loopat 0.1.45 → 0.1.47

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "loopat",
-  "version": "0.1.45",
+  "version": "0.1.47",
   "description": "Self-hosted AI workspace built around context management — works solo, scales to teams",
   "license": "Apache-2.0",
   "homepage": "https://github.com/simpx/loopat",

package/server/src/bootstrap.ts

@@ -7,14 +7,13 @@ import { existsSync } from "node:fs"
 import { execFileSync } from "node:child_process"
 import { join } from "node:path"
 import { resolveSandboxClaudeBinary } from "./claude-binary"
-import { configPath, loadKnowledgeConfig, type WorkspaceConfig, type KnowledgeConfig } from "./config"
+import { configPath, loadKnowledgeConfig, type WorkspaceConfig } from "./config"
 import {
   WORKSPACE,
   usersPath,
   workspaceDir,
   workspaceKnowledgeDir,
   workspaceNotesDir,
-  workspaceRepoDir,
   workspaceTeamClaudeMdPath,
 } from "./paths"
 import { listUsers } from "./auth"
@@ -109,19 +108,6 @@ function describeRemote(dir: string, url: string | undefined): string {
   return "local-only (no remote)"
 }
 
-function describeRepos(kcfg: KnowledgeConfig): Check {
-  const specs = kcfg.repos ?? []
-  if (specs.length === 0) return { ok: true, label: `repos:     (none configured)` }
-  // Repos are clone-on-demand (cloned only when a loop selects one), so a repo
-  // that isn't cloned yet is NORMAL, not a failure. Report cloned vs on-demand;
-  // never a blocker.
-  const parts = specs.map((r) => {
-    const present = existsSync(workspaceRepoDir(r.name))
-    return present ? r.name : `${r.name} (on demand)`
-  })
-  return { ok: true, label: `repos:     ${parts.join(", ")}` }
-}
-
 async function checkUsers(): Promise<Check> {
   const path = usersPath()
   if (!existsSync(path)) {
@@ -137,14 +123,15 @@ async function checkUsers(): Promise<Check> {
 }
 
 export async function printBootstrapBanner(cfg: WorkspaceConfig) {
-  // notes + repos are declared inside the knowledge repo's .loopat/config.json.
+  // notes is declared inside the knowledge repo's .loopat/config.json. The repo
+  // roster is per-user (personal config), so the workspace banner can't list it.
   const kcfg = await loadKnowledgeConfig()
   const checks: Check[] = [
     { ok: true, label: `workspace: ${workspaceDir()}` },
     { ok: true, label: `team .claude/CLAUDE.md (${existsSync(workspaceTeamClaudeMdPath()) ? "present" : "absent"})` },
     { ok: existsSync(workspaceKnowledgeDir()), label: `knowledge: ${describeRemote(workspaceKnowledgeDir(), cfg.knowledge?.git || undefined)}` },
     { ok: existsSync(workspaceNotesDir()), label: `notes:     ${describeRemote(workspaceNotesDir(), kcfg.notes?.git || undefined)}` },
-    describeRepos(kcfg),
+    { ok: true, label: `repos:     (per-user, in personal config)` },
     await checkUsers(),
     { ok: existsSync(configPath()), label: `config: ${configPath()}` },
     checkPodman(),

package/server/src/config.ts

@@ -113,17 +113,17 @@ export type RepoSpec = {
 
 /**
  * Config living INSIDE the knowledge repo at <knowledge>/.loopat/config.json.
- * The knowledge repo is the SoT for the team's notes remote + the repo roster;
- * workspace/personal config only hold the `knowledge` entry pointer. To read
- * it the knowledge repo must already be cloned (its url comes from
- * personal/workspace config), so this is loaded AFTER the knowledge clone.
+ * The knowledge repo is the SoT for the team's notes remote; workspace/personal
+ * config only hold the `knowledge` entry pointer. To read it the knowledge repo
+ * must already be cloned (its url comes from personal/workspace config), so this
+ * is loaded AFTER the knowledge clone. (The repo roster is NO LONGER here — it
+ * moved to personal config; see PersonalConfig.repos.)
  */
 export type KnowledgeConfig = {
   notes?: RemoteSpec
-  repos?: RepoSpec[]
 }
 
-const KNOWLEDGE_CONFIG_TEMPLATE: KnowledgeConfig = { notes: { git: "" }, repos: [] }
+const KNOWLEDGE_CONFIG_TEMPLATE: KnowledgeConfig = { notes: { git: "" } }
 
 /** The .loopat root holding the knowledge config. With a user → that user's
  *  per-user knowledge repo; without → the workspace-default knowledge repo
@@ -140,7 +140,7 @@ export async function loadKnowledgeConfig(user?: string): Promise<KnowledgeConfi
   if (!existsSync(path)) return JSON.parse(JSON.stringify(KNOWLEDGE_CONFIG_TEMPLATE))
   try {
     const disk = JSON.parse(await readFile(path, "utf8")) as KnowledgeConfig
-    return { notes: disk.notes, repos: Array.isArray(disk.repos) ? disk.repos : [] }
+    return { notes: disk.notes }
   } catch (e: any) {
     console.warn(`[loopat] knowledge config: ${path} malformed (${e?.message ?? e}), treating as empty`)
     return JSON.parse(JSON.stringify(KNOWLEDGE_CONFIG_TEMPLATE))
@@ -153,7 +153,6 @@ export async function saveKnowledgeConfig(user: string | undefined, patch: Knowl
   const cur = await loadKnowledgeConfig(user)
   const next: KnowledgeConfig = {
     notes: patch.notes !== undefined ? patch.notes : cur.notes,
-    repos: patch.repos !== undefined ? patch.repos : cur.repos,
   }
   const dir = knowledgeLoopatRoot(user)
   await mkdir(dir, { recursive: true })
@@ -180,9 +179,9 @@ export type OperatorMount = {
  */
 export type WorkspaceConfig = {
   /** Workspace-default entry pointer to the knowledge repo. The notes remote
-   *  and the repo roster now live INSIDE the knowledge repo's
-   *  .loopat/config.json (KnowledgeConfig) — see loadKnowledgeConfig. A
-   *  per-user override lives in personal config. */
+   *  lives INSIDE the knowledge repo's .loopat/config.json (KnowledgeConfig) —
+   *  see loadKnowledgeConfig. The repo roster is per-user (PersonalConfig.repos).
+   *  A per-user knowledge override lives in personal config. */
   knowledge?: RemoteSpec
   providers?: Record<string, ProviderConfig>
   default?: string
@@ -246,9 +245,12 @@ export type PersonalConfigDisk = {
   /** Mixed: "default" key is a string, all other keys are providers. */
   providers: Record<string, ProviderConfigDisk | string>
   /** Per-user entry pointer to the knowledge repo (authoritative over the
-   *  workspace default). The notes remote + repo roster live inside the
-   *  knowledge repo's own .loopat/config.json, not here. */
+   *  workspace default). The notes remote lives inside the knowledge repo's
+   *  own .loopat/config.json, not here. */
   knowledge?: RemoteSpec
+  /** Per-user repo roster — clone-on-demand at loop creation. Personal, not
+   *  team-shared (moved here from the knowledge repo). Edited via /context/repos. */
+  repos?: RepoSpec[]
 }
 
 export type PersonalConfig = {
@@ -261,9 +263,11 @@ export type PersonalConfig = {
    * in mcpServers works, and (b) substitute `${VAR}` in provider.apiKey.
    */
   vaultEnvs: Record<string, string>
-  /** Per-user entry pointer to the knowledge repo (notes/repos live in the
+  /** Per-user entry pointer to the knowledge repo (notes lives in the
    *  knowledge repo's own .loopat/config.json). */
   knowledge?: RemoteSpec
+  /** Per-user repo roster — clone-on-demand at loop creation. */
+  repos: RepoSpec[]
 }
 
 /**
@@ -311,6 +315,7 @@ const PERSONAL_TEMPLATE: PersonalConfig = {
   default: PROVIDER_PRESETS[0] ? `${PROVIDER_PRESETS[0].name}/${PROVIDER_PRESETS[0].models[0]}` : "",
   providers: buildPresetProviders(),
   vaultEnvs: {},
+  repos: [],
 }
 
 /** On-disk shape used when a config.json is missing or malformed. Seeded
@@ -477,6 +482,7 @@ export async function loadPersonalConfig(
     default: defaultProviderName && providers[defaultProviderName] ? rawDefault : "",
     providers,
     vaultEnvs,
+    repos: Array.isArray(disk.repos) ? disk.repos : [],
     ...(disk.knowledge ? { knowledge: disk.knowledge } : {}),
   }
   personalCache.set(cacheKey, { cfg, configMtimeMs, envsDirMtimeMs })
@@ -667,6 +673,13 @@ export async function savePersonalDisk(
     disk.providers = patch.providers
   }
 
+  if (patch.repos !== undefined) {
+    disk.repos = patch.repos
+      .filter((r) => r && typeof r.name === "string" && typeof r.git === "string")
+      .map((r) => ({ name: r.name.trim(), git: r.git.trim() }))
+      .filter((r) => r.name && r.git)
+  }
+
   await mkdir(personalLoopatDir(user), { recursive: true })
   await writeFile(personalLoopatConfigPath(user), JSON.stringify(disk, null, 2) + "\n")
   clearPersonalCache(user)

package/server/src/index.ts

@@ -4,7 +4,7 @@ import { createBunWebSocket } from "hono/bun"
 import { existsSync } from "node:fs"
 import { execFile, execFileSync } from "node:child_process"
 import { promisify } from "node:util"
-import { listLoops, createLoop, getLoop, loopExists, patchLoopMeta, backfillAllMounts, ensureWorkspaceDirs, provisionUserPersonal, importPersonalFromRepo, setupPersonalViaProvider, listPersonalReposViaProvider, authenticateViaProvider, isPersonalFresh, ensureUiNotesWorktree, syncUiNotes, ffUpdateUiNotes, notesBehind, inspectPersonalDirty, syncPersonalToRemote, deletePersonalVault, pullPersonalFromRemote, pushPersonalToRemote, ensureContextMounts, effectiveDriver, isDriver, distillLoop, inspectRepoSync, pullRepoFromRemote, pushRepoToRemote, ensureUserContext, promoteKnowledgeConfig, listVaultPublicKeys, userOnboarding, submitOnboarding } from "./loops"
+import { listLoops, createLoop, getLoop, loopExists, patchLoopMeta, backfillAllMounts, ensureWorkspaceDirs, provisionUserPersonal, importPersonalFromRepo, setupPersonalViaProvider, listPersonalReposViaProvider, authenticateViaProvider, isPersonalFresh, ensureUiNotesWorktree, syncUiNotes, ffUpdateUiNotes, notesBehind, inspectPersonalDirty, syncPersonalToRemote, deletePersonalVault, pullPersonalFromRemote, pushPersonalToRemote, ensureContextMounts, effectiveDriver, isDriver, distillLoop, inspectRepoSync, pullRepoFromRemote, pushRepoToRemote, listVaultPublicKeys, userOnboarding, submitOnboarding } from "./loops"
 import { getEphemeralHostPort, probePodman, stopAllWorkspaceContainers, ensureServeContainer, ensurePortProxyContainer, ensureSandboxImage } from "./podman"
 import { startMcpAuth, completeMcpAuth, probeOAuthSupport, evictOAuthProbe, parseBearerEnvName, mcpRequiredEnvs, parseTemplateVars, type OAuthSupport } from "./mcp-oauth"
 import { DEFAULT_VAULT, loadVaultEnvs } from "./vaults"
@@ -55,7 +55,7 @@ import {
   personalReposDir,
   loopsDir,
 } from "./paths"
-import { loadConfig, loadPersonalConfig, savePersonalConfig, saveWorkspaceConfig, loadTokenUsage, getActiveProvider, readPersonalDiskRaw, savePersonalDisk, describeApiKeyRef, writeVaultEnv, deleteVaultEnv, loadKnowledgeConfig, saveKnowledgeConfig, loadA2AConfig, saveA2AConfig, type ProviderConfig, type ModelEntry } from "./config"
+import { loadConfig, loadPersonalConfig, savePersonalConfig, saveWorkspaceConfig, loadTokenUsage, getActiveProvider, readPersonalDiskRaw, savePersonalDisk, describeApiKeyRef, writeVaultEnv, deleteVaultEnv, loadA2AConfig, saveA2AConfig, type ProviderConfig, type ModelEntry } from "./config"
 import { createApiToken, listApiTokens, revokeApiToken } from "./api-tokens"
 import { listBoards, createBoard, renameBoard, listKanbanColumns, addCard, toggleCard, deleteCard, moveCard, updateCardMeta, updateCardBlock, reorderCards, createColumn, deleteColumn, readKanbanConfig, saveColumnOrder, setColumnColor, renameColumn, assignDriverForCard, createLoopFromCard, linkLoopToCard, kanbanUserCtx } from "./kanban"
 import { printBootstrapBanner, printReadyLine } from "./bootstrap"
@@ -2423,14 +2423,14 @@ app.get("/api/workspace/backlinks", requireAuth, async (c) => {
   return c.json({ backlinks: await vaultBacklinks(vault as VaultId, path, userId) })
 })
 
-// Context repos roster — DECLARATIVE, lives in the per-user knowledge repo's
-// .loopat/config.json (notes remote + repos[]). Physical clones are still
-// on-demand at loop creation (ensureRepoCloned). GET returns the roster; PUT
-// rewrites it and promotes (commit + push) back to the knowledge repo.
+// Context repos roster — PERSONAL: lives in the user's own
+// personal/<user>/.loopat/config.json. Physical clones stay on-demand at loop
+// creation. GET returns the roster; PUT writes it straight to personal config
+// (no git promote — personal config syncs through the personal-repo path).
 app.get("/api/context/repos", requireAuth, async (c) => {
   const u = c.get("userId") as string
-  const kcfg = await loadKnowledgeConfig(u)
-  return c.json({ notes: kcfg.notes ?? null, repos: kcfg.repos ?? [] })
+  const pcfg = await loadPersonalConfig(u)
+  return c.json({ repos: pcfg.repos ?? [] })
 })
 
 app.put("/api/context/repos", requireAuth, async (c) => {
@@ -2439,17 +2439,9 @@ app.put("/api/context/repos", requireAuth, async (c) => {
   const repos = Array.isArray(body.repos)
     ? body.repos.filter((r: any) => r?.name && r?.git).map((r: any) => ({ name: String(r.name).trim(), git: String(r.git).trim() }))
     : []
-  const notes = body?.notes?.git ? { git: String(body.notes.git).trim() } : undefined
-  // Need the per-user knowledge repo present to write + promote. Best-effort
-  // clone it first (from personal.knowledge).
-  await ensureUserContext(u).catch(() => {})
-  if (!existsSync(join(personalKnowledgeDir(u), ".git"))) {
-    return c.json({ error: "knowledge repo not available — set personal.knowledge and make sure your key can clone it" }, 400)
-  }
-  await saveKnowledgeConfig(u, { notes, repos })
-  const r = await promoteKnowledgeConfig(u)
-  if (!r.ok) return c.json({ error: r.error, savedLocally: true }, 400)
-  return c.json({ ok: true, notes: notes ?? null, repos })
+  const sp = await savePersonalDisk(u, { repos })
+  if (!sp.ok) return c.json({ error: sp.error }, 400)
+  return c.json({ ok: true, repos })
 })
 
 // ── topics ──

package/server/src/loops.ts

@@ -349,7 +349,7 @@ async function ensureContextRepo(dir: string, name: string, url?: string): Promi
 /**
  * The personal repo is self-describing: its `.loopat/config.json` declares the
  * authoritative kn/notes remotes, and a loop connects to them with the user's
- * OWN key from the selected vault (`vaults/<vault>/mounts/home/.ssh/id`), not
+ * OWN key from the selected vault (`vaults/<vault>/mounts/home/.ssh/id_ed25519`), not
  * the host's ssh. Called at loop creation, which has the user + vault in hand.
  *
  * The startup clone (driven by host config.json) stays as a display mirror;
@@ -370,13 +370,6 @@ async function _ensureUserContext(user: string, vault: string): Promise<string[]
   const errors: string[] = []
   const cfg = await loadPersonalConfig(user, vault)
   const sshEnv = { ...process.env, GIT_SSH_COMMAND: sshCommandForUser(user, vault) }
-  // Sandbox-side promote: core.sshCommand points at the vault key's SANDBOX path
-  // (/loopat/home/<user>/.ssh/id, where the vault home-mount lands) with
-  // accept-new, so the AI's `git push` inside the sandbox authenticates as the
-  // user without an interactive host-key prompt. Host-side ops override this
-  // with GIT_SSH_COMMAND (env beats config), so the sandbox path is never used
-  // server-side.
-  const sandboxKey = `/loopat/home/${user}/.ssh/id`
   // Clone-or-sync a PER-USER context main repo from `url` with the vault key.
   // STRICT, per the context model: personal wins even when empty — an empty url
   // means the dir is REMOVED so the loop sees nothing (no fallback to any
@@ -406,18 +399,20 @@ async function _ensureUserContext(user: string, vault: string): Promise<string[]
         return false
       }
     }
-    await execFileP("git", ["-C", dir, "config", "core.sshCommand",
-      `ssh -i ${sandboxKey} -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=/dev/null`]).catch(() => {})
+    // No core.sshCommand override: inside the sandbox the vault's .ssh is mounted
+    // at $HOME/.ssh, so the AI's `git push` resolves the standard-named key +
+    // config on its own (follow ssh standard, don't special-case). Host-side ops
+    // here use GIT_SSH_COMMAND (sshEnv).
     await execFileP("git", ["-C", dir, "fetch", "--quiet", "origin"], { env: sshEnv, timeout: 30_000 }).catch(() => {})
     return true
   }
   // knowledge is the entry pointer (personal-declared url); clone it first, then
-  // read ITS .loopat/config.json for the notes remote + repo roster — notes and
-  // repos now live inside the per-user knowledge repo, not in personal config.
+  // read ITS .loopat/config.json for the notes remote. The repo roster is
+  // personal (cfg.repos), no longer inside the knowledge repo.
   const hasKnowledge = await ensurePerUserRepo(personalKnowledgeDir(user), cfg.knowledge?.git, "knowledge")
-  const kcfg = hasKnowledge ? await loadKnowledgeConfig(user) : { notes: undefined, repos: [] as RepoSpec[] }
+  const kcfg = hasKnowledge ? await loadKnowledgeConfig(user) : { notes: undefined }
   await ensurePerUserRepo(personalNotesDir(user), kcfg.notes?.git, "notes")
-  await writeReposManifest(personalReposDir(user), kcfg.repos ?? [])
+  await writeReposManifest(personalReposDir(user), cfg.repos ?? [])
   return errors
 }
 
@@ -446,9 +441,9 @@ async function writeReposManifest(reposDir: string, specs: RepoSpec[]) {
  * repo dir exists afterwards. Used by loop creation and any on-demand path.
  */
 async function ensureRepoMirror(user: string, name: string, sshCommand?: string): Promise<string | null> {
-  // The roster lives in the user's OWN knowledge repo (per-user, no fallback).
-  const kcfg = await loadKnowledgeConfig(user)
-  const spec = kcfg.repos?.find((r) => r.name === name)
+  // The roster lives in the user's OWN personal config (per-user, no fallback).
+  const pcfg = await loadPersonalConfig(user)
+  const spec = pcfg.repos?.find((r) => r.name === name)
   if (!spec?.git) return null
   const dir = personalRepoCacheDir(user, name)
   const env = sshCommand ? { ...process.env, GIT_SSH_COMMAND: sshCommand } : process.env
@@ -500,7 +495,9 @@ export async function ensureWorkspaceDirs() {
   await ensureContextRepo(workspaceKnowledgeDir(), "knowledge", cfg.knowledge?.git || undefined)
   const kcfg = await loadKnowledgeConfig()
   await ensureContextRepo(workspaceNotesDir(), "notes", kcfg.notes?.git || undefined)
-  await writeReposManifest(workspaceReposDir(), kcfg.repos ?? [])
+  // The repo roster is per-user (PersonalConfig.repos); there is no
+  // workspace-default roster, so the workspace repos manifest is empty.
+  await writeReposManifest(workspaceReposDir(), [])
 
   // workspace memory dir + stub
   const tm = workspaceMemoryDir()
@@ -938,23 +935,29 @@ export async function importPersonalFromRepo(
 }
 
 /**
- * TEAM key: the ssh command a git op uses to reach SHARED context — knowledge /
- * notes / repos — as the user, with their OWN key from the selected vault
- * (`vaults/<vault>/mounts/home/.ssh/id`). If the key isn't there the op simply
- * fails: we deliberately do NOT fall back to the host deploy-key, so a loop
- * never borrows access it wasn't granted. Authorization tracks the personal
- * repo (which declares the team it connects to), not the host
+ * TEAM key: the ssh command a host-side git op uses to reach SHARED context —
+ * knowledge / notes / repos — as the user, with their OWN vault. We just point
+ * ssh at the vault's `.ssh` and let it follow the standard: the standard-named
+ * key (`id_ed25519`, via `-i` because on the host `~` isn't the vault) and the
+ * vault's own `config` (via `-F`, so the user's Host / known-hosts / strict-
+ * checking choices apply). No `IdentitiesOnly` / `UserKnownHostsFile` overrides
+ * — loopat doesn't special-case the key, it follows ssh's standard resolution.
+ * If the key isn't there the op simply fails: we deliberately do NOT fall back
+ * to the host deploy-key, so a loop never borrows access it wasn't granted
  * (see behavior/02-personal-permissions.md).
  */
 function sshCommandForUser(userId: string, vault: string = "default"): string {
-  const vaultKey = join(personalVaultDir(userId, vault), "mounts", "home", ".ssh", "id")
+  const sshDir = join(personalVaultDir(userId, vault), "mounts", "home", ".ssh")
+  const vaultKey = join(sshDir, "id_ed25519")
+  const vaultConfig = join(sshDir, "config")
   // git can't persist 0600 — it only tracks the exec bit — so a fresh checkout
   // of the git-crypt vault lands the key at the umask default (0664 under a 002
   // umask), and ssh refuses it ("permissions too open"). Force 0600 at point of
   // use: this fixes every host-side git op AND the file the sandbox bind-mounts
   // into $HOME, regardless of how/when it was checked out. Cheap + idempotent.
   try { chmodSync(vaultKey, 0o600) } catch {}
-  return `ssh -i ${vaultKey} -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=/dev/null`
+  const f = existsSyncBase(vaultConfig) ? `-F ${vaultConfig} ` : ""
+  return `ssh ${f}-i ${vaultKey}`
 }
 
 /**
@@ -1795,7 +1798,7 @@ export async function promoteKnowledgeConfig(user: string): Promise<RepoSyncResu
  * The user's per-vault SSH public keys — the keys a loop authenticates to TEAM
  * repos with (knowledge / notes / repos), one per vault. This is what the user
  * must register on the team git host. Distinct from the deploy key (host-
- * secrets, personal-repo only). Reads vaults/<v>/mounts/home/.ssh/id.pub, or
+ * secrets, personal-repo only). Reads vaults/<v>/mounts/home/.ssh/id_ed25519.pub, or
  * derives it from the private key.
  */
 export async function listVaultPublicKeys(user: string): Promise<{ vault: string; publicKey: string }[]> {
@@ -1803,8 +1806,8 @@ export async function listVaultPublicKeys(user: string): Promise<{ vault: string
   const out: { vault: string; publicKey: string }[] = []
   for (const vault of listVaults(user)) {
     const sshDir = join(personalVaultDir(user, vault), "mounts", "home", ".ssh")
-    const pubPath = join(sshDir, "id.pub")
-    const keyPath = join(sshDir, "id")
+    const pubPath = join(sshDir, "id_ed25519.pub")
+    const keyPath = join(sshDir, "id_ed25519")
     let pub = ""
     if (existsSyncBase(pubPath)) {
       pub = (await readFile(pubPath, "utf8")).trim()
@@ -1932,7 +1935,7 @@ async function unlockWithCryptKey(
     // The just-decrypted vault ssh key lands at the umask default (often 0664);
     // git can't carry 0600, so lock it down now — before the sandbox bind-mounts
     // it into $HOME — so both host git ops and in-container ssh accept it.
-    await chmod(join(repoDir, ".loopat", "vaults", "default", "mounts", "home", ".ssh", "id"), 0o600).catch(() => {})
+    await chmod(join(repoDir, ".loopat", "vaults", "default", "mounts", "home", ".ssh", "id_ed25519"), 0o600).catch(() => {})
     return { ok: true }
   } catch (e: any) {
     if (await gitCryptKeyExists(userId)) {

package/server/src/podman.ts

@@ -52,6 +52,7 @@ import {
   personalKnowledgeDir,
   personalNotesDir,
   personalReposDir,
+  personalRepoCacheDir,
   LOOPAT_INSTALL_DIR,
   loopHomeUpper,
   workspaceHomeSkelDir,
@@ -128,6 +129,11 @@ export type ContainerOptions = {
   vaultName?: string
   knowledgeRw?: boolean
   mountAllLoops?: boolean
+  /** Source roster repo for this loop's workdir (meta.repo). The workdir is a
+   *  `git worktree add` off this repo's bare mirror (repo-cache/<repo>), so its
+   *  .git gitdir points into that mirror. When set, the mirror is bind-mounted
+   *  at its host path (src=dst, rw) so the worktree resolves inside the sandbox. */
+  repo?: string
   /** Extra env vars to pre-bake into the container at create time. */
   extraEnv?: Record<string, string>
   /** Image to create the container from. Defaults to SANDBOX_IMAGE.
@@ -190,7 +196,7 @@ export type VolumeMount = {
  */
 export async function buildVolumeMounts(opts: ContainerOptions): Promise<VolumeMount[]> {
   const hostHome = homedir()
-  const { loopId, createdBy, vaultName, knowledgeRw, mountAllLoops } = opts
+  const { loopId, createdBy, vaultName, knowledgeRw, mountAllLoops, repo } = opts
   const virtualHome = V_HOME(createdBy)
   const mounts: VolumeMount[] = []
 
@@ -204,6 +210,17 @@ export async function buildVolumeMounts(opts: ContainerOptions): Promise<VolumeM
 
   // Virtual mount points for AI / user:
   mounts.push({ src: loopWorkdir(loopId), dst: V_LOOP_WORKDIR(loopId) })
+
+  // Workdir built from a roster repo is a `git worktree add` off the repo's
+  // bare mirror (repo-cache/<repo>); the workdir's .git is a gitdir pointer INTO
+  // that mirror. Bind the mirror at its host path (src=dst) so the worktree's
+  // objects/refs/worktree-metadata resolve inside the sandbox — otherwise
+  // `git status` in the workdir is "fatal: not a git repository". rw because git
+  // writes the worktree's index/HEAD/logs under <mirror>/worktrees/<wt>/.
+  if (repo) {
+    const cache = personalRepoCacheDir(createdBy, repo)
+    mounts.push({ src: cache, dst: cache })
+  }
   mounts.push({ src: loopClaudeDir(loopId), dst: V_LOOP_CLAUDE(loopId) })
   mounts.push({
     src: loopContextKnowledge(loopId),

package/server/src/session.ts

@@ -499,6 +499,7 @@ class LoopSession {
       vaultName: meta.config?.vault,
       knowledgeRw: meta.config?.knowledge_rw,
       mountAllLoops: meta.config?.mount_all_loops,
+      repo: meta.repo,
       extraEnv,
       ephemeralPorts: loopEphemeralPorts(meta),
     }, {

package/server/src/term.ts

@@ -67,6 +67,7 @@ async function getOrSpawn(loopId: string, initCols = 80, initRows = 24): Promise
       vaultName: meta.config?.vault,
       knowledgeRw: meta.config?.knowledge_rw,
       mountAllLoops: meta.config?.mount_all_loops,
+      repo: meta.repo,
       extraEnv: personalCfg.vaultEnvs,
       ephemeralPorts: loopEphemeralPorts(meta),
     }, {