blueprint icon indicating copy to clipboard operation
blueprint copied to clipboard
Published 1 month ago โ€ข verified publisher icon tangle-network

[TASK] Blueprint for compiling blueprints in docker

Open drewstone opened this issue 8 months ago โ€ข 2 comments

Overview

Adding a spec below.

The Blueprint Agent interface will want to remotely host docker containers for compiling code.

drewstone avatar Apr 21 '25 16:04 drewstone

๐Ÿง  One-Shot Prompt: Build a Tangle Blueprint for Streaming Remote Rust Builds with P2P WebSocket Output

Design and implement a Tangle Blueprint that compiles full Rust projects submitted by users, and streams build logs and results over WebSocket to the original requestor. The build is executed in an isolated environment and should support full project structures (including workspaces).

The connection to the user is established via P2P session identity, allowing bidirectional communication for logs, result signaling, and future extensibility (e.g., test results, code audit feedback, etc.).

๐Ÿ—๏ธ Project Structure

rust-build-agent/
โ”œโ”€โ”€ rust-build-agent-bin/
โ”‚   โ”œโ”€โ”€ src/
โ”‚   โ”‚   โ””โ”€โ”€ main.rs                     # BlueprintRunner, job router, P2P setup
โ”‚   โ””โ”€โ”€ Cargo.toml
โ”œโ”€โ”€ rust-build-agent-lib/
โ”‚   โ”œโ”€โ”€ src/
โ”‚   โ”‚   โ”œโ”€โ”€ lib.rs
โ”‚   โ”‚   โ”œโ”€โ”€ context.rs
โ”‚   โ”‚   โ”œโ”€โ”€ jobs/
โ”‚   โ”‚   โ”‚   โ”œโ”€โ”€ compile_project.rs     # Main job handler
โ”‚   โ”‚   โ”‚   โ”œโ”€โ”€ test_project.rs        # (Optional) runs `cargo test`
โ”‚   โ”‚   โ”‚   โ””โ”€โ”€ lint_project.rs        # (Optional) runs `cargo clippy`
โ”‚   โ”‚   โ”œโ”€โ”€ network/
โ”‚   โ”‚   โ”‚   โ”œโ”€โ”€ websocket_dispatcher.rs
โ”‚   โ”‚   โ”‚   โ”œโ”€โ”€ peer_session.rs
โ”‚   โ”‚   โ”‚   โ””โ”€โ”€ identity.rs
โ”‚   โ”‚   โ””โ”€โ”€ utils/
โ”‚   โ”‚       โ”œโ”€โ”€ sandbox.rs             # Tempdir, process isolation, CPU/mem caps
โ”‚   โ”‚       โ”œโ”€โ”€ zip.rs                 # For unpacking project sources
โ”‚   โ”‚       โ””โ”€โ”€ stream.rs              # Line-by-line stdout streaming
โ”‚   โ””โ”€โ”€ tests/
โ”‚       โ””โ”€โ”€ compile_fixture.rs
โ”œโ”€โ”€ contracts/
โ”‚   โ””โ”€โ”€ BuildAgentServiceManager.sol   # (Optional) enforces job input format/payment

๐Ÿ”ฉ Blueprint Job: compile_rust_project (JOB_ID_COMPILE)

Inputs (TangleArgs3)

TangleArgs3<
  String,         // zip_uri: HTTPS or IPFS URI to zipped Rust project
  String,         // session_id: UUID string tied to P2P/WebSocket stream
  Optional<String> // build_target (e.g. "release", "check", "clippy")
>

Execution

  1. Download and unzip project archive

  2. Validate it's a valid Rust crate or workspace

  3. Spawn cargo build process in tempdir with resource caps

  4. For each line of output from stderr/stdout, send WebSocket message to session ID

  5. On success or error:

    • Emit final message { "status": "success" | "error", "duration_ms": 1345 }

    • Include truncated binary hash if successful (sha256sum target/release/*)

WebSocket Message Format

{
  "session_id": "abc123-session",
  "type": "log",
  "line": "Compiling xyz v0.1.0 (/app/xyz)"
}

Final message:

{
  "session_id": "abc123-session",
  "type": "end",
  "status": "success",
  "duration_ms": 1420,
  "binary_hash": "6a1e...f3"
}

๐ŸŒ WebSocket Transport via Peer Identity

  • Each job includes a session_id linked to a P2P/WebSocket stream

  • Operator uses RoundBasedNetworkAdapter or libp2p directly to forward messages to client

  • Client must already have subscribed via browser/websocket relay infra to session_id

  • Operator sends stream:

    • stdout and stderr as they happen

    • end event with final result

    • error event if build panics

๐Ÿƒ Optional Additional Jobs

Job ID Name Description
1 test_project Run cargo test, stream results
2 lint_project Run cargo clippy or fmt
3 audit_project Run cargo audit, report vulnerabilities
4 check_project Run cargo check for syntax validation

Each job shares same pattern:

  • Accept zip URI and session ID

  • Stream output in real time

  • Enforce build time/memory quota

๐Ÿ›ก๏ธ Isolation & Sandboxing

Use tokio::process::Command with:

  • tempdir crate for file isolation

  • Resource limits:

    • ulimit for memory and CPU

    • Optional firejail, nsjail, or Docker-lite env for extra security

  • Auto-cleanup after job completes

๐Ÿงช Testing Strategy

Include integration test that:

  • Submits a known valid zip_uri

  • Spins up a mock WebSocket client for session_id

  • Asserts:

    • stdout lines are streamed

    • Compilation completes

    • Final success event sent

  • Include one test with failing crate (invalid Rust)

๐Ÿง  Completion Criteria

This blueprint is complete when:

  • It downloads, unpacks, and compiles Rust code from a zip

  • It streams logs live over session-specific P2P/WebSocket

  • It sends a final event with success/failure and duration

  • Optional jobs are structured and modular

  • It is safe, isolated, concurrent, and resilient

Build time must be as fast as possible:

  • Use release target only if requested

  • Cache toolchains if sandbox allows

  • Consider parallel job queue for multiple requests

This is a full remote Rust CI agent for the Tangle ecosystem.

drewstone avatar Apr 21 '25 16:04 drewstone

  • Each instance is a docker container
  • Code lives there and you can edit it remotely (Github codespaces, etc.)

drewstone avatar Apr 21 '25 16:04 drewstone