fix: vision(#623): Claude identity isolation for disinto-chat (#707)

2026-04-12 01:50:23 +00:00 · 2026-04-12 01:50:23 +00:00 · a15f0763b7
commit a15f0763b7
parent cf4e9983c2
4 changed files with 171 additions and 34 deletions
--- a/lib/generators.sh
+++ b/lib/generators.sh
@ -473,9 +473,10 @@ services:
      - disinto-net
    command: ["echo", "staging slot — replace with project image"]

-  # Chat container — Claude chat UI backend (#705)
+  # Chat container — Claude chat UI backend (#705, #707)
  # Internal service only; edge proxy routes to chat:8080
  # Sandbox hardened per #706 — no docker.sock, read-only rootfs, minimal caps
+  # Separate identity mount (#707) to avoid OAuth refresh races with factory agents
  chat:
    build:
      context: ./docker/chat
@ -495,11 +496,14 @@ services:
    volumes:
      # Mount claude binary from host (same as agents)
      - CLAUDE_BIN_PLACEHOLDER:/usr/local/bin/claude:ro
-      # Throwaway named volume for chat config (isolated from host ~/.claude)
-      - chat-config:/var/chat/config
+      # Separate Claude identity mount for chat — isolated from factory agents (#707)
+      - ${CHAT_CLAUDE_DIR:-${HOME}/.claude-chat}:/home/chat/.claude-chat
    environment:
      CHAT_HOST: "0.0.0.0"
      CHAT_PORT: "8080"
+      # Point Claude to separate identity directory
+      CLAUDE_CONFIG_DIR: /home/chat/.claude-chat/config
+      CLAUDE_CREDENTIALS_DIR: /home/chat/.claude-chat/config/credentials
    networks:
      - disinto-net

@ -509,7 +513,6 @@ volumes:
  agent-data:
  project-repos:
  caddy_data:
-  chat-config:

 networks:
  disinto-net: