refactor: add explicit STRIX_IMAGE validation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-10 14:23:30 -08:00
parent 7dab26cdd5
commit c059f47d01
1 changed files with 25 additions and 25 deletions
--- a/strix/runtime/docker_runtime.py
+++ b/strix/runtime/docker_runtime.py
@@ -119,10 +119,13 @@ class DockerRuntime(AbstractRuntime):
    def _create_container_with_retry(self, scan_id: str, max_retries: int = 3) -> Container:
        last_exception = None
        container_name = f"strix-scan-{scan_id}"
        image_name = Config.get("strix_image")
        if not image_name:
            raise ValueError("STRIX_IMAGE must be configured")
        for attempt in range(max_retries):
            try:
-                self._verify_image_available(Config.get("strix_image") or "")
+                self._verify_image_available(image_name)
                try:
                    existing_container = self.client.containers.get(container_name)
@@ -143,30 +146,27 @@ class DockerRuntime(AbstractRuntime):
                self._tool_server_port = tool_server_port
                self._tool_server_token = tool_server_token
-                container = cast(
+                container = self.client.containers.run(
-                    "Container",
+                    image_name,
-                    self.client.containers.run(  # type: ignore[call-overload]
+                    command="sleep infinity",
-                        Config.get("strix_image"),
+                    detach=True,
-                        command="sleep infinity",
+                    name=container_name,
-                        detach=True,
+                    hostname=f"strix-scan-{scan_id}",
-                        name=container_name,
+                    ports={
-                        hostname=f"strix-scan-{scan_id}",
+                        f"{caido_port}/tcp": caido_port,
-                        ports={
+                        f"{tool_server_port}/tcp": tool_server_port,
-                            f"{caido_port}/tcp": caido_port,
+                    },
-                            f"{tool_server_port}/tcp": tool_server_port,
+                    cap_add=["NET_ADMIN", "NET_RAW"],
-                        },
+                    labels={"strix-scan-id": scan_id},
-                        cap_add=["NET_ADMIN", "NET_RAW"],
+                    environment={
-                        labels={"strix-scan-id": scan_id},
+                        "PYTHONUNBUFFERED": "1",
-                        environment={
+                        "CAIDO_PORT": str(caido_port),
-                            "PYTHONUNBUFFERED": "1",
+                        "TOOL_SERVER_PORT": str(tool_server_port),
-                            "CAIDO_PORT": str(caido_port),
+                        "TOOL_SERVER_TOKEN": tool_server_token,
-                            "TOOL_SERVER_PORT": str(tool_server_port),
+                        "HOST_GATEWAY": HOST_GATEWAY_HOSTNAME,
-                            "TOOL_SERVER_TOKEN": tool_server_token,
+                    },
-                            "HOST_GATEWAY": HOST_GATEWAY_HOSTNAME,
+                    extra_hosts=self._get_extra_hosts(),
-                        },
+                    tty=True,
                        extra_hosts=self._get_extra_hosts(),
                        tty=True,
                    ),
                )
                self._scan_container = container