Feature(cli): Add sync-host-workdir to prevent AI agents from breaking the host files
#4429
Conversation
cmd/limactl/shell.go
Outdated
| shellCmd.Flags().Bool("reconnect", false, "Reconnect to the SSH session") | ||
| shellCmd.Flags().Bool("preserve-env", false, "Propagate environment variables to the shell") | ||
| shellCmd.Flags().Bool("start", false, "Start the instance if it is not already running") | ||
| shellCmd.Flags().Bool("sync-host-workdir", false, "Copy the host working directory to the guest to run AI commands inside VMs (prevents AI agents from breaking the host files)") |
There was a problem hiding this comment.
- For consistency with
--mount ., probably this should be like--sync . - The flag is not really specific to AI commands. Use case with AI should be mentioned in https://lima-vm.io/docs/examples/ai/ though.
|
|
||
| const ( | ||
| rsyncMinimumSrcDirDepth = 4 // Depth of "/Users/USER" is 3. | ||
| guestSyncedWorkdir = "~/synced-workdir" |
There was a problem hiding this comment.
Is there any reason that we cannot just use the same path as the host dir?
Is that for avoiding conflicts with mounts?
There was a problem hiding this comment.
Is there any reason that we cannot just use the same path as the host dir?
Yes, issue with rsync because it only tries to create the base of the path and not the full path so using for example ansumansahoo@127.0.0.1:~/Users/ansumansahoo/Documents/GOLANG/lima as a destination path will result into an error rsync: [Receiver] mkdir "/home/ansumansahoo.linux/Users/ansumansahoo/Documents/GOLANG/lima" failed: No such file or directory (2)
Or do you mean to use only ansumansahoo@127.0.0.1:~/lima regarding this context?
| } | ||
|
|
||
| for { | ||
| ans, err := uiutil.Select(message, options) |
There was a problem hiding this comment.
rsync can be slow and may eat up the host disk space, so this prompt should be shown before running rsync to the tmp dir
cmd/limactl/shell.go
Outdated
| return | ||
| case 2: // View the changed contents | ||
| diffCmd := exec.CommandContext(ctx, "diff", "-ru", "--color=always", hostCurrentDir, filepath.Join(hostTmpDest, filepath.Base(hostCurrentDir))) | ||
| lessCmd := exec.CommandContext(ctx, "less", "-R") |
cmd/limactl/shell.go
Outdated
| if err != nil { | ||
| return fmt.Errorf("failed to get sync-host-workdir flag: %w", err) | ||
| } else if syncHostWorkdir && len(inst.Config.Mounts) > 0 { | ||
| return errors.New("cannot use `--sync-host-workdir` when the instance has host mounts configured, use `--mount-none` to disable mounts") |
There was a problem hiding this comment.
| return errors.New("cannot use `--sync-host-workdir` when the instance has host mounts configured, use `--mount-none` to disable mounts") | |
| return errors.New("cannot use `--sync-host-workdir` when the instance has host mounts configured, start the instance with `--mount-none` to disable mounts") |
cmd/limactl/shell.go
Outdated
| } | ||
| } else { | ||
| case syncHostWorkdir: | ||
| changeDirCmd = fmt.Sprintf("cd %s/%s", guestSyncedWorkdir, filepath.Base(hostCurrentDir)) |
There was a problem hiding this comment.
Make sure to quote the path, as it may contain spaces and quote symbols
There was a problem hiding this comment.
(Such paths should be tested in bats)
cmd/limactl/shell.go
Outdated
| } | ||
| rsyncCmd := exec.CommandContext(ctx, "rsync", rsyncArgs...) | ||
| rsyncCmd.Stdin = os.Stdin | ||
| rsyncCmd.Stdout = os.Stdout |
There was a problem hiding this comment.
cmd/limactl/shell.go
Outdated
| destination, | ||
| } | ||
| rsyncCmd := exec.CommandContext(ctx, "rsync", rsyncArgs...) | ||
| rsyncCmd.Stdin = os.Stdin |
There was a problem hiding this comment.
NVM, it was a mistake!
…g the host files Signed-off-by: Ansuman Sahoo <anshumansahoo500@gmail.com>
|
Left with adding bats test and docs. |
2 participants
This PR adds a
--sync-host-workdirflag to thelimactl shellcommand that allows users to safely run AI commands inside VMs by syncing the host's working directory to the guest and optionally syncing changes back to the host after confirmation. Also added cleanup logic to remove the guest's synced workdir after user decision, ensuring no leftover files in the VM.How to test
When the program prompts the user to view the changes, a rsync is performed. This copies the guest synced directory to a temporary directory on the host. This allows diff to be used and the user to see a detailed list of changes.
Fixes #3711