firkin 0.0.3

Facade crate for the firkin Rust containerization library
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330

#![forbid(unsafe_code)]
#![warn(missing_docs)]
//! Facade crate for the firkin Rust containerization library.
use std::fmt;
/// A named runtime capability.
#[derive(Clone, Copy, Debug, PartialEq, Eq)]
pub struct RuntimeCapability {
    name: &'static str,
    supported: bool,
    reason: Option<&'static str>,
}
impl RuntimeCapability {
    /// Construct a supported capability.
    #[must_use]
    pub const fn supported(name: &'static str, reason: Option<&'static str>) -> Self {
        Self {
            name,
            supported: true,
            reason,
        }
    }
    /// Construct an unsupported capability.
    #[must_use]
    pub const fn unsupported(name: &'static str, reason: &'static str) -> Self {
        Self {
            name,
            supported: false,
            reason: Some(reason),
        }
    }
    /// Return the stable capability name.
    #[must_use]
    pub const fn name(self) -> &'static str {
        self.name
    }
    /// Return whether the capability is supported.
    #[must_use]
    pub const fn is_supported(self) -> bool {
        self.supported
    }
    /// Return the optional explanatory reason.
    #[must_use]
    pub const fn reason(self) -> Option<&'static str> {
        self.reason
    }
}
/// Error returned when a required runtime capability is unavailable.
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct UnsupportedRuntimeCapability {
    name: &'static str,
    reason: &'static str,
}
impl UnsupportedRuntimeCapability {
    /// Construct an unsupported-capability error.
    #[must_use]
    pub const fn new(name: &'static str, reason: &'static str) -> Self {
        Self { name, reason }
    }
    /// Return the capability name.
    #[must_use]
    pub const fn name(&self) -> &'static str {
        self.name
    }
    /// Return the reason the capability is unavailable.
    #[must_use]
    pub const fn reason(&self) -> &'static str {
        self.reason
    }
}
impl fmt::Display for UnsupportedRuntimeCapability {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(
            f,
            "runtime capability `{}` is not supported: {}",
            self.name, self.reason
        )
    }
}
impl std::error::Error for UnsupportedRuntimeCapability {}
/// Capability set for a runtime backend.
#[derive(Clone, Copy, Debug, PartialEq, Eq)]
pub struct RuntimeCapabilities {
    backend: &'static str,
    supported: &'static [RuntimeCapability],
    unsupported: &'static [RuntimeCapability],
}
impl RuntimeCapabilities {
    /// Construct a runtime capability set.
    #[must_use]
    pub const fn new(
        backend: &'static str,
        supported: &'static [RuntimeCapability],
        unsupported: &'static [RuntimeCapability],
    ) -> Self {
        Self {
            backend,
            supported,
            unsupported,
        }
    }
    /// Return the backend name.
    #[must_use]
    pub const fn backend(self) -> &'static str {
        self.backend
    }
    /// Return capabilities implemented by the backend.
    #[must_use]
    pub const fn supported(self) -> &'static [RuntimeCapability] {
        self.supported
    }
    /// Return capabilities intentionally not implemented by the backend.
    #[must_use]
    pub const fn unsupported(self) -> &'static [RuntimeCapability] {
        self.unsupported
    }
    /// Return whether the backend reports `name` as supported.
    #[must_use]
    pub fn supports(self, name: &str) -> bool {
        self.supported
            .iter()
            .any(|capability| capability.name == name)
    }
    /// Require a capability and return a hard error when it is unsupported.
    ///
    /// Unknown names are treated as unsupported. The caller should use stable
    /// capability names from this crate or from the target control-plane spec.
    ///
    /// # Errors
    ///
    /// Returns [`UnsupportedRuntimeCapability`] when `name` is listed as
    /// unsupported or not advertised by the backend.
    pub fn require_supported(self, name: &'static str) -> Result<(), UnsupportedRuntimeCapability> {
        if self.supports(name) {
            return Ok(());
        }
        let reason = self
            .unsupported
            .iter()
            .find(|capability| capability.name == name)
            .and_then(|capability| capability.reason)
            .unwrap_or("capability is not advertised by this backend");
        Err(UnsupportedRuntimeCapability::new(name, reason))
    }
}
/// Capabilities implemented by the Apple/VZ local runtime layer.
pub const APPLE_LOCAL_RUNTIME_SUPPORTED_CAPABILITIES: &[RuntimeCapability] = &[
    RuntimeCapability::supported("create-linux-container", None),
    RuntimeCapability::supported("delete-linux-container", None),
    RuntimeCapability::supported("exec-process", None),
    RuntimeCapability::supported("copy-in", None),
    RuntimeCapability::supported("copy-out", None),
    RuntimeCapability::supported("pod-vm", None),
    RuntimeCapability::supported("pod-emptydir", None),
    RuntimeCapability::supported("pod-guest-path-rootfs", None),
    RuntimeCapability::supported("basic-container-metrics", None),
    RuntimeCapability::supported(
        "vmnet-network-attach",
        Some("Available on macOS 26 and newer"),
    ),
    RuntimeCapability::supported(
        "rosetta-linux-amd64",
        Some("Requires Rosetta preflight success"),
    ),
];
/// E2B/Cube capabilities not implemented by the Apple/VZ local runtime layer.
pub const APPLE_LOCAL_RUNTIME_UNSUPPORTED_CAPABILITIES: &[RuntimeCapability] = &[
    RuntimeCapability::unsupported(
        "e2b-envd-compatible-api",
        "vminitd is not envd; a guest envd or deliberate envd bridge is required",
    ),
    RuntimeCapability::unsupported(
        "snapshot-backed-pause-resume-connect",
        "VZ save/restore exists below this layer, but the E2B-compatible sandbox snapshot lifecycle is not implemented",
    ),
    RuntimeCapability::unsupported(
        "e2b-network-policy",
        "Current APIs attach/configure interfaces but do not enforce allow/deny/mask policy",
    ),
    RuntimeCapability::unsupported(
        "domain-host-proxy",
        "The crate exposes vsock/socket relay primitives, not the E2B {port}-{sandboxID}.domain proxy",
    ),
    RuntimeCapability::unsupported(
        "template-build-service",
        "Image and rootfs operations exist, but the E2B template builder/control-plane service is external",
    ),
];
/// Return the Apple/VZ local runtime capability set.
#[must_use]
pub const fn apple_local_runtime_capabilities() -> RuntimeCapabilities {
    RuntimeCapabilities::new(
        "apple-vz",
        APPLE_LOCAL_RUNTIME_SUPPORTED_CAPABILITIES,
        APPLE_LOCAL_RUNTIME_UNSUPPORTED_CAPABILITIES,
    )
}
/// Container orchestration surface.
pub mod core {
    pub use firkin_core::*;
}
/// EXT4 image writer.
pub mod ext4 {
    pub use firkin_ext4::*;
}
/// E2B-compatible control-plane wire types.
pub mod e2b {
    #[allow(unused_imports, ambiguous_glob_reexports)]
    pub use {firkin_e2b_contract::*, firkin_e2b_server::*, firkin_e2b_wire::*};
}
/// Neutral envd protocol and data-plane contracts.
pub mod envd {
    pub use firkin_envd::*;
}
/// OCI image pulling and bundle primitives.
pub mod oci {
    pub use firkin_oci::*;
}
/// Public sandbox orchestration API.
pub mod sandbox {
    pub use firkin_sandbox::*;

    /// Local Apple/VZ-backed sandbox backend.
    pub mod apple_vz {
        pub use firkin_single_node::{AppleVzBackend, SingleNodeConfig};
    }
}
/// Production substrate control models.
pub mod substrate {
    #[allow(unused_imports, ambiguous_glob_reexports)]
    pub use {
        firkin_admission::*, firkin_artifacts::*, firkin_evidence::*, firkin_hygiene::*,
        firkin_template::*,
    };
}
/// Trace and benchmark sample primitives.
pub mod trace {
    pub use firkin_trace::*;
}
/// Benchmark execution and benchmark-side evidence writers.
pub mod benchmark {
    pub use firkin_benchmark::*;
}
/// Benchmark evidence reports, metric catalogs, and gates.
pub mod evidence {
    pub use firkin_evidence::*;
}
/// Production runtime composition.
pub mod runtime {
    pub use firkin_runtime::*;

    #[allow(missing_docs)]
    pub mod single_node {
        #[allow(unused_imports, ambiguous_glob_reexports)]
        pub use firkin_single_node::*;
    }
}
/// Template build execution.
pub mod template {
    pub use firkin_template::*;
}
/// Shared value types.
pub mod types {
    pub use firkin_types::*;
}
/// vminitd client helpers.
pub mod vminitd_client {
    pub use firkin_vminitd_client::*;
}
/// Pinned vminitd ELF bytes.
pub mod vminitd_bytes {
    pub use firkin_vminitd_bytes::*;
}
/// Virtual machine primitives.
pub mod vmm {
    pub use firkin_vmm::*;
}
/// Vsock stream primitives.
pub mod vsock {
    pub use firkin_vsock::*;
}
/// Common imports for application code.
pub mod prelude {
    pub use crate::{
        RuntimeCapabilities, RuntimeCapability, UnsupportedRuntimeCapability,
        apple_local_runtime_capabilities,
    };
    pub use firkin_core::{
        Capability, ChildStderr, ChildStdin, ChildStdout, Container, ContainerBuilder,
        ContainerStatistics, CoreContainerFactory, DnsConfig, EmptyDirMedium, EmptyDirVolume,
        ExecConfig, FileMount, GuestFilesystem, GuestPath, HostsConfig, HostsEntry, ImplicitVm,
        Init, InvalidCapability, InvalidRlimit, LinuxCapabilities, LinuxRlimit, MaterializedRootfs,
        Mount, MountedPodStore, OnVm, Pod, PodBuilder, PodContainerSpec, PodId, PodRootfsSource,
        PodStoreSpec, PodVolumeMount, Process, PtyConfig, Ready, ReadyPty, RlimitKind, Rootfs,
        Seccomp, SeccompAction, SeccompArch, SeccompArgRule, SeccompFlag, SeccompOp,
        SeccompSyscallRule, SocketDirection, StatCategory, Stdio, Streams, UnixSocketConfig, User,
        VmRootfs, materialize_rootfs_in_pod_store, mount_pod_store,
    };
    pub use firkin_sandbox::prelude::*;
    pub use firkin_types::{
        ContainerId, Hostname, InvalidNetworkPolicyRule, InvalidPortSandboxHost, NetworkPolicyRule,
        Platform, PortSandboxHost, ProcessId, SandboxNetworkPolicy, Size, VirtiofsTag, VsockPort,
    };
    pub use firkin_vmm::{
        BlankDiskImage, BootLog, DiskImageFormat, KernelImage, Network, VirtualMachine, VmConfig,
        create_blank_disk_image,
    };
    pub use firkin_vsock::VsockStream;
}
pub use firkin_core::{
    BlockIoDevice, BlockIoStatistics, Capability, ChildStderr, ChildStdin, ChildStdout, Container,
    ContainerBuilder, ContainerStatistics, ContainerStatisticsQuery, CoreContainerFactory,
    CpuStatistics, DnsConfig, EmptyDirMedium, EmptyDirVolume, ExecConfig, FileMount,
    GuestFilesystem, GuestPath, HostsConfig, HostsEntry, ImplicitVm, Init, InvalidCapability,
    InvalidRlimit, LinuxCapabilities, LinuxRlimit, MaterializedRootfs, MemoryEventStatistics,
    MemoryStatistics, Mount, MountedPodStore, NetworkStatistics, OnVm, OnVmArc, Pod, PodBuilder,
    PodContainerSpec, PodId, PodRootfsSource, PodStoreSpec, PodVolumeMount, Process,
    ProcessKillHandle, ProcessStatistics, Pty, PtyConfig, Ready, ReadyPty, RlimitKind, Rootfs,
    Seccomp, SeccompAction, SeccompArch, SeccompArgRule, SeccompFlag, SeccompOp,
    SeccompSyscallRule, SocketDirection, StatCategory, Stdio, Streams, UnixSocketConfig, User,
    VmRootfs, materialize_rootfs_in_pod_store, mount_pod_store,
};
pub use firkin_types::{
    ContainerId, Hostname, InvalidNetworkPolicyRule, InvalidPortSandboxHost, NetworkPolicyRule,
    Platform, PortSandboxHost, ProcessId, SandboxNetworkPolicy, Size, VirtiofsTag, VsockPort,
};
pub use firkin_vmm::{
    BlankDiskImage, BootLog, DiskImageFormat, KernelImage, Network, VirtualMachine, VmConfig,
    create_blank_disk_image,
};
pub use firkin_vsock::{VsockListener, VsockPeer, VsockStream};