Skip to content

Commit 6a5718d

Browse files
authored
Fix guest agent release SHA pins (#422)
1 parent 38f408e commit 6a5718d

4 files changed

Lines changed: 26 additions & 3 deletions

File tree

AGENTS.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,21 @@ SmolVM is specifically designed to provide a secure "sandbox" for AI agents to e
1313
- **Testing:** `pytest` (runs the suite in `tests/`)
1414
- **Linting & Formatting:** `uv run ruff check .` or `uv run ruff format .`
1515

16+
### Release checklist
17+
18+
- For guest-agent or published-image changes, build and smoke the new image
19+
release before tagging the SmolVM package release.
20+
- Update `src/smolvm/images/published.py` with the new `IMAGES_RELEASE_TAG`
21+
and rootfs SHA pins before the PyPI tag is pushed.
22+
- Also update `src/smolvm/images/builder.py::_GUEST_AGENT_RELEASE_SHA256`
23+
from the `smolvm-guest-agent-linux-<arch>.sha256` release assets. This is a
24+
separate pin from the rootfs manifest.
25+
- Verify both paths: `uv run smolvm ...` from a source checkout may build or use
26+
the local guest-agent binary, while `smolvm ...` from `uv tool` uses the
27+
installed wheel and downloads the standalone guest-agent release binary.
28+
- Only tag the SmolVM package release after the image manifest, guest-agent
29+
binary SHA pins, image smoke, and focused tests are complete.
30+
1631
### CLI design
1732

1833
- New CLI commands follow a **NOUN-VERB** structure: `smolvm <noun> <verb>`,

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
44

55
[project]
66
name = "smolvm"
7-
version = "0.0.24.post1"
7+
version = "0.0.24.post2"
88
description = "Isolated computers that AI agents can use to browse, run code, and get real work done. Free and open-source from Celesto AI"
99
readme = "README.md"
1010
license = "Apache-2.0"

src/smolvm/images/builder.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -66,8 +66,8 @@
6666
_GUEST_AGENT_BUILD_FILE = "smolvm-guest-agent"
6767
_GUEST_AGENT_GUEST_PATH = "/usr/local/bin/smolvm-guest-agent"
6868
_GUEST_AGENT_RELEASE_SHA256: dict[str, str] = {
69-
"amd64": "08f10561688891b43f64a2e0d83dd365fadf515bb0889603c974e506b2eceed5",
70-
"arm64": "8976db4f9a337ad3b7e9b44b4f96913577598373d772fb79d50adca11e3364a7",
69+
"amd64": "61ead9a6b13f9a5f63211cd8873ff000e17a98bb40b450d57b5d6332fdb90232",
70+
"arm64": "d7a04d2c7502dcbd0ae38dfdae1fbb3a98845be0f48ed1451c3b82de1eccbcbb",
7171
}
7272

7373

tests/test_guest_agent_image.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -199,6 +199,14 @@ def test_guest_agent_source_digest_tracks_release_binary_without_source(
199199
assert first != second
200200

201201

202+
def test_guest_agent_release_sha_pins_match_published_assets() -> None:
203+
"""Installed wheels must verify the standalone guest-agent release binaries."""
204+
assert builder_mod._GUEST_AGENT_RELEASE_SHA256 == {
205+
"amd64": "61ead9a6b13f9a5f63211cd8873ff000e17a98bb40b450d57b5d6332fdb90232",
206+
"arm64": "d7a04d2c7502dcbd0ae38dfdae1fbb3a98845be0f48ed1451c3b82de1eccbcbb",
207+
}
208+
209+
202210
def test_guest_agent_source_digest_tracks_env_binary(
203211
tmp_path: Path,
204212
monkeypatch: pytest.MonkeyPatch,

0 commit comments

Comments
 (0)