From 45e40d6e4a0533f9ebd7b8cd3a3484894487b6ff Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 4 Jun 2026 20:41:17 +0000 Subject: [PATCH] docs: update openapi-public.yml from source specs 2026-06-04 --- openapi-public.yml | 1335 +++++++++++++++++++++++++------------------- 1 file changed, 760 insertions(+), 575 deletions(-) diff --git a/openapi-public.yml b/openapi-public.yml index a0213bc9..2ec53b13 100644 --- a/openapi-public.yml +++ b/openapi-public.yml @@ -16,6 +16,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - name: metadata in: query @@ -32,8 +34,7 @@ paths: schema: type: array items: - allOf: - - $ref: '#/components/schemas/ListedSandbox' + $ref: '#/components/schemas/ListedSandbox' '401': $ref: '#/components/responses/401' '400': @@ -48,6 +49,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] requestBody: required: true content: @@ -78,6 +81,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - name: metadata in: query @@ -106,8 +111,7 @@ paths: schema: type: array items: - allOf: - - $ref: '#/components/schemas/ListedSandbox' + $ref: '#/components/schemas/ListedSandbox' '401': $ref: '#/components/responses/401' '400': @@ -125,6 +129,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - name: sandbox_ids in: query @@ -162,6 +168,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/sandboxID' - in: query @@ -203,6 +211,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/sandboxID' - in: query @@ -261,6 +271,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/sandboxID' responses: @@ -284,6 +296,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/sandboxID' responses: @@ -306,6 +320,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/sandboxID' - in: query @@ -352,6 +368,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/sandboxID' responses: @@ -377,6 +395,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/sandboxID' requestBody: @@ -412,6 +432,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/sandboxID' requestBody: @@ -453,22 +475,15 @@ paths: the timeout duration. security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] tags: - Sandboxes requestBody: content: application/json: schema: - type: object - required: - - timeout - properties: - timeout: - description: Timeout in seconds from the current time after which - the sandbox should expire - type: integer - format: int32 - minimum: 0 + $ref: '#/components/schemas/SandboxTimeoutRequest' parameters: - $ref: '#/components/parameters/sandboxID' responses: @@ -487,10 +502,12 @@ paths: /sandboxes/{sandboxID}/network: put: description: Update the network configuration for a running sandbox. Replaces - the current egress rules with the provided configuration. Omitting both fields - clears all egress rules. + the current egress rules with the provided configuration. Omitting field clears + it. security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] tags: - Sandboxes requestBody: @@ -498,22 +515,7 @@ paths: content: application/json: schema: - type: object - properties: - allowOut: - type: array - description: List of allowed destinations for egress traffic. Each - entry can be a CIDR block (e.g. "8.8.8.8/32"), a bare IP address - (e.g. "8.8.8.8"), or a domain name (e.g. "example.com", "*.example.com"). - Allowed entries always take precedence over denied entries. - items: - type: string - denyOut: - type: array - description: List of denied CIDR blocks or IP addresses for egress - traffic. Domain names are not supported for deny rules. - items: - type: string + $ref: '#/components/schemas/SandboxNetworkUpdateConfig' parameters: - $ref: '#/components/parameters/sandboxID' responses: @@ -535,20 +537,15 @@ paths: description: Refresh the sandbox extending its time to live security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] tags: - Sandboxes requestBody: content: application/json: schema: - type: object - properties: - duration: - description: Duration for which the sandbox should be kept alive - in seconds - type: integer - maximum: 3600 - minimum: 0 + $ref: '#/components/schemas/SandboxRefreshRequest' parameters: - $ref: '#/components/parameters/sandboxID' responses: @@ -573,6 +570,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/sandboxID' requestBody: @@ -580,13 +579,7 @@ paths: content: application/json: schema: - type: object - properties: - name: - type: string - description: Optional name for the snapshot template. If a snapshot - template with this name already exists, a new build will be assigned - to the existing template instead of creating a new one. + $ref: '#/components/schemas/SandboxSnapshotRequest' responses: '201': description: Snapshot created successfully @@ -612,6 +605,8 @@ paths: - Sandboxes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - name: sandboxID in: query @@ -644,6 +639,8 @@ paths: - Templates security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] requestBody: required: true content: @@ -661,6 +658,8 @@ paths: $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' + '403': + $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' operationId: postTemplatesV3 @@ -675,6 +674,8 @@ paths: - Templates security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] requestBody: required: true content: @@ -706,6 +707,8 @@ paths: security: - AccessTokenAuth: [] - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/templateID' - in: path @@ -741,6 +744,8 @@ paths: security: - ApiKeyAuth: [] - AccessTokenAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - in: query required: false @@ -756,8 +761,7 @@ paths: schema: type: array items: - allOf: - - $ref: '#/components/schemas/Template' + $ref: '#/components/schemas/Template' '401': $ref: '#/components/responses/401' '500': @@ -771,6 +775,8 @@ paths: - Templates security: - AccessTokenAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] requestBody: required: true content: @@ -801,6 +807,8 @@ paths: - Templates security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/templateID' - $ref: '#/components/parameters/paginationNextToken' @@ -825,6 +833,8 @@ paths: - Templates security: - AccessTokenAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/templateID' requestBody: @@ -853,6 +863,8 @@ paths: security: - ApiKeyAuth: [] - AccessTokenAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/templateID' responses: @@ -872,6 +884,8 @@ paths: security: - ApiKeyAuth: [] - AccessTokenAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/templateID' requestBody: @@ -905,6 +919,8 @@ paths: - Templates security: - AccessTokenAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/templateID' - $ref: '#/components/parameters/buildID' @@ -931,6 +947,8 @@ paths: - Templates security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/templateID' - $ref: '#/components/parameters/buildID' @@ -960,6 +978,8 @@ paths: security: - ApiKeyAuth: [] - AccessTokenAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/templateID' requestBody: @@ -993,6 +1013,8 @@ paths: security: - AccessTokenAuth: [] - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/templateID' - $ref: '#/components/parameters/buildID' @@ -1043,6 +1065,8 @@ paths: security: - AccessTokenAuth: [] - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/templateID' - $ref: '#/components/parameters/buildID' @@ -1099,6 +1123,8 @@ paths: - Templates security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - name: alias in: path @@ -1132,6 +1158,8 @@ paths: - Tags security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] requestBody: required: true content: @@ -1161,6 +1189,8 @@ paths: - Tags security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] requestBody: required: true content: @@ -1189,6 +1219,8 @@ paths: - Tags security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/templateID' responses: @@ -1219,6 +1251,8 @@ paths: - Volumes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] responses: '200': description: Successfully listed all team volumes @@ -1239,6 +1273,8 @@ paths: - Volumes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] requestBody: required: true content: @@ -1268,6 +1304,8 @@ paths: - Volumes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/volumeID' responses: @@ -1290,6 +1328,8 @@ paths: - Volumes security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/volumeID' responses: @@ -1364,6 +1404,45 @@ paths: - Envd servers: - *id004 + /freeze: + post: + summary: Freeze user/pty/socat cgroups before pause. Written directly by envd + to avoid Process.Start / shell overhead under load. + security: + - *id005 + responses: + '204': + description: Cgroups frozen + '500': + $ref: '#/components/responses/InternalServerError' + '503': + description: Freeze lock is held by another operation + '502': *id003 + operationId: postFreeze + tags: + - Envd + servers: + - *id004 + /unfreeze: + post: + summary: Unfreeze user/pty/socat cgroups. Intended ONLY for the orchestrator's + pause-failure rollback path; the normal resume thaw happens via /init's deferred + unfreeze, not here. + security: + - *id005 + responses: + '204': + description: Cgroups unfrozen + '500': + $ref: '#/components/responses/InternalServerError' + '503': + description: Freeze lock is held by another operation + '502': *id003 + operationId: postUnfreeze + tags: + - Envd + servers: + - *id004 /envs: get: summary: Get the environment variables @@ -2136,6 +2215,7 @@ paths: - Teams security: - AccessTokenAuth: [] + - AuthProviderBearerAuth: [] responses: '200': description: Successfully returned all teams @@ -2144,8 +2224,7 @@ paths: schema: type: array items: - allOf: - - $ref: '#/components/schemas/Team' + $ref: '#/components/schemas/Team' '401': $ref: '#/components/responses/401' '500': @@ -2161,6 +2240,8 @@ paths: - Teams security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/teamID' - in: query @@ -2207,6 +2288,8 @@ paths: - Teams security: - ApiKeyAuth: [] + - AuthProviderBearerAuth: [] + AuthProviderTeamAuth: [] parameters: - $ref: '#/components/parameters/teamID' - in: query @@ -2262,6 +2345,14 @@ components: type: apiKey in: header name: X-API-Key + AuthProviderBearerAuth: + type: http + scheme: bearer + bearerFormat: access_token + AuthProviderTeamAuth: + type: apiKey + in: header + name: X-Team-ID SandboxAccessTokenAuth: type: apiKey in: header @@ -2624,687 +2715,687 @@ components: type: number title: Connect-Timeout-Ms description: Define the timeout, in ms - filesystem.CreateWatcherRequest: + process.CloseStdinRequest: type: object properties: - path: - type: string - title: path - recursive: - type: boolean - title: recursive - title: CreateWatcherRequest + process: + title: process + $ref: '#/components/schemas/process.ProcessSelector' + title: CloseStdinRequest additionalProperties: false - filesystem.CreateWatcherResponse: + process.CloseStdinResponse: type: object - properties: - watcherId: - type: string - title: watcher_id - title: CreateWatcherResponse + title: CloseStdinResponse additionalProperties: false - filesystem.EntryInfo: + process.ConnectRequest: type: object properties: - name: - type: string - title: name - type: - title: type - $ref: '#/components/schemas/filesystem.FileType' - path: - type: string - title: path - size: - type: - - integer - - string - title: size - format: int64 - description: File size in bytes. Encoded as string for values exceeding - JSON number precision (int64). - mode: - type: integer - title: mode - permissions: - type: string - title: permissions - owner: - type: string - title: owner - group: - type: string - title: group - modifiedTime: - title: modified_time - $ref: '#/components/schemas/google.protobuf.Timestamp' - symlinkTarget: - type: - - string - - 'null' - title: symlink_target - description: If the entry is a symlink, this field contains the target of - the symlink. - title: EntryInfo + process: + title: process + $ref: '#/components/schemas/process.ProcessSelector' + title: ConnectRequest additionalProperties: false - filesystem.EventType: - type: string - title: EventType - enum: - - EVENT_TYPE_UNSPECIFIED - - EVENT_TYPE_CREATE - - EVENT_TYPE_WRITE - - EVENT_TYPE_REMOVE - - EVENT_TYPE_RENAME - - EVENT_TYPE_CHMOD - filesystem.FileType: - type: string - title: FileType - enum: - - FILE_TYPE_UNSPECIFIED - - FILE_TYPE_FILE - - FILE_TYPE_DIRECTORY - - FILE_TYPE_SYMLINK - filesystem.FilesystemEvent: + process.ConnectResponse: type: object properties: - name: - type: string - title: name - type: - title: type - $ref: '#/components/schemas/filesystem.EventType' - title: FilesystemEvent + event: + title: event + $ref: '#/components/schemas/process.ProcessEvent' + title: ConnectResponse additionalProperties: false - filesystem.GetWatcherEventsRequest: + process.ListRequest: type: object - properties: - watcherId: - type: string - title: watcher_id - title: GetWatcherEventsRequest + title: ListRequest additionalProperties: false - filesystem.GetWatcherEventsResponse: + process.ListResponse: type: object properties: - events: + processes: type: array items: - $ref: '#/components/schemas/filesystem.FilesystemEvent' - title: events - title: GetWatcherEventsResponse + $ref: '#/components/schemas/process.ProcessInfo' + title: processes + title: ListResponse additionalProperties: false - filesystem.ListDirRequest: + process.PTY: type: object properties: - path: - type: string - title: path - depth: - type: integer - title: depth - title: ListDirRequest + size: + title: size + $ref: '#/components/schemas/process.PTY.Size' + title: PTY additionalProperties: false - filesystem.ListDirResponse: + process.PTY.Size: type: object properties: - entries: - type: array - items: - $ref: '#/components/schemas/filesystem.EntryInfo' - title: entries - title: ListDirResponse + cols: + type: integer + title: cols + rows: + type: integer + title: rows + title: Size additionalProperties: false - filesystem.MakeDirRequest: + process.ProcessConfig: type: object properties: - path: + cmd: type: string - title: path - title: MakeDirRequest - additionalProperties: false - filesystem.MakeDirResponse: - type: object - properties: - entry: - title: entry - $ref: '#/components/schemas/filesystem.EntryInfo' - title: MakeDirResponse + title: cmd + args: + type: array + items: + type: string + title: args + envs: + type: object + title: envs + additionalProperties: + type: string + title: value + cwd: + type: + - string + - 'null' + title: cwd + title: ProcessConfig additionalProperties: false - filesystem.MoveRequest: + process.ProcessEvent: type: object - properties: - source: - type: string - title: source - destination: - type: string - title: destination - title: MoveRequest + oneOf: + - properties: + data: + title: data + $ref: '#/components/schemas/process.ProcessEvent.DataEvent' + title: data + required: + - data + - properties: + end: + title: end + $ref: '#/components/schemas/process.ProcessEvent.EndEvent' + title: end + required: + - end + - properties: + keepalive: + title: keepalive + $ref: '#/components/schemas/process.ProcessEvent.KeepAlive' + title: keepalive + required: + - keepalive + - properties: + start: + title: start + $ref: '#/components/schemas/process.ProcessEvent.StartEvent' + title: start + required: + - start + title: ProcessEvent additionalProperties: false - filesystem.MoveResponse: + process.ProcessEvent.DataEvent: type: object - properties: - entry: - title: entry - $ref: '#/components/schemas/filesystem.EntryInfo' - title: MoveResponse - additionalProperties: false - filesystem.RemoveRequest: + oneOf: + - properties: + pty: + type: string + title: pty + format: byte + title: pty + required: + - pty + - properties: + stderr: + type: string + title: stderr + format: byte + title: stderr + required: + - stderr + - properties: + stdout: + type: string + title: stdout + format: byte + title: stdout + required: + - stdout + title: DataEvent + additionalProperties: false + process.ProcessEvent.EndEvent: type: object properties: - path: + exitCode: + type: integer + title: exit_code + format: int32 + deprecated: true + description: 'Deprecated: not populated by the server. Parse the exit code + from the `status` string (e.g. "exit status 0").' + exited: + type: boolean + title: exited + status: type: string - title: path - title: RemoveRequest + title: status + description: Process exit status string (e.g. "exit status 0"). Parse the + integer exit code from this field. + error: + type: + - string + - 'null' + title: error + title: EndEvent additionalProperties: false - filesystem.RemoveResponse: + process.ProcessEvent.KeepAlive: type: object - title: RemoveResponse + title: KeepAlive additionalProperties: false - filesystem.RemoveWatcherRequest: + process.ProcessEvent.StartEvent: type: object properties: - watcherId: - type: string - title: watcher_id - title: RemoveWatcherRequest + pid: + type: integer + title: pid + title: StartEvent additionalProperties: false - filesystem.RemoveWatcherResponse: + process.ProcessInfo: type: object - title: RemoveWatcherResponse + properties: + config: + title: config + $ref: '#/components/schemas/process.ProcessConfig' + pid: + type: integer + title: pid + tag: + type: + - string + - 'null' + title: tag + title: ProcessInfo additionalProperties: false - filesystem.StatRequest: + process.ProcessInput: + type: object + oneOf: + - properties: + pty: + type: string + title: pty + format: byte + title: pty + required: + - pty + - properties: + stdin: + type: string + title: stdin + format: byte + title: stdin + required: + - stdin + title: ProcessInput + additionalProperties: false + process.ProcessSelector: + type: object + oneOf: + - properties: + pid: + type: integer + title: pid + title: pid + required: + - pid + - properties: + tag: + type: string + title: tag + title: tag + required: + - tag + title: ProcessSelector + additionalProperties: false + process.SendInputRequest: type: object properties: - path: - type: string - title: path - title: StatRequest + process: + title: process + $ref: '#/components/schemas/process.ProcessSelector' + input: + title: input + $ref: '#/components/schemas/process.ProcessInput' + title: SendInputRequest additionalProperties: false - filesystem.StatResponse: + process.SendInputResponse: + type: object + title: SendInputResponse + additionalProperties: false + process.SendSignalRequest: type: object properties: - entry: - title: entry - $ref: '#/components/schemas/filesystem.EntryInfo' - title: StatResponse + process: + title: process + $ref: '#/components/schemas/process.ProcessSelector' + signal: + title: signal + $ref: '#/components/schemas/process.Signal' + title: SendSignalRequest additionalProperties: false - filesystem.WatchDirRequest: + process.SendSignalResponse: + type: object + title: SendSignalResponse + additionalProperties: false + process.Signal: + type: string + title: Signal + enum: + - SIGNAL_UNSPECIFIED + - SIGNAL_SIGTERM + - SIGNAL_SIGKILL + process.StartRequest: type: object properties: - path: - type: string - title: path - recursive: - type: boolean - title: recursive - title: WatchDirRequest + process: + title: process + $ref: '#/components/schemas/process.ProcessConfig' + pty: + oneOf: + - $ref: '#/components/schemas/process.PTY' + - type: 'null' + title: pty + tag: + type: + - string + - 'null' + title: tag + stdin: + type: + - boolean + - 'null' + title: stdin + description: "This is optional for backwards compatibility.\n We default\ + \ to true. New SDK versions will set this to false by default." + title: StartRequest additionalProperties: false - filesystem.WatchDirResponse: + process.StartResponse: + type: object + properties: + event: + title: event + $ref: '#/components/schemas/process.ProcessEvent' + title: StartResponse + additionalProperties: false + process.StreamInputRequest: type: object oneOf: - properties: - filesystem: - title: filesystem - $ref: '#/components/schemas/filesystem.FilesystemEvent' - title: filesystem + data: + title: data + $ref: '#/components/schemas/process.StreamInputRequest.DataEvent' + title: data required: - - filesystem + - data - properties: keepalive: title: keepalive - $ref: '#/components/schemas/filesystem.WatchDirResponse.KeepAlive' + $ref: '#/components/schemas/process.StreamInputRequest.KeepAlive' title: keepalive required: - keepalive - properties: start: title: start - $ref: '#/components/schemas/filesystem.WatchDirResponse.StartEvent' + $ref: '#/components/schemas/process.StreamInputRequest.StartEvent' title: start required: - start - title: WatchDirResponse + title: StreamInputRequest additionalProperties: false - filesystem.WatchDirResponse.KeepAlive: + process.StreamInputRequest.DataEvent: + type: object + properties: + input: + title: input + $ref: '#/components/schemas/process.ProcessInput' + title: DataEvent + additionalProperties: false + process.StreamInputRequest.KeepAlive: type: object title: KeepAlive additionalProperties: false - filesystem.WatchDirResponse.StartEvent: + process.StreamInputRequest.StartEvent: type: object + properties: + process: + title: process + $ref: '#/components/schemas/process.ProcessSelector' title: StartEvent additionalProperties: false - google.protobuf.Timestamp: - type: string - examples: - - '2023-01-15T01:30:15.01Z' - - '2024-12-25T12:00:00Z' - format: date-time - description: "A Timestamp represents a point in time independent of any time\ - \ zone or local\n calendar, encoded as a count of seconds and fractions of\ - \ seconds at\n nanosecond resolution. The count is relative to an epoch at\ - \ UTC midnight on\n January 1, 1970, in the proleptic Gregorian calendar which\ - \ extends the\n Gregorian calendar backwards to year one.\n\n All minutes\ - \ are 60 seconds long. Leap seconds are \"smeared\" so that no leap\n second\ - \ table is needed for interpretation, using a [24-hour linear\n smear](https://developers.google.com/time/smear).\n\ - \n The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z.\ - \ By\n restricting to that range, we ensure that we can convert to and from\ - \ [RFC\n 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings.\n\n # Examples\n\ - \n Example 1: Compute Timestamp from POSIX `time()`.\n\n Timestamp timestamp;\n\ - \ timestamp.set_seconds(time(NULL));\n timestamp.set_nanos(0);\n\n\ - \ Example 2: Compute Timestamp from POSIX `gettimeofday()`.\n\n struct\ - \ timeval tv;\n gettimeofday(&tv, NULL);\n\n Timestamp timestamp;\n\ - \ timestamp.set_seconds(tv.tv_sec);\n timestamp.set_nanos(tv.tv_usec\ - \ * 1000);\n\n Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`.\n\ - \n FILETIME ft;\n GetSystemTimeAsFileTime(&ft);\n UINT64 ticks\ - \ = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;\n\n // A Windows\ - \ tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z\n // is\ - \ 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.\n Timestamp\ - \ timestamp;\n timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));\n\ - \ timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));\n\n Example\ - \ 4: Compute Timestamp from Java `System.currentTimeMillis()`.\n\n long\ - \ millis = System.currentTimeMillis();\n\n Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis\ - \ / 1000)\n .setNanos((int) ((millis % 1000) * 1000000)).build();\n\ - \n Example 5: Compute Timestamp from Java `Instant.now()`.\n\n Instant\ - \ now = Instant.now();\n\n Timestamp timestamp =\n Timestamp.newBuilder().setSeconds(now.getEpochSecond())\n\ - \ .setNanos(now.getNano()).build();\n\n Example 6: Compute Timestamp\ - \ from current time in Python.\n\n timestamp = Timestamp()\n timestamp.GetCurrentTime()\n\ - \n # JSON Mapping\n\n In JSON format, the Timestamp type is encoded as a string\ - \ in the\n [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is,\ - \ the\n format is \"{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z\"\ - \n where {year} is always expressed using four digits while {month}, {day},\n\ - \ {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional\n\ - \ seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),\n\ - \ are optional. The \"Z\" suffix indicates the timezone (\"UTC\"); the timezone\n\ - \ is required. A proto3 JSON serializer should always use UTC (as indicated\ - \ by\n \"Z\") when printing the Timestamp type and a proto3 JSON parser should\ - \ be\n able to accept both UTC and other timezones (as indicated by an offset).\n\ - \n For example, \"2017-01-15T01:30:15.01Z\" encodes 15.01 seconds past\n 01:30\ - \ UTC on January 15, 2017.\n\n In JavaScript, one can convert a Date object\ - \ to this format using the\n standard\n [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)\n\ - \ method. In Python, a standard `datetime.datetime` object can be converted\n\ - \ to this format using\n [`strftime`](https://docs.python.org/2/library/time.html#time.strftime)\ - \ with\n the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java,\ - \ one can use\n the Joda Time's [`ISODateTimeFormat.dateTime()`](\n http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()\n\ - \ ) to obtain a formatter capable of generating timestamps in this format." - process.CloseStdinRequest: - type: object - properties: - process: - title: process - $ref: '#/components/schemas/process.ProcessSelector' - title: CloseStdinRequest - additionalProperties: false - process.CloseStdinResponse: + process.StreamInputResponse: type: object - title: CloseStdinResponse + title: StreamInputResponse additionalProperties: false - process.ConnectRequest: + process.UpdateRequest: type: object properties: process: title: process $ref: '#/components/schemas/process.ProcessSelector' - title: ConnectRequest + pty: + oneOf: + - $ref: '#/components/schemas/process.PTY' + - type: 'null' + title: pty + title: UpdateRequest additionalProperties: false - process.ConnectResponse: + process.UpdateResponse: type: object - properties: - event: - title: event - $ref: '#/components/schemas/process.ProcessEvent' - title: ConnectResponse + title: UpdateResponse additionalProperties: false - process.ListRequest: + filesystem.CreateWatcherRequest: type: object - title: ListRequest + properties: + path: + type: string + title: path + recursive: + type: boolean + title: recursive + title: CreateWatcherRequest additionalProperties: false - process.ListResponse: + filesystem.CreateWatcherResponse: type: object properties: - processes: - type: array - items: - $ref: '#/components/schemas/process.ProcessInfo' - title: processes - title: ListResponse + watcherId: + type: string + title: watcher_id + title: CreateWatcherResponse additionalProperties: false - process.PTY: + filesystem.EntryInfo: type: object properties: + name: + type: string + title: name + type: + title: type + $ref: '#/components/schemas/filesystem.FileType' + path: + type: string + title: path size: + type: + - integer + - string title: size - $ref: '#/components/schemas/process.PTY.Size' - title: PTY - additionalProperties: false - process.PTY.Size: - type: object - properties: - cols: - type: integer - title: cols - rows: + format: int64 + description: File size in bytes. Encoded as string for values exceeding + JSON number precision (int64). + mode: type: integer - title: rows - title: Size - additionalProperties: false - process.ProcessConfig: - type: object - properties: - cmd: + title: mode + permissions: type: string - title: cmd - args: - type: array - items: - type: string - title: args - envs: - type: object - title: envs - additionalProperties: - type: string - title: value - cwd: + title: permissions + owner: + type: string + title: owner + group: + type: string + title: group + modifiedTime: + title: modified_time + $ref: '#/components/schemas/google.protobuf.Timestamp' + symlinkTarget: type: - string - 'null' - title: cwd - title: ProcessConfig + title: symlink_target + description: If the entry is a symlink, this field contains the target of + the symlink. + title: EntryInfo additionalProperties: false - process.ProcessEvent: + filesystem.EventType: + type: string + title: EventType + enum: + - EVENT_TYPE_UNSPECIFIED + - EVENT_TYPE_CREATE + - EVENT_TYPE_WRITE + - EVENT_TYPE_REMOVE + - EVENT_TYPE_RENAME + - EVENT_TYPE_CHMOD + filesystem.FileType: + type: string + title: FileType + enum: + - FILE_TYPE_UNSPECIFIED + - FILE_TYPE_FILE + - FILE_TYPE_DIRECTORY + - FILE_TYPE_SYMLINK + filesystem.FilesystemEvent: type: object - oneOf: - - properties: - data: - title: data - $ref: '#/components/schemas/process.ProcessEvent.DataEvent' - title: data - required: - - data - - properties: - end: - title: end - $ref: '#/components/schemas/process.ProcessEvent.EndEvent' - title: end - required: - - end - - properties: - keepalive: - title: keepalive - $ref: '#/components/schemas/process.ProcessEvent.KeepAlive' - title: keepalive - required: - - keepalive - - properties: - start: - title: start - $ref: '#/components/schemas/process.ProcessEvent.StartEvent' - title: start - required: - - start - title: ProcessEvent + properties: + name: + type: string + title: name + type: + title: type + $ref: '#/components/schemas/filesystem.EventType' + title: FilesystemEvent additionalProperties: false - process.ProcessEvent.DataEvent: + filesystem.GetWatcherEventsRequest: type: object - oneOf: - - properties: - pty: - type: string - title: pty - format: byte - title: pty - required: - - pty - - properties: - stderr: - type: string - title: stderr - format: byte - title: stderr - required: - - stderr - - properties: - stdout: - type: string - title: stdout - format: byte - title: stdout - required: - - stdout - title: DataEvent + properties: + watcherId: + type: string + title: watcher_id + title: GetWatcherEventsRequest additionalProperties: false - process.ProcessEvent.EndEvent: + filesystem.GetWatcherEventsResponse: type: object properties: - exitCode: - type: integer - title: exit_code - format: int32 - deprecated: true - description: 'Deprecated: not populated by the server. Parse the exit code - from the `status` string (e.g. "exit status 0").' - exited: - type: boolean - title: exited - status: + events: + type: array + items: + $ref: '#/components/schemas/filesystem.FilesystemEvent' + title: events + title: GetWatcherEventsResponse + additionalProperties: false + filesystem.ListDirRequest: + type: object + properties: + path: type: string - title: status - description: Process exit status string (e.g. "exit status 0"). Parse the - integer exit code from this field. - error: - type: - - string - - 'null' - title: error - title: EndEvent + title: path + depth: + type: integer + title: depth + title: ListDirRequest additionalProperties: false - process.ProcessEvent.KeepAlive: + filesystem.ListDirResponse: type: object - title: KeepAlive + properties: + entries: + type: array + items: + $ref: '#/components/schemas/filesystem.EntryInfo' + title: entries + title: ListDirResponse additionalProperties: false - process.ProcessEvent.StartEvent: + filesystem.MakeDirRequest: type: object properties: - pid: - type: integer - title: pid - title: StartEvent + path: + type: string + title: path + title: MakeDirRequest additionalProperties: false - process.ProcessInfo: + filesystem.MakeDirResponse: type: object properties: - config: - title: config - $ref: '#/components/schemas/process.ProcessConfig' - pid: - type: integer - title: pid - tag: - type: - - string - - 'null' - title: tag - title: ProcessInfo + entry: + title: entry + $ref: '#/components/schemas/filesystem.EntryInfo' + title: MakeDirResponse additionalProperties: false - process.ProcessInput: + filesystem.MoveRequest: type: object - oneOf: - - properties: - pty: - type: string - title: pty - format: byte - title: pty - required: - - pty - - properties: - stdin: - type: string - title: stdin - format: byte - title: stdin - required: - - stdin - title: ProcessInput + properties: + source: + type: string + title: source + destination: + type: string + title: destination + title: MoveRequest additionalProperties: false - process.ProcessSelector: + filesystem.MoveResponse: type: object - oneOf: - - properties: - pid: - type: integer - title: pid - title: pid - required: - - pid - - properties: - tag: - type: string - title: tag - title: tag - required: - - tag - title: ProcessSelector + properties: + entry: + title: entry + $ref: '#/components/schemas/filesystem.EntryInfo' + title: MoveResponse additionalProperties: false - process.SendInputRequest: + filesystem.RemoveRequest: type: object properties: - process: - title: process - $ref: '#/components/schemas/process.ProcessSelector' - input: - title: input - $ref: '#/components/schemas/process.ProcessInput' - title: SendInputRequest + path: + type: string + title: path + title: RemoveRequest additionalProperties: false - process.SendInputResponse: + filesystem.RemoveResponse: type: object - title: SendInputResponse + title: RemoveResponse additionalProperties: false - process.SendSignalRequest: + filesystem.RemoveWatcherRequest: type: object properties: - process: - title: process - $ref: '#/components/schemas/process.ProcessSelector' - signal: - title: signal - $ref: '#/components/schemas/process.Signal' - title: SendSignalRequest + watcherId: + type: string + title: watcher_id + title: RemoveWatcherRequest additionalProperties: false - process.SendSignalResponse: + filesystem.RemoveWatcherResponse: type: object - title: SendSignalResponse + title: RemoveWatcherResponse additionalProperties: false - process.Signal: - type: string - title: Signal - enum: - - SIGNAL_UNSPECIFIED - - SIGNAL_SIGTERM - - SIGNAL_SIGKILL - process.StartRequest: + filesystem.StatRequest: type: object properties: - process: - title: process - $ref: '#/components/schemas/process.ProcessConfig' - pty: - oneOf: - - $ref: '#/components/schemas/process.PTY' - - type: 'null' - title: pty - tag: - type: - - string - - 'null' - title: tag - stdin: - type: - - boolean - - 'null' - title: stdin - description: "This is optional for backwards compatibility.\n We default\ - \ to true. New SDK versions will set this to false by default." - title: StartRequest + path: + type: string + title: path + title: StatRequest additionalProperties: false - process.StartResponse: + filesystem.StatResponse: type: object properties: - event: - title: event - $ref: '#/components/schemas/process.ProcessEvent' - title: StartResponse + entry: + title: entry + $ref: '#/components/schemas/filesystem.EntryInfo' + title: StatResponse additionalProperties: false - process.StreamInputRequest: + filesystem.WatchDirRequest: + type: object + properties: + path: + type: string + title: path + recursive: + type: boolean + title: recursive + title: WatchDirRequest + additionalProperties: false + filesystem.WatchDirResponse: type: object oneOf: - properties: - data: - title: data - $ref: '#/components/schemas/process.StreamInputRequest.DataEvent' - title: data + filesystem: + title: filesystem + $ref: '#/components/schemas/filesystem.FilesystemEvent' + title: filesystem required: - - data + - filesystem - properties: keepalive: title: keepalive - $ref: '#/components/schemas/process.StreamInputRequest.KeepAlive' + $ref: '#/components/schemas/filesystem.WatchDirResponse.KeepAlive' title: keepalive required: - keepalive - properties: start: title: start - $ref: '#/components/schemas/process.StreamInputRequest.StartEvent' + $ref: '#/components/schemas/filesystem.WatchDirResponse.StartEvent' title: start required: - start - title: StreamInputRequest - additionalProperties: false - process.StreamInputRequest.DataEvent: - type: object - properties: - input: - title: input - $ref: '#/components/schemas/process.ProcessInput' - title: DataEvent + title: WatchDirResponse additionalProperties: false - process.StreamInputRequest.KeepAlive: + filesystem.WatchDirResponse.KeepAlive: type: object title: KeepAlive additionalProperties: false - process.StreamInputRequest.StartEvent: + filesystem.WatchDirResponse.StartEvent: type: object - properties: - process: - title: process - $ref: '#/components/schemas/process.ProcessSelector' title: StartEvent additionalProperties: false - process.StreamInputResponse: - type: object - title: StreamInputResponse - additionalProperties: false - process.UpdateRequest: - type: object - properties: - process: - title: process - $ref: '#/components/schemas/process.ProcessSelector' - pty: - oneOf: - - $ref: '#/components/schemas/process.PTY' - - type: 'null' - title: pty - title: UpdateRequest - additionalProperties: false - process.UpdateResponse: - type: object - title: UpdateResponse - additionalProperties: false + google.protobuf.Timestamp: + type: string + examples: + - '2023-01-15T01:30:15.01Z' + - '2024-12-25T12:00:00Z' + format: date-time + description: "A Timestamp represents a point in time independent of any time\ + \ zone or local\n calendar, encoded as a count of seconds and fractions of\ + \ seconds at\n nanosecond resolution. The count is relative to an epoch at\ + \ UTC midnight on\n January 1, 1970, in the proleptic Gregorian calendar which\ + \ extends the\n Gregorian calendar backwards to year one.\n\n All minutes\ + \ are 60 seconds long. Leap seconds are \"smeared\" so that no leap\n second\ + \ table is needed for interpretation, using a [24-hour linear\n smear](https://developers.google.com/time/smear).\n\ + \n The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z.\ + \ By\n restricting to that range, we ensure that we can convert to and from\ + \ [RFC\n 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings.\n\n # Examples\n\ + \n Example 1: Compute Timestamp from POSIX `time()`.\n\n Timestamp timestamp;\n\ + \ timestamp.set_seconds(time(NULL));\n timestamp.set_nanos(0);\n\n\ + \ Example 2: Compute Timestamp from POSIX `gettimeofday()`.\n\n struct\ + \ timeval tv;\n gettimeofday(&tv, NULL);\n\n Timestamp timestamp;\n\ + \ timestamp.set_seconds(tv.tv_sec);\n timestamp.set_nanos(tv.tv_usec\ + \ * 1000);\n\n Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`.\n\ + \n FILETIME ft;\n GetSystemTimeAsFileTime(&ft);\n UINT64 ticks\ + \ = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;\n\n // A Windows\ + \ tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z\n // is\ + \ 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.\n Timestamp\ + \ timestamp;\n timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));\n\ + \ timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));\n\n Example\ + \ 4: Compute Timestamp from Java `System.currentTimeMillis()`.\n\n long\ + \ millis = System.currentTimeMillis();\n\n Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis\ + \ / 1000)\n .setNanos((int) ((millis % 1000) * 1000000)).build();\n\ + \n Example 5: Compute Timestamp from Java `Instant.now()`.\n\n Instant\ + \ now = Instant.now();\n\n Timestamp timestamp =\n Timestamp.newBuilder().setSeconds(now.getEpochSecond())\n\ + \ .setNanos(now.getNano()).build();\n\n Example 6: Compute Timestamp\ + \ from current time in Python.\n\n timestamp = Timestamp()\n timestamp.GetCurrentTime()\n\ + \n # JSON Mapping\n\n In JSON format, the Timestamp type is encoded as a string\ + \ in the\n [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is,\ + \ the\n format is \"{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z\"\ + \n where {year} is always expressed using four digits while {month}, {day},\n\ + \ {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional\n\ + \ seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),\n\ + \ are optional. The \"Z\" suffix indicates the timezone (\"UTC\"); the timezone\n\ + \ is required. A proto3 JSON serializer should always use UTC (as indicated\ + \ by\n \"Z\") when printing the Timestamp type and a proto3 JSON parser should\ + \ be\n able to accept both UTC and other timezones (as indicated by an offset).\n\ + \n For example, \"2017-01-15T01:30:15.01Z\" encodes 15.01 seconds past\n 01:30\ + \ UTC on January 15, 2017.\n\n In JavaScript, one can convert a Date object\ + \ to this format using the\n standard\n [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)\n\ + \ method. In Python, a standard `datetime.datetime` object can be converted\n\ + \ to this format using\n [`strftime`](https://docs.python.org/2/library/time.html#time.strftime)\ + \ with\n the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java,\ + \ one can use\n the Joda Time's [`ISODateTimeFormat.dateTime()`](\n http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()\n\ + \ ) to obtain a formatter capable of generating timestamps in this format." Team: required: - teamID @@ -3335,7 +3426,11 @@ components: format: uuid description: Identifier of the user email: - type: string + type: + - string + - 'null' + deprecated: true + default: null description: Email of the user type: object TemplateUpdateRequest: @@ -3430,6 +3525,69 @@ components: maskRequestHost: type: string description: Specify host mask which will be used for all sandbox requests + rules: + type: object + description: 'Per-domain transform rules applied to matching egress HTTP/HTTPS + requests. Keys are domains (e.g. "api.example.com", "example.com"). A + domain listed here is not automatically allowed - use allowOut to permit + the traffic. + + ' + additionalProperties: + type: array + items: + $ref: '#/components/schemas/SandboxNetworkRule' + SandboxNetworkUpdateConfig: + type: object + description: Network configuration update for a running sandbox. Replaces the + current egress rules with the provided configuration. Omitting a field clears + it. + properties: + allowOut: + type: array + description: List of allowed destinations for egress traffic. Each entry + can be a CIDR block (e.g. "8.8.8.8/32"), a bare IP address (e.g. "8.8.8.8"), + or a domain name (e.g. "example.com", "*.example.com"). Allowed entries + always take precedence over denied entries. + items: + type: string + denyOut: + type: array + description: List of denied CIDR blocks or IP addresses for egress traffic. + Domain names are not supported for deny rules. + items: + type: string + rules: + type: object + description: Per-domain transform rules. Replaces all existing rules when + provided. + additionalProperties: + type: array + items: + $ref: '#/components/schemas/SandboxNetworkRule' + allow_internet_access: + type: boolean + description: Allow sandbox to access the internet. When set to false, it + behaves the same as specifying denyOut to 0.0.0.0/0 in the network config. + SandboxNetworkRule: + type: object + description: Transform rule applied to egress requests matching a domain pattern. + properties: + transform: + $ref: '#/components/schemas/SandboxNetworkTransform' + SandboxNetworkTransform: + type: object + description: Transformations applied to matching egress requests before forwarding. + properties: + headers: + type: object + description: 'HTTP headers to inject or override in matching requests. An + existing header with the same name is replaced. Values are plain strings; + secret resolution happens client-side before sending to the API. + + ' + additionalProperties: + type: string SandboxAutoResumeEnabled: type: boolean description: Auto-resume enabled flag for paused sandboxes. Default false. @@ -3822,6 +3980,33 @@ components: type: integer format: int32 minimum: 0 + SandboxTimeoutRequest: + type: object + required: + - timeout + properties: + timeout: + description: Timeout in seconds from the current time after which the sandbox + should expire + type: integer + format: int32 + minimum: 0 + SandboxRefreshRequest: + type: object + properties: + duration: + description: Duration for which the sandbox should be kept alive in seconds + type: integer + maximum: 3600 + minimum: 0 + SandboxSnapshotRequest: + type: object + properties: + name: + type: string + description: Optional name for the snapshot template. If a snapshot template + with this name already exists, a new build will be assigned to the existing + template instead of creating a new one. TeamMetric: description: Team metric with timestamp required: