From be3ad2333249dbd57ddbc701454028d9416f3f62 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 11 Apr 2026 15:14:29 +0000
Subject: [PATCH 1/2] Initial plan


From ec9f5ea9eed983b640af91d434a1df783289fdc0 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 11 Apr 2026 15:26:06 +0000
Subject: [PATCH 2/2] fix: ensure ~/.gemini is writable by agent user in chroot

---
 containers/agent/entrypoint.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/containers/agent/entrypoint.sh b/containers/agent/entrypoint.sh
index 99f05ad3..ea68a68b 100644
--- a/containers/agent/entrypoint.sh
+++ b/containers/agent/entrypoint.sh
@@ -783,6 +783,21 @@ AWFEOF
     fi
   fi
 
+  # Ensure ~/.gemini exists and is owned by the chroot user.
+  # If Docker created this directory as root:root (because it did not exist on the
+  # host at container start time), the Gemini CLI cannot write its project registry
+  # (atomic rename of projects.json.tmp → projects.json fails with ENOENT).
+  # AWF pre-creates this directory host-side in writeConfigs(), but on first run or
+  # after a previous failed run the directory may still be root-owned.
+  # We fix ownership here (as root, before privilege drop) as a defense-in-depth measure.
+  GEMINI_DIR="/host${HOME}/.gemini"
+  mkdir -p "${GEMINI_DIR}" 2>/dev/null || true
+  if chown "${HOST_UID}:${HOST_GID}" "${GEMINI_DIR}" 2>/dev/null; then
+    echo "[entrypoint] Ensured ~/.gemini ownership for chroot user (${HOST_UID}:${HOST_GID})"
+  else
+    echo "[entrypoint][WARN] Could not set ~/.gemini ownership to chroot user (${HOST_UID}:${HOST_GID})"
+  fi
+
   # Build LD_PRELOAD command for one-shot token protection
   LD_PRELOAD_CMD=""
   if [ -n "${ONE_SHOT_TOKEN_LIB}" ]; then