Add openhands kit#22
Open
ealeyner wants to merge 1 commit into
Open
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Eli Aleyner <eli@aleyner.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
kind: agentkit for OpenHands, an open-source AI software engineering agentserviceDomains+serviceAuth)SANDBOX_TYPE=localto avoid Docker-in-Docker (code runs directly in the sandbox container)Spec choices worth flagging
*.astral.shwildcard inallowedDomains: The uv install script atastral.shredirects the binary download toreleases.astral.sh. Without the wildcard, the binary fetch gets a 403 from the proxy.serviceDomainsis kept narrow (only the three LLM API endpoints) to avoid TLS interception on install-time CDN traffic — same reasoning as the amp kit.SANDBOX_TYPE=local: OpenHands defaults to spawning a Docker container as its code-execution runtime. Inside a Docker sandbox that requires Docker-in-Docker. Thelocalsandbox type runs code in-process instead. The SBX container is already isolated, so this is safe and avoids a second container layer.Multi-provider auth: The kit supports Anthropic (default), OpenAI, and Gemini via separate
sbx secret set-customregistrations. Each maps to its ownserviceDomainsentry andserviceAuthrule. Users only need to register the provider they intend to use.settings.jsoninfiles/home/: Pre-seeds the OpenHands config so the agent starts without an interactive setup wizard. Environment variable overrides (LLM_MODEL,SANDBOX_TYPE) take precedence.Test plan
sbx kit validate ./openhands/— passessbx run --kit ./openhands/ openhands— sandbox created, OpenHands 1.15.1 installed and verified with--versionsbx policy log— confirmed*.astral.shwildcard resolves thereleases.astral.shblock; no unexpected blocked domains during installgo test) — CI will run this; requires Docker, not available in this environmentOrigin
Designed and tested locally against a Docker SBX sandbox, then adapted to the community kit pattern (dropping
credentials:in favour ofsbx secret set-custom, following the amp kit).