fix: add OpenSSL build for musl in runtime Dockerfile

2026-04-15 04:03:31 +00:00 · 2026-01-28 01:23:51 -08:00 · 2026-01-28 01:23:51 -08:00 · 5dd8a13845
commit 5dd8a13845
parent 6aa591bd91
16 changed files with 262 additions and 376 deletions
--- a/examples/daytona/package.json
+++ b/examples/daytona/package.json
@ -4,7 +4,6 @@
  "type": "module",
  "scripts": {
    "start": "tsx src/daytona-fallback.ts",
-    "start:cli": "tsx src/daytona.ts",
    "typecheck": "tsc --noEmit"
  },
  "dependencies": {
--- a/examples/daytona/src/daytona-fallback.ts
+++ b/examples/daytona/src/daytona-fallback.ts
@ -12,7 +12,6 @@ if (

 const SNAPSHOT = "sandbox-agent-ready";
 const BINARY = "/usr/local/bin/sandbox-agent";
-const AGENT_BIN_DIR = "/root/.local/share/sandbox-agent/bin";

 const daytona = new Daytona();

@ -28,18 +27,11 @@ if (!hasSnapshot) {
 			image: Image.base("ubuntu:22.04").runCommands(
 				// Install dependencies
 				"apt-get update && apt-get install -y curl ca-certificates",
-				// Download sandbox-agent
-				`curl -fsSL -o ${BINARY} https://releases.rivet.dev/sandbox-agent/latest/binaries/sandbox-agent-x86_64-unknown-linux-musl && chmod +x ${BINARY}`,
-				// Create agent bin directory
-				`mkdir -p ${AGENT_BIN_DIR}`,
-				// Install Claude: get latest version, download binary
-				`CLAUDE_VERSION=$(curl -fsSL https://storage.googleapis.com/claude-code-dist-86c565f3-f756-42ad-8dfa-d59b1c096819/claude-code-releases/latest) && ` +
-				`curl -fsSL -o ${AGENT_BIN_DIR}/claude "https://storage.googleapis.com/claude-code-dist-86c565f3-f756-42ad-8dfa-d59b1c096819/claude-code-releases/$CLAUDE_VERSION/linux-x64/claude" && ` +
-				`chmod +x ${AGENT_BIN_DIR}/claude`,
-				// Install Codex: download tarball, extract binary
-				`curl -fsSL -L https://github.com/openai/codex/releases/latest/download/codex-x86_64-unknown-linux-musl.tar.gz | tar -xzf - -C /tmp && ` +
-				`find /tmp -name 'codex-x86_64-unknown-linux-musl' -exec mv {} ${AGENT_BIN_DIR}/codex \\; && ` +
-				`chmod +x ${AGENT_BIN_DIR}/codex`,
+				// Install sandbox-agent via install script
+				"curl -fsSL https://releases.rivet.dev/sandbox-agent/latest/install.sh | sh",
+				// Pre-install agents using sandbox-agent CLI
+				"sandbox-agent install-agent claude",
+				"sandbox-agent install-agent codex",
 			),
 		},
 		{ onLogs: (log) => console.log(`  ${log}`) },
--- a/examples/daytona/src/daytona.ts
+++ b/examples/daytona/src/daytona.ts
@ -27,11 +27,11 @@ if (!hasSnapshot) {
 			image: Image.base("ubuntu:22.04").runCommands(
 				// Install dependencies
 				"apt-get update && apt-get install -y curl ca-certificates",
-				// Download sandbox-agent
-				`curl -fsSL -o ${BINARY} https://releases.rivet.dev/sandbox-agent/latest/binaries/sandbox-agent-x86_64-unknown-linux-musl && chmod +x ${BINARY}`,
+				// Install sandbox-agent via install script
+				"curl -fsSL https://releases.rivet.dev/sandbox-agent/latest/install.sh | sh",
 				// Pre-install agents using sandbox-agent CLI
-				`${BINARY} install-agent claude`,
-				`${BINARY} install-agent codex`,
+				"sandbox-agent install-agent claude",
+				"sandbox-agent install-agent codex",
 			),
 		},
 		{ onLogs: (log) => console.log(`  ${log}`) },
--- a/examples/docker/package.json
+++ b/examples/docker/package.json
@ -3,7 +3,8 @@
  "private": true,
  "type": "module",
  "scripts": {
-    "start": "tsx src/docker.ts"
+    "start": "tsx src/docker.ts",
+    "typecheck": "tsc --noEmit"
  },
  "dependencies": {
    "dockerode": "latest",
--- a/examples/docker/src/docker.ts
+++ b/examples/docker/src/docker.ts
@ -1,132 +1,58 @@
 import Docker from "dockerode";
-import { pathToFileURL } from "node:url";
-import {
-  ensureUrl,
-  logInspectorUrl,
-  runPrompt,
-  waitForHealth,
-} from "@sandbox-agent/example-shared";
+import { logInspectorUrl, runPrompt, waitForHealth } from "@sandbox-agent/example-shared";

-const INSTALL_SCRIPT = "curl -fsSL https://releases.rivet.dev/sandbox-agent/latest/install.sh | sh";
-const DEFAULT_IMAGE = "debian:bookworm-slim";
-const DEFAULT_PORT = 2468;
+if (!process.env.OPENAI_API_KEY && !process.env.ANTHROPIC_API_KEY) {
+  throw new Error("OPENAI_API_KEY or ANTHROPIC_API_KEY required");
+}

-async function pullImage(docker: Docker, image: string): Promise<void> {
+const IMAGE = "debian:bookworm-slim";
+const PORT = 3000;
+
+const docker = new Docker({ socketPath: "/var/run/docker.sock" });
+
+// Pull image if needed
+try {
+  await docker.getImage(IMAGE).inspect();
+} catch {
+  console.log(`Pulling ${IMAGE}...`);
  await new Promise<void>((resolve, reject) => {
-    docker.pull(image, (error, stream) => {
-      if (error) {
-        reject(error);
-        return;
-      }
-      docker.modem.followProgress(stream, (progressError) => {
-        if (progressError) {
-          reject(progressError);
-        } else {
-          resolve();
-        }
-      });
+    docker.pull(IMAGE, (err: Error | null, stream: NodeJS.ReadableStream) => {
+      if (err) return reject(err);
+      docker.modem.followProgress(stream, (err: Error | null) => err ? reject(err) : resolve());
    });
  });
 }

-async function ensureImage(docker: Docker, image: string): Promise<void> {
-  try {
-    await docker.getImage(image).inspect();
-  } catch {
-    await pullImage(docker, image);
-  }
-}
+console.log("Starting container...");
+const container = await docker.createContainer({
+  Image: IMAGE,
+  Cmd: ["bash", "-lc", [
+    "apt-get update && apt-get install -y curl ca-certificates",
+    "curl -fsSL https://releases.rivet.dev/sandbox-agent/latest/install.sh | sh",
+    "sandbox-agent install-agent claude",
+    "sandbox-agent install-agent codex",
+    `sandbox-agent server --no-token --host 0.0.0.0 --port ${PORT}`,
+  ].join(" && ")],
+  ExposedPorts: { [`${PORT}/tcp`]: {} },
+  HostConfig: {
+    AutoRemove: true,
+    PortBindings: { [`${PORT}/tcp`]: [{ HostPort: `${PORT}` }] },
+  },
+});
+await container.start();

-export async function setupDockerSandboxAgent(): Promise<{
-  baseUrl: string;
-  token: string;
-  cleanup: () => Promise<void>;
-}> {
-  const token = process.env.SANDBOX_TOKEN || "";
-  const port = Number.parseInt(process.env.SANDBOX_PORT || "", 10) || DEFAULT_PORT;
-  const hostPort = Number.parseInt(process.env.SANDBOX_HOST_PORT || "", 10) || port;
-  const image = process.env.DOCKER_IMAGE || DEFAULT_IMAGE;
-  const containerName = process.env.DOCKER_CONTAINER_NAME;
-  const socketPath = process.env.DOCKER_SOCKET || "/var/run/docker.sock";
+const baseUrl = `http://127.0.0.1:${PORT}`;
+await waitForHealth({ baseUrl });
+logInspectorUrl({ baseUrl });

-  const docker = new Docker({ socketPath });
-  await ensureImage(docker, image);
+const cleanup = async () => {
+  console.log("Cleaning up...");
+  try { await container.stop({ t: 5 }); } catch {}
+  try { await container.remove({ force: true }); } catch {}
+  process.exit(0);
+};
+process.once("SIGINT", cleanup);
+process.once("SIGTERM", cleanup);

-  const tokenFlag = token ? "--token $SANDBOX_TOKEN" : "--no-token";
-  const command = [
-    "bash",
-    "-lc",
-    [
-      "apt-get update",
-      "apt-get install -y curl ca-certificates",
-      INSTALL_SCRIPT,
-      `sandbox-agent server ${tokenFlag} --host 0.0.0.0 --port ${port}`,
-    ].join(" && "),
-  ];
-
-  const container = await docker.createContainer({
-    Image: image,
-    Cmd: command,
-    Env: token ? [`SANDBOX_TOKEN=${token}`] : [],
-    ExposedPorts: {
-      [`${port}/tcp`]: {},
-    },
-    HostConfig: {
-      AutoRemove: true,
-      PortBindings: {
-        [`${port}/tcp`]: [{ HostPort: `${hostPort}` }],
-      },
-    },
-    ...(containerName ? { name: containerName } : {}),
-  });
-
-  await container.start();
-
-  const baseUrl = ensureUrl(`http://127.0.0.1:${hostPort}`);
-  await waitForHealth({ baseUrl, token });
-  logInspectorUrl({ baseUrl, token });
-
-  const cleanup = async () => {
-    try {
-      await container.stop({ t: 5 });
-    } catch {
-      // ignore stop errors
-    }
-    try {
-      await container.remove({ force: true });
-    } catch {
-      // ignore remove errors
-    }
-  };
-
-  return {
-    baseUrl,
-    token,
-    cleanup,
-  };
-}
-
-async function main(): Promise<void> {
-  const { baseUrl, token, cleanup } = await setupDockerSandboxAgent();
-
-  const exitHandler = async () => {
-    await cleanup();
-    process.exit(0);
-  };
-
-  process.on("SIGINT", () => {
-    void exitHandler();
-  });
-  process.on("SIGTERM", () => {
-    void exitHandler();
-  });
-
-  await runPrompt({ baseUrl, token });
-}
-
-if (process.argv[1] && import.meta.url === pathToFileURL(process.argv[1]).href) {
-  main().catch((error) => {
-    console.error(error);
-    process.exit(1);
-  });
-}
+await runPrompt({ baseUrl });
+await cleanup();
--- a/examples/docker/tsconfig.json
+++ b/examples/docker/tsconfig.json
@ -0,0 +1,16 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "lib": ["ES2022", "DOM"],
+    "module": "ESNext",
+    "moduleResolution": "Bundler",
+    "allowImportingTsExtensions": true,
+    "noEmit": true,
+    "esModuleInterop": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "resolveJsonModule": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "**/*.test.ts"]
+}
--- a/examples/e2b/package.json
+++ b/examples/e2b/package.json
@ -3,7 +3,8 @@
  "private": true,
  "type": "module",
  "scripts": {
-    "start": "tsx src/e2b.ts"
+    "start": "tsx src/e2b.ts",
+    "typecheck": "tsc --noEmit"
  },
  "dependencies": {
    "@e2b/code-interpreter": "latest",
--- a/examples/e2b/src/e2b.ts
+++ b/examples/e2b/src/e2b.ts
@ -1,89 +1,32 @@
 import { Sandbox } from "@e2b/code-interpreter";
-import { pathToFileURL } from "node:url";
-import {
-  ensureUrl,
-  logInspectorUrl,
-  runPrompt,
-  waitForHealth,
-} from "@sandbox-agent/example-shared";
+import { logInspectorUrl, runPrompt } from "@sandbox-agent/example-shared";

-const INSTALL_SCRIPT = "curl -fsSL https://releases.rivet.dev/sandbox-agent/latest/install.sh | sh";
-const DEFAULT_PORT = 2468;
-
-type CommandRunner = (command: string, options?: Record<string, unknown>) => Promise<unknown>;
-
-function resolveCommandRunner(sandbox: Sandbox): CommandRunner {
-  if (sandbox.commands?.run) {
-    return sandbox.commands.run.bind(sandbox.commands);
-  }
-  if (sandbox.commands?.exec) {
-    return sandbox.commands.exec.bind(sandbox.commands);
-  }
-  throw new Error("E2B SDK does not expose commands.run or commands.exec");
+if (!process.env.E2B_API_KEY || (!process.env.OPENAI_API_KEY && !process.env.ANTHROPIC_API_KEY)) {
+  throw new Error("E2B_API_KEY and (OPENAI_API_KEY or ANTHROPIC_API_KEY) required");
 }

-export async function setupE2BSandboxAgent(): Promise<{
-  baseUrl: string;
-  token: string;
-  cleanup: () => Promise<void>;
-}> {
-  const token = process.env.SANDBOX_TOKEN || "";
-  const port = Number.parseInt(process.env.SANDBOX_PORT || "", 10) || DEFAULT_PORT;
+const sandbox = await Sandbox.create({ allowInternetAccess: true });

-  const sandbox = await Sandbox.create({
-    allowInternetAccess: true,
-    envs: token ? { SANDBOX_TOKEN: token } : undefined,
-  });
+const run = (cmd: string) => sandbox.commands.run(cmd);

-  const runCommand = resolveCommandRunner(sandbox);
+console.log("Installing sandbox-agent...");
+await run("curl -fsSL https://releases.rivet.dev/sandbox-agent/latest/install.sh | sh");
+await run("sandbox-agent install-agent claude");
+await run("sandbox-agent install-agent codex");

-  await runCommand(`bash -lc "${INSTALL_SCRIPT}"`);
-  const tokenFlag = token ? "--token $SANDBOX_TOKEN" : "--no-token";
-  await runCommand(`bash -lc "sandbox-agent server ${tokenFlag} --host 0.0.0.0 --port ${port}"`, {
-    background: true,
-    envs: token ? { SANDBOX_TOKEN: token } : undefined,
-  });
+console.log("Starting server...");
+await sandbox.commands.run("sandbox-agent server --no-token --host 0.0.0.0 --port 3000", { background: true });

-  const baseUrl = ensureUrl(sandbox.getHost(port));
-  await waitForHealth({ baseUrl, token });
-  logInspectorUrl({ baseUrl, token });
+const baseUrl = `https://${sandbox.getHost(3000)}`;
+logInspectorUrl({ baseUrl });

-  const cleanup = async () => {
-    try {
-      await sandbox.kill();
-    } catch {
-      // ignore cleanup errors
-    }
-  };
+const cleanup = async () => {
+  console.log("Cleaning up...");
+  await sandbox.kill();
+  process.exit(0);
+};
+process.once("SIGINT", cleanup);
+process.once("SIGTERM", cleanup);

-  return {
-    baseUrl,
-    token,
-    cleanup,
-  };
-}
-
-async function main(): Promise<void> {
-  const { baseUrl, token, cleanup } = await setupE2BSandboxAgent();
-
-  const exitHandler = async () => {
-    await cleanup();
-    process.exit(0);
-  };
-
-  process.on("SIGINT", () => {
-    void exitHandler();
-  });
-  process.on("SIGTERM", () => {
-    void exitHandler();
-  });
-
-  await runPrompt({ baseUrl, token });
-}
-
-if (process.argv[1] && import.meta.url === pathToFileURL(process.argv[1]).href) {
-  main().catch((error) => {
-    console.error(error);
-    process.exit(1);
-  });
-}
+await runPrompt({ baseUrl });
+await cleanup();
--- a/examples/e2b/tsconfig.json
+++ b/examples/e2b/tsconfig.json
@ -0,0 +1,16 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "lib": ["ES2022", "DOM"],
+    "module": "ESNext",
+    "moduleResolution": "Bundler",
+    "allowImportingTsExtensions": true,
+    "noEmit": true,
+    "esModuleInterop": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "resolveJsonModule": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "**/*.test.ts"]
+}
--- a/examples/shared/src/sandbox-agent-client.ts
+++ b/examples/shared/src/sandbox-agent-client.ts
@ -1,4 +1,4 @@
-import { createInterface } from "node:readline";
+import { createInterface } from "node:readline/promises";
 import { randomUUID } from "node:crypto";
 import { setTimeout as delay } from "node:timers/promises";

@ -277,25 +277,13 @@ export async function runPrompt({
  agentId?: string;
 }): Promise<void> {
  const sessionId = await createSession({ baseUrl, token, extraHeaders, agentId });
+  console.log(`Session ${sessionId} ready. Press Ctrl+C to quit.`);

-  console.log(`Session ${sessionId} ready. Type /exit to quit.`);
+  const rl = createInterface({ input: process.stdin, output: process.stdout });

-  const rl = createInterface({
-    input: process.stdin,
-    output: process.stdout,
-    prompt: "> ",
-  });
-
-  const handleLine = async (line: string) => {
-    const trimmed = line.trim();
-    if (!trimmed) {
-      rl.prompt();
-      return;
-    }
-    if (trimmed === "/exit") {
-      rl.close();
-      return;
-    }
+  while (true) {
+    const line = await rl.question("> ");
+    if (!line.trim()) continue;

    try {
      await sendMessageStream({
@ -303,24 +291,12 @@ export async function runPrompt({
        token,
        extraHeaders,
        sessionId,
-        message: trimmed,
+        message: line.trim(),
        onText: (text) => process.stdout.write(text),
      });
      process.stdout.write("\n");
    } catch (error) {
      console.error(error instanceof Error ? error.message : error);
    }
-
-    rl.prompt();
-  };
-
-  rl.on("line", (line) => {
-    void handleLine(line);
-  });
-
-  rl.on("close", () => {
-    process.exit(0);
-  });
-
-  rl.prompt();
+  }
 }
--- a/examples/vercel/package.json
+++ b/examples/vercel/package.json
@ -3,7 +3,8 @@
  "private": true,
  "type": "module",
  "scripts": {
-    "start": "tsx src/vercel-sandbox.ts"
+    "start": "tsx src/vercel-sandbox.ts",
+    "typecheck": "tsc --noEmit"
  },
  "dependencies": {
    "@vercel/sandbox": "latest",
--- a/examples/vercel/src/vercel-sandbox.ts
+++ b/examples/vercel/src/vercel-sandbox.ts
@ -1,105 +1,46 @@
 import { Sandbox } from "@vercel/sandbox";
-import { pathToFileURL } from "node:url";
-import {
-  ensureUrl,
-  logInspectorUrl,
-  runPrompt,
-  waitForHealth,
-} from "@sandbox-agent/example-shared";
+import { logInspectorUrl, runPrompt, waitForHealth } from "@sandbox-agent/example-shared";

-const INSTALL_SCRIPT = "curl -fsSL https://releases.rivet.dev/sandbox-agent/latest/install.sh | sh";
-const DEFAULT_PORT = 2468;
+if (!process.env.OPENAI_API_KEY && !process.env.ANTHROPIC_API_KEY) {
+  throw new Error("OPENAI_API_KEY or ANTHROPIC_API_KEY required");
+}

-type VercelSandboxOptions = {
-  runtime: string;
-  ports: number[];
-  token?: string;
-  teamId?: string;
-  projectId?: string;
+const PORT = 3000;
+
+const sandbox = await Sandbox.create({
+  runtime: process.env.VERCEL_RUNTIME || "node24",
+  ports: [PORT],
+  ...(process.env.VERCEL_TOKEN && process.env.VERCEL_TEAM_ID && process.env.VERCEL_PROJECT_ID
+    ? { token: process.env.VERCEL_TOKEN, teamId: process.env.VERCEL_TEAM_ID, projectId: process.env.VERCEL_PROJECT_ID }
+    : {}),
+});
+
+const run = (cmd: string) => sandbox.runCommand({ cmd: "bash", args: ["-lc", cmd], sudo: true });
+
+console.log("Installing sandbox-agent...");
+await run("curl -fsSL https://releases.rivet.dev/sandbox-agent/latest/install.sh | sh");
+await run("sandbox-agent install-agent claude");
+await run("sandbox-agent install-agent codex");
+
+console.log("Starting server...");
+await sandbox.runCommand({
+  cmd: "bash",
+  args: ["-lc", `sandbox-agent server --no-token --host 0.0.0.0 --port ${PORT}`],
+  sudo: true,
+  detached: true,
+});
+
+const baseUrl = `https://${sandbox.domain(PORT)}`;
+await waitForHealth({ baseUrl });
+logInspectorUrl({ baseUrl });
+
+const cleanup = async () => {
+  console.log("Cleaning up...");
+  await sandbox.stop();
+  process.exit(0);
 };
+process.once("SIGINT", cleanup);
+process.once("SIGTERM", cleanup);

-export async function setupVercelSandboxAgent(): Promise<{
-  baseUrl: string;
-  token: string;
-  cleanup: () => Promise<void>;
-}> {
-  const token = process.env.SANDBOX_TOKEN || "";
-  const port = Number.parseInt(process.env.SANDBOX_PORT || "", 10) || DEFAULT_PORT;
-  const runtime = process.env.VERCEL_RUNTIME || "node24";
-
-  const createOptions: VercelSandboxOptions = {
-    runtime,
-    ports: [port],
-  };
-
-  const accessToken = process.env.VERCEL_TOKEN;
-  const teamId = process.env.VERCEL_TEAM_ID;
-  const projectId = process.env.VERCEL_PROJECT_ID;
-  if (accessToken && teamId && projectId) {
-    createOptions.token = accessToken;
-    createOptions.teamId = teamId;
-    createOptions.projectId = projectId;
-  }
-
-  const sandbox = await Sandbox.create(createOptions);
-
-  await sandbox.runCommand({
-    cmd: "bash",
-    args: ["-lc", INSTALL_SCRIPT],
-    sudo: true,
-  });
-
-  const tokenFlag = token ? "--token $SANDBOX_TOKEN" : "--no-token";
-  await sandbox.runCommand({
-    cmd: "bash",
-    args: [
-      "-lc",
-      `SANDBOX_TOKEN=${token} sandbox-agent server ${tokenFlag} --host 0.0.0.0 --port ${port}`,
-    ],
-    sudo: true,
-    detached: true,
-  });
-
-  const baseUrl = ensureUrl(sandbox.domain(port));
-  await waitForHealth({ baseUrl, token });
-  logInspectorUrl({ baseUrl, token });
-
-  const cleanup = async () => {
-    try {
-      await sandbox.stop();
-    } catch {
-      // ignore cleanup errors
-    }
-  };
-
-  return {
-    baseUrl,
-    token,
-    cleanup,
-  };
-}
-
-async function main(): Promise<void> {
-  const { baseUrl, token, cleanup } = await setupVercelSandboxAgent();
-
-  const exitHandler = async () => {
-    await cleanup();
-    process.exit(0);
-  };
-
-  process.on("SIGINT", () => {
-    void exitHandler();
-  });
-  process.on("SIGTERM", () => {
-    void exitHandler();
-  });
-
-  await runPrompt({ baseUrl, token });
-}
-
-if (process.argv[1] && import.meta.url === pathToFileURL(process.argv[1]).href) {
-  main().catch((error) => {
-    console.error(error);
-    process.exit(1);
-  });
-}
+await runPrompt({ baseUrl });
+await cleanup();
--- a/examples/vercel/tsconfig.json
+++ b/examples/vercel/tsconfig.json
@ -0,0 +1,16 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "lib": ["ES2022", "DOM"],
+    "module": "ESNext",
+    "moduleResolution": "Bundler",
+    "allowImportingTsExtensions": true,
+    "noEmit": true,
+    "esModuleInterop": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "resolveJsonModule": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "**/*.test.ts"]
+}