From 705d4cbba9362ee30306afd1fdb5cb34022c218f Mon Sep 17 00:00:00 2001 From: Harry Date: Wed, 21 Jan 2026 00:37:38 +0800 Subject: [PATCH] feat(sandbox_provider): add default sandbox provider for CE --- .../initializer/dify_cli_initializer.py | 4 -- ...dd_default_docker_sandbox_system_config.py | 64 +++++++++++++++++++ .../sandbox/sandbox_provider_service.py | 6 +- 3 files changed, 69 insertions(+), 5 deletions(-) create mode 100644 api/migrations/versions/2026_01_21_0030-201d71cc4f34_add_default_docker_sandbox_system_config.py diff --git a/api/core/sandbox/initializer/dify_cli_initializer.py b/api/core/sandbox/initializer/dify_cli_initializer.py index 1e92047b4c..8150d2b38c 100644 --- a/api/core/sandbox/initializer/dify_cli_initializer.py +++ b/api/core/sandbox/initializer/dify_cli_initializer.py @@ -49,10 +49,6 @@ class DifyCliInitializer(SandboxInitializer): env.upload_file(DIFY_CLI_PATH, BytesIO(binary.path.read_bytes())) - pipeline(env).add( - ["chmod", "+x", DIFY_CLI_PATH], error_message="Failed to mark dify CLI as executable" - ).execute(raise_on_error=True) - logger.info("Dify CLI uploaded to sandbox, path=%s", DIFY_CLI_PATH) artifact = SkillManager.load_tool_artifact(self._tenant_id, self._app_id, self._assets_id) diff --git a/api/migrations/versions/2026_01_21_0030-201d71cc4f34_add_default_docker_sandbox_system_config.py b/api/migrations/versions/2026_01_21_0030-201d71cc4f34_add_default_docker_sandbox_system_config.py new file mode 100644 index 0000000000..e5aae446dc --- /dev/null +++ b/api/migrations/versions/2026_01_21_0030-201d71cc4f34_add_default_docker_sandbox_system_config.py @@ -0,0 +1,64 @@ +"""add_default_docker_sandbox_system_config + +Revision ID: 201d71cc4f34 +Revises: 45471e916693 +Create Date: 2026-01-21 00:30:01.908057 + +""" +from uuid import uuid4 + +from alembic import op +import models as models +import sqlalchemy as sa + + +# revision identifiers, used by Alembic. +revision = '201d71cc4f34' +down_revision = '45471e916693' +branch_labels = None +depends_on = None + + +def upgrade(): + # Import encryption utility + from core.tools.utils.system_encryption import encrypt_system_params + + # Define the default Docker configuration + docker_config = { + "docker_image": "langgenius/dify-agentbox:latest", + "docker_sock": "unix:///var/run/docker.sock" + } + + # Encrypt the configuration + encrypted_config = encrypt_system_params(docker_config) + + # Generate UUID for the record + record_id = str(uuid4()) + + # Insert the default Docker sandbox system config if it doesn't exist + op.execute( + sa.text( + """ + INSERT INTO sandbox_provider_system_config + (id, provider_type, encrypted_config, created_at, updated_at) + VALUES (:id, :provider_type, :encrypted_config, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP) + ON CONFLICT (provider_type) DO NOTHING + """ + ).bindparams( + id=record_id, + provider_type='docker', + encrypted_config=encrypted_config + ) + ) + + +def downgrade(): + # Delete the default Docker sandbox system config + op.execute( + sa.text( + """ + DELETE FROM sandbox_provider_system_config + WHERE provider_type = :provider_type + """ + ).bindparams(provider_type='docker') + ) diff --git a/api/services/sandbox/sandbox_provider_service.py b/api/services/sandbox/sandbox_provider_service.py index 69cb76fe81..56933f43f3 100644 --- a/api/services/sandbox/sandbox_provider_service.py +++ b/api/services/sandbox/sandbox_provider_service.py @@ -91,7 +91,9 @@ class SandboxProviderService: with Session(db.engine) as session: provider = _query_tenant_config(session, tenant_id, provider_type) - encrypter = _get_encrypter(tenant_id, provider_type) + encrypter, cache = create_sandbox_config_encrypter( + tenant_id, VMConfig.get_schema(SandboxType(provider_type)), provider_type + ) if not provider: provider = SandboxProvider( tenant_id=tenant_id, @@ -112,6 +114,8 @@ class SandboxProviderService: provider.is_active = activate or provider.is_active or cls.is_system_default_config(session, tenant_id) provider.configure_type = "user" session.commit() + + cache.delete() return {"result": "success"} @classmethod