// Package daemon hosts the Banger daemon process.
//
// The daemon exposes a JSON-RPC endpoint over a Unix socket and, optionally,
// an experimental local web UI. It owns VM lifecycle, image management,
// guest sessions, host networking bootstrap, and state persistence via
// internal/store.
//
// The package is organised into cohesive groups. Pure stateless helpers for
// each group have been lifted into subpackages; orchestrator methods
// (Daemon receivers) stay here and compose them.
//
// Subpackages:
//
//	internal/daemon/opstate    Generic Registry[T AsyncOp] for async
//	                           operations (VM create).
//	internal/daemon/dmsnap     Device-mapper COW snapshot lifecycle.
//	internal/daemon/fcproc     Firecracker process helpers: bridge/tap,
//	                           binary resolution, PID lookup, wait/kill.
//	internal/daemon/imagemgr   Image subsystem helpers: path validation,
//	                           artifact staging, guest provisioning script
//	                           generator, metadata.
//	internal/daemon/session    Guest-session helpers: state paths, runner
//	                           / inspect / signal scripts, state snapshot
//	                           parsing, launch helpers, ShellQuote,
//	                           FormatStepError.
//	internal/daemon/workspace  Workspace helpers: git repo inspection,
//	                           shallow copy prep, guest-side import,
//	                           finalize script generation.
//
// VM lifecycle (in this package):
//
//	vm_create.go      CreateVM and create-time disk provisioning
//	vm_lifecycle.go   Start/Stop/Restart/Kill/Delete
//	vm_set.go         SetVM mutation
//	vm_stats.go       stats, health, ping, stale reaper
//	vm_disk.go        system overlay, work disk provisioning
//	vm_authsync.go    per-VM authorized_key, git identity, auth file sync
//	vm_create_ops.go  async begin/status/cancel (uses opstate.Registry)
//	vm_locks.go       vmLockSet: per-VM mutex set
//	vm.go             fcproc forwarders, DNS helpers, small utilities
//	capabilities.go   pluggable capability hooks executed at VM start
//	preflight.go      prereq validation for VM start
//	snapshot.go       dmsnap forwarders + dmSnapshotHandles type alias
//	ports.go          port forwarding inspection
//
// Image management (in this package):
//
//	images.go             register, promote, delete, find, list
//	images_pull.go        image pull: catalog (bundle) + OCI paths
//	image_seed.go         managed work-seed SSH fingerprint refresh
//
// Guest interaction (in this package):
//
//	guest_sessions.go      dialGuest, waitForGuestSSH, refresh/inspect
//	session_lifecycle.go   Start/Stop/Kill/Get/List/signal orchestrators
//	session_attach.go      BeginGuestSessionAttach + bridge/forward/watch
//	session_stream.go      GuestSessionLogs, SendToGuestSession
//	session_controller.go  guestSessionController, sessionRegistry
//	ssh_client_config.go   daemon-managed SSH client key material
//	workspace.go           ExportVMWorkspace, PrepareVMWorkspace
//	opencode.go            opencode host-side helpers
//
// Host bootstrap (in this package):
//
//	nat.go           NAT prereq registration
//	dns_routing.go   systemd-resolved per-interface routing
//	tap_pool.go      TAP interface pool (state in tapPool type)
//
// Core (in this package):
//
//	daemon.go         Daemon struct, Open/Close/Serve, dispatch
//	dashboard.go      dashboard metrics aggregation
//	doctor.go         host diagnostics
//	logger.go         slog configuration
//	runtime_assets.go paths to bundled companion binaries
//	web.go            experimental local web UI server
//
// Lock ordering:
//
//	vmLocks[id]  →  {createVMMu, imageOpsMu}  →  subsystem-local locks
//
// Subsystem-local locks live on their owning type (tapPool.mu,
// sessionRegistry.mu, opstate.Registry mu, guestSessionController.attachMu /
// writeMu) and do not contend with each other. See ARCHITECTURE.md for
// details.
package daemon