Problem
A WP Codebox agent sandbox run advertised Data Machine Code workspace tools to the agent, but the agent reported that workspace tools were not available and returned prose instead of editing files. We need Data Machine Code diagnostics that prove whether sandbox-safe workspace abilities are registered, aliased, exposed to the agent mode, and executable in the WP Codebox sandbox context.
Evidence from lab run:
- Fanout run:
/tmp/homeboy-wp-codebox-audit-bwz45ims/fanout-run.json
- Artifact root:
/tmp/homeboy-wp-codebox-artifacts-pr44ovsz
- Example artifact:
/tmp/homeboy-wp-codebox-artifacts-pr44ovsz/runtime-mpohjxp3-c85xcu
- Nested agent reply:
I was unable to read the workspace files directly because the workspace tools are not available in this context.
- The run used WP Codebox with Data Machine Code mounted from
/home/chubes/Developer/_lab_workspaces/data-machine-code-b2ed5a58a3fb.
- WP Codebox generated a tool contract naming workspace tools like
workspace_read, workspace_ls, workspace_grep, workspace_write, workspace_edit, and workspace_apply_patch.
This issue may be in WP Codebox, Data Machine, or Data Machine Code. DMC owns the workspace abilities and aliases, so it should provide a diagnostic surface that makes this unambiguous.
Why this matters
Agent sandbox/autofix workflows need a hard preflight: expected workspace tools must be available before the model is asked to modify code. Without DMC diagnostics, downstream tools can only infer the failure after a model says tools are missing.
Acceptance criteria
- Add or expose a diagnostic ability/CLI path that reports sandbox workspace tool readiness for a given mode/user/context.
- The diagnostic should list expected safe abilities, registered ability IDs, agent-visible tool names/aliases, denied parent-only tools, and permission/user context.
- The diagnostic should verify a harmless read/list operation can execute in the sandbox workspace root.
- Failures should identify whether the issue is ability registration, alias mapping, mode/tool-policy exposure, permission context, workspace path containment, or runtime execution.
- Add smoke coverage for WP Codebox-style sandbox context using
DATAMACHINE_WORKSPACE_PATH and sandbox-safe ability filters.
Related
AI assistance
- AI assistance: Yes
- Tool(s): OpenCode (GPT-5.5)
- Used for: Investigated WP Codebox sandbox tool availability and drafted this DMC diagnostic issue from observed lab output.
Problem
A WP Codebox agent sandbox run advertised Data Machine Code workspace tools to the agent, but the agent reported that workspace tools were not available and returned prose instead of editing files. We need Data Machine Code diagnostics that prove whether sandbox-safe workspace abilities are registered, aliased, exposed to the agent mode, and executable in the WP Codebox sandbox context.
Evidence from lab run:
/tmp/homeboy-wp-codebox-audit-bwz45ims/fanout-run.json/tmp/homeboy-wp-codebox-artifacts-pr44ovsz/tmp/homeboy-wp-codebox-artifacts-pr44ovsz/runtime-mpohjxp3-c85xcuI was unable to read the workspace files directly because the workspace tools are not available in this context./home/chubes/Developer/_lab_workspaces/data-machine-code-b2ed5a58a3fb.workspace_read,workspace_ls,workspace_grep,workspace_write,workspace_edit, andworkspace_apply_patch.This issue may be in WP Codebox, Data Machine, or Data Machine Code. DMC owns the workspace abilities and aliases, so it should provide a diagnostic surface that makes this unambiguous.
Why this matters
Agent sandbox/autofix workflows need a hard preflight: expected workspace tools must be available before the model is asked to modify code. Without DMC diagnostics, downstream tools can only infer the failure after a model says tools are missing.
Acceptance criteria
DATAMACHINE_WORKSPACE_PATHand sandbox-safe ability filters.Related
AI assistance