refactor(vm): extract gateway into standalone binary

Move the gateway VM launching out of `nemoclaw gateway` into its own
`gateway` binary built from the navigator-vm crate. The nemoclaw CLI
no longer links against libkrun or requires macOS hypervisor codesigning.

Add scripts/bin/gateway wrapper (build + codesign + exec) and clean up
scripts/bin/nemoclaw to remove navigator-vm artifacts.

Author: drew

Cargo.lock

@@ -20,7 +20,6 @@ navigator-core = { path = "../navigator-core" }
 navigator-policy = { path = "../navigator-policy" }
 navigator-providers = { path = "../navigator-providers" }
 navigator-tui = { path = "../navigator-tui" }
-navigator-vm = { path = "../navigator-vm" }
 serde = { workspace = true }
 serde_json = { workspace = true }
 serde_yaml = { workspace = true }

crates/navigator-cli/Cargo.toml

@@ -9,10 +9,9 @@ use clap_complete::env::CompleteEnv;
 use miette::Result;
 use owo_colors::OwoColorize;
 use std::io::Write;
-use std::path::PathBuf;
 
 use navigator_bootstrap::{
-    load_active_cluster, load_cluster_metadata, load_last_sandbox, paths, save_last_sandbox,
+    load_active_cluster, load_cluster_metadata, load_last_sandbox, save_last_sandbox,
 };
 use navigator_cli::completers;
 use navigator_cli::run;
@@ -146,54 +145,6 @@ enum Commands {
     /// Launch the NemoClaw interactive TUI.
     Term,
 
-    /// Boot a libkrun microVM.
-    ///
-    /// By default, starts a k3s Kubernetes cluster inside the VM with the
-    /// API server on port 6443. Use `--exec` to run a custom process instead.
-    Gateway {
-        /// Path to the rootfs directory (aarch64 Linux).
-        /// Defaults to `~/.local/share/nemoclaw/gateway/rootfs`.
-        #[arg(long, value_hint = ValueHint::DirPath)]
-        rootfs: Option<PathBuf>,
-
-        /// Executable path inside the VM. When set, runs this instead of
-        /// the default k3s server.
-        #[arg(long)]
-        exec: Option<String>,
-
-        /// Arguments to the executable (requires `--exec`).
-        #[arg(long, num_args = 1..)]
-        args: Vec<String>,
-
-        /// Environment variables in `KEY=VALUE` form (requires `--exec`).
-        #[arg(long, num_args = 1..)]
-        env: Vec<String>,
-
-        /// Working directory inside the VM.
-        #[arg(long, default_value = "/")]
-        workdir: String,
-
-        /// Port mappings (`host_port:guest_port`).
-        #[arg(long, short, num_args = 1..)]
-        port: Vec<String>,
-
-        /// Number of virtual CPUs (default: 4 for gateway, 2 for --exec).
-        #[arg(long)]
-        vcpus: Option<u8>,
-
-        /// RAM in MiB (default: 8192 for gateway, 2048 for --exec).
-        #[arg(long)]
-        mem: Option<u32>,
-
-        /// libkrun log level (0=Off .. 5=Trace).
-        #[arg(long, default_value_t = 1)]
-        krun_log_level: u32,
-
-        /// Networking backend: "gvproxy" (default), "tsi", or "none".
-        #[arg(long, default_value = "gvproxy")]
-        net: String,
-    },
-
     /// Generate shell completions.
     #[command(after_long_help = COMPLETIONS_HELP)]
     Completions {
@@ -1340,76 +1291,6 @@ async fn main() -> Result<()> {
             let channel = navigator_cli::tls::build_channel(&ctx.endpoint, &tls).await?;
             navigator_tui::run(channel, &ctx.name, &ctx.endpoint).await?;
         }
-        Some(Commands::Gateway {
-            rootfs,
-            exec,
-            args,
-            env,
-            workdir,
-            port,
-            vcpus,
-            mem,
-            krun_log_level,
-            net,
-        }) => {
-            let net_backend = match net.as_str() {
-                "tsi" => navigator_vm::NetBackend::Tsi,
-                "none" => navigator_vm::NetBackend::None,
-                "gvproxy" => navigator_vm::NetBackend::Gvproxy {
-                    binary: PathBuf::from(
-                        // Try to find gvproxy
-                        [
-                            "/opt/podman/bin/gvproxy",
-                            "/opt/homebrew/bin/gvproxy",
-                            "/usr/local/bin/gvproxy",
-                        ]
-                        .iter()
-                        .find(|p| std::path::Path::new(p).exists())
-                        .unwrap_or(&"/opt/podman/bin/gvproxy"),
-                    ),
-                },
-                other => {
-                    return Err(miette::miette!(
-                        "unknown --net backend: {other} (expected: gvproxy, tsi, none)"
-                    ));
-                }
-            };
-
-            let rootfs = rootfs.map_or_else(paths::default_rootfs_dir, Ok)?;
-            let mut config = if let Some(exec_path) = exec {
-                navigator_vm::VmConfig {
-                    rootfs,
-                    vcpus: vcpus.unwrap_or(2),
-                    mem_mib: mem.unwrap_or(2048),
-                    exec_path,
-                    args,
-                    env,
-                    workdir,
-                    port_map: port,
-                    log_level: krun_log_level,
-                    console_output: None,
-                    net: net_backend.clone(),
-                }
-            } else {
-                let mut c = navigator_vm::VmConfig::gateway(rootfs);
-                if !port.is_empty() {
-                    c.port_map = port;
-                }
-                if let Some(v) = vcpus {
-                    c.vcpus = v;
-                }
-                if let Some(m) = mem {
-                    c.mem_mib = m;
-                }
-                c.net = net_backend;
-                c
-            };
-            config.log_level = krun_log_level;
-            let code = navigator_vm::launch(&config).map_err(|e| miette::miette!("{e}"))?;
-            if code != 0 {
-                std::process::exit(code);
-            }
-        }
         Some(Commands::Completions { shell }) => {
             let exe = std::env::current_exe()
                 .map_err(|e| miette::miette!("failed to find current executable: {e}"))?;

crates/navigator-cli/src/main.rs

@@ -14,13 +14,20 @@ description = "MicroVM runtime using libkrun for hardware-isolated execution"
 name = "navigator_vm"
 path = "src/lib.rs"
 
+[[bin]]
+name = "gateway"
+path = "src/main.rs"
+
 [dependencies]
 base64 = "0.22"
+clap = { workspace = true }
 libc = "0.2"
 miette = { workspace = true }
 navigator-bootstrap = { path = "../navigator-bootstrap" }
 serde_json = "1"
 thiserror = { workspace = true }
+tracing = { workspace = true }
+tracing-subscriber = { workspace = true }
 
 [lints]
 workspace = true

crates/navigator-vm/Cargo.toml

@@ -0,0 +1,150 @@
+// SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+//! Standalone gateway binary.
+//!
+//! Boots a libkrun microVM running the NemoClaw control plane (k3s +
+//! navigator-server). By default it uses the pre-built rootfs at
+//! `~/.local/share/nemoclaw/gateway/rootfs`.
+//!
+//! # Codesigning (macOS)
+//!
+//! This binary must be codesigned with the `com.apple.security.hypervisor`
+//! entitlement. See `entitlements.plist` in this crate.
+//!
+//! ```sh
+//! codesign --entitlements crates/navigator-vm/entitlements.plist --force -s - target/debug/gateway
+//! ```
+
+use std::path::PathBuf;
+
+use clap::{Parser, ValueHint};
+
+/// Boot the NemoClaw gateway microVM.
+///
+/// Starts a libkrun microVM running a k3s Kubernetes cluster with the
+/// NemoClaw control plane. Use `--exec` to run a custom process instead.
+#[derive(Parser)]
+#[command(name = "gateway", version)]
+struct Cli {
+    /// Path to the rootfs directory (aarch64 Linux).
+    /// Defaults to `~/.local/share/nemoclaw/gateway/rootfs`.
+    #[arg(long, value_hint = ValueHint::DirPath)]
+    rootfs: Option<PathBuf>,
+
+    /// Executable path inside the VM. When set, runs this instead of
+    /// the default k3s server.
+    #[arg(long)]
+    exec: Option<String>,
+
+    /// Arguments to the executable (requires `--exec`).
+    #[arg(long, num_args = 1..)]
+    args: Vec<String>,
+
+    /// Environment variables in `KEY=VALUE` form (requires `--exec`).
+    #[arg(long, num_args = 1..)]
+    env: Vec<String>,
+
+    /// Working directory inside the VM.
+    #[arg(long, default_value = "/")]
+    workdir: String,
+
+    /// Port mappings (`host_port:guest_port`).
+    #[arg(long, short, num_args = 1..)]
+    port: Vec<String>,
+
+    /// Number of virtual CPUs (default: 4 for gateway, 2 for --exec).
+    #[arg(long)]
+    vcpus: Option<u8>,
+
+    /// RAM in MiB (default: 8192 for gateway, 2048 for --exec).
+    #[arg(long)]
+    mem: Option<u32>,
+
+    /// libkrun log level (0=Off .. 5=Trace).
+    #[arg(long, default_value_t = 1)]
+    krun_log_level: u32,
+
+    /// Networking backend: "gvproxy" (default), "tsi", or "none".
+    #[arg(long, default_value = "gvproxy")]
+    net: String,
+}
+
+fn main() {
+    tracing_subscriber::fmt::init();
+
+    let cli = Cli::parse();
+
+    let code = match run(cli) {
+        Ok(code) => code,
+        Err(e) => {
+            eprintln!("Error: {e}");
+            1
+        }
+    };
+
+    if code != 0 {
+        std::process::exit(code);
+    }
+}
+
+fn run(cli: Cli) -> Result<i32, Box<dyn std::error::Error>> {
+    let net_backend = match cli.net.as_str() {
+        "tsi" => navigator_vm::NetBackend::Tsi,
+        "none" => navigator_vm::NetBackend::None,
+        "gvproxy" => navigator_vm::NetBackend::Gvproxy {
+            binary: PathBuf::from(
+                [
+                    "/opt/podman/bin/gvproxy",
+                    "/opt/homebrew/bin/gvproxy",
+                    "/usr/local/bin/gvproxy",
+                ]
+                .iter()
+                .find(|p| std::path::Path::new(p).exists())
+                .unwrap_or(&"/opt/podman/bin/gvproxy"),
+            ),
+        },
+        other => {
+            return Err(
+                format!("unknown --net backend: {other} (expected: gvproxy, tsi, none)").into(),
+            );
+        }
+    };
+
+    let rootfs = match cli.rootfs {
+        Some(p) => p,
+        None => navigator_bootstrap::paths::default_rootfs_dir()?,
+    };
+
+    let mut config = if let Some(exec_path) = cli.exec {
+        navigator_vm::VmConfig {
+            rootfs,
+            vcpus: cli.vcpus.unwrap_or(2),
+            mem_mib: cli.mem.unwrap_or(2048),
+            exec_path,
+            args: cli.args,
+            env: cli.env,
+            workdir: cli.workdir,
+            port_map: cli.port,
+            log_level: cli.krun_log_level,
+            console_output: None,
+            net: net_backend.clone(),
+        }
+    } else {
+        let mut c = navigator_vm::VmConfig::gateway(rootfs);
+        if !cli.port.is_empty() {
+            c.port_map = cli.port;
+        }
+        if let Some(v) = cli.vcpus {
+            c.vcpus = v;
+        }
+        if let Some(m) = cli.mem {
+            c.mem_mib = m;
+        }
+        c.net = net_backend;
+        c
+    };
+    config.log_level = cli.krun_log_level;
+
+    Ok(navigator_vm::launch(&config)?)
+}

crates/navigator-vm/src/main.rs

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+BINARY="$PROJECT_ROOT/target/debug/gateway"
+
+cargo build --package navigator-vm --bin gateway --quiet
+
+# On macOS, codesign with the hypervisor entitlement so libkrun can use
+# Apple's Hypervisor.framework. Re-sign after every build.
+ENTITLEMENTS="$PROJECT_ROOT/crates/navigator-vm/entitlements.plist"
+if [[ "$(uname)" == "Darwin" ]] && [[ -f "$ENTITLEMENTS" ]]; then
+  codesign --entitlements "$ENTITLEMENTS" --force -s - "$BINARY" 2>/dev/null
+fi
+
+# Ensure libkrunfw is discoverable by libkrun's dlopen on macOS.
+# dyld only reads DYLD_FALLBACK_LIBRARY_PATH at process startup, so we
+# set it here before exec.
+if [[ "$(uname)" == "Darwin" ]]; then
+  HOMEBREW_LIB="$(brew --prefix 2>/dev/null || echo /opt/homebrew)/lib"
+  export DYLD_FALLBACK_LIBRARY_PATH="${HOMEBREW_LIB}${DYLD_FALLBACK_LIBRARY_PATH:+:$DYLD_FALLBACK_LIBRARY_PATH}"
+fi
+
+exec "$BINARY" "$@"