fix: hardcode PATH in entrypoint since setpriv resets environment

The $PATH variable is empty after setpriv drops privileges because
setpriv resets the environment. Now using explicit path values
that match the Dockerfile's ENV PATH setting.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: joachimBrindeau

deploy/scripts/entrypoint.sh

@@ -185,8 +185,10 @@ echo "  Claude home: $CLAUDE_HOME ($(ls -ld "$CLAUDE_HOME"))"
 echo "  Environment: CLAUDE_USER=$CLAUDE_USER, CLAUDE_GROUP=$CLAUDE_GROUP_NAME"
 
 # Execute the main command with preserved environment
-# setpriv doesn't pass environment by default, so we use env to preserve PATH
+# setpriv resets environment, so we explicitly set required variables
+APP_PATH="/app/.venv/bin:/app/bun_global/bin:/usr/local/bin:/usr/bin:/bin"
 echo "Starting application: $*"
+echo "  Using PATH: $APP_PATH"
 exec setpriv --reuid=claude --regid=claude --init-groups \
-  env PATH="$PATH" HOME="$HOME" CLAUDE_USER="$CLAUDE_USER" CLAUDE_GROUP="$CLAUDE_GROUP" \
+  env PATH="$APP_PATH" HOME="$HOME" CLAUDE_USER="$CLAUDE_USER" CLAUDE_GROUP="$CLAUDE_GROUP" \
   CLAUDE_WORKSPACE="$CLAUDE_WORKSPACE" "$@"