start.sh

Overview

start.sh is a Bash shell script designed to automate the setup, cleanup, build, and launch process of the InfiniFlow sandbox executor environment. The script orchestrates Docker container lifecycle management, image building for Python and Node.js sandboxes, service startup via Docker Compose, connectivity and health checks, and final security validation tests.

This script streamlines the deployment of sandbox executor services by:

Configuring environment variables (with sensible defaults).
Building base Docker images for sandbox environments.
Cleaning up existing Docker containers from previous runs.
Building and launching the executor services using Docker Compose.
Verifying service readiness before reporting success.

It is intended to be run from the root directory of the InfiniFlow project and assumes the presence of Docker, Docker Compose, and some auxiliary scripts for health checks.

Detailed Explanation

Environment Configuration

The script sets BASE_DIR as the project root (parent directory of the script location) and changes the working directory to it.
If a .env file is found at the root, it sources it to load environment variables.
Key environment variables used (with defaults if not set):

Variable	Description	Default
`SANDBOX_EXECUTOR_MANAGER_PORT`	TCP port where executor manager listens	`9385`
`SANDBOX_EXECUTOR_MANAGER_POOL_SIZE`	Number of sandbox executor containers to maintain	`5`
SANDBOX_BASE_PYTHON_IMAGE	Docker image tag for the Python sandbox base image	sandbox-base-python:latest
SANDBOX_BASE_NODEJS_IMAGE	Docker image tag for the Node.js sandbox base image	sandbox-base-nodejs:latest

If the .env file is missing, the script prints a warning and falls back on these default values.

Step 1: Build sandbox-base images

If .env is present, the script:
- Builds the Python sandbox base image from ./sandbox_base_image/python directory using Docker.
- Builds the Node.js sandbox base image from ./sandbox_base_image/nodejs directory using Docker.
If .env is missing, it skips this build step.

Usage Example:

./start.sh
# Output will include docker build progress for sandbox-base-python and sandbox-base-nodejs images.

Step 2: Clean up old sandbox containers

Iterates over the range 0 to SANDBOX_EXECUTOR_MANAGER_POOL_SIZE - 1.
For each index i, forcibly removes Docker containers named:
- sandbox_python_i
- sandbox_nodejs_i
Ignores errors if containers do not exist (using || true).

This ensures a clean slate before starting new containers.

Step 3: Build executor services

Runs docker compose build in the project directory.
Builds all services defined in docker-compose.yml (not shown here but assumed part of the project).
This step prepares service images based on the updated code and configurations.

Step 4: Start services

Runs docker compose up -d to start containers in detached mode.
Launches all executor manager and related services as background processes.

Step 5: Health checks

Divided into two substeps to ensure the services are ready:

5a. Check if the port is open:
Uses the helper script ./scripts/wait-for-it.sh to wait up to 30 seconds for TCP connectivity on localhost at SANDBOX_EXECUTOR_MANAGER_PORT.
5b. Check if HTTP health endpoint is responsive:
Uses ./scripts/wait-for-it-http.sh to wait up to 30 seconds for a successful HTTP response from http://localhost:<port>/healthz.

These checks help catch startup failures early.

Step 6: Run security tests

Executes Python test script ./tests/sandbox_security_tests_full.py.
This script presumably runs a suite of security-related tests against the running sandbox executor services to validate safe operation.

Final Output

Prints a success message with the URL to the service API documentation:

Service is ready: http://localhost:<port>/docs

Important Implementation Details

The script uses set -e to terminate immediately if any command fails, ensuring errors are not silently ignored.
It gracefully handles missing .env files by falling back on default configurations and skipping optional build steps.
Cleanup commands redirect errors to /dev/null and ignore failures to avoid script termination if containers are missing.
The use of separate health check scripts (wait-for-it.sh and wait-for-it-http.sh) modularizes connectivity checks.
Docker Compose is used for multi-service orchestration, assuming a docker-compose.yml file exists in the project root.

Interaction with Other Parts of the System

.env file: Optional environment configuration file controlling ports, pool sizes, and image tags.
Dockerfiles and sandbox base images: Located in ./sandbox_base_image/python and ./sandbox_base_image/nodejs.
Docker Compose configuration (docker-compose.yml): Specifies the services that are built and launched.
Health check scripts: ./scripts/wait-for-it.sh and ./scripts/wait-for-it-http.sh ensure readiness.
Security tests: Python test script in ./tests/sandbox_security_tests_full.py validates the running services.
Docker environment: Requires Docker daemon and Docker Compose installed and running.

Usage Summary

Run this script from the root project directory to deploy the sandbox executor environment:

./start.sh

It will build images, clean up old containers, launch services, perform health checks, and run security validations automatically.

Mermaid Flowchart Diagram

The following flowchart illustrates the high-level workflow and relationships between key steps and components in start.sh:

flowchart TD
    A[Start: Run start.sh] --> B[Set BASE_DIR and cd]
    B --> C{.env file exists?}
    C -- Yes --> D[Source .env and set variables]
    C -- No --> E[Set default variables and warn]
    D --> F[Build sandbox-base images for Python & Node.js]
    E --> G[Skip build]
    F --> H[Cleanup old sandbox containers]
    G --> H
    H --> I[Build executor services (docker compose build)]
    I --> J[Start services (docker compose up -d)]
    J --> K[Wait for TCP port to open (wait-for-it.sh)]
    K --> L[Check HTTP health endpoint (/healthz)]
    L --> M[Run security tests (sandbox_security_tests_full.py)]
    M --> N[Print success message with service URL]
    N --> O[End]

    style C fill:#f9f,stroke:#333,stroke-width:1px
    style F fill:#bbf,stroke:#333,stroke-width:1px
    style H fill:#bbf,stroke:#333,stroke-width:1px
    style I fill:#bbf,stroke:#333,stroke-width:1px
    style J fill:#bbf,stroke:#333,stroke-width:1px
    style K fill:#bbf,stroke:#333,stroke-width:1px
    style L fill:#bbf,stroke:#333,stroke-width:1px
    style M fill:#bbf,stroke:#333,stroke-width:1px
    style N fill:#afa,stroke:#333,stroke-width:1px

Summary

start.sh is a comprehensive bootstrap script that prepares, cleans, builds, launches, verifies, and validates the InfiniFlow sandbox executor environment in a reliable and automated manner. It acts as the main entry point for developers or operators to deploy and test the sandbox executor manager and related services locally using Docker containers.