fix(api): make bundled skiller launch reproducible

Author: skulidropek

packages/api/Dockerfile

@@ -121,6 +121,13 @@ RUN if [ "$DOCKER_GIT_CONTROLLER_BUILD_SKILLER" = "1" ]; then \
           rm -rf /root/.bun/install/cache node_modules; \
           sleep $((attempt * 2)); \
         done \
+      && electron_zip="$(find "${electron_config_cache:-/root/.cache/electron}" -name 'electron-v*-linux-*.zip' -print -quit)" \
+      && test -n "$electron_zip" \
+      && rm -rf node_modules/electron/dist node_modules/electron/path.txt \
+      && mkdir -p node_modules/electron/dist \
+      && unzip -q "$electron_zip" -d node_modules/electron/dist \
+      && printf '%s' electron > node_modules/electron/path.txt \
+      && test -x node_modules/electron/dist/electron \
       && bun run build \
       && touch out/.docker-git-browser-folder-picker.patch \
       && mkdir -p out/preload \

packages/api/src/services/skiller.ts

@@ -363,22 +363,10 @@ const prepareSkillerScopeHome = (scope: SkillerContainerScope | null): SkillerPr
   return processUser
 }
 
-const skillerLaunchCommand = (
-  user: SkillerProcessUser | null
-): readonly [string, ReadonlyArray<string>] =>
-  user === null
-    ? ["bash", ["-lc", launchScript]]
-    : [
-      "setpriv",
-      [
-        `--reuid=${user.uid}`,
-        `--regid=${user.gid}`,
-        "--clear-groups",
-        "bash",
-        "-lc",
-        launchScript
-      ]
-    ]
+// Electron aborts under setpriv in the controller image even with --no-sandbox.
+// Project scope still comes from explicit host paths and the browser bootstrap.
+export const skillerLaunchCommand = (): readonly [string, ReadonlyArray<string>] =>
+  ["bash", ["-lc", launchScript]]
 
 const stopSkillerProcess = (process: SkillerProcess): void => {
   const pid = process.process.pid
@@ -422,10 +410,10 @@ const launchSkillerProcess = (
   scope: SkillerContainerScope | null
 ): SkillerLaunch => {
   mkdirSync(dirname(launchLogPath), { recursive: true })
-  const processUser = prepareSkillerScopeHome(scope)
+  prepareSkillerScopeHome(scope)
   const logFd = openSync(launchLogPath, "a")
   try {
-    const [command, args] = skillerLaunchCommand(processUser)
+    const [command, args] = skillerLaunchCommand()
     const child = spawn(command, args, {
       cwd: skillerDir,
       detached: true,

packages/api/tests/skiller-routes.test.ts

@@ -4,6 +4,7 @@ import {
   parseSkillerRoute,
   resolveSkillerBrowserScopeSelection,
   resolveSkillerRouteScopeSelection,
+  skillerLaunchCommand,
   type SkillerRoute
 } from "../src/services/skiller.js"
 import type { SkillerContainerScope } from "../src/services/skiller-core.js"
@@ -31,6 +32,14 @@ const scope = (projectKey: string): SkillerContainerScope => ({
 })
 
 describe("skiller routes", () => {
+  it("launches Electron as the controller process user", () => {
+    const [command, args] = skillerLaunchCommand()
+
+    expect(command).toBe("bash")
+    expect(args.join(" ")).not.toContain("setpriv")
+    expect(args).toContainEqual(expect.stringContaining("node_modules/electron/dist/electron"))
+  })
+
   it("keeps the terminal session id on session-scoped app routes", () => {
     expect(parseSkillerRoute("/api/ssh/session/terminal-proof/skiller/app/")).toEqual({
       _tag: "App",

packages/app/tests/docker-git/controller-resource-limits.test.ts

@@ -95,6 +95,18 @@ describe("controller compose resource limits", () => {
   }
 })
 
+describe("controller Skiller Dockerfile", () => {
+  it.effect("materializes Electron binary before bundling Skiller", () =>
+    Effect.gen(function*(_) {
+      const contents = yield* _(readComposeFile("packages/api/Dockerfile"))
+      expect(contents).toContain(
+        `electron_zip="$(find "\${electron_config_cache:-/root/.cache/electron}" -name 'electron-v*-linux-*.zip' -print -quit)"`
+      )
+      expect(contents).toContain("unzip -q \"$electron_zip\" -d node_modules/electron/dist")
+      expect(contents).toContain("test -x node_modules/electron/dist/electron")
+    }))
+})
+
 describe("controller resource limit resolution", () => {
   it.effect("resolves CPU and RAM defaults to 90% of host resources", () =>
     Effect.sync(() => {