β¨ feat(sandbox): sync user-uploaded files into the cloud sandbox#15550
Merged
Conversation
Pre-load the files a user attached in a conversation (topic message files +
session files) into the cloud sandbox the first time it is used, and tell the
agent they are available.
- FileModel.findFilesToInitInSandbox: merge messages_files (by topic) and
files_to_sessions (by the topic's session), de-duped by file id
- SandboxMiddlewareService.ensureFilesInitialized: on first tool call, presign
download URLs and run an idempotent curl bootstrap into /mnt/data; guarded by
an in-sandbox marker and a short-lived Redis hint, best-effort so it never
blocks the actual tool call (caps: 50 files / 100MB / 120s)
- Agent awareness via {{sandbox_uploaded_files}} in the cloud-sandbox systemRole,
populated by both the server (RuntimeExecutors) and client (contextEngineering)
placeholder generators
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Sorry @ONLY-yours, you have reached your weekly rate limit of 500000 diff characters.
Please try again later or upgrade to continue using Sourcery
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
π‘ Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1af1da6a62
βΉοΈ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with π.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Codecov Reportβ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## canary #15550 +/- ##
==========================================
+ Coverage 63.50% 70.57% +7.07%
==========================================
Files 2482 3304 +822
Lines 234144 326326 +92182
Branches 21106 29796 +8690
==========================================
+ Hits 148692 230319 +81627
- Misses 85452 95824 +10372
- Partials 0 183 +183
Flags with carried forward coverage won't be shown. Click here to find out more.
π New features to boost your workflow:
|
β¦mpt consistent Address review feedback on the uploaded-files sync: 1. (high) The sync was a no-op on the cloudSandbox server runtime and the skills runtime because createSandboxService() was called without serverDB, so ensureFilesInitialized() returned early. Thread serverDB through both. (heterogeneous sandboxRunner is intentionally left out: it runs a coding agent in /workspace and does not use the cloud-sandbox systemRole.) 2. (medium) Drop the Redis "already initialized" hint. The in-sandbox marker is now the single source of truth for idempotency, so a recycled sandbox always re-syncs instead of being skipped by a stale 5-min Redis key. 3. (medium) Apply the 50-file / 100MB caps inside formatUploadedFilesPrompt (via the shared selectSandboxInitFiles), so the files the prompt advertises match exactly what the bootstrap downloads. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This was referenced Jun 9, 2026
arvinxx
added a commit
that referenced
this pull request
Jun 10, 2026
# π LobeHub Release (20260610) **Release Date:** June 10, 2026 **Since v2.2.2:** 131 merged PRs Β· 13 contributors > This weekly release strengthens agent collaboration across cloud, desktop, CLI, and workspace flows, with steadier runtime behavior and a broader foundation for workspace-scoped data. --- ## β¨ Highlights - **Agent execution across devices** β Unifies per-device working directories, project skill discovery, and sub-agent suspend/resume behavior across server, QStash, and device RPC flows. (#15543, #15566, #15481, #15620, #15591) - **Connector and sandbox platform** β Expands connector permissions, custom OAuth MCP connector onboarding, sandbox provider support, and user-uploaded file sync into cloud sandbox runs. (#15463, #15546, #15184, #15550) - **Desktop and CLI reliability** β Fixes desktop cold-start, auto-update, Windows build, CLI skill discovery, and `lh connect` agent dispatch paths. (#15547, #15525, #15527, #15562, #15632, #15634) - **Pages and sharing** β Refreshes topic sharing, improves Page Editor layout behavior, and routes Page Agent tool execution through the server-side editor path. (#15581, #15556, #15588, #15023, #15610) - **Model availability and provider updates** β Adds user-scoped LobeHub model availability, Claude Fable 5, Qwen thinking preservation, and MiniMax M3 updates. (#15590, #15639, #13494, #15376) --- ## ποΈ Core Product & Architecture ### Agent Runtime & Heterogeneous Agents - Improves sub-agent lifecycle handling, including async suspend/resume, queue-mode QStash resume delivery, and blocking nested sub-agent calls. (#15481, #15620, #15575) - Stabilizes heterogeneous agent ingestion and streaming with raw stream dumps, per-turn usage, image forwarding on regenerate, and duplicate-text fixes. (#15602, #15577, #15592, #15585) - Adds execution-device and working-directory controls across device RPC, legacy defaults, and remote-spawned Claude Code sessions. (#15543, #15566, #15591, #15572) - Improves runtime diagnostics and compatibility, including Gemini multimodal output capture, abort stream semantics, and trace quality analysis. (#15535, #13677, #15508) --- ## π± Platforms, Integrations & UX ### Connectors, Sandbox & Tools - Ships API-level connector tool permissions, custom OAuth MCP connector onboarding, and connector-first runtime execution. (#15463, #15546) - Adds sandbox provider support, cloud sandbox file sync, and safer external URL file input handling with SSRF validation. (#15184, #15550, #12657) - Improves tool visibility and execution with pinned app-fixed tools, ANSI output rendering, gateway-tunneled MCP calls, and automatic headless tool runs. (#15509, #15516, #15469, #15492) ### Desktop, CLI & Web UX - Restores desktop startup and reload behavior, preserves IPC error causes, and keeps the tab bar new-tab action visible across routes. (#15547, #15597, #15638) - Fixes desktop update and build stability for browser quit guards, macOS update signing, and Windows Visual Studio detection. (#15525, #15527, #15562) - Shows the plan-limit upgrade UI on desktop builds. (#15628) - Adds the Agent Run delivery checker and fixes CLI device dispatch plus skill list/search output. (#15489, #15634, #15632) - Refreshes onboarding, auth source preservation, topic UI states, referral/Fable campaign copy, and chat-input control bar behavior. (#15629, #15544, #15573, #15614, #15616, #15617, #15622, #15643) --- ## π Security, Reliability & Rollout Notes - External URL file input now includes SSRF validation for safer Google file handling. (#12657) - Database workspace-scope migrations are part of this release; self-hosted operators should run the normal migration path before serving the updated app. (#15446, #15465, #15468, #15472) - The release branch was re-cut from `canary` and includes the latest `main` release-version commit so `v2.2.2` is the verified compare base. --- ## π₯ Contributors @ONLY-yours, @sxjeru, @hardy-one, @xujingli, @hezhijie0327, @Coooolfan, @arvinxx, @tjx666, @Innei, @rivertwilight, @rdmclin2, @cy948, @AmAzing129 **Full Changelog**: v2.2.2...release/weekly-20260610-recut-3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
π» Change Type
π Description of Change
When a cloud sandbox session is first used in a conversation, this pre-loads the files the user attached in that conversation into the sandbox at
/mnt/data, and tells the agent they are available β so the agent can read/process them directly instead of asking the user to re-upload.1. File source β
FileModel.findFilesToInitInSandbox(topicId)Merges the two associations a topic can have, de-duped by file id:
messages_files(files attached to messages in the topic)files_to_sessions(files attached to the session that owns the topic)2. Bootstrap into the sandbox β
SandboxMiddlewareService.ensureFilesInitialized()Runs once at the start of the first tool call:
curl β¦ -o /mnt/data/<name>command (mirrors the existing skill-bootstrap pattern)onlyboxesandmarketproviders (both supportrunCommand)3. Agent awareness
Adds a
<uploaded_files>section to the cloud-sandboxsystemRole: a static "files are synced into/mnt/data, runlistFilesto see them" hint plus a dynamic{{sandbox_uploaded_files}}list. The placeholder generator is registered on both the server (RuntimeExecutors) and client (contextEngineering) paths, so it never leaks an unresolved placeholder.π§ͺ How to Test
Tests added:
packages/database/src/models/__tests__/file.test.tsβ DB integration tests forfindFilesToInitInSandbox(topic + session merge, de-dupe, user isolation, empty)src/server/services/sandbox/__tests__/bootstrap.test.tsβ idempotent command builder (marker guard, path de-dupe, shell escaping)src/server/services/sandbox/__tests__/serviceInit.test.tsβ sync runs once, skips without DB / files, never blocks on failuresrc/server/services/sandbox/__tests__/uploadedFiles.test.tsβ name sanitization & prompt formattingtype-checkreports no errors in the changed files; all changed files passeslint.π Notes / Trade-offs
listFiles /mnt/datahint covers any gap so the agent always has an accurate fallback./mnt/data/<name>path (last write wins); rare in practice.π€ Generated with Claude Code