thaloco/pyro-mcp
1
Fork 0
Code Pull requests Releases Packages Activity Actions
pyro-mcp/runtime_sources/README.md
Thales Maciel aa886b346e Add seeded task workspace creation 
Current persistent tasks started with an empty workspace, which blocked the first useful host-to-task workflow in the task roadmap. This change lets task creation start from a host directory or tar archive without changing the one-shot VM surfaces.

Expose source_path on task create across the CLI, SDK, and MCP, add safe archive upload and extraction support for guest and host-compat backends, persist workspace_seed metadata, and patch the per-task rootfs with the bundled guest agent before boot so seeded guest tasks work without republishing environments. Also switch post--- command reconstruction to shlex.join() so documented sh -lc task examples preserve argument boundaries.

Validation:
- uv lock
- UV_CACHE_DIR=.uv-cache uv run pytest --no-cov tests/test_vm_guest.py tests/test_vm_manager.py tests/test_cli.py tests/test_api.py tests/test_server.py tests/test_public_contract.py
- UV_CACHE_DIR=.uv-cache make check
- UV_CACHE_DIR=.uv-cache make dist-check
- real guest-backed smoke: task create --source-path, task exec -- cat note.txt, task delete
2026-03-11 21:45:38 -03:00

41 lines
2.3 KiB
Markdown
Raw Permalink Blame History

# runtime_sources
Source-of-truth inputs for `make runtime-bundle`.
Current state:
- `build/runtime_sources/` contains the real materialized runtime inputs used to build the packaged bundle.
- the checked-in tracked files under `runtime_sources/linux-x86_64/` are build recipes and lock metadata, not the materialized binaries/images.
- `guest/pyro_guest_agent.py` is the guest agent source artifact that is installed into each built rootfs.
- real source materialization now writes into `build/runtime_sources/`, not back into the tracked placeholder files.
- the packaged runtime images under `src/pyro_mcp/runtime_bundle/` are stored via Git LFS, so contributor clones need `git lfs install` and LFS-enabled checkout.
Materialization workflow:
1. `make runtime-fetch-binaries`
2. `make runtime-build-kernel-real`
3. `make runtime-build-rootfs-real`
4. `make runtime-bundle`
Official environment publication workflow:
1. `make runtime-materialize`
2. `DOCKERHUB_USERNAME=... DOCKERHUB_TOKEN=... make runtime-publish-official-environments-oci`
3. if your uplink is slow, tune publishing with `PYRO_OCI_UPLOAD_TIMEOUT_SECONDS`, `PYRO_OCI_UPLOAD_CHUNK_SIZE_BYTES`, and `PYRO_OCI_REQUEST_TIMEOUT_SECONDS`
Official end-user pulls are anonymous; registry credentials are only required for publishing.
Build requirements for the real path:
- `docker`
- outbound network access to the pinned upstream release hosts and Debian snapshot mirrors
- enough disk for a kernel build plus 2G ext4 images per source profile
Kernel build note:
- the kernel builder now defaults to conservative parallelism to avoid compiler crashes on memory-constrained hosts
- if you still need to force a lower setting, use `PYRO_KERNEL_BUILD_JOBS=1 make runtime-build-kernel-real` or `PYRO_KERNEL_BUILD_JOBS=1 make runtime-materialize`
Current status:
1. Firecracker and Jailer are materialized from pinned official release artifacts.
2. The kernel and rootfs images are built from pinned inputs into `build/runtime_sources/`.
3. The guest agent is installed into each rootfs and used for vsock exec plus workspace archive imports.
4. `runtime.lock.json` now advertises real guest capabilities.
Safety rule:
- The build pipeline should never emit `vm_boot=true`, `guest_exec=true`, or `guest_network=true` while any source artifact is still a shim or placeholder.
View git blame Copy permalink