@agentgrader/sandbox-docker 1.0.0

package/dist/index.d.ts

@@ -0,0 +1,29 @@
+import { SandboxHandle, PatchApplyResult, SandboxProvider } from '@agentgrader/core';
+import Docker from 'dockerode';
+
+declare class DockerSandboxHandle implements SandboxHandle {
+    private container;
+    constructor(container: Docker.Container);
+    exec(cmd: string): Promise<{
+        stdout: string;
+        stderr: string;
+        exitCode: number;
+    }>;
+    writeFile(path: string, content: string): Promise<void>;
+    readFile(path: string): Promise<string>;
+    gitDiff(): Promise<string>;
+    applyPatch(diff: string): Promise<PatchApplyResult>;
+    destroy(): Promise<void>;
+}
+declare class DockerSandboxProvider implements SandboxProvider {
+    readonly name = "docker";
+    private docker;
+    constructor();
+    create(opts: {
+        image?: string;
+        gitSnapshot?: string;
+        toolkits?: string[];
+    }): Promise<SandboxHandle>;
+}
+
+export { DockerSandboxHandle, DockerSandboxProvider };

package/dist/index.js

@@ -0,0 +1,212 @@
+import { spawn } from 'child_process';
+import { existsSync } from 'fs';
+import { resolve } from 'path';
+import { Writable } from 'stream';
+import Docker from 'dockerode';
+
+// src/index.ts
+var DockerSandboxHandle = class {
+  container;
+  constructor(container) {
+    this.container = container;
+  }
+  async exec(cmd) {
+    const exec = await this.container.exec({
+      Cmd: ["sh", "-c", cmd],
+      AttachStdout: true,
+      AttachStderr: true,
+      WorkingDir: "/app"
+    });
+    const stream = await exec.start({});
+    const stdoutBuffer = [];
+    const stderrBuffer = [];
+    const stdoutWritable = new Writable({
+      write(chunk, encoding, callback) {
+        stdoutBuffer.push(chunk.toString());
+        callback();
+      }
+    });
+    const stderrWritable = new Writable({
+      write(chunk, encoding, callback) {
+        stderrBuffer.push(chunk.toString());
+        callback();
+      }
+    });
+    this.container.modem.demuxStream(stream, stdoutWritable, stderrWritable);
+    let running = true;
+    let inspectData;
+    while (running) {
+      inspectData = await exec.inspect();
+      running = inspectData.Running;
+      if (running) {
+        await new Promise((resolve2) => setTimeout(resolve2, 50));
+      }
+    }
+    return {
+      stdout: stdoutBuffer.join(""),
+      stderr: stderrBuffer.join(""),
+      exitCode: inspectData?.ExitCode ?? 0
+    };
+  }
+  async writeFile(path, content) {
+    await this.exec(`mkdir -p $(dirname "${path}")`);
+    const exec = await this.container.exec({
+      Cmd: ["sh", "-c", `cat > "${path}"`],
+      AttachStdin: true,
+      AttachStdout: false,
+      AttachStderr: false,
+      WorkingDir: "/app"
+    });
+    const stream = await exec.start({ hijack: true, stdin: true });
+    await new Promise((resolve2, reject) => {
+      stream.write(content, (err) => {
+        if (err) {
+          reject(err);
+        } else {
+          stream.end();
+          resolve2();
+        }
+      });
+    });
+    await new Promise((resolve2) => setTimeout(resolve2, 100));
+  }
+  async readFile(path) {
+    const res = await this.exec(`cat "${path}"`);
+    if (res.exitCode !== 0) {
+      throw new Error(`Failed to read file ${path}: ${res.stderr}`);
+    }
+    return res.stdout;
+  }
+  async gitDiff() {
+    const res = await this.exec("git diff");
+    return res.stdout;
+  }
+  async applyPatch(diff) {
+    if (!diff || !diff.trim()) {
+      return { applied: true, repaired: false, output: "Empty patch - nothing to apply." };
+    }
+    const patchPath = `/tmp/agr-patch-${Date.now()}-${Math.random().toString(36).slice(2)}.diff`;
+    await this.writeFile(patchPath, diff.endsWith("\n") ? diff : `${diff}
+`);
+    const attempts = [
+      { label: "git apply", cmd: `git apply --whitespace=nowarn "${patchPath}"`, repaired: false },
+      {
+        label: "git apply --3way",
+        cmd: `git apply --3way --whitespace=nowarn "${patchPath}"`,
+        repaired: true
+      },
+      {
+        label: "patch --fuzz=3",
+        cmd: `patch -p1 --fuzz=3 --batch < "${patchPath}"`,
+        repaired: true
+      }
+    ];
+    const log = [];
+    for (const attempt of attempts) {
+      const res = await this.exec(attempt.cmd);
+      log.push(`$ ${attempt.label}
+${res.stdout}${res.stderr}`.trim());
+      if (res.exitCode === 0) {
+        await this.exec(`rm -f "${patchPath}"`);
+        return { applied: true, repaired: attempt.repaired, output: log.join("\n\n") };
+      }
+    }
+    await this.exec(`rm -f "${patchPath}"`);
+    return { applied: false, repaired: false, output: log.join("\n\n") };
+  }
+  async destroy() {
+    try {
+      await this.container.stop();
+    } catch (e) {
+    }
+    try {
+      await this.container.remove({ force: true });
+    } catch (e) {
+    }
+  }
+};
+async function copyDirToContainer(container, localPath, containerPath, excludes = []) {
+  const args = ["--no-xattrs"];
+  for (const exclude of excludes) {
+    args.push("--exclude", exclude);
+  }
+  args.push("-cf", "-", "-C", localPath, ".");
+  const tarProcess = spawn("tar", args, {
+    env: {
+      ...process.env,
+      COPYFILE_DISABLE: "1"
+    }
+  });
+  await new Promise((resolve2, reject) => {
+    container.putArchive(tarProcess.stdout, { path: containerPath }, (err) => {
+      if (err) reject(err);
+      else resolve2();
+    });
+  });
+  await new Promise((resolve2, reject) => {
+    tarProcess.on("close", (code) => {
+      if (code === 0) resolve2();
+      else reject(new Error(`tar process exited with code ${code}`));
+    });
+    tarProcess.on("error", (err) => reject(err));
+  });
+}
+var DockerSandboxProvider = class {
+  name = "docker";
+  docker;
+  constructor() {
+    this.docker = new Docker();
+  }
+  async create(opts) {
+    const image = opts.image || "node:20";
+    let imageExists = false;
+    try {
+      await this.docker.getImage(image).inspect();
+      imageExists = true;
+    } catch (e) {
+    }
+    if (!imageExists) {
+      console.log(`Docker image "${image}" not found locally. Pulling...`);
+      const stream = await this.docker.pull(image);
+      await new Promise((resolve2, reject) => {
+        this.docker.modem.followProgress(stream, (err, res) => {
+          if (err) reject(err);
+          else resolve2();
+        });
+      });
+      console.log(`Docker image "${image}" successfully pulled.`);
+    }
+    const container = await this.docker.createContainer({
+      Image: image,
+      Cmd: ["tail", "-f", "/dev/null"],
+      Tty: true,
+      WorkingDir: "/app"
+    });
+    await container.start();
+    const handle = new DockerSandboxHandle(container);
+    await handle.exec("mkdir -p /app");
+    if (opts.gitSnapshot) {
+      const localPath = resolve(opts.gitSnapshot);
+      if (existsSync(localPath)) {
+        await copyDirToContainer(container, localPath, "/app");
+      }
+    }
+    await handle.exec(
+      "git init && git config user.email 'agent@agentgrader.local' && git config user.name 'Agentgrader' && git add -A && git commit -m 'initial' || true"
+    );
+    for (const toolkitOpt of opts.toolkits ?? []) {
+      const toolkitPath = resolve(toolkitOpt);
+      if (!existsSync(toolkitPath)) continue;
+      await copyDirToContainer(container, toolkitPath, "/app", ["bin"]);
+      const binPath = resolve(toolkitPath, "bin");
+      if (existsSync(binPath)) {
+        await handle.exec("mkdir -p /usr/local/bin");
+        await copyDirToContainer(container, binPath, "/usr/local/bin");
+        await handle.exec("chmod +x /usr/local/bin/* || true");
+      }
+    }
+    return handle;
+  }
+};
+
+export { DockerSandboxHandle, DockerSandboxProvider };

package/package.json

@@ -0,0 +1,34 @@
+{
+  "name": "@agentgrader/sandbox-docker",
+  "version": "1.0.0",
+  "description": "Docker-based SandboxProvider implementation for the Agentgrader framework",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup src/index.ts --format esm --dts --clean --treeshake",
+    "build:watch": "tsup src/index.ts --format esm --dts --watch"
+  },
+  "dependencies": {
+    "@agentgrader/core": "workspace:*",
+    "dockerode": "^4.0.2"
+  },
+  "devDependencies": {
+    "@types/dockerode": "^3.3.31",
+    "tsup": "^8.5.1"
+  },
+  "peerDependencies": {
+    "@agentgrader/core": "^1.0.0"
+  }
+}