import gradio as gr DOCS = """ # πŸŒ€ Vortex Intercepter **Secure sandbox infrastructure for running AI-generated code in isolated Linux/Xfce environments.** ## Features - πŸ›‘οΈ **gVisor RuntimeClass** - Kernel-level isolation - πŸ” **JWT Session Auth** - Secure access via nginx proxy - 🌐 **NetworkPolicy Default-Deny** - Controller-only ingress - πŸ”’ **Seccomp Filtering** - Syscall whitelist - ⚑ **Resource Limits** - 512Mi memory, 500m CPU, 150 PIDs - ⏱️ **Auto-Expiry** - 15-minute TTL with cleanup ## Architecture ``` β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ Client │────▢│ Nginx Proxy │────▢│ Controller β”‚ β”‚ (Browser) β”‚ JWT β”‚ (JWT Valid) β”‚ β”‚ (TypeScript) β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚ β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β” β”‚ Sandbox 1 β”‚ β”‚ Sandbox 2 β”‚ β”‚ Sandbox N β”‚ β”‚ (gVisor) β”‚ β”‚ (gVisor) β”‚ β”‚ (gVisor) β”‚ β”‚ Xfce+noVNC β”‚ β”‚ Xfce+noVNC β”‚ β”‚ Xfce+noVNC β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ ``` ## Quick Start ```bash git clone https://huggingface.co/spaces/vortex-intercepter/vortex-intercepter cd vortex-intercepter # Build and run make up # Create sandbox curl -X POST http://localhost:3000/api/sandbox/create \\ -H "Content-Type: application/json" \\ -d '{"owner":"myuser"}' ``` ## API Endpoints | Method | Endpoint | Description | |--------|----------|-------------| | POST | `/api/sandbox/create` | Create new sandbox | | GET | `/api/sandbox/list` | List all sandboxes | | GET | `/api/sandbox/:id/info` | Get sandbox details | | POST | `/api/sandbox/stop` | Stop a sandbox | ## Security Layers 1. **Container Isolation** - Each sandbox runs in isolated container 2. **gVisor** - User-space kernel for syscall interception 3. **Seccomp** - Block dangerous syscalls (mount, ptrace) 4. **Capabilities** - Drop ALL, add only SETUID/SETGID 5. **Network** - Default deny, controller-only access 6. **Resources** - Strict CPU/memory/PID limits 7. **TTL** - Auto-destroy after 15 minutes """ API_EXAMPLE = ''' # Create Sandbox curl -X POST http://localhost:3000/api/sandbox/create \\ -H "Content-Type: application/json" \\ -d '{"owner":"demo-user"}' # Response { "sandbox": { "id": "a1b2c3d4-...", "containerId": "abc123...", "containerIp": "172.28.0.5", "createdAt": "2024-01-01T00:00:00Z", "expiresAt": "2024-01-01T00:15:00Z" }, "token": "eyJhbGciOiJIUzI1NiIs..." } ''' def simulate_api(owner: str) -> str: import uuid import json from datetime import datetime, timedelta sandbox_id = str(uuid.uuid4()) now = datetime.utcnow() response = { "sandbox": { "id": sandbox_id, "containerId": f"container-{sandbox_id[:12]}", "containerIp": "172.28.0.5", "owner": owner or "anonymous", "createdAt": now.isoformat() + "Z", "expiresAt": (now + timedelta(minutes=15)).isoformat() + "Z" }, "token": f"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYW5kYm94SWQiOiJ7sandbox_id[:8]}...\"}" } return json.dumps(response, indent=2) with gr.Blocks(title="Vortex Intercepter", theme=gr.themes.Soft()) as demo: gr.Markdown(DOCS) with gr.Accordion("πŸ§ͺ API Simulator", open=False): gr.Markdown("Simulate the sandbox creation API (demo only)") owner_input = gr.Textbox(label="Owner ID", placeholder="demo-user") simulate_btn = gr.Button("Create Sandbox (Simulated)") output = gr.Code(label="API Response", language="json") simulate_btn.click(simulate_api, inputs=owner_input, outputs=output) with gr.Accordion("πŸ“ API Example", open=False): gr.Code(API_EXAMPLE, language="bash") gr.Markdown(""" --- **Repository**: [GitHub](https://github.com/vortex-intercepter/vortex-intercepter) | **License**: MIT | **Author**: Matrix Agent """) if __name__ == "__main__": demo.launch()