mirror of
https://github.com/harivansh-afk/sandbox-agent.git
synced 2026-04-15 12:03:53 +00:00
d8b8b49f37
* Fix Foundry auth: migrate to Better Auth adapter, fix access token retrieval - Remove @ts-nocheck from better-auth.ts, auth-user/index.ts, app-shell.ts and fix all type errors - Fix getAccessTokenForSession: read GitHub token directly from account record instead of calling Better Auth's internal /get-access-token endpoint which returns 403 on server-side calls - Re-implement workspaceAuth helper functions (workspaceAuthColumn, normalizeAuthValue, workspaceAuthClause, workspaceAuthWhere) that were accidentally deleted - Remove all retry logic (withRetries, isRetryableAppActorError) - Implement CORS origin allowlist from configured environment - Document cachedAppWorkspace singleton pattern - Add inline org sync fallback in buildAppSnapshot for post-OAuth flow - Add no-retry rule to CLAUDE.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add Foundry dev panel from fix-git-data branch Port the dev panel component that was left out when PR #243 was replaced by PR #247. Adapted to remove runtime/mock-debug references that don't exist on the current branch. - Toggle with Shift+D, persists visibility to localStorage - Shows context, session, GitHub sync status sections - Dev-only (import.meta.env.DEV) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add full Docker image defaults, fix actor deadlocks, and improve dev experience - Add Dockerfile.full and --all flag to install-agent CLI for pre-built images - Centralize Docker image constant (FULL_IMAGE) pinned to 0.3.1-full - Remove examples/shared/Dockerfile{,.dev} and daytona snapshot example - Expand Docker docs with full runnable Dockerfile - Fix self-deadlock in createWorkbenchSession (fire-and-forget provisioning) - Audit and convert 12 task actions from wait:true to wait:false - Add bun --hot for dev backend hot reload - Remove --force from pnpm install in dev Dockerfile for faster startup - Add env_file support to compose.dev.yaml for automatic credential loading - Add mock frontend compose config and dev panel - Update CLAUDE.md with wait:true policy and dev environment setup Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * WIP: async action fixes and interest manager Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix Foundry UI bugs: org names, hanging sessions, and wrong repo creation - Fix org display name using GitHub description instead of name field - Fix createWorkbenchSession hanging when sandbox is provisioning - Fix auto-session creation retry storm on errors - Fix task creation using wrong repo due to React state race conditions - Remove Bun hot-reload from backend Dockerfile (causes port drift) - Add GitHub sync/install status to dev panel Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
87 lines
2.5 KiB
Text
87 lines
2.5 KiB
Text
---
|
|
title: "Docker"
|
|
description: "Build and run Sandbox Agent in a Docker container."
|
|
---
|
|
|
|
<Warning>
|
|
Docker is not recommended for production isolation of untrusted workloads. Use dedicated sandbox providers (E2B, Daytona, etc.) for stronger isolation.
|
|
</Warning>
|
|
|
|
## Quick start
|
|
|
|
Run the published full image with all supported agents pre-installed:
|
|
|
|
```bash
|
|
docker run --rm -p 3000:3000 \
|
|
-e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" \
|
|
-e OPENAI_API_KEY="$OPENAI_API_KEY" \
|
|
rivetdev/sandbox-agent:0.3.1-full \
|
|
server --no-token --host 0.0.0.0 --port 3000
|
|
```
|
|
|
|
The `0.3.1-full` tag pins the exact version. The moving `full` tag is also published for contributors who want the latest full image.
|
|
|
|
## TypeScript with dockerode
|
|
|
|
```typescript
|
|
import Docker from "dockerode";
|
|
import { SandboxAgent } from "sandbox-agent";
|
|
|
|
const docker = new Docker();
|
|
const PORT = 3000;
|
|
|
|
const container = await docker.createContainer({
|
|
Image: "rivetdev/sandbox-agent:0.3.1-full",
|
|
Cmd: ["server", "--no-token", "--host", "0.0.0.0", "--port", `${PORT}`],
|
|
Env: [
|
|
`ANTHROPIC_API_KEY=${process.env.ANTHROPIC_API_KEY}`,
|
|
`OPENAI_API_KEY=${process.env.OPENAI_API_KEY}`,
|
|
`CODEX_API_KEY=${process.env.CODEX_API_KEY}`,
|
|
].filter(Boolean),
|
|
ExposedPorts: { [`${PORT}/tcp`]: {} },
|
|
HostConfig: {
|
|
AutoRemove: true,
|
|
PortBindings: { [`${PORT}/tcp`]: [{ HostPort: `${PORT}` }] },
|
|
},
|
|
});
|
|
|
|
await container.start();
|
|
|
|
const baseUrl = `http://127.0.0.1:${PORT}`;
|
|
const sdk = await SandboxAgent.connect({ baseUrl });
|
|
|
|
const session = await sdk.createSession({ agent: "codex" });
|
|
await session.prompt([{ type: "text", text: "Summarize this repository." }]);
|
|
```
|
|
|
|
## Building a custom image with everything preinstalled
|
|
|
|
If you need to extend your own base image, install Sandbox Agent and preinstall every supported agent in one step:
|
|
|
|
```dockerfile
|
|
FROM node:22-bookworm-slim
|
|
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
bash ca-certificates curl git && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
RUN curl -fsSL https://releases.rivet.dev/sandbox-agent/0.3.x/install.sh | sh && \
|
|
sandbox-agent install-agent --all
|
|
|
|
RUN useradd -m -s /bin/bash sandbox
|
|
USER sandbox
|
|
WORKDIR /home/sandbox
|
|
|
|
EXPOSE 2468
|
|
ENTRYPOINT ["sandbox-agent"]
|
|
CMD ["server", "--host", "0.0.0.0", "--port", "2468"]
|
|
```
|
|
|
|
## Building from source
|
|
|
|
```bash
|
|
docker build -f docker/release/linux-x86_64.Dockerfile -t sandbox-agent-build .
|
|
docker run --rm -v "$PWD/artifacts:/artifacts" sandbox-agent-build
|
|
```
|
|
|
|
Binary output: `./artifacts/sandbox-agent-x86_64-unknown-linux-musl`.
|