Update gvisor-manager.js

gvisor-manager.js

@@ -1,182 +1,177 @@
-const { Docker } = require('dockerode');
 const { spawn, exec } = require('child_process');
 const fs = require('fs').promises;
 const path = require('path');
 
-class GVisorSandboxManager {
+class SimpleSandboxManager {
   constructor() {
-    this.docker = new Docker({ socketPath: '/var/run/docker.sock' });
     this.sandboxes = new Map();
+    this.processes = new Map();
+    this.basePath = '/tmp/sandboxes';
   }
 
   async initialize() {
-    try {
-      // Start Docker daemon
-      this.dockerProcess = spawn('dockerd', [
-        '--host=unix:///var/run/docker.sock',
-        '--config-file=/etc/docker/daemon.json'
-      ], {
-        detached: true,
-        stdio: 'ignore'
-      });
-      
-      this.dockerProcess.unref();
-      
-      // Wait for Docker to be ready
-      await this.waitForDocker();
-      console.log('✅ Docker daemon started with gVisor runtime');
-      
-      // Pull base image
-      await this.pullImage('node:18-alpine');
-      console.log('✅ Base image ready');
-      
-    } catch (e) {
-      console.error('⚠️ Docker initialization error:', e.message);
-    }
-  }
-
-  async waitForDocker(maxAttempts = 30) {
-    for (let i = 0; i < maxAttempts; i++) {
-      try {
-        await this.docker.ping();
-        return true;
-      } catch (e) {
-        await new Promise(resolve => setTimeout(resolve, 1000));
-      }
-    }
-    throw new Error('Docker daemon failed to start');
-  }
-
-  async pullImage(image) {
-    return new Promise((resolve, reject) => {
-      this.docker.pull(image, (err, stream) => {
-        if (err) return reject(err);
-        
-        this.docker.modem.followProgress(stream, (err, output) => {
-          if (err) reject(err);
-          else resolve(output);
-        });
-      });
-    });
+    await fs.mkdir(this.basePath, { recursive: true });
+    console.log('✅ Simple Sandbox Manager initialized');
   }
 
   async createSandbox(sandboxId) {
-    const containerName = `sandbox-${sandboxId}`;
+    const sandboxPath = path.join(this.basePath, sandboxId);
+    await fs.mkdir(sandboxPath, { recursive: true });
     
-    // Create container with gVisor runtime
-    const container = await this.docker.createContainer({
-      name: containerName,
-      Image: 'node:18-alpine',
-      
-      // Use gVisor runtime
-      HostConfig: {
-        Runtime: 'runsc',
-        
-        // Resource limits
-        Memory: 512 * 1024 * 1024,        // 512MB
-        MemorySwap: 512 * 1024 * 1024,
-        CpuQuota: 50000,
-        CpuPeriod: 100000,
-        PidsLimit: 100,
-        
-        // Network isolation (optional)
-        NetworkMode: 'bridge',
-        
-        // Security
-        SecurityOpt: ['no-new-privileges'],
-        CapDrop: ['ALL'],
-        CapAdd: ['NET_BIND_SERVICE'],
-        
-        // Filesystem
-        ReadonlyRootfs: false,
-        Tmpfs: {
-          '/tmp': 'rw,noexec,nosuid,size=100m',
-          '/workspace': 'rw,exec,nosuid,size=500m'
-        }
-      },
-      
-      WorkingDir: '/workspace',
-      
-      // Keep container running
-      Cmd: ['sh', '-c', 'while true; do sleep 3600; done'],
-      
-      // Environment
-      Env: [
-        'NODE_ENV=sandbox',
-        'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
-      ]
-    });
-    
-    await container.start();
+    // Create workspace directory
+    const workspacePath = path.join(sandboxPath, 'workspace');
+    await fs.mkdir(workspacePath, { recursive: true });
     
     const sandbox = {
       sandboxId,
-      container,
-      containerId: container.id,
+      path: sandboxPath,
+      workspacePath,
       createdAt: Date.now(),
-      status: 'running'
+      lastActivity: Date.now(),
+      status: 'ready'
     };
     
     this.sandboxes.set(sandboxId, sandbox);
+    console.log(`✅ Sandbox created: ${sandboxId}`);
     
-    console.log(`✅ gVisor sandbox created: ${sandboxId}`);
     return sandbox;
   }
 
-  async executeCommand(sandboxId, command, args = []) {
+  async executeCommand(sandboxId, command, args = [], options = {}) {
     const sandbox = this.sandboxes.get(sandboxId);
     if (!sandbox) throw new Error('Sandbox not found');
     
-    const fullCommand = `${command} ${args.join(' ')}`;
+    sandbox.lastActivity = Date.now();
     
-    const exec = await sandbox.container.exec({
-      Cmd: ['sh', '-c', fullCommand],
-      AttachStdout: true,
-      AttachStderr: true,
-      WorkingDir: '/workspace'
-    });
+    const { background = false, timeout = 300000 } = options;
+    
+    // Security: Whitelist commands
+    const allowedCommands = [
+      'node', 'npm', 'npx', 'python3', 'python', 'pip', 
+      'go', 'cat', 'ls', 'mkdir', 'echo', 'touch', 
+      'rm', 'cp', 'mv', 'pwd', 'which'
+    ];
+    
+    const baseCommand = command.split(' ')[0];
+    if (!allowedCommands.includes(baseCommand)) {
+      throw new Error(`Command not allowed: ${baseCommand}`);
+    }
     
+    const fullCommand = `${command} ${args.join(' ')}`;
+    
+    if (background) {
+      // Background process (dev server)
+      return this.startBackgroundProcess(sandboxId, fullCommand, sandbox.workspacePath);
+    } else {
+      // Synchronous command
+      return this.runSyncCommand(fullCommand, sandbox.workspacePath, timeout);
+    }
+  }
+
+  startBackgroundProcess(sandboxId, command, cwd) {
     return new Promise((resolve, reject) => {
-      exec.start({ hijack: true, stdin: false }, (err, stream) => {
-        if (err) return reject(err);
-        
-        let stdout = '';
-        let stderr = '';
-        
-        stream.on('data', (chunk) => {
-          const str = chunk.toString();
-          stdout += str;
-        });
-        
-        stream.on('end', async () => {
-          const inspectData = await exec.inspect();
+      const cmdId = `cmd-${Date.now()}`;
+      
+      const proc = spawn('sh', ['-c', command], {
+        cwd,
+        detached: true,
+        stdio: ['ignore', 'pipe', 'pipe'],
+        env: {
+          ...process.env,
+          PORT: '3000',
+          NODE_ENV: 'development'
+        }
+      });
+      
+      proc.unref();
+      
+      let stdout = '';
+      let stderr = '';
+      
+      proc.stdout.on('data', (data) => {
+        stdout += data.toString();
+        console.log(`[${sandboxId}][stdout]: ${data.toString().trim()}`);
+      });
+      
+      proc.stderr.on('data', (data) => {
+        stderr += data.toString();
+        console.log(`[${sandboxId}][stderr]: ${data.toString().trim()}`);
+      });
+      
+      // Store process
+      this.processes.set(sandboxId, {
+        cmdId,
+        process: proc,
+        stdout,
+        stderr,
+        startedAt: Date.now()
+      });
+      
+      // Wait a bit to check if it started successfully
+      setTimeout(() => {
+        if (proc.exitCode !== null) {
+          reject(new Error('Process exited immediately'));
+        } else {
           resolve({
-            exitCode: inspectData.ExitCode,
-            stdout,
-            stderr
+            commandId: cmdId,
+            status: 'running',
+            pid: proc.pid
           });
+        }
+      }, 2000);
+    });
+  }
+
+  runSyncCommand(command, cwd, timeout) {
+    return new Promise((resolve, reject) => {
+      exec(command, {
+        cwd,
+        timeout,
+        maxBuffer: 10 * 1024 * 1024, // 10MB
+        env: {
+          ...process.env,
+          NODE_ENV: 'sandbox'
+        }
+      }, (error, stdout, stderr) => {
+        resolve({
+          exitCode: error ? (error.code || 1) : 0,
+          stdout: stdout.toString(),
+          stderr: stderr.toString()
         });
       });
     });
   }
 
+  async stopCommand(sandboxId) {
+    const procInfo = this.processes.get(sandboxId);
+    if (!procInfo) {
+      throw new Error('No running process found');
+    }
+    
+    try {
+      // Kill process group
+      process.kill(-procInfo.process.pid, 'SIGTERM');
+      this.processes.delete(sandboxId);
+      console.log(`🛑 Process stopped for ${sandboxId}`);
+      return { stopped: true };
+    } catch (e) {
+      console.error('Failed to stop process:', e);
+      throw e;
+    }
+  }
+
   async writeFiles(sandboxId, files) {
     const sandbox = this.sandboxes.get(sandboxId);
     if (!sandbox) throw new Error('Sandbox not found');
     
+    sandbox.lastActivity = Date.now();
+    
     for (const file of files) {
-      const filePath = path.join('/workspace', file.path);
-      const dir = path.dirname(filePath);
-      
-      // Create directory
-      await this.executeCommand(sandboxId, 'mkdir', ['-p', dir]);
+      const fullPath = path.join(sandbox.workspacePath, file.path);
+      const dir = path.dirname(fullPath);
       
-      // Write file using echo (base64 encoded to handle special chars)
-      const base64Content = Buffer.from(file.content).toString('base64');
-      await this.executeCommand(sandboxId, 'sh', [
-        '-c',
-        `echo '${base64Content}' | base64 -d > ${filePath}`
-      ]);
+      await fs.mkdir(dir, { recursive: true });
+      await fs.writeFile(fullPath, file.content, 'utf-8');
       
       console.log(`📝 File written: ${file.path}`);
     }
@@ -186,11 +181,24 @@ class GVisorSandboxManager {
     const sandbox = this.sandboxes.get(sandboxId);
     if (!sandbox) throw new Error('Sandbox not found');
     
-    const result = await this.executeCommand(sandboxId, 'cat', [
-      path.join('/workspace', filePath)
-    ]);
+    const fullPath = path.join(sandbox.workspacePath, filePath);
+    const content = await fs.readFile(fullPath, 'utf-8');
     
-    return result.stdout;
+    return content;
+  }
+
+  async listFiles(sandboxId, dirPath = '.') {
+    const sandbox = this.sandboxes.get(sandboxId);
+    if (!sandbox) throw new Error('Sandbox not found');
+    
+    const fullPath = path.join(sandbox.workspacePath, dirPath);
+    const files = await fs.readdir(fullPath, { withFileTypes: true });
+    
+    return files.map(file => ({
+      name: file.name,
+      isDirectory: file.isDirectory(),
+      path: path.join(dirPath, file.name)
+    }));
   }
 
   async destroySandbox(sandboxId) {
@@ -199,19 +207,47 @@ class GVisorSandboxManager {
     
     console.log(`🧹 Destroying sandbox: ${sandboxId}`);
     
+    // Stop any running processes
+    const procInfo = this.processes.get(sandboxId);
+    if (procInfo) {
+      try {
+        process.kill(-procInfo.process.pid, 'SIGTERM');
+        this.processes.delete(sandboxId);
+      } catch (e) {
+        console.error('Process kill error:', e.message);
+      }
+    }
+    
+    // Remove files
     try {
-      await sandbox.container.stop({ t: 5 });
-      await sandbox.container.remove({ force: true });
-      this.sandboxes.delete(sandboxId);
-      console.log(`✅ Sandbox destroyed: ${sandboxId}`);
+      await fs.rm(sandbox.path, { recursive: true, force: true });
     } catch (e) {
-      console.error('⚠️ Cleanup error:', e.message);
+      console.error('File cleanup error:', e.message);
     }
+    
+    this.sandboxes.delete(sandboxId);
+    console.log(`✅ Sandbox destroyed: ${sandboxId}`);
   }
 
   getSandbox(sandboxId) {
     return this.sandboxes.get(sandboxId);
   }
+
+  getProcess(sandboxId) {
+    return this.processes.get(sandboxId);
+  }
+
+  // Cleanup inactive sandboxes
+  async cleanupInactive(inactiveTimeout = 15 * 60 * 1000) {
+    const now = Date.now();
+    
+    for (const [id, sandbox] of this.sandboxes.entries()) {
+      if (now - sandbox.lastActivity > inactiveTimeout) {
+        console.log(`⏰ Cleaning up inactive sandbox: ${id}`);
+        await this.destroySandbox(id);
+      }
+    }
+  }
 }
 
-module.exports = GVisorSandboxManager;
+module.exports = SimpleSandboxManager;