gb_flea/paperclip
1
0
Fork 0
forked from farhoodlabs/paperclip
Code Pull Requests Activity

Add sandbox environment support (#4415)

Browse Source 
## Thinking Path

> - Paperclip orchestrates AI agents for zero-human companies.
> - The environment/runtime layer decides where agent work executes and
how the control plane reaches those runtimes.
> - Today Paperclip can run locally and over SSH, but sandboxed
execution needs a first-class environment model instead of one-off
adapter behavior.
> - We also want sandbox providers to be pluggable so the core does not
hardcode every provider implementation.
> - This branch adds the Sandbox environment path, the provider
contract, and a deterministic fake provider plugin.
> - That required synchronized changes across shared contracts, plugin
SDK surfaces, server runtime orchestration, and the UI
environment/workspace flows.
> - The result is that sandbox execution becomes a core control-plane
capability while keeping provider implementations extensible and
testable.

## What Changed

- Added sandbox runtime support to the environment execution path,
including runtime URL discovery, sandbox execution targeting,
orchestration, and heartbeat integration.
- Added plugin-provider support for sandbox environments so providers
can be supplied via plugins instead of hardcoded server logic.
- Added the fake sandbox provider plugin with deterministic behavior
suitable for local and automated testing.
- Updated shared types, validators, plugin protocol definitions, and SDK
helpers to carry sandbox provider and workspace-runtime contracts across
package boundaries.
- Updated server routes and services so companies can create sandbox
environments, select them for work, and execute work through the sandbox
runtime path.
- Updated the UI environment and workspace surfaces to expose sandbox
environment configuration and selection.
- Added test coverage for sandbox runtime behavior, provider seams,
environment route guards, orchestration, and the fake provider plugin.

## Verification

- Ran locally before the final fixture-only scrub:
  - `pnpm -r typecheck`
  - `pnpm test:run`
  - `pnpm build`
- Ran locally after the final scrub amend:
  - `pnpm vitest run server/src/__tests__/runtime-api.test.ts`
- Reviewer spot checks:
  - create a sandbox environment backed by the fake provider plugin
  - run work through that environment
- confirm sandbox provider execution does not inherit host secrets
implicitly

## Risks

- This touches shared contracts, plugin SDK plumbing, server runtime
orchestration, and UI environment/workspace flows, so regressions would
likely show up as cross-layer mismatches rather than isolated type
errors.
- Runtime URL discovery and sandbox callback selection are sensitive to
host/bind configuration; if that logic is wrong, sandbox-backed
callbacks may fail even when execution succeeds.
- The fake provider plugin is intentionally deterministic and
test-oriented; future providers may expose capability gaps that this
branch does not yet cover.

## Model Used

- OpenAI Codex coding agent on a GPT-5-class backend in the
Paperclip/Codex harness. Exact backend model ID is not exposed
in-session. Tool-assisted workflow with shell execution, file editing,
git history inspection, and local test execution.

## Checklist

- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
This commit is contained in:
Devin Foley
2026-04-24 12:15:53 -07:00
committed by GitHub
parent 641eb44949
commit 70679a3321
91 changed files with 10469 additions and 1498 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ui/src/components/IssueWorkspaceCard.test.tsx
+196 -116
View File
@@ -3,166 +3,246 @@
import { act } from "react";
import type { ComponentProps } from "react";
import { createRoot } from "react-dom/client";
import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
import type { Issue, Project } from "@paperclipai/shared";
import type { ExecutionWorkspace, Issue } from "@paperclipai/shared";
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
import { IssueWorkspaceCard } from "./IssueWorkspaceCard";
const mockInstanceSettingsApi = vi.hoisted(() => ({
getExperimental: vi.fn(),
}));
const useQueryMock = vi.fn();
const mockExecutionWorkspacesApi = vi.hoisted(() => ({
list: vi.fn(),
}));
vi.mock("../api/instanceSettings", () => ({
instanceSettingsApi: mockInstanceSettingsApi,
}));
vi.mock("../api/execution-workspaces", () => ({
executionWorkspacesApi: mockExecutionWorkspacesApi,
}));
vi.mock("@tanstack/react-query", async () => {
const actual = await vi.importActual<typeof import("@tanstack/react-query")>("@tanstack/react-query");
return {
...actual,
useQuery: (options: unknown) => useQueryMock(options),
};
});
vi.mock("../context/CompanyContext", () => ({
useCompany: () => ({
selectedCompanyId: "company-1",
}),
useCompany: () => ({ selectedCompanyId: "company-1" }),
}));
vi.mock("@/lib/router", () => ({
Link: ({ children, to, ...props }: ComponentProps<"a"> & { to: string }) => <a href={to} {...props}>{children}</a>,
Link: ({ children, className, ...props }: ComponentProps<"a">) => (
<a className={className} {...props}>{children}</a>
),
}));
// eslint-disable-next-line @typescript-eslint/no-explicit-any
(globalThis as any).IS_REACT_ACT_ENVIRONMENT = true;
function createIssue(overrides: Partial<Issue> = {}): Issue {
function createExecutionWorkspace(overrides: Partial<ExecutionWorkspace> = {}): ExecutionWorkspace {
return {
id: "issue-1",
id: "workspace-1",
companyId: "company-1",
projectId: "project-1",
projectWorkspaceId: null,
goalId: null,
parentId: null,
title: "Issue workspace",
description: null,
status: "todo",
priority: "medium",
assigneeAgentId: null,
assigneeUserId: null,
checkoutRunId: null,
executionRunId: null,
executionAgentNameKey: null,
executionLockedAt: null,
createdByAgentId: null,
createdByUserId: null,
issueNumber: 1,
identifier: "PAP-1",
requestDepth: 0,
billingCode: null,
assigneeAdapterOverrides: null,
executionWorkspaceId: null,
executionWorkspacePreference: "shared_workspace",
executionWorkspaceSettings: { mode: "shared_workspace" },
startedAt: null,
completedAt: null,
cancelledAt: null,
hiddenAt: null,
createdAt: new Date("2026-04-08T00:00:00.000Z"),
updatedAt: new Date("2026-04-08T00:00:00.000Z"),
projectWorkspaceId: "project-workspace-1",
sourceIssueId: null,
mode: "isolated_workspace",
strategyType: "git_worktree",
name: "Issue sandbox",
status: "active",
cwd: "/tmp/issue-sandbox",
repoUrl: null,
baseRef: null,
branchName: "paperclip/papa-81",
providerType: "git_worktree",
providerRef: null,
derivedFromExecutionWorkspaceId: null,
lastUsedAt: new Date("2026-04-16T05:00:00.000Z"),
openedAt: new Date("2026-04-16T04:59:00.000Z"),
closedAt: null,
cleanupEligibleAt: null,
cleanupReason: null,
config: {
environmentId: "env-workspace",
provisionCommand: null,
teardownCommand: null,
cleanupCommand: null,
workspaceRuntime: null,
desiredState: null,
},
metadata: null,
runtimeServices: [],
createdAt: new Date("2026-04-16T04:59:00.000Z"),
updatedAt: new Date("2026-04-16T05:00:00.000Z"),
...overrides,
};
}
function createProject(): Project {
function createIssue(overrides: Partial<Issue> = {}): Issue {
return {
id: "project-1",
id: "issue-1",
identifier: "PAPA-81",
companyId: "company-1",
urlKey: "project-1",
projectId: "project-1",
projectWorkspaceId: "project-workspace-1",
goalId: null,
goalIds: [],
goals: [],
name: "Project 1",
parentId: null,
title: "Sandboxing",
description: null,
status: "in_progress",
leadAgentId: null,
targetDate: null,
color: "#22c55e",
env: null,
pauseReason: null,
pausedAt: null,
archivedAt: null,
executionWorkspacePolicy: {
enabled: true,
defaultMode: "shared_workspace",
allowIssueOverride: true,
priority: "medium",
assigneeAgentId: "agent-1",
assigneeUserId: null,
createdByAgentId: null,
createdByUserId: null,
issueNumber: 81,
requestDepth: 0,
billingCode: null,
assigneeAdapterOverrides: null,
executionWorkspaceId: "workspace-1",
executionWorkspacePreference: "isolated_workspace",
executionWorkspaceSettings: {
mode: "isolated_workspace",
environmentId: "env-issue",
},
codebase: {
workspaceId: null,
repoUrl: null,
repoRef: null,
defaultRef: null,
repoName: null,
localFolder: null,
managedFolder: "/tmp/project-1",
effectiveLocalFolder: "/tmp/project-1",
origin: "managed_checkout",
},
workspaces: [],
primaryWorkspace: null,
createdAt: new Date("2026-04-08T00:00:00.000Z"),
updatedAt: new Date("2026-04-08T00:00:00.000Z"),
checkoutRunId: null,
executionRunId: null,
executionAgentNameKey: null,
executionLockedAt: null,
startedAt: null,
completedAt: null,
cancelledAt: null,
hiddenAt: null,
createdAt: new Date("2026-04-16T04:30:00.000Z"),
updatedAt: new Date("2026-04-16T05:30:00.000Z"),
labels: [],
labelIds: [],
currentExecutionWorkspace: null,
...overrides,
};
}
function renderCard(container: HTMLDivElement) {
const queryClient = new QueryClient({
defaultOptions: {
queries: { retry: false },
},
});
const root = createRoot(container);
act(() => {
root.render(
<QueryClientProvider client={queryClient}>
<IssueWorkspaceCard issue={createIssue()} project={createProject()} onUpdate={() => {}} />
</QueryClientProvider>,
);
});
return root;
}
async function flush() {
await act(async () => {
await Promise.resolve();
await Promise.resolve();
});
}
describe("IssueWorkspaceCard", () => {
let container: HTMLDivElement;
beforeEach(() => {
container = document.createElement("div");
document.body.appendChild(container);
mockExecutionWorkspacesApi.list.mockReset();
mockExecutionWorkspacesApi.list.mockResolvedValue([]);
useQueryMock.mockReset();
});
afterEach(() => {
document.body.innerHTML = "";
container.remove();
});
it("renders a stable skeleton while workspace settings are still loading", async () => {
mockInstanceSettingsApi.getExperimental.mockImplementation(() => new Promise(() => {}));
it("locks the environment selector and clears the issue override when reusing a workspace", () => {
const root = createRoot(container);
const onUpdate = vi.fn();
const reusableWorkspace = createExecutionWorkspace();
const root = renderCard(container);
await flush();
useQueryMock.mockImplementation((options: { queryKey: unknown[] }) => {
if (options.queryKey[0] === "instance") {
return { data: { enableEnvironments: true, enableIsolatedWorkspaces: true } };
}
if (options.queryKey[0] === "environments") {
return {
data: [{ id: "env-workspace", name: "Local", driver: "local" }],
};
}
if (options.queryKey[0] === "execution-workspaces") {
return { data: [reusableWorkspace] };
}
return { data: undefined };
});
expect(container.querySelector('[data-testid="issue-workspace-card-skeleton"]')).not.toBeNull();
act(() => {
root.render(
<IssueWorkspaceCard
issue={createIssue()}
project={{
id: "project-1",
executionWorkspacePolicy: {
enabled: true,
defaultMode: "isolated_workspace",
environmentId: "env-project",
},
}}
onUpdate={onUpdate}
/>,
);
});
await act(async () => {
const editButton = Array.from(container.querySelectorAll("button")).find((button) => button.textContent?.includes("Edit"));
expect(editButton).not.toBeUndefined();
act(() => {
editButton!.dispatchEvent(new MouseEvent("click", { bubbles: true, cancelable: true }));
});
const selects = container.querySelectorAll("select");
expect(selects).toHaveLength(3);
const environmentSelect = selects[2] as HTMLSelectElement;
expect(environmentSelect.disabled).toBe(true);
expect(environmentSelect.value).toBe("env-workspace");
expect(container.textContent).toContain("Environment selection is locked while reusing an existing workspace.");
const saveButton = Array.from(container.querySelectorAll("button")).find((button) => button.textContent?.includes("Save"));
expect(saveButton).not.toBeUndefined();
act(() => {
saveButton!.dispatchEvent(new MouseEvent("click", { bubbles: true, cancelable: true }));
});
expect(onUpdate).toHaveBeenCalledWith({
executionWorkspacePreference: "reuse_existing",
executionWorkspaceId: "workspace-1",
executionWorkspaceSettings: {
mode: "isolated_workspace",
environmentId: null,
},
});
act(() => {
root.unmount();
});
});
it("hides environment UI when environments are disabled", () => {
const root = createRoot(container);
useQueryMock.mockImplementation((options: { queryKey: unknown[] }) => {
if (options.queryKey[0] === "instance") {
return { data: { enableEnvironments: false, enableIsolatedWorkspaces: true } };
}
if (options.queryKey[0] === "execution-workspaces") {
return { data: [createExecutionWorkspace()] };
}
return { data: undefined };
});
act(() => {
root.render(
<IssueWorkspaceCard
issue={createIssue()}
project={{
id: "project-1",
executionWorkspacePolicy: {
enabled: true,
defaultMode: "isolated_workspace",
environmentId: "env-project",
},
}}
onUpdate={vi.fn()}
/>,
);
});
expect(container.textContent).not.toContain("Environment:");
const editButton = Array.from(container.querySelectorAll("button")).find((button) => button.textContent?.includes("Edit"));
expect(editButton).not.toBeUndefined();
act(() => {
editButton!.dispatchEvent(new MouseEvent("click", { bubbles: true, cancelable: true }));
});
const selects = container.querySelectorAll("select");
expect(selects).toHaveLength(2);
expect(container.textContent).not.toContain("Project default environment");
act(() => {
root.unmount();
});
});