gitarsenal-cli 1.2.1 → 1.2.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gitarsenal-cli",
-  "version": "1.2.1",
+  "version": "1.2.3",
   "description": "CLI tool for creating Modal sandboxes with GitHub repositories",
   "main": "index.js",
   "bin": {

package/python/README.md

@@ -1,248 +1,68 @@
-# GitArsenal CLI
+# GitArsenal CLI Python Modules
 
-GitArsenal CLI is a powerful tool for setting up and running GPU-accelerated environments in the cloud using Modal.
+This directory contains Python modules for the GitArsenal CLI.
 
-## Installation
+## Modal Integration
 
-```bash
-# Clone the repository
-git clone https://github.com/yourusername/gitarsenal-cli.git
-cd gitarsenal-cli/python
-
-# Install dependencies
-pip install -r requirements.txt
-```
+The GitArsenal CLI integrates with Modal for creating sandboxes and SSH containers. The following modules are available:
 
-## First-Time Setup
+- `modal_proxy_service.py`: A proxy service for Modal operations
+- `test_modalSandboxScript.py`: Creates Modal sandboxes and SSH containers
+- `setup_modal_token.py`: Sets up the Modal token in the environment
+- `fetch_modal_tokens.py`: Fetches Modal tokens from the proxy server
 
-GitArsenal CLI comes with a built-in Modal token for the freemium service, so you don't need to set up your own Modal credentials. Just install and start using it!
+## Security Features
 
-### 1. Install Modal
+### Modal Token Cleanup
 
-```bash
-pip install modal
-```
+For enhanced security, GitArsenal CLI now automatically cleans up Modal tokens after SSH containers are created. This ensures that your Modal token is not left in the environment or on disk after the container is started.
 
-### 2. Optional: Set Up Additional Credentials
+The cleanup process:
+1. Removes Modal token environment variables (MODAL_TOKEN_ID, MODAL_TOKEN, MODAL_TOKEN_SECRET)
+2. Deletes Modal token files (.modal/token.json, .modal/token_alt.json, .modalconfig)
+3. Runs automatically after SSH container creation
+4. Runs on service shutdown via signal handlers
 
-If you want to use additional features, you can set up other credentials:
-
-```bash
-# Set up optional credentials
-./gitarsenal.py credentials setup
-```
-
-This will guide you through setting up:
-- **OpenAI API Key**: Used for debugging failed commands (optional)
-- **Hugging Face Token**: Used for accessing Hugging Face models (optional)
-- **Weights & Biases API Key**: Used for experiment tracking (optional)
+This prevents potential token leakage when containers are shared or when the service is stopped.
 
 ## Usage
 
-### Creating a Modal Sandbox
-
-```bash
-./gitarsenal.py sandbox --gpu A10G --repo-url "https://github.com/username/repo.git"
-```
-
-### Creating an SSH Container
-
-```bash
-./gitarsenal.py ssh --gpu A10G --repo-url "https://github.com/username/repo.git"
-```
-
-### Options
-
-- `--gpu`: GPU type (A10G, A100, H100, T4, V100)
-- `--repo-url`: Repository URL to clone
-- `--repo-name`: Repository name override
-- `--setup-commands`: Setup commands to run
-- `--volume-name`: Name of the Modal volume for persistent storage
-- `--timeout`: Container timeout in minutes (SSH mode only, default: 60)
-- `--use-proxy`: Use Modal proxy service instead of direct Modal access
-
-## Using the Modal Proxy Service
-
-GitArsenal CLI now supports using a Modal proxy service, which allows you to use Modal services without having your own Modal token. This is useful for teams or organizations where a single Modal account is shared.
-
-### Setting Up the Proxy Service
-
-#### 1. Create an Environment File
+To use the GitArsenal CLI Python modules, you can import them directly or use the provided scripts.
 
-Copy the example environment file and edit it:
+### Creating a Modal SSH Container
 
-```bash
-cp .env.example .env
-```
+```python
+from test_modalSandboxScript import create_modal_ssh_container
 
-Edit the `.env` file to add your Modal token:
+result = create_modal_ssh_container(
+    gpu_type="A10G",
+    repo_url="https://github.com/user/repo",
+    repo_name="repo",
+    setup_commands=["pip install -r requirements.txt"],
+    timeout_minutes=60
+)
 
-```
-MODAL_TOKEN=your_modal_token_here
+# The Modal token is automatically cleaned up after the container is created
 ```
 
-#### 2. Run the Proxy Service
+### Running the Modal Proxy Service
 
 ```bash
-# Start the proxy service
 python modal_proxy_service.py
 ```
 
-The service will start on port 5001 by default (to avoid conflicts with macOS AirPlay on port 5000).
-
-#### 3. Create an API Key for Clients
-
-When the service starts for the first time, it will generate an admin key. Use this key to create API keys for clients:
-
-```bash
-# Create a new API key
-curl -X POST -H "X-Admin-Key: your_admin_key" http://localhost:5001/api/create-api-key
-```
-
-#### 4. Using ngrok for Public Access (Optional)
-
-If you want to make your proxy service accessible from outside your network:
-
-```bash
-# Install ngrok if you haven't already
-brew install ngrok  # On macOS
-
-# Start ngrok to expose your proxy service
-ngrok http 5001
-```
-
-Use the ngrok URL when configuring clients.
+The service will automatically clean up Modal tokens on shutdown.
 
-### Configuring the Client
+## Testing
 
-```bash
-# Configure the proxy service
-./gitarsenal.py proxy configure
-```
-
-This will prompt you for the proxy service URL and API key.
-
-### Checking Proxy Service Status
+To test the Modal token cleanup functionality:
 
 ```bash
-# Check if the proxy service is running
-./gitarsenal.py proxy status
+python test_token_cleanup.py
 ```
 
-### Creating a Sandbox through the Proxy
-
-```bash
-# Create a sandbox through the proxy service
-./gitarsenal.py proxy sandbox --gpu A10G --repo-url "https://github.com/username/repo.git" --wait
-```
-
-### Creating an SSH Container through the Proxy
-
-```bash
-# Create an SSH container through the proxy service
-./gitarsenal.py proxy ssh --gpu A10G --repo-url "https://github.com/username/repo.git" --wait
-```
-
-### Using the Proxy with Standard Commands
-
-You can also use the proxy service with the standard `sandbox` and `ssh` commands by adding the `--use-proxy` flag:
-
-```bash
-# Create a sandbox using the proxy service
-./gitarsenal.py sandbox --gpu A10G --repo-url "https://github.com/username/repo.git" --use-proxy
-
-# Create an SSH container using the proxy service
-./gitarsenal.py ssh --gpu A10G --repo-url "https://github.com/username/repo.git" --use-proxy
-```
-
-## Managing Credentials
-
-You can manage your credentials using the following commands:
-
-```bash
-# Set up all credentials
-./gitarsenal.py credentials setup
-
-# Set a specific credential
-./gitarsenal.py credentials set modal_token
-
-# View a credential (masked for security)
-./gitarsenal.py credentials get modal_token
-
-# Clear a specific credential
-./gitarsenal.py credentials clear huggingface_token
-
-# Clear all credentials
-./gitarsenal.py credentials clear
-
-# List all saved credentials (without showing values)
-./gitarsenal.py credentials list
-```
-
-## Security
-
-Your credentials are stored securely in `~/.gitarsenal/credentials.json` with restrictive file permissions. The file is only readable by your user account.
-
-Proxy configuration is stored in `~/.gitarsenal/proxy_config.json` with similar security measures.
-
-## Troubleshooting
-
-### Modal Authentication Issues
-
-GitArsenal CLI comes with a built-in Modal token for the freemium service, so you shouldn't encounter any authentication issues. If you do:
-
-1. Ensure Modal is installed:
-   ```bash
-   pip install modal
-   ```
-
-2. Use the wrapper script to run commands with the built-in Modal token:
-   ```bash
-   python run_with_modal_token.py python modal_proxy_service.py
-   ```
-
-The wrapper script automatically sets up the built-in Modal token, so you don't need to create your own Modal account or token.
-
-### Proxy Service Issues
-
-If you're having issues with the proxy service:
-
-1. Check if the proxy service is running:
-   ```bash
-   ./gitarsenal.py proxy status
-   ```
-
-2. Reconfigure the proxy service:
-   ```bash
-   ./gitarsenal.py proxy configure
-   ```
-
-3. Make sure you have a valid API key for the proxy service.
-
-4. Check the proxy service logs:
-   ```bash
-   cat modal_proxy.log
-   ```
-
-5. If using ngrok, make sure the tunnel is active and use the correct URL.
-
-### API Timeout Issues
-
-If the GitArsenal API times out when analyzing repositories, the tool will automatically use fallback setup commands based on the detected programming language and technologies.
-
-### Other Issues
-
-1. Check that your credentials are set up correctly:
-   ```bash
-   ./gitarsenal.py credentials list
-   ```
-
-2. If needed, clear and reset your credentials:
-   ```bash
-   ./gitarsenal.py credentials clear
-   ./gitarsenal.py credentials setup
-   ```
-
-## License
-
-[MIT License](LICENSE) 
+This script verifies that the token cleanup process works correctly by:
+1. Setting up a test Modal token
+2. Verifying the token exists in environment and files
+3. Cleaning up the token
+4. Verifying the token has been removed 

package/python/modal_proxy_service.py

@@ -20,6 +20,8 @@ from dotenv import load_dotenv
 import uuid
 import sys
 from pathlib import Path
+import subprocess
+import signal
 
 # Add the current directory to the path so we can import the test_modalSandboxScript module
 current_dir = Path(__file__).parent.absolute()
@@ -208,6 +210,50 @@ def setup_modal_auth():
         logger.error(f"Error setting up Modal authentication: {e}")
         return False
 
+def cleanup_modal_token():
+    """Delete Modal token files and environment variables after SSH container is started"""
+    logger.info("🧹 Cleaning up Modal token for security...")
+    
+    try:
+        # Remove token from environment variables
+        if "MODAL_TOKEN_ID" in os.environ:
+            del os.environ["MODAL_TOKEN_ID"]
+            logger.info("✅ Removed MODAL_TOKEN_ID from environment")
+        
+        if "MODAL_TOKEN" in os.environ:
+            del os.environ["MODAL_TOKEN"]
+            logger.info("✅ Removed MODAL_TOKEN from environment")
+            
+        if "MODAL_TOKEN_SECRET" in os.environ:
+            del os.environ["MODAL_TOKEN_SECRET"]
+            logger.info("✅ Removed MODAL_TOKEN_SECRET from environment")
+        
+        # Delete token files
+        from pathlib import Path
+        modal_dir = Path.home() / ".modal"
+        if modal_dir.exists():
+            # Delete token.json
+            token_file = modal_dir / "token.json"
+            if token_file.exists():
+                token_file.unlink()
+                logger.info(f"✅ Deleted token file at {token_file}")
+            
+            # Delete token_alt.json if it exists
+            token_alt_file = modal_dir / "token_alt.json"
+            if token_alt_file.exists():
+                token_alt_file.unlink()
+                logger.info(f"✅ Deleted alternative token file at {token_alt_file}")
+        
+        # Delete .modalconfig file
+        modalconfig_file = Path.home() / ".modalconfig"
+        if modalconfig_file.exists():
+            modalconfig_file.unlink()
+            logger.info(f"✅ Deleted .modalconfig file at {modalconfig_file}")
+            
+        logger.info("✅ Modal token cleanup completed successfully")
+    except Exception as e:
+        logger.error(f"❌ Error during Modal token cleanup: {e}")
+
 @app.route('/api/health', methods=['GET'])
 def health_check():
     """Health check endpoint"""
@@ -223,6 +269,18 @@ def root():
     """Root endpoint for basic connectivity testing"""
     return jsonify({"status": "ok", "message": "Modal proxy service is running"})
 
+@app.route('/api/modal-tokens', methods=['GET'])
+def get_modal_tokens():
+    """Get Modal tokens (protected by API key)"""
+    if not authenticate_request():
+        return jsonify({"error": "Unauthorized"}), 401
+    
+    # Return the server's Modal token
+    return jsonify({
+        "token_id": MODAL_TOKEN,
+        "token_secret": MODAL_TOKEN  # For compatibility, use the same token
+    })
+
 @app.route('/api/create-api-key', methods=['POST'])
 def create_api_key():
     """Create a new API key (protected by admin key)"""
@@ -490,6 +548,9 @@ def create_ssh_container():
                     ssh_password=ssh_password
                 )
                 
+                # Clean up Modal token after container is created
+                cleanup_modal_token()
+                
                 if result:
                     active_containers[container_id] = {
                         "container_id": result.get("app_name"),
@@ -581,6 +642,17 @@ def terminate_container():
         logger.error(f"Error terminating container: {e}")
         return jsonify({"error": str(e)}), 500
 
+# Register signal handlers for cleanup on shutdown
+def signal_handler(sig, frame):
+    """Handle signals for graceful shutdown"""
+    logger.info(f"Received signal {sig}, cleaning up and shutting down...")
+    cleanup_modal_token()
+    sys.exit(0)
+
+# Register signal handlers for common termination signals
+signal.signal(signal.SIGINT, signal_handler)   # Ctrl+C
+signal.signal(signal.SIGTERM, signal_handler)  # Termination request
+
 if __name__ == '__main__':
     # Check if Modal token is set
     if not MODAL_TOKEN:

package/python/test_modalSandboxScript.py

@@ -981,13 +981,63 @@ def create_modal_sandbox(gpu_type, repo_url=None, repo_name=None, setup_commands
                 
                 # Check if this is a repo name that matches the end of current_dir
                 # This prevents errors like "cd repo-name" when already in "/root/repo-name"
+                # BUT we need to be careful about nested directories like /root/litex/litex
                 if (target_dir != "/" and target_dir != "." and target_dir != ".." and 
                     not target_dir.startswith("/") and not target_dir.startswith("./") and 
                     not target_dir.startswith("../") and current_dir.endswith("/" + target_dir)):
-                    print(f"⚠️ Detected redundant directory navigation: {cmd}")
-                    print(f"📂 Already in the correct directory: {current_dir}")
-                    print(f"✅ Skipping unnecessary navigation command")
-                    return True, f"Already in directory {current_dir}", ""
+                    
+                    # Advanced check: analyze directory contents to determine if navigation makes sense
+                    print(f"🔍 Analyzing directory contents to determine navigation necessity...")
+                    
+                    # Get current directory contents
+                    current_contents_cmd = "ls -la"
+                    current_result = sandbox.exec("bash", "-c", current_contents_cmd)
+                    current_result.wait()
+                    current_contents = _to_str(current_result.stdout) if current_result.stdout else ""
+                    
+                    # Check if target directory exists
+                    test_cmd = f"test -d \"{target_dir}\""
+                    test_result = sandbox.exec("bash", "-c", test_cmd)
+                    test_result.wait()
+                    
+                    if test_result.returncode == 0:
+                        # Target directory exists, get its contents
+                        target_contents_cmd = f"ls -la \"{target_dir}\""
+                        target_result = sandbox.exec("bash", "-c", target_contents_cmd)
+                        target_result.wait()
+                        target_contents = _to_str(target_result.stdout) if target_result.stdout else ""
+                        
+                        try:
+                            # Call LLM for analysis with the dedicated function
+                            llm_response = analyze_directory_navigation_with_llm(current_dir, target_dir, current_contents, target_contents, api_key)
+                            
+                            # Extract decision from LLM response
+                            if llm_response and "NAVIGATE" in llm_response.upper():
+                                print(f"🤖 LLM Analysis: Navigation makes sense - contents are different")
+                                print(f"📂 Current: {current_dir}")
+                                print(f"🎯 Target: {target_dir}")
+                                print(f"🔄 Proceeding with navigation...")
+                            else:
+                                print(f"🤖 LLM Analysis: Navigation is redundant - contents are similar")
+                                print(f"⚠️ Detected redundant directory navigation: {cmd}")
+                                print(f"📂 Already in the correct directory: {current_dir}")
+                                print(f"✅ Skipping unnecessary navigation command")
+                                return True, f"Already in directory {current_dir}", ""
+                                
+                        except Exception as e:
+                            print(f"⚠️ LLM analysis failed: {e}")
+                            print(f"🔄 Falling back to simple directory existence check...")
+                            # Fallback to simple check
+                            print(f"🔍 Detected nested directory '{target_dir}' exists in current location")
+                            print(f"📂 Current: {current_dir}")
+                            print(f"🎯 Target: {target_dir}")
+                            print(f"🔄 Proceeding with navigation to nested directory...")
+                    else:
+                        # No nested directory exists, so this is truly redundant
+                        print(f"⚠️ Detected redundant directory navigation: {cmd}")
+                        print(f"📂 Already in the correct directory: {current_dir}")
+                        print(f"✅ Skipping unnecessary navigation command")
+                        return True, f"Already in directory {current_dir}", ""
         
         # Remove any parenthetical text that could cause syntax errors in bash
         if '(' in cmd:
@@ -2181,17 +2231,113 @@ def ssh_container_function(ssh_password, repo_url=None, repo_name=None, setup_co
             subprocess.run(["service", "ssh", "start"], check=True)
 
 # Now modify the create_modal_ssh_container function to use the standalone ssh_container_function
+
 def create_modal_ssh_container(gpu_type, repo_url=None, repo_name=None, setup_commands=None, 
                                volume_name=None, timeout_minutes=60, ssh_password=None):
-    """Create a Modal SSH container with GPU support and proper tunneling"""
+    """Create a Modal SSH container with GPU support and tunneling"""
     
-    # Check Modal authentication
+    # Check if Modal is authenticated
     try:
-        modal.config.get_current_workspace_name()
-        print("✅ Modal authentication verified")
+        # Print all environment variables for debugging
+        print("🔍 DEBUG: Checking environment variables")
+        modal_token_id = os.environ.get("MODAL_TOKEN_ID")
+        modal_token = os.environ.get("MODAL_TOKEN")
+        print(f"🔍 MODAL_TOKEN_ID exists: {'Yes' if modal_token_id else 'No'}")
+        print(f"🔍 MODAL_TOKEN exists: {'Yes' if modal_token else 'No'}")
+        if modal_token_id:
+            print(f"🔍 MODAL_TOKEN_ID length: {len(modal_token_id)}")
+        if modal_token:
+            print(f"🔍 MODAL_TOKEN length: {len(modal_token)}")
+        
+        # Try to access Modal token to check authentication
+        try:
+            # Check if token is set in environment
+            modal_token_id = os.environ.get("MODAL_TOKEN_ID")
+            if not modal_token_id:
+                print("⚠️ MODAL_TOKEN_ID not found in environment.")
+                # Try to get from MODAL_TOKEN
+                modal_token = os.environ.get("MODAL_TOKEN")
+                if modal_token:
+                    print("✅ Found token in MODAL_TOKEN environment variable")
+                    os.environ["MODAL_TOKEN_ID"] = modal_token
+                    modal_token_id = modal_token
+                    print(f"✅ Set MODAL_TOKEN_ID from MODAL_TOKEN (length: {len(modal_token)})")
+            
+            if modal_token_id:
+                print(f"✅ Modal token found (length: {len(modal_token_id)})")
+                
+                # Use the comprehensive fix_modal_token script
+                try:
+                    # Execute the fix_modal_token.py script
+                    import subprocess
+                    print(f"🔄 Running fix_modal_token.py to set up Modal token...")
+                    result = subprocess.run(
+                        ["python", os.path.join(os.path.dirname(__file__), "fix_modal_token.py")],
+                        capture_output=True,
+                        text=True
+                    )
+                    
+                    # Print the output
+                    print(result.stdout)
+                    
+                    if result.returncode != 0:
+                        print(f"⚠️ Warning: fix_modal_token.py exited with code {result.returncode}")
+                        if result.stderr:
+                            print(f"Error: {result.stderr}")
+                            
+                    print(f"✅ Modal token setup completed")
+                except Exception as e:
+                    print(f"⚠️ Error running fix_modal_token.py: {e}")
+            else:
+                print("❌ No Modal token found in environment variables")
+                # Try to get from file as a last resort
+                try:
+                    home_dir = os.path.expanduser("~")
+                    modal_dir = os.path.join(home_dir, ".modal")
+                    token_file = os.path.join(modal_dir, "token.json")
+                    if os.path.exists(token_file):
+                        print(f"🔍 Found Modal token file at {token_file}")
+                        with open(token_file, 'r') as f:
+                            import json
+                            token_data = json.load(f)
+                            if "token_id" in token_data:
+                                modal_token_id = token_data["token_id"]
+                                os.environ["MODAL_TOKEN_ID"] = modal_token_id
+                                os.environ["MODAL_TOKEN"] = modal_token_id
+                                print(f"✅ Loaded token from file (length: {len(modal_token_id)})")
+                            else:
+                                print("❌ Token file does not contain token_id")
+                    else:
+                        print("❌ Modal token file not found")
+                except Exception as e:
+                    print(f"❌ Error loading token from file: {e}")
+                
+                if not os.environ.get("MODAL_TOKEN_ID"):
+                    print("❌ Could not find Modal token in any location")
+                    return None
+                
+        except Exception as e:
+            print(f"⚠️ Error checking Modal token: {e}")
+            # Try to use the token from environment
+            modal_token_id = os.environ.get("MODAL_TOKEN_ID")
+            modal_token = os.environ.get("MODAL_TOKEN")
+            if modal_token_id:
+                print(f"🔄 Using MODAL_TOKEN_ID from environment (length: {len(modal_token_id)})")
+            elif modal_token:
+                print(f"🔄 Using MODAL_TOKEN from environment (length: {len(modal_token)})")
+                os.environ["MODAL_TOKEN_ID"] = modal_token
+                modal_token_id = modal_token
+            else:
+                print("❌ No Modal token available. Cannot proceed.")
+                return None
+            
+            # Set it in both environment variables
+            os.environ["MODAL_TOKEN_ID"] = modal_token_id
+            os.environ["MODAL_TOKEN"] = modal_token_id
+            print("✅ Set both MODAL_TOKEN_ID and MODAL_TOKEN environment variables")
     except Exception as e:
-        print(f"❌ Modal authentication failed: {e}")
-        return None
+        print(f"⚠️ Error checking Modal authentication: {e}")
+        print("Continuing anyway, but Modal operations may fail")
     
     # Generate a unique app name with timestamp to avoid conflicts
     timestamp = datetime.datetime.now().strftime("%Y%m%d-%H%M%S")
@@ -2230,86 +2376,99 @@ def create_modal_ssh_container(gpu_type, repo_url=None, repo_name=None, setup_co
             print(f"⚠️ Could not setup volume '{volume_name}': {e}")
             print("⚠️ Continuing without persistent volume")
             volume = None
+    else:
+        # Create a default volume for this session
+        default_volume_name = f"ssh-vol-{timestamp}"
+        print(f"📦 Creating default volume: {default_volume_name}")
+        try:
+            volume = modal.Volume.from_name(default_volume_name, create_if_missing=True)
+            volume_name = default_volume_name
+            print(f"✅ Default volume '{default_volume_name}' created")
+        except Exception as e:
+            print(f"⚠️ Could not create default volume: {e}")
+            print("⚠️ Continuing without persistent volume")
+            volume = None
     
-    # Create the Modal app
-    app = modal.App(app_name)
+    # Print debug info for authentication
+    print("🔍 Modal authentication debug info:")
+    modal_token = os.environ.get("MODAL_TOKEN_ID")
+    print(f"  - MODAL_TOKEN_ID in env: {'Yes' if modal_token else 'No'}")
+    print(f"  - Token length: {len(modal_token) if modal_token else 'N/A'}")
     
+    # Verify we can create a Modal app
+    try:
+        print("🔍 Testing Modal app creation...")
+        app = modal.App(app_name)
+        print("✅ Created Modal app successfully")
+    except Exception as e:
+        print(f"❌ Error creating Modal app: {e}")
+        return None
+
     # Create SSH-enabled image
-    ssh_image = (
-        modal.Image.debian_slim()
-        .apt_install(
-            "openssh-server", "sudo", "curl", "wget", "vim", "htop", "git", 
-            "python3", "python3-pip", "build-essential", "tmux", "screen", "nano",
-            "gpg", "ca-certificates", "software-properties-common"
-        )
-        .pip_install("uv", "modal")
-        .run_commands(
-            # Create SSH directory
-            "mkdir -p /var/run/sshd",
-            "mkdir -p /root/.ssh",
-            "chmod 700 /root/.ssh",
-            
-            # Configure SSH server for password authentication
-            "sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config",
-            "sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config",
-            "sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config",
-            "sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config",
-            
-            # SSH keep-alive settings
-            "echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config",
-            "echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config",
-            
-            # Allow SSH on port 22
-            "echo 'Port 22' >> /etc/ssh/sshd_config",
-            
-            # Generate SSH host keys
-            "ssh-keygen -A",
-            
-            # Set up a nice bash prompt
-            "echo 'export PS1=\"\\[\\e[1;32m\\]modal:\\[\\e[1;34m\\]\\w\\[\\e[0m\\]$ \"' >> /root/.bashrc",
+    try:
+        print("📦 Building SSH-enabled image...")
+        ssh_image = (
+            modal.Image.debian_slim()
+            .apt_install(
+                "openssh-server", "sudo", "curl", "wget", "vim", "htop", "git", 
+                "python3", "python3-pip", "build-essential", "tmux", "screen", "nano",
+                "gpg", "ca-certificates", "software-properties-common"
+            )
+            .pip_install("uv", "modal")  # Fast Python package installer and Modal
+            .run_commands(
+                # Create SSH directory
+                "mkdir -p /var/run/sshd",
+                "mkdir -p /root/.ssh",
+                "chmod 700 /root/.ssh",
+                
+                # Configure SSH server
+                "sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config",
+                "sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config",
+                "sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config",
+                
+                # SSH keep-alive settings
+                "echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config",
+                "echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config",
+                
+                # Generate SSH host keys
+                "ssh-keygen -A",
+                
+                # Set up a nice bash prompt
+                "echo 'export PS1=\"\\[\\e[1;32m\\]modal:\\[\\e[1;34m\\]\\w\\[\\e[0m\\]$ \"' >> /root/.bashrc",
+            )
         )
-    )
-    
+        print("✅ SSH image built successfully")
+    except Exception as e:
+        print(f"❌ Error building SSH image: {e}")
+        return None
+        
     # Configure volumes if available
     volumes_config = {}
     if volume:
         volumes_config[volume_mount_path] = volume
-    
-    # Define the SSH container function with proper tunnel setup
+        
+    # Define the SSH container function
     @app.function(
         image=ssh_image,
-        timeout=timeout_minutes * 60,
+        timeout=timeout_minutes * 60,  # Convert to seconds
         gpu=gpu_spec['gpu'],
         cpu=2,
         memory=8192,
+        serialized=True,
         volumes=volumes_config if volumes_config else None,
     )
-    def ssh_container():
-        """Start SSH container with password authentication and tunnel."""
+    def ssh_container_function():
+        """Start SSH container with password authentication and optional setup."""
         import subprocess
         import time
         import os
         
-        print("🔧 Setting up SSH container...")
-        
         # Set root password
-        print(f"🔐 Setting root password...")
         subprocess.run(["bash", "-c", f"echo 'root:{ssh_password}' | chpasswd"], check=True)
         
         # Start SSH service
-        print("🚀 Starting SSH service...")
         subprocess.run(["service", "ssh", "start"], check=True)
         
-        # Verify SSH service is running
-        result = subprocess.run(["service", "ssh", "status"], capture_output=True, text=True)
-        if result.returncode == 0:
-            print("✅ SSH service is running")
-        else:
-            print("❌ SSH service failed to start")
-            print(result.stdout)
-            print(result.stderr)
-            return
-        
         # Clone repository if provided
         if repo_url:
             repo_name_from_url = repo_name or repo_url.split('/')[-1].replace('.git', '')
@@ -2343,74 +2502,52 @@ def create_modal_ssh_container(gpu_type, repo_url=None, repo_name=None, setup_co
                     if e.stderr:
                         print(f"❌ Error: {e.stderr}")
         
-        # CRITICAL: Use unencrypted tunnel for SSH (port 22)
-        print("🌐 Creating unencrypted SSH tunnel...")
-        
-        # Use Modal's unencrypted tunnel for SSH protocol
+        # Create SSH tunnel
         with modal.forward(22, unencrypted=True) as tunnel:
+            host, port = tunnel.tcp_socket
+            
             print("\n" + "=" * 80)
             print("🎉 SSH CONTAINER IS READY!")
             print("=" * 80)
-            print(f"🌐 SSH Host: {tunnel.tcp_socket[0]}")
-            print(f"🔌 SSH Port: {tunnel.tcp_socket[1]}")
+            print(f"🌐 SSH Host: {host}")
+            print(f"🔌 SSH Port: {port}")
             print(f"👤 Username: root")
             print(f"🔐 Password: {ssh_password}")
             print()
             print("🔗 CONNECT USING THIS COMMAND:")
-            print(f"ssh -p {tunnel.tcp_socket[1]} root@{tunnel.tcp_socket[0]}")
+            print(f"ssh -p {port} root@{host}")
             print("=" * 80)
             
-            # Store connection info in a file for later reference
-            connection_info = {
-                "host": tunnel.tcp_socket[0],
-                "port": tunnel.tcp_socket[1],
-                "username": "root",
-                "password": ssh_password,
-                "app_name": app_name,
-                "timestamp": datetime.datetime.now().isoformat()
-            }
-            
-            try:
-                with open(os.path.expanduser("~/.modal_ssh_connection"), "w") as f:
-                    json.dump(connection_info, f, indent=2)
-                print(f"📋 Connection info saved to ~/.modal_ssh_connection")
-            except Exception as e:
-                print(f"⚠️ Could not save connection info: {e}")
-            
-            # Keep the container and tunnel alive
-            print("⏳ Container is running. Press Ctrl+C to stop...")
-            try:
-                while True:
-                    time.sleep(30)
-                    # Check if SSH service is still running
-                    try:
-                        subprocess.run(["service", "ssh", "status"], check=True, 
-                                     capture_output=True)
-                    except subprocess.CalledProcessError:
-                        print("⚠️ SSH service stopped, restarting...")
-                        subprocess.run(["service", "ssh", "start"], check=True)
-            except KeyboardInterrupt:
-                print("\n👋 Container stopping...")
-                return
+            # Keep the container running
+            while True:
+                time.sleep(30)
+                # Check if SSH service is still running
+                try:
+                    subprocess.run(["service", "ssh", "status"], check=True, 
+                                 capture_output=True)
+                except subprocess.CalledProcessError:
+                    print("⚠️ SSH service stopped, restarting...")
+                    subprocess.run(["service", "ssh", "start"], check=True)
     
     # Run the container
     try:
         print("⏳ Starting container... This may take 1-2 minutes...")
         
-        # Run the container function
-        with app.run():
-            ssh_container.remote()
+        # Start the container in a new thread to avoid blocking
+        with modal.enable_output():
+            with app.run():
+                ssh_container_function.remote()
+                
+        # Clean up Modal token after container is successfully created
+        cleanup_modal_token()
         
         return {
             "app_name": app_name,
             "ssh_password": ssh_password,
             "volume_name": volume_name
         }
-        
     except Exception as e:
         print(f"❌ Error running container: {e}")
-        import traceback
-        traceback.print_exc()
         return None
 
 def fetch_setup_commands_from_api(repo_url):
@@ -3088,6 +3225,118 @@ def find_entry_point(repo_dir):
     
     return None
 
+def analyze_directory_navigation_with_llm(current_dir, target_dir, current_contents, target_contents, api_key=None):
+    """Use LLM to analyze if directory navigation makes sense"""
+    if not api_key:
+        # Try to get API key from environment
+        api_key = os.environ.get("OPENAI_API_KEY")
+        
+    if not api_key:
+        print("⚠️ No OpenAI API key available for directory analysis")
+        return None
+        
+    # Create analysis prompt
+    analysis_prompt = f"""
+I'm trying to determine if a 'cd {target_dir}' command makes sense.
+
+CURRENT DIRECTORY: {current_dir}
+Current directory contents:
+{current_contents}
+
+TARGET DIRECTORY: {target_dir}
+Target directory contents:
+{target_contents}
+
+Please analyze if navigating to the target directory makes sense by considering:
+1. Are the contents significantly different?
+2. Does the target directory contain important files (like source code, config files, etc.)?
+3. Is this likely a nested project directory or just a duplicate?
+4. Would navigating provide access to different functionality or files?
+
+Respond with only 'NAVIGATE' if navigation makes sense, or 'SKIP' if it's redundant.
+"""
+    
+    # Prepare the API request
+    headers = {
+        "Content-Type": "application/json",
+        "Authorization": f"Bearer {api_key}"
+    }
+    
+    payload = {
+        "model": "gpt-4",
+        "messages": [
+            {"role": "system", "content": "You are a directory navigation assistant. Analyze if navigating to a target directory makes sense based on the contents of both directories. Respond with only 'NAVIGATE' or 'SKIP'."},
+            {"role": "user", "content": analysis_prompt}
+        ],
+        "temperature": 0.1,
+        "max_tokens": 50
+    }
+    
+    try:
+        print("🤖 Calling OpenAI for directory navigation analysis...")
+        response = requests.post(
+            "https://api.openai.com/v1/chat/completions",
+            headers=headers,
+            json=payload,
+            timeout=30
+        )
+        
+        if response.status_code == 200:
+            result = response.json()
+            llm_response = result["choices"][0]["message"]["content"].strip()
+            print(f"🤖 LLM Response: {llm_response}")
+            return llm_response
+        else:
+            print(f"❌ OpenAI API error: {response.status_code} - {response.text}")
+            return None
+    except Exception as e:
+        print(f"❌ Error calling OpenAI API: {e}")
+        return None
+
+def cleanup_modal_token():
+    """Delete Modal token files and environment variables after SSH container is started"""
+    print("🧹 Cleaning up Modal token for security...")
+    
+    try:
+        # Remove token from environment variables
+        if "MODAL_TOKEN_ID" in os.environ:
+            del os.environ["MODAL_TOKEN_ID"]
+            print("✅ Removed MODAL_TOKEN_ID from environment")
+        
+        if "MODAL_TOKEN" in os.environ:
+            del os.environ["MODAL_TOKEN"]
+            print("✅ Removed MODAL_TOKEN from environment")
+            
+        if "MODAL_TOKEN_SECRET" in os.environ:
+            del os.environ["MODAL_TOKEN_SECRET"]
+            print("✅ Removed MODAL_TOKEN_SECRET from environment")
+        
+        # Delete token files
+        home_dir = os.path.expanduser("~")
+        modal_dir = os.path.join(home_dir, ".modal")
+        if os.path.exists(modal_dir):
+            # Delete token.json
+            token_file = os.path.join(modal_dir, "token.json")
+            if os.path.exists(token_file):
+                os.remove(token_file)
+                print(f"✅ Deleted token file at {token_file}")
+            
+            # Delete token_alt.json if it exists
+            token_alt_file = os.path.join(modal_dir, "token_alt.json")
+            if os.path.exists(token_alt_file):
+                os.remove(token_alt_file)
+                print(f"✅ Deleted alternative token file at {token_alt_file}")
+        
+        # Delete .modalconfig file
+        modalconfig_file = os.path.join(home_dir, ".modalconfig")
+        if os.path.exists(modalconfig_file):
+            os.remove(modalconfig_file)
+            print(f"✅ Deleted .modalconfig file at {modalconfig_file}")
+            
+        print("✅ Modal token cleanup completed successfully")
+    except Exception as e:
+        print(f"❌ Error during Modal token cleanup: {e}")
+
 if __name__ == "__main__":
     # Parse command line arguments when script is run directly
     import argparse

package/python/test_token_cleanup.py

@@ -0,0 +1,174 @@
+#!/usr/bin/env python3
+"""
+Test Modal Token Cleanup
+
+This script tests the Modal token cleanup functionality by:
+1. Setting up a Modal token
+2. Verifying the token exists in environment and files
+3. Cleaning up the token
+4. Verifying the token has been removed
+"""
+
+import os
+import sys
+import json
+from pathlib import Path
+import time
+
+# Add the parent directory to the path so we can import our modules
+parent_dir = Path(__file__).parent.absolute()
+sys.path.append(str(parent_dir))
+
+# Import our cleanup function
+from test_modalSandboxScript import cleanup_modal_token
+
+def setup_test_token():
+    """Set up a test Modal token in environment and files"""
+    print("🔧 Setting up test Modal token...")
+    
+    # Set test token in environment variables
+    test_token = "ak-testtoken12345"
+    os.environ["MODAL_TOKEN_ID"] = test_token
+    os.environ["MODAL_TOKEN"] = test_token
+    os.environ["MODAL_TOKEN_SECRET"] = "as-testsecret12345"
+    
+    # Create token files
+    modal_dir = Path.home() / ".modal"
+    modal_dir.mkdir(exist_ok=True)
+    
+    # Create token.json
+    token_file = modal_dir / "token.json"
+    with open(token_file, 'w') as f:
+        token_data = {
+            "token_id": test_token,
+            "token_secret": "as-testsecret12345"
+        }
+        json.dump(token_data, f)
+    
+    # Create token_alt.json
+    token_alt_file = modal_dir / "token_alt.json"
+    with open(token_alt_file, 'w') as f:
+        token_data_alt = {
+            "id": test_token,
+            "secret": "as-testsecret12345"
+        }
+        json.dump(token_data_alt, f)
+    
+    # Create .modalconfig file
+    modalconfig_file = Path.home() / ".modalconfig"
+    with open(modalconfig_file, 'w') as f:
+        f.write(f"token_id = {test_token}\n")
+        f.write(f"token_secret = as-testsecret12345\n")
+    
+    print("✅ Test Modal token set up successfully")
+    return test_token
+
+def verify_token_exists(test_token):
+    """Verify that the test token exists in environment and files"""
+    print("🔍 Verifying test token exists...")
+    
+    # Check environment variables
+    env_token_id = os.environ.get("MODAL_TOKEN_ID")
+    env_token = os.environ.get("MODAL_TOKEN")
+    env_token_secret = os.environ.get("MODAL_TOKEN_SECRET")
+    
+    if env_token_id != test_token:
+        print(f"❌ MODAL_TOKEN_ID mismatch: expected '{test_token}', got '{env_token_id}'")
+        return False
+    
+    if env_token != test_token:
+        print(f"❌ MODAL_TOKEN mismatch: expected '{test_token}', got '{env_token}'")
+        return False
+    
+    if not env_token_secret:
+        print("❌ MODAL_TOKEN_SECRET not set")
+        return False
+    
+    # Check token files
+    modal_dir = Path.home() / ".modal"
+    token_file = modal_dir / "token.json"
+    if not token_file.exists():
+        print(f"❌ Token file not found at {token_file}")
+        return False
+    
+    token_alt_file = modal_dir / "token_alt.json"
+    if not token_alt_file.exists():
+        print(f"❌ Alternative token file not found at {token_alt_file}")
+        return False
+    
+    modalconfig_file = Path.home() / ".modalconfig"
+    if not modalconfig_file.exists():
+        print(f"❌ .modalconfig file not found at {modalconfig_file}")
+        return False
+    
+    print("✅ Test token exists in environment and files")
+    return True
+
+def verify_token_cleaned_up():
+    """Verify that the test token has been cleaned up"""
+    print("🔍 Verifying token cleanup...")
+    
+    # Check environment variables
+    env_token_id = os.environ.get("MODAL_TOKEN_ID")
+    env_token = os.environ.get("MODAL_TOKEN")
+    env_token_secret = os.environ.get("MODAL_TOKEN_SECRET")
+    
+    if env_token_id:
+        print(f"❌ MODAL_TOKEN_ID still exists: '{env_token_id}'")
+        return False
+    
+    if env_token:
+        print(f"❌ MODAL_TOKEN still exists: '{env_token}'")
+        return False
+    
+    if env_token_secret:
+        print(f"❌ MODAL_TOKEN_SECRET still exists: '{env_token_secret}'")
+        return False
+    
+    # Check token files
+    modal_dir = Path.home() / ".modal"
+    token_file = modal_dir / "token.json"
+    if token_file.exists():
+        print(f"❌ Token file still exists at {token_file}")
+        return False
+    
+    token_alt_file = modal_dir / "token_alt.json"
+    if token_alt_file.exists():
+        print(f"❌ Alternative token file still exists at {token_alt_file}")
+        return False
+    
+    modalconfig_file = Path.home() / ".modalconfig"
+    if modalconfig_file.exists():
+        print(f"❌ .modalconfig file still exists at {modalconfig_file}")
+        return False
+    
+    print("✅ Token has been cleaned up successfully")
+    return True
+
+def run_test():
+    """Run the token cleanup test"""
+    print("🧪 Running Modal token cleanup test...")
+    
+    # Set up test token
+    test_token = setup_test_token()
+    
+    # Verify token exists
+    if not verify_token_exists(test_token):
+        print("❌ Test failed: Token setup verification failed")
+        return False
+    
+    # Clean up token
+    print("🧹 Cleaning up token...")
+    cleanup_modal_token()
+    
+    # Verify token has been cleaned up
+    if not verify_token_cleaned_up():
+        print("❌ Test failed: Token cleanup verification failed")
+        return False
+    
+    print("✅ Test passed: Token cleanup works correctly")
+    return True
+
+if __name__ == "__main__":
+    success = run_test()
+    sys.exit(0 if success else 1) 

package/test_modalSandboxScript.py

@@ -747,13 +747,29 @@ def create_modal_sandbox(gpu_type, repo_url=None, repo_name=None, setup_commands
                 
                 # Check if this is a repo name that matches the end of current_dir
                 # This prevents errors like "cd repo-name" when already in "/root/repo-name"
+                # BUT we need to be careful about nested directories like /root/litex/litex
                 if (target_dir != "/" and target_dir != "." and target_dir != ".." and 
                     not target_dir.startswith("/") and not target_dir.startswith("./") and 
                     not target_dir.startswith("../") and current_dir.endswith("/" + target_dir)):
-                    print(f"⚠️ Detected redundant directory navigation: {cmd}")
-                    print(f"📂 Already in the correct directory: {current_dir}")
-                    print(f"✅ Skipping unnecessary navigation command")
-                    return True, f"Already in directory {current_dir}", ""
+                    
+                    # Additional check: verify if there's actually a nested directory with this name
+                    # This prevents skipping legitimate navigation to nested directories
+                    test_cmd = f"test -d \"{target_dir}\""
+                    test_result = sandbox.exec("bash", "-c", test_cmd)
+                    test_result.wait()
+                    
+                    if test_result.returncode == 0:
+                        # The nested directory exists, so this is NOT redundant
+                        print(f"🔍 Detected nested directory '{target_dir}' exists in current location")
+                        print(f"📂 Current: {current_dir}")
+                        print(f"🎯 Target: {target_dir}")
+                        print(f"🔄 Proceeding with navigation to nested directory...")
+                    else:
+                        # No nested directory exists, so this is truly redundant
+                        print(f"⚠️ Detected redundant directory navigation: {cmd}")
+                        print(f"📂 Already in the correct directory: {current_dir}")
+                        print(f"✅ Skipping unnecessary navigation command")
+                        return True, f"Already in directory {current_dir}", ""
         
         # Remove any parenthetical text that could cause syntax errors in bash
         if '(' in cmd: