pysolated 0.1.0__tar.gz

pysolated-0.1.0/.claude/settings.local.json

@@ -0,0 +1,22 @@
+{
+  "env": {
+    "CLAUDE_CODE_ENABLE_AUTO_MODE": "1"
+  },
+  "permissions": {
+    "allow": [
+      "Bash(gh issue create *)",
+      "Bash(uv run *)",
+      "Bash(git add *)",
+      "Bash(git commit *)",
+      "Bash(gh repo *)",
+      "Bash(gh label *)",
+      "Bash(gh issue *)",
+      "Bash(command -v bd)",
+      "Bash(command -v podman docker)",
+      "Bash(podman image *)",
+      "Bash(set +x)",
+      "Bash(podman run *)",
+      "Bash(gh auth *)"
+    ]
+  }
+}

pysolated-0.1.0/.claude/skills/diagnose

@@ -0,0 +1 @@
+../../.agents/skills/diagnose

pysolated-0.1.0/.claude/skills/find-skills

@@ -0,0 +1 @@
+../../.agents/skills/find-skills

pysolated-0.1.0/.claude/skills/grill-me

@@ -0,0 +1 @@
+../../.agents/skills/grill-me

pysolated-0.1.0/.claude/skills/grill-with-docs

@@ -0,0 +1 @@
+../../.agents/skills/grill-with-docs

pysolated-0.1.0/.claude/skills/handoff

@@ -0,0 +1 @@
+../../.agents/skills/handoff

pysolated-0.1.0/.claude/skills/improve-codebase-architecture

@@ -0,0 +1 @@
+../../.agents/skills/improve-codebase-architecture

pysolated-0.1.0/.claude/skills/prd-to-plan

@@ -0,0 +1 @@
+../../.agents/skills/prd-to-plan

pysolated-0.1.0/.claude/skills/prototype

@@ -0,0 +1 @@
+../../.agents/skills/prototype

pysolated-0.1.0/.claude/skills/setup-matt-pocock-skills

@@ -0,0 +1 @@
+../../.agents/skills/setup-matt-pocock-skills

pysolated-0.1.0/.claude/skills/software-design-research

@@ -0,0 +1 @@
+../../.agents/skills/software-design-research/

pysolated-0.1.0/.claude/skills/tdd

@@ -0,0 +1 @@
+../../.agents/skills/tdd

pysolated-0.1.0/.claude/skills/teach

@@ -0,0 +1 @@
+../../.agents/skills/teach/

pysolated-0.1.0/.claude/skills/to-issues

@@ -0,0 +1 @@
+../../.agents/skills/to-issues

pysolated-0.1.0/.claude/skills/to-prd

@@ -0,0 +1 @@
+../../.agents/skills/to-prd

pysolated-0.1.0/.claude/skills/triage

@@ -0,0 +1 @@
+../../.agents/skills/triage

pysolated-0.1.0/.claude/skills/write-a-skill

@@ -0,0 +1 @@
+../../.agents/skills/write-a-skill

pysolated-0.1.0/.claude/skills/zoom-out

@@ -0,0 +1 @@
+../../.agents/skills/zoom-out

pysolated-0.1.0/.gitignore

@@ -0,0 +1,22 @@
+# Python
+__pycache__/
+*.py[cod]
+*.egg-info/
+.pytest_cache/
+.ruff_cache/
+.mypy_cache/
+build/
+dist/
+.venv/
+
+# uv
+# (uv.lock is committed; the virtualenv is not)
+
+# Node reference install (Sandcastle, kept locally for cross-referencing)
+node_modules/
+
+# Tooling
+.sandcastle/
+
+# Environment variables
+.env

pysolated-0.1.0/.pre-commit-config.yaml

@@ -0,0 +1,20 @@
+repos:
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.15.17
+    hooks:
+      - id: ruff
+        name: ruff lint
+      - id: ruff-format
+        name: ruff format check
+        args: [--check]
+
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v2.1.0
+    hooks:
+      - id: mypy
+        args: [--strict, --ignore-missing-imports]
+        files: ^src/
+        additional_dependencies:
+          - pydantic>=2.7
+          - typer>=0.12
+          - rich>=13.7

pysolated-0.1.0/.pysolated/Containerfile

@@ -0,0 +1,48 @@
+FROM python:3.13-bookworm
+
+# Install system dependencies.
+# gawk is required because the codex installer's checksum lookup uses an
+# interval regex (/^[0-9a-fA-F]{64}$/) that Debian's default mawk does not
+# honor, which makes it fail to find the package digest in SHA256SUMS.
+RUN apt-get update && apt-get install -y \
+  git \
+  curl \
+  jq \
+  gawk \
+  && rm -rf /var/lib/apt/lists/*
+
+# Install GitHub CLI
+RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
+  | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
+  && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
+  | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
+  && apt-get update && apt-get install -y gh \
+  && rm -rf /var/lib/apt/lists/*
+
+# Build-args for UID/GID alignment: sandcastle docker build-image
+# defaults these to the host user's UID/GID so image-built files
+# and bind-mounted files share an owner without runtime chown.
+ARG AGENT_UID=1000
+ARG AGENT_GID=1000
+
+# Add "agent" group
+RUN addgroup --gid ${AGENT_GID} agent
+
+# Add "agent" user and align UID/GID.
+RUN adduser --uid ${AGENT_UID} --gid ${AGENT_GID} --home /home/agent agent
+
+# Add agent to PATH
+ENV PATH="/home/agent/.local/bin:$PATH"
+
+# Install Claude Code CLI as the agent user so the binary lands in
+# /home/agent/.local/bin (the installer targets $HOME/.local/bin).
+USER agent
+RUN curl -fsSL https://claude.ai/install.sh | bash
+RUN curl -fsSL https://chatgpt.com/codex/install.sh | CODEX_NON_INTERACTIVE=1 sh
+
+WORKDIR /home/agent
+
+# In worktree sandbox mode, Sandcastle bind-mounts the git worktree at /home/agent/workspace
+# and overrides the working directory to /home/agent/workspace at container start.
+# Structure your Dockerfile so that /home/agent/workspace can serve as the project root.
+ENTRYPOINT ["sleep", "infinity"]

pysolated-0.1.0/.pysolated/Dockerfile

@@ -0,0 +1,48 @@
+FROM python:3.13-bookworm
+
+# Install system dependencies.
+# gawk is required because the codex installer's checksum lookup uses an
+# interval regex (/^[0-9a-fA-F]{64}$/) that Debian's default mawk does not
+# honor, which makes it fail to find the package digest in SHA256SUMS.
+RUN apt-get update && apt-get install -y \
+  git \
+  curl \
+  jq \
+  gawk \
+  && rm -rf /var/lib/apt/lists/*
+
+# Install GitHub CLI
+RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
+  | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
+  && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
+  | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
+  && apt-get update && apt-get install -y gh \
+  && rm -rf /var/lib/apt/lists/*
+
+# Build-args for UID/GID alignment: sandcastle docker build-image
+# defaults these to the host user's UID/GID so image-built files
+# and bind-mounted files share an owner without runtime chown.
+ARG AGENT_UID=1000
+ARG AGENT_GID=1000
+
+# Add "agent" group
+RUN addgroup --gid ${AGENT_GID} agent
+
+# Add "agent" user and align UID/GID.
+RUN adduser --uid ${AGENT_UID} --gid ${AGENT_GID} --home /home/agent agent
+
+# Add agent to PATH
+ENV PATH="/home/agent/.local/bin:$PATH"
+
+# Install Claude Code CLI as the agent user so the binary lands in
+# /home/agent/.local/bin (the installer targets $HOME/.local/bin).
+USER agent
+RUN curl -fsSL https://claude.ai/install.sh | bash
+RUN curl -fsSL https://chatgpt.com/codex/install.sh | CODEX_NON_INTERACTIVE=1 sh
+
+WORKDIR /home/agent
+
+# In worktree sandbox mode, Sandcastle bind-mounts the git worktree at /home/agent/workspace
+# and overrides the working directory to /home/agent/workspace at container start.
+# Structure your Dockerfile so that /home/agent/workspace can serve as the project root.
+ENTRYPOINT ["sleep", "infinity"]

pysolated-0.1.0/.pysolated/main.py

@@ -0,0 +1,86 @@
+import asyncio
+import os
+from pathlib import Path
+from dotenv import load_dotenv
+from pysolated import run, claude_code
+from pysolated.errors import IdleTimeoutError
+from pysolated.sandboxes.podman import podman
+
+PROMPT_FILE = Path(__file__).parent / "prompt.md"
+REPO_ROOT = Path(__file__).parent.parent  # .pysolated/ lives at the repo root
+
+# Load credentials from .pysolated/.env (gitignored) into the host environment
+# so _require_env can read them. The .env is never mounted into the sandbox;
+# the values are passed explicitly via the provider's `env=`.
+load_dotenv(Path(__file__).parent / ".env")
+
+
+def _require_env(name: str) -> str:
+    """Read a required credential from the environment, failing fast if unset.
+
+    Credentials must never be committed to this driver script — the sandbox
+    has no access to the host environment, so they are read here and passed
+    explicitly via the provider's `env=`.
+    """
+    value = os.environ.get(name)
+    if not value:
+        raise SystemExit(
+            f"missing required environment variable {name!r}; "
+            f"export it before running (e.g. `export {name}=...`)"
+        )
+    return value
+
+
+## figure out HITL reviews
+async def main():
+    while True:
+        try:
+            result = await run(
+                agent=claude_code("claude-opus-4-7"),
+                sandbox=podman(
+                    image="pysolated:pysolated",
+                    env={
+                        # MUST pass credentials explicitly — the sandbox does
+                        # not inherit the host environment. Read from the host
+                        # env here; never hard-code secrets in this file.
+                        "CLAUDE_CODE_OAUTH_TOKEN": _require_env(
+                            "CLAUDE_CODE_OAUTH_TOKEN"
+                        ),
+                        "GH_TOKEN": _require_env("GH_TOKEN"),
+                    },
+                ),
+                prompt_file=str(PROMPT_FILE),
+                prompt_args={"area": "auth"},
+                cwd=str(
+                    REPO_ROOT
+                ),  # mount the repo root, not wherever main.py was launched from
+                max_iterations=2,
+                completion_signal=[
+                    "<completion>ISSUE-DONE</completion>",
+                    "<completion>NO-MORE-ISSUES</completion>",
+                    "<completion>AWAITING-DEPENDENCIES</completion>",
+                ],
+                idle_timeout_seconds=600,
+                completion_timeout_seconds=60,
+            )
+        except IdleTimeoutError as e:
+            print(f"timed out: {e}")
+            break
+
+        print(result.text)
+        print(result.branch, result.usage)
+        if result.completion_signal == "<completion>NO-MORE-ISSUES</completion>":
+            break
+        if result.completion_signal == "<completion>AWAITING-DEPENDENCIES</completion>":
+            print(
+                "All outstanding tasks are blocked, awaiting unresolved dependencies."
+            )
+            answer = await asyncio.to_thread(
+                input, "Confirm the dependencies are resolved to continue [y/N]: "
+            )
+            if answer.strip().lower() not in ("y", "yes"):
+                print("Stopping until dependencies are resolved.")
+                break
+
+
+asyncio.run(main())

pysolated-0.1.0/.pysolated/prompt.md

@@ -0,0 +1,364 @@
+# ISSUES
+
+Here are a set of GitHub issues:
+
+!`gh issue list --state open --json number,title,body,comments`
+
+You will work on one AFK (away from keyboard) issue only, not the HITL (human in the loop) ones.
+
+When the task is complete, output <completion>ISSUE-DONE</completion>
+If there are not more AFK issues, output <completion>NO-MORE-ISSUES</completion>
+If the all open AFK issues have unresolved dependencies output <completion>AWAITING-DEPENDENCIES</completion>
+
+# TASK SELECTION
+
+Pick the next task. Prioritize tasks in this order:
+
+1. Critical bugfixes
+2. Development infrastructure
+
+Getting development infrastructure like tests and types and dev scripts ready is an important precursor to building features.
+
+3. Tracer bullets for new features
+
+Tracer bullets are small slices of functionality that go through all layers of the system, allowing you to test and validate your approach early. This helps in identifying potential issues and ensures that the overall architecture is sound before investing significant time in development.
+
+TL;DR - build a tiny, end-to-end slice of the feature first, then expand it out.
+
+4. Polish and quick wins
+5. Refactors
+
+# EXPLORATION
+
+Explore the repo.
+
+# IMPLEMENTATION
+
+Complete the task using test driven development (TDD)
+
+## TDD Philosophy
+
+**Core principle**: Tests should verify behavior through public interfaces, not implementation details. 
+Code can change entirely; tests shouldn't.
+
+**Good tests** are integration-style: they exercise real code paths through public APIs. 
+They describe _what_ the system does, not _how_ it does it. 
+A good test reads like a specification - "user can checkout with valid cart" tells you exactly what capability exists. 
+These tests survive refactors because they don't care about internal structure.
+
+**Bad tests** are coupled to implementation. 
+They mock internal collaborators, test private methods, or verify through external means (like querying a database directly instead of using the interface). 
+The warning sign: your test breaks when you refactor, but behavior hasn't changed. 
+If you rename an internal function and tests fail, those tests were testing implementation, not behavior.
+
+### Test examples
+
+#### Good Tests
+
+**Integration-style**: Test through real interfaces, not mocks of internal parts.
+
+```python
+# GOOD: Tests observable behavior
+async def test_user_can_checkout_with_valid_cart() -> None:
+    cart = create_cart()
+    cart.add(product)
+    result = await checkout(cart, payment_method)
+    assert result.status == "confirmed"
+```
+
+Characteristics:
+
+- Tests behavior users/callers care about
+- Uses public API only
+- Survives internal refactors
+- Describes WHAT, not HOW
+- One logical assertion per test
+
+#### Bad Tests
+
+**Implementation-detail tests**: Coupled to internal structure.
+
+```python
+# BAD: Tests implementation details
+async def test_checkout_calls_payment_service_process() -> None:
+    with patch("myapp.checkout.payment_service") as mock_payment:
+        await checkout(cart, payment)
+    mock_payment.process.assert_called_once_with(cart.total)
+```
+
+#### Red flags:
+
+- Mocking internal collaborators
+- Testing private methods
+- Asserting on call counts/order
+- Test breaks when refactoring without behavior change
+- Test name describes HOW not WHAT
+- Verifying through external means instead of interface
+
+```python
+# BAD: Bypasses interface to verify
+async def test_create_user_saves_to_database() -> None:
+    await create_user({"name": "Alice"})
+    row = await db.query("SELECT * FROM users WHERE name = ?", ["Alice"])
+    assert row is not None
+
+# GOOD: Verifies through interface
+async def test_create_user_makes_user_retrievable() -> None:
+    user = await create_user({"name": "Alice"})
+    retrieved = await get_user(user.id)
+    assert retrieved.name == "Alice"
+```
+### Mocking guidelines
+
+#### When to Mock
+
+Mock at **system boundaries** only:
+
+- External APIs (payment, email, etc.)
+- Databases (sometimes - prefer test DB)
+- Time/randomness
+- File system (sometimes)
+
+Don't mock:
+
+- Your own classes/modules
+- Internal collaborators
+- Anything you control
+
+#### Designing for Mockability
+
+At system boundaries, design interfaces that are easy to mock:
+
+**1. Use dependency injection**
+
+Pass external dependencies in rather than creating them internally:
+
+```python
+# Easy to mock
+def process_payment(order, payment_client):
+    return payment_client.charge(order.total)
+
+# Hard to mock
+def process_payment(order):
+    client = StripeClient(os.environ["STRIPE_KEY"])
+    return client.charge(order.total)
+```
+
+**2. Prefer SDK-style interfaces over generic fetchers**
+
+Create specific functions for each external operation instead of one generic function with conditional logic:
+
+```python
+# GOOD: Each method is independently mockable
+class Api:
+    def get_user(self, id):
+        return fetch(f"/users/{id}")
+
+    def get_orders(self, user_id):
+        return fetch(f"/users/{user_id}/orders")
+
+    def create_order(self, data):
+        return fetch("/orders", method="POST", body=data)
+
+# BAD: Mocking requires conditional logic inside the mock
+class Api:
+    def fetch(self, endpoint, options):
+        return fetch(endpoint, options)
+```
+
+The SDK approach means:
+- Each mock returns one specific shape
+- No conditional logic in test setup
+- Easier to see which endpoints a test exercises
+- Type safety per endpoint
+
+## TDD Anti-Pattern: Horizontal Slices
+
+**DO NOT write all tests first, then all implementation.** This is "horizontal slicing" - treating RED as "write al
+l tests" and GREEN as "write all code."
+
+This produces **crap tests**:
+
+- Tests written in bulk test _imagined_ behavior, not _actual_ behavior
+- You end up testing the _shape_ of things (data structures, function signatures) rather than user-facing behavior
+- Tests become insensitive to real changes - they pass when behavior breaks, fail when behavior is fine
+- You outrun your headlights, committing to test structure before understanding the implementation
+
+**Correct approach**: Vertical slices via tracer bullets. One test → one implementation → repeat. Each test respond
+s to what you learned from the previous cycle. Because you just wrote the code, you know exactly what behavior matt
+ers and how to verify it.
+
+```
+WRONG (horizontal):
+  RED:   test1, test2, test3, test4, test5
+  GREEN: impl1, impl2, impl3, impl4, impl5
+
+RIGHT (vertical):
+  RED→GREEN: test1→impl1
+  RED→GREEN: test2→impl2
+  RED→GREEN: test3→impl3
+  ...
+```
+
+## Definition of deep modules
+
+From "A Philosophy of Software Design":
+
+**Deep module** = small interface + lots of implementation
+This is good
+
+```
+┌─────────────────────┐
+│   Small Interface   │  ← Few methods, simple params
+├─────────────────────┤
+│                     │
+│                     │
+│  Deep Implementation│  ← Complex logic hidden
+│                     │
+│                     │
+└─────────────────────┘
+```
+
+**Shallow module** = large interface + little implementation (avoid)
+This is bad
+
+```
+┌─────────────────────────────────┐
+│       Large Interface           │  ← Many methods, complex params
+├─────────────────────────────────┤
+│  Thin Implementation            │  ← Just passes through
+└─────────────────────────────────┘
+```
+
+When designing interfaces, ask:
+
+- Can I reduce the number of methods?
+- Can I simplify the parameters?
+- Can I hide more complexity inside?
+
+## Interface design for testability
+
+Good interfaces make testing natural:
+
+1. **Accept dependencies, don't create them**
+
+```python
+# Testable
+def process_order(order, payment_gateway):
+    ...
+
+# Hard to test
+def process_order(order):
+    gateway = StripeGateway()
+    ...
+```
+
+2. **Return results, don't produce side effects**
+
+```python
+# Testable
+def calculate_discount(cart) -> Discount:
+    ...
+
+# Hard to test
+def apply_discount(cart) -> None:
+    cart.total -= discount
+```
+
+3. **Small surface area**
+   - Fewer methods = fewer tests needed
+   - Fewer params = simpler test setup
+
+## TDD Workflow
+
+### 1. Planning
+
+When exploring the codebase, use the project's domain glossary so that test names and interface vocabulary match the project's language, 
+and respect ADRs in the area you're touching.
+
+Before writing any code:
+
+- [ ] Identify opportunities for deep modules
+- [ ] Design interfaces for testability
+- [ ] List the behaviors to test (not implementation steps)
+- [ ] Get user approval on the plan
+
+Consider what the public interface should look like and which behaviors are most important to test
+
+**You can't test everything.** Focus testing effort on critical paths and complex logic, not every possible edge case.
+
+### 2. Tracer Bullet
+
+Write ONE test that confirms ONE thing about the system:
+
+```
+RED:   Write test for first behavior → test fails
+GREEN: Write minimal code to pass → test passes
+```
+
+This is your tracer bullet - proves the path works end-to-end.
+
+### 3. Incremental Loop
+
+For each remaining behavior:
+
+```
+RED:   Write next test → fails
+GREEN: Minimal code to pass → passes
+```
+
+Rules:
+
+- One test at a time
+- Only enough code to pass current test
+- Don't anticipate future tests
+- Keep tests focused on observable behavior
+
+### 4. Refactor
+
+After all tests pass, look for [refactor candidates](refactoring.md):
+
+- [ ] Extract duplication
+- [ ] Break long methods into private helpers (keep tests on public interface)
+- [ ] Deepen modules (move complexity behind simple interfaces)
+- [ ] Move logic to where data lives
+- [ ] Apply SOLID principles where natural
+- [ ] Consider what new code reveals about existing code
+- [ ] Run tests after each refactor step
+
+**Never refactor while RED.** Get to GREEN first.
+
+## Checklist Per Cycle
+
+```
+[ ] Test describes behavior, not implementation
+[ ] Test uses public interface only
+[ ] Test would survive internal refactor
+[ ] Code is minimal for this test
+[ ] No speculative features added
+
+# FEEDBACK LOOPS
+
+Before committing, run the feedback loops:
+
+- run tests for any files that have changed
+- run mypy in strict mode for the files that have changed
+- run ruff to check formatting and linting for files that have changed
+
+# COMMIT
+
+Make a git commit. The commit message must:
+
+1. Include key decisions made
+2. Include files changed
+3. Blockers or notes for next iteration
+
+# THE ISSUE
+
+If the task is complete, close the original GitHub issue.
+
+If the task is not complete, leave a comment on the GitHub issue with what was done.
+
+# FINAL RULES
+
+ONLY WORK ON A SINGLE TASK. If you receive a multi-phase plan, only work on a single phase of that plan.