|
| 1 | +import type { TemplateConfig } from "../domain.js" |
| 2 | + |
| 3 | +export const renderEntrypointCodexHome = (config: TemplateConfig): string => |
| 4 | + `# Ensure Codex home exists if mounted |
| 5 | +mkdir -p ${config.codexHome} |
| 6 | +chown -R 1000:1000 ${config.codexHome} |
| 7 | +
|
| 8 | +# Ensure home ownership matches the dev UID/GID (volumes may be stale) |
| 9 | +HOME_OWNER="$(stat -c "%u:%g" /home/${config.sshUser} 2>/dev/null || echo "")" |
| 10 | +if [[ "$HOME_OWNER" != "1000:1000" ]]; then |
| 11 | + chown -R 1000:1000 /home/${config.sshUser} || true |
| 12 | +fi` |
| 13 | + |
| 14 | +export const renderEntrypointCodexSharedAuth = (config: TemplateConfig): string => |
| 15 | + `# Share Codex auth.json across projects (avoids refresh_token_reused) |
| 16 | +CODEX_SHARE_AUTH="\${CODEX_SHARE_AUTH:-1}" |
| 17 | +if [[ "$CODEX_SHARE_AUTH" == "1" ]]; then |
| 18 | + CODEX_SHARED_HOME="${config.codexHome}-shared" |
| 19 | + mkdir -p "$CODEX_SHARED_HOME" |
| 20 | + chown -R 1000:1000 "$CODEX_SHARED_HOME" || true |
| 21 | +
|
| 22 | + AUTH_FILE="${config.codexHome}/auth.json" |
| 23 | + SHARED_AUTH_FILE="$CODEX_SHARED_HOME/auth.json" |
| 24 | +
|
| 25 | + # Guard against a bad bind mount creating a directory at auth.json. |
| 26 | + if [[ -d "$AUTH_FILE" ]]; then |
| 27 | + mv "$AUTH_FILE" "$AUTH_FILE.bak-$(date +%s)" || true |
| 28 | + fi |
| 29 | + if [[ -e "$AUTH_FILE" && ! -L "$AUTH_FILE" ]]; then |
| 30 | + rm -f "$AUTH_FILE" || true |
| 31 | + fi |
| 32 | +
|
| 33 | + ln -sf "$SHARED_AUTH_FILE" "$AUTH_FILE" |
| 34 | +fi` |
| 35 | + |
| 36 | +const entrypointMcpPlaywrightTemplate = String.raw`# Optional: configure Playwright MCP for Codex (browser automation) |
| 37 | +CODEX_CONFIG_FILE="__CODEX_HOME__/config.toml" |
| 38 | +
|
| 39 | +# Keep config.toml consistent with the container build. |
| 40 | +# If Playwright MCP is disabled for this container, remove the block so Codex |
| 41 | +# doesn't try (and fail) to spawn docker-git-playwright-mcp. |
| 42 | +if [[ "$MCP_PLAYWRIGHT_ENABLE" != "1" ]]; then |
| 43 | + if [[ -f "$CODEX_CONFIG_FILE" ]] && grep -q "^\[mcp_servers\.playwright" "$CODEX_CONFIG_FILE" 2>/dev/null; then |
| 44 | + awk ' |
| 45 | + BEGIN { skip=0 } |
| 46 | + /^# docker-git: Playwright MCP/ { next } |
| 47 | + /^\[mcp_servers[.]playwright([.]|\])/ { skip=1; next } |
| 48 | + skip==1 && /^\[/ { skip=0 } |
| 49 | + skip==0 { print } |
| 50 | + ' "$CODEX_CONFIG_FILE" > "$CODEX_CONFIG_FILE.tmp" |
| 51 | + mv "$CODEX_CONFIG_FILE.tmp" "$CODEX_CONFIG_FILE" |
| 52 | + fi |
| 53 | +else |
| 54 | + if [[ ! -f "$CODEX_CONFIG_FILE" ]]; then |
| 55 | + mkdir -p "$(dirname "$CODEX_CONFIG_FILE")" || true |
| 56 | + cat <<'EOF' > "$CODEX_CONFIG_FILE" |
| 57 | +# docker-git codex config |
| 58 | +model = "gpt-5.3-codex" |
| 59 | +model_reasoning_effort = "xhigh" |
| 60 | +personality = "pragmatic" |
| 61 | +
|
| 62 | +approval_policy = "never" |
| 63 | +sandbox_mode = "danger-full-access" |
| 64 | +web_search = "live" |
| 65 | +
|
| 66 | +[features] |
| 67 | +web_search_request = true |
| 68 | +shell_snapshot = true |
| 69 | +collab = true |
| 70 | +apps = true |
| 71 | +shell_tool = true |
| 72 | +EOF |
| 73 | + chown 1000:1000 "$CODEX_CONFIG_FILE" || true |
| 74 | + fi |
| 75 | +
|
| 76 | + if [[ -z "$MCP_PLAYWRIGHT_CDP_ENDPOINT" ]]; then |
| 77 | + MCP_PLAYWRIGHT_CDP_ENDPOINT="http://__SERVICE_NAME__-browser:9223" |
| 78 | + fi |
| 79 | +
|
| 80 | + # Replace the docker-git Playwright block to allow upgrades via --force without manual edits. |
| 81 | + if grep -q "^\[mcp_servers\.playwright" "$CODEX_CONFIG_FILE" 2>/dev/null; then |
| 82 | + awk ' |
| 83 | + BEGIN { skip=0 } |
| 84 | + /^# docker-git: Playwright MCP/ { next } |
| 85 | + /^\[mcp_servers[.]playwright([.]|\])/ { skip=1; next } |
| 86 | + skip==1 && /^\[/ { skip=0 } |
| 87 | + skip==0 { print } |
| 88 | + ' "$CODEX_CONFIG_FILE" > "$CODEX_CONFIG_FILE.tmp" |
| 89 | + mv "$CODEX_CONFIG_FILE.tmp" "$CODEX_CONFIG_FILE" |
| 90 | + fi |
| 91 | +
|
| 92 | + cat <<EOF >> "$CODEX_CONFIG_FILE" |
| 93 | +
|
| 94 | +# docker-git: Playwright MCP (connects to Chromium via CDP) |
| 95 | +[mcp_servers.playwright] |
| 96 | +command = "docker-git-playwright-mcp" |
| 97 | +args = [] |
| 98 | +EOF |
| 99 | +fi` |
| 100 | + |
| 101 | +export const renderEntrypointMcpPlaywright = (config: TemplateConfig): string => |
| 102 | + entrypointMcpPlaywrightTemplate |
| 103 | + .replaceAll("__CODEX_HOME__", config.codexHome) |
| 104 | + .replaceAll("__SERVICE_NAME__", config.serviceName) |
| 105 | + |
| 106 | +export const renderEntrypointCodexResumeHint = (): string => |
| 107 | + `# Ensure codex resume hint is shown for interactive shells |
| 108 | +CODEX_HINT_PATH="/etc/profile.d/zz-codex-resume.sh" |
| 109 | +if [[ ! -s "$CODEX_HINT_PATH" ]]; then |
| 110 | + cat <<'EOF' > "$CODEX_HINT_PATH" |
| 111 | +if [ -n "$BASH_VERSION" ]; then |
| 112 | + case "$-" in |
| 113 | + *i*) |
| 114 | + if [ -z "\${CODEX_RESUME_HINT_SHOWN-}" ]; then |
| 115 | + echo "Старые сессии можно запустить с помощью codex resume или codex resume <id>, если знаешь айди." |
| 116 | + export CODEX_RESUME_HINT_SHOWN=1 |
| 117 | + fi |
| 118 | + ;; |
| 119 | + esac |
| 120 | +fi |
| 121 | +if [ -n "$ZSH_VERSION" ]; then |
| 122 | + if [[ "$-" == *i* ]]; then |
| 123 | + if [[ -z "\${CODEX_RESUME_HINT_SHOWN-}" ]]; then |
| 124 | + echo "Старые сессии можно запустить с помощью codex resume или codex resume <id>, если знаешь айди." |
| 125 | + export CODEX_RESUME_HINT_SHOWN=1 |
| 126 | + fi |
| 127 | + fi |
| 128 | +fi |
| 129 | +EOF |
| 130 | + chmod 0644 "$CODEX_HINT_PATH" |
| 131 | +fi |
| 132 | +if ! grep -q "zz-codex-resume.sh" /etc/bash.bashrc 2>/dev/null; then |
| 133 | + printf "%s\\n" "if [ -f /etc/profile.d/zz-codex-resume.sh ]; then . /etc/profile.d/zz-codex-resume.sh; fi" >> /etc/bash.bashrc |
| 134 | +fi |
| 135 | +if [[ -s /etc/zsh/zshrc ]] && ! grep -q "zz-codex-resume.sh" /etc/zsh/zshrc 2>/dev/null; then |
| 136 | + printf "%s\\n" "if [ -f /etc/profile.d/zz-codex-resume.sh ]; then source /etc/profile.d/zz-codex-resume.sh; fi" >> /etc/zsh/zshrc |
| 137 | +fi` |
| 138 | + |
| 139 | +export const renderEntrypointAgentsNotice = (config: TemplateConfig): string => |
| 140 | + String.raw`# Ensure global AGENTS.md exists for container context |
| 141 | +AGENTS_PATH="${config.codexHome}/AGENTS.md" |
| 142 | +LEGACY_AGENTS_PATH="/home/${config.sshUser}/AGENTS.md" |
| 143 | +PROJECT_LINE="Рабочая папка проекта (git clone): ${config.targetDir}" |
| 144 | +INTERNET_LINE="Доступ к интернету: есть. Если чего-то не знаешь — ищи в интернете или по кодовой базе." |
| 145 | +if [[ ! -f "$AGENTS_PATH" ]]; then |
| 146 | + cat <<'AGENTS_EOF' > "$AGENTS_PATH" |
| 147 | +Ты автономный агент, который имеет полностью все права управления контейнером. У тебя есть доступ к командам sudo, gh, codex, git, node, pnpm и всем остальным другим. Проекты с которыми идёт работа лежат по пути ~ |
| 148 | +Рабочая папка проекта (git clone): ${config.targetDir} |
| 149 | +Доступ к интернету: есть. Если чего-то не знаешь — ищи в интернете или по кодовой базе. |
| 150 | +Если ты видишь файлы AGENTS.md внутри проекта, ты обязан их читать и соблюдать инструкции. |
| 151 | +AGENTS_EOF |
| 152 | + chown 1000:1000 "$AGENTS_PATH" || true |
| 153 | +fi |
| 154 | +if [[ -f "$AGENTS_PATH" ]]; then |
| 155 | + if grep -q "^Рабочая папка проекта (git clone):" "$AGENTS_PATH"; then |
| 156 | + sed -i "s|^Рабочая папка проекта (git clone):.*$|$PROJECT_LINE|" "$AGENTS_PATH" |
| 157 | + else |
| 158 | + printf "%s\n" "$PROJECT_LINE" >> "$AGENTS_PATH" |
| 159 | + fi |
| 160 | + if grep -q "^Доступ к интернету:" "$AGENTS_PATH"; then |
| 161 | + sed -i "s|^Доступ к интернету:.*$|$INTERNET_LINE|" "$AGENTS_PATH" |
| 162 | + else |
| 163 | + printf "%s\n" "$INTERNET_LINE" >> "$AGENTS_PATH" |
| 164 | + fi |
| 165 | +fi |
| 166 | +if [[ -f "$LEGACY_AGENTS_PATH" && -f "$AGENTS_PATH" ]]; then |
| 167 | + LEGACY_SUM="$(cksum "$LEGACY_AGENTS_PATH" 2>/dev/null | awk '{print $1 \":\" $2}')" |
| 168 | + CODEX_SUM="$(cksum "$AGENTS_PATH" 2>/dev/null | awk '{print $1 \":\" $2}')" |
| 169 | + if [[ -n "$LEGACY_SUM" && "$LEGACY_SUM" == "$CODEX_SUM" ]]; then |
| 170 | + rm -f "$LEGACY_AGENTS_PATH" |
| 171 | + fi |
| 172 | +fi` |
0 commit comments