cs_betty/paperclip
1
0
Fork 0
forked from farhoodlabs/paperclip
Code Pull Requests 1 Activity
Files
d6bee62f02de058a4f12ac9a10dedf8c58c4b1d5
paperclip/server/src/__tests__/environment-probe.test.ts
T
Devin Foley 5bd0f578fd Generalize sandbox provider core for plugin-only providers (#4449) 
## Thinking Path

> - Paperclip is a control plane, so optional execution providers should
sit at the plugin edge instead of hardcoding provider-specific behavior
into core shared/server/ui layers.
> - Sandbox environments are already first-class, and the fake provider
proves the built-in path; the remaining gap was that real providers
still leaked provider-specific config and runtime assumptions into core.
> - That coupling showed up in config normalization, secret persistence,
capabilities reporting, lease reconstruction, and the board UI form
fields.
> - As long as core knew about those provider-shaped details, shipping a
provider as a pure third-party plugin meant every new provider would
still require host changes.
> - This pull request generalizes the sandbox provider seam around
schema-driven plugin metadata and generic secret-ref handling.
> - The runtime and UI now consume provider metadata generically, so
core only special-cases the built-in fake provider while third-party
providers can live entirely in plugins.

## What Changed

- Added generic sandbox-provider capability metadata so plugin-backed
providers can expose `configSchema` through shared environment support
and the environments capabilities API.
- Reworked sandbox config normalization/persistence/runtime resolution
to handle schema-declared secret-ref fields generically, storing them as
Paperclip secrets and resolving them for probe/execute/release flows.
- Generalized plugin sandbox runtime handling so provider validation,
reusable-lease matching, lease reconstruction, and plugin worker calls
all operate on provider-agnostic config instead of provider-shaped
branches.
- Replaced hardcoded sandbox provider form fields in Company Settings
with schema-driven rendering and blocked agent environment selection
from the built-in fake provider.
- Added regression coverage for the generic seam across shared support
helpers plus environment config, probe, routes, runtime, and
sandbox-provider runtime tests.

## Verification

- `pnpm vitest --run packages/shared/src/environment-support.test.ts
server/src/__tests__/environment-config.test.ts
server/src/__tests__/environment-probe.test.ts
server/src/__tests__/environment-routes.test.ts
server/src/__tests__/environment-runtime.test.ts
server/src/__tests__/sandbox-provider-runtime.test.ts`
- `pnpm -r typecheck`

## Risks

- Plugin sandbox providers now depend more heavily on accurate
`configSchema` declarations; incorrect schemas can misclassify
secret-bearing fields or omit required config.
- Reusable lease matching is now metadata-driven for plugin-backed
providers, so providers that fail to persist stable metadata may
reprovision instead of resuming an existing lease.
- The UI form is now fully schema-driven for plugin-backed sandbox
providers; provider manifests without good defaults or descriptions may
produce a rougher operator experience.

## Model Used

- OpenAI Codex via `codex_local`
- Model ID: `gpt-5.4`
- Reasoning effort: `high`
- Context window observed in runtime session metadata: `258400` tokens
- Capabilities used: terminal tool execution, git, and local code/test
inspection

## Checklist

- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
2026-04-24 18:03:41 -07:00

249 lines
7.2 KiB
TypeScript
Raw Blame History

import { beforeEach, describe, expect, it, vi } from "vitest";
const mockEnsureSshWorkspaceReady = vi.hoisted(() => vi.fn());
const mockProbePluginEnvironmentDriver = vi.hoisted(() => vi.fn());
const mockProbePluginSandboxProviderDriver = vi.hoisted(() => vi.fn());
const mockResolvePluginSandboxProviderDriverByKey = vi.hoisted(() => vi.fn());
vi.mock("@paperclipai/adapter-utils/ssh", () => ({
ensureSshWorkspaceReady: mockEnsureSshWorkspaceReady,
}));
vi.mock("../services/plugin-environment-driver.js", () => ({
probePluginEnvironmentDriver: mockProbePluginEnvironmentDriver,
probePluginSandboxProviderDriver: mockProbePluginSandboxProviderDriver,
resolvePluginSandboxProviderDriverByKey: mockResolvePluginSandboxProviderDriverByKey,
}));
import { probeEnvironment } from "../services/environment-probe.ts";
describe("probeEnvironment", () => {
beforeEach(() => {
mockEnsureSshWorkspaceReady.mockReset();
mockProbePluginEnvironmentDriver.mockReset();
mockProbePluginSandboxProviderDriver.mockReset();
mockResolvePluginSandboxProviderDriverByKey.mockReset();
mockResolvePluginSandboxProviderDriverByKey.mockResolvedValue(null);
});
it("reports local environments as immediately available", async () => {
const result = await probeEnvironment({} as any, {
id: "env-1",
companyId: "company-1",
name: "Local",
description: null,
driver: "local",
status: "active",
config: {},
metadata: null,
createdAt: new Date(),
updatedAt: new Date(),
});
expect(result.ok).toBe(true);
expect(result.driver).toBe("local");
expect(result.summary).toContain("Local environment");
expect(mockEnsureSshWorkspaceReady).not.toHaveBeenCalled();
});
it("runs an SSH probe and returns the verified remote cwd", async () => {
mockEnsureSshWorkspaceReady.mockResolvedValue({
remoteCwd: "/srv/paperclip/workspace",
});
const result = await probeEnvironment({} as any, {
id: "env-ssh",
companyId: "company-1",
name: "SSH Fixture",
description: null,
driver: "ssh",
status: "active",
config: {
host: "ssh.example.test",
port: 2222,
username: "ssh-user",
remoteWorkspacePath: "/srv/paperclip/workspace",
privateKey: null,
privateKeySecretRef: null,
knownHosts: null,
strictHostKeyChecking: true,
},
metadata: null,
createdAt: new Date(),
updatedAt: new Date(),
});
expect(result).toEqual({
ok: true,
driver: "ssh",
summary: "Connected to ssh-user@ssh.example.test and verified the remote workspace path.",
details: {
host: "ssh.example.test",
port: 2222,
username: "ssh-user",
remoteWorkspacePath: "/srv/paperclip/workspace",
remoteCwd: "/srv/paperclip/workspace",
},
});
expect(mockEnsureSshWorkspaceReady).toHaveBeenCalledTimes(1);
});
it("reports fake sandbox environments as ready without external calls", async () => {
const result = await probeEnvironment({} as any, {
id: "env-sandbox",
companyId: "company-1",
name: "Fake Sandbox",
description: null,
driver: "sandbox",
status: "active",
config: {
provider: "fake",
image: "ubuntu:24.04",
reuseLease: true,
},
metadata: null,
createdAt: new Date(),
updatedAt: new Date(),
});
expect(result).toEqual({
ok: true,
driver: "sandbox",
summary: "Fake sandbox provider is ready for image ubuntu:24.04.",
details: {
provider: "fake",
image: "ubuntu:24.04",
reuseLease: true,
},
});
expect(mockEnsureSshWorkspaceReady).not.toHaveBeenCalled();
});
it("routes plugin-backed sandbox provider probes through plugin workers", async () => {
mockProbePluginSandboxProviderDriver.mockResolvedValue({
ok: true,
driver: "sandbox",
summary: "Fake plugin probe passed.",
details: {
provider: "fake-plugin",
metadata: { ready: true },
},
});
const workerManager = {} as any;
const result = await probeEnvironment({} as any, {
id: "env-sandbox-plugin",
companyId: "company-1",
name: "Fake Plugin Sandbox",
description: null,
driver: "sandbox",
status: "active",
config: {
provider: "fake-plugin",
image: "fake:test",
reuseLease: false,
},
metadata: null,
createdAt: new Date(),
updatedAt: new Date(),
}, { pluginWorkerManager: workerManager });
expect(result.ok).toBe(true);
expect(mockProbePluginSandboxProviderDriver).toHaveBeenCalledWith({
db: expect.anything(),
workerManager,
companyId: "company-1",
environmentId: "env-sandbox-plugin",
provider: "fake-plugin",
config: {
provider: "fake-plugin",
image: "fake:test",
reuseLease: false,
},
});
});
it("routes plugin environment probes through the plugin worker host", async () => {
mockProbePluginEnvironmentDriver.mockResolvedValue({
ok: true,
driver: "plugin",
summary: "Plugin probe passed.",
details: {
metadata: { ready: true },
},
});
const workerManager = {} as any;
const result = await probeEnvironment({} as any, {
id: "env-plugin",
companyId: "company-1",
name: "Plugin Sandbox",
description: null,
driver: "plugin",
status: "active",
config: {
pluginKey: "acme.environments",
driverKey: "sandbox",
driverConfig: { template: "base" },
},
metadata: null,
createdAt: new Date(),
updatedAt: new Date(),
}, { pluginWorkerManager: workerManager });
expect(result.ok).toBe(true);
expect(mockProbePluginEnvironmentDriver).toHaveBeenCalledWith({
db: expect.anything(),
workerManager,
companyId: "company-1",
environmentId: "env-plugin",
config: {
pluginKey: "acme.environments",
driverKey: "sandbox",
driverConfig: { template: "base" },
},
});
});
it("captures SSH probe failures without throwing", async () => {
mockEnsureSshWorkspaceReady.mockRejectedValue(
Object.assign(new Error("Permission denied"), {
code: 255,
stdout: "",
stderr: "Permission denied (publickey).",
}),
);
const result = await probeEnvironment({} as any, {
id: "env-ssh",
companyId: "company-1",
name: "SSH Fixture",
description: null,
driver: "ssh",
status: "active",
config: {
host: "ssh.example.test",
port: 22,
username: "ssh-user",
remoteWorkspacePath: "/srv/paperclip/workspace",
privateKey: null,
privateKeySecretRef: null,
knownHosts: null,
strictHostKeyChecking: true,
},
metadata: null,
createdAt: new Date(),
updatedAt: new Date(),
});
expect(result.ok).toBe(false);
expect(result.summary).toContain("SSH probe failed");
expect(result.details).toEqual(
expect.objectContaining({
error: "Permission denied (publickey).",
code: 255,
}),
);
});
});
View Git Blame Copy Permalink