gib/spoon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Worker: interactive terminal WebSocket bridge (PTY in workspace container)

Browse Source 
- attachTerminalServer() upgrades /jobs/:id/terminal WS connections, verifying a
  short-lived job-scoped HMAC token (verifyTerminalToken) so the browser never
  holds the worker secret
- Bridges the socket to a bash PTY via dockerode exec (Tty) in a persistent
  per-job shell container (spoon-agent-term-<id>) mounting the workspace; binary
  frames = stdin, JSON text frames = resize; idle containers reaped after 30m
- New env: SPOON_AGENT_TERMINAL_IMAGE/SECRET/IDLE_MS (secret falls back to the
  shared worker internal token)
This commit is contained in:
Gabriel Brown
2026-06-24 08:16:39 -04:00
parent 1072cf10cd
commit c1263b2e69
10 changed files with 388 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/agent-worker/package.json
+4
View File
@@ -19,14 +19,18 @@
"@octokit/rest": "^22.0.1",
"@opencode-ai/sdk": "latest",
"convex": "catalog:convex",
"dockerode": "^4.0.7",
"execa": "latest",
"ws": "catalog:",
"zod": "catalog:"
},
"devDependencies": {
"@spoon/eslint-config": "workspace:*",
"@spoon/prettier-config": "workspace:*",
"@spoon/tsconfig": "workspace:*",
"@types/dockerode": "^3.3.42",
"@types/node": "catalog:",
"@types/ws": "^8.18.1",
"eslint": "catalog:",
"prettier": "catalog:",
"typescript": "catalog:",