Fix Docker sandbox filesystem tool fallback#1105
Conversation
Greptile SummaryThis PR fixes the Docker sandbox filesystem fallback so that
Confidence Score: 4/5Safe to merge; the fallback logic is correct and the new tests cover the primary regression cases. The write and list fallbacks are well-implemented and the write path has a focused regression test. The read path relies implicitly on native_host_read_file never returning Err for file-access failures, creating a silent coupling that differs from the write/list pattern. The list_files fallback branch is also untested. crates/tools/src/sandbox/docker.rs — the read_file error-propagation asymmetry and the untested list_files fallback branch both warrant a second look.
|
| Filename | Overview |
|---|---|
| crates/tools/src/sandbox/docker.rs | Adds error-catching fallback to write_file and list_files when host-mount access fails; changes read_file condition from !NotFound to explicit Ok |
| crates/tools/src/sandbox/file_system.rs | Adds container_copy_failure_detail helper to produce non-empty error messages when OCI cp exits with no stderr; logic and test are correct. |
| crates/tools/src/sandbox/tests/core.rs | Adds write-fallback regression test using a fake CLI script; no equivalent test for list_files fallback. |
| crates/tools/src/fs/contract_tests.rs | Adds four new sandbox contract tests covering /home/sandbox/ and workspace paths for Write, Read+Write, Edit, and MultiEdit through MockSandbox. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[fs operation] --> B{mounted_host_path?}
B -- None --> G[container op]
B -- Some --> C[native_host_* call]
C -- read Ok/TooLarge --> D[return host result]
C -- read NotFound/PermissionDenied/NotRegularFile --> F[debug log, fallback]
C -- read Err via ? --> E[return Err, no fallback]
C -- write Ok --> D
C -- write Err --> F
C -- list Ok --> H[remap and return]
C -- list Err --> F
F --> G
G --> I[return container result]
style E fill:#f99,stroke:#c00
style F fill:#ffe,stroke:#cc0
Comments Outside Diff (1)
-
crates/tools/src/sandbox/docker.rs, line 766-772 (link)Read-path error not caught by fallback
write_fileandlist_filesnow explicitly catch errors from their respectivenative_host_*helpers and fall back to container operations.read_filestill uses.await?, so anyErrfromnative_host_read_filepropagates immediately without attempting the container fallback. This works today becausenative_host_read_fileconverts every IO error into anOk(SandboxReadResult::…)variant rather than returningErr. If that mapping ever gains an error path, the read fallback will silently break while write and list continue to work.Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
Reviews (1): Last reviewed commit: "fix(sandbox): route docker fs tools thro..." | Re-trigger Greptile
| async fn list_files(&self, id: &SandboxId, root: &str) -> Result<SandboxListFilesResult> { | ||
| if let Some(host_path) = self.mounted_host_path(id, root) { | ||
| let host_files = native_host_list_files( | ||
| let host_result = native_host_list_files( | ||
| host_path | ||
| .to_str() | ||
| .ok_or_else(|| Error::message("mounted host path contains invalid UTF-8"))?, | ||
| ) | ||
| .await?; | ||
| return remap_host_list_result_to_guest(root, &host_path, host_files); | ||
| .await; | ||
| match host_result { | ||
| Ok(host_files) => { | ||
| return remap_host_list_result_to_guest(root, &host_path, host_files); | ||
| }, | ||
| Err(error) => { | ||
| debug!( | ||
| guest_path = root, | ||
| host_path = %host_path.display(), | ||
| %error, | ||
| "mounted host list failed; falling back to container list" | ||
| ); | ||
| }, | ||
| } | ||
| } |
There was a problem hiding this comment.
No test for
list_files host-mount fallback
The analogous write_file fallback has a dedicated regression test (test_docker_write_file_falls_back_to_container_copy_when_host_mount_is_inaccessible), but the list_files fallback added here has no corresponding test. native_host_list_files returns Err on non-NotFound IO errors (e.g., permission denied on the directory), so a similar fake-CLI test that sets host_data_dir to a non-existent path and asserts the container list_files call is reached would cover the new branch.
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Merging this PR will not alter performance
Comparing Footnotes
|
Summary
Read/Write/Edittools don't work in Docker #1096Validation
Completed
Remaining
Manual QA