Skip to content

Studio Web: run the agent in a hosted SecEx sandbox (opt-in runtime)#3890

Draft
lezama wants to merge 21 commits into
trunkfrom
add-studio-web-secex-runtime
Draft

Studio Web: run the agent in a hosted SecEx sandbox (opt-in runtime)#3890
lezama wants to merge 21 commits into
trunkfrom
add-studio-web-secex-runtime

Conversation

@lezama

@lezama lezama commented Jun 18, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Related issues

Continues the Studio Web effort that landed the web-server + web connector (#3816) and the AgentRuntime seam.

How AI was used in this PR

The runtime, the SSE reader, the pause/answer/resume handling, and this description were drafted with Claude Code, then reviewed; the change typechecks and builds locally.

Proposed Changes

Studio Web can now run the agent in a hosted SecEx sandbox instead of a local child process, so the browser build of Studio works without anything running on the user's machine. Each user gets one sandbox — the cloud analog of "your laptop", with the same ~/Studio/ sites and ~/.claude sessions inside it, like the desktop app.

It plugs into the existing AgentRuntime seam: a new runtime drives the wpcom studio-code endpoint (POST /wpcom/v2/studio-code/run), which runs studio code --json in the sandbox and streams its events back over SSE. The web-server relays those through the same callbacks the local runtime already uses, so the run-manager and the browser UI are untouched.

Interactive questions and multi-turn work like the desktop. There's no live process in the sandbox to answer over IPC, so the runtime mirrors the proven headless pattern: when a turn pauses on a question the agent process stays "connected" instead of exiting, and answering re-drives the endpoint with the user's choice as the next message on the same sandbox session (resolved from turn.completed.sessionId). To the web-server and the UI it looks like an ordinary live run that asks and gets answered.

It's opt-in and zero-risk by default: the local child-process backend stays the default, and the SecEx runtime is only installed when STUDIO_WEB_BACKEND=secex is set.

Testing Instructions

npm run cli:build
STUDIO_WEB_BACKEND=secex node apps/cli/dist/cli/main.mjs web-server
# (sign in first with `auth login`; open the printed URL and send a prompt;
#  when the agent asks a question, answer it in the UI and the turn resumes)

Without the env var, web-server behaves exactly as before (local agent).

Note: full end-to-end depends on the wpcom studio-code /run route being deployed; the runtime is written to that endpoint's contract.

Pre-merge Checklist

  • Have you checked for TypeScript, React or other console errors? (npm run typecheck and npm run cli:build pass.)

@lezama @claude
Studio Web: run the agent in a hosted SecEx sandbox via an opt-in run…
a37ec61 
…time

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
lezama and others added 7 commits June 18, 2026 17:55
@lezama @claude
Studio Web: handle interactive questions and multi-turn in the SecEx …
ced6753 
…runtime

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: cache the sandbox session in the broker, plus web-server …
694e66e 
…debug logging

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: preserve the local session header when caching the sandbo…
7585313 
…x session

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: migrate the cached sandbox session to the format the UI r…
195cd8f 
…enders

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: await the session cache write before the run ends, fixing…
6af99be 
… the getSession race

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: serve the session's site from the broker (real Playground…
1d9c3ed 
… in Node)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama
Studio Web: overlay the agent's exported theme onto the broker-served…
6bff157 
… site
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 18, 2026
View reviewed changes
Comment thread apps/cli/web-server/site-server.ts Fixed
Comment thread apps/cli/web-server/site-server.ts Fixed
lezama and others added 3 commits June 19, 2026 10:47
@lezama @claude
Studio Web: serve the session's site preview through the shared site-…
f25d828 
…preview widget

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: keep a completed SecEx turn successful despite a trailing…
bc0e746 
… error frame

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: apply the agent's DB to the broker preview so content cha…
d5bfb94 
…nges show

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 19, 2026
View reviewed changes
Comment thread apps/cli/web-server/site-server.ts

const raw = Buffer.from( base64, 'base64' );
const buffer = isDb ? repointDbBuffer( raw, brokerUrl ) : raw;
await fs.mkdir( path.dirname( dest ), { recursive: true } );
Comment thread apps/cli/web-server/site-server.ts
const raw = Buffer.from( base64, 'base64' );
const buffer = isDb ? repointDbBuffer( raw, brokerUrl ) : raw;
await fs.mkdir( path.dirname( dest ), { recursive: true } );
await fs.writeFile( dest, buffer );
lezama and others added 10 commits June 19, 2026 11:50
@lezama @claude
Studio Web: allow starting a chat when the backend doesn't require auth
44575f1 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: keep an agent question interactive while a SecEx turn is …
dd2b4fe 
…paused

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: re-trigger the preview after a delay to catch the sandbox…
a0a5efd 
… snapshot lag

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: follow the latest active site when the agent switches sit…
aba3b2c 
…es mid-session

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: retry a SecEx run on 429 so resuming past a question isn'…
869b1d2 
…t lost to the run lock

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: don't let a lagging sandbox snapshot shrink the cached se…
e074e09 
…ssion (UI jump-back)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: resolve the preview site only from studio.site_selected, …
57fff1a 
…not any path in the transcript

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: wire the sidebar "New chat" menu item (it had no onClick)
2f318c4 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: make the sidebar New chat create and open a session directly
152e5bf 
The URL newChat-param trigger didn't fire the provider effect from outside the
ChatsProvider; create the session via the connector and navigate to it instead.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lezama @claude
Studio Web: refresh the preview on any run end, not only success
4806d53 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer
@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments
Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@lezama lezama

Labels

Proof of Concept

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lezama @github-advanced-security