Fix v1 MCP setup in task sandboxes

[xeophon]

Summary

• make v1 sandbox package installs ignore image-level pip config/env settings
• provision Python 3.11 for MCP proxy packages when a task image has python3 < 3.10
• have MCP proxy commands use the recorded interpreter path

Testing

• uv run ruff format
• uv run ruff check --fix
• uv run pytest tests/test_v1_runtime_lifecycle.py -q
• uv run pytest tests/test_v1_harbor_cli.py -q
• uv run pre-commit run --files tests/test_v1_runtime_lifecycle.py tests/test_v1_harbor_cli.py verifiers/v1/utils/sandbox_utils.py verifiers/v1/utils/mcp_proxy_utils.py
• targeted old-Python SWE-bench Pro sandbox setup: installed mcp/requests and imported both with /tmp/vf_mcp_python
• 3x1 GPT-5.5 + OpenCode smoke got past the original pip-index failure and ran real rollouts; remaining 0-turn failure was traced to python3 < 3.10 and fixed by the targeted setup check

---

Note

Medium Risk
Changes sandbox package installation and MCP proxy invocation logic, which can affect how user programs/tools run inside task sandboxes (dependency resolution and interpreter selection). Risk is mitigated by added/updated unit tests but could still surface in diverse base images/environments.

Overview
Fixes v1 MCP execution in task sandboxes by recording and reusing a sandbox-resolved Python interpreter for the MCP proxy instead of hardcoding python3. proxy_command() now runs via /bin/sh -lc, reads the interpreter path from MCP_PROXY_PYTHON_PATH (fallback to python3), and tests are updated to assert the new command shape.

Hardens sandbox dependency installation: python_package_install_command() now ignores image-level pip configuration (clears PIP_CONFIG_FILE and related PIP_* env vars) and, when mcp is requested, bootstraps uv to install MCP under Python 3.11, writing that interpreter path to MCP_PROXY_PYTHON_PATH. Adds targeted tests plus a real-sandbox test that runs MCP via the recorded interpreter path.

^{Reviewed by Cursor Bugbot for commit 284a2cc. Bugbot is set up for automated code reviews on this repo. Configure here.}

Note

Fix MCP proxy setup in v1 task sandboxes to use a dynamically installed Python interpreter

• Refactors python_package_install_command in sandbox_utils.py to separate mcp* packages from others: mcp packages are installed via uv tool install with a pinned Python 3.11, while non-mcp packages use pip.
• Writes the resulting tool interpreter path to /tmp/vf_mcp_python (constant MCP_PROXY_PYTHON_PATH) so it can be referenced at runtime.
• Rewrites proxy_command in mcp_proxy_utils.py to wrap execution in /bin/sh -lc, reading the interpreter path from MCP_PROXY_PYTHON_PATH and falling back to python3 if missing.
• Adds a preamble to the install command that exports PIP_CONFIG_FILE=/dev/null and unsets pip index env vars to prevent image-level pip config from interfering.
• Behavioral Change: MCP proxy commands are now shell-wrapped (/bin/sh -lc) instead of direct python3 invocations, and pip config from the sandbox image is explicitly ignored during package installation.

^{Macroscope summarized 284a2cc.}

[macroscopeapp]

Approvability

Verdict: Needs human review

This PR significantly changes how MCP packages are installed and executed in task sandboxes, including new isolated installation via uv, shell command generation, and Python path discovery logic. These runtime infrastructure changes warrant careful human review.

^{You can customize Macroscope's approvability policy. Learn more.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 284a2cc075

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Pass a single tool package to uv tool install

This builds uv ... tool install ... {mcp_package_args} from every sandbox.packages entry starting with mcp, but uv tool install --help shows Usage: uv tool install [OPTIONS] <PACKAGE> (exactly one positional package). If a sandbox includes more than one mcp* requirement (for example the default mcp>=... plus mcp-agent), setup will fail with unexpected argument ... before installation completes, which breaks MCP-enabled rollouts that previously accepted multiple packages via pip install.

Useful? React with 👍 / 👎.