@vm0/runner 2.2.2 → 2.3.0

package/index.js

@@ -32,7 +32,10 @@ var runnerConfigSchema = z.object({
     binary: z.string().min(1, "Firecracker binary path is required"),
     kernel: z.string().min(1, "Kernel path is required"),
     rootfs: z.string().min(1, "Rootfs path is required")
-  })
+  }),
+  proxy: z.object({
+    port: z.number().int().min(1024).max(65535).default(8080)
+  }).default({})
 });
 function loadConfig(configPath) {
   if (!fs.existsSync(configPath)) {
@@ -135,7 +138,8 @@ async function completeJob(apiUrl, context, exitCode, error) {
 }
 
 // src/lib/executor.ts
-import path3 from "path";
+import path4 from "path";
+import fs6 from "fs";
 
 // src/lib/firecracker/vm.ts
 import { spawn } from "child_process";
@@ -153,7 +157,7 @@ var FirecrackerClient = class {
   /**
    * Make HTTP request to Firecracker API
    */
-  async request(method, path4, body) {
+  async request(method, path5, body) {
     return new Promise((resolve, reject) => {
       const bodyStr = body !== void 0 ? JSON.stringify(body) : void 0;
       const headers = {
@@ -166,11 +170,11 @@ var FirecrackerClient = class {
         headers["Content-Length"] = Buffer.byteLength(bodyStr);
       }
       console.log(
-        `[FC API] ${method} ${path4}${bodyStr ? ` (${Buffer.byteLength(bodyStr)} bytes)` : ""}`
+        `[FC API] ${method} ${path5}${bodyStr ? ` (${Buffer.byteLength(bodyStr)} bytes)` : ""}`
       );
       const options = {
         socketPath: this.socketPath,
-        path: path4,
+        path: path5,
         method,
         headers,
         // Disable agent to ensure fresh connection for each request
@@ -485,6 +489,52 @@ function checkNetworkPrerequisites() {
     errors
   };
 }
+async function setupVMProxyRules(vmIp, proxyPort) {
+  console.log(
+    `Setting up proxy rules for VM ${vmIp} -> localhost:${proxyPort}`
+  );
+  try {
+    await execCommand(
+      `iptables -t nat -C PREROUTING -s ${vmIp} -p tcp --dport 80 -j REDIRECT --to-port ${proxyPort}`
+    );
+    console.log(`Proxy rule for ${vmIp}:80 already exists`);
+  } catch {
+    await execCommand(
+      `iptables -t nat -A PREROUTING -s ${vmIp} -p tcp --dport 80 -j REDIRECT --to-port ${proxyPort}`
+    );
+    console.log(`Proxy rule for ${vmIp}:80 added`);
+  }
+  try {
+    await execCommand(
+      `iptables -t nat -C PREROUTING -s ${vmIp} -p tcp --dport 443 -j REDIRECT --to-port ${proxyPort}`
+    );
+    console.log(`Proxy rule for ${vmIp}:443 already exists`);
+  } catch {
+    await execCommand(
+      `iptables -t nat -A PREROUTING -s ${vmIp} -p tcp --dport 443 -j REDIRECT --to-port ${proxyPort}`
+    );
+    console.log(`Proxy rule for ${vmIp}:443 added`);
+  }
+  console.log(`Proxy rules configured for VM ${vmIp}`);
+}
+async function removeVMProxyRules(vmIp, proxyPort) {
+  console.log(`Removing proxy rules for VM ${vmIp}...`);
+  try {
+    await execCommand(
+      `iptables -t nat -D PREROUTING -s ${vmIp} -p tcp --dport 80 -j REDIRECT --to-port ${proxyPort}`
+    );
+    console.log(`Proxy rule for ${vmIp}:80 removed`);
+  } catch {
+  }
+  try {
+    await execCommand(
+      `iptables -t nat -D PREROUTING -s ${vmIp} -p tcp --dport 443 -j REDIRECT --to-port ${proxyPort}`
+    );
+    console.log(`Proxy rule for ${vmIp}:443 removed`);
+  } catch {
+  }
+  console.log(`Proxy rules cleanup complete for VM ${vmIp}`);
+}
 
 // src/lib/firecracker/vm.ts
 var FirecrackerVM = class {
@@ -1278,8 +1328,8 @@ function getErrorMap() {
   return overrideErrorMap;
 }
 var makeIssue = (params) => {
-  const { data, path: path4, errorMaps, issueData } = params;
-  const fullPath = [...path4, ...issueData.path || []];
+  const { data, path: path5, errorMaps, issueData } = params;
+  const fullPath = [...path5, ...issueData.path || []];
   const fullIssue = {
     ...issueData,
     path: fullPath
@@ -1378,11 +1428,11 @@ var errorUtil;
   errorUtil2.toString = (message) => typeof message === "string" ? message : message === null || message === void 0 ? void 0 : message.message;
 })(errorUtil || (errorUtil = {}));
 var ParseInputLazyPath = class {
-  constructor(parent, value, path4, key) {
+  constructor(parent, value, path5, key) {
     this._cachedPath = [];
     this.parent = parent;
     this.data = value;
-    this._path = path4;
+    this._path = path5;
     this._key = key;
   }
   get path() {
@@ -6106,7 +6156,9 @@ var executionContextSchema = z14.object({
   environment: z14.record(z14.string(), z14.string()).nullable(),
   resumeSession: resumeSessionSchema.nullable(),
   secretValues: z14.array(z14.string()).nullable(),
-  cliAgentType: z14.string()
+  cliAgentType: z14.string(),
+  // Network security mode flag
+  experimentalNetworkSecurity: z14.boolean().optional()
 });
 var runnersJobClaimContract = c10.router({
   claim: {
@@ -7855,415 +7907,6 @@ def final_telemetry_upload() -> bool:
     return upload_telemetry()
 `;
 
-// ../../packages/core/src/sandbox/scripts/lib/proxy_setup.py.ts
-var PROXY_SETUP_SCRIPT = `#!/usr/bin/env python3
-"""
-Proxy setup for VM0 network security mode.
-This script:
-1. Installs mitmproxy and dependencies
-2. Generates and installs CA certificate
-3. Configures nftables for transparent proxying
-4. Starts mitmproxy with the VM0 addon
-"""
-import os
-import sys
-import subprocess
-import time
-
-# Add lib to path for imports
-sys.path.insert(0, "/usr/local/bin/vm0-agent/lib")
-
-from log import log_info, log_error, log_warn
-
-# Proxy configuration
-MITM_PORT = 8080
-MITM_CA_DIR = "/root/.mitmproxy"  # Proxy setup runs as root
-MITM_CA_CERT = f"{MITM_CA_DIR}/mitmproxy-ca-cert.pem"
-ADDON_PATH = "/usr/local/bin/vm0-agent/lib/mitm_addon.py"
-
-
-def run_cmd(cmd: list, check: bool = True) -> subprocess.CompletedProcess:
-    """Run a command and log output."""
-    log_info(f"Running: {' '.join(cmd)}")
-    result = subprocess.run(cmd, capture_output=True, text=True)
-    if result.stdout:
-        log_info(f"stdout: {result.stdout.strip()}")
-    if result.stderr:
-        log_warn(f"stderr: {result.stderr.strip()}")
-    if check and result.returncode != 0:
-        raise RuntimeError(f"Command failed with code {result.returncode}")
-    return result
-
-
-def install_dependencies():
-    """Install required packages (must run as root)."""
-    log_info("Installing dependencies...")
-
-    # Update apt cache
-    run_cmd(["apt-get", "update", "-qq"])
-
-    # Install required packages
-    run_cmd([
-        "apt-get", "install", "-y", "-qq",
-        "python3-pip",
-        "nftables",
-        "ca-certificates"
-    ])
-
-    # Install mitmproxy system-wide
-    log_info("Installing mitmproxy (this may take a minute)...")
-    run_cmd([
-        "pip3", "install", "mitmproxy",
-        "--break-system-packages",
-        "--quiet"
-    ])
-
-    log_info("Dependencies installed successfully")
-
-
-def setup_ca_certificate():
-    """Generate and install mitmproxy CA certificate."""
-    log_info("Setting up CA certificate...")
-
-    # Create mitmproxy config directory
-    os.makedirs(MITM_CA_DIR, exist_ok=True)
-
-    # Generate CA certificate by running mitmproxy briefly
-    # This creates the CA cert if it doesn't exist
-    log_info("Generating mitmproxy CA certificate...")
-    proc = subprocess.Popen(
-        ["mitmdump", "--set", "confdir=" + MITM_CA_DIR],
-        stdout=subprocess.PIPE,
-        stderr=subprocess.PIPE
-    )
-    time.sleep(3)  # Wait for cert generation
-    proc.terminate()
-    proc.wait()
-
-    # Verify cert was created
-    if not os.path.exists(MITM_CA_CERT):
-        raise RuntimeError("Failed to generate CA certificate")
-
-    # Install CA certificate system-wide
-    log_info("Installing CA certificate system-wide...")
-
-    # Copy to system CA directory
-    run_cmd([
-        "cp", MITM_CA_CERT,
-        "/usr/local/share/ca-certificates/mitmproxy-ca.crt"
-    ])
-
-    # Update CA certificates
-    run_cmd(["update-ca-certificates"])
-
-    # Set environment for Python requests library
-    os.environ["REQUESTS_CA_BUNDLE"] = "/etc/ssl/certs/ca-certificates.crt"
-    os.environ["SSL_CERT_FILE"] = "/etc/ssl/certs/ca-certificates.crt"
-
-    log_info("CA certificate installed successfully")
-
-
-def configure_nftables():
-    """Configure nftables for transparent proxying."""
-    log_info("Configuring nftables for transparent proxy...")
-
-    # nftables rules for transparent proxy
-    # - Skip traffic from root (UID 0) - mitmproxy runs as root
-    # - Redirect all other TCP traffic to mitmproxy
-    # NOTE: We use UID-based filtering because mitmproxy doesn't support SO_MARK
-    nft_rules = f"""
-flush ruleset
-
-table ip nat {{
-    chain prerouting {{
-        type nat hook prerouting priority -100;
-    }}
-
-    chain output {{
-        type nat hook output priority -100;
-
-        # Skip traffic from root (UID 0) - mitmproxy runs as root
-        # This prevents redirect loop: mitmproxy -> nftables -> mitmproxy
-        meta skuid 0 return
-
-        # Skip traffic to localhost
-        ip daddr 127.0.0.0/8 return
-
-        # Skip traffic to private networks (internal communication)
-        ip daddr 10.0.0.0/8 return
-        ip daddr 172.16.0.0/12 return
-        ip daddr 192.168.0.0/16 return
-
-        # Redirect HTTP traffic (port 80)
-        tcp dport 80 redirect to :{MITM_PORT}
-
-        # Redirect HTTPS traffic (port 443)
-        tcp dport 443 redirect to :{MITM_PORT}
-    }}
-}}
-"""
-
-    # Write rules to file
-    nft_file = "/tmp/vm0-proxy-rules.nft"
-    with open(nft_file, "w") as f:
-        f.write(nft_rules)
-
-    # Apply rules
-    run_cmd(["nft", "-f", nft_file])
-
-    log_info("nftables configured successfully")
-
-
-def start_mitmproxy():
-    """Start mitmproxy with the VM0 addon in background."""
-    log_info("Starting mitmproxy...")
-
-    # Verify addon exists
-    if not os.path.exists(ADDON_PATH):
-        raise RuntimeError(f"Addon not found: {ADDON_PATH}")
-
-    # Start mitmproxy in transparent mode with addon
-    # NOTE: mitmproxy runs as root, and nftables skips root's traffic (meta skuid 0)
-    # to avoid redirect loop
-    cmd = [
-        "mitmdump",
-        "--mode", "transparent",
-        "--listen-port", str(MITM_PORT),
-        "--set", f"confdir={MITM_CA_DIR}",
-        "--scripts", ADDON_PATH,
-        "--quiet"  # Reduce log noise
-    ]
-
-    log_info(f"mitmproxy command: {' '.join(cmd)}")
-
-    # Start in background
-    proc = subprocess.Popen(
-        cmd,
-        stdout=subprocess.DEVNULL,
-        stderr=subprocess.DEVNULL,
-        start_new_session=True
-    )
-
-    # Wait briefly and check if it's running
-    time.sleep(2)
-    if proc.poll() is not None:
-        raise RuntimeError("mitmproxy failed to start")
-
-    log_info(f"mitmproxy started (PID: {proc.pid})")
-
-    # Save PID for later cleanup if needed
-    with open("/tmp/vm0-mitmproxy.pid", "w") as f:
-        f.write(str(proc.pid))
-
-
-def setup_proxy():
-    """Main setup function."""
-    log_info("=== VM0 Proxy Setup Starting ===")
-    start_time = time.time()
-
-    try:
-        install_dependencies()
-        setup_ca_certificate()
-        configure_nftables()
-        start_mitmproxy()
-
-        elapsed = time.time() - start_time
-        log_info(f"=== Proxy Setup Complete ({elapsed:.1f}s) ===")
-        return True
-
-    except Exception as e:
-        log_error(f"Proxy setup failed: {e}")
-        return False
-
-
-if __name__ == "__main__":
-    success = setup_proxy()
-    sys.exit(0 if success else 1)
-`;
-
-// ../../packages/core/src/sandbox/scripts/lib/mitm_addon.py.ts
-var MITM_ADDON_SCRIPT = `#!/usr/bin/env python3
-"""
-mitmproxy addon for VM0 network security mode.
-This addon:
-1. Intercepts all HTTPS requests
-2. Rewrites them to go through VM0 Proxy endpoint
-3. Preserves all original headers (including encrypted tokens)
-4. Logs network activity to JSONL file for observability
-"""
-import os
-import json
-import time
-import urllib.parse
-from mitmproxy import http, ctx
-
-
-# VM0 Proxy configuration
-# API_URL is set by sandbox environment
-API_URL = os.environ.get("VM0_API_URL", "")
-API_TOKEN = os.environ.get("VM0_API_TOKEN", "")
-RUN_ID = os.environ.get("VM0_RUN_ID", "")
-VERCEL_BYPASS = os.environ.get("VERCEL_PROTECTION_BYPASS", "")
-
-# Network log file path
-NETWORK_LOG_FILE = f"/tmp/vm0-network-{RUN_ID}.jsonl"
-
-# Track request start times for latency calculation
-request_start_times = {}
-
-# Construct proxy URL
-PROXY_URL = f"{API_URL}/api/webhooks/agent/proxy"
-
-
-def log_network_entry(entry: dict) -> None:
-    """Write a network log entry to the JSONL file."""
-    try:
-        # Use O_CREAT | O_APPEND | O_WRONLY with mode 0o644 atomically
-        # This avoids race conditions and ensures world-readable permissions
-        # so the agent process (running as 'user') can read logs written by
-        # mitmproxy (running as root)
-        fd = os.open(NETWORK_LOG_FILE, os.O_CREAT | os.O_APPEND | os.O_WRONLY, 0o644)
-        try:
-            os.write(fd, (json.dumps(entry) + "\\n").encode())
-        finally:
-            os.close(fd)
-    except Exception as e:
-        ctx.log.warn(f"Failed to write network log: {e}")
-
-
-def get_original_url(flow: http.HTTPFlow) -> str:
-    """Reconstruct the original target URL from the request."""
-    scheme = "https" if flow.request.port == 443 else "http"
-    # Use pretty_host which prefers Host header over IP in transparent proxy mode
-    # This is critical because flow.request.host returns the destination IP address
-    # in transparent mode, but SSL certificates are issued for hostnames
-    host = flow.request.pretty_host
-    port = flow.request.port
-
-    # Include port in URL only if non-standard
-    if (scheme == "https" and port != 443) or (scheme == "http" and port != 80):
-        host_with_port = f"{host}:{port}"
-    else:
-        host_with_port = host
-
-    # Reconstruct full URL with path and query
-    path = flow.request.path
-    return f"{scheme}://{host_with_port}{path}"
-
-
-def request(flow: http.HTTPFlow) -> None:
-    """
-    Intercept request and rewrite to VM0 Proxy.
-
-    Original request:
-        POST https://api.anthropic.com/v1/messages
-        Headers: x-api-key: vm0_enc_xxx, Content-Type: application/json
-        Body: {...}
-
-    Rewritten to:
-        POST https://vm0.ai/api/webhooks/agent/proxy?url=https%3A%2F%2Fapi.anthropic.com%2Fv1%2Fmessages&runId=xxx
-        Headers: Authorization: Bearer vm0_live_xxx, x-api-key: vm0_enc_xxx, Content-Type: application/json
-        Body: {...}
-    """
-    # Track request start time for latency calculation
-    request_start_times[flow.id] = time.time()
-
-    # Skip if no API URL configured
-    if not API_URL:
-        ctx.log.warn("VM0_API_URL not set, passing through")
-        return
-
-    # Skip rewriting requests already going to VM0 (avoid loops)
-    # But still allow them to be logged in the response handler
-    if API_URL in flow.request.pretty_url:
-        # Store original URL for logging
-        flow.metadata["original_url"] = flow.request.pretty_url
-        flow.metadata["skip_rewrite"] = True
-        return
-
-    # Get original target URL
-    original_url = get_original_url(flow)
-
-    # Store original URL for logging in response handler
-    flow.metadata["original_url"] = original_url
-
-    ctx.log.info(f"Proxying: {original_url} -> VM0 Proxy")
-
-    # Parse proxy URL
-    parsed = urllib.parse.urlparse(PROXY_URL)
-
-    # Build query params properly using urlencode
-    query_params = {"url": original_url}
-    if RUN_ID:
-        query_params["runId"] = RUN_ID
-    query_string = urllib.parse.urlencode(query_params)
-
-    # Rewrite request to proxy
-    flow.request.host = parsed.hostname
-    flow.request.port = 443 if parsed.scheme == "https" else 80
-    flow.request.scheme = parsed.scheme
-    flow.request.path = f"{parsed.path}?{query_string}"
-
-    # Save original Authorization header before overwriting (for transparent proxy)
-    # VM0 Proxy will restore this and decrypt any proxy tokens
-    if "Authorization" in flow.request.headers:
-        flow.request.headers["x-vm0-original-authorization"] = flow.request.headers["Authorization"]
-
-    # Add sandbox authentication token
-    if API_TOKEN:
-        flow.request.headers["Authorization"] = f"Bearer {API_TOKEN}"
-
-    # Add Vercel bypass header if configured
-    if VERCEL_BYPASS:
-        flow.request.headers["x-vercel-protection-bypass"] = VERCEL_BYPASS
-
-    # All other headers (including x-api-key with vm0_enc_xxx) are preserved
-    # The proxy endpoint will decrypt the token before forwarding
-
-
-def response(flow: http.HTTPFlow) -> None:
-    """
-    Handle response from VM0 Proxy.
-    Log network activity and any errors for debugging.
-    """
-    # Calculate latency
-    start_time = request_start_times.pop(flow.id, None)
-    latency_ms = int((time.time() - start_time) * 1000) if start_time else 0
-
-    # Get original URL (stored in request handler) or use current URL
-    original_url = flow.metadata.get("original_url", flow.request.pretty_url)
-
-    # Calculate request/response sizes
-    request_size = len(flow.request.content) if flow.request.content else 0
-    response_size = len(flow.response.content) if flow.response and flow.response.content else 0
-
-    # Determine status code
-    status_code = flow.response.status_code if flow.response else 0
-
-    # Log network entry
-    log_entry = {
-        "timestamp": time.strftime("%Y-%m-%dT%H:%M:%S", time.gmtime()),
-        "method": flow.request.method,
-        "url": original_url,
-        "status": status_code,
-        "latency_ms": latency_ms,
-        "request_size": request_size,
-        "response_size": response_size,
-    }
-    log_network_entry(log_entry)
-
-    # Log errors to mitmproxy console
-    if flow.response and flow.response.status_code >= 400:
-        ctx.log.warn(
-            f"Proxy response {flow.response.status_code}: "
-            f"{original_url}"
-        )
-
-
-# mitmproxy addon registration
-addons = [request, response]
-`;
-
 // ../../packages/core/src/sandbox/scripts/lib/secret_masker.py.ts
 var SECRET_MASKER_SCRIPT = `#!/usr/bin/env python3
 """
@@ -8852,8 +8495,6 @@ var SCRIPT_PATHS = {
   mockClaude: "/usr/local/bin/vm0-agent/lib/mock_claude.py",
   metrics: "/usr/local/bin/vm0-agent/lib/metrics.py",
   uploadTelemetry: "/usr/local/bin/vm0-agent/lib/upload_telemetry.py",
-  proxySetup: "/usr/local/bin/vm0-agent/lib/proxy_setup.py",
-  mitmAddon: "/usr/local/bin/vm0-agent/lib/mitm_addon.py",
   secretMasker: "/usr/local/bin/vm0-agent/lib/secret_masker.py"
 };
 
@@ -8927,8 +8568,6 @@ function getAllScripts() {
     { content: MOCK_CLAUDE_SCRIPT, path: SCRIPT_PATHS.mockClaude },
     { content: METRICS_SCRIPT, path: SCRIPT_PATHS.metrics },
     { content: UPLOAD_TELEMETRY_SCRIPT, path: SCRIPT_PATHS.uploadTelemetry },
-    { content: PROXY_SETUP_SCRIPT, path: SCRIPT_PATHS.proxySetup },
-    { content: MITM_ADDON_SCRIPT, path: SCRIPT_PATHS.mitmAddon },
     { content: SECRET_MASKER_SCRIPT, path: SCRIPT_PATHS.secretMasker },
     { content: RUN_AGENT_SCRIPT, path: SCRIPT_PATHS.runAgent },
     // Env loader is runner-specific (loads env from JSON before executing run-agent.py)
@@ -8936,42 +8575,572 @@ function getAllScripts() {
   ];
 }
 
-// src/lib/executor.ts
-function getVmIdFromRunId(runId) {
-  return runId.split("-")[0] || runId.substring(0, 8);
-}
-function buildEnvironmentVariables(context, apiUrl) {
-  const envVars = {
-    VM0_API_URL: apiUrl,
-    VM0_RUN_ID: context.runId,
-    VM0_API_TOKEN: context.sandboxToken,
-    VM0_PROMPT: context.prompt,
-    VM0_WORKING_DIR: context.workingDir,
-    CLI_AGENT_TYPE: context.cliAgentType || "claude-code"
-  };
-  const vercelBypass = process.env.VERCEL_AUTOMATION_BYPASS_SECRET;
-  if (vercelBypass) {
-    envVars.VERCEL_PROTECTION_BYPASS = vercelBypass;
-  }
-  const useMockClaude = process.env.USE_MOCK_CLAUDE;
-  if (useMockClaude) {
-    envVars.USE_MOCK_CLAUDE = useMockClaude;
+// src/lib/proxy/vm-registry.ts
+import fs4 from "fs";
+var DEFAULT_REGISTRY_PATH = "/tmp/vm0-vm-registry.json";
+var VMRegistry = class {
+  registryPath;
+  data;
+  constructor(registryPath = DEFAULT_REGISTRY_PATH) {
+    this.registryPath = registryPath;
+    this.data = this.load();
   }
-  if (context.storageManifest?.artifact) {
-    const artifact = context.storageManifest.artifact;
-    envVars.VM0_ARTIFACT_DRIVER = "vas";
-    envVars.VM0_ARTIFACT_MOUNT_PATH = artifact.mountPath;
-    envVars.VM0_ARTIFACT_VOLUME_NAME = artifact.vasStorageName;
-    envVars.VM0_ARTIFACT_VERSION_ID = artifact.vasVersionId;
-  }
-  if (context.resumeSession) {
-    envVars.VM0_RESUME_SESSION_ID = context.resumeSession.sessionId;
+  /**
+   * Load registry data from file
+   */
+  load() {
+    try {
+      if (fs4.existsSync(this.registryPath)) {
+        const content = fs4.readFileSync(this.registryPath, "utf-8");
+        return JSON.parse(content);
+      }
+    } catch {
+    }
+    return { vms: {}, updatedAt: Date.now() };
   }
-  if (context.environment) {
-    Object.assign(envVars, context.environment);
+  /**
+   * Save registry data to file atomically
+   */
+  save() {
+    this.data.updatedAt = Date.now();
+    const content = JSON.stringify(this.data, null, 2);
+    const tempPath = `${this.registryPath}.tmp`;
+    fs4.writeFileSync(tempPath, content, { mode: 420 });
+    fs4.renameSync(tempPath, this.registryPath);
   }
-  if (context.secretValues && context.secretValues.length > 0) {
-    envVars.VM0_SECRET_VALUES = context.secretValues.map((v) => Buffer.from(v).toString("base64")).join(",");
+  /**
+   * Register a VM with its IP address
+   */
+  register(vmIp, runId, sandboxToken) {
+    this.data.vms[vmIp] = {
+      runId,
+      sandboxToken,
+      registeredAt: Date.now()
+    };
+    this.save();
+    console.log(`[VMRegistry] Registered VM ${vmIp} for run ${runId}`);
+  }
+  /**
+   * Unregister a VM by IP address
+   */
+  unregister(vmIp) {
+    if (this.data.vms[vmIp]) {
+      const registration = this.data.vms[vmIp];
+      delete this.data.vms[vmIp];
+      this.save();
+      console.log(
+        `[VMRegistry] Unregistered VM ${vmIp} (run ${registration.runId})`
+      );
+    }
+  }
+  /**
+   * Look up registration by VM IP
+   */
+  lookup(vmIp) {
+    return this.data.vms[vmIp];
+  }
+  /**
+   * Get all registered VMs
+   */
+  getAll() {
+    return { ...this.data.vms };
+  }
+  /**
+   * Clear all registrations
+   */
+  clear() {
+    this.data.vms = {};
+    this.save();
+    console.log("[VMRegistry] Cleared all registrations");
+  }
+  /**
+   * Get the path to the registry file
+   */
+  getRegistryPath() {
+    return this.registryPath;
+  }
+};
+var globalRegistry = null;
+function getVMRegistry() {
+  if (!globalRegistry) {
+    globalRegistry = new VMRegistry();
+  }
+  return globalRegistry;
+}
+function initVMRegistry(registryPath) {
+  globalRegistry = new VMRegistry(registryPath);
+  return globalRegistry;
+}
+
+// src/lib/proxy/proxy-manager.ts
+import { spawn as spawn2 } from "child_process";
+import fs5 from "fs";
+import path3 from "path";
+
+// src/lib/proxy/mitm-addon-script.ts
+var RUNNER_MITM_ADDON_SCRIPT = `#!/usr/bin/env python3
+"""
+mitmproxy addon for VM0 runner-level network security mode.
+
+This addon runs on the runner HOST (not inside VMs) and:
+1. Intercepts all HTTPS requests from VMs
+2. Looks up the source VM's runId from the VM registry
+3. Rewrites requests to go through VM0 Proxy endpoint
+4. Preserves all original headers (including encrypted tokens)
+5. Logs network activity per-run to JSONL files
+"""
+import os
+import json
+import time
+import urllib.parse
+from mitmproxy import http, ctx
+
+
+# VM0 Proxy configuration from environment
+API_URL = os.environ.get("VM0_API_URL", "https://www.vm0.ai")
+REGISTRY_PATH = os.environ.get("VM0_REGISTRY_PATH", "/tmp/vm0-vm-registry.json")
+VERCEL_BYPASS = os.environ.get("VERCEL_PROTECTION_BYPASS", "")
+
+# Construct proxy URL
+PROXY_URL = f"{API_URL}/api/webhooks/agent/proxy"
+
+# Cache for VM registry (reloaded periodically)
+_registry_cache = {}
+_registry_cache_time = 0
+REGISTRY_CACHE_TTL = 2  # seconds
+
+# Track request start times for latency calculation
+request_start_times = {}
+
+
+def load_registry() -> dict:
+    """Load the VM registry from file, with caching."""
+    global _registry_cache, _registry_cache_time
+
+    now = time.time()
+    if now - _registry_cache_time < REGISTRY_CACHE_TTL:
+        return _registry_cache
+
+    try:
+        if os.path.exists(REGISTRY_PATH):
+            with open(REGISTRY_PATH, "r") as f:
+                data = json.load(f)
+                _registry_cache = data.get("vms", {})
+                _registry_cache_time = now
+                return _registry_cache
+    except Exception as e:
+        ctx.log.warn(f"Failed to load VM registry: {e}")
+
+    return _registry_cache
+
+
+def get_vm_info(client_ip: str) -> dict | None:
+    """Look up VM info by client IP address."""
+    registry = load_registry()
+    return registry.get(client_ip)
+
+
+def get_network_log_path(run_id: str) -> str:
+    """Get the network log file path for a run."""
+    return f"/tmp/vm0-network-{run_id}.jsonl"
+
+
+def log_network_entry(run_id: str, entry: dict) -> None:
+    """Write a network log entry to the per-run JSONL file."""
+    if not run_id:
+        return
+
+    log_path = get_network_log_path(run_id)
+    try:
+        fd = os.open(log_path, os.O_CREAT | os.O_APPEND | os.O_WRONLY, 0o644)
+        try:
+            os.write(fd, (json.dumps(entry) + "\\n").encode())
+        finally:
+            os.close(fd)
+    except Exception as e:
+        ctx.log.warn(f"Failed to write network log: {e}")
+
+
+def get_original_url(flow: http.HTTPFlow) -> str:
+    """Reconstruct the original target URL from the request."""
+    scheme = "https" if flow.request.port == 443 else "http"
+    host = flow.request.pretty_host
+    port = flow.request.port
+
+    if (scheme == "https" and port != 443) or (scheme == "http" and port != 80):
+        host_with_port = f"{host}:{port}"
+    else:
+        host_with_port = host
+
+    path = flow.request.path
+    return f"{scheme}://{host_with_port}{path}"
+
+
+def request(flow: http.HTTPFlow) -> None:
+    """
+    Intercept request and rewrite to VM0 Proxy.
+
+    Identifies the source VM by client IP and looks up the associated
+    runId and sandboxToken from the VM registry.
+    """
+    # Track request start time
+    request_start_times[flow.id] = time.time()
+
+    # Get client IP (source VM)
+    client_ip = flow.client_conn.peername[0] if flow.client_conn.peername else None
+
+    if not client_ip:
+        ctx.log.warn("No client IP available, passing through")
+        return
+
+    # Look up VM info from registry
+    vm_info = get_vm_info(client_ip)
+
+    if not vm_info:
+        # Not a registered VM, pass through without proxying
+        # This allows non-VM traffic to work normally
+        ctx.log.info(f"No VM registration for {client_ip}, passing through")
+        return
+
+    run_id = vm_info.get("runId", "")
+    sandbox_token = vm_info.get("sandboxToken", "")
+
+    # Store info for response handler
+    flow.metadata["vm_run_id"] = run_id
+    flow.metadata["vm_client_ip"] = client_ip
+
+    # Skip if no API URL configured
+    if not API_URL:
+        ctx.log.warn("VM0_API_URL not set, passing through")
+        return
+
+    # Skip rewriting requests already going to VM0 (avoid loops)
+    if API_URL in flow.request.pretty_url:
+        flow.metadata["original_url"] = flow.request.pretty_url
+        flow.metadata["skip_rewrite"] = True
+        return
+
+    # Skip rewriting requests to trusted domains (S3, etc.)
+    # S3 presigned URLs have signatures that break when proxied
+    host = flow.request.pretty_host.lower()
+    TRUSTED_DOMAINS = [
+        ".s3.amazonaws.com",
+        ".s3-",  # Regional S3 endpoints like s3-us-west-2.amazonaws.com
+        "s3.amazonaws.com",
+        ".r2.cloudflarestorage.com",
+        ".storage.googleapis.com",
+    ]
+    for domain in TRUSTED_DOMAINS:
+        if domain in host or host.endswith(domain.lstrip(".")):
+            ctx.log.info(f"[{run_id}] Skipping trusted domain: {host}")
+            flow.metadata["original_url"] = get_original_url(flow)
+            flow.metadata["skip_rewrite"] = True
+            return
+
+    # Get original target URL
+    original_url = get_original_url(flow)
+    flow.metadata["original_url"] = original_url
+
+    ctx.log.info(f"[{run_id}] Proxying: {original_url}")
+
+    # Parse proxy URL
+    parsed = urllib.parse.urlparse(PROXY_URL)
+
+    # Build query params
+    query_params = {"url": original_url}
+    if run_id:
+        query_params["runId"] = run_id
+    query_string = urllib.parse.urlencode(query_params)
+
+    # Rewrite request to proxy
+    flow.request.host = parsed.hostname
+    flow.request.port = 443 if parsed.scheme == "https" else 80
+    flow.request.scheme = parsed.scheme
+    flow.request.path = f"{parsed.path}?{query_string}"
+
+    # Save original Authorization header before overwriting
+    if "Authorization" in flow.request.headers:
+        flow.request.headers["x-vm0-original-authorization"] = flow.request.headers["Authorization"]
+
+    # Add sandbox authentication token
+    if sandbox_token:
+        flow.request.headers["Authorization"] = f"Bearer {sandbox_token}"
+
+    # Add Vercel bypass header if configured
+    if VERCEL_BYPASS:
+        flow.request.headers["x-vercel-protection-bypass"] = VERCEL_BYPASS
+
+
+def response(flow: http.HTTPFlow) -> None:
+    """
+    Handle response and log network activity.
+    """
+    # Calculate latency
+    start_time = request_start_times.pop(flow.id, None)
+    latency_ms = int((time.time() - start_time) * 1000) if start_time else 0
+
+    # Get stored info
+    run_id = flow.metadata.get("vm_run_id", "")
+    original_url = flow.metadata.get("original_url", flow.request.pretty_url)
+
+    # Calculate sizes
+    request_size = len(flow.request.content) if flow.request.content else 0
+    response_size = len(flow.response.content) if flow.response and flow.response.content else 0
+    status_code = flow.response.status_code if flow.response else 0
+
+    # Log network entry for this run
+    if run_id:
+        log_entry = {
+            "timestamp": time.strftime("%Y-%m-%dT%H:%M:%S", time.gmtime()),
+            "method": flow.request.method,
+            "url": original_url,
+            "status": status_code,
+            "latency_ms": latency_ms,
+            "request_size": request_size,
+            "response_size": response_size,
+        }
+        log_network_entry(run_id, log_entry)
+
+    # Log errors to mitmproxy console
+    if flow.response and flow.response.status_code >= 400:
+        ctx.log.warn(
+            f"[{run_id}] Proxy response {flow.response.status_code}: {original_url}"
+        )
+
+
+# mitmproxy addon registration
+addons = [request, response]
+`;
+
+// src/lib/proxy/proxy-manager.ts
+var DEFAULT_PROXY_CONFIG = {
+  port: 8080,
+  caDir: "/opt/vm0-runner/proxy",
+  addonPath: "/opt/vm0-runner/proxy/mitm_addon.py",
+  registryPath: DEFAULT_REGISTRY_PATH,
+  apiUrl: process.env.VM0_API_URL || "https://www.vm0.ai"
+};
+var ProxyManager = class {
+  config;
+  process = null;
+  isRunning = false;
+  constructor(config = {}) {
+    this.config = { ...DEFAULT_PROXY_CONFIG, ...config };
+  }
+  /**
+   * Check if mitmproxy is available
+   */
+  async checkMitmproxyInstalled() {
+    return new Promise((resolve) => {
+      const proc = spawn2("mitmdump", ["--version"], {
+        stdio: ["ignore", "pipe", "pipe"]
+      });
+      proc.on("close", (code) => {
+        resolve(code === 0);
+      });
+      proc.on("error", () => {
+        resolve(false);
+      });
+    });
+  }
+  /**
+   * Ensure the addon script exists at the configured path
+   */
+  ensureAddonScript() {
+    const addonDir = path3.dirname(this.config.addonPath);
+    if (!fs5.existsSync(addonDir)) {
+      fs5.mkdirSync(addonDir, { recursive: true });
+    }
+    fs5.writeFileSync(this.config.addonPath, RUNNER_MITM_ADDON_SCRIPT, {
+      mode: 493
+    });
+    console.log(
+      `[ProxyManager] Addon script written to ${this.config.addonPath}`
+    );
+  }
+  /**
+   * Validate proxy configuration
+   */
+  validateConfig() {
+    if (!fs5.existsSync(this.config.caDir)) {
+      throw new Error(`Proxy CA directory not found: ${this.config.caDir}`);
+    }
+    const caCertPath = path3.join(this.config.caDir, "mitmproxy-ca.pem");
+    if (!fs5.existsSync(caCertPath)) {
+      throw new Error(`Proxy CA certificate not found: ${caCertPath}`);
+    }
+    this.ensureAddonScript();
+  }
+  /**
+   * Start mitmproxy
+   */
+  async start() {
+    if (this.isRunning) {
+      console.log("[ProxyManager] Proxy already running");
+      return;
+    }
+    const mitmproxyInstalled = await this.checkMitmproxyInstalled();
+    if (!mitmproxyInstalled) {
+      throw new Error(
+        "mitmproxy not installed. Install with: pip install mitmproxy"
+      );
+    }
+    this.validateConfig();
+    getVMRegistry();
+    console.log("[ProxyManager] Starting mitmproxy...");
+    console.log(`  Port: ${this.config.port}`);
+    console.log(`  CA Dir: ${this.config.caDir}`);
+    console.log(`  Addon: ${this.config.addonPath}`);
+    console.log(`  Registry: ${this.config.registryPath}`);
+    const args = [
+      "--mode",
+      "transparent",
+      "--listen-port",
+      String(this.config.port),
+      "--set",
+      `confdir=${this.config.caDir}`,
+      "--scripts",
+      this.config.addonPath,
+      "--quiet"
+    ];
+    const env = {
+      ...process.env,
+      VM0_API_URL: this.config.apiUrl,
+      VM0_REGISTRY_PATH: this.config.registryPath
+    };
+    this.process = spawn2("mitmdump", args, {
+      env,
+      stdio: ["ignore", "pipe", "pipe"],
+      detached: false
+    });
+    this.process.stdout?.on("data", (data) => {
+      console.log(`[mitmproxy] ${data.toString().trim()}`);
+    });
+    this.process.stderr?.on("data", (data) => {
+      console.error(`[mitmproxy] ${data.toString().trim()}`);
+    });
+    this.process.on("close", (code) => {
+      console.log(`[ProxyManager] mitmproxy exited with code ${code}`);
+      this.isRunning = false;
+      this.process = null;
+    });
+    this.process.on("error", (err) => {
+      console.error(`[ProxyManager] mitmproxy error: ${err.message}`);
+      this.isRunning = false;
+      this.process = null;
+    });
+    await this.waitForReady();
+    this.isRunning = true;
+    console.log("[ProxyManager] mitmproxy started successfully");
+  }
+  /**
+   * Wait for proxy to be ready
+   */
+  async waitForReady(timeoutMs = 1e4) {
+    const startTime = Date.now();
+    const pollInterval = 500;
+    while (Date.now() - startTime < timeoutMs) {
+      if (this.process && this.process.exitCode !== null) {
+        throw new Error(
+          `mitmproxy exited unexpectedly with code ${this.process.exitCode}`
+        );
+      }
+      await new Promise((resolve) => setTimeout(resolve, pollInterval));
+      if (this.process && this.process.exitCode === null) {
+        return;
+      }
+    }
+    throw new Error("Timeout waiting for mitmproxy to start");
+  }
+  /**
+   * Stop mitmproxy
+   */
+  async stop() {
+    if (!this.process || !this.isRunning) {
+      console.log("[ProxyManager] Proxy not running");
+      return;
+    }
+    console.log("[ProxyManager] Stopping mitmproxy...");
+    return new Promise((resolve) => {
+      if (!this.process) {
+        resolve();
+        return;
+      }
+      const timeout = setTimeout(() => {
+        console.log("[ProxyManager] Force killing mitmproxy...");
+        this.process?.kill("SIGKILL");
+      }, 5e3);
+      this.process.on("close", () => {
+        clearTimeout(timeout);
+        this.isRunning = false;
+        this.process = null;
+        console.log("[ProxyManager] mitmproxy stopped");
+        resolve();
+      });
+      this.process.kill("SIGTERM");
+    });
+  }
+  /**
+   * Check if proxy is running
+   */
+  isProxyRunning() {
+    return this.isRunning && this.process !== null;
+  }
+  /**
+   * Get proxy configuration
+   */
+  getConfig() {
+    return { ...this.config };
+  }
+};
+var globalProxyManager = null;
+function getProxyManager() {
+  if (!globalProxyManager) {
+    globalProxyManager = new ProxyManager();
+  }
+  return globalProxyManager;
+}
+function initProxyManager(config) {
+  globalProxyManager = new ProxyManager(config);
+  return globalProxyManager;
+}
+
+// src/lib/executor.ts
+function getVmIdFromRunId(runId) {
+  return runId.split("-")[0] || runId.substring(0, 8);
+}
+function buildEnvironmentVariables(context, apiUrl) {
+  const envVars = {
+    VM0_API_URL: apiUrl,
+    VM0_RUN_ID: context.runId,
+    VM0_API_TOKEN: context.sandboxToken,
+    VM0_PROMPT: context.prompt,
+    VM0_WORKING_DIR: context.workingDir,
+    CLI_AGENT_TYPE: context.cliAgentType || "claude-code"
+  };
+  const vercelBypass = process.env.VERCEL_AUTOMATION_BYPASS_SECRET;
+  if (vercelBypass) {
+    envVars.VERCEL_PROTECTION_BYPASS = vercelBypass;
+  }
+  const useMockClaude = process.env.USE_MOCK_CLAUDE;
+  if (useMockClaude) {
+    envVars.USE_MOCK_CLAUDE = useMockClaude;
+  }
+  if (context.storageManifest?.artifact) {
+    const artifact = context.storageManifest.artifact;
+    envVars.VM0_ARTIFACT_DRIVER = "vas";
+    envVars.VM0_ARTIFACT_MOUNT_PATH = artifact.mountPath;
+    envVars.VM0_ARTIFACT_VOLUME_NAME = artifact.vasStorageName;
+    envVars.VM0_ARTIFACT_VERSION_ID = artifact.vasVersionId;
+  }
+  if (context.resumeSession) {
+    envVars.VM0_RESUME_SESSION_ID = context.resumeSession.sessionId;
+  }
+  if (context.environment) {
+    Object.assign(envVars, context.environment);
+  }
+  if (context.secretValues && context.secretValues.length > 0) {
+    envVars.VM0_SECRET_VALUES = context.secretValues.map((v) => Buffer.from(v).toString("base64")).join(",");
   }
   if (context.vars) {
     for (const [key, value] of Object.entries(context.vars)) {
@@ -8981,6 +9150,70 @@ function buildEnvironmentVariables(context, apiUrl) {
   return envVars;
 }
 var ENV_JSON_PATH = "/tmp/vm0-env.json";
+function getNetworkLogPath(runId) {
+  return `/tmp/vm0-network-${runId}.jsonl`;
+}
+function readNetworkLogs(runId) {
+  const logPath = getNetworkLogPath(runId);
+  if (!fs6.existsSync(logPath)) {
+    return [];
+  }
+  try {
+    const content = fs6.readFileSync(logPath, "utf-8");
+    const lines = content.split("\n").filter((line) => line.trim());
+    return lines.map((line) => JSON.parse(line));
+  } catch (err) {
+    console.error(
+      `[Executor] Failed to read network logs: ${err instanceof Error ? err.message : "Unknown error"}`
+    );
+    return [];
+  }
+}
+function cleanupNetworkLogs(runId) {
+  const logPath = getNetworkLogPath(runId);
+  try {
+    if (fs6.existsSync(logPath)) {
+      fs6.unlinkSync(logPath);
+    }
+  } catch (err) {
+    console.error(
+      `[Executor] Failed to cleanup network logs: ${err instanceof Error ? err.message : "Unknown error"}`
+    );
+  }
+}
+async function uploadNetworkLogs(apiUrl, sandboxToken, runId) {
+  const networkLogs = readNetworkLogs(runId);
+  if (networkLogs.length === 0) {
+    console.log(`[Executor] No network logs to upload for ${runId}`);
+    return;
+  }
+  console.log(
+    `[Executor] Uploading ${networkLogs.length} network log entries for ${runId}`
+  );
+  const headers = {
+    Authorization: `Bearer ${sandboxToken}`,
+    "Content-Type": "application/json"
+  };
+  const bypassSecret = process.env.VERCEL_AUTOMATION_BYPASS_SECRET;
+  if (bypassSecret) {
+    headers["x-vercel-protection-bypass"] = bypassSecret;
+  }
+  const response = await fetch(`${apiUrl}/api/webhooks/agent/telemetry`, {
+    method: "POST",
+    headers,
+    body: JSON.stringify({
+      runId,
+      networkLogs
+    })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    console.error(`[Executor] Failed to upload network logs: ${errorText}`);
+    return;
+  }
+  console.log(`[Executor] Network logs uploaded successfully for ${runId}`);
+  cleanupNetworkLogs(runId);
+}
 async function uploadScripts(ssh) {
   const scripts = getAllScripts();
   await ssh.execOrThrow(
@@ -9030,6 +9263,24 @@ async function restoreSessionHistory(ssh, resumeSession, workingDir, cliAgentTyp
     `[Executor] Session history restored (${sessionHistory.split("\n").length} lines)`
   );
 }
+var PROXY_CA_CERT_PATH = "/opt/vm0-runner/proxy/mitmproxy-ca-cert.pem";
+async function installProxyCA(ssh) {
+  if (!fs6.existsSync(PROXY_CA_CERT_PATH)) {
+    throw new Error(
+      `Proxy CA certificate not found at ${PROXY_CA_CERT_PATH}. Run generate-proxy-ca.sh first.`
+    );
+  }
+  const caCert = fs6.readFileSync(PROXY_CA_CERT_PATH, "utf-8");
+  console.log(
+    `[Executor] Installing proxy CA certificate (${caCert.length} bytes)`
+  );
+  await ssh.writeFileWithSudo(
+    "/usr/local/share/ca-certificates/vm0-proxy-ca.crt",
+    caCert
+  );
+  await ssh.execOrThrow("sudo update-ca-certificates");
+  console.log(`[Executor] Proxy CA certificate installed successfully`);
+}
 async function configureDNS(ssh) {
   const dnsConfig = `nameserver 8.8.8.8
 nameserver 8.8.4.4
@@ -9041,9 +9292,10 @@ nameserver 1.1.1.1`;
 async function executeJob(context, config) {
   const vmId = getVmIdFromRunId(context.runId);
   let vm = null;
+  let guestIp = null;
   console.log(`[Executor] Starting job ${context.runId} in VM ${vmId}`);
   try {
-    const workspacesDir = path3.join(process.cwd(), "workspaces");
+    const workspacesDir = path4.join(process.cwd(), "workspaces");
     const vmConfig = {
       vmId,
       vcpus: config.sandbox.vcpu,
@@ -9051,12 +9303,12 @@ async function executeJob(context, config) {
       kernelPath: config.firecracker.kernel,
       rootfsPath: config.firecracker.rootfs,
       firecrackerBinary: config.firecracker.binary,
-      workDir: path3.join(workspacesDir, `vm0-${vmId}`)
+      workDir: path4.join(workspacesDir, `vm0-${vmId}`)
     };
     console.log(`[Executor] Creating VM ${vmId}...`);
     vm = new FirecrackerVM(vmConfig);
     await vm.start();
-    const guestIp = vm.getGuestIp();
+    guestIp = vm.getGuestIp();
     if (!guestIp) {
       throw new Error("VM started but no IP address available");
     }
@@ -9066,6 +9318,14 @@ async function executeJob(context, config) {
     console.log(`[Executor] Waiting for SSH on ${guestIp}...`);
     await ssh.waitUntilReachable(12e4, 2e3);
     console.log(`[Executor] SSH ready on ${guestIp}`);
+    if (context.experimentalNetworkSecurity) {
+      console.log(
+        `[Executor] Setting up network security mode for VM ${guestIp}`
+      );
+      await setupVMProxyRules(guestIp, config.proxy.port);
+      getVMRegistry().register(guestIp, context.runId, context.sandboxToken);
+      await installProxyCA(ssh);
+    }
     console.log(`[Executor] Configuring DNS...`);
     await configureDNS(ssh);
     console.log(`[Executor] Uploading scripts...`);
@@ -9138,6 +9398,28 @@ async function executeJob(context, config) {
       error: errorMsg
     };
   } finally {
+    if (context.experimentalNetworkSecurity && guestIp) {
+      console.log(`[Executor] Cleaning up network security for VM ${guestIp}`);
+      try {
+        await removeVMProxyRules(guestIp, config.proxy.port);
+      } catch (err) {
+        console.error(
+          `[Executor] Failed to remove VM proxy rules: ${err instanceof Error ? err.message : "Unknown error"}`
+        );
+      }
+      getVMRegistry().unregister(guestIp);
+      try {
+        await uploadNetworkLogs(
+          config.server.url,
+          context.sandboxToken,
+          context.runId
+        );
+      } catch (err) {
+        console.error(
+          `[Executor] Failed to upload network logs: ${err instanceof Error ? err.message : "Unknown error"}`
+        );
+      }
+    }
     if (vm) {
       console.log(`[Executor] Cleaning up VM ${vmId}...`);
       await vm.kill();
@@ -9197,6 +9479,25 @@ var startCommand = new Command("start").description("Start the runner").option("
     }
     console.log("Setting up network bridge...");
     await setupBridge();
+    console.log("Initializing network proxy...");
+    initVMRegistry();
+    const proxyManager = initProxyManager({
+      apiUrl: config.server.url,
+      port: config.proxy.port
+    });
+    let proxyEnabled = false;
+    try {
+      await proxyManager.start();
+      proxyEnabled = true;
+      console.log("Network proxy initialized successfully");
+    } catch (err) {
+      console.warn(
+        `Network proxy not available: ${err instanceof Error ? err.message : "Unknown error"}`
+      );
+      console.warn(
+        "Jobs with experimentalNetworkSecurity enabled will run without network interception"
+      );
+    }
     const statusFilePath = join(dirname(options.config), "status.json");
     const startedAt = /* @__PURE__ */ new Date();
     const state = { mode: "running" };
@@ -9300,6 +9601,10 @@ var startCommand = new Command("start").description("Start the runner").option("
       );
       await Promise.all(jobPromises);
     }
+    if (proxyEnabled) {
+      console.log("Stopping network proxy...");
+      await getProxyManager().stop();
+    }
     state.mode = "stopped";
     updateStatus();
     console.log("Runner stopped");
@@ -9339,7 +9644,7 @@ var statusCommand = new Command2("status").description("Check runner connectivit
 });
 
 // src/index.ts
-var version = true ? "2.2.2" : "0.1.0";
+var version = true ? "2.3.0" : "0.1.0";
 program.name("vm0-runner").version(version).description("Self-hosted runner for VM0 agents");
 program.addCommand(startCommand);
 program.addCommand(statusCommand);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vm0/runner",
-  "version": "2.2.2",
+  "version": "2.3.0",
   "description": "Self-hosted runner for VM0 agents",
   "repository": {
     "type": "git",