Publish pure agent runtime images with version tags#801
Open
law-chain-hot wants to merge 12 commits into
Open
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (8)
💤 Files with no reviewable changes (2)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughIntroduces three agent runtime Dockerfiles ( ChangesAgent Runtime Images v0.1.0
Sequence Diagram(s)sequenceDiagram
participant Dev as Developer / CI push to main
participant GHA as publish-agent-runtime-images.yml
participant VersionStep as Resolve Version Step
participant BuildScript as build-agent-runtime.sh
participant GHCR as ghcr.io/boxlite-ai
Dev->>GHA: push to main (images/agent-runtime/** changed)
GHA->>VersionStep: input version or read images/agent-runtime/VERSION
VersionStep->>VersionStep: strip leading v, validate vMAJOR.MINOR.PATCH
VersionStep->>GHCR: docker login (GITHUB_TOKEN)
VersionStep->>BuildScript: TAG=v0.1.0, PUSH=1, PLATFORMS=linux/amd64,linux/arm64
BuildScript->>BuildScript: normalize_tag, parse_platforms
loop base, python, node
BuildScript->>GHCR: docker buildx --push ghcr.io/boxlite-ai/boxlite-agent-{flavor}:v0.1.0
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e55dc6b17e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (2)
docs/plans/agent-runtime-images-v2.md (1)
3-3: 💤 Low valueConsider removing or repositioning the Claude directive.
Line 3 contains an internal planning instruction ("For Claude: REQUIRED SUB-SKILL: Use superpowers:executing-plans...") that is meta-commentary rather than part of the final deliverable. For a polished implementation plan, either remove it or move it to a separate internal notes section if future cross-references are needed.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/plans/agent-runtime-images-v2.md` at line 3, The blockquote on line 3 starting with "For Claude: REQUIRED SUB-SKILL: Use superpowers:executing-plans" is an internal planning directive that serves as meta-commentary rather than part of the actual implementation plan documentation. Either remove this entire blockquote line if it is not needed for future reference, or move it to a separate internal notes section at the end of the document if cross-references to this instruction are required. Ensure the remaining document content flows naturally without this meta-commentary.apps/dashboard/src/components/Box/supportedBoxImages.test.ts (1)
11-12: ⚡ Quick winAssert a single default image invariant.
Current assertions allow multiple
isDefault: trueentries to slip through. Add a count check so default selection remains explicit and deterministic.♻️ Suggested test addition
describe('supported box images', () => { it('exposes the three versioned runtime image refs, base first', () => { expect(SUPPORTED_BOX_IMAGES.map((image) => image.ref)).toEqual([ 'ghcr.io/boxlite-ai/boxlite-agent-base-v2:v0.9.5', 'ghcr.io/boxlite-ai/boxlite-agent-python-v2:v0.9.5', 'ghcr.io/boxlite-ai/boxlite-agent-node-v2:v0.9.5', ]) expect(SUPPORTED_BOX_IMAGES[0]).toMatchObject({ id: 'base', isDefault: true }) + expect(SUPPORTED_BOX_IMAGES.filter((image) => image.isDefault)).toHaveLength(1) }) })🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@apps/dashboard/src/components/Box/supportedBoxImages.test.ts` around lines 11 - 12, The current test assertion on the SUPPORTED_BOX_IMAGES array only checks that the first element has isDefault: true, but doesn't prevent multiple default entries from existing. Add an additional assertion that counts the number of elements in SUPPORTED_BOX_IMAGES with isDefault: true and verifies that exactly one element has this property set to true. This ensures the default image selection remains deterministic and explicit.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/publish-agent-runtime-images.yml:
- Around line 6-11: The workflow trigger paths filter does not include
.dockerignore, which means changes to that file won't trigger the workflow even
though it affects the Docker build context and published artifacts. Add
.dockerignore as a new entry to the paths list in the on.push trigger section of
the workflow file, placing it alongside the existing paths like Cargo.toml,
apps/daemon/**, images/agent-runtime/**, and
scripts/images/build-agent-runtime.sh.
- Around line 34-48: Replace all mutable version tags with immutable commit SHAs
for the third-party GitHub Actions in the workflow file. Specifically, update
actions/checkout@v5, actions/setup-go@v5, docker/setup-qemu-action@v3,
docker/setup-buildx-action@v3, and docker/login-action@v3 by replacing each `@v`#
tag with the full commit SHA of that specific version (e.g., `@abc123def456`...).
This ensures supply-chain security by preventing unexpected code execution if
action repositories are compromised.
- Around line 33-35: The actions/checkout action in the workflow is persisting
git credentials by default, which is unnecessary since no subsequent steps
perform git operations. Add the persist-credentials parameter set to false in
the checkout action configuration to prevent unnecessary credential persistence
and reduce the security exposure. This is a best practice for workflows that
don't require git credentials for operations after the checkout step.
In `@docs/plans/agent-runtime-images-v2.md`:
- Line 13: The Markdown document violates heading hierarchy by jumping from the
main document heading (h1) directly to task headings marked with ### (h3),
skipping the h2 level. Change all task headings throughout the document from ###
to ## to maintain proper Markdown hierarchy where each heading level increments
by one. This includes all headings that start with "Task" (such as "Task 1:
Restore Agent Runtime Sources" and subsequent task headings).
In `@images/agent-runtime/start-agent-runtime.sh`:
- Around line 6-9: The fallback logic is setting the wrong environment variable.
The daemon configuration requires BOXLITE_BOX_ID, but the code currently checks
for and sets BOXLITE_SANDBOX_ID. Change the condition to check if BOXLITE_BOX_ID
is unset, and then set BOXLITE_BOX_ID to the hostname value (using the same
pattern: set the variable, then export it). This ensures the required daemon
environment variable has a proper fallback when not provided.
---
Nitpick comments:
In `@apps/dashboard/src/components/Box/supportedBoxImages.test.ts`:
- Around line 11-12: The current test assertion on the SUPPORTED_BOX_IMAGES
array only checks that the first element has isDefault: true, but doesn't
prevent multiple default entries from existing. Add an additional assertion that
counts the number of elements in SUPPORTED_BOX_IMAGES with isDefault: true and
verifies that exactly one element has this property set to true. This ensures
the default image selection remains deterministic and explicit.
In `@docs/plans/agent-runtime-images-v2.md`:
- Line 3: The blockquote on line 3 starting with "For Claude: REQUIRED
SUB-SKILL: Use superpowers:executing-plans" is an internal planning directive
that serves as meta-commentary rather than part of the actual implementation
plan documentation. Either remove this entire blockquote line if it is not
needed for future reference, or move it to a separate internal notes section at
the end of the document if cross-references to this instruction are required.
Ensure the remaining document content flows naturally without this
meta-commentary.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: a0c3b2a3-852b-40b7-9a3c-c00cf4a87a84
📒 Files selected for processing (15)
.dockerignore.github/workflows/publish-agent-runtime-images.ymlapps/api/src/box/constants/curated-images.constant.spec.tsapps/api/src/box/constants/curated-images.constant.tsapps/dashboard/src/components/Box/CreateBoxSheet.tsxapps/dashboard/src/components/Box/supportedBoxImages.test.tsapps/dashboard/src/components/Box/supportedBoxImages.tsapps/infra/sst.config.tsdocs/plans/agent-runtime-images-v2-design.mddocs/plans/agent-runtime-images-v2.mdimages/agent-runtime/base.Dockerfileimages/agent-runtime/node.Dockerfileimages/agent-runtime/python.Dockerfileimages/agent-runtime/start-agent-runtime.shscripts/images/build-agent-runtime.sh
DorianZheng
reviewed
Jun 16, 2026
| @@ -0,0 +1,85 @@ | |||
| name: Publish Agent Runtime Images | |||
law-chain-hot
changed the title
DorianZheng
reviewed
Jun 16, 2026
| && rm -rf /var/lib/apt/lists/* | ||
|
|
||
| ARG TARGETARCH | ||
| COPY apps/dist/apps/daemon-runtime/boxlite-daemon-${TARGETARCH} /boxlite/bin/boxlite-daemon |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@scripts/images/build-agent-runtime.sh`:
- Line 93: The target variable assignment on line 93 currently uses the naming
pattern boxlite-agent-<image> but needs to match the publishing contract which
requires boxlite-agent-<image>-v2. Update the target variable assignment to
append -v2 between the image name and the tag separator to ensure the image is
published to the correct repository matching the v2 naming convention.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 8ce2039e-56f4-4b86-baf9-af497cfedd58
📒 Files selected for processing (11)
.github/workflows/publish-agent-runtime-images.ymlapps/api/src/box/constants/curated-images.constant.spec.tsapps/api/src/box/constants/curated-images.constant.tsapps/dashboard/src/components/Box/supportedBoxImages.test.tsapps/dashboard/src/components/Box/supportedBoxImages.tsapps/infra/sst.config.tsapps/scripts/local-dex-env.mjsdocs/plans/agent-runtime-images-versioned-design.mddocs/plans/agent-runtime-images-versioned.mdimages/agent-runtime/VERSIONscripts/images/build-agent-runtime.sh
✅ Files skipped from review due to trivial changes (3)
- images/agent-runtime/VERSION
- docs/plans/agent-runtime-images-versioned-design.md
- docs/plans/agent-runtime-images-versioned.md
🚧 Files skipped from review as they are similar to previous changes (3)
- apps/dashboard/src/components/Box/supportedBoxImages.test.ts
- apps/api/src/box/constants/curated-images.constant.spec.ts
- apps/dashboard/src/components/Box/supportedBoxImages.ts
| local image="$1" | ||
| local tag="$2" | ||
| local dockerfile="$ROOT_DIR/images/agent-runtime/${image}.Dockerfile" | ||
| local target="$REGISTRY/boxlite-agent-${image}:$tag" |
There was a problem hiding this comment.
Use the v2 image repository names to match the publishing contract.
Line 93 currently publishes ghcr.io/boxlite-ai/boxlite-agent-<image>:<tag>, but this PR’s contract is to publish boxlite-agent-<image>-v2:<tag>. As written, the workflow will push to the wrong repos and downstream v2 references won’t resolve.
Suggested fix
- local target="$REGISTRY/boxlite-agent-${image}:$tag"
+ local target="$REGISTRY/boxlite-agent-${image}-v2:$tag"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| local target="$REGISTRY/boxlite-agent-${image}:$tag" | |
| local target="$REGISTRY/boxlite-agent-${image}-v2:$tag" |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@scripts/images/build-agent-runtime.sh` at line 93, The target variable
assignment on line 93 currently uses the naming pattern boxlite-agent-<image>
but needs to match the publishing contract which requires
boxlite-agent-<image>-v2. Update the target variable assignment to append -v2
between the image name and the tag separator to ensure the image is published to
the correct repository matching the v2 naming convention.
There was a problem hiding this comment.
🧹 Nitpick comments (1)
images/agent-runtime/python.Dockerfile (1)
38-40: 💤 Low valueConsider removing redundant apt Python packages.
The
python:3.12-slim-bookwormbase image already provides Python 3.12 with pip and venv. Installingpython3,python3-pip,python3-venvfrom apt adds Debian's Python 3.11 alongside the existing 3.12, increasing image size and potentially causing version confusion.None of the other apt packages in this Dockerfile depend on the system python3 package. If you specifically need the Debian Python for some compatibility reason, consider documenting that case; otherwise these three packages can be removed.
♻️ Suggested diff
RUN apt-get update \ && apt-get install -y --no-install-recommends \ bash \ build-essential \ ca-certificates \ curl \ git \ jq \ less \ openssh-client \ pkg-config \ procps \ - python3 \ - python3-pip \ - python3-venv \ sudo \ tzdata \ unzip \ wget \ zip \🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@images/agent-runtime/python.Dockerfile` around lines 38 - 40, Remove the redundant `python3`, `python3-pip`, and `python3-venv` packages from the apt package list since the `python:3.12-slim-bookworm` base image already provides Python 3.12 with pip and venv. These lines are not needed and only increase the image size while potentially introducing Python 3.11 from Debian, causing unnecessary version confusion. Delete the three lines containing these package names from the apt installation section.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@images/agent-runtime/python.Dockerfile`:
- Around line 38-40: Remove the redundant `python3`, `python3-pip`, and
`python3-venv` packages from the apt package list since the
`python:3.12-slim-bookworm` base image already provides Python 3.12 with pip and
venv. These lines are not needed and only increase the image size while
potentially introducing Python 3.11 from Debian, causing unnecessary version
confusion. Delete the three lines containing these package names from the apt
installation section.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 8c3abc0d-6062-45fb-91a7-042778c60219
📒 Files selected for processing (11)
.dockerignore.github/workflows/publish-agent-runtime-images.ymlapps/api/src/box/constants/curated-images.constant.tsapps/dashboard/src/components/Box/supportedBoxImages.tsapps/infra/sst.config.tsapps/scripts/local-dex-env.mjsimages/agent-runtime/base.Dockerfileimages/agent-runtime/node.Dockerfileimages/agent-runtime/python.Dockerfileimages/agent-runtime/start-agent-runtime.shscripts/images/build-agent-runtime.sh
✅ Files skipped from review due to trivial changes (1)
- apps/api/src/box/constants/curated-images.constant.ts
🚧 Files skipped from review as they are similar to previous changes (7)
- .dockerignore
- apps/dashboard/src/components/Box/supportedBoxImages.ts
- images/agent-runtime/start-agent-runtime.sh
- apps/scripts/local-dex-env.mjs
- apps/infra/sst.config.ts
- .github/workflows/publish-agent-runtime-images.yml
- scripts/images/build-agent-runtime.sh
law-chain-hot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
boxlite-agent-base,boxlite-agent-python, andboxlite-agent-nodeimages/agent-runtime/VERSION, starting atv0.1.0, with Buildx publishinglinux/amd64andlinux/arm64v0.1.0Pure Image Boundary
boxlite-daemon, nostart-agent-runtime.sh, no BoxLite process supervisor is embedded in the imagesVersioning
images/agent-runtime/VERSION0.1.0, published asv0.1.00.1.0 -> 0.1.1, and publish the matchingvX.Y.ZtagImage refs
ghcr.io/boxlite-ai/boxlite-agent-base:v0.1.0ghcr.io/boxlite-ai/boxlite-agent-python:v0.1.0ghcr.io/boxlite-ai/boxlite-agent-node:v0.1.0Verification
bash -n scripts/images/build-agent-runtime.shnode --check apps/scripts/local-dex-env.mjsruby -e 'require "yaml"; YAML.load_file(".github/workflows/publish-agent-runtime-images.yml"); puts "workflow yaml ok"'git diff --checkTAG=bad PLATFORMS=linux/amd64 PUSH=0 bash scripts/images/build-agent-runtime.shexits before Docker with tag validation errorTAG=v0.1.0 PLATFORMS=linux/s390x PUSH=0 bash scripts/images/build-agent-runtime.shexits before Docker with platform validation errorcd apps && NX_DAEMON=false yarn nx test api -- --testPathPatterns=src/box/constants/curated-images.constant.spec.tscd apps/dashboard && yarn vitest run src/components/Box/supportedBoxImages.test.tsNX_DAEMON=false make lint:appspassed with existing warnings onlyNot Run
NX_DAEMON=false make test:apps: blocked before apps tests by uninitializedlibkrun/libkrunfwsubmodules duringdev:goSummary by CodeRabbit
Release Notes
New Features
Documentation
Tests
Chores