@proletariat/cli 0.3.45 → 0.3.46

package/dist/commands/work/start.js

@@ -11,9 +11,9 @@ import { getWorkColumnSetting, findColumnByName } from '../../lib/pmo/utils.js';
 import { styles } from '../../lib/styles.js';
 import { getWorkspaceInfo, createEphemeralAgent, getTicketTmuxSession, killTmuxSession, findWorktreeForBranch, resolveAgentDir, } from '../../lib/agents/commands.js';
 import { generateBranchName, DEFAULT_EXECUTION_CONFIG, } from '../../lib/execution/types.js';
-import { runExecution, isDockerRunning, isGitHubTokenAvailable, isDevcontainerCliInstalled, dockerCredentialsExist, getDockerCredentialInfo } from '../../lib/execution/runners.js';
+import { runExecution, isDockerRunning, isGitHubTokenAvailable, isDevcontainerCliInstalled, dockerCredentialsExist, getDockerCredentialInfo, isClaudeExecutor, getExecutorDisplayName } from '../../lib/execution/runners.js';
 import { ExecutionStorage, ContainerStorage } from '../../lib/execution/storage.js';
-import { loadExecutionConfig, getTerminalApp, promptTerminalPreference, getShell, promptShellPreference, hasTerminalPreference, hasShellPreference, getOrPromptCoderName, getAuthMethod, saveAuthMethod } from '../../lib/execution/config.js';
+import { loadExecutionConfig, getTerminalApp, promptTerminalPreference, getShell, promptShellPreference, hasTerminalPreference, hasShellPreference, getOrPromptCoderName, getAuthMethod, saveAuthMethod, getCreatePrDefault } from '../../lib/execution/config.js';
 import { hasDevcontainerConfig } from '../../lib/execution/devcontainer.js';
 import { detectRepoWorktrees, resolveWorktreePath } from '../../lib/execution/context.js';
 import { isGHInstalled, isGHAuthenticated } from '../../lib/pr/index.js';
@@ -130,7 +130,7 @@ export default class WorkStart extends PMOCommand {
             default: false,
         }),
         'permission-mode': Flags.string({
-            description: 'Permission mode for Claude Code (danger=skip checks, safe=require approval)',
+            description: 'Permission mode for selected executor (danger=skip checks, safe=require approval)',
             options: ['danger', 'safe'],
         }),
         'skip-permissions': Flags.boolean({
@@ -277,7 +277,14 @@ export default class WorkStart extends PMOCommand {
                 if (allFlagsProvided && !flags.yes) {
                     // All flags provided but no --yes: return confirmation_needed with plan
                     const metadata = createMetadata('work start', flags);
-                    metadata.resolvedPRMode = flags['create-pr'] ? 'create-pr' : 'no-pr';
+                    // Resolve PR mode using same priority as execution: flags > workspace config > default
+                    const earlyConfigPrDefault = getCreatePrDefault(db);
+                    const earlyResolvedPr = flags['create-pr'] ? 'create-pr'
+                        : flags['no-pr'] ? 'no-pr'
+                            : earlyConfigPrDefault === true ? 'create-pr'
+                                : earlyConfigPrDefault === false ? 'no-pr'
+                                    : 'no-pr';
+                    metadata.resolvedPRMode = earlyResolvedPr;
                     // Build the confirm command with --yes
                     let confirmCmd = `prlt work start ${ticketId}`;
                     if (flags.action)
@@ -1024,7 +1031,8 @@ export default class WorkStart extends PMOCommand {
             // Track whether user explicitly chose to use API key instead of OAuth
             let useApiKey = flags['use-api-key'] || false;
             // Auth method resolution for devcontainer environment
-            if (environment === 'devcontainer' && !useApiKey) {
+            // Only needed for Claude Code executor - other executors handle auth differently
+            if (environment === 'devcontainer' && !useApiKey && isClaudeExecutor(executor)) {
                 // Check for saved auth method preference
                 const savedAuthMethod = getAuthMethod(db);
                 const hasApiKey = !!process.env.ANTHROPIC_API_KEY;
@@ -1212,10 +1220,11 @@ export default class WorkStart extends PMOCommand {
                     jsonMode,
                     flags: { 'permission-mode': flags['permission-mode'] },
                 });
+                const executorName = getExecutorDisplayName(executor);
                 permissionResolver.addPrompt({
                     flagName: 'permission-mode',
                     type: 'list',
-                    message: `Permission mode for Claude Code${containerNote}:`,
+                    message: `Permission mode for ${executorName}${containerNote}:`,
                     default: 'danger',
                     choices: () => [
                         { name: '⚠️  danger - Skip permission checks (faster, container provides isolation)', value: 'danger' },
@@ -1227,24 +1236,34 @@ export default class WorkStart extends PMOCommand {
                 sandboxed = resolvedPermission['permission-mode'] === 'safe';
             }
             // Prompt for PR creation when work is complete
-            // Only show if gh CLI is available and authenticated
+            // Resolution order: explicit flags > workspace config default > interactive prompt
             let createPR = false;
+            let prModeSource = 'default'; // Track where PR mode was resolved from for display
             const ghAvailable = isGHInstalled() && isGHAuthenticated();
-            // Use flags if provided, otherwise prompt
+            const configPrDefault = getCreatePrDefault(db);
             if (flags['create-pr']) {
                 createPR = true;
+                prModeSource = 'flag --create-pr';
             }
             else if (flags['no-pr']) {
                 createPR = false;
+                prModeSource = 'flag --no-pr';
+            }
+            else if (context.modifiesCode === false) {
+                // Non-code-modifying actions (groom, review, resolve) default to no PR
+                createPR = false;
+                prModeSource = 'action (non-code-modifying)';
+            }
+            else if (configPrDefault !== null) {
+                // Workspace config default is set - use it deterministically
+                createPR = configPrDefault;
+                prModeSource = 'workspace config (execution.create_pr_default)';
             }
             else if (ghAvailable) {
-                if (context.modifiesCode === false) {
-                    // Non-code-modifying actions (groom, review, resolve) default to no PR
-                    createPR = false;
-                }
-                else if (jsonMode && flags.yes) {
+                if (jsonMode && flags.yes) {
                     // In JSON mode with --yes, default to creating PR for code-modifying actions
                     createPR = true;
+                    prModeSource = 'default (--json --yes)';
                 }
                 else {
                     // Use FlagResolver for PR choice
@@ -1266,9 +1285,14 @@ export default class WorkStart extends PMOCommand {
                     });
                     const prResult = await prResolver.resolve();
                     createPR = prResult.prChoice === 'yes';
+                    prModeSource = 'interactive prompt';
                 }
             }
-            // Show execution info (skip in JSON mode)
+            else {
+                prModeSource = 'default (gh CLI not available)';
+            }
+            // R1: Show clear PR mode in preflight summary
+            // R2: Show strong warning when --no-pr is active
             if (!jsonMode) {
                 this.log('');
                 this.log(styles.header(`🚀 Starting work: ${ticket.id}: ${ticket.title}`));
@@ -1286,12 +1310,30 @@ export default class WorkStart extends PMOCommand {
                 else {
                     this.log(styles.warning(`   Permissions: ⚠️  danger (--dangerously-skip-permissions)`));
                 }
-                this.log(styles.muted(`   Output: ${outputMode === 'interactive' ? 'streaming (watch Claude work)' : 'print (final result only)'}`));
-                this.log(styles.muted(`   PR mode: ${createPR ? 'create-pr' : 'no-pr'}${ghAvailable ? '' : ' (gh CLI not available)'}`));
+                this.log(styles.muted(`   Output: ${outputMode === 'interactive' ? `streaming (watch ${getExecutorDisplayName(executor)} work)` : 'print (final result only)'}`));
+                // PR mode with clear source indication
+                if (createPR) {
+                    this.log(styles.success(`   PR mode: create-pr (${prModeSource})`));
+                }
+                else {
+                    this.log(styles.warning(`   PR mode: no-pr (${prModeSource})`));
+                }
+                // Strong warning when no-pr is active
+                if (!createPR && context.modifiesCode !== false) {
+                    this.log('');
+                    this.log(styles.warning(`   ⚠️  WARNING: PR creation is DISABLED. Branch will be pushed but NO pull request will be created.`));
+                    this.log(styles.warning(`   To create a PR later: prlt pr create ${ticketId}`));
+                }
                 this.log(styles.muted(`   Worktree: ${worktreePath}`));
                 this.log(styles.muted(`   Branch: ${branch}`));
                 this.log('');
             }
+            // R2: Include PR mode warning in JSON metadata
+            if (jsonMode && !createPR && context.modifiesCode !== false) {
+                // This will be included in the metadata of the JSON output at the end
+                // We log a warning here for non-JSON consumers that may be watching stderr
+                this.warn(`PR creation is DISABLED (${prModeSource}). Branch will be pushed without a PR. To create later: prlt pr create ${ticketId}`);
+            }
             // Add createPR to context
             context.createPR = createPR;
             // Handle git operations
@@ -1589,9 +1631,13 @@ export default class WorkStart extends PMOCommand {
                 });
                 // Output results
                 if (jsonMode) {
-                    // Output JSON execution result with resolved PR mode
+                    // Output JSON execution result with resolved PR mode and source
                     const metadata = createMetadata('work start', flags);
                     metadata.resolvedPRMode = createPR ? 'create-pr' : 'no-pr';
+                    metadata.prModeSource = prModeSource;
+                    if (!createPR && context.modifiesCode !== false) {
+                        metadata.prWarning = `PR creation is DISABLED (${prModeSource}). Branch will be pushed without a PR. To create later: prlt pr create ${ticketId}`;
+                    }
                     outputExecutionResultAsJson([{
                             workId: execution.id,
                             ticketId: ticket.id,
@@ -1609,6 +1655,12 @@ export default class WorkStart extends PMOCommand {
                     this.log(styles.muted(`  prlt work status              View work status`));
                     this.log(styles.muted(`  prlt work ready ${ticketId}     Mark ready for review`));
                     this.log(styles.muted(`  prlt work stop ${execution.id}    Stop work`));
+                    // R5: Post-run reminder when branch is pushed without PR
+                    if (!createPR && context.modifiesCode !== false) {
+                        this.log('');
+                        this.log(styles.warning(`Note: No PR will be auto-created. To create one later:`));
+                        this.log(styles.warning(`  prlt pr create ${ticketId}`));
+                    }
                 }
             }
             else {
@@ -1617,6 +1669,7 @@ export default class WorkStart extends PMOCommand {
                     // Output JSON failure result with resolved PR mode
                     const failMetadata = createMetadata('work start', flags);
                     failMetadata.resolvedPRMode = createPR ? 'create-pr' : 'no-pr';
+                    failMetadata.prModeSource = prModeSource;
                     outputExecutionResultAsJson([{
                             workId: execution.id,
                             ticketId: ticket.id,
@@ -1694,13 +1747,15 @@ export default class WorkStart extends PMOCommand {
             return;
         }
         // Prompt for permissions mode once for all tickets (TKT-513)
+        const batchExecutor = flags.executor || DEFAULT_EXECUTION_CONFIG.defaultExecutor;
+        const batchExecutorName = getExecutorDisplayName(batchExecutor);
         let batchPermissionMode = flags['permission-mode'];
         if (!batchPermissionMode) {
             const { permissionMode } = await this.prompt([
                 {
                     type: 'list',
                     name: 'permissionMode',
-                    message: 'Permission mode for Claude Code:',
+                    message: `Permission mode for ${batchExecutorName}:`,
                     choices: [
                         { name: '⚠️  danger - Skip permission checks (faster, container provides isolation)', value: 'danger', command: 'prlt work start --all --permission-mode danger --json' },
                         { name: '🔒 safe   - Requires approval for dangerous operations', value: 'safe', command: 'prlt work start --all --permission-mode safe --json' },
@@ -1717,7 +1772,8 @@ export default class WorkStart extends PMOCommand {
         });
         // Track whether user explicitly chose to use API key instead of OAuth
         let batchUseApiKey = false;
-        if (anyUseDevcontainer) {
+        // Credential check only applies to Claude Code executor
+        if (anyUseDevcontainer && isClaudeExecutor(batchExecutor)) {
             const hasCredentials = dockerCredentialsExist();
             if (!hasCredentials) {
                 const hasApiKey = !!process.env.ANTHROPIC_API_KEY;

package/dist/lib/execution/config.d.ts

@@ -23,12 +23,14 @@ declare const CONFIG_KEYS: {
     dockerNetwork: string;
     dockerMemory: string;
     dockerCpus: string;
+    firewallAllowlistDomains: string;
     vmDefaultHost: string;
     vmUser: string;
     vmKeyPath: string;
     vmSyncMethod: string;
     coderName: string;
     authMethod: string;
+    createPrDefault: string;
 };
 /**
  * Load execution config from database, merging with defaults
@@ -56,6 +58,10 @@ export declare function saveTmuxControlMode(db: Database.Database, enabled: bool
  * When enabled, new terminal tabs open without stealing focus from current window.
  */
 export declare function saveTerminalOpenInBackground(db: Database.Database, enabled: boolean): void;
+/**
+ * Save extra firewall allowlist domains.
+ */
+export declare function saveFirewallAllowlistDomains(db: Database.Database, domains: string[]): void;
 /**
  * Save auth method preference (oauth or apikey)
  */
@@ -69,6 +75,15 @@ export declare function getAuthMethod(db: Database.Database): AuthMethod | null;
  * Clear saved auth method preference (will prompt again next time)
  */
 export declare function clearAuthMethod(db: Database.Database): void;
+/**
+ * Get saved PR creation default preference.
+ * Returns null if no preference has been saved (user should be prompted).
+ */
+export declare function getCreatePrDefault(db: Database.Database): boolean | null;
+/**
+ * Save PR creation default preference.
+ */
+export declare function saveCreatePrDefault(db: Database.Database, createPr: boolean): void;
 /**
  * Check if terminal app preference has been set
  */

package/dist/lib/execution/config.js

@@ -27,12 +27,14 @@ const CONFIG_KEYS = {
     dockerNetwork: 'execution.docker.network',
     dockerMemory: 'execution.docker.memory',
     dockerCpus: 'execution.docker.cpus',
+    firewallAllowlistDomains: 'execution.firewall.allowlist_domains',
     vmDefaultHost: 'execution.vm.default_host',
     vmUser: 'execution.vm.user',
     vmKeyPath: 'execution.vm.key_path',
     vmSyncMethod: 'execution.vm.sync_method',
     coderName: 'coder.name',
     authMethod: 'execution.auth_method',
+    createPrDefault: 'execution.create_pr_default',
 };
 /**
  * Get a setting value from the database
@@ -103,6 +105,11 @@ export function loadExecutionConfig(db) {
     if (authMethod) {
         config.authMethod = authMethod;
     }
+    // Load create PR default preference
+    const createPrDefault = getSetting(db, CONFIG_KEYS.createPrDefault);
+    if (createPrDefault !== null) {
+        config.createPrDefault = createPrDefault === 'true';
+    }
     // Load tmux settings
     const tmuxSession = getSetting(db, CONFIG_KEYS.tmuxSession);
     if (tmuxSession) {
@@ -133,6 +140,28 @@ export function loadExecutionConfig(db) {
     if (dockerCpus) {
         config.docker = { ...config.docker, cpus: parseInt(dockerCpus, 10) };
     }
+    // Load firewall allowlist domains
+    const firewallAllowlistDomains = getSetting(db, CONFIG_KEYS.firewallAllowlistDomains);
+    if (firewallAllowlistDomains) {
+        let parsed = [];
+        try {
+            const jsonValue = JSON.parse(firewallAllowlistDomains);
+            if (Array.isArray(jsonValue)) {
+                parsed = jsonValue
+                    .filter((domain) => typeof domain === 'string')
+                    .map(domain => domain.trim())
+                    .filter(Boolean);
+            }
+        }
+        catch {
+            // Backward-compatible fallback: comma-separated string
+            parsed = firewallAllowlistDomains
+                .split(',')
+                .map(domain => domain.trim())
+                .filter(Boolean);
+        }
+        config.firewall = { ...config.firewall, allowlistDomains: parsed };
+    }
     // Load VM settings
     const vmDefaultHost = getSetting(db, CONFIG_KEYS.vmDefaultHost);
     if (vmDefaultHost) {
@@ -184,6 +213,13 @@ export function saveTmuxControlMode(db, enabled) {
 export function saveTerminalOpenInBackground(db, enabled) {
     setSetting(db, CONFIG_KEYS.terminalOpenInBackground, enabled.toString());
 }
+/**
+ * Save extra firewall allowlist domains.
+ */
+export function saveFirewallAllowlistDomains(db, domains) {
+    const cleaned = [...new Set(domains.map(domain => domain.trim()).filter(Boolean))];
+    setSetting(db, CONFIG_KEYS.firewallAllowlistDomains, JSON.stringify(cleaned));
+}
 /**
  * Save auth method preference (oauth or apikey)
  */
@@ -206,6 +242,24 @@ export function getAuthMethod(db) {
 export function clearAuthMethod(db) {
     db.prepare(`DELETE FROM ${SETTINGS_TABLE} WHERE key = ?`).run(CONFIG_KEYS.authMethod);
 }
+/**
+ * Get saved PR creation default preference.
+ * Returns null if no preference has been saved (user should be prompted).
+ */
+export function getCreatePrDefault(db) {
+    const value = getSetting(db, CONFIG_KEYS.createPrDefault);
+    if (value === 'true')
+        return true;
+    if (value === 'false')
+        return false;
+    return null;
+}
+/**
+ * Save PR creation default preference.
+ */
+export function saveCreatePrDefault(db, createPr) {
+    setSetting(db, CONFIG_KEYS.createPrDefault, createPr.toString());
+}
 /**
  * Check if terminal app preference has been set
  */

package/dist/lib/execution/devcontainer.d.ts

@@ -4,7 +4,7 @@
  * Generates .devcontainer/ configuration for agent sandboxed execution.
  * Uses a custom Dockerfile with network firewall for security sandboxing.
  */
-import { ExecutionConfig } from './types.js';
+import { ExecutionConfig, ExecutorType } from './types.js';
 export type MountMode = 'worktree' | 'clone';
 export interface DevcontainerOptions {
     agentName: string;
@@ -21,6 +21,8 @@ export interface DevcontainerOptions {
     gitUserName?: string;
     /** Git user.email for commit attribution (detected from gh/git config on host) */
     gitUserEmail?: string;
+    /** Executor type - determines which CLI tools to install and which API domains to whitelist */
+    executor?: ExecutorType;
 }
 export interface DevcontainerJson {
     name: string;
@@ -58,9 +60,10 @@ export declare function generateDevcontainerJson(options: DevcontainerOptions, c
 export declare function generateDockerfile(options: DevcontainerOptions): string;
 /**
  * Generate firewall initialization script.
- * Whitelists only necessary domains for Claude Code operation.
+ * Whitelists only necessary domains for the configured executor.
+ * Claude Code requires api.anthropic.com; Codex requires api.openai.com.
  */
-export declare function generateFirewallScript(): string;
+export declare function generateFirewallScript(executor?: ExecutorType, extraAllowedDomains?: string[]): string;
 /**
  * Generate prlt setup script.
  * Rebuilds better-sqlite3 if prlt is mounted from host (not installed via npm).

package/dist/lib/execution/devcontainer.js

@@ -35,13 +35,16 @@ export function generateDevcontainerJson(options, config) {
     if (channel.registry === 'gh') {
         buildArgs.GITHUB_TOKEN = '${localEnv:GITHUB_TOKEN}';
     }
+    // Determine if this is a Claude Code executor (for Claude-specific mounts/config)
+    const isClaude = !options.executor || options.executor === 'claude-code';
     // Build mounts array - parent repo mounts only needed for worktree mode
     // TKT-801: Use consistency=cached to reduce grpcfuse contention on Docker Desktop.
     // This helps prevent kernel panics when multiple containers mount the same paths concurrently.
     const mounts = [
         'source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=cached',
         'source=claude-bash-history,target=/commandhistory,type=volume',
-        'source=claude-credentials,target=/home/node/.claude,type=volume',
+        // Claude credentials volume - only needed for Claude Code executor
+        ...(isClaude ? ['source=claude-credentials,target=/home/node/.claude,type=volume'] : []),
         // NOTE: ~/.claude.json is COPIED (not mounted) to /workspace/.claude.json
         // to avoid corruption from concurrent writes by multiple containers
         // NOTE: SSH agent socket mounting doesn't work reliably on Docker Desktop for Mac
@@ -170,9 +173,9 @@ RUN mkdir -p /home/node/.npm-global/bin /home/node/.npm-global/lib \\
 ENV NPM_CONFIG_PREFIX=/home/node/.npm-global
 ENV PATH=/home/node/.npm-global/bin:\$PATH
 
-# Install pnpm and Claude Code as node user so files are owned correctly
+# Install pnpm and executor CLI as node user so files are owned correctly
 USER node
-RUN npm install -g pnpm && npm install -g @anthropic-ai/claude-code
+RUN npm install -g pnpm && npm install -g @anthropic-ai/claude-code${options.executor === 'codex' ? ' && npm install -g @openai/codex' : ''}
 USER root
 
 # Install prlt CLI from public npm
@@ -207,9 +210,15 @@ WORKDIR /workspace
 }
 /**
  * Generate firewall initialization script.
- * Whitelists only necessary domains for Claude Code operation.
+ * Whitelists only necessary domains for the configured executor.
+ * Claude Code requires api.anthropic.com; Codex requires api.openai.com.
  */
-export function generateFirewallScript() {
+export function generateFirewallScript(executor, extraAllowedDomains = []) {
+    const extraDomainCommands = [...new Set(extraAllowedDomains
+            .map(domain => domain.trim().toLowerCase())
+            .filter(domain => /^[a-z0-9.-]+$/.test(domain)))]
+        .map(domain => `add_domain "${domain}"`)
+        .join('\n');
     return `#!/bin/bash
 set -e
 
@@ -291,9 +300,12 @@ add_domain "objects.githubusercontent.com"
 add_domain "raw.githubusercontent.com"
 add_domain "npm.pkg.github.com"
 
-# Add other allowed domains
+# Add executor-specific API domains
 add_domain "api.anthropic.com"
 add_domain "console.anthropic.com"
+${executor === 'codex' ? `# Codex API domains
+add_domain "api.openai.com"
+add_domain "openai.com"` : ''}
 add_domain "statsigapi.net"
 add_domain "sentry.io"
 add_domain "registry.npmjs.org"
@@ -301,6 +313,19 @@ add_domain "npmjs.com"
 add_domain "nodejs.org"
 add_domain "update.code.visualstudio.com"
 add_domain "vscode.download.prss.microsoft.com"
+${extraDomainCommands ? `# Additional user-configured allowlist domains
+${extraDomainCommands}` : ''}
+
+# Runtime allowlist domains (comma-separated), e.g. PRLT_EXTRA_ALLOWLIST_DOMAINS=api.staging.example.com
+if [ -n "\${PRLT_EXTRA_ALLOWLIST_DOMAINS:-}" ]; then
+    IFS=',' read -ra EXTRA_DOMAINS <<< "$PRLT_EXTRA_ALLOWLIST_DOMAINS"
+    for domain in "\${EXTRA_DOMAINS[@]}"; do
+        domain="\${domain//[[:space:]]/}"
+        if [ -n "$domain" ]; then
+            add_domain "$domain"
+        fi
+    done
+fi
 
 # Allow traffic to whitelisted IPs
 iptables -A OUTPUT -m set --match-set allowed-domains dst -j ACCEPT
@@ -522,6 +547,8 @@ configure_git_identity
 
 # Check if prlt is already installed globally (via npm)
 # TKT-954: Also check for updates - Docker layer caching may have installed an older version
+# TKT-1029: Don't exit early - continue to workspace dependency installation
+PRLT_CONFIGURED=false
 if command -v prlt &> /dev/null; then
     PRLT_PATH=$(which prlt)
     if [[ "$PRLT_PATH" == "/home/node/.npm-global/bin/prlt" ]]; then
@@ -544,12 +571,12 @@ if command -v prlt &> /dev/null; then
         else
             echo "prlt v\${CURRENT_VERSION} is up to date"
         fi
-        exit 0
+        PRLT_CONFIGURED=true
     fi
 fi
 
-# Check if mounted prlt exists at /opt/prlt
-if [ -d "/opt/prlt/apps/cli" ]; then
+# Check if mounted prlt exists at /opt/prlt (skip if already configured via npm)
+if [ "$PRLT_CONFIGURED" = "false" ] && [ -d "/opt/prlt/apps/cli" ]; then
     echo "Setting up mounted prlt..."
 
     PRLT_LOCAL="/home/node/.prlt-local"
@@ -597,7 +624,7 @@ WRAPPER_EOF
     # Create prltdev symlink for consistency with dev environment
     ln -sf "$WRAPPER" /home/node/.npm-global/bin/prltdev
     echo "prlt wrapper ready at $WRAPPER (also available as prltdev)"
-else
+elif [ "$PRLT_CONFIGURED" = "false" ]; then
     echo "No mounted prlt found, skipping setup"
 fi
 
@@ -647,8 +674,8 @@ export function createDevcontainerConfig(options, config) {
     const dockerfile = generateDockerfile(options);
     const dockerfilePath = path.join(devcontainerDir, 'Dockerfile');
     fs.writeFileSync(dockerfilePath, dockerfile);
-    // Generate and write firewall script
-    const firewallScript = generateFirewallScript();
+    // Generate and write firewall script (executor-aware for API domain whitelisting)
+    const firewallScript = generateFirewallScript(options.executor, config?.firewall.allowlistDomains ?? []);
     const firewallScriptPath = path.join(devcontainerDir, 'init-firewall.sh');
     fs.writeFileSync(firewallScriptPath, firewallScript, { mode: 0o755 });
     // Generate and write prlt setup script

package/dist/lib/execution/runners.d.ts

@@ -3,7 +3,7 @@
  *
  * Implementations for each execution environment (devcontainer, host, docker, vm).
  */
-import { ExecutionEnvironment, DisplayMode, SessionManager, ExecutorType, ExecutionContext, ExecutionConfig } from './types.js';
+import { ExecutionEnvironment, DisplayMode, OutputMode, SessionManager, ExecutorType, ExecutionContext, ExecutionConfig } from './types.js';
 /**
  * Build a unified name for tmux sessions, window names, and tab titles.
  * Format: "{ticketId}-{action}-{agentName}"
@@ -41,17 +41,6 @@ export declare function buildTmuxAttachCommand(useControlMode: boolean, includeU
  */
 export declare function configureITermTmuxPreferences(mode: 'tab' | 'window'): void;
 export declare function configureITermTmuxWindowMode(mode: 'tab' | 'window'): void;
-/**
- * Build the tmux script that runs inside the container.
- * In background mode: kills PID 1 (sleep infinity) after Claude exits to stop/remove container.
- * In terminal/foreground mode: drops into exec bash for user inspection.
- */
-export declare function buildTmuxScript(sessionName: string, claudeCmd: string, displayMode: DisplayMode): string;
-/**
- * Get the auto-remove flags for docker run based on display mode.
- * Background mode containers get --rm so Docker removes them when they stop.
- */
-export declare function getDockerAutoRemoveFlags(displayMode: DisplayMode): string[];
 /**
  * Check if the claude-credentials Docker volume exists.
  */
@@ -74,40 +63,41 @@ export declare function getDockerCredentialInfo(): {
     expiresAt: Date;
     subscriptionType?: string;
 } | null;
+export declare function getExecutorCommand(executor: ExecutorType, prompt: string, skipPermissions?: boolean): {
+    cmd: string;
+    args: string[];
+};
+/**
+ * Check if an executor is Claude Code.
+ * Used to gate Claude-specific flags and configuration.
+ */
+export declare function isClaudeExecutor(executor: ExecutorType): boolean;
 /**
- * Preflight result indicating whether the executor is ready to run.
+ * Get the display name for an executor type.
  */
+export declare function getExecutorDisplayName(executor: ExecutorType): string;
+/**
+ * Get the npm package name for an executor (for container installation).
+ */
+export declare function getExecutorPackage(executor: ExecutorType): string | null;
 export interface PreflightResult {
     ok: boolean;
     error?: string;
 }
 /**
- * Check if an executor binary is available on the host.
- * Returns a PreflightResult with ok=true if the binary is found,
- * or ok=false with a descriptive error and remediation hint.
+ * Check executor binary availability on host.
  */
 export declare function checkExecutorOnHost(executor: ExecutorType): PreflightResult;
 /**
- * Check if an executor binary is available inside a Docker container.
- * Returns a PreflightResult with ok=true if the binary is found,
- * or ok=false with a descriptive error and remediation hint.
+ * Check executor binary availability inside a container.
  */
 export declare function checkExecutorInContainer(executor: ExecutorType, containerId: string): PreflightResult;
 /**
- * Run preflight checks for a given execution environment and executor.
- * Validates that the executor binary is available before spawning.
- *
- * Checks performed per environment:
- * - host: Verify binary on PATH
- * - devcontainer: Verify binary inside container (if container running)
- * - docker: Verify binary on host (used in docker run command)
- * - vm: Verify binary on host (will be checked on remote separately)
+ * Run executor preflight checks for the target environment.
  */
-export declare function runExecutorPreflight(executor: ExecutorType, environment: ExecutionEnvironment, containerId?: string): PreflightResult;
-export declare function getExecutorCommand(executor: ExecutorType, prompt: string, skipPermissions?: boolean): {
-    cmd: string;
-    args: string[];
-};
+export declare function runExecutorPreflight(environment: ExecutionEnvironment, executor: ExecutorType, options?: {
+    containerId?: string;
+}): PreflightResult;
 export interface RunnerResult {
     success: boolean;
     pid?: string;
@@ -167,6 +157,12 @@ export declare function isContainerRunning(containerName: string): boolean;
  * Get the container ID for a running container.
  */
 export declare function getContainerId(containerName: string): string | null;
+/**
+ * Build the command to run Claude inside the container.
+ * Uses docker exec for direct container access.
+ * Uses a prompt file to avoid shell escaping issues.
+ */
+export declare function buildDevcontainerCommand(context: ExecutionContext, executor: ExecutorType, promptFile: string, containerId?: string, outputMode?: OutputMode, sandboxed?: boolean, displayMode?: DisplayMode): string;
 /**
  * Run command inside a Docker container.
  * Uses raw Docker commands for filesystem isolation - no devcontainer CLI required.