vmsan 0.1.0-alpha.2 → 0.1.0-alpha.21

package/dist/_chunks/list.mjs

@@ -1,9 +1,10 @@
-import { n as vmsanPaths } from "./paths.mjs";
-import "./errors.mjs";
+import "./paths.mjs";
+import { t as handleCommandError } from "./errors.mjs";
 import { r as getOutputMode, t as createCommandLogger } from "./logger.mjs";
-import { c as timeAgo, l as timeRemaining, s as table } from "./vm-state.mjs";
-import "./environment.mjs";
-import { t as VMService } from "./vm.mjs";
+import { d as timeRemaining, l as table, u as timeAgo } from "./vm-state.mjs";
+import { t as createVmsan } from "./context.mjs";
+import "./firecracker.mjs";
+import "./timeout-killer.mjs";
 import { consola } from "consola";
 import { defineCommand } from "citty";
 const STATUS_COLORS = {
@@ -21,63 +22,68 @@ const listCommand = defineCommand({
 		name: "list",
 		description: "List all VMs"
 	},
-	run() {
+	async run() {
 		const cmdLog = createCommandLogger("list");
 		const log = consola.withTag("list");
-		const vms = new VMService(vmsanPaths()).list();
-		if (vms.length === 0) {
+		try {
+			const vms = (await createVmsan()).list();
+			if (vms.length === 0) {
+				if (getOutputMode() === "json") cmdLog.set({
+					count: 0,
+					vms: []
+				});
+				else {
+					log.log("No VMs found.");
+					cmdLog.set({ count: 0 });
+				}
+				cmdLog.emit();
+				return;
+			}
+			const statuses = {};
+			for (const vm of vms) statuses[vm.status] = (statuses[vm.status] ?? 0) + 1;
+			consola.debug(`Found ${vms.length} VM(s): ${Object.entries(statuses).map(([s, n]) => `${n} ${s}`).join(", ")}`);
 			if (getOutputMode() === "json") cmdLog.set({
-				count: 0,
-				vms: []
+				count: vms.length,
+				statuses,
+				vms: vms.map((vm) => ({
+					id: vm.id,
+					status: vm.status,
+					createdAt: vm.createdAt,
+					memSizeMib: vm.memSizeMib,
+					vcpuCount: vm.vcpuCount,
+					runtime: vm.runtime,
+					timeoutAt: vm.timeoutAt ?? null,
+					snapshot: vm.snapshot ?? null
+				}))
 			});
 			else {
-				log.log("No VMs found.");
-				cmdLog.set({ count: 0 });
+				const output = table({
+					rows: vms,
+					columns: {
+						ID: { value: (vm) => vm.id },
+						STATUS: {
+							value: (vm) => vm.status,
+							color: (vm) => colorStatus(vm.status)
+						},
+						CREATED: { value: (vm) => timeAgo(vm.createdAt) },
+						MEMORY: { value: (vm) => `${vm.memSizeMib} MiB` },
+						VCPUS: { value: (vm) => vm.vcpuCount },
+						RUNTIME: { value: (vm) => vm.runtime },
+						TIMEOUT: { value: (vm) => vm.timeoutAt ? timeRemaining(vm.timeoutAt) : "-" },
+						SNAPSHOT: { value: (vm) => vm.snapshot ?? "-" }
+					}
+				});
+				log.log(output);
+				cmdLog.set({
+					count: vms.length,
+					statuses
+				});
 			}
 			cmdLog.emit();
-			return;
-		}
-		const statuses = {};
-		for (const vm of vms) statuses[vm.status] = (statuses[vm.status] ?? 0) + 1;
-		consola.debug(`Found ${vms.length} VM(s): ${Object.entries(statuses).map(([s, n]) => `${n} ${s}`).join(", ")}`);
-		if (getOutputMode() === "json") cmdLog.set({
-			count: vms.length,
-			statuses,
-			vms: vms.map((vm) => ({
-				id: vm.id,
-				status: vm.status,
-				createdAt: vm.createdAt,
-				memSizeMib: vm.memSizeMib,
-				vcpuCount: vm.vcpuCount,
-				runtime: vm.runtime,
-				timeoutAt: vm.timeoutAt ?? null,
-				snapshot: vm.snapshot ?? null
-			}))
-		});
-		else {
-			const output = table({
-				rows: vms,
-				columns: {
-					ID: { value: (vm) => vm.id },
-					STATUS: {
-						value: (vm) => vm.status,
-						color: (vm) => colorStatus(vm.status)
-					},
-					CREATED: { value: (vm) => timeAgo(vm.createdAt) },
-					MEMORY: { value: (vm) => `${vm.memSizeMib} MiB` },
-					VCPUS: { value: (vm) => vm.vcpuCount },
-					RUNTIME: { value: (vm) => vm.runtime },
-					TIMEOUT: { value: (vm) => vm.timeoutAt ? timeRemaining(vm.timeoutAt) : "-" },
-					SNAPSHOT: { value: (vm) => vm.snapshot ?? "-" }
-				}
-			});
-			log.log(output);
-			cmdLog.set({
-				count: vms.length,
-				statuses
-			});
+		} catch (error) {
+			handleCommandError(error, cmdLog);
+			process.exitCode = 1;
 		}
-		cmdLog.emit();
 	}
 });
 export { listCommand as default };

package/dist/_chunks/network.mjs

@@ -1,9 +1,10 @@
-import { n as vmsanPaths } from "./paths.mjs";
-import { B as policyConflictError, t as handleCommandError } from "./errors.mjs";
+import "./paths.mjs";
+import { V as policyConflictError, t as handleCommandError } from "./errors.mjs";
 import { r as getOutputMode, t as createCommandLogger } from "./logger.mjs";
 import "./vm-state.mjs";
-import "./environment.mjs";
-import { t as VMService } from "./vm.mjs";
+import { t as createVmsan } from "./context.mjs";
+import "./firecracker.mjs";
+import "./timeout-killer.mjs";
 import { d as validateCidr, i as parseDomains, n as parseCidrList, s as parseNetworkPolicy } from "./validation.mjs";
 import { consola } from "consola";
 import { defineCommand } from "citty";
@@ -46,7 +47,7 @@ const networkCommand = defineCommand({
 			for (const cidr of allowedCidrs) validateCidr(cidr);
 			for (const cidr of deniedCidrs) validateCidr(cidr);
 			if (policy === "deny-all" && (domains.length || allowedCidrs.length || deniedCidrs.length)) throw policyConflictError();
-			const result = await new VMService(vmsanPaths()).updateNetworkPolicy(args.vmId, policy, domains, allowedCidrs, deniedCidrs);
+			const result = await (await createVmsan()).updateNetworkPolicy(args.vmId, policy, domains, allowedCidrs, deniedCidrs);
 			if (!result.success) {
 				if (result.error) throw result.error;
 				consola.error(`Failed to update network policy for ${args.vmId}`);

package/dist/_chunks/remove.mjs

@@ -1,9 +1,10 @@
-import { n as vmsanPaths } from "./paths.mjs";
+import "./paths.mjs";
 import "./errors.mjs";
 import { t as createCommandLogger } from "./logger.mjs";
 import "./vm-state.mjs";
-import "./environment.mjs";
-import { t as VMService } from "./vm.mjs";
+import { t as createVmsan } from "./context.mjs";
+import "./firecracker.mjs";
+import "./timeout-killer.mjs";
 import { consola } from "consola";
 import { defineCommand } from "citty";
 const removeCommand = defineCommand({
@@ -34,9 +35,9 @@ const removeCommand = defineCommand({
 			process.exitCode = 1;
 			return;
 		}
-		const service = new VMService(vmsanPaths());
+		const vmsan = await createVmsan();
 		const missing = [];
-		for (const id of vmIds) if (!service.get(id)) missing.push(id);
+		for (const id of vmIds) if (!vmsan.get(id)) missing.push(id);
 		if (missing.length > 0) {
 			consola.error(`VM(s) not found: ${missing.join(", ")}`);
 			cmdLog.emit();
@@ -45,7 +46,7 @@ const removeCommand = defineCommand({
 		}
 		if (!args.force) {
 			const running = [];
-			for (const id of vmIds) if (service.get(id).status !== "stopped") running.push(id);
+			for (const id of vmIds) if (vmsan.get(id).status !== "stopped") running.push(id);
 			if (running.length > 0) {
 				consola.error(`Cannot remove running VM(s): ${running.join(", ")}. Stop them first or use --force (-f).`);
 				cmdLog.emit();
@@ -57,10 +58,10 @@ const removeCommand = defineCommand({
 		let hasErrors = false;
 		for (const id of vmIds) {
 			const log = consola.withTag(id);
-			const vm = service.get(id);
+			const vm = vmsan.get(id);
 			consola.debug(`VM ${id} status=${vm.status}, force=${args.force}`);
 			log.start(`Removing ${id}...`);
-			const result = await service.remove(id, { force: args.force });
+			const result = await vmsan.remove(id, { force: args.force });
 			if (result.success) {
 				log.success(`Removed ${id}`);
 				results.push({

package/dist/_chunks/shell.mjs

@@ -100,6 +100,7 @@ var ShellSession = class {
 				process.stdin.resume();
 				this.ws.send(serializeReady());
 				if (process.stdout.columns && process.stdout.rows) this.ws.send(serializeResize(process.stdout.columns, process.stdout.rows));
+				if (this.opts.initialCommand) this.ws.send(serializeData(Buffer.from(this.opts.initialCommand)));
 				process.stdin.on("data", onStdinData);
 				process.stdout.on("resize", onResize);
 			});
@@ -136,6 +137,7 @@ var ShellSession = class {
 		const url = new URL(`${proto}://${this.opts.host}:${this.opts.port}/ws/shell`);
 		url.searchParams.set("token", this.opts.token);
 		if (this.opts.shell) url.searchParams.set("shell", this.opts.shell);
+		if (this.opts.user) url.searchParams.set("user", this.opts.user);
 		return url.toString();
 	}
 };

package/dist/_chunks/start.mjs

@@ -1,13 +1,10 @@
-import { n as vmsanPaths } from "./paths.mjs";
-import { S as vmNotStoppedError, _ as chrootNotFoundError, b as vmNotFoundError, t as handleCommandError } from "./errors.mjs";
-import { n as createScopedLogger, t as createCommandLogger } from "./logger.mjs";
-import { t as FirecrackerClient } from "./firecracker.mjs";
-import { t as FileVmStateStore } from "./vm-state.mjs";
-import { a as getVmPid, c as NetworkManager, i as getVmJailerPid, o as validateEnvironment, s as waitForSocket } from "./environment.mjs";
-import { a as Jailer, i as markVmAsError, n as cleanupNetwork, r as killOrphanVmProcess } from "./cleanup.mjs";
-import { dirname, join } from "node:path";
-import { consola } from "consola";
-import { existsSync, rmSync, unlinkSync } from "node:fs";
+import "./paths.mjs";
+import { t as handleCommandError } from "./errors.mjs";
+import { t as createCommandLogger } from "./logger.mjs";
+import "./vm-state.mjs";
+import { t as createVmsan } from "./context.mjs";
+import "./firecracker.mjs";
+import "./timeout-killer.mjs";
 import { defineCommand } from "citty";
 const startCommand = defineCommand({
 	meta: {
@@ -21,169 +18,23 @@ const startCommand = defineCommand({
 	} },
 	async run({ args }) {
 		const cmdLog = createCommandLogger("start");
-		const paths = vmsanPaths();
-		const lifecycle = {
-			vmId: void 0,
-			networkConfig: void 0
-		};
-		const store = new FileVmStateStore(paths.vmsDir);
 		try {
 			const vmId = args.vmId;
-			lifecycle.vmId = vmId;
-			const log = createScopedLogger(vmId);
-			const startTag = `[start:${vmId}]`;
-			const state = store.load(vmId);
-			if (!state) throw vmNotFoundError(vmId);
-			if (state.status !== "stopped") throw vmNotStoppedError(vmId, state.status);
-			if (!state.chrootDir || !existsSync(state.chrootDir)) throw chrootNotFoundError(vmId);
-			const baseDir = paths.baseDir;
-			validateEnvironment(baseDir);
-			log.start(`Starting VM ${vmId}...`);
-			const mgr = NetworkManager.fromVmNetwork(state.network);
-			const networkConfig = mgr.config;
-			lifecycle.networkConfig = networkConfig;
-			consola.debug(`Reconstructed network config: slot=${networkConfig.slot}, tap=${networkConfig.tapDevice}, host=${networkConfig.hostIp}, guest=${networkConfig.guestIp}`);
-			log.start("Setting up networking...");
-			await mgr.setup();
-			log.success(`Network: TAP ${networkConfig.tapDevice}, Host ${networkConfig.hostIp}, Guest ${networkConfig.guestIp}`);
-			const vmRootCandidates = Array.from(new Set([
-				join(state.chrootDir, "root"),
-				state.chrootDir,
-				dirname(dirname(state.apiSocket))
-			]));
-			for (const rootDir of vmRootCandidates) {
-				const staleFirecrackerBin = join(rootDir, "firecracker");
-				if (existsSync(staleFirecrackerBin)) unlinkSync(staleFirecrackerBin);
-				rmSync(join(rootDir, "firecracker.pid"), { force: true });
+			const result = await (await createVmsan()).start(vmId);
+			if (!result.success) {
+				if (result.error) throw result.error;
+				process.exitCode = 1;
+				cmdLog.emit();
+				return;
 			}
-			const socketPath = state.apiSocket;
-			if (existsSync(socketPath)) unlinkSync(socketPath);
-			const removeStaleDevTrees = () => {
-				for (const rootDir of vmRootCandidates) {
-					const devDir = join(rootDir, "dev");
-					if (existsSync(devDir)) rmSync(devDir, {
-						recursive: true,
-						force: true
-					});
-				}
-			};
-			const removeStaleDeviceNodes = () => {
-				const staleNodes = [
-					"dev/net/tun",
-					"dev/kvm",
-					"dev/userfaultfd",
-					"dev/urandom"
-				];
-				for (const rootDir of vmRootCandidates) for (const rel of staleNodes) {
-					const nodePath = join(rootDir, rel);
-					if (existsSync(nodePath)) rmSync(nodePath, {
-						recursive: true,
-						force: true
-					});
-				}
-			};
-			const firecrackerBin = join(baseDir, "bin", "firecracker");
-			const jailerBin = join(baseDir, "bin", "jailer");
-			const jailer = new Jailer(vmId, paths.jailerBaseDir);
-			let socketReady = false;
-			const errorMessage = (error) => error instanceof Error ? error.message : String(error);
-			const logAttemptError = (attempt, error) => {
-				const message = errorMessage(error);
-				consola.error(`${startTag} ${attempt} failed: ${message}`);
-			};
-			consola.debug(`Stale file cleanup: checked ${vmRootCandidates.length} root candidates`);
-			const logDiagnostics = () => {
-				const socketExists = existsSync(socketPath);
-				const devState = vmRootCandidates.map((rootDir) => `${join(rootDir, "dev")}=${existsSync(join(rootDir, "dev"))}`).join(", ");
-				const firecrackerPid = getVmPid(vmId);
-				const jailerPid = getVmJailerPid(vmId);
-				log.error(`${startTag} diagnostics: socketExists=${socketExists}; firecrackerPid=${firecrackerPid ?? "none"}; jailerPid=${jailerPid ?? "none"}; devDirs=[${devState}]`);
-			};
-			const isRecoverableStartError = (message) => {
-				if (message.includes("Timeout waiting for API socket")) return true;
-				if (message.includes("mknod inside the jail") && message.includes("File exists")) return true;
-				if (message.includes("MknodDev(") && message.includes("os error 17")) return true;
-				return false;
-			};
-			const cgroup = {
-				cpuQuotaUs: state.vcpuCount * 1e5,
-				cpuPeriodUs: 1e5,
-				memoryBytes: state.memSizeMib * 1024 * 1024
-			};
-			const spawnAndWait = async (timeoutMs) => {
-				log.start("Spawning Firecracker via jailer...");
-				consola.debug(`Jailer spawn: firecracker=${firecrackerBin}, jailer=${jailerBin}, chrootBase=${jailer.paths.chrootBase}`);
-				jailer.spawn({
-					firecrackerBin,
-					jailerBin,
-					chrootBase: jailer.paths.chrootBase,
-					newPidNs: true,
-					cgroup,
-					netns: state.network.netnsName
-				});
-				log.start("Waiting for API socket...");
-				await waitForSocket(socketPath, timeoutMs);
-			};
-			try {
-				removeStaleDeviceNodes();
-				await spawnAndWait(1e4);
-				socketReady = true;
-			} catch (firstStartError) {
-				const message = errorMessage(firstStartError);
-				if (!isRecoverableStartError(message)) {
-					logAttemptError("initial attempt", firstStartError);
-					logDiagnostics();
-					throw firstStartError;
-				}
-				logAttemptError("initial attempt", firstStartError);
-				killOrphanVmProcess(vmId);
-				if (existsSync(socketPath)) unlinkSync(socketPath);
-				removeStaleDeviceNodes();
-				removeStaleDevTrees();
-				for (const rootDir of vmRootCandidates) {
-					const staleFirecrackerBin = join(rootDir, "firecracker");
-					if (existsSync(staleFirecrackerBin)) unlinkSync(staleFirecrackerBin);
-					rmSync(join(rootDir, "firecracker.pid"), { force: true });
-				}
-				try {
-					await spawnAndWait(15e3);
-					socketReady = true;
-				} catch (retryError) {
-					logAttemptError("retry attempt", retryError);
-					logDiagnostics();
-					throw new Error(`${startTag} retry failed after cleanup. First error: ${message}. Retry error: ${errorMessage(retryError)}`);
-				}
-			}
-			if (!socketReady) throw new Error(`Timeout waiting for API socket at ${socketPath}`);
-			log.success("API socket ready");
-			const vm = new FirecrackerClient(socketPath);
-			const bootArgs = NetworkManager.bootArgs(networkConfig.slot);
-			consola.debug(`Boot args: ${bootArgs}`);
-			await vm.boot("kernel/vmlinux", bootArgs);
-			await vm.addDrive("rootfs", "rootfs/rootfs.ext4", true, false);
-			await vm.configure(state.vcpuCount, state.memSizeMib);
-			await vm.addNetwork("eth0", networkConfig.tapDevice, networkConfig.macAddress);
-			log.start("Starting VM...");
-			await vm.start();
-			const pid = getVmPid(vmId);
-			store.update(vmId, {
-				status: "running",
-				pid
-			});
-			log.success(`VM ${vmId} is running (PID: ${pid || "unknown"})`);
 			cmdLog.set({
 				vmId,
-				pid,
-				guestIp: networkConfig.guestIp,
-				networking: networkConfig.networkPolicy
+				pid: result.pid,
+				guestIp: result.state?.network.guestIp,
+				networking: result.state?.network.networkPolicy
 			});
 			cmdLog.emit();
 		} catch (error) {
-			if (lifecycle.vmId) {
-				killOrphanVmProcess(lifecycle.vmId);
-				markVmAsError(lifecycle.vmId, error, paths);
-			}
-			cleanupNetwork(lifecycle.networkConfig);
 			handleCommandError(error, cmdLog);
 			process.exitCode = 1;
 		}

package/dist/_chunks/stop.mjs

@@ -1,9 +1,10 @@
-import { n as vmsanPaths } from "./paths.mjs";
+import "./paths.mjs";
 import "./errors.mjs";
 import { t as createCommandLogger } from "./logger.mjs";
 import "./vm-state.mjs";
-import "./environment.mjs";
-import { t as VMService } from "./vm.mjs";
+import { t as createVmsan } from "./context.mjs";
+import "./firecracker.mjs";
+import "./timeout-killer.mjs";
 import { consola } from "consola";
 import { defineCommand } from "citty";
 const stopCommand = defineCommand({
@@ -26,9 +27,9 @@ const stopCommand = defineCommand({
 			process.exitCode = 1;
 			return;
 		}
-		const service = new VMService(vmsanPaths());
+		const vmsan = await createVmsan();
 		const missing = [];
-		for (const id of vmIds) if (!service.get(id)) missing.push(id);
+		for (const id of vmIds) if (!vmsan.get(id)) missing.push(id);
 		if (missing.length > 0) {
 			consola.error(`VM(s) not found: ${missing.join(", ")}`);
 			cmdLog.emit();
@@ -39,10 +40,10 @@ const stopCommand = defineCommand({
 		let hasErrors = false;
 		for (const id of vmIds) {
 			const log = consola.withTag(id);
-			const vm = service.get(id);
+			const vm = vmsan.get(id);
 			consola.debug(`VM ${id} current status: ${vm?.status ?? "unknown"}`);
 			log.start(`Stopping ${id}...`);
-			const result = await service.stop(id);
+			const result = await vmsan.stop(id);
 			if (result.alreadyStopped) {
 				log.warn(`${id} is already stopped`);
 				results.push({

package/dist/_chunks/summary.mjs

@@ -0,0 +1,69 @@
+import { V as policyConflictError } from "./errors.mjs";
+import { s as parseDuration } from "./vm-state.mjs";
+import { d as assertSnapshotExists } from "./context.mjs";
+import { c as parsePublishedPorts, d as validateCidr, f as validatePublishedPortsAvailable, i as parseDomains, l as parseRuntime, n as parseCidrList, o as parseMemoryMib, r as parseDiskSizeGb, s as parseNetworkPolicy, u as parseVcpuCount } from "./validation.mjs";
+function parseCreateInput(args, paths) {
+	const vcpus = parseVcpuCount(args.vcpus);
+	const memMib = parseMemoryMib(args.memory);
+	const runtime = parseRuntime(args.runtime);
+	const networkPolicy = parseNetworkPolicy(args["network-policy"]);
+	const ports = parsePublishedPorts(args["publish-port"]);
+	const domains = parseDomains(args["allowed-domain"]);
+	const allowedCidrs = parseCidrList(args["allowed-cidr"]);
+	const deniedCidrs = parseCidrList(args["denied-cidr"]);
+	const timeoutMs = typeof args.timeout === "string" ? parseDuration(args.timeout) : null;
+	const snapshotId = typeof args.snapshot === "string" ? args.snapshot : null;
+	const diskSizeGb = parseDiskSizeGb(args.disk);
+	validatePublishedPortsAvailable(ports, paths);
+	for (const cidr of allowedCidrs) validateCidr(cidr);
+	for (const cidr of deniedCidrs) validateCidr(cidr);
+	if (networkPolicy === "deny-all" && (domains.length || allowedCidrs.length || deniedCidrs.length)) throw policyConflictError();
+	if (snapshotId) assertSnapshotExists(snapshotId, paths);
+	return {
+		vcpus,
+		memMib,
+		runtime,
+		networkPolicy: networkPolicy === "allow-all" && (domains.length > 0 || allowedCidrs.length > 0 || deniedCidrs.length > 0) ? "custom" : networkPolicy,
+		ports,
+		domains,
+		allowedCidrs,
+		deniedCidrs,
+		timeoutMs,
+		snapshotId,
+		diskSizeGb
+	};
+}
+function buildCreateSummaryLines(input) {
+	return [
+		`VM Created: ${input.vmId}`,
+		"",
+		"  Status:   running",
+		`  PID:      ${input.pid || "unknown"}`,
+		`  vCPUs:    ${input.vcpus}`,
+		`  Memory:   ${input.memMib} MiB`,
+		`  Runtime:  ${input.runtime}`,
+		`  Disk:     ${input.diskSizeGb} GB`,
+		...input.project ? [`  Project:  ${input.project}`] : [],
+		"",
+		"  Network:",
+		`    TAP:    ${input.tapDevice}`,
+		`    Host:   ${input.hostIp}`,
+		`    Guest:  ${input.guestIp}`,
+		`    MAC:    ${input.macAddress}`,
+		`    Policy: ${input.networkPolicy}`,
+		...input.domains.length > 0 ? [`    Domains: ${input.domains.join(", ")}`] : [],
+		...input.allowedCidrs.length > 0 ? [`    Allowed CIDRs: ${input.allowedCidrs.join(", ")}`] : [],
+		...input.deniedCidrs.length > 0 ? [`    Denied CIDRs:  ${input.deniedCidrs.join(", ")}`] : [],
+		...input.ports.length > 0 ? [`    Ports:  ${input.ports.join(", ")}`] : [],
+		"",
+		`  Kernel:   ${input.kernelPath}`,
+		`  Rootfs:   ${input.rootfsPath}`,
+		...input.snapshotId ? [`  Snapshot: ${input.snapshotId}`] : [],
+		...input.timeout ? [`  Timeout:  ${input.timeout}`] : [],
+		"",
+		`  Socket:   ${input.socketPath}`,
+		`  Chroot:   ${input.chrootDir}`,
+		`  State:    ${input.stateFilePath}`
+	];
+}
+export { parseCreateInput as n, buildCreateSummaryLines as t };

package/dist/_chunks/timeout-extender.mjs

@@ -0,0 +1,66 @@
+import { c as safeKill } from "./vm-state.mjs";
+import { t as spawnTimeoutKiller } from "./timeout-killer.mjs";
+import { join } from "node:path";
+const DEFAULT_INTERVAL_MS = 300 * 1e3;
+var TimeoutExtender = class {
+	_timer = null;
+	_previousKillerPid = null;
+	_vmId;
+	_store;
+	_paths;
+	_intervalMs;
+	_signal;
+	constructor(opts) {
+		this._vmId = opts.vmId;
+		this._store = opts.store;
+		this._paths = opts.paths;
+		this._intervalMs = opts.intervalMs ?? DEFAULT_INTERVAL_MS;
+		this._signal = opts.signal;
+	}
+	start() {
+		if (this._timer) return;
+		if (this._signal) {
+			this._signal.addEventListener("abort", () => this.stop(), { once: true });
+			if (this._signal.aborted) {
+				this.stop();
+				return;
+			}
+		}
+		this._extendSafe();
+		this._timer = setInterval(() => this._extendSafe(), this._intervalMs);
+	}
+	stop() {
+		if (this._timer) {
+			clearInterval(this._timer);
+			this._timer = null;
+		}
+		if (this._previousKillerPid !== null) {
+			safeKill(this._previousKillerPid);
+			this._previousKillerPid = null;
+		}
+	}
+	_extendSafe() {
+		try {
+			this._extend();
+		} catch {
+			this.stop();
+		}
+	}
+	_extend() {
+		const state = this._store.load(this._vmId);
+		if (!state || state.status !== "running" || !state.timeoutMs) return;
+		const timeoutAt = new Date(Date.now() + state.timeoutMs).toISOString();
+		this._store.update(this._vmId, { timeoutAt });
+		if (this._previousKillerPid !== null) {
+			safeKill(this._previousKillerPid);
+			this._previousKillerPid = null;
+		}
+		if (state.pid) this._previousKillerPid = spawnTimeoutKiller({
+			vmId: this._vmId,
+			pid: state.pid,
+			timeoutMs: state.timeoutMs,
+			stateFile: join(this._paths.vmsDir, `${this._vmId}.json`)
+		}).pid ?? null;
+	}
+};
+export { TimeoutExtender as t };

package/dist/_chunks/timeout-killer.mjs

@@ -0,0 +1,33 @@
+import { spawn } from "node:child_process";
+/**
+* Spawn a detached bash process that kills the VM after timeout.
+* The process sleeps for the timeout duration, then verifies the VM
+* is still running with the expected PID before sending SIGTERM.
+*/
+function spawnTimeoutKiller(opts) {
+	const { vmId, pid, timeoutMs, stateFile } = opts;
+	const timeoutSec = String(Math.ceil(timeoutMs / 1e3));
+	const killer = spawn("bash", [
+		"-c",
+		[
+			"sleep \"$1\"",
+			"STATE=$(cat -- \"$2\" 2>/dev/null) || exit 0",
+			"echo \"$STATE\" | grep -q '\"status\":\"running\"' || exit 0",
+			"echo \"$STATE\" | grep -q '\"pid\":'\"$3\" || exit 0",
+			"[ -d \"/proc/$3\" ] || exit 0",
+			"grep -aq -- \"$4\" \"/proc/$3/cmdline\" 2>/dev/null || exit 0",
+			"kill -- \"$3\" 2>/dev/null"
+		].join(" && "),
+		"bash",
+		timeoutSec,
+		stateFile,
+		String(pid),
+		vmId
+	], {
+		detached: true,
+		stdio: "ignore"
+	});
+	killer.unref();
+	return killer;
+}
+export { spawnTimeoutKiller as t };

package/dist/_chunks/upload.mjs

@@ -1,12 +1,12 @@
 import { n as vmsanPaths } from "./paths.mjs";
-import { b as vmNotFoundError, t as handleCommandError } from "./errors.mjs";
+import { t as handleCommandError } from "./errors.mjs";
 import { t as createCommandLogger } from "./logger.mjs";
+import "./vm-state.mjs";
 import { t as AgentClient } from "./agent.mjs";
-import { t as FileVmStateStore } from "./vm-state.mjs";
-import { t as waitForAgent } from "./connect.mjs";
+import { n as waitForAgent, t as resolveVmState } from "./vm-context.mjs";
 import { basename } from "node:path";
-import { consola } from "consola";
 import { readFileSync } from "node:fs";
+import { consola } from "consola";
 import { defineCommand } from "citty";
 const uploadCommand = defineCommand({
 	meta: {
@@ -30,23 +30,8 @@ const uploadCommand = defineCommand({
 		const cmdLog = createCommandLogger("upload");
 		const paths = vmsanPaths();
 		try {
-			const state = new FileVmStateStore(paths.vmsDir).load(args.vmId);
-			if (!state) throw vmNotFoundError(args.vmId);
-			if (state.status !== "running") {
-				consola.error(`VM ${args.vmId} is not running (status: ${state.status})`);
-				cmdLog.emit();
-				process.exitCode = 1;
-				return;
-			}
-			if (!state.agentToken) {
-				consola.error("VM has no agent token. Cannot upload files without the agent.");
-				cmdLog.emit();
-				process.exitCode = 1;
-				return;
-			}
+			const { state, guestIp, port } = resolveVmState(args.vmId, paths);
 			const log = consola.withTag(args.vmId);
-			const guestIp = state.network.guestIp;
-			const port = state.agentPort || paths.agentPort;
 			consola.debug(`Agent endpoint: ${guestIp}:${port}`);
 			log.start("Waiting for agent...");
 			await waitForAgent(guestIp, port);