fix(sandbox): bump @vercel/sandbox to v2 — production incident#148
fix(sandbox): bump @vercel/sandbox to v2 — production incident#148sweetmantech merged 1 commit intomainfrom
Conversation
Production sandbox runs were failing with "Status code 404 is not ok" after api PR #503 bumped @vercel/sandbox from 1.x to 2.0.0-beta.11. Sandboxes created by api with v2-style names (e.g. gray-common-whale-eGd9JS) could no longer be reconnected from tasks (v1.8.0) — v1's Sandbox.get expects v1-style identifiers and returns 404 for the new format. Failing run for reference: https://cloud.trigger.dev/orgs/recoup-8a7d/projects/recoup-chat-bQni/env/prod/runs/run_cmorfev4q72dv0olrfwo1ysgc Mirrors api's PR #503: bump dep + minimal v1 -> v2 surface fixes: package.json "@vercel/sandbox": "^1.8.0" -> "2.0.0-beta.11" v1 -> v2 API rename: { sandboxId } -> { name } at the v2 boundary. api keeps "sandboxId" as its public vocabulary (HTTP responses, payloads, internal variables) — translation only happens at the SDK call. Production code (4 files): sandboxes/getOrCreateSandbox.ts:30 Sandbox.get({ sandboxId, ... }) -> Sandbox.get({ name: sandboxId, ... }) tasks/runSandboxCommandTask.ts:46 same pattern tasks/codingAgentTask.ts:83 sandbox.sandboxId -> sandbox.name (log) tasks/setupSandboxTask.ts:40,50 sandbox.sandboxId -> sandbox.name (×2) tasks/updatePRTask.ts:38,86 sandbox.sandboxId -> sandbox.name (×2) Tests (1 file): sandboxes/__tests__/getOrCreateSandbox.test.ts mock Sandbox.get return: { sandboxId } -> { name } Sandbox.get call assertion: { sandboxId } -> { name } Verification: - pnpm install: clean - pnpm test: 356/356 pass - SDK-related typecheck errors: 0 (pre-existing unrelated typecheck issues in this repo are out of scope and predate this fix) Cross-repo coordination note: api is on @vercel/sandbox 2.0.0-beta.11 since PR #503 (merged 2026-05-02). Tasks needs to match. Without this fix, prod sandbox runs created via the new api code path are unreachable. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (7)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Review rate limit: 0/1 reviews remaining, refill in 43 minutes and 2 seconds.Comment |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
1 participant
🚨 Production incident fix
Sandboxes are failing in production with `Status code 404 is not ok`. This PR fixes the cross-repo dep mismatch that caused it.
Failing run for reference: https://cloud.trigger.dev/orgs/recoup-8a7d/projects/recoup-chat-bQni/env/prod/runs/run_cmorfev4q72dv0olrfwo1ysgc
Root cause
`tasks/` was on `@vercel/sandbox: ^1.8.0`. After api PR #503 bumped api to `2.0.0-beta.11` (merged 2026-05-02), api started creating sandboxes with v2-style names (`gray-common-whale-eGd9JS` instead of `sbx_xxx`). The v1 SDK in tasks couldn't resolve those names — `Sandbox.get({ sandboxId })` returned 404.
Stack trace from the failing run:
Fix
Mirrors api's PR #503: dep bump + minimum v1 → v2 SDK surface fixes.
api's vocabulary preserved: HTTP response shape from `createAccountSandbox` still uses `sandboxId` (per the api migration's design decision). Translation to `name` only at the v2 SDK boundary.
Verification
What this fixes (real-world impact)
Cross-repo dependency note
After this lands, the version pin chain is consistent:
🤖 Generated with Claude Code
Summary by cubic
Bumps
@vercel/sandboxto v2 and updates call sites to fix production 404s when reconnecting to v2-named sandboxes. Aligns tasks with API-created sandboxes so runs and logs work again.@vercel/sandbox1.8.0 → 2.0.0-beta.11.Sandbox.get({ name })instead of{ sandboxId }; translate APIsandboxIdtonameat the SDK boundary.sandbox.sandboxIdwithsandbox.namein log fields.Written for commit 5719f34. Summary will update on new commits.