container

package

v0.0.0-...-4686852 Latest Latest Go to latest Published: May 15, 2026 License: MIT Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/swamp-dev/agentbox

Links

Open Source Insights

Documentation ¶

Overview ¶

Package container provides Docker container management for agentbox.

Index ¶

func ImageName(imageType string) string
func ParseCPUs(cpus string) (float64, error)
func ParseMemory(mem string) (int64, error)
func ProxyContainerName(baseName string) string
func RestrictedNetworkName(baseName string) string
func ValidateProjectPath(projectPath string) error
type ContainerConfig
- func ConfigToContainerConfig(cfg *config.Config, projectPath string, cmd []string, env []string) (*ContainerConfig, error)
type Manager
- func NewManager() (*Manager, error)
type RestrictedNetwork

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ImageName ¶

func ImageName(imageType string) string

ImageName returns the full Docker image name for a given image type.

func ParseCPUs ¶

func ParseCPUs(cpus string) (float64, error)

ParseCPUs converts a CPU string to a float.

func ParseMemory ¶

func ParseMemory(mem string) (int64, error)

ParseMemory converts a memory string (e.g., "4g") to bytes.

func ProxyContainerName ¶

func ProxyContainerName(baseName string) string

ProxyContainerName returns the deterministic name for the proxy sidecar.

func RestrictedNetworkName ¶

func RestrictedNetworkName(baseName string) string

RestrictedNetworkName returns the deterministic name for the internal network.

func ValidateProjectPath ¶

func ValidateProjectPath(projectPath string) error

ValidateProjectPath checks that the path is safe to mount.

Types ¶

type ContainerConfig ¶

type ContainerConfig struct {
	Name              string
	Image             string
	WorkDir           string
	ProjectPath       string
	Env               []string
	Cmd               []string
	Network           string
	AllowedEndpoints  []string // host:port pairs for restricted network mode
	Memory            int64
	CPUs              float64
	MountSSH          bool
	MountGit          bool
	MountClaudeConfig bool
	Interactive       bool // allocate TTY and keep stdin open
}

ContainerConfig holds all settings for creating a container.

func ConfigToContainerConfig ¶

func ConfigToContainerConfig(cfg *config.Config, projectPath string, cmd []string, env []string) (*ContainerConfig, error)

ConfigToContainerConfig converts an agentbox config to container config.

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

Manager handles Docker container lifecycle.

func NewManager ¶

func NewManager() (*Manager, error)

NewManager creates a new Docker container manager.

func (*Manager) Attach ¶

func (m *Manager) Attach(ctx context.Context, containerID string) error

Attach connects to a running container's stdin/stdout/stderr.

func (*Manager) Close ¶

func (m *Manager) Close() error

Close cleans up any remaining restricted networks and releases the Docker client resources. This is a safety net for networks not cleaned up by Remove (e.g., if the process was interrupted).

func (*Manager) Create ¶

func (m *Manager) Create(ctx context.Context, cfg *ContainerConfig) (string, error)

Create builds and starts a new container with the given configuration.

func (*Manager) CreateRestrictedNetwork ¶

func (m *Manager) CreateRestrictedNetwork(ctx context.Context, baseName string, agentImage string, allowedHosts []string) (*RestrictedNetwork, error)

CreateRestrictedNetwork creates a Docker internal network and a proxy sidecar container that enforces egress restrictions. The proxy container is created on Docker's default bridge (for internet access) and then connected to the internal network (for agent communication). The agent container should only be on the internal network.

func (*Manager) Logs ¶

func (m *Manager) Logs(ctx context.Context, containerID string) (string, error)

Logs retrieves the container's stdout and stderr.

func (*Manager) Remove ¶

func (m *Manager) Remove(ctx context.Context, containerID string) error

Remove deletes a container and its associated restricted network, if any.

func (*Manager) RemoveRestrictedNetwork ¶

func (m *Manager) RemoveRestrictedNetwork(ctx context.Context, rn *RestrictedNetwork) error

RemoveRestrictedNetwork tears down the proxy container and internal network. It attempts all cleanup steps even if individual steps fail.

func (*Manager) Run ¶

func (m *Manager) Run(ctx context.Context, cfg *ContainerConfig) (string, error)

Run creates a container, runs the command, and returns the output.

func (*Manager) Stop ¶

func (m *Manager) Stop(ctx context.Context, containerID string) error

Stop gracefully stops a running container.

func (*Manager) Wait ¶

func (m *Manager) Wait(ctx context.Context, containerID string) (string, error)

Wait blocks until the container exits and returns its output. It respects context cancellation — if the context is cancelled or times out, the container is killed and partial logs are returned.

type RestrictedNetwork ¶

type RestrictedNetwork struct {
	NetworkID   string
	NetworkName string
	ProxyID     string
	ProxyName   string
	ProxyIP     string // IP on the internal network
}

RestrictedNetwork holds the resources for an egress-restricted network setup.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL