91 lines
3.0 KiB
TypeScript
91 lines
3.0 KiB
TypeScript
export type SandboxDockerSettings = {
|
|
/** Docker image to use for sandbox containers. */
|
|
image?: string;
|
|
/** Prefix for sandbox container names. */
|
|
containerPrefix?: string;
|
|
/** Container workdir mount path (default: /workspace). */
|
|
workdir?: string;
|
|
/** Run container rootfs read-only. */
|
|
readOnlyRoot?: boolean;
|
|
/** Extra tmpfs mounts for read-only containers. */
|
|
tmpfs?: string[];
|
|
/** Container network mode (bridge|none|custom). */
|
|
network?: string;
|
|
/** Container user (uid:gid). */
|
|
user?: string;
|
|
/** Drop Linux capabilities. */
|
|
capDrop?: string[];
|
|
/** Extra environment variables for sandbox exec. */
|
|
env?: Record<string, string>;
|
|
/** Optional setup command run once after container creation. */
|
|
setupCommand?: string;
|
|
/** Limit container PIDs (0 = Docker default). */
|
|
pidsLimit?: number;
|
|
/** Limit container memory (e.g. 512m, 2g, or bytes as number). */
|
|
memory?: string | number;
|
|
/** Limit container memory swap (same format as memory). */
|
|
memorySwap?: string | number;
|
|
/** Limit container CPU shares (e.g. 0.5, 1, 2). */
|
|
cpus?: number;
|
|
/**
|
|
* Set ulimit values by name (e.g. nofile, nproc).
|
|
* Use "soft:hard" string, a number, or { soft, hard }.
|
|
*/
|
|
ulimits?: Record<string, string | number | { soft?: number; hard?: number }>;
|
|
/** Seccomp profile (path or profile name). */
|
|
seccompProfile?: string;
|
|
/** AppArmor profile name. */
|
|
apparmorProfile?: string;
|
|
/** DNS servers (e.g. ["1.1.1.1", "8.8.8.8"]). */
|
|
dns?: string[];
|
|
/** Extra host mappings (e.g. ["api.local:10.0.0.2"]). */
|
|
extraHosts?: string[];
|
|
/** Additional bind mounts (host:container:mode format, e.g. ["/host/path:/container/path:rw"]). */
|
|
binds?: string[];
|
|
};
|
|
|
|
export type SandboxBrowserSettings = {
|
|
enabled?: boolean;
|
|
image?: string;
|
|
containerPrefix?: string;
|
|
cdpPort?: number;
|
|
vncPort?: number;
|
|
noVncPort?: number;
|
|
headless?: boolean;
|
|
enableNoVnc?: boolean;
|
|
/**
|
|
* Allow sandboxed sessions to target the host browser control server.
|
|
* Default: false.
|
|
*/
|
|
allowHostControl?: boolean;
|
|
/**
|
|
* Allowlist of exact control URLs for target="custom".
|
|
* When set, any custom controlUrl must match this list.
|
|
*/
|
|
allowedControlUrls?: string[];
|
|
/**
|
|
* Allowlist of hostnames for control URLs (hostname only, no ports).
|
|
* When set, controlUrl hostname must match.
|
|
*/
|
|
allowedControlHosts?: string[];
|
|
/**
|
|
* Allowlist of ports for control URLs.
|
|
* When set, controlUrl port must match (defaults: http=80, https=443).
|
|
*/
|
|
allowedControlPorts?: number[];
|
|
/**
|
|
* When true (default), sandboxed browser control will try to start/reattach to
|
|
* the sandbox browser container when a tool call needs it.
|
|
*/
|
|
autoStart?: boolean;
|
|
/** Max time to wait for CDP to become reachable after auto-start (ms). */
|
|
autoStartTimeoutMs?: number;
|
|
};
|
|
|
|
export type SandboxPruneSettings = {
|
|
/** Prune if idle for more than N hours (0 disables). */
|
|
idleHours?: number;
|
|
/** Prune if older than N days (0 disables). */
|
|
maxAgeDays?: number;
|
|
};
|