vmsan 0.1.0-alpha.14 → 0.1.0-alpha.16

package/dist/_chunks/agent.mjs

@@ -1,6 +1,196 @@
 import { createGzip } from "node:zlib";
 import { Readable } from "node:stream";
 import { pack } from "tar-stream";
+/**
+* Lightweight async iterable queue for pushing events and yielding them to consumers.
+*/
+var AsyncQueue = class {
+	_buffer = [];
+	_waiting = [];
+	_closed = false;
+	push(item) {
+		if (this._closed) return;
+		if (this._waiting.length > 0) this._waiting.shift()({
+			value: item,
+			done: false
+		});
+		else this._buffer.push(item);
+	}
+	close() {
+		this._closed = true;
+		for (const resolve of this._waiting) resolve({
+			value: void 0,
+			done: true
+		});
+		this._waiting.length = 0;
+	}
+	async *[Symbol.asyncIterator]() {
+		while (true) if (this._buffer.length > 0) yield this._buffer.shift();
+		else if (this._closed) return;
+		else {
+			const item = await new Promise((resolve) => {
+				this._waiting.push(resolve);
+			});
+			if (item.done) return;
+			yield item.value;
+		}
+	}
+};
+var CommandFinished = class {
+	cmdId;
+	exitCode;
+	stdout;
+	stderr;
+	output;
+	timedOut;
+	startedAt;
+	constructor(opts) {
+		this.cmdId = opts.cmdId;
+		this.exitCode = opts.exitCode;
+		this.stdout = opts.stdout;
+		this.stderr = opts.stderr;
+		this.output = opts.output;
+		this.timedOut = opts.timedOut;
+		this.startedAt = opts.startedAt;
+	}
+	get ok() {
+		return this.exitCode === 0;
+	}
+};
+const MAX_LOG_ENTRIES = 1e5;
+var Command = class {
+	cmdId;
+	_startedAt;
+	_exitCode = null;
+	_timedOut = false;
+	_logEntries = [];
+	_logTruncated = false;
+	_eventQueue = new AsyncQueue();
+	_completion;
+	_stdoutPromise = null;
+	_stderrPromise = null;
+	_outputPromise = null;
+	_agent;
+	constructor(init) {
+		const { agent, cmdId, startedAt, stream, signal, onStdout, onStderr } = init;
+		this._agent = agent;
+		this.cmdId = cmdId;
+		this._startedAt = startedAt;
+		let resolveCompletion;
+		let rejectCompletion;
+		this._completion = new Promise((resolve, reject) => {
+			resolveCompletion = resolve;
+			rejectCompletion = reject;
+		});
+		let onAbort;
+		if (signal) {
+			onAbort = () => {
+				this.kill().catch(() => {});
+			};
+			if (signal.aborted) this.kill().catch(() => {});
+			else signal.addEventListener("abort", onAbort, { once: true });
+		}
+		(async () => {
+			try {
+				for await (const event of stream) {
+					this._eventQueue.push(event);
+					switch (event.type) {
+						case "stdout":
+						case "stderr":
+							if (event.data !== void 0) {
+								if (this._logEntries.length < MAX_LOG_ENTRIES) this._logEntries.push({
+									stream: event.type,
+									data: event.data
+								});
+								else this._logTruncated = true;
+								(event.type === "stdout" ? onStdout : onStderr)?.(event.data);
+							}
+							break;
+						case "exit":
+							this._exitCode = event.exitCode ?? 1;
+							break;
+						case "timeout":
+							this._timedOut = true;
+							this._exitCode = 124;
+							break;
+						case "error":
+							this._exitCode = 1;
+							break;
+					}
+				}
+				this._eventQueue.close();
+				resolveCompletion(new CommandFinished({
+					cmdId,
+					exitCode: this._exitCode ?? 1,
+					stdout: this._logEntries.filter((e) => e.stream === "stdout").map((e) => e.data).join("\n"),
+					stderr: this._logEntries.filter((e) => e.stream === "stderr").map((e) => e.data).join("\n"),
+					output: this._logEntries.map((e) => e.data).join("\n"),
+					timedOut: this._timedOut,
+					startedAt
+				}));
+				this._logEntries.length = 0;
+			} catch (err) {
+				this._eventQueue.close();
+				const error = err instanceof Error ? err : new Error(String(err));
+				rejectCompletion(error);
+			} finally {
+				if (signal && onAbort) signal.removeEventListener("abort", onAbort);
+			}
+		})();
+	}
+	get startedAt() {
+		return this._startedAt;
+	}
+	get exitCode() {
+		return this._exitCode;
+	}
+	async *logs(opts) {
+		const signal = opts?.signal;
+		if (signal?.aborted) return;
+		for await (const event of this._eventQueue) {
+			if (signal?.aborted) return;
+			if (event.type === "stdout" || event.type === "stderr") yield {
+				stream: event.type,
+				data: event.data ?? ""
+			};
+		}
+	}
+	stdout(opts) {
+		if (!this._stdoutPromise) this._stdoutPromise = this._completion.then((r) => r.stdout);
+		return this._withSignal(this._stdoutPromise, opts?.signal);
+	}
+	stderr(opts) {
+		if (!this._stderrPromise) this._stderrPromise = this._completion.then((r) => r.stderr);
+		return this._withSignal(this._stderrPromise, opts?.signal);
+	}
+	output(stream, opts) {
+		if (stream === "stdout") return this.stdout(opts);
+		if (stream === "stderr") return this.stderr(opts);
+		if (!this._outputPromise) this._outputPromise = this._completion.then((r) => r.output);
+		return this._withSignal(this._outputPromise, opts?.signal);
+	}
+	wait(opts) {
+		return this._withSignal(this._completion, opts?.signal);
+	}
+	async kill(signal, opts) {
+		await this._agent.killCommand(this.cmdId, signal, opts?.abortSignal);
+	}
+	_withSignal(promise, signal) {
+		if (!signal) return promise;
+		if (signal.aborted) return Promise.reject(new DOMException("The operation was aborted.", "AbortError"));
+		return new Promise((resolve, reject) => {
+			const onAbort = () => reject(new DOMException("The operation was aborted.", "AbortError"));
+			signal.addEventListener("abort", onAbort, { once: true });
+			promise.then((value) => {
+				signal.removeEventListener("abort", onAbort);
+				resolve(value);
+			}, (err) => {
+				signal.removeEventListener("abort", onAbort);
+				reject(err);
+			});
+		});
+	}
+};
 var AgentClient = class {
 	constructor(baseUrl, token) {
 		this.baseUrl = baseUrl;
@@ -11,14 +201,15 @@ var AgentClient = class {
 		if (!res.ok) throw new Error(`Agent health check failed: ${res.status}`);
 		return res.json();
 	}
-	async *run(params) {
+	async *run(params, signal) {
 		const res = await fetch(`${this.baseUrl}/exec`, {
 			method: "POST",
 			headers: {
 				"Content-Type": "application/json",
 				Authorization: `Bearer ${this.token}`
 			},
-			body: JSON.stringify(params)
+			body: JSON.stringify(params),
+			signal
 		});
 		if (!res.ok) {
 			const text = await res.text();
@@ -41,7 +232,7 @@ var AgentClient = class {
 		}
 		if (buffer.trim()) yield JSON.parse(buffer.trim());
 	}
-	async killCommand(cmdId, signal) {
+	async killCommand(cmdId, signal, abortSignal) {
 		const url = `${this.baseUrl}/exec/${cmdId}/kill`;
 		const res = await fetch(url, {
 			method: "POST",
@@ -49,7 +240,8 @@ var AgentClient = class {
 				"Content-Type": "application/json",
 				Authorization: `Bearer ${this.token}`
 			},
-			body: signal ? JSON.stringify({ signal }) : void 0
+			body: signal ? JSON.stringify({ signal }) : void 0,
+			signal: abortSignal
 		});
 		if (!res.ok) {
 			const text = await res.text();
@@ -94,6 +286,41 @@ var AgentClient = class {
 			throw new Error(`Agent killShellSession failed (${res.status}): ${text}`);
 		}
 	}
+	async exec(params, opts) {
+		const stream = this.run(params, opts?.signal);
+		const first = await stream.next();
+		if (first.done) throw new Error("Stream ended without 'started' event");
+		if (first.value.type !== "started") throw new Error(`Expected 'started' event, got '${first.value.type}'`);
+		const cmdId = first.value.id;
+		if (!cmdId) throw new Error("'started' event missing 'id' field");
+		const startedAt = first.value.ts ? new Date(first.value.ts) : /* @__PURE__ */ new Date();
+		return new Command({
+			agent: this,
+			cmdId,
+			startedAt,
+			stream,
+			signal: opts?.signal,
+			onStdout: opts?.onStdout,
+			onStderr: opts?.onStderr
+		});
+	}
+	async runCommand(cmdOrParams, args, opts) {
+		let params;
+		if (typeof cmdOrParams === "string") params = {
+			cmd: cmdOrParams,
+			args,
+			signal: opts?.signal
+		};
+		else params = cmdOrParams;
+		const { signal, onStdout, onStderr, ...runParams } = params;
+		const command = await this.exec(runParams, {
+			signal,
+			onStdout,
+			onStderr
+		});
+		if (params.detached) return command;
+		return command.wait({ signal });
+	}
 	async readFile(path) {
 		const res = await fetch(`${this.baseUrl}/files/read`, {
 			method: "POST",

package/dist/_chunks/connect.mjs

@@ -1,13 +1,57 @@
-import { l as agentTimeoutError } from "./errors.mjs";
-async function waitForAgent(guestIp, port, timeoutMs = 6e4) {
-	const start = Date.now();
-	const url = `http://${guestIp}:${port}/health`;
-	while (Date.now() - start < timeoutMs) {
+import { n as vmsanPaths } from "./paths.mjs";
+import { t as handleCommandError } from "./errors.mjs";
+import { t as createCommandLogger } from "./logger.mjs";
+import "./vm-state.mjs";
+import { n as waitForAgent, t as resolveVmState } from "./vm-context.mjs";
+import { t as ShellSession } from "./shell.mjs";
+import { consola } from "consola";
+import { defineCommand } from "citty";
+const connectCommand = defineCommand({
+	meta: {
+		name: "connect",
+		description: "Connect to a running VM"
+	},
+	args: {
+		vmId: {
+			type: "positional",
+			description: "VM ID to connect to",
+			required: true
+		},
+		session: {
+			type: "string",
+			alias: "s",
+			description: "Attach to an existing shell session ID",
+			required: false
+		}
+	},
+	async run({ args }) {
+		const cmdLog = createCommandLogger("connect");
+		const paths = vmsanPaths();
 		try {
-			if ((await fetch(url, { signal: AbortSignal.timeout(2e3) })).ok) return;
-		} catch {}
-		await new Promise((r) => setTimeout(r, 500));
+			const { state, guestIp, port } = resolveVmState(args.vmId, paths);
+			const log = consola.withTag(args.vmId);
+			consola.debug(`Agent endpoint: ${guestIp}:${port}`);
+			log.start("Waiting for agent to become ready...");
+			await waitForAgent(guestIp, port);
+			log.success("Agent is ready. Connecting via PTY shell...");
+			const shell = new ShellSession({
+				host: guestIp,
+				port,
+				token: state.agentToken,
+				sessionId: args.session
+			});
+			const closeInfo = await shell.connect();
+			cmdLog.set({
+				vmId: args.vmId,
+				method: "pty"
+			});
+			cmdLog.emit();
+			if (!closeInfo.sessionDestroyed && shell.sessionId) process.stderr.write(`\nResume this session with:\n  vmsan connect ${args.vmId} --session ${shell.sessionId}\n`);
+			process.exit(0);
+		} catch (error) {
+			handleCommandError(error, cmdLog);
+			process.exit(1);
+		}
 	}
-	throw agentTimeoutError(guestIp, timeoutMs);
-}
-export { waitForAgent as t };
+});
+export { connectCommand as default };

package/dist/_chunks/context.mjs

@@ -1,10 +1,11 @@
 import { n as vmsanPaths } from "./paths.mjs";
-import { H as VmsanError, S as vmNotStoppedError, _ as chrootNotFoundError, a as noKernelDirError, b as vmNotFoundError, d as socketTimeoutError, i as noExt4RootfsError, o as noKernelError, p as defaultInterfaceNotFoundError, r as missingBinaryError, s as noRootfsDirError, u as lockTimeoutError, x as vmNotRunningError, y as snapshotNotFoundError, z as mutuallyExclusiveFlagsError } from "./errors.mjs";
+import { B as mutuallyExclusiveFlagsError, C as vmNotStoppedError, S as vmNotRunningError, U as VmsanError, _ as chrootNotFoundError, a as noKernelDirError, d as socketTimeoutError, i as noExt4RootfsError, o as noKernelError, p as defaultInterfaceNotFoundError, r as missingBinaryError, s as noRootfsDirError, u as lockTimeoutError, x as vmNotFoundError, y as snapshotNotFoundError } from "./errors.mjs";
 import { c as safeKill, f as toError, i as generateVmId, t as FileVmStateStore } from "./vm-state.mjs";
 import { t as FirecrackerClient } from "./firecracker.mjs";
+import { t as spawnTimeoutKiller } from "./timeout-killer.mjs";
 import { createHooks } from "hookable";
 import { dirname, join } from "node:path";
-import { execFileSync, execSync, spawn } from "node:child_process";
+import { execFileSync, execSync } from "node:child_process";
 import { copyFileSync, existsSync, linkSync, mkdirSync, readFileSync, readdirSync, rmSync, statSync, writeFileSync } from "node:fs";
 import { consola } from "consola";
 import { randomBytes } from "node:crypto";
@@ -1988,21 +1989,12 @@ var VMService = class {
 				pid
 			});
 			log.success(`VM ${vmId} is running (PID: ${pid || "unknown"})`);
-			if (timeoutMs && pid) {
-				const stateFile = join(paths.vmsDir, `${vmId}.json`);
-				spawn("bash", ["-c", [
-					`sleep ${Math.ceil(timeoutMs / 1e3)}`,
-					`STATE=$(cat "${stateFile}" 2>/dev/null) || exit 0`,
-					`echo "$STATE" | grep -q '"status":"running"' || exit 0`,
-					`echo "$STATE" | grep -q '"pid":${pid}' || exit 0`,
-					`[ -d /proc/${pid} ] || exit 0`,
-					`grep -q "${vmId}" /proc/${pid}/cmdline 2>/dev/null || exit 0`,
-					`kill ${pid} 2>/dev/null`
-				].join(" && ")], {
-					detached: true,
-					stdio: "ignore"
-				}).unref();
-			}
+			if (timeoutMs && pid) spawnTimeoutKiller({
+				vmId,
+				pid,
+				timeoutMs,
+				stateFile: join(paths.vmsDir, `${vmId}.json`)
+			});
 			const finalState = this.store.load(vmId);
 			await hooks.callHook("vm:afterCreate", finalState);
 			return {

package/dist/_chunks/create.mjs

@@ -4,10 +4,11 @@ import { i as initVmsanLogger, n as createScopedLogger, t as createCommandLogger
 import "./vm-state.mjs";
 import { t as createVmsan } from "./context.mjs";
 import "./firecracker.mjs";
+import "./timeout-killer.mjs";
+import { n as waitForAgent } from "./vm-context.mjs";
 import { t as ShellSession } from "./shell.mjs";
 import { a as parseImageReference, t as parseBandwidth } from "./validation.mjs";
 import { n as parseCreateInput, t as buildCreateSummaryLines } from "./summary.mjs";
-import { t as waitForAgent } from "./connect.mjs";
 import { join } from "node:path";
 import { consola } from "consola";
 import { defineCommand } from "citty";

package/dist/_chunks/download.mjs

@@ -1,9 +1,9 @@
 import { n as vmsanPaths } from "./paths.mjs";
-import { b as vmNotFoundError, t as handleCommandError } from "./errors.mjs";
+import { t as handleCommandError } from "./errors.mjs";
 import { t as createCommandLogger } from "./logger.mjs";
-import { t as FileVmStateStore } from "./vm-state.mjs";
+import "./vm-state.mjs";
 import { t as AgentClient } from "./agent.mjs";
-import { t as waitForAgent } from "./connect.mjs";
+import { n as waitForAgent, t as resolveVmState } from "./vm-context.mjs";
 import { basename, join, resolve } from "node:path";
 import { existsSync, mkdirSync, statSync, writeFileSync } from "node:fs";
 import { consola } from "consola";
@@ -29,23 +29,8 @@ const downloadCommand = defineCommand({
 		const cmdLog = createCommandLogger("download");
 		const paths = vmsanPaths();
 		try {
-			const state = new FileVmStateStore(paths.vmsDir).load(args.vmId);
-			if (!state) throw vmNotFoundError(args.vmId);
-			if (state.status !== "running") {
-				consola.error(`VM ${args.vmId} is not running (status: ${state.status})`);
-				cmdLog.emit();
-				process.exitCode = 1;
-				return;
-			}
-			if (!state.agentToken) {
-				consola.error("VM has no agent token. Cannot download files without the agent.");
-				cmdLog.emit();
-				process.exitCode = 1;
-				return;
-			}
+			const { state, guestIp, port } = resolveVmState(args.vmId, paths);
 			const log = consola.withTag(args.vmId);
-			const guestIp = state.network.guestIp;
-			const port = state.agentPort || paths.agentPort;
 			consola.debug(`Agent endpoint: ${guestIp}:${port}`);
 			log.start("Waiting for agent...");
 			await waitForAgent(guestIp, port);

package/dist/_chunks/errors.mjs

@@ -122,10 +122,16 @@ const chrootNotFoundError = (vmId) => new VmError("ERR_VM_CHROOT_NOT_FOUND", {
 	fix: "The VM must be recreated with 'vmsan create'."
 });
 const networkSlotsExhaustedError = () => new VmError("ERR_VM_NETWORK_SLOTS_EXHAUSTED", { message: "No available network slots (max 255 VMs)" });
-const vmNotRunningError = (vmId) => new VmError("ERR_VM_NOT_RUNNING", {
+const vmNotRunningError = (vmId, currentStatus) => new VmError("ERR_VM_NOT_RUNNING", {
 	vmId,
-	message: `VM ${vmId} is not running`,
-	fix: "The VM must be running to update its network policy. Start it with 'vmsan start <vm-id>'."
+	message: currentStatus ? `VM ${vmId} is not running (current status: ${currentStatus})` : `VM ${vmId} is not running`,
+	fix: "The VM must be running. Start it with 'vmsan start <vm-id>'."
+});
+const vmNoAgentTokenError = (vmId) => new VmError("ERR_VM_NO_AGENT_TOKEN", {
+	vmId,
+	message: `VM ${vmId} has no agent token`,
+	why: "The vmsan-agent binary was not found at ~/.vmsan/bin/vmsan-agent when this VM was created.",
+	fix: "Install the agent binary into ~/.vmsan/bin/vmsan-agent and recreate the VM with 'vmsan create'."
 });
 const snapshotNotFoundError = (snapshotId) => new VmError("ERR_VM_SNAPSHOT_NOT_FOUND", { message: `Snapshot not found: ${snapshotId}` });
 var FirecrackerApiError = class extends VmsanError {
@@ -229,4 +235,4 @@ function handleCommandError(error, cmdLog) {
 		if (error.link) consola.log(`  More: ${error.link}`);
 	} else consola.error(error instanceof Error ? error.message : String(error));
 }
-export { invalidDomainError as A, policyConflictError as B, vmStateNotFoundError as C, invalidCidrPrefixError as D, invalidCidrOctetError as E, invalidIntegerFlagError as F, VmsanError as H, invalidNetworkPolicyError as I, invalidPortError as L, invalidDurationError as M, invalidImageRefEmptyError as N, invalidDiskSizeFormatError as O, invalidImageRefTagError as P, invalidRuntimeError as R, vmNotStoppedError as S, invalidCidrFormatError as T, portConflictError as V, chrootNotFoundError as _, noKernelDirError as a, vmNotFoundError as b, TimeoutError as c, socketTimeoutError as d, NetworkError as f, VmError as g, firecrackerApiError as h, noExt4RootfsError as i, invalidDomainPatternError as j, invalidDiskSizeRangeError as k, agentTimeoutError as l, FirecrackerApiError as m, SetupError as n, noKernelError as o, defaultInterfaceNotFoundError as p, missingBinaryError as r, noRootfsDirError as s, handleCommandError as t, lockTimeoutError as u, networkSlotsExhaustedError as v, ValidationError as w, vmNotRunningError as x, snapshotNotFoundError as y, mutuallyExclusiveFlagsError as z };
+export { invalidDiskSizeRangeError as A, mutuallyExclusiveFlagsError as B, vmNotStoppedError as C, invalidCidrOctetError as D, invalidCidrFormatError as E, invalidImageRefTagError as F, portConflictError as H, invalidIntegerFlagError as I, invalidNetworkPolicyError as L, invalidDomainPatternError as M, invalidDurationError as N, invalidCidrPrefixError as O, invalidImageRefEmptyError as P, invalidPortError as R, vmNotRunningError as S, ValidationError as T, VmsanError as U, policyConflictError as V, chrootNotFoundError as _, noKernelDirError as a, vmNoAgentTokenError as b, TimeoutError as c, socketTimeoutError as d, NetworkError as f, VmError as g, firecrackerApiError as h, noExt4RootfsError as i, invalidDomainError as j, invalidDiskSizeFormatError as k, agentTimeoutError as l, FirecrackerApiError as m, SetupError as n, noKernelError as o, defaultInterfaceNotFoundError as p, missingBinaryError as r, noRootfsDirError as s, handleCommandError as t, lockTimeoutError as u, networkSlotsExhaustedError as v, vmStateNotFoundError as w, vmNotFoundError as x, snapshotNotFoundError as y, invalidRuntimeError as z };

package/dist/_chunks/exec.mjs

@@ -0,0 +1,193 @@
+import { n as vmsanPaths } from "./paths.mjs";
+import { t as handleCommandError } from "./errors.mjs";
+import { t as createCommandLogger } from "./logger.mjs";
+import "./vm-state.mjs";
+import "./timeout-killer.mjs";
+import { t as AgentClient } from "./agent.mjs";
+import { t as TimeoutExtender } from "./timeout-extender.mjs";
+import { n as waitForAgent, t as resolveVmState } from "./vm-context.mjs";
+import { t as ShellSession } from "./shell.mjs";
+import { consola } from "consola";
+import { defineCommand } from "citty";
+import { isatty } from "node:tty";
+function shellEscape(s) {
+	if (/^[a-zA-Z0-9._\-/=:@]+$/.test(s)) return s;
+	return "'" + s.replace(/'/g, "'\\''") + "'";
+}
+function parseEnvFlags(targetCommand) {
+	const env = {};
+	const argv = process.argv;
+	let positionalCount = 0;
+	for (let i = 2; i < argv.length; i++) {
+		const arg = argv[i];
+		if (arg === "--") break;
+		if (!arg.startsWith("-")) {
+			positionalCount++;
+			if (positionalCount >= 3) break;
+			continue;
+		}
+		let value;
+		if (arg === "--env" || arg === "-e") {
+			value = argv[i + 1];
+			if (value !== void 0) i++;
+		} else if (arg.startsWith("--env=")) value = arg.slice(6);
+		else if (arg.startsWith("-e=")) value = arg.slice(3);
+		if (value !== void 0) {
+			const eqIdx = value.indexOf("=");
+			if (eqIdx > 0) env[value.slice(0, eqIdx)] = value.slice(eqIdx + 1);
+		}
+	}
+	return env;
+}
+function buildVmsanPrompt(vmId) {
+	return `\\[\\033[1;32m\\]vmsan:${vmId.slice(0, 8)}\\[\\033[0m\\]:\\[\\033[1;34m\\]\\w\\[\\033[0m\\]\\$ `;
+}
+const execCommand = defineCommand({
+	meta: {
+		name: "exec",
+		description: "Execute a command inside a running VM"
+	},
+	args: {
+		vmId: {
+			type: "positional",
+			description: "VM ID, followed by command and arguments",
+			required: true
+		},
+		sudo: {
+			type: "boolean",
+			default: false,
+			description: "Run with extended privileges (sudo)"
+		},
+		interactive: {
+			type: "boolean",
+			alias: "i",
+			default: false,
+			description: "Interactive shell mode (PTY)"
+		},
+		"no-extend-timeout": {
+			type: "boolean",
+			default: false,
+			description: "Skip timeout extension (interactive only)"
+		},
+		tty: {
+			type: "boolean",
+			alias: "t",
+			default: false,
+			description: "Allocate a pseudo-TTY (accepted for compatibility)"
+		},
+		workdir: {
+			type: "string",
+			alias: "w",
+			description: "Working directory inside the VM"
+		},
+		env: {
+			type: "string",
+			alias: "e",
+			description: "Environment variable (KEY=VAL), repeatable"
+		}
+	},
+	async run({ args }) {
+		const cmdLog = createCommandLogger("exec");
+		const paths = vmsanPaths();
+		try {
+			const command = args._[1];
+			const commandArgs = args._.slice(2);
+			if (!command) {
+				consola.error("No command provided. Usage: vmsan exec <vm_id> <command> [...args]");
+				cmdLog.emit();
+				process.exitCode = 1;
+				return;
+			}
+			if (args.interactive && !isatty(1)) {
+				consola.error("--interactive requires a terminal (TTY).");
+				process.exitCode = 1;
+				return;
+			}
+			const envVars = parseEnvFlags(command);
+			const { state, guestIp, port, store } = resolveVmState(args.vmId, paths);
+			consola.debug(`Agent endpoint: ${guestIp}:${port}`);
+			const log = consola.withTag(args.vmId);
+			log.start("Waiting for agent...");
+			await waitForAgent(guestIp, port);
+			if (args.interactive) {
+				const parts = [];
+				parts.push(`export PS1=${shellEscape(buildVmsanPrompt(args.vmId))} TERM=xterm-256color &&`);
+				if (args.workdir) parts.push(`cd ${shellEscape(args.workdir)} &&`);
+				for (const [key, val] of Object.entries(envVars)) parts.push(`${key}=${shellEscape(val)}`);
+				if (args.sudo) parts.push("sudo");
+				parts.push(shellEscape(command));
+				for (const a of commandArgs) parts.push(shellEscape(a));
+				const injectedCmd = parts.join(" ") + "; exit $?\n";
+				log.success("Agent is ready. Connecting interactive shell...");
+				let extender = null;
+				if (!args["no-extend-timeout"] && state.timeoutMs) {
+					extender = new TimeoutExtender({
+						vmId: args.vmId,
+						store,
+						paths
+					});
+					extender.start();
+				}
+				try {
+					await new ShellSession({
+						host: guestIp,
+						port,
+						token: state.agentToken,
+						initialCommand: injectedCmd
+					}).connect();
+				} finally {
+					extender?.stop();
+				}
+				cmdLog.set({
+					vmId: args.vmId,
+					mode: "interactive",
+					command,
+					args: commandArgs,
+					...args["no-extend-timeout"] && { noExtendTimeout: true }
+				});
+				cmdLog.emit();
+			} else {
+				consola.debug(`exec: ${command} ${commandArgs.join(" ")}`);
+				const agent = new AgentClient(`http://${guestIp}:${port}`, state.agentToken);
+				const cmd = args.sudo ? "sudo" : command;
+				const runArgs = args.sudo ? [command, ...commandArgs] : commandArgs;
+				const params = {
+					cmd,
+					args: runArgs.length > 0 ? runArgs : void 0,
+					cwd: args.workdir || void 0,
+					env: Object.keys(envVars).length > 0 ? envVars : void 0
+				};
+				const ac = new AbortController();
+				const onSignal = () => ac.abort();
+				process.on("SIGINT", onSignal);
+				process.on("SIGTERM", onSignal);
+				try {
+					const result = await (await agent.exec(params, {
+						signal: ac.signal,
+						onStdout: (line) => process.stdout.write(line + "\n"),
+						onStderr: (line) => process.stderr.write(line + "\n")
+					})).wait();
+					process.exitCode = result.exitCode;
+					if (result.timedOut) consola.error("Command timed out.");
+				} catch (err) {
+					if (!ac.signal.aborted) throw err;
+					process.exitCode = 130;
+				} finally {
+					process.removeListener("SIGINT", onSignal);
+					process.removeListener("SIGTERM", onSignal);
+				}
+				cmdLog.set({
+					vmId: args.vmId,
+					mode: "non-interactive",
+					command,
+					args: commandArgs
+				});
+				cmdLog.emit();
+			}
+		} catch (error) {
+			handleCommandError(error, cmdLog);
+			process.exitCode = 1;
+		}
+	}
+});
+export { execCommand as default };

package/dist/_chunks/list.mjs

@@ -4,6 +4,7 @@ import { r as getOutputMode, t as createCommandLogger } from "./logger.mjs";
 import { d as timeRemaining, l as table, u as timeAgo } from "./vm-state.mjs";
 import { t as createVmsan } from "./context.mjs";
 import "./firecracker.mjs";
+import "./timeout-killer.mjs";
 import { consola } from "consola";
 import { defineCommand } from "citty";
 const STATUS_COLORS = {

package/dist/_chunks/network.mjs

@@ -1,9 +1,10 @@
 import "./paths.mjs";
-import { B as policyConflictError, t as handleCommandError } from "./errors.mjs";
+import { V as policyConflictError, t as handleCommandError } from "./errors.mjs";
 import { r as getOutputMode, t as createCommandLogger } from "./logger.mjs";
 import "./vm-state.mjs";
 import { t as createVmsan } from "./context.mjs";
 import "./firecracker.mjs";
+import "./timeout-killer.mjs";
 import { d as validateCidr, i as parseDomains, n as parseCidrList, s as parseNetworkPolicy } from "./validation.mjs";
 import { consola } from "consola";
 import { defineCommand } from "citty";