fix: sandbox path mounting and workspace isolation (#129, #136)#137
Open
Erudition wants to merge 21 commits intonextlevelbuilder:mainfrom
Open
fix: sandbox path mounting and workspace isolation (#129, #136)#137Erudition wants to merge 21 commits intonextlevelbuilder:mainfrom
Erudition wants to merge 21 commits intonextlevelbuilder:mainfrom
Conversation
Author
|
Also touches on #46 |
Erudition
force-pushed
the
fix-issue-129-sandbox-workspace-path
branch
from
4147b17 to
ce39d69
Compare
… hardcoded '/workspace' Fixes nextlevelbuilder#129 by injecting the SandboxContainerDir configuration from the agent loop into the tool context. The Execute functions for shell, file read/write, and edit tools now dynamically use this directory path instead of the literal string '/workspace'. Fallback to '/workspace' is preserved if the path is missing from ctx.
…CE_PATH Plumbs the Workdir field into SandboxConfig and parses the GOCLAW_SANDBOX_WORKSPACE_PATH environment variable so that users can override the default '/workspace' path dynamically.
When GoClaw runs in a Docker container (e.g. via docker-compose) and spawns sibling sandbox containers, passing the internal container path (e.g. /app/workspace) to the Docker daemon causes the daemon to mount a non-existent host path. This commit dynamically inspects the container's own mounts to determine the true host volume/path corresponding to the workspace, ensuring sandboxes start with the correct code rather than an empty directory.
…t workspaces causing OCI runtime crashes
…vent permanent DNS caching
…ace in internal resolver
…DNS tools - Added ctxSandboxNetwork context key and helpers in internal/tools/context_keys.go - Propagated SandboxNetworkEnabled flag through LoopConfig, Loop, and ManagedResolver - Injected sandbox network status into tool context in internal/agent/loop.go - Updated ExecTool in internal/tools/shell.go to conditionally allow dnsutils (nslookup, dig, host) when sandbox networking is enabled - Updated cmd/gateway_managed.go to initialize SandboxNetworkEnabled from app configuration
- Added regression tests for ExecTool security policy in internal/tools/shell_test.go - Fixed redeclaration error in internal/tools/shell.go - Finalized sandbox networking propagation and adaptive security policy - Rebuilt sandbox image with dnsutils and iputils-ping
Add a sandbox-image service with deploy.replicas=0 to docker-compose.sandbox.yml so that 'docker compose up --build' automatically rebuilds goclaw-sandbox:bookworm-slim when Dockerfile.sandbox changes. Docker layer caching makes this near-instant when the Dockerfile hasn't changed. This removes the manual 'docker build' prerequisite step and updates the usage instructions accordingly.
DockerManager.Get() was using the singleton manager config with NetworkEnabled=false for all containers, ignoring the per-agent 'Network Enabled' toggle completely (Issue nextlevelbuilder#139 root cause nextlevelbuilder#2). Changes: - sandbox: add WithNetworkOverride/NetworkOverrideFromCtx context helpers so callers can override the manager's default network setting per-request - DockerManager.Get(): read the context override and clone the config before creating a container; append '-net' to the cache key so agents with networking get a separate container from those without (avoids reusing a --network=none container) - tools: inject sandbox.WithNetworkOverride(ctx, true) before each sandboxMgr.Get() call in all 5 sandboxed tools (shell, read_file, write_file, list_files, edit_file) when ToolSandboxNetworkFromCtx is true
…form - Improved argument parsing to use shell-style splitting instead of comma-separated. - This allows users to enter standard CLI flags and handle values with spaces using quotes. - Updated English translations to reflect the new format.
Erudition
force-pushed
the
fix-issue-129-sandbox-workspace-path
branch
from
ce39d69 to
50b0071
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR addresses several critical issues related to sandbox path mounting and agent workspace isolation in Docker environments. Prior to these fixes, the sandbox was effectively unusable in many Docker-based deployments (such as Portainer) because hardcoded default paths (like
/.goclaw/...) were not correctly mapped to persistent volumes, leading tochdirfailures and sandbox startup errors.1. Fix Docker Volume Mounting Issues (Issue #129)
~was expanding to ephemeral locations instead of the persistent/app/workspacemount.resolveHostWorkspacePathto dynamically discover the host volume or path for container directories like/app/workspace. This allows sibling containers in DooD (Docker-out-of-Docker) environments to mount the correct volumes.MigrateLegacyPathto automatically re-route old~/.goclawpaths to the persistent volume mount, ensuring backward compatibility.2. Fix Sandbox Isolation Breach (Issue #136)
MapHostPathToSandboxutility to ensure all filesystem tools (exec,read,write,list,edit) consistently resolve paths relative to the agent's dedicated container-side subdirectory.3. Nginx DNS Caching Fix
ui/web/nginx.confto use Docker's internal DNS resolver (127.0.0.11) with dynamic upstream resolution. This prevents "Host unreachable" errors in the UI when the backend container is recreated with a new internal IP.4. Build Fix
path/filepathimport ininternal/tools/shell.go.Verification
go build -o goclaw .