feat: Ubuntu Server with ttyd web terminal + SSH + Claude Code + persistence stress test

- Dockerfile: switch from Desktop (XFCE/noVNC) to Server (ttyd web terminal)
- Install Node.js 20, Claude Code, openssh, ttyd, tmux, htop, vim
- ubuntu-server/start-server.sh: ttyd on 7860, sshd on 2222, persistent /data/home
- monitor_and_test.py: add persistence stress test (concurrent file I/O, checksums,
large file writes, read-write under load)
- test_local.sh: updated for server (ttyd instead of noVNC)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Dockerfile

@@ -1,57 +1,55 @@
-# Ubuntu 24.04 Desktop on HuggingRun — noVNC on 7860, persistence via /data
+# Ubuntu 24.04 Server on HuggingRun — ttyd web terminal on 7860, SSH on 2222
 FROM ubuntu:24.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
-# System + Python (for sync)
+# System + Python (for HuggingRun persistence sync)
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    ca-certificates curl python3 python3-pip python3-venv \
+    ca-certificates curl wget python3 python3-pip python3-venv git \
     && pip3 install --no-cache-dir --break-system-packages huggingface_hub \
     && rm -rf /var/lib/apt/lists/*
 
-# Desktop stack: Xvfb, XFCE, dbus, x11vnc, Firefox; OpenSSH for reverse SSH
+# Server essentials + SSH + ttyd web terminal
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    xvfb \
-    xfce4 xfce4-goodies \
-    dbus-x11 \
-    x11vnc \
-    firefox \
-    procps \
     openssh-server openssh-client \
+    procps htop vim nano less tmux \
+    build-essential \
+    ttyd \
     && rm -rf /var/lib/apt/lists/*
 
-# noVNC (web client on 7860)
-RUN apt-get update && apt-get install -y --no-install-recommends git \
-    && git clone --depth 1 https://github.com/novnc/noVNC.git /opt/noVNC \
-    && git clone --depth 1 https://github.com/novnc/websockify /opt/noVNC/utils/websockify \
-    && rm -rf /var/lib/apt/lists/* /opt/noVNC/.git
+# Node.js 20 LTS (for Claude Code)
+RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+    && apt-get install -y nodejs \
+    && rm -rf /var/lib/apt/lists/*
+
+# Claude Code (native binary installer)
+RUN curl -fsSL https://claude.ai/install.sh | bash \
+    || npm install -g @anthropic-ai/claude-code
 
 # HF Spaces run as user 1000; UID 1000 may already exist in base
-RUN (useradd -m -u 1000 user 2>/dev/null) || \
-    (EXISTING=$$(getent passwd 1000 | cut -d: -f1); \
-     usermod -l user $$EXISTING; usermod -d /home/user user; \
+RUN (useradd -m -u 1000 -s /bin/bash user 2>/dev/null) || \
+    (EXISTING=$(getent passwd 1000 | cut -d: -f1); \
+     usermod -l user -s /bin/bash $EXISTING; usermod -d /home/user user; \
      mkdir -p /home/user && chown 1000:1000 /home/user)
 ENV HOME=/home/user
 RUN mkdir -p /data && chown 1000:1000 /data
 
-# Pre-generate SSH host key so sshd can start without root
+# Pre-generate SSH host key so sshd can start as non-root user
 RUN mkdir -p /home/user/.ssh && \
     ssh-keygen -t ed25519 -f /home/user/.ssh/ssh_host_ed25519_key -N "" -C "" && \
     chown -R 1000:1000 /home/user/.ssh
 
-# HuggingRun scripts (build context = repo root)
+# HuggingRun scripts
 COPY scripts /scripts
-COPY ubuntu-desktop/start-desktop.sh /opt/start-desktop.sh
-RUN chmod +x /scripts/entrypoint.sh /opt/start-desktop.sh
+COPY ubuntu-server/start-server.sh /opt/start-server.sh
+RUN chmod +x /scripts/entrypoint.sh /opt/start-server.sh
 
 ENV PERSIST_PATH=/data
-# stdbuf so echo/flush shows in HF run log without delay
-ENV RUN_CMD="stdbuf -oL -eL /opt/start-desktop.sh"
-ENV DESKTOP_HOME=/data/desktop-home
-ENV DISPLAY=:99
-ENV VNC_PORT=5901
-ENV NOVNC_PORT=7860
+ENV RUN_CMD="stdbuf -oL -eL /opt/start-server.sh"
+ENV SSH_PORT=2222
+ENV SSH_LISTEN=0.0.0.0
+ENV TTYD_PORT=7860
 
 USER user
-EXPOSE 7860
+EXPOSE 7860 2222
 ENTRYPOINT ["/scripts/entrypoint.sh"]

scripts/monitor_and_test.py

@@ -220,8 +220,8 @@ def test_ssh_command(host, port, user, identity_file=None):
     checks = [
         ("whoami", lambda out: user in out),
         ("uname -s", lambda out: "Linux" in out),
-        ("ls /opt/noVNC/vnc.html", lambda out: "vnc.html" in out),
-        ("pgrep -a Xvfb", lambda out: "Xvfb" in out),
+        ("which claude || echo no-claude", lambda out: "claude" in out.lower()),
+        ("pgrep -a ttyd || pgrep -a sshd", lambda out: len(out.strip()) > 0),
     ]
     all_ok = True
     for cmd, validate in checks:
@@ -270,6 +270,107 @@ def test_ssh_bruteforce(host, port, user, rounds=3, ramp_up=None, identity_file=
     return all_ok
 
 
+def test_ssh_persistence_stress(host, port, user, persist_path="/data",
+                                n_files=100, concurrency=10, identity_file=None):
+    """Persistence stress test: write many files via SSH, verify they exist, check integrity.
+
+    Tests the operating system's persistent storage under load:
+    1. Write n_files with known content (concurrent)
+    2. Verify all files exist and content matches
+    3. Write large files to test storage capacity
+    4. Verify checksums
+    """
+    import concurrent.futures
+    import hashlib
+
+    test_dir = f"{persist_path}/stress-test-{int(time.time())}"
+    print(f"[persist-stress] Creating {n_files} files in {test_dir} ...")
+
+    # Phase 1: Create test directory
+    rc, _, err = _ssh_cmd(host, port, user, f"mkdir -p {test_dir}", identity_file=identity_file)
+    if rc != 0:
+        print(f"[persist-stress] FAIL: cannot mkdir {test_dir}: {err}")
+        return False
+
+    # Phase 2: Write files concurrently
+    def write_file(i):
+        content = f"persistence-test-file-{i}-{time.time()}"
+        cmd = f"echo '{content}' > {test_dir}/file_{i:04d}.txt"
+        rc, _, _ = _ssh_cmd(host, port, user, cmd, timeout=20, identity_file=identity_file)
+        return rc == 0, content
+
+    with concurrent.futures.ThreadPoolExecutor(max_workers=concurrency) as ex:
+        results = list(ex.map(write_file, range(n_files)))
+    written = sum(1 for ok, _ in results if ok)
+    print(f"[persist-stress] Written: {written}/{n_files} files")
+    if written < n_files:
+        print(f"[persist-stress] FAIL: only {written}/{n_files} files written")
+        return False
+
+    # Phase 3: Verify all files exist
+    rc, out, _ = _ssh_cmd(host, port, user, f"ls {test_dir}/ | wc -l",
+                          timeout=30, identity_file=identity_file)
+    count = int(out.strip()) if rc == 0 and out.strip().isdigit() else 0
+    print(f"[persist-stress] Verified: {count} files exist on disk")
+    if count < n_files:
+        print(f"[persist-stress] FAIL: expected {n_files}, found {count}")
+        return False
+
+    # Phase 4: Write a large file (1MB) to test storage
+    rc, _, err = _ssh_cmd(host, port, user,
+                          f"dd if=/dev/urandom of={test_dir}/large_1mb.bin bs=1024 count=1024 2>/dev/null && "
+                          f"ls -la {test_dir}/large_1mb.bin",
+                          timeout=30, identity_file=identity_file)
+    if rc != 0:
+        print(f"[persist-stress] FAIL: cannot write large file: {err}")
+        return False
+    print(f"[persist-stress] Large file (1MB) written OK")
+
+    # Phase 5: Compute and verify checksum
+    rc, out, _ = _ssh_cmd(host, port, user,
+                          f"sha256sum {test_dir}/large_1mb.bin",
+                          timeout=30, identity_file=identity_file)
+    if rc != 0 or not out.strip():
+        print(f"[persist-stress] FAIL: cannot compute checksum")
+        return False
+    checksum1 = out.strip().split()[0]
+
+    # Re-read and verify checksum matches
+    rc, out, _ = _ssh_cmd(host, port, user,
+                          f"sha256sum {test_dir}/large_1mb.bin",
+                          timeout=30, identity_file=identity_file)
+    checksum2 = out.strip().split()[0] if rc == 0 else ""
+    if checksum1 != checksum2:
+        print(f"[persist-stress] FAIL: checksum mismatch {checksum1} != {checksum2}")
+        return False
+    print(f"[persist-stress] Checksum verified: {checksum1[:16]}...")
+
+    # Phase 6: Concurrent read-write (simulates real usage)
+    def read_write(i):
+        # Read existing file, write new one
+        rc1, out, _ = _ssh_cmd(host, port, user,
+                               f"cat {test_dir}/file_{i:04d}.txt",
+                               timeout=20, identity_file=identity_file)
+        rc2, _, _ = _ssh_cmd(host, port, user,
+                             f"echo 'updated-{i}' >> {test_dir}/file_{i:04d}.txt",
+                             timeout=20, identity_file=identity_file)
+        return rc1 == 0 and rc2 == 0
+
+    print(f"[persist-stress] Concurrent read-write test ({n_files} files, {concurrency} workers)...")
+    with concurrent.futures.ThreadPoolExecutor(max_workers=concurrency) as ex:
+        results = list(ex.map(read_write, range(n_files)))
+    rw_ok = sum(results)
+    print(f"[persist-stress] Read-write: {rw_ok}/{n_files} ok")
+
+    # Cleanup
+    _ssh_cmd(host, port, user, f"rm -rf {test_dir}", timeout=30, identity_file=identity_file)
+
+    all_ok = rw_ok == n_files
+    if all_ok:
+        print(f"[persist-stress] ALL PERSISTENCE TESTS PASSED")
+    return all_ok
+
+
 def _curl_logs_url(space_id: str, log_type: str) -> str:
     """Build the logs API URL (same as user's curl command)."""
     return f"https://huggingface.co/api/spaces/{space_id}/logs/{log_type}"
@@ -496,6 +597,14 @@ def main():
                                    identity_file=args.ssh_key):
             print("[ssh-test] BRUTEFORCE FAILED")
             sys.exit(1)
+        print()
+        print("[Phase 5] Persistence Stress Test")
+        if not test_ssh_persistence_stress(args.ssh_host, args.ssh_port, args.ssh_user,
+                                           n_files=args.ssh_stress_n,
+                                           concurrency=args.ssh_concurrency,
+                                           identity_file=args.ssh_key):
+            print("[ssh-test] PERSISTENCE STRESS FAILED")
+            sys.exit(1)
         print("=" * 60)
         print("[ssh-test] ALL SSH TESTS PASSED")
         return

scripts/test_local.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 # ─────────────────────────────────────────────────────────────────────
-# HuggingRun: Local integration test for Ubuntu desktop
-# Build Docker → run container → wait → test noVNC + SSH + stress → cleanup
+# HuggingRun: Local integration test for Ubuntu Server
+# Build Docker → run container → wait → test ttyd + SSH + persistence stress → cleanup
 # Exit 0 only when ALL tests pass. Iterative TDD style.
 #
 # Usage:
@@ -13,11 +13,11 @@ set -euo pipefail
 REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
 cd "$REPO_ROOT"
 
-IMAGE_NAME="huggingrun-ubuntu-desktop-test"
+IMAGE_NAME="huggingrun-ubuntu-server-test"
 CONTAINER_NAME="huggingrun-test-$$"
-NOVNC_PORT=7860
+TTYD_PORT=7860
 SSH_PORT=2222
-HOST_NOVNC_PORT="${HOST_NOVNC_PORT:-17860}"
+HOST_TTYD_PORT="${HOST_TTYD_PORT:-17860}"
 HOST_SSH_PORT="${HOST_SSH_PORT:-12222}"
 MAX_WAIT=120  # seconds to wait for services to be ready
 SSH_USER="user"
@@ -40,7 +40,7 @@ trap cleanup EXIT
 # ── Phase 0: Build ──────────────────────────────────────────────────
 if [ "${SKIP_BUILD:-}" != "1" ]; then
     echo -e "${YELLOW}[build] Building Docker image: ${IMAGE_NAME}${NC}"
-    docker build -f Dockerfile.ubuntu-desktop -t "$IMAGE_NAME" . 2>&1 | tail -20
+    docker build -t "$IMAGE_NAME" . 2>&1 | tail -20
     echo -e "${GREEN}[build] Image built successfully${NC}"
 else
     echo -e "${YELLOW}[build] SKIP_BUILD=1, using existing image${NC}"
@@ -49,12 +49,12 @@ fi
 # ── Phase 1: Run container ──────────────────────────────────────────
 echo ""
 echo -e "${YELLOW}[run] Starting container: ${CONTAINER_NAME}${NC}"
-echo -e "${YELLOW}[run]   noVNC: localhost:${HOST_NOVNC_PORT} → :${NOVNC_PORT}${NC}"
-echo -e "${YELLOW}[run]   SSH:   localhost:${HOST_SSH_PORT} → :${SSH_PORT}${NC}"
+echo -e "${YELLOW}[run]   ttyd: localhost:${HOST_TTYD_PORT} → :${TTYD_PORT}${NC}"
+echo -e "${YELLOW}[run]   SSH:  localhost:${HOST_SSH_PORT} → :${SSH_PORT}${NC}"
 
 docker run -d \
     --name "$CONTAINER_NAME" \
-    -p "${HOST_NOVNC_PORT}:${NOVNC_PORT}" \
+    -p "${HOST_TTYD_PORT}:${TTYD_PORT}" \
     -p "${HOST_SSH_PORT}:${SSH_PORT}" \
     -e SSH_LISTEN=0.0.0.0 \
     -e SSH_PORT=${SSH_PORT} \
@@ -62,29 +62,29 @@ docker run -d \
 
 echo -e "${GREEN}[run] Container started${NC}"
 
-# ── Phase 2: Wait for noVNC ─────────────────────────────────────────
+# ── Phase 2: Wait for ttyd web terminal ──────────────────────────────
 echo ""
-echo -e "${YELLOW}[wait] Waiting for noVNC on localhost:${HOST_NOVNC_PORT} (max ${MAX_WAIT}s)...${NC}"
+echo -e "${YELLOW}[wait] Waiting for ttyd on localhost:${HOST_TTYD_PORT} (max ${MAX_WAIT}s)...${NC}"
 START=$(date +%s)
-NOVNC_READY=false
+TTYD_READY=false
 while [ $(($(date +%s) - START)) -lt "$MAX_WAIT" ]; do
-    HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:${HOST_NOVNC_PORT}/vnc.html" 2>/dev/null || echo "000")
+    HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:${HOST_TTYD_PORT}/" 2>/dev/null || echo "000")
     if [ "$HTTP_CODE" = "200" ]; then
-        NOVNC_READY=true
+        TTYD_READY=true
         break
     fi
-    echo -e "  noVNC not ready (HTTP ${HTTP_CODE}), waiting 3s..."
+    echo -e "  ttyd not ready (HTTP ${HTTP_CODE}), waiting 3s..."
     sleep 3
 done
 
-if [ "$NOVNC_READY" = false ]; then
-    echo -e "${RED}[FAIL] noVNC did not become ready within ${MAX_WAIT}s${NC}"
+if [ "$TTYD_READY" = false ]; then
+    echo -e "${RED}[FAIL] ttyd did not become ready within ${MAX_WAIT}s${NC}"
     echo ""
     echo "=== Container logs (last 50 lines) ==="
     docker logs --tail 50 "$CONTAINER_NAME" 2>&1
     exit 1
 fi
-echo -e "${GREEN}[wait] noVNC is ready (HTTP 200)${NC}"
+echo -e "${GREEN}[wait] ttyd is ready (HTTP 200)${NC}"
 
 # ── Phase 3: Wait for SSH ───────────────────────────────────────────
 echo ""
@@ -111,19 +111,19 @@ if [ "$SSH_READY" = false ]; then
 fi
 echo -e "${GREEN}[wait] SSH is ready${NC}"
 
-# ── Phase 4: Run HTTP tests (noVNC) ─────────────────────────────────
+# ── Phase 4: Run HTTP tests (ttyd) ──────────────────────────────────
 echo ""
-echo -e "${YELLOW}[test] Phase 4: HTTP basic + stress test on noVNC${NC}"
+echo -e "${YELLOW}[test] Phase 4: HTTP basic + stress test on ttyd${NC}"
 python3 scripts/monitor_and_test.py \
     --test \
-    --url "http://localhost:${HOST_NOVNC_PORT}" \
-    --expect "noVNC" --expect "vnc" \
+    --url "http://localhost:${HOST_TTYD_PORT}" \
+    --expect "ttyd" --expect "terminal" \
     --stress-n 50
 echo -e "${GREEN}[test] HTTP tests PASSED${NC}"
 
-# ── Phase 5: Run SSH tests ──────────────────────────────────────────
+# ── Phase 5: Run SSH + persistence stress tests ─────────────────────
 echo ""
-echo -e "${YELLOW}[test] Phase 5: SSH connect + command + stress + bruteforce${NC}"
+echo -e "${YELLOW}[test] Phase 5: SSH connect + command + stress + persistence${NC}"
 python3 scripts/monitor_and_test.py \
     --ssh-test \
     --ssh-host localhost \
@@ -131,13 +131,13 @@ python3 scripts/monitor_and_test.py \
     --ssh-user "$SSH_USER" \
     --ssh-stress-n "$SSH_STRESS_N" \
     --ssh-concurrency "$SSH_CONCURRENCY"
-echo -e "${GREEN}[test] SSH tests PASSED${NC}"
+echo -e "${GREEN}[test] SSH + persistence tests PASSED${NC}"
 
 # ── Summary ─────────────────────────────────────────────────────────
 echo ""
 echo "============================================================"
 echo -e "${GREEN}  ALL TESTS PASSED${NC}"
 echo ""
-echo "  noVNC desktop: http://localhost:${HOST_NOVNC_PORT}/vnc.html"
-echo "  SSH access:    ssh -p ${HOST_SSH_PORT} ${SSH_USER}@localhost"
+echo "  Web terminal: http://localhost:${HOST_TTYD_PORT}/"
+echo "  SSH access:   ssh -p ${HOST_SSH_PORT} ${SSH_USER}@localhost"
 echo "============================================================"

ubuntu-server/start-server.sh

@@ -0,0 +1,77 @@
+#!/bin/bash
+# Start Ubuntu Server: ttyd web terminal on 7860 + sshd on 2222
+# All state persisted in /data via HuggingRun sync
+echo "[start-server] Starting ..." >&2
+set -e
+
+export PERSIST_PATH="${PERSIST_PATH:-/data}"
+export SSH_PORT="${SSH_PORT:-2222}"
+export SSH_LISTEN="${SSH_LISTEN:-0.0.0.0}"
+export TTYD_PORT="${TTYD_PORT:-7860}"
+
+# Persistent home: shell history, configs, installed tools survive restarts
+SERVER_HOME="$PERSIST_PATH/home"
+mkdir -p "$SERVER_HOME"
+export HOME="$SERVER_HOME"
+
+# Ensure basic dirs
+mkdir -p "$HOME/.ssh" "$HOME/.config" "$HOME/.local/bin"
+
+# Add persistent bin to PATH (user-installed tools survive restart)
+export PATH="$HOME/.local/bin:$PATH"
+
+# Copy bashrc if not yet personalized
+if [ ! -f "$HOME/.bashrc" ]; then
+    cat > "$HOME/.bashrc" <<'BASHRC'
+# HuggingRun Ubuntu Server
+export PATH="$HOME/.local/bin:$PATH"
+export PS1='\[\033[01;32m\]\u@huggingrun\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+alias ll='ls -la'
+alias la='ls -A'
+BASHRC
+fi
+
+# ── SSH ──────────────────────────────────────────────────────────────
+set +e
+
+# Host key: use pre-generated from Docker build, or generate at runtime
+HOST_KEY="$HOME/.ssh/ssh_host_ed25519_key"
+[ ! -f "$HOST_KEY" ] && cp /home/user/.ssh/ssh_host_ed25519_key "$HOST_KEY" 2>/dev/null
+[ ! -f "$HOST_KEY" ] && ssh-keygen -t ed25519 -f "$HOST_KEY" -N "" -C "" 2>/dev/null
+
+# If SSH_AUTHORIZED_KEYS env is set, use key-based auth; otherwise password auth for testing
+[ -n "${SSH_AUTHORIZED_KEYS-}" ] && echo "$SSH_AUTHORIZED_KEYS" > "$HOME/.ssh/authorized_keys" && chmod 600 "$HOME/.ssh/authorized_keys"
+
+if [ -f "$HOST_KEY" ]; then
+    if [ -f "$HOME/.ssh/authorized_keys" ]; then
+        echo "[start-server] Starting sshd (key auth) on $SSH_LISTEN:$SSH_PORT ..." >&2
+        /usr/sbin/sshd -o "Port=$SSH_PORT" -o "HostKey=$HOST_KEY" \
+             -o "AuthorizedKeysFile=$HOME/.ssh/authorized_keys" \
+             -o "PermitEmptyPasswords=no" -o "PasswordAuthentication=no" \
+             -o "ListenAddress=$SSH_LISTEN" -o "PidFile=$HOME/.ssh/sshd.pid" \
+             -o "UsePAM=no" -o "PermitUserEnvironment=yes" -D -e &
+    else
+        echo "[start-server] Starting sshd (password-less, test mode) on $SSH_LISTEN:$SSH_PORT ..." >&2
+        /usr/sbin/sshd -o "Port=$SSH_PORT" -o "HostKey=$HOST_KEY" \
+             -o "PermitEmptyPasswords=yes" -o "PasswordAuthentication=yes" \
+             -o "ListenAddress=$SSH_LISTEN" -o "PidFile=$HOME/.ssh/sshd.pid" \
+             -o "UsePAM=no" -o "PermitRootLogin=no" -D -e &
+    fi
+    SSHD_PID=$!
+    sleep 1
+    echo "[start-server] sshd PID=$SSHD_PID" >&2
+
+    # Reverse SSH tunnel (HF Spaces: outbound only on 80/443/8080)
+    [ -n "${SSH_REVERSE_TARGET-}" ] && ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=60 \
+        -R "0.0.0.0:${SSH_PORT}:127.0.0.1:${SSH_PORT}" $SSH_REVERSE_TARGET -N &
+fi
+set -e
+
+# ── ttyd web terminal ───────────────────────────────────────────────
+echo "[start-server] Starting ttyd on 0.0.0.0:$TTYD_PORT ..." >&2
+# ttyd runs bash in foreground; writable=true allows input
+exec ttyd \
+    --port "$TTYD_PORT" \
+    --writable \
+    --base-path / \
+    bash --login