vm run: ship tracked files only by default; add --include-untracked + --dry-run

Workspace-mode vm run and vm workspace prepare used to copy both
tracked AND untracked non-ignored files into the guest. That silently
catches local .env files, scratch notes, credentials, and any other
working-tree state a developer hasn't explicitly gitignored — a real
data-exposure footgun given the golden image ships Docker and the
usual dev tooling.

Flip the default to tracked-only. Users who actually want the fuller
set opt in with --include-untracked (documented in both commands'
help). Gitignored files are still always excluded regardless of the
flag.

Add --dry-run to both vm run and vm workspace prepare. Dry-run
inspects the repo CLI-side (no VM created, no daemon RPC needed since
the daemon is always local and the inspection is a pure git read),
prints the exact file list + mode, and exits. A byte-level preview of
what would land in the guest.

When running real (non-dry) and untracked files exist in the repo but
are being skipped under the new default, print a one-line notice
pointing to --include-untracked so users aren't surprised when the
guest is missing something they expected.

Signature changes:
- ListOverlayPaths takes an includeUntracked bool (tracked always;
  untracked gated by flag).
- InspectRepo takes the same flag and passes it through.
- VMWorkspacePrepareParams gains IncludeUntracked.
- WorkspaceService.workspaceInspectRepo seam signature widened to
  match (4 callers in tests updated).

New workspace package tests cover both modes and verify that
gitignored files never leak regardless of the flag.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

internal/cli/commands_vm.go

@@ -62,6 +62,8 @@ func (d *deps) newVMRunCommand() *cobra.Command {
 		branchName        string
 		fromRef           = "HEAD"
 		removeOnExit      bool
+		includeUntracked  bool
+		dryRun            bool
 	)
 	cmd := &cobra.Command{
 		Use:   "run [path] [-- command args...]",
@@ -107,7 +109,17 @@ Three modes:
 				if err != nil {
 					return err
 				}
-				repoPtr = &vmRunRepo{sourcePath: resolved, branchName: branchName, fromRef: fromRef}
+				repoPtr = &vmRunRepo{sourcePath: resolved, branchName: branchName, fromRef: fromRef, includeUntracked: includeUntracked}
+			}
+			if dryRun {
+				if repoPtr == nil {
+					return errors.New("--dry-run requires a workspace path")
+				}
+				dryFromRef := ""
+				if strings.TrimSpace(repoPtr.branchName) != "" {
+					dryFromRef = repoPtr.fromRef
+				}
+				return runWorkspaceDryRun(cmd.Context(), cmd.OutOrStdout(), repoPtr.sourcePath, repoPtr.branchName, dryFromRef, repoPtr.includeUntracked)
 			}
 
 			layout, err := paths.Resolve()
@@ -151,6 +163,8 @@ Three modes:
 	cmd.Flags().StringVar(&branchName, "branch", "", "create and switch to a new guest branch")
 	cmd.Flags().StringVar(&fromRef, "from", "HEAD", "base ref for --branch")
 	cmd.Flags().BoolVar(&removeOnExit, "rm", false, "delete the VM after the ssh session / command exits")
+	cmd.Flags().BoolVar(&includeUntracked, "include-untracked", false, "also copy untracked non-ignored files into the guest workspace (default: tracked files only)")
+	cmd.Flags().BoolVar(&dryRun, "dry-run", false, "list the files that would be copied into the guest workspace and exit without creating a VM")
 	_ = cmd.RegisterFlagCompletionFunc("image", d.completeImageNames)
 	return cmd
 }
@@ -570,6 +584,8 @@ func (d *deps) newVMWorkspacePrepareCommand() *cobra.Command {
 	var fromRef string
 	var mode string
 	var readOnly bool
+	var includeUntracked bool
+	var dryRun bool
 	cmd := &cobra.Command{
 		Use:               "prepare <id-or-name> [path]",
 		Short:             "Copy a local repo into a running VM",
@@ -582,10 +598,6 @@ func (d *deps) newVMWorkspacePrepareCommand() *cobra.Command {
   banger vm workspace prepare devbox ../repo --mode full_copy
 `),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			layout, _, err := d.ensureDaemon(cmd.Context())
-			if err != nil {
-				return err
-			}
 			sourcePath := ""
 			if len(args) > 1 {
 				sourcePath = args[1]
@@ -605,14 +617,27 @@ func (d *deps) newVMWorkspacePrepareCommand() *cobra.Command {
 			if strings.TrimSpace(branchName) != "" {
 				prepareFrom = fromRef
 			}
+			if dryRun {
+				return runWorkspaceDryRun(cmd.Context(), cmd.OutOrStdout(), resolvedPath, branchName, prepareFrom, includeUntracked)
+			}
+			layout, _, err := d.ensureDaemon(cmd.Context())
+			if err != nil {
+				return err
+			}
+			if !includeUntracked {
+				if err := noteUntrackedSkipped(cmd.Context(), cmd.ErrOrStderr(), resolvedPath); err != nil {
+					return err
+				}
+			}
 			result, err := d.vmWorkspacePrepare(cmd.Context(), layout.SocketPath, api.VMWorkspacePrepareParams{
-				IDOrName:   args[0],
-				SourcePath: resolvedPath,
-				GuestPath:  guestPath,
-				Branch:     branchName,
-				From:       prepareFrom,
-				Mode:       mode,
-				ReadOnly:   readOnly,
+				IDOrName:         args[0],
+				SourcePath:       resolvedPath,
+				GuestPath:        guestPath,
+				Branch:           branchName,
+				From:             prepareFrom,
+				Mode:             mode,
+				ReadOnly:         readOnly,
+				IncludeUntracked: includeUntracked,
 			})
 			if err != nil {
 				return err
@@ -625,6 +650,8 @@ func (d *deps) newVMWorkspacePrepareCommand() *cobra.Command {
 	cmd.Flags().StringVar(&fromRef, "from", "HEAD", "base ref for --branch")
 	cmd.Flags().StringVar(&mode, "mode", string(model.WorkspacePrepareModeShallowOverlay), "workspace mode: shallow_overlay, full_copy, metadata_only")
 	cmd.Flags().BoolVar(&readOnly, "readonly", false, "make the prepared workspace read-only")
+	cmd.Flags().BoolVar(&includeUntracked, "include-untracked", false, "also copy untracked non-ignored files into the guest workspace (default: tracked files only)")
+	cmd.Flags().BoolVar(&dryRun, "dry-run", false, "list the files that would be copied and exit without touching the guest")
 	return cmd
 }
 

internal/cli/vm_run.go

@@ -39,9 +39,10 @@ type vmRunGuestClient interface {
 // RepoName, HEAD commit, etc.) comes back from the workspace.prepare
 // RPC, which does the full git inspection daemon-side.
 type vmRunRepo struct {
-	sourcePath string
-	branchName string
-	fromRef    string
+	sourcePath       string
+	branchName       string
+	fromRef          string
+	includeUntracked bool
 }
 
 const vmRunToolingInstallTimeoutSeconds = 120
@@ -193,13 +194,19 @@ func (d *deps) runVMRun(ctx context.Context, socketPath string, cfg model.Daemon
 		if strings.TrimSpace(repo.branchName) != "" {
 			fromRef = repo.fromRef
 		}
+		if !repo.includeUntracked {
+			if err := noteUntrackedSkipped(ctx, stderr, repo.sourcePath); err != nil {
+				printVMRunWarning(stderr, fmt.Sprintf("count untracked files failed: %v", err))
+			}
+		}
 		prepared, err := d.vmWorkspacePrepare(ctx, socketPath, api.VMWorkspacePrepareParams{
-			IDOrName:   vmRef,
-			SourcePath: repo.sourcePath,
-			GuestPath:  vmRunGuestDir(),
-			Branch:     repo.branchName,
-			From:       fromRef,
-			Mode:       string(model.WorkspacePrepareModeShallowOverlay),
+			IDOrName:         vmRef,
+			SourcePath:       repo.sourcePath,
+			GuestPath:        vmRunGuestDir(),
+			Branch:           repo.branchName,
+			From:             fromRef,
+			Mode:             string(model.WorkspacePrepareModeShallowOverlay),
+			IncludeUntracked: repo.includeUntracked,
 		})
 		if err != nil {
 			return fmt.Errorf("vm %q is running but workspace prepare failed: %w", vmRef, err)

internal/cli/workspace_preview.go

@@ -0,0 +1,54 @@
+package cli
+
+import (
+	"context"
+	"fmt"
+	"io"
+
+	"banger/internal/daemon/workspace"
+)
+
+// runWorkspaceDryRun inspects the local repo at resolvedPath and
+// prints the file list that `vm run` / `workspace prepare` would ship
+// into the guest. Runs on the CLI side (no daemon RPC needed) since
+// the daemon is always local and the workspace inspection is a pure
+// git read.
+func runWorkspaceDryRun(ctx context.Context, out io.Writer, resolvedPath, branchName, fromRef string, includeUntracked bool) error {
+	spec, err := workspace.InspectRepo(ctx, resolvedPath, branchName, fromRef, includeUntracked)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(out, "dry-run: %d file(s) would be copied to guest\n", len(spec.OverlayPaths))
+	fmt.Fprintf(out, "repo: %s\n", spec.RepoRoot)
+	if includeUntracked {
+		fmt.Fprintln(out, "mode: tracked + untracked non-ignored (--include-untracked)")
+	} else {
+		fmt.Fprintln(out, "mode: tracked only (re-run with --include-untracked to also copy untracked non-ignored files)")
+	}
+	fmt.Fprintln(out, "---")
+	for _, path := range spec.OverlayPaths {
+		fmt.Fprintln(out, path)
+	}
+	if !includeUntracked {
+		if err := noteUntrackedSkipped(ctx, out, spec.RepoRoot); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// noteUntrackedSkipped prints a one-line notice to stderr-analog when
+// the repo has untracked non-ignored files that will NOT be copied
+// because --include-untracked was not passed. Silent when there are
+// no such files, or when the count can't be determined.
+func noteUntrackedSkipped(ctx context.Context, out io.Writer, repoRoot string) error {
+	count, err := workspace.CountUntrackedPaths(ctx, repoRoot)
+	if err != nil {
+		return err
+	}
+	if count == 0 {
+		return nil
+	}
+	fmt.Fprintf(out, "---\nnote: %d untracked non-ignored file(s) were NOT copied (git-tracked files only by default — pass --include-untracked to include them)\n", count)
+	return nil
+}