didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

fix(smolmachines): pass --net explicitly when allow_cidrs is set
test / unit (pull_request) Successful in 27s
Details
test / integration (pull_request) Successful in 40s
Details

Browse Source 
smolvm 0.8.0 docs say `--allow-cidr` implies `--net`, but
empirically the implication only fires when no `--from` is set.
`--from PATH --allow-cidr X/32` silently produces a machine with
network: false and no routes in the guest — claude lands inside
with HTTPS_PROXY pointing at the bundle's pinned IP but every
connect fails with "Network is unreachable" / FailedToOpenSocket
in claude's UI.

Reproduce + verify:
  $ smolvm machine create --from <pack> --allow-cidr X/32 nettest
  $ smolvm machine ls --json | jq '.[].network'  # false
  $ smolvm machine create --from <pack> --net --allow-cidr X/32 nettest2
  $ smolvm machine ls --json | jq '.[].network'  # true

Add `--net` whenever `allow_cidrs` is non-empty. No change to the
no-allow-cidr code path. Test added to lock down both branches.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
didericis (claude)
2026-05-27 15:21:43 -04:00
parent 91955ec59f
commit da1e5e1ba8
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
claude_bottle/backend/smolmachines/smolvm.py
+10 -1
View File
@@ -117,12 +117,21 @@ def machine_create(
Smolfile because `--from` and `--smolfile` are themselves
mutually exclusive in smolvm 0.8.0 — and we want `--from`'s
no-pull-at-start property. The flag form gives the same
result without the Smolfile complication."""
result without the Smolfile complication.
`--net` is sent explicitly when `allow_cidrs` is non-empty.
smolvm 0.8.0's docs say `--allow-cidr` implies `--net`, but
empirically the implication only fires when no `--from` is
set — `--from PATH --allow-cidr X/32` silently produces a
machine with `network: false` and no routes in the guest, so
the agent can't reach the bundle's pinned IP."""
args: list[str] = ["machine", "create"]
if image is not None:
args += ["--image", image]
if from_path is not None:
args += ["--from", str(from_path)]
if allow_cidrs:
args.append("--net")
for cidr in allow_cidrs:
args += ["--allow-cidr", cidr]
if env:
tests/unit/test_smolmachines_smolvm.py
+8
View File
@@ -82,12 +82,20 @@ class TestArgvShapes(unittest.TestCase):
self.assertEqual("smolvm", argv[0])
self.assertIn("--from", argv)
self.assertIn("/stage/agent.smolmachine", argv)
# `--net` is explicit because smolvm 0.8.0's implied-net
# from --allow-cidr doesn't fire when --from is set.
self.assertIn("--net", argv)
self.assertIn("--allow-cidr", argv)
self.assertIn("192.168.50.2/32", argv)
self.assertIn("-e", argv)
self.assertIn("HTTPS_PROXY=http://192.168.50.2:8888", argv)
self.assertEqual("agent-xyz", argv[-1])
def test_machine_create_omits_net_when_no_allow_cidrs(self):
with self._patch_run() as m:
machine_create("agent-xyz", from_path=Path("/x.smolmachine"))
self.assertNotIn("--net", m.call_args.args[0])
def test_machine_start_uses_dash_name(self):
# `start` is the --name flag form, NOT positional.
with self._patch_run() as m: