Add stdin support to exec()

[mavam]

Summary

The exec() method currently runs commands through a shell and doesn't support passing stdin data or per-command environment variables. This makes it difficult to safely pass arbitrary user input without shell injection risks.

Current behavior

// SDK v0.0.7 signature
exec(command: string, args: string[], options?: { stream?: boolean })

• Commands appear to run through a shell
• No stdin support
• No per-command environment variables (despite being documented)

Proposed API

const result = await sandbox.exec("claude", ["-p", "-"], {
  stdin: prompt,           // Pass data to process stdin
  env: { API_KEY: "..." }, // Per-command env vars (already documented)
});

Use case

We're building a Discord bot that runs Claude Code in a sandbox. User messages need to be passed as prompts, but they can contain arbitrary characters (quotes, backticks, $, etc.). Currently we have to:

1. Write the prompt to a file via writeFile()
2. Pipe it through cat: cat /tmp/prompt.txt | claude -p -

With stdin support, this becomes:

await sandbox.exec("claude", ["-p", "-"], { stdin: userMessage });

Benefits

• Security: Direct process spawn without shell interpretation
• Simplicity: No need for file-based workarounds
• Consistency: Per-command env is already documented but not implemented

Documentation reference

The environment variables docs show per-command env support:

await sandbox.exec("node app.js", {
  env: { NODE_ENV: "production" }
});

But this isn't implemented in SDK v0.0.7.

[mavam]

Update: Per-command env support is available in v0.7.0 - this part of the request is already implemented.

The remaining feature request is stdin support for exec():

const result = await sandbox.exec("claude", ["-p", "-"], {
  stdin: userInput,  // <-- This is the missing feature
  env: { API_KEY: "..." },  // ✓ Works in v0.7.0
});

This would allow passing arbitrary user input to commands without shell injection risks and without the file-based workaround.

[whoiskatrin]

@mavam let me know how this works for you? #362

[mavam]

Thanks a bunch! I gave it an AI-review with our reviewers. Basically ready to ship from a functionality perspective, but take what you like to harden things a bit further.