# Provider And VM-Hosting Reality Proof The focused local-KVM proof for the provider and VM-hosting bundles is: ```bash nix run ./nix/test-cluster#cluster -- provider-vm-reality-proof ``` Artifacts are written under `./work/provider-vm-reality-proof/` and `./work/provider-vm-reality-proof/latest`. ## What This Lane Proves - PrismNet tenant VPC, subnet, port, and security-group ACL lifecycle on the supported local-KVM surface. - FlashDNS authoritative record exposure on the DNS listener, with captured answers for workload and service records. - FiberLB listener publication plus backend drain and re-convergence for the shipped local-KVM listener surface. - PlasmaVMC KVM shared-storage migration, CoronaFS handoff, and post-migration restart on the supported worker pair. The proof is intentionally narrower than `fresh-matrix`. `fresh-matrix` remains the broad composition suite; `provider-vm-reality-proof` is the artifact-producing companion lane that keeps provider and VM-hosting evidence in one dated root. ## Recorded Artifacts The proof root keeps two subtrees: - `network-provider/`: PrismNet, FlashDNS, and FiberLB create or get responses, authoritative DNS answers, FiberLB backend disable or restore evidence, and service journals. - `vm-hosting/`: VM create response, VM spec, volume state before and after migration, PrismNet port state after migration, VM watch output, and PlasmaVMC or CoronaFS service journals. `result.json` records the overall proof status, start and finish timestamps, and the artifact subdirectories. ## Supported Scope And Fixed Limits The local-KVM proof intentionally does not claim the full hardware-network surface. - PrismNet real OVS/OVN dataplane validation remains outside the supported local KVM surface. The current proof keeps tenant API lifecycle and attached-VM networking honest, but not a release-grade `ovn-nbctl` or hardware-switch path. - FiberLB native BGP or BFD peer interop and hardware VIP ownership remain outside the supported local KVM surface. The current proof fixes the shipped contract to listener publication plus backend drain or re-convergence inside the lab. - PlasmaVMC real-hardware migration or storage handoff remains a later hardware proof. The current proof fixes the release surface to KVM shared-storage migration on the local worker pair. Use the hardware bring-up pack in [hardware-bringup.md](hardware-bringup.md) when transport becomes available and the ISO path can be exercised on a real machine.