[codex] feat(sandbox): integrate Apptainer provider stack#1798
Draft
hemildesai wants to merge 6 commits into
Draft
[codex] feat(sandbox): integrate Apptainer provider stack#1798hemildesai wants to merge 6 commits into
hemildesai wants to merge 6 commits into
Conversation
Sandbox providers are now defined as named blocks in their own config files (e.g. nemo_gym/sandbox/providers/opensandbox/configs/opensandbox.yaml) that agents reference by name (sandbox_provider: sandbox). Swapping providers becomes swapping one config path in +config_paths, with no edits to the agent config. - Add resolve_provider_config to resolve a sandbox name (or an inline single-key mapping) to a single provider config. - Make mini_swe_agent_2's config provider-neutral and resolve the reference at runtime. - Document single / swap / multiple-sandbox usage, including distinct instance names for mixing providers or running two configs of the same provider type. Refs NVIDIA-NeMo#1377 Signed-off-by: Ananth Subramaniam <ansubramania@nvidia.com>
A sandbox block may carry an optional `default_metadata` key whose entries are merged into each sandbox's spec metadata (SandboxSpec.metadata), with the agent's own sandbox_spec.metadata taking precedence. This keeps provider-identifying tags with the provider config instead of the provider-neutral agent config. - Add resolve_provider_metadata and exclude reserved keys (default_metadata) from resolve_provider_config. - mini_swe_agent_2 merges provider default_metadata into the sandbox spec metadata. - Restore sandbox-api: opensandbox-sdk via the opensandbox provider config. Refs NVIDIA-NeMo#1377 Signed-off-by: Ananth Subramaniam <ansubramania@nvidia.com>
Add a `nemo_gym.sandbox_providers` entry point group so a separate package can publish a sandbox provider that becomes available on install/import, without editing the registry. Lookup precedence is explicit registration > built-in loaders > entry points; discovery is cached. Refs NVIDIA-NeMo#1377 Signed-off-by: Ananth Subramaniam <ansubramania@nvidia.com>
Two installed distributions publishing the same provider entry-point name now raise a clear error naming both packages, instead of silently picking one nondeterministically. An entry point shadowed by a higher-precedence built-in or registered provider is logged as a warning and ignored. Refs NVIDIA-NeMo#1377 Signed-off-by: Ananth Subramaniam <ansubramania@nvidia.com>
…aclass Represent the recognized per-sandbox create options (spec.provider_options) as a frozen OpenSandboxProviderOptions dataclass with a validating from_mapping, so the supported options and their types are discoverable in one place and unknown keys are rejected with a clear error. The create path now reads typed attributes instead of scattered dict lookups. SDK-owned nested structures (platform, volumes) stay pass-through mappings so their inner fields remain validated by the OpenSandbox SDK rather than over-constrained here. Refs NVIDIA-NeMo#1377 Signed-off-by: Ananth Subramaniam <ansubramania@nvidia.com>
Add the named Apptainer config and align provider options with the sandbox provider stack. Signed-off-by: Hemil Desai <hemil.desai10@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
sandboxconfig with provider-owned metadata and Mini SWE-ready instance settingsSandboxSpec.provider_optionsthrough a frozenApptainerProviderOptionsdataclassWhy
The provider stack ending at #1713 added named configs, provider defaults, and typed options for OpenSandbox, while the Apptainer provider from #1694 still relied on inline config and silently ignored unknown options. That also made the documented path-only provider swap fail because the Mini SWE config carried an OpenSandbox-only
platformoption.Impact
Users can select Apptainer by swapping the provider path in
+config_paths. Explicit agent provider options still override provider defaults by top-level key. Invalid Apptainer option names and types now fail before a staging directory or subprocess is created.Validation
uv run pytest tests/unit_tests/test_apptainer_provider.py tests/unit_tests/test_sandbox.py tests/unit_tests/test_opensandbox_provider.py responses_api_agents/mini_swe_agent_2/tests/test_app.py responses_api_agents/mini_swe_agent_2/tests/test_sandbox_environment.py -q— 125 passedruff checkandruff format --checkpre-commit run --files ...A live Linux Apptainer smoke test was not available on this macOS checkout; provider subprocess behavior remains covered by the existing hermetic test suite.
Refs #1713
Refs #1694