Implements the hypervisor design's Phase 1: a second runtime.Runtime
backend (QEMU) that runs each service component as a Nanos unikernel VM
instead of a podman container, selected per-component via a new
runtime = "unikernel" service-def field.
- internal/runtime/qemu.go: QEMURuntime. Pull extracts the ELF from the
OCI image; Run does `ops build` + boots qemu-system-x86_64 with KVM,
user-mode net port-forwards, QMP control socket and serial console log;
Stop/Remove/Inspect/List/Logs map onto VM lifecycle + state dir.
- proto/registry/servicedef: add runtime, memory_mb, vcpus fields
(registry migration 5).
- agent: holds both runtimes; runtimeFor() selects per component;
listAllContainers() merges containers + VMs so drift/status see both.
Unikernel runtime auto-enables on nodes with /dev/kvm + ops.
Validated end-to-end on straylight: a test service deploys via
`mcp deploy --direct`, boots as a Nanos unikernel, serves HTTP through
the agent port-forward, and reports running via `mcp status`/`mcp logs`.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Recreates containers from the agent's SQLite registry when podman's
database is lost (UID change, podman reset, reboot). For each service
with desired_state="running" that doesn't have a running container:
- Removes any stale container with the same name
- Recreates the container from the stored spec (image, ports, volumes,
cmd, network, user, restart policy)
- Allocates route ports and injects PORT env vars
- Re-registers mc-proxy routes
- Provisions TLS certs for L7 routes
Does NOT pull images — assumes local cache.
Root cause action item from the 2026-04-03 UID incident.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
