[chore] Add harness-agnostic remote asset-prep seam#5042
Conversation
…arnessAssets) Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR introduces a harness-agnostic “remote asset prep” seam in the runner’s sandbox-agent engine so remote sandbox credential/asset provisioning is centralized (instead of being reimplemented per harness).
Changes:
- Adds
prepareRemoteHarnessAssetsdispatch +writeCodexAuthToSandboxutility for remote-sandbox credential provisioning. - Wires the new seam into
runSandboxAgentso remote sandboxes run the shared prep step. - Adds unit tests and design docs for the seam (tasks/specs/research).
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| services/runner/src/engines/sandbox_agent/remote-assets.ts | New shared remote-sandbox asset/credential prep dispatch keyed by plan.acpAgent. |
| services/runner/src/engines/sandbox_agent.ts | Calls the new prep seam for remote sandboxes (Daytona now; E2B gated via forward-compat check). |
| services/runner/tests/unit/sandbox-agent-remote-assets.test.ts | Unit coverage for dispatch behavior and Codex auth file write. |
| docs/design/agent-workflows/projects/foundation-remote-bootstrap/tasks.md | Task breakdown for implementing the seam + wiring + tests. |
| docs/design/agent-workflows/projects/foundation-remote-bootstrap/specs.md | Spec for interface/dispatch and Codex auth write behavior. |
| docs/design/agent-workflows/projects/foundation-remote-bootstrap/research.md | Background and rationale for the seam + per-harness credential needs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ### `writeCodexAuthToSandbox` | ||
|
|
||
| Writes `~/.codex/auth.json`: | ||
|
|
||
| ```json | ||
| { "providers": [{ "name": "openai", "apiKey": "<OPENAI_API_KEY>" }] } | ||
| ``` | ||
|
|
| const calls: Call[] = []; | ||
| const sandbox = makeSandbox(calls); | ||
| await writeCodexAuthToSandbox(sandbox, { OPENAI_API_KEY: "sk-direct" }, () => {}); | ||
| assert.deepEqual(calls[0], { op: "mkdir", path: "/root/.codex" }); |
| if (plan.isDaytona || (plan as any).isE2B) { | ||
| await prepareRemoteHarnessAssets({ sandbox, plan, log: logger }); | ||
| } |
Context
Remote-sandbox credential/asset provisioning (writing auth files, uploading config) only existed as a Pi-specific code path (
prepareDaytonaPiAssets), copy-pasted per harness as new harnesses landed on remote sandboxes. There was no shared seam, so every new harness x remote-sandbox cell risked its own drift in credential handling.Changes
Adds
prepareRemoteHarnessAssetsinservices/runner/src/engines/sandbox_agent/remote-assets.ts, a single dispatch point keyed onplan.acpAgentthat later harness/sandbox branches plug into instead of hand-rolling their own prep function. Wires it intosandbox_agent.ts. Also fixes casing (E2btoE2B) picked up in this seam during the matrix build, and trims the now-stalesession-alive.test.tsassertion that checked for astatusfield the streams redesign already dropped from the heartbeat contract.Tests / notes
sandbox-agent-remote-assets.test.ts.chore/add-codex-daytona,chore/add-codex-e2b,chore/add-opencode-daytona,chore/add-opencode-e2b, andchore/add-claude-daytonawere built to layer onto this seam even though they're stacked directly onbig-agentsfor now — expect a follow-up fold-in pass once this lands.