Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

feat(agent/agentcontainers): implement sub agent injection#18245

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
mafredri wants to merge5 commits intomain
base:main
Choose a base branch
Loading
frommafredri/feat-agent-devcontainer-injection-4

Conversation

mafredri
Copy link
Member

@mafredrimafredri commentedJun 5, 2025
edited
Loading

This change adds support for sub agent creation and injection into dev
containers.

TODO:

  • Pass the correct access URL to sub agent
  • Add integration test
  • Use correct directory for sub agent (requires on-diskdevcontainer.json parsing,follow-up PR)
  • Parse.customizations.coder.devcontainer.name from docker container label (materializeddevcontainer.json on creation,follow-up PR)
  • Add support for downloading agent binaries for different architectures (follow-up PR)
  • Make sure there are reduced capabilities for sub-agents (e.g. no containers API,follow-up PR)

Updatescoder/internal#621

  1. chore(agent): update agent proto client #18242
  2. feat(agent/agentcontainers): refactor Lister to ContainerCLI and implement new methods #18243
  3. feat(agent/agentcontainers): add Exec method to devcontainers CLI #18244
  4. 👉🏻feat(agent/agentcontainers): implement sub agent injection #18245

johnstcn reacted with rocket emoji
@mafredrimafredriforce-pushed themafredri/feat-agent-devcontainer-injection-3 branch fromd49f84e to011a8aaCompareJune 5, 2025 12:51
@mafredrimafredriforce-pushed themafredri/feat-agent-devcontainer-injection-4 branch from91ff08e to3960774CompareJune 5, 2025 12:52
@mafredrimafredriforce-pushed themafredri/feat-agent-devcontainer-injection-3 branch from011a8aa to63f93bcCompareJune 5, 2025 13:59
@mafredrimafredriforce-pushed themafredri/feat-agent-devcontainer-injection-4 branch from3960774 to1cf1905CompareJune 5, 2025 13:59
@mafredrimafredriforce-pushed themafredri/feat-agent-devcontainer-injection-3 branch from63f93bc to0deaab8CompareJune 6, 2025 08:44
@mafredrimafredriforce-pushed themafredri/feat-agent-devcontainer-injection-4 branch from1cf1905 tof190036CompareJune 6, 2025 08:44
@mafredrimafredriforce-pushed themafredri/feat-agent-devcontainer-injection-3 branch from0deaab8 to8796ba3CompareJune 6, 2025 09:30
@mafredrimafredriforce-pushed themafredri/feat-agent-devcontainer-injection-4 branch 2 times, most recently fromdc146ab tod1447f3CompareJune 6, 2025 09:45
@mafredrimafredriforce-pushed themafredri/feat-agent-devcontainer-injection-3 branch from8796ba3 toadbfd45CompareJune 6, 2025 11:20
@mafredrimafredriforce-pushed themafredri/feat-agent-devcontainer-injection-4 branch fromd1447f3 to3547372CompareJune 6, 2025 11:27
Base automatically changed frommafredri/feat-agent-devcontainer-injection-3 tomainJune 6, 2025 11:39
This change adds support for sub agent creation and injection into devcontainers.Closescoder/internal#621
@mafredrimafredriforce-pushed themafredri/feat-agent-devcontainer-injection-4 branch from3547372 to7358ee0CompareJune 6, 2025 11:39
@mafredrimafredriforce-pushed themafredri/feat-agent-devcontainer-injection-4 branch froma8e4495 toeb29bbaCompareJune 6, 2025 15:59
@mafredri
Copy link
MemberAuthor

I'm still working on an integration test and the existing mocks are being a PITA (think those are about sorted now though). Promoting this to "ready for review" to get some feedback on the approach@DanielleMaywood@johnstcn.

(Also going to break out the "follow-up PR" tasks into new issues before merging this.)

@mafredrimafredri marked this pull request as ready for reviewJune 6, 2025 16:14
Copy link
Member

@johnstcnjohnstcn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I still have to read some more but adding my comments so far.

Comment on lines +35 to +39
// Destination path inside the container, we store it in a fixed location
// under /.coder-agent/coder to avoid conflicts and avoid being shadowed
// by tmpfs or other mounts. This assumes the container root filesystem is
// read-write, which seems sensible for dev containers.
coderPathInsideContainer = "/.coder-agent/coder"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

👍

if err := api.cleanupSubAgents(api.ctx); err != nil {
api.logger.Error(api.ctx, "cleanup subagents failed", slog.Error(err))
} else {
api.logger.Debug(api.ctx, "subagent cleanup complete")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

nit: consistency

Suggested change
api.logger.Debug(api.ctx,"subagentcleanup complete")
api.logger.Debug(api.ctx,"cleanup subagents complete")

if _, injected := api.injectedSubAgentProcs[dc.Container.ID]; !injected && dc.Status == codersdk.WorkspaceAgentDevcontainerStatusRunning {
err := api.injectSubAgentIntoContainerLocked(ctx, dc)
if err != nil {
api.logger.Error(ctx, "inject subagent into container failed", slog.Error(err))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

suggest also logging container ID

Comment on lines +1093 to +1099
err := api.dccli.Exec(agentCtx, dc.WorkspaceFolder, dc.ConfigPath, agentPath, []string{"agent"},
WithContainerID(container.ID),
WithRemoteEnv(
"CODER_AGENT_URL="+api.subAgentURL,
"CODER_AGENT_TOKEN="+agent.AuthToken.String(),
),
)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Would it make more sense to background this? If the parent agent ends up crashing and being restarted, we'll lose the sub-agents and have to re-inject them. We can keep track of the expected PID in e.g./.coder-agent/pid

Comment on lines +1009 to +1011
if _, err := api.ccli.ExecAs(ctx, container.ID, "root", "setcap", "cap_net_admin+ep", coderPathInsideContainer); err != nil {
logger.Warn(ctx, "set CAP_NET_ADMIN on agent binary failed", slog.Error(err))
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

This will probably fail unless the container is running as privileged or has the specific CAP_NET_ADMIN privilege set on the container?

Comment on lines +1002 to +1005
// Make sure the agent binary is executable so we can run it.
if _, err := api.ccli.ExecAs(ctx, container.ID, "root", "chmod", "+x", coderPathInsideContainer); err != nil {
return xerrors.Errorf("set agent binary executable: %w", err)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Do we also need tochown the binary so that it's readable by the default container user?


logger.Info(ctx, "starting subagent in dev container")

err := api.dccli.Exec(agentCtx, dc.WorkspaceFolder, dc.ConfigPath, agentPath, []string{"agent"},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Do we try to execute this as a non-root user?

Comment on lines +879 to +882
injected := make(map[uuid.UUID]bool, len(api.injectedSubAgentProcs))
for _, proc := range api.injectedSubAgentProcs {
injected[proc.agent.ID] = true
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

This could probably be amap[uuid.UUID]struct{} instead, and then below on line 888 just check for_, found := injected[agent.ID]

Comment on lines +887 to +899
for _, agent := range agents {
if injected[agent.ID] {
continue
}
err := api.subAgentClient.Delete(ctx, agent.ID)
if err != nil {
api.logger.Error(ctx, "failed to delete agent",
slog.Error(err),
slog.F("agent_id", agent.ID),
slog.F("agent_name", agent.Name),
)
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Should we set an upper bound on deletion attempts and raise if more than say 3 attempts fail?

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@johnstcnjohnstcnjohnstcn left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@mafredrimafredri

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

2 participants
@mafredri@johnstcn
[8]ページ先頭
©2009-2025 Movatter.jp