session-execution

$npx mdskill add cloudflare/sandbox-sdk/session-execution

Manage shell processes with precise stdout/stderr separation.

  • Executes commands reliably in foreground or background modes.
  • Uses binary prefixes to distinguish output streams automatically.
  • Detects completion via atomic file writes and hybrid monitoring.
  • Captures logs without blocking the main shell execution.

SKILL.md

.github/skills/session-executionView on GitHub ↗
---
name: session-execution
description: Use when working on or reviewing session execution, command handling, shell state, FIFO-based streaming, or stdout/stderr separation. Relevant for session.ts, command handlers, exec/execStream, or anything involving shell process management. (project)
---

# Session Execution

Read `docs/SESSION_EXECUTION.md` before working in this area. It explains the architecture for reliable command execution with stdout/stderr separation.

## Key Concepts

**Two execution modes:**

- **Foreground (exec)**: Runs in main shell, state persists. Uses temp files for output capture.
- **Background (execStream/startProcess)**: Runs in subshell via FIFOs. Labelers prefix output in background.

**Binary prefix contract:**

- Stdout: `\x01\x01\x01` prefix per line
- Stderr: `\x02\x02\x02` prefix per line
- Log parser reconstructs streams from these prefixes

**Completion signaling:**

- Exit code written to `<id>.exit` file via atomic `tmp` + `mv`
- Hybrid fs.watch + polling detects completion (robust on tmpfs/overlayfs)
- Background mode uses `labelers.done` marker to ensure output is fully captured

## When Developing

- Understand why foreground uses temp files (bash waits for redirects to complete)
- Understand why background uses FIFOs (concurrent streaming without blocking shell)
- Test silent commands (cd, variable assignment) - these historically caused hangs
- Test large output - buffering issues can cause incomplete logs

## When Reviewing

**Correctness checks:**

- Verify exit code handling is atomic (write to .tmp then mv)
- Check FIFO cleanup in error paths
- Ensure labelers.done is awaited before reading final output (background mode)

**Race condition analysis:**

Session execution has a mutex that serializes command execution per session. Before flagging race conditions:

1. Check if operations happen within the same session (mutex protects)
2. Check if operations are per-session vs cross-session (cross-session races are real)
3. Refer to `docs/CONCURRENCY.md` for the full concurrency model

**Common false positives:**

- "Concurrent reads/writes to session state" - mutex serializes these
- "FIFO operations might race" - labelers are per-command, not shared

**Actual concerns to watch for:**

- Cross-session operations without proper isolation
- Cleanup operations that might affect still-running commands
- File operations outside the mutex-protected section

## Key Files

- `packages/sandbox-container/src/session.ts` - Session class with exec/execStream
- `packages/sandbox-container/src/managers/SessionManager.ts` - Mutex and lifecycle
- `packages/sandbox/src/clients/CommandClient.ts` - SDK interface to session commands

More from cloudflare/sandbox-sdk

SkillDescription
architectureUse when navigating the codebase for the first time, adding a new client method, adding a new container handler/service, or understanding how a request flows from Worker through the Sandbox DO into the container. Covers the three-layer architecture, client pattern, container runtime structure, and monorepo layout. (project)
changesetsUse when creating a changeset, preparing a release, or bumping versions. Covers which packages to reference, how to write user-facing changeset descriptions, the release automation flow, and the npm/Docker version sync requirement. (project)
coding-standardsUse when writing or reviewing TypeScript in this repo. Covers the no-`any` rule and where to put new types, the uppercase-acronym style guide, and the rules for code comments (no historical context). (project)
examplesUse when working in the examples/ directory, running an example with wrangler dev, adding a new example, or answering questions about EXPOSE directives and the local Docker dev loop. (project)
git-commitUse when creating git commits to ensure commit messages follow project standards. Applies the 7 rules for great commit messages with focus on conciseness and imperative mood.
loggingUse when adding logs, debugging, or working with the Logger across the SDK and container runtime. Covers the constructor-injection pattern, child loggers, env-var configuration, and test mocking. (project)
sandbox-bridgeUse when you need to exercise a real, running Sandbox deployment via HTTP — for example to validate SDK changes against a live container, reproduce a user-reported issue, or experiment with the API (including FUSE bucket mounts) without spinning up `wrangler dev`. Documents the Sandbox bridge worker reachable via `SANDBOX_WORKER_URL` + `SANDBOX_API_KEY` when the host injects them.
testingUse when writing or running tests for this project. Covers unit vs E2E test decisions, test file locations, mock patterns, and project-specific testing conventions. (project)