mino 1.6.0

Secure AI agent sandbox using rootless containers
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245

//! Status command - check system health and dependencies

use crate::config::Config;
use crate::error::MinoResult;
use crate::orchestration::{create_runtime, OrbStack, Platform};
use crate::ui::{self, UiContext};
use std::process::Stdio;
use tokio::process::Command;

/// Execute the status command
pub async fn execute(config: &Config) -> MinoResult<()> {
    let ctx = UiContext::detect();

    ui::intro(&ctx, "Mino System Status");

    let mut all_ok = true;
    let platform = Platform::detect();

    // Show detected platform
    ui::section(&ctx, "Platform");
    ui::step_ok_detail(&ctx, "Detected", platform.name());

    // Check runtime based on platform
    match platform {
        Platform::MacOS => {
            all_ok &= check_orbstack(&ctx).await;
            // Check Podman (if OrbStack is available)
            if OrbStack::is_installed().await {
                all_ok &= check_podman_in_vm(&ctx, config).await;
            }
        }
        Platform::Linux => {
            all_ok &= check_native_podman(&ctx).await;
        }
        Platform::Unsupported => {
            ui::step_error(
                &ctx,
                "Unsupported platform - Mino supports macOS and Linux only",
            );
            all_ok = false;
        }
    }

    // Check cloud CLIs
    ui::section(&ctx, "Cloud CLIs");
    check_cli(&ctx, "aws", "aws --version", "brew install awscli").await;
    check_cli(
        &ctx,
        "gcloud",
        "gcloud --version",
        "brew install google-cloud-sdk",
    )
    .await;
    check_cli(&ctx, "az", "az --version", "brew install azure-cli").await;
    check_cli(&ctx, "gh", "gh --version", "brew install gh").await;

    // Check SSH agent
    ui::section(&ctx, "SSH Agent");
    check_ssh_agent(&ctx).await;

    if all_ok {
        ui::outro_success(&ctx, "All critical checks passed");
    } else {
        ui::outro_warn(&ctx, "Some checks failed - see above for details");
    }

    Ok(())
}

async fn check_orbstack(ctx: &UiContext) -> bool {
    ui::section(ctx, "OrbStack");

    if !OrbStack::is_installed().await {
        ui::step_error_detail(ctx, "Not installed", "Install from https://orbstack.dev");
        return false;
    }

    ui::step_ok(ctx, "Installed");

    // Check if running
    match OrbStack::is_running().await {
        Ok(true) => {
            ui::step_ok(ctx, "Running");
        }
        Ok(false) => {
            ui::step_warn_hint(ctx, "Not running", "Run: orb start");
            return false;
        }
        Err(e) => {
            ui::step_error_detail(ctx, "Error checking status", &e.to_string());
            return false;
        }
    }

    // Get version
    if let Ok(version) = OrbStack::version().await {
        ui::step_ok_detail(ctx, "Version", &version);
    }

    true
}

async fn check_podman_in_vm(ctx: &UiContext, config: &Config) -> bool {
    ui::section(ctx, "Podman (in VM)");

    match create_runtime(config) {
        Ok(runtime) => match runtime.is_available().await {
            Ok(true) => {
                ui::step_ok(ctx, "Available in VM");
                true
            }
            Ok(false) => {
                ui::step_warn_hint(
                    ctx,
                    "Not installed in VM",
                    "Run: mino setup (will auto-install)",
                );
                false
            }
            Err(e) => {
                ui::step_error_detail(ctx, "Error", &e.to_string());
                false
            }
        },
        Err(e) => {
            ui::step_error_detail(ctx, "Error", &e.to_string());
            false
        }
    }
}

async fn check_native_podman(ctx: &UiContext) -> bool {
    ui::section(ctx, "Podman (native)");

    // Check if podman is installed
    let installed = Command::new("podman")
        .arg("--version")
        .stdout(Stdio::piped())
        .stderr(Stdio::null())
        .output()
        .await;

    match installed {
        Ok(output) if output.status.success() => {
            let version = String::from_utf8_lossy(&output.stdout);
            let first_line = version.lines().next().unwrap_or("unknown");
            ui::step_ok_detail(ctx, "Installed", first_line.trim());
        }
        _ => {
            ui::step_error_detail(
                ctx,
                "Not installed",
                "Install: sudo dnf install podman (or apt-get)",
            );
            return false;
        }
    }

    // Check if rootless is configured
    let rootless = Command::new("podman")
        .args(["info", "--format", "{{.Host.Security.Rootless}}"])
        .stdout(Stdio::piped())
        .stderr(Stdio::null())
        .output()
        .await;

    match rootless {
        Ok(output) if output.status.success() => {
            let stdout = String::from_utf8_lossy(&output.stdout);
            if stdout.trim() == "true" {
                ui::step_ok(ctx, "Rootless mode");
            } else {
                ui::step_warn_hint(ctx, "Not in rootless mode", "Run: podman system migrate");
                return false;
            }
        }
        _ => {
            ui::step_warn(ctx, "Could not check rootless status");
        }
    }

    true
}

async fn check_cli(ctx: &UiContext, name: &str, version_cmd: &str, install_hint: &str) {
    let parts: Vec<&str> = version_cmd.split_whitespace().collect();
    let result = Command::new(parts[0])
        .args(&parts[1..])
        .stdout(Stdio::piped())
        .stderr(Stdio::piped())
        .output()
        .await;

    match result {
        Ok(output) if output.status.success() => {
            let version = String::from_utf8_lossy(&output.stdout);
            let first_line = version.lines().next().unwrap_or("unknown");
            ui::step_ok_detail(ctx, name, first_line.trim());
        }
        _ => {
            ui::step_warn_hint(
                ctx,
                &format!("{} not found", name),
                &format!("Install: {}", install_hint),
            );
        }
    }
}

async fn check_ssh_agent(ctx: &UiContext) {
    match std::env::var("SSH_AUTH_SOCK") {
        Ok(sock) => {
            // Try to list identities
            let result = Command::new("ssh-add")
                .arg("-l")
                .stdout(Stdio::piped())
                .stderr(Stdio::piped())
                .output()
                .await;

            match result {
                Ok(output) => {
                    let stdout = String::from_utf8_lossy(&output.stdout);
                    let key_count = stdout.lines().count();
                    if output.status.success() && key_count > 0 {
                        ui::step_ok_detail(ctx, "Running", &format!("{} keys loaded", key_count));
                    } else {
                        ui::step_warn_hint(ctx, "Running", "No keys loaded. Run: ssh-add");
                    }
                }
                Err(_) => {
                    ui::step_warn(ctx, "ssh-add failed");
                }
            }
            ui::key_value(ctx, "Socket", &sock);
        }
        Err(_) => {
            ui::step_error_detail(
                ctx,
                "Not running",
                "SSH_AUTH_SOCK not set. Start ssh-agent.",
            );
        }
    }
}