Merge pull request #220 from docker/slim/0.0.15

Slim/0.0.15

Author: dgageot

.gitignore

@@ -26,3 +26,4 @@
 .idea
 /catalog.updated.yaml
 claude_desktop_config.json
+/set-secrets.sh

dev/containers.clj

@@ -0,0 +1,19 @@
+(ns containers
+  (:require [docker]))
+
+(->> (docker/containers {})
+     (map #(select-keys % [:Names :Status :State :Id :Image])))
+
+'(:Ports
+  :Image
+  :Labels
+  :Id
+  :Mounts
+  :HostConfig
+  :Command
+  :ImageID
+  :Names
+  :State
+  :Created
+  :NetworkSettings
+  :Status)

dev/stdio_client.clj

@@ -31,8 +31,10 @@
 
   (def server (process/process
                 {:out :stream :in :stream}
-                "docker" "run" "-i" "--rm" "--workdir=/app"
-                "mcp/discord:latest"))
+                "docker" "run" "-i" "--workdir=/app"
+                "--label=x-secret:stripe.secret_key=/secret/stripe.secret_key"
+                "--entrypoint" "/bin/sh -c \"export STRIPE_SECRET_KEY=$(cat /secret/stripe.secret_key); node /app/dist/index.js --tools=all;\""
+                "mcp/stripe:latest")))
 
   (async/thread
     (loop []

docs/content/tools/docs/namespaces.png

@@ -20,7 +20,7 @@ docker pull mcp/docker:prerelease
 
 ```sh
 # docker:command=build-release
-VERSION="0.0.14"
+VERSION="0.0.15"
 docker buildx build \
     --builder hydrobuild \
     --platform linux/amd64,linux/arm64 \
@@ -45,11 +45,12 @@ clj -M:main-repl serve --mcp --port 8811
 ```sh
 docker run --rm -i --pull always -q --init \
            -v /var/run/docker.sock:/var/run/docker.sock \
+           -v /run/host-services/backend.sock:/backend.sock \
            --mount type=volume,source=docker-prompts,target=/prompts \
            -p 8811:8811 \
-           mcp/docker:0.0.1 \
-           serve --mcp --port 8811 \
-           --register "github:docker/labs-ai-tools-for-devs?path=prompts/bootstrap.md"
+           -e "GATEWAY_CONTAINER_RM=false" \
+           mcp/docker:0.0.15 \
+           serve --mcp --port 8811
 ```
 
 ```sh

runbook.md

@@ -77,6 +77,17 @@
               (format "%s/Library/Containers/com.docker.docker/Data/backend.sock" (System/getenv "HOME"))]]
     (some unix-socket-file coll)))
 
+(defn- get-jfs-socket []
+  (let [coll [(or (System/getenv "JFS_SOCKET_PATH") "/jfs.sock")
+              (format "%s/Library/Containers/com.docker.docker/Data/jfs.sock" (System/getenv "HOME"))]]
+    (some unix-socket-file coll)))
+
+(defn jfs-get-secret [s]
+  (curl/get
+   (format "http://localhost/secrets/%s" s)
+   {:raw-args ["--unix-socket"  (get-jfs-socket)]
+    :throw false}))
+
 (defn backend-is-logged-in? [_]
   (curl/get
    "http://localhost/registry/is-logged-in"
@@ -228,7 +239,7 @@
 
 (defn inspect-image [{:keys [Name Id]}]
   (curl/get
-    (format "http://localhost/images/%s/json" (or Name Id))
+   (format "http://localhost/images/%s/json" (or Name Id))
    {:raw-args ["--unix-socket" "/var/run/docker.sock"]
     :throw false}))
 
@@ -310,6 +321,7 @@
 (def pull (comp (status? 200 "pull-image") pull-image))
 (def images (comp ->json list-images))
 (def containers (comp ->json (status? 200 "list-containers") list-containers))
+(def secrets-get (comp ->json (status? 200 "secrets-get") jfs-get-secret))
 
 (defn add-latest [image]
   (let [[_ tag] (re-find #".*(:.*)$" image)]
@@ -367,25 +379,34 @@
         [s])
        (string/join " ; ")))
 
+(defn get-secrets [{:keys [secrets]}]
+  (->> secrets
+       (map (fn [[k v]]
+              [v (:value (secrets-get (name k)))]))
+       (into {})))
+
 (defn inject-secret-transform [container-definition]
   (check-then-pull container-definition)
-  (let [{:keys [Entrypoint Cmd Env]}
+  (let [{:keys [Entrypoint Cmd Env User]}
         (->
          (image-inspect {:Name (:image container-definition)})
          :Config)
         real-entrypoint (string/join " " (concat
                                           (or (:entrypoint container-definition) Entrypoint)
                                           (or (:command container-definition) Cmd)))]
-    (-> container-definition
-        (assoc :entrypoint ["/bin/sh" "-c" (injected-entrypoint
-                                            (:secrets container-definition)
-                                            (concat
-                                             Env
-                                             (->> (:environment container-definition)
-                                                  (map (fn [[k v]] (format "%s=%s" (if (keyword? k) (name k) k) v)))
-                                                  (into [])))
-                                            real-entrypoint)])
-        (dissoc :command))))
+    (if (#{"" "root"} User)
+      (-> container-definition
+          (assoc :entrypoint ["/bin/sh" "-c" (injected-entrypoint
+                                              (:secrets container-definition)
+                                              (concat
+                                               Env
+                                               (->> (:environment container-definition)
+                                                    (map (fn [[k v]] (format "%s=%s" (if (keyword? k) (name k) k) v)))
+                                                    (into [])))
+                                              real-entrypoint)])
+          (dissoc :command))
+      (-> container-definition
+          (update :environment (fnil merge {}) (get-secrets container-definition))))))
 
 (defn run-streaming-function-with-no-stdin
   "run container function with no stdin, and no timeout, but streaming stdout"
@@ -402,18 +423,22 @@
         finished-channel (async/promise-chan)]
     (start x)
 
-    (async/go
-      (try
-        (let [s (:body (attach-container-stream-stdout x))]
-          (doseq [line (line-seq (java.io.BufferedReader. (java.io.InputStreamReader. s)))]
-            (cb line)))
-        (catch Throwable e
-          (println e))))
+    (.start ^Thread
+     (Thread.
+      (fn []
+        (try
+          (let [s (:body (attach-container-stream-stdout x))]
+            (doseq [line (line-seq (java.io.BufferedReader. (java.io.InputStreamReader. s)))]
+              (cb line)))
+          (catch Throwable e
+            (logger/error "run-streaming-function" e))))))
 
     ;; watch the container
-    (async/go
-      (wait x)
-      (async/>! finished-channel {:done :exited}))
+    (.start ^Thread
+     (Thread.
+      (fn []
+        (wait x)
+        (async/put! finished-channel {:done :exited}))))
 
     {:container x
      ;; stopped channel
@@ -547,10 +572,13 @@
     (let [header-buf (ByteBuffer/allocate 8)
           stdout (PipedOutputStream.)
           stdout-reader (io/reader (PipedInputStream. stdout))]
-      (async/go-loop []
-        (when-let [line (.readLine stdout-reader)]
-          (async/put! c {:stdout line})
-          (recur)))
+      (.start ^Thread
+       (Thread.
+        (fn []
+          (loop []
+            (when-let [line (.readLine stdout-reader)]
+              (async/put! c {:stdout line})
+              (recur))))))
       (loop [offset 0]
         (let [result (.read ^SocketChannel in header-buf)]
           (cond
@@ -656,7 +684,10 @@
         c (async/chan)
         output-channel (async/chan)]
     (start x)
-    (async/thread (read-loop socket-channel c))
+    (.start ^Thread
+     (Thread.
+      (fn []
+        (read-loop socket-channel c))))
     (async/go
       (docker/wait x)
       (async/>! c :stopped)

src/docker.clj

@@ -1,6 +1,6 @@
 # IMAGE?=docker/labs-ai-tools-for-devs
 IMAGE?=docker/labs-ai-tools-for-devs
-TAG?=0.2.56
+TAG?=0.2.60
 
 BUILDER=buildx-multi-arch
 

src/extension/Makefile

@@ -1,11 +1,12 @@
 services:
   mcp_docker:
-    image: mcp/docker:0.0.14
+    image: mcp/docker:0.0.15
     ports:
       - 8811:8811
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock"
       - "/run/host-services/backend.sock:/backend.sock"
+      - "/run/guest-services/jfs.sock:/jfs.sock"
       - "docker-prompts:/prompts"
     command:
       - serve

src/extension/docker-compose.yaml

@@ -133,6 +133,7 @@
     :error (binding [*out* *err*]
              (println (:content params)))
     :prompts nil
+    :start nil
     (binding [*out* *err*] (println (format "%s\n%s\n" method params)))))
 
 (defn create-stdout-notifier [{:keys [debug]}]

src/jsonrpc.clj

@@ -60,29 +60,28 @@
         :unknown)
       (recur (async/<! debounced)))
     ;; watch filesystem
-    (async/thread
-      (let [{x :container}
-            (docker/run-streaming-function-with-no-stdin
-             {:image "vonwig/inotifywait:latest"
-              :labels {"com.docker.desktop.service" "true"}
-              :volumes ["docker-prompts:/prompts"]
-              :command ["-e" "create" "-e" "modify" "-e" "delete" "-q" "-m" "/prompts"]}
-             (fn [line]
-               (let [[_dir _event f] (string/split line #"\s+")]
-                 (async/>!!
-                  change-events-channel
-                  (cond
-                    (= f "registry.yaml")
-                    {:opts opts :f f :type :registry}
-                    (string/ends-with? f ".md")
-                    {:opts opts :f f :type :markdown}
-                    :else
-                    {})))))]
-        (shutdown/schedule-container-shutdown
-         (fn []
-           (logger/info "inotifywait shutting down")
-           (docker/kill-container x)
-           (docker/delete x)))))))
+    (let [{x :container}
+          (docker/run-streaming-function-with-no-stdin
+           {:image "vonwig/inotifywait:latest"
+            :labels {"com.docker.desktop.service" "true"}
+            :volumes ["docker-prompts:/prompts"]
+            :command ["-e" "create" "-e" "modify" "-e" "delete" "-q" "-m" "/prompts"]}
+           (fn [line]
+             (let [[_dir _event f] (string/split line #"\s+")]
+               (async/put!
+                change-events-channel
+                (cond
+                  (= f "registry.yaml")
+                  {:opts opts :f f :type :registry}
+                  (string/ends-with? f ".md")
+                  {:opts opts :f f :type :markdown}
+                  :else
+                  {})))))]
+      (shutdown/schedule-container-shutdown
+       (fn []
+         (logger/info "inotifywait shutting down")
+         (docker/kill-container x)
+         (docker/delete x))))))
 
 (comment
   (repl/setup-stdout-logger)