Compare commits
4 Commits
45d709f28e
...
52356ead6c
| Author | SHA1 | Date | |
|---|---|---|---|
|
52356ead6c
|
|||
|
ad9fc524d4
|
|||
|
af50909a89
|
|||
|
318d9ba1cd
|
+58
-53
@@ -5,7 +5,7 @@
|
|||||||
# sbx cp $HOME/.config/coyote/ testing:/home/agent/.config/
|
# sbx cp $HOME/.config/coyote/ testing:/home/agent/.config/
|
||||||
# sbx cp $HOME/.coyote_password testing:/home/agent/
|
# sbx cp $HOME/.coyote_password testing:/home/agent/
|
||||||
# sbx run testing --kit ./sbx-kit/
|
# sbx run testing --kit ./sbx-kit/
|
||||||
schemaVersion: "1"
|
schemaVersion: '1'
|
||||||
kind: agent
|
kind: agent
|
||||||
name: coyote
|
name: coyote
|
||||||
displayName: Coyote
|
displayName: Coyote
|
||||||
@@ -14,11 +14,10 @@ description: >
|
|||||||
CLI & REPL mode, RAG, AI tools & agents, MCP servers, skills, and macros.
|
CLI & REPL mode, RAG, AI tools & agents, MCP servers, skills, and macros.
|
||||||
|
|
||||||
agent:
|
agent:
|
||||||
image: "docker/sandbox-templates:shell-docker"
|
image: 'docker/sandbox-templates:shell-docker'
|
||||||
aiFilename: COYOTE.md
|
aiFilename: COYOTE.md
|
||||||
# persistence: persistent
|
|
||||||
entrypoint:
|
entrypoint:
|
||||||
run: ["bash", "-lc", "exec /home/agent/.cargo/bin/coyote"]
|
run: ['bash', '-lc', 'exec /home/agent/.cargo/bin/coyote']
|
||||||
|
|
||||||
network:
|
network:
|
||||||
# Proxy-managed LLM providers: the proxy substitutes `proxy-managed` for
|
# Proxy-managed LLM providers: the proxy substitutes `proxy-managed` for
|
||||||
@@ -51,96 +50,96 @@ network:
|
|||||||
serviceAuth:
|
serviceAuth:
|
||||||
openai:
|
openai:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
anthropic:
|
anthropic:
|
||||||
headerName: x-api-key
|
headerName: x-api-key
|
||||||
valueFormat: "%s"
|
valueFormat: '%s'
|
||||||
gemini:
|
gemini:
|
||||||
headerName: x-goog-api-key
|
headerName: x-goog-api-key
|
||||||
valueFormat: "%s"
|
valueFormat: '%s'
|
||||||
cohere:
|
cohere:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
groq:
|
groq:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
openrouter:
|
openrouter:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
ai21:
|
ai21:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
cloudflare:
|
cloudflare:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
deepinfra:
|
deepinfra:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
deepseek:
|
deepseek:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
mistral:
|
mistral:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
perplexity:
|
perplexity:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
voyageai:
|
voyageai:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
xai:
|
xai:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
jina:
|
jina:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
ernie:
|
ernie:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
hunyuan:
|
hunyuan:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
minimax:
|
minimax:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
moonshot:
|
moonshot:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
qianwen:
|
qianwen:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
zhipuai:
|
zhipuai:
|
||||||
headerName: Authorization
|
headerName: Authorization
|
||||||
valueFormat: "Bearer %s"
|
valueFormat: 'Bearer %s'
|
||||||
allowedDomains:
|
allowedDomains:
|
||||||
# Coyote release + self-update + model-registry sync
|
# Coyote release + self-update + model-registry sync
|
||||||
- "github.com:443"
|
- 'github.com:443'
|
||||||
- "api.github.com:443"
|
- 'api.github.com:443'
|
||||||
- "raw.githubusercontent.com:443"
|
- 'raw.githubusercontent.com:443'
|
||||||
- "objects.githubusercontent.com:443"
|
- 'objects.githubusercontent.com:443'
|
||||||
- "*.githubusercontent.com:443"
|
- '*.githubusercontent.com:443'
|
||||||
# Coyote install paths (cargo install + uv + rustup + Python tool deps at runtime)
|
# Coyote install paths (cargo install + uv + rustup + Python tool deps at runtime)
|
||||||
- "crates.io:443"
|
- 'crates.io:443'
|
||||||
- "static.crates.io:443"
|
- 'static.crates.io:443'
|
||||||
- "pypi.org:443"
|
- 'pypi.org:443'
|
||||||
- "files.pythonhosted.org:443"
|
- 'files.pythonhosted.org:443'
|
||||||
- "astral.sh:443"
|
- 'astral.sh:443'
|
||||||
- "sh.rustup.rs:443"
|
- 'sh.rustup.rs:443'
|
||||||
- "static.rust-lang.org:443"
|
- 'static.rust-lang.org:443'
|
||||||
|
|
||||||
# LLM model OAuth + API endpoints
|
# LLM model OAuth + API endpoints
|
||||||
- "claude.ai:443"
|
- 'claude.ai:443'
|
||||||
- "console.anthropic.com:443"
|
- 'console.anthropic.com:443'
|
||||||
- "accounts.google.com:443"
|
- 'accounts.google.com:443'
|
||||||
# *.googleapis.com covers oauth2 + userinfo + VertexAI regional endpoints
|
# *.googleapis.com covers oauth2 + userinfo + VertexAI regional endpoints
|
||||||
# (*-aiplatform.googleapis.com). Do not narrow without re-checking VertexAI.
|
# (*-aiplatform.googleapis.com). Do not narrow without re-checking VertexAI.
|
||||||
- "*.googleapis.com:443"
|
- '*.googleapis.com:443'
|
||||||
|
|
||||||
# Bedrock and GitHub Models use signed / GitHub-PAT auth that the proxy
|
# Bedrock and GitHub Models use signed / GitHub-PAT auth that the proxy
|
||||||
# cannot rewrite. Domains are allow-listed; credentials must be injected
|
# cannot rewrite. Domains are allow-listed; credentials must be injected
|
||||||
# separately (see README "Extending").
|
# separately (see README "Extending").
|
||||||
- "*.amazonaws.com:443"
|
- '*.amazonaws.com:443'
|
||||||
- "models.inference.ai.azure.com:443"
|
- 'models.inference.ai.azure.com:443'
|
||||||
|
|
||||||
credentials:
|
credentials:
|
||||||
sources:
|
sources:
|
||||||
@@ -211,8 +210,9 @@ credentials:
|
|||||||
|
|
||||||
environment:
|
environment:
|
||||||
variables:
|
variables:
|
||||||
IS_SANDBOX: "1"
|
IS_SANDBOX: '1'
|
||||||
COYOTE_LOG_LEVEL: INFO
|
COYOTE_LOG_LEVEL: INFO
|
||||||
|
COYOTE_CONFIG_DIR: /home/agent/.config/coyote
|
||||||
proxyManaged:
|
proxyManaged:
|
||||||
- OPENAI_API_KEY
|
- OPENAI_API_KEY
|
||||||
- ANTHROPIC_API_KEY
|
- ANTHROPIC_API_KEY
|
||||||
@@ -250,14 +250,14 @@ commands:
|
|||||||
libssl-dev \
|
libssl-dev \
|
||||||
pandoc \
|
pandoc \
|
||||||
bzip2
|
bzip2
|
||||||
user: "1000"
|
user: '1000'
|
||||||
description: Install system prerequisites (including pandoc for fetch_url_via_curl)
|
description: Install system prerequisites (including pandoc for fetch_url_via_curl)
|
||||||
- command: "curl -LsSf https://astral.sh/uv/install.sh | sh"
|
- command: 'curl -LsSf https://astral.sh/uv/install.sh | sh'
|
||||||
user: "1000"
|
user: '1000'
|
||||||
description: Install uv (required for Python-based custom tools)
|
description: Install uv (required for Python-based custom tools)
|
||||||
- command: |
|
- command: |
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
USQL_VERSION=$(curl -sSL https://api.github.com/repos/xo/usql/releases/latest | jq -r .tag_name | sed 's/^v//')
|
USQL_VERSION=0.21.4
|
||||||
ARCH=$(uname -m)
|
ARCH=$(uname -m)
|
||||||
case "$ARCH" in
|
case "$ARCH" in
|
||||||
x86_64) USQL_ARCH=amd64 ;;
|
x86_64) USQL_ARCH=amd64 ;;
|
||||||
@@ -266,10 +266,10 @@ commands:
|
|||||||
esac
|
esac
|
||||||
TMPDIR=$(mktemp -d)
|
TMPDIR=$(mktemp -d)
|
||||||
trap 'rm -rf "$TMPDIR"' EXIT
|
trap 'rm -rf "$TMPDIR"' EXIT
|
||||||
curl -sSL "https://github.com/xo/usql/releases/download/v${USQL_VERSION}/usql_static-${USQL_VERSION}-linux-${USQL_ARCH}.tar.bz2" -o "$TMPDIR/usql.tar.bz2"
|
curl -fsSL --retry 3 "https://github.com/xo/usql/releases/download/v${USQL_VERSION}/usql_static-${USQL_VERSION}-linux-${USQL_ARCH}.tar.bz2" -o "$TMPDIR/usql.tar.bz2"
|
||||||
tar -xjf "$TMPDIR/usql.tar.bz2" -C "$TMPDIR"
|
tar -xjf "$TMPDIR/usql.tar.bz2" -C "$TMPDIR"
|
||||||
sudo install -m 0755 "$TMPDIR/usql_static" /usr/local/bin/usql
|
sudo install -m 0755 "$TMPDIR/usql_static" /usr/local/bin/usql
|
||||||
user: "1000"
|
user: '1000'
|
||||||
description: Install the usql universal SQL CLI (used by the built-in sql agent and execute_sql_code tool)
|
description: Install the usql universal SQL CLI (used by the built-in sql agent and execute_sql_code tool)
|
||||||
- command: |
|
- command: |
|
||||||
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
|
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
|
||||||
@@ -279,12 +279,17 @@ commands:
|
|||||||
--target x86_64-unknown-linux-musl
|
--target x86_64-unknown-linux-musl
|
||||||
. "$HOME/.cargo/env"
|
. "$HOME/.cargo/env"
|
||||||
cargo install --locked coyote-ai
|
cargo install --locked coyote-ai
|
||||||
user: "1000"
|
user: '1000'
|
||||||
description: Install Coyote AI CLI via Rust's Cargo
|
description: Install Coyote AI CLI via Rust's Cargo
|
||||||
|
|
||||||
startup:
|
startup:
|
||||||
- command: ["sh", "-c", "test -f \"$HOME/.config/coyote/config.yaml\" || coyote --info >/dev/null 2>&1 || true"]
|
- command:
|
||||||
user: "1000"
|
[
|
||||||
|
'sh',
|
||||||
|
'-c',
|
||||||
|
'test -f "$HOME/.config/coyote/config.yaml" || coyote --info >/dev/null 2>&1 || true',
|
||||||
|
]
|
||||||
|
user: '1000'
|
||||||
background: false
|
background: false
|
||||||
description: Bootstrap Coyote config directory on first sandbox start
|
description: Bootstrap Coyote config directory on first sandbox start
|
||||||
|
|
||||||
|
|||||||
+26
-3
@@ -356,9 +356,9 @@ fn build_create_args(
|
|||||||
args.push(mixin_str);
|
args.push(mixin_str);
|
||||||
}
|
}
|
||||||
|
|
||||||
args.push(SANDBOX_AGENT.to_string());
|
|
||||||
args.push("--name".to_string());
|
args.push("--name".to_string());
|
||||||
args.push(name.to_string());
|
args.push(name.to_string());
|
||||||
|
args.push(SANDBOX_AGENT.to_string());
|
||||||
args.push(".".to_string());
|
args.push(".".to_string());
|
||||||
|
|
||||||
Ok(args)
|
Ok(args)
|
||||||
@@ -373,6 +373,7 @@ fn copy_host_files(name: &str) -> Result<()> {
|
|||||||
let src = format!("{}/", config_dir.display());
|
let src = format!("{}/", config_dir.display());
|
||||||
let dest = format!("{name}:/home/agent/.config/");
|
let dest = format!("{name}:/home/agent/.config/");
|
||||||
sbx_cp(&src, &dest)?;
|
sbx_cp(&src, &dest)?;
|
||||||
|
chown_agent_recursive(name, "/home/agent/.config")?;
|
||||||
} else {
|
} else {
|
||||||
debug!(
|
debug!(
|
||||||
"Skipping config copy: {} does not exist",
|
"Skipping config copy: {} does not exist",
|
||||||
@@ -390,6 +391,7 @@ fn copy_host_files(name: &str) -> Result<()> {
|
|||||||
}
|
}
|
||||||
let dest = format!("{name}:{dest_path}");
|
let dest = format!("{name}:{dest_path}");
|
||||||
sbx_cp(&password_file.display().to_string(), &dest)?;
|
sbx_cp(&password_file.display().to_string(), &dest)?;
|
||||||
|
chown_agent_recursive(name, &dest_path)?;
|
||||||
}
|
}
|
||||||
Some(password_file) => {
|
Some(password_file) => {
|
||||||
debug!(
|
debug!(
|
||||||
@@ -520,6 +522,27 @@ fn exec_run(name: &str, kit_path: &Path) -> Result<()> {
|
|||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn chown_agent_recursive(sandbox: &str, path: &str) -> Result<()> {
|
||||||
|
let path_q = shell_words::quote(path);
|
||||||
|
let cmd = format!("sudo chown -R agent:agent {path_q}");
|
||||||
|
|
||||||
|
debug!("sbx exec {sandbox}: {cmd}");
|
||||||
|
|
||||||
|
let status = Command::new(SBX_BINARY)
|
||||||
|
.args(["exec", sandbox, "sh", "-c", &cmd])
|
||||||
|
.stdin(Stdio::inherit())
|
||||||
|
.stdout(Stdio::inherit())
|
||||||
|
.stderr(Stdio::inherit())
|
||||||
|
.status()
|
||||||
|
.context("Failed to spawn `sbx exec` to chown copied files")?;
|
||||||
|
|
||||||
|
if !status.success() {
|
||||||
|
bail!("Chowning '{path}' in sandbox failed: sbx exec exited with {status}");
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::*;
|
use super::*;
|
||||||
@@ -627,9 +650,9 @@ mod tests {
|
|||||||
dir_a.display().to_string(),
|
dir_a.display().to_string(),
|
||||||
"--kit".to_string(),
|
"--kit".to_string(),
|
||||||
dir_b.display().to_string(),
|
dir_b.display().to_string(),
|
||||||
"coyote".to_string(),
|
|
||||||
"--name".to_string(),
|
"--name".to_string(),
|
||||||
"my-box".to_string(),
|
"my-box".to_string(),
|
||||||
|
"coyote".to_string(),
|
||||||
".".to_string(),
|
".".to_string(),
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
@@ -648,9 +671,9 @@ mod tests {
|
|||||||
"create".to_string(),
|
"create".to_string(),
|
||||||
"--kit".to_string(),
|
"--kit".to_string(),
|
||||||
"/cache/sbx-kit".to_string(),
|
"/cache/sbx-kit".to_string(),
|
||||||
"coyote".to_string(),
|
|
||||||
"--name".to_string(),
|
"--name".to_string(),
|
||||||
"box".to_string(),
|
"box".to_string(),
|
||||||
|
"coyote".to_string(),
|
||||||
".".to_string(),
|
".".to_string(),
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|||||||
Reference in New Issue
Block a user