Files

T

Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization

10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-20 23:52:15 +09:00

8.5 KiB

Raw Blame History

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack

title

Artifacts & Infrastructure

📌 한 줄 통찰

"매 agent 의 physical body". 매 produced output (code, doc, image) 의 store + index + version. 매 execution 의 sandbox (container / microVM). 매 modern agent system 의 backbone — 매 E2B / Modal / Fly Machines.

📖 핵심

매 artifact 의 종류

Code: file, snippet, PR.
Document: markdown, JSON, structured.
Media: image, video, audio.
Data: dataset, embedding.
Trace: thought process log.

매 artifact store 의 component

Storage: S3 / Minio / FS.
Metadata: id, type, parent, hash, timestamp.
Index: search (Elasticsearch / SQLite FTS).
Versioning: content-addressed (Git-like) or sequential.
Access control: per-user / per-agent.

매 reference vs full

매 model context 의 limit → 매 reference id + summary 만 의 inject.
매 full content 의 explicit fetch.
매 attention budget 의 conserve.

매 execution infrastructure

Container (Docker)

매 standardized environment.
매 image immutable.
매 namespace isolation (PID, network, mount).
매 cgroups resource limit.
✅ 매 fast.
❌ 매 kernel share (security weak).

MicroVM (Firecracker)

매 lightweight VM.
매 hardware-virtualized.
매 boot < 125 ms.
✅ 매 strong isolation.
❌ 매 slightly slower.
매 AWS Lambda / Fly Machines 사용.

gVisor (Google)

매 user-space kernel.
매 syscall intercept.
매 between container + VM.

WebAssembly (Wasm)

매 sandbox by design.
매 fast startup.
매 language-agnostic.
매 limited syscall.

매 modern agent infra

E2B: 매 Firecracker-based, 매 agent-focused.
Modal: 매 Python serverless + GPU.
Fly Machines: 매 microVM, 매 global.
CodeSandbox: 매 sandbox dev env.
Replit Agent: 매 in-IDE.
Daytona: 매 dev environment.

매 artifact lifecycle

Create: 매 agent 가 produce.
Store: 매 artifact store.
Index: 매 metadata + content search.
Reference: 매 future agent 의 cite.
Version: 매 update / rollback.
Garbage collect: 매 unused / TTL.

매 visualization

HTML preview: React, plain.
Mermaid: diagram.
Markdown: doc.
CSV / Table: data.
Image / Video: media.
3D: glb / gltf.

→ 매 user 의 immediate verification.

매 trade-off

Storage cost: 매 retention policy.
Indexing latency: 매 fast write 의 lazy index.
Isolation strength: 매 security ↑ → 매 perf ↓.
Cold start: 매 sandbox 의 fast boot.
Secret management: 매 leak 방지.

매 security

Network egress: 매 whitelist.
Filesystem: 매 read-only base + writable scratch.
Resource limit (CPU, memory, disk, time).
Syscall filter (seccomp).
Secret injection: 매 env var, 매 vault.
Output scanning: 매 secret leak detect.

💻 패턴

Artifact store (FS-based)

import { createHash } from 'crypto';
import * as fs from 'fs/promises';

class ArtifactStore {
  async write(content: string | Buffer, metadata: Record<string, any>) {
    const hash = createHash('sha256').update(content).digest('hex');
    const path = `./artifacts/${hash.slice(0, 2)}/${hash}`;
    await fs.mkdir(path.split('/').slice(0, -1).join('/'), { recursive: true });
    await fs.writeFile(path, content);
    
    await this.indexMetadata(hash, metadata);
    return { id: hash, path };
  }
  
  async read(id: string): Promise<{ content: Buffer; metadata: any }> {
    const path = `./artifacts/${id.slice(0, 2)}/${id}`;
    const [content, metadata] = await Promise.all([
      fs.readFile(path),
      this.fetchMetadata(id),
    ]);
    return { content, metadata };
  }
  
  async indexMetadata(id: string, metadata: any) {
    // 매 SQLite / Elasticsearch
    await db.insert('artifacts', { id, ...metadata, ts: Date.now() });
  }
}

E2B sandbox (Python)

from e2b import Sandbox

sandbox = Sandbox.create('python3')
result = sandbox.run_code("""
import pandas as pd
df = pd.DataFrame({'a': [1, 2, 3]})
print(df.sum())
""")
print(result.text)  # 매 stdout
print(result.results)  # 매 plotted image, table

sandbox.close()

import modal

app = modal.App('my-agent')
image = modal.Image.debian_slim().pip_install('transformers', 'torch')

@app.function(image=image, gpu='A10G', timeout=600)
def run_inference(prompt: str) -> str:
    from transformers import pipeline
    pipe = pipeline('text-generation', model='meta-llama/Llama-3-8B')
    return pipe(prompt)[0]['generated_text']

@app.local_entrypoint()
def main():
    result = run_inference.remote('Hello')
    print(result)

Docker sandbox (limited)

import docker

client = docker.from_env()

def run_in_sandbox(code: str, language: str = 'python', timeout: int = 30):
    container = client.containers.run(
        f'sandbox-{language}',
        f'python -c "{code}"',
        mem_limit='512m',
        cpu_quota=50000,  # 매 0.5 CPU
        network_disabled=True,
        read_only=True,
        tmpfs={'/tmp': 'size=64m'},
        security_opt=['no-new-privileges'],
        cap_drop=['ALL'],
        detach=True,
    )
    try:
        container.wait(timeout=timeout)
        return container.logs().decode()
    finally:
        container.remove(force=True)

Fly Machines (microVM)

fly machine run python:3.11 \
  --region sfo \
  --vm-cpus 2 \
  --vm-memory 1024 \
  --env API_KEY=$API_KEY \
  -- python /app/agent.py

Mermaid artifact preview

function renderMermaidArtifact(diagram: string): string {
  return `
    <html><body>
      <pre class="mermaid">${escapeHtml(diagram)}</pre>
      <script src="https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js"></script>
      <script>mermaid.initialize({ startOnLoad: true });</script>
    </body></html>
  `;
}

Secret leak detector

import re

SECRET_PATTERNS = [
    re.compile(r'AKIA[0-9A-Z]{16}'),  # AWS
    re.compile(r'sk-[a-zA-Z0-9]{32,}'),  # OpenAI
    re.compile(r'github_pat_[a-zA-Z0-9_]{82}'),
    re.compile(r'-----BEGIN (RSA |EC )?PRIVATE KEY-----'),
]

def scan_for_secrets(artifact_content: str) -> list[str]:
    findings = []
    for pattern in SECRET_PATTERNS:
        for match in pattern.findall(artifact_content):
            findings.append(redact(match))
    return findings

🤔 결정 기준

요구	Infra
Untrusted code	E2B / Firecracker
Trusted Python	Modal
Long-running	Fly Machines
Light isolation	Docker + seccomp
Browser-side	Wasm
Code preview	HTML iframe sandbox
Permanent artifact	S3 + content-addressed
Ephemeral	tmpfs + TTL

기본값: E2B (untrusted) + Modal (trusted) + S3 artifact store + content-hash dedup.

🔗 Graph

부모: Agent-Architecture · Cloud-Infrastructure
변형: Sandbox · Container · MicroVM · Wasm
응용: E2B · Modal · Firecracker · gVisor
Adjacent: Tool-Use · Code-Execution

🤖 LLM 활용

언제: 매 agent system design. 매 sandbox selection. 매 artifact store schema. 매 security review. 언제 X: 매 single trusted user (over-engineering).

❌ 안티패턴

Run untrusted in host: 매 RCE.
No resource limit: 매 fork bomb.
Network unrestricted: 매 data exfil.
Secret in env (logged): 매 leak.
No TTL: 매 storage bloat.
Full content in context: 매 attention waste.
Container 의 security 의 over-trust: 매 kernel CVE.

🧪 검증 / 중복

Verified (E2B, Modal, Firecracker, AWS Lambda papers).
신뢰도 B.
Related: Agent-Harness · Sandbox · E2B · Modal · Code-Execution.

🕓 Changelog

날짜	변경
2026-05-08	Phase 1
2026-05-10	Manual cleanup — sandbox spectrum + lifecycle + 매 E2B / Modal / Docker / Fly code

8.5 KiB Raw Blame History