Skip to content

feat: Python execution bridge for mini apps#32

Open
ex3ndr-bot wants to merge 1 commit intomainfrom
feat/mini-app-exec
Open

feat: Python execution bridge for mini apps#32
ex3ndr-bot wants to merge 1 commit intomainfrom
feat/mini-app-exec

Conversation

@ex3ndr-bot
Copy link
Copy Markdown
Collaborator

@ex3ndr-bot ex3ndr-bot commented Mar 11, 2026

Summary

This PR adds a new API endpoint that allows mini apps to execute Python scripts server-side with a curated set of read-only tools.

Changes

New Files

  • miniAppToolAllowlist.ts - Defines the set of allowed tools
  • miniAppExec.ts - Core execution function that creates sandbox and runs code
  • miniAppToolAllowlist.spec.ts - Tests for allowlist filtering

Modified Files

  • miniAppsRoutes.ts - Added POST /mini-apps/:id/exec endpoint
  • miniAppsRoutes.spec.ts - Added tests for exec endpoint
  • routes.ts - Added miniAppExec callback to ApiRouteContext
  • appServer.ts - Wired up exec callback with agentSystem dependency
  • engine.ts - Passed agentSystem to AppServer

Tool Allowlist

The following read-only tools are available to mini apps:

  • File reading: read, read_json
  • Shell execution: exec (sandboxed)
  • Database queries: psql_query, psql_db_list
  • Document reading: document_read, todo_list
  • Web search: exa_search
  • JSON utilities: json_parse, json_stringify
  • Observation/signal queries: observation_query, signal_events_csv

Write operations and agent control tools are explicitly excluded.

Architecture

The implementation leverages the existing allowedToolNames field in ToolExecutionContext to filter available tools. The exec function creates a user-scoped sandbox with appropriate permissions and mounts, then executes the code through the existing RLM infrastructure.

feat: Python execution bridge for mini apps
d61314e 
Add a new API endpoint that allows mini apps to execute Python scripts
server-side with a curated set of read-only tools.

Changes:
- Add MINI_APP_TOOL_ALLOWLIST with read-only tools (read, exec, psql_query, etc.)
- Add miniAppExec function that creates user-scoped sandbox and executes code
- Add POST /mini-apps/:id/exec endpoint to miniAppsRoutes
- Wire up exec callback in AppServer with agentSystem dependency
- Add tests for allowlist filtering and API routes

The allowlist includes:
- File reading: read, read_json
- Shell execution: exec (sandboxed)
- Database queries: psql_query, psql_db_list
- Document reading: document_read, todo_list
- Web search: exa_search
- JSON utilities: json_parse, json_stringify
- Observation/signal queries: observation_query, signal_events_csv

Write operations and agent control tools are explicitly excluded.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ex3ndr-bot