tony/CHORUS
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d9b62daf37ad7dc3f5f0a17966e5fe3a4e00361
CHORUS/vendor/google.golang.org/protobuf/internal/version/version.go
anthonyrawlins 8d9b62daf3 Phase 2: Implement Execution Environment Abstraction (v0.3.0) 
This commit implements Phase 2 of the CHORUS Task Execution Engine development plan,
providing a comprehensive execution environment abstraction layer with Docker
container sandboxing support.

## New Features

### Core Sandbox Interface
- Comprehensive ExecutionSandbox interface with isolated task execution
- Support for command execution, file I/O, environment management
- Resource usage monitoring and sandbox lifecycle management
- Standardized error handling with SandboxError types and categories

### Docker Container Sandbox Implementation
- Full Docker API integration with secure container creation
- Transparent repository mounting with configurable read/write access
- Advanced security policies with capability dropping and privilege controls
- Comprehensive resource limits (CPU, memory, disk, processes, file handles)
- Support for tmpfs mounts, masked paths, and read-only bind mounts
- Container lifecycle management with proper cleanup and health monitoring

### Security & Resource Management
- Configurable security policies with SELinux, AppArmor, and Seccomp support
- Fine-grained capability management with secure defaults
- Network isolation options with configurable DNS and proxy settings
- Resource monitoring with real-time CPU, memory, and network usage tracking
- Comprehensive ulimits configuration for process and file handle limits

### Repository Integration
- Seamless repository mounting from local paths to container workspaces
- Git configuration support with user credentials and global settings
- File inclusion/exclusion patterns for selective repository access
- Configurable permissions and ownership for mounted repositories

### Testing Infrastructure
- Comprehensive test suite with 60+ test cases covering all functionality
- Docker integration tests with Alpine Linux containers (skipped in short mode)
- Mock sandbox implementation for unit testing without Docker dependencies
- Security policy validation tests with read-only filesystem enforcement
- Resource usage monitoring and cleanup verification tests

## Technical Details

### Dependencies Added
- github.com/docker/docker v28.4.0+incompatible - Docker API client
- github.com/docker/go-connections v0.6.0 - Docker connection utilities
- github.com/docker/go-units v0.5.0 - Docker units and formatting
- Associated Docker API dependencies for complete container management

### Architecture
- Interface-driven design enabling multiple sandbox implementations
- Comprehensive configuration structures for all sandbox aspects
- Resource usage tracking with detailed metrics collection
- Error handling with retryable error classification
- Proper cleanup and resource management throughout sandbox lifecycle

### Compatibility
- Maintains backward compatibility with existing CHORUS architecture
- Designed for future integration with Phase 3 Core Task Execution Engine
- Extensible design supporting additional sandbox implementations (VM, process)

This Phase 2 implementation provides the foundation for secure, isolated task
execution that will be integrated with the AI model providers from Phase 1
in the upcoming Phase 3 development.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-25 14:28:08 +10:00

80 lines
2.3 KiB
Go
Raw Blame History

// Copyright 2019 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package version records versioning information about this module.
package version
import (
"fmt"
"strings"
)
// These constants determine the current version of this module.
//
// For our release process, we enforce the following rules:
// - Tagged releases use a tag that is identical to String.
// - Tagged releases never reference a commit where the String
// contains "devel".
// - The set of all commits in this repository where String
// does not contain "devel" must have a unique String.
//
// Steps for tagging a new release:
//
// 1. Create a new CL.
//
// 2. Update Minor, Patch, and/or PreRelease as necessary.
// PreRelease must not contain the string "devel".
//
// 3. Since the last released minor version, have there been any changes to
// generator that relies on new functionality in the runtime?
// If yes, then increment RequiredGenerated.
//
// 4. Since the last released minor version, have there been any changes to
// the runtime that removes support for old .pb.go source code?
// If yes, then increment SupportMinimum.
//
// 5. Send out the CL for review and submit it.
// Note that the next CL in step 8 must be submitted after this CL
// without any other CLs in-between.
//
// 6. Tag a new version, where the tag is is the current String.
//
// 7. Write release notes for all notable changes
// between this release and the last release.
//
// 8. Create a new CL.
//
// 9. Update PreRelease to include the string "devel".
// For example: "" -> "devel" or "rc.1" -> "rc.1.devel"
//
// 10. Send out the CL for review and submit it.
const (
Major = 1
Minor = 34
Patch = 2
PreRelease = ""
)
// String formats the version string for this module in semver format.
//
// Examples:
//
// v1.20.1
// v1.21.0-rc.1
func String() string {
v := fmt.Sprintf("v%d.%d.%d", Major, Minor, Patch)
if PreRelease != "" {
v += "-" + PreRelease
// TODO: Add metadata about the commit or build hash.
// See https://golang.org/issue/29814
// See https://golang.org/issue/33533
var metadata string
if strings.Contains(PreRelease, "devel") && metadata != "" {
v += "+" + metadata
}
}
return v
}
Reference in New Issue View Git Blame Copy Permalink