fix(launcher): harden harness install (entrypoint override, OCI tag, session-env, npm noise)

Fixes found during smoke testing:
- Add --entrypoint sh to bypass ENTRYPOINT ["bash"] in the install container
- Sanitize lc_version for OCI tags: replace '+' with '-' (PEP 440 local versions)
- Mount .claude/session-env/ so SessionStart hook can write inside the container
- Suppress npm output with --loglevel=error --no-update-notifier

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: aboucaud

src/lightcone/engine/launcher.py

@@ -132,13 +132,16 @@ def _make_builtin_targets() -> dict[str, LaunchTarget]:
                 ".claude/settings.json",
                 ".claude/settings.local.json",
                 ".claude/keybindings.json",
+                ".claude/session-env/",
             ],
             # Claude Code refuses --dangerously-skip-permissions as root;
             # running as the host UID/GID also ensures correct ownership on
             # the mounted project directory.
             run_as_host_user=True,
             registry_name=_SANDBOX_IMAGE_NAME,
-            install_cmds=["npm install -g @anthropic-ai/claude-code"],
+            install_cmds=[
+                "npm install -g @anthropic-ai/claude-code --loglevel=error --no-update-notifier"
+            ],
             committed_tag_prefix="lightcone-claude",
         ),
         "mistral-vibe": LaunchTarget(
@@ -179,7 +182,7 @@ def _make_builtin_targets() -> dict[str, LaunchTarget]:
                 ".config/opencode/AGENTS.md",
             ],
             registry_name=_SANDBOX_IMAGE_NAME,
-            install_cmds=["npm install -g opencode-ai"],
+            install_cmds=["npm install -g opencode-ai --loglevel=error --no-update-notifier"],
             committed_tag_prefix="lightcone-opencode",
         ),
     }
@@ -433,7 +436,9 @@ def _ensure_harness_image(
     result as ``<committed_tag_prefix>:<lc_version>``, and removes the temp
     container.  On subsequent calls the existing committed image is reused.
     """
-    committed_tag = f"{target.committed_tag_prefix}:{lc_version}"
+    # OCI tags allow [a-zA-Z0-9_.-] only — replace '+' from PEP 440 local versions.
+    safe_version = lc_version.replace("+", "-")
+    committed_tag = f"{target.committed_tag_prefix}:{safe_version}"
 
     if not reinstall and _image_exists(committed_tag, runtime):
         return committed_tag
@@ -447,7 +452,8 @@ def _ensure_harness_image(
     _print(f"Installing {target.name} harness (first run — this may take a few minutes)…")
     try:
         subprocess.run(
-            [runtime, "run", "--name", tmp_name, base_image, "sh", "-c", install_cmd],
+            [runtime, "run", "--entrypoint", "sh", "--name", tmp_name,
+             base_image, "-c", install_cmd],
             check=True,
         )
         subprocess.run(

tests/test_launcher.py

@@ -57,9 +57,12 @@ def test_claude_target_fields(self) -> None:
         assert "CLAUDE_CODE_OAUTH_TOKEN" in t.env_passthrough
         assert "/dev/fuse" in t.devices
         assert ".claude.json" in t.home_mounts
+        assert ".claude/session-env/" in t.home_mounts
         assert t.run_as_host_user is True
         assert t.registry_name == "lightcone-sandbox"
-        assert t.install_cmds == ["npm install -g @anthropic-ai/claude-code"]
+        assert t.install_cmds == [
+            "npm install -g @anthropic-ai/claude-code --loglevel=error --no-update-notifier"
+        ]
         assert t.committed_tag_prefix == "lightcone-claude"
 
     def test_mistral_vibe_is_registered(self) -> None:
@@ -85,7 +88,9 @@ def test_opencode_is_registered(self) -> None:
     def test_opencode_target_fields(self) -> None:
         t = BUILTIN_TARGETS["opencode"]
         assert t.name == "opencode"
-        assert t.install_cmds == ["npm install -g opencode-ai"]
+        assert t.install_cmds == [
+            "npm install -g opencode-ai --loglevel=error --no-update-notifier"
+        ]
         assert t.committed_tag_prefix == "lightcone-opencode"
         assert t.entrypoint == ["opencode"]
         assert "OPENAI_API_KEY" in t.env_passthrough
@@ -1165,6 +1170,22 @@ def test_returns_committed_tag_when_image_exists(
         assert result == "lightcone-claude:1.2.3"
         mock_run.assert_not_called()
 
+    def test_plus_in_version_replaced_for_oci_tag(
+        self, harness_target: LaunchTarget
+    ) -> None:
+        from lightcone.engine.launcher import _ensure_harness_image
+
+        # PEP 440 local versions (e.g. 0.3.5.dev33+g8e1ae4ad0) contain '+' which
+        # is not valid in OCI image tags — must be replaced with '-'.
+        dev_version = "0.3.5.dev33+g8e1ae4ad0"
+        with patch("lightcone.engine.launcher._image_exists", return_value=True):
+            result = _ensure_harness_image(
+                harness_target, "lc-lightcone-sandbox-abc", "docker", dev_version
+            )
+
+        assert "+" not in result
+        assert result == "lightcone-claude:0.3.5.dev33-g8e1ae4ad0"
+
     def test_installs_and_commits_when_image_absent(
         self, harness_target: LaunchTarget
     ) -> None:
@@ -1179,9 +1200,11 @@ def test_installs_and_commits_when_image_absent(
 
         assert result == "lightcone-claude:1.2.3"
         calls = [c[0][0] for c in mock_run.call_args_list]
-        # First call: docker run (install)
+        # First call: docker run (install) — must use --entrypoint sh to bypass ENTRYPOINT ["bash"]
         assert calls[0][0] == "docker"
         assert calls[0][1] == "run"
+        assert "--entrypoint" in calls[0]
+        assert calls[0][calls[0].index("--entrypoint") + 1] == "sh"
         assert "npm install -g @anthropic-ai/claude-code" in calls[0]
         # Second call: docker commit
         assert calls[1][0] == "docker"