Merge remote-tracking branch 'origin/full-docker-defaults' into async-action-fixes

# Conflicts: # foundry/CLAUDE.md # foundry/packages/backend/src/actors/task/workbench.ts # foundry/packages/frontend/src/components/dev-panel.tsx # foundry/packages/frontend/src/components/mock-layout.tsx # justfile
2026-04-20 17:02:18 +00:00 · 2026-03-13 18:50:46 -07:00 · 2026-03-13 18:50:46 -07:00 · 14d5413f8a
commit 14d5413f8a
parent 2022a6ec18 110e969f98
30 changed files with 521 additions and 413 deletions
--- a/foundry/CLAUDE.md
+++ b/foundry/CLAUDE.md
@ -31,16 +31,26 @@ Use `pnpm` workspaces and Turborepo.
 - Foundry is the canonical name for this product tree. Do not introduce or preserve legacy pre-Foundry naming in code, docs, commands, or runtime paths.
 - Install deps: `pnpm install`
 - Full active-workspace validation: `pnpm -w typecheck`, `pnpm -w build`, `pnpm -w test`
- Start the full dev stack: `just foundry-dev`
+- Start the full dev stack (real backend + frontend): `just foundry-dev` — frontend on **port 4173**, backend on **port 7741** (Docker via `compose.dev.yaml`)
+- Start the mock frontend stack (no backend): `just foundry-mock` — mock frontend on **port 4174** (Docker via `compose.mock.yaml`)
 - Start the local production-build preview stack: `just foundry-preview`
 - Start only the backend locally: `just foundry-backend-start`
 - Start only the frontend locally: `pnpm --filter @sandbox-agent/foundry-frontend dev`
- Start the frontend against the mock workbench client: `FOUNDRY_FRONTEND_CLIENT_MODE=mock pnpm --filter @sandbox-agent/foundry-frontend dev`
+- Start the mock frontend locally (no Docker): `just foundry-dev-mock` — mock frontend on **port 4174**
+- Dev and mock stacks can run simultaneously on different ports (4173 and 4174).
 - Stop the compose dev stack: `just foundry-dev-down`
- Tail compose logs: `just foundry-dev-logs`
+- Tail compose dev logs: `just foundry-dev-logs`
+- Stop the mock stack: `just foundry-mock-down`
+- Tail mock logs: `just foundry-mock-logs`
 - Stop the preview stack: `just foundry-preview-down`
 - Tail preview logs: `just foundry-preview-logs`

+## Dev Environment Setup
+
+- `compose.dev.yaml` loads `foundry/.env` (optional) for credentials needed by the backend (GitHub OAuth, Stripe, Daytona, API keys, etc.).
+- The canonical source for these credentials is `~/misc/the-foundry.env`. If `foundry/.env` does not exist, copy it: `cp ~/misc/the-foundry.env foundry/.env`
+- `foundry/.env` is gitignored and must never be committed.
+
 ## Railway Logs

 - Production Foundry Railway logs can be read from a linked workspace with `railway logs --deployment --lines 200` or `railway logs <deployment-id> --deployment --lines 200`.
@ -117,6 +127,17 @@ The client subscribes to `app` always, `workspace` when entering a workspace, `t
 - Backend mutations that affect sidebar data (task title, status, branch, PR state) must push the updated summary to the parent workspace actor, which broadcasts to workspace subscribers.
 - Comment architecture-related code: add doc comments explaining the materialized state pattern, why deltas flow the way they do, and the relationship between parent/child actor broadcasts. New contributors should understand the data flow from comments alone.

+## UI System
+
+- Foundry's base UI system is `BaseUI` with `Styletron`, plus Foundry-specific theme/tokens on top. Treat that as the default UI foundation.
+- The full `BaseUI` reference for available components and guidance on animations, customization, composition, and forms is at `https://base-ui.com/llms.txt`.
+- Prefer existing `BaseUI` components and composition patterns whenever possible instead of building custom controls from scratch.
+- Reuse the established Foundry theme/token layer for colors, typography, spacing, and surfaces instead of introducing ad hoc visual values.
+- If the same UI pattern is shared with the Inspector or other consumers, prefer extracting or reusing it through `@sandbox-agent/react` rather than duplicating it in Foundry.
+- If a requested UI cannot be implemented cleanly with an existing `BaseUI` component, stop and ask the user whether they are sure they want to diverge from the system.
+- In that case, recommend the closest existing `BaseUI` components or compositions that could satisfy the need before proposing custom UI work.
+- Only introduce custom UI primitives when `BaseUI` and existing Foundry patterns are not sufficient, or when the user explicitly confirms they want the divergence.
+
 ## Runtime Policy

 - Runtime is Bun-native.
@ -174,7 +195,9 @@ For all Rivet/RivetKit implementation:
 - Do not build blocking flows that wait on external systems to become ready or complete. Prefer push-based progression driven by actor messages, events, webhooks, or queue/workflow state changes.
 - Use workflows/background commands for any repo sync, sandbox provisioning, agent install, branch restack/rebase, or other multi-step external work. Do not keep user-facing actions/requests open while that work runs.
 - `send` policy: always `await` the `send(...)` call itself so enqueue failures surface immediately, but default to `wait: false`.
- Only use `send(..., { wait: true })` for short, bounded mutations that should finish quickly and do not depend on external readiness, polling actors, provider setup, repo/network I/O, or long-running queue drains.
+- Only use `send(..., { wait: true })` for short, bounded local mutations (e.g. a DB write that returns a result the caller needs). Never use `wait: true` for operations that depend on external readiness, polling actors, provider setup, repo/network I/O, sandbox sessions, GitHub API calls, or long-running queue drains.
+- Never self-send with `wait: true` from inside a workflow handler — the workflow processes one message at a time, so the handler would deadlock waiting for the new message to be dequeued.
+- When an action is void-returning and triggers external work, use `wait: false` and let the UI react to state changes pushed by the workflow.
 - Request/action contract: wait only until the minimum resource needed for the client's next step exists. Example: task creation may wait for task actor creation/identity, but not for sandbox provisioning or session bootstrap.
 - Read paths must not force refresh/sync work inline. Serve the latest cached projection, mark staleness explicitly, and trigger background refresh separately when needed.
 - If a workflow needs to resume after some external work completes, model that as workflow state plus follow-up messages/events instead of holding the original request open.
--- a/foundry/compose.dev.yaml
+++ b/foundry/compose.dev.yaml
@ -7,6 +7,9 @@ services:
      dockerfile: foundry/docker/backend.dev.Dockerfile
    image: foundry-backend-dev
    working_dir: /app
+    env_file:
+      - path: .env
+        required: false
    environment:
      HF_BACKEND_HOST: "0.0.0.0"
      HF_BACKEND_PORT: "7741"
--- a/foundry/compose.mock.yaml
+++ b/foundry/compose.mock.yaml
@ -0,0 +1,32 @@
+name: foundry-mock
+
+services:
+  frontend:
+    build:
+      context: ..
+      dockerfile: foundry/docker/frontend.dev.Dockerfile
+    working_dir: /app
+    environment:
+      HOME: "/tmp"
+      FOUNDRY_FRONTEND_CLIENT_MODE: "mock"
+    ports:
+      - "4174:4174"
+    command: ["bash", "-lc", "pnpm install --force --frozen-lockfile --filter @sandbox-agent/foundry-frontend... && cd foundry/packages/frontend && exec pnpm vite --host 0.0.0.0 --port 4174"]
+    volumes:
+      - "..:/app"
+      - "./.foundry:/app/foundry/.foundry"
+      - "../../../task/rivet-checkout:/task/rivet-checkout:ro"
+      - "mock_node_modules:/app/node_modules"
+      - "mock_client_node_modules:/app/foundry/packages/client/node_modules"
+      - "mock_frontend_errors_node_modules:/app/foundry/packages/frontend-errors/node_modules"
+      - "mock_frontend_node_modules:/app/foundry/packages/frontend/node_modules"
+      - "mock_shared_node_modules:/app/foundry/packages/shared/node_modules"
+      - "mock_pnpm_store:/tmp/.local/share/pnpm/store"
+
+volumes:
+  mock_node_modules: {}
+  mock_client_node_modules: {}
+  mock_frontend_errors_node_modules: {}
+  mock_frontend_node_modules: {}
+  mock_shared_node_modules: {}
+  mock_pnpm_store: {}
--- a/foundry/docker/backend.dev.Dockerfile
+++ b/foundry/docker/backend.dev.Dockerfile
@ -39,4 +39,4 @@ ENV SANDBOX_AGENT_BIN="/root/.local/bin/sandbox-agent"

 WORKDIR /app

-CMD ["bash", "-lc", "git config --global --add safe.directory /app >/dev/null 2>&1 || true; pnpm install --force --frozen-lockfile --filter @sandbox-agent/foundry-backend... && exec bun foundry/packages/backend/src/index.ts start --host 0.0.0.0 --port 7741"]
+CMD ["bash", "-lc", "git config --global --add safe.directory /app >/dev/null 2>&1 || true; pnpm install --frozen-lockfile --filter @sandbox-agent/foundry-backend... && exec bun --hot foundry/packages/backend/src/index.ts start --host 0.0.0.0 --port 7741"]
--- a/foundry/packages/backend/src/actors/task/index.ts
+++ b/foundry/packages/backend/src/actors/task/index.ts
@ -146,14 +146,9 @@ export const task = actor({

    async provision(c, cmd: InitializeCommand): Promise<{ ok: true }> {
      const self = selfTask(c);
-      const result = await self.send(taskWorkflowQueueName("task.command.provision"), cmd ?? {}, {
-        wait: true,
-        timeout: 30 * 60_000,
+      await self.send(taskWorkflowQueueName("task.command.provision"), cmd ?? {}, {
+        wait: false,
      });
-      const response = expectQueueResponse<{ ok: boolean; error?: string }>(result);
-      if (!response.ok) {
-        throw new Error(response.error ?? "task provisioning failed");
-      }
      return { ok: true };
    },

@ -182,47 +177,35 @@ export const task = actor({
    async push(c, cmd?: TaskActionCommand): Promise<void> {
      const self = selfTask(c);
      await self.send(taskWorkflowQueueName("task.command.push"), cmd ?? {}, {
-        wait: true,
-        timeout: 180_000,
+        wait: false,
      });
    },

    async sync(c, cmd?: TaskActionCommand): Promise<void> {
      const self = selfTask(c);
      await self.send(taskWorkflowQueueName("task.command.sync"), cmd ?? {}, {
-        wait: true,
-        timeout: 30_000,
+        wait: false,
      });
    },

    async merge(c, cmd?: TaskActionCommand): Promise<void> {
      const self = selfTask(c);
      await self.send(taskWorkflowQueueName("task.command.merge"), cmd ?? {}, {
-        wait: true,
-        timeout: 30_000,
+        wait: false,
      });
    },

    async archive(c, cmd?: TaskActionCommand): Promise<void> {
      const self = selfTask(c);
-      void self
-        .send(taskWorkflowQueueName("task.command.archive"), cmd ?? {}, {
-          wait: true,
-          timeout: 60_000,
-        })
-        .catch((error: unknown) => {
-          c.log.warn({
-            msg: "archive command failed",
-            error: error instanceof Error ? error.message : String(error),
-          });
-        });
+      await self.send(taskWorkflowQueueName("task.command.archive"), cmd ?? {}, {
+        wait: false,
+      });
    },

    async kill(c, cmd?: TaskActionCommand): Promise<void> {
      const self = selfTask(c);
      await self.send(taskWorkflowQueueName("task.command.kill"), cmd ?? {}, {
-        wait: true,
-        timeout: 60_000,
+        wait: false,
      });
    },

@ -265,8 +248,7 @@ export const task = actor({
    async renameWorkbenchBranch(c, input: TaskWorkbenchRenameInput): Promise<void> {
      const self = selfTask(c);
      await self.send(taskWorkflowQueueName("task.command.workbench.rename_branch"), { value: input.value } satisfies TaskWorkbenchValueCommand, {
-        wait: true,
-        timeout: 5 * 60_000,
+        wait: false,
      });
    },

@ -345,8 +327,7 @@ export const task = actor({
          attachments: input.attachments,
        } satisfies TaskWorkbenchSendMessageCommand,
        {
-          wait: true,
-          timeout: 10 * 60_000,
+          wait: false,
        },
      );
    },
@ -354,8 +335,7 @@ export const task = actor({
    async stopWorkbenchSession(c, input: TaskTabCommand): Promise<void> {
      const self = selfTask(c);
      await self.send(taskWorkflowQueueName("task.command.workbench.stop_session"), { sessionId: input.tabId } satisfies TaskWorkbenchSessionCommand, {
-        wait: true,
-        timeout: 5 * 60_000,
+        wait: false,
      });
    },

@ -370,8 +350,7 @@ export const task = actor({
    async closeWorkbenchSession(c, input: TaskTabCommand): Promise<void> {
      const self = selfTask(c);
      await self.send(taskWorkflowQueueName("task.command.workbench.close_session"), { sessionId: input.tabId } satisfies TaskWorkbenchSessionCommand, {
-        wait: true,
-        timeout: 5 * 60_000,
+        wait: false,
      });
    },

@ -381,8 +360,7 @@ export const task = actor({
        taskWorkflowQueueName("task.command.workbench.publish_pr"),
        {},
        {
-          wait: true,
-          timeout: 10 * 60_000,
+          wait: false,
        },
      );
    },
@ -390,8 +368,7 @@ export const task = actor({
    async revertWorkbenchFile(c, input: { path: string }): Promise<void> {
      const self = selfTask(c);
      await self.send(taskWorkflowQueueName("task.command.workbench.revert_file"), input, {
-        wait: true,
-        timeout: 5 * 60_000,
+        wait: false,
      });
    },
  },
--- a/foundry/packages/backend/src/actors/task/workbench.ts
+++ b/foundry/packages/backend/src/actors/task/workbench.ts
@ -7,6 +7,7 @@ import { getOrCreateTaskStatusSync, getOrCreateProject, getOrCreateWorkspace, ge
 import { resolveWorkspaceGithubAuth } from "../../services/github-auth.js";
 import { task as taskTable, taskRuntime, taskWorkbenchSessions } from "./db/schema.js";
 import { getCurrentRecord } from "./workflow/common.js";
+import { taskWorkflowQueueName } from "./workflow/queue.js";

 const STATUS_SYNC_INTERVAL_MS = 1_000;

@ -835,7 +836,14 @@ export async function renameWorkbenchBranch(c: any, value: string): Promise<void
 }

 export async function createWorkbenchSession(c: any, model?: string): Promise<{ tabId: string }> {
-  const record = await ensureWorkbenchSeeded(c);
+  let record = await ensureWorkbenchSeeded(c);
+  if (!record.activeSandboxId) {
+    // Fire-and-forget: enqueue provisioning without waiting to avoid self-deadlock
+    // (this handler already runs inside the task workflow loop, so wait:true would deadlock).
+    const providerId = record.providerId ?? c.state.providerId ?? getActorRuntimeContext().providers.defaultProviderId();
+    await selfTask(c).send(taskWorkflowQueueName("task.command.provision"), { providerId }, { wait: false });
+    throw new Error("sandbox is provisioning — retry shortly");
+  }

  if (record.activeSessionId) {
    const existingSessions = await listSessionMetaRows(c);
--- a/foundry/packages/frontend/index.html
+++ b/foundry/packages/frontend/index.html
@ -1,15 +1,12 @@
 <!doctype html>
 <html lang="en">
  <head>
-    <!--
-    <script src="https://unpkg.com/react-scan/dist/auto.global.js" crossorigin="anonymous"></script>
    <script type="module">
      if (import.meta.env.DEV) {
        import("react-grab");
        import("@react-grab/mcp/client");
      }
    </script>
-    -->
    <script>if(window.__TAURI_INTERNALS__)document.documentElement.dataset.tauri="1"</script>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
--- a/foundry/packages/frontend/src/components/mock-layout.tsx
+++ b/foundry/packages/frontend/src/components/mock-layout.tsx
@ -17,6 +17,7 @@ import { TabStrip } from "./mock-layout/tab-strip";
 import { TerminalPane } from "./mock-layout/terminal-pane";
 import { TranscriptHeader } from "./mock-layout/transcript-header";
 import { PROMPT_TEXTAREA_MAX_HEIGHT, PROMPT_TEXTAREA_MIN_HEIGHT, SPanel, ScrollBody, Shell } from "./mock-layout/ui";
+import { DevPanel, useDevPanel } from "./dev-panel";
 import {
  buildDisplayMessages,
  diffPath,
@ -1759,6 +1760,7 @@ export function MockLayout({ workspaceId, selectedTaskId, selectedSessionId }: M
            </div>
          </div>
        </div>
+        {showDevPanel && <DevPanel workspaceId={workspaceId} snapshot={viewModel} />}
      </Shell>
    </>
  );