Root cause: _WORKDIR was hardcoded to "/home/user" which doesn't exist
in AWS AgentCore Code Interpreter environment (actual pwd is
/opt/amazon/genesis1p-tools/var). Every command was prefixed with
"cd /home/user && ..." which failed silently, producing empty stdout.
Fix:
- Default _WORKDIR to "/tmp" (universally available)
- Auto-detect actual working directory via "pwd" during
_construct_environment and override _WORKDIR dynamically
Verified: echo, python3, uname all return correct stdout.
Made-with: Cursor
Full pipeline working: Agent V2 node → Docker container creation →
CLI binary upload (linux/arm64) → dify init (fetch tools from API) →
dify execute (tool callback via CLI API) → result returned.
Fixes:
- Use sandbox.id (not vm.metadata.id) for CLI paths
- Upload CLI binary to container during sandbox creation
- Resolve linux binary separately for Docker containers on macOS
- Save Docker provider config via SandboxProviderService (proper
encryption) instead of raw DB insert
- Add verbose logging for sandbox tool execution path
- Fix NameError: binary not defined
Made-with: Cursor
- Skip Local sandbox provider under gevent worker (subprocess pipes
cause cooperative threading deadlock with Celery's gevent pool).
- Add non-blocking sandbox readiness check before tool execution.
- Add gevent timeout wrapper for sandbox bash session.
- Fix CLI binary resolution: add SANDBOX_DIFY_CLI_ROOT config field.
- Fix ExecutionContext.node_id propagation.
- Fix SkillInitializer to gracefully handle missing skill bundles.
- Update _invoke_tool_in_sandbox to use correct `dify execute` CLI
subcommand format (not `invoke-tool`).
The full sandbox-in-agent pipeline works end-to-end for network-based
providers (Docker, E2B, SSH). Local provider is skipped under gevent
but works in non-gevent contexts.
Made-with: Cursor
Close 3 integration gaps between the ported Sandbox system and Agent V2:
1. Fix _invoke_tool_in_sandbox to use SandboxBashSession context manager
API correctly (keyword args, bash_tool, ToolReference), with graceful
fallback to direct invocation when DifyCli binary is unavailable.
2. Inject sandbox into run_context via _resolve_sandbox_context() in
WorkflowBasedAppRunner — automatically creates a sandbox when a
tenant has an active sandbox provider configured.
3. Register SandboxLayer in both advanced_chat and workflow app runners
for proper sandbox lifecycle cleanup on graph end.
Also: make SkillInitializer non-fatal when no skill bundle exists,
add node_id to ExecutionContext for sandbox session scoping.
Made-with: Cursor
- workflow_execute_task: add AppMode.CHAT/AGENT_CHAT/COMPLETION to the
AdvancedChatAppGenerator routing branch so transparently upgraded old
apps can execute through the workflow engine.
- app_generate_service: use app_model.mode (not hardcoded AppMode.AGENT)
for SSE event subscription channel, ensuring the subscriber and
Celery publisher use the same Redis channel key.
Made-with: Cursor
- Auto-resolve parent_message_id when not provided by client,
querying the latest message in the conversation to maintain
the thread chain that extract_thread_messages() relies on.
- Add AppMode.AGENT to TokenBufferMemory mode checks so file
attachments in memory are handled via the workflow branch.
- Add debug logging for memory injection in node_factory and node.
Made-with: Cursor
