fix(api): run scoped skiller as project user

Author: skulidropek

docs/pr-screenshots/issue-365/skiller-dashboard.png

@@ -0,0 +1,11 @@
+{
+  "click": {
+    "clicked": true,
+    "text": "Projects1",
+    "href": "#/projects"
+  },
+  "page": {
+    "href": "http://127.0.0.1:45112/api/skiller/app/#/projects",
+    "text": "Import from Git\nImport from Local\nWORKSPACE\nDashboard\nAll Skills\n0\nMarketplace\nProjects\n1\nSettings\nProjects\nAdd project\n\napp\n\n/home/dev/app\n\napp\n/home/dev/app\nImport from Git\nImport Local\nCopy from installed\nSKILLS IN THIS PROJECT\n\nNo project-scoped skills yet.\n\nNo skills here yet. Copy one you already have installed, import from Git, or browse the Marketplace — use the buttons above or below.\n\nCopy from installed\nImport from Git\nBrowse Marketplace\nSYSTEM PROMPTS\n\nEdit the prompt files that Codex, Claude Code, and Gemini read from this container.\n\nProject system prompts\n\nFiles in this repository workspace.\n\nCodex\n\nnot created\n\n/home/dev/app/AGENTS.md\n\nDelete\nSave\n\nClaude Code\n\nnot created\n\n/home/dev/app/CLAUDE.md\n\nDelete\nSave\n\nGemini\n\nnot created\n\n/home/dev/app/GEMINI.md\n\nDelete\nSave\nGlobal system prompts\n\nFiles in the selected container home.\n\nCodex\n\nnot created\n\n/tmp/docker-git-skiller/0e9c63fe5287/home/.codex/AGENTS.md\n\nDelete\nSave\n\nClaude Code\n\nnot created\n\n/tmp/docker-git-skiller/"
+  }
+}

docs/pr-screenshots/issue-365/skiller-projects-after-click.json

@@ -1,5 +1,5 @@
-import { spawn, type ChildProcess } from "node:child_process"
-import { chownSync, closeSync, existsSync, mkdirSync, openSync, readFileSync, statSync } from "node:fs"
+import { spawn, spawnSync, type ChildProcess } from "node:child_process"
+import { chmodSync, chownSync, closeSync, existsSync, mkdirSync, openSync, readFileSync, statSync } from "node:fs"
 import { createServer } from "node:net"
 import { homedir } from "node:os"
 import { dirname, join, resolve } from "node:path"
@@ -49,11 +49,25 @@ type SkillerProcess = {
   readonly trpcPort: number
 }
 
-type SkillerProcessUser = {
+export type SkillerProcessUser = {
   readonly gid: number
   readonly uid: number
 }
 
+export type SkillerLaunchCommand = {
+  readonly args: ReadonlyArray<string>
+  readonly command: string
+  readonly groupName?: string
+  readonly gid?: number
+  readonly uid?: number
+  readonly userName?: string
+}
+
+type SkillerProcessAccount = SkillerProcessUser & {
+  readonly groupName: string
+  readonly userName: string
+}
+
 export type SkillerRoute =
   | { readonly _tag: "App"; readonly relativePath: string; readonly sessionId: string | null }
   | { readonly _tag: "Trpc"; readonly sessionId: string | null; readonly upstreamPath: string }
@@ -285,7 +299,7 @@ const waitForSkillerReady = (trpcPort: number): Effect.Effect<void, ApiInternalE
     }
   })
 
-const launchScript = [
+const prepareLaunchScript = [
   "set -euo pipefail",
   "DOCKER_GIT_SKILLER_PATCH=../../patches/skiller/docker-git-browser-folder-picker.patch",
   "DOCKER_GIT_SKILLER_PATCH_MARKER=out/.docker-git-browser-folder-picker.patch",
@@ -296,27 +310,58 @@ const launchScript = [
   "  mkdir -p out",
   "  touch \"$DOCKER_GIT_SKILLER_PATCH_MARKER\"",
   "fi",
-  "if [ ! -e out/preload/index.js ]; then ln -sf index.mjs out/preload/index.js; fi",
+  "if [ ! -e out/preload/index.js ]; then ln -sf index.mjs out/preload/index.js; fi"
+].join("\n")
+
+const electronLaunchFlags = [
+  "--no-sandbox",
+  "--disable-dev-shm-usage",
+  "--disable-gpu",
+  "--no-zygote"
+].join(" ")
+
+const electronLaunchScript = [
+  "set -euo pipefail",
   "if [ -z \"${DISPLAY:-}\" ] && command -v xvfb-run >/dev/null 2>&1; then",
-  "  exec xvfb-run -a ./node_modules/electron/dist/electron --no-sandbox out/main/index.js",
+  `  exec xvfb-run -a ./node_modules/electron/dist/electron ${electronLaunchFlags} out/main/index.js`,
   "fi",
-  "exec ./node_modules/electron/dist/electron --no-sandbox out/main/index.js"
+  `exec ./node_modules/electron/dist/electron ${electronLaunchFlags} out/main/index.js`
 ].join("\n")
 
+const skillerXdgRoot = (scope: SkillerContainerScope): string =>
+  join(scope.hostHomePath, ".docker-git", "skiller")
+
+const safeRuntimeKey = (value: string): string =>
+  value.replace(/[^A-Za-z0-9._-]/gu, "_")
+
+const skillerRuntimeBase = "/tmp/docker-git-skiller"
+
+const skillerRuntimeRoot = (scope: SkillerContainerScope): string =>
+  join(skillerRuntimeBase, safeRuntimeKey(scope.projectKey))
+
+const dockerVolumeRoot = "/var/lib/docker/volumes"
+
 const skillerHomeEnv = (
-  scope: SkillerContainerScope | null
+  scope: SkillerContainerScope | null,
+  processUserName?: string
 ): Record<string, string> =>
   scope === null
     ? {}
-    : {
-      DOCKER_GIT_SKILLER_CONTAINER_HOME_PATH: scope.containerHomePath,
-      DOCKER_GIT_SKILLER_HOST_ENV_GLOBAL_PATH: scope.hostEnvGlobalPath,
-      HOME: scope.hostHomePath,
-      USER: scope.sshUser,
-      XDG_CACHE_HOME: join(scope.hostHomePath, ".cache"),
-      XDG_CONFIG_HOME: join(scope.hostHomePath, ".config"),
-      XDG_DATA_HOME: join(scope.hostHomePath, ".local", "share")
-    }
+    : (() => {
+      const runtimeRoot = skillerRuntimeRoot(scope)
+      const userName = processUserName ?? scope.sshUser
+      return {
+        DOCKER_GIT_SKILLER_CONTAINER_HOME_PATH: scope.containerHomePath,
+        DOCKER_GIT_SKILLER_HOST_ENV_GLOBAL_PATH: scope.hostEnvGlobalPath,
+        HOME: join(runtimeRoot, "home"),
+        LOGNAME: userName,
+        USER: userName,
+        XDG_CACHE_HOME: join(runtimeRoot, "cache"),
+        XDG_CONFIG_HOME: join(runtimeRoot, "config"),
+        XDG_DATA_HOME: join(runtimeRoot, "data"),
+        XDG_RUNTIME_DIR: join(runtimeRoot, "runtime")
+      }
+    })()
 
 const scopedProcessUser = (
   scope: SkillerContainerScope | null
@@ -328,12 +373,45 @@ const scopedProcessUser = (
   return { gid: stats.gid, uid: stats.uid }
 }
 
-const ensureOwnedDirectory = (path: string, user: SkillerProcessUser): void => {
-  mkdirSync(path, { recursive: true })
+const ensureOwnedDirectory = (path: string, user: SkillerProcessUser, mode?: number): void => {
+  mkdirSync(path, { mode, recursive: true })
   const stats = statSync(path)
   if (stats.uid !== user.uid || stats.gid !== user.gid) {
     chownSync(path, user.uid, user.gid)
   }
+  if (mode !== undefined) {
+    chmodSync(path, mode)
+  }
+}
+
+const ensureDirectoryMode = (path: string, mode: number): void => {
+  mkdirSync(path, { mode, recursive: true })
+  chmodSync(path, mode)
+}
+
+const ensureOtherExecute = (path: string): void => {
+  const stats = statSync(path)
+  const mode = stats.mode & 0o7777
+  if (stats.isDirectory() && (mode & 0o001) === 0) {
+    chmodSync(path, mode | 0o001)
+  }
+}
+
+const ensureKnownDockerVolumeTraverse = (path: string): void => {
+  const normalizedRoot = `${dockerVolumeRoot}/`
+  if (!path.startsWith(normalizedRoot)) {
+    return
+  }
+  // Docker data dirs are often 0710 root:root; non-root Skiller only needs
+  // execute on known ancestors to stat an already-selected project path.
+  let current = "/var/lib/docker"
+  ensureOtherExecute(current)
+  for (const part of path.slice(current.length + 1).split("/").slice(0, -1)) {
+    current = join(current, part)
+    if (existsSync(current)) {
+      ensureOtherExecute(current)
+    }
+  }
 }
 
 const chownIfExists = (path: string, user: SkillerProcessUser): void => {
@@ -358,15 +436,102 @@ const prepareSkillerScopeHome = (scope: SkillerContainerScope | null): SkillerPr
   ensureOwnedDirectory(join(scope.hostHomePath, ".cache"), processUser)
   ensureOwnedDirectory(join(scope.hostHomePath, ".local", "share"), processUser)
   ensureOwnedDirectory(join(scope.hostHomePath, ".skiller"), processUser)
+  ensureOwnedDirectory(join(scope.hostHomePath, ".docker-git"), processUser)
+  ensureOwnedDirectory(skillerXdgRoot(scope), processUser)
+  ensureOwnedDirectory(join(skillerXdgRoot(scope), "cache"), processUser)
+  ensureOwnedDirectory(join(skillerXdgRoot(scope), "config"), processUser)
+  ensureOwnedDirectory(join(skillerXdgRoot(scope), "data"), processUser)
+  ensureOwnedDirectory(join(skillerXdgRoot(scope), "runtime"), processUser, 0o700)
+  ensureDirectoryMode(skillerRuntimeBase, 0o711)
+  ensureOwnedDirectory(skillerRuntimeRoot(scope), processUser, 0o700)
+  ensureOwnedDirectory(join(skillerRuntimeRoot(scope), "home"), processUser, 0o700)
+  ensureOwnedDirectory(join(skillerRuntimeRoot(scope), "cache"), processUser, 0o700)
+  ensureOwnedDirectory(join(skillerRuntimeRoot(scope), "config"), processUser, 0o700)
+  ensureOwnedDirectory(join(skillerRuntimeRoot(scope), "data"), processUser, 0o700)
+  ensureOwnedDirectory(join(skillerRuntimeRoot(scope), "runtime"), processUser, 0o700)
+  ensureKnownDockerVolumeTraverse(scope.hostHomePath)
+  ensureKnownDockerVolumeTraverse(scope.hostCodexSkillsPath)
+  ensureKnownDockerVolumeTraverse(scope.hostProjectPath)
   chownIfExists(join(scope.hostHomePath, ".codex", "config.toml"), processUser)
   chownIfExists(join(scope.hostHomePath, ".skiller", "config.toml"), processUser)
   return processUser
 }
 
-// Electron aborts under setpriv in the controller image even with --no-sandbox.
-// Project scope still comes from explicit host paths and the browser bootstrap.
-export const skillerLaunchCommand = (): readonly [string, ReadonlyArray<string>] =>
-  ["bash", ["-lc", launchScript]]
+const nameForId = (
+  contents: string,
+  id: number,
+  idFieldIndex: number
+): string | null => {
+  for (const line of contents.split(/\r?\n/u)) {
+    const fields = line.split(":")
+    const name = fields[0]
+    const rawId = fields[idFieldIndex]
+    if (name === undefined || rawId === undefined) {
+      continue
+    }
+    if (Number.parseInt(rawId, 10) === id) {
+      return name
+    }
+  }
+  return null
+}
+
+const resolveSkillerProcessAccount = (user: SkillerProcessUser): SkillerProcessAccount => {
+  if (user.uid === 0 || user.gid === 0) {
+    throw new Error("Refusing to launch scoped Skiller as root; selected container home is root-owned.")
+  }
+  const userName = nameForId(readFileSync("/etc/passwd", "utf8"), user.uid, 2)
+  if (userName === null) {
+    throw new Error(`Cannot launch scoped Skiller: no local passwd entry for UID ${user.uid}.`)
+  }
+  const groupName = nameForId(readFileSync("/etc/group", "utf8"), user.gid, 2)
+  if (groupName === null) {
+    throw new Error(`Cannot launch scoped Skiller: no local group entry for GID ${user.gid}.`)
+  }
+  return { ...user, groupName, userName }
+}
+
+export const skillerLaunchCommand = (
+  user: SkillerProcessUser | null,
+  resolveAccount: (user: SkillerProcessUser) => SkillerProcessAccount = resolveSkillerProcessAccount
+): SkillerLaunchCommand => {
+  if (user === null) {
+    return { args: ["-c", electronLaunchScript], command: "bash" }
+  }
+  const account = resolveAccount(user)
+  return {
+    args: [
+      "--preserve-environment",
+      "-u",
+      account.userName,
+      "-g",
+      account.groupName,
+      "--",
+      "bash",
+      "-c",
+      electronLaunchScript
+    ],
+    command: "runuser",
+    gid: account.gid,
+    groupName: account.groupName,
+    uid: account.uid,
+    userName: account.userName
+  }
+}
+
+const prepareSkillerRuntime = (skillerDir: string, logFd: number): void => {
+  const result = spawnSync("bash", ["-c", prepareLaunchScript], {
+    cwd: skillerDir,
+    env: process.env,
+    stdio: ["ignore", logFd, logFd]
+  })
+  if (result.error !== undefined) {
+    throw result.error
+  }
+  if (result.status !== 0) {
+    throw new Error(`Skiller runtime preparation failed with exit code ${result.status ?? `signal ${result.signal}`}.`)
+  }
+}
 
 const stopSkillerProcess = (process: SkillerProcess): void => {
   const pid = process.process.pid
@@ -410,18 +575,19 @@ const launchSkillerProcess = (
   scope: SkillerContainerScope | null
 ): SkillerLaunch => {
   mkdirSync(dirname(launchLogPath), { recursive: true })
-  prepareSkillerScopeHome(scope)
+  const processUser = prepareSkillerScopeHome(scope)
   const logFd = openSync(launchLogPath, "a")
   try {
-    const [command, args] = skillerLaunchCommand()
-    const child = spawn(command, args, {
+    prepareSkillerRuntime(skillerDir, logFd)
+    const launchCommand = skillerLaunchCommand(processUser)
+    const child = spawn(launchCommand.command, launchCommand.args, {
       cwd: skillerDir,
       detached: true,
       env: {
         ...process.env,
         AGENTSKILLS_TRPC_PORT: String(trpcPort),
         ELECTRON_ENABLE_LOGGING: "1",
-        ...skillerHomeEnv(scope)
+        ...skillerHomeEnv(scope, launchCommand.userName)
       },
       stdio: ["ignore", logFd, logFd]
     })

docs/pr-screenshots/issue-365/skiller-projects-after-click.png

@@ -33,12 +33,37 @@ const scope = (projectKey: string): SkillerContainerScope => ({
 
 describe("skiller routes", () => {
   it("launches Electron through the Skiller launch script", () => {
-    const [command, args] = skillerLaunchCommand()
-    const launchCommand = args.join("\n")
+    const launch = skillerLaunchCommand(null)
+    const launchCommand = launch.args.join("\n")
 
-    expect(command).toBe("bash")
+    expect(launch.command).toBe("bash")
+    expect(launch.args).toContain("-c")
     expect(launchCommand).toContain("xvfb-run -a ./node_modules/electron/dist/electron")
     expect(launchCommand).toContain("exec ./node_modules/electron/dist/electron")
+    expect(launchCommand).toContain("--disable-dev-shm-usage")
+  })
+
+  it("launches scoped Skiller with the selected home owner credentials", () => {
+    const launch = skillerLaunchCommand(
+      { gid: 1000, uid: 1000 },
+      (user) => ({ ...user, groupName: "ubuntu", userName: "ubuntu" })
+    )
+
+    expect(launch.command).toBe("runuser")
+    expect(launch.args).toEqual(expect.arrayContaining([
+      "--preserve-environment",
+      "-u",
+      "ubuntu",
+      "-g",
+      "ubuntu",
+      "--",
+      "bash",
+      "-c"
+    ]))
+    expect(launch.gid).toBe(1000)
+    expect(launch.groupName).toBe("ubuntu")
+    expect(launch.uid).toBe(1000)
+    expect(launch.userName).toBe("ubuntu")
   })
 
   it("keeps the terminal session id on session-scoped app routes", () => {