feat: add SandboxManager for per-session container lifecycle
This commit is contained in:
William Valentin
@@ -0,0 +1,91 @@
|
|||||||
|
import { describe, it, expect, vi, beforeEach } from 'vitest';
|
||||||
|
import { SandboxManager } from './manager.js';
|
||||||
|
import { DockerSandbox } from './docker.js';
|
||||||
|
import type { SandboxConfig } from '../config/schema.js';
|
||||||
|
|
||||||
|
// Mock DockerSandbox
|
||||||
|
vi.mock('./docker.js', () => ({
|
||||||
|
DockerSandbox: vi.fn().mockImplementation(() => ({
|
||||||
|
create: vi.fn().mockResolvedValue(undefined),
|
||||||
|
destroy: vi.fn().mockResolvedValue(undefined),
|
||||||
|
exec: vi.fn().mockResolvedValue({ stdout: '', stderr: '' }),
|
||||||
|
containerId: 'mock-container',
|
||||||
|
})),
|
||||||
|
}));
|
||||||
|
|
||||||
|
describe('SandboxManager', () => {
|
||||||
|
const defaultConfig: SandboxConfig = {
|
||||||
|
enabled: true,
|
||||||
|
image: 'node:22-slim',
|
||||||
|
workspace_dir: '/workspace',
|
||||||
|
network: 'none',
|
||||||
|
memory_limit: '512m',
|
||||||
|
cpu_limit: '1.0',
|
||||||
|
timeout_seconds: 300,
|
||||||
|
};
|
||||||
|
|
||||||
|
beforeEach(() => {
|
||||||
|
vi.clearAllMocks();
|
||||||
|
});
|
||||||
|
|
||||||
|
describe('getOrCreate()', () => {
|
||||||
|
it('creates a new sandbox for unknown session', async () => {
|
||||||
|
const manager = new SandboxManager(defaultConfig);
|
||||||
|
const sandbox = await manager.getOrCreate('session-1');
|
||||||
|
|
||||||
|
expect(DockerSandbox).toHaveBeenCalledWith(expect.objectContaining({
|
||||||
|
sessionId: 'session-1',
|
||||||
|
image: 'node:22-slim',
|
||||||
|
}));
|
||||||
|
expect(sandbox.create).toHaveBeenCalled();
|
||||||
|
});
|
||||||
|
|
||||||
|
it('reuses existing sandbox for same session', async () => {
|
||||||
|
const manager = new SandboxManager(defaultConfig);
|
||||||
|
const first = await manager.getOrCreate('session-1');
|
||||||
|
const second = await manager.getOrCreate('session-1');
|
||||||
|
|
||||||
|
expect(first).toBe(second);
|
||||||
|
expect(DockerSandbox).toHaveBeenCalledTimes(1);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('creates separate sandboxes for different sessions', async () => {
|
||||||
|
const manager = new SandboxManager(defaultConfig);
|
||||||
|
await manager.getOrCreate('session-1');
|
||||||
|
await manager.getOrCreate('session-2');
|
||||||
|
|
||||||
|
expect(DockerSandbox).toHaveBeenCalledTimes(2);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
describe('destroy()', () => {
|
||||||
|
it('destroys sandbox and removes from cache', async () => {
|
||||||
|
const manager = new SandboxManager(defaultConfig);
|
||||||
|
const sandbox = await manager.getOrCreate('session-1');
|
||||||
|
|
||||||
|
await manager.destroy('session-1');
|
||||||
|
expect(sandbox.destroy).toHaveBeenCalled();
|
||||||
|
|
||||||
|
// Should create a new one now
|
||||||
|
await manager.getOrCreate('session-1');
|
||||||
|
expect(DockerSandbox).toHaveBeenCalledTimes(2);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('does nothing for unknown session', async () => {
|
||||||
|
const manager = new SandboxManager(defaultConfig);
|
||||||
|
await manager.destroy('nonexistent'); // should not throw
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
describe('destroyAll()', () => {
|
||||||
|
it('destroys all sandboxes', async () => {
|
||||||
|
const manager = new SandboxManager(defaultConfig);
|
||||||
|
const s1 = await manager.getOrCreate('session-1');
|
||||||
|
const s2 = await manager.getOrCreate('session-2');
|
||||||
|
|
||||||
|
await manager.destroyAll();
|
||||||
|
expect(s1.destroy).toHaveBeenCalled();
|
||||||
|
expect(s2.destroy).toHaveBeenCalled();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
@@ -0,0 +1,55 @@
|
|||||||
|
import { DockerSandbox } from './docker.js';
|
||||||
|
import type { SandboxConfig } from '../config/schema.js';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Manages per-session Docker sandboxes.
|
||||||
|
* Creates containers lazily on first access, destroys on session cleanup.
|
||||||
|
*/
|
||||||
|
export class SandboxManager {
|
||||||
|
private sandboxes = new Map<string, DockerSandbox>();
|
||||||
|
private config: SandboxConfig;
|
||||||
|
|
||||||
|
constructor(config: SandboxConfig) {
|
||||||
|
this.config = config;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Get or create a sandbox for a session. */
|
||||||
|
async getOrCreate(sessionId: string): Promise<DockerSandbox> {
|
||||||
|
let sandbox = this.sandboxes.get(sessionId);
|
||||||
|
if (sandbox) return sandbox;
|
||||||
|
|
||||||
|
sandbox = new DockerSandbox({
|
||||||
|
sessionId,
|
||||||
|
image: this.config.image,
|
||||||
|
workspaceDir: this.config.workspace_dir,
|
||||||
|
network: this.config.network,
|
||||||
|
memoryLimit: this.config.memory_limit,
|
||||||
|
cpuLimit: this.config.cpu_limit,
|
||||||
|
timeoutSeconds: this.config.timeout_seconds,
|
||||||
|
});
|
||||||
|
|
||||||
|
await sandbox.create();
|
||||||
|
this.sandboxes.set(sessionId, sandbox);
|
||||||
|
return sandbox;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Destroy a specific session's sandbox. */
|
||||||
|
async destroy(sessionId: string): Promise<void> {
|
||||||
|
const sandbox = this.sandboxes.get(sessionId);
|
||||||
|
if (!sandbox) return;
|
||||||
|
|
||||||
|
await sandbox.destroy();
|
||||||
|
this.sandboxes.delete(sessionId);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Destroy all sandboxes (daemon shutdown). */
|
||||||
|
async destroyAll(): Promise<void> {
|
||||||
|
const entries = Array.from(this.sandboxes.entries());
|
||||||
|
await Promise.allSettled(
|
||||||
|
entries.map(async ([_id, sandbox]) => {
|
||||||
|
await sandbox.destroy();
|
||||||
|
}),
|
||||||
|
);
|
||||||
|
this.sandboxes.clear();
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user