Merge pull request #1442 from trheyi/main

Enhance Sandbox Integration and CI Workflow for AI Tests

Author: trheyi

.github/workflows/pr-test.yml

@@ -541,8 +541,19 @@ jobs:
           echo "YAO_DB_DRIVER=sqlite3" >> $GITHUB_ENV
           echo "YAO_DB_PRIMARY=${{ github.WORKSPACE }}/../app/db/yao.db" >> $GITHUB_ENV
 
+      - name: Pull Sandbox Test Images
+        run: |
+          docker pull alpine:latest
+          docker pull yaoapp/sandbox-base:latest || true
+          docker pull yaoapp/sandbox-claude:latest || true
+
       - name: Run AI Tests (agent, aigc)
-        run: make unit-test-ai
+        env:
+          YAO_SANDBOX_WORKSPACE: ${{ runner.temp }}/sandbox/workspace
+          YAO_SANDBOX_IPC: ${{ runner.temp }}/sandbox/ipc
+        run: |
+          export YAO_SANDBOX_CONTAINER_USER="$(id -u):$(id -g)"
+          make unit-test-ai
 
       - name: Codecov Report
         uses: codecov/codecov-action@v4

.github/workflows/unit-test.yml

@@ -435,8 +435,19 @@ jobs:
           echo "YAO_DB_DRIVER=sqlite3" >> $GITHUB_ENV
           echo "YAO_DB_PRIMARY=${{ github.WORKSPACE }}/../app/db/yao.db" >> $GITHUB_ENV
 
+      - name: Pull Sandbox Test Images
+        run: |
+          docker pull alpine:latest
+          docker pull yaoapp/sandbox-base:latest || true
+          docker pull yaoapp/sandbox-claude:latest || true
+
       - name: Run AI Tests (agent, aigc)
-        run: make unit-test-ai
+        env:
+          YAO_SANDBOX_WORKSPACE: ${{ runner.temp }}/sandbox/workspace
+          YAO_SANDBOX_IPC: ${{ runner.temp }}/sandbox/ipc
+        run: |
+          export YAO_SANDBOX_CONTAINER_USER="$(id -u):$(id -g)"
+          make unit-test-ai
 
       - name: Codecov Report
         uses: codecov/codecov-action@v4

agent/assistant/agent.go

@@ -12,6 +12,7 @@ import (
 	"github.com/yaoapp/yao/agent/i18n"
 	"github.com/yaoapp/yao/agent/llm"
 	"github.com/yaoapp/yao/agent/output/message"
+	agentsandbox "github.com/yaoapp/yao/agent/sandbox"
 )
 
 // Stream stream the agent
@@ -150,6 +151,33 @@ func (ast *Assistant) Stream(ctx *context.Context, inputMessages []context.Messa
 	}
 	ctx.Logger.PhaseComplete("History")
 
+	// ================================================
+	// Initialize Sandbox (if configured)
+	// ================================================
+	// Sandbox must be created BEFORE hooks so that hooks can access ctx.sandbox
+	var sandboxExecutor agentsandbox.Executor
+	var sandboxCleanup func()
+	if ast.HasSandbox() {
+		ctx.Logger.Phase("Sandbox")
+		var err error
+		sandboxExecutor, sandboxCleanup, err = ast.initSandbox(ctx, opts)
+		if err != nil {
+			ast.traceAgentFail(agentNode, err)
+			ast.sendStreamEndOnError(ctx, streamHandler, streamStartTime, err)
+			return nil, err
+		}
+		// Set sandbox executor in context so hooks can access ctx.sandbox
+		// The executor implements both agentsandbox.Executor and context.SandboxExecutor
+		ctx.SetSandboxExecutor(sandboxExecutor)
+		ctx.Logger.PhaseComplete("Sandbox")
+	}
+	// Ensure sandbox cleanup on exit
+	defer func() {
+		if sandboxCleanup != nil {
+			sandboxCleanup()
+		}
+	}()
+
 	// ================================================
 	//  Execute Create Hook
 	// ================================================
@@ -254,7 +282,14 @@ func (ast *Assistant) Stream(ctx *context.Context, inputMessages []context.Messa
 		})
 
 		// Execute the LLM streaming call
-		completionResponse, err = ast.executeLLMStream(ctx, completionMessages, completionOptions, agentNode, streamHandler, opts)
+		// Choose between sandbox execution or direct LLM execution
+		if ast.HasSandbox() {
+			// Sandbox execution path (Claude CLI, Cursor CLI, etc.)
+			completionResponse, err = ast.executeSandboxStream(ctx, completionMessages, agentNode, streamHandler, sandboxExecutor)
+		} else {
+			// Direct LLM execution path
+			completionResponse, err = ast.executeLLMStream(ctx, completionMessages, completionOptions, agentNode, streamHandler, opts)
+		}
 		if err != nil {
 			finalStatus = context.ResumeStatusFailed
 			finalError = err
@@ -282,8 +317,9 @@ func (ast *Assistant) Stream(ctx *context.Context, inputMessages []context.Messa
 	// ================================================
 	// Execute tool calls with retry
 	// ================================================
+	// Note: Skip MCP tool calls execution for sandbox mode - Claude CLI handles them internally
 	var toolCallResponses []context.ToolCallResponse = nil
-	if completionResponse != nil && completionResponse.ToolCalls != nil {
+	if completionResponse != nil && completionResponse.ToolCalls != nil && !ast.HasSandbox() {
 
 		maxToolRetries := 3
 		currentMessages := completionMessages

agent/assistant/load.go

@@ -714,6 +714,15 @@ func loadMap(data map[string]interface{}) (*Assistant, error) {
 		assistant.Workflow = wf
 	}
 
+	// sandbox (for coding agents like Claude CLI, Cursor CLI)
+	if sandbox, has := data["sandbox"]; has {
+		sb, err := store.ToSandbox(sandbox)
+		if err != nil {
+			return nil, err
+		}
+		assistant.Sandbox = sb
+	}
+
 	// uses (wrapper configurations for vision, audio, etc.)
 	// Merge hierarchy: global uses < assistant uses
 	if uses, has := data["uses"]; has {