execution

package
v0.0.0-...-6aca404 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

package execution provides pluggable persistence backends for agent state.

package execution provides the actual Docker execution implementation.

package execution provides secure code execution for AI-generated code.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNotFound      = errors.New("checkpoint not found")
	ErrInvalidThread = errors.New("invalid thread id")
	ErrStorageFull   = errors.New("storage capacity exceeded")
)

Functions

func EnsureImages 

func EnsureImages(ctx context.Context, languages []Language, logger *zap.Logger) error

EnsureImages pulls all required images for the sandbox.

func PullImage 

func PullImage(ctx context.Context, image string, logger *zap.Logger) error

PullImage pulls a Docker image if not present.

Types

type Checkpoint 

type Checkpoint struct {
	ID        string         `json:"id"`
	ThreadID  string         `json:"thread_id"`
	ParentID  string         `json:"parent_id,omitempty"`
	State     map[string]any `json:"state"`
	Metadata  Metadata       `json:"metadata"`
	CreatedAt time.Time      `json:"created_at"`
}

Checkpoint represents a saved state at a point in time.

type Checkpointer 

type Checkpointer interface {
	// Put saves a checkpoint.
	Put(ctx context.Context, cp *Checkpoint) error

	// Get retrieves a checkpoint by ID.
	Get(ctx context.Context, threadID, checkpointID string) (*Checkpoint, error)

	// GetLatest retrieves the most recent checkpoint for a thread.
	GetLatest(ctx context.Context, threadID string) (*Checkpoint, error)

	// List returns checkpoints for a thread, ordered by creation time.
	List(ctx context.Context, threadID string, opts ListOptions) ([]*Checkpoint, error)

	// Delete removes a checkpoint.
	Delete(ctx context.Context, threadID, checkpointID string) error

	// DeleteThread removes all checkpoints for a thread.
	DeleteThread(ctx context.Context, threadID string) error
}

Checkpointer defines the interface for checkpoint storage backends.

type CheckpointerConfig 

type CheckpointerConfig struct {
	MaxCheckpointsPerThread int           `json:"max_checkpoints_per_thread"`
	TTL                     time.Duration `json:"ttl"`
	Serde                   Serde         `json:"-"`
}

CheckpointerConfig configures checkpointer behavior.

func DefaultCheckpointerConfig 

func DefaultCheckpointerConfig() CheckpointerConfig

DefaultCheckpointerConfig returns sensible defaults.

type CodeValidator 

type CodeValidator struct {
	// contains filtered or unexported fields
}

CodeValidator validates code before execution.

func NewCodeValidator 

func NewCodeValidator() *CodeValidator

NewCodeValidator creates a code validator.

func (*CodeValidator) Validate 

func (v *CodeValidator) Validate(lang Language, code string) []string

Validate checks code for dangerous patterns.

type DockerBackend 

type DockerBackend struct {
	// contains filtered or unexported fields
}

DockerBackend implements ExecutionBackend using Docker.

func NewDockerBackend 

func NewDockerBackend(logger *zap.Logger) *DockerBackend

NewDockerBackend creates a Docker execution backend.

func NewDockerBackendWithConfig 

func NewDockerBackendWithConfig(logger *zap.Logger, cfg DockerBackendConfig) *DockerBackend

NewDockerBackendWithConfig creates a Docker backend with custom config.

func (*DockerBackend) Cleanup 

func (d *DockerBackend) Cleanup() error

func (*DockerBackend) Execute 

func (d *DockerBackend) Execute(ctx context.Context, req *ExecutionRequest, config SandboxConfig) (*ExecutionResult, error)

func (*DockerBackend) Name 

func (d *DockerBackend) Name() string

type DockerBackendConfig 

type DockerBackendConfig struct {
	ContainerPrefix string              // Prefix for container names
	CleanupOnExit   bool                // Remove containers after execution
	CustomImages    map[Language]string // Override default images
}

DockerBackendConfig configures the Docker backend.

type ExecutionBackend 

type ExecutionBackend interface {
	Execute(ctx context.Context, req *ExecutionRequest, config SandboxConfig) (*ExecutionResult, error)
	Cleanup() error
	Name() string
}

ExecutionBackend defines the interface for execution backends.

type ExecutionMode 

type ExecutionMode string

ExecutionMode defines the sandbox execution mode. 

const (
	ModeDocker ExecutionMode = "docker"
	ModeWASM   ExecutionMode = "wasm"
	ModeNative ExecutionMode = "native" // For trusted environments only
)

type ExecutionRequest 

type ExecutionRequest struct {
	ID       string            `json:"id"`
	Language Language          `json:"language"`
	Code     string            `json:"code"`
	Stdin    string            `json:"stdin,omitempty"`
	Args     []string          `json:"args,omitempty"`
	EnvVars  map[string]string `json:"env_vars,omitempty"`
	Files    map[string]string `json:"files,omitempty"` // filename -> content
	Timeout  time.Duration     `json:"timeout,omitempty"`
}

ExecutionRequest represents a code execution request.

type ExecutionResult 

type ExecutionResult struct {
	ID         string        `json:"id"`
	Success    bool          `json:"success"`
	ExitCode   int           `json:"exit_code"`
	Stdout     string        `json:"stdout"`
	Stderr     string        `json:"stderr"`
	Error      string        `json:"error,omitempty"`
	Duration   time.Duration `json:"duration"`
	MemoryUsed int64         `json:"memory_used_bytes,omitempty"`
	Truncated  bool          `json:"truncated,omitempty"`
}

ExecutionResult represents the result of code execution.

type ExecutorStats 

type ExecutorStats struct {
	TotalExecutions   int64         `json:"total_executions"`
	SuccessExecutions int64         `json:"success_executions"`
	FailedExecutions  int64         `json:"failed_executions"`
	TimeoutExecutions int64         `json:"timeout_executions"`
	TotalDuration     time.Duration `json:"total_duration"`
}

ExecutorStats tracks execution statistics.

type JSONSerde 

type JSONSerde struct{}

JSONSerde implements JSON serialization.

func (JSONSerde) Deserialize 

func (JSONSerde) Deserialize(data []byte, v any) error

func (JSONSerde) Serialize 

func (JSONSerde) Serialize(v any) ([]byte, error)

type Language 

type Language string

Language represents supported programming languages. 

const (
	LangPython     Language = "python"
	LangJavaScript Language = "javascript"
	LangTypeScript Language = "typescript"
	LangGo         Language = "go"
	LangRust       Language = "rust"
	LangBash       Language = "bash"
)

type ListOptions 

type ListOptions struct {
	Limit  int       `json:"limit"`
	Before time.Time `json:"before,omitempty"`
	After  time.Time `json:"after,omitempty"`
}

ListOptions configures checkpoint listing.

type MemoryCheckpointer 

type MemoryCheckpointer struct {
	// contains filtered or unexported fields
}

MemoryCheckpointer implements in-memory checkpoint storage.

func NewMemoryCheckpointer 

func NewMemoryCheckpointer(maxSize int) *MemoryCheckpointer

NewMemoryCheckpointer creates a new in-memory checkpointer.

func (*MemoryCheckpointer) Delete 

func (m *MemoryCheckpointer) Delete(ctx context.Context, threadID, checkpointID string) error

func (*MemoryCheckpointer) DeleteThread 

func (m *MemoryCheckpointer) DeleteThread(ctx context.Context, threadID string) error

func (*MemoryCheckpointer) Get 

func (m *MemoryCheckpointer) Get(ctx context.Context, threadID, checkpointID string) (*Checkpoint, error)

func (*MemoryCheckpointer) GetLatest 

func (m *MemoryCheckpointer) GetLatest(ctx context.Context, threadID string) (*Checkpoint, error)

func (*MemoryCheckpointer) List 

func (m *MemoryCheckpointer) List(ctx context.Context, threadID string, opts ListOptions) ([]*Checkpoint, error)

func (*MemoryCheckpointer) Put 

func (m *MemoryCheckpointer) Put(ctx context.Context, cp *Checkpoint) error

type Metadata 

type Metadata struct {
	Step   int               `json:"step"`
	NodeID string            `json:"node_id,omitempty"`
	Tags   []string          `json:"tags,omitempty"`
	Custom map[string]string `json:"custom,omitempty"`
}

Metadata contains checkpoint metadata.

type ProcessBackend 

type ProcessBackend struct {
	// contains filtered or unexported fields
}

ProcessBackend implements ExecutionBackend using local processes. WARNING: Less secure than Docker - use only in trusted environments.

func NewProcessBackend 

func NewProcessBackend(logger *zap.Logger) *ProcessBackend

NewProcessBackend creates a process-based execution backend.

func NewProcessBackendWithConfig 

func NewProcessBackendWithConfig(logger *zap.Logger, cfg ProcessBackendConfig) *ProcessBackend

NewProcessBackendWithConfig creates a process backend with custom config.

func (*ProcessBackend) Cleanup 

func (p *ProcessBackend) Cleanup() error

func (*ProcessBackend) Execute 

func (p *ProcessBackend) Execute(ctx context.Context, req *ExecutionRequest, config SandboxConfig) (*ExecutionResult, error)

func (*ProcessBackend) Name 

func (p *ProcessBackend) Name() string

type ProcessBackendConfig 

type ProcessBackendConfig struct {
	WorkDir            string // Working directory for execution
	Enabled            bool   // Must explicitly enable (security)
	CustomInterpreters map[Language]string
}

ProcessBackendConfig configures the process backend.

type RealDockerBackend 

type RealDockerBackend struct {
	*DockerBackend
}

RealDockerBackend implements ExecutionBackend using actual Docker CLI.

func NewRealDockerBackend 

func NewRealDockerBackend(logger *zap.Logger) *RealDockerBackend

NewRealDockerBackend creates a Docker backend that actually executes code.

func (*RealDockerBackend) Cleanup 

func (d *RealDockerBackend) Cleanup() error

Cleanup removes all active containers.

func (*RealDockerBackend) Execute 

func (d *RealDockerBackend) Execute(ctx context.Context, req *ExecutionRequest, config SandboxConfig) (*ExecutionResult, error)

Execute runs code in a real Docker container.

type RealProcessBackend 

type RealProcessBackend struct {
	*ProcessBackend
	// contains filtered or unexported fields
}

RealProcessBackend implements ExecutionBackend using actual os/exec.

func NewRealProcessBackend 

func NewRealProcessBackend(logger *zap.Logger, enabled bool) *RealProcessBackend

NewRealProcessBackend creates a process backend that actually executes code. WARNING: Only use in trusted environments with proper sandboxing at OS level.

func (*RealProcessBackend) Execute 

func (p *RealProcessBackend) Execute(ctx context.Context, req *ExecutionRequest, config SandboxConfig) (*ExecutionResult, error)

Execute runs code using local process.

type SandboxConfig 

type SandboxConfig struct {
	Mode             ExecutionMode     `json:"mode"`
	Timeout          time.Duration     `json:"timeout"`
	MaxMemoryMB      int               `json:"max_memory_mb"`
	MaxCPUPercent    int               `json:"max_cpu_percent"`
	NetworkEnabled   bool              `json:"network_enabled"`
	AllowedHosts     []string          `json:"allowed_hosts,omitempty"`
	MountPaths       map[string]string `json:"mount_paths,omitempty"` // host:container
	EnvVars          map[string]string `json:"env_vars,omitempty"`
	MaxOutputBytes   int               `json:"max_output_bytes"`
	AllowedLanguages []Language        `json:"allowed_languages"`
}

SandboxConfig configures the sandbox executor.

func DefaultSandboxConfig 

func DefaultSandboxConfig() SandboxConfig

DefaultSandboxConfig returns secure defaults.

type SandboxExecutor 

type SandboxExecutor struct {
	// contains filtered or unexported fields
}

SandboxExecutor executes code in an isolated environment.

func NewSandboxExecutor 

func NewSandboxExecutor(config SandboxConfig, backend ExecutionBackend, logger *zap.Logger) *SandboxExecutor

NewSandboxExecutor creates a new sandbox executor.

func (*SandboxExecutor) Cleanup 

func (s *SandboxExecutor) Cleanup() error

Cleanup releases resources.

func (*SandboxExecutor) Execute 

func (s *SandboxExecutor) Execute(ctx context.Context, req *ExecutionRequest) (*ExecutionResult, error)

Execute runs code in the sandbox.

func (*SandboxExecutor) Stats 

func (s *SandboxExecutor) Stats() ExecutorStats

Stats returns execution statistics.

type SandboxTool 

type SandboxTool struct {
	// contains filtered or unexported fields
}

SandboxTool wraps the sandbox executor as an agent tool.

func NewSandboxTool 

func NewSandboxTool(executor *SandboxExecutor, logger *zap.Logger) *SandboxTool

NewSandboxTool creates a sandbox tool.

func (*SandboxTool) Execute 

func (t *SandboxTool) Execute(ctx context.Context, args json.RawMessage) (json.RawMessage, error)

Execute runs code through the sandbox.

type Serde 

type Serde interface {
	Serialize(v any) ([]byte, error)
	Deserialize(data []byte, v any) error
}

Serde defines serialization/deserialization interface.

type ThreadManager 

type ThreadManager struct {
	// contains filtered or unexported fields
}

ThreadManager manages multiple threads with checkpointing.

func NewThreadManager 

func NewThreadManager(cp Checkpointer, config CheckpointerConfig) *ThreadManager

NewThreadManager creates a new thread manager.

func (*ThreadManager) GetHistory 

func (tm *ThreadManager) GetHistory(ctx context.Context, threadID string, limit int) ([]*Checkpoint, error)

GetHistory returns checkpoint history for a thread.

func (*ThreadManager) LoadState 

func (tm *ThreadManager) LoadState(ctx context.Context, threadID string) (map[string]any, error)

LoadState loads the latest state for a thread.

func (*ThreadManager) Rollback 

func (tm *ThreadManager) Rollback(ctx context.Context, threadID, checkpointID string) (*Checkpoint, error)

Rollback rolls back to a specific checkpoint.

func (*ThreadManager) SaveState 

func (tm *ThreadManager) SaveState(ctx context.Context, threadID string, state map[string]any, meta Metadata) (*Checkpoint, error)

SaveState saves the current state for a thread.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.