feat(llm-challenge): run solve phase inside Podman container#780
Open
feat(llm-challenge): run solve phase inside Podman container#780
Conversation
Replace software-level isolation (cleanEnv, claude-settings.json deny rules, Codex denylist rules) with OS-level container isolation via Podman. The solve phase now always runs inside a container, providing filesystem isolation without needing path obfuscation or env scrubbing. Key changes: - Add container.ts: Podman management (availability check, image build, container run args construction) - Modify claude.ts/codex.ts: spawn podman instead of direct CLI - Auth via CLAUDE_CODE_OAUTH_TOKEN / OPENAI_API_KEY env var passthrough - Run container as non-root user (Claude Code rejects bypassPermissions under root) - Remove ~700 lines of software isolation code (cleanEnv, denylist, claude-settings.json, AGENTS.md generation) - Add Podman availability check and auth hints to run.ts
…tials - Claude: use CLAUDE_CODE_OAUTH_TOKEN env var (from `claude setup-token`) - Codex: mount ~/.codex/ read-only (contains auth.json with ChatGPT OAuth) - Remove all OPENAI_API_KEY / ANTHROPIC_API_KEY references - Update error hints to guide users to login-based auth - Update llm-challenge skill with Podman prerequisites
Codex CLI (Rust binary) uses native TLS and requires system CA certificates. node:22-slim does not include them, causing "no native root CA certificates found" errors on HTTPS/WSS connections.
- Mount workDir at /workspace instead of host path to avoid macOS path leaking into Codex sandbox config (writable_roots) - Mount only ~/.codex/auth.json instead of entire ~/.codex/ to prevent host config.toml from injecting invalid writable_roots - Pre-create /home/node/.codex and .claude dirs in Containerfile - Replace --sandbox workspace-write with --dangerously-bypass-approvals-and-sandbox (bubblewrap cannot create mount namespaces inside rootless Podman containers)
…ase timeout - Default model: gpt-5.1-codex-mini -> gpt-5.4 - Timeout: 10 minutes -> 20 minutes (matches Claude)
…s, fix Codex auth docs - copy SDK tarball into workDir/.sdk/ with relative file: ref so pnpm install works inside Podman container (host tarball path is not mounted in container) - exclude .sdk/ directory from file listing shown to solve agent - document credential exposure trade-off in container.ts security model comment - correct Codex auth setup instructions: codex login / auth.json, not OPENAI_API_KEY
…dContainerRunArgs SolveAgent is "claude" | "codex" and both values match their CLI binary names, so the ternary `agent === "claude" ? "claude" : "codex"` is redundant.
detached: true was carried over from the old host-process invocation but is incorrect for Podman. SIGTERM may not reach container child processes when detached, leaving orphaned processes and keeping Node's event loop alive. checkCodexAuthStatus correctly omits detached.
|
commit: |
Code Metrics Report (packages/sdk)
Details | | main (4c8c74d) | #780 (7d62ad3) | +/- |
|--------------------|----------------|----------------|------|
| Coverage | 55.2% | 55.2% | 0.0% |
| Files | 301 | 301 | 0 |
| Lines | 10010 | 10010 | 0 |
| Covered | 5532 | 5532 | 0 |
| Code to Test Ratio | 1:0.3 | 1:0.3 | 0.0 |
| Code | 58204 | 58204 | 0 |
| Test | 23200 | 23200 | 0 |SDK Configure Bundle Size
Runtime Performance
Type Performance (instantiations)
Reported by octocov |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replace software-level isolation with OS-level container isolation via Podman
Benchmark Results
Main Changes
llm-challenge-runnerimage, auto-built on first run)~/.claude/settings.json,~/.codex/config.toml), and other repositoriesCLAUDE_CODE_OAUTH_TOKENenv var (claude setup-token), Codex uses~/.codex/auth.jsonmountnodeuser (Claude Code rejectsbypassPermissionsunder root)--dangerously-bypass-approvals-and-sandbox(bubblewrap cannot nest inside rootless Podman)/workspaceinside container (avoids macOS path leaking into Codex sandbox config)gpt-5.1-codex-minitogpt-5.4, timeout increased to 20 minutesca-certificatesfor Codex TLSNotes
podman machine starton macOS)--use-solutionand--implmodes are unaffected (no Podman required)