vmsan 0.1.0-alpha.14 → 0.1.0-alpha.15

package/dist/_chunks/connect.mjs

@@ -1,13 +1,57 @@
-import { l as agentTimeoutError } from "./errors.mjs";
-async function waitForAgent(guestIp, port, timeoutMs = 6e4) {
-	const start = Date.now();
-	const url = `http://${guestIp}:${port}/health`;
-	while (Date.now() - start < timeoutMs) {
+import { n as vmsanPaths } from "./paths.mjs";
+import { t as handleCommandError } from "./errors.mjs";
+import { t as createCommandLogger } from "./logger.mjs";
+import "./vm-state.mjs";
+import { n as waitForAgent, t as resolveVmState } from "./vm-context.mjs";
+import { t as ShellSession } from "./shell.mjs";
+import { consola } from "consola";
+import { defineCommand } from "citty";
+const connectCommand = defineCommand({
+	meta: {
+		name: "connect",
+		description: "Connect to a running VM"
+	},
+	args: {
+		vmId: {
+			type: "positional",
+			description: "VM ID to connect to",
+			required: true
+		},
+		session: {
+			type: "string",
+			alias: "s",
+			description: "Attach to an existing shell session ID",
+			required: false
+		}
+	},
+	async run({ args }) {
+		const cmdLog = createCommandLogger("connect");
+		const paths = vmsanPaths();
 		try {
-			if ((await fetch(url, { signal: AbortSignal.timeout(2e3) })).ok) return;
-		} catch {}
-		await new Promise((r) => setTimeout(r, 500));
+			const { state, guestIp, port } = resolveVmState(args.vmId, paths);
+			const log = consola.withTag(args.vmId);
+			consola.debug(`Agent endpoint: ${guestIp}:${port}`);
+			log.start("Waiting for agent to become ready...");
+			await waitForAgent(guestIp, port);
+			log.success("Agent is ready. Connecting via PTY shell...");
+			const shell = new ShellSession({
+				host: guestIp,
+				port,
+				token: state.agentToken,
+				sessionId: args.session
+			});
+			const closeInfo = await shell.connect();
+			cmdLog.set({
+				vmId: args.vmId,
+				method: "pty"
+			});
+			cmdLog.emit();
+			if (!closeInfo.sessionDestroyed && shell.sessionId) process.stderr.write(`\nResume this session with:\n  vmsan connect ${args.vmId} --session ${shell.sessionId}\n`);
+			process.exit(0);
+		} catch (error) {
+			handleCommandError(error, cmdLog);
+			process.exit(1);
+		}
 	}
-	throw agentTimeoutError(guestIp, timeoutMs);
-}
-export { waitForAgent as t };
+});
+export { connectCommand as default };

package/dist/_chunks/context.mjs

@@ -1,5 +1,5 @@
 import { n as vmsanPaths } from "./paths.mjs";
-import { H as VmsanError, S as vmNotStoppedError, _ as chrootNotFoundError, a as noKernelDirError, b as vmNotFoundError, d as socketTimeoutError, i as noExt4RootfsError, o as noKernelError, p as defaultInterfaceNotFoundError, r as missingBinaryError, s as noRootfsDirError, u as lockTimeoutError, x as vmNotRunningError, y as snapshotNotFoundError, z as mutuallyExclusiveFlagsError } from "./errors.mjs";
+import { B as mutuallyExclusiveFlagsError, C as vmNotStoppedError, S as vmNotRunningError, U as VmsanError, _ as chrootNotFoundError, a as noKernelDirError, d as socketTimeoutError, i as noExt4RootfsError, o as noKernelError, p as defaultInterfaceNotFoundError, r as missingBinaryError, s as noRootfsDirError, u as lockTimeoutError, x as vmNotFoundError, y as snapshotNotFoundError } from "./errors.mjs";
 import { c as safeKill, f as toError, i as generateVmId, t as FileVmStateStore } from "./vm-state.mjs";
 import { t as FirecrackerClient } from "./firecracker.mjs";
 import { createHooks } from "hookable";
@@ -1825,6 +1825,37 @@ function ensureSeccompFilter(paths) {
 		return null;
 	}
 }
+/**
+* Spawn a detached bash process that kills the VM after timeout.
+* The process sleeps for the timeout duration, then verifies the VM
+* is still running with the expected PID before sending SIGTERM.
+*/
+function spawnTimeoutKiller(opts) {
+	const { vmId, pid, timeoutMs, stateFile } = opts;
+	const timeoutSec = String(Math.ceil(timeoutMs / 1e3));
+	const killer = spawn("bash", [
+		"-c",
+		[
+			"sleep \"$1\"",
+			"STATE=$(cat -- \"$2\" 2>/dev/null) || exit 0",
+			"echo \"$STATE\" | grep -q '\"status\":\"running\"' || exit 0",
+			"echo \"$STATE\" | grep -q \"\"pid\":$3\" || exit 0",
+			"[ -d \"/proc/$3\" ] || exit 0",
+			"grep -aq -- \"$4\" \"/proc/$3/cmdline\" 2>/dev/null || exit 0",
+			"kill -- \"$3\" 2>/dev/null"
+		].join(" && "),
+		"bash",
+		timeoutSec,
+		stateFile,
+		String(pid),
+		vmId
+	], {
+		detached: true,
+		stdio: "ignore"
+	});
+	killer.unref();
+	return killer;
+}
 var VMService = class {
 	paths;
 	store;
@@ -1988,21 +2019,12 @@ var VMService = class {
 				pid
 			});
 			log.success(`VM ${vmId} is running (PID: ${pid || "unknown"})`);
-			if (timeoutMs && pid) {
-				const stateFile = join(paths.vmsDir, `${vmId}.json`);
-				spawn("bash", ["-c", [
-					`sleep ${Math.ceil(timeoutMs / 1e3)}`,
-					`STATE=$(cat "${stateFile}" 2>/dev/null) || exit 0`,
-					`echo "$STATE" | grep -q '"status":"running"' || exit 0`,
-					`echo "$STATE" | grep -q '"pid":${pid}' || exit 0`,
-					`[ -d /proc/${pid} ] || exit 0`,
-					`grep -q "${vmId}" /proc/${pid}/cmdline 2>/dev/null || exit 0`,
-					`kill ${pid} 2>/dev/null`
-				].join(" && ")], {
-					detached: true,
-					stdio: "ignore"
-				}).unref();
-			}
+			if (timeoutMs && pid) spawnTimeoutKiller({
+				vmId,
+				pid,
+				timeoutMs,
+				stateFile: join(paths.vmsDir, `${vmId}.json`)
+			});
 			const finalState = this.store.load(vmId);
 			await hooks.callHook("vm:afterCreate", finalState);
 			return {
@@ -2372,4 +2394,4 @@ async function createVmsan(options) {
 	if (options?.plugins) for (const plugin of options.plugins) await plugin.setup(ctx);
 	return vmsan;
 }
-export { createSilentLogger as C, createDefaultLogger as S, waitForSocket as _, resolveImageRootfs as a, FileLock as b, cleanupNetwork as c, assertSnapshotExists as d, findKernel as f, validateEnvironment as g, getVmPid as h, ensureSeccompFilter as i, killOrphanVmProcess as l, getVmJailerPid as m, VMService as n, buildInitialVmState as o, findRootfs as p, compileSeccompFilter as r, cleanupChroot as s, createVmsan as t, markVmAsError as u, Jailer as v, NetworkManager as x, detectCgroupVersion as y };
+export { createDefaultLogger as C, NetworkManager as S, validateEnvironment as _, ensureSeccompFilter as a, detectCgroupVersion as b, cleanupChroot as c, markVmAsError as d, assertSnapshotExists as f, getVmPid as g, getVmJailerPid as h, compileSeccompFilter as i, cleanupNetwork as l, findRootfs as m, VMService as n, resolveImageRootfs as o, findKernel as p, spawnTimeoutKiller as r, buildInitialVmState as s, createVmsan as t, killOrphanVmProcess as u, waitForSocket as v, createSilentLogger as w, FileLock as x, Jailer as y };

package/dist/_chunks/create.mjs

@@ -4,10 +4,10 @@ import { i as initVmsanLogger, n as createScopedLogger, t as createCommandLogger
 import "./vm-state.mjs";
 import { t as createVmsan } from "./context.mjs";
 import "./firecracker.mjs";
+import { n as waitForAgent } from "./vm-context.mjs";
 import { t as ShellSession } from "./shell.mjs";
 import { a as parseImageReference, t as parseBandwidth } from "./validation.mjs";
 import { n as parseCreateInput, t as buildCreateSummaryLines } from "./summary.mjs";
-import { t as waitForAgent } from "./connect.mjs";
 import { join } from "node:path";
 import { consola } from "consola";
 import { defineCommand } from "citty";

package/dist/_chunks/download.mjs

@@ -1,9 +1,9 @@
 import { n as vmsanPaths } from "./paths.mjs";
-import { b as vmNotFoundError, t as handleCommandError } from "./errors.mjs";
+import { t as handleCommandError } from "./errors.mjs";
 import { t as createCommandLogger } from "./logger.mjs";
-import { t as FileVmStateStore } from "./vm-state.mjs";
+import "./vm-state.mjs";
 import { t as AgentClient } from "./agent.mjs";
-import { t as waitForAgent } from "./connect.mjs";
+import { n as waitForAgent, t as resolveVmState } from "./vm-context.mjs";
 import { basename, join, resolve } from "node:path";
 import { existsSync, mkdirSync, statSync, writeFileSync } from "node:fs";
 import { consola } from "consola";
@@ -29,23 +29,8 @@ const downloadCommand = defineCommand({
 		const cmdLog = createCommandLogger("download");
 		const paths = vmsanPaths();
 		try {
-			const state = new FileVmStateStore(paths.vmsDir).load(args.vmId);
-			if (!state) throw vmNotFoundError(args.vmId);
-			if (state.status !== "running") {
-				consola.error(`VM ${args.vmId} is not running (status: ${state.status})`);
-				cmdLog.emit();
-				process.exitCode = 1;
-				return;
-			}
-			if (!state.agentToken) {
-				consola.error("VM has no agent token. Cannot download files without the agent.");
-				cmdLog.emit();
-				process.exitCode = 1;
-				return;
-			}
+			const { state, guestIp, port } = resolveVmState(args.vmId, paths);
 			const log = consola.withTag(args.vmId);
-			const guestIp = state.network.guestIp;
-			const port = state.agentPort || paths.agentPort;
 			consola.debug(`Agent endpoint: ${guestIp}:${port}`);
 			log.start("Waiting for agent...");
 			await waitForAgent(guestIp, port);

package/dist/_chunks/errors.mjs

@@ -122,10 +122,16 @@ const chrootNotFoundError = (vmId) => new VmError("ERR_VM_CHROOT_NOT_FOUND", {
 	fix: "The VM must be recreated with 'vmsan create'."
 });
 const networkSlotsExhaustedError = () => new VmError("ERR_VM_NETWORK_SLOTS_EXHAUSTED", { message: "No available network slots (max 255 VMs)" });
-const vmNotRunningError = (vmId) => new VmError("ERR_VM_NOT_RUNNING", {
+const vmNotRunningError = (vmId, currentStatus) => new VmError("ERR_VM_NOT_RUNNING", {
 	vmId,
-	message: `VM ${vmId} is not running`,
-	fix: "The VM must be running to update its network policy. Start it with 'vmsan start <vm-id>'."
+	message: currentStatus ? `VM ${vmId} is not running (current status: ${currentStatus})` : `VM ${vmId} is not running`,
+	fix: "The VM must be running. Start it with 'vmsan start <vm-id>'."
+});
+const vmNoAgentTokenError = (vmId) => new VmError("ERR_VM_NO_AGENT_TOKEN", {
+	vmId,
+	message: `VM ${vmId} has no agent token`,
+	why: "The vmsan-agent binary was not found at ~/.vmsan/bin/vmsan-agent when this VM was created.",
+	fix: "Install the agent binary into ~/.vmsan/bin/vmsan-agent and recreate the VM with 'vmsan create'."
 });
 const snapshotNotFoundError = (snapshotId) => new VmError("ERR_VM_SNAPSHOT_NOT_FOUND", { message: `Snapshot not found: ${snapshotId}` });
 var FirecrackerApiError = class extends VmsanError {
@@ -229,4 +235,4 @@ function handleCommandError(error, cmdLog) {
 		if (error.link) consola.log(`  More: ${error.link}`);
 	} else consola.error(error instanceof Error ? error.message : String(error));
 }
-export { invalidDomainError as A, policyConflictError as B, vmStateNotFoundError as C, invalidCidrPrefixError as D, invalidCidrOctetError as E, invalidIntegerFlagError as F, VmsanError as H, invalidNetworkPolicyError as I, invalidPortError as L, invalidDurationError as M, invalidImageRefEmptyError as N, invalidDiskSizeFormatError as O, invalidImageRefTagError as P, invalidRuntimeError as R, vmNotStoppedError as S, invalidCidrFormatError as T, portConflictError as V, chrootNotFoundError as _, noKernelDirError as a, vmNotFoundError as b, TimeoutError as c, socketTimeoutError as d, NetworkError as f, VmError as g, firecrackerApiError as h, noExt4RootfsError as i, invalidDomainPatternError as j, invalidDiskSizeRangeError as k, agentTimeoutError as l, FirecrackerApiError as m, SetupError as n, noKernelError as o, defaultInterfaceNotFoundError as p, missingBinaryError as r, noRootfsDirError as s, handleCommandError as t, lockTimeoutError as u, networkSlotsExhaustedError as v, ValidationError as w, vmNotRunningError as x, snapshotNotFoundError as y, mutuallyExclusiveFlagsError as z };
+export { invalidDiskSizeRangeError as A, mutuallyExclusiveFlagsError as B, vmNotStoppedError as C, invalidCidrOctetError as D, invalidCidrFormatError as E, invalidImageRefTagError as F, portConflictError as H, invalidIntegerFlagError as I, invalidNetworkPolicyError as L, invalidDomainPatternError as M, invalidDurationError as N, invalidCidrPrefixError as O, invalidImageRefEmptyError as P, invalidPortError as R, vmNotRunningError as S, ValidationError as T, VmsanError as U, policyConflictError as V, chrootNotFoundError as _, noKernelDirError as a, vmNoAgentTokenError as b, TimeoutError as c, socketTimeoutError as d, NetworkError as f, VmError as g, firecrackerApiError as h, noExt4RootfsError as i, invalidDomainError as j, invalidDiskSizeFormatError as k, agentTimeoutError as l, FirecrackerApiError as m, SetupError as n, noKernelError as o, defaultInterfaceNotFoundError as p, missingBinaryError as r, noRootfsDirError as s, handleCommandError as t, lockTimeoutError as u, networkSlotsExhaustedError as v, vmStateNotFoundError as w, vmNotFoundError as x, snapshotNotFoundError as y, invalidRuntimeError as z };

package/dist/_chunks/network.mjs

@@ -1,5 +1,5 @@
 import "./paths.mjs";
-import { B as policyConflictError, t as handleCommandError } from "./errors.mjs";
+import { V as policyConflictError, t as handleCommandError } from "./errors.mjs";
 import { r as getOutputMode, t as createCommandLogger } from "./logger.mjs";
 import "./vm-state.mjs";
 import { t as createVmsan } from "./context.mjs";

package/dist/_chunks/summary.mjs

@@ -1,6 +1,6 @@
-import { B as policyConflictError } from "./errors.mjs";
+import { V as policyConflictError } from "./errors.mjs";
 import { s as parseDuration } from "./vm-state.mjs";
-import { d as assertSnapshotExists } from "./context.mjs";
+import { f as assertSnapshotExists } from "./context.mjs";
 import { c as parsePublishedPorts, d as validateCidr, f as validatePublishedPortsAvailable, i as parseDomains, l as parseRuntime, n as parseCidrList, o as parseMemoryMib, r as parseDiskSizeGb, s as parseNetworkPolicy, u as parseVcpuCount } from "./validation.mjs";
 function parseCreateInput(args, paths) {
 	const vcpus = parseVcpuCount(args.vcpus);

package/dist/_chunks/upload.mjs

@@ -1,9 +1,9 @@
 import { n as vmsanPaths } from "./paths.mjs";
-import { b as vmNotFoundError, t as handleCommandError } from "./errors.mjs";
+import { t as handleCommandError } from "./errors.mjs";
 import { t as createCommandLogger } from "./logger.mjs";
-import { t as FileVmStateStore } from "./vm-state.mjs";
+import "./vm-state.mjs";
 import { t as AgentClient } from "./agent.mjs";
-import { t as waitForAgent } from "./connect.mjs";
+import { n as waitForAgent, t as resolveVmState } from "./vm-context.mjs";
 import { basename } from "node:path";
 import { readFileSync } from "node:fs";
 import { consola } from "consola";
@@ -30,23 +30,8 @@ const uploadCommand = defineCommand({
 		const cmdLog = createCommandLogger("upload");
 		const paths = vmsanPaths();
 		try {
-			const state = new FileVmStateStore(paths.vmsDir).load(args.vmId);
-			if (!state) throw vmNotFoundError(args.vmId);
-			if (state.status !== "running") {
-				consola.error(`VM ${args.vmId} is not running (status: ${state.status})`);
-				cmdLog.emit();
-				process.exitCode = 1;
-				return;
-			}
-			if (!state.agentToken) {
-				consola.error("VM has no agent token. Cannot upload files without the agent.");
-				cmdLog.emit();
-				process.exitCode = 1;
-				return;
-			}
+			const { state, guestIp, port } = resolveVmState(args.vmId, paths);
 			const log = consola.withTag(args.vmId);
-			const guestIp = state.network.guestIp;
-			const port = state.agentPort || paths.agentPort;
 			consola.debug(`Agent endpoint: ${guestIp}:${port}`);
 			log.start("Waiting for agent...");
 			await waitForAgent(guestIp, port);

package/dist/_chunks/validation.mjs

@@ -1,4 +1,4 @@
-import { A as invalidDomainError, D as invalidCidrPrefixError, E as invalidCidrOctetError, F as invalidIntegerFlagError, I as invalidNetworkPolicyError, L as invalidPortError, N as invalidImageRefEmptyError, O as invalidDiskSizeFormatError, P as invalidImageRefTagError, R as invalidRuntimeError, T as invalidCidrFormatError, V as portConflictError, j as invalidDomainPatternError, k as invalidDiskSizeRangeError } from "./errors.mjs";
+import { A as invalidDiskSizeRangeError, D as invalidCidrOctetError, E as invalidCidrFormatError, F as invalidImageRefTagError, H as portConflictError, I as invalidIntegerFlagError, L as invalidNetworkPolicyError, M as invalidDomainPatternError, O as invalidCidrPrefixError, P as invalidImageRefEmptyError, R as invalidPortError, j as invalidDomainError, k as invalidDiskSizeFormatError, z as invalidRuntimeError } from "./errors.mjs";
 import { t as FileVmStateStore } from "./vm-state.mjs";
 const VALID_RUNTIMES = [
 	"base",

package/dist/_chunks/vm-context.mjs

@@ -0,0 +1,34 @@
+import { S as vmNotRunningError, b as vmNoAgentTokenError, l as agentTimeoutError, x as vmNotFoundError } from "./errors.mjs";
+import { t as FileVmStateStore } from "./vm-state.mjs";
+/**
+* Load VM state and validate it's running with an agent token.
+* Throws VmError on failure (handled by handleCommandError in the caller).
+*/
+function resolveVmState(vmId, paths) {
+	const store = new FileVmStateStore(paths.vmsDir);
+	const state = store.load(vmId);
+	if (!state) throw vmNotFoundError(vmId);
+	if (state.status !== "running") throw vmNotRunningError(vmId, state.status);
+	if (!state.agentToken) throw vmNoAgentTokenError(vmId);
+	return {
+		state,
+		guestIp: state.network.guestIp,
+		port: state.agentPort || paths.agentPort,
+		store
+	};
+}
+/**
+* Poll the agent health endpoint until it responds OK.
+*/
+async function waitForAgent(guestIp, port, timeoutMs = 6e4) {
+	const start = Date.now();
+	const url = `http://${guestIp}:${port}/health`;
+	while (Date.now() - start < timeoutMs) {
+		try {
+			if ((await fetch(url, { signal: AbortSignal.timeout(2e3) })).ok) return;
+		} catch {}
+		await new Promise((r) => setTimeout(r, 500));
+	}
+	throw agentTimeoutError(guestIp, timeoutMs);
+}
+export { waitForAgent as n, resolveVmState as t };

package/dist/_chunks/vm-state.mjs

@@ -1,9 +1,32 @@
-import { C as vmStateNotFoundError, M as invalidDurationError, v as networkSlotsExhaustedError } from "./errors.mjs";
+import { N as invalidDurationError, v as networkSlotsExhaustedError, w as vmStateNotFoundError } from "./errors.mjs";
 import { join } from "node:path";
 import { execSync } from "node:child_process";
-import { chmodSync, existsSync, mkdirSync, readFileSync, readdirSync, unlinkSync, writeFileSync } from "node:fs";
+import { chmodSync, chownSync, existsSync, mkdirSync, readFileSync, readdirSync, unlinkSync, writeFileSync } from "node:fs";
 import { randomBytes } from "node:crypto";
 import { stripAnsi } from "consola/utils";
+/**
+* Resolve the UID/GID of the real (non-root) user when running under sudo.
+* Returns null when not running under sudo or when env vars are missing.
+*/
+function getSudoOwner() {
+	const uid = process.env.SUDO_UID;
+	const gid = process.env.SUDO_GID;
+	if (!uid || !gid) return null;
+	const numUid = Number(uid);
+	const numGid = Number(gid);
+	if (!Number.isInteger(numUid) || !Number.isInteger(numGid)) return null;
+	return {
+		uid: numUid,
+		gid: numGid
+	};
+}
+function chownToSudoUser(path) {
+	const owner = getSudoOwner();
+	if (!owner) return;
+	try {
+		chownSync(path, owner.uid, owner.gid);
+	} catch {}
+}
 function toError(err) {
 	return err instanceof Error ? err : new Error(String(err));
 }
@@ -83,6 +106,7 @@ function mkdirSecure(path) {
 	} catch (error) {
 		if (error.code !== "ENOENT") throw error;
 	}
+	chownToSudoUser(path);
 }
 function writeSecure(path, contents) {
 	writeFileSync(path, contents, { mode: 384 });
@@ -91,6 +115,7 @@ function writeSecure(path, contents) {
 	} catch (error) {
 		if (error.code !== "ENOENT") throw error;
 	}
+	chownToSudoUser(path);
 }
 const TIME_UNITS = [
 	[

package/dist/bin/cli.mjs

@@ -56,7 +56,7 @@ runMain(defineCommand({
 		stop: () => import("../_chunks/stop.mjs").then((m) => m.default),
 		remove: () => import("../_chunks/remove.mjs").then((m) => m.default),
 		rm: () => import("../_chunks/remove.mjs").then((m) => m.default),
-		connect: () => import("../_chunks/connect2.mjs").then((m) => m.default),
+		connect: () => import("../_chunks/connect.mjs").then((m) => m.default),
 		upload: () => import("../_chunks/upload.mjs").then((m) => m.default),
 		download: () => import("../_chunks/download.mjs").then((m) => m.default),
 		network: () => import("../_chunks/network.mjs").then((m) => m.default)

package/dist/index.d.mts

@@ -1,4 +1,5 @@
 import { Hookable } from "hookable";
+import { ChildProcess } from "node:child_process";
 import { ErrorOptions, EvlogError, RequestLogger } from "evlog";
 import { ConsolaInstance } from "consola";
 
@@ -213,7 +214,7 @@ declare function parseDiskSizeGb(value: string | undefined): number;
 //#endregion
 //#region src/errors/codes.d.ts
 type ValidationErrorCode = "ERR_VALIDATION_INTEGER" | "ERR_VALIDATION_RUNTIME" | "ERR_VALIDATION_NETWORK_POLICY" | "ERR_VALIDATION_PORT" | "ERR_VALIDATION_PORT_CONFLICT" | "ERR_VALIDATION_DOMAIN" | "ERR_VALIDATION_CIDR" | "ERR_VALIDATION_IMAGE_REF" | "ERR_VALIDATION_DISK_SIZE" | "ERR_VALIDATION_DURATION" | "ERR_VALIDATION_FLAGS" | "ERR_VALIDATION_POLICY_CONFLICT";
-type VmErrorCode = "ERR_VM_NOT_FOUND" | "ERR_VM_STATE_NOT_FOUND" | "ERR_VM_NOT_STOPPED" | "ERR_VM_NOT_RUNNING" | "ERR_VM_CHROOT_NOT_FOUND" | "ERR_VM_NETWORK_SLOTS_EXHAUSTED" | "ERR_VM_SNAPSHOT_NOT_FOUND";
+type VmErrorCode = "ERR_VM_NOT_FOUND" | "ERR_VM_STATE_NOT_FOUND" | "ERR_VM_NOT_STOPPED" | "ERR_VM_NOT_RUNNING" | "ERR_VM_NO_AGENT_TOKEN" | "ERR_VM_CHROOT_NOT_FOUND" | "ERR_VM_NETWORK_SLOTS_EXHAUSTED" | "ERR_VM_SNAPSHOT_NOT_FOUND";
 type FirecrackerErrorCode = "ERR_FIRECRACKER_API";
 type NetworkErrorCode = "ERR_NETWORK_DEFAULT_INTERFACE";
 type TimeoutErrorCode = "ERR_TIMEOUT_SOCKET" | "ERR_TIMEOUT_LOCK" | "ERR_TIMEOUT_AGENT";
@@ -266,7 +267,8 @@ declare const vmStateNotFoundError: (vmId: string) => VmError;
 declare const vmNotStoppedError: (vmId: string, currentStatus: string) => VmError;
 declare const chrootNotFoundError: (vmId: string) => VmError;
 declare const networkSlotsExhaustedError: () => VmError;
-declare const vmNotRunningError: (vmId: string) => VmError;
+declare const vmNotRunningError: (vmId: string, currentStatus?: string) => VmError;
+declare const vmNoAgentTokenError: (vmId: string) => VmError;
 declare const snapshotNotFoundError: (snapshotId: string) => VmError;
 //#endregion
 //#region src/errors/firecracker.d.ts
@@ -2822,6 +2824,61 @@ declare class AgentClient {
   readFile(path: string): Promise<Buffer | null>;
 }
 //#endregion
+//#region src/lib/timeout-extender.d.ts
+interface TimeoutExtenderOptions {
+  vmId: string;
+  store: VmStateStore;
+  paths: VmsanPaths;
+  intervalMs?: number;
+  signal?: AbortSignal;
+}
+declare class TimeoutExtender {
+  private _timer;
+  private _previousKillerPid;
+  private readonly _vmId;
+  private readonly _store;
+  private readonly _paths;
+  private readonly _intervalMs;
+  private readonly _signal?;
+  constructor(opts: TimeoutExtenderOptions);
+  start(): void;
+  stop(): void;
+  private _extend;
+}
+//#endregion
+//#region src/lib/timeout-killer.d.ts
+interface SpawnTimeoutKillerOpts {
+  vmId: string;
+  pid: number;
+  timeoutMs: number;
+  stateFile: string;
+}
+/**
+* Spawn a detached bash process that kills the VM after timeout.
+* The process sleeps for the timeout duration, then verifies the VM
+* is still running with the expected PID before sending SIGTERM.
+*/
+declare function spawnTimeoutKiller(opts: SpawnTimeoutKillerOpts): ChildProcess;
+//#endregion
+//#region src/lib/vm-context.d.ts
+interface RunningVmContext {
+  state: VmState & {
+    agentToken: string;
+  };
+  guestIp: string;
+  port: number;
+  store: FileVmStateStore;
+}
+/**
+* Load VM state and validate it's running with an agent token.
+* Throws VmError on failure (handled by handleCommandError in the caller).
+*/
+declare function resolveVmState(vmId: string, paths: VmsanPaths): RunningVmContext;
+/**
+* Poll the agent health endpoint until it responds OK.
+*/
+declare function waitForAgent(guestIp: string, port: number, timeoutMs?: number): Promise<void>;
+//#endregion
 //#region src/stores/memory.d.ts
 declare class MemoryVmStateStore implements VmStateStore {
   private states;
@@ -3006,9 +3063,6 @@ declare function waitForSocket(socketPath: string, timeoutMs?: number): Promise<
 declare function getVmPid(vmId: string): number | null;
 declare function getVmJailerPid(vmId: string): number | null;
 //#endregion
-//#region src/commands/create/connect.d.ts
-declare function waitForAgent(guestIp: string, port: number, timeoutMs?: number): Promise<void>;
-//#endregion
 //#region src/commands/create/cleanup.d.ts
 declare function killOrphanVmProcess(vmId: string): void;
 declare function markVmAsError(vmId: string, error: unknown, paths: VmsanPaths): void;
@@ -3038,4 +3092,4 @@ declare function resolveImageRootfs(imageRef: ImageReference, registryDir: strin
 //#region src/index.d.ts
 declare function getFirecrackerVersion(dir?: string): Promise<string | undefined>;
 //#endregion
-export { AgentClient, type CgroupConfig, type CommandLogger, type CreateCommandRuntimeArgs, type CreateLifecycleState, type CreateSummaryInput, type CreateVmOptions, type CreateVmResult, FileLock, FileVmStateStore, FirecrackerApiError, FirecrackerClient, type components as FirecrackerComponents, type FirecrackerErrorCode, type paths as FirecrackerPaths, type ImageReference, type InitialVmStateInput, Jailer, type JailerPaths, MemoryVmStateStore, type NetworkConfig, NetworkError, type NetworkErrorCode, NetworkManager, type NetworkPolicy, type OutputMode, type ParsedCreateInput, PidFile, type PrepareChrootConfig, type RunEvent, type RunParams, type Runtime, type SessionInfo, SetupError, type SetupErrorCode, ShellSession, type ShellSessionOptions, type SpawnJailerConfig, type StartVmResult, type StopResult, TimeoutError, type TimeoutErrorCode, type UpdatePolicyResult, type VALID_NETWORK_POLICIES, type VALID_RUNTIMES, VMService, ValidationError, type ValidationErrorCode, VmError, type VmErrorCode, type VmNetwork, type VmPhase, type VmState, type VmStateStore, type VmsanContext, VmsanError, type VmsanErrorCode, type VmsanHooks, type VmsanLogger, type VmsanOptions, type VmsanPaths, type VmsanPlugin, type WriteFileEntry, agentTimeoutError, buildCreateSummaryLines, buildInitialVmState, chrootNotFoundError, cleanupChroot, cleanupNetwork, compileSeccompFilter, connectShell, createCommandLogger, createDefaultLogger, createScopedLogger, createSilentLogger, createVmsan, defaultInterfaceNotFoundError, definePlugin, detectCgroupVersion, ensureSeccompFilter, findFreeNetworkSlot, findKernel, findRootfs, firecrackerApiError, firecrackerFetch, generateVmId, getActiveTapSlots, getFirecrackerVersion, getOutputMode, getVmJailerPid, getVmPid, handleCommandError, initVmsanLogger, invalidCidrFormatError, invalidCidrOctetError, invalidCidrPrefixError, invalidDiskSizeFormatError, invalidDiskSizeRangeError, invalidDomainError, invalidDomainPatternError, invalidDurationError, invalidImageRefEmptyError, invalidImageRefTagError, invalidIntegerFlagError, invalidNetworkPolicyError, invalidPortError, invalidRuntimeError, isProcessAlive, killOrphanVmProcess, lockTimeoutError, markVmAsError, missingBinaryError, mkdirSecure, mutuallyExclusiveFlagsError, networkSlotsExhaustedError, noExt4RootfsError, noKernelDirError, noKernelError, noRootfsDirError, parseBandwidth, parseCidrList, parseCreateInput, parseDiskSizeGb, parseDomains, parseDuration, parseImageReference, parseMemoryMib, parseNetworkPolicy, parsePublishedPorts, parseRuntime, parseVcpuCount, policyConflictError, portConflictError, resolveImageRootfs, safeKill, snapshotNotFoundError, socketTimeoutError, table, timeAgo, timeRemaining, toError, validateCidr, validateEnvironment, validatePublishedPortsAvailable, vmNotFoundError, vmNotRunningError, vmNotStoppedError, vmStateNotFoundError, vmsanPaths, waitForAgent, waitForSocket, writeSecure };
+export { AgentClient, type CgroupConfig, type CommandLogger, type CreateCommandRuntimeArgs, type CreateLifecycleState, type CreateSummaryInput, type CreateVmOptions, type CreateVmResult, FileLock, FileVmStateStore, FirecrackerApiError, FirecrackerClient, type components as FirecrackerComponents, type FirecrackerErrorCode, type paths as FirecrackerPaths, type ImageReference, type InitialVmStateInput, Jailer, type JailerPaths, MemoryVmStateStore, type NetworkConfig, NetworkError, type NetworkErrorCode, NetworkManager, type NetworkPolicy, type OutputMode, type ParsedCreateInput, PidFile, type PrepareChrootConfig, type RunEvent, type RunParams, type RunningVmContext, type Runtime, type SessionInfo, SetupError, type SetupErrorCode, ShellSession, type ShellSessionOptions, type SpawnJailerConfig, type SpawnTimeoutKillerOpts, type StartVmResult, type StopResult, TimeoutError, type TimeoutErrorCode, TimeoutExtender, type TimeoutExtenderOptions, type UpdatePolicyResult, type VALID_NETWORK_POLICIES, type VALID_RUNTIMES, VMService, ValidationError, type ValidationErrorCode, VmError, type VmErrorCode, type VmNetwork, type VmPhase, type VmState, type VmStateStore, type VmsanContext, VmsanError, type VmsanErrorCode, type VmsanHooks, type VmsanLogger, type VmsanOptions, type VmsanPaths, type VmsanPlugin, type WriteFileEntry, agentTimeoutError, buildCreateSummaryLines, buildInitialVmState, chrootNotFoundError, cleanupChroot, cleanupNetwork, compileSeccompFilter, connectShell, createCommandLogger, createDefaultLogger, createScopedLogger, createSilentLogger, createVmsan, defaultInterfaceNotFoundError, definePlugin, detectCgroupVersion, ensureSeccompFilter, findFreeNetworkSlot, findKernel, findRootfs, firecrackerApiError, firecrackerFetch, generateVmId, getActiveTapSlots, getFirecrackerVersion, getOutputMode, getVmJailerPid, getVmPid, handleCommandError, initVmsanLogger, invalidCidrFormatError, invalidCidrOctetError, invalidCidrPrefixError, invalidDiskSizeFormatError, invalidDiskSizeRangeError, invalidDomainError, invalidDomainPatternError, invalidDurationError, invalidImageRefEmptyError, invalidImageRefTagError, invalidIntegerFlagError, invalidNetworkPolicyError, invalidPortError, invalidRuntimeError, isProcessAlive, killOrphanVmProcess, lockTimeoutError, markVmAsError, missingBinaryError, mkdirSecure, mutuallyExclusiveFlagsError, networkSlotsExhaustedError, noExt4RootfsError, noKernelDirError, noKernelError, noRootfsDirError, parseBandwidth, parseCidrList, parseCreateInput, parseDiskSizeGb, parseDomains, parseDuration, parseImageReference, parseMemoryMib, parseNetworkPolicy, parsePublishedPorts, parseRuntime, parseVcpuCount, policyConflictError, portConflictError, resolveImageRootfs, resolveVmState, safeKill, snapshotNotFoundError, socketTimeoutError, spawnTimeoutKiller, table, timeAgo, timeRemaining, toError, validateCidr, validateEnvironment, validatePublishedPortsAvailable, vmNoAgentTokenError, vmNotFoundError, vmNotRunningError, vmNotStoppedError, vmStateNotFoundError, vmsanPaths, waitForAgent, waitForSocket, writeSecure };

package/dist/index.mjs

@@ -1,18 +1,74 @@
 import { n as vmsanPaths } from "./_chunks/paths.mjs";
-import { A as invalidDomainError, B as policyConflictError, C as vmStateNotFoundError, D as invalidCidrPrefixError, E as invalidCidrOctetError, F as invalidIntegerFlagError, H as VmsanError, I as invalidNetworkPolicyError, L as invalidPortError, M as invalidDurationError, N as invalidImageRefEmptyError, O as invalidDiskSizeFormatError, P as invalidImageRefTagError, R as invalidRuntimeError, S as vmNotStoppedError, T as invalidCidrFormatError, V as portConflictError, _ as chrootNotFoundError, a as noKernelDirError, b as vmNotFoundError, c as TimeoutError, d as socketTimeoutError, f as NetworkError, g as VmError, h as firecrackerApiError, i as noExt4RootfsError, j as invalidDomainPatternError, k as invalidDiskSizeRangeError, l as agentTimeoutError, m as FirecrackerApiError, n as SetupError, o as noKernelError, p as defaultInterfaceNotFoundError, r as missingBinaryError, s as noRootfsDirError, t as handleCommandError, u as lockTimeoutError, v as networkSlotsExhaustedError, w as ValidationError, x as vmNotRunningError, y as snapshotNotFoundError, z as mutuallyExclusiveFlagsError } from "./_chunks/errors.mjs";
+import { A as invalidDiskSizeRangeError, B as mutuallyExclusiveFlagsError, C as vmNotStoppedError, D as invalidCidrOctetError, E as invalidCidrFormatError, F as invalidImageRefTagError, H as portConflictError, I as invalidIntegerFlagError, L as invalidNetworkPolicyError, M as invalidDomainPatternError, N as invalidDurationError, O as invalidCidrPrefixError, P as invalidImageRefEmptyError, R as invalidPortError, S as vmNotRunningError, T as ValidationError, U as VmsanError, V as policyConflictError, _ as chrootNotFoundError, a as noKernelDirError, b as vmNoAgentTokenError, c as TimeoutError, d as socketTimeoutError, f as NetworkError, g as VmError, h as firecrackerApiError, i as noExt4RootfsError, j as invalidDomainError, k as invalidDiskSizeFormatError, l as agentTimeoutError, m as FirecrackerApiError, n as SetupError, o as noKernelError, p as defaultInterfaceNotFoundError, r as missingBinaryError, s as noRootfsDirError, t as handleCommandError, u as lockTimeoutError, v as networkSlotsExhaustedError, w as vmStateNotFoundError, x as vmNotFoundError, y as snapshotNotFoundError, z as invalidRuntimeError } from "./_chunks/errors.mjs";
 import { i as initVmsanLogger, n as createScopedLogger, r as getOutputMode, t as createCommandLogger } from "./_chunks/logger.mjs";
 import { a as isProcessAlive, c as safeKill, d as timeRemaining, f as toError, i as generateVmId, l as table, n as findFreeNetworkSlot, o as mkdirSecure, p as writeSecure, r as getActiveTapSlots, s as parseDuration, t as FileVmStateStore, u as timeAgo } from "./_chunks/vm-state.mjs";
-import { C as createSilentLogger, S as createDefaultLogger, _ as waitForSocket, a as resolveImageRootfs, b as FileLock, c as cleanupNetwork, f as findKernel, g as validateEnvironment, h as getVmPid, i as ensureSeccompFilter, l as killOrphanVmProcess, m as getVmJailerPid, n as VMService, o as buildInitialVmState, p as findRootfs, r as compileSeccompFilter, s as cleanupChroot, t as createVmsan, u as markVmAsError, v as Jailer, x as NetworkManager, y as detectCgroupVersion } from "./_chunks/context.mjs";
+import { C as createDefaultLogger, S as NetworkManager, _ as validateEnvironment, a as ensureSeccompFilter, b as detectCgroupVersion, c as cleanupChroot, d as markVmAsError, g as getVmPid, h as getVmJailerPid, i as compileSeccompFilter, l as cleanupNetwork, m as findRootfs, n as VMService, o as resolveImageRootfs, p as findKernel, r as spawnTimeoutKiller, s as buildInitialVmState, t as createVmsan, u as killOrphanVmProcess, v as waitForSocket, w as createSilentLogger, x as FileLock, y as Jailer } from "./_chunks/context.mjs";
 import { n as firecrackerFetch, t as FirecrackerClient } from "./_chunks/firecracker.mjs";
 import { t as AgentClient } from "./_chunks/agent.mjs";
+import { n as waitForAgent, t as resolveVmState } from "./_chunks/vm-context.mjs";
 import { n as connectShell, t as ShellSession } from "./_chunks/shell.mjs";
 import { a as parseImageReference, c as parsePublishedPorts, d as validateCidr, f as validatePublishedPortsAvailable, i as parseDomains, l as parseRuntime, n as parseCidrList, o as parseMemoryMib, r as parseDiskSizeGb, s as parseNetworkPolicy, t as parseBandwidth, u as parseVcpuCount } from "./_chunks/validation.mjs";
 import { n as parseCreateInput, t as buildCreateSummaryLines } from "./_chunks/summary.mjs";
-import { t as waitForAgent } from "./_chunks/connect.mjs";
+import { join } from "node:path";
 import { existsSync, readFileSync, rmSync, writeFileSync } from "node:fs";
 function definePlugin(plugin) {
 	return plugin;
 }
+const DEFAULT_INTERVAL_MS = 300 * 1e3;
+var TimeoutExtender = class {
+	_timer = null;
+	_previousKillerPid = null;
+	_vmId;
+	_store;
+	_paths;
+	_intervalMs;
+	_signal;
+	constructor(opts) {
+		this._vmId = opts.vmId;
+		this._store = opts.store;
+		this._paths = opts.paths;
+		this._intervalMs = opts.intervalMs ?? DEFAULT_INTERVAL_MS;
+		this._signal = opts.signal;
+	}
+	start() {
+		if (this._timer) return;
+		if (this._signal) {
+			this._signal.addEventListener("abort", () => this.stop(), { once: true });
+			if (this._signal.aborted) {
+				this.stop();
+				return;
+			}
+		}
+		this._extend();
+		this._timer = setInterval(() => this._extend(), this._intervalMs);
+	}
+	stop() {
+		if (this._timer) {
+			clearInterval(this._timer);
+			this._timer = null;
+		}
+		if (this._previousKillerPid !== null) {
+			safeKill(this._previousKillerPid);
+			this._previousKillerPid = null;
+		}
+	}
+	_extend() {
+		const state = this._store.load(this._vmId);
+		if (!state || state.status !== "running" || !state.timeoutMs) return;
+		const timeoutAt = new Date(Date.now() + state.timeoutMs).toISOString();
+		this._store.update(this._vmId, { timeoutAt });
+		if (this._previousKillerPid !== null) {
+			safeKill(this._previousKillerPid);
+			this._previousKillerPid = null;
+		}
+		if (state.pid) this._previousKillerPid = spawnTimeoutKiller({
+			vmId: this._vmId,
+			pid: state.pid,
+			timeoutMs: state.timeoutMs,
+			stateFile: join(this._paths.vmsDir, `${this._vmId}.json`)
+		}).pid ?? null;
+	}
+};
 var MemoryVmStateStore = class {
 	states = /* @__PURE__ */ new Map();
 	save(state) {
@@ -64,4 +120,4 @@ async function getFirecrackerVersion(dir) {
 	const { FirecrackerClient: FC } = await import("./_chunks/firecracker.mjs").then((n) => n.r);
 	return FC.getVersion(dir || paths().baseDir);
 }
-export { AgentClient, FileLock, FileVmStateStore, FirecrackerApiError, FirecrackerClient, Jailer, MemoryVmStateStore, NetworkError, NetworkManager, PidFile, SetupError, ShellSession, TimeoutError, VMService, ValidationError, VmError, VmsanError, agentTimeoutError, buildCreateSummaryLines, buildInitialVmState, chrootNotFoundError, cleanupChroot, cleanupNetwork, compileSeccompFilter, connectShell, createCommandLogger, createDefaultLogger, createScopedLogger, createSilentLogger, createVmsan, defaultInterfaceNotFoundError, definePlugin, detectCgroupVersion, ensureSeccompFilter, findFreeNetworkSlot, findKernel, findRootfs, firecrackerApiError, firecrackerFetch, generateVmId, getActiveTapSlots, getFirecrackerVersion, getOutputMode, getVmJailerPid, getVmPid, handleCommandError, initVmsanLogger, invalidCidrFormatError, invalidCidrOctetError, invalidCidrPrefixError, invalidDiskSizeFormatError, invalidDiskSizeRangeError, invalidDomainError, invalidDomainPatternError, invalidDurationError, invalidImageRefEmptyError, invalidImageRefTagError, invalidIntegerFlagError, invalidNetworkPolicyError, invalidPortError, invalidRuntimeError, isProcessAlive, killOrphanVmProcess, lockTimeoutError, markVmAsError, missingBinaryError, mkdirSecure, mutuallyExclusiveFlagsError, networkSlotsExhaustedError, noExt4RootfsError, noKernelDirError, noKernelError, noRootfsDirError, parseBandwidth, parseCidrList, parseCreateInput, parseDiskSizeGb, parseDomains, parseDuration, parseImageReference, parseMemoryMib, parseNetworkPolicy, parsePublishedPorts, parseRuntime, parseVcpuCount, policyConflictError, portConflictError, resolveImageRootfs, safeKill, snapshotNotFoundError, socketTimeoutError, table, timeAgo, timeRemaining, toError, validateCidr, validateEnvironment, validatePublishedPortsAvailable, vmNotFoundError, vmNotRunningError, vmNotStoppedError, vmStateNotFoundError, vmsanPaths, waitForAgent, waitForSocket, writeSecure };
+export { AgentClient, FileLock, FileVmStateStore, FirecrackerApiError, FirecrackerClient, Jailer, MemoryVmStateStore, NetworkError, NetworkManager, PidFile, SetupError, ShellSession, TimeoutError, TimeoutExtender, VMService, ValidationError, VmError, VmsanError, agentTimeoutError, buildCreateSummaryLines, buildInitialVmState, chrootNotFoundError, cleanupChroot, cleanupNetwork, compileSeccompFilter, connectShell, createCommandLogger, createDefaultLogger, createScopedLogger, createSilentLogger, createVmsan, defaultInterfaceNotFoundError, definePlugin, detectCgroupVersion, ensureSeccompFilter, findFreeNetworkSlot, findKernel, findRootfs, firecrackerApiError, firecrackerFetch, generateVmId, getActiveTapSlots, getFirecrackerVersion, getOutputMode, getVmJailerPid, getVmPid, handleCommandError, initVmsanLogger, invalidCidrFormatError, invalidCidrOctetError, invalidCidrPrefixError, invalidDiskSizeFormatError, invalidDiskSizeRangeError, invalidDomainError, invalidDomainPatternError, invalidDurationError, invalidImageRefEmptyError, invalidImageRefTagError, invalidIntegerFlagError, invalidNetworkPolicyError, invalidPortError, invalidRuntimeError, isProcessAlive, killOrphanVmProcess, lockTimeoutError, markVmAsError, missingBinaryError, mkdirSecure, mutuallyExclusiveFlagsError, networkSlotsExhaustedError, noExt4RootfsError, noKernelDirError, noKernelError, noRootfsDirError, parseBandwidth, parseCidrList, parseCreateInput, parseDiskSizeGb, parseDomains, parseDuration, parseImageReference, parseMemoryMib, parseNetworkPolicy, parsePublishedPorts, parseRuntime, parseVcpuCount, policyConflictError, portConflictError, resolveImageRootfs, resolveVmState, safeKill, snapshotNotFoundError, socketTimeoutError, spawnTimeoutKiller, table, timeAgo, timeRemaining, toError, validateCidr, validateEnvironment, validatePublishedPortsAvailable, vmNoAgentTokenError, vmNotFoundError, vmNotRunningError, vmNotStoppedError, vmStateNotFoundError, vmsanPaths, waitForAgent, waitForSocket, writeSecure };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vmsan",
-  "version": "0.1.0-alpha.14",
+  "version": "0.1.0-alpha.15",
   "description": "Firecracker microVM sandbox toolkit",
   "homepage": "https://github.com/angelorc/vmsan",
   "bugs": "https://github.com/angelorc/vmsan/issues",

package/dist/_chunks/connect2.mjs

@@ -1,72 +0,0 @@
-import { n as vmsanPaths } from "./paths.mjs";
-import { b as vmNotFoundError, t as handleCommandError } from "./errors.mjs";
-import { t as createCommandLogger } from "./logger.mjs";
-import { t as FileVmStateStore } from "./vm-state.mjs";
-import { t as ShellSession } from "./shell.mjs";
-import { t as waitForAgent } from "./connect.mjs";
-import { consola } from "consola";
-import { defineCommand } from "citty";
-const connectCommand = defineCommand({
-	meta: {
-		name: "connect",
-		description: "Connect to a running VM"
-	},
-	args: {
-		vmId: {
-			type: "positional",
-			description: "VM ID to connect to",
-			required: true
-		},
-		session: {
-			type: "string",
-			alias: "s",
-			description: "Attach to an existing shell session ID",
-			required: false
-		}
-	},
-	async run({ args }) {
-		const cmdLog = createCommandLogger("connect");
-		const paths = vmsanPaths();
-		try {
-			const state = new FileVmStateStore(paths.vmsDir).load(args.vmId);
-			if (!state) throw vmNotFoundError(args.vmId);
-			if (state.status !== "running") {
-				consola.error(`VM ${args.vmId} is not running (status: ${state.status})`);
-				cmdLog.emit();
-				process.exitCode = 1;
-				return;
-			}
-			const log = consola.withTag(args.vmId);
-			const guestIp = state.network.guestIp;
-			const port = state.agentPort || paths.agentPort;
-			consola.debug(`Agent endpoint: ${guestIp}:${port}`);
-			if (!state.agentToken) {
-				consola.error(`VM ${args.vmId} has no agent token. The agent is required for shell access.`);
-				cmdLog.emit();
-				process.exitCode = 1;
-				return;
-			}
-			log.start("Waiting for agent to become ready...");
-			await waitForAgent(guestIp, port);
-			log.success("Agent is ready. Connecting via PTY shell...");
-			const shell = new ShellSession({
-				host: guestIp,
-				port,
-				token: state.agentToken,
-				sessionId: args.session
-			});
-			const closeInfo = await shell.connect();
-			cmdLog.set({
-				vmId: args.vmId,
-				method: "pty"
-			});
-			cmdLog.emit();
-			if (!closeInfo.sessionDestroyed && shell.sessionId) process.stderr.write(`\nResume this session with:\n  vmsan connect ${args.vmId} --session ${shell.sessionId}\n`);
-			process.exit(0);
-		} catch (error) {
-			handleCommandError(error, cmdLog);
-			process.exit(1);
-		}
-	}
-});
-export { connectCommand as default };