feat(ai-autopilot): DockerRunner — first sandboxed runner adapter#142
Merged
Conversation
Boots each workspace as a container via the docker CLI (no npm dep), so untrusted agent code runs isolated from the host: own filesystem, process space, and a published preview port. Same Runner contract as LocalRunner (fs/exec/start/preview/dispose), so it drops in behind the seam unchanged. preview() probes readiness inside the container, not host-side: Docker Desktop's port proxy pre-binds the published port, so a host TCP connect is a false ready. dockerAvailable() lets the suite skip cleanly with no daemon. Verified against a live daemon (15 container tests). WebContainer and Flue stay parked.
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Part of #109. Adds
DockerRunner, the first sandboxed adapter behind the runner seam.It boots each workspace as a container via the
dockerCLI (no npm dependency), so untrusted, agent-authored code runs isolated from the host — its own filesystem, process space, and a published preview port. SameRunnercontract asLocalRunner(fs / exec / start / preview / dispose), so it drops in unchanged:new DockerRunner({ image?, previewPort? }).One real gotcha it handles:
preview()probes readiness inside the container, because Docker Desktop's host-side port proxy pre-binds the published port — a host TCP connect returns 'ready' before the server is actually up.dockerAvailable()reports whether a daemon is reachable, so the suite skips cleanly where there's none (CI stays green). Verified against a live daemon: 15 container tests exercising boot/exec/preview/start/dispose, no leaked containers.WebContainer and Flue remain parked (still infra-gated) — #109 stays open to track them.