PyPI - portacode - Versions diffs - 1.4.16.dev10__py3-none-any.whl → 1.4.17__py3-none-any.whl - Mend

portacode 1.4.16.dev10py3-none-any.whl → 1.4.17py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

portacode/connection/handlers/proxmox_infra.py CHANGED Viewed

@@ -19,7 +19,7 @@ import time
 import threading
 from datetime import datetime, timezone
 from pathlib import Path
-from typing import Any, Callable, Dict, Iterable, List, Optional, Sequence, Set, Tuple
+from typing import Any, Callable, Dict, Iterable, List, Optional, Sequence, Tuple
 import platformdirs
@@ -45,14 +45,38 @@ DNS_SERVER = "1.1.1.1"
 IFACES_PATH = Path("/etc/network/interfaces")
 SYSCTL_PATH = Path("/etc/sysctl.d/99-portacode-forward.conf")
 UNIT_DIR = Path("/etc/systemd/system")
-_MANAGED_CONTAINERS_CACHE_TTL_S = 30.0
-_MANAGED_CONTAINERS_CACHE: Dict[str, Any] = {"timestamp": 0.0, "summary": None}
-_MANAGED_CONTAINERS_CACHE_LOCK = threading.Lock()
+_MANAGED_CONTAINERS_STATE_LOCK = threading.Lock()
+_MANAGED_CONTAINERS_STATE: Dict[str, Any] = {
+    "initialized": False,
+    "base_summary": None,
+    "initial_totals": {"ram_mib": 0, "disk_gib": 0, "cpu_share": 0.0},
+    "records": {},
+    "pending": {},
+}
 TEMPLATES_REFRESH_INTERVAL_S = 300
 ProgressCallback = Callable[[int, int, Dict[str, Any], str, Optional[Dict[str, Any]]], None]
+def _emit_host_event(
+    handler: SyncHandler,
+    payload: Dict[str, Any],
+) -> None:
+    loop = handler.context.get("event_loop")
+    if not loop or loop.is_closed():
+        logger.debug("host event skipped (no event loop) event=%s", payload.get("event"))
+        return
+    future = asyncio.run_coroutine_threadsafe(handler.send_response(payload), loop)
+    future.add_done_callback(
+        lambda fut: logger.warning(
+            "Failed to emit host event %s: %s", payload.get("event"), fut.exception()
+        )
+        if fut.exception()
+        else None
+    )
 def _emit_progress_event(
     handler: SyncHandler,
     *,
@@ -202,67 +226,66 @@ def _current_time_iso() -> str:
     return datetime.now(timezone.utc).isoformat()
-def _to_int(value: Any, default: int = 0) -> int:
+def _parse_iso_timestamp(value: str) -> Optional[datetime]:
+    if not value:
+        return None
+    text = value
+    if text.endswith("Z"):
+        text = text[:-1] + "+00:00"
     try:
-        return int(value)
-    except (TypeError, ValueError):
-        return default
+        return datetime.fromisoformat(text)
+    except ValueError:
+        return None
+def _templates_need_refresh(config: Dict[str, Any]) -> bool:
+    if not config or not config.get("token_value"):
+        return False
+    last = _parse_iso_timestamp(config.get("templates_last_refreshed") or "")
+    if not last:
+        return True
+    return (datetime.now(timezone.utc) - last).total_seconds() >= TEMPLATES_REFRESH_INTERVAL_S
-def _to_float(value: Any, default: float = 0.0) -> float:
+def _ensure_templates_refreshed_on_startup(config: Dict[str, Any]) -> None:
+    if not _templates_need_refresh(config):
+        return
     try:
-        return float(value)
-    except (TypeError, ValueError):
-        return default
+        client = _build_proxmox_client_from_config(config)
+        node = config.get("node") or _pick_node(client)
+        storages = client.nodes(node).storage.get()
+        templates = _list_templates(client, node, storages)
+        if templates:
+            config["templates"] = templates
+            config["templates_last_refreshed"] = _current_time_iso()
+            _save_config(config)
+    except Exception as exc:
+        logger.warning("Unable to refresh Proxmox templates on startup: %s", exc)
-def _calculate_available(total: Optional[float], used: float) -> Optional[float]:
-    if total is None:
-        return None
-    delta = total - used
-    return delta if delta >= 0 else 0.0
+def _pick_storage(storages: Iterable[Dict[str, Any]]) -> str:
+    candidates = [s for s in storages if "rootdir" in s.get("content", "") and s.get("avail", 0) > 0]
+    if not candidates:
+        candidates = [s for s in storages if "rootdir" in s.get("content", "")]
+    if not candidates:
+        return ""
+    candidates.sort(key=lambda entry: entry.get("avail", 0), reverse=True)
+    return candidates[0].get("storage", "")
-def _normalize_bytes(value: Any) -> float:
-    if isinstance(value, (int, float)):
-        return float(value)
-    text = str(value or "").strip()
-    if not text:
-        return 0.0
-    match = re.match(r"(?i)^\s*([0-9]*\.?[0-9]+)\s*([kmgtp]?i?b?)?\s*$", text)
-    if not match:
-        return 0.0
-    number = match.group(1)
-    unit = (match.group(2) or "").lower()
+def _bytes_to_gib(value: Any) -> float:
     try:
-        value = float(number)
-    except ValueError:
+        return float(value) / 1024**3
+    except (TypeError, ValueError):
         return 0.0
-    if unit.startswith("k"):
-        return value * 1024
-    if unit.startswith("m"):
-        return value * 1024**2
-    if unit.startswith("g"):
-        return value * 1024**3
-    if unit.startswith("t"):
-        return value * 1024**4
-    if unit.startswith("p"):
-        return value * 1024**5
-    return value
-def _bytes_to_mib(value: Any) -> int:
-    return int(round(_normalize_bytes(value) / (1024**2)))
-def _bytes_to_gib(value: Any) -> int:
-    return int(round(_normalize_bytes(value) / (1024**3)))
+def _bytes_to_mib(value: Any) -> float:
+    try:
+        return float(value) / 1024**2
+    except (TypeError, ValueError):
+        return 0.0
-def _normalize_storage_name(name: Any) -> str:
-    if not name:
-        return ""
-    return str(name).strip().lower()
 def _size_token_to_gib(token: str) -> float:
     match = re.match(r"^\s*([0-9]+(?:\.[0-9]+)?)\s*([KMGTP])?([iI]?[bB])?\s*$", token)
@@ -272,11 +295,11 @@ def _size_token_to_gib(token: str) -> float:
     unit = (match.group(2) or "").upper()
     scale = {
         "": 1,
-        "K": 1024 ** 1,
-        "M": 1024 ** 2,
-        "G": 1024 ** 3,
-        "T": 1024 ** 4,
-        "P": 1024 ** 5,
+        "K": 1024**1,
+        "M": 1024**2,
+        "G": 1024**3,
+        "T": 1024**4,
+        "P": 1024**5,
     }.get(unit, 1)
     return (number * scale) / 1024**3
@@ -292,7 +315,7 @@ def _extract_size_gib(value: Any) -> float:
     return _size_token_to_gib(text)
-def _extract_storage(value: Any) -> str:
+def _extract_storage_token(value: Any) -> str:
     if not value:
         return "unknown"
     text = str(value)
@@ -303,12 +326,12 @@ def _extract_storage(value: Any) -> str:
 def _storage_from_lxc(cfg: Dict[str, Any], entry: Dict[str, Any]) -> str:
     rootfs = cfg.get("rootfs") or entry.get("rootfs")
-    storage = _extract_storage(rootfs)
+    storage = _extract_storage_token(rootfs)
     if storage != "unknown":
         return storage
     for idx in range(0, 10):
         mp_value = cfg.get(f"mp{idx}")
-        storage = _extract_storage(mp_value)
+        storage = _extract_storage_token(mp_value)
         if storage != "unknown":
             return storage
     return "unknown"
@@ -318,7 +341,7 @@ def _storage_from_qemu(cfg: Dict[str, Any]) -> str:
     preferred_keys: List[str] = []
     for prefix in ("scsi", "virtio", "sata", "ide"):
         preferred_keys.extend(f"{prefix}{idx}" for idx in range(0, 6))
-    seen: Set[str] = set()
+    seen = set()
     for key in preferred_keys:
         value = cfg.get(key)
         if value is None:
@@ -327,7 +350,7 @@ def _storage_from_qemu(cfg: Dict[str, Any]) -> str:
         text = str(value)
         if "media=cdrom" in text or "cloudinit" in text:
             continue
-        storage = _extract_storage(text)
+        storage = _extract_storage_token(text)
         if storage != "unknown":
             return storage
     for key in sorted(cfg.keys()):
@@ -341,11 +364,11 @@ def _storage_from_qemu(cfg: Dict[str, Any]) -> str:
         text = str(value)
         if "media=cdrom" in text or "cloudinit" in text:
             continue
-        storage = _extract_storage(text)
+        storage = _extract_storage_token(text)
         if storage != "unknown":
             return storage
     for key in ("efidisk0", "tpmstate0"):
-        storage = _extract_storage(cfg.get(key))
+        storage = _extract_storage_token(cfg.get(key))
         if storage != "unknown":
             return storage
     return "unknown"
@@ -359,7 +382,7 @@ def _primary_qemu_disk(cfg: Dict[str, Any]) -> str:
     preferred_keys: List[str] = []
     for prefix in ("scsi", "virtio", "sata", "ide"):
         preferred_keys.extend(f"{prefix}{idx}" for idx in range(0, 6))
-    seen: Set[str] = set()
+    seen = set()
     for key in preferred_keys:
         value = cfg.get(key)
         if value is None:
@@ -384,8 +407,8 @@ def _primary_qemu_disk(cfg: Dict[str, Any]) -> str:
     return ""
-def _pick_storage(kind: str, cfg: Dict[str, Any], entry: Dict[str, Any]) -> str:
-    storage = _extract_storage(cfg.get("storage") or entry.get("storage"))
+def _pick_container_storage(kind: str, cfg: Dict[str, Any], entry: Dict[str, Any]) -> str:
+    storage = _extract_storage_token(cfg.get("storage") or entry.get("storage"))
     if storage != "unknown":
         return storage
     if kind == "lxc":
@@ -393,7 +416,7 @@ def _pick_storage(kind: str, cfg: Dict[str, Any], entry: Dict[str, Any]) -> str:
     return _storage_from_qemu(cfg)
-def _pick_disk_gib(kind: str, cfg: Dict[str, Any], entry: Dict[str, Any]) -> float:
+def _pick_container_disk_gib(kind: str, cfg: Dict[str, Any], entry: Dict[str, Any]) -> float:
     if kind == "lxc":
         size = _extract_size_gib(_primary_lxc_disk(cfg, entry))
         if size:
@@ -402,68 +425,63 @@ def _pick_disk_gib(kind: str, cfg: Dict[str, Any], entry: Dict[str, Any]) -> flo
         size = _extract_size_gib(_primary_qemu_disk(cfg))
         if size:
             return size
-    for candidate in (entry.get("maxdisk"), entry.get("disk")):
-        if candidate in {None, 0}:
+    for candidate in (entry.get("maxdisk"), entry.get("disk"), cfg.get("disk")):
+        if candidate is None or candidate == 0:
             continue
-        return _normalize_bytes(candidate) / 1024**3
-    cfg_disk = cfg.get("disk")
-    if cfg_disk not in (None, 0):
-        return _normalize_bytes(cfg_disk) / 1024**3
+        return _bytes_to_gib(candidate)
     return 0.0
-def _parse_bool_flag(value: Any) -> bool:
-    if isinstance(value, bool):
-        return value
-    text = str(value or "").strip().lower()
-    return text in {"1", "true", "yes", "on"}
-def _parse_iso_timestamp(value: str) -> Optional[datetime]:
-    if not value:
-        return None
-    text = value
-    if text.endswith("Z"):
-        text = text[:-1] + "+00:00"
+def _to_mib(value: Any) -> float:
     try:
-        return datetime.fromisoformat(text)
-    except ValueError:
-        return None
+        val = float(value)
+    except (TypeError, ValueError):
+        return 0.0
+    if val <= 0:
+        return 0.0
+    # Heuristic: large values are bytes, smaller ones are already MiB.
+    return _bytes_to_mib(val) if val > 10000 else val
-def _templates_need_refresh(config: Dict[str, Any]) -> bool:
-    if not config or not config.get("token_value"):
-        return False
-    last = _parse_iso_timestamp(config.get("templates_last_refreshed") or "")
-    if not last:
-        return True
-    return (datetime.now(timezone.utc) - last).total_seconds() >= TEMPLATES_REFRESH_INTERVAL_S
+def _pick_container_ram_mib(kind: str, cfg: Dict[str, Any], entry: Dict[str, Any]) -> float:
+    for candidate in (cfg.get("memory"), entry.get("maxmem"), entry.get("mem")):
+        ram = _to_mib(candidate)
+        if ram:
+            return ram
+    return 0.0
-def _ensure_templates_refreshed_on_startup(config: Dict[str, Any]) -> None:
-    if not _templates_need_refresh(config):
-        return
+def _safe_float(value: Any) -> float:
     try:
-        client = _build_proxmox_client_from_config(config)
-        node = config.get("node") or _pick_node(client)
-        storages = client.nodes(node).storage.get()
-        templates = _list_templates(client, node, storages)
-        if templates:
-            config["templates"] = templates
-            config["templates_last_refreshed"] = _current_time_iso()
-            _save_config(config)
-    except Exception as exc:
-        logger.warning("Unable to refresh Proxmox templates on startup: %s", exc)
+        return float(value)
+    except (TypeError, ValueError):
+        return 0.0
-def _pick_storage(storages: Iterable[Dict[str, Any]]) -> str:
-    candidates = [s for s in storages if "rootdir" in s.get("content", "") and s.get("avail", 0) > 0]
-    if not candidates:
-        candidates = [s for s in storages if "rootdir" in s.get("content", "")]
-    if not candidates:
-        return ""
-    candidates.sort(key=lambda entry: entry.get("avail", 0), reverse=True)
-    return candidates[0].get("storage", "")
+def _pick_container_cpu_share(kind: str, cfg: Dict[str, Any], entry: Dict[str, Any]) -> float:
+    if kind == "lxc":
+        for key in ("cpulimit", "cores", "cpus"):
+            val = _safe_float(cfg.get(key))
+            if val:
+                return val
+        return _safe_float(entry.get("cpus"))
+    cores = _safe_float(cfg.get("cores"))
+    sockets = _safe_float(cfg.get("sockets")) or 1.0
+    if cores:
+        return cores * sockets
+    val = _safe_float(cfg.get("vcpus"))
+    if val:
+        return val
+    val = _safe_float(entry.get("cpus") or entry.get("maxcpu"))
+    if val:
+        return val
+    return 0.0
+def _parse_onboot_flag(value: Any) -> bool:
+    text = str(value).strip().lower()
+    return text in {"1", "true", "yes", "on"}
 def _write_bridge_config(bridge: str) -> None:
@@ -580,10 +598,76 @@ def _ensure_containers_dir() -> None:
     CONTAINERS_DIR.mkdir(parents=True, exist_ok=True)
-def _invalidate_managed_containers_cache() -> None:
-    with _MANAGED_CONTAINERS_CACHE_LOCK:
-        _MANAGED_CONTAINERS_CACHE["timestamp"] = 0.0
-        _MANAGED_CONTAINERS_CACHE["summary"] = None
+def _copy_summary(summary: Dict[str, Any]) -> Dict[str, Any]:
+    snapshot = summary.copy()
+    containers = summary.get("containers")
+    if isinstance(containers, list):
+        snapshot["containers"] = [entry.copy() for entry in containers]
+    unmanaged = summary.get("unmanaged_containers")
+    if isinstance(unmanaged, list):
+        snapshot["unmanaged_containers"] = [entry.copy() for entry in unmanaged]
+    return snapshot
+def _refresh_container_statuses(records: List[Dict[str, Any]], config: Dict[str, Any] | None) -> None:
+    if not records or not config:
+        return
+    try:
+        proxmox = _connect_proxmox(config)
+        node = _get_node_from_config(config)
+        statuses = {
+            str(ct.get("vmid")): (ct.get("status") or "unknown").lower()
+            for ct in proxmox.nodes(node).lxc.get()
+        }
+    except Exception as exc:  # pragma: no cover - best effort
+        logger.debug("Failed to refresh container statuses: %s", exc)
+        return
+    for record in records:
+        vmid = record.get("vmid")
+        if vmid is None:
+            continue
+        try:
+            vmid_key = str(int(vmid))
+        except (ValueError, TypeError):
+            continue
+        status = statuses.get(vmid_key)
+        if status:
+            record["status"] = status
+def _initialize_managed_containers_state(force: bool = False) -> Dict[str, Any]:
+    with _MANAGED_CONTAINERS_STATE_LOCK:
+        if _MANAGED_CONTAINERS_STATE["initialized"] and not force:
+            base = _MANAGED_CONTAINERS_STATE["base_summary"]
+            return _copy_summary(base) if base else {}
+    config = _load_config()
+    records = _load_managed_container_records()
+    _refresh_container_statuses(records, config)
+    base_summary = _build_full_container_summary(records, config)
+    record_map: Dict[str, Dict[str, Any]] = {}
+    for record in records:
+        vmid = record.get("vmid")
+        if vmid is None:
+            continue
+        try:
+            record_map[str(int(vmid))] = record
+        except (TypeError, ValueError):
+            continue
+    initial_totals = {
+        "ram_mib": int(base_summary.get("total_ram_mib") or 0),
+        "disk_gib": int(base_summary.get("total_disk_gib") or 0),
+        "cpu_share": float(base_summary.get("total_cpu_share") or 0.0),
+    }
+    with _MANAGED_CONTAINERS_STATE_LOCK:
+        _MANAGED_CONTAINERS_STATE["initialized"] = True
+        _MANAGED_CONTAINERS_STATE["base_summary"] = base_summary
+        _MANAGED_CONTAINERS_STATE["initial_totals"] = initial_totals
+        _MANAGED_CONTAINERS_STATE["records"] = record_map
+        _MANAGED_CONTAINERS_STATE["pending"] = {}
+    return _copy_summary(base_summary)
 def _load_managed_container_records() -> List[Dict[str, Any]]:
@@ -599,104 +683,35 @@ def _load_managed_container_records() -> List[Dict[str, Any]]:
     return records
-def _extract_host_totals(node_status: Dict[str, Any] | None) -> Tuple[Optional[int], Optional[int], Optional[int]]:
-    if not node_status:
-        return None, None, None
-    memory_total = node_status.get("memory", {}).get("total")
-    disk_total = node_status.get("disk", {}).get("total")
-    cpu_cores = node_status.get("cpuinfo", {}).get("cores")
-    host_ram = _bytes_to_mib(memory_total) if memory_total is not None else None
-    host_disk = _bytes_to_gib(disk_total) if disk_total is not None else None
-    host_cpu = _to_int(cpu_cores) if cpu_cores is not None else None
-    return host_ram, host_disk, host_cpu
-def _build_unmanaged_container_entry(
-    ct: Dict[str, Any],
-    cfg: Dict[str, Any],
-    vmid: str,
-    default_storage: str | None,
-    *,
-    entry_type: str = "lxc",
-) -> Dict[str, Any]:
-    ram_mib = _to_int(cfg.get("memory")) or _bytes_to_mib(ct.get("maxmem"))
-    disk_gib = int(round(_pick_disk_gib(entry_type, cfg, ct)))
-    cpu_share = _to_float(
-        cfg.get("cpulimit")
-        or cfg.get("cpus")
-        or cfg.get("cores")
-        or ct.get("cpus")
-        or ct.get("cpu")
-    )
-    hostname = ct.get("name") or cfg.get("hostname") or f"ct{vmid}"
-    storage = _pick_storage(entry_type, cfg, ct)
-    status = (ct.get("status") or "unknown").lower()
-    reserved = _parse_bool_flag(cfg.get("onboot"))
-    storage_matches_default = _storage_matches_default(storage, default_storage)
-    return {
-        "vmid": vmid,
-        "hostname": hostname,
-        "template": cfg.get("ostemplate"),
-        "storage": storage,
-        "disk_gib": disk_gib,
-        "ram_mib": ram_mib,
-        "cpu_share": cpu_share,
-        "reserve_on_boot": reserved,
-        "matches_default_storage": storage_matches_default,
-        "type": entry_type,
-        "status": status,
-        "managed": False,
-    }
-def _get_storage_snapshot(proxmox: Any, node: str, storage_name: str | None) -> Dict[str, Any] | None:
-    if not storage_name:
-        return None
-    try:
-        storage = proxmox.nodes(node).storage(storage_name).status.get()
-    except Exception as exc:
-        logger.debug("Unable to read storage status %s:%s: %s", node, storage_name, exc)
-        return None
-    total_bytes = storage.get("total")
-    avail_bytes = storage.get("avail")
-    used_bytes = storage.get("used")
-    return {
-        "storage": storage_name,
-        "total_gib": _bytes_to_gib(total_bytes) if total_bytes is not None else None,
-        "avail_gib": _bytes_to_gib(avail_bytes) if avail_bytes is not None else None,
-        "used_gib": _bytes_to_gib(used_bytes) if used_bytes is not None else None,
-    }
-def _storage_matches_default(storage_name: Any, default_storage: str | None) -> bool:
-    if not default_storage:
-        return True
-    return _normalize_storage_name(storage_name) == _normalize_storage_name(default_storage)
-def _build_managed_containers_summary(
-    records: List[Dict[str, Any]],
-    unmanaged_records: List[Dict[str, Any]],
-    node_status: Dict[str, Any] | None,
-    storage_snapshot: Dict[str, Any] | None,
-    default_storage: str | None,
-) -> Dict[str, Any]:
-    managed_containers: List[Dict[str, Any]] = []
+def _build_managed_containers_summary(records: List[Dict[str, Any]]) -> Dict[str, Any]:
     total_ram = 0
     total_disk = 0
     total_cpu_share = 0.0
+    containers: List[Dict[str, Any]] = []
+    def _as_int(value: Any) -> int:
+        try:
+            return int(value)
+        except (TypeError, ValueError):
+            return 0
-    for record in sorted(records, key=lambda entry: _to_int(entry.get("vmid"))):
-        ram_mib = _to_int(record.get("ram_mib"))
-        disk_gib = _to_int(record.get("disk_gib"))
-        cpu_share = _to_float(record.get("cpus"))
+    def _as_float(value: Any) -> float:
+        try:
+            return float(value)
+        except (TypeError, ValueError):
+            return 0.0
+    for record in sorted(records, key=lambda entry: _as_int(entry.get("vmid"))):
+        ram_mib = _as_int(record.get("ram_mib"))
+        disk_gib = _as_int(record.get("disk_gib"))
+        cpu_share = _as_float(record.get("cpus"))
         total_ram += ram_mib
         total_disk += disk_gib
         total_cpu_share += cpu_share
         status = (record.get("status") or "unknown").lower()
-        managed_containers.append(
+        containers.append(
             {
-                "vmid": str(_to_int(record.get("vmid"))) if record.get("vmid") is not None else None,
+                "vmid": str(_as_int(record.get("vmid"))) if record.get("vmid") is not None else None,
                 "device_id": record.get("device_id"),
                 "hostname": record.get("hostname"),
                 "template": record.get("template"),
@@ -706,162 +721,279 @@ def _build_managed_containers_summary(
                 "cpu_share": cpu_share,
                 "created_at": record.get("created_at"),
                 "status": status,
-                "managed": True,
-                "matches_default_storage": _storage_matches_default(record.get("storage"), default_storage),
             }
         )
-    unmanaged_total_ram = sum(
-        _to_int(entry.get("ram_mib"))
-        for entry in unmanaged_records
-        if entry.get("reserve_on_boot")
-    )
-    unmanaged_total_disk = sum(
-        _to_int(entry.get("disk_gib"))
-        for entry in unmanaged_records
-        if entry.get("matches_default_storage")
-    )
-    unmanaged_total_cpu = sum(
-        _to_float(entry.get("cpu_share"))
-        for entry in unmanaged_records
-        if entry.get("reserve_on_boot")
-    )
-    allocated_ram = total_ram + unmanaged_total_ram
-    allocated_disk = total_disk + unmanaged_total_disk
-    allocated_cpu = total_cpu_share + unmanaged_total_cpu
-    host_ram_node, host_disk_node, host_cpu_node = _extract_host_totals(node_status)
-    storage_host_disk = storage_snapshot.get("total_gib") if storage_snapshot else None
-    host_ram = host_ram_node
-    host_disk = storage_host_disk if storage_host_disk is not None else host_disk_node
-    host_cpu = host_cpu_node
     return {
         "updated_at": datetime.utcnow().isoformat() + "Z",
-        "count": len(managed_containers),
+        "count": len(containers),
         "total_ram_mib": total_ram,
         "total_disk_gib": total_disk,
         "total_cpu_share": round(total_cpu_share, 2),
-        "containers": managed_containers,
-        "unmanaged_containers": unmanaged_records,
-        "unmanaged_count": len(unmanaged_records),
-        "allocated_ram_mib": allocated_ram,
-        "allocated_disk_gib": allocated_disk,
-        "allocated_cpu_share": round(allocated_cpu, 2),
-        "available_ram_mib": _calculate_available(host_ram, allocated_ram) if host_ram is not None else None,
-        "available_disk_gib": _calculate_available(host_disk, allocated_disk) if host_disk is not None else None,
-        "available_cpu_share": _calculate_available(host_cpu, allocated_cpu) if host_cpu is not None else None,
-        "host_total_ram_mib": host_ram,
-        "host_total_disk_gib": host_disk,
-        "host_total_cpu_cores": host_cpu,
-        "default_storage": default_storage,
-        "default_storage_snapshot": storage_snapshot,
+        "containers": containers,
     }
-def _get_managed_containers_summary(force: bool = False) -> Dict[str, Any]:
-    def _refresh_container_statuses(
-        records: List[Dict[str, Any]],
-        config: Dict[str, Any] | None,
-        managed_vmids: Set[str],
-        default_storage: str | None,
-    ) -> Tuple[Dict[str, str], List[Dict[str, Any]], Dict[str, Any] | None, Dict[str, Any] | None]:
-        statuses: Dict[str, str] = {}
-        unmanaged: List[Dict[str, Any]] = []
-        node_status: Dict[str, Any] | None = None
-        if not config:
-            return statuses, unmanaged, node_status, None
-        proxmox = None
-        node = None
-        try:
-            proxmox = _connect_proxmox(config)
-            node = _get_node_from_config(config)
-            node_status = proxmox.nodes(node).status.get()
-            for ct in proxmox.nodes(node).lxc.get():
-                vmid_val = ct.get("vmid")
-                if vmid_val is None:
-                    continue
-                vmid_key = str(_to_int(vmid_val))
-                statuses[vmid_key] = (ct.get("status") or "unknown").lower()
-                if vmid_key in managed_vmids:
-                    continue
-                cfg: Dict[str, Any] = {}
-                try:
-                    cfg = proxmox.nodes(node).lxc(vmid_key).config.get() or {}
-                except Exception as exc:  # pragma: no cover - best effort
-                    logger.debug("Failed to read config for container %s: %s", vmid_key, exc)
-                description = (cfg.get("description") or "")
-                if MANAGED_MARKER in description:
-                    continue
-                unmanaged.append(
-                    _build_unmanaged_container_entry(ct, cfg, vmid_key, default_storage, entry_type="lxc")
-                )
-            for vm in proxmox.nodes(node).qemu.get():
-                vmid_val = vm.get("vmid")
-                if vmid_val is None:
-                    continue
-                vmid_key = str(_to_int(vmid_val))
-                statuses[vmid_key] = (vm.get("status") or "unknown").lower()
-                if vmid_key in managed_vmids:
-                    continue
-                cfg: Dict[str, Any] = {}
-                try:
-                    cfg = proxmox.nodes(node).qemu(vmid_key).config.get() or {}
-                except Exception as exc:
-                    logger.debug("Failed to read config for VM %s: %s", vmid_key, exc)
-                description = (cfg.get("description") or "")
-                if MANAGED_MARKER in description:
-                    continue
-                unmanaged.append(
-                    _build_unmanaged_container_entry(
-                        vm,
-                        cfg,
-                        vmid_key,
-                        default_storage,
-                        entry_type="qemu",
-                    )
-                )
-        except Exception as exc:  # pragma: no cover - best effort
-            logger.debug("Failed to refresh container statuses: %s", exc)
-        storage_snapshot = (
-            _get_storage_snapshot(proxmox, node, default_storage)
-            if proxmox and node
-            else None
-        )
-        return statuses, unmanaged, node_status, storage_snapshot
-    now = time.monotonic()
-    with _MANAGED_CONTAINERS_CACHE_LOCK:
-        cache_ts = _MANAGED_CONTAINERS_CACHE["timestamp"]
-        cached = _MANAGED_CONTAINERS_CACHE["summary"]
-    if not force and cached and now - cache_ts < _MANAGED_CONTAINERS_CACHE_TTL_S:
-        return cached
-    config = _load_config()
-    records = _load_managed_container_records()
-    managed_vmids: Set[str] = {
-        str(_to_int(record.get("vmid"))) for record in records if record.get("vmid") is not None
-    }
-    default_storage = config.get("default_storage") if config else None
-    statuses, unmanaged, node_status, storage_snapshot = _refresh_container_statuses(
-        records, config, managed_vmids, default_storage
-    )
+def _build_full_container_summary(records: List[Dict[str, Any]], config: Dict[str, Any]) -> Dict[str, Any]:
+    base_summary = _build_managed_containers_summary(records)
+    if not config or not config.get("token_value"):
+        return base_summary
+    try:
+        proxmox = _connect_proxmox(config)
+        node = _get_node_from_config(config)
+    except Exception as exc:  # pragma: no cover - best effort
+        logger.debug("Unable to extend container summary with Proxmox data: %s", exc)
+        return base_summary
+    default_storage = (config.get("default_storage") or "").strip()
+    record_map: Dict[str, Dict[str, Any]] = {}
     for record in records:
         vmid = record.get("vmid")
         if vmid is None:
             continue
-        vmid_key = str(_to_int(vmid))
-        status = statuses.get(vmid_key)
-        if status:
-            record["status"] = status
-    summary = _build_managed_containers_summary(records, unmanaged, node_status, storage_snapshot, default_storage)
-    with _MANAGED_CONTAINERS_CACHE_LOCK:
-        _MANAGED_CONTAINERS_CACHE["timestamp"] = now
-        _MANAGED_CONTAINERS_CACHE["summary"] = summary
+        try:
+            vmid_key = str(int(vmid))
+        except (ValueError, TypeError):
+            continue
+        record_map[vmid_key] = record
+    managed_entries: List[Dict[str, Any]] = []
+    unmanaged_entries: List[Dict[str, Any]] = []
+    allocated_ram = 0.0
+    allocated_disk = 0.0
+    allocated_cpu = 0.0
+    def _process_entries(kind: str, getter: str) -> None:
+        nonlocal allocated_ram, allocated_disk, allocated_cpu
+        entries = getattr(proxmox.nodes(node), getter).get()
+        for entry in entries:
+            vmid = entry.get("vmid")
+            if vmid is None:
+                continue
+            vmid_str = str(vmid)
+            cfg: Dict[str, Any] = {}
+            try:
+                cfg = getattr(proxmox.nodes(node), getter)(vmid_str).config.get() or {}
+            except Exception as exc:  # pragma: no cover - best effort
+                logger.debug("Failed to load %s config for %s: %s", kind, vmid_str, exc)
+                cfg = {}
+            record = record_map.get(vmid_str)
+            description = cfg.get("description") or ""
+            managed = bool(record) or MANAGED_MARKER in description
+            hostname = entry.get("name") or cfg.get("hostname") or (record.get("hostname") if record else None)
+            storage = _pick_container_storage(kind, cfg, entry)
+            disk_gib = _pick_container_disk_gib(kind, cfg, entry)
+            ram_mib = _pick_container_ram_mib(kind, cfg, entry)
+            cpu_share = _pick_container_cpu_share(kind, cfg, entry)
+            reserve_on_boot = _parse_onboot_flag(cfg.get("onboot"))
+            matches_default_storage = bool(default_storage and storage and storage.lower() == default_storage.lower())
+            base_entry = {
+                "type": kind,
+                "vmid": vmid_str,
+                "hostname": hostname,
+                "status": (entry.get("status") or "unknown").lower(),
+                "storage": storage,
+                "disk_gib": disk_gib,
+                "ram_mib": ram_mib,
+                "cpu_share": cpu_share,
+                "reserve_on_boot": reserve_on_boot,
+                "matches_default_storage": matches_default_storage,
+                "managed": managed,
+            }
+            if managed:
+                merged = base_entry | {
+                    "device_id": record.get("device_id") if record else None,
+                    "template": record.get("template") if record else None,
+                    "created_at": record.get("created_at") if record else None,
+                }
+                managed_entries.append(merged)
+            else:
+                unmanaged_entries.append(base_entry)
+            if managed or reserve_on_boot:
+                allocated_ram += ram_mib
+                allocated_cpu += cpu_share
+            if managed or matches_default_storage:
+                allocated_disk += disk_gib
+    _process_entries("lxc", "lxc")
+    _process_entries("qemu", "qemu")
+    memory_info = {}
+    cpu_info = {}
+    try:
+        node_status = proxmox.nodes(node).status.get()
+        memory_info = node_status.get("memory") or {}
+        cpu_info = node_status.get("cpuinfo") or {}
+    except Exception as exc:  # pragma: no cover - best effort
+        logger.debug("Unable to read node status for resource totals: %s", exc)
+    host_total_ram_mib = _bytes_to_mib(memory_info.get("total"))
+    used_ram_mib = _bytes_to_mib(memory_info.get("used"))
+    available_ram_mib = max(host_total_ram_mib - used_ram_mib, 0.0) if host_total_ram_mib else None
+    host_total_cpu_cores = _safe_float(cpu_info.get("cores"))
+    available_cpu_share = max(host_total_cpu_cores - allocated_cpu, 0.0) if host_total_cpu_cores else None
+    host_total_disk_gib = None
+    available_disk_gib = None
+    if default_storage:
+        try:
+            storage_status = proxmox.nodes(node).storage(default_storage).status.get()
+            host_total_disk_gib = _bytes_to_gib(storage_status.get("total"))
+            available_disk_gib = _bytes_to_gib(storage_status.get("avail"))
+        except Exception as exc:  # pragma: no cover - best effort
+            logger.debug("Unable to read storage status for %s: %s", default_storage, exc)
+    summary = base_summary.copy()
+    summary["containers"] = managed_entries
+    summary["count"] = len(managed_entries)
+    summary["total_ram_mib"] = int(sum(entry.get("ram_mib") or 0 for entry in managed_entries))
+    summary["total_disk_gib"] = int(sum(entry.get("disk_gib") or 0 for entry in managed_entries))
+    summary["total_cpu_share"] = round(sum(entry.get("cpu_share") or 0 for entry in managed_entries), 2)
+    summary["unmanaged_containers"] = unmanaged_entries
+    summary["allocated_ram_mib"] = round(allocated_ram, 2)
+    summary["allocated_disk_gib"] = round(allocated_disk, 2)
+    summary["allocated_cpu_share"] = round(allocated_cpu, 2)
+    summary["host_total_ram_mib"] = int(host_total_ram_mib) if host_total_ram_mib else None
+    summary["host_total_disk_gib"] = host_total_disk_gib
+    summary["host_total_cpu_cores"] = host_total_cpu_cores if host_total_cpu_cores else None
+    summary["available_ram_mib"] = int(available_ram_mib) if available_ram_mib is not None else None
+    summary["available_disk_gib"] = available_disk_gib
+    summary["available_cpu_share"] = available_cpu_share if available_cpu_share is not None else None
+    return summary
+def _pending_totals(pending: Iterable[Dict[str, Any]]) -> Tuple[int, int, float]:
+    ram_total = 0
+    disk_total = 0
+    cpu_total = 0.0
+    for entry in pending:
+        ram_total += int(entry.get("ram_mib") or 0)
+        disk_total += int(entry.get("disk_gib") or 0)
+        cpu_total += float(entry.get("cpu_share") or 0.0)
+    return ram_total, disk_total, cpu_total
+def _compose_managed_containers_summary(
+    records: Iterable[Dict[str, Any]],
+    pending: Iterable[Dict[str, Any]],
+    base_summary: Dict[str, Any],
+    initial_totals: Dict[str, Any],
+) -> Dict[str, Any]:
+    managed_summary = _build_managed_containers_summary(list(records))
+    summary = _copy_summary(base_summary)
+    base_by_vmid = {
+        str(entry.get("vmid")): entry
+        for entry in base_summary.get("containers", [])
+        if entry.get("vmid") is not None
+    }
+    default_storage = summary.get("default_storage")
+    merged_containers: List[Dict[str, Any]] = []
+    for entry in managed_summary["containers"]:
+        vmid = str(entry.get("vmid")) if entry.get("vmid") is not None else None
+        base_entry = base_by_vmid.get(vmid) if vmid is not None else None
+        if base_entry:
+            merged = base_entry.copy()
+            merged.update(entry)
+        else:
+            merged = entry.copy()
+            merged.setdefault("managed", True)
+            merged.setdefault("type", "lxc")
+            if default_storage and merged.get("storage"):
+                merged["matches_default_storage"] = (
+                    str(merged["storage"]).lower() == str(default_storage).lower()
+                )
+        merged_containers.append(merged)
+    summary["updated_at"] = managed_summary["updated_at"]
+    summary["count"] = managed_summary["count"]
+    summary["total_ram_mib"] = managed_summary["total_ram_mib"]
+    summary["total_disk_gib"] = managed_summary["total_disk_gib"]
+    summary["total_cpu_share"] = managed_summary["total_cpu_share"]
+    summary["containers"] = merged_containers
+    pending_ram, pending_disk, pending_cpu = _pending_totals(pending)
+    delta_ram = managed_summary["total_ram_mib"] - int(initial_totals.get("ram_mib") or 0)
+    delta_disk = managed_summary["total_disk_gib"] - int(initial_totals.get("disk_gib") or 0)
+    delta_cpu = managed_summary["total_cpu_share"] - float(initial_totals.get("cpu_share") or 0.0)
+    if "allocated_ram_mib" in summary and summary.get("allocated_ram_mib") is not None:
+        summary["allocated_ram_mib"] = round(float(summary["allocated_ram_mib"]) + delta_ram + pending_ram, 2)
+    if "allocated_disk_gib" in summary and summary.get("allocated_disk_gib") is not None:
+        summary["allocated_disk_gib"] = round(float(summary["allocated_disk_gib"]) + delta_disk + pending_disk, 2)
+    if "allocated_cpu_share" in summary and summary.get("allocated_cpu_share") is not None:
+        summary["allocated_cpu_share"] = round(float(summary["allocated_cpu_share"]) + delta_cpu + pending_cpu, 2)
+    if "available_ram_mib" in summary and summary.get("available_ram_mib") is not None:
+        available_ram = float(summary["available_ram_mib"]) - delta_ram - pending_ram
+        summary["available_ram_mib"] = max(int(available_ram), 0)
+    if "available_disk_gib" in summary and summary.get("available_disk_gib") is not None:
+        available_disk = float(summary["available_disk_gib"]) - delta_disk - pending_disk
+        summary["available_disk_gib"] = max(available_disk, 0.0)
+    if "available_cpu_share" in summary and summary.get("available_cpu_share") is not None:
+        available_cpu = float(summary["available_cpu_share"]) - delta_cpu - pending_cpu
+        summary["available_cpu_share"] = max(available_cpu, 0.0)
     return summary
+def _get_managed_containers_summary(force: bool = False) -> Dict[str, Any]:
+    _initialize_managed_containers_state(force=force)
+    with _MANAGED_CONTAINERS_STATE_LOCK:
+        base_summary = _MANAGED_CONTAINERS_STATE.get("base_summary") or {}
+        records = list(_MANAGED_CONTAINERS_STATE.get("records", {}).values())
+        pending = list(_MANAGED_CONTAINERS_STATE.get("pending", {}).values())
+        initial_totals = _MANAGED_CONTAINERS_STATE.get("initial_totals", {})
+    if not base_summary:
+        return {}
+    return _compose_managed_containers_summary(records, pending, base_summary, initial_totals)
+def _reserve_container_resources(payload: Dict[str, Any], *, device_id: str, request_id: Optional[str]) -> str:
+    _initialize_managed_containers_state()
+    ram_mib = int(payload.get("ram_mib") or 0)
+    disk_gib = int(payload.get("disk_gib") or 0)
+    cpu_share = float(payload.get("cpus") or 0.0)
+    reservation_id = secrets.token_hex(8)
+    with _MANAGED_CONTAINERS_STATE_LOCK:
+        base_summary = _MANAGED_CONTAINERS_STATE.get("base_summary") or {}
+        records = list(_MANAGED_CONTAINERS_STATE.get("records", {}).values())
+        pending = list(_MANAGED_CONTAINERS_STATE.get("pending", {}).values())
+        initial_totals = _MANAGED_CONTAINERS_STATE.get("initial_totals", {})
+        summary = _compose_managed_containers_summary(records, pending, base_summary, initial_totals)
+        available_ram = summary.get("available_ram_mib")
+        if available_ram is not None and ram_mib > available_ram:
+            raise RuntimeError("Not enough RAM to create this container.")
+        available_disk = summary.get("available_disk_gib")
+        if available_disk is not None and disk_gib > available_disk:
+            raise RuntimeError("Not enough disk space to create this container.")
+        available_cpu = summary.get("available_cpu_share")
+        if available_cpu is not None and cpu_share > available_cpu:
+            raise RuntimeError("Not enough CPU capacity to create this container.")
+        _MANAGED_CONTAINERS_STATE["pending"][reservation_id] = {
+            "reservation_id": reservation_id,
+            "device_id": device_id,
+            "request_id": request_id,
+            "ram_mib": ram_mib,
+            "disk_gib": disk_gib,
+            "cpu_share": cpu_share,
+            "created_at": datetime.utcnow().isoformat() + "Z",
+        }
+    return reservation_id
+def _release_container_reservation(reservation_id: Optional[str]) -> None:
+    if not reservation_id:
+        return
+    with _MANAGED_CONTAINERS_STATE_LOCK:
+        _MANAGED_CONTAINERS_STATE.get("pending", {}).pop(reservation_id, None)
 def _format_rootfs(storage: str, disk_gib: int, storage_type: str) -> str:
     if storage_type in ("lvm", "lvmthin"):
         return f"{storage}:{disk_gib}"
@@ -1145,23 +1277,6 @@ def _start_container(proxmox: Any, node: str, vmid: int) -> Tuple[Dict[str, Any]
         logger.info("Container %s already running (%ss)", vmid, uptime)
         return status, 0.0
-    node_status = proxmox.nodes(node).status.get()
-    mem_total_mb = int(node_status.get("memory", {}).get("total", 0) // (1024**2))
-    cores_total = int(node_status.get("cpuinfo", {}).get("cores", 0))
-    running = _list_running_managed(proxmox, node)
-    used_mem_mb = sum(int(cfg.get("memory", 0)) for _, cfg in running)
-    used_cores = sum(int(cfg.get("cores", 0)) for _, cfg in running)
-    target_cfg = proxmox.nodes(node).lxc(vmid).config.get()
-    target_mem_mb = int(target_cfg.get("memory", 0))
-    target_cores = int(target_cfg.get("cores", 0))
-    if mem_total_mb and used_mem_mb + target_mem_mb > mem_total_mb:
-        raise RuntimeError("Not enough RAM to start this container safely.")
-    if cores_total and used_cores + target_cores > cores_total:
-        raise RuntimeError("Not enough CPU cores to start this container safely.")
     upid = proxmox.nodes(node).lxc(vmid).status.start.post()
     return _wait_for_task(proxmox, node, upid)
@@ -1179,11 +1294,25 @@ def _delete_container(proxmox: Any, node: str, vmid: int) -> Tuple[Dict[str, Any
     return _wait_for_task(proxmox, node, upid)
-def _write_container_record(vmid: int, payload: Dict[str, Any]) -> None:
+def _register_container_record(vmid: int, payload: Dict[str, Any], reservation_id: Optional[str] = None) -> None:
+    _initialize_managed_containers_state()
+    with _MANAGED_CONTAINERS_STATE_LOCK:
+        if reservation_id:
+            _MANAGED_CONTAINERS_STATE["pending"].pop(reservation_id, None)
+        _MANAGED_CONTAINERS_STATE["records"][str(vmid)] = payload.copy()
+def _unregister_container_record(vmid: int) -> None:
+    _initialize_managed_containers_state()
+    with _MANAGED_CONTAINERS_STATE_LOCK:
+        _MANAGED_CONTAINERS_STATE["records"].pop(str(vmid), None)
+def _write_container_record(vmid: int, payload: Dict[str, Any], reservation_id: Optional[str] = None) -> None:
     _ensure_containers_dir()
     path = CONTAINERS_DIR / f"ct-{vmid}.json"
     path.write_text(json.dumps(payload, indent=2), encoding="utf-8")
-    _invalidate_managed_containers_cache()
+    _register_container_record(vmid, payload, reservation_id=reservation_id)
 def _read_container_record(vmid: int) -> Dict[str, Any]:
@@ -1203,7 +1332,7 @@ def _remove_container_record(vmid: int) -> None:
     path = CONTAINERS_DIR / f"ct-{vmid}.json"
     if path.exists():
         path.unlink()
-        _invalidate_managed_containers_cache()
+    _unregister_container_record(vmid)
 def _build_container_payload(message: Dict[str, Any], config: Dict[str, Any]) -> Dict[str, Any]:
@@ -1309,6 +1438,15 @@ def _su_command(user: str, command: str) -> str:
     return f"su - {user} -s /bin/sh -c {shlex.quote(command)}"
+def _resolve_portacode_cli_path(vmid: int, user: str) -> str:
+    """Resolve the full path to the portacode CLI inside the container."""
+    res = _run_pct(vmid, _su_command(user, "command -v portacode"))
+    path = (res.get("stdout") or "").strip()
+    if path:
+        return path
+    return "portacode"
 def _run_pct_check(vmid: int, cmd: str) -> Dict[str, Any]:
     res = _run_pct(vmid, cmd)
     if res["returncode"] != 0:
@@ -1751,12 +1889,14 @@ def _allocate_vmid(proxmox: Any) -> int:
     return int(proxmox.cluster.nextid.get())
-def _instantiate_container(proxmox: Any, node: str, payload: Dict[str, Any]) -> Tuple[int, float]:
+def _instantiate_container(
+    proxmox: Any, node: str, payload: Dict[str, Any], vmid: Optional[int] = None
+) -> Tuple[int, float]:
     from proxmoxer.core import ResourceException
     storage_type = _get_storage_type(proxmox.nodes(node).storage.get(), payload["storage"])
     rootfs = _format_rootfs(payload["storage"], payload["disk_gib"], storage_type)
-    vmid = _allocate_vmid(proxmox)
+    vmid = vmid or _allocate_vmid(proxmox)
     if not payload.get("hostname"):
         payload["hostname"] = f"ct{vmid}"
     try:
@@ -1788,6 +1928,43 @@ def _instantiate_container(proxmox: Any, node: str, payload: Dict[str, Any]) ->
         raise RuntimeError(f"Failed to create container: {exc}") from exc
+def _cleanup_failed_container(
+    proxmox: Any, node: str, vmid: int, provisioning_id: Optional[str]
+) -> None:
+    from proxmoxer.core import ResourceException
+    try:
+        cfg = proxmox.nodes(node).lxc(str(vmid)).config.get()
+    except ResourceException as exc:
+        msg = str(exc).lower()
+        if "does not exist" in msg or "not found" in msg:
+            return
+        logger.warning("Failed to inspect container %s after create failure: %s", vmid, exc)
+        return
+    except Exception as exc:  # pragma: no cover - best effort
+        logger.warning("Failed to inspect container %s after create failure: %s", vmid, exc)
+        return
+    description = (cfg or {}).get("description") or ""
+    if provisioning_id and provisioning_id not in description:
+        logger.warning(
+            "Skipping cleanup for vmid=%s; provisioning marker mismatch", vmid
+        )
+        return
+    try:
+        status = proxmox.nodes(node).lxc(str(vmid)).status.current.get()
+        if status.get("status") == "running":
+            _stop_container(proxmox, node, vmid)
+    except Exception as exc:  # pragma: no cover - best effort
+        logger.warning("Failed to stop container %s after create failure: %s", vmid, exc)
+    try:
+        _delete_container(proxmox, node, vmid)
+    except Exception as exc:  # pragma: no cover - best effort
+        logger.warning("Failed to delete container %s after create failure: %s", vmid, exc)
 class CreateProxmoxContainerHandler(SyncHandler):
     """Provision a new managed LXC container via the Proxmox API."""
@@ -1890,219 +2067,281 @@ class CreateProxmoxContainerHandler(SyncHandler):
             _validate_environment,
         )
-        def _create_container():
-            proxmox = _connect_proxmox(config)
-            node = config.get("node") or DEFAULT_NODE_NAME
-            payload = _build_container_payload(message, config)
-            payload["cpulimit"] = float(payload["cpus"])
-            payload["cores"] = int(max(math.ceil(payload["cpus"]), 1))
-            payload["memory"] = int(payload["ram_mib"])
-            payload["node"] = node
-            logger.debug(
-                "Provisioning container node=%s template=%s ram=%s cpu=%s storage=%s",
-                node,
-                payload["template"],
-                payload["ram_mib"],
-                payload["cpus"],
-                payload["storage"],
-            )
-            vmid, _ = _instantiate_container(proxmox, node, payload)
-            payload["vmid"] = vmid
-            payload["created_at"] = datetime.utcnow().isoformat() + "Z"
-            payload["status"] = "creating"
-            payload["device_id"] = device_id
-            _write_container_record(vmid, payload)
-            return proxmox, node, vmid, payload
-        proxmox, node, vmid, payload = _run_lifecycle_step(
-            "create_container",
-            "Creating container",
-            "Provisioning the LXC container…",
-            "Container created.",
-            _create_container,
+        node = config.get("node") or DEFAULT_NODE_NAME
+        payload = _build_container_payload(message, config)
+        payload["cpulimit"] = float(payload["cpus"])
+        payload["cores"] = int(max(math.ceil(payload["cpus"]), 1))
+        payload["memory"] = int(payload["ram_mib"])
+        payload["node"] = node
+        reservation_id = _reserve_container_resources(
+            payload, device_id=device_id, request_id=request_id
         )
+        provisioning_id = secrets.token_hex(6)
+        payload["description"] = f"{payload.get('description', MANAGED_MARKER)};provisioning_id={provisioning_id}"
-        def _start_container_step():
-            _start_container(proxmox, node, vmid)
+        def _provision_background() -> None:
+            nonlocal current_step_index
+            proxmox: Any = None
+            vmid: Optional[int] = None
+            created_record = False
+            try:
+                def _create_container():
+                    nonlocal proxmox, vmid, created_record
+                    proxmox = _connect_proxmox(config)
+                    logger.debug(
+                        "Provisioning container node=%s template=%s ram=%s cpu=%s storage=%s",
+                        node,
+                        payload["template"],
+                        payload["ram_mib"],
+                        payload["cpus"],
+                        payload["storage"],
+                    )
+                    try:
+                        vmid = _allocate_vmid(proxmox)
+                        vmid, _ = _instantiate_container(proxmox, node, payload, vmid=vmid)
+                    except Exception:
+                        _release_container_reservation(reservation_id)
+                        if vmid is not None:
+                            _cleanup_failed_container(proxmox, node, vmid, provisioning_id)
+                        raise
+                    payload["vmid"] = vmid
+                    payload["created_at"] = datetime.utcnow().isoformat() + "Z"
+                    payload["status"] = "creating"
+                    payload["device_id"] = device_id
+                    try:
+                        _write_container_record(vmid, payload, reservation_id=reservation_id)
+                        created_record = True
+                    except Exception:
+                        _release_container_reservation(reservation_id)
+                        _cleanup_failed_container(proxmox, node, vmid, provisioning_id)
+                        raise
+                    return proxmox, node, vmid, payload
+                proxmox, _, vmid, payload_local = _run_lifecycle_step(
+                    "create_container",
+                    "Creating container",
+                    "Provisioning the LXC container…",
+                    "Container created.",
+                    _create_container,
+                )
-        _run_lifecycle_step(
-            "start_container",
-            "Starting container",
-            "Booting the container…",
-            "Container startup completed.",
-            _start_container_step,
-        )
-        _update_container_record(vmid, {"status": "running"})
+                def _start_container_step():
+                    _start_container(proxmox, node, vmid)
-        def _bootstrap_progress_callback(
-            step_index: int,
-            total: int,
-            step: Dict[str, Any],
-            status: str,
-            result: Optional[Dict[str, Any]],
-        ):
-            label = step.get("display_name") or _friendly_step_label(step.get("name", "bootstrap"))
-            error_summary = (result or {}).get("error_summary") or (result or {}).get("error")
-            attempt = (result or {}).get("attempt")
-            if status == "in_progress":
-                message_text = f"{label} is running…"
-            elif status == "completed":
-                message_text = f"{label} completed."
-            elif status == "retrying":
-                attempt_desc = f" (attempt {attempt})" if attempt else ""
-                message_text = f"{label} failed{attempt_desc}; retrying…"
-            else:
-                message_text = f"{label} failed"
-                if error_summary:
-                    message_text += f": {error_summary}"
-            details: Dict[str, Any] = {}
-            if attempt:
-                details["attempt"] = attempt
-            if error_summary:
-                details["error_summary"] = error_summary
-            _emit_progress_event(
-                self,
-                step_index=step_index,
-                total_steps=total,
-                step_name=step.get("name", "bootstrap"),
-                step_label=label,
-                status=status,
-                message=message_text,
-                phase="bootstrap",
-                request_id=request_id,
-                details=details or None,
-                on_behalf_of_device=device_id,
-            )
+                _run_lifecycle_step(
+                    "start_container",
+                    "Starting container",
+                    "Booting the container…",
+                    "Container startup completed.",
+                    _start_container_step,
+                )
+                _update_container_record(vmid, {"status": "running"})
+                def _bootstrap_progress_callback(
+                    step_index: int,
+                    total: int,
+                    step: Dict[str, Any],
+                    status: str,
+                    result: Optional[Dict[str, Any]],
+                ):
+                    label = step.get("display_name") or _friendly_step_label(step.get("name", "bootstrap"))
+                    error_summary = (result or {}).get("error_summary") or (result or {}).get("error")
+                    attempt = (result or {}).get("attempt")
+                    if status == "in_progress":
+                        message_text = f"{label} is running…"
+                    elif status == "completed":
+                        message_text = f"{label} completed."
+                    elif status == "retrying":
+                        attempt_desc = f" (attempt {attempt})" if attempt else ""
+                        message_text = f"{label} failed{attempt_desc}; retrying…"
+                    else:
+                        message_text = f"{label} failed"
+                        if error_summary:
+                            message_text += f": {error_summary}"
+                    details: Dict[str, Any] = {}
+                    if attempt:
+                        details["attempt"] = attempt
+                    if error_summary:
+                        details["error_summary"] = error_summary
+                    _emit_progress_event(
+                        self,
+                        step_index=step_index,
+                        total_steps=total,
+                        step_name=step.get("name", "bootstrap"),
+                        step_label=label,
+                        status=status,
+                        message=message_text,
+                        phase="bootstrap",
+                        request_id=request_id,
+                        details=details or None,
+                        on_behalf_of_device=device_id,
+                    )
-        public_key, steps = _bootstrap_portacode(
-            vmid,
-            payload["username"],
-            payload["password"],
-            payload["ssh_public_key"],
-            steps=bootstrap_steps,
-            progress_callback=_bootstrap_progress_callback,
-            start_index=current_step_index,
-            total_steps=total_steps,
-            default_public_key=device_public_key if has_device_keypair else None,
-        )
-        current_step_index += len(bootstrap_steps)
-        service_installed = False
-        if has_device_keypair:
-            logger.info(
-                "deploying dashboard-provided Portacode keypair (device_id=%s) into container %s",
-                device_id,
-                vmid,
-            )
-            _deploy_device_keypair(
-                vmid,
-                payload["username"],
-                device_private_key,
-                device_public_key,
-            )
-            service_installed = True
-            service_start_index = current_step_index
+                public_key, steps = _bootstrap_portacode(
+                    vmid,
+                    payload_local["username"],
+                    payload_local["password"],
+                    payload_local["ssh_public_key"],
+                    steps=bootstrap_steps,
+                    progress_callback=_bootstrap_progress_callback,
+                    start_index=current_step_index,
+                    total_steps=total_steps,
+                    default_public_key=device_public_key if has_device_keypair else None,
+                )
+                current_step_index += len(bootstrap_steps)
+                service_installed = False
+                if has_device_keypair:
+                    logger.info(
+                        "deploying dashboard-provided Portacode keypair (device_id=%s) into container %s",
+                        device_id,
+                        vmid,
+                    )
+                    _deploy_device_keypair(
+                        vmid,
+                        payload_local["username"],
+                        device_private_key,
+                        device_public_key,
+                    )
+                    service_installed = True
+                    service_start_index = current_step_index
+                    auth_step_name = "setup_device_authentication"
+                    auth_label = "Setting up device authentication"
+                    _emit_progress_event(
+                        self,
+                        step_index=service_start_index,
+                        total_steps=total_steps,
+                        step_name=auth_step_name,
+                        step_label=auth_label,
+                        status="in_progress",
+                        message="Notifying the server of the new device…",
+                        phase="service",
+                        request_id=request_id,
+                        on_behalf_of_device=device_id,
+                    )
+                    _emit_progress_event(
+                        self,
+                        step_index=service_start_index,
+                        total_steps=total_steps,
+                        step_name=auth_step_name,
+                        step_label=auth_label,
+                        status="completed",
+                        message="Authentication metadata recorded.",
+                        phase="service",
+                        request_id=request_id,
+                        on_behalf_of_device=device_id,
+                    )
-            auth_step_name = "setup_device_authentication"
-            auth_label = "Setting up device authentication"
-            _emit_progress_event(
-                self,
-                step_index=service_start_index,
-                total_steps=total_steps,
-                step_name=auth_step_name,
-                step_label=auth_label,
-                status="in_progress",
-                message="Notifying the server of the new device…",
-                phase="service",
-                request_id=request_id,
-                on_behalf_of_device=device_id,
-            )
-            _emit_progress_event(
-                self,
-                step_index=service_start_index,
-                total_steps=total_steps,
-                step_name=auth_step_name,
-                step_label=auth_label,
-                status="completed",
-                message="Authentication metadata recorded.",
-                phase="service",
-                request_id=request_id,
-                on_behalf_of_device=device_id,
-            )
+                    install_step = service_start_index + 1
+                    install_label = "Launching Portacode service"
+                    _emit_progress_event(
+                        self,
+                        step_index=install_step,
+                        total_steps=total_steps,
+                        step_name="launch_portacode_service",
+                        step_label=install_label,
+                        status="in_progress",
+                        message="Running sudo portacode service install…",
+                        phase="service",
+                        request_id=request_id,
+                        on_behalf_of_device=device_id,
+                    )
-            install_step = service_start_index + 1
-            install_label = "Launching Portacode service"
-            _emit_progress_event(
-                self,
-                step_index=install_step,
-                total_steps=total_steps,
-                step_name="launch_portacode_service",
-                step_label=install_label,
-                status="in_progress",
-                message="Running sudo portacode service install…",
-                phase="service",
-                request_id=request_id,
-                on_behalf_of_device=device_id,
-            )
+                    cli_path = _resolve_portacode_cli_path(vmid, payload_local["username"])
+                    cmd = _su_command(
+                        payload_local["username"],
+                        f"sudo -S {shlex.quote(cli_path)} service install",
+                    )
+                    res = _run_pct(vmid, cmd, input_text=payload_local["password"] + "\n")
+                    if res["returncode"] != 0:
+                        _emit_progress_event(
+                            self,
+                            step_index=install_step,
+                            total_steps=total_steps,
+                            step_name="launch_portacode_service",
+                            step_label=install_label,
+                            status="failed",
+                            message=f"{install_label} failed: {res.get('stderr') or res.get('stdout')}",
+                            phase="service",
+                            request_id=request_id,
+                            details={
+                                "stderr": res.get("stderr"),
+                                "stdout": res.get("stdout"),
+                            },
+                            on_behalf_of_device=device_id,
+                        )
+                        raise RuntimeError(res.get("stderr") or res.get("stdout") or "Service install failed")
+                    _emit_progress_event(
+                        self,
+                        step_index=install_step,
+                        total_steps=total_steps,
+                        step_name="launch_portacode_service",
+                        step_label=install_label,
+                        status="completed",
+                        message="Portacode service install finished.",
+                        phase="service",
+                        request_id=request_id,
+                        on_behalf_of_device=device_id,
+                    )
-            cmd = _su_command(payload["username"], "sudo -S portacode service install")
-            res = _run_pct(vmid, cmd, input_text=payload["password"] + "\n")
+                    logger.info(
+                        "create_proxmox_container: portacode service install completed inside ct %s", vmid
+                    )
-            if res["returncode"] != 0:
-                _emit_progress_event(
+                    current_step_index += 2
+                _emit_host_event(
                     self,
-                    step_index=install_step,
-                    total_steps=total_steps,
-                    step_name="launch_portacode_service",
-                    step_label=install_label,
-                    status="failed",
-                    message=f"{install_label} failed: {res.get('stderr') or res.get('stdout')}",
-                    phase="service",
-                    request_id=request_id,
-                    details={
-                        "stderr": res.get("stderr"),
-                        "stdout": res.get("stdout"),
+                    {
+                        "event": "proxmox_container_created",
+                        "success": True,
+                        "message": f"Container {vmid} is ready and Portacode key captured.",
+                        "ctid": str(vmid),
+                        "public_key": public_key,
+                        "container": {
+                            "vmid": vmid,
+                            "hostname": payload_local["hostname"],
+                            "template": payload_local["template"],
+                            "storage": payload_local["storage"],
+                            "disk_gib": payload_local["disk_gib"],
+                            "ram_mib": payload_local["ram_mib"],
+                            "cpus": payload_local["cpus"],
+                        },
+                        "setup_steps": steps,
+                        "device_id": device_id,
+                        "on_behalf_of_device": device_id,
+                        "service_installed": service_installed,
+                        "request_id": request_id,
+                    },
+                )
+            except Exception as exc:
+                if reservation_id and not created_record:
+                    _release_container_reservation(reservation_id)
+                if vmid is not None and proxmox and node:
+                    _cleanup_failed_container(proxmox, node, vmid, provisioning_id)
+                    _remove_container_record(vmid)
+                _emit_host_event(
+                    self,
+                    {
+                        "event": "error",
+                        "message": str(exc),
+                        "device_id": device_id,
+                        "request_id": request_id,
                     },
-                    on_behalf_of_device=device_id,
                 )
-                raise RuntimeError(res.get("stderr") or res.get("stdout") or "Service install failed")
-            _emit_progress_event(
-                self,
-                step_index=install_step,
-                total_steps=total_steps,
-                step_name="launch_portacode_service",
-                step_label=install_label,
-                status="completed",
-                message="Portacode service install finished.",
-                phase="service",
-                request_id=request_id,
-                on_behalf_of_device=device_id,
-            )
-            logger.info("create_proxmox_container: portacode service install completed inside ct %s", vmid)
-            current_step_index += 2
+        threading.Thread(target=_provision_background, daemon=True).start()
         return {
-            "event": "proxmox_container_created",
+            "event": "proxmox_container_accepted",
             "success": True,
-            "message": f"Container {vmid} is ready and Portacode key captured.",
-            "ctid": str(vmid),
-            "public_key": public_key,
-            "container": {
-                "vmid": vmid,
-                "hostname": payload["hostname"],
-                "template": payload["template"],
-                "storage": payload["storage"],
-                "disk_gib": payload["disk_gib"],
-                "ram_mib": payload["ram_mib"],
-                "cpus": payload["cpus"],
-            },
-            "setup_steps": steps,
+            "message": "Provisioning accepted; resources reserved.",
             "device_id": device_id,
-            "on_behalf_of_device": device_id,
-            "service_installed": service_installed,
+            "request_id": request_id,
         }
@@ -2177,7 +2416,8 @@ class StartPortacodeServiceHandler(SyncHandler):
             on_behalf_of_device=on_behalf_of_device,
         )
-        cmd = _su_command(user, "sudo -S portacode service install")
+        cli_path = _resolve_portacode_cli_path(vmid, user)
+        cmd = _su_command(user, f"sudo -S {shlex.quote(cli_path)} service install")
         res = _run_pct(vmid, cmd, input_text=password + "\n")
         if res["returncode"] != 0:

portacode 1.4.16.dev10__py3-none-any.whl → 1.4.17__py3-none-any.whl

portacode 1.4.16.dev10py3-none-any.whl → 1.4.17py3-none-any.whl