@runuai/host 0.1.0

package/scripts/agent/task-down.sh

@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+# task-down <taskId> — tear the task stack down. Idempotent (ADR-022).
+#
+# 1. docker compose down -v --rmi local --remove-orphans.
+# 2. For each selected project, git worktree remove --force its worktree
+#    (falls back to rm -rf when git refuses).
+# 3. rm -rf the whole task dir — workspace + ephemeral .uai/ render. The
+#    per-project bare mirrors under projects/<id>/repo.git persist.
+# 4. Persist final state: status=killed (unless already error/shipped).
+
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=_common.sh
+. "$SCRIPT_DIR/_common.sh"
+
+[ "$#" -eq 1 ] || emit_err "BAD_ARGS" "usage: task-down <taskId>" "args"
+
+task_id="$1"
+UAI_TASK_ID="$task_id"
+setup_err_trap
+
+step "TASK_NOT_FOUND" "read task row"
+task_json=$(db_get_task "$task_id")
+# Idempotent: it's fine if the task row is gone — emit success and return.
+if [ "$(jq 'length' <<<"$task_json")" -lt 1 ]; then
+  emit_ok '{"alreadyGone":true}'
+  exit 0
+fi
+
+worktree_path=$(jq -r '.[0].worktree_path // ""' <<<"$task_json")
+compose_project=$(jq -r '.[0].compose_project // ""' <<<"$task_json")
+
+projects_json=$(db_get_projects_for_task "$task_id")
+projects_root="$UAI_WORKSPACE_ROOT/projects"
+
+# task_dir falls back to the derived path when the row's worktree_path is
+# missing (e.g. crashed before persisting).
+task_dir="$worktree_path"
+if [ -z "$task_dir" ]; then
+  task_dir="$UAI_WORKSPACE_ROOT/tasks/$task_id"
+fi
+
+# -----------------------------------------------------------------------------
+# 1. Compose stack.
+# -----------------------------------------------------------------------------
+
+if [ -n "$compose_project" ]; then
+  step "COMPOSE_DOWN_FAILED" "docker compose down -v --rmi local"
+  if [ -n "$task_dir" ] && [ -f "$task_dir/.uai/docker-compose.yml" ]; then
+    docker compose -p "$compose_project" -f "$task_dir/.uai/docker-compose.yml" \
+      down -v --rmi local --remove-orphans >/dev/null 2>&1 || true
+  else
+    # Fallback: tear down by project name only.
+    docker compose -p "$compose_project" down -v --rmi local --remove-orphans >/dev/null 2>&1 || true
+  fi
+fi
+
+# -----------------------------------------------------------------------------
+# 2. Worktrees — one per selected project.
+# -----------------------------------------------------------------------------
+
+if [ -n "$task_dir" ] && [ -d "$task_dir/workspace" ]; then
+  while IFS= read -r project_obj; do
+    [ -n "$project_obj" ] || continue
+    project_id=$(jq -r '.id' <<<"$project_obj")
+    project_slug=$(jq -r '.slug' <<<"$project_obj")
+    mirror_dir="$projects_root/$project_id/repo.git"
+    worktree_target="$task_dir/workspace/$project_slug"
+    [ -d "$worktree_target" ] || continue
+    if [ -d "$mirror_dir" ]; then
+      # `--force` because the worktree may carry uncommitted changes the
+      # user asked us to discard.
+      git -C "$mirror_dir" worktree remove --force "$worktree_target" 2>/dev/null \
+        || rm -rf "$worktree_target"
+    else
+      rm -rf "$worktree_target"
+    fi
+  done < <(jq -c '.[]' <<<"$projects_json")
+fi
+
+# -----------------------------------------------------------------------------
+# 3. Remove the entire task directory (workspace + .uai/).
+# -----------------------------------------------------------------------------
+
+if [ -n "$task_dir" ] && [ -d "$task_dir" ]; then
+  step "WORKTREE_REMOVE_FAILED" "rm -rf task dir"
+  rm -rf "$task_dir"
+fi
+
+# -----------------------------------------------------------------------------
+# 4. Persist final state.
+# -----------------------------------------------------------------------------
+
+current_status=$(jq -r '.[0].status' <<<"$task_json")
+if [ "$current_status" != "shipped" ] && [ "$current_status" != "error" ]; then
+  new_status="killed"
+else
+  new_status="$current_status"
+fi
+
+step "DB_UPDATE_FAILED" "persist final state"
+db_update_task "$task_id" \
+  "status='$new_status'" \
+  "code_server_port=NULL" \
+  "preview_ports='[]'" \
+  "compose_project=NULL" \
+  "worktree_path=NULL" \
+  "locked_at=NULL" \
+  "ended_at=(unixepoch()*1000)"
+
+emit_event "$task_id" "status_changed" "$(jq -nc --arg f "$current_status" --arg t "$new_status" '{from:$f,to:$t}')"
+
+emit_ok "$(jq -nc --arg s "$new_status" '{status:$s}')"

package/scripts/agent/task-status.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+# task-status <taskId> — introspect the actual runtime state.
+#
+# Returns the truth from docker / git / process listings rather than
+# trusting the Task row. Used by POST /api/tasks/:id/reconcile to detect
+# drift after a manual `docker compose down` or similar.
+
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=_common.sh
+. "$SCRIPT_DIR/_common.sh"
+
+[ "$#" -eq 1 ] || emit_err "BAD_ARGS" "usage: task-status <taskId>" "args"
+
+task_id="$1"
+UAI_TASK_ID="$task_id"
+setup_err_trap
+
+step "TASK_NOT_FOUND" "read task row"
+task_json=$(db_get_task "$task_id")
+[ "$(jq 'length' <<<"$task_json")" -ge 1 ] \
+  || emit_err "TASK_NOT_FOUND" "no such task: $task_id" "read task row"
+
+compose_project=$(jq -r '.[0].compose_project // ""' <<<"$task_json")
+worktree_path=$(jq -r '.[0].worktree_path // ""' <<<"$task_json")
+
+# Containers running under this compose project, JSON array of names.
+step "DOCKER_PS_FAILED" "docker ps"
+containers_json="[]"
+if [ -n "$compose_project" ]; then
+  raw=$(docker ps --filter "label=com.docker.compose.project=$compose_project" --format '{{.Names}}' || true)
+  if [ -n "$raw" ]; then
+    containers_json=$(printf '%s\n' "$raw" | jq -R . | jq -sc .)
+  fi
+fi
+
+# Compose running iff at least one container is up.
+if [ "$containers_json" = "[]" ]; then
+  compose_running="false"
+else
+  compose_running="true"
+fi
+
+# Worktree present iff the directory exists.
+worktree_present="false"
+if [ -n "$worktree_path" ] && [ -d "$worktree_path" ]; then
+  worktree_present="true"
+fi
+
+emit_ok "$(jq -nc \
+  --argjson cr "$compose_running" \
+  --argjson cs "$containers_json" \
+  --argjson wp "$worktree_present" \
+  '{composeRunning:$cr,containers:$cs,worktreePresent:$wp}')"

package/scripts/agent/task-up.sh

@@ -0,0 +1,457 @@
+#!/usr/bin/env bash
+# task-up <taskId> — bring up the task stack end-to-end (ADR-022).
+#
+# The "standard image" model: every host runs one prebuilt image,
+# `uai-standard:dev`. A task selects 0..N projects (0 = empty workspace /
+# scratchpad). Each selected project contributes a git worktree under the
+# task's workspace, plus a union of preview ports and env keys.
+#
+# Steps:
+#   1. Read task (-> branch) + the task's selected projects.
+#   2. Acquire lock; mark status=starting.
+#   3. Per project: ensure a bare mirror, fetch, add a worktree on the task
+#      branch, seed .tool-versions when missing.
+#   4. Generate .uai/docker-compose.yml in bash (and a derived .uai/Dockerfile
+#      when any project declares `extra`).
+#   5. docker compose -p task-<id> up -d (--build only when derived).
+#   6. docker cp AI auth into the container, then docker exec uai-init.
+#   7. Discover code-server + preview ports; mark status=running; unlock.
+#
+# The AIs are NOT started here — the chat orchestrator drives them and
+# delivers the task's initial prompt once the task is running.
+
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=_common.sh
+. "$SCRIPT_DIR/_common.sh"
+
+[ "$#" -eq 1 ] || emit_err "BAD_ARGS" "usage: task-up <taskId>" "args"
+
+task_id="$1"
+UAI_TASK_ID="$task_id"
+setup_err_trap
+
+# Pinned constants (all clusters must agree — see ADR-022).
+STANDARD_IMAGE="uai-standard:dev"
+ASDF_VOLUME="uai-asdf-data"
+DERIVED_IMAGE="uai-task-${task_id}"
+
+# -----------------------------------------------------------------------------
+# Paths (mirror host-agent/lib/env.ts).
+# -----------------------------------------------------------------------------
+
+task_dir="$UAI_WORKSPACE_ROOT/tasks/$task_id"
+task_workspace="$task_dir/workspace"
+task_uai_dir="$task_dir/.uai"
+projects_root="$UAI_WORKSPACE_ROOT/projects"
+compose_project=$(compose_project_for_task "$task_id")
+app_container=$(app_container_for_task "$task_id")
+
+mapped_host_port() {
+  local container="$1" container_port="$2"
+  docker port "$container" "$container_port" 2>/dev/null \
+    | awk -F: 'NR==1 {print $NF}' \
+    | tr -d '[:space:]' \
+    || true
+}
+
+# -----------------------------------------------------------------------------
+# 1. Read rows.
+# -----------------------------------------------------------------------------
+
+step "TASK_NOT_FOUND" "read task row"
+task_json=$(db_get_task "$task_id")
+[ "$(jq 'length' <<<"$task_json")" -ge 1 ] \
+  || emit_err "TASK_NOT_FOUND" "no such task: $task_id" "read task row"
+
+task_branch=$(jq -r '.[0].branch' <<<"$task_json")
+
+step "PROJECT_NOT_FOUND" "read task projects"
+projects_json=$(db_get_projects_for_task "$task_id")
+project_count=$(jq 'length' <<<"$projects_json")
+
+# -----------------------------------------------------------------------------
+# 2. Lock + status=starting.
+# -----------------------------------------------------------------------------
+
+step "LOCKED" "acquire task lock"
+lock_task "$task_id"
+
+step "DB_UPDATE_FAILED" "mark task starting"
+db_update_task "$task_id" \
+  "status='starting'" \
+  "started_at=(unixepoch()*1000)" \
+  "code_server_port=NULL" \
+  "preview_ports='[]'" \
+  "worktree_path='$(sql_escape "$task_dir")'" \
+  "compose_project='$(sql_escape "$compose_project")'"
+
+# -----------------------------------------------------------------------------
+# 3. Bare mirrors + worktrees, one per selected project.
+# -----------------------------------------------------------------------------
+
+# Use the uai-managed host identity for all git-over-SSH (ADR-015: git auth is
+# a host-resident credential). `IdentitiesOnly=yes` + `IdentityAgent=none` keep
+# it from falling through to the operator's personal SSH agent (e.g. 1Password),
+# which both leaks the wrong key and blocks unattended task-up on its approval
+# prompt. `BatchMode=yes` fails fast instead of prompting. Falls back to the
+# host default SSH when the identity hasn't been set up (`pnpm setup-identity`).
+#
+# ADR-029: prefer the TASK CREATOR's per-user key (written to
+# $UAI_TASK_IDENTITY_DIR by the orchestrator) so the clone + push run as them,
+# not the operator. Fall back to the shared operator identity when the creator
+# has no key on this host (transitional / pre-ADR-029 users).
+if [ -n "${UAI_TASK_IDENTITY_DIR:-}" ] && [ -f "${UAI_TASK_IDENTITY_DIR}/id_ed25519" ]; then
+  uai_identity_key="$UAI_TASK_IDENTITY_DIR/id_ed25519"
+  log "git over SSH using the task creator's per-user key"
+else
+  uai_identity_key="$UAI_DATA_DIR/identity/id_ed25519"
+fi
+if [ -f "$uai_identity_key" ]; then
+  uai_known_hosts="$UAI_DATA_DIR/identity/known_hosts"
+  GIT_SSH_COMMAND="ssh -i $uai_identity_key -o IdentitiesOnly=yes -o IdentityAgent=none -o BatchMode=yes -o StrictHostKeyChecking=accept-new"
+  [ -f "$uai_known_hosts" ] && GIT_SSH_COMMAND="$GIT_SSH_COMMAND -o UserKnownHostsFile=$uai_known_hosts"
+  export GIT_SSH_COMMAND
+  log "git over SSH using $uai_identity_key (1Password agent bypassed)"
+else
+  log "no uai identity key at $uai_identity_key — git uses host default SSH (run: pnpm setup-identity)"
+fi
+
+mkdir -p "$task_workspace"
+
+# Iterate using jq -c so each project is a single JSON object per line.
+# Bash 3.2 friendly: a while-read loop rather than mapfile/readarray.
+while IFS= read -r project_obj; do
+  [ -n "$project_obj" ] || continue
+
+  project_id=$(jq -r '.id' <<<"$project_obj")
+  project_slug=$(jq -r '.slug' <<<"$project_obj")
+  repo_url=$(jq -r '.repo_url' <<<"$project_obj")
+  tool_versions=$(jq -r '.tool_versions // ""' <<<"$project_obj")
+
+  mirror_dir="$projects_root/$project_id/repo.git"
+  worktree_target="$task_workspace/$project_slug"
+
+  # Ensure the bare mirror exists with **remote-tracking refs**. Plain
+  # `git clone --bare` copies upstream heads straight into refs/heads/*
+  # and never populates refs/remotes/origin/*, so `worktree add ...
+  # origin/<defaultBranch>` would fail with "invalid reference". Init +
+  # remote + standard refspec + fetch gives a proper bare repo whose
+  # origin/* refs match the remote tip.
+  needs_initial_fetch=0
+  if [ ! -d "$mirror_dir" ]; then
+    step "CLONE_FAILED" "bare-clone ($project_id)"
+    mkdir -p "$(dirname "$mirror_dir")"
+    git init --bare "$mirror_dir" >/dev/null
+    git -C "$mirror_dir" remote add origin "$repo_url"
+    needs_initial_fetch=1
+  fi
+
+  # Always (re-)assert the remote-tracking refspec. Self-heals mirrors
+  # created before this script learned the right refspec — idempotent.
+  git -C "$mirror_dir" config remote.origin.fetch '+refs/heads/*:refs/remotes/origin/*'
+
+  if [ "$needs_initial_fetch" = "1" ]; then
+    # First fetch on a brand-new mirror — required. Bail and clean up so
+    # the next attempt starts fresh rather than re-using a half-init.
+    if ! git -C "$mirror_dir" fetch origin; then
+      rm -rf "$mirror_dir"
+      emit_err "CLONE_FAILED" "initial fetch from $repo_url failed" "bare-clone ($project_id)"
+    fi
+  else
+    # Existing mirror — refresh best-effort. Offline / network blip
+    # shouldn't break task-up.
+    step "FETCH_FAILED" "git fetch origin ($project_id)"
+    if ! git -C "$mirror_dir" fetch origin >/dev/null 2>&1; then
+      log "warning: git fetch failed for $project_id ($repo_url); using cached refs"
+    fi
+  fi
+
+  # Resolve the remote default branch (best-effort) — fall back to main.
+  git -C "$mirror_dir" remote set-head origin -a >/dev/null 2>&1 || true
+  project_default=$(git -C "$mirror_dir" symbolic-ref --short refs/remotes/origin/HEAD 2>/dev/null \
+    | sed 's#^origin/##' || true)
+  [ -n "$project_default" ] || project_default="main"
+
+  # Create the worktree on a fresh task branch off origin/<defaultBranch>.
+  step "WORKTREE_FAILED" "git worktree add ($project_id)"
+  mkdir -p "$(dirname "$worktree_target")"
+  git -C "$mirror_dir" worktree add "$worktree_target" \
+    -b "$task_branch" "origin/$project_default"
+
+  # Tool-version seeding: only when the worktree has no checked-in
+  # .tool-versions AND the project declares one. Never overwrite a file
+  # the repo already ships.
+  if [ ! -e "$worktree_target/.tool-versions" ] \
+     && [ -n "$tool_versions" ] && [ "$tool_versions" != "null" ]; then
+    printf '%s\n' "$tool_versions" > "$worktree_target/.tool-versions"
+  fi
+done < <(jq -c '.[]' <<<"$projects_json")
+
+# -----------------------------------------------------------------------------
+# 4. Generate .uai/docker-compose.yml (bash). Union preview ports + env keys
+#    across the selected projects; one app service. Derived Dockerfile only
+#    when a project declares `extra`.
+# -----------------------------------------------------------------------------
+
+step "RENDER_FAILED" "generate compose"
+
+mkdir -p "$task_uai_dir"
+
+# Union of preview ports across projects, de-duped by containerPort
+# (first-in-position wins the name). Validated: name non-empty, 1..65535.
+union_preview_ports_json=$(jq -c '
+  [
+    .[]
+    | (.preview_ports // "[]") as $raw
+    | (if ($raw | type) == "string" then (try ($raw | fromjson) catch [])
+       elif ($raw | type) == "array" then $raw
+       else [] end)
+    | .[]?
+    | {
+        name: (.name // ""),
+        containerPort: (((.containerPort // 0) | tonumber?) // 0)
+      }
+    | select(.name != "" and .containerPort > 0 and .containerPort <= 65535)
+  ]
+  | reduce .[] as $p ({seen: [], out: []};
+      if (.seen | index($p.containerPort)) then .
+      else {seen: (.seen + [$p.containerPort]), out: (.out + [$p])} end)
+  | .out
+' <<<"$projects_json")
+
+# Union of declared env keys across projects (env JSON is an array of
+# {key,...} objects per ADR-015). De-duped, first occurrence wins.
+union_env_keys_json=$(jq -c '
+  [
+    .[]
+    | (.env // "[]") as $raw
+    | (if ($raw | type) == "string" then (try ($raw | fromjson) catch [])
+       elif ($raw | type) == "array" then $raw
+       else [] end)
+    | .[]?
+    | (.key // "")
+    | select(. != "")
+  ]
+  | reduce .[] as $k ([]; if (index($k)) then . else . + [$k] end)
+' <<<"$projects_json")
+
+# Concatenated `extra` RUN snippets across projects (in position order).
+extra_block=$(jq -r '
+  [ .[] | (.extra // "") | select(. != "" and . != "null") ]
+  | join("\n")
+' <<<"$projects_json")
+
+has_derived=0
+if [ -n "$extra_block" ]; then
+  has_derived=1
+fi
+
+# Write the compose file. No top-level name: (the -p flag sets the project),
+# no container_name:. Env values live host-side (ADR-015): we emit only
+# pass-through references `${KEY:-}`.
+{
+  printf 'services:\n'
+  printf '  app:\n'
+  if [ "$has_derived" = "1" ]; then
+    printf '    build:\n'
+    printf '      context: .\n'
+    printf '      dockerfile: Dockerfile\n'
+    printf '    image: %s\n' "$DERIVED_IMAGE"
+  else
+    printf '    image: %s\n' "$STANDARD_IMAGE"
+  fi
+  printf '    init: true\n'
+  printf '    working_dir: /workspace\n'
+  printf '    volumes:\n'
+  printf '      - "%s:/workspace"\n' "$task_workspace"
+  # Identical-host-path binds so each git worktree's absolute gitdir pointer
+  # (-> projects/<id>/repo.git/worktrees/<slug>) resolves INSIDE the container
+  # (ADR-014). Without them in-container git sees a dangling .git and every
+  # commit fails with "not a git repository". The mirror is bound rw because
+  # commits write objects back into the shared object store.
+  printf '      - "%s:%s"\n' "$task_workspace" "$task_workspace"
+  while IFS= read -r vol_obj; do
+    [ -n "$vol_obj" ] || continue
+    vol_pid=$(jq -r '.id' <<<"$vol_obj")
+    printf '      - "%s/%s/repo.git:%s/%s/repo.git"\n' \
+      "$projects_root" "$vol_pid" "$projects_root" "$vol_pid"
+  done < <(jq -c '.[]' <<<"$projects_json")
+  printf '      - "%s:/opt/asdf-data"\n' "$ASDF_VOLUME"
+  printf '    ports:\n'
+  printf '      - "127.0.0.1::8080"\n'
+  while IFS= read -r cport; do
+    [ -n "$cport" ] || continue
+    printf '      - "127.0.0.1::%s"\n' "$cport"
+  done < <(jq -r '.[].containerPort' <<<"$union_preview_ports_json")
+  printf '    environment:\n'
+  # Host-resident Claude auth (ADR-021). Headless `claude --print` no longer
+  # uses the interactive subscription/keychain path, so it needs a token from
+  # `claude setup-token`. Interpolated from the host-agent env at up-time, so
+  # the literal token is never written to the compose file on disk. Putting it
+  # in the container env (rather than the host's ~/.claude mount, which broke
+  # with EROFS on session-env writes) means both the orchestrator's headless
+  # claude and the code-server terminal's interactive claude authenticate.
+  printf '      %s: "${%s:-}"\n' \
+    "CLAUDE_CODE_OAUTH_TOKEN" "CLAUDE_CODE_OAUTH_TOKEN"
+  # No GH_TOKEN/GITHUB_TOKEN in the container env (ADR-027). `gh` prefers such
+  # an env var over its stored credentials, which blocks the per-user
+  # `gh auth login --with-token` the host runs (and would re-attribute every PR
+  # to the env token — breaking multi-user). The host's GitHub token reaches
+  # `gh` through its config file instead (lib/github-tokens.ts); git rides the
+  # per-user SSH identity, not an HTTPS token (uai-init routes remotes over SSH).
+  # A project may declare GH_TOKEN/GITHUB_TOKEN as an env key, so skip them here
+  # rather than trust callers — this is where the rule is enforced.
+  while IFS= read -r ekey; do
+    [ -n "$ekey" ] || continue
+    case "$ekey" in
+      GH_TOKEN | GITHUB_TOKEN) continue ;;
+    esac
+    printf '      %s: "${%s:-}"\n' "$ekey" "$ekey"
+  done < <(jq -r '.[]' <<<"$union_env_keys_json")
+  printf 'volumes:\n'
+  printf '  %s:\n' "$ASDF_VOLUME"
+  printf '    external: true\n'
+} > "$task_uai_dir/docker-compose.yml"
+
+if [ "$has_derived" = "1" ]; then
+  # Run `extra` as root so apt/system installs work (the standard image ends
+  # as USER node), then drop back to node for the running container.
+  {
+    printf 'FROM %s\n' "$STANDARD_IMAGE"
+    printf 'USER root\n'
+    printf '%s\n' "$extra_block"
+    printf 'USER node\n'
+  } > "$task_uai_dir/Dockerfile"
+fi
+
+# -----------------------------------------------------------------------------
+# 5. Compose up.
+# -----------------------------------------------------------------------------
+
+# The shared asdf cache volume is host-wide and declared external — make
+# sure it exists before compose references it. Idempotent.
+docker volume create "$ASDF_VOLUME" >/dev/null 2>&1 || true
+
+step "COMPOSE_UP_FAILED" "docker compose up -d"
+if [ "$has_derived" = "1" ]; then
+  docker compose -p "$compose_project" -f "$task_uai_dir/docker-compose.yml" up -d --build >/dev/null
+else
+  docker compose -p "$compose_project" -f "$task_uai_dir/docker-compose.yml" up -d >/dev/null
+fi
+
+# -----------------------------------------------------------------------------
+# 6. Container init — copy AI creds in, install deps, launch code-server.
+# -----------------------------------------------------------------------------
+
+step "CONTAINER_INIT_FAILED" "uai-init (deps + code-server)"
+
+# Copy `.claude.json` into the container instead of bind-mounting it.
+# Single-file bind mounts on Docker Desktop macOS are fragile — claude
+# CLI atomically rewrites the file on every start, which can invalidate
+# the bind mount and leave a stale dentry, after which claude refuses to
+# start. docker cp gives the container its own stable copy. Best-effort.
+if [ -f "$UAI_OWNER_HOME/.claude.json" ]; then
+  docker cp "$UAI_OWNER_HOME/.claude.json" \
+    "$app_container":/home/node/.claude.json >/dev/null 2>&1 \
+    || log "warning: docker cp of .claude.json failed; claude may need re-login"
+  docker exec -u root "$app_container" \
+    chown node:node /home/node/.claude.json >/dev/null 2>&1 || true
+fi
+
+# Copy Codex credentials/config into a task-private /home/node/.codex.
+# Do not mount the host ~/.codex writable: Codex stores live SQLite state
+# there, and concurrent host/container access can corrupt it.
+docker exec -u root "$app_container" \
+  mkdir -p /home/node/.codex >/dev/null 2>&1 || true
+for codex_item in auth.json config.toml AGENTS.md version.json installation_id rules; do
+  if [ -e "$UAI_OWNER_HOME/.codex/$codex_item" ]; then
+    docker cp "$UAI_OWNER_HOME/.codex/$codex_item" \
+      "$app_container":/home/node/.codex/ >/dev/null 2>&1 \
+      || log "warning: docker cp of .codex/$codex_item failed; codex may need re-login"
+  fi
+done
+docker exec -u root "$app_container" \
+  chown -R node:node /home/node/.codex >/dev/null 2>&1 || true
+
+# Copy the same resolved SSH identity (task creator's per-user key when present,
+# else the operator identity — see above) into the container, so the agent signs
+# + pushes with the key whose .pub the user registered on GitHub. ADR-027 drops
+# the HTTPS/GH_TOKEN path; uai-init routes every GitHub remote over SSH.
+# Best-effort: signing + SSH push just stay off if the identity is absent.
+if [ -f "$uai_identity_key" ]; then
+  docker exec -u root "$app_container" \
+    mkdir -p /home/node/.ssh >/dev/null 2>&1 || true
+  docker cp "$uai_identity_key" \
+    "$app_container":/home/node/.ssh/id_ed25519 >/dev/null 2>&1 || true
+  docker cp "${uai_identity_key}.pub" \
+    "$app_container":/home/node/.ssh/id_ed25519.pub >/dev/null 2>&1 || true
+  docker exec -u root "$app_container" sh -c \
+    'chown -R node:node /home/node/.ssh && chmod 700 /home/node/.ssh && chmod 600 /home/node/.ssh/id_ed25519' \
+    >/dev/null 2>&1 || true
+fi
+
+docker exec "$app_container" /usr/local/bin/uai-init >/dev/null
+
+# -----------------------------------------------------------------------------
+# 7. Discover code-server + preview ports, mark running, unlock.
+# -----------------------------------------------------------------------------
+
+# code-server: container exposes 8080; Docker auto-maps to a random host
+# port. Discover via `docker port`. Best-effort — if it fails the Editor
+# pane is just unavailable.
+code_server_port=$(mapped_host_port "$app_container" 8080)
+if [ -z "$code_server_port" ]; then
+  log "warning: could not discover code-server port for ${app_container} (editor pane unavailable)"
+fi
+
+preview_ports_runtime_json="[]"
+if [ "$(jq 'length' <<<"$union_preview_ports_json")" -gt 0 ]; then
+  preview_port_lines=""
+  while IFS= read -r preview_obj; do
+    [ -n "$preview_obj" ] || continue
+    preview_name=$(jq -r '.name' <<<"$preview_obj")
+    preview_container_port=$(jq -r '.containerPort' <<<"$preview_obj")
+    preview_host_port=$(mapped_host_port "$app_container" "$preview_container_port")
+    if [ -z "$preview_host_port" ]; then
+      log "warning: could not discover preview port ${preview_name}:${preview_container_port} for ${app_container}"
+      continue
+    fi
+    preview_port_lines="${preview_port_lines}$(jq -nc \
+      --arg name "$preview_name" \
+      --arg hp "$preview_host_port" \
+      '{name:$name,hostPort:($hp|tonumber)}')
+"
+  done < <(jq -c '.[]' <<<"$union_preview_ports_json")
+
+  if [ -n "$preview_port_lines" ]; then
+    preview_ports_runtime_json=$(printf '%s' "$preview_port_lines" | jq -s -c '.')
+  fi
+fi
+
+step "DB_UPDATE_FAILED" "mark task running"
+cs_sql="code_server_port=NULL"
+if [ -n "$code_server_port" ]; then
+  cs_sql="code_server_port=${code_server_port}"
+fi
+db_update_task "$task_id" \
+  "status='running'" \
+  "$cs_sql" \
+  "preview_ports='$(sql_escape "$preview_ports_runtime_json")'"
+
+unlock_task "$task_id"
+
+emit_event "$task_id" "status_changed" "$(jq -nc '{from:"starting",to:"running"}')"
+
+# NOTE: `codeServerPort` is added only when discovered. Do NOT inline a
+# `select(.!="")` into the object literal — when it filters to empty, jq
+# collapses the *entire* object to empty and emit_ok then defaults to
+# `{}`, producing AGENT_BAD_OUTPUT. Add the key with object-merge instead.
+emit_ok "$(jq -nc \
+  --arg cp "$compose_project" \
+  --arg wp "$task_dir" \
+  --arg csport "${code_server_port:-}" \
+  --argjson previewPorts "$preview_ports_runtime_json" \
+  '{composeProject:$cp,worktreePath:$wp}
+   + (if $csport == "" then {} else {codeServerPort:($csport|tonumber)} end)
+   + {previewPorts:$previewPorts}')"