Integrate E2B sandbox as an alternative to a Docker container

[mlejva]

This is a draft PR for integrating E2B sandbox for OpenDevin's agents. The E2B sandbox is a secure micro VM made for running AI agents and AI generated code in the cloud.

I'll be updating the following todo list as I go:

• Bring E2B sandbox to the parity in terms of functionality with the current sandbox.py
• Common interface between Docker container and E2B sandbox
• Update fileops to happen inside sandbox when using E2B
• Use E2B sandbox for running swe-bench evals end-to-end (will be done in separate PR)

[foragerr]

curious: Can e2b run inside docker?

[mlejva]

curious: Can e2b run inside docker?

No. E2B sandbox is a VM so it sits on a "lower level" compared to a container. What will be possible in the future is to run Docker inside E2B.

[rbren]

Looking good!

We can probably formalize the sandbox interface with an abstract class--doesn't need to be in this PR though

[mlejva]

Looking good!

We can probably formalize the sandbox interface with an abstract class--doesn't need to be in this PR though

I'm planning on updating the PR today/tomorrow with proper config and env vars setup and make it match the functionality of the current sandbox.
Once that all will look good to you guys, happy to start working on the common interface.

[mlejva]

@rbren a short update, still work in progress.

I updated the PR so the E2B sandbox matches the functionality of the current Docker sandbox. Specifically the background commands are now supported. Also rebased to main to stay up to date with the new code style rules.

Next step is to:

• 1. Clean up and improve types so we can build a shared interface between E2B sandbox and Docker sandbox
• 2. Add config option to allow switching between E2B sandbox and Docker sandbox
• 3. Enable filesystem operations. Currently, the filesystem operations with Docker sandbox are happening through a mounted volume because the container is running locally. WIth E2B sandbox, everything should happen inside the sandbox - sandbox.filesystem.write('...') - you're interacting right with the filesystem inside the sandbox. We can't currently mount a local folder to the sandbox. I'm thinking introducing a config flag (as mentioned above) to allow users switch sandbox and change how filesystem ops work based on that.

I think I should be able to finish the whole PR this Sunday

[mlejva]

@rbren similar to what @foragerr did in #874 I think we should also build a common interface for process (what's known as command at the moment). It'd be something fairly simple like

from abc import ABC, abstractmethod

class Process(ABC):
    @abstractmethod
    def kill(self):
        pass

    @abstractmethod
    def read_logs(self) -> str:
        pass
    
    @property
    @abstractmethod
    def id(self) -> int:
        pass

    @property
    @abstractmethod
    def command(self) -> str:
        pass

    @property
    @abstractmethod
    def exit_code(self) -> int | None: # The reason it can be none is because the process can still be running
       pass 

What do you think?

[rbren]

@mlejva that seems reasonable to me!

[mlejva]

curious: Can e2b run inside docker?

@foragerr I realized I might have misunderstood your question. I thought you're talking about self-hosting. With self-hosting what I wrote stands - E2B sandbox is a VM so it sits on a "lower level" compared to a container. What will be possible in the future is to run Docker inside E2B.

But you can definitely use E2B SDK for launching sandboxes in our cloud from Docker and Dockerize the whole app.

I just wanted to clear that up

[neubig]

Looks great, thanks a bunch for the contribution! I just have a few small comments.

[rbren]

This feels leaky to me. But passing controller into run is already kind of leaky. Curious if you have any ideas on how to improve this.

Maybe sandbox should handle all the run logic...

We can come back to this in a future PR

[mlejva]

Yeah I agree this doesn't feel right. Happy to refactorize this once we merge this PR

[rbren]

Excited to get this in!

[mlejva]

Hey @rbren thank you so much for the code review. I merged the main branch. I'm struggling a bit with understanding why the build didn't pass though.

I built it locally with both Python 3.11 and 3.12 and it looks like it's passing.

The errors in GitHub actions seem to only show error code and nothing else though:

• https://github.com/OpenDevin/OpenDevin/actions/runs/8675380093/job/23793473005?pr=727
• https://github.com/OpenDevin/OpenDevin/actions/runs/8675380093/job/23793472708?pr=727
• https://github.com/OpenDevin/OpenDevin/actions/runs/8675380093/job/23793472924?pr=727

I'm not sure why it's not passing, I you have any tips, it would be super helpful!

[mlejva]

I also did a bit of refactorization in this PR.

• Sandbox is now separated to docker and e2b
• BackgroundCommand is now Process with separate `
• I added readme to E2B sandbox to get people started easily
• I pre-built a custom E2B sandbox for OpenDevin called open-devin.
  • Currently, it's only 0.5GB RAM and 2vCPU and people need to use their on SDK key but once we get OpenDevin to a cloud hosted webapp, we'll upgrade it to better machine, and sponsor all needed compute for OpenDevin's team API key

[rbren]

This LGTM as-is! A couple minor notes though

[rbren]

Can we e2b template from a remote image like ubuntu or ghcr.io/opendevin/sandbox? Or does the user have to build it from scratch?

Would be nice not to have to maintain a new Dockerfile, or to at least build it for them in our CI/CD pipeline

[mlejva]

You can share the same Dockerfile and use a remote image. We just have some restrictions on what images and Dockerfile commands we support. Generally, you should be good. I'll set it up to use the same Dockerfile image

[rbren]

I don't see this file getting used anywhere?

[mlejva]

It's used by the E2B CLI, it's something like Cloudflare Workers have their wrangler.toml

[rbren]

We're mostly getting rid of config.toml now that everything is running inside docker. Maybe this should be passed into docker run with -e?

[mlejva]

Yeah, that should work, I can update it. So config.py isn't used anymore and instead we should pass the env vars, right?

[mlejva]

I updated the readme to instruct users to set the E2B API key to the E2B_API_KEY env var.

If there's nothing else you think should change, this PR should be good to go!

[rbren]

auto-merge enabled! 🚀

Thanks for all the work here!

[rbren]

Sorry, merge conflicts 😭

SWE-agent implemented start and end lines for read/write operations, which I suppose we'll need to support with e2b. Hopefully that's not too hard...

[mlejva]

Sorry, merge conflicts 😭

SWE-agent implemented start and end lines for read/write operations, which I suppose we'll need to support with e2b. Hopefully that's not too hard...

Looking into it in 1-2 hours!

[mlejva]

Hey @rbren I finally got to resolving the conflicts. Sorry it took longer.
Can you please check it when you have a moment and if it looks good to you merge it?

Thank you!