refactor: remove sidecar sshd runtime (#18)

* refactor(ssh): remove sidecar sshd runtime

* fix(ssh): start dev sessions in workspace

* docs(site): refine docs styling

Author: acmore

.gitignore

@@ -6,3 +6,4 @@
 .okdev.yaml
 .stfolder
 .worktrees/
+site/

AGENTS.md

@@ -22,7 +22,7 @@ This file is the canonical repository guidance for coding agents working in `okd
 
 - Interactive transient status output must clear cleanly and must not pollute table or machine-readable output.
 - `okdev ssh-proxy` must stay silent by default; diagnostics should only appear behind explicit debug or verbose behavior.
-- `okdev ssh` and tmux-backed sessions must land in the dev container, not the sidecar.
+- `okdev ssh` and tmux-backed sessions run inside the dev container via `okdev-sshd`.
 - Tmux behavior should preserve the normal shell experience and avoid exposing wrapper implementation details unless intentionally designed.
 
 ## Build And Release Rules
@@ -45,6 +45,6 @@ This file is the canonical repository guidance for coding agents working in `okd
 
 ## Repo-Specific Expectations
 
-- Keep sidecar, SSH, tmux, and Syncthing behavior aligned; changes in one often require checking the others.
+- Keep sidecar (syncthing), SSH (`okdev-sshd`), tmux, and Syncthing behavior aligned; changes in one often require checking the others.
 - Be careful with config-loading output paths because many commands share the same helper logic.
 - When changing pod or sidecar behavior, consider both local installs and sidecar image rebuild/publish steps.

cmd/okdev-sshd/main.go

@@ -137,22 +137,23 @@ func buildInteractiveLoginScript(sessionEnv map[string]string, shell, workspace,
 	var parts []string
 
 	if workspace != "" {
+		parts = append(parts, fmt.Sprintf("if [ -d %s ]; then cd %s; fi", shellQuote(workspace), shellQuote(workspace)))
 		postAttach := shellQuote(strings.TrimRight(workspace, "/") + "/.okdev/post-attach.sh")
 		parts = append(parts, fmt.Sprintf("if [ -x %s ]; then %s 2>&1 || echo 'warning: postAttach script failed' >&2; fi", postAttach, postAttach))
 	}
 
 	if tmuxFlag == "1" && sessionEnv["OKDEV_NO_TMUX"] != "1" {
-		parts = append(parts, embeddedTmuxBootstrapScript())
+		parts = append(parts, devTmuxBootstrapScript())
 	}
 
 	parts = append(parts, "exec "+shellQuote(shell)+" -l")
 	return strings.Join(parts, "; ")
 }
 
-func embeddedTmuxBootstrapScript() string {
+func devTmuxBootstrapScript() string {
 	return strings.Join([]string{
 		`if [ "${TERM:-}" = "xterm-ghostty" ]; then export TERM=xterm-256color; fi`,
-		`if command -v tmux >/dev/null 2>&1; then if [ -f /var/okdev/embedded.tmux.conf ]; then exec tmux -f /var/okdev/embedded.tmux.conf new-session -A -s okdev; fi; exec tmux new-session -A -s okdev; fi`,
+		`if command -v tmux >/dev/null 2>&1; then if [ -f /var/okdev/dev.tmux.conf ]; then exec tmux -f /var/okdev/dev.tmux.conf new-session -A -s okdev; fi; exec tmux new-session -A -s okdev; fi`,
 		`echo 'warning: tmux not available in dev container; continuing without tmux' >&2`,
 	}, "; ")
 }

cmd/okdev-sshd/main_test.go

@@ -5,12 +5,13 @@ import (
 	"testing"
 )
 
-func TestBuildInteractiveLoginScriptIncludesEmbeddedTmuxBootstrap(t *testing.T) {
+func TestBuildInteractiveLoginScriptIncludesDevTmuxBootstrap(t *testing.T) {
 	script := buildInteractiveLoginScript(map[string]string{}, "/bin/bash", "/workspace", "1")
 
 	for _, want := range []string{
+		"cd '/workspace'",
 		"/workspace/.okdev/post-attach.sh",
-		"/var/okdev/embedded.tmux.conf",
+		"/var/okdev/dev.tmux.conf",
 		"exec tmux new-session -A -s okdev",
 	} {
 		if !strings.Contains(script, want) {

docs/command-reference.md

@@ -19,7 +19,7 @@
 - `okdev up [--wait-timeout 3m] [--dry-run]`
   - Reconciles Pod/PVC resources, updates SSH config, initializes managed forwarding/sync, then exits.
   - tmux-backed persistent interactive shells are enabled by default.
-  - `--tmux`: explicitly enable tmux mode on the sidecar.
+  - `--tmux`: explicitly enable tmux mode in the dev container.
   - `--no-tmux`: disable tmux mode for this pod.
   - When `sync.engine=syncthing`, `okdev up` starts background sync in bidirectional mode by default.
   - `spec.ports` is materialized as SSH `LocalForward`.
@@ -29,7 +29,7 @@
 - `okdev use <session>`
 - `okdev connect [--shell /bin/bash] [--cmd "..."] [--no-tty]`
 - `okdev ssh [--setup-key] [--user root] [--cmd "..."] [--no-tmux]`
-  - Targets merged `okdev-sidecar` (`sshd` + Syncthing).
+  - Targets `okdev-sshd` in the `dev` container.
   - Maintains managed host alias in `~/.ssh/config` as `okdev-<session>`.
   - `--no-tmux`: bypass tmux for this SSH session when tmux mode is enabled.
 - `okdev ports`

docs/config-manifest.md

@@ -99,15 +99,13 @@ Validation:
 ## `spec.ssh`
 
 - `user` (`string`, default: `root`)
-- `remotePort` (`int`, default: `22`)
 - `privateKeyPath` (`string`, optional)
 - `autoDetectPorts` (`bool`, default: `true`)
 - `persistentSession` (`bool`, default: `true`) enables tmux-backed interactive session mode
 - `keepAliveIntervalSeconds` (`int`, default: `10`)
 - `keepAliveTimeoutSeconds` (`int`, default: `10`)
 
 Validation:
-- `remotePort` must be `1..65535`
 - `keepAliveIntervalSeconds > 0`
 - `keepAliveTimeoutSeconds > 0`
 - `keepAliveTimeoutSeconds >= keepAliveIntervalSeconds`
@@ -178,7 +176,6 @@ spec:
       remote: 6006
   ssh:
     user: root
-    remotePort: 22
     persistentSession: true
     keepAliveIntervalSeconds: 30
     keepAliveTimeoutSeconds: 90

docs/index.md

@@ -1,21 +1,60 @@
 # okdev
 
-`okdev` is a CRD-less CLI for Kubernetes development sessions.
-It provisions and operates dev environments from `.okdev.yaml` using standard Pod/PVC resources.
+**CRD-less Kubernetes dev environments from a single manifest.**
 
-## Core Capabilities
+okdev provisions and operates dev sessions using standard Pod/PVC resources -- no operators, no CRDs, no cluster-side components.
 
-- PodSpec-driven environment definition
-- Multi-session workflow per repo/branch/user
-- Session setup via `okdev up` (SSH config, managed forwards, sync bootstrap)
-- Syncthing-based workspace synchronization
-- Reattach from any machine with kube access
+---
+
+## How it works
+
+```
+.okdev.yaml  -->  okdev up  -->  Pod + PVC + SSH + Sync
+```
+
+1. Define your environment in `.okdev.yaml` (image, volumes, ports, sync paths).
+2. Run `okdev up` to create the pod, configure SSH, and start file sync.
+3. Connect with `ssh okdev-<session>` or `okdev connect`.
+
+---
+
+## Key features
+
+| | |
+|---|---|
+| **One-command setup** | `okdev up` handles pod creation, SSH config, port forwarding, and sync |
+| **Persistent sessions** | tmux-backed shells survive disconnects by default |
+| **File sync** | Bidirectional Syncthing sync with exclude patterns |
+| **Port forwarding** | Declare ports in config, get automatic SSH `LocalForward` entries |
+| **Multi-session** | Run multiple environments per repo with named sessions |
+| **No cluster deps** | Works with any Kubernetes cluster -- RBAC for Pods and PVCs is all you need |
+
+---
+
+## Quick start
+
+```bash
+# Install
+curl -fsSL https://raw.githubusercontent.com/acmore/okdev/main/scripts/install.sh | sh
+
+# Initialize config
+okdev init
+
+# Start session
+okdev up
+
+# Connect
+ssh okdev-<session>
+```
+
+See the [Quickstart guide](quickstart.md) for details.
+
+---
 
 ## Documentation
 
-- [Quickstart](quickstart.md)
-- [Config Manifest](config-manifest.md)
-- [Command Reference](command-reference.md)
-- [Troubleshooting](troubleshooting.md)
-- [Release & Versioning](release.md)
-- [Repository](https://github.com/acmore/okdev)
+- [Quickstart](quickstart.md) -- install, configure, and launch your first session
+- [Config Manifest](config-manifest.md) -- full `.okdev.yaml` field reference
+- [Command Reference](command-reference.md) -- every CLI command and flag
+- [Troubleshooting](troubleshooting.md) -- common issues and fixes
+- [Release & Versioning](release.md) -- release process and image tags