Fixes #11168 (and other similar bugs).

See individual commits for details, there are two changes here:

• Include removed nested files in Changes.asPatch (this ensures that the changeset preview includes line counts of those files)
• Update handling of changeset previews with https://github.com/waigani/diffparser, which ensures proper mode detection, so that we correctly distinguish between new/deleted files.

Here's a little example. Before:

$ touch foo && mkdir foo.d
$ dagger...

Reapplies https://github.com/dagger/dagger/pull/10266.

This seems to have been removed in #10907, which sadly makes light mode unusable again.

What are you trying to do?

Export the Container image manifest and layers directly from the Dagger engine instead of the entire image tarball.

Related https://github.com/dagger/dagger/issues/4450 -- it would be very easy to implement Container.digest() on top of this functionality, I think.

Why is this important to you?

I'm working on a container registry that builds images on-demand as they are pulled, using Dagger as the image builder. Currently, I have to export the entire imag...

What are you trying to do?

When running a typescript modules which uses custom spans, the custom span does not appear in the trace viewer until it is done.

Considering the following code:

async unitTests() {
    const tracer = trace.getTracer(MyModule.name)

    await tracer.startActiveSpan('unitTests', async () => {
      const unitTest = await this.dockerfileTarget('tester');
      await unitTest.sync();
    })
  }

The unitTests span does not appear in the trace viewer u...

Fix Module._register so we add the enum once after building all members. Before this, only the first value (GO) ever showed up. Dropped in a Python integration test that introspects the module and expects all Language members, so we’ll catch it next time.

Thanks for starting this!

1. As you know I love the idea of splitting the SDK interface into smaller entrypoints with a simpler relationship between them.

2. I notice your proposed schema has moduleClientGen and generateClient, but then there's a comment saying we should merge them. Let's start with the ideal schema we want to arrive to (so, in this case, the schema with these two functions merged). Then we can separately talk about incremental steps to get there.

 # Initialize a module for the given module source
    moduleInit(
       modSource: ModuleSource!
    ): GeneratedCode!

What does this do exactly? And what's the difference with moduleScaffholdGen?

Maybe it would be useful to give a concrete listing of actual files produced by each function, in a typical case. Just so we can map these functions to a real example.

This issue is tracking follow-up improvements to #11034 .

• [ ] Allow expanding system env variables (currently disabled because of a caching issue)
• [ ] dagger --env-file to select an alternative filename
• [ ] dagger --no-env-file to disable local defaults entirely
• [ ] Don't inject defaults in dependencies by default. Make it a configurable opt-in
• [ ] Optimize caching (avoid edge cases where the same module source is re-evaluated several times because of different .env)
• [ ] When...

Problem

The new Changeset type is awesome, but lacks the ability to merge Changesets.

A workaround is possible, but requires applying all changesets to a common ancestor directory, then re-computing changes. This is unnecessarily verbose, and possibly less inefficient. It also requires access to a common ancestor, which is not always handy. I've had this problem in our own CI for SDK generation.

Solution

Implement Changeset.merge (name TBD).

Possible names:

• Changeset.merge...

Problem

dagger call can apply a Changeset returned by a function. But it can't apply an array of Changesets. This requires re-implementing boilerplate to merge them explicitly before returning them. It would be a nice convenience to not have to write that boilerplate.

Solution

When dagger call receives a []Changeset, it merges them (using #11189 ) and applies the combined result.

cc @eunomie is this compatible with #10584 ?

Also cc @kpenfound . How would this be affected by #11166 ? Would that require a new entrypoint to be added to this proposal? And if so, what?

In the current implementation it would go through the moduleInit interface described above

Problem

When calling Changeset.asPatch, the full contents of the patch is dumped to the TUI, making the output unnecessarily verbose.

When chaining it with File.contents (Changeset.asPatch().contents()) that gets dumped too, so it's double penalty.

Solution

I guess change the logging and/or TUI rendering behavior, to not dump the full contents in Changeset.asPatch, and maybe File.contents while we're at it?

Actually I don't know if thats true. The current GenerateModule interface has the schema introspection similar to generateClient in the proposal. More likely #11166 would fit in moduleScaffholdGen but I think that would also need the schema

Signed-off-by: Solomon Hykes

What is the issue?

I am trying to run a container from a private registry (auth'd through docker login before hand), and the engine is dying with a panic

Dagger version

dagger 0.19.0

Steps to reproduce

dagger core container from --address=$PRIVATE_REGISTRY/fastly/base-noble:latest terminal --cmd bash

-- Engine crashes (see logs output)

docker pull $PRIVATE_REGISTRY_URL/fastly/base-noble:latest works fine

Log output

time="2025-10-07T18:01:04Z" level=debu...

Fixes #11195

The terminal implementation was not providing a session group when creating new mounts. This meant that if an input mount was derived from a still-lazy private image, no auth was available and pulling the image would fail.

This was exacerbated by a missing check for err != nil, which meant we went ahead and tried to start the container even though all the mounts were nil, which crashed the engine.

Would like to add a test for this but gotta see what it will tak...

Adds a coding agent that for developing Dagger.

Instead of assuming all non-MCP server tools are ReadOnly, only consider them ReadOnly if they return something other than Env/Changeset. Otherwise, when calling a tool such as EditFile, only one of their results will "win."

Problem

Currently the PHP SDK is synchronous only.

Technical Details

PHP (as of 8.4) has no standard way to perform asynchronous calls.

PHP has Fibers which get you part of the way there. But working purely with those is a bit awkward and there are already several libraries that wrap this step in a neat bow for you. 🎀

The GraphQL library we are using, can integrate with [several librari...

What are you trying to do?

I'd like to use the Google Vertex APIs with Dagger. The Vertex APIs are different from Google's Gemini APIs in that they use the Application Default Credentials instead of a specific API key. The google.golang.org/genai package already being used in llm_google.go supports the Vertex APIs and a standard env var mechanism to inject them:

type ClientConfig struct {
	// Optional. API Key for GenAI. Required for BackendGeminiAPI.
	// Can also be set via t...

Extracting refactoring work from #11158, since some of these are useful (and I've wanted separately).

Also, it seems likely that the entire structure of that PR will change, so wanting to extract as much utility from that as possible.

Mostly changes to IDs and Services, so cc @vito

What are you trying to do?

Problem & Why

Dagger lacks direct support for apple/container v0.5.0, a native, high-performance container runtime on macOS.

• Performance Overhead: Requires Mac developers to use third-party runtimes (e.g., Docker Desktop) which rely on slower, non-native virtualization, slowing down local CI/CD workflows.
• Missing Native Features: Dagger cannot utilize key apple/container v0.5.0 features like optimized Named Volumes for persistent, f...

Clarify the locations for writing custom CA certificates on different operating systems.

I ran into this while trying to get my coworker's macOS machine set up with dagger.

Bumps the engine group with 23 updates in the / directory:

What is the issue?

In v0.19.1, when both +defaultPath and +ignore evaluate to an empty directory, dagger incorrectly passes the source of a random dependent module instead.

Dagger version

dagger v0.19.1 (image://registry.dagger.io/engine:v0.19.1) darwin/arm64/v8

Steps to reproduce

Run https://github.com/skycaptain/dagger-issue-defaultPath with v0.19.0 and v0.19.1 and watch output.

$ dagger version
dagger v0.19.0 (image://registry.dagger.io/engine:v0.19.0) darwin/arm6...

Problem

In our quest to make our CI module faster, version stands out as a source of slowness. It takes a long time to load, every time. Main culprits are:

1. Git operations
2. Uploading inputs every time, just to compute a digest

Solution

🤷‍♂️

Signed-off-by: Marcos Lilljedahl

Signed-off-by: Marcos Lilljedahl

Previously, the LLM/MCP implementation manually filled in arguments that had a @defaultPath annotation. This worked to some extent, but did not work if the module function then called another module that used contextual args - those would still just load from Host!

In other words, you'd end up with a call stack like this:

LLM
Dev(Env.workspace).test                      # WORKS
DaggerDev(Host.directory(...)).test          # BROKEN (stale data)
DaggerEngine(Host....

fixes an issue when the module source is a git@... url, where the ref
parsing would produce some incorrect information

Signed-off-by: Marcos Lilljedahl

Problem

Dagger takes a long time to load modules. As a result, every interaction with dagger starts with... waiting.
This makes the Dagger experience less delightful than it should be.

Solution

Find the lowest-hanging fruit for improving module load time, and pick it.
Rinse, repeat, until users spontaneously say "hey, Dagger feels much faster!"

This pulls Doug into our main repo, and uses it to implement Dev, an agent specificially for developing Dagger.

• Supersedes #11199
• Based on #11213

Usage:

dagger -m ./modules/dev call agent
> implement https://github.com/dagger/dagger/issues/11160

What is the issue?

System

• Python SDK (dagger-io==0.18.16)
• Matching Dagger Engine of 0.18.16

Description

I would like to exit my CI/CD pipeline early (or re-try) in the case that asService does not exit appropriately. I would assume there would be an exit_code() method exposed, similar to that of a Container object. However, this appears to not be the case.

The suggestion made in [this discord discussion,](https://discord.com/channels/707636530424053791/14262454389...

Fix various issues reported by users after shipping user defaults.

We need to bump to the latest go version in go.mod. But doing this requires that we also bump golangci-lint - which is a bit of a pain.

Fixes #11117.

Now, a module ref can include a pin. For example:

github.com/dagger/dagger@main:210bdce1068db4170b8cc5120d11d8ef8c81f755

This creates a contextual git ref where the ref=main and the commit=210bdce1068db4170b8cc5120d11d8ef8c81f755.

Also, fixes a bug where installing github.com/dagger/dagger@210bdce1068db4170b8cc5120d11d8ef8c81f755 would set ref=main, even though main wasn't specified anywhere. This was incorrect.

Rel #8402

This PR adds a withErrorMessage to dagger.Container and dagger.Directory objects.
If the argument sent to withErrorMessage is not empty, the error will be raised.

This is particularly useful to raise errors in a self chainable way, like when using with.

ctr = ctr.
	With(func(r *dagger.Container) *dagger.Container {
		ctr, ok = doSomething(r)
		if !ok {
			return r.WithErrorMessage("not ok")
		}
		return ctr
	})

A go specific withError ta...

fixes #11160

• [ ] Bikeshed API
  • Is "origin" too vague?
• [ ] Does this affect LLM's interpretation of a Changeset return value?

Updates the requirements on uv-build to permit the latest version.
Updates uv-build to 0.9.2

Release notes
Sourced from uv-build's releases.

0.9.2
Release Notes
Released on 2025-10-10.
Python

Add CPython 3.9.24.
Add CPython 3.10.19.
Add CPython 3.11.14.
Add CPython 3.12.12.

Enhancements

Avoid inferring check URLs for pyx in uv publish (#16234)
Add uv tool list --show-python (#15814)

Documentation

Add missing "added in" to new environment v...

Bumps the docs group in /docs with 4 updates: posthog-docusaurus, posthog-js, typedoc and @types/node.

Updates posthog-docusaurus from 2.0.4 to 2.0.5

Updates posthog-js from 1.271.0 to 1.275.1

Release notes
Sourced from posthog-js's releases.

posthog-js@1.275.1
1.275.1
Patch Changes

#2422 4e15fda Thanks @​pauldambra! - fix: possi...

Bumps the sdk-typescript group in /sdk/typescript with 6 updates:

Bumps the sdk-python-docker group with 1 update in the /modules/ruff/build directory: astral-sh/ruff.
Bumps the sdk-python-docker group with 2 updates in the /sdk/python/runtime directory: python and astral-sh/uv.

Updates astral-sh/ruff from 0.13.3 to 0.14.0

Release notes
Sourced from astral-sh/ruff's releases.

0.14.0
Release Notes
Released on 2025-10-07.
Breaking changes

Update default and latest Python versions fo...

Allow to export the introspection schema JSON for a module. This can be useful to debug engine/sdk features.

If you have a module initialized at my/module you can use it like:

host | directory 'my/module' | as-module | schema-json

For instance to get it on your host:

host | directory 'my/module' | as-module | schema-json | export schema.json

This if a follow up to #11229

• rename schemaJSON to introspectionSchemaJSON: more verbose, but it is exactly what we are providing here
• in addition to module, expose the introspectionSchemaJSON to moduleSource

It's now possible to:

host | directory . | as-module-source | introspection-schema-json | export schema.json

Note: contrary to my-dir | as-module, my-dir | as-module-source doesn't load yet the dependencies. But they are required to generate the s...

Dev + commit versions now are all v0.0.0 based. Less git manipulation = faster version computation.

TODO:

• [ ] Ensure v0.0.0 is not rejected by engines, and detected as a dev version.
• [ ] Make sure we have a better way of detecting dirty commits (or decide to not distinguish)

Bumps the engine group with 27 updates in the / directory:

remove core/file's File.Open func, which performs a call to ref.ReadFile which does a mount/unmount each time Read() is called. execInMount on the otherhand only performs a single mount.

What is the issue?

See https://discord.com/channels/707636530424053791/1427354533511696579.

I have a Debian Trixie-based container where I need to run ping as a non-root user. Running the image with Docker Desktop works:

$ docker run --rm -it myimage:latest ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.032 ms
^C
--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1061ms
r...

What is the issue?

I've just started having problems creating Dagger modules using dagger init. See the console log below for example, but this is happening whether the directory is empty, is a n empty Git project root, is non-empty with non-git files, or a non-empty git root directory.

This is on Docker for Mac on sillicon hardware.

Dagger version

dagger v0.19.2 (image://registry.dagger.io/engine:v0.19.2) darwin/arm64/v8

Steps to reproduce

 11:28:00 ~
$ cd src/play...

TODO:

• [ ] Tests

This deprecates the config.Blueprint: *Module in favor of config.Blueprints: []*Module.

If I have the following blueprints:

• Name: Go, Functions: [Build, Lint]
• Name: Npm, Functions: [Build, Lint]

and I install only Go:
I can dagger call build or dagger call lint.

If I install both Go and Npm, I can:

• dagger call go build
• dagger call npm lint
• ...

To install blueprints, I can first dagger init --blueprint , and then later dagger blueprint add to add ...

What is the issue?

I'm setting up a simple Dagger function that opens runs Playwright UI mode as a service and as soon as I start using it, HTTP calls stop working.

The exact same setup works perfectly with Docker.

Here's a repro repo: https://github.com/andrestone/dagger-network-issue-repro

Dagger version

v0.19.2

Steps to reproduce

Follow instructions in the repro repo.

Log output

No response

This doesn't seem like it should be here...

What happened? What did you expect to happen?

What am I doing wrong? 😅

For "reasons", some of our engineers have started looking at apple containers to replace their colima/podman (90% of our team uses apple laptops, so naturally they will eventually look for the "native" container runtime).

I just tried to run dagger with apple containers under the hood, and I'm seeing some issues (which were reported from a couple of our engineers, hence I'm looking at.. ). Maybe is my setup or any...

When we provision engine, we try to always 'start' existing container before to check the state of the container.
This works well with Docker as a 'docker start' on an already existing and started container has no impact.

But with apple containers, to 'container start' an already existing container will stop and remove the container.

Instead, check the running status of the container, and if the container is already running, to not attempt to start it.

That way, from one call to the...

😢

func (m *Foo) Test(arg dagger.BuildArg) string {
	return arg.Name
}

$ dagger call test
▼ load module: . 7.5s ERROR
! failed to get schema: failed to get schema for module "foo": failed to create
  function "test": find mod type for function "test" arg "arg" type: "FooBuildArg!"
├╴✔ finding module configuration 0.3s
├╴✔ initializing module 7.2s
╰╴✘ inspecting module metadata 0.0s ERROR
  ! failed to get schema: failed to get schema for module "foo": failed to
    create func...

On dagger call, with -y or --auto-apply, returned changeset will be automatically applied without to ask the user.

For instance

dagger call -y build

Bumps the sdk-java group in /sdk/java with 3 updates: io.smallrye:smallrye-graphql-client-api, io.smallrye:smallrye-graphql-client-implementation-vertx and org.codehaus.mojo:exec-maven-plugin.

Updates io.smallrye:smallrye-graphql-client-api from 2.15.0 to 2.16.0

Updates io.smallrye:smallrye-graphql-client-implementation-vertx from 2.15.0 to 2.16.0

Updates io.smallrye:smallrye-graphql-client-implementation-vertx from 2.15.0 to 2.16.0

U...

Bumps the sdk-typescript group with 9 updates in the /sdk/typescript directory:

Bumps the docs group in /docs with 12 updates:

Bumps the sdk-elixir group in /sdk/elixir with 1 update: credo.

Updates credo from 1.7.12 to 1.7.13

Release notes
Sourced from credo's releases.

1.7.13
Check it out on Hex: https://hex.pm/packages/credo/1.7.13

Fix compatibility & compiler warnings with Elixir 1.19
Credo.Check.Refactor.ABCSize fixed false positive

Changelog
Sourced from credo's changelog.

1.7.13

Fix compatibility & compiler warnings with Elixir 1.19
Credo.Check.Refactor.AB...

Bumps the sdk-python-docker group with 1 update in the /modules/ruff/build directory: astral-sh/ruff.
Bumps the sdk-python-docker group with 1 update in the /sdk/python/runtime directory: astral-sh/uv.

Updates astral-sh/ruff from 0.14.0 to 0.14.1

Release notes
Sourced from astral-sh/ruff's releases.

0.14.1
Release Notes
Released on 2025-10-16.
Preview features

[formatter] Remove parentheses around multiple exception...

Bumps the engine group with 28 updates in the / directory:

Both of these aren't really relevant.

Use PHPStan in the PHP SDK Dev module to perform static analysis on the SDK.

• repro: inner env files not allowed to use module name as prefix?
• clean integration tests code
• repro: user defaults dont work well whem module name has a dash
• EnvFile.Namespace: expose API, tests

NOTE: this PR depends on #11161

In this PR, we don't add or remove any CI checks. We merely rename one, to make its purpose more clear.

See the comments for more :)

When loading a module on a remote engine, filesync can take a while. In default verbosity, that filesync is hidden from TUI, so it looks like everything is completed, and the dagger call is just hanging. You have to increase verbosity to find out that there are unfinished upload/filesync spans.

Fixes an issue raised by @tibor about module execution. npm ci would lead to a failure if the package.lock is out of date. That can happen for old modules that haven't been updated.

This can also happen for other package managers so we also disable it.

Benchmark shows a performance drawback of 3% with that changes. It's acceptable

Benchmarks

Yarn

                                        │ .ts-missmatch-main/node-yarn.txt │   .ts-missmatch-dev/node-yarn.txt   │
  ...

• Remove unnecessary abstractions: "checks router", "sdk all"..
• Use new Changeset type for Generate() and Bump()
• Streamline use of errgroups and custom spans, with 'parallel' utility
• 'generate' also generates github actions config and changelog
• New convention: prefix checks with 'check-'
• 'check-lint' runs all linters, not just core go linter
• Remove dirdiff module (deprecated by Changeset)
• Move non-linting checks out of lint functions
• Simplify github actions generated config sl...

This is in preparation for, and to help the design of, an upstream feature that will natively recognize checks in this way.

Haven't sunk any time figuring out a repro for this, but seems obviously wrong from a look at the code.

Goals

• [ ] Uploading changes from local state
• [ ] Saving and loading LLM sessions
• [ ] (Auto-)compacting message history

WARNING: Breaking changes

LLM.loop is now required to actually initiate the LLM loop. Previously it
was "lazy" and happened when you requested the last reply, but that pattern
required the LLM object to update in-place, whereas now we want an ID returned
that includes the message history.

This fixes test failures introduced in a460cd6efc5263115626499d1cecc56f9003262a

draft while I check CI is happy with this

Seems to make an absurd difference in init times, before + after

Additional changes:

• Pin Typescript dep to v5.9.3 so we always download the same version
• Remove register typedef from ts runtime entrypoint
• Remove file loading when introspecting
• Remove unused functions

Before and after comparison

Fixes #11107.

We previously added a fix for diffing identical directories. However, this only worked if both of those directories were at the root (dir=/). If they weren't (dir=/subdir), then this would cause a failure on any subsequent operation.

Follow-up to https://github.com/dagger/dagger/pull/11161

This wasn't working, and was a pain to track down. I only found this while working on an API change, and discovered that dagger generate had entirely stopped working.

• generateClient was somehow accidentally creating files in sdk/php/sdk/php instead of just sdk/php. We fix the path manipulation, and now get the right path.
• generateDocs was comparing an empty directory, making the changeset think that all these file...

I ended up wanting this when playing with PARC / scale-out things.

Note - this can't actually be called from a module, since it's one of the blocked APIs. But it's still useful!

This was already getting a bit unwieldy as we've been gradually adding
bits and bobs to the protocol, and it was also used to represent all
forms of modification.

Refactored into an IDOpts pattern, and added ID.With(...IDOpts) for
applying selective modifications to an ID, rather than having to
re-Append from its receiver.

Signed-off-by: Alex Suraci

Bumps the sdk-python-docker group with 1 update in the /modules/ruff/build directory: astral-sh/ruff.
Bumps the sdk-python-docker group with 2 updates in the /sdk/python/runtime directory: python and astral-sh/uv.

Updates astral-sh/ruff from 0.14.0 to 0.14.1

Release notes
Sourced from astral-sh/ruff's releases.

0.14.1
Release Notes
Released on 2025-10-16.
Preview features

[formatter] Remove parentheses around multip...

Bumps the sdk-typescript group with 12 updates in the /sdk/typescript directory:

The inverse of Ctrl+S: this allows the user to make changes out-of-band and then sync them efficiently into the env workspace.

To do this efficiently, the CLI tracks an mtime representing the last time that data was synced (in either direction). Then, when the user presses Ctrl-U, we walk the directory and only upload paths with an mtime past the last sync.

• [ ] Test

TODO

• [x] Resurrect SelectID
• [ ] Store Runtime in a callID

This PR introduces:

• Abstraction named volume, which is the volume mount, mounted from the engine.
• New API providing SSHFS mount, passing down required data for the engine to mount the sshfs, which can later be used as a volume
• Changes to the engine allowing host mounts

Important points:

1. Dagger is built with the sshfs and fuse packages. (Should this dependency always be included since it would require starting the engine with certain permissions that might be too permissive for...

What is the issue?

My code:

@object_type
class DemoCi:

    @function
    async def build_container(
            self,
            
    ) -> dagger.Container:
        """build container from host image"""
        if hasattr(dag, 'host') and callable(getattr(dag, 'host')):
            print("dag have host method")
        else:
            print("dag not have host method")
        container = dag.host().container_image("fastapi-demo:v5")

I run:

dagger call build-co...

This will allow passing images from the local store into a dagger function.

For the sake of cross-CI portability, we should sever our dependency on Github as a secrets manager. Since we already use 1password, and Dagger supports that natively... The answer is obvious: migrate to 1password.

What are you trying to do?

The docs for assisted injection state the user must define the assisted injection factory manually. Example:

@AssistedFactory
public interface FooFactory {
  Foo create();
}

In some circumstances this formulaic interface could be generated for the user, similar to how AutoFactory generates the factory class based on the constructor of the target class. As there are circumstances where this is not ...

Problem

There is a buildkit feature that Dagger can't currently replicate: the ability to dynamically change the upload filter on a local directory.
There's a good reason for that: it breaks our caching model. If dagger can't tell in advance which parts of a local directory your function will need to read, it has to invalidate your function cache if any file in that directory changes. This has implications for caching that are difficult to even reason about, and so far it hasn't been wo...

Problem

When computing a diff with Directory.changes, I can't specify which paths to include or exclude in the comparison.
This makes it more painful to eg. execute codegen commands and discard known side effects, for example cache files, intermediary artifacts etc.

I've had to develop my own wrapper for this purpose:

// Return the changes between two directory, excluding the specified path patterns from the comparison
func changes(before, after *dagger.Directory, exclude []...

A little papercut I ran into; the intent is to only error on required args, and it handled // +defaultPath but not // +default.

At one point I had added content hashing of git module sources, which is great because it means that different commits from the git repo that don't modify the actual module source can all share cache.

Later, I removed the lines doing that because there was some content hashing happening in the git API itself. However, that content hashing is only happening in some cases, so we actually just dropped the nice extra caching for many scenarios.

This re-adds the content hashing in the module...

What is the issue?

Sometimes the engine stops working with error messages like this:

Error: failed to load cache key: no active session for ja13ul8z8qvjxt376vmkvzvvs: context deadline exceeded

Looking at the engine logs, I've noticed two things:

1 - The first appearance of the error message always occurs after the same other log message:

time="2025-10-24T05:36:55Z" level=debug msg="checked for cached auth handler namespace" cached=true key="docker.io/library/node::pull" n...

On the gitlab free tier, they only last 1 year

We see quite a few flakes around missing sessions in the midst of dagop. It's always when integ tests are running in parallel and a lot that are sharing a step will hit the same error.

I think it may be a timing thing where the client metadata stored in an op is cached in dagql, then the unlazy happens later with timing such that the stored client metadata is okay at first but becomes invalid later due to the session it was from disconnecting.

Instead, I think we should just always use ...

Since #11161 the worktree now includes .changes/ (as it has been added as a dependency inside the top-level dagger.json), which impacts the go sdk git rewrite.

The way the Go SDK publish job rewrites history is:

git filter-branch -f --prune-empty \
  --subdirectory-filter sdk/go/ \
  --tree-filter 'if [ -f go.mod ]; then go mod edit -dropreplace github.com/dagger/dagger; fi' -- HEAD

and now fails on merge 7383ddd9a17c2fa5ec6c35fec1e406dd87ad74d9 with `error: Entr...

Adds two pretty low-level APIs to LLM for clearing either system prompts or user messages. The compaction dance uses both: first we swap out the system prompt, since the compacting agent is single-purpose, and then we swap out the user messages with the prompt returned by the compacting agent.

The compacting agent is implemented in the CLI at the moment. An earlier iteration had this directly implemented by the API (LLM.compact) but this setup gives us a bit more flexibility without re...

• avoids the need to track state in MCP
• allows LLM to query by span ID after-the-fact
• support an LLM running N tools in parallel and querying the logs for any of them, not just the last one

A small change splitting out from #11264

Bumps the sdk-java group with 4 updates in the /sdk/java directory: io.smallrye:smallrye-graphql-client-api, io.smallrye:smallrye-graphql-client-implementation-vertx, io.vertx:vertx-web-client and org.codehaus.mojo:exec-maven-plugin.

Updates io.smallrye:smallrye-graphql-client-api from 2.15.0 to 2.16.0

Updates io.smallrye:smallrye-graphql-client-implementation-vertx from 2.15.0 to 2.16.0

Updates `i...

Bumps the docs group in /docs with 2 updates: posthog-js and @types/node.

Updates posthog-js from 1.276.0 to 1.280.1

Release notes
Sourced from posthog-js's releases.

posthog-js@1.280.1
1.280.1
Patch Changes

#2492 2b13291 Thanks @​pauldambra! - fix: extendUrlParams should always replace unless the caller says otherwise

#2491 130c9e0 Thanks @​pauldambra! - fix: correctly...

Bumps the sdk-elixir group with 2 updates in the /sdk/elixir directory: credo and ex_doc.

Updates credo from 1.7.12 to 1.7.13

Release notes
Sourced from credo's releases.

1.7.13
Check it out on Hex: https://hex.pm/packages/credo/1.7.13

Fix compatibility & compiler warnings with Elixir 1.19
Credo.Check.Refactor.ABCSize fixed false positive

Changelog
Sourced from credo's changelog.

1.7.13

Fix compatibili...

Bumps the sdk-python-docker group with 1 update in the /modules/ruff/build directory: astral-sh/ruff.
Bumps the sdk-python-docker group with 1 update in the /sdk/python/runtime directory: python.

Updates astral-sh/ruff from 0.14.1 to 0.14.2

Release notes
Sourced from astral-sh/ruff's releases.

0.14.2
Release Notes
Released on 2025-10-23.
Preview features

[flake8-gettext] Resolve qualified names and built-in bindings (INT001, INT002, INT003) (#19045)
...

Bumps the engine group with 8 updates in the / directory:

In our publishing flow we create dagger-go-sdk and dagger-php-sdk repos that include the contents of sdk/go/ and sdk/php/ respectively. To create these, we were using git-filter-branch.

According to the git docs:

git filter-branch has a plethora of pitfalls that can produce
non-obvious manglings of the intended history rewrite (and can leave you
with little time to investigate such problems since it has such abysmal
performance). These safety and performance issues ...

After a dagger init --sdk=python or a dagger develop on a python module, do not return the sdk/python/runtime files as part of the generated code.
Those files are not necessary for the python module itself, they are only necessary to build the python SDK on the engine side.

This helps to keep the user module code cleaner and more understandable.

Before:

$ tree
.
├── dagger.json
├── LICENSE
├── pyproject.toml
├── sdk
│   ├── codegen
│   │   ├── pyproject.toml
│   │...

By porting frequently imported modules, or even SDKs, to dang, we can make their downstream modules faster.

To make the most of the performance boost, though, we need to embed a dang interpreter directly in the engine. This removes the overhead of the Go runtime altogether.

This PR contains a lot of improvements for the TypeScript SDK module support (ModuleRuntime / Codegen)

I may then split that into multiple PRs (or not), but this is a global PR so I can easily share my discovery.

TODO

• [ ] ModuleRuntime
  • [x] Bun
  • [ ] Deno
  • [ ] Node
• [ ] Codegen
  • [ ] Bun
  • [ ] Deno
  • [ ] Node

Changes

• Make the step as stateless as possible so we can:
  • Run them in parallel (for example generating the SDK bindings, installi...

Enable moduleTypes for python SDK so that module types can be loaded before the runtime.

Fixes 6 issues detected during static analysis.

Each issue fixed as a separate commit, but since they're fairly small changes anyway you can probably just review it as a whole.

Not to worry, it's never been asked of me at least.

I checked the code for Doctum (the library generating the code). There is no config for line numbers.

There's nothing I can do to fix it quickly in this PR.

In a separate PR: Swapping libraries may be the best solution, I'd be quite tempted to try phpDocumentor which seems to be a more mature libra...

Dagger as a native File API, and a native JSON API, but it can't connect them directly. Clients have to 1) retrieve the contents of the file, 2) send the contents back to a JSON object. It would be more efficient (and less verbose) to allow File.asJSON.

Docs for https://github.com/dagger/dagger/pull/10975

adds OTel spans for filesync uploads. This providers better visibility
into what's effectively being uploaded to the context. It only reports
root paths given that in most cases this will otherwise produce a very
large amount of spans which will put a lot of pressure on the tracing
backend.

We're also collecting the amount of written bytes as well as a the total
duration for each root path

Signed-off-by: Marcos Lilljedahl

In addition to installing a toolchain, a user might need to configure it.
This should be done with the CLI eg. dagger toolchain config and backed by fields in dagger.json

Dagger can natively load .gitignore and apply its rules to filter host directories pre-upload.

This feature is disabled by default, and can be enabled as an argument to Host.directory().
But, it can NOT be enabled by a function to specify pre-call filtering on its own arguments...
In other words, we are missing +gitignore (or +ignore="git")

What is the issue?

AsModule fails on certain modules.

▼ Container.withExec(
  ┆ args: ["codegen", "generate-typedefs", "--module-source-path", "/src/docs/current_docs/cookbook/snippets/set-common-default-path/go", "--module-name", "my-module", "--introspection-json-path", "/schema.json", "--output", "typedefs.json"]
  ┆ experimentalPrivilegedNesting: true
  ┆ execMD: "{\"ClientID\":\"84vv2g9f8b7zfiv4oum5cu94r\",\"SessionID\":\"\",\"SecretToken\":\"\",\"Hostname\":\"\",\"ClientStable...

Context

In #11267, Tom changed resolveParameterDefaultValue to lean entirely on the TypeScript TypeChecker. That dropped the old object-based lookup we had for ModuleTypes.

The unintended consequence

This is generally not a problem, as, at runtime, everything is properly resolved.

However, my deprecation PR needs to have a static resolving of all enum defaults (to distinguish omittable mandatory args [args with defaults values, variadics], with the others) to ...

dag-op is using FileOp as a base, which enables content hashing of all inputs by default.

This is extremely expensive in terms of CPU time, disk reads, memory, etc. It also serves no purpose anymore (that I can see) because we now ensure all inputs to dag-ops have their dagql ID digest mixed into the op's cache key.

This had been getting MUCH worse recently because we've been porting more and more ops to dag-op. I think in particular withDirectory was especially painful because it res...

Close ##11312 (eventually)

Not ready, but a quick test of trying a different documentation generator for PHP

some modules in doc were referencing dagger package as

dagger/my-module/...

but the go.mod files declare

module main

so dagger package can't be found

fixes #11318

Following up from https://github.com/dagger/dagger/pull/11073.

It seems like this is universally the wrong behavior to me.

1. Cache performance is just weird. The cache key of a git checkout will have to mutate to account for any tag change in the repo, regardless of whether it's used.
2. The logic is hugely complex, and was badly handled. It was possible that the checked out repo tags didn't match the result of .Tags

Problem

Nightly builds publish main builds of Dagger as usable releases. But the publishing process is slightly different, which requires special cases in the build scripts, and even in the CLI code.

Solution

Change how we publish nightly builds, to be more like stable releases. This will allow simplifying the release toolchain, and the CLI code. It will also remove complicated coupling between the two, thus making the whole system simpler.

Specifically:

• Instead of publishing...

:warning: Requires https://github.com/dagger/dagger/pull/11324.

pprof mutex profiles show the engine's goroutines spending an enormous amount of time blocked waiting for various mutexes, mostly from buildkit's worker storage (that manages refs + associated metadata). A 60s profile has shown as much as 1.4h of delay.

Seeing what happens in practice when we reduce that contention. It's hard to predict the end effect on actual wall time, but a few local runs of our integ tests have been pretty promising, so seeing what happens in CI.

What is the issue?

I have a simple module which builds an image and publishes it to ECR. I've also configured it to export the layer cache using _EXPERIMENTAL_DAGGER_CACHE_CONFIG. However, with this configured, it appears that the cache exporter exceeds the timeout window, causing the call to fail with:

ERR cleanup failed msg="close dagger session" err="shutdown: do shutdown: Post \"http://dagger/shutdown\": context deadline exceeded" duration=41.927581741s
Error: cleanup failed: ...

working on a fix for #10992

Plundered from https://github.com/dagger/dagger/pull/11158.

When creating a listener on the host, it was possible that we could leave a dangling connection.

If somehow we failed to dial the connection, or we failed to read or write info from the connection, we just abandoned the connection and left it in an open state. This seems to be an oversight.

I encountered this originally when I misconfigured a service without a healthcheck and tried to connect to it immediately. The container...

Should fix the failing scan on main, failing from https://avd.aquasec.com/nvd/2025/cve-2025-58187/.

Replacement for https://github.com/dagger/dagger/pull/11158. See https://github.com/dagger/dagger/issues/10895#issuecomment-3468452009.

This patch is a quick WIP hack to show how the parts should work together: it should be enough to bikeshed a bit more, and for some one else to pick up this work (I'm not gonna be around to complete it).

Essentially, we introduce a new Watcher type. It can be constructed from Host.watcher, can be filled from defaultPath and can be passed as an arg...

Also includes bumping all the dagger.json's to not disable function caching and annotate some functions here and there:

• publish-related functions are cache per session
• I also annotated some of the test functions as cache per session because we often want to re-run the same test repeatedly (i.e. for a flake)
  • this works for now, but wondering if there's a better way of approaching this such as allowing a function with a cache annotation to have that behavior overridden at runtime 🤔

With the bundled python SDK, uv and uvx are packaged inside the engine. In that case we don't need to pull an image to get those tools.

Only pull the image if it's required. On my machine this saves almost 1.5s.

If uv and uvx are not found in the dist (bundled) directory, pull the image as usual.

The benefit is really on the first call. Otherwise the image would be cached. But the first call is still very important as it's creates a first impression.

This changes also mo...

Disabling sync in both bk+containerd boltdbs makes an absurd difference in execution time for me locally (9m for TestModule vs over 30m previously).

Very curious to see the impact in CI. Disk performance, filesystem, etc. are obviously all big factors in this, so want to see if it's as dramatic on our CI infra.

Either way, clearly worth pursuing. Will require we upgrade to containerd v2 to be able to customize these settings, for now just cp -r'd it in to while testing.

Generally s...

This is probably a worthwhile chore, but immediate motivation is to support https://github.com/dagger/dagger/pull/11336 since v2 allows us to customize bbolt configuration and reap performance benefits

What are you trying to do?

From https://docs.dagger.io/extending/function-caching/

We should find the way to put cache option to the defn to enable cache TTL.

Why is this important to you?

No response

How are you currently working around this?

No response

Bumps the engine group with 10 updates in the / directory:

It's just a small typo I noticed while trying to understand #11328. I think this is supposed to be init (since the error is returned from the initServer function.

What happened? What did you expect to happen?

Currently, when a SDK is registering the types and functions exposed by a module, the SDK is doing this using the engine version declared by the user module and not by the SDK module.

This is currently required for backward compatibility regarding enums: to allow a module declaring an engine version lower than v0.18.11 to work with the legacy enum values even if the engine is running a more recent version.

But maybe that's wrong and we sh...

Bumps the sdk-java group in /sdk/java with 2 updates: com.jayway.jsonpath:json-path and org.junit:junit-bom.

Updates com.jayway.jsonpath:json-path from 2.9.0 to 2.10.0

Release notes
Sourced from com.jayway.jsonpath:json-path's releases.

json-path-2.10.0
What's Changed

Bumps dependency versions by @​kallestenflo in json-path/JsonPath#1057

net.minidev:json-smart:2.6.0
org.slf4j:slf4j-api:2.0.17
com.goo...

Bumps the sdk-typescript group in /sdk/typescript with 4 updates: graphql, tar, @types/node and eslint.

Updates graphql from 16.11.0 to 16.12.0

Release notes
Sourced from graphql's releases.

16.12.0
v16.12.0 (2025-11-01)
New Feature 🚀

#4482 Implement changes for executable descriptions (@​JoviDeCrooc...

Bumps the docs group in /docs with 3 updates: posthog-js, sass and @types/node.

Updates posthog-js from 1.280.1 to 1.284.0

Release notes
Sourced from posthog-js's releases.

posthog-js@1.284.0
1.284.0
Minor Changes

#2529 882d823 Thanks @​MattBro! - feat(surveys): add URL prefill and auto-submit support
Surveys can now be prefilled and a...

Bumps the sdk-python-docker group with 1 update in the /modules/ruff/build directory: astral-sh/ruff.
Bumps the sdk-python-docker group with 1 update in the /sdk/python/runtime directory: astral-sh/uv.

Updates astral-sh/ruff from 0.14.2 to 0.14.3

Release notes
Sourced from astral-sh/ruff's releases.

0.14.3
Release Notes
Released on 2025-10-30.
Preview features

Respect --output-format with --watch (#21097)
[pydoclint...

updates docs so that they use directory.dockerbuild instead of the
deprecated container.build method.

Signed-off-by: Marcos Lilljedahl

Close #11312

The previous library (Doctum) has no configuration for avoiding line numbers. This is an issue as it causes unnecessary churn during code reviews.

This PR replaces Doctum with PHPDocumentor, and then customizes the output to minimize the docs to the bare necessities. :bear:

It should make the diffs smaller, as well as a few customization tweaks to make the docs fit more nicely with Dagger's current theme.

Signed-off-by: Marcos Lilljedahl

In order to improve and formalize jumping into the context of the SDKs runtimes, this commit adds an option to the dagger.json (easiest option) to jump into the container runtime.

It's a good DX loop to work on the auth:

1. Just add a debug: true field -->

 {
    "name": "dagger-dev",
    "engineVersion": "v0.19.4",
    "sdk": {
     "source": "go",
    "debug": true
  }
}

2. Then, call any dagger function (any return types will work). You will j...

There's a bug w/ function caching in the following scenario:

Say there's 3 functions like A calls B calls C. C uses a context dir arg. Then on a subsequent run A is cache invalidated but B + C are cached. The problem is the contextual dir arg to C was never loaded and A sees it from the cached result and tries to load it but does so from its context, which is different than the original host.

So you get various errors along the lines of not being able to load a path because it's missing...

Problem

When running dagger call from a local module, filesync operations (Host.directory()) are triggered by loading modules, loading contextual directories... These filesync operations are "orphaned": they don't appear as children of a top-level span. Combined with the fact that they are hidden by default... the result is a frequent illusion of nothing happening, when in fact a lengthy filesync is underway.

What are you trying to do?

See https://github.com/dagger/dagger/pull/11071#pullrequestreview-3411250888

Why is this important to you?

No response

How are you currently working around this?

No response

Context

The dagger.json file’s "sdk" key provides a convenient channel for passing configuration data from the SDK layer down to the engine.

This PR adds a debug flag to the core schema, binding it to the SDK config. It doesn’t enable debugging yet, just sets up the plumbing and cache-busting needed for the debug flow (PR #11349).

Example:

{
  "name": "dagger-dev",
  "engineVersion": "v0.19.4",
  "sdk": {
    "sou...

this is useful particularly in the cases where the trace is started from
the SDK which currently results in a generic span name like "dagger
session...."

Signed-off-by: Marcos Lilljedahl

Introduce a new ast parser for python that parses the code to convert them to dagger types. This is used by moduleTypes SDK function. Contrary to the code used to call functions that is loading the user module code, this parser never load the code, it only analysis it for objects, functions, etc. That way this will still work even if the code contains unresolved dependencies, like when using self calls.

For performances reasons, the tool doing the registration of the types is bundled in ...

This fixes a bug where directory.Exist failed to resolve an absolute symlink relative to the mounted filesystem, but instead escaped the mounted filesystem and incorrectly referenced / on the host's filesystem.

Fixes #11325

[!NOTE]
Implemented using Doug

Summary

Successfully implemented the changes to simplify nightly builds by using version strings instead of git commit tags. This removes the distinction between "version" and "tag" in the build and publishing process.

Changes Made

1. Removed Tag Variable from Engine Package ( engine/version.go )

• Removed the engine.Tag variable that was previously filled at link-time
• Only engine.Version remains, which s...

Signed-off-by: Marcos Lilljedahl

Closes https://github.com/dagger/dagger/issues/11316

We've seen in CI some SQLITE BUSY errors popping up again in the telemetry client dbs. It's possible (but far from confirmed) that other performance improvements may be resulting in us writing to those dbs faster and thus making it easier to hit that error.

Trying out a bump of the timeout to see if it helps in the short term.

When calling a dagger function in the CLI (dagger call), the result of File.contents is printed to the screen by default, which results in too much output. Example:

Bumps the engine group with 16 updates in the / directory:

There appears to have been a long-standing issue with dagger develop --recursive when your top-level module has a custom name for the dependency (it overwrites the dagger.json of the dep with that name, which isn't correct). Has existed for as long as --recursive has existed I believe.

This fixes the generated dagger.json to use the correct original name.

We currently run git ls-remote on every NewGitRepository, without any cache. This operation takes on average ~0.7s, and should be optimized a bit more.

This commit introduces a session-level caching on this step, meaning that multiple Remote() calls with a different dag.Git(ref, options) leading to the same ref to be cached.

This is the first step towards re-lazyfying git operations

The changelog generation incorrectly marked me as an external contributor during the last release: https://github.com/dagger/dagger/blob/598a68e61ceaa144efad94cba1befeef342fe534/CHANGELOG.md?plain=1#L16

Not sure what changed, but it's supposed to be using the GH API to know who's external.

This isn't really a blocker for v0.19.6 since it's easy to patch, but would be nice to fix, so adding to milestone for now

What are you trying to do?

When I'm exploring modules, especially modules with multiple functions, this can take a while to understand what are the available functions to call.

It could be interesting to have an interactive way to browse functions.

Let's take as an example the main module of dagger/dagger:

$ dagger functions
▶ connect 0.5s
▶ load module: . 35.3s

Name              Description
bench             Find benchmark suites to run
bump              -
check-generat...

• Avoid dumping ginormous object JSON into response body
• Expose tools for object field getters (needed for e.g. sdk python generate)
• Fix OpenAI issue with MCP servers having null properties

we're also enabling the nilness linter to catch these issues earlier

Signed-off-by: Marcos Lilljedahl

This is it! The last layer of the onion. Let's break up our CI monolith into cleanly decoupled toolchains.

Goals:

1. Faster CI
2. Simpler CI
3. A golden example of Dagger best practices

TODO

• CI: run ci-in-ci check without requiring --source constructor argument
• CI: run "scan" check without requiring --source constructor argument
• CI: run scripts/ checks without requiring --source constructor argument*
• **CI: 'dagger call sdk php' doesn't require --source construct...

based on #11211

Seeing if this fixes the flake in TestContainer in CI. I can't confirm locally because there I get seemingly unrelated errors related to cgroup setup 😵‍💫, possibly some kernel-related and/or cgroup v1/v2 related nonsense.

Also reducing the verbosity since there were complaints and making the cache volume locked since locally I hit an error due to it being used concurrently

Bumps the engine group with 17 updates in the / directory:

we accidentally removed it in a previous release.

fixes #11367

Signed-off-by: Marcos Lilljedahl

The tests were being given a container with a dev engine attached via service dep, but then were being run as nested execs, which overrode the settings and made them not actually hit the dev engine they were supposed to hit at all.

This adds and option to the tests to disable nested execs (which is particular to the nested dev engine sidecar setup in our top-level module) and uses that to run tests.

This fixes the errors entirely for me locally. It also is likely the explanation ...

Bumps the engine group with 18 updates in the / directory:

What are you trying to do?

Right now every time you do a dagger develop the dagger.json just pins to your current engine version - even if it's a dev version.

This gets really annoying because half the time the module would be just fine on the version it was. It would be nice if we only bumped that version when the module actually needs it.

Maybe we could do that based on views? I don't think we're marking what version new APIs appear in, because there's a chicken-egg problem (don'...

Bumps the sdk-java group in /sdk/java with 2 updates: io.opentelemetry:opentelemetry-bom and com.squareup.okhttp3:okhttp-jvm.

Updates io.opentelemetry:opentelemetry-bom from 1.53.0 to 1.56.0

Release notes
Sourced from io.opentelemetry:opentelemetry-bom's releases.

Version 1.56.0
API
Incubator

Support ExtendedOpenTelemetry in GlobalOpenTelemetry (#7799)

SDK

Changes to MeterConfig, LoggerConfig, ...

Bumps the docs group in /docs with 1 update: posthog-js.

Updates posthog-js from 1.284.0 to 1.290.0

Release notes
Sourced from posthog-js's releases.

posthog-js@1.290.0
1.290.0
Minor Changes

#2553 8a2b790 Thanks @​pauldambra! - feat: yield to the main thread during posthog init

posthog-js@1.289.0
1.289.0
Minor Changes

#2551 10be1b0 Thanks @​dmarticus! - Support bootstrapping feature flags during SSR in ReactJS

posthog-js@1.288.1
1.288.1
Patch ...

Bumps the sdk-typescript group in /sdk/typescript with 11 updates:

Bumps the engine group with 21 updates in the / directory:

Bumps the sdk-python-docker group with 1 update in the /modules/ruff/build directory: astral-sh/ruff.
Bumps the sdk-python-docker group with 2 updates in the /sdk/python/runtime directory: python and astral-sh/uv.

Updates astral-sh/ruff from 0.14.3 to 0.14.4

Release notes
Sourced from astral-sh/ruff's releases.

0.14.4
Release Notes
Released on 2025-11-06.
Preview features

[formatter] Allow newlines after function he...

The action douglascamata/setup-docker-macos-action doesn't work with the new lima v2:
https://github.com/douglascamata/setup-docker-macos-action/issues/53

As the action picks by default the latest version of lima, go back to the previous stable lima v1.2.2 that should be ok.

What is the issue?

When I try to use a TextIO instance (in my case, StringIO), it fails because it’s not a file-like object.

class dagger.Config(*, timeout: ~dagger.Timeout | None = , retry: ~dagger.Retry | None = , workdir: ~os.PathLike[str] | str = '', config_path: ~os.PathLike[str] | str = '', log_output: ~typing.TextIO | None = None, execute_timeout: ~typing.Any = )

log_output (TextIO | None) – A TextIO object to send the logs from the engine.

Dagger...

What is the issue?

When I run a Dagger function from the Python REPL or from the command-line, it makes changes to the terminal that are not cleaned up afterwards.

When I run from the terminal, it shows the animated log output, then after the function has finished running, it says “Disconnecting” and terminates. It fails to print a newline, and for some reason the blinking cursor disappears from my terminal session.

When I run from the Python REPL, the “Disconnecting” message with ...

With the recent changes introduced by https://github.com/dagger/dagger/pull/11309, we significantly improved the performances for both Node, Deno and Bun.

So I'm wondering if we should change our default TypeScript runtime to maximize performances by default.

If we compare the number for dagger v0.19.6, we got:

                                          │   bun.txt    │               deno.txt               │              node_yarn.txt               │
                                  ...

Noticed this panic locally and chucked it into an LLM to avoid a rabbit hole, here's its generated description:

cc @sipsma

Fixes a panic that occurs during container execution error handling when there's a mismatch between mount indices and output indices.

The Bug

panic: runtime error: index out of range [2] with length 2
  at /app/core/container_exec.go:302

The error handling code in WithExec's deferred function was incorrectly assuming that iteration i...

for performances

This should be a drop-in replacement, API should be the same.

What is the issue?

In some cases, module constructor arguments that have python-native default values are not overridden by the values provided in the .env file. Presumably these default values should be overridden if they are supplied via the .env file.

Dagger version

dagger v0.19.3

Steps to reproduce

# .env 

SECRETWITHDEFAULT=env://SOME_SECRET_ENV

import dagger
from dagger import Doc, dag, field, function, object_type

@object_type
class MyModule:
    src:...

Problem

The experimental toolchain config feature allows setting default values for a toolchain's functions, but only if the argument is a string.

In my case, the argument I want to configure is an array of strings. But there are other possible types.

What is the issue?

I am trying to set up a registry mirror that points to a different location for hub.docker.com. Naturally, I try to follow the docs available for configuring the Dagger engine here, but I am struggling with getting this to make sense.

I create an engine.json config in $HOME/.config/dagger/engine.json with the content below:

{
  "registries": {
    "docker.io": {
      "mirrors": [...

The time has come

The time has finally come to break up our CI monolith into cleanly separated toolchains. This will make our CI simpler, smaller, and hopefully faster! It will also finally allow us to show our own CI as a "golden example" of how to use Dagger. It has been a long road getting to this moment... 😭

What happened? What did you expect to happen?

Dagger seems to try to interpret parts of the env variable: USER=an$example-user as a separate variable. I get the following error:
failed to get configured module: failed to resolve dep to source: failed to load git dep: select: load user defaults: Evaluate env file: USER: example: unbound variable
How do I escape the '$' in my env var? the documentation doesn't mention this behaviour. I pass this value as a regular argument to the dagg...

While working on checks/scale-out I managed to randomly hit locally the same hang we see in our CI occasionally where loading modules hangs forever and lots of spans never finish. In CI that seemed to be accompanied by SQLITE BUSY errors from telemetry, turns out locally it was too.

I only managed to repro it one more time despite many attempts in a loop. Engine SIGQUIT stack traces from both those occurrences (gist was giving me 500s, so uploading files) :

• [engine-goroutines-1.txt](h...