@isol8/core 0.18.0 → 0.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/docker/Dockerfile +12 -0
- package/dist/engine/docker.d.ts +11 -0
- package/dist/engine/docker.d.ts.map +1 -1
- package/dist/engine/managers/execution-manager.d.ts.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +71 -11
- package/dist/index.js.map +10 -9
- package/dist/runtime/adapter.d.ts +20 -0
- package/dist/runtime/adapter.d.ts.map +1 -1
- package/dist/runtime/adapters/agent.d.ts +19 -0
- package/dist/runtime/adapters/agent.d.ts.map +1 -0
- package/dist/runtime/index.d.ts +3 -2
- package/dist/runtime/index.d.ts.map +1 -1
- package/dist/types.d.ts +21 -6
- package/dist/types.d.ts.map +1 -1
- package/docker/Dockerfile +12 -0
- package/package.json +1 -1
- package/schema/isol8.config.schema.json +39 -0
package/dist/docker/Dockerfile
CHANGED
|
@@ -40,3 +40,15 @@ CMD ["deno"]
|
|
|
40
40
|
# ── Bash ──────────────────────────────────────────────────────────────
|
|
41
41
|
FROM base AS bash
|
|
42
42
|
CMD ["bash"]
|
|
43
|
+
|
|
44
|
+
# ── Agent ─────────────────────────────────────────────────────────────
|
|
45
|
+
FROM base AS agent
|
|
46
|
+
RUN apk add --no-cache unzip libstdc++ libgcc \
|
|
47
|
+
&& curl -fsSL https://bun.sh/install | bash \
|
|
48
|
+
&& mv /root/.bun/bin/bun /usr/local/bin/bun \
|
|
49
|
+
&& ln -s /usr/local/bin/bun /usr/local/bin/bunx \
|
|
50
|
+
&& bun install -g @mariozechner/pi-coding-agent \
|
|
51
|
+
&& cp -r /root/.bun/install /usr/local/share/bun-global \
|
|
52
|
+
&& printf '#!/bin/sh\nexec bun /usr/local/share/bun-global/global/node_modules/@mariozechner/pi-coding-agent/dist/cli.js "$@"\n' > /usr/local/bin/pi \
|
|
53
|
+
&& chmod +x /usr/local/bin/pi
|
|
54
|
+
CMD ["bash"]
|
package/dist/engine/docker.d.ts
CHANGED
|
@@ -120,6 +120,17 @@ export declare class DockerIsol8 implements Isol8Engine {
|
|
|
120
120
|
private retrieveFiles;
|
|
121
121
|
private startPersistentContainer;
|
|
122
122
|
private getAdapter;
|
|
123
|
+
/**
|
|
124
|
+
* Validate agent runtime requirements. The agent runtime requires
|
|
125
|
+
* filtered network mode with at least one whitelist entry so that
|
|
126
|
+
* the AI coding agent can reach its LLM provider API.
|
|
127
|
+
*/
|
|
128
|
+
private validateAgentRuntime;
|
|
129
|
+
/**
|
|
130
|
+
* Build the execution command from the adapter. Prefers `getCommandWithOptions`
|
|
131
|
+
* when the adapter implements it, otherwise falls back to `getCommand`.
|
|
132
|
+
*/
|
|
133
|
+
private buildAdapterCommand;
|
|
123
134
|
private buildHostConfig;
|
|
124
135
|
private buildSecurityOpts;
|
|
125
136
|
private loadDefaultSeccompProfile;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../src/engine/docker.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,MAAM,MAAM,WAAW,CAAC;AAG/B,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,WAAW,EAEX,YAAY,EAKZ,YAAY,EACZ,WAAW,EACZ,MAAM,aAAa,CAAC;AAcrB,2HAA2H;AAC3H,MAAM,WAAW,kBAAmB,SAAQ,YAAY;IACtD,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAsB;IACrD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAU;IACrC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAoB;IACjD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA4C;IACrE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmB;IAEpD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAChD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmB;IACpD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgB;IAE9C,OAAO,CAAC,SAAS,CAAiC;IAClD,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,IAAI,CAA8B;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA6B;YAE1C,uBAAuB;IA6BrC;;;OAGG;gBACS,OAAO,GAAE,kBAAuB,EAAE,aAAa,SAAK;IA2DhE;;;;;OAKG;IACG,KAAK,CAAC,OAAO,GAAE,YAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAuCtD,kFAAkF;IAC5E,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB3B;;;OAGG;IACG,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../src/engine/docker.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,MAAM,MAAM,WAAW,CAAC;AAG/B,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,WAAW,EAEX,YAAY,EAKZ,YAAY,EACZ,WAAW,EACZ,MAAM,aAAa,CAAC;AAcrB,2HAA2H;AAC3H,MAAM,WAAW,kBAAmB,SAAQ,YAAY;IACtD,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAsB;IACrD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAU;IACrC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAoB;IACjD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA4C;IACrE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmB;IAEpD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAChD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmB;IACpD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgB;IAE9C,OAAO,CAAC,SAAS,CAAiC;IAClD,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,IAAI,CAA8B;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA6B;YAE1C,uBAAuB;IA6BrC;;;OAGG;gBACS,OAAO,GAAE,kBAAuB,EAAE,aAAa,SAAK;IA2DhE;;;;;OAKG;IACG,KAAK,CAAC,OAAO,GAAE,YAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAuCtD,kFAAkF;IAC5E,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB3B;;;OAGG;IACG,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAiB9D;;OAEG;YACW,WAAW;IAoDzB;;OAEG;YACW,qBAAqB;IA8CnC;;OAEG;YACW,kBAAkB;IA+DhC;;;;;;;OAOG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOpE;;;;;;OAMG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAQ5C,6GAA6G;IAC7G,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED;;;OAGG;IACI,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC;YA8HzD,YAAY;IAuH1B,OAAO,CAAC,UAAU;YA2BJ,gBAAgB;YAmMhB,iBAAiB;YAqKjB,aAAa;YAOb,wBAAwB;IAsCtC,OAAO,CAAC,UAAU;IAIlB;;;;OAIG;IACH,OAAO,CAAC,oBAAoB;IAuB5B;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAc3B,OAAO,CAAC,eAAe;IA2BvB,OAAO,CAAC,iBAAiB;IA+BzB,OAAO,CAAC,yBAAyB;IA6BjC;;;;;;;;;;;;;;;;;;;;OAoBG;WACU,OAAO,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAC7C,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,EAAE,CAAC;KAClB,CAAC;IA0BF;;;;;OAKG;WACU,aAAa,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QACnD,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,EAAE,CAAC;KAClB,CAAC;CA2BH"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"execution-manager.d.ts","sourceRoot":"","sources":["../../../src/engine/managers/execution-manager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,EAAE,mBAAmB,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG7E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;gBAE3B,OAAO,EAAE,uBAAuB;IAK5C,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE;IAI5D,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE;
|
|
1
|
+
{"version":3,"file":"execution-manager.d.ts","sourceRoot":"","sources":["../../../src/engine/managers/execution-manager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,EAAE,mBAAmB,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG7E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;gBAE3B,OAAO,EAAE,uBAAuB;IAK5C,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE;IAI5D,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE;IA+B3D,eAAe,CACnB,SAAS,EAAE,MAAM,CAAC,SAAS,EAC3B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,MAAM,EAAE,EAClB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC;IA0EV,cAAc,CAClB,SAAS,EAAE,MAAM,CAAC,SAAS,EAC3B,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,aAAa,EAAE,aAAa,GAC3B,OAAO,CAAC,IAAI,CAAC;IAsET,gBAAgB,CACrB,MAAM,EAAE,MAAM,CAAC,cAAc,EAC7B,IAAI,EAAE,MAAM,CAAC,IAAI,EACjB,SAAS,EAAE,MAAM,CAAC,SAAS,EAC3B,SAAS,EAAE,MAAM,GAChB,cAAc,CAAC,WAAW,CAAC;IAuExB,iBAAiB,CACrB,MAAM,EAAE,MAAM,CAAC,cAAc,EAC7B,SAAS,EAAE,MAAM,CAAC,SAAS,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,OAAO,CAAA;KAAE,CAAC;IAwFlE,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,GAAG,MAAM;IAQ9D,QAAQ,CACN,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC9B,SAAS,CAAC,EAAE,MAAM,EAClB,WAAW,CAAC,EAAE,MAAM,EACpB,aAAa,CAAC,EAAE,mBAAmB,GAClC,MAAM,EAAE;CAmCZ"}
|
package/dist/index.d.ts
CHANGED
|
@@ -11,8 +11,8 @@ export { Semaphore } from "./engine/concurrency";
|
|
|
11
11
|
export type { DockerIsol8Options } from "./engine/docker";
|
|
12
12
|
export { DockerIsol8 } from "./engine/docker";
|
|
13
13
|
export { buildBaseImages, buildCustomImage, imageExists, LABELS, } from "./engine/image-builder";
|
|
14
|
-
export { BunAdapter, bashAdapter, DenoAdapter, NodeAdapter, PythonAdapter, RuntimeRegistry, } from "./runtime";
|
|
15
|
-
export type { RuntimeAdapter } from "./runtime/adapter";
|
|
14
|
+
export { AgentAdapter, BunAdapter, bashAdapter, DenoAdapter, NodeAdapter, PythonAdapter, RuntimeRegistry, } from "./runtime";
|
|
15
|
+
export type { RuntimeAdapter, RuntimeCommandOptions } from "./runtime/adapter";
|
|
16
16
|
export type { AuthConfig, ExecutionRequest, ExecutionResult, Isol8Config, Isol8Engine, Isol8Mode, Isol8Options, NetworkFilterConfig, NetworkMode, PrebuiltImageConfig, RemoteCodePolicy, Runtime, SessionInfo, StreamEvent, WsClientMessage, WsServerMessage, } from "./types";
|
|
17
17
|
export { logger } from "./utils/logger";
|
|
18
18
|
export { VERSION } from "./version";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,MAAM,GACP,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,UAAU,EACV,WAAW,EACX,WAAW,EACX,WAAW,EACX,aAAa,EACb,eAAe,GAChB,MAAM,WAAW,CAAC;AACnB,YAAY,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,MAAM,GACP,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,YAAY,EACZ,UAAU,EACV,WAAW,EACX,WAAW,EACX,WAAW,EACX,aAAa,EACb,eAAe,GAChB,MAAM,WAAW,CAAC;AACnB,YAAY,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAE/E,YAAY,EACV,UAAU,EACV,gBAAgB,EAChB,eAAe,EACf,WAAW,EACX,WAAW,EACX,SAAS,EACT,YAAY,EACZ,mBAAmB,EACnB,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,OAAO,EACP,WAAW,EACX,WAAW,EACX,eAAe,EACf,eAAe,GAChB,MAAM,SAAS,CAAC;AAEjB,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAExC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -48,6 +48,37 @@ var init_adapter = __esm(() => {
|
|
|
48
48
|
};
|
|
49
49
|
});
|
|
50
50
|
|
|
51
|
+
// src/runtime/adapters/agent.ts
|
|
52
|
+
function shellQuote(s) {
|
|
53
|
+
return `'${s.replace(/'/g, "'\\''")}'`;
|
|
54
|
+
}
|
|
55
|
+
var SANDBOX_SYSTEM_PROMPT, AgentAdapter;
|
|
56
|
+
var init_agent = __esm(() => {
|
|
57
|
+
SANDBOX_SYSTEM_PROMPT = "You are running inside an isol8 sandbox — a Docker container with strict " + "resource limits and controlled network access. isol8 exists to execute " + "untrusted code safely: outbound network is filtered to a whitelist, the " + "filesystem is ephemeral, and some system calls are restricted. Work within " + "these constraints: do not assume open internet access, do not rely on " + "persistent state across runs, and do not attempt to escape the sandbox.";
|
|
58
|
+
AgentAdapter = {
|
|
59
|
+
name: "agent",
|
|
60
|
+
image: "isol8:agent",
|
|
61
|
+
getCommand(code) {
|
|
62
|
+
return [
|
|
63
|
+
"bash",
|
|
64
|
+
"-c",
|
|
65
|
+
`pi --no-session --append-system-prompt ${shellQuote(SANDBOX_SYSTEM_PROMPT)} -p ${shellQuote(code)}`
|
|
66
|
+
];
|
|
67
|
+
},
|
|
68
|
+
getCommandWithOptions(code, options) {
|
|
69
|
+
const flags = options.agentFlags ? `${options.agentFlags} ` : "";
|
|
70
|
+
return [
|
|
71
|
+
"bash",
|
|
72
|
+
"-c",
|
|
73
|
+
`pi --no-session --append-system-prompt ${shellQuote(SANDBOX_SYSTEM_PROMPT)} ${flags}-p ${shellQuote(code)}`
|
|
74
|
+
];
|
|
75
|
+
},
|
|
76
|
+
getFileExtension() {
|
|
77
|
+
return ".txt";
|
|
78
|
+
}
|
|
79
|
+
};
|
|
80
|
+
});
|
|
81
|
+
|
|
51
82
|
// src/runtime/adapters/bash.ts
|
|
52
83
|
var bashAdapter;
|
|
53
84
|
var init_bash = __esm(() => {
|
|
@@ -149,12 +180,14 @@ var init_python = __esm(() => {
|
|
|
149
180
|
// src/runtime/index.ts
|
|
150
181
|
var init_runtime = __esm(() => {
|
|
151
182
|
init_adapter();
|
|
183
|
+
init_agent();
|
|
152
184
|
init_bash();
|
|
153
185
|
init_bun();
|
|
154
186
|
init_deno();
|
|
155
187
|
init_node();
|
|
156
188
|
init_python();
|
|
157
189
|
init_adapter();
|
|
190
|
+
init_agent();
|
|
158
191
|
init_bash();
|
|
159
192
|
init_bun();
|
|
160
193
|
init_deno();
|
|
@@ -165,6 +198,7 @@ var init_runtime = __esm(() => {
|
|
|
165
198
|
RuntimeRegistry.register(BunAdapter);
|
|
166
199
|
RuntimeRegistry.register(bashAdapter);
|
|
167
200
|
RuntimeRegistry.register(DenoAdapter);
|
|
201
|
+
RuntimeRegistry.register(AgentAdapter);
|
|
168
202
|
});
|
|
169
203
|
|
|
170
204
|
// src/utils/logger.ts
|
|
@@ -530,9 +564,9 @@ ${setupLines}
|
|
|
530
564
|
}
|
|
531
565
|
}, (event) => {
|
|
532
566
|
if (event.stream) {
|
|
533
|
-
|
|
567
|
+
onProgress?.({ runtime: String(runtime), status: "building", message: event.stream });
|
|
534
568
|
} else if (event.error) {
|
|
535
|
-
|
|
569
|
+
onProgress?.({ runtime: String(runtime), status: "error", message: event.error });
|
|
536
570
|
}
|
|
537
571
|
});
|
|
538
572
|
});
|
|
@@ -1384,6 +1418,8 @@ class ExecutionManager {
|
|
|
1384
1418
|
return ["npm", "install", "--prefix", "/sandbox", ...packages];
|
|
1385
1419
|
case "bun":
|
|
1386
1420
|
return ["bun", "install", "-g", "--global-dir=/sandbox/.bun-global", ...packages];
|
|
1421
|
+
case "agent":
|
|
1422
|
+
return ["bun", "install", "-g", "--global-dir=/sandbox/.bun-global", ...packages];
|
|
1387
1423
|
case "deno":
|
|
1388
1424
|
return ["sh", "-c", packages.map((p) => `deno cache ${p}`).join(" && ")];
|
|
1389
1425
|
case "bash":
|
|
@@ -1411,7 +1447,7 @@ class ExecutionManager {
|
|
|
1411
1447
|
env.push("npm_config_fetch_retry_mintimeout=1000");
|
|
1412
1448
|
env.push("NPM_CONFIG_FETCH_RETRY_MAXTIMEOUT=2000");
|
|
1413
1449
|
env.push("npm_config_fetch_retry_maxtimeout=2000");
|
|
1414
|
-
} else if (runtime === "bun") {
|
|
1450
|
+
} else if (runtime === "bun" || runtime === "agent") {
|
|
1415
1451
|
env.push("BUN_INSTALL_GLOBAL_DIR=/sandbox/.bun-global");
|
|
1416
1452
|
env.push("BUN_INSTALL_CACHE_DIR=/sandbox/.bun-cache");
|
|
1417
1453
|
env.push("BUN_INSTALL_BIN=/sandbox/.bun-global/bin");
|
|
@@ -2311,6 +2347,7 @@ class DockerIsol8 {
|
|
|
2311
2347
|
await this.semaphore.acquire();
|
|
2312
2348
|
const startTime = Date.now();
|
|
2313
2349
|
try {
|
|
2350
|
+
this.validateAgentRuntime(req);
|
|
2314
2351
|
const request = await this.resolveExecutionRequest(req);
|
|
2315
2352
|
const result = this.mode === "persistent" ? await this.executePersistent(request, startTime) : await this.executeEphemeral(request, startTime);
|
|
2316
2353
|
return result;
|
|
@@ -2452,6 +2489,7 @@ class DockerIsol8 {
|
|
|
2452
2489
|
async* executeStream(req) {
|
|
2453
2490
|
await this.semaphore.acquire();
|
|
2454
2491
|
try {
|
|
2492
|
+
this.validateAgentRuntime(req);
|
|
2455
2493
|
const request = await this.resolveExecutionRequest(req);
|
|
2456
2494
|
const adapter = this.getAdapter(request.runtime);
|
|
2457
2495
|
const timeoutMs = request.timeoutMs ?? this.defaultTimeoutMs;
|
|
@@ -2488,7 +2526,7 @@ class DockerIsol8 {
|
|
|
2488
2526
|
await this.volumeManager.writeFileViaExec(container, fPath, fContent);
|
|
2489
2527
|
}
|
|
2490
2528
|
}
|
|
2491
|
-
const rawCmd =
|
|
2529
|
+
const rawCmd = this.buildAdapterCommand(adapter, request, filePath);
|
|
2492
2530
|
const timeoutSec = Math.ceil(timeoutMs / 1000);
|
|
2493
2531
|
let cmd;
|
|
2494
2532
|
if (request.stdin) {
|
|
@@ -2650,18 +2688,18 @@ class DockerIsol8 {
|
|
|
2650
2688
|
let rawCmd;
|
|
2651
2689
|
if (canUseInline) {
|
|
2652
2690
|
try {
|
|
2653
|
-
rawCmd =
|
|
2691
|
+
rawCmd = this.buildAdapterCommand(adapter, req);
|
|
2654
2692
|
} catch {
|
|
2655
2693
|
const ext = req.fileExtension ?? adapter.getFileExtension();
|
|
2656
2694
|
const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
|
|
2657
2695
|
await this.volumeManager.writeFileViaExec(container, filePath, req.code);
|
|
2658
|
-
rawCmd =
|
|
2696
|
+
rawCmd = this.buildAdapterCommand(adapter, req, filePath);
|
|
2659
2697
|
}
|
|
2660
2698
|
} else {
|
|
2661
2699
|
const ext = req.fileExtension ?? adapter.getFileExtension();
|
|
2662
2700
|
const filePath = `${SANDBOX_WORKDIR}/main${ext}`;
|
|
2663
2701
|
await this.volumeManager.writeFileViaExec(container, filePath, req.code);
|
|
2664
|
-
rawCmd =
|
|
2702
|
+
rawCmd = this.buildAdapterCommand(adapter, req, filePath);
|
|
2665
2703
|
}
|
|
2666
2704
|
if (resolved.remainingPackages.length > 0) {
|
|
2667
2705
|
await this.executionManager.installPackages(container, req.runtime, resolved.remainingPackages, timeoutMs);
|
|
@@ -2770,7 +2808,7 @@ class DockerIsol8 {
|
|
|
2770
2808
|
await this.volumeManager.putFile(this.container, fPath, fContent);
|
|
2771
2809
|
}
|
|
2772
2810
|
}
|
|
2773
|
-
const rawCmd =
|
|
2811
|
+
const rawCmd = this.buildAdapterCommand(adapter, req, filePath);
|
|
2774
2812
|
const timeoutSec = Math.ceil(timeoutMs / 1000);
|
|
2775
2813
|
if (remainingPackages.length > 0) {
|
|
2776
2814
|
await this.executionManager.installPackages(this.container, req.runtime, remainingPackages, timeoutMs);
|
|
@@ -2878,6 +2916,27 @@ class DockerIsol8 {
|
|
|
2878
2916
|
getAdapter(runtime) {
|
|
2879
2917
|
return RuntimeRegistry.get(runtime);
|
|
2880
2918
|
}
|
|
2919
|
+
validateAgentRuntime(req) {
|
|
2920
|
+
if (req.runtime !== "agent") {
|
|
2921
|
+
return;
|
|
2922
|
+
}
|
|
2923
|
+
if (this.network !== "filtered") {
|
|
2924
|
+
throw new Error(`Agent runtime requires network mode "filtered". The AI coding agent needs network access to reach its LLM provider API. Use --net filtered --allow "api.anthropic.com" (or your provider's domain).`);
|
|
2925
|
+
}
|
|
2926
|
+
const whitelist = this.networkFilter?.whitelist ?? [];
|
|
2927
|
+
if (whitelist.length === 0) {
|
|
2928
|
+
throw new Error(`Agent runtime requires at least one network whitelist entry. The AI coding agent needs to reach its LLM provider API. Use --allow "api.anthropic.com" (or your provider's domain).`);
|
|
2929
|
+
}
|
|
2930
|
+
}
|
|
2931
|
+
buildAdapterCommand(adapter, req, filePath) {
|
|
2932
|
+
if (adapter.getCommandWithOptions) {
|
|
2933
|
+
return adapter.getCommandWithOptions(req.code, {
|
|
2934
|
+
filePath,
|
|
2935
|
+
agentFlags: req.agentFlags
|
|
2936
|
+
});
|
|
2937
|
+
}
|
|
2938
|
+
return adapter.getCommand(req.code, filePath);
|
|
2939
|
+
}
|
|
2881
2940
|
buildHostConfig() {
|
|
2882
2941
|
const config = {
|
|
2883
2942
|
Memory: parseMemoryLimit(this.memoryLimit),
|
|
@@ -2986,7 +3045,7 @@ init_logger();
|
|
|
2986
3045
|
// package.json
|
|
2987
3046
|
var package_default = {
|
|
2988
3047
|
name: "@isol8/core",
|
|
2989
|
-
version: "0.
|
|
3048
|
+
version: "0.19.0",
|
|
2990
3049
|
description: "Sandboxed code execution engine for AI agents and apps (Docker, runtime and network controls)",
|
|
2991
3050
|
author: "Illusion47586",
|
|
2992
3051
|
license: "MIT",
|
|
@@ -3067,7 +3126,8 @@ export {
|
|
|
3067
3126
|
LABELS,
|
|
3068
3127
|
DockerIsol8,
|
|
3069
3128
|
DenoAdapter,
|
|
3070
|
-
BunAdapter
|
|
3129
|
+
BunAdapter,
|
|
3130
|
+
AgentAdapter
|
|
3071
3131
|
};
|
|
3072
3132
|
|
|
3073
|
-
//# debugId=
|
|
3133
|
+
//# debugId=944C4599E61DE68D64756E2164756E21
|