Add background process execution API

Start long-running processes (web servers, daemons) without blocking the
HTTP request. Leverages envd's existing background process support
(context.Background(), List, Connect, SendSignal RPCs) and wires it
through the host agent and control plane layers.

New API surface:
- POST /v1/capsules/{id}/exec with background:true → 202 {pid, tag}
- GET /v1/capsules/{id}/processes → list running processes
- DELETE /v1/capsules/{id}/processes/{selector} → kill by PID or tag
- WS /v1/capsules/{id}/processes/{selector}/stream → reconnect to output

The {selector} param auto-detects: numeric = PID, string = tag.
Tags are auto-generated as "proc-" + 8 hex chars if not provided.

internal/sandbox/manager.go

@@ -24,12 +24,13 @@ import (
 	"git.omukk.dev/wrenn/wrenn/internal/snapshot"
 	"git.omukk.dev/wrenn/wrenn/internal/uffd"
 	"git.omukk.dev/wrenn/wrenn/internal/vm"
+	envdpb "git.omukk.dev/wrenn/wrenn/proto/envd/gen"
 )
 
 // Config holds the paths and defaults for the sandbox manager.
 type Config struct {
-	WrennDir           string // root directory (e.g. /var/lib/wrenn); all sub-paths derived via layout package
-	EnvdTimeout        time.Duration
+	WrennDir            string // root directory (e.g. /var/lib/wrenn); all sub-paths derived via layout package
+	EnvdTimeout         time.Duration
 	DefaultRootfsSizeMB int // target size for template rootfs images; 0 → DefaultDiskSizeMB
 }
 
@@ -1328,6 +1329,74 @@ func (m *Manager) PtyKill(ctx context.Context, sandboxID, tag string) error {
 	return sb.client.PtyKill(ctx, tag)
 }
 
+// StartBackground starts a background process inside a sandbox.
+func (m *Manager) StartBackground(ctx context.Context, sandboxID, tag, cmd string, args []string, envs map[string]string, cwd string) (uint32, error) {
+	sb, err := m.get(sandboxID)
+	if err != nil {
+		return 0, err
+	}
+	if sb.Status != models.StatusRunning {
+		return 0, fmt.Errorf("sandbox %s is not running (status: %s)", sandboxID, sb.Status)
+	}
+
+	m.mu.Lock()
+	sb.LastActiveAt = time.Now()
+	m.mu.Unlock()
+
+	return sb.client.StartBackground(ctx, tag, cmd, args, envs, cwd)
+}
+
+// ConnectProcess re-attaches to a running process inside a sandbox.
+func (m *Manager) ConnectProcess(ctx context.Context, sandboxID string, pid uint32, tag string) (<-chan envdclient.ExecStreamEvent, error) {
+	sb, err := m.get(sandboxID)
+	if err != nil {
+		return nil, err
+	}
+	if sb.Status != models.StatusRunning {
+		return nil, fmt.Errorf("sandbox %s is not running (status: %s)", sandboxID, sb.Status)
+	}
+
+	m.mu.Lock()
+	sb.LastActiveAt = time.Now()
+	m.mu.Unlock()
+
+	return sb.client.ConnectProcess(ctx, pid, tag)
+}
+
+// ListProcesses returns all running processes inside a sandbox.
+func (m *Manager) ListProcesses(ctx context.Context, sandboxID string) ([]envdclient.ProcessInfo, error) {
+	sb, err := m.get(sandboxID)
+	if err != nil {
+		return nil, err
+	}
+	if sb.Status != models.StatusRunning {
+		return nil, fmt.Errorf("sandbox %s is not running (status: %s)", sandboxID, sb.Status)
+	}
+
+	m.mu.Lock()
+	sb.LastActiveAt = time.Now()
+	m.mu.Unlock()
+
+	return sb.client.ListProcesses(ctx)
+}
+
+// KillProcess sends a signal to a process inside a sandbox.
+func (m *Manager) KillProcess(ctx context.Context, sandboxID string, pid uint32, tag string, signal envdpb.Signal) error {
+	sb, err := m.get(sandboxID)
+	if err != nil {
+		return err
+	}
+	if sb.Status != models.StatusRunning {
+		return fmt.Errorf("sandbox %s is not running (status: %s)", sandboxID, sb.Status)
+	}
+
+	m.mu.Lock()
+	sb.LastActiveAt = time.Now()
+	m.mu.Unlock()
+
+	return sb.client.KillProcess(ctx, pid, tag, signal)
+}
+
 // AcquireProxyConn atomically looks up a sandbox by ID and registers an
 // in-flight proxy connection. Returns the sandbox's host-reachable IP, the
 // connection tracker, and true on success. The caller must call