Skip to content

feat(vm): add openshell-vm crate with libkrun microVM gateway#611

Draft
drew wants to merge 5 commits intomainfrom
start-openshell-vm
Draft

feat(vm): add openshell-vm crate with libkrun microVM gateway#611
drew wants to merge 5 commits intomainfrom
start-openshell-vm

Conversation

@drew
Copy link
Collaborator

@drew drew commented Mar 25, 2026

Summary

Adds the openshell-vm crate — a new microVM runtime that uses libkrun to boot lightweight VMs with hardware isolation. On macOS ARM64 it leverages Apple's Hypervisor.framework; on Linux it uses KVM. This provides a single-binary alternative to the Docker/k3s-based gateway deployment.

Changes

  • New crates/openshell-vm/ crate with:
    • lib.rs: VmConfig builder, libkrun FFI wrapper, VM lifecycle (launch, exec, reset)
    • ffi.rs: Dynamic loading of libkrun.dylib/libkrun.so via libloading
    • exec.rs: openshell-vm exec support to run commands inside a running VM via vsock
    • main.rs: Standalone CLI binary with --exec, --port, --vcpus, --mem, --net, --reset flags
  • Runtime scripts: build-rootfs.sh, openshell-vm-init.sh, sync-vm-rootfs.sh, check-vm-capabilities.sh, helper Python scripts
  • Build/packaging tasks in tasks/vm.toml and associated scripts
  • Helm chart and deployment manifest updates for VM-based gateway support
  • Architecture documentation in architecture/custom-vm-runtime.md
  • Path helpers in openshell-core and openshell-bootstrap for VM rootfs/runtime directories
  • Integration test in tests/gateway_integration.rs

Testing

  • Integration test added (crates/openshell-vm/tests/gateway_integration.rs)
  • mise run pre-commit passes
  • E2E tests added/updated (if applicable)

Checklist

  • Follows Conventional Commits
  • Commits are signed off (DCO)
  • Architecture docs updated (architecture/custom-vm-runtime.md)

drew added 3 commits March 24, 2026 23:15
@drew
feat(vm): add openshell-vm crate with libkrun microVM gateway
c9aaed6
@drew
fix(vm): address review findings in openshell-vm crate
f50dd33 
Fix targeted gvproxy kill to use tracked PID from runtime state instead
of pkill, gate diagnostic dump behind OPENSHELL_VM_DIAG env var, stream
SHA-256 hashing to avoid buffering entire files, clarify operator
precedence in env var validation, replace hand-rolled JSON parser with
serde_json, deduplicate required_runtime_lib_name(), and add openshell-vm
to AGENTS.md architecture table.
@drew
wip
91a321d
@drew drew requested a review from a team as a code owner March 25, 2026 15:13
@drew drew self-assigned this Mar 25, 2026
areporeporepo

This comment was marked as off-topic.

Sign in to view

@drew drew marked this pull request as draft March 25, 2026 18:50
@areporeporepo areporeporepo mentioned this pull request Mar 26, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@areporeporepo areporeporepo areporeporepo left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@drew drew

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@drew @areporeporepo