Skip to content

chore(sandbox): add jless to sandbox image#232

Merged
visahak merged 3 commits into
AgentToolkit:mainfrom
vinodmut:chore-sandbox-add-jless
Apr 29, 2026
Merged

chore(sandbox): add jless to sandbox image#232
visahak merged 3 commits into
AgentToolkit:mainfrom
vinodmut:chore-sandbox-add-jless

Conversation

@vinodmut

@vinodmut vinodmut commented Apr 29, 2026

Copy link
Copy Markdown
Contributor

Summary

Install jless (a pager/viewer for JSON and JSONL) into the base sandbox Docker image. Fetches the latest release from the GitHub API dynamically so we're not pinned to a specific version.

Why

The sandbox is increasingly used to inspect saved session transcripts (.evolve/trajectories/*.jsonl) and API responses. jless makes browsing those files tractable without leaving the container — cat | less on a multi-MB JSONL is painful.

Test plan

  • just sandbox-build claude succeeds
  • Inside the container: jless --version returns a version
  • Inside the container: jless /workspace/.evolve/trajectories/claude-transcript_*.jsonl opens an interactive viewer

Summary by CodeRabbit

  • Chores
    • Updated sandbox environment to automatically install the latest jless tool from GitHub releases.

Install the latest jless from PaulJuliusMartinez/jless as part of the base
image build (dynamic version lookup via the GitHub releases API).
@coderabbitai

coderabbitai Bot commented Apr 29, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@vinodmut has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 43 minutes and 59 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: fd37ce03-4d1f-4dcc-b5dc-e476b5c38177

📥 Commits

Reviewing files that changed from the base of the PR and between 09b4616 and 7656675.

📒 Files selected for processing (1)
  • sandbox/Dockerfile
📝 Walkthrough

Walkthrough

The Dockerfile modification installs jless by downloading a prebuilt binary from GitHub's latest release, extracting the x86_64-unknown-linux-gnu archive into /usr/local/bin, setting executable permissions, and cleaning up temporary files.

Changes

Cohort / File(s) Summary
Build Tool Installation
sandbox/Dockerfile
Updated jless installation method to use GitHub releases API for fetching and extracting the latest prebuilt binary instead of package manager approach.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested reviewers

  • illeatmyhat
  • visahak

Poem

🐰 A binary hops into the sandbox so fine,
From GitHub's releases, extracted in time,
With /usr/local/bin as its new home base,
jless now dances in Docker's embrace!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and accurately describes the main change: adding jless tool to the sandbox Docker image. It is concise, specific, and directly related to the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 0/1 reviews remaining, refill in 43 minutes and 59 seconds.

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
sandbox/Dockerfile (1)

45-48: Optional: Verify downloaded binary integrity.

Downloading executables without checksum verification is a supply chain risk. The jless releases include SHA256 checksums that could be validated.

🔐 Example with checksum verification (if version is pinned)
+    && JLESS_SHA256="<expected_sha256_here>" \
     && curl -fsSL "$JLESS_URL" -o /tmp/jless.zip \
+    && echo "${JLESS_SHA256}  /tmp/jless.zip" | sha256sum -c - \
     && unzip -o /tmp/jless.zip -d /usr/local/bin \
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@sandbox/Dockerfile` around lines 45 - 48, Add checksum verification for the
downloaded jless archive: when fetching $JLESS_URL into /tmp/jless.zip, also
fetch or accept a pinned SHA256 value (e.g., JLESS_SHA256) or download the
release .sha256 file and then run a sha256sum check against /tmp/jless.zip; if
the checksum does not match, exit the build with a non-zero status and don’t
install the binary. Update the Dockerfile steps that reference JLESS_URL and
/tmp/jless.zip to perform the checksum fetch/compare before unzip, and ensure
cleanup still removes /tmp/jless.zip on success or failure.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@sandbox/Dockerfile`:
- Around line 42-45: The Dockerfile extract assigns JLESS_URL and immediately
downloads it, but if the GitHub API/grep fails JLESS_URL will be empty and curl
will produce a confusing error; update the Dockerfile to validate JLESS_URL
after extraction (the JLESS_URL variable assignment and the subsequent curl -o
/tmp/jless.zip) and abort the build with a clear error message if it is empty or
invalid (for example check that JLESS_URL is non-empty and looks like an https
URL, then echo a descriptive error to stderr and exit 1), or alternatively parse
the API response more robustly (e.g., using jq) before calling curl.
- Around line 42-48: The Dockerfile step that discovers and installs jless via
the GitHub "releases/latest" API should be changed to pin to a concrete release
and to fail fast if the download URL is not found: replace the dynamic API
lookup that sets JLESS_URL with a hardcoded release URL (or a build ARG like
JLESS_VERSION used to construct
https://github.com/PaulJuliusMartinez/jless/releases/download/${JLESS_VERSION}/jless-<platform>.zip)
so builds are reproducible, and add a check after computing JLESS_URL (the same
variable in the diff) that aborts the build with a clear error if JLESS_URL is
empty or the curl to download /tmp/jless.zip fails before proceeding to
unzip/chmod/remove the archive.

---

Nitpick comments:
In `@sandbox/Dockerfile`:
- Around line 45-48: Add checksum verification for the downloaded jless archive:
when fetching $JLESS_URL into /tmp/jless.zip, also fetch or accept a pinned
SHA256 value (e.g., JLESS_SHA256) or download the release .sha256 file and then
run a sha256sum check against /tmp/jless.zip; if the checksum does not match,
exit the build with a non-zero status and don’t install the binary. Update the
Dockerfile steps that reference JLESS_URL and /tmp/jless.zip to perform the
checksum fetch/compare before unzip, and ensure cleanup still removes
/tmp/jless.zip on success or failure.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8c8ce516-c92c-4183-a0ce-6c5cd786a07b

📥 Commits

Reviewing files that changed from the base of the PR and between afe8459 and 09b4616.

📒 Files selected for processing (1)
  • sandbox/Dockerfile

Comment thread sandbox/Dockerfile
Comment thread sandbox/Dockerfile
visahak and others added 2 commits April 29, 2026 11:14
Addresses CodeRabbit review finding: if the GitHub API request or
greppattern change silently, JLESS_URL would be empty and the
subsequent curl would produce a confusing error. Validate it's
non-empty and emit a descriptive message before attempting the
download.
@vinodmut vinodmut requested review from illeatmyhat and visahak April 29, 2026 16:33
@visahak visahak merged commit e51a7f2 into AgentToolkit:main Apr 29, 2026
16 checks passed
@vinodmut vinodmut deleted the chore-sandbox-add-jless branch April 29, 2026 18:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants