Skip to content

Add sandbox providers for CoreWeave and Wandb#890

Open
matthoare117-wandb wants to merge 6 commits into
huggingface:mainfrom
matthoare117-wandb:hoare/cw-wandb-sandbox-providers
Open

Add sandbox providers for CoreWeave and Wandb#890
matthoare117-wandb wants to merge 6 commits into
huggingface:mainfrom
matthoare117-wandb:hoare/cw-wandb-sandbox-providers

Conversation

@matthoare117-wandb

@matthoare117-wandb matthoare117-wandb commented Jun 30, 2026

Copy link
Copy Markdown

Summary

Adds OpenEnv support for running environments in both CoreWeave Sandboxes and W&B Serverless Sandboxes.

Includes optional cwsandbox and wandb extras, a W&B sandbox echo example, and unit tests for the new sandbox providers.

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation
  • New environment
  • Refactoring

Alignment Checklist

Before submitting, verify:

  • I have read .claude/docs/PRINCIPLES.md and this PR aligns with our principles

  • I have checked .claude/docs/INVARIANTS.md and no invariants are violated

  • I have run /pre-submit-pr (or bash .claude/hooks/lint.sh and tests) and addressed all issues

    Note: /pre-submit-pr was run via its underlying checks. The only remaining repo-wide formatting failures (uv run usort check src/ tests/ and uv run ruff format src/ tests/ envs/ --check) reproduce on origin/main in a separate worktree, so they are pre-existing unrelated formatting drift and not new issues introduced by this PR.

RFC Status

  • Not required (adds optional runtime provider integrations; no core API contract changes)
  • RFC exists: #___
  • RFC needed (will create before merge)

Test Plan

  • Provider unit tests - 26 passed
  • Full non-integration test suite - 1398 passed, 92 skipped, 36 deselected
  • Lint/debug checks passed for this PR’s changed files
  • Manual sandbox smoke suite passed for Hosted Echo, Echo/CodingEnv via CWSandbox, and Echo/CodingEnv via W&B Sandbox

Claude Code Review

N/A


Note

Medium Risk
New remote-runtime path runs user container images with public ingress and executes shell in sandboxes; misconfiguration could orphan sandboxes or expose workloads, though cleanup and secret-handling mitigations are included.

Overview
Adds optional CoreWeave and W&B Serverless Sandbox integrations so OpenEnv environments can run on remote sandboxes instead of only local Docker or other existing providers.

CWSandboxProvider implements the shared ContainerProvider contract: launch an image via cwsandbox, wait until RUNNING, then start the OpenEnv uvicorn server in the sandbox (because the SDK’s default keepalive does not run the env server). It can discover the server command from openenv.yaml or accept an explicit cmd, builds the client base URL from service_address, polls /health, and on teardown stops and deletes the sandbox (with retries and guards against double-start). Startup failures avoid leaking injected env secrets in errors unless surface_server_logs=True (with best-effort redaction).

WandbSandboxProvider subclasses that logic and swaps in the wandb.sandbox SDK plus W&B-specific preflight and integration metadata.

pyproject.toml gains optional cwsandbox and wandb extras (Python ≥3.11). A new examples/wandb_sandbox_echo_env.py demonstrates Echo on W&B sandboxes. Unit tests cover lifecycle, auth, URL scheme, and log redaction.

Reviewed by Cursor Bugbot for commit 77eb3bc. Bugbot is set up for automated code reviews on this repo. Configure here.

@matthoare117-wandb matthoare117-wandb changed the title Hoare/cw wandb sandbox providers Add sandbox providers for CoreWeave and Wandb Jun 30, 2026
@matthoare117-wandb matthoare117-wandb marked this pull request as ready for review June 30, 2026 16:26
@burtenshaw

Copy link
Copy Markdown
Collaborator

Cool pull request. Thanks. Reviewing now.

@sergiopaniego sergiopaniego left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR! Some comments from a first pass:

Transport security (S1)

Both ModalProvider and ACASandboxProvider enforce https/wss transport via _require_secure_url() (RFC 002 invariant S1), because EnvClient derives the WebSocket URL from base_url (http:// becomes cleartext ws:// in convert_to_ws_url). CWSandboxProvider defaults to url_scheme="http" and returns http://{service_address} when the address has no scheme. Combined with ingress_mode="public" by default, client traffic can travel in cleartext against a public endpoint. EnvClient does not block this on its own (it only skips the proxy for localhost, no cleartext warning for remote hosts). Could we add the same _require_secure_url guard (or force/validate https) before returning the URL?

Public ingress opt-in (S2)

ACASandboxProvider requires an explicit anonymous_port=True (RFC 002 invariant S2, "public exposure is never implicit"). Here ingress_mode="public" is the default with no explicit opt-in or warning. Could we require an explicit opt-in (or at least warn) to match the ACA pattern?

Docs

The provider table and "Per-provider setup" section in docs/source/guides/runtime-providers.md, plus the container-providers section in docs/source/reference/core.md, are not updated, so these two providers are currently undocumented. Adding table rows and setup blocks for CWSandbox and W&B (with a "Full example" link, like Daytona/Modal have) would keep the providers doc complete.

Examples

The PR adds an example for W&B (the subclass) but not for CWSandboxProvider, which is the base provider holding all the logic. It would be good to add a CWSandbox example (or generalize the current one to cover both). A couple of style nits to align the W&B example with modal_echo_env.py:

  • The try/except Exception: provider.stop_container(); raise around from_docker_image plus a separate async with env mixes two cleanup styles. Modal uses the cleaner with Provider() as provider: start_container / wait_for_ready / stop pattern.
  • Prefer logging over print to match the other examples.
  • The example references registry.hf.space/openenv-echo-env:latest with a hardcoded SERVER_CMD, whereas Modal/Daytona build the image with Provider.image_from_dockerfile(...). A short note on where that image comes from would help.

RFC status

The PR marks RFC as "Not required", but Modal and ACA landed under the proposed "Cloud Sandbox Providers" amendment to RFC 002, which is where the S1/S2 invariants come from. A new cloud provider with public ingress should reference and satisfy those invariants rather than opt out (ties into the two points above).

Minor

  • wait_for_ready docstring says "respond to /health and /ws" but only polls /health.
  • The two new provider files and the two test files are missing the BSD copyright header that all other providers (and __init__.py) carry.
  • If S1/S2 get implemented, a test asserting the resulting URL is secure and that implicit public ingress is rejected would be worth adding.

@burtenshaw

Copy link
Copy Markdown
Collaborator

Adding one stack-compatibility note, and +1 to the S1/S2 feedback above.

  • [P1] The public/plain defaults should match the safer provider posture before merge: public ingress should be explicit, and public remote URLs should not fall back to cleartext http / ws. This is the same issue called out above under transport security and public ingress.
  • [P2] This provider should also line up with Provider-owned startup #880/Add HF sandbox provider #841's provider-owned startup contract. EnvClient(provider=...) starts a provider by calling provider.start_container() with no image, and HF Sandbox / Modal / Daytona handle that by accepting constructor-owned image / env_vars while keeping explicit start_container(image, ...). CWSandboxProvider still requires image, so CoreWeave/W&B will not compose cleanly once Provider-owned startup #880 lands. I would either add constructor image / env_vars support here or track a clear follow-up before stacking this with Add HF sandbox provider #841.

@burtenshaw burtenshaw added feature size: large Large pull request labels Jul 1, 2026
@matthoare117-wandb

Copy link
Copy Markdown
Author

🙏 Thanks so much for the thoughtful review. I really appreciate you taking the time, and I’ll address the feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

feature size: large Large pull request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants