Add exe.dev sandbox provider plugin (#5688)

> _Stacked on top of #5685 → #5686 → #5687. Diff against master includes commits from earlier PRs in the stack — review focuses on the two new commits (`Add long-secret textarea variant to JsonSchemaForm SecretField` + `Add exe.dev sandbox provider plugin`)._ ## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - Each agent runs in a sandbox environment, and operators choose the provider — today E2B, Daytona, and (in this stack) Cloudflare > - exe.dev offers per-VM sandboxes via a small CLI / HTTP API — useful for operators who want full Linux VMs (vs container/runtime-only sandboxes) > - The plugin shape mirrors the e2b plugin: lifecycle hooks (`new`, `ls`, `rm`) drive exe.dev's CLI; SSH plumbing handles direct VM access for adapters that need it > - exe.dev VMs come up bare — `node` is not preinstalled, so the Paperclip sandbox callback bridge (a Node script) needs Node 20 installed at VM init via `--setup-script`. The plugin defaults the setup script to a Nodesource install > - The auth field accepts long SSH private keys, which need a textarea variant of the existing `SecretField` in `JsonSchemaForm` — added behind a `maxLength > THRESHOLD` opt-in so other secret fields are unaffected > - The benefit is that operators get exe.dev as a fully working sandbox provider out of the box, with no manual VM provisioning required ## What Changed **Shared UI support (`Add long-secret textarea variant to JsonSchemaForm SecretField`):** - `ui/src/components/JsonSchemaForm.tsx` + new `JsonSchemaForm.test.tsx`: when a secret-formatted field declares `maxLength` larger than the existing single-line threshold, render a monospace textarea instead of the masked input. Short secrets (API keys, tokens) keep the existing masked-input + show/hide toggle behavior. **The exe.dev plugin (`Add exe.dev sandbox provider plugin`):** - `packages/plugins/sandbox-providers/exe-dev/`: plugin entry, manifest, plugin runtime, README, and 19-test Vitest suite. - Manifest fields: API token (with `secret-ref` + `/exec` permission notes — needs `new`, `ls`, `rm`), API URL override, optional SSH username, optional SSH private key (uses the new `JsonSchemaForm` textarea variant via `maxLength: 4096`), optional SSH identity-file path, optional setup script. - Default `--setup-script` is a Nodesource Node 20 install. exe.dev VMs come up bare and the Paperclip sandbox callback bridge is a Node script, so without Node preinstalled the bridge can't start. Operators can override by supplying their own setup script. - `runLifecycleCommand` redacts env values from the executed command before surfacing it in error messages, so secrets passed via `--env=KEY=VALUE` don't leak into operator-visible failures. - The plugin distinguishes exe.dev's SSH onboarding failures (`Please complete registration by running: ssh exe.dev`) from general SSH failures and surfaces a clear remediation message. - `scripts/release-package-manifest.json`: register the new plugin for CI publish alongside the existing daytona / e2b providers. ## Verification - `pnpm typecheck` - `pnpm exec vitest run --no-coverage ui/src/components/JsonSchemaForm.test.tsx` - `(cd packages/plugins/sandbox-providers/exe-dev && pnpm test)` — 19 passing For an operator-side smoke test: 1. Get an exe.dev API token with `/exec` permission for `new`, `ls`, `rm`. 2. Register the plugin in your Paperclip instance, configure an environment with the token. 3. Create a sandbox env whose provider is `exe-dev`, then run a Codex or Claude job against it. The default Node 20 setup script should bring the VM up automatically. ## Risks - Adds a new sandbox provider plugin that follows the existing daytona / e2b shape; behavior on existing providers is unchanged. - The `JsonSchemaForm` textarea variant only engages for fields that opt in via `maxLength` larger than the existing threshold. All existing secret fields (which don't declare a `maxLength`) keep their current rendering. Test coverage pins both paths. - The redaction in `runLifecycleCommand` is a defense-in-depth measure; the test suite exercises the redaction path. If the redaction misses a future env-arg shape, the worst case is restored behavior (secrets in error messages), which is what the existing daytona / e2b plugins also do today. - Default setup script downloads from `deb.nodesource.com` over HTTPS at VM init. Operators on air-gapped networks or with a different package strategy can override the setup script. ## Model Used - Provider: Anthropic - Model: Claude Opus 4.7 (1M context) - Capabilities used: extended reasoning, tool use (Read/Edit/Bash/Grep) ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots — UI change is a textarea variant of an existing secret field; will attach screenshots before requesting merge - [x] I have updated relevant documentation to reflect my changes (plugin README, manifest descriptions) - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-11 07:42:18 -07:00
parent 74cb560c41
commit 5a64cf52a1
12 changed files with 1994 additions and 25 deletions
@@ -0,0 +1,54 @@
+// @vitest-environment jsdom
+
+import { act } from "react";
+import { createRoot } from "react-dom/client";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { JsonSchemaForm } from "./JsonSchemaForm";
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+(globalThis as any).IS_REACT_ACT_ENVIRONMENT = true;
+
+describe("JsonSchemaForm secret-ref rendering", () => {
+  let container: HTMLDivElement;
+
+  beforeEach(() => {
+    container = document.createElement("div");
+    document.body.appendChild(container);
+  });
+
+  afterEach(() => {
+    container.remove();
+    document.body.innerHTML = "";
+    vi.clearAllMocks();
+  });
+
+  it("renders multiline secret-ref fields as textareas", async () => {
+    const root = createRoot(container);
+
+    await act(async () => {
+      root.render(
+        <JsonSchemaForm
+          schema={{
+            type: "object",
+            properties: {
+              sshPrivateKey: {
+                type: "string",
+                format: "secret-ref",
+                maxLength: 4096,
+              },
+            },
+          }}
+          values={{ sshPrivateKey: "secret" }}
+          onChange={() => {}}
+        />,
+      );
+    });
+
+    expect(container.querySelector("textarea")).not.toBeNull();
+    expect(container.querySelector('input[type="password"]')).toBeNull();
+
+    await act(async () => {
+      root.unmount();
+    });
+  });
+});
@@ -478,6 +478,7 @@ const SecretField = React.memo(({
  description,
  error,
  defaultValue,
+  maxLength,
 }: {
  value: unknown;
  onChange: (val: unknown) => void;
@@ -487,8 +488,10 @@ const SecretField = React.memo(({
  description?: string;
  error?: string;
  defaultValue?: unknown;
+  maxLength?: number;
 }) => {
  const [isVisible, setIsVisible] = useState(false);
+  const isTextArea = maxLength != null && maxLength > TEXTAREA_THRESHOLD;
  return (
    <FieldWrapper
      label={label}
@@ -500,34 +503,83 @@ const SecretField = React.memo(({
      error={error}
      disabled={disabled}
    >
-      <div className="relative">
-        <Input
-          type={isVisible ? "text" : "password"}
-          value={String(value ?? "")}
-          onChange={(e) => onChange(e.target.value)}
-          placeholder={String(defaultValue ?? "")}
-          disabled={disabled}
-          className="pr-10"
-          aria-invalid={!!error}
-        />
-        <Button
-          type="button"
-          variant="ghost"
-          size="sm"
-          className="absolute right-0 top-0 h-full px-3 py-2 hover:bg-transparent"
-          onClick={() => setIsVisible(!isVisible)}
-          disabled={disabled}
-        >
+      {isTextArea ? (
+        <div className="relative">
          {isVisible ? (
-            <EyeOff className="h-4 w-4 text-muted-foreground" />
+            <Textarea
+              value={String(value ?? "")}
+              onChange={(e) => onChange(e.target.value)}
+              placeholder={String(defaultValue ?? "")}
+              disabled={disabled}
+              className="min-h-[140px] pr-10 font-mono text-xs"
+              aria-invalid={!!error}
+            />
          ) : (
-            <Eye className="h-4 w-4 text-muted-foreground" />
+            <Textarea
+              // Render a placeholder summary instead of the secret content while
+              // hidden. This avoids exposing multi-line secrets (e.g. SSH
+              // private keys) on screen-shares; clicking the eye toggle reveals
+              // the editable textarea above.
+              value={
+                String(value ?? "").length === 0
+                  ? ""
+                  : `Sensitive — ${String(value ?? "").length} characters hidden. Click the eye to reveal.`
+              }
+              readOnly
+              placeholder={String(defaultValue ?? "")}
+              disabled={disabled}
+              className="min-h-[140px] pr-10 font-mono text-xs italic text-muted-foreground"
+              aria-invalid={!!error}
+            />
          )}
-          <span className="sr-only">
-            {isVisible ? "Hide secret" : "Show secret"}
-          </span>
-        </Button>
-      </div>
+          <Button
+            type="button"
+            variant="ghost"
+            size="sm"
+            className="absolute right-0 top-0 px-3 py-2 hover:bg-transparent"
+            onClick={() => setIsVisible(!isVisible)}
+            disabled={disabled}
+          >
+            {isVisible ? (
+              <EyeOff className="h-4 w-4 text-muted-foreground" />
+            ) : (
+              <Eye className="h-4 w-4 text-muted-foreground" />
+            )}
+            <span className="sr-only">
+              {isVisible ? "Hide secret" : "Show secret"}
+            </span>
+          </Button>
+        </div>
+      ) : (
+        <div className="relative">
+          <Input
+            type={isVisible ? "text" : "password"}
+            value={String(value ?? "")}
+            onChange={(e) => onChange(e.target.value)}
+            placeholder={String(defaultValue ?? "")}
+            disabled={disabled}
+            className="pr-10"
+            aria-invalid={!!error}
+          />
+          <Button
+            type="button"
+            variant="ghost"
+            size="sm"
+            className="absolute right-0 top-0 h-full px-3 py-2 hover:bg-transparent"
+            onClick={() => setIsVisible(!isVisible)}
+            disabled={disabled}
+          >
+            {isVisible ? (
+              <EyeOff className="h-4 w-4 text-muted-foreground" />
+            ) : (
+              <Eye className="h-4 w-4 text-muted-foreground" />
+            )}
+            <span className="sr-only">
+              {isVisible ? "Hide secret" : "Show secret"}
+            </span>
+          </Button>
+        </div>
+      )}
    </FieldWrapper>
  );
 });
@@ -885,6 +937,7 @@ const FormField = React.memo(({
          description={propSchema.description}
          error={error}
          defaultValue={propSchema.default}
+          maxLength={typeof propSchema.maxLength === "number" ? propSchema.maxLength : undefined}
        />
      );