Make runtime defaults portable

Stop assuming one workstation layout for runtime artifacts, mapdns, and host tooling. The daemon and shell helpers now use portable mapdns configuration, and runtime bundles can carry bundle.json metadata for their default kernel, initrd, modules, rootfs, and helper paths.

Load bundle metadata through config with a legacy layout fallback, thread mapdns_bin/mapdns_data_file through the Go and shell paths, and add command-scoped preflight checks for VM start, NAT, image build, work-disk resize, and SSH so missing tools or artifacts fail with actionable errors.

Update the runtime-bundle manifest, docs, and tests to match the new model. Verified with go test ./..., make build, and bash -n customize.sh interactive.sh dns.sh make-rootfs.sh verify.sh.

README.md

@@ -4,10 +4,16 @@ Persistent Firecracker development VMs managed through a Go daemon, CLI, and TUI
 
 ## Requirements
 - Linux host with KVM (`/dev/kvm` access)
-- `sudo`, `ip`, `curl`, `ssh`, `jq`
-- `dmsetup`, `losetup`, `blockdev`
-- `e2cp`, `e2rm`, `debugfs`
-- `mapdns`
+- Core VM lifecycle: `sudo`, `ip`, `dmsetup`, `losetup`, `blockdev`, `truncate`, `pgrep`, `ps`
+- Guest rootfs patching: `e2cp`, `e2rm`, `debugfs`
+- Guest work disk creation/resizing: `mkfs.ext4`, `e2fsck`, `resize2fs`, `mount`, `umount`, `cp`
+- SSH and logs: `ssh`
+- DNS publishing: `mapdns`
+- Optional NAT: `iptables`, `sysctl`
+- Image build helper flow: `bash`, `curl`, `jq`, `sha256sum`
+
+`banger` validates these per command and returns actionable errors instead of
+assuming one workstation layout.
 
 ## Runtime Bundle
 Runtime artifacts are no longer tracked directly in Git. Source checkouts use a
@@ -16,9 +22,8 @@ generated `./runtime/` bundle, while installed binaries use
 
 The bundle contains:
 - `firecracker`
-- `wtf/root/boot/vmlinux-6.8.0-94-generic`
-- `wtf/root/boot/initrd.img-6.8.0-94-generic`
-- `wtf/root/lib/modules/6.8.0-94-generic/`
+- `bundle.json` with the bundle's default kernel/initrd/modules/rootfs paths
+- a kernel, initrd, and modules tree referenced by `bundle.json`
 - `rootfs-docker.ext4`
 - `rootfs.ext4` when present
 - `packages.apt`
@@ -112,9 +117,14 @@ the executable. Source-checkout binaries resolve it from `./runtime` next to the
 repo-built `./banger`. You can override either with `runtime_dir` in
 `~/.config/banger/config.toml` or `BANGER_RUNTIME_DIR`.
 
+`mapdns` uses its own default data store unless you set `mapdns_data_file` or
+`BANGER_MAPDNS_DATA_FILE`.
+
 Useful config keys:
 - `runtime_dir`
 - `firecracker_bin`
+- `mapdns_bin`
+- `mapdns_data_file`
 - `ssh_key_path`
 - `namegen_path`
 - `customize_script`
@@ -143,8 +153,8 @@ banger image delete docker-dev
 ```
 
 `banger` auto-registers the bundled `default_rootfs` image when it exists. If
-`rootfs.ext4` is not present in the bundle, `image build` falls back to using
-`rootfs-docker.ext4` as its default base image.
+the bundle does not include a separate base `rootfs.ext4`, `image build` falls
+back to using `rootfs-docker.ext4` as its default base image.
 
 ## Networking And DNS
 Enable NAT when creating or updating a VM:
@@ -184,7 +194,7 @@ is not available, pass an explicit `--base-rootfs` to `./make-rootfs.sh`.
 
 ## Maintaining The Runtime Bundle
 Maintain the checked-in manifest in [`runtime-bundle.toml`](/home/thales/projects/personal/banger/runtime-bundle.toml)
-with the published bundle URL and SHA256.
+with the published bundle URL, SHA256, and `bundle_metadata` defaults.
 
 Package a local `./runtime/` tree for publication:
 ```bash