fix: remove leftover SQUID_INTERCEPT_PORT references (#548)

Mossaka · claude · web-flow · commit e2b648206f37 · 2026-02-05T17:58:31.000-08:00
* fix: ensure .copilot directory permissions before Copilot CLI install The Copilot CLI verification step tries to create /home/runner/.copilot/pkg/ which fails with EACCES if the directory was previously created with root ownership (e.g., by sudo -E awf during chroot version tests). Add a step to create .copilot with correct runner ownership before the Copilot CLI install in both the .md source and lock file. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: remove leftover SQUID_INTERCEPT_PORT references from revert The intercept mode revert (#541) missed 3 references to SQUID_INTERCEPT_PORT in docker-manager.ts: the constant definition, the port mapping on the Squid container, and the env var passed to the agent container. Squid no longer listens on port 3129, so these are dead code. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/.github/workflows/smoke-chroot.lock.yml b/.github/workflows/smoke-chroot.lock.yml
diff --git a/.github/workflows/smoke-chroot.md b/.github/workflows/smoke-chroot.md
@@ -153,6 +153,10 @@ steps:
     if: always()
     run: |
       ./scripts/ci/cleanup.sh || true
+  - name: Ensure .copilot directory permissions
+    run: |
+      mkdir -p /home/runner/.copilot
+      sudo chown -R runner:runner /home/runner/.copilot
 ---
 
 # Analyze Chroot Test Results
diff --git a/src/docker-manager.ts b/src/docker-manager.ts
@@ -9,7 +9,6 @@ import { generateSquidConfig } from './squid-config';
 import { generateSessionCa, initSslDb, CaFiles, parseUrlPatterns } from './ssl-bump';
 
 const SQUID_PORT = 3128;
-const SQUID_INTERCEPT_PORT = 3129; // Port for transparently intercepted traffic
 
 /**
  * Base image for the 'act' preset when building locally.
@@ -273,7 +272,7 @@ export function generateDockerCompose(
       retries: 5,
       start_period: '10s',
     },
-    ports: [`${SQUID_PORT}:${SQUID_PORT}`, `${SQUID_INTERCEPT_PORT}:${SQUID_INTERCEPT_PORT}`],
+    ports: [`${SQUID_PORT}:${SQUID_PORT}`],
     // Security hardening: Drop unnecessary capabilities
     // Squid only needs network capabilities, not system administration capabilities
     cap_drop: [
@@ -329,7 +328,6 @@ export function generateDockerCompose(
     HTTPS_PROXY: `http://${networkConfig.squidIp}:${SQUID_PORT}`,
     SQUID_PROXY_HOST: 'squid-proxy',
     SQUID_PROXY_PORT: SQUID_PORT.toString(),
-    SQUID_INTERCEPT_PORT: SQUID_INTERCEPT_PORT.toString(),
     HOME: homeDir,
     PATH: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
   };
