apple · realrajaryan · Oct 16, 2025 · Oct 15, 2025 · Oct 15, 2025 · Oct 15, 2025
diff --git a/Makefile b/Makefile
@@ -181,6 +181,7 @@ integration: init-block
 		$(SWIFT) test -c $(BUILD_CONFIGURATION) $(SWIFT_CONFIGURATION) --filter TestCLIBuildBase || exit_code=1 ; \
 		$(SWIFT) test -c $(BUILD_CONFIGURATION) $(SWIFT_CONFIGURATION) --filter TestCLIVolumes || exit_code=1 ; \
 		$(SWIFT) test -c $(BUILD_CONFIGURATION) $(SWIFT_CONFIGURATION) --filter TestCLIKernelSet || exit_code=1 ; \
+		$(SWIFT) test -c $(BUILD_CONFIGURATION) $(SWIFT_CONFIGURATION) --filter TestCLIAnonymousVolumes || exit_code=1 ; \
 		echo Ensuring apiserver stopped after the CLI integration tests ; \
 		scripts/ensure-container-stopped.sh ; \
 		exit $${exit_code} ; \

diff --git a/Sources/ContainerClient/Core/Volume.swift b/Sources/ContainerClient/Core/Volume.swift
@@ -16,7 +16,7 @@
 
 import Foundation
 
-/// A named volume that can be mounted in containers.
+/// A named or anonymous volume that can be mounted in containers.
 public struct Volume: Sendable, Codable, Equatable, Identifiable {
     // id of the volume.
     public var id: String { name }
@@ -45,7 +45,7 @@ public struct Volume: Sendable, Codable, Equatable, Identifiable {
         createdAt: Date = Date(),
         labels: [String: String] = [:],
         options: [String: String] = [:],
-        sizeInBytes: UInt64? = nil,
+        sizeInBytes: UInt64? = nil
     ) {
         self.name = name
         self.driver = driver
@@ -58,6 +58,16 @@ public struct Volume: Sendable, Codable, Equatable, Identifiable {
     }
 }
 
+extension Volume {
+    /// Reserved label key for marking anonymous volumes
+    public static let anonymousLabel = "com.apple.container.resource.anonymous"
+
+    /// Whether this is an anonymous volume (detected via label)
+    public var isAnonymous: Bool {
+        labels[Self.anonymousLabel] != nil
+    }
+}
+
 /// Error types for volume operations.
 public enum VolumeError: Error, LocalizedError {
     case volumeNotFound(String)
@@ -95,9 +105,14 @@ public struct VolumeStorage {
 
         do {
             let regex = try Regex(volumeNamePattern)
-            return name.contains(regex)
+            return (try? regex.wholeMatch(in: name)) != nil
         } catch {
             return false
         }
     }
+
+    /// Generates an anonymous volume name with UUID format
+    public static func generateAnonymousVolumeName() -> String {
+        UUID().uuidString.lowercased()
+    }
 }
diff --git a/Sources/ContainerClient/Parser.swift b/Sources/ContainerClient/Parser.swift
@@ -25,11 +25,13 @@ public struct ParsedVolume {
     public let name: String
     public let destination: String
     public let options: [String]
+    public let isAnonymous: Bool
 
-    public init(name: String, destination: String, options: [String] = []) {
+    public init(name: String, destination: String, options: [String] = [], isAnonymous: Bool = false) {
         self.name = name
         self.destination = destination
         self.options = options
+        self.isAnonymous = isAnonymous
     }
 }
 
@@ -368,8 +370,7 @@ public struct Parser {
                 case "tmpfs":
                     fs.type = Filesystem.FSType.tmpfs
                 case "volume":
-                    // Volume type will be set later in source parsing when we create the actual volume filesystem
-                    break
+                    isVolume = true
                 default:
                     throw ContainerizationError(.invalidArgument, message: "unsupported mount type \(val)")
                 }
@@ -416,7 +417,6 @@ public struct Parser {
                     }
 
                     // This is a named volume
-                    isVolume = true
                     volumeName = val
                     fs.source = val
                 case "tmpfs":
@@ -434,11 +434,19 @@ public struct Parser {
         guard isVolume else {
             return .filesystem(fs)
         }
+
+        // If it's a volume type but no source was provided, create an anonymous volume
+        let isAnonymous = volumeName.isEmpty
+        if isAnonymous {
+            volumeName = VolumeStorage.generateAnonymousVolumeName()
+        }
+
         return .volume(
             ParsedVolume(
                 name: volumeName,
                 destination: fs.destination,
-                options: fs.options
+                options: fs.options,
+                isAnonymous: isAnonymous
             ))
     }
 
@@ -459,7 +467,19 @@ public struct Parser {
         let parts = vol.split(separator: ":")
         switch parts.count {
         case 1:
-            throw ContainerizationError(.invalidArgument, message: "anonymous volumes are not supported")
+            // Anonymous volume: -v /path
+            // Generate a random name for the anonymous volume
+            let anonymousName = VolumeStorage.generateAnonymousVolumeName()
+            let destination = String(parts[0])
+            let options: [String] = []
+
+            return .volume(
+                ParsedVolume(
+                    name: anonymousName,
+                    destination: destination,
+                    options: options,
+                    isAnonymous: true
+                ))
         case 2, 3:
             let src = String(parts[0])
             let dst = String(parts[1])

diff --git a/Sources/ContainerClient/Utility.swift b/Sources/ContainerClient/Utility.swift
@@ -160,19 +160,43 @@ public struct Utility {
             case .filesystem(let fs):
                 resolvedMounts.append(fs)
             case .volume(let parsed):
-                do {
-                    let volume = try await ClientVolume.inspect(parsed.name)
-                    let volumeMount = Filesystem.volume(
-                        name: parsed.name,
-                        format: volume.format,
-                        source: volume.source,
-                        destination: parsed.destination,
-                        options: parsed.options
-                    )
-                    resolvedMounts.append(volumeMount)
-                } catch {
-                    throw ContainerizationError(.invalidArgument, message: "volume '\(parsed.name)' not found")
+                let volume: Volume
+
+                if parsed.isAnonymous {
+                    // Anonymous volume so try to create it, inspect if already exists
+                    do {
+                        volume = try await ClientVolume.create(
+                            name: parsed.name,
+                            driver: "local",
+                            driverOpts: [:],
+                            labels: [Volume.anonymousLabel: ""]
+                        )
+                    } catch let error as VolumeError {
+                        guard case .volumeAlreadyExists = error else {
+                            throw error
+                        }
+                        // Volume already exists, just inspect it
+                        volume = try await ClientVolume.inspect(parsed.name)
+                    } catch let error as ContainerizationError {
+                        // Handle XPC-wrapped volumeAlreadyExists error
+                        guard error.message.contains("already exists") else {
+                            throw error
+                        }
+                        volume = try await ClientVolume.inspect(parsed.name)
+                    }
+                } else {
+                    // Named volume so it must already exist
+                    volume = try await ClientVolume.inspect(parsed.name)
                 }
+
+                let volumeMount = Filesystem.volume(
+                    name: parsed.name,
+                    format: volume.format,
+                    source: volume.source,
+                    destination: parsed.destination,
+                    options: parsed.options
+                )
+                resolvedMounts.append(volumeMount)
             }
         }
 

diff --git a/Sources/ContainerCommands/Volume/VolumeList.swift b/Sources/ContainerCommands/Volume/VolumeList.swift
@@ -44,7 +44,7 @@ extension Application.VolumeCommand {
         }
 
         private func createHeader() -> [[String]] {
-            [["NAME", "DRIVER", "OPTIONS"]]
+            [["NAME", "TYPE", "DRIVER", "OPTIONS"]]
         }
 
         func printVolumes(volumes: [Volume], format: Application.ListFormat) throws {
@@ -61,8 +61,13 @@ extension Application.VolumeCommand {
                 return
             }
 
+            // Sort volumes by creation time (newest first)
+            let sortedVolumes = volumes.sorted { v1, v2 in
+                v1.createdAt > v2.createdAt
+            }
+
             var rows = createHeader()
-            for volume in volumes {
+            for volume in sortedVolumes {
                 rows.append(volume.asRow)
             }
 
@@ -74,9 +79,11 @@ extension Application.VolumeCommand {
 
 extension Volume {
     var asRow: [String] {
+        let volumeType = self.isAnonymous ? "anonymous" : "named"
         let optionsString = options.isEmpty ? "" : options.map { "\($0.key)=\($0.value)" }.joined(separator: ",")
         return [
             self.name,
+            volumeType,
             self.driver,
             optionsString,
         ]

diff --git a/Sources/Services/ContainerAPIService/Volumes/VolumesService.swift b/Sources/Services/ContainerAPIService/Volumes/VolumesService.swift
@@ -167,7 +167,7 @@ public actor VolumesService {
 
         try await store.create(volume)
 
-        log.info("Created volume", metadata: ["name": "\(name)", "driver": "\(driver)"])
+        log.info("Created volume", metadata: ["name": "\(name)", "driver": "\(driver)", "isAnonymous": "\(volume.isAnonymous)"])
         return volume
     }