Docker runtime contracts and subprocess adapter
Project description
dr-docker
Reusable Docker execution contracts and adapters.
Purpose
This repo provides Docker runtime contracts and a concrete subprocess adapter:
- Docker runtime request/result contracts with security and resource profiles
- Runtime adapter protocol
- Subprocess-based Docker adapter with stream capping and cidfile cleanup
- Worker helpers for mounted scripts/directories with reusable runtime policies
- Typed error envelopes
Public Surface
from dr_docker import (
CONTRACT_VERSION,
DockerMount,
DockerRuntimeRequest,
DockerRuntimeResult,
ErrorCode,
ErrorEnvelope,
MountedWorker,
ResourceLimits,
RuntimeAdapter,
RuntimePrimitiveError,
SecurityProfile,
SubprocessDockerAdapter,
TmpfsMount,
WorkerRuntimePolicy,
__version__,
build_mounted_worker_request,
execute_batch_in_container,
mount_worker_directory,
mount_worker_file,
run_batch_with_failure_isolation,
)
Worker Support
dr-docker now includes a small worker-support layer for the common pattern of:
- starting from a reusable isolated runtime policy
- mounting a local worker file or directory into the container
- building a
DockerRuntimeRequestwith stdin, env, mounts, tmpfs, and resource limits already wired together
from pathlib import Path
from dr_docker import (
WorkerRuntimePolicy,
build_mounted_worker_request,
mount_worker_file,
)
worker = mount_worker_file(Path("worker.py"), mount_target="/sandbox")
worker = worker.with_path_command(
entrypoint="python3",
args_before_path=["-I"],
working_dir="/tmp",
)
policy = WorkerRuntimePolicy.small_isolated().model_copy(
update={"memory": "1g", "tmpfs_exec": True}
)
request = build_mounted_worker_request(
image="python:3.12-slim",
worker=worker,
timeout_seconds=30,
policy=policy,
stdin_payload='{"job": "ping"}',
env={"WORKER_MODE": "json"},
)
For optional worker-side JSON-over-stdin helpers, use dr_docker.workers.json_stdio. That module intentionally stays separate from the core Docker contract layer and includes bounded stdin reading, bounded stdout capture, container guards, and basic RLIMIT helpers.
Contract Guarantees
DockerRuntimeResult(ok=False)requireserror- Successful result envelopes must not include
error - Error envelopes are typed (
ErrorCode) with non-empty message and JSON-safe details - Supported
ErrorCodevalues aretimeout,unavailable, andinternal_error
Development
uv sync --group dev
uv run pytest -q
uv run ruff format --check
uv run ruff check
uv run ty check
Publishing
cp .env.example .env
# set PYPI_API_TOKEN in .env
set -a; source .env; set +a
uv build
uvx twine check dist/*
uvx twine upload -u __token__ -p "$PYPI_API_TOKEN" dist/*
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dr_docker-0.4.4.tar.gz.
File metadata
- Download URL: dr_docker-0.4.4.tar.gz
- Upload date:
- Size: 51.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
02f4e3bb1955d9df1c97edade6721358e0496ce6e0b2db53fd488d0a5fc7268d
|
|
| MD5 |
b563dd8f157ecf28ef732e0d4a4a5544
|
|
| BLAKE2b-256 |
1f839f2bf8362ce89a763a2ffdcae4946cbd5f34a3560481004d3c7c53242f4f
|
File details
Details for the file dr_docker-0.4.4-py3-none-any.whl.
File metadata
- Download URL: dr_docker-0.4.4-py3-none-any.whl
- Upload date:
- Size: 19.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c7fdd97be9c8cfb5d9c18918e07aca942a860ff3d721b22b9e91350fce54237a
|
|
| MD5 |
ae8e4db5b846376db5a9880ac36992e4
|
|
| BLAKE2b-256 |
212e99b306ee7beb3496df041700092dc2de8b533f7bd742a553ced2a1c83156
|
