From 59f6e5bc4e17e600984aa82a255c3b4344956374 Mon Sep 17 00:00:00 2001 From: MrKan Date: Thu, 9 Apr 2026 23:54:20 +0300 Subject: [PATCH] =?UTF-8?q?=D0=BF=D0=BE=D0=BF=D1=8B=D1=82=D0=BA=D0=B0=20?= =?UTF-8?q?=D1=81=D0=B4=D0=B5=D0=BB=D0=B0=D1=82=D1=8C=20=D0=B8=D0=B7=D0=BE?= =?UTF-8?q?=D0=BB=D1=8F=D1=86=D0=B8=D1=8E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 21 ++++++++++++++------- docker-compose.yml | 4 ++++ src/agent/backends/isolated_shell.py | 14 ++++++++------ src/agent/base.py | 2 +- 4 files changed, 27 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5468f9d..b9bc44e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,18 @@ -FROM python:3.14-slim as base +FROM python:3.14-slim AS base ENV PYTHONDONTWRITEBYTECODE=1 \ PYTHONUNBUFFERED=1 WORKDIR /app -RUN apt update && apt install make -y +RUN apt update && apt install make -y ENV AGENT_USER="agent" -RUN useradd --shell /bin/bash agent ENV WORKSPACE_DIR="/workspace/" -RUN mkdir -p $WORKSPACE_DIR && chown $AGENT_USER:$AGENT_USER $WORKSPACE_DIR +RUN useradd --shell /bin/bash $AGENT_USER \ + && mkdir -p $WORKSPACE_DIR /home/$AGENT_USER \ + && chown -R agent:agent $WORKSPACE_DIR /home/$AGENT_USER -FROM base as builder +FROM base AS builder RUN apt install git -y RUN pip install uv @@ -20,7 +21,7 @@ COPY pyproject.toml uv.lock ./ RUN uv sync --frozen --no-install-project --no-dev RUN uv pip install git+https://git.lambda.coredump.ru/platform/agent_api.git -FROM base as production +FROM base AS production COPY --from=builder /app/.venv /app/.venv ENV PATH="/app/.venv/bin:$PATH" @@ -28,12 +29,15 @@ ENV PATH="/app/.venv/bin:$PATH" COPY src/ /app/src/ COPY Makefile ./ COPY .mk/ ./.mk/ +RUN chown root:root /app && chmod 700 /app +RUN apt install sudo -y && \ + echo "agent ALL=(ALL) NOPASSWD: /usr/bin/apt*" >> /etc/sudoers EXPOSE 8000 CMD ["make", "uvicorn-prod"] -FROM base as development +FROM base AS development RUN pip install uv @@ -47,6 +51,9 @@ ENV PATH="/app/.venv/bin:$PATH" COPY Makefile ./ COPY .mk/ ./.mk/ +RUN chown root:root /app && chmod 700 /app +RUN apt install sudo -y && \ + echo "agent ALL=(ALL) NOPASSWD: /usr/bin/apt*" >> /etc/sudoers EXPOSE 8000 diff --git a/docker-compose.yml b/docker-compose.yml index 3f57d97..d025503 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -23,5 +23,9 @@ services: - "8000:8000" env_file: - .env + cap_add: # для работы bwrap + - SYS_ADMIN + security_opt: # для работы bwrap + - seccomp:unconfined profiles: - dev diff --git a/src/agent/backends/isolated_shell.py b/src/agent/backends/isolated_shell.py index 6aa78ea..468fb1b 100644 --- a/src/agent/backends/isolated_shell.py +++ b/src/agent/backends/isolated_shell.py @@ -3,7 +3,7 @@ import pwd import subprocess from typing import Any -from deepagents.backends.local_shell import LocalShellBackend, DEFAULT_EXECUTE_TIMEOUT +from deepagents.backends.local_shell import LocalShellBackend class IsolatedShellBackend(LocalShellBackend): @@ -34,8 +34,9 @@ class IsolatedShellBackend(LocalShellBackend): f"timeout must be positive, got {effective_timeout}" ) - proc: subprocess.Popen[str] | None = None + proc: subprocess.Popen | None = None try: + print(f"Running shell: {command}") proc = subprocess.Popen( command, shell=True, @@ -69,12 +70,13 @@ class IsolatedShellBackend(LocalShellBackend): if proc.returncode != 0: output = f"{output.rstrip()}\n\nExit code: {proc.returncode}" - return self._make_response(output, proc.returncode, truncated) + result = self._make_response(output, proc.returncode, truncated) + print(result) + return result except subprocess.TimeoutExpired: - if proc: - proc.kill() - proc.communicate() + proc.kill() + proc.communicate() msg = f"Error: Command timed out after {effective_timeout} seconds." return self._make_response(msg, 124, False) diff --git a/src/agent/base.py b/src/agent/base.py index 1cdb820..fe08072 100644 --- a/src/agent/base.py +++ b/src/agent/base.py @@ -15,7 +15,7 @@ def create_agent(): ) workspace_dir = os.environ["WORKSPACE_DIR"] - agent_user = os.environ["AGENT_USER"] + agent_user = os.environ.get("AGENT_USER", "agent") backend = IsolatedShellBackend( user=agent_user,