@vm0/runner 3.9.3 → 3.10.0

package/index.js

@@ -1352,12 +1352,15 @@ var TapPool = class {
     }
     const guestMac = generateMacAddress(vmId);
     try {
-      await this.config.setMac(resource.tapDevice, guestMac);
+      await Promise.all([
+        this.config.setMac(resource.tapDevice, guestMac),
+        clearArpEntry(resource.guestIp)
+      ]);
     } catch (err) {
       if (fromPool) {
         this.queue.push(resource);
         logger4.log(
-          `Returned pair to pool after MAC set failure: ${resource.tapDevice}`
+          `Returned pair to pool after MAC/ARP failure: ${resource.tapDevice}`
         );
       } else {
         await releaseIP(resource.guestIp).catch(() => {
@@ -1367,14 +1370,11 @@ var TapPool = class {
       }
       throw err;
     }
-    await clearArpEntry(resource.guestIp);
-    try {
-      await assignVmIdToIP(resource.guestIp, vmId);
-    } catch (err) {
+    assignVmIdToIP(resource.guestIp, vmId).catch((err) => {
       logger4.error(
         `Failed to assign vmId to IP registry: ${err instanceof Error ? err.message : "Unknown"}`
       );
-    }
+    });
     logger4.log(
       `Acquired: TAP ${resource.tapDevice}, MAC ${guestMac}, IP ${resource.guestIp}`
     );
@@ -1695,12 +1695,9 @@ var FirecrackerVM = class {
   /**
    * Stop the VM
    *
-   * Note: With --no-api mode, we can only force kill the process.
-   * The VM doesn't have an API endpoint for graceful shutdown.
-   *
-   * TODO(#2118): Implement graceful shutdown via vsock command to guest agent.
-   * This would allow the guest to clean up before termination without
-   * adding the startup latency of API mode.
+   * Note: With --no-api mode, we force kill the Firecracker process.
+   * Graceful shutdown (filesystem sync) should be done via vsock
+   * before calling this method.
    */
   async stop() {
     if (this.state !== "running") {
@@ -1794,6 +1791,8 @@ var MSG_WRITE_FILE = 5;
 var MSG_SPAWN_WATCH = 7;
 var MSG_SPAWN_WATCH_RESULT = 8;
 var MSG_PROCESS_EXIT = 9;
+var MSG_SHUTDOWN = 10;
+var MSG_SHUTDOWN_ACK = 11;
 var MSG_ERROR = 255;
 var FLAG_SUDO = 1;
 function encode(type, seq, payload = Buffer.alloc(0)) {
@@ -2295,6 +2294,30 @@ var VsockClient = class {
   getVsockPath() {
     return this.vsockPath;
   }
+  /**
+   * Request graceful shutdown from guest
+   *
+   * Sends shutdown command to guest agent, which syncs filesystems
+   * and returns acknowledgment. Falls back gracefully on timeout.
+   *
+   * @param timeoutMs Maximum time to wait for acknowledgment (default: 2000ms)
+   * @returns true if guest acknowledged, false on timeout/error
+   */
+  async shutdown(timeoutMs = 2e3) {
+    if (!this.connected || !this.socket) {
+      return false;
+    }
+    try {
+      const response = await this.request(
+        MSG_SHUTDOWN,
+        Buffer.alloc(0),
+        timeoutMs
+      );
+      return response.type === MSG_SHUTDOWN_ACK;
+    } catch {
+      return false;
+    }
+  }
   /**
    * Close the connection
    */
@@ -7743,7 +7766,8 @@ import { z as z17 } from "zod";
 var c11 = initContract();
 var modelProviderTypeSchema = z17.enum([
   "claude-code-oauth-token",
-  "anthropic-api-key"
+  "anthropic-api-key",
+  "moonshot-api-key"
 ]);
 var modelProviderFrameworkSchema = z17.enum(["claude-code", "codex"]);
 var modelProviderResponseSchema = z17.object({
@@ -7752,6 +7776,7 @@ var modelProviderResponseSchema = z17.object({
   framework: modelProviderFrameworkSchema,
   credentialName: z17.string(),
   isDefault: z17.boolean(),
+  selectedModel: z17.string().nullable(),
   createdAt: z17.string(),
   updatedAt: z17.string()
 });
@@ -7761,7 +7786,8 @@ var modelProviderListResponseSchema = z17.object({
 var upsertModelProviderRequestSchema = z17.object({
   type: modelProviderTypeSchema,
   credential: z17.string().min(1, "Credential is required"),
-  convert: z17.boolean().optional()
+  convert: z17.boolean().optional(),
+  selectedModel: z17.string().optional()
 });
 var upsertModelProviderResponseSchema = z17.object({
   provider: modelProviderResponseSchema,
@@ -10030,6 +10056,7 @@ async function executeJob(context, config, options = {}) {
   const vmId = getVmIdFromRunId(context.runId);
   let vm = null;
   let guestIp = null;
+  let vsockClient = null;
   logger10.log(`Starting job ${context.runId} in VM ${vmId}`);
   try {
     const vmConfig = {
@@ -10050,14 +10077,12 @@ async function executeJob(context, config, options = {}) {
     }
     logger10.log(`VM ${vmId} started, guest IP: ${guestIp}`);
     const vsockPath = vm.getVsockPath();
-    const guest = new VsockClient(vsockPath);
+    vsockClient = new VsockClient(vsockPath);
+    const guest = vsockClient;
     logger10.log(`Using vsock for guest communication: ${vsockPath}`);
-    logger10.log(`Waiting for guest connection...`);
-    await withSandboxTiming(
-      "guest_wait",
-      () => guest.waitForGuestConnection(3e4)
+    const envJson = JSON.stringify(
+      buildEnvironmentVariables(context, config.server.url)
     );
-    logger10.log(`Guest client ready`);
     const firewallConfig = context.experimentalFirewall;
     if (firewallConfig?.enabled) {
       const mitmEnabled = firewallConfig.experimental_mitm ?? false;
@@ -10065,19 +10090,18 @@ async function executeJob(context, config, options = {}) {
       logger10.log(
         `Setting up network security for VM ${guestIp} (mitm=${mitmEnabled}, sealSecrets=${sealSecretsEnabled})`
       );
-      await withSandboxTiming("network_setup", async () => {
-        getVMRegistry().register(
-          guestIp,
-          context.runId,
-          context.sandboxToken,
-          {
-            firewallRules: firewallConfig?.rules,
-            mitmEnabled,
-            sealSecretsEnabled
-          }
-        );
+      getVMRegistry().register(guestIp, context.runId, context.sandboxToken, {
+        firewallRules: firewallConfig?.rules,
+        mitmEnabled,
+        sealSecretsEnabled
       });
     }
+    logger10.log(`Waiting for guest connection...`);
+    await withSandboxTiming(
+      "guest_wait",
+      () => guest.waitForGuestConnection(3e4)
+    );
+    logger10.log(`Guest client ready`);
     if (context.storageManifest) {
       await withSandboxTiming(
         "storage_download",
@@ -10095,8 +10119,6 @@ async function executeJob(context, config, options = {}) {
         )
       );
     }
-    const envVars = buildEnvironmentVariables(context, config.server.url);
-    const envJson = JSON.stringify(envVars);
     logger10.log(
       `Writing env JSON (${envJson.length} bytes) to ${ENV_JSON_PATH}`
     );
@@ -10193,6 +10215,15 @@ async function executeJob(context, config, options = {}) {
       }
     }
     if (vm) {
+      if (vsockClient) {
+        const acked = await vsockClient.shutdown(2e3);
+        if (acked) {
+          logger10.log(`Guest acknowledged shutdown`);
+        } else {
+          logger10.log(`Guest shutdown timeout, proceeding with SIGKILL`);
+        }
+        vsockClient.close();
+      }
       logger10.log(`Cleaning up VM ${vmId}...`);
       await withSandboxTiming("cleanup", () => vm.kill());
     }
@@ -11229,7 +11260,7 @@ var benchmarkCommand = new Command4("benchmark").description(
 });
 
 // src/index.ts
-var version = true ? "3.9.3" : "0.1.0";
+var version = true ? "3.10.0" : "0.1.0";
 program.name("vm0-runner").version(version).description("Self-hosted runner for VM0 agents");
 program.addCommand(startCommand);
 program.addCommand(doctorCommand);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vm0/runner",
-  "version": "3.9.3",
+  "version": "3.10.0",
   "description": "Self-hosted runner for VM0 agents",
   "repository": {
     "type": "git",