Conjure.Executor.Docker (Conjure v0.1.1-alpha)

View Source

Docker-based sandboxed execution backend.

This executor runs all commands and file operations inside a Docker container, providing strong isolation from the host system.

Features

  • Filesystem Isolation: Only mounted directories are accessible
  • Network Isolation: Network disabled by default
  • Resource Limits: Configurable memory and CPU limits
  • Security Hardening: No new privileges, read-only root filesystem

Requirements

  • Docker Engine 20.10+
  • Docker socket accessible to the BEAM process
  • conjure/sandbox image (or custom image)

Configuration

config :conjure, :executor_config,
  docker: %{
    image: "conjure/sandbox:latest",
    memory_limit: "512m",
    cpu_limit: "1.0",
    network: :none,
    tmpfs_size: "100M"
  }

Usage

context = Conjure.ExecutionContext.new(
  skills_root: "/opt/skills",
  working_directory: "/tmp/session-123",
  executor_config: %{
    image: "conjure/sandbox:latest"
  }
)

{:ok, context} = Conjure.Executor.Docker.init(context)
{:ok, output} = Conjure.Executor.Docker.bash("python3 --version", context)
:ok = Conjure.Executor.Docker.cleanup(context)

Summary

Functions

build_image(opts \\ [])

Build the default sandbox Docker image.

check_environment(opts \\ [])

Check if Docker is available and the image exists.

default_dockerfile()

Returns the default Dockerfile for the sandbox image.

Functions

build_image(opts \\ [])

@spec build_image(keyword()) :: :ok | {:error, term()}

Build the default sandbox Docker image.

check_environment(opts \\ [])

@spec check_environment(keyword()) :: :ok | {:error, term()}

Check if Docker is available and the image exists.

default_dockerfile()

@spec default_dockerfile() :: String.t()

Returns the default Dockerfile for the sandbox image.