IPC fix + Qwen + env profiles + OpenCode install overhaul + "p… by thecodeassassin · Pull Request #21 · Cloud-Exit/ExitBox

thecodeassassin · 2026-05-12T22:24:54Z

IPC / firewall fix

internal/run/run.go: IPC server now always starts (vault/kv need it). allow_domain handler only registered when firewall enabled. Extracted to newIPCServer.
internal/ipc/server.go: added HasHandler() for testability.
internal/run/run_test.go: two tests — IPC always created; allow_domain only with firewall.

Qwen agent added

README: Qwen listed as supported agent; exitbox run qwen shown.
internal/agents/qwen/docker.go: now uses shared jstools.InstallDependencies.
README path table includes Qwen managed dirs.

Env profiles system

New package internal/env/ (implied by imports).
cmd/run.go:
- --profile flag: loads env vars from named profile; prepends to container -e flags.
- Auto-loads workspace default profile if set.
internal/run/run.go:
- Options.EnvProfile field; passed into container as EXITBOX_ENV_PROFILE.
cmd/config_cmd.go:
- config edit --profile NAME: profile-scoped config files, seeded from default.
static/build/docker-entrypoint:
- If EXITBOX_ENV_PROFILE set, uses /profiles/ config dir; seeds from default on first run.
internal/wizard/tui.go:
- New "Env profiles" step in setup wizard (informational, lists profiles, points to CLI).

OpenCode install: no more pre-downloaded tarball

internal/agents/opencode/docker.go:
- Dockerfile now fetches release tarball + SHA-256 from GitHub API at build time (no curl | bash pattern).
- Drops old pre-build download logic.
internal/agents/opencode/version.go:
- Latest version from npm registry (@latest), not GitHub releases.
internal/agents/opencode/opencode.go:
- NpmPackageName() for per-arch npm packages.
Tests updated to match new behavior.

Codex version resolution

internal/agents/codex/docker.go:
- PrepareBuild now calls GetLatestVersion() instead of hardcoding "latest".

"Profiles" → "Roles" rename (dev stack)

internal/profile/profile.go:
- Profile → Role; All() → AllRoles(); Exists → RoleExists; Get → GetRole.
internal/profile/dockerfile.go, manager.go, internal/image/project.go, internal/wizard/roles.go/tui.go/wizard.go:
- All updated: functions, fields, comments, error messages.
README: section renamed "Available Profiles" → "Available Roles"; text adjusted.

Build cache / force behavior

internal/image/core.go: BuildCore adds --no-cache when force is true.
internal/image/tools.go: same for BuildTools.
internal/image/project.go: passes force down to BuildTools.
cmd/rebuild.go: removed duplicate BuildCore call.

Entrypoint: raw command support

static/build/docker-entrypoint:
- New should_exec_raw function: if EXITBOX_RAW_COMMAND=true or command is a shell-like binary, bypass agent routing and run raw.
- Used in run_agent_once and run_agent_loop.

README / docs

Added Qwen, env profiles, --profile, profile-scoped config, supply-chain notes for OpenCode, renamed "profiles" → "roles".

…rofiles→roles" rename + build cache hardening + raw-command escape in entrypoint

- config_cmd.go: return on invalid profile name; note profile-scoped config copy - env.go: validateProfileName in all subcommands; clear default on delete; multi-word EDITOR via sh -c; sanitize temp name - run.go: surface ResolveActiveWorkspace/GetDefault errors; early returns - jstools: add "trusted input only" comment - opencode: ensure curl/jq; GITHUB_TOKEN auth; safer binary selection; fix log message - opencode/version.go: document npm/GitHub version alignment invariant - entrypoint: refactor should_exec_raw/run_agent_loop/tmux logic; add tests for passthrough and auth flows

github-actions · 2026-05-13T15:27:44Z

Merging this branch will not change overall coverage

Impacted Packages	Coverage Δ	🤖
github.com/Cloud-Exit/ExitBox/cmd	0.00% (ø)
github.com/Cloud-Exit/ExitBox/internal/agents/codex	0.00% (ø)
github.com/Cloud-Exit/ExitBox/internal/agents/jstools	0.00% (ø)
github.com/Cloud-Exit/ExitBox/internal/agents/opencode	0.00% (ø)
github.com/Cloud-Exit/ExitBox/internal/agents/qwen	0.00% (ø)
github.com/Cloud-Exit/ExitBox/internal/env	0.00% (ø)
github.com/Cloud-Exit/ExitBox/internal/image	0.00% (ø)
github.com/Cloud-Exit/ExitBox/internal/ipc	0.00% (ø)
github.com/Cloud-Exit/ExitBox/internal/profile	0.00% (ø)
github.com/Cloud-Exit/ExitBox/internal/run	0.00% (ø)
github.com/Cloud-Exit/ExitBox/internal/wizard	0.00% (ø)

Coverage by file

Changed files (no unit tests)

Changed File	Coverage Δ	Total	Covered	Missed	🤖
github.com/Cloud-Exit/ExitBox/cmd/config_cmd.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/cmd/env.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/cmd/rebuild.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/cmd/run.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/agents/codex/docker.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/agents/jstools/install.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/agents/opencode/docker.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/agents/opencode/opencode.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/agents/opencode/version.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/agents/qwen/docker.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/env/env.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/image/core.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/image/project.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/image/tools.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/ipc/server.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/profile/dockerfile.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/profile/manager.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/profile/profile.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/run/run.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/wizard/roles.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/wizard/tui.go	0.00% (ø)	0	0	0
github.com/Cloud-Exit/ExitBox/internal/wizard/wizard.go	0.00% (ø)	0	0	0

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

Changed unit test files

github.com/Cloud-Exit/ExitBox/internal/agents/jstools/install_test.go
github.com/Cloud-Exit/ExitBox/internal/agents/opencode/opencode_test.go
github.com/Cloud-Exit/ExitBox/internal/env/env_test.go
github.com/Cloud-Exit/ExitBox/internal/run/run_test.go
github.com/Cloud-Exit/ExitBox/internal/wizard/roles_test.go

bigheart-x

Added some feedback. Please check @thecodeassassin

thecodeassassin · 2026-05-13T15:54:29Z

Thanks for the review. All comments addressed:

config_cmd.go: now returns after validation error; added comment that profile-scoped config is a full copy of default (including API keys) so operators can rotate if they split profiles between providers.
env.go:
- validateProfileName added to all subcommands (create/edit/show/delete/default).
- env delete clears default when deleted profile is current default.
- EDITOR now runs via sh -c so multi-word (e.g. code --wait) works.
- temp filename sanitized.
run.go:
- ResolveActiveWorkspace errors now surfaced (Warnf).
- GetDefault errors now surfaced (Warnf).
- early returns on validation/load failures.
jstools/install.go: added "callers must pass trusted package specifiers only" comment.
opencode/docker.go:
- added apk add curl jq.
- added GITHUB_TOKEN auth header to reduce 403s.
- replaced find | head -n1 with fixed path + single-match fallback.
- fixed log message (was "bun install", now "GitHub release tarball, SHA-256 verified").
opencode/version.go: added comment about npm/GitHub version alignment invariant.

bigheart-x

LGTM now

Short: IPC fix + Qwen + env profiles + OpenCode install overhaul + "p…

d63e39c

…rofiles→roles" rename + build cache hardening + raw-command escape in entrypoint

thecodeassassin requested a review from bigheart-x May 12, 2026 22:24

thecodeassassin mentioned this pull request May 12, 2026

"exitbox run opencode" fails #18

Open