feat: comprehensive updates to sandbox, agents, and UI#667
Conversation
This PR includes several recent improvements: - UV Migration: Replaced pip with uv for significantly faster sandbox environment creation and package installation. - Idempotent Migration: Updated 056_add_user_tenant_onboarding.py to use sa.inspect, ensuring upgrade/downgrade operations are idempotent. - UI Enhancements: Optimized queries and added loading states to AgentDetailPage and WorkspaceOperationPanel. - Heartbeat & LLM Caller: Fixed workspace lock contention issues in heartbeat.py and implemented Anthropic Prompt Caching in caller.py. - Deployment: Updated docker-compose files for streamlined deployments.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a24b950a2f
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| # Determine persistent venv path if possible | ||
| if agent_id: | ||
| # We place the virtual environment in a persistent location | ||
| venv_path = Path("/data/agents").resolve() / str(agent_id) / ".venv" |
There was a problem hiding this comment.
In source/local deployments AGENT_DATA_DIR defaults to a user-writable ~/.clawith/data/agents, and local runs also default to the unsafe fallback when bwrap is missing. With an agent_id, this new hard-coded /data/agents/.../.venv creates the venv outside work_path, but the fallback path still executes work_path/.venv/bin/python, so Python execute_code fails whenever local fallback is used (or earlier if /data is not writable). Use the configured/workspace data path consistently instead of /data/agents.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 96601758c6
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| MINIO_UPSTREAM: ${MINIO_UPSTREAM:-minio:9000} | ||
| volumes: | ||
| - ./nginx/nginx.conf:/etc/nginx/templates/default.conf.template:ro | ||
| - ./deploy/nginx/nginx.conf:/etc/nginx/templates/default.conf.template:ro |
There was a problem hiding this comment.
When this compose file is used as deploy/docker-compose.yml, Docker Compose resolves relative bind-mount sources from the Compose file's parent directory (Docker docs: https://docs.docker.com/reference/compose-file/services/#volumes), so this now points at /workspace/Clawith/deploy/deploy/nginx/nginx.conf. The repo only contains deploy/nginx/nginx.conf (checked with find deploy -maxdepth 3 -type f -path '*nginx*'), so docker compose -f deploy/docker-compose.yml up will fail to mount the intended nginx template or create a bogus path instead of starting the frontend with its config.
Useful? React with 👍 / 👎.
Also fixes an issue where Gemini 2.0/3.0 models would fail with 'Function call is missing a thought_signature in functionCall parts' by preserving _gemini_extra in canonical tool calls.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ac86b66964
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| try: | ||
| os.killpg(os.getpgid(proc.pid), signal.SIGTERM) | ||
| except Exception: | ||
| proc.kill() |
There was a problem hiding this comment.
When sandboxed code ignores or traps SIGTERM (for example a bash script with trap '' TERM; sleep 999), this timeout path only sends SIGTERM and then immediately waits for the stdout/stderr reader tasks to finish. Because the process group can keep running with the pipes open, execute_code can hang indefinitely instead of returning a timeout; keep the old hard kill as a fallback after a short grace period or use SIGKILL for the process group.
Useful? React with 👍 / 👎.
| continue | ||
| seen_tool_calls.add(dedup_key) | ||
|
|
||
| extra = {k: v for k, v in function_call.items() if k not in ["name", "args"]} |
There was a problem hiding this comment.
Gemini returns thoughtSignature on the response part beside functionCall, and Google’s Gemini thought-signature docs require sending that part data back on the next request when function calling with thinking models. This code looks for extra fields inside functionCall, so _gemini_extra is empty for real Gemini responses; the next tool-response round loses the signature and can be rejected or lose reasoning context for Gemini 2.5/3 tool calls.
Useful? React with 👍 / 👎.
1 participant
This PR aggregates recent improvements:
056_add_user_tenant_onboarding.pyto use sa.inspect, ensuring upgrade/downgrade operations are idempotent.