refactor: SandboxAgent + SDK Shell/Filesystem; agent-browser CLI; nuke FastAPI sidecar
Combined commits 2+3 of the migration plan because the FastAPI sidecar removal in commit 2 broke ``browser_action`` (which lived in the sidecar); they have to land together. Sandbox tool layer (commit 2 piece): - ``build_strix_agent`` now returns a ``SandboxAgent`` with ``capabilities=[Filesystem(), Shell()]``. The SDK runtime binds the capabilities to the live sandbox session per-run; agents get ``exec_command``, ``write_stdin``, ``apply_patch``, ``view_image`` function tools auto-merged into their tool list. Plain ``Agent`` short-circuits capability binding (``agents/sandbox/runtime.py:190``). - Drop ``Compaction`` from the default capability set — it's OpenAI-Responses-API-only and useless for our litellm-routed Anthropic setup. - Delete the entire custom in-container tool layer: - ``strix/tools/terminal/`` (5 files, 748 LoC libtmux) - ``strix/tools/file_edit/`` (3 files, 276 LoC) - ``strix/tools/python/`` (5 files, 459 LoC) - ``strix/runtime/tool_server.py`` (163 LoC FastAPI sidecar) - ``strix/tools/_sandbox_dispatch.py`` (117 LoC) - ``strix/tools/registry.py`` (109 LoC) - ``strix/tools/context.py`` (12 LoC) - Drop the corresponding TUI renderers (``terminal_renderer.py``, ``file_edit_renderer.py``, ``python_renderer.py``) and update ``interface/tool_components/__init__.py``. Browser → agent-browser CLI (commit 3 piece): - Install ``agent-browser@0.26.0`` globally in the Dockerfile right after the existing ``npm install -g`` block. Run ``agent-browser install --with-deps`` (apt, root) and ``agent-browser install`` (Chrome download, pentester) + ``agent-browser doctor --offline --quick`` smoke test. - Drop the explicit Playwright system-deps apt list (replaced by ``--with-deps``) and ``RUN .venv/bin/python -m playwright install chromium``. - Vendor ``agent-browser/skill-data/core/SKILL.md`` → ``strix/skills/tooling/agent_browser.md`` (476 lines). Adapt frontmatter to Strix format; strip the install/Quickstart and the ``agent-browser skills get electron|slack|...`` specialized-skills block; add the "Caido proxy is wired via env vars; do not pass ``--proxy``" note. - ``_resolve_skills`` now eagerly loads ``tooling/agent_browser`` for every agent (matches the previous unconditional ``browser_action`` in ``_BASE_TOOLS``). - Delete ``strix/tools/browser/`` (5 files, 1338 LoC) and the ``browser_renderer.py`` TUI render. Sandbox plumbing: - Drop ``bearer`` token, ``tool_server_host_port`` resolution + bundle keys, ``TOOL_SERVER_TOKEN``/``TOOL_SERVER_PORT``/ ``STRIX_SANDBOX_EXECUTION_TIMEOUT`` from the manifest env in ``session_manager.create_or_reuse``. Caido proxy env vars (``http_proxy``, ``https_proxy``, ``ALL_PROXY``) stay; manifest applies them to every ``docker exec``-spawned process. - Drop ``sandbox_token`` and ``tool_server_host_port`` params from ``make_agent_context`` and the ``create_agent`` graph tool. - Drop the tool-server health-check from ``entry.py`` (only Caido's ``wait_for_tcp_ready`` remains). - ``docker-entrypoint.sh``: delete the ~30 line ``Starting tool server...`` block (sudo + uvicorn launch + curl /health poll). Add ``NO_PROXY=localhost,127.0.0.1`` to ``/etc/profile.d/proxy.sh`` and ``/etc/environment`` so the agent-browser daemon's CDP traffic on localhost isn't routed through Caido. pyproject.toml: - ``[project.optional-dependencies] sandbox = []`` (every member of the previous list — fastapi, uvicorn, ipython, openhands-aci, playwright, libtmux — is gone with the sidecar). - Drop ``numpydoc.*``, ``IPython.*``, ``openhands_aci.*``, ``playwright.*``, ``uvicorn.*``, ``pyte.*``, ``libtmux.*`` from the missing-imports module list. - Drop the per-file ruff ignores for the deleted modules. Net delta: −5512 LoC. ruff drops to 3 errors (was 21 baseline). mypy falls to 69 errors over 3 files (was 84 over 8 — the drop comes from deleting the modules with the worst untyped-import problems). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -57,6 +57,7 @@ export https_proxy=http://127.0.0.1:${CAIDO_PORT}
|
||||
export HTTP_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
||||
export HTTPS_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
||||
export ALL_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
||||
export NO_PROXY=localhost,127.0.0.1
|
||||
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
|
||||
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
|
||||
EOF
|
||||
@@ -67,6 +68,7 @@ https_proxy=http://127.0.0.1:${CAIDO_PORT}
|
||||
HTTP_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
||||
HTTPS_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
||||
ALL_PROXY=http://127.0.0.1:${CAIDO_PORT}
|
||||
NO_PROXY=localhost,127.0.0.1
|
||||
EOF
|
||||
|
||||
cat << EOF | sudo tee /etc/wgetrc
|
||||
@@ -88,34 +90,6 @@ sudo -u pentester certutil -N -d sql:/home/pentester/.pki/nssdb --empty-password
|
||||
sudo -u pentester certutil -A -n "Testing Root CA" -t "C,," -i /app/certs/ca.crt -d sql:/home/pentester/.pki/nssdb
|
||||
echo "✅ CA added to browser trust store"
|
||||
|
||||
echo "Starting tool server..."
|
||||
cd /app
|
||||
export PYTHONPATH=/app
|
||||
export STRIX_SANDBOX_MODE=true
|
||||
export TOOL_SERVER_TIMEOUT="${STRIX_SANDBOX_EXECUTION_TIMEOUT:-120}"
|
||||
TOOL_SERVER_LOG="/tmp/tool_server.log"
|
||||
|
||||
sudo -E -u pentester \
|
||||
/app/.venv/bin/python -m strix.runtime.tool_server \
|
||||
--token="$TOOL_SERVER_TOKEN" \
|
||||
--host=0.0.0.0 \
|
||||
--port="$TOOL_SERVER_PORT" \
|
||||
--timeout="$TOOL_SERVER_TIMEOUT" > "$TOOL_SERVER_LOG" 2>&1 &
|
||||
|
||||
for i in {1..10}; do
|
||||
if curl -s "http://127.0.0.1:$TOOL_SERVER_PORT/health" | grep -q '"status":"healthy"'; then
|
||||
echo "✅ Tool server healthy on port $TOOL_SERVER_PORT"
|
||||
break
|
||||
fi
|
||||
if [ $i -eq 10 ]; then
|
||||
echo "ERROR: Tool server failed to become healthy"
|
||||
echo "=== Tool server log ==="
|
||||
cat "$TOOL_SERVER_LOG" 2>/dev/null || echo "(no log)"
|
||||
exit 1
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
|
||||
echo "✅ Container ready"
|
||||
|
||||
cd /workspace
|
||||
|
||||
Reference in New Issue
Block a user