Class: OllamaAgent::Runtime::IsolatedValidator

Inherits:

Object

Object
OllamaAgent::Runtime::IsolatedValidator

show all

Defined in:: lib/ollama_agent/runtime/isolated_validator.rb

Overview

Runs array-exec validation commands inside a locked-down Docker container (no host shell). rubocop:disable Metrics/ClassLength – Docker argv + capture + status interpretation stay together

Instance Method Summary collapse

#initialize(image:, workspace_root:, runtime_command: "docker", timeout_epochs: 300, wal: nil) ⇒ IsolatedValidator constructor

A new instance of IsolatedValidator.
#run(command:, manifest_id:, logical_stamp:) ⇒ Hash

Keys: :status, :exit_code, :stdout, :stderr, :image_digest.

Constructor Details

#initialize(image:, workspace_root:, runtime_command: "docker", timeout_epochs: 300, wal: nil) ⇒ `IsolatedValidator`

Returns a new instance of IsolatedValidator.

Parameters:

image (String) —

Docker image reference (digest recorded when available).
workspace_root (String) —

host path bind-mounted read-only at /workspace.
runtime_command (String) (defaults to: "docker") —

container CLI executable name or path (default docker).
timeout_epochs (Integer) (defaults to: 300) —

wall-clock seconds allowed for the container run (E7 naming; not logical epoch).
wal (WAL, nil) (defaults to: nil) —

optional WAL for mutation_step audit rows.

# File 'lib/ollama_agent/runtime/isolated_validator.rb', line 15

def initialize(image:, workspace_root:, runtime_command: "docker", timeout_epochs: 300, wal: nil)
  @image = image
  @workspace_root = File.expand_path(workspace_root)
  @runtime_command = runtime_command
  @timeout_epochs = timeout_epochs.to_i
  @wal = wal
  @digest_memo = :unset
  @runtime_checked = false
  @runtime_ok = false
end

Instance Method Details

#run(command:, manifest_id:, logical_stamp:) ⇒ `Hash`

Returns keys: :status, :exit_code, :stdout, :stderr, :image_digest.