feat: Run Command/Generate Ansible Playbook#8
Conversation
* feat: fix sdk prefix, add sandbox-init connection * fix: fix sdk generation check * fix: fix workflows for sdk
…mple (#3) * feat: fix sdk prefix, add sandbox-init connection * fix: fix sdk generation check * fix: fix workflows for sdk * Initial plan * fix: remove insecure StrictHostKeyChecking from SSH example and add secure host key management guidance Co-authored-by: aspectrr <45578837+aspectrr@users.noreply.github.com> * fix: add fingerprint verification step to SSH example Co-authored-by: aspectrr <45578837+aspectrr@users.noreply.github.com> * docs: clarify secure out-of-band verification for host keys Co-authored-by: aspectrr <45578837+aspectrr@users.noreply.github.com> * docs: add note about VM console access for secure key export Co-authored-by: aspectrr <45578837+aspectrr@users.noreply.github.com> --------- Co-authored-by: aspectrr <collin@steelbrowser.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: aspectrr <45578837+aspectrr@users.noreply.github.com> Co-authored-by: Collin Pfeifer <collinpfeifer@Icloud.com>
* chore: add in sandbox-id to sdk client * fix: sandbox creation works * chore: add to AGENTS.md, add sdk tests * fix: update sdk to 0.0.10b0 * fix: update sdk to 0.0.12b0 * fix: update sdk to remove re, update sandboxes to autostart
* "Claude PR Assistant workflow" * "Claude Code Review workflow"
Add comprehensive integration tests that verify: - Direct field access on Pydantic models (e.g., result.sandbox.id) - Nested model access patterns - List return types with Pydantic models - The .model_dump() conversion method Tests cover key SDK operations including: - create_sandbox with nested sandbox model - start_sandbox with simple fields - list_sandboxes with list of models - Health, command, and file operations - Session creation and tmux session listing These tests ensure the SDK provides proper IDE autocomplete support by returning actual Pydantic models instead of dicts. Co-authored-by: Collin Pfeifer <aspectrr@users.noreply.github.com>
* fix: make sdk typing easier for using in ide * fix: i was being a slight idiot * test: add integration-style tests for Pydantic field access patterns Add comprehensive integration tests that verify: - Direct field access on Pydantic models (e.g., result.sandbox.id) - Nested model access patterns - List return types with Pydantic models - The .model_dump() conversion method Tests cover key SDK operations including: - create_sandbox with nested sandbox model - start_sandbox with simple fields - list_sandboxes with list of models - Health, command, and file operations - Session creation and tmux session listing These tests ensure the SDK provides proper IDE autocomplete support by returning actual Pydantic models instead of dicts. Co-authored-by: Collin Pfeifer <aspectrr@users.noreply.github.com> * fix: add tests, lefthook config * fix: update gh actions, web ui, sandbox starting issue * fix: remove .env, update sdk * fix: fix small sdk changes * fix: fix small sdk changes * Delete .env --------- Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Collin Pfeifer <aspectrr@users.noreply.github.com>
…ues with pydantic, might need to check openapi/input spec
… aspectrr/sandbox-run-command
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 23504883 | Triggered | Generic Password | e70d268 | api/deploy/docker/docker-compose.yml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Pull Request Review: Run Command/Generate Ansible PlaybookThank you for this substantial contribution! This PR adds important functionality for running commands and generating Ansible playbooks. Here's my detailed review: 🔴 Critical Security Issues1. Private Keys and .env File CommittedSeverity: CRITICAL The following files should NEVER be committed to the repository:
Action Required:
git rm --cached .env .ssh-ca/ssh_ca .ssh-ca/ssh_ca.pub
git commit -m "Remove sensitive files"
🟡 Code Quality Issues2. Duplicate Import in main.pyFile: from uuid import uuid4 # Line 10
from uuid import uuid4 # Line 16 - duplicateFix: Remove the duplicate import on line 16. 3. Commented-Out Code in main.pyFile: Large blocks of commented-out code should be removed rather than left in the codebase:
Rationale: This adds clutter and confusion. If this code might be needed later, it exists in git history. Consider creating GitHub issues for features to implement instead. 4. Unreachable Code in main.pyFile: sandbox = run_blocking_with_loader(...).sandbox # Line 299
sandbox = client.sandbox.create_sandbox(...).sandbox # Line 301 - overwrites line 299Line 299 is immediately overwritten by line 301, making it unreachable. Remove line 299. 5. Invalid MODEL ValueFile: MODEL = "gpt-5.2"
6. Inconsistent Error HandlingFile: except ApiException as e:
return {
"error": True,
"status": e.status,
"reason": e.reason,
"body": e.body,
}This error handling only catches 7. Debug Print StatementsFile: print("\n")
for k, val in kwargs.items():
print(f"{k}: {val}")
for val in args:
print(val)
print("\n")These debug print statements should be removed or made optional via a debug flag. They clutter the output and expose internal arguments. 8. Commented-Out ToolsFile: Over 200 lines of commented-out tool definitions (lines 32-265). Same issue as #3 - remove commented code or enable the features. 🟢 Positive Aspects✅ Comprehensive Test CoverageGreat addition of integration tests in
✅ Good Documentation
✅ Proper Type AnnotationsThe SDK polish script ( 🔵 Suggestions for Improvement9. Error Messages Could Be More HelpfulWhen tools fail, consider providing more context: except ApiException as e:
print(f"[agent] API error in {tool_name}: {e.reason}")
return {
"error": True,
"status": e.status,
"reason": e.reason,
"message": f"Failed to {tool_name}: {e.reason}"
}10. Magic Numbers in Agent LoopFile: sleep(0.2)Consider making this a named constant: AGENT_LOOP_DELAY_SEC = 0.2
# ...
sleep(AGENT_LOOP_DELAY_SEC)11. Hardcoded Test ValuesFile: The sandbox source VM name is hardcoded (
12. Request Timeout InconsistencyLine 299 has 📊 Testing VerificationAccording to
Missing:
📝 PR Size ConcernThis PR has 23,295 additions and 248 files changed. This makes it very difficult to review thoroughly. Consider breaking large PRs into smaller, focused changes:
✅ Action Items SummaryBefore Merge:
Recommendations:
Overall AssessmentThis PR adds valuable functionality, but has critical security issues that must be addressed before merging. The code quality is generally good with proper type annotations and testing, but needs cleanup of debug code and commented sections. Recommendation: ❌ Do not merge until security issues are resolved. |
aspectrr
force-pushed
the
aspectrr/sandbox-run-command
branch
from
f1e8b5a to
5c63fbb
Compare
Description
Type of Change
Checklist
Release Notes
Agent able to generate ansible playbooks, run commands, build sandboxes.
Labels