buildkite
diff --git a/‎README.md‎
Lines changed: 1 addition & 9 deletions b/‎README.md‎
Lines changed: 1 addition & 9 deletions
diff --git a/‎cmd/cleanroom-guest-agent/main.go‎
Lines changed: 0 additions & 107 deletions b/‎cmd/cleanroom-guest-agent/main.go‎
Lines changed: 0 additions & 107 deletions
diff --git a/‎internal/backend/backend.go‎
Lines changed: 2 additions & 4 deletions b/‎internal/backend/backend.go‎
Lines changed: 2 additions & 4 deletions
@@ -53,7 +53,7 @@ cleanroom serve --listen tsnet://cleanroom:7777
 Then connect with:
 
 ```bash
-cleanroom exec --host tsnet://cleanroom:7777 -- "npm test"
+cleanroom exec --host http://cleanroom.tailnet.ts.net:7777 -c /path/to/repo -- "npm test"
 ```
 
 ### 3) Launch -> Run -> Terminate via API
@@ -99,8 +99,6 @@ Request:
   "cwd": "/path/to/repo",
   "backend": "firecracker",
   "options": {
-    "run_dir": "/tmp/cleanroom-runs",
-    "read_only_workspace": false,
     "launch_seconds": 30
   }
 }
@@ -111,7 +109,6 @@ Response fields:
 - `backend`
 - `policy_source`
 - `policy_hash`
-- `run_dir_root`
 
 ### `POST /v1/cleanrooms/run`
 
@@ -173,8 +170,6 @@ Example:
 
 ```yaml
 default_backend: firecracker
-workspace:
-  access: rw
 backends:
   firecracker:
     binary_path: firecracker
@@ -189,8 +184,6 @@ backends:
 ## Isolation Model
 
 - Workload runs in a Firecracker microVM
-- Workspace is copied per run and sent to the guest agent
-- Workspace can be read-only (`workspace.access: ro` or request override)
 - Host egress is controlled with TAP + iptables rules from compiled policy
 - Default network behavior is deny
 - Rootfs writes are discarded after each run
@@ -217,7 +210,6 @@ cleanroom status --run-id <run-id>
 - policy host-resolution time
 - rootfs preparation time
 - Firecracker process start time
-- workspace archive preparation time
 - network setup time
 - VM ready time (process start -> guest agent ready)
 - vsock wait time (wait-to-connect for guest agent)
 
@@ -3,18 +3,14 @@
 package main
 
 import (
-	"archive/tar"
 	"bytes"
-	"compress/gzip"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
-	"io/fs"
 	"net"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"strconv"
 	"strings"
 	"sync"
@@ -64,15 +60,6 @@ func handleConn(conn net.Conn) {
 		_ = vsockexec.EncodeResponse(conn, vsockexec.ExecResponse{ExitCode: 1, Error: err.Error()})
 		return
 	}
-	if len(req.WorkspaceTarGz) > 0 {
-		if err := materializeWorkspace(req.WorkspaceTarGz, "/workspace", req.WorkspaceAccess); err != nil {
-			_ = vsockexec.EncodeResponse(conn, vsockexec.ExecResponse{ExitCode: 1, Error: err.Error()})
-			return
-		}
-		if req.Dir == "" {
-			req.Dir = "/workspace"
-		}
-	}
 	if len(req.EntropySeed) > 0 {
 		_ = injectEntropy(req.EntropySeed)
 	}
@@ -234,100 +221,6 @@ func buildCommandEnv(requestEnv []string) []string {
 	return out
 }
 
-func materializeWorkspace(tarGz []byte, destRoot, access string) error {
-	if err := os.RemoveAll(destRoot); err != nil {
-		return fmt.Errorf("reset workspace root: %w", err)
-	}
-	if err := os.MkdirAll(destRoot, 0o755); err != nil {
-		return fmt.Errorf("create workspace root: %w", err)
-	}
-	if err := extractTarGz(tarGz, destRoot); err != nil {
-		return fmt.Errorf("extract workspace: %w", err)
-	}
-	if strings.EqualFold(strings.TrimSpace(access), "ro") {
-		if err := makeTreeReadOnly(destRoot); err != nil {
-			return fmt.Errorf("mark workspace read-only: %w", err)
-		}
-	}
-	return nil
-}
-
-func extractTarGz(content []byte, destRoot string) error {
-	gr, err := gzip.NewReader(bytes.NewReader(content))
-	if err != nil {
-		return err
-	}
-	defer gr.Close()
-
-	tr := tar.NewReader(gr)
-	root := filepath.Clean(destRoot)
-	prefix := root + string(os.PathSeparator)
-	for {
-		hdr, err := tr.Next()
-		if errors.Is(err, io.EOF) {
-			return nil
-		}
-		if err != nil {
-			return err
-		}
-		name := strings.TrimPrefix(filepath.Clean("/"+hdr.Name), "/")
-		if name == "." || name == "" {
-			continue
-		}
-		target := filepath.Join(root, name)
-		cleanTarget := filepath.Clean(target)
-		if cleanTarget != root && !strings.HasPrefix(cleanTarget, prefix) {
-			return fmt.Errorf("invalid archive path %q", hdr.Name)
-		}
-
-		switch hdr.Typeflag {
-		case tar.TypeDir:
-			if err := os.MkdirAll(cleanTarget, fs.FileMode(hdr.Mode)); err != nil {
-				return err
-			}
-		case tar.TypeReg, tar.TypeRegA:
-			if err := os.MkdirAll(filepath.Dir(cleanTarget), 0o755); err != nil {
-				return err
-			}
-			f, err := os.OpenFile(cleanTarget, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, fs.FileMode(hdr.Mode))
-			if err != nil {
-				return err
-			}
-			if _, err := io.Copy(f, tr); err != nil {
-				_ = f.Close()
-				return err
-			}
-			if err := f.Close(); err != nil {
-				return err
-			}
-		case tar.TypeSymlink:
-			return fmt.Errorf("symlinks are not supported in workspace snapshots: %q", hdr.Name)
-		default:
-			// Skip unsupported entries (devices, fifos, etc.) in MVP.
-		}
-	}
-}
-
-func makeTreeReadOnly(root string) error {
-	return filepath.WalkDir(root, func(path string, d fs.DirEntry, err error) error {
-		if err != nil {
-			return err
-		}
-		if d.Type()&os.ModeSymlink != 0 {
-			return nil
-		}
-		info, err := d.Info()
-		if err != nil {
-			return err
-		}
-		mode := info.Mode().Perm()
-		if d.IsDir() {
-			return os.Chmod(path, mode&^0o222|0o555)
-		}
-		return os.Chmod(path, mode&^0o222|0o444)
-	})
-}
-
 func errorsIsClosed(err error) bool {
 	if err == nil {
 		return false
 
@@ -42,10 +42,8 @@ type FirecrackerConfig struct {
 	BinaryPath      string
 	KernelImagePath string
 	RootFSPath      string
-	RunDir          string
-	WorkspaceHost   string
-	WorkspaceAccess string // rw|ro
-	VCPUs           int64
+	RunDir string
+	VCPUs  int64
 	MemoryMiB       int64
 	GuestCID        uint32
 	GuestPort       uint32