sandbox exec: fix stdout piping and short-id lookup

[phinze]

Two related papercuts that surfaced while our pal @briancain was trying to back up a SQLite database from a sandbox.

The first one is the headline. miren sandbox exec -i app cat /data/db > backup.db would print the database contents to the terminal instead of redirecting to the file. The TTY check only looked at stdin, so when stdin was a console we sent its file descriptor as both input and output, silently ignoring shell-level stdout redirection. The server would also get winsize and allocate a PTY, which would mangle any binary content even if you worked around the wiring. Now we check both stdin and stdout and only take the interactive path when both are TTYs. When stdout is redirected we use os.Stdout directly and skip winsize so the stream stays binary-clean.

While I was in there, app run had the identical PTY dance copy-pasted from sandbox exec (plus the same bug). Pulled the shared logic into a new setupExecIO helper so both commands evolve together.

The second commit is a separate fix that turned up during testing. miren sandbox exec -i 7g7 ... would fail with "no container found for 7g7" even though sandbox list proudly displays 7g7 as the short ID. The exec proxy was resolving the short ID via EAC.Get (which already does short-id index lookup) but then forwarded the original literal string to the node-local exec server instead of the resolved full entity ID. The neighboring "app" branch in the same function already did this correctly; the "id" branch just needed the same one-liner. With this, the short IDs that sandbox list advertises actually work with sandbox exec.

Closes MIR-1001

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 709dfba7-7ae2-40bb-91bc-d9f74d43f047

📥 Commits

Reviewing files that changed from the base of the PR and between 60568ae and f45feb7.

📒 Files selected for processing (1)

• cli/commands/exec_io.go

---

📝 Walkthrough

Walkthrough

This PR extracts interactive terminal and window-resize handling into a reusable setupExecIO helper that returns stdin/stdout, a winUpdates channel, and a cleanup closure. The helper detects TTYs, reads and applies terminal size to shell options, sets stdin to raw mode, and starts a SIGWINCH goroutine to emit WindowSize updates. AppRun and SandboxExec are refactored to call setupExecIO and forward its streams into sec.Exec. The exec proxy is adjusted to use the resolved entity's actual ID when dispatching exec requests.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cli/commands/exec_io.go`:
- Line 44: stdinCon.SetRaw() currently ignores its returned error which can
leave terminal state inconsistent; update the exec_io logic to capture and
handle the error from stdinCon.SetRaw() (call site: stdinCon.SetRaw()), e.g., if
it returns an error log/return the error and avoid assuming raw mode is active,
only call stdinCon.Reset() in the cleanup path when SetRaw succeeded (track with
a boolean like rawEnabled) and ensure any cleanup or defer uses that flag so
Reset() is not invoked erroneously.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9bd6a450-7580-4a66-a3e3-d5c2aef1f2f0

📥 Commits

Reviewing files that changed from the base of the PR and between 604a2f3 and 60568ae.

📒 Files selected for processing (4)

• cli/commands/app_run.go
• cli/commands/exec_io.go
• cli/commands/sandbox_exec.go
• servers/exec_proxy/exec_proxy.go

[coderabbitai]

Actionable comments posted: 0