fix(shell): keep bootstrap auth and keys out of image layers

Author: skulidropek

packages/lib/src/core/templates-entrypoint/codex.ts

@@ -30,7 +30,13 @@ if [[ "$CODEX_SHARE_AUTH" == "1" ]]; then
   if [[ "$CODEX_LABEL_NORM" != "default" ]]; then
     SHARED_AUTH_FILE="$CODEX_SHARED_HOME/$CODEX_LABEL_NORM/auth.json"; SHARED_AUTH_SEED="$DOCKER_GIT_CODEX_AUTH_ROOT/$CODEX_LABEL_NORM/auth.json"; mkdir -p "$(dirname "$SHARED_AUTH_FILE")"
   fi
-  if [[ ! -f "$SHARED_AUTH_FILE" && -f "$SHARED_AUTH_SEED" ]]; then cp "$SHARED_AUTH_SEED" "$SHARED_AUTH_FILE"; chmod 600 "$SHARED_AUTH_FILE" || true; chown 1000:1000 "$SHARED_AUTH_FILE" || true; fi
+  if [[ -f "$SHARED_AUTH_SEED" ]]; then
+    cp "$SHARED_AUTH_SEED" "$SHARED_AUTH_FILE"
+    chmod 600 "$SHARED_AUTH_FILE" || true
+    chown 1000:1000 "$SHARED_AUTH_FILE" || true
+  else
+    rm -f "$SHARED_AUTH_FILE" || true
+  fi
   # Guard against a bad bind mount creating a directory at auth.json.
   if [[ -d "$AUTH_FILE" ]]; then
     mv "$AUTH_FILE" "$AUTH_FILE.bak-$(date +%s)" || true

packages/lib/src/core/templates-entrypoint/nested-docker-git.ts

@@ -10,27 +10,39 @@ DOCKER_GIT_ENV_GLOBAL="$DOCKER_GIT_ENV_DIR/global.env"
 DOCKER_GIT_ENV_PROJECT="$DOCKER_GIT_ENV_DIR/project.env"
 DOCKER_GIT_AUTH_KEYS="$DOCKER_GIT_HOME/authorized_keys"
 BOOTSTRAP_ROOT="/opt/docker-git/bootstrap"
-BOOTSTRAP_ORCH_ROOT="$BOOTSTRAP_ROOT/.orch"
-BOOTSTRAP_AUTH_KEYS="$BOOTSTRAP_ROOT/authorized_keys"
-BOOTSTRAP_CODEX_AUTH_DIR="$BOOTSTRAP_ORCH_ROOT/auth/codex"
-BOOTSTRAP_CLAUDE_AUTH_DIR="$BOOTSTRAP_ORCH_ROOT/auth/claude"
-BOOTSTRAP_ENV_GLOBAL="$BOOTSTRAP_ORCH_ROOT/env/global.env"
-BOOTSTRAP_ENV_PROJECT="$BOOTSTRAP_ORCH_ROOT/env/project.env"
+BOOTSTRAP_SOURCE_ROOT="$BOOTSTRAP_ROOT/source"
+BOOTSTRAP_AUTH_KEYS="$BOOTSTRAP_SOURCE_ROOT/authorized-keys/__AUTHORIZED_KEYS_BASENAME__"
+BOOTSTRAP_CODEX_AUTH_DIR="$BOOTSTRAP_SOURCE_ROOT/project-auth/codex"
+BOOTSTRAP_CODEX_SHARED_AUTH_DIR="$BOOTSTRAP_SOURCE_ROOT/shared-auth/codex"
+BOOTSTRAP_CLAUDE_AUTH_DIR="$BOOTSTRAP_SOURCE_ROOT/project-auth/claude"
+BOOTSTRAP_ENV_GLOBAL="$BOOTSTRAP_SOURCE_ROOT/env-global/__ENV_GLOBAL_BASENAME__"
+BOOTSTRAP_ENV_PROJECT="$BOOTSTRAP_SOURCE_ROOT/env-project/__ENV_PROJECT_BASENAME__"
 
 mkdir -p "$DOCKER_GIT_AUTH_DIR" "$DOCKER_GIT_CLAUDE_AUTH_DIR" "$DOCKER_GIT_ENV_DIR" "$DOCKER_GIT_HOME/.orch/auth/gh"
 
-copy_if_missing_file() {
+sync_file_if_present() {
   local source="$1"
   local target="$2"
-  if [[ ! -f "$source" || -e "$target" ]]; then
+  if [[ ! -f "$source" ]]; then
     return 1
   fi
   mkdir -p "$(dirname "$target")"
   cp "$source" "$target"
   return 0
 }
 
-copy_dir_missing_entries() {
+sync_file_or_remove() {
+  local source="$1"
+  local target="$2"
+  if [[ -f "$source" ]]; then
+    sync_file_if_present "$source" "$target"
+    return 0
+  fi
+  rm -f "$target" || true
+  return 1
+}
+
+sync_dir_entries() {
   local source="$1"
   local target="$2"
   if [[ ! -d "$source" ]]; then
@@ -45,29 +57,56 @@ copy_dir_missing_entries() {
     local target_entry="$target/$entry"
     if [[ -d "$source_entry" ]]; then
       mkdir -p "$target_entry"
-    elif [[ -f "$source_entry" && ! -e "$target_entry" ]]; then
+    elif [[ -f "$source_entry" ]]; then
       mkdir -p "$(dirname "$target_entry")"
       cp "$source_entry" "$target_entry"
     fi
   done
 }
 
+sync_labeled_auth_files() {
+  local source_root="$1"
+  local target_root="$2"
+
+  sync_file_or_remove "$source_root/auth.json" "$target_root/auth.json" || true
+
+  if [[ -d "$source_root" ]]; then
+    (
+      cd "$source_root"
+      find . -mindepth 1 -maxdepth 1 -type d -print
+    ) | while IFS= read -r entry; do
+      sync_file_or_remove "$source_root/$entry/auth.json" "$target_root/$entry/auth.json" || true
+    done
+  fi
+
+  if [[ -d "$target_root" ]]; then
+    (
+      cd "$target_root"
+      find . -mindepth 1 -maxdepth 1 -type d -print
+    ) | while IFS= read -r entry; do
+      if [[ ! -d "$source_root/$entry" ]]; then
+        rm -f "$target_root/$entry/auth.json" || true
+      fi
+    done
+  fi
+}
+
 if [[ ! -f "$DOCKER_GIT_AUTH_KEYS" && -f "/home/__SSH_USER__/.ssh/authorized_keys" ]]; then
   cp "/home/__SSH_USER__/.ssh/authorized_keys" "$DOCKER_GIT_AUTH_KEYS"
 fi
-copy_if_missing_file "$BOOTSTRAP_AUTH_KEYS" "$DOCKER_GIT_AUTH_KEYS" || true
+sync_file_if_present "$BOOTSTRAP_AUTH_KEYS" "$DOCKER_GIT_AUTH_KEYS" || true
 if [[ -f "$DOCKER_GIT_AUTH_KEYS" ]]; then
   chmod 600 "$DOCKER_GIT_AUTH_KEYS" || true
 fi
 
-copy_if_missing_file "$BOOTSTRAP_ENV_GLOBAL" "$DOCKER_GIT_ENV_GLOBAL" || true
+sync_file_if_present "$BOOTSTRAP_ENV_GLOBAL" "$DOCKER_GIT_ENV_GLOBAL" || true
 if [[ ! -f "$DOCKER_GIT_ENV_GLOBAL" ]]; then
   cat <<'EOF' > "$DOCKER_GIT_ENV_GLOBAL"
 # docker-git env
 # KEY=value
 EOF
 fi
-copy_if_missing_file "$BOOTSTRAP_ENV_PROJECT" "$DOCKER_GIT_ENV_PROJECT" || true
+sync_file_if_present "$BOOTSTRAP_ENV_PROJECT" "$DOCKER_GIT_ENV_PROJECT" || true
 if [[ ! -f "$DOCKER_GIT_ENV_PROJECT" ]]; then
   cat <<'EOF' > "$DOCKER_GIT_ENV_PROJECT"
 # docker-git project env defaults
@@ -108,8 +147,9 @@ copy_if_distinct_file() {
   return 0
 }
 
-copy_dir_missing_entries "$BOOTSTRAP_CODEX_AUTH_DIR" "$DOCKER_GIT_AUTH_DIR"
-copy_dir_missing_entries "$BOOTSTRAP_CLAUDE_AUTH_DIR" "$DOCKER_GIT_CLAUDE_AUTH_DIR"
+sync_dir_entries "$BOOTSTRAP_CODEX_AUTH_DIR" "$DOCKER_GIT_AUTH_DIR"
+sync_labeled_auth_files "$BOOTSTRAP_CODEX_SHARED_AUTH_DIR" "$DOCKER_GIT_AUTH_DIR"
+sync_dir_entries "$BOOTSTRAP_CLAUDE_AUTH_DIR" "$DOCKER_GIT_CLAUDE_AUTH_DIR"
 
 if [[ -n "$GH_TOKEN" ]]; then
   upsert_env_var "$DOCKER_GIT_ENV_GLOBAL" "GH_TOKEN" "$GH_TOKEN"
@@ -129,6 +169,8 @@ if [[ -f "$SOURCE_SHARED_AUTH" ]]; then
   copy_if_distinct_file "$SOURCE_SHARED_AUTH" "$DOCKER_GIT_AUTH_DIR/auth.json" || true
 elif [[ -f "$SOURCE_LOCAL_AUTH" ]]; then
   copy_if_distinct_file "$SOURCE_LOCAL_AUTH" "$DOCKER_GIT_AUTH_DIR/auth.json" || true
+else
+  rm -f "$DOCKER_GIT_AUTH_DIR/auth.json" || true
 fi
 if [[ -f "$DOCKER_GIT_AUTH_DIR/auth.json" ]]; then
   chmod 600 "$DOCKER_GIT_AUTH_DIR/auth.json" || true
@@ -139,4 +181,7 @@ chown -R 1000:1000 "$DOCKER_GIT_HOME" || true`
 export const renderEntrypointDockerGitBootstrap = (config: TemplateConfig): string =>
   entrypointDockerGitBootstrapTemplate
     .replaceAll("__SSH_USER__", config.sshUser)
+    .replaceAll("__AUTHORIZED_KEYS_BASENAME__", config.authorizedKeysPath.replaceAll("\\", "/").split("/").at(-1) ?? "authorized_keys")
+    .replaceAll("__ENV_GLOBAL_BASENAME__", config.envGlobalPath.replaceAll("\\", "/").split("/").at(-1) ?? "global.env")
+    .replaceAll("__ENV_PROJECT_BASENAME__", config.envProjectPath.replaceAll("\\", "/").split("/").at(-1) ?? "project.env")
     .replaceAll("__CODEX_HOME__", config.codexHome)

packages/lib/src/core/templates.ts

@@ -25,6 +25,10 @@ authorized_keys
 
 const renderDockerignore = (): string =>
   `# docker-git build context
+authorized_keys
+.orch/env/
+.orch/auth/codex/
+.orch/auth/claude/
 .orch/auth/codex/log/
 .orch/auth/codex/tmp/
 .orch/auth/codex/sessions/

packages/lib/src/core/templates/docker-compose.ts

@@ -17,10 +17,15 @@ type ComposeFragments = {
   readonly maybeDependsOn: string
   readonly maybePlaywrightEnv: string
   readonly maybeBrowserService: string
+  readonly maybeBrowserVolume: string
+  readonly maybeBootstrapMounts: string
   readonly forkRepoUrl: string
 }
 
-type PlaywrightFragments = Pick<ComposeFragments, "maybeDependsOn" | "maybePlaywrightEnv" | "maybeBrowserService">
+type PlaywrightFragments = Pick<
+  ComposeFragments,
+  "maybeDependsOn" | "maybePlaywrightEnv" | "maybeBrowserService" | "maybeBrowserVolume"
+>
 
 const sharedCodexVolumeKey = "docker_git_shared_codex"
 const sharedCacheVolumeKey = "docker_git_shared_cache"
@@ -54,6 +59,50 @@ const renderResourceLimits = (resourceLimits: ResolvedComposeResourceLimits | un
   resourceLimits === undefined
     ? ""
     : `    cpus: ${resourceLimits.cpuLimit}\n    mem_limit: "${resourceLimits.ramLimit}"\n    memswap_limit: "${resourceLimits.ramLimit}"\n`
+
+const renderProjectHostPath = (value: string): string => {
+  if (value.startsWith("/")) {
+    return value
+  }
+
+  const normalized = value.startsWith("./") ? value.slice(2) : value
+  return `\${DOCKER_GIT_PROJECT_DIR_HOST:-.}/${normalized}`
+}
+
+const splitPath = (value: string): { readonly dir: string; readonly base: string } => {
+  const normalized = value.replaceAll("\\", "/")
+  const separatorIndex = normalized.lastIndexOf("/")
+  if (separatorIndex === -1) {
+    return { dir: ".", base: normalized }
+  }
+  return {
+    dir: separatorIndex === 0 ? "/" : normalized.slice(0, separatorIndex),
+    base: normalized.slice(separatorIndex + 1)
+  }
+}
+
+const renderClaudeBootstrapSourceDir = (codexAuthPath: string): string => {
+  const normalized = codexAuthPath.replaceAll("\\", "/")
+  const separatorIndex = normalized.lastIndexOf("/")
+  const authRoot = separatorIndex === -1 ? ".orch/auth" : normalized.slice(0, separatorIndex)
+  return `${authRoot}/claude`
+}
+
+const renderBootstrapMounts = (config: TemplateConfig): string => {
+  const authorizedKeys = splitPath(config.authorizedKeysPath)
+  const envGlobal = splitPath(config.envGlobalPath)
+  const envProject = splitPath(config.envProjectPath)
+
+  return [
+    `      - ${renderProjectHostPath(authorizedKeys.dir)}:/opt/docker-git/bootstrap/source/authorized-keys:ro`,
+    `      - ${renderProjectHostPath(envGlobal.dir)}:/opt/docker-git/bootstrap/source/env-global:ro`,
+    `      - ${renderProjectHostPath(envProject.dir)}:/opt/docker-git/bootstrap/source/env-project:ro`,
+    `      - ${renderProjectHostPath(config.codexAuthPath)}:/opt/docker-git/bootstrap/source/project-auth/codex:ro`,
+    `      - ${renderProjectHostPath(renderClaudeBootstrapSourceDir(config.codexAuthPath))}:/opt/docker-git/bootstrap/source/project-auth/claude:ro`,
+    `      - ${renderProjectHostPath(config.codexSharedAuthPath)}:/opt/docker-git/bootstrap/source/shared-auth/codex:ro`
+  ].join("\n")
+}
+
 const buildPlaywrightFragments = (
   config: TemplateConfig,
   networkName: string,
@@ -63,7 +112,8 @@ const buildPlaywrightFragments = (
     return {
       maybeDependsOn: "",
       maybePlaywrightEnv: "",
-      maybeBrowserService: ""
+      maybeBrowserService: "",
+      maybeBrowserVolume: ""
     }
   }
 
@@ -80,7 +130,8 @@ const buildPlaywrightFragments = (
     maybeBrowserService:
       `\n  ${browserServiceName}:\n    build:\n      context: .\n      dockerfile: ${browserDockerfile}\n    container_name: ${browserContainerName}\n    restart: unless-stopped\n${
         renderResourceLimits(resourceLimits)
-      }    environment:\n      VNC_NOPW: "1"\n    shm_size: "2gb"\n    expose:\n      - "9223"\n    volumes:\n      - ${browserVolumeName}:/data\n    networks:\n      - ${networkName}\n`
+      }    environment:\n      VNC_NOPW: "1"\n    shm_size: "2gb"\n    expose:\n      - "9223"\n    volumes:\n      - ${browserVolumeName}:/data\n    networks:\n      - ${networkName}\n`,
+    maybeBrowserVolume: `  ${browserVolumeName}:`
   }
 }
 
@@ -112,6 +163,8 @@ const buildComposeFragments = (
     maybeDependsOn: playwright.maybeDependsOn,
     maybePlaywrightEnv: playwright.maybePlaywrightEnv,
     maybeBrowserService: playwright.maybeBrowserService,
+    maybeBrowserVolume: playwright.maybeBrowserVolume,
+    maybeBootstrapMounts: renderBootstrapMounts(config),
     forkRepoUrl
   }
 }
@@ -144,6 +197,7 @@ ${renderResourceLimits(resourceLimits)}    volumes:
       - ${config.volumeName}:/home/${config.sshUser}
       - ${sharedCacheVolumeKey}:/home/${config.sshUser}/.docker-git/.cache
       - ${sharedCodexVolumeKey}:${config.codexHome}-shared
+${fragments.maybeBootstrapMounts}
       - /var/run/docker.sock:/var/run/docker.sock
     networks:
       - ${fragments.networkName}
@@ -161,7 +215,7 @@ const renderComposeNetworks = (
   ${networkName}:
     driver: bridge`
 
-const renderComposeVolumes = (config: TemplateConfig, enableMcpPlaywright: boolean): string =>
+const renderComposeVolumes = (config: TemplateConfig, maybeBrowserVolume: string): string =>
   [
     "volumes:",
     `  ${config.volumeName}:`,
@@ -171,8 +225,8 @@ const renderComposeVolumes = (config: TemplateConfig, enableMcpPlaywright: boole
     `  ${sharedCodexVolumeKey}:`,
     "    external: true",
     `    name: ${dockerGitSharedCodexVolumeName}`,
-    ...(enableMcpPlaywright ? [`  ${config.volumeName}-browser:`] : [])
-  ].join("\n")
+    maybeBrowserVolume
+  ].filter((entry) => entry.length > 0).join("\n")
 
 export const renderDockerCompose = (
   config: TemplateConfig,
@@ -182,6 +236,6 @@ export const renderDockerCompose = (
   return [
     renderComposeServices(config, fragments, resourceLimits),
     renderComposeNetworks(fragments.networkMode, fragments.networkName),
-    renderComposeVolumes(config, config.enableMcpPlaywright)
+    renderComposeVolumes(config, fragments.maybeBrowserVolume)
   ].join("\n\n")
 }

packages/lib/src/core/templates/dockerfile.ts

@@ -222,9 +222,13 @@ RUN mkdir -p ${config.targetDir} \
   && chown -R 1000:1000 /home/${config.sshUser} \
   && if [ "${config.targetDir}" != "/" ]; then chown -R 1000:1000 "${config.targetDir}"; fi
 
-RUN mkdir -p /opt/docker-git/bootstrap
-COPY authorized_keys /opt/docker-git/bootstrap/authorized_keys
-COPY .orch /opt/docker-git/bootstrap/.orch
+RUN mkdir -p /opt/docker-git/bootstrap/.orch/auth/codex \
+  /opt/docker-git/bootstrap/.orch/auth/codex-shared \
+  /opt/docker-git/bootstrap/.orch/auth/claude \
+  /opt/docker-git/bootstrap/.orch/env \
+  && touch /opt/docker-git/bootstrap/authorized_keys \
+  /opt/docker-git/bootstrap/.orch/env/global.env \
+  /opt/docker-git/bootstrap/.orch/env/project.env
 
 COPY entrypoint.sh /entrypoint.sh
 RUN sed -i 's/\r$//' /entrypoint.sh && chmod +x /entrypoint.sh

packages/lib/src/shell/docker-compose-env.ts

@@ -24,10 +24,18 @@ export const resolveDockerComposeEnv = (
 ): Effect.Effect<Readonly<Record<string, string>>, never, CommandExecutor.CommandExecutor> =>
   Effect.gen(function*(_) {
     const projectsRoot = resolveProjectsRootCandidate()
+    const remappedProjectDir = yield* _(resolveDockerVolumeHostPath(cwd, cwd))
     if (projectsRoot === null) {
-      return {}
+      return remappedProjectDir === cwd ? {} : { DOCKER_GIT_PROJECT_DIR_HOST: remappedProjectDir }
     }
 
     const remappedProjectsRoot = yield* _(resolveDockerVolumeHostPath(cwd, projectsRoot))
-    return remappedProjectsRoot === projectsRoot ? {} : { DOCKER_GIT_PROJECTS_ROOT_HOST: remappedProjectsRoot }
+    const env: Record<string, string> = {}
+    if (remappedProjectsRoot !== projectsRoot) {
+      env["DOCKER_GIT_PROJECTS_ROOT_HOST"] = remappedProjectsRoot
+    }
+    if (remappedProjectDir !== cwd) {
+      env["DOCKER_GIT_PROJECT_DIR_HOST"] = remappedProjectDir
+    }
+    return env
   })

packages/lib/src/shell/docker-volume.ts

@@ -13,36 +13,3 @@ export const runDockerVolumeCreate = (
   runCommandWithExitCodes({ cwd, command: "docker", args: ["volume", "create", volumeName] }, [Number(ExitCode(0))], (
     exitCode
   ) => new DockerCommandError({ exitCode }))
-
-const seedDockerVolumeScript = String.raw`set -eu
-mkdir -p /dest
-if [[ -d /src ]]; then
-  cp -an /src/. /dest/ 2>/dev/null || true
-  find /dest -type f -name auth.json -exec chmod 600 {} + >/dev/null 2>&1 || true
-fi`
-
-export const runDockerVolumeSeedFromDir = (
-  cwd: string,
-  volumeName: string,
-  sourceDir: string
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  runCommandWithExitCodes(
-    {
-      cwd,
-      command: "docker",
-      args: [
-        "run",
-        "--rm",
-        "-v",
-        `${volumeName}:/dest`,
-        "-v",
-        `${sourceDir}:/src:ro`,
-        "ubuntu:24.04",
-        "bash",
-        "-lc",
-        seedDockerVolumeScript
-      ]
-    },
-    [Number(ExitCode(0))],
-    (exitCode) => new DockerCommandError({ exitCode })
-  )