Thales Maciel
fc72fcd3a1
Add explicit workspace secrets across the CLI, SDK, and MCP, with create-time secret definitions and per-call secret-to-env mapping for exec, shell open, and service start. Persist only safe secret metadata in workspace records, materialize secret files under /run/pyro-secrets, and redact secret values from exec output, shell reads, service logs, and surfaced errors. Fix the remaining real-guest shell gap by shipping bundled guest init alongside the guest agent and patching both into guest-backed workspace rootfs images before boot. The new init mounts devpts so PTY shells work on Firecracker guests, while reset continues to recreate the sandbox and re-materialize secrets from stored task-local secret material. Validation: uv lock; UV_CACHE_DIR=.uv-cache make check; UV_CACHE_DIR=.uv-cache make dist-check; and a real guest-backed Firecracker smoke covering workspace create with secrets, secret-backed exec, shell, service, reset, and delete.
71 lines
2.2 KiB
JSON
71 lines
2.2 KiB
JSON
{
|
|
"binaries": {
|
|
"firecracker": {
|
|
"path": "bin/firecracker",
|
|
"sha256": "b99ea49b8d8b7bfa307d3845585d6a97f7642aa17a985749900370070d8ca930"
|
|
},
|
|
"jailer": {
|
|
"path": "bin/jailer",
|
|
"sha256": "86622337f91df329cca72bb21cd1324fb8b6fa47931601d65ee4b2c72ef2cae5"
|
|
}
|
|
},
|
|
"bundle_version": "1.0.0",
|
|
"capabilities": {
|
|
"guest_exec": true,
|
|
"guest_network": true,
|
|
"vm_boot": true
|
|
},
|
|
"component_versions": {
|
|
"base_distro": "debian-bookworm-20250210",
|
|
"firecracker": "1.12.1",
|
|
"guest_agent": "0.2.0-dev",
|
|
"jailer": "1.12.1",
|
|
"kernel": "5.10.210"
|
|
},
|
|
"guest": {
|
|
"agent": {
|
|
"path": "guest/pyro_guest_agent.py",
|
|
"sha256": "76a0bd05b523bb952ab9eaf5a3f2e0cbf1fc458d1e44894e2c0d206b05896328"
|
|
},
|
|
"init": {
|
|
"path": "guest/pyro-init",
|
|
"sha256": "96e3653955db049496cc9dc7042f3778460966e3ee7559da50224ab92ee8060b"
|
|
}
|
|
},
|
|
"platform": "linux-x86_64",
|
|
"profiles": {
|
|
"debian-base": {
|
|
"description": "Minimal Debian userspace for shell and core Unix tooling.",
|
|
"kernel": {
|
|
"path": "profiles/debian-base/vmlinux",
|
|
"sha256": "15bcea4fa224131951888408978ff22fc2173f2782365c0617a900fe029bd8fb"
|
|
},
|
|
"rootfs": {
|
|
"path": "profiles/debian-base/rootfs.ext4",
|
|
"sha256": "004c66edabb15969f684feb9d1c0e93df74cfba80270a408b2432a0fe1f30396"
|
|
}
|
|
},
|
|
"debian-build": {
|
|
"description": "Debian Git environment with common build tools for source builds.",
|
|
"kernel": {
|
|
"path": "profiles/debian-build/vmlinux",
|
|
"sha256": "15bcea4fa224131951888408978ff22fc2173f2782365c0617a900fe029bd8fb"
|
|
},
|
|
"rootfs": {
|
|
"path": "profiles/debian-build/rootfs.ext4",
|
|
"sha256": "6c1b541260beb3a79788fcfe6d960fc352161512f160c9ed1f1e7b547508fe13"
|
|
}
|
|
},
|
|
"debian-git": {
|
|
"description": "Debian base environment with Git preinstalled.",
|
|
"kernel": {
|
|
"path": "profiles/debian-git/vmlinux",
|
|
"sha256": "15bcea4fa224131951888408978ff22fc2173f2782365c0617a900fe029bd8fb"
|
|
},
|
|
"rootfs": {
|
|
"path": "profiles/debian-git/rootfs.ext4",
|
|
"sha256": "7ad128be3f4a785c173c349a4b2f870a402f239856ce41372c2107d186dcb87e"
|
|
}
|
|
}
|
|
}
|
|
}
|