symbi-runtime 1.15.2

Agent Runtime System for the Symbi platform
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250

//! E2B.dev sandbox implementation
//!
//! Provides integration with E2B.dev cloud sandboxing service for secure code execution.

use super::{ExecutionResult, SandboxRunner};
use async_trait::async_trait;
use std::collections::HashMap;

/// E2B sandbox implementation for cloud-based code execution
#[derive(Debug, Clone)]
pub struct E2BSandbox {
    /// API key for E2B.dev service
    pub api_key: String,
    /// E2B service endpoint URL
    pub endpoint: String,
}

impl E2BSandbox {
    /// Create a new E2B sandbox instance
    ///
    /// # Arguments
    /// * `api_key` - API key for E2B.dev service authentication
    /// * `endpoint` - E2B service endpoint URL
    ///
    /// # Returns
    /// New E2BSandbox instance
    pub fn new(api_key: String, endpoint: String) -> Self {
        Self { api_key, endpoint }
    }

    /// Create E2B sandbox with default endpoint
    ///
    /// # Arguments
    /// * `api_key` - API key for E2B.dev service authentication
    ///
    /// # Returns
    /// New E2BSandbox instance with default endpoint
    pub fn new_with_default_endpoint(api_key: String) -> Self {
        Self::new(api_key, "https://api.e2b.dev".to_string())
    }

    /// Validate that the configured endpoint is safe to send sandboxed code and
    /// the bearer API key to.
    ///
    /// Defends against endpoint redirection / SSRF and API-key exfiltration
    /// (codered F-pattern-scout-0004): the endpoint must use `https` (so the key
    /// is never sent in plaintext) and must be an `e2b.dev` host. Self-hosted
    /// deployments can allowlist additional hosts via `SYMBIONT_E2B_ALLOWED_HOSTS`
    /// (comma-separated), which still requires `https`.
    fn validate_endpoint(endpoint: &str) -> Result<(), String> {
        let url = url::Url::parse(endpoint)
            .map_err(|e| format!("invalid endpoint URL '{}': {}", endpoint, e))?;
        if url.scheme() != "https" {
            return Err(format!(
                "endpoint must use https to protect the API key in transit, got '{}'",
                url.scheme()
            ));
        }
        let host = url
            .host_str()
            .ok_or_else(|| "endpoint has no host".to_string())?
            .to_ascii_lowercase();
        if host == "e2b.dev" || host.ends_with(".e2b.dev") {
            return Ok(());
        }
        let allowed = std::env::var("SYMBIONT_E2B_ALLOWED_HOSTS").unwrap_or_default();
        if allowed
            .split(',')
            .map(|h| h.trim().to_ascii_lowercase())
            .any(|h| !h.is_empty() && h == host)
        {
            return Ok(());
        }
        Err(format!(
            "endpoint host '{}' is not an allowed E2B host \
             (set SYMBIONT_E2B_ALLOWED_HOSTS for self-hosted deployments)",
            host
        ))
    }
}

#[async_trait]
impl SandboxRunner for E2BSandbox {
    async fn execute(
        &self,
        code: &str,
        env: HashMap<String, String>,
    ) -> Result<ExecutionResult, anyhow::Error> {
        tracing::debug!(
            "E2B sandbox execution requested for {} chars of code with {} env vars",
            code.len(),
            env.len()
        );

        // Refuse to ship code + the bearer API key to an untrusted endpoint.
        Self::validate_endpoint(&self.endpoint)
            .map_err(|e| anyhow::anyhow!("Refusing E2B execution: {}", e))?;

        // Create HTTP client with timeout
        let client = reqwest::Client::builder()
            .timeout(std::time::Duration::from_secs(30))
            .build()
            .map_err(|e| anyhow::anyhow!("Failed to create HTTP client: {}", e))?;

        // Prepare execution request payload
        let execution_request = serde_json::json!({
            "code": code,
            "environment": env,
            "timeout": 30000, // 30 seconds in milliseconds
            "language": "python" // Default to Python, could be configurable
        });

        let execution_url = format!("{}/v1/sandboxes/execute", self.endpoint);

        // Make HTTP request to E2B API
        let start_time = std::time::Instant::now();
        let response = client
            .post(&execution_url)
            .header("Authorization", format!("Bearer {}", self.api_key))
            .header("Content-Type", "application/json")
            .json(&execution_request)
            .send()
            .await
            .map_err(|e| anyhow::anyhow!("E2B API request failed: {}", e))?;

        let execution_duration = start_time.elapsed().as_millis() as u64;
        let status_code = response.status();

        if !status_code.is_success() {
            let error_text = response.text().await.unwrap_or_default();
            return Err(anyhow::anyhow!(
                "E2B execution failed with status {}: {}",
                status_code,
                error_text
            ));
        }

        // Parse response
        let response_json: serde_json::Value = response
            .json()
            .await
            .map_err(|e| anyhow::anyhow!("Failed to parse E2B response: {}", e))?;

        // Extract execution results
        let success = response_json
            .get("success")
            .and_then(|v| v.as_bool())
            .unwrap_or(false);

        let stdout = response_json
            .get("stdout")
            .and_then(|v| v.as_str())
            .unwrap_or("")
            .to_string();

        let stderr = response_json
            .get("stderr")
            .and_then(|v| v.as_str())
            .unwrap_or("")
            .to_string();

        let exit_code = response_json
            .get("exit_code")
            .and_then(|v| v.as_i64())
            .unwrap_or(if success { 0 } else { 1 }) as i32;

        tracing::info!(
            "E2B execution completed in {}ms, exit_code: {}, success: {}",
            execution_duration,
            exit_code,
            success
        );

        if success {
            Ok(ExecutionResult::success(stdout, execution_duration))
        } else {
            Ok(ExecutionResult::failure(
                exit_code,
                stderr,
                execution_duration,
            ))
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_e2b_sandbox_creation() {
        let sandbox = E2BSandbox::new(
            "test_api_key".to_string(),
            "https://test.e2b.dev".to_string(),
        );

        assert_eq!(sandbox.api_key, "test_api_key");
        assert_eq!(sandbox.endpoint, "https://test.e2b.dev");
    }

    #[test]
    fn test_e2b_sandbox_default_endpoint() {
        let sandbox = E2BSandbox::new_with_default_endpoint("test_api_key".to_string());

        assert_eq!(sandbox.api_key, "test_api_key");
        assert_eq!(sandbox.endpoint, "https://api.e2b.dev");
    }

    #[test]
    fn test_validate_endpoint() {
        // Allowed: https to an e2b.dev host.
        assert!(E2BSandbox::validate_endpoint("https://api.e2b.dev").is_ok());
        assert!(E2BSandbox::validate_endpoint("https://test.e2b.dev").is_ok());
        // Rejected: plaintext http (would leak the bearer key).
        assert!(E2BSandbox::validate_endpoint("http://api.e2b.dev").is_err());
        // Rejected: redirection to an attacker host / metadata service.
        assert!(E2BSandbox::validate_endpoint("https://evil.example.com").is_err());
        assert!(E2BSandbox::validate_endpoint("http://169.254.169.254").is_err());
        // Rejected: unparseable.
        assert!(E2BSandbox::validate_endpoint("not a url").is_err());
    }

    #[tokio::test]
    async fn test_execute_refuses_untrusted_endpoint() {
        let sandbox = E2BSandbox::new("k".to_string(), "http://evil.example.com".to_string());
        let err = sandbox
            .execute("print('x')", HashMap::new())
            .await
            .unwrap_err();
        assert!(err.to_string().contains("Refusing E2B execution"));
    }

    #[tokio::test]
    #[ignore = "requires live E2B API endpoint"]
    async fn test_e2b_sandbox_execute() {
        let sandbox = E2BSandbox::new(
            "test_api_key".to_string(),
            "https://test.e2b.dev".to_string(),
        );

        let mut env = HashMap::new();
        env.insert("TEST_VAR".to_string(), "test_value".to_string());

        let result = sandbox.execute("print('hello')", env).await.unwrap();

        assert!(result.success);
        assert_eq!(result.exit_code, 0);
        assert!(!result.stdout.is_empty());
    }
}