Documentation
¶
Index ¶
- Constants
- Variables
- func ParseVolumeMount(vol string, workspace string) (hostPath, guestPath string, readonly bool, err error)
- func ShellQuoteArgs(args []string) string
- func ValidateGuestMount(path string) error
- type Config
- type DirectMount
- type DiskMount
- type Event
- type ExecEvent
- type ExecOptions
- type ExecResult
- type FileEvent
- type FileInfo
- type HTTPHooks
- type ImageConfig
- type MountConfig
- type NetworkConfig
- type NetworkEvent
- type Resources
- type Secret
- type VFSConfig
- type VFSHooks
- type VM
Constants ¶
View Source
const ( DefaultCPUs = 1 DefaultMemoryMB = 512 DefaultDiskSizeMB = 5120 DefaultTimeoutSeconds = 300 DefaultGracefulShutdownPeriod = 0 )
View Source
const DefaultWorkspace = "/workspace"
DefaultWorkspace is the default mount point for the VFS in the guest
Variables ¶
View Source
var ( ErrBlocked = errors.New("request blocked by policy") ErrHostNotAllowed = errors.New("host not in allowlist") ErrSecretLeak = errors.New("secret placeholder sent to unauthorized host") ErrVMNotRunning = errors.New("VM is not running") ErrVMNotFound = errors.New("VM not found") ErrTimeout = errors.New("operation timed out") ErrInvalidConfig = errors.New("invalid configuration") )
View Source
var DefaultDNSServers = []string{"8.8.8.8", "8.8.4.4"}
DefaultDNSServers are used when no custom DNS servers are configured.
Functions ¶
func ParseVolumeMount ¶
func ParseVolumeMount(vol string, workspace string) (hostPath, guestPath string, readonly bool, err error)
ParseVolumeMount parses a volume mount string in format "host:guest" or "host:guest:ro". Guest paths are relative to the workspace unless they start with the workspace path.
func ShellQuoteArgs ¶ added in v0.1.1
ShellQuoteArgs joins command arguments into a single shell-safe string using POSIX shell quoting rules.
func ValidateGuestMount ¶ added in v0.1.6
ValidateGuestMount checks that a guest mount path is safe for use in kernel cmdline args and shell scripts.
Types ¶
type Config ¶
type Config struct {
Image string `json:"image,omitempty"`
Privileged bool `json:"privileged,omitempty"`
Resources *Resources `json:"resources,omitempty"`
Network *NetworkConfig `json:"network,omitempty"`
VFS *VFSConfig `json:"vfs,omitempty"`
Env map[string]string `json:"env,omitempty"`
ExtraDisks []DiskMount `json:"extra_disks,omitempty"`
ImageCfg *ImageConfig `json:"image_config,omitempty"`
}
func DefaultConfig ¶
func DefaultConfig() *Config
func ParseConfig ¶
func (*Config) GetWorkspace ¶
GetWorkspace returns the workspace path from config, or default if not set
type DirectMount ¶
type DiskMount ¶ added in v0.1.6
type DiskMount struct {
HostPath string `json:"host_path"`
GuestMount string `json:"guest_mount"`
ReadOnly bool `json:"readonly,omitempty"`
}
DiskMount describes a persistent ext4 disk image to attach as a block device.
type Event ¶
type Event struct {
Type string `json:"type"`
Timestamp int64 `json:"timestamp"`
Network *NetworkEvent `json:"network,omitempty"`
File *FileEvent `json:"file,omitempty"`
Exec *ExecEvent `json:"exec,omitempty"`
}
type ExecOptions ¶
type ExecResult ¶
type ImageConfig ¶ added in v0.1.10
type ImageConfig struct {
User string `json:"user,omitempty"`
WorkingDir string `json:"working_dir,omitempty"`
Entrypoint []string `json:"entrypoint,omitempty"`
Cmd []string `json:"cmd,omitempty"`
Env map[string]string `json:"env,omitempty"`
}
func (*ImageConfig) ComposeCommand ¶ added in v0.1.10
func (ic *ImageConfig) ComposeCommand(userArgs []string) []string
ComposeCommand builds a shell command from image ENTRYPOINT/CMD and user-provided args. Follows Docker semantics: if user provides args, they replace CMD; ENTRYPOINT is always prepended.
type MountConfig ¶
type MountConfig struct {
Type string `json:"type"`
HostPath string `json:"host_path,omitempty"`
Readonly bool `json:"readonly,omitempty"`
Upper *MountConfig `json:"upper,omitempty"`
Lower *MountConfig `json:"lower,omitempty"`
}
type NetworkConfig ¶
type NetworkConfig struct {
AllowedHosts []string `json:"allowed_hosts,omitempty"`
BlockPrivateIPs bool `json:"block_private_ips,omitempty"`
Secrets map[string]Secret `json:"secrets,omitempty"`
PolicyScript string `json:"policy_script,omitempty"`
DNSServers []string `json:"dns_servers,omitempty"`
}
func (*NetworkConfig) GetDNSServers ¶ added in v0.1.7
func (n *NetworkConfig) GetDNSServers() []string
GetDNSServers returns the configured DNS servers or defaults.
type NetworkEvent ¶
type NetworkEvent struct {
Method string `json:"method"`
URL string `json:"url"`
Host string `json:"host"`
StatusCode int `json:"status_code"`
RequestBytes int64 `json:"request_bytes"`
ResponseBytes int64 `json:"response_bytes"`
DurationMS int64 `json:"duration_ms"`
Blocked bool `json:"blocked"`
BlockReason string `json:"block_reason,omitempty"`
}
type Secret ¶
type VFSConfig ¶
type VFSConfig struct {
Workspace string `json:"workspace,omitempty"`
DirectMounts map[string]DirectMount `json:"direct_mounts,omitempty"`
Mounts map[string]MountConfig `json:"mounts,omitempty"`
}
func (*VFSConfig) GetWorkspace ¶
GetWorkspace returns the configured workspace path or the default
type VM ¶
type VM interface {
ID() string
Config() *Config
Start(ctx context.Context) error
Stop(ctx context.Context) error
Exec(ctx context.Context, command string, opts *ExecOptions) (*ExecResult, error)
WriteFile(ctx context.Context, path string, content []byte, mode uint32) error
ReadFile(ctx context.Context, path string) ([]byte, error)
ListFiles(ctx context.Context, path string) ([]FileInfo, error)
Events() <-chan Event
Close() error
}
Source Files
Click to show internal directories.
Click to hide internal directories.