KiOUdZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl m Z ddl m Z ddlmZejeZgdZdae eed<ejdZd eedzd eefd Zd eeeffd Zd e efd ZgdZdae e ed<ddZ!Gdde Z"dS)zDocker execution environment for sandboxed command execution. Security hardened (cap-drop ALL, no-new-privileges, PID limits), configurable resource limits (CPU, memory, disk), and optional filesystem persistence via bind mounts. N)Optional)BaseEnvironment)is_interrupted)z/usr/local/bin/dockerz/opt/homebrew/bin/dockerz6/Applications/Docker.app/Contents/Resources/bin/docker_docker_executablez^[A-Za-z_][A-Za-z0-9_]*$ forward_envreturncg}t}|pgD]}t|tstd|3|}|sJt |std|||vr||| ||S)z?Return a deduplicated list of valid environment variable names.z0Ignoring non-string docker_forward_env entry: %rz-Ignoring invalid docker_forward_env entry: %r) set isinstancestrloggerwarningstrip_ENV_VAR_NAME_REmatchaddappend)r normalizedseenitemkeys 6/home/ubuntu/hermes-agent/tools/environments/docker.py_normalize_forward_env_namesr&sJUUD!r$$$  NNMt T T T jjll  %%c**  NNJD Q Q Q  $;;   # cL ddlm}|piS#t$ricYSwxYw)zDLoad ~/.hermes/.env values without failing Docker command execution.rload_env)hermes_cli.configr Exceptionrs r_load_hermes_env_varsr ?sN......xzzR  s  ##c(ttStjd}|r|a|StD]a}tj|r@t j|tjr!|at d||cSbdS)a5Locate the docker CLI binary. Checks ``shutil.which`` first (respects PATH), then probes well-known install locations on macOS where Docker Desktop may not be in PATH (e.g. when running as a gateway service via launchd). Returns the absolute path, or ``None`` if docker cannot be found. Ndockerz%Found docker at non-PATH location: %s) rshutilwhich_DOCKER_SEARCH_PATHSospathisfileaccessX_OKr info)foundr's r find_dockerr-Is%!! L " "E " $ 7>>$   BIdBG$<$< !%  KK? F F FKKK 4r)z --cap-dropALL --cap-add DAC_OVERRIDEr/CHOWNr/FOWNERz--security-optzno-new-privilegesz --pids-limit256--tmpfsz/tmp:rw,nosuid,size=512mr4z#/var/tmp:rw,noexec,nosuid,size=256mr4z/run:rw,noexec,nosuid,size=64m_storage_opt_okct}|s)tdtd t j|dgddd}|jdkrHtd||j|jtd dS#t$r-td |d td tj $r-td |d tdt$rtdd wxYw)zBest-effort check that the docker CLI is available before use. Reuses ``find_docker()`` so this preflight stays consistent with the rest of the Docker backend, including known non-PATH Docker Desktop locations. zDocker backend selected but no docker executable was found in PATH or known install locations. Install Docker Desktop and ensure the CLI is available.z|Docker executable not found in PATH or known install locations. Install Docker and ensure the 'docker' command is available.versionTcapture_outputtexttimeoutrzIDocker backend selected but '%s version' failed (exit code %d, stderr=%s)zXDocker command is available but 'docker version' failed. Check your Docker installation.zVDocker backend selected but the resolved docker executable '%s' could not be executed.)exc_infozHDocker executable could not be executed. Check your Docker installation.zYDocker backend selected but '%s version' timed out. The Docker daemon may not be running.zHDocker daemon is not responding. Ensure Docker is running and try again.z4Unexpected error while checking Docker availability.N) r-r error RuntimeError subprocessrun returncodestderrrFileNotFoundErrorTimeoutExpiredr) docker_exeresults r_ensure_docker_availablerH{s J         K   -  #    B   ! ! LL,! ##%%    2  " !7             V     $      4      V     B      s B**BEceZdZdZ dd ed ed ed ed edededededeedzdededeffd Z e defdZ d dddded ed edzdedzde f dZ dZxZS)!DockerEnvironmentuHardened Docker container execution with resource limits and persistence. Security: all capabilities dropped, no privilege escalation, PID limits, size-limited tmpfs for scratch dirs. The container itself is the security boundary — the filesystem inside is writable so agents can install packages (pip, npm, apt) as needed. Writable workspace via tmpfs or bind mounts. Persistence: when enabled, bind mounts preserve /workspace and /root across container restarts. /root<rFdefaultNTimagecwdr<cpumemorydiskpersistent_filesystemtask_idvolumesrnetworkhost_cwdauto_mount_cwdc |dkrd}t||||_||_||_t | |_d|_t d| | 4t| tst d| g} tg}|dkr$|dt|g|dkr|d|d g|dkrZt jd krJ|r|d d |d gnt d | s|dddlm}g}d}| pgD]}t|tst d|5|}|sLd|vr|d|gd|vrd}nt d|d| r| rSkipping docker cwd mount: host_cwd is not a valid directory: r"home)exist_okz:/root workspacer4z/workspace:rw,exec,size=10g)r4z/home:rw,exec,size=1gr4z/root:rw,exec,size=1gz,Mounting configured host cwd to /workspace: zDSkipping docker cwd mount: /workspace already mounted by user config)get_credential_file_mountsget_skills_directory_mount host_pathcontainer_pathz:roz$Docker: mounting credential %s -> %sz$Docker: mounting skills dir %s -> %sz1Docker: could not load credential file mounts: %szDocker volume_args: zDocker run_args: zhermes-rAz-dz--name-wsleep2hzStarting container:  x)r:r;r<checkzStarted container z ( ))/super__init__ _base_image _persistent_task_idr _forward_env _container_idr r+r listrrHextendr sysplatform_storage_opt_supportedrtools.environments.baser^rr&r'abspath expanduserboolisdirdebug_workspace_dir _home_dirmakedirstools.credential_filesrdrer_SECURITY_ARGSr- _docker_exeuuiduuid4hexjoinr@rAstdout)!selfrNrOr<rPrQrRrSrTrUrrVrWrX resource_argsr^ volume_argsworkspace_explicitly_mountedvol host_cwd_abs bind_host_cwd writable_argssandboxrdre mount_entry skills_mounte all_run_argscontainer_namerun_cmdrG __class__s! rrrzDockerEnvironment.__init__s #::C S'222 0 8EE,0 ;';;<<<  z'4'@'@  NNN7NN O O OG !""" 77  (CHH!5 6 6 6 A::  *lll!; < < < !88 00**,, $$ot%GHHHHe 3  !1 2 2 2 <;;;;; ',$Mr Q QCc3'' NsNNOOO))++C czz""D#;/// C''370OOOOPPPPHPXrwrw'9'9('C'CDDDVX  1\"" 1 l++ 110   fh frw}}\/J/J f LLdZbdd e e e-1(,   %o''(2WN2OTTT$ : , 016577L ""#K0VV<@P3QVVV$ : - !12  Q Q Q LLLa P P P P P P P P Q  8;88999N++m;mKkY  6 66777'==4H:4:<<#3BQB#799  eT n #           ?CHHW,=,=??@@@     $]0022 UUU4;Mcrc;RUUUVVVVVsCS T#TTrcttS tpd}tj|dddgddd}|j}|d krd ad Stj|d d d dgddd}|jdkr8|j}|rtj|d|gdddand an#t$rd aYnwxYwt dttS)zCheck if Docker's storage driver supports --storage-opt size=. Only overlay2 on XFS with pquota supports per-container disk quotas. Ubuntu (and most distros) default to ext4, where this flag errors out. Nr"r+z--formatz {{.Driver}}T r9overlay2Fcreater]zsize=1mz hello-worldrrmr8)r:r<z Docker --storage-opt support: %s) r5r-r@rArrlowerrBrr r)r"rGdriverprobe container_ids rr|z(DockerEnvironment._storage_opt_supportedxsR  &" " $ ]].hF^];#$F]((**0022F##"'uN?I}M#$E1$$$|1133 CNFD,#?26CCCC"&"' $ $ $#OOO $ 7IIIsAC1A"C C#"C#r`)r< stdin_datacommandrc|||\}}|p|j}|p|j}||||z} n||} n|} |dks|dr d|d|}d}|js Jd|jdg} | | d| d |gt|j } d d l m } | | z} n#t$rYnwxYw| rtni} t| D]K}tj|}|| |}|| d |d |gL| |jdd|g gt%j| t$jt$j| r t$jn t$jd| rE j| jn#t$rYnwxYwfd}t5j|d}|t;j|z}tAr! "dn)#t$j#$r$YnwxYw|%dd%dzddSt;j|kr?$|%d|&|St;j'd|%dd%j(dS#t$r}d|ddcYd}~Sd}~wwxYw)NrZz~/zcd z && /zContainer not startedexecz-irir)get_all_passthroughz-e=bashz-lcT)rrCstdinr;cj jD]}|dS#t$rYdSwxYw)N)rrr)line_output_chunksprocs r_drainz)DockerEnvironment.execute.._drains\ $ 44&--d333344 DDs $ 22)targetdaemon)r<r`z [Command interrupted])outputrBg?r8zDocker execution error: ))_prepare_commandrOr< startswithrwrrryr rvtools.env_passthroughrrr sortedr&getenvgetr@PopenPIPESTDOUTDEVNULLrwriteclose threadingThreadstarttime monotonicpollr terminatewaitrEkillr_timeout_resultrjrB)rrrOr<r exec_command sudo_stdinwork_direffective_timeouteffective_stdincmd forward_keysr hermes_envrvaluerreaderdeadlinerrrs @@rexecutezDockerEnvironment.executesm$(#8#8#A#A j?$(#3t|  !j&<(:5OO  #(OO(O s??h11$77?===|==LH!::#:::!(  & JJt    D(#$$$4,--   A A A A A A //11 1LL    D 0<D*,,," ,'' 5 5CIcNNE}"s++  DS"2"25"2"23444 D&|DEEE/ ON#!z/@)8Pjooj>P D  J$$_555J$$&&&& D      %VDAAAF LLNNN~''*;;H))++%!## NN$$$$ ! ,,,,%4$$$ $KKK***"$''."9"9##h..IIKKKKKK***//0ABBB 3!))++%$ KKK " " " ggn55T_UU U O O O<</dev/null 2>&1 &T)shellzFailed to stop container %s: %sNz sleep 3 && z >/dev/null 2>&1 &) ignore_errors) rwrr@rrr rrtrrr#rmtree)rstop_cmdrds rcleanupzDockerEnvironment.cleanups   & YX4#3XX4;MXX'XX040BXXX 66666 Y Y Y@$BTVWXXXXXXXX Y# $ed&6eet?Qeee"!D!%D  9)4>: 9 99M!48888 9 9 9 9s)9A A8 !A33A8'B++ B87B8) rKrLrrrFrMNNTNF)r`)__name__ __module__ __qualname____doc__r intfloatrrxrr staticmethodr|dictrr __classcell__)rs@rrJrJs  &+ (,$mWmWmWmW mW  mW  mWmW $mWmWmW#Y%mWmWmWmWmWmWmWmWmW^%D%%%\%NZO&*)-ZOZOZOsZOZOtZO$JZO26ZOZOZOZOx9999999rrJ)rN)#rloggingr&rer#r@rzrrrtypingrr}rtools.interruptr getLoggerrr r%rr __annotations__compilerrxrrr r-rr5rrHrJrrrs   333333******  8 $ $  %)HSM(((2:9::d3i$.>492tCH~Xc]D   #'$&&&????DZ9Z9Z9Z9Z9Z9Z9Z9Z9Z9r