Spaces:

RaBU1234
/

Sendbox

Sleeping

App Files Files Community

RaBU1234 commited on Nov 6, 2025

Commit

f12014d

verified ·

1 Parent(s): 1448de0

Update simple-sandbox-manager.js

Browse files

Files changed (1) hide show

simple-sandbox-manager.js +24 -375

simple-sandbox-manager.js CHANGED Viewed

@@ -1,375 +1,24 @@
-const { spawn, exec } = require('child_process');
-const fs = require('fs').promises;
-const path = require('path');
-const { EventEmitter } = require('events');
-const FirecrackerManager = require('./firecracker-manager');
-class SimpleSandboxManager extends EventEmitter {
-  constructor() {
-    super();
-    this.sandboxes = new Map();
-    this.processes = new Map();
-    this.basePath = '/tmp/sandboxes';
-    this.portCounter = 3000;
-    this.streamClients = new Map();
-    this.commandData = new Map();
-    this.firecrackerManager = new FirecrackerManager();
-    this.useFirecracker = false;
-  }
-  async initialize() {
-    await fs.mkdir(this.basePath, { recursive: true });
-    // Initialize Firecracker
-    await this.firecrackerManager.initialize();
-    this.useFirecracker = this.firecrackerManager.firecrackerAvailable;
-    console.log(`✅ Sandbox Manager initialized (Firecracker: ${this.useFirecracker ? 'enabled' : 'disabled'})`);
-  }
-  async createSandbox(sandboxId, options = {}) {
-    const { timeout = 600000, ports = [] } = options;
-    const sandboxPath = path.join(this.basePath, sandboxId);
-    await fs.mkdir(sandboxPath, { recursive: true });
-    const workspacePath = path.join(sandboxPath, 'workspace');
-    await fs.mkdir(workspacePath, { recursive: true });
-    const port = this.portCounter++;
-    const sandbox = {
-      sandboxId,
-      path: sandboxPath,
-      workspacePath,
-      port,
-      exposedPorts: ports,
-      timeout,
-      createdAt: Date.now(),
-      lastActivity: Date.now(),
-      status: 'ready',
-      vm: null
-    };
-    // Create Firecracker VM if available
-    if (this.useFirecracker) {
-      try {
-        const vm = await this.firecrackerManager.createVM(sandboxId);
-        await this.firecrackerManager.startVM(sandboxId);
-        sandbox.vm = vm;
-        console.log(`🔥 Firecracker VM created for ${sandboxId}`);
-      } catch (error) {
-        console.warn(`⚠️ Firecracker VM creation failed, falling back: ${error.message}`);
-        this.useFirecracker = false;
-      }
-    }
-    this.sandboxes.set(sandboxId, sandbox);
-    console.log(`✅ Sandbox created: ${sandboxId} (port: ${port})`);
-    return sandbox;
-  }
-  addStreamClient(sandboxId, commandId, res) {
-    const key = `${sandboxId}:${commandId}`;
-    if (!this.streamClients.has(key)) {
-      this.streamClients.set(key, []);
-    }
-    this.streamClients.get(key).push(res);
-    res.on('close', () => {
-      const clients = this.streamClients.get(key);
-      if (clients) {
-        const index = clients.indexOf(res);
-        if (index > -1) clients.splice(index, 1);
-      }
-    });
-  }
-  sendToStreamClients(sandboxId, commandId, type, data) {
-    const key = `${sandboxId}:${commandId}`;
-    const clients = this.streamClients.get(key);
-    if (clients && clients.length > 0) {
-      const message = `data: ${JSON.stringify({ type, data, timestamp: Date.now() })}
-`;
-      clients.forEach(client => {
-        try {
-          client.write(message);
-        } catch (e) {
-          console.error('Stream write error:', e);
-        }
-      });
-    }
-  }
-  async executeCommand(sandboxId, command, args = [], options = {}) {
-    const sandbox = this.sandboxes.get(sandboxId);
-    if (!sandbox) throw new Error('Sandbox not found');
-    sandbox.lastActivity = Date.now();
-    const { background = false, timeout = 300000 } = options;
-    const fullCommand = `${command} ${args.join(' ')}`;
-    let isolatedCommand;
-    if (sandbox.vm && this.useFirecracker) {
-      // Execute in Firecracker VM
-      console.log(`🔥 Executing in Firecracker: ${command}`);
-      // This would route through Firecracker API
-      // For now, fallback to direct execution
-      isolatedCommand = `sh -c "cd ${sandbox.workspacePath} && ${fullCommand}"`;
-    } else {
-      // Direct execution with resource limits
-      isolatedCommand = `sh -c "cd ${sandbox.workspacePath} && ulimit -t 300 -v 1048576 && timeout 300s ${fullCommand}"`;
-    }
-    if (background) {
-      return this.startBackgroundProcess(sandboxId, isolatedCommand, sandbox.path, sandbox.port);
-    } else {
-      return this.startStreamingCommand(sandboxId, isolatedCommand, sandbox.path, timeout);
-    }
-  }
-  startStreamingCommand(sandboxId, command, cwd, timeout) {
-    return new Promise((resolve, reject) => {
-      const cmdId = `cmd-${Date.now()}`;
-      const dataKey = `${sandboxId}:${cmdId}`;
-      this.commandData.set(dataKey, {
-        stdout: '',
-        stderr: '',
-        exitCode: null,
-        startedAt: Date.now()
-      });
-      const proc = spawn('sh', ['-c', command], {
-        cwd,
-        stdio: ['ignore', 'pipe', 'pipe'],
-        env: {
-          ...process.env,
-          NODE_ENV: 'sandbox',
-          PYTHONUNBUFFERED: '1'
-        }
-      });
-      let completed = false;
-      const timeoutId = setTimeout(() => {
-        if (!completed) {
-          proc.kill('SIGTERM');
-          this.sendToStreamClients(sandboxId, cmdId, 'error', 'Command timeout');
-        }
-      }, timeout);
-      proc.stdout.on('data', (data) => {
-        const output = data.toString();
-        const cmdData = this.commandData.get(dataKey);
-        if (cmdData) cmdData.stdout += output;
-        console.log(`[${sandboxId}][stdout]: ${output.trim()}`);
-        this.sendToStreamClients(sandboxId, cmdId, 'stdout', output);
-      });
-      proc.stderr.on('data', (data) => {
-        const output = data.toString();
-        const cmdData = this.commandData.get(dataKey);
-        if (cmdData) cmdData.stderr += output;
-        console.log(`[${sandboxId}][stderr]: ${output.trim()}`);
-        this.sendToStreamClients(sandboxId, cmdId, 'stderr', output);
-      });
-      proc.on('exit', (code) => {
-        completed = true;
-        clearTimeout(timeoutId);
-        const cmdData = this.commandData.get(dataKey);
-        if (cmdData) cmdData.exitCode = code;
-        console.log(`[${sandboxId}] Command exited with code: ${code}`);
-        this.sendToStreamClients(sandboxId, cmdId, 'complete', {
-          exitCode: code,
-          stdout: cmdData?.stdout || '',
-          stderr: cmdData?.stderr || ''
-        });
-        resolve({
-          commandId: cmdId,
-          exitCode: code,
-          stdout: cmdData?.stdout || '',
-          stderr: cmdData?.stderr || '',
-          streaming: true
-        });
-        setTimeout(() => this.commandData.delete(dataKey), 5 * 60 * 1000);
-      });
-      proc.on('error', (error) => {
-        completed = true;
-        clearTimeout(timeoutId);
-        this.sendToStreamClients(sandboxId, cmdId, 'error', error.message);
-        reject(error);
-      });
-      setTimeout(() => {
-        if (!completed) {
-          resolve({
-            commandId: cmdId,
-            status: 'streaming',
-            message: 'Command started, streaming output'
-          });
-        }
-      }, 100);
-    });
-  }
-  startBackgroundProcess(sandboxId, command, cwd, port) {
-    return new Promise((resolve, reject) => {
-      const cmdId = `cmd-${Date.now()}`;
-      const proc = spawn('sh', ['-c', command], {
-        cwd,
-        detached: true,
-        stdio: ['ignore', 'pipe', 'pipe'],
-        env: {
-          ...process.env,
-          PORT: port.toString(),
-          NODE_ENV: 'development'
-        }
-      });
-      proc.unref();
-      let stdout = '';
-      let stderr = '';
-      proc.stdout.on('data', (data) => {
-        stdout += data.toString();
-        console.log(`[${sandboxId}][stdout]: ${data.toString().trim()}`);
-      });
-      proc.stderr.on('data', (data) => {
-        stderr += data.toString();
-        console.log(`[${sandboxId}][stderr]: ${data.toString().trim()}`);
-      });
-      this.processes.set(sandboxId, {
-        cmdId,
-        process: proc,
-        port,
-        stdout,
-        stderr,
-        startedAt: Date.now()
-      });
-      setTimeout(() => {
-        if (proc.exitCode !== null) {
-          reject(new Error('Process exited immediately'));
-        } else {
-          resolve({
-            commandId: cmdId,
-            status: 'running',
-            pid: proc.pid,
-            port
-          });
-        }
-      }, 2000);
-    });
-  }
-  async writeFiles(sandboxId, files) {
-    const sandbox = this.sandboxes.get(sandboxId);
-    if (!sandbox) throw new Error('Sandbox not found');
-    sandbox.lastActivity = Date.now();
-    for (const file of files) {
-      const filePath = file.path;
-      let fileContent = file.content;
-      if (typeof fileContent === 'object' && fileContent !== null) {
-        fileContent = JSON.stringify(fileContent, null, 2);
-      }
-      if (typeof fileContent !== 'string') {
-        fileContent = String(fileContent);
-      }
-      const fullPath = path.join(sandbox.workspacePath, filePath);
-      const dir = path.dirname(fullPath);
-      await fs.mkdir(dir, { recursive: true });
-      await fs.writeFile(fullPath, fileContent, 'utf-8');
-      console.log(`📝 File written: ${filePath}`);
-    }
-  }
-  async readFile(sandboxId, filePath) {
-    const sandbox = this.sandboxes.get(sandboxId);
-    if (!sandbox) throw new Error('Sandbox not found');
-    const fullPath = path.join(sandbox.workspacePath, filePath);
-    const content = await fs.readFile(fullPath, 'utf-8');
-    return content;
-  }
-  async destroySandbox(sandboxId) {
-    const sandbox = this.sandboxes.get(sandboxId);
-    if (!sandbox) return;
-    console.log(`🧹 Destroying sandbox: ${sandboxId}`);
-    // Stop Firecracker VM if exists
-    if (sandbox.vm) {
-      await this.firecrackerManager.stopVM(sandboxId);
-    }
-    const procInfo = this.processes.get(sandboxId);
-    if (procInfo) {
-      try {
-        process.kill(-procInfo.process.pid, 'SIGTERM');
-        this.processes.delete(sandboxId);
-      } catch (e) {
-        console.error('Process kill error:', e.message);
-      }
-    }
-    try {
-      await fs.rm(sandbox.path, { recursive: true, force: true });
-    } catch (e) {
-      console.error('File cleanup error:', e.message);
-    }
-    this.sandboxes.delete(sandboxId);
-    console.log(`✅ Sandbox destroyed: ${sandboxId}`);
-  }
-  getSandbox(sandboxId) {
-    return this.sandboxes.get(sandboxId);
-  }
-  getProcess(sandboxId) {
-    return this.processes.get(sandboxId);
-  }
-  async cleanupInactive() {
-    const now = Date.now();
-    for (const [id, sandbox] of this.sandboxes.entries()) {
-      const inactive = (now - sandbox.lastActivity) > (15 * 60 * 1000);
-      const timedOut = (now - sandbox.createdAt) > sandbox.timeout;
-      if (inactive || timedOut) {
-        console.log(`⏰ Cleaning up sandbox: ${id} (${timedOut ? 'timeout' : 'inactive'})`);
-        await this.destroySandbox(id);
-      }
-    }
-  }
-}
-module.exports = SimpleSandboxManager;

+async executeCommand(sandboxId, command, args = [], options = {}) {
+  const sandbox = this.sandboxes.get(sandboxId);
+  if (!sandbox) throw new Error('Sandbox not found');
+  sandbox.lastActivity = Date.now();
+  const { background = false, timeout = 300000 } = options;
+  const fullCommand = `${command} ${args.join(' ')}`;
+  // ✅ Pragmatic approach - resource limits without complex isolation
+  // ulimit: limit CPU time (300s), virtual memory (1GB), file size (1GB)
+  // timeout: additional safety net
+  const isolatedCommand = `sh -c "
+    cd ${sandbox.workspacePath} && \\
+    ulimit -t 300 -v 1048576 -f 1048576 && \\
+    timeout 300s ${fullCommand}
+  "`;
+  if (background) {
+    return this.startBackgroundProcess(sandboxId, isolatedCommand, sandbox.path, sandbox.port);
+  } else {
+    return this.startStreamingCommand(sandboxId, isolatedCommand, sandbox.path, timeout);
+  }
+}