pocketenv.io / pocketenv
the universal sandbox runtime for agents and humans. pocketenv.io
sandbox openclaw agent claude-code vercel-sandbox deno-sandbox cloudflare-sandbox atproto sprites daytona
7
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add CF sandbox Dockerfile and JWT did fallback

Tsiry Sandratraina 99131f50 cd15613a

+116 -1
+1
.github/workflows/deploy.yml
··· 29 29 env: 30 30 CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} 31 31 run: | 32 + cp deploy/base/Dockerfile . 32 33 bunx wrangler deploy 33 34 deploy: 34 35 runs-on: ubuntu-latest
+110
apps/cf-sandbox/deploy/base/Dockerfile
··· 1 + FROM node:lts-trixie-slim 2 + 3 + COPY --from=docker.io/cloudflare/sandbox:0.7.8 /container-server/sandbox /sandbox 4 + 5 + RUN echo "deb [signed-by=/etc/apt/keyrings/doppler.gpg] https://packages.doppler.com/public/cli/deb/debian any-version main" | tee /etc/apt/sources.list.d/doppler-cli.list 6 + 7 + RUN apt-get update && apt-get install -y --no-install-recommends \ 8 + openssh-client \ 9 + git \ 10 + curl \ 11 + ca-certificates \ 12 + gnupg \ 13 + unzip \ 14 + python3 \ 15 + build-essential \ 16 + tmux \ 17 + gawk \ 18 + sed \ 19 + procps \ 20 + wget \ 21 + locales-all \ 22 + s3fs \ 23 + fontconfig \ 24 + sudo \ 25 + && useradd -m -s /bin/bash coder \ 26 + && echo "coder ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/coder 27 + 28 + ENV LC_ALL en_US.UTF-8 29 + ENV LANG en_US.UTF-8 30 + ENV LANGUAGE en_US.UTF-8 31 + 32 + RUN curl -s https://ohmyposh.dev/install.sh | bash -s && \ 33 + curl -s https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/refs/heads/main/themes/tokyonight_storm.omp.json | tee /root/.tokyonight_storm.omp.json >/dev/null && \ 34 + echo 'eval "$(oh-my-posh init bash --config ~/.tokyonight_storm.omp.json)"' >> /root/.bashrc 35 + 36 + 37 + RUN git clone --recursive --depth 1 --shallow-submodules https://github.com/akinomyoga/ble.sh.git && \ 38 + mkdir -p /root/.local && \ 39 + make -C ble.sh install PREFIX=/root/.local && \ 40 + rm -rf ble.sh && \ 41 + echo 'export LANG=en_US.UTF-8' >> ~/.bashrc && \ 42 + echo 'source -- ~/.local/share/blesh/ble.sh' >> ~/.bashrc 43 + 44 + RUN curl --proto '=https' --tlsv1.2 -LsSf https://setup.atuin.sh | sh && \ 45 + echo 'export PATH=$PATH:/root/.atuin/bin' >> ~/.bashrc && \ 46 + echo 'eval "$(atuin init bash)"' >> ~/.bashrc || true 47 + 48 + RUN case "${TARGETARCH}" in \ 49 + amd64) EZA_ARCH="x86_64-unknown-linux-musl" ;; \ 50 + arm64) EZA_ARCH="aarch64-unknown-linux-musl" ;; \ 51 + *) echo "Unsupported arch: ${TARGETARCH}" && exit 1 ;; \ 52 + esac && \ 53 + wget -qO /tmp/eza.tar.gz "https://github.com/eza-community/eza/releases/latest/download/eza_${EZA_ARCH}.tar.gz" && \ 54 + tar -xzf /tmp/eza.tar.gz -C /root/.local/bin && \ 55 + chmod +x /root/.local/bin/eza && \ 56 + rm /tmp/eza.tar.gz && \ 57 + echo 'alias ls="eza -l"' >> ~/.bashrc 58 + 59 + RUN curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/gpg.DE2A7741A397C129.key' | gpg --dearmor | tee /etc/apt/keyrings/doppler.gpg >/dev/null \ 60 + && echo "deb [signed-by=/etc/apt/keyrings/doppler.gpg] https://packages.doppler.com/public/cli/deb/debian any-version main" | tee /etc/apt/sources.list.d/doppler-cli.list \ 61 + && apt-get update && apt-get install -y doppler && doppler --version 62 + 63 + RUN curl -fsSL https://tailscale.com/install.sh | sh 64 + 65 + RUN mkdir -p /root/.npm-global && npm config set prefix "/root/.npm-global" 66 + 67 + ENV PATH "/root/.npm-global/bin:${PATH}" 68 + 69 + RUN npm install -g pm2 70 + 71 + RUN curl -fsSL https://deno.land/install.sh | sh 72 + 73 + RUN curl -fsSL https://bun.sh/install | bash 74 + 75 + ENV PATH "/root/.deno/bin:/root/.local/bin:${PATH}" 76 + 77 + RUN echo 'PATH="$HOME/.deno/bin:$HOME/.local/bin:$PATH"' >> ~/.bashrc && \ 78 + echo 'stty sane' >> ~/.bashrc && \ 79 + echo '. "$HOME/.bashrc"' >> ~/.profile 80 + 81 + RUN curl -fsSL https://code-server.dev/install.sh | sh && \ 82 + code-server --install-extension bastndev.lynx-theme --force && \ 83 + curl -fsSL https://github.com/ryanoasis/nerd-fonts/releases/download/v3.4.0/CascadiaMono.zip -o /tmp/CascadiaMono.zip && \ 84 + mkdir -p /usr/share/fonts && \ 85 + unzip -o /tmp/CascadiaMono.zip -d /usr/share/fonts/CascadiaMono && \ 86 + fc-cache -fv && \ 87 + touch /root/.vscode-setup-done 88 + 89 + RUN wget -qO /tmp/zoxide.tar.gz https://github.com/ajeetdsouza/zoxide/releases/download/v0.9.9/zoxide-0.9.9-x86_64-unknown-linux-musl.tar.gz && \ 90 + tar -xzf /tmp/zoxide.tar.gz -C ~/.local/bin zoxide && \ 91 + chmod +x ~/.local/bin/zoxide && \ 92 + rm /tmp/zoxide.tar.gz && \ 93 + echo 'eval "$(zoxide init bash)"' >> ~/.bashrc 94 + 95 + USER coder 96 + RUN mkdir -p /home/coder && curl -fsSL https://zerobrew.rs/install | bash 97 + USER root 98 + 99 + RUN mv /home/coder/.local/bin/* ~/.local/bin 100 + 101 + WORKDIR /workspace 102 + 103 + ENV COMMAND_TIMEOUT_MS 300000 104 + 105 + # Required during local development to access exposed ports 106 + EXPOSE 8080 107 + EXPOSE 18789 108 + EXPOSE 3000/tcp 109 + 110 + ENTRYPOINT ["/sandbox"]
+5 -1
apps/cf-sandbox/src/index.ts
··· 39 39 import decrypt from "./lib/decrypt"; 40 40 import crypto from "node:crypto"; 41 41 import services from "./schema/services"; 42 + import { unknown } from "zod"; 42 43 43 44 type Bindings = { 44 45 Sandbox: DurableObjectNamespace<Sandbox<Env>>; ··· 57 58 if (token) { 58 59 try { 59 60 const decoded = await jwt.verify(token, process.env.JWT_SECRET!); 60 - c.set("did", decoded?.payload?.sub); 61 + c.set( 62 + "did", 63 + decoded?.payload?.sub || (decoded?.payload as { did: string })?.did, 64 + ); 61 65 } catch (err) { 62 66 consola.error("JWT verification failed:", err); 63 67 return c.json({ error: "Unauthorized" }, 401);