Summary

This PR completes the startup reliability remediation bundle for generated DevEnv pods so bootstrap consistently reaches sshd and usable SSH access, including stale persistent-storage recovery paths.

What Changed

User/group provisioning reliability

• Replaced incorrect numeric UID/GID checks with getent passwd / getent group.
• Kept provisioning idempotent for create/rename/reuse cases.
• Ensured new user creation explicitly binds target primary group (useradd -g ...).

Homebrew persistent storage remediation

• Added pre-install repair for persisted Linuxbrew path:
  • ensure /home/linuxbrew and /home/linuxbrew/.linuxbrew exist
  • recursive ownership fix to dev user
  • scoped top-level mode fix

VS Code startup hardening

• Ensure .vscode-server exists before ownership repair to avoid set -e abort on missing directory.

Python path + config validation consistency

• Removed conflicting filepath validator on pythonBinPath.
• Added explicit validation: non-empty pythonBinPath must be absolute.
• Added test coverage for BaseConfig and DevEnvConfig absolute/relative behavior.

Python bootstrap reliability

• Added on-demand /opt/venv bootstrap when default pythonBinPath (/opt/venv/bin) is used but interpreter is missing:
  • install python3-venv
  • create venv at /opt/venv
  • fix ownership to dev user

Persistent home stale-ownership remediation

• Added recursive ownership repair of /home/<user> before user environment setup.
• Prevents failures like .bashrc: Permission denied when stale files persist across runs.

Shell robustness

• Added consistent quoting for user/group/path arguments in key ownership/admin commands.

Why

Validation exposed multiple independent startup failure modes that could prevent pods from becoming usable before sshd launch. This PR addresses the coordinated set required for reliable generated DevEnv bootstrap on Kubernetes, including stale persistent-storage scenarios.

Validation Performed

• Unit tests:
  • go test ./internal/config
• Kubernetes validation with generated manifests:
  • DevEnv pod reaches Running and launches sshd
  • SSH access confirmed
  • Missing /opt/venv/bin/python3 path case resolved via venv bootstrap
  • Missing .vscode-server no longer causes startup failure
  • Linuxbrew stale-ownership scenario handled
  • Stale home-file ownership scenario validated via seeded stale .bashrc and restart path (no permission-denied setup failure)

Notes

This issue tracks the full tactical startup remediation set needed for generated DevEnv bootstrap reliability and aligns with the completion criteria in the issue description.