langchain
langchain copied to clipboard
langchain-ai
wip: docker wrapper and tool generator - run untrusted code
WIP docker wrapper utility for untrusted code execution.
TODO:
- [ ] Docker utility wrapper
- [x] drop networking capabilities by default
- [x] poc: send payload to container's stdin through socket notes: a bit hacky there is no way to know when stdout is ready but seems working.
- [ ] poc: send payload to container's stdin with subprocess pipe
- [ ] send payload to container via filesystem or API put method.
- [x] Spawn new container for query
- [x] Attach to running container's stdin and send command
- [x] Use gVisor runtime and add warning if not available
- [x] docker image template helper
- [ ] LLMChain with docker run/exec context
- [ ] Documentation
- [x] networking
- [ ] sending queries to arbitrary containers/images
- [ ] create custom image templates
- [ ] Docker tool generator
- [ ] Testing
- [x] Skippable docker tests if docket not available
- [x] Default to using gVisor runtime if available.
- [x] Auto pull images from docker hub.
Examples
- notebook ``
quick update: I implemented sending the query to the container through docker API's socket. This allows to truly send arbitrary commands and fully simulates sending input through a TTY. The output is also read through the socket and separate in to stdin and stderr.
This was necessary as sending commands using the basic run and exec_run docker does not allow to send complex multiline input and only allows for simple one line scripts. In the example notebook small bash script over multiple lines is sent to a spawned container.
An other option would've been to use subprocess and call docker exec with pipe redirection. If the socket solution is too hacky I will fallback to this option.