session-execution
$
npx mdskill add cloudflare/sandbox-sdk/session-executionManage shell processes with precise stdout/stderr separation.
- Executes commands reliably in foreground or background modes.
- Uses binary prefixes to distinguish output streams automatically.
- Detects completion via atomic file writes and hybrid monitoring.
- Captures logs without blocking the main shell execution.
SKILL.md
.github/skills/session-executionView on GitHub ↗
--- name: session-execution description: Use when working on or reviewing session execution, command handling, shell state, FIFO-based streaming, or stdout/stderr separation. Relevant for session.ts, command handlers, exec/execStream, or anything involving shell process management. (project) --- # Session Execution Read `docs/SESSION_EXECUTION.md` before working in this area. It explains the architecture for reliable command execution with stdout/stderr separation. ## Key Concepts **Two execution modes:** - **Foreground (exec)**: Runs in main shell, state persists. Uses temp files for output capture. - **Background (execStream/startProcess)**: Runs in subshell via FIFOs. Labelers prefix output in background. **Binary prefix contract:** - Stdout: `\x01\x01\x01` prefix per line - Stderr: `\x02\x02\x02` prefix per line - Log parser reconstructs streams from these prefixes **Completion signaling:** - Exit code written to `<id>.exit` file via atomic `tmp` + `mv` - Hybrid fs.watch + polling detects completion (robust on tmpfs/overlayfs) - Background mode uses `labelers.done` marker to ensure output is fully captured ## When Developing - Understand why foreground uses temp files (bash waits for redirects to complete) - Understand why background uses FIFOs (concurrent streaming without blocking shell) - Test silent commands (cd, variable assignment) - these historically caused hangs - Test large output - buffering issues can cause incomplete logs ## When Reviewing **Correctness checks:** - Verify exit code handling is atomic (write to .tmp then mv) - Check FIFO cleanup in error paths - Ensure labelers.done is awaited before reading final output (background mode) **Race condition analysis:** Session execution has a mutex that serializes command execution per session. Before flagging race conditions: 1. Check if operations happen within the same session (mutex protects) 2. Check if operations are per-session vs cross-session (cross-session races are real) 3. Refer to `docs/CONCURRENCY.md` for the full concurrency model **Common false positives:** - "Concurrent reads/writes to session state" - mutex serializes these - "FIFO operations might race" - labelers are per-command, not shared **Actual concerns to watch for:** - Cross-session operations without proper isolation - Cleanup operations that might affect still-running commands - File operations outside the mutex-protected section ## Key Files - `packages/sandbox-container/src/session.ts` - Session class with exec/execStream - `packages/sandbox-container/src/managers/SessionManager.ts` - Mutex and lifecycle - `packages/sandbox/src/clients/CommandClient.ts` - SDK interface to session commands
More from cloudflare/sandbox-sdk
- architectureUse when navigating the codebase for the first time, adding a new client method, adding a new container handler/service, or understanding how a request flows from Worker through the Sandbox DO into the container. Covers the three-layer architecture, client pattern, container runtime structure, and monorepo layout. (project)
- changesetsUse when creating a changeset, preparing a release, or bumping versions. Covers which packages to reference, how to write user-facing changeset descriptions, the release automation flow, and the npm/Docker version sync requirement. (project)
- coding-standardsUse when writing or reviewing TypeScript in this repo. Covers the no-`any` rule and where to put new types, the uppercase-acronym style guide, and the rules for code comments (no historical context). (project)
- examplesUse when working in the examples/ directory, running an example with wrangler dev, adding a new example, or answering questions about EXPOSE directives and the local Docker dev loop. (project)
- git-commitUse when creating git commits to ensure commit messages follow project standards. Applies the 7 rules for great commit messages with focus on conciseness and imperative mood.
- loggingUse when adding logs, debugging, or working with the Logger across the SDK and container runtime. Covers the constructor-injection pattern, child loggers, env-var configuration, and test mocking. (project)
- sandbox-bridgeUse when you need to exercise a real, running Sandbox deployment via HTTP — for example to validate SDK changes against a live container, reproduce a user-reported issue, or experiment with the API (including FUSE bucket mounts) without spinning up `wrangler dev`. Documents the Sandbox bridge worker reachable via `SANDBOX_WORKER_URL` + `SANDBOX_API_KEY` when the host injects them.
- testingUse when writing or running tests for this project. Covers unit vs E2E test decisions, test file locations, mock patterns, and project-specific testing conventions. (project)