From 8edaae8d8c83803a8f6819364602bbc06f6bff1a Mon Sep 17 00:00:00 2001 From: Mads Hvelplund Date: Thu, 18 Jun 2026 19:36:07 +0200 Subject: [PATCH 01/10] fix: resolve pre-commit check failures - Change RuntimeError to TypeError for type validation in report/writer.py - Update pyupgrade to v3.21.2 for Python 3.14 compatibility --- .pre-commit-config.yaml | 2 +- strix/report/writer.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d0a955230..159680498 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -46,7 +46,7 @@ repos: # Additional Python code quality checks - repo: https://github.com/asottile/pyupgrade - rev: v3.20.0 + rev: v3.21.2 hooks: - id: pyupgrade args: [--py312-plus] diff --git a/strix/report/writer.py b/strix/report/writer.py index 8118fe9f6..a7c2146df 100644 --- a/strix/report/writer.py +++ b/strix/report/writer.py @@ -27,7 +27,7 @@ def read_run_record(run_dir: Path) -> dict[str, Any]: except (OSError, json.JSONDecodeError) as exc: raise RuntimeError(f"run.json at {path} is unreadable: {exc}") from exc if not isinstance(data, dict): - raise RuntimeError(f"run.json at {path} is not an object") + raise TypeError(f"run.json at {path} is not an object") return data From 5d04eecd328876246f6a90c83ba28ed00df5aa1e Mon Sep 17 00:00:00 2001 From: Mads Hvelplund Date: Fri, 19 Jun 2026 05:33:55 +0200 Subject: [PATCH 02/10] chore: add pytest test infrastructure Mirror the layout introduced on feature/438-token_budget: pytest + pytest-asyncio dev deps, asyncio_mode auto, a tests.* mypy override, and pytest in the mypy pre-commit hook deps so the tests/ package type-checks. --- .pre-commit-config.yaml | 1 + pyproject.toml | 9 ++++++++ tests/__init__.py | 0 uv.lock | 51 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 61 insertions(+) create mode 100644 tests/__init__.py diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 159680498..ab2b55634 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -19,6 +19,7 @@ repos: types-python-dateutil, pydantic, fastapi, + pytest, "openai-agents[litellm]==0.14.6", ] args: [--install-types, --non-interactive] diff --git a/pyproject.toml b/pyproject.toml index 35f3c016e..4485d7793 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -55,8 +55,13 @@ dev = [ "bandit>=1.8.3", "pre-commit>=4.2.0", "pyinstaller>=6.17.0; python_version >= '3.12' and python_version < '3.15'", + "pytest>=8.3", + "pytest-asyncio>=0.24", ] +[tool.pytest.ini_options] +asyncio_mode = "auto" + [build-system] requires = ["hatchling"] build-backend = "hatchling.build" @@ -104,6 +109,10 @@ module = [ ignore_missing_imports = true disable_error_code = ["import-untyped"] +[[tool.mypy.overrides]] +module = ["tests.*"] +disallow_untyped_decorators = false + # ============================================================================ # Ruff Configuration (Fast Python Linter & Formatter) # ============================================================================ diff --git a/tests/__init__.py b/tests/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/uv.lock b/uv.lock index 29df8e941..cc7cb0a17 100644 --- a/uv.lock +++ b/uv.lock @@ -775,6 +775,15 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/a0/d9/a1e041c5e7caa9a05c925f4bdbdfb7f006d1f74996af53467bc394c97be7/importlib_metadata-8.5.0-py3-none-any.whl", hash = "sha256:45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b", size = 26514, upload-time = "2024-09-11T14:56:07.019Z" }, ] +[[package]] +name = "iniconfig" +version = "2.3.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/72/34/14ca021ce8e5dfedc35312d08ba8bf51fdd999c576889fc2c24cb97f4f10/iniconfig-2.3.0.tar.gz", hash = "sha256:c76315c77db068650d49c5b56314774a7804df16fee4402c1f19d6d15d8c4730", size = 20503, upload-time = "2025-10-18T21:55:43.219Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/cb/b1/3846dd7f199d53cb17f49cba7e651e9ce294d8497c8c150530ed11865bb8/iniconfig-2.3.0-py3-none-any.whl", hash = "sha256:f631c04d2c48c52b84d0d0549c99ff3859c98df65b3101406327ecc7d53fbf12", size = 7484, upload-time = "2025-10-18T21:55:41.639Z" }, +] + [[package]] name = "jinja2" version = "3.1.6" @@ -1347,6 +1356,15 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/63/d7/97f7e3a6abb67d8080dd406fd4df842c2be0efaf712d1c899c32a075027c/platformdirs-4.9.4-py3-none-any.whl", hash = "sha256:68a9a4619a666ea6439f2ff250c12a853cd1cbd5158d258bd824a7df6be2f868", size = 21216, upload-time = "2026-03-05T18:34:12.172Z" }, ] +[[package]] +name = "pluggy" +version = "1.6.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/f9/e2/3e91f31a7d2b083fe6ef3fa267035b518369d9511ffab804f839851d2779/pluggy-1.6.0.tar.gz", hash = "sha256:7dcc130b76258d33b90f61b658791dede3486c3e6bfb003ee5c9bfb396dd22f3", size = 69412, upload-time = "2025-05-15T12:30:07.975Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/54/20/4d324d65cc6d9205fabedc306948156824eb9f0ee1633355a8f7ec5c66bf/pluggy-1.6.0-py3-none-any.whl", hash = "sha256:e920276dd6813095e9377c0bc5566d94c932c33b27a3e3945d8389c374dd4746", size = 20538, upload-time = "2025-05-15T12:30:06.134Z" }, +] + [[package]] name = "pre-commit" version = "4.5.1" @@ -1633,6 +1651,35 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/0c/82/a2c93e32800940d9573fb28c346772a14778b84ba7524e691b324620ab89/pyright-1.1.408-py3-none-any.whl", hash = "sha256:090b32865f4fdb1e0e6cd82bf5618480d48eecd2eb2e70f960982a3d9a4c17c1", size = 6399144, upload-time = "2026-01-08T08:07:37.082Z" }, ] +[[package]] +name = "pytest" +version = "9.1.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "colorama", marker = "sys_platform == 'win32'" }, + { name = "iniconfig" }, + { name = "packaging" }, + { name = "pluggy" }, + { name = "pygments" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/84/0e/b5858858d74958632c49b72cb25a3976ff9f632397626715be71c89d3971/pytest-9.1.0.tar.gz", hash = "sha256:41dd9148c08072446394cefd3d79701701335a9f4cae69ba92e39f6c7f5c061c", size = 1634181, upload-time = "2026-06-13T18:52:45.983Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/8b/5a/ba30a81239b909821b3153e303e7def45178bf353da4f72380e6c5e8793b/pytest-9.1.0-py3-none-any.whl", hash = "sha256:8ebb0e7888bdf2bdfc602ec51f8f62d50200af37356c74e503c79a94f5c81f32", size = 386453, upload-time = "2026-06-13T18:52:44.045Z" }, +] + +[[package]] +name = "pytest-asyncio" +version = "1.4.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pytest" }, + { name = "typing-extensions", marker = "python_full_version < '3.13'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/43/7c/d36d04db312ecf4298932ef77e6e4a9e8ad017906e24e34f0b0c361a2473/pytest_asyncio-1.4.0.tar.gz", hash = "sha256:c6c0d2259945122819f171a32ecea2c349ead889ee28176caaf492143424be42", size = 58514, upload-time = "2026-05-26T09:56:04.083Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/03/e2/08a497ef684b88559c9cc5f4ad53a37e7b99e727094a86d6ea32536d5d3c/pytest_asyncio-1.4.0-py3-none-any.whl", hash = "sha256:933ca923a23075a87fb7070c0ec272a6848489824d887c85c812670932835aa1", size = 16930, upload-time = "2026-05-26T09:56:02.576Z" }, +] + [[package]] name = "python-discovery" version = "1.2.0" @@ -2056,6 +2103,8 @@ dev = [ { name = "pre-commit" }, { name = "pyinstaller", marker = "python_full_version < '3.15'" }, { name = "pyright" }, + { name = "pytest" }, + { name = "pytest-asyncio" }, { name = "ruff" }, ] @@ -2079,6 +2128,8 @@ dev = [ { name = "pre-commit", specifier = ">=4.2.0" }, { name = "pyinstaller", marker = "python_full_version >= '3.12' and python_full_version < '3.15'", specifier = ">=6.17.0" }, { name = "pyright", specifier = ">=1.1.401" }, + { name = "pytest", specifier = ">=8.3" }, + { name = "pytest-asyncio", specifier = ">=0.24" }, { name = "ruff", specifier = ">=0.11.13" }, ] From 6b171b2a3037919bb61878e47e0bf545f7825232 Mon Sep 17 00:00:00 2001 From: Mads Hvelplund Date: Fri, 19 Jun 2026 06:24:53 +0200 Subject: [PATCH 03/10] feat: add --mount and large-target pre-flight for local repos (#492) Large local targets were copied into the sandbox file-by-file via the SDK LocalDir entry, which stalls on big repos and could leave /workspace empty. - --mount bind-mounts a host directory read-only at /workspace/ instead of copying it, bypassing the per-file stream. - A size pre-flight (STRIX_MAX_LOCAL_COPY_MB, default 1024) fails fast with a clear message suggesting --mount when a non-mounted local target is too big. --- strix/config/settings.py | 4 ++ strix/core/inputs.py | 3 +- strix/core/runner.py | 2 +- strix/interface/main.py | 39 +++++++++-- strix/interface/utils.py | 80 ++++++++++++++++++++- strix/runtime/backends.py | 2 + strix/runtime/docker_client.py | 20 ++++++ strix/runtime/session_manager.py | 50 ++++++++++--- tests/test_local_sources.py | 116 +++++++++++++++++++++++++++++++ tests/test_session_entries.py | 67 ++++++++++++++++++ 10 files changed, 364 insertions(+), 19 deletions(-) create mode 100644 tests/test_local_sources.py create mode 100644 tests/test_session_entries.py diff --git a/strix/config/settings.py b/strix/config/settings.py index 1458e1ff8..ecea8e505 100644 --- a/strix/config/settings.py +++ b/strix/config/settings.py @@ -47,6 +47,10 @@ class RuntimeSettings(BaseSettings): alias="STRIX_IMAGE", ) backend: str = Field(default="docker", alias="STRIX_RUNTIME_BACKEND") + # Hard cap on a local target's size before we refuse to stream it into the + # sandbox file-by-file (the SDK copies every file individually, which stalls + # on large repos). Above this, the user must bind-mount via ``--mount``. + max_local_copy_mb: int = Field(default=1024, alias="STRIX_MAX_LOCAL_COPY_MB") class TelemetrySettings(BaseSettings): diff --git a/strix/core/inputs.py b/strix/core/inputs.py index b86daa4c8..0505ef38c 100644 --- a/strix/core/inputs.py +++ b/strix/core/inputs.py @@ -44,7 +44,8 @@ def build_root_task(scan_config: dict[str, Any]) -> str: ) elif ttype == "local_code": path = details.get("target_path", "unknown") - sections["Local Codebases"].append(f"- {path} (available at: {workspace_path})") + suffix = ", read-only mount" if details.get("mount") else "" + sections["Local Codebases"].append(f"- {path} (available at: {workspace_path}{suffix})") elif ttype == "web_application": sections["URLs"].append(f"- {details.get('target_url', '')}") elif ttype == "ip_address": diff --git a/strix/core/runner.py b/strix/core/runner.py index a7371e9f7..9ab120bc5 100644 --- a/strix/core/runner.py +++ b/strix/core/runner.py @@ -55,7 +55,7 @@ async def run_strix_scan( scan_config: dict[str, Any], scan_id: str | None = None, image: str, - local_sources: list[dict[str, str]] | None = None, + local_sources: list[dict[str, Any]] | None = None, coordinator: AgentCoordinator | None = None, interactive: bool = False, max_turns: int = DEFAULT_MAX_TURNS, diff --git a/strix/interface/main.py b/strix/interface/main.py index b5c56ad40..373b872f9 100644 --- a/strix/interface/main.py +++ b/strix/interface/main.py @@ -33,9 +33,11 @@ from strix.interface.utils import ( assign_workspace_subdirs, build_final_stats_text, + build_mount_targets_info, check_docker_connection, clone_repository, collect_local_sources, + find_oversized_local_targets, generate_run_name, image_exists, infer_target_type, @@ -352,6 +354,15 @@ def parse_arguments() -> argparse.Namespace: "Can be specified multiple times for multi-target scans. " "Required for fresh runs; loaded from disk when ``--resume`` is set.", ) + parser.add_argument( + "--mount", + type=str, + action="append", + metavar="PATH", + help="Bind-mount a local directory into the sandbox (read-only) instead of " + "copying it file-by-file. Use this for large repositories that are too big to " + "stream into the container. Can be specified multiple times.", + ) parser.add_argument( "--instruction", type=str, @@ -455,9 +466,9 @@ def parse_arguments() -> argparse.Namespace: args.user_explicit_instruction = args.instruction if args.resume else None if args.resume: - if args.target: + if args.target or args.mount: parser.error( - "Cannot combine --resume with --target. --resume picks up where " + "Cannot combine --resume with --target/--mount. --resume picks up where " "the prior run left off, including the original target list." ) _load_resume_state(args, parser) @@ -470,13 +481,13 @@ def parse_arguments() -> argparse.Namespace: f"or remove --resume to start over with the same targets." ) else: - if not args.target: + if not args.target and not args.mount: parser.error( - "the following arguments are required: -t/--target " + "the following arguments are required: -t/--target or --mount " "(or use --resume to continue a prior scan)" ) args.targets_info = [] - for target in args.target: + for target in args.target or []: try: target_type, target_dict = infer_target_type(target) @@ -491,9 +502,27 @@ def parse_arguments() -> argparse.Namespace: except ValueError: parser.error(f"Invalid target '{target}'") + try: + args.targets_info.extend(build_mount_targets_info(args.mount or [])) + except ValueError as e: + parser.error(str(e)) + assign_workspace_subdirs(args.targets_info) rewrite_localhost_targets(args.targets_info, HOST_GATEWAY_HOSTNAME) + max_copy_bytes = load_settings().runtime.max_local_copy_mb * 1024 * 1024 + oversized = find_oversized_local_targets(args.targets_info, max_copy_bytes) + if oversized: + details = "; ".join( + f"{path} ({size / (1024 * 1024):.0f} MB)" for path, size in oversized + ) + parser.error( + f"Local target too large to stream into the sandbox: {details}. " + f"The limit is {load_settings().runtime.max_local_copy_mb} MB " + "(set STRIX_MAX_LOCAL_COPY_MB to change it). Re-run with " + "--mount to bind-mount the directory instead of copying it." + ) + return args diff --git a/strix/interface/utils.py b/strix/interface/utils.py index ff53a6cd8..dfe2f4ecc 100644 --- a/strix/interface/utils.py +++ b/strix/interface/utils.py @@ -1185,8 +1185,8 @@ def is_whitebox_scan(targets_info: list[dict[str, Any]]) -> bool: return any(t.get("type") == "local_code" for t in targets_info or []) -def collect_local_sources(targets_info: list[dict[str, Any]]) -> list[dict[str, str]]: - local_sources: list[dict[str, str]] = [] +def collect_local_sources(targets_info: list[dict[str, Any]]) -> list[dict[str, Any]]: + local_sources: list[dict[str, Any]] = [] for target_info in targets_info: details = target_info["details"] @@ -1197,6 +1197,7 @@ def collect_local_sources(targets_info: list[dict[str, Any]]) -> list[dict[str, { "source_path": details["target_path"], "workspace_subdir": workspace_subdir, + "mount": bool(details.get("mount", False)), } ) @@ -1205,12 +1206,87 @@ def collect_local_sources(targets_info: list[dict[str, Any]]) -> list[dict[str, { "source_path": details["cloned_repo_path"], "workspace_subdir": workspace_subdir, + "mount": False, } ) return local_sources +def directory_size_bytes(path: Path) -> int: + """Total size in bytes of regular files under ``path`` (symlinks not followed). + + Best-effort: files that disappear or can't be stat'd mid-walk are skipped. + Used as a cheap (stat-only) pre-flight to estimate the cost of streaming a + local target into the sandbox before we actually try to copy it. + """ + total = 0 + for root, _dirs, files in os.walk(path, followlinks=False): + for name in files: + file_path = os.path.join(root, name) # noqa: PTH118 + try: + if os.path.islink(file_path): # noqa: PTH114 + continue + total += os.path.getsize(file_path) # noqa: PTH202 + except OSError: + continue + return total + + +def find_oversized_local_targets( + targets_info: list[dict[str, Any]], max_bytes: int +) -> list[tuple[str, int]]: + """Return ``(path, size_bytes)`` for non-mounted local targets over ``max_bytes``. + + Mounted targets are bind-mounted rather than copied, so their size is + irrelevant and they are excluded. + """ + oversized: list[tuple[str, int]] = [] + for target in targets_info: + if target.get("type") != "local_code": + continue + details = target.get("details") or {} + if details.get("mount"): + continue + target_path = details.get("target_path") + if not target_path: + continue + size = directory_size_bytes(Path(target_path)) + if size > max_bytes: + oversized.append((target_path, size)) + return oversized + + +def build_mount_targets_info(mount_paths: list[str]) -> list[dict[str, Any]]: + """Build ``targets_info`` entries for ``--mount`` directories. + + Each path must be an existing local directory; it is bind-mounted into the + sandbox (read-only) instead of being copied file-by-file. Raises + ``ValueError`` for a path that does not exist or is not a directory. + """ + targets_info: list[dict[str, Any]] = [] + for raw in mount_paths: + path = Path(raw).expanduser() + try: + resolved = path.resolve() + is_dir = resolved.is_dir() + except (OSError, RuntimeError) as e: + raise ValueError(f"Invalid mount path '{raw}': {e!s}") from e + if not is_dir: + raise ValueError( + f"Mount path '{raw}' is not an existing directory. " + "--mount requires a path to a local directory." + ) + targets_info.append( + { + "type": "local_code", + "details": {"target_path": str(resolved), "mount": True}, + "original": str(resolved), + } + ) + return targets_info + + def _is_localhost_host(host: str) -> bool: host_lower = host.lower().strip("[]") diff --git a/strix/runtime/backends.py b/strix/runtime/backends.py index 9f241a3ae..fe6715f85 100644 --- a/strix/runtime/backends.py +++ b/strix/runtime/backends.py @@ -22,6 +22,7 @@ async def _docker_backend( image: str, manifest: Manifest, exposed_ports: tuple[int, ...], + bind_mounts: list[dict[str, Any]] | None = None, ) -> tuple[Any, Any]: """Bring up a session backed by the local Docker daemon. @@ -43,6 +44,7 @@ async def _docker_backend( from strix.runtime.docker_client import StrixDockerSandboxClient client = StrixDockerSandboxClient(docker.from_env()) + client.strix_bind_mounts = bind_mounts or [] options = DockerSandboxClientOptions(image=image, exposed_ports=exposed_ports) session = await client.create(options=options, manifest=manifest) await session.start() diff --git a/strix/runtime/docker_client.py b/strix/runtime/docker_client.py index 2a753834d..49cb3e7d3 100644 --- a/strix/runtime/docker_client.py +++ b/strix/runtime/docker_client.py @@ -38,6 +38,7 @@ from agents.sandbox.session.sandbox_session import SandboxSession from docker import errors as docker_errors # type: ignore[import-untyped, unused-ignore] from docker.models.containers import Container # type: ignore[import-untyped, unused-ignore] +from docker.types import Mount as DockerSDKMount # type: ignore[import-untyped, unused-ignore] from docker.utils import parse_repository_tag # type: ignore[import-untyped, unused-ignore] @@ -45,6 +46,10 @@ class StrixDockerSandboxClient(DockerSandboxClient): + # Host directories to bind-mount into the container, set by the docker + # backend before ``create()``. Each item is ``{source, target, read_only}``. + strix_bind_mounts: list[dict[str, Any]] + async def _create_container( self, image: str, @@ -111,6 +116,21 @@ async def _create_container( extra_hosts = create_kwargs.setdefault("extra_hosts", {}) extra_hosts["host.docker.internal"] = "host-gateway" + # Strix injection: host bind mounts (e.g. large repos passed via --mount) + # that bypass the SDK's file-by-file LocalDir copy. + bind_mounts = getattr(self, "strix_bind_mounts", ()) + if bind_mounts: + mounts = create_kwargs.setdefault("mounts", []) + for spec in bind_mounts: + mounts.append( + DockerSDKMount( + target=spec["target"], + source=spec["source"], + type="bind", + read_only=spec.get("read_only", True), + ) + ) + logger.debug( "Creating sandbox container: image=%s caps=%s exposed_ports=%s", image, diff --git a/strix/runtime/session_manager.py b/strix/runtime/session_manager.py index 6f3e27338..a19495cc5 100644 --- a/strix/runtime/session_manager.py +++ b/strix/runtime/session_manager.py @@ -23,30 +23,59 @@ _SESSION_CACHE: dict[str, dict[str, Any]] = {} +# Manifest root inside the container; entry keys hang off this path. +_WORKSPACE_ROOT = "/workspace" + + +def build_session_entries( + local_sources: list[dict[str, Any]], +) -> tuple[dict[str | Path, BaseEntry], list[dict[str, Any]]]: + """Split local sources into copied manifest entries and host bind mounts. + + Sources flagged ``mount`` are bind-mounted read-only at + ``/workspace/`` (not added to the manifest, so the SDK + does not stream them in file-by-file). Every other source becomes a + ``LocalDir`` entry copied into the container as before. + """ + entries: dict[str | Path, BaseEntry] = {} + bind_mounts: list[dict[str, Any]] = [] + for src in local_sources: + ws_subdir = src.get("workspace_subdir") or "" + host_path = src.get("source_path") or "" + if not ws_subdir or not host_path: + continue + resolved = Path(host_path).expanduser().resolve() + if src.get("mount"): + bind_mounts.append( + { + "source": str(resolved), + "target": f"{_WORKSPACE_ROOT}/{ws_subdir}", + "read_only": True, + } + ) + else: + entries[ws_subdir] = LocalDir(src=resolved) + return entries, bind_mounts + async def create_or_reuse( scan_id: str, *, image: str, - local_sources: list[dict[str, str]], + local_sources: list[dict[str, Any]], ) -> dict[str, Any]: """Return the existing session bundle for ``scan_id`` or create a new one. - Each ``local_sources`` entry mounts its host ``source_path`` at - ``/workspace/`` inside the container. + Each ``local_sources`` entry exposes its host ``source_path`` at + ``/workspace/`` inside the container — copied in, or + bind-mounted read-only when the entry is flagged ``mount``. """ cached = _SESSION_CACHE.get(scan_id) if cached is not None: logger.info("Reusing existing sandbox session for scan %s", scan_id) return cached - entries: dict[str | Path, BaseEntry] = {} - for src in local_sources: - ws_subdir = src.get("workspace_subdir") or "" - host_path = src.get("source_path") or "" - if not ws_subdir or not host_path: - continue - entries[ws_subdir] = LocalDir(src=Path(host_path).expanduser().resolve()) + entries, bind_mounts = build_session_entries(local_sources) # Caido runs as an in-container sidecar; HTTP(S) traffic from any # process started via ``session.exec`` (the SDK's Shell tool, etc.) @@ -81,6 +110,7 @@ async def create_or_reuse( image=image, manifest=manifest, exposed_ports=(_CONTAINER_CAIDO_PORT,), + bind_mounts=bind_mounts, ) caido_endpoint = await session.resolve_exposed_port(_CONTAINER_CAIDO_PORT) diff --git a/tests/test_local_sources.py b/tests/test_local_sources.py new file mode 100644 index 000000000..af6e5a17d --- /dev/null +++ b/tests/test_local_sources.py @@ -0,0 +1,116 @@ +"""Tests for local-source sizing and ``--mount`` target helpers in interface.utils.""" + +from __future__ import annotations + +from typing import TYPE_CHECKING, Any + +import pytest + + +if TYPE_CHECKING: + from pathlib import Path + +from strix.interface.utils import ( + build_mount_targets_info, + collect_local_sources, + directory_size_bytes, + find_oversized_local_targets, +) + + +def _write_file(path: Path, size: int) -> None: + path.write_bytes(b"x" * size) + + +def _local_target(target_path: str, *, mount: bool = False) -> dict[str, Any]: + details: dict[str, Any] = {"target_path": target_path, "workspace_subdir": "repo"} + if mount: + details["mount"] = True + return {"type": "local_code", "details": details, "original": target_path} + + +def test_directory_size_empty_dir_is_zero(tmp_path: Path) -> None: + assert directory_size_bytes(tmp_path) == 0 + + +def test_directory_size_sums_flat_and_nested_files(tmp_path: Path) -> None: + _write_file(tmp_path / "a.txt", 100) + nested = tmp_path / "sub" / "deep" + nested.mkdir(parents=True) + _write_file(nested / "b.txt", 250) + assert directory_size_bytes(tmp_path) == 350 + + +def test_directory_size_skips_symlinks(tmp_path: Path) -> None: + _write_file(tmp_path / "real.txt", 100) + (tmp_path / "link.txt").symlink_to(tmp_path / "real.txt") + # The symlink target is counted once via the real file, not doubled. + assert directory_size_bytes(tmp_path) == 100 + + +def test_find_oversized_returns_nothing_under_limit(tmp_path: Path) -> None: + _write_file(tmp_path / "a.txt", 100) + targets = [_local_target(str(tmp_path))] + assert find_oversized_local_targets(targets, max_bytes=1000) == [] + + +def test_find_oversized_returns_target_over_limit(tmp_path: Path) -> None: + _write_file(tmp_path / "big.bin", 500) + targets = [_local_target(str(tmp_path))] + result = find_oversized_local_targets(targets, max_bytes=100) + assert result == [(str(tmp_path), 500)] + + +def test_find_oversized_ignores_mounted_targets(tmp_path: Path) -> None: + _write_file(tmp_path / "big.bin", 500) + targets = [_local_target(str(tmp_path), mount=True)] + assert find_oversized_local_targets(targets, max_bytes=100) == [] + + +def test_find_oversized_ignores_non_local_targets() -> None: + targets = [{"type": "web_application", "details": {"target_url": "https://x"}}] + assert find_oversized_local_targets(targets, max_bytes=0) == [] + + +def test_collect_local_sources_propagates_mount_flag() -> None: + copied = _local_target("/copied") + copied["details"]["workspace_subdir"] = "copied" + mounted = _local_target("/mounted", mount=True) + mounted["details"]["workspace_subdir"] = "mounted" + + sources = collect_local_sources([copied, mounted]) + + by_path = {s["source_path"]: s for s in sources} + assert by_path["/copied"]["mount"] is False + assert by_path["/mounted"]["mount"] is True + + +def test_collect_local_sources_repository_is_never_mounted() -> None: + repo = { + "type": "repository", + "details": {"cloned_repo_path": "/clone", "workspace_subdir": "clone"}, + } + sources = collect_local_sources([repo]) + assert sources == [{"source_path": "/clone", "workspace_subdir": "clone", "mount": False}] + + +def test_build_mount_targets_info_for_valid_dir(tmp_path: Path) -> None: + result = build_mount_targets_info([str(tmp_path)]) + assert len(result) == 1 + entry = result[0] + assert entry["type"] == "local_code" + assert entry["details"]["mount"] is True + assert entry["details"]["target_path"] == str(tmp_path.resolve()) + + +def test_build_mount_targets_info_rejects_missing_path(tmp_path: Path) -> None: + missing = tmp_path / "does-not-exist" + with pytest.raises(ValueError, match="not an existing directory"): + build_mount_targets_info([str(missing)]) + + +def test_build_mount_targets_info_rejects_file(tmp_path: Path) -> None: + file_path = tmp_path / "a-file.txt" + _write_file(file_path, 10) + with pytest.raises(ValueError, match="not an existing directory"): + build_mount_targets_info([str(file_path)]) diff --git a/tests/test_session_entries.py b/tests/test_session_entries.py new file mode 100644 index 000000000..8288c1d08 --- /dev/null +++ b/tests/test_session_entries.py @@ -0,0 +1,67 @@ +"""Tests for build_session_entries: splitting copied vs bind-mounted sources.""" + +from __future__ import annotations + +from typing import TYPE_CHECKING, Any + +from agents.sandbox.entries import LocalDir + +from strix.runtime.session_manager import build_session_entries + + +if TYPE_CHECKING: + from pathlib import Path + + +def _source(subdir: str, path: str, *, mount: bool = False) -> dict[str, Any]: + return {"source_path": path, "workspace_subdir": subdir, "mount": mount} + + +def test_copied_source_becomes_localdir_entry(tmp_path: Path) -> None: + entries, bind_mounts = build_session_entries([_source("repo", str(tmp_path))]) + + assert bind_mounts == [] + assert isinstance(entries["repo"], LocalDir) + assert entries["repo"].src == tmp_path.resolve() + + +def test_mounted_source_becomes_bind_mount(tmp_path: Path) -> None: + entries, bind_mounts = build_session_entries([_source("repo", str(tmp_path), mount=True)]) + + assert entries == {} + assert bind_mounts == [ + { + "source": str(tmp_path.resolve()), + "target": "/workspace/repo", + "read_only": True, + } + ] + + +def test_mixed_sources_split_correctly(tmp_path: Path) -> None: + copied = tmp_path / "copied" + mounted = tmp_path / "mounted" + copied.mkdir() + mounted.mkdir() + + entries, bind_mounts = build_session_entries( + [ + _source("copied", str(copied)), + _source("mounted", str(mounted), mount=True), + ] + ) + + assert list(entries) == ["copied"] + assert isinstance(entries["copied"], LocalDir) + assert [m["target"] for m in bind_mounts] == ["/workspace/mounted"] + + +def test_incomplete_sources_are_skipped() -> None: + entries, bind_mounts = build_session_entries( + [ + {"source_path": "", "workspace_subdir": "x"}, + {"source_path": "/p", "workspace_subdir": ""}, + ] + ) + assert entries == {} + assert bind_mounts == [] From 8e30ad68c9f1b0607650647d6ae253e526bbd992 Mon Sep 17 00:00:00 2001 From: Mads Hvelplund Date: Fri, 19 Jun 2026 06:54:00 +0200 Subject: [PATCH 04/10] fix: reject empty --mount paths An empty or whitespace-only --mount value resolves to the current working directory and would silently bind-mount it into the sandbox. Reject it. --- strix/interface/utils.py | 5 ++++- tests/test_local_sources.py | 8 ++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/strix/interface/utils.py b/strix/interface/utils.py index dfe2f4ecc..da1c70813 100644 --- a/strix/interface/utils.py +++ b/strix/interface/utils.py @@ -1262,10 +1262,13 @@ def build_mount_targets_info(mount_paths: list[str]) -> list[dict[str, Any]]: Each path must be an existing local directory; it is bind-mounted into the sandbox (read-only) instead of being copied file-by-file. Raises - ``ValueError`` for a path that does not exist or is not a directory. + ``ValueError`` for an empty path, or one that does not exist or is not a + directory. """ targets_info: list[dict[str, Any]] = [] for raw in mount_paths: + if not raw or not raw.strip(): + raise ValueError("--mount path must not be empty.") path = Path(raw).expanduser() try: resolved = path.resolve() diff --git a/tests/test_local_sources.py b/tests/test_local_sources.py index af6e5a17d..4f7f600ef 100644 --- a/tests/test_local_sources.py +++ b/tests/test_local_sources.py @@ -114,3 +114,11 @@ def test_build_mount_targets_info_rejects_file(tmp_path: Path) -> None: _write_file(file_path, 10) with pytest.raises(ValueError, match="not an existing directory"): build_mount_targets_info([str(file_path)]) + + +@pytest.mark.parametrize("empty", ["", " "]) +def test_build_mount_targets_info_rejects_empty_path(empty: str) -> None: + # An empty path would otherwise resolve to the current working directory + # and silently bind-mount it into the sandbox. + with pytest.raises(ValueError, match="must not be empty"): + build_mount_targets_info([empty]) From cd4b6c7a6814b2eeeeecdd1f016a42758730bc43 Mon Sep 17 00:00:00 2001 From: Mads Hvelplund Date: Fri, 19 Jun 2026 06:55:02 +0200 Subject: [PATCH 05/10] fix: dedupe local targets so a dir is never both copied and mounted MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If the same directory is passed via --target and --mount (or as duplicate values), it previously produced two targets — copied AND bind-mounted, and the copied one could trip the size pre-flight. Dedupe by resolved path, preferring the bind mount. --- strix/interface/main.py | 3 +++ strix/interface/utils.py | 25 +++++++++++++++++++++++++ tests/test_local_sources.py | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+) diff --git a/strix/interface/main.py b/strix/interface/main.py index 373b872f9..b19ec78e4 100644 --- a/strix/interface/main.py +++ b/strix/interface/main.py @@ -37,6 +37,7 @@ check_docker_connection, clone_repository, collect_local_sources, + dedupe_local_targets, find_oversized_local_targets, generate_run_name, image_exists, @@ -507,6 +508,8 @@ def parse_arguments() -> argparse.Namespace: except ValueError as e: parser.error(str(e)) + args.targets_info = dedupe_local_targets(args.targets_info) + assign_workspace_subdirs(args.targets_info) rewrite_localhost_targets(args.targets_info, HOST_GATEWAY_HOSTNAME) diff --git a/strix/interface/utils.py b/strix/interface/utils.py index da1c70813..fbde4c2ca 100644 --- a/strix/interface/utils.py +++ b/strix/interface/utils.py @@ -1290,6 +1290,31 @@ def build_mount_targets_info(mount_paths: list[str]) -> list[dict[str, Any]]: return targets_info +def dedupe_local_targets(targets_info: list[dict[str, Any]]) -> list[dict[str, Any]]: + """Collapse local_code targets that resolve to the same path. + + When a directory is supplied both as a copied ``--target`` and via + ``--mount`` (or as duplicate values of either), keep one entry and prefer + the bind-mounted one — so the same tree is never both streamed in and + mounted. Order is preserved; non-local targets pass through untouched. + """ + result: list[dict[str, Any]] = [] + index_by_path: dict[str, int] = {} + for target in targets_info: + details = target.get("details") or {} + path = details.get("target_path") + if target.get("type") != "local_code" or not path: + result.append(target) + continue + existing = index_by_path.get(path) + if existing is None: + index_by_path[path] = len(result) + result.append(target) + elif details.get("mount") and not (result[existing].get("details") or {}).get("mount"): + result[existing] = target # bind mount supersedes the copied entry + return result + + def _is_localhost_host(host: str) -> bool: host_lower = host.lower().strip("[]") diff --git a/tests/test_local_sources.py b/tests/test_local_sources.py index 4f7f600ef..2b0cd2a61 100644 --- a/tests/test_local_sources.py +++ b/tests/test_local_sources.py @@ -13,6 +13,7 @@ from strix.interface.utils import ( build_mount_targets_info, collect_local_sources, + dedupe_local_targets, directory_size_bytes, find_oversized_local_targets, ) @@ -122,3 +123,34 @@ def test_build_mount_targets_info_rejects_empty_path(empty: str) -> None: # and silently bind-mount it into the sandbox. with pytest.raises(ValueError, match="must not be empty"): build_mount_targets_info([empty]) + + +def test_dedupe_keeps_distinct_targets_in_order() -> None: + targets = [ + _local_target("/a"), + {"type": "web_application", "details": {"target_url": "https://x"}}, + _local_target("/b", mount=True), + ] + assert dedupe_local_targets(targets) == targets + + +def test_dedupe_mount_supersedes_copied_same_path() -> None: + copied = _local_target("/repo") + mounted = _local_target("/repo", mount=True) + + # Copied first, then mounted: the single surviving entry is the mount. + result = dedupe_local_targets([copied, mounted]) + assert len(result) == 1 + assert result[0]["details"]["mount"] is True + + # Order-independent: mounted first, copied second also yields the mount. + result_rev = dedupe_local_targets([mounted, copied]) + assert len(result_rev) == 1 + assert result_rev[0]["details"]["mount"] is True + + +def test_dedupe_collapses_duplicate_mounts() -> None: + result = dedupe_local_targets( + [_local_target("/repo", mount=True), _local_target("/repo", mount=True)] + ) + assert len(result) == 1 From 5142febdc71e1a5168e12718be5814b41d90caeb Mon Sep 17 00:00:00 2001 From: Mads Hvelplund Date: Fri, 19 Jun 2026 06:55:34 +0200 Subject: [PATCH 06/10] fix: treat non-positive STRIX_MAX_LOCAL_COPY_MB as disabled Previously a value of 0 (or negative) made every local target count as oversized, aborting all local scans. Now <= 0 disables the pre-flight. --- strix/config/settings.py | 1 + strix/interface/utils.py | 5 ++++- tests/test_local_sources.py | 9 ++++++++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/strix/config/settings.py b/strix/config/settings.py index ecea8e505..91fbdef14 100644 --- a/strix/config/settings.py +++ b/strix/config/settings.py @@ -50,6 +50,7 @@ class RuntimeSettings(BaseSettings): # Hard cap on a local target's size before we refuse to stream it into the # sandbox file-by-file (the SDK copies every file individually, which stalls # on large repos). Above this, the user must bind-mount via ``--mount``. + # Set to 0 (or less) to disable the pre-flight check entirely. max_local_copy_mb: int = Field(default=1024, alias="STRIX_MAX_LOCAL_COPY_MB") diff --git a/strix/interface/utils.py b/strix/interface/utils.py index fbde4c2ca..95a70f046 100644 --- a/strix/interface/utils.py +++ b/strix/interface/utils.py @@ -1239,8 +1239,11 @@ def find_oversized_local_targets( """Return ``(path, size_bytes)`` for non-mounted local targets over ``max_bytes``. Mounted targets are bind-mounted rather than copied, so their size is - irrelevant and they are excluded. + irrelevant and they are excluded. A ``max_bytes`` of zero or less disables + the check entirely (returns no targets). """ + if max_bytes <= 0: + return [] oversized: list[tuple[str, int]] = [] for target in targets_info: if target.get("type") != "local_code": diff --git a/tests/test_local_sources.py b/tests/test_local_sources.py index 2b0cd2a61..1cda1767c 100644 --- a/tests/test_local_sources.py +++ b/tests/test_local_sources.py @@ -70,7 +70,14 @@ def test_find_oversized_ignores_mounted_targets(tmp_path: Path) -> None: def test_find_oversized_ignores_non_local_targets() -> None: targets = [{"type": "web_application", "details": {"target_url": "https://x"}}] - assert find_oversized_local_targets(targets, max_bytes=0) == [] + assert find_oversized_local_targets(targets, max_bytes=1) == [] + + +@pytest.mark.parametrize("disabled", [0, -1]) +def test_find_oversized_disabled_for_non_positive_limit(tmp_path: Path, disabled: int) -> None: + _write_file(tmp_path / "big.bin", 500) + targets = [_local_target(str(tmp_path))] + assert find_oversized_local_targets(targets, max_bytes=disabled) == [] def test_collect_local_sources_propagates_mount_flag() -> None: From ded5332c462968bc1437dd600b8ec297b08d27ac Mon Sep 17 00:00:00 2001 From: Mads Hvelplund Date: Fri, 19 Jun 2026 06:56:38 +0200 Subject: [PATCH 07/10] fix: log unreadable subtrees during size pre-flight os.walk silently swallowed directory-listing errors, so a permission-denied subtree could make a large repo under-count and slip past the pre-flight. Surface such omissions via an onerror warning. --- strix/interface/utils.py | 14 +++++++++++++- tests/test_local_sources.py | 25 +++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/strix/interface/utils.py b/strix/interface/utils.py index 95a70f046..bffc0d47d 100644 --- a/strix/interface/utils.py +++ b/strix/interface/utils.py @@ -1,5 +1,6 @@ import ipaddress import json +import logging import os import re import secrets @@ -23,6 +24,9 @@ from strix.config import load_settings +logger = logging.getLogger(__name__) + + def get_severity_color(severity: str) -> str: severity_colors = { "critical": "#dc2626", @@ -1219,9 +1223,17 @@ def directory_size_bytes(path: Path) -> int: Best-effort: files that disappear or can't be stat'd mid-walk are skipped. Used as a cheap (stat-only) pre-flight to estimate the cost of streaming a local target into the sandbox before we actually try to copy it. + + Directories that can't be listed (e.g. permission denied) are logged and + skipped rather than silently dropped — so an under-count is at least + visible — but the returned total then excludes their contents. """ + + def _on_walk_error(error: OSError) -> None: + logger.warning("Could not read %s while measuring size: %s", error.filename, error) + total = 0 - for root, _dirs, files in os.walk(path, followlinks=False): + for root, _dirs, files in os.walk(path, followlinks=False, onerror=_on_walk_error): for name in files: file_path = os.path.join(root, name) # noqa: PTH118 try: diff --git a/tests/test_local_sources.py b/tests/test_local_sources.py index 1cda1767c..bd3448de8 100644 --- a/tests/test_local_sources.py +++ b/tests/test_local_sources.py @@ -2,6 +2,9 @@ from __future__ import annotations +import logging +import os +import sys from typing import TYPE_CHECKING, Any import pytest @@ -49,6 +52,28 @@ def test_directory_size_skips_symlinks(tmp_path: Path) -> None: assert directory_size_bytes(tmp_path) == 100 +@pytest.mark.skipif(sys.platform == "win32", reason="relies on POSIX permissions") +def test_directory_size_logs_and_skips_unreadable_subdir( + tmp_path: Path, caplog: pytest.LogCaptureFixture +) -> None: + if hasattr(os, "geteuid") and os.geteuid() == 0: + pytest.skip("root bypasses directory permissions") + _write_file(tmp_path / "top.txt", 100) + locked = tmp_path / "locked" + locked.mkdir() + _write_file(locked / "secret.bin", 9999) + locked.chmod(0o000) + try: + with caplog.at_level(logging.WARNING): + size = directory_size_bytes(tmp_path) + finally: + locked.chmod(0o755) + # The unreadable subtree is excluded (not silently treated as readable) and + # the omission is logged rather than vanishing without a trace. + assert size == 100 + assert any("Could not read" in record.message for record in caplog.records) + + def test_find_oversized_returns_nothing_under_limit(tmp_path: Path) -> None: _write_file(tmp_path / "a.txt", 100) targets = [_local_target(str(tmp_path))] From 53f4e2d3a9067ff7acb843eec1281962daac3223 Mon Sep 17 00:00:00 2001 From: Mads Hvelplund Date: Fri, 19 Jun 2026 06:58:00 +0200 Subject: [PATCH 08/10] docs: document --mount and STRIX_MAX_LOCAL_COPY_MB Add CLI reference + example for --mount, document the size pre-flight env var, note the read-only-is-not-a-hard-boundary caveat and that remote repos are not size-checked, and clarify the backends docstring on when bind mounts apply. --- docs/advanced/configuration.mdx | 4 ++++ docs/usage/cli.mdx | 17 +++++++++++++++++ strix/interface/main.py | 3 +++ strix/runtime/backends.py | 12 ++++++++---- 4 files changed, 32 insertions(+), 4 deletions(-) diff --git a/docs/advanced/configuration.mdx b/docs/advanced/configuration.mdx index 9ab7f017d..5d56c9a16 100644 --- a/docs/advanced/configuration.mdx +++ b/docs/advanced/configuration.mdx @@ -79,6 +79,10 @@ When remote vars are set, Strix dual-writes telemetry to both local JSONL and th Runtime backend for the sandbox environment. + + Maximum size (in MB) of a local directory target that Strix will copy into the sandbox file-by-file. Larger targets exit early with a suggestion to use `--mount` instead. Set to `0` to disable the check. + + ## Sandbox Configuration diff --git a/docs/usage/cli.mdx b/docs/usage/cli.mdx index bb3200969..ab2cc47d5 100644 --- a/docs/usage/cli.mdx +++ b/docs/usage/cli.mdx @@ -15,6 +15,20 @@ strix --target [options] Target to test. Accepts URLs, repositories, local directories, domains, or IP addresses. Can be specified multiple times. + + Bind-mount a local directory into the sandbox (read-only) instead of copying it in file-by-file. Use this for large repositories that are too big to stream into the container. Can be specified multiple times. + + Strix copies local `--target` directories into the sandbox one file at a time, which stalls on very large trees. When a local target exceeds the copy limit (see `STRIX_MAX_LOCAL_COPY_MB`, default 1024 MB) Strix exits early and asks you to re-run with `--mount`. + + + The mount is read-only to protect your source from accidental modification. This is not a hard security boundary: a root process inside the container can remount it writable, so treat `--mount` as "scan my own code", not as isolation from untrusted code. + + + + The size pre-flight only covers local directory targets. Remote repositories (cloned at scan time) are not size-checked. + + + Custom instructions for the scan. Use for credentials, focus areas, or specific testing approaches. @@ -63,6 +77,9 @@ strix -n --target ./ --scan-mode quick --scope-mode diff --diff-base origin/main # Multi-target white-box testing strix -t https://github.com/org/app -t https://staging.example.com + +# Large local repository — bind-mount instead of copying it in +strix --mount ./huge-monorepo ``` ## Exit Codes diff --git a/strix/interface/main.py b/strix/interface/main.py index b19ec78e4..3843dd298 100644 --- a/strix/interface/main.py +++ b/strix/interface/main.py @@ -320,6 +320,9 @@ def parse_arguments() -> argparse.Namespace: # Local code analysis strix --target ./my-project + # Large local repository (bind-mounted read-only instead of copied) + strix --mount ./huge-monorepo + # Domain penetration test strix --target example.com diff --git a/strix/runtime/backends.py b/strix/runtime/backends.py index fe6715f85..d7eba3357 100644 --- a/strix/runtime/backends.py +++ b/strix/runtime/backends.py @@ -32,11 +32,15 @@ async def _docker_backend( backend don't need the docker-py library installed. ``session.start()`` is what materializes the manifest entries - (LocalDir copies, mount setup, etc.) into the running container — - the SDK's ``client.create()`` only builds the inner session object - without applying the manifest. ``async with session:`` would call it - too, but Strix manages session lifetime explicitly via + (LocalDir copies and manifest-declared volume/FUSE mounts) into the + running container — the SDK's ``client.create()`` only builds the inner + session object without applying the manifest. ``async with session:`` + would call it too, but Strix manages session lifetime explicitly via ``client.delete()`` so we trigger ``start()`` ourselves. + + ``bind_mounts`` are host directories (e.g. large repos passed via + ``--mount``) bind-mounted read-only; unlike manifest entries they are + applied by Docker at container-create time, not by ``start()``. """ import docker from agents.sandbox.sandboxes.docker import DockerSandboxClientOptions From 5cf923eb6d20e71f0352c095fe78d8172ef7070e Mon Sep 17 00:00:00 2001 From: Mads Hvelplund Date: Fri, 19 Jun 2026 07:34:13 +0200 Subject: [PATCH 09/10] Update strix/interface/main.py Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> --- strix/interface/main.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/strix/interface/main.py b/strix/interface/main.py index 3843dd298..a928ee30d 100644 --- a/strix/interface/main.py +++ b/strix/interface/main.py @@ -516,7 +516,8 @@ def parse_arguments() -> argparse.Namespace: assign_workspace_subdirs(args.targets_info) rewrite_localhost_targets(args.targets_info, HOST_GATEWAY_HOSTNAME) - max_copy_bytes = load_settings().runtime.max_local_copy_mb * 1024 * 1024 + max_local_copy_mb = load_settings().runtime.max_local_copy_mb + max_copy_bytes = max_local_copy_mb * 1024 * 1024 oversized = find_oversized_local_targets(args.targets_info, max_copy_bytes) if oversized: details = "; ".join( @@ -524,7 +525,7 @@ def parse_arguments() -> argparse.Namespace: ) parser.error( f"Local target too large to stream into the sandbox: {details}. " - f"The limit is {load_settings().runtime.max_local_copy_mb} MB " + f"The limit is {max_local_copy_mb} MB " "(set STRIX_MAX_LOCAL_COPY_MB to change it). Re-run with " "--mount to bind-mount the directory instead of copying it." ) From 602bf63b69719cf147b6227b0c9404e535ea2450 Mon Sep 17 00:00:00 2001 From: Mads Hvelplund Date: Fri, 19 Jun 2026 07:34:58 +0200 Subject: [PATCH 10/10] Update strix/runtime/docker_client.py Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> --- strix/runtime/docker_client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/strix/runtime/docker_client.py b/strix/runtime/docker_client.py index 49cb3e7d3..497ae2f21 100644 --- a/strix/runtime/docker_client.py +++ b/strix/runtime/docker_client.py @@ -48,7 +48,7 @@ class StrixDockerSandboxClient(DockerSandboxClient): # Host directories to bind-mount into the container, set by the docker # backend before ``create()``. Each item is ``{source, target, read_only}``. - strix_bind_mounts: list[dict[str, Any]] + strix_bind_mounts: list[dict[str, Any]] = [] # overridden per-instance in backends.py async def _create_container( self,