mirror of
https://github.com/alkimake/paperclip.git
synced 2026-06-17 11:20:37 +09:00
4b1e92a588
## Thinking Path > - Paperclip orchestrates AI agents through company-scoped control-plane workflows and extensible runtime integrations. > - Sandbox providers are part of that extension surface because they let agents execute isolated work without baking each provider into the core server. > - Modal already offers managed sandboxes with filesystem, process, timeout, and networking controls that map onto Paperclip's sandbox provider contract. > - The repo did not have a Modal provider plugin, so teams wanting Modal-backed sandboxes had no first-party integration path. > - This pull request adds a standalone `packages/plugins/sandbox-providers/modal` plugin that implements the provider contract, worker entrypoint, docs, and tests. > - The benefit is that Modal can now be installed as a provider plugin without expanding the core control-plane surface area. ## What Changed - Added a new `packages/plugins/sandbox-providers/modal` package with the plugin manifest, worker entrypoint, and exported plugin surface. - Implemented Modal-backed sandbox lifecycle support for creation, command execution, file operations, networking options, termination, and metadata translation. - Added focused Vitest coverage for config validation, env handling, lifecycle flows, networking behavior, and error mapping. - Documented installation, configuration, and usage requirements in the plugin README. - Removed misleading `MODAL_TOKEN_*` fallback behavior so authentication relies on supported Modal credentials only. ## Verification - `pnpm -r typecheck` - `pnpm test:run` - `pnpm build` - `cd packages/plugins/sandbox-providers/modal && pnpm test` ## Risks - Low to medium risk: this is isolated to a new plugin package, but runtime behavior still depends on live Modal account credentials and service-side sandbox semantics. - Modal's current docs target a newer Node baseline than the repo default, so the first live install should confirm credential loading and sandbox startup behavior in a real Modal workspace. - No UI or schema changes are included in this PR. > For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and discuss it in `#dev` before opening the PR. Feature PRs that overlap with planned core work may need to be redirected — check the roadmap first. See `CONTRIBUTING.md`. ## Model Used - OpenAI Codex via Paperclip `codex_local` agent (GPT-5-class Codex coding model; exact backend model ID is not exposed by the runtime), with tool use, shell execution, and code-editing capabilities enabled. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [x] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge --------- Co-authored-by: Paperclip <noreply@paperclip.ing>
101 lines
3.8 KiB
TypeScript
101 lines
3.8 KiB
TypeScript
import type { PaperclipPluginManifestV1 } from "@paperclipai/plugin-sdk";
|
|
|
|
const PLUGIN_ID = "paperclip.modal-sandbox-provider";
|
|
const PLUGIN_VERSION = "0.1.0";
|
|
|
|
const manifest: PaperclipPluginManifestV1 = {
|
|
id: PLUGIN_ID,
|
|
apiVersion: 1,
|
|
version: PLUGIN_VERSION,
|
|
displayName: "Modal Sandbox Provider",
|
|
description:
|
|
"First-party sandbox provider plugin that provisions Modal sandboxes as Paperclip execution environments.",
|
|
author: "Paperclip",
|
|
categories: ["automation"],
|
|
capabilities: ["environment.drivers.register"],
|
|
entrypoints: {
|
|
worker: "./dist/worker.js",
|
|
},
|
|
environmentDrivers: [
|
|
{
|
|
driverKey: "modal",
|
|
kind: "sandbox_provider",
|
|
displayName: "Modal Sandbox",
|
|
description:
|
|
"Provisions Modal sandboxes with configurable image, app, auth, timeouts, and network controls.",
|
|
configSchema: {
|
|
type: "object",
|
|
required: ["appName", "image"],
|
|
properties: {
|
|
appName: {
|
|
type: "string",
|
|
description:
|
|
"Modal App name used as the parent for sandboxes. The plugin calls `modal.apps.fromName(appName, { createIfMissing: true })`, so the App is created on first acquire if it does not already exist.",
|
|
},
|
|
image: {
|
|
type: "string",
|
|
description:
|
|
"Container image reference passed to `modal.images.fromRegistry()`, e.g. `python:3.13` or `node:20`.",
|
|
},
|
|
tokenId: {
|
|
type: "string",
|
|
format: "secret-ref",
|
|
description:
|
|
"Modal token ID. Paste a token or an existing Paperclip secret reference; saved environments store pasted values as company secrets. Required.",
|
|
},
|
|
tokenSecret: {
|
|
type: "string",
|
|
format: "secret-ref",
|
|
description: "Modal token secret paired with tokenId. Required.",
|
|
},
|
|
environment: {
|
|
type: "string",
|
|
description:
|
|
"Optional Modal environment name. Falls back to the SDK profile default.",
|
|
},
|
|
workdir: {
|
|
type: "string",
|
|
description: "Remote working directory inside the sandbox.",
|
|
default: "/workspace/paperclip",
|
|
},
|
|
sandboxTimeoutMs: {
|
|
type: "number",
|
|
description:
|
|
"Maximum sandbox lifetime in milliseconds. Must be a positive multiple of 1000 between 1000 and 86400000 (24 hours).",
|
|
default: 3_600_000,
|
|
},
|
|
idleTimeoutMs: {
|
|
type: "number",
|
|
description:
|
|
"Optional idle timeout in milliseconds. When set, Modal terminates the sandbox if no exec is active for this duration. Must be a positive multiple of 1000.",
|
|
},
|
|
execTimeoutMs: {
|
|
type: "number",
|
|
description:
|
|
"Default per-exec timeout in milliseconds when the caller does not provide one. Must be a positive multiple of 1000.",
|
|
default: 300_000,
|
|
},
|
|
blockNetwork: {
|
|
type: "boolean",
|
|
description: "Whether to block all egress network access from the sandbox.",
|
|
default: false,
|
|
},
|
|
cidrAllowlist: {
|
|
type: "array",
|
|
items: { type: "string" },
|
|
description:
|
|
"Optional list of CIDRs the sandbox is allowed to reach. Cannot be combined with blockNetwork.",
|
|
},
|
|
reuseLease: {
|
|
type: "boolean",
|
|
description:
|
|
"When true, the sandbox is detached (not terminated) on release and resumed by id later. Reuse relies on Modal's sandbox lifetime and idle timeout because Modal has no separate pause primitive.",
|
|
default: false,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
],
|
|
};
|
|
|
|
export default manifest;
|