Atlus runs as root (systemd) but user-facing processes must run under the
authenticated user's identity. Added privilege-dropping via preexec_fn
(os.setgid + os.initgroups + os.setuid) to both terminal PTY spawning
and GUI app launching. System admin operations (services, packages,
network, updates) intentionally remain root.
Autostart apps now support a configurable default_user; without one set,
autostart defers until the first user logs in and runs as that user.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix asyncio.get_event_loop() → get_running_loop() in PTY reader
- Add error logging for PTY spawn failures
- Add POST /api/session/state endpoint for sendBeacon (beforeunload)
- Use navigator.sendBeacon for reliable state save on page close
- Improve frontend error reporting when terminal creation fails
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PTY terminals now survive browser refresh and close. Session manager
owns PTY lifecycle independently of WebSocket connections, with
background readers storing scrollback for replay on reconnect. Desktop
state (open apps, active app, terminal tabs) persists server-side and
restores automatically on login. Auth tokens moved to localStorage.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
