refactor: simplify sandbox with idiomatic Effect patterns

- executor-unsafe: Replace Effect.async + Promise.race with Effect.gen
  + Effect.try + Effect.tryPromise + Effect.timeoutFail (93 → 50 lines)
- executor-bun-worker: Extract cleanup/cleanupAll helpers to reduce duplication
- errors: Remove _message + override getter pattern, use message directly
  (matches simpler pattern in src/errors.ts)
- Remove TypeId boilerplate and isSandboxError predicate (unused)

Net reduction: ~100 lines while improving readability

Author: claude

src/sandbox/errors.ts

@@ -2,20 +2,14 @@
  * TypeScript Sandbox Error Types
  *
  * Uses Schema.TaggedError for serializable, type-safe error handling.
- * Includes cause tracking for preserving original error chains.
  */
-import { Predicate, Schema } from "effect"
-
-// TypeID for runtime type guards
-const SandboxErrorTypeId: unique symbol = Symbol.for("@app/sandbox/SandboxError")
-export type SandboxErrorTypeId = typeof SandboxErrorTypeId
-
-export const isSandboxError = (u: unknown): u is SandboxError => Predicate.hasProperty(u, SandboxErrorTypeId)
+import { Schema } from "effect"
 
 const SourceLocation = Schema.Struct({
   line: Schema.Number,
   column: Schema.Number
 })
+type SourceLocation = typeof SourceLocation.Type
 
 const ValidationErrorType = Schema.Literal(
   "import",
@@ -28,21 +22,11 @@ export class ValidationError extends Schema.TaggedError<ValidationError>()(
   "ValidationError",
   {
     type: ValidationErrorType,
-    _message: Schema.String,
+    message: Schema.String,
     location: Schema.optional(SourceLocation),
     cause: Schema.optional(Schema.Defect)
   }
-) {
-  readonly [SandboxErrorTypeId]: SandboxErrorTypeId = SandboxErrorTypeId
-
-  override get message(): string {
-    let msg = `${this.type}: ${this._message}`
-    if (this.location) {
-      msg += ` at line ${this.location.line}, column ${this.location.column}`
-    }
-    return msg
-  }
-}
+) {}
 
 const ValidationWarningType = Schema.String
 
@@ -61,49 +45,27 @@ export class TranspilationError extends Schema.TaggedError<TranspilationError>()
   "TranspilationError",
   {
     source: TranspilerSource,
-    _message: Schema.String,
+    message: Schema.String,
     location: Schema.optional(SourceLocation),
     cause: Schema.optional(Schema.Defect)
   }
-) {
-  readonly [SandboxErrorTypeId]: SandboxErrorTypeId = SandboxErrorTypeId
-
-  override get message(): string {
-    let msg = `${this.source} transpilation error: ${this._message}`
-    if (this.location) {
-      msg += ` at line ${this.location.line}, column ${this.location.column}`
-    }
-    return msg
-  }
-}
+) {}
 
 export class ExecutionError extends Schema.TaggedError<ExecutionError>()(
   "ExecutionError",
   {
-    _message: Schema.String,
+    message: Schema.String,
     stack: Schema.optional(Schema.String),
     cause: Schema.optional(Schema.Defect)
   }
-) {
-  readonly [SandboxErrorTypeId]: SandboxErrorTypeId = SandboxErrorTypeId
-
-  override get message(): string {
-    return `Execution error: ${this._message}`
-  }
-}
+) {}
 
 export class TimeoutError extends Schema.TaggedError<TimeoutError>()(
   "TimeoutError",
   {
     timeoutMs: Schema.Number
   }
-) {
-  readonly [SandboxErrorTypeId]: SandboxErrorTypeId = SandboxErrorTypeId
-
-  override get message(): string {
-    return `Execution timed out after ${this.timeoutMs}ms`
-  }
-}
+) {}
 
 const SecurityViolationType = Schema.Literal(
   "validation_failed",
@@ -118,13 +80,7 @@ export class SecurityViolation extends Schema.TaggedError<SecurityViolation>()(
     details: Schema.String,
     cause: Schema.optional(Schema.Defect)
   }
-) {
-  readonly [SandboxErrorTypeId]: SandboxErrorTypeId = SandboxErrorTypeId
-
-  override get message(): string {
-    return `Security violation (${this.violation}): ${this.details}`
-  }
-}
+) {}
 
 export const SandboxError = Schema.Union(
   ValidationError,

src/sandbox/implementations/executor-bun-worker.ts

@@ -33,11 +33,7 @@ interface WorkerMessage {
 export const BunWorkerExecutorLive = Layer.succeed(
   SandboxExecutor,
   SandboxExecutor.of({
-    execute: <
-      TCallbacks extends CallbackRecord,
-      TData,
-      TResult
-    >(
+    execute: <TCallbacks extends CallbackRecord, TData, TResult>(
       javascript: string,
       parentContext: ParentContext<TCallbacks, TData>,
       config: SandboxConfig
@@ -46,7 +42,6 @@ export const BunWorkerExecutorLive = Layer.succeed(
         const start = performance.now()
         let completed = false
 
-        // Safe resume that prevents double-calling
         const safeResume = (effect: Effect.Effect<ExecutionResult<TResult>, ExecutionError | TimeoutError>) => {
           if (completed) return
           completed = true
@@ -120,27 +115,32 @@ export const BunWorkerExecutorLive = Layer.succeed(
         // Create blob URL for worker
         const blob = new Blob([workerCode], { type: "application/javascript" })
         const url = URL.createObjectURL(blob)
-
-        // Prepare callback names (functions can't be serialized)
+        const worker = new Worker(url)
         const callbackNames = Object.keys(parentContext.callbacks)
 
-        // Create worker
-        const worker = new Worker(url)
+        // Centralized cleanup
+        const cleanup = () => {
+          worker.terminate()
+          URL.revokeObjectURL(url)
+        }
 
         // Timeout handling
         const timeoutId = setTimeout(() => {
-          worker.terminate()
-          URL.revokeObjectURL(url)
+          cleanup()
           safeResume(Effect.fail(new TimeoutError({ timeoutMs: config.timeoutMs })))
         }, config.timeoutMs)
 
+        const cleanupAll = () => {
+          clearTimeout(timeoutId)
+          cleanup()
+        }
+
         // Message handling
         worker.onmessage = async (event: MessageEvent<WorkerMessage>) => {
           const { type, ...payload } = event.data
 
           switch (type) {
             case "callback": {
-              // Proxy callback invocation to parent
               const { args, callId, name } = payload
               if (!name || !callId) return
 
@@ -168,9 +168,7 @@ export const BunWorkerExecutorLive = Layer.succeed(
             }
 
             case "success": {
-              clearTimeout(timeoutId)
-              worker.terminate()
-              URL.revokeObjectURL(url)
+              cleanupAll()
               safeResume(
                 Effect.succeed({
                   value: payload.value as TResult,
@@ -182,13 +180,11 @@ export const BunWorkerExecutorLive = Layer.succeed(
             }
 
             case "error": {
-              clearTimeout(timeoutId)
-              worker.terminate()
-              URL.revokeObjectURL(url)
+              cleanupAll()
               safeResume(
                 Effect.fail(
                   new ExecutionError({
-                    _message: payload.message || "Unknown error",
+                    message: payload.message || "Unknown error",
                     stack: payload.stack
                   })
                 )
@@ -199,13 +195,11 @@ export const BunWorkerExecutorLive = Layer.succeed(
         }
 
         worker.onerror = (error) => {
-          clearTimeout(timeoutId)
-          worker.terminate()
-          URL.revokeObjectURL(url)
+          cleanupAll()
           safeResume(
             Effect.fail(
               new ExecutionError({
-                _message: error.message || "Worker error",
+                message: error.message || "Worker error",
                 stack: undefined
               })
             )
@@ -223,9 +217,7 @@ export const BunWorkerExecutorLive = Layer.succeed(
         // Return cleanup function for Effect interruption
         return Effect.sync(() => {
           completed = true
-          clearTimeout(timeoutId)
-          worker.terminate()
-          URL.revokeObjectURL(url)
+          cleanupAll()
         })
       })
   })

src/sandbox/implementations/executor-unsafe.ts

@@ -5,7 +5,7 @@
  * Use only for development/testing where speed matters more than security.
  * User code runs in the same V8 context as the host.
  */
-import { Effect, Layer } from "effect"
+import { Duration, Effect, Layer } from "effect"
 
 import { ExecutionError, TimeoutError } from "../errors.ts"
 import { SandboxExecutor } from "../services.ts"
@@ -14,27 +14,13 @@ import type { CallbackRecord, ExecutionResult, ParentContext, SandboxConfig } fr
 export const UnsafeExecutorLive = Layer.succeed(
   SandboxExecutor,
   SandboxExecutor.of({
-    execute: <
-      TCallbacks extends CallbackRecord,
-      TData,
-      TResult
-    >(
+    execute: <TCallbacks extends CallbackRecord, TData, TResult>(
       javascript: string,
       parentContext: ParentContext<TCallbacks, TData>,
       config: SandboxConfig
-    ) =>
-      Effect.async<ExecutionResult<TResult>, ExecutionError | TimeoutError>((resume) => {
+    ): Effect.Effect<ExecutionResult<TResult>, ExecutionError | TimeoutError> =>
+      Effect.gen(function*() {
         const start = performance.now()
-        let completed = false
-        let timeoutId: ReturnType<typeof setTimeout> | undefined
-
-        // Safe resume that prevents double-calling
-        const safeResume = (effect: Effect.Effect<ExecutionResult<TResult>, ExecutionError | TimeoutError>) => {
-          if (completed) return
-          completed = true
-          if (timeoutId) clearTimeout(timeoutId)
-          resume(effect)
-        }
 
         // Wrap user code to extract and call the default export
         const wrappedCode = `
@@ -52,68 +38,38 @@ export const UnsafeExecutorLive = Layer.succeed(
           })
         `
 
-        try {
-          // Create the function (this is essentially eval)
-          const fn = eval(wrappedCode) as (ctx: ParentContext<TCallbacks, TData>) => unknown
+        // Create the function (may throw on syntax error)
+        const fn = yield* Effect.try({
+          try: () => eval(wrappedCode) as (ctx: ParentContext<TCallbacks, TData>) => unknown,
+          catch: (e) =>
+            new ExecutionError({
+              message: (e as Error).message,
+              stack: (e as Error).stack,
+              cause: e as Error
+            })
+        })
 
-          // Set up timeout
-          const timeoutPromise = new Promise<never>((_, reject) => {
-            timeoutId = setTimeout(() => {
-              reject(new TimeoutError({ timeoutMs: config.timeoutMs }))
-            }, config.timeoutMs)
+        // Execute with timeout (handles both sync and async results)
+        const value = yield* Effect.tryPromise({
+          try: () => Promise.resolve(fn(parentContext)),
+          catch: (e) =>
+            new ExecutionError({
+              message: (e as Error).message,
+              stack: (e as Error).stack,
+              cause: e as Error
+            })
+        }).pipe(
+          Effect.timeoutFail({
+            duration: Duration.millis(config.timeoutMs),
+            onTimeout: () => new TimeoutError({ timeoutMs: config.timeoutMs })
           })
+        )
 
-          // Execute with context
-          const resultOrPromise = fn(parentContext)
-
-          // Handle both sync and async results with timeout
-          Promise.race([
-            Promise.resolve(resultOrPromise),
-            timeoutPromise
-          ])
-            .then((value) => {
-              safeResume(
-                Effect.succeed({
-                  value: value as TResult,
-                  durationMs: performance.now() - start,
-                  metadata: { executor: "unsafe-eval", isolated: false }
-                })
-              )
-            })
-            .catch((err) => {
-              if (err instanceof TimeoutError) {
-                safeResume(Effect.fail(err))
-              } else {
-                const e = err as Error
-                safeResume(
-                  Effect.fail(
-                    new ExecutionError({
-                      _message: e.message,
-                      stack: e.stack,
-                      cause: e
-                    })
-                  )
-                )
-              }
-            })
-        } catch (e) {
-          const err = e as Error
-          safeResume(
-            Effect.fail(
-              new ExecutionError({
-                _message: err.message,
-                stack: err.stack,
-                cause: err
-              })
-            )
-          )
+        return {
+          value: value as TResult,
+          durationMs: performance.now() - start,
+          metadata: { executor: "unsafe-eval", isolated: false }
         }
-
-        // Return cleanup function for Effect interruption
-        return Effect.sync(() => {
-          completed = true
-          if (timeoutId) clearTimeout(timeoutId)
-        })
       })
   })
 )

src/sandbox/implementations/transpiler-bun.ts

@@ -27,7 +27,7 @@ export const BunTranspilerLive = Layer.succeed(
           const err = e as Error
           return new TranspilationError({
             source: "bun",
-            _message: err.message,
+            message: err.message,
             location: undefined,
             cause: err
           })

src/sandbox/implementations/transpiler-sucrase.ts

@@ -37,7 +37,7 @@ export const SucraseTranspilerLive = Layer.succeed(
           const err = e as SucraseError
           return new TranspilationError({
             source: "sucrase",
-            _message: err.message,
+            message: err.message,
             location: err.loc,
             cause: err
           })