I've been reading through the sandbox/ package and want to flag, separately from any bug report, just how well-structured the dependency-injection pattern is. It's the kind of thing that's easy to miss in a review but pays off enormously over the lifetime of a codebase.
Almost every I/O-touching function — createListenerRuntime, runLocalSandboxAudit, dockerRunner, enhancedNetworkMonitor, the retry queue, the LLM client — accepts an optional dependencies (or options) object with typed overrides for every external call: fetchImpl, commandRunner, createJsonRpcWriteClient, now, sleep, etc. Production code uses the real implementations as defaults, and tests can swap any of them out without jest.mock gymnastics or module-level patching.
The pattern is applied consistently, which is the hard part. A lot of TypeScript projects start with DI, then someone adds import fetch from "node-fetch" at the top of a new file, and within a year half the codebase is untestable. Here, even the "obvious" calls like Date.now() are routed through an injected now() function in the listener runtime, which means time-dependent tests are deterministic.
For new contributors reading this: please follow this convention. It's one of the reasons the test suite for sandbox/ is as fast and reliable as it is.
Nice work to whoever set this up early. 🙏
I've been reading through the
sandbox/package and want to flag, separately from any bug report, just how well-structured the dependency-injection pattern is. It's the kind of thing that's easy to miss in a review but pays off enormously over the lifetime of a codebase.Almost every I/O-touching function —
createListenerRuntime,runLocalSandboxAudit,dockerRunner,enhancedNetworkMonitor, the retry queue, the LLM client — accepts an optionaldependencies(oroptions) object with typed overrides for every external call:fetchImpl,commandRunner,createJsonRpcWriteClient,now,sleep, etc. Production code uses the real implementations as defaults, and tests can swap any of them out withoutjest.mockgymnastics or module-level patching.The pattern is applied consistently, which is the hard part. A lot of TypeScript projects start with DI, then someone adds
import fetch from "node-fetch"at the top of a new file, and within a year half the codebase is untestable. Here, even the "obvious" calls likeDate.now()are routed through an injectednow()function in the listener runtime, which means time-dependent tests are deterministic.For new contributors reading this: please follow this convention. It's one of the reasons the test suite for
sandbox/is as fast and reliable as it is.Nice work to whoever set this up early. 🙏