// Package daemon hosts the Banger daemon process.
//
// The daemon exposes a JSON-RPC endpoint over a Unix socket and, optionally,
// a local web UI. It owns VM lifecycle, image management, guest sessions,
// host networking bootstrap, and state persistence via internal/store.
//
// The package is organised into cohesive groups. A phased refactor is
// splitting each group into a subpackage; file names below reflect the
// current (in-progress) grouping.
//
// VM lifecycle:
//
//	vm_create.go      CreateVM and create-time disk provisioning
//	vm_lifecycle.go   Start/Stop/Restart/Kill/Delete
//	vm_set.go         SetVM mutation
//	vm_stats.go       stats, health, ping, stale reaper
//	vm_disk.go        system overlay, work disk provisioning
//	vm_authsync.go    per-VM authorized_key, git identity, and auth file sync
//	vm_create_ops.go  async begin/status/cancel registry for create
//	capabilities.go   pluggable capability hooks executed at VM start
//	preflight.go      prereq validation for VM start
//	snapshot.go       device-mapper COW snapshot helpers
//	ports.go          port forwarding inspection
//
// Image management:
//
//	images.go             register, promote, delete, find, list
//	imagebuild.go         build via firecracker build VM
//	image_build_ops.go    async begin/status/cancel registry for build
//	image_seed.go         managed work-seed fingerprint refresh
//
// Guest interaction:
//
//	guest_sessions.go    long-lived guest commands, attach, logs
//	ssh_client_config.go daemon-managed SSH client key material
//	workspace.go         materialising host repos into guest
//	opencode.go          opencode host-side helpers
//
// Host bootstrap:
//
//	nat.go           NAT prereq registration
//	dns_routing.go   systemd-resolved per-interface routing
//	tap_pool.go      TAP interface pool
//
// Core:
//
//	daemon.go         Daemon struct, Open/Close/Serve, dispatch
//	dashboard.go      dashboard metrics aggregation
//	doctor.go         host diagnostics
//	logger.go         slog configuration
//	runtime_assets.go paths to bundled companion binaries
//	web.go            embedded web UI server
//
// Lock ordering:
//
//	vmLocks[id]  →  {createVMMu, imageOpsMu}  →  subsystem-local locks
//
// Subsystem-local locks live on the owning type (tapPool.mu,
// sessionRegistry.mu, opRegistry.mu, guestSessionController.attachMu/writeMu)
// and do not contend with each other. See ARCHITECTURE.md for details.
package daemon