feat(box): restore image-keyed warm-pool reuse and boot path#755
Merged
Conversation
Rename BoxService.createFromTemplate -> create; remove the vestigial Template/savedImage concept. Re-introduce image as a plain box/warm-pool match key; restore warm-pool reuse (fetchWarmPoolBox/assignWarmPoolBox) in create(). Rebuild a snapshot-free CREATE_BOX boot path (runnerAdapter.createBox + box-start UNKNOWN handler). Unify the create-box image field to 'image' across the TS API, Go runner, and swagger; fold schema into the baseline migration.
|
Caution Review failedPull request was closed or merged during review 📝 WalkthroughWalkthroughThis PR migrates box creation infrastructure from template/snapshot fields to a unified image-based field throughout the API, services, database schema, and runner implementations. Controllers now invoke a single ChangesTemplate-to-Image Field Migration
🎯 4 (Complex) | ⏱️ ~60 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
G4614
added a commit
that referenced
this pull request
Jun 13, 2026
#755 #755 edited the squashed baseline file in-place to rename warm_pool.savedImage → warm_pool.image and add box.image, and a pre-#736 stack additionally dropped box.boxId via 0e6b875. TypeORM keys the ledger by class name, so Tokyo's recorded Migration1741087887225 row will never re-run with the new content — producing the live errors column WarmPool.image does not exist column Box.boxId does not exist on POST/GET/DELETE /boxes. This new class adds box.boxId (NOT NULL char(12), backfilled with a 12-hex slice of uuid_generate_v4 so SET NOT NULL holds), box.image (nullable), and warm_pool.image (renamed from savedImage if present, otherwise added). All steps are wrapped in information_schema guards so the file is a no-op on fresh stacks and on any stack that converged via another path. Local-verified on a legacy-shape DB (box without boxId/image, warm_pool with savedImage) and re-run for idempotency.
pull Bot
pushed a commit
to CrazyForks/boxlite
that referenced
this pull request
Jun 13, 2026
…ite-ai#758) ## Summary main already accepts a free-form `image` string on box creation (landed in boxlite-ai#755). **This PR adds only the curated allowlist on top** — the pre-launch security gate. ```text main (boxlite-ai#755): create accepts ANY image string → runner pulls it this PR: create validates image against the supported pinned set (base / python / node, sha256-pinned ghcr refs) unsupported → 400 listing the supported refs undefined → defaults to the base image ``` Without this gate, a request can make the runner pull an arbitrary image using its private-registry token — so the allowlist is required before launch. ## Changes (server-side only) - `apps/api/src/box/constants/curated-images.constant.ts` — `supportedImages()` / `assertSupportedImage()`; env-overridable (`BOXLITE_SYSTEM_{BASE,PYTHON,NODE}_IMAGE`) with sha256-pinned fallbacks. + spec. - `box.service` create: validate `createBoxDto.image` at the request boundary. ## Scope boundary (what this PR is NOT) - **No client regen** — the `image` field shape is unchanged (still a string), only its accepted values are restricted server-side. - **No SDK / dashboard / identity changes.** The single-id collapse and the SDK removal are separate PRs. ## Verification API jest 106/106 (curated allowlist spec 5/5). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Tests** * Added comprehensive test coverage for image allowlist validation. * **New Features** * The API now validates container image requests against a curated allowlist. Unsupported images are rejected with error messages listing available options. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rename BoxService.createFromTemplate -> create; remove the vestigial Template/savedImage concept.
Re-introduce image as a plain box/warm-pool match key; restore warm-pool reuse (fetchWarmPoolBox/assignWarmPoolBox) in create().
Rebuild a snapshot-free CREATE_BOX boot path (runnerAdapter.createBox + box-start UNKNOWN handler).
Unify the create-box image field to 'image' across the TS API, Go runner, and swagger; fold schema into the baseline migration.
Summary by CodeRabbit
Release Notes
New Features
Refactor