mirror of
https://github.com/harivansh-afk/sandbox-agent.git
synced 2026-04-15 03:00:48 +00:00
d8b8b49f37
* Fix Foundry auth: migrate to Better Auth adapter, fix access token retrieval - Remove @ts-nocheck from better-auth.ts, auth-user/index.ts, app-shell.ts and fix all type errors - Fix getAccessTokenForSession: read GitHub token directly from account record instead of calling Better Auth's internal /get-access-token endpoint which returns 403 on server-side calls - Re-implement workspaceAuth helper functions (workspaceAuthColumn, normalizeAuthValue, workspaceAuthClause, workspaceAuthWhere) that were accidentally deleted - Remove all retry logic (withRetries, isRetryableAppActorError) - Implement CORS origin allowlist from configured environment - Document cachedAppWorkspace singleton pattern - Add inline org sync fallback in buildAppSnapshot for post-OAuth flow - Add no-retry rule to CLAUDE.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add Foundry dev panel from fix-git-data branch Port the dev panel component that was left out when PR #243 was replaced by PR #247. Adapted to remove runtime/mock-debug references that don't exist on the current branch. - Toggle with Shift+D, persists visibility to localStorage - Shows context, session, GitHub sync status sections - Dev-only (import.meta.env.DEV) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add full Docker image defaults, fix actor deadlocks, and improve dev experience - Add Dockerfile.full and --all flag to install-agent CLI for pre-built images - Centralize Docker image constant (FULL_IMAGE) pinned to 0.3.1-full - Remove examples/shared/Dockerfile{,.dev} and daytona snapshot example - Expand Docker docs with full runnable Dockerfile - Fix self-deadlock in createWorkbenchSession (fire-and-forget provisioning) - Audit and convert 12 task actions from wait:true to wait:false - Add bun --hot for dev backend hot reload - Remove --force from pnpm install in dev Dockerfile for faster startup - Add env_file support to compose.dev.yaml for automatic credential loading - Add mock frontend compose config and dev panel - Update CLAUDE.md with wait:true policy and dev environment setup Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * WIP: async action fixes and interest manager Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix Foundry UI bugs: org names, hanging sessions, and wrong repo creation - Fix org display name using GitHub description instead of name field - Fix createWorkbenchSession hanging when sandbox is provisioning - Fix auto-session creation retry storm on errors - Fix task creation using wrong repo due to React state race conditions - Remove Bun hot-reload from backend Dockerfile (causes port drift) - Add GitHub sync/install status to dev panel Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
106 lines
4.8 KiB
YAML
106 lines
4.8 KiB
YAML
name: foundry
|
|
|
|
services:
|
|
backend:
|
|
build:
|
|
context: ..
|
|
dockerfile: foundry/docker/backend.dev.Dockerfile
|
|
image: foundry-backend-dev
|
|
working_dir: /app
|
|
env_file:
|
|
- path: .env
|
|
required: false
|
|
environment:
|
|
HF_BACKEND_HOST: "0.0.0.0"
|
|
HF_BACKEND_PORT: "7741"
|
|
RIVETKIT_STORAGE_PATH: "/root/.local/share/foundry/rivetkit"
|
|
# Pass through credentials needed for agent execution + PR creation in dev/e2e.
|
|
# Do not hardcode secrets; set these in your environment when starting compose.
|
|
ANTHROPIC_API_KEY: "${ANTHROPIC_API_KEY:-}"
|
|
CLAUDE_API_KEY: "${CLAUDE_API_KEY:-${ANTHROPIC_API_KEY:-}}"
|
|
OPENAI_API_KEY: "${OPENAI_API_KEY:-}"
|
|
# sandbox-agent codex plugin currently expects CODEX_API_KEY. Map from OPENAI_API_KEY for convenience.
|
|
CODEX_API_KEY: "${CODEX_API_KEY:-${OPENAI_API_KEY:-}}"
|
|
# Support either GITHUB_TOKEN or GITHUB_PAT in local env files.
|
|
GITHUB_TOKEN: "${GITHUB_TOKEN:-${GITHUB_PAT:-}}"
|
|
GH_TOKEN: "${GH_TOKEN:-${GITHUB_TOKEN:-${GITHUB_PAT:-}}}"
|
|
APP_URL: "${APP_URL:-}"
|
|
BETTER_AUTH_URL: "${BETTER_AUTH_URL:-}"
|
|
BETTER_AUTH_SECRET: "${BETTER_AUTH_SECRET:-}"
|
|
GITHUB_CLIENT_ID: "${GITHUB_CLIENT_ID:-}"
|
|
GITHUB_CLIENT_SECRET: "${GITHUB_CLIENT_SECRET:-}"
|
|
GITHUB_REDIRECT_URI: "${GITHUB_REDIRECT_URI:-}"
|
|
GITHUB_APP_ID: "${GITHUB_APP_ID:-}"
|
|
GITHUB_APP_CLIENT_ID: "${GITHUB_APP_CLIENT_ID:-}"
|
|
GITHUB_APP_CLIENT_SECRET: "${GITHUB_APP_CLIENT_SECRET:-}"
|
|
GITHUB_APP_PRIVATE_KEY: "${GITHUB_APP_PRIVATE_KEY:-}"
|
|
GITHUB_WEBHOOK_SECRET: "${GITHUB_WEBHOOK_SECRET:-${GITHUB_APP_WEBHOOK_SECRET:-}}"
|
|
STRIPE_PUBLISHABLE_KEY: "${STRIPE_PUBLISHABLE_KEY:-}"
|
|
STRIPE_SECRET_KEY: "${STRIPE_SECRET_KEY:-}"
|
|
STRIPE_WEBHOOK_SECRET: "${STRIPE_WEBHOOK_SECRET:-}"
|
|
STRIPE_PRICE_TEAM: "${STRIPE_PRICE_TEAM:-}"
|
|
DAYTONA_ENDPOINT: "${DAYTONA_ENDPOINT:-}"
|
|
DAYTONA_API_KEY: "${DAYTONA_API_KEY:-}"
|
|
HF_DAYTONA_ENDPOINT: "${HF_DAYTONA_ENDPOINT:-}"
|
|
HF_DAYTONA_API_KEY: "${HF_DAYTONA_API_KEY:-}"
|
|
ports:
|
|
- "6420:6420"
|
|
- "7741:7741"
|
|
volumes:
|
|
- "..:/app"
|
|
# The linked RivetKit checkout resolves from Foundry packages to /task/rivet-checkout in-container.
|
|
- "../../../task/rivet-checkout:/task/rivet-checkout:ro"
|
|
# Reuse the host Codex auth profile for local sandbox-agent Codex sessions in dev.
|
|
- "${HOME}/.codex:/root/.codex"
|
|
# Keep backend dependency installs Linux-native instead of using host node_modules.
|
|
- "foundry_backend_root_node_modules:/app/node_modules"
|
|
- "foundry_backend_backend_node_modules:/app/foundry/packages/backend/node_modules"
|
|
- "foundry_backend_shared_node_modules:/app/foundry/packages/shared/node_modules"
|
|
- "foundry_backend_persist_rivet_node_modules:/app/sdks/persist-rivet/node_modules"
|
|
- "foundry_backend_typescript_node_modules:/app/sdks/typescript/node_modules"
|
|
- "foundry_backend_pnpm_store:/root/.local/share/pnpm/store"
|
|
# Persist backend-managed local git clones across container restarts.
|
|
- "foundry_git_repos:/root/.local/share/foundry/repos"
|
|
# Persist RivetKit local storage across container restarts.
|
|
- "foundry_rivetkit_storage:/root/.local/share/foundry/rivetkit"
|
|
|
|
frontend:
|
|
build:
|
|
context: ..
|
|
dockerfile: foundry/docker/frontend.dev.Dockerfile
|
|
working_dir: /app
|
|
depends_on:
|
|
- backend
|
|
environment:
|
|
HOME: "/tmp"
|
|
HF_BACKEND_HTTP: "http://backend:7741"
|
|
ports:
|
|
- "4173:4173"
|
|
volumes:
|
|
- "..:/app"
|
|
# Ensure logs in .foundry/ persist on the host even if we change source mounts later.
|
|
- "./.foundry:/app/foundry/.foundry"
|
|
- "../../../task/rivet-checkout:/task/rivet-checkout:ro"
|
|
# Use Linux-native workspace dependencies inside the container instead of host node_modules.
|
|
- "foundry_node_modules:/app/node_modules"
|
|
- "foundry_client_node_modules:/app/foundry/packages/client/node_modules"
|
|
- "foundry_frontend_errors_node_modules:/app/foundry/packages/frontend-errors/node_modules"
|
|
- "foundry_frontend_node_modules:/app/foundry/packages/frontend/node_modules"
|
|
- "foundry_shared_node_modules:/app/foundry/packages/shared/node_modules"
|
|
- "foundry_pnpm_store:/tmp/.local/share/pnpm/store"
|
|
|
|
volumes:
|
|
foundry_backend_root_node_modules: {}
|
|
foundry_backend_backend_node_modules: {}
|
|
foundry_backend_shared_node_modules: {}
|
|
foundry_backend_persist_rivet_node_modules: {}
|
|
foundry_backend_typescript_node_modules: {}
|
|
foundry_backend_pnpm_store: {}
|
|
foundry_git_repos: {}
|
|
foundry_rivetkit_storage: {}
|
|
foundry_node_modules: {}
|
|
foundry_client_node_modules: {}
|
|
foundry_frontend_errors_node_modules: {}
|
|
foundry_frontend_node_modules: {}
|
|
foundry_shared_node_modules: {}
|
|
foundry_pnpm_store: {}
|