Spaces:

likhonsheikh
/

vortex-intercepter

Runtime error

App Files Files Community

likhonsheikh commited on Dec 9, 2025

Commit

2f6a76d

verified ·

1 Parent(s): 7928d5e

Upload folder using huggingface_hub

Browse files

Files changed (3) hide show

README.md +18 -5
app.py +130 -0
requirements.txt +1 -0

README.md CHANGED Viewed

@@ -1,12 +1,25 @@
 ---
 title: Vortex Intercepter
-emoji: ⚡
-colorFrom: gray
-colorTo: pink
 sdk: gradio
-sdk_version: 6.0.2
 app_file: app.py
 pinned: false
 ---
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference

 ---
 title: Vortex Intercepter
+emoji: 🌀
+colorFrom: indigo
+colorTo: purple
 sdk: gradio
+sdk_version: 4.44.0
 app_file: app.py
 pinned: false
+license: mit
 ---
+# Vortex Intercepter
+Secure sandbox infrastructure for running AI-generated code in isolated Linux/Xfce environments.
+## Features
+- gVisor kernel isolation
+- JWT session authentication
+- Seccomp syscall filtering
+- NetworkPolicy default-deny
+- Auto-expiry (15 min TTL)
+See the app for full documentation and API examples.

app.py ADDED Viewed

	@@ -0,0 +1,130 @@

+import gradio as gr
+DOCS = """
+# 🌀 Vortex Intercepter
+**Secure sandbox infrastructure for running AI-generated code in isolated Linux/Xfce environments.**
+## Features
+- 🛡️ **gVisor RuntimeClass** - Kernel-level isolation
+- 🔐 **JWT Session Auth** - Secure access via nginx proxy
+- 🌐 **NetworkPolicy Default-Deny** - Controller-only ingress
+- 🔒 **Seccomp Filtering** - Syscall whitelist
+- ⚡ **Resource Limits** - 512Mi memory, 500m CPU, 150 PIDs
+- ⏱️ **Auto-Expiry** - 15-minute TTL with cleanup
+## Architecture
+```
+┌─────────────┐     ┌─────────────┐     ┌─────────────────┐
+│   Client    │────▶│ Nginx Proxy │────▶│   Controller    │
+│  (Browser)  │ JWT │ (JWT Valid) │     │  (TypeScript)   │
+└─────────────┘     └─────────────┘     └────────┬────────┘
+                                                 │
+                           ┌─────────────────────┼─────────────────────┐
+                           │                     │                     │
+                    ┌──────▼──────┐       ┌──────▼──────┐       ┌──────▼──────┐
+                    │  Sandbox 1  │       │  Sandbox 2  │       │  Sandbox N  │
+                    │  (gVisor)   │       │  (gVisor)   │       │  (gVisor)   │
+                    │ Xfce+noVNC  │       │ Xfce+noVNC  │       │ Xfce+noVNC  │
+                    └─────────────┘       └─────────────┘       └─────────────┘
+```
+## Quick Start
+```bash
+git clone https://huggingface.co/spaces/vortex-intercepter/vortex-intercepter
+cd vortex-intercepter
+# Build and run
+make up
+# Create sandbox
+curl -X POST http://localhost:3000/api/sandbox/create \\
+  -H "Content-Type: application/json" \\
+  -d '{"owner":"myuser"}'
+```
+## API Endpoints
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| POST | `/api/sandbox/create` | Create new sandbox |
+| GET | `/api/sandbox/list` | List all sandboxes |
+| GET | `/api/sandbox/:id/info` | Get sandbox details |
+| POST | `/api/sandbox/stop` | Stop a sandbox |
+## Security Layers
+1. **Container Isolation** - Each sandbox runs in isolated container
+2. **gVisor** - User-space kernel for syscall interception
+3. **Seccomp** - Block dangerous syscalls (mount, ptrace)
+4. **Capabilities** - Drop ALL, add only SETUID/SETGID
+5. **Network** - Default deny, controller-only access
+6. **Resources** - Strict CPU/memory/PID limits
+7. **TTL** - Auto-destroy after 15 minutes
+"""
+API_EXAMPLE = '''
+# Create Sandbox
+curl -X POST http://localhost:3000/api/sandbox/create \\
+  -H "Content-Type: application/json" \\
+  -d '{"owner":"demo-user"}'
+# Response
+{
+  "sandbox": {
+    "id": "a1b2c3d4-...",
+    "containerId": "abc123...",
+    "containerIp": "172.28.0.5",
+    "createdAt": "2024-01-01T00:00:00Z",
+    "expiresAt": "2024-01-01T00:15:00Z"
+  },
+  "token": "eyJhbGciOiJIUzI1NiIs..."
+}
+'''
+def simulate_api(owner: str) -> str:
+    import uuid
+    import json
+    from datetime import datetime, timedelta
+    sandbox_id = str(uuid.uuid4())
+    now = datetime.utcnow()
+    response = {
+        "sandbox": {
+            "id": sandbox_id,
+            "containerId": f"container-{sandbox_id[:12]}",
+            "containerIp": "172.28.0.5",
+            "owner": owner or "anonymous",
+            "createdAt": now.isoformat() + "Z",
+            "expiresAt": (now + timedelta(minutes=15)).isoformat() + "Z"
+        },
+        "token": f"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYW5kYm94SWQiOiJ7sandbox_id[:8]}...\"}"
+    }
+    return json.dumps(response, indent=2)
+with gr.Blocks(title="Vortex Intercepter", theme=gr.themes.Soft()) as demo:
+    gr.Markdown(DOCS)
+    with gr.Accordion("🧪 API Simulator", open=False):
+        gr.Markdown("Simulate the sandbox creation API (demo only)")
+        owner_input = gr.Textbox(label="Owner ID", placeholder="demo-user")
+        simulate_btn = gr.Button("Create Sandbox (Simulated)")
+        output = gr.Code(label="API Response", language="json")
+        simulate_btn.click(simulate_api, inputs=owner_input, outputs=output)
+    with gr.Accordion("📝 API Example", open=False):
+        gr.Code(API_EXAMPLE, language="bash")
+    gr.Markdown("""
+---
+**Repository**: [GitHub](https://github.com/vortex-intercepter/vortex-intercepter) |
+**License**: MIT |
+**Author**: Matrix Agent
+""")
+if __name__ == "__main__":
+    demo.launch()

requirements.txt ADDED Viewed

	@@ -0,0 +1 @@


1	+ gradio>=4.0.0