Back to feed

sledtools/pika branch #74

pika-cloud

Finish pikaci Incus-only backend hard cut

Target branch: master

Merge Commit: 395886764199d306c39633dcbea97ce640dea9b4

branch: merged tutorial: ready ci: success
Open CI Details

Continuous Integration

CI: success

Compact status on the review page, with full logs on the CI page.

Open CI Details

Latest run #102 success

10 passed

head c819e17c5b24689446f5e87284bc8546809d879d · queued 2026-03-26 00:20:45 · 10 lane(s)

queued 1m 36s · ran 2m 37s

check-pika-rust · success check-pika-followup · success check-notifications · success check-agent-contracts · success check-rmp · success check-pikachat · success check-pikachat-typescript · success check-apple-host-sanity · success check-pikachat-openclaw-e2e · success check-fixture · success

Summary

This branch completes the hard cut of the pikaci CI executor from a dual microvm/Incus backend to an Incus-only backend. The major changes include: removing the entire pika-agent-microvm crate and its ~2900-line microvm spawner client, removing the vm-spawner crate, renaming pika-agent-control-plane to pika-cloud as the surviving shared-types crate, refactoring the pikaci executor to delete the microvm executor module and flatten the Incus executor as the sole backend, updating all downstream consumers (pika-server, CLI, pikahut tests) to use the new pika-cloud crate, adding new Incus-based CI image definitions in Nix, introducing dogfood validation scripts and documentation for the Incus migration, and cleaning up CI lane configurations, Nix modules, and infrastructure files to remove all microvm-specific paths and references.

Tutorial Steps

Remove the pika-agent-microvm crate

Intent: Delete the entire microvm spawner client crate (~2900 lines) which provided the MicrovmSpawnerClient, MicrovmManagedVmProvider, VM lifecycle methods, guest autostart script generation, and OpenClaw gateway configuration. This crate is no longer needed since the platform is moving to Incus-only.

Affected files: crates/pika-agent-microvm/Cargo.toml, crates/pika-agent-microvm/src/lib.rs, Cargo.toml, Cargo.lock

Evidence 
@@ -1,17 +0,0 @@ [package] name = "pika-agent-microvm"
@@ -1,2900 +0,0 @@ use std::collections::BTreeMap; ... pub struct MicrovmSpawnerClient { ... pub struct MicrovmManagedVmProvider {
@@ -6,8 +6,7 @@ members = [ ... -  "crates/pika-agent-control-plane", -  "crates/pika-agent-microvm", +  "crates/pika-cloud",

The pika-agent-microvm crate contained the full microvm spawner HTTP client (MicrovmSpawnerClient), the higher-level MicrovmManagedVmProvider wrapper, parameter resolution logic (resolve_params, validate_resolved_params), the guest autostart bash script generator (microvm_autostart_script), OpenClaw gateway configuration builder, and an extensive test suite.

All of this is deleted because the platform no longer provisions agents via the microvm spawner. The Cargo.toml workspace members list removes both pika-agent-microvm and pika-agent-control-plane, replacing them with the new pika-cloud crate.

Remove the vm-spawner crate

Intent: Delete the vm-spawner binary crate that served as the microvm management daemon, handling VM creation, lifecycle, backup, and recovery via an HTTP API.

Affected files: crates/vm-spawner/Cargo.toml, crates/vm-spawner/src/config.rs, crates/vm-spawner/src/main.rs, crates/vm-spawner/src/manager.rs, Cargo.toml, Cargo.lock

Evidence 
@@ -23,7 +22,6 @@ members = [ ... -  "crates/vm-spawner",
@@ -9032,28 +9018,6 @@ checksum = "..." -[[package]] -name = "vm-spawner" -version = "0.1.0"

The vm-spawner crate was the HTTP server that managed microvm lifecycles (create, delete, recover, restore, backup-status). With the Incus-only hard cut, this entire binary is removed from the workspace. The Cargo.lock entry and workspace member listing are both cleaned up.

Rename pika-agent-control-plane to pika-cloud

Intent: Rename the shared types crate from `pika-agent-control-plane` to `pika-cloud` to reflect its new role as the general cloud/provisioning types crate, decoupled from the microvm-specific control plane terminology.

Affected files: crates/pika-cloud/src/lifecycle.rs, crates/pika-cloud/src/mount.rs, crates/pika-cloud/src/paths.rs, crates/pika-cloud/src/policy.rs, crates/pika-cloud/src/spec.rs, Cargo.lock

Evidence 
@@ -5932,35 +5932,20 @@ -name = "pika-agent-control-plane" ... +name = "pika-cloud" +version = "0.1.0" +dependencies = [ + "serde", + "serde_json",
@@ -6102,7 +6087,7 @@ - "pika-agent-control-plane", + "pika-cloud",

The pika-agent-control-plane crate is renamed to pika-cloud. This crate contains the shared type definitions used across the server, CLI, and CI tooling — including AgentProvisionRequest, AgentStartupPhase, IncusProvisionParams, and related enums/structs. The new name better reflects the crate's purpose as general cloud provisioning types rather than being tied to a specific microvm control plane.

The pika-cloud crate is organized into focused modules: lifecycle.rs (startup phases and status), mount.rs (mount point definitions), paths.rs (guest filesystem paths), policy.rs (policy types), and spec.rs (provision request and Incus parameter types). The anyhow dependency is dropped since the crate now only needs serde and serde_json.

Update CLI to use pika-cloud

Intent: Repoint the CLI binary's dependency from pika-agent-control-plane to pika-cloud and update the import path in source code.

Affected files: cli/Cargo.toml, cli/src/main.rs

Evidence 
@@ -17,7 +17,7 @@ -pika-agent-control-plane = { path = "../crates/pika-agent-control-plane" } +pika-cloud = { path = "../crates/pika-cloud" }
@@ -14,7 +14,7 @@ -use pika_agent_control_plane::{AgentProvisionRequest, AgentStartupPhase, IncusProvisionParams}; +use pika_cloud::{AgentProvisionRequest, AgentStartupPhase, IncusProvisionParams};

The CLI's Cargo.toml swaps the dependency name and path. In cli/src/main.rs, the use statement is updated from pika_agent_control_plane to pika_cloud, importing the same types (AgentProvisionRequest, AgentStartupPhase, IncusProvisionParams).

Update pika-server to use pika-cloud

Intent: Repoint the pika-server crate's dependency from pika-agent-control-plane to pika-cloud and update all internal imports and usage sites.

Affected files: crates/pika-server/Cargo.toml, crates/pika-server/src/admin.rs, crates/pika-server/src/agent_api.rs, crates/pika-server/src/customer.rs, crates/pika-server/src/managed_openclaw_guest.rs

Evidence 
@@ -6102,7 +6087,7 @@ - "pika-agent-control-plane", + "pika-cloud",
@@ -6170,7 +6155,7 @@ - "pika-agent-control-plane", + "pika-cloud",

The pika-server crate is updated to depend on pika-cloud instead of pika-agent-control-plane. All source files that previously imported from pika_agent_control_plane now import from pika_cloud. The managed OpenClaw guest module (managed_openclaw_guest.rs) similarly updates its imports for types like IncusProvisionParams, AgentStartupPhase, and AgentProvisionRequest.

Refactor pikaci executor to Incus-only

Intent: Remove the microvm executor module entirely, flatten the executor abstraction to only support Incus, remove the executor trait and dynamic dispatch, and simplify the pikaci model and CLI argument parsing.

Affected files: crates/pikaci/Cargo.toml, crates/pikaci/src/executor.rs, crates/pikaci/src/executor/incus.rs, crates/pikaci/src/executor/microvm.rs, crates/pikaci/src/main.rs, crates/pikaci/src/model.rs, crates/pikaci/src/run.rs

Evidence 
@@ +0,0 +1 @@ +pika-cloud = { path = "../pika-cloud" }
@@ -1,55 +1,2 @@ -pub mod incus; -pub mod microvm; -use ... pub trait Executor { ... } +pub mod incus;
@@ deleted file microvm.rs

This is the core architectural change in pikaci. Previously, executor.rs defined an Executor trait with incus and microvm modules implementing it. The microvm executor module is deleted entirely, and the Executor trait is removed.

The executor.rs module is reduced to a single re-export line: pub mod incus;. The Incus executor in executor/incus.rs is updated to add pika-cloud as a dependency and gains a provision_params field for IncusProvisionParams.

In model.rs, the ExecutorBackend enum is simplified — the Microvm variant and its associated MicrovmExecutorConfig are removed. The run.rs file no longer needs to match on executor backends or construct microvm executors.

The main.rs CLI removes the --microvm-spawner-url argument and all microvm-related configuration parsing, leaving only Incus-related options.

Update pikahut tests for pika-cloud

Intent: Update the pikahut integration tests and guardrails to reference pika-cloud instead of pika-agent-control-plane, and adjust test support utilities accordingly.

Affected files: crates/pikahut/src/component.rs, crates/pikahut/tests/guardrails.rs, crates/pikahut/tests/integration_deterministic.rs, crates/pikahut/tests/support.rs

Evidence 
@@ -6206,8 +6191,8 @@ - "pika-agent-control-plane", + "pika-cloud",

The pikahut crate's dependency list in Cargo.lock shows the swap from pika-agent-control-plane to pika-cloud. Test files that reference provisioning types or component configurations are updated to use the new crate name. The component.rs file and test support modules adjust their imports accordingly.

Update rust core agent module

Intent: Update the shared Rust core agent module to use pika-cloud types instead of pika-agent-control-plane.

Affected files: rust/Cargo.toml, rust/src/core/agent.rs

Evidence 
@@ -6256,6 +6241,7 @@ + "pika-cloud",

The rust/ workspace root crate (used for the core SDK and shared agent logic) adds pika-cloud as a dependency. The agent.rs module updates its imports to reference types from pika_cloud instead of the removed pika_agent_control_plane.

Add Incus CI image Nix definitions

Intent: Introduce Nix expressions for building Incus container images used by pikaci in CI, including a managed agent image and a pikaci runner image.

Affected files: nix/incus/managed-agent-image.nix, nix/incus/pikaci-image.nix, flake.nix, flake.lock

Evidence 
@@ +0,0 nix/incus/managed-agent-image.nix
@@ +0,0 nix/incus/pikaci-image.nix

Two new Nix files define the Incus container images:

  • managed-agent-image.nix — builds the image used for managed agent containers inside Incus, containing the necessary runtime dependencies.
  • pikaci-image.nix — builds the image used by pikaci itself to run CI jobs in Incus containers.

The flake.nix is updated to wire these new image definitions into the Nix flake outputs, and flake.lock is updated with any new input pins.

Update CI forge lanes configuration

Intent: Replace all pika-agent-control-plane and pika-agent-microvm path references in CI lane trigger paths with pika-cloud, and remove microvm-specific script references.

Affected files: ci/forge-lanes.toml

Evidence 
@@ -82,8 +82,7 @@ -  "crates/pika-agent-control-plane/**", -  "crates/pika-agent-microvm/**", +  "crates/pika-cloud/**",
@@ -340,7 +337,6 @@ -  "scripts/demo-agent-microvm.sh",

The ci/forge-lanes.toml file defines which file paths trigger which CI lanes. Every lane that previously referenced crates/pika-agent-control-plane/** or crates/pika-agent-microvm/** is updated to reference crates/pika-cloud/** instead. The scripts/demo-agent-microvm.sh entry is removed from lane triggers since that script no longer exists.

Update Nix infrastructure modules

Intent: Remove microvm-host Nix module references, update pika-server and builder Nix modules to remove microvm-specific service definitions, and adjust the infrastructure justfile.

Affected files: infra/nix/hosts/pika-server.nix, infra/nix/modules/builder.nix, infra/nix/modules/microvm-host.nix, infra/nix/modules/pika-server.nix, infra/justfile, infra/secrets/README.md

Evidence 
@@ modules/microvm-host.nix (changes or deletion)
@@ infra/justfile (removal of microvm tunnel/deploy recipes)

Infrastructure Nix modules are updated to reflect the Incus-only world:

  • microvm-host.nix is either removed or gutted of microvm-specific service definitions.
  • pika-server.nix module removes references to the vm-spawner service and microvm provisioning.
  • builder.nix removes microvm image build steps.
  • The infra/justfile removes recipes like agent-microvm-tunnel that were used for SSH tunneling to the microvm spawner.
  • infra/secrets/README.md is updated to remove references to microvm-specific secrets.

Update CI Nix expressions and workspace mirrors

Intent: Update the CI-specific Nix build expressions and the pika-core-workspace Cargo mirror to reflect the crate renames and removals.

Affected files: nix/ci/linux-rust.nix, nix/ci/pika-core-workspace/Cargo.lock, nix/ci/pika-core-workspace/Cargo.toml, just/checks.just

Evidence 
@@ pika-core-workspace/Cargo.toml (member list changes)
@@ just/checks.just (removal of microvm-specific check targets)

The CI Nix build system maintains a mirrored pika-core-workspace that lists workspace members for hermetic Nix builds. This mirror is updated to remove pika-agent-microvm and vm-spawner from the members list and add pika-cloud.

The linux-rust.nix expression is adjusted to reference the new crate paths. The just/checks.just file removes any microvm-specific check or lint targets.

Add Incus migration documentation and runbooks

Intent: Introduce documentation covering the Incus migration plan, the Incus development lane, CI selector configuration, integration test matrix, and a runbook for stuck microvm chats during the transition.

Affected files: docs/incus-dev-lane.md, docs/incus-migration-plan.md, docs/microvm-launcher-scope-lock.md, docs/microvm-launcher-target.md, docs/microvm-spawner-scope.md, docs/microvm-stuck-chat-runbook.md, docs/testing/ci-selectors.md, docs/testing/integration-matrix.md, docs/agent-ci.md

Evidence 
@@ +0,0 docs/incus-dev-lane.md
@@ +0,0 docs/incus-migration-plan.md
@@ +0,0 docs/testing/ci-selectors.md

Several new documentation files are added:

  • incus-migration-plan.md — The overall plan for migrating from microvm to Incus, including phasing and rollback strategy.
  • incus-dev-lane.md — How to use the Incus development lane for local testing.
  • microvm-stuck-chat-runbook.md — Operational runbook for handling stuck microvm chats during the transition period.
  • ci-selectors.md — Documents the CI selector mechanism for choosing test backends.
  • integration-matrix.md — Defines the integration test matrix across backends.
  • microvm-launcher-scope-lock.md, microvm-launcher-target.md, microvm-spawner-scope.md — Scope documentation freezing the microvm launcher and spawner to prevent further investment.
  • agent-ci.md — Updated agent CI documentation reflecting the Incus-only backend.

Add Incus dogfood validation script

Intent: Provide a shell script for dogfooding Incus-based agent provisioning to validate the migration before fully cutting over.

Affected files: scripts/incus-dogfood-check.sh

Evidence 
@@ +0,0 scripts/incus-dogfood-check.sh

A new incus-dogfood-check.sh script is added to scripts/. This script exercises the Incus provisioning path end-to-end, validating that container creation, agent startup, readiness checks, and cleanup all work correctly. It serves as a manual or CI-driven smoke test to build confidence before the production cutover.

Add and update TODO/tracking documents

Intent: Add tracking documents for the pika-cloud migration, microvm simplification, test planning, and microvm v2 deprecation.

Affected files: todos/microvm-launcher-simplify.md, todos/microvm-v2.md, todos/pika-cloud.md, todos/tests-living-plan.md

Evidence 
@@ +0,0 todos/pika-cloud.md
@@ +0,0 todos/microvm-v2.md

Several tracking documents are added or updated:

  • pika-cloud.md — Tracks remaining work items for the pika-cloud crate consolidation.
  • microvm-v2.md — Documents the microvm v2 deprecation status and remaining cleanup.
  • microvm-launcher-simplify.md — Tracks simplification of the (now frozen) microvm launcher.
  • tests-living-plan.md — A living document for the test strategy as the backend migration progresses, ensuring test coverage is maintained through the transition.

Diff