weft-macos-sandbox 0.5.0__tar.gz

weft_macos_sandbox-0.5.0/.gitignore

@@ -0,0 +1,82 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+venv/
+ENV/
+env/
+.venv
+.weft/broker.db
+
+# IDEs
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# Testing
+.coverage
+.coverage.*
+.pytest_cache/
+htmlcov/
+.tox/
+.nox/
+.mypy_cache/
+.dmypy.json
+dmypy.json
+.ruff_cache/
+.ruff/
+.pytest_cache/
+
+# SimpleBroker specific
+*.db-shm
+*.db-wal
+.broker.db*
+test.db
+benchmark_pragma.py
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Temporary files
+*.tmp
+*.bak
+*.log
+
+# Multi-agent
+.claude
+.mcp.json
+agent_history/
+.broker.db
+.broker.db-shm
+.broker.db-wal
+.broker.connection.done
+.broker.connection.lock
+.broker.optimization.done
+.broker.optimization.lock
+*comments*.md
+.code/
+# This is in context for agents but we don't want it to check it in here
+simplebroker/

weft_macos_sandbox-0.5.0/PKG-INFO

@@ -0,0 +1,23 @@
+Metadata-Version: 2.4
+Name: weft-macos-sandbox
+Version: 0.5.0
+Summary: macOS sandbox runner plugin for Weft
+Author-email: Van Lindberg <van@modelmonster.ai>
+License: MIT
+Requires-Python: >=3.12
+Requires-Dist: weft<1,>=0.6.4
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# weft-macos-sandbox
+
+macOS sandbox runner plugin for Weft.
+
+This extension adds the `macos-sandbox` runner via the `weft.runners`
+entry-point group. It currently supports one-shot `command` TaskSpecs only and
+uses `sandbox-exec` with a caller-provided profile.
+
+Release tag:
+
+- `weft_macos_sandbox/vX.Y.Z`

weft_macos_sandbox-0.5.0/README.md

@@ -0,0 +1,11 @@
+# weft-macos-sandbox
+
+macOS sandbox runner plugin for Weft.
+
+This extension adds the `macos-sandbox` runner via the `weft.runners`
+entry-point group. It currently supports one-shot `command` TaskSpecs only and
+uses `sandbox-exec` with a caller-provided profile.
+
+Release tag:
+
+- `weft_macos_sandbox/vX.Y.Z`

weft_macos_sandbox-0.5.0/pyproject.toml

@@ -0,0 +1,31 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "weft-macos-sandbox"
+version = "0.5.0"
+description = "macOS sandbox runner plugin for Weft"
+readme = "README.md"
+requires-python = ">=3.12"
+license = {text = "MIT"}
+authors = [
+    {name = "Van Lindberg", email = "van@modelmonster.ai"},
+]
+dependencies = [
+    "weft>=0.6.4,<1",
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=7.0",
+]
+
+[project.entry-points."weft.runners"]
+macos-sandbox = "weft_macos_sandbox.plugin:get_runner_plugin"
+
+[tool.hatch.build]
+include = [
+    "weft_macos_sandbox/**/*.py",
+    "README.md",
+]

weft_macos_sandbox-0.5.0/weft_macos_sandbox/__init__.py

@@ -0,0 +1,5 @@
+"""macOS sandbox runner plugin for Weft."""
+
+from .plugin import get_runner_plugin
+
+__all__ = ["get_runner_plugin"]

weft_macos_sandbox-0.5.0/weft_macos_sandbox/plugin.py

@@ -0,0 +1,276 @@
+"""macOS sandbox runner plugin for Weft.
+
+Spec references:
+- docs/specifications/01-Core_Components.md [CC-3.1], [CC-3.2], [CC-3.4]
+- docs/specifications/02-TaskSpec.md [TS-1.3]
+"""
+
+from __future__ import annotations
+
+import os
+import shutil
+import subprocess
+import sys
+from collections.abc import Callable, Mapping, Sequence
+from pathlib import Path
+from typing import Any
+
+from simplebroker import BrokerTarget
+from weft.core.runners import RunnerOutcome
+from weft.core.runners.subprocess_runner import (
+    prepare_command_invocation,
+    run_monitored_subprocess,
+)
+from weft.core.tasks.runner import AgentSession, CommandSession
+from weft.ext import (
+    RunnerCapabilities,
+    RunnerHandle,
+    RunnerPlugin,
+    RunnerRuntimeDescription,
+)
+from weft.helpers import kill_process_tree, terminate_process_tree
+
+
+class MacOSSandboxRunner:
+    """One-shot command runner that wraps commands with sandbox-exec."""
+
+    def __init__(
+        self,
+        *,
+        process_target: str | None,
+        args: Sequence[Any] | None,
+        env: Mapping[str, str] | None,
+        working_dir: str | None,
+        timeout: float | None,
+        limits: Any | None,
+        monitor_class: str | None,
+        monitor_interval: float | None,
+        runner_options: Mapping[str, Any] | None,
+        db_path: BrokerTarget | str | None = None,
+        config: dict[str, Any] | None = None,
+    ) -> None:
+        if not isinstance(process_target, str) or not process_target.strip():
+            raise ValueError("macOS sandbox runner requires spec.process_target")
+
+        options = dict(runner_options or {})
+        profile = options.get("profile")
+        if not isinstance(profile, str) or not profile.strip():
+            raise ValueError(
+                "macOS sandbox runner requires spec.runner.options.profile"
+            )
+
+        self._process_target = process_target.strip()
+        self._args = list(args or [])
+        self._env = {str(key): str(value) for key, value in dict(env or {}).items()}
+        self._working_dir = working_dir
+        self._timeout = timeout
+        self._limits = limits
+        self._monitor_class = monitor_class
+        self._monitor_interval = monitor_interval or 1.0
+        self._profile = str(Path(profile).expanduser())
+        self._sandbox_binary = str(options.get("sandbox_binary") or "sandbox-exec")
+        self._db_path = db_path
+        self._config = config
+
+    def run(self, work_item: Any) -> RunnerOutcome:
+        return self.run_with_hooks(work_item)
+
+    def run_with_hooks(
+        self,
+        work_item: Any,
+        *,
+        cancel_requested: Callable[[], bool] | None = None,
+        on_worker_started: Callable[[int | None], None] | None = None,
+        on_runtime_handle_started: Callable[[RunnerHandle], None] | None = None,
+    ) -> RunnerOutcome:
+        command, stdin_data = prepare_command_invocation(
+            self._process_target,
+            work_item,
+            args=self._args,
+        )
+        env_vars = os.environ.copy()
+        env_vars.update(self._env)
+        process = subprocess.Popen(
+            [self._sandbox_binary, "-f", self._profile, *command],
+            stdin=subprocess.PIPE if stdin_data is not None else None,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+            text=True,
+            encoding="utf-8",
+            errors="replace",
+            cwd=self._working_dir or None,
+            env=env_vars,
+        )
+
+        def _stop_runtime() -> None:
+            terminate_process_tree(process.pid or -1, timeout=0.2)
+
+        def _kill_runtime() -> None:
+            kill_process_tree(process.pid or -1, timeout=0.2)
+
+        runtime_handle = RunnerHandle(
+            runner_name="macos-sandbox",
+            runtime_id=str(process.pid),
+            host_pids=(process.pid,) if process.pid is not None else (),
+            metadata={"profile": self._profile},
+        )
+        return run_monitored_subprocess(
+            process=process,
+            stdin_data=stdin_data,
+            timeout=self._timeout,
+            limits=self._limits,
+            monitor_class=self._monitor_class,
+            monitor_interval=self._monitor_interval,
+            monitor=None,
+            db_path=self._db_path,
+            config=self._config,
+            runtime_handle=runtime_handle,
+            cancel_requested=cancel_requested,
+            on_worker_started=on_worker_started,
+            on_runtime_handle_started=on_runtime_handle_started,
+            stop_runtime=_stop_runtime,
+            kill_runtime=_kill_runtime,
+            worker_pid=process.pid,
+        )
+
+    def start_session(self) -> CommandSession:
+        raise ValueError("macOS sandbox runner does not support interactive sessions")
+
+    def start_agent_session(self) -> AgentSession:
+        raise ValueError("macOS sandbox runner does not support agent sessions")
+
+
+class MacOSSandboxRunnerPlugin:
+    """Runner plugin for macOS sandboxed one-shot command tasks."""
+
+    name = "macos-sandbox"
+    capabilities = RunnerCapabilities(
+        supported_types=("command",),
+        supports_interactive=False,
+        supports_persistent=False,
+        supports_agent_sessions=False,
+    )
+
+    def check_version(self) -> None:
+        return None
+
+    def validate_taskspec(
+        self,
+        taskspec_payload: Mapping[str, Any],
+        *,
+        preflight: bool = False,
+    ) -> None:
+        spec = _require_mapping(taskspec_payload.get("spec"), name="spec")
+        if spec.get("type") != "command":
+            raise ValueError("macOS sandbox runner supports only spec.type='command'")
+        if bool(spec.get("interactive", False)):
+            raise ValueError("macOS sandbox runner does not support interactive tasks")
+        if bool(spec.get("persistent", False)):
+            raise ValueError("macOS sandbox runner does not support persistent tasks")
+
+        runner = _require_mapping(spec.get("runner"), name="spec.runner")
+        options = _require_mapping(runner.get("options"), name="spec.runner.options")
+        profile = options.get("profile")
+        if not isinstance(profile, str) or not profile.strip():
+            raise ValueError(
+                "macOS sandbox runner requires spec.runner.options.profile"
+            )
+
+        if preflight:
+            if sys.platform != "darwin":
+                raise ValueError("macOS sandbox runner is available only on macOS")
+            executable = shutil.which(
+                str(options.get("sandbox_binary") or "sandbox-exec")
+            )
+            if executable is None:
+                raise ValueError("sandbox-exec is not available on PATH")
+            profile_path = Path(profile).expanduser()
+            if not profile_path.exists():
+                raise ValueError(f"Sandbox profile does not exist: {profile_path}")
+
+    def create_runner(
+        self,
+        *,
+        target_type: str,
+        tid: str | None,
+        function_target: str | None,
+        process_target: str | None,
+        agent: Mapping[str, Any] | None,
+        args: Sequence[Any] | None,
+        kwargs: Mapping[str, Any] | None,
+        env: Mapping[str, str] | None,
+        working_dir: str | None,
+        timeout: float | None,
+        limits: Any | None,
+        monitor_class: str | None,
+        monitor_interval: float | None,
+        runner_options: Mapping[str, Any] | None,
+        persistent: bool,
+        interactive: bool,
+        db_path: BrokerTarget | str | None = None,
+        config: dict[str, Any] | None = None,
+    ) -> MacOSSandboxRunner:
+        del target_type, tid, function_target, agent, kwargs, persistent, interactive
+        return MacOSSandboxRunner(
+            process_target=process_target,
+            args=args,
+            env=env,
+            working_dir=working_dir,
+            timeout=timeout,
+            limits=limits,
+            monitor_class=monitor_class,
+            monitor_interval=monitor_interval,
+            runner_options=runner_options,
+            db_path=db_path,
+            config=config,
+        )
+
+    def stop(self, handle: RunnerHandle, *, timeout: float = 2.0) -> bool:
+        if not handle.host_pids:
+            return False
+        for pid in handle.host_pids:
+            terminate_process_tree(pid, timeout=timeout, kill_after=False)
+        return True
+
+    def kill(self, handle: RunnerHandle, *, timeout: float = 2.0) -> bool:
+        if not handle.host_pids:
+            return False
+        for pid in handle.host_pids:
+            kill_process_tree(pid, timeout=timeout)
+        return True
+
+    def describe(self, handle: RunnerHandle) -> RunnerRuntimeDescription | None:
+        state = "missing"
+        for pid in handle.host_pids:
+            if _pid_exists(pid):
+                state = "running"
+                break
+        return RunnerRuntimeDescription(
+            runner_name="macos-sandbox",
+            runtime_id=handle.runtime_id,
+            state=state,
+            metadata=dict(handle.metadata),
+        )
+
+
+_PLUGIN = MacOSSandboxRunnerPlugin()
+
+
+def get_runner_plugin() -> RunnerPlugin:
+    return _PLUGIN
+
+
+def _require_mapping(value: object, *, name: str) -> Mapping[str, Any]:
+    if not isinstance(value, Mapping):
+        raise ValueError(f"{name} must be an object")
+    return value
+
+
+def _pid_exists(pid: int) -> bool:
+    if pid <= 0:
+        return False
+    try:
+        os.kill(pid, 0)
+    except OSError:
+        return False
+    return True