Feat/sandbox mcp

.dockerignore

@@ -1,3 +1,4 @@
 frontend/node_modules
 workspace/
 .env
+.venv

docker/nginx/Dockerfile

@@ -0,0 +1,11 @@
+FROM nginx:alpine
+
+COPY docker/nginx/nginx.conf.template /etc/nginx/conf.d/default.conf.template
+COPY docker/nginx/docker-entrypoint.sh /docker-entrypoint.sh
+
+# Make entrypoint executable
+RUN chmod +x /docker-entrypoint.sh
+
+EXPOSE 80
+
+ENTRYPOINT ["/docker-entrypoint.sh"]

docker/nginx/docker-entrypoint.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# Substitute environment variables in template
+echo "Substituting environment variables in template"
+echo "PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}"
+export ESCAPED_PUBLIC_DOMAIN=$(echo "${PUBLIC_DOMAIN}" | sed 's/\./\\./g')
+echo "ESCAPED_PUBLIC_DOMAIN: ${ESCAPED_PUBLIC_DOMAIN}"
+envsubst '${PUBLIC_DOMAIN} ${ESCAPED_PUBLIC_DOMAIN} ' </etc/nginx/conf.d/default.conf.template >/etc/nginx/conf.d/default.conf
+
+# Show the generated config for debugging
+echo "Generated nginx config:"
+cat /etc/nginx/conf.d/default.conf
+
+# Test nginx configuration
+exec nginx -g 'daemon off;'

docker/nginx/nginx.conf.template

@@ -0,0 +1,67 @@
+# Nginx configuration for Docker container subdomain reverse proxy
+# Place this in /etc/nginx/sites-available/ and symlink to sites-enabled/
+server {
+    listen 80;
+    listen [::]:80;
+    server_name server_name *.${PUBLIC_DOMAIN};
+
+    # Configure Docker's internal DNS resolver
+    resolver 127.0.0.11 valid=30s;
+
+    # Extract containerId and port from subdomain (format: containerId-port.domain.com)
+    if ($host ~* ^(.+)-([0-9]+)\.${ESCAPED_PUBLIC_DOMAIN}$) {
+        set $container_id $1;
+        set $container_port $2;
+    }
+
+    # Return 404 if subdomain doesn't match the expected format
+    if ($container_id = "") {
+        return 404;
+    }
+
+    location / {
+        # Use a variable to force runtime DNS resolution
+        set $upstream http://$container_id:$container_port;
+
+        # Proxy to Docker container at containerId:port
+        proxy_pass $upstream;
+
+        # Standard proxy headers
+        proxy_set_header Host $host;
+        proxy_set_header Origin http://$host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+
+        # WebSocket support - These headers enable WebSocket proxying
+        proxy_http_version 1.1;                    # Required for WebSocket
+        proxy_set_header Upgrade $http_upgrade;    # Pass through WebSocket upgrade header
+        proxy_set_header Connection "upgrade";     # Set connection to upgrade for WebSocket
+
+        # Timeouts
+        proxy_connect_timeout 600s;
+        proxy_send_timeout 600s;
+        proxy_read_timeout 600s;
+
+        client_max_body_size 100M;
+
+        # Buffer settings for better performance
+        proxy_buffering on;
+        proxy_buffer_size 4k;
+        proxy_buffers 8 4k;
+
+        # Handle redirects properly
+        proxy_redirect off;
+
+        # Handle connection errors gracefully
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+    }
+
+    # Health check endpoint (optional)
+    location /health {
+        access_log off;
+        return 200 "healthy\n";
+        add_header Content-Type text/plain;
+    }
+}

docker/sandbox/Dockerfile

@@ -0,0 +1,56 @@
+FROM nikolaik/python-nodejs:python3.10-nodejs20-slim
+
+# Set environment variables
+ENV NODE_OPTIONS="--max-old-space-size=4096"
+
+RUN mkdir -p /app/ii_agent
+
+# Install the project into `/app`
+WORKDIR /app/ii_agent
+
+# Enable bytecode compilation
+ENV UV_COMPILE_BYTECODE=1
+
+# Copy from the cache instead of linking since it's a mounted volume
+ENV UV_LINK_MODE=copy
+
+RUN apt-get update && apt-get install -y \
+    build-essential \
+    procps \
+    lsof \
+    git \
+    tmux \
+    bc \
+    net-tools \
+    unzip
+
+
+# Copy dependency files first for better layer caching
+COPY uv.lock pyproject.toml /app/ii_agent/
+
+# Install the project's dependencies using the lockfile and settings
+RUN --mount=type=cache,target=/root/.cache/uv \
+    --mount=type=bind,source=uv.lock,target=uv.lock \
+    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
+    uv sync --locked --prerelease=allow --no-install-project --no-dev
+
+COPY . /app/ii_agent
+RUN --mount=type=cache,target=/root/.cache/uv \
+    uv sync --locked --prerelease=allow --no-dev
+
+ENV PATH="/app/ii_agent/.venv/bin:$PATH"
+
+RUN curl -fsSL https://bun.sh/install | bash
+RUN curl -fsSL https://code-server.dev/install.sh | sh
+
+RUN npm install -g vercel
+
+RUN mkdir /workspace
+
+WORKDIR /workspace
+
+# Create a startup script to run both services
+COPY docker/sandbox/start-services.sh /app/start-services.sh
+RUN chmod +x /app/start-services.sh
+
+CMD ["/app/start-services.sh"]

docker/sandbox/start-services.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# Create workspace directory if it doesn't exist
+mkdir -p /workspace
+
+# Start the sandbox server in the background
+echo "Starting sandbox server on port 17300..."
+python /app/ii_agent/src/ii_tool/mcp/server.py --port 17300 --workspace_dir /workspace --session_id system_shell &
+
+# Start code-server in the background
+echo "Starting code-server on port 9000..."
+code-server \
+  --port 9000 \
+  --auth none \
+  --bind-addr 0.0.0.0:9000 \
+  --disable-telemetry \
+  --disable-update-check \
+  --trusted-origins * \
+  --disable-workspace-trust \
+  /workspace &
+
+# Wait for both processes to start
+sleep 3
+
+# Check if processes are running
+echo "Checking if services are running..."
+if pgrep -f "server.py" >/dev/null; then
+  echo "✓ Sandbox server is running"
+else
+  echo "✗ Sandbox server failed to start"
+fi
+
+if pgrep -f "code-server" >/dev/null; then
+  echo "✓ Code-server is running"
+else
+  echo "✗ Code-server failed to start"
+fi
+
+echo "Services started. Container ready."
+echo "Sandbox server available on port 17300"
+echo "Code-server available on port 9000"
+
+# Keep the container running by waiting for all background processes
+wait

pyproject.toml

@@ -10,7 +10,6 @@ requires-python = ">=3.10"
 dependencies = [
     "anthropic[vertex]>=0.50.0",
     "dataclasses-json>=0.6.7",
-    "duckduckgo-search>=8.0.1",
     "fastapi>=0.115.12",
     "google-cloud-aiplatform>=1.90.0",
     "google-genai>=1.14.0",
@@ -33,14 +32,21 @@ dependencies = [
     "pytest>=8.3.5",
     "python-dotenv>=1.1.0",
     "python-pptx>=1.0.2",
-    "rich==13.7.1",
+    "rich>=13.7.1",
     "speechrecognition>=3.14.2",
     "tavily-python>=0.7.2",
     "tenacity>=9.1.2",
     "termcolor>=3.0.1",
     "uvicorn[standard]>=0.29.0,<0.30.0",
     "youtube-transcript-api>=1.0.3",
     "alembic>=1.16.1",
+    "fastmcp>=2.2.0",
+    "pre-commit>=4.2.0",
+    "e2b-code-interpreter==1.2.0b5",
+    "libtmux>=0.46.2",
+    "ipdb>=0.13.13",
+    "docker>=7.1.0",
+    "ddgs>=9.4.3",
 ]
 
 [project.optional-dependencies]