From 1d2cab692eecc9b4796354a6844b5870f903c4e9 Mon Sep 17 00:00:00 2001 From: CrazyBoyM Date: Tue, 17 Mar 2026 22:24:42 +0800 Subject: [PATCH] feat(sandbox): add Kode to base sandbox image Install Kode (@shareai-lab/kode@2.2.0) in the base sandbox image and add its network policy. Kode is an open-source multi-model AI coding agent supporting both Anthropic and OpenAI APIs. - Dockerfile: add @shareai-lab/kode@2.2.0 to global npm packages - policy.yaml: add kode_agent network policy for api.anthropic.com and api.openai.com, grant kode binary access to GitHub REST API Signed-off-by: CrazyBoyM --- sandboxes/base/Dockerfile | 3 ++- sandboxes/base/policy.yaml | 10 ++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/sandboxes/base/Dockerfile b/sandboxes/base/Dockerfile index 8662412..0c327a4 100644 --- a/sandboxes/base/Dockerfile +++ b/sandboxes/base/Dockerfile @@ -74,7 +74,8 @@ RUN npm install -g \ tar@7.5.11 \ @hono/node-server@1.19.11 \ opencode-ai@1.2.18 \ - @openai/codex@0.111.0 + @openai/codex@0.111.0 \ + @shareai-lab/kode@2.2.0 # GitHub CLI RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \ diff --git a/sandboxes/base/policy.yaml b/sandboxes/base/policy.yaml index 02ef4b1..e787736 100644 --- a/sandboxes/base/policy.yaml +++ b/sandboxes/base/policy.yaml @@ -93,6 +93,7 @@ network_policies: access: read-only binaries: - { path: /usr/local/bin/claude } + - { path: /usr/local/bin/kode } - { path: /usr/bin/gh } pypi: @@ -159,3 +160,12 @@ network_policies: - path: /usr/lib/node_modules/opencode-ai/bin/.opencode - path: /usr/bin/node - path: /usr/local/bin/opencode + + kode_agent: + name: kode-agent + endpoints: + - { host: api.anthropic.com, port: 443, protocol: rest, enforcement: enforce, access: full, tls: terminate } + - { host: api.openai.com, port: 443 } + binaries: + - { path: /usr/local/bin/kode } + - { path: /usr/bin/node }