8d9b62daf3
This commit implements Phase 2 of the CHORUS Task Execution Engine development plan, providing a comprehensive execution environment abstraction layer with Docker container sandboxing support. ## New Features ### Core Sandbox Interface - Comprehensive ExecutionSandbox interface with isolated task execution - Support for command execution, file I/O, environment management - Resource usage monitoring and sandbox lifecycle management - Standardized error handling with SandboxError types and categories ### Docker Container Sandbox Implementation - Full Docker API integration with secure container creation - Transparent repository mounting with configurable read/write access - Advanced security policies with capability dropping and privilege controls - Comprehensive resource limits (CPU, memory, disk, processes, file handles) - Support for tmpfs mounts, masked paths, and read-only bind mounts - Container lifecycle management with proper cleanup and health monitoring ### Security & Resource Management - Configurable security policies with SELinux, AppArmor, and Seccomp support - Fine-grained capability management with secure defaults - Network isolation options with configurable DNS and proxy settings - Resource monitoring with real-time CPU, memory, and network usage tracking - Comprehensive ulimits configuration for process and file handle limits ### Repository Integration - Seamless repository mounting from local paths to container workspaces - Git configuration support with user credentials and global settings - File inclusion/exclusion patterns for selective repository access - Configurable permissions and ownership for mounted repositories ### Testing Infrastructure - Comprehensive test suite with 60+ test cases covering all functionality - Docker integration tests with Alpine Linux containers (skipped in short mode) - Mock sandbox implementation for unit testing without Docker dependencies - Security policy validation tests with read-only filesystem enforcement - Resource usage monitoring and cleanup verification tests ## Technical Details ### Dependencies Added - github.com/docker/docker v28.4.0+incompatible - Docker API client - github.com/docker/go-connections v0.6.0 - Docker connection utilities - github.com/docker/go-units v0.5.0 - Docker units and formatting - Associated Docker API dependencies for complete container management ### Architecture - Interface-driven design enabling multiple sandbox implementations - Comprehensive configuration structures for all sandbox aspects - Resource usage tracking with detailed metrics collection - Error handling with retryable error classification - Proper cleanup and resource management throughout sandbox lifecycle ### Compatibility - Maintains backward compatibility with existing CHORUS architecture - Designed for future integration with Phase 3 Core Task Execution Engine - Extensible design supporting additional sandbox implementations (VM, process) This Phase 2 implementation provides the foundation for secure, isolated task execution that will be integrated with the AI model providers from Phase 1 in the upcoming Phase 3 development. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
244 lines
12 KiB
Go
244 lines
12 KiB
Go
// Copyright The OpenTelemetry Authors
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
// Package embedded provides interfaces embedded within the [OpenTelemetry
|
|
// metric API].
|
|
//
|
|
// Implementers of the [OpenTelemetry metric API] can embed the relevant type
|
|
// from this package into their implementation directly. Doing so will result
|
|
// in a compilation error for users when the [OpenTelemetry metric API] is
|
|
// extended (which is something that can happen without a major version bump of
|
|
// the API package).
|
|
//
|
|
// [OpenTelemetry metric API]: https://pkg.go.dev/go.opentelemetry.io/otel/metric
|
|
package embedded // import "go.opentelemetry.io/otel/metric/embedded"
|
|
|
|
// MeterProvider is embedded in
|
|
// [go.opentelemetry.io/otel/metric.MeterProvider].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.MeterProvider] if you want users to
|
|
// experience a compilation error, signaling they need to update to your latest
|
|
// implementation, when the [go.opentelemetry.io/otel/metric.MeterProvider]
|
|
// interface is extended (which is something that can happen without a major
|
|
// version bump of the API package).
|
|
type MeterProvider interface{ meterProvider() }
|
|
|
|
// Meter is embedded in [go.opentelemetry.io/otel/metric.Meter].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Meter] if you want users to experience a
|
|
// compilation error, signaling they need to update to your latest
|
|
// implementation, when the [go.opentelemetry.io/otel/metric.Meter] interface
|
|
// is extended (which is something that can happen without a major version bump
|
|
// of the API package).
|
|
type Meter interface{ meter() }
|
|
|
|
// Float64Observer is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Float64Observer].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Float64Observer] if you want
|
|
// users to experience a compilation error, signaling they need to update to
|
|
// your latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Float64Observer] interface is
|
|
// extended (which is something that can happen without a major version bump of
|
|
// the API package).
|
|
type Float64Observer interface{ float64Observer() }
|
|
|
|
// Int64Observer is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Int64Observer].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Int64Observer] if you want users
|
|
// to experience a compilation error, signaling they need to update to your
|
|
// latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Int64Observer] interface is
|
|
// extended (which is something that can happen without a major version bump of
|
|
// the API package).
|
|
type Int64Observer interface{ int64Observer() }
|
|
|
|
// Observer is embedded in [go.opentelemetry.io/otel/metric.Observer].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Observer] if you want users to experience a
|
|
// compilation error, signaling they need to update to your latest
|
|
// implementation, when the [go.opentelemetry.io/otel/metric.Observer]
|
|
// interface is extended (which is something that can happen without a major
|
|
// version bump of the API package).
|
|
type Observer interface{ observer() }
|
|
|
|
// Registration is embedded in [go.opentelemetry.io/otel/metric.Registration].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Registration] if you want users to
|
|
// experience a compilation error, signaling they need to update to your latest
|
|
// implementation, when the [go.opentelemetry.io/otel/metric.Registration]
|
|
// interface is extended (which is something that can happen without a major
|
|
// version bump of the API package).
|
|
type Registration interface{ registration() }
|
|
|
|
// Float64Counter is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Float64Counter].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Float64Counter] if you want
|
|
// users to experience a compilation error, signaling they need to update to
|
|
// your latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Float64Counter] interface is
|
|
// extended (which is something that can happen without a major version bump of
|
|
// the API package).
|
|
type Float64Counter interface{ float64Counter() }
|
|
|
|
// Float64Histogram is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Float64Histogram].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Float64Histogram] if you want
|
|
// users to experience a compilation error, signaling they need to update to
|
|
// your latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Float64Histogram] interface is
|
|
// extended (which is something that can happen without a major version bump of
|
|
// the API package).
|
|
type Float64Histogram interface{ float64Histogram() }
|
|
|
|
// Float64Gauge is embedded in [go.opentelemetry.io/otel/metric.Float64Gauge].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Float64Gauge] if you want users to
|
|
// experience a compilation error, signaling they need to update to your latest
|
|
// implementation, when the [go.opentelemetry.io/otel/metric.Float64Gauge]
|
|
// interface is extended (which is something that can happen without a major
|
|
// version bump of the API package).
|
|
type Float64Gauge interface{ float64Gauge() }
|
|
|
|
// Float64ObservableCounter is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Float64ObservableCounter].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Float64ObservableCounter] if you
|
|
// want users to experience a compilation error, signaling they need to update
|
|
// to your latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Float64ObservableCounter]
|
|
// interface is extended (which is something that can happen without a major
|
|
// version bump of the API package).
|
|
type Float64ObservableCounter interface{ float64ObservableCounter() }
|
|
|
|
// Float64ObservableGauge is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Float64ObservableGauge].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Float64ObservableGauge] if you
|
|
// want users to experience a compilation error, signaling they need to update
|
|
// to your latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Float64ObservableGauge]
|
|
// interface is extended (which is something that can happen without a major
|
|
// version bump of the API package).
|
|
type Float64ObservableGauge interface{ float64ObservableGauge() }
|
|
|
|
// Float64ObservableUpDownCounter is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Float64ObservableUpDownCounter].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Float64ObservableUpDownCounter]
|
|
// if you want users to experience a compilation error, signaling they need to
|
|
// update to your latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Float64ObservableUpDownCounter]
|
|
// interface is extended (which is something that can happen without a major
|
|
// version bump of the API package).
|
|
type Float64ObservableUpDownCounter interface{ float64ObservableUpDownCounter() }
|
|
|
|
// Float64UpDownCounter is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Float64UpDownCounter].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Float64UpDownCounter] if you
|
|
// want users to experience a compilation error, signaling they need to update
|
|
// to your latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Float64UpDownCounter] interface
|
|
// is extended (which is something that can happen without a major version bump
|
|
// of the API package).
|
|
type Float64UpDownCounter interface{ float64UpDownCounter() }
|
|
|
|
// Int64Counter is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Int64Counter].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Int64Counter] if you want users
|
|
// to experience a compilation error, signaling they need to update to your
|
|
// latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Int64Counter] interface is
|
|
// extended (which is something that can happen without a major version bump of
|
|
// the API package).
|
|
type Int64Counter interface{ int64Counter() }
|
|
|
|
// Int64Histogram is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Int64Histogram].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Int64Histogram] if you want
|
|
// users to experience a compilation error, signaling they need to update to
|
|
// your latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Int64Histogram] interface is
|
|
// extended (which is something that can happen without a major version bump of
|
|
// the API package).
|
|
type Int64Histogram interface{ int64Histogram() }
|
|
|
|
// Int64Gauge is embedded in [go.opentelemetry.io/otel/metric.Int64Gauge].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Int64Gauge] if you want users to experience
|
|
// a compilation error, signaling they need to update to your latest
|
|
// implementation, when the [go.opentelemetry.io/otel/metric.Int64Gauge]
|
|
// interface is extended (which is something that can happen without a major
|
|
// version bump of the API package).
|
|
type Int64Gauge interface{ int64Gauge() }
|
|
|
|
// Int64ObservableCounter is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Int64ObservableCounter].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Int64ObservableCounter] if you
|
|
// want users to experience a compilation error, signaling they need to update
|
|
// to your latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Int64ObservableCounter]
|
|
// interface is extended (which is something that can happen without a major
|
|
// version bump of the API package).
|
|
type Int64ObservableCounter interface{ int64ObservableCounter() }
|
|
|
|
// Int64ObservableGauge is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Int64ObservableGauge].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Int64ObservableGauge] if you
|
|
// want users to experience a compilation error, signaling they need to update
|
|
// to your latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Int64ObservableGauge] interface
|
|
// is extended (which is something that can happen without a major version bump
|
|
// of the API package).
|
|
type Int64ObservableGauge interface{ int64ObservableGauge() }
|
|
|
|
// Int64ObservableUpDownCounter is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Int64ObservableUpDownCounter].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Int64ObservableUpDownCounter] if
|
|
// you want users to experience a compilation error, signaling they need to
|
|
// update to your latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Int64ObservableUpDownCounter]
|
|
// interface is extended (which is something that can happen without a major
|
|
// version bump of the API package).
|
|
type Int64ObservableUpDownCounter interface{ int64ObservableUpDownCounter() }
|
|
|
|
// Int64UpDownCounter is embedded in
|
|
// [go.opentelemetry.io/otel/metric.Int64UpDownCounter].
|
|
//
|
|
// Embed this interface in your implementation of the
|
|
// [go.opentelemetry.io/otel/metric.Int64UpDownCounter] if you want
|
|
// users to experience a compilation error, signaling they need to update to
|
|
// your latest implementation, when the
|
|
// [go.opentelemetry.io/otel/metric.Int64UpDownCounter] interface is
|
|
// extended (which is something that can happen without a major version bump of
|
|
// the API package).
|
|
type Int64UpDownCounter interface{ int64UpDownCounter() }
|