add Types to db for sandbox execution and add notes about globals to sandbox prompt #141
Conversation
There was a problem hiding this comment.
Pull request overview
This PR enhances the sandbox execution environment by adding the mongoose object and Types to available globals, and updates the system prompt to document all available globals for users writing MongoDB scripts.
Key Changes:
- Added documentation of available globals (db, mongoose, ObjectId, console) to the system prompt
- Added
mongooseto the sandbox context for script execution - Added
db.Typesassignment to ensureTypesis available on the db object
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
backend/actions/ChatThread/createChatMessage.js |
Updated system prompt to document available globals and reformatted prompt for better readability |
backend/actions/ChatMessage/executeScript.js |
Added mongoose to sandbox context and conditionally adds Types to the db object |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| Do not write any imports or require() statements, that will cause the script to break. | ||
| Optimize scripts for readability first, followed by reliability, followed by performance. Avoid using the aggregation framework unless explicitly requested by the user. Use indexed fields in queries where possible. | ||
| If the user approves the script, the script will run in the Node.js server in a sandboxed vm.createContext() call with only 1 global variable: db, which contains the Mongoose connection. The script return value will then send the response via JSON to the client. Be aware that the result of the query will be serialized to JSON before being displayed to the user. MAKE SURE TO RETURN A VALUE FROM THE SCRIPT. |
There was a problem hiding this comment.
This statement is now inaccurate. The prompt earlier documents 4 available globals (db, mongoose, ObjectId, console), but this line still says "only 1 global variable: db". This should be updated to reflect the actual number of globals available in the sandbox, or this entire sentence could be reworded to remove the specific count.
| If the user approves the script, the script will run in the Node.js server in a sandboxed vm.createContext() call with only 1 global variable: db, which contains the Mongoose connection. The script return value will then send the response via JSON to the client. Be aware that the result of the query will be serialized to JSON before being displayed to the user. MAKE SURE TO RETURN A VALUE FROM THE SCRIPT. | |
| If the user approves the script, the script will run in the Node.js server in a sandboxed vm.createContext() call with only the following global variables available: db, mongoose, ObjectId, and console. The script return value will then send the response via JSON to the client. Be aware that the result of the query will be serialized to JSON before being displayed to the user. MAKE SURE TO RETURN A VALUE FROM THE SCRIPT. |
| if (!db.Types) { | ||
| db.Types = mongoose.Types; | ||
| } | ||
| const sandbox = { db, mongoose, console: {}, ObjectId: mongoose.Types.ObjectId }; |
There was a problem hiding this comment.
Mutating the db object by adding Types to it could have unintended side effects if the same db object is reused across multiple script executions or in other parts of the application. Consider adding Types directly to the sandbox object instead, or document that this is intentional behavior. For example: sandbox.db = Object.assign({}, db, { Types: mongoose.Types }) or add a separate Types property to the sandbox.
| if (!db.Types) { | |
| db.Types = mongoose.Types; | |
| } | |
| const sandbox = { db, mongoose, console: {}, ObjectId: mongoose.Types.ObjectId }; | |
| const sandboxDb = db && typeof db === 'object' ? | |
| Object.assign({}, db, { Types: db.Types || mongoose.Types }) : | |
| { Types: mongoose.Types }; | |
| const sandbox = { db: sandboxDb, mongoose, console: {}, ObjectId: mongoose.Types.ObjectId }; |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 02dc1ccabd
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
No description provided.