1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
package executor
import (
"context"
"fmt"
"log/slog"
"os"
"os/exec"
"path/filepath"
"sync"
"syscall"
"github.com/thepeterstone/claudomator/internal/storage"
"github.com/thepeterstone/claudomator/internal/task"
)
// ContainerRunner executes an agent inside a container.
type ContainerRunner struct {
Image string // default image if not specified in task
Logger *slog.Logger
LogDir string
APIURL string
DropsDir string
SSHAuthSock string // optional path to host SSH agent
}
func (r *ContainerRunner) ExecLogDir(execID string) string {
if r.LogDir == "" {
return ""
}
return filepath.Join(r.LogDir, execID)
}
func (r *ContainerRunner) Run(ctx context.Context, t *task.Task, e *storage.Execution) error {
repoURL := t.RepositoryURL
if repoURL == "" {
// Fallback to project_dir if repository_url is not set (legacy support)
if t.Agent.ProjectDir != "" {
repoURL = t.Agent.ProjectDir
} else {
return fmt.Errorf("task %s has no repository_url or project_dir", t.ID)
}
}
image := t.Agent.ContainerImage
if image == "" {
image = r.Image
}
if image == "" {
image = "claudomator-agent:latest"
}
// 1. Setup workspace on host
workspace, err := os.MkdirTemp("", "claudomator-workspace-*")
if err != nil {
return fmt.Errorf("creating workspace: %w", err)
}
defer os.RemoveAll(workspace)
// 2. Clone repo into workspace
r.Logger.Info("cloning repository", "url", repoURL, "workspace", workspace)
if out, err := exec.CommandContext(ctx, "git", "clone", repoURL, workspace).CombinedOutput(); err != nil {
return fmt.Errorf("git clone failed: %w\n%s", err, string(out))
}
// 3. Prepare logs
logDir := r.ExecLogDir(e.ID)
if logDir == "" {
logDir = filepath.Join(workspace, ".claudomator-logs")
}
if err := os.MkdirAll(logDir, 0700); err != nil {
return fmt.Errorf("creating log dir: %w", err)
}
e.StdoutPath = filepath.Join(logDir, "stdout.log")
e.StderrPath = filepath.Join(logDir, "stderr.log")
e.ArtifactDir = logDir
stdoutFile, err := os.Create(e.StdoutPath)
if err != nil {
return fmt.Errorf("creating stdout log: %w", err)
}
defer stdoutFile.Close()
stderrFile, err := os.Create(e.StderrPath)
if err != nil {
return fmt.Errorf("creating stderr log: %w", err)
}
defer stderrFile.Close()
// 4. Run container
// Build docker command
args := []string{
"run", "--rm",
"-v", workspace + ":/workspace",
"-w", "/workspace",
"-e", "CLAUDOMATOR_API_URL=" + r.APIURL,
"-e", "CLAUDOMATOR_TASK_ID=" + e.TaskID,
"-e", "CLAUDOMATOR_DROP_DIR=" + r.DropsDir,
"-e", "ANTHROPIC_API_KEY=" + os.Getenv("ANTHROPIC_API_KEY"),
"-e", "GOOGLE_API_KEY=" + os.Getenv("GOOGLE_API_KEY"),
}
// Inject custom instructions as environment variable or via file
instructionsFile := filepath.Join(workspace, ".claudomator-instructions.txt")
if err := os.WriteFile(instructionsFile, []byte(t.Agent.Instructions), 0600); err != nil {
return fmt.Errorf("writing instructions: %w", err)
}
// Command to run inside container: we assume the image has 'claude' or 'gemini'
// and a wrapper script that reads CLAUDOMATOR_TASK_ID etc.
innerCmd := []string{"claude", "-p", t.Agent.Instructions, "--session-id", e.ID, "--output-format", "stream-json", "--verbose", "--permission-mode", "bypassPermissions"}
if t.Agent.Type == "gemini" {
innerCmd = []string{"gemini", "-p", t.Agent.Instructions} // simplified for now
}
args = append(args, image)
args = append(args, innerCmd...)
r.Logger.Info("starting container", "image", image, "taskID", t.ID)
cmd := exec.CommandContext(ctx, "docker", args...)
cmd.Stderr = stderrFile
cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
// Use os.Pipe for stdout so we can parse it in real-time
stdoutR, stdoutW, err := os.Pipe()
if err != nil {
return fmt.Errorf("creating stdout pipe: %w", err)
}
cmd.Stdout = stdoutW
if err := cmd.Start(); err != nil {
stdoutW.Close()
stdoutR.Close()
return fmt.Errorf("starting container: %w", err)
}
stdoutW.Close()
// Stream stdout to the log file and parse cost/errors.
var costUSD float64
var streamErr error
var wg sync.WaitGroup
wg.Add(1)
go func() {
defer wg.Done()
costUSD, streamErr = parseStream(stdoutR, stdoutFile, r.Logger)
stdoutR.Close()
}()
waitErr := cmd.Wait()
wg.Wait()
e.CostUSD = costUSD
// 5. Post-execution: push changes if successful
if waitErr == nil && streamErr == nil {
r.Logger.Info("pushing changes back to remote", "url", repoURL)
// We assume the sandbox has committed changes (the agent image should enforce this)
if out, err := exec.CommandContext(ctx, "git", "-C", workspace, "push", "origin", "HEAD").CombinedOutput(); err != nil {
r.Logger.Warn("git push failed", "error", err, "output", string(out))
// Don't fail the task just because push failed, but record it?
// Actually, user said: "they should only ever commit to their sandbox, and only ever push to an actual remote"
// So push failure is a task failure in this new model.
return fmt.Errorf("git push failed: %w\n%s", err, string(out))
}
}
if waitErr != nil {
return fmt.Errorf("container execution failed: %w", waitErr)
}
return nil
}
|
