Skip to content

feat(cli): first-class sandcastle sandbox support with passthrough flags and docs#1356

Open
soderlind wants to merge 4 commits into
bradygaster:devfrom
soderlind:add/sandcastle
Open

feat(cli): first-class sandcastle sandbox support with passthrough flags and docs#1356
soderlind wants to merge 4 commits into
bradygaster:devfrom
soderlind:add/sandcastle

Conversation

@soderlind

Copy link
Copy Markdown

Summary

  • Adds first-class sandbox execution support across watch, triage, loop, start, and copilot-bridge.
  • Introduces centralized execution config resolution for sandbox and permission profiles with stable error codes.
  • Adds sandbox provider flag passthrough via --sandbox-flags and environment/config support.
  • Updates documentation and acceptance coverage so behavior is discoverable and testable.

What changed

  • New execution resolver and stable errors in packages/squad-cli/src/cli/core/execution-config.ts.
  • New shared sandbox command builder in packages/squad-cli/src/cli/commands/sandbox-command.ts.
  • CLI/help wiring for sandbox flags in packages/squad-cli/src/cli-entry.ts and packages/squad-cli/src/cli/core/command-help.ts.
  • Watch config/context propagation in packages/squad-cli/src/cli/commands/watch/config.ts, packages/squad-cli/src/cli/commands/watch/types.ts, and packages/squad-cli/src/cli/commands/watch/index.ts.
  • Capability command-path updates in:
    • packages/squad-cli/src/cli/commands/watch/capabilities/execute.ts
    • packages/squad-cli/src/cli/commands/watch/capabilities/decision-hygiene.ts
    • packages/squad-cli/src/cli/commands/watch/capabilities/monitor-email.ts
    • packages/squad-cli/src/cli/commands/watch/capabilities/monitor-teams.ts
    • packages/squad-cli/src/cli/commands/watch/capabilities/retro.ts
    • packages/squad-cli/src/cli/commands/watch/capabilities/wave-dispatch.ts
  • Loop/start/bridge execution updates in:
    • packages/squad-cli/src/cli/commands/loop.ts
    • packages/squad-cli/src/cli/commands/start.ts
    • packages/squad-cli/src/cli/commands/copilot-bridge.ts
  • Docs updates in README.md, SANDBOX.md, and domain notes in CONTEXT.md.
  • Acceptance/unit tests added or updated:
    • test/acceptance/features/execution-config.feature
    • test/acceptance/acceptance.test.ts
    • test/cli/execution-config.test.ts
    • test/cli/sandbox-command.test.ts
    • test/cli/watch-config-execution.test.ts
    • test/cli/watch-execute.test.ts

Behavior notes

  • Precedence is CLI > config > env > defaults.
  • Supported sandbox providers: copilot, sandcastle.
  • Supported permission profiles: interactive, yolo, autopilot.
  • New passthrough flag: --sandbox-flags.
  • Stable errors:
    • SQUAD_SANDBOX_UNAVAILABLE
    • SQUAD_SANDBOX_OVERRIDE_CONFLICT
    • SQUAD_SANDBOX_INVALID_VALUE
    • SQUAD_PERMISSION_PROFILE_INVALID_VALUE

Validation performed

  • Built squad-cli package.
  • Ran focused acceptance and unit tests for execution config and sandbox command wiring.
  • Result: passing test suite for targeted files.

Commit

Introduce centralized execution config resolution and sandbox-aware command construction across watch, triage, loop, start, and copilot-bridge paths.

What this includes:

- Add execution resolver with stable error codes for sandbox/profile validation

- Add --sandbox-flags passthrough (CLI/config/env) and wire into runtime contexts

- Route default agent spawns through a shared sandbox command builder

- Keep permission profiles deterministic for copilot and sandcastle flows

- Expand help/docs (README + SANDBOX.md) for install, precedence, and troubleshooting

- Add unit + acceptance coverage for help output, precedence, and command construction
Copilot AI review requested due to automatic review settings June 20, 2026 09:44
@github-actions

github-actions Bot commented Jun 20, 2026

Copy link
Copy Markdown
Contributor

🟠 Impact Analysis — PR #1356

Risk tier: 🟠 HIGH

📊 Summary

Metric Count
Files changed 26
Files added 9
Files modified 17
Files deleted 0
Modules touched 3
Critical files 1

🎯 Risk Factors

  • 26 files changed (21-50 → HIGH)
  • 3 modules touched (2-4 → MEDIUM)
  • Critical files touched: packages/squad-cli/src/cli/commands/watch/index.ts

📦 Modules Affected

root (4 files)
  • .changeset/sandcastle-first-class-sandbox.md
  • CONTEXT.md
  • README.md
  • SANDBOX.md
squad-cli (16 files)
  • packages/squad-cli/src/cli-entry.ts
  • packages/squad-cli/src/cli/commands/copilot-bridge.ts
  • packages/squad-cli/src/cli/commands/loop.ts
  • packages/squad-cli/src/cli/commands/sandbox-command.ts
  • packages/squad-cli/src/cli/commands/start.ts
  • packages/squad-cli/src/cli/commands/watch/capabilities/decision-hygiene.ts
  • packages/squad-cli/src/cli/commands/watch/capabilities/execute.ts
  • packages/squad-cli/src/cli/commands/watch/capabilities/monitor-email.ts
  • packages/squad-cli/src/cli/commands/watch/capabilities/monitor-teams.ts
  • packages/squad-cli/src/cli/commands/watch/capabilities/retro.ts
  • packages/squad-cli/src/cli/commands/watch/capabilities/wave-dispatch.ts
  • packages/squad-cli/src/cli/commands/watch/config.ts
  • packages/squad-cli/src/cli/commands/watch/index.ts
  • packages/squad-cli/src/cli/commands/watch/types.ts
  • packages/squad-cli/src/cli/core/command-help.ts
  • packages/squad-cli/src/cli/core/execution-config.ts
tests (6 files)
  • test/acceptance/acceptance.test.ts
  • test/acceptance/features/execution-config.feature
  • test/cli/execution-config.test.ts
  • test/cli/sandbox-command.test.ts
  • test/cli/watch-config-execution.test.ts
  • test/cli/watch-execute.test.ts

⚠️ Critical Files

  • packages/squad-cli/src/cli/commands/watch/index.ts

This report is generated automatically for every PR. See #733 for details.

@github-actions

github-actions Bot commented Jun 20, 2026

Copy link
Copy Markdown
Contributor

🏗️ Architectural Review

⚠️ Architectural review: 2 warning(s).

Severity Category Finding Files
🟡 warning bootstrap-area 2 file(s) in the bootstrap area (packages/squad-cli/src/cli/core/) were modified. These files must maintain zero external dependencies. Review carefully. packages/squad-cli/src/cli/core/command-help.ts, packages/squad-cli/src/cli/core/execution-config.ts
🟡 warning sweeping-refactor This PR touches 26 files (26 modified/added, 0 deleted). Large PRs are harder to review — consider splitting if possible.

Automated architectural review — informational only.

@github-actions

github-actions Bot commented Jun 20, 2026

Copy link
Copy Markdown
Contributor

🛫 PR Readiness Check

ℹ️ This comment updates on each push. Last checked: commit 5e79284

PR Scope: 📦🔧 Mixed (product + infrastructure)

⚠️ 4 item(s) to address before review

Status Check Details
Single commit 4 commits — consider squashing before review
Not in draft Ready for review
Branch up to date Up to date with dev
Copilot review No Copilot review yet — it may still be processing
Changeset present Changeset file found
Scope clean No .squad/ or docs/proposals/ files
No merge conflicts No merge conflicts
Copilot threads resolved 3 unresolved Copilot thread(s) — fix and resolve before merging
CI passing 5 check(s) still running

Files Changed (26 files, +1128 −58)

File +/−
.changeset/sandcastle-first-class-sandbox.md +5 −0
CONTEXT.md +65 −0
README.md +38 −1
SANDBOX.md +173 −0
packages/squad-cli/src/cli-entry.ts +83 −31
packages/squad-cli/src/cli/commands/copilot-bridge.ts +29 −5
packages/squad-cli/src/cli/commands/loop.ts +57 −3
packages/squad-cli/src/cli/commands/sandbox-command.ts +76 −0
packages/squad-cli/src/cli/commands/start.ts +35 −3
packages/squad-cli/src/cli/commands/watch/capabilities/decision-hygiene.ts +8 −2
packages/squad-cli/src/cli/commands/watch/capabilities/execute.ts +8 −2
packages/squad-cli/src/cli/commands/watch/capabilities/monitor-email.ts +8 −2
packages/squad-cli/src/cli/commands/watch/capabilities/monitor-teams.ts +8 −2
packages/squad-cli/src/cli/commands/watch/capabilities/retro.ts +8 −2
packages/squad-cli/src/cli/commands/watch/capabilities/wave-dispatch.ts +8 −2
packages/squad-cli/src/cli/commands/watch/config.ts +43 −1
packages/squad-cli/src/cli/commands/watch/index.ts +22 −2
packages/squad-cli/src/cli/commands/watch/types.ts +7 −0
packages/squad-cli/src/cli/core/command-help.ts +6 −0
packages/squad-cli/src/cli/core/execution-config.ts +152 −0
test/acceptance/acceptance.test.ts +1 −0
test/acceptance/features/execution-config.feature +25 −0
test/cli/execution-config.test.ts +102 −0
test/cli/sandbox-command.test.ts +39 −0
test/cli/watch-config-execution.test.ts +75 −0
test/cli/watch-execute.test.ts +47 −0

Total: +1128 −58


This check runs automatically on every push. Fix any ❌ items and push again.
See CONTRIBUTING.md and PR Requirements for details.

Add a changeset for @bradygaster/squad-cli covering first-class sandcastle sandbox support and sandbox flag passthrough.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a first-class “execution config” layer to Squad CLI agent spawns, introducing a sandbox provider selector (copilot vs sandcastle), permission profiles (interactive|yolo|autopilot), passthrough --sandbox-flags, stable error codes, and updated help/docs/tests across watch/triage/loop/start/bridge flows.

Changes:

  • Introduces centralized execution config resolution + stable error codes (execution-config.ts) and wires it into watch + loop + start + copilot-bridge.
  • Adds a shared command builder (sandbox-command.ts) and new CLI flags/help/docs to expose sandbox + permission profile behavior.
  • Adds acceptance + unit tests covering precedence, help output, and error code surfacing.

Reviewed changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
packages/squad-cli/src/cli/core/execution-config.ts New resolver for sandbox/provider/profile with precedence + stable errors.
packages/squad-cli/src/cli/commands/sandbox-command.ts New shared command builder for selecting sandbox executable + normalizing permission flags.
packages/squad-cli/src/cli/commands/watch/config.ts Resolves sandbox/profile from CLI/config/env and propagates into watch config/context.
packages/squad-cli/src/cli/commands/watch/types.ts Adds execution-related fields to WatchContext.
packages/squad-cli/src/cli/commands/watch/index.ts Routes agent spawning through buildSandboxCommand and surfaces resolved execution info.
packages/squad-cli/src/cli/commands/watch/capabilities/execute.ts Uses shared sandbox command builder for execute capability spawns.
packages/squad-cli/src/cli/commands/watch/capabilities/wave-dispatch.ts Uses shared sandbox command builder for wave dispatch spawns.
packages/squad-cli/src/cli/commands/watch/capabilities/retro.ts Uses shared sandbox command builder for retro capability spawns.
packages/squad-cli/src/cli/commands/watch/capabilities/monitor-teams.ts Uses shared sandbox command builder for monitor-teams spawns.
packages/squad-cli/src/cli/commands/watch/capabilities/monitor-email.ts Uses shared sandbox command builder for monitor-email spawns.
packages/squad-cli/src/cli/commands/watch/capabilities/decision-hygiene.ts Uses shared sandbox command builder for decision-hygiene spawns.
packages/squad-cli/src/cli/commands/loop.ts Adds execution config resolution + wiring for sandbox/profile/flags in loop runs.
packages/squad-cli/src/cli/commands/start.ts Applies execution config + sandbox selection to PTY “start” spawning.
packages/squad-cli/src/cli/commands/copilot-bridge.ts Applies execution config + sandbox selection to copilot-bridge spawning.
packages/squad-cli/src/cli/core/command-help.ts Updates help output to document sandbox/profile flags for loop/watch.
packages/squad-cli/src/cli-entry.ts Parses new CLI flags and ensures stable error codes are surfaced for watch.
README.md Documents new flags, precedence, and links to SANDBOX.md.
SANDBOX.md New detailed docs for precedence, validation rules, error codes, and usage examples.
CONTEXT.md New domain vocabulary/notes for sandbox + permission profile concepts.
test/cli/execution-config.test.ts Unit tests for execution-config precedence + stable error codes + profile flag normalization.
test/cli/sandbox-command.test.ts Unit tests for sandbox command building behavior.
test/cli/watch-config-execution.test.ts Unit tests for env/config/CLI precedence as surfaced through watch config loader.
test/cli/watch-execute.test.ts Tests watch buildAgentCommand behavior with sandcastle + permission profile normalization.
test/acceptance/features/execution-config.feature Acceptance coverage for help output + invalid-value error codes.
test/acceptance/acceptance.test.ts Registers the new acceptance feature.

Comment thread packages/squad-cli/src/cli/commands/sandbox-command.ts
Comment thread SANDBOX.md
Comment thread packages/squad-cli/src/cli/core/execution-config.ts
Comment thread test/cli/sandbox-command.test.ts Outdated
Comment thread test/cli/watch-execute.test.ts
Map prompt args to sandcastle-compatible flags, stop forwarding Copilot-only permission flags to sandcastle, and fail fast for start/copilot-bridge sandbox modes that require Copilot ACP/PTY behavior.
Clarify scoped install instructions (@ai-hero/sandcastle) and detect incompatible sandcastle binaries by validating --help output surface.
@bradygaster

Copy link
Copy Markdown
Owner

@soderlind could you explain the use case for this? it seems interesting but just trying to understand the value-add.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants