WIP.

Author: efritz

src/chat/context.ts

@@ -5,6 +5,7 @@ import { ChatProviders } from '../providers/chat_providers'
 import { EmbeddingsProviders } from '../providers/embeddings_providers'
 import { Preferences } from '../providers/preferences'
 import { Rule } from '../rules/types'
+import { Container } from '../util/docker/container'
 import { InterruptHandler } from '../util/interrupts/interrupts'
 import { Prompter } from '../util/prompter/prompter'
 import { UsageTracker } from '../util/usage/tracker'
@@ -21,6 +22,7 @@ export type ChatContext = {
     contextStateManager: ContextStateManager
     yolo: boolean
     tools: string[]
+    container?: Container
 }
 
 export async function swapProvider(context: ChatContext, modelName: string): Promise<void> {

src/cli.ts

@@ -18,6 +18,7 @@ import { Rule } from './rules/types'
 import { buildSystemPrompt } from './system'
 import { seedAllowedCommands } from './tools/shell/shell_execute'
 import { removeDisabledTools } from './tools/tools'
+import { startContainer } from './util/docker/container'
 import { createInterruptHandler, InterruptHandlerOptions } from './util/interrupts/interrupts'
 import { createPrompter } from './util/prompter/prompter'
 import { createLimiter } from './util/ratelimits/limiter'
@@ -61,13 +62,17 @@ async function main() {
     const disableToolsFlags = '--disable-tools <string>'
     const disableToolsDescription = 'Comma-separated list of tool names to disable.'
 
+    const sandboxedFlags = '--sandboxed'
+    const sandboxedDescription = 'Run shell commands in a Docker container (alpine image).'
+
     program
         .option(historyFlags, historyDescription)
         .option(portFlags, portDescription)
         .option(cwdFlags, cwdDescription)
         .option(yoloFlags, yoloDescription)
         .option(oneShotFlags, oneShotDescription)
         .option(disableToolsFlags, disableToolsDescription)
+        .option(sandboxedFlags, sandboxedDescription)
         .action(options => {
             if (options.cwd) {
                 process.chdir(options.cwd)
@@ -84,6 +89,7 @@ async function main() {
                 options.oneShot,
                 options.yolo,
                 options.disableTools,
+                options.sandboxed,
             )
         })
 
@@ -101,6 +107,7 @@ async function chat(
     oneShot?: string,
     yolo: boolean = false,
     disabledTools?: string,
+    sandboxed: boolean = false,
 ) {
     if (!process.stdin.setRawMode) {
         throw new Error('chat command is not supported in this environment.')
@@ -136,14 +143,20 @@ async function chat(
     await registerTools(client)
     await seedAllowedCommands()
 
+    const interruptHandler = createInterruptHandler(rl)
+    const interruptInputOptions = rootInterruptHandlerOptions(rl)
+
+    const container = sandboxed
+        ? await startContainer({ interruptHandler, preferences, contextStateManager })
+        : undefined
+
     try {
-        const interruptHandler = createInterruptHandler(rl)
-        const interruptInputOptions = rootInterruptHandlerOptions(rl)
         const prompter = createPrompter(
             rl,
             interruptHandler,
             attentionGetter(preferences.attentionCommand ?? defaultAttentionCommand),
         )
+
         const provider = await providers.createProvider({
             contextState: contextStateManager,
             modelName: preferences.defaultModel,
@@ -164,6 +177,7 @@ async function chat(
             contextStateManager,
             yolo,
             tools: allowedToolNames,
+            container,
         }
 
         await registerContextListeners(context, client)
@@ -180,6 +194,7 @@ async function chat(
             interruptInputOptions,
         )
     } finally {
+        await container?.stop()
         process.stdin.unpipe(filter)
         filter.destroy()
         rl.close()

src/util/docker/container.ts

@@ -0,0 +1,42 @@
+import chalk from 'chalk'
+import { ExecContext, execOnHost } from '../shell/exec'
+
+export type Container = Awaited<ReturnType<typeof startContainer>>
+
+export async function startContainer(context: ExecContext) {
+    const imageName = 'alpine'
+    let containerId = ''
+
+    console.log(`${chalk.dim('ℹ')} Starting Docker container...`)
+
+    try {
+        const output = await execOnHost(
+            context,
+            `docker run -d -v "${process.cwd()}:/workspace" -w /workspace ${imageName} tail -f /dev/null`,
+        )
+        for (const line of output) {
+            containerId = line.content.trim()
+        }
+
+        console.log(`${chalk.green('✓')} Docker container ${containerId} started`)
+    } catch (error: any) {
+        throw new Error(`Failed to start Docker container: ${error.message}`)
+    }
+
+    const stop = async () => {
+        console.log(`${chalk.dim('ℹ')} Stopping Docker container...`)
+
+        try {
+            await execOnHost(context, `docker stop ${containerId}`)
+            await execOnHost(context, `docker rm ${containerId}`)
+            console.log(`${chalk.green('✓')} Docker container stopped and removed`)
+        } catch (error: any) {
+            console.warn(`${chalk.yellow('⚠')} Failed to clean up container: ${error.message}`)
+        }
+    }
+
+    return {
+        containerId: () => containerId,
+        stop,
+    }
+}

src/util/shell/exec.ts

@@ -15,11 +15,14 @@ export type OutputLine = {
     content: string
 }
 
+export type ExecContext = Pick<ChatContext, 'interruptHandler' | 'preferences' | 'contextStateManager' | 'container'>
+
 export async function executeCommand(
-    context: ChatContext,
+    context: ExecContext,
     command: string,
+    signal?: AbortSignal, // TODO - check callers
 ): Promise<{ result?: ShellResult; error?: Error; canceled?: boolean }> {
-    const response = await withProgress<OutputLine[]>(update => runCommand(context, command, update), {
+    const response = await withProgress<OutputLine[]>(update => runCommand(context, command, update, signal), {
         progress: prefixFormatter('Executing command...', formatOutput),
         success: prefixFormatter('Command succeeded.', formatOutput),
         failure: prefixFormatter('Command failed.', formatOutput),
@@ -43,7 +46,26 @@ export async function executeCommand(
     }
 }
 
-async function runCommand(context: ChatContext, command: string, update: Updater<OutputLine[]>): Promise<OutputLine[]> {
+async function runCommand(
+    context: ExecContext,
+    command: string,
+    update: Updater<OutputLine[]> = () => {},
+    signal?: AbortSignal,
+): Promise<OutputLine[]> {
+    const containerId = context.container?.containerId
+    if (containerId) {
+        command = `docker exec ${containerId} sh -c ${command}`
+    }
+
+    return execOnHost(context, command, update, signal)
+}
+
+export async function execOnHost(
+    context: ExecContext,
+    command: string,
+    update: Updater<OutputLine[]> = () => {},
+    _signal?: AbortSignal, // TODO - use
+): Promise<OutputLine[]> {
     return context.interruptHandler.withInterruptHandler(signal => {
         return new Promise((resolve, reject) => {
             const output: OutputLine[] = []