vmsan 0.1.0-alpha.2 → 0.1.0-alpha.21

package/dist/index.mjs

@@ -1,17 +1,44 @@
 import { n as vmsanPaths } from "./_chunks/paths.mjs";
-import { A as invalidDomainError, B as policyConflictError, C as vmStateNotFoundError, D as invalidCidrPrefixError, E as invalidCidrOctetError, F as invalidIntegerFlagError, H as VmsanError, I as invalidNetworkPolicyError, L as invalidPortError, M as invalidDurationError, N as invalidImageRefEmptyError, O as invalidDiskSizeFormatError, P as invalidImageRefTagError, R as invalidRuntimeError, S as vmNotStoppedError, T as invalidCidrFormatError, V as portConflictError, _ as chrootNotFoundError, a as noKernelDirError, b as vmNotFoundError, c as TimeoutError, d as socketTimeoutError, f as NetworkError, g as VmError, h as firecrackerApiError, i as noExt4RootfsError, j as invalidDomainPatternError, k as invalidDiskSizeRangeError, l as agentTimeoutError, m as FirecrackerApiError, n as SetupError, o as noKernelError, p as defaultInterfaceNotFoundError, r as missingBinaryError, s as noRootfsDirError, t as handleCommandError, u as lockTimeoutError, v as networkSlotsExhaustedError, w as ValidationError, x as vmNotRunningError, y as snapshotNotFoundError, z as mutuallyExclusiveFlagsError } from "./_chunks/errors.mjs";
+import { A as invalidDiskSizeRangeError, B as mutuallyExclusiveFlagsError, C as vmNotStoppedError, D as invalidCidrOctetError, E as invalidCidrFormatError, F as invalidImageRefTagError, H as portConflictError, I as invalidIntegerFlagError, L as invalidNetworkPolicyError, M as invalidDomainPatternError, N as invalidDurationError, O as invalidCidrPrefixError, P as invalidImageRefEmptyError, R as invalidPortError, S as vmNotRunningError, T as ValidationError, U as VmsanError, V as policyConflictError, _ as chrootNotFoundError, a as noKernelDirError, b as vmNoAgentTokenError, c as TimeoutError, d as socketTimeoutError, f as NetworkError, g as VmError, h as firecrackerApiError, i as noExt4RootfsError, j as invalidDomainError, k as invalidDiskSizeFormatError, l as agentTimeoutError, m as FirecrackerApiError, n as SetupError, o as noKernelError, p as defaultInterfaceNotFoundError, r as missingBinaryError, s as noRootfsDirError, t as handleCommandError, u as lockTimeoutError, v as networkSlotsExhaustedError, w as vmStateNotFoundError, x as vmNotFoundError, y as snapshotNotFoundError, z as invalidRuntimeError } from "./_chunks/errors.mjs";
 import { i as initVmsanLogger, n as createScopedLogger, r as getOutputMode, t as createCommandLogger } from "./_chunks/logger.mjs";
+import { a as isProcessAlive, c as safeKill, d as timeRemaining, f as toError, i as generateVmId, l as table, n as findFreeNetworkSlot, o as mkdirSecure, p as writeSecure, r as getActiveTapSlots, s as parseDuration, t as FileVmStateStore, u as timeAgo } from "./_chunks/vm-state.mjs";
+import { C as createSilentLogger, S as createDefaultLogger, _ as waitForSocket, a as resolveImageRootfs, b as FileLock, c as cleanupNetwork, f as findKernel, g as validateEnvironment, h as getVmPid, i as ensureSeccompFilter, l as killOrphanVmProcess, m as getVmJailerPid, n as VMService, o as buildInitialVmState, p as findRootfs, r as compileSeccompFilter, s as cleanupChroot, t as createVmsan, u as markVmAsError, v as Jailer, x as NetworkManager, y as detectCgroupVersion } from "./_chunks/context.mjs";
 import { n as firecrackerFetch, t as FirecrackerClient } from "./_chunks/firecracker.mjs";
+import { t as spawnTimeoutKiller } from "./_chunks/timeout-killer.mjs";
 import { t as AgentClient } from "./_chunks/agent.mjs";
-import { a as parseDuration, c as timeAgo, i as mkdirSecure, l as timeRemaining, n as generateVmId, o as safeKill, r as isProcessAlive, s as table, t as FileVmStateStore, u as writeSecure } from "./_chunks/vm-state.mjs";
-import { a as getVmPid, c as NetworkManager, i as getVmJailerPid, n as findKernel, o as validateEnvironment, r as findRootfs, s as waitForSocket } from "./_chunks/environment.mjs";
-import { n as FileLock, t as VMService } from "./_chunks/vm.mjs";
-import { a as Jailer, i as markVmAsError, n as cleanupNetwork, o as detectCgroupVersion, r as killOrphanVmProcess, t as cleanupChroot } from "./_chunks/cleanup.mjs";
+import { t as TimeoutExtender } from "./_chunks/timeout-extender.mjs";
+import { n as waitForAgent, t as resolveVmState } from "./_chunks/vm-context.mjs";
 import { n as connectShell, t as ShellSession } from "./_chunks/shell.mjs";
 import { a as parseImageReference, c as parsePublishedPorts, d as validateCidr, f as validatePublishedPortsAvailable, i as parseDomains, l as parseRuntime, n as parseCidrList, o as parseMemoryMib, r as parseDiskSizeGb, s as parseNetworkPolicy, t as parseBandwidth, u as parseVcpuCount } from "./_chunks/validation.mjs";
-import { a as buildInitialVmState, i as buildCreateSummaryLines, n as compileSeccompFilter, o as parseCreateInput, r as ensureSeccompFilter, t as resolveImageRootfs } from "./_chunks/image-rootfs.mjs";
-import { t as waitForAgent } from "./_chunks/connect.mjs";
+import { n as parseCreateInput, t as buildCreateSummaryLines } from "./_chunks/summary.mjs";
 import { existsSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+function definePlugin(plugin) {
+	return plugin;
+}
+var MemoryVmStateStore = class {
+	states = /* @__PURE__ */ new Map();
+	save(state) {
+		this.states.set(state.id, structuredClone(state));
+	}
+	load(id) {
+		const state = this.states.get(id);
+		return state ? structuredClone(state) : null;
+	}
+	list() {
+		return [...this.states.values()].map((s) => structuredClone(s));
+	}
+	update(id, updates) {
+		const state = this.states.get(id);
+		if (!state) throw vmStateNotFoundError(id);
+		Object.assign(state, updates);
+	}
+	delete(id) {
+		this.states.delete(id);
+	}
+	allocateNetworkSlot() {
+		return findFreeNetworkSlot([...this.states.values()]);
+	}
+};
 var PidFile = class {
 	constructor(path) {
 		this.path = path;
@@ -39,4 +66,4 @@ async function getFirecrackerVersion(dir) {
 	const { FirecrackerClient: FC } = await import("./_chunks/firecracker.mjs").then((n) => n.r);
 	return FC.getVersion(dir || paths().baseDir);
 }
-export { AgentClient, FileLock, FileVmStateStore, FirecrackerApiError, FirecrackerClient, Jailer, NetworkError, NetworkManager, PidFile, SetupError, ShellSession, TimeoutError, VMService, ValidationError, VmError, VmsanError, agentTimeoutError, buildCreateSummaryLines, buildInitialVmState, chrootNotFoundError, cleanupChroot, cleanupNetwork, compileSeccompFilter, connectShell, createCommandLogger, createScopedLogger, defaultInterfaceNotFoundError, detectCgroupVersion, ensureSeccompFilter, findKernel, findRootfs, firecrackerApiError, firecrackerFetch, generateVmId, getFirecrackerVersion, getOutputMode, getVmJailerPid, getVmPid, handleCommandError, initVmsanLogger, invalidCidrFormatError, invalidCidrOctetError, invalidCidrPrefixError, invalidDiskSizeFormatError, invalidDiskSizeRangeError, invalidDomainError, invalidDomainPatternError, invalidDurationError, invalidImageRefEmptyError, invalidImageRefTagError, invalidIntegerFlagError, invalidNetworkPolicyError, invalidPortError, invalidRuntimeError, isProcessAlive, killOrphanVmProcess, lockTimeoutError, markVmAsError, missingBinaryError, mkdirSecure, mutuallyExclusiveFlagsError, networkSlotsExhaustedError, noExt4RootfsError, noKernelDirError, noKernelError, noRootfsDirError, parseBandwidth, parseCidrList, parseCreateInput, parseDiskSizeGb, parseDomains, parseDuration, parseImageReference, parseMemoryMib, parseNetworkPolicy, parsePublishedPorts, parseRuntime, parseVcpuCount, policyConflictError, portConflictError, resolveImageRootfs, safeKill, snapshotNotFoundError, socketTimeoutError, table, timeAgo, timeRemaining, validateCidr, validateEnvironment, validatePublishedPortsAvailable, vmNotFoundError, vmNotRunningError, vmNotStoppedError, vmStateNotFoundError, vmsanPaths, waitForAgent, waitForSocket, writeSecure };
+export { AgentClient, FileLock, FileVmStateStore, FirecrackerApiError, FirecrackerClient, Jailer, MemoryVmStateStore, NetworkError, NetworkManager, PidFile, SetupError, ShellSession, TimeoutError, TimeoutExtender, VMService, ValidationError, VmError, VmsanError, agentTimeoutError, buildCreateSummaryLines, buildInitialVmState, chrootNotFoundError, cleanupChroot, cleanupNetwork, compileSeccompFilter, connectShell, createCommandLogger, createDefaultLogger, createScopedLogger, createSilentLogger, createVmsan, defaultInterfaceNotFoundError, definePlugin, detectCgroupVersion, ensureSeccompFilter, findFreeNetworkSlot, findKernel, findRootfs, firecrackerApiError, firecrackerFetch, generateVmId, getActiveTapSlots, getFirecrackerVersion, getOutputMode, getVmJailerPid, getVmPid, handleCommandError, initVmsanLogger, invalidCidrFormatError, invalidCidrOctetError, invalidCidrPrefixError, invalidDiskSizeFormatError, invalidDiskSizeRangeError, invalidDomainError, invalidDomainPatternError, invalidDurationError, invalidImageRefEmptyError, invalidImageRefTagError, invalidIntegerFlagError, invalidNetworkPolicyError, invalidPortError, invalidRuntimeError, isProcessAlive, killOrphanVmProcess, lockTimeoutError, markVmAsError, missingBinaryError, mkdirSecure, mutuallyExclusiveFlagsError, networkSlotsExhaustedError, noExt4RootfsError, noKernelDirError, noKernelError, noRootfsDirError, parseBandwidth, parseCidrList, parseCreateInput, parseDiskSizeGb, parseDomains, parseDuration, parseImageReference, parseMemoryMib, parseNetworkPolicy, parsePublishedPorts, parseRuntime, parseVcpuCount, policyConflictError, portConflictError, resolveImageRootfs, resolveVmState, safeKill, snapshotNotFoundError, socketTimeoutError, spawnTimeoutKiller, table, timeAgo, timeRemaining, toError, validateCidr, validateEnvironment, validatePublishedPortsAvailable, vmNoAgentTokenError, vmNotFoundError, vmNotRunningError, vmNotStoppedError, vmStateNotFoundError, vmsanPaths, waitForAgent, waitForSocket, writeSecure };

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "vmsan",
-  "version": "0.1.0-alpha.2",
+  "version": "0.1.0-alpha.21",
   "description": "Firecracker microVM sandbox toolkit",
   "homepage": "https://github.com/angelorc/vmsan",
   "bugs": "https://github.com/angelorc/vmsan/issues",
-  "license": "MIT",
+  "license": "Apache-2.0",
   "repository": {
     "type": "git",
     "url": "https://github.com/angelorc/vmsan.git"
@@ -27,10 +27,10 @@
   "scripts": {
     "build": "obuild",
     "dev": "obuild --stub",
-    "lint": "oxlint . && oxfmt --check .",
-    "lint:fix": "oxlint . --fix && oxfmt .",
-    "fmt": "oxfmt .",
-    "fmt:check": "oxfmt --check .",
+    "lint": "oxlint . && oxfmt --check '!**/*.md' '!docs/**' .",
+    "lint:fix": "oxlint . --fix && oxfmt '!**/*.md' '!docs/**' .",
+    "fmt": "oxfmt '!**/*.md' '!docs/**' .",
+    "fmt:check": "oxfmt --check '!**/*.md' '!docs/**' .",
     "test": "vitest run",
     "typecheck": "tsc --noEmit",
     "prepack": "bun run build",
@@ -43,6 +43,7 @@
     "citty": "^0.2.1",
     "consola": "^3.4.2",
     "evlog": "^2.0.0",
+    "hookable": "^6.0.1",
     "proper-lockfile": "^4.1.2",
     "tar-stream": "^3.1.8",
     "ws": "^8.19.0"

package/dist/_chunks/cleanup.mjs

@@ -1,328 +0,0 @@
-import { o as safeKill, t as FileVmStateStore } from "./vm-state.mjs";
-import { a as getVmPid, c as NetworkManager, i as getVmJailerPid } from "./environment.mjs";
-import { dirname, join } from "node:path";
-import { execFileSync, execSync } from "node:child_process";
-import { copyFileSync, existsSync, linkSync, mkdirSync, readFileSync, rmSync, statSync, writeFileSync } from "node:fs";
-/**
-* Template generators for the node22-demo runtime welcome page.
-* All functions are pure and return string content ready to write to files.
-*/
-function generateWelcomeHtml(vmId, ports) {
-	ports.map((p) => `<li>${p}</li>`).join("\n            ");
-	return `<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="utf-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1">
-  <title>vmsan VM ${vmId}</title>
-  <style>
-    *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
-    body {
-      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
-      background: #0f172a;
-      color: #e2e8f0;
-      min-height: 100vh;
-      display: flex;
-      align-items: center;
-      justify-content: center;
-      padding: 2rem;
-    }
-    .container { max-width: 640px; width: 100%; }
-    .header { text-align: center; margin-bottom: 2rem; }
-    .logo {
-      font-size: 2.5rem;
-      font-weight: 800;
-      background: linear-gradient(135deg, #f97316, #ef4444);
-      -webkit-background-clip: text;
-      -webkit-text-fill-color: transparent;
-      background-clip: text;
-    }
-    .subtitle { color: #94a3b8; margin-top: 0.5rem; font-size: 1.1rem; }
-    .card {
-      background: #1e293b;
-      border: 1px solid #334155;
-      border-radius: 12px;
-      padding: 1.5rem;
-      margin-bottom: 1.25rem;
-    }
-    .card h2 { font-size: 1rem; color: #f97316; margin-bottom: 0.75rem; }
-    .info-row { display: flex; justify-content: space-between; padding: 0.35rem 0; }
-    .info-label { color: #94a3b8; }
-    .info-value { font-family: monospace; color: #e2e8f0; }
-    ul { list-style: none; }
-    ul li { padding: 0.25rem 0; }
-    code {
-      background: #0f172a;
-      border: 1px solid #334155;
-      border-radius: 6px;
-      padding: 0.2rem 0.5rem;
-      font-size: 0.875rem;
-      color: #f97316;
-    }
-    .steps li { padding: 0.5rem 0; color: #cbd5e1; }
-    .steps li strong { color: #e2e8f0; }
-    .footer { text-align: center; color: #475569; font-size: 0.85rem; margin-top: 1.5rem; }
-  </style>
-</head>
-<body>
-  <div class="container">
-    <div class="header">
-      <div class="logo">vmsan</div>
-      <div class="subtitle">Your microVM is running</div>
-    </div>
-    <div class="card">
-      <h2>VM Info</h2>
-      <div class="info-row">
-        <span class="info-label">VM ID</span>
-        <span class="info-value">${vmId}</span>
-      </div>
-      <div class="info-row">
-        <span class="info-label">Runtime</span>
-        <span class="info-value">node22-demo</span>
-      </div>
-      <div class="info-row">
-        <span class="info-label">Published Ports</span>
-        <span class="info-value">${ports.join(", ")}</span>
-      </div>
-    </div>
-    <div class="card">
-      <h2>Next Steps</h2>
-      <ul class="steps">
-        <li><strong>Connect to the VM:</strong> <code>vmsan connect ${vmId}</code></li>
-        <li><strong>Deploy your app:</strong> Replace this page by stopping the welcome service and running your own server on the published port(s).</li>
-        <li><strong>Stop this page:</strong> <code>systemctl stop vmsan-welcome</code></li>
-      </ul>
-    </div>
-    <div class="footer">Powered by vmsan &middot; Firecracker microVMs</div>
-  </div>
-</body>
-</html>`;
-}
-function generateWelcomeServer(ports) {
-	return `"use strict";
-const http = require("node:http");
-const fs = require("node:fs");
-const path = require("node:path");
-
-const html = fs.readFileSync(path.join(__dirname, "index.html"), "utf-8");
-
-const server = http.createServer((req, res) => {
-  res.writeHead(200, {
-    "Content-Type": "text/html; charset=utf-8",
-    "Cache-Control": "no-cache",
-  });
-  res.end(html);
-});
-
-${ports.map((p) => `server.listen(${p}, "0.0.0.0", () => console.log("vmsan-welcome listening on 0.0.0.0:${p}"));`).join("\n")}
-`;
-}
-function generateWelcomeService(ports) {
-	return `[Unit]
-Description=${`vmsan welcome page on port(s) ${ports.join(", ")}`}
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/usr/local/bin/node /opt/vmsan/welcome/server.js
-Restart=on-failure
-RestartSec=2
-
-[Install]
-WantedBy=multi-user.target
-`;
-}
-/**
-* Template generators for the vmsan-agent systemd service.
-* Follows the same pattern as welcome-page.ts.
-*/
-function generateAgentService() {
-	return `[Unit]
-Description=Vmsan VM Agent
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/usr/local/bin/vmsan-agent
-EnvironmentFile=/etc/vmsan/agent.env
-Restart=always
-RestartSec=2
-
-[Install]
-WantedBy=multi-user.target
-`;
-}
-function generateAgentEnv(token, port, vmId) {
-	return `VMSAN_AGENT_TOKEN=${token}
-VMSAN_AGENT_PORT=${port}
-VMSAN_VM_ID=${vmId}
-`;
-}
-function detectCgroupVersion() {
-	try {
-		readFileSync("/sys/fs/cgroup/cgroup.controllers", "utf-8");
-		return 2;
-	} catch {
-		return 1;
-	}
-}
-var Jailer = class {
-	paths;
-	constructor(vmId, jailerBaseDir) {
-		this.vmId = vmId;
-		const chrootBase = jailerBaseDir;
-		const chrootDir = join(chrootBase, "firecracker", vmId);
-		const rootDir = join(chrootDir, "root");
-		const kernelDir = join(rootDir, "kernel");
-		const rootfsDir = join(rootDir, "rootfs");
-		const socketDir = join(rootDir, "run");
-		const snapshotDir = join(rootDir, "snapshot");
-		this.paths = {
-			chrootBase,
-			chrootDir,
-			rootDir,
-			kernelDir,
-			kernelPath: join(kernelDir, "vmlinux"),
-			rootfsDir,
-			rootfsPath: join(rootfsDir, "rootfs.ext4"),
-			socketDir,
-			socketPath: join(socketDir, "firecracker.socket"),
-			snapshotDir
-		};
-	}
-	prepare(config) {
-		const paths = this.paths;
-		mkdirSync(paths.kernelDir, { recursive: true });
-		mkdirSync(paths.rootfsDir, { recursive: true });
-		mkdirSync(paths.socketDir, { recursive: true });
-		if (!existsSync(paths.kernelPath)) linkSync(config.kernelSrc, paths.kernelPath);
-		copyFileSync(config.rootfsSrc, paths.rootfsPath);
-		if (typeof config.diskSizeGb === "number" && Number.isFinite(config.diskSizeGb)) {
-			const targetBytes = Math.trunc(config.diskSizeGb * 1024 * 1024 * 1024);
-			if (targetBytes > statSync(paths.rootfsPath).size) {
-				execSync(`truncate -s ${targetBytes} "${paths.rootfsPath}"`, { stdio: "pipe" });
-				execSync(`sudo e2fsck -fy "${paths.rootfsPath}"; [ $? -lt 4 ]`, { stdio: "pipe" });
-				execSync(`sudo resize2fs "${paths.rootfsPath}"`, { stdio: "pipe" });
-				execSync(`sudo tune2fs -m 0 "${paths.rootfsPath}"`, { stdio: "pipe" });
-			}
-		}
-		const tmpMount = join(paths.rootDir, "tmp-mount");
-		mkdirSync(tmpMount, { recursive: true });
-		try {
-			execSync(`sudo mount -o loop "${paths.rootfsPath}" "${tmpMount}"`, { stdio: "pipe" });
-			execSync(`rm -f "${tmpMount}/etc/resolv.conf" && ln -s /proc/net/pnp "${tmpMount}/etc/resolv.conf"`, { stdio: "pipe" });
-			if (config.welcomePage) {
-				const { vmId: welcomeVmId, ports: welcomePorts } = config.welcomePage;
-				const welcomeDir = join(tmpMount, "opt", "vmsan", "welcome");
-				mkdirSync(welcomeDir, { recursive: true });
-				writeFileSync(join(welcomeDir, "index.html"), generateWelcomeHtml(welcomeVmId, welcomePorts));
-				writeFileSync(join(welcomeDir, "server.js"), generateWelcomeServer(welcomePorts));
-				const systemdDir = join(tmpMount, "etc", "systemd", "system");
-				mkdirSync(systemdDir, { recursive: true });
-				writeFileSync(join(systemdDir, "vmsan-welcome.service"), generateWelcomeService(welcomePorts));
-				const wantsDir = join(systemdDir, "multi-user.target.wants");
-				mkdirSync(wantsDir, { recursive: true });
-				execSync(`ln -sf /etc/systemd/system/vmsan-welcome.service "${join(wantsDir, "vmsan-welcome.service")}"`, { stdio: "pipe" });
-			}
-			if (config.agent) {
-				const agentDst = join(tmpMount, "usr", "local", "bin", "vmsan-agent");
-				mkdirSync(join(tmpMount, "usr", "local", "bin"), { recursive: true });
-				copyFileSync(config.agent.binaryPath, agentDst);
-				execSync(`chmod 755 "${agentDst}"`, { stdio: "pipe" });
-				const envDir = join(tmpMount, "etc", "vmsan");
-				mkdirSync(envDir, { recursive: true });
-				writeFileSync(join(envDir, "agent.env"), generateAgentEnv(config.agent.token, config.agent.port, config.agent.vmId));
-				const systemdDir = join(tmpMount, "etc", "systemd", "system");
-				mkdirSync(systemdDir, { recursive: true });
-				writeFileSync(join(systemdDir, "vmsan-agent.service"), generateAgentService());
-				const wantsDir = join(systemdDir, "multi-user.target.wants");
-				mkdirSync(wantsDir, { recursive: true });
-				execSync(`ln -sf /etc/systemd/system/vmsan-agent.service "${join(wantsDir, "vmsan-agent.service")}"`, { stdio: "pipe" });
-			}
-			execSync(`sudo umount "${tmpMount}"`, { stdio: "pipe" });
-		} catch {
-			try {
-				execSync(`sudo umount "${tmpMount}" 2>/dev/null`, { stdio: "pipe" });
-			} catch {}
-		}
-		try {
-			execSync(`rm -rf "${tmpMount}"`, { stdio: "pipe" });
-		} catch {}
-		if (config.snapshot) {
-			mkdirSync(paths.snapshotDir, { recursive: true });
-			copyFileSync(config.snapshot.snapshotFile, join(paths.snapshotDir, "snapshot_file"));
-			copyFileSync(config.snapshot.memFile, join(paths.snapshotDir, "mem_file"));
-		}
-		return paths;
-	}
-	spawn(config) {
-		const uid = config.uid ?? 0;
-		const gid = config.gid ?? 0;
-		const args = [
-			config.jailerBin,
-			"--exec-file",
-			config.firecrackerBin,
-			"--id",
-			this.vmId,
-			"--uid",
-			String(uid),
-			"--gid",
-			String(gid),
-			"--chroot-base-dir",
-			config.chrootBase,
-			"--daemonize"
-		];
-		if (config.newPidNs !== false) args.push("--new-pid-ns");
-		if (config.netns) args.push("--netns", `/var/run/netns/${config.netns}`);
-		if (config.cgroup) if (detectCgroupVersion() === 2) {
-			args.push("--cgroup-version", "2");
-			args.push("--cgroup", `cpu.max=${config.cgroup.cpuQuotaUs} ${config.cgroup.cpuPeriodUs}`);
-			args.push("--cgroup", `memory.max=${config.cgroup.memoryBytes}`);
-		} else {
-			args.push("--cgroup", `cpu.cfs_quota_us=${config.cgroup.cpuQuotaUs}`);
-			args.push("--cgroup", `cpu.cfs_period_us=${config.cgroup.cpuPeriodUs}`);
-			args.push("--cgroup", `memory.limit_in_bytes=${config.cgroup.memoryBytes}`);
-		}
-		args.push("--", "--api-sock", "run/firecracker.socket");
-		if (config.seccompFilter && existsSync(config.seccompFilter)) args.push("--seccomp-filter", config.seccompFilter);
-		else args.push("--no-seccomp");
-		execFileSync("sudo", args, { stdio: "pipe" });
-	}
-};
-function killOrphanVmProcess(vmId) {
-	const orphanPid = getVmPid(vmId);
-	const orphanJailerPid = getVmJailerPid(vmId);
-	if (orphanPid) safeKill(orphanPid, "SIGKILL");
-	if (orphanJailerPid) safeKill(orphanJailerPid, "SIGKILL");
-}
-function markVmAsError(vmId, error, paths) {
-	try {
-		new FileVmStateStore(paths.vmsDir).update(vmId, {
-			status: "error",
-			error: error instanceof Error ? error.message : String(error)
-		});
-	} catch {}
-}
-function cleanupNetwork(networkConfig) {
-	if (!networkConfig) return;
-	try {
-		NetworkManager.fromConfig(networkConfig).teardown();
-	} catch {}
-}
-function cleanupChroot(chrootDir) {
-	if (!chrootDir) return;
-	const vmJailerDir = dirname(chrootDir);
-	try {
-		rmSync(chrootDir, {
-			recursive: true,
-			force: true
-		});
-	} catch {}
-	try {
-		rmSync(vmJailerDir, {
-			recursive: true,
-			force: true
-		});
-	} catch {}
-}
-export { Jailer as a, markVmAsError as i, cleanupNetwork as n, detectCgroupVersion as o, killOrphanVmProcess as r, cleanupChroot as t };

package/dist/_chunks/connect2.mjs

@@ -1,72 +0,0 @@
-import { n as vmsanPaths } from "./paths.mjs";
-import { b as vmNotFoundError, t as handleCommandError } from "./errors.mjs";
-import { t as createCommandLogger } from "./logger.mjs";
-import { t as FileVmStateStore } from "./vm-state.mjs";
-import { t as ShellSession } from "./shell.mjs";
-import { t as waitForAgent } from "./connect.mjs";
-import { consola } from "consola";
-import { defineCommand } from "citty";
-const connectCommand = defineCommand({
-	meta: {
-		name: "connect",
-		description: "Connect to a running VM"
-	},
-	args: {
-		vmId: {
-			type: "positional",
-			description: "VM ID to connect to",
-			required: true
-		},
-		session: {
-			type: "string",
-			alias: "s",
-			description: "Attach to an existing shell session ID",
-			required: false
-		}
-	},
-	async run({ args }) {
-		const cmdLog = createCommandLogger("connect");
-		const paths = vmsanPaths();
-		try {
-			const state = new FileVmStateStore(paths.vmsDir).load(args.vmId);
-			if (!state) throw vmNotFoundError(args.vmId);
-			if (state.status !== "running") {
-				consola.error(`VM ${args.vmId} is not running (status: ${state.status})`);
-				cmdLog.emit();
-				process.exitCode = 1;
-				return;
-			}
-			const log = consola.withTag(args.vmId);
-			const guestIp = state.network.guestIp;
-			const port = state.agentPort || paths.agentPort;
-			consola.debug(`Agent endpoint: ${guestIp}:${port}`);
-			if (!state.agentToken) {
-				consola.error(`VM ${args.vmId} has no agent token. The agent is required for shell access.`);
-				cmdLog.emit();
-				process.exitCode = 1;
-				return;
-			}
-			log.start("Waiting for agent to become ready...");
-			await waitForAgent(guestIp, port);
-			log.success("Agent is ready. Connecting via PTY shell...");
-			const shell = new ShellSession({
-				host: guestIp,
-				port,
-				token: state.agentToken,
-				sessionId: args.session
-			});
-			const closeInfo = await shell.connect();
-			cmdLog.set({
-				vmId: args.vmId,
-				method: "pty"
-			});
-			cmdLog.emit();
-			if (!closeInfo.sessionDestroyed && shell.sessionId) process.stderr.write(`\nResume this session with:\n  vmsan connect ${args.vmId} --session ${shell.sessionId}\n`);
-			process.exit(0);
-		} catch (error) {
-			handleCommandError(error, cmdLog);
-			process.exit(1);
-		}
-	}
-});
-export { connectCommand as default };