build: Installed ast_grep in the sandbox kit definition
CI / All (macos-latest) (push) Waiting to run
CI / All (windows-latest) (push) Waiting to run
CI / All (ubuntu-latest) (push) Failing after 26s

This commit is contained in:
2026-07-04 13:14:22 -06:00
parent 8f667886c8
commit d4a6a2fb34
+60 -55
View File
@@ -5,7 +5,7 @@
# sbx cp $HOME/.config/coyote/ testing:/home/agent/.config/ # sbx cp $HOME/.config/coyote/ testing:/home/agent/.config/
# sbx cp $HOME/.coyote_password testing:/home/agent/ # sbx cp $HOME/.coyote_password testing:/home/agent/
# sbx run testing --kit ./sbx-kit/ # sbx run testing --kit ./sbx-kit/
schemaVersion: '1' schemaVersion: "1"
kind: sandbox kind: sandbox
name: coyote name: coyote
displayName: Coyote displayName: Coyote
@@ -14,10 +14,10 @@ description: >
CLI & REPL mode, RAG, AI tools & agents, MCP servers, skills, and macros. CLI & REPL mode, RAG, AI tools & agents, MCP servers, skills, and macros.
sandbox: sandbox:
image: 'docker/sandbox-templates:shell-docker' image: "docker/sandbox-templates:shell-docker"
aiFilename: COYOTE.md aiFilename: COYOTE.md
entrypoint: entrypoint:
run: ['bash', '-lc', 'exec /home/agent/.cargo/bin/coyote'] run: ["bash", "-lc", "exec /home/agent/.cargo/bin/coyote"]
network: network:
# Proxy-managed LLM providers: the proxy substitutes `proxy-managed` for # Proxy-managed LLM providers: the proxy substitutes `proxy-managed` for
@@ -50,96 +50,96 @@ network:
serviceAuth: serviceAuth:
openai: openai:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
anthropic: anthropic:
headerName: x-api-key headerName: x-api-key
valueFormat: '%s' valueFormat: "%s"
gemini: gemini:
headerName: x-goog-api-key headerName: x-goog-api-key
valueFormat: '%s' valueFormat: "%s"
cohere: cohere:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
groq: groq:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
openrouter: openrouter:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
ai21: ai21:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
cloudflare: cloudflare:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
deepinfra: deepinfra:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
deepseek: deepseek:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
mistral: mistral:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
perplexity: perplexity:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
voyageai: voyageai:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
xai: xai:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
jina: jina:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
ernie: ernie:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
hunyuan: hunyuan:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
minimax: minimax:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
moonshot: moonshot:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
qianwen: qianwen:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
zhipuai: zhipuai:
headerName: Authorization headerName: Authorization
valueFormat: 'Bearer %s' valueFormat: "Bearer %s"
allowedDomains: allowedDomains:
# Coyote release + self-update + model-registry sync # Coyote release + self-update + model-registry sync
- 'github.com:443' - "github.com:443"
- 'api.github.com:443' - "api.github.com:443"
- 'raw.githubusercontent.com:443' - "raw.githubusercontent.com:443"
- 'objects.githubusercontent.com:443' - "objects.githubusercontent.com:443"
- '*.githubusercontent.com:443' - "*.githubusercontent.com:443"
# Coyote install paths (cargo install + uv + rustup + Python tool deps at runtime) # Coyote install paths (cargo install + uv + rustup + Python tool deps at runtime)
- 'crates.io:443' - "crates.io:443"
- 'static.crates.io:443' - "static.crates.io:443"
- 'pypi.org:443' - "pypi.org:443"
- 'files.pythonhosted.org:443' - "files.pythonhosted.org:443"
- 'astral.sh:443' - "astral.sh:443"
- 'sh.rustup.rs:443' - "sh.rustup.rs:443"
- 'static.rust-lang.org:443' - "static.rust-lang.org:443"
# LLM model OAuth + API endpoints # LLM model OAuth + API endpoints
- 'claude.ai:443' - "claude.ai:443"
- 'console.anthropic.com:443' - "console.anthropic.com:443"
- 'accounts.google.com:443' - "accounts.google.com:443"
# *.googleapis.com covers oauth2 + userinfo + VertexAI regional endpoints # *.googleapis.com covers oauth2 + userinfo + VertexAI regional endpoints
# (*-aiplatform.googleapis.com). Do not narrow without re-checking VertexAI. # (*-aiplatform.googleapis.com). Do not narrow without re-checking VertexAI.
- '*.googleapis.com:443' - "*.googleapis.com:443"
# Bedrock and GitHub Models use signed / GitHub-PAT auth that the proxy # Bedrock and GitHub Models use signed / GitHub-PAT auth that the proxy
# cannot rewrite. Domains are allow-listed; credentials must be injected # cannot rewrite. Domains are allow-listed; credentials must be injected
# separately (see README "Extending"). # separately (see README "Extending").
- '*.amazonaws.com:443' - "*.amazonaws.com:443"
- 'models.inference.ai.azure.com:443' - "models.inference.ai.azure.com:443"
credentials: credentials:
sources: sources:
@@ -210,7 +210,7 @@ credentials:
environment: environment:
variables: variables:
IS_SANDBOX: '1' IS_SANDBOX: "1"
COYOTE_LOG_LEVEL: INFO COYOTE_LOG_LEVEL: INFO
COYOTE_CONFIG_DIR: /home/agent/.config/coyote COYOTE_CONFIG_DIR: /home/agent/.config/coyote
proxyManaged: proxyManaged:
@@ -250,7 +250,7 @@ commands:
libssl-dev \ libssl-dev \
pandoc \ pandoc \
bzip2 bzip2
user: '1000' user: "1000"
description: Install system prerequisites (including pandoc for fetch_url_via_curl) description: Install system prerequisites (including pandoc for fetch_url_via_curl)
- command: | - command: |
curl -LsSf https://astral.sh/uv/install.sh | sh curl -LsSf https://astral.sh/uv/install.sh | sh
@@ -258,7 +258,7 @@ commands:
printf '#!/bin/sh\nexec uv tool run "$@"\n' > "$HOME/.local/bin/uvx" printf '#!/bin/sh\nexec uv tool run "$@"\n' > "$HOME/.local/bin/uvx"
chmod +x "$HOME/.local/bin/uvx" chmod +x "$HOME/.local/bin/uvx"
fi fi
user: '1000' user: "1000"
description: Install uv and write a uvx shell wrapper (the installer may place a macOS binary at this path on Docker-for-Mac hosts, which the Linux container cannot execute) description: Install uv and write a uvx shell wrapper (the installer may place a macOS binary at this path on Docker-for-Mac hosts, which the Linux container cannot execute)
- command: | - command: |
set -euo pipefail set -euo pipefail
@@ -274,13 +274,8 @@ commands:
curl -fsSL --retry 3 "https://github.com/xo/usql/releases/download/v${USQL_VERSION}/usql_static-${USQL_VERSION}-linux-${USQL_ARCH}.tar.bz2" -o "$TMPDIR/usql.tar.bz2" curl -fsSL --retry 3 "https://github.com/xo/usql/releases/download/v${USQL_VERSION}/usql_static-${USQL_VERSION}-linux-${USQL_ARCH}.tar.bz2" -o "$TMPDIR/usql.tar.bz2"
tar -xjf "$TMPDIR/usql.tar.bz2" -C "$TMPDIR" tar -xjf "$TMPDIR/usql.tar.bz2" -C "$TMPDIR"
sudo install -m 0755 "$TMPDIR/usql_static" /usr/local/bin/usql sudo install -m 0755 "$TMPDIR/usql_static" /usr/local/bin/usql
user: '1000' user: "1000"
description: Install the usql universal SQL CLI (used by the built-in sql agent and execute_sql_code tool) description: Install the usql universal SQL CLI (used by the built-in sql agent and execute_sql_code tool)
- command: |
. "$HOME/.cargo/env"
cargo install --locked iwec
user: '1000'
description: Install the IWE MCP server binary (iwec) used by the built-in iwe MCP server and iwe-knowledge-base skill
- command: | - command: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
sh -s -- -y \ sh -s -- -y \
@@ -289,17 +284,27 @@ commands:
--target x86_64-unknown-linux-musl --target x86_64-unknown-linux-musl
. "$HOME/.cargo/env" . "$HOME/.cargo/env"
cargo install --locked coyote-ai cargo install --locked coyote-ai
user: '1000' user: "1000"
description: Install Coyote AI CLI via Rust's Cargo description: Install Coyote AI CLI via Rust's Cargo
- command: |
. "$HOME/.cargo/env"
cargo install --locked iwec
user: "1000"
description: Install the IWE MCP server binary (iwec) used by the built-in iwe MCP server and iwe-knowledge-base skill
- command: |
. "$HOME/.cargo/env"
cargo install --locked ast-grep
user: "1000"
description: Install ast-grep, used by the built-in ast_grep structural code search tool (and the explore agent)
startup: startup:
- command: - command:
[ [
'sh', "sh",
'-c', "-c",
'test -f "$HOME/.config/coyote/config.yaml" || coyote --info >/dev/null 2>&1 || true', 'test -f "$HOME/.config/coyote/config.yaml" || coyote --info >/dev/null 2>&1 || true',
] ]
user: '1000' user: "1000"
background: false background: false
description: Bootstrap Coyote config directory on first sandbox start description: Bootstrap Coyote config directory on first sandbox start