feat(fly): add FlyCloudBucketMountStrategy for cloud-bucket mounts

Adds rclone-backed mount strategy for AWS S3 / Cloudflare R2 / Google
Cloud Storage / Azure Blob / Box mounts on Fly sandboxes. Mirrors the
E2B / Daytona / Runloop pattern: lazy-installs rclone (and the fuse
package) via apt-get if not already in the sprite image, writes a
per-session rclone config, runs `rclone mount` in daemon mode, and
tears down via `fusermount -u` on session/snapshot stop.

Sprite VMs run as the unprivileged ``sprite`` user but have passwordless
sudo; ``FlySandboxSession.exec`` rejects ``user=`` kwargs, so the
install path prefixes ``sudo -n`` instead of escalating through the
framework.

Discriminator: ``fly_cloud_bucket``. Registered through the polymorphic
MountStrategyBase registry. Compat-guard parametrize entries pin the
public export and the discriminator string.

20 new unit tests in tests/extensions/test_sandbox_fly.py cover the
rclone-installed path, the lazy-install path, the install-failure
error mapping, FUSE-support detection (with kernel and fusermount
probes), the per-session pattern adjustment, the session-type guard,
and JSON roundtrip through the manifest and registry.
docs/sandbox/clients.md storage-entries matrix updated to show ✓ for
S3/R2/GCS/Azure/Box on Fly.

Author: vaurdan

docs/sandbox/clients.md

@@ -114,7 +114,7 @@ Hosted sandbox clients expose provider-specific mount strategies. Choose the bac
 | `DaytonaSandboxClient` | Supports rclone-backed cloud storage mounts with `DaytonaCloudBucketMountStrategy`; use it with `S3Mount`, `GCSMount`, `R2Mount`, `AzureBlobMount`, and `BoxMount`. |
 | `E2BSandboxClient` | Supports rclone-backed cloud storage mounts with `E2BCloudBucketMountStrategy`; use it with `S3Mount`, `GCSMount`, `R2Mount`, `AzureBlobMount`, and `BoxMount`. |
 | `RunloopSandboxClient` | Supports rclone-backed cloud storage mounts with `RunloopCloudBucketMountStrategy`; use it with `S3Mount`, `GCSMount`, `R2Mount`, `AzureBlobMount`, and `BoxMount`. |
-| `FlySandboxClient` | No hosted-specific mount strategy is currently exposed. Use manifest files, repos, or other workspace inputs instead. Sprites exposes at most one external HTTP port per sprite (declared as a service in the sprite image); other ports must be reverse-proxied inside the VM. |
+| `FlySandboxClient` | Supports rclone-backed cloud storage mounts with `FlyCloudBucketMountStrategy`; use it with `S3Mount`, `GCSMount`, `R2Mount`, `AzureBlobMount`, and `BoxMount`. The strategy lazy-installs `rclone` and `fuse` via `sudo apt-get` if the sprite image does not preinstall them. Sprites exposes at most one external HTTP port per sprite (declared as a service in the sprite image); other ports must be reverse-proxied inside the VM. |
 | `VercelSandboxClient` | No hosted-specific mount strategy is currently exposed. Use manifest files, repos, or other workspace inputs instead. |
 
 </div>
@@ -132,7 +132,7 @@ The table below summarizes which remote storage entries each backend can mount d
 | `DaytonaSandboxClient` | ✓ | ✓ | ✓ | ✓ | ✓ | - |
 | `E2BSandboxClient` | ✓ | ✓ | ✓ | ✓ | ✓ | - |
 | `RunloopSandboxClient` | ✓ | ✓ | ✓ | ✓ | ✓ | - |
-| `FlySandboxClient` | - | - | - | - | - | - |
+| `FlySandboxClient` | ✓ | ✓ | ✓ | ✓ | ✓ | - |
 | `VercelSandboxClient` | - | - | - | - | - | - |
 
 </div>

examples/sandbox/extensions/README.md

@@ -372,6 +372,12 @@ exposes at most one external HTTP port per sprite — declare it as a service
 with `--http-port` in the sprite image, then reference it via
 `FlySandboxClientOptions(exposed_ports=(<port>,))`.
 
+For cloud-bucket mounts, attach `FlyCloudBucketMountStrategy` from
+`agents.extensions.sandbox.flyio` to any rclone-compatible mount type
+(`S3Mount`, `R2Mount`, `GCSMount`, `AzureBlobMount`, `BoxMount`). The strategy
+lazy-installs `rclone` and the `fuse` package via `sudo apt-get` on first use
+if the sprite image does not preinstall them.
+
 ## Blaxel
 
 ### Setup

src/agents/extensions/sandbox/__init__.py

@@ -116,6 +116,7 @@
         DEFAULT_FLY_SANDBOX_WAIT_FOR_RUNNING_TIMEOUT_S as DEFAULT_FLY_SANDBOX_WAIT_FOR_RUNNING_TIMEOUT_S,  # noqa: E501
         DEFAULT_FLY_SANDBOX_WORKSPACE_ROOT as DEFAULT_FLY_SANDBOX_WORKSPACE_ROOT,
         FlyCheckpoints as FlyCheckpoints,
+        FlyCloudBucketMountStrategy as FlyCloudBucketMountStrategy,
         FlyPlatformContext as FlyPlatformContext,
         FlySandboxClient as FlySandboxClient,
         FlySandboxClientOptions as FlySandboxClientOptions,
@@ -235,6 +236,7 @@
             "DEFAULT_FLY_SANDBOX_WAIT_FOR_RUNNING_TIMEOUT_S",
             "DEFAULT_FLY_SANDBOX_WORKSPACE_ROOT",
             "FlyCheckpoints",
+            "FlyCloudBucketMountStrategy",
             "FlyPlatformContext",
             "FlySandboxClient",
             "FlySandboxClientOptions",

src/agents/extensions/sandbox/flyio/__init__.py

@@ -8,6 +8,7 @@
     UrlVisibility,
     clear_platform_context_cache,
 )
+from .mounts import FlyCloudBucketMountStrategy
 from .sandbox import (
     DEFAULT_FLY_SANDBOX_API_URL,
     DEFAULT_FLY_SANDBOX_WAIT_FOR_RUNNING_TIMEOUT_S,
@@ -24,6 +25,7 @@
     "DEFAULT_FLY_SANDBOX_WAIT_FOR_RUNNING_TIMEOUT_S",
     "DEFAULT_FLY_SANDBOX_WORKSPACE_ROOT",
     "FlyCheckpoints",
+    "FlyCloudBucketMountStrategy",
     "FlyPlatformContext",
     "FlySandboxClient",
     "FlySandboxClientOptions",

src/agents/extensions/sandbox/flyio/mounts.py

@@ -0,0 +1,230 @@
+"""Mount strategy for Fly sandboxes."""
+
+from __future__ import annotations
+
+from pathlib import Path
+from typing import Literal
+
+from ....sandbox.entries.mounts.base import InContainerMountStrategy, Mount, MountStrategyBase
+from ....sandbox.entries.mounts.patterns import RcloneMountPattern
+from ....sandbox.errors import MountConfigError
+from ....sandbox.materialization import MaterializedFile
+from ....sandbox.session.base_sandbox_session import BaseSandboxSession
+
+# Sprite VMs run as the unprivileged ``sprite`` user with passwordless sudo.
+# ``FlySandboxSession.exec`` rejects ``user=`` kwargs, so we prefix privileged
+# commands with ``sudo -n`` instead of escalating through the framework.
+_SUDO = "sudo -n"
+_APT = (
+    f"{_SUDO} env DEBIAN_FRONTEND=noninteractive DEBCONF_NOWARNINGS=yes apt-get -o Dpkg::Use-Pty=0"
+)
+_RCLONE_CHECK = "command -v rclone >/dev/null 2>&1 || test -x /usr/local/bin/rclone"
+_FUSERMOUNT_CHECK = (
+    "command -v fusermount3 >/dev/null 2>&1 || command -v fusermount >/dev/null 2>&1"
+)
+_INSTALL_RCLONE_COMMANDS = (
+    f"{_APT} update -qq",
+    f"{_APT} install -y -qq curl unzip ca-certificates fuse",
+    f"curl -fsSL https://rclone.org/install.sh | {_SUDO} bash",
+)
+# fuse package brings ``fusermount`` along — install it together with rclone
+# so the FUSE-mode mount path works out-of-the-box on stock sprite images.
+_INSTALL_FUSE_COMMANDS = (
+    f"{_APT} update -qq",
+    f"{_APT} install -y -qq fuse",
+)
+_FUSE_ALLOW_OTHER = (
+    f"{_SUDO} chmod a+rw /dev/fuse && "
+    f"{_SUDO} touch /etc/fuse.conf && "
+    "(grep -qxF user_allow_other /etc/fuse.conf || "
+    f"printf '\\nuser_allow_other\\n' | {_SUDO} tee -a /etc/fuse.conf >/dev/null)"
+)
+
+
+async def _ensure_fuse_support(session: BaseSandboxSession) -> None:
+    kernel = await session.exec(
+        "sh",
+        "-lc",
+        "test -c /dev/fuse && grep -qw fuse /proc/filesystems",
+        shell=False,
+    )
+    if not kernel.ok():
+        raise MountConfigError(
+            message="Fly cloud bucket mounts require FUSE support in the kernel",
+            context={"missing": "fuse"},
+        )
+
+    fusermount = await session.exec("sh", "-lc", _FUSERMOUNT_CHECK, shell=False)
+    if not fusermount.ok():
+        apt = await session.exec("sh", "-lc", "command -v apt-get >/dev/null 2>&1", shell=False)
+        if not apt.ok():
+            raise MountConfigError(
+                message="fusermount is not installed and apt-get is unavailable; "
+                "preinstall the fuse package",
+                context={"package": "fuse"},
+            )
+        for command in _INSTALL_FUSE_COMMANDS:
+            install = await session.exec("sh", "-lc", command, shell=False, timeout=300)
+            if not install.ok():
+                raise MountConfigError(
+                    message="failed to install fuse",
+                    context={"package": "fuse", "exit_code": install.exit_code},
+                )
+        recheck = await session.exec("sh", "-lc", _FUSERMOUNT_CHECK, shell=False)
+        if not recheck.ok():
+            raise MountConfigError(
+                message="fuse was installed but fusermount is still not on PATH",
+                context={"package": "fuse"},
+            )
+
+    chmod_result = await session.exec("sh", "-lc", _FUSE_ALLOW_OTHER, shell=False, timeout=30)
+    if not chmod_result.ok():
+        raise MountConfigError(
+            message="failed to make /dev/fuse accessible",
+            context={"exit_code": chmod_result.exit_code},
+        )
+
+
+async def _ensure_rclone(session: BaseSandboxSession) -> None:
+    rclone = await session.exec("sh", "-lc", _RCLONE_CHECK, shell=False)
+    if rclone.ok():
+        return
+
+    apt = await session.exec("sh", "-lc", "command -v apt-get >/dev/null 2>&1", shell=False)
+    if not apt.ok():
+        raise MountConfigError(
+            message="rclone is not installed and apt-get is unavailable; preinstall rclone",
+            context={"package": "rclone"},
+        )
+
+    for command in _INSTALL_RCLONE_COMMANDS:
+        install = await session.exec("sh", "-lc", command, shell=False, timeout=300)
+        if not install.ok():
+            raise MountConfigError(
+                message="failed to install rclone",
+                context={"package": "rclone", "exit_code": install.exit_code},
+            )
+
+    rclone = await session.exec("sh", "-lc", _RCLONE_CHECK, shell=False)
+    if not rclone.ok():
+        raise MountConfigError(
+            message="rclone was installed but is still not available on PATH",
+            context={"package": "rclone"},
+        )
+
+
+async def _default_user_ids(session: BaseSandboxSession) -> tuple[str, str] | None:
+    result = await session.exec("sh", "-lc", "id -u; id -g", shell=False, timeout=30)
+    if not result.ok():
+        return None
+
+    lines = result.stdout.decode("utf-8", errors="replace").splitlines()
+    if len(lines) < 2 or not lines[0].isdigit() or not lines[1].isdigit():
+        return None
+    return lines[0], lines[1]
+
+
+def _append_option(args: list[str], option: str, *values: str) -> None:
+    if option not in args:
+        args.extend([option, *values])
+
+
+async def _rclone_pattern_for_session(
+    session: BaseSandboxSession,
+    pattern: RcloneMountPattern,
+) -> RcloneMountPattern:
+    if pattern.mode != "fuse":
+        return pattern
+
+    extra_args = list(pattern.extra_args)
+    _append_option(extra_args, "--allow-other")
+    user_ids = await _default_user_ids(session)
+    if user_ids is not None:
+        uid, gid = user_ids
+        _append_option(extra_args, "--uid", uid)
+        _append_option(extra_args, "--gid", gid)
+
+    return pattern.model_copy(update={"extra_args": extra_args})
+
+
+def _assert_fly_session(session: BaseSandboxSession) -> None:
+    if type(session).__name__ != "FlySandboxSession":
+        raise MountConfigError(
+            message="fly cloud bucket mounts require a FlySandboxSession",
+            context={"session_type": type(session).__name__},
+        )
+
+
+class FlyCloudBucketMountStrategy(MountStrategyBase):
+    """Mount rclone-backed cloud storage in Fly sandboxes."""
+
+    type: Literal["fly_cloud_bucket"] = "fly_cloud_bucket"
+    pattern: RcloneMountPattern = RcloneMountPattern(mode="fuse")
+
+    def _delegate(self) -> InContainerMountStrategy:
+        return InContainerMountStrategy(pattern=self.pattern)
+
+    async def _delegate_for_session(self, session: BaseSandboxSession) -> InContainerMountStrategy:
+        return InContainerMountStrategy(
+            pattern=await _rclone_pattern_for_session(session, self.pattern)
+        )
+
+    def validate_mount(self, mount: Mount) -> None:
+        self._delegate().validate_mount(mount)
+
+    async def activate(
+        self,
+        mount: Mount,
+        session: BaseSandboxSession,
+        dest: Path,
+        base_dir: Path,
+    ) -> list[MaterializedFile]:
+        _assert_fly_session(session)
+        if self.pattern.mode == "fuse":
+            await _ensure_fuse_support(session)
+        await _ensure_rclone(session)
+        delegate = await self._delegate_for_session(session)
+        return await delegate.activate(mount, session, dest, base_dir)
+
+    async def deactivate(
+        self,
+        mount: Mount,
+        session: BaseSandboxSession,
+        dest: Path,
+        base_dir: Path,
+    ) -> None:
+        _assert_fly_session(session)
+        await self._delegate().deactivate(mount, session, dest, base_dir)
+
+    async def teardown_for_snapshot(
+        self,
+        mount: Mount,
+        session: BaseSandboxSession,
+        path: Path,
+    ) -> None:
+        _assert_fly_session(session)
+        await self._delegate().teardown_for_snapshot(mount, session, path)
+
+    async def restore_after_snapshot(
+        self,
+        mount: Mount,
+        session: BaseSandboxSession,
+        path: Path,
+    ) -> None:
+        _assert_fly_session(session)
+        if self.pattern.mode == "fuse":
+            await _ensure_fuse_support(session)
+        await _ensure_rclone(session)
+        delegate = await self._delegate_for_session(session)
+        await delegate.restore_after_snapshot(mount, session, path)
+
+    def build_docker_volume_driver_config(
+        self,
+        mount: Mount,
+    ) -> tuple[str, dict[str, str], bool] | None:
+        return None
+
+
+__all__ = [
+    "FlyCloudBucketMountStrategy",
+]