bin/repro: hermetic --devshell with $PWD patches drop.#73
Open
vgvassilev wants to merge 1 commit into
Open
Conversation
Contributor
Author
|
@aaronj0, can you make sure that's what you wanted and need on your end? |
vgvassilev
force-pushed
the
devshell-hermetic
branch
from
cffa45d to
fc48d75
Compare
Today --devshell bind-mounts the cell workdir (~/.cache/ci-workflows/devshell/<cell>/) wholesale into the container, so a session inside has full r/w access to the host's recipe install, ccache, and llvm-project checkout. There is no designated rendezvous for finished patches back to the host, and any write under that workdir lands silently on the host filesystem -- not a model that survives handing the shell to a less-trusted agent. Invert the storage model. Sources, build, and ccache default to a per-cell named docker volume; the host sees no recipe state at all. $PWD is bound at /patches (rw) as the single rendezvous point: the AI inside writes `git format-patch -o /patches ...`, the host applies them with `git am` under its own identity. The container drops to a non-root `dev` user with host UID/GID so files round-trip without ownership friction, with the catthehacker `runner`-at-UID-1001 collision handled by `usermod -l`. Persistent AI state (skills, settings, per-project memory) lives under an opt-in --devshell-host-cache directory and is symlinked into ~/.claude/ at session start. The hermetic init lives in scripts/devshell-init, sourced by scripts/repro-config and re-invoked with --verify after the main config run; verify checks that the dev user, /patches ownership, and the AI symlinks (skills, settings.json, and all three encoded memory keys) are in the state bin/repro promised, failing the session loudly otherwise. Unit tests pin the flag resolution and the `docker run` argv shape; --verify covers the in-container state; the --devshell-script batch path, manifest-driven cmake replay, and ccache invariants are unchanged. Design and recommended setup live in docs/developer-guide.md.
vgvassilev
force-pushed
the
devshell-hermetic
branch
from
fc48d75 to
0982dc3
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Today --devshell bind-mounts the cell workdir
(~/.cache/ci-workflows/devshell//) wholesale into the container, so a session inside has full r/w access to the host's recipe install, ccache, and llvm-project checkout. There is no designated rendezvous for finished patches back to the host, and any write under that workdir lands silently on the host filesystem -- not a model that survives handing the shell to a less-trusted agent.
Invert the storage model. Sources, build, and ccache default to a per-cell named docker volume; the host sees no recipe state at all. $PWD is bound at /patches (rw) as the single rendezvous point: the AI inside writes
git format-patch -o /patches ..., the host applies them withgit amunder its own identity. The container drops to a non-rootdevuser with host UID/GID so files round-trip without ownership friction, with the catthehackerrunner-at-UID-1001 collision handled byusermod -l. Persistent AI state (skills, settings, per-project memory) lives under an opt-in --devshell-host-cache directory and is symlinked into ~/.claude/ at session start.The hermetic init lives in scripts/devshell-init, sourced by scripts/repro-config and re-invoked with --verify after the main config run; verify checks that the dev user, /patches ownership, and the AI symlinks (skills, settings.json, and all three encoded memory keys) are in the state bin/repro promised, failing the session loudly otherwise. Unit tests pin the flag resolution and the
docker runargv shape; --verify covers the in-container state; the --devshell-script batch path, manifest-driven cmake replay, and ccache invariants are unchanged. Design and recommended setup live in docs/developer-guide.md.