[codex] expose sandbox ports

[remiconnesson]

Summary

• add SandboxSession.getPortUrl() for ports declared by a sandbox backend
• publish Docker and Microsandbox TCP ports through validated loopback-only { sandboxPort, hostPort } mappings
• resolve declared Vercel Sandbox ports through their hosted domains
• return an actionable unsupported error for Just Bash, which cannot run listening processes
• allow ingress only to declared Microsandbox TCP ports while retaining default-deny ingress

API

export default defineSandbox({
  backend: docker({
    ports: [{ sandboxPort: 3000, hostPort: 43000 }],
  }),
});

const url = await sandbox.getPortUrl(3000);

Docker and Microsandbox URLs use 127.0.0.1; Vercel returns the provider-hosted URL. Undeclared and invalid ports are rejected.

Security

• local backends bind published ports to loopback only
• duplicate, invalid, and conflicting mappings are rejected
• Docker and Microsandbox reject port mappings with deny-all networking because that combination cannot work
• Microsandbox keeps default ingress denied and adds TCP ingress rules only for declared guest ports

Review notes

The first commit mechanically moves the existing Vercel session adapter out of vercel.ts. That file is already at the repository's 700-line production limit on main; the extraction is behavior-preserving and gives the port implementation a focused home.

Verification

• 3,649 unit tests passed
• 318 integration tests passed
• 254 scenario tests passed; 15 skipped
• typecheck, build, docs checks, invariant guards, lint, and formatting passed

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
eve-docs	Ready	Preview, Comment, Open in v0	Jun 19, 2026 8:03pm

[remiconnesson]

Real-backend port verification

I exercised the port implementation against all four built-in backends before splitting it from #117:

Backend	Result	Cleanup
Docker (Colima)	Guest port 3000 mapped to http://127.0.0.1:63549; HTTP 200 with the exact expected body	Container pr117-docker-mqlb9u5p-f5ebe9 removed; Colima restored to stopped state
Microsandbox	Guest port 3000 mapped to http://127.0.0.1:63130; HTTP 200 with the exact expected body	VM stopped and removed; isolated runtime state removed; no test VM process remained
Vercel Sandbox	sandbox.domain(3000) returned sb-4fspeg3zig7s.vercel.run; HTTPS 200 with the exact expected body	Sandbox pr117-vercel-mqlb9eu3-038458 deleted and lookup confirmed absent
Just Bash	getPortUrl(3000) returned the documented unsupported error because Just Bash cannot run listening processes	Virtual filesystem and temporary app root removed

The live Microsandbox run exposed an initially hidden issue: the host port was published, but generated network policy still denied all ingress. This PR adds TCP ingress rules only for declared guest ports while leaving default ingress denied. The focused policy regression test failed before that fix and passes now.

After isolating the port work onto this branch, I reran:

• 3,649 unit tests
• 318 integration tests
• 254 scenario tests, with 15 skipped
• typecheck, build, docs checks, invariant guards, lint, and formatting

All passed.

[github-actions]

Bundle + Package Summary: apps/fixtures/weather-agent

Key takeaways

• No notable deltas vs main (bfc7191).

Delta vs main (bfc7191)

Area	Metric	Baseline	Current	Delta
Package	Packed tarball	3.23 MB	3.23 MB	+2.4 kB ⚠️
Package	Unpacked publish size	11.58 MB	11.59 MB	+8.1 kB ⚠️
Package	Installed footprint	51.79 MB	51.80 MB	+8.1 kB ⚠️
Package	Published files	2163	2169	+6
Package	Installed files	5368	5374	+6
Runtime	Unique function payloads	2	2	0
Runtime	Total function bytes	9.34 MB	9.34 MB	+1.0 kB ⚠️
Runtime	Public routes	9	9	0

Changed function payloads vs main (bfc7191) (2)

Function	Status	Baseline	Current	Delta	Route changes
functions/.well-known/workflow/v1/flow.func	changed	5.47 MB	5.48 MB	+566 B ⚠️	none
functions/__server.func	changed	3.86 MB	3.86 MB	+454 B ⚠️	none

Build Metadata

• Preset: vercel
• Nitro: nitro@3.0.260610-beta
• Output directory: apps/fixtures/weather-agent/.vercel/output
• Build metadata timestamp: 2026-06-19T20:04:31.454Z
• Route aliases: 9 public, 1 internal (10 total aliases)
• Vercel routes in config: 10
• Severity legend: 🔴 dominant/large, 🟠 notable, 🟡 watch, ⚪ small

Package Drill-Down

Package Details

• Package: eve@0.11.7
• Package directory: packages/eve
• Tarball: 3.23 MB (eve-0.11.7.tgz)
• Unpacked payload: 11.59 MB across 2169 published files
• Installed footprint: 51.80 MB across 5374 installed files
• Installed root package: 10.48 MB
• Installed dependencies: 41.32 MB
• Runtime dependencies: 1
• Peer dependencies: 12 (11 optional)

Installed footprint is measured from an isolated temporary npm install of the packed tarball.

Heavy installed dependencies

• @rolldown/binding-linux-x64-gnu: 20.61 MB (39.8%)
• eve: 10.48 MB (20.2%)
• ai: 6.20 MB (12.0%)
• zod: 4.97 MB (9.6%)
• nitro: 2.41 MB (4.6%)

Publish payload breakdown

Published file size
🟠 dist/src/compiled/experimental-ai-sdk-code-mo... [#####...................] 1.51 MB 13.0%
🟡 dist/src/compiled/@workflow/core/runtime.js      [##......................] 775.4 kB 6.7%
🟡 dist/src/compiled/@vercel/sandbox/index.js       [##......................] 632.0 kB 5.5%
🟡 dist/src/compiled/@chat-adapter/slack/index.js   [#.......................] 436.9 kB 3.8%
🟡 dist/src/compiled/_chunks/workflow/attribute-... [#.......................] 370.9 kB 3.2%
🔴 Other published files                            [########################] 7.87 MB 67.9%

Installed footprint breakdown

Installed package size
🔴 @rolldown/binding-linux-x64-gnu [########################] 20.61 MB 39.8%
🔴 eve                             [############............] 10.48 MB 20.2%
🔴 ai                              [#######.................] 6.20 MB 12.0%
🟠 zod                             [######..................] 4.97 MB 9.6%
🟠 nitro                           [###.....................] 2.41 MB 4.6%
🟡 rolldown                        [#.......................] 771.0 kB 1.5%
🔴 Other installed packages        [#######.................] 6.37 MB 12.3%

Runtime dependencies (1)

Package	Range	Notes
nitro	3.0.260610-beta

Peer dependencies (12)

Package	Range	Notes
@opentelemetry/api	^1.0.0	optional peer
@sveltejs/kit	^2.0.0	optional peer
ai	catalog:
braintrust	^3.0.0	optional peer
just-bash	^3.0.0	optional peer
microsandbox	^0.5.0	optional peer
next	^16.0.0	optional peer
nuxt	^4.0.0	optional peer
react	^19.0.0	optional peer
svelte	^5.0.0	optional peer
vite	^8.0.0	optional peer
vue	^3.5.0	optional peer

Function Drill-Down

Payload Size Graph

Unique function payload size and share of total
🔴 functions/.well-known/workflow/v1/flow.func     [########################] 5.48 MB 58.6%
🔴 functions/__server.func                         [#################.......] 3.86 MB 41.4%

Top Function Payloads

🟠 functions/.well-known/workflow/v1/flow.func • 1 public route • 5.48 MB

Metric	Value
Public routes	/.well-known/workflow/v1/flow
Runtime	nodejs24.x
Handler	index.mjs
Payload	5.48 MB
Function files	5.48 MB across 27 files
Traced dependencies	0 B
Signal	🟠 Bundled file __eve_nitro_handler__.mjs is 1.51 MB (27.5%)

🟠 🔎 Dependency Analysis

📦 Bundled files:

Bundled file size
🟠 __eve_nitro_handler__.mjs              [########################] 1.51 MB 27.5%
🟠 _chunks/runtime.mjs                    [###############.........] 958.4 kB 17.5%
🟡 _chunks/sandbox.mjs                    [############............] 766.0 kB 14.0%
🟡 _chunks/attribute-changes-Bi5DLT8S.mjs [########................] 472.2 kB 8.6%
🟡 _chunks/dist-DTchiX0N.mjs              [#######.................] 460.6 kB 8.4%
🟠 Other bundled files                    [#####################...] 1.31 MB 24.0%

🧾 Vercel Config

{
  "handler": "index.mjs",
  "launcherType": "Nodejs",
  "shouldAddHelpers": false,
  "supportsResponseStreaming": true,
  "runtime": "nodejs24.x",
  "environment": {
    "NODE_OPTIONS": "--experimental-require-module",
    "WORKFLOW_QUEUE_NAMESPACE": "eve"
  },
  "maxDuration": "max",
  "experimentalTriggers": [
    {
      "type": "queue/v2beta",
      "topic": "__eve_wkf_workflow_*",
      "consumer": "default",
      "retryAfterSeconds": 5,
      "initialDelaySeconds": 0
    }
  ]
}

---

🟠 functions/__server.func • 8 public routes, 1 internal alias • 3.86 MB

Metric	Value
Public routes	/ /eve/v1/callback/[token] /eve/v1/connections/[name]/callback/[token] /eve/v1/health /eve/v1/info /eve/v1/session /eve/v1/session/[sessionId] /eve/v1/session/[sessionId]/stream
Internal aliases	/__server
Runtime	nodejs24.x
Handler	index.mjs
Payload	3.86 MB
Function files	3.86 MB across 21 files
Traced dependencies	0 B
Signal	🟠 Bundled file index.mjs is 1.40 MB (36.3%)

🟠 🔎 Dependency Analysis

📦 Bundled files:

Bundled file size
🟠 index.mjs                              [########################] 1.40 MB 36.3%
🟠 _chunks/runtime.mjs                    [###############.........] 875.8 kB 22.7%
🟠 _chunks/sandbox.mjs                    [#############...........] 766.0 kB 19.8%
🟡 _chunks/attribute-changes-Bi5DLT8S.mjs [########................] 448.5 kB 11.6%
⚪ _libs/zod.mjs                          [##......................] 114.2 kB 3.0%
🟡 Other bundled files                    [####....................] 258.8 kB 6.7%

🧾 Vercel Config

{
  "handler": "index.mjs",
  "launcherType": "Nodejs",
  "shouldAddHelpers": false,
  "supportsResponseStreaming": true,
  "runtime": "nodejs24.x"
}