sandboxctl 1.0.2__py3-none-any.whl

sandboxctl/__init__.py

@@ -0,0 +1,3 @@
+"""Sandboxctl — OpenShell sandbox management CLI."""
+
+__version__ = "1.0.2"

sandboxctl/cli.py

@@ -0,0 +1,190 @@
+"""CLI entry point."""
+
+from __future__ import annotations
+
+import typer
+from rich.table import Table
+
+from sandboxctl.config import CONFIG_TEMPLATE, ensure_config_dir, load_config
+
+app = typer.Typer(
+    name="sandboxctl",
+    help="OpenShell sandbox management CLI.",
+    no_args_is_help=True,
+    rich_markup_mode="rich",
+)
+
+config_app = typer.Typer(help="Manage sandboxctl configuration.")
+app.add_typer(config_app, name="config")
+
+
+@app.callback(invoke_without_command=True)
+def main(
+    ctx: typer.Context,
+    show_version: bool = typer.Option(False, "--version", "-V", help="Show version and exit."),
+) -> None:
+    """OpenShell sandbox management CLI."""
+    if show_version:
+        from sandboxctl import __version__
+
+        typer.echo(f"sandboxctl {__version__}")
+        raise typer.Exit()
+    if ctx.invoked_subcommand is None:
+        typer.echo(ctx.get_help())
+        raise typer.Exit()
+
+
+@config_app.command("init")
+def config_init() -> None:
+    """Create default configuration file."""
+    cfg = load_config()
+    ensure_config_dir(cfg)
+    config_file = cfg.config_dir / "config.toml"
+    if config_file.exists():
+        typer.echo(f"Config already exists: {config_file}")
+        raise typer.Exit(1)
+    config_file.write_text(CONFIG_TEMPLATE)
+    typer.echo(f"Created {config_file}")
+
+
+@config_app.command("show")
+def config_show() -> None:
+    """Show current configuration."""
+    cfg = load_config()
+    typer.echo(f"Config dir:    {cfg.config_dir}")
+    typer.echo(f"Profiles dir:  {cfg.profiles_dir}")
+    typer.echo(f"SSH key:       {cfg.ssh_key}")
+    typer.echo(f"Git user:      {cfg.git_user_name or '(not set)'}")
+    typer.echo(f"Git email:     {cfg.git_user_email or '(not set)'}")
+    typer.echo(f"Model:         {cfg.default_model}")
+    typer.echo(f"Theme:         {cfg.default_theme}")
+    typer.echo(f"Vertex project:{cfg.vertex_project_id or '(not set)'}")
+
+
+@config_app.command("path")
+def config_path() -> None:
+    """Print config file path."""
+    cfg = load_config()
+    typer.echo(cfg.config_dir / "config.toml")
+
+
+@app.command("list")
+def list_cmd() -> None:
+    """List profiles and running sandboxes."""
+    from sandboxctl import openshell as osh
+    from sandboxctl.profile import list_profiles
+
+    cfg = load_config()
+    profiles = list_profiles(cfg)
+    if profiles:
+        typer.echo("Profiles:")
+        for p in profiles:
+            typer.echo(f"  {p}")
+    else:
+        typer.echo("No profiles found.")
+
+    typer.echo()
+    try:
+        sandboxes = osh.sandbox_list()
+        if sandboxes:
+            table = Table(title="Running Sandboxes")
+            table.add_column("Name")
+            table.add_column("Created")
+            table.add_column("Phase")
+            for sb in sandboxes:
+                table.add_row(sb["name"], sb["created"], sb["phase"])
+            from rich.console import Console
+
+            Console().print(table)
+        else:
+            typer.echo("No running sandboxes.")
+    except Exception:
+        typer.echo("Could not list sandboxes (is openshell running?).")
+
+
+@app.command()
+def status() -> None:
+    """Show gateway and sandbox status."""
+    from sandboxctl import openshell as osh
+
+    try:
+        gw = osh.gateway_status()
+        table = Table(title="Gateway")
+        table.add_column("Property")
+        table.add_column("Value")
+        for k, v in gw.items():
+            table.add_row(k, v)
+        from rich.console import Console
+
+        Console().print(table)
+    except Exception:
+        typer.echo("Could not reach gateway.")
+
+
+@app.command("delete")
+def delete_cmd(name: str = typer.Argument(help="Sandbox name.")) -> None:
+    """Delete a sandbox."""
+    from sandboxctl import openshell as osh
+
+    typer.confirm(f"Delete sandbox '{name}'?", abort=True)
+    osh.sandbox_delete(name)
+    typer.echo(f"Deleted sandbox: {name}")
+
+
+@app.command()
+def validate(name: str = typer.Argument(help="Sandbox name.")) -> None:
+    """Run validation tests inside a sandbox."""
+    from sandboxctl import openshell as osh
+    from sandboxctl.health import diagnose
+
+    report = diagnose(name, auto_recover=True)
+    if not report.healthy:
+        typer.echo(f"Sandbox '{name}' is not healthy. Run 'sandboxctl doctor {name}' for details.")
+        raise typer.Exit(1)
+
+    typer.echo(f"Running validation on sandbox: {name}\n")
+    result = osh.sandbox_exec_pipe(name, "source /sandbox/.bashrc\nvalidate.sh")
+    typer.echo(result)
+
+
+@app.command("init")
+def init_cmd(name: str = typer.Argument(help="Profile name.")) -> None:
+    """Create a new profile skeleton."""
+    from sandboxctl.profile import init_profile
+
+    cfg = load_config()
+    try:
+        path = init_profile(name, cfg)
+        typer.echo(f"Created profile: {path}")
+    except FileExistsError as e:
+        typer.echo(str(e))
+        raise typer.Exit(1) from e
+
+
+@app.command()
+def upgrade() -> None:
+    """Upgrade OpenShell to latest version."""
+    import subprocess
+
+    typer.echo("Upgrading OpenShell...")
+    subprocess.run(["openshell", "upgrade"], check=False)
+
+
+@app.command()
+def doctor(
+    name: str = typer.Argument(help="Sandbox name to diagnose."),
+    no_recover: bool = typer.Option(False, "--no-recover", help="Skip auto-recovery, diagnose only."),
+) -> None:
+    """Diagnose and recover sandbox issues."""
+    from sandboxctl.health import diagnose
+
+    report = diagnose(name, auto_recover=not no_recover)
+    for detail in report.details:
+        typer.echo(f"  {detail}")
+    if report.healthy:
+        typer.echo(f"\n[bold green]Sandbox '{name}' is healthy.[/bold green]")
+    else:
+        typer.echo(f"\n[bold red]Sandbox '{name}' is unhealthy.[/bold red]")
+        typer.echo(f"  Recovery action: {report.recovery_action}")
+        if "needs_recreate" in report.recovery_action:
+            typer.echo("  Run 'sandboxctl restart' to recreate (will lose unsaved work).")

sandboxctl/config.py

@@ -0,0 +1,202 @@
+"""XDG-compliant configuration using pydantic-settings."""
+
+from __future__ import annotations
+
+import os
+import shutil
+from pathlib import Path
+from typing import Any, ClassVar
+
+from pydantic import Field, model_validator
+from pydantic_settings import BaseSettings, SettingsConfigDict, TomlConfigSettingsSource
+
+
+def _default_config_dir() -> Path:
+    xdg = os.environ.get("XDG_CONFIG_HOME")
+    if xdg:
+        return Path(xdg) / "sandboxctl"
+    return Path.home() / ".config" / "sandboxctl"
+
+
+class _SubConfig(BaseSettings):
+    model_config = SettingsConfigDict(extra="ignore")
+
+
+class IdentityConfig(_SubConfig):
+    user_name: str = ""
+    user_email: str = ""
+
+
+class DefaultsConfig(_SubConfig):
+    model: str = "claude-sonnet-4-20250514"
+    theme: str = "dark"
+    zoom: int = -1
+
+
+class ProvidersConfig(_SubConfig):
+    vertex_project_id: str = ""
+    vertex_region: str = "global"
+
+
+class PathsConfig(_SubConfig):
+    ssh_key: Path = Field(default_factory=lambda: Path.home() / ".ssh" / "sandboxctl_ed25519")
+    ca_bundle: Path | None = None
+
+    @model_validator(mode="after")
+    def _expand_paths(self) -> PathsConfig:
+        if "~" in str(self.ssh_key):
+            object.__setattr__(self, "ssh_key", self.ssh_key.expanduser())
+        if self.ca_bundle and "~" in str(self.ca_bundle):
+            object.__setattr__(self, "ca_bundle", self.ca_bundle.expanduser())
+        return self
+
+
+class KeychainConfig(_SubConfig):
+    github_service: str = "sandboxctl-github-token"
+    gitlab_service: str = "sandboxctl-gitlab-token"
+
+
+class SandboxctlConfig(BaseSettings):
+    model_config = SettingsConfigDict(
+        env_prefix="SANDBOXCTL_",
+        env_nested_delimiter="__",
+        extra="ignore",
+    )
+
+    config_dir: Path = Field(default_factory=_default_config_dir)
+    profiles_dir: Path | None = None
+
+    identity: IdentityConfig = Field(default_factory=IdentityConfig)
+    defaults: DefaultsConfig = Field(default_factory=DefaultsConfig)
+    providers: ProvidersConfig = Field(default_factory=ProvidersConfig)
+    paths: PathsConfig = Field(default_factory=PathsConfig)
+    keychain: KeychainConfig = Field(default_factory=KeychainConfig)
+
+    _config_dir_override: ClassVar[Path | None] = None
+
+    @model_validator(mode="after")
+    def _resolve_profiles_dir(self) -> SandboxctlConfig:
+        if self.profiles_dir is None:
+            object.__setattr__(self, "profiles_dir", self.config_dir / "profiles")
+        return self
+
+    @classmethod
+    def settings_customise_sources(
+        cls,
+        settings_cls: type[BaseSettings],
+        init_settings: Any,
+        env_settings: Any,
+        dotenv_settings: Any,
+        file_secret_settings: Any,
+    ) -> tuple[Any, ...]:
+        toml_path = cls._resolve_toml_path()
+        sources = [init_settings, env_settings]
+        if toml_path and toml_path.is_file():
+            sources.append(TomlConfigSettingsSource(settings_cls, toml_file=toml_path))
+        return tuple(sources)
+
+    @classmethod
+    def _resolve_toml_path(cls) -> Path | None:
+        if cls._config_dir_override:
+            return cls._config_dir_override / "config.toml"
+        return _default_config_dir() / "config.toml"
+
+    # Convenience accessors for flat access patterns used by callers
+    @property
+    def git_user_name(self) -> str:
+        return self.identity.user_name
+
+    @property
+    def git_user_email(self) -> str:
+        return self.identity.user_email
+
+    @property
+    def default_model(self) -> str:
+        return self.defaults.model
+
+    @property
+    def default_theme(self) -> str:
+        return self.defaults.theme
+
+    @property
+    def default_zoom(self) -> int:
+        return self.defaults.zoom
+
+    @property
+    def vertex_project_id(self) -> str:
+        return self.providers.vertex_project_id
+
+    @property
+    def ssh_key(self) -> Path:
+        return self.paths.ssh_key
+
+    @property
+    def ca_bundle(self) -> Path | None:
+        return self.paths.ca_bundle
+
+    @property
+    def keychain_github(self) -> str:
+        return self.keychain.github_service
+
+    @property
+    def keychain_gitlab(self) -> str:
+        return self.keychain.gitlab_service
+
+
+def load_config(config_dir: Path | None = None) -> SandboxctlConfig:
+    """Load config with optional config_dir override (mainly for testing)."""
+    SandboxctlConfig._config_dir_override = config_dir
+    try:
+        kwargs: dict[str, Any] = {}
+        if config_dir:
+            kwargs["config_dir"] = config_dir
+            kwargs["profiles_dir"] = config_dir / "profiles"
+        return SandboxctlConfig(**kwargs)
+    finally:
+        SandboxctlConfig._config_dir_override = None
+
+
+def ensure_config_dir(config: SandboxctlConfig) -> None:
+    """Create config and profiles directories if they don't exist."""
+    config.config_dir.mkdir(parents=True, exist_ok=True)
+    if config.profiles_dir:
+        config.profiles_dir.mkdir(parents=True, exist_ok=True)
+
+
+CONFIG_TEMPLATE = """\
+# sandboxctl configuration
+# See: https://github.com/butler54/sandboxctl
+
+[identity]
+# Required: your git identity for commits inside sandboxes
+# user_name = "Your Name"
+# user_email = "you@example.com"
+
+[defaults]
+# model = "claude-sonnet-4-20250514"
+# theme = "dark"
+# zoom = -1
+
+[providers]
+# vertex_project_id = ""
+# vertex_region = "global"
+
+[paths]
+# ssh_key = "~/.ssh/sandboxctl_ed25519"
+# ca_bundle = ""
+
+[keychain]
+# github_service = "sandboxctl-github-token"
+# gitlab_service = "sandboxctl-gitlab-token"
+"""
+
+
+def find_vscode_bin() -> Path | None:
+    """Find the VS Code binary, checking PATH then platform-specific locations."""
+    path = shutil.which("code")
+    if path:
+        return Path(path)
+    mac_path = Path("/Applications/Visual Studio Code.app/Contents/Resources/app/bin/code")
+    if mac_path.exists():
+        return mac_path
+    return None

sandboxctl/credentials.py

@@ -0,0 +1,179 @@
+"""Cross-platform credential storage abstraction."""
+
+from __future__ import annotations
+
+import os
+import shutil
+import subprocess
+import sys
+from abc import ABC, abstractmethod
+
+
+class CredentialBackend(ABC):
+    """Abstract credential storage backend."""
+
+    @abstractmethod
+    def get(self, service: str, account: str) -> str | None:
+        """Retrieve a credential. Returns None if not found."""
+
+    @abstractmethod
+    def store(self, service: str, account: str, secret: str) -> None:
+        """Store a credential."""
+
+    @abstractmethod
+    def delete(self, service: str, account: str) -> bool:
+        """Delete a credential. Returns True if deleted, False if not found."""
+
+    @property
+    @abstractmethod
+    def name(self) -> str:
+        """Human-readable backend name."""
+
+
+class MacOSKeychainBackend(CredentialBackend):
+    """macOS Keychain via the security CLI."""
+
+    @property
+    def name(self) -> str:
+        return "macOS Keychain"
+
+    def get(self, service: str, account: str) -> str | None:
+        try:
+            result = subprocess.run(
+                ["security", "find-generic-password", "-s", service, "-a", account, "-w"],
+                capture_output=True,
+                text=True,
+                check=True,
+            )
+            return result.stdout.strip()
+        except (subprocess.CalledProcessError, FileNotFoundError):
+            return None
+
+    def store(self, service: str, account: str, secret: str) -> None:
+        self.delete(service, account)
+        subprocess.run(
+            ["security", "add-generic-password", "-s", service, "-a", account, "-w", secret],
+            check=True,
+            capture_output=True,
+        )
+
+    def delete(self, service: str, account: str) -> bool:
+        try:
+            subprocess.run(
+                ["security", "delete-generic-password", "-s", service, "-a", account],
+                check=True,
+                capture_output=True,
+            )
+            return True
+        except (subprocess.CalledProcessError, FileNotFoundError):
+            return False
+
+
+class LinuxSecretToolBackend(CredentialBackend):
+    """Linux secret-tool (libsecret) backend."""
+
+    @property
+    def name(self) -> str:
+        return "secret-tool (libsecret)"
+
+    def get(self, service: str, account: str) -> str | None:
+        try:
+            result = subprocess.run(
+                ["secret-tool", "lookup", "service", service, "account", account],
+                capture_output=True,
+                text=True,
+                check=True,
+            )
+            val = result.stdout.strip()
+            return val if val else None
+        except (subprocess.CalledProcessError, FileNotFoundError):
+            return None
+
+    def store(self, service: str, account: str, secret: str) -> None:
+        subprocess.run(
+            [
+                "secret-tool",
+                "store",
+                "--label",
+                f"{service}/{account}",
+                "service",
+                service,
+                "account",
+                account,
+            ],
+            input=secret,
+            text=True,
+            check=True,
+            capture_output=True,
+        )
+
+    def delete(self, service: str, account: str) -> bool:
+        try:
+            subprocess.run(
+                ["secret-tool", "clear", "service", service, "account", account],
+                check=True,
+                capture_output=True,
+            )
+            return True
+        except (subprocess.CalledProcessError, FileNotFoundError):
+            return False
+
+
+class EnvVarBackend(CredentialBackend):
+    """Environment variable fallback backend."""
+
+    @property
+    def name(self) -> str:
+        return "environment variables"
+
+    def _env_key(self, service: str, _account: str) -> str:
+        return service.upper().replace("-", "_")
+
+    def get(self, service: str, account: str) -> str | None:
+        return os.environ.get(self._env_key(service, account))
+
+    def store(self, service: str, account: str, secret: str) -> None:
+        msg = f"Cannot persist credentials via env vars. Set {self._env_key(service, account)} in your shell profile."
+        raise RuntimeError(msg)
+
+    def delete(self, service: str, account: str) -> bool:
+        key = self._env_key(service, account)
+        if key in os.environ:
+            del os.environ[key]
+            return True
+        return False
+
+
+def _detect_backend() -> CredentialBackend:
+    """Auto-detect the best available credential backend."""
+    if sys.platform == "darwin" and shutil.which("security"):
+        return MacOSKeychainBackend()
+    if sys.platform == "linux" and shutil.which("secret-tool"):
+        return LinuxSecretToolBackend()
+    return EnvVarBackend()
+
+
+_backend: CredentialBackend | None = None
+
+
+def get_backend() -> CredentialBackend:
+    """Get the credential backend (cached)."""
+    global _backend  # noqa: PLW0603
+    if _backend is None:
+        _backend = _detect_backend()
+    return _backend
+
+
+def get_credential(service: str, account: str) -> str | None:
+    """Retrieve a credential using the detected backend."""
+    return get_backend().get(service, account)
+
+
+def store_credential(service: str, account: str, secret: str) -> None:
+    """Store a credential using the detected backend."""
+    get_backend().store(service, account, secret)
+
+
+def delete_credential(service: str, account: str) -> bool:
+    """Delete a credential using the detected backend."""
+    return get_backend().delete(service, account)