agentworks-cli 0.2.1__py3-none-any.whl

agentworks/vms/backup.py

@@ -0,0 +1,409 @@
+"""VM backup -- export all metadata and workspace files to a local archive."""
+
+from __future__ import annotations
+
+import json
+import shlex
+import subprocess
+import time
+from dataclasses import asdict
+from datetime import UTC, datetime
+from typing import TYPE_CHECKING
+
+from agentworks import output
+from agentworks.output import BackupError, VMError
+
+if TYPE_CHECKING:
+    from pathlib import Path
+
+    from agentworks.config import Config
+    from agentworks.db import Database, WorkspaceRow
+    from agentworks.ssh import ExecTarget, SSHTarget
+
+
+def backup_vm(
+    db: Database,
+    config: Config,
+    vm_name: str,
+) -> Path:
+    """Create a full backup of a VM: metadata + workspace files.
+
+    Returns the path to the backup archive.
+    """
+    from agentworks.ssh import SSHError, SSHLogger, _unwrap_ssh, admin_exec_target
+    from agentworks.workspaces.manager import _ensure_vm_running
+
+    vm = db.get_vm(vm_name)
+    if vm is None:
+        raise VMError(f"VM '{vm_name}' not found")
+    _ensure_vm_running(db, config, vm)
+
+    if vm.tailscale_host is None:
+        raise VMError(f"VM '{vm_name}' has no Tailscale address")
+
+    # Create backup directory first so the log goes inside it
+    timestamp = datetime.now(UTC).strftime("%Y%m%dT%H%M%SZ")
+    backup_name = f"{vm_name}-{timestamp}"
+    backup_dir = config.paths.backups / backup_name
+    backup_dir.mkdir(parents=True, exist_ok=True)
+
+    ssh_logger = SSHLogger(vm_name, "vm-backup")
+    ssh_logger.path = backup_dir / "backup.log"
+    target = admin_exec_target(vm, config, logger=ssh_logger)
+
+    # Log the backup event
+    db.insert_vm_event(vm_name, "backup_started")
+
+    output.info(f"Backing up VM '{vm_name}' to {backup_dir}...")
+
+    # Snapshot all DB data in a single transaction for consistency
+    output.detail("Reading database (consistent snapshot)...")
+    _vm, agents, workspaces, sessions, events, grants_by_agent = db.snapshot_vm_backup_data(vm_name)
+
+    # 1. VM metadata
+    output.detail("Exporting VM metadata...")
+    _write_json(backup_dir / "vm.json", asdict(vm))
+
+    # 2. Events
+    output.detail(f"Exporting {len(events)} VM events...")
+    _write_json(backup_dir / "events.json", [asdict(e) for e in events])
+
+    # 3. Agents with grants and live UID verification
+    output.detail(f"Exporting {len(agents)} agents...")
+    agents_data = []
+    for agent in agents:
+        agent_data = asdict(agent)
+
+        try:
+            result = target.run(f"id -u {shlex.quote(agent.linux_user)}", check=False)
+            if result.ok:
+                agent_data["live_uid"] = result.stdout.strip()
+            else:
+                agent_data["live_uid"] = None
+                output.warn(f"user '{agent.linux_user}' not found on VM")
+        except SSHError:
+            agent_data["live_uid"] = None
+
+        agent_data["grants"] = [asdict(g) for g in grants_by_agent.get(agent.name, [])]
+        agents_data.append(agent_data)
+    _write_json(backup_dir / "agents.json", agents_data)
+
+    # 4. Workspaces with live GID verification
+    output.detail(f"Exporting {len(workspaces)} workspaces...")
+    ws_data = []
+    for ws in workspaces:
+        ws_entry = asdict(ws)
+        ws_group = f"ws--{ws.name}"
+
+        try:
+            result = target.run(f"getent group {shlex.quote(ws_group)}", check=False)
+            if result.ok:
+                parts = result.stdout.strip().split(":")
+                ws_entry["live_gid"] = parts[2] if len(parts) > 2 else None
+            else:
+                ws_entry["live_gid"] = None
+                output.warn(f"group '{ws_group}' not found on VM")
+        except SSHError:
+            ws_entry["live_gid"] = None
+
+        ws_data.append(ws_entry)
+    _write_json(backup_dir / "workspaces.json", ws_data)
+
+    # 5. Sessions
+    output.detail(f"Exporting {len(sessions)} sessions...")
+    _write_json(backup_dir / "sessions.json", [asdict(s) for s in sessions])
+
+    # 6. Workspace files -- single archive of all workspace paths
+    vm_workspaces = [ws for ws in workspaces if ws.type == "vm"]
+
+    archived_paths: list[str] = []
+    skipped_paths: list[str] = []
+    if vm_workspaces:
+        local_archive = backup_dir / "workspaces.tar.zst"
+        try:
+            archived_paths, skipped_paths = _archive_workspaces(
+                target, _unwrap_ssh(target), vm_workspaces, local_archive,
+            )
+        except Exception:
+            db.insert_vm_event(vm_name, "backup_failed")
+            raise
+    else:
+        output.detail("No VM workspaces to archive.")
+
+    # 7. Manifest
+    manifest = {
+        "version": 2,
+        "vm_name": vm_name,
+        "timestamp": timestamp,
+        "agent_count": len(agents_data),
+        "workspace_count": len(ws_data),
+        "session_count": len(sessions),
+        "event_count": len(events),
+        "archived_paths": archived_paths,
+        "skipped_paths": skipped_paths,
+    }
+    _write_json(backup_dir / "manifest.json", manifest)
+
+    db.insert_vm_event(vm_name, "backup_completed", detail=str(backup_dir))
+    ssh_logger.close()
+
+    output.info(f"\nBackup complete: {backup_dir}")
+
+    return backup_dir
+
+
+def _archive_workspaces(
+    target: ExecTarget,
+    target_ssh: SSHTarget,
+    vm_workspaces: list[WorkspaceRow],
+    local_archive: Path,
+) -> tuple[list[str], list[str]]:
+    """Create a single zstd-compressed tar of all workspace paths and transfer locally.
+
+    Runs tar via nohup so it survives SSH disconnects. Polls for completion
+    and reports archive size periodically.
+
+    The archive is created in a root-owned temp directory to avoid symlink
+    attacks and collisions in /tmp.
+
+    Returns (archived_paths, skipped_paths) -- paths that were actually included
+    and paths that were skipped because they didn't exist on the VM.
+    """
+
+    # Create a secure temp directory (root-owned, mode 0700)
+    tmp_dir = target.run("mktemp -d /tmp/agentworks-backup-XXXXXX", sudo=True).stdout.strip()
+    q_tmp = shlex.quote(tmp_dir)
+    archive = f"{tmp_dir}/workspaces.tar.zst"
+    q_archive = shlex.quote(archive)
+
+    try:
+        # Verify workspace paths exist on the VM
+        valid: list[WorkspaceRow] = []
+        skipped: list[str] = []
+        for ws in vm_workspaces:
+            if target.run(f"test -d {shlex.quote(ws.workspace_path)}", sudo=True, check=False).ok:
+                valid.append(ws)
+            else:
+                output.warn(f"path not found, skipping: {ws.workspace_path}")
+                skipped.append(ws.workspace_path)
+
+        if not valid:
+            raise BackupError("no workspace paths exist on the VM")
+
+        # Verify zstd is available
+        if not target.run("command -v zstd >/dev/null 2>&1", check=False).ok:
+            raise BackupError(
+                "zstd is not installed on the VM. Run 'agentworks vm reinit' to install it."
+            )
+
+        # Calculate total uncompressed size
+        du_paths = " ".join(shlex.quote(ws.workspace_path) for ws in valid)
+        du_result = target.run(f"du -sb {du_paths} | awk '{{s+=$1}} END {{print s}}'", sudo=True, check=False)
+        if du_result.ok and du_result.stdout.strip().isdigit():
+            total_size = int(du_result.stdout.strip())
+            output.detail(f"Total workspace size: {_fmt_size(total_size)} (uncompressed)")
+
+        # Use zstd at level 15 for high compression (trades CPU for smaller archive,
+        # which is worthwhile since cross-workspace deduplication benefits from it).
+        output.detail(f"Archiving {len(valid)} workspace(s) with zstd (this may take a while)...")
+        output.detail(f"Remote archive: {archive}", indent=2)
+        output.detail(f"Local archive:  {local_archive}", indent=2)
+
+        # Write paths file via scp to avoid shell escaping issues.
+        paths_file = f"{tmp_dir}/paths.txt"
+        q_paths_file = shlex.quote(paths_file)
+        path_content = "\n".join(ws.workspace_path.lstrip("/") for ws in valid) + "\n"
+
+        from agentworks.ssh import write_file as ssh_write_file
+
+        # Admin can't write to root-owned temp dir, so stage via a securely
+        # created temp file (mktemp creates with mode 0600), then move as root.
+        staging_paths = target.run("mktemp /tmp/_aw_paths_XXXXXX.txt").stdout.strip()
+        q_staging = shlex.quote(staging_paths)
+        ssh_write_file(target_ssh, staging_paths, path_content)
+        target.run(f"mv {q_staging} {q_paths_file}", sudo=True)
+
+        # Use run_detached in a background thread so we can poll archive size.
+        # run_detached handles nohup reliably via scp'd wrapper script.
+        tar_cmd = f"ZSTD_CLEVEL=15 tar --zstd -cf {q_archive} -C / -T {q_paths_file}"
+
+        # Create a secure admin-owned directory (mktemp -d creates mode 0700)
+        # for run_detached's files. Can't use the root-owned tmp_dir because
+        # run_detached writes its wrapper script via scp (as admin). Using
+        # mktemp -d (not -u) avoids the race/symlink risks of mktemp -u.
+        detached_dir = target.run("mktemp -d /tmp/_aw_detached_XXXXXX").stdout.strip()
+        detached_base = f"{detached_dir}/run"
+
+        import threading
+
+        from agentworks.remote_exec import DetachedResult, run_detached
+
+        result_holder: list[DetachedResult] = []
+        error_holder: list[Exception] = []
+
+        def _run_tar() -> None:
+            try:
+                r = run_detached(
+                    target,
+                    tar_cmd,
+                    label="Archive",
+                    base_path=detached_base,
+                    poll_interval=5,
+                    quiet_timeout=300,
+                    as_root=True,
+                    quiet=True,
+                )
+                result_holder.append(r)
+            except Exception as e:
+                error_holder.append(e)
+
+        thread = threading.Thread(target=_run_tar, daemon=True)
+        thread.start()
+
+        # Poll archive size while tar runs
+        try:
+            last_report = time.monotonic()
+            while thread.is_alive():
+                thread.join(timeout=15)
+                if thread.is_alive() and time.monotonic() - last_report >= 30:
+                    _report_size(target, archive)
+                    last_report = time.monotonic()
+        except KeyboardInterrupt:
+            output.warn("Interrupted. Killing remote tar and cleaning up...")
+            # Read the PID that run_detached's wrapper wrote, kill the process group
+            pid_result = target.run(f"cat {shlex.quote(detached_base)}.pid", sudo=True, check=False)
+            pid = pid_result.stdout.strip() if pid_result.ok else ""
+            if pid.isdigit():
+                # Kill the wrapper shell's process group (tar + wrapper)
+                target.run(f"kill -TERM -{pid} 2>/dev/null", sudo=True, check=False)
+            from agentworks.output import UserAbort
+
+            raise UserAbort("backup interrupted") from None
+
+        if error_holder:
+            raise error_holder[0]
+        if not result_holder:
+            raise BackupError("tar did not produce a result")
+
+        result = result_holder[0]
+        if result.exit_code != 0:
+            detail = f"Command: {tar_cmd}"
+            if result.output:
+                detail += f"\nOutput:\n{result.output.strip()}"
+            raise BackupError(f"tar failed (exit {result.exit_code})\n{detail}")
+
+        _report_size(target, archive)
+
+        if result.output.strip():
+            output.warn("tar warnings:")
+            for line in result.output.strip().splitlines()[-10:]:
+                output.detail(line, indent=2)
+
+        # Transfer to local. Chown the temp dir and archive to the admin
+        # user so scp can read it (avoids making it world-readable).
+        admin = shlex.quote(target_ssh.user or "agentworks")
+        target.run(f"chown {admin} {q_tmp} {q_archive}", sudo=True)
+
+        # Get remote archive size for progress reporting
+        size_result = target.run(f"stat -c %s {q_archive}", sudo=True, check=False)
+        remote_size = int(size_result.stdout.strip()) if size_result.ok else 0
+
+        output.detail("Transferring remote archive to local...")
+        _transfer_with_progress(target_ssh, archive, local_archive, remote_size)
+
+    except Exception:
+        output.warn(f"Remote temp dir preserved for debugging: {tmp_dir}")
+        raise
+    else:
+        target.run(f"rm -rf {q_tmp}", sudo=True, check=False)
+        target.run(f"rm -rf {shlex.quote(detached_dir)}", check=False)
+
+    return [ws.workspace_path for ws in valid], skipped
+
+
+def _transfer_with_progress(
+    target_ssh: SSHTarget,
+    remote_path: str,
+    local_path: Path,
+    remote_size: int,
+) -> None:
+    """Transfer a file via scp with progress reporting based on local file size.
+
+    Uses Popen so the process can be terminated on Ctrl-C and the partially
+    downloaded file cleaned up.
+    """
+    from agentworks.ssh import SSHError, scp_base_args
+
+    args = scp_base_args(target_ssh)
+    if target_ssh.user:
+        src = f"{target_ssh.user}@{target_ssh.host}:{remote_path}"
+    else:
+        src = f"{target_ssh.host}:{remote_path}"
+    args.append(src)
+    args.append(str(local_path))
+
+    proc = subprocess.Popen(
+        args, stdin=subprocess.DEVNULL, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
+    )
+    try:
+        last_report = time.monotonic()
+        while proc.poll() is None:
+            time.sleep(15)
+            if time.monotonic() - last_report >= 30:
+                try:
+                    local_size = local_path.stat().st_size
+                    if remote_size > 0:
+                        pct = local_size / remote_size * 100
+                        output.detail(
+                            f"Transfer: {_fmt_size(local_size)} / "
+                            f"{_fmt_size(remote_size)} ({pct:.0f}%)"
+                        )
+                    else:
+                        output.detail(f"Transfer: {_fmt_size(local_size)}")
+                except FileNotFoundError:
+                    pass
+                last_report = time.monotonic()
+
+        if proc.returncode != 0:
+            assert proc.stderr is not None
+            stderr = (proc.stderr.read() or b"").decode("utf-8", errors="replace").strip()
+            raise SSHError(f"scp failed: {stderr}")
+
+        output.detail(f"Saved: {local_path} ({_fmt_size(local_path.stat().st_size)})")
+
+    except (KeyboardInterrupt, Exception):
+        proc.terminate()
+        try:
+            proc.wait(timeout=5)
+        except subprocess.TimeoutExpired:
+            proc.kill()
+            proc.wait()
+        # Clean up partial download
+        if local_path.exists():
+            local_path.unlink()
+        raise
+
+
+def _fmt_size(size_bytes: int) -> str:
+    """Format a byte count as a human-readable string."""
+    if size_bytes >= 1024 * 1024 * 1024:
+        return f"{size_bytes / (1024**3):.1f} GB"
+    if size_bytes >= 1024 * 1024:
+        return f"{size_bytes / (1024**2):.1f} MB"
+    if size_bytes >= 1024:
+        return f"{size_bytes / 1024:.1f} KB"
+    return f"{size_bytes} B"
+
+
+def _report_size(target: ExecTarget, remote_path: str) -> None:
+    """Print the size of a remote file."""
+    try:
+        result = target.run(f"stat -c %s {shlex.quote(remote_path)}", sudo=True, check=False)
+        if result.ok:
+            output.detail(f"Archive size: {_fmt_size(int(result.stdout.strip()))}")
+    except Exception:
+        pass
+
+
+def _write_json(path: Path, data: object) -> None:
+    path.write_text(json.dumps(data, indent=2, default=str) + "\n")

agentworks/vms/base.py

@@ -0,0 +1,56 @@
+"""Base interface for VM provisioners."""
+
+from __future__ import annotations
+
+from abc import ABC, abstractmethod
+from dataclasses import dataclass
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from agentworks.config import Config
+    from agentworks.db import VMRow, VMStatus
+    from agentworks.ssh import ExecTarget
+
+
+@dataclass
+class ProvisionResult:
+    """Result of VM provisioning -- exec target plus platform metadata."""
+
+    admin_exec_target: ExecTarget
+    azure_resource_id: str | None = None
+    wsl_distro_name: str | None = None
+    proxmox_vmid: str | None = None
+    bootstrap_complete: bool = False
+    tailscale_ip: str | None = None
+
+
+class VMProvisioner(ABC):
+    """Interface that each platform provisioner must implement."""
+
+    @abstractmethod
+    def create(self, vm_name: str, config: Config) -> ProvisionResult:
+        """Create a raw VM and return provisioning result for the initializer."""
+
+    @abstractmethod
+    def start(self, vm: VMRow) -> None:
+        """Start a stopped VM."""
+
+    @abstractmethod
+    def stop(self, vm: VMRow) -> None:
+        """Stop a running VM."""
+
+    @abstractmethod
+    def delete(self, vm: VMRow) -> None:
+        """Delete a VM and clean up platform resources."""
+
+    @abstractmethod
+    def status(self, vm: VMRow) -> VMStatus:
+        """Query the live runtime status of a VM."""
+
+    @abstractmethod
+    def admin_exec_target(self, vm: VMRow, *, config: object | None = None) -> ExecTarget:
+        """Return an ExecTarget for the admin user for a running VM (provisioning transport).
+
+        config is optional; Azure needs it for the SSH identity file when
+        connecting via public IP (e.g., during Tailscale logout on delete).
+        """

agentworks/vms/bootstrap_script.py

@@ -0,0 +1,185 @@
+"""Phase A bootstrap script generation and output parsing.
+
+Generates a self-contained bash script that runs all Phase A (bootstrap)
+steps on a fresh VM. The script uses structured markers in stdout so the
+Python side can drive logging and console output.
+
+Markers:
+  ##STEP## <name>       - step boundary
+  ##SUCCESS## <msg>     - step succeeded
+  ##WARN## <msg>        - non-fatal warning
+  ##ERROR## <msg>       - fatal error
+"""
+
+from __future__ import annotations
+
+import shlex
+from dataclasses import dataclass, field
+
+SCRIPT_TEMPLATE = """\
+#!/bin/bash
+set -euo pipefail
+
+VM_USER={admin_username}
+SSH_PUBLIC_KEY={ssh_public_key}
+PROVISIONING_PACKAGES={provisioning_packages}
+TAILSCALE_AUTH_KEY={tailscale_auth_key}
+VM_HOSTNAME={vm_hostname}
+TS_EXTRA_FLAGS={ts_extra_flags}
+SWAP_GB={swap}
+
+# -- Step 1: Ensure user --
+echo "##STEP## Ensure user"
+if id "$VM_USER" >/dev/null 2>&1; then
+    echo "##SUCCESS## user $VM_USER already exists"
+else
+    useradd -m -s /bin/bash "$VM_USER"
+    echo "##SUCCESS## user $VM_USER created"
+fi
+usermod -aG sudo "$VM_USER"
+echo "$VM_USER ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$VM_USER"
+
+# -- Step 2: Provisioning packages --
+echo "##STEP## Provisioning packages"
+export DEBIAN_FRONTEND=noninteractive
+apt-get update -qq
+timeout 600 apt-get dist-upgrade -y -qq -o Dpkg::Options::="--force-confnew"
+# shellcheck disable=SC2086
+apt-get install -y -qq -o Dpkg::Options::="--force-confnew" $PROVISIONING_PACKAGES
+echo "##SUCCESS## provisioning packages installed"
+
+# -- Step 2b: Preserve SSH host keys across reboots --
+# By default, cloud-init may delete and regenerate SSH host keys on certain
+# boot events (e.g., VM stop/start). This causes SSH clients to reject the
+# connection due to a changed host key. Tell cloud-init to preserve existing keys.
+echo "##STEP## Preserve SSH host keys"
+mkdir -p /etc/cloud/cloud.cfg.d
+cat > /etc/cloud/cloud.cfg.d/99-preserve-ssh-keys.cfg <<'CLOUDCFG'
+ssh_deletekeys: false
+ssh_genkeytypes: []
+CLOUDCFG
+echo "##SUCCESS## SSH host key preservation configured"
+
+# -- Step 3: SSH public key --
+echo "##STEP## SSH public key"
+HOME_DIR="/home/$VM_USER"
+mkdir -p "$HOME_DIR/.ssh"
+echo "$SSH_PUBLIC_KEY" >> "$HOME_DIR/.ssh/authorized_keys"
+chown -R "$VM_USER:$VM_USER" "$HOME_DIR/.ssh"
+chmod 700 "$HOME_DIR/.ssh"
+chmod 600 "$HOME_DIR/.ssh/authorized_keys"
+echo "##SUCCESS## SSH key installed"
+
+# -- Step 4: Swap file --
+echo "##STEP## Swap file"
+if [ "$SWAP_GB" -gt 0 ]; then
+    if [ -f /swapfile ]; then
+        echo "##SUCCESS## swap file already exists"
+    else
+        SWAP_MB=$((SWAP_GB * 1024))
+        fallocate -l "${{SWAP_MB}}M" /swapfile
+        chmod 600 /swapfile
+        mkswap /swapfile
+        swapon /swapfile
+        echo '/swapfile none swap sw 0 0' >> /etc/fstab
+        echo "##SUCCESS## ${{SWAP_GB}} GiB swap file created"
+    fi
+else
+    echo "##SUCCESS## swap disabled"
+fi
+
+# -- Step 5: Set hostname --
+echo "##STEP## Hostname"
+hostnamectl set-hostname "$VM_HOSTNAME" 2>/dev/null || hostname "$VM_HOSTNAME"
+echo "##SUCCESS## hostname set to $VM_HOSTNAME"
+
+# -- Step 6: Install Tailscale --
+echo "##STEP## Tailscale install"
+if command -v tailscale >/dev/null 2>&1; then
+    echo "##SUCCESS## tailscale already installed"
+else
+    curl -fsSL https://tailscale.com/install.sh | sh
+    echo "##SUCCESS## tailscale installed"
+fi
+
+# -- Step 7: Join Tailscale --
+echo "##STEP## Tailscale join"
+# shellcheck disable=SC2086
+tailscale up --auth-key "$TAILSCALE_AUTH_KEY" $TS_EXTRA_FLAGS
+TS_IP=$(tailscale ip -4)
+echo "##SUCCESS## tailscale-ip=$TS_IP"
+"""
+
+
+def vm_hostname(platform: str, vm_name: str) -> str:
+    """Build a consistent VM hostname: <platform>--<vm_name>."""
+    return f"{platform}--{vm_name}"
+
+
+def generate_bootstrap_script(
+    *,
+    admin_username: str,
+    ssh_public_key: str,
+    provisioning_packages: list[str],
+    tailscale_auth_key: str,
+    hostname: str,
+    swap: int = 0,
+    is_wsl2: bool = False,
+) -> str:
+    """Generate the Phase A bootstrap script with parameters baked in."""
+    ts_extra_flags = "--userspace-networking" if is_wsl2 else ""
+
+    return SCRIPT_TEMPLATE.format(
+        admin_username=shlex.quote(admin_username),
+        ssh_public_key=shlex.quote(ssh_public_key),
+        provisioning_packages=shlex.quote(" ".join(provisioning_packages)),
+        tailscale_auth_key=shlex.quote(tailscale_auth_key),
+        vm_hostname=shlex.quote(hostname),
+        ts_extra_flags=shlex.quote(ts_extra_flags),
+        swap=swap,
+    )
+
+
+@dataclass
+class StepResult:
+    name: str
+    success_msg: str | None = None
+    warnings: list[str] = field(default_factory=list)
+    error: str | None = None
+
+
+@dataclass
+class BootstrapResult:
+    exit_code: int
+    tailscale_ip: str | None = None
+    steps: list[StepResult] = field(default_factory=list)
+    raw_output: str = ""
+
+    @property
+    def ok(self) -> bool:
+        return self.exit_code == 0 and self.tailscale_ip is not None
+
+
+def parse_bootstrap_output(stdout: str, exit_code: int) -> BootstrapResult:
+    """Parse structured markers from bootstrap script output."""
+    result = BootstrapResult(exit_code=exit_code, raw_output=stdout)
+    current_step: StepResult | None = None
+
+    for line in stdout.splitlines():
+        if line.startswith("##STEP## "):
+            current_step = StepResult(name=line[9:])
+            result.steps.append(current_step)
+        elif line.startswith("##SUCCESS## "):
+            msg = line[12:]
+            if current_step is not None:
+                current_step.success_msg = msg
+            if msg.startswith("tailscale-ip="):
+                result.tailscale_ip = msg.split("=", 1)[1].strip()
+        elif line.startswith("##WARN## "):
+            if current_step is not None:
+                current_step.warnings.append(line[9:])
+        elif line.startswith("##ERROR## "):
+            if current_step is not None:
+                current_step.error = line[10:]
+
+    return result