Bump actions/checkout from 4.3.1 to 6.0.2#2
Merged
Conversation
d0cd
added a commit
that referenced
this pull request
May 28, 2026
GitHub-hosted macos-15 runners are themselves M-series VMs and don't expose nested virtualization (`kern.hv_support` == 0). Lima's VZ driver then refuses to start the inner VM with: Error Domain=VZErrorDomain Code=2 Description="Virtualization is not available on this hardware." The whole point of the e2e + fresh-install suites is to drive a real Lima VM + podman + gVisor, so on these runners there's nothing useful they can do — they were failing on the VM-create step every PR run. Two options were on the table: 1. Switch to QEMU (`vmType: "qemu"`). Works without nested virt but boots in minutes instead of seconds — would hit the 30-minute job timeout regularly. 2. Detect the limitation and skip gracefully. This commit takes #2: each workflow grows a tiny `check-vz` preflight job that probes `sysctl kern.hv_support`. The real job (`e2e` / `fresh-install`) is gated on `needs.check-vz.outputs.available`. On a runner without nested virt the gated job is skipped (gray ✓), not failed. On a bare-metal host — self-hosted or a future paid GH lane with nested virt — the jobs run unchanged. A `::notice::` annotation explains the skip on the PR summary so a reviewer knows it wasn't silently dropped. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Owner
|
@dependabot rebase |
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.3.1 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@34e1148...de0fac2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
458b502 to
34dee3f
Compare
d0cd
added a commit
that referenced
this pull request
Jun 10, 2026
# Feedback addressed The latest external feedback file rewrites the open-items list. Two items are brig-side: Issue #2 — cpus: <int> in yaml raises 'argument of type int is not iterable': Regression from the v2 generic yaml-merge. Yaml's 'cpus: 4' parses as int, slips through validation (validator accepts int/float/str), reaches the subprocess args, and _redact_cmd's 'arg in flag-set' membership check explodes when arg is an int. Fix: CellSpec.__post_init__ coerces cpus/memory to str if given as int/float. The boundary that declares cpus: str now actually enforces it. New tests pin the regression. Issue #1 — Workspace symlink escape (LIVE exploit): External team demonstrated the attack works end-to-end: cell drops ln -sf /etc/passwd /work/foo.txt, asks a host-side worker to read /Users/<user>/.brig/state/<name>/workspace/foo.txt, host follows the symlink and leaks /etc/passwd. Bypasses gVisor by asking the host to read on the cell's behalf. Verified empirically: podman 4.9 in our VM doesn't support nosymfollow on bind mounts (both -v syntax and --mount syntax rejected with 'invalid option'). Mount-side fix really isn't available right now. Strengthened docs/reference/cell-metadata.md to spell out the threat at the top with a generic reproducer and the empirically-confirmed reason mount-side defense is roadmapped. Issues #3, #4, #5 are cell-side / already-doc'd / already-fixed. # Generic-ification brig is a general tool; source and brig-owned docs should not name a specific external project. Scrubbed every project-specific name from src/, tests/, and brig-owned docs. The actual external project directories under cells/ (which are gitignored anyway) are untouched. 659 unit tests pass. Per-module coverage gates green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d0cd
added a commit
that referenced
this pull request
Jun 10, 2026
…ents Two adoption items from aitelier's wishlist, plus the hardening that shipped alongside. #2 Raw TCP host_services (schema phase). host_services entries gain an optional `protocol` field. Default `http` preserves today's L7 mitmproxy rewrite at <name>.host.brig; `tcp` opts into L4 forwarding through a warden TCP listener (cell uses normal TCP clients, audit is connection-level, warden stays in the path so the trust boundary doesn't split). Implemented here: - Spec field + validator (protocol ∈ {http, tcp}) - Policy class in addons/_policy.py splits host_services into separate HTTP and TCP maps so enforce.py can dispatch correctly - Untrusted profile rejects TCP — same threat-model rationale as host_sockets (adversarial cells stay HTTP-inspectable) Deferred (separate commit): warden registers `--mode tcp@PORT` per TCP service at start, addon tcp_start hook routes by (peer_ip, listening_port) → upstream from the per-cell policy. Schema in place so cell yamls can be authored against the final shape. #3 brig image build --use-warden. Aitelier's direct suggestion ("feed warden's CA + http_proxy into the build path"). Closes the build/runtime asymmetry — today's build is fast+unfiltered, runtime is slow+MITM'd, forcing operators to pre-bake ~230 MB binaries into images to avoid 30s timeouts. Flag adds: - HTTPS_PROXY/HTTP_PROXY (upper- and lowercase) → warden IP:8080 - NO_PROXY=localhost,127.0.0.1,::1 (build sidecars stay direct) - Warden CA mounted at /etc/ssl/certs/warden-ca.crt in the build - SSL_CERT_FILE build-arg pointing at the mount Resolves warden's IP via `podman inspect` (no DNS plumbing into the build container needed). Refuses to run if warden isn't up. Containerfile must opt in with the standard ARG HTTPS_PROXY + ENV HTTPS_PROXY=$HTTPS_PROXY pattern. Tools that honor the env vars (curl/wget/npm/pip/apt) flow through warden; static binaries that ignore them fall through to direct — not as hermetic as a transient-network design but zero new infrastructure and a clean forward to that approach if we ever need it. Hardening: - warden start/stop now emit `warden_start` / `warden_stop` lifecycle events. Operators can grep `brig events` to correlate cell-side TCP/HTTP connection failures with warden restarts — every restart drops live TCP host_service connections, and we want that window auditable. - cell-definition.md warns against COPYing the warden CA into the final image during `--use-warden` builds (bakes a soon-to-rotate cert; the `brig system doctor` CA-consistency check would flag the drift but only after cell start). 900 pass + 10 skip. 14 new tests cover TCP schema, untrusted rejection, Policy parsing, build flag injection (proxy env, NO_PROXY, CA mount, BrigError when warden's down). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d0cd
added a commit
that referenced
this pull request
Jun 10, 2026
Five items from ~/tools/hermes-agent/plans/brig-feedback.md, prioritized by what brig (not the consumer cell) can change. #1 Read-only /workspace mount (MEDIUM-HIGH). Root cause was the SA cell yaml's missing `workspace_mount: /workspace` — default is `/work`, so writes to /workspace/* hit the read-only rootfs. Doc fix in troubleshooting.md spells out the three options (align cell yaml, align app, last-resort writable_rootfs) so the next consumer doesn't waste a debugging session. #3 Long-life cell pattern undocumented (MEDIUM). The `command: ["sleep", "infinity"]` workaround was buried in host-an-agent.md but not in troubleshooting. Added an explicit "Cell flips to stopped immediately" entry that calls it out, alongside the other common immediate-exit causes. #4 Cell logs empty for file-based loggers (LOW-MEDIUM). cmd_logs now detects the empty-output case (snapshot mode only — follow mode keeps TTY passthrough) and prints an inline hint pointing at `brig cell exec` / `brig cell read` for file-based logs. Plus a troubleshooting entry that explains the contract. #5 Telemetry domains blocked but non-fatal (LOW). Documented the three common ones aitelier hit (Datadog log shipping, mcp-proxy, platform.claude.com) with the agent's typical behavior and the allow/silence options. Not addressed: #2 Hermes cell entrypoint writes malformed config.yaml — this is a bug in ~/tools/hermes-agent/cells/hermes/entrypoint.sh, not brig itself. Flagged to the hermes team. Longer-term wishlist (per-cell credential rotation, inter-cell routing, cross-source audit query, nosymfollow) intentionally deferred — each needs its own design discussion. 940 pass + 10 skip. Ruff + mypy + ast green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d0cd
added a commit
that referenced
this pull request
Jun 10, 2026
GitHub-hosted macos-15 runners are themselves M-series VMs and don't expose nested virtualization (`kern.hv_support` == 0). Lima's VZ driver then refuses to start the inner VM with: Error Domain=VZErrorDomain Code=2 Description="Virtualization is not available on this hardware." The whole point of the e2e + fresh-install suites is to drive a real Lima VM + podman + gVisor, so on these runners there's nothing useful they can do — they were failing on the VM-create step every PR run. Two options were on the table: 1. Switch to QEMU (`vmType: "qemu"`). Works without nested virt but boots in minutes instead of seconds — would hit the 30-minute job timeout regularly. 2. Detect the limitation and skip gracefully. This commit takes #2: each workflow grows a tiny `check-vz` preflight job that probes `sysctl kern.hv_support`. The real job (`e2e` / `fresh-install`) is gated on `needs.check-vz.outputs.available`. On a runner without nested virt the gated job is skipped (gray ✓), not failed. On a bare-metal host — self-hosted or a future paid GH lane with nested virt — the jobs run unchanged. A `::notice::` annotation explains the skip on the PR summary so a reviewer knows it wasn't silently dropped. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/checkout from 4.3.1 to 6.0.2.
Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
de0fac2Fix tag handling: preserve annotations and explicit fetch-tags (#2356)064fe7fAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...8e8c483Clarify v6 README (#2328)033fa0dAdd worktree support for persist-credentials includeIf (#2327)c2d88d3Update all references from v5 and v4 to v6 (#2314)1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)08c6903Prepare v5.0.0 release (#2238)