Initial commit

LibreCodeInterpreter - A secure, open-source code interpreter API that
provides sandboxed code execution in isolated Docker containers.

Features:
- Multi-language support (Python, JS, TS, Go, Java, C, C++, PHP, Rust, R, Fortran, D)
- Sub-50ms Python execution with pre-warmed REPL containers
- Container pooling for fast acquisition
- Secure sandboxed execution with comprehensive resource limits
- File management and session persistence
- Admin dashboard for monitoring and API key management
- Compatible with LibreChat's Code Interpreter API

Author: usnavy13

.dockerignore

@@ -0,0 +1,82 @@
+# Git
+.git
+.gitignore
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+venv/
+env/
+ENV/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Logs
+*.log
+logs/
+
+# Test coverage
+.coverage
+htmlcov/
+.pytest_cache/
+
+# Environment files
+.env
+.env.local
+.env.prod
+.env.staging
+
+# Documentation
+docs/
+*.md
+!README.md
+
+# Docker
+Dockerfile*
+docker-compose*.yml
+.dockerignore
+
+# Deployment
+deploy.sh
+
+# Data directories
+data/
+uploads/
+temp/
+
+# Node modules (if any)
+node_modules/
+
+# Temporary files
+*.tmp
+*.temp

.env.example

@@ -0,0 +1,168 @@
+# Code Interpreter API Configuration
+
+# API Configuration
+API_HOST=0.0.0.0
+API_PORT=8000
+API_DEBUG=false
+API_RELOAD=false
+
+# SSL/HTTPS Configuration
+ENABLE_HTTPS=false
+HTTPS_PORT=443
+SSL_CERT_FILE=/app/ssl/cert.pem
+SSL_KEY_FILE=/app/ssl/key.pem
+SSL_REDIRECT=false
+# SSL_CA_CERTS=/app/ssl/ca.pem  # Optional CA certificates
+
+# Authentication Configuration
+API_KEY=your-secure-api-key-here-change-this-in-production
+# API_KEYS=key1,key2,key3  # Additional API keys (comma-separated)
+API_KEY_HEADER=x-api-key
+API_KEY_CACHE_TTL=300
+
+# API Key Management Configuration
+# MASTER_API_KEY=your-secure-master-key  # Required for CLI key management
+RATE_LIMIT_ENABLED=true
+
+# Redis Configuration
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_PASSWORD=
+REDIS_DB=0
+# Alternative: Use Redis URL instead of individual settings
+# REDIS_URL=redis://localhost:6379/0
+REDIS_MAX_CONNECTIONS=20
+REDIS_SOCKET_TIMEOUT=5
+REDIS_SOCKET_CONNECT_TIMEOUT=5
+
+# MinIO/S3 Configuration
+MINIO_ENDPOINT=localhost:9000
+MINIO_ACCESS_KEY=minioadmin
+MINIO_SECRET_KEY=minioadmin
+MINIO_SECURE=false
+MINIO_BUCKET=code-interpreter-files
+MINIO_REGION=us-east-1
+
+# Docker Configuration
+# DOCKER_BASE_URL=unix://var/run/docker.sock
+DOCKER_TIMEOUT=60
+DOCKER_NETWORK_MODE=none
+DOCKER_READ_ONLY=true
+
+# Resource Limits - Execution
+MAX_EXECUTION_TIME=30
+MAX_MEMORY_MB=512
+MAX_CPU_QUOTA=50000
+MAX_PROCESSES=32
+MAX_OPEN_FILES=1024
+
+# Resource Limits - Files
+MAX_FILE_SIZE_MB=10
+MAX_TOTAL_FILE_SIZE_MB=50
+MAX_FILES_PER_SESSION=50
+MAX_OUTPUT_FILES=10
+MAX_FILENAME_LENGTH=255
+
+# Resource Limits - Sessions
+MAX_CONCURRENT_EXECUTIONS=10
+MAX_SESSIONS_PER_ENTITY=100
+
+# Session Configuration
+# TTL applies only to MinIO-stored session data (files/metadata). Containers are ephemeral per execution.
+SESSION_TTL_HOURS=24
+SESSION_CLEANUP_INTERVAL_MINUTES=60
+SESSION_ID_LENGTH=32
+
+# MinIO Orphan Cleanup (optional)
+# Enable periodic pruning of MinIO objects older than TTL with missing Redis sessions
+ENABLE_ORPHAN_MINIO_CLEANUP=false
+
+# Container Pool Configuration
+CONTAINER_POOL_ENABLED=true
+CONTAINER_POOL_WARMUP_ON_STARTUP=true
+
+# Per-language pool sizes (0 = on-demand only, no pre-warming)
+# Only set the languages you want to pre-warm
+CONTAINER_POOL_PY=5     # Python
+CONTAINER_POOL_JS=2     # JavaScript
+# CONTAINER_POOL_TS=0   # TypeScript (default: 0)
+# CONTAINER_POOL_GO=0   # Go (default: 0)
+# CONTAINER_POOL_JAVA=0 # Java (default: 0)
+# CONTAINER_POOL_C=0    # C (default: 0)
+# CONTAINER_POOL_CPP=0  # C++ (default: 0)
+# CONTAINER_POOL_PHP=0  # PHP (default: 0)
+# CONTAINER_POOL_RS=0   # Rust (default: 0)
+# CONTAINER_POOL_R=0    # R (default: 0)
+# CONTAINER_POOL_F90=0  # Fortran (default: 0)
+# CONTAINER_POOL_D=0    # D (default: 0)
+
+# Pool optimization settings
+CONTAINER_POOL_PARALLEL_BATCH=5
+CONTAINER_POOL_REPLENISH_INTERVAL=2
+CONTAINER_POOL_EXHAUSTION_TRIGGER=true
+
+# REPL Configuration (Python Fast Execution)
+# Pre-warmed Python interpreter for ~20-40ms execution latency
+REPL_ENABLED=true
+REPL_WARMUP_TIMEOUT_SECONDS=15
+REPL_HEALTH_CHECK_TIMEOUT_SECONDS=5
+
+# State Persistence Configuration (Python)
+# Enables Python variable/function persistence across executions within same session
+STATE_PERSISTENCE_ENABLED=true
+# Redis hot storage TTL (default: 2 hours)
+STATE_TTL_SECONDS=7200
+# Maximum serialized state size
+STATE_MAX_SIZE_MB=50
+# Capture state even on execution failure
+STATE_CAPTURE_ON_ERROR=false
+
+# State Archival Configuration (Python)
+# Archives inactive states from Redis to MinIO for long-term storage
+STATE_ARCHIVE_ENABLED=true
+# Archive to MinIO after this inactivity period (default: 1 hour)
+STATE_ARCHIVE_AFTER_SECONDS=3600
+# Keep archived states in MinIO for this many days
+STATE_ARCHIVE_TTL_DAYS=7
+# How often to check for states to archive
+STATE_ARCHIVE_CHECK_INTERVAL_SECONDS=300
+
+# Detailed Metrics Configuration
+# Track per-API-key, per-language execution metrics
+DETAILED_METRICS_ENABLED=true
+# Maximum metrics to buffer in memory
+METRICS_BUFFER_SIZE=10000
+# Archive metrics to MinIO for long-term analysis
+METRICS_ARCHIVE_ENABLED=true
+# Keep archived metrics for this many days
+METRICS_ARCHIVE_RETENTION_DAYS=90
+
+# Security Configuration
+ENABLE_NETWORK_ISOLATION=true
+ENABLE_FILESYSTEM_ISOLATION=true
+
+# WAN Network Access Configuration
+# When enabled, execution containers can access the public internet
+# but are blocked from accessing host, other containers, and private networks
+# IMPORTANT: Requires NET_ADMIN capability for iptables management
+ENABLE_WAN_ACCESS=false
+WAN_NETWORK_NAME=code-interpreter-wan
+# WAN_DNS_SERVERS=8.8.8.8,1.1.1.1,8.8.4.4
+
+# Logging Configuration
+LOG_LEVEL=INFO
+LOG_FORMAT=json
+# LOG_FILE=/var/log/code-interpreter-api.log
+LOG_MAX_SIZE_MB=100
+LOG_BACKUP_COUNT=5
+ENABLE_ACCESS_LOGS=true
+ENABLE_SECURITY_LOGS=true
+
+# Health Check Configuration
+HEALTH_CHECK_INTERVAL=30
+HEALTH_CHECK_TIMEOUT=5
+
+# Development Configuration
+ENABLE_CORS=false
+# CORS_ORIGINS=http://localhost:3000,http://localhost:8080
+ENABLE_DOCS=true

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,32 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ""
+labels: bug, needs-triage
+assignees: ""
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+
+1. Go to '...'
+2. Click on '...'
+3. Scroll down to '...'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Environment (please complete the following information):**
+
+- OS: [e.g. Ubuntu 22.04]
+- Version [e.g. 1.0.0]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,19 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ""
+labels: enhancement, needs-triage
+assignees: ""
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/pull_request_template.md

@@ -0,0 +1,32 @@
+# Description
+
+Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.
+
+Fixes # (issue)
+
+## Type of change
+
+Please delete options that are not relevant.
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Documentation update
+
+# How Has This Been Tested?
+
+Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
+
+- [ ] Test A
+- [ ] Test B
+
+# Checklist:
+
+- [ ] My code follows the style guidelines of this project
+- [ ] I have performed a self-review of my own code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
+- [ ] Any dependent changes have been merged and published in downstream modules

.github/workflows/docker-publish.yml

@@ -0,0 +1,55 @@
+name: Docker Build and Publish
+
+on:
+  push:
+    branches: ["main", "dev"]
+    tags: ["v*.*.*"]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=semver,pattern={{version}}
+            type=sha,format=long
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max