From 3a223c9e24bb9e4587676f7c746c4be0320688bb Mon Sep 17 00:00:00 2001 From: Alex Godoroja Date: Mon, 22 Jun 2026 14:17:59 -0700 Subject: [PATCH 1/2] catalogue: add io.pilot.smolmachines v1.2.0 (Smol Machines) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Publishes Smol Machines (the smolvm microVM engine) to the app store: - catalogue entry with per-platform bundles hosted in the Pilot R2 artifact registry (pilot-artifacts-prod), and the rich metadata.json (long description_md, methods, sizes). - short description → `appstore list`; long description_md → `appstore view`. ⚠️ catalogue.json changed, so catalogue/catalogue.json.sig MUST be regenerated with the release CATALOG_SIGN_KEY before merge (the embedded catalogtrust pubkey check rejects an unsigned/stale catalogue on every host). The private key is not committed — only the release pipeline / key-holder can sign. Co-Authored-By: Claude Opus 4.8 (1M context) --- .../apps/io.pilot.smolmachines/metadata.json | 66 +++++++++++++++++++ catalogue/catalogue.json | 33 +++++++++- 2 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 catalogue/apps/io.pilot.smolmachines/metadata.json diff --git a/catalogue/apps/io.pilot.smolmachines/metadata.json b/catalogue/apps/io.pilot.smolmachines/metadata.json new file mode 100644 index 00000000..522394e1 --- /dev/null +++ b/catalogue/apps/io.pilot.smolmachines/metadata.json @@ -0,0 +1,66 @@ +{ + "schema_version": 1, + "id": "io.pilot.smolmachines", + "display_name": "Smol Machines", + "tagline": "Fast, hardware-isolated microVMs on demand", + "description_md": "Smol Machines — the app-store front door for the smolmachines VM engine. It lets an agent spin up fast, hardware-isolated Linux microVMs on demand (sub-second boot, real hypervisor isolation — not shared-kernel containers), then run workloads in a disposable sandbox. Free to use. Portable .smolmachine artifacts run identically on macOS and Linux, locally or in the cloud.\n\nUse it to:\n- Run untrusted or AI-generated code safely, with networking off by default\n- Give an agent a real Linux shell — a stateful, isolated execution backend\n- Automate headless browsers (GPU-accelerated) for scraping, screenshots, and web tasks\n- Run GPU/compute jobs via Vulkan with container-like speed\n- Spin up disposable dev sandboxes — a clean VM per task, torn down after\n- Keep persistent dev VMs — installed packages survive restarts\n- Run CI-style jobs — build, test, lint in clean environments\n- Fan out parallel ephemeral workers thanks to sub-second boot\n- Analyze malware / suspicious files in a throwaway environment\n- Build once, run anywhere — same artifact local, cloud, or self-hosted\n\nDiscover the live method surface at runtime with smolmachines.help, which lists each method's parameters and latency class.", + "vendor": { + "name": "smol machines", + "url": "https://smolmachines.com", + "publisher_pubkey": "ed25519:3QJm6H6OdjtfrF+Es1lrRjfFmdtq2tGvVSWxia63vcI=" + }, + "homepage": "https://smolmachines.com", + "source_url": "https://github.com/smol-machines/smolvm", + "license": "Apache-2.0", + "categories": [ + "dev", + "virtualization", + "security" + ], + "keywords": [ + "microvm", + "sandbox", + "vm", + "isolation", + "gpu", + "ci" + ], + "size": { + "bundle_bytes": 5346146, + "installed_bytes": 9601119 + }, + "compat": { + "min_pilot_version": "1.0.0", + "runtimes": [ + "go" + ] + }, + "methods": [ + { + "name": "smolmachines.exec", + "summary": "Run any smolvm subcommand in a fast, hardware-isolated Linux microVM. Payload is {\"args\":[...]} — the verbatim smolvm argv. Command surface: `machine run` (ephemeral VM, one-off command), `machine create|start|exec|stop|delete|shell|status|ls|cp|update|monitor|prune` (persistent VMs; `exec` persists filesystem changes), `pack create|run` (portable .smolmachine artifacts), `serve` (HTTP API), `config`. Key flags: `--net` (networking is OFF by default), `--image `, `-v HOST:GUEST`, `-p HOST:GUEST`, `--gpu`, `--ssh-agent`, `--secret-env GUEST=HOST`. Example args: [\"machine\",\"run\",\"--net\",\"--image\",\"alpine\",\"--\",\"sh\",\"-c\",\"echo hi\"]. Not supported over IPC: interactive sessions (-it / `machine shell`) and long-running `serve`." + }, + { + "name": "smolmachines.help", + "summary": "Discovery: every method with params, kind, and latency class." + } + ], + "changelog": [ + { + "version": "1.2.0", + "notes": [ + "Released v1.2.0" + ] + } + ], + "links": [ + { + "label": "Source", + "url": "https://github.com/smol-machines/smolvm" + }, + { + "label": "Website", + "url": "https://smolmachines.com" + } + ] +} diff --git a/catalogue/catalogue.json b/catalogue/catalogue.json index eb17254c..b4437c6c 100644 --- a/catalogue/catalogue.json +++ b/catalogue/catalogue.json @@ -1,6 +1,6 @@ { "version": 2, - "updated_at": "2026-06-15T00:00:00Z", + "updated_at": "2026-06-22T21:30:00Z", "apps": [ { "id": "io.pilot.wallet", @@ -76,6 +76,37 @@ "bundle_sha256": "d970483e9cad84207f853d681cc810e954e236acd5e410b402880dc4d8304aa2" } } + }, + { + "id": "io.pilot.smolmachines", + "version": "1.2.0", + "description": "Smol Machines — spin up fast, hardware-isolated Linux microVMs on demand (sub-second boot, real hypervisor isolation) to safely run untrusted code, GPU tasks, or headless browser automation in a disposable sandbox.", + "display_name": "Smol Machines", + "vendor": "smol machines", + "license": "Apache-2.0", + "source_url": "https://github.com/smol-machines/smolvm", + "bundle_url": "https://pub-f09f9a4ea848491198d48e329ba030e3.r2.dev/bundles/io.pilot.smolmachines/1.2.0/io.pilot.smolmachines-1.2.0-linux-amd64.tar.gz", + "bundle_sha256": "44141c68524081f4ef6b439f4bb18e949b91900db1d93bf88c6178aaaac917e6", + "bundles": { + "darwin/arm64": { + "bundle_url": "https://pub-f09f9a4ea848491198d48e329ba030e3.r2.dev/bundles/io.pilot.smolmachines/1.2.0/io.pilot.smolmachines-1.2.0-darwin-arm64.tar.gz", + "bundle_sha256": "b6e6b1604b96939966e4fbe9daaa7f1a994e073e168a1be69c6be55498d3d62c" + }, + "darwin/amd64": { + "bundle_url": "https://pub-f09f9a4ea848491198d48e329ba030e3.r2.dev/bundles/io.pilot.smolmachines/1.2.0/io.pilot.smolmachines-1.2.0-darwin-amd64.tar.gz", + "bundle_sha256": "06835bbdfabe684bc302c75dbafcc27e820c462bde0bedfc7b78d6e2593443e8" + }, + "linux/arm64": { + "bundle_url": "https://pub-f09f9a4ea848491198d48e329ba030e3.r2.dev/bundles/io.pilot.smolmachines/1.2.0/io.pilot.smolmachines-1.2.0-linux-arm64.tar.gz", + "bundle_sha256": "1df2c5d0ff9b5ad1db4773278da4f52e60cd77fb9169955c5e81f316da610d3c" + }, + "linux/amd64": { + "bundle_url": "https://pub-f09f9a4ea848491198d48e329ba030e3.r2.dev/bundles/io.pilot.smolmachines/1.2.0/io.pilot.smolmachines-1.2.0-linux-amd64.tar.gz", + "bundle_sha256": "44141c68524081f4ef6b439f4bb18e949b91900db1d93bf88c6178aaaac917e6" + } + }, + "metadata_url": "https://raw.githubusercontent.com/pilot-protocol/pilotprotocol/main/catalogue/apps/io.pilot.smolmachines/metadata.json", + "metadata_sha256": "f43493f690786b8adbe1ac1072bbec0b0d04e05d9a247e7b14e5d36c4e397a3b" } ] } From 93c1cbd5bf9559a85d9529fb12488f498047fdd8 Mon Sep 17 00:00:00 2001 From: Alex Godoroja Date: Mon, 22 Jun 2026 15:10:27 -0700 Subject: [PATCH 2/2] catalogue: re-sign with the release key (Smol Machines entry) Co-Authored-By: Claude Opus 4.8 (1M context) --- catalogue/catalogue.json.sig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/catalogue/catalogue.json.sig b/catalogue/catalogue.json.sig index 35c50a30..35c78e00 100644 --- a/catalogue/catalogue.json.sig +++ b/catalogue/catalogue.json.sig @@ -1 +1 @@ -Q/l0OEbbuuEL5ViogHnrggis1OEUTK0YVKcCytFrLj0T9s0sB2fEo48GckCzopulC8cg+E9qZdl8Pk8VnpkGDw== +Qx9a3z30QrOgX1u4BTxqlXF2UkSJCmrg7va+0xAioJPNmCdjKlkoPz0QX4Gk6oIv5His+gqNi5a+ij31vHShAg==