Restrict the sandbox to AssemblyAI logins#208
Merged
Conversation
The sandbox runs on internal infrastructure that an external account can neither reach nor authenticate against, yet `--sandbox`/`--env sandbox000` and the sandbox-only commands (speak/dub/agent-cascade) were offered to everyone. Gate the whole sandbox surface on the login's email domain: - Capture the email from AMS discovery at browser login and persist it on the profile (config.persist_login); API-key-only profiles have none and so read as external. - core/access.py decides internal vs external from that email (`@assemblyai.com`, fail-closed on a corrupt config). - The root callback rejects an internal-only environment for an external account with a clean exit-2 error, exempting `login` so a first-time employee can still sign in to the sandbox (which records the email). - `assembly --help` hides the sandbox flags and [sandbox] commands from external accounts, restoring them after the render so completion and later in-process renders are unaffected. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01QqLkQANDitxPuBwkQJuCi4
The new help-hiding test asserted on raw CliRunner output, which is plain locally but colored in CI (runners export FORCE_COLOR). Rich splits a flag's leading dash into its own ANSI span, so `"--profile" in output` fails in CI — and the negative `"--flag" not in output` checks would pass vacuously, hiding regressions. Fix the root cause for the whole suite, not just this test: strip FORCE_COLOR in conftest at import time (before the app's module-level Rich consoles are built) and per-test in isolate_env, so output renders the same plain text locally and in CI. Color-specific tests already build their own forced consoles, so they're unaffected; this also removes a flaky is_terminal-driven update-check spawn. Documented in tests/AGENTS.md next to the render-width note. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01QqLkQANDitxPuBwkQJuCi4
The previous attempt to make the whole suite colorless (popping FORCE_COLOR in conftest) does not hold in CI — CI re-colors the help render regardless, so the test kept failing with the leading-dash-split substring. Revert that and use the proven approach the --help snapshot suite already relies on: normalize (ANSI strip) the output before the substring checks, which is correct whether or not the render is colored. Also stub the post-login update-check so it can't spawn a detached refresh subprocess (a Popen → ResourceWarning under a tty-reporting console). AGENTS.md now documents the real guidance: CI color can't be disabled from the test process — strip ANSI in assertions on rendered output. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01QqLkQANDitxPuBwkQJuCi4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The sandbox runs on internal infrastructure that an external account can
neither reach nor authenticate against, yet
--sandbox/--env sandbox000and the sandbox-only commands (speak/dub/agent-cascade) were offered to
everyone. Gate the whole sandbox surface on the login's email domain:
the profile (config.persist_login); API-key-only profiles have none and
so read as external.
(
@assemblyai.com, fail-closed on a corrupt config).account with a clean exit-2 error, exempting
loginso a first-timeemployee can still sign in to the sandbox (which records the email).
assembly --helphides the sandbox flags and [sandbox] commands fromexternal accounts, restoring them after the render so completion and
later in-process renders are unaffected.
Co-Authored-By: Claude Opus 4.8 noreply@anthropic.com
Claude-Session: https://claude.ai/code/session_01QqLkQANDitxPuBwkQJuCi4