feat: add nsenter-based command execution in tools sidecar with full test coverage#41
Merged
l50 merged 2 commits intoJan 14, 2026
Conversation
Added: - Added direct git dependency for rigging at a specific commit in pyproject.toml - Enabled direct references in Hatch metadata to support non-PyPI dependencies Changed: - Updated uv.lock to track rigging as a git dependency rather than a PyPI release - Modified uv.lock dependencies and requirements to include the direct git reference for rigging Removed: - Removed PyPI source distribution and wheel URLs for rigging in uv.lock since the package is now referenced directly from git
…cution **Added:** - Implement tools container PID discovery using `ps aux` and process name matching in RedisWorkerAgent, enabling targeted namespace entry for task execution - Introduce command task execution in the tools sidecar container via `nsenter` into the tools container's mount namespace, supporting pod-level shareProcessNamespace and CAP_SYS_ADMIN requirements - Add comprehensive integration tests for tools PID discovery, nsenter-based execution, error handling, PID caching, and edge cases in `test_redis_task_queue_integration.py` **Changed:** - Update command task execution logic to run commands in the tools container using nsenter, with improved error reporting for missing process namespace sharing or capabilities, and more robust subprocess result handling - Enhance error logging for command execution failures to aid debugging - Update docstrings for `_execute_command_task` to document new nsenter approach and requirements
CAP-853 Execute Commands in Tools Sidecar via nsenter
Description: Objective: Enable command execution within the tools sidecar container from the worker agent by leveraging Scope of Work:
Dependencies:
Acceptance Criteria:
Additional Notes:
|
l50
deleted the
jayson/cap-853-execute-commands-in-tools-sidecar-via-nsenter
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Key Changes:
improved isolation and compatibility
Added:
tools sidecar's mount namespace using nsenter, requiring shareProcessNamespace
and CAP_SYS_ADMIN for proper operation
"sleep infinity" and select the correct PID for namespace entry
command execution success/failure, permission errors, timeouts, and PID caching
in
test_redis_task_queue_integration.pypyproject.tomlanduv.lockfor up-to-date source usageChanged:
nsenter-based invocation, including error handling for missing tools container,
missing capabilities, and general execution errors
references and to pin rigging to a specific commit via git URL
allow-direct-referencesin Hatch metadata for directdependency support
Removed:
source reference for more precise dependency management