Improve E2B plugin configuration UX and fix execution timeouts (#4802)

## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies > - E2B is a sandbox provider plugin that runs agent code in isolated cloud environments > - Operators configure E2B through the plugin settings page > - But the E2B API key configuration was unclear — the settings field description didn't explain that pasted keys are auto-saved as company secrets, and the fallback to the host `E2B_API_KEY` variable wasn't documented > - Additionally, long-running E2B sandbox commands were timing out because the plugin environment RPC driver used a fixed timeout, and environment commands competed for the single foreground command slot > - This PR clarifies the E2B configuration UX, fixes RPC timeouts for plugin environment execution, and runs E2B environment commands in background mode to avoid blocking the foreground slot > - The benefit is clearer E2B setup for operators and more reliable sandbox command execution ## What Changed - Updated E2B plugin manifest and settings UI to clarify API key configuration — field description now explains that pasted keys are saved as company secrets and documents the `E2B_API_KEY` host fallback - Added test coverage for the plugin settings page rendering - Fixed `plugin-environment-driver.ts` to pass the configured timeout through to RPC calls instead of using a hardcoded default - Updated `environment-runtime.ts` to propagate timeout from the environment lease to the plugin driver - Changed E2B sandbox command execution to use background handles so long-running agent commands don't block the foreground slot needed by the callback bridge ## Verification - `pnpm test` — all existing and new tests pass - `pnpm typecheck` — clean - Manual: navigate to plugin settings, verify E2B API key field shows the updated description text - Manual: run an E2B-backed agent task with a long-running command, verify it completes without RPC timeout ## Risks - Low risk. Configuration UX change is cosmetic. The timeout fix passes an existing value through instead of dropping it. Background command execution is a behavioral change but only affects E2B sandbox commands — the foreground slot is still available for bridge health checks. ## Model Used Codex GPT 5.4 high via Paperclip. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge
2026-06-14 01:50:39 +09:00 · 2026-04-29 17:12:30 -07:00 · 2026-04-29 17:12:30 -07:00 · c0ce35d1fb
commit c0ce35d1fb
parent a4ac6ff133
7 changed files with 187 additions and 7 deletions
--- a/server/src/tests/environment-runtime.test.ts
+++ b/server/src/tests/environment-runtime.test.ts
@ -551,7 +551,7 @@ describeEmbeddedPostgres("environmentRuntimeService", () => {
    expect(executed.stdout).toBe("ok\n");
    expect(released).toHaveLength(1);
    expect(released[0]?.lease.status).toBe("released");
-    expect(workerManager.call).toHaveBeenCalledWith(pluginId, "environmentExecute", expect.anything());
+    expect(workerManager.call).toHaveBeenCalledWith(pluginId, "environmentExecute", expect.anything(), 31000);
    expect(workerManager.call).toHaveBeenCalledWith(pluginId, "environmentReleaseLease", expect.anything());
  });

@ -676,7 +676,6 @@ describeEmbeddedPostgres("environmentRuntimeService", () => {
      args: ["ok"],
      cwd: "/workspace",
      env: {},
-      timeoutMs: 1000,
    });

    await environmentService(db).update(environment.id, {
@ -692,7 +691,7 @@ describeEmbeddedPostgres("environmentRuntimeService", () => {
      config: expect.objectContaining({
        apiKey: "resolved-provider-key",
      }),
-    }));
+    }), 31234);
    expect(workerManager.call).toHaveBeenCalledWith(pluginId, "environmentReleaseLease", expect.objectContaining({
      config: expect.objectContaining({
        apiKey: "resolved-provider-key",
@ -1241,7 +1240,7 @@ describeEmbeddedPostgres("environmentRuntimeService", () => {
      args: ["ok"],
      cwd: "/workspace/project",
      env: { FOO: "bar" },
-    }));
+    }), 31000);
    expect(workerManager.call).toHaveBeenCalledWith(pluginId, "environmentDestroyLease", {
      driverKey: "fake-plugin",
      companyId,
--- a/server/src/services/environment-runtime.ts
+++ b/server/src/services/environment-runtime.ts
@ -36,6 +36,7 @@ import {
  executePluginEnvironmentCommand,
  realizePluginEnvironmentWorkspace,
  resolvePluginSandboxProviderDriverByKey,
+  resolvePluginExecuteRpcTimeoutMs,
  resumePluginEnvironmentLease,
 } from "./plugin-environment-driver.js";
 import { collectSecretRefPaths } from "./json-schema-secret-refs.js";
@ -654,7 +655,10 @@ function createSandboxEnvironmentDriver(
            env: input.env,
            stdin: input.stdin,
            timeoutMs: input.timeoutMs,
-          });
+          }, resolvePluginExecuteRpcTimeoutMs({
+            requestedTimeoutMs: input.timeoutMs,
+            config: sanitizedConfig,
+          }));
        }
      }
      throw new Error("Sandbox driver does not support direct command execution for built-in providers.");
--- a/server/src/services/plugin-environment-driver.ts
+++ b/server/src/services/plugin-environment-driver.ts
@ -313,5 +313,31 @@ export async function executePluginEnvironmentCommand(input: {
        workerManager: input.workerManager,
        config: input.config,
      });
-  return await input.workerManager.call(plugin.id, "environmentExecute", input.params);
+  return await input.workerManager.call(
+    plugin.id,
+    "environmentExecute",
+    input.params,
+    resolvePluginExecuteRpcTimeoutMs({
+      requestedTimeoutMs: input.params.timeoutMs,
+      config: input.config.driverConfig,
+    }),
+  );
+}
+
+const RPC_OVERHEAD_BUFFER_MS = 30_000;
+
+export function resolvePluginExecuteRpcTimeoutMs(input: {
+  requestedTimeoutMs?: number;
+  config: Record<string, unknown>;
+}): number | undefined {
+  let baseMs: number | undefined;
+  if (Number.isFinite(input.requestedTimeoutMs) && (input.requestedTimeoutMs ?? 0) > 0) {
+    baseMs = Math.trunc(input.requestedTimeoutMs!);
+  } else {
+    const configTimeoutMs = typeof input.config.timeoutMs === "number" ? input.config.timeoutMs : null;
+    if (configTimeoutMs && Number.isFinite(configTimeoutMs) && configTimeoutMs > 0) {
+      baseMs = Math.trunc(configTimeoutMs);
+    }
+  }
+  return baseMs != null ? baseMs + RPC_OVERHEAD_BUFFER_MS : undefined;
 }