Phase 2: Implement Execution Environment Abstraction (v0.3.0)

This commit implements Phase 2 of the CHORUS Task Execution Engine development plan, providing a comprehensive execution environment abstraction layer with Docker container sandboxing support. ## New Features ### Core Sandbox Interface - Comprehensive ExecutionSandbox interface with isolated task execution - Support for command execution, file I/O, environment management - Resource usage monitoring and sandbox lifecycle management - Standardized error handling with SandboxError types and categories ### Docker Container Sandbox Implementation - Full Docker API integration with secure container creation - Transparent repository mounting with configurable read/write access - Advanced security policies with capability dropping and privilege controls - Comprehensive resource limits (CPU, memory, disk, processes, file handles) - Support for tmpfs mounts, masked paths, and read-only bind mounts - Container lifecycle management with proper cleanup and health monitoring ### Security & Resource Management - Configurable security policies with SELinux, AppArmor, and Seccomp support - Fine-grained capability management with secure defaults - Network isolation options with configurable DNS and proxy settings - Resource monitoring with real-time CPU, memory, and network usage tracking - Comprehensive ulimits configuration for process and file handle limits ### Repository Integration - Seamless repository mounting from local paths to container workspaces - Git configuration support with user credentials and global settings - File inclusion/exclusion patterns for selective repository access - Configurable permissions and ownership for mounted repositories ### Testing Infrastructure - Comprehensive test suite with 60+ test cases covering all functionality - Docker integration tests with Alpine Linux containers (skipped in short mode) - Mock sandbox implementation for unit testing without Docker dependencies - Security policy validation tests with read-only filesystem enforcement - Resource usage monitoring and cleanup verification tests ## Technical Details ### Dependencies Added - github.com/docker/docker v28.4.0+incompatible - Docker API client - github.com/docker/go-connections v0.6.0 - Docker connection utilities - github.com/docker/go-units v0.5.0 - Docker units and formatting - Associated Docker API dependencies for complete container management ### Architecture - Interface-driven design enabling multiple sandbox implementations - Comprehensive configuration structures for all sandbox aspects - Resource usage tracking with detailed metrics collection - Error handling with retryable error classification - Proper cleanup and resource management throughout sandbox lifecycle ### Compatibility - Maintains backward compatibility with existing CHORUS architecture - Designed for future integration with Phase 3 Core Task Execution Engine - Extensible design supporting additional sandbox implementations (VM, process) This Phase 2 implementation provides the foundation for secure, isolated task execution that will be integrated with the AI model providers from Phase 1 in the upcoming Phase 3 development. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-25 14:28:08 +10:00
parent d1252ade69
commit 8d9b62daf3
653 changed files with 88039 additions and 3766 deletions
--- a/vendor/go.opentelemetry.io/otel/attribute/value.go
+++ b/vendor/go.opentelemetry.io/otel/attribute/value.go
@@ -1,16 +1,5 @@
 // Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+// SPDX-License-Identifier: Apache-2.0

 package attribute // import "go.opentelemetry.io/otel/attribute"

@@ -20,8 +9,7 @@ import (
 	"reflect"
 	"strconv"

-	"go.opentelemetry.io/otel/internal"
-	"go.opentelemetry.io/otel/internal/attribute"
+	attribute "go.opentelemetry.io/otel/attribute/internal"
 )

 //go:generate stringer -type=Type
@@ -34,7 +22,7 @@ type Value struct {
 	vtype    Type
 	numeric  uint64
 	stringly string
-	slice    interface{}
+	slice    any
 }

 const (
@@ -62,7 +50,7 @@ const (
 func BoolValue(v bool) Value {
 	return Value{
 		vtype:   BOOL,
-		numeric: internal.BoolToRaw(v),
+		numeric: boolToRaw(v),
 	}
 }

@@ -93,7 +81,7 @@ func IntSliceValue(v []int) Value {
 func Int64Value(v int64) Value {
 	return Value{
 		vtype:   INT64,
-		numeric: internal.Int64ToRaw(v),
+		numeric: int64ToRaw(v),
 	}
 }

@@ -106,7 +94,7 @@ func Int64SliceValue(v []int64) Value {
 func Float64Value(v float64) Value {
 	return Value{
 		vtype:   FLOAT64,
-		numeric: internal.Float64ToRaw(v),
+		numeric: float64ToRaw(v),
 	}
 }

@@ -136,7 +124,7 @@ func (v Value) Type() Type {
 // AsBool returns the bool value. Make sure that the Value's type is
 // BOOL.
 func (v Value) AsBool() bool {
-	return internal.RawToBool(v.numeric)
+	return rawToBool(v.numeric)
 }

 // AsBoolSlice returns the []bool value. Make sure that the Value's type is
@@ -155,7 +143,7 @@ func (v Value) asBoolSlice() []bool {
 // AsInt64 returns the int64 value. Make sure that the Value's type is
 // INT64.
 func (v Value) AsInt64() int64 {
-	return internal.RawToInt64(v.numeric)
+	return rawToInt64(v.numeric)
 }

 // AsInt64Slice returns the []int64 value. Make sure that the Value's type is
@@ -174,7 +162,7 @@ func (v Value) asInt64Slice() []int64 {
 // AsFloat64 returns the float64 value. Make sure that the Value's
 // type is FLOAT64.
 func (v Value) AsFloat64() float64 {
-	return internal.RawToFloat64(v.numeric)
+	return rawToFloat64(v.numeric)
 }

 // AsFloat64Slice returns the []float64 value. Make sure that the Value's type is
@@ -211,8 +199,8 @@ func (v Value) asStringSlice() []string {

 type unknownValueType struct{}

-// AsInterface returns Value's data as interface{}.
-func (v Value) AsInterface() interface{} {
+// AsInterface returns Value's data as any.
+func (v Value) AsInterface() any {
 	switch v.Type() {
 	case BOOL:
 		return v.AsBool()
@@ -242,15 +230,27 @@ func (v Value) Emit() string {
 	case BOOL:
 		return strconv.FormatBool(v.AsBool())
 	case INT64SLICE:
-		return fmt.Sprint(v.asInt64Slice())
+		j, err := json.Marshal(v.asInt64Slice())
+		if err != nil {
+			return fmt.Sprintf("invalid: %v", v.asInt64Slice())
+		}
+		return string(j)
 	case INT64:
 		return strconv.FormatInt(v.AsInt64(), 10)
 	case FLOAT64SLICE:
-		return fmt.Sprint(v.asFloat64Slice())
+		j, err := json.Marshal(v.asFloat64Slice())
+		if err != nil {
+			return fmt.Sprintf("invalid: %v", v.asFloat64Slice())
+		}
+		return string(j)
 	case FLOAT64:
 		return fmt.Sprint(v.AsFloat64())
 	case STRINGSLICE:
-		return fmt.Sprint(v.asStringSlice())
+		j, err := json.Marshal(v.asStringSlice())
+		if err != nil {
+			return fmt.Sprintf("invalid: %v", v.asStringSlice())
+		}
+		return string(j)
 	case STRING:
 		return v.stringly
 	default:
@@ -262,7 +262,7 @@ func (v Value) Emit() string {
 func (v Value) MarshalJSON() ([]byte, error) {
 	var jsonVal struct {
 		Type  string
-		Value interface{}
+		Value any
 	}
 	jsonVal.Type = v.Type().String()
 	jsonVal.Value = v.AsInterface()