gitarsenal-cli 1.2.2 → 1.2.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gitarsenal-cli",
-  "version": "1.2.2",
+  "version": "1.2.3",
   "description": "CLI tool for creating Modal sandboxes with GitHub repositories",
   "main": "index.js",
   "bin": {

package/python/README.md

@@ -1,248 +1,68 @@
-# GitArsenal CLI
+# GitArsenal CLI Python Modules
 
-GitArsenal CLI is a powerful tool for setting up and running GPU-accelerated environments in the cloud using Modal.
+This directory contains Python modules for the GitArsenal CLI.
 
-## Installation
+## Modal Integration
 
-```bash
-# Clone the repository
-git clone https://github.com/yourusername/gitarsenal-cli.git
-cd gitarsenal-cli/python
-
-# Install dependencies
-pip install -r requirements.txt
-```
+The GitArsenal CLI integrates with Modal for creating sandboxes and SSH containers. The following modules are available:
 
-## First-Time Setup
+- `modal_proxy_service.py`: A proxy service for Modal operations
+- `test_modalSandboxScript.py`: Creates Modal sandboxes and SSH containers
+- `setup_modal_token.py`: Sets up the Modal token in the environment
+- `fetch_modal_tokens.py`: Fetches Modal tokens from the proxy server
 
-GitArsenal CLI comes with a built-in Modal token for the freemium service, so you don't need to set up your own Modal credentials. Just install and start using it!
+## Security Features
 
-### 1. Install Modal
+### Modal Token Cleanup
 
-```bash
-pip install modal
-```
+For enhanced security, GitArsenal CLI now automatically cleans up Modal tokens after SSH containers are created. This ensures that your Modal token is not left in the environment or on disk after the container is started.
 
-### 2. Optional: Set Up Additional Credentials
+The cleanup process:
+1. Removes Modal token environment variables (MODAL_TOKEN_ID, MODAL_TOKEN, MODAL_TOKEN_SECRET)
+2. Deletes Modal token files (.modal/token.json, .modal/token_alt.json, .modalconfig)
+3. Runs automatically after SSH container creation
+4. Runs on service shutdown via signal handlers
 
-If you want to use additional features, you can set up other credentials:
-
-```bash
-# Set up optional credentials
-./gitarsenal.py credentials setup
-```
-
-This will guide you through setting up:
-- **OpenAI API Key**: Used for debugging failed commands (optional)
-- **Hugging Face Token**: Used for accessing Hugging Face models (optional)
-- **Weights & Biases API Key**: Used for experiment tracking (optional)
+This prevents potential token leakage when containers are shared or when the service is stopped.
 
 ## Usage
 
-### Creating a Modal Sandbox
-
-```bash
-./gitarsenal.py sandbox --gpu A10G --repo-url "https://github.com/username/repo.git"
-```
-
-### Creating an SSH Container
-
-```bash
-./gitarsenal.py ssh --gpu A10G --repo-url "https://github.com/username/repo.git"
-```
-
-### Options
-
-- `--gpu`: GPU type (A10G, A100, H100, T4, V100)
-- `--repo-url`: Repository URL to clone
-- `--repo-name`: Repository name override
-- `--setup-commands`: Setup commands to run
-- `--volume-name`: Name of the Modal volume for persistent storage
-- `--timeout`: Container timeout in minutes (SSH mode only, default: 60)
-- `--use-proxy`: Use Modal proxy service instead of direct Modal access
-
-## Using the Modal Proxy Service
-
-GitArsenal CLI now supports using a Modal proxy service, which allows you to use Modal services without having your own Modal token. This is useful for teams or organizations where a single Modal account is shared.
-
-### Setting Up the Proxy Service
-
-#### 1. Create an Environment File
+To use the GitArsenal CLI Python modules, you can import them directly or use the provided scripts.
 
-Copy the example environment file and edit it:
+### Creating a Modal SSH Container
 
-```bash
-cp .env.example .env
-```
+```python
+from test_modalSandboxScript import create_modal_ssh_container
 
-Edit the `.env` file to add your Modal token:
+result = create_modal_ssh_container(
+    gpu_type="A10G",
+    repo_url="https://github.com/user/repo",
+    repo_name="repo",
+    setup_commands=["pip install -r requirements.txt"],
+    timeout_minutes=60
+)
 
-```
-MODAL_TOKEN=your_modal_token_here
+# The Modal token is automatically cleaned up after the container is created
 ```
 
-#### 2. Run the Proxy Service
+### Running the Modal Proxy Service
 
 ```bash
-# Start the proxy service
 python modal_proxy_service.py
 ```
 
-The service will start on port 5001 by default (to avoid conflicts with macOS AirPlay on port 5000).
-
-#### 3. Create an API Key for Clients
-
-When the service starts for the first time, it will generate an admin key. Use this key to create API keys for clients:
-
-```bash
-# Create a new API key
-curl -X POST -H "X-Admin-Key: your_admin_key" http://localhost:5001/api/create-api-key
-```
-
-#### 4. Using ngrok for Public Access (Optional)
-
-If you want to make your proxy service accessible from outside your network:
-
-```bash
-# Install ngrok if you haven't already
-brew install ngrok  # On macOS
-
-# Start ngrok to expose your proxy service
-ngrok http 5001
-```
-
-Use the ngrok URL when configuring clients.
+The service will automatically clean up Modal tokens on shutdown.
 
-### Configuring the Client
+## Testing
 
-```bash
-# Configure the proxy service
-./gitarsenal.py proxy configure
-```
-
-This will prompt you for the proxy service URL and API key.
-
-### Checking Proxy Service Status
+To test the Modal token cleanup functionality:
 
 ```bash
-# Check if the proxy service is running
-./gitarsenal.py proxy status
+python test_token_cleanup.py
 ```
 
-### Creating a Sandbox through the Proxy
-
-```bash
-# Create a sandbox through the proxy service
-./gitarsenal.py proxy sandbox --gpu A10G --repo-url "https://github.com/username/repo.git" --wait
-```
-
-### Creating an SSH Container through the Proxy
-
-```bash
-# Create an SSH container through the proxy service
-./gitarsenal.py proxy ssh --gpu A10G --repo-url "https://github.com/username/repo.git" --wait
-```
-
-### Using the Proxy with Standard Commands
-
-You can also use the proxy service with the standard `sandbox` and `ssh` commands by adding the `--use-proxy` flag:
-
-```bash
-# Create a sandbox using the proxy service
-./gitarsenal.py sandbox --gpu A10G --repo-url "https://github.com/username/repo.git" --use-proxy
-
-# Create an SSH container using the proxy service
-./gitarsenal.py ssh --gpu A10G --repo-url "https://github.com/username/repo.git" --use-proxy
-```
-
-## Managing Credentials
-
-You can manage your credentials using the following commands:
-
-```bash
-# Set up all credentials
-./gitarsenal.py credentials setup
-
-# Set a specific credential
-./gitarsenal.py credentials set modal_token
-
-# View a credential (masked for security)
-./gitarsenal.py credentials get modal_token
-
-# Clear a specific credential
-./gitarsenal.py credentials clear huggingface_token
-
-# Clear all credentials
-./gitarsenal.py credentials clear
-
-# List all saved credentials (without showing values)
-./gitarsenal.py credentials list
-```
-
-## Security
-
-Your credentials are stored securely in `~/.gitarsenal/credentials.json` with restrictive file permissions. The file is only readable by your user account.
-
-Proxy configuration is stored in `~/.gitarsenal/proxy_config.json` with similar security measures.
-
-## Troubleshooting
-
-### Modal Authentication Issues
-
-GitArsenal CLI comes with a built-in Modal token for the freemium service, so you shouldn't encounter any authentication issues. If you do:
-
-1. Ensure Modal is installed:
-   ```bash
-   pip install modal
-   ```
-
-2. Use the wrapper script to run commands with the built-in Modal token:
-   ```bash
-   python run_with_modal_token.py python modal_proxy_service.py
-   ```
-
-The wrapper script automatically sets up the built-in Modal token, so you don't need to create your own Modal account or token.
-
-### Proxy Service Issues
-
-If you're having issues with the proxy service:
-
-1. Check if the proxy service is running:
-   ```bash
-   ./gitarsenal.py proxy status
-   ```
-
-2. Reconfigure the proxy service:
-   ```bash
-   ./gitarsenal.py proxy configure
-   ```
-
-3. Make sure you have a valid API key for the proxy service.
-
-4. Check the proxy service logs:
-   ```bash
-   cat modal_proxy.log
-   ```
-
-5. If using ngrok, make sure the tunnel is active and use the correct URL.
-
-### API Timeout Issues
-
-If the GitArsenal API times out when analyzing repositories, the tool will automatically use fallback setup commands based on the detected programming language and technologies.
-
-### Other Issues
-
-1. Check that your credentials are set up correctly:
-   ```bash
-   ./gitarsenal.py credentials list
-   ```
-
-2. If needed, clear and reset your credentials:
-   ```bash
-   ./gitarsenal.py credentials clear
-   ./gitarsenal.py credentials setup
-   ```
-
-## License
-
-[MIT License](LICENSE) 
+This script verifies that the token cleanup process works correctly by:
+1. Setting up a test Modal token
+2. Verifying the token exists in environment and files
+3. Cleaning up the token
+4. Verifying the token has been removed 

package/python/modal_proxy_service.py

@@ -20,6 +20,8 @@ from dotenv import load_dotenv
 import uuid
 import sys
 from pathlib import Path
+import subprocess
+import signal
 
 # Add the current directory to the path so we can import the test_modalSandboxScript module
 current_dir = Path(__file__).parent.absolute()
@@ -208,6 +210,50 @@ def setup_modal_auth():
         logger.error(f"Error setting up Modal authentication: {e}")
         return False
 
+def cleanup_modal_token():
+    """Delete Modal token files and environment variables after SSH container is started"""
+    logger.info("🧹 Cleaning up Modal token for security...")
+    
+    try:
+        # Remove token from environment variables
+        if "MODAL_TOKEN_ID" in os.environ:
+            del os.environ["MODAL_TOKEN_ID"]
+            logger.info("✅ Removed MODAL_TOKEN_ID from environment")
+        
+        if "MODAL_TOKEN" in os.environ:
+            del os.environ["MODAL_TOKEN"]
+            logger.info("✅ Removed MODAL_TOKEN from environment")
+            
+        if "MODAL_TOKEN_SECRET" in os.environ:
+            del os.environ["MODAL_TOKEN_SECRET"]
+            logger.info("✅ Removed MODAL_TOKEN_SECRET from environment")
+        
+        # Delete token files
+        from pathlib import Path
+        modal_dir = Path.home() / ".modal"
+        if modal_dir.exists():
+            # Delete token.json
+            token_file = modal_dir / "token.json"
+            if token_file.exists():
+                token_file.unlink()
+                logger.info(f"✅ Deleted token file at {token_file}")
+            
+            # Delete token_alt.json if it exists
+            token_alt_file = modal_dir / "token_alt.json"
+            if token_alt_file.exists():
+                token_alt_file.unlink()
+                logger.info(f"✅ Deleted alternative token file at {token_alt_file}")
+        
+        # Delete .modalconfig file
+        modalconfig_file = Path.home() / ".modalconfig"
+        if modalconfig_file.exists():
+            modalconfig_file.unlink()
+            logger.info(f"✅ Deleted .modalconfig file at {modalconfig_file}")
+            
+        logger.info("✅ Modal token cleanup completed successfully")
+    except Exception as e:
+        logger.error(f"❌ Error during Modal token cleanup: {e}")
+
 @app.route('/api/health', methods=['GET'])
 def health_check():
     """Health check endpoint"""
@@ -502,6 +548,9 @@ def create_ssh_container():
                     ssh_password=ssh_password
                 )
                 
+                # Clean up Modal token after container is created
+                cleanup_modal_token()
+                
                 if result:
                     active_containers[container_id] = {
                         "container_id": result.get("app_name"),
@@ -593,6 +642,17 @@ def terminate_container():
         logger.error(f"Error terminating container: {e}")
         return jsonify({"error": str(e)}), 500
 
+# Register signal handlers for cleanup on shutdown
+def signal_handler(sig, frame):
+    """Handle signals for graceful shutdown"""
+    logger.info(f"Received signal {sig}, cleaning up and shutting down...")
+    cleanup_modal_token()
+    sys.exit(0)
+
+# Register signal handlers for common termination signals
+signal.signal(signal.SIGINT, signal_handler)   # Ctrl+C
+signal.signal(signal.SIGTERM, signal_handler)  # Termination request
+
 if __name__ == '__main__':
     # Check if Modal token is set
     if not MODAL_TOKEN:

package/python/test_modalSandboxScript.py

@@ -981,13 +981,63 @@ def create_modal_sandbox(gpu_type, repo_url=None, repo_name=None, setup_commands
                 
                 # Check if this is a repo name that matches the end of current_dir
                 # This prevents errors like "cd repo-name" when already in "/root/repo-name"
+                # BUT we need to be careful about nested directories like /root/litex/litex
                 if (target_dir != "/" and target_dir != "." and target_dir != ".." and 
                     not target_dir.startswith("/") and not target_dir.startswith("./") and 
                     not target_dir.startswith("../") and current_dir.endswith("/" + target_dir)):
-                    print(f"⚠️ Detected redundant directory navigation: {cmd}")
-                    print(f"📂 Already in the correct directory: {current_dir}")
-                    print(f"✅ Skipping unnecessary navigation command")
-                    return True, f"Already in directory {current_dir}", ""
+                    
+                    # Advanced check: analyze directory contents to determine if navigation makes sense
+                    print(f"🔍 Analyzing directory contents to determine navigation necessity...")
+                    
+                    # Get current directory contents
+                    current_contents_cmd = "ls -la"
+                    current_result = sandbox.exec("bash", "-c", current_contents_cmd)
+                    current_result.wait()
+                    current_contents = _to_str(current_result.stdout) if current_result.stdout else ""
+                    
+                    # Check if target directory exists
+                    test_cmd = f"test -d \"{target_dir}\""
+                    test_result = sandbox.exec("bash", "-c", test_cmd)
+                    test_result.wait()
+                    
+                    if test_result.returncode == 0:
+                        # Target directory exists, get its contents
+                        target_contents_cmd = f"ls -la \"{target_dir}\""
+                        target_result = sandbox.exec("bash", "-c", target_contents_cmd)
+                        target_result.wait()
+                        target_contents = _to_str(target_result.stdout) if target_result.stdout else ""
+                        
+                        try:
+                            # Call LLM for analysis with the dedicated function
+                            llm_response = analyze_directory_navigation_with_llm(current_dir, target_dir, current_contents, target_contents, api_key)
+                            
+                            # Extract decision from LLM response
+                            if llm_response and "NAVIGATE" in llm_response.upper():
+                                print(f"🤖 LLM Analysis: Navigation makes sense - contents are different")
+                                print(f"📂 Current: {current_dir}")
+                                print(f"🎯 Target: {target_dir}")
+                                print(f"🔄 Proceeding with navigation...")
+                            else:
+                                print(f"🤖 LLM Analysis: Navigation is redundant - contents are similar")
+                                print(f"⚠️ Detected redundant directory navigation: {cmd}")
+                                print(f"📂 Already in the correct directory: {current_dir}")
+                                print(f"✅ Skipping unnecessary navigation command")
+                                return True, f"Already in directory {current_dir}", ""
+                                
+                        except Exception as e:
+                            print(f"⚠️ LLM analysis failed: {e}")
+                            print(f"🔄 Falling back to simple directory existence check...")
+                            # Fallback to simple check
+                            print(f"🔍 Detected nested directory '{target_dir}' exists in current location")
+                            print(f"📂 Current: {current_dir}")
+                            print(f"🎯 Target: {target_dir}")
+                            print(f"🔄 Proceeding with navigation to nested directory...")
+                    else:
+                        # No nested directory exists, so this is truly redundant
+                        print(f"⚠️ Detected redundant directory navigation: {cmd}")
+                        print(f"📂 Already in the correct directory: {current_dir}")
+                        print(f"✅ Skipping unnecessary navigation command")
+                        return True, f"Already in directory {current_dir}", ""
         
         # Remove any parenthetical text that could cause syntax errors in bash
         if '(' in cmd:
@@ -2488,6 +2538,9 @@ def create_modal_ssh_container(gpu_type, repo_url=None, repo_name=None, setup_co
             with app.run():
                 ssh_container_function.remote()
                 
+        # Clean up Modal token after container is successfully created
+        cleanup_modal_token()
+        
         return {
             "app_name": app_name,
             "ssh_password": ssh_password,
@@ -3172,6 +3225,118 @@ def find_entry_point(repo_dir):
     
     return None
 
+def analyze_directory_navigation_with_llm(current_dir, target_dir, current_contents, target_contents, api_key=None):
+    """Use LLM to analyze if directory navigation makes sense"""
+    if not api_key:
+        # Try to get API key from environment
+        api_key = os.environ.get("OPENAI_API_KEY")
+        
+    if not api_key:
+        print("⚠️ No OpenAI API key available for directory analysis")
+        return None
+        
+    # Create analysis prompt
+    analysis_prompt = f"""
+I'm trying to determine if a 'cd {target_dir}' command makes sense.
+
+CURRENT DIRECTORY: {current_dir}
+Current directory contents:
+{current_contents}
+
+TARGET DIRECTORY: {target_dir}
+Target directory contents:
+{target_contents}
+
+Please analyze if navigating to the target directory makes sense by considering:
+1. Are the contents significantly different?
+2. Does the target directory contain important files (like source code, config files, etc.)?
+3. Is this likely a nested project directory or just a duplicate?
+4. Would navigating provide access to different functionality or files?
+
+Respond with only 'NAVIGATE' if navigation makes sense, or 'SKIP' if it's redundant.
+"""
+    
+    # Prepare the API request
+    headers = {
+        "Content-Type": "application/json",
+        "Authorization": f"Bearer {api_key}"
+    }
+    
+    payload = {
+        "model": "gpt-4",
+        "messages": [
+            {"role": "system", "content": "You are a directory navigation assistant. Analyze if navigating to a target directory makes sense based on the contents of both directories. Respond with only 'NAVIGATE' or 'SKIP'."},
+            {"role": "user", "content": analysis_prompt}
+        ],
+        "temperature": 0.1,
+        "max_tokens": 50
+    }
+    
+    try:
+        print("🤖 Calling OpenAI for directory navigation analysis...")
+        response = requests.post(
+            "https://api.openai.com/v1/chat/completions",
+            headers=headers,
+            json=payload,
+            timeout=30
+        )
+        
+        if response.status_code == 200:
+            result = response.json()
+            llm_response = result["choices"][0]["message"]["content"].strip()
+            print(f"🤖 LLM Response: {llm_response}")
+            return llm_response
+        else:
+            print(f"❌ OpenAI API error: {response.status_code} - {response.text}")
+            return None
+    except Exception as e:
+        print(f"❌ Error calling OpenAI API: {e}")
+        return None
+
+def cleanup_modal_token():
+    """Delete Modal token files and environment variables after SSH container is started"""
+    print("🧹 Cleaning up Modal token for security...")
+    
+    try:
+        # Remove token from environment variables
+        if "MODAL_TOKEN_ID" in os.environ:
+            del os.environ["MODAL_TOKEN_ID"]
+            print("✅ Removed MODAL_TOKEN_ID from environment")
+        
+        if "MODAL_TOKEN" in os.environ:
+            del os.environ["MODAL_TOKEN"]
+            print("✅ Removed MODAL_TOKEN from environment")
+            
+        if "MODAL_TOKEN_SECRET" in os.environ:
+            del os.environ["MODAL_TOKEN_SECRET"]
+            print("✅ Removed MODAL_TOKEN_SECRET from environment")
+        
+        # Delete token files
+        home_dir = os.path.expanduser("~")
+        modal_dir = os.path.join(home_dir, ".modal")
+        if os.path.exists(modal_dir):
+            # Delete token.json
+            token_file = os.path.join(modal_dir, "token.json")
+            if os.path.exists(token_file):
+                os.remove(token_file)
+                print(f"✅ Deleted token file at {token_file}")
+            
+            # Delete token_alt.json if it exists
+            token_alt_file = os.path.join(modal_dir, "token_alt.json")
+            if os.path.exists(token_alt_file):
+                os.remove(token_alt_file)
+                print(f"✅ Deleted alternative token file at {token_alt_file}")
+        
+        # Delete .modalconfig file
+        modalconfig_file = os.path.join(home_dir, ".modalconfig")
+        if os.path.exists(modalconfig_file):
+            os.remove(modalconfig_file)
+            print(f"✅ Deleted .modalconfig file at {modalconfig_file}")
+            
+        print("✅ Modal token cleanup completed successfully")
+    except Exception as e:
+        print(f"❌ Error during Modal token cleanup: {e}")
+
 if __name__ == "__main__":
     # Parse command line arguments when script is run directly
     import argparse

package/python/test_token_cleanup.py

@@ -0,0 +1,174 @@
+#!/usr/bin/env python3
+"""
+Test Modal Token Cleanup
+
+This script tests the Modal token cleanup functionality by:
+1. Setting up a Modal token
+2. Verifying the token exists in environment and files
+3. Cleaning up the token
+4. Verifying the token has been removed
+"""
+
+import os
+import sys
+import json
+from pathlib import Path
+import time
+
+# Add the parent directory to the path so we can import our modules
+parent_dir = Path(__file__).parent.absolute()
+sys.path.append(str(parent_dir))
+
+# Import our cleanup function
+from test_modalSandboxScript import cleanup_modal_token
+
+def setup_test_token():
+    """Set up a test Modal token in environment and files"""
+    print("🔧 Setting up test Modal token...")
+    
+    # Set test token in environment variables
+    test_token = "ak-testtoken12345"
+    os.environ["MODAL_TOKEN_ID"] = test_token
+    os.environ["MODAL_TOKEN"] = test_token
+    os.environ["MODAL_TOKEN_SECRET"] = "as-testsecret12345"
+    
+    # Create token files
+    modal_dir = Path.home() / ".modal"
+    modal_dir.mkdir(exist_ok=True)
+    
+    # Create token.json
+    token_file = modal_dir / "token.json"
+    with open(token_file, 'w') as f:
+        token_data = {
+            "token_id": test_token,
+            "token_secret": "as-testsecret12345"
+        }
+        json.dump(token_data, f)
+    
+    # Create token_alt.json
+    token_alt_file = modal_dir / "token_alt.json"
+    with open(token_alt_file, 'w') as f:
+        token_data_alt = {
+            "id": test_token,
+            "secret": "as-testsecret12345"
+        }
+        json.dump(token_data_alt, f)
+    
+    # Create .modalconfig file
+    modalconfig_file = Path.home() / ".modalconfig"
+    with open(modalconfig_file, 'w') as f:
+        f.write(f"token_id = {test_token}\n")
+        f.write(f"token_secret = as-testsecret12345\n")
+    
+    print("✅ Test Modal token set up successfully")
+    return test_token
+
+def verify_token_exists(test_token):
+    """Verify that the test token exists in environment and files"""
+    print("🔍 Verifying test token exists...")
+    
+    # Check environment variables
+    env_token_id = os.environ.get("MODAL_TOKEN_ID")
+    env_token = os.environ.get("MODAL_TOKEN")
+    env_token_secret = os.environ.get("MODAL_TOKEN_SECRET")
+    
+    if env_token_id != test_token:
+        print(f"❌ MODAL_TOKEN_ID mismatch: expected '{test_token}', got '{env_token_id}'")
+        return False
+    
+    if env_token != test_token:
+        print(f"❌ MODAL_TOKEN mismatch: expected '{test_token}', got '{env_token}'")
+        return False
+    
+    if not env_token_secret:
+        print("❌ MODAL_TOKEN_SECRET not set")
+        return False
+    
+    # Check token files
+    modal_dir = Path.home() / ".modal"
+    token_file = modal_dir / "token.json"
+    if not token_file.exists():
+        print(f"❌ Token file not found at {token_file}")
+        return False
+    
+    token_alt_file = modal_dir / "token_alt.json"
+    if not token_alt_file.exists():
+        print(f"❌ Alternative token file not found at {token_alt_file}")
+        return False
+    
+    modalconfig_file = Path.home() / ".modalconfig"
+    if not modalconfig_file.exists():
+        print(f"❌ .modalconfig file not found at {modalconfig_file}")
+        return False
+    
+    print("✅ Test token exists in environment and files")
+    return True
+
+def verify_token_cleaned_up():
+    """Verify that the test token has been cleaned up"""
+    print("🔍 Verifying token cleanup...")
+    
+    # Check environment variables
+    env_token_id = os.environ.get("MODAL_TOKEN_ID")
+    env_token = os.environ.get("MODAL_TOKEN")
+    env_token_secret = os.environ.get("MODAL_TOKEN_SECRET")
+    
+    if env_token_id:
+        print(f"❌ MODAL_TOKEN_ID still exists: '{env_token_id}'")
+        return False
+    
+    if env_token:
+        print(f"❌ MODAL_TOKEN still exists: '{env_token}'")
+        return False
+    
+    if env_token_secret:
+        print(f"❌ MODAL_TOKEN_SECRET still exists: '{env_token_secret}'")
+        return False
+    
+    # Check token files
+    modal_dir = Path.home() / ".modal"
+    token_file = modal_dir / "token.json"
+    if token_file.exists():
+        print(f"❌ Token file still exists at {token_file}")
+        return False
+    
+    token_alt_file = modal_dir / "token_alt.json"
+    if token_alt_file.exists():
+        print(f"❌ Alternative token file still exists at {token_alt_file}")
+        return False
+    
+    modalconfig_file = Path.home() / ".modalconfig"
+    if modalconfig_file.exists():
+        print(f"❌ .modalconfig file still exists at {modalconfig_file}")
+        return False
+    
+    print("✅ Token has been cleaned up successfully")
+    return True
+
+def run_test():
+    """Run the token cleanup test"""
+    print("🧪 Running Modal token cleanup test...")
+    
+    # Set up test token
+    test_token = setup_test_token()
+    
+    # Verify token exists
+    if not verify_token_exists(test_token):
+        print("❌ Test failed: Token setup verification failed")
+        return False
+    
+    # Clean up token
+    print("🧹 Cleaning up token...")
+    cleanup_modal_token()
+    
+    # Verify token has been cleaned up
+    if not verify_token_cleaned_up():
+        print("❌ Test failed: Token cleanup verification failed")
+        return False
+    
+    print("✅ Test passed: Token cleanup works correctly")
+    return True
+
+if __name__ == "__main__":
+    success = run_test()
+    sys.exit(0 if success else 1) 

package/test_modalSandboxScript.py

@@ -747,13 +747,29 @@ def create_modal_sandbox(gpu_type, repo_url=None, repo_name=None, setup_commands
                 
                 # Check if this is a repo name that matches the end of current_dir
                 # This prevents errors like "cd repo-name" when already in "/root/repo-name"
+                # BUT we need to be careful about nested directories like /root/litex/litex
                 if (target_dir != "/" and target_dir != "." and target_dir != ".." and 
                     not target_dir.startswith("/") and not target_dir.startswith("./") and 
                     not target_dir.startswith("../") and current_dir.endswith("/" + target_dir)):
-                    print(f"⚠️ Detected redundant directory navigation: {cmd}")
-                    print(f"📂 Already in the correct directory: {current_dir}")
-                    print(f"✅ Skipping unnecessary navigation command")
-                    return True, f"Already in directory {current_dir}", ""
+                    
+                    # Additional check: verify if there's actually a nested directory with this name
+                    # This prevents skipping legitimate navigation to nested directories
+                    test_cmd = f"test -d \"{target_dir}\""
+                    test_result = sandbox.exec("bash", "-c", test_cmd)
+                    test_result.wait()
+                    
+                    if test_result.returncode == 0:
+                        # The nested directory exists, so this is NOT redundant
+                        print(f"🔍 Detected nested directory '{target_dir}' exists in current location")
+                        print(f"📂 Current: {current_dir}")
+                        print(f"🎯 Target: {target_dir}")
+                        print(f"🔄 Proceeding with navigation to nested directory...")
+                    else:
+                        # No nested directory exists, so this is truly redundant
+                        print(f"⚠️ Detected redundant directory navigation: {cmd}")
+                        print(f"📂 Already in the correct directory: {current_dir}")
+                        print(f"✅ Skipping unnecessary navigation command")
+                        return True, f"Already in directory {current_dir}", ""
         
         # Remove any parenthetical text that could cause syntax errors in bash
         if '(' in cmd: