-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrun-open-hands.sh
More file actions
executable file
·138 lines (125 loc) · 5.89 KB
/
Copy pathrun-open-hands.sh
File metadata and controls
executable file
·138 lines (125 loc) · 5.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#!/bin/bash
# Check if .env file exists
if [ -f .env ]; then
# Load environment variables from .env file
export $(cat .env | grep -v '^#' | xargs)
# ---------- guarantee a deterministic container name ----------
: "${CONTAINER_NAME:=oha-container}" # default if .env omits it
# ----------------------------------------------------------------
# Only pass LLM_REASONING_EFFORT to Docker if it is set/non-empty
LLM_REASONING_EFFORT_ARG=""
if [[ -n "$LLM_REASONING_EFFORT" ]]; then
LLM_REASONING_EFFORT_ARG="-e LLM_REASONING_EFFORT=${LLM_REASONING_EFFORT}"
fi
# Only pass SYSTEM_PWD to Docker if it is set/non-empty, with proper escaping
SYSTEM_PWD_ARG=""
if [[ -n "$SYSTEM_PWD" ]]; then
escaped_pwd=$(printf '%q' "$SYSTEM_PWD")
SYSTEM_PWD_ARG="-e SYSTEM_PWD=$escaped_pwd"
fi
# Determine SANDBOX_USER_ID based on SYSTEM_PWD
# If SYSTEM_PWD is provided, we run as root (UID 0) inside the container
# This enables sudo operations within the container using the provided password
# If SYSTEM_PWD is not provided, we run as the current host user (non-root)
# This follows the principle of least privilege for better security when root access isn't needed
if [[ -n "$SYSTEM_PWD" ]]; then
SANDBOX_USER_ID="0"
else
SANDBOX_USER_ID="$(id -u)"
fi
# Set default LOG_LEVEL if not specified, then pass to Docker
: "${LOG_LEVEL:=DEBUG}"
LOG_LEVEL_ARG="-e LOG_LEVEL=${LOG_LEVEL}"
# Set default LOG_ALL_EVENTS if not specified, then pass to Docker
: "${LOG_ALL_EVENTS:=true}"
LOG_ALL_EVENTS_ARG="-e LOG_ALL_EVENTS=${LOG_ALL_EVENTS}"
# Set default SANDBOX_RUNTIME_CONTAINER_IMAGE if not specified, then pass to Docker
: "${SANDBOX_RUNTIME_CONTAINER_IMAGE:="all-hands-ai/runtime:latest"}"
SANDBOX_RUNTIME_CONTAINER_IMAGE_ARG="-e SANDBOX_RUNTIME_CONTAINER_IMAGE=${SANDBOX_RUNTIME_CONTAINER_IMAGE}"
# Display selected model & reasoning-effort (only when an effort was supplied)
if [[ -n "$LLM_REASONING_EFFORT_ARG" ]]; then
echo "Using model: ${LLM_MODEL} with reasoning effort: ${LLM_REASONING_EFFORT}"
fi
export HOST_WORKSPACE="$(pwd)"
export SANDBOX_VOLUMES="${HOST_WORKSPACE}:/workspace:rw"
export RUNTIME_MOUNT="${HOST_WORKSPACE}:/workspace:rw"
export WORKSPACE_MOUNT_PATH_IN_SANDBOX="${HOST_WORKSPACE}:/workspace:rw"
# ------------------------------------------------------------------
# Ensure the dedicated Docker network exists
if ! docker network ls --format '{{.Name}}' | grep -q '^oha-cli-network$'; then
echo "Creating Docker network 'oha-cli-network'"
docker network create oha-cli-network
fi
# ------------------------------------------------------------------
# Print out environment variables that are passed to docker
echo "--- Passing the following environment variables to Docker ---"
print_var() {
local name="$1"
local value="$2"
if [ -z "$value" ]; then return; fi
# Convert name to lowercase for case-insensitive check, using tr for portability
local lower_name
lower_name=$(echo "$name" | tr '[:upper:]' '[:lower:]')
# Check for sensitive keywords in the variable name
if [[ "$lower_name" == *key* || "$lower_name" == *secret* ]]; then
echo "${name}=${value:0:6}***"
else
echo "${name}=${value}"
fi
}
print_var "SANDBOX_RUNTIME_CONTAINER_IMAGE" "$SANDBOX_RUNTIME_CONTAINER_IMAGE"
print_var "SANDBOX_USER_ID" "$SANDBOX_USER_ID"
print_var "SANDBOX_VOLUMES" "$SANDBOX_VOLUMES"
print_var "RUNTIME_MOUNT" "$RUNTIME_MOUNT"
print_var "WORKSPACE_MOUNT_PATH_IN_SANDBOX" "$WORKSPACE_MOUNT_PATH_IN_SANDBOX"
print_var "LLM_API_KEY" "$LLM_API_KEY"
print_var "LLM_PROVIDER" "$LLM_PROVIDER"
print_var "LLM_MODEL" "$LLM_MODEL"
print_var "AGENT_MEMORY_ENABLED" "$AGENT_MEMORY_ENABLED"
print_var "LLM_CACHING_PROMPT" "$LLM_CACHING_PROMPT"
print_var "AGENT_ENABLE_THINK" "$AGENT_ENABLE_THINK"
print_var "LLM_NUM_RETRIES" "$LLM_NUM_RETRIES"
print_var "AGENT_ENABLE_MCP" "$AGENT_ENABLE_MCP"
print_var "LLM_REASONING_EFFORT" "$LLM_REASONING_EFFORT"
print_var "LOG_LEVEL" "$LOG_LEVEL"
print_var "LOG_ALL_EVENTS" "$LOG_ALL_EVENTS"
print_var "SANDBOX_PLATFORM" "$SANDBOX_PLATFORM"
print_var "SANDBOX_ENABLE_GPU" "$SANDBOX_ENABLE_GPU"
print_var "SEARCH_API_KEY" "$SEARCH_API_KEY"
echo "-----------------------------------------------------------"
# Run the Open Hands container
docker run -it --rm --pull=always \
$SANDBOX_RUNTIME_CONTAINER_IMAGE_ARG \
-e SANDBOX_USER_ID=$SANDBOX_USER_ID \
-e SANDBOX_VOLUMES=$SANDBOX_VOLUMES \
-e RUNTIME_MOUNT=$RUNTIME_MOUNT \
-e WORKSPACE_MOUNT_PATH_IN_SANDBOX=$WORKSPACE_MOUNT_PATH_IN_SANDBOX \
-e LLM_API_KEY=$LLM_API_KEY \
-e LLM_PROVIDER=$LLM_PROVIDER \
-e LLM_MODEL=$LLM_MODEL \
-e AGENT_MEMORY_ENABLED=$AGENT_MEMORY_ENABLED \
-e LLM_CACHING_PROMPT=$LLM_CACHING_PROMPT \
-e AGENT_ENABLE_THINK=$AGENT_ENABLE_THINK \
-e LLM_NUM_RETRIES=$LLM_NUM_RETRIES \
-e AGENT_ENABLE_MCP=$AGENT_ENABLE_MCP \
$LLM_REASONING_EFFORT_ARG \
$LOG_ALL_EVENTS_ARG \
$LOG_LEVEL_ARG \
$SYSTEM_PWD_ARG \
-e SANDBOX_PLATFORM=$SANDBOX_PLATFORM \
-e SANDBOX_ENABLE_GPU=$SANDBOX_ENABLE_GPU \
-e SEARCH_API_KEY=$SEARCH_API_KEY \
-v /var/run/docker.sock:/var/run/docker.sock \
-v ~/.openhands:/.openhands \
-v "${HOST_WORKSPACE}:/workspace:rw" \
-w /workspace \
-p 3080:3080 \
--add-host host.docker.internal:host-gateway \
--network oha-cli-network \
--name "${CONTAINER_NAME}" \
docker.all-hands.dev/all-hands-ai/openhands:0.51.1 \
python3 -m openhands.cli.main --override-cli-mode true
else
echo "Error: .env file not found"
exit 1
fi