ake/paperclip
1
0
Fork 0
mirror of https://github.com/alkimake/paperclip.git synced 2026-06-18 03:30:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Generalize sandbox provider core for plugin-only providers (#4449)

Browse source 
## Thinking Path

> - Paperclip is a control plane, so optional execution providers should
sit at the plugin edge instead of hardcoding provider-specific behavior
into core shared/server/ui layers.
> - Sandbox environments are already first-class, and the fake provider
proves the built-in path; the remaining gap was that real providers
still leaked provider-specific config and runtime assumptions into core.
> - That coupling showed up in config normalization, secret persistence,
capabilities reporting, lease reconstruction, and the board UI form
fields.
> - As long as core knew about those provider-shaped details, shipping a
provider as a pure third-party plugin meant every new provider would
still require host changes.
> - This pull request generalizes the sandbox provider seam around
schema-driven plugin metadata and generic secret-ref handling.
> - The runtime and UI now consume provider metadata generically, so
core only special-cases the built-in fake provider while third-party
providers can live entirely in plugins.

## What Changed

- Added generic sandbox-provider capability metadata so plugin-backed
providers can expose `configSchema` through shared environment support
and the environments capabilities API.
- Reworked sandbox config normalization/persistence/runtime resolution
to handle schema-declared secret-ref fields generically, storing them as
Paperclip secrets and resolving them for probe/execute/release flows.
- Generalized plugin sandbox runtime handling so provider validation,
reusable-lease matching, lease reconstruction, and plugin worker calls
all operate on provider-agnostic config instead of provider-shaped
branches.
- Replaced hardcoded sandbox provider form fields in Company Settings
with schema-driven rendering and blocked agent environment selection
from the built-in fake provider.
- Added regression coverage for the generic seam across shared support
helpers plus environment config, probe, routes, runtime, and
sandbox-provider runtime tests.

## Verification

- `pnpm vitest --run packages/shared/src/environment-support.test.ts
server/src/__tests__/environment-config.test.ts
server/src/__tests__/environment-probe.test.ts
server/src/__tests__/environment-routes.test.ts
server/src/__tests__/environment-runtime.test.ts
server/src/__tests__/sandbox-provider-runtime.test.ts`
- `pnpm -r typecheck`

## Risks

- Plugin sandbox providers now depend more heavily on accurate
`configSchema` declarations; incorrect schemas can misclassify
secret-bearing fields or omit required config.
- Reusable lease matching is now metadata-driven for plugin-backed
providers, so providers that fail to persist stable metadata may
reprovision instead of resuming an existing lease.
- The UI form is now fully schema-driven for plugin-backed sandbox
providers; provider manifests without good defaults or descriptions may
produce a rougher operator experience.

## Model Used

- OpenAI Codex via `codex_local`
- Model ID: `gpt-5.4`
- Reasoning effort: `high`
- Context window observed in runtime session metadata: `258400` tokens
- Capabilities used: terminal tool execution, git, and local code/test
inspection

## Checklist

- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [ ] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge
This commit is contained in:
Devin Foley 2026-04-24 18:03:41 -07:00 committed by GitHub
parent deba60ebb2
commit 5bd0f578fd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
18 changed files with 1235 additions and 236 deletions
Download patch file Download diff file Expand all files Collapse all files

176
server/src/__tests__/environment-routes.test.ts
View file

@ -38,6 +38,7 @@ const mockSecretService = vi.hoisted(() => ({
resolveSecretValue: vi.fn(),
}));
const mockValidatePluginEnvironmentDriverConfig = vi.hoisted(() => vi.fn());
const mockValidatePluginSandboxProviderConfig = vi.hoisted(() => vi.fn());
const mockListReadyPluginEnvironmentDrivers = vi.hoisted(() => vi.fn());
const mockExecutionWorkspaceService = vi.hoisted(() => ({}));
@ -69,6 +70,7 @@ vi.mock("../services/execution-workspaces.js", () => ({
vi.mock("../services/plugin-environment-driver.js", () => ({
listReadyPluginEnvironmentDrivers: mockListReadyPluginEnvironmentDrivers,
validatePluginEnvironmentDriverConfig: mockValidatePluginEnvironmentDriverConfig,
validatePluginSandboxProviderConfig: mockValidatePluginSandboxProviderConfig,
}));
function createEnvironment() {
@ -148,6 +150,18 @@ describe("environment routes", () => {
});
mockValidatePluginEnvironmentDriverConfig.mockReset();
mockValidatePluginEnvironmentDriverConfig.mockImplementation(async ({ config }) => config);
mockValidatePluginSandboxProviderConfig.mockReset();
mockValidatePluginSandboxProviderConfig.mockImplementation(async ({ provider, config }) => ({
normalizedConfig: config,
pluginId: `plugin-${provider}`,
pluginKey: `plugin.${provider}`,
driver: {
driverKey: provider,
kind: "sandbox_provider",
displayName: provider,
configSchema: { type: "object" },
},
}));
mockListReadyPluginEnvironmentDrivers.mockReset();
mockListReadyPluginEnvironmentDrivers.mockResolvedValue([]);
});
@ -185,6 +199,52 @@ describe("environment routes", () => {
expect(res.body.sandboxProviders).not.toHaveProperty("fake-plugin");
});
it("returns installed plugin-backed sandbox capabilities for environment creation", async () => {
mockListReadyPluginEnvironmentDrivers.mockResolvedValue([
{
pluginId: "plugin-1",
pluginKey: "acme.secure-sandbox-provider",
driverKey: "secure-plugin",
displayName: "Secure Sandbox",
description: "Provisions schema-driven cloud sandboxes.",
configSchema: {
type: "object",
properties: {
template: { type: "string" },
apiKey: { type: "string", format: "secret-ref" },
},
},
},
]);
const app = createApp({
type: "board",
userId: "user-1",
source: "local_implicit",
});
const res = await request(app).get("/api/companies/company-1/environments/capabilities");
expect(res.status).toBe(200);
expect(res.body.sandboxProviders["secure-plugin"]).toMatchObject({
status: "supported",
supportsRunExecution: true,
supportsReusableLeases: true,
displayName: "Secure Sandbox",
source: "plugin",
pluginKey: "acme.secure-sandbox-provider",
pluginId: "plugin-1",
configSchema: {
type: "object",
properties: {
template: { type: "string" },
apiKey: { type: "string", format: "secret-ref" },
},
},
});
expect(res.body.adapters.find((row: any) => row.adapterType === "codex_local").sandboxProviders["secure-plugin"])
.toBe("supported");
});
it("redacts config and metadata for unprivileged agent list reads", async () => {
mockEnvironmentService.list.mockResolvedValue([createEnvironment()]);
mockAgentService.getById.mockResolvedValue({
@ -453,11 +513,12 @@ describe("environment routes", () => {
},
};
mockEnvironmentService.create.mockResolvedValue(environment);
const pluginWorkerManager = {};
const app = createApp({
type: "board",
userId: "user-1",
source: "local_implicit",
});
}, { pluginWorkerManager });
const res = await request(app)
.post("/api/companies/company-1/environments")
@ -531,11 +592,12 @@ describe("environment routes", () => {
},
};
mockEnvironmentService.create.mockResolvedValue(environment);
const pluginWorkerManager = {};
const app = createApp({
type: "board",
userId: "user-1",
source: "local_implicit",
});
}, { pluginWorkerManager });
const res = await request(app)
.post("/api/companies/company-1/environments")
@ -551,6 +613,16 @@ describe("environment routes", () => {
});
expect(res.status).toBe(201);
expect(mockValidatePluginSandboxProviderConfig).toHaveBeenCalledWith({
db: expect.anything(),
workerManager: pluginWorkerManager,
provider: "fake-plugin",
config: {
image: "fake:test",
timeoutMs: 450000,
reuseLease: true,
},
});
expect(mockEnvironmentService.create).toHaveBeenCalledWith("company-1", {
name: "Fake plugin Sandbox",
driver: "sandbox",
@ -565,6 +637,101 @@ describe("environment routes", () => {
expect(mockSecretService.create).not.toHaveBeenCalled();
});
it("creates a schema-driven sandbox environment with secret-ref fields persisted as secrets", async () => {
const environment = {
...createEnvironment(),
id: "env-sandbox-secure-plugin",
name: "Secure Sandbox",
driver: "sandbox" as const,
config: {
provider: "secure-plugin",
template: "base",
apiKey: "11111111-1111-1111-1111-111111111111",
timeoutMs: 450000,
reuseLease: true,
},
};
mockEnvironmentService.create.mockResolvedValue(environment);
mockValidatePluginSandboxProviderConfig.mockResolvedValue({
normalizedConfig: {
template: "base",
apiKey: "test-provider-key",
timeoutMs: 450000,
reuseLease: true,
},
pluginId: "plugin-secure",
pluginKey: "acme.secure-sandbox-provider",
driver: {
driverKey: "secure-plugin",
kind: "sandbox_provider",
displayName: "Secure Sandbox",
configSchema: {
type: "object",
properties: {
template: { type: "string" },
apiKey: { type: "string", format: "secret-ref" },
timeoutMs: { type: "number" },
reuseLease: { type: "boolean" },
},
},
},
});
const pluginWorkerManager = {};
const app = createApp({
type: "board",
userId: "user-1",
source: "local_implicit",
}, { pluginWorkerManager });
const res = await request(app)
.post("/api/companies/company-1/environments")
.send({
name: "Secure Sandbox",
driver: "sandbox",
config: {
provider: "secure-plugin",
template: " base ",
apiKey: " test-provider-key ",
timeoutMs: "450000",
reuseLease: true,
},
});
expect(res.status).toBe(201);
expect(mockValidatePluginSandboxProviderConfig).toHaveBeenCalledWith({
db: expect.anything(),
workerManager: pluginWorkerManager,
provider: "secure-plugin",
config: {
template: " base ",
apiKey: " test-provider-key ",
timeoutMs: 450000,
reuseLease: true,
},
});
expect(mockEnvironmentService.create).toHaveBeenCalledWith("company-1", {
name: "Secure Sandbox",
driver: "sandbox",
status: "active",
config: {
provider: "secure-plugin",
template: "base",
apiKey: "11111111-1111-1111-1111-111111111111",
timeoutMs: 450000,
reuseLease: true,
},
});
expect(JSON.stringify(mockEnvironmentService.create.mock.calls[0][1])).not.toContain("test-provider-key");
expect(mockSecretService.create).toHaveBeenCalledWith(
"company-1",
expect.objectContaining({
provider: "local_encrypted",
value: "test-provider-key",
}),
expect.any(Object),
);
});
it("validates plugin environment config through the plugin driver host", async () => {
const environment = {
...createEnvironment(),
@ -997,12 +1164,13 @@ describe("environment routes", () => {
summary: "Fake plugin sandbox provider is ready.",
details: { provider: "fake-plugin" },
});
const pluginWorkerManager = {};
const app = createApp({
type: "board",
userId: "user-1",
source: "local_implicit",
runId: "run-1",
});
}, { pluginWorkerManager });
const res = await request(app)
.post("/api/companies/company-1/environments/probe-config")
@ -1031,7 +1199,7 @@ describe("environment routes", () => {
}),
}),
expect.objectContaining({
pluginWorkerManager: undefined,
pluginWorkerManager,
resolvedConfig: expect.objectContaining({
driver: "sandbox",
}),