Use params objects for service APIs

[steven-passynkov]

Summary

• switch several SDK service methods from positional arguments to typed params objects for a more consistent API shape
• update sandbox helpers, examples, and README usage to match the new calling convention
• refresh service and client tests to cover the new signatures

Testing

• pnpm test

Summary by CodeRabbit

• Breaking Changes
  • Client APIs now use structured object parameters instead of positional arguments for desktop controls, file operations, LSP calls, PTY resize, SSH credential actions, and the presigned-URL call — update integrations accordingly.
• Documentation
  • README updated to show the new presigned-URL call shape and that expiresIn is expressed in seconds; process timeout docs now state timeouts in seconds.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2d05969f-bae9-4ad9-8200-1500769df7ee

📥 Commits

Reviewing files that changed from the base of the PR and between b57d83e and 873bcb5.

📒 Files selected for processing (2)

• src/services/lsp.ts
• tests/services/lsp.test.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• tests/services/lsp.test.ts

---

📝 Walkthrough

Walkthrough

Refactors many SDK/API method signatures to accept single parameter objects instead of multiple positional arguments across service clients (Desktop, Filesystem, LSP, Pty, SSH), the Sandbox client, README/examples, and corresponding tests. No behavioral changes beyond argument reshaping and JSDoc/timeout-unit documentation tweaks.

Changes

Cohort / File(s)	Summary
Documentation & Examples README.md, examples/desktop.ts, examples/ssh.ts, src/services/process.ts	Updated README/example call sites and inline docs to use new params-object call shapes; clarified expiresIn/timeout units in docs.
Service Clients (desktop, filesystem, pty, ssh) src/services/desktop.ts, src/services/filesystem.ts, src/services/pty.ts, src/services/ssh.ts	Switched multiple method signatures to single params objects (e.g., movePointer({x,y}), waitUntilReady({timeout}), delete({path}), move({srcPath,dstPath}), resize({sessionId,cols,rows}), SSH methods accept {id}/{id,password}). Request payloads/URLs now read values from params.
LSP Service Client src/services/lsp.ts	Major API reshape: added exported LspRequestParams and converted ~10 public LSP methods to accept structured params objects (start/stop/didOpen/didClose/completions/documentSymbols and path variants); removed normalizeDidOpenArgs; adjusted payload construction (e.g., version: params.version ?? 1, include text only when provided) and path→URI conversion for path-based helpers.
Sandbox Main Client src/client/sandbox.ts	Changed Sandbox.createPresignedUrl signature to createPresignedUrl(params: { port; expiresIn? }, options?) and pass params directly to the underlying client.
Tests tests/client/client-sandbox.test.ts, tests/services/desktop.test.ts, tests/services/filesystem.test.ts, tests/services/lsp.test.ts, tests/services/pty.test.ts, tests/services/ssh.test.ts	Updated test call sites and assertions to the new params-object signatures across sandbox, desktop, filesystem, lsp, pty, and ssh tests; adjusted recorded request payload expectations where applicable.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related PRs

• Add presigned URL APIs #9 — Modifies the same Sandbox.createPresignedUrl API to use a params-object signature.
• Init fixes #3 — Broad refactor converting many client/service methods from positional args to single-params objects; overlaps the same API areas changed here.

Poem

🐰 I hopped through code both far and near,
Bundled params so calls are clear,
No more scattered args to chase,
One tidy object, snug in place.
🥕 The rabbit cheers — concise API, hip-hip hooray!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title "Use params objects for service APIs" accurately summarizes the main refactoring objective of the pull request—converting service methods from positional arguments to typed parameter objects across multiple API layers.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch refactor/param-object-apis

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

tests/services/lsp.test.ts (1)

39-53: Optional: add assertions for the remaining migrated calls in this scenario.

This test already verifies key payloads; adding explicit checks for stop, didClosePath, and documentSymbolsPath would make regression detection tighter.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/services/lsp.test.ts` around lines 39 - 53, The test checks several LSP
request payloads but omits assertions for the remaining migrated calls; add
explicit assertions against calls[x] using the existing calls array and jsonOf
helper to verify the stop request (path "/v1/sandbox/sb-1/lsp/stop"), the
didClosePath request (likely payload with language_id, path_to_project, and uri
for closed document), and the documentSymbolsPath request (payload including
language_id, path_to_project, and uri) so all expected LSP interactions in this
scenario are validated; reuse the same assert.equal/assert.deepEqual style as
the surrounding assertions to locate these calls in the sequence.

src/services/lsp.ts (1)

97-103: Consider extracting shared LSP param types.

Multiple inline param object shapes are repeated; centralizing them would reduce drift risk and improve readability.

♻️ Suggested refactor

+type LspProjectParams = { languageId: string; pathToProject: string };
+type LspDocumentUriParams = LspProjectParams & { uri: string };
+type LspDocumentPathParams = LspProjectParams & { path: string };
+type LspDidOpenUriParams = LspDocumentUriParams & { text?: string; version?: number };
+type LspDidOpenPathParams = LspDocumentPathParams & { text?: string; version?: number };
+type LspPositionUriParams = LspDocumentUriParams & { line: number; character: number };
+type LspPositionPathParams = LspDocumentPathParams & { line: number; character: number };

-    params: { languageId: string; pathToProject: string; uri: string },
+    params: LspDocumentUriParams,

Also applies to: 128-134, 206-212, 237-243, 268-268, 292-292

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/services/lsp.ts` around lines 97 - 103, Extract the repeated inline
parameter object into a single exported type (e.g., LspParams or
LspRequestParams) that declares languageId, pathToProject, uri and optional text
and version, then replace all inline param object annotations (the various
params: { languageId: string; pathToProject: string; uri: string; text?: string;
version?: number }) with that new type in the functions/methods in
src/services/lsp.ts so the signatures reference the shared type; update
imports/exports if needed and run type-check to ensure no other call sites need
minor adjustments.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/services/ssh.ts`:
- Around line 44-45: The SSH credential ID is interpolated raw into URL path
strings in src/services/ssh.ts (e.g.,
`/v1/sandbox/${sandboxIdOf(sandbox)}/ssh/${params.id}` and two other
occurrences), which can break routing for reserved characters; wrap the ID with
encodeURIComponent(params.id) in all three URL constructions (the
DELETE/GET/other request builders that reference params.id) so the path segments
are safely encoded and do this consistently wherever `params.id` is used in the
file.

---

Nitpick comments:
In `@src/services/lsp.ts`:
- Around line 97-103: Extract the repeated inline parameter object into a single
exported type (e.g., LspParams or LspRequestParams) that declares languageId,
pathToProject, uri and optional text and version, then replace all inline param
object annotations (the various params: { languageId: string; pathToProject:
string; uri: string; text?: string; version?: number }) with that new type in
the functions/methods in src/services/lsp.ts so the signatures reference the
shared type; update imports/exports if needed and run type-check to ensure no
other call sites need minor adjustments.

In `@tests/services/lsp.test.ts`:
- Around line 39-53: The test checks several LSP request payloads but omits
assertions for the remaining migrated calls; add explicit assertions against
calls[x] using the existing calls array and jsonOf helper to verify the stop
request (path "/v1/sandbox/sb-1/lsp/stop"), the didClosePath request (likely
payload with language_id, path_to_project, and uri for closed document), and the
documentSymbolsPath request (payload including language_id, path_to_project, and
uri) so all expected LSP interactions in this scenario are validated; reuse the
same assert.equal/assert.deepEqual style as the surrounding assertions to locate
these calls in the sequence.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 791d1cad-572f-4460-8e40-3e86e9b9fda1

📥 Commits

Reviewing files that changed from the base of the PR and between ec2e1b7 and b57d83e.

📒 Files selected for processing (16)

• README.md
• examples/desktop.ts
• examples/ssh.ts
• src/client/sandbox.ts
• src/services/desktop.ts
• src/services/filesystem.ts
• src/services/lsp.ts
• src/services/process.ts
• src/services/pty.ts
• src/services/ssh.ts
• tests/client/client-sandbox.test.ts
• tests/services/desktop.test.ts
• tests/services/filesystem.test.ts
• tests/services/lsp.test.ts
• tests/services/pty.test.ts
• tests/services/ssh.test.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Encode SSH credential IDs before interpolating into URL paths.

params.id is inserted raw into path segments. Reserved characters (e.g., /, ?, #) can alter endpoint targeting. Use encodeURIComponent for all three URL constructions.

🔧 Proposed fix

   async deleteAccess(
     sandbox: SandboxRef,
     params: { id: string },
     options: RequestOptions = {},
   ): Promise<void> {
+    const encodedId = encodeURIComponent(params.id);
     await this.transport.request(
-      `/v1/sandbox/${sandboxIdOf(sandbox)}/ssh/${params.id}`,
+      `/v1/sandbox/${sandboxIdOf(sandbox)}/ssh/${encodedId}`,
       { method: "DELETE" },
       options,
     );
   }

   async validateAccess(
     sandbox: SandboxRef,
     params: { id: string; password: string },
     options: RequestOptions = {},
   ): Promise<SshValidation> {
+    const encodedId = encodeURIComponent(params.id);
     const data = await this.transport.requestJson<SshValidation>(
-      `/v1/sandbox/${sandboxIdOf(sandbox)}/ssh/${params.id}/validate`,
+      `/v1/sandbox/${sandboxIdOf(sandbox)}/ssh/${encodedId}/validate`,
       { method: "POST", body: jsonBody({ password: params.password }) },
       options,
     );
     return normalize(sshValidationSchema, data);
   }

   async regenerateAccess(
     sandbox: SandboxRef,
     params: { id: string },
     options: RequestOptions = {},
   ): Promise<SshAccess> {
+    const encodedId = encodeURIComponent(params.id);
     const data = await this.transport.requestJson<SshAccess>(
-      `/v1/sandbox/${sandboxIdOf(sandbox)}/ssh/${params.id}/regen`,
+      `/v1/sandbox/${sandboxIdOf(sandbox)}/ssh/${encodedId}/regen`,
       { method: "POST" },
       options,
     );
     return normalize(sshAccessSchema, data);
   }

Also applies to: 64-65, 85-86

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/services/ssh.ts` around lines 44 - 45, The SSH credential ID is
interpolated raw into URL path strings in src/services/ssh.ts (e.g.,
`/v1/sandbox/${sandboxIdOf(sandbox)}/ssh/${params.id}` and two other
occurrences), which can break routing for reserved characters; wrap the ID with
encodeURIComponent(params.id) in all three URL constructions (the
DELETE/GET/other request builders that reference params.id) so the path segments
are safely encoded and do this consistently wherever `params.id` is used in the
file.