cowork-dash 0.1.9__py3-none-any.whl → 0.2.1__py3-none-any.whl

cowork_dash/config.py

@@ -23,9 +23,15 @@ when no environment variables or CLI arguments are provided.
 """
 
 import os
+import platform
 from pathlib import Path
 
 
+def is_linux() -> bool:
+    """Check if running on Linux."""
+    return platform.system() == "Linux"
+
+
 def get_config(key: str, default=None, type_cast=None):
     """
     Get configuration value with priority:
@@ -111,18 +117,23 @@ WELCOME_MESSAGE = get_config("welcome_message", default=_default_welcome)
 # Virtual filesystem mode (for multi-user deployments)
 # Environment variable: DEEPAGENT_VIRTUAL_FS
 # Accepts: true/1/yes to enable
+# IMPORTANT: Only available on Linux due to sandboxing requirements
 # When enabled:
 #   - Each browser session gets isolated in-memory file storage
 #   - Files, canvas, and uploads are not shared between sessions
 #   - All data is ephemeral (cleared when session ends)
+#   - Bash commands run in bubblewrap sandbox for security
 # When disabled (default):
 #   - All sessions share the same workspace directory on disk
 #   - Files persist on disk
-VIRTUAL_FS = get_config(
+_virtual_fs_requested = get_config(
     "virtual_fs",
     default=False,
     type_cast=lambda x: str(x).lower() in ("true", "1", "yes")
 )
+# Virtual FS is only supported on Linux (requires bubblewrap for bash sandboxing)
+VIRTUAL_FS = _virtual_fs_requested and is_linux()
+VIRTUAL_FS_UNAVAILABLE_REASON = None if is_linux() else "Virtual filesystem mode requires Linux (uses bubblewrap for bash sandboxing)"
 
 # Session timeout in seconds (only used when VIRTUAL_FS is True)
 # Environment variable: DEEPAGENT_SESSION_TIMEOUT

cowork_dash/file_utils.py

@@ -136,8 +136,18 @@ def load_folder_contents(
     return build_file_tree(full_path, workspace_root, lazy_load=True)
 
 
-def render_file_tree(items: List[Dict], colors: Dict, styles: Dict, level: int = 0, parent_path: str = "", expanded_folders: List[str] = None) -> List:
-    """Render file tree with collapsible folders using CSS classes for theming."""
+def render_file_tree(items: List[Dict], colors: Dict, styles: Dict, level: int = 0, parent_path: str = "", expanded_folders: List[str] = None, workspace_root: AnyRoot = None) -> List:
+    """Render file tree with collapsible folders using CSS classes for theming.
+
+    Args:
+        items: List of file/folder items from build_file_tree
+        colors: Theme colors dict
+        styles: Style dict
+        level: Current nesting level
+        parent_path: Path of parent folder
+        expanded_folders: List of folder IDs that should be expanded
+        workspace_root: Workspace root for loading expanded folder contents
+    """
     components = []
     indent = level * 15  # Scaled up indent
     expanded_folders = expanded_folders or []
@@ -199,7 +209,7 @@ def render_file_tree(items: List[Dict], colors: Dict, styles: Dict, level: int =
 
             if children:
                 # Children are loaded, render them
-                child_content = render_file_tree(children, colors, styles, level + 1, item["path"], expanded_folders)
+                child_content = render_file_tree(children, colors, styles, level + 1, item["path"], expanded_folders, workspace_root)
             elif not has_children:
                 # Folder is known to be empty
                 child_content = [
@@ -210,8 +220,37 @@ def render_file_tree(items: List[Dict], colors: Dict, styles: Dict, level: int =
                         "fontStyle": "italic",
                     })
                 ]
+            elif is_expanded and workspace_root is not None:
+                # Folder is expanded but children not loaded - load them now
+                # This happens when rebuilding the tree with preserved expanded_folders state
+                try:
+                    folder_items = load_folder_contents(item["path"], workspace_root)
+                    child_content = render_file_tree(folder_items, colors, styles, level + 1, item["path"], expanded_folders, workspace_root)
+                    if not child_content:
+                        child_content = [
+                            html.Div("(empty)", className="file-tree-empty", style={
+                                "padding": "4px 10px",
+                                "paddingLeft": f"{25 + (level + 1) * 15}px",
+                                "fontSize": "12px",
+                                "fontStyle": "italic",
+                            })
+                        ]
+                except Exception:
+                    # Fall back to loading placeholder if loading fails
+                    child_content = [
+                        html.Div("Loading...",
+                            id={"type": "folder-loading", "path": folder_id},
+                            className="file-tree-loading",
+                            style={
+                                "padding": "4px 10px",
+                                "paddingLeft": f"{25 + (level + 1) * 15}px",
+                                "fontSize": "12px",
+                                "fontStyle": "italic",
+                            }
+                        )
+                    ]
             else:
-                # Children not yet loaded (lazy loading)
+                # Children not yet loaded (lazy loading) and folder is collapsed
                 child_content = [
                     html.Div("Loading...",
                         id={"type": "folder-loading", "path": folder_id},

cowork_dash/layout.py

@@ -49,9 +49,11 @@ def create_layout(workspace_root, app_title, app_subtitle, colors, styles, agent
             dcc.Store(id="expanded-folders", data=[]),
             dcc.Store(id="file-to-view", data=None),
             dcc.Store(id="file-click-tracker", data={}),
+            dcc.Store(id="csv-pagination", data={"page": 0, "total_pages": 0, "rows_per_page": 50}),
             dcc.Store(id="theme-store", data="light", storage_type="local"),
             dcc.Store(id="current-workspace-path", data=""),  # Relative path from original workspace root
             dcc.Store(id="collapsed-canvas-items", data=[]),  # Track which canvas items are collapsed
+            dcc.Store(id="sidebar-collapsed", data=False),  # Track if sidebar is collapsed
             dcc.Download(id="file-download"),
 
             # Interval for polling agent updates (disabled by default)
@@ -133,6 +135,22 @@ def create_layout(workspace_root, app_title, app_subtitle, colors, styles, agent
                 opened=False,
             ),
 
+            # Fullscreen preview modal for HTML/PDF
+            dmc.Modal(
+                id="fullscreen-preview-modal",
+                title="Preview",
+                size="100%",
+                children=[
+                    html.Div(id="fullscreen-preview-content", style={"height": "calc(100vh - 120px)"})
+                ],
+                opened=False,
+                styles={
+                    "content": {"height": "95vh", "maxHeight": "95vh"},
+                    "body": {"height": "calc(100% - 60px)", "padding": "0"},
+                },
+            ),
+            dcc.Store(id="fullscreen-preview-data", data=None),
+
             html.Div([
                 # Compact Header
                 html.Header([
@@ -209,7 +227,7 @@ def create_layout(workspace_root, app_title, app_subtitle, colors, styles, agent
                         "background": "var(--mantine-color-body)",
                     }),
                 ], id="chat-panel", style={
-                    "flex": "1", "display": "flex", "flexDirection": "column",
+                    "flex": "3", "display": "flex", "flexDirection": "column",
                     "background": "var(--mantine-color-body)", "minWidth": "0",
                 }),
 
@@ -263,6 +281,13 @@ def create_layout(workspace_root, app_title, app_subtitle, colors, styles, agent
                                 variant="default",
                                 size="md",
                             ),
+                            dmc.ActionIcon(
+                                DashIconify(icon="mdi:chevron-right", width=18),
+                                id="collapse-sidebar-btn",
+                                variant="subtle",
+                                size="md",
+                                **{"aria-label": "Collapse sidebar"},
+                            ),
                         ], id="files-actions", gap=5)
                     ], id="sidebar-header", style={
                         "display": "flex", "justifyContent": "space-between",
@@ -295,7 +320,6 @@ def create_layout(workspace_root, app_title, app_subtitle, colors, styles, agent
                         ], className="breadcrumb-bar", style={
                             "padding": "6px 10px",
                             "borderBottom": "1px solid var(--mantine-color-default-border)",
-                            "background": "var(--mantine-color-gray-0)",
                         }),
                         html.Div(
                             id="file-tree",
@@ -346,6 +370,23 @@ def create_layout(workspace_root, app_title, app_subtitle, colors, styles, agent
                     "background": "var(--mantine-color-body)",
                     "borderLeft": "1px solid var(--mantine-color-default-border)",
                 }),
+
+                # Expand button (shown when sidebar is collapsed)
+                html.Div([
+                    dmc.ActionIcon(
+                        DashIconify(icon="mdi:chevron-left", width=18),
+                        id="expand-sidebar-btn",
+                        variant="subtle",
+                        size="md",
+                        **{"aria-label": "Expand sidebar"},
+                    ),
+                ], id="sidebar-expand-btn", style={
+                    "display": "none",
+                    "alignItems": "flex-start",
+                    "paddingTop": "10px",
+                    "borderLeft": "1px solid var(--mantine-color-default-border)",
+                    "background": "var(--mantine-color-body)",
+                }),
             ], id="main-container", style={"display": "flex", "flex": "1", "overflow": "hidden"}),
         ], id="app-container", style={"display": "flex", "flexDirection": "column", "height": "100vh"})
     ])

cowork_dash/sandbox.py

@@ -0,0 +1,361 @@
+"""Sandbox execution for bash commands in virtual filesystem mode.
+
+Provides secure command execution using bubblewrap (Linux) or Docker as fallback.
+This module is only used when VIRTUAL_FS mode is enabled.
+"""
+
+import os
+import shutil
+import subprocess
+import tempfile
+from pathlib import Path
+from typing import Any, Dict, List, Optional, Tuple
+
+from .virtual_fs import VirtualFilesystem
+
+
+class SandboxError(Exception):
+    """Error during sandbox execution."""
+    pass
+
+
+class SandboxUnavailableError(SandboxError):
+    """No sandbox backend available."""
+    pass
+
+
+def check_bubblewrap_available() -> bool:
+    """Check if bubblewrap (bwrap) is available on the system."""
+    return shutil.which("bwrap") is not None
+
+
+def check_docker_available() -> bool:
+    """Check if Docker is available and running."""
+    if not shutil.which("docker"):
+        return False
+    try:
+        result = subprocess.run(
+            ["docker", "info"],
+            capture_output=True,
+            timeout=5
+        )
+        return result.returncode == 0
+    except (subprocess.TimeoutExpired, OSError):
+        return False
+
+
+def get_available_sandbox() -> Optional[str]:
+    """Get the best available sandbox backend.
+
+    Returns:
+        "bubblewrap", "docker", or None if no sandbox available
+    """
+    if check_bubblewrap_available():
+        return "bubblewrap"
+    if check_docker_available():
+        return "docker"
+    return None
+
+
+class SandboxedBashExecutor:
+    """Execute bash commands in a sandboxed environment.
+
+    Syncs files between VirtualFilesystem and a temp directory,
+    runs commands in a sandbox, and syncs results back.
+    """
+
+    def __init__(self, fs: VirtualFilesystem, session_id: str):
+        """Initialize executor with a virtual filesystem.
+
+        Args:
+            fs: The VirtualFilesystem to sync with
+            session_id: Unique session identifier for temp dir naming
+        """
+        self.fs = fs
+        self.session_id = session_id
+        self._temp_dir: Optional[Path] = None
+        self._sandbox_backend = get_available_sandbox()
+
+    @property
+    def temp_dir(self) -> Path:
+        """Get or create the persistent temp directory for this session."""
+        if self._temp_dir is None or not self._temp_dir.exists():
+            # Create session-specific temp directory
+            base_temp = Path(tempfile.gettempdir()) / "cowork-sandbox"
+            base_temp.mkdir(exist_ok=True)
+            self._temp_dir = base_temp / f"session-{self.session_id}"
+            self._temp_dir.mkdir(exist_ok=True)
+            # Initial sync from virtual FS to temp dir
+            self._sync_to_disk()
+        return self._temp_dir
+
+    def _sync_to_disk(self) -> None:
+        """Sync virtual filesystem contents to the temp directory."""
+        # Clear existing files in temp dir (but keep the dir)
+        for item in self.temp_dir.iterdir():
+            if item.is_file():
+                item.unlink()
+            elif item.is_dir():
+                shutil.rmtree(item)
+
+        # Copy all files from virtual FS
+        for path_str, content in self.fs._files.items():
+            # Convert virtual path to relative path
+            rel_path = path_str.lstrip("/")
+            if rel_path.startswith("workspace/"):
+                rel_path = rel_path[len("workspace/"):]
+
+            target = self.temp_dir / rel_path
+            target.parent.mkdir(parents=True, exist_ok=True)
+            target.write_bytes(content)
+
+    def _sync_from_disk(self) -> None:
+        """Sync temp directory contents back to virtual filesystem."""
+        # Walk the temp directory and update virtual FS
+        for root, dirs, files in os.walk(self.temp_dir):
+            rel_root = Path(root).relative_to(self.temp_dir)
+
+            # Create directories in virtual FS
+            for d in dirs:
+                vpath = f"/workspace/{rel_root / d}" if str(rel_root) != "." else f"/workspace/{d}"
+                vpath = vpath.replace("//", "/")
+                try:
+                    self.fs.mkdir(vpath, parents=True, exist_ok=True)
+                except Exception:
+                    pass
+
+            # Copy files to virtual FS
+            for f in files:
+                file_path = Path(root) / f
+                vpath = f"/workspace/{rel_root / f}" if str(rel_root) != "." else f"/workspace/{f}"
+                vpath = vpath.replace("//", "/")
+
+                try:
+                    content = file_path.read_bytes()
+                    # Ensure parent exists
+                    parent = "/".join(vpath.split("/")[:-1])
+                    if parent:
+                        self.fs.mkdir(parent, parents=True, exist_ok=True)
+                    self.fs.write_bytes(vpath, content)
+                except Exception:
+                    pass
+
+        # Remove files from virtual FS that no longer exist on disk
+        existing_files = set()
+        for root, _, files in os.walk(self.temp_dir):
+            rel_root = Path(root).relative_to(self.temp_dir)
+            for f in files:
+                vpath = f"/workspace/{rel_root / f}" if str(rel_root) != "." else f"/workspace/{f}"
+                existing_files.add(vpath.replace("//", "/"))
+
+        # Get list of files to remove (avoid modifying dict during iteration)
+        to_remove = []
+        for vpath in list(self.fs._files.keys()):
+            if vpath.startswith("/workspace/") and vpath not in existing_files:
+                # Skip .canvas directory
+                if not vpath.startswith("/workspace/.canvas"):
+                    to_remove.append(vpath)
+
+        for vpath in to_remove:
+            try:
+                self.fs.unlink(vpath, missing_ok=True)
+            except Exception:
+                pass
+
+    def execute(
+        self,
+        command: str,
+        timeout: int = 60,
+        env: Optional[Dict[str, str]] = None
+    ) -> Dict[str, Any]:
+        """Execute a bash command in the sandbox.
+
+        Args:
+            command: The bash command to execute
+            timeout: Maximum execution time in seconds
+            env: Additional environment variables
+
+        Returns:
+            Dict with stdout, stderr, return_code, status
+        """
+        if self._sandbox_backend is None:
+            return {
+                "stdout": "",
+                "stderr": "No sandbox available. Install bubblewrap (bwrap) or Docker.",
+                "return_code": 1,
+                "status": "error"
+            }
+
+        # Sync virtual FS to disk before execution
+        self._sync_to_disk()
+
+        try:
+            if self._sandbox_backend == "bubblewrap":
+                result = self._execute_bubblewrap(command, timeout, env)
+            else:
+                result = self._execute_docker(command, timeout, env)
+
+            # Sync changes back to virtual FS after execution
+            self._sync_from_disk()
+
+            return result
+
+        except subprocess.TimeoutExpired:
+            return {
+                "stdout": "",
+                "stderr": f"Command timed out after {timeout} seconds",
+                "return_code": 124,
+                "status": "error"
+            }
+        except Exception as e:
+            return {
+                "stdout": "",
+                "stderr": str(e),
+                "return_code": 1,
+                "status": "error"
+            }
+
+    def _execute_bubblewrap(
+        self,
+        command: str,
+        timeout: int,
+        env: Optional[Dict[str, str]] = None
+    ) -> Dict[str, Any]:
+        """Execute command using bubblewrap sandbox."""
+        # Build bubblewrap command
+        bwrap_cmd = [
+            "bwrap",
+        ]
+
+        # Mount system directories read-only (only if they exist)
+        # Different distros have different layouts (e.g., Debian doesn't have /lib64)
+        system_dirs = ["/usr", "/lib", "/lib64", "/bin", "/sbin", "/etc"]
+        for sysdir in system_dirs:
+            if Path(sysdir).exists():
+                bwrap_cmd.extend(["--ro-bind", sysdir, sysdir])
+
+        # Mount workspace read-write
+        bwrap_cmd.extend([
+            "--bind", str(self.temp_dir), "/workspace",
+            # Create minimal /tmp
+            "--tmpfs", "/tmp",
+            # Create /dev with minimal devices
+            "--dev", "/dev",
+            # Create /proc (needed by some tools)
+            "--proc", "/proc",
+            # Isolate network
+            "--unshare-net",
+            # Isolate PID namespace
+            "--unshare-pid",
+            # Set working directory
+            "--chdir", "/workspace",
+            # Clear environment and set minimal
+            "--clearenv",
+            "--setenv", "PATH", "/usr/local/bin:/usr/bin:/bin",
+            "--setenv", "HOME", "/workspace",
+            "--setenv", "TERM", "xterm-256color",
+        ])
+
+        # Add custom environment variables
+        if env:
+            for key, value in env.items():
+                bwrap_cmd.extend(["--setenv", key, value])
+
+        # Add the actual command
+        bwrap_cmd.extend(["--", "/bin/bash", "-c", command])
+
+        # Execute
+        result = subprocess.run(
+            bwrap_cmd,
+            capture_output=True,
+            timeout=timeout,
+            text=True
+        )
+
+        return {
+            "stdout": result.stdout,
+            "stderr": result.stderr,
+            "return_code": result.returncode,
+            "status": "success" if result.returncode == 0 else "error"
+        }
+
+    def _execute_docker(
+        self,
+        command: str,
+        timeout: int,
+        env: Optional[Dict[str, str]] = None
+    ) -> Dict[str, Any]:
+        """Execute command using Docker container."""
+        docker_cmd = [
+            "docker", "run",
+            "--rm",
+            "--network", "none",  # No network access
+            "--memory", "512m",  # Memory limit
+            "--cpus", "1",  # CPU limit
+            "-v", f"{self.temp_dir}:/workspace",
+            "-w", "/workspace",
+        ]
+
+        # Add environment variables
+        if env:
+            for key, value in env.items():
+                docker_cmd.extend(["-e", f"{key}={value}"])
+
+        # Use a minimal Python image (widely available)
+        docker_cmd.extend([
+            "python:3.11-slim",
+            "/bin/bash", "-c", command
+        ])
+
+        # Execute
+        result = subprocess.run(
+            docker_cmd,
+            capture_output=True,
+            timeout=timeout,
+            text=True
+        )
+
+        return {
+            "stdout": result.stdout,
+            "stderr": result.stderr,
+            "return_code": result.returncode,
+            "status": "success" if result.returncode == 0 else "error"
+        }
+
+    def cleanup(self) -> None:
+        """Clean up the temp directory for this session."""
+        if self._temp_dir and self._temp_dir.exists():
+            try:
+                shutil.rmtree(self._temp_dir)
+            except Exception:
+                pass
+            self._temp_dir = None
+
+
+# Session executor cache
+_session_executors: Dict[str, SandboxedBashExecutor] = {}
+
+
+def get_executor_for_session(
+    session_id: str,
+    fs: VirtualFilesystem
+) -> SandboxedBashExecutor:
+    """Get or create a sandboxed executor for a session.
+
+    Args:
+        session_id: The session identifier
+        fs: The VirtualFilesystem for this session
+
+    Returns:
+        SandboxedBashExecutor instance
+    """
+    if session_id not in _session_executors:
+        _session_executors[session_id] = SandboxedBashExecutor(fs, session_id)
+    return _session_executors[session_id]
+
+
+def cleanup_session_executor(session_id: str) -> None:
+    """Clean up executor for a session."""
+    if session_id in _session_executors:
+        _session_executors[session_id].cleanup()
+        del _session_executors[session_id]