MCPcopy
hub / github.com/docker/docker-agent / runInSandbox

Function runInSandbox

cmd/root/sandbox.go:119–255  ·  view source on GitHub ↗

runInSandbox delegates the current command to a Docker sandbox. It ensures a sandbox exists (creating or recreating as needed), then executes docker agent inside it via the sandbox exec command. agentCfg, when non-nil, is the parsed agent config already loaded by resolveSandboxDefault and is used t

(ctx context.Context, cmd *cobra.Command, args []string, runConfig *config.RuntimeConfig, template string, preferSbx, noKit bool, agentCfg *latestcfg.Config)

Source from the content-addressed store, hash-verified

117// resolveSandboxDefault and is used to read runtime.network_allowlist
118// without re-resolving the ref.
119func runInSandbox(ctx context.Context, cmd *cobra.Command, args []string, runConfig *config.RuntimeConfig, template string, preferSbx, noKit bool, agentCfg *latestcfg.Config) error {
120 if environment.InSandbox() {
121 return fmt.Errorf("already running inside a Docker sandbox (VM %s)", os.Getenv("SANDBOX_VM_ID"))
122 }
123
124 backend := sandbox.NewBackend(preferSbx)
125
126 if err := backend.CheckAvailable(ctx); err != nil {
127 return err
128 }
129
130 var agentRef string
131 if len(args) > 0 {
132 agentRef = args[0]
133 }
134
135 configDir := paths.GetConfigDir()
136 dockerAgentArgs := dockerAgentArgs(cmd, args, configDir)
137
138 stopTokenWriter := sandbox.StartTokenWriterIfNeeded(ctx, configDir, runConfig.ModelsGateway)
139 defer stopTokenWriter()
140
141 // Resolve wd to an absolute path so that it matches the absolute
142 // workspace paths returned by `docker sandbox ls --json`.
143 wd, err := filepath.Abs(cmp.Or(runConfig.WorkingDir, "."))
144 if err != nil {
145 return fmt.Errorf("resolving workspace path: %w", err)
146 }
147
148 envProvider := environment.NewDefaultProvider()
149
150 extras := []string{sandbox.ExtraWorkspace(wd, agentRef)}
151
152 var kitResult *kit.Result
153 if !noKit && agentRef != "" {
154 kitResult, err = kit.Build(ctx, kit.Options{
155 AgentRef: agentRef,
156 EnvProvider: envProvider,
157 HostCwd: wd,
158 Workspace: wd,
159 })
160 if err != nil {
161 slog.WarnContext(ctx, "docker-agent kit build failed; continuing without kit", "error", err)
162 } else {
163 kitResult.PrintSummary(cmd.OutOrStdout())
164 extras = append(extras, kitResult.HostDir)
165 // We deliberately keep the kit on disk between runs:
166 // the docker sandbox we reuse across runs holds a hard
167 // reference to the kit's bind-mount path — deleting the
168 // dir would leave the sandbox un-startable. The kit lives
169 // in the cache dir keyed on a content hash, so the next
170 // run for the same agent overwrites it in place; disk
171 // usage is bounded by the number of distinct agents the
172 // user has run.
173 }
174 }
175
176 agentHosts := agentNetworkAllowlist(ctx, agentCfg)

Callers 1

runRunCommandMethod · 0.85

Calls 15

CheckAvailableMethod · 0.95
PrintSummaryMethod · 0.95
EnsureMethod · 0.95
BuildExecCmdMethod · 0.95
InSandboxFunction · 0.92
NewBackendFunction · 0.92
GetConfigDirFunction · 0.92
StartTokenWriterIfNeededFunction · 0.92
NewDefaultProviderFunction · 0.92
ExtraWorkspaceFunction · 0.92
BuildFunction · 0.92
EnvForAgentFunction · 0.92

Tested by

no test coverage detected