Context
Canonical spec: SourceOS-Linux/sourceos-spec specs/local-agent-runtime.md.
The node-commander repair showed that Podman machine state, socket reachability, local image provenance, authfile selection, and container lifecycle must be first-class platform concepts.
Deliverables
- Add Podman machine preflight library.
- Detect machine missing, stopped, or socket-refusing states.
- Detect local image presence and image ID.
- Enforce local runtime image tags such as
localhost/sourceos/<agent>:<tag> or localhost/socioprophet/<agent>:<tag>.
- Support explicit empty authfile runtime mode.
- Detect stale host credential-helper risk.
- Detect container states including
Stopping, Removing, Exited, Created, and Running.
- Emit machine-readable and human-readable diagnostics.
Acceptance criteria
node-commander style failure is diagnosed as Podman socket unavailable, not as generic launch failure.- Local image run can bypass ambient Google credential helpers using explicit authfile.
- Runtime refuses direct remote registry image unless service auth is declared.
Stopping containers are detected and remediated or reported clearly.
Context
Canonical spec: SourceOS-Linux/sourceos-spec
specs/local-agent-runtime.md.The
node-commanderrepair showed that Podman machine state, socket reachability, local image provenance, authfile selection, and container lifecycle must be first-class platform concepts.Deliverables
localhost/sourceos/<agent>:<tag>orlocalhost/socioprophet/<agent>:<tag>.Stopping,Removing,Exited,Created, andRunning.Acceptance criteria
node-commanderstyle failure is diagnosed as Podman socket unavailable, not as generic launch failure.Stoppingcontainers are detected and remediated or reported clearly.