Phase 2: Implement Execution Environment Abstraction (v0.3.0)
This commit implements Phase 2 of the CHORUS Task Execution Engine development plan, providing a comprehensive execution environment abstraction layer with Docker container sandboxing support. ## New Features ### Core Sandbox Interface - Comprehensive ExecutionSandbox interface with isolated task execution - Support for command execution, file I/O, environment management - Resource usage monitoring and sandbox lifecycle management - Standardized error handling with SandboxError types and categories ### Docker Container Sandbox Implementation - Full Docker API integration with secure container creation - Transparent repository mounting with configurable read/write access - Advanced security policies with capability dropping and privilege controls - Comprehensive resource limits (CPU, memory, disk, processes, file handles) - Support for tmpfs mounts, masked paths, and read-only bind mounts - Container lifecycle management with proper cleanup and health monitoring ### Security & Resource Management - Configurable security policies with SELinux, AppArmor, and Seccomp support - Fine-grained capability management with secure defaults - Network isolation options with configurable DNS and proxy settings - Resource monitoring with real-time CPU, memory, and network usage tracking - Comprehensive ulimits configuration for process and file handle limits ### Repository Integration - Seamless repository mounting from local paths to container workspaces - Git configuration support with user credentials and global settings - File inclusion/exclusion patterns for selective repository access - Configurable permissions and ownership for mounted repositories ### Testing Infrastructure - Comprehensive test suite with 60+ test cases covering all functionality - Docker integration tests with Alpine Linux containers (skipped in short mode) - Mock sandbox implementation for unit testing without Docker dependencies - Security policy validation tests with read-only filesystem enforcement - Resource usage monitoring and cleanup verification tests ## Technical Details ### Dependencies Added - github.com/docker/docker v28.4.0+incompatible - Docker API client - github.com/docker/go-connections v0.6.0 - Docker connection utilities - github.com/docker/go-units v0.5.0 - Docker units and formatting - Associated Docker API dependencies for complete container management ### Architecture - Interface-driven design enabling multiple sandbox implementations - Comprehensive configuration structures for all sandbox aspects - Resource usage tracking with detailed metrics collection - Error handling with retryable error classification - Proper cleanup and resource management throughout sandbox lifecycle ### Compatibility - Maintains backward compatibility with existing CHORUS architecture - Designed for future integration with Phase 3 Core Task Execution Engine - Extensible design supporting additional sandbox implementations (VM, process) This Phase 2 implementation provides the foundation for secure, isolated task execution that will be integrated with the AI model providers from Phase 1 in the upcoming Phase 3 development. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
anthonyrawlins
56
vendor/go.opentelemetry.io/otel/trace/noop.go
generated
vendored
56
vendor/go.opentelemetry.io/otel/trace/noop.go
generated
vendored
@@ -1,16 +1,5 @@
|
||||
// Copyright The OpenTelemetry Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package trace // import "go.opentelemetry.io/otel/trace"
|
||||
|
||||
@@ -19,44 +8,48 @@ import (
|
||||
|
||||
"go.opentelemetry.io/otel/attribute"
|
||||
"go.opentelemetry.io/otel/codes"
|
||||
"go.opentelemetry.io/otel/trace/embedded"
|
||||
)
|
||||
|
||||
// NewNoopTracerProvider returns an implementation of TracerProvider that
|
||||
// performs no operations. The Tracer and Spans created from the returned
|
||||
// TracerProvider also perform no operations.
|
||||
//
|
||||
// Deprecated: Use [go.opentelemetry.io/otel/trace/noop.NewTracerProvider]
|
||||
// instead.
|
||||
func NewNoopTracerProvider() TracerProvider {
|
||||
return noopTracerProvider{}
|
||||
}
|
||||
|
||||
type noopTracerProvider struct{}
|
||||
type noopTracerProvider struct{ embedded.TracerProvider }
|
||||
|
||||
var _ TracerProvider = noopTracerProvider{}
|
||||
|
||||
// Tracer returns noop implementation of Tracer.
|
||||
func (p noopTracerProvider) Tracer(string, ...TracerOption) Tracer {
|
||||
func (noopTracerProvider) Tracer(string, ...TracerOption) Tracer {
|
||||
return noopTracer{}
|
||||
}
|
||||
|
||||
// noopTracer is an implementation of Tracer that performs no operations.
|
||||
type noopTracer struct{}
|
||||
type noopTracer struct{ embedded.Tracer }
|
||||
|
||||
var _ Tracer = noopTracer{}
|
||||
|
||||
// Start carries forward a non-recording Span, if one is present in the context, otherwise it
|
||||
// creates a no-op Span.
|
||||
func (t noopTracer) Start(ctx context.Context, name string, _ ...SpanStartOption) (context.Context, Span) {
|
||||
func (noopTracer) Start(ctx context.Context, _ string, _ ...SpanStartOption) (context.Context, Span) {
|
||||
span := SpanFromContext(ctx)
|
||||
if _, ok := span.(nonRecordingSpan); !ok {
|
||||
// span is likely already a noopSpan, but let's be sure
|
||||
span = noopSpan{}
|
||||
span = noopSpanInstance
|
||||
}
|
||||
return ContextWithSpan(ctx, span), span
|
||||
}
|
||||
|
||||
// noopSpan is an implementation of Span that performs no operations.
|
||||
type noopSpan struct{}
|
||||
type noopSpan struct{ embedded.Span }
|
||||
|
||||
var _ Span = noopSpan{}
|
||||
var noopSpanInstance Span = noopSpan{}
|
||||
|
||||
// SpanContext returns an empty span context.
|
||||
func (noopSpan) SpanContext() SpanContext { return SpanContext{} }
|
||||
@@ -82,8 +75,31 @@ func (noopSpan) RecordError(error, ...EventOption) {}
|
||||
// AddEvent does nothing.
|
||||
func (noopSpan) AddEvent(string, ...EventOption) {}
|
||||
|
||||
// AddLink does nothing.
|
||||
func (noopSpan) AddLink(Link) {}
|
||||
|
||||
// SetName does nothing.
|
||||
func (noopSpan) SetName(string) {}
|
||||
|
||||
// TracerProvider returns a no-op TracerProvider.
|
||||
func (noopSpan) TracerProvider() TracerProvider { return noopTracerProvider{} }
|
||||
func (s noopSpan) TracerProvider() TracerProvider {
|
||||
return s.tracerProvider(autoInstEnabled)
|
||||
}
|
||||
|
||||
// autoInstEnabled defines if the auto-instrumentation SDK is enabled.
|
||||
//
|
||||
// The auto-instrumentation is expected to overwrite this value to true when it
|
||||
// attaches to the process.
|
||||
var autoInstEnabled = new(bool)
|
||||
|
||||
// tracerProvider return a noopTracerProvider if autoEnabled is false,
|
||||
// otherwise it will return a TracerProvider from the sdk package used in
|
||||
// auto-instrumentation.
|
||||
//
|
||||
//go:noinline
|
||||
func (noopSpan) tracerProvider(autoEnabled *bool) TracerProvider {
|
||||
if *autoEnabled {
|
||||
return newAutoTracerProvider()
|
||||
}
|
||||
return noopTracerProvider{}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user