Skip to content

Prepare agent home for non-root harness startup#76

Merged
ptone merged 4 commits into
GoogleCloudPlatform:mainfrom
mfreeman451:fix/harness-home-directories
Apr 10, 2026
Merged

Prepare agent home for non-root harness startup#76
ptone merged 4 commits into
GoogleCloudPlatform:mainfrom
mfreeman451:fix/harness-home-directories

Conversation

@mfreeman451
Copy link
Copy Markdown
Contributor

@mfreeman451 mfreeman451 commented Apr 8, 2026
edited
Loading

Summary

  • precreate harness-specific home directories and the shared ~/.scion directory in the runtime images
  • skip root-only init/git setup when agents already run as a non-root user and expose Codex on the standard shell PATH
  • avoid hosted permission failures during non-root harness bootstrap, especially around scion-env and synchronized home state

Problem

Hosted non-root agents can fail during startup because the synchronized home layout assumes a few writable directories and init-time behaviors that only work cleanly as root. In practice this showed up as permission failures writing shared Scion state and initializing harness-specific home content.

Validation

  • go test ./cmd/sciontool/commands
  • hosted Kubernetes proof using registry.carverauto.dev/scion/scion-codex:home-dirs-a20a5f7b
    • Failed to write scion-env file absent
    • Error loading configuration: Permission denied absent

mfreeman451
mfreeman451 commented Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@mfreeman451 mfreeman451 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mfreeman451 mfreeman451 marked this pull request as ready for review April 8, 2026 20:51
@mfreeman451
Copy link
Copy Markdown
Contributor Author

mfreeman451 commented Apr 8, 2026

Tracking issue: #87

@mfreeman451 mfreeman451 mentioned this pull request Apr 8, 2026
Open
@mfreeman451
Copy link
Copy Markdown
Contributor Author

mfreeman451 commented Apr 9, 2026

Added follow-up commit a20a5f7 on this branch to precreate ~/.scion in scion-base as well. The original harness-specific dirs (.codex, .gemini) were not enough for hosted K8s because sciontool also needs a writable shared ~/.scion/scion-env path.

@mfreeman451 mfreeman451 changed the title Precreate harness home directories Prepare agent home for non-root harness startup Apr 9, 2026
mfreeman451
mfreeman451 commented Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@mfreeman451 mfreeman451 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@ptone ptone merged commit 79478f6 into GoogleCloudPlatform:main Apr 10, 2026
1 check passed
@mfreeman451 mfreeman451 deleted the fix/harness-home-directories branch April 11, 2026 05:15
scion-gteam Bot referenced this pull request in ptone/scion Apr 12, 2026
@mfreeman451
Prepare agent home for non-root harness startup (#76)
7a7329e 
* Precreate harness home directories

* Expose codex on standard shell PATH

* Skip root-only git setup in non-root containers

* Precreate shared Scion home directory
@jmeekhof jmeekhof mentioned this pull request Jun 2, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mfreeman451 @ptone