9 Commits

Author SHA1 Message Date
Dark-Alex-17 52356ead6c fix: Properly chown the coyote config recursively and password file in the sbx
CI / All (ubuntu-latest) (push) Failing after 25s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-07-01 17:12:42 -06:00
Dark-Alex-17 ad9fc524d4 feat: Pin specific usql version to sbx kit 2026-07-01 17:11:27 -06:00
Dark-Alex-17 af50909a89 feat: recursively take ownership over the copied in coyote config for the sbx 2026-07-01 16:54:57 -06:00
Dark-Alex-17 318d9ba1cd feat: explicitly specify the COYOTE_CONFIG_DIR in the sbx kit 2026-07-01 16:54:42 -06:00
Dark-Alex-17 45d709f28e Merge branch 'main' of github.com:Dark-Alex-17/coyote
CI / All (ubuntu-latest) (push) Failing after 25s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-30 14:55:08 -06:00
Dark-Alex-17 9cd074cb9b build: fixed coyote install scripts 2026-06-30 14:54:59 -06:00
Dark-Alex-17 93eec45473 docs: fixed coyote install script URLs 2026-06-30 14:43:00 -06:00
Dark-Alex-17 e585e0b049 feat: --tail-logs can track log rollovers and incoporates a sleep timer to minimize idle CPU cycles
CI / All (ubuntu-latest) (push) Failing after 25s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-25 14:01:38 -06:00
Dark-Alex-17 13bfaf9aca feat: Added support for log rolling so log files don't just blow up over time 2026-06-25 13:57:15 -06:00
8 changed files with 155 additions and 95 deletions
+1 -1
View File
@@ -49,7 +49,7 @@ textwrap = "0.16.0"
ansi_colours = "1.2.2"
eventsource-stream = "0.2.3"
log = "0.4.28"
log4rs = { version = "1.4.0", features = ["file_appender"] }
log4rs = { version = "1.4.0", features = ["file_appender", "rolling_file_appender", "compound_policy", "fixed_window_roller", "size_trigger"] }
shell-words = "1.1.0"
sha2 = "0.10.8"
unicode-width = "0.2.0"
+2 -2
View File
@@ -98,7 +98,7 @@ You can use the following command to run a bash script that downloads and instal
OS (Linux/MacOS) and architecture (x86_64/arm64):
```shell
curl -fsSL https://raw.githubusercontent.com/Dark-Alex-17/coyote/main/install_coyote.sh | bash
curl -fsSL https://raw.githubusercontent.com/Dark-Alex-17/coyote/refs/heads/main/scripts/install_coyote.sh | bash
```
#### Windows/Linux/MacOS (`PowerShell`)
@@ -106,7 +106,7 @@ You can use the following command to run a PowerShell script that downloads and
for your OS (Windows/Linux/MacOS) and architecture (x86_64/arm64):
```powershell
powershell -NoProfile -ExecutionPolicy Bypass -Command "iwr -useb https://raw.githubusercontent.com/Dark-Alex-17/coyote/main/scripts/install_coyote.ps1 | iex"
powershell -NoProfile -ExecutionPolicy Bypass -Command "iwr -useb https://raw.githubusercontent.com/Dark-Alex-17/coyote/refs/heads/main/scripts/install_coyote.ps1 | iex"
```
### Manual
+58 -53
View File
@@ -5,7 +5,7 @@
# sbx cp $HOME/.config/coyote/ testing:/home/agent/.config/
# sbx cp $HOME/.coyote_password testing:/home/agent/
# sbx run testing --kit ./sbx-kit/
schemaVersion: "1"
schemaVersion: '1'
kind: agent
name: coyote
displayName: Coyote
@@ -14,11 +14,10 @@ description: >
CLI & REPL mode, RAG, AI tools & agents, MCP servers, skills, and macros.
agent:
image: "docker/sandbox-templates:shell-docker"
image: 'docker/sandbox-templates:shell-docker'
aiFilename: COYOTE.md
# persistence: persistent
entrypoint:
run: ["bash", "-lc", "exec /home/agent/.cargo/bin/coyote"]
run: ['bash', '-lc', 'exec /home/agent/.cargo/bin/coyote']
network:
# Proxy-managed LLM providers: the proxy substitutes `proxy-managed` for
@@ -51,96 +50,96 @@ network:
serviceAuth:
openai:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
anthropic:
headerName: x-api-key
valueFormat: "%s"
valueFormat: '%s'
gemini:
headerName: x-goog-api-key
valueFormat: "%s"
valueFormat: '%s'
cohere:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
groq:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
openrouter:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
ai21:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
cloudflare:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
deepinfra:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
deepseek:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
mistral:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
perplexity:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
voyageai:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
xai:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
jina:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
ernie:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
hunyuan:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
minimax:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
moonshot:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
qianwen:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
zhipuai:
headerName: Authorization
valueFormat: "Bearer %s"
valueFormat: 'Bearer %s'
allowedDomains:
# Coyote release + self-update + model-registry sync
- "github.com:443"
- "api.github.com:443"
- "raw.githubusercontent.com:443"
- "objects.githubusercontent.com:443"
- "*.githubusercontent.com:443"
- 'github.com:443'
- 'api.github.com:443'
- 'raw.githubusercontent.com:443'
- 'objects.githubusercontent.com:443'
- '*.githubusercontent.com:443'
# Coyote install paths (cargo install + uv + rustup + Python tool deps at runtime)
- "crates.io:443"
- "static.crates.io:443"
- "pypi.org:443"
- "files.pythonhosted.org:443"
- "astral.sh:443"
- "sh.rustup.rs:443"
- "static.rust-lang.org:443"
- 'crates.io:443'
- 'static.crates.io:443'
- 'pypi.org:443'
- 'files.pythonhosted.org:443'
- 'astral.sh:443'
- 'sh.rustup.rs:443'
- 'static.rust-lang.org:443'
# LLM model OAuth + API endpoints
- "claude.ai:443"
- "console.anthropic.com:443"
- "accounts.google.com:443"
- 'claude.ai:443'
- 'console.anthropic.com:443'
- 'accounts.google.com:443'
# *.googleapis.com covers oauth2 + userinfo + VertexAI regional endpoints
# (*-aiplatform.googleapis.com). Do not narrow without re-checking VertexAI.
- "*.googleapis.com:443"
- '*.googleapis.com:443'
# Bedrock and GitHub Models use signed / GitHub-PAT auth that the proxy
# cannot rewrite. Domains are allow-listed; credentials must be injected
# separately (see README "Extending").
- "*.amazonaws.com:443"
- "models.inference.ai.azure.com:443"
- '*.amazonaws.com:443'
- 'models.inference.ai.azure.com:443'
credentials:
sources:
@@ -211,8 +210,9 @@ credentials:
environment:
variables:
IS_SANDBOX: "1"
IS_SANDBOX: '1'
COYOTE_LOG_LEVEL: INFO
COYOTE_CONFIG_DIR: /home/agent/.config/coyote
proxyManaged:
- OPENAI_API_KEY
- ANTHROPIC_API_KEY
@@ -250,14 +250,14 @@ commands:
libssl-dev \
pandoc \
bzip2
user: "1000"
user: '1000'
description: Install system prerequisites (including pandoc for fetch_url_via_curl)
- command: "curl -LsSf https://astral.sh/uv/install.sh | sh"
user: "1000"
- command: 'curl -LsSf https://astral.sh/uv/install.sh | sh'
user: '1000'
description: Install uv (required for Python-based custom tools)
- command: |
set -euo pipefail
USQL_VERSION=$(curl -sSL https://api.github.com/repos/xo/usql/releases/latest | jq -r .tag_name | sed 's/^v//')
USQL_VERSION=0.21.4
ARCH=$(uname -m)
case "$ARCH" in
x86_64) USQL_ARCH=amd64 ;;
@@ -266,10 +266,10 @@ commands:
esac
TMPDIR=$(mktemp -d)
trap 'rm -rf "$TMPDIR"' EXIT
curl -sSL "https://github.com/xo/usql/releases/download/v${USQL_VERSION}/usql_static-${USQL_VERSION}-linux-${USQL_ARCH}.tar.bz2" -o "$TMPDIR/usql.tar.bz2"
curl -fsSL --retry 3 "https://github.com/xo/usql/releases/download/v${USQL_VERSION}/usql_static-${USQL_VERSION}-linux-${USQL_ARCH}.tar.bz2" -o "$TMPDIR/usql.tar.bz2"
tar -xjf "$TMPDIR/usql.tar.bz2" -C "$TMPDIR"
sudo install -m 0755 "$TMPDIR/usql_static" /usr/local/bin/usql
user: "1000"
user: '1000'
description: Install the usql universal SQL CLI (used by the built-in sql agent and execute_sql_code tool)
- command: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
@@ -279,12 +279,17 @@ commands:
--target x86_64-unknown-linux-musl
. "$HOME/.cargo/env"
cargo install --locked coyote-ai
user: "1000"
user: '1000'
description: Install Coyote AI CLI via Rust's Cargo
startup:
- command: ["sh", "-c", "test -f \"$HOME/.config/coyote/config.yaml\" || coyote --info >/dev/null 2>&1 || true"]
user: "1000"
- command:
[
'sh',
'-c',
'test -f "$HOME/.config/coyote/config.yaml" || coyote --info >/dev/null 2>&1 || true',
]
user: '1000'
background: false
description: Bootstrap Coyote config directory on first sandbox start
+3 -3
View File
@@ -39,7 +39,7 @@ switch ([System.Runtime.InteropServices.RuntimeInformation]::OSArchitecture) {
if (-not $BinDir) {
if ($isWin) { $BinDir = Join-Path $env:LOCALAPPDATA 'coyote\bin' }
else { $home = $env:HOME; if (-not $home) { $home = (Get-Item -Path ~).FullName }; $BinDir = Join-Path $home '.local/bin' }
else { $userHome = $env:HOME; if (-not $userHome) { $userHome = (Get-Item -Path ~).FullName }; $BinDir = Join-Path $userHome '.local/bin' }
}
New-Item -ItemType Directory -Force -Path $BinDir | Out-Null
@@ -95,13 +95,13 @@ if ($asset.name -match '\.zip$') {
[System.IO.Compression.ZipFile]::ExtractToDirectory($archive, $extractDir)
} elseif ($asset.name -match '\.tar\.gz$' -or $asset.name -match '\.tgz$') {
$tar = Get-Command tar -ErrorAction SilentlyContinue
if ($tar) { & $tar.FullName -xzf $archive -C $extractDir }
if ($tar) { & $tar.Source -xzf $archive -C $extractDir }
else { Fail "Asset is tar archive but 'tar' is not available." }
} else {
try { Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory($archive, $extractDir) }
catch {
$tar = Get-Command tar -ErrorAction SilentlyContinue
if ($tar) { & $tar.FullName -xf $archive -C $extractDir } else { Fail "Unknown archive format; neither zip nor tar workable." }
if ($tar) { & $tar.Source -xf $archive -C $extractDir } else { Fail "Unknown archive format; neither zip nor tar workable." }
}
}
Regular → Executable
+13 -22
View File
@@ -133,30 +133,21 @@ else
echo "Error: unsupported OS for this installer: $OS" >&2; exit 1
fi
DL_URLS=$(grep -oE '"browser_download_url":[[:space:]]*"[^"]+"' "$JSON" \
| sed -E 's/.*"browser_download_url":[[:space:]]*"//; s/"$//' \
|| true)
ASSET_NAME=""; ASSET_URL=""
for candidate in "${ASSET_CANDIDATES[@]}"; do
NAME=$(grep -oE '"name":\s*"[^"]+"' "$JSON" | sed 's/"name":\s*"//; s/"$//' | grep -Fx "$candidate" || true)
if [[ -n "$NAME" ]]; then
ASSET_NAME="$NAME"
ASSET_URL=$(awk -v pat="$NAME" '
BEGIN{ FS=":"; want=0 }
/"name"/ {
line=$0;
gsub(/^\s+|\s+$/,"",line);
gsub(/"name"\s*:\s*"|"/ ,"", line);
want = (line==pat) ? 1 : 0;
next
}
want==1 && /"browser_download_url"/ {
u=$0;
gsub(/^\s+|\s+$/,"",u);
gsub(/.*"browser_download_url"\s*:\s*"|".*/ ,"", u);
print u;
exit
}
' "$JSON")
if [[ -n "$ASSET_URL" ]]; then break; fi
fi
while IFS= read -r url; do
[[ -z "$url" ]] && continue
if [[ "$url" == */"$candidate" ]]; then
ASSET_NAME="$candidate"
ASSET_URL="$url"
break
fi
done <<< "$DL_URLS"
[[ -n "$ASSET_URL" ]] && break
done
if [[ -z "$ASSET_URL" ]]; then
+19 -3
View File
@@ -39,7 +39,10 @@ use client::ClientConfig;
use inquire::{Select, Text, set_global_render_config};
use log::{LevelFilter, warn};
use log4rs::append::console::ConsoleAppender;
use log4rs::append::file::FileAppender;
use log4rs::append::rolling_file::RollingFileAppender;
use log4rs::append::rolling_file::policy::compound::CompoundPolicy;
use log4rs::append::rolling_file::policy::compound::roll::fixed_window::FixedWindowRoller;
use log4rs::append::rolling_file::policy::compound::trigger::size::SizeTrigger;
use log4rs::config::{Appender, Logger, Root};
use log4rs::encode::pattern::PatternEncoder;
use oauth::OAuthProvider;
@@ -585,7 +588,20 @@ fn setup_logger() -> Result<Option<PathBuf>> {
}
Some(path) => {
ensure_parent_exists(&path)?;
let file_appender = FileAppender::builder().encoder(encoder.clone()).build(path);
let archive_pattern = path
.with_extension("archived.{}.log")
.to_string_lossy()
.into_owned();
let trigger = SizeTrigger::new(10 * 1024 * 1024);
let roller = FixedWindowRoller::builder()
.build(&archive_pattern, 5)
.unwrap();
let policy = CompoundPolicy::new(Box::new(trigger), Box::new(roller));
let file_appender = RollingFileAppender::builder()
.encoder(encoder.clone())
.build(path, Box::new(policy));
match file_appender {
Ok(appender) => {
@@ -608,7 +624,7 @@ fn setup_logger() -> Result<Option<PathBuf>> {
fn init_file_logger(
log_level: LevelFilter,
log_filter: Option<String>,
file_appender: FileAppender,
file_appender: RollingFileAppender,
) -> log4rs::Config {
let root_log_level = if log_filter.is_some() {
LevelFilter::Off
+26 -3
View File
@@ -356,9 +356,9 @@ fn build_create_args(
args.push(mixin_str);
}
args.push(SANDBOX_AGENT.to_string());
args.push("--name".to_string());
args.push(name.to_string());
args.push(SANDBOX_AGENT.to_string());
args.push(".".to_string());
Ok(args)
@@ -373,6 +373,7 @@ fn copy_host_files(name: &str) -> Result<()> {
let src = format!("{}/", config_dir.display());
let dest = format!("{name}:/home/agent/.config/");
sbx_cp(&src, &dest)?;
chown_agent_recursive(name, "/home/agent/.config")?;
} else {
debug!(
"Skipping config copy: {} does not exist",
@@ -390,6 +391,7 @@ fn copy_host_files(name: &str) -> Result<()> {
}
let dest = format!("{name}:{dest_path}");
sbx_cp(&password_file.display().to_string(), &dest)?;
chown_agent_recursive(name, &dest_path)?;
}
Some(password_file) => {
debug!(
@@ -520,6 +522,27 @@ fn exec_run(name: &str, kit_path: &Path) -> Result<()> {
Ok(())
}
fn chown_agent_recursive(sandbox: &str, path: &str) -> Result<()> {
let path_q = shell_words::quote(path);
let cmd = format!("sudo chown -R agent:agent {path_q}");
debug!("sbx exec {sandbox}: {cmd}");
let status = Command::new(SBX_BINARY)
.args(["exec", sandbox, "sh", "-c", &cmd])
.stdin(Stdio::inherit())
.stdout(Stdio::inherit())
.stderr(Stdio::inherit())
.status()
.context("Failed to spawn `sbx exec` to chown copied files")?;
if !status.success() {
bail!("Chowning '{path}' in sandbox failed: sbx exec exited with {status}");
}
Ok(())
}
#[cfg(test)]
mod tests {
use super::*;
@@ -627,9 +650,9 @@ mod tests {
dir_a.display().to_string(),
"--kit".to_string(),
dir_b.display().to_string(),
"coyote".to_string(),
"--name".to_string(),
"my-box".to_string(),
"coyote".to_string(),
".".to_string(),
]
);
@@ -648,9 +671,9 @@ mod tests {
"create".to_string(),
"--kit".to_string(),
"/cache/sbx-kit".to_string(),
"coyote".to_string(),
"--name".to_string(),
"box".to_string(),
"coyote".to_string(),
".".to_string(),
]
);
+33 -8
View File
@@ -1,9 +1,11 @@
use crate::config::paths;
use colored::Colorize;
use fancy_regex::Regex;
use std::fs::File;
use std::fs::{self, File};
use std::io::{BufRead, BufReader, Seek, SeekFrom};
use std::process;
use std::time::Duration;
use tokio::time::sleep;
pub async fn tail_logs(no_color: bool) {
let re = Regex::new(r"^(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3})\s+<(?P<opid>[^\s>]+)>\s+\[(?P<level>[A-Z]+)\]\s+(?P<logger>[^:]+):(?P<line>\d+)\s+-\s+(?P<message>.*)$").unwrap();
@@ -16,20 +18,43 @@ pub async fn tail_logs(no_color: bool) {
process::exit(1);
};
let mut lines = reader.lines();
let mut line_buf = String::new();
loop {
if let Some(Ok(line)) = lines.next() {
if no_color {
println!("{line}");
} else {
let colored_line = colorize_log_line(&line, &re);
println!("{colored_line}");
match reader.read_line(&mut line_buf) {
Ok(0) => {
if file_was_rotated(&file_path, &mut reader) {
let file = File::open(&file_path).expect("Cannot open file");
reader = BufReader::new(file);
}
sleep(Duration::from_millis(100)).await;
}
Ok(_) => {
let line = line_buf.trim_end();
if no_color {
println!("{line}");
} else {
let colored_line = colorize_log_line(line, &re);
println!("{colored_line}");
}
line_buf.clear();
}
Err(_) => {
line_buf.clear();
sleep(Duration::from_millis(100)).await;
}
}
}
}
fn file_was_rotated(path: &std::path::Path, reader: &mut BufReader<File>) -> bool {
let current_pos = reader.stream_position().unwrap_or(0);
match fs::metadata(path) {
Ok(metadata) => metadata.len() < current_pos,
Err(_) => true,
}
}
fn colorize_log_line(line: &str, re: &Regex) -> String {
if let Some(caps) = re.captures(line).expect("Failed to capture log line") {
let level = &caps["level"];