@wopr-network/platform-core 1.36.3 → 1.38.0

package/dist/fleet/fleet-manager.d.ts

@@ -41,6 +41,13 @@ export declare class FleetManager {
     create(params: Omit<BotProfile, "id"> & {
         id?: string;
     }, resourceLimits?: ContainerResourceLimits): Promise<BotProfile>;
+    /**
+     * Create and immediately start a bot container in one call.
+     * Combines create() + start() for ephemeral container workflows.
+     */
+    createAndStart(params: Omit<BotProfile, "id"> & {
+        id?: string;
+    }, resourceLimits?: ContainerResourceLimits): Promise<BotProfile>;
     /**
      * Start a stopped bot container.
      * Valid from: stopped, created, exited, dead, error states.

package/dist/fleet/fleet-manager.js

@@ -130,6 +130,15 @@ export class FleetManager {
         };
         return hasExplicitId ? this.withLock(id, doCreate) : doCreate();
     }
+    /**
+     * Create and immediately start a bot container in one call.
+     * Combines create() + start() for ephemeral container workflows.
+     */
+    async createAndStart(params, resourceLimits) {
+        const profile = await this.create(params, resourceLimits);
+        await this.start(profile.id);
+        return profile;
+    }
     /**
      * Start a stopped bot container.
      * Valid from: stopped, created, exited, dead, error states.
@@ -557,22 +566,28 @@ export class FleetManager {
         if (sharedVolConfig.enabled) {
             binds.push(`${sharedVolConfig.volumeName}:${sharedVolConfig.mountPath}:ro`);
         }
+        const isEphemeral = profile.ephemeral === true;
         const hostConfig = {
             RestartPolicy: {
                 Name: restartPolicyMap[profile.restartPolicy] || "",
             },
             Binds: binds.length > 0 ? binds : undefined,
-            SecurityOpt: ["no-new-privileges"],
-            CapDrop: ["ALL"],
-            CapAdd: ["NET_BIND_SERVICE"],
-            ReadonlyRootfs: true,
-            Tmpfs: {
-                "/tmp": "rw,noexec,nosuid,size=64m",
-                "/var/tmp": "rw,noexec,nosuid,size=64m",
-            },
+            SecurityOpt: isEphemeral ? undefined : ["no-new-privileges"],
+            CapDrop: isEphemeral ? undefined : ["ALL"],
+            CapAdd: isEphemeral ? undefined : ["NET_BIND_SERVICE"],
+            ReadonlyRootfs: isEphemeral ? false : true,
+            Tmpfs: isEphemeral
+                ? undefined
+                : {
+                    "/tmp": "rw,noexec,nosuid,size=64m",
+                    "/var/tmp": "rw,noexec,nosuid,size=64m",
+                },
         };
-        // Set tenant network isolation if NetworkPolicy is configured
-        if (this.networkPolicy) {
+        // Set network: explicit profile.network takes precedence, then NetworkPolicy
+        if (profile.network) {
+            hostConfig.NetworkMode = profile.network;
+        }
+        else if (this.networkPolicy) {
             const networkMode = await this.networkPolicy.prepareForContainer(profile.tenantId);
             hostConfig.NetworkMode = networkMode;
         }

package/dist/fleet/index.d.ts

@@ -1,4 +1,5 @@
 export * from "./drizzle-tenant-update-config-repository.js";
+export * from "./fleet-manager.js";
 export type { FleetNotificationListenerDeps } from "./fleet-notification-listener.js";
 export { initFleetNotificationListener } from "./fleet-notification-listener.js";
 export * from "./init-fleet-updater.js";

package/dist/fleet/index.js

@@ -1,4 +1,5 @@
 export * from "./drizzle-tenant-update-config-repository.js";
+export * from "./fleet-manager.js";
 export { initFleetNotificationListener } from "./fleet-notification-listener.js";
 export * from "./init-fleet-updater.js";
 export * from "./repository-types.js";

package/dist/fleet/types.d.ts

@@ -53,6 +53,8 @@ export declare const botProfileSchema: z.ZodObject<{
         topics: z.ZodDefault<z.ZodArray<z.ZodString>>;
     }, z.core.$strip>>;
     nodeId: z.ZodOptional<z.ZodString>;
+    network: z.ZodOptional<z.ZodString>;
+    ephemeral: z.ZodOptional<z.ZodBoolean>;
 }, z.core.$strip>;
 export type BotProfile = z.infer<typeof botProfileSchema>;
 /** Schema for creating a bot via the API */
@@ -85,6 +87,8 @@ export declare const createBotSchema: z.ZodObject<{
         topics: z.ZodDefault<z.ZodArray<z.ZodString>>;
     }, z.core.$strip>>;
     nodeId: z.ZodOptional<z.ZodString>;
+    network: z.ZodOptional<z.ZodString>;
+    ephemeral: z.ZodOptional<z.ZodBoolean>;
 }, z.core.$strip>;
 /** Schema for updating a bot via the API */
 export declare const updateBotSchema: z.ZodObject<{

package/dist/fleet/types.js

@@ -64,6 +64,10 @@ export const botProfileSchema = z.object({
     discovery: discoveryConfigSchema.optional(),
     /** Node this bot was placed on at creation time (optional, for future multi-node routing). */
     nodeId: z.string().uuid().optional(),
+    /** Docker network to attach the container to (bypasses NetworkPolicy). */
+    network: z.string().min(1).optional(),
+    /** When true, disables ReadonlyRootfs and CapDrop for containers that need write access (e.g., ephemeral workers). */
+    ephemeral: z.boolean().optional(),
 });
 /** Schema for creating a bot via the API */
 export const createBotSchema = z.object({
@@ -83,6 +87,10 @@ export const createBotSchema = z.object({
     discovery: discoveryConfigSchema.optional(),
     /** Node this bot was placed on at creation time (optional, for future multi-node routing). */
     nodeId: z.string().uuid().optional(),
+    /** Docker network to attach the container to. */
+    network: z.string().min(1).optional(),
+    /** When true, disables ReadonlyRootfs and CapDrop for ephemeral workers. */
+    ephemeral: z.boolean().optional(),
 });
 /** Schema for updating a bot via the API */
 export const updateBotSchema = z.object({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wopr-network/platform-core",
-  "version": "1.36.3",
+  "version": "1.38.0",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/fleet/fleet-manager.ts

@@ -159,6 +159,19 @@ export class FleetManager {
     return hasExplicitId ? this.withLock(id, doCreate) : doCreate();
   }
 
+  /**
+   * Create and immediately start a bot container in one call.
+   * Combines create() + start() for ephemeral container workflows.
+   */
+  async createAndStart(
+    params: Omit<BotProfile, "id"> & { id?: string },
+    resourceLimits?: ContainerResourceLimits,
+  ): Promise<BotProfile> {
+    const profile = await this.create(params, resourceLimits);
+    await this.start(profile.id);
+    return profile;
+  }
+
   /**
    * Start a stopped bot container.
    * Valid from: stopped, created, exited, dead, error states.
@@ -608,23 +621,29 @@ export class FleetManager {
       binds.push(`${sharedVolConfig.volumeName}:${sharedVolConfig.mountPath}:ro`);
     }
 
+    const isEphemeral = profile.ephemeral === true;
+
     const hostConfig: Docker.ContainerCreateOptions["HostConfig"] = {
       RestartPolicy: {
         Name: restartPolicyMap[profile.restartPolicy] || "",
       },
       Binds: binds.length > 0 ? binds : undefined,
-      SecurityOpt: ["no-new-privileges"],
-      CapDrop: ["ALL"],
-      CapAdd: ["NET_BIND_SERVICE"],
-      ReadonlyRootfs: true,
-      Tmpfs: {
-        "/tmp": "rw,noexec,nosuid,size=64m",
-        "/var/tmp": "rw,noexec,nosuid,size=64m",
-      },
+      SecurityOpt: isEphemeral ? undefined : ["no-new-privileges"],
+      CapDrop: isEphemeral ? undefined : ["ALL"],
+      CapAdd: isEphemeral ? undefined : ["NET_BIND_SERVICE"],
+      ReadonlyRootfs: isEphemeral ? false : true,
+      Tmpfs: isEphemeral
+        ? undefined
+        : {
+            "/tmp": "rw,noexec,nosuid,size=64m",
+            "/var/tmp": "rw,noexec,nosuid,size=64m",
+          },
     };
 
-    // Set tenant network isolation if NetworkPolicy is configured
-    if (this.networkPolicy) {
+    // Set network: explicit profile.network takes precedence, then NetworkPolicy
+    if (profile.network) {
+      hostConfig.NetworkMode = profile.network;
+    } else if (this.networkPolicy) {
       const networkMode = await this.networkPolicy.prepareForContainer(profile.tenantId);
       hostConfig.NetworkMode = networkMode;
     }

package/src/fleet/index.ts

@@ -1,4 +1,5 @@
 export * from "./drizzle-tenant-update-config-repository.js";
+export * from "./fleet-manager.js";
 export type { FleetNotificationListenerDeps } from "./fleet-notification-listener.js";
 export { initFleetNotificationListener } from "./fleet-notification-listener.js";
 export * from "./init-fleet-updater.js";

package/src/fleet/types.ts

@@ -74,6 +74,10 @@ export const botProfileSchema = z.object({
   discovery: discoveryConfigSchema.optional(),
   /** Node this bot was placed on at creation time (optional, for future multi-node routing). */
   nodeId: z.string().uuid().optional(),
+  /** Docker network to attach the container to (bypasses NetworkPolicy). */
+  network: z.string().min(1).optional(),
+  /** When true, disables ReadonlyRootfs and CapDrop for containers that need write access (e.g., ephemeral workers). */
+  ephemeral: z.boolean().optional(),
 });
 
 export type BotProfile = z.infer<typeof botProfileSchema>;
@@ -96,6 +100,10 @@ export const createBotSchema = z.object({
   discovery: discoveryConfigSchema.optional(),
   /** Node this bot was placed on at creation time (optional, for future multi-node routing). */
   nodeId: z.string().uuid().optional(),
+  /** Docker network to attach the container to. */
+  network: z.string().min(1).optional(),
+  /** When true, disables ReadonlyRootfs and CapDrop for ephemeral workers. */
+  ephemeral: z.boolean().optional(),
 });
 
 /** Schema for updating a bot via the API */