# AI Code Battle Evolver Container # Runs the autonomous evolution pipeline: generates candidate bots via LLM, # validates them (syntax → schema → sandbox), runs arena tournaments, # and promotes winners to the live bot fleet. # # Needs multiple language runtimes for the 3-stage validation pipeline. # Build stage FROM golang:1.25-alpine AS builder WORKDIR /build # Install git for module downloads RUN apk --no-cache add git # Copy go.mod and go.sum first for caching COPY go.mod go.sum ./ RUN go mod download # Copy engine package COPY engine/ ./engine/ COPY metrics/ ./metrics/ # Copy bots (used as seed programs) COPY bots/ ./bots/ # Copy evolver source COPY cmd/acb-evolver/ ./cmd/acb-evolver/ # Copy map evolver source COPY cmd/acb-map-evolver/ ./cmd/acb-map-evolver/ # Build the evolver binary RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /acb-evolver ./cmd/acb-evolver # Build the map evolver binary RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /acb-map-evolver ./cmd/acb-map-evolver # Runtime stage — needs language runtimes for validation sandbox FROM golang:1.25-alpine WORKDIR /app # Install language runtimes for bot validation: # - go (included in base image) # - python3, nodejs (typescript), rust (rustup), java, php # - nsjail for sandbox isolation during validation # - ca-certificates for HTTPS (LLM calls, K8s API) # # Note: nsjail is in the community repository, ensure it's enabled RUN grep -q '^https.*\/community$' /etc/apk/repositories || \ echo "https://dl-cdn.alpinelinux.org/alpine/v$(. /etc/os-release && echo $VERSION_ID | cut -d. -f1,2)/community" >> /etc/apk/repositories && \ apk --no-cache add \ ca-certificates \ tzdata \ python3 \ py3-pip \ nodejs \ npm \ openjdk-17-jdk \ nsjail \ curl \ bash # Create non-root user first (before Rust installation) RUN addgroup -g 1000 acb && adduser -D -u 1000 -G acb acb # Install Rust toolchain (rustc) for validating Rust bots # Install to /opt/rust so it's accessible to all users RUN mkdir -p /opt/rust && \ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal --no-modify-path && \ cp -r /root/.cargo/* /opt/rust/ && \ rm -rf /root/.cargo && \ chown -R acb:acb /opt/rust # Install TypeScript compiler globally RUN npm install -g typescript ts-node # Copy binaries from builder COPY --from=builder /acb-evolver /app/acb-evolver COPY --from=builder /acb-map-evolver /app/acb-map-evolver # Set PATH to include Rust binaries and switch to non-root user ENV PATH="/opt/rust/bin:${PATH}" USER acb # Environment variables (set at runtime) # ACB_DATABASE_URL - PostgreSQL connection string # ACB_LLM_URL - LLM proxy base URL (e.g., http://zai-proxy:8080) # ACB_LLM_API_KEY - LLM API key (optional, for ZAI proxy) # ACB_ENCRYPTION_KEY - AES-256-GCM key for bots table shared secrets # ACB_KUBECTL_SERVER - kubectl API server URL for bot deployment # ACB_REGISTRY - Container registry for evolved bot images # ACB_REPO_DIR - Path to declarative-config repo for K8s manifest writes # ACB_R2_ENDPOINT - R2 endpoint for live.json upload # ACB_R2_BUCKET - R2 bucket name # ACB_R2_ACCESS_KEY - R2 access key # ACB_R2_SECRET_KEY - R2 secret key # ACB_EVOLUTION_OUT - Output path for live.json (default: evolution/live.json) ENTRYPOINT ["/app/acb-evolver"] CMD ["run"]