feat: support macos-container bottle commits

bot_bottle/backend/macos_container/launch.py

@@ -17,7 +17,11 @@ from contextlib import ExitStack, contextmanager
 from pathlib import Path
 from typing import Callable, Generator
 
-from ...bottle_state import egress_state_dir, git_gate_state_dir
+from ...bottle_state import (
+    egress_state_dir,
+    git_gate_state_dir,
+    read_committed_image,
+)
 from ...egress import EGRESS_ROUTES_IN_CONTAINER, egress_resolve_token_values
 from ...git_gate import revoke_git_gate_provisioned_keys
 from ...log import die, info, warn
@@ -83,7 +87,7 @@ def launch(
 
     try:
         plan = _mint_certs(plan)
-        _build_images(plan)
+        plan = _build_images(plan)
 
         internal_network = internal_network_name(plan.slug)
         egress_network = egress_network_name(plan.slug)
@@ -134,17 +138,28 @@ def _mint_certs(plan: MacosContainerBottlePlan) -> MacosContainerBottlePlan:
     return dataclasses.replace(plan, egress_plan=egress_plan)
 
 
-def _build_images(plan: MacosContainerBottlePlan) -> None:
+def _build_images(plan: MacosContainerBottlePlan) -> MacosContainerBottlePlan:
     container_mod.build_image(
         SIDECAR_BUNDLE_IMAGE,
         _REPO_DIR,
         dockerfile=SIDECAR_BUNDLE_DOCKERFILE,
     )
+    committed = read_committed_image(plan.slug)
+    if committed and container_mod.image_exists(committed):
+        info(f"using committed image {committed!r}")
+        return dataclasses.replace(
+            plan,
+            agent_provision=dataclasses.replace(
+                plan.agent_provision,
+                image=committed,
+            ),
+        )
     container_mod.build_image(
         plan.image,
         _REPO_DIR,
         dockerfile=plan.dockerfile_path,
     )
+    return plan
 
 
 def _create_networks(

bot_bottle/backend/macos_container/util.py

@@ -8,6 +8,7 @@ import ipaddress
 import platform
 import shutil
 import subprocess
+import tempfile
 import time
 from typing import Iterable
 
@@ -72,6 +73,39 @@ def build_image(ref: str, context: str, *, dockerfile: str = "") -> None:
     subprocess.run(args, check=True)
 
 
+def commit_container(container_name: str, image_tag: str) -> None:
+    """Snapshot a running Apple Container as a local image.
+
+    Apple Container exposes filesystem export rather than Docker's
+    `commit` verb. Bot-bottle supplies command and environment at
+    launch time, so preserving the root filesystem is sufficient for a
+    resumable committed bottle image.
+    """
+    with tempfile.TemporaryDirectory(prefix="bot-bottle-container-commit.") as tmp:
+        rootfs_tar = os.path.join(tmp, "rootfs.tar")
+        dockerfile = os.path.join(tmp, "Dockerfile")
+        result = subprocess.run(
+            [_CONTAINER, "export", "-o", rootfs_tar, container_name],
+            capture_output=True,
+            text=True,
+            check=False,
+        )
+        if result.returncode != 0:
+            die(
+                f"container export {container_name!r} failed: "
+                f"{(result.stderr or '').strip() or '<no stderr>'}"
+            )
+        with open(dockerfile, "w", encoding="utf-8") as f:
+            f.write(
+                "FROM scratch\n"
+                "ADD rootfs.tar /\n"
+                "USER node\n"
+                "WORKDIR /home/node\n"
+            )
+        build_image(image_tag, tmp, dockerfile=dockerfile)
+    info(f"committed {container_name!r} → {image_tag!r}")
+
+
 def _ensure_builder_dns() -> None:
     dns = dns_server()
     status = _builder_status()

bot_bottle/cli/commit.py

@@ -1,10 +1,11 @@
 """commit: freeze a running bottle's state to a resumable artifact.
 
-Docker bottles are committed to a local Docker image. Smolmachines
-bottles are packed from the running VM into a `.smolmachine` artifact.
-The resulting reference is stored in per-bottle state so the next
-`./cli.py resume <slug>` boots from the snapshot instead of rebuilding
-from the Dockerfile.
+Docker bottles are committed to a local Docker image. Macos-container
+bottles are exported and rebuilt as a local Apple Container image.
+Smolmachines bottles are packed from the running VM into a
+`.smolmachine` artifact. The resulting reference is stored in
+per-bottle state so the next `./cli.py resume <slug>` boots from the
+snapshot instead of rebuilding from the Dockerfile.
 """
 
 from __future__ import annotations
@@ -13,7 +14,8 @@ import argparse
 from pathlib import Path
 
 from ..backend import enumerate_active_agents
-from ..backend.docker.util import commit_container
+from ..backend.docker.util import commit_container as docker_commit_container
+from ..backend.macos_container.util import commit_container as macos_commit_container
 from ..backend.smolmachines.smolvm import pack_create_from_vm
 from ..bottle_state import bottle_state_dir
 from ..bottle_state import mark_preserved, read_metadata, write_committed_image
@@ -24,6 +26,7 @@ from . import tui
 
 _COMMITTED_IMAGE_PREFIX = "bot-bottle-committed-"
 _DOCKER_BACKENDS = {"docker", ""}
+_MACOS_CONTAINER_BACKEND = "macos-container"
 _SMOLMACHINES_BACKEND = "smolmachines"
 
 
@@ -77,13 +80,27 @@ def cmd_commit(argv: list[str]) -> int:
         container = _agent_container_name(slug)
         image_tag = _committed_image_tag(slug)
 
-        commit_container(container, image_tag)
+        docker_commit_container(container, image_tag)
         write_committed_image(slug, image_tag)
         mark_preserved(slug)
         info(f"to resume from this snapshot: ./cli.py resume {slug}")
         info(f"to export for migration:      docker save {image_tag} -o {slug}.tar")
         return 0
 
+    if backend == _MACOS_CONTAINER_BACKEND:
+        container = _agent_container_name(slug)
+        image_tag = _committed_image_tag(slug)
+
+        macos_commit_container(container, image_tag)
+        write_committed_image(slug, image_tag)
+        mark_preserved(slug)
+        info(f"to resume from this snapshot: ./cli.py resume {slug}")
+        info(
+            f"to export for migration:      "
+            f"container image save {image_tag} -o {slug}.tar"
+        )
+        return 0
+
     if backend == _SMOLMACHINES_BACKEND:
         machine = _agent_machine_name(slug)
         output = _committed_smolmachine_output(slug)
@@ -98,7 +115,8 @@ def cmd_commit(argv: list[str]) -> int:
 
     if backend:
         die(
-            f"commit is only supported for the docker and smolmachines backends; "
+            f"commit is only supported for docker, macos-container, and "
+            f"smolmachines; "
             f"bottle {slug!r} uses {backend!r}"
         )
     die(f"commit cannot determine the backend for bottle {slug!r}")