From 30134f95def7250448402b08bc1519b996227fae Mon Sep 17 00:00:00 2001
From: AnExiledDev <696222+AnExiledDev@users.noreply.github.com>
Date: Wed, 29 Apr 2026 03:42:30 +0000
Subject: [PATCH 1/2] fix(container): add git safe.directory to setup.sh

Bind-mounted /workspaces may have a different uid than the container
user, causing Git to refuse all operations with "dubious ownership"
errors (CVE-2022-24765). Runs on every container start before any
setup stages.
---
 container/.devcontainer/CHANGELOG.md     | 4 ++++
 container/.devcontainer/scripts/setup.sh | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/container/.devcontainer/CHANGELOG.md b/container/.devcontainer/CHANGELOG.md
index 95f80c0..b049fc3 100644
--- a/container/.devcontainer/CHANGELOG.md
+++ b/container/.devcontainer/CHANGELOG.md
@@ -6,6 +6,10 @@
 
 - **Shell terminal keybinds hardened** — disabled `Ctrl+Z` (suspend, which closes Docker-attached panes), `Ctrl+S/Q` (flow control freeze), and `Ctrl+W` (conflicts with Windows Terminal close-tab). Rebound `Ctrl+\` (SIGQUIT) to `Ctrl+]` and `Ctrl+D` (EOF) to `Ctrl+^` as emergency-only alternatives. Also unbound zsh's `Alt+W` (copy-region-as-kill) and `Alt+Q` (push-line) to free those keys for terminal use.
 
+### Security
+
+- **Git safe.directory configured on container start** — bind-mounted `/workspaces` may have a different uid than the container user, causing Git to refuse all operations with "dubious ownership" errors (CVE-2022-24765). `setup.sh` now runs `git config --global safe.directory` using `$WORKSPACE_ROOT` on every start.
+
 ### Hermes Agent
 
 - **New feature: `hermes-agent`** — installs [Nous Research's Hermes Agent](https://hermes-agent.nousresearch.com/) CLI via the upstream `curl | bash` installer with `--skip-setup`. Hermes uses the plain `anthropic` / `openai` Python SDKs directly and supports any compatible provider (Anthropic, OpenAI, MiniMax, local models). Enabled by default; set `"version": "none"` in `devcontainer.json` to disable.
diff --git a/container/.devcontainer/scripts/setup.sh b/container/.devcontainer/scripts/setup.sh
index 09fd9c7..6c57387 100755
--- a/container/.devcontainer/scripts/setup.sh
+++ b/container/.devcontainer/scripts/setup.sh
@@ -75,6 +75,11 @@ if ! sudo chown "$(id -un):$(id -gn)" "$HOME/.claude" 2>/dev/null; then
     echo "[setup] WARNING: Could not fix volume ownership on $HOME/.claude — subsequent scripts may fail"
 fi
 
+# Mark workspace as safe for Git — bind-mounted workspace may have
+# different uid than container user, causing "dubious ownership"
+# errors (CVE-2022-24765)
+git config --global safe.directory "${WORKSPACE_ROOT:-/workspaces}"
+
 SETUP_START=$(date +%s)
 SETUP_RESULTS=()
 

From 0fc0fae9f82054b070fa8a6294d1c6d0a20748e8 Mon Sep 17 00:00:00 2001
From: AnExiledDev <696222+AnExiledDev@users.noreply.github.com>
Date: Wed, 29 Apr 2026 21:03:32 +0000
Subject: [PATCH 2/2] fix(container): use --add flag for git safe.directory
 config

git config fails with exit code 5 when safe.directory already has
multiple values. Using --add prevents this, and the error handler
logs a warning consistent with the chown pattern above.
---
 container/.devcontainer/scripts/setup.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/container/.devcontainer/scripts/setup.sh b/container/.devcontainer/scripts/setup.sh
index 6c57387..c4977ad 100755
--- a/container/.devcontainer/scripts/setup.sh
+++ b/container/.devcontainer/scripts/setup.sh
@@ -78,7 +78,9 @@ fi
 # Mark workspace as safe for Git — bind-mounted workspace may have
 # different uid than container user, causing "dubious ownership"
 # errors (CVE-2022-24765)
-git config --global safe.directory "${WORKSPACE_ROOT:-/workspaces}"
+if ! git config --global --add safe.directory "${WORKSPACE_ROOT:-/workspaces}" 2>/dev/null; then
+    echo "[setup] WARNING: Could not configure git safe.directory — git operations may show 'dubious ownership' errors"
+fi
 
 SETUP_START=$(date +%s)
 SETUP_RESULTS=()