blaxel-ai · kisernl · Mar 16, 2026 · mendral-app · Mar 16, 2026 · cursor
diff --git a/hub/computesdk/Dockerfile b/hub/computesdk/Dockerfile
@@ -0,0 +1,22 @@
+ARG SANDBOX_VERSION=latest
+FROM --platform=linux/amd64 ghcr.io/blaxel-ai/sandbox:${SANDBOX_VERSION} AS blaxel
+
+# Use ComputeSDK self-hosted compute runtime as base (Debian Bookworm)
+FROM --platform=linux/amd64 computesdk/compute:latest
-FROM --platform=linux/amd64 computesdk/compute:latest
+FROM --platform=linux/amd64 computesdk/compute:<specific-version-or-digest>
-FROM --platform=linux/amd64 computesdk/compute:latest
+FROM --platform=linux/amd64 computesdk/compute:<specific-version-or-digest>
+
+# Copy Blaxel sandbox API binary (required for all Blaxel sandbox templates)
+COPY --from=blaxel /sandbox-api /usr/local/bin/sandbox-api
+
+# Switch to root for package installation
+USER root
+
+# Install netcat for the health-check loop in entrypoint.sh
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    netcat-openbsd \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy and set up entrypoint
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/hub/computesdk/entrypoint.sh b/hub/computesdk/entrypoint.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+# Normalize ComputeSDK credential env vars BEFORE starting any processes.
+# The compute binary reads API_KEY / ACCESS_TOKEN directly, but users may
+# pass COMPUTESDK_API_KEY / COMPUTESDK_ACCESS_TOKEN instead.
+export API_KEY="${API_KEY:-${COMPUTESDK_API_KEY:-}}"
+export ACCESS_TOKEN="${ACCESS_TOKEN:-${COMPUTESDK_ACCESS_TOKEN:-}}"
+
+# Start the Blaxel sandbox API (required)
+# It inherits the exported env vars, so child processes it spawns will too.
+/usr/local/bin/sandbox-api &
+
+# Wait for sandbox API to be ready
+echo "Waiting for sandbox API..."
+while ! nc -z 127.0.0.1 8080; do
+  sleep 0.1
+done
+
+echo "Sandbox API ready"
+
+# Start the ComputeSDK compute daemon via the sandbox API process manager.
+if [ -n "$ACCESS_TOKEN" ] || [ -n "$API_KEY" ]; then
+  echo "Starting ComputeSDK compute daemon (credentials found)..."
+  curl -s http://127.0.0.1:8080/process \
+    -X POST \
+    -H "Content-Type: application/json" \
+    -d '{"name": "compute-daemon", "workingDir": "/app", "command": "/app/compute serve-daemon", "waitForCompletion": false}'
+else
+  echo "WARNING: No COMPUTESDK_ACCESS_TOKEN or COMPUTESDK_API_KEY set."
+  echo "The compute daemon will NOT start automatically."
+  echo "Provide credentials at sandbox creation time, or start manually via:"
+  echo "  /app/compute serve-daemon --access-token <TOKEN>"
+fi
+
+echo "ComputeSDK sandbox ready"
+
+# Keep the container running
-# Keep the container running
+SANDBOX_PID=$!
+
+# Keep the container running; exit if sandbox-api dies
+wait $SANDBOX_PID
-# Keep the container running
+SANDBOX_PID=$!
+
+# Keep the container running; exit if sandbox-api dies
+wait $SANDBOX_PID
+wait
diff --git a/hub/computesdk/template.json b/hub/computesdk/template.json
@@ -0,0 +1,20 @@
+{
+  "name": "computesdk-image",
+  "displayName": "ComputeSDK",
+  "categories": [],
+  "description": "Sandbox environment with the ComputeSDK compute runtime pre-installed",
+  "longDescription": "A Blaxel sandbox image with the ComputeSDK compute runtime pre-installed. The compute daemon is started automatically during sandbox creation via the gateway provider.",
+  "memory": 4096,
+  "ports": [
+    {
+      "name": "sandbox-api",
+      "target": 8080,
+      "protocol": "HTTP"
+    },
+    {
+      "name": "compute",
+      "target": 18080,
+      "protocol": "HTTP"
+    }
+  ]
+}