feat: aio runtime sandbox run

[MichaelGoberling]

Adds a new aio runtime sandbox run command for running commands in sandboxes

To test

aio plugins install "https://github.com/adobe/aio-cli-plugin-runtime.git#feat/runtime-sandbox-run"

Usage

> aio runtime sandbox run --help
USAGE
  $ aio runtime sandbox run [-n <value>] [-e <value>...] [-p <value>...] [--max-lifetime <value>]

FLAGS
  -e, --egress=<value>...     egress rule in host:port[:protocol][|METHOD:path] format, or
                              "allow-all" (repeatable)
  -n, --name=<value>          [default: aio-sandbox] sandbox name
  -p, --port=<value>...       Port to expose via a preview URL (repeatable)
      --max-lifetime=<value>  [default: 3600] maximum sandbox lifetime in seconds

DESCRIPTION

  [Alpha] Sandboxes are in a closed alpha. Your namespace must have
  sandboxes enabled before you can use this command; contact Adobe to request
  access.

  Create a sandbox and run commands against it interactively.

  Each command you enter runs in a fresh process. Shell state (working directory,
  env exports) does not persist between prompts. Chain commands to work
  around this: cd mydir && npm install

  During interactive sessions:
  - Send text to stdin with the here-string operator:
  command <<< "text"
  - Start a background command and stream its output with:
  .detached <command>
  - Type exit or quit to destroy the sandbox.

ALIASES
  $ aio rt sandbox run

EXAMPLES
  $ aio runtime sandbox run

  $ aio runtime sandbox run -n my-sandbox

  $ aio runtime sandbox run -p 3000 -p 8080

  $ aio runtime sandbox run -e allow-all

  $ aio runtime sandbox run -e "pypi.org:443" -e "api.github.com:443|GET:/repos/**"

[github-actions]

🤖 PR Reviewer

The implementation is clean, well-tested, and follows existing project patterns. The main concerns are: a non-release dependency reference in package.json (git branch instead of npm version), a potential security issue with unsanitized command input passed directly to sandbox.exec, and a minor infinite loop pattern in the REPL. These should be addressed before merging to main.

📝 6 suggestion(s) - Please review inline comments below.

---

💡 How to re-trigger

Comment /review or /pr-reviewer on this PR

[github-actions]

🤖 PR Reviewer

The diff introduces two new sandbox commands with tests. The main issues are: the git branch dependency for aio-lib-runtime is still present (previously flagged), the test file references flags (--type, --size) that don't exist in the implementation, and a minor here-string quote stripping fix was previously suggested. The core logic is sound and well-tested overall.

📝 4 suggestion(s) (2 new, 2 re-raised)

---

💡 How to re-trigger

Comment /review or /pr-reviewer on this PR

Superseded by new review

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[github-actions]

🤖 PR Reviewer

The diff introduces a new sandbox run command with comprehensive tests and helper utilities. The implementation is well-structured with good test coverage. Previous issues around the here-string quote stripping logic and the package.json git reference have been addressed — the quote check now uses paired conditions, and aio-lib-runtime was bumped to a published version. However, aio-lib-sandbox is still pinned to a specific alpha version without a range, which is a fragility concern. The mock for aio-lib-runtime still has a compute.sandbox.create that doesn't match how the implementation actually works (it uses Sandbox.create from aio-lib-sandbox, not rtLib.compute), though this is just dead mock code and doesn't cause test failures.

📝 3 suggestion(s) (2 new, 1 re-raised)

---

💡 How to re-trigger

Comment /review or /pr-reviewer on this PR

Superseded by new review

[github-actions]

🤖 PR Reviewer

The code is well-structured with good test coverage. Two previously-raised issues remain: the alpha dependency pin without a semver range, and the while (true) loop without EOF/close handling. The rest of the implementation is clean and the new sandbox helpers are well-factored.

🔄 2 re-raised suggestion(s) from previous review

---

💡 How to re-trigger

Comment /review or /pr-reviewer on this PR

Superseded by new review

[github-actions]

🤖 PR Reviewer

The code is well-structured with good test coverage. Two previously raised issues remain unaddressed: the exact-pinned alpha version for @adobe/aio-lib-sandbox and the while (true) loop without EOF protection in _repl. No new significant issues found.

🔄 2 re-raised suggestion(s) from previous review

Findings (line numbers not in diff):

• package.json (line 14): [Re-raised] @adobe/aio-lib-sandbox is pinned to an exact alpha version without a semver range. If a patch is released, consumers won't pick it up automatically. Use a caret range at minimum.

---

💡 How to re-trigger

Comment /review or /pr-reviewer on this PR

Superseded by new review

Alpha is fine

[github-actions]

🤖 PR Reviewer

The code is generally well-structured with good test coverage. The previously raised EOF/spin-loop issue in _repl is still present — while (true) with no close event guard means stdin EOF causes indefinite looping. One minor additional issue: @adobe/aio-lib-sandbox is pinned to the alpha dist-tag in package.json, which is unstable and unsuitable for a production dependency.

📝 2 suggestion(s) (1 new, 1 re-raised)

---

💡 How to re-trigger

Comment /review or /pr-reviewer on this PR

[github-actions]

🤖 PR Reviewer

The code is well-structured with good test coverage and clear separation of concerns. The EOF/infinite-loop issue in _repl from the previous review remains unaddressed, and the alpha dependency pin is still present. No new significant issues introduced in this diff.

🔄 2 re-raised suggestion(s) from previous review

---

💡 How to re-trigger

Comment /review or /pr-reviewer on this PR

Superseded by new review

[github-actions]

🤖 PR Reviewer

The code is well-structured with good test coverage and clear separation of concerns. Two previously raised issues remain unaddressed: the while (true) EOF spin risk in _repl and the alpha tag on @adobe/aio-lib-sandbox in package.json.

🔄 2 re-raised suggestion(s) from previous review

---

💡 How to re-trigger

Comment /review or /pr-reviewer on this PR

Superseded by new review

Alpha is fine

[github-actions]

🤖 PR Reviewer

The while (true) EOF guard issue in _repl remains unaddressed — stdin close before exit/quit will cause an infinite loop. The @adobe/aio-lib-sandbox alpha pin is still present in package.json. The rest of the code is well-structured with good test coverage and clear error handling patterns.

🔄 2 re-raised suggestion(s) from previous review

---

💡 How to re-trigger

Comment /review or /pr-reviewer on this PR

[github-actions]

🤖 PR Reviewer

The diff adds a sandbox REPL command with good test coverage and clear helper functions. The while (true) EOF guard issue from the previous review is still unaddressed, and the alpha dependency pin remains. No other significant issues were found.

🔄 2 re-raised suggestion(s) from previous review

---

💡 How to re-trigger

Comment /review or /pr-reviewer on this PR

Superseded by new review

Alpha is fine

[github-actions]

🤖 PR Reviewer

The code is well-structured with good test coverage and clear separation of concerns. Two previously raised issues remain unresolved: the while (true) loop in _repl has no EOF guard, and @adobe/aio-lib-sandbox is pinned to alpha in production dependencies.

🔄 2 re-raised suggestion(s) from previous review

---

💡 How to re-trigger

Comment /review or /pr-reviewer on this PR

Alpha is fine

[github-actions]

🤖 PR Reviewer

The code is well-structured with good test coverage. Two previously raised issues remain: the while (true) EOF guard issue in _repl and the alpha tag for @adobe/aio-lib-sandbox in package.json. Both are still present in this diff.

🔄 2 re-raised suggestion(s) from previous review

---

💡 How to re-trigger

Comment /review or /pr-reviewer on this PR

alpha is fine