44 lines
1.5 KiB
TypeScript
44 lines
1.5 KiB
TypeScript
import type { SandboxContext, SandboxToolPolicy, SandboxWorkspaceAccess } from "../sandbox.js";
|
|
import type { SandboxFsBridge } from "../sandbox/fs-bridge.js";
|
|
|
|
type PiToolsSandboxContextParams = {
|
|
workspaceDir: string;
|
|
agentWorkspaceDir?: string;
|
|
workspaceAccess?: SandboxWorkspaceAccess;
|
|
fsBridge?: SandboxFsBridge;
|
|
tools?: SandboxToolPolicy;
|
|
browserAllowHostControl?: boolean;
|
|
sessionKey?: string;
|
|
containerName?: string;
|
|
containerWorkdir?: string;
|
|
dockerOverrides?: Partial<SandboxContext["docker"]>;
|
|
};
|
|
|
|
export function createPiToolsSandboxContext(params: PiToolsSandboxContextParams): SandboxContext {
|
|
const workspaceDir = params.workspaceDir;
|
|
return {
|
|
enabled: true,
|
|
sessionKey: params.sessionKey ?? "sandbox:test",
|
|
workspaceDir,
|
|
agentWorkspaceDir: params.agentWorkspaceDir ?? workspaceDir,
|
|
workspaceAccess: params.workspaceAccess ?? "rw",
|
|
containerName: params.containerName ?? "openclaw-sbx-test",
|
|
containerWorkdir: params.containerWorkdir ?? "/workspace",
|
|
fsBridge: params.fsBridge,
|
|
docker: {
|
|
image: "openclaw-sandbox:bookworm-slim",
|
|
containerPrefix: "openclaw-sbx-",
|
|
workdir: "/workspace",
|
|
readOnlyRoot: true,
|
|
tmpfs: [],
|
|
network: "none",
|
|
user: "1000:1000",
|
|
capDrop: ["ALL"],
|
|
env: { LANG: "C.UTF-8" },
|
|
...params.dockerOverrides,
|
|
},
|
|
tools: params.tools ?? { allow: [], deny: [] },
|
|
browserAllowHostControl: params.browserAllowHostControl ?? false,
|
|
};
|
|
}
|