Class: Ace::Test::EndToEndRunner::Molecules::BwrapSandboxBackend

Inherits:

Object

Object
Ace::Test::EndToEndRunner::Molecules::BwrapSandboxBackend

show all

Defined in:: lib/ace/test/end_to_end_runner/molecules/bwrap_sandbox_backend.rb

Overview

Wraps subprocesses in a lightweight bubblewrap sandbox on Linux.

Constant Summary collapse

BUNDLER_ENV_PREFIXES =

%w[BUNDLE BUNDLER].freeze

STRIPPED_ENV_KEYS =

%w[RUBYOPT RUBYLIB].freeze

PROVIDER_HOME_MOUNTS =

[
  [".claude", ".claude"],
  [".codex", ".codex"],
  [".gemini", ".gemini"],
  [".pi", ".pi"],
  [".local/share/opencode", ".local/share/opencode"]
].freeze

DEFAULT_SYSTEM_MOUNTS =

%w[/usr /bin /sbin /lib /lib64 /etc /opt /var/lib/flatpak/exports].freeze

Instance Attribute Summary collapse

#sandbox_root ⇒ Object readonly

Returns the value of attribute sandbox_root.

Class Method Summary collapse

.available?(bwrap_path: "bwrap") ⇒ Boolean
.supported? ⇒ Boolean

Instance Method Summary collapse

#capture3(cmd, chdir:, env: {}, stdin_data: nil) ⇒ Object
#command_prefix(chdir:, env: {}) ⇒ Object
#ensure_available! ⇒ Object
#exec(cmd, chdir:, env: {}) ⇒ Object
#initialize(sandbox_root:, source_root: nil, bwrap_path: "bwrap", outer_env: nil) ⇒ BwrapSandboxBackend constructor

A new instance of BwrapSandboxBackend.
#prepared_env(base_env = {}) ⇒ Object
#wrap_command(cmd, chdir:, env: {}) ⇒ Object

Constructor Details

#initialize(sandbox_root:, source_root: nil, bwrap_path: "bwrap", outer_env: nil) ⇒ `BwrapSandboxBackend`

Returns a new instance of BwrapSandboxBackend.

# File 'lib/ace/test/end_to_end_runner/molecules/bwrap_sandbox_backend.rb', line 36

def initialize(sandbox_root:, source_root: nil, bwrap_path: "bwrap", outer_env: nil)
  @sandbox_root = File.expand_path(sandbox_root)
  @source_root = source_root ? File.expand_path(source_root) : infer_source_root
  @bwrap_path = bwrap_path
  @outer_env = sanitized_outer_env(outer_env)
end

Instance Attribute Details

#sandbox_root ⇒ `Object` (readonly)

Returns the value of attribute sandbox_root.



24
25
26

# File 'lib/ace/test/end_to_end_runner/molecules/bwrap_sandbox_backend.rb', line 24

def sandbox_root
  @sandbox_root
end

Class Method Details

.available?(bwrap_path: "bwrap") ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/ace/test/end_to_end_runner/molecules/bwrap_sandbox_backend.rb', line 30

def self.available?(bwrap_path: "bwrap")
  return false unless supported?

  system("which", bwrap_path, out: File::NULL, err: File::NULL)
end

.supported? ⇒ `Boolean`

Returns:

(Boolean)



26
27
28

# File 'lib/ace/test/end_to_end_runner/molecules/bwrap_sandbox_backend.rb', line 26

def self.supported?
  Gem.win_platform? == false && RUBY_PLATFORM.include?("linux")
end

Instance Method Details

#capture3(cmd, chdir:, env: {}, stdin_data: nil) ⇒ `Object`

# File 'lib/ace/test/end_to_end_runner/molecules/bwrap_sandbox_backend.rb', line 127

def capture3(cmd, chdir:, env: {}, stdin_data: nil)
  Open3.capture3(
    @outer_env,
    *wrap_command(cmd, chdir: chdir, env: env),
    chdir: "/",
    stdin_data: stdin_data
  )
end

#command_prefix(chdir:, env: {}) ⇒ `Object`

# File 'lib/ace/test/end_to_end_runner/molecules/bwrap_sandbox_backend.rb', line 72

def command_prefix(chdir:, env: {})
  ensure_available!
  merged_env = prepared_env(env)
  ensure_runtime_dirs(merged_env)

  args = [
    @bwrap_path,
    "--clearenv",
    "--die-with-parent",
    "--new-session",
    "--proc", "/proc",
    "--dev-bind", "/dev", "/dev",
    "--tmpfs", "/tmp",
    "--tmpfs", home_root,
    "--dir", merged_env.fetch("HOME"),
    "--bind", merged_env.fetch("HOME"), merged_env.fetch("HOME")
  ]

  host_mounts(merged_env.fetch("PATH")).each do |mount|
    append_bind(args, mount, mount, read_only: true)
  end
  append_bind(args, @source_root, @source_root, read_only: true) if @source_root
  append_bind(args, @sandbox_root, @sandbox_root, read_only: false)
  append_bind(args, support_root, support_root, read_only: false)
  ruby_root = merged_env["ACE_E2E_SANDBOX_RUBY_ROOT"].to_s
  append_bind(args, ruby_root, ruby_root, read_only: true) if !ruby_root.empty? && File.exist?(ruby_root)
  bind_provider_homes(args, merged_env.fetch("HOME"))

  setenvs = {
    "HOME" => merged_env.fetch("HOME"),
    "TMPDIR" => merged_env.fetch("TMPDIR"),
    "XDG_RUNTIME_DIR" => merged_env.fetch("XDG_RUNTIME_DIR"),
    "TMUX_TMPDIR" => merged_env.fetch("TMUX_TMPDIR"),
    "PATH" => merged_env.fetch("PATH"),
    "PROJECT_ROOT_PATH" => merged_env.fetch("PROJECT_ROOT_PATH")
  }
  setenvs["ACE_E2E_SOURCE_ROOT"] = merged_env["ACE_E2E_SOURCE_ROOT"] if merged_env["ACE_E2E_SOURCE_ROOT"]
  setenvs["ACE_E2E_SANDBOX_RUBY_ROOT"] = ruby_root unless ruby_root.empty?
  setenvs["ACE_TMUX_SESSION"] = merged_env["ACE_TMUX_SESSION"] if merged_env["ACE_TMUX_SESSION"]

  merged_env.each do |key, value|
    next if setenvs.key?(key)
    next if value.nil?

    setenvs[key] = value.to_s
  end

  setenvs.each do |key, value|
    args.concat(["--setenv", key, value])
  end

  args.concat(["--chdir", File.expand_path(chdir), "--"])
  args
end

#ensure_available! ⇒ `Object`

# File 'lib/ace/test/end_to_end_runner/molecules/bwrap_sandbox_backend.rb', line 43

def ensure_available!
  return if self.class.available?(bwrap_path: @bwrap_path)

  raise "bubblewrap is required for Linux E2E sandboxing but '#{@bwrap_path}' is not available"
end

#exec(cmd, chdir:, env: {}) ⇒ `Object`



136
137
138

# File 'lib/ace/test/end_to_end_runner/molecules/bwrap_sandbox_backend.rb', line 136

def exec(cmd, chdir:, env: {})
  Kernel.exec(@outer_env, *wrap_command(cmd, chdir: chdir, env: env))
end

#prepared_env(base_env = {}) ⇒ `Object`

# File 'lib/ace/test/end_to_end_runner/molecules/bwrap_sandbox_backend.rb', line 49

def prepared_env(base_env = {})
  env = stringify_keys(base_env)
  STRIPPED_ENV_KEYS.each { |key| env.delete(key) }
  env["PROJECT_ROOT_PATH"] = @sandbox_root
  env["ACE_E2E_SOURCE_ROOT"] ||= @source_root if @source_root
  env["HOME"] = sandbox_home
  env["TMPDIR"] = sandbox_tmp
  env["XDG_RUNTIME_DIR"] = sandbox_runtime_dir
  env["TMUX_TMPDIR"] ||= sandbox_runtime_dir
  env["BUNDLE_GEMFILE"] ||= File.join(@sandbox_root, ".ace-local", "e2e-runtime", "Gemfile")
  env["ACE_CONFIG_PATH"] ||= File.join(@sandbox_root, ".ace")
  env["BUNDLE_APP_CONFIG"] ||= bundler_app_config
  env["BUNDLE_USER_HOME"] ||= bundler_home
  env["BUNDLE_USER_CACHE"] ||= bundler_cache
  env["BUNDLE_USER_CONFIG"] ||= bundler_user_config
  env["PATH"] ||= ENV["PATH"].to_s
  env
end

#wrap_command(cmd, chdir:, env: {}) ⇒ `Object`



68
69
70

# File 'lib/ace/test/end_to_end_runner/molecules/bwrap_sandbox_backend.rb', line 68

def wrap_command(cmd, chdir:, env: {})
  command_prefix(chdir: chdir, env: env) + Array(cmd)
end

Class: Ace::Test::EndToEndRunner::Molecules::BwrapSandboxBackend

Overview

Constant Summary collapse

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(sandbox_root:, source_root: nil, bwrap_path: "bwrap", outer_env: nil) ⇒ BwrapSandboxBackend

Instance Attribute Details

#sandbox_root ⇒ Object (readonly)

Class Method Details

.available?(bwrap_path: "bwrap") ⇒ Boolean

.supported? ⇒ Boolean

Instance Method Details

#capture3(cmd, chdir:, env: {}, stdin_data: nil) ⇒ Object

#command_prefix(chdir:, env: {}) ⇒ Object

#ensure_available! ⇒ Object

#exec(cmd, chdir:, env: {}) ⇒ Object

#prepared_env(base_env = {}) ⇒ Object

#wrap_command(cmd, chdir:, env: {}) ⇒ Object