feat(runtime): replace t3 editor with code-server

Author: sertdev

runtime/.bashrc

@@ -51,12 +51,3 @@ PROMPT_COMMAND=_ps1_update
 #     cd "$HOME/next"
 # fi
 
-# Auto-start Claude Code CLI on first terminal connection only
-# Use a file flag that persists across ttyd reconnections
-CLAUDE_FLAG_FILE="/tmp/.claude_started"
-
-if [ ! -f "$CLAUDE_FLAG_FILE" ]; then
-    touch "$CLAUDE_FLAG_FILE"
-    echo "🤖 Starting Claude Code CLI..."
-    claude
-fi

runtime/.tmux.conf

@@ -0,0 +1,15 @@
+# FullstackAgent tmux configuration
+# Persistent terminal sessions for web terminal
+
+# Disable status bar for clean terminal appearance
+set -g status off
+
+# 256 color and true color support
+set -g default-terminal "xterm-256color"
+set -ga terminal-overrides ",xterm-256color:Tc"
+
+# Large scrollback buffer
+set -g history-limit 50000
+
+# Enable mouse support (scroll, click, resize panes)
+set -g mouse on

runtime/Dockerfile

@@ -20,18 +20,14 @@ LABEL maintainer="FullstackAgent" \
 ENV DEBIAN_FRONTEND=noninteractive \
     NODE_VERSION=22.x \
     NEXT_VERSION=15.5.9 \
-    CLAUDE_CODE_VERSION=latest \
+    CODE_SERVER_VERSION=4.104.3 \
     PATH="/root/.local/bin:/home/fulling/.local/bin:$PATH" \
     TERM=xterm-256color \
     COLORTERM=truecolor \
     LANG=en_US.UTF-8 \
     LC_ALL=en_US.UTF-8 \
-    ANTHROPIC_BASE_URL="" \
-    ANTHROPIC_AUTH_TOKEN="" \
-    ANTHROPIC_MODEL="" \
-    ANTHROPIC_SMALL_FAST_MODEL="" \
-    GEMINI_API_KEY="" \
-    OPENAI_API_KEY="" \
+    CODEX_API_KEY="" \
+    CODEX_BASE_URL="" \
     DOCKER_HUB_NAME="" \
     DOCKER_HUB_PASSWD=""
 
@@ -81,12 +77,10 @@ RUN set -eux; \
 
 # -----------------------------------------------------------------------------
 # Install global npm packages in a single layer
-# Includes CLI tools for Next.js, package managers, deployment, and AI assistance
+# Includes CLI tools for Next.js, package managers, deployment, and Codex AI assistant
 # -----------------------------------------------------------------------------
 RUN npm install -g \
-        @anthropic-ai/claude-code \
-        @google/gemini-cli \
-        @openai/codex \
+        @openai/codex@latest \
         create-next-app@${NEXT_VERSION} \
         pnpm \
         prisma \
@@ -163,7 +157,9 @@ RUN set -eux; \
     apt-get update; \
     apt-get install -y --no-install-recommends \
         bat \
+        bubblewrap \
         dnsutils \
+        dtach \
         fd-find \
         gh \
         htop \
@@ -206,11 +202,20 @@ WORKDIR /home/fulling/next
 # Copy configuration files (placed before user switch for better caching)
 # entrypoint.sh: Container startup script
 # ttyd-startup.sh: Startup script for ttyd (session tracking, welcome message)
-# .bashrc: Shell configuration with custom prompt and Claude CLI auto-start
+# .bashrc: Shell configuration with custom prompt
 # -----------------------------------------------------------------------------
-COPY --chmod=755 entrypoint.sh /usr/local/bin/entrypoint.sh
-COPY --chmod=755 ttyd-startup.sh /usr/local/bin/ttyd-startup.sh
-COPY --chmod=644 .bashrc /etc/skel/.bashrc
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+COPY ttyd-auth.sh /usr/local/bin/ttyd-auth.sh
+COPY .bashrc /etc/skel/.bashrc
+COPY .tmux.conf /etc/skel/.tmux.conf
+RUN chmod 755 /usr/local/bin/entrypoint.sh /usr/local/bin/ttyd-auth.sh && chmod 644 /etc/skel/.bashrc /etc/skel/.tmux.conf
+
+# -----------------------------------------------------------------------------
+# Install code-server for the embedded editor
+# -----------------------------------------------------------------------------
+RUN set -eux; \
+    curl -fsSL https://code-server.dev/install.sh | sh -s -- --version "${CODE_SERVER_VERSION}"; \
+    code-server --version
 
 # =============================================================================
 # Stage 2: Next.js project template preparation
@@ -301,7 +306,7 @@ RUN set -eux; \
 # 5432: PostgreSQL client connections
 # 7681: ttyd web terminal
 # -----------------------------------------------------------------------------
-EXPOSE 3000 3001 5000 5173 8080 8000 5432 7681
+EXPOSE 3000 3001 3773 5000 5173 8080 8000 5432 7681
 
 # -----------------------------------------------------------------------------
 # Health check configuration
@@ -316,6 +321,6 @@ HEALTHCHECK --interval=2m --timeout=30s --start-period=1m --retries=3 \
 # -----------------------------------------------------------------------------
 # Container entrypoint
 # Starts ttyd web terminal which provides browser-based shell access
-# The .bashrc will auto-start Claude Code CLI on first connection
+# Codex configuration is written from environment variables at startup
 # -----------------------------------------------------------------------------
 CMD ["/usr/local/bin/entrypoint.sh"]

runtime/entrypoint.sh

@@ -1,39 +1,110 @@
 #!/bin/bash
 # =============================================================================
-# ttyd Entrypoint Script
+# Sandbox Entrypoint Script
 # =============================================================================
 #
-# Starts ttyd web terminal with HTTP Basic Auth enabled.
+# Sets up Codex configuration, starts code-server, and starts ttyd web terminal.
 #
 # Authentication Flow:
-# 1. ttyd validates credentials at HTTP/WebSocket layer via -c parameter
-# 2. URL format: ?authorization=base64(user:password)&arg=SESSION_ID
-# 3. ttyd-startup.sh handles session tracking (not auth) for file upload cwd detection
+#   ttyd-auth.sh receives the access token via ?arg=TOKEN and validates it
+#   against the TTYD_ACCESS_TOKEN environment variable.
 #
 # Required Environment Variables:
-#   TTYD_ACCESS_TOKEN - Password for HTTP Basic Auth (username is 'user')
+#   TTYD_ACCESS_TOKEN - Access token for terminal authentication
 #
-# Optional URL Parameters (via -a flag):
-#   arg=SESSION_ID - Terminal session ID for file upload directory tracking
+# Optional Environment Variables:
+#   CODEX_API_KEY  - API key for Codex (written to ~/.codex/auth.json)
+#   CODEX_BASE_URL - LLM API base URL for Codex (written to ~/.codex/config.toml)
 #
 # =============================================================================
 
 set -euo pipefail
 
+FULLING_USER="${FULLING_USER:-fulling}"
+FULLING_GROUP="${FULLING_GROUP:-fulling}"
+FULLING_HOME="${FULLING_HOME:-/home/fulling}"
+SKEL_DIR="${SKEL_DIR:-/etc/skel}"
+TTYD_AUTH_SCRIPT="${TTYD_AUTH_SCRIPT:-/usr/local/bin/ttyd-auth.sh}"
+FULLING_WORKSPACE="${FULLING_WORKSPACE:-$FULLING_HOME/next}"
+EDITOR_PASSWORD="${EDITOR_PASSWORD:-${TTYD_ACCESS_TOKEN:-}}"
+
+maybe_chown() {
+    if [ "$(id -u)" -eq 0 ]; then
+        chown "$@"
+    fi
+}
+
+mkdir -p "$FULLING_HOME"
+mkdir -p "$FULLING_WORKSPACE"
+export HOME="$FULLING_HOME"
+export USER="$FULLING_USER"
+export LOGNAME="$FULLING_USER"
+export CODEX_HOME="${CODEX_HOME:-$FULLING_HOME/.codex}"
+
 # -----------------------------------------------------------------------------
 # Validate required environment variables
 # -----------------------------------------------------------------------------
-if [ -z "$TTYD_ACCESS_TOKEN" ]; then
+if [ -z "${TTYD_ACCESS_TOKEN:-}" ]; then
     echo "ERROR: TTYD_ACCESS_TOKEN environment variable is not set"
     echo "This is required for terminal authentication"
     exit 1
 fi
 
 # -----------------------------------------------------------------------------
-# Build HTTP Basic Auth credential
-# Format: username:password (username is fixed as 'user')
+# Copy shell config files from skeleton to PVC-mounted home directory
+# On first run the PVC is empty, so .bashrc needs to be copied
 # -----------------------------------------------------------------------------
-TTYD_CREDENTIAL="user:${TTYD_ACCESS_TOKEN}"
+for skelfile in .bashrc .tmux.conf; do
+    if [ ! -f "$FULLING_HOME/$skelfile" ] && [ -f "$SKEL_DIR/$skelfile" ]; then
+        cp "$SKEL_DIR/$skelfile" "$FULLING_HOME/$skelfile"
+        maybe_chown "$FULLING_USER:$FULLING_GROUP" "$FULLING_HOME/$skelfile"
+    fi
+done
+
+# -----------------------------------------------------------------------------
+# Setup Codex configuration
+# Writes ~/.codex/config.toml and ~/.codex/auth.json from environment variables.
+# These are regenerated on every container start so settings changes take effect
+# after pod restart.
+# -----------------------------------------------------------------------------
+CODEX_CONFIG_DIR="$CODEX_HOME"
+CODEX_CONFIG_FILE="${CODEX_CONFIG_DIR}/config.toml"
+CODEX_AUTH_FILE="${CODEX_CONFIG_DIR}/auth.json"
+
+# Write config.toml if CODEX_BASE_URL is set
+if [ -n "${CODEX_BASE_URL:-}" ]; then
+    mkdir -p "$CODEX_CONFIG_DIR"
+    cat > "$CODEX_CONFIG_FILE" << CODEX_CONFIG_EOF
+service_tier = "fast"
+model_provider = "litellm"
+
+[model_providers.litellm]
+name = "OpenAI"
+base_url = "${CODEX_BASE_URL}"
+wire_api = "responses"
+requires_openai_auth = true
+CODEX_CONFIG_EOF
+    maybe_chown "$FULLING_USER:$FULLING_GROUP" "$CODEX_CONFIG_FILE"
+    echo "✓ Codex config initialized (base_url: ${CODEX_BASE_URL})"
+fi
+
+# Write auth.json if CODEX_API_KEY is set
+if [ -n "${CODEX_API_KEY:-}" ]; then
+    mkdir -p "$CODEX_CONFIG_DIR"
+    cat > "$CODEX_AUTH_FILE" << CODEX_AUTH_EOF
+{
+  "auth_mode": "apikey",
+  "OPENAI_API_KEY": "${CODEX_API_KEY}"
+}
+CODEX_AUTH_EOF
+    maybe_chown "$FULLING_USER:$FULLING_GROUP" "$CODEX_AUTH_FILE"
+    echo "✓ Codex auth configured"
+fi
+
+# Ensure proper ownership of codex config directory
+if [ -d "$CODEX_CONFIG_DIR" ]; then
+    maybe_chown -R "$FULLING_USER:$FULLING_GROUP" "$CODEX_CONFIG_DIR" 2>/dev/null || true
+fi
 
 # -----------------------------------------------------------------------------
 # Terminal theme configuration
@@ -62,34 +133,60 @@ THEME='theme={
 }'
 
 # -----------------------------------------------------------------------------
-# Verify startup script exists
+# Configure and start code-server as a background daemon.
+# The editor listens on port 3773 and serves the project workspace.
+# -----------------------------------------------------------------------------
+CODE_SERVER_CONFIG_DIR="${FULLING_HOME}/.config/code-server"
+CODE_SERVER_CONFIG_FILE="${CODE_SERVER_CONFIG_DIR}/config.yaml"
+
+mkdir -p "$CODE_SERVER_CONFIG_DIR"
+cat > "$CODE_SERVER_CONFIG_FILE" << CODE_SERVER_CONFIG_EOF
+bind-addr: 0.0.0.0:3773
+auth: password
+password: ${EDITOR_PASSWORD}
+cert: false
+CODE_SERVER_CONFIG_EOF
+maybe_chown -R "$FULLING_USER:$FULLING_GROUP" "$CODE_SERVER_CONFIG_DIR"
+
+if command -v code-server >/dev/null 2>&1; then
+    echo "Starting code-server (port 3773)..."
+    PASSWORD="$EDITOR_PASSWORD" \
+    HOME="$HOME" \
+    USER="$USER" \
+    LOGNAME="$LOGNAME" \
+    CODEX_HOME="$CODEX_HOME" \
+    nohup code-server "$FULLING_WORKSPACE" > /tmp/code-server.log 2>&1 &
+    echo "✓ code-server started (PID: $!)"
+else
+    echo "ERROR: code-server is not installed"
+    exit 1
+fi
+
+# -----------------------------------------------------------------------------
+# Verify auth script exists
 # -----------------------------------------------------------------------------
-if [ ! -f /usr/local/bin/ttyd-startup.sh ]; then
-    echo "ERROR: ttyd-startup.sh not found at /usr/local/bin/ttyd-startup.sh"
+if [ ! -f "$TTYD_AUTH_SCRIPT" ]; then
+    echo "ERROR: ttyd-auth.sh not found at $TTYD_AUTH_SCRIPT"
     exit 1
 fi
 
 # -----------------------------------------------------------------------------
-# Start ttyd with authentication
+# Start ttyd with token-based authentication
 # -----------------------------------------------------------------------------
 # Parameters:
-#   -T xterm-256color  : Terminal type (widely supported)
+#   -T xterm-256color  : Terminal type
 #   -W                 : Enable WebSocket compression
-#   -a                 : Allow URL arguments (?arg=SESSION_ID) to be passed to command
-#   -c credential      : HTTP Basic Auth (user:password)
+#   -a                 : Allow URL arguments (?arg=TOKEN&arg=SESSION_ID)
 #   -t theme           : Terminal color theme
 #
-# The command (ttyd-startup.sh) receives URL arguments:
-#   $1 = SESSION_ID (from ?arg=...)
-#
-# Authentication happens at HTTP/WebSocket level by ttyd.
-# ttyd-startup.sh only handles session tracking for file upload cwd detection.
+# ttyd-auth.sh receives:
+#   $1 = ACCESS_TOKEN (from first ?arg=)
+#   $2 = SESSION_ID (from second ?arg=)
 # -----------------------------------------------------------------------------
-echo "Starting ttyd with HTTP Basic Auth..."
+echo "Starting ttyd..."
 exec ttyd \
     -T xterm-256color \
     -W \
     -a \
-    -c "$TTYD_CREDENTIAL" \
     -t "$THEME" \
-    /usr/local/bin/ttyd-startup.sh
+    "$TTYD_AUTH_SCRIPT"