feat(python): Pyodide python/python3 CLI + whole-VM-root filesystem + VFS-persistent pip#138
Merged
Conversation
railway-app
Bot
temporarily deployed
to
secure-exec / secure-exec-pr-138
railway-app
Bot
temporarily deployed
to
rivet-frontend / secure-exec-pr-138
|
🚅 Deployed to the secure-exec-pr-138 environment in rivet-frontend
🚅 Deployed to the secure-exec-pr-138 environment in secure-exec
|
Wire os.remove/os.rmdir/os.rename/os.replace through to the kernel VFS: - runner: implement the rename/unlink/rmdir node_ops (were ENOSYS stubs) + add fsUnlink/fsRmdir/fsRename to both RPC bridges - execution: add Unlink/Rmdir/Rename to PythonVfsRpcMethod (+ wire destination field) and route them to the filesystem dispatcher - filesystem: dispatch to kernel.remove_file/remove_dir/rename AND mirror into the host-side shadow (remove/rename_guest_shadow_path) so a later shadow->kernel sync can't resurrect a just-deleted entry Test: python_runtime_supports_file_delete_and_rename verifies the ops in-isolate and cross-checks the host kernel VFS. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
railway-app
Bot
temporarily deployed
to
rivet-frontend / secure-exec-pr-138
railway-app
Bot
temporarily deployed
to
secure-exec / secure-exec-pr-138
NathanFlurry
pushed a commit
that referenced
this pull request
Jun 27, 2026
…name #138 added Unlink/Rmdir/Rename to PythonVfsRpcMethod but left the rpc-bridge test's match non-exhaustive (E0004), breaking clippy --all-targets. This test's scenario doesn't mutate the FS, so treat those variants as unexpected.
NathanFlurry
pushed a commit
that referenced
this pull request
Jun 28, 2026
#138's runner sets up a kernel-VFS-backed site-packages on boot, emitting VFS RPCs that the prewarm test's .wait() path could not service (PendingVfsRpcRequest). Drive the event loop and reject VFS RPCs so the runner's best-effort setup degrades; the execution still completes. Verified locally.
NathanFlurry
pushed a commit
that referenced
this pull request
Jun 28, 2026
#138's runner sets up a kernel-VFS-backed site-packages on boot, emitting VFS RPCs that the prewarm test's .wait() path could not service (PendingVfsRpcRequest). Drive the event loop and reject VFS RPCs so the runner's best-effort setup degrades; the execution still completes. Verified locally.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a first-class
python/python3CLI backed by the embedded Pyodide runtime, wires the whole VM filesystem into Python, and makespip installpersist across invocations.What's here
CLI —
python/python3resolve as runtime commands (likenode):is_python_runtime_command+resolve_python_command_executionhandle-c,script.py(+sys.argv),-m,-/stdin programs, the interactive REPL, andpip/python -m pip, on both the top-level execute path and nested child_process spawns.python3is registered +/bin/pythonis kept (prune removed) so the guest shell resolves python onPATH(sh -c "python …", pipelines). TSGuestRuntimeKindincludes"python".Filesystem (whole VM root) — the kernel VFS is mounted over the VM's real top-level dirs (
/tmp,/etc,/root,/usr, the workspace, …); Pyodide keeps its own runtime paths (/libstdlib,/dev,/proc,/home) on the in-isolate MEMFS. The VFS-RPC guard widens/workspace→/— the kernel still enforcesfspermissions and symlink/mount confinement on every op (parity with the JS/WASM runtimes; no new escape). Nested-python children that can't reach the VFS get a recoverable error and fall back to the in-isolate FS.Persistent pip — a VFS-backed
site-packages(/root/.agentos/site-packages, appended tosys.path); the pip shim copies micropip installs there so a package installed in one process imports in a later, separatepythoninvocation. Wheel egress goes through the kernel network policy.Tests
Wire tests in
crates/sidecar/tests/python.rs:-c/script+argv/-m/stdin/REPL/nested-spawn/pip install, whole-root read+write with cross-process visibility, and pip-install-then-import-in-a-separate-interpreter. Fullpython_suiteis green.Known sharp edges
unlink/rmdir/rename/symlinkon the VFS yet (create/read/write/mkdirwork;pip installis fine,pip uninstall/atomic-rename installs are not).🤖 Generated with Claude Code