Add guest-only workspace secrets

Add explicit workspace secrets across the CLI, SDK, and MCP, with create-time secret definitions and per-call secret-to-env mapping for exec, shell open, and service start. Persist only safe secret metadata in workspace records, materialize secret files under /run/pyro-secrets, and redact secret values from exec output, shell reads, service logs, and surfaced errors. Fix the remaining real-guest shell gap by shipping bundled guest init alongside the guest agent and patching both into guest-backed workspace rootfs images before boot. The new init mounts devpts so PTY shells work on Firecracker guests, while reset continues to recreate the sandbox and re-materialize secrets from stored task-local secret material. Validation: uv lock; UV_CACHE_DIR=.uv-cache make check; UV_CACHE_DIR=.uv-cache make dist-check; and a real guest-backed Firecracker smoke covering workspace create with secrets, secret-backed exec, shell, service, reset, and delete.
2026-03-12 15:43:34 -03:00 · 2026-03-12 15:43:34 -03:00 · fc72fcd3a1
commit fc72fcd3a1
parent 18b8fd2a7d
32 changed files with 1980 additions and 181 deletions
--- a/runtime_sources/linux-x86_64/scripts/pyro-init
+++ b/runtime_sources/linux-x86_64/scripts/pyro-init
@ -7,7 +7,8 @@ AGENT=/opt/pyro/bin/pyro_guest_agent.py
 mount -t proc proc /proc || true
 mount -t sysfs sysfs /sys || true
 mount -t devtmpfs devtmpfs /dev || true
-mkdir -p /run /tmp
+mkdir -p /dev/pts /run /tmp
+mount -t devpts devpts /dev/pts -o mode=620,ptmxmode=666 || true
 hostname pyro-vm || true

 cmdline="$(cat /proc/cmdline 2>/dev/null || true)"