fix(sandbox): handle abort signal and early stream close in runCommand#135
Merged
marc-vercel merged 4 commits intovercel:mainfrom Apr 7, 2026
Merged
Conversation
Validates two bugs in the streaming runCommand (wait: true) path:
1. Abort signal hangs forever — the finished promise never settles
because the abort isn't propagated to the jsonlines iterator
2. Abrupt stream close produces ZodError instead of a descriptive
error when iterator.next() returns { done: true, value: undefined }
Contributor
|
@pbzona is attempting to deploy a commit to the Vercel Team on Vercel. A member of the Team first needs to authorize it. |
When runCommand is called with wait: true, the API returns an ndjson stream with two chunks. If the abort signal fires mid-stream, the jsonlines iterator hangs forever because the abort isn't propagated. If the stream closes before the second chunk, the iterator returns undefined which causes a confusing Zod validation error. Wire the abort signal to destroy the jsonlines stream so pending iterator.next() calls reject immediately. Guard against early stream close by checking iterator.done before parsing. Clean up the abort listener when the stream is fully consumed to avoid retaining references on long-lived signals.
pbzona
force-pushed
the
fix/abort-signal-zod-validation
branch
from
af6f156 to
b04c23f
Compare
marc-vercel
reviewed
Apr 7, 2026
pbzona
force-pushed
the
fix/abort-signal-zod-validation
branch
from
2888ae4 to
cbbb480
Compare
marc-vercel
approved these changes
Apr 7, 2026
Merged
marc-vercel
added a commit
that referenced
this pull request
Apr 8, 2026
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## sandbox@2.5.9 ### Patch Changes - Updated dependencies \[[`9555162f33690dfa18530aeca93af05188ebd2ed`](9555162)]: - @vercel/sandbox@1.9.3 ## @vercel/sandbox@1.9.3 ### Patch Changes - Handle abort signal and early stream close in runCommand to avoid misleading Zod error ([#135](#135)) ## sandbox-filesystem-snapshots@0.0.14 ### Patch Changes - Updated dependencies \[[`9555162f33690dfa18530aeca93af05188ebd2ed`](9555162)]: - @vercel/sandbox@1.9.3 ## workflow-code-runner@0.1.3 ### Patch Changes - Updated dependencies \[[`9555162f33690dfa18530aeca93af05188ebd2ed`](9555162)]: - @vercel/sandbox@1.9.3 --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Marc Codina <marc.codina@vercel.com>
marc-vercel
pushed a commit
that referenced
this pull request
Apr 8, 2026
#135) ## Summary When `runCommand` is called with `wait: true`, the API returns an ndjson stream with two JSON chunks (command started, command finished). Two problems with how this stream is consumed: 1. **Abort signal hangs forever.** If an `AbortSignal` fires mid-stream (e.g. `AbortSignal.timeout()`), the HTTP body closes but the `jsonlines` transform stream stays open. The `iterator.next()` call waiting for the second chunk blocks indefinitely — it never resolves or rejects. 2. **Early stream close throws ZodError.** If the stream closes after the first chunk but before the second (e.g. server drops connection), `iterator.next()` returns `{ done: true, value: undefined }`. `CommandFinishedResponse.parse(undefined)` then throws a Zod validation error instead of a meaningful message. ### Fix - Wire the abort signal to `jsonlinesStream.destroy()` so pending `iterator.next()` calls reject immediately instead of hanging - Check `iterator.done` before parsing to throw a `StreamError` instead of a ZodError - Clean up the abort listener when the stream is fully consumed ## Test plan - [ ] `throws abort error (not Zod error) when signal aborts before stream finishes` — abort mid-stream rejects instead of hanging - [ ] `throws StreamError when stream closes before finished chunk arrives` — early close throws StreamError, not ZodError - [ ] `rejects when signal is already aborted before stream starts` — pre-aborted signal rejects immediately - [ ] Existing `runCommand` and full suite tests still pass First commit shows the intentionally failing tests to illustrate the behavior. Open to suggestions on the specific error handling behavior, I just don't think it should be a Zod error in these cases. It's technically expected but could be more helpful.
marc-vercel
added a commit
that referenced
this pull request
Apr 8, 2026
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. - Updated dependencies \[[`9555162f33690dfa18530aeca93af05188ebd2ed`](9555162)]: - @vercel/sandbox@1.9.3 - Handle abort signal and early stream close in runCommand to avoid misleading Zod error ([#135](#135)) - Updated dependencies \[[`9555162f33690dfa18530aeca93af05188ebd2ed`](9555162)]: - @vercel/sandbox@1.9.3 - Updated dependencies \[[`9555162f33690dfa18530aeca93af05188ebd2ed`](9555162)]: - @vercel/sandbox@1.9.3 --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Marc Codina <marc.codina@vercel.com>
marc-vercel
added a commit
that referenced
this pull request
Apr 8, 2026
Rebasing `named-sandboxes`. Commits that I am moving: 1. cf13a34 — refactor(sdk): build @vercel/sandbox with tsdown dual outputs (#84) 2. 772989c — Support "use workflow" serialization for Sandbox and Command (#72) 3. cc74dbf — fix(sandbox): read package.json with fs instead of ESM import (#119) 4. a6b8ce9 — feat(skill): update beta documentation for default snapshot expiration (#125) 5. 184cd42 — patch(vercel-sandbox): count length by bytes and not ASCII for binaries (#127) 6. 451c42e — feat(sandbox): accept string and Uint8Array in writeFiles content (#128) 7. ad52dec — Version Packages (#122) 8. b91b9e4 — fix(sandbox): initialize API client in Command before reading output (#130) 9. 28237b8 — refactor(workflow-code-runner): inline Sandbox calls in workflow function (#129) 10. 0786e18 — Version Packages (#131) 11. 9555162 — fix(sandbox): handle abort signal and early stream close in runCommand (#135) 12. db4e5f3 — Version Packages (#137) I had to resolve multiple merge conflicts, specially with the commits 1 and 2. I've also added some tests for them because they were touching `sandbox.ts` for serializing and deserializing, and in this branch we moved most of the logic to `session.ts`. --------- Co-authored-by: Gal Schlezinger <gal@spitfire.co.il> Co-authored-by: Luke Phillips-Sheard <luke.phillips-sheard@vercel.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Luke PS <LukeSheard@users.noreply.github.com> Co-authored-by: Malte Ubl <cramforce@users.noreply.github.com> Co-authored-by: Pranay Prakash <pranay.gp@gmail.com> Co-authored-by: Nathan Rajlich <n@n8.io> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Phil Z <pbzona@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When
runCommandis called withwait: true, the API returns an ndjson stream with two JSON chunks (command started, command finished). Two problems with how this stream is consumed:Abort signal hangs forever. If an
AbortSignalfires mid-stream (e.g.AbortSignal.timeout()), the HTTP body closes but thejsonlinestransform stream stays open. Theiterator.next()call waiting for the second chunk blocks indefinitely — it never resolves or rejects.Early stream close throws ZodError. If the stream closes after the first chunk but before the second (e.g. server drops connection),
iterator.next()returns{ done: true, value: undefined }.CommandFinishedResponse.parse(undefined)then throws a Zod validation error instead of a meaningful message.Fix
jsonlinesStream.destroy()so pendingiterator.next()calls reject immediately instead of hangingiterator.donebefore parsing to throw aStreamErrorinstead of a ZodErrorTest plan
throws abort error (not Zod error) when signal aborts before stream finishes— abort mid-stream rejects instead of hangingthrows StreamError when stream closes before finished chunk arrives— early close throws StreamError, not ZodErrorrejects when signal is already aborted before stream starts— pre-aborted signal rejects immediatelyrunCommandand full suite tests still passFirst commit shows the intentionally failing tests to illustrate the behavior. Open to suggestions on the specific error handling behavior, I just don't think it should be a Zod error in these cases. It's technically expected but could be more helpful.