thaloco/pyro-mcp
1
Fork 0
Code Pull requests Releases Packages Activity Actions

Align docs with real guest networking runtime

Browse source
This commit is contained in:
Thales Maciel 2026-03-06 22:54:18 -03:00
parent b01efa6452
commit 8bce1ed7d4
3 changed files with 12 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
AGENTS.md
View file

@ -20,6 +20,7 @@ This repository ships `pyro-mcp`, an MCP-compatible package for ephemeral VM lif
- Use `make network-demo` to validate deterministic VM lifecycle execution with guest networking enabled. - Use `make network-demo` to validate deterministic VM lifecycle execution with guest networking enabled.
- Use `make ollama-demo` to validate model-triggered lifecycle tool usage with guest networking enabled. - Use `make ollama-demo` to validate model-triggered lifecycle tool usage with guest networking enabled.
- Use `make doctor` to inspect bundled runtime integrity and host prerequisites. - Use `make doctor` to inspect bundled runtime integrity and host prerequisites.
- Network-enabled flows require host privilege for TAP/NAT setup; the current implementation uses `sudo -n` for `ip`, `nft`, and `iptables` when available.
- If you need full log payloads from the Ollama demo, use `make ollama-demo OLLAMA_DEMO_FLAGS=-v`. - If you need full log payloads from the Ollama demo, use `make ollama-demo OLLAMA_DEMO_FLAGS=-v`.
## Quality Gates ## Quality Gates

15
README.md
View file

@ -104,14 +104,21 @@ This prints bundled runtime paths, profile availability, checksum validation sta
- Host-side network allocation and diagnostics are implemented. - Host-side network allocation and diagnostics are implemented.
- The MCP server exposes `vm_network_info` for per-VM network metadata. - The MCP server exposes `vm_network_info` for per-VM network metadata.
- Host TAP/NAT setup is opt-in with: - Primary network-enabled entrypoints:
```bash
make network-demo
make ollama-demo
```
- Network setup requires host privilege to manage TAP/NAT state.
- The current implementation auto-uses `sudo -n` for `ip`, `nft`, and `iptables` commands when available.
- Manual opt-in for other commands is still available with:
```bash ```bash
PYRO_VM_ENABLE_NETWORK=1 make demo PYRO_VM_ENABLE_NETWORK=1 make demo
``` ```
- Network setup requires host privilege to manage TAP/NAT state.
- The current implementation auto-uses `sudo -n` for `ip`, `nft`, and `iptables` commands when available.
- To validate real guest egress directly: - To validate real guest egress directly:
```bash ```bash
@ -134,8 +141,6 @@ The command it asks the model to run is a small public repository clone:
```bash ```bash
rm -rf hello-world && git clone --depth 1 https://github.com/octocat/Hello-World.git hello-world >/dev/null && git -C hello-world rev-parse --is-inside-work-tree rm -rf hello-world && git clone --depth 1 https://github.com/octocat/Hello-World.git hello-world >/dev/null && git -C hello-world rev-parse --is-inside-work-tree
``` ```
If the runtime is still shim-based, the summary will show `execution_mode=host_compat`.
By default it omits log values; to include prompt content, tool args, and tool results use: By default it omits log values; to include prompt content, tool args, and tool results use:
```bash ```bash

2
runtime_sources/README.md
View file

@ -5,7 +5,7 @@ Source-of-truth inputs for `make runtime-bundle`.
Current state: Current state:
- `build/runtime_sources/` contains the real materialized runtime inputs used to build the packaged bundle. - `build/runtime_sources/` contains the real materialized runtime inputs used to build the packaged bundle.
- the checked-in tracked files under `runtime_sources/linux-x86_64/` are build recipes and lock metadata, not the materialized binaries/images. - the checked-in tracked files under `runtime_sources/linux-x86_64/` are build recipes and lock metadata, not the materialized binaries/images.
- `guest/pyro_guest_agent.py` is the guest agent artifact that should ultimately be installed into each real rootfs. - `guest/pyro_guest_agent.py` is the guest agent source artifact that is installed into each built rootfs.
- real source materialization now writes into `build/runtime_sources/`, not back into the tracked placeholder files. - real source materialization now writes into `build/runtime_sources/`, not back into the tracked placeholder files.
Materialization workflow: Materialization workflow: