vm run: ship tracked files only by default; add --include-untracked + --dry-run

Workspace-mode vm run and vm workspace prepare used to copy both tracked AND untracked non-ignored files into the guest. That silently catches local .env files, scratch notes, credentials, and any other working-tree state a developer hasn't explicitly gitignored — a real data-exposure footgun given the golden image ships Docker and the usual dev tooling. Flip the default to tracked-only. Users who actually want the fuller set opt in with --include-untracked (documented in both commands' help). Gitignored files are still always excluded regardless of the flag. Add --dry-run to both vm run and vm workspace prepare. Dry-run inspects the repo CLI-side (no VM created, no daemon RPC needed since the daemon is always local and the inspection is a pure git read), prints the exact file list + mode, and exits. A byte-level preview of what would land in the guest. When running real (non-dry) and untracked files exist in the repo but are being skipped under the new default, print a one-line notice pointing to --include-untracked so users aren't surprised when the guest is missing something they expected. Signature changes: - ListOverlayPaths takes an includeUntracked bool (tracked always; untracked gated by flag). - InspectRepo takes the same flag and passes it through. - VMWorkspacePrepareParams gains IncludeUntracked. - WorkspaceService.workspaceInspectRepo seam signature widened to match (4 callers in tests updated). New workspace package tests cover both modes and verify that gitignored files never leak regardless of the flag. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 19:53:17 -03:00 · 2026-04-21 19:53:17 -03:00 · 2a7f55f028
commit 2a7f55f028
parent 25a1466947
11 changed files with 293 additions and 67 deletions
--- a/internal/daemon/workspace/workspace.go
+++ b/internal/daemon/workspace/workspace.go
@ -67,11 +67,12 @@ var HostCommandOutputFunc = func(ctx context.Context, name string, args ...strin
 	return output, fmt.Errorf("%s: %w: %s", command, err, detail)
 }

-// InspectRepo resolves rawPath into an absolute repo root and captures the
-// HEAD, branch, optional base-from ref, git identity, origin URL, submodules,
-// and overlay paths (tracked + untracked non-ignored files) needed for a
-// prepare.
-func InspectRepo(ctx context.Context, rawPath, branchName, fromRef string) (RepoSpec, error) {
+// InspectRepo resolves rawPath into an absolute repo root and captures
+// the HEAD, branch, optional base-from ref, git identity, origin URL,
+// submodules, and overlay paths needed for a prepare. Overlay paths
+// cover tracked files by default; untracked non-ignored files are
+// included only when includeUntracked is true.
+func InspectRepo(ctx context.Context, rawPath, branchName, fromRef string, includeUntracked bool) (RepoSpec, error) {
 	sourcePath, err := ResolveSourcePath(rawPath)
 	if err != nil {
 		return RepoSpec{}, err
@ -119,7 +120,7 @@ func InspectRepo(ctx context.Context, rawPath, branchName, fromRef string) (Repo
 	if err != nil {
 		return RepoSpec{}, fmt.Errorf("resolve origin url for %s: %w", repoRoot, err)
 	}
-	overlayPaths, err := ListOverlayPaths(ctx, repoRoot)
+	overlayPaths, err := ListOverlayPaths(ctx, repoRoot, includeUntracked)
 	if err != nil {
 		return RepoSpec{}, err
 	}
@ -292,17 +293,22 @@ func ListSubmodules(ctx context.Context, repoRoot string) ([]string, error) {
 	return submodules, nil
 }

-// ListOverlayPaths returns tracked + untracked non-ignored files in
-// repoRoot. Missing tracked entries (deleted working-tree files) are skipped.
-func ListOverlayPaths(ctx context.Context, repoRoot string) ([]string, error) {
+// ListOverlayPaths returns tracked files in repoRoot, plus (when
+// includeUntracked is true) untracked non-ignored files. Missing
+// tracked entries (deleted working-tree files) are skipped in both
+// modes.
+//
+// The default is tracked-only because "untracked + not gitignored"
+// silently catches local credentials, .env files, scratch notes, and
+// other secrets that live in the working tree but aren't meant to
+// leave the developer's machine. Callers that genuinely want the
+// fuller set (scratch repos, vendored binaries the user is iterating
+// on) opt in explicitly.
+func ListOverlayPaths(ctx context.Context, repoRoot string, includeUntracked bool) ([]string, error) {
 	trackedOutput, err := GitOutput(ctx, repoRoot, "ls-files", "-z")
 	if err != nil {
 		return nil, fmt.Errorf("list tracked files for %s: %w", repoRoot, err)
 	}
-	untrackedOutput, err := GitOutput(ctx, repoRoot, "ls-files", "--others", "--exclude-standard", "-z")
-	if err != nil {
-		return nil, fmt.Errorf("list untracked files for %s: %w", repoRoot, err)
-	}
 	paths := make([]string, 0)
 	seen := make(map[string]struct{})
 	for _, relPath := range ParseNullSeparatedOutput(trackedOutput) {
@ -318,20 +324,44 @@ func ListOverlayPaths(ctx context.Context, repoRoot string) ([]string, error) {
 		seen[relPath] = struct{}{}
 		paths = append(paths, relPath)
 	}
-	for _, relPath := range ParseNullSeparatedOutput(untrackedOutput) {
-		if relPath == "" {
-			continue
+	if includeUntracked {
+		untrackedOutput, err := GitOutput(ctx, repoRoot, "ls-files", "--others", "--exclude-standard", "-z")
+		if err != nil {
+			return nil, fmt.Errorf("list untracked files for %s: %w", repoRoot, err)
 		}
-		if _, ok := seen[relPath]; ok {
-			continue
+		for _, relPath := range ParseNullSeparatedOutput(untrackedOutput) {
+			if relPath == "" {
+				continue
+			}
+			if _, ok := seen[relPath]; ok {
+				continue
+			}
+			seen[relPath] = struct{}{}
+			paths = append(paths, relPath)
 		}
-		seen[relPath] = struct{}{}
-		paths = append(paths, relPath)
 	}
 	sort.Strings(paths)
 	return paths, nil
 }

+// CountUntrackedPaths returns the number of untracked non-ignored
+// files in repoRoot. Used by the CLI to warn the user when they are
+// about to ship a workspace that has local-but-unignored scratch
+// files which, under the default, will be skipped.
+func CountUntrackedPaths(ctx context.Context, repoRoot string) (int, error) {
+	untrackedOutput, err := GitOutput(ctx, repoRoot, "ls-files", "--others", "--exclude-standard", "-z")
+	if err != nil {
+		return 0, fmt.Errorf("list untracked files for %s: %w", repoRoot, err)
+	}
+	count := 0
+	for _, relPath := range ParseNullSeparatedOutput(untrackedOutput) {
+		if relPath != "" {
+			count++
+		}
+	}
+	return count, nil
+}
+
 // ParsePrepareMode validates and canonicalises a user-supplied mode value.
 func ParsePrepareMode(raw string) (model.WorkspacePrepareMode, error) {
 	switch strings.TrimSpace(raw) {
--- a/internal/daemon/workspace/workspace_test.go
+++ b/internal/daemon/workspace/workspace_test.go
@ -0,0 +1,99 @@
+package workspace
+
+import (
+	"context"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"slices"
+	"testing"
+)
+
+// seedRepo creates a tiny git repo with one tracked file, one
+// gitignored file, and one untracked-non-ignored file. Returns the
+// repo root path. Skips the test if git isn't on PATH (unusual for
+// a dev machine, but polite).
+func seedRepo(t *testing.T) string {
+	t.Helper()
+	if _, err := exec.LookPath("git"); err != nil {
+		t.Skipf("git not on PATH: %v", err)
+	}
+	dir := t.TempDir()
+	run := func(args ...string) {
+		t.Helper()
+		cmd := exec.Command(args[0], args[1:]...)
+		cmd.Dir = dir
+		// Isolate from the ambient user config so commits don't need
+		// a global user.name/user.email. Also disable GPG signing.
+		cmd.Env = append(os.Environ(),
+			"GIT_AUTHOR_NAME=t", "GIT_AUTHOR_EMAIL=t@t",
+			"GIT_COMMITTER_NAME=t", "GIT_COMMITTER_EMAIL=t@t",
+			"GIT_CONFIG_GLOBAL=/dev/null",
+		)
+		if out, err := cmd.CombinedOutput(); err != nil {
+			t.Fatalf("%v: %v\n%s", args, err, out)
+		}
+	}
+	writeFile := func(relPath, content string) {
+		t.Helper()
+		if err := os.WriteFile(filepath.Join(dir, relPath), []byte(content), 0o644); err != nil {
+			t.Fatal(err)
+		}
+	}
+	run("git", "init", "-q", "-b", "main")
+	run("git", "config", "commit.gpgsign", "false")
+	writeFile(".gitignore", "ignored.log\n")
+	writeFile("README.md", "hello\n")
+	run("git", "add", ".gitignore", "README.md")
+	run("git", "commit", "-q", "-m", "init")
+	// A tracked file AFTER the first commit so ls-files picks it up.
+	// A gitignored file so --exclude-standard filters it.
+	// An untracked non-ignored file so the flag matters.
+	writeFile("src.go", "package main\n")
+	run("git", "add", "src.go")
+	run("git", "commit", "-q", "-m", "src")
+	writeFile("ignored.log", "noisy\n")
+	writeFile("SECRETS.env", "TOKEN=abc\n")
+	return dir
+}
+
+func TestListOverlayPaths_TrackedOnlyByDefault(t *testing.T) {
+	repo := seedRepo(t)
+	got, err := ListOverlayPaths(context.Background(), repo, false)
+	if err != nil {
+		t.Fatalf("ListOverlayPaths: %v", err)
+	}
+	want := []string{".gitignore", "README.md", "src.go"}
+	if !slices.Equal(got, want) {
+		t.Fatalf("got %v, want %v (untracked SECRETS.env must be excluded; gitignored ignored.log must always be excluded)", got, want)
+	}
+}
+
+func TestListOverlayPaths_IncludeUntracked(t *testing.T) {
+	repo := seedRepo(t)
+	got, err := ListOverlayPaths(context.Background(), repo, true)
+	if err != nil {
+		t.Fatalf("ListOverlayPaths: %v", err)
+	}
+	want := []string{".gitignore", "README.md", "SECRETS.env", "src.go"}
+	if !slices.Equal(got, want) {
+		t.Fatalf("got %v, want %v", got, want)
+	}
+	// gitignored files must stay out even when untracked is included.
+	for _, p := range got {
+		if p == "ignored.log" {
+			t.Fatalf("gitignored file leaked into overlay: %v", got)
+		}
+	}
+}
+
+func TestCountUntrackedPaths(t *testing.T) {
+	repo := seedRepo(t)
+	count, err := CountUntrackedPaths(context.Background(), repo)
+	if err != nil {
+		t.Fatalf("CountUntrackedPaths: %v", err)
+	}
+	if count != 1 {
+		t.Fatalf("count = %d, want 1 (only SECRETS.env; ignored.log is gitignored)", count)
+	}
+}