Delete partially working: user, window resizing

Author: sjmiller609

cmd/api/api/exec.go

@@ -30,8 +30,6 @@ var upgrader = websocket.Upgrader{
 type ExecRequest struct {
 	Command []string          `json:"command"`
 	TTY     bool              `json:"tty"`
-	User    string            `json:"user,omitempty"`
-	UID     int32             `json:"uid,omitempty"`
 	Env     map[string]string `json:"env,omitempty"`
 	Cwd     string            `json:"cwd,omitempty"`
 	Timeout int32             `json:"timeout,omitempty"` // seconds
@@ -111,8 +109,6 @@ func (s *ApiService) ExecHandler(w http.ResponseWriter, r *http.Request) {
 		"subject", subject,
 		"command", execReq.Command,
 		"tty", execReq.TTY,
-		"user", execReq.User,
-		"uid", execReq.UID,
 		"cwd", execReq.Cwd,
 		"timeout", execReq.Timeout,
 	)
@@ -127,8 +123,6 @@ func (s *ApiService) ExecHandler(w http.ResponseWriter, r *http.Request) {
 		Stdout:  wsConn,
 		Stderr:  wsConn,
 		TTY:     execReq.TTY,
-		User:    execReq.User,
-		UID:     execReq.UID,
 		Env:     execReq.Env,
 		Cwd:     execReq.Cwd,
 		Timeout: execReq.Timeout,

cmd/api/api/exec_test.go

@@ -182,29 +182,6 @@ func TestExecInstanceNonTTY(t *testing.T) {
 	t.Logf("Command output: %q", outStr)
 	require.Contains(t, outStr, "root", "whoami should return root user")
 
-	// Test another command to verify filesystem access and container context
-	// We should see /docker-entrypoint.sh which is standard in nginx:alpine image
-	t.Log("Testing exec command: ls /docker-entrypoint.sh")
-	stdout = outputBuffer{}
-	stderr = outputBuffer{}
-	
-	t.Log("Calling ExecIntoInstance for ls command...")
-	exit, err = exec.ExecIntoInstance(ctx(), actualInst.VsockSocket, exec.ExecOptions{
-		Command: []string{"/bin/sh", "-c", "ls -la /docker-entrypoint.sh"},
-		Stdin:   nil,
-		Stdout:  &stdout,
-		Stderr:  &stderr,
-		TTY:     false,
-	})
-	t.Logf("ExecIntoInstance returned: err=%v, exit=%v", err, exit)
-	
-	require.NoError(t, err, "ls command should succeed")
-	require.Equal(t, 0, exit.Code, "ls should exit with code 0")
-	
-	outStr = stdout.String()
-	t.Logf("ls output: %q", outStr)
-	require.Contains(t, outStr, "docker-entrypoint.sh", "should see docker-entrypoint.sh file")
-
 	// Cleanup
 	t.Log("Cleaning up instance...")
 	delResp, err := svc.DeleteInstance(ctx(), oapi.DeleteInstanceRequestObject{

lib/exec/README.md

@@ -30,8 +30,6 @@ Container (chroot /overlay/newroot)
   {
     "command": ["bash", "-c", "whoami"],
     "tty": true,
-    "user": "www-data",     // optional: username to run as
-    "uid": 1000,            // optional: UID to run as (overrides user)
     "env": {                // optional: environment variables
       "FOO": "bar"
     },
@@ -56,10 +54,8 @@ Container (chroot /overlay/newroot)
 gRPC streaming RPC with protobuf messages:
 
 **Request (client → server):**
-- `ExecStart`: Command, TTY flag, user/UID, environment variables, working directory, timeout
+- `ExecStart`: Command, TTY flag, environment variables, working directory, timeout
 - `stdin`: Input data bytes
-- `WindowSize`: Terminal resize events (TTY mode)
-- `Signal`: Send Unix signal to process (SIGINT, SIGTERM, SIGKILL, etc.)
 
 **Response (server → client):**
 - `stdout`: Output data bytes
@@ -117,10 +113,6 @@ export HYPEMAN_TOKEN="your-jwt-token"
 ./bin/hypeman-exec <instance-id> /bin/sh
 ./bin/hypeman-exec -it <instance-id> /bin/sh
 
-# Run as specific user
-./bin/hypeman-exec --user www-data <instance-id> whoami
-./bin/hypeman-exec --uid 1000 <instance-id> whoami
-
 # With environment variables
 ./bin/hypeman-exec --env FOO=bar --env BAZ=qux <instance-id> env
 ./bin/hypeman-exec -e FOO=bar -e BAZ=qux <instance-id> env
@@ -132,17 +124,14 @@ export HYPEMAN_TOKEN="your-jwt-token"
 ./bin/hypeman-exec --timeout 30 <instance-id> /long-running-script.sh
 
 # Combined options
-./bin/hypeman-exec --user www-data --cwd /app --env ENV=prod \
-  <instance-id> php artisan migrate
+./bin/hypeman-exec --cwd /app --env ENV=prod <instance-id> php artisan migrate
 ```
 
 ### Options
 
 - `-it`: Interactive mode with TTY (auto-detected if stdin/stdout are terminals)
 - `--token`: JWT token (or use `HYPEMAN_TOKEN` env var)
 - `--api-url`: API server URL (default: `http://localhost:8080`)
-- `--user`: Username to run command as
-- `--uid`: UID to run command as (overrides `--user`)
 - `--env` / `-e`: Environment variable (KEY=VALUE, can be repeated)
 - `--cwd`: Working directory
 - `--timeout`: Execution timeout in seconds (0 = no timeout)
@@ -188,24 +177,10 @@ The guest agent logs are written to the VM console log (accessible via `/var/lib
 ```
 [exec-agent] listening on vsock port 2222
 [exec-agent] new exec stream
-[exec-agent] exec: command=[bash -c whoami] tty=true user=www-data uid=0 cwd=/app timeout=30
+[exec-agent] exec: command=[bash -c whoami] tty=true cwd=/app timeout=30
 [exec-agent] command finished with exit code: 0
 ```
 
-## Signal Support
-
-The protocol supports sending Unix signals to running processes:
-
-- `SIGHUP` (1): Hangup
-- `SIGINT` (2): Interrupt (Ctrl-C)
-- `SIGQUIT` (3): Quit
-- `SIGKILL` (9): Kill (cannot be caught)
-- `SIGTERM` (15): Terminate
-- `SIGSTOP` (19): Stop process
-- `SIGCONT` (18): Continue process
-
-Signals can be sent via the WebSocket stream (implementation detail for advanced clients).
-
 ## Timeout Behavior
 
 When a timeout is specified:
@@ -214,21 +189,11 @@ When a timeout is specified:
 - The exit code will be `124` (GNU timeout convention)
 - Timeout is enforced in the guest, so network issues won't cause false timeouts
 
-## PTY Signal Handling & Architecture
-
-For TTY mode (interactive shells), **the exec-agent runs inside the container namespace** - this is critical for proper signal handling:
-
-### Why This Matters
-When the PTY and shell are in the same namespace, Ctrl+C (byte `0x03`) is correctly interpreted as SIGINT and delivered to the process. Running exec-agent in initrd namespace and using chroot for commands creates a namespace boundary that breaks signal handling.
-
-### Implementation
-The init script (`lib/system/init_script.go`):
-1. Copies exec-agent into `/overlay/newroot/usr/local/bin/`
-2. Bind-mounts `/dev/pts` so PTY devices are accessible in container
-3. Runs exec-agent with `chroot /overlay/newroot`
+## Architecture
 
-This ensures:
-- Ctrl+C, Ctrl+Z, and other terminal control sequences work correctly
-- PTY and process share the same namespace
-- No chroot wrapper needed when executing commands (agent is already in container)
+**exec-agent runs inside the container namespace**:
+- Init script copies agent binary into `/overlay/newroot/usr/local/bin/`
+- Bind-mounts `/dev/pts` so PTY devices are accessible
+- Runs agent with `chroot /overlay/newroot`
+- Commands execute directly (no chroot wrapper needed)
 

lib/exec/client.go

@@ -24,8 +24,6 @@ type ExecOptions struct {
 	Stdout  io.Writer
 	Stderr  io.Writer
 	TTY     bool
-	User    string            // Username to run as (optional)
-	UID     int32             // UID to run as (optional, overrides User)
 	Env     map[string]string // Environment variables
 	Cwd     string            // Working directory (optional)
 	Timeout int32             // Execution timeout in seconds (0 = no timeout)
@@ -87,8 +85,6 @@ func ExecIntoInstance(ctx context.Context, vsockSocketPath string, opts ExecOpti
 			Start: &ExecStart{
 				Command:        opts.Command,
 				Tty:            opts.TTY,
-				User:           opts.User,
-				Uid:            opts.UID,
 				Env:            opts.Env,
 				Cwd:            opts.Cwd,
 				TimeoutSeconds: opts.Timeout,