npm - @dcyfr/ai - Versions diffs - 2.1.3 → 3.0.0 - Mend

@dcyfr/ai 2.1.3 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (468) hide show

package/dist/ai/src/container/local-docker-backend.js ADDED Viewed

@@ -0,0 +1,362 @@
+/**
+ * LocalDockerBackend
+ * TLP:CLEAR
+ *
+ * ContainerExecutionBackend implementation backed by the local Docker daemon.
+ * Designed for workbench development and CI; production scale-out uses
+ * RemoteDockerBackend or KubernetesBackend (Phase 4).
+ *
+ * Concurrency: max 3 simultaneous containers (configurable via constructor).
+ * Each container gets an ephemeral name (dcyfr-agent-<uuid8>) so multiple
+ * concurrent runs never collide.
+ *
+ * @module container/local-docker-backend
+ * @version 1.0.0
+ * @date 2026-03-01
+ */
+import { spawn, execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { randomUUID } from 'node:crypto';
+import { mkdtempSync, writeFileSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { DEFAULT_CONTAINER_RESOURCE_LIMITS, ContainerConcurrencyLimitError, } from './types.js';
+const execFileAsync = promisify(execFile);
+/** Name prefix for all containers managed by this backend. */
+const CONTAINER_PREFIX = 'dcyfr-agent';
+// ---------------------------------------------------------------------------
+// Implementation
+// ---------------------------------------------------------------------------
+export class LocalDockerBackend {
+    backendType = 'local-docker';
+    maxConcurrent;
+    defaultImage;
+    extraDockerFlags;
+    /**
+     * In-memory tracking of active containers keyed by containerId.
+     * This is intentionally simple — a process restart clears it.
+     * The delegation contract manager is the authoritative state store.
+     */
+    active = new Map();
+    secretDirs = new Map();
+    constructor(options = {}) {
+        this.maxConcurrent = options.maxConcurrent ?? 3;
+        this.defaultImage = options.defaultImage ?? 'dcyfr/agent:latest';
+        this.extraDockerFlags = options.extraDockerFlags ?? [];
+    }
+    // ── Health check ───────────────────────────────────────────────────────────
+    async healthCheck() {
+        try {
+            const { stdout } = await execFileAsync('docker', [
+                'version',
+                '--format',
+                '{{.Server.Version}}',
+            ]);
+            return {
+                available: true,
+                backendType: this.backendType,
+                version: stdout.trim(),
+                details: { maxConcurrent: this.maxConcurrent, active: this.active.size },
+            };
+        }
+        catch (error) {
+            return {
+                available: false,
+                backendType: this.backendType,
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+    // ── Provision ──────────────────────────────────────────────────────────────
+    async provision(config) {
+        if (this.active.size >= this.maxConcurrent) {
+            throw new ContainerConcurrencyLimitError(this.maxConcurrent, this.active.size);
+        }
+        const limits = this.resolveResourceLimits(config.resourceLimits);
+        const containerName = this.generateContainerName();
+        const image = config.image || this.defaultImage;
+        const tokenSecretPath = this.createGithubTokenSecret(config.githubToken, containerName);
+        const runArgs = this.buildRunArgs(containerName, config, limits, image, tokenSecretPath);
+        // Spawn detached so provision() returns immediately while the container runs.
+        // stdout/stderr are piped — callers consume them via streamLogs() / waitForExit().
+        const proc = spawn('docker', runArgs, { stdio: 'pipe', detached: false });
+        const handle = {
+            containerId: containerName, // Use name as ID until we get the real Docker ID
+            containerName,
+            startedAt: new Date(),
+            backendType: this.backendType,
+            config: this.redactConfig(config),
+        };
+        // Fetch the real Docker container ID asynchronously (best-effort)
+        this.resolveContainerId(containerName).then((dockerId) => {
+            if (dockerId) {
+                // Update in-place — callers already hold a reference to the same object
+                handle.containerId = dockerId;
+            }
+        }).catch(() => { });
+        // Store proc reference on the handle via a side channel so waitForExit() can await it.
+        // We use a non-enumerable property to avoid leaking the process into serialized output.
+        Object.defineProperty(handle, '_proc', { value: proc, enumerable: false, writable: true });
+        this.active.set(containerName, handle);
+        // Auto-remove from active map when process exits
+        proc.on('exit', () => {
+            this.active.delete(containerName);
+            this.cleanupSecret(containerName);
+        });
+        // Throw on immediate spawn errors (e.g., docker binary not found)
+        await new Promise((resolve, reject) => {
+            proc.on('spawn', resolve);
+            proc.on('error', reject);
+            // If neither fires within 5 s the process is already running
+            setTimeout(resolve, 5_000);
+        });
+        return handle;
+    }
+    // ── Log streaming ──────────────────────────────────────────────────────────
+    async *streamLogs(handle) {
+        // Prefer the live process pipe if available (provision() just called)
+        const proc = handle._proc;
+        if (proc?.stdout) {
+            for await (const chunk of proc.stdout) {
+                const text = chunk.toString('utf8');
+                for (const line of text.split('\n')) {
+                    if (line.trim()) {
+                        yield {
+                            timestamp: new Date(),
+                            stream: 'stdout',
+                            text: line,
+                            containerId: handle.containerId,
+                        };
+                    }
+                }
+            }
+            // Also drain stderr
+            if (proc.stderr) {
+                for await (const chunk of proc.stderr) {
+                    const text = chunk.toString('utf8');
+                    for (const line of text.split('\n')) {
+                        if (line.trim()) {
+                            yield {
+                                timestamp: new Date(),
+                                stream: 'stderr',
+                                text: line,
+                                containerId: handle.containerId,
+                            };
+                        }
+                    }
+                }
+            }
+            return;
+        }
+        // Fallback: `docker logs --follow` for containers already running
+        const logsProc = spawn('docker', ['logs', '--follow', '--timestamps', handle.containerName], {
+            stdio: 'pipe',
+        });
+        for await (const chunk of logsProc.stdout ?? []) {
+            const text = chunk.toString('utf8');
+            for (const line of text.split('\n')) {
+                if (line.trim()) {
+                    yield {
+                        timestamp: new Date(),
+                        stream: 'stdout',
+                        text: line,
+                        containerId: handle.containerId,
+                    };
+                }
+            }
+        }
+    }
+    // ── Wait for exit ──────────────────────────────────────────────────────────
+    async waitForExit(handle) {
+        const proc = handle._proc;
+        const limits = handle.config.resourceLimits
+            ? { ...DEFAULT_CONTAINER_RESOURCE_LIMITS, ...handle.config.resourceLimits }
+            : DEFAULT_CONTAINER_RESOURCE_LIMITS;
+        const startTimeMs = handle.startedAt.getTime();
+        const stdoutChunks = [];
+        const stderrChunks = [];
+        let timedOut = false;
+        if (!proc) {
+            // Container was started externally — wait using `docker wait`
+            const { stdout } = await execFileAsync('docker', ['wait', handle.containerName]).catch(() => ({
+                stdout: '-1',
+            }));
+            const exitCode = parseInt(stdout.trim(), 10);
+            return {
+                success: exitCode === 0,
+                exitCode: Number.isNaN(exitCode) ? null : exitCode,
+                timedOut: false,
+                executionTimeMs: Date.now() - startTimeMs,
+                stdout: '',
+                stderr: '',
+            };
+        }
+        proc.stdout?.on('data', (chunk) => stdoutChunks.push(chunk));
+        proc.stderr?.on('data', (chunk) => stderrChunks.push(chunk));
+        // Enforce time limit
+        const timeoutTimer = setTimeout(() => {
+            timedOut = true;
+            void this.stopContainer(handle.containerName);
+        }, limits.maxExecutionTimeMs);
+        const exitCode = await new Promise((resolve) => {
+            proc.on('close', (code) => resolve(code));
+            proc.on('error', () => resolve(null));
+        });
+        clearTimeout(timeoutTimer);
+        const MAX_OUTPUT = 64 * 1024; // 64 KB
+        const stdout = Buffer.concat(stdoutChunks).toString('utf8').slice(-MAX_OUTPUT);
+        const stderr = Buffer.concat(stderrChunks).toString('utf8').slice(-MAX_OUTPUT);
+        // Extract PR URL from stdout if present
+        const prMatch = /AGENT_PR_URL=(https:\/\/github\.com\/[^\s]+)/.exec(stdout);
+        const pullRequestUrl = prMatch?.[1];
+        return {
+            success: exitCode === 0,
+            exitCode,
+            timedOut,
+            executionTimeMs: Date.now() - startTimeMs,
+            stdout,
+            stderr,
+            pullRequestUrl,
+        };
+    }
+    // ── Teardown ───────────────────────────────────────────────────────────────
+    async teardown(handle) {
+        try {
+            await execFileAsync('docker', ['rm', '-f', handle.containerName]);
+            this.active.delete(handle.containerName);
+            this.cleanupSecret(handle.containerName);
+            return { success: true, containerId: handle.containerId };
+        }
+        catch (error) {
+            const msg = error instanceof Error ? error.message : String(error);
+            // "No such container" is not an error — already cleaned up
+            if (msg.includes('No such container')) {
+                this.active.delete(handle.containerName);
+                this.cleanupSecret(handle.containerName);
+                return { success: true, containerId: handle.containerId };
+            }
+            return { success: false, containerId: handle.containerId, error: msg };
+        }
+    }
+    // ── List active ────────────────────────────────────────────────────────────
+    async listActive() {
+        return [...this.active.values()];
+    }
+    // ── Private helpers ────────────────────────────────────────────────────────
+    generateContainerName() {
+        return `${CONTAINER_PREFIX}-${randomUUID().slice(0, 8)}`;
+    }
+    resolveResourceLimits(partial) {
+        return { ...DEFAULT_CONTAINER_RESOURCE_LIMITS, ...partial };
+    }
+    buildRunArgs(containerName, config, limits, image, tokenSecretPath) {
+        const args = ['run', '--name', containerName];
+        // ── Resource limits ──────────────────────────────────────────────────
+        args.push(`--memory=${limits.maxMemory}`);
+        args.push(`--cpus=${limits.maxCpus}`);
+        // ── Security hardening ───────────────────────────────────────────────
+        args.push('--cap-drop=ALL', '--security-opt=no-new-privileges', '--user=1001:1001');
+        // ── Network ─────────────────────────────────────────────────────────
+        // Allow outbound internet (needed for github.com + registry.npmjs.org)
+        // Network restriction is enforced via Docker network policy or firewall
+        // rules applied at the host level, not inside the container.
+        // ── GitHub token via mounted secret file (never passed as env) ───────
+        args.push('--mount', `type=bind,source=${tokenSecretPath},target=/run/secrets/github_token,readonly`);
+        args.push('-e', 'GITHUB_TOKEN_FILE=/run/secrets/github_token');
+        // ── Task parameters ──────────────────────────────────────────────────
+        args.push('-e', `AGENT_TASK_ID=${config.taskId}`);
+        args.push('-e', `AGENT_TASK_DESC=${config.taskDescription}`);
+        args.push('-e', `AGENT_REPO=${config.repo}`);
+        args.push('-e', `AGENT_CONTRACT_ID=${config.contractId}`);
+        if (config.baseBranch) {
+            args.push('-e', `AGENT_BASE_BRANCH=${config.baseBranch}`);
+        }
+        if (config.taskScriptB64) {
+            args.push('-e', `AGENT_SCRIPT_B64=${config.taskScriptB64}`);
+        }
+        if (config.taskPatchB64) {
+            args.push('-e', `AGENT_PATCH_B64=${config.taskPatchB64}`);
+        }
+        if (config.dryRun) {
+            args.push('-e', 'AGENT_SKIP_PUSH=1');
+        }
+        // ── Extra caller-supplied env vars ───────────────────────────────────
+        for (const [key, value] of Object.entries(config.env ?? {})) {
+            args.push('-e', `${key}=${value}`);
+        }
+        // ── Extra flags from constructor ─────────────────────────────────────
+        args.push(...this.extraDockerFlags);
+        // ── Image (must be last before any CMD override) ─────────────────────
+        args.push(image);
+        return args;
+    }
+    createGithubTokenSecret(githubToken, containerName) {
+        const dir = mkdtempSync(join(tmpdir(), 'dcyfr-agent-secret-'));
+        const tokenFile = join(dir, 'github_token');
+        writeFileSync(tokenFile, githubToken, { mode: 0o600, encoding: 'utf8' });
+        this.secretDirs.set(containerName, dir);
+        return tokenFile;
+    }
+    cleanupSecret(containerName) {
+        const dir = this.secretDirs.get(containerName);
+        if (!dir)
+            return;
+        try {
+            rmSync(dir, { recursive: true, force: true });
+        }
+        finally {
+            this.secretDirs.delete(containerName);
+        }
+    }
+    /**
+     * Gracefully stop a container:
+     * 1. `docker stop --time=10` (SIGTERM + 10s grace)
+     * 2. `docker kill` if stop fails
+     */
+    async stopContainer(containerName) {
+        try {
+            await execFileAsync('docker', ['stop', '--time', '10', containerName]);
+        }
+        catch {
+            try {
+                await execFileAsync('docker', ['kill', containerName]);
+            }
+            catch {
+                // Already gone
+            }
+        }
+    }
+    /**
+     * Resolve the real Docker container ID from its name.
+     * Docker assigns the ID asynchronously after container creation.
+     */
+    async resolveContainerId(containerName) {
+        for (let attempt = 0; attempt < 10; attempt++) {
+            try {
+                const { stdout } = await execFileAsync('docker', [
+                    'inspect',
+                    '--format',
+                    '{{.Id}}',
+                    containerName,
+                ]);
+                const id = stdout.trim();
+                if (id)
+                    return id;
+            }
+            catch {
+                // Not ready yet
+            }
+            await new Promise((r) => setTimeout(r, 200));
+        }
+        return null;
+    }
+    /**
+     * Return a copy of the config with the githubToken redacted.
+     * The redacted copy is stored on ContainerHandle (which may be serialized).
+     */
+    redactConfig(config) {
+        const { githubToken: _token, ...rest } = config;
+        return rest;
+    }
+}
+//# sourceMappingURL=local-docker-backend.js.map

package/dist/ai/src/container/local-docker-backend.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"local-docker-backend.js","sourceRoot":"","sources":["../../../../packages/ai/src/container/local-docker-backend.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EACL,iCAAiC,EACjC,8BAA8B,GAS/B,MAAM,YAAY,CAAC;AAEpB,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C,8DAA8D;AAC9D,MAAM,gBAAgB,GAAG,aAAa,CAAC;AA2BvC,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,MAAM,OAAO,kBAAkB;IACpB,WAAW,GAAG,cAAuB,CAAC;IAE9B,aAAa,CAAS;IACtB,YAAY,CAAS;IACrB,gBAAgB,CAAW;IAE5C;;;;OAIG;IACc,MAAM,GAAG,IAAI,GAAG,EAA2B,CAAC;IAC5C,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;IAExD,YAAY,UAAqC,EAAE;QACjD,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,CAAC,CAAC;QAChD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,oBAAoB,CAAC;QACjE,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,IAAI,EAAE,CAAC;IACzD,CAAC;IAED,8EAA8E;IAE9E,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE;gBAC/C,SAAS;gBACT,UAAU;gBACV,qBAAqB;aACtB,CAAC,CAAC;YACH,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE;gBACtB,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;aACzE,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,8EAA8E;IAE9E,KAAK,CAAC,SAAS,CAAC,MAA4B;QAC1C,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC3C,MAAM,IAAI,8BAA8B,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QACjE,MAAM,aAAa,GAAG,IAAI,CAAC,qBAAqB,EAAE,CAAC;QACnD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,YAAY,CAAC;QAChD,MAAM,eAAe,GAAG,IAAI,CAAC,uBAAuB,CAAC,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;QAExF,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;QAEzF,8EAA8E;QAC9E,mFAAmF;QACnF,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QAE1E,MAAM,MAAM,GAAoB;YAC9B,WAAW,EAAE,aAAa,EAAE,iDAAiD;YAC7E,aAAa;YACb,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,MAAM,EAAE,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC;SAClC,CAAC;QAEF,kEAAkE;QAClE,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE;YACvD,IAAI,QAAQ,EAAE,CAAC;gBACb,wEAAwE;gBACvE,MAAkC,CAAC,WAAW,GAAG,QAAQ,CAAC;YAC7D,CAAC;QACH,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAA6C,CAAC,CAAC,CAAC;QAE9D,uFAAuF;QACvF,wFAAwF;QACxF,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAE3F,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEvC,iDAAiD;QACjD,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;YACnB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAClC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,kEAAkE;QAClE,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC1B,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACzB,6DAA6D;YAC7D,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,8EAA8E;IAE9E,KAAK,CAAC,CAAC,UAAU,CAAC,MAAuB;QACvC,sEAAsE;QACtE,MAAM,IAAI,GAAI,MAA+C,CAAC,KAAK,CAAC;QACpE,IAAI,IAAI,EAAE,MAAM,EAAE,CAAC;YACjB,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAI,KAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBAChD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpC,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;wBAChB,MAAM;4BACJ,SAAS,EAAE,IAAI,IAAI,EAAE;4BACrB,MAAM,EAAE,QAAQ;4BAChB,IAAI,EAAE,IAAI;4BACV,WAAW,EAAE,MAAM,CAAC,WAAW;yBAChC,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YACD,oBAAoB;YACpB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;oBACtC,MAAM,IAAI,GAAI,KAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBAChD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;wBACpC,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;4BAChB,MAAM;gCACJ,SAAS,EAAE,IAAI,IAAI,EAAE;gCACrB,MAAM,EAAE,QAAQ;gCAChB,IAAI,EAAE,IAAI;gCACV,WAAW,EAAE,MAAM,CAAC,WAAW;6BAChC,CAAC;wBACJ,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,kEAAkE;QAClE,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,CAAC,aAAa,CAAC,EAAE;YAC3F,KAAK,EAAE,MAAM;SACd,CAAC,CAAC;QACH,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAChD,MAAM,IAAI,GAAI,KAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAChD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpC,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;oBAChB,MAAM;wBACJ,SAAS,EAAE,IAAI,IAAI,EAAE;wBACrB,MAAM,EAAE,QAAQ;wBAChB,IAAI,EAAE,IAAI;wBACV,WAAW,EAAE,MAAM,CAAC,WAAW;qBAChC,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,8EAA8E;IAE9E,KAAK,CAAC,WAAW,CAAC,MAAuB;QACvC,MAAM,IAAI,GAAI,MAA+C,CAAC,KAAK,CAAC;QACpE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,cAAc;YACzC,CAAC,CAAC,EAAE,GAAG,iCAAiC,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE;YAC3E,CAAC,CAAC,iCAAiC,CAAC;QAEtC,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QAC/C,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,8DAA8D;YAC9D,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBAC5F,MAAM,EAAE,IAAI;aACb,CAAC,CAAC,CAAC;YACJ,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YAC7C,OAAO;gBACL,OAAO,EAAE,QAAQ,KAAK,CAAC;gBACvB,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ;gBAClD,QAAQ,EAAE,KAAK;gBACf,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW;gBACzC,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,EAAE;aACX,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACrE,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAErE,qBAAqB;QACrB,MAAM,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE;YACnC,QAAQ,GAAG,IAAI,CAAC;YAChB,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAChD,CAAC,EAAE,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAE9B,MAAM,QAAQ,GAAG,MAAM,IAAI,OAAO,CAAgB,CAAC,OAAO,EAAE,EAAE;YAC5D,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAmB,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACzD,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,YAAY,CAAC,YAAY,CAAC,CAAC;QAE3B,MAAM,UAAU,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,QAAQ;QACtC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC;QAC/E,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC;QAE/E,wCAAwC;QACxC,MAAM,OAAO,GAAG,8CAA8C,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5E,MAAM,cAAc,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;QAEpC,OAAO;YACL,OAAO,EAAE,QAAQ,KAAK,CAAC;YACvB,QAAQ;YACR,QAAQ;YACR,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW;YACzC,MAAM;YACN,MAAM;YACN,cAAc;SACf,CAAC;IACJ,CAAC;IAED,8EAA8E;IAE9E,KAAK,CAAC,QAAQ,CAAC,MAAuB;QACpC,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;YAClE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACzC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC;QAC5D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnE,2DAA2D;YAC3D,IAAI,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBACtC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;gBACzC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;gBACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5D,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;QACzE,CAAC;IACH,CAAC;IAED,8EAA8E;IAE9E,KAAK,CAAC,UAAU;QACd,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACnC,CAAC;IAED,8EAA8E;IAEtE,qBAAqB;QAC3B,OAAO,GAAG,gBAAgB,IAAI,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IAC3D,CAAC;IAEO,qBAAqB,CAC3B,OAA0C;QAE1C,OAAO,EAAE,GAAG,iCAAiC,EAAE,GAAG,OAAO,EAAE,CAAC;IAC9D,CAAC;IAEO,YAAY,CAClB,aAAqB,EACrB,MAA4B,EAC5B,MAA+B,EAC/B,KAAa,EACb,eAAuB;QAEvB,MAAM,IAAI,GAAa,CAAC,KAAK,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;QAExD,wEAAwE;QACxE,IAAI,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAEtC,wEAAwE;QACxE,IAAI,CAAC,IAAI,CACP,gBAAgB,EAChB,kCAAkC,EAClC,kBAAkB,CACnB,CAAC;QAEF,uEAAuE;QACvE,uEAAuE;QACvE,wEAAwE;QACxE,6DAA6D;QAE7D,wEAAwE;QACxE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,oBAAoB,eAAe,4CAA4C,CAAC,CAAC;QACtG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,6CAA6C,CAAC,CAAC;QAE/D,wEAAwE;QACxE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,iBAAiB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,mBAAmB,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,qBAAqB,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;QAE1D,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,qBAAqB,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,mBAAmB,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;QACvC,CAAC;QAED,wEAAwE;QACxE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,CAAC;YAC5D,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;QACrC,CAAC;QAED,wEAAwE;QACxE,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAEpC,wEAAwE;QACxE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEjB,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,uBAAuB,CAAC,WAAmB,EAAE,aAAqB;QACxE,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,qBAAqB,CAAC,CAAC,CAAC;QAC/D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;QAC5C,aAAa,CAAC,SAAS,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;QACzE,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;QACxC,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,aAAa,CAAC,aAAqB;QACzC,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC/C,IAAI,CAAC,GAAG;YAAE,OAAO;QACjB,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,aAAa,CAAC,aAAqB;QAC/C,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;QACzE,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC;gBACH,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC;YACzD,CAAC;YAAC,MAAM,CAAC;gBACP,eAAe;YACjB,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,kBAAkB,CAAC,aAAqB;QACpD,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC;YAC9C,IAAI,CAAC;gBACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE;oBAC/C,SAAS;oBACT,UAAU;oBACV,SAAS;oBACT,aAAa;iBACd,CAAC,CAAC;gBACH,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;gBACzB,IAAI,EAAE;oBAAE,OAAO,EAAE,CAAC;YACpB,CAAC;YAAC,MAAM,CAAC;gBACP,gBAAgB;YAClB,CAAC;YACD,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACK,YAAY,CAClB,MAA4B;QAE5B,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/ai/src/container/remote-docker-backend.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * RemoteDockerBackend
+ * TLP:CLEAR
+ *
+ * ContainerExecutionBackend backed by a remote Docker daemon.
+ * Connects via the DOCKER_HOST environment variable or a configured
+ * TCP/SSH endpoint (e.g. `ssh://user@host`, `tcp://host:2376`).
+ */
+import { type AgentContainerConfig, type ContainerHandle, type ContainerLogEntry, type ContainerExecutionResult, type BackendHealthResult, type TeardownResult, type ContainerExecutionBackend } from './types.js';
+export interface RemoteDockerBackendOptions {
+    /** Remote Docker host endpoint. e.g. "ssh://user@host" or "tcp://host:2376" */
+    host?: string;
+    /** Maximum simultaneous containers. Default: 5. */
+    maxConcurrent?: number;
+    /** Default image if not in AgentContainerConfig. */
+    defaultImage?: string;
+}
+export declare class RemoteDockerBackend implements ContainerExecutionBackend {
+    readonly backendType: "remote-docker";
+    private readonly host;
+    private readonly maxConcurrent;
+    private readonly defaultImage;
+    private readonly active;
+    constructor(options?: RemoteDockerBackendOptions);
+    private hostFlag;
+    private generateContainerName;
+    private resolveResourceLimits;
+    healthCheck(): Promise<BackendHealthResult>;
+    provision(config: AgentContainerConfig): Promise<ContainerHandle>;
+    streamLogs(handle: ContainerHandle): AsyncIterable<ContainerLogEntry>;
+    waitForExit(handle: ContainerHandle): Promise<ContainerExecutionResult>;
+    teardown(handle: ContainerHandle): Promise<TeardownResult>;
+    listActive(): Promise<ContainerHandle[]>;
+}
+//# sourceMappingURL=remote-docker-backend.d.ts.map

package/dist/ai/src/container/remote-docker-backend.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"remote-docker-backend.d.ts","sourceRoot":"","sources":["../../../../packages/ai/src/container/remote-docker-backend.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,EAGL,KAAK,oBAAoB,EACzB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,wBAAwB,EAC7B,KAAK,mBAAmB,EACxB,KAAK,cAAc,EACnB,KAAK,yBAAyB,EAE/B,MAAM,YAAY,CAAC;AAKpB,MAAM,WAAW,0BAA0B;IACzC,+EAA+E;IAC/E,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mDAAmD;IACnD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oDAAoD;IACpD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,mBAAoB,YAAW,yBAAyB;IACnE,SAAgB,WAAW,EAAG,eAAe,CAAU;IAEvD,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAqB;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAsC;gBAEjD,OAAO,GAAE,0BAA+B;IAMpD,OAAO,CAAC,QAAQ;IAIhB,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,qBAAqB;IAQvB,WAAW,IAAI,OAAO,CAAC,mBAAmB,CAAC;IAwB3C,SAAS,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,eAAe,CAAC;IA2EhE,UAAU,CAAC,MAAM,EAAE,eAAe,GAAG,aAAa,CAAC,iBAAiB,CAAC;IAwBtE,WAAW,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC,wBAAwB,CAAC;IA8DvE,QAAQ,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC;IAiB1D,UAAU,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;CAG/C"}

package/dist/ai/src/container/remote-docker-backend.js ADDED Viewed

@@ -0,0 +1,189 @@
+/**
+ * RemoteDockerBackend
+ * TLP:CLEAR
+ *
+ * ContainerExecutionBackend backed by a remote Docker daemon.
+ * Connects via the DOCKER_HOST environment variable or a configured
+ * TCP/SSH endpoint (e.g. `ssh://user@host`, `tcp://host:2376`).
+ */
+import { spawn, execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { randomUUID } from 'node:crypto';
+import { DEFAULT_CONTAINER_RESOURCE_LIMITS, ContainerConcurrencyLimitError, } from './types.js';
+const execFileAsync = promisify(execFile);
+const CONTAINER_PREFIX = 'dcyfr-agent';
+export class RemoteDockerBackend {
+    backendType = 'remote-docker';
+    host;
+    maxConcurrent;
+    defaultImage;
+    active = new Map();
+    constructor(options = {}) {
+        this.host = options.host ?? process.env['DOCKER_HOST'];
+        this.maxConcurrent = options.maxConcurrent ?? 5;
+        this.defaultImage = options.defaultImage ?? 'dcyfr/agent:latest';
+    }
+    hostFlag() {
+        return this.host ? ['--host', this.host] : [];
+    }
+    generateContainerName() {
+        return `${CONTAINER_PREFIX}-${randomUUID().slice(0, 8)}`;
+    }
+    resolveResourceLimits(partial) {
+        return { ...DEFAULT_CONTAINER_RESOURCE_LIMITS, ...partial };
+    }
+    // ── Health check ──────────────────────────────────────────────────────────
+    async healthCheck() {
+        try {
+            const { stdout } = await execFileAsync('docker', [...this.hostFlag(), 'version', '--format', '{{.Server.Version}}'], { timeout: 10_000 });
+            return {
+                available: true,
+                backendType: this.backendType,
+                version: stdout.trim(),
+                details: { host: this.host ?? '(DOCKER_HOST)', active: this.active.size },
+            };
+        }
+        catch (error) {
+            return {
+                available: false,
+                backendType: this.backendType,
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+    // ── Provision ─────────────────────────────────────────────────────────────
+    async provision(config) {
+        if (this.active.size >= this.maxConcurrent) {
+            throw new ContainerConcurrencyLimitError(this.maxConcurrent, this.active.size);
+        }
+        const limits = this.resolveResourceLimits(config.resourceLimits);
+        const containerName = this.generateContainerName();
+        const image = config.image || this.defaultImage;
+        // Ensure image is available on remote host by pulling before run.
+        await execFileAsync('docker', [...this.hostFlag(), 'pull', image], { timeout: 120_000 });
+        const args = [
+            ...this.hostFlag(),
+            'run',
+            '--name', containerName,
+            `--memory=${limits.maxMemory}`,
+            `--cpus=${limits.maxCpus}`,
+            '--cap-drop=ALL',
+            '--security-opt=no-new-privileges',
+            '--network=none',
+        ];
+        args.push('--env', `AGENT_TASK_ID=${config.taskId}`, '--env', `AGENT_TASK_DESC=${config.taskDescription}`, '--env', `AGENT_REPO=${config.repo}`, '--env', `AGENT_CONTRACT_ID=${config.contractId}`);
+        for (const [k, v] of Object.entries(config.env ?? {})) {
+            args.push('--env', `${k}=${v}`);
+        }
+        // Inject secrets as environment variables (not logged)
+        args.push('--env', `GITHUB_TOKEN=${config.githubToken}`);
+        if (config.issueNumber !== undefined) {
+            args.push('--env', `AGENT_ISSUE_NUMBER=${config.issueNumber}`);
+        }
+        args.push(image);
+        const proc = spawn('docker', args, { stdio: 'pipe', detached: false });
+        const { githubToken: _, ...redactedConfig } = config;
+        const handle = {
+            containerId: containerName,
+            containerName,
+            startedAt: new Date(),
+            backendType: this.backendType,
+            config: redactedConfig,
+        };
+        Object.defineProperty(handle, '_proc', { value: proc, enumerable: false, writable: true });
+        this.active.set(containerName, handle);
+        proc.on('exit', () => { this.active.delete(containerName); });
+        await new Promise((resolve, reject) => {
+            proc.on('spawn', resolve);
+            proc.on('error', reject);
+            setTimeout(resolve, 5_000);
+        });
+        return handle;
+    }
+    // ── Log streaming ──────────────────────────────────────────────────────────
+    async *streamLogs(handle) {
+        const logsProc = spawn('docker', [...this.hostFlag(), 'logs', '--follow', handle.containerName], { stdio: 'pipe' });
+        for await (const chunk of (logsProc.stdout ?? [])) {
+            const text = chunk.toString('utf8');
+            for (const line of text.split('\n')) {
+                if (line.trim()) {
+                    yield {
+                        timestamp: new Date(),
+                        stream: 'stdout',
+                        text: line,
+                        containerId: handle.containerId,
+                    };
+                }
+            }
+        }
+    }
+    // ── Wait for exit ──────────────────────────────────────────────────────────
+    async waitForExit(handle) {
+        const proc = handle._proc;
+        const limits = handle.config.resourceLimits
+            ? { ...DEFAULT_CONTAINER_RESOURCE_LIMITS, ...handle.config.resourceLimits }
+            : DEFAULT_CONTAINER_RESOURCE_LIMITS;
+        const startTimeMs = handle.startedAt.getTime();
+        const stdoutChunks = [];
+        const stderrChunks = [];
+        let timedOut = false;
+        if (!proc) {
+            const result = await execFileAsync('docker', [...this.hostFlag(), 'wait', handle.containerName], { timeout: limits.maxExecutionTimeMs + 30_000 }).catch(() => ({ stdout: '-1', stderr: '' }));
+            const exitCode = parseInt(result.stdout.trim(), 10);
+            return {
+                success: exitCode === 0,
+                exitCode: Number.isNaN(exitCode) ? null : exitCode,
+                timedOut: false,
+                executionTimeMs: Date.now() - startTimeMs,
+                stdout: '',
+                stderr: '',
+            };
+        }
+        proc.stdout?.on('data', (chunk) => stdoutChunks.push(chunk));
+        proc.stderr?.on('data', (chunk) => stderrChunks.push(chunk));
+        const timeoutTimer = setTimeout(() => {
+            timedOut = true;
+            void execFileAsync('docker', [...this.hostFlag(), 'stop', handle.containerName])
+                .catch(() => undefined);
+        }, limits.maxExecutionTimeMs);
+        const exitCode = await new Promise((resolve) => {
+            proc.on('close', (code) => resolve(code));
+            proc.on('error', () => resolve(null));
+        });
+        clearTimeout(timeoutTimer);
+        const MAX_OUTPUT = 64 * 1024;
+        const stdout = Buffer.concat(stdoutChunks).toString('utf8').slice(-MAX_OUTPUT);
+        const stderr = Buffer.concat(stderrChunks).toString('utf8').slice(-MAX_OUTPUT);
+        const prMatch = /AGENT_PR_URL=(https:\/\/github\.com\/[^\s]+)/.exec(stdout);
+        return {
+            success: exitCode === 0,
+            exitCode,
+            timedOut,
+            executionTimeMs: Date.now() - startTimeMs,
+            stdout,
+            stderr,
+            pullRequestUrl: prMatch?.[1],
+        };
+    }
+    // ── Teardown ───────────────────────────────────────────────────────────────
+    async teardown(handle) {
+        try {
+            await execFileAsync('docker', [...this.hostFlag(), 'rm', '-f', handle.containerName]);
+            this.active.delete(handle.containerName);
+            return { success: true, containerId: handle.containerId };
+        }
+        catch (error) {
+            const msg = error instanceof Error ? error.message : String(error);
+            if (msg.includes('No such container')) {
+                this.active.delete(handle.containerName);
+                return { success: true, containerId: handle.containerId };
+            }
+            return { success: false, containerId: handle.containerId, error: msg };
+        }
+    }
+    // ── List active ────────────────────────────────────────────────────────────
+    async listActive() {
+        return [...this.active.values()];
+    }
+}
+//# sourceMappingURL=remote-docker-backend.js.map

package/dist/ai/src/container/remote-docker-backend.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"remote-docker-backend.js","sourceRoot":"","sources":["../../../../packages/ai/src/container/remote-docker-backend.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EACL,iCAAiC,EACjC,8BAA8B,GAS/B,MAAM,YAAY,CAAC;AAEpB,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAC1C,MAAM,gBAAgB,GAAG,aAAa,CAAC;AAWvC,MAAM,OAAO,mBAAmB;IACd,WAAW,GAAG,eAAwB,CAAC;IAEtC,IAAI,CAAqB;IACzB,aAAa,CAAS;IACtB,YAAY,CAAS;IACrB,MAAM,GAAG,IAAI,GAAG,EAA2B,CAAC;IAE7D,YAAY,UAAsC,EAAE;QAClD,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACvD,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,CAAC,CAAC;QAChD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,oBAAoB,CAAC;IACnE,CAAC;IAEO,QAAQ;QACd,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAChD,CAAC;IAEO,qBAAqB;QAC3B,OAAO,GAAG,gBAAgB,IAAI,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IAC3D,CAAC;IAEO,qBAAqB,CAC3B,OAA0C;QAE1C,OAAO,EAAE,GAAG,iCAAiC,EAAE,GAAG,OAAO,EAAE,CAAC;IAC9D,CAAC;IAED,6EAA6E;IAE7E,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CACpC,QAAQ,EACR,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,qBAAqB,CAAC,EAClE,EAAE,OAAO,EAAE,MAAM,EAAE,CACpB,CAAC;YACF,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE;gBACtB,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,eAAe,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;aAC1E,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6EAA6E;IAE7E,KAAK,CAAC,SAAS,CAAC,MAA4B;QAC1C,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC3C,MAAM,IAAI,8BAA8B,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QACjE,MAAM,aAAa,GAAG,IAAI,CAAC,qBAAqB,EAAE,CAAC;QACnD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,YAAY,CAAC;QAEhD,kEAAkE;QAClE,MAAM,aAAa,CACjB,QAAQ,EACR,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,EACnC,EAAE,OAAO,EAAE,OAAO,EAAE,CACrB,CAAC;QAEF,MAAM,IAAI,GAAa;YACrB,GAAG,IAAI,CAAC,QAAQ,EAAE;YAClB,KAAK;YACL,QAAQ,EAAE,aAAa;YACvB,YAAY,MAAM,CAAC,SAAS,EAAE;YAC9B,UAAU,MAAM,CAAC,OAAO,EAAE;YAC1B,gBAAgB;YAChB,kCAAkC;YAClC,gBAAgB;SACjB,CAAC;QAEF,IAAI,CAAC,IAAI,CACP,OAAO,EAAE,iBAAiB,MAAM,CAAC,MAAM,EAAE,EACzC,OAAO,EAAE,mBAAmB,MAAM,CAAC,eAAe,EAAE,EACpD,OAAO,EAAE,cAAc,MAAM,CAAC,IAAI,EAAE,EACpC,OAAO,EAAE,qBAAqB,MAAM,CAAC,UAAU,EAAE,CAClD,CAAC;QAEF,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,CAAC;YACtD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAClC,CAAC;QAED,uDAAuD;QACvD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,gBAAgB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QAEzD,IAAI,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACrC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,sBAAsB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QACjE,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEjB,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QAEvE,MAAM,EAAE,WAAW,EAAE,CAAC,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,CAAC;QAErD,MAAM,MAAM,GAAoB;YAC9B,WAAW,EAAE,aAAa;YAC1B,aAAa;YACb,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,MAAM,EAAE,cAAc;SACvB,CAAC;QAEF,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAE3F,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAE9D,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC1B,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACzB,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,8EAA8E;IAE9E,KAAK,CAAC,CAAC,UAAU,CAAC,MAAuB;QACvC,MAAM,QAAQ,GAAG,KAAK,CACpB,QAAQ,EACR,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,aAAa,CAAC,EAC9D,EAAE,KAAK,EAAE,MAAM,EAAE,CAClB,CAAC;QAEF,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,GAAI,KAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAChD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpC,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;oBAChB,MAAM;wBACJ,SAAS,EAAE,IAAI,IAAI,EAAE;wBACrB,MAAM,EAAE,QAAiB;wBACzB,IAAI,EAAE,IAAI;wBACV,WAAW,EAAE,MAAM,CAAC,WAAW;qBAChC,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,8EAA8E;IAE9E,KAAK,CAAC,WAAW,CAAC,MAAuB;QACvC,MAAM,IAAI,GAAI,MAA0D,CAAC,KAAK,CAAC;QAC/E,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,cAAc;YACzC,CAAC,CAAC,EAAE,GAAG,iCAAiC,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE;YAC3E,CAAC,CAAC,iCAAiC,CAAC;QAEtC,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QAC/C,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,MAAM,GAAG,MAAM,aAAa,CAChC,QAAQ,EACR,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,aAAa,CAAC,EAClD,EAAE,OAAO,EAAE,MAAM,CAAC,kBAAkB,GAAG,MAAM,EAAE,CAChD,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAC9C,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YACpD,OAAO;gBACL,OAAO,EAAE,QAAQ,KAAK,CAAC;gBACvB,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ;gBAClD,QAAQ,EAAE,KAAK;gBACf,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW;gBACzC,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,EAAE;aACX,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACrE,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAErE,MAAM,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE;YACnC,QAAQ,GAAG,IAAI,CAAC;YAChB,KAAK,aAAa,CAAC,QAAQ,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;iBAC7E,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAC5B,CAAC,EAAE,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAE9B,MAAM,QAAQ,GAAG,MAAM,IAAI,OAAO,CAAgB,CAAC,OAAO,EAAE,EAAE;YAC5D,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAmB,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACzD,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,YAAY,CAAC,YAAY,CAAC,CAAC;QAE3B,MAAM,UAAU,GAAG,EAAE,GAAG,IAAI,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC;QAC/E,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC;QAC/E,MAAM,OAAO,GAAG,8CAA8C,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAE5E,OAAO;YACL,OAAO,EAAE,QAAQ,KAAK,CAAC;YACvB,QAAQ;YACR,QAAQ;YACR,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW;YACzC,MAAM;YACN,MAAM;YACN,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;SAC7B,CAAC;IACJ,CAAC;IAED,8EAA8E;IAE9E,KAAK,CAAC,QAAQ,CAAC,MAAuB;QACpC,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;YACtF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC;QAC5D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnE,IAAI,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBACtC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;gBACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5D,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;QACzE,CAAC;IACH,CAAC;IAED,8EAA8E;IAE9E,KAAK,CAAC,UAAU;QACd,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACnC,CAAC;CACF"}