feat(sandbox): add sandbox module#465
Conversation
Add an E2B-style sandbox client with lifecycle, envd commands, filesystem, git, template, resource, and injection-rule support. Include .env-based examples plus unit and integration coverage for the new sandbox surface.
Add PTY, command streaming, filesystem watcher/write_files, Git helpers and credential authentication APIs for the sandbox module. Expand sandbox unit/integration tests, runnable examples, and the E2B Python SDK differences document including remote Git push coverage.
Keep the sandbox runtime, test, and example changes tracked while removing the generated E2B differences document from the submitted branch.
Return command handles from a streaming start path so background commands do not wait for process completion. Bound wait_for_ready health probes with per-request timeouts and cover both review fixes with tests.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a new sandbox service module under qiniu/services/sandbox to support sandbox management, command execution, filesystem operations, git helpers, and pty support, along with examples and tests. The review feedback highlights several critical issues and improvement opportunities, including potential unhandled StopIteration exceptions in commands.py and pty.py, overly broad exception handling across multiple files, inline imports violating PEP 8, missing explicit file encoding when opening files, and the use of generic RuntimeError instead of SandboxError.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
![fennoai[bot]](https://avatars.githubusercontent.com/in/1924301?s=60&v=4){kind=small}
Add E2B-style filesystem info objects, stream reads, IO writes, Git structured status and branches, Git typed exceptions, ReadyCmd helpers, is_running, and compatible Git config signatures. Keep Volume, Snapshot, and MCP gateway behavior out of scope.
Use temporary remote credential URLs for authenticated push and pull, restoring the original remote after success or failure. Forward request_timeout/timeout through filesystem file transfers and cover the behavior with sandbox tests.
Handle empty envd streams, tighten sandbox exception handling, refresh traffic tokens, and prevent stale paginator tokens. Add regression coverage for reviewer feedback and keep external Git TLS failures from failing integration runs.
There was a problem hiding this comment.
Code Review
This pull request introduces a new sandbox service (qiniu/services/sandbox) to the Qiniu Python SDK, adding support for sandbox lifecycle management, filesystem operations, command execution, git integration, and PTY terminals, along with examples and tests. Key feedback points out several robustness and compatibility issues: a potential crash in wait_for_ready when the timeout reaches zero, unhandled ValueError exceptions during UTF-8 decoding of base64 data, format string vulnerabilities in dangerously_authenticate when passwords contain %, missing URL-encoding for Git credentials, memory-inefficient streaming in filesystem reads, Python 2 compatibility issues when encoding unicode stdin data, and incorrect query parameter serialization for sandbox metrics.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Encode Git credentials safely, handle wait/read/stdin edge cases, and serialize metrics IDs consistently. Add regression tests for the second PR feedback round.
There was a problem hiding this comment.
Code Review
This pull request introduces a comprehensive sandbox service to the Qiniu Python SDK, including a client, sandbox instance management, filesystem utilities, Git operations, and PTY support, along with examples and tests. Key feedback from the review includes addressing a potential output distortion and crash in Base64 decoding, fixing credential leakage vulnerabilities in Git authentication and remote credential restoration, importing a missing error class, and establishing a default HTTP request timeout to prevent indefinite hangs.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Avoid credential exposure in git authentication, report remote restore failures, use Python 2 compatible text handling, and set a default client timeout. Cover the reviewer feedback with focused sandbox regression tests.
There was a problem hiding this comment.
Code Review
This pull request introduces a new sandbox service module to the Qiniu Python SDK, enabling users to manage sandboxes, interact with filesystems, execute commands, and perform Git operations within isolated environments. The changes include a client for the sandbox API, a command execution interface, filesystem management utilities, and integration tests. My review identified several areas for improvement: the is_running method in Sandbox needs robust error handling for network requests, the error handling logic in decode_connect_envelopes should be more explicit, the Filesystem.write method should leverage requests' native multipart support to avoid memory issues with large files, and the Git.add method requires input validation to handle single-string file paths correctly.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
There was a problem hiding this comment.
Code Review
This pull request introduces a comprehensive sandbox service client and utilities to the Qiniu Python SDK, enabling sandbox creation, command execution, filesystem operations, Git integration, and PTY management, along with extensive tests and examples. The code review highlights three key areas for improvement: a potential timeout issue in wait_for_ready where the HTTP request timeout is overly restricted to the retry interval; a security vulnerability in dangerously_authenticate where sensitive Git credentials are written to /tmp with insecure default permissions; and a compatibility issue in the filesystem write method where passing absolute paths in multipart/form-data files could cause server-side errors.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
There was a problem hiding this comment.
Code Review
This pull request introduces a comprehensive sandbox service client and SDK implementation under qiniu/services/sandbox, enabling sandbox creation, lifecycle management, command execution, filesystem operations, Git integration, and PTY interactions, along with extensive tests and examples. The review feedback highlights several critical improvement opportunities, including addressing a potential plain-text credential leak in the Git authentication helper, resolving Python 2 compatibility issues with file-like objects and unicode environment variables, and preventing connection leaks by ensuring streamed response connections are properly closed.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
There was a problem hiding this comment.
Code Review
This pull request introduces a new sandbox service module to the Qiniu Python SDK, complete with client APIs, sandbox lifecycle management, command execution, filesystem utilities, PTY support, Git helpers, example scripts, and extensive unit and integration tests. The review feedback highlights two improvement opportunities: refactoring a tuple-based lambda function in the Git example to improve readability, and correcting a minor indentation misalignment in the sandbox client options normalization to comply with PEP 8.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
1 participant
概述
.env的示例配置、单元测试和集成测试;集成测试与示例已覆盖远端 Git push 场景。验证
/tmp/qiniu-python-sdk-test-venv/bin/python -m pytest tests/cases/test_services/test_sandbox -q->28 passed, 1 skipped.env逐个运行所有 sandbox examples,均成功退出。/tmp/qiniu-python-sdk-test-venv/bin/python -m flake8 --show-source --max-line-length=160 ./qiniupython3 -m compileall -q qiniu tests examplesgit diff --check备注
docs/sandbox-e2b-python-sdk-differences.md按要求未包含在本 PR 中。