This project creates a sandboxed environment with a Flask server running inside a Docker container. The server allows you to execute commands and interact with files in a controlled environment.
Run the following command to build the latest sandbox server API Docker image:
docker build -t sandbox_server sandbox_server
docker build -t sandbox_server:nightly sandbox_server # nightlyRun the following command to build the Nginx router Docker image:
docker build -t terminal terminal
docker build -t terminal:nightly terminal # nightlyRun the following command to build the PostreSQL Docker image:
docker build -t hermesdb database
docker build -t hermesdb:nightly database # nightly- Create a shared network:
docker network create sandbox-net
- Start the python sandbox server in this network, and mount any desired folder to /sandbox (below example mounts this project root):
docker run --rm -d --network sandbox-net --name sandbox -v %CD%/../../:/sandbox --env-file .env sandbox_server:latest docker run --rm -d --network sandbox-net --name sandbox -v %CD%/../../:/sandbox --env-file .env sandbox_server:nightly # nightly - Start the Nginx router in this network, exposing port 80:
docker run --rm -d --network sandbox-net --name sandbox-router -p 80:80 terminal:latest docker run --rm -d --network sandbox-net --name sandbox-router -p 80:80 terminal:nightly # nightly
Rollback
docker run --rm -d --network sandbox-net --name sandbox -v %CD%/../../:/sandbox --env-file .env hermesai-backend:rollback
docker run --rm -d --network sandbox-net --name sandbox-router -p 80:80 hermesai-router:rollback
cloudflared tunnel run hermesai
Build the nightly sandbox_server image, kill the sandbox, wait, start the nightly container:
docker build -t sandbox_server:nightly sandbox_server && docker kill sandbox && sleep 3 && docker run --rm -d --network sandbox-net --name sandbox -v %CD%/../../:/sandbox --env-file .env sandbox_server:nightlySame for the nginx router & UI assets:
cd ../dropcode-client && npm run build && cd ../../ && cp -R assets apps/execution-sandbox/terminal/html/ && cp apps/execution-sandbox/terminal/html/assets/favicon.ico apps/execution-sandbox/terminal/html/ && cd apps/execution-sandbox && docker build -t terminal:nightly terminal && docker kill sandbox-router && sleep 3 && docker run --rm -d --network sandbox-net --name sandbox-router -p 80:80 terminal:nightlyExpose your local Nginx server via a Cloudflare Tunnel. Make sure you have a Cloudflare account and a domain managed by Cloudflare.
-
Install
cloudflaredand log in:cloudflared login
This will open a browser window to authenticate with Cloudflare and save your credentials locally.
-
Create a new tunnel:
cloudflared tunnel create hermesai
This will generate a credentials JSON file in your
.cloudflareddirectory. Keep this file secret. -
Route the tunnel to your domain:
cloudflared tunnel route dns dropcode-tunnel <your-domain>
If the DNS record already exists, you may need to delete or update it manually in the Cloudflare dashboard.
-
Create a
config.ymlfile in your.cloudflareddirectory:tunnel: dropcode-tunnel ingress: - hostname: <your-domain> service: http://sandbox-router:80 - service: http_status:404
-
Run the tunnel:
cloudflared tunnel run hermesai
Now your sandbox is accessible through your public domain secured by Cloudflare Tunnel.
from monorepo root: docker compose build and docker compose up -> view http://localhost:80
File sync to Docker Droplet: (temp til we have image repo based deployments):
from the monorepo root:
wsl -d Ubuntu
rsync -vhra ./docker-compose.yml root@DROPLET_IP:/app/docker-compose.ymlThis command tries to respect gitignore to avoid massive sync of unneeded files before rsync you must generate an ssh key and ensure the public key is in your droplet server's authorized_clients
after this you can ssh into your droplet and docker compose up from the project dir
local db backup
wsl -d Ubuntu
rsync -vhra root@DROPLET_IP:/app/dropcode-monorepo/apps/execution-sandbox/sandbox_server/sandbox.db ./sandbox.backup.db