@isol8/core 0.17.0 → 0.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config.d.ts.map +1 -1
- package/dist/docker/Dockerfile +14 -2
- package/dist/engine/docker.d.ts +12 -2
- package/dist/engine/docker.d.ts.map +1 -1
- package/dist/engine/image-builder.d.ts +10 -22
- package/dist/engine/image-builder.d.ts.map +1 -1
- package/dist/engine/managers/execution-manager.d.ts +2 -0
- package/dist/engine/managers/execution-manager.d.ts.map +1 -1
- package/dist/engine/utils.d.ts +21 -1
- package/dist/engine/utils.d.ts.map +1 -1
- package/dist/index.d.ts +4 -4
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +319 -133
- package/dist/index.js.map +12 -11
- package/dist/runtime/adapter.d.ts +20 -0
- package/dist/runtime/adapter.d.ts.map +1 -1
- package/dist/runtime/adapters/agent.d.ts +19 -0
- package/dist/runtime/adapters/agent.d.ts.map +1 -0
- package/dist/runtime/index.d.ts +3 -2
- package/dist/runtime/index.d.ts.map +1 -1
- package/dist/types.d.ts +55 -27
- package/dist/types.d.ts.map +1 -1
- package/docker/Dockerfile +14 -2
- package/package.json +1 -1
- package/schema/isol8.config.schema.json +39 -46
|
@@ -5,6 +5,16 @@
|
|
|
5
5
|
* for looking up runtime adapters by name or file extension.
|
|
6
6
|
*/
|
|
7
7
|
import type { Runtime } from "../types";
|
|
8
|
+
/**
|
|
9
|
+
* Options passed to {@link RuntimeAdapter.getCommandWithOptions} for runtimes
|
|
10
|
+
* that need additional context beyond the source code.
|
|
11
|
+
*/
|
|
12
|
+
export interface RuntimeCommandOptions {
|
|
13
|
+
/** Path to the code file inside the container, if written to disk. */
|
|
14
|
+
filePath?: string;
|
|
15
|
+
/** Extra CLI flags for the agent runtime (e.g. `"--model anthropic/claude-sonnet-4"`). */
|
|
16
|
+
agentFlags?: string;
|
|
17
|
+
}
|
|
8
18
|
/**
|
|
9
19
|
* A runtime adapter provides the container image and command construction
|
|
10
20
|
* for a specific language runtime (Python, Node, Bun, Deno).
|
|
@@ -25,6 +35,16 @@ export interface RuntimeAdapter {
|
|
|
25
35
|
* @returns Command array (e.g. `["python3", "-c", "print(1)"]`).
|
|
26
36
|
*/
|
|
27
37
|
getCommand(code: string, filePath?: string): string[];
|
|
38
|
+
/**
|
|
39
|
+
* Build the shell command with extended options.
|
|
40
|
+
* When implemented, the engine calls this instead of {@link getCommand}.
|
|
41
|
+
* Used by runtimes that need additional context (e.g. agent flags).
|
|
42
|
+
*
|
|
43
|
+
* @param code - The source code or prompt string.
|
|
44
|
+
* @param options - Extended command options.
|
|
45
|
+
* @returns Command array.
|
|
46
|
+
*/
|
|
47
|
+
getCommandWithOptions?(code: string, options: RuntimeCommandOptions): string[];
|
|
28
48
|
/** Default file extension for this runtime (e.g. `".py"`). */
|
|
29
49
|
getFileExtension(): string;
|
|
30
50
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"adapter.d.ts","sourceRoot":"","sources":["../../src/runtime/adapter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AAExC;;;;;;GAMG;AACH,MAAM,WAAW,cAAc;IAC7B,sDAAsD;IACtD,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IAEvB,iEAAiE;IACjE,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IAEvB;;;;;;OAMG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAEtD,8DAA8D;IAC9D,gBAAgB,IAAI,MAAM,CAAC;CAC5B;AAMD;;;;;GAKG;AACH,eAAO,MAAM,eAAe;IAC1B;;;;;;OAMG;sBACe,cAAc,YAAW,MAAM,EAAE,GAAQ,IAAI;IAQ/D;;;;;OAKG;cACO,MAAM,GAAG,cAAc;IAQjC;;;;;OAKG;qBACc,MAAM,GAAG,cAAc;IAWxC,+CAA+C;YACvC,cAAc,EAAE;CAGzB,CAAC"}
|
|
1
|
+
{"version":3,"file":"adapter.d.ts","sourceRoot":"","sources":["../../src/runtime/adapter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AAExC;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,sEAAsE;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0FAA0F;IAC1F,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,cAAc;IAC7B,sDAAsD;IACtD,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IAEvB,iEAAiE;IACjE,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IAEvB;;;;;;OAMG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAEtD;;;;;;;;OAQG;IACH,qBAAqB,CAAC,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,qBAAqB,GAAG,MAAM,EAAE,CAAC;IAE/E,8DAA8D;IAC9D,gBAAgB,IAAI,MAAM,CAAC;CAC5B;AAMD;;;;;GAKG;AACH,eAAO,MAAM,eAAe;IAC1B;;;;;;OAMG;sBACe,cAAc,YAAW,MAAM,EAAE,GAAQ,IAAI;IAQ/D;;;;;OAKG;cACO,MAAM,GAAG,cAAc;IAQjC;;;;;OAKG;qBACc,MAAM,GAAG,cAAc;IAWxC,+CAA+C;YACvC,cAAc,EAAE;CAGzB,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @module runtime/adapters/agent
|
|
3
|
+
*
|
|
4
|
+
* Runtime adapter for the AI coding agent (pi from @mariozechner/pi-coding-agent).
|
|
5
|
+
* Runs pi in non-interactive print mode inside a sandboxed container with bun + git.
|
|
6
|
+
*/
|
|
7
|
+
import type { RuntimeAdapter } from "../adapter";
|
|
8
|
+
/**
|
|
9
|
+
* Agent runtime adapter.
|
|
10
|
+
*
|
|
11
|
+
* Uses the `pi` CLI (`@mariozechner/pi-coding-agent`) to run an AI coding agent
|
|
12
|
+
* inside the container. The `code` field is treated as the prompt text.
|
|
13
|
+
*
|
|
14
|
+
* Always runs in non-interactive mode (`--no-session -p <prompt>`).
|
|
15
|
+
* Extra flags (e.g. `--model`, `--thinking`) are passed via `agentFlags`.
|
|
16
|
+
* A fixed system prompt is appended to every invocation via `--append-system-prompt`.
|
|
17
|
+
*/
|
|
18
|
+
export declare const AgentAdapter: RuntimeAdapter;
|
|
19
|
+
//# sourceMappingURL=agent.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../../../src/runtime/adapters/agent.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAyB,MAAM,YAAY,CAAC;AAsBxE;;;;;;;;;GASG;AACH,eAAO,MAAM,YAAY,EAAE,cAyB1B,CAAC"}
|
package/dist/runtime/index.d.ts
CHANGED
|
@@ -3,10 +3,11 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Barrel module that registers all built-in runtime adapters and re-exports
|
|
5
5
|
* the public API. Importing this module has the side effect of populating
|
|
6
|
-
* the {@link RuntimeRegistry} with Python, Node, Bun, and
|
|
6
|
+
* the {@link RuntimeRegistry} with Python, Node, Bun, Deno, Bash, and Agent adapters.
|
|
7
7
|
*/
|
|
8
|
-
export type { RuntimeAdapter } from "./adapter";
|
|
8
|
+
export type { RuntimeAdapter, RuntimeCommandOptions } from "./adapter";
|
|
9
9
|
export { RuntimeRegistry } from "./adapter";
|
|
10
|
+
export { AgentAdapter } from "./adapters/agent";
|
|
10
11
|
export { bashAdapter } from "./adapters/bash";
|
|
11
12
|
export { BunAdapter } from "./adapters/bun";
|
|
12
13
|
export { DenoAdapter } from "./adapters/deno";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAkBH,YAAY,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -12,8 +12,9 @@
|
|
|
12
12
|
* - `"bun"` — Bun runtime
|
|
13
13
|
* - `"deno"` — Deno runtime
|
|
14
14
|
* - `"bash"` — Bash shell
|
|
15
|
+
* - `"agent"` — AI coding agent (pi) running inside a sandboxed container
|
|
15
16
|
*/
|
|
16
|
-
export type Runtime = "python" | "node" | "bun" | "deno" | "bash";
|
|
17
|
+
export type Runtime = "python" | "node" | "bun" | "deno" | "bash" | "agent";
|
|
17
18
|
/**
|
|
18
19
|
* Network access mode for isol8 containers.
|
|
19
20
|
*
|
|
@@ -86,6 +87,26 @@ export interface ExecutionRequest {
|
|
|
86
87
|
* Passed through to audit logs when audit logging is enabled.
|
|
87
88
|
*/
|
|
88
89
|
metadata?: Record<string, string>;
|
|
90
|
+
/**
|
|
91
|
+
* Inline shell script executed before the main code execution.
|
|
92
|
+
* Runs as the `sandbox` user with working directory `/sandbox`.
|
|
93
|
+
* Useful for cloning repos, creating files, configuring tools, etc.
|
|
94
|
+
*/
|
|
95
|
+
setupScript?: string;
|
|
96
|
+
/**
|
|
97
|
+
* Working directory for the main code execution.
|
|
98
|
+
* Accepts an absolute path under `/sandbox` or a relative path resolved from `/sandbox`.
|
|
99
|
+
* Must resolve to a path inside `/sandbox` — paths that escape are rejected.
|
|
100
|
+
* @default "/sandbox"
|
|
101
|
+
*/
|
|
102
|
+
workdir?: string;
|
|
103
|
+
/**
|
|
104
|
+
* Extra CLI flags passed to the AI coding agent (pi).
|
|
105
|
+
* Only used when `runtime` is `"agent"`.
|
|
106
|
+
* These flags are prepended before the `-p` prompt flag in the command.
|
|
107
|
+
* @example "--model anthropic/claude-sonnet-4 --thinking"
|
|
108
|
+
*/
|
|
109
|
+
agentFlags?: string;
|
|
89
110
|
}
|
|
90
111
|
/**
|
|
91
112
|
* The result of a code execution.
|
|
@@ -318,12 +339,6 @@ export interface Isol8Options {
|
|
|
318
339
|
clean: number;
|
|
319
340
|
dirty: number;
|
|
320
341
|
};
|
|
321
|
-
/**
|
|
322
|
-
* Runtime-specific dependencies used to resolve hashed custom image tags.
|
|
323
|
-
* When provided, isol8 will prefer `isol8:<runtime>-custom-<hash>` images
|
|
324
|
-
* derived from these dependency sets.
|
|
325
|
-
*/
|
|
326
|
-
dependencies?: Isol8Dependencies;
|
|
327
342
|
}
|
|
328
343
|
/**
|
|
329
344
|
* Startup options for {@link Isol8Engine.start}.
|
|
@@ -435,22 +450,6 @@ export interface Isol8Cleanup {
|
|
|
435
450
|
/** Maximum idle time (ms) before pruning. One hour = 3600000. @default 3600000 */
|
|
436
451
|
maxContainerAgeMs: number;
|
|
437
452
|
}
|
|
438
|
-
/**
|
|
439
|
-
* Runtime-specific packages to bake into custom Docker images.
|
|
440
|
-
* Populated via `isol8.config.json` or CLI flags on `isol8 setup`.
|
|
441
|
-
*/
|
|
442
|
-
export interface Isol8Dependencies {
|
|
443
|
-
/** Python packages to install via pip. */
|
|
444
|
-
python?: string[];
|
|
445
|
-
/** Node.js packages to install globally via npm. */
|
|
446
|
-
node?: string[];
|
|
447
|
-
/** Bun packages to install globally. */
|
|
448
|
-
bun?: string[];
|
|
449
|
-
/** Deno module URLs to pre-cache. */
|
|
450
|
-
deno?: string[];
|
|
451
|
-
/** Bash packages to install via apk (Alpine). */
|
|
452
|
-
bash?: string[];
|
|
453
|
-
}
|
|
454
453
|
/**
|
|
455
454
|
* Security configuration for the execution environment.
|
|
456
455
|
*/
|
|
@@ -529,8 +528,6 @@ export interface Isol8Config {
|
|
|
529
528
|
clean: number;
|
|
530
529
|
dirty: number;
|
|
531
530
|
};
|
|
532
|
-
/** Runtime-specific packages to bake into custom Docker images. */
|
|
533
|
-
dependencies: Isol8Dependencies;
|
|
534
531
|
/** Security settings. */
|
|
535
532
|
security: SecurityConfig;
|
|
536
533
|
/** Remote code fetching policy. */
|
|
@@ -541,6 +538,33 @@ export interface Isol8Config {
|
|
|
541
538
|
auth: AuthConfig;
|
|
542
539
|
/** Enable debug logging. @default false */
|
|
543
540
|
debug: boolean;
|
|
541
|
+
/**
|
|
542
|
+
* Prebuilt custom images ensuring that environments are built and ready.
|
|
543
|
+
* Both `isol8 setup` and `isol8 serve` will build any missing images
|
|
544
|
+
* automatically. Images that already exist locally are skipped unless
|
|
545
|
+
* `--force` is passed.
|
|
546
|
+
*/
|
|
547
|
+
prebuiltImages: PrebuiltImageConfig[];
|
|
548
|
+
}
|
|
549
|
+
/**
|
|
550
|
+
* Configuration for a prebuilt custom image that `isol8 setup` and
|
|
551
|
+
* `isol8 serve` ensure exists locally before accepting work.
|
|
552
|
+
*/
|
|
553
|
+
export interface PrebuiltImageConfig {
|
|
554
|
+
/** The full docker tag of the custom image to build (e.g. `my-custom-python:latest`). */
|
|
555
|
+
tag: string;
|
|
556
|
+
/** The base runtime to extend (e.g. `python`, `node`). */
|
|
557
|
+
runtime: Runtime;
|
|
558
|
+
/** The runtime packages to install into the custom image (e.g. `["numpy", "pandas"]`). */
|
|
559
|
+
installPackages: string[];
|
|
560
|
+
/**
|
|
561
|
+
* Shell script baked into the image that runs automatically before every
|
|
562
|
+
* execution. Runs as `sandbox` user from `/sandbox` after package
|
|
563
|
+
* installation but before the main code. When an execution request also
|
|
564
|
+
* carries its own `setupScript`, the image-level script runs first followed
|
|
565
|
+
* by the request-level script.
|
|
566
|
+
*/
|
|
567
|
+
setupScript?: string;
|
|
544
568
|
}
|
|
545
569
|
/**
|
|
546
570
|
* User configuration file schema (partial/optional version of Isol8Config).
|
|
@@ -572,8 +596,6 @@ export interface Isol8UserConfig {
|
|
|
572
596
|
clean: number;
|
|
573
597
|
dirty: number;
|
|
574
598
|
};
|
|
575
|
-
/** Runtime-specific packages to bake into custom Docker images. */
|
|
576
|
-
dependencies?: Isol8Dependencies;
|
|
577
599
|
/** Security settings. */
|
|
578
600
|
security?: SecurityConfig;
|
|
579
601
|
/** Remote code fetching policy. (Partial override allowed). */
|
|
@@ -582,5 +604,11 @@ export interface Isol8UserConfig {
|
|
|
582
604
|
audit?: Partial<AuditConfig>;
|
|
583
605
|
/** Database-backed API key authentication configuration. */
|
|
584
606
|
auth?: Partial<AuthConfig>;
|
|
607
|
+
/**
|
|
608
|
+
* Prebuilt custom images to build automatically during `isol8 setup` and
|
|
609
|
+
* `isol8 serve` startup. Images that already exist locally are skipped
|
|
610
|
+
* unless `--force` is passed.
|
|
611
|
+
*/
|
|
612
|
+
prebuiltImages?: PrebuiltImageConfig[];
|
|
585
613
|
}
|
|
586
614
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;;;GASG;AACH,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAE5E;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,8DAA8D;IAC9D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAE/B,sEAAsE;IACtE,OAAO,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IAExC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAE3B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAElC;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;IAEf,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IAEf,gDAAgD;IAChD,QAAQ,EAAE,MAAM,CAAC;IAEjB,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IAEnB,0FAA0F;IAC1F,SAAS,EAAE,OAAO,CAAC;IAEnB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IAEjB,oDAAoD;IACpD,SAAS,EAAE,MAAM,CAAC;IAElB,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B;;;OAGG;IACH,aAAa,CAAC,EAAE;QACd,kDAAkD;QAClD,UAAU,EAAE,MAAM,CAAC;QACnB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,CAAC;QACjB,kDAAkD;QAClD,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sCAAsC;QACtC,cAAc,EAAE,MAAM,CAAC;QACvB,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IAEF;;;OAGG;IACH,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;CACjC;AAED;;;;GAIG;AACH,MAAM,WAAW,WAAW;IAC1B,wDAAwD;IACxD,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C,0FAA0F;IAC1F,IAAI,EAAE,MAAM,CAAC;CACd;AAID;;;;;;GAMG;AACH,MAAM,MAAM,eAAe,GACvB;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,gBAAgB,CAAC;IAAC,OAAO,CAAC,EAAE,YAAY,CAAA;CAAE,GACtE;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAC/B;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,QAAQ,GAAG,SAAS,CAAA;CAAE,CAAC;AAErD;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG,WAAW,CAAC;AAE1C;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uDAAuD;IACvD,SAAS,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,wEAAwE;IACxE,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC;IAC1B,wDAAwD;IACxD,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE;QACd,kDAAkD;QAClD,UAAU,EAAE,MAAM,CAAC;QACnB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,CAAC;QACjB,kDAAkD;QAClD,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sCAAsC;QACtC,cAAc,EAAE,MAAM,CAAC;QACvB,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,cAAc,CAAC,EAAE,aAAa,EAAE,CAAC;IACjC,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;IAEhC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAID;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,8BAA8B;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,4DAA4D;IAC5D,QAAQ,EAAE,OAAO,CAAC;IAClB,gEAAgE;IAChE,cAAc,EAAE,MAAM,CAAC;CACxB;AAID;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,GAAG,WAAW,GAAG,YAAY,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,2CAA2C;IAC3C,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB,yFAAyF;IACzF,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC,mFAAmF;IACnF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,4EAA4E;IAC5E,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,4DAA4D;IAC5D,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,6EAA6E;IAC7E,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,iEAAiE;IACjE,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,wIAAwI;IACxI,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,+EAA+E;IAC/E,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB,yBAAyB;IACzB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B,mCAAmC;IACnC,KAAK,CAAC,EAAE,WAAW,CAAC;IAEpB,mCAAmC;IACnC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAE9B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,QAAQ,GAAG,MAAM,CAAC;IAEjC;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CACtD;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;;;OAMG;IACH,OAAO,CAAC,EAAE,OAAO,GAAG;QAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,CAAA;KAAE,CAAC;CAC9C;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,gEAAgE;IAChE,KAAK,CAAC,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7C,kEAAkE;IAClE,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtB,0CAA0C;IAC1C,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAEzD;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/D;;;;;;OAMG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvC;;;;;OAKG;IACH,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;CAClE;AAID;;;;;;;;GAQG;AACH,MAAM,WAAW,mBAAmB;IAClC,2FAA2F;IAC3F,SAAS,EAAE,MAAM,EAAE,CAAC;IAEpB,mGAAmG;IACnG,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAC/B,uDAAuD;IACvD,OAAO,EAAE,OAAO,CAAC;IACjB,8CAA8C;IAC9C,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,qFAAqF;IACrF,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,uCAAuC;IACvC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,iEAAiE;IACjE,WAAW,EAAE,MAAM,CAAC;IACpB,oDAAoD;IACpD,cAAc,EAAE,MAAM,CAAC;IACvB,kFAAkF;IAClF,WAAW,EAAE,OAAO,CAAC;IACrB,yDAAyD;IACzD,WAAW,EAAE,OAAO,CAAC;IACrB,yDAAyD;IACzD,QAAQ,EAAE,MAAM,CAAC;CAClB;AAID,oDAAoD;AACpD,MAAM,WAAW,aAAa;IAC5B,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;IAClB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,OAAO,EAAE,WAAW,CAAC;IACrB,kEAAkE;IAClE,WAAW,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAC;IAChB,qEAAqE;IACrE,cAAc,EAAE,OAAO,CAAC;CACzB;AAED,yDAAyD;AACzD,MAAM,WAAW,YAAY;IAC3B,oEAAoE;IACpE,SAAS,EAAE,OAAO,CAAC;IACnB,kFAAkF;IAClF,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,OAAO,CAAC,EAAE,QAAQ,GAAG,YAAY,GAAG,QAAQ,CAAC;IAC7C,mFAAmF;IACnF,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,gEAAgE;AAChE,MAAM,WAAW,UAAU;IACzB,sFAAsF;IACtF,OAAO,EAAE,OAAO,CAAC;IACjB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,YAAY,EAAE,MAAM,CAAC;IACrB,oFAAoF;IACpF,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,uCAAuC;AACvC,MAAM,WAAW,WAAW;IAC1B,2CAA2C;IAC3C,OAAO,EAAE,OAAO,CAAC;IACjB,4EAA4E;IAC5E,WAAW,EAAE,YAAY,GAAG,QAAQ,GAAG,MAAM,CAAC;IAC9C,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,6FAA6F;IAC7F,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gEAAgE;IAChE,cAAc,EAAE,OAAO,CAAC;IACxB,0DAA0D;IAC1D,aAAa,EAAE,MAAM,CAAC;IACtB,sEAAsE;IACtE,WAAW,EAAE,OAAO,CAAC;IACrB,6EAA6E;IAC7E,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,WAAW;IAC1B,0EAA0E;IAC1E,aAAa,EAAE,MAAM,CAAC;IAEtB,sDAAsD;IACtD,QAAQ,EAAE,aAAa,CAAC;IAExB,4DAA4D;IAC5D,OAAO,EAAE,mBAAmB,CAAC;IAE7B,gDAAgD;IAChD,OAAO,EAAE,YAAY,CAAC;IAEtB;;;OAGG;IACH,YAAY,EAAE,QAAQ,GAAG,MAAM,CAAC;IAEhC;;;OAGG;IACH,QAAQ,EAAE,MAAM,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAEpD,yBAAyB;IACzB,QAAQ,EAAE,cAAc,CAAC;IAEzB,mCAAmC;IACnC,UAAU,EAAE,gBAAgB,CAAC;IAE7B,mCAAmC;IACnC,KAAK,EAAE,WAAW,CAAC;IAEnB,4DAA4D;IAC5D,IAAI,EAAE,UAAU,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,EAAE,OAAO,CAAC;IAEf;;;;;OAKG;IACH,cAAc,EAAE,mBAAmB,EAAE,CAAC;CACvC;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,yFAAyF;IACzF,GAAG,EAAE,MAAM,CAAC;IACZ,0DAA0D;IAC1D,OAAO,EAAE,OAAO,CAAC;IACjB,0FAA0F;IAC1F,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,wDAAwD;IACxD,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,0EAA0E;IAC1E,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,kFAAkF;IAClF,QAAQ,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAElC,4DAA4D;IAC5D,OAAO,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEvC,4EAA4E;IAC5E,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAEhC;;;OAGG;IACH,YAAY,CAAC,EAAE,QAAQ,GAAG,MAAM,CAAC;IAEjC;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAErD,yBAAyB;IACzB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B,+DAA+D;IAC/D,UAAU,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAEvC,mCAAmC;IACnC,KAAK,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAE7B,4DAA4D;IAC5D,IAAI,CAAC,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IAE3B;;;;OAIG;IACH,cAAc,CAAC,EAAE,mBAAmB,EAAE,CAAC;CACxC"}
|
package/docker/Dockerfile
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# ── Base ──────────────────────────────────────────────────────────────
|
|
2
2
|
FROM alpine:3.21 AS base
|
|
3
|
-
RUN apk add --no-cache tini curl ca-certificates iptables bash \
|
|
3
|
+
RUN apk add --no-cache tini curl ca-certificates iptables bash git \
|
|
4
4
|
&& addgroup -S sandbox && adduser -S sandbox -G sandbox -h /sandbox
|
|
5
5
|
COPY proxy.sh /usr/local/bin/proxy.sh
|
|
6
6
|
COPY proxy-handler.sh /usr/local/bin/proxy-handler.sh
|
|
@@ -28,7 +28,7 @@ CMD ["bun"]
|
|
|
28
28
|
|
|
29
29
|
# ── Deno ──────────────────────────────────────────────────────────────
|
|
30
30
|
FROM denoland/deno:alpine AS deno
|
|
31
|
-
RUN apk add --no-cache tini curl ca-certificates iptables bash \
|
|
31
|
+
RUN apk add --no-cache tini curl ca-certificates iptables bash git \
|
|
32
32
|
&& addgroup -S sandbox && adduser -S sandbox -G sandbox -h /sandbox
|
|
33
33
|
COPY proxy.sh /usr/local/bin/proxy.sh
|
|
34
34
|
COPY proxy-handler.sh /usr/local/bin/proxy-handler.sh
|
|
@@ -40,3 +40,15 @@ CMD ["deno"]
|
|
|
40
40
|
# ── Bash ──────────────────────────────────────────────────────────────
|
|
41
41
|
FROM base AS bash
|
|
42
42
|
CMD ["bash"]
|
|
43
|
+
|
|
44
|
+
# ── Agent ─────────────────────────────────────────────────────────────
|
|
45
|
+
FROM base AS agent
|
|
46
|
+
RUN apk add --no-cache unzip libstdc++ libgcc \
|
|
47
|
+
&& curl -fsSL https://bun.sh/install | bash \
|
|
48
|
+
&& mv /root/.bun/bin/bun /usr/local/bin/bun \
|
|
49
|
+
&& ln -s /usr/local/bin/bun /usr/local/bin/bunx \
|
|
50
|
+
&& bun install -g @mariozechner/pi-coding-agent \
|
|
51
|
+
&& cp -r /root/.bun/install /usr/local/share/bun-global \
|
|
52
|
+
&& printf '#!/bin/sh\nexec bun /usr/local/share/bun-global/global/node_modules/@mariozechner/pi-coding-agent/dist/cli.js "$@"\n' > /usr/local/bin/pi \
|
|
53
|
+
&& chmod +x /usr/local/bin/pi
|
|
54
|
+
CMD ["bash"]
|
package/package.json
CHANGED
|
@@ -2,48 +2,6 @@
|
|
|
2
2
|
"$ref": "#/definitions/Isol8UserConfig",
|
|
3
3
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
4
4
|
"definitions": {
|
|
5
|
-
"Isol8Dependencies": {
|
|
6
|
-
"additionalProperties": false,
|
|
7
|
-
"description": "Runtime-specific packages to bake into custom Docker images. Populated via `isol8.config.json` or CLI flags on `isol8 setup`.",
|
|
8
|
-
"properties": {
|
|
9
|
-
"bash": {
|
|
10
|
-
"description": "Bash packages to install via apk (Alpine).",
|
|
11
|
-
"items": {
|
|
12
|
-
"type": "string"
|
|
13
|
-
},
|
|
14
|
-
"type": "array"
|
|
15
|
-
},
|
|
16
|
-
"bun": {
|
|
17
|
-
"description": "Bun packages to install globally.",
|
|
18
|
-
"items": {
|
|
19
|
-
"type": "string"
|
|
20
|
-
},
|
|
21
|
-
"type": "array"
|
|
22
|
-
},
|
|
23
|
-
"deno": {
|
|
24
|
-
"description": "Deno module URLs to pre-cache.",
|
|
25
|
-
"items": {
|
|
26
|
-
"type": "string"
|
|
27
|
-
},
|
|
28
|
-
"type": "array"
|
|
29
|
-
},
|
|
30
|
-
"node": {
|
|
31
|
-
"description": "Node.js packages to install globally via npm.",
|
|
32
|
-
"items": {
|
|
33
|
-
"type": "string"
|
|
34
|
-
},
|
|
35
|
-
"type": "array"
|
|
36
|
-
},
|
|
37
|
-
"python": {
|
|
38
|
-
"description": "Python packages to install via pip.",
|
|
39
|
-
"items": {
|
|
40
|
-
"type": "string"
|
|
41
|
-
},
|
|
42
|
-
"type": "array"
|
|
43
|
-
}
|
|
44
|
-
},
|
|
45
|
-
"type": "object"
|
|
46
|
-
},
|
|
47
5
|
"Isol8UserConfig": {
|
|
48
6
|
"additionalProperties": false,
|
|
49
7
|
"description": "User configuration file schema (partial/optional version of Isol8Config). Used for generating the JSON Schema.",
|
|
@@ -189,10 +147,6 @@
|
|
|
189
147
|
},
|
|
190
148
|
"type": "object"
|
|
191
149
|
},
|
|
192
|
-
"dependencies": {
|
|
193
|
-
"$ref": "#/definitions/Isol8Dependencies",
|
|
194
|
-
"description": "Runtime-specific packages to bake into custom Docker images."
|
|
195
|
-
},
|
|
196
150
|
"maxConcurrent": {
|
|
197
151
|
"default": 10,
|
|
198
152
|
"description": "Maximum number of containers that can run concurrently.",
|
|
@@ -250,6 +204,13 @@
|
|
|
250
204
|
"enum": ["secure", "fast"],
|
|
251
205
|
"type": "string"
|
|
252
206
|
},
|
|
207
|
+
"prebuiltImages": {
|
|
208
|
+
"description": "Prebuilt custom images to build automatically during `isol8 setup` and `isol8 serve` startup. Images that already exist locally are skipped unless `--force` is passed.",
|
|
209
|
+
"items": {
|
|
210
|
+
"$ref": "#/definitions/PrebuiltImageConfig"
|
|
211
|
+
},
|
|
212
|
+
"type": "array"
|
|
213
|
+
},
|
|
253
214
|
"remoteCode": {
|
|
254
215
|
"additionalProperties": false,
|
|
255
216
|
"description": "Remote code fetching policy. (Partial override allowed).",
|
|
@@ -321,6 +282,38 @@
|
|
|
321
282
|
"enum": ["none", "host", "filtered"],
|
|
322
283
|
"type": "string"
|
|
323
284
|
},
|
|
285
|
+
"PrebuiltImageConfig": {
|
|
286
|
+
"additionalProperties": false,
|
|
287
|
+
"description": "Configuration for a prebuilt custom image that `isol8 setup` and `isol8 serve` ensure exists locally before accepting work.",
|
|
288
|
+
"properties": {
|
|
289
|
+
"installPackages": {
|
|
290
|
+
"description": "The runtime packages to install into the custom image (e.g. `[\"numpy\", \"pandas\"]`).",
|
|
291
|
+
"items": {
|
|
292
|
+
"type": "string"
|
|
293
|
+
},
|
|
294
|
+
"type": "array"
|
|
295
|
+
},
|
|
296
|
+
"runtime": {
|
|
297
|
+
"$ref": "#/definitions/Runtime",
|
|
298
|
+
"description": "The base runtime to extend (e.g. `python`, `node`)."
|
|
299
|
+
},
|
|
300
|
+
"setupScript": {
|
|
301
|
+
"description": "Shell script baked into the image that runs automatically before every execution. Runs as `sandbox` user from `/sandbox` after package installation but before the main code. When an execution request also carries its own `setupScript`, the image-level script runs first followed by the request-level script.",
|
|
302
|
+
"type": "string"
|
|
303
|
+
},
|
|
304
|
+
"tag": {
|
|
305
|
+
"description": "The full docker tag of the custom image to build (e.g. `my-custom-python:latest`).",
|
|
306
|
+
"type": "string"
|
|
307
|
+
}
|
|
308
|
+
},
|
|
309
|
+
"required": ["tag", "runtime", "installPackages"],
|
|
310
|
+
"type": "object"
|
|
311
|
+
},
|
|
312
|
+
"Runtime": {
|
|
313
|
+
"description": "Supported code execution runtimes.\n\n- `\"python\"` — CPython 3.x\n- `\"node\"` — Node.js LTS\n- `\"bun\"` — Bun runtime\n- `\"deno\"` — Deno runtime\n- `\"bash\"` — Bash shell\n- `\"agent\"` — AI coding agent (pi) running inside a sandboxed container",
|
|
314
|
+
"enum": ["python", "node", "bun", "deno", "bash", "agent"],
|
|
315
|
+
"type": "string"
|
|
316
|
+
},
|
|
324
317
|
"SecurityConfig": {
|
|
325
318
|
"additionalProperties": false,
|
|
326
319
|
"description": "Security configuration for the execution environment.",
|