Skip to content

feat(vm): add standalone libkrun compute driver#858

Draft
drew wants to merge 3 commits intomainfrom
driver-vm-example
Draft

feat(vm): add standalone libkrun compute driver#858
drew wants to merge 3 commits intomainfrom
driver-vm-example

Conversation

@drew
Copy link
Copy Markdown
Collaborator

@drew drew commented Apr 16, 2026
edited
Loading

Summary

Add a standalone openshell-driver-vm crate that owns the libkrun-based VM runtime and wire openshell-server to talk to it over the internal ComputeDriver gRPC contract via a Unix domain socket (per rfc-0001).
This keeps VM runtime assets and loader dependencies out of the gateway binary while preserving the existing sandbox create/exec flow.
This PR is marked draft because follow-up fixes are still needed for VM TLS credential wiring, driver-owned environment precedence, and startup validation of embedded VM assets.

Related Issue

None.

Changes

  • Added the new openshell-driver-vm crate with embedded runtime assets, libkrun/gvproxy launch code, rootfs preparation, and a hidden helper mode for entering the VM runtime.
  • Updated openshell-server to spawn the VM compute driver as a sibling process, connect to it over gRPC on a Unix domain socket, and drop the direct Cargo dependency on the VM runtime crate.
  • Added VM driver config/plumbing updates in openshell-core, openshell-server, local start scripts, and architecture docs.
  • Added/updated tests and local verification for the standalone VM driver path, including server-side sandbox creation through the spawned driver.

Testing

  • mise run pre-commit passes
  • Unit tests added/updated
  • E2E tests added/updated (if applicable)

Additional verification:

  • cargo check -p openshell-server
  • cargo test -p openshell-server
  • RUSTC_WRAPPER= OPENSHELL_VM_RUNTIME_COMPRESSED_DIR=/Users/anewberry/dev/openshell-d/target/vm-runtime-compressed cargo test -p openshell-driver-vm
  • RUSTC_WRAPPER= OPENSHELL_SERVER_PORT=18080 make start
  • target/debug/openshell sandbox create --gateway-endpoint http://127.0.0.1:18080 --no-bootstrap -- echo hi

Current known failure:

  • mise run pre-commit still fails in openshell-cli/src/run.rs because SandboxStatus no longer has driver_name / driver_config fields.

Checklist

  • Follows Conventional Commits
  • Commits are signed off (DCO)
  • Architecture docs updated (if applicable)

@drew drew self-assigned this Apr 16, 2026
@copy-pr-bot
Copy link
Copy Markdown

copy-pr-bot bot commented Apr 16, 2026

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

drew added 2 commits April 16, 2026 17:48
@drew
feat(vm): add standalone libkrun compute driver
a90004c 
Signed-off-by: Drew Newberry <anewberry@nvidia.com>
@drew
wip
7fe390e
@drew drew force-pushed the driver-vm-example branch from 7303883 to 7fe390e Compare April 17, 2026 03:06
@drew drew mentioned this pull request Apr 17, 2026
Draft
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@drew drew

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@drew