feat(sandbox): add a new sandbox for copilot and supports sandbox-runtime#4295
Merged
feat(sandbox): add a new sandbox for copilot and supports sandbox-runtime#4295
Conversation
pelikhan
reviewed
Nov 18, 2025
Contributor
Collaborator
|
@Mossaka The copilot task was just muscle memory... feel free to close that PR |
Collaborator
Author
|
as expected, there are some input parsing issues with |
Collaborator
|
Try adding label "Smoke" to run AW on this branch |
Collaborator
Author
|
Got this strange message from bubblewrap: " bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted" |
Collaborator
Author
|
okay, the isolated SRT test for copilot CLI finally passed. Let me clean this up |
Collaborator
Author
Contributor
Add support for Anthropic's Sandbox Runtime as an alternative sandboxing mechanism for Copilot-based agentic workflows. Key changes: - Add new sandbox types: 'default' (AWF) and 'sandbox-runtime' (SRT) - Add SRT configuration parsing from workflow frontmatter - Generate SRT wrapper script that initializes sandbox and passes env vars - Fix: Remove GITHUB_TOKEN and GH_TOKEN from SRT exports to prevent interference with COPILOT_GITHUB_TOKEN authentication - Fix: Normalize nil slices to empty slices for proper JSON serialization The SRT sandbox uses bubblewrap to create isolated environments with configurable network and filesystem restrictions. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Add smoke test workflows to validate SRT functionality: - smoke-srt.md: Basic SRT smoke test using compiled workflow - smoke-srt-custom-config.md: SRT test with custom configuration - smoke-isolated-srt.yml: Hand-written SRT test for isolated testing - smoke-copilot-no-firewall.md: Copilot test without firewall 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Collaborator
Author
|
@copilot please resolve all the linting issues |
Contributor
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a new sandbox mechanism called Sandbox Runtime (SRT) as an alternative to the existing AWF (Agent Workflow Firewall). It adds support for Anthropic's @anthropic-ai/sandbox-runtime package to provide runtime sandboxing capabilities for the Copilot engine.
Key changes:
- Adds new
sandboxfrontmatter field supporting"default"(AWF) and"sandbox-runtime"(SRT) options - Implements SRT configuration generation and validation with network/filesystem controls
- Modifies Copilot engine to support local npm installation for SRT compatibility
- Adds smoke test workflows to validate SRT functionality
Reviewed changes
Copilot reviewed 11 out of 13 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
pkg/workflow/sandbox.go |
New file implementing SRT configuration types, validation, and JSON generation logic |
pkg/workflow/nodejs.go |
Extended npm installation to support both global and local scopes for SRT compatibility |
pkg/workflow/frontmatter_extraction.go |
Added sandbox config extraction from workflow frontmatter with support for both string and object formats |
pkg/workflow/firewall_default_enablement_test.go |
Updated tests to pass sandbox config parameter to firewall enablement function |
pkg/workflow/firewall.go |
Modified firewall auto-enablement to respect SRT mutual exclusivity |
pkg/workflow/copilot_engine.go |
Major changes to support SRT: local Copilot installation, SRT setup steps, wrapper script generation |
pkg/workflow/compiler.go |
Integrated sandbox validation into compilation workflow |
pkg/parser/schemas/main_workflow_schema.json |
Added JSON schema definition for the new sandbox configuration field |
.github/workflows/smoke-srt.md |
New smoke test workflow with custom SRT configuration |
.github/workflows/smoke-srt.lock.yml |
Generated workflow file for SRT smoke test |
.github/workflows/smoke-srt-custom-config.md |
Additional smoke test with extensive custom domain configuration |
.github/workflows/smoke-isolated-srt.yml |
Isolated SRT test workflow for validation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1,116 @@ | |||
| --- | |||
There was a problem hiding this comment.
The spelling "introudces" in the PR description should be "introduces".
| @@ -0,0 +1,116 @@ | |||
| --- | |||
There was a problem hiding this comment.
The spelling "forntmatter" in the PR description should be "frontmatter".
| @@ -0,0 +1,116 @@ | |||
| --- | |||
There was a problem hiding this comment.
The spelling "worfklow" in the PR description should be "workflow".
| @@ -0,0 +1,116 @@ | |||
| --- | |||
There was a problem hiding this comment.
The spelling "runtiem" in the PR description should be "runtime".
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
introudces a new forntmatter syntax called sandbox and it allows users to configure different sandbox mechanisms to restrict the agent process.
this PR adds a sandbox-runtiem (srt) as a second option besides the awf (agentic worfklow firewall) to sandbox runtime and it adds some smoke tests.
Signed-off-by: Jiaxiao (mossaka) Zhou duibao55328@gmail.com