feat: remove Docker/Podman dependency with native runtime support

[nglmercer]

Summary

Adds a native process-based runtime that runs HelixDB without Docker or Podman, enabling bare-metal execution. This is the foundation for future in-memory database features that need direct process control.

Changes

• ContainerRuntime::Native — new variant in config.rs with is_native(), binary()="native", label()="Native"
• Runtime enum — dispatches between Container(LocalRuntime) and Native(NativeManager) via Runtime::for_project()
• NativeManager — process lifecycle via PID files, SIGTERM/SIGKILL, log file output, TCP readiness probe
• ProjectContext — added volumes_dir() and instance_volume() helpers
• All commands updated — run, stop, restart, status, logs, prune, delete use Runtime::for_project()
• Clippy fixes — collapsible_if, derivable_impls, should_implement_trait in sdks

Usage

# helix.toml
[project]
name = "myproject"
container_runtime = "native"

Then helix run dev runs the binary directly instead of in a container.

Backward Compatibility

Docker and Podman runtimes remain the default. container_runtime = "docker" (the default) works exactly as before.

Greptile Summary

This PR introduces a ContainerRuntime::Native variant that bypasses Docker/Podman entirely, spawning the HelixDB binary as a plain OS process managed via PID files, SIGTERM/SIGKILL, and a log file. All CLI commands are updated to dispatch through a new Runtime enum routing to either LocalRuntime or the new NativeManager. The SDK changes are unrelated Clippy fixes.

• NativeManager manages process lifecycle: spawns the native binary with HELIX_PORT/HELIX_DATA_DIR, writes a PID file, probes TCP readiness, and stops via SIGTERM → SIGKILL.
• Runtime enum dispatches all CLI operations; all command files now use Runtime::for_project() instead of constructing LocalRuntime directly.
• Two correctness gaps in NativeManager: if save_pid fails after a successful spawn, the process leaks with no CLI-visible handle; and in start_foreground, if the process doesn't exit within 10 seconds of Ctrl-C, the CLI returns an error but sends no SIGKILL, leaving the process running.

Important Files Changed

Filename	Overview
helix-cli/src/local_runtime.rs	Adds NativeManager for process-based runtime; two correctness gaps: orphan process if save_pid fails after spawn, and no SIGKILL fallback in start_foreground on Ctrl-C timeout.
helix-cli/src/config.rs	Adds ContainerRuntime::Native variant with is_native(), binary(), label(); clean backward-compatible change with Docker as default.
helix-cli/src/project.rs	Adds volumes_dir() and instance_volume() helpers to ProjectContext; straightforward path helpers.
helix-cli/src/commands/dashboard.rs	Adds Native arm returning localhost for dashboard host resolution; will fail on macOS/Windows where container localhost does not equal host.
helix-cli/src/commands/logs/mod.rs	Switches to Runtime::for_project; error message still references docker/podman when native runtime is in use.
sdks/rust/src/dsl.rs	Clippy fixes: derives Default for Order and EmitBehavior instead of manual impls, adds allow(clippy::should_implement_trait) on arithmetic methods.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[helix run / stop / restart / status / logs / prune] --> B[Runtime::for_project]
    B --> C{container_runtime in helix.toml}
    C -- docker / podman --> D[LocalRuntime]
    C -- native --> E[NativeManager]
    D --> F[docker/podman run / rm / ps / logs]
    E --> G[spawn binary HELIX_PORT + HELIX_DATA_DIR]
    G --> H[save_pid to .helix/name/helix.pid]
    H -->|save_pid fails| I[process leaks no PID file]
    H -->|success| J[TCP readiness probe :port]
    J -->|ready| K[instance running]
    K --> L{helix stop}
    L --> M[read_pid SIGTERM wait 10s SIGKILL]
    M --> N[remove PID file]
    E --> O[start_foreground: inherit stdio]
    O --> P{Ctrl-C}
    P --> Q[wait 10s for exit]
    Q -->|timeout| R[returns error process still running]
    Q -->|exited| S[done]

Loading

_{Reviews (1): Last reviewed commit: "feat: remove Docker/Podman dependency wi..." | Re-trigger Greptile}

Greptile also left 4 inline comments on this PR.

[greptile-apps]

Native foreground: process left running after Ctrl-C timeout

When the user presses Ctrl-C, the process receives SIGINT along with the CLI. If it doesn't exit within 10 seconds, the Err(_) arm returns an error — but no signal is sent to the child and the process keeps running. Compare this to the container runtime's start_foreground, which explicitly calls remove_container (a force-stop) before waiting. Without an equivalent stop_process(instance_name) call here, a slow-to-exit native instance becomes an orphan that the CLI reports as failed while it continues consuming resources.

[greptile-apps]

Orphan process if save_pid fails after spawn

cmd.spawn() returns a Child, and then save_pid writes the PID to disk. If save_pid fails (e.g., a filesystem permission error on the workspace directory), the function returns an error — but the spawned process is already running and detached (Rust's std::process::Child does not kill on drop). The PID file is missing, so neither helix stop nor helix status will find the instance; the native process leaks with no CLI-level way to stop it. The child should be explicitly killed if save_pid returns an error.

[greptile-apps]

Dashboard container unreachable on macOS/Windows with native runtime

The comment above says "The dashboard is always a container (Docker/Podman), never native", yet "localhost" is returned for the Native arm. Inside a Docker or Podman container on macOS and Windows, localhost resolves to the container itself, not the host. So when container_runtime = "native", the HelixDB process is running directly on the host, but the dashboard container would try to reach it at localhost and fail to connect. On Linux with host networking this works, but on macOS/Windows users would see connection errors from the dashboard. Consider returning "host.docker.internal" (or the equivalent per the outer runtime responsible for the dashboard) instead, or explicitly blocking helix dashboard when running the native runtime.

[greptile-apps]

PID reuse risk may kill an unrelated process

is_process_running and then kill -TERM {pid} operate on a numeric PID without verifying that the process belongs to this Helix instance. On Linux the /proc/{pid} directory existing only confirms that a process with that PID is alive; on other platforms kill -0 has the same limitation. On long-running machines (or after system restarts where the PID file is stale), the recycled PID could point to an unrelated daemon, which stop_process would then SIGTERM/SIGKILL. Storing an additional process attribute (e.g., start-time or a process-group ID) and comparing it before sending signals would make this safe.

[xav-db]

will review