Added: Wire bubblewrap sandbox profiles into agent build pipeline

- Add factory module with create_sandbox, create_sandbox_with, create_temp_sandbox
- Add SandboxDirs and TempSandboxDirs for borrowed and owned directory layouts
- Add new_with_sandbox and new_with_temp_sandbox constructors to AgentBuildContext
- Pass sandbox profile to BashTool during agent build
- Enable default features on bubblewrap dependency in core crate

Author: Sewer56

src/llm-coding-tools-bubblewrap/ARCHITECTURE.md

@@ -17,6 +17,7 @@ llm-coding-tools-bubblewrap
 │   ├── mod.rs              module root; re-exports public API surface
 │   ├── types.rs            Profile, Preset, TmpBacking, Availability, etc.
 │   ├── builder.rs          Builder + build() + static arg precomputation
+│   ├── factory.rs          create_sandbox, create_sandbox_with, TempSandboxDirs (feature "default-sandbox")
 │   ├── presets.rs          public_bot() & trusted_maintenance() constructors
 │   ├── validation.rs       path/symlink/env/tmp validators
 │   └── layout.rs           SandboxLayout — "is this host path visible inside?"

src/llm-coding-tools-bubblewrap/Cargo.toml

@@ -12,11 +12,11 @@ readme = "README.md"
 default = ["tokio"]
 tokio = ["dep:process-wrap", "process-wrap/tokio1", "process-wrap/process-group"]
 blocking = ["dep:process-wrap", "process-wrap/std", "process-wrap/process-group"]
-
 [dependencies]
 parking_lot = "0.12"
 thiserror = "2.0"
 process-wrap = { version = "9", default-features = false, optional = true }
+tempfile = "3"
 
 [dev-dependencies]
 rstest = "0.26"

src/llm-coding-tools-bubblewrap/src/lib.rs

@@ -13,6 +13,10 @@ pub mod wrap;
 mod test_helpers;
 
 pub use error::LinuxBwrapError;
+pub use profile::{
+    create_sandbox, create_sandbox_with, create_temp_sandbox, CreateSandboxError, SandboxDirs,
+    TempSandboxDirs,
+};
 pub use profile::{
     Availability, Builder, EnvVar, FileMount, NetworkPolicy, Preset, Profile, Symlink, TmpBacking,
 };

src/llm-coding-tools-bubblewrap/src/profile/factory.rs

@@ -0,0 +1,299 @@
+//! Convenience constructors for sandbox profiles.
+//!
+//! Use [`create_sandbox`] for preset profiles or [`create_sandbox_with`] for
+//! custom builders, passing a [`SandboxDirs`] that specifies the host
+//! directory paths. Use [`create_temp_sandbox`] for the common case where
+//! all directories are auto-managed temporaries.
+//!
+//! # Directory ownership
+//!
+//! [`SandboxDirs`] borrows its paths, so the backing storage must outlive
+//! the `create_sandbox` / `create_sandbox_with` call. When all directories
+//! are ephemeral, [`TempSandboxDirs`] owns the temp tree and
+//! [`TempSandboxDirs::as_dirs`] provides the borrowed view.
+
+use super::builder::Builder;
+use super::types::{Availability, Preset, Profile};
+use crate::LinuxBwrapError;
+use std::path::Path;
+use std::sync::Arc;
+
+/// Borrowed directory paths for sandbox construction.
+///
+/// Lightweight view over three host directories that a sandbox profile
+/// needs: a synthetic home, a cache root, and a host-tmp directory.
+/// Because the fields are borrowed references, the backing storage must
+/// outlive this value.
+///
+/// Use [`TempSandboxDirs::as_dirs`] when all directories come from an
+/// auto-managed temp tree, or construct this directly when mixing
+/// persisted and ephemeral directories.
+///
+/// # Examples
+///
+/// Mixed persistent cache with ephemeral home and host-tmp:
+///
+/// ```no_run
+/// use llm_coding_tools_bubblewrap::profile::SandboxDirs;
+/// use std::path::Path;
+///
+/// let temp = llm_coding_tools_bubblewrap::TempSandboxDirs::new().unwrap();
+/// let dirs = SandboxDirs::new(
+///     temp.home(),                    // ephemeral
+///     Path::new("/persistent/cache"), // survives across sessions
+///     temp.host_tmp(),               // ephemeral
+/// );
+/// ```
+pub struct SandboxDirs<'a> {
+    home: &'a Path,
+    cache: &'a Path,
+    host_tmp: &'a Path,
+}
+
+impl<'a> SandboxDirs<'a> {
+    /// Creates a new directory spec from borrowed host paths.
+    ///
+    /// # Arguments
+    /// - `home` - Host path to the synthetic home directory.
+    /// - `cache` - Host path to the cache root directory.
+    /// - `host_tmp` - Host path to the host-tmp directory.
+    pub fn new(home: &'a Path, cache: &'a Path, host_tmp: &'a Path) -> Self {
+        Self {
+            home,
+            cache,
+            host_tmp,
+        }
+    }
+
+    /// Returns the host path to the synthetic home directory.
+    pub fn home(&self) -> &'a Path {
+        self.home
+    }
+
+    /// Returns the host path to the cache root directory.
+    pub fn cache(&self) -> &'a Path {
+        self.cache
+    }
+
+    /// Returns the host path to the host-tmp directory.
+    pub fn host_tmp(&self) -> &'a Path {
+        self.host_tmp
+    }
+}
+
+/// Auto-managed temp directory layout for sandbox construction.
+///
+/// Creates a temp directory with `home`, `cache`, and `host-tmp`
+/// subdirectories. The `cache` subdirectory also gets `xdg-cache` and
+/// `xdg-state` sub-subdirectories created by [`Builder::build`].
+///
+/// Wrapped in [`Arc`] when returned from [`create_temp_sandbox`] so it can
+/// be stored alongside the profile in shared state.
+pub struct TempSandboxDirs {
+    tmpdir: tempfile::TempDir,
+    home: Box<Path>,
+    cache: Box<Path>,
+    host_tmp: Box<Path>,
+}
+
+impl TempSandboxDirs {
+    /// Creates a new temp directory layout.
+    ///
+    /// # Returns
+    /// - `Ok(Self)`: A temp directory layout with `home`, `cache`, and
+    ///   `host-tmp` subdirectories created under a system temp directory.
+    ///
+    /// # Errors
+    /// - Returns [`std::io::Error`] when the system temp directory cannot be
+    ///   created (e.g., no writable temp dir, disk full, or permission denied),
+    ///   or when any subdirectory (`home`, `cache`, or `host-tmp`) cannot be
+    ///   created inside the temp directory.
+    pub fn new() -> std::io::Result<Self> {
+        let tmpdir = tempfile::Builder::new()
+            .prefix("llm-coding-tools-sandbox-")
+            .tempdir()?;
+
+        let home = tmpdir.path().join("home").into_boxed_path();
+        let cache = tmpdir.path().join("cache").into_boxed_path();
+        let host_tmp = tmpdir.path().join("host-tmp").into_boxed_path();
+
+        // Builder::build() validates directories exist, so create them first.
+        std::fs::create_dir_all(&home)?;
+        std::fs::create_dir_all(&cache)?;
+        std::fs::create_dir_all(&host_tmp)?;
+
+        Ok(Self {
+            tmpdir,
+            home,
+            cache,
+            host_tmp,
+        })
+    }
+
+    /// Returns a [`SandboxDirs`] view over this temp directory layout.
+    ///
+    /// Useful for passing to [`create_sandbox`] or [`create_sandbox_with`]
+    /// when all directories come from this auto-managed temp tree.
+    pub fn as_dirs(&self) -> SandboxDirs<'_> {
+        SandboxDirs::new(self.home(), self.cache(), self.host_tmp())
+    }
+
+    /// Returns the host path to the synthetic home directory.
+    pub fn home(&self) -> &Path {
+        &self.home
+    }
+
+    /// Returns the host path to the cache root directory.
+    pub fn cache(&self) -> &Path {
+        &self.cache
+    }
+
+    /// Returns the host path to the host-tmp directory.
+    pub fn host_tmp(&self) -> &Path {
+        &self.host_tmp
+    }
+
+    /// Returns a reference to the underlying temp directory.
+    pub fn temp_dir(&self) -> &tempfile::TempDir {
+        &self.tmpdir
+    }
+}
+
+/// Errors that can occur while creating a sandbox profile.
+#[derive(Debug, thiserror::Error)]
+pub enum CreateSandboxError {
+    /// Failed to create the sandbox directory layout.
+    #[error("failed to create sandbox directories: {0}")]
+    Dirs(#[source] std::io::Error),
+    /// Bubblewrap is not available on the host.
+    #[error("bubblewrap is not available: {0}")]
+    Unavailable(String),
+    /// Profile validation or assembly failed.
+    #[error("profile validation failed: {0}")]
+    Profile(#[from] LinuxBwrapError),
+}
+
+/// Creates a sandbox from a preset and a directory spec.
+///
+/// # Arguments
+/// - `workspace`: Host path to the project directory mounted inside the sandbox.
+/// - `preset`: The sandbox preset controlling mount layout and permissions.
+/// - `dirs`: The host directory paths for home, cache, and host-tmp.
+///
+/// # Returns
+/// - `Ok(`[`Arc<Profile>`]`)`: A ready-to-use sandbox profile.
+///
+/// # Errors
+/// - Returns [`CreateSandboxError::Unavailable`] when `bwrap` is not found on
+///   `PATH` or is otherwise unusable on the host (see [`Availability::detect`]).
+/// - Returns [`CreateSandboxError::Profile`] when [`Builder::build`] returns
+///   [`LinuxBwrapError`] (e.g., invalid paths, missing host shell inside the
+///   sandbox).
+pub fn create_sandbox(
+    workspace: &Path,
+    preset: Preset,
+    dirs: &SandboxDirs<'_>,
+) -> Result<Arc<Profile>, CreateSandboxError> {
+    // Select the builder preset for the desired sandbox policy.
+    let builder = match preset {
+        Preset::TrustedMaintenance => {
+            Builder::trusted_maintenance(workspace, dirs.home(), dirs.cache(), dirs.host_tmp())
+        }
+        Preset::PublicBot => Builder::public_bot(workspace, dirs.home(), dirs.cache(), None),
+    };
+    // Verify bubblewrap is present and usable on the host before building.
+    let availability = Availability::detect();
+    if !availability.is_available() {
+        return Err(CreateSandboxError::Unavailable(
+            availability
+                .reason()
+                .unwrap_or("unknown reason")
+                .to_string(),
+        ));
+    }
+    // Assemble and validate the profile, surfacing any structural errors.
+    let profile = builder
+        .with_availability(availability)
+        .build()
+        .map_err(CreateSandboxError::Profile)?;
+    Ok(Arc::new(profile))
+}
+
+/// Creates a sandbox with a custom builder and a directory spec.
+///
+/// Availability detection is handled automatically.
+///
+/// # Arguments
+/// - `workspace`: Host path to the project directory mounted inside the sandbox.
+/// - `dirs`: The host directory paths for home, cache, and host-tmp.
+/// - `f`: Closure receiving the workspace path and a [`SandboxDirs`] view;
+///   must return a configured [`Builder`].
+///
+/// # Returns
+/// - `Ok(`[`Arc<Profile>`]`)`: A ready-to-use sandbox profile.
+///
+/// # Errors
+/// - Returns [`CreateSandboxError::Unavailable`] when `bwrap` is not found on
+///   `PATH` or is otherwise unusable on the host (see [`Availability::detect`]).
+/// - Returns [`CreateSandboxError::Profile`] when [`Builder::build`] returns
+///   [`LinuxBwrapError`] (e.g., invalid paths, missing host shell inside the
+///   sandbox).
+pub fn create_sandbox_with<F>(
+    workspace: &Path,
+    dirs: &SandboxDirs<'_>,
+    f: F,
+) -> Result<Arc<Profile>, CreateSandboxError>
+where
+    F: FnOnce(&Path, &SandboxDirs<'_>) -> Builder,
+{
+    let builder = f(workspace, dirs);
+    let availability = Availability::detect();
+    if !availability.is_available() {
+        return Err(CreateSandboxError::Unavailable(
+            availability
+                .reason()
+                .unwrap_or("unknown reason")
+                .to_string(),
+        ));
+    }
+    let profile = builder
+        .with_availability(availability)
+        .build()
+        .map_err(CreateSandboxError::Profile)?;
+    Ok(Arc::new(profile))
+}
+
+/// Creates a sandbox from a preset with auto-managed temp directories.
+///
+/// Convenience wrapper that creates a [`TempSandboxDirs`] and delegates to
+/// [`create_sandbox`]. The temp directory is wrapped in [`Arc`] so it can be
+/// stored alongside the profile in shared state.
+///
+/// # Directory layout
+///
+/// See [`TempSandboxDirs`].
+///
+/// # Arguments
+/// - `workspace`: Host path to the project directory mounted inside the sandbox.
+/// - `preset`: The sandbox preset controlling mount layout and permissions.
+///
+/// # Returns
+/// - `Ok((`[`Arc<Profile>`]`, `[`Arc<TempSandboxDirs>`]`))`: A ready-to-use
+///   sandbox profile and its owning temp directory layout.
+///
+/// # Errors
+/// - Returns [`CreateSandboxError::Dirs`] when the system temp directory or
+///   any subdirectory cannot be created (see [`TempSandboxDirs::new`]).
+/// - Returns [`CreateSandboxError::Unavailable`] when `bwrap` is not found on
+///   `PATH` or is otherwise unusable on the host (see [`Availability::detect`]).
+/// - Returns [`CreateSandboxError::Profile`] when [`Builder::build`] returns
+///   [`LinuxBwrapError`] (e.g., invalid paths, missing host shell inside the
+///   sandbox).
+pub fn create_temp_sandbox(
+    workspace: &Path,
+    preset: Preset,
+) -> Result<(Arc<Profile>, Arc<TempSandboxDirs>), CreateSandboxError> {
+    let dirs = TempSandboxDirs::new().map_err(CreateSandboxError::Dirs)?;
+    let profile = create_sandbox(workspace, preset, &dirs.as_dirs())?;
+    Ok((profile, Arc::new(dirs)))
+}

src/llm-coding-tools-bubblewrap/src/profile/mod.rs

@@ -7,12 +7,17 @@
 //! - [`TmpBacking`] - how sandbox `/tmp` is mounted
 
 mod builder;
+mod factory;
 pub(crate) mod layout;
 mod presets;
 mod types;
 pub(crate) mod validation;
 
 pub use builder::Builder;
+pub use factory::{
+    create_sandbox, create_sandbox_with, create_temp_sandbox, CreateSandboxError, SandboxDirs,
+    TempSandboxDirs,
+};
 pub use types::{
     Availability, EnvVar, FileMount, FileOverlay, NetworkPolicy, Preset, Profile, Symlink,
     TmpBacking,

src/llm-coding-tools-core/Cargo.toml

@@ -103,7 +103,7 @@ process-wrap = { version = "9.1", default-features = false }
 const_format = "0.2.35"
 
 # Linux sandbox types and runtime
-llm-coding-tools-bubblewrap = { version = "0.1.0", path = "../llm-coding-tools-bubblewrap", optional = true, default-features = false }
+llm-coding-tools-bubblewrap = { version = "0.1.0", path = "../llm-coding-tools-bubblewrap", optional = true }
 
 [dev-dependencies]
 serial_test = "3"