fix: fix bun install bug (#62)

* fix: fix bun install bug * refactor: consolidate executable check into assertExecutable helper - Add assertExecutable() to cli-shared that checks and attempts chmod - Simplify CLI and SDK spawn code to use the shared helper - Fix cli-shared package.json exports (.js not .mjs) - Add global install instructions to SDK error message * chore(release): update version to 0.1.6-rc.1 * fix: add cli-shared package to Dockerfiles * chore(release): update version to 0.1.6-rc.1 * fix: add cli-shared publishing to release workflow * chore(release): update version to 0.1.6-rc.1 * fix: handle already-exists error during crate publish * chore(release): update version to 0.1.6-rc.1
2026-04-15 15:03:37 +00:00 · 2026-02-02 21:12:41 -08:00 · 2026-02-02 21:12:41 -08:00 · 02bb992b11
commit 02bb992b11
parent 24de9e686c
30 changed files with 467 additions and 44 deletions
--- a/sdks/cli-shared/src/index.ts
+++ b/sdks/cli-shared/src/index.ts
@ -0,0 +1,99 @@
+export type InstallCommandBlock = {
+	label: string;
+	commands: string[];
+};
+
+export type NonExecutableBinaryMessageOptions = {
+	binPath: string;
+	trustPackages: string;
+	bunInstallBlocks: InstallCommandBlock[];
+	genericInstallCommands?: string[];
+};
+
+export type FsSubset = {
+	accessSync: (path: string, mode?: number) => void;
+	chmodSync: (path: string, mode: number) => void;
+	constants: { X_OK: number };
+};
+
+export function isBunRuntime(): boolean {
+	if (typeof process?.versions?.bun === "string") return true;
+	const userAgent = process?.env?.npm_config_user_agent || "";
+	return userAgent.includes("bun/");
+}
+
+const PERMISSION_ERRORS = new Set(["EACCES", "EPERM", "ENOEXEC"]);
+
+function isPermissionError(error: unknown): boolean {
+	if (!error || typeof error !== "object") return false;
+	const code = (error as { code?: unknown }).code;
+	return typeof code === "string" && PERMISSION_ERRORS.has(code);
+}
+
+/**
+ * Checks if a binary is executable and attempts to make it executable if not.
+ * Returns true if the binary is (or was made) executable, false if it couldn't
+ * be made executable due to permission errors. Throws for other errors.
+ *
+ * Requires fs to be passed in to avoid static imports that break browser builds.
+ */
+export function assertExecutable(binPath: string, fs: FsSubset): boolean {
+	if (process.platform === "win32") {
+		return true;
+	}
+
+	try {
+		fs.accessSync(binPath, fs.constants.X_OK);
+		return true;
+	} catch {
+		// Not executable, try to fix
+	}
+
+	try {
+		fs.chmodSync(binPath, 0o755);
+		return true;
+	} catch (error) {
+		if (isPermissionError(error)) {
+			return false;
+		}
+		throw error;
+	}
+}
+
+export function formatNonExecutableBinaryMessage(
+	options: NonExecutableBinaryMessageOptions,
+): string {
+	const { binPath, trustPackages, bunInstallBlocks, genericInstallCommands } =
+		options;
+
+	const lines = [`sandbox-agent binary is not executable: ${binPath}`];
+
+	if (isBunRuntime()) {
+		lines.push(
+			"Allow Bun to run postinstall scripts for native binaries and reinstall:",
+		);
+		for (const block of bunInstallBlocks) {
+			lines.push(`${block.label}:`);
+			for (const command of block.commands) {
+				lines.push(`  ${command}`);
+			}
+		}
+		lines.push(`Or run: chmod +x "${binPath}"`);
+		return lines.join("\n");
+	}
+
+	lines.push(
+		"Postinstall scripts for native packages did not run, so the binary was left non-executable.",
+	);
+	if (genericInstallCommands && genericInstallCommands.length > 0) {
+		lines.push("Reinstall with scripts enabled:");
+		for (const command of genericInstallCommands) {
+			lines.push(`  ${command}`);
+		}
+	} else {
+		lines.push("Reinstall with scripts enabled for:");
+		lines.push(`  ${trustPackages}`);
+	}
+	lines.push(`Or run: chmod +x "${binPath}"`);
+	return lines.join("\n");
+}