Conversation
- Updated `load_module_file` to handle built-in kernel modules, improving resilience in aarch64/VZ environments. - Introduced comprehensive backend conformance test suite to validate KVM and VZ implementations. - Added macOS Virtualization.framework (VZ) backend with detailed configuration support. - Reorganized shared constants and structures for cross-platform reuse. - Enhanced protocol with optional version negotiation for better backward compatibility.
…across core components - Consolidated redundant control flow in `guest-agent`, `control_channel`, and `backend` modules. - Applied consistent formatting and compact function signatures for improved readability and maintainability. - Adjusted pre-commit hook path for streamlined formatting validation. - Enhanced Rust API's argument structures and handling for better clarity.
…orm support - Unified backend availability checks with `backend_available` to improve readability and maintainability. - Replaced KVM-specific checks with a generic VM backend check across conformance tests. - Expanded GitHub Actions CI matrix to include macOS builds and tests for cross-platform compatibility. - Introduced dedicated E2E test workflow for macOS Virtualization.framework (VZ) backend. - Updated test image script to support musl cross-compilation and macOS environment.
…, and enhance pre-commit hooks - Added `Default` implementation for `KvmBackend` to streamline initialization. - Simplified `is_running` with `is_some_and` and adjusted response handling in async task. - Enhanced pre-commit hooks to enforce `cargo clippy` checks with warnings as errors.
…it from macOS CI tasks - Added compile-time check to ensure `guest-agent` runs only on Linux (as PID 1 inside micro-VMs). - Updated GitHub Actions workflows to exclude `guest-agent` from macOS builds, tests, and documentation generation.
…tor socket device handling - Introduced `SendSyncDevice` wrapper for `VZVirtioSocketDevice` to ensure thread safety. - Implemented `Send` and `Sync` traits for `VzBackend`, with safe access guarantees. - Refactored connector and initialization logic to utilize the new `SendSyncDevice`.
…`VzBackend` - Replaced generic `AnyObject` usage with specific `VZSocketDeviceConfiguration` and `VZNetworkDeviceConfiguration` types. - Ensured thread-safe wrappers for `SendSyncDevice` using `Arc`. - Refactored completion handler implementation with scoped variables to reduce mutex contention. - Addressed platform-specific code warnings for non-Linux builds.
…nd improve channel handling - Replaced async `oneshot` channels with synchronous `std::sync::mpsc::channel` for VM start/stop operations. - Refactored VM setup logic to execute synchronously via `tokio::task::block_in_place` for ObjC type safety. - Enhanced logging and streamlined configuration flow for better maintainability.
- Removed the `boot_diag.rs` Linux-specific example to simplify codebase and maintenance. - Adjusted CI documentation build command to use the `--workspace` flag for consistency. - Minor cleanup in `VzBackend` to remove unnecessary cast for file descriptor.
… doc links - Added `Default` implementation for `VzBackend` to simplify initialization. - Fixed inconsistent references to `ControlChannel` and `VmmBackend` in documentation comments for improved clarity.
The doctest references MicroVm and VoidBoxConfig which are Linux-only types, causing doc-test failures on macOS CI. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…d increase timeout to 60 mins - Implemented caching of the musl-cross toolchain to optimize workflow execution. - Updated timeout for macOS E2E tests to 60 minutes to accommodate longer runs. - Improved musl-cross installation process with cache utilization and verification steps.
…pple Silicon
- VZ backend: fix DispatchQueue thread affinity, vsock FD ownership (libc::dup), async streaming exec
- Guest agent: DHCP-first networking for VZ NAT, tmpfs /tmp for sandbox user, relax RLIMIT_AS for Bun
- Cross-build: auto-detect musl toolchain, download ARM64 glibc/busybox from Ubuntu packages
- Refactor build_guest_image.sh into platform-specific modules (lib/guest_{common,linux,macos}.sh)
- Add voidbox.entitlements and .cargo/config.toml for code-signing and cross-compilation
- README: macOS prerequisites and run instructions
…ust README setup steps - Added `scripts/download_kernel.sh` for simplified and reusable kernel downloads. - Refactored README setup steps to utilize the new script, improving clarity and organization. - Updated test image script to align with musl cross-compilation changes. - Removed hardcoded kernel version from macOS E2E workflow, delegating version control to the helper script.
There was a problem hiding this comment.
Pull request overview
This PR adds native macOS (Apple Silicon) support by introducing a cross-platform VM backend abstraction, implementing a Virtualization.framework (VZ) backend, and updating CI/scripts/docs to build and test on both Linux and macOS.
Changes:
- Introduces a
VmmBackendtrait + transport-agnosticControlChannel, with KVM (Linux) and VZ (macOS) implementations. - Updates workflows and tests for multi-OS CI (including a new macOS E2E workflow and a backend conformance test suite).
- Refactors guest image build scripts and documentation to support macOS cross-compilation and codesigning.
Reviewed changes
Copilot reviewed 40 out of 41 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| voidbox.entitlements | Adds virtualization entitlement required for codesigning on macOS. |
| void-box-protocol/src/lib.rs | Adds protocol version constant + tests; updates sync reader signature. |
| tests/telemetry.rs | Linux-gates telemetry integration tests. |
| tests/kvm_integration.rs | Linux-gates KVM integration tests. |
| tests/e2e/telemetry.rs | Linux-gates E2E telemetry tests. |
| tests/e2e/skill_pipeline.rs | Linux-gates E2E skill pipeline tests. |
| tests/conformance.rs | Adds cross-backend conformance tests (ignored by default). |
| src/vmm/config.rs | Re-exports allowlist/resource-limits from new backend module. |
| src/sandbox/mod.rs | Improves error reporting when no streaming output is received. |
| src/sandbox/local.rs | Migrates local sandbox from MicroVm to backend abstraction. |
| src/observe/mod.rs | Adds backend_type span attribute for observability parity. |
| src/lib.rs | Introduces backend module; gates Linux-only modules/exports. |
| src/error.rs | Adds cross-platform Backend error; cfg-gates Linux-only error variants. |
| src/devices/virtio_vsock.rs | Makes VsockStream::set_read_timeout public for backend reuse. |
| src/backend/vz/vsock.rs | Adds fd-backed GuestStream adapter for VZ vsock connections. |
| src/backend/vz/mod.rs | Introduces VZ backend module structure. |
| src/backend/vz/config.rs | Adds VZ kernel cmdline/memory mapping helpers (+ tests). |
| src/backend/vz/backend.rs | Implements VmmBackend for Virtualization.framework (macOS). |
| src/backend/mod.rs | Adds backend abstraction types and platform-specific backend wiring. |
| src/backend/kvm.rs | Wraps existing MicroVm behind VmmBackend for Linux. |
| src/backend/control_channel.rs | Extracts protocol logic into transport-agnostic control channel. |
| src/artifacts.rs | Adjusts tests for non-Linux platforms. |
| src/agent_box.rs | Updates allowlist/resource-limit provisioning to new backend paths. |
| scripts/lib/guest_macos.sh | Adds macOS cross-build helpers and guest dependencies downloads. |
| scripts/lib/guest_linux.sh | Extracts Linux-specific guest image build helpers. |
| scripts/lib/guest_common.sh | Extracts shared guest image build logic. |
| scripts/download_kernel.sh | Adds kernel download helper for macOS/Linux workflows. |
| scripts/build_test_image.sh | Updates test image build for macOS cross-compilation. |
| scripts/build_guest_image.sh | Refactors guest image build to use shared platform helpers. |
| scripts/build_claude_rootfs.sh | Improves cross-platform claude-code acquisition and validation. |
| guest-agent/src/main.rs | Linux-only enforcement + robustness improvements (tmpfs, modules, DHCP). |
| examples/ollama_local.rs | Adds platform-specific Ollama host selection + tracing init. |
| examples/boot_diag.rs | Removes obsolete boot diagnostic example. |
| README.md | Adds macOS usage, cross-compilation, and codesigning instructions. |
| Cargo.toml | Moves platform-specific deps behind cfg; adds macOS deps and conformance test. |
| Cargo.lock | Locks new macOS-related dependencies. |
| CONTRIBUTING.md | Updates hooks path instructions. |
| .github/workflows/e2e-macos.yml | Adds macOS Apple Silicon E2E workflow using VZ backend. |
| .github/workflows/ci.yml | Expands CI matrix to macOS; excludes Linux-only targets where needed. |
| .githooks/pre-commit | Runs from repo root; adds clippy invocation. |
| .cargo/config.toml | Adds musl linker config for cross-compilation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ification, and enhance kernel script - Refactored `VzBackend` VM lifecycle to ensure thread safety and prevent dangling pointers on timeout or failure. - Introduced checksum verification for kernel downloads to ensure data integrity. - Enhanced kernel script with customizable `KERNEL_UPLOAD` version, updated URLs to HTTPS, and added SHA256 checks. - Adjusted pre-commit hooks to exclude `guest-agent` on macOS for compatibility.
…ckages - Added support for zstd-compressed archives (`data.tar.zst`) in `scripts/download_kernel.sh`. - Enhanced error handling for missing or unsupported archive formats. - Improved compatibility with macOS and older GNU tar versions lacking native zstd support.
…re-commit checks - Simplified kernel extraction logic with added compatibility for macOS `bsdtar` and refined error handling for `.deb` packages. - Removed unused `AnyThread` import from `VzBackend`. - Adjusted pre-commit hook to remove unnecessary stderr redirection for better feedback during Clippy checks.
… and error clarity - Replaced `ls` with `find` for more reliable `data.tar*` detection, ensuring cross-platform compatibility. - Refined error message for missing `data.tar` to improve user feedback during `.deb` extraction.
…ormance tests - Added `flavor = "multi_thread", worker_threads = 2` to all `tokio::test` annotations, improving test execution scalability.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces significant improvements for cross-platform support, especially for macOS (Apple Silicon), and restructures dependencies to enable conditional compilation. It also enhances CI workflows to test and lint on both Linux and macOS, adds a new macOS E2E workflow, and improves guest-agent robustness for environments where kernel modules are built-in. Several example and documentation updates clarify usage and setup for macOS.
Cross-platform and macOS support enhancements:
objc2,objc2-foundation,objc2-virtualization,block2,dispatch2) and moved Linux-specific dependencies under conditional sections inCargo.toml, enabling platform-specific builds..cargo/config.tomlto specify musl cross-compilation linkers for both ARM64 and x86_64, supporting Linux builds from macOS..github/workflows/e2e-macos.yml)README.md) with detailed instructions for building and running on macOS, including cross-compilation and codesigning steps.CI workflow improvements:
.github/workflows/ci.ymlto run tests, lint, build, and documentation jobs on both Linux and macOS using matrix strategies; excludedguest-agentfor macOS jobs where not applicable. [1] [2] [3] [4] [5] [6].githooks/pre-commit) to run from project root and addedcargo clippylint checks, improving local developer experience.CONTRIBUTING.mdto reflect new.githookslocation.Guest-agent robustness and platform checks:
guest-agent/src/main.rs, ensuring guest-agent is only built for Linux..kofiles by checking for built-in modules, making it resilient to macOS/aarch64 environments./tmpinitialization to mount a tmpfs with proper permissions, improving guest file system behavior.Example and test updates:
examples/ollama_local.rsto select the correct Ollama host address based on platform and added tracing initialization for better diagnostics. [1] [2]conformancetest target toCargo.tomlfor E2E testing.boot_diag.rsexample.Dependency and security cleanup:
Cargo.tomland clarified cross-platform security dependencies. [1] [2]Change references:
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21]