feat(sandbox)🔒: Add secure script execution for LLM agents using Docker #166
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Owner
ericmjl
commented
Jan 12, 2025
ericmjl
commented
- Implemented a secure sandbox environment for executing agent-generated Python scripts.
- Introduced Docker-based isolation with resource and security constraints.
- Added metadata handling for script dependencies and execution context.
- Included comprehensive tests for the sandbox functionality.
- Implemented a secure sandbox environment for executing agent-generated Python scripts. - Introduced Docker-based isolation with resource and security constraints. - Added metadata handling for script dependencies and execution context. - Included comprehensive tests for the sandbox functionality.
|
…er container. - Modified the container run command to use 'python' explicitly for script execution. - This change prevents execution issues related to script file permissions or shebang configurations.
…t handling - Added new dependencies to support enhanced functionality. - Refactored argument handling in the ToolToCall class for better clarity and maintainability. - Updated the pyproject.toml and lock files to reflect the latest dependency versions.
…used parameters - Removed the 'purpose' parameter from the 'write_and_execute_script' function and related metadata. - Added descriptions to Pydantic model fields for better documentation. - Adjusted caching logic to skip specific tool results.
…ument structure - Modified the test_tool_to_call_model test to use the updated ToolArguments and CachedArguments structures. - Ensured the test validates the new list-based argument and cached result formats.
- Updated the `hash_result` function to return only the first 8 characters of the SHA256 hash. - Modified test cases to validate the new hash length constraint.
…handling for improved clarity and functionality - Revised the `write_and_execute_script` function to accept dependencies as a comma-separated string. - Enhanced the `ScriptExecutor` class to provide detailed execution results including stdout, stderr, and status. - Improved metadata handling and script writing for better maintainability.
…cution improvements - Added a new tool for internet search using DuckDuckGo API. - Improved script execution by modifying Python version handling and result processing. - Refactored memory caching logic to exclude specific tool results. - Enhanced sandbox environment with increased memory and dedicated cache space.
- Deleted the 'write_and_execute_script' function from the functions list. - Ensured the functionality remains intact without the removed function.
- Updated the hash for the llamabot package in the lockfile.
- Updated the dependency version for 'litellm' in both 'pixi.lock' and 'pyproject.toml'. - Added a new notebook 'agentbot.ipynb' demonstrating the usage of the 'AgentBot' class. - Enhanced 'structuredbot_json.ipynb' with additional examples and model experiments.
- Replaced 'ToolArguments' with 'ToolArgument' in test cases. - Ensured the test cases align with the updated class definitions.
- Updated typing for volume configuration to use dict instead of Mapping. - Added RuntimeError raising for script execution failures with detailed error messages. - Modified test cases to validate new error handling and output parsing.
…dencies. - Deleted the test_script_with_dependencies function from test_sandbox.py. - This was deemed unnecessary because we do allow access to the internet from within the container.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.