Merge branch 'master' into show-available-plugins-for-info-and-exec-cmd

Signed-off-by: Jan Dubois <jan.dubois@suse.com>

Author: jandubois

.github/workflows/release.yml

@@ -26,7 +26,7 @@ jobs:
     # Apparently, a binary built on a newer version of macOS can still run on
     # an older release of macOS without an error.
     # This is quite different from Linux and glibc.
-    runs-on: macos-15
+    runs-on: macos-26
     timeout-minutes: 20
     steps:
     - name: "Show xcode and SDK version"

.github/workflows/test.yml

@@ -69,7 +69,7 @@ jobs:
     timeout-minutes: 30
     strategy:
       matrix:
-        runs-on: [ubuntu-24.04, macos-15, windows-2025]
+        runs-on: [ubuntu-24.04, macos-26, windows-2025]
     runs-on: ${{ matrix.runs-on }}
     steps:
     - name: Force git to use LF

Makefile

@@ -43,16 +43,38 @@ PACKAGE := github.com/lima-vm/lima/v2
 VERSION := $(shell git describe --match 'v[0-9]*' --dirty='.m' --always --tags)
 VERSION_TRIMMED := $(VERSION:v%=%)
 
+# `DEBUG` flag to build binaries with debug information for use by `dlv exec`.
+# This implies KEEP_DWARF=1 and KEEP_SYMBOLS=1.
+DEBUG ?=
+GO_BUILD_GCFLAGS ?=
+KEEP_DWARF ?=
 KEEP_SYMBOLS ?=
+ifeq ($(DEBUG),1)
+	# Disable optimizations and inlining to make debugging easier.
+	GO_BUILD_GCFLAGS = -gcflags="all=-N -l"
+	# Keep the symbol table
+	KEEP_DWARF = 1
+	# Enable DWARF generation
+	KEEP_SYMBOLS = 1
+endif
+
+GO_BUILD_LDFLAGS_W := true
+ifeq ($(KEEP_DWARF),1)
+	GO_BUILD_LDFLAGS_W = false
+endif
+
 GO_BUILD_LDFLAGS_S := true
 ifeq ($(KEEP_SYMBOLS),1)
 	GO_BUILD_LDFLAGS_S = false
 endif
-GO_BUILD_LDFLAGS := -ldflags="-s=$(GO_BUILD_LDFLAGS_S) -w -X $(PACKAGE)/pkg/version.Version=$(VERSION)"
+# `-s`: Strip the symbol table according to the KEEP_SYMBOLS config
+# `-w`: Disable DWARF generation according to the KEEP_DWARF config
+# `-X`: Embed version information.
+GO_BUILD_LDFLAGS := -ldflags="-s=$(GO_BUILD_LDFLAGS_S) -w=$(GO_BUILD_LDFLAGS_W) -X $(PACKAGE)/pkg/version.Version=$(VERSION)"
 # `go -version -m` returns -tags with comma-separated list, because space-separated list is deprecated in go1.13.
 # converting to comma-separated list is useful for comparing with the output of `go version -m`.
 GO_BUILD_FLAG_TAGS := $(addprefix -tags=,$(shell echo "$(GO_BUILDTAGS)"|tr " " "\n"|paste -sd "," -))
-GO_BUILD := $(GO) build $(GO_BUILD_LDFLAGS) $(GO_BUILD_FLAG_TAGS)
+GO_BUILD := $(strip $(GO) build $(GO_BUILD_GCFLAGS) $(GO_BUILD_LDFLAGS) $(GO_BUILD_FLAG_TAGS))
 
 ################################################################################
 # Features
@@ -78,7 +100,9 @@ help-variables:
 	@echo  '# Variables that can be overridden.'
 	@echo
 	@echo  '- PREFIX       (directory)  : Installation prefix (default: /usr/local)'
+	@echo  '- KEEP_DWARF   (1 or 0)     : Whether to keep DWARF information (default: 0)'
 	@echo  '- KEEP_SYMBOLS (1 or 0)     : Whether to keep symbols (default: 0)'
+	@echo  '- DEBUG        (1 or 0)     : Whether to build with debug information (default: 0)'
 
 .PHONY: help-targets
 help-targets:
@@ -88,6 +112,8 @@ help-targets:
 	@echo  '- limactl                   : Build limactl, and lima'
 	@echo  '- lima                      : Copy lima, and lima.bat'
 	@echo  '- helpers                   : Copy nerdctl.lima, apptainer.lima, docker.lima, podman.lima, and kubectl.lima'
+	# TODO: move CLI plugins to _output/libexec/lima/
+	@echo  '- limactl-plugins           : Build limactl-* CLI plugins'
 	@echo
 	@echo  'Targets for files in _output/share/lima/:'
 	@echo  '- guestagents               : Build guestagents'
@@ -150,7 +176,7 @@ CONFIG_GUESTAGENT_COMPRESS=y
 
 ################################################################################
 .PHONY: binaries
-binaries: limactl helpers guestagents \
+binaries: limactl helpers limactl-plugins guestagents \
 	templates template_experimentals \
 	documentation create-links-in-doc-dir
 
@@ -177,7 +203,7 @@ dependencies_for_cmd = go.mod $(call find_files_excluding_dir_and_test, ./cmd/$(
 # $(1): target binary
 extract_build_vars = $(shell \
 	($(GO) version -m $(1) 2>&- || echo $(1):) | \
-	awk 'FNR==1{print "GOVERSION="$$2}$$2~/^(CGO|GO|-ldflags|-tags).*=.+$$/{sub("^.*"$$2,$$2); print $$0}' \
+	awk 'FNR==1{print "GOVERSION="$$2}$$2~/^(CGO|GO|-gcflags|-ldflags|-tags).*=.+$$/{sub("^.*"$$2,$$2); print $$0}' \
 )
 
 # a list of keys from the GO build variables to be used for calling `go env`.
@@ -192,7 +218,7 @@ go_build_vars = $(shell \
 	$(ENVS_$(1)) $(GO) env $(2) | \
 	awk '/ /{print "\""$$0"\""; next}{print}' | \
 	for k in $(2); do read -r v && echo "$$k=$${v}"; done \
-) $(GO_BUILD_LDFLAGS) $(GO_BUILD_FLAG_TAGS)
+) $(GO_BUILD_GCFLAGS) $(GO_BUILD_LDFLAGS) $(GO_BUILD_FLAG_TAGS)
 
 # returns the difference between $(1) and $(2).
 diff = $(filter-out $(2),$(1))$(filter-out $(1),$(2))
@@ -256,6 +282,11 @@ ifeq ($(GOOS),darwin)
 	codesign -f -v --entitlements vz.entitlements -s - $@
 endif
 
+limactl-plugins: _output/bin/limactl-mcp$(exe)
+
+_output/bin/limactl-mcp$(exe): $(call dependencies_for_cmd,limactl-mcp) $$(call force_build,$$@)
+	$(ENVS_$@) $(GO_BUILD) -o $@ ./cmd/limactl-mcp
+
 DRIVER_INSTALL_DIR := _output/libexec/lima
 
 .PHONY: additional-drivers
@@ -356,16 +387,20 @@ MKDIR_TARGETS += _output/share/lima
 ################################################################################
 # _output/share/lima/templates
 TEMPLATES = $(addprefix _output/share/lima/templates/,$(filter-out experimental,$(notdir $(wildcard templates/*))))
+TEMPLATE_DEFAULTS = ${addprefix _output/share/lima/templates/_default/,$(notdir $(wildcard templates/_default/*))}
+TEMPLATE_IMAGES = $(addprefix _output/share/lima/templates/_images/,$(notdir $(wildcard templates/_images/*)))
 TEMPLATE_EXPERIMENTALS = $(addprefix _output/share/lima/templates/experimental/,$(notdir $(wildcard templates/experimental/*)))
 
 .PHONY: default_template templates template_experimentals
 default_template: _output/share/lima/templates/default.yaml
-templates: $(TEMPLATES)
+templates: $(TEMPLATES) $(TEMPLATE_DEFAULTS) $(TEMPLATE_IMAGES)
 template_experimentals: $(TEMPLATE_EXPERIMENTALS)
 
 $(TEMPLATES): | _output/share/lima/templates
+$(TEMPLATE_DEFAULTS): | _output/share/lima/templates/_default
+$(TEMPLATE_IMAGES): | _output/share/lima/templates/_images
 $(TEMPLATE_EXPERIMENTALS): | _output/share/lima/templates/experimental
-MKDIR_TARGETS += _output/share/lima/templates _output/share/lima/templates/experimental
+MKDIR_TARGETS += _output/share/lima/templates _output/share/lima/templates/_default _output/share/lima/templates/_images _output/share/lima/templates/experimental
 
 _output/share/lima/templates/%: templates/%
 	cp -aL $< $@
@@ -488,14 +523,19 @@ uninstall:
 		"$(DEST)/bin/lima" \
 		"$(DEST)/bin/lima$(bat)" \
 		"$(DEST)/bin/limactl$(exe)" \
+		"$(DEST)/bin/limactl-mcp$(exe)" \
 		"$(DEST)/bin/nerdctl.lima" \
 		"$(DEST)/bin/apptainer.lima" \
 		"$(DEST)/bin/docker.lima" \
 		"$(DEST)/bin/podman.lima" \
 		"$(DEST)/bin/kubectl.lima" \
 		"$(DEST)/share/man/man1/lima.1" \
 		"$(DEST)/share/man/man1/limactl"*".1" \
-		"$(DEST)/share/lima" "$(DEST)/share/doc/lima"
+		"$(DEST)/share/lima" \
+		"$(DEST)/share/doc/lima" \
+		"$(DEST)/libexec/lima/lima-driver-qemu$(exe)" \
+		"$(DEST)/libexec/lima/lima-driver-vz$(exe)" \
+		"$(DEST)/libexec/lima/lima-driver-wsl2$(exe)"
 	if [ "$$(readlink "$(DEST)/bin/nerdctl")" = "nerdctl.lima" ]; then rm "$(DEST)/bin/nerdctl"; fi
 	if [ "$$(readlink "$(DEST)/bin/apptainer")" = "apptainer.lima" ]; then rm "$(DEST)/bin/apptainer"; fi
 

cmd/limactl-mcp/main.go

@@ -0,0 +1,172 @@
+// SPDX-FileCopyrightText: Copyright The Lima Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package main
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"runtime"
+	"strings"
+
+	"github.com/modelcontextprotocol/go-sdk/mcp"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"golang.org/x/text/cases"
+	"golang.org/x/text/language"
+
+	"github.com/lima-vm/lima/v2/pkg/limactlutil"
+	"github.com/lima-vm/lima/v2/pkg/mcp/toolset"
+	"github.com/lima-vm/lima/v2/pkg/version"
+)
+
+func main() {
+	if err := newApp().Execute(); err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+func newApp() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:           "limactl-mcp",
+		Short:         "Model Context Protocol plugin for Lima (EXPERIMENTAL)",
+		Version:       strings.TrimPrefix(version.Version, "v"),
+		SilenceUsage:  true,
+		SilenceErrors: true,
+	}
+	cmd.AddCommand(
+		newMcpInfoCommand(),
+		newMcpServeCommand(),
+		// TODO: `limactl-mcp configure gemini` ?
+	)
+	return cmd
+}
+
+func newServer() *mcp.Server {
+	impl := &mcp.Implementation{
+		Name:    "lima",
+		Title:   "Lima VM, for sandboxing local command executions and file I/O operations",
+		Version: version.Version,
+	}
+	serverOpts := &mcp.ServerOptions{
+		Instructions: `This MCP server provides tools for sandboxing local command executions and file I/O operations,
+by wrapping them in Lima VM (https://lima-vm.io).
+
+Use these tools to avoid accidentally executing malicious codes directly on the host.
+`,
+	}
+	if runtime.GOOS != "linux" {
+		serverOpts.Instructions += fmt.Sprintf(`
+
+NOTE: the guest OS of the VM is Linux, while the host OS is %s.
+`, cases.Title(language.English).String(runtime.GOOS))
+	}
+	return mcp.NewServer(impl, serverOpts)
+}
+
+func newMcpInfoCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "info",
+		Short: "Show information about the MCP server",
+		Args:  cobra.NoArgs,
+		RunE:  mcpInfoAction,
+	}
+	return cmd
+}
+
+func mcpInfoAction(cmd *cobra.Command, _ []string) error {
+	ctx := cmd.Context()
+	limactl, err := limactlutil.Path()
+	if err != nil {
+		return err
+	}
+	ts, err := toolset.New(limactl)
+	if err != nil {
+		return err
+	}
+	server := newServer()
+	if err = ts.RegisterServer(server); err != nil {
+		return err
+	}
+	serverTransport, clientTransport := mcp.NewInMemoryTransports()
+	serverSession, err := server.Connect(ctx, serverTransport, nil)
+	if err != nil {
+		return err
+	}
+	client := mcp.NewClient(&mcp.Implementation{Name: "client"}, nil)
+	clientSession, err := client.Connect(ctx, clientTransport, nil)
+	if err != nil {
+		return err
+	}
+	toolsResult, err := clientSession.ListTools(ctx, &mcp.ListToolsParams{})
+	if err != nil {
+		return err
+	}
+	if err = clientSession.Close(); err != nil {
+		return err
+	}
+	if err = serverSession.Wait(); err != nil {
+		return err
+	}
+	info := &Info{
+		Tools: toolsResult.Tools,
+	}
+	j, err := json.MarshalIndent(info, "", "    ")
+	if err != nil {
+		return err
+	}
+	_, err = fmt.Fprint(cmd.OutOrStdout(), string(j))
+	return err
+}
+
+type Info struct {
+	Tools []*mcp.Tool `json:"tools"`
+}
+
+func newMcpServeCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "serve INSTANCE",
+		Short: "Serve MCP over stdio",
+		Long: `Serve MCP over stdio.
+
+Expected to be executed via an AI agent, not by a human`,
+		Args: cobra.MaximumNArgs(1),
+		RunE: mcpServeAction,
+	}
+	return cmd
+}
+
+func mcpServeAction(cmd *cobra.Command, args []string) error {
+	ctx := cmd.Context()
+	instName := "default"
+	if len(args) > 0 {
+		instName = args[0]
+	}
+	limactl, err := limactlutil.Path()
+	if err != nil {
+		return err
+	}
+	// FIXME: We can not use store.Inspect() here because it requires VM drivers to be compiled in.
+	// https://github.com/lima-vm/lima/pull/3744#issuecomment-3289274347
+	inst, err := limactlutil.Inspect(ctx, limactl, instName)
+	if err != nil {
+		return err
+	}
+	if len(inst.Errors) != 0 {
+		return errors.Join(inst.Errors...)
+	}
+	ts, err := toolset.New(limactl)
+	if err != nil {
+		return err
+	}
+	server := newServer()
+	if err = ts.RegisterServer(server); err != nil {
+		return err
+	}
+	if err = ts.RegisterInstance(ctx, inst); err != nil {
+		return err
+	}
+	transport := &mcp.StdioTransport{}
+	return server.Run(ctx, transport)
+}