fix(apple-container): file mounts, host.docker.internal, user mapping#2609
Open
CashQ wants to merge 27 commits into
Open
fix(apple-container): file mounts, host.docker.internal, user mapping#2609CashQ wants to merge 27 commits into
CashQ wants to merge 27 commits into
Conversation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
# Conflicts: # src/container-runner.ts
Pino was replaced with a built-in logger on main. For branches with baileys (WhatsApp), pino resolves as a transitive dependency of @whiskeysockets/baileys. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Picks up main's changes while preserving Apple Container runtime: - Built-in logger replacing pino/pino-pretty - Removed unused deps (yaml, zod, @vitest/coverage-v8) - stopContainer bug fix (exec wrapper removed) - Kept branch's credential proxy (not OneCLI) and Apple Container runtime commands Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Detect host gateway via bridge100/bridge0 interface instead of hardcoded host.docker.internal (not available in Apple Container VMs) - Bind credential proxy to 0.0.0.0 so VMs can reach it via bridge network - Export PROXY_BIND_HOST for credential proxy to use - Remove /dev/null .env shadow mount — Apple Container only supports directory mounts; entrypoint handles .env shadowing via mount --bind Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Binding to 0.0.0.0 exposed the credential proxy (which holds API keys/OAuth tokens) to the entire local network. Now binds to the bridge interface IP (same as CONTAINER_HOST_GATEWAY) so only Apple Container VMs can reach it. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fix: Apple Container networking and .env mount
bridge100 only exists while containers run, but the credential proxy must start before any container. Binding to the bridge IP fails with EADDRNOTAVAIL on cold boot and first-time setup. Fail immediately with a clear error pointing to /convert-to-apple-container, which guides users through setting CREDENTIAL_PROXY_HOST and optionally configuring a macOS firewall rule on untrusted networks. Co-Authored-By: MrBlaise <3867275+MrBlaise@users.noreply.github.com> Co-Authored-By: lbsnrs <47463+lbsnrs@users.noreply.github.com> Co-Authored-By: spencer-whitman <28708638+spencer-whitman@users.noreply.github.com> Co-Authored-By: lazure-ocean <43110733+lazure-ocean@users.noreply.github.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…oxy-bind fix: require CREDENTIAL_PROXY_HOST for Apple Container networking
Adapts the upstream skill branch to HEAD's OneCLI-based architecture
(install-slug labels, peer agent-group model). Key decisions:
- src/container-runtime.ts: switched docker → container CLI (system
status/start, --mount type=bind syntax, JSON ls --all output for
orphan cleanup). Install-label scoping preserved via JSON labels.
- src/container-runner.ts: dropped the fork's credential-proxy env
injection — HEAD uses OneCLI, not the proxy. Removed unused isMain
branch (HEAD has no "main group" concept).
- src/config.ts: added CREDENTIAL_PROXY_PORT (kept for the defensive
entrypoint mount-bind path), kept HEAD's install-slug architecture.
- container/Dockerfile: removed USER node (need root for mount --bind),
added util-linux for setpriv, kept modern Bun + CJK opt-in.
- container/entrypoint.sh: added mount --bind /dev/null .env defense
and setpriv privilege-drop path; preserved existing bun run entry.
- container/build.sh: default runtime is now container.
- Deleted src/credential-proxy.{ts,test.ts} — HEAD uses OneCLI.
Skipped skill Phase 3 (CREDENTIAL_PROXY_HOST=0.0.0.0 + firewall) —
that env only existed to satisfy a module-load throw from the fork's
credential-proxy, which HEAD doesn't have.
Verified: pnpm build clean, 371/371 tests pass, image built, ro/rw
mounts work, image has setpriv + bun 1.3.12.
Adds Telegram as a chat channel alongside CLI. Includes: - telegram.ts: channel implementation using @chat-adapter/telegram - telegram-pairing.ts: device-pairing flow for linking bot to install - telegram-markdown-sanitize.ts: escapes markdown for Telegram MarkdownV2 - Self-registration via channels/index.ts import
Three issues prevented agent containers from starting under Apple Container after the runtime swap: 1. File mounts crashed before container start. Apple Container's --mount type=bind rejects file (non-directory) sources: "path '...' is not a directory". The -v syntax accepts both files and dirs with proper readonly enforcement. Switch readonlyMountArgs to '-v src:dst:ro'. 2. host.docker.internal didn't resolve inside the container. OneCLI returns HTTPS_PROXY=http://...@host.docker.internal:10255 and Apple Container has no --add-host flag. Patch /etc/hosts inside the container before exec'ing bun, mapping host.docker.internal to the bridge gateway (default 192.168.64.1). 3. The --user flag prevented the /etc/hosts patch from running. Switch from passing --user to passing RUN_UID/RUN_GID env vars; the bash -c entry runs as root, writes /etc/hosts, then setpriv-drops to the requested uid/gid before exec'ing the agent-runner. Note: the existing container/entrypoint.sh is bypassed by --entrypoint bash in v2 (no stdin, IO via session DB), so the setup logic now lives in the bash -c command in buildContainerArgs. Verified: 371/371 tests pass; manual container run shows /etc/hosts patched, setpriv drops to uid 501 gid 20, and host.docker.internal resolves to the bridge IP.
groups/global/CLAUDE.md and groups/main/CLAUDE.md described the v1 architecture (single "Main" agent, /workspace/project/store with messages.db, registered_groups table, "main channel with elevated privileges"). v2 replaced this with the peer agent-group model — groups live at groups/<folder>/ per agent, no "main channel" concept. The files were leftover from an earlier setup-skill run.
github-actions
Bot
added
the
follows-guidelines
CashQ
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Type of Change
.claude/skills/<name>/, no source changes)Description
For Skills