Skip to content

docs(design): plan docker sandbox provider + sandboxes allowlist#5285

Draft
junaway wants to merge 1 commit into
big-agentsfrom
docs/docker-sandbox-and-sandboxes-allowlist
Draft

docs(design): plan docker sandbox provider + sandboxes allowlist#5285
junaway wants to merge 1 commit into
big-agentsfrom
docs/docker-sandbox-and-sandboxes-allowlist

Conversation

@junaway

@junaway junaway commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Context

Two follow-on design docs for the sandbox axis, built on the seams the sandbox-agent refactor (#5264) extracted, and folding in the docker mode learnings from the persistent-sessions PoC (#4813).

What

  • docs/design/agent-workflows/projects/docker-sandbox/docker-sandbox-plan.md — a docker sandbox provider: one container per session on the runner's Docker daemon, parked via docker stop in the existing session pool instead of the PoC's fresh-container-per-turn. Adds what the PoC lacked: a deterministic container naming convention (<runner-container-name>-sandbox-<fingerprint-hash>), agenta.sandbox.* labels as the discovery/GC/re-adoption index, boot + periodic sweeps (the PoC leaked containers), and a durable-cwd recommendation (host bind-mount over per-container FUSE caps).
  • docs/design/agent-workflows/projects/allowed-sandboxes/allowed-sandboxes-plan.mdAGENTA_RUNNER_SANDBOXES_ALLOWLIST, a comma-separated per-deployment provider allowlist generalizing AGENTA_SANDBOX_LOCAL_ALLOWED (kept as a deprecated restrictive-wins alias). Enforced at every layer: runner buildRunPlan (authoritative, fail-closed) + buildSandboxProvider backstop, services/oss generalized gate, api RunnerConfig, web __env.js → dropdown filter, hosting/helm. Cloud sets daytona; self-host stays unset (all allowed).
  • An addendum on projects/sandbox-agent-refactor/sandbox-agent-refactor-plan.md linking both plans and noting its pre-rename services/agent paths.

Both plans carry an explicit deployment-surface checklist (env *.example files, compose blocks, helm schema/values/helpers/values example, self-host configuration MDX).

Notes

  • The drive-by default mismatch found while auditing (AGENTA_SERVICES_CODE_SANDBOX_RUNNER: SDK registry restricted vs documented local) was fixed directly on big-agents in 2d539c653c.
  • Docs only; no runtime changes.

🤖 Generated with Claude Code

…owlist

Two follow-on projects to the sandbox-agent refactor, built on its seams:

- projects/docker-sandbox: a docker provider (per-session containers instead
  of parked host processes), folding in the persistent-sessions PoC learnings
  and adding the container naming/label/GC conventions the PoC lacked.
- projects/allowed-sandboxes: AGENTA_RUNNER_SANDBOXES_ALLOWLIST, a
  per-deployment provider allowlist enforced at every layer, generalizing
  AGENTA_SANDBOX_LOCAL_ALLOWED.
- addendum on the refactor plan linking both and noting the pre-rename paths.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 13, 2026 16:41
@vercel

vercel Bot commented Jul 13, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
agenta-documentation Ready Ready Preview, Comment Jul 13, 2026 4:42pm

Request Review

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 005007bd-5a25-4ab5-a4a6-4a3aab80fb8f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/docker-sandbox-and-sandboxes-allowlist

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds two new design-plan documents that extend the sandbox provider “axis” (introducing a proposed docker provider and a cross-layer sandbox allowlist), and links them back to the earlier sandbox-agent refactor plan so future implementation work has a clear roadmap and seam references.

Changes:

  • Added a detailed plan for a docker sandbox provider (per-session containers, naming/labels, GC, keep-alive/pooling, and deployment surface considerations).
  • Added a plan for AGENTA_RUNNER_SANDBOXES_ALLOWLIST to gate allowed sandbox providers across runner/services/api/web/hosting, with clear precedence vs. AGENTA_SANDBOX_LOCAL_ALLOWED.
  • Updated the sandbox-agent refactor plan with an addendum linking to these follow-on plans and noting the services/agentservices/runner rename.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
docs/design/agent-workflows/projects/sandbox-agent-refactor/sandbox-agent-refactor-plan.md Adds an addendum linking the refactor seams to the new docker/allowlist follow-on plans and clarifying path rename context.
docs/design/agent-workflows/projects/docker-sandbox/docker-sandbox-plan.md New design plan for a docker sandbox provider, including lifecycle, naming/labels, GC, durable cwd options, and testing slices.
docs/design/agent-workflows/projects/allowed-sandboxes/allowed-sandboxes-plan.md New design plan for a deployment-level sandbox provider allowlist enforced consistently across layers.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants