zcdsj
/
zcbot
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
zcbot/core
History
caoqianming 160e801ab0 Stage C Step 2: Docker per-user 容器池 + iptables blocklist 基底 
- deploy/sandbox/Dockerfile: python:3.11-slim + tini + iptables + non-root uid via HOST_UID build-arg + 全套 requirements
- deploy/sandbox/init.sh: 6 段红线 IPv4 + ::1 + ZCBOT_PG_IPS 环境注入,任一规则失败 fail-fast
- core/sandbox/network.py: ensure_network() 创 --internal zcbot-sandbox-net
- core/sandbox/pool.py: SandboxPool 容器命名 zcbot-sandbox-<user_id>,per-user asyncio.Lock,
  in-memory _last_active dict(Docker 23+ 移除 docker update --label-add),hardening flags
  全套(read-only / tmpfs / cap-drop ALL + NET_ADMIN / no-new-privileges / pids/mem/cpu limit /
  bind mount user_root → /workspace)
- core/sandbox/__init__.py: 公开 SandboxPool / container_name / setup_pool / NETWORK_NAME

Step 2 范围明确不含 AgentLoop 集成 / shell-run_python 切容器 / egress proxy / reaper task ——
pool 孤立 commit,Step 3 接入。本地 Windows 无 docker 走不动,Ubuntu 上 5 条 smoke 命令
(build / iptables 段 / non-root uid / read-only / 销毁)写进 RUN.md "Sandbox(Stage C,Ubuntu)" 段。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 		2026-05-26 10:44:34 +08:00
..
sandbox Stage C Step 2: Docker per-user 容器池 + iptables blocklist 基底 2026-05-26 10:44:34 +08:00
storage feat(quotas): 媒体生成每账号每日上限 (默 20 图 / 5 视频, yaml 可配) 2026-05-22 15:21:39 +08:00
__init__.py Initial import: zcbot personal task agent 2026-05-06 11:02:59 +08:00
agent_builder.py Stage C Step 1: Executor 接口骨架 + HostExecutor in-process backend 2026-05-26 10:07:55 +08:00
ark_client.py feat(media): 接入豆包 Seedream 5.0 图像生成 tool + 0007 cost_usd→cost_cny 全表统一币种 2026-05-20 15:20:34 +08:00
bocha_client.py Add web_search and web_fetch tools via Bocha AI search API 2026-05-25 11:37:33 +08:00
capabilities.py model: 同 task 内切模型(c 模式 task 级 / A 粒度)+ usage_events v2 表(0006); GET /v1/models; 前端顶栏下拉 + 历史 model 切换点小标 2026-05-19 21:43:13 +08:00
executor.py Stage C Step 1: Executor 接口骨架 + HostExecutor in-process backend 2026-05-26 10:07:55 +08:00
executor_host.py Stage C Step 1: Executor 接口骨架 + HostExecutor in-process backend 2026-05-26 10:07:55 +08:00
export_docx.py core(0003): name + working_dir + skill schema 重构 + per-user .memory 2026-05-17 19:15:37 +08:00
llm.py fix(usage): 顶栏 token 累计修 — sync_task_tokens 改走 messages SUM,删 LLM.TokenCounter 2026-05-21 13:39:57 +08:00
loop.py Stage C Step 1: Executor 接口骨架 + HostExecutor in-process backend 2026-05-26 10:07:55 +08:00
memory.py auth(dev SPA): 邀请码登录(invites 表 0005) + SENTINEL user 彻底撤 2026-05-19 13:14:31 +08:00
paths.py refactor(paths): 砍 ROOT 外路径分支 — 写入入口只接 simple name join workspace 2026-05-20 22:05:32 +08:00
probe.py Phase 4 + 6: capability probe + task 概念 / state.json 2026-05-06 16:21:17 +08:00
session.py skills+core(命名约定): task 级宪法文件 <date>-<short_id>-<name>.spec.md + spec_lock → spec 简化 2026-05-20 14:03:21 +08:00
sinks.py fix(usage): 顶栏 token 累计修 — sync_task_tokens 改走 messages SUM,删 LLM.TokenCounter 2026-05-21 13:39:57 +08:00
skills.py Initial import: zcbot personal task agent 2026-05-06 11:02:59 +08:00
task.py feat(media): 接入豆包 Seedream 5.0 图像生成 tool + 0007 cost_usd→cost_cny 全表统一币种 2026-05-20 15:20:34 +08:00
ui.py core/ui: 抽出语义化 console 主题, 调用方去硬编码颜色 2026-05-07 16:10:11 +08:00