Spaces:

likhonsheikh
/

vortex-intercepter

Runtime error

App Files Files Community

vortex-intercepter / app.py

likhonsheikh

Upload folder using huggingface_hub

2f6a76d verified about 2 months ago

raw

history blame contribute delete

4.84 kB

	import gradio as gr

	DOCS = """
	# 🌀 Vortex Intercepter

	Secure sandbox infrastructure for running AI-generated code in isolated Linux/Xfce environments.

	## Features

	- 🛡️ gVisor RuntimeClass - Kernel-level isolation
	- 🔐 JWT Session Auth - Secure access via nginx proxy
	- 🌐 NetworkPolicy Default-Deny - Controller-only ingress
	- 🔒 Seccomp Filtering - Syscall whitelist
	- ⚡ Resource Limits - 512Mi memory, 500m CPU, 150 PIDs
	- ⏱️ Auto-Expiry - 15-minute TTL with cleanup

	## Architecture

	```
	┌─────────────┐ ┌─────────────┐ ┌─────────────────┐
	│ Client │────▶│ Nginx Proxy │────▶│ Controller │
	│ (Browser) │ JWT │ (JWT Valid) │ │ (TypeScript) │
	└─────────────┘ └─────────────┘ └────────┬────────┘
	│
	┌─────────────────────┼─────────────────────┐
	│ │ │
	┌──────▼──────┐ ┌──────▼──────┐ ┌──────▼──────┐
	│ Sandbox 1 │ │ Sandbox 2 │ │ Sandbox N │
	│ (gVisor) │ │ (gVisor) │ │ (gVisor) │
	│ Xfce+noVNC │ │ Xfce+noVNC │ │ Xfce+noVNC │
	└─────────────┘ └─────────────┘ └─────────────┘
	```

	## Quick Start

	```bash
	git clone https://huggingface.co/spaces/vortex-intercepter/vortex-intercepter
	cd vortex-intercepter

	# Build and run
	make up

	# Create sandbox
	curl -X POST http://localhost:3000/api/sandbox/create \\
	-H "Content-Type: application/json" \\
	-d '{"owner":"myuser"}'
	```

	## API Endpoints

	\| Method \| Endpoint \| Description \|
	\|--------\|----------\|-------------\|
	\| POST \| `/api/sandbox/create` \| Create new sandbox \|
	\| GET \| `/api/sandbox/list` \| List all sandboxes \|
	\| GET \| `/api/sandbox/:id/info` \| Get sandbox details \|
	\| POST \| `/api/sandbox/stop` \| Stop a sandbox \|

	## Security Layers

	1. Container Isolation - Each sandbox runs in isolated container
	2. gVisor - User-space kernel for syscall interception
	3. Seccomp - Block dangerous syscalls (mount, ptrace)
	4. Capabilities - Drop ALL, add only SETUID/SETGID
	5. Network - Default deny, controller-only access
	6. Resources - Strict CPU/memory/PID limits
	7. TTL - Auto-destroy after 15 minutes
	"""

	API_EXAMPLE = '''
	# Create Sandbox
	curl -X POST http://localhost:3000/api/sandbox/create \\
	-H "Content-Type: application/json" \\
	-d '{"owner":"demo-user"}'

	# Response
	{
	"sandbox": {
	"id": "a1b2c3d4-...",
	"containerId": "abc123...",
	"containerIp": "172.28.0.5",
	"createdAt": "2024-01-01T00:00:00Z",
	"expiresAt": "2024-01-01T00:15:00Z"
	},
	"token": "eyJhbGciOiJIUzI1NiIs..."
	}
	'''

	def simulate_api(owner: str) -> str:
	import uuid
	import json
	from datetime import datetime, timedelta

	sandbox_id = str(uuid.uuid4())
	now = datetime.utcnow()

	response = {
	"sandbox": {
	"id": sandbox_id,
	"containerId": f"container-{sandbox_id[:12]}",
	"containerIp": "172.28.0.5",
	"owner": owner or "anonymous",
	"createdAt": now.isoformat() + "Z",
	"expiresAt": (now + timedelta(minutes=15)).isoformat() + "Z"
	},
	"token": f"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYW5kYm94SWQiOiJ7sandbox_id[:8]}...\"}"
	}
	return json.dumps(response, indent=2)

	with gr.Blocks(title="Vortex Intercepter", theme=gr.themes.Soft()) as demo:
	gr.Markdown(DOCS)

	with gr.Accordion("🧪 API Simulator", open=False):
	gr.Markdown("Simulate the sandbox creation API (demo only)")
	owner_input = gr.Textbox(label="Owner ID", placeholder="demo-user")
	simulate_btn = gr.Button("Create Sandbox (Simulated)")
	output = gr.Code(label="API Response", language="json")
	simulate_btn.click(simulate_api, inputs=owner_input, outputs=output)

	with gr.Accordion("📝 API Example", open=False):
	gr.Code(API_EXAMPLE, language="bash")

	gr.Markdown("""
	---
	Repository: [GitHub](https://github.com/vortex-intercepter/vortex-intercepter) \|
	License: MIT \|
	Author: Matrix Agent
	""")

	if __name__ == "__main__":
	demo.launch()