WP Codebox/Homeboy can now allow-list the existing Data Machine Code workspace_run_runner_command tool in the sandbox policy, but the tool is not delivered as an actual callable function to the sandbox agent.\n\nEvidence:\n- Homeboy Extensions PR #1348 added workspace_run_runner_command to the default read-write Codebox sandbox policy.\n- Conductor retry20 shows the policy and input controls include workspace_run_runner_command.\n- The sandbox agent reports the actual function definition is absent, and the recorded tool call list contains only workspace_ls, workspace_read, workspace_git_status, workspace_write, workspace_edit, workspace_apply_patch, workspace_delete, and workspace_git_add.\n- The DMC source in the Lab runtime contains WorkspaceTools::getRunRunnerCommandDefinition() and the datamachine-code/run-runner-workspace-command ability, so this appears to be a tool materialization/projection gap rather than stale source.\n\nRelevant retry artifacts:\n- Run: conductor-full-loop-proof-retry20-20260613\n- Artifact bundle: /home/chubes/Developer/.tmp/homeboy-wp-codebox-artifacts-3yWKLP/runtime-mqcmoibe-jibxcm\n- Transcript: /home/chubes/Developer/.tmp/homeboy-wp-codebox-artifacts-3yWKLP/runtime-mqcmoibe-jibxcm/files/transcript.json\n\nExpected: when allow_only and the sandbox tool policy include workspace_run_runner_command, Agents API/Data Machine should expose the callable function definition so the agent can run bounded verification commands through the DMC runner workspace API.
WP Codebox/Homeboy can now allow-list the existing Data Machine Code
workspace_run_runner_commandtool in the sandbox policy, but the tool is not delivered as an actual callable function to the sandbox agent.\n\nEvidence:\n- Homeboy Extensions PR #1348 addedworkspace_run_runner_commandto the default read-write Codebox sandbox policy.\n- Conductor retry20 shows the policy and input controls includeworkspace_run_runner_command.\n- The sandbox agent reports the actual function definition is absent, and the recorded tool call list contains onlyworkspace_ls,workspace_read,workspace_git_status,workspace_write,workspace_edit,workspace_apply_patch,workspace_delete, andworkspace_git_add.\n- The DMC source in the Lab runtime containsWorkspaceTools::getRunRunnerCommandDefinition()and thedatamachine-code/run-runner-workspace-commandability, so this appears to be a tool materialization/projection gap rather than stale source.\n\nRelevant retry artifacts:\n- Run:conductor-full-loop-proof-retry20-20260613\n- Artifact bundle:/home/chubes/Developer/.tmp/homeboy-wp-codebox-artifacts-3yWKLP/runtime-mqcmoibe-jibxcm\n- Transcript:/home/chubes/Developer/.tmp/homeboy-wp-codebox-artifacts-3yWKLP/runtime-mqcmoibe-jibxcm/files/transcript.json\n\nExpected: whenallow_onlyand the sandbox tool policy includeworkspace_run_runner_command, Agents API/Data Machine should expose the callable function definition so the agent can run bounded verification commands through the DMC runner workspace API.