commit 07ea478716f7d98ae29468b505f4bb7c16b09407 Author: robcholz <84130577+robcholz@users.noreply.github.com> Date: Thu Feb 5 21:02:57 2026 -0500 feat: first commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..feb9d4c --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +/target +.vibebox +.idea diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 0000000..870debc --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,120 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "bitflags" +version = "2.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "812e12b5285cc515a9c72a5c1d3b6d46a19dac5acfef5265968c166106e31dd3" + +[[package]] +name = "block2" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdeb9d870516001442e364c5220d3574d2da8dc765554b4a617230d33fa58ef5" +dependencies = [ + "objc2", +] + +[[package]] +name = "dispatch2" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "89a09f22a6c6069a18470eb92d2298acf25463f14256d24778e1230d789a2aec" +dependencies = [ + "bitflags", + "block2", + "libc", + "objc2", +] + +[[package]] +name = "lexopt" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9fa0e2a1fcbe2f6be6c42e342259976206b383122fc152e872795338b5a3f3a7" + +[[package]] +name = "libc" +version = "0.2.180" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bcc35a38544a891a5f7c865aca548a982ccb3b8650a5b06d0fd33a10283c56fc" + +[[package]] +name = "objc2" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7c2599ce0ec54857b29ce62166b0ed9b4f6f1a70ccc9a71165b6154caca8c05" +dependencies = [ + "objc2-encode", +] + +[[package]] +name = "objc2-app-kit" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d49e936b501e5c5bf01fda3a9452ff86dc3ea98ad5f283e1455153142d97518c" +dependencies = [ + "bitflags", + "objc2", + "objc2-foundation", +] + +[[package]] +name = "objc2-core-foundation" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a180dd8642fa45cdb7dd721cd4c11b1cadd4929ce112ebd8b9f5803cc79d536" +dependencies = [ + "bitflags", + "dispatch2", + "objc2", +] + +[[package]] +name = "objc2-encode" +version = "4.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef25abbcd74fb2609453eb695bd2f860d389e457f67dc17cafc8b8cbc89d0c33" + +[[package]] +name = "objc2-foundation" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3e0adef53c21f888deb4fa59fc59f7eb17404926ee8a6f59f5df0fd7f9f3272" +dependencies = [ + "bitflags", + "block2", + "libc", + "objc2", + "objc2-core-foundation", +] + +[[package]] +name = "objc2-virtualization" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8edb98625ad1f7dea2e82ab54d5bdf3f477e6645b550f4a7cced1818be9ff59d" +dependencies = [ + "bitflags", + "block2", + "dispatch2", + "objc2", + "objc2-app-kit", + "objc2-core-foundation", + "objc2-foundation", +] + +[[package]] +name = "vibebox" +version = "0.1.0" +dependencies = [ + "block2", + "dispatch2", + "lexopt", + "libc", + "objc2", + "objc2-foundation", + "objc2-virtualization", +] diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 0000000..54a5014 --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "vibebox" +version = "0.1.0" +edition = "2024" + +[dependencies] +objc2 = "*" +objc2-foundation = { version = "*", features = [ + "NSArray", + "NSString", + "NSURL", + "NSError", + "NSFileHandle", + "NSData", + "NSDate", + "NSRunLoop", + "NSObject", +] } +objc2-virtualization = "*" +block2 = "*" +dispatch2 = "*" +libc = "*" +lexopt = "0.3" diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..65336c6 --- /dev/null +++ b/LICENSE @@ -0,0 +1,7 @@ +Copyright 2026 Kevin Lynagh + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/build.rs b/build.rs new file mode 100644 index 0000000..3f2bbbf --- /dev/null +++ b/build.rs @@ -0,0 +1,12 @@ +use std::process::Command; + +fn main() { + let sha = Command::new("git") + .args(["rev-parse", "--short", "HEAD"]) + .output() + .map(|o| String::from_utf8_lossy(&o.stdout).trim().to_string()) + .unwrap_or_else(|_| "unknown".into()); + + println!("cargo:rustc-env=GIT_SHA={sha}"); + println!("cargo:rerun-if-changed=.git/HEAD"); +} diff --git a/docs/implementations.md b/docs/implementations.md new file mode 100644 index 0000000..62cd99b --- /dev/null +++ b/docs/implementations.md @@ -0,0 +1,91 @@ +# Implementations + +## Definitions + +### Vibebox Command + +Commands for vibebox, the format is `:` + +### Box Command + +Commands for general vm spawned by the vibebox, a typical linux command, +the format is as same as the linux, `` + +### Data Storage + +Global session index is stored in `~/.vibebox/sessions.toml`. + +Global images are stored in `~/.vibebox/images`. + +Project config is stored in `[project_dir]/vibebox.toml`, this should be committed to VCS. + +Project cache should be stored in `[project_dir]/.vibebox/`. + +### Session management + +Each session represents an underlying VM instance, users can quit, enter, spawn a session. + +A session is represented by a UUID(RFC 4122 variant),and it is UUIDv7. + +Example: + +`019bf290-cccc-7c23-ba1d-dce7e6d40693` + +Each session has the following members: + +- `id`: session id +- `directory`: project directory (absolute) +- `last_active`: utc time indicating the last active time for the session + +Sessions info are stored in `~/.vibebox/sessions.toml` + +A session can be shut down, resumed, deleted, created. + +A session links to a directory. Currently, a directory can only have a single session; a session can be connected to +multiple vibeboxes. + +Instance data are stored in `project_dir/.vibebox`. + +Deleting `[project_dir]/.vibebox/` permanently deletes the session. The global index entry (if any) will be removed by +any command that uses the global index but failed to locate. + +There is a reference count for each session, and this represents the number of `vibebox` using that session. + +A session (VM) will only shut down after `AUTO_SHUTDOWN_GRACE_MS` milliseconds if the reference count is 0. Shutting a +session down can save some resources, but the first startup time will be larger than resuming an active session. + +When a session shuts down, the VM stops, but the instance disk in project_dir/.vibebox/ is preserved for faster +later boots. + +#### Behavior + +In host cli: + +- use `vibebox` without config to connect to an exising session, or create a new one if not existed. +- use `vibebox delete ` to delete an existed session, delete removes + `[session.directory]/.vibebox/` and deletes the global index entry. +- use `vibebox list` to list a list of sessions + +In vibebox: + +- use `:new` to prompt user to delete and create a session. +- use `:exit` to exit vibebox. + +### (Shows all the mounts/network/visibility) + +Each session has mounts, meaning it has a file system mapping from host to the inner VM, this has a default value, and +users can add new mounts to it. + +Each session also has its own network mapping, users can choose to use blocklist or allowlist mode to control the +traffic by hostname/domain. + +The command can display the mapping and network strategy. + +They are also stored per project, in `vibebox.toml` + +#### Behaviors + +- use `:explain` to display: + - mounts: host_path → guest_path, ro/rw + - network: mode (allowlist/blocklist) and entries + - storage: paths to vibebox.toml and .vibebox/ (relative from the project_dir) \ No newline at end of file diff --git a/docs/new_features.md b/docs/new_features.md new file mode 100644 index 0000000..9d0c640 --- /dev/null +++ b/docs/new_features.md @@ -0,0 +1,22 @@ +# New Features + +## Priority 1 + +### Session management + +1. each session is a folder +2. by default, there should be a reference count for each vm, if count is 0, shutdown in DEFAULT_EXPECT_TIMEOUT. +3. You can also use command inside a session to never allow it to auto shutdown +4. you can use commands to resume a session + +### explain (Shows all the mounts/network/visibility) + +1. you can display all the mounts & network activity. +2. you can set disable to disable a network connection. +3. use a config file in .vibebox/config.toml to config it + +## Priority 2 + +### Port Forwarding + +1. Port will be auto forwarded to the host diff --git a/docs/old_features.md b/docs/old_features.md new file mode 100644 index 0000000..a5a0b67 --- /dev/null +++ b/docs/old_features.md @@ -0,0 +1,47 @@ +# Existing Features (Legacy Snapshot) + +This document summarizes the currently implemented features in the repo at the time of review. + +## Core Purpose +- Single-binary CLI to spin up a Linux VM on Apple Silicon macOS for sandboxing LLM agents. +- Uses Apple Virtualization framework with a lightweight Debian nocloud image. + +## VM Lifecycle +- Downloads a Debian base image on first run and verifies SHA-512 before use. +- Decompresses the base image and provisions it once, saving as a default template. +- Creates a per-project instance disk at `.vibe/instance.raw` on first run. +- Instance disks persist across runs until manually deleted. + +## Default Sharing and Mounts +- Automatically shares the current project directory into the VM. +- Shares common cache/config directories when present: +- `~/.m2`, `~/.cargo/registry`, `~/.codex`, `~/.claude`. +- Maintains a dedicated guest mise cache at `~/.cache/vibe/.guest-mise-cache` on the host. +- Supports disabling default mounts with `--no-default-mounts`. +- Supports explicit mounts via `--mount host:guest[:read-only|:read-write]`. + +## CLI Options and Automation +- `--cpus` and `--ram` to configure virtual CPU count and memory size. +- `--script` to upload and run a shell script inside the VM. +- `--send` to type a command into the VM console. +- `--expect` to wait for console output before continuing with script or send actions. +- Optional disk image argument to boot an existing raw disk directly. + +## Console and Login Experience +- Auto-login as root by waiting for login prompt. +- Mounts shared directories using virtiofs, then bind-mounts to target paths. +- Prints a startup MOTD showing host and guest mount mappings. +- Streams VM console to the terminal with raw mode for interactive use. + +## Security and Signing +- Checks for `com.apple.security.virtualization` entitlement on startup. +- Self-signs the binary with the required entitlement if missing, then re-execs. + +## Networking and Devices +- NAT networking enabled by default. +- Virtio block device for storage and virtio entropy device for randomness. +- Serial console plumbing between host and guest for I/O. + +## Platform Assumptions +- ARM-based macOS (Ventura or newer) is required. +- First run requires network access to fetch the base image. diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..ae81240 --- /dev/null +++ b/readme.md @@ -0,0 +1,208 @@ +Vibe is a quick, zero-configuration way to spin up a Linux virtual machine on Mac to sandbox LLM agents: + +``` +$ cd my-project +$ vibe + +░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓███████▓▒░░▒▓████████▓▒░ +░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ + ░▒▓█▓▒▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ + ░▒▓█▓▒▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░░▒▓██████▓▒░ + ░▒▓█▓▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ + ░▒▓█▓▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ + ░▒▓██▓▒░ ░▒▓█▓▒░▒▓███████▓▒░░▒▓████████▓▒░ + +Host Guest Mode +---------------------------------------- ----------------------- ---------- +/Users/dev/work/my-project /root/my-project read-write +/Users/dev/.cache/vibe/.guest-mise-cache /root/.local/share/mise read-write +/Users/dev/.m2 /root/.m2 read-write +/Users/dev/.cargo/registry /root/.cargo/registry read-write +/Users/dev/.codex /root/.codex read-write +/Users/dev/.claude /root/.claude read-write + +root@vibe:~/my-project# +``` + +On my M1 MacBook Air it takes ~10 seconds to boot. + + +Dependencies: + +- An ARM-based Mac running MacOS 13 (Ventura) or higher. +- A network connection is required on the first run to download and configure the Debian Linux base image. +- That's it! + + +## Why use Vibe? + +- LLM agents are more fun to use with `--yolo`, since they're not always interrupting you to approve their commands. +- Sandboxing the agent in a VM lets it install/remove whatever tools its lil' transformer heart desires, *without* wrecking your actual machine. +- You control what the agent (and thus the upstream LLM provider) can actually see, by controlling exactly what's shared into the VM sandbox. + (This project was inspired by me running `codex` *without* `--yolo` and seeing it reading files outside of the directory I started it in --- not cool, bro.) + +I'm using virtual machines rather than containers because: + +- Virtualization is more secure against malicious escapes than containers or the MacOS sandbox framework. +- Containers on MacOS require spinning up a virtual machine anyway. + +Finally, as a matter of taste and style: + +- The binary is < 1 MB. +- I wrote the entire README myself, 100% with my human brain. +- The entire implementation is in one ~1200 line Rust file. +- The only Rust dependencies are the [Objc2](https://github.com/madsmtm/objc2) interop crates and the [lexopt](https://github.com/blyxxyz/lexopt) argument parser. +- There are no emoji anywhere in this repository. + + +## Install + +Vibe is a single binary built with Rust. + +Download [the latest binary built by GitHub actions](https://github.com/lynaghk/vibe/releases/tag/latest) and put it somewhere on your `$PATH`: + + curl -LO https://github.com/lynaghk/vibe/releases/download/latest/vibe-macos-arm64.zip + unzip vibe-macos-arm64.zip + mkdir -p ~/.local/bin + mv vibe ~/.local/bin + export PATH="$HOME/.local/bin:$PATH" + +If you use [mise-en-place](https://mise.jdx.dev/): + + mise use github:lynaghk/vibe@latest + +I'm not making formal releases or keeping a change log. +I recommend reading the commit history and pinning to a specific version. + +You can also install via `cargo`: + + cargo install --locked --git https://github.com/lynaghk/vibe.git + +If you don't have `cargo`, you need to install Rust: + + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh + + +## Using Vibe + + +``` +vibe [OPTIONS] [disk-image.raw] + +Options + + --help Print this help message. + --version Print the version (commit SHA). + --no-default-mounts Disable all default mounts. + --mount host-path:guest-path[:read-only | :read-write] Mount `host-path` inside VM at `guest-path`. + Defaults to read-write. + Errors if host-path does not exist. + --cpus Number of virtual CPUs (default 2). + --ram RAM size in megabytes (default 2048). + --script Run script in VM. + --send Type `some-command` followed by newline into the VM. + --expect [timeout-seconds] Wait for `string` to appear in console output before executing next `--script` or `--send`. + If `string` does not appear within timeout (default 30 seconds), shutdown VM with error. +``` + +Invoking vibe without a disk image: + +- shares the current directory with the VM +- shares package manager cache directories with the VM, so that packages are not re-downloaded +- shares the `~/.codex` directory with the VM, so you can use OpenAI's [codex](https://openai.com/codex/) +- shares the `~/.claude` directory with the VM, so you can use Anthropic's [claude](https://claude.com/product/claude-code) + +The first time you run `vibe`, a Debian Linux image is downloaded to `~/.cache/vibe/`, configured with basic tools like gcc, [mise-en-place](https://mise.jdx.dev/), ripgrep, rust, etc., and saved as `default.raw`. +(See [provision.sh](/src/provision.sh) for details.) + +Then when you run `vibe` in a project directory, it copies this default image to `.vibe/instance.raw`, boots it up, and attaches your terminal to this VM. + +When you `exit` this shell, the VM is shutdown. +The disk state persists until you delete it. +There is no centralized registry of VMs --- if you want to delete a VM, just delete its disk image file. + +## Other notes + +- Apple Filesystem is copy-on-write, so instance images only use disk space when they diverge from the default image. + You can use `du -h` to see how much space is actually consumed: + + $ /bin/ls -lah .vibe/instance.raw + -rw-r--r-- 1 dev staff 10G Jan 25 20:41 .vibe/instance.raw + + $ du -h .vibe/instance.raw + 2.3G .vibe/instance.raw + +- MacOS only lets binaries signed with the `com.apple.security.virtualization` entitlement run virtual machines, so `vibe` checks itself on startup and, if necessary, signs itself using `codesign`. SeCuRiTy! + +- Debian "nocloud" is used as a base image because it boots directly to a root prompt. + The other images use [cloudinit](https://cloudinit.readthedocs.io/en/latest/), which I found much more complex: + - Network requests are made during the boot process, and if you're offline they take several *minutes* to timeout before the login prompt is reached (thanks, `systemd-networkd-wait-online.service`). + - Subsequent boots are much slower (at least, I couldn't easily figure out how to remove the associated cloud init machinery). + + +## Alternatives + +Here's what I tried before writing this solution: + +- [Sandboxtron](https://github.com/lynaghk/sandboxtron/) - My own little wrapper around Mac's `sandbox-exec`. +Turns out both Claude Code and Codex rely on this as well, and MacOS doesn't allow creating a sandbox from within a sandbox. +I considered writing my own sandboxing rules and running the agents `--yolo`, but didn't like the risk of configuration typos and/or Mac sandbox escapes (there are a lot --- I'm not an expert, but from [this HN discussion](https://news.ycombinator.com/item?id=42084588) I figured virtualization would be safer). + +- [Lima](https://github.com/lima-vm/lima/), quick Linux VMs on Mac. I wanted to like this, ran into too many issues in first 30 minutes to trust it: + - The recommended Debian image took 8 seconds to get to a login prompt, even after the VM was already running. + - The CLI flags *mutate hidden state*. E.g., If you `limactl start --mount foo` and then later `limactl start --mount bar`, both `foo` and `bar` will be mounted. + - Some capabilities are only available via yaml. E.g., the `--mount` CLI flag always mounts at the same path in the guest. If you want to mount at a different path, you have to do that via YAML. + - There are many layers of inheritance/defaults, so even if you do write YAML, you can't see the full configuration. + +- [Vagrant](https://developer.hashicorp.com/vagrant/) - I fondly remember using this back in the early 2010's, but based on this [2025 Reddit discussion](https://www.reddit.com/r/devops/comments/1axws75/vagrant_doesnt_support_mac_m1/) it seemed like running it on an ARM-based Mac was A Project and so I figured it'd be easier to roll my own thing. + +- [Tart](https://tart.run/) - I found this via some positive HN comments, but unfortunately wasn't able to run the release binary from their GitHub because it's not signed. +They apparently hack around that when installing with homebrew, but I don't use homebrew either. +I tried cloning the repo and compiling myself, but the build failed with lots of language syntax errors despite the repo SHA is the same as one of their releases. +I assume this is a Swift problem and not Tart's, since this sort of mess happens most times when I try to build Swift. `¯\_(ツ)_/¯` + +- [OrbStack](https://orbstack.dev/) - This looked nice, but seems mostly geared towards container stuff. +It runs a single VM, and I couldn't figure out how to have this VM run *without* my entire disk mounted inside of it. +I didn't want to run agents via containers, since containers aren't security boundaries. + +- [Apple Container Framework](https://github.com/apple/container) - This looks technically promising, as it runs every container within a lightweight VM. +Unfortunately it requires MacOS 26 Tahoe, which wrecks [window resizing](https://news.ycombinator.com/item?id=46579864), adds [useless icons everywhere](https://news.ycombinator.com/item?id=46497712), and otherwise seems to be a mess. +Sorry excellent Apple programmers and hardware designers, I hope your management can reign in the haute couture folks before we all have to switch to Linux for professional computing. + +- [QEMU](https://wiki.qemu.org/) - The first prototype of this app was [a single bash script](https://github.com/lynaghk/vibe/blob/1c82fd3b9fabf93abba2680fc856458e97a105cd/qemu.sh) wrapping `qemu`. This worked swimmingly, except for host/guest directory sharing, which ended up being a show-stopper. This is because QEMU doesn't support [virtiofs](https://virtio-fs.gitlab.io/) on Mac hosts, it only supports "9p", which is way slower --- e.g., `mise use node@latest` takes > 10 minutes on 9p and 5 seconds on virtiofs. + + +## Roadmap / Collaboration + +I wrote this software for myself, and I'm open to pull requests and otherwise collaborating on features that I'd personally use: + +- resizing disk images +- forwarding ports from the host to a guest +- running `vibe` against a disk image that's already running should connect to the already-running VM + - the VM shouldn't shutdown until all host terminals have logged out +- if not the above, at least a check and throw a nice error message when you try to start a VM that's already running +- a way to make faster-booting even more minimal Linux virtual machines + - this should be bootstrappable on Mac; i.e., if the only way to make a small Linux image is with Linux-only tools, the entire process should still be runnable on MacOS via intermediate VMs +- propagate an exit code from within VM to the `vibe` command +- don't propagate user typing until all provided `--expect` and `--send` actions have completed +- CPU core / memory / networking configuration, possibly via flags or via extended attributes on the disk image file +- a `--plan` flag which pretty-prints a CLI invocation with all of the default arguments shown + - to keep ourselves honest, we should use the same codepath for the actual execution (maybe we can `exec` into the generated command?) + - Being fully "explicit" is tricky due to flag interactions. + E.g., the friendly `--mount` would need to be decomposed into two flags: One that exposes the host directory in the guest's staging area at `/mnt/shared/` and another flag `--send 'mount --bind ...'`to bind this to the desired guest location. + +I'm not sure about (but open to discussing proposals via GitHub issues): + +- running VMs in the background +- supporting Linux hosts +- supporting guests beyond Debian Linux +- using SSH as a login mechanism; this would eliminate the current stdin/stdout-to-console plumbing (yay!) but require additional setup/configuration (boo!) +- making Claude Code work seamlessly + - I tried the native installer but it sometimes fails during setup (see 6352d13), so I switched back to NPM via mise which is more reliable. + - The `~/.claude` folder is shared in the VM by default, by apparently the `~/.claude.json` file is also required for auth credentials and session history. + I'm not sure the best way to share a file between host and VM (virtioFS only works with folders). + Also: Wild to me that Anthropic puts both a file and a folder in your home directory --- how rude! + +I'm not interested in: + +- anything related to Docker / containers / Kubernetes / distributed systems diff --git a/src/entitlements.plist b/src/entitlements.plist new file mode 100644 index 0000000..9b3e03a --- /dev/null +++ b/src/entitlements.plist @@ -0,0 +1,8 @@ + + + + + com.apple.security.virtualization + + + diff --git a/src/main.rs b/src/main.rs new file mode 100644 index 0000000..5e191ff --- /dev/null +++ b/src/main.rs @@ -0,0 +1,1216 @@ +use std::{ + env, + ffi::OsString, + fs, + io::{self, Write}, + os::{ + fd::RawFd, + unix::{ + io::{AsRawFd, IntoRawFd, OwnedFd}, + net::UnixStream, + process::CommandExt, + }, + }, + path::{Path, PathBuf}, + process::{Command, Stdio}, + sync::{ + Arc, Condvar, Mutex, + mpsc::{self, Receiver, Sender}, + }, + thread, + time::{Duration, Instant}, +}; + +use block2::RcBlock; +use dispatch2::DispatchQueue; +use lexopt::prelude::*; +use objc2::{AnyThread, rc::Retained, runtime::ProtocolObject}; +use objc2_foundation::*; +use objc2_virtualization::*; + +const DEBIAN_COMPRESSED_DISK_URL: &str = "https://cloud.debian.org/images/cloud/trixie/20260112-2355/debian-13-nocloud-arm64-20260112-2355.tar.xz"; +const DEBIAN_COMPRESSED_SHA: &str = "6ab9be9e6834adc975268367f2f0235251671184345c34ee13031749fdfbf66fe4c3aafd949a2d98550426090e9ac645e79009c51eb0eefc984c15786570bb38"; +const DEBIAN_COMPRESSED_SIZE_BYTES: u64 = 280901576; +const SHARED_DIRECTORIES_TAG: &str = "shared"; + +const BYTES_PER_MB: u64 = 1024 * 1024; +const DEFAULT_CPU_COUNT: usize = 2; +const DEFAULT_RAM_MB: u64 = 2048; +const DEFAULT_RAM_BYTES: u64 = DEFAULT_RAM_MB * BYTES_PER_MB; +const START_TIMEOUT: Duration = Duration::from_secs(60); +const DEFAULT_EXPECT_TIMEOUT: Duration = Duration::from_secs(30); +const LOGIN_EXPECT_TIMEOUT: Duration = Duration::from_secs(120); +const PROVISION_SCRIPT: &str = include_str!("provision.sh"); + +#[derive(Clone)] +enum LoginAction { + Expect { text: String, timeout: Duration }, + Send(String), + Script { path: PathBuf, index: usize }, +} +use LoginAction::*; + +#[derive(Clone)] +struct DirectoryShare { + host: PathBuf, + guest: PathBuf, + read_only: bool, +} + +impl DirectoryShare { + fn new( + host: PathBuf, + mut guest: PathBuf, + read_only: bool, + ) -> Result> { + if !host.exists() { + return Err(format!("Host path does not exist: {}", host.display()).into()); + } + if !guest.is_absolute() { + guest = PathBuf::from("/root").join(guest); + } + Ok(Self { + host, + guest, + read_only, + }) + } + + fn from_mount_spec(spec: &str) -> Result> { + let parts: Vec<&str> = spec.split(':').collect(); + if parts.len() < 2 || parts.len() > 3 { + return Err(format!("Invalid mount spec: {spec}").into()); + } + let host = PathBuf::from(parts[0]); + let guest = PathBuf::from(parts[1]); + let read_only = if parts.len() == 3 { + match parts[2] { + "read-only" => true, + "read-write" => false, + _ => { + return Err(format!( + "Invalid mount mode '{}'; expected read-only or read-write", + parts[2] + ) + .into()); + } + } + } else { + false + }; + DirectoryShare::new(host, guest, read_only) + } + + fn tag(&self) -> String { + let path_str = self.host.to_string_lossy(); + let hash = path_str + .bytes() + .fold(5381u64, |h, b| h.wrapping_mul(33).wrapping_add(b as u64)); + let base_name = self + .host + .file_name() + .map(|s| s.to_string_lossy()) + .unwrap_or("share".into()); + format!("{}_{:016x}", base_name, hash) + } +} + +fn main() -> Result<(), Box> { + let args = parse_cli()?; + + if args.version { + println!("Vibe"); + println!("https://github.com/lynaghk/vibe/"); + println!("Git SHA: {}", env!("GIT_SHA")); + std::process::exit(0); + } + + if args.help { + println!( + "Vibe is a quick way to spin up a Linux virtual machine on Mac to sandbox LLM agents. + +vibe [OPTIONS] [disk-image.raw] + +Options + + --help Print this help message. + --version Print the version (commit SHA). + --no-default-mounts Disable all default mounts. + --mount host-path:guest-path[:read-only | :read-write] Mount `host-path` inside VM at `guest-path`. + Defaults to read-write. + Errors if host-path does not exist. + --cpus Number of virtual CPUs (default {DEFAULT_CPU_COUNT}). + --ram RAM size in megabytes (default {DEFAULT_RAM_MB}). + --script Run script in VM. + --send Type `some-command` followed by newline into the VM. + --expect [timeout-seconds] Wait for `string` to appear in console output before executing next `--script` or `--send`. + If `string` does not appear within timeout (default 30 seconds), shutdown VM with error. +" + ); + std::process::exit(0); + } + + ensure_signed(); + + let project_root = env::current_dir()?; + let project_name = project_root + .file_name() + .ok_or("Project directory has no name")? + .to_string_lossy() + .into_owned(); + + let home = env::var("HOME").map(PathBuf::from)?; + let cache_home = env::var("XDG_CACHE_HOME") + .map(PathBuf::from) + .unwrap_or_else(|_| home.join(".cache")); + let cache_dir = cache_home.join("vibe"); + let guest_mise_cache = cache_dir.join(".guest-mise-cache"); + + let instance_dir = project_root.join(".vibe"); + + let basename_compressed = DEBIAN_COMPRESSED_DISK_URL.rsplit('/').next().unwrap(); + let base_compressed = cache_dir.join(basename_compressed); + let base_raw = cache_dir.join(format!( + "{}.raw", + basename_compressed.trim_end_matches(".tar.xz") + )); + + let default_raw = cache_dir.join("default.raw"); + let instance_raw = instance_dir.join("instance.raw"); + + // Prepare system-wide directories + fs::create_dir_all(&cache_dir)?; + fs::create_dir_all(&guest_mise_cache)?; + + let mise_directory_share = + DirectoryShare::new(guest_mise_cache, "/root/.local/share/mise".into(), false)?; + + let disk_path = if let Some(path) = args.disk { + if !path.exists() { + return Err(format!("Disk image does not exist: {}", path.display()).into()); + } + path + } else { + ensure_default_image( + &base_raw, + &base_compressed, + &default_raw, + std::slice::from_ref(&mise_directory_share), + )?; + ensure_instance_disk(&instance_raw, &default_raw)?; + + instance_raw + }; + + let mut login_actions = Vec::new(); + let mut directory_shares = Vec::new(); + + if !args.no_default_mounts { + login_actions.push(Send(format!("cd {project_name}"))); + + // discourage read/write of .git folder from within the VM. note that this isn't secure, since the VM runs as root and could unmount this. + // I couldn't find an alternative way to do this --- the MacOS sandbox doesn't apply to the Apple Virtualization system + if project_root.join(".git").exists() { + login_actions.push(Send(r"mount -t tmpfs tmpfs .git/".into())); + } + + directory_shares.push( + DirectoryShare::new( + project_root, + PathBuf::from("/root/").join(project_name), + false, + ) + .expect("Project directory must exist"), + ); + + directory_shares.push(mise_directory_share); + + // Add default shares, if they exist + for share in [ + DirectoryShare::new(home.join(".m2"), "/root/.m2".into(), false), + DirectoryShare::new( + home.join(".cargo/registry"), + "/root/.cargo/registry".into(), + false, + ), + DirectoryShare::new(home.join(".codex"), "/root/.codex".into(), false), + DirectoryShare::new(home.join(".claude"), "/root/.claude".into(), false), + ] + .into_iter() + .flatten() + { + directory_shares.push(share) + } + } + + for spec in &args.mounts { + directory_shares.push(DirectoryShare::from_mount_spec(spec)?); + } + + if let Some(motd_action) = motd_login_action(&directory_shares) { + login_actions.push(motd_action); + } + + // Any user-provided login actions must come after our system ones + login_actions.extend(args.login_actions); + + run_vm( + &disk_path, + &login_actions, + &directory_shares[..], + args.cpu_count, + args.ram_bytes, + ) +} + +struct CliArgs { + disk: Option, + version: bool, + help: bool, + no_default_mounts: bool, + mounts: Vec, + login_actions: Vec, + cpu_count: usize, + ram_bytes: u64, +} + +fn parse_cli() -> Result> { + fn os_to_string(value: OsString, flag: &str) -> Result> { + value + .into_string() + .map_err(|_| format!("{flag} expects valid UTF-8").into()) + } + + let mut parser = lexopt::Parser::from_env(); + let mut disk = None; + let mut version = false; + let mut help = false; + let mut no_default_mounts = false; + let mut mounts = Vec::new(); + let mut login_actions = Vec::new(); + let mut script_index = 0; + let mut cpu_count = DEFAULT_CPU_COUNT; + let mut ram_bytes = DEFAULT_RAM_BYTES; + + while let Some(arg) = parser.next()? { + match arg { + Long("version") => version = true, + Long("help") | Short('h') => help = true, + Long("no-default-mounts") => no_default_mounts = true, + Long("cpus") => { + let value = os_to_string(parser.value()?, "--cpus")?.parse()?; + if value == 0 { + return Err("--cpus must be >= 1".into()); + } + cpu_count = value; + } + Long("ram") => { + let value: u64 = os_to_string(parser.value()?, "--ram")?.parse()?; + if value == 0 { + return Err("--ram must be >= 1".into()); + } + ram_bytes = value * BYTES_PER_MB; + } + Long("mount") => { + mounts.push(os_to_string(parser.value()?, "--mount")?); + } + Long("script") => { + login_actions.push(Script { + path: os_to_string(parser.value()?, "--script")?.into(), + index: script_index, + }); + script_index += 1; + } + Long("send") => { + login_actions.push(Send(os_to_string(parser.value()?, "--send")?)); + } + Long("expect") => { + let text = os_to_string(parser.value()?, "--expect")?; + let timeout = match parser.optional_value() { + Some(value) => Duration::from_secs(os_to_string(value, "--expect")?.parse()?), + None => DEFAULT_EXPECT_TIMEOUT, + }; + login_actions.push(Expect { text, timeout }); + } + Value(value) => { + if disk.is_some() { + return Err("Only one disk path may be provided".into()); + } + disk = Some(PathBuf::from(value)); + } + _ => return Err(arg.unexpected().into()), + } + } + + Ok(CliArgs { + disk, + version, + help, + no_default_mounts, + mounts, + login_actions, + cpu_count, + ram_bytes, + }) +} + +fn script_command_from_path( + path: &Path, + index: usize, +) -> Result> { + let script = fs::read_to_string(path) + .map_err(|err| format!("Failed to read script {}: {err}", path.display()))?; + let label = format!("{}_{}", index, path.file_name().unwrap().display()); + script_command_from_content(&label, &script) +} + +fn script_command_from_content( + label: &str, + script: &str, +) -> Result> { + let marker = "VIBE_SCRIPT_EOF"; + let guest_dir = "/tmp/vibe-scripts"; + let guest_path = format!("{guest_dir}/{label}.sh"); + let command = format!( + "mkdir -p {guest_dir}\ncat >{guest_path} <<'{marker}'\n{script}\n{marker}\nchmod +x {guest_path}\n{guest_path}" + ); + if script.contains(marker) { + return Err( + format!("Script '{label}' contains marker '{marker}', cannot safely upload").into(), + ); + } + Ok(command) +} + +fn motd_login_action(directory_shares: &[DirectoryShare]) -> Option { + if directory_shares.is_empty() { + return Some(Send("clear".into())); + } + + let host_header = "Host"; + let guest_header = "Guest"; + let mode_header = "Mode"; + let mut host_width = host_header.len(); + let mut guest_width = guest_header.len(); + let mut mode_width = mode_header.len(); + let mut rows = Vec::with_capacity(directory_shares.len()); + + for share in directory_shares { + let host = share.host.to_string_lossy().into_owned(); + let guest = share.guest.to_string_lossy().into_owned(); + let mode = if share.read_only { + "read-only" + } else { + "read-write" + } + .to_string(); + host_width = host_width.max(host.len()); + guest_width = guest_width.max(guest.len()); + mode_width = mode_width.max(mode.len()); + rows.push((host, guest, mode)); + } + + let mut output = String::new(); + output.push_str( + " +░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓███████▓▒░░▒▓████████▓▒░ +░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ + ░▒▓█▓▒▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ + ░▒▓█▓▒▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░░▒▓██████▓▒░ + ░▒▓█▓▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ + ░▒▓█▓▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ + ░▒▓██▓▒░ ░▒▓█▓▒░▒▓███████▓▒░░▒▓████████▓▒░ + +", + ); + output.push_str(&format!( + "{host_header:), + Shutdown, +} + +enum VmOutput { + LoginActionTimeout { action: String, timeout: Duration }, +} + +#[derive(Default)] +pub struct OutputMonitor { + buffer: Mutex, + condvar: Condvar, +} + +impl OutputMonitor { + fn push(&self, bytes: &[u8]) { + self.buffer + .lock() + .unwrap() + .push_str(&String::from_utf8_lossy(bytes)); + self.condvar.notify_all(); + } + + fn wait_for(&self, needle: &str, timeout: Duration) -> WaitResult { + let (_unused, timeout_result) = self + .condvar + .wait_timeout_while(self.buffer.lock().unwrap(), timeout, |buf| { + if let Some((_, remaining)) = buf.split_once(needle) { + *buf = remaining.to_string(); + false + } else { + true + } + }) + .unwrap(); + + if timeout_result.timed_out() { + WaitResult::Timeout + } else { + WaitResult::Found + } + } +} + +fn ensure_base_image( + base_raw: &Path, + base_compressed: &Path, +) -> Result<(), Box> { + if base_raw.exists() { + return Ok(()); + } + + if !base_compressed.exists() + || std::fs::metadata(base_compressed).map(|m| m.len())? < DEBIAN_COMPRESSED_SIZE_BYTES + { + println!("Downloading base image..."); + let status = Command::new("curl") + .args([ + "--continue-at", + "-", + "--compressed", + "--location", + "--fail", + "-o", + &base_compressed.to_string_lossy(), + DEBIAN_COMPRESSED_DISK_URL, + ]) + .status()?; + if !status.success() { + return Err("Failed to download base image".into()); + } + } + + // Check SHA + { + let input = format!("{} {}\n", DEBIAN_COMPRESSED_SHA, base_compressed.display()); + + let mut child = Command::new("/usr/bin/shasum") + .args(["--algorithm", "512", "--check"]) + .stdin(Stdio::piped()) + .spawn() + .expect("failed to spawn shasum"); + + child + .stdin + .take() + .expect("failed to open stdin") + .write_all(input.as_bytes()) + .expect("failed to write to stdin"); + + let status = child.wait().expect("failed to wait on child"); + if !status.success() { + return Err(format!("SHA validation failed for {DEBIAN_COMPRESSED_DISK_URL}").into()); + } + } + + println!("Decompressing base image..."); + let status = Command::new("tar") + .args(["-xOf", &base_compressed.to_string_lossy(), "disk.raw"]) + .stdout(std::fs::File::create(base_raw)?) + .status()?; + + if !status.success() { + return Err("Failed to decompress base image".into()); + } + + Ok(()) +} + +fn ensure_default_image( + base_raw: &Path, + base_compressed: &Path, + default_raw: &Path, + directory_shares: &[DirectoryShare], +) -> Result<(), Box> { + if default_raw.exists() { + return Ok(()); + } + + ensure_base_image(base_raw, base_compressed)?; + + println!("Configuring base image..."); + fs::copy(base_raw, default_raw)?; + + let provision_command = script_command_from_content("provision.sh", PROVISION_SCRIPT)?; + run_vm( + default_raw, + &[Send(provision_command)], + directory_shares, + DEFAULT_CPU_COUNT, + DEFAULT_RAM_BYTES, + )?; + + Ok(()) +} + +fn ensure_instance_disk( + instance_raw: &Path, + template_raw: &Path, +) -> Result<(), Box> { + if instance_raw.exists() { + return Ok(()); + } + + println!("Creating instance disk from {}...", template_raw.display()); + std::fs::create_dir_all(instance_raw.parent().unwrap())?; + fs::copy(template_raw, instance_raw)?; + Ok(()) +} + +pub struct IoContext { + pub input_tx: Sender, + wakeup_write: OwnedFd, + stdin_thread: thread::JoinHandle<()>, + mux_thread: thread::JoinHandle<()>, + stdout_thread: thread::JoinHandle<()>, +} + +pub fn create_pipe() -> (OwnedFd, OwnedFd) { + let (read_stream, write_stream) = UnixStream::pair().expect("Failed to create socket pair"); + (read_stream.into(), write_stream.into()) +} + +pub fn spawn_vm_io( + output_monitor: Arc, + vm_output_fd: OwnedFd, + vm_input_fd: OwnedFd, +) -> IoContext { + let (input_tx, input_rx): (Sender, Receiver) = mpsc::channel(); + + // raw_guard is set when we've put the user's terminal into raw mode because we've attached stdin/stdout to the VM. + let raw_guard = Arc::new(Mutex::new(None)); + + let (wakeup_read, wakeup_write) = create_pipe(); + + enum PollResult<'a> { + Ready(&'a [u8]), + Spurious, + Shutdown, + Error, + } + + fn poll_with_wakeup<'a>(main_fd: RawFd, wakeup_fd: RawFd, buf: &'a mut [u8]) -> PollResult<'a> { + let mut fds = [ + libc::pollfd { + fd: main_fd, + events: libc::POLLIN, + revents: 0, + }, + libc::pollfd { + fd: wakeup_fd, + events: libc::POLLIN, + revents: 0, + }, + ]; + + let ret = unsafe { libc::poll(fds.as_mut_ptr(), 2, -1) }; + if ret <= 0 || fds[1].revents & libc::POLLIN != 0 { + PollResult::Shutdown + } else if fds[0].revents & libc::POLLIN != 0 { + let n = unsafe { libc::read(main_fd, buf.as_mut_ptr() as *mut _, buf.len()) }; + if n < 0 { + PollResult::Error + } else if n == 0 { + PollResult::Shutdown + } else { + PollResult::Ready(&buf[..(n as usize)]) + } + } else { + PollResult::Spurious + } + } + + // Copies from stdin to the VM; also polls wakeup_read to exit the thread when it's time to shutdown. + let stdin_thread = thread::spawn({ + let input_tx = input_tx.clone(); + let raw_guard = raw_guard.clone(); + let wakeup_read = wakeup_read.try_clone().unwrap(); + + move || { + let mut buf = [0u8; 1024]; + loop { + match poll_with_wakeup(libc::STDIN_FILENO, wakeup_read.as_raw_fd(), &mut buf) { + PollResult::Shutdown | PollResult::Error => break, + PollResult::Spurious => continue, + PollResult::Ready(bytes) => { + if raw_guard.lock().unwrap().is_none() { + continue; + } + if input_tx.send(VmInput::Bytes(bytes.to_vec())).is_err() { + break; + } + } + } + } + } + }); + + // Copies VM output to stdout; also polls wakeup_read to exit the thread when it's time to shutdown. + let stdout_thread = thread::spawn({ + let raw_guard = raw_guard.clone(); + let wakeup_read = wakeup_read.try_clone().unwrap(); + + move || { + let mut stdout = std::io::stdout().lock(); + let mut buf = [0u8; 1024]; + loop { + match poll_with_wakeup(vm_output_fd.as_raw_fd(), wakeup_read.as_raw_fd(), &mut buf) + { + PollResult::Shutdown | PollResult::Error => break, + PollResult::Spurious => continue, + PollResult::Ready(bytes) => { + // enable raw mode, if we haven't already + if raw_guard.lock().unwrap().is_none() + && let Ok(guard) = enable_raw_mode(libc::STDIN_FILENO) + { + *raw_guard.lock().unwrap() = Some(guard); + } + + if stdout.write_all(bytes).is_err() { + break; + } + let _ = stdout.flush(); + output_monitor.push(bytes); + } + } + } + } + }); + + // Copies data from mpsc channel into VM, so vibe can "type" stuff and run scripts. + let mux_thread = thread::spawn(move || { + let mut vm_writer = std::fs::File::from(vm_input_fd); + loop { + match input_rx.recv() { + Ok(VmInput::Bytes(data)) => { + if vm_writer.write_all(&data).is_err() { + break; + } + } + Ok(VmInput::Shutdown) => break, + Err(_) => break, + } + } + }); + + IoContext { + input_tx, + wakeup_write, + stdin_thread, + mux_thread, + stdout_thread, + } +} + +impl IoContext { + pub fn shutdown(self) { + let _ = self.input_tx.send(VmInput::Shutdown); + unsafe { libc::write(self.wakeup_write.as_raw_fd(), b"x".as_ptr() as *const _, 1) }; + let _ = self.stdin_thread.join(); + let _ = self.stdout_thread.join(); + let _ = self.mux_thread.join(); + } +} + +fn create_vm_configuration( + disk_path: &Path, + directory_shares: &[DirectoryShare], + vm_reads_from_fd: OwnedFd, + vm_writes_to_fd: OwnedFd, + cpu_count: usize, + ram_bytes: u64, +) -> Result, Box> { + unsafe { + let platform = + VZGenericPlatformConfiguration::init(VZGenericPlatformConfiguration::alloc()); + + let boot_loader = VZEFIBootLoader::init(VZEFIBootLoader::alloc()); + let variable_store = load_efi_variable_store()?; + boot_loader.setVariableStore(Some(&variable_store)); + + let config = VZVirtualMachineConfiguration::new(); + config.setPlatform(&platform); + config.setBootLoader(Some(&boot_loader)); + config.setCPUCount(cpu_count as NSUInteger); + config.setMemorySize(ram_bytes); + + config.setNetworkDevices(&NSArray::from_retained_slice(&[{ + let network_device = VZVirtioNetworkDeviceConfiguration::new(); + network_device.setAttachment(Some(&VZNATNetworkDeviceAttachment::new())); + Retained::into_super(network_device) + }])); + + config.setEntropyDevices(&NSArray::from_retained_slice(&[Retained::into_super( + VZVirtioEntropyDeviceConfiguration::new(), + )])); + + //////////////////////////// + // Disks + { + let disk_attachment = VZDiskImageStorageDeviceAttachment::initWithURL_readOnly_cachingMode_synchronizationMode_error( + VZDiskImageStorageDeviceAttachment::alloc(), + &nsurl_from_path(disk_path).unwrap(), + false, + VZDiskImageCachingMode::Automatic, + VZDiskImageSynchronizationMode::Full, + ).unwrap(); + + let disk_device = VZVirtioBlockDeviceConfiguration::initWithAttachment( + VZVirtioBlockDeviceConfiguration::alloc(), + &disk_attachment, + ); + + let storage_devices: Retained> = + NSArray::from_retained_slice(&[Retained::into_super(disk_device)]); + + config.setStorageDevices(&storage_devices); + }; + + //////////////////////////// + // Directory shares + + if !directory_shares.is_empty() { + let directories: Retained> = + NSMutableDictionary::new(); + + for share in directory_shares.iter() { + assert!( + share.host.is_dir(), + "path does not exist or is not a directory: {:?}", + share.host + ); + + let url = nsurl_from_path(&share.host)?; + let shared_directory = VZSharedDirectory::initWithURL_readOnly( + VZSharedDirectory::alloc(), + &url, + share.read_only, + ); + + let key = NSString::from_str(&share.tag()); + directories.setObject_forKey(&*shared_directory, ProtocolObject::from_ref(&*key)); + } + + let multi_share = VZMultipleDirectoryShare::initWithDirectories( + VZMultipleDirectoryShare::alloc(), + &directories, + ); + + let device = VZVirtioFileSystemDeviceConfiguration::initWithTag( + VZVirtioFileSystemDeviceConfiguration::alloc(), + &NSString::from_str(SHARED_DIRECTORIES_TAG), + ); + device.setShare(Some(&multi_share)); + + let share_devices = NSArray::from_retained_slice(&[device.into_super()]); + config.setDirectorySharingDevices(&share_devices); + } + + //////////////////////////// + // Serial port + { + let ns_read_handle = NSFileHandle::initWithFileDescriptor_closeOnDealloc( + NSFileHandle::alloc(), + vm_reads_from_fd.into_raw_fd(), + true, + ); + + let ns_write_handle = NSFileHandle::initWithFileDescriptor_closeOnDealloc( + NSFileHandle::alloc(), + vm_writes_to_fd.into_raw_fd(), + true, + ); + + let serial_attach = + VZFileHandleSerialPortAttachment::initWithFileHandleForReading_fileHandleForWriting( + VZFileHandleSerialPortAttachment::alloc(), + Some(&ns_read_handle), + Some(&ns_write_handle), + ); + let serial_port = VZVirtioConsoleDeviceSerialPortConfiguration::new(); + serial_port.setAttachment(Some(&serial_attach)); + + let serial_ports: Retained> = + NSArray::from_retained_slice(&[Retained::into_super(serial_port)]); + + config.setSerialPorts(&serial_ports); + } + + //////////////////////////// + // Validate + config.validateWithError().map_err(|e| { + io::Error::other(format!( + "Invalid VM configuration: {:?}", + e.localizedDescription() + )) + })?; + + Ok(config) + } +} + +fn load_efi_variable_store() -> Result, Box> { + unsafe { + let temp_dir = std::env::temp_dir(); + let temp_path = temp_dir.join(format!("efi_variable_store_{}.efivars", std::process::id())); + let url = nsurl_from_path(&temp_path)?; + let options = VZEFIVariableStoreInitializationOptions::AllowOverwrite; + let store = VZEFIVariableStore::initCreatingVariableStoreAtURL_options_error( + VZEFIVariableStore::alloc(), + &url, + options, + )?; + Ok(store) + } +} + +fn spawn_login_actions_thread( + login_actions: Vec, + output_monitor: Arc, + input_tx: mpsc::Sender, + vm_output_tx: mpsc::Sender, +) -> thread::JoinHandle<()> { + thread::spawn(move || { + for a in login_actions { + match a { + Expect { text, timeout } => { + if WaitResult::Timeout == output_monitor.wait_for(&text, timeout) { + let _ = vm_output_tx.send(VmOutput::LoginActionTimeout { + action: format!("expect '{}'", text), + timeout, + }); + return; + } + } + Send(mut text) => { + text.push('\n'); // Type the newline so the command is actually submitted. + input_tx.send(VmInput::Bytes(text.into_bytes())).unwrap(); + } + Script { path, index } => { + let command = match script_command_from_path(&path, index) { + Ok(command) => command, + Err(err) => { + eprintln!("{err}"); + return; + } + }; + let mut text = command; + text.push('\n'); + input_tx.send(VmInput::Bytes(text.into_bytes())).unwrap(); + } + } + } + }) +} + +fn run_vm( + disk_path: &Path, + login_actions: &[LoginAction], + directory_shares: &[DirectoryShare], + cpu_count: usize, + ram_bytes: u64, +) -> Result<(), Box> { + let (vm_reads_from, we_write_to) = create_pipe(); + let (we_read_from, vm_writes_to) = create_pipe(); + + let config = create_vm_configuration( + disk_path, + directory_shares, + vm_reads_from, + vm_writes_to, + cpu_count, + ram_bytes, + )?; + + let queue = DispatchQueue::main(); + + let vm = unsafe { + VZVirtualMachine::initWithConfiguration_queue(VZVirtualMachine::alloc(), &config, queue) + }; + + let (tx, rx) = mpsc::channel::>(); + let completion_handler = RcBlock::new(move |error: *mut NSError| { + if error.is_null() { + let _ = tx.send(Ok(())); + } else { + let err = unsafe { &*error }; + let _ = tx.send(Err(format!("{:?}", err.localizedDescription()))); + } + }); + + unsafe { + vm.startWithCompletionHandler(&completion_handler); + } + + let start_deadline = Instant::now() + START_TIMEOUT; + while Instant::now() < start_deadline { + unsafe { + NSRunLoop::mainRunLoop().runMode_beforeDate( + NSDefaultRunLoopMode, + &NSDate::dateWithTimeIntervalSinceNow(0.1), + ) + }; + + match rx.try_recv() { + Ok(result) => { + result.map_err(|e| format!("Failed to start VM: {}", e))?; + break; + } + Err(mpsc::TryRecvError::Empty) => continue, + Err(mpsc::TryRecvError::Disconnected) => { + return Err("VM start channel disconnected".into()); + } + } + } + + if Instant::now() >= start_deadline { + return Err("Timed out waiting for VM to start".into()); + } + + println!("VM booting..."); + + let output_monitor = Arc::new(OutputMonitor::default()); + let io_ctx = spawn_vm_io(output_monitor.clone(), we_read_from, we_write_to); + + let mut all_login_actions = vec![ + Expect { + text: "login: ".to_string(), + timeout: LOGIN_EXPECT_TIMEOUT, + }, + Send("root".to_string()), + Expect { + text: "~#".to_string(), + timeout: LOGIN_EXPECT_TIMEOUT, + }, + ]; + + if !directory_shares.is_empty() { + all_login_actions.push(Send("mkdir -p /mnt/shared".into())); + all_login_actions.push(Send(format!( + "mount -t virtiofs {} /mnt/shared", + SHARED_DIRECTORIES_TAG + ))); + + for share in directory_shares { + let staging = format!("/mnt/shared/{}", share.tag()); + let guest = share.guest.to_string_lossy(); + all_login_actions.push(Send(format!("mkdir -p {}", guest))); + all_login_actions.push(Send(format!("mount --bind {} {}", staging, guest))); + } + } + + for a in login_actions { + all_login_actions.push(a.clone()) + } + + let (vm_output_tx, vm_output_rx) = mpsc::channel::(); + let login_actions_thread = spawn_login_actions_thread( + all_login_actions, + output_monitor.clone(), + io_ctx.input_tx.clone(), + vm_output_tx, + ); + + let mut last_state = None; + let mut exit_result = Ok(()); + loop { + unsafe { + NSRunLoop::mainRunLoop().runMode_beforeDate( + NSDefaultRunLoopMode, + &NSDate::dateWithTimeIntervalSinceNow(0.2), + ) + }; + + let state = unsafe { vm.state() }; + if last_state != Some(state) { + //eprintln!("[state] {:?}", state); + last_state = Some(state); + } + match vm_output_rx.try_recv() { + Ok(VmOutput::LoginActionTimeout { action, timeout }) => { + exit_result = Err(format!( + "Login action ({}) timed out after {:?}; shutting down.", + action, timeout + ) + .into()); + unsafe { + if vm.canRequestStop() { + if let Err(err) = vm.requestStopWithError() { + eprintln!("Failed to request VM stop: {:?}", err); + } + } else if vm.canStop() { + let handler = RcBlock::new(|_error: *mut NSError| {}); + vm.stopWithCompletionHandler(&handler); + } + } + break; + } + Err(mpsc::TryRecvError::Empty) => {} + Err(mpsc::TryRecvError::Disconnected) => {} + } + if state != objc2_virtualization::VZVirtualMachineState::Running { + //eprintln!("VM stopped with state: {:?}", state); + break; + } + } + + let _ = login_actions_thread.join(); + + io_ctx.shutdown(); + + exit_result +} + +fn nsurl_from_path(path: &Path) -> Result, Box> { + let abs_path = if path.is_absolute() { + path.to_path_buf() + } else { + env::current_dir()?.join(path) + }; + let ns_path = NSString::from_str( + abs_path + .to_str() + .ok_or("Non-UTF8 path encountered while building NSURL")?, + ); + Ok(NSURL::fileURLWithPath(&ns_path)) +} + +fn enable_raw_mode(fd: i32) -> io::Result { + let mut attributes: libc::termios = unsafe { std::mem::zeroed() }; + + if unsafe { libc::tcgetattr(fd, &mut attributes) } != 0 { + return Err(io::Error::last_os_error()); + } + + let original = attributes; + + // Disable translation of carriage return to newline on input + attributes.c_iflag &= !(libc::ICRNL); + // Disable canonical mode (line buffering), echo, and signal generation + attributes.c_lflag &= !(libc::ICANON | libc::ECHO | libc::ISIG); + attributes.c_cc[libc::VMIN] = 0; + attributes.c_cc[libc::VTIME] = 1; + + if unsafe { libc::tcsetattr(fd, libc::TCSANOW, &attributes) } != 0 { + return Err(io::Error::last_os_error()); + } + + Ok(RawModeGuard { fd, original }) +} + +struct RawModeGuard { + fd: i32, + original: libc::termios, +} + +impl Drop for RawModeGuard { + fn drop(&mut self) { + unsafe { + libc::tcsetattr(self.fd, libc::TCSANOW, &self.original); + } + } +} + +// Ensure the running binary has com.apple.security.virtualization entitlements by checking and, if not, signing and relaunching. +pub fn ensure_signed() { + let exe = std::env::current_exe().expect("failed to get current exe path"); + let exe_str = exe.to_str().expect("exe path not valid utf-8"); + + let has_required_entitlements = { + let output = Command::new("codesign") + .args(["-d", "--entitlements", "-", "--xml", exe.to_str().unwrap()]) + .output(); + + match output { + Ok(o) if o.status.success() => { + let stdout = String::from_utf8_lossy(&o.stdout); + stdout.contains("com.apple.security.virtualization") + } + _ => false, + } + }; + + if has_required_entitlements { + return; + } + + const ENTITLEMENTS: &str = include_str!("entitlements.plist"); + let entitlements_path = std::env::temp_dir().join("entitlements.plist"); + std::fs::write(&entitlements_path, ENTITLEMENTS).expect("failed to write entitlements"); + + let status = Command::new("codesign") + .args([ + "--sign", + "-", + "--force", + "--entitlements", + entitlements_path.to_str().unwrap(), + exe_str, + ]) + .status(); + + let _ = std::fs::remove_file(&entitlements_path); + + match status { + Ok(s) if s.success() => { + let err = Command::new(&exe).args(std::env::args_os().skip(1)).exec(); + eprintln!("failed to re-exec after signing: {err}"); + std::process::exit(1); + } + Ok(s) => { + eprintln!("codesign failed with status: {s}"); + std::process::exit(1); + } + Err(e) => { + eprintln!("failed to run codesign: {e}"); + std::process::exit(1); + } + } +} diff --git a/src/provision.sh b/src/provision.sh new file mode 100644 index 0000000..fbad94d --- /dev/null +++ b/src/provision.sh @@ -0,0 +1,62 @@ +#!/bin/bash +set -eux + +# Don't wait too long for slow mirrors. +echo 'Acquire::http::Timeout "2";' | tee /etc/apt/apt.conf.d/99timeout +echo 'Acquire::https::Timeout "2";' | tee -a /etc/apt/apt.conf.d/99timeout +echo 'Acquire::Retries "2";' | tee -a /etc/apt/apt.conf.d/99timeout + +apt-get update +apt-get install -y --no-install-recommends \ + build-essential \ + pkg-config \ + libssl-dev \ + curl \ + git \ + ripgrep + +# Set hostname to "vibe" so it's clear that you're inside the VM. +hostnamectl set-hostname vibe + +# Set this env var so claude doesn't complain about running as root.' +echo "export IS_SANDBOX=1" >> .bashrc + +# Shutdown the VM when you logout +cat > .bash_logout <> .bashrc + +export PATH="$HOME/.local/bin:$PATH" +eval "$(mise activate bash)" + +mkdir -p .config/mise/ + +cat > .config/mise/config.toml <