Security improvements:
- SHA256 checksum verification for Ubuntu image downloads
- Strict input validation for all user inputs (git name/email, passwords)
- Blocks shell metacharacters to prevent injection attacks
- Config file created with restricted ACL from the start
- VNC password minimum increased to 8 characters
- Security reminder to remove cloud-init ISO after first boot
Reliability improvements:
- ARM64 architecture detection for Windows on ARM
- Log file creation for troubleshooting
- Automatic cleanup on failure (VM, disk, ISO)
- Hosts file backup before modification
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Rewrites setup_env_windows.ps1 to fully implement WINDOWS_PLAN.md with:
- Fixed cloud-init password handling using chpasswd
- Multiple ISO creation fallbacks (oscdimg/WSL/IMAPI2)
- Component skip parameters for VNC, PostgreSQL, Ollama, Playwright
- VNC password support via base64 encoding
- BITS transfer for reliable downloads
- SSH readiness checking before showing connection info
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Creates setup_env_windows.ps1 PowerShell script that:
- Provisions full Hyper-V VMs (not WSL2) for complete isolation
- Uses Ubuntu cloud images with cloud-init for automated setup
- Generates SSH keys for passwordless access
- Adds VMs to hosts file for easy <name>.local access
- Disables integration services by default for security
Hyper-V provides stronger isolation than WSL2:
- Separate kernel per VM
- Complete filesystem isolation (no /mnt/c mount)
- Own network stack (no firewall bypass)
- No ability to launch Windows programs from Linux
Also updates README with cross-platform quick start guides
and security comparison between WSL2 and Hyper-V.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
