fabi/PiCloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: per-script Rhai sandbox overrides with admin ceiling

Browse Source 
Adds optional per-script overrides for the six Rhai sandbox knobs
(max_operations, max_string_size, max_array_size, max_map_size,
max_call_levels, max_expr_depth). The executor merges its defaults
with each script's overrides on every call; the manager validates
overrides against an admin-set ceiling at write time, so the
executor trusts whatever is stored.

Storage chose JSONB on the existing scripts table over six new
columns: lets future knobs land as code-only changes, keeps the
sparse common case (most scripts override nothing) cheap to store
and serialize, and matches how the manager + executor pass the
config across the wire.

  * 0002_sandbox.sql — ALTER TABLE scripts ADD COLUMN sandbox
    JSONB NOT NULL DEFAULT '{}'
  * shared::ScriptSandbox — six Option<u64> fields with
    deny_unknown_fields so typos surface as 422
  * Script.sandbox + ExecRequest.sandbox_overrides — typed end
    to end; cluster mode just serializes the same struct
  * executor-core::Limits::with_overrides — field-by-field
    replacement; tests cover the override actually tightening
    the live engine
  * manager-core::SandboxCeiling — built-in conservative
    defaults (10M ops, 1 MiB strings, 100k array/map, 128
    call/expr depth); env vars override per knob, invalid
    values warn-and-skip rather than blocking boot
  * manager-core admin API — POST/PUT accept `sandbox`; values
    above the ceiling return 422 with the specific field +
    requested + ceiling; absent or `{}` keeps platform defaults
  * picloud all-in-one — wires SandboxCeiling::from_env() into
    AdminState
  * memory_limit_mb stays in the schema, marked v1.3+ advisory
    (no enforcement until OS-level isolation lands with
    cluster-mode executors)

Verified live through Caddy:
  * /version reports schema 2, product 0.3.0
  * Script with max_operations: 500 → 507 on a 10k-iteration loop
  * Same script after PUT raising to 1M → succeeds, returns 10000
  * POST with max_operations: 1_000_000_000 → 422 (exceeds ceiling)

Tests:
  * 13 executor-core unit tests (added 2 for override semantics)
  * 20 integration tests (added 6 for sandbox CRUD + ceiling +
    unknown-field rejection + executor honoring overrides)
  * default cargo test --workspace stays green (integration tests
    remain #[ignore]'d until DATABASE_URL is set)

Bumps:
  * schema 1 → 2
  * product 0.2.0 → 0.3.0
  * SDK unchanged (scripts see nothing new)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
MechaCat02
2026-05-23 16:26:12 +02:00
parent 4baaead642
commit f51924fdbc
18 changed files with 491 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crates/picloud/src/lib.rs
View File

@@ -10,7 +10,7 @@ use axum::{routing::get, Json, Router};
use picloud_executor_core::{Engine, Limits};
use picloud_manager_core::{
admin_router, migrations, AdminState, PostgresExecutionLogRepository, PostgresExecutionLogSink,
PostgresScriptRepository, RepoResolver,
PostgresScriptRepository, RepoResolver, SandboxCeiling,
};
use picloud_orchestrator_core::{data_plane_router, DataPlaneState, LocalExecutorClient};
use picloud_shared::{
@@ -43,6 +43,7 @@ pub fn build_app(pool: PgPool) -> Router {
repo: Arc::new(PostgresScriptRepoHandle(script_repo)),
logs: log_repo,
validator: engine as Arc<dyn ScriptValidator>,
sandbox_ceiling: SandboxCeiling::from_env(),
};
let data_plane = DataPlaneState {
executor,

138
crates/picloud/tests/api.rs
View File

@@ -283,6 +283,144 @@ async fn execution_logs_capture_invocations(pool: PgPool) {
assert_eq!(entries[0]["data"], json!({ "marker": 7 }));
}
// ============================================================================
// Sandbox overrides
// ============================================================================
#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
#[sqlx::test(migrations = "../manager-core/migrations")]
async fn create_without_sandbox_returns_empty_object(pool: PgPool) {
let s = server(pool);
let created: Value = s
.post("/api/v1/admin/scripts")
.json(&json!({ "name": "no-sandbox", "source": "1" }))
.await
.json();
assert_eq!(created["sandbox"], json!({}));
}
#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
#[sqlx::test(migrations = "../manager-core/migrations")]
async fn create_with_sandbox_persists_and_returns_overrides(pool: PgPool) {
let s = server(pool);
let created: Value = s
.post("/api/v1/admin/scripts")
.json(&json!({
"name": "tight",
"source": "1",
"sandbox": { "max_operations": 500, "max_string_size": 1024 }
}))
.await
.json();
assert_eq!(
created["sandbox"],
json!({ "max_operations": 500, "max_string_size": 1024 })
);
let id = created["id"].as_str().unwrap();
let fetched: Value = s.get(&format!("/api/v1/admin/scripts/{id}")).await.json();
assert_eq!(
fetched["sandbox"],
json!({ "max_operations": 500, "max_string_size": 1024 })
);
}
#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
#[sqlx::test(migrations = "../manager-core/migrations")]
async fn sandbox_exceeding_ceiling_returns_422(pool: PgPool) {
// Default conservative ceiling caps max_operations at 10_000_000.
let s = server(pool);
let r = s
.post("/api/v1/admin/scripts")
.json(&json!({
"name": "too-loose",
"source": "1",
"sandbox": { "max_operations": 100_000_000 }
}))
.await;
r.assert_status(axum::http::StatusCode::UNPROCESSABLE_ENTITY);
let body: Value = r.json();
assert!(body["error"].as_str().unwrap().contains("max_operations"));
}
#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
#[sqlx::test(migrations = "../manager-core/migrations")]
async fn sandbox_unknown_field_returns_422(pool: PgPool) {
let s = server(pool);
let r = s
.post("/api/v1/admin/scripts")
.json(&json!({
"name": "typo",
"source": "1",
"sandbox": { "max_operashuns": 500 }
}))
.await;
// serde's deny_unknown_fields causes axum to reject with 422 or
// 400 depending on extractor; the routing is irrelevant here, just
// that it doesn't get stored silently.
assert!(
r.status_code() == axum::http::StatusCode::UNPROCESSABLE_ENTITY
|| r.status_code() == axum::http::StatusCode::BAD_REQUEST
);
}
#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
#[sqlx::test(migrations = "../manager-core/migrations")]
async fn sandbox_overrides_take_effect_at_execute(pool: PgPool) {
let s = server(pool);
// Tight max_operations on a loop the default would happily run.
let created: Value = s
.post("/api/v1/admin/scripts")
.json(&json!({
"name": "tight-exec",
"source": "let n = 0; for i in 0..10000 { n += 1; } n",
"sandbox": { "max_operations": 500 }
}))
.await
.json();
let id = created["id"].as_str().unwrap();
let r = s
.post(&format!("/api/v1/execute/{id}"))
.json(&json!({}))
.await;
r.assert_status(axum::http::StatusCode::INSUFFICIENT_STORAGE);
let body: Value = r.json();
assert!(body["error"].as_str().unwrap().contains("operation budget"));
}
#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
#[sqlx::test(migrations = "../manager-core/migrations")]
async fn update_replaces_sandbox_wholesale(pool: PgPool) {
let s = server(pool);
let created: Value = s
.post("/api/v1/admin/scripts")
.json(&json!({
"name": "patch-target",
"source": "1",
"sandbox": { "max_operations": 500, "max_string_size": 1024 }
}))
.await
.json();
let id = created["id"].as_str().unwrap();
// Replace with a single override; the other field disappears.
let updated: Value = s
.put(&format!("/api/v1/admin/scripts/{id}"))
.json(&json!({ "sandbox": { "max_array_size": 5000 } }))
.await
.json();
assert_eq!(updated["sandbox"], json!({ "max_array_size": 5000 }));
// Send empty object to clear all overrides.
let cleared: Value = s
.put(&format!("/api/v1/admin/scripts/{id}"))
.json(&json!({ "sandbox": {} }))
.await
.json();
assert_eq!(cleared["sandbox"], json!({}));
}
#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
#[sqlx::test(migrations = "../manager-core/migrations")]
async fn execution_errors_are_still_logged(pool: PgPool) {