forked from farhoodlabs/paperclip
Devin Foley
f9cf1d2f6a
## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - Agents can run inside sandboxed environments like E2B, or on remote hosts via SSH > - The cursor adapter needs to resolve `cursor-agent` inside sandbox environments where it's installed in `~/.local/bin` > - But when using the default `agent` command on a sandbox target, the adapter didn't know to look in `~/.local/bin/cursor-agent`, causing "command not found" failures > - Additionally, repeated SSH runs failed because `git checkout` during workspace sync conflicted with leftover `.paperclip-runtime` files from previous runs > - This PR adds sandbox-aware command resolution for cursor and fixes the SSH workspace sync conflict > - The benefit is cursor works in E2B sandboxes out of the box, and repeated SSH runs don't fail on workspace sync ## What Changed - `cursor-local`: Added `prepareCursorSandboxCommand` — on sandbox targets, reads the remote `$HOME`, prepends `~/.local/bin` to PATH, and prefers `~/.local/bin/cursor-agent` when the default command is requested; tightened the sandbox command probe to validate the binary exists before launching; preserves explicit custom command overrides - `adapter-utils/ssh.ts`: Added `--force` to git checkout in SSH workspace sync to handle `.paperclip-runtime` untracked file conflicts from previous runs ## Verification - `pnpm test` — all existing and new tests pass, including cursor sandbox probe, sandbox execution, and custom command override tests - `pnpm typecheck` — clean - Manual: configure an E2B environment, run a cursor-local task, verify it resolves cursor-agent from the sandbox install path ## Risks - Low-medium. The `--force` flag on git checkout could discard uncommitted changes in the remote workspace, but the workspace is managed by Paperclip and should not contain user edits. ## Model Used Codex GPT 5.4 high via Paperclip. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge
245 lines
8.9 KiB
TypeScript
245 lines
8.9 KiB
TypeScript
import type {
|
|
AdapterEnvironmentCheck,
|
|
AdapterEnvironmentTestContext,
|
|
AdapterEnvironmentTestResult,
|
|
} from "@paperclipai/adapter-utils";
|
|
import {
|
|
asString,
|
|
parseObject,
|
|
ensurePathInEnv,
|
|
} from "@paperclipai/adapter-utils/server-utils";
|
|
import {
|
|
ensureAdapterExecutionTargetCommandResolvable,
|
|
ensureAdapterExecutionTargetDirectory,
|
|
runAdapterExecutionTargetProcess,
|
|
describeAdapterExecutionTarget,
|
|
resolveAdapterExecutionTargetCwd,
|
|
} from "@paperclipai/adapter-utils/execution-target";
|
|
import path from "node:path";
|
|
import { parseCodexJsonl } from "./parse.js";
|
|
import { codexHomeDir, readCodexAuthInfo } from "./quota.js";
|
|
import { buildCodexExecArgs } from "./codex-args.js";
|
|
|
|
function summarizeStatus(checks: AdapterEnvironmentCheck[]): AdapterEnvironmentTestResult["status"] {
|
|
if (checks.some((check) => check.level === "error")) return "fail";
|
|
if (checks.some((check) => check.level === "warn")) return "warn";
|
|
return "pass";
|
|
}
|
|
|
|
function isNonEmpty(value: unknown): value is string {
|
|
return typeof value === "string" && value.trim().length > 0;
|
|
}
|
|
|
|
function firstNonEmptyLine(text: string): string {
|
|
return (
|
|
text
|
|
.split(/\r?\n/)
|
|
.map((line) => line.trim())
|
|
.find(Boolean) ?? ""
|
|
);
|
|
}
|
|
|
|
function commandLooksLike(command: string, expected: string): boolean {
|
|
const base = path.basename(command).toLowerCase();
|
|
return base === expected || base === `${expected}.cmd` || base === `${expected}.exe`;
|
|
}
|
|
|
|
function summarizeProbeDetail(stdout: string, stderr: string, parsedError: string | null): string | null {
|
|
const raw = parsedError?.trim() || firstNonEmptyLine(stderr) || firstNonEmptyLine(stdout);
|
|
if (!raw) return null;
|
|
const clean = raw.replace(/\s+/g, " ").trim();
|
|
const max = 240;
|
|
return clean.length > max ? `${clean.slice(0, max - 1)}…` : clean;
|
|
}
|
|
|
|
const CODEX_AUTH_REQUIRED_RE =
|
|
/(?:not\s+logged\s+in|login\s+required|authentication\s+required|unauthorized|invalid(?:\s+or\s+missing)?\s+api(?:[_\s-]?key)?|openai[_\s-]?api[_\s-]?key|api[_\s-]?key.*required|please\s+run\s+`?codex\s+login`?)/i;
|
|
|
|
export async function testEnvironment(
|
|
ctx: AdapterEnvironmentTestContext,
|
|
): Promise<AdapterEnvironmentTestResult> {
|
|
const checks: AdapterEnvironmentCheck[] = [];
|
|
const config = parseObject(ctx.config);
|
|
const command = asString(config.command, "codex");
|
|
const target = ctx.executionTarget ?? null;
|
|
const targetIsRemote = target?.kind === "remote";
|
|
const cwd = resolveAdapterExecutionTargetCwd(target, asString(config.cwd, ""), process.cwd());
|
|
const targetLabel = targetIsRemote
|
|
? ctx.environmentName ?? describeAdapterExecutionTarget(target)
|
|
: null;
|
|
const runId = `codex-envtest-${Date.now()}-${Math.random().toString(16).slice(2)}`;
|
|
|
|
if (targetLabel) {
|
|
checks.push({
|
|
code: "codex_environment_target",
|
|
level: "info",
|
|
message: `Probing inside environment: ${targetLabel}`,
|
|
});
|
|
}
|
|
|
|
try {
|
|
await ensureAdapterExecutionTargetDirectory(runId, target, cwd, {
|
|
cwd,
|
|
env: {},
|
|
createIfMissing: true,
|
|
});
|
|
checks.push({
|
|
code: "codex_cwd_valid",
|
|
level: "info",
|
|
message: `Working directory is valid: ${cwd}`,
|
|
});
|
|
} catch (err) {
|
|
checks.push({
|
|
code: "codex_cwd_invalid",
|
|
level: "error",
|
|
message: err instanceof Error ? err.message : "Invalid working directory",
|
|
detail: cwd,
|
|
});
|
|
}
|
|
|
|
const envConfig = parseObject(config.env);
|
|
const env: Record<string, string> = {};
|
|
for (const [key, value] of Object.entries(envConfig)) {
|
|
if (typeof value === "string") env[key] = value;
|
|
}
|
|
const runtimeEnv = ensurePathInEnv({ ...process.env, ...env });
|
|
try {
|
|
await ensureAdapterExecutionTargetCommandResolvable(command, target, cwd, runtimeEnv);
|
|
checks.push({
|
|
code: "codex_command_resolvable",
|
|
level: "info",
|
|
message: `Command is executable: ${command}`,
|
|
});
|
|
} catch (err) {
|
|
checks.push({
|
|
code: "codex_command_unresolvable",
|
|
level: "error",
|
|
message: err instanceof Error ? err.message : "Command is not executable",
|
|
detail: command,
|
|
});
|
|
}
|
|
|
|
const configOpenAiKey = env.OPENAI_API_KEY;
|
|
const hostOpenAiKey = targetIsRemote ? undefined : process.env.OPENAI_API_KEY;
|
|
if (isNonEmpty(configOpenAiKey) || isNonEmpty(hostOpenAiKey)) {
|
|
const source = isNonEmpty(configOpenAiKey) ? "adapter config env" : "server environment";
|
|
checks.push({
|
|
code: "codex_openai_api_key_present",
|
|
level: "info",
|
|
message: "OPENAI_API_KEY is set for Codex authentication.",
|
|
detail: `Detected in ${source}.`,
|
|
});
|
|
} else if (!targetIsRemote) {
|
|
// Local-only auth file check. On remote targets, the probe will surface
|
|
// any missing-auth errors directly from the remote `codex` invocation.
|
|
const codexHome = isNonEmpty(env.CODEX_HOME) ? env.CODEX_HOME : undefined;
|
|
const codexAuth = await readCodexAuthInfo(codexHome).catch(() => null);
|
|
if (codexAuth) {
|
|
checks.push({
|
|
code: "codex_native_auth_present",
|
|
level: "info",
|
|
message: "Codex is authenticated via its own auth configuration.",
|
|
detail: codexAuth.email ? `Logged in as ${codexAuth.email}.` : `Credentials found in ${path.join(codexHome ?? codexHomeDir(), "auth.json")}.`,
|
|
});
|
|
} else {
|
|
checks.push({
|
|
code: "codex_openai_api_key_missing",
|
|
level: "warn",
|
|
message: "OPENAI_API_KEY is not set. Codex runs may fail until authentication is configured.",
|
|
hint: "Set OPENAI_API_KEY in adapter env, shell environment, or run `codex auth` to log in.",
|
|
});
|
|
}
|
|
}
|
|
|
|
const canRunProbe =
|
|
checks.every((check) => check.code !== "codex_cwd_invalid" && check.code !== "codex_command_unresolvable");
|
|
if (canRunProbe) {
|
|
if (!commandLooksLike(command, "codex")) {
|
|
checks.push({
|
|
code: "codex_hello_probe_skipped_custom_command",
|
|
level: "info",
|
|
message: "Skipped hello probe because command is not `codex`.",
|
|
detail: command,
|
|
hint: "Use the `codex` CLI command to run the automatic login and installation probe.",
|
|
});
|
|
} else {
|
|
const execArgs = buildCodexExecArgs({ ...config, fastMode: false });
|
|
const args = execArgs.args;
|
|
if (execArgs.fastModeIgnoredReason) {
|
|
checks.push({
|
|
code: "codex_fast_mode_unsupported_model",
|
|
level: "warn",
|
|
message: execArgs.fastModeIgnoredReason,
|
|
hint: "Switch the agent model to GPT-5.4 or enter a manual model ID to enable Codex Fast mode.",
|
|
});
|
|
}
|
|
|
|
const probe = await runAdapterExecutionTargetProcess(
|
|
runId,
|
|
target,
|
|
command,
|
|
args,
|
|
{
|
|
cwd,
|
|
env,
|
|
timeoutSec: 45,
|
|
graceSec: 5,
|
|
stdin: "Respond with hello.",
|
|
onLog: async () => {},
|
|
},
|
|
);
|
|
const parsed = parseCodexJsonl(probe.stdout);
|
|
const detail = summarizeProbeDetail(probe.stdout, probe.stderr, parsed.errorMessage);
|
|
const authEvidence = `${parsed.errorMessage ?? ""}\n${probe.stdout}\n${probe.stderr}`.trim();
|
|
|
|
if (probe.timedOut) {
|
|
checks.push({
|
|
code: "codex_hello_probe_timed_out",
|
|
level: "warn",
|
|
message: "Codex hello probe timed out.",
|
|
hint: "Retry the probe. If this persists, verify Codex can run `Respond with hello` from this directory manually.",
|
|
});
|
|
} else if ((probe.exitCode ?? 1) === 0) {
|
|
const summary = parsed.summary.trim();
|
|
const hasHello = /\bhello\b/i.test(summary);
|
|
checks.push({
|
|
code: hasHello ? "codex_hello_probe_passed" : "codex_hello_probe_unexpected_output",
|
|
level: hasHello ? "info" : "warn",
|
|
message: hasHello
|
|
? "Codex hello probe succeeded."
|
|
: "Codex probe ran but did not return `hello` as expected.",
|
|
...(summary ? { detail: summary.replace(/\s+/g, " ").trim().slice(0, 240) } : {}),
|
|
...(hasHello
|
|
? {}
|
|
: {
|
|
hint: "Try the probe manually (`codex exec --json -` then prompt: Respond with hello) to inspect full output.",
|
|
}),
|
|
});
|
|
} else if (CODEX_AUTH_REQUIRED_RE.test(authEvidence)) {
|
|
checks.push({
|
|
code: "codex_hello_probe_auth_required",
|
|
level: "warn",
|
|
message: "Codex CLI is installed, but authentication is not ready.",
|
|
...(detail ? { detail } : {}),
|
|
hint: "Configure OPENAI_API_KEY in adapter env/shell or run `codex login`, then retry the probe.",
|
|
});
|
|
} else {
|
|
checks.push({
|
|
code: "codex_hello_probe_failed",
|
|
level: "error",
|
|
message: "Codex hello probe failed.",
|
|
...(detail ? { detail } : {}),
|
|
hint: "Run `codex exec --json -` manually in this working directory and prompt `Respond with hello` to debug.",
|
|
});
|
|
}
|
|
}
|
|
}
|
|
|
|
return {
|
|
adapterType: ctx.adapterType,
|
|
status: summarizeStatus(checks),
|
|
checks,
|
|
testedAt: new Date().toISOString(),
|
|
};
|
|
}
|