fix: vision(#623): scope Claude chat working directory to project staging checkout (#1027)

- server.py: add CHAT_WORKSPACE_DIR env var, set cwd to workspace
  and use --permission-mode acceptEdits + append message in Claude invocations
- lib/generators.sh: add workspace bind mount and env var to compose generator
- nomad/jobs/chat.hcl: add workspace host volume (static source "chat-workspace"),
  meta block + NOMAD_META_ env var, volume_mount — Nomad-compatible pattern

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

lib/generators.sh

@@ -705,6 +705,9 @@ COMPOSEEOF
       - chat-config:/var/chat/config
       # Chat history persistence: per-user NDJSON files on bind-mounted host volume
       - ${CHAT_HISTORY_DIR:-./state/chat-history}:/var/lib/chat/history
+      # Workspace directory: bind-mounted project working tree for Claude access (#1027)
+      # Mounted when CHAT_WORKSPACE_DIR is set (defaults to ./workspace)
+      - ${CHAT_WORKSPACE_DIR:-./workspace}:/var/workspace
     environment:
       CHAT_HOST: "0.0.0.0"
       CHAT_PORT: "8080"
@@ -718,6 +721,8 @@ COMPOSEEOF
       # Shared secret for Caddy forward_auth verify endpoint (#709)
       FORWARD_AUTH_SECRET: ${FORWARD_AUTH_SECRET:-}
       # Rate limiting removed (#1084)
+      # Workspace directory for Claude code access (#1027)
+      CHAT_WORKSPACE_DIR: ${CHAT_WORKSPACE_DIR:-./workspace}
     healthcheck:
       test: ["CMD", "python3", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8080/health')"]
       interval: 30s