Draft
Conversation
michael-webster
force-pushed
the
webster/sandbox-push-code
branch
19 times, most recently
from
902de9f to
7e9f4a8
Compare
added 3 commits
March 18, 2026 19:58
Replace Bun.spawn(["ssh"]) + socat ProxyCommand with the ssh2 npm library connected over tls.connect() on port 2222, eliminating both binary dependencies. - execOverSsh: connects via TLS socket, runs a command, streams stdin/stdout/stderr, resolves with exit code - verifyHostKey: TOFU implementation — accepts unknown hosts on first connect, rejects fingerprint mismatches on subsequent connects - shellJoin: single-quote escapes args for safe shell interpolation
- Add core/sandboxes.ts: listSandboxes, createNewSandbox, execCommandInSandbox, addSshKeyToSandbox orchestrators - Add core/sandboxes.steps.ts: pure helpers (validatePublicKey, resolvePublicKeyFile) - Thin commands/sandbox.ts to command registration only; move business logic to core - Add CommandError struct to types/index.ts so commands can carry structured error data through to the CLI layer
michael-webster
force-pushed
the
webster/sandbox-push-code
branch
3 times, most recently
from
469a315 to
14ad2e0
Compare
- Add core/sandbox-session.ts: manages the chunk_ai keypair and opens authenticated SSH sessions via the CircleCI access token API - Add runOverSsh and syncToSandbox orchestrators to core/sandboxes.ts - Add buildSandboxInitCommand to core/sandboxes.steps.ts - sandboxes sync: generates a patch against the remote base and applies it on the sandbox; --bootstrap flag clones the repo first - sandboxes ssh: runs an arbitrary command on the sandbox over SSH
michael-webster
force-pushed
the
webster/sandbox-push-code
branch
from
14ad2e0 to
f8001a6
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
chunk sandboxes sync --org-id <id> --sandbox-id <id>to rsync the current working directory to a sandbox over SSH--public-key-file ~/.ssh/id_ed25519.pub,--dest /workspaceChanges
src/commands/sandbox.ts: newsyncToSandboxfunction +buildRsyncArgspure helper, registered aschunk sandboxes syncresolvePublicKeyFileerrors (missing file, private key) were previously uncaught and would propagate; now handled gracefully withexitCode: 2src/__tests__/sandbox-sync.unit.test.ts: 10 unit tests covering rsync arg construction and all error pathsTest plan
bun test src/__tests__/sandbox-sync.unit.test.tspasseschunk sandboxes sync --helpshows expected flags and defaults--dest