kangwan/lobe-sandbox-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
51 Commits 1 Branch 0 Tags
54ce5dd23b69a26fbc611c9735c88c8bdba93e6d
Commit Graph

51 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
kang
54ce5dd23b auto-save 2026-04-19 23:19 (~1) 2026-04-19 23:19:13 +08:00
kang
00fe936342 auto-save 2026-04-19 23:13 (~2) 2026-04-19 23:13:45 +08:00
kang
8c7a8e1dc2 auto-save 2026-04-19 23:08 (~1) 2026-04-19 23:08:15 +08:00
kang
84d1d75140 auto-save 2026-04-19 23:02 (~1) 2026-04-19 23:02:46 +08:00
kang
ec2af8219c auto-save 2026-04-19 22:56 (~2) 2026-04-19 22:56:55 +08:00
kang
7d83838a2e auto-save 2026-04-19 22:51 (~2) 2026-04-19 22:51:12 +08:00
kang
81e2710b6f auto-save 2026-04-19 22:45 (~1) 2026-04-19 22:45:43 +08:00
kang
7adecd9338 auto-save 2026-04-19 22:40 (~1) 2026-04-19 22:40:14 +08:00
kang
39ee8083c7 feat(admin): Manus-style 管理台 — 文件树 + 活动时间线 + SSE 实时推送 
新增:
- src/events.ts: 工具调用事件总线(EventEmitter + 500 条 ring buffer)
- src/admin.ts: /admin/api/* 路由(users/files/file/events/start/stop)
- src/admin-ui.ts: 两张 HTML 页面
  - Dashboard: 所有用户卡片网格,状态彩色徽章
  - 单用户视图: 三栏(文件树|预览|时间线),SSE 实时
- src/index.ts: /admin/ 静态页 + 工具调用 emitEvent 埋点

部署:
- nginx: sandbox.milejoy.com → 127.0.0.1:8700(含 SSE 长连接 off buffer)
- certbot --expand 把 sandbox.milejoy.com 加到现有证书

访问: https://sandbox.milejoy.com/admin/?token=<ADMIN_TOKEN>
ADMIN_TOKEN 在 /etc/lobe-sandbox/orchestrator.env

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 22:38:58 +08:00
kang
cca158da1e auto-save 2026-04-19 22:34 (+2, ~2) 2026-04-19 22:34:43 +08:00
kang
119afa38ec auto-save 2026-04-19 22:29 (~1) 2026-04-19 22:29:14 +08:00
kang
76e1682ee2 auto-save 2026-04-19 22:23 (~1) 2026-04-19 22:23:47 +08:00
kang
9cbadc1130 auto-save 2026-04-19 22:18 (~1) 2026-04-19 22:18:18 +08:00
kang
9b7b9d7fce auto-save 2026-04-19 22:12 (~1) 2026-04-19 22:12:49 +08:00
kang
c524cfdb5e auto-save 2026-04-19 22:07 (~1) 2026-04-19 22:07:21 +08:00
kang
c96e9c9413 auto-save 2026-04-19 22:01 (~1) 2026-04-19 22:01:53 +08:00
kang
158faeb655 fix(sandbox): sanitize userId → container name(下划线→横杠) 
better-auth 生成的 user id 格式是 \`user_xxx\`(带下划线),
Incus 容器名规则只允许 [a-zA-Z0-9-],用下划线会报
"Invalid instance name: Name can only contain alphanumeric and hyphen characters"。

修法:containerName() 用 \`.replace(/[^a-zA-Z0-9-]/g, '-')\` 把所有非法字符替换。
影响:存量 17 个用户全部成功 provisioned 为 sb-user-xxx(横杠版)。

Phase 5 生产上线完成(2026-04-19):
- orchestrator 绑 0.0.0.0:8700 + iptables 放行 172.17/172.18 网段
- LobeChat .env 加 SANDBOX_BACKEND_URL=http://172.18.0.1:8700 + SECRET
- feat/self-hosted-sandbox 分支 push Gitea,VPS 上 docker build → lobechat-custom:sandbox
- 重 tag :latest 并 docker compose up -d --force-recreate lobe
- 17 个存量用户 backfill 沙箱全成功,池子占 3.7GB(CoW)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 21:59:10 +08:00
kang
68c233d898 auto-save 2026-04-19 21:56 (~1) 2026-04-19 21:56:24 +08:00
kang
52b574f1d6 auto-save 2026-04-19 21:50 (~1) 2026-04-19 21:50:54 +08:00
kang
750e13a4c0 auto-save 2026-04-19 21:45 (~1) 2026-04-19 21:45:26 +08:00
kang
5f6f07b9d6 fix(sandbox): 预建 venv + orchestrator 每次 exec 注入 VIRTUAL_ENV/PATH/HOME 
之前发现:LLM 写 \`uv pip install --system pandas\`(PEP 668 后的默认姿势),
sandbox 用户没权写 /usr/local/lib/python3.13,-system 失败。

修法:
- patch-venv.sh: 镜像里预建 /home/sandbox/.venv(chown 给 sandbox)
- incus.ts exec wrapper: 当 user=1000 时自动注入 VIRTUAL_ENV + PATH + HOME
- 其中 PATH 把 .venv/bin 放最前,保证 python3/pip/uv 都走 venv
- /etc/environment 不走 PAM 所以不生效(之前踩的坑),换到 --env flag

验证:pandas 场景(写 csv + read + describe/sum/mean)完全跑通。
镜像 fingerprint b5d1c8333c5a (502MiB)。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 21:40:10 +08:00
kang
98e8486bcf auto-save 2026-04-19 21:39 (+1, ~2) 2026-04-19 21:39:57 +08:00
kang
05dc59d745 auto-save 2026-04-19 21:34 (~1) 2026-04-19 21:34:28 +08:00
kang
9442547711 auto-save 2026-04-19 21:28 (~1) 2026-04-19 21:28:56 +08:00
kang
82167cc696 auto-save 2026-04-19 21:23 (~1) 2026-04-19 21:23:25 +08:00
kang
b1266ae706 auto-save 2026-04-19 21:17 (~1) 2026-04-19 21:17:56 +08:00
kang
7df50e0dc3 phase 5 prep: backfill-users.ts + deployment runbook in .memory 
- scripts/backfill-users.ts: 扫 PG users 表,对每人幂等调 orchestrator POST /users
- orchestrator/package.json: 加 postgres 依赖
- .memory/project.md: Phase 3/4 完成状态,Phase 5 上线 checklist

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 21:17:01 +08:00
kang
e7155b7001 auto-save 2026-04-19 21:12 (~1) 2026-04-19 21:12:27 +08:00
kang
ce8e22f77f orchestrator MVP: 13 工具跑通 + systemd + 部署脚本 
- src/{env,auth,state,incus,tools,export,reaper,index}.ts: Bun + Hono 服务
- deploy/sandbox-orchestrator.service: systemd unit
- scripts/deploy.sh: 一键部署(rsync + bun install + systemd reload)
- images/base/patch-uv.sh: 修 UV_INSTALL_DIR 环境变量错

端到端验证(VPS 跑通):
- POST /api/v1/users → incus init 容器
- executeCode python/js/ts → stdout/stderr/exitCode
- runCommand 同步执行(long-running 在 v2)
- read/write/list/edit/move/rename/grep/glob/search LocalFiles
- 30min 空闲自动 stop(reaper)
- exportFile 占位(MinIO S3 是内网,VPS 够不着,待后续对接)

状态: Phase 3 完成, Phase 4 LobeChat 接入待做。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 21:08:36 +08:00
kang
cbf8125afd auto-save 2026-04-19 21:06 (+6, ~4) 2026-04-19 21:06:57 +08:00
kang
1b8a216fbd auto-save 2026-04-19 21:01 (+3, ~2) 2026-04-19 21:01:27 +08:00
kang
eea42305fe auto-save 2026-04-19 20:15 (~1) 2026-04-19 20:27:26 +08:00
kang
867ca6fa5f auto-save 2026-04-19 18:14 (~1) 2026-04-19 18:14:39 +08:00
kang
8422736f6e auto-save 2026-04-19 16:10 (~1) 2026-04-19 16:11:14 +08:00
kang
a9c72d329d auto-save 2026-04-19 14:26 (~1) 2026-04-19 14:29:12 +08:00
kang
0a4482db7a auto-save 2026-04-19 13:49 (~1) 2026-04-19 13:49:47 +08:00
kang
c6ca9ff10a auto-save 2026-04-19 13:43 (~1) 2026-04-19 13:44:03 +08:00
kang
c90db7f676 auto-save 2026-04-19 13:38 (~1) 2026-04-19 13:38:34 +08:00
kang
8b26a2155a auto-save 2026-04-19 13:31 (+1, ~1) 2026-04-19 13:33:05 +08:00
kang
9f348be145 auto-save 2026-04-19 13:09 (~1) 2026-04-19 13:09:38 +08:00
kang
69ab3a332e auto-save 2026-04-19 12:15 (~1) 2026-04-19 12:26:31 +08:00
kang
16bf8fd387 auto-save 2026-04-19 07:10 (~1) 2026-04-19 07:27:54 +08:00
kang
d8258bdf50 auto-save 2026-04-19 02:33 (~1) 2026-04-19 02:52:01 +08:00
kang
33a84cac9e auto-save 2026-04-18 20:28 (~1) 2026-04-18 20:45:52 +08:00
kang
c7eb168233 auto-save 2026-04-18 16:23 (~1) 2026-04-18 16:23:47 +08:00
kang
6425480341 init: Lobe Sandbox Backend scaffold + host-init + base image build script 
- scripts/host-init.sh: 幂等宿主初始化(btrfs pool + project + profile + UFW/iptables 修复)
- images/base/build.sh: Debian13 base 镜像构建脚本
- .memory/project.md: 设计决策、坑点、进度记录

状态: Phase 1 完成, Phase 2 base 镜像构建被 SSH 断开中断,
sb-builder 已 stop 保留,续跑需改 systemd-run 抗 SSH 断开。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-18 16:21:37 +08:00
kang
e9cc9dfba4 auto-save 2026-04-18 16:18 (+1, ~1) 2026-04-18 16:18:17 +08:00
kang
380dc95476 auto-save 2026-04-18 16:12 (~1) 2026-04-18 16:12:48 +08:00
kang
ddafce554c auto-save 2026-04-18 16:07 (~1) 2026-04-18 16:07:18 +08:00
kang
4a5b0f24b5 auto-save 2026-04-18 16:01 (+2) 2026-04-18 16:01:50 +08:00