chore: commit in-progress work before Runtime V2 GA wave 1

Stage dirty working tree — health persistence, guest agent improvements,
stack CLI/TUI refinements, e2e test additions, and .gitignore hardening.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: lightsofapollo

.gitignore

@@ -2,3 +2,6 @@ target/
 *.swp
 *.swo
 .DS_Store
+*.db
+__pycache__/
+.artifacts/

README.md

@@ -146,6 +146,21 @@ cargo clippy --workspace -- -D warnings
 cargo nextest run --workspace
 ```
 
+Runtime API adapter local smoke test:
+
+```bash
+cd crates
+cargo run -p vz-api -- \
+  --bind 127.0.0.1:8181 \
+  --state-store-path /tmp/vz-api-state.db \
+  --stack-baseline \
+  --capability fs_quick_checkpoint
+
+# in another shell
+curl -s http://127.0.0.1:8181/v1/capabilities
+curl -s http://127.0.0.1:8181/openapi.json
+```
+
 Sandbox-specific real VM integration validation (macOS ARM64):
 
 ```bash

crates/vz-cli/src/commands/stack.rs

@@ -1838,7 +1838,12 @@ fn event_service_name(event: &StackEvent) -> Option<&str> {
         | StackEvent::StackApplyCompleted { .. }
         | StackEvent::StackApplyFailed { .. }
         | StackEvent::VolumeCreated { .. }
-        | StackEvent::StackDestroyed { .. } => None,
+        | StackEvent::StackDestroyed { .. }
+        | StackEvent::SandboxCreating { .. }
+        | StackEvent::SandboxReady { .. }
+        | StackEvent::SandboxDraining { .. }
+        | StackEvent::SandboxTerminated { .. }
+        | StackEvent::SandboxFailed { .. } => None,
     }
 }
 
@@ -2434,6 +2439,21 @@ fn format_event_summary(event: &StackEvent) -> String {
             "mount recreate: {service_name} ({:?} -> {desired_digest})",
             previous_digest.as_deref().unwrap_or("<none>")
         ),
+        StackEvent::SandboxCreating { sandbox_id, .. } => {
+            format!("sandbox creating: {sandbox_id}")
+        }
+        StackEvent::SandboxReady { sandbox_id, .. } => {
+            format!("sandbox ready: {sandbox_id}")
+        }
+        StackEvent::SandboxDraining { sandbox_id, .. } => {
+            format!("sandbox draining: {sandbox_id}")
+        }
+        StackEvent::SandboxTerminated { sandbox_id, .. } => {
+            format!("sandbox terminated: {sandbox_id}")
+        }
+        StackEvent::SandboxFailed {
+            sandbox_id, error, ..
+        } => format!("sandbox failed: {sandbox_id}: {error}"),
     }
 }
 

crates/vz-cli/src/commands/stack_output.rs

@@ -226,7 +226,12 @@ impl StackOutput {
             }
             StackEvent::StackApplyStarted { .. }
             | StackEvent::StackApplyCompleted { .. }
-            | StackEvent::StackDestroyed { .. } => {}
+            | StackEvent::StackDestroyed { .. }
+            | StackEvent::SandboxCreating { .. }
+            | StackEvent::SandboxReady { .. }
+            | StackEvent::SandboxDraining { .. }
+            | StackEvent::SandboxTerminated { .. }
+            | StackEvent::SandboxFailed { .. } => {}
         }
         self.update_header();
     }

crates/vz-cli/src/tui.rs

@@ -359,6 +359,11 @@ fn event_color(event: &StackEvent) -> Color {
         StackEvent::HealthCheckFailed { .. } => Color::Yellow,
         StackEvent::DependencyBlocked { .. } => Color::Magenta,
         StackEvent::MountTopologyRecreateRequired { .. } => Color::Yellow,
+        StackEvent::SandboxCreating { .. } => Color::Cyan,
+        StackEvent::SandboxReady { .. } => Color::Green,
+        StackEvent::SandboxDraining { .. } => Color::Yellow,
+        StackEvent::SandboxTerminated { .. } => Color::DarkGray,
+        StackEvent::SandboxFailed { .. } => Color::Red,
     }
 }
 
@@ -428,6 +433,21 @@ fn format_event_summary(event: &StackEvent) -> String {
             "MountRecreate   {service_name} ({:?} -> {desired_digest})",
             previous_digest.as_deref().unwrap_or("<none>")
         ),
+        StackEvent::SandboxCreating { sandbox_id, .. } => {
+            format!("SandboxCreating  {sandbox_id}")
+        }
+        StackEvent::SandboxReady { sandbox_id, .. } => {
+            format!("SandboxReady     {sandbox_id}")
+        }
+        StackEvent::SandboxDraining { sandbox_id, .. } => {
+            format!("SandboxDraining  {sandbox_id}")
+        }
+        StackEvent::SandboxTerminated { sandbox_id, .. } => {
+            format!("SandboxTerminated {sandbox_id}")
+        }
+        StackEvent::SandboxFailed {
+            sandbox_id, error, ..
+        } => format!("SandboxFailed    {sandbox_id}: {error}"),
     }
 }
 

crates/vz-guest-agent/src/grpc_server.rs

@@ -662,38 +662,37 @@ impl oci_service_server::OciService for OciServiceImpl {
             .ok_or_else(|| Status::internal("youki state missing pid field"))?;
 
         let mut nsenter_args: Vec<String> = vec![
-            "nsenter".into(),
-            "--mount".into(),
-            "--net".into(),
+            format!("--mount=/proc/{pid}/ns/mnt"),
+            format!("--net=/proc/{pid}/ns/net"),
+            format!("--pid=/proc/{pid}/ns/pid"),
+            format!("--ipc=/proc/{pid}/ns/ipc"),
+            format!("--uts=/proc/{pid}/ns/uts"),
             format!("--root=/proc/{pid}/root"),
-            format!("--target={pid}"),
-            "--".into(),
-            "env".into(),
         ];
-
-        // Always set a standard PATH so commands like pg_isready are found.
-        let has_path = req.env.keys().any(|k| k == "PATH");
-        if !has_path {
-            nsenter_args
-                .push("PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin".into());
-        }
-
-        for (key, value) in &req.env {
-            nsenter_args.push(format!("{key}={value}"));
+        if !req.working_dir.is_empty() {
+            nsenter_args.push(format!("--wd={}", req.working_dir));
         }
+        nsenter_args.push("--".into());
 
-        nsenter_args.push(req.command);
-        nsenter_args.extend(req.args);
+        nsenter_args.push(req.command.clone());
+        nsenter_args.extend(req.args.clone());
 
         info!(pid = pid, args = ?nsenter_args, "oci: exec via nsenter");
 
-        let mut cmd = tokio::process::Command::new(&nsenter_args[0]);
-        for arg in &nsenter_args[1..] {
+        let mut cmd = tokio::process::Command::new("nsenter");
+        for arg in nsenter_args {
             cmd.arg(arg);
         }
-        if !req.working_dir.is_empty() {
-            cmd.current_dir(&req.working_dir);
+
+        cmd.env_clear();
+        let has_path = req.env.keys().any(|k| k == "PATH");
+        if !has_path {
+            cmd.env(
+                "PATH",
+                "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+            );
         }
+        cmd.envs(&req.env);
         cmd.kill_on_drop(true);
 
         let output = match tokio::time::timeout(YOUKI_EXEC_TIMEOUT, cmd.output()).await {

crates/vz-guest-agent/src/listener.rs

@@ -14,8 +14,8 @@ use std::sync::Arc;
 use std::task::{Context, Poll};
 
 use tokio::io::{AsyncRead, AsyncWrite};
-use tracing::warn;
 use tonic::transport::server::Connected;
+use tracing::warn;
 
 /// AF_VSOCK listener that accepts connections from the host.
 pub struct VsockListener {
@@ -171,8 +171,8 @@ impl VsockListener {
         loop {
             // Use tokio's blocking task pool for the accept() syscall since
             // we can't easily register a vsock fd with epoll/kqueue through tokio.
-            let (conn_fd, source_cid) = tokio::task::spawn_blocking(
-                move || -> io::Result<(RawFd, u32)> {
+            let (conn_fd, source_cid) =
+                tokio::task::spawn_blocking(move || -> io::Result<(RawFd, u32)> {
                     let mut addr: SockaddrVm = unsafe { std::mem::zeroed() };
                     let mut addr_len = std::mem::size_of::<SockaddrVm>() as libc::socklen_t;
 
@@ -189,10 +189,9 @@ impl VsockListener {
                     }
 
                     Ok((fd, source_cid_from_addr(&addr)))
-                },
-            )
-            .await
-            .map_err(io::Error::other)??;
+                })
+                .await
+                .map_err(io::Error::other)??;
 
             if !is_host_peer(source_cid) {
                 // SAFETY: close accepted fd on explicit rejection.