Fix v1 MCP setup in task sandboxes

[xeophon]

Summary

• make v1 sandbox package installs ignore image-level pip config/env settings
• provision Python 3.11 for MCP proxy packages when a task image has python3 < 3.10
• have MCP proxy commands use the recorded interpreter path

Testing

• uv run ruff format
• uv run ruff check --fix
• uv run pytest tests/test_v1_runtime_lifecycle.py -q
• uv run pytest tests/test_v1_harbor_cli.py -q
• uv run pre-commit run --files tests/test_v1_runtime_lifecycle.py tests/test_v1_harbor_cli.py verifiers/v1/utils/sandbox_utils.py verifiers/v1/utils/mcp_proxy_utils.py
• targeted old-Python SWE-bench Pro sandbox setup: installed mcp/requests and imported both with /tmp/vf_mcp_python
• 3x1 GPT-5.5 + OpenCode smoke got past the original pip-index failure and ran real rollouts; remaining 0-turn failure was traced to python3 < 3.10 and fixed by the targeted setup check

---

Note

Medium Risk
Touches sandbox bootstrap shell commands for package installation and MCP proxy startup; regressions could break tool availability or sandbox setup across different base images/Python versions.

Overview
Fixes v1 MCP sandbox reliability by hardening package installation and making the MCP proxy run under the correct interpreter.

Sandbox package installs now ignore image-provided pip configuration/env (e.g. PIP_INDEX_URL) and, when installing mcp on images with Python < 3.10, provision a Python 3.11 interpreter via uv and record its path in MCP_PROXY_PYTHON_PATH.

The MCP proxy launch command is updated to run via /bin/sh -lc and prefer the recorded interpreter path (falling back to python3), and tests are updated/added to assert the new behavior.

^{Reviewed by Cursor Bugbot for commit 1049158. Bugbot is set up for automated code reviews on this repo. Configure here.}

Note

Fix MCP proxy setup in v1 task sandboxes to use a dynamically resolved Python interpreter

• proxy_command now returns a /bin/sh -lc shell invocation that reads the preferred Python path from /tmp/vf_mcp_python (set as MCP_PROXY_PYTHON_PATH), falling back to python3 if absent.
• python_package_install_command now strips image-level pip config (PIP_CONFIG_FILE, PIP_INDEX_URL, etc.) before installing packages, preventing base-image pip settings from interfering.
• When any requested package starts with mcp and the current Python is < 3.10, the install script bootstraps uv, installs Python 3.11, and writes the new interpreter path to MCP_PROXY_PYTHON_PATH so proxy_command picks it up at runtime.
• Behavioral Change: MCP proxy no longer runs under a hardcoded python3 binary; the interpreter is now resolved at runtime from a file written during package installation.

^{Macroscope summarized 1049158.}

[macroscopeapp]

Approvability

Verdict: Needs human review

This PR introduces significant runtime behavioral changes to sandbox setup, including automatic Python version detection and installation, environment variable isolation, and shell command wrapping. The complexity and runtime impact of these changes warrant human review.

^{You can customize Macroscope's approvability policy. Learn more.}