fix ci builds and sandbox workflows

Author: SecAI-Hub

.github/container-pin-waivers.json

@@ -2,7 +2,7 @@
   "_comment": "Temporary waivers for FROM refs that cannot be represented as a single static digest because the build arg selects multiple upstream variants. Each waiver must expire and must be reviewed before renewal.",
   "dynamic_from": [
     {
-      "path": "services/inference-worker/Containerfile",
+      "path": "services/inference-worker/Dockerfile",
       "image_ref": "ghcr.io/ggml-org/llama.cpp:${IMAGE_TAG}",
       "reason": "IMAGE_TAG selects CPU/CUDA/ROCm/Vulkan/Intel llama.cpp variants. Production builds must pass the resolved digest through release metadata until this is split into per-variant pinned stages.",
       "reviewer": "sec_ai",

deploy/sandbox/.env.example

@@ -17,3 +17,5 @@ SECAI_CONTEXT_SIZE=8192
 SECAI_GPU_LAYERS=0
 
 SECAI_DIFFUSION_COMPUTE=cpu
+SECAI_DIFFUSION_DEVICE_PREFERENCE=auto
+SECAI_DIFFUSION_CPU_OFFLOAD=0

deploy/sandbox/compose.gpu.nvidia.yaml

@@ -0,0 +1,17 @@
+services:
+  diffusion:
+    build:
+      args:
+        COMPUTE: cuda
+    environment:
+      DIFFUSION_DEVICE_PREFERENCE: ${SECAI_DIFFUSION_DEVICE_PREFERENCE:-auto}
+      DIFFUSION_CPU_OFFLOAD: ${SECAI_DIFFUSION_CPU_OFFLOAD:-0}
+      NVIDIA_VISIBLE_DEVICES: ${NVIDIA_VISIBLE_DEVICES:-all}
+      NVIDIA_DRIVER_CAPABILITIES: ${NVIDIA_DRIVER_CAPABILITIES:-compute,utility}
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: all
+              capabilities: ["gpu"]

deploy/sandbox/compose.gpu.rocm.yaml

@@ -0,0 +1,14 @@
+services:
+  diffusion:
+    build:
+      args:
+        COMPUTE: rocm
+    environment:
+      DIFFUSION_DEVICE_PREFERENCE: ${SECAI_DIFFUSION_DEVICE_PREFERENCE:-auto}
+      DIFFUSION_CPU_OFFLOAD: ${SECAI_DIFFUSION_CPU_OFFLOAD:-0}
+    devices:
+      - /dev/kfd:/dev/kfd
+      - /dev/dri:/dev/dri
+    group_add:
+      - video
+      - render

deploy/sandbox/compose.yaml

@@ -15,14 +15,14 @@ x-secai-runtime-defaults: &secai_runtime_defaults
       max-size: "10m"
       max-file: "3"
   tmpfs:
-    - /tmp:rw,noexec,nosuid,nodev,size=64m
+    - /tmp:rw,noexec,nosuid,nodev,size=64m,mode=1777
 
 services:
   registry:
     <<: *secai_runtime_defaults
     build:
       context: ../../services/registry
-      dockerfile: Containerfile
+      dockerfile: Dockerfile
     environment:
       BIND_ADDR: 0.0.0.0:8470
       REGISTRY_DIR: /var/lib/secure-ai/registry
@@ -45,7 +45,7 @@ services:
     <<: *secai_runtime_defaults
     build:
       context: ../../services/policy-engine
-      dockerfile: Containerfile
+      dockerfile: Dockerfile
     environment:
       BIND_ADDR: 0.0.0.0:8500
       POLICY_PATH: /etc/secure-ai/policy/policy.yaml
@@ -69,7 +69,7 @@ services:
     <<: *secai_runtime_defaults
     build:
       context: ../../services/tool-firewall
-      dockerfile: Containerfile
+      dockerfile: Dockerfile
     environment:
       BIND_ADDR: 0.0.0.0:8475
       POLICY_PATH: /etc/secure-ai/policy/policy.yaml
@@ -92,7 +92,7 @@ services:
     <<: *secai_runtime_defaults
     build:
       context: ../../services/airlock
-      dockerfile: Containerfile
+      dockerfile: Dockerfile
     environment:
       BIND_ADDR: 0.0.0.0:8490
       POLICY_PATH: /etc/secure-ai/policy/policy.yaml
@@ -115,7 +115,7 @@ services:
     <<: *secai_runtime_defaults
     build:
       context: ../..
-      dockerfile: services/quarantine/Containerfile.sandbox
+      dockerfile: services/quarantine/Dockerfile.sandbox
     depends_on:
       registry:
         condition: service_healthy
@@ -144,7 +144,7 @@ services:
     <<: *secai_runtime_defaults
     build:
       context: ../..
-      dockerfile: services/search-mediator/Containerfile
+      dockerfile: services/search-mediator/Dockerfile
     environment:
       BIND_ADDR: 0.0.0.0:8485
       SEARXNG_URL: http://searxng:8888
@@ -185,7 +185,7 @@ services:
     <<: *secai_runtime_defaults
     build:
       context: ./tor
-      dockerfile: Containerfile
+      dockerfile: Dockerfile
     volumes:
       - ./search/torrc:/etc/tor/torrc:ro
     networks:
@@ -209,7 +209,7 @@ services:
     <<: *secai_runtime_defaults
     build:
       context: ./searxng
-      dockerfile: Containerfile
+      dockerfile: Dockerfile
     depends_on:
       tor:
         condition: service_healthy
@@ -238,7 +238,7 @@ services:
     <<: *secai_runtime_defaults
     build:
       context: ../..
-      dockerfile: services/agent/Containerfile.sandbox
+      dockerfile: services/agent/Dockerfile.sandbox
     depends_on:
       registry:
         condition: service_healthy
@@ -279,7 +279,7 @@ services:
     <<: *secai_runtime_defaults
     build:
       context: ../..
-      dockerfile: services/ui/Containerfile.sandbox
+      dockerfile: services/ui/Dockerfile.sandbox
     depends_on:
       registry:
         condition: service_healthy
@@ -347,7 +347,7 @@ services:
     <<: *secai_runtime_defaults
     build:
       context: ../../services/inference-worker
-      dockerfile: Containerfile
+      dockerfile: Dockerfile
       args:
         IMAGE_TAG: ${SECAI_INFERENCE_IMAGE_TAG:-server}
     user: "65534:65534"
@@ -367,7 +367,7 @@ services:
     <<: *secai_runtime_defaults
     build:
       context: ../..
-      dockerfile: services/diffusion-worker/Containerfile.sandbox
+      dockerfile: services/diffusion-worker/Dockerfile.sandbox
       args:
         COMPUTE: ${SECAI_DIFFUSION_COMPUTE:-cpu}
     environment:
@@ -381,6 +381,8 @@ services:
       GUNICORN_THREADS: 2
       GUNICORN_TIMEOUT: 1800
       GUNICORN_GRACEFUL_TIMEOUT: 30
+      DIFFUSION_DEVICE_PREFERENCE: ${SECAI_DIFFUSION_DEVICE_PREFERENCE:-auto}
+      DIFFUSION_CPU_OFFLOAD: ${SECAI_DIFFUSION_CPU_OFFLOAD:-0}
     tmpfs:
       - /tmp:rw,noexec,nosuid,nodev,size=256m
     volumes:

deploy/sandbox/searxng/Containerfile deploy/sandbox/searxng/Dockerfiledeploy/sandbox/searxng/Containerfile renamed to deploy/sandbox/searxng/Dockerfile

@@ -103,6 +103,24 @@ bash scripts/sandbox/start.sh --with-diffusion
 powershell -ExecutionPolicy Bypass -File scripts/sandbox/start.ps1 -WithDiffusion
 ```
 
+For capable NVIDIA or ROCm hosts, add GPU acceleration:
+
+```bash
+bash scripts/sandbox/start.sh --with-diffusion --with-gpu
+```
+
+```powershell
+.\secai-sandbox.cmd start --with-diffusion --with-gpu
+```
+
+`--with-gpu` builds the diffusion worker with a GPU PyTorch backend and adds a
+GPU-specific compose override. By default it keeps diffusion pipelines resident
+on the GPU and leaves CPU offload disabled (`SECAI_DIFFUSION_CPU_OFFLOAD=0`).
+Set `SECAI_DIFFUSION_COMPUTE=rocm` for AMD ROCm, or leave it unset for NVIDIA
+CUDA auto-detection. GPU passthrough gives the diffusion container access to the
+host GPU device, so keep it disabled for sessions that do not need generation
+acceleration.
+
 **Enable Tor-routed web search**
 
 This starts the Tor and SearXNG sidecars and flips the sandbox runtime policy

deploy/sandbox/tor/Containerfile deploy/sandbox/tor/Dockerfiledeploy/sandbox/tor/Containerfile renamed to deploy/sandbox/tor/Dockerfile

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+repo_dir="/etc/yum.repos.d"
+disabled_count=0
+
+if [[ ! -d "$repo_dir" ]]; then
+    echo "No yum repository directory present; skipping stale repo preflight."
+    exit 0
+fi
+
+shopt -s nullglob
+for repo_file in "$repo_dir"/*.repo; do
+    if ! grep -Eiq '(^[[:space:]]*\[fedora-multimedia\]|negativo17\.org/.*/multimedia|fedora-multimedia)' "$repo_file"; then
+        continue
+    fi
+
+    if grep -Eq '^[[:space:]]*enabled[[:space:]]*=' "$repo_file"; then
+        sed -ri 's/^[[:space:]]*enabled[[:space:]]*=.*/enabled=0/' "$repo_file"
+    else
+        printf '\nenabled=0\n' >> "$repo_file"
+    fi
+
+    disabled_count=$((disabled_count + 1))
+    echo "Disabled stale Fedora multimedia repository in ${repo_file}."
+done
+
+if [[ "$disabled_count" -eq 0 ]]; then
+    echo "No stale Fedora multimedia repository found."
+fi