didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

PRD: macOS Container backend - Part II (launch step) #231

Merged
didericis merged 4 commits from feat/macos-container-launch into feat/macos-container-backend 2026-06-10 21:32:18 -04:00
Conversation 2 Commits 4 Files Changed 10
+1177 -46
didericis-codex commented 2026-06-10 19:47:11 -04:00
Collaborator
Copy Link
Copy Source

Stacked on PR #229.

Implements the macOS Container launch path using the proxy-env solution from issue #230:

  • builds the sidecar bundle and agent image with Apple Container
  • creates a host-only internal network for the agent and a NAT egress network for the sidecar
  • starts the sidecar bundle dual-homed and discovers its internal IP from container inspect
  • starts the agent on the internal network only with HTTP(S)_PROXY, CA bundle env, and optional supervise URL
  • uses directory bind mounts because Apple Container rejects single-file bind mounts
  • keeps bottle.git/git-gate blocked for this backend until there is a safe key delivery path

Verification:

  • python3 -m compileall -q bot_bottle tests/unit/test_macos_container_launch.py tests/unit/test_macos_container_util.py tests/unit/test_macos_container_cleanup.py
  • python3 -m unittest discover tests/unit
  • npx pyright .
  • git diff --check
Stacked on PR #229. Implements the macOS Container launch path using the proxy-env solution from issue #230: - builds the sidecar bundle and agent image with Apple Container - creates a host-only internal network for the agent and a NAT egress network for the sidecar - starts the sidecar bundle dual-homed and discovers its internal IP from `container inspect` - starts the agent on the internal network only with HTTP(S)_PROXY, CA bundle env, and optional supervise URL - uses directory bind mounts because Apple Container rejects single-file bind mounts - keeps bottle.git/git-gate blocked for this backend until there is a safe key delivery path Verification: - `python3 -m compileall -q bot_bottle tests/unit/test_macos_container_launch.py tests/unit/test_macos_container_util.py tests/unit/test_macos_container_cleanup.py` - `python3 -m unittest discover tests/unit` - `npx pyright .` - `git diff --check`
didericis-codex added 1 commit 2026-06-10 19:47:13 -04:00
feat(macos-container): launch explicit-proxy bottles
lint / lint (push) Successful in 1m50s
Details
test / unit (pull_request) Successful in 37s
Details
test / integration (pull_request) Successful in 19s
Details
d923871fd2
didericis changed title from macOS Container backend launch step - Part II to PRD: macOS Container backend launch step - Part II 2026-06-10 19:48:23 -04:00
didericis changed title from PRD: macOS Container backend launch step - Part II to PRD: macOS Container backend - Part II (launch step) 2026-06-10 19:48:40 -04:00
didericis reviewed 2026-06-10 21:28:31 -04:00
bot_bottle/backend/macos_container/launch.py
@@ -20,2 +36,4 @@
_REPO_DIR = str(Path(__file__).resolve().parent.parent.parent.parent)
_SIDECAR_SLEEP_SECONDS = "2147483647"
didericis commented 2026-06-10 21:28:30 -04:00
Owner
Copy Link
Copy Source

Why this value/what is this used for?

Why this value/what is this used for?
didericis added 3 commits 2026-06-10 21:32:05 -04:00
test(macos-container): add launch integration smoke
lint / lint (push) Successful in 1m44s
Details
test / unit (pull_request) Successful in 37s
Details
test / integration (pull_request) Successful in 20s
Details
f7f9892b53
fix(macos-container): start builder with dns
lint / lint (push) Successful in 1m45s
Details
test / unit (pull_request) Successful in 37s
Details
test / integration (pull_request) Successful in 19s
Details
d123b99347
fix(macos-container): preserve working builder dns
lint / lint (push) Successful in 1m33s
Details
test / unit (pull_request) Successful in 30s
Details
test / integration (pull_request) Successful in 16s
Details
2e467d236a
didericis merged commit 2e467d236a into feat/macos-container-backend 2026-06-10 21:32:18 -04:00
didericis deleted branch feat/macos-container-launch 2026-06-10 21:32:19 -04:00
didericis-codex commented 2026-06-10 21:34:27 -04:00
Author
Collaborator
Copy Link
Copy Source

Re: #231 (comment)

That value is just a long-lived sleep duration used to keep the detached agent container alive after launch so later container exec calls have a target. 2147483647 is the max signed 32-bit integer in seconds, so effectively "sleep forever" without relying on sleep infinity being accepted everywhere.

You are right to question it: the constant name is wrong. _SIDECAR_SLEEP_SECONDS is used for the agent container, not the sidecar. It should be renamed to something like _CONTAINER_SLEEP_SECONDS or _AGENT_SLEEP_SECONDS in the stacked cleanup/follow-up.

Re: https://gitea.dideric.is/didericis/bot-bottle/pulls/231#issuecomment-2011 That value is just a long-lived sleep duration used to keep the detached agent container alive after launch so later `container exec` calls have a target. `2147483647` is the max signed 32-bit integer in seconds, so effectively "sleep forever" without relying on `sleep infinity` being accepted everywhere. You are right to question it: the constant name is wrong. `_SIDECAR_SLEEP_SECONDS` is used for the agent container, not the sidecar. It should be renamed to something like `_CONTAINER_SLEEP_SECONDS` or `_AGENT_SLEEP_SECONDS` in the stacked cleanup/follow-up.
Sign in to join this conversation.
Reviewers
No Reviewers
didericis
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#231
Delete Branch "feat/macos-container-launch"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?