drpc poc

Author: rgarcia

Makefile

@@ -122,15 +122,16 @@ generate-wire: $(WIRE)
 	@echo "Generating wire code..."
 	cd ./cmd/api && $(WIRE)
 
-# Generate gRPC code from proto
-generate-grpc:
-	@echo "Generating gRPC code from proto..."
-	protoc --go_out=. --go_opt=paths=source_relative \
-		--go-grpc_out=. --go-grpc_opt=paths=source_relative \
+# Generate DRPC code from proto
+# Note: PATH ordering ensures we use GOPATH/bin versions of protoc-gen-go and protoc-gen-go-drpc
+generate-drpc:
+	@echo "Generating DRPC code from proto..."
+	PATH=$(shell go env GOPATH)/bin:$$PATH protoc --go_out=. --go_opt=paths=source_relative \
+		--go-drpc_out=. --go-drpc_opt=paths=source_relative \
 		lib/guest/guest.proto
 
 # Generate all code
-generate-all: oapi-generate generate-vmm-client generate-wire generate-grpc
+generate-all: oapi-generate generate-vmm-client generate-wire generate-drpc
 
 # Check if CH binaries exist, download if missing
 .PHONY: ensure-ch-binaries

cmd/api/api/cp.go

@@ -230,7 +230,7 @@ func (s *ApiService) handleCopyTo(ctx context.Context, ws *websocket.Conn, inst
 		return 0, fmt.Errorf("get grpc connection: %w", err)
 	}
 
-	client := guest.NewGuestServiceClient(grpcConn)
+	client := guest.NewDRPCGuestServiceClient(grpcConn)
 	stream, err := client.CopyToGuest(ctx)
 	if err != nil {
 		return 0, fmt.Errorf("start copy stream: %w", err)
@@ -340,7 +340,7 @@ func (s *ApiService) handleCopyFrom(ctx context.Context, ws *websocket.Conn, ins
 		return 0, fmt.Errorf("get grpc connection: %w", err)
 	}
 
-	client := guest.NewGuestServiceClient(grpcConn)
+	client := guest.NewDRPCGuestServiceClient(grpcConn)
 	stream, err := client.CopyFromGuest(ctx, &guest.CopyFromGuestRequest{
 		Path:        req.GuestPath,
 		FollowLinks: req.FollowLinks,

cmd/api/api/instances.go

@@ -479,7 +479,7 @@ func (s *ApiService) StatInstancePath(ctx context.Context, request oapi.StatInst
 		}, nil
 	}
 
-	client := guest.NewGuestServiceClient(grpcConn)
+	client := guest.NewDRPCGuestServiceClient(grpcConn)
 	followLinks := false
 	if request.Params.FollowLinks != nil {
 		followLinks = *request.Params.FollowLinks

go.mod

@@ -12,7 +12,6 @@ require (
 	github.com/ghodss/yaml v1.0.0
 	github.com/go-chi/chi/v5 v5.2.3
 	github.com/golang-jwt/jwt/v5 v5.3.0
-	github.com/golang/protobuf v1.5.4
 	github.com/google/go-containerregistry v0.20.6
 	github.com/google/wire v0.7.0
 	github.com/gorilla/websocket v1.5.3
@@ -43,8 +42,9 @@ require (
 	go.opentelemetry.io/otel/trace v1.38.0
 	golang.org/x/sync v0.17.0
 	golang.org/x/sys v0.38.0
-	google.golang.org/grpc v1.77.0
+	google.golang.org/protobuf v1.36.10
 	gvisor.dev/gvisor v0.0.0-20251125014920-fc40e232ff54
+	storj.io/drpc v0.0.34
 )
 
 require (
@@ -102,6 +102,7 @@ require (
 	github.com/vbatts/tar-split v0.12.1 // indirect
 	github.com/vishvananda/netns v0.0.5 // indirect
 	github.com/woodsbury/decimal128 v1.3.0 // indirect
+	github.com/zeebo/errs v1.2.2 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect
@@ -114,7 +115,7 @@ require (
 	golang.org/x/tools v0.37.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 // indirect
-	google.golang.org/protobuf v1.36.10 // indirect
+	google.golang.org/grpc v1.77.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	gotest.tools/v3 v3.5.2 // indirect

go.sum

@@ -238,6 +238,10 @@ github.com/woodsbury/decimal128 v1.3.0/go.mod h1:C5UTmyTjW3JftjUFzOVhC20BEQa2a4Z
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=
+github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
+github.com/zeebo/errs v1.2.2 h1:5NFypMTuSdoySVTqlNs1dEoU21QVamMQJxW/Fii5O7g=
+github.com/zeebo/errs v1.2.2/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/contrib/bridges/otelslog v0.13.0 h1:bwnLpizECbPr1RrQ27waeY2SPIPeccCx/xLuoYADZ9s=
@@ -365,3 +369,5 @@ gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
 gvisor.dev/gvisor v0.0.0-20251125014920-fc40e232ff54 h1:eYMn6Z3T40m4f9vVYRcsjvX4eEv7ng7FgrZTbadSyBs=
 gvisor.dev/gvisor v0.0.0-20251125014920-fc40e232ff54/go.mod h1:W1ZgZ/Dh85TgSZWH67l2jKVpDE5bjIaut7rjwwOiHzQ=
+storj.io/drpc v0.0.34 h1:q9zlQKfJ5A7x8NQNFk8x7eKUF78FMhmAbZLnFK+og7I=
+storj.io/drpc v0.0.34/go.mod h1:Y9LZaa8esL1PW2IDMqJE7CFSNq7d5bQ3RI7mGPtmKMg=

lib/guest/client.go

@@ -17,8 +17,7 @@ import (
 
 	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/onkernel/hypeman/lib/hypervisor"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials/insecure"
+	"storj.io/drpc/drpcconn"
 )
 
 const (
@@ -51,25 +50,31 @@ func IsAgentConnectionError(err error) bool {
 		errors.As(err, &agentErr))
 }
 
-// connPool manages reusable gRPC connections per vsock dialer key
+// pooledConn wraps a drpc connection with its underlying net.Conn for cleanup
+type pooledConn struct {
+	drpc    *drpcconn.Conn
+	netConn net.Conn
+}
+
+// connPool manages reusable DRPC connections per vsock dialer key
 // This avoids the overhead and potential issues of rapidly creating/closing connections
 var connPool = struct {
 	sync.RWMutex
-	conns map[string]*grpc.ClientConn
+	conns map[string]*pooledConn
 }{
-	conns: make(map[string]*grpc.ClientConn),
+	conns: make(map[string]*pooledConn),
 }
 
 // GetOrCreateConn returns an existing connection or creates a new one using a VsockDialer.
 // This supports multiple hypervisor types (Cloud Hypervisor, QEMU, etc.).
-func GetOrCreateConn(ctx context.Context, dialer hypervisor.VsockDialer) (*grpc.ClientConn, error) {
+func GetOrCreateConn(ctx context.Context, dialer hypervisor.VsockDialer) (*drpcconn.Conn, error) {
 	key := dialer.Key()
 
 	// Try read lock first for existing connection
 	connPool.RLock()
-	if conn, ok := connPool.conns[key]; ok {
+	if pc, ok := connPool.conns[key]; ok {
 		connPool.RUnlock()
-		return conn, nil
+		return pc.drpc, nil
 	}
 	connPool.RUnlock()
 
@@ -78,40 +83,33 @@ func GetOrCreateConn(ctx context.Context, dialer hypervisor.VsockDialer) (*grpc.
 	defer connPool.Unlock()
 
 	// Double-check after acquiring write lock
-	if conn, ok := connPool.conns[key]; ok {
-		return conn, nil
+	if pc, ok := connPool.conns[key]; ok {
+		return pc.drpc, nil
 	}
 
 	// Create new connection using the VsockDialer
-	conn, err := grpc.Dial("passthrough:///vsock",
-		grpc.WithContextDialer(func(ctx context.Context, addr string) (net.Conn, error) {
-			netConn, err := dialer.DialVsock(ctx, vsockGuestPort)
-			if err != nil {
-				return nil, &AgentConnectionError{Err: err}
-			}
-			return netConn, nil
-		}),
-		grpc.WithTransportCredentials(insecure.NewCredentials()),
-	)
+	netConn, err := dialer.DialVsock(ctx, vsockGuestPort)
 	if err != nil {
-		return nil, fmt.Errorf("create grpc connection: %w", err)
+		return nil, &AgentConnectionError{Err: err}
 	}
 
-	connPool.conns[key] = conn
-	slog.Debug("created new gRPC connection", "key", key)
+	// Wrap in drpc connection
+	conn := drpcconn.New(netConn)
+
+	connPool.conns[key] = &pooledConn{drpc: conn, netConn: netConn}
+	slog.Debug("created new DRPC connection", "key", key)
 	return conn, nil
 }
 
 // CloseConn removes a connection from the pool by key (call when VM is deleted).
-// We only remove from pool, not explicitly close - the connection will fail
-// naturally when the VM dies, and grpc will clean up.
 func CloseConn(dialerKey string) {
 	connPool.Lock()
 	defer connPool.Unlock()
 
-	if _, ok := connPool.conns[dialerKey]; ok {
+	if pc, ok := connPool.conns[dialerKey]; ok {
+		pc.drpc.Close()
 		delete(connPool.conns, dialerKey)
-		slog.Debug("removed gRPC connection from pool", "key", dialerKey)
+		slog.Debug("removed DRPC connection from pool", "key", dialerKey)
 	}
 }
 
@@ -132,27 +130,27 @@ type ExecOptions struct {
 	Timeout int32             // Execution timeout in seconds (0 = no timeout)
 }
 
-// ExecIntoInstance executes command in instance via vsock using gRPC.
+// ExecIntoInstance executes command in instance via vsock using DRPC.
 // The dialer is a hypervisor-specific VsockDialer that knows how to connect to the guest.
 func ExecIntoInstance(ctx context.Context, dialer hypervisor.VsockDialer, opts ExecOptions) (*ExitStatus, error) {
 	start := time.Now()
 	var bytesSent int64
 
-	// Get or create a reusable gRPC connection for this vsock dialer
-	grpcConn, err := GetOrCreateConn(ctx, dialer)
+	// Get or create a reusable DRPC connection for this vsock dialer
+	drpcConn, err := GetOrCreateConn(ctx, dialer)
 	if err != nil {
-		return nil, fmt.Errorf("get grpc connection: %w", err)
+		return nil, fmt.Errorf("get drpc connection: %w", err)
 	}
 	// Note: Don't close the connection - it's pooled and reused
 
 	// Create guest client
-	client := NewGuestServiceClient(grpcConn)
+	client := NewDRPCGuestServiceClient(drpcConn)
 	stream, err := client.Exec(ctx)
 	if err != nil {
 		return nil, fmt.Errorf("start exec stream: %w", err)
 	}
 	// Ensure stream is properly closed when we're done
-	defer stream.CloseSend()
+	defer stream.Close()
 
 	// Send start request
 	if err := stream.Send(&ExecRequest{
@@ -233,12 +231,12 @@ type CopyToInstanceOptions struct {
 // CopyToInstance copies a file or directory to an instance via vsock.
 // The dialer is a hypervisor-specific VsockDialer that knows how to connect to the guest.
 func CopyToInstance(ctx context.Context, dialer hypervisor.VsockDialer, opts CopyToInstanceOptions) error {
-	grpcConn, err := GetOrCreateConn(ctx, dialer)
+	drpcConn, err := GetOrCreateConn(ctx, dialer)
 	if err != nil {
-		return fmt.Errorf("get grpc connection: %w", err)
+		return fmt.Errorf("get drpc connection: %w", err)
 	}
 
-	client := NewGuestServiceClient(grpcConn)
+	client := NewDRPCGuestServiceClient(drpcConn)
 
 	// Stat the source
 	srcInfo, err := os.Stat(opts.SrcPath)
@@ -253,7 +251,7 @@ func CopyToInstance(ctx context.Context, dialer hypervisor.VsockDialer, opts Cop
 }
 
 // copyFileToInstance copies a single file to the instance
-func copyFileToInstance(ctx context.Context, client GuestServiceClient, srcPath, dstPath string, mode fs.FileMode) error {
+func copyFileToInstance(ctx context.Context, client DRPCGuestServiceClient, srcPath, dstPath string, mode fs.FileMode) error {
 	srcInfo, err := os.Stat(srcPath)
 	if err != nil {
 		return fmt.Errorf("stat source: %w", err)
@@ -329,7 +327,7 @@ func copyFileToInstance(ctx context.Context, client GuestServiceClient, srcPath,
 }
 
 // copyDirToInstance copies a directory recursively to the instance
-func copyDirToInstance(ctx context.Context, client GuestServiceClient, srcPath, dstPath string) error {
+func copyDirToInstance(ctx context.Context, client DRPCGuestServiceClient, srcPath, dstPath string) error {
 	srcPath = filepath.Clean(srcPath)
 
 	// First create the destination directory
@@ -444,12 +442,12 @@ type FileHandler func(header *CopyFromGuestHeader, data io.Reader) error
 // CopyFromInstance copies a file or directory from an instance via vsock.
 // The dialer is a hypervisor-specific VsockDialer that knows how to connect to the guest.
 func CopyFromInstance(ctx context.Context, dialer hypervisor.VsockDialer, opts CopyFromInstanceOptions) error {
-	grpcConn, err := GetOrCreateConn(ctx, dialer)
+	drpcConn, err := GetOrCreateConn(ctx, dialer)
 	if err != nil {
-		return fmt.Errorf("get grpc connection: %w", err)
+		return fmt.Errorf("get drpc connection: %w", err)
 	}
 
-	client := NewGuestServiceClient(grpcConn)
+	client := NewDRPCGuestServiceClient(drpcConn)
 
 	stream, err := client.CopyFromGuest(ctx, &CopyFromGuestRequest{
 		Path:        opts.SrcPath,