Skip to content

Add persistent container support#67

Merged
anticomputer merged 5 commits intomainfrom
anticomputer/container-improvements
Mar 18, 2026
Merged

Add persistent container support#67
anticomputer merged 5 commits intomainfrom
anticomputer/container-improvements

Conversation

@anticomputer
Copy link
Contributor

@anticomputer anticomputer commented Mar 18, 2026

Adds CONTAINER_PERSIST env var to container_shell. When set to true, containers get a deterministic name, survive MCP server exit, and are reused by subsequent tasks. Useful for multi-task taskflows that need shared state across tasks.

@anticomputer
feat: add persistent container support via CONTAINER_PERSIST env var
5e1a0b0 
When CONTAINER_PERSIST is set to 'true', containers are:
- Named deterministically (seclab-persist-{image-slug}) instead of randomly
- Started without --rm so they survive MCP server process exit
- Reused if already running (new MCP server attaches to existing container)
- Not stopped on atexit (container persists for the next task)

This enables multi-task taskflows to share state across tasks without
rebuilding the environment each time. Set CONTAINER_PERSIST in the
taskflow env or toolbox YAML to enable.

All container_shell toolbox YAMLs updated to expose CONTAINER_PERSIST.
Copilot AI review requested due to automatic review settings March 18, 2026 18:39
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an opt-in “persistent container” mode for the container_shell MCP server so that a deterministic container can be reused across tasks, enabling shared state in multi-task taskflows.

Changes:

  • Introduces CONTAINER_PERSIST env var (parsed as a boolean) and persistent lifecycle behavior in container_shell.py.
  • Adds CONTAINER_PERSIST passthrough to the container shell toolbox YAMLs (base/sast/network/malware).

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
src/seclab_taskflows/mcp_servers/container_shell.py Adds deterministic naming + reuse logic and skips shutdown for persistent containers.
src/seclab_taskflows/toolboxes/container_shell_base.yaml Passes CONTAINER_PERSIST into the MCP server environment.
src/seclab_taskflows/toolboxes/container_shell_sast.yaml Passes CONTAINER_PERSIST into the MCP server environment.
src/seclab_taskflows/toolboxes/container_shell_network_analysis.yaml Passes CONTAINER_PERSIST into the MCP server environment.
src/seclab_taskflows/toolboxes/container_shell_malware_analysis.yaml Passes CONTAINER_PERSIST into the MCP server environment.
Comments suppressed due to low confidence (1)

src/seclab_taskflows/mcp_servers/container_shell.py:47

  • docker inspect is invoked without a timeout. If the Docker daemon is unresponsive, this can block the MCP server indefinitely. Please add a reasonable timeout (consistent with the docker run timeout) and handle subprocess.TimeoutExpired so the tool fails fast with a clear error.
    result = subprocess.run(
        ["docker", "inspect", "-f", "{{.State.Running}}", name],
        capture_output=True,
        text=True,
    )

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

p-
p- previously approved these changes Mar 18, 2026
View reviewed changes
@anticomputer
address PR review feedback
b646bea 
- Use sha256 hash of full image ref (+ optional CONTAINER_PERSIST_KEY)
  for deterministic container names, avoiding collisions on long prefixes
- Add timeouts to all docker subprocess calls (_DOCKER_TIMEOUT = 30s)
- Extract _remove_container() helper with failure logging
- Use docker inspect --format json + json.loads for _is_running()
- Handle TimeoutExpired and JSONDecodeError gracefully
- Add CONTAINER_PERSIST_KEY env var to all toolbox YAMLs
- Add 11 tests covering persistent container behavior:
  name hashing, reuse, no --rm flag, stop skip, error logging
Copilot AI review requested due to automatic review settings March 18, 2026 19:51
@anticomputer anticomputer force-pushed the anticomputer/container-improvements branch from 2854cad to b646bea Compare March 18, 2026 19:51
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds an opt-in “persistent container” mode to the container_shell MCP server so multi-task taskflows can reuse a deterministic, long-lived Docker container across server restarts.

Changes:

  • Add CONTAINER_PERSIST / CONTAINER_PERSIST_KEY support and deterministic container naming to container_shell.
  • Add helper functions for checking container running state and removing leftovers.
  • Extend toolbox YAMLs and add unit tests covering persistence behavior.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
src/seclab_taskflows/mcp_servers/container_shell.py Implements deterministic naming + reuse logic for persistent containers.
tests/test_container_shell.py Adds unit tests for persistent naming, reuse, stop-skip behavior, and helper error paths.
src/seclab_taskflows/toolboxes/container_shell_base.yaml Wires persistence env vars into the base container toolbox.
src/seclab_taskflows/toolboxes/container_shell_malware_analysis.yaml Wires persistence env vars into the malware analysis toolbox.
src/seclab_taskflows/toolboxes/container_shell_network_analysis.yaml Wires persistence env vars into the network analysis toolbox.
src/seclab_taskflows/toolboxes/container_shell_sast.yaml Wires persistence env vars into the SAST toolbox.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@anticomputer
address second round of review feedback
d908abf 
- docker rm without -f to avoid killing running containers on transient failures
- use _DOCKER_TIMEOUT constant for docker run
- assert full docker inspect argv in reuse test
p-
p- previously approved these changes Mar 18, 2026
View reviewed changes
Copilot AI review requested due to automatic review settings March 18, 2026 20:32
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support for reusing a deterministic, persistent Docker container across MCP server runs in container_shell, controlled via new environment variables and propagated through the relevant toolboxes.

Changes:

  • Introduces CONTAINER_PERSIST / CONTAINER_PERSIST_KEY to enable deterministic container naming and reuse.
  • Updates container lifecycle logic to reuse running persistent containers and skip stopping them on exit.
  • Adds unit tests for persistent naming, reuse behavior, and helper functions; updates toolboxes to pass through the new env vars.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/seclab_taskflows/mcp_servers/container_shell.py Implements persistent container naming, reuse checks, and adjusted stop/remove behavior.
tests/test_container_shell.py Adds test coverage for persistent naming/reuse and helper behaviors.
src/seclab_taskflows/toolboxes/container_shell_base.yaml Passes through CONTAINER_PERSIST and CONTAINER_PERSIST_KEY to the MCP server.
src/seclab_taskflows/toolboxes/container_shell_malware_analysis.yaml Passes through CONTAINER_PERSIST and CONTAINER_PERSIST_KEY to the MCP server.
src/seclab_taskflows/toolboxes/container_shell_network_analysis.yaml Passes through CONTAINER_PERSIST and CONTAINER_PERSIST_KEY to the MCP server.
src/seclab_taskflows/toolboxes/container_shell_sast.yaml Passes through CONTAINER_PERSIST and CONTAINER_PERSIST_KEY to the MCP server.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

kevinbackhouse
kevinbackhouse previously approved these changes Mar 18, 2026
View reviewed changes
@Kwstubbs Kwstubbs requested review from Kwstubbs and removed request for Kwstubbs March 18, 2026 21:05
@anticomputer anticomputer merged commit 4cecfe9 into main Mar 18, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Kwstubbs Kwstubbs Kwstubbs approved these changes

@p- p- p- left review comments

@kevinbackhouse kevinbackhouse kevinbackhouse left review comments

@m-y-mo m-y-mo Awaiting requested review from m-y-mo m-y-mo is a code owner

@JarLob JarLob Awaiting requested review from JarLob JarLob is a code owner

@sylwia-budzynska sylwia-budzynska Awaiting requested review from sylwia-budzynska sylwia-budzynska is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@anticomputer @p- @kevinbackhouse @Kwstubbs