feat: expand iframe sandbox permissions and refine debugging configuration

AshishKumar4 · AshishKumar4 · commit 1d7af3b4c21c · 2025-11-20T18:14:13.000-05:00
Extend iframe sandbox attributes to allow forms, modals, orientation lock, popups, and presentation. Update codeDebugger system prompt to clarify runtime environment and exec_commands usage constraints. Adjust model temperatures for surgicalCodeFixer and deepDebugger to 1, switch deepDebugger to OpenAI 5.1. Fix deployment manager to reset session ID on redeploy and remove redundant health check condition.
diff --git a/src/routes/chat/components/preview-iframe.tsx b/src/routes/chat/components/preview-iframe.tsx
@@ -336,7 +336,7 @@ export const PreviewIframe = forwardRef<HTMLIFrameElement, PreviewIframeProps>(
 		if (loadState.status === 'loaded' && loadState.loadedSrc) {
 			return (
 				<iframe
-					sandbox="allow-scripts allow-same-origin allow-pointer-lock"
+                    sandbox="allow-scripts allow-same-origin allow-pointer-lock allow-forms allow-modals allow-orientation-lock	allow-popups allow-presentation"
 					ref={ref}
 					src={loadState.loadedSrc}
 					className={className}
@@ -362,7 +362,7 @@ export const PreviewIframe = forwardRef<HTMLIFrameElement, PreviewIframeProps>(
 				<div className={`${className} relative flex flex-col items-center justify-center bg-bg-3 border border-text/10 rounded-lg`}>
                     {loadState.status === 'postload' && loadState.loadedSrc && (
                         <iframe
-                            sandbox="allow-scripts allow-same-origin allow-pointer-lock"
+                            sandbox="allow-scripts allow-same-origin allow-pointer-lock allow-forms allow-modals allow-orientation-lock	allow-popups allow-presentation"
                             ref={ref}
                             src={loadState.loadedSrc}
                             className="absolute inset-0 opacity-0 pointer-events-none"
diff --git a/worker/agents/assistants/codeDebugger.ts b/worker/agents/assistants/codeDebugger.ts
@@ -31,12 +31,11 @@ const SYSTEM_PROMPT = `You are an elite autonomous code debugging specialist wit
 
 ## Project Environment
 You are working on a **Cloudflare Workers** project (optionally with Durable Objects). Key characteristics:
-- **Runtime**: Cloudflare Workers runtime (V8 isolates, not Node.js)
+- **Runtime**: Cloudflare Workers + Vite dev server running in an ephemeral firecracker mico-vm container
 - **No Node.js APIs**: No fs, path, process, etc. Use Workers APIs instead
 - **Request/Response**: Uses Fetch API standard (Request, Response, fetch)
 - **Durable Objects**: Stateful objects with transactional storage API when present
 - **Build**: Typically uses Vite or similar for bundling
-- **Deployment**: via wrangler to Cloudflare edge
 
 ## Platform Constraints
 - Apps run in Cloudflare Container sandbox with live preview
@@ -89,7 +88,7 @@ You are smart, methodical, focused and evidence-based. You choose your own path
 - **get_runtime_errors**: Recent runtime errors (user-driven). More reliable than logs.
 - **get_logs**: Cumulative logs (verbose, user-driven). **Use sparingly** - only when runtime errors lack detail. Set reset=true to clear stale logs.
 - **read_files**: Read file contents by RELATIVE paths (batch multiple in one call for efficiency)
-- **exec_commands**: Execute shell commands from project root (no cd needed)
+- **exec_commands**: Execute shell commands from project root (no cd needed) - Only use it to gather resources or check environment OR install/update packages (with shouldSave=true). File changes made to the sandbox are ephemeral and will be lost when the agent session ends. Use appropriate generate/regenerate tools instead.
 - **regenerate_file**: Autonomous surgical code fixer for existing files - see detailed guide below. **Files are automatically staged after regeneration.**
 - **generate_files**: Generate new files or rewrite broken files using phase implementation - see detailed guide below
 - **deploy_preview**: Deploy to Cloudflare Workers preview environment to verify fixes
diff --git a/worker/agents/inferutils/config.ts b/worker/agents/inferutils/config.ts
@@ -40,7 +40,7 @@ export const AGENT_CONFIG: AgentConfig = {
         name: AIModels.GEMINI_3_PRO_PREVIEW,
         reasoning_effort: 'low',
         max_tokens: 48000,
-        temperature: 0.2,
+        temperature: 1,
         fallbackModel: AIModels.GEMINI_2_5_PRO,
     },
     phaseImplementation: {
@@ -58,10 +58,10 @@ export const AGENT_CONFIG: AgentConfig = {
         fallbackModel: AIModels.GEMINI_2_5_FLASH,
     },
     deepDebugger: {
-        name: AIModels.GEMINI_2_5_PRO,
+        name: AIModels.OPENAI_5_1,
         reasoning_effort: 'high',
         max_tokens: 8000,
-        temperature: 0.5,
+        temperature: 1,
         fallbackModel: AIModels.GEMINI_2_5_FLASH,
     },
     fileRegeneration: {
diff --git a/worker/agents/services/implementations/DeploymentManager.ts b/worker/agents/services/implementations/DeploymentManager.ts
@@ -504,13 +504,16 @@ export class DeploymentManager extends BaseAgentService implements IDeploymentMa
      * Ensure sandbox instance exists and is healthy
      */
     async ensureInstance(redeploy: boolean): Promise<DeploymentResult> {
+        if (redeploy) {
+            this.resetSessionId();
+        }
         const state = this.getState();
         const { sandboxInstanceId } = state;
         const logger = this.getLog();
         const client = this.getClient();
 
-        // Check existing instance if not forcing redeploy
-        if (sandboxInstanceId && !redeploy) {
+        // Check existing instance
+        if (sandboxInstanceId) {
             const status = await client.getInstanceStatus(sandboxInstanceId);
             if (status.success && status.isHealthy) {
                 logger.info(`DEPLOYMENT CHECK PASSED: Instance ${sandboxInstanceId} is running`);
