PyPI - moonbridge - Versions diffs - 0.6.0__tar.gz → 0.8.0__tar.gz - Mend

moonbridge 0.6.0tar.gz → 0.8.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

moonbridge-0.8.0/.release-please-manifest.json ADDED Viewed

@@ -0,0 +1,3 @@
+{
+  ".": "0.8.0"
+}

{moonbridge-0.6.0 → moonbridge-0.8.0}/CHANGELOG.md RENAMED Viewed

@@ -5,6 +5,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [0.8.0](https://github.com/misty-step/moonbridge/compare/moonbridge-v0.7.0...moonbridge-v0.8.0) (2026-02-06)
+### Features
+* add gpt-5.3-codex to known models ([#81](https://github.com/misty-step/moonbridge/issues/81)) ([7f16b5d](https://github.com/misty-step/moonbridge/commit/7f16b5dc0c0aa0f0aa7a40e99856a87c8ba49c2c))
+## [0.7.0](https://github.com/misty-step/moonbridge/compare/moonbridge-v0.6.0...moonbridge-v0.7.0) (2026-02-05)
+### Features
+* add copy-on-run sandbox mode for agent execution ([#70](https://github.com/misty-step/moonbridge/issues/70)) ([0ae67bb](https://github.com/misty-step/moonbridge/commit/0ae67bb70ed9698791d2604074163f4d1ba3b1bc))
 ## [0.6.0](https://github.com/misty-step/moonbridge/compare/moonbridge-v0.5.2...moonbridge-v0.6.0) (2026-02-03)

{moonbridge-0.6.0 → moonbridge-0.8.0}/CLAUDE.md RENAMED Viewed

@@ -33,6 +33,7 @@ uv build                     # Build package
 ```
 src/moonbridge/
 ├── server.py          # MCP server implementation, tool handlers, process management
+├── sandbox.py         # Copy-on-run sandbox + diff utilities
 ├── version_check.py   # Update notification (24h cache)
 └── adapters/
     ├── base.py        # CLIAdapter protocol and AdapterConfig dataclass

moonbridge-0.8.0/CONTRIBUTING.md ADDED Viewed

@@ -0,0 +1,40 @@
+# Contributing
+## Development Setup
+- Python 3.11+
+- Dependency manager: `uv`
+- Install: `uv sync --dev`
+- Build backend: hatchling (see `pyproject.toml`)
+## Running Tests
+- All tests: `pytest -v`
+- Single file: `pytest tests/test_server.py -v`
+- Single test: `pytest tests/test_server.py::test_spawn_agent -v`
+- Tests mock `subprocess` and `shutil`; no real CLI needed
+## Code Quality
+- Lint: `ruff check src/` (rules: E, F, I, UP, B, SIM)
+- Types: `mypy src/` (strict mode)
+- Line length: 100
+- Target Python: 3.11
+## Commit Conventions
+- Conventional commits: `feat:`, `fix:`, `refactor:`, `docs:`, `chore:`, `test:`
+- Scope optional: `fix(ci):`, `feat(adapter):`
+- Issue refs: `(#N)` suffix
+- Examples:
+  - `feat: add copy-on-run sandbox mode for agent execution (#70)`
+  - `fix: handle ProcessLookupError on SIGKILL path (#58)`
+  - `refactor: extract tool schemas to dedicated module (#60)`
+## Pull Requests
+- Branch from `master`
+- CI runs on Python 3.11, 3.12, 3.13
+- CI runs `ruff`, `mypy`, `pytest`
+- Releases handled by release-please
+## Architecture Overview
+Moonbridge uses a protocol-based adapter pattern via `CLIAdapter` in `adapters/base.py`.
+Each adapter implements `build_command()` and `check_installed()` for consistent CLI calls.
+The MCP server lives in `server.py` and owns protocol handling plus process lifecycle.
+Deeper architecture notes live in `CLAUDE.md`.

{moonbridge-0.6.0 → moonbridge-0.8.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: moonbridge
-Version: 0.6.0
+Version: 0.8.0
 Summary: MCP server for spawning AI coding agents (Kimi, Codex, and more)
 Project-URL: Homepage, https://github.com/misty-step/moonbridge
 Project-URL: Repository, https://github.com/misty-step/moonbridge
@@ -151,6 +151,7 @@ All tools return JSON with these fields:
 | `duration_ms` | int | Execution time in milliseconds |
 | `agent_index` | int | Agent index (0 for single, 0-N for parallel) |
 | `message` | string? | Human-readable error context (when applicable) |
+| `raw` | object? | Optional structured metadata (e.g., sandbox diff) |
 ## Configuration
@@ -163,6 +164,10 @@ All tools return JSON with these fields:
 | `MOONBRIDGE_MAX_AGENTS` | Maximum parallel agents |
 | `MOONBRIDGE_ALLOWED_DIRS` | Colon-separated allowlist of working directories |
 | `MOONBRIDGE_STRICT` | Set to `1` to require `ALLOWED_DIRS` (exits if unset) |
+| `MOONBRIDGE_SANDBOX` | Set to `1` to run agents in a temp copy of cwd |
+| `MOONBRIDGE_SANDBOX_KEEP` | Set to `1` to keep sandbox dir for inspection |
+| `MOONBRIDGE_SANDBOX_MAX_DIFF` | Max diff size in bytes (default 500000) |
+| `MOONBRIDGE_SANDBOX_MAX_COPY` | Max sandbox copy size in bytes (default 500MB) |
 | `MOONBRIDGE_LOG_LEVEL` | Set to `DEBUG` for verbose logging |
 ## Troubleshooting
@@ -229,6 +234,29 @@ By default, Moonbridge warns at startup if no directory restrictions are configu
 export MOONBRIDGE_ALLOWED_DIRS="/path/to/project:/another/path"
 ```
+## Sandbox Mode (Copy-on-Run)
+Enable sandbox mode to run agents in a temporary copy of the working directory:
+```bash
+export MOONBRIDGE_SANDBOX=1
+```
+When enabled:
+- Agents run in a temp copy of `cwd`.
+- Host files stay unchanged by default.
+- A unified diff + summary is included in `raw.sandbox`.
+Optional:
+```bash
+export MOONBRIDGE_SANDBOX_KEEP=1       # keep temp dir
+export MOONBRIDGE_SANDBOX_MAX_DIFF=200000
+export MOONBRIDGE_SANDBOX_MAX_COPY=300000000
+```
+Limitations: this is not OS-level isolation. Agents can still read/write arbitrary host paths if they choose to. Use containers/VMs for strong isolation.
 To enforce restrictions (exit instead of warn):
 ```bash

{moonbridge-0.6.0 → moonbridge-0.8.0}/README.md RENAMED Viewed

@@ -122,6 +122,7 @@ All tools return JSON with these fields:
 | `duration_ms` | int | Execution time in milliseconds |
 | `agent_index` | int | Agent index (0 for single, 0-N for parallel) |
 | `message` | string? | Human-readable error context (when applicable) |
+| `raw` | object? | Optional structured metadata (e.g., sandbox diff) |
 ## Configuration
@@ -134,6 +135,10 @@ All tools return JSON with these fields:
 | `MOONBRIDGE_MAX_AGENTS` | Maximum parallel agents |
 | `MOONBRIDGE_ALLOWED_DIRS` | Colon-separated allowlist of working directories |
 | `MOONBRIDGE_STRICT` | Set to `1` to require `ALLOWED_DIRS` (exits if unset) |
+| `MOONBRIDGE_SANDBOX` | Set to `1` to run agents in a temp copy of cwd |
+| `MOONBRIDGE_SANDBOX_KEEP` | Set to `1` to keep sandbox dir for inspection |
+| `MOONBRIDGE_SANDBOX_MAX_DIFF` | Max diff size in bytes (default 500000) |
+| `MOONBRIDGE_SANDBOX_MAX_COPY` | Max sandbox copy size in bytes (default 500MB) |
 | `MOONBRIDGE_LOG_LEVEL` | Set to `DEBUG` for verbose logging |
 ## Troubleshooting
@@ -200,6 +205,29 @@ By default, Moonbridge warns at startup if no directory restrictions are configu
 export MOONBRIDGE_ALLOWED_DIRS="/path/to/project:/another/path"
 ```
+## Sandbox Mode (Copy-on-Run)
+Enable sandbox mode to run agents in a temporary copy of the working directory:
+```bash
+export MOONBRIDGE_SANDBOX=1
+```
+When enabled:
+- Agents run in a temp copy of `cwd`.
+- Host files stay unchanged by default.
+- A unified diff + summary is included in `raw.sandbox`.
+Optional:
+```bash
+export MOONBRIDGE_SANDBOX_KEEP=1       # keep temp dir
+export MOONBRIDGE_SANDBOX_MAX_DIFF=200000
+export MOONBRIDGE_SANDBOX_MAX_COPY=300000000
+```
+Limitations: this is not OS-level isolation. Agents can still read/write arbitrary host paths if they choose to. Use containers/VMs for strong isolation.
 To enforce restrictions (exit instead of warn):
 ```bash

{moonbridge-0.6.0 → moonbridge-0.8.0}/src/moonbridge/__init__.py RENAMED Viewed

@@ -2,7 +2,7 @@
 from __future__ import annotations
-__version__ = "0.6.0"
+__version__ = "0.8.0"
 from .server import main, run, server

{moonbridge-0.6.0 → moonbridge-0.8.0}/src/moonbridge/adapters/codex.py RENAMED Viewed

@@ -50,6 +50,7 @@ class CodexAdapter:
         install_hint="See https://github.com/openai/codex",
         supports_thinking=False,
         known_models=(
+            "gpt-5.3-codex",
             "gpt-5.2-codex",
             "gpt-5.1-codex",
             "gpt-5.1-codex-mini",

moonbridge-0.8.0/src/moonbridge/sandbox.py ADDED Viewed

@@ -0,0 +1,252 @@
+"""Copy-on-run sandbox for agent execution."""
+from __future__ import annotations
+import difflib
+import os
+import shutil
+import tempfile
+import time
+from collections.abc import Callable, Iterator
+from dataclasses import dataclass, replace
+from pathlib import Path
+from moonbridge.adapters.base import AgentResult
+SANDBOX_IGNORE_DIRS = {
+    ".git",
+    ".venv",
+    ".tox",
+    "__pycache__",
+    ".mypy_cache",
+    ".pytest_cache",
+    ".ruff_cache",
+    "node_modules",
+    "dist",
+    "build",
+}
+SANDBOX_IGNORE_FILES = {".DS_Store"}
+MAX_COPY_BYTES = 500 * 1024 * 1024
+@dataclass(frozen=True)
+class SandboxResult:
+    diff: str
+    summary: dict[str, int]
+    truncated: bool
+    sandbox_path: str | None
+def _should_ignore(name: str) -> bool:
+    if name in SANDBOX_IGNORE_DIRS:
+        return True
+    if name in SANDBOX_IGNORE_FILES:
+        return True
+    return name.endswith((".pyc", ".pyo"))
+def _ignore_names(_dirpath: str, names: list[str]) -> set[str]:
+    return {name for name in names if _should_ignore(name)}
+def _filtered_walk(root: str) -> Iterator[tuple[str, list[str], list[str]]]:
+    for dirpath, dirnames, filenames in os.walk(root):
+        dirnames[:] = [d for d in dirnames if not _should_ignore(d)]
+        filenames = [f for f in filenames if not _should_ignore(f)]
+        yield dirpath, dirnames, filenames
+def _collect_files(root: str) -> set[str]:
+    files: set[str] = set()
+    for dirpath, _dirnames, filenames in _filtered_walk(root):
+        rel_dir = os.path.relpath(dirpath, root)
+        for filename in filenames:
+            rel_path = filename if rel_dir == "." else os.path.join(rel_dir, filename)
+            files.add(rel_path)
+    return files
+def _read_text(path: str) -> str | None:
+    data = Path(path).read_bytes()
+    try:
+        return data.decode("utf-8")
+    except UnicodeDecodeError:
+        return None
+def _diff_trees(
+    original: str,
+    sandbox: str,
+    max_bytes: int,
+) -> tuple[str, dict[str, int], bool]:
+    original_files = _collect_files(original)
+    sandbox_files = _collect_files(sandbox)
+    all_files = sorted(original_files | sandbox_files)
+    diff_chunks: list[str] = []
+    size = 0
+    truncated = False
+    summary = {"added": 0, "modified": 0, "deleted": 0, "binary": 0}
+    def append_chunk(chunk: str) -> None:
+        nonlocal size, truncated
+        if truncated or not chunk:
+            return
+        remaining = max_bytes - size
+        if remaining <= 0:
+            truncated = True
+            return
+        if len(chunk) > remaining:
+            diff_chunks.append(chunk[:remaining])
+            truncated = True
+            size = max_bytes
+            return
+        diff_chunks.append(chunk)
+        size += len(chunk)
+    for rel_path in all_files:
+        original_path = os.path.join(original, rel_path)
+        sandbox_path = os.path.join(sandbox, rel_path)
+        original_exists = os.path.exists(original_path)
+        sandbox_exists = os.path.exists(sandbox_path)
+        if not original_exists and sandbox_exists:
+            summary["added"] += 1
+            sandbox_text = _read_text(sandbox_path)
+            if sandbox_text is None:
+                summary["binary"] += 1
+                append_chunk(f"Binary files /dev/null and b/{rel_path} differ\n")
+                continue
+            diff = difflib.unified_diff(
+                [],
+                sandbox_text.splitlines(keepends=True),
+                fromfile="/dev/null",
+                tofile=f"b/{rel_path}",
+            )
+            append_chunk("".join(diff))
+            continue
+        if original_exists and not sandbox_exists:
+            summary["deleted"] += 1
+            original_text = _read_text(original_path)
+            if original_text is None:
+                summary["binary"] += 1
+                append_chunk(f"Binary files a/{rel_path} and /dev/null differ\n")
+                continue
+            diff = difflib.unified_diff(
+                original_text.splitlines(keepends=True),
+                [],
+                fromfile=f"a/{rel_path}",
+                tofile="/dev/null",
+            )
+            append_chunk("".join(diff))
+            continue
+        if not original_exists or not sandbox_exists:
+            continue
+        original_bytes = Path(original_path).read_bytes()
+        sandbox_bytes = Path(sandbox_path).read_bytes()
+        if original_bytes == sandbox_bytes:
+            continue
+        original_text = None
+        sandbox_text = None
+        try:
+            original_text = original_bytes.decode("utf-8")
+            sandbox_text = sandbox_bytes.decode("utf-8")
+        except UnicodeDecodeError:
+            summary["binary"] += 1
+            append_chunk(f"Binary files a/{rel_path} and b/{rel_path} differ\n")
+            continue
+        summary["modified"] += 1
+        diff = difflib.unified_diff(
+            original_text.splitlines(keepends=True),
+            sandbox_text.splitlines(keepends=True),
+            fromfile=f"a/{rel_path}",
+            tofile=f"b/{rel_path}",
+        )
+        append_chunk("".join(diff))
+    if truncated:
+        diff_chunks.append("\n... diff truncated ...\n")
+    return ("".join(diff_chunks), summary, truncated)
+def _estimate_copy_size(root: str, max_bytes: int) -> int:
+    total = 0
+    for dirpath, _dirnames, filenames in _filtered_walk(root):
+        for filename in filenames:
+            path = os.path.join(dirpath, filename)
+            total += os.path.getsize(path)
+            if total > max_bytes:
+                return total
+    return total
+def _agent_index(fn: Callable[[str], AgentResult]) -> int:
+    value = getattr(fn, "agent_index", 0)
+    return value if isinstance(value, int) else 0
+def run_sandboxed(
+    fn: Callable[[str], AgentResult],
+    cwd: str,
+    *,
+    max_diff_bytes: int = 500_000,
+    max_copy_bytes: int = MAX_COPY_BYTES,
+    keep: bool = False,
+) -> tuple[AgentResult, SandboxResult | None]:
+    """Run fn in a copy of cwd. Returns (agent_result, sandbox_result).
+    On sandbox infrastructure error, returns (error_result, None).
+    """
+    start = time.monotonic()
+    sandbox_root: str | None = None
+    agent_index = _agent_index(fn)
+    def error_result(reason: str) -> AgentResult:
+        duration_ms = int((time.monotonic() - start) * 1000)
+        return AgentResult(
+            status="error",
+            output="",
+            stderr=f"sandbox error: {reason}",
+            returncode=-1,
+            duration_ms=duration_ms,
+            agent_index=agent_index,
+        )
+    try:
+        total_bytes = _estimate_copy_size(cwd, max_copy_bytes)
+        if total_bytes > max_copy_bytes:
+            return error_result(
+                f"copy size {total_bytes} exceeds max {max_copy_bytes}"
+            ), None
+        sandbox_root = tempfile.mkdtemp(prefix="moonbridge-sandbox-")
+        sandbox_cwd = os.path.join(sandbox_root, "workspace")
+        shutil.copytree(cwd, sandbox_cwd, symlinks=False, ignore=_ignore_names)
+        result = fn(sandbox_cwd)
+        try:
+            diff, summary, truncated = _diff_trees(cwd, sandbox_cwd, max_diff_bytes)
+            sandbox_result = SandboxResult(
+                diff=diff,
+                summary=summary,
+                truncated=truncated,
+                sandbox_path=sandbox_root if keep else None,
+            )
+            return result, sandbox_result
+        except Exception as exc:
+            raw = dict(result.raw or {})
+            sandbox_payload: dict[str, object] = {"enabled": True, "error": str(exc)}
+            if keep:
+                sandbox_payload["path"] = sandbox_root
+            raw["sandbox"] = sandbox_payload
+            return replace(result, raw=raw), None
+    except Exception as exc:
+        return error_result(str(exc)), None
+    finally:
+        if not keep and sandbox_root:
+            shutil.rmtree(sandbox_root, ignore_errors=True)

{moonbridge-0.6.0 → moonbridge-0.8.0}/src/moonbridge/server.py RENAMED Viewed

@@ -11,6 +11,7 @@ import signal
 import sys
 import time
 import weakref
+from dataclasses import replace
 from subprocess import PIPE, Popen, TimeoutExpired
 from typing import Any
@@ -36,6 +37,17 @@ ALLOWED_DIRS = [
     if path
 ]
 MAX_PROMPT_LENGTH = 100_000
+_SANDBOX_ENV = os.environ.get("MOONBRIDGE_SANDBOX", "").strip().lower()
+SANDBOX_MODE = _SANDBOX_ENV in {"1", "true", "yes", "copy"}
+SANDBOX_KEEP = os.environ.get("MOONBRIDGE_SANDBOX_KEEP", "").strip().lower() in {
+    "1",
+    "true",
+    "yes",
+}
+SANDBOX_MAX_DIFF_BYTES = int(os.environ.get("MOONBRIDGE_SANDBOX_MAX_DIFF", "500000"))
+SANDBOX_MAX_COPY_BYTES = int(
+    os.environ.get("MOONBRIDGE_SANDBOX_MAX_COPY", str(500 * 1024 * 1024))
+)
 _active_processes: set[weakref.ref[Popen[str]]] = set()
@@ -194,6 +206,53 @@ def _auth_error(stderr: str | None, adapter: CLIAdapter) -> bool:
     return any(pattern in lowered for pattern in adapter.config.auth_patterns)
+def _run_cli_sandboxed(
+    adapter: CLIAdapter,
+    prompt: str,
+    thinking: bool,
+    cwd: str,
+    timeout_seconds: int,
+    agent_index: int,
+    model: str | None = None,
+    reasoning_effort: str | None = None,
+) -> AgentResult:
+    from moonbridge.sandbox import run_sandboxed
+    def run_agent(sandbox_cwd: str) -> AgentResult:
+        return _run_cli_sync(
+            adapter,
+            prompt,
+            thinking,
+            sandbox_cwd,
+            timeout_seconds,
+            agent_index,
+            model,
+            reasoning_effort,
+        )
+    run_agent.agent_index = agent_index  # type: ignore[attr-defined]
+    result, sandbox_result = run_sandboxed(
+        run_agent,
+        cwd,
+        max_diff_bytes=SANDBOX_MAX_DIFF_BYTES,
+        max_copy_bytes=SANDBOX_MAX_COPY_BYTES,
+        keep=SANDBOX_KEEP,
+    )
+    if sandbox_result:
+        raw = dict(result.raw or {})
+        raw["sandbox"] = {
+            "enabled": True,
+            "summary": sandbox_result.summary,
+            "diff": sandbox_result.diff,
+            "truncated": sandbox_result.truncated,
+        }
+        if sandbox_result.sandbox_path:
+            raw["sandbox"]["path"] = sandbox_result.sandbox_path
+        return replace(result, raw=raw)
+    return result
 def _run_cli_sync(
     adapter: CLIAdapter,
     prompt: str,
@@ -304,6 +363,39 @@ def _run_cli_sync(
         _untrack_process(proc)
+def _run_cli(
+    adapter: CLIAdapter,
+    prompt: str,
+    thinking: bool,
+    cwd: str,
+    timeout_seconds: int,
+    agent_index: int,
+    model: str | None = None,
+    reasoning_effort: str | None = None,
+) -> AgentResult:
+    if SANDBOX_MODE:
+        return _run_cli_sandboxed(
+            adapter,
+            prompt,
+            thinking,
+            cwd,
+            timeout_seconds,
+            agent_index,
+            model,
+            reasoning_effort,
+        )
+    return _run_cli_sync(
+        adapter,
+        prompt,
+        thinking,
+        cwd,
+        timeout_seconds,
+        agent_index,
+        model,
+        reasoning_effort,
+    )
 def _json_text(payload: Any) -> list[TextContent]:
     return [TextContent(type="text", text=json.dumps(payload, ensure_ascii=True))]
@@ -378,7 +470,7 @@ async def handle_tool(name: str, arguments: dict[str, Any]) -> list[TextContent]
             try:
                 result = await loop.run_in_executor(
                     None,
-                    _run_cli_sync,
+                    _run_cli,
                     adapter,
                     prompt,
                     thinking,
@@ -416,7 +508,7 @@ async def handle_tool(name: str, arguments: dict[str, Any]) -> list[TextContent]
                 tasks.append(
                     loop.run_in_executor(
                         None,
-                        _run_cli_sync,
+                        _run_cli,
                         adapter,
                         prompt,
                         thinking,

moonbridge-0.8.0/tests/test_sandbox.py ADDED Viewed

@@ -0,0 +1,221 @@
+import importlib
+from pathlib import Path
+from typing import Any
+import pytest
+from moonbridge.adapters.base import AgentResult
+sandbox_module = importlib.import_module("moonbridge.sandbox")
+def _success_result(agent_index: int = 0) -> AgentResult:
+    return AgentResult(
+        status="success",
+        output="ok",
+        stderr=None,
+        returncode=0,
+        duration_ms=1,
+        agent_index=agent_index,
+    )
+def test_diff_trees_no_changes(tmp_path: Path) -> None:
+    original = tmp_path / "original"
+    sandbox = tmp_path / "sandbox"
+    original.mkdir()
+    sandbox.mkdir()
+    (original / "a.txt").write_text("same", encoding="utf-8")
+    (sandbox / "a.txt").write_text("same", encoding="utf-8")
+    diff, summary, truncated = sandbox_module._diff_trees(
+        str(original), str(sandbox), 500_000
+    )
+    assert diff == ""
+    assert summary == {"added": 0, "modified": 0, "deleted": 0, "binary": 0}
+    assert truncated is False
+def test_diff_trees_truncation(tmp_path: Path) -> None:
+    original = tmp_path / "original"
+    sandbox = tmp_path / "sandbox"
+    original.mkdir()
+    sandbox.mkdir()
+    (sandbox / "big.txt").write_text("x" * 1000, encoding="utf-8")
+    diff, summary, truncated = sandbox_module._diff_trees(str(original), str(sandbox), 50)
+    assert truncated is True
+    assert "... diff truncated ..." in diff
+    assert summary["added"] == 1
+def test_diff_trees_binary_file(tmp_path: Path) -> None:
+    original = tmp_path / "original"
+    sandbox = tmp_path / "sandbox"
+    original.mkdir()
+    sandbox.mkdir()
+    (sandbox / "img.bin").write_bytes(b"\x89PNG\r\n\x1a\n\x00\x80\xff")
+    diff, summary, truncated = sandbox_module._diff_trees(
+        str(original), str(sandbox), 500_000
+    )
+    assert summary["added"] == 1
+    assert summary["binary"] == 1
+    assert "Binary files" in diff
+    assert truncated is False
+def test_run_sandboxed_keep_preserves_dir(
+    monkeypatch: Any,
+    tmp_path: Path,
+) -> None:
+    workspace = tmp_path / "workspace"
+    workspace.mkdir()
+    (workspace / "keep.txt").write_text("keep", encoding="utf-8")
+    sandbox_root = tmp_path / "sandbox"
+    def fake_mkdtemp(*_args: Any, **_kwargs: Any) -> str:
+        sandbox_root.mkdir()
+        return str(sandbox_root)
+    monkeypatch.setattr(sandbox_module.tempfile, "mkdtemp", fake_mkdtemp)
+    result, sandbox_result = sandbox_module.run_sandboxed(
+        lambda _cwd: _success_result(),
+        str(workspace),
+        keep=True,
+    )
+    assert result.status == "success"
+    assert sandbox_result is not None
+    assert sandbox_result.sandbox_path == str(sandbox_root)
+    assert sandbox_root.exists()
+def test_run_sandboxed_cleanup_on_success(
+    monkeypatch: Any,
+    tmp_path: Path,
+) -> None:
+    workspace = tmp_path / "workspace"
+    workspace.mkdir()
+    (workspace / "keep.txt").write_text("keep", encoding="utf-8")
+    sandbox_root = tmp_path / "sandbox"
+    def fake_mkdtemp(*_args: Any, **_kwargs: Any) -> str:
+        sandbox_root.mkdir()
+        return str(sandbox_root)
+    monkeypatch.setattr(sandbox_module.tempfile, "mkdtemp", fake_mkdtemp)
+    result, sandbox_result = sandbox_module.run_sandboxed(
+        lambda _cwd: _success_result(),
+        str(workspace),
+        keep=False,
+    )
+    assert result.status == "success"
+    assert sandbox_result is not None
+    assert not sandbox_root.exists()
+def test_run_sandboxed_cleanup_on_error(
+    monkeypatch: Any,
+    tmp_path: Path,
+) -> None:
+    workspace = tmp_path / "workspace"
+    workspace.mkdir()
+    (workspace / "keep.txt").write_text("keep", encoding="utf-8")
+    sandbox_root = tmp_path / "sandbox"
+    def fake_mkdtemp(*_args: Any, **_kwargs: Any) -> str:
+        sandbox_root.mkdir()
+        return str(sandbox_root)
+    monkeypatch.setattr(sandbox_module.tempfile, "mkdtemp", fake_mkdtemp)
+    def boom(_cwd: str) -> AgentResult:
+        raise RuntimeError("boom")
+    result, sandbox_result = sandbox_module.run_sandboxed(boom, str(workspace))
+    assert result.status == "error"
+    assert sandbox_result is None
+    assert not sandbox_root.exists()
+def test_diff_failure_returns_error_in_sandbox(
+    monkeypatch: Any,
+    tmp_path: Path,
+) -> None:
+    workspace = tmp_path / "workspace"
+    workspace.mkdir()
+    (workspace / "keep.txt").write_text("keep", encoding="utf-8")
+    def raise_diff(*_args: Any, **_kwargs: Any) -> Any:
+        raise RuntimeError("boom")
+    monkeypatch.setattr(sandbox_module, "_diff_trees", raise_diff)
+    result, sandbox_result = sandbox_module.run_sandboxed(
+        lambda _cwd: _success_result(),
+        str(workspace),
+    )
+    assert result.status == "success"
+    assert sandbox_result is None
+    assert result.raw is not None
+    assert "sandbox" in result.raw
+    assert "error" in result.raw["sandbox"]
+def test_max_copy_size_exceeded(
+    monkeypatch: Any,
+    tmp_path: Path,
+) -> None:
+    workspace = tmp_path / "workspace"
+    workspace.mkdir()
+    (workspace / "big.txt").write_bytes(b"x" * 20)
+    def no_copy(*_args: Any, **_kwargs: Any) -> Any:
+        raise AssertionError("copy should not start")
+    monkeypatch.setattr(sandbox_module.tempfile, "mkdtemp", no_copy)
+    def should_not_run(_cwd: str) -> AgentResult:
+        raise AssertionError("agent should not run")
+    result, sandbox_result = sandbox_module.run_sandboxed(
+        should_not_run,
+        str(workspace),
+        max_copy_bytes=10,
+    )
+    assert result.status == "error"
+    assert result.stderr
+    assert "exceeds max" in result.stderr
+    assert sandbox_result is None
+def test_ignore_patterns_unified(tmp_path: Path) -> None:
+    workspace = tmp_path / "workspace"
+    workspace.mkdir()
+    (workspace / ".DS_Store").write_text("ignored", encoding="utf-8")
+    def run_agent(sandbox_cwd: str) -> AgentResult:
+        sandbox_path = Path(sandbox_cwd)
+        assert not sandbox_path.joinpath(".DS_Store").exists()
+        sandbox_path.joinpath(".DS_Store").write_text("new", encoding="utf-8")
+        return _success_result()
+    result, sandbox_result = sandbox_module.run_sandboxed(run_agent, str(workspace))
+    assert result.status == "success"
+    assert sandbox_result is not None
+    assert sandbox_result.diff == ""
+    assert sandbox_result.summary == {"added": 0, "modified": 0, "deleted": 0, "binary": 0}

{moonbridge-0.6.0 → moonbridge-0.8.0}/tests/test_server.py RENAMED Viewed

@@ -6,6 +6,7 @@ import os
 import threading
 import time
 from collections.abc import Iterator
+from pathlib import Path
 from subprocess import Popen, TimeoutExpired
 from typing import Any
 from unittest.mock import MagicMock, call
@@ -599,6 +600,137 @@ def test_validate_cwd_traversal_attempt(monkeypatch: Any, tmp_path: Any) -> None
         server_module._validate_cwd(traversal)
+def test_run_cli_sandboxed_diff_and_preserves_host(
+    monkeypatch: Any,
+    tmp_path: Any,
+) -> None:
+    from moonbridge.adapters import get_adapter
+    workspace = tmp_path / "workspace"
+    workspace.mkdir()
+    (workspace / "keep.txt").write_text("keep", encoding="utf-8")
+    (workspace / "edit.txt").write_text("old", encoding="utf-8")
+    (workspace / "remove.txt").write_text("bye", encoding="utf-8")
+    def fake_run_cli_sync(
+        adapter: Any,
+        prompt: str,
+        thinking: bool,
+        cwd: str,
+        timeout_seconds: int,
+        agent_index: int,
+        model: str | None = None,
+        reasoning_effort: str | None = None,
+    ) -> AgentResult:
+        sandbox_cwd = Path(cwd)
+        (sandbox_cwd / "edit.txt").write_text("new", encoding="utf-8")
+        (sandbox_cwd / "add.txt").write_text("added", encoding="utf-8")
+        (sandbox_cwd / "remove.txt").unlink()
+        return AgentResult(
+            status="success",
+            output="ok",
+            stderr=None,
+            returncode=0,
+            duration_ms=1,
+            agent_index=agent_index,
+        )
+    monkeypatch.setattr(server_module, "_run_cli_sync", fake_run_cli_sync)
+    adapter = get_adapter("kimi")
+    result = server_module._run_cli_sandboxed(
+        adapter,
+        "prompt",
+        False,
+        str(workspace),
+        60,
+        0,
+        None,
+        None,
+    )
+    sandbox = result.raw["sandbox"]
+    assert sandbox["summary"]["added"] == 1
+    assert sandbox["summary"]["modified"] == 1
+    assert sandbox["summary"]["deleted"] == 1
+    assert "edit.txt" in sandbox["diff"]
+    assert (workspace / "edit.txt").read_text(encoding="utf-8") == "old"
+    assert not (workspace / "add.txt").exists()
+    assert (workspace / "remove.txt").exists()
+def test_run_cli_sandboxed_copytree_error(
+    monkeypatch: Any,
+    tmp_path: Any,
+) -> None:
+    from moonbridge.adapters import get_adapter
+    adapter = get_adapter("kimi")
+    result = server_module._run_cli_sandboxed(
+        adapter,
+        "prompt",
+        False,
+        str(tmp_path / "nonexistent"),
+        60,
+        0,
+        None,
+        None,
+    )
+    assert result.status == "error"
+    assert "sandbox error" in result.stderr
+def test_sandbox_ignores_git_dir(
+    monkeypatch: Any,
+    tmp_path: Any,
+) -> None:
+    from moonbridge.adapters import get_adapter
+    workspace = tmp_path / "workspace"
+    workspace.mkdir()
+    (workspace / ".git").mkdir()
+    (workspace / ".git" / "config").write_text("gitconf", encoding="utf-8")
+    (workspace / "code.txt").write_text("code", encoding="utf-8")
+    def fake_run_cli_sync(
+        adapter: Any,
+        prompt: str,
+        thinking: bool,
+        cwd: str,
+        timeout_seconds: int,
+        agent_index: int,
+        model: str | None = None,
+        reasoning_effort: str | None = None,
+    ) -> AgentResult:
+        assert not Path(cwd).joinpath(".git").exists()
+        return AgentResult(
+            status="success",
+            output="ok",
+            stderr=None,
+            returncode=0,
+            duration_ms=1,
+            agent_index=agent_index,
+        )
+    monkeypatch.setattr(server_module, "_run_cli_sync", fake_run_cli_sync)
+    adapter = get_adapter("kimi")
+    result = server_module._run_cli_sandboxed(
+        adapter,
+        "prompt",
+        False,
+        str(workspace),
+        60,
+        0,
+        None,
+        None,
+    )
+    assert result.status == "success"
 @pytest.fixture
 def reset_active_processes() -> Iterator[None]:
     server_module._active_processes.clear()