fix: Limit sandbox output

Author: codefionn

internal/session/session.go

@@ -33,6 +33,9 @@ type Session struct {
 	PlanningActive     bool            // whether planning phase is currently running
 	PlanningObjective  string          // objective of current planning phase
 	PlanningStartTime  time.Time       // when current planning phase started
+	LastSandboxExitCode int            // exit code from last sandbox execution
+	LastSandboxStdout   string         // stdout from last sandbox execution
+	LastSandboxStderr   string         // stderr from last sandbox execution
 	mu                 sync.RWMutex
 	CreatedAt          time.Time
 	UpdatedAt          time.Time
@@ -358,3 +361,20 @@ func (s *Session) CompactWithSummary(original []*Message, summary string) bool {
 
 	return true
 }
+
+// SetLastSandboxOutput stores the output from the last sandbox execution
+func (s *Session) SetLastSandboxOutput(exitCode int, stdout, stderr string) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	s.LastSandboxExitCode = exitCode
+	s.LastSandboxStdout = stdout
+	s.LastSandboxStderr = stderr
+	s.UpdatedAt = time.Now()
+}
+
+// GetLastSandboxOutput retrieves the output from the last sandbox execution
+func (s *Session) GetLastSandboxOutput() (exitCode int, stdout, stderr string) {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.LastSandboxExitCode, s.LastSandboxStdout, s.LastSandboxStderr
+}

internal/tools/sandbox.go

@@ -167,8 +167,37 @@ func (t *SandboxTool) Description() string {
 	b.WriteString("Basic standard library packages available (don't use the `os`, `ioutil, `net`, `exec` package instead use methods provided below). Timeout enforced.\n")
 	b.WriteString("Every program **must** declare `package main`, define `func main()`, and print results (e.g., via `fmt.Println`) so the orchestrator receives the output.\n\n")
 	b.WriteString("Try to reduce the output of shell programs by e.g. only searching and outputting errors.\n\n")
-	b.WriteString("Don't use this tool calls for just outputing the summary text at the end.")
-	b.WriteString("Seven custom functions are automatically available in your code:\n\n")
+	b.WriteString("Output is limited to 4096 lines. When truncated, consider parsing specific parts with Go (e.g., only output lines around error messages).\n\n")
+	b.WriteString("Don't use this tool calls for just outputing the summary text at the end.\n\n")
+	b.WriteString("# Previous Execution State\n\n")
+	b.WriteString("Three global variables are automatically available that preserve output from the previous sandbox execution:\n")
+	b.WriteString("- `last_exit_code` (int): Exit code from the last sandbox run (0 on first run)\n")
+	b.WriteString("- `last_stdout` (string): Standard output from the last sandbox run (empty on first run)\n")
+	b.WriteString("- `last_stderr` (string): Standard error from the last sandbox run (empty on first run)\n\n")
+	b.WriteString("These variables are useful when output is truncated and you want to process specific parts in subsequent runs.\n")
+	b.WriteString("Example:\n")
+	b.WriteString("```go\n")
+	b.WriteString("package main\n\n")
+	b.WriteString("import (\n")
+	b.WriteString("    \"fmt\"\n")
+	b.WriteString("    \"strings\"\n")
+	b.WriteString(")\n\n")
+	b.WriteString("func main() {\n")
+	b.WriteString("    if last_exit_code != 0 {\n")
+	b.WriteString("        fmt.Printf(\"Previous run failed with exit code %d\\n\", last_exit_code)\n")
+	b.WriteString("        // Parse errors from last_stderr\n")
+	b.WriteString("        for _, line := range strings.Split(last_stderr, \"\\n\") {\n")
+	b.WriteString("            if strings.Contains(line, \"error\") {\n")
+	b.WriteString("                fmt.Println(line)\n")
+	b.WriteString("            }\n")
+	b.WriteString("        }\n")
+	b.WriteString("    } else if len(last_stdout) > 0 {\n")
+	b.WriteString("        fmt.Printf(\"Processing previous output (%d bytes)\\n\", len(last_stdout))\n")
+	b.WriteString("    }\n")
+	b.WriteString("}\n")
+	b.WriteString("```\n\n")
+	b.WriteString("# Available Host Functions\n\n")
+	b.WriteString("Custom functions are automatically available in your code:\n\n")
 
 	b.WriteString("1. Fetch(method, url, body string) (responseBody string, statusCode int)\n")
 	b.WriteString("   - Make HTTP requests (GET, POST, PUT, DELETE, etc.)\n")

internal/tools/sandbox_host_functions.go

@@ -738,3 +738,70 @@ func (t *SandboxTool) registerRemoveDirHostFunction(envBuilder HostModuleBuilder
 		}).
 		Export("remove_dir")
 }
+
+// registerGetLastExitCodeHostFunction registers the get_last_exit_code host function
+func (t *SandboxTool) registerGetLastExitCodeHostFunction(envBuilder HostModuleBuilder) {
+	// get_last_exit_code() -> exit_code
+	envBuilder.NewFunctionBuilder().
+		WithFunc(func(ctx context.Context, m api.Module) int32 {
+			if t.session == nil {
+				return 0 // No session, return 0
+			}
+
+			exitCode, _, _ := t.session.GetLastSandboxOutput()
+			return int32(exitCode)
+		}).
+		Export("get_last_exit_code")
+}
+
+// registerGetLastStdoutHostFunction registers the get_last_stdout host function
+func (t *SandboxTool) registerGetLastStdoutHostFunction(envBuilder HostModuleBuilder) {
+	// get_last_stdout(buffer_ptr, buffer_cap) -> length
+	envBuilder.NewFunctionBuilder().
+		WithFunc(func(ctx context.Context, m api.Module, bufferPtr, bufferCap uint32) int32 {
+			if t.session == nil {
+				return 0 // No session, return empty
+			}
+
+			_, stdout, _ := t.session.GetLastSandboxOutput()
+			stdoutBytes := []byte(stdout)
+
+			memory := m.Memory()
+			if uint32(len(stdoutBytes)) > bufferCap {
+				stdoutBytes = stdoutBytes[:bufferCap]
+			}
+
+			if bufferCap > 0 && len(stdoutBytes) > 0 {
+				memory.Write(bufferPtr, stdoutBytes)
+			}
+
+			return int32(len(stdoutBytes))
+		}).
+		Export("get_last_stdout")
+}
+
+// registerGetLastStderrHostFunction registers the get_last_stderr host function
+func (t *SandboxTool) registerGetLastStderrHostFunction(envBuilder HostModuleBuilder) {
+	// get_last_stderr(buffer_ptr, buffer_cap) -> length
+	envBuilder.NewFunctionBuilder().
+		WithFunc(func(ctx context.Context, m api.Module, bufferPtr, bufferCap uint32) int32 {
+			if t.session == nil {
+				return 0 // No session, return empty
+			}
+
+			_, _, stderr := t.session.GetLastSandboxOutput()
+			stderrBytes := []byte(stderr)
+
+			memory := m.Memory()
+			if uint32(len(stderrBytes)) > bufferCap {
+				stderrBytes = stderrBytes[:bufferCap]
+			}
+
+			if bufferCap > 0 && len(stderrBytes) > 0 {
+				memory.Write(bufferPtr, stderrBytes)
+			}
+
+			return int32(len(stderrBytes))
+		}).
+		Export("get_last_stderr")
+}

internal/tools/sandbox_utils.go

@@ -125,11 +125,22 @@ func formatSandboxUIResult(result map[string]interface{}) string {
 
 	var sections []string
 
+	// Apply 4096 line limit to stdout and stderr
+	const maxLines = 4096
+
 	if stdout != "" {
-		sections = append(sections, fmt.Sprintf("stdout:\n%s", stdout))
+		truncatedStdout, stdoutTruncMsg := truncateToLines(stdout, maxLines)
+		sections = append(sections, fmt.Sprintf("stdout:\n%s", truncatedStdout))
+		if stdoutTruncMsg != "" {
+			sections = append(sections, stdoutTruncMsg)
+		}
 	}
 	if stderr != "" {
-		sections = append(sections, fmt.Sprintf("stderr:\n%s", stderr))
+		truncatedStderr, stderrTruncMsg := truncateToLines(stderr, maxLines)
+		sections = append(sections, fmt.Sprintf("stderr:\n%s", truncatedStderr))
+		if stderrTruncMsg != "" {
+			sections = append(sections, stderrTruncMsg)
+		}
 	}
 	if errorMsg != "" {
 		sections = append(sections, fmt.Sprintf("error: %s", errorMsg))
@@ -182,3 +193,52 @@ func CalculateOutputStats(output string) (int, int) {
 
 	return bytes, lines
 }
+
+// truncateToLines limits text to a maximum number of lines.
+// If truncated, returns the truncated text and a truncation message.
+func truncateToLines(text string, maxLines int) (string, string) {
+	if text == "" {
+		return "", ""
+	}
+
+	// Count lines
+	lineCount := 0
+	for _, char := range text {
+		if char == '\n' {
+			lineCount++
+		}
+	}
+
+	// Count the last line if it doesn't end with newline
+	if len(text) > 0 && text[len(text)-1] != '\n' {
+		lineCount++
+	}
+
+	// If under the limit, return as-is
+	if lineCount <= maxLines {
+		return text, ""
+	}
+
+	// Find the truncation point (end of maxLines-th line)
+	currentLine := 0
+	truncIndex := len(text) // default to end of string
+	for i, char := range text {
+		if char == '\n' {
+			currentLine++
+			if currentLine >= maxLines {
+				truncIndex = i
+				break
+			}
+		}
+	}
+
+	// If we didn't find enough newlines, truncate at maxLines character count
+	if currentLine < maxLines {
+		truncIndex = len(text)
+	}
+
+	truncated := text[:truncIndex]
+	truncationMsg := fmt.Sprintf("\n\n[Output truncated: showed %d of %d lines. The full output is preserved in last_stdout/last_stderr variables for the next sandbox execution. Consider parsing specific parts with Go to reduce output.]", maxLines, lineCount)
+
+	return truncated, truncationMsg
+}

internal/tools/sandbox_wazero.go

@@ -74,6 +74,9 @@ func (t *SandboxTool) executeWASM(ctx context.Context, wasmBytes []byte, sandbox
 	t.registerListFilesHostFunction(envBuilder, callTracker)
 	t.registerRemoveFileHostFunction(envBuilder, callTracker)
 	t.registerRemoveDirHostFunction(envBuilder, callTracker)
+	t.registerGetLastExitCodeHostFunction(envBuilder)
+	t.registerGetLastStdoutHostFunction(envBuilder)
+	t.registerGetLastStderrHostFunction(envBuilder)
 
 	_, err = envBuilder.Instantiate(ctx)
 	if err != nil {
@@ -211,6 +214,12 @@ func (t *SandboxTool) executeWASM(ctx context.Context, wasmBytes []byte, sandbox
 			stderr = "Runtime error: " + runtimeErr.Error()
 		}
 		metadata := t.buildSandboxMetadata(startTime, commandSummary, timeoutSeconds, finalExitCode, stdout, stderr, false, callTracker)
+
+		// Store the output in session even on error
+		if t.session != nil {
+			t.session.SetLastSandboxOutput(finalExitCode, stdout, stderr)
+		}
+
 		return attachExecutionMetadata(map[string]interface{}{
 			"stdout":    stdout,
 			"stderr":    stderr,
@@ -221,6 +230,12 @@ func (t *SandboxTool) executeWASM(ctx context.Context, wasmBytes []byte, sandbox
 	}
 
 	metadata := t.buildSandboxMetadata(startTime, commandSummary, timeoutSeconds, finalExitCode, stdout, stderr, false, callTracker)
+
+	// Store the output in session for the next sandbox execution
+	if t.session != nil {
+		t.session.SetLastSandboxOutput(finalExitCode, stdout, stderr)
+	}
+
 	return attachExecutionMetadata(map[string]interface{}{
 		"stdout":    stdout,
 		"stderr":    stderr,

internal/wasi/code_wrapper.go

@@ -32,6 +32,49 @@ func WrapGoCodeWithAuthorization(userCode string) string {
 	wrapped.WriteString(`// STATCODE_AI_INTERNAL: Authorization system
 // This is injected by scriptschnell to enforce network authorization
 
+//go:wasmimport env get_last_exit_code
+func getLastExitCodeHost() int32
+
+//go:wasmimport env get_last_stdout
+func getLastStdoutHost(bufferPtr *byte, bufferCap int32) int32
+
+//go:wasmimport env get_last_stderr
+func getLastStderrHost(bufferPtr *byte, bufferCap int32) int32
+
+// Global variables accessible in user code
+var (
+	last_exit_code int
+	last_stdout    string
+	last_stderr    string
+)
+
+func init() {
+	// Initialize last_* variables from previous sandbox execution
+	last_exit_code = int(getLastExitCodeHost())
+
+	// Get last stdout
+	stdoutBuffer := make([]byte, 1024*1024) // 1MB buffer
+	var stdoutPtr *byte
+	if len(stdoutBuffer) > 0 {
+		stdoutPtr = &stdoutBuffer[0]
+	}
+	stdoutLen := getLastStdoutHost(stdoutPtr, int32(len(stdoutBuffer)))
+	if stdoutLen > 0 {
+		last_stdout = string(stdoutBuffer[:stdoutLen])
+	}
+
+	// Get last stderr
+	stderrBuffer := make([]byte, 1024*1024) // 1MB buffer
+	var stderrPtr *byte
+	if len(stderrBuffer) > 0 {
+		stderrPtr = &stderrBuffer[0]
+	}
+	stderrLen := getLastStderrHost(stderrPtr, int32(len(stderrBuffer)))
+	if stderrLen > 0 {
+		last_stderr = string(stderrBuffer[:stderrLen])
+	}
+}
+
 //go:wasmimport env authorize_domain
 func authorizeDomainHost(domainPtr *byte, domainLen int32) int32