@herdctl/core 2.0.1 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/dist/config/__tests__/merge.test.js +11 -8
  2. package/dist/config/__tests__/merge.test.js.map +1 -1
  3. package/dist/config/__tests__/schema.test.js +143 -4
  4. package/dist/config/__tests__/schema.test.js.map +1 -1
  5. package/dist/config/index.d.ts +1 -1
  6. package/dist/config/index.d.ts.map +1 -1
  7. package/dist/config/index.js +1 -1
  8. package/dist/config/index.js.map +1 -1
  9. package/dist/config/schema.d.ts +1250 -202
  10. package/dist/config/schema.d.ts.map +1 -1
  11. package/dist/config/schema.js +131 -13
  12. package/dist/config/schema.js.map +1 -1
  13. package/dist/runner/runtime/__tests__/docker-config.test.js +157 -1
  14. package/dist/runner/runtime/__tests__/docker-config.test.js.map +1 -1
  15. package/dist/runner/runtime/container-manager.d.ts.map +1 -1
  16. package/dist/runner/runtime/container-manager.js +46 -16
  17. package/dist/runner/runtime/container-manager.js.map +1 -1
  18. package/dist/runner/runtime/docker-config.d.ts +55 -4
  19. package/dist/runner/runtime/docker-config.d.ts.map +1 -1
  20. package/dist/runner/runtime/docker-config.js +49 -2
  21. package/dist/runner/runtime/docker-config.js.map +1 -1
  22. package/package.json +2 -2
package/dist/config/schema.d.ts CHANGED
@@ -4,6 +4,7 @@
4
4
  * Validates herdctl.yaml fleet configuration
5
5
  */
6
6
  import { z } from "zod";
7
+ import type { HostConfig } from "dockerode";
7
8
  export declare const PermissionModeSchema: z.ZodEnum<["default", "acceptEdits", "bypassPermissions", "plan", "delegate", "dontAsk"]>;
8
9
  export declare const BashPermissionsSchema: z.ZodObject<{
9
10
  allowed_commands: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
@@ -292,27 +293,147 @@ export declare const InstancesSchema: z.ZodObject<{
292
293
  */
293
294
  export declare const DockerNetworkModeSchema: z.ZodEnum<["none", "bridge", "host"]>;
294
295
  /**
295
- * Docker container configuration schema
296
+ * Agent-level Docker configuration schema (safe options only)
296
297
  *
297
- * Supports container lifecycle, resource limits, and security options.
298
- * All options are optional - defaults provide secure, sensible configuration.
298
+ * These options can be specified in agent config files (herdctl-agent.yml).
299
+ * Only includes safe options that don't pose security risks if an agent
300
+ * could modify its own config file.
301
+ *
302
+ * For dangerous options (network, volumes, image, user, ports, env),
303
+ * use FleetDockerSchema at the fleet level.
299
304
  *
300
305
  * @example
301
306
  * ```yaml
302
307
  * docker:
303
308
  * enabled: true
304
309
  * ephemeral: false # Reuse container across jobs
305
- * image: anthropic/claude-code:latest
306
- * network: bridge # Full network access
307
310
  * memory: 2g # Memory limit
308
311
  * cpu_shares: 512 # CPU weight
309
- * user: "1000:1000" # Run as specific UID:GID
310
- * max_containers: 5 # Keep last 5 containers per agent
311
- * volumes: # Additional volume mounts
312
- * - "/host/data:/container/data:ro"
312
+ * pids_limit: 100 # Prevent fork bombs
313
+ * tmpfs:
314
+ * - "/tmp"
315
+ * ```
316
+ */
317
+ export declare const AgentDockerSchema: z.ZodEffects<z.ZodEffects<z.ZodObject<{
318
+ /** Enable Docker containerization for this agent (default: false) */
319
+ enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
320
+ /** Use ephemeral containers (fresh per job, auto-removed) vs persistent (reuse across jobs, kept for inspection) */
321
+ ephemeral: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
322
+ /** Memory limit (e.g., "2g", "512m") (default: 2g) */
323
+ memory: z.ZodDefault<z.ZodOptional<z.ZodString>>;
324
+ /** CPU shares (relative weight, 512 is normal) */
325
+ cpu_shares: z.ZodOptional<z.ZodNumber>;
326
+ /** Maximum containers to keep per agent before cleanup (default: 5) */
327
+ max_containers: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
328
+ /** Workspace mount mode: rw (read-write, default) or ro (read-only) */
329
+ workspace_mode: z.ZodDefault<z.ZodOptional<z.ZodEnum<["rw", "ro"]>>>;
330
+ /** Tmpfs mounts in format "path" or "path:options" (e.g., "/tmp", "/tmp:size=100m,mode=1777") */
331
+ tmpfs: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
332
+ /** Maximum number of processes (PIDs) allowed in the container (prevents fork bombs) */
333
+ pids_limit: z.ZodOptional<z.ZodNumber>;
334
+ /** Container labels for organization and filtering */
335
+ labels: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
336
+ /** CPU period in microseconds (default: 100000 = 100ms). Used with cpu_quota for hard CPU limits. */
337
+ cpu_period: z.ZodOptional<z.ZodNumber>;
338
+ /** CPU quota in microseconds per cpu_period. E.g., cpu_period=100000 + cpu_quota=50000 = 50% of one CPU. */
339
+ cpu_quota: z.ZodOptional<z.ZodNumber>;
340
+ }, "strict", z.ZodTypeAny, {
341
+ enabled: boolean;
342
+ ephemeral: boolean;
343
+ memory: string;
344
+ max_containers: number;
345
+ workspace_mode: "rw" | "ro";
346
+ labels?: Record<string, string> | undefined;
347
+ cpu_shares?: number | undefined;
348
+ tmpfs?: string[] | undefined;
349
+ pids_limit?: number | undefined;
350
+ cpu_period?: number | undefined;
351
+ cpu_quota?: number | undefined;
352
+ }, {
353
+ labels?: Record<string, string> | undefined;
354
+ enabled?: boolean | undefined;
355
+ ephemeral?: boolean | undefined;
356
+ memory?: string | undefined;
357
+ cpu_shares?: number | undefined;
358
+ max_containers?: number | undefined;
359
+ workspace_mode?: "rw" | "ro" | undefined;
360
+ tmpfs?: string[] | undefined;
361
+ pids_limit?: number | undefined;
362
+ cpu_period?: number | undefined;
363
+ cpu_quota?: number | undefined;
364
+ }>, {
365
+ enabled: boolean;
366
+ ephemeral: boolean;
367
+ memory: string;
368
+ max_containers: number;
369
+ workspace_mode: "rw" | "ro";
370
+ labels?: Record<string, string> | undefined;
371
+ cpu_shares?: number | undefined;
372
+ tmpfs?: string[] | undefined;
373
+ pids_limit?: number | undefined;
374
+ cpu_period?: number | undefined;
375
+ cpu_quota?: number | undefined;
376
+ }, {
377
+ labels?: Record<string, string> | undefined;
378
+ enabled?: boolean | undefined;
379
+ ephemeral?: boolean | undefined;
380
+ memory?: string | undefined;
381
+ cpu_shares?: number | undefined;
382
+ max_containers?: number | undefined;
383
+ workspace_mode?: "rw" | "ro" | undefined;
384
+ tmpfs?: string[] | undefined;
385
+ pids_limit?: number | undefined;
386
+ cpu_period?: number | undefined;
387
+ cpu_quota?: number | undefined;
388
+ }>, {
389
+ enabled: boolean;
390
+ ephemeral: boolean;
391
+ memory: string;
392
+ max_containers: number;
393
+ workspace_mode: "rw" | "ro";
394
+ labels?: Record<string, string> | undefined;
395
+ cpu_shares?: number | undefined;
396
+ tmpfs?: string[] | undefined;
397
+ pids_limit?: number | undefined;
398
+ cpu_period?: number | undefined;
399
+ cpu_quota?: number | undefined;
400
+ }, {
401
+ labels?: Record<string, string> | undefined;
402
+ enabled?: boolean | undefined;
403
+ ephemeral?: boolean | undefined;
404
+ memory?: string | undefined;
405
+ cpu_shares?: number | undefined;
406
+ max_containers?: number | undefined;
407
+ workspace_mode?: "rw" | "ro" | undefined;
408
+ tmpfs?: string[] | undefined;
409
+ pids_limit?: number | undefined;
410
+ cpu_period?: number | undefined;
411
+ cpu_quota?: number | undefined;
412
+ }>;
413
+ /**
414
+ * Fleet-level Docker configuration schema (all options)
415
+ *
416
+ * Includes all safe options from AgentDockerSchema plus dangerous options
417
+ * that should only be specified at the fleet level (in herdctl.yml).
418
+ *
419
+ * Also supports a `host_config` passthrough for raw dockerode HostConfig
420
+ * options not explicitly modeled in our schema.
421
+ *
422
+ * @example
423
+ * ```yaml
424
+ * defaults:
425
+ * docker:
426
+ * enabled: true
427
+ * image: anthropic/claude-code:latest
428
+ * network: bridge
429
+ * memory: 2g
430
+ * volumes:
431
+ * - "/host/data:/container/data:ro"
432
+ * host_config: # Raw dockerode passthrough
433
+ * ShmSize: 67108864
313
434
  * ```
314
435
  */
315
- export declare const DockerSchema: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
436
+ export declare const FleetDockerSchema: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
316
437
  /** Enable Docker containerization for this agent (default: false) */
317
438
  enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
318
439
  /** Use ephemeral containers (fresh per job, auto-removed) vs persistent (reuse across jobs, kept for inspection) */
@@ -335,112 +456,551 @@ export declare const DockerSchema: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodO
335
456
  workspace_mode: z.ZodDefault<z.ZodOptional<z.ZodEnum<["rw", "ro"]>>>;
336
457
  /** Environment variables to pass to the container (supports ${VAR} interpolation) */
337
458
  env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
459
+ /** Port bindings in format "hostPort:containerPort" or "containerPort" (e.g., "8080:80", "3000") */
460
+ ports: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
461
+ /** Tmpfs mounts in format "path" or "path:options" (e.g., "/tmp", "/tmp:size=100m,mode=1777") */
462
+ tmpfs: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
463
+ /** Maximum number of processes (PIDs) allowed in the container (prevents fork bombs) */
464
+ pids_limit: z.ZodOptional<z.ZodNumber>;
465
+ /** Container labels for organization and filtering */
466
+ labels: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
467
+ /** CPU period in microseconds (default: 100000 = 100ms). Used with cpu_quota for hard CPU limits. */
468
+ cpu_period: z.ZodOptional<z.ZodNumber>;
469
+ /** CPU quota in microseconds per cpu_period. E.g., cpu_period=100000 + cpu_quota=50000 = 50% of one CPU. */
470
+ cpu_quota: z.ZodOptional<z.ZodNumber>;
338
471
  /** @deprecated Use 'image' instead */
339
472
  base_image: z.ZodOptional<z.ZodString>;
340
- }, "strip", z.ZodTypeAny, {
473
+ /**
474
+ * Raw dockerode HostConfig passthrough for advanced options.
475
+ * Values here override any translated options (e.g., host_config.Memory overrides memory).
476
+ * See dockerode documentation for available options.
477
+ */
478
+ host_config: z.ZodOptional<z.ZodType<HostConfig, z.ZodTypeDef, HostConfig>>;
479
+ }, "strict", z.ZodTypeAny, {
341
480
  enabled: boolean;
342
481
  ephemeral: boolean;
343
- network: "none" | "bridge" | "host";
344
482
  memory: string;
345
483
  max_containers: number;
346
484
  workspace_mode: "rw" | "ro";
347
- image?: string | undefined;
485
+ network: "none" | "bridge" | "host";
486
+ labels?: Record<string, string> | undefined;
348
487
  cpu_shares?: number | undefined;
488
+ tmpfs?: string[] | undefined;
489
+ pids_limit?: number | undefined;
490
+ cpu_period?: number | undefined;
491
+ cpu_quota?: number | undefined;
492
+ image?: string | undefined;
349
493
  user?: string | undefined;
350
494
  volumes?: string[] | undefined;
351
495
  env?: Record<string, string> | undefined;
496
+ ports?: string[] | undefined;
352
497
  base_image?: string | undefined;
498
+ host_config?: HostConfig | undefined;
353
499
  }, {
500
+ labels?: Record<string, string> | undefined;
354
501
  enabled?: boolean | undefined;
355
502
  ephemeral?: boolean | undefined;
503
+ memory?: string | undefined;
504
+ cpu_shares?: number | undefined;
505
+ max_containers?: number | undefined;
506
+ workspace_mode?: "rw" | "ro" | undefined;
507
+ tmpfs?: string[] | undefined;
508
+ pids_limit?: number | undefined;
509
+ cpu_period?: number | undefined;
510
+ cpu_quota?: number | undefined;
356
511
  image?: string | undefined;
357
512
  network?: "none" | "bridge" | "host" | undefined;
358
- memory?: string | undefined;
513
+ user?: string | undefined;
514
+ volumes?: string[] | undefined;
515
+ env?: Record<string, string> | undefined;
516
+ ports?: string[] | undefined;
517
+ base_image?: string | undefined;
518
+ host_config?: HostConfig | undefined;
519
+ }>, {
520
+ enabled: boolean;
521
+ ephemeral: boolean;
522
+ memory: string;
523
+ max_containers: number;
524
+ workspace_mode: "rw" | "ro";
525
+ network: "none" | "bridge" | "host";
526
+ labels?: Record<string, string> | undefined;
359
527
  cpu_shares?: number | undefined;
528
+ tmpfs?: string[] | undefined;
529
+ pids_limit?: number | undefined;
530
+ cpu_period?: number | undefined;
531
+ cpu_quota?: number | undefined;
532
+ image?: string | undefined;
360
533
  user?: string | undefined;
361
- max_containers?: number | undefined;
362
534
  volumes?: string[] | undefined;
535
+ env?: Record<string, string> | undefined;
536
+ ports?: string[] | undefined;
537
+ base_image?: string | undefined;
538
+ host_config?: HostConfig | undefined;
539
+ }, {
540
+ labels?: Record<string, string> | undefined;
541
+ enabled?: boolean | undefined;
542
+ ephemeral?: boolean | undefined;
543
+ memory?: string | undefined;
544
+ cpu_shares?: number | undefined;
545
+ max_containers?: number | undefined;
363
546
  workspace_mode?: "rw" | "ro" | undefined;
547
+ tmpfs?: string[] | undefined;
548
+ pids_limit?: number | undefined;
549
+ cpu_period?: number | undefined;
550
+ cpu_quota?: number | undefined;
551
+ image?: string | undefined;
552
+ network?: "none" | "bridge" | "host" | undefined;
553
+ user?: string | undefined;
554
+ volumes?: string[] | undefined;
364
555
  env?: Record<string, string> | undefined;
556
+ ports?: string[] | undefined;
365
557
  base_image?: string | undefined;
558
+ host_config?: HostConfig | undefined;
366
559
  }>, {
367
560
  enabled: boolean;
368
561
  ephemeral: boolean;
369
- network: "none" | "bridge" | "host";
370
562
  memory: string;
371
563
  max_containers: number;
372
564
  workspace_mode: "rw" | "ro";
373
- image?: string | undefined;
565
+ network: "none" | "bridge" | "host";
566
+ labels?: Record<string, string> | undefined;
374
567
  cpu_shares?: number | undefined;
568
+ tmpfs?: string[] | undefined;
569
+ pids_limit?: number | undefined;
570
+ cpu_period?: number | undefined;
571
+ cpu_quota?: number | undefined;
572
+ image?: string | undefined;
375
573
  user?: string | undefined;
376
574
  volumes?: string[] | undefined;
377
575
  env?: Record<string, string> | undefined;
576
+ ports?: string[] | undefined;
378
577
  base_image?: string | undefined;
578
+ host_config?: HostConfig | undefined;
379
579
  }, {
580
+ labels?: Record<string, string> | undefined;
380
581
  enabled?: boolean | undefined;
381
582
  ephemeral?: boolean | undefined;
583
+ memory?: string | undefined;
584
+ cpu_shares?: number | undefined;
585
+ max_containers?: number | undefined;
586
+ workspace_mode?: "rw" | "ro" | undefined;
587
+ tmpfs?: string[] | undefined;
588
+ pids_limit?: number | undefined;
589
+ cpu_period?: number | undefined;
590
+ cpu_quota?: number | undefined;
382
591
  image?: string | undefined;
383
592
  network?: "none" | "bridge" | "host" | undefined;
384
- memory?: string | undefined;
593
+ user?: string | undefined;
594
+ volumes?: string[] | undefined;
595
+ env?: Record<string, string> | undefined;
596
+ ports?: string[] | undefined;
597
+ base_image?: string | undefined;
598
+ host_config?: HostConfig | undefined;
599
+ }>, {
600
+ enabled: boolean;
601
+ ephemeral: boolean;
602
+ memory: string;
603
+ max_containers: number;
604
+ workspace_mode: "rw" | "ro";
605
+ network: "none" | "bridge" | "host";
606
+ labels?: Record<string, string> | undefined;
385
607
  cpu_shares?: number | undefined;
608
+ tmpfs?: string[] | undefined;
609
+ pids_limit?: number | undefined;
610
+ cpu_period?: number | undefined;
611
+ cpu_quota?: number | undefined;
612
+ image?: string | undefined;
386
613
  user?: string | undefined;
387
- max_containers?: number | undefined;
388
614
  volumes?: string[] | undefined;
615
+ env?: Record<string, string> | undefined;
616
+ ports?: string[] | undefined;
617
+ base_image?: string | undefined;
618
+ host_config?: HostConfig | undefined;
619
+ }, {
620
+ labels?: Record<string, string> | undefined;
621
+ enabled?: boolean | undefined;
622
+ ephemeral?: boolean | undefined;
623
+ memory?: string | undefined;
624
+ cpu_shares?: number | undefined;
625
+ max_containers?: number | undefined;
389
626
  workspace_mode?: "rw" | "ro" | undefined;
627
+ tmpfs?: string[] | undefined;
628
+ pids_limit?: number | undefined;
629
+ cpu_period?: number | undefined;
630
+ cpu_quota?: number | undefined;
631
+ image?: string | undefined;
632
+ network?: "none" | "bridge" | "host" | undefined;
633
+ user?: string | undefined;
634
+ volumes?: string[] | undefined;
390
635
  env?: Record<string, string> | undefined;
636
+ ports?: string[] | undefined;
391
637
  base_image?: string | undefined;
638
+ host_config?: HostConfig | undefined;
392
639
  }>, {
393
640
  enabled: boolean;
394
641
  ephemeral: boolean;
395
- network: "none" | "bridge" | "host";
396
642
  memory: string;
397
643
  max_containers: number;
398
644
  workspace_mode: "rw" | "ro";
399
- image?: string | undefined;
645
+ network: "none" | "bridge" | "host";
646
+ labels?: Record<string, string> | undefined;
400
647
  cpu_shares?: number | undefined;
648
+ tmpfs?: string[] | undefined;
649
+ pids_limit?: number | undefined;
650
+ cpu_period?: number | undefined;
651
+ cpu_quota?: number | undefined;
652
+ image?: string | undefined;
401
653
  user?: string | undefined;
402
654
  volumes?: string[] | undefined;
403
655
  env?: Record<string, string> | undefined;
656
+ ports?: string[] | undefined;
404
657
  base_image?: string | undefined;
658
+ host_config?: HostConfig | undefined;
405
659
  }, {
660
+ labels?: Record<string, string> | undefined;
406
661
  enabled?: boolean | undefined;
407
662
  ephemeral?: boolean | undefined;
663
+ memory?: string | undefined;
664
+ cpu_shares?: number | undefined;
665
+ max_containers?: number | undefined;
666
+ workspace_mode?: "rw" | "ro" | undefined;
667
+ tmpfs?: string[] | undefined;
668
+ pids_limit?: number | undefined;
669
+ cpu_period?: number | undefined;
670
+ cpu_quota?: number | undefined;
408
671
  image?: string | undefined;
409
672
  network?: "none" | "bridge" | "host" | undefined;
410
- memory?: string | undefined;
673
+ user?: string | undefined;
674
+ volumes?: string[] | undefined;
675
+ env?: Record<string, string> | undefined;
676
+ ports?: string[] | undefined;
677
+ base_image?: string | undefined;
678
+ host_config?: HostConfig | undefined;
679
+ }>, {
680
+ enabled: boolean;
681
+ ephemeral: boolean;
682
+ memory: string;
683
+ max_containers: number;
684
+ workspace_mode: "rw" | "ro";
685
+ network: "none" | "bridge" | "host";
686
+ labels?: Record<string, string> | undefined;
411
687
  cpu_shares?: number | undefined;
688
+ tmpfs?: string[] | undefined;
689
+ pids_limit?: number | undefined;
690
+ cpu_period?: number | undefined;
691
+ cpu_quota?: number | undefined;
692
+ image?: string | undefined;
412
693
  user?: string | undefined;
694
+ volumes?: string[] | undefined;
695
+ env?: Record<string, string> | undefined;
696
+ ports?: string[] | undefined;
697
+ base_image?: string | undefined;
698
+ host_config?: HostConfig | undefined;
699
+ }, {
700
+ labels?: Record<string, string> | undefined;
701
+ enabled?: boolean | undefined;
702
+ ephemeral?: boolean | undefined;
703
+ memory?: string | undefined;
704
+ cpu_shares?: number | undefined;
413
705
  max_containers?: number | undefined;
706
+ workspace_mode?: "rw" | "ro" | undefined;
707
+ tmpfs?: string[] | undefined;
708
+ pids_limit?: number | undefined;
709
+ cpu_period?: number | undefined;
710
+ cpu_quota?: number | undefined;
711
+ image?: string | undefined;
712
+ network?: "none" | "bridge" | "host" | undefined;
713
+ user?: string | undefined;
414
714
  volumes?: string[] | undefined;
715
+ env?: Record<string, string> | undefined;
716
+ ports?: string[] | undefined;
717
+ base_image?: string | undefined;
718
+ host_config?: HostConfig | undefined;
719
+ }>;
720
+ /** @deprecated Use AgentDockerSchema or FleetDockerSchema instead */
721
+ export declare const DockerSchema: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
722
+ /** Enable Docker containerization for this agent (default: false) */
723
+ enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
724
+ /** Use ephemeral containers (fresh per job, auto-removed) vs persistent (reuse across jobs, kept for inspection) */
725
+ ephemeral: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
726
+ /** Docker image to use (default: anthropic/claude-code:latest) */
727
+ image: z.ZodOptional<z.ZodString>;
728
+ /** Network isolation mode (default: bridge for full network access) */
729
+ network: z.ZodDefault<z.ZodOptional<z.ZodEnum<["none", "bridge", "host"]>>>;
730
+ /** Memory limit (e.g., "2g", "512m") (default: 2g) */
731
+ memory: z.ZodDefault<z.ZodOptional<z.ZodString>>;
732
+ /** CPU shares (relative weight, 512 is normal) */
733
+ cpu_shares: z.ZodOptional<z.ZodNumber>;
734
+ /** Container user as "UID:GID" string (default: match host user) */
735
+ user: z.ZodOptional<z.ZodString>;
736
+ /** Maximum containers to keep per agent before cleanup (default: 5) */
737
+ max_containers: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
738
+ /** Additional volume mounts in Docker format: "host:container:mode" */
739
+ volumes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
740
+ /** Workspace mount mode: rw (read-write, default) or ro (read-only) */
741
+ workspace_mode: z.ZodDefault<z.ZodOptional<z.ZodEnum<["rw", "ro"]>>>;
742
+ /** Environment variables to pass to the container (supports ${VAR} interpolation) */
743
+ env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
744
+ /** Port bindings in format "hostPort:containerPort" or "containerPort" (e.g., "8080:80", "3000") */
745
+ ports: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
746
+ /** Tmpfs mounts in format "path" or "path:options" (e.g., "/tmp", "/tmp:size=100m,mode=1777") */
747
+ tmpfs: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
748
+ /** Maximum number of processes (PIDs) allowed in the container (prevents fork bombs) */
749
+ pids_limit: z.ZodOptional<z.ZodNumber>;
750
+ /** Container labels for organization and filtering */
751
+ labels: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
752
+ /** CPU period in microseconds (default: 100000 = 100ms). Used with cpu_quota for hard CPU limits. */
753
+ cpu_period: z.ZodOptional<z.ZodNumber>;
754
+ /** CPU quota in microseconds per cpu_period. E.g., cpu_period=100000 + cpu_quota=50000 = 50% of one CPU. */
755
+ cpu_quota: z.ZodOptional<z.ZodNumber>;
756
+ /** @deprecated Use 'image' instead */
757
+ base_image: z.ZodOptional<z.ZodString>;
758
+ /**
759
+ * Raw dockerode HostConfig passthrough for advanced options.
760
+ * Values here override any translated options (e.g., host_config.Memory overrides memory).
761
+ * See dockerode documentation for available options.
762
+ */
763
+ host_config: z.ZodOptional<z.ZodType<HostConfig, z.ZodTypeDef, HostConfig>>;
764
+ }, "strict", z.ZodTypeAny, {
765
+ enabled: boolean;
766
+ ephemeral: boolean;
767
+ memory: string;
768
+ max_containers: number;
769
+ workspace_mode: "rw" | "ro";
770
+ network: "none" | "bridge" | "host";
771
+ labels?: Record<string, string> | undefined;
772
+ cpu_shares?: number | undefined;
773
+ tmpfs?: string[] | undefined;
774
+ pids_limit?: number | undefined;
775
+ cpu_period?: number | undefined;
776
+ cpu_quota?: number | undefined;
777
+ image?: string | undefined;
778
+ user?: string | undefined;
779
+ volumes?: string[] | undefined;
780
+ env?: Record<string, string> | undefined;
781
+ ports?: string[] | undefined;
782
+ base_image?: string | undefined;
783
+ host_config?: HostConfig | undefined;
784
+ }, {
785
+ labels?: Record<string, string> | undefined;
786
+ enabled?: boolean | undefined;
787
+ ephemeral?: boolean | undefined;
788
+ memory?: string | undefined;
789
+ cpu_shares?: number | undefined;
790
+ max_containers?: number | undefined;
415
791
  workspace_mode?: "rw" | "ro" | undefined;
792
+ tmpfs?: string[] | undefined;
793
+ pids_limit?: number | undefined;
794
+ cpu_period?: number | undefined;
795
+ cpu_quota?: number | undefined;
796
+ image?: string | undefined;
797
+ network?: "none" | "bridge" | "host" | undefined;
798
+ user?: string | undefined;
799
+ volumes?: string[] | undefined;
416
800
  env?: Record<string, string> | undefined;
801
+ ports?: string[] | undefined;
417
802
  base_image?: string | undefined;
803
+ host_config?: HostConfig | undefined;
418
804
  }>, {
419
805
  enabled: boolean;
420
806
  ephemeral: boolean;
421
- network: "none" | "bridge" | "host";
422
807
  memory: string;
423
808
  max_containers: number;
424
809
  workspace_mode: "rw" | "ro";
810
+ network: "none" | "bridge" | "host";
811
+ labels?: Record<string, string> | undefined;
812
+ cpu_shares?: number | undefined;
813
+ tmpfs?: string[] | undefined;
814
+ pids_limit?: number | undefined;
815
+ cpu_period?: number | undefined;
816
+ cpu_quota?: number | undefined;
817
+ image?: string | undefined;
818
+ user?: string | undefined;
819
+ volumes?: string[] | undefined;
820
+ env?: Record<string, string> | undefined;
821
+ ports?: string[] | undefined;
822
+ base_image?: string | undefined;
823
+ host_config?: HostConfig | undefined;
824
+ }, {
825
+ labels?: Record<string, string> | undefined;
826
+ enabled?: boolean | undefined;
827
+ ephemeral?: boolean | undefined;
828
+ memory?: string | undefined;
829
+ cpu_shares?: number | undefined;
830
+ max_containers?: number | undefined;
831
+ workspace_mode?: "rw" | "ro" | undefined;
832
+ tmpfs?: string[] | undefined;
833
+ pids_limit?: number | undefined;
834
+ cpu_period?: number | undefined;
835
+ cpu_quota?: number | undefined;
425
836
  image?: string | undefined;
837
+ network?: "none" | "bridge" | "host" | undefined;
838
+ user?: string | undefined;
839
+ volumes?: string[] | undefined;
840
+ env?: Record<string, string> | undefined;
841
+ ports?: string[] | undefined;
842
+ base_image?: string | undefined;
843
+ host_config?: HostConfig | undefined;
844
+ }>, {
845
+ enabled: boolean;
846
+ ephemeral: boolean;
847
+ memory: string;
848
+ max_containers: number;
849
+ workspace_mode: "rw" | "ro";
850
+ network: "none" | "bridge" | "host";
851
+ labels?: Record<string, string> | undefined;
426
852
  cpu_shares?: number | undefined;
853
+ tmpfs?: string[] | undefined;
854
+ pids_limit?: number | undefined;
855
+ cpu_period?: number | undefined;
856
+ cpu_quota?: number | undefined;
857
+ image?: string | undefined;
427
858
  user?: string | undefined;
428
859
  volumes?: string[] | undefined;
429
860
  env?: Record<string, string> | undefined;
861
+ ports?: string[] | undefined;
430
862
  base_image?: string | undefined;
863
+ host_config?: HostConfig | undefined;
431
864
  }, {
865
+ labels?: Record<string, string> | undefined;
432
866
  enabled?: boolean | undefined;
433
867
  ephemeral?: boolean | undefined;
868
+ memory?: string | undefined;
869
+ cpu_shares?: number | undefined;
870
+ max_containers?: number | undefined;
871
+ workspace_mode?: "rw" | "ro" | undefined;
872
+ tmpfs?: string[] | undefined;
873
+ pids_limit?: number | undefined;
874
+ cpu_period?: number | undefined;
875
+ cpu_quota?: number | undefined;
434
876
  image?: string | undefined;
435
877
  network?: "none" | "bridge" | "host" | undefined;
878
+ user?: string | undefined;
879
+ volumes?: string[] | undefined;
880
+ env?: Record<string, string> | undefined;
881
+ ports?: string[] | undefined;
882
+ base_image?: string | undefined;
883
+ host_config?: HostConfig | undefined;
884
+ }>, {
885
+ enabled: boolean;
886
+ ephemeral: boolean;
887
+ memory: string;
888
+ max_containers: number;
889
+ workspace_mode: "rw" | "ro";
890
+ network: "none" | "bridge" | "host";
891
+ labels?: Record<string, string> | undefined;
892
+ cpu_shares?: number | undefined;
893
+ tmpfs?: string[] | undefined;
894
+ pids_limit?: number | undefined;
895
+ cpu_period?: number | undefined;
896
+ cpu_quota?: number | undefined;
897
+ image?: string | undefined;
898
+ user?: string | undefined;
899
+ volumes?: string[] | undefined;
900
+ env?: Record<string, string> | undefined;
901
+ ports?: string[] | undefined;
902
+ base_image?: string | undefined;
903
+ host_config?: HostConfig | undefined;
904
+ }, {
905
+ labels?: Record<string, string> | undefined;
906
+ enabled?: boolean | undefined;
907
+ ephemeral?: boolean | undefined;
436
908
  memory?: string | undefined;
437
909
  cpu_shares?: number | undefined;
910
+ max_containers?: number | undefined;
911
+ workspace_mode?: "rw" | "ro" | undefined;
912
+ tmpfs?: string[] | undefined;
913
+ pids_limit?: number | undefined;
914
+ cpu_period?: number | undefined;
915
+ cpu_quota?: number | undefined;
916
+ image?: string | undefined;
917
+ network?: "none" | "bridge" | "host" | undefined;
918
+ user?: string | undefined;
919
+ volumes?: string[] | undefined;
920
+ env?: Record<string, string> | undefined;
921
+ ports?: string[] | undefined;
922
+ base_image?: string | undefined;
923
+ host_config?: HostConfig | undefined;
924
+ }>, {
925
+ enabled: boolean;
926
+ ephemeral: boolean;
927
+ memory: string;
928
+ max_containers: number;
929
+ workspace_mode: "rw" | "ro";
930
+ network: "none" | "bridge" | "host";
931
+ labels?: Record<string, string> | undefined;
932
+ cpu_shares?: number | undefined;
933
+ tmpfs?: string[] | undefined;
934
+ pids_limit?: number | undefined;
935
+ cpu_period?: number | undefined;
936
+ cpu_quota?: number | undefined;
937
+ image?: string | undefined;
438
938
  user?: string | undefined;
939
+ volumes?: string[] | undefined;
940
+ env?: Record<string, string> | undefined;
941
+ ports?: string[] | undefined;
942
+ base_image?: string | undefined;
943
+ host_config?: HostConfig | undefined;
944
+ }, {
945
+ labels?: Record<string, string> | undefined;
946
+ enabled?: boolean | undefined;
947
+ ephemeral?: boolean | undefined;
948
+ memory?: string | undefined;
949
+ cpu_shares?: number | undefined;
439
950
  max_containers?: number | undefined;
951
+ workspace_mode?: "rw" | "ro" | undefined;
952
+ tmpfs?: string[] | undefined;
953
+ pids_limit?: number | undefined;
954
+ cpu_period?: number | undefined;
955
+ cpu_quota?: number | undefined;
956
+ image?: string | undefined;
957
+ network?: "none" | "bridge" | "host" | undefined;
958
+ user?: string | undefined;
959
+ volumes?: string[] | undefined;
960
+ env?: Record<string, string> | undefined;
961
+ ports?: string[] | undefined;
962
+ base_image?: string | undefined;
963
+ host_config?: HostConfig | undefined;
964
+ }>, {
965
+ enabled: boolean;
966
+ ephemeral: boolean;
967
+ memory: string;
968
+ max_containers: number;
969
+ workspace_mode: "rw" | "ro";
970
+ network: "none" | "bridge" | "host";
971
+ labels?: Record<string, string> | undefined;
972
+ cpu_shares?: number | undefined;
973
+ tmpfs?: string[] | undefined;
974
+ pids_limit?: number | undefined;
975
+ cpu_period?: number | undefined;
976
+ cpu_quota?: number | undefined;
977
+ image?: string | undefined;
978
+ user?: string | undefined;
440
979
  volumes?: string[] | undefined;
980
+ env?: Record<string, string> | undefined;
981
+ ports?: string[] | undefined;
982
+ base_image?: string | undefined;
983
+ host_config?: HostConfig | undefined;
984
+ }, {
985
+ labels?: Record<string, string> | undefined;
986
+ enabled?: boolean | undefined;
987
+ ephemeral?: boolean | undefined;
988
+ memory?: string | undefined;
989
+ cpu_shares?: number | undefined;
990
+ max_containers?: number | undefined;
441
991
  workspace_mode?: "rw" | "ro" | undefined;
992
+ tmpfs?: string[] | undefined;
993
+ pids_limit?: number | undefined;
994
+ cpu_period?: number | undefined;
995
+ cpu_quota?: number | undefined;
996
+ image?: string | undefined;
997
+ network?: "none" | "bridge" | "host" | undefined;
998
+ user?: string | undefined;
999
+ volumes?: string[] | undefined;
442
1000
  env?: Record<string, string> | undefined;
1001
+ ports?: string[] | undefined;
443
1002
  base_image?: string | undefined;
1003
+ host_config?: HostConfig | undefined;
444
1004
  }>;
445
1005
  export declare const SessionSchema: z.ZodObject<{
446
1006
  max_turns: z.ZodOptional<z.ZodNumber>;
@@ -456,7 +1016,7 @@ export declare const SessionSchema: z.ZodObject<{
456
1016
  model?: string | undefined;
457
1017
  }>;
458
1018
  export declare const DefaultsSchema: z.ZodObject<{
459
- docker: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
1019
+ docker: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
460
1020
  /** Enable Docker containerization for this agent (default: false) */
461
1021
  enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
462
1022
  /** Use ephemeral containers (fresh per job, auto-removed) vs persistent (reuse across jobs, kept for inspection) */
@@ -479,112 +1039,266 @@ export declare const DefaultsSchema: z.ZodObject<{
479
1039
  workspace_mode: z.ZodDefault<z.ZodOptional<z.ZodEnum<["rw", "ro"]>>>;
480
1040
  /** Environment variables to pass to the container (supports ${VAR} interpolation) */
481
1041
  env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1042
+ /** Port bindings in format "hostPort:containerPort" or "containerPort" (e.g., "8080:80", "3000") */
1043
+ ports: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1044
+ /** Tmpfs mounts in format "path" or "path:options" (e.g., "/tmp", "/tmp:size=100m,mode=1777") */
1045
+ tmpfs: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1046
+ /** Maximum number of processes (PIDs) allowed in the container (prevents fork bombs) */
1047
+ pids_limit: z.ZodOptional<z.ZodNumber>;
1048
+ /** Container labels for organization and filtering */
1049
+ labels: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1050
+ /** CPU period in microseconds (default: 100000 = 100ms). Used with cpu_quota for hard CPU limits. */
1051
+ cpu_period: z.ZodOptional<z.ZodNumber>;
1052
+ /** CPU quota in microseconds per cpu_period. E.g., cpu_period=100000 + cpu_quota=50000 = 50% of one CPU. */
1053
+ cpu_quota: z.ZodOptional<z.ZodNumber>;
482
1054
  /** @deprecated Use 'image' instead */
483
1055
  base_image: z.ZodOptional<z.ZodString>;
484
- }, "strip", z.ZodTypeAny, {
1056
+ /**
1057
+ * Raw dockerode HostConfig passthrough for advanced options.
1058
+ * Values here override any translated options (e.g., host_config.Memory overrides memory).
1059
+ * See dockerode documentation for available options.
1060
+ */
1061
+ host_config: z.ZodOptional<z.ZodType<HostConfig, z.ZodTypeDef, HostConfig>>;
1062
+ }, "strict", z.ZodTypeAny, {
485
1063
  enabled: boolean;
486
1064
  ephemeral: boolean;
487
- network: "none" | "bridge" | "host";
488
1065
  memory: string;
489
1066
  max_containers: number;
490
1067
  workspace_mode: "rw" | "ro";
491
- image?: string | undefined;
1068
+ network: "none" | "bridge" | "host";
1069
+ labels?: Record<string, string> | undefined;
492
1070
  cpu_shares?: number | undefined;
1071
+ tmpfs?: string[] | undefined;
1072
+ pids_limit?: number | undefined;
1073
+ cpu_period?: number | undefined;
1074
+ cpu_quota?: number | undefined;
1075
+ image?: string | undefined;
493
1076
  user?: string | undefined;
494
1077
  volumes?: string[] | undefined;
495
1078
  env?: Record<string, string> | undefined;
1079
+ ports?: string[] | undefined;
496
1080
  base_image?: string | undefined;
1081
+ host_config?: HostConfig | undefined;
497
1082
  }, {
1083
+ labels?: Record<string, string> | undefined;
498
1084
  enabled?: boolean | undefined;
499
1085
  ephemeral?: boolean | undefined;
500
- image?: string | undefined;
501
- network?: "none" | "bridge" | "host" | undefined;
502
1086
  memory?: string | undefined;
503
1087
  cpu_shares?: number | undefined;
504
- user?: string | undefined;
505
1088
  max_containers?: number | undefined;
506
- volumes?: string[] | undefined;
507
1089
  workspace_mode?: "rw" | "ro" | undefined;
1090
+ tmpfs?: string[] | undefined;
1091
+ pids_limit?: number | undefined;
1092
+ cpu_period?: number | undefined;
1093
+ cpu_quota?: number | undefined;
1094
+ image?: string | undefined;
1095
+ network?: "none" | "bridge" | "host" | undefined;
1096
+ user?: string | undefined;
1097
+ volumes?: string[] | undefined;
508
1098
  env?: Record<string, string> | undefined;
1099
+ ports?: string[] | undefined;
509
1100
  base_image?: string | undefined;
1101
+ host_config?: HostConfig | undefined;
510
1102
  }>, {
511
1103
  enabled: boolean;
512
1104
  ephemeral: boolean;
513
- network: "none" | "bridge" | "host";
514
1105
  memory: string;
515
1106
  max_containers: number;
516
1107
  workspace_mode: "rw" | "ro";
517
- image?: string | undefined;
1108
+ network: "none" | "bridge" | "host";
1109
+ labels?: Record<string, string> | undefined;
518
1110
  cpu_shares?: number | undefined;
1111
+ tmpfs?: string[] | undefined;
1112
+ pids_limit?: number | undefined;
1113
+ cpu_period?: number | undefined;
1114
+ cpu_quota?: number | undefined;
1115
+ image?: string | undefined;
519
1116
  user?: string | undefined;
520
1117
  volumes?: string[] | undefined;
521
1118
  env?: Record<string, string> | undefined;
1119
+ ports?: string[] | undefined;
522
1120
  base_image?: string | undefined;
1121
+ host_config?: HostConfig | undefined;
523
1122
  }, {
1123
+ labels?: Record<string, string> | undefined;
524
1124
  enabled?: boolean | undefined;
525
1125
  ephemeral?: boolean | undefined;
526
- image?: string | undefined;
527
- network?: "none" | "bridge" | "host" | undefined;
528
1126
  memory?: string | undefined;
529
1127
  cpu_shares?: number | undefined;
530
- user?: string | undefined;
531
1128
  max_containers?: number | undefined;
532
- volumes?: string[] | undefined;
533
1129
  workspace_mode?: "rw" | "ro" | undefined;
1130
+ tmpfs?: string[] | undefined;
1131
+ pids_limit?: number | undefined;
1132
+ cpu_period?: number | undefined;
1133
+ cpu_quota?: number | undefined;
1134
+ image?: string | undefined;
1135
+ network?: "none" | "bridge" | "host" | undefined;
1136
+ user?: string | undefined;
1137
+ volumes?: string[] | undefined;
534
1138
  env?: Record<string, string> | undefined;
1139
+ ports?: string[] | undefined;
535
1140
  base_image?: string | undefined;
1141
+ host_config?: HostConfig | undefined;
536
1142
  }>, {
537
1143
  enabled: boolean;
538
1144
  ephemeral: boolean;
539
- network: "none" | "bridge" | "host";
540
1145
  memory: string;
541
1146
  max_containers: number;
542
1147
  workspace_mode: "rw" | "ro";
543
- image?: string | undefined;
1148
+ network: "none" | "bridge" | "host";
1149
+ labels?: Record<string, string> | undefined;
544
1150
  cpu_shares?: number | undefined;
1151
+ tmpfs?: string[] | undefined;
1152
+ pids_limit?: number | undefined;
1153
+ cpu_period?: number | undefined;
1154
+ cpu_quota?: number | undefined;
1155
+ image?: string | undefined;
545
1156
  user?: string | undefined;
546
1157
  volumes?: string[] | undefined;
547
1158
  env?: Record<string, string> | undefined;
1159
+ ports?: string[] | undefined;
548
1160
  base_image?: string | undefined;
1161
+ host_config?: HostConfig | undefined;
549
1162
  }, {
1163
+ labels?: Record<string, string> | undefined;
550
1164
  enabled?: boolean | undefined;
551
1165
  ephemeral?: boolean | undefined;
1166
+ memory?: string | undefined;
1167
+ cpu_shares?: number | undefined;
1168
+ max_containers?: number | undefined;
1169
+ workspace_mode?: "rw" | "ro" | undefined;
1170
+ tmpfs?: string[] | undefined;
1171
+ pids_limit?: number | undefined;
1172
+ cpu_period?: number | undefined;
1173
+ cpu_quota?: number | undefined;
552
1174
  image?: string | undefined;
553
1175
  network?: "none" | "bridge" | "host" | undefined;
554
- memory?: string | undefined;
1176
+ user?: string | undefined;
1177
+ volumes?: string[] | undefined;
1178
+ env?: Record<string, string> | undefined;
1179
+ ports?: string[] | undefined;
1180
+ base_image?: string | undefined;
1181
+ host_config?: HostConfig | undefined;
1182
+ }>, {
1183
+ enabled: boolean;
1184
+ ephemeral: boolean;
1185
+ memory: string;
1186
+ max_containers: number;
1187
+ workspace_mode: "rw" | "ro";
1188
+ network: "none" | "bridge" | "host";
1189
+ labels?: Record<string, string> | undefined;
555
1190
  cpu_shares?: number | undefined;
1191
+ tmpfs?: string[] | undefined;
1192
+ pids_limit?: number | undefined;
1193
+ cpu_period?: number | undefined;
1194
+ cpu_quota?: number | undefined;
1195
+ image?: string | undefined;
556
1196
  user?: string | undefined;
557
- max_containers?: number | undefined;
558
1197
  volumes?: string[] | undefined;
1198
+ env?: Record<string, string> | undefined;
1199
+ ports?: string[] | undefined;
1200
+ base_image?: string | undefined;
1201
+ host_config?: HostConfig | undefined;
1202
+ }, {
1203
+ labels?: Record<string, string> | undefined;
1204
+ enabled?: boolean | undefined;
1205
+ ephemeral?: boolean | undefined;
1206
+ memory?: string | undefined;
1207
+ cpu_shares?: number | undefined;
1208
+ max_containers?: number | undefined;
559
1209
  workspace_mode?: "rw" | "ro" | undefined;
1210
+ tmpfs?: string[] | undefined;
1211
+ pids_limit?: number | undefined;
1212
+ cpu_period?: number | undefined;
1213
+ cpu_quota?: number | undefined;
1214
+ image?: string | undefined;
1215
+ network?: "none" | "bridge" | "host" | undefined;
1216
+ user?: string | undefined;
1217
+ volumes?: string[] | undefined;
560
1218
  env?: Record<string, string> | undefined;
1219
+ ports?: string[] | undefined;
561
1220
  base_image?: string | undefined;
1221
+ host_config?: HostConfig | undefined;
562
1222
  }>, {
563
1223
  enabled: boolean;
564
1224
  ephemeral: boolean;
565
- network: "none" | "bridge" | "host";
566
1225
  memory: string;
567
1226
  max_containers: number;
568
1227
  workspace_mode: "rw" | "ro";
569
- image?: string | undefined;
1228
+ network: "none" | "bridge" | "host";
1229
+ labels?: Record<string, string> | undefined;
570
1230
  cpu_shares?: number | undefined;
1231
+ tmpfs?: string[] | undefined;
1232
+ pids_limit?: number | undefined;
1233
+ cpu_period?: number | undefined;
1234
+ cpu_quota?: number | undefined;
1235
+ image?: string | undefined;
571
1236
  user?: string | undefined;
572
1237
  volumes?: string[] | undefined;
573
1238
  env?: Record<string, string> | undefined;
1239
+ ports?: string[] | undefined;
574
1240
  base_image?: string | undefined;
1241
+ host_config?: HostConfig | undefined;
575
1242
  }, {
1243
+ labels?: Record<string, string> | undefined;
576
1244
  enabled?: boolean | undefined;
577
1245
  ephemeral?: boolean | undefined;
1246
+ memory?: string | undefined;
1247
+ cpu_shares?: number | undefined;
1248
+ max_containers?: number | undefined;
1249
+ workspace_mode?: "rw" | "ro" | undefined;
1250
+ tmpfs?: string[] | undefined;
1251
+ pids_limit?: number | undefined;
1252
+ cpu_period?: number | undefined;
1253
+ cpu_quota?: number | undefined;
578
1254
  image?: string | undefined;
579
1255
  network?: "none" | "bridge" | "host" | undefined;
580
- memory?: string | undefined;
1256
+ user?: string | undefined;
1257
+ volumes?: string[] | undefined;
1258
+ env?: Record<string, string> | undefined;
1259
+ ports?: string[] | undefined;
1260
+ base_image?: string | undefined;
1261
+ host_config?: HostConfig | undefined;
1262
+ }>, {
1263
+ enabled: boolean;
1264
+ ephemeral: boolean;
1265
+ memory: string;
1266
+ max_containers: number;
1267
+ workspace_mode: "rw" | "ro";
1268
+ network: "none" | "bridge" | "host";
1269
+ labels?: Record<string, string> | undefined;
581
1270
  cpu_shares?: number | undefined;
1271
+ tmpfs?: string[] | undefined;
1272
+ pids_limit?: number | undefined;
1273
+ cpu_period?: number | undefined;
1274
+ cpu_quota?: number | undefined;
1275
+ image?: string | undefined;
582
1276
  user?: string | undefined;
583
- max_containers?: number | undefined;
584
1277
  volumes?: string[] | undefined;
1278
+ env?: Record<string, string> | undefined;
1279
+ ports?: string[] | undefined;
1280
+ base_image?: string | undefined;
1281
+ host_config?: HostConfig | undefined;
1282
+ }, {
1283
+ labels?: Record<string, string> | undefined;
1284
+ enabled?: boolean | undefined;
1285
+ ephemeral?: boolean | undefined;
1286
+ memory?: string | undefined;
1287
+ cpu_shares?: number | undefined;
1288
+ max_containers?: number | undefined;
585
1289
  workspace_mode?: "rw" | "ro" | undefined;
1290
+ tmpfs?: string[] | undefined;
1291
+ pids_limit?: number | undefined;
1292
+ cpu_period?: number | undefined;
1293
+ cpu_quota?: number | undefined;
1294
+ image?: string | undefined;
1295
+ network?: "none" | "bridge" | "host" | undefined;
1296
+ user?: string | undefined;
1297
+ volumes?: string[] | undefined;
586
1298
  env?: Record<string, string> | undefined;
1299
+ ports?: string[] | undefined;
587
1300
  base_image?: string | undefined;
1301
+ host_config?: HostConfig | undefined;
588
1302
  }>>;
589
1303
  permissions: z.ZodOptional<z.ZodObject<{
590
1304
  mode: z.ZodDefault<z.ZodOptional<z.ZodEnum<["default", "acceptEdits", "bypassPermissions", "plan", "delegate", "dontAsk"]>>>;
@@ -748,16 +1462,23 @@ export declare const DefaultsSchema: z.ZodObject<{
748
1462
  docker?: {
749
1463
  enabled: boolean;
750
1464
  ephemeral: boolean;
751
- network: "none" | "bridge" | "host";
752
1465
  memory: string;
753
1466
  max_containers: number;
754
1467
  workspace_mode: "rw" | "ro";
755
- image?: string | undefined;
1468
+ network: "none" | "bridge" | "host";
1469
+ labels?: Record<string, string> | undefined;
756
1470
  cpu_shares?: number | undefined;
1471
+ tmpfs?: string[] | undefined;
1472
+ pids_limit?: number | undefined;
1473
+ cpu_period?: number | undefined;
1474
+ cpu_quota?: number | undefined;
1475
+ image?: string | undefined;
757
1476
  user?: string | undefined;
758
1477
  volumes?: string[] | undefined;
759
1478
  env?: Record<string, string> | undefined;
1479
+ ports?: string[] | undefined;
760
1480
  base_image?: string | undefined;
1481
+ host_config?: HostConfig | undefined;
761
1482
  } | undefined;
762
1483
  permissions?: {
763
1484
  mode: "default" | "acceptEdits" | "bypassPermissions" | "plan" | "delegate" | "dontAsk";
@@ -808,18 +1529,25 @@ export declare const DefaultsSchema: z.ZodObject<{
808
1529
  max_turns?: number | undefined;
809
1530
  model?: string | undefined;
810
1531
  docker?: {
1532
+ labels?: Record<string, string> | undefined;
811
1533
  enabled?: boolean | undefined;
812
1534
  ephemeral?: boolean | undefined;
813
- image?: string | undefined;
814
- network?: "none" | "bridge" | "host" | undefined;
815
1535
  memory?: string | undefined;
816
1536
  cpu_shares?: number | undefined;
817
- user?: string | undefined;
818
1537
  max_containers?: number | undefined;
819
- volumes?: string[] | undefined;
820
1538
  workspace_mode?: "rw" | "ro" | undefined;
1539
+ tmpfs?: string[] | undefined;
1540
+ pids_limit?: number | undefined;
1541
+ cpu_period?: number | undefined;
1542
+ cpu_quota?: number | undefined;
1543
+ image?: string | undefined;
1544
+ network?: "none" | "bridge" | "host" | undefined;
1545
+ user?: string | undefined;
1546
+ volumes?: string[] | undefined;
821
1547
  env?: Record<string, string> | undefined;
1548
+ ports?: string[] | undefined;
822
1549
  base_image?: string | undefined;
1550
+ host_config?: HostConfig | undefined;
823
1551
  } | undefined;
824
1552
  permissions?: {
825
1553
  mode?: "default" | "acceptEdits" | "bypassPermissions" | "plan" | "delegate" | "dontAsk" | undefined;
@@ -3080,135 +3808,101 @@ export declare const AgentConfigSchema: z.ZodObject<{
3080
3808
  when?: string | undefined;
3081
3809
  })[] | undefined;
3082
3810
  }>>;
3083
- docker: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
3811
+ docker: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodObject<{
3084
3812
  /** Enable Docker containerization for this agent (default: false) */
3085
3813
  enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
3086
3814
  /** Use ephemeral containers (fresh per job, auto-removed) vs persistent (reuse across jobs, kept for inspection) */
3087
3815
  ephemeral: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
3088
- /** Docker image to use (default: anthropic/claude-code:latest) */
3089
- image: z.ZodOptional<z.ZodString>;
3090
- /** Network isolation mode (default: bridge for full network access) */
3091
- network: z.ZodDefault<z.ZodOptional<z.ZodEnum<["none", "bridge", "host"]>>>;
3092
3816
  /** Memory limit (e.g., "2g", "512m") (default: 2g) */
3093
3817
  memory: z.ZodDefault<z.ZodOptional<z.ZodString>>;
3094
3818
  /** CPU shares (relative weight, 512 is normal) */
3095
3819
  cpu_shares: z.ZodOptional<z.ZodNumber>;
3096
- /** Container user as "UID:GID" string (default: match host user) */
3097
- user: z.ZodOptional<z.ZodString>;
3098
3820
  /** Maximum containers to keep per agent before cleanup (default: 5) */
3099
3821
  max_containers: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
3100
- /** Additional volume mounts in Docker format: "host:container:mode" */
3101
- volumes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
3102
3822
  /** Workspace mount mode: rw (read-write, default) or ro (read-only) */
3103
3823
  workspace_mode: z.ZodDefault<z.ZodOptional<z.ZodEnum<["rw", "ro"]>>>;
3104
- /** Environment variables to pass to the container (supports ${VAR} interpolation) */
3105
- env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
3106
- /** @deprecated Use 'image' instead */
3107
- base_image: z.ZodOptional<z.ZodString>;
3108
- }, "strip", z.ZodTypeAny, {
3109
- enabled: boolean;
3110
- ephemeral: boolean;
3111
- network: "none" | "bridge" | "host";
3112
- memory: string;
3113
- max_containers: number;
3114
- workspace_mode: "rw" | "ro";
3115
- image?: string | undefined;
3116
- cpu_shares?: number | undefined;
3117
- user?: string | undefined;
3118
- volumes?: string[] | undefined;
3119
- env?: Record<string, string> | undefined;
3120
- base_image?: string | undefined;
3121
- }, {
3122
- enabled?: boolean | undefined;
3123
- ephemeral?: boolean | undefined;
3124
- image?: string | undefined;
3125
- network?: "none" | "bridge" | "host" | undefined;
3126
- memory?: string | undefined;
3127
- cpu_shares?: number | undefined;
3128
- user?: string | undefined;
3129
- max_containers?: number | undefined;
3130
- volumes?: string[] | undefined;
3131
- workspace_mode?: "rw" | "ro" | undefined;
3132
- env?: Record<string, string> | undefined;
3133
- base_image?: string | undefined;
3134
- }>, {
3824
+ /** Tmpfs mounts in format "path" or "path:options" (e.g., "/tmp", "/tmp:size=100m,mode=1777") */
3825
+ tmpfs: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
3826
+ /** Maximum number of processes (PIDs) allowed in the container (prevents fork bombs) */
3827
+ pids_limit: z.ZodOptional<z.ZodNumber>;
3828
+ /** Container labels for organization and filtering */
3829
+ labels: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
3830
+ /** CPU period in microseconds (default: 100000 = 100ms). Used with cpu_quota for hard CPU limits. */
3831
+ cpu_period: z.ZodOptional<z.ZodNumber>;
3832
+ /** CPU quota in microseconds per cpu_period. E.g., cpu_period=100000 + cpu_quota=50000 = 50% of one CPU. */
3833
+ cpu_quota: z.ZodOptional<z.ZodNumber>;
3834
+ }, "strict", z.ZodTypeAny, {
3135
3835
  enabled: boolean;
3136
3836
  ephemeral: boolean;
3137
- network: "none" | "bridge" | "host";
3138
3837
  memory: string;
3139
3838
  max_containers: number;
3140
3839
  workspace_mode: "rw" | "ro";
3141
- image?: string | undefined;
3840
+ labels?: Record<string, string> | undefined;
3142
3841
  cpu_shares?: number | undefined;
3143
- user?: string | undefined;
3144
- volumes?: string[] | undefined;
3145
- env?: Record<string, string> | undefined;
3146
- base_image?: string | undefined;
3842
+ tmpfs?: string[] | undefined;
3843
+ pids_limit?: number | undefined;
3844
+ cpu_period?: number | undefined;
3845
+ cpu_quota?: number | undefined;
3147
3846
  }, {
3847
+ labels?: Record<string, string> | undefined;
3148
3848
  enabled?: boolean | undefined;
3149
3849
  ephemeral?: boolean | undefined;
3150
- image?: string | undefined;
3151
- network?: "none" | "bridge" | "host" | undefined;
3152
3850
  memory?: string | undefined;
3153
3851
  cpu_shares?: number | undefined;
3154
- user?: string | undefined;
3155
3852
  max_containers?: number | undefined;
3156
- volumes?: string[] | undefined;
3157
3853
  workspace_mode?: "rw" | "ro" | undefined;
3158
- env?: Record<string, string> | undefined;
3159
- base_image?: string | undefined;
3854
+ tmpfs?: string[] | undefined;
3855
+ pids_limit?: number | undefined;
3856
+ cpu_period?: number | undefined;
3857
+ cpu_quota?: number | undefined;
3160
3858
  }>, {
3161
3859
  enabled: boolean;
3162
3860
  ephemeral: boolean;
3163
- network: "none" | "bridge" | "host";
3164
3861
  memory: string;
3165
3862
  max_containers: number;
3166
3863
  workspace_mode: "rw" | "ro";
3167
- image?: string | undefined;
3168
- cpu_shares?: number | undefined;
3169
- user?: string | undefined;
3170
- volumes?: string[] | undefined;
3171
- env?: Record<string, string> | undefined;
3172
- base_image?: string | undefined;
3864
+ labels?: Record<string, string> | undefined;
3865
+ cpu_shares?: number | undefined;
3866
+ tmpfs?: string[] | undefined;
3867
+ pids_limit?: number | undefined;
3868
+ cpu_period?: number | undefined;
3869
+ cpu_quota?: number | undefined;
3173
3870
  }, {
3871
+ labels?: Record<string, string> | undefined;
3174
3872
  enabled?: boolean | undefined;
3175
3873
  ephemeral?: boolean | undefined;
3176
- image?: string | undefined;
3177
- network?: "none" | "bridge" | "host" | undefined;
3178
3874
  memory?: string | undefined;
3179
3875
  cpu_shares?: number | undefined;
3180
- user?: string | undefined;
3181
3876
  max_containers?: number | undefined;
3182
- volumes?: string[] | undefined;
3183
3877
  workspace_mode?: "rw" | "ro" | undefined;
3184
- env?: Record<string, string> | undefined;
3185
- base_image?: string | undefined;
3878
+ tmpfs?: string[] | undefined;
3879
+ pids_limit?: number | undefined;
3880
+ cpu_period?: number | undefined;
3881
+ cpu_quota?: number | undefined;
3186
3882
  }>, {
3187
3883
  enabled: boolean;
3188
3884
  ephemeral: boolean;
3189
- network: "none" | "bridge" | "host";
3190
3885
  memory: string;
3191
3886
  max_containers: number;
3192
3887
  workspace_mode: "rw" | "ro";
3193
- image?: string | undefined;
3888
+ labels?: Record<string, string> | undefined;
3194
3889
  cpu_shares?: number | undefined;
3195
- user?: string | undefined;
3196
- volumes?: string[] | undefined;
3197
- env?: Record<string, string> | undefined;
3198
- base_image?: string | undefined;
3890
+ tmpfs?: string[] | undefined;
3891
+ pids_limit?: number | undefined;
3892
+ cpu_period?: number | undefined;
3893
+ cpu_quota?: number | undefined;
3199
3894
  }, {
3895
+ labels?: Record<string, string> | undefined;
3200
3896
  enabled?: boolean | undefined;
3201
3897
  ephemeral?: boolean | undefined;
3202
- image?: string | undefined;
3203
- network?: "none" | "bridge" | "host" | undefined;
3204
3898
  memory?: string | undefined;
3205
3899
  cpu_shares?: number | undefined;
3206
- user?: string | undefined;
3207
3900
  max_containers?: number | undefined;
3208
- volumes?: string[] | undefined;
3209
3901
  workspace_mode?: "rw" | "ro" | undefined;
3210
- env?: Record<string, string> | undefined;
3211
- base_image?: string | undefined;
3902
+ tmpfs?: string[] | undefined;
3903
+ pids_limit?: number | undefined;
3904
+ cpu_period?: number | undefined;
3905
+ cpu_quota?: number | undefined;
3212
3906
  }>>;
3213
3907
  instances: z.ZodOptional<z.ZodObject<{
3214
3908
  max_concurrent: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
@@ -3248,16 +3942,15 @@ export declare const AgentConfigSchema: z.ZodObject<{
3248
3942
  docker?: {
3249
3943
  enabled: boolean;
3250
3944
  ephemeral: boolean;
3251
- network: "none" | "bridge" | "host";
3252
3945
  memory: string;
3253
3946
  max_containers: number;
3254
3947
  workspace_mode: "rw" | "ro";
3255
- image?: string | undefined;
3948
+ labels?: Record<string, string> | undefined;
3256
3949
  cpu_shares?: number | undefined;
3257
- user?: string | undefined;
3258
- volumes?: string[] | undefined;
3259
- env?: Record<string, string> | undefined;
3260
- base_image?: string | undefined;
3950
+ tmpfs?: string[] | undefined;
3951
+ pids_limit?: number | undefined;
3952
+ cpu_period?: number | undefined;
3953
+ cpu_quota?: number | undefined;
3261
3954
  } | undefined;
3262
3955
  permissions?: {
3263
3956
  mode: "default" | "acceptEdits" | "bypassPermissions" | "plan" | "delegate" | "dontAsk";
@@ -3445,18 +4138,17 @@ export declare const AgentConfigSchema: z.ZodObject<{
3445
4138
  max_turns?: number | undefined;
3446
4139
  model?: string | undefined;
3447
4140
  docker?: {
4141
+ labels?: Record<string, string> | undefined;
3448
4142
  enabled?: boolean | undefined;
3449
4143
  ephemeral?: boolean | undefined;
3450
- image?: string | undefined;
3451
- network?: "none" | "bridge" | "host" | undefined;
3452
4144
  memory?: string | undefined;
3453
4145
  cpu_shares?: number | undefined;
3454
- user?: string | undefined;
3455
4146
  max_containers?: number | undefined;
3456
- volumes?: string[] | undefined;
3457
4147
  workspace_mode?: "rw" | "ro" | undefined;
3458
- env?: Record<string, string> | undefined;
3459
- base_image?: string | undefined;
4148
+ tmpfs?: string[] | undefined;
4149
+ pids_limit?: number | undefined;
4150
+ cpu_period?: number | undefined;
4151
+ cpu_quota?: number | undefined;
3460
4152
  } | undefined;
3461
4153
  permissions?: {
3462
4154
  mode?: "default" | "acceptEdits" | "bypassPermissions" | "plan" | "delegate" | "dontAsk" | undefined;
@@ -3707,7 +4399,7 @@ export declare const FleetConfigSchema: z.ZodObject<{
3707
4399
  description?: string | undefined;
3708
4400
  }>>;
3709
4401
  defaults: z.ZodOptional<z.ZodObject<{
3710
- docker: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
4402
+ docker: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
3711
4403
  /** Enable Docker containerization for this agent (default: false) */
3712
4404
  enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
3713
4405
  /** Use ephemeral containers (fresh per job, auto-removed) vs persistent (reuse across jobs, kept for inspection) */
@@ -3730,112 +4422,266 @@ export declare const FleetConfigSchema: z.ZodObject<{
3730
4422
  workspace_mode: z.ZodDefault<z.ZodOptional<z.ZodEnum<["rw", "ro"]>>>;
3731
4423
  /** Environment variables to pass to the container (supports ${VAR} interpolation) */
3732
4424
  env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
4425
+ /** Port bindings in format "hostPort:containerPort" or "containerPort" (e.g., "8080:80", "3000") */
4426
+ ports: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
4427
+ /** Tmpfs mounts in format "path" or "path:options" (e.g., "/tmp", "/tmp:size=100m,mode=1777") */
4428
+ tmpfs: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
4429
+ /** Maximum number of processes (PIDs) allowed in the container (prevents fork bombs) */
4430
+ pids_limit: z.ZodOptional<z.ZodNumber>;
4431
+ /** Container labels for organization and filtering */
4432
+ labels: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
4433
+ /** CPU period in microseconds (default: 100000 = 100ms). Used with cpu_quota for hard CPU limits. */
4434
+ cpu_period: z.ZodOptional<z.ZodNumber>;
4435
+ /** CPU quota in microseconds per cpu_period. E.g., cpu_period=100000 + cpu_quota=50000 = 50% of one CPU. */
4436
+ cpu_quota: z.ZodOptional<z.ZodNumber>;
3733
4437
  /** @deprecated Use 'image' instead */
3734
4438
  base_image: z.ZodOptional<z.ZodString>;
3735
- }, "strip", z.ZodTypeAny, {
4439
+ /**
4440
+ * Raw dockerode HostConfig passthrough for advanced options.
4441
+ * Values here override any translated options (e.g., host_config.Memory overrides memory).
4442
+ * See dockerode documentation for available options.
4443
+ */
4444
+ host_config: z.ZodOptional<z.ZodType<HostConfig, z.ZodTypeDef, HostConfig>>;
4445
+ }, "strict", z.ZodTypeAny, {
3736
4446
  enabled: boolean;
3737
4447
  ephemeral: boolean;
3738
- network: "none" | "bridge" | "host";
3739
4448
  memory: string;
3740
4449
  max_containers: number;
3741
4450
  workspace_mode: "rw" | "ro";
3742
- image?: string | undefined;
4451
+ network: "none" | "bridge" | "host";
4452
+ labels?: Record<string, string> | undefined;
3743
4453
  cpu_shares?: number | undefined;
4454
+ tmpfs?: string[] | undefined;
4455
+ pids_limit?: number | undefined;
4456
+ cpu_period?: number | undefined;
4457
+ cpu_quota?: number | undefined;
4458
+ image?: string | undefined;
3744
4459
  user?: string | undefined;
3745
4460
  volumes?: string[] | undefined;
3746
4461
  env?: Record<string, string> | undefined;
4462
+ ports?: string[] | undefined;
3747
4463
  base_image?: string | undefined;
4464
+ host_config?: HostConfig | undefined;
3748
4465
  }, {
4466
+ labels?: Record<string, string> | undefined;
3749
4467
  enabled?: boolean | undefined;
3750
4468
  ephemeral?: boolean | undefined;
3751
- image?: string | undefined;
3752
- network?: "none" | "bridge" | "host" | undefined;
3753
4469
  memory?: string | undefined;
3754
4470
  cpu_shares?: number | undefined;
3755
- user?: string | undefined;
3756
4471
  max_containers?: number | undefined;
3757
- volumes?: string[] | undefined;
3758
4472
  workspace_mode?: "rw" | "ro" | undefined;
4473
+ tmpfs?: string[] | undefined;
4474
+ pids_limit?: number | undefined;
4475
+ cpu_period?: number | undefined;
4476
+ cpu_quota?: number | undefined;
4477
+ image?: string | undefined;
4478
+ network?: "none" | "bridge" | "host" | undefined;
4479
+ user?: string | undefined;
4480
+ volumes?: string[] | undefined;
3759
4481
  env?: Record<string, string> | undefined;
4482
+ ports?: string[] | undefined;
3760
4483
  base_image?: string | undefined;
4484
+ host_config?: HostConfig | undefined;
3761
4485
  }>, {
3762
4486
  enabled: boolean;
3763
4487
  ephemeral: boolean;
3764
- network: "none" | "bridge" | "host";
3765
4488
  memory: string;
3766
4489
  max_containers: number;
3767
4490
  workspace_mode: "rw" | "ro";
3768
- image?: string | undefined;
4491
+ network: "none" | "bridge" | "host";
4492
+ labels?: Record<string, string> | undefined;
3769
4493
  cpu_shares?: number | undefined;
4494
+ tmpfs?: string[] | undefined;
4495
+ pids_limit?: number | undefined;
4496
+ cpu_period?: number | undefined;
4497
+ cpu_quota?: number | undefined;
4498
+ image?: string | undefined;
3770
4499
  user?: string | undefined;
3771
4500
  volumes?: string[] | undefined;
3772
4501
  env?: Record<string, string> | undefined;
4502
+ ports?: string[] | undefined;
3773
4503
  base_image?: string | undefined;
4504
+ host_config?: HostConfig | undefined;
3774
4505
  }, {
4506
+ labels?: Record<string, string> | undefined;
3775
4507
  enabled?: boolean | undefined;
3776
4508
  ephemeral?: boolean | undefined;
3777
- image?: string | undefined;
3778
- network?: "none" | "bridge" | "host" | undefined;
3779
4509
  memory?: string | undefined;
3780
4510
  cpu_shares?: number | undefined;
3781
- user?: string | undefined;
3782
4511
  max_containers?: number | undefined;
3783
- volumes?: string[] | undefined;
3784
4512
  workspace_mode?: "rw" | "ro" | undefined;
4513
+ tmpfs?: string[] | undefined;
4514
+ pids_limit?: number | undefined;
4515
+ cpu_period?: number | undefined;
4516
+ cpu_quota?: number | undefined;
4517
+ image?: string | undefined;
4518
+ network?: "none" | "bridge" | "host" | undefined;
4519
+ user?: string | undefined;
4520
+ volumes?: string[] | undefined;
3785
4521
  env?: Record<string, string> | undefined;
4522
+ ports?: string[] | undefined;
3786
4523
  base_image?: string | undefined;
4524
+ host_config?: HostConfig | undefined;
3787
4525
  }>, {
3788
4526
  enabled: boolean;
3789
4527
  ephemeral: boolean;
3790
- network: "none" | "bridge" | "host";
3791
4528
  memory: string;
3792
4529
  max_containers: number;
3793
4530
  workspace_mode: "rw" | "ro";
3794
- image?: string | undefined;
4531
+ network: "none" | "bridge" | "host";
4532
+ labels?: Record<string, string> | undefined;
3795
4533
  cpu_shares?: number | undefined;
4534
+ tmpfs?: string[] | undefined;
4535
+ pids_limit?: number | undefined;
4536
+ cpu_period?: number | undefined;
4537
+ cpu_quota?: number | undefined;
4538
+ image?: string | undefined;
3796
4539
  user?: string | undefined;
3797
4540
  volumes?: string[] | undefined;
3798
4541
  env?: Record<string, string> | undefined;
4542
+ ports?: string[] | undefined;
3799
4543
  base_image?: string | undefined;
4544
+ host_config?: HostConfig | undefined;
3800
4545
  }, {
4546
+ labels?: Record<string, string> | undefined;
3801
4547
  enabled?: boolean | undefined;
3802
4548
  ephemeral?: boolean | undefined;
4549
+ memory?: string | undefined;
4550
+ cpu_shares?: number | undefined;
4551
+ max_containers?: number | undefined;
4552
+ workspace_mode?: "rw" | "ro" | undefined;
4553
+ tmpfs?: string[] | undefined;
4554
+ pids_limit?: number | undefined;
4555
+ cpu_period?: number | undefined;
4556
+ cpu_quota?: number | undefined;
3803
4557
  image?: string | undefined;
3804
4558
  network?: "none" | "bridge" | "host" | undefined;
3805
- memory?: string | undefined;
4559
+ user?: string | undefined;
4560
+ volumes?: string[] | undefined;
4561
+ env?: Record<string, string> | undefined;
4562
+ ports?: string[] | undefined;
4563
+ base_image?: string | undefined;
4564
+ host_config?: HostConfig | undefined;
4565
+ }>, {
4566
+ enabled: boolean;
4567
+ ephemeral: boolean;
4568
+ memory: string;
4569
+ max_containers: number;
4570
+ workspace_mode: "rw" | "ro";
4571
+ network: "none" | "bridge" | "host";
4572
+ labels?: Record<string, string> | undefined;
3806
4573
  cpu_shares?: number | undefined;
4574
+ tmpfs?: string[] | undefined;
4575
+ pids_limit?: number | undefined;
4576
+ cpu_period?: number | undefined;
4577
+ cpu_quota?: number | undefined;
4578
+ image?: string | undefined;
3807
4579
  user?: string | undefined;
3808
- max_containers?: number | undefined;
3809
4580
  volumes?: string[] | undefined;
4581
+ env?: Record<string, string> | undefined;
4582
+ ports?: string[] | undefined;
4583
+ base_image?: string | undefined;
4584
+ host_config?: HostConfig | undefined;
4585
+ }, {
4586
+ labels?: Record<string, string> | undefined;
4587
+ enabled?: boolean | undefined;
4588
+ ephemeral?: boolean | undefined;
4589
+ memory?: string | undefined;
4590
+ cpu_shares?: number | undefined;
4591
+ max_containers?: number | undefined;
3810
4592
  workspace_mode?: "rw" | "ro" | undefined;
4593
+ tmpfs?: string[] | undefined;
4594
+ pids_limit?: number | undefined;
4595
+ cpu_period?: number | undefined;
4596
+ cpu_quota?: number | undefined;
4597
+ image?: string | undefined;
4598
+ network?: "none" | "bridge" | "host" | undefined;
4599
+ user?: string | undefined;
4600
+ volumes?: string[] | undefined;
3811
4601
  env?: Record<string, string> | undefined;
4602
+ ports?: string[] | undefined;
3812
4603
  base_image?: string | undefined;
4604
+ host_config?: HostConfig | undefined;
3813
4605
  }>, {
3814
4606
  enabled: boolean;
3815
4607
  ephemeral: boolean;
3816
- network: "none" | "bridge" | "host";
3817
4608
  memory: string;
3818
4609
  max_containers: number;
3819
4610
  workspace_mode: "rw" | "ro";
3820
- image?: string | undefined;
4611
+ network: "none" | "bridge" | "host";
4612
+ labels?: Record<string, string> | undefined;
3821
4613
  cpu_shares?: number | undefined;
4614
+ tmpfs?: string[] | undefined;
4615
+ pids_limit?: number | undefined;
4616
+ cpu_period?: number | undefined;
4617
+ cpu_quota?: number | undefined;
4618
+ image?: string | undefined;
3822
4619
  user?: string | undefined;
3823
4620
  volumes?: string[] | undefined;
3824
4621
  env?: Record<string, string> | undefined;
4622
+ ports?: string[] | undefined;
3825
4623
  base_image?: string | undefined;
4624
+ host_config?: HostConfig | undefined;
3826
4625
  }, {
4626
+ labels?: Record<string, string> | undefined;
3827
4627
  enabled?: boolean | undefined;
3828
4628
  ephemeral?: boolean | undefined;
4629
+ memory?: string | undefined;
4630
+ cpu_shares?: number | undefined;
4631
+ max_containers?: number | undefined;
4632
+ workspace_mode?: "rw" | "ro" | undefined;
4633
+ tmpfs?: string[] | undefined;
4634
+ pids_limit?: number | undefined;
4635
+ cpu_period?: number | undefined;
4636
+ cpu_quota?: number | undefined;
3829
4637
  image?: string | undefined;
3830
4638
  network?: "none" | "bridge" | "host" | undefined;
3831
- memory?: string | undefined;
4639
+ user?: string | undefined;
4640
+ volumes?: string[] | undefined;
4641
+ env?: Record<string, string> | undefined;
4642
+ ports?: string[] | undefined;
4643
+ base_image?: string | undefined;
4644
+ host_config?: HostConfig | undefined;
4645
+ }>, {
4646
+ enabled: boolean;
4647
+ ephemeral: boolean;
4648
+ memory: string;
4649
+ max_containers: number;
4650
+ workspace_mode: "rw" | "ro";
4651
+ network: "none" | "bridge" | "host";
4652
+ labels?: Record<string, string> | undefined;
3832
4653
  cpu_shares?: number | undefined;
4654
+ tmpfs?: string[] | undefined;
4655
+ pids_limit?: number | undefined;
4656
+ cpu_period?: number | undefined;
4657
+ cpu_quota?: number | undefined;
4658
+ image?: string | undefined;
3833
4659
  user?: string | undefined;
3834
- max_containers?: number | undefined;
3835
4660
  volumes?: string[] | undefined;
4661
+ env?: Record<string, string> | undefined;
4662
+ ports?: string[] | undefined;
4663
+ base_image?: string | undefined;
4664
+ host_config?: HostConfig | undefined;
4665
+ }, {
4666
+ labels?: Record<string, string> | undefined;
4667
+ enabled?: boolean | undefined;
4668
+ ephemeral?: boolean | undefined;
4669
+ memory?: string | undefined;
4670
+ cpu_shares?: number | undefined;
4671
+ max_containers?: number | undefined;
3836
4672
  workspace_mode?: "rw" | "ro" | undefined;
4673
+ tmpfs?: string[] | undefined;
4674
+ pids_limit?: number | undefined;
4675
+ cpu_period?: number | undefined;
4676
+ cpu_quota?: number | undefined;
4677
+ image?: string | undefined;
4678
+ network?: "none" | "bridge" | "host" | undefined;
4679
+ user?: string | undefined;
4680
+ volumes?: string[] | undefined;
3837
4681
  env?: Record<string, string> | undefined;
4682
+ ports?: string[] | undefined;
3838
4683
  base_image?: string | undefined;
4684
+ host_config?: HostConfig | undefined;
3839
4685
  }>>;
3840
4686
  permissions: z.ZodOptional<z.ZodObject<{
3841
4687
  mode: z.ZodDefault<z.ZodOptional<z.ZodEnum<["default", "acceptEdits", "bypassPermissions", "plan", "delegate", "dontAsk"]>>>;
@@ -3999,16 +4845,23 @@ export declare const FleetConfigSchema: z.ZodObject<{
3999
4845
  docker?: {
4000
4846
  enabled: boolean;
4001
4847
  ephemeral: boolean;
4002
- network: "none" | "bridge" | "host";
4003
4848
  memory: string;
4004
4849
  max_containers: number;
4005
4850
  workspace_mode: "rw" | "ro";
4006
- image?: string | undefined;
4851
+ network: "none" | "bridge" | "host";
4852
+ labels?: Record<string, string> | undefined;
4007
4853
  cpu_shares?: number | undefined;
4854
+ tmpfs?: string[] | undefined;
4855
+ pids_limit?: number | undefined;
4856
+ cpu_period?: number | undefined;
4857
+ cpu_quota?: number | undefined;
4858
+ image?: string | undefined;
4008
4859
  user?: string | undefined;
4009
4860
  volumes?: string[] | undefined;
4010
4861
  env?: Record<string, string> | undefined;
4862
+ ports?: string[] | undefined;
4011
4863
  base_image?: string | undefined;
4864
+ host_config?: HostConfig | undefined;
4012
4865
  } | undefined;
4013
4866
  permissions?: {
4014
4867
  mode: "default" | "acceptEdits" | "bypassPermissions" | "plan" | "delegate" | "dontAsk";
@@ -4059,18 +4912,25 @@ export declare const FleetConfigSchema: z.ZodObject<{
4059
4912
  max_turns?: number | undefined;
4060
4913
  model?: string | undefined;
4061
4914
  docker?: {
4915
+ labels?: Record<string, string> | undefined;
4062
4916
  enabled?: boolean | undefined;
4063
4917
  ephemeral?: boolean | undefined;
4064
- image?: string | undefined;
4065
- network?: "none" | "bridge" | "host" | undefined;
4066
4918
  memory?: string | undefined;
4067
4919
  cpu_shares?: number | undefined;
4068
- user?: string | undefined;
4069
4920
  max_containers?: number | undefined;
4070
- volumes?: string[] | undefined;
4071
4921
  workspace_mode?: "rw" | "ro" | undefined;
4922
+ tmpfs?: string[] | undefined;
4923
+ pids_limit?: number | undefined;
4924
+ cpu_period?: number | undefined;
4925
+ cpu_quota?: number | undefined;
4926
+ image?: string | undefined;
4927
+ network?: "none" | "bridge" | "host" | undefined;
4928
+ user?: string | undefined;
4929
+ volumes?: string[] | undefined;
4072
4930
  env?: Record<string, string> | undefined;
4931
+ ports?: string[] | undefined;
4073
4932
  base_image?: string | undefined;
4933
+ host_config?: HostConfig | undefined;
4074
4934
  } | undefined;
4075
4935
  permissions?: {
4076
4936
  mode?: "default" | "acceptEdits" | "bypassPermissions" | "plan" | "delegate" | "dontAsk" | undefined;
@@ -4184,7 +5044,7 @@ export declare const FleetConfigSchema: z.ZodObject<{
4184
5044
  port?: number | undefined;
4185
5045
  secret_env?: string | undefined;
4186
5046
  }>>;
4187
- docker: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
5047
+ docker: z.ZodOptional<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
4188
5048
  /** Enable Docker containerization for this agent (default: false) */
4189
5049
  enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
4190
5050
  /** Use ephemeral containers (fresh per job, auto-removed) vs persistent (reuse across jobs, kept for inspection) */
@@ -4207,112 +5067,266 @@ export declare const FleetConfigSchema: z.ZodObject<{
4207
5067
  workspace_mode: z.ZodDefault<z.ZodOptional<z.ZodEnum<["rw", "ro"]>>>;
4208
5068
  /** Environment variables to pass to the container (supports ${VAR} interpolation) */
4209
5069
  env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
5070
+ /** Port bindings in format "hostPort:containerPort" or "containerPort" (e.g., "8080:80", "3000") */
5071
+ ports: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
5072
+ /** Tmpfs mounts in format "path" or "path:options" (e.g., "/tmp", "/tmp:size=100m,mode=1777") */
5073
+ tmpfs: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
5074
+ /** Maximum number of processes (PIDs) allowed in the container (prevents fork bombs) */
5075
+ pids_limit: z.ZodOptional<z.ZodNumber>;
5076
+ /** Container labels for organization and filtering */
5077
+ labels: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
5078
+ /** CPU period in microseconds (default: 100000 = 100ms). Used with cpu_quota for hard CPU limits. */
5079
+ cpu_period: z.ZodOptional<z.ZodNumber>;
5080
+ /** CPU quota in microseconds per cpu_period. E.g., cpu_period=100000 + cpu_quota=50000 = 50% of one CPU. */
5081
+ cpu_quota: z.ZodOptional<z.ZodNumber>;
4210
5082
  /** @deprecated Use 'image' instead */
4211
5083
  base_image: z.ZodOptional<z.ZodString>;
4212
- }, "strip", z.ZodTypeAny, {
5084
+ /**
5085
+ * Raw dockerode HostConfig passthrough for advanced options.
5086
+ * Values here override any translated options (e.g., host_config.Memory overrides memory).
5087
+ * See dockerode documentation for available options.
5088
+ */
5089
+ host_config: z.ZodOptional<z.ZodType<HostConfig, z.ZodTypeDef, HostConfig>>;
5090
+ }, "strict", z.ZodTypeAny, {
4213
5091
  enabled: boolean;
4214
5092
  ephemeral: boolean;
4215
- network: "none" | "bridge" | "host";
4216
5093
  memory: string;
4217
5094
  max_containers: number;
4218
5095
  workspace_mode: "rw" | "ro";
4219
- image?: string | undefined;
5096
+ network: "none" | "bridge" | "host";
5097
+ labels?: Record<string, string> | undefined;
4220
5098
  cpu_shares?: number | undefined;
5099
+ tmpfs?: string[] | undefined;
5100
+ pids_limit?: number | undefined;
5101
+ cpu_period?: number | undefined;
5102
+ cpu_quota?: number | undefined;
5103
+ image?: string | undefined;
4221
5104
  user?: string | undefined;
4222
5105
  volumes?: string[] | undefined;
4223
5106
  env?: Record<string, string> | undefined;
5107
+ ports?: string[] | undefined;
4224
5108
  base_image?: string | undefined;
5109
+ host_config?: HostConfig | undefined;
4225
5110
  }, {
5111
+ labels?: Record<string, string> | undefined;
4226
5112
  enabled?: boolean | undefined;
4227
5113
  ephemeral?: boolean | undefined;
4228
- image?: string | undefined;
4229
- network?: "none" | "bridge" | "host" | undefined;
4230
5114
  memory?: string | undefined;
4231
5115
  cpu_shares?: number | undefined;
4232
- user?: string | undefined;
4233
5116
  max_containers?: number | undefined;
4234
- volumes?: string[] | undefined;
4235
5117
  workspace_mode?: "rw" | "ro" | undefined;
5118
+ tmpfs?: string[] | undefined;
5119
+ pids_limit?: number | undefined;
5120
+ cpu_period?: number | undefined;
5121
+ cpu_quota?: number | undefined;
5122
+ image?: string | undefined;
5123
+ network?: "none" | "bridge" | "host" | undefined;
5124
+ user?: string | undefined;
5125
+ volumes?: string[] | undefined;
4236
5126
  env?: Record<string, string> | undefined;
5127
+ ports?: string[] | undefined;
4237
5128
  base_image?: string | undefined;
5129
+ host_config?: HostConfig | undefined;
4238
5130
  }>, {
4239
5131
  enabled: boolean;
4240
5132
  ephemeral: boolean;
4241
- network: "none" | "bridge" | "host";
4242
5133
  memory: string;
4243
5134
  max_containers: number;
4244
5135
  workspace_mode: "rw" | "ro";
4245
- image?: string | undefined;
5136
+ network: "none" | "bridge" | "host";
5137
+ labels?: Record<string, string> | undefined;
4246
5138
  cpu_shares?: number | undefined;
5139
+ tmpfs?: string[] | undefined;
5140
+ pids_limit?: number | undefined;
5141
+ cpu_period?: number | undefined;
5142
+ cpu_quota?: number | undefined;
5143
+ image?: string | undefined;
4247
5144
  user?: string | undefined;
4248
5145
  volumes?: string[] | undefined;
4249
5146
  env?: Record<string, string> | undefined;
5147
+ ports?: string[] | undefined;
4250
5148
  base_image?: string | undefined;
5149
+ host_config?: HostConfig | undefined;
4251
5150
  }, {
5151
+ labels?: Record<string, string> | undefined;
4252
5152
  enabled?: boolean | undefined;
4253
5153
  ephemeral?: boolean | undefined;
4254
- image?: string | undefined;
4255
- network?: "none" | "bridge" | "host" | undefined;
4256
5154
  memory?: string | undefined;
4257
5155
  cpu_shares?: number | undefined;
4258
- user?: string | undefined;
4259
5156
  max_containers?: number | undefined;
4260
- volumes?: string[] | undefined;
4261
5157
  workspace_mode?: "rw" | "ro" | undefined;
5158
+ tmpfs?: string[] | undefined;
5159
+ pids_limit?: number | undefined;
5160
+ cpu_period?: number | undefined;
5161
+ cpu_quota?: number | undefined;
5162
+ image?: string | undefined;
5163
+ network?: "none" | "bridge" | "host" | undefined;
5164
+ user?: string | undefined;
5165
+ volumes?: string[] | undefined;
4262
5166
  env?: Record<string, string> | undefined;
5167
+ ports?: string[] | undefined;
4263
5168
  base_image?: string | undefined;
5169
+ host_config?: HostConfig | undefined;
4264
5170
  }>, {
4265
5171
  enabled: boolean;
4266
5172
  ephemeral: boolean;
4267
- network: "none" | "bridge" | "host";
4268
5173
  memory: string;
4269
5174
  max_containers: number;
4270
5175
  workspace_mode: "rw" | "ro";
4271
- image?: string | undefined;
5176
+ network: "none" | "bridge" | "host";
5177
+ labels?: Record<string, string> | undefined;
4272
5178
  cpu_shares?: number | undefined;
5179
+ tmpfs?: string[] | undefined;
5180
+ pids_limit?: number | undefined;
5181
+ cpu_period?: number | undefined;
5182
+ cpu_quota?: number | undefined;
5183
+ image?: string | undefined;
4273
5184
  user?: string | undefined;
4274
5185
  volumes?: string[] | undefined;
4275
5186
  env?: Record<string, string> | undefined;
5187
+ ports?: string[] | undefined;
4276
5188
  base_image?: string | undefined;
5189
+ host_config?: HostConfig | undefined;
4277
5190
  }, {
5191
+ labels?: Record<string, string> | undefined;
4278
5192
  enabled?: boolean | undefined;
4279
5193
  ephemeral?: boolean | undefined;
5194
+ memory?: string | undefined;
5195
+ cpu_shares?: number | undefined;
5196
+ max_containers?: number | undefined;
5197
+ workspace_mode?: "rw" | "ro" | undefined;
5198
+ tmpfs?: string[] | undefined;
5199
+ pids_limit?: number | undefined;
5200
+ cpu_period?: number | undefined;
5201
+ cpu_quota?: number | undefined;
4280
5202
  image?: string | undefined;
4281
5203
  network?: "none" | "bridge" | "host" | undefined;
4282
- memory?: string | undefined;
5204
+ user?: string | undefined;
5205
+ volumes?: string[] | undefined;
5206
+ env?: Record<string, string> | undefined;
5207
+ ports?: string[] | undefined;
5208
+ base_image?: string | undefined;
5209
+ host_config?: HostConfig | undefined;
5210
+ }>, {
5211
+ enabled: boolean;
5212
+ ephemeral: boolean;
5213
+ memory: string;
5214
+ max_containers: number;
5215
+ workspace_mode: "rw" | "ro";
5216
+ network: "none" | "bridge" | "host";
5217
+ labels?: Record<string, string> | undefined;
4283
5218
  cpu_shares?: number | undefined;
5219
+ tmpfs?: string[] | undefined;
5220
+ pids_limit?: number | undefined;
5221
+ cpu_period?: number | undefined;
5222
+ cpu_quota?: number | undefined;
5223
+ image?: string | undefined;
4284
5224
  user?: string | undefined;
4285
- max_containers?: number | undefined;
4286
5225
  volumes?: string[] | undefined;
5226
+ env?: Record<string, string> | undefined;
5227
+ ports?: string[] | undefined;
5228
+ base_image?: string | undefined;
5229
+ host_config?: HostConfig | undefined;
5230
+ }, {
5231
+ labels?: Record<string, string> | undefined;
5232
+ enabled?: boolean | undefined;
5233
+ ephemeral?: boolean | undefined;
5234
+ memory?: string | undefined;
5235
+ cpu_shares?: number | undefined;
5236
+ max_containers?: number | undefined;
4287
5237
  workspace_mode?: "rw" | "ro" | undefined;
5238
+ tmpfs?: string[] | undefined;
5239
+ pids_limit?: number | undefined;
5240
+ cpu_period?: number | undefined;
5241
+ cpu_quota?: number | undefined;
5242
+ image?: string | undefined;
5243
+ network?: "none" | "bridge" | "host" | undefined;
5244
+ user?: string | undefined;
5245
+ volumes?: string[] | undefined;
4288
5246
  env?: Record<string, string> | undefined;
5247
+ ports?: string[] | undefined;
4289
5248
  base_image?: string | undefined;
5249
+ host_config?: HostConfig | undefined;
4290
5250
  }>, {
4291
5251
  enabled: boolean;
4292
5252
  ephemeral: boolean;
4293
- network: "none" | "bridge" | "host";
4294
5253
  memory: string;
4295
5254
  max_containers: number;
4296
5255
  workspace_mode: "rw" | "ro";
4297
- image?: string | undefined;
5256
+ network: "none" | "bridge" | "host";
5257
+ labels?: Record<string, string> | undefined;
4298
5258
  cpu_shares?: number | undefined;
5259
+ tmpfs?: string[] | undefined;
5260
+ pids_limit?: number | undefined;
5261
+ cpu_period?: number | undefined;
5262
+ cpu_quota?: number | undefined;
5263
+ image?: string | undefined;
4299
5264
  user?: string | undefined;
4300
5265
  volumes?: string[] | undefined;
4301
5266
  env?: Record<string, string> | undefined;
5267
+ ports?: string[] | undefined;
4302
5268
  base_image?: string | undefined;
5269
+ host_config?: HostConfig | undefined;
4303
5270
  }, {
5271
+ labels?: Record<string, string> | undefined;
4304
5272
  enabled?: boolean | undefined;
4305
5273
  ephemeral?: boolean | undefined;
5274
+ memory?: string | undefined;
5275
+ cpu_shares?: number | undefined;
5276
+ max_containers?: number | undefined;
5277
+ workspace_mode?: "rw" | "ro" | undefined;
5278
+ tmpfs?: string[] | undefined;
5279
+ pids_limit?: number | undefined;
5280
+ cpu_period?: number | undefined;
5281
+ cpu_quota?: number | undefined;
4306
5282
  image?: string | undefined;
4307
5283
  network?: "none" | "bridge" | "host" | undefined;
4308
- memory?: string | undefined;
5284
+ user?: string | undefined;
5285
+ volumes?: string[] | undefined;
5286
+ env?: Record<string, string> | undefined;
5287
+ ports?: string[] | undefined;
5288
+ base_image?: string | undefined;
5289
+ host_config?: HostConfig | undefined;
5290
+ }>, {
5291
+ enabled: boolean;
5292
+ ephemeral: boolean;
5293
+ memory: string;
5294
+ max_containers: number;
5295
+ workspace_mode: "rw" | "ro";
5296
+ network: "none" | "bridge" | "host";
5297
+ labels?: Record<string, string> | undefined;
4309
5298
  cpu_shares?: number | undefined;
5299
+ tmpfs?: string[] | undefined;
5300
+ pids_limit?: number | undefined;
5301
+ cpu_period?: number | undefined;
5302
+ cpu_quota?: number | undefined;
5303
+ image?: string | undefined;
4310
5304
  user?: string | undefined;
4311
- max_containers?: number | undefined;
4312
5305
  volumes?: string[] | undefined;
5306
+ env?: Record<string, string> | undefined;
5307
+ ports?: string[] | undefined;
5308
+ base_image?: string | undefined;
5309
+ host_config?: HostConfig | undefined;
5310
+ }, {
5311
+ labels?: Record<string, string> | undefined;
5312
+ enabled?: boolean | undefined;
5313
+ ephemeral?: boolean | undefined;
5314
+ memory?: string | undefined;
5315
+ cpu_shares?: number | undefined;
5316
+ max_containers?: number | undefined;
4313
5317
  workspace_mode?: "rw" | "ro" | undefined;
5318
+ tmpfs?: string[] | undefined;
5319
+ pids_limit?: number | undefined;
5320
+ cpu_period?: number | undefined;
5321
+ cpu_quota?: number | undefined;
5322
+ image?: string | undefined;
5323
+ network?: "none" | "bridge" | "host" | undefined;
5324
+ user?: string | undefined;
5325
+ volumes?: string[] | undefined;
4314
5326
  env?: Record<string, string> | undefined;
5327
+ ports?: string[] | undefined;
4315
5328
  base_image?: string | undefined;
5329
+ host_config?: HostConfig | undefined;
4316
5330
  }>>;
4317
5331
  }, "strict", z.ZodTypeAny, {
4318
5332
  version: number;
@@ -4323,16 +5337,23 @@ export declare const FleetConfigSchema: z.ZodObject<{
4323
5337
  docker?: {
4324
5338
  enabled: boolean;
4325
5339
  ephemeral: boolean;
4326
- network: "none" | "bridge" | "host";
4327
5340
  memory: string;
4328
5341
  max_containers: number;
4329
5342
  workspace_mode: "rw" | "ro";
4330
- image?: string | undefined;
5343
+ network: "none" | "bridge" | "host";
5344
+ labels?: Record<string, string> | undefined;
4331
5345
  cpu_shares?: number | undefined;
5346
+ tmpfs?: string[] | undefined;
5347
+ pids_limit?: number | undefined;
5348
+ cpu_period?: number | undefined;
5349
+ cpu_quota?: number | undefined;
5350
+ image?: string | undefined;
4332
5351
  user?: string | undefined;
4333
5352
  volumes?: string[] | undefined;
4334
5353
  env?: Record<string, string> | undefined;
5354
+ ports?: string[] | undefined;
4335
5355
  base_image?: string | undefined;
5356
+ host_config?: HostConfig | undefined;
4336
5357
  } | undefined;
4337
5358
  working_directory?: {
4338
5359
  root: string;
@@ -4356,16 +5377,23 @@ export declare const FleetConfigSchema: z.ZodObject<{
4356
5377
  docker?: {
4357
5378
  enabled: boolean;
4358
5379
  ephemeral: boolean;
4359
- network: "none" | "bridge" | "host";
4360
5380
  memory: string;
4361
5381
  max_containers: number;
4362
5382
  workspace_mode: "rw" | "ro";
4363
- image?: string | undefined;
5383
+ network: "none" | "bridge" | "host";
5384
+ labels?: Record<string, string> | undefined;
4364
5385
  cpu_shares?: number | undefined;
5386
+ tmpfs?: string[] | undefined;
5387
+ pids_limit?: number | undefined;
5388
+ cpu_period?: number | undefined;
5389
+ cpu_quota?: number | undefined;
5390
+ image?: string | undefined;
4365
5391
  user?: string | undefined;
4366
5392
  volumes?: string[] | undefined;
4367
5393
  env?: Record<string, string> | undefined;
5394
+ ports?: string[] | undefined;
4368
5395
  base_image?: string | undefined;
5396
+ host_config?: HostConfig | undefined;
4369
5397
  } | undefined;
4370
5398
  permissions?: {
4371
5399
  mode: "default" | "acceptEdits" | "bypassPermissions" | "plan" | "delegate" | "dontAsk";
@@ -4420,18 +5448,25 @@ export declare const FleetConfigSchema: z.ZodObject<{
4420
5448
  } | undefined;
4421
5449
  }, {
4422
5450
  docker?: {
5451
+ labels?: Record<string, string> | undefined;
4423
5452
  enabled?: boolean | undefined;
4424
5453
  ephemeral?: boolean | undefined;
4425
- image?: string | undefined;
4426
- network?: "none" | "bridge" | "host" | undefined;
4427
5454
  memory?: string | undefined;
4428
5455
  cpu_shares?: number | undefined;
4429
- user?: string | undefined;
4430
5456
  max_containers?: number | undefined;
4431
- volumes?: string[] | undefined;
4432
5457
  workspace_mode?: "rw" | "ro" | undefined;
5458
+ tmpfs?: string[] | undefined;
5459
+ pids_limit?: number | undefined;
5460
+ cpu_period?: number | undefined;
5461
+ cpu_quota?: number | undefined;
5462
+ image?: string | undefined;
5463
+ network?: "none" | "bridge" | "host" | undefined;
5464
+ user?: string | undefined;
5465
+ volumes?: string[] | undefined;
4433
5466
  env?: Record<string, string> | undefined;
5467
+ ports?: string[] | undefined;
4434
5468
  base_image?: string | undefined;
5469
+ host_config?: HostConfig | undefined;
4435
5470
  } | undefined;
4436
5471
  working_directory?: {
4437
5472
  root: string;
@@ -4454,18 +5489,25 @@ export declare const FleetConfigSchema: z.ZodObject<{
4454
5489
  max_turns?: number | undefined;
4455
5490
  model?: string | undefined;
4456
5491
  docker?: {
5492
+ labels?: Record<string, string> | undefined;
4457
5493
  enabled?: boolean | undefined;
4458
5494
  ephemeral?: boolean | undefined;
4459
- image?: string | undefined;
4460
- network?: "none" | "bridge" | "host" | undefined;
4461
5495
  memory?: string | undefined;
4462
5496
  cpu_shares?: number | undefined;
4463
- user?: string | undefined;
4464
5497
  max_containers?: number | undefined;
4465
- volumes?: string[] | undefined;
4466
5498
  workspace_mode?: "rw" | "ro" | undefined;
5499
+ tmpfs?: string[] | undefined;
5500
+ pids_limit?: number | undefined;
5501
+ cpu_period?: number | undefined;
5502
+ cpu_quota?: number | undefined;
5503
+ image?: string | undefined;
5504
+ network?: "none" | "bridge" | "host" | undefined;
5505
+ user?: string | undefined;
5506
+ volumes?: string[] | undefined;
4467
5507
  env?: Record<string, string> | undefined;
5508
+ ports?: string[] | undefined;
4468
5509
  base_image?: string | undefined;
5510
+ host_config?: HostConfig | undefined;
4469
5511
  } | undefined;
4470
5512
  permissions?: {
4471
5513
  mode?: "default" | "acceptEdits" | "bypassPermissions" | "plan" | "delegate" | "dontAsk" | undefined;
@@ -4533,7 +5575,13 @@ export type GitHubWorkSource = z.infer<typeof GitHubWorkSourceSchema>;
4533
5575
  export type BaseWorkSource = z.infer<typeof BaseWorkSourceSchema>;
4534
5576
  export type WorkSource = z.infer<typeof WorkSourceSchema>;
4535
5577
  export type Instances = z.infer<typeof InstancesSchema>;
5578
+ export type AgentDockerInput = z.input<typeof AgentDockerSchema>;
5579
+ export type AgentDocker = z.infer<typeof AgentDockerSchema>;
5580
+ export type FleetDockerInput = z.input<typeof FleetDockerSchema>;
5581
+ export type FleetDocker = z.infer<typeof FleetDockerSchema>;
5582
+ /** @deprecated Use AgentDockerInput or FleetDockerInput instead */
4536
5583
  export type DockerInput = z.input<typeof DockerSchema>;
5584
+ /** @deprecated Use AgentDocker or FleetDocker instead */
4537
5585
  export type Docker = z.infer<typeof DockerSchema>;
4538
5586
  export type Defaults = z.infer<typeof DefaultsSchema>;
4539
5587
  export type WorkingDirectory = z.infer<typeof WorkingDirectorySchema>;