Merge remote-tracking branch 'origin/main' into skill/apple-container

# Conflicts: # src/container-runner.ts
2026-03-09 23:20:34 +02:00
parent 2f1933775c e7852a45a5
commit 4cdd09c45c
16 changed files with 481 additions and 84 deletions
--- a/container/Dockerfile
+++ b/container/Dockerfile
@@ -51,7 +51,8 @@ RUN npm run build
 RUN mkdir -p /workspace/group /workspace/global /workspace/extra /workspace/ipc/messages /workspace/ipc/tasks /workspace/ipc/input

 # Create entrypoint script
-# Secrets are passed via stdin JSON — temp file is deleted immediately after Node reads it
+# Container input (prompt, group info) is passed via stdin JSON.
+# Credentials are injected by the host's credential proxy — never passed here.
 # Follow-up messages arrive via IPC files in /workspace/ipc/input/
 # Apple Container only supports directory mounts (VirtioFS), so .env cannot be
 # shadowed with a host-side /dev/null file mount. Instead the entrypoint starts