i$LdZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZmZmZmZejeZe dz Zdefd Zdefd Zdefd Zd eddfd ZdefdZdefdZejZddededefdZ GddeZ!dS)aSingularity/Apptainer persistent container environment. Security-hardened with --containall, --no-home, capability dropping. Supports configurable resource limits and optional filesystem persistence via writable overlay directories that survive across sessions. N)Path)Optional)get_hermes_home)BaseEnvironment_load_json_store _popen_bash_save_json_storezsingularity_snapshots.jsonreturncxtjdrdStjdrdStd)z/Locate the apptainer or singularity CLI binary. apptainer singularityzNeither 'apptainer' nor 'singularity' was found in PATH. Install Apptainer (https://apptainer.org/docs/admin/main/installation.html) or Singularity and ensure the CLI is available.)shutilwhich RuntimeErrorC/home/ubuntu/.hermes/hermes-agent/tools/environments/singularity.py_find_singularity_executablersG |K  { |M""}  :  rcpt} tj|dgddd}nB#t$rt d|dtj$rt d|dwxYw|jd kr>|jd d }t d|d |jd ||S)z?Preflight check: resolve the executable and verify it responds.versionT capture_outputtexttimeoutz"Singularity backend selected but 'z' could not be executed.'z version' timed out.rNz version' failed (exit code z): ) r subprocessrunFileNotFoundErrorrTimeoutExpired returncodestderrstrip)exeresultr#s r_ensure_singularity_availabler'+s & ( (C : ) Tb        N N N N     $:::8s888999:A$$&&tt,^s^^@Q^^V\^^___ Js +?A*c*ttSN)r_SNAPSHOT_STORErrr_load_snapshotsr+?s O , ,,rdatac0tt|dSr))r r*)r,s r_save_snapshotsr.Cs_d+++++rctjd}|r(t|}|dd|Sddlm}|dz }td}|rntj|tjrO|tjdd z d z }|ddt d ||S|dd|S) NTERMINAL_SCRATCH_DIRTparentsexist_okr)get_sandbox_dirr z/scratchUSERhermesz hermes-agentz Using /scratch for sandboxes: %s) osgetenvrmkdirtools.environments.baser4existsaccessW_OKloggerinfo)custom_scratch scratch_pathr4sandboxscratch user_scratchs r_get_scratch_dirrEGsY566NN++ 4$777777777o-/G:G~~BIgrw7768!r?r9r7environcopyrrr"warningr#r!unlink Exception) rKrL image_namerHsif_pathtmp_dirrUr&es r_get_or_build_sifrdks ~~f$u++"4"4"6"6   K ( ( {B//77SAAII#sSSJ(**Ij....H8}} !! ??   !x==!!!!!!!!  <=== NE*** NH---e# dT 222joo"%g,, $' NN ! ^Wc(mmU;#$F A%%PQQQ}fmDSD.ABBB/!!!!!!!!0 KK6 7 7 7x==3!!!!!!!!4(    NNO P P P   "!!!LL=!!!!!!!!>    NNOQR S S SLLLLLC!!!!!!!!> ?!!!!!!!!!!sW#L>B.L-A8I'2(I''AL:L LK?-L.L?LLL L ceZdZdZ ddeded ed ed ed ed edeffd ZdZ dddddeded ededzde j f dZ dZ xZS)SingularityEnvironmentaHardened Singularity/Apptainer container with resource limits and persistence. Spawn-per-call: every execute() spawns a fresh ``apptainer exec ... bash -c`` process. Session snapshot preserves env vars across calls. CWD persists via in-band stdout markers. ~<rFdefaultrKcwdrcpumemorydiskpersistent_filesystemtask_idc Lt||t|_t ||j|_dt jjdd|_ d|_ ||_ ||_ d|_ ||_||_|j rQt!dz } | dd| d|z |_ |j dd||dS) N)rjrhermes_ Fzhermes-overlaysTr1zoverlay-)super__init__r'rLrdrKuuiduuid4hex instance_id_instance_started _persistent_task_id _overlay_dir_cpu_memoryrEr9_start_instance init_session) selfrKrjrrkrlrmrnro overlay_base __class__s rrtzSingularityEnvironment.__init__s# S'222799&udo>> debugr~r}rKrxrrr"rr#ryr?r!)rcmdrr mount_entry skills_mountrcr&s rrz&SingularityEnvironment._start_instances G4 NK0111   + 1 + JJ S):%;%;< = = = = JJ) * * * X e e e e e e e e99;; i i  H[)A&f&fKP`Da&f&f&fghhhh : : < < k k  Hk)B&h&h\RbEc&h&h&hijjjj k X X X LLSUV W W W W W W W W X r?r_r]rzr|r+rYr{r.)rrc snapshotss rcleanupzSingularityEnvironment.cleanups  ! + b_j&$:JK#'dB =t?OPPPP b b bKTM]_`aaaaaaaa b%*D "   ' 1 ''))I'*4+<'='=Idm $ I & & & & & ' ' ' 'sAA B!BB)rgrhrrrFri)__name__ __module__ __qualname____doc__rYintfloatboolrtrrPopenrr __classcell__)rs@rrfrfs'&+       $>!;!;!;F;@!$+/,,,C,4,,!Dj,4>4D,,,, '''''''rrf)r )"rloggingr7rr threadingrupathlibrtypingrhermes_constantsrr:rrrr getLoggerrr>r*rYrr'dictr+r.rErJLockrZrdrfrrrrs   ,,,,,,  8 $ $!/##&BB c    s(-----,$,4,,,,$* $    !).""..S.c.C....bj'j'j'j'j'_j'j'j'j'j'r