Worker: interactive terminal WebSocket bridge (PTY in workspace container)
- attachTerminalServer() upgrades /jobs/:id/terminal WS connections, verifying a short-lived job-scoped HMAC token (verifyTerminalToken) so the browser never holds the worker secret - Bridges the socket to a bash PTY via dockerode exec (Tty) in a persistent per-job shell container (spoon-agent-term-<id>) mounting the workspace; binary frames = stdin, JSON text frames = resize; idle containers reaped after 30m - New env: SPOON_AGENT_TERMINAL_IMAGE/SECRET/IDLE_MS (secret falls back to the shared worker internal token)
This commit is contained in:
Gabriel Brown
@@ -37,6 +37,9 @@
|
||||
"SPOON_WORKER_TOKEN",
|
||||
"SPOON_AGENT_WORKER_ID",
|
||||
"SPOON_AGENT_JOB_IMAGE",
|
||||
"SPOON_AGENT_TERMINAL_IMAGE",
|
||||
"SPOON_AGENT_TERMINAL_SECRET",
|
||||
"SPOON_AGENT_TERMINAL_IDLE_MS",
|
||||
"SPOON_AGENT_RUNTIME",
|
||||
"SPOON_AGENT_CONTAINER_RUNTIME",
|
||||
"SPOON_AGENT_CONTAINER_VOLUME_OPTIONS",
|
||||
|
||||
Reference in New Issue
Block a user