config: install varlock as agent user, not root

[benvinegar]

Problem

setup.sh runs curl | sh as root to install varlock. This installs varlock to root's home directory (e.g. /root/.varlock/bin/varlock). But start.sh runs as baudbot_agent and expects varlock at ~/.varlock/bin/varlock under the agent's home. Result: varlock: command not found and the agent crash-loops.

Fix

Run the varlock installer as baudbot_agent via sudo -u, so it installs to /home/baudbot_agent/.varlock/bin/varlock.

# Before (installs to root's home)
curl -sSfL https://varlock.dev/install.sh | sh -s

# After (installs to agent's home)
sudo -u baudbot_agent bash -c 'curl -sSfL https://varlock.dev/install.sh | sh -s'

Also checks $BAUDBOT_HOME/.varlock/bin/varlock before installing (idempotent).

[greptile-apps]

Greptile Summary

Fixed varlock installation to run as the baudbot_agent user instead of root, resolving a crash-loop where start.sh couldn't find varlock in the agent's home directory.

• Changed varlock installer to run via sudo -u baudbot_agent so it installs to /home/baudbot_agent/.varlock/bin/varlock
• Improved idempotency check from command -v varlock to explicit path check $BAUDBOT_HOME/.varlock/bin/varlock
• Added explanatory comment about why varlock must be installed as the agent user

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The fix correctly addresses the crash-loop issue by installing varlock as the agent user. The change is straightforward, follows existing patterns in the codebase (similar to SSH key and Node.js installation), and improves the idempotency check. No security implications or potential side effects.
• No files require special attention

Important Files Changed

Filename	Overview
setup.sh	Fixed varlock installation to run as baudbot_agent user instead of root, resolving crash-loop issue. Improved idempotency check.

_{Last reviewed commit: 29e106a}