fixup container server and improve descriptions

Author: cmsparks

apps/sandbox-container/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "containers-starter",
-	"version": "0.0.0",
+	"version": "0.0.1",
 	"private": true,
 	"type": "module",
 	"scripts": {

apps/sandbox-container/server/containerHelpers.ts

@@ -1,4 +1,4 @@
-export const MAX_CONTAINERS = 20
+export const MAX_CONTAINERS = 50
 export async function startAndWaitForPort(
 	environment: 'dev' | 'prod' | 'test',
 	container: Container | undefined,

apps/sandbox-container/server/containerManager.ts

@@ -1,8 +1,15 @@
 import { DurableObject } from 'cloudflare:workers'
 
 import type { Env } from './context'
+import { ContainerEvent } from './metrics'
+import { MetricsTracker } from '@repo/mcp-observability'
 
 export class ContainerManager extends DurableObject<Env> {
+	metrics = new MetricsTracker(this.env.MCP_METRICS, {
+		name: this.env.MCP_SERVER_NAME,
+		version: this.env.MCP_SERVER_VERSION
+	})
+
 	constructor(
 		public ctx: DurableObjectState,
 		public env: Env
@@ -27,7 +34,8 @@ export class ContainerManager extends DurableObject<Env> {
 
 			console.log(id, time, now, now.valueOf() - time.valueOf())
 
-			if (now.valueOf() - time.valueOf() > 10 * 60 * 1000) {
+			// 15m timeout for container lifetime
+			if (now.valueOf() - time.valueOf() > 15 * 60 * 1000) {
 				const doId = this.env.USER_CONTAINER.idFromString(id)
 				const stub = this.env.USER_CONTAINER.get(doId)
 				await stub.destroyContainer()
@@ -42,6 +50,11 @@ export class ContainerManager extends DurableObject<Env> {
 		for (const c of activeContainers.keys()) {
 			activeIds.push(c)
 		}
+
+		this.metrics.logEvent(new ContainerEvent({
+			active: activeIds.length
+		}))
+
 		return activeIds
 	}
 }

apps/sandbox-container/server/containerMcp.ts

@@ -4,7 +4,7 @@ import { CloudflareMCPServer } from '@repo/mcp-common/src/server'
 
 import { ExecParams, FilePathParam, FileWrite } from '../shared/schema'
 import { BASE_INSTRUCTIONS } from './prompts'
-import { fileToBase64, stripProtocolFromFilePath } from './utils'
+import { stripProtocolFromFilePath } from './utils'
 
 import type { Env } from './context'
 import type { Props, UserContainer } from '.'
@@ -73,7 +73,9 @@ export class ContainerMcpAgent extends McpAgent<Env, {}, Props> {
 		})
 		this.server.tool(
 			'container_exec',
-			'Run a command in a container and return the results from stdout. If necessary, set a timeout. To debug, stream back standard error.',
+			`Run a command in a container and return the results from stdout. 
+			If necessary, set a timeout. To debug, stream back standard error. 
+			If you\'re using python, ALWAYS use python3 alongside pip3`,
 			{ args: ExecParams },
 			async ({ args }) => {
 				return {
@@ -106,56 +108,39 @@ export class ContainerMcpAgent extends McpAgent<Env, {}, Props> {
 		)
 		this.server.tool('container_files_list', 'List working directory file tree. This just reads the contents of the current working directory', {}, async ({}) => {
 			// Begin workaround using container read rather than ls:
-			const { blob, mimeType } = await this.userContainer.container_file_read('.')
+			const readFile = await this.userContainer.container_file_read('.')
 			return {
 				content: [
 					{
 						type: 'resource',
 						resource: {
-							text: await blob.text(),
+							text: readFile.type === "text" ? readFile.textOutput : readFile.base64Output,
 							uri: `file://`,
-							mimeType: mimeType,
+							mimeType: readFile.mimeType,
 						},
 					},
 				],
 			}
 		})
 		this.server.tool(
 			'container_file_read',
-			'Read a specific file or directory',
+			'Read a specific file or directory. Use this tool if you would like to read files or display them to the user. This allow you to get a displayable image for the user if there is an image file.',
 			{ args: FilePathParam },
 			async ({ args }) => {
 				const path = await stripProtocolFromFilePath(args.path)
-				const { blob, mimeType } = await this.userContainer.container_file_read(path)
+				const readFile = await this.userContainer.container_file_read(path)
 
-				if (mimeType && mimeType.startsWith('text')) {
-					return {
-						content: [
-							{
-								type: 'resource',
-								resource: {
-									text: await blob.text(),
-									uri: `file://${path}`,
-									mimeType: mimeType,
-								},
-							},
-						],
-					}
-				} else {
-					return {
-						content: [
-							{
-								type: 'resource',
-								resource: {
-									// for some reason the RPC type for Blob is not exactly the same as the regular Blob type
-									// @ts-ignore
-									blob: await fileToBase64(blob),
-									uri: `file://${path}`,
-									mimeType: mimeType,
-								},
+				return {
+					content: [
+						{
+							type: 'resource',
+							resource: {
+								text: readFile.type === "text" ? readFile.textOutput : readFile.base64Output,
+								uri: `file://${path}`,
+								mimeType: readFile.mimeType,
 							},
-						],
-					}
+						},
+					],
 				}
 			}
 		)

apps/sandbox-container/server/metrics.ts

@@ -0,0 +1,20 @@
+import { MetricsEvent, MetricsEventIndexIds } from "@repo/mcp-observability"
+
+export class ContainerEvent extends MetricsEvent {
+	constructor(
+		private containers: {
+			active?: number
+		}
+	) {
+		super()
+	}
+
+	toDataPoint(): AnalyticsEngineDataPoint {
+		return {
+			indexes: [MetricsEventIndexIds.CONTAINER_MANAGER],
+			doubles: this.mapDoubles({
+				double1: this.containers.active,
+			}),
+		}
+	}
+}

apps/sandbox-container/server/prompts.ts

@@ -6,28 +6,18 @@ The Container MCP Agent provides access to a sandboxed container environment. Th
 The container is an Ubuntu 20.04 base image with the following packages installed:
 - curl
 - git
-- htop
-- vim
-- wget
 - net-tools
 - build-essential
-- nmap
-- sudo
-- ca-certificates
-- lsb-release
 - nodejs
 - npm
 - python3
 - python3-pip
 
-You also have the following python packages installed:
-- matplotlib
-- pandas
-- numpy
+If necessary, you may install additional packages.
 
 You are given a working directory in which you can create or delete files and execute commands as described below.
 
-If you're using python, ALWAYS use python3 instead of python. ALWAYS make sure to install dependencies, as they won't be installed ahead of time.
+If you're using python, ALWAYS use \`python3\` instead of \`python\`. ALWAYS make sure to install dependencies, as they won't be installed ahead of time.
 
 ## Resources
 
@@ -45,7 +35,7 @@ AVOID manually reading or writing files using the \`container_exec\` tool. You s
 
 ## Tools
 
-To manage container lifecycle, use the \`container_start\` and \`container_kill\` tools. If you run into errors where you can't connect to the container, attempt to kill and restart the container. If that doesn't work, the system is probably overloaded.
+To manage container lifecycle, use the \`container_initialize\` tool. If you run into errors where you can't connect to the container, attempt to restart the container with the same \`container_initialize\` tool. If that doesn't work, the system is probably overloaded.
 
 You can execute actions in the container using the \`container_exec\` tool. By default, stdout is returned back as a string.
 To write a file, use the \`container_file_write\` tool. To delete a file, use the \`container_file_delete\` tool.
@@ -54,4 +44,6 @@ The \`container_files_list\` allows you to list file resources. Content is omitt
 If you want to get the file contents of a file resource, use \`container_file_read\`, which will return the file contents.
 
 If after calling a tool, you receive an error that a cloudchamber instance cannot be provided, just stop attempting to answer and request that the user attempt to try again later.
+
+If you run into issues, do not attempt to retry after 3 tries unless the user prompts you to. Instead direct the user to report an issue at: https://github.com/cloudflare/mcp-server-cloudflare
 `

apps/sandbox-container/server/userContainer.ts

@@ -7,6 +7,7 @@ import { getContainerManager } from './containerManager'
 
 import type { FileList } from '../shared/schema'
 import type { Env } from './context'
+import { fileToBase64 } from "./utils"
 
 export class UserContainer extends DurableObject<Env> {
 	constructor(
@@ -39,7 +40,8 @@ export class UserContainer extends DurableObject<Env> {
 		// try to cleanup cleanup old containers
 		const containerManager = getContainerManager(this.env)
 
-		if ((await containerManager.listActive()).length >= MAX_CONTAINERS) {
+		// if more than half of our containers are being used, let's try reaping
+		if ((await containerManager.listActive()).length >= (MAX_CONTAINERS / 2)) {
 			await containerManager.tryKillOldContainers()
 			if ((await containerManager.listActive()).length >= MAX_CONTAINERS) {
 				throw new Error(
@@ -127,7 +129,7 @@ export class UserContainer extends DurableObject<Env> {
 	}
 	async container_file_read(
 		filePath: string
-	): Promise<{ blob: Blob; mimeType: string | undefined }> {
+	): Promise<{ type: "text", textOutput: string; mimeType: string | undefined } | { type: "base64", base64Output: string; mimeType: string | undefined }> {
 		const res = await proxyFetch(
 			this.env.ENVIRONMENT,
 			this.ctx.container,
@@ -137,9 +139,24 @@ export class UserContainer extends DurableObject<Env> {
 		if (!res || !res.ok) {
 			throw new Error(`Request to container failed: ${await res.text()}`)
 		}
-		return {
-			blob: await res.blob(),
-			mimeType: res.headers.get('Content-Type') ?? undefined,
+
+		const mimeType = res.headers.get('Content-Type') ?? undefined
+		const blob = await res.blob()
+
+		console.log(mimeType)
+		
+		if (mimeType && mimeType.startsWith('text')) {
+			return {
+				type: "text",
+				textOutput: await blob.text(),
+				mimeType
+			}
+		} else {
+			return {
+				type: "base64",
+				base64Output: await fileToBase64(blob),
+				mimeType
+			}
 		}
 	}
 

apps/sandbox-container/wrangler.jsonc

@@ -121,7 +121,7 @@
 				},
 				{
 					"binding": "USER_BLOCKLIST",
-					"id": "TODO"
+					"id": "68e95343ded8448db179256c68f175b2"
 				}
 			],
 		},
@@ -135,9 +135,9 @@
 					// UPDATE WHEN DEPLOYING A NEW IMAGE
 					"image": "registry.cloudchamber.cfdata.org/sandbox-container:d802004",
 					"class_name": "UserContainer",
-					"max_instances": 20,
+					"max_instances": 50,
 					"rollout_step_percentage": 100,
-					"instances": 3,
+					"instances": 10,
 				}
 			],
 			"durable_objects": {
@@ -174,7 +174,7 @@
 				},
 				{
 					"binding": "USER_BLOCKLIST",
-					"id": "TODO"
+					"id": "b874d6ae29ec43e5afad7be8da067676"
 				}
 			],
 		},

packages/mcp-observability/src/analytics-engine.ts

@@ -111,6 +111,7 @@ export enum MetricsEventIndexIds {
 	AUTH_USER = 'auth_user',
 	SESSION_START = 'session_start',
 	TOOL_CALL = 'tool_call',
+	CONTAINER_MANAGER = 'container_manager',
 }
 
 /**