refactor: rename driver to image, first pass

mcontainer/images/__init__.py

@@ -0,0 +1,3 @@
+"""
+MAI container image management
+"""

mcontainer/images/base.py

@@ -0,0 +1,28 @@
+"""
+Base image implementation for MAI
+"""
+
+from typing import Dict, Optional
+
+from ..models import Image
+
+
+class ImageManager:
+    """Manager for MAI images"""
+
+    @staticmethod
+    def get_default_images() -> Dict[str, Image]:
+        """Get the default built-in images"""
+        from ..config import DEFAULT_IMAGES
+
+        return DEFAULT_IMAGES
+
+    @staticmethod
+    def get_image_metadata(image_name: str) -> Optional[Dict]:
+        """Get metadata for a specific image"""
+        from ..config import DEFAULT_IMAGES
+
+        if image_name in DEFAULT_IMAGES:
+            return DEFAULT_IMAGES[image_name].model_dump()
+
+        return None

mcontainer/images/goose/Dockerfile

@@ -0,0 +1,71 @@
+FROM python:3.12-slim
+
+LABEL maintainer="team@monadical.com"
+LABEL description="Goose with MCP servers"
+
+# Install system dependencies including gosu for user switching and shadow for useradd/groupadd
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    gosu \
+    passwd \
+    git \
+    openssh-server \
+    bash \
+    curl \
+    bzip2 \
+    iputils-ping \
+    iproute2 \
+    libxcb1 \
+    libdbus-1-3 \
+    nano \
+    vim \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set up SSH server directory (configuration will be handled by entrypoint if needed)
+RUN mkdir -p /var/run/sshd && chmod 0755 /var/run/sshd
+# Do NOT enable root login or set root password here
+
+# Install deps
+WORKDIR /tmp
+RUN curl -fsSL https://astral.sh/uv/install.sh -o install.sh && \
+    sh install.sh && \
+    mv /root/.local/bin/uv /usr/local/bin/uv && \
+    mv /root/.local/bin/uvx /usr/local/bin/uvx && \
+    rm install.sh
+RUN curl -fsSL https://github.com/block/goose/releases/download/stable/download_cli.sh -o download_cli.sh && \
+    chmod +x download_cli.sh && \
+    ./download_cli.sh && \
+    mv /root/.local/bin/goose /usr/local/bin/goose && \
+    rm -rf download_cli.sh /tmp/goose-*
+
+# Create app directory
+WORKDIR /app
+
+# Copy initialization scripts
+COPY mc-init.sh /mc-init.sh
+COPY entrypoint.sh /entrypoint.sh
+COPY mc-image.yaml /mc-image.yaml
+COPY init-status.sh /init-status.sh
+COPY update-goose-config.py /usr/local/bin/update-goose-config.py
+
+# Extend env via bashrc
+
+# Make scripts executable
+RUN chmod +x /mc-init.sh /entrypoint.sh /init-status.sh \
+    /usr/local/bin/update-goose-config.py
+
+# Set up initialization status check on login
+RUN echo '[ -x /init-status.sh ] && /init-status.sh' >> /etc/bash.bashrc
+
+# Set up environment
+ENV PYTHONUNBUFFERED=1
+ENV PYTHONDONTWRITEBYTECODE=1
+# Set WORKDIR to /app, common practice and expected by mc-init.sh
+WORKDIR /app
+
+# Expose ports
+EXPOSE 8000 22
+
+# Set entrypoint - container starts as root, entrypoint handles user switching
+ENTRYPOINT ["/entrypoint.sh"]
+# Default command if none is provided (entrypoint will run this via gosu)
+CMD ["tail", "-f", "/dev/null"]

mcontainer/images/goose/README.md

@@ -0,0 +1,41 @@
+# Goose Image for MC
+
+This image provides a containerized environment for running [Goose](https://goose.ai).
+
+## Features
+
+- Pre-configured environment for Goose AI
+- Self-hosted instance integration
+- SSH access
+- Git repository integration
+- Langfuse logging support
+
+## Environment Variables
+
+| Variable | Description | Required |
+|----------|-------------|----------|
+| `LANGFUSE_INIT_PROJECT_PUBLIC_KEY` | Langfuse public key | No |
+| `LANGFUSE_INIT_PROJECT_SECRET_KEY` | Langfuse secret key | No |
+| `LANGFUSE_URL` | Langfuse API URL | No |
+| `MC_PROJECT_URL` | Project repository URL | No |
+| `MC_GIT_SSH_KEY` | SSH key for Git authentication | No |
+| `MC_GIT_TOKEN` | Token for Git authentication | No |
+
+## Build
+
+To build this image:
+
+```bash
+cd drivers/goose
+docker build -t monadical/mc-goose:latest .
+```
+
+## Usage
+
+```bash
+# Create a new session with this image
+mc session create --driver goose
+
+# Create with project repository
+mc session create --driver goose --project github.com/username/repo
+```

mcontainer/images/goose/entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+# Entrypoint script for Goose image
+# Executes the standard initialization script, which handles user setup,
+# service startup (like sshd), and switching to the non-root user
+# before running the container's command (CMD).
+
+exec /mc-init.sh "$@"

mcontainer/images/goose/init-status.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+# Script to check and display initialization status
+
+# Only proceed if running as root
+if [ "$(id -u)" != "0" ]; then
+    exit 0
+fi
+
+# Quick check instead of full logic
+if ! grep -q "INIT_COMPLETE=true" "/init.status" 2>/dev/null; then
+    # Only follow logs if initialization is incomplete
+    if [ -f "/init.log" ]; then
+        echo "----------------------------------------"
+        tail -f /init.log &
+        tail_pid=$!
+
+        # Check every second if initialization has completed
+        while true; do
+            if grep -q "INIT_COMPLETE=true" "/init.status" 2>/dev/null; then
+                kill $tail_pid 2>/dev/null
+                echo "----------------------------------------"
+                break
+            fi
+            sleep 1
+        done
+    else
+        echo "No initialization logs found."
+    fi
+fi
+
+exec gosu mcuser /bin/bash -il

mcontainer/images/goose/mc-image.yaml

@@ -0,0 +1,63 @@
+name: goose
+description: Goose AI environment
+version: 1.0.0
+maintainer: team@monadical.com
+image: monadical/mc-goose:latest
+
+init:
+  pre_command: /mc-init.sh
+  command: /entrypoint.sh
+
+environment:
+  - name: LANGFUSE_INIT_PROJECT_PUBLIC_KEY
+    description: Langfuse public key
+    required: false
+    sensitive: true
+
+  - name: LANGFUSE_INIT_PROJECT_SECRET_KEY
+    description: Langfuse secret key
+    required: false
+    sensitive: true
+
+  - name: LANGFUSE_URL
+    description: Langfuse API URL
+    required: false
+    default: https://cloud.langfuse.com
+
+  # Project environment variables
+  - name: MC_PROJECT_URL
+    description: Project repository URL
+    required: false
+
+  - name: MC_PROJECT_TYPE
+    description: Project repository type (git, svn, etc.)
+    required: false
+    default: git
+
+  - name: MC_GIT_SSH_KEY
+    description: SSH key for Git authentication
+    required: false
+    sensitive: true
+
+  - name: MC_GIT_TOKEN
+    description: Token for Git authentication
+    required: false
+    sensitive: true
+
+ports:
+  - 8000 # Main application
+  - 22 # SSH server
+
+volumes:
+  - mountPath: /app
+    description: Application directory
+
+persistent_configs:
+  - source: "/app/.goose"
+    target: "/mc-config/goose-app"
+    type: "directory"
+    description: "Goose memory"
+  - source: "/home/mcuser/.config/goose"
+    target: "/mc-config/goose-config"
+    type: "directory"
+    description: "Goose configuration"

mcontainer/images/goose/mc-init.sh

@@ -0,0 +1,180 @@
+#!/bin/bash
+# Standardized initialization script for MC images
+
+# Redirect all output to both stdout and the log file
+exec > >(tee -a /init.log) 2>&1
+
+# Mark initialization as started
+echo "=== MC Initialization started at $(date) ==="
+
+# --- START INSERTED BLOCK ---
+
+# Default UID/GID if not provided (should be passed by mc tool)
+MC_USER_ID=${MC_USER_ID:-1000}
+MC_GROUP_ID=${MC_GROUP_ID:-1000}
+
+echo "Using UID: $MC_USER_ID, GID: $MC_GROUP_ID"
+
+# Create group if it doesn't exist
+if ! getent group mcuser > /dev/null; then
+    groupadd -g $MC_GROUP_ID mcuser
+else
+    # If group exists but has different GID, modify it
+    EXISTING_GID=$(getent group mcuser | cut -d: -f3)
+    if [ "$EXISTING_GID" != "$MC_GROUP_ID" ]; then
+        groupmod -g $MC_GROUP_ID mcuser
+    fi
+fi
+
+# Create user if it doesn't exist
+if ! getent passwd mcuser > /dev/null; then
+    useradd --shell /bin/bash --uid $MC_USER_ID --gid $MC_GROUP_ID --no-create-home mcuser
+else
+    # If user exists but has different UID/GID, modify it
+    EXISTING_UID=$(getent passwd mcuser | cut -d: -f3)
+    EXISTING_GID=$(getent passwd mcuser | cut -d: -f4)
+    if [ "$EXISTING_UID" != "$MC_USER_ID" ] || [ "$EXISTING_GID" != "$MC_GROUP_ID" ]; then
+        usermod --uid $MC_USER_ID --gid $MC_GROUP_ID mcuser
+    fi
+fi
+
+# Create home directory and set permissions
+mkdir -p /home/mcuser
+chown $MC_USER_ID:$MC_GROUP_ID /home/mcuser
+mkdir -p /app
+chown $MC_USER_ID:$MC_GROUP_ID /app
+
+# Copy /root/.local/bin to the user's home directory
+if [ -d /root/.local/bin ]; then
+    echo "Copying /root/.local/bin to /home/mcuser/.local/bin..."
+    mkdir -p /home/mcuser/.local/bin
+    cp -r /root/.local/bin/* /home/mcuser/.local/bin/
+    chown -R $MC_USER_ID:$MC_GROUP_ID /home/mcuser/.local
+fi
+
+# Start SSH server only if explicitly enabled
+if [ "$MC_SSH_ENABLED" = "true" ]; then
+  echo "Starting SSH server..."
+  /usr/sbin/sshd
+else
+  echo "SSH server disabled (use --ssh flag to enable)"
+fi
+
+# --- END INSERTED BLOCK ---
+
+echo "INIT_COMPLETE=false" > /init.status
+
+# Project initialization
+if [ -n "$MC_PROJECT_URL" ]; then
+    echo "Initializing project: $MC_PROJECT_URL"
+
+    # Set up SSH key if provided
+    if [ -n "$MC_GIT_SSH_KEY" ]; then
+        mkdir -p ~/.ssh
+        echo "$MC_GIT_SSH_KEY" > ~/.ssh/id_ed25519
+        chmod 600 ~/.ssh/id_ed25519
+        ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null
+        ssh-keyscan gitlab.com >> ~/.ssh/known_hosts 2>/dev/null
+        ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts 2>/dev/null
+    fi
+
+    # Set up token if provided
+    if [ -n "$MC_GIT_TOKEN" ]; then
+        git config --global credential.helper store
+        echo "https://$MC_GIT_TOKEN:x-oauth-basic@github.com" > ~/.git-credentials
+    fi
+
+    # Clone repository
+    git clone $MC_PROJECT_URL /app
+    cd /app
+
+    # Run project-specific initialization if present
+    if [ -f "/app/.mc/init.sh" ]; then
+        bash /app/.mc/init.sh
+    fi
+
+    # Persistent configs are now directly mounted as volumes
+    # No need to create symlinks anymore
+    if [ -n "$MC_CONFIG_DIR" ] && [ -d "$MC_CONFIG_DIR" ]; then
+        echo "Using persistent configuration volumes (direct mounts)"
+    fi
+fi
+
+# Goose uses self-hosted instance, no API key required
+
+# Set up Langfuse logging if credentials are provided
+if [ -n "$LANGFUSE_INIT_PROJECT_SECRET_KEY" ] && [ -n "$LANGFUSE_INIT_PROJECT_PUBLIC_KEY" ]; then
+    echo "Setting up Langfuse logging"
+    export LANGFUSE_INIT_PROJECT_SECRET_KEY="$LANGFUSE_INIT_PROJECT_SECRET_KEY"
+    export LANGFUSE_INIT_PROJECT_PUBLIC_KEY="$LANGFUSE_INIT_PROJECT_PUBLIC_KEY"
+    export LANGFUSE_URL="${LANGFUSE_URL:-https://cloud.langfuse.com}"
+fi
+
+# Ensure /mc-config directory exists (required for symlinks)
+if [ ! -d "/mc-config" ]; then
+    echo "Creating /mc-config directory since it doesn't exist"
+    mkdir -p /mc-config
+    chown $MC_USER_ID:$MC_GROUP_ID /mc-config
+fi
+
+# Create symlinks for persistent configurations defined in the image
+if [ -n "$MC_PERSISTENT_LINKS" ]; then
+    echo "Creating persistent configuration symlinks..."
+    # Split by semicolon
+    IFS=';' read -ra LINKS <<< "$MC_PERSISTENT_LINKS"
+    for link_pair in "${LINKS[@]}"; do
+        # Split by colon
+        IFS=':' read -r source_path target_path <<< "$link_pair"
+
+        if [ -z "$source_path" ] || [ -z "$target_path" ]; then
+            echo "Warning: Invalid link pair format '$link_pair', skipping."
+            continue
+        fi
+
+        echo "Processing link: $source_path -> $target_path"
+        parent_dir=$(dirname "$source_path")
+
+        # Ensure parent directory of the link source exists and is owned by mcuser
+        if [ ! -d "$parent_dir" ]; then
+             echo "Creating parent directory: $parent_dir"
+             mkdir -p "$parent_dir"
+             echo "Changing ownership of parent $parent_dir to $MC_USER_ID:$MC_GROUP_ID"
+             chown "$MC_USER_ID:$MC_GROUP_ID" "$parent_dir" || echo "Warning: Could not chown parent $parent_dir"
+        fi
+
+        # Create the symlink (force, no-dereference)
+        echo "Creating symlink: ln -sfn $target_path $source_path"
+        ln -sfn "$target_path" "$source_path"
+
+        # Optionally, change ownership of the symlink itself
+        echo "Changing ownership of symlink $source_path to $MC_USER_ID:$MC_GROUP_ID"
+        chown -h "$MC_USER_ID:$MC_GROUP_ID" "$source_path" || echo "Warning: Could not chown symlink $source_path"
+
+    done
+    echo "Persistent configuration symlinks created."
+fi
+
+# Update Goose configuration with available MCP servers (run as mcuser after symlinks are created)
+if [ -f "/usr/local/bin/update-goose-config.py" ]; then
+    echo "Updating Goose configuration with MCP servers as mcuser..."
+    gosu mcuser /usr/local/bin/update-goose-config.py
+elif [ -f "$(dirname "$0")/update-goose-config.py" ]; then
+    echo "Updating Goose configuration with MCP servers as mcuser..."
+    gosu mcuser "$(dirname "$0")/update-goose-config.py"
+else
+    echo "Warning: update-goose-config.py script not found. Goose configuration will not be updated."
+fi
+
+# Run the user command first, if set, as mcuser
+if [ -n "$MC_RUN_COMMAND" ]; then
+    echo "--- Executing initial command: $MC_RUN_COMMAND ---";
+    gosu mcuser sh -c "$MC_RUN_COMMAND"; # Run user command as mcuser
+    COMMAND_EXIT_CODE=$?;
+    echo "--- Initial command finished (exit code: $COMMAND_EXIT_CODE) ---";
+fi;
+
+# Mark initialization as complete
+echo "=== MC Initialization completed at $(date) ==="
+echo "INIT_COMPLETE=true" > /init.status
+
+exec gosu mcuser "$@"

mcontainer/images/goose/update-goose-config.py

@@ -0,0 +1,106 @@
+#!/usr/bin/env -S uv run --script
+# /// script
+# dependencies = ["ruamel.yaml"]
+# ///
+import json
+import os
+from pathlib import Path
+
+from ruamel.yaml import YAML
+
+# Path to goose config
+GOOSE_CONFIG = Path.home() / ".config/goose/config.yaml"
+CONFIG_DIR = GOOSE_CONFIG.parent
+
+# Create config directory if it doesn't exist
+CONFIG_DIR.mkdir(parents=True, exist_ok=True)
+
+
+def update_config():
+    """Update Goose configuration based on environment variables and config file"""
+
+    yaml = YAML()
+
+    # Load or initialize the YAML configuration
+    if not GOOSE_CONFIG.exists():
+        config_data = {"extensions": {}}
+    else:
+        with GOOSE_CONFIG.open("r") as f:
+            config_data = yaml.load(f)
+            if "extensions" not in config_data:
+                config_data["extensions"] = {}
+
+    # Add default developer extension
+    config_data["extensions"]["developer"] = {
+        "enabled": True,
+        "name": "developer",
+        "timeout": 300,
+        "type": "builtin",
+    }
+
+    # Update goose configuration with model and provider from environment variables
+    goose_model = os.environ.get("MC_MODEL")
+    goose_provider = os.environ.get("MC_PROVIDER")
+
+    if goose_model:
+        config_data["GOOSE_MODEL"] = goose_model
+        print(f"Set GOOSE_MODEL to {goose_model}")
+
+    if goose_provider:
+        config_data["GOOSE_PROVIDER"] = goose_provider
+        print(f"Set GOOSE_PROVIDER to {goose_provider}")
+
+    # Get MCP information from environment variables
+    mcp_count = int(os.environ.get("MCP_COUNT", "0"))
+    mcp_names_str = os.environ.get("MCP_NAMES", "[]")
+
+    try:
+        mcp_names = json.loads(mcp_names_str)
+        print(f"Found {mcp_count} MCP servers: {', '.join(mcp_names)}")
+    except json.JSONDecodeError:
+        mcp_names = []
+        print("Error parsing MCP_NAMES environment variable")
+
+    # Process each MCP - collect the MCP configs to add or update
+    for idx in range(mcp_count):
+        mcp_name = os.environ.get(f"MCP_{idx}_NAME")
+        mcp_type = os.environ.get(f"MCP_{idx}_TYPE")
+        mcp_host = os.environ.get(f"MCP_{idx}_HOST")
+
+        # Always use container's SSE port (8080) not the host-bound port
+        if mcp_name and mcp_host:
+            # Use standard MCP SSE port (8080)
+            mcp_url = f"http://{mcp_host}:8080/sse"
+            print(f"Processing MCP extension: {mcp_name} ({mcp_type}) - {mcp_url}")
+            config_data["extensions"][mcp_name] = {
+                "enabled": True,
+                "name": mcp_name,
+                "timeout": 60,
+                "type": "sse",
+                "uri": mcp_url,
+                "envs": {},
+            }
+        elif mcp_name and os.environ.get(f"MCP_{idx}_URL"):
+            # For remote MCPs, use the URL provided in environment
+            mcp_url = os.environ.get(f"MCP_{idx}_URL")
+            print(
+                f"Processing remote MCP extension: {mcp_name} ({mcp_type}) - {mcp_url}"
+            )
+            config_data["extensions"][mcp_name] = {
+                "enabled": True,
+                "name": mcp_name,
+                "timeout": 60,
+                "type": "sse",
+                "uri": mcp_url,
+                "envs": {},
+            }
+
+    # Write the updated configuration back to the file
+    with GOOSE_CONFIG.open("w") as f:
+        yaml.dump(config_data, f)
+
+    print(f"Updated Goose configuration at {GOOSE_CONFIG}")
+
+
+if __name__ == "__main__":
+    update_config()