Skip to content

AR10.9 / AR03.1: full docker rm reverse synthesis (DR-CR-22)#48

Merged
mfwolffe merged 7 commits into
trunkfrom
ar10.9-docker-rm-reverse-synthesis
May 24, 2026
Merged

AR10.9 / AR03.1: full docker rm reverse synthesis (DR-CR-22)#48
mfwolffe merged 7 commits into
trunkfrom
ar10.9-docker-rm-reverse-synthesis

Conversation

@espadonne
Copy link
Copy Markdown
Contributor

@espadonne espadonne commented May 24, 2026
edited by mfwolffe
Loading

Summary

  • AR10.9 / DR-CR-22 — lands the full docker rm reverse path that AR03.1 was blocked on. ```docker rm -f ``` now round-trips name + image-source + env + ports + mounts + restart policy + in-place rootfs writes.
  • Helper side: `prepare_rm` runs `docker inspect` to capture the container config as JSON, detects `.State.Running`, and `docker commit`s running containers to a `shit-stash--` tag so rootfs edits survive the rm.
  • Planner side: new pure function `synthesize_container_run` walks the inspect JSON and produces `docker run -d` argv with ~15 options. `apply_rm` is rewritten from the stage-1 `Skipped` stub to parse JSON, verify the stash image still exists, swap `.Config.Image` for the stash tag, and exec the synthesized argv.
  • Smoke: launches busybox with port/env/volume/restart-policy + writes a probe file to the rootfs via `docker exec`. Asserts post-undo container has the same effective config AND the probe file (proving the stash-commit preserves in-place writes).

Argv synthesis coverage

15 options: `--name`, image (stash or original), `-d`, `-e`, `-p host:container/proto`, `-v` (volume + bind + ro mode), `--tmpfs`, `--restart=policy[:n]`, `--network` (omits "default"), `--privileged`, `--read-only`, `--cap-add`/`--cap-drop`, `--hostname` (skipped if auto-generated from container id), `-u`, `-w`, `--label`, `--entrypoint` (joined with spaces), `Cmd` (positional after image).

Deferred: GPU runtime detection (DR-CR-30), IPC/PID/UTS namespaces, resource limits (`--memory`, `--cpus`, `--shm-size`). Captured inspect JSON is always available via `shit show` for the user to fill in manually.

Test plan

  • `cargo build --workspace --release` green
  • `cargo fmt --all -- --check` clean
  • `cargo clippy --workspace --all-targets --all-features -- -D warnings` clean
  • `cargo test -p shit-planner --lib executors::container` — 38 tests pass (10 existing + 28 new synthesizer + apply_rm rewrite tests)
  • `cargo test -p shit-helper --bin shit-helper container::event` — 8 tests pass (added inspect-helper + warn-fallback tests)
  • `dr-smoke / docker-rm-undo` job green (validates port + env + mount + restart + rootfs-probe round-trip)
  • No regressions on docker-rmi-undo (AR03.2), docker-volume-rm-undo (AR03.3), docker-network-rm-undo (AR03.4)
  • `linux-kernel-capture` matrix stays green

espadonne added 7 commits May 24, 2026 01:12
@espadonne
feat(planner): synthesize_container_run + full Rm reverse synthesis (…
6e38768 
…DR-CR-22)

Walks docker inspect JSON and produces docker run -d argv with ~15
options (name, image, env, ports, mounts, restart policy, network
mode, working dir, user, hostname, labels, privileged, read-only,
cap-add/drop, entrypoint, cmd). image_override lets the caller swap
.Config.Image with a stash-commit tag for running containers.

Rewrites apply_rm to parse captured_config, verify stash image
exists (when running), and exec the synthesized argv. Fails cleanly
on missing image / missing stash for running container / invalid
JSON. 28 unit tests cover the synthesizer + executor.
@espadonne
feat(shit-helper): add serde_json dep for container inspect parsing
d38e4fe
@espadonne
feat(shit-helper): prepare_rm captures docker inspect + commits runni…
4eb8638 
…ng rootfs (AR10.9)
@espadonne
test(smoke): AR10.9 docker-rm-undo-linux with full effective-config r…
444c0a7 
…ound-trip
@espadonne
ci(dr-smoke): docker-rm-undo job (AR10.9 / AR03.1)
ab029e8
@espadonne
test(planner): update rm e2e test for AR10.9 synthesis (Applied not S…
4030ad3 
…kipped)
@espadonne
fmt: wrap long assert! in rm e2e test (rustfmt 1.85 100-col gate)
938a591
@mfwolffe mfwolffe merged commit 50c6dbc into trunk May 24, 2026
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@espadonne @mfwolffe