test(agents): share pi-tools sandbox fixture context

src/agents/test-helpers/pi-tools-sandbox-context.test.ts

@@ -0,0 +1,43 @@
+import { describe, expect, it } from "vitest";
+import { createPiToolsSandboxContext } from "./pi-tools-sandbox-context.js";
+
+describe("createPiToolsSandboxContext", () => {
+  it("provides stable defaults for pi-tools sandbox tests", () => {
+    const sandbox = createPiToolsSandboxContext({
+      workspaceDir: "/tmp/sandbox",
+    });
+
+    expect(sandbox.enabled).toBe(true);
+    expect(sandbox.sessionKey).toBe("sandbox:test");
+    expect(sandbox.workspaceDir).toBe("/tmp/sandbox");
+    expect(sandbox.agentWorkspaceDir).toBe("/tmp/sandbox");
+    expect(sandbox.workspaceAccess).toBe("rw");
+    expect(sandbox.containerName).toBe("openclaw-sbx-test");
+    expect(sandbox.containerWorkdir).toBe("/workspace");
+    expect(sandbox.docker.image).toBe("openclaw-sandbox:bookworm-slim");
+    expect(sandbox.docker.containerPrefix).toBe("openclaw-sbx-");
+    expect(sandbox.tools).toEqual({ allow: [], deny: [] });
+    expect(sandbox.browserAllowHostControl).toBe(false);
+  });
+
+  it("applies provided overrides", () => {
+    const sandbox = createPiToolsSandboxContext({
+      workspaceDir: "/tmp/sandbox",
+      agentWorkspaceDir: "/tmp/workspace",
+      workspaceAccess: "ro",
+      tools: { allow: ["read"], deny: ["exec"] },
+      browserAllowHostControl: true,
+      dockerOverrides: {
+        readOnlyRoot: false,
+        tmpfs: ["/tmp"],
+      },
+    });
+
+    expect(sandbox.agentWorkspaceDir).toBe("/tmp/workspace");
+    expect(sandbox.workspaceAccess).toBe("ro");
+    expect(sandbox.tools).toEqual({ allow: ["read"], deny: ["exec"] });
+    expect(sandbox.browserAllowHostControl).toBe(true);
+    expect(sandbox.docker.readOnlyRoot).toBe(false);
+    expect(sandbox.docker.tmpfs).toEqual(["/tmp"]);
+  });
+});

src/agents/test-helpers/pi-tools-sandbox-context.ts

@@ -0,0 +1,43 @@
+import type { SandboxContext, SandboxToolPolicy, SandboxWorkspaceAccess } from "../sandbox.js";
+import type { SandboxFsBridge } from "../sandbox/fs-bridge.js";
+
+type PiToolsSandboxContextParams = {
+  workspaceDir: string;
+  agentWorkspaceDir?: string;
+  workspaceAccess?: SandboxWorkspaceAccess;
+  fsBridge?: SandboxFsBridge;
+  tools?: SandboxToolPolicy;
+  browserAllowHostControl?: boolean;
+  sessionKey?: string;
+  containerName?: string;
+  containerWorkdir?: string;
+  dockerOverrides?: Partial<SandboxContext["docker"]>;
+};
+
+export function createPiToolsSandboxContext(params: PiToolsSandboxContextParams): SandboxContext {
+  const workspaceDir = params.workspaceDir;
+  return {
+    enabled: true,
+    sessionKey: params.sessionKey ?? "sandbox:test",
+    workspaceDir,
+    agentWorkspaceDir: params.agentWorkspaceDir ?? workspaceDir,
+    workspaceAccess: params.workspaceAccess ?? "rw",
+    containerName: params.containerName ?? "openclaw-sbx-test",
+    containerWorkdir: params.containerWorkdir ?? "/workspace",
+    fsBridge: params.fsBridge,
+    docker: {
+      image: "openclaw-sandbox:bookworm-slim",
+      containerPrefix: "openclaw-sbx-",
+      workdir: "/workspace",
+      readOnlyRoot: true,
+      tmpfs: [],
+      network: "none",
+      user: "1000:1000",
+      capDrop: ["ALL"],
+      env: { LANG: "C.UTF-8" },
+      ...params.dockerOverrides,
+    },
+    tools: params.tools ?? { allow: [], deny: [] },
+    browserAllowHostControl: params.browserAllowHostControl ?? false,
+  };
+}