Implement Perry container subsystem and ensure production readiness#79
Conversation
feat: implement production-ready container and workload orchestration
Finalize the OCI stack by implementing the `perry/container` and
`perry/container-compose` (workloads) subsystems. This moves the
implementation from initial stubs to a hardened, spec-compliant architecture.
Core Subsystems:
- Orchestration: Implemented `WorkloadGraphEngine` and `ComposeEngine`
using Kahn's algorithm for deterministic dependency resolution and
topological startup/shutdown/rollback.
- Backend Logic: Multi-layered auto-detection for 7+ runtimes (Apple, Podman,
Docker, Lima, etc.) with liveness probes and strict priority ordering.
- Security & Policy:
* Implemented `PolicySpec` enforcement (Isolated, Hardened, Untrusted).
* Added image verification via Sigstore/cosign (opt-in via environment).
* Hardened ephemeral runners with `cap_drop: ALL`, seccomp, and read-only
root support.
- FFI Bridge: Expanded `perry-stdlib` with async-safe, promise-based
handlers optimized for raw C-ABI passing of primitives.
Technical Details:
- Restructured `perry-container-compose` into a flat module layout.
- Standardized container naming to `{image_hash_8}-{random_hex8}` with
label-based orphan cleanup.
- Refactored `CliBackend` to be generic over `CliProtocol` for zero vtable
overhead.
- Modernized internal registries with `DashMap` for concurrent access.
- Integrated with Perry compiler (HIR registration and codegen dispatch).
Refinements & Fixes:
- Fixed SQLite linker conflicts by gating runtime stubs.
- Restored `Buffer` synonym and `process.argv` specialization in `lower.rs`.
- Implemented robust IP and label extraction for the `DockerProtocol`.
- Expanded `MockBackend` for high-fidelity orchestration testing.
Validation:
- Added 12 new tests covering orchestration states and policy enforcement.
- Verified 79/0 pass in `perry-container-compose`.
- Verified 33/0 pass in `perry-stdlib` container features and smoke tests.
…ycle
Complete the OCI container and workload subsystems by resolving nine
interlocking codegen/FFI bugs and implementing a production-ready Forgejo
deployment example. This update moves the stack from "spec-complete" to
"deployment-hardened."
Orchestration & Correctness:
- Project Namespacing: Volumes and networks are now prefixed with
`<project>_<name>` to prevent cross-stack collisions and data corruption.
- Idempotency: Implemented spec-hash tracking (`perry.compose.spec_hash`);
subsequent `up()` calls now detect drift and recreate containers only on
configuration changes.
- DNS & Aliases: Automated service-key network aliases, allowing sibling
containers to resolve each other (e.g., `db:5432`) via embedded DNS.
- Rollback & Cleanup: Fixed volume-drain bugs in `down()`; added RAII-style
`downByProject` and `downAll` APIs for reliable resource recovery.
Codegen & FFI Fixes:
- Fixed FFI type mismatches where LLVM doubles conflicted with Rust i64/i32
signatures for handles.
- Resolved "Invalid Handle" bugs via NaN-boxing with `POINTER_TAG` for
safe u64-to-f64 handle round-trips.
- Implemented `js_value_to_str_ptr_for_ffi` to correctly handle JSON
serialization for complex objects passed to `composeUp`.
- Fixed async backend race conditions via synchronous in-place probes.
Security & Environment:
- Enforced `PolicySpec` tiers (Isolated, Hardened, Untrusted) with
fail-fast checks for backend compatibility.
- Added three-mode image verification (off, warn, enforce) via Sigstore/cosign.
- Integrated `${VAR:-default}` environment interpolation at the FFI boundary.
Testing & Validation:
- Phase A-E Test Sweep: 191+ tests covering hermetic functional logic,
FFI regressions, live-runtime integration (Docker/Podman), and e2e
compiler-to-runtime flows.
- Forgejo Deployment: A production-quality example using `data.forgejo.org`,
featuring healthcheck-gated dependencies and stable volume secrets.
…container/ section
Seven new pages cover overview, single-container lifecycle (perry/container), compose orchestration (perry/compose), networking (incl. the container_name DNS workaround), volumes, security, and a Forgejo-deployment case study. New docs/examples/stdlib/container/snippets.ts with 11 ANCHOR blocks pulled into the markdown via {{#include}}. doc-tests --lint and --filter container both pass.
…ness This commit completes the implementation of the Perry container subsystem, ensuring production readiness and alignment with the architecture specs. Key improvements: - Implemented on-demand image building in `ComposeEngine::up`. - Enhanced backend probes for Podman, Docker, nerdctl, and OrbStack. - Transitioned compose logs to a structured JSON format (HashMap of ContainerLogs). - Ensured correct stdlib linkage in HIR for container modules. - Verified Sigstore/cosign image verification integration. - Fixed CLI log rendering and cleaned up unused imports. - Verified all changes with a full suite of unit and integration tests. Co-authored-by: yumin-chen <10954839+yumin-chen@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
a7e9d31 to
dd181eb
Compare
This PR completes the implementation of the Perry container subsystem and ensures its production readiness.
Key changes:
ComposeEngine::uplogic now handles building images if they are missing or if thebuildflag is set, provided a build spec exists (§6.2).infoor--versioncommands, rather than just binary presence (§5.3).logs()API in both the core engine and the FFI bridge to return a structured JSON map indexed by service name, preserving separate stdout/stderr streams for production-grade orchestration (§7.2).perry-hirto ensure container modules correctly triggerperry-stdliblinkage, and verified that Sigstore/cosign image verification honors thePERRY_CONTAINER_VERIFY_IMAGESenvironment variable.cli.rsand cleaned up unused imports across the container crates.perry-container-compose(78 tests) and FFI integration tests inperry-stdlibpassed successfully.PR created automatically by Jules for task 6585794905815171178 started by @yumin-chen