diff --git a/demo-apps/helloworld-knative-nydus/service.yaml b/demo-apps/helloworld-knative-nydus/service.yaml
new file mode 100644
index 0000000..81d75ac
--- /dev/null
+++ b/demo-apps/helloworld-knative-nydus/service.yaml
@@ -0,0 +1,21 @@
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+  name: helloworld-knative
+spec:
+  template:
+    metadata:
+      labels:
+        apps.sc2.io/name: helloworld-py
+    spec:
+      runtimeClassName: kata-${SC2_RUNTIME_CLASS}
+      # coco-knative: need to run user container as root
+      securityContext:
+        runAsUser: 1000
+      containers:
+        - image: sc2cr.io/applications/helloworld-py:unencrypted-nydus
+          ports:
+            - containerPort: 8080
+          env:
+            - name: TARGET
+              value: "World"
diff --git a/demo-apps/helloworld-py-nydus/Dockerfile b/demo-apps/helloworld-py-nydus/Dockerfile
deleted file mode 100644
index 5b5538e..0000000
--- a/demo-apps/helloworld-py-nydus/Dockerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-# Adapted from https://github.com/knative/docs/tree/main/code-samples/serving/hello-world/helloworld-python
-FROM python:3.10-slim
-
-# Allow statements and log messages to immediately appear in the Knative logs
-ENV PYTHONUNBUFFERED True
-
-# Copy local code to the container image.
-ENV APP_HOME /app
-WORKDIR $APP_HOME
-COPY . ./
-
-# Install production dependencies.
-RUN pip install Flask
-
-# Run the web service on container startup.
-CMD ["python", "app.py"]
diff --git a/demo-apps/helloworld-py-nydus/app.py b/demo-apps/helloworld-py-nydus/app.py
deleted file mode 100644
index 792a036..0000000
--- a/demo-apps/helloworld-py-nydus/app.py
+++ /dev/null
@@ -1,14 +0,0 @@
-from flask import Flask
-from os import environ
-
-app = Flask(__name__)
-
-
-@app.route("/")
-def hello_world():
-    target = environ.get("TARGET", "World")
-    return "Hello {}!\n".format(target)
-
-
-if __name__ == "__main__":
-    app.run(debug=True, host="0.0.0.0", port=int(environ.get("PORT", 8080)))
diff --git a/docker/containerd.dockerfile b/docker/containerd.dockerfile
index dd5fc6f..afd30e8 100644
--- a/docker/containerd.dockerfile
+++ b/docker/containerd.dockerfile
@@ -18,6 +18,7 @@ RUN git clone \
         -b sc2-main \
         https://github.com/sc2-sys/containerd.git \
         ${CODE_DIR} \
+    && git config --global --add safe.directory ${CODE_DIR} \
     && cd ${CODE_DIR} \
     && make
 
diff --git a/docker/nydus.dockerfile b/docker/nydus.dockerfile
index 7009dc9..709a22c 100644
--- a/docker/nydus.dockerfile
+++ b/docker/nydus.dockerfile
@@ -11,9 +11,6 @@ RUN apt-get update \
         gopls \
         make
 
-# ENV GOPATH=/go
-# ENV PATH=${PATH}:/usr/local/go/bin:/root/.cargo/bin
-
 # Build the daemon and other tools like nydusify
 ARG CODE_DIR=/go/src/github.com/sc2-sys/nydus
 RUN mkdir -p ${CODE_DIR} \
diff --git a/docker/nydus_snapshotter.dockerfile b/docker/nydus_snapshotter.dockerfile
index de1eb97..57745e8 100644
--- a/docker/nydus_snapshotter.dockerfile
+++ b/docker/nydus_snapshotter.dockerfile
@@ -7,13 +7,8 @@ FROM ghcr.io/sc2-sys/base:0.10.0
 # Install APT dependencies
 RUN apt-get update \
     && apt-get install -y \
-    # gcc clang cmake \
         gopls \
-        # libseccomp-dev \
         make \
-        # musl-tools \
-        # wget \
-        # libdevmapper-dev \
         protobuf-compiler
 
 ARG CODE_DIR=/go/src/github.com/sc2-sys/nydus-snapshotter
diff --git a/tasks/containerd.py b/tasks/containerd.py
index 9432ae3..89c91ec 100644
--- a/tasks/containerd.py
+++ b/tasks/containerd.py
@@ -21,6 +21,15 @@
     join(GHCR_URL, GITHUB_ORG, "containerd") + f":{CONTAINERD_VERSION}"
 )
 
+CONTAINERD_BINARY_NAMES = [
+    "containerd",
+    "containerd-shim",
+    "containerd-shim-runc-v1",
+    "containerd-shim-runc-v2",
+]
+CONTAINERD_CTR_BINPATH = "/go/src/github.com/sc2-sys/containerd/bin"
+CONTAINERD_HOST_BINPATH = "/usr/bin"
+
 
 def do_build(debug=False):
     docker_cmd = "docker build -t {} -f {} .".format(
@@ -42,7 +51,7 @@ def build(ctx):
 
 
 @task
-def cli(ctx):
+def cli(ctx, mount_path=join(PROJ_ROOT, "..", "containerd")):
     """
     Get a working environment for containerd
     """
@@ -50,6 +59,9 @@ def cli(ctx):
         docker_cmd = [
             "docker run",
             "-d -it",
+            # The container path comes from the dockerfile in:
+            # ./docker/containerd.dockerfile
+            f"-v {mount_path}:/go/src/github.com/sc2-sys/containerd",
             "--name {}".format(CONTAINERD_CTR_NAME),
             CONTAINERD_IMAGE_TAG,
             "bash",
@@ -85,6 +97,23 @@ def set_log_level(ctx, log_level):
     restart_containerd()
 
 
+@task
+def hot_replace(ctx):
+    """
+    Replace containerd binaries from running workon container
+    """
+    if not is_ctr_running(CONTAINERD_CTR_NAME):
+        print("Must have the work-on container running to hot replace!")
+        print("Consider running: inv containerd.cli ")
+
+    for binary in CONTAINERD_BINARY_NAMES:
+        print(f"cp {CONTAINERD_CTR_NAME}:{CONTAINERD_CTR_BINPATH}/{binary} {CONTAINERD_HOST_BINPATH}/{binary}")
+        docker_cmd = f"sudo docker cp {CONTAINERD_CTR_NAME}:{CONTAINERD_CTR_BINPATH}/{binary} {CONTAINERD_HOST_BINPATH}/{binary}"
+        run(docker_cmd, shell=True, check=True)
+
+    restart_containerd()
+
+
 @task
 def install(ctx, debug=False, clean=False):
     """
@@ -97,17 +126,11 @@ def install(ctx, debug=False, clean=False):
 
     do_build(debug=debug)
 
-    binary_names = [
-        "containerd",
-        "containerd-shim",
-        "containerd-shim-runc-v1",
-        "containerd-shim-runc-v2",
-    ]
     ctr_base_path = "/go/src/github.com/sc2-sys/containerd/bin"
     host_base_path = "/usr/bin"
 
-    host_binaries = [join(host_base_path, binary) for binary in binary_names]
-    ctr_binaries = [join(ctr_base_path, binary) for binary in binary_names]
+    host_binaries = [join(host_base_path, binary) for binary in CONTAINERD_BINARY_NAMES]
+    ctr_binaries = [join(ctr_base_path, binary) for binary in CONTAINERD_BINARY_NAMES]
     copy_from_ctr_image(
         CONTAINERD_IMAGE_TAG, ctr_binaries, host_binaries, requires_sudo=True
     )
diff --git a/tasks/kata.py b/tasks/kata.py
index 6f00f4a..2972c55 100644
--- a/tasks/kata.py
+++ b/tasks/kata.py
@@ -83,7 +83,7 @@ def set_log_level(ctx, log_level):
 
     enable_debug = str(log_level == "debug").lower()
 
-    for runtime in KATA_RUNTIMES:
+    for runtime in KATA_RUNTIMES + SC2_RUNTIMES:
         conf_file_path = join(KATA_CONFIG_DIR, "configuration-{}.toml".format(runtime))
         updated_toml_str = """
         [hypervisor.qemu]
diff --git a/tasks/sc2.py b/tasks/sc2.py
index 95cdab8..04a1574 100644
--- a/tasks/sc2.py
+++ b/tasks/sc2.py
@@ -180,6 +180,7 @@ def install_sc2_runtime(debug=False):
         "sudo -E target/release/vm-cache background > /dev/null 2>&1",
         cwd=vm_cache_dir,
         shell=True,
+        check=True,
     )
 
 
@@ -196,7 +197,7 @@ def deploy(ctx, debug=False, clean=False):
 
     if clean:
         # Remove all directories that we populate and modify
-        for nuked_dir in [COCO_ROOT, CONTAINERD_CONFIG_ROOT, HOST_CERT_DIR, KATA_ROOT]:
+        for nuked_dir in [COCO_ROOT, CONTAINERD_CONFIG_ROOT, HOST_CERT_DIR, KATA_ROOT, SC2_CONFIG_DIR]:
             if debug:
                 print(f"WARNING: nuking {nuked_dir}")
             run(f"sudo rm -rf {nuked_dir}", shell=True, check=True)
@@ -225,6 +226,10 @@ def deploy(ctx, debug=False, clean=False):
         if debug:
             print(result.stdout.decode("utf-8").strip())
 
+    # Create SC2 config dir
+    if not exists(SC2_CONFIG_DIR):
+        makedirs(SC2_CONFIG_DIR)
+
     # Disable swap
     run("sudo swapoff -a", shell=True, check=True)
 
@@ -277,8 +282,6 @@ def deploy(ctx, debug=False, clean=False):
     push_demo_apps_to_local_registry(ctx, debug=debug)
 
     # Finally, create a deployment file (right now, it is empty)
-    if not exists(SC2_CONFIG_DIR):
-        makedirs(SC2_CONFIG_DIR)
     result = run(f"touch {SC2_DEPLOYMENT_FILE}", shell=True, capture_output=True)
     assert result.returncode == 0, print(result.stderr.decode("utf-8").strip())
     if debug:
diff --git a/tasks/util/kata.py b/tasks/util/kata.py
index 85f003c..71b666b 100644
--- a/tasks/util/kata.py
+++ b/tasks/util/kata.py
@@ -63,8 +63,8 @@ def stop_kata_workon_ctr():
 def copy_from_kata_workon_ctr(ctr_path, host_path, sudo=False, debug=False):
     ctr_started = run_kata_workon_ctr()
 
-    if not ctr_started and debug:
-        print("Copying agent from running container...")
+    if not ctr_started:
+        print("Copying files from running Kata container...")
 
     docker_cmd = "docker cp {}:{} {}".format(
         KATA_WORKON_CTR_NAME,
diff --git a/vm-cache/src/main.rs b/vm-cache/src/main.rs
index 34910d7..dcea775 100644
--- a/vm-cache/src/main.rs
+++ b/vm-cache/src/main.rs
@@ -337,7 +337,13 @@ fn main() {
     let result = match args[1].as_str() {
         "foreground" => run_foreground(),
         "background" => run_background(),
+        "logs" => Ok(tail_log_file(false)),
         "prune" => prune_qemu_processes(),
+        "restart" => {
+            info!("restarting vm-cache process...");
+            stop_background_process().unwrap();
+            run_background()
+        },
         "stop" => stop_background_process(),
         _ => {
             error!("invalid mode: {}", args[1]);