fix: support --host-tmpdir flag (#379)

Author: artus9033

docs/opencode-docker.md

@@ -20,6 +20,30 @@ Provider access depends on 3 optional sources:
 2. passthrough env vars
 3. config referenced from `opencode.json`/`opencode.jsonc` placed in this repo root
 
+## Running the runner inside Docker
+
+When the runner itself runs in a container with access to the host Docker socket, solver/judge workspaces and auth isolation dirs must live on a host-visible path. The Docker daemon resolves bind-mount sources on the host, not inside the runner container.
+
+Pass `--host-tmpdir` to a directory that exists on the host and is bind-mounted into the runner container at the **same path**:
+
+```bash
+# on the host
+mkdir -p /var/tmp/evals-runner
+
+docker run \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  -v /var/tmp/evals-runner:/var/tmp/evals-runner \
+  ... \
+  bun runner/run.ts \
+    --model openai/gpt-4.1-mini \
+    --host-tmpdir /var/tmp/evals-runner \
+    --output generated/my-generated
+```
+
+When omitted, the runner uses the process temp directory (`os.tmpdir()`, typically `/tmp`). That works for local runs where the runner process and Docker daemon share the same filesystem namespace.
+
+The runner creates per-session subdirectories under this root with prefixes `evals-opencode-` (workspaces) and `evals-opencode-home-` (isolated auth copies). They are removed when each session finishes.
+
 ## Environment variable passthrough
 
 The runner forwards matching host environment variables into the container with `docker run -e`.
@@ -57,6 +81,10 @@ Extra prefixes are merged with the defaults above.
 
 Both `bun runner/run.ts` and `bun runner/judge.ts` accept:
 
+### `--host-tmpdir`
+
+Optional host-visible temp root for solver/judge workspaces and isolated auth copies. Use when the runner runs inside a container with access to the host Docker socket. See [Running the runner inside Docker](#running-the-runner-inside-docker).
+
 ### `--agent-logs`
 
 Streams OpenCode agent activity from the server SSE feed. Log lines are prefixed with `[opencode-docker][...][agent]` and include session lifecycle events, tool calls, and session errors.

runner/config.ts

@@ -29,6 +29,7 @@ export function parseRunCliArgs(argv: string[] = Bun.argv.slice(2)) {
       'pattern': { type: 'string', default: 'evals/**/*' },
       'timeout': { type: 'string', default: '120000' },
       'port': { type: 'string' },
+      'host-tmpdir': { type: 'string' },
       'output': { type: 'string' },
     },
     strict: true,
@@ -49,6 +50,7 @@ export function parseRunCliArgs(argv: string[] = Bun.argv.slice(2)) {
     pattern: values.pattern,
     timeout: parsePositiveInteger(values.timeout, '--timeout'),
     port: parsePort(values.port),
+    hostTmpdir: values['host-tmpdir'],
     output: values.output,
   }
 }
@@ -72,6 +74,7 @@ export function parseJudgeCliArgs(argv: string[] = Bun.argv.slice(2)) {
       'rerun-requirements-file': { type: 'string' },
       'timeout': { type: 'string', default: '120000' },
       'port': { type: 'string' },
+      'host-tmpdir': { type: 'string' },
       'input': { type: 'string' },
       'output': { type: 'string' },
     },
@@ -119,6 +122,7 @@ export function parseJudgeCliArgs(argv: string[] = Bun.argv.slice(2)) {
     rerunRequirementsFile: values['rerun-requirements-file'],
     timeout: parsePositiveInteger(values.timeout, '--timeout'),
     port: parsePort(values.port),
+    hostTmpdir: values['host-tmpdir'],
     input: values.input,
     output: values.output,
   }

runner/judge.ts

@@ -15,6 +15,7 @@ import { partitionEvalRuns } from './utils/eval-runs'
 import { loadFiles, sanitizeSegment } from './utils/fs'
 import {
   configureOpencodeDockerLogging,
+  configureOpencodeHostTmpdir,
   prepareOpencodeDockerRuntime,
   runWithOpencodeWorkerContext,
   shutdownAllOpencodeDockerContainers,
@@ -366,6 +367,7 @@ export async function runJudgeEntry(argv: string[] = Bun.argv.slice(2)) {
     agentLogs: cliOptions.agentLogs,
     verbose: cliOptions.verbose,
   })
+  configureOpencodeHostTmpdir({ hostTmpdir: cliOptions.hostTmpdir })
   const inputDirectory = path.resolve(process.cwd(), cliOptions.input)
   const outputDirectory = cliOptions.output ?? path.dirname(inputDirectory)
   const outputDirectories = await createRunOutputDirectories(outputDirectory)

runner/run.ts

@@ -19,6 +19,7 @@ import {
 } from './utils/fs'
 import {
   configureOpencodeDockerLogging,
+  configureOpencodeHostTmpdir,
   prepareOpencodeDockerRuntime,
   runWithOpencodeWorkerContext,
   shutdownAllOpencodeDockerContainers,
@@ -71,6 +72,7 @@ export async function runGenerationEntry(argv: string[] = Bun.argv.slice(2)) {
     agentLogs: cliOptions.agentLogs,
     verbose: cliOptions.verbose,
   })
+  configureOpencodeHostTmpdir({ hostTmpdir: cliOptions.hostTmpdir })
   const discoveredEvals = await discoverEvals(cliOptions.pattern)
   const runId = new Date().toISOString().replace(/[:.]/g, '-')
   const startedAt = new Date().toISOString()

runner/utils/opencode.test.ts

@@ -1,19 +1,24 @@
 import { createServer } from 'node:net'
-import { access } from 'node:fs/promises'
+import { access, mkdtemp, rm } from 'node:fs/promises'
+import os from 'node:os'
+import path from 'node:path'
 import { afterEach, describe, expect, test } from 'bun:test'
 
 import {
   allocateHostPort,
   cleanupOpencodeTempDir,
+  configureOpencodeHostTmpdir,
   createOpencodeTempDir,
   DEFAULT_OPENCODE_PORT,
   forceStopEvalsOpencodeContainersSync,
   formatContainerLogLine,
+  getOpencodeTempRoot,
   shouldPassthroughOpencodeDockerEnvKey,
 } from './opencode'
 
 describe('opencode temp workspace', () => {
   test('creates and cleans up a temp directory', async () => {
+    configureOpencodeHostTmpdir({})
     const workspace = await createOpencodeTempDir()
 
     expect(workspace.includes('evals-opencode-')).toBe(true)
@@ -23,6 +28,27 @@ describe('opencode temp workspace', () => {
 
     await expect(access(workspace)).rejects.toThrow()
   })
+
+  test('uses --host-tmpdir when configured', async () => {
+    const configuredRoot = await mkdtemp(
+      path.join(os.tmpdir(), 'runner-opencode-host-tmp-')
+    )
+    configureOpencodeHostTmpdir({ hostTmpdir: configuredRoot })
+
+    try {
+      const workspace = await createOpencodeTempDir()
+      expect(workspace.startsWith(configuredRoot)).toBe(true)
+      expect(getOpencodeTempRoot()).toBe(configuredRoot)
+      await cleanupOpencodeTempDir(workspace)
+    } finally {
+      configureOpencodeHostTmpdir({})
+      await rm(configuredRoot, { recursive: true, force: true })
+    }
+  })
+
+  afterEach(() => {
+    configureOpencodeHostTmpdir({})
+  })
 })
 
 describe('opencode port allocation', () => {

runner/utils/opencode.ts

@@ -29,6 +29,7 @@ type OpencodeWorkerContext = {
 
 const opencodeWorkerContext = new AsyncLocalStorage<OpencodeWorkerContext>()
 let agentActivityLoggingEnabled = false
+let configuredHostTmpdir: string | undefined
 
 const OPENCODE_TEMP_PREFIX = 'evals-opencode-'
 const OPENCODE_HOME_PREFIX = 'evals-opencode-home-'
@@ -109,6 +110,12 @@ export function logOpencodeAgent(message: string) {
   console.log(`${formatOpencodeLogTag('auto')}[agent] ${message}`)
 }
 
+export function configureOpencodeHostTmpdir(options: { hostTmpdir?: string }) {
+  configuredHostTmpdir = options.hostTmpdir?.trim()
+    ? path.resolve(options.hostTmpdir.trim())
+    : undefined
+}
+
 export function configureOpencodeDockerLogging(options: {
   agentLogs?: boolean
   verbose?: boolean
@@ -467,8 +474,19 @@ function getDockerBuildContext() {
   return path.resolve(process.cwd(), 'runner/docker/opencode')
 }
 
+export function getOpencodeTempRoot() {
+  return configuredHostTmpdir ?? os.tmpdir()
+}
+
+async function ensureOpencodeTempRoot() {
+  const tempRoot = getOpencodeTempRoot()
+  await mkdir(tempRoot, { recursive: true })
+  return tempRoot
+}
+
 export async function createOpencodeTempDir() {
-  return mkdtemp(path.join(os.tmpdir(), OPENCODE_TEMP_PREFIX))
+  const tempRoot = await ensureOpencodeTempRoot()
+  return mkdtemp(path.join(tempRoot, OPENCODE_TEMP_PREFIX))
 }
 
 export async function cleanupOpencodeTempDir(directory: string) {
@@ -693,9 +711,15 @@ export async function ensureOpencodeDockerImage(image = DEFAULT_DOCKER_IMAGE) {
   return ensurePromise
 }
 
-export async function prepareOpencodeDockerRuntime(image = DEFAULT_DOCKER_IMAGE) {
+export async function prepareOpencodeDockerRuntime(
+  image = DEFAULT_DOCKER_IMAGE
+) {
   ensureOpencodeDockerShutdownHandlers()
   logOpencode(`preparing docker runtime (image=${image})`, 'global')
+  if (configuredHostTmpdir) {
+    const tempRoot = await ensureOpencodeTempRoot()
+    logOpencode(`host temp root: ${tempRoot}`, 'global')
+  }
   await ensureOpencodeDockerImage(image)
   logOpencode(
     `docker runtime ready (serve log level=${agentActivityLoggingEnabled ? 'DEBUG' : (process.env.OPENCODE_SERVER_LOG_LEVEL ?? DEFAULT_OPENCODE_SERVER_LOG_LEVEL)}, stream container logs=${shouldStreamContainerLogs()}, agent logs=${agentActivityLoggingEnabled}, verbose=${isOpencodeVerboseLoggingEnabled()})`,
@@ -735,8 +759,9 @@ async function buildDockerVolumeArgs(hostWorkspace: string) {
   const authSource = path.join(homeDirectory, '.local/share/opencode/auth.json')
 
   if (await pathExists(authSource)) {
+    const tempRoot = await ensureOpencodeTempRoot()
     const runtimeDataDirectory = await mkdtemp(
-      path.join(os.tmpdir(), OPENCODE_HOME_PREFIX)
+      path.join(tempRoot, OPENCODE_HOME_PREFIX)
     )
     cleanupPaths.push(runtimeDataDirectory)
     await mkdir(runtimeDataDirectory, { recursive: true })