clawdie/colibri
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 52

fix(spawner): stage jailed env payloads (Sam & Codex) #48

Closed
clawdie wants to merge 1 commit from fix/jail-staged-env-rebase into main
pull from: fix/jail-staged-env-rebase
merge into: clawdie:main
Conversation 1 Commits 1 Files changed 2 +316 -50
clawdie commented 2026-06-13 23:29:56 +02:00
Owner
Copy link

Rebase of fix/jail-staged-env onto current main. Original branch was based on 6a72bef (pre-PR #44) and included stale doc/clawdie changes.

What changed

spawner.rs (+275 lines):

  • JailConfig.root_path — host-visible root of a named jail for payload staging
  • prepare_spawn_command() — stages env vars + working dir into launch.sh + env.sh inside the jail filesystem instead of relying on env inheritance across jexec/mdo
  • PreparedSpawnCommand struct with cleanup_dir tracking
  • Staged dirs cleaned up on agent stop/fail/poll-error/early-exit
  • 2 new tests: staged_named_jail_writes_launcher_and_env, staged_jail_requires_root_path
  • Existing jail tests updated with root_path

external.rs (+90/-50 lines):

  • Refactored to use prepare_spawn_command() for jailed MCP servers
  • Removed resolved_command() (superseded)
  • Cleanup dir tracked on session shutdown and spawn failure

Gates (Linux/domedog)

  • cargo clippy --workspace --all-targets -- -D warnings
  • 89 tests pass (60 daemon + 10 mcp lib + 10 tool_dispatch + 7 glasspane + 1 intake + 1 pi_spawn)

Needs FreeBSD validation — staged payload paths and jexec behavior should be confirmed on real FreeBSD 15.

(Sam & Codex)

Rebase of `fix/jail-staged-env` onto current main. Original branch was based on `6a72bef` (pre-PR #44) and included stale doc/clawdie changes. ## What changed **spawner.rs** (+275 lines): - `JailConfig.root_path` — host-visible root of a named jail for payload staging - `prepare_spawn_command()` — stages env vars + working dir into `launch.sh` + `env.sh` inside the jail filesystem instead of relying on env inheritance across `jexec`/`mdo` - `PreparedSpawnCommand` struct with cleanup_dir tracking - Staged dirs cleaned up on agent stop/fail/poll-error/early-exit - 2 new tests: `staged_named_jail_writes_launcher_and_env`, `staged_jail_requires_root_path` - Existing jail tests updated with `root_path` **external.rs** (+90/-50 lines): - Refactored to use `prepare_spawn_command()` for jailed MCP servers - Removed `resolved_command()` (superseded) - Cleanup dir tracked on session shutdown and spawn failure ## Gates (Linux/domedog) - `cargo clippy --workspace --all-targets -- -D warnings` ✅ - 89 tests pass (60 daemon + 10 mcp lib + 10 tool_dispatch + 7 glasspane + 1 intake + 1 pi_spawn) Needs FreeBSD validation — staged payload paths and `jexec` behavior should be confirmed on real FreeBSD 15. (Sam & Codex)
clawdie added 1 commit 2026-06-13 23:29:59 +02:00
fix(spawner): stage jailed env payloads (Sam & Codex)
Some checks failed
CI / rust (pull_request) Has been cancelled
Details
CI / markdown (pull_request) Has been cancelled
Details
d7206fa04f 
Rebased onto current main (origin fix/jail-staged-env was stale).

spawner.rs:
- Add JailConfig.root_path for host-visible jail root
- Add prepare_spawn_command() — stages env vars + working dir into
  launch.sh + env.sh inside the jail filesystem instead of relying on
  env inheritance across jexec/mdo
- PreparedSpawnCommand struct with cleanup_dir tracking
- Staged dirs cleaned up on agent stop/fail/poll-error
- 2 new tests: staged_named_jail_writes_launcher_and_env,
  staged_jail_requires_root_path

external.rs:
- Refactor to use prepare_spawn_command() for jailed MCP servers
- Remove resolved_command() method (superseded)
- Cleanup dir tracked on session shutdown

Gates: clippy + 89 tests pass on Linux/domedog.
clawdie commented 2026-06-13 23:33:41 +02:00
Author
Owner
Copy link

Closing — superseded by PR #49 which landed the same changes from fix/jail-staged-env-main.

Closing — superseded by PR #49 which landed the same changes from `fix/jail-staged-env-main`.
clawdie closed this pull request 2026-06-13 23:33:42 +02:00
Some checks failed
CI / rust (pull_request) Has been cancelled
Details
CI / markdown (pull_request) Has been cancelled
Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
first-proof blocker

gates the first proven end-to-end

  
hardening

security/robustness follow-up, not a first-proof gate

No labels
first-proof blocker
hardening
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: clawdie/colibri#48
No description provided.
Delete branch "fix/jail-staged-env-rebase"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?