Skip to content

feat: Add sandbox isolation for background agents #8238

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
brosand wants to merge 19 commits into
base: dev
Choose a base branch
from
Open

feat: Add sandbox isolation for background agents #8238

brosand wants to merge 19 commits into from
+4,090 −154

Conversation

@brosand
Copy link

@brosand brosand commented Jan 13, 2026

Summary

This PR implements cloud sandbox-based isolation for background agents, enabling them to run in isolated environments (Modal VMs or Kubernetes pods) instead of git worktrees.

Changes

Core Infrastructure

  • Provider Abstraction (src/sandbox/provider.ts) - Defines Sandbox.Provider interface with registration system
  • Local Provider (src/sandbox/local.ts) - Git worktree-based isolation (existing behavior, refactored)
  • Modal Provider (src/sandbox/modal.ts) - Modal.com cloud VM integration
  • Kubernetes Provider (src/sandbox/kubernetes.ts) - K8s pod-based sandboxes

Runtime Layer

  • SandboxRuntime (src/sandbox/runtime.ts) - Auto-routing layer that detects remote vs local execution
  • Context Management (src/sandbox/context.ts) - Session-to-sandbox lifecycle binding
  • Filesystem Abstraction (src/sandbox/fs.ts) - Unified file operations interface

Tool Integrations

Updated all file/exec tools to use SandboxRuntime:

  • read.ts, write.ts, edit.ts, patch.ts
  • glob.ts, grep.ts, ls.ts
  • bash.ts, lsp.ts

API

  • Added GET /session/:sessionID/sandbox endpoint for sandbox status
  • Added SessionSandboxStatus type to SDK

Configuration

{
  "sandbox": {
    "provider": "modal",  // or "kubernetes" or "local"
    "modal": { "image": "python:3.11" },
    "kubernetes": { "namespace": "default", "image": "ubuntu:22.04" }
  }
}

Testing

  • 65 new unit tests for sandbox module
  • All 717 tests pass
  • Typecheck passes

Documentation

  • JSDoc for all public APIs
  • README with architecture diagram and usage examples

brosand added 13 commits January 13, 2026 09:49
@brosand
Add sandbox provider abstraction layer
dc6793b 
- Add Sandbox namespace with Provider and Instance interfaces
- Define schemas: Config, ExecResult, Info, Snapshot, FileInfo
- Add error types: CreateError, NotFoundError, ExecError, etc.
- Implement LocalSandboxProvider wrapping existing worktree functionality
- Provider registry for registering/retrieving sandbox providers
@brosand
Add Modal provider and sandbox configuration
289fa28 
- Add ModalSandboxProvider for cloud-based sandboxes
- Add sandbox configuration to Config schema
- Export providers from sandbox index
@brosand
Add sandbox context and filesystem abstraction
4f57aa1 
- Add SandboxContext for managing sandbox lifecycle per session
- Add SandboxFS for routing file/exec operations through sandbox
- Support automatic sandbox creation/cleanup for sessions
- Provide isRemote() helper to detect cloud sandbox mode
@brosand
Add SandboxRuntime for tool execution in remote sandboxes
53781ef
@brosand
Add sandbox support for glob, grep, and list tools
0e8213f
@brosand
Add sandbox support for lsp and patch tools
51af8e2
@brosand
Add Kubernetes provider, tests, session sandbox status, and documenta…
6461c1c 
…tion

- Add KubernetesSandboxProvider for running sandboxes in K8s pods
- Add comprehensive unit tests for LocalSandboxProvider, SandboxRuntime, and provider types (65 tests)
- Add Session.SandboxStatus schema and getSandboxStatus() function
- Add GET /session/:sessionID/sandbox API endpoint
- Add JSDoc documentation to public APIs in provider.ts and runtime.ts
- Add README.md documenting sandbox module architecture and usage
- Fix Hono type inference issue with ts-expect-error comment
@brosand
Improve sandbox error handling
81c5650 
- Add try/catch with proper error types in SandboxContext.getOrCreateForSession
- Wrap sandbox file operations with Sandbox.FileError in runtime.ts
- Wrap sandbox exec operations with Sandbox.ExecError in runtime.ts
- Add graceful handling for sandbox termination failures
- Make isRemote() safe when called outside context
@brosand
Mark all sandbox tasks complete
cad2344
@brosand
Update todo with completion summary
a2b987f
@brosand
Format todo with checkboxes
290429b
@brosand
chore: regenerate SDK with sandbox endpoint
402e0a6
@brosand
docs: update todo with SDK regeneration complete
a9bc592
@github-actions
Copy link
Contributor

github-actions bot commented Jan 13, 2026

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

  1. Open an issue describing the bug/feature (if one doesn't exist)
  2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 13, 2026

The following comment was made by an LLM, it may be inaccurate:

No duplicate PRs found

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs:issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brosand