feat: vsock-first exec — prefer emberd over SSH#10
Draft
jasonhernandez wants to merge 3 commits into
Draft
Conversation
Add vsock device support across both Firecracker (Linux) and AVF (macOS) backends, enabling structured host↔guest communication over a Unix domain socket instead of SSH polling. CLI: `ember vm create myvm --image base --vsock` YAML config: `vsock: true` UDS created at: `<state_dir>/vms/<name>/vsock.sock` Linux (Firecracker): - New `PUT /vsock` API call with guest CID and UDS path - Firecracker natively creates the UDS and bridges to guest AF_VSOCK macOS (AVF): - VZVirtioSocketDeviceConfiguration added to VM config - ember-vz implements a UDS bridge: accepts host connections on the UDS and proxies them to guest vsock port 1024, and accepts guest-initiated connections on port 1024 and bridges them back to the UDS Both platforms expose the same UDS interface — Thermite's code path is identical regardless of the underlying hypervisor. Co-Authored-By: Claude <noreply@anthropic.com>
Replace hardcoded guest_cid=3 with a proper CID allocator that assigns unique CIDs per VM, persisted in vsock/cids.json. Uses the new StateStore::update() method for atomic read-modify-write under exclusive flock, preventing TOCTOU races between concurrent processes. Also validates UDS path length against macOS sun_path limit (104 bytes) before allocating resources, and adds 6 integration tests covering CID uniqueness, reuse, inspect output, and end-to-end UDS connectivity.
ember exec now tries vsock (emberd) first, falling back to SSH: - Connects to the VM's vsock UDS and sends JSON-lines exec request - No SSH dependency — works immediately after boot (emberd starts fast) - Falls back to SSH automatically if vsock fails - --ssh flag to force SSH path ember vm list now shows IP address and vsock status: NAME STATUS IP VSOCK CPUS MEM DISK val-smoke running 192.168.64.2 ✓ 1 16 GiB 8 GiB Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
jasonhernandez
force-pushed
the
feat/vsock-exec
branch
from
f6f28c1 to
a463c23
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When a VM has vsock enabled and emberd is running,
ember execnow connects via the vsock UDS instead of SSH. Falls back to SSH when vsock is unavailable or with--sshflag.vm.vsock.uds_path, try emberd, fall back to SSH--sshflag: force SSH transport (skip vsock)vm list: show vsock status in table outputDepends on #8 (vsock + CID allocator) and #9 (emberd daemon).
Files changed
src/cli/exec.rsexec_vsock(),--sshflagsrc/cli/vm.rsvm listtableTest plan
cargo buildclean,cargo clippy --workspacecleanember exec vm -- echo helloroutes through vsock when availableember exec --ssh vm -- echo helloforces SSH🤖 Generated with Claude Code