boxlite-ai
diff --git a/‎boxlite/build.rs‎
Lines changed: 18 additions & 13 deletions b/‎boxlite/build.rs‎
Lines changed: 18 additions & 13 deletions
diff --git a/‎boxlite/src/metrics/box_metrics.rs‎
Lines changed: 39 additions & 0 deletions b/‎boxlite/src/metrics/box_metrics.rs‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎boxlite/src/portal/interfaces/exec.rs‎
Lines changed: 8 additions & 3 deletions b/‎boxlite/src/portal/interfaces/exec.rs‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎boxlite/src/rest/litebox.rs‎
Lines changed: 2 additions & 0 deletions b/‎boxlite/src/rest/litebox.rs‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎boxlite/src/rest/types.rs‎
Lines changed: 4 additions & 0 deletions b/‎boxlite/src/rest/types.rs‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎boxlite/src/runtime/embedded.rs‎
Lines changed: 59 additions & 0 deletions b/‎boxlite/src/runtime/embedded.rs‎
Lines changed: 59 additions & 0 deletions
@@ -829,29 +829,34 @@ fn main() {
 /// Compute SHA256 hash of the `boxlite-guest` binary and embed it via `cargo:rustc-env`.
 ///
 /// Search order:
-/// 1. `runtime_dir` (OUT_DIR/runtime/ — for prebuilt mode)
-/// 2. `target/boxlite-runtime/boxlite-guest` (assembled by `make runtime-debug`)
+/// 1. Direct build output: `target/{target-triple}/{profile}/boxlite-guest`
+/// 2. `runtime_dir` (OUT_DIR/runtime/ — for prebuilt mode)
+///
+/// IMPORTANT: The source binary (direct build output) must be checked FIRST because
+/// `compute_guest_hash` runs before `generate()` in main(). The OUT_DIR/runtime/ copy
+/// is placed there by a previous build's `generate()` and may be stale when the guest
+/// binary has been rebuilt since then.
 ///
 /// If the binary isn't found, silently skips — runtime will compute the hash as fallback.
 fn compute_guest_hash(runtime_dir: &Path) {
     let manifest_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap());
-
-    let candidates = [
-        runtime_dir.join("boxlite-guest"),
-        manifest_dir
-            .parent()
-            .map(|root| root.join("target/boxlite-runtime/boxlite-guest"))
-            .unwrap_or_default(),
-    ];
-
-    let guest_path = candidates.iter().find(|p| p.is_file());
+    let profile = env::var("PROFILE").unwrap_or_else(|_| "debug".to_string());
+
+    // Check source binary first (direct build output) to avoid stale OUT_DIR copies.
+    let workspace_root = manifest_dir.parent().unwrap_or(&manifest_dir);
+    let guest_path =
+        EmbeddedManifest::find_prebuilt_guest(workspace_root, &profile).or_else(|| {
+            // Fallback: OUT_DIR copy (for prebuilt/CI mode where source isn't available)
+            let p = runtime_dir.join("boxlite-guest");
+            p.is_file().then_some(p)
+        });
 
     let Some(guest_path) = guest_path else {
         println!("cargo:warning=boxlite-guest not found, skipping compile-time hash");
         return;
     };
 
-    match sha256_file(guest_path) {
+    match sha256_file(&guest_path) {
         Ok(hash) => {
             println!("cargo:rustc-env=BOXLITE_GUEST_HASH={}", hash);
             println!("cargo:rerun-if-changed={}", guest_path.display());
 
@@ -17,6 +17,12 @@ pub struct BoxMetricsStorage {
     /// Bytes received from this box (via stdout/stderr)
     pub(crate) bytes_received: AtomicU64,
 
+    // Per-command timing metrics (monotonic, updated per command)
+    /// Sum of all command durations (milliseconds)
+    pub(crate) exec_duration_total_ms: AtomicU64,
+    /// Maximum single command duration (milliseconds)
+    pub(crate) exec_max_duration_ms: AtomicU64,
+
     // Timing metrics (set once, never change)
     /// Total time from create() call to LiteBox ready (includes all stages)
     pub(crate) total_create_duration_ms: Option<u128>,
@@ -45,6 +51,10 @@ impl Clone for BoxMetricsStorage {
             exec_errors: AtomicU64::new(self.exec_errors.load(Ordering::Relaxed)),
             bytes_sent: AtomicU64::new(self.bytes_sent.load(Ordering::Relaxed)),
             bytes_received: AtomicU64::new(self.bytes_received.load(Ordering::Relaxed)),
+            exec_duration_total_ms: AtomicU64::new(
+                self.exec_duration_total_ms.load(Ordering::Relaxed),
+            ),
+            exec_max_duration_ms: AtomicU64::new(self.exec_max_duration_ms.load(Ordering::Relaxed)),
             total_create_duration_ms: self.total_create_duration_ms,
             guest_boot_duration_ms: self.guest_boot_duration_ms,
             stage_filesystem_setup_ms: self.stage_filesystem_setup_ms,
@@ -140,6 +150,15 @@ impl BoxMetricsStorage {
     pub(crate) fn add_bytes_received(&self, bytes: u64) {
         self.bytes_received.fetch_add(bytes, Ordering::Relaxed);
     }
+
+    /// Record a command duration: adds to total and updates max.
+    #[allow(dead_code)]
+    pub(crate) fn record_exec_duration(&self, duration_ms: u64) {
+        self.exec_duration_total_ms
+            .fetch_add(duration_ms, Ordering::Relaxed);
+        self.exec_max_duration_ms
+            .fetch_max(duration_ms, Ordering::Relaxed);
+    }
 }
 
 /// Handle for querying per-box metrics.
@@ -156,6 +175,10 @@ pub struct BoxMetrics {
     pub bytes_sent_total: u64,
     /// Bytes received from this box (via stdout/stderr)
     pub bytes_received_total: u64,
+    /// Sum of all command durations (milliseconds, monotonic)
+    pub exec_duration_total_ms: u64,
+    /// Maximum single command duration (milliseconds)
+    pub exec_max_duration_ms: u64,
     /// Total time from create() call to LiteBox ready (milliseconds)
     pub total_create_duration_ms: Option<u128>,
     /// Time from box subprocess spawn to guest agent ready (milliseconds)
@@ -204,6 +227,8 @@ impl BoxMetrics {
             exec_errors_total: storage.exec_errors.load(Ordering::Relaxed),
             bytes_sent_total: storage.bytes_sent.load(Ordering::Relaxed),
             bytes_received_total: storage.bytes_received.load(Ordering::Relaxed),
+            exec_duration_total_ms: storage.exec_duration_total_ms.load(Ordering::Relaxed),
+            exec_max_duration_ms: storage.exec_max_duration_ms.load(Ordering::Relaxed),
             total_create_duration_ms: storage.total_create_duration_ms,
             guest_boot_duration_ms: storage.guest_boot_duration_ms,
             cpu_percent,
@@ -251,6 +276,20 @@ impl BoxMetrics {
         self.bytes_received_total
     }
 
+    /// Sum of all command durations (milliseconds).
+    ///
+    /// Never decreases (monotonic counter).
+    pub fn exec_duration_total_ms(&self) -> u64 {
+        self.exec_duration_total_ms
+    }
+
+    /// Maximum single command duration (milliseconds).
+    ///
+    /// Tracks worst-case exec latency.
+    pub fn exec_max_duration_ms(&self) -> u64 {
+        self.exec_max_duration_ms
+    }
+
     /// Total time from create() call to box ready (milliseconds).
     ///
     /// Includes all initialization stages: filesystem setup, image pull,
 
@@ -55,7 +55,7 @@ impl ExecutionInterface {
         // Build request
         let request = ExecProtocol::build_exec_request(&command);
 
-        tracing::debug!(?command, "Starting execution");
+        tracing::debug!(command = %command.command, "exec RPC: sending request");
 
         // Start execution
         let exec_response = self.client.exec(request).await?.into_inner();
@@ -68,6 +68,8 @@ impl ExecutionInterface {
 
         let execution_id = exec_response.execution_id.clone();
 
+        tracing::debug!(execution_id = %execution_id, "spawning background streams");
+
         // Spawn stdin pump (cancellable — exits cleanly during shutdown)
         ExecProtocol::spawn_stdin(
             self.client.clone(),
@@ -257,15 +259,15 @@ impl ExecProtocol {
             let response = tokio::select! {
                 biased;
                 _ = shutdown_token.cancelled() => {
-                    tracing::debug!(execution_id = %execution_id, "Attach cancelled during connect");
+                    tracing::debug!(execution_id = %execution_id, "attach cancelled during connect");
                     return;
                 }
                 result = client.attach(request) => result,
             };
 
             match response {
                 Ok(response) => {
-                    tracing::debug!(execution_id = %execution_id, "Attach stream connected");
+                    tracing::debug!(execution_id = %execution_id, "attach stream connected");
                     let mut stream = response.into_inner();
                     let mut message_count = 0u64;
 
@@ -351,6 +353,8 @@ impl ExecProtocol {
                 execution_id: execution_id.clone(),
             };
 
+            tracing::debug!(execution_id = %execution_id, "wait: sending request");
+
             // Use select! to handle cancellation during wait
             let result = tokio::select! {
                 biased;
@@ -391,6 +395,7 @@ impl ExecProtocol {
         shutdown_token: CancellationToken,
     ) {
         tokio::spawn(async move {
+            tracing::debug!(execution_id = %execution_id, "stdin: starting stream");
             let (tx, rx) = mpsc::channel::<ExecStdin>(8);
 
             // Producer: forward stdin channel into tonic stream
 
@@ -632,6 +632,8 @@ fn box_metrics_from_response(resp: &BoxMetricsResponse) -> BoxMetrics {
         exec_errors_total: resp.exec_errors_total,
         bytes_sent_total: resp.bytes_sent_total,
         bytes_received_total: resp.bytes_received_total,
+        exec_duration_total_ms: resp.exec_duration_total_ms.unwrap_or(0),
+        exec_max_duration_ms: resp.exec_max_duration_ms.unwrap_or(0),
         total_create_duration_ms: total_create_ms,
         guest_boot_duration_ms: guest_boot_ms,
         cpu_percent: resp.cpu_percent,
 
@@ -349,6 +349,10 @@ pub(crate) struct BoxMetricsResponse {
     pub bytes_sent_total: u64,
     #[serde(default)]
     pub bytes_received_total: u64,
+    #[serde(default)]
+    pub exec_duration_total_ms: Option<u64>,
+    #[serde(default)]
+    pub exec_max_duration_ms: Option<u64>,
     pub cpu_percent: Option<f32>,
     pub memory_bytes: Option<u64>,
     pub network_bytes_sent: Option<u64>,
 
@@ -106,6 +106,12 @@ impl EmbeddedRuntime {
             Self::set_permissions(&path, name)?;
         }
 
+        // macOS: sign shim with hypervisor entitlement after extraction.
+        // The embedded bytes are from an unsigned build artifact; the
+        // Hypervisor.framework requires com.apple.security.hypervisor.
+        #[cfg(target_os = "macos")]
+        Self::sign_shim(&tmp)?;
+
         // Stamp marks extraction as complete — checked by the fast path above.
         std::fs::write(tmp.join(".complete"), crate::VERSION)
             .map_err(|e| BoxliteError::Storage(format!("write stamp: {}", e)))?;
@@ -210,6 +216,59 @@ impl EmbeddedRuntime {
             BoxliteError::Storage(format!("chmod {:o} {}: {}", mode, path.display(), e))
         })
     }
+
+    /// Sign boxlite-shim with hypervisor entitlement (macOS only).
+    ///
+    /// The embedded shim bytes come from an unsigned build artifact.
+    /// macOS Hypervisor.framework requires `com.apple.security.hypervisor`
+    /// entitlement, so we ad-hoc sign after extraction.
+    #[cfg(target_os = "macos")]
+    fn sign_shim(dir: &Path) -> BoxliteResult<()> {
+        let shim = dir.join("boxlite-shim");
+        if !shim.exists() {
+            return Ok(());
+        }
+
+        let entitlements = "\
+<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\
+<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n\
+<plist version=\"1.0\">\n\
+<dict>\n\
+\t<key>com.apple.security.hypervisor</key>\n\
+\t<true/>\n\
+\t<key>com.apple.security.cs.disable-library-validation</key>\n\
+\t<true/>\n\
+</dict>\n\
+</plist>";
+
+        // Write entitlements to a temp file
+        let ent_path = dir.join(".entitlements.plist");
+        std::fs::write(&ent_path, entitlements)
+            .map_err(|e| BoxliteError::Storage(format!("write entitlements: {}", e)))?;
+
+        let output = std::process::Command::new("codesign")
+            .args(["-s", "-", "--force", "--entitlements"])
+            .arg(&ent_path)
+            .arg(&shim)
+            .output()
+            .map_err(|e| BoxliteError::Storage(format!("codesign: {}", e)))?;
+
+        // Clean up entitlements file
+        let _ = std::fs::remove_file(&ent_path);
+
+        if !output.status.success() {
+            let stderr = String::from_utf8_lossy(&output.stderr);
+            tracing::warn!(
+                shim = %shim.display(),
+                stderr = %stderr,
+                "Failed to sign extracted shim (non-fatal on Linux)"
+            );
+        } else {
+            tracing::info!(shim = %shim.display(), "Signed extracted shim with hypervisor entitlement");
+        }
+
+        Ok(())
+    }
 }
 
 #[cfg(test)]