Hugging Face's logo

Spaces:
likhonsheikh
/
vortex-intercepter
Runtime error

App Files Community
vortex-intercepter
File size: 4,840 Bytes 
2f6a76d
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
 
import gradio as gr

DOCS = """
# πŸŒ€ Vortex Intercepter

**Secure sandbox infrastructure for running AI-generated code in isolated Linux/Xfce environments.**

## Features

- πŸ›‘οΈ **gVisor RuntimeClass** - Kernel-level isolation
- πŸ” **JWT Session Auth** - Secure access via nginx proxy
- 🌐 **NetworkPolicy Default-Deny** - Controller-only ingress
- πŸ”’ **Seccomp Filtering** - Syscall whitelist
- ⚑ **Resource Limits** - 512Mi memory, 500m CPU, 150 PIDs
- ⏱️ **Auto-Expiry** - 15-minute TTL with cleanup

## Architecture

```
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚   Client    │────▢│ Nginx Proxy │────▢│   Controller    β”‚
β”‚  (Browser)  β”‚ JWT β”‚ (JWT Valid) β”‚     β”‚  (TypeScript)   β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                                 β”‚
                           β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                           β”‚                     β”‚                     β”‚
                    β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”       β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”       β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”
                    β”‚  Sandbox 1  β”‚       β”‚  Sandbox 2  β”‚       β”‚  Sandbox N  β”‚
                    β”‚  (gVisor)   β”‚       β”‚  (gVisor)   β”‚       β”‚  (gVisor)   β”‚
                    β”‚ Xfce+noVNC  β”‚       β”‚ Xfce+noVNC  β”‚       β”‚ Xfce+noVNC  β”‚
                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜       β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜       β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
```

## Quick Start

```bash
git clone https://huggingface.co/spaces/vortex-intercepter/vortex-intercepter
cd vortex-intercepter

# Build and run
make up

# Create sandbox
curl -X POST http://localhost:3000/api/sandbox/create \\
  -H "Content-Type: application/json" \\
  -d '{"owner":"myuser"}'
```

## API Endpoints

| Method | Endpoint | Description |
|--------|----------|-------------|
| POST | `/api/sandbox/create` | Create new sandbox |
| GET | `/api/sandbox/list` | List all sandboxes |
| GET | `/api/sandbox/:id/info` | Get sandbox details |
| POST | `/api/sandbox/stop` | Stop a sandbox |

## Security Layers

1. **Container Isolation** - Each sandbox runs in isolated container
2. **gVisor** - User-space kernel for syscall interception
3. **Seccomp** - Block dangerous syscalls (mount, ptrace)
4. **Capabilities** - Drop ALL, add only SETUID/SETGID
5. **Network** - Default deny, controller-only access
6. **Resources** - Strict CPU/memory/PID limits
7. **TTL** - Auto-destroy after 15 minutes
"""

API_EXAMPLE = '''
# Create Sandbox
curl -X POST http://localhost:3000/api/sandbox/create \\
  -H "Content-Type: application/json" \\
  -d '{"owner":"demo-user"}'

# Response
{
  "sandbox": {
    "id": "a1b2c3d4-...",
    "containerId": "abc123...",
    "containerIp": "172.28.0.5",
    "createdAt": "2024-01-01T00:00:00Z",
    "expiresAt": "2024-01-01T00:15:00Z"
  },
  "token": "eyJhbGciOiJIUzI1NiIs..."
}
'''

def simulate_api(owner: str) -> str:
    import uuid
    import json
    from datetime import datetime, timedelta

    sandbox_id = str(uuid.uuid4())
    now = datetime.utcnow()

    response = {
        "sandbox": {
            "id": sandbox_id,
            "containerId": f"container-{sandbox_id[:12]}",
            "containerIp": "172.28.0.5",
            "owner": owner or "anonymous",
            "createdAt": now.isoformat() + "Z",
            "expiresAt": (now + timedelta(minutes=15)).isoformat() + "Z"
        },
        "token": f"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYW5kYm94SWQiOiJ7sandbox_id[:8]}...\"}"
    }
    return json.dumps(response, indent=2)

with gr.Blocks(title="Vortex Intercepter", theme=gr.themes.Soft()) as demo:
    gr.Markdown(DOCS)

    with gr.Accordion("πŸ§ͺ API Simulator", open=False):
        gr.Markdown("Simulate the sandbox creation API (demo only)")
        owner_input = gr.Textbox(label="Owner ID", placeholder="demo-user")
        simulate_btn = gr.Button("Create Sandbox (Simulated)")
        output = gr.Code(label="API Response", language="json")
        simulate_btn.click(simulate_api, inputs=owner_input, outputs=output)

    with gr.Accordion("πŸ“ API Example", open=False):
        gr.Code(API_EXAMPLE, language="bash")

    gr.Markdown("""
---
**Repository**: [GitHub](https://github.com/vortex-intercepter/vortex-intercepter) |
**License**: MIT |
**Author**: Matrix Agent
""")

if __name__ == "__main__":
    demo.launch()