Add guest sessions and agent VM defaults

Add daemon-backed workspace and guest-session primitives so host orchestrators can prepare /root/repo, launch long-lived guest commands, and attach to pipe-mode sessions over the local stdio mux bridge. Persist richer session metadata and launch diagnostics, preflight guest cwd/command requirements, make pipe-mode attach rehydratable from guest state after daemon restart, and allow submodules when workspace prepare runs in full_copy mode. At the same time, stop vm run from auto-attaching opencode, make it print next-step commands instead, and make glibc guest images more agent-ready by installing node, opencode, claude, and pi while syncing opencode/claude/pi auth files into work disks on VM start. Validation: - GOCACHE=/tmp/banger-gocache go test ./... - make build - banger vm workspace prepare --help - banger vm session --help - banger vm session start --help - banger vm session attach --help
2026-04-12 23:48:42 -03:00 · 2026-04-12 23:48:42 -03:00 · 37c4c091ec
commit 37c4c091ec
parent 497e6dca3d
18 changed files with 3212 additions and 405 deletions
--- a/internal/daemon/vm_test.go
+++ b/internal/daemon/vm_test.go
@ -1102,6 +1102,124 @@ func TestEnsureOpencodeAuthOnWorkDiskWarnsAndSkipsWhenHostAuthUnreadable(t *test
 	}
 }

+func TestEnsureClaudeAuthOnWorkDiskCopiesHostAuth(t *testing.T) {
+	homeDir := t.TempDir()
+	t.Setenv("HOME", homeDir)
+	hostAuthPath := filepath.Join(homeDir, workDiskClaudeAuthRelativePath)
+	if err := os.MkdirAll(filepath.Dir(hostAuthPath), 0o755); err != nil {
+		t.Fatalf("MkdirAll(host auth dir): %v", err)
+	}
+	hostAuth := []byte("{\"token\":\"claude\"}\n")
+	if err := os.WriteFile(hostAuthPath, hostAuth, 0o600); err != nil {
+		t.Fatalf("WriteFile(host auth): %v", err)
+	}
+
+	workDiskDir := t.TempDir()
+	d := &Daemon{runner: &filesystemRunner{t: t}}
+	vm := testVM("claude-auth", "image-claude-auth", "172.16.0.67")
+	vm.Runtime.WorkDiskPath = workDiskDir
+
+	if err := d.ensureClaudeAuthOnWorkDisk(context.Background(), &vm); err != nil {
+		t.Fatalf("ensureClaudeAuthOnWorkDisk: %v", err)
+	}
+
+	guestAuthPath := filepath.Join(workDiskDir, workDiskClaudeAuthRelativePath)
+	got, err := os.ReadFile(guestAuthPath)
+	if err != nil {
+		t.Fatalf("ReadFile(guest auth): %v", err)
+	}
+	if string(got) != string(hostAuth) {
+		t.Fatalf("guest auth = %q, want %q", string(got), string(hostAuth))
+	}
+	info, err := os.Stat(guestAuthPath)
+	if err != nil {
+		t.Fatalf("Stat(guest auth): %v", err)
+	}
+	if info.Mode().Perm() != 0o600 {
+		t.Fatalf("guest auth mode = %v, want 0600", info.Mode().Perm())
+	}
+}
+
+func TestEnsurePiAuthOnWorkDiskCopiesHostAuth(t *testing.T) {
+	homeDir := t.TempDir()
+	t.Setenv("HOME", homeDir)
+	hostAuthPath := filepath.Join(homeDir, workDiskPiAuthRelativePath)
+	if err := os.MkdirAll(filepath.Dir(hostAuthPath), 0o755); err != nil {
+		t.Fatalf("MkdirAll(host auth dir): %v", err)
+	}
+	hostAuth := []byte("{\"token\":\"pi\"}\n")
+	if err := os.WriteFile(hostAuthPath, hostAuth, 0o600); err != nil {
+		t.Fatalf("WriteFile(host auth): %v", err)
+	}
+
+	workDiskDir := t.TempDir()
+	d := &Daemon{runner: &filesystemRunner{t: t}}
+	vm := testVM("pi-auth", "image-pi-auth", "172.16.0.68")
+	vm.Runtime.WorkDiskPath = workDiskDir
+
+	if err := d.ensurePiAuthOnWorkDisk(context.Background(), &vm); err != nil {
+		t.Fatalf("ensurePiAuthOnWorkDisk: %v", err)
+	}
+
+	guestAuthPath := filepath.Join(workDiskDir, workDiskPiAuthRelativePath)
+	got, err := os.ReadFile(guestAuthPath)
+	if err != nil {
+		t.Fatalf("ReadFile(guest auth): %v", err)
+	}
+	if string(got) != string(hostAuth) {
+		t.Fatalf("guest auth = %q, want %q", string(got), string(hostAuth))
+	}
+}
+
+func TestEnsurePiAuthOnWorkDiskWarnsAndSkipsWhenHostAuthMissing(t *testing.T) {
+	homeDir := t.TempDir()
+	t.Setenv("HOME", homeDir)
+
+	workDiskDir := t.TempDir()
+	guestAuthPath := filepath.Join(workDiskDir, workDiskPiAuthRelativePath)
+	if err := os.MkdirAll(filepath.Dir(guestAuthPath), 0o755); err != nil {
+		t.Fatalf("MkdirAll(guest auth dir): %v", err)
+	}
+	original := []byte("{\"token\":\"keep\"}\n")
+	if err := os.WriteFile(guestAuthPath, original, 0o600); err != nil {
+		t.Fatalf("WriteFile(guest auth): %v", err)
+	}
+
+	var buf bytes.Buffer
+	logger, _, err := newDaemonLogger(&buf, "info")
+	if err != nil {
+		t.Fatalf("newDaemonLogger: %v", err)
+	}
+
+	d := &Daemon{
+		runner: &filesystemRunner{t: t},
+		logger: logger,
+	}
+	vm := testVM("pi-auth-missing", "image-pi-auth-missing", "172.16.0.69")
+	vm.Runtime.WorkDiskPath = workDiskDir
+
+	if err := d.ensurePiAuthOnWorkDisk(context.Background(), &vm); err != nil {
+		t.Fatalf("ensurePiAuthOnWorkDisk: %v", err)
+	}
+
+	got, err := os.ReadFile(guestAuthPath)
+	if err != nil {
+		t.Fatalf("ReadFile(guest auth): %v", err)
+	}
+	if string(got) != string(original) {
+		t.Fatalf("guest auth = %q, want preserved %q", string(got), string(original))
+	}
+
+	entries := parseLogEntries(t, buf.Bytes())
+	if !hasLogEntry(entries, map[string]string{
+		"msg":       "guest pi auth sync skipped",
+		"vm_name":   vm.Name,
+		"host_path": filepath.Join(homeDir, workDiskPiAuthRelativePath),
+	}) {
+		t.Fatalf("expected warn log, got %v", entries)
+	}
+}
+
 func TestCreateVMRejectsNonPositiveCPUAndMemory(t *testing.T) {
 	d := &Daemon{}
 	if _, err := d.CreateVM(context.Background(), api.VMCreateParams{VCPUCount: ptr(0)}); err == nil || !strings.Contains(err.Error(), "vcpu must be a positive integer") {