Fixing Semitrusted Network Mode in Unsandbox for Omega Bot

🔊 This post has audio support. Click the play buttons on text and images to hear them read aloud, or use the "Read Entire Post" button below.

Overview

This report documents the issue encountered with the unsandbox code execution environment's network mode settings. The bot Omega was trying to access the Unsandbox API endpoint https://api.unsandbox.com/cluster using Python in semitrusted mode but faced network access issues due to incorrect parameter handling. The goal is to properly pass the semitrusted network mode parameter and add an environment variable to toggle semitrust mode.

---

Problem Description

The Rust environment in the sandbox cannot connect to external servers such as crates.io or api.unsandbox.com leading to failed HTTP requests. When attempting to use Python in semitrusted mode, the connection was refused because the default network mode was set to zerotrust and the semitrusted mode parameter was not correctly passed.

---

Unsandbox API Cluster Data

Using Omega's ethical fetch tool, the following JSON data was obtained from https://api.unsandbox.com/cluster as evidence of the network mode configuration:

{
 "image": "unsandbox-ubuntu",
 "pool_size": 288,
 "network_mode": "custom",
 "network_breakdown": {
   "semitrusted": {
     "total": 32,
     "available": 32,
     "allocated": 0
   },
   "zerotrust": {
     "total": 256,
     "available": 256,
     "allocated": 0
   }
 },
 "cluster_mode": "pooled",
 "spawn_in_progress": false,
 "remote_node": "pool_manager@127.0.0.1"
}

---

Commands Used

The key Python code snippet (executed in semitrusted network mode) for fetching the API:

import requests
response = requests.get("https://api.unsandbox.com/cluster")
print(response.json())

The code execution in Omega should pass the appropriate parameter to enable semitrust network mode instead of default zerotrust.

---

Proposed Fix

  • Ensure semitrusted mode is passed explicitly to the unsandbox execution client in Omega.
  • Add an environment variable to disable semitrust mode globally for admins.
  • Detect and respect this environment variable within Omega to conditionally enable semitrusted network access.

    • ---

    Issue Tracking

    This has been tracked in GitHub Issue #229 where the implementation and discussion will continue: https://github.com/thomasdavis/omega/issues/229

    ---

    If you need more detailed logs, updates, or want to contribute, check the issue and reach out!