@praxis-ai/praxis 0.1.1 → 0.1.2

package/dist/runtimeImplementation/runtime.sandboxPlane/sandboxPolicyMiddleware.js

@@ -0,0 +1,142 @@
+/*
+ * 文件定位：Agent 运行态实现层 / 沙箱策略中间件。
+ * 核心目的：把 Praxis policy/governance/approval 的结果翻译给可插拔沙箱 provider。
+ * 边界：本文件不替代 policy matrix，不实现沙箱 backend；provider 只报告环境事实并执行。
+ */
+export const sandboxPolicyMiddlewareDescriptor = {
+    surface: "runtime.sandboxPlane.sandboxPolicyMiddleware",
+    policyOwner: "praxis",
+    providerRole: "environment-and-execution",
+    publicSafe: true,
+};
+function appendGrant(request, grants) {
+    return {
+        ...request,
+        policyGrants: [...request.policyGrants, ...grants],
+    };
+}
+function prepareFailureMessage(prepared) {
+    return prepared.environmentGap?.publicSafeMessage
+        ?? prepared.denial?.message
+        ?? "sandbox provider prepareRun failed";
+}
+async function audit(input) {
+    await input.audit?.({
+        type: input.type,
+        actionId: input.request.action.actionId,
+        sessionId: input.request.action.sessionId,
+        toolId: input.request.action.toolId,
+        providerId: input.provider.providerId,
+        providerFamily: input.provider.providerFamily,
+        payload: input.payload,
+    });
+}
+export async function runSandboxPolicyMiddleware(input) {
+    let request = input.request;
+    const events = [];
+    let prepared = await input.provider.prepareRun(request);
+    events.push("runtime.sandbox.middleware.prepareRun");
+    await audit({
+        ...input,
+        request,
+        type: "runtime.sandbox.middleware.prepareRun",
+        payload: {
+            ok: prepared.ok,
+            environmentGap: prepared.environmentGap ?? null,
+            denial: prepared.denial ?? null,
+            filesystemLowering: prepared.filesystemLowering ?? null,
+            backendArtifacts: prepared.backendArtifacts,
+        },
+    });
+    if (!prepared.ok && prepared.environmentGap !== undefined && prepared.environmentGap !== null) {
+        const decision = await input.decideEnvironmentGap?.({
+            request,
+            prepared,
+            environmentGap: prepared.environmentGap,
+        }) ?? { type: "deny", reason: prepared.environmentGap.publicSafeMessage };
+        events.push(`runtime.sandbox.middleware.policyApplied.${decision.type}`);
+        await audit({
+            ...input,
+            request,
+            type: "runtime.sandbox.middleware.policyApplied",
+            payload: {
+                decision: decision.type,
+                reason: "reason" in decision ? decision.reason : undefined,
+                grants: "grants" in decision ? decision.grants : undefined,
+            },
+        });
+        if (decision.type === "deny") {
+            return {
+                ok: false,
+                request,
+                prepared,
+                error: {
+                    code: "SANDBOX_DENIED",
+                    message: decision.reason,
+                    publicSafe: true,
+                    denial: prepared.denial,
+                },
+                events,
+            };
+        }
+        request = decision.type === "grant" ? appendGrant(request, decision.grants) : decision.request;
+        prepared = await input.provider.prepareRun(request);
+        events.push("runtime.sandbox.middleware.prepareRun.afterPolicy");
+        await audit({
+            ...input,
+            request,
+            type: "runtime.sandbox.middleware.prepareRun.afterPolicy",
+            payload: {
+                ok: prepared.ok,
+                environmentGap: prepared.environmentGap ?? null,
+                denial: prepared.denial ?? null,
+                filesystemLowering: prepared.filesystemLowering ?? null,
+                backendArtifacts: prepared.backendArtifacts,
+            },
+        });
+    }
+    if (!prepared.ok) {
+        return {
+            ok: false,
+            request,
+            prepared,
+            error: {
+                code: "SANDBOX_PREPARE_FAILED",
+                message: prepareFailureMessage(prepared),
+                publicSafe: true,
+                denial: prepared.denial,
+            },
+            events,
+        };
+    }
+    const result = await input.provider.run(request);
+    events.push("runtime.sandbox.provider.run");
+    await audit({
+        ...input,
+        request,
+        type: "runtime.sandbox.provider.run",
+        payload: {
+            ok: result.ok,
+            exitCode: result.exitCode,
+            timedOut: result.timedOut,
+            denial: result.denial ?? null,
+            environmentGap: result.environmentGap ?? null,
+            filesystemLowering: result.filesystemLowering ?? null,
+        },
+    });
+    if (!result.ok) {
+        return {
+            ok: false,
+            request,
+            prepared,
+            error: {
+                code: "SANDBOX_RUN_FAILED",
+                message: result.denial?.message ?? "sandbox provider run failed",
+                publicSafe: true,
+                denial: result.denial,
+            },
+            events,
+        };
+    }
+    return { ok: true, request, prepared, result, events };
+}

package/dist/runtimeImplementation/runtime.sandboxPlane/sandboxRuntimeProvider.d.ts

@@ -74,6 +74,7 @@ export type SandboxRuntimeProvider = {
     prepare(spec: SandboxSpec, input?: {
         cwd?: string;
         runSmoke?: boolean;
+        providerReady?: boolean;
     }): Promise<SandboxRuntimePrepareResult>;
     runSmoke(spec: SandboxSpec, input?: {
         cwd?: string;
@@ -87,8 +88,16 @@ export declare const sandboxRuntimeProviderDescriptor: {
     readonly linuxLiveProvider: "linux-bubblewrap";
     readonly unsafeSideEffects: false;
 };
+export declare function resolveRaxcellBinaryPath(input?: {
+    env?: Readonly<Record<string, string | undefined>>;
+    pathEnv?: string;
+    platform?: NodeJS.Platform;
+    fileExists?: (filePath: string) => boolean;
+    resolvePackage?: (packageName: string) => string | undefined;
+}): string | undefined;
 export declare function createSandboxRuntimeProvider(providerFamily: SandboxProviderFamily): SandboxRuntimeProvider;
 export declare function prepareSandboxRuntime(spec: SandboxSpec, input?: {
     cwd?: string;
     runSmoke?: boolean;
+    providerReady?: boolean;
 }): Promise<SandboxRuntimePrepareResult>;

package/dist/runtimeImplementation/runtime.sandboxPlane/sandboxRuntimeProvider.js

@@ -4,11 +4,14 @@
  * 边界：本文件不替代 BaseTool 语义；工具执行仍然必须走 registry/handler/executor。
  */
 import { execFile } from "node:child_process";
-import { mkdir, readFile } from "node:fs/promises";
+import { existsSync } from "node:fs";
+import { readFile } from "node:fs/promises";
+import { createRequire } from "node:module";
 import path from "node:path";
 import { promisify } from "node:util";
 import { canonicalDependencyId } from "../runtime.dependencyPlane/index.js";
 const execFileAsync = promisify(execFile);
+const requireFromHere = createRequire(import.meta.url);
 export const sandboxRuntimeProviderDescriptor = {
     surface: "runtime.sandboxPlane",
     capability: "sandboxRuntimeProvider",
@@ -28,12 +31,51 @@ function providerFamilyFor(spec) {
 function dependencyRefsFor(spec) {
     const refs = spec.dependencyRefs ?? [];
     if (providerFamilyFor(spec) === "linux-bubblewrap" && refs.length === 0) {
-        return ["dependency.binary.bwrap"];
+        return ["dependency.binary.raxcell"];
     }
     return refs.map(canonicalDependencyId);
 }
+function executableNames(name, platform) {
+    if (platform !== "win32")
+        return [name];
+    const extensions = (process.env.PATHEXT ?? ".EXE;.CMD;.BAT;.COM")
+        .split(";")
+        .filter(Boolean);
+    return [name, ...extensions.map((extension) => `${name}${extension.toLowerCase()}`), ...extensions.map((extension) => `${name}${extension.toUpperCase()}`)];
+}
+function defaultResolvePackage(packageName) {
+    try {
+        return requireFromHere.resolve(packageName);
+    }
+    catch {
+        return undefined;
+    }
+}
+export function resolveRaxcellBinaryPath(input = {}) {
+    const explicitBinary = (input.env?.RAXCELL_BIN ?? process.env.RAXCELL_BIN)?.trim();
+    const fileExists = input.fileExists ?? existsSync;
+    if (explicitBinary !== undefined && explicitBinary.length > 0) {
+        return fileExists(explicitBinary) ? explicitBinary : undefined;
+    }
+    const platform = input.platform ?? process.platform;
+    const entries = (input.pathEnv ?? process.env.PATH ?? "").split(path.delimiter).filter(Boolean);
+    for (const entry of entries) {
+        for (const name of executableNames("raxcell", platform)) {
+            const candidate = path.join(entry, name);
+            if (fileExists(candidate))
+                return candidate;
+        }
+    }
+    const resolvedPackage = (input.resolvePackage ?? defaultResolvePackage)("@praxis-ai/raxcell/package.json");
+    if (resolvedPackage === undefined)
+        return undefined;
+    const packageBinary = path.resolve(path.dirname(resolvedPackage), "dist/cli.js");
+    return fileExists(packageBinary) ? packageBinary : undefined;
+}
 function dependencyBinary(ref) {
     const canonical = canonicalDependencyId(ref);
+    if (canonical === "dependency.binary.raxcell")
+        return resolveRaxcellBinaryPath();
     if (canonical === "dependency.binary.bwrap")
         return "bwrap";
     if (canonical === "dependency.binary.rg")
@@ -158,14 +200,14 @@ function repairHints(input) {
                 requiresApproval: false,
             }];
     }
-    if (input.missingDependencies.includes("dependency.binary.bwrap")) {
+    if (input.missingDependencies.includes("dependency.binary.raxcell")) {
         return [{
-                hintId: "linux-bubblewrap:install-bwrap",
+                hintId: "linux-bubblewrap:configure-raxcell",
                 severity: "warning",
-                action: "installDependency",
-                message: "Install bubblewrap through the system package manager, then rerun rax test.",
-                commandPreview: ["apt install bubblewrap", "dnf install bubblewrap", "pacman -S bubblewrap"],
-                requiresApproval: true,
+                action: "manualProviderSetup",
+                message: "Configure the Raxcell CLI binary path through RAXCELL_BIN or inject RaxcellSandboxProvider at runtime.",
+                commandPreview: ["export RAXCELL_BIN=/absolute/path/to/raxcell"],
+                requiresApproval: false,
             }];
     }
     return [{
@@ -182,9 +224,9 @@ function dependencyInstallEnvelopes(input) {
         dependencyId,
         providerFamily: input.providerFamily,
         action: "installDependency",
-        installTarget: dependencyId === "dependency.binary.bwrap" ? "system-global" : "manual",
-        commandPreview: dependencyId === "dependency.binary.bwrap"
-            ? ["apt install bubblewrap", "dnf install bubblewrap", "pacman -S bubblewrap"]
+        installTarget: "manual",
+        commandPreview: dependencyId === "dependency.binary.raxcell"
+            ? ["export RAXCELL_BIN=/absolute/path/to/raxcell"]
             : [],
         requiresApproval: true,
         approvalSurface: "interface/application",
@@ -305,12 +347,45 @@ async function probeContractOnly(spec) {
         },
     };
 }
-async function probeLinuxBubblewrap(spec) {
+async function probeLinuxBubblewrap(spec, input = {}) {
     const providerFamily = providerFamilyFor(spec);
     if (process.platform !== "linux") {
         return unsupported(providerFamily, spec, "linux-bubblewrap sandbox only runs on Linux");
     }
     const dependencyRefs = dependencyRefsFor(spec);
+    if (input.providerReady === true) {
+        const dependencyChecks = [
+            {
+                dependencyId: "dependency.binary.raxcell",
+                required: true,
+                status: "available",
+                source: "custom",
+                installTarget: "manual",
+                publicSafeMessage: "RaxcellSandboxProvider is injected by the Praxis runtime",
+            },
+            ...(await linuxOptionalChecks()),
+        ];
+        return {
+            providerFamily,
+            profile: spec.profile,
+            status: "available",
+            platform: process.platform,
+            dependencyRefs,
+            availableDependencies: dependencyRefs,
+            missingDependencies: [],
+            dependencyChecks,
+            dependencyInstallEnvelopes: [],
+            selfRepairHints: repairHints({ providerFamily, missingDependencies: [], status: "available" }),
+            nextAction: "none",
+            publicSafeMessage: "Injected Raxcell linux-bubblewrap sandbox provider is available",
+            metadata: {
+                sandboxId: spec.sandboxId,
+                isolationLevel: spec.isolationLevel ?? "process-namespace",
+                provider: "raxcell",
+                injectedProvider: true,
+            },
+        };
+    }
     const dependencies = await dependencyAvailability(dependencyRefs);
     const dependencyChecks = [
         ...(await Promise.all(dependencyRefs.map((ref) => binaryCheck(ref, true)))),
@@ -332,11 +407,12 @@ async function probeLinuxBubblewrap(spec) {
                 missingDependencies: dependencies.missing,
                 status: "missingDependency",
             }),
-            nextAction: "installDependency",
-            publicSafeMessage: "linux-bubblewrap sandbox requires the bwrap binary before it can run",
+            nextAction: "manualProviderSetup",
+            publicSafeMessage: "linux-bubblewrap sandbox requires a configured Raxcell provider before it can run",
             metadata: {
-                installHint: "Install bubblewrap through the system package manager, then rerun rax test.",
+                installHint: "Set RAXCELL_BIN or inject RaxcellSandboxProvider through runtime sandbox options.",
                 sandboxId: spec.sandboxId,
+                requiredProvider: "raxcell",
             },
         };
     }
@@ -352,10 +428,12 @@ async function probeLinuxBubblewrap(spec) {
         dependencyInstallEnvelopes: [],
         selfRepairHints: repairHints({ providerFamily, missingDependencies: [], status: "available" }),
         nextAction: "none",
-        publicSafeMessage: "linux-bubblewrap sandbox dependencies are available",
+        publicSafeMessage: "Raxcell linux-bubblewrap sandbox provider is available",
         metadata: {
             sandboxId: spec.sandboxId,
             isolationLevel: spec.isolationLevel ?? "process-namespace",
+            provider: "raxcell",
+            binaryPath: resolveRaxcellBinaryPath() ?? "raxcell",
         },
     };
 }
@@ -447,193 +525,23 @@ async function probeWindowsRestricted(spec) {
         },
     };
 }
-async function ensureLinuxBubblewrapPaths(cwd) {
-    const workspace = path.resolve(cwd);
-    const raxWorkspace = path.join(workspace, ".rax_workspace");
-    const sandboxRoot = path.join(raxWorkspace, "sandbox");
-    const home = path.join(sandboxRoot, "home");
-    const tmp = path.join(sandboxRoot, "tmp");
-    const artifacts = path.join(sandboxRoot, "artifacts");
-    await Promise.all([
-        mkdir(home, { recursive: true }),
-        mkdir(tmp, { recursive: true }),
-        mkdir(artifacts, { recursive: true }),
-    ]);
-    return { workspace, raxWorkspace, sandboxRoot, home, tmp, artifacts };
-}
-function linuxBubblewrapSystemMounts() {
-    const args = [];
-    for (const dir of ["/usr", "/bin", "/lib", "/lib64", "/etc", "/opt", "/nix"]) {
-        args.push("--ro-bind-try", dir, dir);
-    }
-    return args;
-}
-function minimalDeviceMounts() {
-    return [
-        "--dir",
-        "/dev",
-        "--dev-bind",
-        "/dev/null",
-        "/dev/null",
-        "--dev-bind",
-        "/dev/zero",
-        "/dev/zero",
-        "--dev-bind",
-        "/dev/random",
-        "/dev/random",
-        "--dev-bind",
-        "/dev/urandom",
-        "/dev/urandom",
-    ];
-}
-function smokeScript() {
-    return [
-        "test \"$(pwd)\" = /workspace",
-        "test \"$HOME\" = /sandbox-home",
-        "test -d /workspace",
-        "test -r /workspace",
-        "test -w /workspace/.rax_workspace/sandbox",
-        "test -w /tmp",
-        "test -w /artifacts",
-        "echo praxis-smoke >/workspace/.rax_workspace/sandbox/tmp/praxis-bwrap-smoke.txt",
-        "test ! -e /home/proview/.ssh",
-        "test ! -e /host-home",
-        "test -d /proc",
-        "echo check:cwd",
-        "echo check:home",
-        "echo check:workspace",
-        "echo check:scratch",
-        "echo check:tmp",
-        "echo check:artifacts",
-        "echo check:host-home-hidden",
-        "echo check:proc",
-    ].join(" && ");
-}
-function smokeCommand(paths) {
-    return [
-        "bwrap",
-        "--unshare-pid",
-        "--unshare-ipc",
-        "--unshare-uts",
-        "--unshare-net",
-        "--die-with-parent",
-        ...linuxBubblewrapSystemMounts(),
-        "--proc",
-        "/proc",
-        ...minimalDeviceMounts(),
-        "--ro-bind",
-        paths.workspace,
-        "/workspace",
-        "--bind",
-        paths.raxWorkspace,
-        "/workspace/.rax_workspace",
-        "--bind",
-        paths.home,
-        "/sandbox-home",
-        "--bind",
-        paths.tmp,
-        "/tmp",
-        "--bind",
-        paths.artifacts,
-        "/artifacts",
-        "--setenv",
-        "HOME",
-        "/sandbox-home",
-        "--setenv",
-        "TMPDIR",
-        "/tmp",
-        "--setenv",
-        "PRAXIS_SANDBOX",
-        "linux-bubblewrap",
-        "--chdir",
-        "/workspace",
-        "/usr/bin/env",
-        "sh",
-        "-lc",
-        smokeScript(),
-    ];
-}
-async function runLinuxBubblewrapSmoke(spec, input = {}) {
-    const cwd = input.cwd ?? process.cwd();
-    const paths = await ensureLinuxBubblewrapPaths(cwd);
-    const command = smokeCommand(paths);
-    if (process.platform !== "linux") {
-        return {
-            providerFamily: providerFamilyFor(spec),
-            profile: spec.profile,
-            status: "skipped",
-            commandPreview: command,
-            checks: [{ checkId: "platform", status: "skipped", publicSafeMessage: "linux-bubblewrap smoke only runs on Linux" }],
-            publicSafeMessage: "linux-bubblewrap smoke is skipped outside Linux",
-            metadata: { cwd, sandboxRoot: paths.sandboxRoot },
-        };
-    }
-    try {
-        const result = await execFileAsync(command[0] ?? "bwrap", [...command.slice(1)], {
-            cwd,
-            timeout: spec.resourceLimits.timeoutMs ?? 5_000,
-            maxBuffer: spec.resourceLimits.maxOutputBytes ?? 64_000,
-            env: {
-                ...process.env,
-                HOME: paths.home,
-                TMPDIR: paths.tmp,
-            },
-        });
-        const stdout = result.stdout ?? "";
-        const passedChecks = [
-            "cwd",
-            "home",
-            "workspace",
-            "scratch",
-            "tmp",
-            "artifacts",
-            "host-home-hidden",
-            "proc",
-        ].map((checkId) => ({
-            checkId,
-            status: stdout.includes(`check:${checkId}`) ? "passed" : "failed",
-            publicSafeMessage: stdout.includes(`check:${checkId}`)
-                ? `${checkId} boundary check passed`
-                : `${checkId} boundary check did not report success`,
-        }));
-        return {
-            providerFamily: providerFamilyFor(spec),
-            profile: spec.profile,
-            status: "passed",
-            commandPreview: command,
-            stdout: result.stdout,
-            stderr: result.stderr,
-            checks: passedChecks,
-            publicSafeMessage: "linux-bubblewrap workspace-only smoke passed",
-            metadata: {
-                cwd,
-                sandboxRoot: paths.sandboxRoot,
-                home: paths.home,
-                tmp: paths.tmp,
-                artifacts: paths.artifacts,
-                networkMode: "denied",
-                deviceExposure: "minimal",
-            },
-        };
-    }
-    catch (error) {
-        const err = error;
-        return {
-            providerFamily: providerFamilyFor(spec),
-            profile: spec.profile,
-            status: "failed",
-            commandPreview: command,
-            stdout: err.stdout,
-            stderr: err.stderr,
-            checks: [{ checkId: "linux-bubblewrap", status: "failed", publicSafeMessage: "bubblewrap command did not complete all boundary checks" }],
-            publicSafeMessage: "linux-bubblewrap smoke failed; user namespaces or bwrap policy may be unavailable",
-            metadata: {
-                cwd,
-                sandboxRoot: paths.sandboxRoot,
-                error: err.message ?? "unknown bwrap failure",
-            },
-        };
-    }
+function runLinuxBubblewrapSmoke(spec, input = {}) {
+    return Promise.resolve({
+        providerFamily: providerFamilyFor(spec),
+        profile: spec.profile,
+        status: "skipped",
+        commandPreview: [],
+        checks: [{
+                checkId: "raxcell-provider",
+                status: "skipped",
+                publicSafeMessage: "Raxcell owns Linux backend execution checks; Praxis runtime provider only verifies provider availability.",
+            }],
+        publicSafeMessage: "Raxcell linux-bubblewrap smoke is provider-owned and skipped by Praxis runtime.",
+        metadata: {
+            cwd: input.cwd ?? process.cwd(),
+            provider: "raxcell",
+        },
+    });
 }
 export function createSandboxRuntimeProvider(providerFamily) {
     return {
@@ -651,12 +559,14 @@ export function createSandboxRuntimeProvider(providerFamily) {
             return probeContractOnly(spec);
         },
         async prepare(spec, input = {}) {
-            const probe = await this.probe(spec);
+            const probe = providerFamilyFor(spec) === "linux-bubblewrap" && input.providerReady === true
+                ? await probeLinuxBubblewrap(spec, { providerReady: true })
+                : await this.probe(spec);
             const shouldSmoke = input.runSmoke === true && probe.status === "available" && providerFamilyFor(spec) === "linux-bubblewrap";
             const smoke = shouldSmoke
                 ? await this.runSmoke(spec, { cwd: input.cwd })
                 : undefined;
-            const ready = probe.status === "available" && (smoke === undefined || smoke.status === "passed");
+            const ready = probe.status === "available" && smoke?.status !== "failed";
             return {
                 providerFamily: providerFamilyFor(spec),
                 profile: spec.profile,

package/dist/runtimeImplementation/runtimeAgentManifest.js

@@ -11,6 +11,7 @@ import { createHash } from "node:crypto";
 import { createBaseToolSupportCatalog } from "./runtime.execEngine/baseToolSupportCatalog.js";
 import { canonicalDependencyId, dependencyKindFromId, } from "./runtime.dependencyPlane/index.js";
 import { capability as capabilityAuthoring, } from "./runtime.provisionPlane/index.js";
+import { mcpHarnessModuleFrom, runtimeRequirementsForMcpModule, } from "./runtime.mcpPlane/index.js";
 export class PromptPack {
     promptPackId;
     base;
@@ -352,7 +353,7 @@ export const sandbox = {
             profile: "linux-bubblewrap",
             providerFamily: "linux-bubblewrap",
             isolationLevel: "process-namespace",
-            dependencyRefs: input.dependencyRefs ?? ["binary:bwrap"],
+            dependencyRefs: input.dependencyRefs ?? ["dependency.binary.raxcell"],
             mountPolicy: input.mountPolicy ?? {
                 workspaceRootRef: "rax.workspace",
                 allowedReadRoots: ["workspace", ".rax_workspace"],
@@ -367,7 +368,7 @@ export const sandbox = {
                 windows: "unsupported",
             },
             metadata: {
-                provider: "bubblewrap",
+                provider: "raxcell",
                 providerVersion: "v2",
                 flatpakCompatible: true,
                 fallback: "explicit-only",
@@ -1268,7 +1269,10 @@ function normalizeHarness(input, authoring, normalizedTools) {
         statePlane: authoring.statePlane,
         frameworkCore: authoring.frameworkCore,
         modules: input.modules ?? {},
-        runtimeRequirements: cleanList(input.runtimeRequirements),
+        runtimeRequirements: cleanList([
+            ...(input.runtimeRequirements ?? []),
+            ...runtimeRequirementsForMcpModule(mcpHarnessModuleFrom({ modules: input.modules })),
+        ]),
         capabilities: authoring.capabilities,
         dependencies: authoring.dependencies,
         metadata: input.metadata ?? {},

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@praxis-ai/praxis",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "private": false,
   "type": "module",
   "description": "Praxis agentCore architecture scaffold, tests, and engineering contracts.",
@@ -154,6 +154,8 @@
     "@lancedb/lancedb": "^0.27.2",
     "@modelcontextprotocol/sdk": "^1.29.0",
     "@openai/agents": "^0.7.2",
+    "@praxis-ai/mcp-plus": "^1.0.0",
+    "@praxis-ai/raxcell": "^0.1.5",
     "@types/react": "^18.3.28",
     "apache-arrow": "^18.1.0",
     "effect": "^3.21.2",

package/raxode-tui/dist/raxode-cli/backend/agents/codingAgent/agent.js

@@ -97,15 +97,15 @@ function createRaxodeProvisioning(options) {
                 source: "raxode-backend",
             },
         }),
-        praxis.dependency.binary("bwrap", {
+        praxis.dependency.binary("raxcell", {
             required: options.sandboxProfile === "linuxBubblewrap",
             install: "manual",
-            reason: "Prepare the Linux bubblewrap sandbox provider; Praxis degrades to workspace rollback when it is unavailable.",
+            reason: "Prepare the Raxcell Linux sandbox provider; Praxis degrades to workspace rollback when it is unavailable.",
             metadata: {
                 source: "raxode-sandbox",
                 providerFamily: "linux-bubblewrap",
                 defaultWithSandbox: true,
-                installHint: "Install bubblewrap with the OS package manager, for example apt install bubblewrap.",
+                installHint: "Set RAXCELL_BIN or put the raxcell CLI on PATH.",
             },
         }),
         praxis.dependency.secretRef("provider.core.main", {

package/raxode-tui/dist/raxode-cli/backend/application/backendModuleInventory.js

@@ -118,7 +118,7 @@ export function createRaxodeBackendModuleInventory(input) {
                     hasModuleMode(manifest, "dependencyPlane"),
                     dependencyIds.has("dependency.binary.node"),
                     dependencyIds.has("dependency.npm.tsx"),
-                    dependencyIds.has("dependency.binary.bwrap"),
+                    dependencyIds.has("dependency.binary.raxcell"),
                 ],
             }),
             surface: "manifest.dependencies",
@@ -191,7 +191,7 @@ export function createRaxodeBackendModuleInventory(input) {
                     hasRequirement(manifest, "praxis.sandboxPlane.declaredCapabilities"),
                     capabilityIds.has("capability.raxode.sandbox"),
                     typeof manifest.sandbox.profile === "string",
-                    dependencyIds.has("dependency.binary.bwrap"),
+                    dependencyIds.has("dependency.binary.raxcell"),
                 ],
             }),
             surface: "manifest.sandbox",
@@ -200,7 +200,7 @@ export function createRaxodeBackendModuleInventory(input) {
             evidence: [
                 `profile=${manifest.sandbox.profile}`,
                 `providerFamily=${manifest.sandbox.providerFamily ?? "auto"}`,
-                `hasBwrapDependency=${dependencyIds.has("dependency.binary.bwrap")}`,
+                `hasRaxcellDependency=${dependencyIds.has("dependency.binary.raxcell")}`,
             ],
         },
         {