpc2.NewBufferedStream(stream, jsonrpc2.VSCodeObjectCodec{}), handler)\n\n\tclient := &Client{conn: conn}\n\n\tparams := InitializeParams{\n\t\tProcessID: os.Getpid(),\n\t\tClientInfo: ClientInfo{\n\t\t\tName: \"datyona-typescript-lsp-client\",\n\t\t\tVersion: \"0.0.1\",\n\t\t},\n\t\tRootURI: \"file://\" + pathToProject,\n\t\tCapabilities: ClientCapabilities{\n\t\t\tTextDocument: TextDocumentClientCapabilities{\n\t\t\t\tCompletion: CompletionClientCapabilities{\n\t\t\t\t\tDynamicRegistration: true,\n\t\t\t\t\tCompletionItem: CompletionItemCapabilities{\n\t\t\t\t\t\tSnippetSupport: true,\n\t\t\t\t\t\tCommitCharactersSupport: true,\n\t\t\t\t\t\tDocumentationFormat: []string{\"markdown\", \"plaintext\"},\n\t\t\t\t\t\tDeprecatedSupport: true,\n\t\t\t\t\t\tPreselectSupport: true,\n\t\t\t\t\t},\n\t\t\t\t\tContextSupport: true,\n\t\t\t\t},\n\t\t\t\tDocumentSymbol: DocumentSymbolClientCapabilities{\n\t\t\t\t\tDynamicRegistration: true,\n\t\t\t\t\tSymbolKind: SymbolKindInfo{\n\t\t\t\t\t\tValueSet: []int{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tWorkspace: WorkspaceClientCapabilities{\n\t\t\t\tSymbol: WorkspaceSymbolClientCapabilities{\n\t\t\t\t\tDynamicRegistration: true,\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t}\n\n\tif err := client.Initialize(ctx, params); err != nil {\n\t\tconn.Close()\n\t\tkillerr := cmd.Process.Kill()\n\t\tif killerr != nil {\n\t\t\treturn fmt.Errorf(\"failed to initialize Typescript LSP connection: %w, failed to kill process: %w\", err, killerr)\n\t\t}\n\t\treturn fmt.Errorf(\"failed to initialize Typescript LSP connection: %w\", err)\n\t}\n\n\ts.client = client\n\ts.initialized = true\n\n\treturn nil\n}\n\nfunc (s *TypescriptLSPServer) Shutdown() error {\n\terr := s.client.Shutdown(context.Background())\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to shutdown Typescript LSP server: %w\", err)\n\t}\n\ts.initialized = false\n\treturn nil\n}\n\nfunc NewTypeScriptLSPServer(logger *slog.Logger) *TypescriptLSPServer {\n\treturn &TypescriptLSPServer{\n\t\tLSPServerAbstract: &LSPServerAbstract{\n\t\t\tlanguageId: \"typescript\",\n\t\t\tlogger: logger.With(slog.String(\"component\", \"typescript_lsp_server\")),\n\t\t},\n\t}\n}\n" }, { "path": "apps/daemon/pkg/toolbox/middlewares/error.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage middlewares\n\nimport (\n\t\"net/http\"\n\t\"time\"\n\n\t\"github.com/daytonaio/daemon/pkg/common\"\n\t\"github.com/gin-gonic/gin\"\n)\n\nfunc ErrorMiddleware() gin.HandlerFunc {\n\treturn func(ctx *gin.Context) {\n\t\tctx.Next()\n\n\t\tif len(ctx.Errors) > 0 {\n\t\t\terr := ctx.Errors.Last()\n\t\t\tstatusCode := ctx.Writer.Status()\n\n\t\t\terrorResponse := common.ErrorResponse{\n\t\t\t\tStatusCode: statusCode,\n\t\t\t\tMessage: err.Error(),\n\t\t\t\tCode: http.StatusText(statusCode),\n\t\t\t\tTimestamp: time.Now(),\n\t\t\t\tPath: ctx.Request.URL.Path,\n\t\t\t\tMethod: ctx.Request.Method,\n\t\t\t}\n\n\t\t\tctx.Header(\"Content-Type\", \"application/json\")\n\t\t\tctx.AbortWithStatusJSON(statusCode, errorResponse)\n\t\t}\n\t}\n}\n" }, { "path": "apps/daemon/pkg/toolbox/port/detector.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage port\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"net\"\n\t\"net/http\"\n\t\"strconv\"\n\t\"time\"\n\n\t\"github.com/cakturk/go-netstat/netstat\"\n\t\"github.com/gin-gonic/gin\"\n\tcmap \"github.com/orcaman/concurrent-map/v2\"\n)\n\ntype portsDetector struct {\n\tportMap cmap.ConcurrentMap[string, bool]\n}\n\nfunc NewPortsDetector() *portsDetector {\n\treturn &portsDetector{\n\t\tportMap: cmap.New[bool](),\n\t}\n}\n\nfunc (d *portsDetector) Start(ctx context.Context) {\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn\n\t\tdefault:\n\t\t\ttime.Sleep(1 * time.Second)\n\t\t\t// get only listening TCP sockets\n\t\t\ttabs, err := netstat.TCPSocks(func(s *netstat.SockTabEntry) bool {\n\t\t\t\treturn s.State == netstat.Listen\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tfreshMap := map[string]bool{}\n\t\t\tfor _, e := range tabs {\n\t\t\t\ts := strconv.Itoa(int(e.LocalAddr.Port))\n\t\t\t\tfreshMap[s] = true\n\t\t\t\td.portMap.Set(s, true)\n\t\t\t}\n\n\t\t\tfor _, port := range d.portMap.Keys() {\n\t\t\t\tif !freshMap[port] {\n\t\t\t\t\td.portMap.Remove(port)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n}\n\n// GetPorts godoc\n//\n//\t@Summary\t\tGet active ports\n//\t@Description\tGet a list of all currently active ports\n//\t@Tags\t\t\tport\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tPortList\n//\t@Router\t\t\t/port [get]\n//\n//\t@id\t\t\t\tGetPorts\nfunc (d *portsDetector) GetPorts(c *gin.Context) {\n\tports := PortList{\n\t\tPorts: []uint{},\n\t}\n\n\tfor _, port := range d.portMap.Keys() {\n\t\tportInt, err := strconv.Atoi(port)\n\t\tif err != nil {\n\t\t\tcontinue\n\t\t}\n\t\tports.Ports = append(ports.Ports, uint(portInt))\n\t}\n\n\tc.JSON(http.StatusOK, ports)\n}\n\n// IsPortInUse godoc\n//\n//\t@Summary\t\tCheck if port is in use\n//\t@Description\tCheck if a specific port is currently in use\n//\t@Tags\t\t\tport\n//\t@Produce\t\tjson\n//\t@Param\t\t\tport\tpath\t\tint\ttrue\t\"Port number (3000-9999)\"\n//\t@Success\t\t200\t\t{object}\tIsPortInUseResponse\n//\t@Router\t\t\t/port/{port}/in-use [get]\n//\n//\t@id\t\t\t\tIsPortInUse\nfunc (d *portsDetector) IsPortInUse(c *gin.Context) {\n\tportParam := c.Param(\"port\")\n\n\tport, err := strconv.Atoi(portParam)\n\tif err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"invalid port: must be a number between 3000 and 9999\"))\n\t\treturn\n\t}\n\n\tif port < 3000 || port > 9999 {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"port out of range: must be between 3000 and 9999\"))\n\t\treturn\n\t}\n\n\tportStr := strconv.Itoa(port)\n\n\tif d.portMap.Has(portStr) {\n\t\tc.JSON(http.StatusOK, IsPortInUseResponse{\n\t\t\tIsInUse: true,\n\t\t})\n\t} else {\n\t\t// If the port is not in the map, we check synchronously if it's in use and update the map\n\t\t_, err := net.DialTimeout(\"tcp\", fmt.Sprintf(\"localhost:%d\", port), 50*time.Millisecond)\n\t\tif err != nil {\n\t\t\tc.JSON(http.StatusOK, IsPortInUseResponse{\n\t\t\t\tIsInUse: false,\n\t\t\t})\n\t\t} else {\n\t\t\td.portMap.Set(portStr, true)\n\t\t\tc.JSON(http.StatusOK, IsPortInUseResponse{\n\t\t\t\tIsInUse: true,\n\t\t\t})\n\t\t}\n\t}\n\n}\n" }, { "path": "apps/daemon/pkg/toolbox/port/types.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage port\n\ntype PortList struct {\n\tPorts []uint `json:\"ports\"`\n} // @name PortList\n\ntype IsPortInUseResponse struct {\n\tIsInUse bool `json:\"isInUse\"`\n} // @name IsPortInUseResponse\n" }, { "path": "apps/daemon/pkg/toolbox/process/execute.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage process\n\nimport (\n\t\"bytes\"\n\t\"errors\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"os/exec\"\n\t\"time\"\n\n\t\"github.com/gin-gonic/gin\"\n)\n\n// ExecuteCommand godoc\n//\n//\t@Summary\t\tExecute a command\n//\t@Description\tExecute a shell command and return the output and exit code\n//\t@Tags\t\t\tprocess\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tExecuteRequest\ttrue\t\"Command execution request\"\n//\t@Success\t\t200\t\t{object}\tExecuteResponse\n//\t@Router\t\t\t/process/execute [post]\n//\n//\t@id\t\t\t\tExecuteCommand\nfunc ExecuteCommand(logger *slog.Logger) gin.HandlerFunc {\n\treturn func(c *gin.Context) {\n\t\tvar request ExecuteRequest\n\t\tif err := c.ShouldBindJSON(&request); err != nil {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"command is required\"))\n\t\t\treturn\n\t\t}\n\n\t\tcmdParts := parseCommand(request.Command)\n\t\tif len(cmdParts) == 0 {\n\t\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"empty command\"))\n\t\t\treturn\n\t\t}\n\n\t\tcmd := exec.Command(cmdParts[0], cmdParts[1:]...)\n\t\tif request.Cwd != nil {\n\t\t\tcmd.Dir = *request.Cwd\n\t\t}\n\n\t\t// set maximum execution time\n\t\ttimeout := 360 * time.Second\n\t\tif request.Timeout != nil && *request.Timeout > 0 {\n\t\t\ttimeout = time.Duration(*request.Timeout) * time.Second\n\t\t}\n\n\t\ttimeoutReached := false\n\t\ttimer := time.AfterFunc(timeout, func() {\n\t\t\ttimeoutReached = true\n\t\t\tif cmd.Process != nil {\n\t\t\t\t// kill the process group\n\t\t\t\terr := cmd.Process.Kill()\n\t\t\t\tif err != nil {\n\t\t\t\t\tlogger.Error(\"failed to kill process\", \"error\", err)\n\t\t\t\t\treturn\n\t\t\t\t}\n\t\t\t}\n\t\t})\n\t\tdefer timer.Stop()\n\n\t\toutput, err := cmd.CombinedOutput()\n\t\tif err != nil {\n\t\t\tif timeoutReached {\n\t\t\t\tc.AbortWithError(http.StatusRequestTimeout, errors.New(\"command execution timeout\"))\n\t\t\t\treturn\n\t\t\t}\n\t\t\tif exitError, ok := err.(*exec.ExitError); ok {\n\t\t\t\texitCode := exitError.ExitCode()\n\t\t\t\tc.JSON(http.StatusOK, ExecuteResponse{\n\t\t\t\t\tExitCode: exitCode,\n\t\t\t\t\tResult: string(output),\n\t\t\t\t})\n\t\t\t\treturn\n\t\t\t}\n\t\t\tc.JSON(http.StatusOK, ExecuteResponse{\n\t\t\t\tExitCode: -1,\n\t\t\t\tResult: string(output),\n\t\t\t})\n\t\t\treturn\n\t\t}\n\n\t\tif cmd.ProcessState == nil {\n\t\t\tc.JSON(http.StatusOK, ExecuteResponse{\n\t\t\t\tExitCode: -1,\n\t\t\t\tResult: string(output),\n\t\t\t})\n\t\t\treturn\n\t\t}\n\n\t\texitCode := cmd.ProcessState.ExitCode()\n\t\tc.JSON(http.StatusOK, ExecuteResponse{\n\t\t\tExitCode: exitCode,\n\t\t\tResult: string(output),\n\t\t})\n\t}\n}\n\n// parseCommand splits a command string properly handling quotes\nfunc parseCommand(command string) []string {\n\tvar args []string\n\tvar current bytes.Buffer\n\tvar inQuotes bool\n\tvar quoteChar rune\n\n\tfor _, r := range command {\n\t\tswitch {\n\t\tcase r == '\"' || r == '\\'':\n\t\t\tif !inQuotes {\n\t\t\t\tinQuotes = true\n\t\t\t\tquoteChar = r\n\t\t\t} else if quoteChar == r {\n\t\t\t\tinQuotes = false\n\t\t\t\tquoteChar = 0\n\t\t\t} else {\n\t\t\t\tcurrent.WriteRune(r)\n\t\t\t}\n\t\tcase r == ' ' && !inQuotes:\n\t\t\tif current.Len() > 0 {\n\t\t\t\targs = append(args, current.String())\n\t\t\t\tcurrent.Reset()\n\t\t\t}\n\t\tdefault:\n\t\t\tcurrent.WriteRune(r)\n\t\t}\n\t}\n\n\tif current.Len() > 0 {\n\t\targs = append(args, current.String())\n\t}\n\n\treturn args\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/interpreter/controller.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage interpreter\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"time\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n\t\"github.com/daytonaio/daemon/internal/util\"\n\t\"github.com/gin-gonic/gin\"\n\t\"github.com/gorilla/websocket\"\n)\n\nfunc NewInterpreterController(logger *slog.Logger, workDir string) *Controller {\n\tInitManager(workDir)\n\t// Pre-warm the default interpreter context to reduce latency on first request\n\tgo func() {\n\t\t_, err := GetOrCreateDefaultContext(logger)\n\t\tif err != nil {\n\t\t\tlogger.Debug(\"Failed to pre-create default interpreter context\", \"error\", err)\n\t\t}\n\t}()\n\treturn &Controller{logger: logger.With(slog.String(\"component\", \"interpreter_controller\")), workDir: workDir}\n}\n\n// CreateContext creates a new interpreter context\n//\n//\t@Summary\t\tCreate a new interpreter context\n//\t@Description\tCreates a new isolated interpreter context with optional working directory and language\n//\t@Tags\t\t\tinterpreter\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tCreateContextRequest\ttrue\t\"Context configuration\"\n//\t@Success\t\t200\t\t{object}\tInterpreterContext\n//\t@Failure\t\t400\t\t{object}\tmap[string]string\n//\t@Failure\t\t500\t\t{object}\tmap[string]string\n//\t@Router\t\t\t/process/interpreter/context [post]\n//\n//\t@id\t\t\t\tCreateInterpreterContext\nfunc (c *Controller) CreateContext(ctx *gin.Context) {\n\tvar req CreateContextRequest\n\terr := ctx.ShouldBindJSON(&req)\n\tif err != nil {\n\t\tctx.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request payload: %w\", err))\n\t\treturn\n\t}\n\n\tlanguage := LanguagePython\n\tif req.Language != nil {\n\t\tlanguage = *req.Language\n\t}\n\tif language != LanguagePython {\n\t\tctx.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"unsupported language: %s (only '%s' is supported currently)\", language, LanguagePython))\n\t\treturn\n\t}\n\n\tcwd := c.workDir\n\tif req.Cwd != nil {\n\t\tcwd = *req.Cwd\n\t}\n\n\tiCtx, err := CreateContext(c.logger, cwd, language)\n\tif err != nil {\n\t\tctx.AbortWithError(http.StatusInternalServerError, err)\n\t\treturn\n\t}\n\n\tinfo := iCtx.Info()\n\tctx.JSON(http.StatusOK, ContextInfo{\n\t\tID: info.ID,\n\t\tCwd: info.Cwd,\n\t\tCreatedAt: info.CreatedAt,\n\t\tActive: info.Active,\n\t\tLanguage: info.Language,\n\t})\n}\n\n// Execute executes code in an interpreter context via WebSocket\n//\n//\t@Summary\t\tExecute code in an interpreter context\n//\t@Description\tExecutes code in a specified context (or default context if not specified) via WebSocket streaming\n//\t@Tags\t\t\tinterpreter\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Router\t\t\t/process/interpreter/execute [get]\n//\t@Success\t\t101\t{string}\tstring\t\t\"Switching Protocols\"\n//\t@Header\t\t\t101\t{string}\tUpgrade\t\t\"websocket\"\n//\t@Header\t\t\t101\t{string}\tConnection\t\"Upgrade\"\n//\n//\t@id\t\t\t\tExecuteInterpreterCode\nfunc (c *Controller) Execute(ctx *gin.Context) {\n\t// Upgrade to WebSocket\n\tws, err := util.UpgradeToWebSocket(ctx.Writer, ctx.Request)\n\tif err != nil {\n\t\tctx.AbortWithStatus(http.StatusBadRequest)\n\t\treturn\n\t}\n\n\t_, payload, err := ws.ReadMessage()\n\tif err != nil {\n\t\twriteWSError(ws, \"failed to read first message\", websocket.CloseProtocolError)\n\t\treturn\n\t}\n\n\tvar req ExecuteRequest\n\terr = json.Unmarshal(payload, &req)\n\tif err != nil {\n\t\twriteWSError(ws, \"invalid JSON payload\", websocket.CloseProtocolError)\n\t\treturn\n\t}\n\n\tif req.Code == \"\" {\n\t\twriteWSError(ws, \"code is required\", websocket.ClosePolicyViolation)\n\t\treturn\n\t}\n\n\ttimeout := 10 * time.Minute\n\tif req.Timeout != nil {\n\t\tif *req.Timeout < 0 {\n\t\t\twriteWSError(ws, \"timeout must be greater than or equal to 0\", websocket.ClosePolicyViolation)\n\t\t\treturn\n\t\t}\n\t\tif *req.Timeout == 0 {\n\t\t\ttimeout = 0\n\t\t} else {\n\t\t\ttimeout = time.Duration(*req.Timeout) * time.Second\n\t\t}\n\t}\n\n\tvar iCtx *Context\n\n\tif req.ContextID == nil {\n\t\tiCtx, err = GetOrCreateDefaultContext(c.logger)\n\t\tif err != nil {\n\t\t\twriteWSError(ws, \"failed to get default context: \"+err.Error(), websocket.CloseInternalServerErr)\n\t\t\treturn\n\t\t}\n\t} else {\n\t\tiCtx, err = GetContext(*req.ContextID)\n\t\tif err != nil {\n\t\t\twriteWSError(ws, \"context not found: \"+*req.ContextID, websocket.ClosePolicyViolation)\n\t\t\treturn\n\t\t}\n\t}\n\n\tcontextInfo := iCtx.Info()\n\tif !contextInfo.Active {\n\t\twriteWSError(ws, \"context is not active\", websocket.ClosePolicyViolation)\n\t\treturn\n\t}\n\n\tvar envs map[string]string\n\tif req.Envs != nil {\n\t\tenvs = *req.Envs\n\t}\n\n\tgo iCtx.enqueueAndExecute(req.Code, envs, timeout, ws)\n}\n\n// writeWSError sends an error message to the WebSocket and closes the connection\nfunc writeWSError(ws *websocket.Conn, value string, closeCode int) {\n\tcloseMessage := websocket.FormatCloseMessage(closeCode, value)\n\t_ = ws.WriteControl(websocket.CloseMessage, closeMessage, time.Now().Add(writeWait))\n\t_ = ws.Close()\n}\n\n// DeleteContext deletes an interpreter context\n//\n//\t@Summary\t\tDelete an interpreter context\n//\t@Description\tDeletes an interpreter context and shuts down its worker process\n//\t@Tags\t\t\tinterpreter\n//\t@Produce\t\tjson\n//\t@Param\t\t\tid\tpath\t\tstring\ttrue\t\"Context ID\"\n//\t@Success\t\t200\t{object}\tmap[string]string\n//\t@Failure\t\t400\t{object}\tmap[string]string\n//\t@Failure\t\t404\t{object}\tmap[string]string\n//\t@Router\t\t\t/process/interpreter/context/{id} [delete]\n//\n//\t@id\t\t\t\tDeleteInterpreterContext\nfunc (c *Controller) DeleteContext(ctx *gin.Context) {\n\tid := ctx.Param(\"id\")\n\tif id == \"\" {\n\t\tctx.AbortWithError(http.StatusBadRequest, errors.New(\"context ID is required\"))\n\t\treturn\n\t}\n\n\tif id == \"default\" {\n\t\tctx.AbortWithError(http.StatusBadRequest, errors.New(\"cannot delete default context\"))\n\t\treturn\n\t}\n\n\terr := DeleteContext(id)\n\tif err != nil {\n\t\tif common_errors.IsNotFoundError(err) {\n\t\t\tctx.AbortWithError(http.StatusNotFound, err)\n\t\t\treturn\n\t\t}\n\t\tctx.AbortWithError(http.StatusInternalServerError, err)\n\t\treturn\n\t}\n\n\tctx.JSON(http.StatusOK, gin.H{\"message\": \"Context deleted successfully\"})\n}\n\n// ListContexts lists all user-created interpreter contexts (excludes default)\n//\n//\t@Summary\t\tList all user-created interpreter contexts\n//\t@Description\tReturns information about all user-created interpreter contexts (excludes default context)\n//\t@Tags\t\t\tinterpreter\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tListContextsResponse\n//\t@Router\t\t\t/process/interpreter/context [get]\n//\n//\t@id\t\t\t\tListInterpreterContexts\nfunc (c *Controller) ListContexts(ctx *gin.Context) {\n\tallContexts := ListContexts()\n\n\tuserContexts := make([]ContextInfo, 0, len(allContexts))\n\tfor _, context := range allContexts {\n\t\tif context.ID != \"default\" {\n\t\t\tuserContexts = append(userContexts, context)\n\t\t}\n\t}\n\n\tctx.JSON(http.StatusOK, ListContextsResponse{Contexts: userContexts})\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/interpreter/manager.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage interpreter\n\nimport (\n\t\"fmt\"\n\t\"log/slog\"\n\t\"sync\"\n\t\"time\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n\t\"github.com/google/uuid\"\n)\n\n// Manager manages multiple interpreter contexts\ntype Manager struct {\n\tcontexts map[string]*Context\n\tmu sync.RWMutex\n\tdefaultCwd string\n}\n\nvar globalManager *Manager\n\n// InitManager initializes the global context manager\nfunc InitManager(defaultCwd string) {\n\tglobalManager = &Manager{\n\t\tcontexts: make(map[string]*Context),\n\t\tdefaultCwd: defaultCwd,\n\t}\n}\n\n// CreateContext creates a new interpreter context\nfunc (m *Manager) CreateContext(logger *slog.Logger, id, cwd, language string) (*Context, error) {\n\tm.mu.Lock()\n\tdefer m.mu.Unlock()\n\n\tif _, exists := m.contexts[id]; exists {\n\t\treturn nil, fmt.Errorf(\"context with ID '%s' already exists\", id)\n\t}\n\n\tif language != \"\" && language != LanguagePython {\n\t\treturn nil, fmt.Errorf(\"unsupported language: %s (only '%s' is supported)\", language, LanguagePython)\n\t}\n\tif language == \"\" {\n\t\tlanguage = LanguagePython\n\t}\n\n\tif cwd == \"\" {\n\t\tcwd = m.defaultCwd\n\t}\n\n\tiCtx := &Context{\n\t\tinfo: ContextInfo{\n\t\t\tID: id,\n\t\t\tCwd: cwd,\n\t\t\tCreatedAt: time.Now(),\n\t\t\tActive: false,\n\t\t\tLanguage: language,\n\t\t},\n\t\tlogger: logger.With(slog.String(\"context_id\", id)),\n\t}\n\n\terr := iCtx.start()\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to start context: %w\", err)\n\t}\n\n\tm.contexts[id] = iCtx\n\treturn iCtx, nil\n}\n\n// GetContext retrieves an existing context by ID\nfunc (m *Manager) GetContext(id string) (*Context, error) {\n\tm.mu.RLock()\n\tiCtx, exists := m.contexts[id]\n\tm.mu.RUnlock()\n\n\tif !exists {\n\t\treturn nil, fmt.Errorf(\"context with ID '%s' not found\", id)\n\t}\n\n\tinfo := iCtx.Info()\n\tif !info.Active {\n\t\terr := iCtx.start()\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to restart context '%s': %w\", id, err)\n\t\t}\n\t}\n\n\treturn iCtx, nil\n}\n\n// GetOrCreateDefaultContext gets or creates the default context\nfunc (m *Manager) GetOrCreateDefaultContext(logger *slog.Logger) (*Context, error) {\n\tm.mu.RLock()\n\tiCtx, exists := m.contexts[\"default\"]\n\tm.mu.RUnlock()\n\n\tif exists {\n\t\tinfo := iCtx.Info()\n\t\tif !info.Active {\n\t\t\terr := iCtx.start()\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to restart default context: %w\", err)\n\t\t\t}\n\t\t}\n\t\treturn iCtx, nil\n\t}\n\n\treturn m.CreateContext(logger, \"default\", m.defaultCwd, LanguagePython)\n}\n\n// DeleteContext removes a context and shuts it down\nfunc (m *Manager) DeleteContext(id string) error {\n\tm.mu.Lock()\n\tdefer m.mu.Unlock()\n\n\tiCtx, exists := m.contexts[id]\n\tif !exists {\n\t\treturn common_errors.NewNotFoundError(fmt.Errorf(\"context with ID '%s' not found\", id))\n\t}\n\n\tiCtx.shutdown()\n\tdelete(m.contexts, id)\n\treturn nil\n}\n\n// ListContexts returns information about all contexts\nfunc (m *Manager) ListContexts() []ContextInfo {\n\tm.mu.RLock()\n\tdefer m.mu.RUnlock()\n\n\tcontexts := make([]ContextInfo, 0, len(m.contexts))\n\tfor _, iCtx := range m.contexts {\n\t\tcontexts = append(contexts, iCtx.Info())\n\t}\n\treturn contexts\n}\n\n// Global convenience functions\n\n// CreateContext creates a new context using the global manager\nfunc CreateContext(logger *slog.Logger, cwd, language string) (*Context, error) {\n\tif globalManager == nil {\n\t\treturn nil, fmt.Errorf(\"context manager not initialized\")\n\t}\n\tid := uuid.NewString()\n\treturn globalManager.CreateContext(logger, id, cwd, language)\n}\n\n// GetContext gets a context by ID using the global manager\nfunc GetContext(id string) (*Context, error) {\n\tif globalManager == nil {\n\t\treturn nil, fmt.Errorf(\"context manager not initialized\")\n\t}\n\treturn globalManager.GetContext(id)\n}\n\n// GetOrCreateDefaultContext gets or creates the default context\nfunc GetOrCreateDefaultContext(logger *slog.Logger) (*Context, error) {\n\tif globalManager == nil {\n\t\treturn nil, fmt.Errorf(\"context manager not initialized\")\n\t}\n\treturn globalManager.GetOrCreateDefaultContext(logger)\n}\n\n// DeleteContext deletes a context using the global manager\nfunc DeleteContext(id string) error {\n\tif globalManager == nil {\n\t\treturn fmt.Errorf(\"context manager not initialized\")\n\t}\n\treturn globalManager.DeleteContext(id)\n}\n\n// ListContexts lists all contexts using the global manager\nfunc ListContexts() []ContextInfo {\n\tif globalManager == nil {\n\t\treturn []ContextInfo{}\n\t}\n\treturn globalManager.ListContexts()\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/interpreter/repl_client.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage interpreter\n\nimport (\n\t\"bufio\"\n\t\"context\"\n\t_ \"embed\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"os/exec\"\n\t\"path/filepath\"\n\t\"syscall\"\n\t\"time\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n\t\"github.com/google/uuid\"\n\t\"github.com/gorilla/websocket\"\n)\n\n//go:embed repl_worker.py\nvar pythonWorkerScript string\n\n// Info returns the current context information\nfunc (c *Context) Info() ContextInfo {\n\tc.mu.Lock()\n\tdefer c.mu.Unlock()\n\treturn c.info\n}\n\n// enqueueAndExecute enqueues a job and processes jobs FIFO ensuring single execution at a time\nfunc (c *Context) enqueueAndExecute(code string, envs map[string]string, timeout time.Duration, ws *websocket.Conn) {\n\tc.mu.Lock()\n\tif c.queue == nil {\n\t\tc.queue = make(chan execJob, 128)\n\t\tgo c.processQueue()\n\t}\n\tc.mu.Unlock()\n\n\tjob := execJob{code: code, envs: envs, timeout: timeout, ws: ws}\n\tc.queue <- job\n}\n\nfunc (c *Context) processQueue() {\n\tfor job := range c.queue {\n\t\tif job.ws != nil {\n\t\t\tgo c.attachWebSocket(job.ws)\n\t\t}\n\n\t\tresult, err := c.executeCode(job.code, job.envs, job.timeout)\n\n\t\tif err != nil && common_errors.IsRequestTimeoutError(err) || result.Status == CommandStatusTimeout {\n\t\t\tc.closeClient(WebSocketCloseTimeout, \"\")\n\t\t} else {\n\t\t\tc.closeClient(websocket.CloseNormalClosure, \"\")\n\t\t}\n\t}\n}\n\n// closeClient closes the WebSocket client with specified close code\nfunc (c *Context) closeClient(code int, message string) {\n\tc.mu.Lock()\n\tdefer c.mu.Unlock()\n\n\tif c.client == nil {\n\t\treturn\n\t}\n\n\tc.client.requestClose(code, message)\n\tc.client = nil\n}\n\n// executeCode executes code in the interpreter context\nfunc (c *Context) executeCode(code string, envs map[string]string, timeout time.Duration) (*CommandExecution, error) {\n\tcmdID := uuid.NewString()\n\texecution := &CommandExecution{\n\t\tID: cmdID,\n\t\tCode: code,\n\t\tStatus: CommandStatusRunning,\n\t\tStartedAt: time.Now(),\n\t}\n\n\tc.commandMu.Lock()\n\tc.activeCommand = execution\n\tc.commandMu.Unlock()\n\n\tworkerCmd := WorkerCommand{ID: cmdID, Code: code, Envs: envs}\n\terr := c.sendCommand(workerCmd)\n\tif err != nil {\n\t\texecution.Status = CommandStatusError\n\t\tnow := time.Now()\n\t\texecution.EndedAt = &now\n\t\texecution.Error = &Error{Name: \"CommunicationError\", Value: err.Error()}\n\t\treturn execution, err\n\t}\n\n\tresultChan := make(chan bool, 1)\n\tgo func() {\n\t\tfor {\n\t\t\ttime.Sleep(50 * time.Millisecond)\n\t\t\tc.commandMu.Lock()\n\t\t\tif c.activeCommand == nil || c.activeCommand.Status != CommandStatusRunning {\n\t\t\t\tc.commandMu.Unlock()\n\t\t\t\tresultChan <- true\n\t\t\t\treturn\n\t\t\t}\n\t\t\tc.commandMu.Unlock()\n\t\t}\n\t}()\n\n\tvar timeoutC <-chan time.Time\n\tif timeout > 0 {\n\t\ttimer := time.NewTimer(timeout)\n\t\tdefer timer.Stop()\n\t\ttimeoutC = timer.C\n\t}\n\n\tselect {\n\tcase <-resultChan:\n\t\tc.commandMu.Lock()\n\t\tresult := c.activeCommand\n\t\tc.activeCommand = nil\n\t\tc.commandMu.Unlock()\n\t\treturn result, nil\n\n\tcase <-timeoutC:\n\t\tif c.cmd != nil && c.cmd.Process != nil {\n\t\t\t_ = c.cmd.Process.Signal(syscall.SIGINT)\n\t\t}\n\n\t\tgraceful := time.NewTimer(gracePeriod)\n\t\tdefer graceful.Stop()\n\n\t\tselect {\n\t\tcase <-resultChan:\n\t\t\tc.commandMu.Lock()\n\t\t\tresult := c.activeCommand\n\t\t\tc.activeCommand = nil\n\t\t\tc.commandMu.Unlock()\n\t\t\treturn result, nil\n\n\t\tcase <-graceful.C:\n\t\t\tif c.cmd != nil && c.cmd.Process != nil {\n\t\t\t\t_ = c.cmd.Process.Kill()\n\t\t\t}\n\n\t\t\tc.commandMu.Lock()\n\t\t\tif c.activeCommand != nil {\n\t\t\t\tc.activeCommand.Status = CommandStatusTimeout\n\t\t\t\tnow := time.Now()\n\t\t\t\tc.activeCommand.EndedAt = &now\n\t\t\t\tc.activeCommand.Error = &Error{\n\t\t\t\t\tName: \"TimeoutError\",\n\t\t\t\t\tValue: \"Execution timeout - code took too long to execute\",\n\t\t\t\t}\n\t\t\t\tresult := c.activeCommand\n\t\t\t\tc.activeCommand = nil\n\t\t\t\tc.commandMu.Unlock()\n\t\t\t\treturn result, common_errors.NewRequestTimeoutError(fmt.Errorf(\"execution timeout\"))\n\t\t\t}\n\t\t\tc.commandMu.Unlock()\n\t\t\treturn execution, common_errors.NewRequestTimeoutError(fmt.Errorf(\"execution timeout\"))\n\t\t}\n\t}\n}\n\n// start initializes and starts the Python worker process\nfunc (c *Context) start() error {\n\tc.mu.Lock()\n\tdefer c.mu.Unlock()\n\n\t// Already running?\n\tif c.info.Active && c.cmd != nil && c.stdin != nil {\n\t\treturn nil\n\t}\n\n\tctx, cancel := context.WithCancel(context.Background())\n\tc.ctx = ctx\n\tc.cancel = cancel\n\n\t// Create (or reuse) a single shared worker script file\n\ttempDir := os.TempDir()\n\tworkerPath := filepath.Join(tempDir, \"daytona_repl_worker.py\")\n\n\t// Check if worker file exists, if not create it\n\tif _, err := os.Stat(workerPath); os.IsNotExist(err) {\n\t\terr := os.WriteFile(workerPath, []byte(pythonWorkerScript), workerScriptPerms)\n\t\tif err != nil {\n\t\t\tcancel()\n\t\t\treturn fmt.Errorf(\"failed to create worker script: %w\", err)\n\t\t}\n\t}\n\n\tc.workerPath = workerPath\n\n\t// Start Python worker process\n\tpyCmd := detectPythonCommand()\n\tcmd := exec.CommandContext(ctx, pyCmd, workerPath)\n\tcmd.Dir = c.info.Cwd\n\tcmd.Env = os.Environ()\n\n\t// Get stdin/stdout pipes\n\tstdin, err := cmd.StdinPipe()\n\tif err != nil {\n\t\tcancel()\n\t\treturn fmt.Errorf(\"failed to create stdin pipe: %w\", err)\n\t}\n\n\tstdout, err := cmd.StdoutPipe()\n\tif err != nil {\n\t\tcancel()\n\t\tstdin.Close()\n\t\treturn fmt.Errorf(\"failed to create stdout pipe: %w\", err)\n\t}\n\n\tcmd.Stderr = os.Stderr\n\n\t// Start the process\n\terr = cmd.Start()\n\tif err != nil {\n\t\tcancel()\n\t\tstdin.Close()\n\t\tstdout.Close()\n\t\treturn fmt.Errorf(\"failed to start Python worker: %w\", err)\n\t}\n\n\tc.cmd = cmd\n\tc.stdin = stdin\n\tc.stdout = stdout\n\tc.info.Active = true\n\tc.done = make(chan struct{})\n\n\tc.logger.Debug(\"Started interpreter context\", \"contextId\", c.info.ID, \"pid\", c.cmd.Process.Pid)\n\n\t// Start reading worker output\n\tgo c.workerReadLoop()\n\n\t// Monitor process exit\n\tgo c.monitorProcess()\n\n\treturn nil\n}\n\n// detectPythonCommand attempts to find a working python interpreter\nfunc detectPythonCommand() string {\n\tcandidates := []string{\"python3\", \"python\"}\n\tfor _, c := range candidates {\n\t\tif _, err := exec.LookPath(c); err == nil {\n\t\t\treturn c\n\t\t}\n\t}\n\treturn \"python3\"\n}\n\n// sendCommand sends a command to the Python worker\nfunc (c *Context) sendCommand(cmd WorkerCommand) error {\n\tc.mu.Lock()\n\tstdin := c.stdin\n\tc.mu.Unlock()\n\n\tif stdin == nil {\n\t\treturn errors.New(\"worker stdin not available\")\n\t}\n\n\tdata, err := json.Marshal(cmd)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to marshal command: %w\", err)\n\t}\n\n\tdata = append(data, '\\n')\n\t_, err = stdin.Write(data)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to write command: %w\", err)\n\t}\n\n\treturn nil\n}\n\n// workerReadLoop reads messages from the Python worker\nfunc (c *Context) workerReadLoop() {\n\tscanner := bufio.NewScanner(c.stdout)\n\tscanner.Buffer(make([]byte, 64*1024), 1024*1024)\n\n\tfor scanner.Scan() {\n\t\tline := scanner.Text()\n\n\t\tvar chunk map[string]any\n\t\terr := json.Unmarshal([]byte(line), &chunk)\n\t\tif err != nil {\n\t\t\tc.logger.Error(\"Failed to parse worker chunk\", \"error\", err)\n\t\t\tcontinue\n\t\t}\n\t\tc.handleChunk(chunk)\n\t}\n\n\terr := scanner.Err()\n\tif err != nil {\n\t\tc.logger.Error(\"Error reading from worker\", \"error\", err)\n\t}\n}\n\n// handleChunk processes streaming chunks from the Python worker\nfunc (c *Context) handleChunk(chunk map[string]any) {\n\t// Extract all fields at the beginning\n\tchunkType := getStringFromChunk(chunk, \"type\")\n\ttext := getStringFromChunk(chunk, \"text\")\n\tname := getStringFromChunk(chunk, \"name\")\n\tvalue := getStringFromChunk(chunk, \"value\")\n\ttraceback := getStringFromChunk(chunk, \"traceback\")\n\n\t// Update internal command state for certain chunk types\n\tswitch chunkType {\n\tcase ChunkTypeError:\n\t\tc.commandMu.Lock()\n\t\tif c.activeCommand != nil {\n\t\t\tc.activeCommand.Status = CommandStatusError\n\t\t\tnow := time.Now()\n\t\t\tc.activeCommand.EndedAt = &now\n\t\t\tc.activeCommand.Error = &Error{\n\t\t\t\tName: name,\n\t\t\t\tValue: value,\n\t\t\t\tTraceback: traceback,\n\t\t\t}\n\t\t}\n\t\tc.commandMu.Unlock()\n\tcase ChunkTypeControl:\n\t\tc.commandMu.Lock()\n\t\tif c.activeCommand != nil {\n\t\t\tswitch text {\n\t\t\tcase ControlChunkTypeCompleted:\n\t\t\t\t// Only set to OK if no error occurred (status would be Error already)\n\t\t\t\tif c.activeCommand.Status == CommandStatusRunning {\n\t\t\t\t\tc.activeCommand.Status = CommandStatusOK\n\t\t\t\t}\n\t\t\t\tnow := time.Now()\n\t\t\t\tc.activeCommand.EndedAt = &now\n\t\t\tcase ControlChunkTypeInterrupted:\n\t\t\t\tc.activeCommand.Status = CommandStatusTimeout\n\t\t\t\tnow := time.Now()\n\t\t\t\tc.activeCommand.EndedAt = &now\n\t\t\t}\n\t\t}\n\t\tc.commandMu.Unlock()\n\t\treturn\n\t}\n\n\t// Stream to WebSocket client\n\tc.emitOutput(&OutputMessage{\n\t\tType: chunkType,\n\t\tText: text,\n\t\tName: name,\n\t\tValue: value,\n\t\tTraceback: traceback,\n\t})\n}\n\n// Helper functions\nfunc getStringFromChunk(chunk map[string]any, key string) string {\n\tif val, ok := chunk[key].(string); ok {\n\t\treturn val\n\t}\n\treturn \"\"\n}\n\n// monitorProcess monitors the worker process and cleans up on exit\nfunc (c *Context) monitorProcess() {\n\terr := c.cmd.Wait()\n\n\tc.mu.Lock()\n\tc.info.Active = false\n\tcontextID := c.info.ID\n\tdone := c.done\n\tc.mu.Unlock()\n\n\t// Notify waiters that the process has exited\n\tif done != nil {\n\t\tclose(done)\n\t}\n\n\tif err != nil {\n\t\tc.commandMu.Lock()\n\t\tif c.activeCommand != nil && c.activeCommand.Status == CommandStatusRunning {\n\t\t\tc.activeCommand.Status = CommandStatusError\n\t\t\tnow := time.Now()\n\t\t\tc.activeCommand.EndedAt = &now\n\t\t\tc.activeCommand.Error = &Error{\n\t\t\t\tName: \"WorkerProcessError\",\n\t\t\t\tValue: err.Error(),\n\t\t\t}\n\t\t}\n\t\tc.commandMu.Unlock()\n\t\tc.logger.Error(\"Interpreter context process exited with error\", \"contextId\", contextID, \"error\", err)\n\t} else {\n\t\tc.logger.Debug(\"Interpreter context process exited normally\", \"contextId\", contextID)\n\t}\n\n\t// Close WebSocket client if any\n\tc.closeClient(websocket.CloseGoingAway, \"worker process ended\")\n}\n\n// shutdown gracefully shuts down the worker\nfunc (c *Context) shutdown() {\n\tc.mu.Lock()\n\n\tif !c.info.Active {\n\t\tc.mu.Unlock()\n\t\treturn\n\t}\n\n\t// Get references while we have the lock\n\tcontextID := c.info.ID\n\tcancel := c.cancel\n\tcmd := c.cmd\n\tdone := c.done\n\tqueue := c.queue\n\tc.mu.Unlock()\n\n\t// Close the queue to exit processQueue goroutine and prevent new jobs\n\tif queue != nil {\n\t\tclose(queue)\n\t\tc.queue = nil\n\t}\n\n\t// Send SIGTERM to trigger immediate graceful shutdown (not queued)\n\tif cmd != nil && cmd.Process != nil {\n\t\t_ = cmd.Process.Signal(syscall.SIGTERM)\n\t}\n\n\t// Wait for process to exit (monitorProcess will close the done channel)\n\tif done != nil {\n\t\tselect {\n\t\tcase <-done:\n\t\t\t// Process exited gracefully\n\t\t\tc.logger.Debug(\"Interpreter context shut down gracefully\", \"contextId\", contextID)\n\t\tcase <-time.After(2 * time.Second):\n\t\t\t// Timeout - force kill\n\t\t\tc.logger.Debug(\"Interpreter context shutdown timeout, force killing\", \"contextId\", contextID)\n\t\t\tif cancel != nil {\n\t\t\t\tcancel()\n\t\t\t}\n\t\t\tif cmd != nil && cmd.Process != nil {\n\t\t\t\t_ = cmd.Process.Kill()\n\t\t\t}\n\t\t\t// Wait a bit more for kill to take effect\n\t\t\ttime.Sleep(100 * time.Millisecond)\n\t\t}\n\t}\n\n\t// Close WebSocket client\n\tc.closeClient(websocket.CloseGoingAway, \"context shutdown\")\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/interpreter/repl_worker.py", "content": "# Copyright 2025 Daytona Platforms Inc.\n# SPDX-License-Identifier: AGPL-3.0\n\n\"\"\"\nStateful Python REPL Worker for Daytona\n- JSON line protocol (stdout)\n- Persistent globals across exec calls\n- Clean user-only tracebacks\n- Graceful SIGINT\n\"\"\"\n\nimport io\nimport json\nimport os\nimport signal\nimport sys\nimport traceback\nfrom contextlib import redirect_stderr, redirect_stdout\n\n\nclass REPLWorker:\n def __init__(self):\n self.globals = {\n \"__name__\": \"__main__\",\n \"__doc__\": None,\n \"__package__\": None,\n \"__builtins__\": __builtins__,\n }\n self.should_shutdown = False\n self._setup_signals()\n\n # ---------- IO ----------\n def _emit(self, chunk: dict):\n try:\n json.dump(chunk, sys.__stdout__)\n sys.__stdout__.write(\"\\n\")\n sys.__stdout__.flush()\n except Exception as e:\n sys.__stderr__.write(f\"Failed to send chunk: {e}\\n\")\n\n class _StreamEmitter(io.TextIOBase):\n def __init__(self, worker: \"REPLWorker\", stream_type: str):\n self.worker = worker\n self.stream_type = stream_type\n self._buffer: list[str] = []\n\n def writable(self):\n return True\n\n def write(self, data): # type: ignore[override]\n if not data:\n return 0\n if not isinstance(data, str):\n data = str(data)\n self._buffer.append(data)\n if \"\\n\" in data or sum(len(chunk) for chunk in self._buffer) >= 1024:\n self.flush()\n return len(data)\n\n def flush(self): # type: ignore[override]\n if not self._buffer:\n return\n payload = \"\".join(self._buffer)\n self._buffer.clear()\n # pylint: disable=protected-access\n self.worker._emit({\"type\": self.stream_type, \"text\": payload})\n\n def isatty(self):\n return False\n\n @property\n def encoding(self):\n return \"utf-8\"\n\n def close(self): # type: ignore[override]\n self.flush()\n return super().close()\n\n # ---------- Signals ----------\n def _setup_signals(self):\n def sigint_handler(_signum, _frame):\n raise KeyboardInterrupt(\"Execution interrupted\")\n\n def sigterm_handler(_signum, _frame):\n self.should_shutdown = True\n raise KeyboardInterrupt(\"Shutting down\")\n\n signal.signal(signal.SIGINT, sigint_handler)\n signal.signal(signal.SIGTERM, sigterm_handler)\n\n # ---------- Tracebacks ----------\n def _clean_tb(self, etype, evalue, tb):\n frames = [f for f in traceback.extract_tb(tb) if f.filename == \"\"]\n if not frames:\n return f\"{etype.__name__}: {evalue}\\n\"\n parts = [\"Traceback (most recent call last):\\n\"]\n for f in frames:\n parts.append(f' File \"\", line {f.lineno}\\n')\n if f.line:\n parts.append(f\" {f.line}\\n\")\n parts.append(f\"{etype.__name__}: {evalue}\\n\")\n return \"\".join(parts)\n\n # ---------- Exec ----------\n def execute_code(self, code: str, envs=None) -> None:\n stdout_emitter = self._StreamEmitter(self, \"stdout\")\n stderr_emitter = self._StreamEmitter(self, \"stderr\")\n control_text, error_chunk = \"completed\", None\n env_snapshot = None\n\n if envs:\n env_snapshot = {}\n for key, value in envs.items():\n if not isinstance(key, str):\n key = str(key)\n previous = os.environ.get(key)\n env_snapshot[key] = previous\n\n if value is None:\n os.environ.pop(key, None)\n else:\n os.environ[key] = str(value)\n\n try:\n with redirect_stdout(stdout_emitter), redirect_stderr(stderr_emitter):\n compiled = compile(code, \"\", \"exec\")\n exec(compiled, self.globals) # pylint: disable=exec-used\n\n except KeyboardInterrupt:\n control_text = \"interrupted\"\n\n except (SystemExit, Exception) as e:\n # SystemExit completes normally\n # Errors are indicated by the error chunk, not control type\n if not isinstance(e, SystemExit):\n error_chunk = {\n \"type\": \"error\",\n \"name\": type(e).__name__,\n \"value\": str(e),\n \"traceback\": self._clean_tb(type(e), e, e.__traceback__),\n }\n finally:\n stdout_emitter.flush()\n stderr_emitter.flush()\n if env_snapshot is not None:\n for key, previous in env_snapshot.items():\n if previous is None:\n os.environ.pop(key, None)\n else:\n os.environ[key] = previous\n if error_chunk:\n self._emit(error_chunk)\n self._emit({\"type\": \"control\", \"text\": control_text})\n\n # ---------- Protocol ----------\n def handle_command(self, line: str) -> None:\n try:\n msg = json.loads(line)\n envs = msg.get(\"envs\")\n if envs is not None and not isinstance(envs, dict):\n raise ValueError(\"envs must be an object\")\n self.execute_code(msg.get(\"code\", \"\"), envs)\n except json.JSONDecodeError as e:\n self._emit({\"type\": \"error\", \"name\": \"JSONDecodeError\", \"value\": str(e), \"traceback\": \"\"})\n except Exception as e:\n self._emit({\"type\": \"error\", \"name\": type(e).__name__, \"value\": str(e), \"traceback\": \"\"})\n\n # ---------- Main loop ----------\n def run(self):\n while True:\n if self.should_shutdown:\n break\n\n try:\n line = sys.stdin.readline()\n if not line:\n break # EOF\n line = line.strip()\n if not line:\n continue\n self.handle_command(line)\n except KeyboardInterrupt:\n continue\n except Exception as e:\n sys.__stderr__.write(f\"Fatal error in main loop: {e}\\n\")\n break\n\n\nif __name__ == \"__main__\":\n REPLWorker().run()\n" }, { "path": "apps/daemon/pkg/toolbox/process/interpreter/types.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage interpreter\n\nimport (\n\t\"context\"\n\t\"io\"\n\t\"log/slog\"\n\t\"os/exec\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/gorilla/websocket\"\n)\n\n// Constants for WebSocket and execution management\nconst (\n\twriteWait = 10 * time.Second\n\tgracePeriod = 2 * time.Second\n\tworkerScriptPerms = 0700\n)\n\n// WebSocket close codes (4000-4999 are for private/application use)\nconst (\n\tWebSocketCloseTimeout = 4008 // Execution timeout\n)\n\n// Chunk type constants for websocket streaming\nconst (\n\tChunkTypeStdout = \"stdout\"\n\tChunkTypeStderr = \"stderr\"\n\tChunkTypeError = \"error\"\n\tChunkTypeControl = \"control\"\n)\n\n// Control chunk subtypes\nconst (\n\tControlChunkTypeCompleted = \"completed\"\n\tControlChunkTypeInterrupted = \"interrupted\"\n)\n\n// Command execution statuses\nconst (\n\tCommandStatusRunning = \"running\"\n\tCommandStatusOK = \"ok\"\n\tCommandStatusError = \"error\"\n\tCommandStatusTimeout = \"timeout\"\n)\n\n// Supported languages\nconst (\n\tLanguagePython = \"python\"\n)\n\n// Controller handles interpreter-related HTTP endpoints\ntype Controller struct {\n\tlogger *slog.Logger\n\tworkDir string\n}\n\n// API Request/Response types\n\n// CreateContextRequest represents a request to create a new interpreter context\ntype CreateContextRequest struct {\n\tCwd *string `json:\"cwd\" validate:\"optional\"`\n\tLanguage *string `json:\"language\" validate:\"optional\"`\n} // @name CreateContextRequest\n\n// ExecuteRequest represents a request to execute code\ntype ExecuteRequest struct {\n\tCode string `json:\"code\" binding:\"required\"`\n\tContextID *string `json:\"contextId\" validate:\"optional\"`\n\tTimeout *int64 `json:\"timeout\" validate:\"optional\"` // seconds, 0 disables timeout\n\tEnvs *map[string]string `json:\"envs\" validate:\"optional\"`\n} // @name ExecuteRequest\n\n// ListContextsResponse represents the response when listing contexts\ntype ListContextsResponse struct {\n\tContexts []ContextInfo `json:\"contexts\" binding:\"required\"`\n} // @name ListContextsResponse\n\n// Context types\n\n// ContextInfo contains metadata about an interpreter context\ntype ContextInfo struct {\n\tID string `json:\"id\" binding:\"required\"`\n\tCwd string `json:\"cwd\" binding:\"required\"`\n\tCreatedAt time.Time `json:\"createdAt\" binding:\"required\"`\n\tActive bool `json:\"active\" binding:\"required\"`\n\tLanguage string `json:\"language\" binding:\"required\"`\n} // @name InterpreterContext\n\n// Context represents an active interpreter context with operational methods\ntype Context struct {\n\tinfo ContextInfo\n\n\tlogger *slog.Logger\n\n\tcmd *exec.Cmd\n\tstdin io.WriteCloser\n\tstdout io.ReadCloser\n\tctx context.Context\n\tcancel context.CancelFunc\n\tworkerPath string\n\n\t// Single websocket client (protected by mu)\n\tclient *wsClient\n\n\t// Command tracking\n\tactiveCommand *CommandExecution\n\tcommandMu sync.Mutex\n\n\t// Execution FIFO queue\n\tqueue chan execJob\n\n\t// Process exit notification\n\tdone chan struct{}\n\n\t// Guards session state and client\n\tmu sync.Mutex\n}\n\n// CommandExecution tracks a single code execution\ntype CommandExecution struct {\n\tID string `json:\"id\" binding:\"required\"`\n\tCode string `json:\"code\" binding:\"required\"`\n\tStatus string `json:\"status\" binding:\"required\"` // \"running\", \"ok\", \"error\", \"interrupted\", \"exit\", \"timeout\"\n\tError *Error `json:\"error,omitempty\"`\n\tStartedAt time.Time `json:\"startedAt\" binding:\"required\"`\n\tEndedAt *time.Time `json:\"endedAt,omitempty\"`\n}\n\n// Error represents a structured error from code execution\ntype Error struct {\n\tName string `json:\"name\" binding:\"required\"`\n\tValue string `json:\"value\" binding:\"required\"`\n\tTraceback string `json:\"traceback\" binding:\"required\"`\n}\n\n// Internal types\n\n// wsClient represents a WebSocket client connection for output streaming\ntype wsClient struct {\n\tid string\n\tconn *websocket.Conn\n\tsend chan wsFrame\n\tpongCh <-chan []byte // queued pong payloads from PingHandler, drained by clientWriter\n\tdone chan struct{} // signals when clientWriter exits\n\tcloseOnce sync.Once\n\tlogger *slog.Logger\n}\n\ntype wsFrame struct {\n\toutput *OutputMessage\n\tclose *closeRequest\n}\n\ntype closeRequest struct {\n\tcode int\n\tmessage string\n}\n\n// OutputMessage represents output sent to WebSocket clients\ntype OutputMessage struct {\n\tType string `json:\"type\" binding:\"required\"`\n\tText string `json:\"text\" binding:\"required\"`\n\tName string `json:\"name\" binding:\"required\"`\n\tValue string `json:\"value\" binding:\"required\"`\n\tTraceback string `json:\"traceback\" binding:\"required\"`\n}\n\n// WorkerCommand represents a command sent to the language worker\ntype WorkerCommand struct {\n\tID string `json:\"id\" binding:\"required\"`\n\tCode string `json:\"code\" binding:\"required\"`\n\tEnvs map[string]string `json:\"envs\" binding:\"required\"`\n}\n\n// execJob represents one queued execution\ntype execJob struct {\n\tcode string\n\tenvs map[string]string\n\ttimeout time.Duration\n\tws *websocket.Conn\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/interpreter/websocket.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage interpreter\n\nimport (\n\t\"encoding/json\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/daytonaio/daemon/internal/util\"\n\t\"github.com/google/uuid\"\n\t\"github.com/gorilla/websocket\"\n)\n\n// attachWebSocket connects a WebSocket client to the interpreter context\nfunc (c *Context) attachWebSocket(ws *websocket.Conn) {\n\tpongCh := util.SetupWSKeepAlive(ws, c.logger)\n\n\tclientId := uuid.NewString()\n\tcl := &wsClient{\n\t\tid: clientId,\n\t\tconn: ws,\n\t\tsend: make(chan wsFrame, 1024),\n\t\tpongCh: pongCh,\n\t\tdone: make(chan struct{}),\n\t\tlogger: c.logger.With(slog.String(\"clientId\", clientId)),\n\t}\n\n\tc.mu.Lock()\n\tif c.client != nil {\n\t\tc.client.close()\n\t}\n\tc.client = cl\n\tc.mu.Unlock()\n\n\tc.logger.Debug(\"Client attached to interpreter context\", \"clientId\", cl.id, \"contextId\", c.info.ID)\n\n\tgo c.clientWriter(cl)\n\t// Continuously read from the WebSocket so that gorilla/websocket's\n\t// PingHandler is invoked for incoming ping frames. Without this,\n\t// client keepalive pings go unanswered and the connection is closed\n\t// with code 1011 after ~50s.\n\tgo func() {\n\t\tfor {\n\t\t\tif _, _, err := ws.ReadMessage(); err != nil {\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\t}()\n\n\t// Wait for clientWriter to exit (signals disconnection)\n\t<-cl.done\n\n\tc.mu.Lock()\n\tif c.client != nil && c.client.id == cl.id {\n\t\tc.client = nil\n\t}\n\tc.mu.Unlock()\n\n\tcl.close()\n\tc.logger.Debug(\"Client detached from interpreter context\", \"clientId\", cl.id, \"contextId\", c.info.ID)\n}\n\n// clientWriter sends output messages to the WebSocket client\nfunc (c *Context) clientWriter(cl *wsClient) {\n\tdefer close(cl.done)\n\n\tfor {\n\t\t// Priority: always flush pending pong responses before writing data.\n\t\t// This ensures keepalive pongs are never delayed by data writes.\n\t\tutil.WritePendingPongs(cl.conn, cl.pongCh, writeWait, cl.logger)\n\n\t\tselect {\n\t\tcase <-c.ctx.Done():\n\t\t\treturn\n\t\tcase pong := <-cl.pongCh:\n\t\t\t// Pong arrived while waiting for data — write it immediately.\n\t\t\tif err := cl.conn.WriteControl(websocket.PongMessage, pong, time.Now().Add(writeWait)); err != nil {\n\t\t\t\tcl.logger.Debug(\"failed to write pong\", \"error\", err)\n\t\t\t}\n\t\tcase frame, ok := <-cl.send:\n\t\t\tif !ok {\n\t\t\t\treturn\n\t\t\t}\n\n\t\t\terr := cl.writeFrame(frame)\n\t\t\tif err != nil {\n\t\t\t\tc.logger.Debug(\"Failed to write frame\", \"error\", err)\n\t\t\t}\n\t\t\tif frame.close != nil {\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\t}\n}\n\n// emitOutput sends an output message to the connected WebSocket client\nfunc (c *Context) emitOutput(msg *OutputMessage) {\n\tc.mu.Lock()\n\tcl := c.client\n\tc.mu.Unlock()\n\n\tif cl == nil {\n\t\treturn\n\t}\n\n\tselect {\n\tcase cl.send <- wsFrame{output: msg}:\n\tdefault:\n\t\tc.logger.Debug(\"Client send channel full - closing slow consumer\")\n\t\tcl.requestClose(websocket.ClosePolicyViolation, \"slow consumer\")\n\n\t\tc.mu.Lock()\n\t\tif c.client != nil && c.client.id == cl.id {\n\t\t\tc.client = nil\n\t\t}\n\t\tc.mu.Unlock()\n\t}\n}\n\n// close closes a WebSocket client connection\nfunc (cl *wsClient) close() {\n\tcl.closeOnce.Do(func() {\n\t\tclose(cl.send)\n\n\t\t// Wait for clientWriter to drain remaining messages with a timeout\n\t\t// This ensures close frames and other pending messages have time to be sent\n\t\ttimer := time.NewTimer(5 * time.Second)\n\t\tselect {\n\t\tcase <-cl.done:\n\t\t\t// clientWriter has finished processing all messages\n\t\t\tif !timer.Stop() {\n\t\t\t\t<-timer.C\n\t\t\t}\n\t\tcase <-timer.C:\n\t\t\t// Timeout reached, proceed with closing\n\t\t\tcl.logger.Debug(\"Timeout waiting for client writer to finish\")\n\t\t}\n\n\t\t// Close the connection. The background read goroutine started in\n\t\t// attachWebSocket is the sole reader — gorilla's default CloseHandler\n\t\t// (invoked during ReadMessage) handles the RFC 6455 close handshake.\n\t\t// We must not call NextReader/ReadMessage here to avoid violating\n\t\t// gorilla's single-concurrent-reader rule.\n\t\t_ = cl.conn.Close()\n\t})\n}\n\nfunc (cl *wsClient) writeFrame(frame wsFrame) error {\n\tif frame.output == nil && frame.close == nil {\n\t\treturn nil\n\t}\n\n\terr := cl.conn.SetWriteDeadline(time.Now().Add(writeWait))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif frame.close != nil {\n\t\tpayload := websocket.FormatCloseMessage(frame.close.code, frame.close.message)\n\t\treturn cl.conn.WriteMessage(websocket.CloseMessage, payload)\n\t}\n\n\tdata, err := json.Marshal(frame.output)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn cl.conn.WriteMessage(websocket.TextMessage, data)\n}\n\nfunc (cl *wsClient) requestClose(code int, message string) {\n\tframe := wsFrame{\n\t\tclose: &closeRequest{\n\t\t\tcode: code,\n\t\t\tmessage: message,\n\t\t},\n\t}\n\n\tselect {\n\tcase cl.send <- frame:\n\tdefault:\n\t\tcl.logger.Debug(\"Couldn't send close frame to client - closing connection\")\n\t}\n\n\tcl.close()\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/pty/controller.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage pty\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"time\"\n\n\t\"github.com/daytonaio/daemon/internal/util\"\n\t\"github.com/gin-gonic/gin\"\n\t\"github.com/gorilla/websocket\"\n\tcmap \"github.com/orcaman/concurrent-map/v2\"\n)\n\n// NewPTYController creates a new PTY controller\nfunc NewPTYController(logger *slog.Logger, workDir string) *PTYController {\n\treturn &PTYController{logger: logger.With(slog.String(\"component\", \"PTY_controller\")), workDir: workDir}\n}\n\n// CreatePTYSession godoc\n//\n//\t@Summary\t\tCreate a new PTY session\n//\t@Description\tCreate a new pseudo-terminal session with specified configuration\n//\t@Tags\t\t\tprocess\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\t\tPTYCreateRequest\ttrue\t\"PTY session creation request\"\n//\t@Success\t\t201\t\t{object}\tPTYCreateResponse\n//\t@Router\t\t\t/process/pty [post]\n//\n//\t@id\t\t\t\tCreatePtySession\nfunc (p *PTYController) CreatePTYSession(c *gin.Context) {\n\tvar req PTYCreateRequest\n\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\treturn\n\t}\n\n\t// Validate session ID\n\tif req.ID == \"\" {\n\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"session ID is required\"})\n\t\treturn\n\t}\n\n\t// Check if session with this ID already exists\n\tif _, exists := ptyManager.Get(req.ID); exists {\n\t\tc.JSON(http.StatusConflict, gin.H{\"error\": fmt.Sprintf(\"PTY session with ID '%s' already exists\", req.ID)})\n\t\treturn\n\t}\n\n\t// Defaults\n\tif req.Cwd == \"\" {\n\t\treq.Cwd = p.workDir\n\t}\n\tif req.Envs == nil {\n\t\treq.Envs = make(map[string]string, 1)\n\t}\n\tif req.Envs[\"TERM\"] == \"\" {\n\t\treq.Envs[\"TERM\"] = \"xterm-256color\"\n\t}\n\tif req.Cols == nil {\n\t\treq.Cols = util.Pointer(uint16(80))\n\t}\n\tif req.Rows == nil {\n\t\treq.Rows = util.Pointer(uint16(24))\n\t}\n\t// Set upper limits to avoid ioctl errors\n\tif *req.Cols > 1000 {\n\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"invalid value for cols - must be less than 1000\"})\n\t\treturn\n\t}\n\tif *req.Rows > 1000 {\n\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"invalid value for rows - must be less than 1000\"})\n\t\treturn\n\t}\n\n\tsession := &PTYSession{\n\t\tinfo: PTYSessionInfo{\n\t\t\tID: req.ID,\n\t\t\tCwd: req.Cwd,\n\t\t\tEnvs: req.Envs,\n\t\t\tCols: *req.Cols,\n\t\t\tRows: *req.Rows,\n\t\t\tCreatedAt: time.Now(),\n\t\t\tActive: false,\n\t\t\tLazyStart: req.LazyStart,\n\t\t},\n\t\tclients: cmap.New[*wsClient](),\n\t\tlogger: p.logger.With(slog.String(\"sessionId\", req.ID)),\n\t}\n\n\t// Add to manager first to prevent race conditions\n\tptyManager.Add(session)\n\n\t// Start PTY immediately if not lazy start (default behavior)\n\tif !req.LazyStart {\n\t\tif err := session.start(); err != nil {\n\t\t\t// If start fails, remove from manager\n\t\t\tptyManager.Delete(req.ID)\n\t\t\tp.logger.Error(\"failed to start PTY at create\", \"error\", err)\n\t\t\tc.JSON(http.StatusInternalServerError, gin.H{\"error\": \"failed to start PTY session\"})\n\t\t\treturn\n\t\t}\n\t}\n\n\tc.JSON(http.StatusCreated, PTYCreateResponse{SessionID: req.ID})\n}\n\n// ListPTYSessions godoc\n//\n//\t@Summary\t\tList all PTY sessions\n//\t@Description\tGet a list of all active pseudo-terminal sessions\n//\t@Tags\t\t\tprocess\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tPTYListResponse\n//\t@Router\t\t\t/process/pty [get]\n//\n//\t@id\t\t\t\tListPtySessions\nfunc (p *PTYController) ListPTYSessions(c *gin.Context) {\n\tc.JSON(http.StatusOK, PTYListResponse{Sessions: ptyManager.List()})\n}\n\n// GetPTYSession godoc\n//\n//\t@Summary\t\tGet PTY session information\n//\t@Description\tGet detailed information about a specific pseudo-terminal session\n//\t@Tags\t\t\tprocess\n//\t@Produce\t\tjson\n//\t@Param\t\t\tsessionId\tpath\t\tstring\ttrue\t\"PTY session ID\"\n//\t@Success\t\t200\t\t\t{object}\tPTYSessionInfo\n//\t@Router\t\t\t/process/pty/{sessionId} [get]\n//\n//\t@id\t\t\t\tGetPtySession\nfunc (p *PTYController) GetPTYSession(c *gin.Context) {\n\tid := c.Param(\"sessionId\")\n\tif id == \"\" {\n\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"session ID is required\"})\n\t\treturn\n\t}\n\n\tif s, ok := ptyManager.Get(id); ok {\n\t\tc.JSON(http.StatusOK, s.Info())\n\t\treturn\n\t}\n\tc.JSON(http.StatusNotFound, gin.H{\"error\": \"PTY session not found\"})\n}\n\n// DeletePTYSession godoc\n//\n//\t@Summary\t\tDelete a PTY session\n//\t@Description\tDelete a pseudo-terminal session and terminate its process\n//\t@Tags\t\t\tprocess\n//\t@Produce\t\tjson\n//\t@Param\t\t\tsessionId\tpath\t\tstring\ttrue\t\"PTY session ID\"\n//\t@Success\t\t200\t\t\t{object}\tgin.H\n//\t@Router\t\t\t/process/pty/{sessionId} [delete]\n//\n//\t@id\t\t\t\tDeletePtySession\nfunc (p *PTYController) DeletePTYSession(c *gin.Context) {\n\tid := c.Param(\"sessionId\")\n\tif id == \"\" {\n\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"session ID is required\"})\n\t\treturn\n\t}\n\n\tif s, ok := ptyManager.Delete(id); ok {\n\t\ts.kill()\n\t\tp.logger.Debug(\"Deleted PTY session\", \"sessionId\", id)\n\t\tc.JSON(http.StatusOK, gin.H{\"message\": \"PTY session deleted\"})\n\t\treturn\n\t}\n\tc.JSON(http.StatusNotFound, gin.H{\"error\": \"PTY session not found\"})\n}\n\n// ConnectPTYSession godoc\n//\n//\t@Summary\t\tConnect to PTY session via WebSocket\n//\t@Description\tEstablish a WebSocket connection to interact with a pseudo-terminal session\n//\t@Tags\t\t\tprocess\n//\t@Param\t\t\tsessionId\tpath\tstring\ttrue\t\"PTY session ID\"\n//\t@Success\t\t101\t\t\t\"Switching Protocols - WebSocket connection established\"\n//\t@Router\t\t\t/process/pty/{sessionId}/connect [get]\n//\n//\t@id\t\t\t\tConnectPtySession\nfunc (p *PTYController) ConnectPTYSession(c *gin.Context) {\n\tid := c.Param(\"sessionId\")\n\tif id == \"\" {\n\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"session ID is required\"})\n\t\treturn\n\t}\n\n\t// Upgrade to WebSocket\n\tws, err := util.UpgradeToWebSocket(c.Writer, c.Request)\n\tif err != nil {\n\t\tp.logger.Error(\"ws upgrade failed\", \"error\", err)\n\t\treturn\n\t}\n\n\tsession, err := ptyManager.VerifyPTYSessionReady(id)\n\tif err != nil {\n\t\tp.logger.Debug(\"failed to connect to PTY session\", \"sessionId\", id, \"error\", err)\n\t\t// Send error control message\n\t\terrorMsg := map[string]interface{}{\n\t\t\t\"type\": \"control\",\n\t\t\t\"status\": \"error\",\n\t\t\t\"error\": \"Failed to connect to PTY session: \" + err.Error(),\n\t\t}\n\t\tif errorJSON, err := json.Marshal(errorMsg); err == nil {\n\t\t\t_ = ws.WriteMessage(websocket.TextMessage, errorJSON)\n\t\t}\n\t\t_ = ws.Close()\n\t\treturn\n\t}\n\n\t// Attach to session - this will send the control message internally\n\tsession.attachWebSocket(ws)\n}\n\n// ResizePTYSession godoc\n//\n//\t@Summary\t\tResize a PTY session\n//\t@Description\tResize the terminal dimensions of a pseudo-terminal session\n//\t@Tags\t\t\tprocess\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\tsessionId\tpath\t\tstring\t\t\t\ttrue\t\"PTY session ID\"\n//\t@Param\t\t\trequest\t\tbody\t\tPTYResizeRequest\ttrue\t\"Resize request with new dimensions\"\n//\t@Success\t\t200\t\t\t{object}\tPTYSessionInfo\n//\t@Router\t\t\t/process/pty/{sessionId}/resize [post]\n//\n//\t@id\t\t\t\tResizePtySession\nfunc (p *PTYController) ResizePTYSession(c *gin.Context) {\n\tid := c.Param(\"sessionId\")\n\tif id == \"\" {\n\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"session ID is required\"})\n\t\treturn\n\t}\n\n\tvar req PTYResizeRequest\n\tif err := c.ShouldBindJSON(&req); err != nil {\n\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": err.Error()})\n\t\treturn\n\t}\n\n\tif req.Cols > 1000 {\n\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"cols must be less than 1000\"})\n\t\treturn\n\t}\n\tif req.Rows > 1000 {\n\t\tc.JSON(http.StatusBadRequest, gin.H{\"error\": \"rows must be less than 1000\"})\n\t\treturn\n\t}\n\n\tsession, err := ptyManager.VerifyPTYSessionForResize(id)\n\tif err != nil {\n\t\tc.JSON(http.StatusGone, gin.H{\"error\": err.Error()})\n\t\treturn\n\t}\n\n\tif err := session.resize(req.Cols, req.Rows); err != nil {\n\t\tc.JSON(http.StatusInternalServerError, gin.H{\"error\": err.Error()})\n\t\treturn\n\t}\n\tp.logger.Debug(\"Resized PTY session\", \"sessionId\", id, \"cols\", req.Cols, \"rows\", req.Rows)\n\n\t// Return updated session info\n\tupdatedInfo := session.Info()\n\tc.JSON(http.StatusOK, updatedInfo)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/pty/manager.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage pty\n\nimport (\n\t\"fmt\"\n\n\tcmap \"github.com/orcaman/concurrent-map/v2\"\n)\n\n// Global PTY manager instance\nvar ptyManager = &PTYManager{\n\tsessions: cmap.New[*PTYSession](),\n}\n\n// NewPTYManager creates a new PTY manager instance\nfunc NewPTYManager() *PTYManager {\n\treturn &PTYManager{\n\t\tsessions: cmap.New[*PTYSession](),\n\t}\n}\n\n// Add adds a PTY session to the manager\nfunc (m *PTYManager) Add(s *PTYSession) {\n\tm.sessions.Set(s.info.ID, s)\n}\n\n// Get retrieves a PTY session by ID\nfunc (m *PTYManager) Get(id string) (*PTYSession, bool) {\n\ts, ok := m.sessions.Get(id)\n\treturn s, ok\n}\n\n// Delete removes a PTY session from the manager\nfunc (m *PTYManager) Delete(id string) (*PTYSession, bool) {\n\ts, ok := m.sessions.Get(id)\n\tif ok {\n\t\tm.sessions.Remove(id)\n\t}\n\treturn s, ok\n}\n\n// List returns information about all managed PTY sessions\nfunc (m *PTYManager) List() []PTYSessionInfo {\n\tout := make([]PTYSessionInfo, 0, m.sessions.Count())\n\tfor _, s := range m.sessions.Items() {\n\t\tout = append(out, s.Info())\n\t}\n\treturn out\n}\n\nfunc (m *PTYManager) VerifyPTYSessionReady(id string) (*PTYSession, error) {\n\t// Validate session existence and send control message\n\tsession, ok := ptyManager.Get(id)\n\tif !ok {\n\t\treturn nil, fmt.Errorf(\"PTY session %s not found\", id)\n\t}\n\n\tsessionInfo := session.Info()\n\n\t// Handle inactive sessions based on lazy start flag\n\tif !sessionInfo.Active {\n\t\tif sessionInfo.LazyStart {\n\t\t\t// Lazy start session - start PTY on first client connection\n\t\t\tif err := session.start(); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to start PTY session: %v\", err)\n\t\t\t}\n\t\t} else {\n\t\t\t// Non-lazy session that's inactive means it has terminated\n\t\t\treturn nil, fmt.Errorf(\"PTY session '%s' has terminated and is no longer available\", id)\n\t\t}\n\t}\n\n\treturn session, nil\n}\n\nfunc (m *PTYManager) VerifyPTYSessionForResize(id string) (*PTYSession, error) {\n\tsession, ok := ptyManager.Get(id)\n\tif !ok {\n\t\treturn nil, fmt.Errorf(\"PTY session %s not found\", id)\n\t}\n\n\tsessionInfo := session.Info()\n\n\t// Check if session can be resized\n\tif !sessionInfo.Active && !sessionInfo.LazyStart {\n\t\t// Non-lazy session that's inactive means it has terminated\n\t\treturn nil, fmt.Errorf(\"PTY session '%s' has terminated and cannot be resized\", id)\n\t}\n\n\treturn session, nil\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/pty/session.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage pty\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"os/exec\"\n\n\t\"github.com/creack/pty\"\n\t\"github.com/daytonaio/daemon/pkg/common\"\n)\n\n// Info returns the current session information\nfunc (s *PTYSession) Info() PTYSessionInfo {\n\ts.mu.Lock()\n\tdefer s.mu.Unlock()\n\treturn s.info\n}\n\n// start initializes and starts the PTY session\nfunc (s *PTYSession) start() error {\n\ts.mu.Lock()\n\tdefer s.mu.Unlock()\n\n\t// already running?\n\tif s.info.Active && s.cmd != nil && s.ptmx != nil {\n\t\treturn nil\n\t}\n\n\t// Prevent restarting - once a session exits, it should be removed from manager\n\tif s.cmd != nil {\n\t\treturn errors.New(\"PTY session has already been used and cannot be restarted\")\n\t}\n\n\tif s.inCh == nil {\n\t\ts.inCh = make(chan []byte, 1024)\n\t}\n\n\tctx, cancel := context.WithCancel(context.Background())\n\ts.ctx = ctx\n\ts.cancel = cancel\n\n\tshell := common.GetShell()\n\tif shell == \"\" {\n\t\treturn errors.New(\"no shell resolved\")\n\t}\n\n\tcmd := exec.CommandContext(ctx, shell, \"-i\", \"-l\")\n\tcmd.Dir = s.info.Cwd\n\n\t// Env\n\tcmd.Env = os.Environ()\n\tfor k, v := range s.info.Envs {\n\t\tcmd.Env = append(cmd.Env, fmt.Sprintf(\"%s=%s\", k, v))\n\t}\n\n\tptmx, err := pty.StartWithSize(cmd, &pty.Winsize{Rows: s.info.Rows, Cols: s.info.Cols})\n\tif err != nil {\n\t\tcancel()\n\t\treturn fmt.Errorf(\"pty.StartWithSize: %w\", err)\n\t}\n\n\ts.cmd = cmd\n\ts.ptmx = ptmx\n\ts.info.Active = true\n\n\ts.logger.Debug(\"Started PTY session\", \"sessionId\", s.info.ID, \"pid\", s.cmd.Process.Pid)\n\n\t// 1) PTY -> clients broadcaster\n\tgo s.ptyReadLoop()\n\n\t// 2) clients -> PTY writer\n\tgo s.inputWriteLoop()\n\n\t// Reap the process; mark inactive on exit and send exit event\n\tgo func() {\n\t\terr := s.cmd.Wait()\n\t\tvar exitCode int\n\t\tvar exitReason string\n\n\t\tif err != nil {\n\t\t\tif exitError, ok := err.(*exec.ExitError); ok {\n\t\t\t\texitCode = exitError.ExitCode()\n\t\t\t\t// Analyze the exit code to provide meaningful context\n\t\t\t\tif exitCode == 137 {\n\t\t\t\t\texitReason = \" (SIGKILL)\"\n\t\t\t\t} else if exitCode == 130 {\n\t\t\t\t\texitReason = \" (SIGINT - Ctrl+C)\"\n\t\t\t\t} else if exitCode == 143 {\n\t\t\t\t\texitReason = \" (SIGTERM)\"\n\t\t\t\t} else if exitCode > 128 {\n\t\t\t\t\tsigNum := exitCode - 128\n\t\t\t\t\texitReason = fmt.Sprintf(\" (signal %d)\", sigNum)\n\t\t\t\t} else {\n\t\t\t\t\texitReason = \" (non-zero exit)\"\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\texitCode = 1\n\t\t\t\texitReason = \" (process error)\"\n\t\t\t}\n\t\t} else {\n\t\t\texitCode = 0\n\t\t\texitReason = \" (clean exit)\"\n\t\t}\n\n\t\ts.mu.Lock()\n\t\ts.info.Active = false\n\t\tsessionID := s.info.ID\n\t\ts.mu.Unlock()\n\n\t\t// Close WebSocket connections with exit code and reason\n\t\ts.closeClientsWithExitCode(exitCode, exitReason)\n\n\t\t// Remove session from manager - process has exited and won't be reused\n\t\tptyManager.Delete(sessionID)\n\n\t\ts.logger.Debug(\"PTY session process exited and cleaned up\", \"sessionId\", sessionID, \"exitCode\", exitCode, \"exitReason\", exitReason)\n\t}()\n\n\treturn nil\n}\n\n// kill terminates the PTY session\nfunc (s *PTYSession) kill() {\n\t// kill process and PTY\n\ts.mu.Lock()\n\t// Check if already killed to prevent double-kill\n\tif !s.info.Active {\n\t\ts.mu.Unlock()\n\t\treturn\n\t}\n\n\tsessionID := s.info.ID\n\tif s.cancel != nil {\n\t\ts.cancel()\n\t}\n\tif s.ptmx != nil {\n\t\t_ = s.ptmx.Close()\n\t\ts.ptmx = nil\n\t}\n\tif s.cmd != nil && s.cmd.Process != nil {\n\t\t_ = s.cmd.Process.Kill()\n\t}\n\ts.info.Active = false\n\ts.mu.Unlock()\n\n\t// Close WebSocket connections with kill exit code - 137 = 128 + 9 (SIGKILL)\n\ts.closeClientsWithExitCode(137, \" (SIGKILL)\")\n\n\t// Remove session from manager - manually killed\n\tptyManager.Delete(sessionID)\n}\n\n// ptyReadLoop reads from PTY and broadcasts to all clients\nfunc (s *PTYSession) ptyReadLoop() {\n\tbuf := make([]byte, 32*1024)\n\tfor {\n\t\tn, err := s.ptmx.Read(buf)\n\t\tif n > 0 {\n\t\t\tb := make([]byte, n)\n\t\t\tcopy(b, buf[:n])\n\t\t\ts.broadcast(b)\n\t\t}\n\t\tif err != nil {\n\t\t\treturn\n\t\t}\n\t}\n}\n\n// inputWriteLoop writes client input to PTY\nfunc (s *PTYSession) inputWriteLoop() {\n\tfor {\n\t\tselect {\n\t\tcase <-s.ctx.Done():\n\t\t\treturn\n\t\tcase data := <-s.inCh:\n\t\t\tif s.ptmx == nil {\n\t\t\t\treturn\n\t\t\t}\n\t\t\tif _, err := s.ptmx.Write(data); err != nil {\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\t}\n}\n\n// sendToPTY sends data from a client to the PTY\nfunc (s *PTYSession) sendToPTY(data []byte) error {\n\t// Check if inCh is available to prevent panic\n\tif s.inCh == nil {\n\t\treturn fmt.Errorf(\"PTY session input channel not available\")\n\t}\n\n\tselect {\n\tcase s.inCh <- data:\n\t\treturn nil\n\tcase <-s.ctx.Done():\n\t\treturn fmt.Errorf(\"PTY session input channel closed\")\n\t}\n}\n\n// resize changes the PTY window size\nfunc (s *PTYSession) resize(cols, rows uint16) error {\n\ts.mu.Lock()\n\tdefer s.mu.Unlock()\n\n\t// Check if session is still active\n\tif !s.info.Active {\n\t\treturn errors.New(\"cannot resize inactive PTY session\")\n\t}\n\n\tif cols > 1000 {\n\t\treturn fmt.Errorf(\"cols must be less than 1000\")\n\t}\n\tif rows > 1000 {\n\t\treturn fmt.Errorf(\"rows must be less than 1000\")\n\t}\n\n\ts.info.Cols = cols\n\ts.info.Rows = rows\n\n\tif s.ptmx != nil {\n\t\tif err := pty.Setsize(s.ptmx, &pty.Winsize{Cols: cols, Rows: rows}); err != nil {\n\t\t\ts.logger.Debug(\"PTY resize error\", \"error\", err)\n\t\t\treturn err\n\t\t}\n\t} else {\n\t\treturn errors.New(\"PTY file descriptor is not available\")\n\t}\n\treturn nil\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/pty/types.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage pty\n\nimport (\n\t\"context\"\n\t\"log/slog\"\n\t\"os\"\n\t\"os/exec\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/gorilla/websocket\"\n\tcmap \"github.com/orcaman/concurrent-map/v2\"\n)\n\n// Constants\nconst (\n\twriteWait = 10 * time.Second\n\treadLimit = 64 * 1024\n)\n\n// PTYController handles PTY-related HTTP endpoints\ntype PTYController struct {\n\tlogger *slog.Logger\n\tworkDir string\n}\n\n// PTYManager manages multiple PTY sessions\ntype PTYManager struct {\n\tsessions cmap.ConcurrentMap[string, *PTYSession]\n}\n\n// wsClient represents a WebSocket client connection\ntype wsClient struct {\n\tid string\n\tconn *websocket.Conn\n\tsend chan []byte // outbound queue for this client (PTY -> WS)\n\tdone chan struct{} // closed when the client is shutting down\n\tcloseOnce sync.Once\n}\n\n// PTYSession represents a single PTY session with multi-client support\ntype PTYSession struct {\n\tlogger *slog.Logger\n\n\tinfo PTYSessionInfo\n\n\tcmd *exec.Cmd\n\tptmx *os.File\n\tctx context.Context\n\tcancel context.CancelFunc\n\n\t// multi-attach\n\tclients cmap.ConcurrentMap[string, *wsClient]\n\tclientsMu sync.RWMutex\n\n\t// funnel of all client inputs -> single PTY writer (preserves ordering)\n\tinCh chan []byte\n\n\t// guards general session fields (info/cmd/ptmx)\n\tmu sync.Mutex\n}\n\n// PTYSessionInfo contains metadata about a PTY session\ntype PTYSessionInfo struct {\n\tID string `json:\"id\" validate:\"required\"`\n\tCwd string `json:\"cwd\" validate:\"required\"`\n\tEnvs map[string]string `json:\"envs\" validate:\"required\"`\n\tCols uint16 `json:\"cols\" validate:\"required\"`\n\tRows uint16 `json:\"rows\" validate:\"required\"`\n\tCreatedAt time.Time `json:\"createdAt\" validate:\"required\"`\n\tActive bool `json:\"active\" validate:\"required\"`\n\tLazyStart bool `json:\"lazyStart\" validate:\"required\"` // Whether this session uses lazy start\n} // @name PtySessionInfo\n\n// API Request/Response types\n\n// PTYCreateRequest represents a request to create a new PTY session\ntype PTYCreateRequest struct {\n\tID string `json:\"id\"`\n\tCwd string `json:\"cwd,omitempty\"`\n\tEnvs map[string]string `json:\"envs,omitempty\"`\n\tCols *uint16 `json:\"cols\" validate:\"optional\"`\n\tRows *uint16 `json:\"rows\" validate:\"optional\"`\n\tLazyStart bool `json:\"lazyStart,omitempty\"` // Don't start PTY until first client connects\n} // @name PtyCreateRequest\n\n// PTYCreateResponse represents the response when creating a PTY session\ntype PTYCreateResponse struct {\n\tSessionID string `json:\"sessionId\" validate:\"required\"`\n} // @name PtyCreateResponse\n\n// PTYListResponse represents the response when listing PTY sessions\ntype PTYListResponse struct {\n\tSessions []PTYSessionInfo `json:\"sessions\" validate:\"required\"`\n} // @name PtyListResponse\n\n// PTYResizeRequest represents a request to resize a PTY session\ntype PTYResizeRequest struct {\n\tCols uint16 `json:\"cols\" binding:\"required,min=1,max=1000\"`\n\tRows uint16 `json:\"rows\" binding:\"required,min=1,max=1000\"`\n} // @name PtyResizeRequest\n" }, { "path": "apps/daemon/pkg/toolbox/process/pty/websocket.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage pty\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/google/uuid\"\n\t\"github.com/gorilla/websocket\"\n)\n\n// attachWebSocket connects a new WebSocket client to the PTY session\nfunc (s *PTYSession) attachWebSocket(ws *websocket.Conn) {\n\tcl := &wsClient{\n\t\tid: uuid.NewString(),\n\t\tconn: ws,\n\t\tsend: make(chan []byte, 256), // if full, drop slow client\n\t\tdone: make(chan struct{}),\n\t}\n\n\t// Register client FIRST so it can receive PTY output via broadcast\n\ts.clients.Set(cl.id, cl)\n\tcount := s.clients.Count()\n\ts.logger.Debug(\"Client attached to PTY session\", \"clientId\", cl.id, \"sessionId\", s.info.ID, \"clientCount\", count)\n\n\t// Start PTY data flow - writer (PTY -> this client)\n\tgo s.clientWriter(cl)\n\n\t// Send success control message after client is registered and ready\n\tsuccessMsg := map[string]interface{}{\n\t\t\"type\": \"control\",\n\t\t\"status\": \"connected\",\n\t}\n\tif successJSON, err := json.Marshal(successMsg); err == nil {\n\t\t_ = ws.WriteMessage(websocket.TextMessage, successJSON)\n\t}\n\n\t// reader (this client -> PTY); blocks until disconnect\n\ts.clientReader(cl)\n\n\t// on exit, unregister\n\ts.clients.Remove(cl.id)\n\n\tcl.close()\n\n\tremaining := s.clients.Count()\n\ts.logger.Debug(\"Client detached from PTY session\", \"clientId\", cl.id, \"sessionId\", s.info.ID, \"clientCount\", remaining)\n}\n\n// clientWriter sends PTY output to a specific WebSocket client\nfunc (s *PTYSession) clientWriter(cl *wsClient) {\n\tfor {\n\t\tselect {\n\t\tcase <-s.ctx.Done():\n\t\t\treturn\n\t\tcase <-cl.done:\n\t\t\treturn\n\t\tcase b := <-cl.send:\n\t\t\t_ = cl.conn.SetWriteDeadline(time.Now().Add(writeWait))\n\t\t\tif err := cl.conn.WriteMessage(websocket.BinaryMessage, b); err != nil {\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\t}\n}\n\n// clientReader reads input from a WebSocket client and sends to PTY\nfunc (s *PTYSession) clientReader(cl *wsClient) {\n\tconn := cl.conn\n\tconn.SetReadLimit(readLimit)\n\n\tfor {\n\t\t_, data, err := conn.ReadMessage()\n\t\tif err != nil {\n\t\t\tif !websocket.IsCloseError(err, websocket.CloseNormalClosure, websocket.CloseGoingAway) {\n\t\t\t\ts.logger.Debug(\"ws read error\", \"error\", err)\n\t\t\t}\n\t\t\treturn\n\t\t}\n\t\t// Send all message data to PTY (text or binary)\n\t\tif err := s.sendToPTY(data); err != nil {\n\t\t\t// Send error to client and close connection\n\t\t\t_ = conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(\n\t\t\t\twebsocket.CloseInternalServerErr, \"PTY session unavailable\",\n\t\t\t))\n\t\t\treturn\n\t\t}\n\t}\n}\n\n// broadcast sends data to all connected WebSocket clients\nfunc (s *PTYSession) broadcast(b []byte) {\n\t// send to each client; drop slow clients to avoid stalling the PTY\n\ts.clientsMu.RLock()\n\tfor id, cl := range s.clients.Items() {\n\t\tselect {\n\t\tcase cl.send <- b:\n\t\tcase <-cl.done:\n\t\t\t// client is shutting down, skip\n\t\tdefault:\n\t\t\t// client's outbound queue is full -> drop the client\n\t\t\tgo func(id string, cl *wsClient) {\n\t\t\t\t_ = cl.conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(\n\t\t\t\t\twebsocket.ClosePolicyViolation, \"slow consumer\",\n\t\t\t\t))\n\t\t\t\tcl.close()\n\t\t\t}(id, cl)\n\t\t}\n\t}\n\ts.clientsMu.RUnlock()\n}\n\n// closeClientsWithExitCode closes all WebSocket connections with structured exit data\nfunc (s *PTYSession) closeClientsWithExitCode(exitCode int, exitReason string) {\n\tvar wsCloseCode int\n\tvar exitReasonStr *string\n\n\t// Map PTY exit codes to WebSocket close codes\n\tif exitCode == 0 {\n\t\twsCloseCode = websocket.CloseNormalClosure\n\t\texitReasonStr = nil // undefined for clean exit\n\t} else {\n\t\twsCloseCode = websocket.CloseInternalServerErr\n\t\t// Set human-readable reason for non-zero exits\n\t\tswitch {\n\t\tcase exitCode == 130:\n\t\t\treason := \"Ctrl+C\"\n\t\t\texitReasonStr = &reason\n\t\tcase exitCode == 137:\n\t\t\treason := \"SIGKILL\"\n\t\t\texitReasonStr = &reason\n\t\tcase exitCode == 143:\n\t\t\treason := \"SIGTERM\"\n\t\t\texitReasonStr = &reason\n\t\tcase exitCode > 128:\n\t\t\tsigNum := exitCode - 128\n\t\t\treason := fmt.Sprintf(\"signal %d\", sigNum)\n\t\t\texitReasonStr = &reason\n\t\tdefault:\n\t\t\treason := \"non-zero exit\"\n\t\t\texitReasonStr = &reason\n\t\t}\n\t}\n\n\t// Create structured close data as JSON\n\ttype CloseData struct {\n\t\tExitCode int `json:\"exitCode\"`\n\t\tExitReason *string `json:\"exitReason,omitempty\"`\n\t}\n\n\tcloseData := CloseData{\n\t\tExitCode: exitCode,\n\t\tExitReason: exitReasonStr,\n\t}\n\n\tcloseJSON, _ := json.Marshal(closeData)\n\n\ts.clientsMu.Lock()\n\tfor id, cl := range s.clients.Items() {\n\t\t_ = cl.conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(\n\t\t\twsCloseCode, string(closeJSON),\n\t\t))\n\t\tcl.close()\n\t\ts.clients.Remove(id)\n\t}\n\ts.clientsMu.Unlock()\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/pty/ws_client.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage pty\n\nfunc (cl *wsClient) close() {\n\tcl.closeOnce.Do(func() {\n\t\tclose(cl.done)\n\t\t_ = cl.conn.Close()\n\t})\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/session/controller.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"log/slog\"\n\n\t\"github.com/daytonaio/daemon/pkg/session\"\n)\n\ntype SessionController struct {\n\tlogger *slog.Logger\n\tconfigDir string\n\tsessionService *session.SessionService\n}\n\nfunc NewSessionController(logger *slog.Logger, configDir string, sessionService *session.SessionService) *SessionController {\n\treturn &SessionController{\n\t\tlogger: logger.With(slog.String(\"component\", \"session_controller\")),\n\t\tconfigDir: configDir,\n\t\tsessionService: sessionService,\n\t}\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/session/execute.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"strings\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n\t\"github.com/daytonaio/daemon/internal/util\"\n\t\"github.com/daytonaio/daemon/pkg/session\"\n\t\"github.com/gin-gonic/gin\"\n)\n\n// SessionExecuteCommand godoc\n//\n//\t@Summary\t\tExecute command in session\n//\t@Description\tExecute a command within an existing shell session\n//\t@Tags\t\t\tprocess\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\tsessionId\tpath\t\tstring\t\t\t\t\ttrue\t\"Session ID\"\n//\t@Param\t\t\trequest\t\tbody\t\tSessionExecuteRequest\ttrue\t\"Command execution request\"\n//\t@Success\t\t200\t\t\t{object}\tSessionExecuteResponse\n//\t@Success\t\t202\t\t\t{object}\tSessionExecuteResponse\n//\t@Router\t\t\t/process/session/{sessionId}/exec [post]\n//\n//\t@id\t\t\t\tSessionExecuteCommand\nfunc (s *SessionController) SessionExecuteCommand(c *gin.Context) {\n\tsessionId := c.Param(\"sessionId\")\n\n\tif sessionId == util.EntrypointSessionID {\n\t\tc.Error(common_errors.NewBadRequestError(errors.New(\"can't execute command in entrypoint session\")))\n\t\treturn\n\t}\n\n\tvar request SessionExecuteRequest\n\tif err := c.ShouldBindJSON(&request); err != nil {\n\t\tc.AbortWithError(http.StatusBadRequest, fmt.Errorf(\"invalid request body: %w\", err))\n\t\treturn\n\t}\n\n\t// Validate command is not empty (if not already handled by binding)\n\tif strings.TrimSpace(request.Command) == \"\" {\n\t\tc.AbortWithError(http.StatusBadRequest, errors.New(\"command cannot be empty\"))\n\t\treturn\n\t}\n\n\t// Handle backward compatibility for \"async\" field\n\tif request.Async {\n\t\trequest.RunAsync = true\n\t}\n\n\tsdkVersion := util.ExtractSdkVersionFromHeader(c.Request.Header)\n\tversionComparison, err := util.CompareVersions(sdkVersion, \"0.27.0-0\")\n\tif err != nil {\n\t\ts.logger.ErrorContext(c.Request.Context(), \"failed to compare versions\", \"error\", err)\n\t\tversionComparison = util.Pointer(1)\n\t}\n\n\tisCombinedOutput := session.IsCombinedOutput(sdkVersion, versionComparison, c.Request.Header)\n\n\texecuteResult, err := s.sessionService.Execute(sessionId, util.EmptyCommandID, request.Command, request.RunAsync, isCombinedOutput, request.SuppressInputEcho)\n\tif err != nil {\n\t\tc.Error(fmt.Errorf(\"failed to execute command: %w\", err))\n\t\treturn\n\t}\n\n\tif request.RunAsync {\n\t\tc.JSON(http.StatusAccepted, &SessionExecuteResponse{\n\t\t\tCommandId: executeResult.CommandId,\n\t\t})\n\t\treturn\n\t}\n\n\tc.JSON(http.StatusOK, &SessionExecuteResponse{\n\t\tCommandId: executeResult.CommandId,\n\t\tOutput: executeResult.Output,\n\t\tStdout: executeResult.Stdout,\n\t\tStderr: executeResult.Stderr,\n\t\tExitCode: executeResult.ExitCode,\n\t})\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/session/input.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\n\t\"github.com/gin-gonic/gin\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n\t\"github.com/daytonaio/daemon/internal/util\"\n)\n\n// SendInput godoc\n//\n//\t@Summary\t\tSend input to command\n//\t@Description\tSend input data to a running command in a session for interactive execution\n//\t@Tags\t\t\tprocess\n//\t@Accept\t\t\tjson\n//\t@Param\t\t\tsessionId\tpath\tstring\t\t\t\t\ttrue\t\"Session ID\"\n//\t@Param\t\t\tcommandId\tpath\tstring\t\t\t\t\ttrue\t\"Command ID\"\n//\t@Param\t\t\trequest\t\tbody\tSessionSendInputRequest\ttrue\t\"Input send request\"\n//\t@Success\t\t204\n//\t@Router\t\t\t/process/session/{sessionId}/command/{commandId}/input [post]\n//\n//\t@id\t\t\t\tSendInput\nfunc (s *SessionController) SendInput(c *gin.Context) {\n\tsessionId := c.Param(\"sessionId\")\n\tcommandId := c.Param(\"commandId\")\n\n\tif sessionId == util.EntrypointSessionID {\n\t\tc.Error(common_errors.NewBadRequestError(errors.New(\"can't send input to entrypoint session\")))\n\t\treturn\n\t}\n\n\tvar request SessionSendInputRequest\n\tif err := c.ShouldBindJSON(&request); err != nil {\n\t\tc.Error(common_errors.NewInvalidBodyRequestError(err))\n\t\treturn\n\t}\n\n\terr := s.sessionService.SendInput(sessionId, commandId, request.Data)\n\tif err != nil {\n\t\tc.Error(err)\n\t\treturn\n\t}\n\n\tc.Status(http.StatusNoContent)\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/session/log.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"net/http\"\n\n\t\"github.com/daytonaio/daemon/internal/util\"\n\t\"github.com/daytonaio/daemon/pkg/session\"\n\t\"github.com/gin-gonic/gin\"\n)\n\n// GetSessionCommandLogs godoc\n//\n//\t@Summary\t\tGet session command logs\n//\t@Description\tGet logs for a specific command within a session. Supports both HTTP and WebSocket streaming.\n//\t@Tags\t\t\tprocess\n//\t@Produce\t\ttext/plain\n//\t@Param\t\t\tsessionId\tpath\t\tstring\ttrue\t\"Session ID\"\n//\t@Param\t\t\tcommandId\tpath\t\tstring\ttrue\t\"Command ID\"\n//\t@Param\t\t\tfollow\t\tquery\t\tboolean\tfalse\t\"Follow logs in real-time (WebSocket only)\"\n//\t@Success\t\t200\t\t\t{string}\tstring\t\"Log content\"\n//\t@Router\t\t\t/process/session/{sessionId}/command/{commandId}/logs [get]\n//\n//\t@id\t\t\t\tGetSessionCommandLogs\nfunc (s *SessionController) GetSessionCommandLogs(c *gin.Context) {\n\tsessionId := c.Param(\"sessionId\")\n\tcmdId := c.Param(\"commandId\")\n\n\tsdkVersion := util.ExtractSdkVersionFromHeader(c.Request.Header)\n\tversionComparison, err := util.CompareVersions(sdkVersion, \"0.27.0-0\")\n\tif err != nil {\n\t\ts.logger.DebugContext(c.Request.Context(), \"failed to compare versions\", \"error\", err)\n\t\tversionComparison = util.Pointer(1)\n\t}\n\n\topts := session.FetchLogsOptions{\n\t\tIsCombinedOutput: session.IsCombinedOutput(sdkVersion, versionComparison, c.Request.Header),\n\t\tIsWebsocketUpgrade: c.Request.Header.Get(\"Upgrade\") == \"websocket\",\n\t\tFollow: c.Query(\"follow\") == \"true\",\n\t}\n\n\tlogBytes, err := s.sessionService.GetSessionCommandLogs(sessionId, cmdId, c.Request, c.Writer, opts)\n\tif err != nil {\n\t\tc.Error(err)\n\t\treturn\n\t}\n\n\tif logBytes == nil {\n\t\treturn\n\t}\n\n\tc.String(http.StatusOK, string(logBytes))\n}\n\n// GetEntrypointLogs godoc\n//\n//\t@Summary\t\tGet entrypoint logs\n//\t@Description\tGet logs for a sandbox entrypoint session. Supports both HTTP and WebSocket streaming.\n//\t@Tags\t\t\tprocess\n//\t@Produce\t\ttext/plain\n//\t@Param\t\t\tfollow\tquery\t\tboolean\tfalse\t\"Follow logs in real-time (WebSocket only)\"\n//\t@Success\t\t200\t\t{string}\tstring\t\"Entrypoint log content\"\n//\t@Router\t\t\t/process/session/entrypoint/logs [get]\n//\n//\t@id\t\t\t\tGetEntrypointLogs\nfunc (s *SessionController) GetEntrypointLogs(c *gin.Context) {\n\topts := session.FetchLogsOptions{\n\t\tIsCombinedOutput: false,\n\t\tIsWebsocketUpgrade: c.Request.Header.Get(\"Upgrade\") == \"websocket\",\n\t\tFollow: c.Query(\"follow\") == \"true\",\n\t}\n\n\tlogBytes, err := s.sessionService.GetSessionCommandLogs(util.EntrypointSessionID, util.EntrypointCommandID, c.Request, c.Writer, opts)\n\tif err != nil {\n\t\tc.Error(err)\n\t\treturn\n\t}\n\n\tif logBytes == nil {\n\t\treturn\n\t}\n\n\tc.String(http.StatusOK, string(logBytes))\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/session/session.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport (\n\t\"errors\"\n\t\"net/http\"\n\n\t\"github.com/gin-gonic/gin\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n\t\"github.com/daytonaio/daemon/internal/util\"\n)\n\n// CreateSession godoc\n//\n//\t@Summary\t\tCreate a new session\n//\t@Description\tCreate a new shell session for command execution\n//\t@Tags\t\t\tprocess\n//\t@Accept\t\t\tjson\n//\t@Produce\t\tjson\n//\t@Param\t\t\trequest\tbody\tCreateSessionRequest\ttrue\t\"Session creation request\"\n//\t@Success\t\t201\n//\t@Router\t\t\t/process/session [post]\n//\n//\t@id\t\t\t\tCreateSession\nfunc (s *SessionController) CreateSession(c *gin.Context) {\n\tvar request CreateSessionRequest\n\tif err := c.ShouldBindJSON(&request); err != nil {\n\t\tc.Error(common_errors.NewInvalidBodyRequestError(err))\n\t\treturn\n\t}\n\n\tif request.SessionId == util.EntrypointSessionID {\n\t\tc.Error(common_errors.NewBadRequestError(errors.New(\"provided session ID is reserved and cannot be created/overridden\")))\n\t\treturn\n\t}\n\n\t// for backward compatibility (only sdk clients before 0.103.X), we use the home directory as the default directory\n\tsdkVersion := util.ExtractSdkVersionFromHeader(c.Request.Header)\n\tversionComparison, err := util.CompareVersions(sdkVersion, \"0.103.0-0\")\n\tif err != nil {\n\t\ts.logger.ErrorContext(c.Request.Context(), \"failed to compare versions\", \"error\", err)\n\t\tversionComparison = util.Pointer(1)\n\t}\n\n\tisLegacy := versionComparison != nil && *versionComparison < 0 && sdkVersion != \"0.0.0-dev\"\n\n\terr = s.sessionService.Create(request.SessionId, isLegacy)\n\tif err != nil {\n\t\tc.Error(err)\n\t\treturn\n\t}\n\n\tc.Status(http.StatusCreated)\n}\n\n// DeleteSession godoc\n//\n//\t@Summary\t\tDelete a session\n//\t@Description\tDelete an existing shell session\n//\t@Tags\t\t\tprocess\n//\t@Param\t\t\tsessionId\tpath\tstring\ttrue\t\"Session ID\"\n//\t@Success\t\t204\n//\t@Router\t\t\t/process/session/{sessionId} [delete]\n//\n//\t@id\t\t\t\tDeleteSession\nfunc (s *SessionController) DeleteSession(c *gin.Context) {\n\tsessionId := c.Param(\"sessionId\")\n\n\tif sessionId == util.EntrypointSessionID {\n\t\tc.Error(common_errors.NewBadRequestError(errors.New(\"can't delete entrypoint session\")))\n\t\treturn\n\t}\n\n\terr := s.sessionService.Delete(c.Request.Context(), sessionId)\n\tif err != nil {\n\t\tc.Error(err)\n\t\treturn\n\t}\n\n\tc.Status(http.StatusNoContent)\n}\n\n// ListSessions godoc\n//\n//\t@Summary\t\tList all sessions\n//\t@Description\tGet a list of all active shell sessions\n//\t@Tags\t\t\tprocess\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{array}\tSessionDTO\n//\t@Router\t\t\t/process/session [get]\n//\n//\t@id\t\t\t\tListSessions\nfunc (s *SessionController) ListSessions(c *gin.Context) {\n\tsessions, err := s.sessionService.List()\n\tif err != nil {\n\t\tc.Error(err)\n\t\treturn\n\t}\n\n\tsessionDTOs := make([]SessionDTO, 0, len(sessions))\n\tfor _, session := range sessions {\n\t\tsessionDTOs = append(sessionDTOs, *SessionToDTO(&session))\n\t}\n\n\tc.JSON(http.StatusOK, sessionDTOs)\n}\n\n// GetSession godoc\n//\n//\t@Summary\t\tGet session details\n//\t@Description\tGet details of a specific session including its commands\n//\t@Tags\t\t\tprocess\n//\t@Produce\t\tjson\n//\t@Param\t\t\tsessionId\tpath\t\tstring\ttrue\t\"Session ID\"\n//\t@Success\t\t200\t\t\t{object}\tSessionDTO\n//\t@Router\t\t\t/process/session/{sessionId} [get]\n//\n//\t@id\t\t\t\tGetSession\nfunc (s *SessionController) GetSession(c *gin.Context) {\n\tsessionId := c.Param(\"sessionId\")\n\n\tsession, err := s.sessionService.Get(sessionId)\n\tif err != nil {\n\t\tc.Error(err)\n\t\treturn\n\t}\n\n\tc.JSON(http.StatusOK, SessionToDTO(session))\n}\n\n// GetSessionCommand godoc\n//\n//\t@Summary\t\tGet session command details\n//\t@Description\tGet details of a specific command within a session\n//\t@Tags\t\t\tprocess\n//\t@Produce\t\tjson\n//\t@Param\t\t\tsessionId\tpath\t\tstring\ttrue\t\"Session ID\"\n//\t@Param\t\t\tcommandId\tpath\t\tstring\ttrue\t\"Command ID\"\n//\t@Success\t\t200\t\t\t{object}\tCommandDTO\n//\t@Router\t\t\t/process/session/{sessionId}/command/{commandId} [get]\n//\n//\t@id\t\t\t\tGetSessionCommand\nfunc (s *SessionController) GetSessionCommand(c *gin.Context) {\n\tsessionId := c.Param(\"sessionId\")\n\tcmdId := c.Param(\"commandId\")\n\n\tcommand, err := s.sessionService.GetSessionCommand(sessionId, cmdId)\n\tif err != nil {\n\t\tc.Error(err)\n\t\treturn\n\t}\n\n\tc.JSON(http.StatusOK, CommandToDTO(command))\n}\n\n// GetEntrypointSession godoc\n//\n//\t@Summary\t\tGet entrypoint session details\n//\t@Description\tGet details of an entrypoint session including its commands\n//\t@Tags\t\t\tprocess\n//\t@Produce\t\tjson\n//\t@Success\t\t200\t{object}\tSessionDTO\n//\t@Router\t\t\t/process/session/entrypoint [get]\n//\n//\t@id\t\t\t\tGetEntrypointSession\nfunc (s *SessionController) GetEntrypointSession(c *gin.Context) {\n\tsession, err := s.sessionService.Get(util.EntrypointSessionID)\n\tif err != nil {\n\t\tc.Error(err)\n\t\treturn\n\t}\n\n\tc.JSON(http.StatusOK, SessionToDTO(session))\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/session/types.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage session\n\nimport \"github.com/daytonaio/daemon/pkg/session\"\n\ntype CreateSessionRequest struct {\n\tSessionId string `json:\"sessionId\" validate:\"required\"`\n} // @name CreateSessionRequest\n\ntype SessionExecuteRequest struct {\n\tCommand string `json:\"command\" validate:\"required\"`\n\tRunAsync bool `json:\"runAsync\" validate:\"optional\"`\n\tAsync bool `json:\"async\" validate:\"optional\"`\n\tSuppressInputEcho bool `json:\"suppressInputEcho\" validate:\"optional\"`\n} // @name SessionExecuteRequest\n\ntype SessionSendInputRequest struct {\n\tData string `json:\"data\" validate:\"required\"`\n} // @name SessionSendInputRequest\n\ntype SessionExecuteResponse struct {\n\tCommandId string `json:\"cmdId\" validate:\"required\"`\n\tOutput *string `json:\"output\" validate:\"optional\"`\n\tStdout *string `json:\"stdout\" validate:\"optional\"`\n\tStderr *string `json:\"stderr\" validate:\"optional\"`\n\tExitCode *int `json:\"exitCode\" validate:\"optional\"`\n} // @name SessionExecuteResponse\n\ntype SessionCommandLogsResponse struct {\n\tStdout string `json:\"stdout\" validate:\"required\"`\n\tStderr string `json:\"stderr\" validate:\"required\"`\n} // @name SessionCommandLogsResponse\n\ntype CommandDTO struct {\n\tId string `json:\"id\" validate:\"required\"`\n\tCommand string `json:\"command\" validate:\"required\"`\n\tExitCode *int `json:\"exitCode,omitempty\" validate:\"optional\"`\n} // @name Command\n\ntype SessionDTO struct {\n\tSessionId string `json:\"sessionId\" validate:\"required\"`\n\tCommands []*CommandDTO `json:\"commands\" validate:\"required\"`\n} // @name Session\n\nfunc CommandToDTO(c *session.Command) *CommandDTO {\n\treturn &CommandDTO{\n\t\tId: c.Id,\n\t\tCommand: c.Command,\n\t\tExitCode: c.ExitCode,\n\t}\n}\n\nfunc SessionToDTO(s *session.Session) *SessionDTO {\n\tcommands := make([]*CommandDTO, 0, len(s.Commands))\n\tfor _, cmd := range s.Commands {\n\t\tcommands = append(commands, CommandToDTO(cmd))\n\t}\n\n\treturn &SessionDTO{\n\t\tSessionId: s.SessionId,\n\t\tCommands: commands,\n\t}\n}\n" }, { "path": "apps/daemon/pkg/toolbox/process/types.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage process\n\ntype ExecuteRequest struct {\n\tCommand string `json:\"command\" validate:\"required\"`\n\t// Timeout in seconds, defaults to 10 seconds\n\tTimeout *uint32 `json:\"timeout,omitempty\" validate:\"optional\"`\n\t// Current working directory\n\tCwd *string `json:\"cwd,omitempty\" validate:\"optional\"`\n} // @name ExecuteRequest\n\n// TODO: Set ExitCode as required once all sandboxes migrated to the new daemon\ntype ExecuteResponse struct {\n\tExitCode int `json:\"exitCode\"`\n\tResult string `json:\"result\" validate:\"required\"`\n} // @name ExecuteResponse\n" }, { "path": "apps/daemon/pkg/toolbox/proxy/proxy.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage proxy\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"net/url\"\n\t\"strings\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n\t\"github.com/gin-gonic/gin\"\n)\n\nfunc GetProxyTarget(ctx *gin.Context) (*url.URL, map[string]string, error) {\n\ttargetPort := ctx.Param(\"port\")\n\tif targetPort == \"\" {\n\t\tctx.Error(common_errors.NewBadRequestError(errors.New(\"target port is required\")))\n\t\treturn nil, nil, errors.New(\"target port is required\")\n\t}\n\n\t// Build the target URL\n\ttargetURL := fmt.Sprintf(\"http://localhost:%s\", targetPort)\n\n\t// Get the wildcard path and normalize it\n\tpath := ctx.Param(\"path\")\n\n\t// Ensure path always has a leading slash but not duplicate slashes\n\tif path == \"\" {\n\t\tpath = \"/\"\n\t} else if !strings.HasPrefix(path, \"/\") {\n\t\tpath = \"/\" + path\n\t}\n\n\t// Create the complete target URL with path\n\ttarget, err := url.Parse(fmt.Sprintf(\"%s%s\", targetURL, path))\n\tif err != nil {\n\t\tctx.Error(common_errors.NewBadRequestError(fmt.Errorf(\"failed to parse target URL: %w\", err)))\n\t\treturn nil, nil, fmt.Errorf(\"failed to parse target URL: %w\", err)\n\t}\n\n\treturn target, nil, nil\n}\n" }, { "path": "apps/daemon/pkg/toolbox/server.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\n//\t@title\t\t\tDaytona Toolbox API\n//\t@version\t\tv0.0.0-dev\n//\t@description\tDaytona Toolbox API\n\npackage toolbox\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net\"\n\t\"net/http\"\n\t\"os\"\n\t\"path\"\n\t\"time\"\n\n\tcommon_errors \"github.com/daytonaio/common-go/pkg/errors\"\n\tcommon_proxy \"github.com/daytonaio/common-go/pkg/proxy\"\n\t\"github.com/daytonaio/common-go/pkg/telemetry\"\n\t\"github.com/daytonaio/daemon/internal\"\n\t\"github.com/daytonaio/daemon/pkg/recording\"\n\tsession_svc \"github.com/daytonaio/daemon/pkg/session\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox/computeruse\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox/computeruse/manager\"\n\trecordingcontroller \"github.com/daytonaio/daemon/pkg/toolbox/computeruse/recording\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox/config\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox/fs\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox/git\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox/lsp\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox/port\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox/process\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox/process/interpreter\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox/process/pty\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox/process/session\"\n\t\"github.com/daytonaio/daemon/pkg/toolbox/proxy\"\n\tsloggin \"github.com/samber/slog-gin\"\n\t\"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin\"\n\totellog \"go.opentelemetry.io/otel/sdk/log\"\n\t\"go.opentelemetry.io/otel/sdk/metric\"\n\tsdktrace \"go.opentelemetry.io/otel/sdk/trace\"\n\n\t\"github.com/daytonaio/daemon/pkg/toolbox/docs\"\n\t\"github.com/gin-gonic/gin\"\n\t\"github.com/gin-gonic/gin/binding\"\n\tswaggerfiles \"github.com/swaggo/files\"\n\tginSwagger \"github.com/swaggo/gin-swagger\"\n)\n\ntype ServerConfig struct {\n\tLogger *slog.Logger\n\tWorkDir string\n\tConfigDir string\n\tComputerUse computeruse.IComputerUse\n\tSandboxId string\n\tOtelEndpoint *string\n\tSessionService *session_svc.SessionService\n\tRecordingService *recording.RecordingService\n\tOrganizationId *string\n\tRegionId *string\n\tEntrypointLogFilePath string\n}\n\nfunc NewServer(config ServerConfig) *server {\n\treturn &server{\n\t\tlogger: config.Logger.With(slog.String(\"component\", \"toolbox_server\")),\n\t\tWorkDir: config.WorkDir,\n\t\tSandboxId: config.SandboxId,\n\t\totelEndpoint: config.OtelEndpoint,\n\t\ttelemetry: Telemetry{},\n\t\tsessionService: config.SessionService,\n\t\tconfigDir: config.ConfigDir,\n\t\trecordingService: config.RecordingService,\n\t\torganizationId: config.OrganizationId,\n\t\tregionId: config.RegionId,\n\t\tentrypointLogFilePath: config.EntrypointLogFilePath,\n\t}\n}\n\ntype server struct {\n\tWorkDir string\n\tComputerUse computeruse.IComputerUse\n\tSandboxId string\n\tlogger *slog.Logger\n\totelEndpoint *string\n\tauthToken string\n\ttelemetry Telemetry\n\tsessionService *session_svc.SessionService\n\tconfigDir string\n\trecordingService *recording.RecordingService\n\tentrypointLogFilePath string\n\tentrypointLogCancel context.CancelFunc\n\thttpServer *http.Server\n\torganizationId *string\n\tregionId *string\n\tctx context.Context\n\tcancel context.CancelFunc\n}\n\ntype Telemetry struct {\n\tTracerProvider *sdktrace.TracerProvider\n\tMeterProvider *metric.MeterProvider\n\tLoggerProvider *otellog.LoggerProvider\n}\n\nfunc (s *server) Start() error {\n\ts.ctx, s.cancel = context.WithCancel(context.Background())\n\tdefer s.cancel()\n\n\tdocs.SwaggerInfo.Description = \"Daytona Toolbox API\"\n\tdocs.SwaggerInfo.Title = \"Daytona Toolbox API\"\n\tdocs.SwaggerInfo.BasePath = \"/\"\n\tdocs.SwaggerInfo.Version = internal.Version\n\n\t// Set Gin to release mode in production\n\tif os.Getenv(\"ENVIRONMENT\") == \"production\" {\n\t\tgin.SetMode(gin.ReleaseMode)\n\t}\n\n\totelServiceName := fmt.Sprintf(\"sandbox-%s\", s.SandboxId)\n\n\tr := gin.New()\n\tr.Use(common_errors.Recovery())\n\tnoTelemetryRouter := r.Group(\"/\")\n\tr.Use(func(ctx *gin.Context) {\n\t\tif s.telemetry.TracerProvider == nil {\n\t\t\tctx.Next()\n\t\t\treturn\n\t\t}\n\n\t\totelgin.Middleware(otelServiceName, otelgin.WithTracerProvider(s.telemetry.TracerProvider))(ctx)\n\t\tctx.Next()\n\t})\n\tr.Use(sloggin.New(s.logger))\n\terrMiddleware := common_errors.NewErrorMiddleware(func(ctx *gin.Context, err error) common_errors.ErrorResponse {\n\t\treturn common_errors.ErrorResponse{\n\t\t\tStatusCode: http.StatusInternalServerError,\n\t\t\tMessage: err.Error(),\n\t\t}\n\t})\n\n\tnoTelemetryRouter.Use(sloggin.New(s.logger))\n\tr.Use(errMiddleware)\n\tnoTelemetryRouter.Use(errMiddleware)\n\tbinding.Validator = new(DefaultValidator)\n\n\t// Add swagger UI in development mode\n\tif os.Getenv(\"ENVIRONMENT\") != \"production\" {\n\t\tr.GET(\"/swagger/*any\", ginSwagger.WrapHandler(swaggerfiles.Handler))\n\t}\n\n\tr.POST(\"/init\", s.Initialize(otelServiceName, s.entrypointLogFilePath, s.organizationId, s.regionId))\n\n\tr.GET(\"/version\", s.GetVersion)\n\n\t// keep /project-dir old behavior for backward compatibility\n\tr.GET(\"/project-dir\", s.GetUserHomeDir)\n\tr.GET(\"/user-home-dir\", s.GetUserHomeDir)\n\tr.GET(\"/work-dir\", s.GetWorkDir)\n\n\tfsController := r.Group(\"/files\")\n\t{\n\t\t// read operations\n\t\tfsController.GET(\"/\", fs.ListFiles)\n\t\tfsController.GET(\"/download\", fs.DownloadFile)\n\t\tfsController.POST(\"/bulk-download\", fs.DownloadFiles)\n\t\tfsController.GET(\"/find\", fs.FindInFiles)\n\t\tfsController.GET(\"/info\", fs.GetFileInfo)\n\t\tfsController.GET(\"/search\", fs.SearchFiles)\n\n\t\t// create/modify operations\n\t\tfsController.POST(\"/folder\", fs.CreateFolder)\n\t\tfsController.POST(\"/move\", fs.MoveFile)\n\t\tfsController.POST(\"/permissions\", fs.SetFilePermissions)\n\t\tfsController.POST(\"/replace\", fs.ReplaceInFiles)\n\t\tfsController.POST(\"/upload\", fs.UploadFile)\n\t\tfsController.POST(\"/bulk-upload\", fs.UploadFiles)\n\n\t\t// delete operations\n\t\tfsController.DELETE(\"/\", fs.DeleteFile)\n\t}\n\n\tprocessLogger := s.logger.With(slog.String(\"component\", \"process_controller\"))\n\tprocessController := r.Group(\"/process\")\n\t{\n\t\tprocessController.POST(\"/execute\", process.ExecuteCommand(processLogger))\n\n\t\tsessionController := session.NewSessionController(s.logger, s.configDir, s.sessionService)\n\t\tsessionGroup := processController.Group(\"/session\")\n\t\t{\n\t\t\tsessionGroup.GET(\"\", sessionController.ListSessions)\n\t\t\tsessionGroup.POST(\"\", sessionController.CreateSession)\n\t\t\tsessionGroup.GET(\"/entrypoint\", sessionController.GetEntrypointSession)\n\t\t\tsessionGroup.GET(\"/entrypoint/logs\", sessionController.GetEntrypointLogs)\n\t\t\tsessionGroup.POST(\"/:sessionId/exec\", sessionController.SessionExecuteCommand)\n\t\t\tsessionGroup.GET(\"/:sessionId\", sessionController.GetSession)\n\t\t\tsessionGroup.DELETE(\"/:sessionId\", sessionController.DeleteSession)\n\t\t\tsessionGroup.GET(\"/:sessionId/command/:commandId\", sessionController.GetSessionCommand)\n\t\t\tsessionGroup.POST(\"/:sessionId/command/:commandId/input\", sessionController.SendInput)\n\t\t\tsessionGroup.GET(\"/:sessionId/command/:commandId/logs\", sessionController.GetSessionCommandLogs)\n\t\t}\n\n\t\t// PTY endpoints\n\t\tptyController := pty.NewPTYController(s.logger, s.WorkDir)\n\t\tptyGroup := processController.Group(\"/pty\")\n\t\t{\n\t\t\tptyGroup.GET(\"\", ptyController.ListPTYSessions)\n\t\t\tptyGroup.POST(\"\", ptyController.CreatePTYSession)\n\t\t\tptyGroup.GET(\"/:sessionId\", ptyController.GetPTYSession)\n\t\t\tptyGroup.DELETE(\"/:sessionId\", ptyController.DeletePTYSession)\n\t\t\tptyGroup.GET(\"/:sessionId/connect\", ptyController.ConnectPTYSession)\n\t\t\tptyGroup.POST(\"/:sessionId/resize\", ptyController.ResizePTYSession)\n\t\t}\n\n\t\t// Interpreter endpoints\n\t\tinterpreterController := interpreter.NewInterpreterController(s.logger, s.WorkDir)\n\t\tinterpreterGroup := processController.Group(\"/interpreter\")\n\t\t{\n\t\t\tinterpreterGroup.POST(\"/context\", interpreterController.CreateContext)\n\t\t\tinterpreterGroup.GET(\"/context\", interpreterController.ListContexts)\n\t\t\tinterpreterGroup.DELETE(\"/context/:id\", interpreterController.DeleteContext)\n\t\t\tinterpreterGroup.GET(\"/execute\", interpreterController.Execute)\n\t\t}\n\t}\n\n\tgitController := r.Group(\"/git\")\n\t{\n\t\tgitController.GET(\"/branches\", git.ListBranches)\n\t\tgitController.GET(\"/history\", git.GetCommitHistory)\n\t\tgitController.GET(\"/status\", git.GetStatus)\n\n\t\tgitController.POST(\"/add\", git.AddFiles)\n\t\tgitController.POST(\"/branches\", git.CreateBranch)\n\t\tgitController.POST(\"/checkout\", git.CheckoutBranch)\n\t\tgitController.DELETE(\"/branches\", git.DeleteBranch)\n\t\tgitController.POST(\"/clone\", git.CloneRepository)\n\t\tgitController.POST(\"/commit\", git.CommitChanges)\n\t\tgitController.POST(\"/pull\", git.PullChanges)\n\t\tgitController.POST(\"/push\", git.PushChanges)\n\t}\n\n\tlspLogger := s.logger.With(slog.String(\"component\", \"lsp_service\"))\n\tlspController := r.Group(\"/lsp\")\n\t{\n\t\t//\tserver process\n\t\tlspController.POST(\"/start\", lsp.Start(lspLogger))\n\t\tlspController.POST(\"/stop\", lsp.Stop(lspLogger))\n\n\t\t//\tlsp operations\n\t\tlspController.POST(\"/completions\", lsp.Completions(lspLogger))\n\t\tlspController.POST(\"/did-open\", lsp.DidOpen(lspLogger))\n\t\tlspController.POST(\"/did-close\", lsp.DidClose(lspLogger))\n\n\t\tlspController.GET(\"/document-symbols\", lsp.DocumentSymbols(lspLogger))\n\t\tlspController.GET(\"/workspacesymbols\", lsp.WorkspaceSymbols(lspLogger))\n\t}\n\n\tlazyCU := computeruse.NewLazyComputerUse()\n\ts.ComputerUse = lazyCU\n\n\tgo func() {\n\t\t// Initialize plugin-based computer use lazily in a background goroutine\n\t\tpluginPath := \"/usr/local/lib/daytona-computer-use\"\n\t\t// Fallback to local config directory for development\n\t\tif _, err := os.Stat(pluginPath); os.IsNotExist(err) {\n\t\t\tpluginPath = path.Join(s.configDir, \"daytona-computer-use\")\n\t\t}\n\n\t\timpl, err := manager.GetComputerUse(s.logger, pluginPath)\n\t\tif err != nil {\n\t\t\ts.logger.Error(\"Computer-Use error\", \"error\", err)\n\t\t\ts.logger.Info(\"Continuing without computer-use functionality...\")\n\t\t\treturn\n\t\t}\n\t\tlazyCU.Set(impl)\n\t\ts.logger.Info(\"Computer-use plugin loaded successfully\")\n\t}()\n\n\t// Register computer-use endpoints with lazy check middleware\n\tcomputerUseController := r.Group(\"/computeruse\")\n\t{\n\t\tcomputerUseHandler := computeruse.Handler{\n\t\t\tComputerUse: lazyCU,\n\t\t}\n\n\t\tcuRoutes := computerUseController.Group(\"/\", computeruse.LazyCheckMiddleware(lazyCU))\n\n\t\t// Computer use status endpoint\n\t\tcuRoutes.GET(\"/status\", computeruse.WrapStatusHandler(lazyCU.GetStatus))\n\n\t\t// Computer use management endpoints\n\t\tcuRoutes.POST(\"/start\", computerUseHandler.StartComputerUse)\n\t\tcuRoutes.POST(\"/stop\", computerUseHandler.StopComputerUse)\n\t\tcuRoutes.GET(\"/process-status\", computerUseHandler.GetComputerUseStatus)\n\t\tcuRoutes.GET(\"/process/:processName/status\", computerUseHandler.GetProcessStatus)\n\t\tcuRoutes.POST(\"/process/:processName/restart\", computerUseHandler.RestartProcess)\n\t\tcuRoutes.GET(\"/process/:processName/logs\", computerUseHandler.GetProcessLogs)\n\t\tcuRoutes.GET(\"/process/:processName/errors\", computerUseHandler.GetProcessErrors)\n\n\t\t// Screenshot endpoints\n\t\tcuRoutes.GET(\"/screenshot\", computeruse.WrapScreenshotHandler(lazyCU.TakeScreenshot))\n\t\tcuRoutes.GET(\"/screenshot/region\", computeruse.WrapRegionScreenshotHandler(lazyCU.TakeRegionScreenshot))\n\t\tcuRoutes.GET(\"/screenshot/compressed\", computeruse.WrapCompressedScreenshotHandler(lazyCU.TakeCompressedScreenshot))\n\t\tcuRoutes.GET(\"/screenshot/region/compressed\", computeruse.WrapCompressedRegionScreenshotHandler(lazyCU.TakeCompressedRegionScreenshot))\n\n\t\t// Mouse control endpoints\n\t\tcuRoutes.GET(\"/mouse/position\", computeruse.WrapMousePositionHandler(lazyCU.GetMousePosition))\n\t\tcuRoutes.POST(\"/mouse/move\", computeruse.WrapMoveMouseHandler(lazyCU.MoveMouse))\n\t\tcuRoutes.POST(\"/mouse/click\", computeruse.WrapClickHandler(lazyCU.Click))\n\t\tcuRoutes.POST(\"/mouse/drag\", computeruse.WrapDragHandler(lazyCU.Drag))\n\t\tcuRoutes.POST(\"/mouse/scroll\", computeruse.WrapScrollHandler(lazyCU.Scroll))\n\n\t\t// Keyboard control endpoints\n\t\tcuRoutes.POST(\"/keyboard/type\", computeruse.WrapTypeTextHandler(lazyCU.TypeText))\n\t\tcuRoutes.POST(\"/keyboard/key\", computeruse.WrapPressKeyHandler(lazyCU.PressKey))\n\t\tcuRoutes.POST(\"/keyboard/hotkey\", computeruse.WrapPressHotkeyHandler(lazyCU.PressHotkey))\n\n\t\t// Display info endpoints\n\t\tcuRoutes.GET(\"/display/info\", computeruse.WrapDisplayInfoHandler(lazyCU.GetDisplayInfo))\n\t\tcuRoutes.GET(\"/display/windows\", computeruse.WrapWindowsHandler(lazyCU.GetWindows))\n\t}\n\n\t// Recording endpoints - always registered, independent of computer-use plugin\n\trecordingController := recordingcontroller.NewRecordingController(s.recordingService)\n\trecordingsGroup := computerUseController.Group(\"/recordings\")\n\t{\n\t\trecordingsGroup.POST(\"/start\", recordingController.StartRecording)\n\t\trecordingsGroup.POST(\"/stop\", recordingController.StopRecording)\n\t\trecordingsGroup.GET(\"\", recordingController.ListRecordings)\n\t\trecordingsGroup.GET(\"/:id\", recordingController.GetRecording)\n\t\trecordingsGroup.GET(\"/:id/download\", recordingController.DownloadRecording)\n\t\trecordingsGroup.DELETE(\"/:id\", recordingController.DeleteRecording)\n\t}\n\n\tportDetector := port.NewPortsDetector()\n\n\tportController := r.Group(\"/port\")\n\t{\n\t\tportController.GET(\"\", portDetector.GetPorts)\n\t\tportController.GET(\"/:port/in-use\", portDetector.IsPortInUse)\n\t}\n\n\tproxyController := noTelemetryRouter.Group(\"/proxy\")\n\t{\n\t\tproxyController.Any(\"/:port/*path\", common_proxy.NewProxyRequestHandler(proxy.GetProxyTarget, nil))\n\t}\n\n\tgo portDetector.Start(context.Background())\n\n\ts.httpServer = &http.Server{\n\t\tAddr: fmt.Sprintf(\":%d\", config.TOOLBOX_API_PORT),\n\t\tHandler: r,\n\t}\n\n\t// Print to stdout so the runner can know that the daemon is ready\n\tfmt.Println(\"Starting toolbox server on port\", config.TOOLBOX_API_PORT)\n\n\tlistener, err := net.Listen(\"tcp\", s.httpServer.Addr)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn s.httpServer.Serve(listener)\n}\n\nfunc (s *server) Shutdown() {\n\ts.logger.Info(\"Shutting down toolbox server\")\n\n\t// Stop accepting new requests and drain in-flight ones\n\tif s.httpServer != nil {\n\t\tctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)\n\t\tdefer cancel()\n\t\tif err := s.httpServer.Shutdown(ctx); err != nil {\n\t\t\ts.logger.Error(\"toolbox HTTP server shutdown error\", \"error\", err)\n\t\t}\n\t}\n\n\t// Stop computer use if running\n\tif s.ComputerUse != nil {\n\t\ts.logger.Info(\"Stopping computer use...\")\n\t\t_, err := s.ComputerUse.Stop()\n\t\tif err != nil {\n\t\t\ts.logger.Error(\"Failed to stop computer use\", \"error\", err)\n\t\t}\n\t}\n\n\t// Flush telemetry\n\tif s.telemetry.TracerProvider != nil {\n\t\ts.logger.Info(\"Shutting down tracer provider\")\n\t\ttelemetry.ShutdownTracer(s.logger, s.telemetry.TracerProvider)\n\t}\n\n\tif s.telemetry.MeterProvider != nil {\n\t\ts.logger.Info(\"Shutting down meter provider\")\n\t\ttelemetry.ShutdownMeter(s.logger, s.telemetry.MeterProvider)\n\t}\n\n\tif s.telemetry.LoggerProvider != nil {\n\t\ts.logger.Info(\"Shutting down logger provider\")\n\t\ttelemetry.ShutdownLogger(s.logger, s.telemetry.LoggerProvider)\n\t}\n}\n" }, { "path": "apps/daemon/pkg/toolbox/telemetry.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage toolbox\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/daytonaio/common-go/pkg/log\"\n\t\"github.com/daytonaio/common-go/pkg/telemetry\"\n\t\"github.com/daytonaio/daemon/internal\"\n)\n\nfunc (s *server) initTelemetry(ctx context.Context, serviceName, entrypointLogFilePath string, organizationId, regionId *string) error {\n\tif s.otelEndpoint == nil {\n\t\ts.logger.InfoContext(ctx, \"Otel endpoint not provided, skipping telemetry initialization\")\n\t\treturn nil\n\t}\n\n\tif s.telemetry.LoggerProvider != nil {\n\t\tif err := s.telemetry.LoggerProvider.Shutdown(ctx); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to shutdown existing telemetry logger: %w\", err)\n\t\t}\n\t}\n\n\tif s.telemetry.MeterProvider != nil {\n\t\tif err := s.telemetry.MeterProvider.Shutdown(ctx); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to shutdown existing telemetry meter provider: %w\", err)\n\t\t}\n\t}\n\n\tif s.telemetry.TracerProvider != nil {\n\t\tif err := s.telemetry.TracerProvider.Shutdown(ctx); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to shutdown existing telemetry tracer provider: %w\", err)\n\t\t}\n\t}\n\n\tconfig := telemetry.Config{\n\t\tServiceName: serviceName,\n\t\tServiceVersion: internal.Version,\n\t\tEndpoint: *s.otelEndpoint,\n\t\tHeaders: map[string]string{\n\t\t\t\"sandbox-auth-token\": s.authToken,\n\t\t},\n\t}\n\n\textraLabels := make(map[string]string)\n\tif organizationId != nil && *organizationId != \"\" {\n\t\textraLabels[\"daytona_organization_id\"] = *organizationId\n\t}\n\n\tif regionId != nil && *regionId != \"\" {\n\t\textraLabels[\"daytona_region_id\"] = *regionId\n\t}\n\n\tif len(extraLabels) > 0 {\n\t\tconfig.ExtraLabels = extraLabels\n\t}\n\n\t// Use a background context\n\ttelemetryContext := context.Background()\n\n\t// Initialize OpenTelemetry logging\n\tnewLogger, lp, err := telemetry.InitLogger(telemetryContext, s.logger, config)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to initialize logger: %w\", err)\n\t}\n\ts.logger = newLogger\n\n\tif s.entrypointLogCancel != nil {\n\t\ts.entrypointLogCancel()\n\t}\n\n\tentrypointCtx, entrypointCancel := context.WithCancel(s.ctx)\n\ts.entrypointLogCancel = entrypointCancel\n\n\tgo func() {\n\t\tif entrypointLogFilePath == \"\" {\n\t\t\treturn\n\t\t}\n\n\t\tentrypointLogFile, err := os.Open(entrypointLogFilePath)\n\t\tif err != nil {\n\t\t\ts.logger.ErrorContext(ctx, \"Failed to open entrypoint log file\", \"error\", err, \"daytona-entrypoint\", true)\n\t\t\treturn\n\t\t}\n\t\tdefer entrypointLogFile.Close()\n\n\t\terrChan := make(chan error, 1)\n\t\tstdoutChan := make(chan []byte)\n\t\tstderrChan := make(chan []byte)\n\t\tgo log.ReadMultiplexedLog(entrypointCtx, entrypointLogFile, true, stdoutChan, stderrChan, errChan)\n\t\tfor {\n\t\t\tselect {\n\t\t\tcase <-entrypointCtx.Done():\n\t\t\t\treturn\n\t\t\tcase line := <-stdoutChan:\n\t\t\t\ts.logger.InfoContext(telemetryContext, string(line), \"daytona-entrypoint\", true)\n\t\t\tcase line := <-stderrChan:\n\t\t\t\ts.logger.ErrorContext(telemetryContext, string(line), \"daytona-entrypoint\", true)\n\t\t\tcase err := <-errChan:\n\t\t\t\tif err != nil {\n\t\t\t\t\ts.logger.ErrorContext(telemetryContext, \"Error reading entrypoint log file\", \"error\", err, \"daytona-entrypoint\", true)\n\t\t\t\t}\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\t}()\n\n\t// Initialize OpenTelemetry metrics\n\tmp, err := telemetry.InitMetrics(ctx, config, \"daytona.sandbox\")\n\tif err != nil {\n\t\tif shutDownErr := lp.Shutdown(telemetryContext); shutDownErr != nil {\n\t\t\ts.logger.ErrorContext(ctx, \"Failed to shutdown logger after metrics initialization failure\", \"shutdownErr\", shutDownErr)\n\t\t}\n\t\treturn fmt.Errorf(\"failed to initialize metrics: %w\", err)\n\t}\n\n\t// Initialize OpenTelemetry tracing\n\ttp, err := telemetry.InitTracer(ctx, config)\n\tif err != nil {\n\t\tif shutDownErr := lp.Shutdown(telemetryContext); shutDownErr != nil {\n\t\t\ts.logger.ErrorContext(ctx, \"Failed to shutdown logger after tracer initialization failure\", \"shutdownErr\", shutDownErr)\n\t\t}\n\t\tif shutDownErr := mp.Shutdown(telemetryContext); shutDownErr != nil {\n\t\t\ts.logger.ErrorContext(ctx, \"Failed to shutdown meter provider after tracer initialization failure\", \"shutdownErr\", shutDownErr)\n\t\t}\n\t\treturn fmt.Errorf(\"failed to initialize tracer: %w\", err)\n\t}\n\n\ts.telemetry.TracerProvider = tp\n\ts.telemetry.MeterProvider = mp\n\ts.telemetry.LoggerProvider = lp\n\n\ts.logger.InfoContext(ctx, \"Telemetry initialized successfully\")\n\treturn nil\n}\n" }, { "path": "apps/daemon/pkg/toolbox/types.go", "content": "// Copyright Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage toolbox\n\ntype InitializeRequest struct {\n\tToken string `json:\"token\" binding:\"required\"`\n} // @name InitializeRequest\n\ntype WorkDirResponse struct {\n\tDir string `json:\"dir\" binding:\"required\"`\n} // @name WorkDirResponse\n\ntype UserHomeDirResponse struct {\n\tDir string `json:\"dir\" binding:\"required\"`\n} // @name UserHomeDirResponse\n" }, { "path": "apps/daemon/pkg/toolbox/validator.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\npackage toolbox\n\nimport (\n\t\"reflect\"\n\t\"strconv\"\n\t\"strings\"\n\t\"sync\"\n\n\t\"github.com/gin-gonic/gin/binding\"\n\t\"github.com/go-playground/validator/v10\"\n)\n\ntype DefaultValidator struct {\n\tonce sync.Once\n\tvalidate *validator.Validate\n}\n\nvar _ binding.StructValidator = &DefaultValidator{}\n\ntype SliceValidationError []error\n\nfunc (err SliceValidationError) Error() string {\n\tif len(err) == 0 {\n\t\treturn \"\"\n\t}\n\n\tvar b strings.Builder\n\tfor i := 0; i < len(err); i++ {\n\t\tif err[i] != nil {\n\t\t\tif b.Len() > 0 {\n\t\t\t\tb.WriteString(\"\\n\")\n\t\t\t}\n\t\t\tb.WriteString(\"[\" + strconv.Itoa(i) + \"]: \" + err[i].Error())\n\t\t}\n\t}\n\treturn b.String()\n}\n\nfunc (v *DefaultValidator) ValidateStruct(obj any) error {\n\tif obj == nil {\n\t\treturn nil\n\t}\n\n\tvalue := reflect.ValueOf(obj)\n\tswitch value.Kind() {\n\tcase reflect.Ptr:\n\t\tif value.Elem().Kind() != reflect.Struct {\n\t\t\treturn v.ValidateStruct(value.Elem().Interface())\n\t\t}\n\t\treturn v.validateStruct(obj)\n\tcase reflect.Struct:\n\t\treturn v.validateStruct(obj)\n\tcase reflect.Slice, reflect.Array:\n\t\tcount := value.Len()\n\t\tvalidateRet := make(SliceValidationError, 0)\n\t\tfor i := 0; i < count; i++ {\n\t\t\tif err := v.ValidateStruct(value.Index(i).Interface()); err != nil {\n\t\t\t\tvalidateRet = append(validateRet, err)\n\t\t\t}\n\t\t}\n\t\tif len(validateRet) == 0 {\n\t\t\treturn nil\n\t\t}\n\t\treturn validateRet\n\tdefault:\n\t\treturn nil\n\t}\n}\n\nfunc (v *DefaultValidator) Engine() interface{} {\n\tv.lazyinit()\n\treturn v.validate\n}\n\nfunc (v *DefaultValidator) validateStruct(obj any) error {\n\tv.lazyinit()\n\treturn v.validate.Struct(obj)\n}\n\nfunc (v *DefaultValidator) lazyinit() {\n\tv.once.Do(func() {\n\t\tv.validate = validator.New(validator.WithRequiredStructEnabled())\n\t\tv.validate.SetTagName(\"validate\")\n\t\t_ = v.validate.RegisterValidation(\"optional\", func(fl validator.FieldLevel) bool {\n\t\t\treturn true\n\t\t}, true)\n\t})\n}\n" }, { "path": "apps/daemon/project.json", "content": "{\n \"name\": \"daemon\",\n \"$schema\": \"../../node_modules/nx/schemas/project-schema.json\",\n \"projectType\": \"application\",\n \"sourceRoot\": \"apps/daemon\",\n \"tags\": [],\n \"targets\": {\n \"prepare\": {\n \"executor\": \"@nx-go/nx-go:serve\",\n \"options\": {\n \"cwd\": \".\",\n \"main\": \"{projectRoot}/tools/xterm.go\"\n },\n \"cache\": true,\n \"inputs\": [\"{projectRoot}/tools/xterm.go\"],\n \"outputs\": [\"{projectRoot}/pkg/terminal/static/*\"],\n \"configurations\": {\n \"production\": {}\n }\n },\n \"build\": {\n \"executor\": \"@nx-go/nx-go:build\",\n \"inputs\": [\n \"goProduction\",\n \"^goProduction\",\n { \"env\": \"VERSION\" },\n { \"dependentTasksOutputFiles\": \"**/*\", \"transitive\": true }\n ],\n \"options\": {\n \"main\": \"{projectRoot}/cmd/daemon/main.go\",\n \"outputPath\": \"dist/apps/daemon\"\n },\n \"configurations\": {\n \"production\": {\n \"flags\": [\"-ldflags \\\"-X 'github.com/daytonaio/daemon/internal.Version=$VERSION'\\\"\"]\n }\n },\n \"dependsOn\": [\"build-amd64\"]\n },\n \"build-amd64\": {\n \"executor\": \"@nx-go/nx-go:build\",\n \"options\": {\n \"main\": \"{projectRoot}/cmd/daemon/main.go\",\n \"outputPath\": \"dist/apps/daemon-amd64\",\n \"env\": {\n \"GOARCH\": \"amd64\",\n \"GOOS\": \"linux\",\n \"CGO_ENABLED\": \"0\"\n },\n \"flags\": [\"-ldflags \\\"-X 'github.com/daytonaio/daemon/internal.Version=$VERSION'\\\"\"]\n },\n \"dependsOn\": [\"prepare\"],\n \"inputs\": [\n \"goProduction\",\n \"^goProduction\",\n { \"env\": \"VERSION\" },\n { \"dependentTasksOutputFiles\": \"**/*\", \"transitive\": true }\n ]\n },\n \"serve\": {\n \"executor\": \"@nx-go/nx-go:serve\",\n \"options\": {\n \"cmd\": \"gow\",\n \"cwd\": \".\",\n \"main\": \"{projectRoot}/cmd/daemon/main.go\"\n },\n \"configurations\": {\n \"production\": {}\n }\n },\n \"format\": {\n \"executor\": \"nx:run-commands\",\n \"options\": {\n \"command\": \"cd {projectRoot} && go fmt ./... && prettier --write \\\"**/*.{yaml,html,json}\\\"\"\n }\n },\n \"test\": {\n \"executor\": \"@nx-go/nx-go:test\"\n },\n \"lint\": {\n \"executor\": \"@nx-go/nx-go:lint\"\n },\n \"openapi\": {\n \"executor\": \"nx:run-commands\",\n \"cache\": true,\n \"inputs\": [\"{projectRoot}/pkg/toolbox/**/*.go\", \"!{projectRoot}/pkg/toolbox/**/*_test.go\"],\n \"outputs\": [\n \"{projectRoot}/pkg/toolbox/docs/swagger.json\",\n \"{projectRoot}/pkg/toolbox/docs/swagger.yaml\",\n \"{projectRoot}/pkg/toolbox/docs/docs.go\"\n ],\n \"options\": {\n \"cwd\": \"{projectRoot}/pkg/toolbox\",\n \"command\": \"swag fmt && swag init --parseDependency --parseInternal --parseDepth 1 -o docs -g server.go && prettier --write \\\"**/*.{yaml,html,json}\\\"\"\n }\n }\n }\n}\n" }, { "path": "apps/daemon/tools/xterm.go", "content": "// Copyright 2025 Daytona Platforms Inc.\n// SPDX-License-Identifier: AGPL-3.0\n\n// download_xterm.go\npackage main\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"runtime\"\n)\n\nconst (\n\tXTERM_VERSION = \"5.3.0\"\n\tXTERM_FIT_VERSION = \"0.8.0\"\n)\n\nfunc main() {\n\t// Get project root path\n\t_, filename, _, _ := runtime.Caller(0)\n\tprojectRoot := filepath.Join(filepath.Dir(filename), \"..\")\n\t// Create static directory structure\n\tstaticDir := filepath.Join(projectRoot, \"pkg\", \"terminal\", \"static\")\n\terr := os.MkdirAll(staticDir, 0755)\n\tif err != nil {\n\t\tfmt.Printf(\"Error creating directory %s: %v\\n\", staticDir, err)\n\t\tos.Exit(1)\n\t}\n\n\t// Files to download from cdnjs\n\tfiles := map[string]string{\n\t\tfilepath.Join(staticDir, \"xterm.js\"): fmt.Sprintf(\"https://cdn.jsdelivr.net/npm/xterm@%s/lib/xterm.js\", XTERM_VERSION),\n\t\tfilepath.Join(staticDir, \"xterm.css\"): fmt.Sprintf(\"https://cdn.jsdelivr.net/npm/xterm@%s/css/xterm.css\", XTERM_VERSION),\n\t\tfilepath.Join(staticDir, \"xterm-addon-fit.js\"): fmt.Sprintf(\"https://cdn.jsdelivr.net/npm/xterm-addon-fit@%s/lib/xterm-addon-fit.js\", XTERM_FIT_VERSION),\n\t}\n\n\t// Download each file\n\tfor filePath, url := range files {\n\t\tfmt.Printf(\"Downloading %s...\\n\", filePath)\n\n\t\tresp, err := http.Get(url)\n\t\tif err != nil {\n\t\t\tfmt.Printf(\"Error downloading %s: %v\\n\", url, err)\n\t\t\tos.Exit(1)\n\t\t}\n\t\tdefer resp.Body.Close()\n\n\t\tfile, err := os.Create(filePath)\n\t\tif err != nil {\n\t\t\tfmt.Printf(\"Error creating file %s: %v\\n\", filePath, err)\n\t\t\tos.Exit(1)\n\t\t}\n\n\t\t_, err = io.Copy(file, resp.Body)\n\t\tfile.Close()\n\t\tif err != nil {\n\t\t\tfmt.Printf(\"Error writing to file %s: %v\\n\", filePath, err)\n\t\t\tos.Exit(1)\n\t\t}\n\t}\n\n\tfmt.Println(\"xterm.js files downloaded successfully\")\n}\n" }, { "path": "apps/dashboard/.prettierignore", "content": "/public\n" }, { "path": "apps/dashboard/.storybook/main.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport type { StorybookConfig } from '@storybook/react-vite'\nimport { mergeConfig } from 'vite'\nimport path from 'path'\n\nconst config: StorybookConfig = {\n stories: ['../src/**/*.stories.@(ts|tsx)'],\n addons: ['@storybook/addon-essentials'],\n framework: {\n name: '@storybook/react-vite',\n options: {},\n },\n typescript: {\n reactDocgen: false,\n },\n viteFinal: async (config) => {\n return mergeConfig(config, {\n resolve: {\n alias: [\n {\n find: '@daytonaio/sdk',\n replacement: path.resolve(__dirname, '../../../libs/sdk-typescript/src'),\n },\n {\n find: '@',\n replacement: path.resolve(__dirname, '../src'),\n },\n ],\n },\n })\n },\n}\n\nexport default config\n" }, { "path": "apps/dashboard/.storybook/preview.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport type { Preview } from '@storybook/react'\nimport '../src/index.css'\n\nconst preview: Preview = {\n globalTypes: {\n theme: {\n description: 'Toggle light/dark theme',\n toolbar: {\n title: 'Theme',\n icon: 'sun',\n items: [\n { value: 'light', icon: 'sun', title: 'Light' },\n { value: 'dark', icon: 'moon', title: 'Dark' },\n ],\n dynamicTitle: true,\n },\n },\n },\n initialGlobals: {\n theme: 'light',\n },\n decorators: [\n (Story, context) => {\n const theme = context.globals.theme || 'light'\n document.documentElement.classList.toggle('dark', theme === 'dark')\n return \n },\n ],\n parameters: {\n controls: {\n matchers: {\n color: /(background|color)$/i,\n date: /Date$/i,\n },\n },\n },\n}\n\nexport default preview\n" }, { "path": "apps/dashboard/.storybook/tsconfig.json", "content": "{\n \"extends\": \"../tsconfig.app.json\",\n \"compilerOptions\": {\n \"composite\": false,\n \"declaration\": false,\n \"declarationMap\": false\n },\n \"include\": [\"../src/**/*.ts\", \"../src/**/*.tsx\", \"./**/*.ts\"],\n \"exclude\": [\"../src/**/*.spec.ts\", \"../src/**/*.test.ts\"]\n}\n" }, { "path": "apps/dashboard/eslint.config.mjs", "content": "import nx from '@nx/eslint-plugin'\nimport baseConfig from '../../eslint.config.mjs'\n\nexport default [\n ...baseConfig,\n ...nx.configs['flat/react'],\n {\n files: ['**/*.ts', '**/*.tsx', '**/*.js', '**/*.jsx'],\n // Override or add rules here\n rules: {},\n },\n]\n" }, { "path": "apps/dashboard/index.html", "content": "\n\n \n \n \n \n \n Daytona\n \n \n
\n \n \n \n\n" }, { "path": "apps/dashboard/postcss.config.js", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nconst { join } = require('path')\n\n// Note: If you use library-specific PostCSS/Tailwind configuration then you should remove the `postcssConfig` build\n// option from your application's configuration (i.e. project.json).\n//\n// See: https://nx.dev/guides/using-tailwind-css-in-react#step-4:-applying-configuration-to-libraries\n\nmodule.exports = {\n plugins: {\n tailwindcss: {\n config: join(__dirname, 'tailwind.config.js'),\n },\n autoprefixer: {},\n },\n}\n" }, { "path": "apps/dashboard/project.json", "content": "{\n \"name\": \"dashboard\",\n \"$schema\": \"../../node_modules/nx/schemas/project-schema.json\",\n \"sourceRoot\": \"apps/dashboard/src\",\n \"projectType\": \"application\",\n \"tags\": [],\n \"targets\": {\n \"build\": {\n \"configurations\": {\n \"production\": {\n \"mode\": \"production\"\n }\n },\n \"dependsOn\": [\n {\n \"target\": \"build\",\n \"projects\": \"sdk-typescript\"\n }\n ]\n },\n \"storybook\": {\n \"executor\": \"nx:run-commands\",\n \"options\": {\n \"command\": \"storybook dev -p 6006 -c .storybook\",\n \"cwd\": \"apps/dashboard\"\n }\n },\n \"build-storybook\": {\n \"executor\": \"nx:run-commands\",\n \"options\": {\n \"command\": \"storybook build -c .storybook -o ../../dist/storybook\",\n \"cwd\": \"apps/dashboard\"\n }\n },\n \"format\": {\n \"executor\": \"nx:run-commands\",\n \"options\": {\n \"command\": \"cd {projectRoot} && prettier --write \\\"**/*.{ts,tsx,js,jsx,json,css,mjs,html}\\\" --config ../../.prettierrc\"\n }\n }\n }\n}\n" }, { "path": "apps/dashboard/public/mockServiceWorker.js", "content": "/* eslint-disable */\n/* tslint:disable */\n\n/**\n * Mock Service Worker.\n * @see https://github.com/mswjs/msw\n * - Please do NOT modify this file.\n */\n\nconst PACKAGE_VERSION = '2.12.2'\nconst INTEGRITY_CHECKSUM = '4db4a41e972cec1b64cc569c66952d82'\nconst IS_MOCKED_RESPONSE = Symbol('isMockedResponse')\nconst activeClientIds = new Set()\n\naddEventListener('install', function () {\n self.skipWaiting()\n})\n\naddEventListener('activate', function (event) {\n event.waitUntil(self.clients.claim())\n})\n\naddEventListener('message', async function (event) {\n const clientId = Reflect.get(event.source || {}, 'id')\n\n if (!clientId || !self.clients) {\n return\n }\n\n const client = await self.clients.get(clientId)\n\n if (!client) {\n return\n }\n\n const allClients = await self.clients.matchAll({\n type: 'window',\n })\n\n switch (event.data) {\n case 'KEEPALIVE_REQUEST': {\n sendToClient(client, {\n type: 'KEEPALIVE_RESPONSE',\n })\n break\n }\n\n case 'INTEGRITY_CHECK_REQUEST': {\n sendToClient(client, {\n type: 'INTEGRITY_CHECK_RESPONSE',\n payload: {\n packageVersion: PACKAGE_VERSION,\n checksum: INTEGRITY_CHECKSUM,\n },\n })\n break\n }\n\n case 'MOCK_ACTIVATE': {\n activeClientIds.add(clientId)\n\n sendToClient(client, {\n type: 'MOCKING_ENABLED',\n payload: {\n client: {\n id: client.id,\n frameType: client.frameType,\n },\n },\n })\n break\n }\n\n case 'CLIENT_CLOSED': {\n activeClientIds.delete(clientId)\n\n const remainingClients = allClients.filter((client) => {\n return client.id !== clientId\n })\n\n // Unregister itself when there are no more clients\n if (remainingClients.length === 0) {\n self.registration.unregister()\n }\n\n break\n }\n }\n})\n\naddEventListener('fetch', function (event) {\n const requestInterceptedAt = Date.now()\n\n // Bypass navigation requests.\n if (event.request.mode === 'navigate') {\n return\n }\n\n // Opening the DevTools triggers the \"only-if-cached\" request\n // that cannot be handled by the worker. Bypass such requests.\n if (\n event.request.cache === 'only-if-cached' &&\n event.request.mode !== 'same-origin'\n ) {\n return\n }\n\n // Bypass all requests when there are no active clients.\n // Prevents the self-unregistered worked from handling requests\n // after it's been terminated (still remains active until the next reload).\n if (activeClientIds.size === 0) {\n return\n }\n\n const requestId = crypto.randomUUID()\n event.respondWith(handleRequest(event, requestId, requestInterceptedAt))\n})\n\n/**\n * @param {FetchEvent} event\n * @param {string} requestId\n * @param {number} requestInterceptedAt\n */\nasync function handleRequest(event, requestId, requestInterceptedAt) {\n const client = await resolveMainClient(event)\n const requestCloneForEvents = event.request.clone()\n const response = await getResponse(\n event,\n client,\n requestId,\n requestInterceptedAt,\n )\n\n // Send back the response clone for the \"response:*\" life-cycle events.\n // Ensure MSW is active and ready to handle the message, otherwise\n // this message will pend indefinitely.\n if (client && activeClientIds.has(client.id)) {\n const serializedRequest = await serializeRequest(requestCloneForEvents)\n\n // Clone the response so both the client and the library could consume it.\n const responseClone = response.clone()\n\n sendToClient(\n client,\n {\n type: 'RESPONSE',\n payload: {\n isMockedResponse: IS_MOCKED_RESPONSE in response,\n request: {\n id: requestId,\n ...serializedRequest,\n },\n response: {\n type: responseClone.type,\n status: responseClone.status,\n statusText: responseClone.statusText,\n headers: Object.fromEntries(responseClone.headers.entries()),\n body: responseClone.body,\n },\n },\n },\n responseClone.body ? [serializedRequest.body, responseClone.body] : [],\n )\n }\n\n return response\n}\n\n/**\n * Resolve the main client for the given event.\n * Client that issues a request doesn't necessarily equal the client\n * that registered the worker. It's with the latter the worker should\n * communicate with during the response resolving phase.\n * @param {FetchEvent} event\n * @returns {Promise}\n */\nasync function resolveMainClient(event) {\n const client = await self.clients.get(event.clientId)\n\n if (activeClientIds.has(event.clientId)) {\n return client\n }\n\n if (client?.frameType === 'top-level') {\n return client\n }\n\n const allClients = await self.clients.matchAll({\n type: 'window',\n })\n\n return allClients\n .filter((client) => {\n // Get only those clients that are currently visible.\n return client.visibilityState === 'visible'\n })\n .find((client) => {\n // Find the client ID that's recorded in the\n // set of clients that have registered the worker.\n return activeClientIds.has(client.id)\n })\n}\n\n/**\n * @param {FetchEvent} event\n * @param {Client | undefined} client\n * @param {string} requestId\n * @param {number} requestInterceptedAt\n * @returns {Promise}\n */\nasync function getResponse(event, client, requestId, requestInterceptedAt) {\n // Clone the request because it might've been already used\n // (i.e. its body has been read and sent to the client).\n const requestClone = event.request.clone()\n\n function passthrough() {\n // Cast the request headers to a new Headers instance\n // so the headers can be manipulated with.\n const headers = new Headers(requestClone.headers)\n\n // Remove the \"accept\" header value that marked this request as passthrough.\n // This prevents request alteration and also keeps it compliant with the\n // user-defined CORS policies.\n const acceptHeader = headers.get('accept')\n if (acceptHeader) {\n const values = acceptHeader.split(',').map((value) => value.trim())\n const filteredValues = values.filter(\n (value) => value !== 'msw/passthrough',\n )\n\n if (filteredValues.length > 0) {\n headers.set('accept', filteredValues.join(', '))\n } else {\n headers.delete('accept')\n }\n }\n\n return fetch(requestClone, { headers })\n }\n\n // Bypass mocking when the client is not active.\n if (!client) {\n return passthrough()\n }\n\n // Bypass initial page load requests (i.e. static assets).\n // The absence of the immediate/parent client in the map of the active clients\n // means that MSW hasn't dispatched the \"MOCK_ACTIVATE\" event yet\n // and is not ready to handle requests.\n if (!activeClientIds.has(client.id)) {\n return passthrough()\n }\n\n // Notify the client that a request has been intercepted.\n const serializedRequest = await serializeRequest(event.request)\n const clientMessage = await sendToClient(\n client,\n {\n type: 'REQUEST',\n payload: {\n id: requestId,\n interceptedAt: requestInterceptedAt,\n ...serializedRequest,\n },\n },\n [serializedRequest.body],\n )\n\n switch (clientMessage.type) {\n case 'MOCK_RESPONSE': {\n return respondWithMock(clientMessage.data)\n }\n\n case 'PASSTHROUGH': {\n return passthrough()\n }\n }\n\n return passthrough()\n}\n\n/**\n * @param {Client} client\n * @param {any} message\n * @param {Array} transferrables\n * @returns {Promise}\n */\nfunction sendToClient(client, message, transferrables = []) {\n return new Promise((resolve, reject) => {\n const channel = new MessageChannel()\n\n channel.port1.onmessage = (event) => {\n if (event.data && event.data.error) {\n return reject(event.data.error)\n }\n\n resolve(event.data)\n }\n\n client.postMessage(message, [\n channel.port2,\n ...transferrables.filter(Boolean),\n ])\n })\n}\n\n/**\n * @param {Response} response\n * @returns {Response}\n */\nfunction respondWithMock(response) {\n // Setting response status code to 0 is a no-op.\n // However, when responding with a \"Response.error()\", the produced Response\n // instance will have status code set to 0. Since it's not possible to create\n // a Response instance with status code 0, handle that use-case separately.\n if (response.status === 0) {\n return Response.error()\n }\n\n const mockedResponse = new Response(response.body, response)\n\n Reflect.defineProperty(mockedResponse, IS_MOCKED_RESPONSE, {\n value: true,\n enumerable: true,\n })\n\n return mockedResponse\n}\n\n/**\n * @param {Request} request\n */\nasync function serializeRequest(request) {\n return {\n url: request.url,\n mode: request.mode,\n method: request.method,\n headers: Object.fromEntries(request.headers.entries()),\n cache: request.cache,\n credentials: request.credentials,\n destination: request.destination,\n integrity: request.integrity,\n redirect: request.redirect,\n referrer: request.referrer,\n referrerPolicy: request.referrerPolicy,\n body: await request.arrayBuffer(),\n keepalive: request.keepalive,\n }\n}\n" }, { "path": "apps/dashboard/src/App.css", "content": "#root {\n max-width: 1280px;\n margin: 0 auto;\n padding: 2rem;\n text-align: center;\n}\n\n.logo {\n height: 6em;\n padding: 1.5em;\n will-change: filter;\n transition: filter 300ms;\n}\n.logo:hover {\n filter: drop-shadow(0 0 2em #646cffaa);\n}\n.logo.react:hover {\n filter: drop-shadow(0 0 2em #61dafbaa);\n}\n\n@keyframes logo-spin {\n from {\n transform: rotate(0deg);\n }\n to {\n transform: rotate(360deg);\n }\n}\n\n@media (prefers-reduced-motion: no-preference) {\n a:nth-of-type(2) .logo {\n animation: logo-spin infinite 20s linear;\n }\n}\n\n.card {\n padding: 2em;\n}\n\n.read-the-docs {\n color: #888;\n}\n" }, { "path": "apps/dashboard/src/App.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { useSelectedOrganization } from '@/hooks/useSelectedOrganization'\nimport Onboarding from '@/pages/Onboarding'\nimport OrganizationMembers from '@/pages/OrganizationMembers'\nimport OrganizationSettings from '@/pages/OrganizationSettings'\nimport UserOrganizationInvitations from '@/pages/UserOrganizationInvitations'\nimport { NotificationSocketProvider } from '@/providers/NotificationSocketProvider'\nimport { OrganizationsProvider } from '@/providers/OrganizationsProvider'\nimport { SelectedOrganizationProvider } from '@/providers/SelectedOrganizationProvider'\nimport { UserOrganizationInvitationsProvider } from '@/providers/UserOrganizationInvitationsProvider'\nimport { initPylon } from '@/vendor/pylon'\nimport { OrganizationRolePermissionsEnum, OrganizationUserRoleEnum } from '@daytonaio/api-client'\nimport { useFeatureFlagEnabled, usePostHog } from 'posthog-js/react'\nimport React, { Suspense, useEffect } from 'react'\nimport { useAuth } from 'react-oidc-context'\nimport { Navigate, Route, Routes, useLocation } from 'react-router-dom'\nimport { BannerProvider } from './components/Banner'\nimport { CommandPaletteProvider } from './components/CommandPalette'\nimport LoadingFallback from './components/LoadingFallback'\nimport { Button } from './components/ui/button'\nimport {\n Dialog,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from './components/ui/dialog'\nimport { DAYTONA_DOCS_URL, DAYTONA_SLACK_URL } from './constants/ExternalLinks'\nimport { FeatureFlags } from './enums/FeatureFlags'\nimport { RoutePath, getRouteSubPath } from './enums/RoutePath'\nimport { useConfig } from './hooks/useConfig'\nimport AccountSettings from './pages/AccountSettings'\nimport AuditLogs from './pages/AuditLogs'\nimport Dashboard from './pages/Dashboard'\nimport EmailVerify from './pages/EmailVerify'\nimport Experimental from './pages/Experimental'\nimport Keys from './pages/Keys'\nimport LandingPage from './pages/LandingPage'\nimport Limits from './pages/Limits'\nimport Logout from './pages/Logout'\nimport NotFound from './pages/NotFound'\nimport Playground from './pages/Playground'\nimport Regions from './pages/Regions'\nimport Registries from './pages/Registries'\nimport Runners from './pages/Runners'\nimport Sandboxes from './pages/Sandboxes'\nimport Snapshots from './pages/Snapshots'\nimport Spending from './pages/Spending'\nimport Volumes from './pages/Volumes'\nimport Wallet from './pages/Wallet'\nimport WebhookEndpointDetails from './pages/WebhookEndpointDetails'\nimport Webhooks from './pages/Webhooks'\nimport { SandboxDetails } from './components/sandboxes'\nimport { ApiProvider } from './providers/ApiProvider'\nimport { RegionsProvider } from './providers/RegionsProvider'\nimport { SvixProvider } from './providers/SvixProvider'\n\n// Simple redirection components for external URLs\nconst DocsRedirect = () => {\n React.useEffect(() => {\n window.open(DAYTONA_DOCS_URL, '_blank')\n window.location.href = RoutePath.DASHBOARD\n }, [])\n return null\n}\n\nconst SlackRedirect = () => {\n React.useEffect(() => {\n window.open(DAYTONA_SLACK_URL, '_blank')\n window.location.href = RoutePath.DASHBOARD\n }, [])\n return null\n}\n\nfunction App() {\n const config = useConfig()\n const location = useLocation()\n const posthog = usePostHog()\n\n const { error: authError, isAuthenticated, user, signoutRedirect } = useAuth()\n\n useEffect(() => {\n if (isAuthenticated && user && posthog?.get_distinct_id() !== user.profile.sub) {\n posthog?.identify(user.profile.sub, {\n email: user.profile.email,\n name: user.profile.name,\n })\n }\n if (import.meta.env.PROD && config.pylonAppId && isAuthenticated && user) {\n initPylon(config.pylonAppId, {\n chat_settings: {\n app_id: config.pylonAppId,\n email: user.profile.email || '',\n name: user.profile.name || '',\n avatar_url: user.profile.picture,\n email_hash: user.profile?.email_hash as string | undefined,\n },\n })\n }\n }, [isAuthenticated, user, posthog, config.pylonAppId])\n\n // Hack for tracking PostHog pageviews in SPAs\n useEffect(() => {\n if (import.meta.env.PROD) {\n posthog?.capture('$pageview', {\n $current_url: window.location.href,\n })\n }\n }, [location, posthog])\n\n if (authError) {\n return (\n \n button]:hidden\">\n \n Authentication Error\n {authError.message}\n \n \n \n \n \n \n )\n }\n\n return (\n \n } />\n } />\n } />\n } />\n }>\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n }\n >\n } />\n } />\n } />\n } />\n } />\n } />\n \n \n \n }\n />\n \n \n \n }\n />\n {config.billingApiUrl && (\n <>\n \n \n \n }\n />\n \n \n \n }\n />\n } />\n \n )}\n \n \n \n }\n />\n {\n // TODO: uncomment when we allow creating custom roles\n /* \n \n \n \n \n }\n /> */\n }\n \n \n \n }\n />\n } />\n \n \n \n }\n />\n \n \n \n \n \n }\n />\n }\n />\n } />\n } />\n \n \n \n }\n />\n } />\n \n \n \n }\n />\n \n \n \n }\n />\n \n } />\n \n )\n}\n\nfunction NonPersonalOrganizationPageWrapper({ children }: { children: React.ReactNode }) {\n const { selectedOrganization } = useSelectedOrganization()\n\n if (selectedOrganization?.personal) {\n return \n }\n\n return children\n}\n\nfunction OwnerAccessOrganizationPageWrapper({ children }: { children: React.ReactNode }) {\n const { authenticatedUserOrganizationMember } = useSelectedOrganization()\n\n if (authenticatedUserOrganizationMember?.role !== OrganizationUserRoleEnum.OWNER) {\n return \n }\n\n return children\n}\n\nfunction RequiredPermissionsOrganizationPageWrapper({\n children,\n requiredPermissions,\n}: {\n children: React.ReactNode\n requiredPermissions: OrganizationRolePermissionsEnum[]\n}) {\n const { authenticatedUserHasPermission } = useSelectedOrganization()\n\n if (!requiredPermissions.every((permission) => authenticatedUserHasPermission(permission))) {\n return \n }\n\n return children\n}\n\nfunction RequiredFeatureFlagWrapper({ children, flagKey }: { children: React.ReactNode; flagKey: FeatureFlags }) {\n const flagEnabled = useFeatureFlagEnabled(flagKey)\n\n if (!flagEnabled) {\n return \n }\n\n return children\n}\n\nexport default App\n" }, { "path": "apps/dashboard/src/api/apiClient.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { BillingApiClient } from '@/billing-api/billingApiClient'\nimport { DashboardConfig } from '@/types/DashboardConfig'\nimport {\n Configuration as AnalyticsConfiguration,\n TelemetryApi as AnalyticsTelemetryApi,\n UsageApi as AnalyticsUsageApi,\n} from '@daytonaio/analytics-api-client'\nimport {\n ApiKeysApi,\n AuditApi,\n Configuration,\n DockerRegistryApi,\n OrganizationsApi,\n RegionsApi,\n RunnersApi,\n SandboxApi,\n SnapshotsApi,\n ToolboxApi,\n UsersApi,\n VolumesApi,\n WebhooksApi,\n} from '@daytonaio/api-client'\nimport axios, { AxiosError } from 'axios'\nimport { DaytonaError } from './errors'\n\nexport class ApiClient {\n private config: Configuration\n private _snapshotApi: SnapshotsApi\n private _sandboxApi: SandboxApi\n private _userApi: UsersApi\n private _apiKeyApi: ApiKeysApi\n private _dockerRegistryApi: DockerRegistryApi\n private _organizationsApi: OrganizationsApi\n private _billingApi: BillingApiClient\n private _volumeApi: VolumesApi\n private _toolboxApi: ToolboxApi\n private _auditApi: AuditApi\n private _regionsApi: RegionsApi\n private _runnersApi: RunnersApi\n private _webhooksApi: WebhooksApi\n private _analyticsUsageApi: AnalyticsUsageApi | null\n private _analyticsTelemetryApi: AnalyticsTelemetryApi | null\n\n constructor(config: DashboardConfig, accessToken: string) {\n this.config = new Configuration({\n basePath: config.apiUrl,\n accessToken: accessToken,\n })\n\n const axiosInstance = axios.create()\n axiosInstance.interceptors.response.use(\n (response) => {\n return response\n },\n (error) => {\n let errorMessage: string\n\n if (error instanceof AxiosError && error.message.includes('timeout of')) {\n errorMessage = 'Operation timed out'\n } else {\n errorMessage = error.response?.data?.message || error.response?.data || error.message || String(error)\n }\n\n throw DaytonaError.fromString(String(errorMessage), { cause: error instanceof Error ? error : undefined })\n },\n )\n\n // Initialize APIs\n this._snapshotApi = new SnapshotsApi(this.config, undefined, axiosInstance)\n this._sandboxApi = new SandboxApi(this.config, undefined, axiosInstance)\n this._userApi = new UsersApi(this.config, undefined, axiosInstance)\n this._apiKeyApi = new ApiKeysApi(this.config, undefined, axiosInstance)\n this._dockerRegistryApi = new DockerRegistryApi(this.config, undefined, axiosInstance)\n this._organizationsApi = new OrganizationsApi(this.config, undefined, axiosInstance)\n this._billingApi = new BillingApiClient(config.billingApiUrl || window.location.origin, accessToken)\n this._volumeApi = new VolumesApi(this.config, undefined, axiosInstance)\n this._toolboxApi = new ToolboxApi(this.config, undefined, axiosInstance)\n this._auditApi = new AuditApi(this.config, undefined, axiosInstance)\n this._regionsApi = new RegionsApi(this.config, undefined, axiosInstance)\n this._runnersApi = new RunnersApi(this.config, undefined, axiosInstance)\n this._webhooksApi = new WebhooksApi(this.config, undefined, axiosInstance)\n\n if (config.analyticsApiUrl) {\n const analyticsConfig = new AnalyticsConfiguration({\n basePath: config.analyticsApiUrl,\n accessToken: accessToken,\n baseOptions: {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n },\n })\n this._analyticsUsageApi = new AnalyticsUsageApi(analyticsConfig, undefined, axiosInstance)\n this._analyticsTelemetryApi = new AnalyticsTelemetryApi(analyticsConfig, undefined, axiosInstance)\n } else {\n this._analyticsUsageApi = null\n this._analyticsTelemetryApi = null\n }\n }\n\n public setAccessToken(accessToken: string) {\n this.config.accessToken = accessToken\n }\n\n public get snapshotApi() {\n return this._snapshotApi\n }\n\n public get sandboxApi() {\n return this._sandboxApi\n }\n\n public get userApi() {\n return this._userApi\n }\n\n public get apiKeyApi() {\n return this._apiKeyApi\n }\n\n public get dockerRegistryApi() {\n return this._dockerRegistryApi\n }\n\n public get organizationsApi() {\n return this._organizationsApi\n }\n\n public get billingApi() {\n return this._billingApi\n }\n\n public get volumeApi() {\n return this._volumeApi\n }\n\n public get toolboxApi() {\n return this._toolboxApi\n }\n\n public get auditApi() {\n return this._auditApi\n }\n\n public get regionsApi() {\n return this._regionsApi\n }\n\n public get runnersApi() {\n return this._runnersApi\n }\n\n public get webhooksApi() {\n return this._webhooksApi\n }\n\n public get analyticsUsageApi() {\n return this._analyticsUsageApi\n }\n\n public get analyticsTelemetryApi() {\n return this._analyticsTelemetryApi\n }\n\n public async webhookRequest(method: string, url: string, data?: any) {\n // Use the existing axios instance that's already configured with interceptors\n const axiosInstance = axios.create({\n baseURL: this.config.basePath,\n headers: {\n Authorization: `Bearer ${this.config.accessToken}`,\n },\n })\n\n return axiosInstance.request({\n method,\n url,\n data,\n })\n }\n\n public get axiosInstance() {\n return axios.create({\n baseURL: this.config.basePath,\n headers: {\n Authorization: `Bearer ${this.config.accessToken}`,\n },\n })\n }\n}\n" }, { "path": "apps/dashboard/src/api/errors.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport class DaytonaError extends Error {\n public static fromError(error: Error): DaytonaError {\n if (String(error).includes('Organization is suspended')) {\n return new OrganizationSuspendedError(error.message, {\n cause: error.cause,\n })\n }\n\n return new DaytonaError(error.message, {\n cause: error.cause,\n })\n }\n\n public static fromString(error: string, options?: { cause?: Error }): DaytonaError {\n return DaytonaError.fromError(new Error(error, options))\n }\n}\n\nexport class OrganizationSuspendedError extends DaytonaError {}\n" }, { "path": "apps/dashboard/src/assets/Logo.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport function Logo() {\n return (\n \n \n \n \n \n \n \n \n \n \n \n \n )\n}\n\nexport function LogoText() {\n return (\n \n \n \n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/billing-api/billingApiClient.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { DaytonaError } from '@/api/errors'\nimport axios, { AxiosInstance } from 'axios'\nimport {\n AutomaticTopUp,\n OrganizationEmail,\n OrganizationTier,\n OrganizationUsage,\n OrganizationWallet,\n PaginatedInvoices,\n PaymentUrl,\n Tier,\n WalletTopUpRequest,\n} from './types'\n\nexport class BillingApiClient {\n private axiosInstance: AxiosInstance\n\n constructor(apiUrl: string, accessToken: string) {\n this.axiosInstance = axios.create({\n baseURL: apiUrl,\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n\n this.axiosInstance.interceptors.response.use(\n (response) => {\n return response\n },\n (error) => {\n const errorMessage = error.response?.data?.message || error.response?.data || error.message || String(error)\n\n throw DaytonaError.fromString(String(errorMessage))\n },\n )\n }\n\n public async getOrganizationUsage(organizationId: string): Promise {\n const response = await this.axiosInstance.get(`/organization/${organizationId}/usage`)\n return response.data\n }\n\n public async getPastOrganizationUsage(organizationId: string, periods?: number): Promise {\n const response = await this.axiosInstance.get(`/organization/${organizationId}/usage/past?periods=${periods || 12}`)\n return response.data\n }\n\n public async getOrganizationWallet(organizationId: string): Promise {\n const response = await this.axiosInstance.get(`/organization/${organizationId}/wallet`)\n return response.data\n }\n\n public async setAutomaticTopUp(organizationId: string, automaticTopUp?: AutomaticTopUp): Promise {\n await this.axiosInstance.put(`/organization/${organizationId}/wallet/automatic-top-up`, automaticTopUp)\n }\n\n public async getOrganizationBillingPortalUrl(organizationId: string): Promise {\n const response = await this.axiosInstance.get(`/organization/${organizationId}/portal-url`)\n return response.data\n }\n\n public async getOrganizationCheckoutUrl(organizationId: string): Promise {\n const response = await this.axiosInstance.get(`/organization/${organizationId}/checkout-url`)\n return response.data\n }\n\n public async redeemCoupon(organizationId: string, couponCode: string): Promise {\n const response = await this.axiosInstance.post(`/organization/${organizationId}/redeem-coupon/${couponCode}`)\n return response.data?.message || 'Coupon redeemed successfully'\n }\n\n public async getOrganizationTier(organizationId: string): Promise {\n const response = await this.axiosInstance.get(`/organization/${organizationId}/tier`)\n const orgTier: OrganizationTier = {\n tier: response.data.tier,\n largestSuccessfulPaymentDate: response.data.largestSuccessfulPaymentDate\n ? new Date(response.data.largestSuccessfulPaymentDate)\n : undefined,\n largestSuccessfulPaymentCents: response.data.largestSuccessfulPaymentCents,\n expiresAt: response.data.expiresAt ? new Date(response.data.expiresAt) : undefined,\n hasVerifiedBusinessEmail: response.data.hasVerifiedBusinessEmail,\n }\n\n return orgTier\n }\n\n public async upgradeTier(organizationId: string, tier: number): Promise {\n await this.axiosInstance.post(`/organization/${organizationId}/tier/upgrade`, { tier })\n }\n\n public async downgradeTier(organizationId: string, tier: number): Promise {\n await this.axiosInstance.post(`/organization/${organizationId}/tier/downgrade`, { tier })\n }\n\n public async listTiers(): Promise {\n const response = await this.axiosInstance.get('/tier')\n return response.data\n }\n\n public async listOrganizationEmails(organizationId: string): Promise {\n const response = await this.axiosInstance.get(`/organization/${organizationId}/email`)\n return response.data.map((email: any) => ({\n ...email,\n verifiedAt: email.verifiedAt ? new Date(email.verifiedAt) : undefined,\n }))\n }\n\n public async addOrganizationEmail(organizationId: string, email: string): Promise {\n await this.axiosInstance.post(`/organization/${organizationId}/email`, { email })\n }\n\n public async deleteOrganizationEmail(organizationId: string, email: string): Promise {\n await this.axiosInstance.delete(`/organization/${organizationId}/email`, { data: { email } })\n }\n\n public async verifyOrganizationEmail(organizationId: string, email: string, token: string): Promise {\n await this.axiosInstance.post(`/organization/${organizationId}/email/verify`, { email, token })\n }\n\n public async resendOrganizationEmailVerification(organizationId: string, email: string): Promise {\n await this.axiosInstance.post(`/organization/${organizationId}/email/resend`, { email })\n }\n\n public async listInvoices(organizationId: string, page?: number, perPage?: number): Promise {\n const params = new URLSearchParams()\n if (page !== undefined) {\n params.append('page', page.toString())\n }\n if (perPage !== undefined) {\n params.append('perPage', perPage.toString())\n }\n const queryString = params.toString()\n const url = `/organization/${organizationId}/invoices${queryString ? `?${queryString}` : ''}`\n const response = await this.axiosInstance.get(url)\n return response.data\n }\n\n public async createInvoicePaymentUrl(organizationId: string, invoiceId: string): Promise {\n const response = await this.axiosInstance.post(`/organization/${organizationId}/invoices/${invoiceId}/payment-url`)\n return response.data\n }\n\n public async voidInvoice(organizationId: string, invoiceId: string): Promise {\n await this.axiosInstance.post(`/organization/${organizationId}/invoices/${invoiceId}/void`)\n }\n\n public async topUpWallet(organizationId: string, amountCents: number): Promise {\n const response = await this.axiosInstance.post(`/organization/${organizationId}/wallet/top-up`, {\n amountCents,\n } as WalletTopUpRequest)\n return response.data\n }\n}\n" }, { "path": "apps/dashboard/src/billing-api/index.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport * from './billingApiClient'\nexport * from './types'\n" }, { "path": "apps/dashboard/src/billing-api/types/Invoice.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport interface InvoiceErrorDetail {\n details?: Record\n errorCode: string\n}\n\nexport type InvoicePaymentStatus = 'pending' | 'succeeded' | 'failed'\nexport type InvoiceStatus = 'draft' | 'finalized' | 'failed' | 'voided' | 'pending'\nexport type InvoiceType = 'subscription' | 'add_on' | 'one_off'\n\nexport interface Invoice {\n currency: string\n errorDetails?: InvoiceErrorDetail[]\n fileUrl?: string\n id: string\n issuingDate: string\n number: string\n paymentDueDate: string\n paymentOverdue: boolean\n paymentStatus: InvoicePaymentStatus\n sequentialId: number\n status: InvoiceStatus\n totalAmountCents: number\n totalDueAmountCents: number\n type: InvoiceType\n}\n\nexport interface PaginatedInvoices {\n items: Invoice[]\n totalItems: number\n totalPages: number\n}\n\nexport interface PaymentUrl {\n url: string\n}\n" }, { "path": "apps/dashboard/src/billing-api/types/OrganizationEmail.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport type OrganizationEmail = {\n email: string\n verified: boolean\n owner: boolean\n business: boolean\n verifiedAt?: Date\n}\n" }, { "path": "apps/dashboard/src/billing-api/types/OrganizationTier.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport type OrganizationTier = {\n tier: number\n largestSuccessfulPaymentDate?: Date\n largestSuccessfulPaymentCents: number\n expiresAt?: Date\n hasVerifiedBusinessEmail: boolean\n}\n" }, { "path": "apps/dashboard/src/billing-api/types/OrganizationUsage.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport interface OrganizationUsage {\n from: Date\n to: Date\n issuingDate: string\n amountCents: number\n totalAmountCents: number\n taxesAmountCents: number\n usageCharges: UsageCharge[]\n}\n\nexport interface UsageCharge {\n units: string\n eventsCount: number\n amountCents: number\n billableMetric: BillableMetricCode\n}\n\nexport enum BillableMetricCode {\n CPU_USAGE = 'cpu_usage',\n GPU_USAGE = 'gpu_usage',\n RAM_USAGE = 'ram_usage',\n DISK_USAGE = 'disk_usage',\n UNKNOWN = 'unknown',\n}\n" }, { "path": "apps/dashboard/src/billing-api/types/OrganizationWallet.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport interface OrganizationWallet {\n balanceCents: number\n ongoingBalanceCents: number\n name: string\n creditCardConnected: boolean\n\n automaticTopUp?: AutomaticTopUp\n hasFailedOrPendingInvoice?: boolean\n}\n\nexport type AutomaticTopUp = {\n thresholdAmount: number\n targetAmount: number\n}\n\nexport interface WalletTopUpRequest {\n amountCents: number\n}\n" }, { "path": "apps/dashboard/src/billing-api/types/index.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport * from './OrganizationTier'\nexport * from './OrganizationUsage'\nexport * from './OrganizationWallet'\nexport * from './tier'\nexport * from './OrganizationEmail'\nexport * from './Invoice'\n" }, { "path": "apps/dashboard/src/billing-api/types/tier.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport type Tier = {\n tier: number\n tierLimit: TierLimit\n minTopUpAmountCents: number\n topUpIntervalDays: number\n}\n\nexport type TierLimit = {\n concurrentCPU: number\n concurrentRAMGiB: number\n concurrentDiskGiB: number\n}\n" }, { "path": "apps/dashboard/src/components/AccountProviderIcon.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ComponentType } from 'react'\nimport { Github, Link2, Mail, LucideProps } from 'lucide-react'\n\ntype Props = {\n provider: string\n className?: string\n}\n\nexport function AccountProviderIcon(props: Props) {\n return getIcon(props.provider, props.className)\n}\n\nconst getIcon = (provider: string, className?: string) => {\n const IconComponent = ICON[provider]\n\n if (!IconComponent) {\n return \n }\n\n return \n}\n\nconst ICON: { [x: string]: ComponentType } = {\n github: Github,\n 'google-oauth2': Mail,\n}\n" }, { "path": "apps/dashboard/src/components/AnnouncementBanner.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { X, Info } from 'lucide-react'\nimport { Button } from './ui/button'\n\ninterface AnnouncementBannerProps {\n text: string\n learnMoreUrl?: string\n onDismiss: () => void\n}\n\nexport function AnnouncementBanner({ text, learnMoreUrl, onDismiss }: AnnouncementBannerProps) {\n return (\n
\n
\n
\n \n
\n

{text}

\n {learnMoreUrl && (\n \n Learn More\n \n )}\n
\n
\n \n \n \n
\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/ApiKeyTable.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { CREATE_API_KEY_PERMISSIONS_GROUPS } from '@/constants/CreateApiKeyPermissionsGroups'\nimport { DEFAULT_PAGE_SIZE } from '@/constants/Pagination'\nimport { getRelativeTimeString } from '@/lib/utils'\nimport { ApiKeyList, ApiKeyListPermissionsEnum, CreateApiKeyPermissionsEnum } from '@daytonaio/api-client'\n\nimport {\n ColumnDef,\n flexRender,\n getCoreRowModel,\n getPaginationRowModel,\n getSortedRowModel,\n SortingState,\n useReactTable,\n} from '@tanstack/react-table'\nimport { KeyRound, Loader2 } from 'lucide-react'\nimport { useMemo, useState } from 'react'\nimport { Pagination } from './Pagination'\nimport { TableEmptyState } from './TableEmptyState'\nimport { Badge } from './ui/badge'\nimport { Button } from './ui/button'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n DialogTrigger,\n} from './ui/dialog'\nimport { Popover, PopoverContent, PopoverTrigger } from './ui/popover'\nimport { Skeleton } from './ui/skeleton'\nimport { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from './ui/table'\nimport { Tooltip, TooltipContent, TooltipTrigger } from './ui/tooltip'\n\ninterface DataTableProps {\n data: ApiKeyList[]\n loading: boolean\n isLoadingKey: (key: ApiKeyList) => boolean\n onRevoke: (key: ApiKeyList) => void\n}\n\nexport function ApiKeyTable({ data, loading, isLoadingKey, onRevoke }: DataTableProps) {\n const [sorting, setSorting] = useState([])\n const columns = getColumns({ onRevoke, isLoadingKey })\n const table = useReactTable({\n data,\n columns,\n getCoreRowModel: getCoreRowModel(),\n getPaginationRowModel: getPaginationRowModel(),\n onSortingChange: setSorting,\n getSortedRowModel: getSortedRowModel(),\n state: {\n sorting,\n },\n initialState: {\n pagination: {\n pageSize: DEFAULT_PAGE_SIZE,\n },\n },\n })\n\n return (\n
\n
\n \n \n {table.getHeaderGroups().map((headerGroup) => (\n \n {headerGroup.headers.map((header) => {\n return (\n \n {header.isPlaceholder ? null : flexRender(header.column.columnDef.header, header.getContext())}\n \n )\n })}\n \n ))}\n \n \n {loading ? (\n <>\n {Array.from(new Array(5)).map((_, i) => (\n \n {table.getVisibleLeafColumns().map((column, i, arr) =>\n i === arr.length - 1 ? null : (\n \n \n \n ),\n )}\n \n ))}\n \n ) : table.getRowModel().rows?.length ? (\n table.getRowModel().rows.map((row) => (\n \n {row.getVisibleCells().map((cell) => (\n \n {flexRender(cell.column.columnDef.cell, cell.getContext())}\n \n ))}\n \n ))\n ) : (\n }\n description={\n
\n

API Keys authenticate requests made through the Daytona SDK or CLI.

\n

\n Generate one and{' '}\n \n check out the API Key setup guide\n \n .\n

\n
\n }\n />\n )}\n \n
\n
\n \n
\n )\n}\n\nconst getExpiresAtColor = (expiresAt: Date | null) => {\n if (!expiresAt) {\n return 'text-foreground'\n }\n\n const MILLISECONDS_IN_MINUTE = 1000 * 60\n const MINUTES_IN_DAY = 24 * 60\n\n const diffInMinutes = Math.floor((new Date(expiresAt).getTime() - new Date().getTime()) / MILLISECONDS_IN_MINUTE)\n\n // Already expired\n if (diffInMinutes < 0) {\n return 'text-red-500'\n }\n\n // Expires within a day\n if (diffInMinutes < MINUTES_IN_DAY) {\n return 'text-yellow-600 dark:text-yellow-400'\n }\n\n // Expires in more than a day\n return 'text-foreground'\n}\n\nconst getColumns = ({\n onRevoke,\n isLoadingKey,\n}: {\n onRevoke: (key: ApiKeyList) => void\n isLoadingKey: (key: ApiKeyList) => boolean\n}): ColumnDef[] => {\n const columns: ColumnDef[] = [\n {\n accessorKey: 'name',\n header: 'Name',\n },\n {\n accessorKey: 'value',\n header: 'Key',\n },\n {\n accessorKey: 'permissions',\n header: () => {\n return
Permissions
\n },\n cell: ({ row }) => {\n return \n },\n },\n {\n accessorKey: 'createdAt',\n header: 'Created',\n cell: ({ row }) => {\n const createdAt = row.original.createdAt\n const relativeTime = getRelativeTimeString(createdAt).relativeTimeString\n const fullDate = new Date(createdAt).toLocaleString()\n\n return (\n \n \n {relativeTime}\n \n \n

{fullDate}

\n \n \n )\n },\n },\n {\n accessorKey: 'lastUsedAt',\n header: 'Last Used',\n cell: ({ row }) => {\n const lastUsedAt = row.original.lastUsedAt\n const relativeTime = getRelativeTimeString(lastUsedAt).relativeTimeString\n\n if (!lastUsedAt) {\n return {relativeTime}\n }\n\n const fullDate = new Date(lastUsedAt).toLocaleString()\n\n return (\n \n \n {relativeTime}\n \n \n

{fullDate}

\n \n \n )\n },\n },\n {\n accessorKey: 'expiresAt',\n header: 'Expires',\n cell: ({ row }) => {\n const expiresAt = row.original.expiresAt\n const relativeTime = getRelativeTimeString(expiresAt).relativeTimeString\n\n if (!expiresAt) {\n return {relativeTime}\n }\n\n const fullDate = new Date(expiresAt).toLocaleString()\n const color = getExpiresAtColor(expiresAt)\n\n return (\n \n \n {relativeTime}\n \n \n

{fullDate}

\n \n \n )\n },\n },\n {\n id: 'actions',\n size: 80,\n cell: ({ row }) => {\n const isLoading = isLoadingKey(row.original)\n\n return (\n \n \n \n \n \n \n Confirm Key Revocation\n \n Are you absolutely sure? This action cannot be undone. This will permanently delete this API key.\n \n \n \n \n \n \n \n \n \n \n \n \n )\n },\n },\n ]\n\n return columns\n}\n\nconst allPermissions = Object.values(CreateApiKeyPermissionsEnum)\n\nconst IMPLICIT_READ_RESOURCES = ['Sandboxes', 'Snapshots', 'Registries', 'Regions']\n\nfunction PermissionsTooltip({\n permissions,\n availablePermissions,\n}: {\n permissions: ApiKeyListPermissionsEnum[]\n availablePermissions: CreateApiKeyPermissionsEnum[]\n}) {\n const isFullAccess = allPermissions.length === permissions.length\n const isSingleResourceAccess = CREATE_API_KEY_PERMISSIONS_GROUPS.find(\n (group) =>\n group.permissions.length === permissions.length && group.permissions.every((p) => permissions.includes(p)),\n )\n\n const availableGroups = useMemo(() => {\n return CREATE_API_KEY_PERMISSIONS_GROUPS.map((group) => ({\n ...group,\n permissions: group.permissions.filter((p) => availablePermissions.includes(p)),\n })).filter((group) => group.permissions.length > 0)\n }, [availablePermissions])\n\n const badgeVariant = isFullAccess ? 'warning' : 'outline'\n const badgeText = isFullAccess ? 'Full' : isSingleResourceAccess ? isSingleResourceAccess.name : 'Restricted'\n\n return (\n \n \n \n {badgeText} Access\n \n \n \n

Permissions

\n
\n {availableGroups.map((group) => {\n const selectedPermissions = group.permissions.filter((p) => permissions.includes(p))\n const hasImplicitRead = IMPLICIT_READ_RESOURCES.includes(group.name)\n\n if (selectedPermissions.length === 0 && !hasImplicitRead) {\n return null\n }\n\n return (\n
\n

{group.name}

\n
\n {hasImplicitRead && (\n \n Read\n \n )}\n {selectedPermissions.map((p) => (\n \n {p.split(':')[0]}\n \n ))}\n
\n
\n )\n })}\n
\n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/AuditLogTable.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Pagination } from '@/components/Pagination'\nimport { TableEmptyState } from '@/components/TableEmptyState'\nimport { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '@/components/ui/table'\nimport { Tooltip, TooltipContent, TooltipTrigger } from '@/components/ui/tooltip'\nimport { getRelativeTimeString } from '@/lib/utils'\nimport { AuditLog } from '@daytonaio/api-client'\nimport { ColumnDef, flexRender, getCoreRowModel, useReactTable } from '@tanstack/react-table'\nimport { TextSearch } from 'lucide-react'\n\ninterface Props {\n data: AuditLog[]\n loading: boolean\n pagination: {\n pageIndex: number\n pageSize: number\n }\n pageCount: number\n totalItems: number\n onPaginationChange: (pagination: { pageIndex: number; pageSize: number }) => void\n}\n\nexport function AuditLogTable({ data, loading, pagination, pageCount, onPaginationChange, totalItems }: Props) {\n const columns = getColumns()\n\n const table = useReactTable({\n data,\n columns,\n getCoreRowModel: getCoreRowModel(),\n manualPagination: true,\n pageCount: pageCount || 1,\n onPaginationChange: pagination\n ? (updater) => {\n const newPagination = typeof updater === 'function' ? updater(table.getState().pagination) : updater\n onPaginationChange(newPagination)\n }\n : undefined,\n state: {\n pagination: {\n pageIndex: pagination?.pageIndex || 0,\n pageSize: pagination?.pageSize || 10,\n },\n },\n getRowId: (row) => row.id,\n })\n\n return (\n
\n
\n \n \n {table.getHeaderGroups().map((headerGroup) => (\n \n {headerGroup.headers.map((header) => {\n return (\n \n {header.isPlaceholder ? null : flexRender(header.column.columnDef.header, header.getContext())}\n \n )\n })}\n \n ))}\n \n \n {loading ? (\n \n \n Loading...\n \n \n ) : table.getRowModel().rows?.length ? (\n table.getRowModel().rows.map((row) => (\n \n {row.getVisibleCells().map((cell) => (\n \n {flexRender(cell.column.columnDef.cell, cell.getContext())}\n \n ))}\n \n ))\n ) : (\n }\n description={\n
\n

Audit logs are detailed records of all actions taken by users in the organization.

\n
\n }\n />\n )}\n \n
\n
\n \n
\n )\n}\n\nconst getColumns = (): ColumnDef[] => {\n const columns: ColumnDef[] = [\n {\n header: 'Time',\n size: 200,\n cell: ({ row }) => {\n const createdAt = new Date(row.original.createdAt)\n const localeString = createdAt.toLocaleString()\n const relativeTimeString = getRelativeTimeString(row.original.createdAt).relativeTimeString\n\n return (\n
\n
{relativeTimeString}
\n
{localeString}
\n
\n )\n },\n },\n {\n header: 'User',\n size: 240,\n cell: ({ row }) => {\n const actorEmail = row.original.actorEmail\n const actorId = row.original.actorId\n const label = actorEmail || actorId\n\n return (\n \n \n
{label}
\n \n \n

{label}

\n \n \n )\n },\n },\n {\n header: 'Action',\n size: 240,\n cell: ({ row }) => {\n const action = row.original.action\n\n return (\n \n \n
{action}
\n \n \n

{action}

\n \n \n )\n },\n },\n {\n header: 'Target',\n size: 360,\n cell: ({ row }) => {\n const targetType = row.original.targetType\n const targetId = row.original.targetId\n\n if (!targetType && !targetId) {\n return '-'\n }\n\n return (\n
\n {targetType &&
{targetType}
}\n {targetId &&
{targetId}
}\n
\n )\n },\n },\n {\n header: 'Outcome',\n size: 320,\n cell: ({ row }) => {\n const statusCode = row.original.statusCode\n const errorMessage = row.original.errorMessage\n const outcomeInfo = getOutcomeInfo(statusCode)\n\n return (\n
\n
{outcomeInfo.label}
\n {!errorMessage ? (\n
{statusCode || '204'}
\n ) : (\n \n \n
\n {statusCode || '500'}\n {` - ${errorMessage}`}\n
\n \n \n

{errorMessage}

\n \n \n )}\n
\n )\n },\n },\n ]\n\n return columns\n}\n\ntype OutcomeCategory = 'informational' | 'success' | 'redirect' | 'client-error' | 'server-error' | 'unknown'\n\ninterface OutcomeInfo {\n label: string\n colorClass: string\n}\n\nconst getOutcomeCategory = (statusCode: number | null | undefined): OutcomeCategory => {\n if (!statusCode) return 'unknown'\n\n if (statusCode >= 100 && statusCode < 200) return 'informational'\n if (statusCode >= 200 && statusCode < 300) return 'success'\n if (statusCode >= 300 && statusCode < 400) return 'redirect'\n if (statusCode >= 400 && statusCode < 500) return 'client-error'\n if (statusCode >= 500 && statusCode < 600) return 'server-error'\n\n return 'unknown'\n}\n\nconst getOutcomeInfo = (statusCode: number | null | undefined): OutcomeInfo => {\n const category = getOutcomeCategory(statusCode)\n\n switch (category) {\n case 'informational':\n return {\n label: 'Info',\n colorClass: 'text-blue-500 dark:text-blue-300',\n }\n case 'success':\n return {\n label: 'Success',\n colorClass: 'text-green-600 dark:text-green-400',\n }\n case 'redirect':\n return {\n label: 'Redirect',\n colorClass: 'text-blue-600 dark:text-blue-400',\n }\n case 'client-error':\n case 'server-error':\n return {\n label: 'Error',\n colorClass: 'text-red-600 dark:text-red-400',\n }\n case 'unknown':\n default:\n return {\n label: 'Unknown',\n colorClass: 'text-gray-600 dark:text-gray-400',\n }\n }\n}\n" }, { "path": "apps/dashboard/src/components/Banner.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { cn } from '@/lib/utils'\nimport { cva, type VariantProps } from 'class-variance-authority'\nimport {\n AlertCircleIcon,\n AlertTriangleIcon,\n CheckCircle2Icon,\n ChevronRight,\n InfoIcon,\n MegaphoneIcon,\n XIcon,\n} from 'lucide-react'\nimport { AnimatePresence, motion } from 'motion/react'\nimport { createContext, useCallback, useContext, useEffect, useMemo, useState } from 'react'\nimport { v4 as uuidv4 } from 'uuid'\n\ntype BannerVariant = 'info' | 'success' | 'warning' | 'error' | 'neutral'\n\nconst variantIcons = {\n info: InfoIcon,\n success: CheckCircle2Icon,\n warning: AlertTriangleIcon,\n error: AlertCircleIcon,\n neutral: MegaphoneIcon,\n}\n\nconst priorityMap: Record = {\n error: 0,\n warning: 1,\n success: 2,\n info: 3,\n neutral: 4,\n}\n\nconst bannerVariants = cva('relative overflow-hidden backdrop-blur-xl border-y w-full', {\n variants: {\n variant: {\n info: 'bg-info-background text-info-foreground border-info-separator',\n success: 'bg-success-background text-success-foreground border-success-separator',\n warning: 'bg-warning-background text-warning-foreground border-warning-separator',\n error: 'bg-destructive-background text-destructive-foreground border-destructive-separator',\n neutral: 'bg-muted/40 border-border',\n },\n },\n defaultVariants: {\n variant: 'info',\n },\n})\n\ninterface BannerAction {\n label: string\n onClick: () => void\n}\n\ninterface BannerNotification {\n id?: string\n variant?: BannerVariant\n title: string\n description?: string\n action?: BannerAction\n icon?: React.ReactNode\n onDismiss?: () => void\n isDismissible?: boolean\n}\n\ninterface BannerContextValue {\n notifications: BannerNotification[]\n addBanner: (notification: BannerNotification) => string\n removeBanner: (id: string) => void\n clearBanners: () => void\n}\n\nconst BannerContext = createContext(null)\n\nexport const useBanner = () => {\n const context = useContext(BannerContext)\n if (!context) {\n throw new Error('useBanner must be used within a BannerProvider')\n }\n return context\n}\n\ninterface BannerProviderProps {\n children: React.ReactNode\n defaultNotifications?: BannerNotification[]\n}\n\nexport const BannerProvider = ({ children, defaultNotifications = [] }: BannerProviderProps) => {\n const [notifications, setNotifications] = useState(defaultNotifications)\n\n const addBanner = useCallback((notification: BannerNotification) => {\n const id = notification.id || uuidv4()\n setNotifications((prev) => {\n const existingIndex = prev.findIndex((n) => n.id === id)\n if (existingIndex >= 0) {\n const updated = [...prev]\n updated[existingIndex] = { ...notification, id }\n return updated\n }\n return [{ ...notification, id }, ...prev]\n })\n return id\n }, [])\n\n const removeBanner = useCallback((id: string) => {\n setNotifications((prev) => prev.filter((n) => n.id !== id))\n }, [])\n\n const clearBanners = useCallback(() => {\n setNotifications([])\n }, [])\n\n const sortedNotifications = useMemo(() => {\n return [...notifications].sort((a, b) => {\n const variantA = (a.variant || 'info') as BannerVariant\n const variantB = (b.variant || 'info') as BannerVariant\n return priorityMap[variantA] - priorityMap[variantB]\n })\n }, [notifications])\n\n const contextValue = useMemo(\n () => ({\n notifications: sortedNotifications,\n addBanner,\n removeBanner,\n clearBanners,\n }),\n [sortedNotifications, addBanner, removeBanner, clearBanners],\n )\n\n return {children}\n}\n\ninterface BannerProps extends VariantProps {\n title: string\n description?: string\n action?: BannerAction\n onDismiss?: () => void\n total?: number\n currentIndex?: number\n onNext?: () => void\n className?: string\n icon?: React.ReactNode\n bannerClassName?: string\n}\n\nexport const Banner = ({\n variant = 'info',\n title,\n description,\n action,\n onDismiss,\n total = 0,\n currentIndex = 0,\n onNext,\n className,\n bannerClassName,\n icon,\n ...props\n}: BannerProps & React.ComponentProps) => {\n const IconComponent = variantIcons[variant ?? 'info']\n const role = variant === 'error' || variant === 'warning' ? 'alert' : 'status'\n\n return (\n \n
\n \n {icon || }\n\n
\n {title}\n {description && (\n <>\n \n {description}\n \n )}\n
\n\n {action && (\n \n {action.label}\n \n )}\n\n {total > 1 && (\n
\n \n
\n \n {currentIndex + 1}/{total}\n \n onNext?.()} aria-label=\"Next Notification\">\n \n \n
\n
\n )}\n\n
\n {onDismiss && (\n onDismiss()} aria-label=\"Dismiss\">\n \n \n )}\n
\n
\n \n \n )\n}\n\nfunction BannerButton({ className, ...props }: React.ComponentProps<'button'>) {\n return (\n \n )\n}\n\nexport const BannerStack = ({ className, bannerClassName }: { className?: string; bannerClassName?: string }) => {\n const { notifications, removeBanner } = useBanner()\n const [activeIndex, setActiveIndex] = useState(0)\n\n useEffect(() => {\n if (notifications.length > 0 && activeIndex >= notifications.length) {\n setActiveIndex(Math.max(0, notifications.length - 1))\n }\n }, [notifications.length, activeIndex])\n\n const activeItem = notifications.length > 0 ? notifications[activeIndex] : null\n\n const handleNext = useCallback(\n () => setActiveIndex((prev) => (prev + 1) % notifications.length),\n [notifications.length],\n )\n\n const handleDismiss = useCallback(() => {\n activeItem?.onDismiss?.()\n if (activeItem?.id) {\n removeBanner(activeItem.id)\n }\n }, [activeItem, removeBanner])\n\n if (!activeItem) {\n return null\n }\n\n return (\n \n \n {activeItem && (\n \n )}\n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/CodeBlock.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { useTheme } from '@/contexts/ThemeContext'\nimport { cn } from '@/lib/utils'\nimport { Highlight, themes, type PrismTheme, type Token } from 'prism-react-renderer'\nimport { CopyButton } from './CopyButton'\n\ninterface CodeBlockProps {\n code: string\n language: string\n showCopy?: boolean\n codeAreaClassName?: string\n className?: string\n}\n\ninterface HighlightProps {\n style: React.CSSProperties\n tokens: Token[][]\n getLineProps: (props: { line: Token[]; key: number }) => React.HTMLAttributes\n getTokenProps: (props: { token: Token; key: number }) => React.HTMLAttributes\n}\n\nconst oneDark = {\n ...themes.oneDark,\n plain: {\n ...themes.oneDark.plain,\n background: 'hsl(var(--code-background))',\n },\n}\n\nconst CodeBlock: React.FC = ({ code, language, showCopy = true, codeAreaClassName, className }) => {\n const { theme } = useTheme()\n\n return (\n
\n \n {({ style, tokens, getLineProps, getTokenProps }: HighlightProps) => (\n 
\n            {tokens.map((line, i) => {\n              const props = getLineProps({ line, key: i })\n              // @ts-expect-error Workaround for the render error. Key should not be spread into JSX\n              const { key, ...rest } = props\n              return (\n                
\n                  {line.map((token, key) => {\n                    const tokenProps = getTokenProps({ token, key })\n                    // @ts-expect-error Workaround for the render error. Key should not be spread into JSX\n                    const { key: tokenKey, ...restTokenProps } = tokenProps\n                    return \n                  })}\n                
\n              )\n            })}\n
\n )}\n \n {showCopy && (\n \n )}\n
\n )\n}\n\nexport default CodeBlock\n" }, { "path": "apps/dashboard/src/components/CommandPalette.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\n'use client'\n\nimport { useDeepCompareMemo } from '@/hooks/useDeepCompareMemo'\nimport { cn, pluralize } from '@/lib/utils'\nimport { useCommandState } from 'cmdk'\nimport { AlertCircle, ChevronRight, Loader2 } from 'lucide-react'\nimport { AnimatePresence, motion, useAnimate } from 'motion/react'\nimport React, { createContext, useCallback, useContext, useEffect, useMemo, useRef, type ReactNode } from 'react'\nimport { createStore, useStore, type StoreApi } from 'zustand'\nimport {\n Command,\n CommandDialog,\n CommandEmpty as CommandEmptyPrimitive,\n CommandGroup as CommandGroupPrimitive,\n CommandInput,\n CommandItem as CommandItemPrimitive,\n CommandList,\n} from './ui/command'\nimport { DialogDescription, DialogOverlay, DialogTitle } from './ui/dialog'\nimport { Kbd } from './ui/kbd'\nimport { Skeleton } from './ui/skeleton'\n\nexport type CommandConfig = {\n id: string\n label: ReactNode\n icon?: ReactNode\n loading?: boolean\n page?: string\n keywords?: string[]\n onSelect?: () => void\n disabled?: boolean\n chainable?: boolean\n value?: string\n className?: string\n}\n\nexport type RegisterCommandsOptions = {\n pageId?: string\n groupId?: string\n groupLabel?: string\n groupOrder?: number\n}\n\nexport type PageConfig = {\n id: string\n label?: string\n placeholder?: string\n}\n\ntype CommandGroup = {\n id: string\n label?: string\n order: number\n commands: Map\n}\n\ntype PageData = {\n meta: PageConfig\n groups: Map\n}\n\ntype CommandPaletteState = {\n isOpen: boolean\n activePageId: string\n pageStack: string[]\n searchByPage: Map\n shouldFilter: boolean\n isLoading: boolean\n pages: Map\n}\n\ntype CommandPaletteActions = {\n setIsOpen: (open: boolean) => void\n setSearch: (value: string) => void\n setShouldFilter: (value: boolean) => void\n setIsLoading: (value: boolean) => void\n pushPage: (pageId: string) => void\n popPage: () => void\n goToPage: (pageId: string) => void\n popToRoot: () => void\n registerPage: (config: PageConfig) => void\n registerCommands: (commands: CommandConfig[], options?: RegisterCommandsOptions) => () => void\n unregisterCommands: (commandIds: string[], options?: { pageId?: string; groupId?: string }) => void\n}\n\ntype CommandPaletteStore = CommandPaletteState & { actions: CommandPaletteActions }\n\nconst createCommandPaletteStore = (defaultPage = 'root') => {\n return createStore((set, get) => ({\n isOpen: false,\n activePageId: defaultPage,\n pageStack: [defaultPage],\n searchByPage: new Map(),\n shouldFilter: true,\n isLoading: false,\n pages: new Map([\n [\n defaultPage,\n {\n meta: { id: defaultPage, label: 'Home', placeholder: 'Type a command or search...' },\n groups: new Map(),\n },\n ],\n ]),\n\n actions: {\n setIsOpen: (isOpen) => set({ isOpen }),\n setSearch: (value) =>\n set((state) => {\n const newSearchByPage = new Map(state.searchByPage)\n newSearchByPage.set(state.activePageId, value)\n\n return { searchByPage: newSearchByPage }\n }),\n setShouldFilter: (value) => set({ shouldFilter: value }),\n setIsLoading: (value) => set({ isLoading: value }),\n\n pushPage: (pageId) =>\n set((state) => {\n if (!state.pages.has(pageId)) {\n return state\n }\n\n return {\n pageStack: [...state.pageStack, pageId],\n activePageId: pageId,\n }\n }),\n\n popPage: () =>\n set((state) => {\n if (state.pageStack.length <= 1) return state\n const newStack = state.pageStack.slice(0, -1)\n\n return {\n pageStack: newStack,\n activePageId: newStack[newStack.length - 1],\n }\n }),\n\n goToPage: (pageId) =>\n set((state) => {\n const pageIndex = state.pageStack.indexOf(pageId)\n if (pageIndex !== -1) {\n return {\n pageStack: state.pageStack.slice(0, pageIndex + 1),\n activePageId: pageId,\n }\n }\n\n return state\n }),\n\n popToRoot: () =>\n set({\n pageStack: [defaultPage],\n activePageId: defaultPage,\n searchByPage: new Map(),\n }),\n\n registerPage: (config) =>\n set((state) => {\n const newPages = new Map(state.pages)\n const existing = newPages.get(config.id)\n\n newPages.set(config.id, {\n meta: { ...existing?.meta, ...config },\n groups: existing?.groups ?? new Map(),\n })\n\n return { pages: newPages }\n }),\n\n registerCommands: (commands, options = {}) => {\n const { pageId = defaultPage, groupId = 'default', groupLabel, groupOrder = 100 } = options\n\n set((state) => {\n const page = state.pages.get(pageId)\n if (!page) {\n return state\n }\n\n const newGroups = new Map(page.groups)\n const existingGroup = newGroups.get(groupId)\n\n const newCommands = new Map(existingGroup?.commands ?? new Map())\n\n for (const cmd of commands) {\n newCommands.set(cmd.id, cmd)\n }\n\n newGroups.set(groupId, {\n id: groupId,\n label: groupLabel ?? existingGroup?.label,\n order: groupOrder ?? existingGroup?.order ?? 0,\n commands: newCommands,\n })\n\n const newPages = new Map(state.pages)\n\n newPages.set(pageId, { ...page, groups: newGroups })\n\n return { pages: newPages }\n })\n\n const commandIds = commands.map((c) => c.id)\n return () => get().actions.unregisterCommands(commandIds, { pageId, groupId })\n },\n\n unregisterCommands: (commandIds, options = {}) => {\n const { pageId = defaultPage, groupId = 'default' } = options\n\n set((state) => {\n const page = state.pages.get(pageId)\n if (!page) {\n return state\n }\n\n const group = page.groups.get(groupId)\n if (!group) {\n return state\n }\n\n const newCommands = new Map(group.commands)\n for (const id of commandIds) {\n newCommands.delete(id)\n }\n\n const newPages = new Map(state.pages)\n const newGroups = new Map(page.groups)\n\n if (newCommands.size === 0) {\n newGroups.delete(groupId)\n } else {\n newGroups.set(groupId, { ...group, commands: newCommands })\n }\n\n newPages.set(pageId, { ...page, groups: newGroups })\n\n return { pages: newPages }\n })\n },\n },\n }))\n}\n\nconst CommandPaletteContext = createContext | null>(null)\n\nexport function useCommandPalette(\n selector: (state: CommandPaletteStore) => T = (state) => state as T,\n): T {\n const store = useContext(CommandPaletteContext)\n if (!store) {\n throw new Error('useCommandPalette must be used within ')\n }\n return useStore(store, selector)\n}\n\nexport function useCommandPaletteActions() {\n const store = useContext(CommandPaletteContext)\n if (!store) {\n throw new Error('useCommandPaletteActions must be used within ')\n }\n\n return useStore(store, (state) => state.actions)\n}\n\nexport type CommandPaletteProviderProps = {\n children: ReactNode\n defaultPage?: string\n enableGlobalShortcut?: boolean\n}\n\nexport function CommandPaletteProvider({\n children,\n defaultPage = 'root',\n enableGlobalShortcut = true,\n}: CommandPaletteProviderProps) {\n const storeRef = useRef | null>(null)\n\n if (!storeRef.current) {\n storeRef.current = createCommandPaletteStore(defaultPage)\n }\n\n useEffect(() => {\n if (!enableGlobalShortcut) return\n\n const handleKeyDown = (e: KeyboardEvent) => {\n if (e.key === 'k' && (e.metaKey || e.ctrlKey)) {\n e.preventDefault()\n const state = storeRef.current?.getState()\n state?.actions.setIsOpen(!state.isOpen)\n }\n }\n\n document.addEventListener('keydown', handleKeyDown)\n return () => document.removeEventListener('keydown', handleKeyDown)\n }, [enableGlobalShortcut])\n\n return {children}\n}\n\nexport function useRegisterCommands(commands: CommandConfig[], options?: RegisterCommandsOptions) {\n const { registerCommands } = useCommandPaletteActions()\n\n const optionsMemo = useDeepCompareMemo(options)\n\n useEffect(() => {\n const unregister = registerCommands(commands, optionsMemo)\n return () => unregister()\n }, [commands, optionsMemo, registerCommands])\n}\n\nexport function useRegisterPage(config: PageConfig) {\n const { registerPage } = useCommandPaletteActions()\n\n const configMemo = useDeepCompareMemo(config)\n\n useEffect(() => {\n registerPage(configMemo)\n }, [configMemo, registerPage])\n}\n\nexport type CommandPaletteProps = {\n className?: string\n overlay?: ReactNode\n}\n\nexport function CommandPalette({ className, overlay }: CommandPaletteProps) {\n const pages = useCommandPalette((state) => state.pages)\n const activePageId = useCommandPalette((state) => state.activePageId)\n const isOpen = useCommandPalette((state) => state.isOpen)\n const search = useCommandPalette((state) => state.searchByPage.get(state.activePageId) ?? '')\n const shouldFilter = useCommandPalette((state) => state.shouldFilter)\n const isLoading = useCommandPalette((state) => state.isLoading)\n const pageStack = useCommandPalette((state) => state.pageStack)\n\n const { setIsOpen, setSearch, popPage, popToRoot } = useCommandPaletteActions()\n\n const activePage = pages.get(activePageId)\n const inputRef = useRef(null)\n\n const [scope, animate] = useAnimate()\n\n useEffect(() => {\n if (isOpen) {\n popToRoot()\n requestAnimationFrame(() => inputRef.current?.focus())\n }\n }, [isOpen, popToRoot])\n\n useEffect(() => {\n if (isOpen && scope.current) {\n animate(scope.current, { scale: [0.975, 1] }, { duration: 0.3 })\n }\n }, [activePageId, isOpen, animate, scope])\n\n const sortedGroups = useMemo(() => {\n if (!activePage) {\n return []\n }\n return Array.from(activePage.groups.values()).sort((a, b) => a.order - b.order)\n }, [activePage])\n\n return (\n }\n >\n \n \n Command Palette\n \n Use the command palette to navigate the application.\n \n\n \n\n {\n if (e.key === 'Backspace' && !search && pageStack.length > 1) {\n e.preventDefault()\n popPage()\n }\n }}\n />\n\n \n\n \n {sortedGroups.map((group) => (\n \n ))}\n \n \n\n \n {pageStack.length > 1 ? (\n \n Backspace to go back\n \n ) : (\n \n Use to navigate\n \n )}\n \n \n \n \n )\n}\n\nfunction Breadcrumbs() {\n const { pageStack, pages } = useCommandPalette()\n const { goToPage } = useCommandPaletteActions()\n\n return (\n
\n {pageStack.map((id, i) => {\n const isLast = i === pageStack.length - 1\n const page = pages.get(id)\n\n return (\n \n {i > 0 && (\n \n /\n \n )}\n goToPage(id)}\n >\n {page?.meta.label ?? id}\n \n \n )\n })}\n
\n )\n}\n\nfunction CommandGroupRenderer({ group }: { group: CommandGroup }) {\n const sortedCommands = useMemo(() => Array.from(group.commands.values()), [group.commands])\n\n if (sortedCommands.length === 0) return null\n\n return (\n \n {sortedCommands.map((cmd) => (\n \n ))}\n \n )\n}\n\nfunction CommandItem({ config }: { config: CommandConfig }) {\n const { pushPage, setIsOpen } = useCommandPaletteActions()\n\n const handleSelect = useCallback(() => {\n if (config.page) {\n pushPage(config.page)\n } else {\n config.onSelect?.()\n if (!config.chainable) {\n setIsOpen(false)\n }\n }\n }, [config, pushPage, setIsOpen])\n\n const value = config.value ?? (typeof config.label === 'string' ? config.label : config.id)\n\n return (\n \n
\n {config.loading ? (\n \n ) : (\n config.icon && {config.icon}\n )}\n {config.label}\n
\n\n {config.page && }\n \n )\n}\n\nfunction CommandFooter({\n children,\n hideResultsCount = false,\n className,\n}: {\n children: ReactNode\n hideResultsCount?: boolean\n className?: string\n}) {\n const resultsCount = useCommandState((state) => state.filtered.count)\n\n return (\n \n {children}\n {!hideResultsCount && {pluralize(resultsCount, 'result', 'results')}}\n \n )\n}\n\nfunction CommandEmpty({ search }: { search: string }) {\n return (\n \n No results found for \"{search}\".\n \n )\n}\n\nfunction PulseBar({ mode, isVisible, className }: { mode: 'flash' | 'pulse'; isVisible: boolean; className?: string }) {\n const gradientBackground = `linear-gradient(90deg, transparent, #66F0C2, #00C241, #66F0C2, transparent)`\n\n if (!isVisible) return null\n\n return (\n \n \n {mode === 'flash' && (\n \n )}\n\n {mode === 'pulse' && (\n \n )}\n \n \n )\n}\n\nexport function CommandHighlight({\n children,\n className,\n ...props\n}: { children: ReactNode } & React.HTMLAttributes) {\n return (\n \n {children}\n \n )\n}\n\nexport function CommandError({\n message = 'Something went wrong',\n onRetry,\n className,\n}: {\n message?: string\n onRetry?: () => void\n className?: string\n}) {\n return (\n
\n \n

{message}

\n {onRetry && (\n \n Try again\n \n )}\n
\n )\n}\n\nexport function CommandLoading({ count = 3, className }: { count?: number; className?: string }) {\n return (\n
\n {Array.from({ length: count }).map((_, i) => (\n
\n \n \n
\n ))}\n
\n )\n}\n\nexport { Kbd, KbdGroup } from './ui/kbd'\n" }, { "path": "apps/dashboard/src/components/ComparisonTable.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { cn } from '@/lib/utils'\nimport { ChevronDown, ChevronRight } from 'lucide-react'\nimport { FC, Fragment, ReactNode, useState } from 'react'\nimport { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from './ui/table'\n\ninterface ComparisonRow {\n label: ReactNode\n values: ReactNode[]\n}\n\nexport interface ComparisonSection {\n id?: string\n title: ReactNode\n collapsed?: boolean\n collapsible?: boolean\n rows: ComparisonRow[]\n}\n\ninterface Props {\n columns: string[]\n headerLabel?: string\n currentColumn?: number\n currentRow?: number\n data: ComparisonSection[]\n className?: string\n}\n\nexport function ComparisonTable({ columns = [], headerLabel, currentColumn, currentRow, data = [], className }: Props) {\n return (\n \n \n \n \n \n {headerLabel}\n \n {columns.map((column, index) => (\n \n {column}\n \n ))}\n \n \n \n {data.map((section, idx) => (\n \n ))}\n \n
\n \n )\n}\n\ninterface CollapsibleSectionProps {\n section: ComparisonSection\n currentColumn?: number\n currentRow?: number\n}\n\nconst CollapsibleSection: FC = ({ section, currentColumn, currentRow }) => {\n const [isOpen, setIsOpen] = useState(section.collapsible ? !section.collapsed : true)\n\n return (\n \n {section.collapsible && (\n setIsOpen(!isOpen)}\n className={cn('cursor-pointer border-b border-border group select-none hover:bg-muted')}\n aria-expanded={isOpen}\n >\n \n
\n {isOpen ? : }\n {section.title}\n
\n \n \n )}\n\n {isOpen &&\n section.rows.map((row, rowIdx) => (\n \n \n {row.label}\n \n\n {row.values.map((val, colIdx) => {\n const isActive = colIdx === currentColumn\n\n return (\n \n {val}\n \n )\n })}\n \n ))}\n \n )\n}\n" }, { "path": "apps/dashboard/src/components/CopyButton.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { useCopyToClipboard } from '@/hooks/useCopyToClipboard'\nimport { cn } from '@/lib/utils'\nimport { AnimatePresence, motion } from 'framer-motion'\nimport { CheckIcon, CopyIcon } from 'lucide-react'\nimport { ComponentProps } from 'react'\nimport TooltipButton from './TooltipButton'\n\nconst MotionCopyIcon = motion(CopyIcon)\nconst MotionCheckIcon = motion(CheckIcon)\n\nconst iconProps = {\n initial: { opacity: 0, y: 5 },\n animate: { opacity: 1, y: 0 },\n exit: { opacity: 0, y: -5 },\n transition: { duration: 0.1 },\n}\n\nfunction CopyButton({\n value,\n className,\n tooltipText,\n variant = 'ghost',\n autoHide,\n onClick,\n ...props\n}: { value: string; tooltipText?: string; autoHide?: boolean } & Omit<\n ComponentProps,\n 'tooltipText'\n>) {\n const [copied, copy] = useCopyToClipboard()\n\n return (\n {\n copy(value)\n onClick?.(e)\n e.stopPropagation()\n }}\n className={cn(\n 'font-sans text-muted-foreground hover:text-foreground',\n {\n 'opacity-0 -translate-x-1': autoHide && !copied,\n 'group-hover/copy-button:opacity-100 group-hover/copy-button:translate-x-0 group-focus-within/copy-button:opacity-100 group-focus-within/copy-button:translate-x-0':\n autoHide,\n 'opacity-100 translate-x-0': autoHide && copied,\n },\n className,\n )}\n variant={variant}\n {...props}\n >\n \n {copied ? (\n \n ) : (\n \n )}\n \n \n )\n}\n\nexport { CopyButton }\n" }, { "path": "apps/dashboard/src/components/CreateApiKeyDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Button } from '@/components/ui/button'\nimport { DatePicker } from '@/components/ui/date-picker'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n DialogTrigger,\n} from '@/components/ui/dialog'\nimport { Spinner } from '@/components/ui/spinner'\nimport { AnimatePresence, motion } from 'framer-motion'\nimport { CheckIcon, CopyIcon, EyeIcon, EyeOffIcon, InfoIcon } from 'lucide-react'\n\nimport { Field, FieldDescription, FieldError, FieldGroup, FieldLabel } from '@/components/ui/field'\nimport { Input } from '@/components/ui/input'\nimport { InputGroup, InputGroupButton, InputGroupInput } from '@/components/ui/input-group'\nimport { Label } from '@/components/ui/label'\nimport { CREATE_API_KEY_PERMISSIONS_GROUPS } from '@/constants/CreateApiKeyPermissionsGroups'\nimport { useCreateApiKeyMutation } from '@/hooks/mutations/useCreateApiKeyMutation'\nimport { useCopyToClipboard } from '@/hooks/useCopyToClipboard'\nimport { handleApiError } from '@/lib/error-handling'\nimport { getMaskedToken } from '@/lib/utils'\nimport { ApiKeyResponse, CreateApiKeyPermissionsEnum } from '@daytonaio/api-client'\nimport { useForm } from '@tanstack/react-form'\nimport { Plus } from 'lucide-react'\nimport React, { useCallback, useEffect, useMemo, useState } from 'react'\nimport { toast } from 'sonner'\nimport { z } from 'zod'\nimport { Alert, AlertDescription, AlertTitle } from './ui/alert'\nimport { Tabs, TabsContent, TabsList, TabsTrigger } from './ui/tabs'\nimport { ToggleGroup, ToggleGroupItem } from './ui/toggle-group'\n\ninterface CreateApiKeyDialogProps {\n availablePermissions: CreateApiKeyPermissionsEnum[]\n apiUrl: string\n className?: string\n organizationId?: string\n}\n\nconst isReadPermission = (permission: CreateApiKeyPermissionsEnum) => permission.startsWith('read:')\nconst isWritePermission = (permission: CreateApiKeyPermissionsEnum) => permission.startsWith('write:')\nconst isDeletePermission = (permission: CreateApiKeyPermissionsEnum) => permission.startsWith('delete:')\n\nconst IMPLICIT_READ_RESOURCES = ['Sandboxes', 'Snapshots', 'Registries', 'Regions']\n\nconst formSchema = z.object({\n name: z.string().min(1, 'Name is required'),\n expiresAt: z.date().optional(),\n permissions: z.array(z.enum(CreateApiKeyPermissionsEnum)),\n})\n\ntype FormValues = z.infer\n\nexport const CreateApiKeyDialog: React.FC = ({\n availablePermissions,\n apiUrl,\n className,\n organizationId,\n}) => {\n const [open, setOpen] = useState(false)\n\n const { reset: resetCreateApiKeyMutation, ...createApiKeyMutation } = useCreateApiKeyMutation()\n\n const availableGroups = useMemo(() => {\n return CREATE_API_KEY_PERMISSIONS_GROUPS.map((group) => ({\n ...group,\n permissions: group.permissions.filter((p) => availablePermissions.includes(p)),\n })).filter((group) => group.permissions.length > 0)\n }, [availablePermissions])\n\n const form = useForm({\n defaultValues: {\n name: '',\n expiresAt: undefined,\n permissions: availablePermissions,\n } as FormValues,\n validators: {\n onSubmit: formSchema,\n },\n onSubmit: async ({ value }) => {\n if (!organizationId) {\n toast.error('Select an organization to create an API key.')\n return\n }\n\n try {\n await createApiKeyMutation.mutateAsync({\n organizationId,\n name: value.name.trim(),\n permissions: value.permissions,\n expiresAt: value.expiresAt ?? null,\n })\n\n toast.success('API key created successfully')\n } catch (error) {\n handleApiError(error, 'Failed to create API key')\n }\n },\n })\n\n const resetState = useCallback(() => {\n form.reset({\n name: '',\n expiresAt: undefined,\n permissions: availablePermissions,\n })\n resetCreateApiKeyMutation()\n }, [resetCreateApiKeyMutation, form, availablePermissions])\n\n useEffect(() => {\n if (open) {\n resetState()\n }\n }, [open, resetState])\n\n const createdKey = createApiKeyMutation.data\n\n return (\n {\n setOpen(isOpen)\n }}\n >\n \n \n \n\n \n \n {createdKey ? 'API Key Created' : 'Create New API Key'}\n \n {createdKey\n ? 'Your API key has been created successfully.'\n : 'Choose which actions this API key will be authorized to perform.'}\n \n \n {createdKey ? (\n \n ) : (\n
\n {\n e.preventDefault()\n e.stopPropagation()\n form.handleSubmit()\n }}\n >\n \n {(field) => {\n const isInvalid = field.state.meta.isTouched && !field.state.meta.isValid\n return (\n \n Key Name\n field.handleChange(e.target.value)}\n placeholder=\"Name\"\n />\n {field.state.meta.errors.length > 0 && field.state.meta.isTouched && (\n \n )}\n \n )\n }}\n \n\n \n {(field) => (\n \n Expires\n \n Optional expiration date for the API key.\n \n )}\n \n\n {\n if (value === 'full-access') {\n form.setFieldValue('permissions', availablePermissions)\n } else if (value === 'sandbox-access') {\n form.setFieldValue('permissions', [\n CreateApiKeyPermissionsEnum.WRITE_SANDBOXES,\n CreateApiKeyPermissionsEnum.DELETE_SANDBOXES,\n ])\n } else {\n form.setFieldValue('permissions', [])\n }\n }}\n >\n \n\n *]:flex-1\">\n Full Access\n Sandboxes\n Restricted \n \n \n \n \n Sandboxes Access\n \n This key grants read and write access to the Sandboxes resource.\n \n \n \n \n \n \n Full Access\n \n This key grants full access to all resources. For better security, we recommend creating a\n restricted key.\n \n \n \n \n {availableGroups.length > 0 && (\n \n {(field) => (\n \n \n {availableGroups.map((group) => {\n const readPermission = group.permissions.find(isReadPermission)\n const writePermission = group.permissions.find(isWritePermission)\n const deletePermission = group.permissions.find(isDeletePermission)\n const hasImplicitRead = IMPLICIT_READ_RESOURCES.includes(group.name)\n\n return (\n \n \n\n field.state.value.includes(p))}\n onValueChange={(newGroupSelection) => {\n const permissionsWithoutThisGroup = field.state.value.filter(\n (p) => !group.permissions.includes(p),\n )\n\n field.handleChange([\n ...permissionsWithoutThisGroup,\n ...newGroupSelection,\n ] as CreateApiKeyPermissionsEnum[])\n }}\n >\n {hasImplicitRead ? (\n \n Read*\n \n ) : (\n \n {readPermission ? 'Read' : '-'}\n \n )}\n \n {writePermission ? 'Write' : '-'}\n \n \n {deletePermission ? 'Delete' : '-'}\n \n \n
\n )\n })}\n \n {field.state.meta.errors.length > 0 && field.state.meta.isTouched && (\n \n )}\n

\n *Read access is always granted for these resources.\n

\n \n )}\n \n )}\n \n \n \n \n )}\n \n \n \n \n {!createdKey && (\n [state.canSubmit, state.isSubmitting]}\n children={([canSubmit, isSubmitting]) => (\n \n {isSubmitting && }\n Create\n \n )}\n />\n )}\n \n \n \n )\n}\n\nconst MotionCopyIcon = motion(CopyIcon)\nconst MotionCheckIcon = motion(CheckIcon)\n\nconst iconProps = {\n initial: { opacity: 0, y: 5 },\n animate: { opacity: 1, y: 0 },\n exit: { opacity: 0, y: -5 },\n transition: { duration: 0.1 },\n}\n\nfunction CreatedKeyDisplay({ createdKey, apiUrl }: { createdKey: ApiKeyResponse; apiUrl: string }) {\n const [copiedApiKey, copyApiKey] = useCopyToClipboard()\n const [copiedApiUrl, copyApiUrl] = useCopyToClipboard()\n\n const [apiKeyRevealed, setApiKeyRevealed] = useState(false)\n\n return (\n
\n \n \n You can only view this key once. Store it safely.\n \n \n \n API Key\n\n \n \n setApiKeyRevealed(!apiKeyRevealed)}>\n {apiKeyRevealed ? : }\n \n copyApiKey(createdKey.value)}>\n \n {copiedApiKey ? (\n \n ) : (\n \n )}\n \n \n \n \n\n \n API URL\n\n \n \n copyApiUrl(apiUrl)}>\n \n {copiedApiUrl ? (\n \n ) : (\n \n )}\n \n \n \n \n \n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/CreateRegionDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React, { useState } from 'react'\nimport { CreateRegion, CreateRegionResponse } from '@daytonaio/api-client'\nimport { Button } from '@/components/ui/button'\nimport { Input } from '@/components/ui/input'\nimport { Label } from '@/components/ui/label'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n DialogTrigger,\n} from '@/components/ui/dialog'\nimport { toast } from 'sonner'\nimport { Plus, Copy } from 'lucide-react'\nimport { getMaskedToken } from '@/lib/utils'\n\nconst DEFAULT_FORM_DATA = {\n name: '',\n proxyUrl: '',\n sshGatewayUrl: '',\n snapshotManagerUrl: '',\n}\n\ninterface CreateRegionDialogProps {\n onCreateRegion: (data: CreateRegion) => Promise\n writePermitted: boolean\n loadingData: boolean\n}\n\nexport const CreateRegionDialog: React.FC = ({\n onCreateRegion,\n writePermitted,\n loadingData,\n}) => {\n const [open, setOpen] = useState(false)\n const [loading, setLoading] = useState(false)\n\n const [createdRegion, setCreatedRegion] = useState(null)\n const [isProxyApiKeyRevealed, setIsProxyApiKeyRevealed] = useState(false)\n const [isSshGatewayApiKeyRevealed, setIsSshGatewayApiKeyRevealed] = useState(false)\n const [isSnapshotManagerPasswordRevealed, setIsSnapshotManagerPasswordRevealed] = useState(false)\n\n const [formData, setFormData] = useState(DEFAULT_FORM_DATA)\n\n const handleCreate = async () => {\n setLoading(true)\n try {\n const createRegionData: CreateRegion = {\n name: formData.name,\n proxyUrl: formData.proxyUrl.trim() || null,\n sshGatewayUrl: formData.sshGatewayUrl.trim() || null,\n snapshotManagerUrl: formData.snapshotManagerUrl.trim() || null,\n }\n\n const region = await onCreateRegion(createRegionData)\n if (region) {\n if (\n !region.proxyApiKey &&\n !region.sshGatewayApiKey &&\n !region.snapshotManagerUsername &&\n !region.snapshotManagerPassword\n ) {\n setOpen(false)\n setCreatedRegion(null)\n } else {\n setCreatedRegion(region)\n }\n setFormData(DEFAULT_FORM_DATA)\n }\n } finally {\n setLoading(false)\n }\n }\n\n const copyToClipboard = async (text: string) => {\n try {\n await navigator.clipboard.writeText(text)\n toast.success('Copied to clipboard')\n } catch (err) {\n console.error('Failed to copy text:', err)\n toast.error('Failed to copy to clipboard')\n }\n }\n\n if (!writePermitted) {\n return null\n }\n\n return (\n {\n setOpen(isOpen)\n if (!isOpen) {\n setCreatedRegion(null)\n setFormData(DEFAULT_FORM_DATA)\n setIsProxyApiKeyRevealed(false)\n setIsSshGatewayApiKeyRevealed(false)\n setIsSnapshotManagerPasswordRevealed(false)\n }\n }}\n >\n \n \n \n\n \n \n {createdRegion ? 'New Region Created' : 'Create New Region'}\n \n {!createdRegion\n ? 'Add a new region for grouping runners and sandboxes.'\n : createdRegion.proxyApiKey ||\n createdRegion.sshGatewayApiKey ||\n createdRegion.snapshotManagerUsername ||\n createdRegion.snapshotManagerPassword\n ? \"Save these credentials securely. You won't be able to see them again.\"\n : ''}\n \n \n\n {createdRegion &&\n (createdRegion.proxyApiKey ||\n createdRegion.sshGatewayApiKey ||\n createdRegion.snapshotManagerUsername ||\n createdRegion.snapshotManagerPassword) ? (\n
\n {createdRegion.proxyApiKey && (\n
\n \n
\n setIsProxyApiKeyRevealed(true)}\n onMouseLeave={() => setIsProxyApiKeyRevealed(false)}\n >\n {isProxyApiKeyRevealed ? createdRegion.proxyApiKey : getMaskedToken(createdRegion.proxyApiKey)}\n \n copyToClipboard(createdRegion.proxyApiKey!)}\n />\n
\n
\n )}\n\n {createdRegion.sshGatewayApiKey && (\n
\n \n
\n setIsSshGatewayApiKeyRevealed(true)}\n onMouseLeave={() => setIsSshGatewayApiKeyRevealed(false)}\n >\n {isSshGatewayApiKeyRevealed\n ? createdRegion.sshGatewayApiKey\n : getMaskedToken(createdRegion.sshGatewayApiKey)}\n \n copyToClipboard(createdRegion.sshGatewayApiKey!)}\n />\n
\n
\n )}\n\n {createdRegion.snapshotManagerUsername && (\n
\n \n
\n \n {createdRegion.snapshotManagerUsername}\n \n copyToClipboard(createdRegion.snapshotManagerUsername!)}\n />\n
\n
\n )}\n\n {createdRegion.snapshotManagerPassword && (\n
\n \n
\n setIsSnapshotManagerPasswordRevealed(true)}\n onMouseLeave={() => setIsSnapshotManagerPasswordRevealed(false)}\n >\n {isSnapshotManagerPasswordRevealed\n ? createdRegion.snapshotManagerPassword\n : getMaskedToken(createdRegion.snapshotManagerPassword)}\n \n copyToClipboard(createdRegion.snapshotManagerPassword!)}\n />\n
\n
\n )}\n
\n ) : (\n {\n e.preventDefault()\n await handleCreate()\n }}\n >\n
\n \n {\n setFormData((prev) => ({ ...prev, name: e.target.value }))\n }}\n placeholder=\"us-east-1\"\n />\n

\n Region name must contain only letters, numbers, underscores, periods, and hyphens.\n

\n
\n\n
\n \n {\n setFormData((prev) => ({ ...prev, proxyUrl: e.target.value }))\n }}\n placeholder=\"https://proxy.example.com\"\n />\n

\n (Optional) URL of the custom proxy for this region\n

\n
\n\n
\n \n {\n setFormData((prev) => ({ ...prev, sshGatewayUrl: e.target.value }))\n }}\n placeholder=\"https://ssh-gateway.example.com\"\n />\n

\n (Optional) URL of the custom SSH gateway for this region\n

\n
\n\n
\n \n {\n setFormData((prev) => ({ ...prev, snapshotManagerUrl: e.target.value }))\n }}\n placeholder=\"https://snapshot-manager.example.com\"\n />\n

\n (Optional) URL of the custom snapshot manager for this region\n

\n
\n \n )}\n\n \n \n \n \n {!createdRegion &&\n (loading ? (\n \n ) : (\n \n ))}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/CreateRunnerDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React, { useState, useEffect } from 'react'\nimport { Region, CreateRunner, CreateRunnerResponse } from '@daytonaio/api-client'\nimport { Button } from '@/components/ui/button'\nimport { Input } from '@/components/ui/input'\nimport { Label } from '@/components/ui/label'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n DialogTrigger,\n} from '@/components/ui/dialog'\nimport { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '@/components/ui/select'\nimport { toast } from 'sonner'\nimport { Plus, Copy } from 'lucide-react'\nimport { getMaskedToken } from '@/lib/utils'\n\nconst DEFAULT_FORM_DATA = {\n name: '',\n regionId: '',\n}\n\ninterface CreateRunnerDialogProps {\n regions: Region[]\n onCreateRunner: (data: CreateRunner) => Promise\n}\n\nexport const CreateRunnerDialog: React.FC = ({ regions, onCreateRunner }) => {\n const [open, setOpen] = useState(false)\n const [loading, setLoading] = useState(false)\n\n const [createdRunner, setCreatedRunner] = useState(null)\n const [isTokenRevealed, setIsTokenRevealed] = useState(false)\n\n const [formData, setFormData] = useState(DEFAULT_FORM_DATA)\n const [formErrors, setFormErrors] = useState>({})\n\n useEffect(() => {\n if (regions.length > 0 && !formData.regionId) {\n setFormData((prev) => ({ ...prev, regionId: regions[0].id }))\n }\n }, [regions, formData.regionId])\n\n const validateForm = () => {\n const errors: Record = {}\n\n if (!formData.name.trim()) {\n errors.name = 'Name is required'\n }\n\n if (!formData.regionId) {\n errors.regionId = 'Region is required'\n }\n\n setFormErrors(errors)\n return Object.keys(errors).length === 0\n }\n\n const handleCreate = async () => {\n if (!validateForm()) {\n return\n }\n\n setLoading(true)\n try {\n const runner = await onCreateRunner({\n name: formData.name.trim(),\n regionId: formData.regionId,\n })\n if (runner) {\n setCreatedRunner(runner)\n setFormData({\n ...DEFAULT_FORM_DATA,\n regionId: regions.length > 0 ? regions[0].id : '',\n })\n setFormErrors({})\n }\n } finally {\n setLoading(false)\n }\n }\n\n const copyToClipboard = async (text: string) => {\n try {\n await navigator.clipboard.writeText(text)\n toast.success('Copied to clipboard')\n } catch (err) {\n console.error('Failed to copy text:', err)\n toast.error('Failed to copy to clipboard')\n }\n }\n\n if (regions.length === 0) {\n return null\n }\n\n return (\n {\n setOpen(isOpen)\n if (!isOpen) {\n setCreatedRunner(null)\n setFormData({\n ...DEFAULT_FORM_DATA,\n regionId: regions.length > 0 ? regions[0].id : '',\n })\n setFormErrors({})\n }\n }}\n >\n \n \n \n\n \n \n Create New Runner\n Add configuration for a new runner in your selected region.\n \n\n {createdRunner ? (\n
\n
\n \n
\n setIsTokenRevealed(true)}\n onMouseLeave={() => setIsTokenRevealed(false)}\n >\n {isTokenRevealed ? createdRunner.apiKey : getMaskedToken(createdRunner.apiKey)}\n \n copyToClipboard(createdRunner.apiKey)}\n />\n
\n

\n Save this token securely. You won't be able to see it again.\n

\n
\n
\n ) : (\n {\n e.preventDefault()\n await handleCreate()\n }}\n >\n
\n \n {\n setFormData((prev) => ({ ...prev, regionId: value }))\n if (formErrors.regionId) {\n setFormErrors((prev) => ({ ...prev, regionId: '' }))\n }\n }}\n >\n \n \n \n \n {regions.map((region) => (\n \n {region.name}\n \n ))}\n \n \n {formErrors.regionId &&

{formErrors.regionId}

}\n
\n\n
\n \n {\n setFormData((prev) => ({ ...prev, name: e.target.value }))\n }}\n placeholder=\"runner-1\"\n />\n {formErrors.name &&

{formErrors.name}

}\n
\n \n )}\n\n \n \n \n \n {!createdRunner &&\n (loading ? (\n \n ) : (\n \n ))}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/DebouncedInput.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { useEffect, useState } from 'react'\nimport { Input } from './ui/input'\n\nexport const DebouncedInput = ({\n value: initialValue,\n onChange,\n debounce = 500,\n ...props\n}: {\n value: string | number\n onChange: (value: string | number) => void\n debounce?: number\n} & Omit, 'onChange'>) => {\n const [value, setValue] = useState(initialValue)\n\n useEffect(() => {\n setValue(initialValue)\n }, [initialValue])\n\n useEffect(() => {\n const timeout = setTimeout(() => {\n onChange(value)\n }, debounce)\n\n return () => clearTimeout(timeout)\n }, [value])\n\n return setValue(e.target.value)} />\n}\n" }, { "path": "apps/dashboard/src/components/EllipsisWithTooltip.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { cn } from '@/lib/utils'\nimport { Slot } from '@radix-ui/react-slot'\nimport { useRef, useState } from 'react'\nimport { Tooltip, TooltipContent, TooltipTrigger } from './ui/tooltip'\n\nexport function EllipsisWithTooltip({\n children,\n asChild,\n className,\n ...props\n}: {\n children: React.ReactNode\n className?: string\n asChild?: boolean\n}) {\n const [isOpen, setIsOpen] = useState(false)\n const triggerRef = useRef(null)\n\n const Comp = asChild ? Slot : 'div'\n\n return (\n {\n if (shouldOpen) {\n const isTruncated = triggerRef.current && triggerRef.current.scrollWidth > triggerRef.current.clientWidth\n if (isTruncated) {\n setIsOpen(true)\n }\n } else {\n setIsOpen(false)\n }\n }}\n delayDuration={300}\n >\n \n \n {children}\n \n \n {children}\n \n )\n}\n" }, { "path": "apps/dashboard/src/components/ErrorBoundaryFallback.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Dialog, DialogHeader, DialogDescription, DialogTitle, DialogContent } from '@/components/ui/dialog'\nimport { Button } from '@/components/ui/button'\nimport { FallbackProps } from 'react-error-boundary'\n\nexport function ErrorBoundaryFallback({ error, resetErrorBoundary }: FallbackProps) {\n return (\n \n button]:hidden\">\n \n Something went wrong\n \n We're having trouble loading the dashboard. This could be due to a temporary service issue or network\n problem. Please try again or contact support if the issue persists.\n \n \n\n
\n
\n

Error Details:

\n

\n {error?.message || 'Unknown error'}\n

\n
\n\n {error?.stack && (\n
\n \n Stack Trace (click to expand)\n \n 
\n                {error.stack}\n
\n
\n )}\n\n
\n \n \n
\n
\n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/Invoices/InvoicesTableActions.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { MoreHorizontalIcon } from 'lucide-react'\nimport {\n AlertDialog,\n AlertDialogAction,\n AlertDialogCancel,\n AlertDialogContent,\n AlertDialogDescription,\n AlertDialogFooter,\n AlertDialogHeader,\n AlertDialogTitle,\n AlertDialogTrigger,\n} from '../ui/alert-dialog'\nimport { Button } from '../ui/button'\nimport {\n DropdownMenu,\n DropdownMenuContent,\n DropdownMenuItem,\n DropdownMenuSeparator,\n DropdownMenuTrigger,\n} from '../ui/dropdown-menu'\nimport { InvoicesTableActionsProps } from './types'\n\nexport function InvoicesTableActions({ invoice, onView, onVoid, onPay }: InvoicesTableActionsProps) {\n if (!onView && !onVoid && !onPay) {\n return null\n }\n\n return (\n
\n \n \n \n \n \n {onView && (\n onView?.(invoice)}>\n View\n \n )}\n {onPay && (\n onPay?.(invoice)}>\n Pay\n \n )}\n {onVoid && (\n <>\n \n \n \n e.preventDefault()}\n variant=\"destructive\"\n >\n Void\n \n \n \n \n Void Invoice\n \n Are you sure you want to void the invoice {invoice.number}?\n
\n This action cannot be undone.\n \n \n \n Cancel\n onVoid?.(invoice)} variant=\"destructive\">\n Void\n \n \n \n \n \n )}\n \n \n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/Invoices/InvoicesTableHeader.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Search } from 'lucide-react'\nimport React from 'react'\nimport { DebouncedInput } from '../DebouncedInput'\nimport { InvoicesTableHeaderProps } from './types'\n\nexport function InvoicesTableHeader({ table }: InvoicesTableHeaderProps) {\n const [globalFilter, setGlobalFilter] = React.useState('')\n\n React.useEffect(() => {\n const down = (e: KeyboardEvent) => {\n if (e.key === 'k' && (e.metaKey || e.ctrlKey)) {\n e.preventDefault()\n // Focus search input\n const searchInput = document.querySelector('[data-search-input]') as HTMLInputElement\n if (searchInput) {\n searchInput.focus()\n }\n }\n }\n\n document.addEventListener('keydown', down)\n return () => document.removeEventListener('keydown', down)\n }, [])\n\n return (\n
\n
\n
\n \n {\n setGlobalFilter(String(value))\n table.setGlobalFilter(String(value))\n }}\n className=\"pl-8\"\n data-search-input\n />\n
\n
\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/Invoices/columns.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Invoice } from '@/billing-api/types/Invoice'\nimport { formatAmount } from '@/lib/utils'\nimport { ColumnDef } from '@tanstack/react-table'\nimport { ArrowDown, ArrowUp } from 'lucide-react'\nimport React from 'react'\nimport { Badge } from '../ui/badge'\nimport { InvoicesTableActions } from './InvoicesTableActions'\n\ninterface SortableHeaderProps {\n column: any\n label: string\n dataState?: string\n}\n\nconst SortableHeader: React.FC = ({ column, label, dataState }) => {\n return (\n column.toggleSorting(column.getIsSorted() === 'asc')}\n className=\"flex items-center\"\n {...(dataState && { 'data-state': dataState })}\n >\n {label}\n {column.getIsSorted() === 'asc' ? (\n \n ) : column.getIsSorted() === 'desc' ? (\n \n ) : (\n
\n )}\n
\n )\n}\n\ninterface GetColumnsProps {\n onViewInvoice?: (invoice: Invoice) => void\n onVoidInvoice?: (invoice: Invoice) => void\n onPayInvoice?: (invoice: Invoice) => void\n}\n\nexport function getColumns({ onViewInvoice, onVoidInvoice, onPayInvoice }: GetColumnsProps): ColumnDef[] {\n const columns: ColumnDef[] = [\n {\n id: 'number',\n header: ({ column }) => {\n return \n },\n accessorKey: 'number',\n cell: ({ row }) => {\n return (\n
\n {row.original.number}\n
\n )\n },\n sortingFn: (rowA, rowB) => {\n return rowA.original.number.localeCompare(rowB.original.number)\n },\n },\n {\n id: 'issuingDate',\n size: 140,\n header: ({ column }) => {\n return \n },\n cell: ({ row }) => {\n const date = new Date(row.original.issuingDate)\n return (\n
\n {date.toLocaleDateString('en-US', { year: 'numeric', month: 'short', day: 'numeric' })}\n
\n )\n },\n accessorFn: (row) => new Date(row.issuingDate).getTime(),\n sortingFn: (rowA, rowB) => {\n return new Date(rowA.original.issuingDate).getTime() - new Date(rowB.original.issuingDate).getTime()\n },\n },\n {\n id: 'paymentDueDate',\n size: 140,\n header: ({ column }) => {\n return \n },\n cell: ({ row }) => {\n const date = new Date(row.original.paymentDueDate)\n return (\n
\n {date.toLocaleDateString('en-US', { year: 'numeric', month: 'short', day: 'numeric' })}\n
\n )\n },\n accessorFn: (row) => new Date(row.paymentDueDate).getTime(),\n sortingFn: (rowA, rowB) => {\n return new Date(rowA.original.paymentDueDate).getTime() - new Date(rowB.original.paymentDueDate).getTime()\n },\n },\n {\n id: 'totalAmountCents',\n size: 120,\n header: ({ column }) => {\n return \n },\n cell: ({ row }) => {\n return (\n
\n {formatAmount(row.original.totalAmountCents)}\n
\n )\n },\n accessorKey: 'totalAmountCents',\n sortingFn: (rowA, rowB) => {\n return rowA.original.totalAmountCents - rowB.original.totalAmountCents\n },\n },\n {\n id: 'paymentStatus',\n size: 120,\n header: ({ column }) => {\n return \n },\n cell: ({ row }) => {\n const invoice = row.original\n const isSucceeded = invoice.paymentStatus === 'succeeded'\n const isFailed = invoice.paymentStatus === 'failed'\n const isOverdue = invoice.paymentOverdue\n\n let variant: 'success' | 'destructive' | 'secondary' = 'secondary'\n let label = 'Pending'\n\n if (isSucceeded) {\n variant = 'success'\n label = 'Paid'\n } else if (isOverdue || isFailed) {\n variant = 'destructive'\n label = isOverdue ? 'Overdue' : 'Failed'\n }\n\n if (invoice.status === 'voided') {\n label = 'Voided'\n }\n\n return (\n
\n {label}\n
\n )\n },\n accessorKey: 'paymentStatus',\n sortingFn: (rowA, rowB) => {\n const statusOrder = { succeeded: 0, pending: 1, failed: 2 }\n return (statusOrder[rowA.original.paymentStatus] ?? 3) - (statusOrder[rowB.original.paymentStatus] ?? 3)\n },\n },\n {\n id: 'type',\n size: 120,\n header: ({ column }) => {\n return \n },\n cell: ({ row }) => {\n const type = row.original.type\n const displayType = type === 'subscription' ? 'Subscription' : 'One Time'\n return (\n
\n {displayType}\n
\n )\n },\n accessorKey: 'type',\n sortingFn: (rowA, rowB) => {\n return rowA.original.type.localeCompare(rowB.original.type)\n },\n },\n {\n id: 'actions',\n size: 100,\n enableHiding: false,\n cell: ({ row }) => {\n const isPayable = row.original.paymentStatus === 'pending' && row.original.status === 'finalized'\n const isViewable = Boolean(row.original.fileUrl)\n const isVoidable =\n row.original.status === 'finalized' && ['pending', 'failed'].includes(row.original.paymentStatus)\n\n return (\n
\n \n
\n )\n },\n },\n ]\n\n return columns\n}\n" }, { "path": "apps/dashboard/src/components/Invoices/index.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { cn } from '@/lib/utils'\nimport { flexRender } from '@tanstack/react-table'\nimport { FileText } from 'lucide-react'\nimport { Pagination } from '../Pagination'\nimport { TableEmptyState } from '../TableEmptyState'\nimport { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '../ui/table'\nimport { InvoicesTableHeader } from './InvoicesTableHeader'\nimport { InvoicesTableProps } from './types'\nimport { useInvoicesTable } from './useInvoicesTable'\n\nexport function InvoicesTable({\n data,\n pagination,\n totalItems,\n pageCount,\n onPaginationChange,\n loading,\n onViewInvoice,\n onVoidInvoice,\n onRowClick,\n onPayInvoice,\n}: InvoicesTableProps) {\n const { table } = useInvoicesTable({\n data,\n pagination,\n pageCount,\n onPaginationChange,\n onViewInvoice,\n onVoidInvoice,\n onPayInvoice,\n })\n\n return (\n <>\n \n\n \n \n {table.getHeaderGroups().map((headerGroup) => (\n \n {headerGroup.headers.map((header) => {\n return (\n \n header.column.getCanSort() && header.column.toggleSorting(header.column.getIsSorted() === 'asc')\n }\n className={cn(\n 'sticky top-0 z-[3] border-b border-border',\n header.column.getCanSort() ? 'hover:bg-muted cursor-pointer' : '',\n )}\n >\n {header.isPlaceholder ? null : flexRender(header.column.columnDef.header, header.getContext())}\n \n )\n })}\n \n ))}\n \n \n {loading ? (\n \n \n Loading...\n \n \n ) : table.getRowModel().rows?.length ? (\n table.getRowModel().rows.map((row) => (\n onRowClick?.(row.original)}\n >\n {row.getVisibleCells().map((cell) => (\n {\n if (cell.column.id === 'actions') {\n e.stopPropagation()\n }\n }}\n className=\"border-b border-border\"\n style={{\n width: cell.column.id === 'number' ? '20%' : 'auto',\n maxWidth: cell.column.getSize() + 80,\n minWidth: cell.column.getSize(),\n }}\n sticky={cell.column.id === 'actions' ? 'right' : undefined}\n >\n {flexRender(cell.column.columnDef.cell, cell.getContext())}\n \n ))}\n \n ))\n ) : (\n }\n description={\n
\n

Invoices will appear here once they are generated.

\n
\n }\n />\n )}\n \n
\n\n
\n \n
\n \n )\n}\n" }, { "path": "apps/dashboard/src/components/Invoices/types.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Invoice } from '@/billing-api'\nimport { Table } from '@tanstack/react-table'\n\nexport interface InvoicesTableProps {\n data: Invoice[]\n totalItems: number\n pagination: {\n pageIndex: number\n pageSize: number\n }\n pageCount: number\n onPaginationChange: (pagination: { pageIndex: number; pageSize: number }) => void\n loading: boolean\n onViewInvoice?: (invoice: Invoice) => void\n onVoidInvoice?: (invoice: Invoice) => void\n onRowClick?: (invoice: Invoice) => void\n onPayInvoice?: (invoice: Invoice) => void\n}\n\nexport interface InvoicesTableActionsProps {\n invoice: Invoice\n onView?: (invoice: Invoice) => void\n onVoid?: (invoice: Invoice) => void\n onPay?: (invoice: Invoice) => void\n}\n\nexport interface InvoicesTableHeaderProps {\n table: Table\n}\n" }, { "path": "apps/dashboard/src/components/Invoices/useInvoicesTable.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Invoice } from '@/billing-api/types/Invoice'\nimport {\n ColumnFiltersState,\n getCoreRowModel,\n getFacetedRowModel,\n getFacetedUniqueValues,\n getFilteredRowModel,\n getPaginationRowModel,\n getSortedRowModel,\n SortingState,\n useReactTable,\n} from '@tanstack/react-table'\nimport { useMemo, useState } from 'react'\nimport { getColumns } from './columns'\n\ninterface UseInvoicesTableProps {\n pagination: {\n pageIndex: number\n pageSize: number\n }\n pageCount: number\n onPaginationChange: (pagination: { pageIndex: number; pageSize: number }) => void\n data: Invoice[]\n onViewInvoice?: (invoice: Invoice) => void\n onVoidInvoice?: (invoice: Invoice) => void\n onPayInvoice?: (invoice: Invoice) => void\n}\n\nexport function useInvoicesTable({\n data,\n pagination,\n pageCount,\n onPaginationChange,\n onViewInvoice,\n onVoidInvoice,\n onPayInvoice,\n}: UseInvoicesTableProps) {\n const [sorting, setSorting] = useState([\n {\n id: 'issuingDate',\n desc: true,\n },\n ])\n const [columnFilters, setColumnFilters] = useState([])\n\n const columns = useMemo(\n () =>\n getColumns({\n onViewInvoice,\n onVoidInvoice,\n onPayInvoice,\n }),\n [onViewInvoice, onVoidInvoice, onPayInvoice],\n )\n\n const table = useReactTable({\n data,\n columns,\n onColumnFiltersChange: setColumnFilters,\n getCoreRowModel: getCoreRowModel(),\n getPaginationRowModel: getPaginationRowModel(),\n onSortingChange: setSorting,\n getSortedRowModel: getSortedRowModel(),\n getFacetedRowModel: getFacetedRowModel(),\n getFacetedUniqueValues: getFacetedUniqueValues(),\n getFilteredRowModel: getFilteredRowModel(),\n manualPagination: true,\n pageCount: pageCount,\n onPaginationChange: (updater) => {\n const newPagination = typeof updater === 'function' ? updater(table.getState().pagination) : updater\n onPaginationChange(newPagination)\n },\n state: {\n sorting,\n columnFilters,\n pagination: {\n pageIndex: pagination.pageIndex,\n pageSize: pagination.pageSize,\n },\n },\n defaultColumn: {\n size: 100,\n },\n getRowId: (row) => row.id,\n })\n\n return {\n table,\n sorting,\n columnFilters,\n }\n}\n" }, { "path": "apps/dashboard/src/components/LimitUsageChart.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n ChartConfig,\n ChartContainer,\n ChartLegend,\n ChartLegendContent,\n ChartTooltip,\n ChartTooltipContent,\n} from '@/components/ui/chart'\nimport { FacetFilter } from '@/components/ui/facet-filter'\nimport { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '@/components/ui/select'\nimport type { RegionUsageOverview } from '@daytonaio/api-client'\nimport { useMemo, useState } from 'react'\nimport { Bar, BarChart, CartesianGrid, ReferenceLine, XAxis, YAxis } from 'recharts'\n\ntype ResourceKey = 'cpu' | 'ram' | 'storage'\n\nconst clamp = (v: number) => Math.max(0, Math.min(100, Math.round(v * 10) / 10))\n\nconst formatDate = (value: string) => new Date(value).toLocaleDateString(undefined, { month: 'short', day: '2-digit' })\n\ninterface PastUsage {\n date: string\n peakCpuUsage: number\n peakMemoryUsage: number\n peakDiskUsage: number\n}\n\nexport function LimitUsageChart({\n defaultPeriod = 30,\n defaultResources = ['ram', 'cpu', 'storage'],\n pastUsage = [],\n currentUsage,\n title,\n}: {\n defaultPeriod?: number\n defaultResources?: ResourceKey[]\n pastUsage: PastUsage[]\n currentUsage?: RegionUsageOverview | null\n title?: React.ReactNode\n}) {\n const [period, setPeriod] = useState(defaultPeriod.toString())\n\n const [selected, setSelected] = useState>(new Set(defaultResources))\n\n const data = useMemo(() => {\n if (!currentUsage) {\n return []\n }\n\n const { totalCpuQuota, totalMemoryQuota, totalDiskQuota } = currentUsage\n return pastUsage.slice(-Number(period)).map((r) => ({\n date: r.date,\n cpu: clamp((r.peakCpuUsage / totalCpuQuota) * 100),\n ram: clamp((r.peakMemoryUsage / totalMemoryQuota) * 100),\n storage: clamp((r.peakDiskUsage / totalDiskQuota) * 100),\n }))\n }, [pastUsage, currentUsage, period])\n\n const config: ChartConfig = useMemo(() => {\n const full: Record = {\n cpu: { label: 'CPU', color: 'hsl(var(--chart-3))' },\n ram: { label: 'RAM', color: 'hsl(var(--chart-2))' },\n storage: { label: 'Storage', color: 'hsl(var(--chart-1))' },\n }\n return Object.fromEntries(Object.entries(full).filter(([k]) => selected.has(k as ResourceKey))) as ChartConfig\n }, [selected])\n\n return (\n
\n
\n {title}\n
\n setSelected(new Set(key as Set))}\n />\n \n
\n
\n\n \n \n \n \n `${v}%`}\n />\n \n \n formatDate(label)}\n valueFormatter={(value) => `${value}%`}\n />\n }\n />\n } />\n {selected.has('storage') && }\n {selected.has('ram') && }\n {selected.has('cpu') && }\n \n \n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/LiveIndicator.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { useQueryCountdown } from '@/hooks/useQueryCountdown'\nimport { cn } from '@/lib/utils'\nimport { Tooltip } from './Tooltip'\n\nexport function LiveIndicator({\n isUpdating,\n intervalMs,\n lastUpdatedAt,\n}: {\n isUpdating: boolean\n intervalMs: number\n lastUpdatedAt: number\n}) {\n const refreshingIn = useQueryCountdown(lastUpdatedAt, intervalMs)\n\n return (\n \n
Data is refreshed every {intervalMs / 1000} seconds.
\n \n Refreshing{' '}\n {isUpdating ? (\n ''\n ) : (\n <>\n in {refreshingIn}s\n \n )}\n ...\n \n \n }\n label={\n
\n \n \n
\n \n Live\n \n \n }\n />\n )\n}\n" }, { "path": "apps/dashboard/src/components/LoadingFallback.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Logo, LogoText } from '@/assets/Logo'\nimport {\n Sidebar as SidebarComponent,\n SidebarContent,\n SidebarFooter,\n SidebarGroup,\n SidebarInset,\n SidebarProvider,\n} from '@/components/ui/sidebar'\nimport { motion } from 'framer-motion'\nimport { Loader2 } from 'lucide-react'\nimport { useEffect, useState } from 'react'\nimport { Skeleton } from './ui/skeleton'\n\nconst LoadingFallback = () => {\n const [showLongLoadingMessage, setShowLongLoadingMessage] = useState(false)\n\n useEffect(() => {\n const timer = setTimeout(() => {\n setShowLongLoadingMessage(true)\n }, 5_000)\n\n return () => clearTimeout(timer)\n }, [])\n\n return (\n \n \n \n \n
\n
\n \n \n
\n
\n\n \n\n
\n \n \n \n \n \n
\n \n \n \n
\n \n \n \n
\n \n \n \n
\n
\n \n \n

This is taking longer than expected...

\n

\n If this issue persists, contact us at{' '}\n \n support@daytona.io\n \n .\n

\n \n
\n
\n \n \n )\n}\n\nexport default LoadingFallback\n" }, { "path": "apps/dashboard/src/components/OrganizationMembers/CancelOrganizationInvitationDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React from 'react'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\nimport { Button } from '@/components/ui/button'\n\ninterface CancelOrganizationInvitationDialogProps {\n open: boolean\n onOpenChange: (open: boolean) => void\n onCancelInvitation: () => Promise\n loading: boolean\n}\n\nexport const CancelOrganizationInvitationDialog: React.FC = ({\n open,\n onOpenChange,\n onCancelInvitation,\n loading,\n}) => {\n const handleCancelInvitation = async () => {\n const success = await onCancelInvitation()\n if (success) {\n onOpenChange(false)\n }\n }\n\n return (\n \n \n \n Cancel Invitation\n \n Are you sure you want to cancel this invitation to join the organization?\n \n \n \n \n \n \n {loading ? (\n \n ) : (\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/OrganizationMembers/CreateOrganizationInvitationDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ViewerOrganizationRoleCheckbox } from '@/components/OrganizationMembers/ViewerOrganizationRoleCheckbox'\nimport { Button } from '@/components/ui/button'\nimport { Checkbox } from '@/components/ui/checkbox'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n DialogTrigger,\n} from '@/components/ui/dialog'\nimport { Input } from '@/components/ui/input'\nimport { Label } from '@/components/ui/label'\nimport { RadioGroup, RadioGroupItem } from '@/components/ui/radio-group'\nimport { CreateOrganizationInvitationRoleEnum, OrganizationRole } from '@daytonaio/api-client'\nimport { Plus } from 'lucide-react'\nimport React, { useEffect, useState } from 'react'\n\ninterface CreateOrganizationInvitationDialogProps {\n availableRoles: OrganizationRole[]\n loadingAvailableRoles: boolean\n onCreateInvitation: (\n email: string,\n role: CreateOrganizationInvitationRoleEnum,\n assignedRoleIds: string[],\n ) => Promise\n className?: string\n}\n\nexport const CreateOrganizationInvitationDialog: React.FC = ({\n availableRoles,\n loadingAvailableRoles,\n onCreateInvitation,\n className,\n}) => {\n const [open, setOpen] = useState(false)\n const [email, setEmail] = useState('')\n const [role, setRole] = useState(CreateOrganizationInvitationRoleEnum.MEMBER)\n const [assignedRoleIds, setAssignedRoleIds] = useState([])\n const [loading, setLoading] = useState(false)\n\n const [developerRole, setDeveloperRole] = useState(null)\n\n useEffect(() => {\n if (!loadingAvailableRoles) {\n const developerRole = availableRoles.find((r) => r.name === 'Developer')\n if (developerRole) {\n setDeveloperRole(developerRole)\n setAssignedRoleIds([developerRole.id])\n }\n }\n }, [loadingAvailableRoles, availableRoles])\n\n const handleRoleAssignmentToggle = (roleId: string) => {\n setAssignedRoleIds((current) => {\n if (current.includes(roleId)) {\n return current.filter((p) => p !== roleId)\n } else {\n return [...current, roleId]\n }\n })\n }\n\n const handleCreateInvitation = async () => {\n setLoading(true)\n const success = await onCreateInvitation(\n email,\n role,\n role === CreateOrganizationInvitationRoleEnum.OWNER ? [] : assignedRoleIds,\n )\n if (success) {\n setOpen(false)\n setEmail('')\n setRole(CreateOrganizationInvitationRoleEnum.MEMBER)\n if (developerRole) {\n setAssignedRoleIds([developerRole.id])\n } else {\n setAssignedRoleIds([])\n }\n }\n setLoading(false)\n }\n\n return (\n {\n setOpen(isOpen)\n if (!isOpen) {\n setEmail('')\n setRole(CreateOrganizationInvitationRoleEnum.MEMBER)\n if (developerRole) {\n setAssignedRoleIds([developerRole.id])\n } else {\n setAssignedRoleIds([])\n }\n }\n }}\n >\n \n \n \n \n \n Invite Member\n \n Give them access to the organization with an appropriate role and assignments.\n \n \n {\n e.preventDefault()\n await handleCreateInvitation()\n }}\n >\n
\n \n setEmail(e.target.value)}\n placeholder=\"mail@example.com\"\n />\n
\n\n
\n \n setRole(value)}\n >\n
\n \n
\n \n

\n Full administrative access to the organization and its resources\n

\n
\n
\n
\n \n
\n \n

Access to organization resources is based on assignments

\n
\n
\n \n
\n\n {role === CreateOrganizationInvitationRoleEnum.MEMBER && !loadingAvailableRoles && (\n
\n \n
\n \n {availableRoles.map((availableRole) => (\n
\n handleRoleAssignmentToggle(availableRole.id)}\n />\n
\n \n {availableRole.description && (\n

{availableRole.description}

\n )}\n
\n
\n ))}\n
\n
\n )}\n \n\n \n \n \n \n {loading ? (\n \n ) : (\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/OrganizationMembers/OrganizationInvitationTable.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { useState } from 'react'\nimport { MoreHorizontal } from 'lucide-react'\nimport {\n ColumnDef,\n flexRender,\n getCoreRowModel,\n getPaginationRowModel,\n getSortedRowModel,\n SortingState,\n useReactTable,\n} from '@tanstack/react-table'\nimport { OrganizationInvitation, OrganizationRole, UpdateOrganizationInvitationRoleEnum } from '@daytonaio/api-client'\nimport { Pagination } from '@/components/Pagination'\nimport { Button } from '@/components/ui/button'\nimport { DropdownMenu, DropdownMenuContent, DropdownMenuItem, DropdownMenuTrigger } from '@/components/ui/dropdown-menu'\nimport { TableHeader, TableRow, TableHead, TableBody, TableCell, Table } from '@/components/ui/table'\nimport { CancelOrganizationInvitationDialog } from '@/components/OrganizationMembers/CancelOrganizationInvitationDialog'\nimport { UpdateOrganizationInvitationDialog } from './UpdateOrganizationInvitationDialog'\nimport { DEFAULT_PAGE_SIZE } from '@/constants/Pagination'\nimport { TableEmptyState } from '../TableEmptyState'\n\ninterface DataTableProps {\n data: OrganizationInvitation[]\n loadingData: boolean\n availableRoles: OrganizationRole[]\n loadingAvailableRoles: boolean\n onCancelInvitation: (invitationId: string) => Promise\n onUpdateInvitation: (\n invitationId: string,\n role: UpdateOrganizationInvitationRoleEnum,\n assignedRoleIds: string[],\n ) => Promise\n loadingInvitationAction: Record\n}\n\nexport function OrganizationInvitationTable({\n data,\n loadingData,\n availableRoles,\n loadingAvailableRoles,\n onCancelInvitation,\n onUpdateInvitation,\n loadingInvitationAction,\n}: DataTableProps) {\n const [sorting, setSorting] = useState([])\n const [invitationToCancel, setInvitationToCancel] = useState(null)\n const [isCancelDialogOpen, setIsCancelDialogOpen] = useState(false)\n const [invitationToUpdate, setInvitationToUpdate] = useState(null)\n const [isUpdateDialogOpen, setIsUpdateDialogOpen] = useState(false)\n\n const handleCancel = (invitationId: string) => {\n setInvitationToCancel(invitationId)\n setIsCancelDialogOpen(true)\n }\n\n const handleUpdate = (invitation: OrganizationInvitation) => {\n setInvitationToUpdate(invitation)\n setIsUpdateDialogOpen(true)\n }\n\n const handleConfirmCancel = async () => {\n if (invitationToCancel) {\n const success = await onCancelInvitation(invitationToCancel)\n if (success) {\n setInvitationToCancel(null)\n setIsCancelDialogOpen(false)\n }\n return success\n }\n return false\n }\n\n const handleConfirmUpdate = async (role: UpdateOrganizationInvitationRoleEnum, assignedRoleIds: string[]) => {\n if (invitationToUpdate) {\n const success = await onUpdateInvitation(invitationToUpdate.id, role, assignedRoleIds)\n if (success) {\n setInvitationToUpdate(null)\n setIsUpdateDialogOpen(false)\n }\n return success\n }\n return false\n }\n\n const columns = getColumns({ onCancel: handleCancel, onUpdate: handleUpdate })\n\n const table = useReactTable({\n data,\n columns,\n getCoreRowModel: getCoreRowModel(),\n getPaginationRowModel: getPaginationRowModel(),\n onSortingChange: setSorting,\n getSortedRowModel: getSortedRowModel(),\n state: {\n sorting,\n },\n initialState: {\n pagination: {\n pageSize: DEFAULT_PAGE_SIZE,\n },\n },\n })\n\n return (\n <>\n
\n
\n \n \n {table.getHeaderGroups().map((headerGroup) => (\n \n {headerGroup.headers.map((header) => {\n return (\n \n {header.isPlaceholder ? null : flexRender(header.column.columnDef.header, header.getContext())}\n \n )\n })}\n \n ))}\n \n \n {loadingData ? (\n \n \n Loading...\n \n \n ) : table.getRowModel().rows?.length ? (\n table.getRowModel().rows.map((row) => (\n \n {row.getVisibleCells().map((cell) => (\n {flexRender(cell.column.columnDef.cell, cell.getContext())}\n ))}\n \n ))\n ) : (\n \n )}\n \n
\n
\n \n
\n\n {invitationToUpdate && (\n {\n setIsUpdateDialogOpen(open)\n if (!open) {\n setInvitationToUpdate(null)\n }\n }}\n invitation={invitationToUpdate}\n availableRoles={availableRoles}\n loadingAvailableRoles={loadingAvailableRoles}\n onUpdateInvitation={handleConfirmUpdate}\n />\n )}\n\n {invitationToCancel && (\n {\n setIsCancelDialogOpen(open)\n if (!open) {\n setInvitationToCancel(null)\n }\n }}\n onCancelInvitation={handleConfirmCancel}\n loading={loadingInvitationAction[invitationToCancel]}\n />\n )}\n \n )\n}\n\nconst getColumns = ({\n onCancel,\n onUpdate,\n}: {\n onCancel: (invitationId: string) => void\n onUpdate: (invitation: OrganizationInvitation) => void\n}): ColumnDef[] => {\n const columns: ColumnDef[] = [\n {\n accessorKey: 'email',\n header: 'Email',\n },\n {\n accessorKey: 'invitedBy',\n header: 'Invited by',\n },\n {\n accessorKey: 'expiresAt',\n header: 'Expires',\n cell: ({ row }) => {\n return new Date(row.original.expiresAt).toLocaleDateString()\n },\n },\n {\n accessorKey: 'status',\n header: 'Status',\n cell: ({ row }) => {\n const isExpired = new Date(row.original.expiresAt) < new Date()\n return isExpired ? Expired : 'Pending'\n },\n },\n {\n id: 'actions',\n cell: ({ row }) => {\n const isExpired = new Date(row.original.expiresAt) < new Date()\n if (isExpired) {\n return null\n }\n return (\n
\n \n \n \n \n\n \n onUpdate(row.original)}>\n Edit\n \n onCancel(row.original.id)}\n >\n Cancel\n \n \n \n
\n )\n },\n },\n ]\n\n return columns\n}\n" }, { "path": "apps/dashboard/src/components/OrganizationMembers/OrganizationMemberTable.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { useState } from 'react'\nimport { MoreHorizontal } from 'lucide-react'\nimport {\n ColumnDef,\n flexRender,\n getCoreRowModel,\n getPaginationRowModel,\n getSortedRowModel,\n SortingState,\n useReactTable,\n} from '@tanstack/react-table'\nimport { OrganizationRole, OrganizationUser, OrganizationUserRoleEnum } from '@daytonaio/api-client'\nimport { Pagination } from '@/components/Pagination'\nimport { Button } from '@/components/ui/button'\nimport { DropdownMenu, DropdownMenuContent, DropdownMenuItem, DropdownMenuTrigger } from '@/components/ui/dropdown-menu'\nimport { TableHeader, TableRow, TableHead, TableBody, TableCell, Table } from '@/components/ui/table'\nimport { RemoveOrganizationMemberDialog } from '@/components/OrganizationMembers/RemoveOrganizationMemberDialog'\nimport { UpdateOrganizationMemberAccess } from '@/components/OrganizationMembers/UpdateOrganizationMemberAccessDialog'\nimport { capitalize } from '@/lib/utils'\nimport { DEFAULT_PAGE_SIZE } from '@/constants/Pagination'\nimport { TableEmptyState } from '../TableEmptyState'\n\ninterface DataTableProps {\n data: OrganizationUser[]\n loadingData: boolean\n availableAssignments: OrganizationRole[]\n loadingAvailableAssignments: boolean\n onUpdateMemberAccess: (userId: string, role: OrganizationUserRoleEnum, assignedRoleIds: string[]) => Promise\n onRemoveMember: (userId: string) => Promise\n loadingMemberAction: Record\n ownerMode: boolean\n}\n\nexport function OrganizationMemberTable({\n data,\n loadingData,\n availableAssignments,\n loadingAvailableAssignments,\n onUpdateMemberAccess,\n onRemoveMember,\n loadingMemberAction,\n ownerMode,\n}: DataTableProps) {\n const [sorting, setSorting] = useState([])\n const [memberToUpdate, setMemberToUpdate] = useState(null)\n const [isUpdateMemberAccessDialogOpen, setIsUpdateMemberAccessDialogOpen] = useState(false)\n const [memberToRemove, setMemberToRemove] = useState(null)\n const [isRemoveDialogOpen, setIsRemoveDialogOpen] = useState(false)\n\n const columns = getColumns({\n onUpdateMemberRole: (member) => {\n setMemberToUpdate(member)\n setIsUpdateMemberAccessDialogOpen(true)\n },\n onUpdateAssignedRoles: (member) => {\n setMemberToUpdate(member)\n setIsUpdateMemberAccessDialogOpen(true)\n },\n onRemove: (userId: string) => {\n setMemberToRemove(userId)\n setIsRemoveDialogOpen(true)\n },\n ownerMode,\n })\n\n const table = useReactTable({\n data,\n columns,\n getCoreRowModel: getCoreRowModel(),\n getPaginationRowModel: getPaginationRowModel(),\n onSortingChange: setSorting,\n getSortedRowModel: getSortedRowModel(),\n state: {\n sorting,\n },\n initialState: {\n pagination: {\n pageSize: DEFAULT_PAGE_SIZE,\n },\n },\n })\n\n const handleUpdateMemberAccess = async (role: OrganizationUserRoleEnum, assignedRoleIds: string[]) => {\n if (memberToUpdate) {\n const success = await onUpdateMemberAccess(memberToUpdate.userId, role, assignedRoleIds)\n if (success) {\n setMemberToUpdate(null)\n setIsUpdateMemberAccessDialogOpen(false)\n }\n return success\n }\n return false\n }\n\n const handleConfirmRemove = async () => {\n if (memberToRemove) {\n const success = await onRemoveMember(memberToRemove)\n if (success) {\n setMemberToRemove(null)\n setIsRemoveDialogOpen(false)\n }\n return success\n }\n return false\n }\n\n return (\n <>\n
\n
\n \n \n {table.getHeaderGroups().map((headerGroup) => (\n \n {headerGroup.headers.map((header) => {\n return (\n \n {header.isPlaceholder ? null : flexRender(header.column.columnDef.header, header.getContext())}\n \n )\n })}\n \n ))}\n \n \n {loadingData ? (\n \n \n Loading...\n \n \n ) : table.getRowModel().rows?.length ? (\n table.getRowModel().rows.map((row) => (\n \n {row.getVisibleCells().map((cell) => (\n {flexRender(cell.column.columnDef.cell, cell.getContext())}\n ))}\n \n ))\n ) : (\n \n )}\n \n
\n
\n \n
\n\n {memberToUpdate && (\n {\n setIsUpdateMemberAccessDialogOpen(open)\n if (!open) {\n setMemberToUpdate(null)\n }\n }}\n initialRole={memberToUpdate.role}\n initialAssignments={memberToUpdate.assignedRoles}\n availableAssignments={availableAssignments}\n loadingAvailableAssignments={loadingAvailableAssignments}\n onUpdateAccess={handleUpdateMemberAccess}\n processingUpdateAccess={loadingMemberAction[memberToUpdate.userId]}\n />\n )}\n\n {memberToRemove && (\n {\n setIsRemoveDialogOpen(open)\n if (!open) {\n setMemberToRemove(null)\n }\n }}\n onRemoveMember={handleConfirmRemove}\n loading={loadingMemberAction[memberToRemove]}\n />\n )}\n \n )\n}\n\nconst getColumns = ({\n onUpdateMemberRole,\n onUpdateAssignedRoles,\n onRemove,\n ownerMode,\n}: {\n onUpdateMemberRole: (member: OrganizationUser) => void\n onUpdateAssignedRoles: (member: OrganizationUser) => void\n onRemove: (userId: string) => void\n ownerMode: boolean\n}): ColumnDef[] => {\n const columns: ColumnDef[] = [\n {\n accessorKey: 'email',\n header: 'Email',\n },\n {\n accessorKey: 'role',\n header: () => {\n return
Role
\n },\n cell: ({ row }) => {\n const role = capitalize(row.original.role)\n\n if (!ownerMode) {\n return
{role}
\n }\n\n return (\n \n )\n },\n },\n ]\n\n if (ownerMode) {\n const extraColumns: ColumnDef[] = [\n {\n accessorKey: 'assignedRoles',\n header: () => {\n return
Assignments
\n },\n cell: ({ row }) => {\n if (row.original.role === OrganizationUserRoleEnum.OWNER) {\n return
Full Access
\n }\n\n const roleCount = row.original.assignedRoles?.length || 0\n const roleText = roleCount === 1 ? '1 role' : `${roleCount} roles`\n\n return (\n \n )\n },\n },\n {\n id: 'actions',\n cell: ({ row }) => {\n return (\n
\n \n \n \n \n\n \n onUpdateMemberRole(row.original)}>\n Change Role\n \n {row.original.role !== OrganizationUserRoleEnum.OWNER && (\n onUpdateAssignedRoles(row.original)}>\n Manage Assignments\n \n )}\n onRemove(row.original.userId)}\n >\n Remove\n \n \n \n
\n )\n },\n },\n ]\n columns.push(...extraColumns)\n }\n\n return columns\n}\n" }, { "path": "apps/dashboard/src/components/OrganizationMembers/RemoveOrganizationMemberDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React from 'react'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\nimport { Button } from '@/components/ui/button'\n\ninterface RemoveOrganizationMemberDialogProps {\n open: boolean\n onOpenChange: (open: boolean) => void\n onRemoveMember: () => Promise\n loading: boolean\n}\n\nexport const RemoveOrganizationMemberDialog: React.FC = ({\n open,\n onOpenChange,\n onRemoveMember,\n loading,\n}) => {\n const handleRemoveMember = async () => {\n const success = await onRemoveMember()\n if (success) {\n onOpenChange(false)\n }\n }\n\n return (\n \n \n \n Remove Member\n \n Are you sure you want to remove this member from the organization? Any API keys they have created will\n become ineffective.\n \n \n \n \n \n \n {loading ? (\n \n ) : (\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/OrganizationMembers/UpdateOrganizationInvitationDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React, { useState } from 'react'\nimport {\n UpdateOrganizationInvitationRoleEnum,\n OrganizationRole,\n OrganizationInvitation,\n OrganizationInvitationRoleEnum,\n} from '@daytonaio/api-client'\nimport { Button } from '@/components/ui/button'\nimport { Checkbox } from '@/components/ui/checkbox'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\nimport { Input } from '@/components/ui/input'\nimport { Label } from '@/components/ui/label'\nimport { RadioGroup, RadioGroupItem } from '@/components/ui/radio-group'\nimport { ViewerOrganizationRoleCheckbox } from '@/components/OrganizationMembers/ViewerOrganizationRoleCheckbox'\n\ninterface UpdateOrganizationInvitationDialogProps {\n open: boolean\n onOpenChange: (open: boolean) => void\n invitation: OrganizationInvitation\n availableRoles: OrganizationRole[]\n loadingAvailableRoles: boolean\n onUpdateInvitation: (role: UpdateOrganizationInvitationRoleEnum, assignedRoleIds: string[]) => Promise\n}\n\nexport const UpdateOrganizationInvitationDialog: React.FC = ({\n open,\n onOpenChange,\n invitation,\n availableRoles,\n loadingAvailableRoles,\n onUpdateInvitation,\n}) => {\n const [role, setRole] = useState(invitation.role)\n const [assignedRoleIds, setAssignedRoleIds] = useState(invitation.assignedRoles.map((role) => role.id))\n const [loading, setLoading] = useState(false)\n\n const handleRoleAssignmentToggle = (roleId: string) => {\n setAssignedRoleIds((current) => {\n if (current.includes(roleId)) {\n return current.filter((p) => p !== roleId)\n } else {\n return [...current, roleId]\n }\n })\n }\n\n const handleUpdateInvitation = async () => {\n setLoading(true)\n const success = await onUpdateInvitation(role, role === OrganizationInvitationRoleEnum.OWNER ? [] : assignedRoleIds)\n if (success) {\n onOpenChange(false)\n setRole(invitation.role)\n setAssignedRoleIds(invitation.assignedRoles.map((role) => role.id))\n }\n setLoading(false)\n }\n\n return (\n {\n onOpenChange(isOpen)\n if (!isOpen) {\n setRole(invitation.role)\n setRole(invitation.role)\n setAssignedRoleIds(invitation.assignedRoles.map((role) => role.id))\n }\n }}\n >\n \n \n Update Invitation\n Modify organization access for the invited member.\n \n
\n
\n \n \n
\n\n
\n \n setRole(value)}\n >\n
\n \n
\n \n

\n Full administrative access to the organization and its resources\n

\n
\n
\n
\n \n
\n \n

Access to organization resources is based on assignments

\n
\n
\n \n
\n\n {role === OrganizationInvitationRoleEnum.MEMBER && !loadingAvailableRoles && (\n
\n \n
\n \n {availableRoles.map((availableRole) => (\n
\n handleRoleAssignmentToggle(availableRole.id)}\n />\n
\n \n {availableRole.description && (\n

{availableRole.description}

\n )}\n
\n
\n ))}\n
\n
\n )}\n
\n\n \n \n \n \n {loading ? (\n \n ) : (\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/OrganizationMembers/UpdateOrganizationMemberAccessDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React, { useState } from 'react'\nimport { CreateOrganizationInvitationRoleEnum, OrganizationRole, OrganizationUserRoleEnum } from '@daytonaio/api-client'\nimport { Button } from '@/components/ui/button'\nimport { Checkbox } from '@/components/ui/checkbox'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\nimport { Label } from '@/components/ui/label'\nimport { RadioGroup, RadioGroupItem } from '@/components/ui/radio-group'\nimport { ViewerOrganizationRoleCheckbox } from '@/components/OrganizationMembers/ViewerOrganizationRoleCheckbox'\n\ninterface UpdateOrganizationMemberAccessProps {\n open: boolean\n onOpenChange: (open: boolean) => void\n initialRole: OrganizationUserRoleEnum\n initialAssignments: OrganizationRole[]\n availableAssignments: OrganizationRole[]\n loadingAvailableAssignments: boolean\n onUpdateAccess: (role: OrganizationUserRoleEnum, assignedRoleIds: string[]) => Promise\n processingUpdateAccess: boolean\n}\n\nexport const UpdateOrganizationMemberAccess: React.FC = ({\n open,\n onOpenChange,\n initialRole,\n initialAssignments,\n availableAssignments,\n loadingAvailableAssignments,\n onUpdateAccess,\n processingUpdateAccess,\n}) => {\n const [role, setRole] = useState(initialRole)\n const [assignedRoleIds, setAssignedRoleIds] = useState(initialAssignments.map((a) => a.id))\n\n const handleRoleAssignmentToggle = (roleId: string) => {\n setAssignedRoleIds((current) => {\n if (current.includes(roleId)) {\n return current.filter((p) => p !== roleId)\n } else {\n return [...current, roleId]\n }\n })\n }\n\n const handleUpdateAccess = async () => {\n const success = await onUpdateAccess(role, role === OrganizationUserRoleEnum.OWNER ? [] : assignedRoleIds)\n if (success) {\n onOpenChange(false)\n setRole(initialRole)\n setAssignedRoleIds(initialAssignments.map((a) => a.id))\n }\n }\n\n return (\n {\n onOpenChange(isOpen)\n if (!isOpen) {\n setRole(initialRole)\n setAssignedRoleIds(initialAssignments.map((a) => a.id))\n }\n }}\n >\n \n \n Update Access\n \n Manage access to the organization with an appropriate role and assignments.\n \n {role !== OrganizationUserRoleEnum.OWNER && (\n \n Removing assignments will automatically revoke any API keys this member created using permissions granted\n from those assignments.\n \n )}\n \n {\n e.preventDefault()\n await handleUpdateAccess()\n }}\n >\n
\n \n setRole(value)}\n >\n
\n \n
\n \n

\n Full administrative access to the organization and its resources\n

\n
\n
\n
\n \n
\n \n

Access to organization resources is based on assignments

\n
\n
\n \n
\n\n {role === CreateOrganizationInvitationRoleEnum.MEMBER &&\n !loadingAvailableAssignments &&\n availableAssignments.length > 0 && (\n
\n \n
\n \n {availableAssignments.map((assignment) => (\n
\n handleRoleAssignmentToggle(assignment.id)}\n />\n
\n \n {assignment.description &&

{assignment.description}

}\n
\n
\n ))}\n
\n
\n )}\n \n \n \n \n \n {processingUpdateAccess ? (\n \n ) : (\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/OrganizationMembers/ViewerOrganizationRoleCheckbox.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React from 'react'\nimport { Checkbox } from '@/components/ui/checkbox'\nimport { Label } from '@/components/ui/label'\n\nexport const ViewerOrganizationRoleCheckbox: React.FC = () => {\n return (\n
\n \n
\n \n

\n Grants read access to sandboxes, snapshots, and registries in the organization\n

\n
\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/OrganizationRoles/CreateOrganizationRoleDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Button } from '@/components/ui/button'\nimport { Checkbox } from '@/components/ui/checkbox'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n DialogTrigger,\n} from '@/components/ui/dialog'\nimport { Input } from '@/components/ui/input'\nimport { Label } from '@/components/ui/label'\nimport { ORGANIZATION_ROLE_PERMISSIONS_GROUPS } from '@/constants/OrganizationPermissionsGroups'\nimport { OrganizationRolePermissionGroup } from '@/types/OrganizationRolePermissionGroup'\nimport { OrganizationRolePermissionsEnum } from '@daytonaio/api-client'\nimport { Plus } from 'lucide-react'\nimport React, { useState } from 'react'\n\ninterface CreateOrganizationRoleDialogProps {\n onCreateRole: (name: string, description: string, permissions: OrganizationRolePermissionsEnum[]) => Promise\n className?: string\n}\n\nexport const CreateOrganizationRoleDialog: React.FC = ({\n onCreateRole,\n className,\n}) => {\n const [open, setOpen] = useState(false)\n const [name, setName] = useState('')\n const [description, setDescription] = useState('')\n const [permissions, setPermissions] = useState([])\n const [loading, setLoading] = useState(false)\n\n const handleCreateRole = async () => {\n setLoading(true)\n const success = await onCreateRole(name, description, permissions)\n if (success) {\n setOpen(false)\n setName('')\n setDescription('')\n setPermissions([])\n }\n setLoading(false)\n }\n\n const isGroupChecked = (group: OrganizationRolePermissionGroup) => {\n return group.permissions.every((permission) => permissions.includes(permission))\n }\n\n // Toggle all permissions in a group\n const handleGroupToggle = (group: OrganizationRolePermissionGroup) => {\n if (isGroupChecked(group)) {\n // If all checked, uncheck all\n setPermissions((current) => current.filter((p) => !group.permissions.includes(p)))\n } else {\n // If not all checked, check all\n setPermissions((current) => {\n const newPermissions = [...current]\n group.permissions.forEach((key) => {\n if (!newPermissions.includes(key)) {\n newPermissions.push(key)\n }\n })\n return newPermissions\n })\n }\n }\n\n // Toggle a single permission\n const handlePermissionToggle = (permission: OrganizationRolePermissionsEnum) => {\n setPermissions((current) => {\n if (current.includes(permission)) {\n return current.filter((p) => p !== permission)\n } else {\n return [...current, permission]\n }\n })\n }\n\n return (\n {\n setOpen(isOpen)\n if (!isOpen) {\n setName('')\n setDescription('')\n setPermissions([])\n }\n }}\n >\n \n \n \n \n \n Create Role\n Define a custom role for managing access to the organization.\n \n {\n e.preventDefault()\n await handleCreateRole()\n }}\n >\n
\n \n setName(e.target.value)} placeholder=\"Name\" />\n
\n
\n \n setDescription(e.target.value)}\n placeholder=\"Description\"\n />\n
\n
\n \n
\n {ORGANIZATION_ROLE_PERMISSIONS_GROUPS.map((group) => {\n const groupIsChecked = isGroupChecked(group)\n\n return (\n
\n
\n handleGroupToggle(group)}\n />\n \n
\n
\n {group.permissions.map((permission) => (\n
\n handlePermissionToggle(permission)}\n disabled={groupIsChecked}\n className={`${groupIsChecked ? 'pointer-events-none' : ''}`}\n />\n \n {permission}\n \n
\n ))}\n
\n
\n )\n })}\n
\n
\n \n \n \n \n \n {loading ? (\n \n ) : (\n \n Create\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/OrganizationRoles/DeleteOrganizationRoleDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React from 'react'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\nimport { Button } from '@/components/ui/button'\n\ninterface DeleteOrganizationRoleDialogProps {\n open: boolean\n onOpenChange: (open: boolean) => void\n onDeleteRole: () => Promise\n loading: boolean\n}\n\nexport const DeleteOrganizationRoleDialog: React.FC = ({\n open,\n onOpenChange,\n onDeleteRole,\n loading,\n}) => {\n const handleDeleteRole = async () => {\n const success = await onDeleteRole()\n if (success) {\n onOpenChange(false)\n }\n }\n\n return (\n \n \n \n Delete Role\n Are you sure you want to delete this role?\n \n \n \n \n \n {loading ? (\n \n ) : (\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/OrganizationRoles/OrganizationRoleTable.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { DeleteOrganizationRoleDialog } from '@/components/OrganizationRoles/DeleteOrganizationRoleDialog'\nimport { UpdateOrganizationRoleDialog } from '@/components/OrganizationRoles/UpdateOrganizationRoleDialog'\nimport { Pagination } from '@/components/Pagination'\nimport { Button } from '@/components/ui/button'\nimport { DropdownMenu, DropdownMenuContent, DropdownMenuItem, DropdownMenuTrigger } from '@/components/ui/dropdown-menu'\nimport { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '@/components/ui/table'\nimport { Tooltip, TooltipContent, TooltipTrigger } from '@/components/ui/tooltip'\nimport { DEFAULT_PAGE_SIZE } from '@/constants/Pagination'\nimport { OrganizationRole, OrganizationRolePermissionsEnum } from '@daytonaio/api-client'\nimport {\n ColumnDef,\n flexRender,\n getCoreRowModel,\n getPaginationRowModel,\n getSortedRowModel,\n SortingState,\n useReactTable,\n} from '@tanstack/react-table'\nimport { MoreHorizontal } from 'lucide-react'\nimport { useState } from 'react'\nimport { TableEmptyState } from '../TableEmptyState'\n\ninterface DataTableProps {\n data: OrganizationRole[]\n loadingData: boolean\n onUpdateRole: (\n roleId: string,\n name: string,\n description: string,\n permissions: OrganizationRolePermissionsEnum[],\n ) => Promise\n onDeleteRole: (roleId: string) => Promise\n loadingRoleAction: Record\n}\n\nexport function OrganizationRoleTable({\n data,\n loadingData,\n onUpdateRole,\n onDeleteRole,\n loadingRoleAction,\n}: DataTableProps) {\n const [sorting, setSorting] = useState([])\n const [roleToDelete, setRoleToDelete] = useState(null)\n const [isDeleteDialogOpen, setIsDeleteDialogOpen] = useState(false)\n const [roleToUpdate, setRoleToUpdate] = useState(null)\n const [isUpdateDialogOpen, setIsUpdateDialogOpen] = useState(false)\n\n const columns = getColumns({\n onUpdate: (role) => {\n setRoleToUpdate(role)\n setIsUpdateDialogOpen(true)\n },\n onDelete: (userId: string) => {\n setRoleToDelete(userId)\n setIsDeleteDialogOpen(true)\n },\n })\n\n const table = useReactTable({\n data,\n columns,\n getCoreRowModel: getCoreRowModel(),\n getPaginationRowModel: getPaginationRowModel(),\n onSortingChange: setSorting,\n getSortedRowModel: getSortedRowModel(),\n state: {\n sorting,\n },\n initialState: {\n pagination: {\n pageSize: DEFAULT_PAGE_SIZE,\n },\n },\n })\n\n const handleUpdateRole = async (\n name: string,\n description: string,\n permissions: OrganizationRolePermissionsEnum[],\n ) => {\n if (roleToUpdate) {\n const success = await onUpdateRole(roleToUpdate.id, name, description, permissions)\n if (success) {\n setRoleToUpdate(null)\n setIsUpdateDialogOpen(false)\n }\n return success\n }\n return false\n }\n\n const handleConfirmDeleteRole = async () => {\n if (roleToDelete) {\n const success = await onDeleteRole(roleToDelete)\n if (success) {\n setRoleToDelete(null)\n setIsDeleteDialogOpen(false)\n }\n return success\n }\n return false\n }\n\n return (\n <>\n
\n
\n \n \n {table.getHeaderGroups().map((headerGroup) => (\n \n {headerGroup.headers.map((header) => {\n return (\n \n {header.isPlaceholder ? null : flexRender(header.column.columnDef.header, header.getContext())}\n \n )\n })}\n \n ))}\n \n \n {loadingData ? (\n \n \n Loading...\n \n \n ) : table.getRowModel().rows?.length ? (\n table.getRowModel().rows.map((row) => (\n \n {row.getVisibleCells().map((cell) => (\n {flexRender(cell.column.columnDef.cell, cell.getContext())}\n ))}\n \n ))\n ) : (\n \n )}\n \n
\n
\n \n
\n\n {roleToUpdate && (\n {\n setIsUpdateDialogOpen(open)\n if (!open) {\n setRoleToUpdate(null)\n }\n }}\n initialData={roleToUpdate}\n onUpdateRole={handleUpdateRole}\n />\n )}\n\n {roleToDelete && (\n {\n setIsDeleteDialogOpen(open)\n if (!open) {\n setRoleToDelete(null)\n }\n }}\n onDeleteRole={handleConfirmDeleteRole}\n loading={loadingRoleAction[roleToDelete]}\n />\n )}\n \n )\n}\n\nconst getColumns = ({\n onUpdate,\n onDelete,\n}: {\n onUpdate: (role: OrganizationRole) => void\n onDelete: (roleId: string) => void\n}): ColumnDef[] => {\n const columns: ColumnDef[] = [\n {\n accessorKey: 'name',\n header: 'Name',\n cell: ({ row }) => {\n return
{row.original.name}
\n },\n },\n {\n accessorKey: 'description',\n header: 'Description',\n cell: ({ row }) => {\n return (\n \n \n
{row.original.description}
\n \n \n

{row.original.description}

\n \n \n )\n },\n },\n {\n accessorKey: 'permissions',\n header: () => {\n return
Permissions
\n },\n cell: ({ row }) => {\n const permissions = row.original.permissions.join(', ')\n return (\n \n \n
{permissions || '-'}
\n \n {permissions && (\n \n

{permissions}

\n \n )}\n \n )\n },\n },\n {\n id: 'actions',\n cell: ({ row }) => {\n if (row.original.isGlobal) {\n return null\n }\n return (\n
\n \n \n \n \n\n \n onUpdate(row.original)}>\n Edit\n \n onDelete(row.original.id)}\n >\n Delete\n \n \n \n
\n )\n },\n },\n ]\n\n return columns\n}\n" }, { "path": "apps/dashboard/src/components/OrganizationRoles/UpdateOrganizationRoleDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React, { useState } from 'react'\nimport { OrganizationRole, OrganizationRolePermissionsEnum } from '@daytonaio/api-client'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\nimport { Button } from '@/components/ui/button'\nimport { Checkbox } from '@/components/ui/checkbox'\nimport { Input } from '@/components/ui/input'\nimport { Label } from '@/components/ui/label'\nimport { ORGANIZATION_ROLE_PERMISSIONS_GROUPS } from '@/constants/OrganizationPermissionsGroups'\nimport { OrganizationRolePermissionGroup } from '@/types/OrganizationRolePermissionGroup'\n\ninterface UpdateOrganizationRoleDialogProps {\n open: boolean\n onOpenChange: (open: boolean) => void\n initialData: OrganizationRole\n onUpdateRole: (name: string, description: string, permissions: OrganizationRolePermissionsEnum[]) => Promise\n}\n\nexport const UpdateOrganizationRoleDialog: React.FC = ({\n open,\n onOpenChange,\n initialData,\n onUpdateRole,\n}) => {\n const [name, setName] = useState(initialData.name)\n const [description, setDescription] = useState(initialData.description)\n const [permissions, setPermissions] = useState(initialData.permissions)\n const [loading, setLoading] = useState(false)\n\n const handleUpdateRole = async () => {\n setLoading(true)\n const success = await onUpdateRole(name, description, permissions)\n if (success) {\n onOpenChange(false)\n setName('')\n setDescription('')\n setPermissions([])\n }\n setLoading(false)\n }\n\n const isGroupChecked = (group: OrganizationRolePermissionGroup) => {\n return group.permissions.every((permission) => permissions.includes(permission))\n }\n\n // Toggle all permissions in a group\n const handleGroupToggle = (group: OrganizationRolePermissionGroup) => {\n if (isGroupChecked(group)) {\n // If all checked, uncheck all\n setPermissions((current) => current.filter((p) => !group.permissions.includes(p)))\n } else {\n // If not all checked, check all\n setPermissions((current) => {\n const newPermissions = [...current]\n group.permissions.forEach((key) => {\n if (!newPermissions.includes(key)) {\n newPermissions.push(key)\n }\n })\n return newPermissions\n })\n }\n }\n\n // Toggle a single permission\n const handlePermissionToggle = (permission: OrganizationRolePermissionsEnum) => {\n setPermissions((current) => {\n if (current.includes(permission)) {\n return current.filter((p) => p !== permission)\n } else {\n return [...current, permission]\n }\n })\n }\n\n return (\n {\n onOpenChange(isOpen)\n if (!isOpen) {\n setName('')\n setDescription('')\n setPermissions([])\n }\n }}\n >\n \n \n Edit Role\n Modify permissions for the custom organization role.\n \n {\n e.preventDefault()\n await handleUpdateRole()\n }}\n >\n
\n \n setName(e.target.value)} placeholder=\"Name\" />\n
\n
\n \n setDescription(e.target.value)}\n placeholder=\"Description\"\n />\n
\n
\n \n
\n {ORGANIZATION_ROLE_PERMISSIONS_GROUPS.map((group) => {\n const groupIsChecked = isGroupChecked(group)\n\n return (\n
\n
\n handleGroupToggle(group)}\n />\n \n
\n
\n {group.permissions.map((permission) => (\n
\n handlePermissionToggle(permission)}\n disabled={groupIsChecked}\n className={`${groupIsChecked ? 'pointer-events-none' : ''}`}\n />\n \n {permission}\n \n
\n ))}\n
\n
\n )\n })}\n
\n
\n \n \n \n \n \n {loading ? (\n \n ) : (\n \n Save\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/Organizations/CreateOrganizationDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { useState } from 'react'\nimport { Check, Copy } from 'lucide-react'\nimport { Organization, Region } from '@daytonaio/api-client'\nimport { Button } from '@/components/ui/button'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\nimport { Input } from '@/components/ui/input'\nimport { Link } from 'react-router-dom'\nimport { Label } from '@/components/ui/label'\nimport { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '@/components/ui/select'\nimport { RoutePath } from '@/enums/RoutePath'\n\ninterface CreateOrganizationDialogProps {\n open: boolean\n billingApiUrl?: string\n regions: Region[]\n loadingRegions: boolean\n getRegionName: (regionId: string) => string | undefined\n onOpenChange: (open: boolean) => void\n onCreateOrganization: (name: string, defaultRegionId: string) => Promise\n}\n\nexport const CreateOrganizationDialog: React.FC = ({\n open,\n billingApiUrl,\n regions,\n loadingRegions,\n getRegionName,\n onOpenChange,\n onCreateOrganization,\n}) => {\n const [name, setName] = useState('')\n const [defaultRegionId, setDefaultRegionId] = useState(undefined)\n const [loading, setLoading] = useState(false)\n const [createdOrg, setCreatedOrg] = useState(null)\n const [copied, setCopied] = useState(null)\n\n const handleCreateOrganization = async () => {\n if (!name.trim() || !defaultRegionId) {\n return\n }\n\n setLoading(true)\n const org = await onCreateOrganization(name.trim(), defaultRegionId)\n if (org) {\n // TODO: Return when we fix the selected org states\n // setCreatedOrg(org)\n // setName('')\n // setDefaultRegionId(undefined)\n // setLoading(false)\n } else {\n setLoading(false)\n }\n }\n\n const copyToClipboard = async (text: string, label: string) => {\n try {\n await navigator.clipboard.writeText(text)\n setCopied(label)\n setTimeout(() => setCopied(null), 2000)\n } catch (err) {\n console.error('Failed to copy text:', err)\n }\n }\n\n return (\n {\n onOpenChange(isOpen)\n if (!isOpen) {\n setName('')\n setDefaultRegionId(undefined)\n setCreatedOrg(null)\n setCopied(null)\n }\n }}\n >\n \n \n {createdOrg ? 'New Organization' : 'Create New Organization'}\n \n {createdOrg\n ? 'You can switch between organizations in the top left corner of the sidebar.'\n : 'Create a new organization to share resources and collaborate with others.'}\n \n \n {createdOrg ? (\n
\n
\n \n
\n {createdOrg.id}\n {(copied === 'Organization ID' && ) || (\n copyToClipboard(createdOrg.id, 'Organization ID')}\n />\n )}\n
\n
\n\n {createdOrg.defaultRegionId && (\n
\n \n \n
\n )}\n\n
\n

Your organization is created.

\n

\n {billingApiUrl ? (\n <>\n To get started, add a payment method on the{' '}\n {\n onOpenChange(false)\n }}\n >\n wallet page\n \n .\n \n ) : null}\n

\n
\n
\n ) : !loadingRegions && regions.length === 0 ? (\n
\n

No regions available

\n

Organization cannot be created because no regions are available.

\n
\n ) : (\n {\n e.preventDefault()\n await handleCreateOrganization()\n }}\n >\n
\n \n setName(e.target.value)} placeholder=\"Name\" />\n
\n
\n \n \n

\n The region that will be used as the default target for creating sandboxes in this organization.\n

\n
\n \n )}\n \n \n \n \n {!createdOrg &&\n (loading ? (\n \n ) : (\n \n Create\n \n ))}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/Organizations/DeleteOrganizationDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React, { useState } from 'react'\nimport { Button } from '@/components/ui/button'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n DialogTrigger,\n} from '@/components/ui/dialog'\nimport { Input } from '@/components/ui/input'\nimport { Label } from '@/components/ui/label'\n\ninterface DeleteOrganizationDialogProps {\n organizationName: string\n onDeleteOrganization: () => Promise\n loading: boolean\n}\n\nexport const DeleteOrganizationDialog: React.FC = ({\n organizationName,\n onDeleteOrganization,\n loading,\n}) => {\n const [open, setOpen] = useState(false)\n const [confirmName, setConfirmName] = useState('')\n\n const handleDeleteOrganization = async () => {\n const success = await onDeleteOrganization()\n if (success) {\n setOpen(false)\n setConfirmName('')\n }\n }\n\n return (\n {\n setOpen(isOpen)\n if (!isOpen) {\n setConfirmName('')\n }\n }}\n >\n \n \n \n \n \n Delete Organization\n \n This will permanently delete all associated data. This action cannot be undone.\n \n \n {\n e.preventDefault()\n await handleDeleteOrganization()\n }}\n >\n
\n
\n \n setConfirmName(e.target.value)}\n placeholder={organizationName}\n />\n
\n
\n \n \n \n \n \n {loading ? (\n \n ) : (\n \n Delete\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/Organizations/LeaveOrganizationDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React, { useState } from 'react'\nimport { Button } from '@/components/ui/button'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n DialogTrigger,\n} from '@/components/ui/dialog'\n\ninterface LeaveOrganizationDialogProps {\n onLeaveOrganization: () => Promise\n loading: boolean\n}\n\nexport const LeaveOrganizationDialog: React.FC = ({ onLeaveOrganization, loading }) => {\n const [open, setOpen] = useState(false)\n\n const handleLeaveOrganization = async () => {\n const success = await onLeaveOrganization()\n if (success) {\n setOpen(false)\n }\n }\n\n return (\n \n \n \n \n \n \n Leave Organization\n Are you sure you want to leave this organization?\n \n \n \n \n \n {loading ? (\n \n ) : (\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/Organizations/OrganizationPicker.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n DropdownMenu,\n DropdownMenuContent,\n DropdownMenuItem,\n DropdownMenuSeparator,\n DropdownMenuTrigger,\n} from '@/components/ui/dropdown-menu'\nimport { SidebarMenuButton, SidebarMenuItem } from '@/components/ui/sidebar'\nimport { useApi } from '@/hooks/useApi'\nimport { useOrganizations } from '@/hooks/useOrganizations'\nimport { useRegions } from '@/hooks/useRegions'\nimport { useSelectedOrganization } from '@/hooks/useSelectedOrganization'\nimport { handleApiError } from '@/lib/error-handling'\nimport { Organization } from '@daytonaio/api-client'\nimport { Building2, ChevronsUpDown, Copy, PlusCircle, SquareUserRound } from 'lucide-react'\nimport { useEffect, useMemo, useState } from 'react'\nimport { toast } from 'sonner'\nimport { useCopyToClipboard } from 'usehooks-ts'\nimport { CommandHighlight, useRegisterCommands, type CommandConfig } from '../CommandPalette'\nimport { CreateOrganizationDialog } from './CreateOrganizationDialog'\n\nfunction useOrganizationCommands() {\n const { organizations } = useOrganizations()\n const { selectedOrganization, onSelectOrganization } = useSelectedOrganization()\n const [, copyToClipboard] = useCopyToClipboard()\n\n const commands: CommandConfig[] = useMemo(() => {\n const cmds: CommandConfig[] = []\n\n if (selectedOrganization) {\n cmds.push({\n id: 'copy-org-id',\n label: 'Copy Organization ID',\n icon: ,\n onSelect: () => {\n copyToClipboard(selectedOrganization.id)\n toast.success('Organization ID copied to clipboard')\n },\n })\n }\n\n for (const org of organizations) {\n if (org.id === selectedOrganization?.id) continue\n\n cmds.push({\n id: `switch-org-${org.id}`,\n label: (\n <>\n Switch to {org.name}\n \n ),\n value: `switch to organization ${org.name}`,\n icon: ,\n onSelect: () => onSelectOrganization(org.id),\n })\n }\n\n return cmds\n }, [organizations, selectedOrganization, copyToClipboard, onSelectOrganization])\n\n useRegisterCommands(commands, { groupId: 'organization', groupLabel: 'Organization', groupOrder: 5 })\n}\n\nexport const OrganizationPicker: React.FC = () => {\n const { organizationsApi } = useApi()\n\n const { organizations, refreshOrganizations } = useOrganizations()\n const { selectedOrganization, onSelectOrganization } = useSelectedOrganization()\n const { sharedRegions: regions, loadingSharedRegions: loadingRegions, getRegionName } = useRegions()\n\n const [optimisticSelectedOrganization, setOptimisticSelectedOrganization] = useState(selectedOrganization)\n const [loadingSelectOrganization, setLoadingSelectOrganization] = useState(false)\n\n useOrganizationCommands()\n\n useEffect(() => {\n setOptimisticSelectedOrganization(selectedOrganization)\n }, [selectedOrganization])\n\n const handleSelectOrganization = async (organizationId: string) => {\n const organization = organizations.find((org) => org.id === organizationId)\n if (!organization) {\n return\n }\n\n setOptimisticSelectedOrganization(organization)\n setLoadingSelectOrganization(true)\n const success = await onSelectOrganization(organizationId)\n if (!success) {\n setOptimisticSelectedOrganization(selectedOrganization)\n }\n setLoadingSelectOrganization(false)\n }\n\n const [showCreateOrganizationDialog, setShowCreateOrganizationDialog] = useState(false)\n\n const handleCreateOrganization = async (name: string, defaultRegionId: string) => {\n try {\n const organization = (\n await organizationsApi.createOrganization({\n name: name.trim(),\n defaultRegionId,\n })\n ).data\n toast.success('Organization created successfully')\n await refreshOrganizations(organization.id)\n return organization\n } catch (error) {\n handleApiError(error, 'Failed to create organization')\n return null\n }\n }\n\n const getOrganizationIcon = (organization: Organization) => {\n if (organization.personal) {\n return \n }\n return \n }\n\n // personal first, then alphabetical\n const sortedOrganizations = useMemo(() => {\n return organizations.sort((a, b) => {\n if (a.personal && !b.personal) {\n return -1\n } else if (!a.personal && b.personal) {\n return 1\n } else {\n return a.name.localeCompare(b.name)\n }\n })\n }, [organizations])\n\n if (!optimisticSelectedOrganization) {\n return null\n }\n\n return (\n \n \n \n \n
\n {optimisticSelectedOrganization.name[0].toUpperCase()}\n
\n {optimisticSelectedOrganization.name}\n \n \n \n \n
\n {sortedOrganizations.map((org) => (\n handleSelectOrganization(org.id)}\n className=\"cursor-pointer flex items-center gap-2\"\n >\n {getOrganizationIcon(org)}\n {org.name}\n \n ))}\n
\n \n
\n setShowCreateOrganizationDialog(true)}\n >\n \n Create Organization\n \n
\n \n \n\n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/Organizations/SetDefaultRegionDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { useState } from 'react'\nimport { Region } from '@daytonaio/api-client'\nimport { Button } from '@/components/ui/button'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\nimport { Label } from '@/components/ui/label'\nimport { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '@/components/ui/select'\n\ninterface SetDefaultRegionDialogProps {\n open: boolean\n onOpenChange: (open: boolean) => void\n regions: Region[]\n loadingRegions: boolean\n onSetDefaultRegion: (defaultRegionId: string) => Promise\n}\n\nexport const SetDefaultRegionDialog: React.FC = ({\n open,\n onOpenChange,\n regions,\n loadingRegions,\n onSetDefaultRegion,\n}) => {\n const [defaultRegionId, setDefaultRegionId] = useState(undefined)\n const [loading, setLoading] = useState(false)\n\n const handleSetDefaultRegion = async () => {\n if (!defaultRegionId) {\n return\n }\n\n setLoading(true)\n const success = await onSetDefaultRegion(defaultRegionId)\n // TODO: Return when we fix the selected org states\n // if (success) {\n // onOpenChange(false)\n // }\n // setLoading(false)\n }\n\n return (\n {\n onOpenChange(isOpen)\n if (!isOpen) {\n setDefaultRegionId(undefined)\n }\n }}\n >\n \n \n Set Default Region\n \n Your organization needs a default region to create sandboxes and manage resources.\n \n \n {!loadingRegions && regions.length === 0 ? (\n
\n

No regions available

\n

Default region cannot be set because no regions are available.

\n
\n ) : (\n {\n e.preventDefault()\n await handleSetDefaultRegion()\n }}\n >\n
\n \n \n
\n \n )}\n \n \n \n \n {loading ? (\n \n ) : (\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/PageLayout.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { cn } from '@/lib/utils'\nimport { type ComponentProps } from 'react'\nimport { BannerStack } from './Banner'\nimport { SidebarTrigger } from './ui/sidebar'\n\nfunction PageLayout({ className, ...props }: ComponentProps<'div'>) {\n return
\n}\n\nfunction PageHeader({ className, children, ...props }: ComponentProps<'header'>) {\n return (\n \n \n {children}\n \n )\n}\n\nfunction PageTitle({ className, children, ...props }: ComponentProps<'h1'>) {\n return (\n

\n {children}\n

\n )\n}\n\nfunction PageDescription({ className, ...props }: ComponentProps<'p'>) {\n return

\n}\n\nfunction PageBanner({ className, children, ...props }: ComponentProps<'div'>) {\n return (\n

\n {children}\n
\n )\n}\n\nfunction PageContent({\n className,\n size = 'default',\n ...props\n}: ComponentProps<'main'> & { size?: 'default' | 'full' }) {\n return (\n <>\n \n \n \n \n \n )\n}\n\nexport { PageContent, PageDescription, PageHeader, PageLayout, PageTitle }\n" }, { "path": "apps/dashboard/src/components/Pagination.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Table } from '@tanstack/react-table'\nimport { ChevronLeft, ChevronRight, ChevronsLeft, ChevronsRight } from 'lucide-react'\nimport { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from './ui/select'\nimport { Button } from './ui/button'\nimport { PAGE_SIZE_OPTIONS } from '../constants/Pagination'\n\ninterface PaginationProps {\n table: Table\n selectionEnabled?: boolean\n className?: string\n entityName?: string\n totalItems?: number\n}\n\nexport function Pagination({\n table,\n selectionEnabled,\n className,\n entityName,\n totalItems,\n}: PaginationProps) {\n return (\n
\n
\n {\n table.setPageSize(Number(value))\n }}\n >\n \n \n \n \n {PAGE_SIZE_OPTIONS.map((pageSize) => (\n \n {pageSize} per page\n \n ))}\n \n \n\n {selectionEnabled ? (\n
\n {table.getFilteredSelectedRowModel().rows.length} of {totalItems ?? table.getFilteredRowModel().rows.length}{' '}\n item(s) selected.\n
\n ) : (\n
\n {totalItems ?? table.getFilteredRowModel().rows.length} total item(s)\n
\n )}\n
\n
\n
\n Page {table.getState().pagination.pageIndex + 1} of {table.getPageCount() || 1}\n
\n
\n table.setPageIndex(0)}\n disabled={!table.getCanPreviousPage()}\n >\n Go to first page\n \n \n table.previousPage()}\n disabled={!table.getCanPreviousPage()}\n >\n Go to previous page\n \n \n table.nextPage()}\n disabled={!table.getCanNextPage()}\n >\n Go to next page\n \n \n table.setPageIndex(table.getPageCount() - 1)}\n disabled={!table.getCanNextPage()}\n >\n Go to last page\n \n \n
\n
\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/Playground/ActionForm.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Label } from '@/components/ui/label'\nimport { PlaygroundActionFormDataBasic } from '@/contexts/PlaygroundContext'\nimport { PlaygroundActions } from '@/enums/Playground'\nimport { usePlayground } from '@/hooks/usePlayground'\nimport PlaygroundActionRunButton from './ActionRunButton'\n\ntype PlaygroundActionFormProps = {\n actionFormItem: PlaygroundActionFormDataBasic\n onRunActionClick?: () => Promise\n disable?: boolean\n hideRunActionButton?: boolean\n}\n\nfunction PlaygroundActionForm({\n actionFormItem,\n onRunActionClick,\n disable,\n hideRunActionButton,\n}: PlaygroundActionFormProps) {\n const { runningActionMethod, actionRuntimeError } = usePlayground()\n\n return (\n <>\n
\n
\n \n

\n {actionFormItem.description}\n

\n
\n {!hideRunActionButton && (\n \n )}\n
\n
\n {actionRuntimeError[actionFormItem.methodName] && (\n

{actionRuntimeError[actionFormItem.methodName]}

\n )}\n
\n \n )\n}\n\nexport default PlaygroundActionForm\n" }, { "path": "apps/dashboard/src/components/Playground/ActionRunButton.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { cn } from '@/lib/utils'\nimport { Loader2, Play } from 'lucide-react'\nimport TooltipButton from '../TooltipButton'\n\ntype PlaygroundActionRunButtonProps = {\n isDisabled: boolean\n isRunning: boolean\n onRunActionClick?: () => Promise\n className?: string\n}\n\nconst PlaygroundActionRunButton: React.FC = ({\n isDisabled,\n isRunning,\n onRunActionClick,\n className,\n}) => {\n return (\n \n {isRunning ? : }\n \n )\n}\n\nexport default PlaygroundActionRunButton\n" }, { "path": "apps/dashboard/src/components/Playground/Inputs/CheckboxInput.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Checkbox } from '@/components/ui/checkbox'\nimport { ParameterFormItem } from '@/contexts/PlaygroundContext'\n\ntype FormCheckboxInputProps = {\n checkedValue: boolean | undefined\n formItem: ParameterFormItem\n onChangeHandler: (checked: boolean) => void\n}\n\nconst FormCheckboxInput: React.FC = ({ checkedValue, formItem, onChangeHandler }) => {\n return (\n
\n onChangeHandler(!!value)} />\n
\n )\n}\n\nexport default FormCheckboxInput\n" }, { "path": "apps/dashboard/src/components/Playground/Inputs/InlineInputFormControl.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React, { ReactNode } from 'react'\nimport { ParameterFormItem } from '@/contexts/PlaygroundContext'\nimport InputLabel from './Label'\n\ntype InlineInputFormControlProps = {\n formItem: ParameterFormItem\n children: ReactNode\n}\n\nconst InlineInputFormControl: React.FC = ({ formItem, children }) => {\n return (\n
\n \n {children}\n
\n )\n}\n\nexport default InlineInputFormControl\n" }, { "path": "apps/dashboard/src/components/Playground/Inputs/Label.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Label } from '@/components/ui/label'\nimport { ParameterFormItem } from '@/contexts/PlaygroundContext'\n\ntype InputLabelProps = {\n formItem: ParameterFormItem\n}\n\nconst InputLabel: React.FC = ({ formItem }) => {\n return (\n \n )\n}\n\nexport default InputLabel\n" }, { "path": "apps/dashboard/src/components/Playground/Inputs/NumberInput.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Input } from '@/components/ui/input'\nimport { NumberParameterFormItem } from '@/contexts/PlaygroundContext'\nimport React from 'react'\n\ntype FormNumberInputProps = {\n numberValue: number | undefined\n numberFormItem: NumberParameterFormItem\n onChangeHandler: (value: number | undefined) => void\n disabled?: boolean\n}\n\nconst FormNumberInput: React.FC = ({\n numberValue,\n numberFormItem,\n onChangeHandler,\n disabled,\n}) => {\n return (\n {\n const newValue = e.target.value ? Number(e.target.value) : undefined\n onChangeHandler(newValue)\n }}\n disabled={disabled}\n />\n )\n}\n\nexport default FormNumberInput\n" }, { "path": "apps/dashboard/src/components/Playground/Inputs/SelectInput.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '@/components/ui/select'\nimport { ParameterFormItem } from '@/contexts/PlaygroundContext'\nimport { Loader2 } from 'lucide-react'\n\ntype SelectOption = {\n value: string\n label: string\n}\n\ntype FormSelectInputProps = {\n selectOptions: SelectOption[]\n selectValue: string | undefined\n formItem: ParameterFormItem\n onChangeHandler: (value: string) => void\n loading?: boolean\n}\n\nconst FormSelectInput: React.FC = ({\n selectOptions,\n selectValue,\n formItem,\n onChangeHandler,\n loading,\n}) => {\n return (\n \n )\n}\n\nexport default FormSelectInput\n" }, { "path": "apps/dashboard/src/components/Playground/Inputs/StackedInputFormControl.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React, { ReactNode } from 'react'\nimport { ParameterFormItem } from '@/contexts/PlaygroundContext'\nimport InputLabel from './Label'\n\ntype StackedInputFormControlProps = {\n formItem: ParameterFormItem\n children: ReactNode\n}\n\nconst StackedInputFormControl: React.FC = ({ formItem, children }) => {\n return (\n
\n \n {children}\n
\n )\n}\n\nexport default StackedInputFormControl\n" }, { "path": "apps/dashboard/src/components/Playground/Inputs/TextInput.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Input } from '@/components/ui/input'\nimport { ParameterFormItem } from '@/contexts/PlaygroundContext'\n\ntype FormTextInputProps = {\n textValue: string | undefined\n formItem: ParameterFormItem\n onChangeHandler: (value: string) => void\n}\n\nconst FormTextInput: React.FC = ({ textValue, formItem, onChangeHandler }) => {\n return (\n onChangeHandler(e.target.value)}\n />\n )\n}\n\nexport default FormTextInput\n" }, { "path": "apps/dashboard/src/components/Playground/PlaygroundLayout.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ScrollArea } from '@/components/ui/scroll-area'\nimport { cn } from '@/lib/utils'\n\nfunction PlaygroundLayout({ children, className }: { children: React.ReactNode; className?: string }) {\n return (\n
{children}
\n )\n}\n\nfunction PlaygroundLayoutSidebar({ children }: { children: React.ReactNode }) {\n return (\n \n )\n}\n\nfunction PlaygroundLayoutContent({ children, className }: { children: React.ReactNode; className?: string }) {\n return (\n \n {children}\n
\n )\n}\n\nexport { PlaygroundLayout, PlaygroundLayoutContent, PlaygroundLayoutSidebar }\n" }, { "path": "apps/dashboard/src/components/Playground/ResponseCard.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ReactNode } from 'react'\n\ntype ResponseCardProps = {\n responseContent: string | ReactNode\n}\n\nconst ResponseCard: React.FC = ({ responseContent }) => {\n return (\n
\n 
\n        {typeof responseContent === 'string' ? {responseContent} : responseContent}\n
\n
\n )\n}\n\nexport default ResponseCard\n" }, { "path": "apps/dashboard/src/components/Playground/Sandbox/CodeSnippets/index.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { CodeLanguage } from '@daytonaio/sdk'\nimport { PythonSnippetGenerator } from './python'\nimport { CodeSnippetGenerator } from './types'\nimport { TypeScriptSnippetGenerator } from './typescript'\n\nexport const codeSnippetGenerators: Record, CodeSnippetGenerator> = {\n [CodeLanguage.PYTHON]: PythonSnippetGenerator,\n [CodeLanguage.TYPESCRIPT]: TypeScriptSnippetGenerator,\n}\n\nexport type { CodeSnippetActionFlags, CodeSnippetGenerator, CodeSnippetParams } from './types'\n" }, { "path": "apps/dashboard/src/components/Playground/Sandbox/CodeSnippets/python.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { CodeSnippetGenerator } from './types'\nimport { joinGroupedSections } from './utils'\n\nexport const PythonSnippetGenerator: CodeSnippetGenerator = {\n getImports(p) {\n return (\n [\n 'from daytona import Daytona',\n p.actions.useConfigObject ? 'DaytonaConfig' : '',\n p.config.useSandboxCreateParams\n ? p.config.createSandboxFromSnapshot\n ? 'CreateSandboxFromSnapshotParams'\n : 'CreateSandboxFromImageParams'\n : '',\n p.config.useResources ? 'Resources' : '',\n p.config.createSandboxFromImage ? 'Image' : '',\n ]\n .filter(Boolean)\n .join(', ') + '\\n'\n )\n },\n\n getConfig(p) {\n if (!p.actions.useConfigObject) return ''\n return ['\\n# Define the configuration', 'config = DaytonaConfig()'].filter(Boolean).join('\\n') + '\\n'\n },\n\n getClientInit(p) {\n return ['# Initialize the Daytona client', `daytona = Daytona(${p.actions.useConfigObject ? 'config' : ''})`]\n .filter(Boolean)\n .join('\\n')\n },\n\n getResources(p) {\n if (!p.config.useResources) return ''\n const ind = '\\t'\n return [\n '\\n\\n# Create a Sandbox with custom resources\\nresources = Resources(',\n p.config.useResourcesCPU\n ? `${ind}cpu=${p.state['resources']['cpu']}, # ${p.state['resources']['cpu']} CPU cores`\n : '',\n p.config.useResourcesMemory\n ? `${ind}memory=${p.state['resources']['memory']}, # ${p.state['resources']['memory']}GB RAM`\n : '',\n p.config.useResourcesDisk\n ? `${ind}disk=${p.state['resources']['disk']}, # ${p.state['resources']['disk']}GB disk space`\n : '',\n ')',\n ]\n .filter(Boolean)\n .join('\\n')\n },\n\n getSandboxParams(p) {\n if (!p.config.useSandboxCreateParams) return ''\n const ind = '\\t'\n return [\n `\\n\\nparams = ${p.config.createSandboxFromSnapshot ? 'CreateSandboxFromSnapshotParams' : 'CreateSandboxFromImageParams'}(`,\n p.config.useCustomSandboxSnapshotName ? `${ind}snapshot=\"${p.state['snapshotName']}\",` : '',\n p.config.createSandboxFromImage ? `${ind}image=Image.debian_slim(\"3.13\"),` : '',\n p.config.useResources ? `${ind}resources=resources,` : '',\n p.config.useLanguageParam ? `${ind}language=\"${p.state['language']}\",` : '',\n ...(p.config.createSandboxParamsExist\n ? [\n p.config.useAutoStopInterval\n ? `${ind}auto_stop_interval=${p.state['createSandboxBaseParams']['autoStopInterval']}, # ${p.state['createSandboxBaseParams']['autoStopInterval'] == 0 ? 'Disables the auto-stop feature' : `Sandbox will be stopped after ${p.state['createSandboxBaseParams']['autoStopInterval']} minute${(p.state['createSandboxBaseParams']['autoStopInterval'] as number) > 1 ? 's' : ''}`}`\n : '',\n p.config.useAutoArchiveInterval\n ? `${ind}auto_archive_interval=${p.state['createSandboxBaseParams']['autoArchiveInterval']}, # Auto-archive after a Sandbox has been stopped for ${p.state['createSandboxBaseParams']['autoArchiveInterval'] == 0 ? '30 days' : `${p.state['createSandboxBaseParams']['autoArchiveInterval']} minutes`}`\n : '',\n p.config.useAutoDeleteInterval\n ? `${ind}auto_delete_interval=${p.state['createSandboxBaseParams']['autoDeleteInterval']}, # ${p.state['createSandboxBaseParams']['autoDeleteInterval'] == 0 ? 'Sandbox will be deleted immediately after stopping' : p.state['createSandboxBaseParams']['autoDeleteInterval'] == -1 ? 'Auto-delete functionality disabled' : `Auto-delete after a Sandbox has been stopped for ${p.state['createSandboxBaseParams']['autoDeleteInterval']} minutes`}`\n : '',\n ]\n : []),\n ')',\n ]\n .filter(Boolean)\n .join('\\n')\n },\n\n getSandboxCreate(p) {\n return [\n '\\n# Create the Sandbox instance',\n `sandbox = daytona.create(${p.config.useSandboxCreateParams ? 'params' : ''})`,\n 'print(f\"Sandbox created:{sandbox.id}\")',\n ].join('\\n')\n },\n\n getCodeRun(p) {\n if (!p.actions.codeToRunExists) return ''\n const ind = '\\t'\n return [\n '\\n\\n# Run code securely inside the Sandbox',\n 'codeRunResponse = sandbox.process.code_run(',\n `'''${p.state['codeRunParams'].languageCode}'''`,\n ')',\n 'if codeRunResponse.exit_code != 0:',\n `${ind}print(f\"Error: {codeRunResponse.exit_code} {codeRunResponse.result}\")`,\n 'else:',\n `${ind}print(codeRunResponse.result)`,\n ].join('\\n')\n },\n\n getShellRun(p) {\n if (!p.actions.shellCommandExists) return ''\n return [\n '\\n\\n# Execute shell commands',\n `shellRunResponse = sandbox.process.exec(\"${p.state['shellCommandRunParams'].shellCommand}\")`,\n 'print(shellRunResponse.result)',\n ].join('\\n')\n },\n\n getFileSystemOps(p) {\n const sections: string[] = []\n const ind = '\\t'\n\n if (p.actions.fileSystemCreateFolderParamsSet) {\n sections.push(\n [\n '# Create folder with specific permissions',\n `sandbox.fs.create_folder(\"${p.state['createFolderParams'].folderDestinationPath}\", \"${p.state['createFolderParams'].permissions}\")`,\n ].join('\\n'),\n )\n }\n\n if (p.actions.fileSystemListFilesLocationSet) {\n sections.push(\n [\n '# List files in a directory',\n `files = sandbox.fs.list_files(\"${p.state['listFilesParams'].directoryPath}\")`,\n 'for file in files:',\n `${ind}print(f\"Name: {file.name}\")`,\n `${ind}print(f\"Is directory: {file.is_dir}\")`,\n `${ind}print(f\"Size: {file.size}\")`,\n `${ind}print(f\"Modified: {file.mod_time}\")`,\n ].join('\\n'),\n )\n }\n\n if (p.actions.fileSystemDeleteFileRequiredParamsSet) {\n sections.push(\n [\n `# Delete ${p.actions.useFileSystemDeleteFileRecursive ? 'directory' : 'file'}`,\n `sandbox.fs.delete_file(\"${p.state['deleteFileParams'].filePath}\"${p.actions.useFileSystemDeleteFileRecursive ? ', True' : ''})`,\n ].join('\\n'),\n )\n }\n\n return joinGroupedSections(sections)\n },\n\n getGitOps(p) {\n const sections: string[] = []\n const ind = '\\t'\n\n if (p.actions.gitCloneOperationRequiredParamsSet) {\n sections.push(\n [\n '# Clone git repository',\n 'sandbox.git.clone(',\n `${ind}url=\"${p.state['gitCloneParams'].repositoryURL}\",`,\n `${ind}path=\"${p.state['gitCloneParams'].cloneDestinationPath}\",`,\n p.actions.useGitCloneBranch ? `${ind}branch=\"${p.state['gitCloneParams'].branchToClone}\",` : '',\n p.actions.useGitCloneCommitId ? `${ind}commit_id=\"${p.state['gitCloneParams'].commitToClone}\",` : '',\n p.actions.useGitCloneUsername ? `${ind}username=\"${p.state['gitCloneParams'].authUsername}\",` : '',\n p.actions.useGitClonePassword ? `${ind}password=\"${p.state['gitCloneParams'].authPassword}\"` : '',\n ')',\n ]\n .filter(Boolean)\n .join('\\n'),\n )\n }\n\n if (p.actions.gitStatusOperationLocationSet) {\n sections.push(\n [\n '# Get repository status',\n `status = sandbox.git.status(\"${p.state['gitStatusParams'].repositoryPath}\")`,\n 'print(f\"Current branch: {status.current_branch}\")',\n 'print(f\"Commits ahead: {status.ahead}\")',\n 'print(f\"Commits behind: {status.behind}\")',\n 'for file_status in status.file_status:',\n '\\tprint(f\"File: {file_status.name}\")',\n ].join('\\n'),\n )\n }\n\n if (p.actions.gitBranchesOperationLocationSet) {\n sections.push(\n [\n '# List branches',\n `branchesResponse = sandbox.git.branches(\"${p.state['gitBranchesParams'].repositoryPath}\")`,\n 'for branch in branchesResponse.branches:',\n '\\tprint(f\"Branch: {branch}\")',\n ].join('\\n'),\n )\n }\n\n return joinGroupedSections(sections)\n },\n\n buildFullSnippet(p) {\n const imports = this.getImports(p)\n const config = this.getConfig(p)\n const client = this.getClientInit(p)\n const resources = this.getResources(p)\n const params = this.getSandboxParams(p)\n const create = this.getSandboxCreate(p)\n const codeRun = this.getCodeRun(p)\n const shell = this.getShellRun(p)\n const fsOps = this.getFileSystemOps(p)\n const gitOps = this.getGitOps(p)\n\n return `${imports}${config}\\n${client}${resources}${params}\\n${create}${fsOps}${gitOps}${codeRun}${shell}`\n },\n}\n" }, { "path": "apps/dashboard/src/components/Playground/Sandbox/CodeSnippets/types.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { SandboxParams, SandboxParametersInfo } from '@/contexts/PlaygroundContext'\n\nexport interface CodeSnippetActionFlags {\n useConfigObject: boolean\n fileSystemListFilesLocationSet: boolean\n fileSystemCreateFolderParamsSet: boolean\n fileSystemDeleteFileRequiredParamsSet: boolean\n useFileSystemDeleteFileRecursive: boolean\n shellCommandExists: boolean\n codeToRunExists: boolean\n gitCloneOperationRequiredParamsSet: boolean\n useGitCloneBranch: boolean\n useGitCloneCommitId: boolean\n useGitCloneUsername: boolean\n useGitClonePassword: boolean\n gitStatusOperationLocationSet: boolean\n gitBranchesOperationLocationSet: boolean\n}\n\nexport interface CodeSnippetParams {\n state: SandboxParams\n config: SandboxParametersInfo\n actions: CodeSnippetActionFlags\n}\n\nexport interface CodeSnippetGenerator {\n getImports(p: CodeSnippetParams): string\n getConfig(p: CodeSnippetParams): string\n getClientInit(p: CodeSnippetParams): string\n getResources(p: CodeSnippetParams): string\n getSandboxParams(p: CodeSnippetParams): string\n getSandboxCreate(p: CodeSnippetParams): string\n getCodeRun(p: CodeSnippetParams): string\n getShellRun(p: CodeSnippetParams): string\n getFileSystemOps(p: CodeSnippetParams): string\n getGitOps(p: CodeSnippetParams): string\n buildFullSnippet(p: CodeSnippetParams): string\n}\n" }, { "path": "apps/dashboard/src/components/Playground/Sandbox/CodeSnippets/typescript.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { CodeSnippetGenerator } from './types'\nimport { joinGroupedSections } from './utils'\n\nexport const TypeScriptSnippetGenerator: CodeSnippetGenerator = {\n getImports(p) {\n return (\n [\n 'import { Daytona',\n p.actions.useConfigObject ? 'DaytonaConfig' : '',\n p.config.createSandboxFromImage ? 'Image' : '',\n ]\n .filter(Boolean)\n .join(', ') + \" } from '@daytonaio/sdk'\\n\"\n )\n },\n\n getConfig(p) {\n if (!p.actions.useConfigObject) return ''\n return ['\\n// Define the configuration', 'const config: DaytonaConfig = { }'].filter(Boolean).join('\\n') + '\\n'\n },\n\n getClientInit(p) {\n return [\n '\\t// Initialize the Daytona client',\n `\\tconst daytona = new Daytona(${p.actions.useConfigObject ? 'config' : ''})`,\n ]\n .filter(Boolean)\n .join('\\n')\n },\n\n getResources(p) {\n if (!p.config.useResources) return ''\n const ind = '\\t\\t\\t\\t'\n return [\n `${ind.slice(0, -1)}resources: {`,\n p.config.useResourcesCPU\n ? `${ind}cpu: ${p.state['resources']['cpu']}, // ${p.state['resources']['cpu']} CPU cores`\n : '',\n p.config.useResourcesMemory\n ? `${ind}memory: ${p.state['resources']['memory']}, // ${p.state['resources']['memory']}GB RAM`\n : '',\n p.config.useResourcesDisk\n ? `${ind}disk: ${p.state['resources']['disk']}, // ${p.state['resources']['disk']}GB disk space`\n : '',\n `${ind.slice(0, -1)}}`,\n ]\n .filter(Boolean)\n .join('\\n')\n },\n\n getSandboxParams(p) {\n if (!p.config.useSandboxCreateParams) return ''\n const ind = '\\t\\t\\t'\n return [\n `{`,\n p.config.useCustomSandboxSnapshotName ? `${ind}snapshot: '${p.state['snapshotName']}',` : '',\n p.config.createSandboxFromImage ? `${ind}image: Image.debianSlim(\"3.13\"),` : '',\n this.getResources(p),\n p.config.useLanguageParam ? `${ind}language: '${p.state['language']}',` : '',\n ...(p.config.createSandboxParamsExist\n ? [\n p.config.useAutoStopInterval\n ? `${ind}autoStopInterval: ${p.state['createSandboxBaseParams']['autoStopInterval']}, // ${p.state['createSandboxBaseParams']['autoStopInterval'] == 0 ? 'Disables the auto-stop feature' : `Sandbox will be stopped after ${p.state['createSandboxBaseParams']['autoStopInterval']} minute${(p.state['createSandboxBaseParams']['autoStopInterval'] as number) > 1 ? 's' : ''}`}`\n : '',\n p.config.useAutoArchiveInterval\n ? `${ind}autoArchiveInterval: ${p.state['createSandboxBaseParams']['autoArchiveInterval']}, // Auto-archive after a Sandbox has been stopped for ${p.state['createSandboxBaseParams']['autoArchiveInterval'] == 0 ? '30 days' : `${p.state['createSandboxBaseParams']['autoArchiveInterval']} minutes`}`\n : '',\n p.config.useAutoDeleteInterval\n ? `${ind}autoDeleteInterval: ${p.state['createSandboxBaseParams']['autoDeleteInterval']}, // ${p.state['createSandboxBaseParams']['autoDeleteInterval'] == 0 ? 'Sandbox will be deleted immediately after stopping' : p.state['createSandboxBaseParams']['autoDeleteInterval'] == -1 ? 'Auto-delete functionality disabled' : `Auto-delete after a Sandbox has been stopped for ${p.state['createSandboxBaseParams']['autoDeleteInterval']} minutes`}`\n : '',\n ]\n : []),\n `${ind.slice(0, -1)}}`,\n ]\n .filter(Boolean)\n .join('\\n')\n },\n\n getSandboxCreate(p) {\n return [\n '\\t\\t// Create the Sandbox instance',\n `\\t\\tconst sandbox = await daytona.create(${p.config.useSandboxCreateParams ? this.getSandboxParams(p) : ''})`,\n ].join('\\n')\n },\n\n getCodeRun(p) {\n if (!p.actions.codeToRunExists) return ''\n const ind = '\\t\\t'\n return [\n `\\n\\n${ind}// Run code securely inside the Sandbox`,\n `${ind}const codeRunResponse = await sandbox.process.codeRun(\\``,\n `${(p.state['codeRunParams'].languageCode ?? '').replace(/`/g, '\\\\`').replace(/\\$\\{/g, '\\\\${')}`, // Escape backticks and ${ to prevent breaking the template literal\n `${ind}\\`)`,\n `${ind}if (codeRunResponse.exitCode !== 0) {`,\n `${ind + '\\t'}console.error(\"Error running code:\", codeRunResponse.exitCode, codeRunResponse.result)`,\n `${ind}} else {`,\n `${ind + '\\t'}console.log(codeRunResponse.result)`,\n `${ind}}`,\n ].join('\\n')\n },\n\n getShellRun(p) {\n if (!p.actions.shellCommandExists) return ''\n const ind = '\\t\\t'\n return [\n `\\n\\n${ind}// Execute shell commands`,\n `${ind}const shellRunResponse = await sandbox.process.executeCommand('${p.state['shellCommandRunParams'].shellCommand}')`,\n `${ind}console.log(shellRunResponse.result)`,\n ].join('\\n')\n },\n\n getFileSystemOps(p) {\n const sections: string[] = []\n const ind = '\\t\\t\\t'\n const base = ind.slice(0, -1)\n\n if (p.actions.fileSystemCreateFolderParamsSet) {\n sections.push(\n [\n `${base}// Create folder with specific permissions`,\n `${base}await sandbox.fs.createFolder(\"${p.state['createFolderParams'].folderDestinationPath}\", \"${p.state['createFolderParams'].permissions}\")`,\n ].join('\\n'),\n )\n }\n\n if (p.actions.fileSystemListFilesLocationSet) {\n sections.push(\n [\n `${base}// List files in a directory`,\n `${base}const files = await sandbox.fs.listFiles(\"${p.state['listFilesParams'].directoryPath}\")`,\n `${base}files.forEach(file => {`,\n `${ind}console.log(\\`Name: \\${file.name}\\`)`,\n `${ind}console.log(\\`Is directory: \\${file.isDir}\\`)`,\n `${ind}console.log(\\`Size: \\${file.size}\\`)`,\n `${ind}console.log(\\`Modified: \\${file.modTime}\\`)`,\n `${base}})`,\n ].join('\\n'),\n )\n }\n\n if (p.actions.fileSystemDeleteFileRequiredParamsSet) {\n sections.push(\n [\n `${base}// Delete ${p.actions.useFileSystemDeleteFileRecursive ? 'directory' : 'file'}`,\n `${base}await sandbox.fs.deleteFile(\"${p.state['deleteFileParams'].filePath}\"${p.actions.useFileSystemDeleteFileRecursive ? ', true' : ''})`,\n ].join('\\n'),\n )\n }\n\n return joinGroupedSections(sections)\n },\n\n getGitOps(p) {\n const sections: string[] = []\n const ind = '\\t\\t\\t'\n const base = ind.slice(0, -1)\n\n if (p.actions.gitCloneOperationRequiredParamsSet) {\n sections.push(\n [\n `${base}// Clone git repository`,\n `${base}await sandbox.git.clone(`,\n `${ind}\"${p.state['gitCloneParams'].repositoryURL}\",`,\n `${ind}\"${p.state['gitCloneParams'].cloneDestinationPath}\",`,\n p.actions.useGitCloneBranch ? `${ind}\"${p.state['gitCloneParams'].branchToClone}\",` : '',\n p.actions.useGitCloneCommitId ? `${ind}\"${p.state['gitCloneParams'].commitToClone}\",` : '',\n p.actions.useGitCloneUsername ? `${ind}\"${p.state['gitCloneParams'].authUsername}\",` : '',\n p.actions.useGitClonePassword ? `${ind}\"${p.state['gitCloneParams'].authPassword}\"` : '',\n `${base})`,\n ]\n .filter(Boolean)\n .join('\\n'),\n )\n }\n\n if (p.actions.gitStatusOperationLocationSet) {\n sections.push(\n [\n `${base}// Get repository status`,\n `${base}const status = await sandbox.git.status(\"${p.state['gitStatusParams'].repositoryPath}\")`,\n `${base}console.log(\\`Current branch: \\${status.currentBranch}\\`)`,\n `${base}console.log(\\`Commits ahead: \\${status.ahead}\\`)`,\n `${base}console.log(\\`Commits behind: \\${status.behind}\\`)`,\n `${base}status.fileStatus.forEach(file => {`,\n `${ind}console.log(\\`File: \\${file.name}\\`)`,\n `${base}})`,\n ].join('\\n'),\n )\n }\n\n if (p.actions.gitBranchesOperationLocationSet) {\n sections.push(\n [\n `${base}// List branches`,\n `${base}const branchesResponse = await sandbox.git.branches(\"${p.state['gitBranchesParams'].repositoryPath}\")`,\n `${base}branchesResponse.branches.forEach(branch => {`,\n `${ind}console.log(\\`Branch: \\${branch}\\`)`,\n `${base}})`,\n ].join('\\n'),\n )\n }\n\n return joinGroupedSections(sections)\n },\n\n buildFullSnippet(p) {\n const imports = this.getImports(p)\n const config = this.getConfig(p)\n const client = this.getClientInit(p)\n const create = this.getSandboxCreate(p)\n const codeRun = this.getCodeRun(p)\n const shell = this.getShellRun(p)\n const fsOps = this.getFileSystemOps(p)\n const gitOps = this.getGitOps(p)\n\n return `${imports}${config}\nasync function main() {\n${client}\n\\ttry {\n${create}${fsOps}${gitOps}${codeRun}${shell}\n\\t} catch (error) {\n\\t\\tconsole.error(\"Sandbox flow error:\", error)\n\\t}\n}\nmain().catch(console.error)`\n },\n}\n" }, { "path": "apps/dashboard/src/components/Playground/Sandbox/CodeSnippets/utils.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\n/**\n * Joins grouped code snippet sections with consistent spacing.\n * Each non-empty section gets a `\\n\\n` prefix, producing a blank line between sections.\n */\nexport function joinGroupedSections(sections: string[]): string {\n const nonEmpty = sections.filter(Boolean)\n if (nonEmpty.length === 0) return ''\n return nonEmpty.map((section) => '\\n\\n' + section).join('')\n}\n" }, { "path": "apps/dashboard/src/components/Playground/Sandbox/CodeSnippetsResponse.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport PythonIcon from '@/assets/python.svg'\nimport TypescriptIcon from '@/assets/typescript.svg'\nimport CodeBlock from '@/components/CodeBlock'\nimport { CopyButton } from '@/components/CopyButton'\nimport TooltipButton from '@/components/TooltipButton'\nimport { Button } from '@/components/ui/button'\nimport { ScrollArea } from '@/components/ui/scroll-area'\nimport { Tabs, TabsContent, TabsList, TabsTrigger } from '@/components/ui/tabs'\nimport {\n FileSystemActions,\n GitOperationsActions,\n ProcessCodeExecutionActions,\n SandboxParametersSections,\n} from '@/enums/Playground'\nimport { usePlayground } from '@/hooks/usePlayground'\nimport { usePlaygroundSandbox } from '@/hooks/usePlaygroundSandbox'\nimport { createErrorMessageOutput } from '@/lib/playground'\nimport { cn } from '@/lib/utils'\nimport { CodeLanguage, Sandbox } from '@daytonaio/sdk'\nimport { ChevronUpIcon, Loader2, PanelBottom, Play, XIcon } from 'lucide-react'\nimport { ReactNode, useCallback, useEffect, useMemo, useRef, useState } from 'react'\nimport { Group, Panel, usePanelRef } from 'react-resizable-panels'\nimport ResponseCard from '../ResponseCard'\nimport { Window, WindowContent, WindowTitleBar } from '../Window'\nimport { codeSnippetGenerators, CodeSnippetParams } from './CodeSnippets'\n\nconst codeSnippetSupportedLanguages = [\n { value: CodeLanguage.PYTHON, label: 'Python', icon: PythonIcon },\n { value: CodeLanguage.TYPESCRIPT, label: 'TypeScript', icon: TypescriptIcon },\n] as const\n\nconst SECTION_SCROLL_MARKERS: Partial> = {\n [SandboxParametersSections.FILE_SYSTEM]: [\n '# Create folder',\n '# List files',\n '# Delete',\n '// Create folder',\n '// List files',\n '// Delete',\n ],\n [SandboxParametersSections.GIT_OPERATIONS]: [\n '# Clone git',\n '# Get repository',\n '# List branches',\n '// Clone git',\n '// Get repository',\n '// List branches',\n ],\n [SandboxParametersSections.PROCESS_CODE_EXECUTION]: [\n '# Run code securely',\n '# Execute shell',\n '// Run code securely',\n '// Execute shell',\n ],\n}\n\nconst SandboxCodeSnippetsResponse = ({ className }: { className?: string }) => {\n const [codeSnippetLanguage, setCodeSnippetLanguage] = useState(CodeLanguage.PYTHON)\n const [codeSnippetOutput, setCodeSnippetOutput] = useState('')\n const [isCodeSnippetRunning, setIsCodeSnippetRunning] = useState(false)\n\n const {\n sandboxParametersState,\n actionRuntimeError,\n getSandboxParametersInfo,\n enabledSections,\n pendingScrollSection,\n clearPendingScrollSection,\n } = usePlayground()\n const {\n sandbox: { create: createSandbox },\n } = usePlaygroundSandbox()\n\n const useConfigObject = false // Currently not needed, we use jwtToken for client config\n\n const fsOn = enabledSections.includes(SandboxParametersSections.FILE_SYSTEM)\n const gitOn = enabledSections.includes(SandboxParametersSections.GIT_OPERATIONS)\n const procOn = enabledSections.includes(SandboxParametersSections.PROCESS_CODE_EXECUTION)\n\n const fileSystemListFilesLocationSet = fsOn && !actionRuntimeError[FileSystemActions.LIST_FILES]\n const fileSystemCreateFolderParamsSet = fsOn && !actionRuntimeError[FileSystemActions.CREATE_FOLDER]\n const fileSystemDeleteFileRequiredParamsSet = fsOn && !actionRuntimeError[FileSystemActions.DELETE_FILE]\n const useFileSystemDeleteFileRecursive =\n fileSystemDeleteFileRequiredParamsSet && sandboxParametersState['deleteFileParams'].recursive === true\n const shellCommandExists = procOn && !actionRuntimeError[ProcessCodeExecutionActions.SHELL_COMMANDS_RUN]\n const codeToRunExists = procOn && !actionRuntimeError[ProcessCodeExecutionActions.CODE_RUN]\n const gitCloneOperationRequiredParamsSet = gitOn && !actionRuntimeError[GitOperationsActions.GIT_CLONE]\n const useGitCloneBranch = !!sandboxParametersState['gitCloneParams'].branchToClone\n const useGitCloneCommitId = !!sandboxParametersState['gitCloneParams'].commitToClone\n const useGitCloneUsername = !!sandboxParametersState['gitCloneParams'].authUsername\n const useGitClonePassword = !!sandboxParametersState['gitCloneParams'].authPassword\n const gitStatusOperationLocationSet = gitOn && !actionRuntimeError[GitOperationsActions.GIT_STATUS]\n const gitBranchesOperationLocationSet = gitOn && !actionRuntimeError[GitOperationsActions.GIT_BRANCHES_LIST]\n\n const codeScrollRef = useRef(null)\n const highlightTimersRef = useRef[]>([])\n\n const scrollToSection = useCallback((section: SandboxParametersSections) => {\n const viewport = codeScrollRef.current?.querySelector('[data-slot=scroll-area-viewport]')\n if (!viewport) return\n\n const markers = SECTION_SCROLL_MARKERS[section]\n if (!markers?.length) return\n\n const walker = document.createTreeWalker(viewport, NodeFilter.SHOW_TEXT)\n let node: Text | null\n while ((node = walker.nextNode() as Text | null)) {\n const text = node.textContent?.trim() ?? ''\n if (!markers.some((m) => text.startsWith(m))) continue\n\n const span = node.parentElement\n if (!span) continue\n\n const el = (span.closest('[class*=\"line\"]') as HTMLElement | null) ?? span\n const viewportRect = viewport.getBoundingClientRect()\n viewport.scrollTo({\n top: viewport.scrollTop + el.getBoundingClientRect().top - viewportRect.top - 32,\n behavior: 'smooth',\n })\n\n highlightTimersRef.current.forEach(clearTimeout)\n el.style.backgroundColor = 'rgba(34, 197, 94, 0.2)'\n el.style.borderRadius = '3px'\n highlightTimersRef.current = [\n setTimeout(() => {\n el.style.transition = 'background-color 1.5s ease-out'\n el.style.backgroundColor = 'rgba(34, 197, 94, 0)'\n }, 500),\n setTimeout(() => {\n el.style.backgroundColor = ''\n el.style.transition = ''\n el.style.borderRadius = ''\n }, 2100),\n ]\n return\n }\n }, [])\n\n useEffect(() => {\n if (!pendingScrollSection) return\n requestAnimationFrame(() => {\n scrollToSection(pendingScrollSection)\n clearPendingScrollSection()\n })\n }, [pendingScrollSection, scrollToSection, clearPendingScrollSection])\n\n const codeSnippetParams = useMemo(\n () => ({\n state: sandboxParametersState,\n config: getSandboxParametersInfo(),\n actions: {\n useConfigObject,\n fileSystemListFilesLocationSet,\n fileSystemCreateFolderParamsSet,\n fileSystemDeleteFileRequiredParamsSet,\n useFileSystemDeleteFileRecursive,\n shellCommandExists,\n codeToRunExists,\n gitCloneOperationRequiredParamsSet,\n useGitCloneBranch,\n useGitCloneCommitId,\n useGitCloneUsername,\n useGitClonePassword,\n gitStatusOperationLocationSet,\n gitBranchesOperationLocationSet,\n },\n }),\n [\n sandboxParametersState,\n getSandboxParametersInfo,\n useConfigObject,\n fileSystemListFilesLocationSet,\n fileSystemCreateFolderParamsSet,\n fileSystemDeleteFileRequiredParamsSet,\n useFileSystemDeleteFileRecursive,\n shellCommandExists,\n codeToRunExists,\n gitCloneOperationRequiredParamsSet,\n useGitCloneBranch,\n useGitCloneCommitId,\n useGitCloneUsername,\n useGitClonePassword,\n gitStatusOperationLocationSet,\n gitBranchesOperationLocationSet,\n ],\n )\n\n const sandboxCodeSnippetsData = useMemo(\n () => ({\n [CodeLanguage.PYTHON]: { code: codeSnippetGenerators[CodeLanguage.PYTHON].buildFullSnippet(codeSnippetParams) },\n [CodeLanguage.TYPESCRIPT]: {\n code: codeSnippetGenerators[CodeLanguage.TYPESCRIPT].buildFullSnippet(codeSnippetParams),\n },\n }),\n [codeSnippetParams],\n )\n\n const runCodeSnippet = async () => {\n setIsCodeSnippetRunning(true)\n let codeSnippetOutput = 'Creating sandbox...\\n'\n setCodeSnippetOutput(codeSnippetOutput)\n let sandbox: Sandbox | undefined\n\n try {\n sandbox = await createSandbox()\n codeSnippetOutput = `Sandbox successfully created: ${sandbox.id}\\n`\n setCodeSnippetOutput(codeSnippetOutput)\n if (codeToRunExists) {\n setCodeSnippetOutput(codeSnippetOutput + '\\nRunning code...')\n const codeRunResponse = await sandbox.process.codeRun(\n sandboxParametersState['codeRunParams'].languageCode as string,\n ) // codeToRunExists guarantees that value isn't undefined so we put as string to silence TS compiler\n codeSnippetOutput += `\\nCode run result: ${codeRunResponse.result}`\n setCodeSnippetOutput(codeSnippetOutput)\n }\n if (shellCommandExists) {\n setCodeSnippetOutput(codeSnippetOutput + '\\nRunning shell command...')\n const shellCommandResponse = await sandbox.process.executeCommand(\n sandboxParametersState['shellCommandRunParams'].shellCommand as string, // shellCommandExists guarantees that value isn't undefined so we put as string to silence TS compiler\n )\n codeSnippetOutput += `\\nShell command result: ${shellCommandResponse.result}`\n setCodeSnippetOutput(codeSnippetOutput)\n }\n let codeRunShellCommandFinishedMessage = '\\n'\n if (codeToRunExists && shellCommandExists) {\n codeRunShellCommandFinishedMessage += '🎉 Code and shell command executed successfully.'\n } else if (codeToRunExists) {\n codeRunShellCommandFinishedMessage += '🎉 Code executed successfully.'\n } else if (shellCommandExists) {\n codeRunShellCommandFinishedMessage += '🎉 Shell command executed successfully.'\n }\n codeSnippetOutput += codeRunShellCommandFinishedMessage + '\\n'\n setCodeSnippetOutput(codeSnippetOutput)\n if (fileSystemCreateFolderParamsSet) {\n setCodeSnippetOutput(codeSnippetOutput + '\\nCreating directory...')\n await sandbox.fs.createFolder(\n sandboxParametersState['createFolderParams'].folderDestinationPath,\n sandboxParametersState['createFolderParams'].permissions,\n )\n codeSnippetOutput += '\\n🎉 Directory created successfully.\\n'\n setCodeSnippetOutput(codeSnippetOutput)\n }\n if (fileSystemListFilesLocationSet) {\n setCodeSnippetOutput(codeSnippetOutput + '\\nListing directory files...')\n const files = await sandbox.fs.listFiles(sandboxParametersState['listFilesParams'].directoryPath)\n codeSnippetOutput += '\\nDirectory content:'\n codeSnippetOutput += '\\n'\n files.forEach((file) => {\n codeSnippetOutput += `Name: ${file.name}\\n`\n codeSnippetOutput += `Is directory: ${file.isDir}\\n`\n codeSnippetOutput += `Size: ${file.size}\\n`\n codeSnippetOutput += `Modified: ${file.modTime}\\n`\n })\n setCodeSnippetOutput(codeSnippetOutput)\n }\n if (fileSystemDeleteFileRequiredParamsSet) {\n setCodeSnippetOutput(\n codeSnippetOutput + `\\nDeleting ${useFileSystemDeleteFileRecursive ? 'directory' : 'file'}...`,\n )\n await sandbox.fs.deleteFile(\n sandboxParametersState['deleteFileParams'].filePath,\n useFileSystemDeleteFileRecursive || false,\n )\n codeSnippetOutput += `\\n🎉 ${useFileSystemDeleteFileRecursive ? 'Directory' : 'File'} deleted successfully.\\n`\n setCodeSnippetOutput(codeSnippetOutput)\n }\n if (gitCloneOperationRequiredParamsSet) {\n setCodeSnippetOutput(codeSnippetOutput + '\\nCloning repo...')\n await sandbox.git.clone(\n sandboxParametersState['gitCloneParams'].repositoryURL,\n sandboxParametersState['gitCloneParams'].cloneDestinationPath,\n useGitCloneBranch ? sandboxParametersState['gitCloneParams'].branchToClone : undefined,\n useGitCloneCommitId ? sandboxParametersState['gitCloneParams'].commitToClone : undefined,\n useGitCloneUsername ? sandboxParametersState['gitCloneParams'].authUsername : undefined,\n useGitClonePassword ? sandboxParametersState['gitCloneParams'].authPassword : undefined,\n )\n codeSnippetOutput += '\\n🎉 Repository cloned successfully.\\n'\n setCodeSnippetOutput(codeSnippetOutput)\n }\n if (gitStatusOperationLocationSet) {\n setCodeSnippetOutput(codeSnippetOutput + '\\nFetching repository status...')\n const status = await sandbox.git.status(sandboxParametersState['gitStatusParams'].repositoryPath)\n codeSnippetOutput += `\\nCurrent branch: ${status.currentBranch}\\n`\n codeSnippetOutput += `Commits ahead: ${status.ahead}\\n`\n codeSnippetOutput += `Commits behind: ${status.behind}\\n`\n status.fileStatus.forEach((file) => (codeSnippetOutput += `File: ${file.name}\\n`))\n setCodeSnippetOutput(codeSnippetOutput)\n }\n if (gitBranchesOperationLocationSet) {\n setCodeSnippetOutput(codeSnippetOutput + '\\nFetching repository branches...')\n const response = await sandbox.git.branches(sandboxParametersState['gitBranchesParams'].repositoryPath)\n codeSnippetOutput += '\\n'\n response.branches.forEach((branch) => (codeSnippetOutput += `Branch: ${branch}\\n`))\n setCodeSnippetOutput(codeSnippetOutput)\n }\n setCodeSnippetOutput(codeSnippetOutput + '\\nSandbox session finished.')\n } catch (error) {\n console.error(error)\n setCodeSnippetOutput(\n <>\n {codeSnippetOutput}\n
\n {createErrorMessageOutput(error)}\n ,\n )\n } finally {\n setIsCodeSnippetRunning(false)\n }\n }\n\n const resultPanelRef = usePanelRef()\n\n return (\n \n Sandbox Code\n \n setCodeSnippetLanguage(languageValue as CodeLanguage)}\n >\n
\n \n {codeSnippetSupportedLanguages.map((language) => (\n \n
\n {`${language.label}\n {language.label}\n
\n \n ))}\n \n
\n {\n runCodeSnippet()\n if (resultPanelRef.current?.isCollapsed()) {\n resultPanelRef.current.resize(100)\n }\n }}\n >\n {isCodeSnippetRunning ? : } Run\n \n {\n if (resultPanelRef.current?.isCollapsed()) {\n resultPanelRef.current.resize('20%')\n } else {\n resultPanelRef.current?.collapse()\n }\n }}\n >\n \n \n
\n
\n \n \n
\n {codeSnippetSupportedLanguages.map((language) => (\n \n \n \n \n \n \n ))}\n
\n \n\n \n
\n
\n
Result
\n
\n resultPanelRef.current?.resize('80%')}\n tooltipText=\"Maximize\"\n className=\"h-6 w-6\"\n size=\"sm\"\n variant=\"ghost\"\n >\n \n \n resultPanelRef.current?.collapse()}\n >\n \n \n
\n
\n
\n Code output will be shown here...
\n )\n }\n />\n
\n \n \n \n \n \n \n )\n}\n\nexport default SandboxCodeSnippetsResponse\n" }, { "path": "apps/dashboard/src/components/Playground/Sandbox/Parameters/FileSystem.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n CreateFolderParams,\n DeleteFileParams,\n FileSystemActionFormData,\n ListFilesParams,\n ParameterFormData,\n ParameterFormItem,\n} from '@/contexts/PlaygroundContext'\nimport { FileSystemActions } from '@/enums/Playground'\nimport { usePlayground } from '@/hooks/usePlayground'\nimport PlaygroundActionForm from '../../ActionForm'\nimport FormCheckboxInput from '../../Inputs/CheckboxInput'\nimport InlineInputFormControl from '../../Inputs/InlineInputFormControl'\nimport FormTextInput from '../../Inputs/TextInput'\n\nconst SandboxFileSystem: React.FC = () => {\n const { sandboxParametersState, playgroundActionParamValueSetter } = usePlayground()\n const createFolderParams = sandboxParametersState['createFolderParams']\n const listFilesParams = sandboxParametersState['listFilesParams']\n const deleteFileParams = sandboxParametersState['deleteFileParams']\n\n const listFilesDirectoryFormData: ParameterFormItem & { key: 'directoryPath' } = {\n label: 'Directory location',\n key: 'directoryPath',\n placeholder: 'Directory path to list',\n required: true,\n }\n\n const createFolderParamsFormData: ParameterFormData = [\n {\n label: 'Folder location',\n key: 'folderDestinationPath',\n placeholder: 'Path where the directory should be created',\n required: true,\n },\n {\n label: 'Permissions',\n key: 'permissions',\n placeholder: 'Directory permissions in octal format (e.g. \"755\")',\n required: true,\n },\n ]\n\n const deleteFileLocationFormData: ParameterFormItem & { key: 'filePath' } = {\n label: 'File location',\n key: 'filePath',\n placeholder: 'Path to the file or directory to delete',\n required: true,\n }\n const deleteFileRecursiveFormData: ParameterFormItem & { key: 'recursive' } = {\n label: 'Delete directory',\n key: 'recursive',\n placeholder: 'If the file is a directory, this must be true to delete it.',\n }\n\n const fileSystemActionsFormData: FileSystemActionFormData[] =\n [\n {\n methodName: FileSystemActions.CREATE_FOLDER,\n label: 'createFolder()',\n description: 'Creates a new directory in the Sandbox at the specified path with the given permissions',\n parametersFormItems: createFolderParamsFormData,\n parametersState: createFolderParams,\n },\n {\n methodName: FileSystemActions.LIST_FILES,\n label: 'listFiles()',\n description: 'Lists files and directories in a given path and returns their information',\n parametersFormItems: [listFilesDirectoryFormData],\n parametersState: listFilesParams,\n },\n {\n methodName: FileSystemActions.DELETE_FILE,\n label: 'deleteFile()',\n description: 'Deletes a file from the Sandbox',\n parametersFormItems: [deleteFileLocationFormData, deleteFileRecursiveFormData],\n parametersState: deleteFileParams,\n },\n ]\n\n return (\n
\n {fileSystemActionsFormData.map((fileSystemAction) => (\n
\n actionFormItem={fileSystemAction} hideRunActionButton />\n
\n {fileSystemAction.methodName === FileSystemActions.LIST_FILES && (\n \n \n playgroundActionParamValueSetter(\n fileSystemAction,\n listFilesDirectoryFormData,\n 'listFilesParams',\n value,\n )\n }\n />\n \n )}\n {fileSystemAction.methodName === FileSystemActions.CREATE_FOLDER && (\n <>\n {createFolderParamsFormData.map((createFolderParamFormItem) => (\n \n \n playgroundActionParamValueSetter(\n fileSystemAction,\n createFolderParamFormItem,\n 'createFolderParams',\n value,\n )\n }\n />\n \n ))}\n \n )}\n {fileSystemAction.methodName === FileSystemActions.DELETE_FILE && (\n <>\n \n \n playgroundActionParamValueSetter(\n fileSystemAction,\n deleteFileLocationFormData,\n 'deleteFileParams',\n value,\n )\n }\n />\n \n \n \n playgroundActionParamValueSetter(\n fileSystemAction,\n deleteFileRecursiveFormData,\n 'deleteFileParams',\n checked,\n )\n }\n />\n \n \n )}\n
\n
\n ))}\n
\n )\n}\n\nexport default SandboxFileSystem\n" }, { "path": "apps/dashboard/src/components/Playground/Sandbox/Parameters/GitOperations.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n GitBranchesParams,\n GitCloneParams,\n GitOperationsActionFormData,\n GitStatusParams,\n ParameterFormData,\n ParameterFormItem,\n} from '@/contexts/PlaygroundContext'\nimport { GitOperationsActions } from '@/enums/Playground'\nimport { usePlayground } from '@/hooks/usePlayground'\nimport PlaygroundActionForm from '../../ActionForm'\nimport InlineInputFormControl from '../../Inputs/InlineInputFormControl'\nimport FormTextInput from '../../Inputs/TextInput'\n\nconst SandboxGitOperations: React.FC = () => {\n const { sandboxParametersState, playgroundActionParamValueSetter } = usePlayground()\n const gitCloneParams = sandboxParametersState['gitCloneParams']\n const gitStatusParams = sandboxParametersState['gitStatusParams']\n const gitBranchesParams = sandboxParametersState['gitBranchesParams']\n\n const gitCloneParamsFormData: ParameterFormData = [\n { label: 'URL', key: 'repositoryURL', placeholder: 'Repository URL to clone from', required: true },\n {\n label: 'Destination',\n key: 'cloneDestinationPath',\n placeholder: 'Path where the repository should be cloned',\n required: true,\n },\n { label: 'Branch', key: 'branchToClone', placeholder: 'Specific branch to clone' },\n { label: 'Commit', key: 'commitToClone', placeholder: 'Specific commit to clone' },\n { label: 'Username', key: 'authUsername', placeholder: 'Git username for authentication' },\n { label: 'Password', key: 'authPassword', placeholder: 'Git password or token for authentication' },\n ]\n\n const gitRepoLocationFormData: ParameterFormItem & { key: 'repositoryPath' } = {\n label: 'Repo location',\n key: 'repositoryPath',\n placeholder: 'Path to the Git repository root',\n required: true,\n }\n\n const gitOperationsActionsFormData: GitOperationsActionFormData<\n GitCloneParams | GitStatusParams | GitBranchesParams\n >[] = [\n {\n methodName: GitOperationsActions.GIT_CLONE,\n label: 'clone()',\n description: 'Clones a Git repository into the specified path',\n parametersFormItems: gitCloneParamsFormData,\n parametersState: gitCloneParams,\n },\n {\n methodName: GitOperationsActions.GIT_STATUS,\n label: 'status()',\n description: 'Gets the current Git repository status',\n parametersFormItems: [gitRepoLocationFormData],\n parametersState: gitStatusParams,\n },\n {\n methodName: GitOperationsActions.GIT_BRANCHES_LIST,\n label: 'branches()',\n description: 'Lists branches in the repository',\n parametersFormItems: [gitRepoLocationFormData],\n parametersState: gitBranchesParams,\n },\n ]\n\n return (\n
\n {gitOperationsActionsFormData.map((gitOperationsAction) => (\n
\n actionFormItem={gitOperationsAction} hideRunActionButton />\n
\n {gitOperationsAction.methodName === GitOperationsActions.GIT_CLONE && (\n <>\n {gitCloneParamsFormData.map((gitCloneParamFormItem) => (\n \n \n playgroundActionParamValueSetter(\n gitOperationsAction,\n gitCloneParamFormItem,\n 'gitCloneParams',\n value,\n )\n }\n />\n \n ))}\n \n )}\n {gitOperationsAction.methodName === GitOperationsActions.GIT_STATUS && (\n \n \n playgroundActionParamValueSetter(\n gitOperationsAction,\n gitRepoLocationFormData,\n 'gitStatusParams',\n value,\n )\n }\n />\n \n )}\n {gitOperationsAction.methodName === GitOperationsActions.GIT_BRANCHES_LIST && (\n \n \n playgroundActionParamValueSetter(\n gitOperationsAction,\n gitRepoLocationFormData,\n 'gitBranchesParams',\n value,\n )\n }\n />\n \n )}\n
\n
\n ))}\n
\n )\n}\n\nexport default SandboxGitOperations\n" }, { "path": "apps/dashboard/src/components/Playground/Sandbox/Parameters/Management.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Tooltip } from '@/components/Tooltip'\nimport { Label } from '@/components/ui/label'\nimport { SANDBOX_SNAPSHOT_DEFAULT_VALUE } from '@/constants/Playground'\nimport { NumberParameterFormItem, ParameterFormItem } from '@/contexts/PlaygroundContext'\nimport { usePlayground } from '@/hooks/usePlayground'\nimport { getLanguageCodeToRun } from '@/lib/playground'\nimport { SnapshotDto } from '@daytonaio/api-client'\nimport { CodeLanguage, Resources } from '@daytonaio/sdk'\nimport { HelpCircleIcon } from 'lucide-react'\nimport InlineInputFormControl from '../../Inputs/InlineInputFormControl'\nimport FormNumberInput from '../../Inputs/NumberInput'\nimport FormSelectInput from '../../Inputs/SelectInput'\nimport StackedInputFormControl from '../../Inputs/StackedInputFormControl'\nimport { useEffect } from 'react'\n\n// TODO - Currently, snapshot selection is not supported in the Playground, so props are hardcoded to an empty array and false for loading. We keep snapshot parts commented to enable it in future if requested by users. Also, sandbox creation and code snippet generation suppoort snapshot selection, so they will work when snapshot selection is enabled in the UI without requiring any additional changes. Currently, the snapshot value is fixed to 'Default'\ntype SandboxManagementParametersProps = {\n snapshotsData: Array\n snapshotsLoading: boolean\n}\n\nconst SandboxManagementParameters: React.FC = ({\n snapshotsData,\n snapshotsLoading,\n}) => {\n const { sandboxParametersState, setSandboxParameterValue } = usePlayground()\n const sandboxLanguage = sandboxParametersState['language']\n const sandboxSnapshotName = sandboxParametersState['snapshotName']\n const resources = sandboxParametersState['resources']\n const sandboxFromImageParams = sandboxParametersState['createSandboxBaseParams']\n\n const languageFormData: ParameterFormItem = {\n label: 'Language',\n key: 'language',\n placeholder: 'Select sandbox language',\n }\n\n // const sandboxSnapshotFormData: ParameterFormItem = {\n // label: 'Snapshot',\n // key: 'snapshotName',\n // placeholder: 'Select sandbox snapshot',\n // }\n\n // Available languages\n const languageOptions = [\n {\n value: CodeLanguage.PYTHON,\n label: 'Python (default)',\n },\n {\n value: CodeLanguage.TYPESCRIPT,\n label: 'TypeScript',\n },\n {\n value: CodeLanguage.JAVASCRIPT,\n label: 'JavaScript',\n },\n ]\n const resourcesFormData: (NumberParameterFormItem & { key: keyof Resources })[] = [\n { label: 'Compute (vCPU)', key: 'cpu', min: 1, max: Infinity, placeholder: '1' },\n { label: 'Memory (GiB)', key: 'memory', min: 1, max: Infinity, placeholder: '1' },\n { label: 'Storage (GiB)', key: 'disk', min: 1, max: Infinity, placeholder: '3' },\n ]\n\n const lifecycleParamsFormData: (NumberParameterFormItem & {\n key: 'autoStopInterval' | 'autoArchiveInterval' | 'autoDeleteInterval'\n })[] = [\n { label: 'Stop (min)', key: 'autoStopInterval', min: 0, max: Infinity, placeholder: '15' },\n { label: 'Archive (min)', key: 'autoArchiveInterval', min: 0, max: Infinity, placeholder: '7' },\n { label: 'Delete (min)', key: 'autoDeleteInterval', min: -1, max: Infinity, placeholder: '' },\n ]\n\n // Change code to run based on selected sandbox language\n useEffect(() => {\n setSandboxParameterValue('codeRunParams', {\n languageCode: getLanguageCodeToRun(sandboxParametersState.language),\n })\n }, [sandboxParametersState.language, setSandboxParameterValue])\n\n const nonDefaultSnapshotSelected = sandboxSnapshotName && sandboxSnapshotName !== SANDBOX_SNAPSHOT_DEFAULT_VALUE\n\n return (\n <>\n \n {\n setSandboxParameterValue(languageFormData.key as 'language', value as CodeLanguage)\n }}\n />\n \n {/* \n ({\n value: snapshot.name,\n label: snapshot.name,\n })),\n ]}\n loading={snapshotsLoading}\n selectValue={sandboxSnapshotName}\n formItem={sandboxSnapshotFormData}\n onChangeHandler={(snapshotName) => {\n setSandboxParameterValue(sandboxSnapshotFormData.key as 'snapshotName', snapshotName)\n }}\n />\n */}\n
\n
\n \n {nonDefaultSnapshotSelected && (\n \n Resources cannot be modified when a non-default snapshot is selected.\n
\n }\n label={\n \n }\n />\n )}\n
\n
\n {resourcesFormData.map((resourceParamFormItem) => (\n \n {\n setSandboxParameterValue('resources', { ...resources, [resourceParamFormItem.key]: value })\n }}\n />\n \n ))}\n
\n \n
\n \n
\n {lifecycleParamsFormData.map((lifecycleParamFormItem) => (\n \n {\n setSandboxParameterValue('createSandboxBaseParams', {\n ...sandboxFromImageParams,\n [lifecycleParamFormItem.key]: value,\n })\n }}\n />\n \n ))}\n
\n
\n \n )\n}\n\nexport default SandboxManagementParameters\n" }, { "path": "apps/dashboard/src/components/Playground/Sandbox/Parameters/ProcessCodeExecution.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport CodeBlock from '@/components/CodeBlock'\nimport {\n CodeRunParams,\n ParameterFormItem,\n ProcessCodeExecutionOperationsActionFormData,\n ShellCommandRunParams,\n} from '@/contexts/PlaygroundContext'\nimport { ProcessCodeExecutionActions } from '@/enums/Playground'\nimport { usePlayground } from '@/hooks/usePlayground'\nimport { CodeLanguage } from '@daytonaio/sdk'\nimport PlaygroundActionForm from '../../ActionForm'\nimport StackedInputFormControl from '../../Inputs/StackedInputFormControl'\n\nconst SandboxProcessCodeExecution: React.FC = () => {\n const { sandboxParametersState, setSandboxParameterValue } = usePlayground()\n const codeRunParams = sandboxParametersState['codeRunParams']\n const shellCommandRunParams = sandboxParametersState['shellCommandRunParams']\n\n const codeRunLanguageCodeFormData: ParameterFormItem & { key: 'languageCode' } = {\n label: 'Code to execute',\n key: 'languageCode',\n placeholder: 'Write the code you want to execute inside the sandbox',\n required: true,\n }\n\n const shellCommandFormData: ParameterFormItem & { key: 'shellCommand' } = {\n label: 'Shell command',\n key: 'shellCommand',\n placeholder: 'Enter a shell command to run inside the sandbox',\n required: true,\n }\n\n const processCodeExecutionActionsFormData: ProcessCodeExecutionOperationsActionFormData<\n CodeRunParams | ShellCommandRunParams\n >[] = [\n {\n methodName: ProcessCodeExecutionActions.CODE_RUN,\n label: 'codeRun()',\n description: 'Executes code in the Sandbox using the appropriate language runtime',\n parametersFormItems: [codeRunLanguageCodeFormData],\n parametersState: codeRunParams,\n },\n {\n methodName: ProcessCodeExecutionActions.SHELL_COMMANDS_RUN,\n label: 'executeCommand()',\n description: 'Executes a shell command in the Sandbox',\n parametersFormItems: [shellCommandFormData],\n parametersState: shellCommandRunParams,\n },\n ]\n\n //TODO -> Currently codeRun and executeCommand values are fixed -> when we enable user to define them implement onChange handlers with validatePlaygroundActionWithParams logic\n return (\n
\n {processCodeExecutionActionsFormData.map((processCodeExecutionAction) => (\n
\n \n actionFormItem={processCodeExecutionAction}\n hideRunActionButton\n />\n
\n {processCodeExecutionAction.methodName === ProcessCodeExecutionActions.CODE_RUN && (\n \n \n \n )}\n {processCodeExecutionAction.methodName === ProcessCodeExecutionActions.SHELL_COMMANDS_RUN && (\n \n \n \n )}\n
\n
\n ))}\n
\n )\n}\n\nexport default SandboxProcessCodeExecution\n" }, { "path": "apps/dashboard/src/components/Playground/Sandbox/Parameters/index.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Accordion, AccordionContent, AccordionItem, AccordionTrigger } from '@/components/ui/accordion'\nimport { Switch } from '@/components/ui/switch'\nimport { SandboxParametersSections } from '@/enums/Playground'\nimport { usePlayground } from '@/hooks/usePlayground'\nimport { cn } from '@/lib/utils'\nimport { BoltIcon, FolderIcon, GitBranchIcon, SquareTerminalIcon } from 'lucide-react'\nimport SandboxFileSystem from './FileSystem'\nimport SandboxGitOperations from './GitOperations'\nimport SandboxManagementParameters from './Management'\nimport SandboxProcessCodeExecution from './ProcessCodeExecution'\n\nconst sandboxParametersSectionsData = [\n { value: SandboxParametersSections.SANDBOX_MANAGEMENT, label: 'Management' },\n { value: SandboxParametersSections.FILE_SYSTEM, label: 'File System' },\n { value: SandboxParametersSections.GIT_OPERATIONS, label: 'Git Operations' },\n { value: SandboxParametersSections.PROCESS_CODE_EXECUTION, label: 'Process & Code Execution' },\n]\n\nconst sectionIcons = {\n [SandboxParametersSections.SANDBOX_MANAGEMENT]: ,\n [SandboxParametersSections.GIT_OPERATIONS]: ,\n [SandboxParametersSections.FILE_SYSTEM]: ,\n [SandboxParametersSections.PROCESS_CODE_EXECUTION]: ,\n}\n\nconst SandboxParameters = ({ className }: { className?: string }) => {\n const { openedParametersSections, setOpenedParametersSections, enabledSections, enableSection, disableSection } =\n usePlayground()\n\n // TODO - Currently, snapshot selection is not supported in the Playground, so we are using empty array and false for loading. We keep to code commented to enable it in future if requested by users.\n // const { snapshotApi } = useApi()\n // const { selectedOrganization } = useSelectedOrganization()\n\n // const { data: snapshotsData = [], isLoading: snapshotsLoading } = useQuery({\n // queryKey: ['snapshots', selectedOrganization?.id, 'all'],\n // queryFn: async () => {\n // if (!selectedOrganization) return []\n // const response = await snapshotApi.getAllSnapshots(selectedOrganization.id)\n // return response.data.items\n // },\n // enabled: !!selectedOrganization,\n // })\n\n return (\n
\n
\n

Sandbox Configuration

\n

Manage resources, lifecycle policies, and file systems.

\n
\n setOpenedParametersSections(sections as SandboxParametersSections[])}\n >\n {sandboxParametersSectionsData.map((section) => {\n const isManagement = section.value === SandboxParametersSections.SANDBOX_MANAGEMENT\n const isEnabled = enabledSections.includes(section.value as SandboxParametersSections)\n const isExpanded = openedParametersSections.includes(section.value as SandboxParametersSections)\n return (\n \n \n checked\n ? enableSection(section.value as SandboxParametersSections)\n : disableSection(section.value as SandboxParametersSections)\n }\n size=\"sm\"\n className=\"ml-3\"\n />\n ) : undefined\n }\n >\n
\n {sectionIcons[section.value]} {section.label}\n
\n \n \n {isExpanded && (\n
\n {section.value === SandboxParametersSections.FILE_SYSTEM && }\n {section.value === SandboxParametersSections.GIT_OPERATIONS && }\n {section.value === SandboxParametersSections.SANDBOX_MANAGEMENT && (\n \n )}\n {section.value === SandboxParametersSections.PROCESS_CODE_EXECUTION && (\n \n )}\n
\n )}\n \n \n )\n })}\n \n
\n )\n}\n\nexport default SandboxParameters\n" }, { "path": "apps/dashboard/src/components/Playground/Terminal/Description.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\n'use client'\n\nimport { CopyButton } from '@/components/CopyButton'\nimport { TerminalIcon } from 'lucide-react'\n\nconst sampleCommands = ['ls -la', 'top', 'ps aux', 'df -h']\n\nconst TerminalCommand = ({ value }: { value: string }) => {\n return (\n
\n \n $\n {value}\n \n svg]:size-3\" />\n
\n )\n}\n\nconst TerminalDescription: React.FC = () => {\n return (\n
\n
\n

Web Terminal

\n

\n Run commands, view files, and debug directly in the browser.\n

\n
\n
\n

\n \n Common Commands\n

\n
    \n {sampleCommands.map((cmd) => (\n
  • \n \n
    • \n ))}\n
\n
\n
\n )\n}\n\nexport default TerminalDescription\n" }, { "path": "apps/dashboard/src/components/Playground/Terminal/WebTerminal.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Button } from '@/components/ui/button'\nimport { Spinner } from '@/components/ui/spinner'\nimport { usePlaygroundSandbox } from '@/hooks/usePlaygroundSandbox'\nimport { AnimatePresence, motion } from 'framer-motion'\nimport { RefreshCcw } from 'lucide-react'\nimport { Window, WindowContent, WindowTitleBar } from '../Window'\n\nconst motionLoadingProps = {\n initial: { opacity: 0, y: 10 },\n animate: { opacity: 1, y: 0 },\n exit: { opacity: 0, y: -10 },\n transition: { duration: 0.175 },\n}\n\nconst WebTerminal: React.FC<{ className?: string }> = ({ className }) => {\n const { sandbox, terminal } = usePlaygroundSandbox()\n const loadingTerminalUrl = terminal.loading || (!sandbox.instance && !sandbox.error)\n\n return (\n \n Sandbox Terminal\n \n
*]:flex-1\">\n {loadingTerminalUrl || !terminal.url ? (\n
\n \n {loadingTerminalUrl ? (\n \n Loading terminal...\n \n ) : (\n \n There was an error loading the terminal.\n {sandbox.instance ? (\n \n ) : (\n sandbox.error && {sandbox.error}\n )}\n \n )}\n \n
\n ) : (\n \n \n\n \n \n \n\n \n \n \n\n \n \n \n\n {spendingTabAvailable && (\n \n \n \n )}\n \n \n \n )\n}\n\nexport default SandboxDetailsSheet\n" }, { "path": "apps/dashboard/src/components/SandboxTable/BulkActionAlertDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n AlertDialog,\n AlertDialogAction,\n AlertDialogCancel,\n AlertDialogContent,\n AlertDialogDescription,\n AlertDialogFooter,\n AlertDialogHeader,\n AlertDialogTitle,\n} from '../ui/alert-dialog'\n\nexport enum BulkAction {\n Delete = 'delete',\n Start = 'start',\n Stop = 'stop',\n Archive = 'archive',\n}\n\ninterface BulkActionData {\n title: string\n description: string\n buttonLabel: string\n buttonVariant?: 'destructive'\n}\n\nfunction getBulkActionData(action: BulkAction, count: number): BulkActionData {\n const countText = count === 1 ? 'this sandbox' : `these ${count} selected sandboxes`\n\n switch (action) {\n case BulkAction.Delete:\n return {\n title: 'Delete Sandboxes',\n description: `Are you sure you want to delete ${countText}? This action cannot be undone.`,\n buttonLabel: 'Delete',\n buttonVariant: 'destructive',\n }\n case BulkAction.Start:\n return {\n title: 'Start Sandboxes',\n description: `Are you sure you want to start ${countText}?`,\n buttonLabel: 'Start',\n }\n case BulkAction.Stop:\n return {\n title: 'Stop Sandboxes',\n description: `Are you sure you want to stop ${countText}?`,\n buttonLabel: 'Stop',\n }\n case BulkAction.Archive:\n return {\n title: 'Archive Sandboxes',\n description: `Are you sure you want to archive ${countText}? Archived sandboxes can be restored later.`,\n buttonLabel: 'Archive',\n }\n }\n}\n\ninterface BulkActionAlertDialogProps {\n action: BulkAction | null\n count: number\n onConfirm: () => void\n onCancel: () => void\n}\n\nexport function BulkActionAlertDialog({ action, count, onConfirm, onCancel }: BulkActionAlertDialogProps) {\n const data = action ? getBulkActionData(action, count) : null\n\n if (!data) return null\n\n return (\n !open && onCancel()}>\n \n <>\n \n {data.title}\n {data.description}\n \n \n Cancel\n \n {data.buttonLabel}\n \n \n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/SandboxState.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { SandboxState as SandboxStateType } from '@daytonaio/api-client'\nimport { Tooltip, TooltipContent, TooltipTrigger } from '../ui/tooltip'\nimport { getStateLabel } from './constants'\nimport { STATE_ICONS } from './state-icons'\n\ninterface SandboxStateProps {\n state?: SandboxStateType\n errorReason?: string\n recoverable?: boolean\n}\n\nexport function SandboxState({ state, errorReason, recoverable }: SandboxStateProps) {\n if (!state) return null\n const stateIcon = recoverable ? STATE_ICONS['RECOVERY'] : STATE_ICONS[state] || STATE_ICONS[SandboxStateType.UNKNOWN]\n const label = getStateLabel(state)\n\n if (state === SandboxStateType.ERROR || state === SandboxStateType.BUILD_FAILED) {\n const errorColor = recoverable ? 'text-yellow-600 dark:text-yellow-400' : 'text-red-600 dark:text-red-400'\n\n const errorContent = (\n
\n
{stateIcon}
\n {label}\n
\n )\n\n if (!errorReason) {\n return errorContent\n }\n\n return (\n \n {errorContent}\n \n

{errorReason}

\n \n \n )\n }\n\n return (\n
\n
{stateIcon}
\n {label}\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/SandboxTableActions.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { RoutePath } from '@/enums/RoutePath'\nimport { SandboxState } from '@daytonaio/api-client'\nimport { Terminal, MoreVertical, Play, Square, Loader2, Wrench } from 'lucide-react'\nimport { generatePath, useNavigate } from 'react-router-dom'\nimport { Button } from '../ui/button'\nimport {\n DropdownMenu,\n DropdownMenuContent,\n DropdownMenuItem,\n DropdownMenuSeparator,\n DropdownMenuTrigger,\n} from '../ui/dropdown-menu'\nimport { SandboxTableActionsProps } from './types'\nimport { useMemo } from 'react'\n\nexport function SandboxTableActions({\n sandbox,\n writePermitted,\n deletePermitted,\n isLoading,\n onStart,\n onStop,\n onDelete,\n onArchive,\n onVnc,\n onOpenWebTerminal,\n onCreateSshAccess,\n onRevokeSshAccess,\n onRecover,\n onScreenRecordings,\n}: SandboxTableActionsProps) {\n const navigate = useNavigate()\n\n const menuItems = useMemo(() => {\n const items = []\n\n items.push({\n key: 'open',\n label: 'Open',\n onClick: () => navigate(generatePath(RoutePath.SANDBOX_DETAILS, { sandboxId: sandbox.id })),\n disabled: isLoading,\n })\n\n if (writePermitted) {\n if (sandbox.state === SandboxState.STARTED) {\n items.push({\n key: 'vnc',\n label: 'VNC',\n onClick: () => onVnc(sandbox.id),\n disabled: isLoading,\n })\n items.push({\n key: 'screen-recordings',\n label: 'Screen Recordings',\n onClick: () => onScreenRecordings(sandbox.id),\n disabled: isLoading,\n })\n items.push({\n key: 'stop',\n label: 'Stop',\n onClick: () => onStop(sandbox.id),\n disabled: isLoading,\n })\n } else if (sandbox.state === SandboxState.STOPPED || sandbox.state === SandboxState.ARCHIVED) {\n items.push({\n key: 'start',\n label: 'Start',\n onClick: () => onStart(sandbox.id),\n disabled: isLoading,\n })\n } else if (sandbox.state === SandboxState.ERROR && sandbox.recoverable) {\n items.push({\n key: 'recover',\n label: 'Recover',\n onClick: () => onRecover(sandbox.id),\n disabled: isLoading,\n })\n }\n\n if (sandbox.state === SandboxState.STOPPED) {\n items.push({\n key: 'archive',\n label: 'Archive',\n onClick: () => onArchive(sandbox.id),\n disabled: isLoading,\n })\n }\n\n // Add SSH access options\n items.push({\n key: 'create-ssh',\n label: 'Create SSH Access',\n onClick: () => onCreateSshAccess(sandbox.id),\n disabled: isLoading,\n })\n items.push({\n key: 'revoke-ssh',\n label: 'Revoke SSH Access',\n onClick: () => onRevokeSshAccess(sandbox.id),\n disabled: isLoading,\n })\n }\n\n if (deletePermitted) {\n if (items.length > 0 && (sandbox.state === SandboxState.STOPPED || sandbox.state === SandboxState.STARTED)) {\n items.push({ key: 'separator', type: 'separator' })\n }\n\n items.push({\n key: 'delete',\n label: 'Delete',\n onClick: () => onDelete(sandbox.id),\n disabled: isLoading,\n className: 'text-red-600 dark:text-red-400',\n })\n }\n\n return items\n }, [\n writePermitted,\n deletePermitted,\n sandbox.state,\n sandbox.id,\n isLoading,\n sandbox.recoverable,\n onStart,\n onStop,\n onDelete,\n onArchive,\n onVnc,\n onCreateSshAccess,\n onRevokeSshAccess,\n onRecover,\n onScreenRecordings,\n navigate,\n ])\n\n if (!writePermitted && !deletePermitted) {\n return null\n }\n\n return (\n
\n {\n e.stopPropagation()\n if (sandbox.state === SandboxState.STARTED) {\n onStop(sandbox.id)\n } else if (sandbox.state === SandboxState.ERROR && sandbox.recoverable) {\n onRecover(sandbox.id)\n } else {\n onStart(sandbox.id)\n }\n }}\n >\n {sandbox.state === SandboxState.STARTED ? (\n \n ) : sandbox.state === SandboxState.STOPPING || sandbox.state === SandboxState.STARTING ? (\n \n ) : sandbox.state === SandboxState.ERROR && sandbox.recoverable ? (\n \n ) : (\n \n )}\n \n\n {sandbox.state === SandboxState.STARTED ? (\n onOpenWebTerminal(sandbox.id)}\n >\n \n \n ) : (\n \n )}\n\n \n \n \n \n \n {menuItems.map((item) => {\n if (item.type === 'separator') {\n return \n }\n\n return (\n {\n e.stopPropagation()\n item.onClick?.()\n }}\n className={`cursor-pointer ${item.className || ''}`}\n disabled={item.disabled}\n >\n {item.label}\n \n )\n })}\n \n \n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/SandboxTableHeader.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { cn } from '@/lib/utils'\nimport {\n ArrowUpDown,\n Calendar,\n Camera,\n Check,\n Columns,\n Cpu,\n Globe,\n HardDrive,\n ListFilter,\n MemoryStick,\n RefreshCw,\n Square,\n Tag,\n} from 'lucide-react'\nimport * as React from 'react'\nimport { DebouncedInput } from '../DebouncedInput'\nimport { TableColumnVisibilityToggle } from '../TableColumnVisibilityToggle'\nimport { Button } from '../ui/button'\nimport {\n Command,\n CommandEmpty,\n CommandGroup,\n CommandInput,\n CommandInputButton,\n CommandItem,\n CommandList,\n} from '../ui/command'\nimport {\n DropdownMenu,\n DropdownMenuContent,\n DropdownMenuPortal,\n DropdownMenuSub,\n DropdownMenuSubContent,\n DropdownMenuSubTrigger,\n DropdownMenuTrigger,\n} from '../ui/dropdown-menu'\nimport { Popover, PopoverContent, PopoverTrigger } from '../ui/popover'\nimport { LabelFilter, LabelFilterIndicator } from './filters/LabelFilter'\nimport { LastEventFilter, LastEventFilterIndicator } from './filters/LastEventFilter'\nimport { RegionFilter, RegionFilterIndicator } from './filters/RegionFilter'\nimport { ResourceFilter, ResourceFilterIndicator, ResourceFilterValue } from './filters/ResourceFilter'\nimport { SnapshotFilter, SnapshotFilterIndicator } from './filters/SnapshotFilter'\nimport { StateFilter, StateFilterIndicator } from './filters/StateFilter'\nimport { SandboxTableHeaderProps } from './types'\n\nconst RESOURCE_FILTERS = [\n { type: 'cpu' as const, label: 'CPU', icon: Cpu },\n { type: 'memory' as const, label: 'Memory', icon: MemoryStick },\n { type: 'disk' as const, label: 'Disk', icon: HardDrive },\n]\n\nexport function SandboxTableHeader({\n table,\n regionOptions,\n regionsDataIsLoading,\n snapshots,\n snapshotsDataIsLoading,\n snapshotsDataHasMore,\n onChangeSnapshotSearchValue,\n onRefresh,\n isRefreshing = false,\n}: SandboxTableHeaderProps) {\n const [open, setOpen] = React.useState(false)\n const currentSort = table.getState().sorting[0]?.id || ''\n\n const sortableColumns = [\n { id: 'name', label: 'Name' },\n { id: 'state', label: 'State' },\n { id: 'snapshot', label: 'Snapshot' },\n { id: 'region', label: 'Region' },\n { id: 'lastEvent', label: 'Last Event' },\n ]\n\n return (\n
\n
\n table.getColumn('name')?.setFilterValue(value)}\n placeholder=\"Search by Name or UUID\"\n className=\"w-[240px]\"\n />\n\n \n\n \n \n \n \n \n ['name', 'id', 'labels'].includes(column.id))}\n getColumnLabel={(id: string) => {\n switch (id) {\n case 'name':\n return 'Name'\n case 'id':\n return 'UUID'\n case 'labels':\n return 'Labels'\n default:\n return id\n }\n }}\n />\n \n \n\n \n \n \n \n \n \n \n {\n table.resetSorting()\n setOpen(false)\n }}\n >\n Reset\n \n \n \n No column found.\n \n {sortableColumns.map((column) => (\n {\n const col = table.getColumn(currentValue)\n if (col) {\n col.toggleSorting(false)\n }\n setOpen(false)\n }}\n >\n \n {column.label}\n \n ))}\n \n \n \n \n \n\n \n \n \n \n \n \n \n \n State\n \n \n \n table.getColumn('state')?.setFilterValue(value)}\n />\n \n \n \n \n \n \n Snapshot\n \n \n \n table.getColumn('snapshot')?.setFilterValue(value)}\n snapshots={snapshots}\n isLoading={snapshotsDataIsLoading}\n hasMore={snapshotsDataHasMore}\n onChangeSnapshotSearchValue={onChangeSnapshotSearchValue}\n />\n \n \n \n \n \n \n Region\n \n \n \n table.getColumn('region')?.setFilterValue(value)}\n options={regionOptions}\n isLoading={regionsDataIsLoading}\n />\n \n \n \n {RESOURCE_FILTERS.map(({ type, label, icon: Icon }) => (\n \n \n \n {label}\n \n \n \n table.getColumn('resources')?.setFilterValue(value)}\n resourceType={type}\n />\n \n \n \n ))}\n \n \n \n Labels\n \n \n \n table.getColumn('labels')?.setFilterValue(value)}\n />\n \n \n \n \n \n \n Last Event\n \n \n \n table.getColumn('lastEvent')?.setFilterValue(value)}\n value={(table.getColumn('lastEvent')?.getFilterValue() as Date[]) || []}\n />\n \n \n \n \n \n
\n\n
\n {(table.getColumn('state')?.getFilterValue() as string[])?.length > 0 && (\n table.getColumn('state')?.setFilterValue(value)}\n />\n )}\n\n {(table.getColumn('snapshot')?.getFilterValue() as string[])?.length > 0 && (\n table.getColumn('snapshot')?.setFilterValue(value)}\n snapshots={snapshots}\n isLoading={snapshotsDataIsLoading}\n hasMore={snapshotsDataHasMore}\n onChangeSnapshotSearchValue={onChangeSnapshotSearchValue}\n />\n )}\n\n {(table.getColumn('region')?.getFilterValue() as string[])?.length > 0 && (\n table.getColumn('region')?.setFilterValue(value)}\n options={regionOptions}\n isLoading={regionsDataIsLoading}\n />\n )}\n\n {RESOURCE_FILTERS.map(({ type }) => {\n const resourceValue = (table.getColumn('resources')?.getFilterValue() as ResourceFilterValue)?.[type]\n return resourceValue ? (\n table.getColumn('resources')?.setFilterValue(value)}\n resourceType={type}\n />\n ) : null\n })}\n\n {(table.getColumn('labels')?.getFilterValue() as string[])?.length > 0 && (\n table.getColumn('labels')?.setFilterValue(value)}\n />\n )}\n\n {(table.getColumn('lastEvent')?.getFilterValue() as Date[])?.length > 0 && (\n table.getColumn('lastEvent')?.setFilterValue(value)}\n />\n )}\n
\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/columns.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { formatTimestamp, getRelativeTimeString } from '@/lib/utils'\nimport { Sandbox, SandboxDesiredState, SandboxState } from '@daytonaio/api-client'\nimport { ColumnDef } from '@tanstack/react-table'\nimport { ArrowDown, ArrowUp } from 'lucide-react'\nimport React from 'react'\nimport { EllipsisWithTooltip } from '../EllipsisWithTooltip'\nimport { Checkbox } from '../ui/checkbox'\nimport { Tooltip, TooltipContent, TooltipTrigger } from '../ui/tooltip'\nimport { SandboxState as SandboxStateComponent } from './SandboxState'\nimport { SandboxTableActions } from './SandboxTableActions'\n\ninterface SortableHeaderProps {\n column: any\n label: string\n dataState?: string\n}\n\nconst SortableHeader: React.FC = ({ column, label, dataState }) => {\n return (\n column.toggleSorting(column.getIsSorted() === 'asc')}\n className=\"flex items-center\"\n {...(dataState && { 'data-state': dataState })}\n >\n {label}\n {column.getIsSorted() === 'asc' ? (\n \n ) : column.getIsSorted() === 'desc' ? (\n \n ) : (\n
\n )}\n
\n )\n}\n\ninterface GetColumnsProps {\n handleStart: (id: string) => void\n handleStop: (id: string) => void\n handleDelete: (id: string) => void\n handleArchive: (id: string) => void\n handleVnc: (id: string) => void\n getWebTerminalUrl: (id: string) => Promise\n sandboxIsLoading: Record\n writePermitted: boolean\n deletePermitted: boolean\n handleCreateSshAccess: (id: string) => void\n handleRevokeSshAccess: (id: string) => void\n handleRecover: (id: string) => void\n getRegionName: (regionId: string) => string | undefined\n handleScreenRecordings: (id: string) => void\n}\n\nexport function getColumns({\n handleStart,\n handleStop,\n handleDelete,\n handleArchive,\n handleVnc,\n getWebTerminalUrl,\n sandboxIsLoading,\n writePermitted,\n deletePermitted,\n handleCreateSshAccess,\n handleRevokeSshAccess,\n handleRecover,\n getRegionName,\n handleScreenRecordings,\n}: GetColumnsProps): ColumnDef[] {\n const handleOpenWebTerminal = async (sandboxId: string) => {\n const url = await getWebTerminalUrl(sandboxId)\n if (url) {\n window.open(url, '_blank')\n }\n }\n\n const columns: ColumnDef[] = [\n {\n id: 'select',\n size: 30,\n header: ({ table }) => (\n {\n for (const row of table.getRowModel().rows) {\n if (sandboxIsLoading[row.original.id] || row.original.state === SandboxState.DESTROYED) {\n row.toggleSelected(false)\n } else {\n row.toggleSelected(!!value)\n }\n }\n }}\n aria-label=\"Select all\"\n className=\"translate-y-[2px]\"\n />\n ),\n cell: ({ row }) => {\n return (\n
\n row.toggleSelected(!!value)}\n aria-label=\"Select row\"\n onClick={(e) => e.stopPropagation()}\n className=\"translate-y-[1px]\"\n />\n
\n )\n },\n\n enableSorting: false,\n enableHiding: false,\n },\n {\n id: 'name',\n size: 320,\n enableSorting: true,\n enableHiding: true,\n header: ({ column }) => {\n return \n },\n accessorKey: 'name',\n cell: ({ row }) => {\n const displayName = getDisplayName(row.original)\n return (\n
\n {displayName}\n
\n )\n },\n },\n {\n id: 'id',\n size: 320,\n enableSorting: false,\n enableHiding: true,\n header: () => {\n return UUID\n },\n accessorKey: 'id',\n cell: ({ row }) => {\n return (\n
\n {row.original.id}\n
\n )\n },\n },\n {\n id: 'state',\n size: 140,\n enableSorting: true,\n enableHiding: false,\n header: ({ column }) => {\n return \n },\n cell: ({ row }) => (\n
\n \n
\n ),\n accessorKey: 'state',\n },\n {\n id: 'snapshot',\n size: 150,\n enableSorting: true,\n enableHiding: false,\n header: ({ column }) => {\n return \n },\n cell: ({ row }) => {\n return (\n
\n {row.original.snapshot ? (\n {row.original.snapshot}\n ) : (\n
-
\n )}\n
\n )\n },\n accessorKey: 'snapshot',\n },\n {\n id: 'region',\n size: 100,\n enableSorting: true,\n enableHiding: false,\n header: ({ column }) => {\n return \n },\n cell: ({ row }) => {\n return (\n
\n {getRegionName(row.original.target) ?? row.original.target}\n
\n )\n },\n accessorKey: 'target',\n },\n {\n id: 'resources',\n size: 190,\n enableSorting: false,\n enableHiding: false,\n header: () => {\n return Resources\n },\n cell: ({ row }) => {\n return (\n
\n
\n {row.original.cpu} vCPU\n
\n
\n
\n {row.original.memory} GiB\n
\n
\n
\n {row.original.disk} GiB\n
\n
\n )\n },\n },\n {\n id: 'labels',\n size: 110,\n enableSorting: false,\n enableHiding: true,\n header: () => {\n return Labels\n },\n cell: ({ row }) => {\n const labels = Object.entries(row.original.labels ?? {})\n .map(([key, value]) => `${key}: ${value}`)\n .join(', ')\n\n const labelCount = Object.keys(row.original.labels ?? {}).length\n return (\n \n \n {labelCount > 0 ? (\n
\n {labelCount > 0 ? (labelCount === 1 ? '1 label' : `${labelCount} labels`) : '/'}\n
\n ) : (\n
-
\n )}\n \n {labels && (\n \n

{labels}

\n \n )}\n \n )\n },\n accessorFn: (row) => Object.entries(row.labels ?? {}).map(([key, value]) => `${key}: ${value}`),\n },\n {\n id: 'lastEvent',\n size: 120,\n enableSorting: true,\n enableHiding: false,\n header: ({ column }) => {\n return \n },\n accessorFn: (row) => getLastEvent(row).date,\n cell: ({ row }) => {\n const lastEvent = getLastEvent(row.original)\n return (\n
\n {lastEvent.relativeTimeString}\n
\n )\n },\n },\n {\n id: 'createdAt',\n size: 200,\n enableSorting: true,\n enableHiding: false,\n header: ({ column }) => {\n return \n },\n cell: ({ row }) => {\n const timestamp = formatTimestamp(row.original.createdAt)\n return (\n
\n {timestamp}\n
\n )\n },\n },\n {\n id: 'actions',\n size: 100,\n enableHiding: false,\n cell: ({ row }) => (\n
\n \n
\n ),\n },\n ]\n\n return columns\n}\n\nfunction getDisplayName(sandbox: Sandbox): string {\n // If the sandbox is destroying and the name starts with \"DESTROYED_\", trim the prefix and timestamp\n if (sandbox.desiredState === SandboxDesiredState.DESTROYED && sandbox.name.startsWith('DESTROYED_')) {\n // Remove \"DESTROYED_\" prefix and everything after the last underscore (timestamp)\n const withoutPrefix = sandbox.name.substring(10) // Remove \"DESTROYED_\"\n const lastUnderscoreIndex = withoutPrefix.lastIndexOf('_')\n if (lastUnderscoreIndex !== -1) {\n return withoutPrefix.substring(0, lastUnderscoreIndex)\n }\n return withoutPrefix\n }\n return sandbox.name\n}\n\nfunction getLastEvent(sandbox: Sandbox): { date: Date; relativeTimeString: string } {\n return getRelativeTimeString(sandbox.updatedAt)\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/constants.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { SandboxState } from '@daytonaio/api-client'\nimport { CheckCircle, Circle, AlertTriangle, Timer, Archive } from 'lucide-react'\nimport { FacetedFilterOption } from './types'\n\nconst STATE_LABEL_MAPPING: Record = {\n [SandboxState.STARTED]: 'Started',\n [SandboxState.STOPPED]: 'Stopped',\n [SandboxState.ERROR]: 'Error',\n [SandboxState.BUILD_FAILED]: 'Build Failed',\n [SandboxState.BUILDING_SNAPSHOT]: 'Building Snapshot',\n [SandboxState.PENDING_BUILD]: 'Pending Build',\n [SandboxState.RESTORING]: 'Restoring',\n [SandboxState.ARCHIVED]: 'Archived',\n [SandboxState.CREATING]: 'Creating',\n [SandboxState.STARTING]: 'Starting',\n [SandboxState.STOPPING]: 'Stopping',\n [SandboxState.DESTROYING]: 'Deleting',\n [SandboxState.DESTROYED]: 'Deleted',\n [SandboxState.PULLING_SNAPSHOT]: 'Pulling Snapshot',\n [SandboxState.UNKNOWN]: 'Unknown',\n [SandboxState.ARCHIVING]: 'Archiving',\n [SandboxState.RESIZING]: 'Resizing',\n}\n\nexport const STATUSES: FacetedFilterOption[] = [\n {\n label: getStateLabel(SandboxState.STARTED),\n value: SandboxState.STARTED,\n icon: CheckCircle,\n },\n { label: getStateLabel(SandboxState.STOPPED), value: SandboxState.STOPPED, icon: Circle },\n { label: getStateLabel(SandboxState.ERROR), value: SandboxState.ERROR, icon: AlertTriangle },\n { label: getStateLabel(SandboxState.BUILD_FAILED), value: SandboxState.BUILD_FAILED, icon: AlertTriangle },\n { label: getStateLabel(SandboxState.STARTING), value: SandboxState.STARTING, icon: Timer },\n { label: getStateLabel(SandboxState.STOPPING), value: SandboxState.STOPPING, icon: Timer },\n { label: getStateLabel(SandboxState.DESTROYING), value: SandboxState.DESTROYING, icon: Timer },\n { label: getStateLabel(SandboxState.ARCHIVED), value: SandboxState.ARCHIVED, icon: Archive },\n { label: getStateLabel(SandboxState.ARCHIVING), value: SandboxState.ARCHIVING, icon: Timer },\n]\n\nexport function getStateLabel(state?: SandboxState): string {\n if (!state) {\n return 'Unknown'\n }\n return STATE_LABEL_MAPPING[state]\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/filters/LabelFilter.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Button } from '@/components/ui/button'\nimport { Input } from '@/components/ui/input'\nimport { Popover, PopoverContent, PopoverTrigger } from '@/components/ui/popover'\nimport { Tooltip, TooltipContent, TooltipTrigger } from '@/components/ui/tooltip'\nimport { Plus, Trash2, X } from 'lucide-react'\nimport { useState } from 'react'\n\ninterface LabelFilterProps {\n value: string[]\n onFilterChange: (value: string[] | undefined) => void\n}\n\nexport function LabelFilterIndicator({ value, onFilterChange }: Pick) {\n return (\n
\n \n \n Labels: {value.length} selected\n \n\n \n \n \n \n\n \n
\n )\n}\n\nexport function LabelFilter({ value, onFilterChange }: LabelFilterProps) {\n const [newKey, setNewKey] = useState('')\n const [newValue, setNewValue] = useState('')\n\n // Convert string array back to key-value pairs for display\n const labelPairs = value.map((labelString) => {\n const [key, ...valueParts] = labelString.split(': ')\n return { key: key || '', value: valueParts.join(': ') || '' }\n })\n\n const addKeyValuePair = () => {\n if (newKey.trim() && newValue.trim()) {\n const newLabelString = `${newKey.trim()}: ${newValue.trim()}`\n const updatedValue = [...value, newLabelString]\n onFilterChange(updatedValue)\n setNewKey('')\n setNewValue('')\n }\n }\n\n const removeKeyValuePair = (index: number) => {\n const updatedValue = value.filter((_, i) => i !== index)\n onFilterChange(updatedValue.length > 0 ? updatedValue : undefined)\n }\n\n const clearAll = () => {\n onFilterChange(undefined)\n }\n\n return (\n
\n {/* Header */}\n
\n

Labels

\n \n
\n\n {/* Current key-value pairs */}\n {labelPairs.length > 0 && (\n
\n
\n {labelPairs.map((pair, index) => (\n
\n
\n \n \n
\n {pair.key}\n
\n \n \n

{pair.key}

\n \n \n\n \n \n {pair.value}\n \n \n

{pair.value}

\n \n \n
\n \n
\n ))}\n
\n
\n )}\n\n {/* Add new key-value pair */}\n
\n
\n setNewKey(e.target.value)}\n className=\"h-8\"\n onKeyDown={(e) => {\n if (e.key === 'Enter' && newKey.trim() && newValue.trim()) {\n addKeyValuePair()\n }\n }}\n />\n setNewValue(e.target.value)}\n className=\"h-8\"\n onKeyDown={(e) => {\n if (e.key === 'Enter' && newKey.trim() && newValue.trim()) {\n addKeyValuePair()\n }\n }}\n />\n \n \n Add Label\n \n
\n
\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/filters/LastEventFilter.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Button } from '@/components/ui/button'\nimport { Popover, PopoverTrigger, PopoverContent } from '@/components/ui/popover'\nimport { cn } from '@/lib/utils'\nimport { Calendar } from '@/components/ui/calendar'\nimport { Label } from '@/components/ui/label'\nimport { useState } from 'react'\nimport { format } from 'date-fns'\nimport { CalendarIcon, X } from 'lucide-react'\n\ninterface LastEventFilterProps {\n value: (Date | undefined)[]\n onFilterChange: (value: (Date | undefined)[] | undefined) => void\n}\n\nexport function LastEventFilterIndicator({ value, onFilterChange }: LastEventFilterProps) {\n return (\n
\n \n \n Last Event:{' '}\n \n {value.some((d) => d !== undefined)\n ? `${value\n .filter((d): d is Date => d !== undefined)\n .map((d) => format(d, 'PPP'))\n .join(' - ')}`\n : ''}\n \n \n \n \n \n \n\n \n
\n )\n}\n\ninterface LastEventFilterContentProps {\n onFilterChange: (value: (Date | undefined)[] | undefined) => void\n value: (Date | undefined)[]\n}\n\nexport function LastEventFilter({ onFilterChange, value }: LastEventFilterContentProps) {\n const [fromDate, setFromDate] = useState(value[0])\n const [toDate, setToDate] = useState(value[1])\n\n const handleFromDateSelect = (selectedDate: Date | undefined) => {\n setFromDate(selectedDate)\n const dates = [selectedDate, toDate]\n const hasAnyDate = dates.some((date) => date !== undefined)\n onFilterChange(hasAnyDate ? dates : undefined)\n }\n\n const handleToDateSelect = (selectedDate: Date | undefined) => {\n setToDate(selectedDate)\n const dates = [fromDate, selectedDate]\n const hasAnyDate = dates.some((date) => date !== undefined)\n onFilterChange(hasAnyDate ? dates : undefined)\n }\n\n const handleClear = () => {\n setFromDate(undefined)\n setToDate(undefined)\n onFilterChange(undefined)\n }\n\n return (\n
\n
\n \n \n
\n
\n \n \n \n \n \n \n \n \n\n
\n\n \n \n \n \n \n \n \n \n
\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/filters/RegionFilter.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Command,\n CommandCheckboxItem,\n CommandEmpty,\n CommandGroup,\n CommandInput,\n CommandInputButton,\n CommandList,\n} from '@/components/ui/command'\nimport { Popover, PopoverContent, PopoverTrigger } from '@/components/ui/popover'\nimport { Loader2, X } from 'lucide-react'\nimport { FacetedFilterOption } from '../types'\n\ninterface RegionFilterProps {\n value: string[]\n onFilterChange: (value: string[] | undefined) => void\n options?: FacetedFilterOption[]\n isLoading?: boolean\n}\n\nexport function RegionFilterIndicator({ value, onFilterChange, options, isLoading }: RegionFilterProps) {\n const selectedRegionLabels = value\n .map((v) => options?.find((r) => r.value === v)?.label)\n .filter(Boolean)\n .join(', ')\n\n return (\n
\n \n \n Region:{' '}\n \n {selectedRegionLabels.length > 0 ? selectedRegionLabels : 'All'}\n \n \n\n \n \n \n \n\n \n
\n )\n}\n\nexport function RegionFilter({ value, onFilterChange, options, isLoading }: RegionFilterProps) {\n return (\n \n \n onFilterChange(undefined)}>Clear\n \n \n {isLoading ? (\n
\n \n Loading regions...\n
\n ) : (\n <>\n No regions found.\n \n {options?.map((region) => (\n {\n const newValue = value.includes(region.value)\n ? value.filter((v) => v !== region.value)\n : [...value, region.value]\n onFilterChange(newValue.length > 0 ? newValue : undefined)\n }}\n >\n {region.label}\n \n ))}\n \n \n )}\n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/filters/ResourceFilter.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Popover, PopoverTrigger, PopoverContent } from '@/components/ui/popover'\nimport { Input } from '@/components/ui/input'\nimport { Label } from '@/components/ui/label'\nimport { useMemo } from 'react'\n\nimport { X } from 'lucide-react'\n\nexport interface ResourceFilterValue {\n cpu?: { min?: number; max?: number }\n memory?: { min?: number; max?: number }\n disk?: { min?: number; max?: number }\n}\n\ninterface ResourceFilterProps {\n value: ResourceFilterValue\n onFilterChange: (value: ResourceFilterValue | undefined) => void\n resourceType?: 'cpu' | 'memory' | 'disk'\n}\n\nconst RESOURCE_CONFIG = {\n cpu: { label: 'vCPU', displayLabel: 'CPU' },\n memory: { label: 'Memory (GiB)', displayLabel: 'Memory' },\n disk: { label: 'Disk (GiB)', displayLabel: 'Disk' },\n} as const\n\nexport function ResourceFilterIndicator({ value, onFilterChange, resourceType }: ResourceFilterProps) {\n const { title, label } = useMemo(() => {\n let title = 'All'\n let label = 'Resources'\n\n if (resourceType) {\n const resourceValue = value[resourceType]\n if (resourceValue?.min || resourceValue?.max) {\n const config = RESOURCE_CONFIG[resourceType]\n const unit = resourceType === 'cpu' ? 'vCPU' : 'GiB'\n title = `${resourceValue.min ?? 'Any'} - ${resourceValue.max ?? 'Any'} ${unit}`\n label = config.displayLabel\n }\n } else {\n const filters: string[] = []\n Object.entries(RESOURCE_CONFIG).forEach(([type, config]) => {\n const resourceValue = value[type as keyof ResourceFilterValue]\n if (resourceValue?.min || resourceValue?.max) {\n const unit = type === 'cpu' ? 'vCPU' : 'GiB'\n filters.push(`${config.displayLabel}: ${resourceValue.min ?? 'any'}-${resourceValue.max ?? 'any'} ${unit}`)\n }\n })\n title = filters.length > 0 ? filters.join('; ') : 'All'\n }\n\n return { title, label }\n }, [value, resourceType])\n\n return (\n
\n \n \n {label}: {title}\n \n\n \n \n \n \n\n {\n if (resourceType) {\n const newFilterValue = { ...value }\n delete newFilterValue[resourceType]\n onFilterChange(Object.keys(newFilterValue).length > 0 ? newFilterValue : undefined)\n } else {\n onFilterChange(undefined)\n }\n }}\n >\n \n \n
\n )\n}\n\nexport function ResourceFilter({ value, onFilterChange, resourceType }: ResourceFilterProps) {\n const handleValueChange = (\n resource: keyof ResourceFilterValue,\n field: 'min' | 'max',\n newValue: number | undefined,\n ) => {\n const currentResourceValue = value[resource] || {}\n const updatedResourceValue = { ...currentResourceValue, [field]: newValue }\n\n if (newValue === undefined && !currentResourceValue.min && !currentResourceValue.max) {\n const newFilterValue = { ...value }\n delete newFilterValue[resource]\n onFilterChange(Object.keys(newFilterValue).length > 0 ? newFilterValue : undefined)\n return\n }\n\n const newFilterValue = { ...value, [resource]: updatedResourceValue }\n onFilterChange(newFilterValue)\n }\n\n const handleClear = (resource: keyof ResourceFilterValue) => {\n const newFilterValue = { ...value }\n delete newFilterValue[resource]\n onFilterChange(Object.keys(newFilterValue).length > 0 ? newFilterValue : undefined)\n }\n\n if (resourceType) {\n const config = RESOURCE_CONFIG[resourceType]\n const currentValues = value[resourceType] || {}\n\n return (\n
\n
\n \n handleClear(resourceType)}\n >\n Clear\n \n
\n
\n {\n const newValue = e.target.value ? Number(e.target.value) : undefined\n handleValueChange(resourceType, 'min', newValue)\n }}\n className=\"w-full\"\n />\n
\n {\n const newValue = e.target.value ? Number(e.target.value) : undefined\n handleValueChange(resourceType, 'max', newValue)\n }}\n className=\"w-full\"\n />\n
\n
\n )\n }\n\n return null\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/filters/SnapshotFilter.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Command,\n CommandCheckboxItem,\n CommandEmpty,\n CommandGroup,\n CommandInput,\n CommandInputButton,\n CommandList,\n} from '@/components/ui/command'\nimport { Popover, PopoverContent, PopoverTrigger } from '@/components/ui/popover'\nimport { SnapshotDto } from '@daytonaio/api-client'\nimport { Loader2, X } from 'lucide-react'\nimport { useState } from 'react'\n\ninterface SnapshotFilterProps {\n value: string[]\n onFilterChange: (value: string[] | undefined) => void\n snapshots: SnapshotDto[]\n isLoading: boolean\n hasMore?: boolean\n onChangeSnapshotSearchValue: (name?: string) => void\n}\n\nexport function SnapshotFilterIndicator({\n value,\n onFilterChange,\n snapshots,\n isLoading,\n hasMore,\n onChangeSnapshotSearchValue,\n}: SnapshotFilterProps) {\n return (\n
\n \n \n Snapshot: {value.length} selected\n \n\n \n \n \n \n\n \n
\n )\n}\n\nexport function SnapshotFilter({\n value,\n onFilterChange,\n snapshots,\n isLoading,\n hasMore,\n onChangeSnapshotSearchValue,\n}: SnapshotFilterProps) {\n const [searchValue, setSearchValue] = useState('')\n\n const handleSelect = (snapshotName: string) => {\n const newValue = value.includes(snapshotName)\n ? value.filter((name) => name !== snapshotName)\n : [...value, snapshotName]\n onFilterChange(newValue.length > 0 ? newValue : undefined)\n }\n\n const handleSearchChange = (search: string | number) => {\n const searchStr = String(search)\n setSearchValue(searchStr)\n if (onChangeSnapshotSearchValue) {\n onChangeSnapshotSearchValue(searchStr || undefined)\n }\n }\n\n return (\n \n \n {\n onFilterChange(undefined)\n setSearchValue('')\n if (onChangeSnapshotSearchValue) {\n onChangeSnapshotSearchValue(undefined)\n }\n }}\n >\n Clear\n \n \n {hasMore && (\n
\n
\n Please refine your search to see more Snapshots.\n
\n
\n )}\n \n {isLoading ? (\n
\n \n Loading Snapshots...\n
\n ) : (\n <>\n No Snapshots found.\n \n {snapshots.map((snapshot) => (\n handleSelect(snapshot.name ?? '')}\n value={snapshot.name}\n className=\"cursor-pointer\"\n checked={value.includes(snapshot.name ?? '')}\n >\n {snapshot.name}\n \n ))}\n \n \n )}\n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/filters/StateFilter.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport {\n Command,\n CommandCheckboxItem,\n CommandGroup,\n CommandInput,\n CommandInputButton,\n CommandList,\n} from '@/components/ui/command'\nimport { Popover, PopoverContent, PopoverTrigger } from '@/components/ui/popover'\nimport { SandboxState } from '@daytonaio/api-client'\nimport { X } from 'lucide-react'\nimport { STATUSES, getStateLabel } from '../constants'\n\ninterface StateFilterProps {\n value: string[]\n onFilterChange: (value: string[] | undefined) => void\n}\n\nexport function StateFilterIndicator({ value, onFilterChange }: StateFilterProps) {\n const selectedStates = value.map((v) => getStateLabel(v as SandboxState))\n return (\n
\n \n \n States:{' '}\n \n {selectedStates.length > 0\n ? selectedStates.length > 2\n ? `${selectedStates[0]}, ${selectedStates[1]}, +${selectedStates.length - 2}`\n : `${selectedStates.join(', ')}`\n : ''}\n \n \n\n \n \n \n \n\n \n
\n )\n}\n\nexport function StateFilter({ value, onFilterChange }: StateFilterProps) {\n return (\n \n \n onFilterChange(undefined)}\n >\n Clear\n \n \n\n \n \n {STATUSES.map((status) => (\n {\n const newValue = value.includes(status.value)\n ? value.filter((v) => v !== status.value)\n : [...value, status.value]\n onFilterChange(newValue.length > 0 ? newValue : undefined)\n }}\n >\n {status.label}\n \n ))}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/index.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { RoutePath } from '@/enums/RoutePath'\nimport { useSelectedOrganization } from '@/hooks/useSelectedOrganization'\nimport { cn } from '@/lib/utils'\nimport {\n filterArchivable,\n filterDeletable,\n filterStartable,\n filterStoppable,\n getBulkActionCounts,\n} from '@/lib/utils/sandbox'\nimport { OrganizationRolePermissionsEnum, Sandbox, SandboxState } from '@daytonaio/api-client'\nimport { flexRender } from '@tanstack/react-table'\nimport { Container } from 'lucide-react'\nimport { AnimatePresence } from 'motion/react'\nimport { useCallback, useMemo, useState } from 'react'\nimport { useNavigate } from 'react-router-dom'\nimport { useCommandPaletteActions } from '../CommandPalette'\nimport { Pagination } from '../Pagination'\nimport { SelectionToast } from '../SelectionToast'\nimport { TableEmptyState } from '../TableEmptyState'\nimport { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '../ui/table'\nimport { BulkAction, BulkActionAlertDialog } from './BulkActionAlertDialog'\nimport { SandboxTableHeader } from './SandboxTableHeader'\nimport { SandboxTableProps } from './types'\nimport { useSandboxCommands } from './useSandboxCommands'\nimport { useSandboxTable } from './useSandboxTable'\n\nexport function SandboxTable({\n data,\n sandboxIsLoading,\n sandboxStateIsTransitioning,\n loading,\n snapshots,\n snapshotsDataIsLoading,\n snapshotsDataHasMore,\n onChangeSnapshotSearchValue,\n regionsData,\n regionsDataIsLoading,\n getRegionName,\n handleStart,\n handleStop,\n handleDelete,\n handleBulkDelete,\n handleBulkStart,\n handleBulkStop,\n handleBulkArchive,\n handleArchive,\n handleVnc,\n getWebTerminalUrl,\n handleCreateSshAccess,\n handleRevokeSshAccess,\n handleScreenRecordings,\n handleRefresh,\n isRefreshing,\n onRowClick,\n pagination,\n pageCount,\n totalItems,\n onPaginationChange,\n sorting,\n onSortingChange,\n filters,\n onFiltersChange,\n handleRecover,\n}: SandboxTableProps) {\n const navigate = useNavigate()\n const { authenticatedUserHasPermission } = useSelectedOrganization()\n const writePermitted = authenticatedUserHasPermission(OrganizationRolePermissionsEnum.WRITE_SANDBOXES)\n const deletePermitted = authenticatedUserHasPermission(OrganizationRolePermissionsEnum.DELETE_SANDBOXES)\n\n const { table, regionOptions } = useSandboxTable({\n data,\n sandboxIsLoading,\n writePermitted,\n deletePermitted,\n handleStart,\n handleStop,\n handleDelete,\n handleArchive,\n handleVnc,\n getWebTerminalUrl,\n handleCreateSshAccess,\n handleRevokeSshAccess,\n handleScreenRecordings,\n pagination,\n pageCount,\n onPaginationChange,\n sorting,\n onSortingChange,\n filters,\n onFiltersChange,\n regionsData,\n handleRecover,\n getRegionName,\n })\n\n const [pendingBulkAction, setPendingBulkAction] = useState(null)\n\n const selectedRows = table.getRowModel().rows.filter((row) => row.getIsSelected())\n const hasSelection = selectedRows.length > 0\n const selectedCount = selectedRows.length\n const totalCount = table.getRowModel().rows.length\n const selectedSandboxes: Sandbox[] = selectedRows.map((row) => row.original)\n\n const bulkActionCounts = useMemo(() => getBulkActionCounts(selectedSandboxes), [selectedSandboxes])\n\n const handleBulkActionConfirm = () => {\n if (!pendingBulkAction) return\n\n const handlers: Record void> = {\n [BulkAction.Delete]: () => handleBulkDelete(filterDeletable(selectedSandboxes).map((s) => s.id)),\n [BulkAction.Start]: () => handleBulkStart(filterStartable(selectedSandboxes).map((s) => s.id)),\n [BulkAction.Stop]: () => handleBulkStop(filterStoppable(selectedSandboxes).map((s) => s.id)),\n [BulkAction.Archive]: () => handleBulkArchive(filterArchivable(selectedSandboxes).map((s) => s.id)),\n }\n\n handlers[pendingBulkAction]()\n setPendingBulkAction(null)\n table.toggleAllRowsSelected(false)\n }\n\n const toggleAllRowsSelected = useCallback(\n (selected: boolean) => {\n if (selected) {\n for (const row of table.getRowModel().rows) {\n const selectDisabled = sandboxIsLoading[row.original.id] || row.original.state === SandboxState.DESTROYED\n if (!selectDisabled) {\n row.toggleSelected(true)\n }\n }\n } else {\n table.toggleAllRowsSelected(selected)\n }\n },\n [sandboxIsLoading, table],\n )\n\n const selectableCount = useMemo(() => {\n return data.filter((sandbox) => !sandboxIsLoading[sandbox.id] && sandbox.state !== SandboxState.DESTROYED).length\n }, [sandboxIsLoading, data])\n\n useSandboxCommands({\n writePermitted,\n deletePermitted,\n selectedCount,\n totalCount,\n selectableCount,\n toggleAllRowsSelected,\n bulkActionCounts,\n onDelete: () => setPendingBulkAction(BulkAction.Delete),\n onStart: () => setPendingBulkAction(BulkAction.Start),\n onStop: () => setPendingBulkAction(BulkAction.Stop),\n onArchive: () => setPendingBulkAction(BulkAction.Archive),\n })\n\n const { setIsOpen } = useCommandPaletteActions()\n const handleOpenCommandPalette = () => {\n setIsOpen(true)\n }\n\n return (\n <>\n \n\n \n \n {table.getHeaderGroups().map((headerGroup) => (\n \n {headerGroup.headers.map((header) => {\n return (\n \n header.column.getCanSort() && header.column.toggleSorting(header.column.getIsSorted() === 'asc')\n }\n className={cn(\n 'sticky top-0 z-[3] border-b border-border',\n header.column.getCanSort() ? 'hover:bg-muted cursor-pointer' : '',\n )}\n style={{\n width: `${header.column.getSize()}px`,\n }}\n >\n {header.isPlaceholder ? null : flexRender(header.column.columnDef.header, header.getContext())}\n \n )\n })}\n \n ))}\n \n \n {loading ? (\n \n \n Loading...\n \n \n ) : table.getRowModel().rows?.length ? (\n table.getRowModel().rows.map((row) => (\n onRowClick?.(row.original)}\n >\n {row.getVisibleCells().map((cell) => (\n {\n if (cell.column.id === 'select' || cell.column.id === 'actions') {\n e.stopPropagation()\n }\n }}\n className={cn('border-b border-border', {\n 'group-hover/table-row:underline': cell.column.id === 'name',\n })}\n style={{\n width: `${cell.column.getSize()}px`,\n }}\n sticky={cell.column.id === 'actions' ? 'right' : undefined}\n >\n {flexRender(cell.column.columnDef.cell, cell.getContext())}\n \n ))}\n \n ))\n ) : (\n }\n description={\n
\n

Spin up a Sandbox to run code in an isolated environment.

\n

Use the Daytona SDK or CLI to create one.

\n

\n navigate(RoutePath.ONBOARDING)}\n className=\"text-primary hover:underline font-medium\"\n >\n Check out the Onboarding guide\n {' '}\n to learn more.\n

\n
\n }\n />\n )}\n \n
\n\n
\n \n\n \n {hasSelection && (\n table.resetRowSelection()}\n onActionClick={handleOpenCommandPalette}\n />\n )}\n \n
\n\n setPendingBulkAction(null)}\n />\n \n )\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/state-icons.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { SandboxState } from '@daytonaio/api-client'\nimport { Loader2 } from 'lucide-react'\n\ninterface SquareProps {\n color: string\n}\n\nfunction Square({ color }: SquareProps) {\n return (\n
\n
\n
\n )\n}\n\nexport const STATE_ICONS: Record = {\n [SandboxState.UNKNOWN]: ,\n [SandboxState.CREATING]: ,\n [SandboxState.STARTING]: ,\n [SandboxState.STARTED]: ,\n [SandboxState.STOPPING]: ,\n [SandboxState.STOPPED]: ,\n [SandboxState.DESTROYING]: ,\n [SandboxState.DESTROYED]: ,\n [SandboxState.ERROR]: ,\n [SandboxState.BUILD_FAILED]: ,\n [SandboxState.BUILDING_SNAPSHOT]: ,\n [SandboxState.PULLING_SNAPSHOT]: ,\n [SandboxState.PENDING_BUILD]: ,\n [SandboxState.ARCHIVED]: ,\n [SandboxState.ARCHIVING]: ,\n [SandboxState.RESTORING]: ,\n [SandboxState.RESIZING]: ,\n RECOVERY: ,\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/types.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { DEFAULT_SANDBOX_SORTING, SandboxFilters, SandboxSorting } from '@/hooks/useSandboxes'\nimport {\n ListSandboxesPaginatedOrderEnum,\n ListSandboxesPaginatedSortEnum,\n ListSandboxesPaginatedStatesEnum,\n Region,\n Sandbox,\n SandboxState,\n SnapshotDto,\n} from '@daytonaio/api-client'\nimport { ColumnFiltersState, SortingState, Table } from '@tanstack/react-table'\n\nexport interface SandboxTableProps {\n data: Sandbox[]\n sandboxIsLoading: Record\n sandboxStateIsTransitioning: Record\n loading: boolean\n snapshots: SnapshotDto[]\n snapshotsDataIsLoading: boolean\n snapshotsDataHasMore?: boolean\n onChangeSnapshotSearchValue: (name?: string) => void\n regionsData: Region[]\n regionsDataIsLoading: boolean\n getRegionName: (regionId: string) => string | undefined\n handleStart: (id: string) => void\n handleStop: (id: string) => void\n handleDelete: (id: string) => void\n handleBulkDelete: (ids: string[]) => void\n handleBulkStart: (ids: string[]) => void\n handleBulkStop: (ids: string[]) => void\n handleBulkArchive: (ids: string[]) => void\n handleArchive: (id: string) => void\n handleVnc: (id: string) => void\n getWebTerminalUrl: (id: string) => Promise\n handleCreateSshAccess: (id: string) => void\n handleRevokeSshAccess: (id: string) => void\n handleRefresh: () => void\n isRefreshing?: boolean\n onRowClick?: (sandbox: Sandbox) => void\n pagination: {\n pageIndex: number\n pageSize: number\n }\n pageCount: number\n totalItems: number\n onPaginationChange: (pagination: { pageIndex: number; pageSize: number }) => void\n sorting: SandboxSorting\n onSortingChange: (sorting: SandboxSorting) => void\n filters: SandboxFilters\n onFiltersChange: (filters: SandboxFilters) => void\n handleRecover: (id: string) => void\n handleScreenRecordings: (id: string) => void\n}\n\nexport interface SandboxTableActionsProps {\n sandbox: Sandbox\n writePermitted: boolean\n deletePermitted: boolean\n isLoading: boolean\n onStart: (id: string) => void\n onStop: (id: string) => void\n onDelete: (id: string) => void\n onArchive: (id: string) => void\n onVnc: (id: string) => void\n onOpenWebTerminal: (id: string) => void\n onCreateSshAccess: (id: string) => void\n onRevokeSshAccess: (id: string) => void\n onRecover: (id: string) => void\n onScreenRecordings: (id: string) => void\n}\n\nexport interface SandboxTableHeaderProps {\n table: Table\n regionOptions: FacetedFilterOption[]\n regionsDataIsLoading: boolean\n snapshots: SnapshotDto[]\n snapshotsDataIsLoading: boolean\n snapshotsDataHasMore?: boolean\n onChangeSnapshotSearchValue: (name?: string) => void\n onRefresh: () => void\n isRefreshing?: boolean\n}\n\nexport interface FacetedFilterOption {\n label: string\n value: string | SandboxState\n icon?: any\n}\n\nexport const convertTableSortingToApiSorting = (sorting: SortingState): SandboxSorting => {\n if (!sorting.length) {\n return DEFAULT_SANDBOX_SORTING\n }\n\n const sort = sorting[0]\n let field: ListSandboxesPaginatedSortEnum\n\n switch (sort.id) {\n case 'name':\n field = ListSandboxesPaginatedSortEnum.NAME\n break\n case 'state':\n field = ListSandboxesPaginatedSortEnum.STATE\n break\n case 'snapshot':\n field = ListSandboxesPaginatedSortEnum.SNAPSHOT\n break\n case 'region':\n case 'target':\n field = ListSandboxesPaginatedSortEnum.REGION\n break\n case 'lastEvent':\n case 'updatedAt':\n field = ListSandboxesPaginatedSortEnum.UPDATED_AT\n break\n case 'createdAt':\n default:\n field = ListSandboxesPaginatedSortEnum.CREATED_AT\n break\n }\n\n return {\n field,\n direction: sort.desc ? ListSandboxesPaginatedOrderEnum.DESC : ListSandboxesPaginatedOrderEnum.ASC,\n }\n}\n\nexport const convertTableFiltersToApiFilters = (columnFilters: ColumnFiltersState): SandboxFilters => {\n const filters: SandboxFilters = {}\n\n columnFilters.forEach((filter) => {\n switch (filter.id) {\n case 'name':\n if (filter.value && typeof filter.value === 'string') {\n filters.idOrName = filter.value\n }\n break\n case 'state':\n if (Array.isArray(filter.value) && filter.value.length > 0) {\n filters.states = filter.value as ListSandboxesPaginatedStatesEnum[]\n }\n break\n case 'snapshot':\n if (Array.isArray(filter.value) && filter.value.length > 0) {\n filters.snapshots = filter.value as string[]\n }\n break\n case 'region':\n case 'target':\n if (Array.isArray(filter.value) && filter.value.length > 0) {\n filters.regions = filter.value as string[]\n }\n break\n case 'labels':\n if (Array.isArray(filter.value) && filter.value.length > 0) {\n const labelObj: Record = {}\n filter.value.forEach((label: string) => {\n const [key, value] = label.split(': ')\n if (key && value) {\n labelObj[key] = value\n }\n })\n if (Object.keys(labelObj).length > 0) {\n filters.labels = labelObj\n }\n }\n break\n case 'resources':\n if (filter.value && typeof filter.value === 'object') {\n const resourceValue = filter.value as {\n cpu?: { min?: number; max?: number }\n memory?: { min?: number; max?: number }\n disk?: { min?: number; max?: number }\n }\n\n if (resourceValue.cpu?.min !== undefined) {\n filters.minCpu = resourceValue.cpu.min\n }\n if (resourceValue.cpu?.max !== undefined) {\n filters.maxCpu = resourceValue.cpu.max\n }\n if (resourceValue.memory?.min !== undefined) {\n filters.minMemoryGiB = resourceValue.memory.min\n }\n if (resourceValue.memory?.max !== undefined) {\n filters.maxMemoryGiB = resourceValue.memory.max\n }\n if (resourceValue.disk?.min !== undefined) {\n filters.minDiskGiB = resourceValue.disk.min\n }\n if (resourceValue.disk?.max !== undefined) {\n filters.maxDiskGiB = resourceValue.disk.max\n }\n }\n break\n case 'lastEvent':\n if (Array.isArray(filter.value) && filter.value.length > 0) {\n const dateRange = filter.value as (Date | undefined)[]\n if (dateRange[0]) {\n filters.lastEventAfter = dateRange[0]\n }\n if (dateRange[1]) {\n filters.lastEventBefore = dateRange[1]\n }\n }\n break\n }\n })\n\n return filters\n}\n\nexport const convertApiSortingToTableSorting = (sorting: SandboxSorting): SortingState => {\n if (!sorting.field || !sorting.direction) {\n return [{ id: 'lastEvent', desc: true }]\n }\n\n let id: string\n switch (sorting.field) {\n case ListSandboxesPaginatedSortEnum.NAME:\n id = 'name'\n break\n case ListSandboxesPaginatedSortEnum.STATE:\n id = 'state'\n break\n case ListSandboxesPaginatedSortEnum.SNAPSHOT:\n id = 'snapshot'\n break\n case ListSandboxesPaginatedSortEnum.REGION:\n id = 'region'\n break\n case ListSandboxesPaginatedSortEnum.UPDATED_AT:\n id = 'lastEvent'\n break\n case ListSandboxesPaginatedSortEnum.CREATED_AT:\n default:\n id = 'createdAt'\n break\n }\n\n return [{ id, desc: sorting.direction === ListSandboxesPaginatedOrderEnum.DESC }]\n}\n\nexport const convertApiFiltersToTableFilters = (filters: SandboxFilters): ColumnFiltersState => {\n const columnFilters: ColumnFiltersState = []\n\n if (filters.idOrName) {\n columnFilters.push({ id: 'name', value: filters.idOrName })\n }\n\n if (filters.states && filters.states.length > 0) {\n columnFilters.push({ id: 'state', value: filters.states })\n }\n\n if (filters.snapshots && filters.snapshots.length > 0) {\n columnFilters.push({ id: 'snapshot', value: filters.snapshots })\n }\n\n if (filters.regions && filters.regions.length > 0) {\n columnFilters.push({ id: 'region', value: filters.regions })\n }\n\n if (filters.labels && Object.keys(filters.labels).length > 0) {\n const labelArray = Object.entries(filters.labels).map(([key, value]) => `${key}: ${value}`)\n columnFilters.push({ id: 'labels', value: labelArray })\n }\n\n // Convert resource filters back to table format\n const resourceValue: {\n cpu?: { min?: number; max?: number }\n memory?: { min?: number; max?: number }\n disk?: { min?: number; max?: number }\n } = {}\n\n if (filters.minCpu !== undefined || filters.maxCpu !== undefined) {\n resourceValue.cpu = {}\n if (filters.minCpu !== undefined) resourceValue.cpu.min = filters.minCpu\n if (filters.maxCpu !== undefined) resourceValue.cpu.max = filters.maxCpu\n }\n\n if (filters.minMemoryGiB !== undefined || filters.maxMemoryGiB !== undefined) {\n resourceValue.memory = {}\n if (filters.minMemoryGiB !== undefined) resourceValue.memory.min = filters.minMemoryGiB\n if (filters.maxMemoryGiB !== undefined) resourceValue.memory.max = filters.maxMemoryGiB\n }\n\n if (filters.minDiskGiB !== undefined || filters.maxDiskGiB !== undefined) {\n resourceValue.disk = {}\n if (filters.minDiskGiB !== undefined) resourceValue.disk.min = filters.minDiskGiB\n if (filters.maxDiskGiB !== undefined) resourceValue.disk.max = filters.maxDiskGiB\n }\n\n if (Object.keys(resourceValue).length > 0) {\n columnFilters.push({ id: 'resources', value: resourceValue })\n }\n\n // Convert date range filters back to table format\n if (filters.lastEventAfter || filters.lastEventBefore) {\n const dateRange: (Date | undefined)[] = [undefined, undefined]\n if (filters.lastEventAfter) dateRange[0] = filters.lastEventAfter\n if (filters.lastEventBefore) dateRange[1] = filters.lastEventBefore\n columnFilters.push({ id: 'lastEvent', value: dateRange })\n }\n\n return columnFilters\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/useSandboxCommands.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { pluralize } from '@/lib/utils'\nimport { BulkActionCounts } from '@/lib/utils/sandbox'\nimport { ArchiveIcon, CheckSquare2Icon, MinusSquareIcon, PlayIcon, SquareIcon, TrashIcon } from 'lucide-react'\nimport { useMemo } from 'react'\nimport { CommandConfig, useRegisterCommands } from '../CommandPalette'\n\ninterface UseSandboxCommandsProps {\n writePermitted: boolean\n deletePermitted: boolean\n selectedCount: number\n totalCount: number\n selectableCount: number\n toggleAllRowsSelected: (selected: boolean) => void\n bulkActionCounts: BulkActionCounts\n onDelete: () => void\n onStart: () => void\n onStop: () => void\n onArchive: () => void\n}\n\nexport function useSandboxCommands({\n writePermitted,\n deletePermitted,\n selectedCount,\n selectableCount,\n totalCount,\n toggleAllRowsSelected,\n bulkActionCounts,\n onDelete,\n onStart,\n onStop,\n onArchive,\n}: UseSandboxCommandsProps) {\n const rootCommands: CommandConfig[] = useMemo(() => {\n const commands: CommandConfig[] = []\n\n if (selectableCount !== selectedCount) {\n commands.push({\n id: 'select-all-sandboxes',\n label: 'Select All Sandboxes',\n icon: ,\n onSelect: () => toggleAllRowsSelected(true),\n chainable: true,\n })\n }\n\n if (selectedCount > 0) {\n commands.push({\n id: 'deselect-all-sandboxes',\n label: 'Deselect All Sandboxes',\n icon: ,\n onSelect: () => toggleAllRowsSelected(false),\n chainable: true,\n })\n }\n\n if (writePermitted && bulkActionCounts.startable > 0) {\n commands.push({\n id: 'start-sandboxes',\n label: `Start ${pluralize(bulkActionCounts.startable, 'Sandbox', 'Sandboxes')}`,\n icon: ,\n onSelect: onStart,\n })\n }\n\n if (writePermitted && bulkActionCounts.stoppable > 0) {\n commands.push({\n id: 'stop-sandboxes',\n label: `Stop ${pluralize(bulkActionCounts.stoppable, 'Sandbox', 'Sandboxes')}`,\n icon: ,\n onSelect: onStop,\n })\n }\n\n if (writePermitted && bulkActionCounts.archivable > 0) {\n commands.push({\n id: 'archive-sandboxes',\n label: `Archive ${pluralize(bulkActionCounts.archivable, 'Sandbox', 'Sandboxes')}`,\n icon: ,\n onSelect: onArchive,\n })\n }\n\n if (deletePermitted && bulkActionCounts.deletable > 0) {\n commands.push({\n id: 'delete-sandboxes',\n label: `Delete ${pluralize(bulkActionCounts.deletable, 'Sandbox', 'Sandboxes')}`,\n icon: ,\n onSelect: onDelete,\n })\n }\n\n return commands\n }, [\n selectedCount,\n selectableCount,\n toggleAllRowsSelected,\n writePermitted,\n deletePermitted,\n bulkActionCounts,\n onDelete,\n onStart,\n onStop,\n onArchive,\n ])\n\n useRegisterCommands(rootCommands, { groupId: 'sandbox-actions', groupLabel: 'Sandbox actions', groupOrder: 0 })\n}\n" }, { "path": "apps/dashboard/src/components/SandboxTable/useSandboxTable.ts", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Sandbox, Region } from '@daytonaio/api-client'\nimport {\n useReactTable,\n getCoreRowModel,\n getFacetedRowModel,\n getFacetedUniqueValues,\n getPaginationRowModel,\n VisibilityState,\n} from '@tanstack/react-table'\nimport { useMemo, useState, useEffect } from 'react'\nimport { FacetedFilterOption } from './types'\nimport { getColumns } from './columns'\nimport {\n convertApiSortingToTableSorting,\n convertApiFiltersToTableFilters,\n convertTableSortingToApiSorting,\n convertTableFiltersToApiFilters,\n} from './types'\nimport { SandboxFilters, SandboxSorting } from '@/hooks/useSandboxes'\nimport { LocalStorageKey } from '@/enums/LocalStorageKey'\nimport { getLocalStorageItem, setLocalStorageItem } from '@/lib/local-storage'\nimport { getRegionFullDisplayName } from '@/lib/utils'\n\ninterface UseSandboxTableProps {\n data: Sandbox[]\n sandboxIsLoading: Record\n writePermitted: boolean\n deletePermitted: boolean\n handleStart: (id: string) => void\n handleStop: (id: string) => void\n handleDelete: (id: string) => void\n handleArchive: (id: string) => void\n handleVnc: (id: string) => void\n getWebTerminalUrl: (id: string) => Promise\n handleCreateSshAccess: (id: string) => void\n handleRevokeSshAccess: (id: string) => void\n handleScreenRecordings: (id: string) => void\n pagination: {\n pageIndex: number\n pageSize: number\n }\n pageCount: number\n onPaginationChange: (pagination: { pageIndex: number; pageSize: number }) => void\n sorting: SandboxSorting\n onSortingChange: (sorting: SandboxSorting) => void\n filters: SandboxFilters\n onFiltersChange: (filters: SandboxFilters) => void\n regionsData: Region[]\n handleRecover: (id: string) => void\n getRegionName: (regionId: string) => string | undefined\n}\n\nexport function useSandboxTable({\n data,\n sandboxIsLoading,\n writePermitted,\n deletePermitted,\n handleStart,\n handleStop,\n handleDelete,\n handleArchive,\n handleVnc,\n getWebTerminalUrl,\n handleCreateSshAccess,\n handleRevokeSshAccess,\n handleScreenRecordings,\n pagination,\n pageCount,\n onPaginationChange,\n sorting,\n onSortingChange,\n filters,\n onFiltersChange,\n regionsData,\n handleRecover,\n getRegionName,\n}: UseSandboxTableProps) {\n // Column visibility state management with persistence\n const [columnVisibility, setColumnVisibility] = useState(() => {\n const saved = getLocalStorageItem(LocalStorageKey.SandboxTableColumnVisibility)\n if (saved) {\n try {\n return JSON.parse(saved)\n } catch {\n return { id: false, labels: false }\n }\n }\n return { id: false, labels: false }\n })\n\n useEffect(() => {\n setLocalStorageItem(LocalStorageKey.SandboxTableColumnVisibility, JSON.stringify(columnVisibility))\n }, [columnVisibility])\n\n // Convert API sorting and filters to table format for internal use\n const tableSorting = useMemo(() => convertApiSortingToTableSorting(sorting), [sorting])\n const tableFilters = useMemo(() => convertApiFiltersToTableFilters(filters), [filters])\n\n const regionOptions: FacetedFilterOption[] = useMemo(() => {\n return regionsData.map((region) => ({\n label: getRegionFullDisplayName(region),\n value: region.id,\n }))\n }, [regionsData])\n\n const columns = useMemo(\n () =>\n getColumns({\n handleStart,\n handleStop,\n handleDelete,\n handleArchive,\n handleVnc,\n getWebTerminalUrl,\n sandboxIsLoading,\n writePermitted,\n deletePermitted,\n handleCreateSshAccess,\n handleRevokeSshAccess,\n handleRecover,\n getRegionName,\n handleScreenRecordings,\n }),\n [\n handleStart,\n handleStop,\n handleDelete,\n handleArchive,\n handleVnc,\n getWebTerminalUrl,\n sandboxIsLoading,\n writePermitted,\n deletePermitted,\n handleCreateSshAccess,\n handleRevokeSshAccess,\n handleRecover,\n getRegionName,\n handleScreenRecordings,\n ],\n )\n\n const table = useReactTable({\n data,\n columns,\n manualFiltering: true,\n onColumnFiltersChange: (updater) => {\n const newTableFilters = typeof updater === 'function' ? updater(table.getState().columnFilters) : updater\n const newApiFilters = convertTableFiltersToApiFilters(newTableFilters)\n onFiltersChange(newApiFilters)\n },\n getCoreRowModel: getCoreRowModel(),\n manualSorting: true,\n onSortingChange: (updater) => {\n const newTableSorting = typeof updater === 'function' ? updater(table.getState().sorting) : updater\n const newApiSorting = convertTableSortingToApiSorting(newTableSorting)\n onSortingChange(newApiSorting)\n },\n getFacetedRowModel: getFacetedRowModel(),\n getFacetedUniqueValues: getFacetedUniqueValues(),\n manualPagination: true,\n pageCount: pageCount,\n onPaginationChange: (updater) => {\n const newPagination = typeof updater === 'function' ? updater(table.getState().pagination) : updater\n onPaginationChange(newPagination)\n },\n getPaginationRowModel: getPaginationRowModel(),\n state: {\n sorting: tableSorting,\n columnFilters: tableFilters,\n columnVisibility,\n pagination: {\n pageIndex: pagination.pageIndex,\n pageSize: pagination.pageSize,\n },\n },\n onColumnVisibilityChange: setColumnVisibility,\n defaultColumn: {\n size: 100,\n },\n enableRowSelection: deletePermitted,\n getRowId: (row) => row.id,\n })\n\n return {\n table,\n regionOptions,\n }\n}\n" }, { "path": "apps/dashboard/src/components/SelectionToast.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Button } from '@/components/ui/button'\nimport { Separator } from '@/components/ui/separator'\nimport { cn, pluralize } from '@/lib/utils'\nimport { CommandIcon, XIcon } from 'lucide-react'\nimport { motion } from 'motion/react'\n\nexport function SelectionToast({\n className,\n selectedCount,\n onClearSelection,\n onActionClick,\n}: {\n className?: string\n selectedCount: number\n onActionClick: () => void\n onClearSelection: () => void\n}) {\n return (\n \n
\n
\n
\n {pluralize(selectedCount, 'item', 'items')} selected\n
\n \n
\n \n\n \n
\n \n )\n}\n" }, { "path": "apps/dashboard/src/components/Sidebar.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Logo, LogoText } from '@/assets/Logo'\nimport { OrganizationPicker } from '@/components/Organizations/OrganizationPicker'\nimport {\n Sidebar as SidebarComponent,\n SidebarContent,\n SidebarFooter,\n SidebarGroup,\n SidebarGroupContent,\n SidebarHeader,\n SidebarMenu,\n SidebarMenuButton,\n SidebarMenuItem,\n SidebarSeparator,\n SidebarTrigger,\n useSidebar,\n} from '@/components/ui/sidebar'\nimport { DAYTONA_DOCS_URL, DAYTONA_SLACK_URL } from '@/constants/ExternalLinks'\nimport { useTheme } from '@/contexts/ThemeContext'\nimport { FeatureFlags } from '@/enums/FeatureFlags'\nimport { RoutePath } from '@/enums/RoutePath'\nimport { useWebhookAppPortalAccessQuery } from '@/hooks/queries/useWebhookAppPortalAccessQuery'\nimport { useConfig } from '@/hooks/useConfig'\nimport { useSelectedOrganization } from '@/hooks/useSelectedOrganization'\nimport { useUserOrganizationInvitations } from '@/hooks/useUserOrganizationInvitations'\nimport { useWebhooks } from '@/hooks/useWebhooks'\nimport { cn, getMetaKey } from '@/lib/utils'\nimport { usePylon, usePylonCommands } from '@/vendor/pylon'\nimport { OrganizationRolePermissionsEnum, OrganizationUserRoleEnum } from '@daytonaio/api-client'\nimport {\n ArrowRightIcon,\n BookOpen,\n Box,\n ChartColumn,\n ChevronsUpDown,\n Container,\n CreditCard,\n FlaskConical,\n HardDrive,\n Joystick,\n KeyRound,\n LifeBuoyIcon,\n ListChecks,\n LockKeyhole,\n LogOut,\n Mail,\n MapPinned,\n MoonIcon,\n PackageOpen,\n SearchIcon,\n Server,\n Settings,\n Slack,\n SquareUserRound,\n SunIcon,\n TextSearch,\n Users,\n} from 'lucide-react'\nimport { useFeatureFlagEnabled, usePostHog } from 'posthog-js/react'\nimport React, { useMemo } from 'react'\nimport { useAuth } from 'react-oidc-context'\nimport { Link, useLocation, useNavigate } from 'react-router-dom'\nimport { CommandConfig, useCommandPaletteActions, useRegisterCommands } from './CommandPalette'\nimport {\n DropdownMenu,\n DropdownMenuContent,\n DropdownMenuItem,\n DropdownMenuSeparator,\n DropdownMenuTrigger,\n} from './ui/dropdown-menu'\nimport { Kbd } from './ui/kbd'\nimport { ScrollArea } from './ui/scroll-area'\n\ninterface SidebarProps {\n isBannerVisible: boolean\n billingEnabled: boolean\n version: string\n}\n\ninterface SidebarItem {\n icon: React.ReactElement\n label: string\n path: RoutePath | string\n onClick?: () => void\n}\n\nconst useNavCommands = (items: { label: string; path: RoutePath | string; onClick?: () => void }[]) => {\n const { pathname } = useLocation()\n const navigate = useNavigate()\n\n const navCommands: CommandConfig[] = useMemo(\n () =>\n items\n .filter((item) => item.path !== pathname)\n .map((item) => ({\n id: `nav-${item.path}`,\n label: `Go to ${item.label}`,\n icon: ,\n onSelect: () => navigate(item.path),\n })),\n [pathname, navigate, items],\n )\n\n useRegisterCommands(navCommands, { groupId: 'navigation', groupLabel: 'Navigation', groupOrder: 1 })\n}\n\nexport function Sidebar({ isBannerVisible, billingEnabled, version }: SidebarProps) {\n const posthog = usePostHog()\n const config = useConfig()\n const { theme, setTheme } = useTheme()\n const { user, signoutRedirect } = useAuth()\n const { pathname } = useLocation()\n const sidebar = useSidebar()\n const { selectedOrganization, authenticatedUserOrganizationMember, authenticatedUserHasPermission } =\n useSelectedOrganization()\n const { count: organizationInvitationsCount } = useUserOrganizationInvitations()\n const { isInitialized: webhooksInitialized } = useWebhooks()\n const webhooksAccess = useWebhookAppPortalAccessQuery(selectedOrganization?.id)\n const orgInfraEnabled = useFeatureFlagEnabled(FeatureFlags.ORGANIZATION_INFRASTRUCTURE)\n const organizationExperimentsEnabled = useFeatureFlagEnabled(FeatureFlags.ORGANIZATION_EXPERIMENTS)\n const playgroundEnabled = useFeatureFlagEnabled(FeatureFlags.DASHBOARD_PLAYGROUND)\n const webhooksEnabled = useFeatureFlagEnabled(FeatureFlags.DASHBOARD_WEBHOOKS)\n\n const sidebarItems = useMemo(() => {\n const arr: SidebarItem[] = [\n {\n icon: ,\n label: 'Sandboxes',\n path: RoutePath.SANDBOXES,\n },\n {\n icon: ,\n label: 'Snapshots',\n path: RoutePath.SNAPSHOTS,\n },\n {\n icon: ,\n label: 'Registries',\n path: RoutePath.REGISTRIES,\n },\n ]\n if (authenticatedUserHasPermission(OrganizationRolePermissionsEnum.READ_VOLUMES)) {\n arr.push({\n icon: ,\n label: 'Volumes',\n path: RoutePath.VOLUMES,\n })\n }\n\n if (authenticatedUserHasPermission(OrganizationRolePermissionsEnum.READ_AUDIT_LOGS)) {\n arr.push({\n icon: ,\n label: 'Audit Logs',\n path: RoutePath.AUDIT_LOGS,\n })\n }\n\n return arr\n }, [authenticatedUserHasPermission])\n\n const settingsItems = useMemo(() => {\n const arr: SidebarItem[] = [\n {\n icon: ,\n label: 'Settings',\n path: RoutePath.SETTINGS,\n },\n { icon: , label: 'API Keys', path: RoutePath.KEYS },\n ]\n\n // Add Webhooks link if webhooks are initialized\n if (webhooksInitialized) {\n if (webhooksEnabled) {\n arr.push({\n icon: ,\n label: 'Webhooks',\n path: RoutePath.WEBHOOKS,\n })\n } else {\n arr.push({\n icon: ,\n label: 'Webhooks',\n path: '#webhooks' as any, // This will be handled by onClick\n onClick: () => {\n window.open(webhooksAccess.data?.url, '_blank', 'noopener,noreferrer')\n },\n })\n }\n }\n\n if (authenticatedUserOrganizationMember?.role === OrganizationUserRoleEnum.OWNER) {\n arr.push({\n icon: ,\n label: 'Limits',\n path: RoutePath.LIMITS,\n })\n }\n if (!selectedOrganization?.personal) {\n arr.push({\n icon: ,\n label: 'Members',\n path: RoutePath.MEMBERS,\n })\n // TODO: uncomment when we allow creating custom roles\n // if (authenticatedUserOrganizationMember?.role === OrganizationUserRoleEnum.OWNER) {\n // arr.push({ icon: , label: 'Roles', path: RoutePath.ROLES })\n // }\n }\n\n return arr\n }, [\n authenticatedUserOrganizationMember?.role,\n selectedOrganization?.personal,\n webhooksInitialized,\n webhooksAccess.data?.url,\n webhooksEnabled,\n ])\n\n const experimentalItems = useMemo(() => {\n const arr: SidebarItem[] = []\n\n if (\n organizationExperimentsEnabled &&\n authenticatedUserOrganizationMember?.role === OrganizationUserRoleEnum.OWNER\n ) {\n arr.push({\n icon: ,\n label: 'Experimental',\n path: RoutePath.EXPERIMENTAL,\n })\n }\n return arr\n }, [organizationExperimentsEnabled, authenticatedUserOrganizationMember?.role])\n\n const billingItems = useMemo(() => {\n if (!billingEnabled || authenticatedUserOrganizationMember?.role !== OrganizationUserRoleEnum.OWNER) {\n return []\n }\n\n return [\n {\n icon: ,\n label: 'Spending',\n path: RoutePath.BILLING_SPENDING,\n },\n {\n icon: ,\n label: 'Wallet',\n path: RoutePath.BILLING_WALLET,\n },\n ]\n }, [billingEnabled, authenticatedUserOrganizationMember?.role])\n\n const infrastructureItems = useMemo(() => {\n if (!orgInfraEnabled) {\n return []\n }\n\n const arr = [\n {\n icon: ,\n label: 'Regions',\n path: RoutePath.REGIONS,\n },\n ]\n\n if (authenticatedUserHasPermission(OrganizationRolePermissionsEnum.READ_RUNNERS)) {\n arr.push({\n icon: ,\n label: 'Runners',\n path: RoutePath.RUNNERS,\n })\n }\n\n return arr\n }, [authenticatedUserHasPermission, orgInfraEnabled])\n\n const handleSignOut = () => {\n posthog?.reset()\n signoutRedirect()\n }\n\n const miscItems = useMemo(() => {\n if (!playgroundEnabled) {\n return []\n }\n\n return [\n playgroundEnabled && {\n icon: ,\n label: 'Playground',\n path: RoutePath.PLAYGROUND,\n },\n ]\n }, [playgroundEnabled])\n\n const sidebarGroups: { label: string; items: SidebarItem[] }[] = useMemo(() => {\n return [\n { label: 'Sandboxes', items: sidebarItems },\n {\n label: 'Misc',\n items: miscItems,\n },\n { label: 'Settings', items: settingsItems },\n { label: 'Billing', items: billingItems },\n { label: 'Infrastructure', items: infrastructureItems },\n { label: 'Experimental', items: experimentalItems },\n ].filter((group) => group.items.length > 0)\n }, [sidebarItems, settingsItems, billingItems, infrastructureItems, experimentalItems, miscItems])\n\n const commandItems = useMemo(() => {\n return sidebarGroups\n .flatMap((group) => group.items)\n .concat(\n {\n path: RoutePath.ACCOUNT_SETTINGS,\n label: 'Account Settings',\n icon: ,\n },\n {\n path: RoutePath.USER_INVITATIONS,\n label: 'Invitations',\n icon: ,\n },\n {\n path: RoutePath.ONBOARDING,\n label: 'Onboarding',\n icon: ,\n },\n )\n }, [sidebarGroups])\n\n const { unreadCount: pylonUnreadCount, toggle: togglePylon, isEnabled: pylonEnabled } = usePylon()\n usePylonCommands()\n\n const commandPaletteActions = useCommandPaletteActions()\n\n useNavCommands(commandItems)\n\n const metaKey = getMetaKey()\n\n return (\n \n \n \n
\n \n \n
\n \n
\n \n \n \n commandPaletteActions.setIsOpen(true)}\n >\n \n Search\n \n {metaKey} K\n \n \n \n \n \n \n {sidebarGroups.map((group, i) => (\n \n {i > 0 && }\n \n \n \n {group.items.map((item) => (\n \n \n {item.onClick ? (\n \n ) : (\n \n {item.icon}\n {item.label}\n \n )}\n \n \n ))}\n \n \n \n \n ))}\n \n \n \n \n {pylonEnabled && (\n \n {\n togglePylon()\n }}\n >\n \n Support\n {pylonUnreadCount > 0 && (\n
\n
\n
\n )}\n \n \n )}\n \n \n \n \n Slack\n \n \n \n \n \n \n \n Docs\n \n \n \n \n \n \n \n {user?.profile.picture ? (\n \n ) : (\n \n )}\n
\n {user?.profile.name || ''}\n {user?.profile.email || ''}\n
\n \n \n \n \n \n \n \n Account Settings\n \n \n setTheme(theme === 'dark' ? 'light' : 'dark')}\n >\n {theme === 'dark' ? : }\n {theme === 'dark' ? 'Light mode' : 'Dark mode'}\n \n \n \n \n \n Invitations\n {organizationInvitationsCount > 0 && (\n \n {organizationInvitationsCount}\n \n )}\n \n \n \n \n \n Onboarding\n \n \n \n \n \n Sign out\n \n \n \n \n \n \n {sidebar.open && Version {version}}\n
\n \n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/SortIcon.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { cn } from '@/lib/utils'\nimport { AnimatePresence, motion } from 'framer-motion'\nimport { ArrowDownIcon, ArrowUpDownIcon, ArrowUpIcon } from 'lucide-react'\n\ninterface Props {\n sort: 'asc' | 'desc' | null\n hideDefaultState?: boolean\n className?: string\n}\n\nconst motionProps = {\n initial: { opacity: 0, y: 6 },\n animate: { opacity: 1, y: 0 },\n exit: { opacity: 0, y: -6 },\n transition: { duration: 0.15 },\n}\n\nconst PlaceholderIcon = () => \n\nexport const SortOrderIcon = ({ hideDefaultState = false, sort, className }: Props) => {\n const Icon =\n sort === 'asc'\n ? ArrowUpIcon\n : sort === 'desc'\n ? ArrowDownIcon\n : hideDefaultState\n ? PlaceholderIcon\n : ArrowUpDownIcon\n\n return (\n \n \n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/TableColumnVisibilityToggle.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport type { Column } from '@tanstack/react-table'\nimport { Command, CommandCheckboxItem, CommandGroup, CommandList } from './ui/command'\n\ninterface TableColumnVisibilityToggleProps {\n columns: Column[]\n getColumnLabel: (id: string) => string\n}\n\nexport function TableColumnVisibilityToggle({ columns, getColumnLabel }: TableColumnVisibilityToggleProps) {\n return (\n \n \n \n {columns\n .filter((column) => column.getCanHide())\n .map((column) => {\n return (\n column.toggleVisibility()}\n >\n {getColumnLabel(column.id)}\n \n )\n })}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/TableEmptyState.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { TableRow, TableCell } from './ui/table'\n\ninterface TableEmptyStateProps {\n /**\n * The number of columns in the table (used for colSpan)\n */\n colSpan: number\n /**\n * The message to display when no data is found\n */\n message: string\n /**\n * Optional icon to display above the message\n */\n icon?: React.ReactNode\n /**\n * Optional description text to display below the main message\n */\n description?: React.ReactNode\n /**\n * Additional CSS classes for the container\n */\n className?: string\n}\n\nexport function TableEmptyState({ colSpan, message, icon, description, className = '' }: TableEmptyStateProps) {\n return (\n \n \n
\n {icon &&
{icon}
}\n

{message}

\n {description &&
{description}
}\n
\n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/TierComparisonTable.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ComparisonSection, ComparisonTable } from './ComparisonTable'\n\nimport { OrganizationTier, Tier } from '@/billing-api'\nimport { TIER_RATE_LIMITS } from '@/constants/limits'\nimport { Skeleton } from './ui/skeleton'\n\nexport function TierComparisonTableSkeleton() {\n return (\n
\n {Array.from({ length: 5 }).map((_, index) => (\n \n ))}\n
\n )\n}\n\nexport function TierComparisonTable({\n tiers,\n currentTier,\n className,\n}: {\n tiers: Tier[]\n currentTier?: OrganizationTier | null\n className?: string\n}) {\n return (\n \n )\n}\n\nfunction buildTierComparisonTableData(tiers: Tier[]): ComparisonSection[] {\n return [\n {\n id: 'tiers',\n title: 'Tiers',\n rows: tiers\n .map((tier) => {\n return {\n label: {tier.tier},\n values: [\n `${tier.tierLimit.concurrentCPU}`,\n `${tier.tierLimit.concurrentRAMGiB}`,\n `${tier.tierLimit.concurrentDiskGiB}`,\n `${TIER_RATE_LIMITS[tier.tier]?.authenticatedRateLimit.toLocaleString() || '-'}`,\n `${TIER_RATE_LIMITS[tier.tier]?.sandboxCreateRateLimit.toLocaleString() || '-'}`,\n `${TIER_RATE_LIMITS[tier.tier]?.sandboxLifecycleRateLimit.toLocaleString() || '-'}`,\n ],\n }\n })\n .concat({\n label: Enterprise,\n values: Array(6).fill('Custom'),\n }),\n },\n ]\n}\n" }, { "path": "apps/dashboard/src/components/TierUpgradeCard.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { OrganizationTier, Tier } from '@/billing-api'\nimport { Button } from '@/components/ui/button'\nimport { Card, CardContent } from '@/components/ui/card'\nimport { RoutePath } from '@/enums/RoutePath'\nimport { useDowngradeTierMutation } from '@/hooks/mutations/useDowngradeTierMutation'\nimport { useUpgradeTierMutation } from '@/hooks/mutations/useUpgradeTierMutation'\nimport { handleApiError } from '@/lib/error-handling'\nimport { cn } from '@/lib/utils'\nimport { Organization } from '@daytonaio/api-client/src'\nimport { CheckIcon, ExternalLinkIcon, Loader2 } from 'lucide-react'\nimport { useMemo } from 'react'\nimport { Link } from 'react-router-dom'\nimport { toast } from 'sonner'\n\ninterface Props {\n tiers: Tier[]\n organizationTier?: OrganizationTier | null\n organization: Organization\n requirementsState: {\n emailVerified: boolean\n creditCardLinked: boolean\n }\n}\n\nexport function TierUpgradeCard({ tiers, organizationTier, requirementsState, organization }: Props) {\n const { currentTier, previousTier, nextTier } = useMemo(() => {\n const targetTiers: { currentTier?: Tier; previousTier?: Tier; nextTier?: Tier } = {}\n for (const tier of tiers) {\n if (tier.tier === organizationTier?.tier) {\n targetTiers.currentTier = tier\n }\n if (tier.tier < (organizationTier?.tier || 0)) {\n targetTiers.previousTier = tier\n }\n if (tier.tier > (organizationTier?.tier || 0) && !targetTiers.nextTier) {\n targetTiers.nextTier = tier\n }\n }\n return targetTiers\n }, [tiers, organizationTier])\n\n const requirements = getTierRequirementItems(requirementsState, organizationTier, nextTier)\n\n const canUpgrade = requirements.length > 0 && requirements.every((requirement) => requirement.isChecked)\n\n const downgradeTier = useDowngradeTierMutation()\n const upgradeTier = useUpgradeTierMutation()\n\n const handleUpgradeTier = async (tier: number) => {\n if (!organization) {\n return\n }\n\n try {\n await upgradeTier.mutateAsync({ organizationId: organization.id, tier })\n toast.success('Tier upgraded successfully')\n } catch (error) {\n handleApiError(error, 'Failed to upgrade organization tier')\n }\n }\n\n const handleDowngradeTier = async (tier: number) => {\n if (!organization) {\n return\n }\n\n try {\n await downgradeTier.mutateAsync({ organizationId: organization.id, tier })\n toast.success('Tier downgraded successfully')\n } catch (error) {\n handleApiError(error, 'Failed to downgrade organization tier')\n }\n }\n\n return (\n \n \n {nextTier && (\n
\n
\n
Upgrade to Tier {nextTier?.tier}
\n
\n Unlock more resources and higher rate limits by completing the verification steps.\n
\n
\n
\n
Requirements
\n
    \n {requirements.map((requirement) => (\n
  • \n \n
    • \n ))}\n
\n {requirements.length && !canUpgrade && (\n
Please complete all requirements to upgrade.
\n )}\n handleUpgradeTier(nextTier.tier)}\n disabled={!canUpgrade || upgradeTier.isPending}\n >\n {upgradeTier.isPending && }\n Upgrade\n \n
\n
\n )}\n
\n
\n
Enterprise
\n
\n Contact sales at{' '}\n \n sales@daytona.io\n \n .\n
\n
\n\n \n
\n {organizationTier && (\n
\n
\n
Current Tier: {organizationTier?.tier}
\n
\n {organizationTier.expiresAt && (\n
\n Tier expires on{' '}\n {organizationTier.expiresAt.toLocaleDateString('en-US', {\n month: 'short',\n day: 'numeric',\n })}\n .\n
\n )}\n {currentTier && currentTier?.topUpIntervalDays > 0 && (\n
\n Automatically charged {getDollarAmount(currentTier.minTopUpAmountCents)} every{' '}\n {currentTier.topUpIntervalDays} days.\n
\n )}\n
\n
\n {previousTier && (\n handleDowngradeTier(previousTier.tier)}\n disabled={downgradeTier.isPending}\n >\n {downgradeTier.isPending && }\n Downgrade\n \n )}\n
\n )}\n \n \n )\n}\n\nfunction getDollarAmount(cents: number) {\n return new Intl.NumberFormat('en-US', {\n style: 'currency',\n currency: 'USD',\n minimumFractionDigits: 0,\n maximumFractionDigits: 0,\n }).format(cents / 100)\n}\n\nfunction checkTopUpRequirementStatus(currentTier: OrganizationTier, nextTier: Tier) {\n if (!currentTier) {\n return false\n }\n\n if (currentTier.largestSuccessfulPaymentCents < nextTier.minTopUpAmountCents) {\n return false\n }\n\n if (nextTier.topUpIntervalDays && currentTier.largestSuccessfulPaymentDate) {\n const diffTime = Math.abs(Date.now() - (currentTier.largestSuccessfulPaymentDate?.getTime() || 0))\n const diffDays = Math.ceil(diffTime / (1000 * 60 * 60 * 24))\n\n return diffDays < nextTier.topUpIntervalDays\n }\n\n return true\n}\n\nfunction getTierRequirementItems(\n requirementsState: {\n emailVerified: boolean\n creditCardLinked: boolean\n },\n currentTier?: OrganizationTier | null,\n tier?: Tier | null,\n) {\n if (!tier || !currentTier) {\n return []\n }\n if (tier.tier < 1 || tier.tier > 4) {\n return []\n }\n\n const items = []\n\n if (tier.tier === 1) {\n items.push({\n label: 'Email verification',\n isChecked: requirementsState.emailVerified,\n link: RoutePath.ACCOUNT_SETTINGS,\n })\n }\n if (tier.tier === 2) {\n items.push({\n label: 'Credit card linked',\n isChecked: requirementsState.creditCardLinked,\n link: RoutePath.BILLING_WALLET,\n })\n }\n\n if (tier.minTopUpAmountCents) {\n items.push({\n label: `Top up ${getDollarAmount(tier.minTopUpAmountCents)} (${tier.topUpIntervalDays ? `every ${tier.topUpIntervalDays} days` : 'one time'})`,\n isChecked: checkTopUpRequirementStatus(currentTier, tier),\n link: RoutePath.BILLING_WALLET,\n })\n }\n\n return items\n}\n\ninterface TierRequirementItemProps {\n checked: boolean\n label: string\n link?: string\n externalLink?: boolean\n}\n\nfunction RequirementIcon({ checked, label }: { checked: boolean; label: string }) {\n return (\n \n \n
\n )\n}\n\nfunction TierRequirementItem({ checked, label, link, externalLink }: TierRequirementItemProps) {\n const content = (\n \n \n \n {label}\n \n {!checked && externalLink && (\n \n )}\n \n )\n\n if (!checked && link) {\n return (\n \n {content}\n \n )\n }\n\n return
{content}
\n}\n" }, { "path": "apps/dashboard/src/components/TimestampTooltip.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { format, formatDistanceToNow } from 'date-fns'\nimport { ReactNode } from 'react'\nimport { Separator } from './ui/separator'\nimport { Tooltip, TooltipContent, TooltipTrigger } from './ui/tooltip'\n\ninterface TimestampTooltipProps {\n timestamp?: string\n children: ReactNode\n time?: boolean\n}\n\nexport const TimestampTooltip = ({ children, timestamp, time = true }: TimestampTooltipProps) => {\n if (!timestamp) {\n return children\n }\n\n const date = new Date(timestamp)\n const relativeTimeString = formatDistanceToNow(date, { addSuffix: true })\n\n const dateFormat = 'MMM d, yyyy'\n const timeFormat = 'HH:mm:ss'\n\n const utcDate = new Date(\n date.getUTCFullYear(),\n date.getUTCMonth(),\n date.getUTCDate(),\n date.getUTCHours(),\n date.getUTCMinutes(),\n date.getUTCSeconds(),\n )\n const utcDateFormatted = format(utcDate, dateFormat)\n const utcTimeFormatted = format(utcDate, timeFormat)\n\n const localDateFormatted = format(date, dateFormat)\n const localTimeFormatted = format(date, timeFormat)\n\n const timezoneFormatter = new Intl.DateTimeFormat('en-US', {\n timeZoneName: 'short',\n })\n const timezoneParts = timezoneFormatter.formatToParts(date)\n const localTimezone = timezoneParts.find((part) => part.type === 'timeZoneName')?.value || 'Local'\n\n return (\n \n {children}\n \n
{relativeTimeString}
\n \n \n \n \n \n \n {time && }\n \n \n \n \n {time && }\n \n \n
[UTC]{utcDateFormatted}{utcTimeFormatted}
[{localTimezone}]{localDateFormatted}{localTimeFormatted}
\n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/Tooltip.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { TooltipContent, TooltipTrigger, Tooltip as UiTooltip } from '@/components/ui/tooltip'\nimport React from 'react'\n\nexport function Tooltip({\n label,\n content,\n side = 'top',\n contentClassName,\n}: {\n label: React.ReactNode\n content: React.ReactNode\n side?: 'right' | 'left' | 'top' | 'bottom'\n contentClassName?: string\n}) {\n return (\n \n {label}\n \n {content}\n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/TooltipButton.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { ComponentProps, ReactNode } from 'react'\nimport { Button } from './ui/button'\nimport { Tooltip, TooltipContent, TooltipTrigger } from './ui/tooltip'\n\ntype Props = ComponentProps & {\n tooltipText: string\n tooltipContent?: ReactNode\n tooltipContainer?: HTMLElement\n side?: ComponentProps['side']\n}\n\nfunction TooltipButton({\n tooltipText,\n tooltipContent,\n side = 'top',\n tooltipContainer,\n ref,\n size = 'icon-sm',\n ...props\n}: Props) {\n return (\n \n \n \n \n {loading ? (\n \n ) : (\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/UsageOverview.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { cn } from '@/lib/utils'\nimport { RegionUsageOverview } from '@daytonaio/api-client'\nimport QuotaLine from './QuotaLine'\nimport { Skeleton } from './ui/skeleton'\n\nexport function UsageOverview({\n usageOverview,\n className,\n}: {\n usageOverview: RegionUsageOverview\n className?: string\n}) {\n return (\n
*]:flex-1 flex-col lg:flex-row', className)}>\n
\n
\n
Compute
\n \n
\n \n
\n
\n
\n
Memory
\n \n
\n \n
\n
\n
\n
Storage
\n \n
\n \n
\n
\n )\n}\n\nexport function UsageOverviewSkeleton() {\n return (\n
\n \n \n \n
\n )\n}\n\nconst UsageLabel = ({ current, total, unit }: { current: number; total: number; unit: string }) => {\n const percentage = (current / total) * 100\n const isHighUsage = percentage > 90\n\n return (\n \n {current} / {total} {unit}\n \n )\n}\n" }, { "path": "apps/dashboard/src/components/UsageOverviewIndicator.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { cn } from '@/lib/utils'\nimport { RegionUsageOverview } from '@daytonaio/api-client/src'\n\nexport function UsageOverviewIndicator({\n usage,\n className,\n isLive,\n}: {\n usage: RegionUsageOverview\n className?: string\n isLive?: boolean\n}) {\n return (\n
\n {isLive && }\n \n \n \n
\n )\n}\n\nfunction ResourceLabel({ value, total, unit, name }: { value: number; total: number; unit?: string; name?: string }) {\n return (\n \n {name}\n {value}/{total}\n {unit}\n \n )\n}\n\nfunction LiveIndicatorDot({ className }: { className?: string }) {\n return (\n
\n
\n
\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/UserOrganizationInvitations/DeclineOrganizationInvitationDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React from 'react'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\nimport { Button } from '@/components/ui/button'\n\ninterface DeclineOrganizationInvitationDialogProps {\n open: boolean\n onOpenChange: (open: boolean) => void\n onDeclineInvitation: () => Promise\n loading: boolean\n}\n\nexport const DeclineOrganizationInvitationDialog: React.FC = ({\n open,\n onOpenChange,\n onDeclineInvitation,\n loading,\n}) => {\n const handleDeclineInvitation = async () => {\n const success = await onDeclineInvitation()\n if (success) {\n onOpenChange(false)\n }\n }\n\n return (\n \n \n \n Decline Invitation\n \n Are you sure you want to decline this invitation to join the organization?\n \n \n \n \n \n \n {loading ? (\n \n ) : (\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/UserOrganizationInvitations/OrganizationInvitationActionDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React, { useState } from 'react'\nimport {\n Dialog,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\nimport { Button } from '@/components/ui/button'\nimport { OrganizationInvitation } from '@daytonaio/api-client'\n\ninterface OrganizationInvitationActionDialogProps {\n invitation: OrganizationInvitation\n open: boolean\n onOpenChange: (open: boolean) => void\n onAccept: (invitation: OrganizationInvitation) => Promise\n onDecline: (invitation: OrganizationInvitation) => Promise\n}\n\nexport const OrganizationInvitationActionDialog: React.FC = ({\n invitation,\n open,\n onOpenChange,\n onAccept,\n onDecline,\n}) => {\n const [loadingAccept, setLoadingAccept] = useState(false)\n const [loadingDecline, setLoadingDecline] = useState(false)\n\n const handleAccept = async () => {\n setLoadingAccept(true)\n const success = await onAccept(invitation)\n if (success) {\n onOpenChange(false)\n }\n setLoadingAccept(false)\n }\n\n const handleDecline = async () => {\n setLoadingDecline(true)\n const success = await onDecline(invitation)\n if (success) {\n onOpenChange(false)\n }\n setLoadingDecline(false)\n }\n\n return (\n \n \n \n Organization Invitation\n Would you like to accept or decline this invitation?\n \n
\n
\n Organization:\n {invitation.organizationName}\n\n Invited by:\n {invitation.invitedBy || 'Not specified'}\n\n Expires:\n \n {new Date(invitation.expiresAt).toLocaleString('default', {\n year: 'numeric',\n month: 'numeric',\n day: 'numeric',\n hour: 'numeric',\n minute: '2-digit',\n })}\n \n
\n
\n \n {loadingDecline ? (\n \n ) : (\n \n )}\n {loadingAccept ? (\n \n ) : (\n \n )}\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/UserOrganizationInvitations/UserOrganizationInvitationTable.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { useState } from 'react'\nimport { Check, X } from 'lucide-react'\nimport {\n ColumnDef,\n flexRender,\n getCoreRowModel,\n getPaginationRowModel,\n getSortedRowModel,\n SortingState,\n useReactTable,\n} from '@tanstack/react-table'\nimport { OrganizationInvitation } from '@daytonaio/api-client'\nimport { Pagination } from '@/components/Pagination'\nimport { Button } from '@/components/ui/button'\nimport { TableHeader, TableRow, TableHead, TableBody, TableCell, Table } from '@/components/ui/table'\nimport { DeclineOrganizationInvitationDialog } from '@/components/UserOrganizationInvitations/DeclineOrganizationInvitationDialog'\nimport { DEFAULT_PAGE_SIZE } from '@/constants/Pagination'\nimport { TableEmptyState } from '../TableEmptyState'\n\ninterface DataTableProps {\n data: OrganizationInvitation[]\n loadingData: boolean\n onAcceptInvitation: (invitation: OrganizationInvitation) => Promise\n onDeclineInvitation: (invitation: OrganizationInvitation) => Promise\n loadingInvitationAction: Record\n}\n\nexport function UserOrganizationInvitationTable({\n data,\n loadingData,\n onAcceptInvitation,\n onDeclineInvitation,\n loadingInvitationAction,\n}: DataTableProps) {\n const [sorting, setSorting] = useState([])\n const [invitationToDecline, setInvitationToDecline] = useState(null)\n const [isDeclineDialogOpen, setIsDeclineDialogOpen] = useState(false)\n\n const handleDecline = (invitation: OrganizationInvitation) => {\n setInvitationToDecline(invitation)\n setIsDeclineDialogOpen(true)\n }\n\n const handleConfirmDecline = async () => {\n if (invitationToDecline) {\n const success = await onDeclineInvitation(invitationToDecline)\n if (success) {\n setInvitationToDecline(null)\n setIsDeclineDialogOpen(false)\n return success\n }\n }\n return false\n }\n\n const columns = getColumns({ onAccept: onAcceptInvitation, onDecline: handleDecline })\n\n const table = useReactTable({\n data,\n columns,\n getCoreRowModel: getCoreRowModel(),\n getPaginationRowModel: getPaginationRowModel(),\n onSortingChange: setSorting,\n getSortedRowModel: getSortedRowModel(),\n state: {\n sorting,\n },\n initialState: {\n pagination: {\n pageSize: DEFAULT_PAGE_SIZE,\n },\n },\n })\n\n return (\n <>\n
\n
\n \n \n {table.getHeaderGroups().map((headerGroup) => (\n \n {headerGroup.headers.map((header) => {\n return (\n \n {header.isPlaceholder ? null : flexRender(header.column.columnDef.header, header.getContext())}\n \n )\n })}\n \n ))}\n \n \n {loadingData ? (\n \n \n Loading...\n \n \n ) : table.getRowModel().rows?.length ? (\n table.getRowModel().rows.map((row) => (\n \n {row.getVisibleCells().map((cell) => (\n {flexRender(cell.column.columnDef.cell, cell.getContext())}\n ))}\n \n ))\n ) : (\n \n )}\n \n
\n
\n \n
\n\n {invitationToDecline && (\n {\n setIsDeclineDialogOpen(open)\n if (!open) {\n setInvitationToDecline(null)\n }\n }}\n onDeclineInvitation={handleConfirmDecline}\n loading={loadingInvitationAction[invitationToDecline.id]}\n />\n )}\n \n )\n}\n\nconst getColumns = ({\n onAccept,\n onDecline,\n}: {\n onAccept: (invitation: OrganizationInvitation) => void\n onDecline: (invitation: OrganizationInvitation) => void\n}): ColumnDef[] => {\n const columns: ColumnDef[] = [\n {\n accessorKey: 'organizationName',\n header: 'Organization',\n },\n {\n accessorKey: 'invitedBy',\n header: 'Invited by',\n },\n {\n accessorKey: 'expiresAt',\n header: 'Expires',\n cell: ({ row }) => {\n return new Date(row.original.expiresAt).toLocaleDateString()\n },\n },\n {\n id: 'actions',\n cell: ({ row }) => {\n return (\n
\n \n \n
\n )\n },\n },\n ]\n\n return columns\n}\n" }, { "path": "apps/dashboard/src/components/VerifyEmailDialog.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React from 'react'\nimport { Button } from '@/components/ui/button'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\n\ninterface VerifyEmailDialogProps {\n open: boolean\n onOpenChange: (open: boolean) => void\n}\n\nexport const VerifyEmailDialog: React.FC = ({ open, onOpenChange }) => {\n return (\n \n \n \n Verify Your Account\n \n A verification email was sent to your registered email address. Please note that you must verify your email\n before you can create sandboxes or new organizations.\n \n \n \n \n \n \n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/VolumeTable.tsx", "content": "/*\n * Copyright 2025 Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { DebouncedInput } from '@/components/DebouncedInput'\nimport { Pagination } from '@/components/Pagination'\nimport { Button } from '@/components/ui/button'\nimport { Checkbox } from '@/components/ui/checkbox'\nimport { DataTableFacetedFilter, FacetedFilterOption } from '@/components/ui/data-table-faceted-filter'\nimport { DropdownMenu, DropdownMenuContent, DropdownMenuItem, DropdownMenuTrigger } from '@/components/ui/dropdown-menu'\nimport { Popover, PopoverContent, PopoverTrigger } from '@/components/ui/popover'\nimport { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '@/components/ui/table'\nimport { Tooltip, TooltipContent, TooltipTrigger } from '@/components/ui/tooltip'\nimport { DEFAULT_PAGE_SIZE } from '@/constants/Pagination'\nimport { useSelectedOrganization } from '@/hooks/useSelectedOrganization'\nimport { getRelativeTimeString } from '@/lib/utils'\nimport { OrganizationRolePermissionsEnum, VolumeDto, VolumeState } from '@daytonaio/api-client'\nimport {\n ColumnDef,\n ColumnFiltersState,\n flexRender,\n getCoreRowModel,\n getFacetedRowModel,\n getFacetedUniqueValues,\n getFilteredRowModel,\n getPaginationRowModel,\n getSortedRowModel,\n SortingState,\n useReactTable,\n} from '@tanstack/react-table'\nimport { AlertTriangle, CheckCircle, HardDrive, Loader2, MoreHorizontal, Timer } from 'lucide-react'\nimport { useMemo, useState } from 'react'\nimport { TableEmptyState } from './TableEmptyState'\n\ninterface VolumeTableProps {\n data: VolumeDto[]\n loading: boolean\n processingVolumeAction: Record\n onDelete: (volume: VolumeDto) => void\n onBulkDelete: (volumes: VolumeDto[]) => void\n}\n\nexport function VolumeTable({ data, loading, processingVolumeAction, onDelete, onBulkDelete }: VolumeTableProps) {\n const { authenticatedUserHasPermission } = useSelectedOrganization()\n\n const deletePermitted = useMemo(\n () => authenticatedUserHasPermission(OrganizationRolePermissionsEnum.DELETE_VOLUMES),\n [authenticatedUserHasPermission],\n )\n\n const [sorting, setSorting] = useState([])\n const [columnFilters, setColumnFilters] = useState([])\n\n const columns = getColumns({\n onDelete,\n processingVolumeAction,\n deletePermitted,\n })\n const table = useReactTable({\n data,\n columns,\n onColumnFiltersChange: setColumnFilters,\n getCoreRowModel: getCoreRowModel(),\n getPaginationRowModel: getPaginationRowModel(),\n onSortingChange: setSorting,\n getSortedRowModel: getSortedRowModel(),\n getFacetedRowModel: getFacetedRowModel(),\n getFacetedUniqueValues: getFacetedUniqueValues(),\n getFilteredRowModel: getFilteredRowModel(),\n state: {\n sorting,\n columnFilters,\n },\n enableRowSelection: true,\n getRowId: (row) => row.id,\n initialState: {\n pagination: {\n pageSize: DEFAULT_PAGE_SIZE,\n },\n },\n })\n const [bulkDeleteConfirmationOpen, setBulkDeleteConfirmationOpen] = useState(false)\n\n return (\n
\n
\n table.getColumn('name')?.setFilterValue(value)}\n placeholder=\"Search...\"\n className=\"max-w-sm mr-4\"\n />\n {table.getColumn('state') && (\n \n )}\n
\n
\n \n \n {table.getHeaderGroups().map((headerGroup) => (\n \n {headerGroup.headers.map((header) => {\n return (\n \n {header.isPlaceholder ? null : flexRender(header.column.columnDef.header, header.getContext())}\n \n )\n })}\n \n ))}\n \n \n {loading ? (\n \n \n Loading...\n \n \n ) : table.getRowModel().rows?.length ? (\n table.getRowModel().rows.map((row) => (\n \n {row.getVisibleCells().map((cell) => (\n \n {flexRender(cell.column.columnDef.cell, cell.getContext())}\n \n ))}\n \n ))\n ) : (\n }\n description={\n
\n

\n Volumes are shared, persistent directories backed by S3-compatible storage, perfect for reusing\n datasets, caching dependencies, or passing files across sandboxes.\n

\n

\n Create one via the SDK or CLI.
\n \n Read the Volumes guide\n {' '}\n to learn more.\n

\n
\n }\n />\n )}\n \n
\n
\n
\n {table.getRowModel().rows.some((row) => row.getIsSelected()) && (\n \n \n \n \n \n
\n

Are you sure you want to delete these Volumes?

\n
\n {\n onBulkDelete(\n table\n .getRowModel()\n .rows.filter((row) => row.getIsSelected())\n .map((row) => row.original),\n )\n setBulkDeleteConfirmationOpen(false)\n }}\n >\n Delete\n \n \n
\n
\n \n \n )}\n \n
\n
\n )\n}\n\nconst getStateIcon = (state: VolumeState) => {\n switch (state) {\n case VolumeState.READY:\n return \n case VolumeState.ERROR:\n return \n default:\n return \n }\n}\n\nconst getStateColor = (state: VolumeState) => {\n switch (state) {\n case VolumeState.READY:\n return 'text-green-500'\n case VolumeState.ERROR:\n return 'text-red-500'\n default:\n return 'text-gray-600 dark:text-gray-400'\n }\n}\n\nconst getStateLabel = (state: VolumeState) => {\n return state\n .split('_')\n .map((word) => word.charAt(0).toUpperCase() + word.slice(1).toLowerCase())\n .join(' ')\n}\n\nconst statuses: FacetedFilterOption[] = [\n { label: getStateLabel(VolumeState.CREATING), value: VolumeState.CREATING, icon: Timer },\n { label: getStateLabel(VolumeState.READY), value: VolumeState.READY, icon: CheckCircle },\n { label: getStateLabel(VolumeState.PENDING_CREATE), value: VolumeState.PENDING_CREATE, icon: Timer },\n { label: getStateLabel(VolumeState.PENDING_DELETE), value: VolumeState.PENDING_DELETE, icon: Timer },\n { label: getStateLabel(VolumeState.DELETING), value: VolumeState.DELETING, icon: Timer },\n { label: getStateLabel(VolumeState.DELETED), value: VolumeState.DELETED, icon: Timer },\n { label: getStateLabel(VolumeState.ERROR), value: VolumeState.ERROR, icon: AlertTriangle },\n]\n\nconst getColumns = ({\n onDelete,\n processingVolumeAction,\n deletePermitted,\n}: {\n onDelete: (volume: VolumeDto) => void\n processingVolumeAction: Record\n deletePermitted: boolean\n}): ColumnDef[] => {\n const columns: ColumnDef[] = [\n {\n id: 'select',\n header: ({ table }) => (\n {\n for (const row of table.getRowModel().rows) {\n if (processingVolumeAction[row.original.id]) {\n row.toggleSelected(false)\n } else {\n row.toggleSelected(!!value)\n }\n }\n }}\n aria-label=\"Select all\"\n className=\"translate-y-[2px]\"\n />\n ),\n cell: ({ row }) => {\n if (processingVolumeAction[row.original.id]) {\n return \n }\n return (\n row.toggleSelected(!!value)}\n aria-label=\"Select row\"\n className=\"translate-y-[2px]\"\n />\n )\n },\n enableSorting: false,\n enableHiding: false,\n },\n {\n accessorKey: 'name',\n header: 'Name',\n cell: ({ row }) => {\n return
{row.original.name}
\n },\n },\n {\n id: 'state',\n header: 'State',\n cell: ({ row }) => {\n const volume = row.original\n const state = row.original.state\n const color = getStateColor(state)\n\n if (state === VolumeState.ERROR && !!volume.errorReason) {\n return (\n \n \n
\n {getStateIcon(state)}\n {getStateLabel(state)}\n
\n \n \n

{volume.errorReason}

\n \n \n )\n }\n\n return (\n
\n {getStateIcon(state)}\n {getStateLabel(state)}\n
\n )\n },\n accessorKey: 'state',\n filterFn: (row, id, value) => {\n return value.includes(row.getValue(id))\n },\n },\n {\n accessorKey: 'createdAt',\n header: 'Created',\n cell: ({ row }) => {\n return getRelativeTimeString(row.original.createdAt).relativeTimeString\n },\n },\n {\n accessorKey: 'lastUsedAt',\n header: 'Last Used',\n cell: ({ row }) => {\n return getRelativeTimeString(row.original.lastUsedAt).relativeTimeString\n },\n },\n {\n id: 'actions',\n enableHiding: false,\n cell: ({ row }) => {\n if (!deletePermitted) {\n return null\n }\n\n return (\n \n \n \n \n \n onDelete(row.original)}\n >\n Delete\n \n \n \n )\n },\n },\n ]\n\n return columns\n}\n" }, { "path": "apps/dashboard/src/components/Webhooks/CreateEndpointDialog.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Badge } from '@/components/ui/badge'\nimport { Button } from '@/components/ui/button'\nimport {\n Command,\n CommandCheckboxItem,\n CommandEmpty,\n CommandGroup,\n CommandInput,\n CommandList,\n} from '@/components/ui/command'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n DialogTrigger,\n} from '@/components/ui/dialog'\nimport { Field, FieldError, FieldLabel } from '@/components/ui/field'\nimport { Input } from '@/components/ui/input'\nimport { Popover, PopoverContent, PopoverTrigger } from '@/components/ui/popover'\nimport { Spinner } from '@/components/ui/spinner'\nimport { WEBHOOK_EVENT_CATEGORIES, WEBHOOK_EVENTS } from '@/constants/webhook-events'\nimport { handleApiError } from '@/lib/error-handling'\nimport { cn } from '@/lib/utils'\nimport { useForm } from '@tanstack/react-form'\nimport { ChevronsUpDown, Plus } from 'lucide-react'\nimport React, { useCallback, useEffect, useState } from 'react'\nimport { toast } from 'sonner'\nimport { useSvix } from 'svix-react'\nimport { z } from 'zod'\n\nconst formSchema = z.object({\n url: z.string().min(1, 'URL is required').url('Must be a valid URL'),\n description: z.string(),\n filterTypes: z.array(z.string()).min(1, 'At least one event is required'),\n})\n\ntype FormValues = z.infer\n\ninterface CreateEndpointDialogProps {\n onSuccess: () => void\n className?: string\n}\n\nexport const CreateEndpointDialog: React.FC = ({ onSuccess, className }) => {\n const [open, setOpen] = useState(false)\n const [eventsPopoverOpen, setEventsPopoverOpen] = useState(false)\n\n const { svix, appId } = useSvix()\n\n const form = useForm({\n defaultValues: {\n url: '',\n description: '',\n filterTypes: [],\n } as FormValues,\n validators: {\n onSubmit: formSchema,\n },\n onSubmit: async ({ value }) => {\n try {\n await svix.endpoint.create(appId, {\n url: value.url.trim(),\n description: value.description?.trim() || undefined,\n filterTypes: value.filterTypes.length > 0 ? value.filterTypes : undefined,\n })\n toast.success('Endpoint created')\n onSuccess()\n setOpen(false)\n } catch (error) {\n handleApiError(error, 'Failed to create endpoint')\n }\n },\n })\n\n const resetState = useCallback(() => {\n form.reset()\n }, [form])\n\n useEffect(() => {\n if (open) {\n resetState()\n }\n }, [open, resetState])\n\n const toggleEvent = (eventValue: string) => {\n const currentEvents = form.getFieldValue('filterTypes')\n if (currentEvents.includes(eventValue)) {\n form.setFieldValue(\n 'filterTypes',\n currentEvents.filter((e) => e !== eventValue),\n )\n } else {\n form.setFieldValue('filterTypes', [...currentEvents, eventValue])\n }\n }\n\n return (\n \n \n \n \n \n \n Add Webhook Endpoint\n Configure a new endpoint to receive webhook events.\n \n {\n e.preventDefault()\n e.stopPropagation()\n form.handleSubmit()\n }}\n >\n \n {(field) => {\n const isInvalid = field.state.meta.isTouched && !field.state.meta.isValid\n return (\n \n Endpoint Name\n field.handleChange(e.target.value)}\n placeholder=\"My Webhook Endpoint\"\n />\n {field.state.meta.errors.length > 0 && field.state.meta.isTouched && (\n \n )}\n \n )\n }}\n \n\n \n {(field) => {\n const isInvalid = field.state.meta.isTouched && !field.state.meta.isValid\n return (\n \n Endpoint URL\n field.handleChange(e.target.value)}\n placeholder=\"https://example.com/webhook\"\n />\n {field.state.meta.errors.length > 0 && field.state.meta.isTouched && (\n \n )}\n \n )\n }}\n \n\n \n {(field) => {\n const selectedEvents = field.state.value\n const isInvalid = field.state.meta.isTouched && !field.state.meta.isValid\n return (\n \n Events\n \n \n 0,\n })}\n >\n
\n {selectedEvents.length === 0 ? (\n Select events...\n ) : selectedEvents.length > 2 ? (\n \n {selectedEvents.length} events selected\n \n ) : (\n selectedEvents.map((event) => (\n \n {WEBHOOK_EVENTS.find((e) => e.value === event)?.label || event}\n \n ))\n )}\n
\n \n \n \n \n \n \n \n No events found.\n {WEBHOOK_EVENT_CATEGORIES.map((category) => (\n \n {WEBHOOK_EVENTS.filter((event) => event.category === category).map((event) => (\n toggleEvent(event.value)}\n >\n {event.label}\n \n ))}\n \n ))}\n \n \n \n \n {field.state.meta.errors.length > 0 && field.state.meta.isTouched && (\n \n )}\n \n )\n }}\n \n \n \n \n \n \n [state.canSubmit, state.isSubmitting]}\n children={([canSubmit, isSubmitting]) => (\n \n )}\n />\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/Webhooks/DeliveryStatsLine.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { cn } from '@/lib/utils'\nimport type { EndpointStats } from 'svix'\nimport { motion } from 'framer-motion'\nimport React from 'react'\n\nconst transition = {\n type: 'spring',\n stiffness: 60,\n damping: 15,\n mass: 1,\n} as const\n\nconst SEGMENTS = [\n { key: 'success', label: 'Success', color: 'bg-green-500', dotColor: 'bg-green-500' },\n { key: 'fail', label: 'Failed', color: 'bg-red-500', dotColor: 'bg-red-500' },\n { key: 'pending', label: 'Pending', color: 'bg-muted-foreground/50', dotColor: 'bg-muted-foreground/50' },\n { key: 'sending', label: 'Sending', color: 'bg-white', dotColor: 'bg-white border border-border' },\n] as const\n\ninterface DeliveryStatsLineProps {\n stats: EndpointStats\n className?: string\n}\n\nconst DeliveryStatsLine: React.FC = ({ stats, className }) => {\n const total = stats.success + stats.fail + stats.pending + stats.sending\n\n if (total === 0) {\n return (\n
\n
\n \n
\n )\n }\n\n return (\n
\n
\n {SEGMENTS.map(({ key, color }) => {\n const value = stats[key]\n if (value === 0) return null\n const pct = (value / total) * 100\n return (\n \n )\n })}\n
\n \n
\n )\n}\n\nfunction Legend({ stats, total }: { stats: EndpointStats; total: number }) {\n return (\n
\n {SEGMENTS.map(({ key, label, dotColor }) => (\n
\n
\n \n {label} {stats[key]}\n {total > 0 && ({Math.round((stats[key] / total) * 100)}%)}\n \n
\n ))}\n
\n )\n}\n\nexport default DeliveryStatsLine\n" }, { "path": "apps/dashboard/src/components/Webhooks/EditEndpointDialog.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Badge } from '@/components/ui/badge'\nimport { Button } from '@/components/ui/button'\nimport {\n Command,\n CommandCheckboxItem,\n CommandEmpty,\n CommandGroup,\n CommandInput,\n CommandList,\n} from '@/components/ui/command'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\nimport { Field, FieldError, FieldLabel } from '@/components/ui/field'\nimport { Input } from '@/components/ui/input'\nimport { Popover, PopoverContent, PopoverTrigger } from '@/components/ui/popover'\nimport { Spinner } from '@/components/ui/spinner'\nimport { WEBHOOK_EVENT_CATEGORIES, WEBHOOK_EVENTS } from '@/constants/webhook-events'\nimport { useUpdateWebhookEndpointMutation } from '@/hooks/mutations/useUpdateWebhookEndpointMutation'\nimport { handleApiError } from '@/lib/error-handling'\nimport { useForm } from '@tanstack/react-form'\nimport { ChevronsUpDown } from 'lucide-react'\nimport React, { useEffect, useState } from 'react'\nimport { toast } from 'sonner'\nimport { EndpointOut } from 'svix'\nimport { z } from 'zod'\n\nconst formSchema = z.object({\n url: z.string().min(1, 'URL is required').url('Must be a valid URL'),\n description: z.string().min(1, 'Name is required'),\n filterTypes: z.array(z.string()).min(1, 'At least one event is required'),\n})\n\ntype FormValues = z.infer\n\ninterface EditEndpointDialogProps {\n endpoint: EndpointOut | null\n open: boolean\n onOpenChange: (open: boolean) => void\n onSuccess: () => void\n}\n\nexport const EditEndpointDialog: React.FC = ({ endpoint, open, onOpenChange, onSuccess }) => {\n const [eventsPopoverOpen, setEventsPopoverOpen] = useState(false)\n\n const updateMutation = useUpdateWebhookEndpointMutation()\n\n const form = useForm({\n defaultValues: {\n url: '',\n description: '',\n filterTypes: [],\n } as FormValues,\n validators: {\n onSubmit: formSchema,\n },\n onSubmit: async ({ value }) => {\n if (!endpoint) return\n\n try {\n await updateMutation.mutateAsync({\n endpointId: endpoint.id,\n update: {\n url: value.url.trim(),\n description: value.description?.trim() || undefined,\n filterTypes: value.filterTypes.length > 0 ? value.filterTypes : undefined,\n },\n })\n toast.success('Endpoint updated')\n onSuccess()\n onOpenChange(false)\n } catch (error) {\n handleApiError(error, 'Failed to update endpoint')\n }\n },\n })\n\n useEffect(() => {\n if (endpoint && open) {\n form.reset({\n url: endpoint.url,\n description: endpoint.description || '',\n filterTypes: endpoint.filterTypes || [],\n })\n }\n }, [endpoint, open, form])\n\n const handleOpenChange = (isOpen: boolean) => {\n onOpenChange(isOpen)\n if (!isOpen) {\n form.reset()\n }\n }\n\n const toggleEvent = (eventValue: string) => {\n const currentEvents = form.getFieldValue('filterTypes')\n if (currentEvents.includes(eventValue)) {\n form.setFieldValue(\n 'filterTypes',\n currentEvents.filter((e) => e !== eventValue),\n )\n } else {\n form.setFieldValue('filterTypes', [...currentEvents, eventValue])\n }\n }\n\n return (\n \n \n \n Edit Webhook Endpoint\n Update the endpoint configuration.\n \n {\n e.preventDefault()\n e.stopPropagation()\n form.handleSubmit()\n }}\n >\n \n {(field) => {\n const isInvalid = field.state.meta.isTouched && !field.state.meta.isValid\n return (\n \n Endpoint Name\n field.handleChange(e.target.value)}\n placeholder=\"My Webhook Endpoint\"\n />\n {field.state.meta.errors.length > 0 && field.state.meta.isTouched && (\n \n )}\n \n )\n }}\n \n\n \n {(field) => {\n const isInvalid = field.state.meta.isTouched && !field.state.meta.isValid\n return (\n \n Endpoint URL\n field.handleChange(e.target.value)}\n placeholder=\"https://example.com/webhook\"\n />\n {field.state.meta.errors.length > 0 && field.state.meta.isTouched && (\n \n )}\n \n )\n }}\n \n\n \n {(field) => {\n const selectedEvents = field.state.value\n const isInvalid = field.state.meta.isTouched && !field.state.meta.isValid\n return (\n \n Events\n \n \n \n
\n {selectedEvents.length === 0 ? (\n Select events...\n ) : selectedEvents.length > 2 ? (\n \n {selectedEvents.length} events selected\n \n ) : (\n selectedEvents.map((event) => (\n \n {WEBHOOK_EVENTS.find((e) => e.value === event)?.label || event}\n \n ))\n )}\n
\n \n \n \n \n \n \n \n No events found.\n {WEBHOOK_EVENT_CATEGORIES.map((category) => (\n \n {WEBHOOK_EVENTS.filter((event) => event.category === category).map((event) => (\n toggleEvent(event.value)}\n >\n {event.label}\n \n ))}\n \n ))}\n \n \n \n \n {field.state.meta.errors.length > 0 && field.state.meta.isTouched && (\n \n )}\n \n )\n }}\n \n \n \n \n \n \n [state.canSubmit, state.isSubmitting]}\n children={([canSubmit, isSubmitting]) => (\n \n )}\n />\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/Webhooks/EndpointEventsTable/EndpointEventsTable.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { DebouncedInput } from '@/components/DebouncedInput'\nimport { Pagination } from '@/components/Pagination'\nimport { TableEmptyState } from '@/components/TableEmptyState'\nimport { DataTableFacetedFilter } from '@/components/ui/data-table-faceted-filter'\nimport { Skeleton } from '@/components/ui/skeleton'\nimport { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '@/components/ui/table'\nimport { DEFAULT_PAGE_SIZE } from '@/constants/Pagination'\nimport {\n ColumnFiltersState,\n flexRender,\n getCoreRowModel,\n getFacetedRowModel,\n getFacetedUniqueValues,\n getFilteredRowModel,\n getPaginationRowModel,\n getSortedRowModel,\n SortingState,\n useReactTable,\n} from '@tanstack/react-table'\nimport { Mail } from 'lucide-react'\nimport { useCallback, useState } from 'react'\nimport { EndpointMessageOut } from 'svix'\nimport { columns, eventTypeOptions, statusOptions } from './columns'\nimport { EventDetailsSheet } from './EventDetailsSheet'\n\ninterface EndpointEventsTableProps {\n data: EndpointMessageOut[]\n loading: boolean\n onReplay: (msgId: string) => void\n}\n\nexport function EndpointEventsTable({ data, loading, onReplay }: EndpointEventsTableProps) {\n const [sorting, setSorting] = useState([])\n const [columnFilters, setColumnFilters] = useState([])\n const [globalFilter, setGlobalFilter] = useState('')\n const [selectedEventIndex, setSelectedEventIndex] = useState(null)\n const [sheetOpen, setSheetOpen] = useState(false)\n\n const table = useReactTable({\n data,\n columns,\n getCoreRowModel: getCoreRowModel(),\n getFilteredRowModel: getFilteredRowModel(),\n getPaginationRowModel: getPaginationRowModel(),\n onSortingChange: setSorting,\n getSortedRowModel: getSortedRowModel(),\n onColumnFiltersChange: setColumnFilters,\n getFacetedRowModel: getFacetedRowModel(),\n getFacetedUniqueValues: getFacetedUniqueValues(),\n onGlobalFilterChange: setGlobalFilter,\n globalFilterFn: (row, _columnId, filterValue) => {\n const event = row.original\n const searchValue = filterValue.toLowerCase()\n return (\n (event.id?.toLowerCase().includes(searchValue) ?? false) ||\n (event.eventType?.toLowerCase().includes(searchValue) ?? false) ||\n (event.statusText?.toLowerCase().includes(searchValue) ?? false)\n )\n },\n state: {\n sorting,\n columnFilters,\n globalFilter,\n },\n initialState: {\n pagination: {\n pageSize: DEFAULT_PAGE_SIZE,\n },\n },\n meta: {\n endpointEvents: {\n onReplay,\n },\n },\n })\n\n const handleRowClick = useCallback((index: number) => {\n setSelectedEventIndex(index)\n setSheetOpen(true)\n }, [])\n\n const rowCount = table.getRowModel().rows.length\n\n const handleNavigate = useCallback(\n (direction: 'prev' | 'next') => {\n setSelectedEventIndex((prev) => {\n if (prev === null) return null\n if (direction === 'prev' && prev > 0) return prev - 1\n if (direction === 'next' && prev < rowCount - 1) return prev + 1\n return prev\n })\n },\n [rowCount],\n )\n\n return (\n
\n
\n setGlobalFilter(String(value))}\n placeholder=\"Search by Event Type, Message ID, or Status\"\n className=\"max-w-sm mr-4\"\n />\n {table.getColumn('eventType') && (\n \n )}\n {table.getColumn('status') && (\n \n )}\n
\n
\n \n \n {table.getHeaderGroups().map((headerGroup) => (\n \n {headerGroup.headers.map((header) => {\n return (\n \n {header.isPlaceholder ? null : flexRender(header.column.columnDef.header, header.getContext())}\n \n )\n })}\n \n ))}\n \n \n {loading ? (\n <>\n {Array.from(new Array(5)).map((_, i) => (\n \n {table.getVisibleLeafColumns().map((column) => (\n \n \n \n ))}\n \n ))}\n \n ) : table.getRowModel().rows?.length ? (\n table.getRowModel().rows.map((row, rowIndex) => (\n handleRowClick(rowIndex)}\n onKeyDown={(e) => {\n if (e.key === 'Enter' || e.key === ' ') {\n e.preventDefault()\n handleRowClick(rowIndex)\n }\n }}\n >\n {row.getVisibleCells().map((cell) => (\n \n {flexRender(cell.column.columnDef.cell, cell.getContext())}\n \n ))}\n \n ))\n ) : (\n }\n description={\n
\n

Events will appear here when webhooks are triggered.

\n
\n }\n />\n )}\n \n
\n
\n \n 0}\n hasNext={selectedEventIndex !== null && selectedEventIndex < table.getRowModel().rows.length - 1}\n onReplay={onReplay}\n />\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/Webhooks/EndpointEventsTable/EventDetailsSheet.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { CopyButton } from '@/components/CopyButton'\nimport { TimestampTooltip } from '@/components/TimestampTooltip'\nimport { Badge } from '@/components/ui/badge'\nimport { Button } from '@/components/ui/button'\nimport { ScrollArea } from '@/components/ui/scroll-area'\nimport { Separator } from '@/components/ui/separator'\nimport { Sheet, SheetContent, SheetHeader, SheetTitle } from '@/components/ui/sheet'\nimport { getRelativeTimeString } from '@/lib/utils'\nimport { ChevronDown, ChevronUp, RefreshCw, X } from 'lucide-react'\nimport { useCallback, useState } from 'react'\nimport { EndpointMessageOut } from 'svix'\nimport { MessageAttemptsTable } from '../MessageAttemptsTable'\n\ninterface EventDetailsSheetProps {\n event: EndpointMessageOut | null\n open: boolean\n onOpenChange: (open: boolean) => void\n onNavigate: (direction: 'prev' | 'next') => void\n hasPrev: boolean\n hasNext: boolean\n onReplay: (msgId: string) => void\n}\n\nexport function EventDetailsSheet({\n event,\n open,\n onOpenChange,\n onNavigate,\n hasPrev,\n hasNext,\n onReplay,\n}: EventDetailsSheetProps) {\n const [attemptsReloadKey, setAttemptsReloadKey] = useState(0)\n\n const handleReplay = useCallback(\n (msgId: string) => {\n onReplay(msgId)\n setAttemptsReloadKey((prev) => prev + 1)\n },\n [onReplay],\n )\n\n if (!event) return null\n\n const hasPayload = event.payload && Object.keys(event.payload).length > 0\n const payload = hasPayload\n ? typeof event.payload === 'string'\n ? event.payload\n : JSON.stringify(event.payload, null, 2)\n : ''\n const { relativeTimeString } = getRelativeTimeString(event.timestamp)\n\n return (\n \n button]:hidden\" side=\"right\">\n \n Event Details\n
\n \n \n \n
\n \n\n \n \n
\n Overview\n
\n Message ID\n
\n {event.id}\n \n
\n
\n
\n Status\n \n {event.status === 0 ? 'Success' : event.status === 1 ? 'Pending' : 'Failed'}\n \n
\n
\n Event Type\n {event.eventType}\n
\n
\n Sent\n \n {relativeTimeString}\n \n
\n {event.nextAttempt && (\n
\n Next Attempt\n \n \n {getRelativeTimeString(event.nextAttempt).relativeTimeString}\n \n \n
\n )}\n {event.channels && event.channels.length > 0 && (\n
\n Channels\n
\n {event.channels.map((channel) => (\n \n {channel}\n \n ))}\n
\n
\n )}\n {event.tags && event.tags.length > 0 && (\n
\n Tags\n
\n {event.tags.map((tag) => (\n \n {tag}\n \n ))}\n
\n
\n )}\n {event.eventId && (\n
\n Event ID\n
\n {event.eventId}\n \n
\n
\n )}\n \n
\n\n \n\n
\n
\n Payload\n {hasPayload && }\n
\n {hasPayload ? (\n 
\n                {payload}\n
\n ) : (\n
\n This event has no payload\n
\n )}\n
\n\n \n\n
\n \n
\n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/Webhooks/EndpointEventsTable/columns.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { TimestampTooltip } from '@/components/TimestampTooltip'\nimport { Badge } from '@/components/ui/badge'\nimport { Button } from '@/components/ui/button'\nimport { FacetedFilterOption } from '@/components/ui/data-table-faceted-filter'\nimport { DropdownMenu, DropdownMenuContent, DropdownMenuItem, DropdownMenuTrigger } from '@/components/ui/dropdown-menu'\nimport { WEBHOOK_EVENTS } from '@/constants/webhook-events'\nimport { getRelativeTimeString } from '@/lib/utils'\nimport { ColumnDef, RowData, Table } from '@tanstack/react-table'\nimport { CheckCircle, Clock, MoreHorizontal, XCircle } from 'lucide-react'\nimport { EndpointMessageOut } from 'svix'\nimport { CopyButton } from '../../CopyButton'\n\ntype EndpointEventsTableMeta = {\n onReplay: (msgId: string) => void\n}\n\ndeclare module '@tanstack/react-table' {\n interface TableMeta {\n endpointEvents?: TData extends EndpointMessageOut ? EndpointEventsTableMeta : never\n }\n}\n\nconst getMeta = (table: Table) => {\n return table.options.meta?.endpointEvents as EndpointEventsTableMeta\n}\n\nconst columns: ColumnDef[] = [\n {\n accessorKey: 'id',\n header: 'Message ID',\n size: 300,\n cell: ({ row }) => {\n const msgId = row.original.id\n return (\n
\n \n {msgId ?? '-'}\n \n {msgId && (\n e.stopPropagation()}>\n \n \n )}\n
\n )\n },\n },\n {\n id: 'status',\n accessorFn: (row) => row.statusText || 'unknown',\n header: 'Status',\n size: 100,\n filterFn: (row, id, value) => {\n return value.includes(row.getValue(id))\n },\n cell: ({ row }) => {\n const status = row.original.status\n const variant = status === 0 ? 'success' : status === 1 ? 'secondary' : 'destructive'\n return {status === 0 ? 'Success' : status === 1 ? 'Pending' : 'Failed'}\n },\n },\n {\n accessorKey: 'eventType',\n header: 'Event Type',\n size: 200,\n filterFn: (row, id, value) => {\n return value.includes(row.getValue(id))\n },\n cell: ({ row }) => {\n const eventType = row.original.eventType\n return (\n \n {eventType}\n \n )\n },\n },\n {\n accessorKey: 'nextAttempt',\n header: 'Next Attempt',\n size: 100,\n cell: ({ row }) => {\n const nextAttempt = row.original.nextAttempt\n if (!nextAttempt) {\n return -\n }\n const relativeTime = getRelativeTimeString(nextAttempt)\n return (\n \n {relativeTime.relativeTimeString}\n \n )\n },\n },\n {\n accessorKey: 'timestamp',\n header: 'Sent',\n size: 100,\n cell: ({ row }) => {\n const timestamp = row.original.timestamp\n if (!timestamp) {\n return -\n }\n const relativeTime = getRelativeTimeString(timestamp)\n\n return (\n \n {relativeTime.relativeTimeString}\n \n )\n },\n },\n {\n id: 'actions',\n maxSize: 44,\n enableHiding: false,\n cell: ({ row, table }) => {\n const { onReplay } = getMeta(table)\n const msgId = row.original.id\n return (\n \n e.stopPropagation()}>\n \n \n e.stopPropagation()}>\n onReplay(msgId)}>\n Replay\n \n \n \n )\n },\n },\n]\n\nconst eventTypeOptions: FacetedFilterOption[] = WEBHOOK_EVENTS.map((event) => ({\n label: event.label,\n value: event.value,\n}))\n\nconst statusOptions: FacetedFilterOption[] = [\n { label: 'Success', value: 'success', icon: CheckCircle },\n { label: 'Pending', value: 'pending', icon: Clock },\n { label: 'Failed', value: 'fail', icon: XCircle },\n]\n\nexport { columns, eventTypeOptions, statusOptions }\nexport type { EndpointEventsTableMeta }\n" }, { "path": "apps/dashboard/src/components/Webhooks/EndpointEventsTable/index.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport { EndpointEventsTable } from './EndpointEventsTable'\nexport type { EndpointEventsTableMeta } from './columns'\n" }, { "path": "apps/dashboard/src/components/Webhooks/MessageAttemptsTable.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { CopyButton } from '@/components/CopyButton'\nimport { TimestampTooltip } from '@/components/TimestampTooltip'\nimport { Badge } from '@/components/ui/badge'\nimport { Skeleton } from '@/components/ui/skeleton'\nimport { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '@/components/ui/table'\nimport { getRelativeTimeString } from '@/lib/utils'\nimport { AnimatePresence, motion } from 'framer-motion'\nimport { ChevronDown, ChevronRight, LoaderCircle } from 'lucide-react'\nimport { Fragment, useCallback, useEffect, useRef, useState } from 'react'\nimport { MessageAttemptOut } from 'svix'\nimport { useMessageAttempts } from 'svix-react'\n\nconst RELOAD_DELAY = 5\n\nfunction AttemptStatusBadge({ status }: { status: number }) {\n const variant = status === 0 ? 'success' : status === 1 ? 'secondary' : 'destructive'\n const label = status === 0 ? 'Success' : status === 1 ? 'Pending' : status === 3 ? 'Sending' : 'Failed'\n return {label}\n}\n\nfunction TriggerTypeBadge({ triggerType }: { triggerType: number }) {\n return (\n \n {triggerType === 1 ? 'Manual' : 'Scheduled'}\n \n )\n}\n\nfunction AttemptExpandedRow({ attempt }: { attempt: MessageAttemptOut }) {\n let responseBody: string\n try {\n const parsed = JSON.parse(attempt.response)\n responseBody = JSON.stringify(parsed, null, 2)\n } catch {\n responseBody = attempt.response || '(empty)'\n }\n\n return (\n
\n
\n
\n Status Code\n {!attempt.responseStatusCode ? (\n No Response\n ) : (\n = 200 && attempt.responseStatusCode < 300 ? 'success' : 'destructive'\n }\n >\n {attempt.responseStatusCode}\n \n )}\n
\n
\n Duration\n {attempt.responseDurationMs}ms\n
\n
\n Trigger\n \n
\n
\n Endpoint ID\n
\n {attempt.endpointId}\n \n
\n
\n
\n\n
\n
\n Response Body\n \n
\n 
\n          {responseBody}\n
\n
\n
\n )\n}\n\nexport function MessageAttemptsTable({ messageId, reloadKey }: { messageId: string; reloadKey?: number }) {\n const attempts = useMessageAttempts(messageId)\n const [expandedRows, setExpandedRows] = useState>(new Set())\n const [countdown, setCountdown] = useState(null)\n const prevReloadKey = useRef(reloadKey)\n const timerRef = useRef>(null)\n\n const clearTimer = useCallback(() => {\n if (timerRef.current) {\n clearInterval(timerRef.current)\n timerRef.current = null\n }\n }, [])\n\n useEffect(() => {\n if (reloadKey !== undefined && reloadKey !== prevReloadKey.current) {\n prevReloadKey.current = reloadKey\n clearTimer()\n setCountdown(RELOAD_DELAY)\n\n timerRef.current = setInterval(() => {\n setCountdown((prev) => {\n if (prev === null || prev <= 1) {\n clearTimer()\n attempts.reload()\n return null\n }\n return prev - 1\n })\n }, 1000)\n }\n }, [reloadKey, attempts, clearTimer])\n\n useEffect(() => {\n return clearTimer\n }, [clearTimer])\n\n const toggleRow = (attemptId: string) => {\n setExpandedRows((prev) => {\n const next = new Set(prev)\n if (next.has(attemptId)) {\n next.delete(attemptId)\n } else {\n next.add(attemptId)\n }\n return next\n })\n }\n\n const header = (\n
\n Delivery Attempts\n \n {countdown !== null && (\n \n \n Reloading in {countdown}...\n \n )}\n \n
\n )\n\n if (attempts.loading) {\n return (\n
\n {header}\n
\n \n \n \n
\n
\n )\n }\n\n if (attempts.error) {\n return (\n
\n {header}\n
Failed to load message attempts.
\n
\n )\n }\n\n const data = attempts.data ?? []\n\n if (data.length === 0) {\n return (\n
\n {header}\n
No delivery attempts yet.
\n
\n )\n }\n\n return (\n
\n {header}\n
\n \n \n \n \n Status\n URL\n Timestamp\n \n \n \n {data.map((attempt: MessageAttemptOut) => {\n const { relativeTimeString } = getRelativeTimeString(attempt.timestamp)\n const isExpanded = expandedRows.has(attempt.id)\n return (\n \n toggleRow(attempt.id)}>\n \n {isExpanded ? (\n \n ) : (\n \n )}\n \n \n \n \n \n {attempt.url}\n \n \n \n {relativeTimeString}\n \n \n \n {isExpanded && (\n \n \n \n \n \n )}\n \n )\n })}\n \n
\n
\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/Webhooks/WebhooksEndpointTable/WebhooksEndpointTable.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { DebouncedInput } from '@/components/DebouncedInput'\nimport { Pagination } from '@/components/Pagination'\nimport { TableEmptyState } from '@/components/TableEmptyState'\nimport {\n AlertDialog,\n AlertDialogAction,\n AlertDialogCancel,\n AlertDialogContent,\n AlertDialogDescription,\n AlertDialogFooter,\n AlertDialogHeader,\n AlertDialogTitle,\n} from '@/components/ui/alert-dialog'\nimport { Skeleton } from '@/components/ui/skeleton'\nimport { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '@/components/ui/table'\nimport { DEFAULT_PAGE_SIZE } from '@/constants/Pagination'\nimport { RoutePath } from '@/enums/RoutePath'\nimport {\n flexRender,\n getCoreRowModel,\n getFilteredRowModel,\n getPaginationRowModel,\n getSortedRowModel,\n SortingState,\n useReactTable,\n} from '@tanstack/react-table'\nimport { Mail } from 'lucide-react'\nimport { useState } from 'react'\nimport { useNavigate } from 'react-router-dom'\nimport { EndpointOut } from 'svix'\nimport { columns } from './columns'\n\ninterface WebhooksEndpointTableProps {\n data: EndpointOut[]\n loading: boolean\n onDisable: (endpoint: EndpointOut) => void\n onDelete: (endpoint: EndpointOut) => void\n isLoadingEndpoint: (endpoint: EndpointOut) => boolean\n}\n\nexport function WebhooksEndpointTable({\n data,\n loading,\n onDisable,\n onDelete,\n isLoadingEndpoint,\n}: WebhooksEndpointTableProps) {\n const [sorting, setSorting] = useState([])\n const [globalFilter, setGlobalFilter] = useState('')\n const [deleteEndpoint, setDeleteEndpoint] = useState(null)\n const [disableEndpoint, setDisableEndpoint] = useState(null)\n const navigate = useNavigate()\n\n const handleConfirmDelete = () => {\n if (deleteEndpoint) {\n onDelete(deleteEndpoint)\n setDeleteEndpoint(null)\n }\n }\n\n const handleConfirmDisable = () => {\n if (disableEndpoint) {\n onDisable(disableEndpoint)\n setDisableEndpoint(null)\n }\n }\n\n const table = useReactTable({\n data,\n columns,\n getCoreRowModel: getCoreRowModel(),\n getFilteredRowModel: getFilteredRowModel(),\n getPaginationRowModel: getPaginationRowModel(),\n onSortingChange: setSorting,\n getSortedRowModel: getSortedRowModel(),\n onGlobalFilterChange: setGlobalFilter,\n globalFilterFn: (row, _columnId, filterValue) => {\n const endpoint = row.original\n const searchValue = filterValue.toLowerCase()\n return (\n endpoint.url.toLowerCase().includes(searchValue) ||\n (endpoint.description?.toLowerCase().includes(searchValue) ?? false) ||\n endpoint.id.toLowerCase().includes(searchValue)\n )\n },\n state: {\n sorting,\n globalFilter,\n },\n initialState: {\n pagination: {\n pageSize: DEFAULT_PAGE_SIZE,\n },\n },\n meta: {\n webhookEndpoints: {\n onDisable: setDisableEndpoint,\n onDelete: setDeleteEndpoint,\n isLoadingEndpoint,\n },\n },\n })\n\n const handleRowClick = (endpoint: EndpointOut) => {\n navigate(RoutePath.WEBHOOK_ENDPOINT_DETAILS.replace(':endpointId', endpoint.id))\n }\n\n return (\n
\n
\n setGlobalFilter(String(value))}\n placeholder=\"Search by URL or Description\"\n className=\"max-w-sm\"\n />\n
\n
\n \n \n {table.getHeaderGroups().map((headerGroup) => (\n \n {headerGroup.headers.map((header) => {\n return (\n \n {header.isPlaceholder ? null : flexRender(header.column.columnDef.header, header.getContext())}\n \n )\n })}\n \n ))}\n \n \n {loading ? (\n <>\n {Array.from(new Array(5)).map((_, i) => (\n \n {table.getVisibleLeafColumns().map((column, colIndex, arr) =>\n colIndex === arr.length - 1 ? null : (\n \n \n \n ),\n )}\n \n ))}\n \n ) : table.getRowModel().rows?.length ? (\n table.getRowModel().rows.map((row) => {\n const isLoading = isLoadingEndpoint(row.original)\n return (\n {\n if (!isLoading) {\n handleRowClick(row.original)\n }\n }}\n onKeyDown={(e) => {\n if (!isLoading && (e.key === 'Enter' || e.key === ' ')) {\n e.preventDefault()\n handleRowClick(row.original)\n }\n }}\n >\n {row.getVisibleCells().map((cell) => (\n \n {flexRender(cell.column.columnDef.cell, cell.getContext())}\n \n ))}\n \n )\n })\n ) : (\n }\n description={\n
\n

Create an endpoint to start receiving webhook events.

\n

\n \n Check out the Docs\n {' '}\n to learn more.\n

\n
\n }\n />\n )}\n \n
\n
\n \n\n !open && setDeleteEndpoint(null)}>\n \n \n Delete Webhook Endpoint\n \n Are you sure you want to delete this webhook endpoint? This action cannot be undone.\n {deleteEndpoint && (\n
\n URL: {deleteEndpoint.url}\n
\n )}\n \n \n \n Cancel\n \n Delete\n \n \n \n \n\n !open && setDisableEndpoint(null)}>\n \n \n {disableEndpoint?.disabled ? 'Enable' : 'Disable'} Webhook Endpoint\n \n Are you sure you want to {disableEndpoint?.disabled ? 'enable' : 'disable'} this webhook endpoint?\n {disableEndpoint && (\n
\n URL: {disableEndpoint.url}\n
\n )}\n \n \n \n Cancel\n \n {disableEndpoint?.disabled ? 'Enable' : 'Disable'}\n \n \n \n \n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/Webhooks/WebhooksEndpointTable/columns.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { TimestampTooltip } from '@/components/TimestampTooltip'\nimport { Badge } from '@/components/ui/badge'\nimport { Button } from '@/components/ui/button'\nimport { DropdownMenu, DropdownMenuContent, DropdownMenuItem, DropdownMenuTrigger } from '@/components/ui/dropdown-menu'\nimport { getRelativeTimeString } from '@/lib/utils'\nimport { ColumnDef, RowData, Table } from '@tanstack/react-table'\nimport { MoreHorizontal } from 'lucide-react'\nimport { EndpointOut } from 'svix'\nimport { CopyButton } from '../../CopyButton'\n\ntype WebhooksEndpointTableMeta = {\n onDisable: (endpoint: EndpointOut) => void\n onDelete: (endpoint: EndpointOut) => void\n isLoadingEndpoint: (endpoint: EndpointOut) => boolean\n}\n\ndeclare module '@tanstack/react-table' {\n interface TableMeta {\n webhookEndpoints?: TData extends EndpointOut ? WebhooksEndpointTableMeta : never\n }\n}\n\nconst getMeta = (table: Table) => {\n return table.options.meta?.webhookEndpoints as WebhooksEndpointTableMeta\n}\n\nconst columns: ColumnDef[] = [\n {\n accessorKey: 'description',\n header: 'Name',\n size: 200,\n cell: ({ row }) => (\n
\n \n {row.original.description || 'Unnamed Endpoint'}\n \n
\n ),\n },\n {\n accessorKey: 'url',\n header: 'URL',\n size: 300,\n cell: ({ row }) => (\n
\n {row.original.url}\n \n
\n ),\n },\n {\n accessorKey: 'disabled',\n header: 'Status',\n size: 100,\n cell: ({ row }) => (\n \n {row.original.disabled ? 'Disabled' : 'Active'}\n \n ),\n },\n {\n accessorKey: 'createdAt',\n header: 'Created',\n size: 150,\n cell: ({ row }) => {\n const createdAt = row.original.createdAt\n const relativeTime = getRelativeTimeString(createdAt).relativeTimeString\n\n return (\n \n {relativeTime}\n \n )\n },\n },\n {\n id: 'actions',\n header: () => null,\n maxSize: 44,\n cell: ({ row, table }) => {\n const { onDisable, onDelete, isLoadingEndpoint } = getMeta(table)\n const isLoading = isLoadingEndpoint(row.original)\n\n return (\n
e.stopPropagation()}>\n \n \n \n \n \n onDisable(row.original)} className=\"cursor-pointer\" disabled={isLoading}>\n {row.original.disabled ? 'Enable' : 'Disable'}\n \n onDelete(row.original)}\n className=\"cursor-pointer\"\n disabled={isLoading}\n >\n Delete\n \n \n \n
\n )\n },\n },\n]\n\nexport { columns }\nexport type { WebhooksEndpointTableMeta }\n" }, { "path": "apps/dashboard/src/components/Webhooks/WebhooksEndpointTable/index.ts", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nexport { WebhooksEndpointTable } from './WebhooksEndpointTable'\nexport type { WebhooksEndpointTableMeta } from './columns'\n" }, { "path": "apps/dashboard/src/components/Webhooks/WebhooksMessagesTable/MessageDetailsSheet.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { CopyButton } from '@/components/CopyButton'\nimport { TimestampTooltip } from '@/components/TimestampTooltip'\nimport { Badge } from '@/components/ui/badge'\nimport { Button } from '@/components/ui/button'\nimport { Separator } from '@/components/ui/separator'\nimport { Sheet, SheetContent, SheetHeader, SheetTitle } from '@/components/ui/sheet'\nimport { getRelativeTimeString } from '@/lib/utils'\nimport { ChevronDown, ChevronUp, X } from 'lucide-react'\nimport { MessageOut } from 'svix'\nimport { MessageAttemptsTable } from '../MessageAttemptsTable'\n\ninterface MessageDetailsSheetProps {\n message: MessageOut | null\n open: boolean\n onOpenChange: (open: boolean) => void\n onNavigate: (direction: 'prev' | 'next') => void\n hasPrev: boolean\n hasNext: boolean\n}\n\nexport function MessageDetailsSheet({\n message,\n open,\n onOpenChange,\n onNavigate,\n hasPrev,\n hasNext,\n}: MessageDetailsSheetProps) {\n if (!message) return null\n\n const hasPayload = message.payload && Object.keys(message.payload).length > 0\n const payload = hasPayload\n ? typeof message.payload === 'string'\n ? message.payload\n : JSON.stringify(message.payload, null, 2)\n : ''\n const { relativeTimeString } = getRelativeTimeString(message.timestamp)\n\n return (\n \n button]:hidden\" side=\"right\">\n \n Message Details\n
\n \n \n \n
\n \n\n \n\n
\n
\n Overview\n
\n Message ID\n
\n {message.id}\n \n
\n
\n
\n Event Type\n {message.eventType}\n
\n {message.eventId && (\n
\n Event ID\n
\n {message.eventId}\n \n
\n
\n )}\n
\n Timestamp\n \n {relativeTimeString}\n \n
\n {message.channels && message.channels.length > 0 && (\n
\n Channels\n
\n {message.channels.map((channel) => (\n \n {channel}\n \n ))}\n
\n
\n )}\n {message.tags && message.tags.length > 0 && (\n
\n Tags\n
\n {message.tags.map((tag) => (\n \n {tag}\n \n ))}\n
\n
\n )}\n
\n\n \n\n
\n
\n Payload\n {hasPayload && }\n
\n {hasPayload ? (\n 
\n                {payload}\n
\n ) : (\n
\n This message has no payload\n
\n )}\n
\n\n \n\n
\n \n
\n
\n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/Webhooks/WebhooksMessagesTable/WebhooksMessagesTable.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { DebouncedInput } from '@/components/DebouncedInput'\nimport { Pagination } from '@/components/Pagination'\nimport { TableEmptyState } from '@/components/TableEmptyState'\nimport { DataTableFacetedFilter } from '@/components/ui/data-table-faceted-filter'\nimport { Skeleton } from '@/components/ui/skeleton'\nimport { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '@/components/ui/table'\nimport { DEFAULT_PAGE_SIZE } from '@/constants/Pagination'\nimport {\n ColumnFiltersState,\n flexRender,\n getCoreRowModel,\n getFacetedRowModel,\n getFacetedUniqueValues,\n getFilteredRowModel,\n getPaginationRowModel,\n getSortedRowModel,\n SortingState,\n useReactTable,\n} from '@tanstack/react-table'\nimport { Mail, RefreshCcw } from 'lucide-react'\nimport { useCallback, useState } from 'react'\nimport { Button } from '@/components/ui/button'\nimport { useMessages } from 'svix-react'\nimport { columns, eventTypeOptions } from './columns'\nimport { MessageDetailsSheet } from './MessageDetailsSheet'\n\nexport function WebhooksMessagesTable() {\n const messages = useMessages()\n const [sorting, setSorting] = useState([])\n const [columnFilters, setColumnFilters] = useState([])\n const [globalFilter, setGlobalFilter] = useState('')\n const [selectedMessageIndex, setSelectedMessageIndex] = useState(null)\n const [sheetOpen, setSheetOpen] = useState(false)\n\n const data = messages.data ?? []\n\n const table = useReactTable({\n data,\n columns,\n getCoreRowModel: getCoreRowModel(),\n getFilteredRowModel: getFilteredRowModel(),\n getPaginationRowModel: getPaginationRowModel(),\n onSortingChange: setSorting,\n getSortedRowModel: getSortedRowModel(),\n onColumnFiltersChange: setColumnFilters,\n getFacetedRowModel: getFacetedRowModel(),\n getFacetedUniqueValues: getFacetedUniqueValues(),\n onGlobalFilterChange: setGlobalFilter,\n globalFilterFn: (row, _columnId, filterValue) => {\n const message = row.original\n const searchValue = filterValue.toLowerCase()\n return (\n (message.id?.toLowerCase().includes(searchValue) ?? false) ||\n (message.eventType?.toLowerCase().includes(searchValue) ?? false) ||\n (message.eventId?.toLowerCase().includes(searchValue) ?? false)\n )\n },\n state: {\n sorting,\n columnFilters,\n globalFilter,\n },\n initialState: {\n pagination: {\n pageSize: DEFAULT_PAGE_SIZE,\n },\n },\n })\n\n const handleRowClick = useCallback((index: number) => {\n setSelectedMessageIndex(index)\n setSheetOpen(true)\n }, [])\n\n const rowCount = table.getRowModel().rows.length\n\n const handleNavigate = useCallback(\n (direction: 'prev' | 'next') => {\n setSelectedMessageIndex((prev) => {\n if (prev === null) return null\n if (direction === 'prev' && prev > 0) return prev - 1\n if (direction === 'next' && prev < rowCount - 1) return prev + 1\n return prev\n })\n },\n [rowCount],\n )\n\n return (\n
\n
\n setGlobalFilter(String(value))}\n placeholder=\"Search by Message ID, Event Type, or Event ID\"\n className=\"max-w-sm mr-4\"\n />\n {table.getColumn('eventType') && (\n \n )}\n messages.reload()}\n disabled={messages.loading}\n className=\"ml-auto\"\n >\n \n \n
\n
\n \n \n {table.getHeaderGroups().map((headerGroup) => (\n \n {headerGroup.headers.map((header) => (\n \n {header.isPlaceholder ? null : flexRender(header.column.columnDef.header, header.getContext())}\n \n ))}\n \n ))}\n \n \n {messages.loading ? (\n <>\n {Array.from(new Array(5)).map((_, i) => (\n \n {table.getVisibleLeafColumns().map((column) => (\n \n \n \n ))}\n \n ))}\n \n ) : table.getRowModel().rows?.length ? (\n table.getRowModel().rows.map((row, rowIndex) => (\n handleRowClick(rowIndex)}\n onKeyDown={(e) => {\n if (e.key === 'Enter' || e.key === ' ') {\n e.preventDefault()\n handleRowClick(rowIndex)\n }\n }}\n >\n {row.getVisibleCells().map((cell) => (\n \n {flexRender(cell.column.columnDef.cell, cell.getContext())}\n \n ))}\n \n ))\n ) : (\n }\n description={\n
\n

Messages will appear here when webhook events are triggered.

\n
\n }\n />\n )}\n \n
\n
\n \n 0}\n hasNext={selectedMessageIndex !== null && selectedMessageIndex < table.getRowModel().rows.length - 1}\n />\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/Webhooks/WebhooksMessagesTable/columns.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { TimestampTooltip } from '@/components/TimestampTooltip'\nimport { Badge } from '@/components/ui/badge'\nimport { FacetedFilterOption } from '@/components/ui/data-table-faceted-filter'\nimport { WEBHOOK_EVENTS } from '@/constants/webhook-events'\nimport { getRelativeTimeString } from '@/lib/utils'\nimport { ColumnDef } from '@tanstack/react-table'\nimport { MessageOut } from 'svix'\nimport { CopyButton } from '../../CopyButton'\n\nconst columns: ColumnDef[] = [\n {\n accessorKey: 'id',\n header: 'Message ID',\n size: 300,\n cell: ({ row }) => {\n const msgId = row.original.id\n return (\n
\n \n {msgId ?? '-'}\n \n {msgId && (\n e.stopPropagation()}>\n \n \n )}\n
\n )\n },\n },\n {\n accessorKey: 'eventType',\n header: 'Event Type',\n size: 200,\n filterFn: (row, id, value) => {\n return value.includes(row.getValue(id))\n },\n cell: ({ row }) => {\n const eventType = row.original.eventType\n return (\n \n {eventType}\n \n )\n },\n },\n {\n accessorKey: 'timestamp',\n header: 'Timestamp',\n size: 200,\n cell: ({ row }) => {\n const timestamp = row.original.timestamp\n if (!timestamp) {\n return -\n }\n const relativeTime = getRelativeTimeString(timestamp)\n\n return (\n \n {relativeTime.relativeTimeString}\n \n )\n },\n },\n]\n\nconst eventTypeOptions: FacetedFilterOption[] = WEBHOOK_EVENTS.map((event) => ({\n label: event.label,\n value: event.value,\n}))\n\nexport { columns, eventTypeOptions }\n" }, { "path": "apps/dashboard/src/components/sandboxes/CreateSshAccessDialog.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { useCallback, useEffect, useState } from 'react'\nimport { SshAccessDto } from '@daytonaio/api-client'\nimport { useForm } from '@tanstack/react-form'\nimport { CheckIcon, CopyIcon, InfoIcon } from 'lucide-react'\nimport { AnimatePresence, motion } from 'motion/react'\nimport { NumericFormat } from 'react-number-format'\nimport { z } from 'zod'\nimport { Field, FieldError, FieldLabel } from '@/components/ui/field'\nimport {\n InputGroup,\n InputGroupAddon,\n InputGroupButton,\n InputGroupInput,\n InputGroupText,\n} from '@/components/ui/input-group'\nimport { Spinner } from '@/components/ui/spinner'\nimport { Alert, AlertDescription } from '@/components/ui/alert'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\nimport { Button } from '@/components/ui/button'\nimport { useCreateSshAccessMutation } from '@/hooks/mutations/useCreateSshAccessMutation'\nimport { useCopyToClipboard } from '@/hooks/useCopyToClipboard'\nimport { handleApiError } from '@/lib/error-handling'\n\ninterface CreateSshAccessDialogProps {\n sandboxId: string\n open: boolean\n onOpenChange: (open: boolean) => void\n}\n\nconst MotionCopyIcon = motion(CopyIcon)\nconst MotionCheckIcon = motion(CheckIcon)\n\nconst iconProps = {\n initial: { opacity: 0, y: 5 },\n animate: { opacity: 1, y: 0 },\n exit: { opacity: 0, y: -5 },\n transition: { duration: 0.1 },\n}\n\nconst formSchema = z.object({\n expiryMinutes: z.number().int('Must be a whole number').min(1, 'Minimum 1 minute').max(1440, 'Maximum 1440 minutes'),\n})\n\ntype FormValues = z.infer\n\nconst defaultValues: FormValues = {\n expiryMinutes: 60,\n}\n\nexport function CreateSshAccessDialog({ sandboxId, open, onOpenChange }: CreateSshAccessDialogProps) {\n const [sshAccess, setSshAccess] = useState(null)\n const { reset: resetMutation, ...createMutation } = useCreateSshAccessMutation()\n\n const form = useForm({\n defaultValues,\n validators: {\n onSubmit: formSchema,\n },\n onSubmit: async ({ value }) => {\n try {\n const result = await createMutation.mutateAsync({\n sandboxId,\n expiresInMinutes: value.expiryMinutes,\n })\n setSshAccess(result)\n } catch (error) {\n handleApiError(error, 'Failed to create SSH access')\n }\n },\n })\n\n const resetState = useCallback(() => {\n form.reset(defaultValues)\n resetMutation()\n setSshAccess(null)\n }, [form, resetMutation])\n\n useEffect(() => {\n if (open) {\n resetState()\n }\n }, [open, resetState])\n\n return (\n \n \n \n {sshAccess ? 'SSH Access Created' : 'Create SSH Access'}\n \n {sshAccess ? 'Your SSH access has been created successfully.' : 'Set the expiration time for SSH access.'}\n \n \n {sshAccess ? (\n \n ) : (\n {\n e.preventDefault()\n e.stopPropagation()\n form.handleSubmit()\n }}\n >\n \n {(field) => {\n const isInvalid = field.state.meta.isTouched && !field.state.meta.isValid\n return (\n \n Expiry\n \n field.handleChange(floatValue ?? 0)}\n />\n \n min\n \n \n {field.state.meta.errors.length > 0 && field.state.meta.isTouched && (\n \n )}\n \n )\n }}\n \n \n )}\n \n \n \n \n {!sshAccess && (\n [state.canSubmit, state.isSubmitting]}\n children={([canSubmit, isSubmitting]) => (\n \n )}\n />\n )}\n \n \n \n )\n}\n\nfunction SshAccessCreated({ sshAccess }: { sshAccess: SshAccessDto }) {\n const [copiedCommand, copyCommand] = useCopyToClipboard()\n\n return (\n
\n \n \n Store the token safely — you won't be able to view it again.\n \n \n SSH Command\n \n \n copyCommand(sshAccess.sshCommand)}>\n \n {copiedCommand ? (\n \n ) : (\n \n )}\n \n \n \n \n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/sandboxes/RevokeSshAccessDialog.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { useState } from 'react'\nimport { toast } from 'sonner'\nimport { Field, FieldLabel } from '@/components/ui/field'\nimport { Input } from '@/components/ui/input'\nimport { Spinner } from '@/components/ui/spinner'\nimport {\n Dialog,\n DialogClose,\n DialogContent,\n DialogDescription,\n DialogFooter,\n DialogHeader,\n DialogTitle,\n} from '@/components/ui/dialog'\nimport { Button } from '@/components/ui/button'\nimport { useRevokeSshAccessMutation } from '@/hooks/mutations/useRevokeSshAccessMutation'\nimport { handleApiError } from '@/lib/error-handling'\n\ninterface RevokeSshAccessDialogProps {\n sandboxId: string\n open: boolean\n onOpenChange: (open: boolean) => void\n}\n\nexport function RevokeSshAccessDialog({ sandboxId, open, onOpenChange }: RevokeSshAccessDialogProps) {\n const [token, setToken] = useState('')\n const revokeMutation = useRevokeSshAccessMutation()\n\n const handleOpenChange = (isOpen: boolean) => {\n onOpenChange(isOpen)\n if (!isOpen) {\n setToken('')\n revokeMutation.reset()\n }\n }\n\n const handleRevoke = async () => {\n if (!token.trim()) {\n toast.error('Please enter a token to revoke')\n return\n }\n try {\n await revokeMutation.mutateAsync({ sandboxId, token })\n toast.success('SSH access revoked successfully')\n handleOpenChange(false)\n } catch (error) {\n handleApiError(error, 'Failed to revoke SSH access')\n }\n }\n\n return (\n \n \n \n Revoke SSH Access\n Enter the SSH access token you want to revoke.\n \n \n SSH Token\n setToken(e.target.value)}\n placeholder=\"Paste token here\"\n />\n \n \n \n \n \n \n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/sandboxes/SandboxContentTabs.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { Skeleton } from '@/components/ui/skeleton'\nimport { Spinner } from '@/components/ui/spinner'\nimport { Tabs, TabsContent, TabsList, TabsTrigger } from '@/components/ui/tabs'\nimport { useRegions } from '@/hooks/useRegions'\nimport { Sandbox } from '@daytonaio/api-client'\nimport { SandboxInfoPanel } from './SandboxInfoPanel'\nimport { SandboxLogsTab } from './SandboxLogsTab'\nimport { SandboxMetricsTab } from './SandboxMetricsTab'\nimport { SandboxSpendingTab } from './SandboxSpendingTab'\nimport { SandboxTerminalTab } from './SandboxTerminalTab'\nimport { SandboxTracesTab } from './SandboxTracesTab'\nimport { SandboxVncTab } from './SandboxVncTab'\nimport { TabValue } from './SearchParams'\n\ninterface SandboxContentTabsProps {\n sandbox: Sandbox | undefined\n isLoading: boolean\n experimentsEnabled: boolean | undefined\n tab: TabValue\n onTabChange: (tab: TabValue) => void\n}\n\nexport function SandboxContentTabs({\n sandbox,\n isLoading,\n experimentsEnabled,\n tab,\n onTabChange,\n}: SandboxContentTabsProps) {\n const { getRegionName } = useRegions()\n\n if (isLoading) {\n return (\n
\n
\n \n \n \n \n \n \n
\n
\n \n
\n
\n )\n }\n\n if (!sandbox) return null\n\n return (\n onTabChange(v as TabValue)} className=\"flex flex-col h-full gap-0\">\n \n \n Overview\n \n {experimentsEnabled && (\n <>\n Logs\n Traces\n Metrics\n Spending\n \n )}\n Terminal\n VNC\n \n\n \n \n \n {experimentsEnabled && (\n <>\n \n \n \n \n \n \n \n \n \n \n \n \n \n )}\n \n \n \n \n \n \n \n )\n}\n" }, { "path": "apps/dashboard/src/components/sandboxes/SandboxDetails.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { OrganizationSuspendedError } from '@/api/errors'\nimport { PageHeader, PageLayout, PageTitle } from '@/components/PageLayout'\nimport {\n AlertDialog,\n AlertDialogAction,\n AlertDialogCancel,\n AlertDialogContent,\n AlertDialogDescription,\n AlertDialogFooter,\n AlertDialogHeader,\n AlertDialogTitle,\n} from '@/components/ui/alert-dialog'\nimport { Button } from '@/components/ui/button'\nimport { Empty, EmptyDescription, EmptyHeader, EmptyMedia, EmptyTitle } from '@/components/ui/empty'\nimport { ScrollArea } from '@/components/ui/scroll-area'\nimport { FeatureFlags } from '@/enums/FeatureFlags'\nimport { RoutePath } from '@/enums/RoutePath'\nimport { useArchiveSandboxMutation } from '@/hooks/mutations/useArchiveSandboxMutation'\nimport { useDeleteSandboxMutation } from '@/hooks/mutations/useDeleteSandboxMutation'\nimport { useRecoverSandboxMutation } from '@/hooks/mutations/useRecoverSandboxMutation'\nimport { useStartSandboxMutation } from '@/hooks/mutations/useStartSandboxMutation'\nimport { useStopSandboxMutation } from '@/hooks/mutations/useStopSandboxMutation'\nimport { useSandboxQuery } from '@/hooks/queries/useSandboxQuery'\nimport { useApi } from '@/hooks/useApi'\nimport { useConfig } from '@/hooks/useConfig'\nimport { useMatchMedia } from '@/hooks/useMatchMedia'\nimport { useRegions } from '@/hooks/useRegions'\nimport { useSandboxWsSync } from '@/hooks/useSandboxWsSync'\nimport { useSelectedOrganization } from '@/hooks/useSelectedOrganization'\nimport { handleApiError } from '@/lib/error-handling'\nimport { isStoppable, isTransitioning } from '@/lib/utils/sandbox'\nimport { SandboxSessionProvider } from '@/providers/SandboxSessionProvider'\nimport { OrganizationRolePermissionsEnum, OrganizationUserRoleEnum } from '@daytonaio/api-client'\nimport { isAxiosError } from 'axios'\nimport { Container, GripVertical, RefreshCw } from 'lucide-react'\nimport { useQueryState } from 'nuqs'\nimport { useFeatureFlagEnabled } from 'posthog-js/react'\nimport { useEffect, useState } from 'react'\nimport { Group, Panel, Separator } from 'react-resizable-panels'\nimport { useNavigate, useParams } from 'react-router-dom'\nimport { toast } from 'sonner'\nimport { CreateSshAccessDialog } from './CreateSshAccessDialog'\nimport { RevokeSshAccessDialog } from './RevokeSshAccessDialog'\nimport { SandboxContentTabs } from './SandboxContentTabs'\nimport { SandboxHeader } from './SandboxHeader'\nimport { InfoPanelSkeleton, SandboxInfoPanel } from './SandboxInfoPanel'\nimport { tabParser } from './SearchParams'\n\nexport default function SandboxDetails() {\n const { sandboxId } = useParams<{ sandboxId: string }>()\n const navigate = useNavigate()\n const config = useConfig()\n const { sandboxApi } = useApi()\n const { authenticatedUserOrganizationMember, selectedOrganization, authenticatedUserHasPermission } =\n useSelectedOrganization()\n const { getRegionName } = useRegions()\n\n const experimentsEnabled = useFeatureFlagEnabled(FeatureFlags.ORGANIZATION_EXPERIMENTS)\n\n const [deleteDialogOpen, setDeleteDialogOpen] = useState(false)\n const [createSshDialogOpen, setCreateSshDialogOpen] = useState(false)\n const [revokeSshDialogOpen, setRevokeSshDialogOpen] = useState(false)\n const [tab, setTab] = useQueryState('tab', tabParser)\n const isDesktop = useMatchMedia('(min-width: 1024px)')\n\n // On desktop (lg+), the overview tab is hidden in the sidebar, so switch to a content tab\n useEffect(() => {\n if (isDesktop && tab === 'overview') {\n setTab(experimentsEnabled ? 'logs' : 'terminal')\n }\n }, [isDesktop, tab, setTab, experimentsEnabled])\n\n // When experiments are disabled, coerce experimental tabs back to a supported default\n useEffect(() => {\n if (!experimentsEnabled && (tab === 'logs' || tab === 'traces' || tab === 'metrics' || tab === 'spending')) {\n setTab('terminal')\n }\n }, [experimentsEnabled, tab, setTab])\n\n const { data: sandbox, isLoading, isError, error, refetch, isFetching } = useSandboxQuery(sandboxId ?? '')\n const isNotFound = isError && isAxiosError(error.cause) && error.cause?.status === 404\n\n useSandboxWsSync({ sandboxId })\n\n const startMutation = useStartSandboxMutation()\n const stopMutation = useStopSandboxMutation()\n const archiveMutation = useArchiveSandboxMutation()\n const recoverMutation = useRecoverSandboxMutation()\n const deleteMutation = useDeleteSandboxMutation()\n\n const writePermitted = authenticatedUserHasPermission(OrganizationRolePermissionsEnum.WRITE_SANDBOXES)\n const deletePermitted = authenticatedUserHasPermission(OrganizationRolePermissionsEnum.DELETE_SANDBOXES)\n const transitioning = sandbox ? isTransitioning(sandbox) : false\n const anyMutating =\n startMutation.isPending ||\n stopMutation.isPending ||\n archiveMutation.isPending ||\n recoverMutation.isPending ||\n deleteMutation.isPending\n const actionsDisabled = anyMutating || transitioning\n\n const handleStart = async () => {\n if (!sandbox) return\n try {\n await startMutation.mutateAsync({ sandboxId: sandbox.id })\n toast.success('Sandbox started')\n } catch (error) {\n handleApiError(\n error,\n 'Failed to start sandbox',\n error instanceof OrganizationSuspendedError &&\n config.billingApiUrl &&\n authenticatedUserOrganizationMember?.role === OrganizationUserRoleEnum.OWNER ? (\n \n ) : undefined,\n )\n }\n }\n\n const handleStop = async () => {\n if (!sandbox) return\n try {\n await stopMutation.mutateAsync({ sandboxId: sandbox.id })\n toast.success('Sandbox stopped')\n } catch (error) {\n handleApiError(error, 'Failed to stop sandbox')\n }\n }\n\n const handleArchive = async () => {\n if (!sandbox) return\n try {\n await archiveMutation.mutateAsync({ sandboxId: sandbox.id })\n toast.success('Sandbox archived')\n } catch (error) {\n handleApiError(error, 'Failed to archive sandbox')\n }\n }\n\n const handleRecover = async () => {\n if (!sandbox) return\n try {\n await recoverMutation.mutateAsync({ sandboxId: sandbox.id })\n toast.success('Sandbox recovery started')\n } catch (error) {\n handleApiError(error, 'Failed to recover sandbox')\n }\n }\n\n const handleDelete = async () => {\n if (!sandbox) return\n try {\n await deleteMutation.mutateAsync({ sandboxId: sandbox.id })\n toast.success('Sandbox deleted')\n setDeleteDialogOpen(false)\n navigate(RoutePath.SANDBOXES)\n } catch (error) {\n handleApiError(error, 'Failed to delete sandbox')\n }\n }\n\n const handleScreenRecordings = async () => {\n if (!sandbox || !isStoppable(sandbox)) {\n toast.error('Sandbox must be started to access Screen Recordings')\n return\n }\n try {\n const response = await sandboxApi.getSignedPortPreviewUrl(sandbox.id, 33333, selectedOrganization?.id)\n window.open(response.data.url, '_blank', 'noopener,noreferrer')\n toast.success('Opening Screen Recordings dashboard...')\n } catch (error) {\n handleApiError(error, 'Failed to open Screen Recordings')\n }\n }\n\n return (\n \n \n \n Sandboxes\n \n\n setDeleteDialogOpen(true)}\n onRefresh={() => refetch()}\n onBack={() => navigate(RoutePath.SANDBOXES)}\n onCreateSshAccess={() => setCreateSshDialogOpen(true)}\n onRevokeSshAccess={() => setRevokeSshDialogOpen(true)}\n onScreenRecordings={handleScreenRecordings}\n mutations={{\n start: startMutation.isPending,\n stop: stopMutation.isPending,\n archive: archiveMutation.isPending,\n recover: recoverMutation.isPending,\n }}\n />\n\n {isNotFound ? (\n
\n \n \n \n \n \n Sandbox not found\n Are you sure you're in the right organization?\n \n \n \n
\n ) : (\n \n {isDesktop && (\n <>\n \n
\n Overview\n
\n \n {isLoading ? (\n \n ) : isError || !sandbox ? (\n
\n

Failed to load sandbox details.

\n \n
\n ) : (\n \n )}\n \n \n \n \n )}\n \n \n \n \n )}\n\n \n \n \n Delete Sandbox\n \n Are you sure you want to delete this sandbox? This action cannot be undone.\n \n \n \n Cancel\n \n {deleteMutation.isPending ? 'Deleting...' : 'Delete'}\n \n \n \n \n\n {sandboxId && (\n <>\n \n \n \n )}\n \n \n )\n}\n\nfunction ResizableSeparator() {\n return (\n \n
\n \n
\n \n )\n}\n" }, { "path": "apps/dashboard/src/components/sandboxes/SandboxHeader.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { CopyButton } from '@/components/CopyButton'\nimport { SandboxState } from '@/components/SandboxTable/SandboxState'\nimport { Button } from '@/components/ui/button'\nimport { ButtonGroup } from '@/components/ui/button-group'\nimport {\n DropdownMenu,\n DropdownMenuContent,\n DropdownMenuGroup,\n DropdownMenuItem,\n DropdownMenuSeparator,\n DropdownMenuTrigger,\n} from '@/components/ui/dropdown-menu'\nimport { Skeleton } from '@/components/ui/skeleton'\nimport { Spinner } from '@/components/ui/spinner'\nimport { isArchivable, isRecoverable, isStartable, isStoppable } from '@/lib/utils/sandbox'\nimport { Sandbox } from '@daytonaio/api-client'\nimport { ArrowLeft, MoreHorizontal, Play, RefreshCw, Square, Wrench } from 'lucide-react'\n\ninterface SandboxHeaderProps {\n sandbox: Sandbox | undefined\n isLoading: boolean\n writePermitted: boolean\n deletePermitted: boolean\n actionsDisabled: boolean\n isFetching: boolean\n onStart: () => void\n onStop: () => void\n onArchive: () => void\n onRecover: () => void\n onDelete: () => void\n onRefresh: () => void\n onBack: () => void\n onCreateSshAccess: () => void\n onRevokeSshAccess: () => void\n onScreenRecordings: () => void\n mutations: { start: boolean; stop: boolean; archive: boolean; recover: boolean }\n}\n\nexport function SandboxHeader({\n sandbox,\n isLoading,\n writePermitted,\n deletePermitted,\n actionsDisabled,\n isFetching,\n onStart,\n onStop,\n onArchive,\n onRecover,\n onDelete,\n onRefresh,\n onBack,\n onCreateSshAccess,\n onRevokeSshAccess,\n onScreenRecordings,\n mutations,\n}: SandboxHeaderProps) {\n return (\n
\n
\n \n {isLoading ? (\n \n ) : sandbox ? (\n
\n
\n

{sandbox.name || sandbox.id}

\n \n
\n
\n UUID\n {sandbox.id}\n \n
\n
\n ) : null}\n
\n\n
\n {isLoading ? (\n
\n \n \n \n \n
\n ) : sandbox ? (\n <>\n \n
\n {writePermitted && (\n \n {isStartable(sandbox) && !sandbox.recoverable && (\n \n )}\n {isStoppable(sandbox) && (\n \n )}\n {isRecoverable(sandbox) && (\n \n )}\n \n \n \n \n \n \n \n Create SSH Access\n \n \n Revoke SSH Access\n \n \n \n Screen Recordings\n \n \n {isArchivable(sandbox) && (\n <>\n \n \n \n Archive\n \n \n \n )}\n {deletePermitted && (\n <>\n \n \n \n Delete\n \n \n \n )}\n \n \n \n )}\n \n
\n \n ) : null}\n
\n
\n )\n}\n\nfunction SandboxHeaderSkeleton() {\n return (\n
\n
\n \n
\n
\n \n
\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/sandboxes/SandboxInfoPanel.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { CopyButton } from '@/components/CopyButton'\nimport { ResourceChip } from '@/components/ResourceChip'\nimport { TimestampTooltip } from '@/components/TimestampTooltip'\nimport { Alert, AlertDescription } from '@/components/ui/alert'\nimport { Empty, EmptyDescription, EmptyHeader, EmptyMedia } from '@/components/ui/empty'\nimport { Skeleton } from '@/components/ui/skeleton'\nimport { cn, formatDuration, getRelativeTimeString } from '@/lib/utils'\nimport { Sandbox } from '@daytonaio/api-client'\nimport { AlertCircle, Tag } from 'lucide-react'\nimport React, { useMemo } from 'react'\n\nexport function InfoSection({\n title,\n children,\n className,\n}: {\n title: string\n children: React.ReactNode\n className?: string\n}) {\n return (\n
\n

{title}

\n {children}\n
\n )\n}\n\nexport function InfoRow({\n label,\n children,\n className,\n}: {\n label: string\n children: React.ReactNode\n className?: string\n}) {\n return (\n
\n {label}\n
{children}
\n
\n )\n}\n\ninterface SandboxInfoPanelProps {\n sandbox: Sandbox\n getRegionName: (id: string) => string | undefined\n}\n\nexport function SandboxInfoPanel({ sandbox, getRegionName }: SandboxInfoPanelProps) {\n const labelEntries = useMemo(() => {\n return sandbox.labels ? Object.entries(sandbox.labels) : []\n }, [sandbox.labels])\n\n return (\n
\n {sandbox.errorReason && (\n
\n \n \n {sandbox.errorReason}\n \n
\n )}\n\n \n \n
\n {getRegionName(sandbox.target) ?? sandbox.target}\n \n
\n \n \n {sandbox.snapshot ? (\n
\n {sandbox.snapshot}\n \n
\n ) : (\n \n )}\n \n \n\n \n
\n \n \n \n
\n \n\n \n \n {sandbox.autoStopInterval ? (\n formatDuration(sandbox.autoStopInterval)\n ) : (\n Disabled\n )}\n \n \n {sandbox.autoArchiveInterval ? (\n formatDuration(sandbox.autoArchiveInterval)\n ) : (\n Disabled\n )}\n \n \n {sandbox.autoDeleteInterval !== undefined && sandbox.autoDeleteInterval >= 0 ? (\n sandbox.autoDeleteInterval === 0 ? (\n 'On stop'\n ) : (\n formatDuration(sandbox.autoDeleteInterval)\n )\n ) : (\n Disabled\n )}\n \n \n\n \n {labelEntries.length > 0 ? (\n
\n
\n {labelEntries.map(([key, value]) => (\n \n {key}:\n {value}\n \n ))}\n
\n
\n ) : (\n \n \n \n \n \n No labels\n \n \n )}\n \n\n \n \n \n {getRelativeTimeString(sandbox.createdAt).relativeTimeString}\n \n \n \n \n {getRelativeTimeString(sandbox.updatedAt).relativeTimeString}\n \n \n \n
\n )\n}\n\nexport function InfoPanelSkeleton() {\n return (\n
\n
\n \n
\n
\n \n \n
\n
\n \n \n
\n
\n
\n
\n \n
\n \n \n \n
\n
\n
\n \n
\n
\n \n \n
\n
\n \n \n
\n
\n \n \n
\n
\n
\n
\n \n \n
\n
\n \n
\n
\n \n \n
\n
\n \n \n
\n
\n
\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/sandboxes/SandboxLogsTab.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { CopyButton } from '@/components/CopyButton'\nimport { SeverityBadge } from '@/components/telemetry/SeverityBadge'\nimport { TimeRangeSelector } from '@/components/telemetry/TimeRangeSelector'\nimport { Button } from '@/components/ui/button'\nimport { Empty, EmptyDescription, EmptyHeader, EmptyMedia, EmptyTitle } from '@/components/ui/empty'\nimport { Input } from '@/components/ui/input'\nimport { ScrollArea } from '@/components/ui/scroll-area'\nimport { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '@/components/ui/select'\nimport { Skeleton } from '@/components/ui/skeleton'\nimport { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '@/components/ui/table'\nimport { DAYTONA_DOCS_URL } from '@/constants/ExternalLinks'\nimport { LogsQueryParams, useSandboxLogs } from '@/hooks/useSandboxLogs'\nimport { cn } from '@/lib/utils'\nimport { LogEntry } from '@daytonaio/api-client'\nimport { format, subHours } from 'date-fns'\nimport { ChevronDown, ChevronLeft, ChevronRight, FileText, RefreshCw, Search } from 'lucide-react'\nimport { useQueryStates } from 'nuqs'\nimport React, { useCallback, useMemo, useState } from 'react'\nimport { logsSearchParams, SEVERITY_OPTIONS, timeRangeSearchParams } from './SearchParams'\n\nfunction formatTimestamp(timestamp: string) {\n try {\n return format(new Date(timestamp), 'yyyy-MM-dd HH:mm:ss.SSS')\n } catch {\n return timestamp\n }\n}\n\nconst getLogKey = (log: LogEntry, index: number) => `${log.timestamp}-${index}`\n\nfunction LogsTableSkeleton() {\n return (\n \n \n \n \n Timestamp\n Severity\n Message\n \n \n \n {Array.from({ length: 10 }).map((_, i) => (\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n ))}\n \n
\n )\n}\n\nfunction LogsErrorState({ onRetry }: { onRetry: () => void }) {\n return (\n \n \n Failed to load logs\n Something went wrong while fetching logs.\n \n \n \n )\n}\n\nfunction LogsEmptyState() {\n return (\n \n \n \n \n \n No logs found\n \n Try adjusting your time range or filters.{' '}\n \n Learn more about observability\n \n .\n \n \n \n )\n}\n\nexport function SandboxLogsTab({ sandboxId }: { sandboxId: string }) {\n const [params, setParams] = useQueryStates(logsSearchParams)\n const [timeRange, setTimeRange] = useQueryStates(timeRangeSearchParams)\n const [searchInput, setSearchInput] = useState(params.search)\n const [expandedRow, setExpandedRow] = useState(null)\n const limit = 50\n\n const resolvedFrom = useMemo(() => timeRange.from ?? subHours(new Date(), 1), [timeRange.from])\n const resolvedTo = useMemo(() => timeRange.to ?? new Date(), [timeRange.to])\n\n const queryParams: LogsQueryParams = useMemo(\n () => ({\n from: resolvedFrom,\n to: resolvedTo,\n page: params.logsPage,\n limit,\n severities: params.severity.length > 0 ? [...params.severity] : undefined,\n search: params.search || undefined,\n }),\n [resolvedFrom, resolvedTo, params.logsPage, params.severity, params.search],\n )\n\n const { data, isLoading, isError, refetch } = useSandboxLogs(sandboxId, queryParams)\n\n const handleTimeRangeChange = useCallback(\n (from: Date, to: Date) => {\n setTimeRange({ from, to })\n setParams({ logsPage: 1 })\n },\n [setTimeRange, setParams],\n )\n\n const handleSearch = useCallback(() => {\n setParams({ search: searchInput, logsPage: 1 })\n }, [searchInput, setParams])\n\n const handleSeverityChange = useCallback(\n (value: string) => {\n if (value === 'all' || !value) {\n setParams({ severity: [], logsPage: 1 })\n } else {\n setParams({ severity: [value as (typeof SEVERITY_OPTIONS)[number]], logsPage: 1 })\n }\n },\n [setParams],\n )\n\n return (\n
\n
\n \n\n
\n setSearchInput(e.target.value)}\n onKeyDown={(e) => e.key === 'Enter' && handleSearch()}\n className=\"w-48\"\n />\n \n
\n\n \n\n \n
\n\n {isLoading ? (\n
\n \n
\n ) : isError ? (\n
\n refetch()} />\n
\n ) : !data?.items?.length ? (\n
\n \n
\n ) : (\n div]:!overflow-visible [&_[data-slot=scroll-area-viewport]>div>div]:!overflow-visible\"\n >\n \n \n \n \n Timestamp\n Severity\n Message\n \n \n \n {data.items.map((log: LogEntry, index: number) => (\n \n setExpandedRow(expandedRow === index ? null : index)}\n >\n \n \n \n {formatTimestamp(log.timestamp)}\n \n \n \n {log.body}\n \n {expandedRow === index && (\n \n \n
\n
\n

Full Message

\n 
\n                              {log.body}\n
\n
\n {log.traceId && (\n
\n

Trace ID

\n {log.traceId}\n
\n )}\n {log.spanId && (\n
\n

Span ID

\n {log.spanId}\n
\n )}\n {Object.keys(log.logAttributes || {}).length > 0 && (\n
\n

Attributes

\n
\n \n 
\n                                  {JSON.stringify(log.logAttributes, null, 2)}\n
\n
\n
\n )}\n
\n \n \n )}\n \n ))}\n \n
\n \n )}\n\n {data && data.totalPages > 1 && (\n
\n \n Page {params.logsPage} of {data.totalPages} ({data.total} total)\n \n
\n setParams({ logsPage: params.logsPage - 1 })}\n >\n \n Previous\n \n = data.totalPages}\n onClick={() => setParams({ logsPage: params.logsPage + 1 })}\n >\n Next\n \n \n
\n
\n )}\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/sandboxes/SandboxMetricsTab.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport React, { useState, useCallback, useMemo } from 'react'\nimport { useQueryStates } from 'nuqs'\nimport { useSandboxMetrics, MetricsQueryParams } from '@/hooks/useSandboxMetrics'\nimport { TimeRangeSelector } from '@/components/telemetry/TimeRangeSelector'\nimport { Button } from '@/components/ui/button'\nimport { ChartContainer, ChartTooltip, ChartTooltipContent, ChartConfig } from '@/components/ui/chart'\nimport { ScrollArea } from '@/components/ui/scroll-area'\nimport { Skeleton } from '@/components/ui/skeleton'\nimport { LineChart, Line, XAxis, YAxis, CartesianGrid, Legend } from 'recharts'\nimport { Empty, EmptyDescription, EmptyHeader, EmptyMedia, EmptyTitle } from '@/components/ui/empty'\nimport { DAYTONA_DOCS_URL } from '@/constants/ExternalLinks'\nimport { RefreshCw, BarChart3 } from 'lucide-react'\nimport { ToggleGroup, ToggleGroupItem } from '@/components/ui/toggle-group'\nimport { format, subHours } from 'date-fns'\nimport { MetricSeries } from '@daytonaio/api-client'\nimport { getMetricDisplayName } from '@/constants/metrics'\nimport { timeRangeSearchParams } from './SearchParams'\n\nconst CHART_COLORS = [\n 'hsl(var(--chart-1))',\n 'hsl(var(--chart-2))',\n 'hsl(var(--chart-3))',\n 'hsl(var(--chart-4))',\n 'hsl(var(--chart-5))',\n]\n\nconst BYTES_TO_GIB = 1024 * 1024 * 1024\ntype ViewMode = '%' | 'GiB'\n\nconst METRIC_GROUPS = [\n { key: 'cpu', title: 'CPU', prefix: '.cpu.', hasToggle: false },\n { key: 'memory', title: 'Memory', prefix: '.memory.', hasToggle: true },\n { key: 'filesystem', title: 'Filesystem', prefix: '.filesystem.', hasToggle: true },\n]\n\nfunction isByteMetric(metricName: string): boolean {\n return !metricName.endsWith('.utilization')\n}\n\nfunction buildChartData(series: MetricSeries[], convertToGiB: boolean): Record[] {\n const timestampSet = new Set()\n const indexed = series.map((s) => {\n const byTimestamp = new Map()\n for (const p of s.dataPoints) {\n timestampSet.add(p.timestamp)\n byTimestamp.set(p.timestamp, p.value ?? null)\n }\n return { metricName: s.metricName, byTimestamp, convertMetric: convertToGiB && isByteMetric(s.metricName) }\n })\n const timestamps = Array.from(timestampSet).sort()\n\n return timestamps.map((timestamp) => {\n const point: Record = { timestamp }\n for (const { metricName, byTimestamp, convertMetric } of indexed) {\n const value = byTimestamp.get(timestamp)\n if (value == null) {\n point[metricName] = null\n } else if (convertMetric) {\n point[metricName] = Math.round((value / BYTES_TO_GIB) * 100) / 100\n } else {\n point[metricName] = value\n }\n }\n return point\n })\n}\n\nfunction buildChartConfig(series: MetricSeries[]): ChartConfig {\n const config: ChartConfig = {}\n series.forEach((s, index) => {\n config[s.metricName] = {\n label: getMetricDisplayName(s.metricName),\n color: CHART_COLORS[index % CHART_COLORS.length],\n }\n })\n return config\n}\n\nconst formatXAxis = (timestamp: string) => {\n try {\n return format(new Date(timestamp), 'HH:mm')\n } catch {\n return timestamp\n }\n}\n\nfunction MetricGroupChart({\n title,\n series,\n convertToGiB,\n viewMode,\n onViewModeChange,\n}: {\n title: string\n series: MetricSeries[]\n convertToGiB: boolean\n viewMode?: ViewMode\n onViewModeChange?: (mode: ViewMode) => void\n}) {\n const chartData = React.useMemo(() => buildChartData(series, convertToGiB), [series, convertToGiB])\n const chartConfig = React.useMemo(() => buildChartConfig(series), [series])\n const displayTitle = viewMode ? `${title} (${viewMode})` : title\n\n return (\n
\n
\n

{displayTitle}

\n {viewMode && onViewModeChange && (\n {\n if (value) onViewModeChange(value as ViewMode)\n }}\n variant=\"outline\"\n size=\"sm\"\n >\n \n %\n \n \n GiB\n \n \n )}\n
\n
\n \n \n \n \n value.toFixed(2) : undefined}\n domain={viewMode === '%' ? [0, 100] : undefined}\n />\n {\n try {\n return format(new Date(label as string), 'yyyy-MM-dd HH:mm:ss')\n } catch {\n return String(label)\n }\n }}\n />\n }\n />\n \n {series.map((s, index) => {\n const isLimit = s.metricName.endsWith('.limit') || s.metricName.endsWith('.total')\n return (\n \n )\n })}\n \n \n
\n
\n )\n}\n\nfunction MetricsChartsSkeleton() {\n return (\n
\n {['CPU', 'Memory', 'Filesystem'].map((title) => (\n
\n
\n \n
\n \n
\n ))}\n
\n )\n}\n\nfunction MetricsErrorState({ onRetry }: { onRetry: () => void }) {\n return (\n \n \n Failed to load metrics\n Something went wrong while fetching metrics.\n \n \n \n )\n}\n\nfunction MetricsEmptyState() {\n return (\n \n \n \n \n \n No metrics available\n \n Metrics may take a moment to appear after the sandbox starts.{' '}\n \n Learn more about observability\n \n .\n \n \n \n )\n}\n\nexport function SandboxMetricsTab({ sandboxId }: { sandboxId: string }) {\n const [timeRange, setTimeRange] = useQueryStates(timeRangeSearchParams)\n const [viewModes, setViewModes] = useState>({ memory: '%', filesystem: '%' })\n\n const resolvedFrom = useMemo(() => timeRange.from ?? subHours(new Date(), 1), [timeRange.from])\n const resolvedTo = useMemo(() => timeRange.to ?? new Date(), [timeRange.to])\n\n const queryParams: MetricsQueryParams = { from: resolvedFrom, to: resolvedTo }\n const { data, isLoading, isError, refetch } = useSandboxMetrics(sandboxId, queryParams)\n\n const handleTimeRangeChange = useCallback(\n (from: Date, to: Date) => {\n setTimeRange({ from, to })\n },\n [setTimeRange],\n )\n\n const handleViewModeChange = useCallback((groupKey: string, mode: ViewMode) => {\n setViewModes((prev) => ({ ...prev, [groupKey]: mode }))\n }, [])\n\n const groupedSeries = React.useMemo(() => {\n if (!data?.series?.length) return []\n\n return METRIC_GROUPS.map((group) => {\n const allSeries = data.series.filter((s) => s.metricName.includes(group.prefix))\n const mode = group.hasToggle ? viewModes[group.key] : undefined\n\n let filteredSeries = allSeries.filter((s) => s.metricName !== 'system.memory.utilization')\n if (mode === '%') {\n filteredSeries = filteredSeries.filter((s) => s.metricName.endsWith('.utilization'))\n } else if (mode === 'GiB') {\n filteredSeries = filteredSeries.filter((s) => !s.metricName.endsWith('.utilization'))\n }\n\n return {\n key: group.key,\n title: group.title,\n series: filteredSeries,\n convertToGiB: mode === 'GiB',\n hasToggle: group.hasToggle,\n viewMode: mode,\n }\n }).filter((group) => group.series.length > 0)\n }, [data, viewModes])\n\n return (\n
\n
\n \n \n
\n\n {isLoading ? (\n
\n \n
\n ) : isError ? (\n
\n refetch()} />\n
\n ) : !data?.series?.length ? (\n
\n \n
\n ) : (\n \n
\n {groupedSeries.map((group) => (\n handleViewModeChange(group.key, mode) : undefined}\n />\n ))}\n
\n \n )}\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/sandboxes/SandboxSpendingTab.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { TimeRangeSelector } from '@/components/telemetry/TimeRangeSelector'\nimport { Button } from '@/components/ui/button'\nimport { Empty, EmptyDescription, EmptyHeader, EmptyMedia, EmptyTitle } from '@/components/ui/empty'\nimport { ScrollArea } from '@/components/ui/scroll-area'\nimport { Skeleton } from '@/components/ui/skeleton'\nimport { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '@/components/ui/table'\nimport { AnalyticsUsageParams, useSandboxUsagePeriods } from '@/hooks/queries/useAnalyticsUsage'\nimport { formatMoney } from '@/lib/utils'\nimport { format, subHours } from 'date-fns'\nimport { DollarSign, RefreshCw } from 'lucide-react'\nimport { useQueryStates } from 'nuqs'\nimport { useCallback, useMemo } from 'react'\nimport { timeRangeSearchParams } from './SearchParams'\n\nfunction formatTimestamp(timestamp: string) {\n try {\n return format(new Date(timestamp), 'yyyy-MM-dd HH:mm:ss')\n } catch {\n return timestamp\n }\n}\n\nfunction SpendingTableSkeleton() {\n return (\n \n \n \n Start\n End\n CPU\n RAM (GB)\n Disk (GB)\n Price\n \n \n \n {Array.from({ length: 8 }).map((_, i) => (\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n ))}\n \n
\n )\n}\n\nfunction SpendingErrorState({ onRetry }: { onRetry: () => void }) {\n return (\n \n \n Failed to load spending\n Something went wrong while fetching usage periods.\n \n \n \n )\n}\n\nfunction SpendingEmptyState() {\n return (\n \n \n \n \n \n No usage periods found\n Try adjusting your time range.\n \n \n )\n}\n\nexport function SandboxSpendingTab({ sandboxId }: { sandboxId: string }) {\n const [timeRange, setTimeRange] = useQueryStates(timeRangeSearchParams)\n\n const resolvedFrom = useMemo(() => timeRange.from ?? subHours(new Date(), 24), [timeRange.from])\n const resolvedTo = useMemo(() => timeRange.to ?? new Date(), [timeRange.to])\n\n const queryParams: AnalyticsUsageParams = { from: resolvedFrom, to: resolvedTo }\n const { data, isLoading, isError, refetch } = useSandboxUsagePeriods(sandboxId, queryParams)\n\n const handleTimeRangeChange = useCallback(\n (from: Date, to: Date) => {\n setTimeRange({ from, to })\n },\n [setTimeRange],\n )\n\n return (\n
\n
\n \n \n
\n\n {isLoading ? (\n
\n \n
\n ) : isError ? (\n
\n refetch()} />\n
\n ) : !data?.length ? (\n
\n \n
\n ) : (\n div]:!overflow-visible [&_[data-slot=scroll-area-viewport]>div>div]:!overflow-visible\"\n >\n \n \n \n Start\n End\n CPU\n RAM (GB)\n Disk (GB)\n Price\n \n \n \n {data.map((period) => {\n const rowKey = `${period.startAt ?? 'unknown-start'}-${period.endAt ?? 'unknown-end'}`\n return (\n \n \n {period.startAt ? formatTimestamp(period.startAt) : '-'}\n \n \n {period.endAt ? formatTimestamp(period.endAt) : '-'}\n \n {period.cpu ?? 0}\n {period.ramGB ?? 0}\n {period.diskGB ?? 0}\n \n {formatMoney(period.price ?? 0, {\n maximumFractionDigits: 8,\n })}\n \n \n )\n })}\n \n
\n \n )}\n
\n )\n}\n" }, { "path": "apps/dashboard/src/components/sandboxes/SandboxTerminalTab.tsx", "content": "/*\n * Copyright Daytona Platforms Inc.\n * SPDX-License-Identifier: AGPL-3.0\n */\n\nimport { useEffect, useState } from 'react'\nimport { Button } from '@/components/ui/button'\nimport { Empty, EmptyDescription, EmptyHeader, EmptyMedia, EmptyTitle } from '@/components/ui/empty'\nimport { DAYTONA_DOCS_URL } from '@/constants/ExternalLinks'\nimport { useTerminalSessionQuery } from '@/hooks/queries/useTerminalSessionQuery'\nimport { useSandboxSessionContext } from '@/hooks/useSandboxSessionContext'\nimport { isStoppable } from '@/lib/utils/sandbox'\nimport { Sandbox } from '@daytonaio/api-client'\nimport { Spinner } from '@/components/ui/spinner'\nimport { Play, RefreshCw, TerminalSquare } from 'lucide-react'\n\nexport function SandboxTerminalTab({ sandbox }: { sandbox: Sandbox }) {\n const running = isStoppable(sandbox)\n const { isTerminalActivated, activateTerminal } = useSandboxSessionContext()\n\n const [activated, setActivated] = useState(() => isTerminalActivated(sandbox.id))\n\n const {\n data: session,\n isLoading,\n isError,\n isFetching,\n existingSession,\n reset,\n } = useTerminalSessionQuery(sandbox.id, running && activated)\n\n // Auto-reconnect: if activated and session is expired, refetch\n useEffect(() => {\n if (!activated || !existingSession) return\n if (existingSession.expiresAt <= Date.now()) {\n reset()\n }\n }, [activated, existingSession, reset])\n\n const handleConnect = () => {\n activateTerminal(sandbox.id)\n setActivated(true)\n }\n\n if (!running) {\n return (\n
\n
\n \n \n \n \n \n Sandbox is not running\n \n Start the sandbox to access the terminal.{' '}\n \n Learn more\n \n .\n \n \n \n
\n
\n )\n }\n\n // Not yet activated — show connect button\n if (!activated) {\n return (\n
\n
\n \n \n \n \n \n Terminal\n \n Connect to an interactive terminal session in your sandbox.{' '}\n \n Learn more\n \n .\n \n \n \n \n
\n
\n )\n }\n\n // Loading / fetching\n if (isLoading || isFetching) {\n return (\n
\n
\n \n Connecting...\n
\n
\n )\n }\n\n // Error\n if (isError || !session) {\n return (\n
\n
\n \n \n Failed to connect\n Something went wrong while connecting to the terminal.\n \n \n \n
\n
\n )\n }\n\n // Active session\n return (\n
\n
\n