✨ feat: suppport sandbox provider#15184
Merged
Merged
Conversation
|
@Coooolfan is attempting to deploy a commit to the LobeHub OSS Team on Vercel. A member of the Team first needs to authorize it. |
Contributor
There was a problem hiding this comment.
Sorry @Coooolfan, you have reached your weekly rate limit of 500000 diff characters.
Please try again later or upgrade to continue using Sourcery
Member
|
@arvinxx @nekomeowww - This PR introduces a sandbox provider feature, touching tool calling / cloud sandbox packages and backend sandbox services. Please coordinate on the review. |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## canary #15184 +/- ##
==========================================
+ Coverage 71.15% 71.23% +0.07%
==========================================
Files 3200 3205 +5
Lines 319698 320417 +719
Branches 29151 34166 +5015
==========================================
+ Hits 227487 228244 +757
+ Misses 92039 92001 -38
Partials 172 172
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
25143d6 to
39c4310
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR introduces a provider-based Cloud Sandbox abstraction (defaulting to Market, optionally Onlyboxes), refactors server runtimes/routes to use the shared sandbox service, and adds support for pre-signed uploads with required headers for sandbox file exports.
Changes:
- Added a sandbox service factory + middleware, with Market and Onlyboxes providers and shared result normalization/export workflow.
- Refactored skills runtime, market tool router, and heterogeneous sandbox runner to call
createSandboxService(...)instead of Market SDK directly. - Extended file/S3 services with
createPreSignedUpload(URL + headers), updated tool-runtime success mapping, and added env vars + docs + tests.
Reviewed changes
Copilot reviewed 39 out of 41 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/server/services/toolExecution/serverRuntimes/skills.ts | Uses sandbox service abstraction; attaches persisted skill ZIP URLs; normalizes command results. |
| src/server/services/toolExecution/serverRuntimes/cloudSandbox.ts | Switches runtime to createSandboxService. |
| src/server/services/toolExecution/serverRuntimes/tests/skills.test.ts | Adds coverage for execScript ZIP attachment + sandbox calling path. |
| src/server/services/skill/importer.test.ts | Updates mocks for new createPreSignedUpload API. |
| src/server/services/sandbox/types.ts | Introduces sandbox provider/service types and shared result types. |
| src/server/services/sandbox/service.ts | Adds middleware service + shared file export/upload flow + command result normalization. |
| src/server/services/sandbox/providers/onlyboxes.ts | Implements Onlyboxes-compatible sandbox provider via terminal/task endpoints. |
| src/server/services/sandbox/providers/onlyboxes.test.ts | Adds provider behavior tests (runCommand, file ops, export, execScript). |
| src/server/services/sandbox/providers/market.ts | Implements Market provider; keeps legacy ServerSandboxService as deprecated wrapper. |
| src/server/services/sandbox/providers/market.test.ts | Adds tests to lock the previous Market response mappings. |
| src/server/services/sandbox/index.ts | Re-exports new sandbox modules; removes old monolithic implementation. |
| src/server/services/sandbox/factory.ts | Adds provider selection via SANDBOX_PROVIDER. |
| src/server/services/sandbox/tests/service.test.ts | Tests shared export/upload flow and failure normalization. |
| src/server/services/sandbox/tests/factory.test.ts | Tests provider selection defaults and Onlyboxes selection. |
| src/server/services/sandbox/tests/computerRuntime.test.ts | Tests tool-runtime command-status mapping behavior. |
| src/server/services/heterogeneousAgent/sandboxRunner.ts | Launches hetero exec via configured sandbox provider with background command. |
| src/server/services/file/index.ts | Adds createPreSignedUpload on FileService. |
| src/server/services/file/impls/type.ts | Extends file impl contract with createPreSignedUpload. |
| src/server/services/file/impls/s3.ts | Implements createPreSignedUpload via S3 module. |
| src/server/services/file/impls/s3.test.ts | Adds tests for createPreSignedUpload. |
| src/server/services/file/tests/index.test.ts | Adds tests that FileService delegates createPreSignedUpload. |
| src/server/routers/tools/market.ts | Routes sandbox exec/export through sandbox service; centralizes auth error handling. |
| src/server/modules/S3/index.ts | Adds S3 createPreSignedUpload returning URL + required headers; createPreSignedUrl becomes a wrapper. |
| src/server/modules/S3/index.test.ts | Adds tests for S3 createPreSignedUpload. |
| src/features/Conversation/ChatInput/index.tsx | Formatting-only newline/indent change. |
| src/features/ChatInput/Desktop/index.tsx | Formatting-only newline/indent change. |
| src/envs/app.ts | Adds sandbox provider env vars with empty-string preprocessing. |
| src/envs/tests/app.test.ts | Tests parsing/unsetting of sandbox env vars (empty string defaults). |
| packages/tool-runtime/src/types.ts | Extends command output state with running. |
| packages/tool-runtime/src/ComputerRuntime.ts | Uses per-command success in tool payload when transport succeeds; populates running. |
| packages/database/src/schemas/connector.ts | Reorders OIDCConfig fields; formatting tweaks to index definitions. |
| packages/database/src/repositories/search/index.test.ts | Formatting-only normalization of array literal. |
| packages/builtin-tool-cloud-sandbox/src/types/service.ts | Extends export error type; updates docs comment for server provider. |
| packages/builtin-tool-cloud-sandbox/src/ExecutionRuntime/index.ts | Updates docs comment to reference configured provider. |
| package.json | Adds workspace dependency on @lobechat/tool-runtime. |
| docs/self-hosting/environment-variables/cloud-sandbox.zh-CN.mdx | Adds Cloud Sandbox env var documentation (Chinese). |
| docs/self-hosting/environment-variables/cloud-sandbox.mdx | Adds Cloud Sandbox env var documentation (English). |
| docs/self-hosting/environment-variables.zh-CN.mdx | Links Cloud Sandbox env docs card. |
| docs/self-hosting/environment-variables.mdx | Links Cloud Sandbox env docs card (note: uses Card vs Cards). |
| Dockerfile | Adds sandbox env vars with empty-string defaults. |
| .env.example | Adds example Cloud Sandbox env vars. |
Comments suppressed due to low confidence (2)
src/server/services/sandbox/providers/onlyboxes.ts:1
JSON.parse(body)is unguarded; if Onlyboxes ever returns a non-JSON payload (e.g., HTML error page, plain text, truncated proxy error), this will throw and mask the real HTTP error/context. Consider wrapping JSON parsing in a try/catch (falling back to{}or{ rawBody: body }) and using the raw body to build a better error message when parsing fails.
src/server/services/sandbox/providers/onlyboxes.ts:1wait_msignores the suppliedoptions.timeoutMsand always usesDEFAULT_TIMEOUT_MSfor non-async tasks. This can cause the Onlyboxes backend to wait far longer than the client requested (or vice versa), leading to confusing timeouts/latency. Use the same effective timeout forwait_ms(e.g.,options?.timeoutMs ?? DEFAULT_TIMEOUT_MS) whenmode !== 'async'.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 42ed6e6574
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Contributor
There was a problem hiding this comment.
Sorry @Coooolfan, you have reached your weekly rate limit of 500000 diff characters.
Please try again later or upgrade to continue using Sourcery
b2512c9 to
2aef071
Compare
… sandbox (lobehub#15136) - Add `SANDBOX_PROVIDER` env var (market | onlyboxes) to select sandbox backend - Add Onlyboxes-specific env vars: `ONLYBOXES_BASE_URL`, `ONLYBOXES_API_TOKEN`, `ONLYBOXES_LEASE_TTL_SEC` - Create `SandboxService` abstraction layer with `MarketSandboxService` and `OnlyboxesSandboxService` implementations - Add `createSandboxService` factory that routes to configured provider - Migrate `execInSandbox` and `exportFile` t
2aef071 to
74d9fba
Compare
7b3f809 to
97bf48d
Compare
arvinxx
reviewed
Jun 3, 2026
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Member
|
❤️ Great PR @Coooolfan ❤️ The growth of project is inseparable from user feedback and contribution, thanks for your contribution! If you are interesting with the lobehub developer community, please join our discord and then dm @arvinxx or @canisminor1990. They will invite you to our private developer channel. We are talking about the lobe-chat development or sharing ai newsletter around the world. |
This was referenced Jun 9, 2026
Closed
Closed
Closed
Merged
arvinxx
added a commit
that referenced
this pull request
Jun 10, 2026
# 🚀 LobeHub Release (20260610) **Release Date:** June 10, 2026 **Since v2.2.2:** 131 merged PRs · 13 contributors > This weekly release strengthens agent collaboration across cloud, desktop, CLI, and workspace flows, with steadier runtime behavior and a broader foundation for workspace-scoped data. --- ## ✨ Highlights - **Agent execution across devices** — Unifies per-device working directories, project skill discovery, and sub-agent suspend/resume behavior across server, QStash, and device RPC flows. (#15543, #15566, #15481, #15620, #15591) - **Connector and sandbox platform** — Expands connector permissions, custom OAuth MCP connector onboarding, sandbox provider support, and user-uploaded file sync into cloud sandbox runs. (#15463, #15546, #15184, #15550) - **Desktop and CLI reliability** — Fixes desktop cold-start, auto-update, Windows build, CLI skill discovery, and `lh connect` agent dispatch paths. (#15547, #15525, #15527, #15562, #15632, #15634) - **Pages and sharing** — Refreshes topic sharing, improves Page Editor layout behavior, and routes Page Agent tool execution through the server-side editor path. (#15581, #15556, #15588, #15023, #15610) - **Model availability and provider updates** — Adds user-scoped LobeHub model availability, Claude Fable 5, Qwen thinking preservation, and MiniMax M3 updates. (#15590, #15639, #13494, #15376) --- ## 🏗️ Core Product & Architecture ### Agent Runtime & Heterogeneous Agents - Improves sub-agent lifecycle handling, including async suspend/resume, queue-mode QStash resume delivery, and blocking nested sub-agent calls. (#15481, #15620, #15575) - Stabilizes heterogeneous agent ingestion and streaming with raw stream dumps, per-turn usage, image forwarding on regenerate, and duplicate-text fixes. (#15602, #15577, #15592, #15585) - Adds execution-device and working-directory controls across device RPC, legacy defaults, and remote-spawned Claude Code sessions. (#15543, #15566, #15591, #15572) - Improves runtime diagnostics and compatibility, including Gemini multimodal output capture, abort stream semantics, and trace quality analysis. (#15535, #13677, #15508) --- ## 📱 Platforms, Integrations & UX ### Connectors, Sandbox & Tools - Ships API-level connector tool permissions, custom OAuth MCP connector onboarding, and connector-first runtime execution. (#15463, #15546) - Adds sandbox provider support, cloud sandbox file sync, and safer external URL file input handling with SSRF validation. (#15184, #15550, #12657) - Improves tool visibility and execution with pinned app-fixed tools, ANSI output rendering, gateway-tunneled MCP calls, and automatic headless tool runs. (#15509, #15516, #15469, #15492) ### Desktop, CLI & Web UX - Restores desktop startup and reload behavior, preserves IPC error causes, and keeps the tab bar new-tab action visible across routes. (#15547, #15597, #15638) - Fixes desktop update and build stability for browser quit guards, macOS update signing, and Windows Visual Studio detection. (#15525, #15527, #15562) - Shows the plan-limit upgrade UI on desktop builds. (#15628) - Adds the Agent Run delivery checker and fixes CLI device dispatch plus skill list/search output. (#15489, #15634, #15632) - Refreshes onboarding, auth source preservation, topic UI states, referral/Fable campaign copy, and chat-input control bar behavior. (#15629, #15544, #15573, #15614, #15616, #15617, #15622, #15643) --- ## 🔒 Security, Reliability & Rollout Notes - External URL file input now includes SSRF validation for safer Google file handling. (#12657) - Database workspace-scope migrations are part of this release; self-hosted operators should run the normal migration path before serving the updated app. (#15446, #15465, #15468, #15472) - The release branch was re-cut from `canary` and includes the latest `main` release-version commit so `v2.2.2` is the verified compare base. --- ## 👥 Contributors @ONLY-yours, @sxjeru, @hardy-one, @xujingli, @hezhijie0327, @Coooolfan, @arvinxx, @tjx666, @Innei, @rivertwilight, @rdmclin2, @cy948, @AmAzing129 **Full Changelog**: v2.2.2...release/weekly-20260610-recut-3
|
@Coooolfan Hello, this feature is great. Do you have a service configuration document? I mean, how does lobe integrate with it here? Thank you very much!
Original Content@Coooolfan 你好,这个功能很好,请问有服务配置文档吗,就是lobe这里怎么与它整合,非常感谢! |
Member
Author
|
Of course, but it might take a few more days. If you're in a hurry, you can use AI to analyze the repo — be sure to search for the
|
|
@Coooolfan 不知什么问题,效果不太行,他会自己去创建docker,但我是国内网,链接不了,导致他很多执行失败。如果它的处理是对的话,我是不是要提供这个网络环境支持才行? 
|
Member
Author
|
@yincangshiwei 可以提前在worker机器上执行 docker pull coolfan1024/onlyboxes-runtime:lobehub 。如果机器在国内的话应该连不上dockerhub,可以自己load一下。反正不管怎么样确保worker上docker images能看到coolfan1024/onlyboxes-runtime:lobehub就行。 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
💻 Change Type
🔗 Related Issue
🔀 Description of Change
引入 Cloud Sandbox Provider 架构,新增 Onlyboxes 自托管沙箱 Provider,支持自托管沙箱。
主要改动:
src/server/services/sandbox/index.ts中的逻辑拆分为service.ts:统一对外服务入口factory.ts:按配置选择 providerproviders/market.ts:保留原有的 Market provider 行为providers/onlyboxes.ts:新增 Onlyboxes provider,覆盖 sandbox 生命周期、文件上传(presigned headers)、computer/skill runtime 等完整能力types.ts:抽象 provider 接口CLOUD_SANDBOX_PROVIDER等配置项,详见docs/self-hosting/environment-variables/cloud-sandbox(.zh-CN).mdx,并同步更新.env.example与Dockerfile。packages/tool-runtime增加 ComputerRuntime 相关类型heterogeneousAgent/sandboxRunner.ts、toolExecution/serverRuntimes/{skills,cloudSandbox}.ts、routers/tools/market.ts适配新的 service 层S3/file service增加对外部 presigned upload 的支持providers/market.test.ts、providers/onlyboxes.test.ts、service.test.ts、factory.test.ts、computerRuntime.test.ts、serverRuntimes/skills.test.ts等。🧪 How to Test
CLOUD_SANDBOX_PROVIDER)下回归 Market provider,确认 Computer Use / Skill 调用与原行为一致。CLOUD_SANDBOX_PROVIDER=onlyboxes并配置 Onlyboxes 相关变量(见docs/self-hosting/environment-variables/cloud-sandbox.mdx),验证:📸 Screenshots / Videos
N/A — 本 PR 为服务端 Provider 抽象,无 UI 改动。
📝 Additional Information
cloud-sandbox.mdx文档工程配置环境变量。