execkit 0.7.2

Stateful, structured, safe shell sessions for AI agents on real infrastructure.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

// SPDX-License-Identifier: Apache-2.0
//! Docker transport: a session inside a running container via `docker exec`.
//!
//! This is the local PTY transport driving the `docker` CLI, plus in-container
//! cleanup. Killing the `docker exec` *client* (what the PTY child kill does)
//! does NOT stop the shell it started inside the container, so on drop we
//! best-effort kill our marked process tree there - otherwise a dropped or
//! timed-out session would leave a shell (and any still-running command) alive.

use std::process::{Command, Stdio};
use std::time::Duration;

use super::local::LocalPty;
use super::Transport;
use crate::error::Result;

pub struct DockerExec {
    inner: LocalPty,
    container: String,
    marker: String,
}

impl DockerExec {
    /// `marker` is a per-session token; the container shell and every command it
    /// spawns inherit it as `EXECKIT_SID`, so drop-cleanup can find the tree.
    pub fn spawn(container: &str, marker: &str) -> Result<Self> {
        let env = format!("EXECKIT_SID={marker}");
        // -t so the container shell line-buffers (a pipe block-buffers and the
        // sentinel markers never flush); -- so a `-`-leading name can't be a flag.
        let inner = LocalPty::spawn(
            "docker",
            &["exec", "-it", "-e", &env, "--", container, "/bin/sh"],
        )?;
        Ok(Self {
            inner,
            container: container.to_string(),
            marker: marker.to_string(),
        })
    }
}

impl Transport for DockerExec {
    fn write_all(&mut self, bytes: &[u8]) -> Result<()> {
        self.inner.write_all(bytes)
    }

    fn recv_timeout(&self, dur: Duration) -> Option<Vec<u8>> {
        self.inner.recv_timeout(dur)
    }
}

impl Drop for DockerExec {
    fn drop(&mut self) {
        // Best-effort: kill every process in the container whose environ carries
        // our marker (the shell and its children). Portable across busybox/dash
        // (uses /proc, tr, grep, kill). Runs before `inner` (LocalPty) drops and
        // kills the client. Best-effort only: an adversarial command that unsets
        // EXECKIT_SID before forking can evade it.
        let script = format!(
            "for p in /proc/[0-9]*; do \
               tr '\\0' '\\n' < \"$p/environ\" 2>/dev/null | grep -qx 'EXECKIT_SID={m}' && \
               kill -9 \"${{p#/proc/}}\" 2>/dev/null; \
             done",
            m = self.marker
        );
        let _ = Command::new("docker")
            .args(["exec", "--", &self.container, "/bin/sh", "-c", &script])
            .stdin(Stdio::null())
            .stdout(Stdio::null())
            .stderr(Stdio::null())
            .status();
    }
}