loopat 0.1.46 → 0.1.48

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "loopat",
-  "version": "0.1.46",
+  "version": "0.1.48",
   "description": "Self-hosted AI workspace built around context management — works solo, scales to teams",
   "license": "Apache-2.0",
   "homepage": "https://github.com/simpx/loopat",
@@ -37,7 +37,8 @@
     "prepublishOnly": "bun install && bun run build:web",
     "postinstall": "node scripts/install-sandbox-claude.mjs",
     "test:e2e": "playwright test",
-    "test:e2e:ui": "playwright test --ui"
+    "test:e2e:ui": "playwright test --ui",
+    "dogfood": "playwright test --config dogfood/playwright.config.ts"
   },
   "dependencies": {
     "@anthropic-ai/claude-agent-sdk": "^0.3.150",

package/server/src/loops.ts

@@ -1996,8 +1996,14 @@ async function _ensureContextWorktree(repo: string, path: string, branchName: st
   const start = await remoteStartPoint(repo)
   // -B (not -b): reset the branch if it lingers from a removed worktree, so a
   // rebuild always re-opens cleanly from the start point.
-  const tail = ["-B", branchName, path]
-  if (start) tail.push(start)
+  // No start point → `worktree add -B <branch> <path>` tries to seed the new
+  // branch from the main repo's HEAD. For an EMPTY context remote (e.g. a notes
+  // repo with no commits) the clone's HEAD is an unborn ref (`ref: main`); once
+  // the repo later gains an unrelated branch (master, pushed by another loop)
+  // git no longer infers `--orphan` and dies with `fatal: invalid reference:
+  // HEAD`. Pass `--orphan` ourselves so a startless worktree never depends on a
+  // resolvable HEAD — it opens an empty branch the loop can commit onto.
+  const tail = start ? ["-B", branchName, path, start] : ["--orphan", "-B", branchName, path]
 
   // git-crypt + worktree: the git-crypt key lives in the MAIN repo's
   // `.git/git-crypt`, but a worktree's gitdir is separate and has no key — so a

package/server/src/podman.ts

@@ -52,6 +52,7 @@ import {
   personalKnowledgeDir,
   personalNotesDir,
   personalReposDir,
+  personalRepoCacheDir,
   LOOPAT_INSTALL_DIR,
   loopHomeUpper,
   workspaceHomeSkelDir,
@@ -85,14 +86,20 @@ export const V_CONTEXT_CHAT = "/loopat/context/chat"
 export const V_HOST_EXEC_DIR = "/loopat/host-exec"
 export const V_HOST_EXEC_SOCK = "/loopat/host-exec/host-exec.sock"
 
-// $HOME inside the container. Deliberately NOT host's homedir — if we bound
-// host's $HOME at its real path, podman would auto-create parent dirs for
-// every nested bind (LOOPAT_HOME, LOOPAT_INSTALL_DIR, etc. all live under
-// host $HOME in typical installs), and those intermediate dirs end up owned
-// by a subuid that the user can't delete from the host. With $HOME under
-// /loopat/ — outside the host's homedir tree — every host-absolute bind
-// sits beside it, never inside.
-export const V_HOME = (user: string) => `/loopat/home/${user}`
+// $HOME inside the container. MUST equal the sandbox user's /etc/passwd home,
+// otherwise ssh/git resolve `~` (e.g. ~/.ssh) via getpwuid (= passwd home), NOT
+// $HOME — so a vault mounted at $HOME/.ssh is invisible to ssh and every
+// sandbox-side `git push`/clone fails "Host key verification failed" / can't
+// find the key. The image's `loopat` user (uid 2000) has passwd home
+// /home/loopat, so we use exactly that.
+//
+// Still NOT the host's homedir: binding host $HOME at its real path makes podman
+// auto-create nested-bind parent dirs owned by a subuid the host can't delete.
+// /home/loopat is a CONTAINER-internal path — host-absolute binds sit outside
+// it, and it vanishes with the container, so there's no host residue. (Per-user
+// distinction is unnecessary: each loop has its own isolated container + home
+// overlay; the home path inside need not encode the user.)
+export const V_HOME = (_user: string) => `/home/loopat`
 
 // Label keys for podman inspect.
 const LABEL_LOOP = "loopat.loop-id"
@@ -106,7 +113,12 @@ const LABEL_CONFIG_HASH = "loopat.config-hash"
 // by the loopat.workspace label, not this name — the name only prevents tag
 // collisions. Same-Containerfile builds still share overlay layers, so the
 // per-workspace tags don't multiply disk usage.
-export const SANDBOX_IMAGE = process.env.LOOPAT_SANDBOX_IMAGE || `loopat-sandbox-${WORKSPACE}:latest`
+// Image tag is content-addressed (no workspace prefix) so the same image is
+// reused across workspaces/LOOPAT_HOMEs instead of rebuilt per workspace. The
+// trade-off (deliberate): deleting a workspace no longer prunes its images —
+// we'd rather leave a residual image than rebuild on every fresh workspace.
+// Containers + their LABEL_WORKSPACE stay workspace-scoped (runtime isolation).
+export const SANDBOX_IMAGE = process.env.LOOPAT_SANDBOX_IMAGE || `loopat-sandbox:latest`
 // Prebuilt multi-arch base image published to GHCR by CI, tagged by the
 // Containerfile content hash. ensureSandboxImage pulls this instead of building
 // locally — a pull is faster and far more reliable than apt-installing ~150
@@ -128,6 +140,11 @@ export type ContainerOptions = {
   vaultName?: string
   knowledgeRw?: boolean
   mountAllLoops?: boolean
+  /** Source roster repo for this loop's workdir (meta.repo). The workdir is a
+   *  `git worktree add` off this repo's bare mirror (repo-cache/<repo>), so its
+   *  .git gitdir points into that mirror. When set, the mirror is bind-mounted
+   *  at its host path (src=dst, rw) so the worktree resolves inside the sandbox. */
+  repo?: string
   /** Extra env vars to pre-bake into the container at create time. */
   extraEnv?: Record<string, string>
   /** Image to create the container from. Defaults to SANDBOX_IMAGE.
@@ -190,7 +207,7 @@ export type VolumeMount = {
  */
 export async function buildVolumeMounts(opts: ContainerOptions): Promise<VolumeMount[]> {
   const hostHome = homedir()
-  const { loopId, createdBy, vaultName, knowledgeRw, mountAllLoops } = opts
+  const { loopId, createdBy, vaultName, knowledgeRw, mountAllLoops, repo } = opts
   const virtualHome = V_HOME(createdBy)
   const mounts: VolumeMount[] = []
 
@@ -204,6 +221,17 @@ export async function buildVolumeMounts(opts: ContainerOptions): Promise<VolumeM
 
   // Virtual mount points for AI / user:
   mounts.push({ src: loopWorkdir(loopId), dst: V_LOOP_WORKDIR(loopId) })
+
+  // Workdir built from a roster repo is a `git worktree add` off the repo's
+  // bare mirror (repo-cache/<repo>); the workdir's .git is a gitdir pointer INTO
+  // that mirror. Bind the mirror at its host path (src=dst) so the worktree's
+  // objects/refs/worktree-metadata resolve inside the sandbox — otherwise
+  // `git status` in the workdir is "fatal: not a git repository". rw because git
+  // writes the worktree's index/HEAD/logs under <mirror>/worktrees/<wt>/.
+  if (repo) {
+    const cache = personalRepoCacheDir(createdBy, repo)
+    mounts.push({ src: cache, dst: cache })
+  }
   mounts.push({ src: loopClaudeDir(loopId), dst: V_LOOP_CLAUDE(loopId) })
   mounts.push({
     src: loopContextKnowledge(loopId),
@@ -582,7 +610,7 @@ export async function ensureSandboxImage(opts?: { onProgress?: (msg: string) =>
 
     // Hash the Containerfile so the base image auto-rebuilds when it changes.
     const hash = await baseContainerfileHash()
-    const hashTag = `loopat-sandbox-${WORKSPACE}-${hash}:latest`
+    const hashTag = `loopat-sandbox-${hash}:latest`
 
     const present = await runPodman(["image", "exists", hashTag], { allowFail: true })
     if (present.code === 0) {
@@ -704,7 +732,7 @@ export async function ensureLoopImage(loopId: string, opts?: { onProgress?: (msg
   // after the nested-podman base change shipped).
   const baseHash = await baseContainerfileHash()
   const hash = createHash("sha256").update(`base:${baseHash}\n`).update(content).digest("hex").slice(0, 16)
-  const tag = `loopat-sandbox-${WORKSPACE}-${hash}:latest`
+  const tag = `loopat-sandbox-${hash}:latest`
 
   const existing = _loopImageInFlight.get(tag)
   if (existing) return existing

package/server/src/session.ts

@@ -499,6 +499,7 @@ class LoopSession {
       vaultName: meta.config?.vault,
       knowledgeRw: meta.config?.knowledge_rw,
       mountAllLoops: meta.config?.mount_all_loops,
+      repo: meta.repo,
       extraEnv,
       ephemeralPorts: loopEphemeralPorts(meta),
     }, {

package/server/src/term.ts

@@ -67,6 +67,7 @@ async function getOrSpawn(loopId: string, initCols = 80, initRows = 24): Promise
       vaultName: meta.config?.vault,
       knowledgeRw: meta.config?.knowledge_rw,
       mountAllLoops: meta.config?.mount_all_loops,
+      repo: meta.repo,
       extraEnv: personalCfg.vaultEnvs,
       ephemeralPorts: loopEphemeralPorts(meta),
     }, {