test: reclassify sandbox integration coverage

ddebowczyk · ddebowczyk · commit fd805e28ce3e · 2026-03-13T00:13:54.000+01:00
Move file- and process-based sandbox tests from Unit and Regression into Integration. Add executable preflight checks so missing sandbox binaries fail consistently across CI and local environments.
diff --git a/composer.json b/composer.json
@@ -79,8 +79,8 @@
         "psalm": "@php ./vendor/bin/psalm -c packages/instructor/psalm.xml",
         "psalm-unused": "@php ./vendor/bin/psalm --find-unused-code",
         "tell": "bin/tell",
-        "test": "@php -d memory_limit=512M ./vendor/bin/pest --compact --testsuite=Unit,Feature,Regression --exclude-group=docs-qa",
-        "tests": "@php -d memory_limit=512M ./vendor/bin/pest --compact --testsuite=Unit,Feature,Regression --exclude-group=docs-qa",
+        "test": "@php -d memory_limit=512M ./vendor/bin/pest --compact --testsuite=Unit,Feature,Integration,Regression --exclude-group=docs-qa",
+        "tests": "@php -d memory_limit=512M ./vendor/bin/pest --compact --testsuite=Unit,Feature,Integration,Regression --exclude-group=docs-qa",
         "test:docs-qa": "@php -d memory_limit=512M ./vendor/bin/pest --compact --group=docs-qa",
         "test-all": "@php ./vendor/bin/pest",
         "dead-code": "@php ./vendor/bin/phpstan analyse -c phpstan-unused.neon --no-progress --error-format=table",
diff --git a/packages/sandbox/src/Drivers/BubblewrapSandbox.php b/packages/sandbox/src/Drivers/BubblewrapSandbox.php
@@ -63,7 +63,8 @@ private function makeProcRunner(): CanRunProcess {
      * @return list<string>
      */
     private function buildCommand(string $workDir, array $innerArgv): array {
-        $cmd = [$this->bwrapBin, '--die-with-parent'];
+        $bwrapBin = ProcUtils::requireExecutable($this->bwrapBin, 'bwrap');
+        $cmd = [$bwrapBin, '--die-with-parent'];
         $cmd = [...$cmd, '--unshare-pid', '--unshare-uts', '--unshare-ipc', '--unshare-cgroup'];
         if (!$this->policy->networkEnabled()) {
             $cmd[] = '--unshare-net';
diff --git a/packages/sandbox/src/Drivers/DockerSandbox.php b/packages/sandbox/src/Drivers/DockerSandbox.php
@@ -64,7 +64,9 @@ private function makeProcRunner(): CanRunProcess {
      * @return list<string>
      */
     private function buildContainerCommand(string $workDir, array $argv): array {
-        $builder = ContainerCommandBuilder::docker($this->dockerBin)
+        $dockerBin = ProcUtils::requireExecutable($this->dockerBin, 'docker');
+
+        $builder = ContainerCommandBuilder::docker($dockerBin)
             ->withImage($this->image)
             ->withNetwork($this->policy->networkEnabled())
             ->withPidsLimit(20)
diff --git a/packages/sandbox/src/Drivers/FirejailSandbox.php b/packages/sandbox/src/Drivers/FirejailSandbox.php
@@ -63,8 +63,9 @@ private function makeProcRunner(): CanRunProcess {
      * @return list<string>
      */
     private function buildCommand(string $workDir, array $innerArgv): array {
+        $firejailBin = ProcUtils::requireExecutable($this->firejailBin, 'firejail');
         $cmd = [
-            $this->firejailBin,
+            $firejailBin,
         ];
         if (!$this->policy->networkEnabled()) {
             $cmd[] = '--net=none';
diff --git a/packages/sandbox/src/Drivers/PodmanSandbox.php b/packages/sandbox/src/Drivers/PodmanSandbox.php
@@ -65,8 +65,9 @@ private function makeProcRunner(): CanRunProcess {
      */
     private function buildContainerCommand(string $workDir, array $argv): array {
         $isWSL2 = $this->isWSL2Environment();
+        $podmanBin = ProcUtils::requireExecutable($this->podmanBin, 'podman');
 
-        $builder = ContainerCommandBuilder::podman($this->podmanBin)
+        $builder = ContainerCommandBuilder::podman($podmanBin)
             ->withImage($this->image)
             ->withNetwork($this->policy->networkEnabled())
             ->withPidsLimit(20)
diff --git a/packages/sandbox/src/Utils/ProcUtils.php b/packages/sandbox/src/Utils/ProcUtils.php
@@ -14,6 +14,25 @@ public static function findSetSidPath(): ?string {
         return null;
     }
 
+    public static function requireExecutable(string $binaryName, string $nameForError): string {
+        if ($binaryName === '') {
+            throw new \RuntimeException('Failed to start ' . $nameForError);
+        }
+
+        if (basename($binaryName) !== $binaryName) {
+            if (!is_executable($binaryName)) {
+                throw new \RuntimeException('Failed to start ' . $nameForError);
+            }
+            return $binaryName;
+        }
+
+        $resolved = self::findOnPath($binaryName, self::defaultBinPaths());
+        if ($resolved === null) {
+            throw new \RuntimeException('Failed to start ' . $nameForError);
+        }
+        return $resolved;
+    }
+
     /**
      * Locate an executable on PATH and optional extra directories.
      *
diff --git a/packages/sandbox/tests/Integration/DriverWorkdirCleanupOnFailureTest.php b/packages/sandbox/tests/Integration/DriverWorkdirCleanupOnFailureTest.php
@@ -1,6 +1,6 @@
 <?php declare(strict_types=1);
 
-namespace Cognesy\Sandbox\Tests\Unit;
+namespace Cognesy\Sandbox\Tests\Integration;
 
 use Cognesy\Sandbox\Config\ExecutionPolicy;
 use Cognesy\Sandbox\Contracts\CanExecuteCommand;
diff --git a/packages/sandbox/tests/Integration/FirejailSecurityPolicyTest.php b/packages/sandbox/tests/Integration/FirejailSecurityPolicyTest.php
@@ -1,6 +1,6 @@
 <?php declare(strict_types=1);
 
-namespace Cognesy\Sandbox\Tests\Unit;
+namespace Cognesy\Sandbox\Tests\Integration;
 
 use Cognesy\Sandbox\Config\ExecutionPolicy;
 use Cognesy\Sandbox\Drivers\FirejailSandbox;
diff --git a/packages/sandbox/tests/Integration/MissingBinaryDiagnosticsTest.php b/packages/sandbox/tests/Integration/MissingBinaryDiagnosticsTest.php
@@ -1,6 +1,6 @@
 <?php declare(strict_types=1);
 
-namespace Cognesy\Sandbox\Tests\Regression;
+namespace Cognesy\Sandbox\Tests\Integration;
 
 use Cognesy\Sandbox\Config\ExecutionPolicy;
 use Cognesy\Sandbox\Contracts\CanExecuteCommand;
diff --git a/packages/sandbox/tests/Integration/ProcRunnerTest.php b/packages/sandbox/tests/Integration/ProcRunnerTest.php
@@ -1,6 +1,6 @@
 <?php declare(strict_types=1);
 
-namespace Cognesy\Sandbox\Tests\Unit;
+namespace Cognesy\Sandbox\Tests\Integration;
 
 use Cognesy\Sandbox\Runners\ProcRunner;
 use Cognesy\Sandbox\Utils\TimeoutTracker;
diff --git a/packages/sandbox/tests/Integration/ReadablePathsMountsTest.php b/packages/sandbox/tests/Integration/ReadablePathsMountsTest.php
@@ -1,6 +1,6 @@
 <?php declare(strict_types=1);
 
-namespace Cognesy\Sandbox\Tests\Unit;
+namespace Cognesy\Sandbox\Tests\Integration;
 
 use Cognesy\Sandbox\Config\ExecutionPolicy;
 use Cognesy\Sandbox\Drivers\BubblewrapSandbox;
diff --git a/packages/sandbox/tests/Integration/WorkdirTest.php b/packages/sandbox/tests/Integration/WorkdirTest.php
@@ -1,6 +1,6 @@
 <?php declare(strict_types=1);
 
-namespace Cognesy\Sandbox\Tests\Unit;
+namespace Cognesy\Sandbox\Tests\Integration;
 
 use Cognesy\Sandbox\Utils\Workdir;
 
@@ -63,4 +63,3 @@ function removeTree(string $path): void
         removeTree($base);
     });
 });
-
diff --git a/phpunit.xml b/phpunit.xml
@@ -74,7 +74,6 @@
             <directory suffix="Test.php">./packages/auxiliary/tests/Integration</directory>
             <directory suffix="Test.php">./packages/config/tests/Integration</directory>
             <directory suffix="Test.php">./packages/doctools/tests/Integration</directory>
-            <directory suffix="Test.php">./packages/dynamic/tests/Integration</directory>
             <directory suffix="Test.php">./packages/evals/tests/Integration</directory>
             <directory suffix="Test.php">./packages/events/tests/Integration</directory>
             <directory suffix="Test.php">./packages/experimental/tests/Integration</directory>
@@ -92,6 +91,7 @@
             <directory suffix="Test.php">./packages/tell/tests/Integration</directory>
             <directory suffix="Test.php">./packages/templates/tests/Integration</directory>
             <directory suffix="Test.php">./packages/utils/tests/Integration</directory>
+            <directory suffix="Test.php">./packages/sandbox/tests/Integration</directory>
             <directory suffix="Test.php">./packages/http-pool/tests/Integration</directory>
         </testsuite>
         <testsuite name="Regression">
@@ -118,7 +118,6 @@
             <directory suffix="Test.php">./packages/tell/tests/Regression</directory>
             <directory suffix="Test.php">./packages/templates/tests/Regression</directory>
             <directory suffix="Test.php">./packages/utils/tests/Regression</directory>
-            <directory suffix="Test.php">./packages/sandbox/tests/Regression</directory>
         </testsuite>
     </testsuites>
     <source>
