agentkernel/backend/

docker.rs

//! Docker/Podman container backend implementing the Sandbox trait.

use anyhow::{Context, Result, bail};
use async_trait::async_trait;
use std::process::Command;

use super::{BackendType, ExecOptions, ExecResult, Sandbox, SandboxConfig};

/// Container runtime to use
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum ContainerRuntime {
    Docker,
    Podman,
}

impl ContainerRuntime {
    /// Get the command name for this runtime
    pub fn cmd(&self) -> &'static str {
        match self {
            ContainerRuntime::Docker => "docker",
            ContainerRuntime::Podman => "podman",
        }
    }

    /// Convert to BackendType
    pub fn to_backend_type(self) -> BackendType {
        match self {
            ContainerRuntime::Docker => BackendType::Docker,
            ContainerRuntime::Podman => BackendType::Podman,
        }
    }
}

/// Check if Docker is available
pub fn docker_available() -> bool {
    Command::new("docker")
        .arg("version")
        .output()
        .map(|o| o.status.success())
        .unwrap_or(false)
}

/// Check if Podman is available
pub fn podman_available() -> bool {
    Command::new("podman")
        .arg("version")
        .output()
        .map(|o| o.status.success())
        .unwrap_or(false)
}

/// Get the IP address of a running container by name.
pub fn get_container_ip(container_name: &str) -> Option<String> {
    let output = Command::new("docker")
        .args([
            "inspect",
            "-f",
            "{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}",
            container_name,
        ])
        .output()
        .ok()?;
    if !output.status.success() {
        return None;
    }
    let ip = String::from_utf8_lossy(&output.stdout).trim().to_string();
    if ip.is_empty() { None } else { Some(ip) }
}

/// Detect the best available container runtime
pub fn detect_container_runtime() -> Option<ContainerRuntime> {
    if podman_available() {
        Some(ContainerRuntime::Podman)
    } else if docker_available() {
        Some(ContainerRuntime::Docker)
    } else {
        None
    }
}

/// Docker/Podman container sandbox
pub struct DockerSandbox {
    name: String,
    runtime: ContainerRuntime,
    container_id: Option<String>,
    running: bool,
    /// If true, don't clean up container in Drop (for persistent sandboxes)
    persistent: bool,
}

impl DockerSandbox {
    /// Create a new Docker sandbox with the specified runtime
    pub fn new(name: &str, runtime: ContainerRuntime) -> Self {
        Self {
            name: name.to_string(),
            runtime,
            container_id: None,
            running: false,
            persistent: false,
        }
    }

    /// Create a persistent Docker sandbox (won't be cleaned up in Drop)
    pub fn new_persistent(name: &str, runtime: ContainerRuntime) -> Self {
        Self {
            name: name.to_string(),
            runtime,
            container_id: None,
            running: false,
            persistent: true,
        }
    }

    /// Mark this sandbox as persistent (won't be cleaned up in Drop)
    pub fn set_persistent(&mut self, persistent: bool) {
        self.persistent = persistent;
    }

    /// Create a new Docker sandbox with auto-detected runtime
    pub fn with_detected_runtime(name: &str) -> Result<Self> {
        let runtime = detect_container_runtime()
            .ok_or_else(|| anyhow::anyhow!("No container runtime available"))?;
        Ok(Self::new(name, runtime))
    }

    /// Get the container name
    fn container_name(&self) -> String {
        format!("agentkernel-{}", self.name)
    }
}

impl DockerSandbox {
    /// Write a file to the container using docker cp
    async fn write_file_impl(&self, path: &str, content: &[u8]) -> Result<()> {
        let container_name = self.container_name();
        let cmd = self.runtime.cmd();

        // Create a temporary file to copy
        let temp_dir = std::env::temp_dir();
        let temp_file = temp_dir.join(format!("agentkernel-upload-{}", uuid::Uuid::new_v4()));
        std::fs::write(&temp_file, content).context("Failed to write temp file")?;

        // Ensure parent directory exists in container
        let parent = std::path::Path::new(path)
            .parent()
            .map(|p| p.to_string_lossy().to_string())
            .unwrap_or_else(|| "/".to_string());

        let _ = Command::new(cmd)
            .args(["exec", &container_name, "mkdir", "-p", &parent])
            .output();

        // Copy file into container
        let dest = format!("{}:{}", container_name, path);
        let output = Command::new(cmd)
            .args(["cp", temp_file.to_str().unwrap(), &dest])
            .output()
            .context("Failed to copy file to container")?;

        // Clean up temp file
        let _ = std::fs::remove_file(&temp_file);

        if !output.status.success() {
            let stderr = String::from_utf8_lossy(&output.stderr);
            bail!("docker cp failed: {}", stderr);
        }

        Ok(())
    }

    /// Read a file from the container using docker cp
    async fn read_file_impl(&self, path: &str) -> Result<Vec<u8>> {
        let container_name = self.container_name();
        let cmd = self.runtime.cmd();

        // Create temp file for output
        let temp_dir = std::env::temp_dir();
        let temp_file = temp_dir.join(format!("agentkernel-download-{}", uuid::Uuid::new_v4()));

        // Copy file from container
        let src = format!("{}:{}", container_name, path);
        let output = Command::new(cmd)
            .args(["cp", &src, temp_file.to_str().unwrap()])
            .output()
            .context("Failed to copy file from container")?;

        if !output.status.success() {
            let stderr = String::from_utf8_lossy(&output.stderr);
            bail!("docker cp failed: {}", stderr);
        }

        // Read and return content
        let content = std::fs::read(&temp_file).context("Failed to read temp file")?;

        // Clean up
        let _ = std::fs::remove_file(&temp_file);

        Ok(content)
    }
}

#[async_trait]
impl Sandbox for DockerSandbox {
    async fn start(&mut self, config: &SandboxConfig) -> Result<()> {
        let cmd = self.runtime.cmd();
        let container_name = self.container_name();

        // Remove any existing container with this name
        let _ = Command::new(cmd)
            .args(["rm", "-f", &container_name])
            .output();

        // Build container arguments
        // Note: We use --rm for ephemeral containers but persistent sandboxes
        // will have their containers survive because Drop cleanup is skipped
        let mut args = vec![
            "run".to_string(),
            "-d".to_string(),
            "--name".to_string(),
            container_name.clone(),
            "--hostname".to_string(),
            "agentkernel".to_string(),
        ];

        // Add resource limits
        args.push(format!("--cpus={}", config.vcpus));
        args.push(format!("--memory={}m", config.memory_mb));

        // Network configuration
        if !config.network {
            args.push("--network=none".to_string());
        }

        // Port mappings (-p host:container[/udp])
        for pm in &config.ports {
            args.push("-p".to_string());
            args.push(pm.to_string());
        }

        // Mount working directory if requested
        if config.mount_cwd
            && let Some(ref work_dir) = config.work_dir
        {
            args.push("-v".to_string());
            args.push(format!("{}:/workspace", work_dir));
            args.push("-w".to_string());
            args.push("/workspace".to_string());
        }

        // Mount home directory if requested
        if config.mount_home
            && let Some(home) = std::env::var_os("HOME")
        {
            args.push("-v".to_string());
            args.push(format!("{}:/home/user:ro", home.to_string_lossy()));
        }

        // Mount persistent volumes
        for volume_spec in &config.volumes {
            args.push("-v".to_string());
            args.push(volume_spec.clone());
        }

        // Read-only root filesystem
        if config.read_only {
            args.push("--read-only".to_string());
        }

        // Add environment variables
        for (key, value) in &config.env {
            args.push("-e".to_string());
            args.push(format!("{}={}", key, value));
        }

        // Add entrypoint override to keep container running
        args.extend([
            "--entrypoint".to_string(),
            "sh".to_string(),
            config.image.clone(),
            "-c".to_string(),
            "while true; do sleep 3600; done".to_string(),
        ]);

        // Start container
        let output = Command::new(cmd)
            .args(&args)
            .output()
            .context("Failed to start container")?;

        if !output.status.success() {
            let stderr = String::from_utf8_lossy(&output.stderr);
            bail!("Failed to start container: {}", stderr);
        }

        let container_id = String::from_utf8_lossy(&output.stdout).trim().to_string();
        self.container_id = Some(container_id);
        self.running = true;

        Ok(())
    }

    async fn exec(&mut self, cmd: &[&str]) -> Result<ExecResult> {
        self.exec_with_options(cmd, &ExecOptions::default()).await
    }

    async fn exec_with_env(&mut self, cmd: &[&str], env: &[String]) -> Result<ExecResult> {
        self.exec_with_options(
            cmd,
            &ExecOptions {
                env: env.to_vec(),
                ..Default::default()
            },
        )
        .await
    }

    async fn exec_with_options(&mut self, cmd: &[&str], opts: &ExecOptions) -> Result<ExecResult> {
        let runtime_cmd = self.runtime.cmd();
        let container_name = self.container_name();

        let mut args = vec!["exec".to_string()];

        if let Some(ref workdir) = opts.workdir {
            args.push("-w".to_string());
            args.push(workdir.clone());
        }

        if let Some(ref user) = opts.user {
            args.push("-u".to_string());
            args.push(user.clone());
        }

        for e in &opts.env {
            args.push("-e".to_string());
            args.push(e.clone());
        }

        args.push(container_name);
        args.extend(cmd.iter().map(|s| s.to_string()));

        let output = Command::new(runtime_cmd)
            .args(&args)
            .output()
            .context("Failed to run command in container")?;

        let stdout = String::from_utf8_lossy(&output.stdout).to_string();
        let stderr = String::from_utf8_lossy(&output.stderr).to_string();
        let exit_code = output.status.code().unwrap_or(-1);

        Ok(ExecResult {
            exit_code,
            stdout,
            stderr,
        })
    }

    async fn stop(&mut self) -> Result<()> {
        let container_name = self.container_name();

        // Use rm -f to kill and remove in one operation
        let _ = Command::new(self.runtime.cmd())
            .args(["rm", "-f", &container_name])
            .output();

        self.container_id = None;
        self.running = false;
        Ok(())
    }

    async fn resize(&mut self, vcpus: u32, memory_mb: u64) -> Result<bool> {
        let container_name = self.container_name();
        let output = Command::new(self.runtime.cmd())
            .args([
                "update",
                "--cpus",
                &vcpus.to_string(),
                "--memory",
                &format!("{}m", memory_mb),
                &container_name,
            ])
            .output()
            .context("Failed to resize container")?;

        if !output.status.success() {
            let stderr = String::from_utf8_lossy(&output.stderr);
            eprintln!(
                "Warning: in-place resize not supported for '{}': {}",
                container_name,
                stderr.trim()
            );
            return Ok(false);
        }

        Ok(true)
    }

    fn name(&self) -> &str {
        &self.name
    }

    fn backend_type(&self) -> BackendType {
        self.runtime.to_backend_type()
    }

    fn is_running(&self) -> bool {
        // Check Docker directly - don't rely on internal state since
        // we might be reconnecting to an existing container
        let container_name = self.container_name();
        Command::new(self.runtime.cmd())
            .args(["ps", "-q", "-f", &format!("name={}", container_name)])
            .output()
            .map(|o| !String::from_utf8_lossy(&o.stdout).trim().is_empty())
            .unwrap_or(false)
    }

    async fn write_file_unchecked(&mut self, path: &str, content: &[u8]) -> Result<()> {
        self.write_file_impl(path, content).await
    }

    async fn read_file_unchecked(&mut self, path: &str) -> Result<Vec<u8>> {
        self.read_file_impl(path).await
    }

    async fn remove_file_unchecked(&mut self, path: &str) -> Result<()> {
        let container_name = self.container_name();
        let output = Command::new(self.runtime.cmd())
            .args(["exec", &container_name, "rm", "-f", path])
            .output()
            .context("Failed to remove file in container")?;

        if !output.status.success() {
            let stderr = String::from_utf8_lossy(&output.stderr);
            bail!("rm failed: {}", stderr);
        }

        Ok(())
    }

    async fn mkdir_unchecked(&mut self, path: &str, recursive: bool) -> Result<()> {
        let container_name = self.container_name();
        let mut args = vec!["exec", &container_name, "mkdir"];
        if recursive {
            args.push("-p");
        }
        args.push(path);

        let output = Command::new(self.runtime.cmd())
            .args(&args)
            .output()
            .context("Failed to create directory in container")?;

        if !output.status.success() {
            let stderr = String::from_utf8_lossy(&output.stderr);
            bail!("mkdir failed: {}", stderr);
        }

        Ok(())
    }

    async fn attach(&mut self, shell: Option<&str>) -> Result<i32> {
        self.attach_with_env(shell, &[]).await
    }

    async fn attach_with_env(&mut self, shell: Option<&str>, env: &[String]) -> Result<i32> {
        // Check Docker directly since we might be reconnecting to an existing container
        if !self.is_running() {
            bail!("Container is not running");
        }

        let container_name = self.container_name();
        let shell_cmd = shell.unwrap_or("/bin/sh");

        // Build the docker exec command
        let mut docker_args = vec!["exec".to_string(), "-it".to_string()];
        for e in env {
            docker_args.push("-e".to_string());
            docker_args.push(e.clone());
        }
        docker_args.push(container_name);
        docker_args.push(shell_cmd.to_string());

        let runtime_cmd = self.runtime.cmd();

        // Check if recording was requested via AGENTKERNEL_RECORD env var
        // (set by the attach command handler when --record is passed)
        let record_path = std::env::var("AGENTKERNEL_RECORD").ok();

        let status = if let Some(ref cast_path) = record_path {
            // Wrap with `script` to capture PTY I/O for session recording.
            // macOS: script -q <file> <cmd> [args...]
            // Linux: script -qc "<cmd> [args...]" <file>
            let full_cmd = std::iter::once(runtime_cmd.to_string())
                .chain(docker_args.iter().cloned())
                .collect::<Vec<_>>()
                .join(" ");

            let mut script_args = if cfg!(target_os = "macos") {
                vec!["-q".to_string(), cast_path.clone(), runtime_cmd.to_string()]
            } else {
                vec![
                    "-q".to_string(),
                    "-c".to_string(),
                    full_cmd,
                    cast_path.clone(),
                ]
            };

            if cfg!(target_os = "macos") {
                script_args.extend(docker_args);
            }

            std::process::Command::new("script")
                .args(&script_args)
                .stdin(std::process::Stdio::inherit())
                .stdout(std::process::Stdio::inherit())
                .stderr(std::process::Stdio::inherit())
                .status()
                .context("Failed to record session with script")?
        } else {
            std::process::Command::new(runtime_cmd)
                .args(&docker_args)
                .stdin(std::process::Stdio::inherit())
                .stdout(std::process::Stdio::inherit())
                .stderr(std::process::Stdio::inherit())
                .status()
                .context("Failed to attach to container")?
        };

        Ok(status.code().unwrap_or(-1))
    }
}

impl DockerSandbox {
    /// Run a command in a temporary container using `docker run --rm`
    /// This is faster than create→start→exec→stop for one-shot commands
    pub fn run_ephemeral_cmd(
        runtime: ContainerRuntime,
        image: &str,
        cmd: &[String],
        config: &SandboxConfig,
    ) -> Result<ExecResult> {
        let runtime_cmd = runtime.cmd();

        let mut args = vec![
            "run".to_string(),
            "--rm".to_string(), // auto-remove after exit
        ];

        // Add resource limits
        args.push(format!("--cpus={}", config.vcpus));
        args.push(format!("--memory={}m", config.memory_mb));

        // Network configuration
        if !config.network {
            args.push("--network=none".to_string());
        }

        // Port mappings (-p host:container[/udp])
        for pm in &config.ports {
            args.push("-p".to_string());
            args.push(pm.to_string());
        }

        // Mount working directory if requested
        if config.mount_cwd
            && let Some(ref work_dir) = config.work_dir
        {
            args.push("-v".to_string());
            args.push(format!("{}:/workspace", work_dir));
            args.push("-w".to_string());
            args.push("/workspace".to_string());
        }

        // Mount home directory if requested (read-only)
        if config.mount_home
            && let Some(home) = std::env::var_os("HOME")
        {
            args.push("-v".to_string());
            args.push(format!("{}:/home/user:ro", home.to_string_lossy()));
        }

        // Read-only root filesystem
        if config.read_only {
            args.push("--read-only".to_string());
        }

        // Add environment variables
        for (key, value) in &config.env {
            args.push("-e".to_string());
            args.push(format!("{}={}", key, value));
        }

        // Image and command
        args.push(image.to_string());
        args.extend(cmd.iter().cloned());

        // Run the container
        let output = Command::new(runtime_cmd)
            .args(&args)
            .output()
            .context("Failed to run container")?;

        let stdout = String::from_utf8_lossy(&output.stdout).to_string();
        let stderr = String::from_utf8_lossy(&output.stderr).to_string();
        let exit_code = output.status.code().unwrap_or(-1);

        Ok(ExecResult {
            exit_code,
            stdout,
            stderr,
        })
    }
}

impl Drop for DockerSandbox {
    fn drop(&mut self) {
        // Only clean up if running and not marked as persistent
        if self.running && !self.persistent {
            let container_name = self.container_name();
            let _ = Command::new(self.runtime.cmd())
                .args(["rm", "-f", &container_name])
                .output();
        }
    }
}