New VMs should come up with tmux session persistence ready instead of requiring per-VM plugin setup, and rebuilt images should stop carrying stale Docker installer scraps.
Configure both image build paths to install TPM, tmux-resurrect, and tmux-continuum for root, manage a marked /root/.tmux.conf block with autosave enabled and restore left manual, and remove legacy get-docker helper files during provisioning.
Update the README and repo guidance to document the rebuilt-image behavior. Verified with bash -n customize.sh, GOCACHE=/tmp/banger-gocache go test ./internal/daemon -run TestBuildProvisionScriptInstallsDefaultTools, and GOCACHE=/tmp/banger-gocache make build.
Extend the default image provisioning path so opencode is installed through mise as part of both the Go-native image builder and the shell-based rootfs customization flow. That keeps new images consistent regardless of which build path produced them.
The change reuses the existing mise activation setup instead of adding a second tool bootstrap path, and adds a provisioning-script assertion so the generated guest setup includes the opencode install step.
Verified with bash -n customize.sh and go test ./....
New VMs should have mise available without a per-VM bootstrap step, and the activation needs to work in the default root bash workflow.
Install a pinned mise binary during both the Go-native image build path and the customize.sh rootfs rebuild path, then enable bash activation through /etc/profile.d for login shells and /etc/bash.bashrc for interactive shells.
Add a regression around the generated provisioning script and validate with bash -n customize.sh, go test ./..., and make build. Rebuilding the default rootfs is still required before future default-image VMs pick up the change.
Reduce the control plane's dependency on helper scripts while keeping the hard Linux integration points in the approved shell-out layer.
Replace the bash-driven image build path with a native Go builder that clones and optionally resizes the rootfs, boots a temporary Firecracker VM, provisions the guest over SSH, installs packages and modules, and preserves the package-manifest sidecar.
Also replace a few small convenience shell-outs with Go helpers: read process stats from /proc, use os.Truncate for ext4 image growth, add file-clone and normalized-line helpers, drop the sh -c work-disk flattening path, and launch Firecracker via a direct sudo command.
Add tests for the new SSH/archive and system helpers, plus a policy test that keeps os/exec imports confined to cli/firecracker/system. Update the docs to describe customize.sh as a manual helper rather than the daemon's image-build backend.
Validated with go mod tidy, go test ./..., and make build.
