@IljaKroonen have you tried copying the files into dagger from the host, with pre-call filtering to only copy what you need? I understand that the entire NFS mounts are surely too large to copy, but how much data do you actually need to copy into dagger? Depending on the answer you may not need a new feature at all, and may be able to get a solid implementation with pre-call filtering.

@jpadams the reason why this happens is because WithoutEntrypoint removes both the entrypoint and default args (https://github.com/dagger/dagger/blob/main/core/schema/container.go#L993-L995) unless KeepDefaultsArgs is set. This has been like this for a while and is not related to the change introduced in #9305 so pre v0.15.0 pipelines will also get an error by stating that the container command has not been set.

Going back to your examples, because the second example calls `Witho...

just needing to use shell.

What does "needing to use shell" entail? In the model we currently use, Jenkins invokes a single dagger function (using dagger call) and passes in the git repository and auth. What would this look like if we also wanted to make a directory available under your proposal?

Basically, the dagger shell supports explicitly passing the output of one function as argument to another, using the familiar subcommand syntax of the bash syntax. For example:

dagger ...

Bikeshedding the API design for new volume constructors (I think we should implement it regardless, unlike secret providers where we'll have to retrofit - do you agree?)

Yeah I want there to be APIs for each volume type, if that's what you're getting at (sshfsVolume, nfsVolume, etc.)

Deciding on adding a convenience URI format now vs. later

Really no strong opinion on this. I feel like it can be safely saved until it's desired by anyone. In the meantime invoking from shell or an ...

Local dev docs can be found here, but will outline some more pointers specific to this effort.

cc @IljaKroonen and team

Implementation

Will give a high-level outline here, obviously happy to fill in details as needed.

API schema

We'll want a new Volume type and associated Query.sshfsVolume API for creating one.

• This is fairly boilerplate-y, can follow patterns in the core/ and core/schema/ packages
• e.g. us...

having the ability to mount FFS shares in dagger would solve our problem but I don't think this is practical to implement. The environment in which we run won't allow us to mount directly using the Linux NFS driver and while a fuse implementation exists, I am not sure how reliable it is

Ah okay, good to know. I'm guessing it gets into something deeply specific to your setup, but if you are able to share why it doesn't work I'd be curious to know. I did a quick hacky test with my own NFS se...

1. The sshfs ideally shouldn't be container-based API. The reason is that pulling a large filesystem and unmounting before running the next container can be expensive compared to mounting the filesystem once, sharing that directory between containers, and unmounting. However, it does go against the proposed design.

I don't follow. It would be perfectly fine for the engine to mount the sshfs once and then share that mount by just bind mounting it into each container that needs it. Whe...

I can confirm that Nikola's patch is working for our use case.

You can see it here: https://github.com/G-Research/dagger/tree/nikola-jokic/sshfs-volume

Both these methods in there are suitable for us:

• dag.SshfsVolume successfully connects to our host and allows accessing the files from WithExec
• the WithMountedHostDirectory also achieves what we want pretty much directly but my understand from the above that we would like to avoid exposing this kind of primitive (I think the name cou...

@jedevc yeah... I thought about the exact same name but WithErr seemed wrong to me conceptually. Still, adding a new method seems the more sensible option

same problem different solution :) #8402

Personally, I like this approach better.

same problem different solution :) https://github.com/dagger/dagger/issues/8402

Container.withError is multi-language, I personally am not a fan of adding more and more features that are SDK-specific.

See @vito's comment here: https://github.com/dagger/dagger/pull/9569#issuecomment-2657252489

We essentially need the equivalent of #9344 for those, so we can avoid marking pending states as DONE.

(opening so I don't forget about this)

Fair, but this is a problem that plagues go more specifically - in other languages, errors are generally handled by exceptions, and so are thrown all the way up. No explicit extra handling in with is required for other languages.

Actually, we may not have that extra return in TypeScript but we can't execute something in a with because the with signature doesn't ret...

This proposal is for a variation of the design prototyped in #8730. It started as a comment in that PR, which I'm formalizing here.

Overview

In #8730 we introduce the concept of secret providers: an expansion of Dagger's ability to load secrets, with 1password integration as the reference implementation of a provider. This makes the user experience better, by making Dagger itself smarter and less dependent on lon...

The PHP SDK could use integration tests. With modules created, purely for testing, to assert PHP modules work when called through dagger.

For reference: #php message

What is the issue?

The daggermod folder is mounted such that only root can write to it. If a container is returned that has .WithUser("not-root"), introspection/invocation will fail.

Dagger version

v0.15.2

Steps to reproduce

Check out https://github.com/M-Pixel/dagger/tree/m-pixel-csharp

Remove .WithUser("0") from /sdk/dotnet/module/main.go

From the dotnet directory, run dagger init --sdk=../module test; dagger call -m test default-cow

Or re-create the scenario on...

Would love your thoughts on this @aluzzardi @kpenfound @grouville @sagikazarmark @marcosnils @jedevc

This would make it easier to handle differences between APIs and capabilities between secret providers. The downside as I see it is that code will be more tied to a specific secret provider. A use case I've thought a lot about is local flows using a password-manager style provider like 1password, while CI environments would use a proper secret provider like Vault. When the URI is untyped this is pretty easy. Maybe this isn't a use case we're trying to solve for yet.

The main (only?) API user is the CLI -- you can't call mapSecret in code unless directly using the SDK without modules.

Without the URL syntax, what would be the CLI syntax for passing a secret?

Also having this issue when I'm trying to mount a cache volume to a redis container

func (m *MyModule) Redis() *dagger.Container {
  return dag.
     Container().
     From("bitnami/redis").
     WithExposedPort(6379)
     WithMountedCache("/bitnami/redis/data", dag.CacheVolume("redis-cache")
}

This will fail:

dagger call redis up

14:M 23 Jan 2025 16:00:10.566 # Can't open or create append-only dir appendonlydir: Permission denied 

To fix that I need to manually se...

Problem

Dagger SDKs do not bundle 100% of their code and dependencies. This means that when a developer builds their module, their build downloads third party packages from various third-party registries. And, because Dagger doesn't have a distinct build phase, this happens at runtime.

As a result, it's difficult to run Dagger modules behind corporate proxies, or in airgapped environments. There is ongoing work to allow configuring various proxies, but it's a game of whack-a-mole.

...

I've tried few things to bundle the TypeScript SDK and that's promising.

I'm using bun bundler to bundle the TypeScript library and tsc to emit type declaration.

So we end up with a directory of only 2 files: index.js and index.d.ts.
It's working fine but that requires to rebundle on every runs which is something we want to avoid so here's another solution that fix the proble:

1. When buil...

What is the issue?

Diagrams, link to it from Quickstart

What are you trying to do?

It takes roughly 2 to 3 minutes for me to install private modules and then have it execute the functions.
It would be great if I can create custom dagger engine with some of the private modules pre-installed and then run this engine in our CI (gitlab cicd).

Why is this important to you?

It will save us time.

How are you currently working around this?

No response

What is the issue?

Contrary to the docs, which states that mounted directories are included, Container.directory() does not include mounted directories when listing entries or calling export on a parent directory.

Our use case is to include log files from a mounted build directory when errors or warnings occur, in order to export them to the CI runner context. We scan the build log to extract absolute...

What is the issue?

If declare a function that returns a list of type ([]*T, []*dagger.Container for example), the Go codegen will render as []T instead of []*T that look break the convention.

Dagger version

dagger v0.15.3 (registry.dagger.io/engine:v0.15.3) darwin/arm64

Steps to reproduce

Create a module that has a function like this example below:

func (m *KptBuilder) Build(source *dagger.Directory) (ctrs []*dagger.Container) {
	// ...
}

Then, create a n...

Module version compatibility was introduced originally in https://github.com/dagger/dagger/issues/7640. Essentially, it allows modules to be served a compatible old API, while we're free to modernize the API for new + updated modules.

However, the original really only covers changes to fields:

• Fields being removed/renamed
• Fields added (but we don't, see https://github.com/dagger/dagger/issues/10102)
• Fields with different type signatures

We don't handle changes to types - I remem...

What are you trying to do?

Passing arrays to Dagger functions via the CLI is currently done with comma separation. What if I'm passing a string that needs to include a comma? What if I'm passing an array of arrays? I found that \ doesn't escape commas (if it did, it would probably be bad for some Windows users).

I'm not suggesting that JSON array syntax should be the only option. But if an array input begins with [, it should be treated as a JSON array. Google's GN is an ex...

What Happens

This works as expected:

#[DaggerObject]
class MyModule
{
    #[DaggerFunction]
    public function returnSelf(): MyModule
    {
        return $this;
    }
}

However, this fails:

#[DaggerObject]
class MyModule
{
    #[DaggerFunction]
    public function returnSelf(): self
    {
        return $this;
    }
}

What A PHP Developer Might Expect

Both examples to work identically.

Solution

I'm not sure of all the intricacies of self as a return ...

Module version compatibility was introduced originally in https://github.com/dagger/dagger/issues/7640. When it was originally added, we decided that we would only add Views for fields that changed or removed - added fields wouldn't get a field.

That's because, there's actually no need from a compatibility point-of-view.

The main reason that we might want to is that it's technically possible right now to dagger develop --compat to a specific ``, and get a view of the API that is c...

static return can be nice to have too. WDYT?

@WedgeSama
I'm not sure how useful it will be but it should be fairly straight forward to support at the same time. (I hope 😰)

Do you have any use-cases in mind?

This started flaking occasionally a few days ago. First occurrence I found is at https://v3.dagger.cloud/dagger/traces/99b8612ffeb0bd86a718c0d3164e0ffb?span=c7b32ffabfbd2e59

Error looks like

failed to check if module already exists: input: moduleSource failed to stat local path: failed to stat path: failed to get requester session: session for "1s13ivxachyz418qvzs4dtfoh" not found

It's a bit of a mystery since the TestSystemCACert tests run against their own isolated nested engine...

What are you trying to do?

If I'm instrumenting my tests with custom spans, I'd like to be able to x-reference those spans based on git metadata so my initiated-from-main CI runs are distinguishable from my intiated-from-branch CI runs. CI Infra engineers responsible for pipeline maintenance are often looking to understand how long each test case takes to run across different environments and versions, as well as how often they suceed or fail to determine test flakiness. [Datadog has som...

Saw this happen one time so far: https://v3.dagger.cloud/dagger/traces/cdca068a2bc3f4a24669294d6d55b6a2?span=9bb360c22dab5941&logs

time="2025-04-19T01:42:46Z" level=debug msg="merging edges" dest_index=2 dest_vertex_digest="sha256:25054e2b8aa9a0a72570be4927725d143b9efc775b097111ab630993fc648079" dest_vertex_name="npm pkg set type=module" source_edge_index=2 source_edge_vertex_digest="sha256:8e05840352c710528a008aaf070ad90ea1c78ac5b3ae04d2ae04736a0e93df6b" source_edge_vertex_name="npm pkg...

relates a bit to @vito's current work surrounding a frontend API https://github.com/dagger/dagger/issues/9374

What is the issue?

When doing this command :

dagger call build-env --source=.

with :

 @function
    def build_env(self, source: dagger.Directory) -> dagger.Container:
        """Build a ready-to-use development environment"""
        python_cache = dag.cache_volume("python")
        return (
            dag.container()
            .from_("127.0.0.1:5000/pythonflask")
            .with_directory("/var/flaskapp/", source)
            .with_mounted_cache("/var/flaskapp...

Thanks @Nero-F, assigned to you.

Problem

Coming from: https://discord.com/channels/707636530424053791/1342430286331379712

Given the following pipeline:

func main() {

    ctx := context.Background()
    d := dag.Host().Directory(".")

    dc := d.Directory("contracts")

    dag.Container().From("ubuntu").
        WithMountedDirectory("/workdir", d).
        WithMountedDirectory("/workdir/contracts", dc).
        WithExec([]string{"apt", "update", "-y"}).Sync(ctx)
}

with the following file structure:

...

When installing the official Dagger helm chart following the docs here https://docs.dagger.io/ci/integrations/kubernetes/#example, the resulting volume paths seem to contain the dagger word a bit too much:

        serviceAccountName: default
        terminationGracePeriodSeconds: 300
        volumes:
        - hostPath:
            path: /var/lib/dagger-dagger-dagger-helm
            type: ""
          name: varlibdagger
        - hostPath:
            path: /run/dagger-dagger-dagger...

What are you trying to do?

It would be nice to support environment variables to configure aspects of the CLI. Specifically things like --progress without requiring those to be set each time call run is invoked.

Some examples from the CLI reference page:

1. --debug would be DAGGER_DEBUG=true
2. --progress would be DAGGER_PROGRESS=plain
3. --silent would be DAGGER_SILENT=true
4. etc ...

Related Discord: https://discord.com/chann...

TL;DR

This issue describes the MagicSDK project and aim to gather opinions and feedbacks from the community.
The goal is simple: make it possible to adopt Dagger in a project without writing code on day one.

Description

Adopting Dagger requires some investment, you need to learn the concept of module, how to create your own with SDKs, use the published on Daggerverse etc.. it's a big learning curve and even if the rewards are great after adoption, it's still a lot.

The goal is t...

What is the issue?

Right now if the engine is not ready by the time the CLI tries to connect it shows a scary looking error in dagger cloud.

connection error: desc = "error reading server preface: command [docker exec -i dagger-engine-v0.15.1 buildctl dial-stdio] has exited with exit status 1, make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=Error: dial unix /run/buildkit/buildkitd.sock: connect: no such file or directory\nUsage:\n  dial...

Overview

In the context of a new LLM type, it would be amazing if we could send token count as otel metrics, the same way we already send cpu, memory and IO metrics.

Design considerations

The design is still TBD. But it seems feasible.

Per @sipsma on Discord:

sgtm, the current metrics only come from exec-ops but the underlying infra will work in any other api call I believe.

to sketch out what you'd need to do the equivalent of using current code as an example:

• [...

Implement a generic ID type that matches any specialized object ID.

This is needed for improving the Env bindings API as described in #10370

In [a discord discussion](#maintainers message), @vito said:

i'm not sure if we have it already, but we could define a generic ID type, and the function could decode it to determine the type at runtime

[...] we would need to handle it (generic objects) at the SDK layer somehow, e.g. for ID args that should probably translate to an interface implemented by all objects in Go (prob the XXX_GraphQLID thingy we have already)

As a dagger newbie.. I would love to get a fully functional dagger CLI without too much hazzle, even with the current instructions there is not a single thing that I can copy and get stuff working.. if the solution is a simple install.sh that I can run.. I will go for that.

What are you trying to do?

It is possible to write some dagger code like:

func (m *MyModule) doLotsOfStuff() {
    baseContainer := dag.Container();

    parallelBuilds = []*dagger.Container{
        baseContainer.WithExec([]string{"do", "stuff", "a"}),
        baseContainer.WithExec([]string{"do", "stuff", "b"}),
        baseContainer.WithExec([]string{"do", "stuff", "c"}),
        baseContainer.WithExec([]string{"do", "stuff", "d"}),
        baseContainer.WithExec([]string{"do", ...

We should revive the work in https://github.com/dagger/dagger/pull/8201 (was closed due to lack of time, but it's quite useful in our new SDK interface world that's being worked on by @TomChv as part of https://github.com/dagger/dagger/issues/9582).

This would help fix:

• #6621
• #7834
• #7707

It also feels heavily linked to #10480 #7707, and would help decouple init and develop more.

This new Init method would be in a new Init interface in core/sdk.go, something like:

What are you trying to do?

• start Dagger enging with gpu access
• create a service that loads and LLM model and expose an OpenAI API
• create awesome agents with LLM

Why is this important to you?

Testing my agents with a standalone and private workflow

How are you currently working around this?

Nope, but @shykes told me that it should be easy to implement :)

#agents message

What is the issue?

You cannot have a function name in a module that is named Query

Dagger version

dagger v0.17.0-llm.11 (docker-image://registry.dagger.io/engine:v0.17.0-llm.11) darwin/arm64

Steps to reproduce

When defining a module with the function Query the dagger develop will complete fine, but running dagger functions you get the following error:

# dagger/database-agent/internal/dagger
internal/dagger/dagger.gen.go:7977:2: query redeclared
        internal/d...

I'm not able to reproduce the error with v0.17.0

package main

import (
	"context"
)

type Test struct{}

func (m *Test) Query(ctx context.Context, query string) (string, error) {
	return dag.Container().From("alpine:latest").WithExec([]string{"echo", query}).Stdout(ctx)
}

$ dagger call query --query foo
foo

Since now llm is merged on main and released, is it still relevant?

I think something like that could do the job

defmodule MyModule do
use Dagger.Mod.Object, name: "MyModule"

defmodule Severity do
use Dagger.Mod.Enum

 defenum [
  # Undetermined risk; analyze further
  UNKNOWN: "UKNOWN",
  # Minimal risk; routine fix
  LOW: "LOW",
  # Moderate risk; timely fix
  MEDIUM: "MEDIUM",
  # Serious risk; quick fix needed.
  HIGH: "HIGH",
  # Severe risk; immediate action.
  C...

What is the issue?

I'm getting a panic error when trying to exit the interactive terminal.

For context I'm running a k3s cluster using this example/module.

Dagger version

dagger v0.16.3 (docker-image://registry.dagger.io/engine:v0.16.3) darwin/arm64

Steps to reproduce

Try running this example module, once the terminal is open attempt to exit by executi...

What is the issue?

https://docs.dagger.io/ci/adopting#implementing

The sdk doc is not currently published, but I'll have a look at that very soon. A bit of work is needed on my side to ensure everything is ready to be published.

What is the issue?

Update:
https://docs.dagger.io/faq#what-is-the-dagger-platform - mention our expanded agents and CI use cases
https://docs.dagger.io/faq#dagger-sdks - mention all of the SDKs

Add:
in an entry similar to https://docs.dagger.io/faq#which-ci-providers-does-dagger-cloud-work-with, describe which LLMs and frameworks we work with. Short answer is that Dagger should work with any hosted or local LLM. With Dagger's multi-language support and ability to use any libraries or c...

What is the issue?

https://docs.dagger.io/features/programmable-pipelines

What is the issue?

We need a section in the documentation that covers the env vars that are available to configure Dagger.

We can look for references using this search: https://github.com/search?q=repo%3Adagger%2Fdagger+os.Getenv(+language%3AGo&type=code&l=Go

From this Discord thread: https://discord.com/channels/707636530424053791/1384134172502659162

We need to document how to use Dagger in a Java custom application on this page. @eunomie I know you are all setup, do you mind tackling this issue for the docs? 🙏

dagger run java ...

Related: https://github.com/dagger/dagger/pull/9709

Problem

When calling .install MODULE from the dagger shell, the newly installed module is not available in the same session. I have to exit and re-run the shell to use it.

Solution

Fix .install so that it loads the installed module in the same shell session.

What are you trying to do?

Using the Directory built in object is a bit clumsy; I'd like to create a function which iterates through the files/directories in a provided Directory argument. While it is possible to do using the entries() function; this returns an array of strings which isn't easy to work with.

I propose adding a files() function and a directories() function which would return an array of File objects for each file in the dir, or an array of Directory objects for each dir...

What is the issue?

Disk hit 100% and I was unable to clean it with dagger commands like prune. I think this is because it's trying to spin up a module?

Use "dagger [command] --help" for more information about a command.
/ # dagger core
✔ connect 0.1s
✘ loading type definitions 0.1s
! query module objects: input: failed to get schema: failed to select introspection JSON file: select: parent snapshot z62ntc4rcflkf4lixwzv8hk2b does not exist: not found

Dagger version

16.1
...

What are you trying to do?

I want to use my host's configured Git credentials within containers in Dagger.

Why is this important to you?

I want to be able to git fetch additional branches to what is already checked out within a git context. This is important for tools like SonarQube where it requires the context of the reference branch to do the analysis. There may be other use cases which require a fetch/pull from remote when working with current git directories. This is easy t...

Problem

When configuring Goose to use dagger mcp as an extension, the extension fails to load with a cryptic error. It turns out that the default log output of dagger mcp is interpreted as an error, or invalid output, by Goose. Calling dagger -s mcp instead solves it. This is confusing and should not be the default outcome.

Solution

Make it so that dagger mcp works as a Goose extension / MCP server, without having to guess which flags to add.

What is the issue?

Pardon my laziness, I will copy-paste from discord

I tried setting up dagger engine behind a k8s service (and tried to configure dagger client to connect to the dagger engine using k8s service name + port). While the connection is established, dagger builds fail with some weird error saying smth about an invalid session. I straced dagger and saw that it opens x4 connections to the dagger engine. Since k8s services are load-balanced round-robin, each connection was pro...

In the context of client generation and various discussion with @shykes and @helderco.
We conclude that the introspectionJSON arg in SDK module should not be required since they are other ways to get a module object definition (with the typedefAPI).

So I opened a PR (https://github.com/dagger/dagger/pull/9778) to expose the introspectionJSON file with an API call, so it’s up to the SDK maintainer to use it or not.
In #9778, the introspectionJSON API query is part of moduleSource but it...

What is the issue?

I opened this issue as the project lacks proper documentation around how to setup a dev environment for the project. I was trying to contribute to this project but unfortunately, after first PR is merged, I am unable to move forward. I tried a lot to setup a local running engine that I can debug via dlv, and failed.

A dev documentation exists, however I feel that this document expects developer to already know about the project. This is the one: https://github.com/...

What is the issue?

When passing an uninitialized object to a method, it gives a 400 GraphQL error without a clear error message of what went wrong.

Code:

@object()
export class TSProject implements Project {
    source: Directory
    ctr: Container
    packageCache: CacheVolume;
    buildCache: CacheVolume;
    readonly projectDir = "/app/";
    constructor(
        @argument()
        source: Directory
    ) {
        this.source = source;
        this.ctr = dag.node().withPnpm()...

What are you trying to do?

When returning a custom type, or even a slice of strings. It would be great to have a native json method. Given this example return type: https://github.com/jasonmccallister/sql/blob/e1267aa57b6a46f8dd2f31aa9507c3e6584281a4/main.go#L16

In order to see the values of the fields, you would need to pipe | multiple times. Instead, if the return type supported a json chain - it would be human readable.

Note: bonus points for additional types like `csv...

What is the issue?

When loading a module using the git address (e.g. dagger -m git@github.com:jasonmccallister/database-agent.git) the link in the prompt becomes a mailto link.

Dagger version

v0.18.3

Steps to reproduce

Ran dagger -m git@github.com:jasonmccallister/database-agent.git and tried to call a function ask from the module.

Log output

No response

What are you trying to do?

Some LLM providers tend to throw HTTP 429/502/503 when they're overloaded. We should have a configurable retry when one of these statuses is received

Why is this important to you?

No response

How are you currently working around this?

No response

Related: #11125

When building a container using Directory.dockerBuild, any ports exposed in the Dockerfile will be lost when calling up on the container.

What is the issue?

The with_default_args function/feature & it's capabilities as previously mentioned in [Discord](#1090037052923453470 message) two years ago but still not mentioned/updated in docs.

What are you trying to do?

I'm playing with an interactive command in a Dagger terminal and I'd like to capture the contents of stdout when the command exits.

Something similar to RedirectStdout/Stderr in WithExec would be nice.

Why is this important to you?

No response

How are you currently working around this?

No response

@vikram-dagger It would be a great help if you can solve this. Thanks

What is the issue?

I have a lot of secrets using 1Password and it's causing dagger to spend 8 seconds fetching secrets before running the withExec command:

I ended up switching to env secrets to speed it up - after that, the 8 second withExec went down to 400ms

Dagger version

dagger v0.18.3 (docker-ima...

What are you trying to do?

I am trying to convert a large docker project and I am stuck because there doesn't appear to be a way to port the VOLUME instructions.

Why is this important to you?

See above. I am stuck without VOLUME instruction.

How are you currently working around this?

I guess I could workaround it by using the dockerfile build feature, but I would like to avoid that.

Looks like a matter of adding a new function to Container to add the relevant oci metadata. 👍

What happened? What did you expect to happen?

I'm new to dagger and trying to figure out some odd behavior.

I have a Dagger module that calls an API endpoint to create something, when the module calls the API endpoint directly like so:

package main

func (r *MyModule) CreateSomething(ctx context.Context, token *dagger.Secret, environment, version string) (string, error) {
	apiClient, err := api.NewClient(ctx, token, environment)
	if err != nil {
		return "", fmt.Errorf("create cl...

I've worked around this by putting everything in my top level func which has the module as a receiver and that works for now. Not sure at this point why.

Another unwanted behavior, as soon as the sub-object (in this case Workspace.Container is automatic selected), the number of input tokens inceases from ~1k to ~8k, and it crashes on openai rate limiting. Which I guess is due to the number of functions we expose to the model.

What is the issue?

I don't know if the Rust SDK was meant to be cross compatible (Unix & Windows) but it would be useful to allow the SDK be able to compile in Windows by separating the following configuration below referenced for Unix and Windows.

The issue is that the dagger-sdk crate is attempting to use Unix-specific functionality (os::unix::prelude::PermissionsExt and set_mode on Permissions) on a Windows platform. This won't work because the unix module within os is c...

What are you trying to do?

Many users have requested the ability to capture the state of a Container that has been modified through an interactive session with terminal such as in

⋈   container | from alpine | terminal

dagger / $   apk add git
dagger / $   exit

✔ container | from alpine | terminal 3m47s
Container@xxh3:0991463b40bf15ca

It would be amazing if you could just run

⋈   ctr=$_
⋈  $ctr

Why is this important to you?

No response

How are ...

What is the issue?

Just saw during upgrading Dagger in my team:

Dagger version

dagger v0.18.3

Steps to reproduce

No response

Log output

No response

What are you trying to do?

If there is an issue with a specific model, it would be great to be able to fall back to a different model. For example I sometimes get rate limited or stuck with the following errors:

│🤖 1.7s
│ ! received error while streaming:
│ ! {"type":"error","error":{"details":null,"type":"overloaded_error","message":"Overloaded"}}
! input: llm.withQuery.withPrompt.sync select: received error while streaming:
! {"type":"error","error":{"details":null,"type":"overlo...

What are you trying to do?

Currently we are using dagger for our build workflow.

One of the steps in this flow is that we are doing a docker build using the context:
baseContainer.build(context);
What we noticed is that there is a bit of a difference between the error output that we expect to see in local docker builds and dagger builds.

E.g.: forcing a build failure by making an instruction in the Dockerfile cause a failure

docker

  => [5/8] RUN apt-get install -y git gc...

Problem

Visual Studio Code has extensions to show CI status directly in the editor. This is done with extensions, such as the Github Actions extension. Unfortunately the same integration is not available with Dagger Cloud. Even if my CI is configured to run Dagger, and send telemetry to Dagger Cloud, I cannot access the status of my Dagger pipelines as conveniently.

Solution

Implement a Visual Studio Code extension which integrates directly with Dagger Cloud, and shows CI status dir...

== Compilation error in file test/support/object_field.ex == ** (MatchError) no match of right hand side value: {:error, :nofile} lib/dagger/mod/object.ex:208: Dagger.Mod.Object.module?/1 (elixir 1.18.3) lib/enum.ex:4390: Enum.filter_list/2 lib/dagger/mod/object.ex:186: Dagger.Mod.Object.decoder_hint/1 test/support/object_field.ex:69: (module) ! proces...

ref: #agents message

When the engine fails to start using the docker driver, it currently requires some manual docker logs troubleshooting to understand what's happening. We can simplify troubleshooting if we fetch the logs ourselves and print them through stdout.

Here's an example of what users generally get:

connection error: desc = "error reading server preface: command [docker exec -i dagger-engine-v0.18.5 ...

The MCP protocol has a new feature called Roots. It is already supported by Visual Studio Code and other clients are sure to follow. We should support it as on the server side asap.

Roots seem to be the solution to our "contextual access" problem:

• Dagger is highly contextual: different directories in the same repo can have different modules, which means a different s...

What is the issue?

Hopefully, this is not a duplicate bug report, i couldn't find one. Happy to close if its already a known issue.

Dagger shell behaviour with files (and directories?) is not the same. Seems like a bug as relative is working on WSL, but its not possible to make it work on Windows, because the directory system is different, so you cannot relative path to the file, if the module/shell is on a separate drive e.g D:\ compared to a file being passed to it.

https://github....

What are you trying to do?

Access a module's own version information directly from within the module, without requiring expensive git tag fetching operations. See this conversation in discord: #maintainers message.

Specifically, we'd like the github.com/dagger/dagger/version module to be more efficient by enabling a pattern like dag.CurrentModule().Version() which would return the current version (tag or commit SHA) ...

Shell and call do work differently. Shell is sandboxed by your module’s context directory (unless you’ve started with -M), which is either your git repository root or your module’s root if not in a git repo. It works similarly to default paths, but where relative paths are resolved relative to the current working directory within the shell session, which is the module’s root directory initially by default.

For example, assuming your module is in ...

In daggerverse - we can use this to provide neater displays for versions that aren't tagged - the pseudoversion gives human-readable context for where a version appears in relation to others. cc @jpadams @kpenfound

Sections in the Dagger blog are not linkable. This is annoying since some of our blog posts have a lot of rich content that we often want to reference later. For example, release announcements. Instead of linking to a particular feature in the announcement, I have to link to the whole post and say "scroll down to the part about ".

What is the issue?

To improve performance for long-running tests, I want to export cache volumes into container images, store them in a registry, and restore them on the next run. While writing these functions, I noticed strange behavior with cache volumes. I already know that changes to cache volume contents don't invalidate the engine's cache, and the current solution is to invalidate the cache using a random variable. However, I dis...

Problem

The default verbosity of the TUI is awesome, but... it's a lot. People get overwhelmed - like running shell scripts with set -x by default. Or stracing your unix tools by default.

This is actually 2 problems in 1:

• Problem 1: the default verbosity is too high
• Problem 2: the lower verbosity, as implemented, is still overwhelming. We need a different kind of low-verbosity output

Solution

Default output should be a new output, with a fixed depth of 2. Basically, only ...

@skycaptain not sure if this will help, but I explored volume exporting a little while ago and created a small example module out of it: https://github.com/cbochs/dagger-modules/tree/main/remote-cache. There are some gotchas when trying to use images for volume export, so feel free to poke around and take what you need from that repo

Description

Whenever there is an update to Dagger and it needs to pull the newest Dagger engine image, the process gets through most of the download but then exits with an unexpected EOF. This issue is temporarily resolved by performing a docker pull of the new image manually.

Environment

• Operating System: NixOS
• Installation Method: dagger/nix flake

Logs

95010d052422: Pulling fs layer
b16238853797: Pulling fs layer
d0d32b261184: Pulling fs layer
failed to copy...

Currently, Dagger provides excellent built-in observability for its own pipeline execution using OpenTelemetry (OTel), visualized beautifully in the TUI and Dagger Cloud.

Separately, Deno now offers native, built-in OpenTelemetry support (--unstable-otel, OTEL_DENO=true), allowing Deno applications to emit traces, metrics, and logs using the OTLP standard (Deno OTel Docs).

When running a Deno application that uses this native...

What is the issue?

Installing the helm chart using fluxcd fails as the version number gets rendered differently

This appears to happen with a few apps (though dagger is in this thread)
Flux seems to render the version with a Sha

So it fails with

  Failed to apply default image tag "registry.dagger.io/engine:v0.18.5+bbb202ea8932": couldn't parse image name "registry.dagger.io/engine:v0.18.5+bbb202ea8932": invalid reference format

It appears AppVersion is preferred over Versi...

🤔 I'm guessing this is because the chart version is being set to v0.18.5+bbb202ea8932 somehow?

We use the chart version to set the image to pull, see: https://github.com/dagger/dagger/blob/800a91e04595cda22533f1051e8645d4417a01a9/helm/dagger/templates/engine-statefulset.yaml#L67-L69

You can override the image using engine.image.ref as a workaround, but honestly, it seems a bit weird that the version set here isn't an actual tagged release of the chart - those aren't really supported (th...

What is the issue?

A project with a number in the name, such as "k8s-test-app", causes class lookup failure with Python SDK.

No @dagger.object_type decorated class named K8sTestApp was found

I tried various combinations of dagger init --name k8s-test-app and renaming generated python module directory and class name. Also tried using [project.entry-points."dagger.mod"] in pyproject.toml but only managed to produce different kinds of lookup errors.

Would it be possible to con...

Is your feature request related to a problem? Please describe.

Currently, there isn't a dedicated, step-by-step guide in the official Dagger documentation detailing how to configure Dagger's OpenTelemetry (OTEL) trace exporting to send data to Grafana Cloud for visualization. Users have to piece together information from OTEL documentation, Grafana Cloud documentation, and potentially community examples, which can be time-consuming and error-prone.

Describe the solution you'd like

...

What is the issue?

I followed

Setup tracing at https://dagger.cloud/traces/setup. To hide set DAGGER_NO_NAG=1

from the CLI.
It was working yesterday, so I believe it's a token expiration thing.
So I got to the traces setup page, clicked on the github logo
Then, I saw the loading page of dagger cloud v3, but nothing loaded and the request log showed me this

POST	https://auth.dagger.cloud/oauth/token

403
{"error":"invalid_grant","error_description":"Invalid authorization co...

Currently Dagger routes LLM requests to the appropriate client based on model names https://github.com/dagger/dagger/blob/main/core/llm.go#L285

This is not scalable to hosted providers (azure, aws bedrock, google vertex) or proxies (litellm, gpustack, ...) because you generally have a single OpenAI compatible service hosting all of your models.

Dagger should have an explicit provider option that overrides the automatic routing to support these services

What is the issue?

Dagger module does not init on MacOS Intel Chip with Java SDK

Dagger version

dagger v0.9.4

Steps to reproduce

Follow build an agent instructions for Java

Log output

No response

Motivation:
Integrate support for running WebAssembly (WASM) workloads via Docker's WASM integration (e.g., using the wasi/wasm platform) within Dagger pipelines. This would allow users to leverage the benefits of WASM for specific pipeline steps or services.

Benefits of WASM:
Adding WASM support offers significant advantages for future DevOps, production, and deployment scenarios:

• Performance & Efficiency: WASM modules have near-native execution speed and incredibly fast ...

What is the issue?

Dagger clients do not properly detect session termination and continue executing even after a shutdown is triggered, resulting in the job running until a full CI timeout.

In our case, healthchecks were failing fatally in the background and the session was closed, but the client continued running .withExec() steps and exporting files, unaware of the termination. This caused the job to appear stuck without any progress updates, eventually failing only after hitting...

@jedevc ☝ I think I need your comments about this issue.

What is the issue?

When running this function:

    @function
    def lib_deps(self) -> dagger.Directory:
        base_dir = dag.container().from_("debian:bookworm-slim").directory("/usr/lib")      
        libs = (dag.container()
            .from_("debian:bookworm-slim")
            .with_exec(["apt", "update"])      
            .with_exec(["apt-get", "install", "-y", "zlib1g"])
            .directory("/usr/lib")
        )

        return libs.diff(base_dir)

I face

...

What are you trying to do?

The typical use case is running database migrations against a database service, with the goal of running a container using the resulting, migrated / seeded database.

Right now, there is nothing to chain from to get the modified directories on the service.

Example API that could solve this:

  @function
  def database_service(self, src: Source) -> dagger.Service:
      postgres = dag.container().from_("postgres:latest").with_env_variable("POSTGRES_P...

What is the issue?

The engine connection process is being interrupted, resulting in multiple connection errors. The specific error message "error reading server preface: read |0: file already closed" showing while trying to connect dagger engine. Please refer the attached screenshot.

Dagger version

dagger v0.18.9 (docker-image://registry.dagger.io/engine:v0.18.9) windows/amd64

Steps to r...

What is the issue?

shamelessly copy-pasting from [discord](#general message):

in dagger 0.18.6, while exitting a container container | from node:18-alpine | with-mounted-directory /mnt ./ | terminal back into dagger shell, I woke up some hungry ass beast sleeping inside Dagger that immediatelly ate up all the remaining 14G of my RAM.

Yes, I'm calling it -- there's a memleak somewhere in there 🙂 killing dagger proce...

What are you trying to do?

We would like to run commands in containers and use the output as the value of a secret

Doing it naively appears to be insecure and ends up logging password.txt. Snippet with a source available example

	plaintext, err := m.AwsSdk().
		WithEnvVariable("AWS_ACCESS_KEY_ID", roleCredentials.AccessKey).
		WithSecretVariable("AWS_SECRET_ACCESS_KEY", roleCredentials.SecretKey).
		WithSecretVariable("AWS_SECURITY_TOKEN", roleCredentials.SecurityToken).
		WithExec...

Had a quick discussion with @marcosnils - we both decided we don't like the above - it feels dangerous that you can read a Secret from any file, which would be cached. So, Container.secret will need to have a check to ensure that the secret file has been "masked" correctly using WithSecretVariable.

Using Container.withMountedSecret to mask that path is also kind of weird, since it requires that you first call setSecret with an empty value. Instead of that, we could have `Container....

Problem

Current Dagger pipelines lack a built-in, seamless, and secure method for handling sensitive information like API keys and database credentials across various execution environments. This complicates secure secret management and degrades the developer experience.

Solution

Propose adding a robust, built-in secret management service to Dagger Cloud. This service would provide:

• Centralized storage for diverse secret types.
• Version control for secrets, enabling easy rotation an...

What are you trying to do?

Right now, it shows when it was executed, but I believe it would also be nice to see how long it has taken.
Especially if you chain runs on your CI (as I did) and want to compare 2 runs.

Why is this important to you?

As I passed from 5m30s with empty cache from depot.dev to 44s with hot cache, it's very compelling to see the improvement.

How are you currently working around this?

Clicking on each run to see the difference

What is the issue?

If I run the following command time dagger --cloud -m github.com/dagger/dagger call check --targets=docs from my $HOME directory, the command fails and it takes ~30s total: https://dagger.cloud/gerhard/traces/120a91f99d41d8d5c0623d896c38e7b4#0f4fdcf4884dc83c

If I run the same command from cd $(mktemp -d) it succeeds & it finished within ~20s: https://dagger.cloud/gerhard/traces/36412a610d902cadb6fa2214ce376d6d#276b326231fc59cc

It seems that when I run t...

What are you trying to do?

imagePullSecrets (https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) could be taken advantage of by dagger, mainly considering one can easily hit dockerhub pull limits.

Currently there's a workaround that can be done, by explicitly mounting the ~/.docker/config.json into the k8s pod where the dagger CLI runs.
However, if this could be integrated with a more "native k8s way", that would simplify a lot the life of dagger u...

What happened? What did you expect to happen?

I'am using docker buildx bake to use multi-step build.

In docker buildx I can use target as base image like below

In dockerfile

FROM base_image

# .. some docker step

In bakefile reference

target "intermediate" {
   ...
}

target "output" {
   dockerfile = "./Dockerfile.out"
   contexts = {
     base_image = "target:intermediate" 
   }
}

Then, target output build docker image based on build result of target intermediate

I...

What are you trying to do?

GitHub Models is a very convenient LLM provider that available in-context in GitHub Actions via GITHUB_TOKEN.

It's also easily available from any context where you're logged in with gh.

This makes it extremely convenient for LLMs involving software engineering, e.g. in GitHub Actions.

Could we please add GitHub Models as an implemented and documented model provider?

Thank you

Why is this important to you?

...

What is the issue?

When using Dagger in gitlab-ci the pipeline succeeds even if the steps fail.

For example we push the alpine container to a registry. It returns success even if it fail to push the container.

Dagger version

dagger v0.18.9 (docker-image://registry.dagger.io/engine:v0.18.9) linux/amd64

Steps to reproduce

1. Deploy a Kubernetes Executor
2. Create a dagger pipeline to push an image to private registry.
3. call the pipeline in gitlab ci without specifying the ...

What are you trying to do?

I would like to have a container that can talk with a service it depends on, such that they can call up each other:

flowchart LR
    a[Container] -->|dials| b[Service]
    b -->|dials| a

In practice, the Go code looks something like:

svc := docker.Container().From(...).AsService(...)
c := docker.Container().From(...)

// There is no way to make them communicate between one another at this stage!
c, err := c.Sync(ctx)

Why is this...

What is the issue?

Given the following code:

type Test struct {
	Test string
}

func (m *Dagger) Test(test Test) {}

Running test test in the Dagger interactive shell results in:

✘ test test 0.0s ERROR
! query:
  query{dagger{test(test:"test")}}

  error: parse selections: parse field "test": init arg "test" value as core.DynamicID (DaggerTestID!) using core.DynamicID: decode "DaggerTest" ID: failed to unmarshal proto: proto: cannot parse invalid wire-
  format data
```...

What is the issue?

When testing out Dagger locally, layers seemed to fail to cache randomly. It was confusing to me because it seemed like Dagger caching wasn't working at all as advertised. I was running Dagger under a Colima VM on my mac with a virtual disk size of 25GB.

I pruned my Dagger cache (and some other caches on that VM) and restarted the test, and suddenly things were caching as expected! It was then when I checked the Dagger caching documentation and saw the note about Dagg...

To prevent users from being confused in the future, Dagger should warn them if a cache GC prevented their layer from otherwise being loaded from cache. I'm not sure the best way to do this, maybe a "tombstone" when a layer is deleted from a cache with that layer's inputs? And then some sort of warning on the CLI when a layer could've been restored from cache but wasn't able to be because a tombstone was present?

Good idea. We're coincidentally working and revamping some of the caching int...

What are you trying to do?

Hello,

In our setup, we have created our own JSON config file that controls a lot of the moving parts in the pipeline (software versions, toggleable options, etc.). The config file is a module input of type *dagger.File, and it gets read and unmarshalled at the start of the pipeline. This makes it so that the entire pipeline depends on the digest of the entire file. If we so much as just change a whitespace character in the file, the entire chain gets cache-...

What are you trying to do?

Currently, the Java SDK is not usable in Enterprise use cases (maybe even non-enterprise) because it doesn't support user local .m2/settings.xml. This settings.xml is where the user sets private registry as well as auth. It's similar to the auth file docker stores on local and dagger pull that in automatically. Same happens with Git for private registries. This solution may require somethings similar.

Why is this important to you?

Java is probably o...

What are you trying to do?

I have multiple modules that are using models. Some modules are using the same model, some are using others.
I'm defining the module in a .env file in each module directory, but there's some limitations:

• what if I'd like to use two models running in different places? For instance I'd like to use a local model running on my machine and gpt, both inside the same dagger module.
• how can I share configuration across multiple modules? I need to copy/paste my `...

What are you trying to do?

I would like to be able check if image:tag already exists in remote repository i.e. I want a wanted dagger.Container.Exists function to check if the container/tag are available, similar to how dagger.Container.Publish is today.

It would be nice to be able to do this using 'Container' for several use cases, currently my options are (I guess) ...

I've found it's technically possible to do this by calling Sync and checking the returned error. For example,

package main

import (
	"context"
)

type ImageExists struct{}

func (m *ImageExists) Exists(ctx context.Context, ref string) string {
	_, err := dag.Container().From(ref).Sync(ctx)
	if err != nil {
		return "does not exist"
	}
	return "image exists"
}

And calling

$ dagger call exists --ref does-not-exist
▶ connect 0.5s
▶ load module: . 5.9s
● parsing command line...

What are you trying to do?

It would be a really helpful feature to support telemetry for dagger.Service types.

Why is this important to you?

Adding telemetry support to dagger.Service would help developers with debugging applications. Capturing metrics like HTTP request methods, URIs, response times, and status codes would allow developers to troubleshoot performance issues locally, and in cloud, such as identifying slow endpoints.

How are you currently working around this?...

This was discussed on Discord [here](#general message).

A quick and dirty example:

main.go

package main

import (
	"dagger/dagger-test/pkg/foo"
)

type DaggerTest struct{}

// Foo returns a custom Foo type
func (m *DaggerTest) Foo() *foo.Foo {
	return foo.NewFoo(dag)
}

pkg/foo/foo.go

package foo

import (
	"dagger/dagger-test/internal/dagger"
)

// Foo is a simple custom Dagger type
type Foo struct {
	//...

Currently written in the documentation: "Only types and functions in the top-level package are part of the public-facing API for the module."

Would be nice if external sources such as e.g. go modules were supported for type definition.

Let us assume the following content in a go example module:

type Example struct {
	foo     string
	bar  string
}

Once published it could be added to dagger modules with go sdk like:

go get example.com/example/ex@v0.0.0

The s...

Current behavior:

I have an engine running that is version v0.18.9
I have just upgraded my CLI to version v0.18.10

Default behavior:

When I run something with the CLI, like dagger functions, the CLI will kill the v0.18.9 engine, start up a v0.18.10 engine, connect to it, and run my command

Leave old engine

If I set DAGGER_LEAVE_OLD_ENGINE=1 in my environment first, the CLI will start a new v0.18.10 engine for my session, but it will not delete the v0.18.9 e...

What are you trying to do?

Environments are a way to define a specific set of functions an LLM will be able to see as tools. This allows to reduce the number of tools the LLM will see or to provide specific tools, both in order to improve the ability to complete a task.

[!NOTE]
This is extracted from #8030 but focusing only the LLM/Env/type awareness and not on the self calling aspects.

It's currently possible to use a primitive type a...

Let's say I have a module my-agent that contains a type workspace (a struct in Go, a class in Java, etc).

What I want is:

dag.Env().WithWorkspaceInput("input", &Workspace{}, "the workspace")

Type Exposure

By default the Workspace type is not exposed. It needs to be exposed by a function of the module to be exposed. So it needs somethings like that:

func (m *MyAgent) Workspace() *Workspace { return &Workspace{} }

Then we can imagine to keep the above cal...

A separate motivator for using the API instead of native code is caching

@vito also tracing 😍

@eunomie The dag.Self().Workspace() approach (or dag.MyModule().Workspace() per https://github.com/dagger/dagger/issues/10336#issuecomment-2855190339) makes the most sense to me, at a technical level.

The problem with directly passing a &Workspace{} is that all object arguments work by passing the object's ID, which is generated through the process of making API calls. If you directly create a &Workspace{} and pass it in, we don't have an easy way to translate that to an ID at the AP...

All right, I have a first PoC ~working. I'll open a draft PR with it. It's just a PoC, there's multiple issues and improvements required:

• drop in speed
• codegen doesn't work in all cases (but module call works)
• the display of the conversation with the model disappeared
• this currently only works with the java SDK and it requires changes on the SDK side

But I'm able to run my previous demo with the workspace within the main module, so without ...

@eunomie I don't have the complete answer, but wanted to make a more general note on self-calls: if possible, I think we should avoid dag.Self() and instead use dag.Foo() where foo is the name of the module. In other words, the naming of the binding should be the same as for regular dependencies.

I think there are several reasons for this. But one specific reason for me, is that I want to leave the door open to having more than one runtime per module in the future ("runtime stacking") ...

~+1 to dag.MyModule().AlpineWorkspace() where MyModule == self~

Thinking on this more...

As I understand it, the current proposal would look like this in Go:

func (m *HelloDagger) Agent(ctx context.Context, prompt string) (string, error) {
    ws := dag.HelloDagger().Workspace()
    return dag.LLM().
        WithHelloDaggerWorkspaceInput(ws).
        WithPrompt(prompt).
        LastReply(ctx)
}

func (m *HelloDagger) Workspace() *Workspace {
    return &Workspace{
        ctr: dag.Container().From("alpine"),
    }
}

type Workspace struct {
    ctr *dagger.Container
}

fun...

Thank you very much! Don't take my critique as anything other than a serious look at the value at what this brings.

Problem

Suppose a user is working on a fairly standard frontend/backend project. The user will likely have two separate Services for each service:

func (MyModule) Frontend(
    // +defaultPath="./src/frontend"
    src *dagger.Directory,
) *dagger.Service {
    return dag.Container().
        From("node:latest").
        WithWorkdir("/src").
        WithMountedDirectory(".", src).
        WithExec([]string{"npm", "install"}).
        WithExec([]string{"npm", "build"}).
        Wit...

What is the issue?

dagger session destroy command is stuck. I can't stop it with Ctrl-C.

![Image](https://uploads.linear.app/0b2a9228-3827-45ff-bb20-ccd34f57f694/7abceb28-bdfe-4d40-8684-40de9783c87d/56560195-0069-4a81-b237-31d10a066fe2?signature=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwYXRoIjoiLzBiMmE5MjI4LTM4MjctNDVmZi1iYjIwLWNjZDM0ZjU3ZjY5NC83YWJjZWIyOC1iZGZlLTRkNDAtODY4NC00MGRlOTc4M2M4N2QvNTY1NjAxOTUtMDA2OS00YTgxLWIyMzctMzFkMTBhMDY2ZmUyIiwiaWF0IjoxNzUxNDY5NDQ1LCJleHAiOjMzMzIyMDI5ND...

I was trying to load a different version of the trivy module, and it conflicted with the local one. I was hoping the session destroy and mod cache prune commands would clear the cache, and I could get the intended version of trivy. This is the error I was trying to work around:

! failed to serve module: module trivy (source: github.com/jpadams/daggerverse/trivy@44c178290a412483e785a436aabc46c707842a62 | pin:
44c178290a412483e785a436aabc46c707842a62) already exists with different sou...

For svc.Endpoint, it would work identically to how it already works today for a multi-port service. Not sure if there's a specific issue here.

The new service group would probably have to get a new hostname specifically for that. Then, svc.Hostname would make sense? Sadly, that does mean that under the hood we'll probably have to proxy.

WithServiceBinding would bind all the ports in the service to the specified hostname - just like it does today.

This makes me think if it might b...

dagger session destroy isn't a dagger command. Neither is mod cache prune? I'm confused, where are you getting these commands from? To clear the cache, you can use dagger core engine local-cache prune.

Can you share some more context? How are you getting the error that you're sharing?

Thanks for looking into this. This is the original issue I was trying to work around:

▶ github.com/jpadams/daggerverse/trivy@44c178290a412483e785a436aabc46c707842a62 | scan-image alpine:latest 34.0s
                                                                                                                     
Report Summary                                                                                                       
                                                          ...

Love it - I think the proxying is a small price to pay for the simplicity of keeping it a Service.

@shykes do you have a proposal for what the Network type would be? I don't remember discussing it before.

Is it related to https://github.com/dagger/dagger/issues/7426?

The main use case for grouping Services together is to allow uping them together from the command line - and essentially moving the logic from @kpenfound's proxy module into core.

What are you trying to do?

I would like to inspect the host where the CLI is running to understand where exactly the dagger engine is running. As an Enterprise user of dagger, we have various compliance and security needs that we need to meet. One such need is the need to know exactly where the client (and the engine) is running.

We would like to take actions within our modules based on the host.

Why is this important to you?

An example of something we would like to do is, based ...

https://docs.dagger.io/api/chaining#export-directories-files-and-containers
https://github.com/dagger/dagger/blame/14ff07af8b91c091e1f1e7afbf0e01316142f8ca/docs/current_docs/api/chaining.mdx#L217-L219

▼ github.com/kpenfound/dagger-modules/golang@v0.2.1 |
  build ./cmd/dagger --source=https://github.com/dagger/dagger |
  export ./my-build 0.0s ERROR r jump ↴
╰─✘ export 0.0s ERROR r jump ↴
  ! input: golang.build failed to stat file /out: process "go build -o /out/ ./cmd/dagger" did not co...

Following this discussion: #1384134172502659162 message

Summary

Private package authentication in Dagger requires different approaches across SDKs. All SDKs can use git-based packages via SSH authentication, but many enterprises require HTTPS with Personal Access Tokens instead. Additionally, Python and TypeScript have package registries (PyPI, npm) that need separate authentication. Regarding the current private registry support...

A second failing example in the same section:

▼ github.com/dagger/dagger/modules/ruff |
  lint https://github.com/dagger/dagger |
  report |
  export /tmp/report.json 24.6s ERROR r jump ↴
╰─✘ export 9.0s ERROR r jump ↴
  ! ghcr.io/astral-sh/ruff:0.11.13@sha256:45cb2b28f0ad694917b159c65d058f1eeafdda0cb155a30374194c4c4b6c56df: failed to resolve source metadata
    for ghcr.io/astral-sh/ruff:0.11.13@sha256:45cb2b28f0ad694917b159c65d058f1eeafdda0cb155a30374194c4c4b6c56df: failed to authorize:...

@dagger/docs because ghcr is an authenticated registry, we need instructions before to authenticate to it.

I don't think this is something we're likely to add.

We would like to take actions within our modules based on the host.

The way to do this should be through function arguments - there's no other mechanism we're really looking at to do that.

One of the reasons for this is that function arguments are explicit - you can cache a function based on it's arguments. But if that function inspects other information, then that's suddenly not possible - all of the caching we can currently do (and...

The way to do this should be through function arguments - there's no other mechanism we're really looking at to do that.

The problem with function arguments is that they are user provided. Which won't work with what I'm trying to do as they can be spoofed.

Fair. The way I'd accomplish this is with properly scoped credentials - users shouldn't have credentials able to push to that remote registry. I'm not sure that dagger specifically should provide this logic.

Also fair. Let's say, ins...

An example of something we would like to do is, based on whether the user ran dagger from their local laptop or in Jenkins CI, we would like to prevent certain actions like publishing artifacts to our artifact registry.

This as an argument of "exposing host details about where the CLI is running" doesn't seem that strong to me.

First, because I agree with Justin that this should probably be enforced at a different level given that enforcing this in Dagger doesn't prevent the fact that us...

Are you sure about this?

Good catch. You can store the index URL (for vanilla pip) in ~/.pip/pip.conf. For uv you can use separate env vars for credentials. Maven has the settings.xml.

Unfortunately, Go is the outlier here. I don't think there is another way to set credentials besides user:pass in the GOPROXY url. We can avoid it by setting GOPRIVATE.

Python requires embedding credentials in URLs (not the best security practice) while TypeScript has no registry auth support.

Are you sure about this?

AFAIK npm supports npm login so you could use that to login to any registry service (i.e: https://jfrog.com/help/r/jfrog-artifactory-documentation/authenticate-using-npm-login). And AFAIK python has the .pipyrc config file where you can specify your repositories and credentials (https://packaging.python.org/en/latest/specifications/p...

What are you trying to do?

I am trying to reliably access (both programmatically and in Dagger Cloud) the output of .with_exec() steps that might or might not have been cached previously. Right now it seems cached steps don't store their stdout, so cached and non-cached runs behave differently.

Related Discord thread: https://discord.com/channels/707636530424053791/1397564686618198026

Why is this important to you?

Generally speaking, caching is a technique to improve performanc...

What is the issue?

I have a module which creates a symlink over a file which already exists. I've been using a small helper function to call ln -sf to create the symlink, but decided to move to using the WithSymlink introduced recently. Understandably, calling it raises the following error:

! symlink /dev/stdout /var/lib/dagger/worker/cachemounts/buildkit3966597304/var/log/nginx/access.log: file exists

I don't necessarily expect the default behaviour to override the file, b...

Not related to the implementation discussion above, but still possibly relevant ([source](#1397564686618198026 message)):

Once [the present ticket] gets implemented, I suppose this would impact the behavior of stdout()? Namely, its presence/absence wouldn't really make a difference anymore [for the TUI], since the output of all commands would always be available and shown by dagger run -v. However, I only want to show [on the c...

cc @alexcb

We're actually already very inconsistent with how we handle overwriting existing content.

• Creating a file with WithNewFile on top of an existing file, succeeds
  • container | with-new-file "foo" "" | with-new-file "foo" ""
• Creating a directory with WithDirectory on top of an existing file, succeeds
  • container | with-new-file "foo" "" | with-directory "foo" $(directory)
• Creating a file with WithNewFile on top of an existing directory, fails
  • `container | wi...

Agreed we should do this :tada: (or at least have a dial to make it configurable).

The reason that it doesn't do this today is because the OTEL terminal output is created inside the WithExec dagop, which doesn't run if cached. https://github.com/dagger/dagger/blob/b8fd58b689a0ea2e3159f8bf2ac3d0e3fc7ab6ad/engine/buildkit/executor_spec.go#L659-L662

I think it's possible to create this same kind of span if we're cached (I think we can detect this case), and simply read the stdout file from...

@jedevc Ideally it'd be even more detailed: the telemetry log data is split between stdout and stderr streams, and it'd be nice if we preserved all that on cache hits too. That way logs will be interleaved like they were when it really ran, and if we want to do UI cues for stdout vs. stderr (e.g. stderr slightly red background) we can have it for cache hits too.

Maybe we could somehow align telemetry with caching? Like when we cache an op, we also keep its related telemetry? Right now that a...

We added support for module interfaces a while back.

However, we never went the full way and we didn't ever need interfaces in the "core" module (the main dagger API). So it just doesn't work right now.

There are several cases I think we should support:

• Allowing core types to implement core-defined interfaces
  • Some types just make more sense as an interface! They already have multiple "backends", like GitRepository or Service. We should expose this implied interface as a real int...

It may be possible now to use Copilot APIs as an LLM provider allowing users with Copilot access to use those models within Dagger.

Looking at the implementation in sst/opencode, we should be able to initiate an oauth flow with Copilot. There are some references to using a token as well which may or may not actually work. Needs investigation.

With token (may not work):
Set base_url to https://api.githubcopilot.com
Get the api key from ~/.config/github-copilot/apps.json

Oauth flow:
http...

What happened? What did you expect to happen?

Hi there. I created this issue to document how a recent change to the engine impacted us when upgrading. We have since solved our issue, but I thought it might be interesting to document it here.

Our organisation deploys a single version of the dagger engine for our CI runners - this is because it would be too expensive to deploy multiple versions. Dagger modules across repos are subject to the CI version and when upgrading, all CI builds ar...

Sorry for the bikshedding, but I'd prefer to avoid dagger login --status. IMO, dagger login should always attempt to login, while flags should modify that behavior, not perform a different action.

I like the idea of an auth subcommand?

What simplification are you referring to? I'm not aware of anything in our code that tries to hide excludes that don't end up matching anything. The code that results in this call is here, it's just setting exclude in the Host.directory call pretty straightforwardly.

Are we sure that exclude being empty isn't just a TUI bug?

It's not a TUI issue. But it's also not an intentional optimization/simplification.

Here's what's happening - when you make these calls, they both end up with the same content digest:

• Host.directory(path: "/", exclude: ["something-that-doesnt-exist"])
• Host.directory(path: "/")

I changed a module to have two context dirs like this, and was able to reproduce the problem:

• Trace 1 - when the ignored file doesn't ex...

Maybe we could allow "pinning" to a semver spec as an alternative to a precise SHA, and always roll forward to the latest compatible? Then, at least, you can signal breaking changes with a major version bump.

This would be ideal. I agree with OP and can definitely relate.
If you were rolling out blueprints across multiple repos, you’d absolutely want the option to pin to a major or minor blueprint version.

What are you trying to do?

User asked:

Another question on this .... is a --source that is a git repo a full clone? Am I supposed to have access to all the tag and metadata?

Short answer, no.

since i'm working with azure repos it complicates things. Good to know i explored all options. made it a little tricky 🙂

You can look at
/a case:

dagger -M -c 'container | from alpine/git | with-workdir /a | \
with-exec git,clone,https://github.com/dagger/dagger,. | terminal'

vs
`/b...

Setup

Assume the following module:

package main

import (
	"context"
	"dagger/foo/internal/dagger"
)

type Foo struct {
	Entries []string
}

func New(
	ctx context.Context,
	// description goes here
	// +defaultPath="./arg"
	// +ignore=["foo.txt"]
	myArg *dagger.Directory,
) (*Foo, error) {
	entries, err := myArg.Entries(ctx)
	if err != nil {
		return nil, err
	}
	return &Foo{entries}, nil
}

With the following testdata:

$ mkdir arg
$ touch arg/{foo,bar}.txt

Get the t...

What are you trying to do?

I am currently building an experimental Continuous Delivery (CD) pipeline using Dagger to release software & configuration changes to our CDN platform. This requires taking multiple inputs, such as the details of the person making the change, the artefacts to release (packages & versions, configuration changes) and the list of targets (physical machines) to deploy the changes onto. This input data must be validated, and is stored beyond the lifetime of the Dagg...

Today, the functions and their args do not illustrate some common best practices and style.
The large comment block is simply removed by most and so we should make it much shorter and to the point.
Fixing this will help adoption and be a more delightful experience for new and existing users.

• [ ] module comments shortened to essential
• [ ] functions/args reworked
• [ ] tests updated (there are many tests relying on the output of dagger init today)

What is the issue?

Description
I'm deploying Dagger as a DaemonSet on a Kubernetes cluster, and I've set CPU and memory limits on the dagger-engine pods. However, the containers launched by Dagger (dagger core container from ...) do not inherit these resource constraints, and can consume significantly more memory than specified.

Dagger version

dagger v0.18.12 (unix:///run/dagger/engine.sock) linux/amd64

Steps to reproduce

Setup

• Dagger version: v0.18.12
  -...

Additional investigation on cgroups for containers launched by Dagger

I ran a container inside Dagger and inspected its cgroup settings from within the container.
Here’s the result when inspecting /sys/fs/cgroup/

/ # ls /sys/fs/cgroup/buildkit/<containerID>/
cgroup.controllers        cgroup.max.descendants    cgroup.type               cpu.stat                  cpuset.cpus.partition     ... [truncated for brevity]
/ # cat /sys/fs/cgroup/buildkit/<containerID>/cpu.max
max 100000...

Live development proposal

[!NOTE]

This top-level item is kept up to date - see previous versions using by looking at the edits.

This is an mega attempt to solve #6990 - our most upvoted issue in the backlog.

It's a big issue, and there's lot of different use-cases, proposed solutions, and prototypes. This is an attempt to unbundle all this, and try and address each use case - and imp...

Pretty much this:

https://github.com/dagger/dagger/blob/40dba8d312c76caed679a9ba952048c52c96a259/core/git.go#L789-L794

Problems:

• Bad caching. If a submodule A is already in the cache as repo A, we won't actually clone after that.
• Weird auth. See https://github.com/dagger/dagger/pull/10855#discussion_r2266427963. We should be able to configure auth for submodules.
• Inflexible. While we can configure the --depth of a clone, we can't do this for submodules - we always go to ...

@shykes under that suggestion, is there a way to distinguish between the live service mounts or the live service rebuild?

I think if there's a way to do that, I don't have a huge objection - I do think it'll make implementation trickier (especially in terms of what can/can't cache), which is one of the reasons I preferred a separate type - I'll have to give it a proper think to see if I can understand the implications.

I'd also want to make sure that every type can support a watch metho...

Ok, I've updated the top-level with a new proposal that keeps existing types and doesn't introduce any. It's not quite as discussed, but I think it's neat!

The big changes from the discussion we've had is:

• Service.watch isn't a thing - instead, I've put it as an argument to AsService.
  1. Service.watch only really makes sense on container services, it kind of breaks the service abstraction.
  2. It's really useful (implementation wise) to know at the time of service creation whether...

Duplicate of https://github.com/dagger/dagger/issues/9343

What is the issue?

Specifying $HOME environment variable in some Container.With* method does not expand the environment variable to what it's pointing to, despite the environment variable being defined in the container.

Is this a bug or is there something I am misunderstanding?

I am working around this by just writing out the path to $HOME, so it's not the end of the world, but it's an annoyance.

Dagger version

dagger v0.18.14 (docker-image://registry.dagger.io/engine:v0.18...

Some services (like the containerd service) only listen on unix sockets. We don't really support those, all our services are tcp/udp networked.

[!NOTE]

To workaround, we're doing something like: https://github.com/dagger/dagger/blob/28043bb7c21924d5e0663abf6ef3a2b8e8591f6c/core/integration/provision_test.go#L337-L344

We put the unix socket into a CacheVolume, and then mount it in both the server and the client.

This "works", but 1. is hacky, and 2. doesn't support useful feat...

Also: how would we handle host services listening on unix sockets?

It seems like after a terminal has been run in the "background" of the TUI, we fail to restore events correctly.

This seems to affect:

• Mouse isn't restored (caused by disableMouse called by ReleaseTerminal not having a corresponding undo in RestoreTerminal) https://github.com/charmbracelet/bubbletea/blob/b224818d994537a25de86e2658fb9f437ea0baf4/tty.go#L41-L45
  • Upstream issue: https://github.com/charmbracelet/bubbletea/issues/1424
• The first key press after unbackgrounding gets ...

Dagger currently only supports UNIX based OpenSSH agent forwarding

The underlying reason is:

1. The current socketStore only supports UNIX + IPSocket, no named pipes
2. We query the PATH to the socket (https://github.com/dagger/dagger/blob/3dfb4eeba6308ce86f1bbdc2368247eddb08bba9/engine/client/client.go#L1149), by honoring SSH_AUTH_SOCK. However, not all clients on Windows seem to respect ...

What is the issue?

I am using the following query and have tested both Typescript and Go modules using the documentation example and asEnum.members are always null for both.

Here is the GraphQL:

query directoryAsModule {
  host {
    directory(path: ".") {
      name
      asModule {
        id
        name
        objects {
          kind
          asObject {
            description
            name
            functions {
              id
              name
              desc...

Ahhh, yeah, this is a very fiddly known problem.

TL;DR: the typedefs in arguments/return values are "references". They're not fully populated.

If you modify your query to:

query directoryAsModule {
  host {
    directory(path: ".") {
      name
      asModule {
        id
        name
        objects {
          kind
          asObject {
            description
            name
            functions {
              id
              name
              description
              re...

What is the issue?

Originally reported in discord: https://discord.com/channels/707636530424053791/1410361079061807306

I have a pipeline that after calling many functions reaches the point below. I find that the first terminal is not the same as the second one through --interactive when integration tests fail:

test_container = (frontend_with_env
                  .with_service_binding('proxy', proxy_service)
                  .with_service_binding('backend', back...

Issue

The Go, Python and Typescript SDKs implicitly return Void, if no type is specified: reference

The PHP SDK demands all Dagger Functions define their return type.

Should It Be Supported?

Referring to the SDK design guidelines:

Aim for the best developer experience,...

What is the issue?

As I saw in one of the previous releases, Dagger is now by default filtering files from .gitignore.

This erroneously affects files that are already added staged (for ex with git add --force, or added prior to .gitignore modifications), but would have fallen under .gitignore if they wouldn't.

I have a few small .mp4 files checked into the repo for testing purposes. My .gitignore also ignores **/.mp4. My tests in Dagger now started failing after an upgra...

Re-opening this, since this is a legitimate issue I want to track separately.

From @marcosnils in [discord](#maintainers message):

is it me or this description in not true? https://github.com/dagger/dagger/blob/c99b557537d68b9fc662a4533f4adb7696907a43/dagql/types.go?plain=1#L212

since multiple functions in that dagql Int type like this one https://github.com/dagger/dagger/blob/c99b557537d68b9fc662a4533f4adb7696907a43/dagql/types.go?plain=1#L217-L226 are also effectively handing the case for int64...

What happened? What did you expect to happen?

Hello - is there a way to run dagger without the daemon and docker images / service? Essentially run it inline on the cli (client runtime)?

What are you trying to do?

Building images, we get a lot of failures due to 429s from Docker Hub. Running with higher verbosity, it appears like there is a huge amount of simultaneous pull-requests being sent - including for images where we already have the latest version.

Mitigations that come to mind:

1. Add CLI-flag to configure pull-behavior (always=like now, missing=only pull missing images, never=never attempt to pull base images from remote)
2. Reduce number of simultaneous...

What is the issue?

Environment
• GKE cluster
• Self-hosted GitLab Runners
• Dagger Engine v0.18.15 deployed as DaemonSet on runner nodes

Problem

We’ve recently started seeing random pipeline failures with the error:

Dagger version

dagger v0.18.15 helm chart as a daemon-set

Steps to reproduce

Not sure how to produce it

Log output

When the error occurs, engine logs show thread exhaustion:

2025-09-11T04:50:39.601124906Z stderr F time="2025-09-11T04:50:39Z" lev...

#10867 added support for interactively debugging Directorys, Containers and Services.

However, one important thing is still missing: I can't debug an ExecErr.

For example:

I can't interactively debug the failed withExec - because it simply attempts to replay the ID, which fails.

Realistically, in this case, we should be able to replay the ExecErr, and enter that debug state - all without needing to pass -i at the top-level.

Doing this is a bit tricky - it means we'll need...

Sounds good to me :tada:

We already have the DAGGER_NO_NAG flag, we could reuse this 🤔 Just wanting to avoid an env var for everything.

What is the issue?

Version 0.18.17 introduced the NoGitAutoIgnore argument, which is even highlighted in the releases as a breaking feature. Which with the rust sdk specifically means code no longer compiles without changes, which is not a good thing considering unless locked to a specific version cargo will happily update to newer patch versions.

Honestly I get that the change isnt too breaking for most of the sdks, due to optional arguments etc, but for rust which doesnt have tha...

What is the issue?

Several examples in the documentation fail when using the PHP SDK.

See: https://github.com/dagger/dagger/pull/11086#discussion_r2358610881
Code

See: https://github.com/dagger/dagger/pull/11082#discussion_r2357882486
[Code](https://github.com/vikram-dagger/dagger/blob/563d746bcd437b8b1ba0b42c70cb0d0d3dec008...

Dagger has native 1password integration. To test it in dev, I need to inject a 1password service account token into the dev container. I do this manually eg. dev | with-secret-variable OP_SERVICE_ACCOUNT TOKEN xxx | ..., but it would be nice to make it an optional argument of dev and other build functions. Especially with upcoming #11034 , then I can add it to my .env and type shorter commands :)

What is the issue?

🚨 Dagger SDK Compatibility Issue with Go 1.24+ and 1.25.1

We've identified a critical compatibility issue when using Dagger SDK with Go 1.24+ and Go 1.25.1.

❌ Problem

Build fails with telemetry-related errors:

# dagger.io/dagger/telemetry
../../../go/pkg/mod/dagger.io/dagger@v0.18.17/telemetry/transform.go:69:29: cannot use res (variable of type *resource.Resource) as resource.Resource value in argument to ResourceToPB

🧪 Testing Results

| Go V...

Occasionally (several times a day), when exiting an interactive TUI session, dagger does not relinquish control back to my system shell: it just hangs there.

• SIGINT (Ctrl-C) does nothing
• SIGQUIT (Ctrl-\) usually works. It results is a segfault with a massive stack trace

Anecdotically, this seems to happen after "big" interactive sessions, with a big build (dagger -m github.com/dagger/dagger | dev | ... | terminal...

What are you trying to do?

I'd like to use the Google Vertex APIs with Dagger. The Vertex APIs are different from Google's Gemini APIs in that they use the Application Default Credentials instead of a specific API key. The google.golang.org/genai package already being used in llm_google.go supports the Vertex APIs and a standard env var mechanism to inject them:

type ClientConfig struct {
	// Optional. API Key for GenAI. Required for BackendGeminiAPI.
	// Can also be set via t...

Ah that makes sense! I didn't actually check the error message.

So the issue was actually the CLI hang on session end, then.

Haven't experienced it lately.

See https://github.com/dagger/dagger/pull/11073, https://github.com/dagger/dagger/pull/11032#issuecomment-3303982431

Essentially, we never really had a consistent behavior here - now everything at least pulls the tag history.

But it's not fully consistent:

• doFetch should be set if we need to rework the tag history
• The resulting fetch should still be set to a consistent view of the tag history (from the ls-remote we did earlier)
  • Even if tags got updated between resolution and fet...

This will allow passing images from the local store into a dagger function.

#!/usr/bin/env python3
"""Simple test of Dagger container terminal functionality."""

import sys
import dagger


async def main():
    """Run a container with terminal access."""
    async with dagger.Connection() as client:
        container = (
            client.container()
            .from_("ubuntu:latest")
            .with_exec(["apt-get", "update"])
            .with_exec(["apt-get", "install", "-y", "bash"])
        )

        print("Starting terminal session in Ubuntu container....

What is the issue?

In v0.19.1, when both +defaultPath and +ignore evaluate to an empty directory, dagger incorrectly passes the source of a random dependent module instead.

Dagger version

dagger v0.19.1 (image://registry.dagger.io/engine:v0.19.1) darwin/arm64/v8

Steps to reproduce

Run https://github.com/skycaptain/dagger-issue-defaultPath with v0.19.0 and v0.19.1 and watch output.

$ dagger version
dagger v0.19.0 (image://registry.dagger.io/engine:v0.19.0) darwin/arm6...

What is the issue?

Given the following sample project:

-- main.go --
package main

import (
	"context"
	"dagger/socket/internal/dagger"
)

type Sockettest struct {
}

func (t *Sockettest) ReproduceSocketError(ctx context.Context, socket *dagger.Socket) error {
	repo := dag.Git("git@github.com:dagger/dagger-test-modules.git", dagger.GitOpts{
		SSHAuthSocket: socket,
	})
	root, _ := repo.Branch("main").Tree(dagger.GitRefTreeOpts{
		DiscardGitDir: true,
	}).Sync(ctx)

	_, err := dag.R...

Problem

When calling Changeset.asPatch, the full contents of the patch is dumped to the TUI, making the output unnecessarily verbose.

When chaining it with File.contents (Changeset.asPatch().contents()) that gets dumped too, so it's double penalty.

Solution

I guess change the logging and/or TUI rendering behavior, to not dump the full contents in Changeset.asPatch, and maybe File.contents while we're at it?

What is the issue?

System

• Python SDK (dagger-io==0.18.16)
• Matching Dagger Engine of 0.18.16

Description

I would like to exit my CI/CD pipeline early (or re-try) in the case that asService does not exit appropriately. I would assume there would be an exit_code() method exposed, similar to that of a Container object. However, this appears to not be the case.

The suggestion made in [this discord discussion,](https://discord.com/channels/707636530424053791/14262454389...

Dagger can natively load .gitignore and apply its rules to filter host directories pre-upload.

This feature is disabled by default, and can be enabled as an argument to Host.directory().
But, it can NOT be enabled by a function to specify pre-call filtering on its own arguments...
In other words, we are missing +gitignore (or +ignore="git")

Perhaps this is easier to implement by piggypacking on an existing directive (+ignore) which is already supported by all SDKs? But will SDKs allow p...

Problem

Currently the PHP SDK is synchronous only.

Technical Details

PHP (as of 8.4) has no standard way to perform asynchronous calls.

PHP has Fibers which get you part of the way there. But working purely with those is a bit awkward and there are already several libraries that wrap this step in a neat bow for you. 🎀

The GraphQL library we are using, can integrate with [several librari...

When I'm exploring modules, especially modules with multiple functions, this can take a while to understand what are the available functions to call.

It could be interesting to have an interactive way to browse functions.

Let's take as an example the main module of dagger/dagger:

$ dagger functions
▶ connect 0.5s
▶ load module: . 35.3s

Name              Description
bench             Find benchmark suites to run
bump              -
check-generated   Verify that generated code ...

Problem

In our quest to make our CI module faster, version stands out as a source of slowness. It takes a long time to load, every time. Main culprits are:

1. Git operations
2. Uploading inputs every time, just to compute a digest

Solution

🤷‍♂️

What are you trying to do?

Right now every time you do a dagger develop the dagger.json just pins to your current engine version - even if it's a dev version.

This gets really annoying because half the time the module would be just fine on the version it was. It would be nice if we only bumped that version when the module actually needs it.

Maybe we could do that based on views? I don't think we're marking what version new APIs appear in, because there's a chicken-egg problem (don'...

cc @jedevc @TomChv @kpenfound @matipan

Problem

Dagger takes a long time to load modules. As a result, every interaction with dagger starts with... waiting.
This makes the Dagger experience less delightful than it should be.

Solution

Find the lowest-hanging fruit for improving module load time, and pick it.
Rinse, repeat, until users spontaneously say "hey, Dagger feels much faster!"

What are you trying to do?

I’m trying to specify Vault secret paths in Dagger in a way that includes the secrets engine directly in the URL, such as:

vault:///.

Currently, Dagger requires a split configuration model where part of the path (the secrets engine mount) is defined in VAULT_PATH_PREFIX, and the remaining sub-path is written inside the secret reference (e.g., vault://PATH/TO/SECRET.FIELD).
I want to be able to specify the full Vault path—including the secrets engin...

About adding a new path scheme for backward compatibility: it seems to me that it would be more convenient to support just one scheme so the user doesn’t get confused. But we need agreement from at least a few contributors, and especially from @kpenfound , that this is okay and that development in this direction makes sense.

As for backward compatibility, we can try to preserve it like this: keep the VAULT_PATH_PREFIX variable working, and if it is set, simply prepend its value to the path...

What is the issue?

Sometimes the engine stops working with error messages like this:

Error: failed to load cache key: no active session for ja13ul8z8qvjxt376vmkvzvvs: context deadline exceeded

Looking at the engine logs, I've noticed two things:

1 - The first appearance of the error message always occurs after the same other log message:

time="2025-10-24T05:36:55Z" level=debug msg="checked for cached auth handler namespace" cached=true key="docker.io/library/node::pull" n...

When loading a module on a remote engine, filesync can take a while. In default verbosity, that filesync is hidden from TUI, so it looks like everything is completed, and the dagger call is just hanging. You have to increase verbosity to find out that there are unfinished upload/filesync spans.

@andrestone sorry about that, there must be another source of similar errors 😕 Can you provide any cloud trace links where this is occurring? Anything additional that could help me repro exactly what you're hitting would be useful too if possible (e.g. if the code in question is open-source, a link to it, etc.)

Problem

Is there a flag to disable line numbers in the generated docs? Doesn't feel very useful to me, vs. the insane amount of churn it introduces

_Originally posted by @vito in https://github.com/dagger/dagger/pull/11311#discussion_r2470108808_

Solution

Doctum does not have config for disabling line numbers.

_Originally posted by @charjr in https://github.com/dagger/da...

Problem

We continuously publish dev builds from the main branch of Dagger, as usable releases. But the publishing process is slightly different, which requires special cases in the build scripts, and even in the CLI code.

Solution

Change how we publish nightly builds, to be more like stable releases. This will allow simplifying the release toolchain, and the CLI code. It will also remove complicated coupling between the two, thus making the whole system simpler.

Specifically:

-...

FYI @jedevc @marcosnils @matipan @kpenfound

What is the issue?

When I run a Dagger function from the Python REPL or from the command-line, it makes changes to the terminal that are not cleaned up afterwards.

When I run from the terminal, it shows the animated log output, then after the function has finished running, it says “Disconnecting” and terminates. It fails to print a newline, and for some reason the blinking cursor disappears from my terminal session.

When I run from the Python REPL, the “Disconnecting” message with ...

What is the issue?

I am trying to set up a registry mirror that points to a different location for hub.docker.com. Naturally, I try to follow the docs available for configuring the Dagger engine here, but I am struggling with getting this to make sense.

I created an engine.json config in $HOME/.config/dagger/engine.json with the content below:

{
  "registries": {
    "docker.io": {
      "mirrors": ...

Problem

When running dagger call from a local module, filesync operations (Host.directory()) are triggered by loading modules, loading contextual directories... These filesync operations are "orphaned": they don't appear as children of a top-level span. Combined with the fact that they are hidden by default... the result is a frequent illusion of nothing happening, when in fact a lengthy filesync is underway.

With the recent changes introduced by https://github.com/dagger/dagger/pull/11309, we significantly improved the performances for both Node, Deno and Bun.

So I'm wondering if we should change our default TypeScript runtime to maximize performances by default.

If we compare the number for dagger v0.19.6, we got:

                                          │   bun.txt    │               deno.txt               │              node_yarn.txt               │
                                  ...

What happened? What did you expect to happen?

Dagger seems to try to interpret parts of the env variable: USER=an$example-user as a separate variable. I get the following error:
failed to get configured module: failed to resolve dep to source: failed to load git dep: select: load user defaults: Evaluate env file: USER: example: unbound variable
How do I escape the '$' in my env var? the documentation doesn't mention this behaviour. I pass this value as a regular argument to the dagg...

@burkhart-puzzle-ch you can use standard bash notation:

• Option 1: USER=an\$example-user
• Option 2: USER='an$example-user'

stdout, err := e.client.Container().From(image).WithExec([]string{}).Stdout(ctx)

Currently a Go SDK module gets its own personal Dagger Go SDK client generated to ./internal/dagger which the module code then imports.

It also has a locally defined dag variable that is the instantiated Dagger client.

This has a few downsides:

• Can't use a package for module and non-module code, since it's awkward for a module to depend on the external SDK
• goimports sees undeclared dag and auto-imports dagger.io/dagger/dag which breaks everything - very annoying
• Not always ...

This works now.

👋 here's the repo with our nix flake. @sagikazarmark probably knows what's the right way to fix this given that he's a nix user :P

What happened? What did you expect to happen?

A new release of dagger is available: v0.19.7 → v0.19.8
To upgrade, see https://docs.dagger.io/install
https://github.com/dagger/dagger/releases/tag/v0.19.8

How can I disable update logging in the log output and prevent it from being output?

hi, I can't be disabled for the moment.

The Exodus

It's time! Let us boldly enter a YAML-free future!

Why?

• Faster and more repeatable end-to-end tests
• Simpler and cleaner configuration
• No drift between local and CI execution
• A Golden Example of solving real problems with Dagger

Target

Turn off GHA completely by December 31 2025.

Tasks

• Kill the monolith
• Migrate secrets to 1password
• [ ] Local release
• [ ] ...

What is the issue?

I'm observing that pulling large container images through Dagger takes approximately twice as long as pulling the same images directly with docker pull or podman pull.

Both tests were performed on the same machine with the same network conditions, pulling from the same registry.

Environment:

• Dagger version: v0.19.8
• OS: EndeavourOS, Linux 6.12.61-1-lts
• Container runtime: Podman 5.7.0

Notes:

I'm not certain this is a bug - it may be expected beh...

@xfactor2000 thanks for the report, I'd consider that a performance bug as there's not any good reason there should be a difference pulling w/ dagger vs. other container engines (dagger mostly uses containerd libs for image pulling, which is I think what docker uses these days too).

I'm guessing you can't share the actual image you use to repro this (if you can though, that would be very helpful), but would it be possible to share a little more metadata? I'm specifically curious:

1. how ma...

Problem

When configuring my module to use an SDK, if that SDK is itself a blueprint, loading it will fail with this error:

SDK does not support defining and executing functions

https://dagger.cloud/dagger/traces/fd56a6446143774a7cc9e42a3c0016d3

What is the issue?

The python SDK does not expose the cache parameter in its type stubs. I tried to submit an MR but CI lit up like a Christmas tree in #11571 so I'll make an issue instead! 😅

Even though the underlying python sdk func has a cache parameter, it's not exposed in the type hint overloads:

    @overload
    def function(
        self,
        func: Func[P, R],
        *,
        name: APIName | None = None,
        doc: str | None = None,
        deprecated: str ...

Description

[!NOTE]
AI wrote this issue. I have proofread/verified correctness to the best of my ability.

Calling .stdout() on Container objects in the Dagger TypeScript SDK consistently fails with:

Encountered an unknown error while requesting data via graphql
Caused by: Can only call URLSearchParams.toJSON on instances of URLSearchParams

This appears to be a GraphQL serialization bug where URLSearchParams instances are incorrectly serialized during SDK-to-engine communi...

Problem

[!NOTE]
AI wrote this issue. I have verified correctness to the best of my ability.

cache manager can't calculate disk usage for snapshots with deeply nested directories. hits ENAMETOOLONG when walking filesystem.

level=ERROR msg="failed to calculate size" error="lstat .../node_modules/.old-57CC/.../node_modules/.old-5AB6/.../astro-opengraph-images/...: file name too long"

seen with npm packages like astro-opengraph-images that create circular/deeply nested node_mod...

note this also causes a panic:

  time="2026-01-04T21:26:35Z" level=debug msg="snapshotter error" error="lstat
  /var/lib/dagger/worker/snapshots/snapshots/62979/fs/workspace/examples/preset/node_modules/astro-opengraph-images/examples/preset/node_modules/astro-opengraph-images/examples/preset/node_modules/astro-opengraph-images/examples/preset/node_modules/astro-opengraph-images/examples/preset/node_modules/astro-opengraph-images/examples/preset/node_modules/astro-opengraph-images/exampl...

@shepherdjerred Thanks for the report on the bug. There's a few significant problems with the approach in the linked PR, but more fundamentally the code that should handle this is from containerd, not our codebase.

I'm extremely curious how you are ending up in this situation in the first place though. The explanation at the bottom that there's a circular symlink doesn't add up to me for a few reasons:

1. The implementation in containerd just uses go's stdlib filepath.Walk, which is docume...

What is the issue?

I've just started having problems creating Dagger modules using dagger init. See the console log below for example, but this is happening whether the directory is empty, is a n empty Git project root, is non-empty with non-git files, or a non-empty git root directory.

This is on Docker for Mac on sillicon hardware.

Dagger version

dagger v0.19.2 (image://registry.dagger.io/engine:v0.19.2) darwin/arm64/v8

Steps to reproduce

 11:28:00 ~
$ cd src/play...

Thanks for filing @toby-griffiths ! Original Discord thread for reference.

fyi @shykes

@toby-griffiths the error seems to indicate there is a .env file at ../../../.env. Does that file actually exist? And if so, is it a symlink by any chance? (ls -d ../../../.env)

By any chance is there a .git in your home directory?

Hi @toby-griffiths, quick ping on this. 🙏

So I've found a workaround, as I noticed this working in another project. If I create an empty .env file in the project directory it works.

Ah. Do if I also git init it seems to restrict it to the project root. Separate bug for this, because I would have expected to be able to create a module first, and then initialise the git repo, and it's worrying it's trying to tamper with the root of my home directory!

What are you trying to do?

With env vars, I can attach them both as single vars or a set of vars from a file. In Kubernetes, I specify both env vars and secrets as env, using both line items and from file. Dagger is missing the SecretFile from the { Env, Secret } x { Var, File } cross-product.

Why is this important to you?

No response

How are you currently working around this?

No response

What is the issue?

I am using dagger connected to Amazon Bedrock through the bedrock-access-gateway (https://github.com/aws-samples/bedrock-access-gateway) when I submit a promo in the the run prompt mode in the dagger interactive shell I am getting the following error:

┃ 0.0s ERROR
! received error while streaming: {"message":"500: Parameter validation failed:\nInvalid length for parameter toolConfig.tools[12].toolSpec.description, value: 0, valid min length: 1"}

The raw requ...

I'm curious how an actual use of this SecretFile might look like.

The main purpose of EnvFile is to model the .env file used by user defaults (https://github.com/dagger/dagger/pull/11034) which is parsed and then injected appropriately into your module's fields, arguments, etc. Outside of that main use case, the EnvFile type doesn't have too much use since it can't be used with other types like Container for example.

Going back to SecretFile, it's not clear to me how and what th...

EnvFile appears to be usable with Containers, that's why I'm after the equivalent for secrets

https://pkg.go.dev/dagger.io/dagger#Container.WithEnvFileVariables

It's exactly the same idea, but secrets so they are obfuscated

Basically I'm after the way Kubernetes does it for both env and secrets, expose the whole file as env vars in one line, so the analog would be a single step to expose a set of env vars or secrets via a file

One note, External Secrets Operator (ESO) uses JSON format, so there are translations that would be nice if they were auto handled, this project is gaining usage in the k8s ecosystem where more of our dagger workloads are run...

Problem

When running 'dagger check' in a module, there is no distinction between:

a) checks meant to be run in the context of another module (by installing the current module as a toolchain)
b) checks meant to be run in the context of the current module

As a result, running 'dagger check' in a toolchain module, is likely to fail in confusing and unpredictable ways.

This complicates out-of-the-box CI for every Dagger module - because that requires a simple way to run every check on ...

hey @AsocPro! are you using LiteLLM proxy or something else to connect Dagger with the AWS bedrock gateway?

I am using the bedrock-access-gateway (https://github.com/aws-samples/bedrock-access-gateway)

I haven't tried LiteLLM yet but that was on my list to try when I get back to testing things. I also could add a fix to the bedrock access gateway to watch for the blank description and make it not blank before passing it through to Amazon Bedrock.

My concern was if the module doesn't have a description in the tool spec it would make it hard for the LLM to know when it should look to use that modul...

Does that mean it will not be possible to define a check on a root module, only use toolchains?
So if a specific check is needed, the solution would be for instance to create a sub module and reference it as a toolchain?
And maybe by extension to only toolchains in the main module, no custom code directly?
(yes, lot of questions, just to be sure to visualise the impact)

Does that mean it will not be possible to define a check on a root module, only use toolchains?

Correct. (well technically, still possible, just will be silently ignored by default)

So if a specific check is needed, the solution would be for instance to create a sub module and reference it as a toolchain?

Yes exactly. This is the pattern we are already following on dagger/dagger, and I quite like it.

And maybe by extension to only toolchains in the main module, no custom code dire...

Hmm this feels like a big change - toolchains are great and all, but if I have to use (or worse, write) one to get started with a small side-project like Dang, that'll feel really really weird.

What about just throwing a flag in dagger.json for toolchain modules, so we can detect that they are only valid when used as a toolchain?

It's a little weird that all the users of a toolchain module know it's a toolchain, but the module itself doesn't. :grin:

the problem is that "toolchain" is relative. You can install a module as a toolchain, but you can also use it as your context (ie to test your own module). So setting a toolchain field doesn't really solve the problem. Either we disable all inline checks for toolchain modules (but then you can't develop your toolchain with the full dagger experience) or you don't disable anything (but then the original problem is not solved)

With the solution I propose you can install toolchains in your tool...