CLI
Cliente de linha de comando rápido para execução de código e sessões interativas. Mais de 42 linguagens, mais de 30 shells/REPLs.
Documentação Oficial OpenAPI Swagger ↗Início Rápido — Common Lisp
# Download + setup
curl -O https://git.unturf.com/engineering/unturf/un-inception/-/raw/main/clients/lisp/sync/src/un.lisp && chmod +x un.lisp && ln -sf un.lisp un
export UNSANDBOX_PUBLIC_KEY="unsb-pk-xxxx-xxxx-xxxx-xxxx"
export UNSANDBOX_SECRET_KEY="unsb-sk-xxxxx-xxxxx-xxxxx-xxxxx"
# Run code
./un script.lispBaixar
Guia de Instalação →Características:
- 42+ languages - Python, JS, Go, Rust, C++, Java...
- Sessions - 30+ shells/REPLs, tmux persistence
- Files - Upload files, collect artifacts
- Services - Persistent containers with domains
- Snapshots - Point-in-time backups
- Images - Publish, share, transfer
Início Rápido de Integração ⚡
Adicione superpoderes unsandbox ao seu app Common Lisp existente:
1
Baixar
curl -O https://git.unturf.com/engineering/unturf/un-inception/-/raw/main/clients/lisp/sync/src/un.lisp
2
Obter uma Chave API
# Option A: Environment variables
export UNSANDBOX_PUBLIC_KEY="unsb-pk-xxxx-xxxx-xxxx-xxxx"
export UNSANDBOX_SECRET_KEY="unsb-sk-xxxxx-xxxxx-xxxxx-xxxxx"
# Option B: Config file (persistent)
mkdir -p ~/.unsandbox
echo "unsb-pk-xxxx-xxxx-xxxx-xxxx,unsb-sk-xxxxx-xxxxx-xxxxx-xxxxx" > ~/.unsandbox/accounts.csv
3
Hello World
;; In your Common Lisp app:
(load "un.lisp")
(let ((result (execute-code "commonlisp" "(format t \"Hello from Common Lisp running on unsandbox!~%\")")))
(format t "~a" (gethash "stdout" result))) ; Hello from Common Lisp running on unsandbox!
Demo cooldown: s
stdout:
JSON Response:
4
Run
./un.lisp
MD5:
1993c73da7a5fbb099550d0534dc9d13
SHA256: 8af0af0bbf663f23799b176c324e8038c68adcb0c94a9198e17186fba9be884d
#!/usr/bin/env -S sbcl --script
;; PUBLIC DOMAIN - NO LICENSE, NO WARRANTY
;;
;; This is free public domain software for the public good of a permacomputer hosted
;; at permacomputer.com - an always-on computer by the people, for the people. One
;; which is durable, easy to repair, and distributed like tap water for machine
;; learning intelligence.
;;
;; The permacomputer is community-owned infrastructure optimized around four values:
;;
;; TRUTH - First principles, math & science, open source code freely distributed
;; FREEDOM - Voluntary partnerships, freedom from tyranny & corporate control
;; HARMONY - Minimal waste, self-renewing systems with diverse thriving connections
;; LOVE - Be yourself without hurting others, cooperation through natural law
;;
;; This software contributes to that vision by enabling code execution across 42+
;; programming languages through a unified interface, accessible to all. Code is
;; seeds to sprout on any abandoned technology.
;;
;; Learn more: https://www.permacomputer.com
;;
;; Anyone is free to copy, modify, publish, use, compile, sell, or distribute this
;; software, either in source code form or as a compiled binary, for any purpose,
;; commercial or non-commercial, and by any means.
;;
;; NO WARRANTY. THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.
;;
;; That said, our permacomputer's digital membrane stratum continuously runs unit,
;; integration, and functional tests on all of it's own software - with our
;; permacomputer monitoring itself, repairing itself, with minimal human in the
;; loop guidance. Our agents do their best.
;;
;; Copyright 2025 TimeHexOn & foxhop & russell@unturf
;; https://www.timehexon.com
;; https://www.foxhop.net
;; https://www.unturf.com/software
#!/usr/bin/env sbcl --script
;;;; Common Lisp UN CLI - Unsandbox CLI Client
;;;;
;;;; Full-featured CLI matching un.py capabilities
;;;; Uses curl for HTTP (no external dependencies)
(defpackage :un-cli
(:use :cl))
(in-package :un-cli)
(defparameter *blue* (format nil "~C[34m" #\Escape))
(defparameter *red* (format nil "~C[31m" #\Escape))
(defparameter *green* (format nil "~C[32m" #\Escape))
(defparameter *yellow* (format nil "~C[33m" #\Escape))
(defparameter *reset* (format nil "~C[0m" #\Escape))
(defparameter *portal-base* "https://unsandbox.com")
(defparameter *languages-cache-ttl* 3600) ;; 1 hour in seconds
(defparameter *ext-map*
'((".hs" . "haskell") (".ml" . "ocaml") (".clj" . "clojure")
(".scm" . "scheme") (".lisp" . "commonlisp") (".erl" . "erlang")
(".ex" . "elixir") (".exs" . "elixir") (".py" . "python")
(".js" . "javascript") (".ts" . "typescript") (".rb" . "ruby")
(".go" . "go") (".rs" . "rust") (".c" . "c") (".cpp" . "cpp")
(".cc" . "cpp") (".java" . "java") (".kt" . "kotlin")
(".cs" . "csharp") (".fs" . "fsharp") (".jl" . "julia")
(".r" . "r") (".cr" . "crystal") (".d" . "d") (".nim" . "nim")
(".zig" . "zig") (".v" . "v") (".dart" . "dart") (".sh" . "bash")
(".pl" . "perl") (".lua" . "lua") (".php" . "php")))
(defun get-extension (filename)
(let ((dot-pos (position #\. filename :from-end t)))
(if dot-pos (subseq filename dot-pos) "")))
(defun escape-json (s)
(with-output-to-string (out)
(loop for c across s do
(cond
((char= c #\\) (write-string "\\\\" out))
((char= c #\") (write-string "\\\"" out))
((char= c #\Newline) (write-string "\\n" out))
((char= c #\Return) (write-string "\\r" out))
((char= c #\Tab) (write-string "\\t" out))
(t (write-char c out))))))
(defun read-file (filename)
(with-open-file (stream filename)
(let ((contents (make-string (file-length stream))))
(read-sequence contents stream)
contents)))
(defun read-file-binary (filename)
"Read file as binary and return as vector of bytes"
(with-open-file (stream filename :element-type '(unsigned-byte 8))
(let* ((len (file-length stream))
(data (make-array len :element-type '(unsigned-byte 8))))
(read-sequence data stream)
data)))
(defun base64-encode-file (filename)
"Base64 encode a file using shell command"
(let* ((cmd (format nil "base64 -w0 ~a" (uiop:escape-sh-token filename)))
(result (string-trim '(#\Space #\Tab #\Newline #\Return)
(uiop:run-program cmd :output :string))))
result))
(defun build-input-files-json (files)
"Build input_files JSON array from list of filenames"
(if (null files)
""
(format nil ",\"input_files\":[~{~a~^,~}]"
(mapcar (lambda (f)
(let* ((basename (file-namestring f))
(content (base64-encode-file f)))
(format nil "{\"filename\":\"~a\",\"content\":\"~a\"}"
basename content)))
files))))
(defun write-temp-file (data)
(let ((tmp-file (format nil "/tmp/un_lisp_~a.json" (random 999999))))
(with-open-file (stream tmp-file :direction :output :if-exists :supersede)
(write-string data stream))
tmp-file))
(defun run-curl (args)
(with-output-to-string (out)
(let ((process (uiop:launch-program args :output :stream :error-output nil)))
(loop for line = (read-line (uiop:process-info-output process) nil)
while line do (format out "~a~%" line))
(uiop:wait-process process))))
(defun check-clock-drift (response)
"Check if response indicates clock drift error"
(when (and (search "timestamp" response)
(or (search "401" response)
(search "expired" response)
(search "invalid" response)))
(format t "~aError: Request timestamp expired (must be within 5 minutes of server time)~a~%" *red* *reset*)
(format t "~aYour computer's clock may have drifted.~a~%" *yellow* *reset*)
(format t "Check your system time and sync with NTP if needed:~%")
(format t " Linux: sudo ntpdate -s time.nist.gov~%")
(format t " macOS: sudo sntp -sS time.apple.com~%")
(format t " Windows: w32tm /resync~a~%" *reset*)
(uiop:quit 1)))
(defun curl-post (api-key endpoint json-data)
(let ((tmp-file (write-temp-file json-data)))
(unwind-protect
(destructuring-bind (public-key secret-key) (get-api-keys)
(let* ((auth-headers (build-auth-headers public-key secret-key "POST" endpoint json-data))
(base-args (list "curl" "-s" "-X" "POST"
(format nil "https://api.unsandbox.com~a" endpoint)
"-H" "Content-Type: application/json"))
(response (run-curl (append base-args auth-headers (list "-d" (format nil "@~a" tmp-file))))))
(check-clock-drift response)
response))
(delete-file tmp-file))))
(defun curl-get (api-key endpoint)
(destructuring-bind (public-key secret-key) (get-api-keys)
(let* ((auth-headers (build-auth-headers public-key secret-key "GET" endpoint ""))
(base-args (list "curl" "-s"
(format nil "https://api.unsandbox.com~a" endpoint)))
(response (run-curl (append base-args auth-headers))))
(check-clock-drift response)
response)))
(defun curl-delete (api-key endpoint)
(destructuring-bind (public-key secret-key) (get-api-keys)
(let* ((auth-headers (build-auth-headers public-key secret-key "DELETE" endpoint ""))
(base-args (list "curl" "-s" "-X" "DELETE"
(format nil "https://api.unsandbox.com~a" endpoint)))
(response (run-curl (append base-args auth-headers))))
(check-clock-drift response)
response)))
(defun run-curl-with-status (args)
"Run curl and return (response-body . http-code)"
(with-output-to-string (out)
(let ((process (uiop:launch-program
(append args (list "-w" "\\n%{http_code}"))
:output :stream :error-output nil)))
(loop for line = (read-line (uiop:process-info-output process) nil)
while line do (format out "~a~%" line))
(uiop:wait-process process))))
(defun parse-response-with-status (response)
"Parse response to extract body and HTTP status code"
(let* ((lines (remove-if (lambda (s) (zerop (length s)))
(uiop:split-string response :separator '(#\Newline))))
(last-line (car (last lines)))
(code (ignore-errors (parse-integer last-line))))
(if code
(cons (format nil "~{~a~^~%~}" (butlast lines)) code)
(cons response 0))))
(defun handle-sudo-challenge (response-data public-key secret-key method endpoint body)
"Handle 428 sudo OTP challenge - prompts user for OTP and retries"
(let ((challenge-id (parse-json-field response-data "challenge_id")))
(format *error-output* "~aConfirmation required. Check your email for a one-time code.~a~%" *yellow* *reset*)
(format *error-output* "Enter OTP: ")
(force-output *error-output*)
(let ((otp (string-trim '(#\Space #\Tab #\Newline #\Return) (read-line))))
(when (zerop (length otp))
(format *error-output* "Error: Operation cancelled~%")
(uiop:quit 1))
;; Retry the request with sudo headers
(let* ((auth-headers (build-auth-headers public-key secret-key method endpoint (or body "")))
(sudo-headers (list "-H" (format nil "X-Sudo-OTP: ~a" otp)
"-H" (format nil "X-Sudo-Challenge: ~a" (or challenge-id ""))))
(method-args (cond
((string= method "DELETE") (list "-X" "DELETE"))
((string= method "POST") (list "-X" "POST"))
(t (list "-X" method))))
(content-headers (if body (list "-H" "Content-Type: application/json") nil))
(body-args (if body (list "-d" body) nil))
(all-args (append (list "curl" "-s" "-w" "\\n%{http_code}")
method-args
(list (format nil "https://api.unsandbox.com~a" endpoint))
auth-headers
sudo-headers
content-headers
body-args))
(response (run-curl all-args))
(parsed (parse-response-with-status response))
(resp-body (car parsed))
(http-code (cdr parsed)))
(if (and (>= http-code 200) (< http-code 300))
(list t resp-body)
(progn
(format *error-output* "~aError: HTTP ~a~a~%" *red* http-code *reset*)
(format *error-output* "~a~%" resp-body)
(list nil resp-body)))))))
(defun curl-delete-with-sudo (api-key endpoint)
"DELETE request that handles 428 sudo OTP challenge"
(destructuring-bind (public-key secret-key) (get-api-keys)
(let* ((auth-headers (build-auth-headers public-key secret-key "DELETE" endpoint ""))
(base-args (append (list "curl" "-s" "-w" "\\n%{http_code}" "-X" "DELETE"
(format nil "https://api.unsandbox.com~a" endpoint))
auth-headers))
(response (run-curl base-args))
(parsed (parse-response-with-status response))
(body (car parsed))
(http-code (cdr parsed)))
(check-clock-drift body)
(if (= http-code 428)
(handle-sudo-challenge body public-key secret-key "DELETE" endpoint nil)
(list (and (>= http-code 200) (< http-code 300)) body)))))
(defun curl-post-with-sudo (api-key endpoint json-data)
"POST request that handles 428 sudo OTP challenge"
(let ((tmp-file (write-temp-file json-data)))
(unwind-protect
(destructuring-bind (public-key secret-key) (get-api-keys)
(let* ((auth-headers (build-auth-headers public-key secret-key "POST" endpoint json-data))
(base-args (append (list "curl" "-s" "-w" "\\n%{http_code}" "-X" "POST"
(format nil "https://api.unsandbox.com~a" endpoint)
"-H" "Content-Type: application/json")
auth-headers
(list "-d" (format nil "@~a" tmp-file))))
(response (run-curl base-args))
(parsed (parse-response-with-status response))
(body (car parsed))
(http-code (cdr parsed)))
(check-clock-drift body)
(if (= http-code 428)
(handle-sudo-challenge body public-key secret-key "POST" endpoint json-data)
(list (and (>= http-code 200) (< http-code 300)) body))))
(delete-file tmp-file))))
(defun curl-post-portal (api-key endpoint json-data)
(let ((tmp-file (write-temp-file json-data)))
(unwind-protect
(destructuring-bind (public-key secret-key) (get-api-keys)
(let* ((auth-headers (build-auth-headers public-key secret-key "POST" endpoint json-data))
(base-args (list "curl" "-s" "-X" "POST"
(format nil "~a~a" *portal-base* endpoint)
"-H" "Content-Type: application/json"))
(response (run-curl (append base-args auth-headers (list "-d" (format nil "@~a" tmp-file))))))
(check-clock-drift response)
response))
(delete-file tmp-file))))
(defun curl-patch (api-key endpoint json-data)
(let ((tmp-file (write-temp-file json-data)))
(unwind-protect
(destructuring-bind (public-key secret-key) (get-api-keys)
(let* ((auth-headers (build-auth-headers public-key secret-key "PATCH" endpoint json-data))
(base-args (list "curl" "-s" "-X" "PATCH"
(format nil "https://api.unsandbox.com~a" endpoint)
"-H" "Content-Type: application/json"))
(response (run-curl (append base-args auth-headers (list "-d" (format nil "@~a" tmp-file))))))
(check-clock-drift response)
response))
(delete-file tmp-file))))
(defun curl-put-text (api-key endpoint content)
"PUT request with text/plain content type (for vault)"
(let ((tmp-file (write-temp-file content)))
(unwind-protect
(destructuring-bind (public-key secret-key) (get-api-keys)
(let* ((auth-headers (build-auth-headers public-key secret-key "PUT" endpoint content))
(base-args (list "curl" "-s" "-X" "PUT"
(format nil "https://api.unsandbox.com~a" endpoint)
"-H" "Content-Type: text/plain"))
(response (run-curl (append base-args auth-headers (list "--data-binary" (format nil "@~a" tmp-file))))))
(check-clock-drift response)
response))
(delete-file tmp-file))))
(defun build-env-content (env-vars env-file)
"Build env content from list of env vars and env file"
(let ((lines '()))
;; Add env vars
(dolist (var env-vars)
(push var lines))
;; Add env file contents
(when (and env-file (probe-file env-file))
(with-open-file (stream env-file)
(loop for line = (read-line stream nil)
while line
do (let ((trimmed (string-trim '(#\Space #\Tab) line)))
(when (and (> (length trimmed) 0)
(not (char= (char trimmed 0) #\#)))
(push line lines))))))
(format nil "~{~a~^~%~}" (nreverse lines))))
(defun service-env-status (api-key service-id)
(format t "~a~%" (curl-get api-key (format nil "/services/~a/env" service-id))))
(defun service-env-set (api-key service-id content)
(format t "~a~%" (curl-put-text api-key (format nil "/services/~a/env" service-id) content)))
(defun service-env-export (api-key service-id)
(let* ((response (curl-post api-key (format nil "/services/~a/env/export" service-id) "{}"))
(content (parse-json-field response "content")))
(when content (format t "~a" content))))
(defun service-env-delete (api-key service-id)
(curl-delete api-key (format nil "/services/~a/env" service-id))
(format t "~aVault deleted: ~a~a~%" *green* service-id *reset*))
(defparameter *account-index* nil)
(defun load-accounts-csv (path index)
"Load row INDEX from a CSV file of public_key,secret_key pairs.
Skips blank lines and lines starting with #. Returns (list pk sk) or nil."
(when (probe-file path)
(handler-case
(with-open-file (stream path)
(let ((rows nil))
(loop for line = (read-line stream nil nil)
while line do
(let ((trimmed (string-trim '(#\Space #\Tab #\Return) line)))
(when (and (> (length trimmed) 0)
(not (char= (char trimmed 0) #\#)))
(let ((comma-pos (position #\, trimmed)))
(when comma-pos
(push (list (string-trim '(#\Space #\Tab) (subseq trimmed 0 comma-pos))
(string-trim '(#\Space #\Tab) (subseq trimmed (1+ comma-pos))))
rows))))))
(let ((rows (nreverse rows)))
(when (< index (length rows))
(nth index rows)))))
(error () nil))))
(defun get-api-keys ()
(let ((public-key (uiop:getenv "UNSANDBOX_PUBLIC_KEY"))
(secret-key (uiop:getenv "UNSANDBOX_SECRET_KEY"))
(api-key (uiop:getenv "UNSANDBOX_API_KEY"))
(home (uiop:getenv "HOME")))
(cond
;; --account N: load row N from accounts.csv, bypasses env vars
((not (null *account-index*))
(let ((result (or (load-accounts-csv
(format nil "~a/.unsandbox/accounts.csv" home)
*account-index*)
(load-accounts-csv "./accounts.csv" *account-index*))))
(or result
(progn
(format *error-output* "Error: account ~a not found in accounts.csv~%" *account-index*)
(uiop:quit 1)))))
;; env vars
((and public-key secret-key) (list public-key secret-key))
(api-key (list api-key nil))
;; accounts.csv fallback (row 0 or UNSANDBOX_ACCOUNT env var)
(t
(let* ((acc-env (uiop:getenv "UNSANDBOX_ACCOUNT"))
(row-idx (if acc-env
(handler-case (parse-integer acc-env) (error () 0))
0))
(result (or (load-accounts-csv
(format nil "~a/.unsandbox/accounts.csv" home)
row-idx)
(load-accounts-csv "./accounts.csv" row-idx))))
(or result
(progn
(format *error-output* "Error: UNSANDBOX_PUBLIC_KEY and UNSANDBOX_SECRET_KEY not set (or UNSANDBOX_API_KEY for backwards compat)~%")
(uiop:quit 1))))))))
(defun get-api-key ()
(first (get-api-keys)))
(defun hmac-sha256 (secret message)
"Compute HMAC-SHA256 using openssl command"
(let* ((secret-escaped (uiop:escape-sh-token secret))
(message-escaped (uiop:escape-sh-token message))
(cmd (format nil "echo -n ~a | openssl dgst -sha256 -hmac ~a | awk '{print $2}'"
message-escaped secret-escaped))
(result (string-trim '(#\Space #\Tab #\Newline #\Return)
(uiop:run-program cmd :output :string))))
result))
(defun make-signature (secret-key timestamp method path body)
(let ((message (format nil "~a:~a:~a:~a" timestamp method path body)))
(hmac-sha256 secret-key message)))
(defun build-auth-headers (public-key secret-key method path body)
(if secret-key
(let* ((timestamp (write-to-string (floor (get-universal-time))))
(signature (make-signature secret-key timestamp method path body)))
(list "-H" (format nil "Authorization: Bearer ~a" public-key)
"-H" (format nil "X-Timestamp: ~a" timestamp)
"-H" (format nil "X-Signature: ~a" signature)))
(list "-H" (format nil "Authorization: Bearer ~a" public-key))))
(defun execute-cmd (file)
(let* ((api-key (get-api-key))
(ext (get-extension file))
(language (cdr (assoc ext *ext-map* :test #'string=))))
(unless language
(format t "Error: Unknown extension: ~a~%" ext)
(uiop:quit 1))
(let* ((code (read-file file))
(json (format nil "{\"language\":\"~a\",\"code\":\"~a\"}"
language (escape-json code)))
(response (curl-post api-key "/execute" json)))
(format t "~a~%" response))))
(defun session-cmd (action id shell input-files)
(let ((api-key (get-api-key)))
(cond
((string= action "list")
(format t "~a~%" (curl-get api-key "/sessions")))
((string= action "kill")
(curl-delete api-key (format nil "/sessions/~a" id))
(format t "~aSession terminated: ~a~a~%" *green* id *reset*))
(t
(let* ((sh (or shell "bash"))
(input-files-json (build-input-files-json input-files))
(json (format nil "{\"shell\":\"~a\"~a}" sh input-files-json))
(response (curl-post api-key "/sessions" json)))
(format t "~aSession created (WebSocket required)~a~%" *yellow* *reset*)
(format t "~a~%" response))))))
(defun service-cmd (action id name ports bootstrap bootstrap-file service-type input-files env-vars env-file)
(let ((api-key (get-api-key)))
(cond
((string= action "list")
(format t "~a~%" (curl-get api-key "/services")))
((string= action "info")
(format t "~a~%" (curl-get api-key (format nil "/services/~a" id))))
((string= action "logs")
(format t "~a~%" (curl-get api-key (format nil "/services/~a/logs" id))))
((string= action "sleep")
(curl-post api-key (format nil "/services/~a/freeze" id) "{}")
(format t "~aService frozen: ~a~a~%" *green* id *reset*))
((string= action "wake")
(curl-post api-key (format nil "/services/~a/unfreeze" id) "{}")
(format t "~aService unfreezing: ~a~a~%" *green* id *reset*))
((string= action "destroy")
(let ((result (curl-delete-with-sudo api-key (format nil "/services/~a" id))))
(if (first result)
(format t "~aService destroyed: ~a~a~%" *green* id *reset*)
(progn
(format *error-output* "~aError destroying service~a~%" *red* *reset*)
(uiop:quit 1)))))
((string= action "resize")
(if (or (null service-type) (string= service-type ""))
(progn
(format *error-output* "~aError: --resize requires --vcpu N (1-8)~a~%" *red* *reset*)
(uiop:quit 1))
(let* ((vcpu (parse-integer service-type))
(ram (* vcpu 2))
(json (format nil "{\"vcpu\":~a}" vcpu)))
(curl-patch api-key (format nil "/services/~a" id) json)
(format t "~aService resized to ~a vCPU, ~a GB RAM~a~%" *green* vcpu ram *reset*))))
((string= action "unfreeze-on-demand")
(if (or (null service-type) (string= service-type ""))
(progn
(format *error-output* "~aError: --unfreeze-on-demand requires true or false~a~%" *red* *reset*)
(uiop:quit 1))
(let* ((enabled (string= service-type "true"))
(json (format nil "{\"unfreeze_on_demand\":~a}" (if enabled "true" "false"))))
(curl-patch api-key (format nil "/services/~a" id) json)
(format t "~aService unfreeze_on_demand set to ~a: ~a~a~%" *green* (if enabled "true" "false") id *reset*))))
((string= action "execute")
(when (and id bootstrap)
(let* ((json (format nil "{\"command\":\"~a\"}" (escape-json bootstrap)))
(response (curl-post api-key (format nil "/services/~a/execute" id) json))
(stdout-val (parse-json-field response "stdout")))
(when stdout-val
(format t "~a~a~a" *blue* stdout-val *reset*)))))
((string= action "dump-bootstrap")
(when id
(format *error-output* "Fetching bootstrap script from ~a...~%" id)
(let* ((json "{\"command\":\"cat /tmp/bootstrap.sh\"}")
(response (curl-post api-key (format nil "/services/~a/execute" id) json))
(stdout-val (parse-json-field response "stdout")))
(if stdout-val
(if service-type
(progn
(with-open-file (stream service-type :direction :output :if-exists :supersede)
(write-string stdout-val stream))
(uiop:run-program (list "chmod" "755" service-type))
(format t "Bootstrap saved to ~a~%" service-type))
(format t "~a" stdout-val))
(progn
(format *error-output* "~aError: Failed to fetch bootstrap (service not running or no bootstrap file)~a~%" *red* *reset*)
(uiop:quit 1))))))
;; Vault commands
((string= action "env-status")
(service-env-status api-key id))
((string= action "env-set")
(let ((content (build-env-content env-vars env-file)))
(if (> (length content) 0)
(service-env-set api-key id content)
(progn
(format *error-output* "~aError: No environment variables to set~a~%" *red* *reset*)
(uiop:quit 1)))))
((string= action "env-export")
(service-env-export api-key id))
((string= action "env-delete")
(service-env-delete api-key id))
;; Create service
((and (string= action "create") name)
(let* ((ports-json (if ports (format nil ",\"ports\":[~a]" ports) ""))
(bootstrap-json (if bootstrap (format nil ",\"bootstrap\":\"~a\"" (escape-json bootstrap)) ""))
(bootstrap-content-json (if bootstrap-file
(format nil ",\"bootstrap_content\":\"~a\"" (escape-json (read-file bootstrap-file)))
""))
(type-json (if service-type (format nil ",\"service_type\":\"~a\"" service-type) ""))
(input-files-json (build-input-files-json input-files))
(json (format nil "{\"name\":\"~a\"~a~a~a~a~a}" name ports-json bootstrap-json bootstrap-content-json type-json input-files-json))
(response (curl-post api-key "/services" json))
(service-id (parse-json-field response "id")))
(format t "~aService created~a~%" *green* *reset*)
(format t "~a~%" response)
;; Auto-set vault if env vars were provided
(let ((env-content (build-env-content env-vars env-file)))
(when (and service-id (> (length env-content) 0))
(format t "~aSetting vault for service...~a~%" *yellow* *reset*)
(service-env-set api-key service-id env-content)))))
(t
(format t "Error: --name required to create service, or use env subcommand~%")
(uiop:quit 1)))))
(defun parse-json-field (json field)
"Simple JSON field parser - extracts value for given field"
(let* ((field-pattern (format nil "\"~a\":" field))
(start (search field-pattern json)))
(when start
(let* ((value-start (+ start (length field-pattern)))
(first-char (char json value-start)))
(cond
((char= first-char #\")
;; String value
(let ((str-start (1+ value-start)))
(loop for i from str-start below (length json)
when (and (char= (char json i) #\")
(not (char= (char json (1- i)) #\\)))
return (subseq json str-start i))))
((char= first-char #\{)
;; Object value - skip for now
nil)
((char= first-char #\[)
;; Array value - skip for now
nil)
(t
;; Number, boolean, or null
(let ((end (or (position #\, json :start value-start)
(position #\} json :start value-start)
(length json))))
(string-trim '(#\Space #\Tab #\Newline #\Return)
(subseq json value-start end)))))))))
(defun open-browser (url)
"Open URL in default browser"
(uiop:run-program (list "xdg-open" url) :ignore-error-status t))
(defun validate-key (extend-flag)
(let* ((api-key (get-api-key))
(response (curl-post-portal api-key "/keys/validate" "{}"))
(status (parse-json-field response "status"))
(public-key (parse-json-field response "public_key"))
(tier (parse-json-field response "tier"))
(expires-at (parse-json-field response "expires_at")))
(cond
((string= status "valid")
(format t "~aValid~a~%" *green* *reset*)
(when public-key (format t "Public Key: ~a~%" public-key))
(when tier (format t "Tier: ~a~%" tier))
(when expires-at (format t "Expires: ~a~%" expires-at))
(let ((time-remaining (parse-json-field response "time_remaining"))
(rate-limit (parse-json-field response "rate_limit"))
(burst (parse-json-field response "burst"))
(concurrency (parse-json-field response "concurrency")))
(when time-remaining (format t "Time Remaining: ~a~%" time-remaining))
(when rate-limit (format t "Rate Limit: ~a~%" rate-limit))
(when burst (format t "Burst: ~a~%" burst))
(when concurrency (format t "Concurrency: ~a~%" concurrency)))
(when extend-flag
(if public-key
(let ((extend-url (format nil "~a/keys/extend?pk=~a" *portal-base* public-key)))
(format t "~aOpening browser to extend key...~a~%" *blue* *reset*)
(open-browser extend-url))
(format t "~aError: No public_key in response~a~%" *red* *reset*))))
((string= status "expired")
(format t "~aExpired~a~%" *red* *reset*)
(when public-key (format t "Public Key: ~a~%" public-key))
(when tier (format t "Tier: ~a~%" tier))
(when expires-at (format t "Expired: ~a~%" expires-at))
(format t "~aTo renew: Visit ~a/keys/extend~a~%" *yellow* *portal-base* *reset*)
(when extend-flag
(if public-key
(let ((extend-url (format nil "~a/keys/extend?pk=~a" *portal-base* public-key)))
(format t "~aOpening browser to extend key...~a~%" *blue* *reset*)
(open-browser extend-url))
(format t "~aError: No public_key in response~a~%" *red* *reset*))))
((string= status "invalid")
(format t "~aInvalid~a~%" *red* *reset*)
(format t "Response: ~a~%" response))
(t
(format t "~aUnknown status~a~%" *red* *reset*)
(format t "Response: ~a~%" response)))))
(defun key-cmd (extend-flag)
(validate-key extend-flag))
;; Image access management functions
(defun image-grant-access (id trusted-key)
(let* ((api-key (get-api-key))
(json (format nil "{\"trusted_api_key\":\"~a\"}" trusted-key)))
(curl-post api-key (format nil "/images/~a/grant-access" id) json)
(format t "~aAccess granted to: ~a~a~%" *green* trusted-key *reset*)))
(defun image-revoke-access (id trusted-key)
(let* ((api-key (get-api-key))
(json (format nil "{\"trusted_api_key\":\"~a\"}" trusted-key)))
(curl-post api-key (format nil "/images/~a/revoke-access" id) json)
(format t "~aAccess revoked from: ~a~a~%" *green* trusted-key *reset*)))
(defun image-list-trusted (id)
(let ((api-key (get-api-key)))
(format t "~a~%" (curl-get api-key (format nil "/images/~a/trusted" id)))))
(defun image-transfer (id to-key)
(let* ((api-key (get-api-key))
(json (format nil "{\"to_api_key\":\"~a\"}" to-key)))
(curl-post api-key (format nil "/images/~a/transfer" id) json)
(format t "~aImage transferred to: ~a~a~%" *green* to-key *reset*)))
;; Snapshot functions
(defun snapshot-list ()
(let ((api-key (get-api-key)))
(format t "~a~%" (curl-get api-key "/snapshots"))))
(defun snapshot-info (id)
(let ((api-key (get-api-key)))
(format t "~a~%" (curl-get api-key (format nil "/snapshots/~a" id)))))
(defun snapshot-session (session-id name hot)
(let* ((api-key (get-api-key))
(name-json (if name (format nil ",\"name\":\"~a\"" (escape-json name)) ""))
(hot-json (if hot ",\"hot\":true" ""))
(json (format nil "{\"session_id\":\"~a\"~a~a}" session-id name-json hot-json)))
(format t "~aSnapshot created~a~%" *green* *reset*)
(format t "~a~%" (curl-post api-key "/snapshots" json))))
(defun snapshot-service (service-id name hot)
(let* ((api-key (get-api-key))
(name-json (if name (format nil ",\"name\":\"~a\"" (escape-json name)) ""))
(hot-json (if hot ",\"hot\":true" ""))
(json (format nil "{\"service_id\":\"~a\"~a~a}" service-id name-json hot-json)))
(format t "~aSnapshot created~a~%" *green* *reset*)
(format t "~a~%" (curl-post api-key "/snapshots" json))))
(defun snapshot-restore (id)
(let ((api-key (get-api-key)))
(curl-post api-key (format nil "/snapshots/~a/restore" id) "{}")
(format t "~aSnapshot restored: ~a~a~%" *green* id *reset*)))
(defun snapshot-delete (id)
(let* ((api-key (get-api-key))
(result (curl-delete-with-sudo api-key (format nil "/snapshots/~a" id))))
(if (first result)
(format t "~aSnapshot deleted: ~a~a~%" *green* id *reset*)
(progn
(format *error-output* "~aError deleting snapshot~a~%" *red* *reset*)
(uiop:quit 1)))))
(defun snapshot-lock (id)
(let ((api-key (get-api-key)))
(curl-post api-key (format nil "/snapshots/~a/lock" id) "{}")
(format t "~aSnapshot locked: ~a~a~%" *green* id *reset*)))
(defun snapshot-unlock (id)
(let* ((api-key (get-api-key))
(result (curl-post-with-sudo api-key (format nil "/snapshots/~a/unlock" id) "{}")))
(if (first result)
(format t "~aSnapshot unlocked: ~a~a~%" *green* id *reset*)
(progn
(format *error-output* "~aError unlocking snapshot~a~%" *red* *reset*)
(uiop:quit 1)))))
(defun snapshot-clone (id clone-type name ports shell)
(let* ((api-key (get-api-key))
(type-json (format nil "\"clone_type\":\"~a\"" clone-type))
(name-json (if name (format nil ",\"name\":\"~a\"" (escape-json name)) ""))
(ports-json (if ports (format nil ",\"ports\":[~a]" ports) ""))
(shell-json (if shell (format nil ",\"shell\":\"~a\"" shell) ""))
(json (format nil "{~a~a~a~a}" type-json name-json ports-json shell-json)))
(format t "~aSnapshot cloned~a~%" *green* *reset*)
(format t "~a~%" (curl-post api-key (format nil "/snapshots/~a/clone" id) json))))
(defun snapshot-cmd (action id name ports shell hot)
(cond
((string= action "list") (snapshot-list))
((string= action "info") (snapshot-info id))
((string= action "session") (snapshot-session id name hot))
((string= action "service") (snapshot-service id name hot))
((string= action "restore") (snapshot-restore id))
((string= action "delete") (snapshot-delete id))
((string= action "lock") (snapshot-lock id))
((string= action "unlock") (snapshot-unlock id))
((string= action "clone") (snapshot-clone id "session" name ports shell))
(t (format t "~aError: Unknown snapshot action~a~%" *red* *reset*)
(uiop:quit 1))))
;; Session additional functions
(defun session-info (id)
(let ((api-key (get-api-key)))
(format t "~a~%" (curl-get api-key (format nil "/sessions/~a" id)))))
(defun session-boost (id vcpu)
(let* ((api-key (get-api-key))
(json (format nil "{\"vcpu\":~a}" vcpu)))
(curl-patch api-key (format nil "/sessions/~a" id) json)
(format t "~aSession boosted to ~a vCPU~a~%" *green* vcpu *reset*)))
(defun session-unboost (id)
(let* ((api-key (get-api-key))
(json "{\"vcpu\":1}"))
(curl-patch api-key (format nil "/sessions/~a" id) json)
(format t "~aSession unboosted to 1 vCPU~a~%" *green* *reset*)))
(defun session-execute (id command)
(let* ((api-key (get-api-key))
(json (format nil "{\"command\":\"~a\"}" (escape-json command)))
(response (curl-post api-key (format nil "/sessions/~a/execute" id) json))
(stdout-val (parse-json-field response "stdout")))
(when stdout-val
(format t "~a~a~a" *blue* stdout-val *reset*))))
;; Service additional functions
(defun service-lock (id)
(let ((api-key (get-api-key)))
(curl-post api-key (format nil "/services/~a/lock" id) "{}")
(format t "~aService locked: ~a~a~%" *green* id *reset*)))
(defun service-unlock (id)
(let* ((api-key (get-api-key))
(result (curl-post-with-sudo api-key (format nil "/services/~a/unlock" id) "{}")))
(if (first result)
(format t "~aService unlocked: ~a~a~%" *green* id *reset*)
(progn
(format *error-output* "~aError unlocking service~a~%" *red* *reset*)
(uiop:quit 1)))))
(defun service-redeploy (id bootstrap)
(let* ((api-key (get-api-key))
(json (if bootstrap
(format nil "{\"bootstrap\":\"~a\"}" (escape-json bootstrap))
"{}")))
(curl-post api-key (format nil "/services/~a/redeploy" id) json)
(format t "~aService redeploying: ~a~a~%" *green* id *reset*)))
;; PaaS logs functions
(defun logs-fetch (source lines since grep-pattern)
(let* ((api-key (get-api-key))
(params (format nil "?source=~a&lines=~a~a~a"
(or source "all")
(or lines 100)
(if since (format nil "&since=~a" since) "")
(if grep-pattern (format nil "&grep=~a" grep-pattern) ""))))
(format t "~a~%" (curl-get api-key (format nil "/logs~a" params)))))
;; Utility functions
(defun health-check ()
(let* ((cmd "curl -s https://api.unsandbox.com/health")
(result (uiop:run-program cmd :output :string)))
(format t "~a~%" result)
(search "ok" result)))
(defun sdk-version ()
"4.2.0")
(defun image-cmd (action id name ports source-type visibility-mode)
(let ((api-key (get-api-key)))
(cond
((string= action "list")
(format t "~a~%" (curl-get api-key "/images")))
((string= action "info")
(format t "~a~%" (curl-get api-key (format nil "/images/~a" id))))
((string= action "delete")
(let ((result (curl-delete-with-sudo api-key (format nil "/images/~a" id))))
(if (first result)
(format t "~aImage deleted: ~a~a~%" *green* id *reset*)
(progn
(format *error-output* "~aError deleting image~a~%" *red* *reset*)
(uiop:quit 1)))))
((string= action "lock")
(curl-post api-key (format nil "/images/~a/lock" id) "{}")
(format t "~aImage locked: ~a~a~%" *green* id *reset*))
((string= action "unlock")
(let ((result (curl-post-with-sudo api-key (format nil "/images/~a/unlock" id) "{}")))
(if (first result)
(format t "~aImage unlocked: ~a~a~%" *green* id *reset*)
(progn
(format *error-output* "~aError unlocking image~a~%" *red* *reset*)
(uiop:quit 1)))))
((string= action "publish")
(if (or (null source-type) (string= source-type ""))
(progn
(format *error-output* "~aError: --source-type required (service or snapshot)~a~%" *red* *reset*)
(uiop:quit 1))
(let* ((name-json (if name (format nil ",\"name\":\"~a\"" (escape-json name)) ""))
(json (format nil "{\"source_type\":\"~a\",\"source_id\":\"~a\"~a}" source-type id name-json))
(response (curl-post api-key "/images/publish" json)))
(format t "~aImage published~a~%" *green* *reset*)
(format t "~a~%" response))))
((string= action "visibility")
(if (or (null visibility-mode) (string= visibility-mode ""))
(progn
(format *error-output* "~aError: --visibility requires MODE (private, unlisted, or public)~a~%" *red* *reset*)
(uiop:quit 1))
(let ((json (format nil "{\"visibility\":\"~a\"}" visibility-mode)))
(curl-post api-key (format nil "/images/~a/visibility" id) json)
(format t "~aImage visibility set to ~a: ~a~a~%" *green* visibility-mode id *reset*))))
((string= action "spawn")
(let* ((name-json (if name (format nil "\"name\":\"~a\"" (escape-json name)) ""))
(ports-json (if ports (format nil "\"ports\":[~a]" ports) ""))
(content (cond
((and name ports) (format nil "~a,~a" name-json ports-json))
(name name-json)
(ports ports-json)
(t "")))
(json (format nil "{~a}" content))
(response (curl-post api-key (format nil "/images/~a/spawn" id) json)))
(format t "~aService spawned from image~a~%" *green* *reset*)
(format t "~a~%" response)))
((string= action "clone")
(let* ((name-json (if name (format nil "\"name\":\"~a\"" (escape-json name)) ""))
(json (format nil "{~a}" name-json))
(response (curl-post api-key (format nil "/images/~a/clone" id) json)))
(format t "~aImage cloned~a~%" *green* *reset*)
(format t "~a~%" response)))
(t
(format t "~aError: Use --list, --info ID, --delete ID, --lock ID, --unlock ID, --publish ID, --visibility ID MODE, --spawn ID, or --clone ID~a~%" *red* *reset*)
(uiop:quit 1)))))
(defun parse-input-files (args)
"Parse -f flags from args and return list of filenames"
(let ((files nil))
(loop for i from 0 below (1- (length args))
do (when (string= (nth i args) "-f")
(let ((file (nth (1+ i) args)))
(if (probe-file file)
(push file files)
(progn
(format *error-output* "Error: File not found: ~a~%" file)
(uiop:quit 1))))))
(nreverse files)))
(defun get-languages-cache-path ()
"Get the path to the languages cache file"
(let ((home (uiop:getenv "HOME")))
(format nil "~a/.unsandbox/languages.json" home)))
(defun load-languages-cache ()
"Load languages from cache if valid"
(let ((cache-path (get-languages-cache-path)))
(when (probe-file cache-path)
(handler-case
(let* ((content (read-file cache-path))
(timestamp-str (parse-json-field content "timestamp")))
(when timestamp-str
(let* ((cache-time (parse-integer timestamp-str))
(now (get-universal-time)))
(when (< (- now cache-time) *languages-cache-ttl*)
content))))
(error () nil)))))
(defun save-languages-cache (languages-json)
"Save languages to cache"
(let* ((cache-path (get-languages-cache-path))
(cache-dir (directory-namestring cache-path)))
(ensure-directories-exist cache-path)
(let* ((timestamp (get-universal-time))
(cache-content (format nil "{\"languages\":~a,\"timestamp\":~a}" languages-json timestamp)))
(with-open-file (stream cache-path :direction :output :if-exists :supersede)
(write-string cache-content stream)))))
(defun languages-cmd (json-output)
"List available programming languages"
(let* ((api-key (get-api-key))
;; Try cache first
(cached (load-languages-cache))
(response (if cached
cached
(let ((resp (curl-get api-key "/languages")))
;; Extract and cache the languages array
(let ((start (search "\"languages\":[" resp)))
(when start
(let* ((array-start (+ start (length "\"languages\":")))
(array-end (position #\] resp :start array-start)))
(when array-end
(let ((languages-json (subseq resp array-start (1+ array-end))))
(save-languages-cache languages-json))))))
resp)))
(languages-start (search "\"languages\":[" response)))
(if json-output
;; JSON output - extract and print the languages array
(if languages-start
(let* ((array-start (+ languages-start (length "\"languages\":")))
(array-end (position #\] response :start array-start))
(array-content (subseq response array-start (1+ array-end))))
(format t "~a~%" array-content))
(format t "[]~%"))
;; Plain output - one language per line
(if languages-start
(let* ((array-start (+ languages-start (length "\"languages\":[")))
(array-end (position #\] response :start array-start))
(array-content (subseq response array-start array-end)))
;; Parse each quoted string
(loop for i = 0 then (+ j 1)
for start = (position #\" array-content :start i)
while start
for end = (position #\" array-content :start (1+ start))
while end
for j = end
do (format t "~a~%" (subseq array-content (1+ start) end))))
(format t "")))))
(defun strip-account-flag (args)
"Remove --account N from args, set *account-index* as side-effect. Returns filtered args."
(let ((result nil)
(i 0)
(vec (coerce args 'vector)))
(loop while (< i (length vec)) do
(cond
((string= (aref vec i) "--account")
(when (< (+ i 1) (length vec))
(setf *account-index*
(handler-case (parse-integer (aref vec (+ i 1))) (error () nil))))
(incf i 2))
(t
(push (aref vec i) result)
(incf i))))
(nreverse result)))
(defun main ()
(let* ((raw-args (uiop:command-line-arguments))
(args (strip-account-flag raw-args)))
(if (null args)
(progn
(format t "Usage: un.lisp [options] <source_file>~%")
(format t " un.lisp session [options]~%")
(format t " un.lisp service [options]~%")
(format t " un.lisp image [options]~%")
(format t " un.lisp languages [--json]~%")
(format t " un.lisp key [--extend]~%")
(format t "~%Image options:~%")
(format t " --list List all images~%")
(format t " --info ID Get image details~%")
(format t " --delete ID Delete an image~%")
(format t " --lock ID Lock image to prevent deletion~%")
(format t " --unlock ID Unlock image~%")
(format t " --publish ID Publish image (requires --source-type)~%")
(format t " --source-type TYPE Source type: service or snapshot~%")
(format t " --visibility ID MODE Set visibility: private, unlisted, public~%")
(format t " --spawn ID Spawn service from image~%")
(format t " --clone ID Clone an image~%")
(format t " --name NAME Name for spawned service or cloned image~%")
(format t " --ports PORTS Ports for spawned service~%")
(uiop:quit 1))
(cond
((string= (first args) "languages")
(let ((json-flag (and (> (length args) 1) (string= (second args) "--json"))))
(languages-cmd json-flag)))
((string= (first args) "session")
(cond
((and (> (length args) 1) (string= (second args) "--list"))
(session-cmd "list" nil nil nil))
((and (> (length args) 2) (string= (second args) "--kill"))
(session-cmd "kill" (third args) nil nil))
(t
;; Parse session create options including -f
(let* ((rest-args (cdr args))
(shell nil)
(input-files (parse-input-files rest-args)))
(loop for i from 0 below (1- (length rest-args))
do (let ((opt (nth i rest-args))
(val (nth (1+ i) rest-args)))
(cond
((or (string= opt "--shell") (string= opt "-s")) (setf shell val))
((string= opt "-f") nil) ; already parsed
((and (> (length opt) 0) (char= (char opt 0) #\-))
(format *error-output* "Unknown option: ~a~%" opt)
(format *error-output* "Usage: un.lisp session [options]~%")
(uiop:quit 1)))))
(session-cmd "create" nil shell input-files)))))
((string= (first args) "service")
(cond
((and (> (length args) 1) (string= (second args) "--list"))
(service-cmd "list" nil nil nil nil nil nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--info"))
(service-cmd "info" (third args) nil nil nil nil nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--logs"))
(service-cmd "logs" (third args) nil nil nil nil nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--freeze"))
(service-cmd "sleep" (third args) nil nil nil nil nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--unfreeze"))
(service-cmd "wake" (third args) nil nil nil nil nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--destroy"))
(service-cmd "destroy" (third args) nil nil nil nil nil nil nil nil))
((and (> (length args) 3) (string= (second args) "--resize"))
;; --resize ID --vcpu N: id is third, vcpu is fourth (after -v flag)
(let ((id (third args))
(vcpu (if (and (> (length args) 4)
(or (string= (fourth args) "-v")
(string= (fourth args) "--vcpu")))
(fifth args)
nil)))
(service-cmd "resize" id nil nil nil nil vcpu nil nil nil)))
((and (> (length args) 3) (string= (second args) "--unfreeze-on-demand"))
;; --unfreeze-on-demand ID true|false: id is third, value is fourth
(let ((id (third args))
(value (fourth args)))
(service-cmd "unfreeze-on-demand" id nil nil nil nil value nil nil nil)))
((and (> (length args) 3) (string= (second args) "--execute"))
(service-cmd "execute" (third args) nil nil (fourth args) nil nil nil nil nil))
((and (> (length args) 3) (string= (second args) "--dump-bootstrap"))
(service-cmd "dump-bootstrap" (third args) nil nil nil nil (fourth args) nil nil nil))
((and (> (length args) 2) (string= (second args) "--dump-bootstrap"))
(service-cmd "dump-bootstrap" (third args) nil nil nil nil nil nil nil nil))
;; Service env subcommand: service env <action> <id> [options]
((and (> (length args) 1) (string= (second args) "env"))
(if (< (length args) 4)
(progn
(format *error-output* "Usage: un.lisp service env <status|set|export|delete> <service_id> [options]~%")
(uiop:quit 1))
(let* ((env-action (third args))
(service-id (fourth args))
(rest-args (if (> (length args) 4) (nthcdr 4 args) nil)))
(cond
((string= env-action "status")
(service-cmd "env-status" service-id nil nil nil nil nil nil nil nil))
((string= env-action "set")
;; Parse -e and --env-file from rest-args
(let ((env-vars nil)
(env-file nil))
(loop for i from 0 below (1- (length rest-args))
do (let ((opt (nth i rest-args))
(val (nth (1+ i) rest-args)))
(cond
((string= opt "-e") (push val env-vars))
((string= opt "--env-file") (setf env-file val)))))
(service-cmd "env-set" service-id nil nil nil nil nil nil (nreverse env-vars) env-file)))
((string= env-action "export")
(service-cmd "env-export" service-id nil nil nil nil nil nil nil nil))
((string= env-action "delete")
(service-cmd "env-delete" service-id nil nil nil nil nil nil nil nil))
(t
(format *error-output* "~aUnknown env action: ~a~a~%" *red* env-action *reset*)
(uiop:quit 1))))))
((and (> (length args) 2) (string= (second args) "--name"))
(let* ((name (third args))
(rest-args (nthcdr 3 args))
(ports nil)
(bootstrap nil)
(bootstrap-file nil)
(service-type nil)
(env-vars nil)
(env-file nil)
(input-files (parse-input-files rest-args)))
(loop for i from 0 below (1- (length rest-args))
do (let ((opt (nth i rest-args))
(val (nth (1+ i) rest-args)))
(cond
((string= opt "--ports") (setf ports val))
((string= opt "--bootstrap") (setf bootstrap val))
((string= opt "--bootstrap-file") (setf bootstrap-file val))
((string= opt "--type") (setf service-type val))
((string= opt "-e") (push val env-vars))
((string= opt "--env-file") (setf env-file val)))))
(service-cmd "create" nil name ports bootstrap bootstrap-file service-type input-files (nreverse env-vars) env-file)))
(t
(format t "Error: Invalid service command~%")
(uiop:quit 1))))
((string= (first args) "key")
(let ((extend-flag (and (> (length args) 1) (string= (second args) "--extend"))))
(key-cmd extend-flag)))
((string= (first args) "snapshot")
(cond
((and (> (length args) 1) (string= (second args) "--list"))
(snapshot-cmd "list" nil nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--info"))
(snapshot-cmd "info" (third args) nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--session"))
(snapshot-cmd "session" (third args) nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--service"))
(snapshot-cmd "service" (third args) nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--restore"))
(snapshot-cmd "restore" (third args) nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--delete"))
(snapshot-cmd "delete" (third args) nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--lock"))
(snapshot-cmd "lock" (third args) nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--unlock"))
(snapshot-cmd "unlock" (third args) nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--clone"))
(snapshot-cmd "clone" (third args) nil nil nil nil))
(t
(snapshot-cmd "list" nil nil nil nil nil))))
((string= (first args) "image")
(cond
((and (> (length args) 1) (string= (second args) "--list"))
(image-cmd "list" nil nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--info"))
(image-cmd "info" (third args) nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--delete"))
(image-cmd "delete" (third args) nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--lock"))
(image-cmd "lock" (third args) nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--unlock"))
(image-cmd "unlock" (third args) nil nil nil nil))
((and (> (length args) 2) (string= (second args) "--publish"))
;; --publish ID --source-type TYPE [--name NAME]
(let* ((source-id (third args))
(rest-args (nthcdr 3 args))
(source-type nil)
(name nil))
(loop for i from 0 below (1- (length rest-args))
do (let ((opt (nth i rest-args))
(val (nth (1+ i) rest-args)))
(cond
((string= opt "--source-type") (setf source-type val))
((string= opt "--name") (setf name val)))))
(image-cmd "publish" source-id name nil source-type nil)))
((and (> (length args) 3) (string= (second args) "--visibility"))
;; --visibility ID MODE
(image-cmd "visibility" (third args) nil nil nil (fourth args)))
((and (> (length args) 2) (string= (second args) "--spawn"))
;; --spawn ID [--name NAME] [--ports PORTS]
(let* ((image-id (third args))
(rest-args (nthcdr 3 args))
(name nil)
(ports nil))
(loop for i from 0 below (1- (length rest-args))
do (let ((opt (nth i rest-args))
(val (nth (1+ i) rest-args)))
(cond
((string= opt "--name") (setf name val))
((string= opt "--ports") (setf ports val)))))
(image-cmd "spawn" image-id name ports nil nil)))
((and (> (length args) 2) (string= (second args) "--clone"))
;; --clone ID [--name NAME]
(let* ((image-id (third args))
(rest-args (nthcdr 3 args))
(name nil))
(loop for i from 0 below (1- (length rest-args))
do (let ((opt (nth i rest-args))
(val (nth (1+ i) rest-args)))
(when (string= opt "--name") (setf name val))))
(image-cmd "clone" image-id name nil nil nil)))
(t
(format t "~aError: Invalid image command~a~%" *red* *reset*)
(uiop:quit 1))))
(t
(execute-cmd (first args)))))))
(main)
Esclarecimentos de documentação
Dependências
C Binary (un1) — requer libcurl e libwebsockets:
sudo apt install build-essential libcurl4-openssl-dev libwebsockets-dev
wget unsandbox.com/downloads/un.c && gcc -O2 -o un un.c -lcurl -lwebsocketsImplementações SDK — a maioria usa apenas stdlib (Ruby, JS, Go, etc). Alguns requerem dependências mínimas:
pip install requests # PythonExecutar Código
Executar um script
./un hello.py
./un app.js
./un main.rsCom variáveis de ambiente
./un -e DEBUG=1 -e NAME=World script.pyCom arquivos de entrada (teletransportar arquivos para sandbox)
./un -f data.csv -f config.json process.pyObter binário compilado
./un -a -o ./bin main.cSessões interativas
Iniciar uma sessão de shell
# Default bash shell
./un session
# Choose your shell
./un session --shell zsh
./un session --shell fish
# Jump into a REPL
./un session --shell python3
./un session --shell node
./un session --shell juliaSessão com acesso à rede
./un session -n semitrustedAuditoria de sessão (gravação completa do terminal)
# Record everything (including vim, interactive programs)
./un session --audit -o ./logs
# Replay session later
zcat session.log*.gz | less -RColetar artefatos da sessão
# Files in /tmp/artifacts/ are collected on exit
./un session -a -o ./outputsPersistência de sessão (tmux/screen)
# Default: session terminates on disconnect (clean exit)
./un session
# With tmux: session persists, can reconnect later
./un session --tmux
# Press Ctrl+b then d to detach
# With screen: alternative multiplexer
./un session --screen
# Press Ctrl+a then d to detachListar Trabalhos Ativos
./un session --list
# Output:
# Active sessions: 2
#
# SESSION ID CONTAINER SHELL TTL STATUS
# abc123... unsb-vm-12345 python3 45m30s active
# def456... unsb-vm-67890 bash 1h2m activeReconectar à sessão existente
# Reconnect by container name (requires --tmux or --screen)
./un session --attach unsb-vm-12345
# Use exit to terminate session, or detach to keep it runningEncerrar uma sessão
./un session --kill unsb-vm-12345Shells e REPLs disponíveis
Shells: bash, dash, sh, zsh, fish, ksh, tcsh, csh, elvish, xonsh, ash
REPLs: python3, bpython, ipython # Python
node # JavaScript
ruby, irb # Ruby
lua # Lua
php # PHP
perl # Perl
guile, scheme # Scheme
ghci # Haskell
erl, iex # Erlang/Elixir
sbcl, clisp # Common Lisp
r # R
julia # Julia
clojure # ClojureGerenciamento de Chave API
Verificar Status do Pagamento
# Check if your API key is valid
./un key
# Output:
# Valid: key expires in 30 daysEstender Chave Expirada
# Open the portal to extend an expired key
./un key --extend
# This opens the unsandbox.com portal where you can
# add more credits to extend your key's expirationAutenticação
As credenciais são carregadas em ordem de prioridade (maior primeiro):
# 1. CLI flags (highest priority)
./un -p unsb-pk-xxxx -k unsb-sk-xxxxx script.py
# 2. Environment variables
export UNSANDBOX_PUBLIC_KEY=unsb-pk-xxxx-xxxx-xxxx-xxxx
export UNSANDBOX_SECRET_KEY=unsb-sk-xxxxx-xxxxx-xxxxx-xxxxx
./un script.py
# 3. Config file (lowest priority)
# ~/.unsandbox/accounts.csv format: public_key,secret_key
mkdir -p ~/.unsandbox
echo "unsb-pk-xxxx-xxxx-xxxx-xxxx,unsb-sk-xxxxx-xxxxx-xxxxx-xxxxx" > ~/.unsandbox/accounts.csv
./un script.pyAs requisições são assinadas com HMAC-SHA256. O token bearer contém apenas a chave pública; a chave secreta calcula a assinatura (nunca é transmitida).
Escalonamento de Recursos
Definir Quantidade de vCPU
# Default: 1 vCPU, 2GB RAM
./un script.py
# Scale up: 4 vCPUs, 8GB RAM
./un -v 4 script.py
# Maximum: 8 vCPUs, 16GB RAM
./un --vcpu 8 heavy_compute.pyReforço de Sessão Ao Vivo
# Boost a running session to 2 vCPU, 4GB RAM
./un session --boost sandbox-abc
# Boost to specific vCPU count (4 vCPU, 8GB RAM)
./un session --boost sandbox-abc --boost-vcpu 4
# Return to base resources (1 vCPU, 2GB RAM)
./un session --unboost sandbox-abcCongelar/Descongelar Sessão
Congelar e Descongelar Sessões
# Freeze a session (stop billing, preserve state)
./un session --freeze sandbox-abc
# Unfreeze a frozen session
./un session --unfreeze sandbox-abc
# Note: Requires --tmux or --screen for persistenceServiços Persistentes
Criar um Serviço
# Web server with ports
./un service --name web --ports 80,443 --bootstrap "python -m http.server 80"
# With custom domains
./un service --name blog --ports 8000 --domains blog.example.com
# Game server with SRV records
./un service --name mc --type minecraft --bootstrap ./setup.sh
# Deploy app tarball with bootstrap script
./un service --name app --ports 8000 -f app.tar.gz --bootstrap-file ./setup.sh
# setup.sh: cd /tmp && tar xzf app.tar.gz && ./app/start.shGerenciar Serviços
# List all services
./un service --list
# Get service details
./un service --info abc123
# View bootstrap logs
./un service --logs abc123
./un service --tail abc123 # last 9000 lines
# Execute command in running service
./un service --execute abc123 'journalctl -u myapp -n 50'
# Dump bootstrap script (for migrations)
./un service --dump-bootstrap abc123
./un service --dump-bootstrap abc123 backup.sh
# Freeze/unfreeze service
./un service --freeze abc123
./un service --unfreeze abc123
# Service settings (auto-wake, freeze page display)
./un service --auto-unfreeze abc123 # enable auto-wake on HTTP
./un service --no-auto-unfreeze abc123 # disable auto-wake
./un service --show-freeze-page abc123 # show HTML payment page (default)
./un service --no-show-freeze-page abc123 # return JSON error instead
# Redeploy with new bootstrap
./un service --redeploy abc123 --bootstrap ./new-setup.sh
# Destroy service
./un service --destroy abc123Snapshots
Listar Snapshots
./un snapshot --list
# Output:
# Snapshots: 3
#
# SNAPSHOT ID NAME SOURCE SIZE CREATED
# unsb-snapshot-a1b2-c3d4-e5f6-g7h8 before-upgrade session 512 MB 2h ago
# unsb-snapshot-i9j0-k1l2-m3n4-o5p6 stable-v1.0 service 1.2 GB 1d agoCriar Snapshot da Sessão
# Snapshot with name
./un session --snapshot unsb-vm-12345 --name "before upgrade"
# Quick snapshot (auto-generated name)
./un session --snapshot unsb-vm-12345Criar Snapshot do Serviço
# Standard snapshot (pauses container briefly)
./un service --snapshot unsb-service-abc123 --name "stable v1.0"
# Hot snapshot (no pause, may be inconsistent)
./un service --snapshot unsb-service-abc123 --hotRestaurar a partir do Snapshot
# Restore session from snapshot
./un session --restore unsb-snapshot-a1b2-c3d4-e5f6-g7h8
# Restore service from snapshot
./un service --restore unsb-snapshot-i9j0-k1l2-m3n4-o5p6Excluir Snapshot
./un snapshot --delete unsb-snapshot-a1b2-c3d4-e5f6-g7h8Imagens
Imagens são imagens de container independentes e transferíveis que sobrevivem à exclusão do container. Diferente dos snapshots (que permanecem com seu container), imagens podem ser compartilhadas com outros usuários, transferidas entre chaves de API ou tornadas públicas no marketplace.
Listar Imagens
# List all images (owned + shared + public)
./un image --list
# List only your images
./un image --list owned
# List images shared with you
./un image --list shared
# List public marketplace images
./un image --list public
# Get image details
./un image --info unsb-image-xxxx-xxxx-xxxx-xxxxPublicar Imagens
# Publish from a stopped or frozen service
./un image --publish-service unsb-service-abc123 \
--name "My App v1.0" --description "Production snapshot"
# Publish from a snapshot
./un image --publish-snapshot unsb-snapshot-xxxx-xxxx-xxxx-xxxx \
--name "Stable Release"
# Note: Cannot publish from running containers - stop or freeze firstCriar Serviços a partir de Imagens
# Spawn a new service from an image
./un image --spawn unsb-image-xxxx-xxxx-xxxx-xxxx \
--name new-service --ports 80,443
# Clone an image (creates a copy you own)
./un image --clone unsb-image-xxxx-xxxx-xxxx-xxxxProteção de Imagem
# Lock image to prevent accidental deletion
./un image --lock unsb-image-xxxx-xxxx-xxxx-xxxx
# Unlock image to allow deletion
./un image --unlock unsb-image-xxxx-xxxx-xxxx-xxxx
# Delete image (must be unlocked)
./un image --delete unsb-image-xxxx-xxxx-xxxx-xxxxVisibilidade e Compartilhamento
# Set visibility level
./un image --visibility unsb-image-xxxx-xxxx-xxxx-xxxx private # owner only (default)
./un image --visibility unsb-image-xxxx-xxxx-xxxx-xxxx unlisted # can be shared
./un image --visibility unsb-image-xxxx-xxxx-xxxx-xxxx public # marketplace
# Share with specific user
./un image --grant unsb-image-xxxx-xxxx-xxxx-xxxx \
--key unsb-pk-friend-friend-friend-friend
# Revoke access
./un image --revoke unsb-image-xxxx-xxxx-xxxx-xxxx \
--key unsb-pk-friend-friend-friend-friend
# List who has access
./un image --trusted unsb-image-xxxx-xxxx-xxxx-xxxxTransferir Propriedade
# Transfer image to another API key
./un image --transfer unsb-image-xxxx-xxxx-xxxx-xxxx \
--to unsb-pk-newowner-newowner-newowner-newownerReferência de uso
Usage: ./un [options] <source_file>
./un session [options]
./un service [options]
./un snapshot [options]
./un image [options]
./un key
Commands:
(default) Execute source file in sandbox
session Open interactive shell/REPL session
service Manage persistent services
snapshot Manage container snapshots
image Manage container images (publish, share, transfer)
key Check API key validity and expiration
Options:
-e KEY=VALUE Set environment variable (can use multiple times)
-f FILE Add input file (can use multiple times)
-a Return and save artifacts from /tmp/artifacts/
-o DIR Output directory for artifacts (default: current dir)
-p KEY Public key (or set UNSANDBOX_PUBLIC_KEY env var)
-k KEY Secret key (or set UNSANDBOX_SECRET_KEY env var)
-n MODE Network mode: zerotrust (default) or semitrusted
-v N, --vcpu N vCPU count 1-8, each vCPU gets 2GB RAM (default: 1)
-y Skip confirmation for large uploads (>1GB)
-h Show this help
Authentication (priority order):
1. -p and -k flags (public and secret key)
2. UNSANDBOX_PUBLIC_KEY + UNSANDBOX_SECRET_KEY env vars
3. ~/.unsandbox/accounts.csv (format: public_key,secret_key per line)
Session options:
-s, --shell SHELL Shell/REPL to use (default: bash)
-l, --list List active sessions
--attach ID Reconnect to existing session (ID or container name)
--kill ID Terminate a session (ID or container name)
--freeze ID Freeze a session (requires --tmux/--screen)
--unfreeze ID Unfreeze a frozen session
--boost ID Boost session resources (2 vCPU, 4GB RAM)
--boost-vcpu N Specify vCPU count for boost (1-8)
--unboost ID Return to base resources
--audit Record full session for auditing
--tmux Enable session persistence with tmux (allows reconnect)
--screen Enable session persistence with screen (allows reconnect)
Service options:
--name NAME Service name (creates new service)
--ports PORTS Comma-separated ports (e.g., 80,443)
--domains DOMAINS Custom domains (e.g., example.com,www.example.com)
--type TYPE Service type: minecraft, mumble, teamspeak, source, tcp, udp
--bootstrap CMD Bootstrap command/file/URL to run on startup
-f FILE Upload file to /tmp/ (can use multiple times)
-l, --list List all services
--info ID Get service details
--tail ID Get last 9000 lines of bootstrap logs
--logs ID Get all bootstrap logs
--freeze ID Freeze a service
--unfreeze ID Unfreeze a service
--auto-unfreeze ID Enable auto-wake on HTTP request
--no-auto-unfreeze ID Disable auto-wake on HTTP request
--show-freeze-page ID Show HTML payment page when frozen (default)
--no-show-freeze-page ID Return JSON error when frozen
--destroy ID Destroy a service
--redeploy ID Re-run bootstrap script (requires --bootstrap)
--execute ID CMD Run a command in a running service
--dump-bootstrap ID [FILE] Dump bootstrap script (for migrations)
--snapshot ID Create snapshot of session or service
--snapshot-name User-friendly name for snapshot
--hot Create snapshot without pausing (may be inconsistent)
--restore ID Restore session/service from snapshot ID
Snapshot options:
-l, --list List all snapshots
--info ID Get snapshot details
--delete ID Delete a snapshot permanently
Image options:
-l, --list [owned|shared|public] List images (all, owned, shared, or public)
--info ID Get image details
--publish-service ID Publish image from stopped/frozen service
--publish-snapshot ID Publish image from snapshot
--name NAME Name for published image
--description DESC Description for published image
--delete ID Delete image (must be unlocked)
--clone ID Clone image (creates copy you own)
--spawn ID Create service from image (requires --name)
--lock ID Lock image to prevent deletion
--unlock ID Unlock image to allow deletion
--visibility ID LEVEL Set visibility (private|unlisted|public)
--grant ID --key KEY Grant access to another API key
--revoke ID --key KEY Revoke access from API key
--transfer ID --to KEY Transfer ownership to API key
--trusted ID List API keys with access
Key options:
(no options) Check API key validity
--extend Open portal to extend an expired key
Examples:
./un script.py # execute Python script
./un -e DEBUG=1 script.py # with environment variable
./un -f data.csv process.py # with input file
./un -a -o ./bin main.c # save compiled artifacts
./un -v 4 heavy.py # with 4 vCPUs, 8GB RAM
./un session # interactive bash session
./un session --tmux # bash with reconnect support
./un session --list # list active sessions
./un session --attach unsb-vm-12345 # reconnect to session
./un session --kill unsb-vm-12345 # terminate a session
./un session --freeze unsb-vm-12345 # freeze session
./un session --unfreeze unsb-vm-12345 # unfreeze session
./un session --boost unsb-vm-12345 # boost resources
./un session --unboost unsb-vm-12345 # return to base
./un session --shell python3 # Python REPL
./un session --shell node # Node.js REPL
./un session -n semitrusted # session with network access
./un session --audit -o ./logs # record session for auditing
./un service --name web --ports 80 # create web service
./un service --list # list all services
./un service --logs abc123 # view bootstrap logs
./un key # check API key
./un key --extend # extend expired key
./un snapshot --list # list all snapshots
./un session --snapshot unsb-vm-123 # snapshot a session
./un service --snapshot abc123 # snapshot a service
./un session --restore unsb-snapshot-xxxx # restore from snapshot
./un image --list # list all images
./un image --list owned # list your images
./un image --publish-service abc # publish image from service
./un image --spawn img123 --name x # create service from image
./un image --grant img --key pk # share image with userCLI Inception
O UN CLI foi implementado em 42 linguagens de programação, demonstrando que a API do unsandbox pode ser acessada de praticamente qualquer ambiente.
Ver Todas as 42 Implementações →
Licença
DOMÍNIO PÚBLICO - SEM LICENÇA, SEM GARANTIA
Este é software gratuito de domínio público para o bem público de um permacomputador hospedado
em permacomputer.com - um computador sempre ativo pelo povo, para o povo. Um que é
durável, fácil de reparar e distribuído como água da torneira para inteligência de
aprendizado de máquina.
O permacomputador é infraestrutura de propriedade comunitária otimizada em torno de quatro valores:
VERDADE - Primeiros princípios, matemática & ciência, código aberto distribuído livremente
LIBERDADE - Parcerias voluntárias, liberdade da tirania e controle corporativo
HARMONIA - Desperdício mínimo, sistemas auto-renováveis com diversas conexões prósperas
AMOR - Seja você mesmo sem ferir os outros, cooperação através da lei natural
Este software contribui para essa visão ao permitir a execução de código em mais de 42
linguagens de programação através de uma interface unificada, acessível a todos. Código são
sementes que brotam em qualquer tecnologia abandonada.
Saiba mais: https://www.permacomputer.com
Qualquer pessoa é livre para copiar, modificar, publicar, usar, compilar, vender ou distribuir
este software, seja em forma de código-fonte ou como binário compilado, para qualquer propósito,
comercial ou não comercial, e por qualquer meio.
SEM GARANTIA. O SOFTWARE É FORNECIDO "COMO ESTÁ" SEM GARANTIA DE QUALQUER TIPO.
Dito isso, a camada de membrana digital do nosso permacomputador executa continuamente testes
unitários, de integração e funcionais em todo o seu próprio software - com nosso permacomputador
monitorando a si mesmo, reparando a si mesmo, com orientação humana mínima no ciclo.
Nossos agentes fazem o seu melhor.
Copyright 2025 TimeHexOn & foxhop & russell@unturf
https://www.timehexon.com
https://www.foxhop.net
https://www.unturf.com/software