§
    Øí)j1Ú  ã            	       óˆ  — U d Z ddlZddlZddlZddlZddlZddlZddlZddlZddl	m
Z
 ddlmZ ddlmZmZ ddlmZ  ej        e¦  «        Zg d¢Zdaee         ed<    ej        d	¦  «        Zd
ee         dz  dee         fd„Zdedz  deeef         fd„Zdeeef         fd„Z ej        d¦  «        Z dedefd„Z!defd„Z"ddddœde#dedz  dedz  de#fd„Z$dedefd„Z%dee         fd„Z&g d¢Z'dZ(dZ)g d ¢Z*d,d"e+d#e+dee         fd$„Z,ded%ede+fd&„Z-dee         fd'„Z.da/ee+         ed(<   d-d)„Z0 G d*„ d+e¦  «        Z1dS ).zçDocker execution environment for sandboxed command execution.

Security hardened (cap-drop ALL, no-new-privileges, PID limits),
configurable resource limits (CPU, memory, disk), and optional filesystem
persistence via bind mounts.
é    N)ÚPath)ÚOptional)ÚBaseEnvironmentÚ_popen_bash)Ú_HERMES_PROVIDER_ENV_BLOCKLIST)z/usr/local/bin/dockerz/opt/homebrew/bin/dockerz6/Applications/Docker.app/Contents/Resources/bin/dockerÚ_docker_executablez^[A-Za-z_][A-Za-z0-9_]*$Úforward_envÚreturnc                 óŽ  — g }t          ¦   «         }| pg D ]¯}t          |t          ¦  «        st                               d|¦  «         Œ3|                     ¦   «         }|sŒJt                               |¦  «        st                               d|¦  «         Œ€||v rŒ…|                     |¦  «         | 	                    |¦  «         Œ°|S )z?Return a deduplicated list of valid environment variable names.z0Ignoring non-string docker_forward_env entry: %rz-Ignoring invalid docker_forward_env entry: %r)
ÚsetÚ
isinstanceÚstrÚloggerÚwarningÚstripÚ_ENV_VAR_NAME_REÚmatchÚaddÚappend)r	   Ú
normalizedÚseenÚitemÚkeys        ú>/home/ubuntu/.hermes/hermes-agent/tools/environments/docker.pyÚ_normalize_forward_env_namesr   &   sÌ   € à€JÝ‘U”U€DàÐ!˜rð ð ˆÝ˜$¥Ñ$Ô$ð 	ÝNŠNÐMÈtÑTÔTÐTØàjŠj‰lŒlˆØð 	ØÝ×%Ò% cÑ*Ô*ð 	ÝNŠNÐJÈDÑQÔQÐQØØ$ˆ;ˆ;ØàŠ‰ŒˆØ×Ò˜#ÑÔÐÐàÐó    Úenvc                 ó^  — | si S t          | t          ¦  «        st                               d| ¦  «         i S i }|                      ¦   «         D ]ß\  }}t          |t
          ¦  «        r,t                               |                     ¦   «         ¦  «        st                               d|¦  «         Œb|                     ¦   «         }t          |t
          ¦  «        sOt          |t          t          t          f¦  «        rt          |¦  «        }nt                               d||¦  «         ŒÚ|||<   Œà|S )z‡Validate and normalize a docker_env dict to {str: str}.

    Filters out entries with invalid variable names or non-string values.
    zdocker_env is not a dict: %rz#Ignoring invalid docker_env key: %rz/Ignoring non-string docker_env value for %r: %r)r   Údictr   r   Úitemsr   r   r   r   ÚintÚfloatÚbool)r   r   r   Úvalues       r   Ú_normalize_env_dictr%   ?   s  € ð
 ð Øˆ	Ýc4Ñ Ô ð ÝŠÐ5°sÑ;Ô;Ð;Øˆ	à!#€JØ—i’i‘k”kð  ð  ‰
ˆˆUÝ˜#sÑ#Ô#ð 	Õ+;×+AÒ+AÀ#Ç)Â)Á+Ä+Ñ+NÔ+Nð 	ÝNŠNÐ@À#ÑFÔFÐFØØiŠi‰kŒkˆÝ˜%¥Ñ%Ô%ð 	õ ˜%¥#¥u­dÐ!3Ñ4Ô4ð Ý˜E™
œ
å—’ÐPÐRUÐW\Ñ]Ô]Ð]ØØˆ
3‰ˆàÐr   c                  óL   — 	 ddl m}   | ¦   «         pi S # t          $ r i cY S w xY w)zDLoad ~/.hermes/.env values without failing Docker command execution.r   ©Úload_env)Úhermes_cli.configr(   Ú	Exceptionr'   s    r   Ú_load_hermes_env_varsr+   ]   sN   € ðØ.Ð.Ð.Ð.Ð.Ð.àˆx‰zŒzÐ˜RÐøÝð ð ð Øˆ	ˆ	ˆ	ðøøøs   ‚ ”#¢#z[^A-Za-z0-9_.-]r$   c                 ó†   — t          | t          ¦  «        r| sdS t                               d| ¦  «        }|dd…         pd}|S )u  Coerce *value* into a Docker label-safe form (alnum + ``_.-``, â‰¤63 chars).

    Empty or all-invalid inputs collapse to ``"unknown"`` so the resulting
    label is always queryable. Used at container-create time; never round-trip
    a sanitized value back into application logic.
    ÚunknownÚ_Né?   )r   r   Ú_LABEL_VALUE_OK_REÚsub)r$   Úcleaneds     r   Ú_sanitize_label_valuer3   m   sN   € õ eSÑ!Ô!ð ¨ð ØˆyÝ ×$Ò$ S¨%Ñ0Ô0€GØcrcŒlÐ'˜i€GØ€Nr   c                  óJ   — 	 ddl m}   | ¦   «         pdS # t          $ r Y dS w xY w)a   Return the active Hermes profile name, or ``"default"`` on any error.

    Resolved at container-create time so a single container is permanently
    tagged with the profile that created it. Profile switches inside the
    same process don't retroactively relabel running containers.
    r   ©Úget_active_profile_nameÚdefault)Úhermes_cli.profilesr6   r*   r5   s    r   Ú_get_active_profile_namer9   {   sO   € ðØ?Ð?Ð?Ð?Ð?Ð?à&Ð&Ñ(Ô(Ð5¨IÐ5øÝð ð ð Øˆyˆyðøøøs   ‚ ”
"¡"iX  )Úmax_age_secondsÚprofile_filterÚ
docker_exer:   r;   r<   c                 óÔ  — |pt          ¦   «         pd}g d¢}|r'|                     ddt          |¦  «        › g¦  «         	 t          j        |ddg|¢d‘d‘d	d	d
dt          j        ¬¦  «        }n?# t          j        t          f$ r&}t           	                    d|¦  «         Y d}~dS d}~ww xY w|j
        dk    r:t           	                    d|j
        |j                             ¦   «         ¦  «         dS d„ |j                             ¦   «         D ¦   «         }|sdS ddl}|j                             |j        j        ¦  «        }	d}
|D ] }t'          ||¦  «        }|€Œ|	|z
                       ¦   «         }|| k     rŒ4	 t          j        |dd|gd	d	dt          j        ¬¦  «        }|j
        dk    r7|
dz  }
t                               d|dd…         t-          |¦  «        ¦  «         n;t           	                    d|dd…         |j                             ¦   «         ¦  «         ŒÚ# t          j        t          f$ r/}t           	                    d|dd…         |¦  «         Y d}~Œd}~ww xY w|
S )u{  Remove stale hermes-tagged containers left behind by prior processes.

    Targets containers that match all of:

    * ``label=hermes-agent=1`` (created by this codebase)
    * ``status=exited`` (running containers are NEVER reaped â€” they may
      belong to a sibling Hermes process whose reuse path will pick them
      up; killing them would crash the sibling mid-command)
    * (optional) ``label=hermes-profile=<profile_filter>`` (sweep only the
      caller's profile by default; a hermes process in profile A must not
      tear down profile B's containers)
    * ``State.FinishedAt`` older than *max_age_seconds* ago (so a sibling
      process that just exited and is about to be replaced doesn't get
      its container yanked out from under it)

    Returns the number of containers removed. Best-effort: any failure
    (docker daemon unreachable, slow inspect, parse error) is logged at
    debug level and the function returns whatever it managed before the
    failure. Safe to call repeatedly; idempotent.

    Issue #20561 â€” this is the safety net for SIGKILL / OOM / crashed
    terminal exits that bypass the ``atexit`` cleanup hook. Without it,
    even with the cleanup-fix in the prior commit, a hard-killed Hermes
    process leaves its container behind permanently because there's no
    subsequent Hermes process scheduled to reuse that exact (task, profile)
    pair.
    Údocker)ú--filterúlabel=hermes-agent=1r?   zstatus=exitedr?   úlabel=hermes-profile=Úpsú-aú--formatz{{.ID}}Té   F©Úcapture_outputÚtextÚtimeoutÚcheckÚstdinz"orphan reaper docker ps failed: %sNr   z'orphan reaper docker ps returned %d: %sc                 ó^   — g | ]*}|                      ¦   «         ¯|                      ¦   «         ‘Œ+S © ©r   ©Ú.0Úlns     r   ú
<listcomp>z*reap_orphan_containers.<locals>.<listcomp>À   s-   € ÐTÐTÐT BÈÏÊÉÌÐTR—X’X‘Z”ZÐTÐTÐTr   Úrmú-fé   ©rG   rH   rI   rK   é   z2Reaped orphan container %s (exited %d seconds ago)é   údocker rm -f %s failed: %sz%orphan reaper docker rm %s failed: %s)Úfind_dockerÚextendr3   Ú
subprocessÚrunÚDEVNULLÚTimeoutExpiredÚOSErrorr   ÚdebugÚ
returncodeÚstderrr   ÚstdoutÚ
splitlinesÚdatetimeÚnowÚtimezoneÚutcÚ_container_finished_atÚtotal_secondsÚinfor!   )r:   r;   r<   r>   ÚfiltersÚlistingÚeÚcandidate_idsrf   rg   ÚremovedÚcidÚfinished_atÚageÚresults                  r   Úreap_orphan_containersrv   Š   sé  € ðB Ð4;™=œ=Ð4¨H€FØOÐOÐO€GØð fØŠ˜
Ð$cÕ<QÐR`Ñ<aÔ<aÐ$cÐ$cÐdÑeÔeÐeðÝ”.ØT˜4ÐA 'ÐA¨:ÐA°yÐAØ d°B¸eÝÔ$ð
ñ 
ô 
ˆˆøõ
 Ô%¥wÐ/ð ð ð ÝŠÐ9¸1Ñ=Ô=Ð=Øˆqˆqˆqˆqˆqøøøøðøøøð Ô˜QÒÐÝŠØ5ØÔ ¤× 4Ò 4Ñ 6Ô 6ñ	
ô 	
ð 	
ð ˆqàTÐT¨'¬.×*CÒ*CÑ*EÔ*EÐTÑTÔT€MØð Øˆqð
 €O€O€OØ
Ô
×
Ò
 Ô 1Ô 5Ñ
6Ô
6€CØ€GØð Oñ OˆÝ,¨V°SÑ9Ô9ˆØÐàØ[Ñ ×/Ò/Ñ1Ô1ˆØÒ Ð Øð	OÝ”^Ø˜˜t SÐ)Ø#¨$¸Ý Ô(ðñ ô ˆFð
 Ô  AÒ%Ð%Ø˜1‘Ý—’ØHØ˜˜˜”Hc #™hœhñô ð ð õ
 —’Ø0Ø˜˜˜”H˜fœm×1Ò1Ñ3Ô3ñô ð øøõ Ô)­7Ð3ð 	Oð 	Oð 	OÝLŠLÐ@À#ÀcÀrÀcÄ(ÈAÑNÔNÐNÐNÐNÐNÐNÑNøøøøð	Oøøøà€Ns1   Á-A/ Á/B+ÂB&Â&B+Å;B$H È I%È6$I É I%Úcontainer_idc                 ó€  — 	 t          j        | ddd|gddddt           j        ¬¦  «        }nH# t           j        t          f$ r/}t
                               d|d	d
…         |¦  «         Y d	}~d	S d	}~ww xY w|j        dk    rd	S |j         	                    ¦   «         }|r| 
                    d¦  «        rd	S dd	l}|                     dd|¦  «        }|                     dd¦  «        }	 dd	l}|j                             |¦  «        S # t           $ r0}t
                               d||d	d
…         |¦  «         Y d	}~d	S d	}~ww xY w)u@  Parse ``docker inspect`` FinishedAt for *container_id*.

    Returns a timezone-aware datetime, or ``None`` if the field is missing,
    unparseable, or the zero-value ``0001-01-01T00:00:00Z`` Docker emits
    for never-finished containers. ``None`` means "don't reap" â€” the caller
    leaves the container alone.
    ÚinspectrD   z{{.State.FinishedAt}}Té
   FrF   z*orphan reaper docker inspect %s failed: %sNrX   r   z
0001-01-01z(\.\d{6})\d+z\1ÚZz+00:00z(could not parse FinishedAt %r for %s: %s)r\   r]   r^   r_   r`   r   ra   rb   rd   r   Ú
startswithÚrer1   Úreplacerf   ÚfromisoformatÚ
ValueError)r<   rw   ru   ro   ÚrawÚ_rerf   s          r   rj   rj   è   sŒ  € ðÝ”Ø˜ JÐ0GÈÐVØ d°B¸eÝÔ$ð
ñ 
ô 
ˆˆøõ
 Ô%¥wÐ/ð ð ð ÝŠÐAÀ<ÐPSÐQSÐPSÔCTÐVWÑXÔXÐXØˆtˆtˆtˆtˆtøøøøðøøøð Ô˜AÒÐØˆtØ
Œ-×
Ò
Ñ
Ô
€CØð #—.’. Ñ.Ô.ð Øˆtð ÐÐÐØ
'Š'/ 5¨#Ñ
.Ô
.€CØ
+Š+c˜8Ñ
$Ô
$€CðØˆˆˆØÔ ×.Ò.¨sÑ3Ô3Ð3øÝð ð ð ÝŠÐ?ÀÀlÐSVÐTVÐSVÔFWÐYZÑ[Ô[Ð[Øˆtˆtˆtˆtˆtøøøøðøøøs-   ‚), ¬A1Á$A,Á,A1Ã%D Ä
D=Ä%D8Ä8D=c                  óx  — t           t           S t          j        d¦  «        } | r]t          j                             | ¦  «        r>t          j        | t          j        ¦  «        r| a t                               d| ¦  «         | S t          j
        d¦  «        }|r|a |S t          j
        d¦  «        }|r|a t                               d|¦  «         |S t          D ]a}t          j                             |¦  «        r@t          j        |t          j        ¦  «        r!|a t                               d|¦  «         |c S ŒbdS )u‚  Locate the docker (or podman) CLI binary.

    Resolution order:
    1. ``HERMES_DOCKER_BINARY`` env var â€” explicit override (e.g. ``/usr/bin/podman``)
    2. ``docker`` on PATH via ``shutil.which``
    3. ``podman`` on PATH via ``shutil.which``
    4. Well-known macOS Docker Desktop install locations

    Returns the absolute path, or ``None`` if neither runtime can be found.
    NÚHERMES_DOCKER_BINARYz'Using HERMES_DOCKER_BINARY override: %sr>   Úpodmanz%Using podman as container runtime: %sz%Found docker at non-PATH location: %s)r   ÚosÚgetenvÚpathÚisfileÚaccessÚX_OKr   rl   ÚshutilÚwhichÚ_DOCKER_SEARCH_PATHS)ÚoverrideÚfoundrˆ   s      r   rZ   rZ     s7  € õ Ð%Ý!Ð!õ ŒyÐ/Ñ0Ô0€HØð •B”G—N’N 8Ñ,Ô,ð µ´¸8ÅRÄWÑ1MÔ1Mð Ø%ÐÝŠÐ=¸xÑHÔHÐHØˆõ ŒL˜Ñ"Ô"€EØð Ø"ÐØˆõ ŒL˜Ñ"Ô"€EØð Ø"ÐÝŠÐ;¸UÑCÔCÐCØˆõ %ð ð ˆÝŒ7>Š>˜$ÑÔð 	¥B¤I¨dµB´GÑ$<Ô$<ð 	Ø!%ÐÝKŠKÐ?ÀÑFÔFÐFØˆKˆKˆKøàˆ4r   )z
--cap-dropÚALLú	--cap-addÚDAC_OVERRIDEr’   ÚCHOWNr’   ÚFOWNERz--security-optzno-new-privilegesz--pids-limitÚ256ú--tmpfsz/tmp:rw,nosuid,size=512mr—   z#/var/tmp:rw,noexec,nosuid,size=256m)r—   z/run:rw,noexec,nosuid,size=64m)r—   z/run:rw,exec,nosuid,size=64m)r’   ÚSETUIDr’   ÚSETGIDFÚrun_as_host_userÚrun_execc                 ó    — t          |rt          nt          ¦  «        }t          t          ¦  «        |z   }| r|S |t          t          ¦  «        z   S )aI  Return the security/cap/tmpfs args tailored to the privilege mode.

    ``run_exec`` mounts ``/run`` with ``exec`` instead of the hardened
    ``noexec`` default. This is required for s6-overlay images whose ``/init``
    entrypoint execs ``/run/s6/basedir/bin/init`` during startup; see
    ``_image_uses_init_entrypoint``.
    )ÚlistÚ_RUN_TMPFS_EXECÚ_RUN_TMPFS_NOEXECÚ_BASE_SECURITY_ARGSÚ_PRIVDROP_CAP_ARGS)rš   r›   Ú	run_tmpfsÚargss       r   Ú_build_security_argsr¤   c  sO   € õ ¨ÐG•__Õ6GÑHÔH€IÝÕ#Ñ$Ô$ yÑ0€DØð ØˆØ•$Õ)Ñ*Ô*Ñ*Ð*r   Úimagec                 óÂ  — 	 t          j        | dd|ddgdddt           j        ¬¦  «        }n@# t           j        t          f$ r'}t
                               d||¦  «         Y d	}~d
S d	}~ww xY w|j        dk    r;t
                               d||j        |j         	                    ¦   «         ¦  «         d
S |j
        pd 	                    ¦   «         }|r|dk    rd
S 	 t          j        |¦  «        }n# t          t          f$ r Y d
S w xY wt          |t           ¦  «        r|g}t          |t"          ¦  «        r|sd
S t!          |d         ¦  «         	                    ¦   «         }|dv S )añ  Return True if ``image``'s entrypoint is the s6-overlay ``/init``.

    Such images (e.g. anything built on ``s6-overlay``, including
    ``hermes-agent:latest``) already provide their own PID-1 init and execute
    ``/run/s6/basedir/bin/init`` during stage0 startup. They are incompatible
    with Docker's ``--init`` (two competing PID-1 inits) and with a ``noexec``
    ``/run`` mount. Detection is best-effort: on any inspection failure we
    return False and keep the hardened defaults.
    r¥   ry   rD   z{{json .Config.Entrypoint}}TrE   rV   z/Docker: could not inspect entrypoint for %s: %sNFr   z4Docker: image inspect for %s returned %d (stderr=%s)Ú Únull)z/initz&/package/admin/s6-overlay/command/init)r\   r]   r^   ÚSubprocessErrorr`   r   ra   rb   rc   r   rd   ÚjsonÚloadsr€   Ú	TypeErrorr   r   r   )r<   r¥   ru   ro   r   Ú
entrypointÚfirsts          r   Ú_image_uses_init_entrypointr¯   r  s¡  € ðÝ”Ø˜ )¨UØÐ6ð8àØØÝÔ$ð
ñ 
ô 
ˆˆøõ Ô&­Ð0ð ð ð ÝŠÐFÈÈqÑQÔQÐQØˆuˆuˆuˆuˆuøøøøðøøøð Ô˜AÒÐõ 	ŠØBØ6Ô$ f¤m×&9Ò&9Ñ&;Ô&;ñ	
ô 	
ð 	
ð ˆuØŒ=Ð˜B×
%Ò
%Ñ
'Ô
'€CØð #˜’--ØˆuðÝ”Z ‘_”_ˆ
ˆ
øÝ	Ð"ð ð ð Øˆuˆuðøøøå*cÑ"Ô"ð "Ø \ˆ
Ýj¥$Ñ'Ô'ð ¨zð ØˆuÝ
˜1”ÑÔ×$Ò$Ñ&Ô&€EØÐGÐGÐGs'   ‚), ¬A)ÁA$Á$A)ÃC- Ã-DÄDc                  ó¸   — t          t          dd¦  «        } t          t          dd¦  «        }| |€dS 	  | ¦   «         › d |¦   «         › S # t          $ r Y dS w xY w)au  Return ``<uid>:<gid>`` for the current host user, or ``None`` on platforms
    where this is not meaningful (e.g. Windows without posix ids).

    We intentionally read ``os.getuid()``/``os.getgid()`` directly rather than
    going through ``getpass``/``pwd`` so this stays cheap and never raises on
    nameless UIDs (nss lookups can fail inside sandboxed launchers).
    ÚgetuidNÚgetgidú:)Úgetattrr†   r*   )Úget_uidÚget_gids     r   Ú_resolve_host_user_specr·   Ÿ  s{   € õ •b˜( DÑ)Ô)€GÝ•b˜( DÑ)Ô)€GØ€˜'˜/ØˆtðØ'‘)”)Ð)Ð)˜g˜g™iœiÐ)Ð)Ð)øÝð ð ð Øˆtˆtðøøøs   ´A Á
AÁAÚ_storage_opt_okc                  óž  — t          ¦   «         } | s)t                               d¦  «         t          d¦  «        ‚	 t	          j        | dgdddt          j        ¬¦  «        }|j        dk    rHt                               d| |j        |j         	                    ¦   «         ¦  «         t          d	¦  «        ‚dS # t          $ r- t                               d
| d¬¦  «         t          d¦  «        ‚t          j        $ r- t                               d| d¬¦  «         t          d¦  «        ‚t          $ r t                               dd¬¦  «         ‚ w xY w)zàBest-effort check that the docker CLI is available before use.

    Reuses ``find_docker()`` so this preflight stays consistent with the rest of
    the Docker backend, including known non-PATH Docker Desktop locations.
    z–Docker backend selected but no docker executable was found in PATH or known install locations. Install Docker Desktop and ensure the CLI is available.z|Docker executable not found in PATH or known install locations. Install Docker and ensure the 'docker' command is available.ÚversionTé   rV   r   zIDocker backend selected but '%s version' failed (exit code %d, stderr=%s)zXDocker command is available but 'docker version' failed. Check your Docker installation.zVDocker backend selected but the resolved docker executable '%s' could not be executed.)Úexc_infozHDocker executable could not be executed. Check your Docker installation.zYDocker backend selected but '%s version' timed out. The Docker daemon may not be running.zHDocker daemon is not responding. Ensure Docker is running and try again.z4Unexpected error while checking Docker availability.N)rZ   r   ÚerrorÚRuntimeErrorr\   r]   r^   rb   rc   r   ÚFileNotFoundErrorr_   r*   )r<   ru   s     r   Ú_ensure_docker_availablerÀ   ´  sË  € õ ‘”€JØð 	
ÝŠð ñ	
ô 	
ð 	
õ
 ðKñ
ô 
ð 	
ð
.Ý”Ø˜Ð#ØØØÝÔ$ð
ñ 
ô 
ˆðD Ô Ò!Ð!ÝLŠLð,àØÔ!Ø”×#Ò#Ñ%Ô%ñô ð õ ð2ñô ð ð "Ð!øõ7 ð 	
ð 	
ð 	
ÝŠðàØð	 	ñ 	
ô 	
ð 	
õ ØVñ
ô 
ð 	
õ Ô$ð 	
ð 	
ð 	
ÝŠð4àØð	 	ñ 	
ô 	
ð 	
õ ØVñ
ô 
ð 	
õ ð ð ð ÝŠØBØð 	ñ 	
ô 	
ð 	
ð 	ðøøøs   »%B5 Â5BEc            #       óš  ‡ — e Zd ZdZ	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 d3d	ed
ededededededededee         dz  de	dz  dedededededef"ˆ fd„Z
dee         fd„Zddddœded eded!edz  dej        f
d"„Zd#Zd$edefd%„Zdefd&„Zd4d(ed
ede	fˆ fd)„Zedefd*„¦   «         Zd+ed,edeeeef                  fd-„Zdd.œd/efd0„Zd5dedefd2„Zˆ xZS )6ÚDockerEnvironmentuñ  Hardened Docker container execution with resource limits and persistence.

    Security: all capabilities dropped, no privilege escalation, PID limits,
    size-limited tmpfs for scratch dirs. The container itself is the security
    boundary â€” the filesystem inside is writable so agents can install packages
    (pip, npm, apt) as needed. Writable workspace via tmpfs or bind mounts.

    Persistence: when enabled, bind mounts preserve /workspace and /root
    across container restarts.
    ú/rooté<   r   Fr7   NTr¥   ÚcwdrI   ÚcpuÚmemoryÚdiskÚpersistent_filesystemÚtask_idÚvolumesr	   r   ÚnetworkÚhost_cwdÚauto_mount_cwdrš   Ú
extra_argsÚpersist_across_processesc                 óò  •— |dk    rd}t          ¦   «                              ||¬¦  «         || _        || _        || _        t          |
¦  «        | _        t          |¦  «        | _        d | _	        i | _
        d| _        d| _        d| _        g | _        t                               d|	› ¦  «         |	4t#          |	t$          ¦  «        st                               d|	›¦  «         g }	t)          ¦   «          g }|dk    r$|                     d	t-          |¦  «        g¦  «         |dk    r|                     d
|› dg¦  «         |dk    rZt.          j        dk    rJ|                      ¦   «         r|                     dd|› dg¦  «         nt                               d¦  «         |s|                     d¦  «         ddlm} g }d}|	pg D ]Œ}t#          |t,          ¦  «        st                               d|›¦  «         Œ5|                     ¦   «         }|sŒLd|v r|                     d|g¦  «         d|v rd}Œnt                               d|› d¦  «         Œ|r<t<          j                              t<          j         !                    |¦  «        ¦  «        nd}|o0tE          |¦  «        o!t<          j         #                    |¦  «        o| }|r>|r<t<          j         #                    |¦  «        st           $                    d|› ¦  «         d | _%        d | _&        g }| j        r· |¦   «         dz  |z  }t-          |dz  ¦  «        | _&        t=          j'        | j&        d¬¦  «         |                     d| j&        › dg¦  «         |sS|sQt-          |dz  ¦  «        | _%        t=          j'        | j%        d¬¦  «         |                     d| j%        › dg¦  «         n2|s|s|                     dd g¦  «         |                     g d!¢¦  «         |r't                               d"|› ¦  «         d|› dg|¢}n|rt           $                    d#¦  «         	 dd$l(m)}m*}m+}  |¦   «         D ]È}tY          |d%         ¦  «        }| -                    ¦   «         rt                               d&|¦  «         ŒG| .                    ¦   «         st                               d'|¦  «         Œw|                     d|d%         › d|d(         › d)g¦  «         t                               d*|d%         |d(         ¦  «         ŒÉ |¦   «         D ]˜} tY          | d%         ¦  «        }| -                    ¦   «         st                               d+|¦  «         ŒG|                     d| d%         › d| d(         › d)g¦  «         t                               d,| d%         | d(         ¦  «         Œ™ |¦   «         D ]˜}!tY          |!d%         ¦  «        }| -                    ¦   «         st                               d-|¦  «         ŒG|                     d|!d%         › d|!d(         › d)g¦  «         t                               d.|!d%         |!d(         ¦  «         Œ™n2# t^          $ r%}"t           $                    d/|"¦  «         Y d }"~"nd }"~"ww xY wg }#ta          | j        ¦  «        D ])}$|#                     d0|$› d1| j        |$         › g¦  «         Œ*g }%|rJtc          ¦   «         }&|& d2|&g}%t                               d3|&¦  «         nt                               d4¦  «         te          ¦   «         pd| _3        ti          | j3        |¦  «        }'|'rt                               d5|¦  «         tk          |otE          |%¦  «        |'¬6¦  «        }(t                               d7|› ¦  «         g })|pg D ]H}*t#          |*t,          ¦  «        st                               d8|*¦  «         Œ3|)                     |*¦  «         ŒI|(|%z   |z   |z   |z   |#z   |)z   }+t                               d9|+› ¦  «         d:tm          j7        ¦   «         j8        d d;…         › },ts          tu          ¦   «         ¦  «        }-ts          |¦  «        }.d<d=d<d>|.› d<d?|-› g}/|| _        |,| _        |'| _        |+| _        d@|.|-dAœ| _
        d}0|rÛ|  ;                    |.|-¦  «        }1|1Ã|1\  }2}3|2| _	        |3dBk    r‚	 ty          j=        | j3        dC|2gdddDdtx          j>        ¬E¦  «         nT# tx          j?        tx          j@        f$ r6}"t                               dF|2d dG…         |3|"¦  «         d | _	        Y d }"~"nd }"~"ww xY w| j	        r(t                               dH|2d dG…         |.|-|3¦  «         d}0|0s2|'rg ndIg}4| j3        dJdKg|4¢dL‘|,‘|/¢dM‘|‘|+¢|‘dN‘dO‘}5t           $                    dPdQ A                    |5¦  «        › ¦  «         	 ty          j=        |5dddRdtx          j>        ¬E¦  «        }6nk# tx          j?        tx          j@        f$ rM}"t                               dS|,|"¦  «         ty          j=        | j3        dTdU|,gddVtx          j>        ¬W¦  «         ‚ d }"~"ww xY w|6jB                             ¦   «         | _	        t                               dX|,› dY| j	        d dG…         › dZ¦  «         |  C                    ¦   «         | _D        |  E                    ¦   «          d S )[NÚ~rÃ   )rÅ   rI   r§   FzDockerEnvironment volumes: z%docker_volumes config is not a list: r   z--cpusz--memoryÚmÚdarwinú--storage-optzsize=zDocker storage driver does not support per-container disk limits (requires overlay2 on XFS with pquota). Container will run without disk quota.z--network=none)Úget_sandbox_dirz%Docker volume entry is not a string: r³   z-vz:/workspaceTzDocker volume 'z' missing colon, skippingz>Skipping docker cwd mount: host_cwd is not a valid directory: r>   Úhome)Úexist_okz:/rootÚ	workspacer—   z/workspace:rw,exec,size=10g)r—   z/home:rw,exec,size=1gr—   z/root:rw,exec,size=1gz,Mounting configured host cwd to /workspace: zDSkipping docker cwd mount: /workspace already mounted by user config)Úget_credential_file_mountsÚget_skills_directory_mountÚget_cache_directory_mountsÚ	host_pathug   Docker: skipping credential mount â€” source is a directory (likely Docker-in-Docker auto-creation): %su:   Docker: skipping credential mount â€” source not found: %sÚcontainer_pathz:roz$Docker: mounting credential %s -> %su?   Docker: skipping skills mount â€” source is not a directory: %sz$Docker: mounting skills dir %s -> %su>   Docker: skipping cache mount â€” source is not a directory: %sz#Docker: mounting cache dir %s -> %sz1Docker: could not load credential file mounts: %sú-eÚ=z--userz)Docker: running container as host user %szƒdocker_run_as_host_user is enabled but this platform does not expose POSIX uid/gid; container will start as its image default user.ug   Docker: image %s uses /init (s6-overlay) as entrypoint â€” skipping --init and mounting /run with exec.)r›   zDocker volume_args: z/Ignoring non-string docker_extra_args entry: %rzDocker run_args: úhermes-é   ú--labelzhermes-agent=1zhermes-task-id=zhermes-profile=Ú1)zhermes-agentúhermes-task-idúhermes-profileÚrunningÚstartrU   rF   u[   Failed to start existing container %s (state=%s): %s â€” falling back to a fresh container.rX   z:Reusing container %s (task=%s, profile=%s, prior state=%s)ú--initr]   ú-dú--nameú-wÚsleepÚinfinityzStarting container: Ú éx   z<docker run failed for %s, cleaning up orphaned container: %srS   rT   rz   ©rG   rI   rK   zStarted container z (ú))FÚsuperÚ__init__Ú_persistentÚ_persist_across_processesÚ_task_idr   Ú_forward_envr%   Ú_envÚ_container_idÚ_labelsÚ_imageÚ_container_nameÚ_image_uses_s6_initÚ_all_run_argsr   rl   r   r   r   rÀ   r[   r   ÚsysÚplatformÚ_storage_opt_supportedr   Útools.environments.baserÖ   r   r†   rˆ   ÚabspathÚ
expanduserr#   Úisdirra   Ú_workspace_dirÚ	_home_dirÚmakedirsÚtools.credential_filesrÚ   rÛ   rÜ   r   Úis_dirÚis_filer*   Úsortedr·   rZ   Ú_docker_exer¯   r¤   ÚuuidÚuuid4Úhexr3   r9   Ú_find_reusable_containerr\   r]   r^   ÚCalledProcessErrorr_   Újoinrd   Ú_build_init_env_argsÚ_init_env_argsÚinit_session)8Úselfr¥   rÅ   rI   rÆ   rÇ   rÈ   rÉ   rÊ   rË   r	   r   rÌ   rÍ   rÎ   rš   rÏ   rÐ   Úresource_argsrÖ   Úvolume_argsÚworkspace_explicitly_mountedÚvolÚhost_cwd_absÚbind_host_cwdÚwritable_argsÚsandboxrÚ   rÛ   rÜ   Úmount_entryÚsrcÚskills_mountÚcache_mountro   Úenv_argsr   Ú	user_argsÚ	user_specÚimage_uses_s6_initÚsecurity_argsÚvalidated_extraÚargÚall_run_argsÚcontainer_nameÚprofile_nameÚ
task_labelÚ
label_argsÚreusedÚexistingrw   ÚstateÚ	init_argsÚrun_cmdru   Ú	__class__s8                                                          €r   rô   zDockerEnvironment.__init__  sð  ø€ ð( #Š:ˆ:ØˆCÝ‰Œ×Ò˜S¨'ÐÑ2Ô2Ð2Ø0ˆÔØ)AˆÔ&ØˆŒÝ8¸ÑEÔEˆÔÝ'¨Ñ,Ô,ˆŒ	Ø,0ˆÔØ')ˆŒØˆŒØ$&ˆÔØ).ˆÔ Ø(*ˆÔÝŠÐ;°'Ð;Ð;Ñ<Ô<Ð<àÐ¥z°'½4Ñ'@Ô'@ÐÝNŠNÐNÀ7ÐNÐNÑOÔOÐOØˆGõ 	!Ñ"Ô"Ð"ð ˆØŠ7ˆ7Ø× Ò  (­C°©H¬HÐ!5Ñ6Ô6Ð6ØAŠ:ˆ:Ø× Ò  *°¨l¨l¨lÐ!;Ñ<Ô<Ð<Ø!Š8ˆ8œ¨Ò0Ð0Ø×*Ò*Ñ,Ô,ð Ø×$Ò$ o°¸t°°°Ð%GÑHÔHÐHÐHå—’ðeñô ð ð ð 	3Ø× Ò Ð!1Ñ2Ô2Ð2ð
 	<Ð;Ð;Ð;Ð;Ð;ð ˆØ',Ð$ØM˜rð 	Qð 	QˆCÝ˜c¥3Ñ'Ô'ð Ý—’ÐNÀsÐNÐNÑOÔOÐOØØ—)’)‘+”+ˆCØð ØØcˆzˆzØ×"Ò" D¨# ;Ñ/Ô/Ð/Ø  CÐ'Ð'Ø37Ð0øå—’ÐO°ÐOÐOÐOÑPÔPÐPÐPàHPÐX•r”w—’¥r¤w×'9Ò'9¸(Ñ'CÔ'CÑDÔDÐDÐVXˆàð 1Ý\Ñ"Ô"ð1å”—’˜lÑ+Ô+ð1ð 1Ð0ð	 	ð ð 	f˜hð 	f­r¬w¯}ª}¸\Ñ/JÔ/Jð 	fÝLŠLÐdÐZbÐdÐdÑeÔeÐeà-1ˆÔØ(,ˆŒØˆØÔð 	Ø%oÑ'Ô'¨(Ñ2°WÑ<ˆGÝ  ¨6Ñ!1Ñ2Ô2ˆDŒNÝŒK˜œ°Ð6Ñ6Ô6Ð6Ø× Ò Ø˜œÐ/Ð/Ð/ð"ñ ô ð ð !ð Ð)Eð Ý&)¨'°KÑ*?Ñ&@Ô&@Ô#Ý”˜DÔ/¸$Ð?Ñ?Ô?Ð?Ø×$Ò$Ø˜TÔ0Ð=Ð=Ð=ð&ñ ô ð øð !ð Ð)Eð Ø×$Ò$ØÐ<ð&ñ ô ð ð × Ò ð "ð "ð "ñ ô ð ð
 ð 	aÝKŠKÐUÀ|ÐUÐUÑVÔVÐVØ LÐ!=Ð!=Ð!=ÐLÀÐLˆKˆKØ)ð 	aÝLŠLÐ_Ñ`Ô`Ð`ðL	Qðð ð ð ð ð ð ð ð ð ð  :Ð9Ñ;Ô;ð ð Ý˜; {Ô3Ñ4Ô4Ø—:’:‘<”<ð 	õ —N’NðFàñô ð ð
 Ø—{’{‘}”}ð Ý—N’NØTÐVYñô ð ð Ø×"Ò"ØØ" ;Ô/ÐTÐT°+Ð>NÔ2OÐTÐTÐTð$ñ ô ð õ —’Ø:Ø Ô,ØÐ 0Ô1ñô ð ð ð !;Ð :Ñ <Ô <ð ð Ý˜<¨Ô4Ñ5Ô5Ø—z’z‘|”|ð Ý—N’NØYØñô ð ð Ø×"Ò"ØØ# KÔ0ÐVÐV°<Ð@PÔ3QÐVÐVÐVð$ñ ô ð õ —’Ø:Ø  Ô-Ø Ð!1Ô2ñô ð ð ð  :Ð9Ñ;Ô;ð ð Ý˜; {Ô3Ñ4Ô4Ø—z’z‘|”|ð Ý—N’NØXØñô ð ð Ø×"Ò"ØØ" ;Ô/ÐTÐT°+Ð>NÔ2OÐTÐTÐTð$ñ ô ð õ —’Ø9Ø Ô,ØÐ 0Ô1ñô ð ð ðøõ" ð 	Qð 	Qð 	QÝLŠLÐLÈaÑPÔPÐPÐPÐPÐPÐPÐPøøøøð	Qøøøð
 ˆÝ˜$œ)Ñ$Ô$ð 	?ð 	?ˆCØOŠO˜T cÐ#<Ð#<¨D¬I°c¬NÐ#<Ð#<Ð=Ñ>Ô>Ð>Ð>ð  "ˆ	Øð 
	Ý/Ñ1Ô1ˆIØÐ$Ø% yÐ1	Ý—’ÐGÈÑSÔSÐSÐSå—’ð*ñô ð õ '™=œ=Ð4¨HˆÔõ 9¸Ô9IÈ5ÑQÔQÐØð 	ÝKŠKð?àñô ð õ
 -ØÐ0¥ i¡¤Ø'ð
ñ 
ô 
ˆõ
 	ŠÐ8¨;Ð8Ð8Ñ9Ô9Ð9ð ˆØÐ$ "ð 	(ð 	(ˆCÝ˜c¥3Ñ'Ô'ð Ý—’ÐPÐRUÑVÔVÐVØØ×"Ò" 3Ñ'Ô'Ð'Ð'ð Øñàñð ñð ñ	ð
 ñð ñð 	õ 	ŠÐ6¨Ð6Ð6Ñ7Ô7Ð7ð :¥4¤:¡<¤<Ô#3°B°Q°BÔ#7Ð9Ð9ˆõ -Õ-EÑ-GÔ-GÑHÔHˆÝ*¨7Ñ3Ô3ˆ
àÐ'ØÐ5¨Ð5Ð5ØÐ7¨Ð7Ð7ð
ˆ
ð ˆŒØ-ˆÔØ#5ˆÔ Ø)ˆÔð  Ø(Ø*ð
ð 
ˆŒð$ ˆØ#ð 	"Ø×4Ò4°ZÀÑNÔNˆHØÐ#Ø&.Ñ#˜eØ%1Ô"Ø˜IÒ%Ð%ð2Ý"œØ!Ô-¨w¸ÐEØ+/Ø!%Ø$&Ø"&Ý",Ô"4ðñ ô ð ð øõ 'Ô9½:Ô;TÐUð 2ð 2ð 2ÝŸšðHà(¨¨"¨Ô-¨u°añô ð ð
 .2˜Ô*Ð*Ð*Ð*Ð*Ð*øøøøð2øøøð Ô%ð "Ý—K’KØTØ$ S b SÔ)¨:°|ÀUñô ð ð "Fàñ ,	[ð 1Ð@˜˜°x°jˆIàÔ  %¨ð	àð	ð ð	ð )ð	ð ð		ð
 ð	ð
 ð	ð ð	ð ð	ð ð	ð $ð	ˆGõ LŠLÐC°·²¸Ñ0AÔ0AÐCÐCÑDÔDÐDðÝ#œØØ#'ØØØÝ$Ô,ðñ ô øõ Ô1µ:Ô3LÐMð ð ð õ —’ØRØ" Añô ð õ ”ØÔ% t¨T°>ÐBØ#'°Ý$Ô,ðñ ô ð ð
 øøøøð#øøøð$ "(¤×!4Ò!4Ñ!6Ô!6ˆDÔÝKŠKÐY¨^ÐYÐY¸tÔ?QÐRUÐSUÐRUÔ?VÐYÐYÐYÑZÔZÐZð
 #×7Ò7Ñ9Ô9ˆÔð 	×ÒÑÔÐÐÐsJ   ÑH#Y0 Ù0
ZÙ:ZÚZã%,d äe#ä-,eåe#ç.$h èi;è.Ai6é6i;r
   c                 ó  — t          | j        ¦  «        }t          | j        ¦  «        }t          ¦   «         }	 ddlm} t           |¦   «         ¦  «        }n# t          $ r Y nw xY w||t          z
  z  }|rt          ¦   «         ni }t          |¦  «        D ]4}t          j        |¦  «        }|s|                     |¦  «        }|r|||<   Œ5g }	t          |¦  «        D ]$}|	                     d|› d||         › g¦  «         Œ%|	S )zîBuild -e KEY=VALUE args for injecting host env vars into init_session.

        These are used once during init_session() so that export -p captures
        them into the snapshot.  Subsequent execute() calls don't need -e flags.
        r   )Úget_all_passthroughrß   rà   )r   rù   r   rø   Útools.env_passthroughr8  r*   r   r+   r  r†   r‡   Úgetr[   )
r  Úexec_envÚexplicit_forward_keysÚpassthrough_keysr8  Úforward_keysÚ
hermes_envr   r$   r£   s
             r   r  z&DockerEnvironment._build_init_env_args  sC  € õ $(¨¬	¡?¤?ˆå # DÔ$5Ñ 6Ô 6ÐÝ%(¡U¤UÐð	ØAÐAÐAÐAÐAÐAÝ"Ð#6Ð#6Ñ#8Ô#8Ñ9Ô9ÐÐøÝð 	ð 	ð 	ØˆDð	øøøð
 -Ð0@ÕCaÑ0aÑbˆØ0<ÐDÕ*Ñ,Ô,Ð,À"ˆ
Ý˜,Ñ'Ô'ð 	&ð 	&ˆCÝ”I˜c‘N”NˆEØð ,Ø"Ÿš sÑ+Ô+Øð &Ø %˜‘øàˆÝ˜(Ñ#Ô#ð 	:ð 	:ˆCØKŠK˜ #Ð7Ð7¨°¬Ð7Ð7Ð8Ñ9Ô9Ð9Ð9Øˆs   ¸A Á
A#Á"A#rð   )ÚloginrI   Ú
stdin_dataÚ
cmd_stringr@  rA  c                óZ  — | j         s
J d¦   «         ‚| j        dg}||                     d¦  «         |r|                     | j        ¦  «         |                     | j         g¦  «         |r|                     ddd|g¦  «         n|                     dd|g¦  «         t          ||¦  «        S )z1Spawn a bash process inside the Docker container.zContainer not startedÚexecNz-iÚbashz-lz-c)rú   r  r   r[   r  r   )r  rB  r@  rI   rA  Úcmds         r   Ú	_run_bashzDockerEnvironment._run_bash¯  sÇ   € ð Ô!Ð:Ð:Ð#:Ñ:Ô:Ð!ØÔ Ð(ˆØÐ!ØJŠJtÑÔÐð ð 	,ØJŠJtÔ*Ñ+Ô+Ð+à
Š
DÔ&Ð'Ñ(Ô(Ð(àð 	3ØJŠJ˜  d¨JÐ7Ñ8Ô8Ð8Ð8àJŠJ˜  jÐ1Ñ2Ô2Ð2å˜3 
Ñ+Ô+Ð+r   )zNo such containerzis not runningzno such containerÚoutputc                 óD   ‡— t          ˆfd„| j        D ¦   «         ¦  «        S )zCReturn True if the output indicates the container no longer exists.c              3   ó    •K  — | ]}|‰v V — Œ	d S )NrM   )rP   ÚprH  s     €r   ú	<genexpr>z7DockerEnvironment._is_container_gone.<locals>.<genexpr>Ò  s'   øè è € ÐDÐD 11˜;ÐDÐDÐDÐDÐDÐDr   )ÚanyÚ_NO_CONTAINER_PATTERNS)r  rH  s    `r   Ú_is_container_gonez$DockerEnvironment._is_container_goneÐ  s)   ø€ åÐDÐDÐDÐD¨Ô(CÐDÑDÔDÑDÔDÐDr   c                 ó¾  — | j         pddd…         }t                               d|¦  «         d| _         | j                             dd¦  «        }| j                             dd¦  «        }|                      ||¦  «        }|Ú|\  }}|dk    r+|| _         t                               d|dd…         ¦  «         n¤	 t          j        | j	        d	|gd
d
dd
t          j
        ¬¦  «         || _         t                               d|dd…         ¦  «         nL# t          j        t          j        f$ r.}t                               d|dd…         |¦  «         Y d}~nd}~ww xY w| j         s| j        st                               d¦  «         dS 	 ddl}d|                     ¦   «         j        dd…         › }	| j        rg ndg}
g }| j                             ¦   «         D ]!\  }}|                     d|› d|› g¦  «         Œ"| j	        ddg|
¢d‘|	‘|¢d‘| j        ‘| j        ¢| j        ‘d‘d‘}t          j        |d
d
dd
t          j
        ¬¦  «        }|j                             ¦   «         | _         |	| _        t                               d|	| j         dd…         ¦  «         nJ# t          j        t          j        t4          f$ r&}t                               d|¦  «         Y d}~dS d}~ww xY w	 d| _        |                      ¦   «          n3# t:          $ r&}t                               d |¦  «         Y d}~dS d}~ww xY wt                               d!| j         pddd…         ¦  «         d
S )"a9  Recreate the container after it was removed out-of-band.

        Tries label-based reuse first; if no existing container is found,
        starts a fresh one with the same image and run-args.  Returns True
        on success, False if recreation fails (caller should surface the
        original error).
        r§   NrX   u7   Container %s appears to be gone â€” attempting recoveryrå   ræ   rç   z&Recovery: reusing running container %srè   TrU   rF   z Recovery: restarted container %sz*Recovery: failed to start container %s: %sz8Recovery: no saved image name, cannot recreate containerFr   rá   râ   ré   rã   rà   r]   rê   rë   rì   rí   rî   rð   z)Recovery: created fresh container %s (%s)z,Recovery: failed to create new container: %sz2Recovery: init_session failed in new container: %su(   Recovery successful â€” new container %s)rú   r   r   rû   r:  r  rl   r\   r]   r  r^   r  r_   rü   r½   r  r  r  rþ   r    r[   rÅ   rÿ   rd   r   rý   r`   Ú_snapshot_readyr  r*   )r  Úold_idr/  Úprofile_labelr2  rr   r3  ro   Ú_uuidÚnew_namer4  r0  ÚkÚvr5  ru   s                   r   Ú_recreate_containerz%DockerEnvironment._recreate_containerÔ  s&  € ð Ô$Ð*¨¨C¨R¨CÔ0ˆÝŠØEÀvñ	
ô 	
ð 	
ð "ˆÔð ”\×%Ò%Ð&6¸Ñ;Ô;ˆ
Øœ×(Ò(Ð)9¸2Ñ>Ô>ˆØ×0Ò0°¸]ÑKÔKˆØÐØ!‰JˆCØ˜	Ò!Ð!Ø%(Ô"Ý—’ÐDÀcÈ#È2È#ÄhÑOÔOÐOÐOð	^Ý”NØÔ)¨7°CÐ8Ø'+°$ÀÈ$Ý(Ô0ðñ ô ð ð
 *-DÔ&Ý—K’KÐ BÀCÈÈÈÄHÑMÔMÐMÐMøÝ"Ô5µzÔ7PÐQð ^ð ^ð ^Ý—N’NÐ#OÐQTÐUXÐVXÐUXÔQYÐ[\Ñ]Ô]Ð]Ð]Ð]Ð]Ð]Ð]øøøøð^øøøð Ô!ñ !	Ø”;ð Ý—’ÐWÑXÔXÐXØuðØ$Ð$Ð$Ð$Ø< U§[¢[¡]¤]Ô%6°r¸°rÔ%:Ð<Ð<Ø"&Ô":ÐJ˜B˜BÀÀ
	Ø
Ø œL×.Ò.Ñ0Ô0ð ?ð ?‘DAqØ×%Ò% y°Q°*°*¸°*°*Ð&=Ñ>Ô>Ð>Ð>àÔ$ e¨Tð	àð	ð ð	ð 'ð	ð  ð		ð
 ð	ð
 œ(ð	ð Ô'ð	ð ”Kð	ð ð	ð (ð	õ $œØ¨D°tÀSÐPTÝ$Ô,ðñ ô ð &,¤]×%8Ò%8Ñ%:Ô%:Ô"Ø'/Ô$Ý—’Ø?Ø˜dÔ0°°"°Ô5ñô ð ð øõ Ô1µ:Ô3LÍgÐVð ð ð Ý—’ÐKÈQÑOÔOÐOØuuuuuøøøøðøøøð
	Ø#(ˆDÔ Ø×ÒÑÔÐÐøÝð 	ð 	ð 	ÝLŠLÐMÈqÑQÔQÐQØ55555øøøøð	øøøõ 	ŠÐ>ÀÔASÐAYÐWYÐ[^Ð\^Ð[^Ô@_Ñ`Ô`Ð`ØˆtsJ   Â9AD ÄEÄ+$EÅEÆDJ Ê!K Ê:KËK Ë$L  Ì 
L0Ì
L+Ì+L0r§   Úcommandc                 ó0  •—  t          ¦   «         j        ||fi |¤Ž}|                     dd¦  «        dk    r_|                      |                     dd¦  «        ¦  «        r6| j        r/|                      ¦   «         r t          ¦   «         j        ||fi |¤Ž}|S )a
  Execute a command, auto-recovering from dead containers.

        If the container was removed out-of-band (idle reaper, docker prune,
        OOM kill, daemon restart), detect the error and recreate the container
        transparently before retrying once.
        rb   r   rH  r§   )ró   Úexecuter:  rO  rö   rX  )r  rY  rÅ   Úkwargsru   r6  s        €r   r[  zDockerEnvironment.execute&  s§   ø€ ð !•‘”” ¨#Ð8Ð8°Ð8Ð8ˆàJŠJ| QÑ'Ô'¨1Ò,Ð,Ø×'Ò'¨¯
ª
°8¸RÑ(@Ô(@ÑAÔAð -àÔ.ð -ð ×'Ò'Ñ)Ô)ð AØ(™œœ¨°#Ð@Ð@¸Ð@Ð@Øˆr   c                  ó\  — t           t           S 	 t          ¦   «         pd} t          j        | dddgdddt          j        ¬¦  «        }|j                             ¦   «                              ¦   «         }|d	k    rd
a d
S t          j        | ddddgdddt          j        ¬¦  «        }|j        dk    rC|j                             ¦   «         }|r%t          j        | d|gddt          j        ¬¦  «         da nd
a n# t          $ r d
a Y nw xY wt                               dt           ¦  «         t           S )zìCheck if Docker's storage driver supports --storage-opt size=.
        
        Only overlay2 on XFS with pquota supports per-container disk quotas.
        Ubuntu (and most distros) default to ext4, where this flag errors out.
        Nr>   rl   rD   z{{.Driver}}Trz   rV   Úoverlay2FÚcreaterÕ   zsize=1mzhello-worldrE   r   rS   r»   rñ   z Docker --storage-opt support: %s)r¸   rZ   r\   r]   r^   rd   r   Úlowerrb   r*   r   ra   )r>   ru   ÚdriverÚproberw   s        r   r  z(DockerEnvironment._storage_opt_supported7  sa  € õ Ð&Ý"Ð"ð	$Ý ‘]”]Ð. hˆFÝ”^Ø˜ ¨]Ð;Ø#¨$¸Ý Ô(ðñ ô ˆFð
 ”]×(Ò(Ñ*Ô*×0Ò0Ñ2Ô2ˆFØ˜Ò#Ð#Ø"'Øuõ ”NØ˜ ?°I¸}ÐMØ#¨$¸Ý Ô(ðñ ô ˆEð
 Ô 1Ò$Ð$à$œ|×1Ò1Ñ3Ô3Øð =Ý”N F¨D°,Ð#?Ø26ÀÝ)3Ô);ð=ñ =ô =ð =ð #'à"'øøÝð 	$ð 	$ð 	$Ø#ˆOˆOˆOð	$øøøåŠÐ7½ÑIÔIÐIÝÐs   A*C5 Á<A8C5 Ã5DÄDr/  rS  c                 ó¦  — 	 t          j        | j        dddddd|› dd|› ddgd	d	d
dt           j        ¬¦  «        }n?# t           j        t
          f$ r&}t                               d|¦  «         Y d}~dS d}~ww xY w|j        dk    r:t                               d|j        |j	         
                    ¦   «         ¦  «         dS d„ |j                             ¦   «         D ¦   «         }|sdS d}d}|D ]`}|                     dd¦  «        }	t          |	¦  «        dk    rŒ,|	d         |	d                              ¦   «         }}
|€|
|f}|dk    r|€|
|f}Œa|p|S )uƒ  Look for an existing container labeled for this (task, profile).

        Returns ``(container_id, state)`` on hit, ``None`` on miss / on any
        failure (including ``docker ps`` itself failing). State is one of the
        values Docker reports via ``{{.State}}`` â€” e.g. ``running``, ``exited``,
        ``created``, ``paused``, ``restarting``, ``dead``. The caller decides
        whether the state warrants ``docker start`` before reuse.

        Restricted to the docker-stored label set this class creates; never
        matches containers that happened to be named ``hermes-*`` but were
        started by some other tool.
        rB   rC   r?   r@   zlabel=hermes-task-id=rA   rD   z{{.ID}}	{{.State}}Trz   FrF   u;   docker ps probe failed: %s â€” will start a fresh containerNr   u@   docker ps probe returned %d: %s â€” will start a fresh containerc                 ó^   — g | ]*}|                      ¦   «         ¯|                      ¦   «         ‘Œ+S rM   rN   rO   s     r   rR   z>DockerEnvironment._find_reusable_container.<locals>.<listcomp>‡  s-   € ÐOÐOÐO ÀBÇHÂHÁJÄJÐO—’‘”ÐOÐOÐOr   ú	rW   é   rç   )r\   r]   r  r^   r_   r`   r   ra   rb   rc   r   rd   re   ÚsplitÚlenr`  )r  r/  rS  ru   ro   Úlinesrç   r®   rQ   Úpartsrr   r3  s               r   r  z*DockerEnvironment._find_reusable_containerb  s·  € ð	Ý”^àÔ$ d¨DØÐ 6ØÐ D¸
Ð DÐ DØÐ G¸Ð GÐ GØÐ 5ðð  $ØØØÝ Ô(ðñ ô ˆFˆFøõ Ô)­7Ð3ð 	ð 	ð 	ÝLŠLÐVÐXYÑZÔZÐZØ44444øøøøð	øøøð Ô Ò!Ð!ÝLŠLØRØÔ! 6¤=×#6Ò#6Ñ#8Ô#8ñô ð ð 4ØOÐO f¤m×&>Ò&>Ñ&@Ô&@ÐOÑOÔOˆØð 	Ø4ð ˆØˆØð 	'ð 	'ˆBØ—H’H˜T 1Ñ%Ô%ˆEÝ5‰zŒz˜QŠˆØØ˜qœ 5¨¤8§>¢>Ñ#3Ô#3ˆCØˆ}Ø˜e˜Ø˜	Ò!Ð! g oØ ˜,øØÐ˜%Ðs   ‚:= ½A9ÁA4Á4A9)Úforce_removerk  c                óà  ‡‡‡‡	‡
— | j         Š‰s2| j        s)| j        | j        fD ]}|rt	          j        |d¬¦  «         ŒdS |rdŠ
dŠ	n| j        r	d| _         dS dŠ
dŠ	| j        Š‰dd…         Šd
ˆˆˆˆ	ˆ
fd„}ddl}| 	                    |dd‰› ¬	¦  «        }| 
                    ¦   «          || _        d| _         ‰	r0| j        s+| j        | j        fD ]}|rt	          j        |d¬¦  «         ŒdS dS dS )u}	  Tear down the container according to persist mode and *force_remove*.

        Persist-mode (``persist_across_processes=True``, the default) leaves the
        container **running** untouched. The docs promise "ONE long-lived
        container shared across sessions" and stopping it on every Hermes exit
        breaks that promise:

        * Background processes inside the container (``npm run dev``, watchers,
          long-running pytest) get killed every time the user runs ``/quit``.
        * Every reuse requires ``docker start`` + waiting for the container to
          come back up, adding 1â€“2s to the first tool call of the new session.
        * The user-visible difference between "ONE long-lived container" and
          "a new container that happens to share state" is exactly this:
          processes survive in the former, die in the latter.

        Resource reclamation for the persist-mode case lives in the
        ``reap_orphan_containers()`` path (see issue #20561 commit 3): if no
        Hermes process touches a labeled container for ``2 Ã— lifetime_seconds``
        it gets ``docker rm -f``'d at the next Hermes startup. That covers the
        SIGKILL / OOM / abandoned-laptop cases without us needing to stop the
        container on every graceful exit.

        Opt-out mode (``persist_across_processes=False``) still does
        ``docker stop`` + ``docker rm -f`` on every cleanup, matching the
        pre-PR behavior for users who explicitly want per-process isolation.

        ``force_remove=True`` overrides persist mode and always tears the
        container down (``docker stop`` + ``docker rm -f``). This is the
        explicit-teardown path for ``/reset``, ``cleanup_vm(task_id)``-driven
        resets, or any caller that wants a guaranteed fresh container on next
        ``DockerEnvironment(task_id=...)``. No current caller passes
        ``force_remove=True``; the parameter is here so the explicit-teardown
        semantics can be wired up later without changing this method's
        signature.

        Cleanup runs on a daemon thread with bounded ``subprocess.run`` calls
        (not the racy ``Popen(... &)`` pattern from before PR #33645). The
        atexit hook in ``tools/terminal_tool.py`` waits up to 15s for the
        thread to finish before the interpreter exits, so ``docker stop`` /
        ``docker rm`` actually completes when we do trigger it.
        T)Úignore_errorsNrX   r
   c                  ó²  •— ‰rh	 t          j        ‰ddd‰gddt           j        ¬¦  «         n?# t           j        t          f$ r&} t
                               d‰| ¦  «         Y d } ~ nd } ~ ww xY w‰ri	 t          j        ‰dd	‰gddt           j        ¬¦  «         d S # t           j        t          f$ r'} t
                               d
‰| ¦  «         Y d } ~ d S d } ~ ww xY wd S )NÚstopz-tÚ10TrU   rñ   z%docker stop %s timed out / failed: %srS   rT   rY   )r\   r]   r^   r_   r`   r   r   )ro   rw   r<   Úlog_idÚshould_removeÚshould_stops    €€€€€r   Ú_do_cleanupz.DockerEnvironment.cleanup.<locals>._do_cleanupë  sH  ø€ Øð WðWÝ”NØ# V¨T°4¸ÐFØ'+°RÝ(Ô0ðñ ô ð ð øõ
 #Ô1µ7Ð;ð Wð Wð WÝ—N’NÐ#JÈFÐTUÑVÔVÐVÐVÐVÐVÐVÐVøøøøðWøøøàð LðLÝ”NØ# T¨4°Ð>Ø'+°RÝ(Ô0ðñ ô ð ð ð øõ
 #Ô1µ7Ð;ð Lð Lð LÝ—N’NÐ#?ÀÈÑKÔKÐKÐKÐKÐKÐKÐKÐKøøøøðLøøøðLð Ls-   …'- ­A)ÁA$Á$A)Á/&B ÂCÂ-CÃCr   zhermes-cleanup-)ÚtargetÚdaemonÚname©r
   N)rú   rõ   r  r  rŒ   Úrmtreerö   r  Ú	threadingÚThreadrè   Ú_cleanup_thread)r  rk  Údrt  rz  Útrw   r<   rq  rr  rs  s         @@@@@r   ÚcleanupzDockerEnvironment.cleanupœ  s©  øøøøø€ ðT Ô)ˆØð 	ð Ô#ð =ØÔ-¨t¬~Ð>ð =ð =AØð =Ýœ a°tÐ<Ñ<Ô<Ð<øØˆFð ð 	!ØˆKØ ˆMˆMØÔ+ð 	!ð "&ˆDÔØˆFàˆKØ ˆMð Ô%ˆ
Ø˜c˜r˜cÔ"ˆð	Lð 	Lð 	Lð 	Lð 	Lð 	Lð 	Lð 	Lð 	Lð 	Lð4 	ÐÐÐØ×Ò K¸ÐC]ÐU[ÐC]ÐC]ÐÑ^Ô^ˆØ	Š‰	Œ	ˆ	Ø ˆÔØ!ˆÔð
 ð 	9 Ô!1ð 	9ØÔ)¨4¬>Ð:ð 9ð 9Øð 9Ý”M !°4Ð8Ñ8Ô8Ð8øð	9ð 	9ð 	9ð 	9ð9ð 9r   ç      >@c                 óª   — t          | dd¦  «        }||                     ¦   «         sdS |                     |¬¦  «         |                     ¦   «          S )uÀ  Block up to *timeout* seconds for the cleanup worker thread.

        Returns ``True`` if the thread finished (or no thread was started),
        ``False`` on timeout. The atexit hook in terminal_tool.py calls this
        on every active environment so docker stop/rm actually completes
        before the Python process exits â€” without this, ``hermes /quit``
        races the interpreter shutdown and leaves stopped containers behind.
        r|  NT)rI   )r´   Úis_aliver  )r  rI   Úthreads      r   Úwait_for_cleanupz"DockerEnvironment.wait_for_cleanup  sU   € õ ˜Ð0°$Ñ7Ô7ˆØˆ> §¢Ñ!2Ô!2ˆ>Ø4ØŠ˜GˆÑ$Ô$Ð$Ø—?’?Ñ$Ô$Ð$Ð$r   )rÃ   rÄ   r   r   r   Fr7   NNNTNFFNT)r§   )r€  )Ú__name__Ú
__module__Ú__qualname__Ú__doc__r   r!   r"   r#   r   r   rô   r  r\   ÚPopenrG  rN  rO  rX  r[  Ústaticmethodr  r   Útupler  r  r„  Ú__classcell__)r6  s   @r   rÂ   rÂ   ÷  s	  ø€ € € € € ð	ð 	ð ØØØØØ&+Ø ØØ(,ØØØØ$Ø!&ØØ)-ð%Jð JàðJð ðJð ð	Jð
 ðJð ðJð ðJð  $ðJð ðJð ðJð ˜#”Y Ñ%ðJð D‰[ðJð ðJð ðJð ðJð  ð!Jð" ð#Jð$ #'ð%Jð Jð Jð Jð Jð JðX d¨3¤ið ð ð ð ð@ ;@Ø!$Ø+/ð,ð ,ð , Cð ,°4ð ,Øð,à! D™jð,à4>Ô4Dð,ð ,ð ,ð ,ð6ÐðE¨ð E°ð Eð Eð Eð EðP Tð Pð Pð Pð Pðdð ˜sð ¨ð Àð ð ð ð ð ð ð" ð( Dð (ð (ð (ñ „\ð(ðT8 °3ð 8 Àsð 8 ÈxÐX]Ð^aÐcfÐ^fÔXgÔOhð 8 ð 8 ð 8 ð 8 ðt /4ð u9ð u9ð u9 tð u9ð u9ð u9ð u9ðn%ð %¨ð %¸ð %ð %ð %ð %ð %ð %ð %ð %r   rÂ   )Frx  )2rˆ  rª   Úloggingr†   r}   rŒ   r\   r   r  Úpathlibr   Útypingr   r  r   r   Útools.environments.localr   Ú	getLoggerr…  r   rŽ   r   r   Ú__annotations__Úcompiler   r   r   r   r%   r+   r0   r3   r9   r!   rv   rj   rZ   r    rŸ   rž   r¡   r#   r¤   r¯   r·   r¸   rÀ   rÂ   rM   r   r   ú<module>r”     s–  ððð ð ð €€€Ø €€€Ø 	€	€	€	Ø 	€	€	€	Ø €€€Ø Ð Ð Ð Ø 
€
€
€
Ø €€€Ø Ð Ð Ð Ð Ð Ø Ð Ð Ð Ð Ð à @Ð @Ð @Ð @Ð @Ð @Ð @Ð @Ø CÐ CÐ CÐ CÐ CÐ Cà	ˆÔ	˜8Ñ	$Ô	$€ðð ð Ð ð %)Ð H˜S”MÐ (Ð (Ñ (Ø2”:Ð9Ñ:Ô:Ð ð¨d°3¬i¸$Ñ.>ð À4ÈÄ9ð ð ð ð ð2˜T D™[ð ¨T°#°s°(¬^ð ð ð ð ð<˜t C¨ Hœ~ð ð ð ð ð  R”ZÐ 2Ñ3Ô3Ð ð ð ¨ð ð ð ð ð #ð ð ð ð ð" Ø!%Ø!ð	[ð [ð [àð[ð ˜$‘Jð[ð d‘
ð	[ð
 	ð[ð [ð [ð [ð|  sð  ¸#ð  ð  ð  ð  ðF*X˜c”]ð *ð *ð *ð *ðx	ð 	ð 	Ð ð @Ð Ø;€ðð ð Ð ð+ð +¨4ð +¸4ð +ÈDÐQTÌIð +ð +ð +ð +ð*H¨Cð *H¸ð *HÀð *Hð *Hð *Hð *HðZ ¨#¤ð ð ð ð ð$ #'€˜$”Ð &Ð &Ñ &ð@ð @ð @ð @ðFi%ð i%ð i%ð i%ð i%˜ñ i%ô i%ð i%ð i%ð i%r   