OCI Support

[dpsoft]

This pull request introduces comprehensive OCI container image support to VoidBox, enabling auto-pulling and mounting of container images as guest OS roots or as skill providers. It also adds a multi-arch guest image build workflow, expands documentation, and updates the guest-agent to support new rootfs and shared directory mounting behaviors. These changes significantly improve ease of use, flexibility, and compatibility for running agents and workflows with containerized environments.

OCI container support and integration:

• Added the voidbox-oci crate to the workspace and dependencies, and registered an oci_integration test for OCI image functionality. [1] [2] [3]
• Updated the guest-agent to mount shared directories (virtiofs or 9p), pivot into OCI rootfs when specified, and load required kernel modules for 9p support. [1] [2] [3]
• Added support for OCI skills in the skill listing output.

Multi-arch guest image build and publishing:

• Added .github/workflows/guest-image.yml for automated multi-arch (x86_64, aarch64) guest image builds, artifact uploads, and publishing to GHCR as OCI images.

Documentation and examples:

• Expanded the README.md with detailed sections on OCI container support, usage modes, and resolution order for guest images and containers. [1] [2] [3] [4]
• Added new YAML examples for agents, pipelines, workflows, and skills using OCI images and guest-image auto-pull features. (examples/specs/oci/agent.yaml [1] guest-image-workflow.yaml [2] pipeline.yaml [3] skills.yaml [4] workflow.yaml [5]

These changes collectively enable seamless container-based workflows, simplify setup, and provide robust documentation and examples for new users.

[Copilot]

Pull request overview

This PR introduces comprehensive OCI container image support to VoidBox, enabling seamless auto-pulling and mounting of container images for guest OS roots and skill providers. It adds a new voidbox-oci crate for OCI registry interaction, extends the guest-agent to support pivot_root and directory mounting, implements virtio-9p for KVM-based directory sharing, and provides multi-arch guest image build infrastructure.

Changes:

• New voidbox-oci crate with registry client, layer unpacking, manifest parsing, and content-addressed blob caching
• Guest-agent enhancements for OCI rootfs pivot_root via overlayfs and virtiofs/9p mount handling
• Virtio-9p device implementation for Linux KVM host directory sharing (9P2000.L subset)
• Multi-arch guest image build workflow and publishing to GHCR
• YAML spec extensions for sandbox.image, sandbox.guest_image, and OCI skills with comprehensive examples

Reviewed changes

Copilot reviewed 37 out of 38 changed files in this pull request and generated 14 comments.

Show a summary per file

File	Description
voidbox-oci/src/lib.rs	Public API for OCI client with pull, unpack, and cache operations
voidbox-oci/src/registry.rs	OCI registry HTTP client with bearer token auth and platform selection
voidbox-oci/src/unpack.rs	Layer extraction with whiteout handling, hard link deferral, and guest file extraction
voidbox-oci/src/manifest.rs	OCI manifest/index parsing with platform matching
voidbox-oci/src/cache.rs	Content-addressed blob cache with completion markers
voidbox-oci/Cargo.toml	Dependencies for OCI operations (reqwest, tar, flate2, zstd, sha2)
src/runtime.rs	5-step guest image resolution chain and OCI base image pull/mount integration
src/spec.rs	YAML schema extensions for mounts, OCI images, and SkillEntry enum
src/devices/virtio_9p.rs	Complete virtio-9p MMIO device with 9P2000.L subset implementation
src/devices/mod.rs	Register virtio_9p module
src/vmm/mod.rs	Virtio-9p device instantiation and MMIO registration for KVM
src/vmm/cpu.rs	MMIO dispatch and IRQ injection for virtio-9p
src/vmm/config.rs	Mount config and oci_rootfs kernel cmdline parameters
src/backend/mod.rs	MountConfig struct for host→guest directory mounts
src/backend/kvm.rs	Apply mounts and oci_rootfs to VM config
src/backend/vz/backend.rs	Virtiofs share configuration for macOS VZ backend
src/backend/vz/config.rs	Mount and oci_rootfs kernel cmdline for VZ
src/sandbox/mod.rs	SandboxConfig extensions for mounts and oci_rootfs
src/sandbox/local.rs	Propagate mounts and oci_rootfs to backend config
src/agent_box.rs	VoidBox builder methods for mounts and oci_rootfs, OCI skill provisioning
src/skill.rs	SkillKind::Oci variant for container-based skill providers
src/daemon.rs	Telemetry event generation for OCI skills
guest-agent/src/main.rs	Mount shared directories, load 9p modules, pivot_root into OCI rootfs
tests/oci_integration.rs	Comprehensive OCI integration tests (spec parsing, cmdline, VM E2E, examples)
tests/conformance.rs	Add mounts and oci_rootfs to test BackendConfig
examples/specs/oci/*.yaml	Example specs for agent, workflow, pipeline, skills, and guest-image
examples/remote_skills.rs	Handle SkillKind::Oci in skill listing
.github/workflows/guest-image.yml	Multi-arch guest image build and GHCR publish workflow
scripts/build_guest_oci.sh	Script for building and pushing multi-arch guest OCI images
README.md	Documentation for OCI support, zero-setup KVM mode, and resolution order
Cargo.toml	Add voidbox-oci crate to workspace and dependencies
Cargo.lock	Lock file updates for new dependencies

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.