Volt CLI: source-available under AGPSL v5.0

Complete infrastructure platform CLI:
- Container runtime (systemd-nspawn)
- VoltVisor VMs (Neutron Stardust / QEMU)
- Stellarium CAS (content-addressed storage)
- ORAS Registry
- GitOps integration
- Landlock LSM security
- Compose orchestration
- Mesh networking

Copyright (c) Armored Gates LLC. All rights reserved.
Licensed under AGPSL v5.0

tests/hybrid/test-manifests/basic-container.toml

@@ -0,0 +1,23 @@
+# basic-container.toml — Minimal container workload manifest for Volt
+#
+# This creates a standard Voltainer container (systemd-nspawn, shared host kernel).
+# No custom kernel, no hybrid-native features.
+
+[workload]
+name = "test-container-basic"
+type = "container"
+image = "ubuntu:24.04"
+
+[resources]
+memory = "512M"
+cpu_weight = 100
+pids_max = 2048
+
+[network]
+mode = "private"
+bridge = "voltbr0"
+
+[security]
+seccomp = "default"
+landlock = "server"
+private_users = true

tests/hybrid/test-manifests/basic-hybrid.toml

@@ -0,0 +1,28 @@
+# basic-hybrid.toml — Minimal hybrid-native workload manifest for Volt
+#
+# Hybrid-native: boots with its own init (systemd) inside a full boot-mode
+# systemd-nspawn container. Gets private /proc, /sys, cgroups v2 delegation,
+# and PID namespace isolation with PID 1 = systemd.
+
+[workload]
+name = "test-hybrid-basic"
+type = "hybrid"
+image = "ubuntu:24.04"
+
+[resources]
+memory = "1G"
+memory_soft = "512M"
+cpu_weight = 100
+pids_max = 4096
+
+[network]
+mode = "private"
+bridge = "voltbr0"
+
+[kernel]
+profile = "server"
+
+[security]
+seccomp = "default"
+landlock = "server"
+private_users = true

tests/hybrid/test-manifests/full-hybrid.toml

@@ -0,0 +1,65 @@
+# full-hybrid.toml — Hybrid-native workload with all options for Volt
+#
+# Exercises every configurable isolation knob:
+#   - Custom kernel profile
+#   - Strict seccomp
+#   - Landlock LSM (no AppArmor, ever)
+#   - Full cgroups v2 resource limits
+#   - CPU pinning
+#   - I/O weight control
+#   - Network port forwarding
+#   - Read-only rootfs layer
+#   - Private user namespace
+
+[workload]
+name = "test-hybrid-full"
+type = "hybrid"
+image = "ubuntu:24.04"
+
+[resources]
+memory = "2G"
+memory_soft = "1G"
+cpu_weight = 200
+cpu_set = "0-1"
+io_weight = 150
+pids_max = 8192
+
+[network]
+mode = "private"
+bridge = "voltbr0"
+dns = ["1.1.1.1", "1.0.0.1"]
+
+[[network.port_forward]]
+host_port = 8080
+container_port = 80
+protocol = "tcp"
+
+[[network.port_forward]]
+host_port = 8443
+container_port = 443
+protocol = "tcp"
+
+[kernel]
+profile = "server"
+# custom_path = "/var/lib/volt/kernels/vmlinuz-custom"
+
+[security]
+seccomp = "strict"
+landlock = "server"
+private_users = true
+read_only_rootfs = false
+
+[environment]
+VOLT_ENV = "test"
+APP_MODE = "production"
+LOG_LEVEL = "info"
+
+[[volumes]]
+host_path = "/tmp/volt-test-data"
+container_path = "/data"
+read_only = false
+
+[[volumes]]
+host_path = "/etc/ssl/certs"
+container_path = "/etc/ssl/certs"
+read_only = true

tests/hybrid/test-manifests/invalid-missing-name.toml

@@ -0,0 +1,12 @@
+# invalid-missing-name.toml — Invalid manifest: missing required workload.name
+#
+# Used by test_manifest.sh to verify that Volt rejects incomplete manifests
+# with a clear error message.
+
+[workload]
+# name is intentionally omitted
+type = "hybrid"
+image = "ubuntu:24.04"
+
+[resources]
+memory = "512M"

tests/hybrid/test-manifests/invalid-missing-type.toml

@@ -0,0 +1,11 @@
+# invalid-missing-type.toml — Invalid manifest: missing required workload.type
+#
+# Used by test_manifest.sh to verify clear error on missing type field.
+
+[workload]
+name = "test-no-type"
+# type is intentionally omitted
+image = "ubuntu:24.04"
+
+[resources]
+memory = "512M"

tests/hybrid/test-manifests/resource-limited.toml

@@ -0,0 +1,27 @@
+# resource-limited.toml — Hybrid workload with tight resource constraints
+#
+# Used by test_isolation.sh for OOM testing and resource enforcement.
+# Memory hard limit is intentionally small (128M) to make OOM easy to trigger.
+
+[workload]
+name = "test-resource-limited"
+type = "hybrid"
+image = "ubuntu:24.04"
+
+[resources]
+memory = "128M"
+memory_soft = "64M"
+cpu_weight = 50
+pids_max = 512
+
+[network]
+mode = "private"
+bridge = "voltbr0"
+
+[kernel]
+profile = "server"
+
+[security]
+seccomp = "default"
+landlock = "server"
+private_users = true