[chore] Add Claude harness on Daytona sandbox#5048
Conversation
…t test The heartbeat contract dropped the status field (the API derives ended server-side when the heartbeat stops); the test still asserted it. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…tial modes) Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Adds the missing Claude × Daytona cell to the runner’s sandbox matrix by provisioning Claude “own-login” credentials into Daytona sandboxes (with a strict allow-list), wiring the provisioning into the Daytona run flow, and extending unit coverage to cover both managed and runtime-provided credential modes.
Changes:
- Add Daytona Claude asset preparation (
prepareDaytonaClaudeAssets) and host → sandbox credential upload (uploadClaudeAuthToSandbox) with an explicit allow-list for.credentials.json. - Wire Claude Daytona preparation into
runSandboxAgentalongside existing Pi Daytona preparation. - Extend unit tests to cover Claude Daytona credential behavior (including env overrides and best-effort error handling) and update the alive-heartbeat test to reflect the current heartbeat contract.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| services/runner/tests/unit/session-alive.test.ts | Updates the release-heartbeat assertion to match the heartbeat payload contract (no status field). |
| services/runner/tests/unit/sandbox-agent-daytona.test.ts | Adds unit coverage for Claude-on-Daytona credential upload behavior and env override handling. |
| services/runner/src/engines/sandbox_agent/daytona.ts | Implements Claude credential upload + Daytona Claude asset preparation, including destination-dir override support. |
| services/runner/src/engines/sandbox_agent.ts | Invokes the new Daytona Claude preparation during Daytona runs. |
| docs/design/agent-workflows/projects/add-claude-daytona/tasks.md | Adds project task checklist for Claude-on-Daytona work. |
| docs/design/agent-workflows/projects/add-claude-daytona/specs.md | Adds detailed specs/acceptance criteria for Claude-on-Daytona credential provisioning behavior. |
| docs/design/agent-workflows/projects/add-claude-daytona/research.md | Documents investigation findings and rationale for the chosen implementation shape. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Context
Claude was the one harness x sandbox cell missing from the matrix on Daytona (it already worked on local and, in a sibling branch, on E2B). Both Codex-style credential modes needed a Daytona-side provisioning path analogous to the existing Pi one.
Changes
Adds
prepareDaytonaClaudeAssets/uploadClaudeAuthToSandboxindaytona.ts. Own-login credential upload uses an explicit allow-list of exactly[".credentials.json"](never a directory scan) sourced fromprocess.env.CLAUDE_CONFIG_DIR || join(homedir(), ".claude"), written toDAYTONA_CLAUDE_DIR(defaults to/home/sandbox/.claude, overridable viaAGENTA_AGENT_SANDBOX_CLAUDE_DIR). Managed-credential mode is also supported.Tests / notes
sandbox-agent-daytona.test.tscovering both credential modes and the allow-list behavior.chore/add-remote-tools-gatein this same batch means Claude-on-Daytona runs with tools will hit the new loud-refuse gate rather than silently dropping tools, until the relay-client shim lands.