docs: update README

Signed-off-by: ihexon <14349453+ihexon@users.noreply.github.com>

Author: ihexon

README.md

@@ -1,3 +1,6 @@
+<p align="center">
+  <img src="./icon.png" alt="revm logo" width="520" />
+</p>
 <h1 align="center"><b>revm</b></h1>
 <p align="center">revm helps you quickly launch Linux VMs / Containers</p>
 
@@ -26,6 +29,54 @@ xattr -d com.apple.quarantine revm-Darwin-arm64.tar.zst
 tar -xvf revm-Darwin-arm64.tar.zst
 ```
 
+## Command Overview
+
+`cmd/revm` exposes three user-facing subcommands:
+
+| Command | Alias | What it does |
+|---------|-------|--------------|
+| `revm chroot` | `run` | Boot a Linux microVM from a custom or built-in rootfs, then run a command inside it |
+| `revm dockerd` | `start` | Boot the built-in container VM and expose a Podman-compatible API socket on the host |
+| `revm attach` | — | Reconnect to an existing session over SSH, either as an interactive shell (`--pty`) or a one-off command |
+
+Inside the guest, `cmd/guest-agent` finishes the boot sequence: it mounts pseudo filesystems and shared disks,
+configures networking (`gvisor` or `tsi`), starts SSH and optional Podman services, runs the requested command in
+`chroot` mode, and reports readiness back to the host.
+
+## Quick Start
+
+```bash
+# Run a command inside a rootfs-backed VM
+revm chroot --id build --rootfs ~/ubuntu-rootfs -- bash -lc 'uname -a'
+
+# Re-enter the same VM from another terminal
+revm attach --pty build
+
+# Start the built-in container engine
+revm dockerd --id engine
+export CONTAINER_HOST=unix:///tmp/engine/socks/podman-api.sock
+podman run --rm alpine uname -a
+```
+
+## Key Flags
+
+These flags come from `cmd/revm/flags.go` and are shared by `chroot` / `dockerd` unless noted otherwise.
+
+| Flag | Applies to | Description |
+|------|------------|-------------|
+| `--id` | both | Session name; workspace defaults to `/tmp/<id>` and the same ID cannot be started twice at once |
+| `--cpus`, `--memory` | both | VM CPU and memory sizing |
+| `--mount` | both | Share a host directory into the guest through VirtIO-FS |
+| `--raw-disk` | both | Attach an ext4 raw disk image; missing images are auto-created |
+| `--network` | both | Choose `gvisor` (virtual NIC, NAT, DNS, port forwarding support) or `tsi` (transparent socket interception) |
+| `--system-proxy` | both | Read the macOS system proxy and forward it into the guest |
+| `--manage-api` | both | Custom Unix socket path for the host-side VM management API |
+| `--ssh-key` | both | Symlink the generated SSH private key to a user-chosen path |
+| `--report-events` | both | Send lifecycle events to an HTTP endpoint |
+| `--log-level`, `--log-to` | both | Control host-side logging verbosity and destination |
+| `--rootfs`, `--workdir`, `--envs` | `chroot` | Select the guest rootfs and the execution context for the launched command |
+| `--container-disk`, `--podman-api` | `dockerd` | Control persistent container storage and the exported Podman-compatible socket path |
+
 ---
 
 ## Documentation

README_zh.md

@@ -1,3 +1,6 @@
+<p align="center">
+  <img src="./icon.png" alt="revm logo" width="520" />
+</p>
 <h1 align="center"><b>revm</b></h1>
 <p align="center">快速启动 Linux 虚拟机 / 容器的轻量工具</p>
 
@@ -25,6 +28,53 @@ xattr -d com.apple.quarantine revm-Darwin-arm64.tar.zst
 tar -xvf revm-Darwin-arm64.tar.zst
 ```
 
+## 命令概览
+
+`cmd/revm` 对外暴露三个用户命令：
+
+| 命令 | 别名 | 作用 |
+|------|------|------|
+| `revm chroot` | `run` | 用自定义或内置 rootfs 启动 Linux microVM，并在其中执行命令 |
+| `revm dockerd` | `start` | 启动内置容器虚拟机，并在宿主机暴露兼容 Podman 的 API socket |
+| `revm attach` | — | 通过 SSH 重新连接已有会话，可进入交互 shell（`--pty`）或执行一次性命令 |
+
+虚拟机内部实际运行的是 `cmd/guest-agent`：它负责挂载伪文件系统和共享磁盘、配置网络（`gvisor` 或
+`tsi`）、启动 SSH 和可选的 Podman 服务、在 `chroot` 模式中执行用户命令，并把就绪状态回报给宿主机。
+
+## 快速开始
+
+```bash
+# 在 rootfs 虚拟机里执行命令
+revm chroot --id build --rootfs ~/ubuntu-rootfs -- bash -lc 'uname -a'
+
+# 在另一终端重新进入同一个会话
+revm attach --pty build
+
+# 启动内置容器引擎
+revm dockerd --id engine
+export CONTAINER_HOST=unix:///tmp/engine/socks/podman-api.sock
+podman run --rm alpine uname -a
+```
+
+## 关键参数
+
+这些参数定义在 `cmd/revm/flags.go` 中，除特别说明外由 `chroot` / `dockerd` 共用。
+
+| 参数 | 适用命令 | 说明 |
+|------|----------|------|
+| `--id` | 两者 | 会话名；工作目录默认是 `/tmp/<id>`，同一个 ID 不能并发启动两次 |
+| `--cpus`, `--memory` | 两者 | 虚拟机 CPU 和内存配置 |
+| `--mount` | 两者 | 通过 VirtIO-FS 将宿主目录共享到虚拟机 |
+| `--raw-disk` | 两者 | 挂载 ext4 原始磁盘镜像；文件不存在时会自动创建 |
+| `--network` | 两者 | 选择 `gvisor`（虚拟网卡、NAT、DNS、支持端口映射）或 `tsi`（透明套接字拦截） |
+| `--system-proxy` | 两者 | 读取 macOS 系统代理并传入虚拟机 |
+| `--manage-api` | 两者 | 自定义宿主机侧 VM 管理 API 的 Unix socket 路径 |
+| `--ssh-key` | 两者 | 将生成的 SSH 私钥软链接到指定路径 |
+| `--report-events` | 两者 | 将生命周期事件上报到 HTTP 端点 |
+| `--log-level`, `--log-to` | 两者 | 控制宿主机侧日志级别和输出位置 |
+| `--rootfs`, `--workdir`, `--envs` | `chroot` | 指定 rootfs，以及命令执行目录和环境变量 |
+| `--container-disk`, `--podman-api` | `dockerd` | 控制容器持久化磁盘与导出的 Podman 兼容 socket 路径 |
+
 ---
 
 ## 文档

cmd/guest-agent/README.md

@@ -1,3 +1,42 @@
 # Guest Agent
 
-The guest agent runs inside the Linux VM as a child of PID 1. It bootstraps the guest environment — mounting filesystems, configuring networking, starting services (SSH, Podman API), and executing user commands.
+`cmd/guest-agent` runs inside every `revm` VM as the in-guest bootstrap companion. It is not the normal user entry
+point; the host-side `cmd/revm` process creates the VM, injects configuration, and this agent finishes guest
+initialization.
+
+## Responsibilities
+
+- Extract embedded BusyBox and Dropbear binaries into `/.bin`.
+- Fetch the VM configuration from the host over vsock and persist it inside the guest.
+- Mount pseudo filesystems, raw block devices, and VirtIO-FS shares.
+- Configure guest networking for `gvisor` or `tsi`.
+- Start long-lived services such as SSH, Podman API, and NTP sync.
+- Run the user command in `chroot` mode, or keep the container engine alive in `dockerd` mode.
+- Probe readiness and report SSH / Podman / network status back to the host.
+- Sync disks and power off the VM on shutdown signals.
+
+## Boot Flow
+
+1. Initialize logging and extract embedded helper binaries.
+2. Read the machine config from the host via vsock.
+3. Mount `/proc`, `/sys`, `/dev`, `/tmp`, `/run`, block devices, and VirtIO-FS mounts.
+4. Start mode-specific services:
+   - `chroot`: configure network, start SSH and time sync, then execute the requested command.
+   - `dockerd`: configure network, start Podman API, SSH, and time sync.
+5. Run readiness probes and send ready events back to the host.
+6. Wait for shutdown, sync disks, and force power off the VM.
+
+## File Map
+
+| Path | Purpose |
+|------|---------|
+| `main.go` | Main orchestration for guest boot, mode dispatch, and lifecycle |
+| `pkg/service/embedded.go` | Extract embedded BusyBox / Dropbear binaries |
+| `pkg/service/mount.go` | Mount pseudo filesystems, block devices, and VirtIO-FS shares |
+| `pkg/service/network.go` | Guest network setup for `gvisor` and `tsi` |
+| `pkg/service/dropbear.go` | Dropbear SSH server bootstrap |
+| `pkg/service/podman.go` | Podman system service bootstrap |
+| `pkg/service/runcmdline.go` | Execute the user command, including TTY-aware console handling |
+| `pkg/service/readiness.go` | SSH / Podman / interface readiness probes |
+| `pkg/service/shutdown.go` | Shutdown coordination: sync then `poweroff -f` |
+| `pkg/supervisor/supervisor.go` | Minimal restart-capable process supervisor used by guest services |