Phase 2: Implement Execution Environment Abstraction (v0.3.0)
This commit implements Phase 2 of the CHORUS Task Execution Engine development plan, providing a comprehensive execution environment abstraction layer with Docker container sandboxing support. ## New Features ### Core Sandbox Interface - Comprehensive ExecutionSandbox interface with isolated task execution - Support for command execution, file I/O, environment management - Resource usage monitoring and sandbox lifecycle management - Standardized error handling with SandboxError types and categories ### Docker Container Sandbox Implementation - Full Docker API integration with secure container creation - Transparent repository mounting with configurable read/write access - Advanced security policies with capability dropping and privilege controls - Comprehensive resource limits (CPU, memory, disk, processes, file handles) - Support for tmpfs mounts, masked paths, and read-only bind mounts - Container lifecycle management with proper cleanup and health monitoring ### Security & Resource Management - Configurable security policies with SELinux, AppArmor, and Seccomp support - Fine-grained capability management with secure defaults - Network isolation options with configurable DNS and proxy settings - Resource monitoring with real-time CPU, memory, and network usage tracking - Comprehensive ulimits configuration for process and file handle limits ### Repository Integration - Seamless repository mounting from local paths to container workspaces - Git configuration support with user credentials and global settings - File inclusion/exclusion patterns for selective repository access - Configurable permissions and ownership for mounted repositories ### Testing Infrastructure - Comprehensive test suite with 60+ test cases covering all functionality - Docker integration tests with Alpine Linux containers (skipped in short mode) - Mock sandbox implementation for unit testing without Docker dependencies - Security policy validation tests with read-only filesystem enforcement - Resource usage monitoring and cleanup verification tests ## Technical Details ### Dependencies Added - github.com/docker/docker v28.4.0+incompatible - Docker API client - github.com/docker/go-connections v0.6.0 - Docker connection utilities - github.com/docker/go-units v0.5.0 - Docker units and formatting - Associated Docker API dependencies for complete container management ### Architecture - Interface-driven design enabling multiple sandbox implementations - Comprehensive configuration structures for all sandbox aspects - Resource usage tracking with detailed metrics collection - Error handling with retryable error classification - Proper cleanup and resource management throughout sandbox lifecycle ### Compatibility - Maintains backward compatibility with existing CHORUS architecture - Designed for future integration with Phase 3 Core Task Execution Engine - Extensible design supporting additional sandbox implementations (VM, process) This Phase 2 implementation provides the foundation for secure, isolated task execution that will be integrated with the AI model providers from Phase 1 in the upcoming Phase 3 development. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
anthonyrawlins
47
vendor/go.opentelemetry.io/otel/propagation/propagation.go
generated
vendored
47
vendor/go.opentelemetry.io/otel/propagation/propagation.go
generated
vendored
@@ -1,16 +1,5 @@
|
||||
// Copyright The OpenTelemetry Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package propagation // import "go.opentelemetry.io/otel/propagation"
|
||||
|
||||
@@ -20,6 +9,7 @@ import (
|
||||
)
|
||||
|
||||
// TextMapCarrier is the storage medium used by a TextMapPropagator.
|
||||
// See ValuesGetter for how a TextMapCarrier can get multiple values for a key.
|
||||
type TextMapCarrier interface {
|
||||
// DO NOT CHANGE: any modification will not be backwards compatible and
|
||||
// must never be done outside of a new major release.
|
||||
@@ -30,7 +20,7 @@ type TextMapCarrier interface {
|
||||
// must never be done outside of a new major release.
|
||||
|
||||
// Set stores the key-value pair.
|
||||
Set(key string, value string)
|
||||
Set(key, value string)
|
||||
// DO NOT CHANGE: any modification will not be backwards compatible and
|
||||
// must never be done outside of a new major release.
|
||||
|
||||
@@ -40,6 +30,18 @@ type TextMapCarrier interface {
|
||||
// must never be done outside of a new major release.
|
||||
}
|
||||
|
||||
// ValuesGetter can return multiple values for a single key,
|
||||
// with contrast to TextMapCarrier.Get which returns a single value.
|
||||
type ValuesGetter interface {
|
||||
// DO NOT CHANGE: any modification will not be backwards compatible and
|
||||
// must never be done outside of a new major release.
|
||||
|
||||
// Values returns all values associated with the passed key.
|
||||
Values(key string) []string
|
||||
// DO NOT CHANGE: any modification will not be backwards compatible and
|
||||
// must never be done outside of a new major release.
|
||||
}
|
||||
|
||||
// MapCarrier is a TextMapCarrier that uses a map held in memory as a storage
|
||||
// medium for propagated key-value pairs.
|
||||
type MapCarrier map[string]string
|
||||
@@ -66,16 +68,27 @@ func (c MapCarrier) Keys() []string {
|
||||
return keys
|
||||
}
|
||||
|
||||
// HeaderCarrier adapts http.Header to satisfy the TextMapCarrier interface.
|
||||
// HeaderCarrier adapts http.Header to satisfy the TextMapCarrier and ValuesGetter interfaces.
|
||||
type HeaderCarrier http.Header
|
||||
|
||||
// Get returns the value associated with the passed key.
|
||||
// Compile time check that HeaderCarrier implements ValuesGetter.
|
||||
var _ TextMapCarrier = HeaderCarrier{}
|
||||
|
||||
// Compile time check that HeaderCarrier implements TextMapCarrier.
|
||||
var _ ValuesGetter = HeaderCarrier{}
|
||||
|
||||
// Get returns the first value associated with the passed key.
|
||||
func (hc HeaderCarrier) Get(key string) string {
|
||||
return http.Header(hc).Get(key)
|
||||
}
|
||||
|
||||
// Values returns all values associated with the passed key.
|
||||
func (hc HeaderCarrier) Values(key string) []string {
|
||||
return http.Header(hc).Values(key)
|
||||
}
|
||||
|
||||
// Set stores the key-value pair.
|
||||
func (hc HeaderCarrier) Set(key string, value string) {
|
||||
func (hc HeaderCarrier) Set(key, value string) {
|
||||
http.Header(hc).Set(key, value)
|
||||
}
|
||||
|
||||
@@ -100,6 +113,8 @@ type TextMapPropagator interface {
|
||||
// must never be done outside of a new major release.
|
||||
|
||||
// Extract reads cross-cutting concerns from the carrier into a Context.
|
||||
// Implementations may check if the carrier implements ValuesGetter,
|
||||
// to support extraction of multiple values per key.
|
||||
Extract(ctx context.Context, carrier TextMapCarrier) context.Context
|
||||
// DO NOT CHANGE: any modification will not be backwards compatible and
|
||||
// must never be done outside of a new major release.
|
||||
|
||||
Reference in New Issue
Block a user